rbnacl 3.2.0 → 3.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d579b906e40df02d066ed657b294a03258e973c1
-  data.tar.gz: efa52b89d6fa69c64e353bba805b54da1e4cd75e
+  metadata.gz: ee6ee0f334ee9f46c4ec0bc6fd5c82666780740c
+  data.tar.gz: 26c902ffe1a46d82e0ee822dff3b03ef7a00aae7
 SHA512:
-  metadata.gz: bc23cabab38ee76841891e5f8ea39c864e2d3053ba70b2b27bce1a4f4699a9260ae20dba5134ecc5eb0264b4d177aae56938aaba8cf94ce20831cf99b3147f81
-  data.tar.gz: c5a70483933ff229e6ef2732d94032a95762c82e37c4fab8d02e551e2b4fc55db1e8706f67ee964d21ccd3f9a40bdc7454473891a1d982bd6479fef24b85e47f
+  metadata.gz: 59b17731059eb1eed48984fb657af152eead63527e91840c17cee5114cd9ac579edd0427a1a2dcc3b846714beeecd66739926c9089663d75901d59468e969eef
+  data.tar.gz: 04ce82d844ae5fdf10c634275db80e56aba13391f9f1364d306b1119ba646b4eff875377b6c94ed05dc9682f935ee8a9db3fc0e5177b8bcb7923ed4fe88eb293

data/.travis.yml

@@ -2,13 +2,19 @@ script: bundle exec rake ci
 
 rvm:
   - 2.0.0
-  - 2.1.4
-  - 2.2.2
+  - 2.1.8
+  - 2.2.4
+  - 2.3.0
   - ruby-head
   - jruby
+  - jruby-9.0.4.0
   - jruby-head
   - rbx-2
 
+env:
+  - LIBSODIUM_VERSION=1.0.0 # Minimum supported
+  - LIBSODIUM_VERSION=1.0.8 # Latest released
+
 matrix:
   fast_finish: true
   allow_failures:

data/CHANGES.md

@@ -1,3 +1,13 @@
+3.3.0 (2015-12-29)
+------------------
+* [#105](https://github.com/cryptosphere/rbnacl/pull/105)
+  Add salt/personalisation strings for Blake2b.
+  ([@namelessjon])
+
+* [#128](https://github.com/cryptosphere/rbnacl/pull/128)
+  Remove use of Thread.exclusive when initializing library.
+  ([@tarcieri])
+
 3.2.0 (2015-05-31)
 ------------------
 * Fix method signature for blake2b
@@ -59,3 +69,6 @@
 1.0.0 (2013-03-08)
 ------------------
 * Initial release
+
+[@namelessjon]: https://github.com/namelessjon
+[@tarcieri]: https://github.com/tarcieri

data/Gemfile

@@ -9,9 +9,5 @@ end
 
 group :test do
   gem "coveralls", require: false
-  gem "rbnacl-libsodium"
-end
-
-group :development, :test do
-  gem "rubocop"
+  gem "rbnacl-libsodium", ENV["LIBSODIUM_VERSION"]
 end

data/README.md

@@ -55,15 +55,13 @@ For more information on NaCl's goals, see Dan Bernstein's presentation
 You can use RbNaCl anywhere you can get libsodium installed (see below).
 RbNaCl is continuously integration tested on the following Ruby VMs:
 
-* MRI 2.0, 2.1, 2.2
-* JRuby 1.7 (in both 1.8/1.9 mode)
-* Rubinius HEAD (in both 1.8/1.9 mode)
-
-In theory Windows should be supported, although there are not yet any
-reports of successful Windows users.
+* MRI 2.0, 2.1, 2.2, 2.3
+* JRuby 1.7, 9000
 
 ## Installation
 
+Note: [Windows installation instructions are available](https://github.com/cryptosphere/rbnacl/wiki/Windows-Installation).
+
 ### libsodium
 
 **NOTE: Want to avoid the hassle of installing libsodium? Use the
@@ -138,16 +136,6 @@ information.
 [hashes]: https://github.com/cryptosphere/rbnacl/wiki/Hash-Functions
 [rdoc]: http://rubydoc.info/github/cryptosphere/rbnacl/master/frames
 
-## Security Notes
-
-NaCl itself has been expertly crafted to avoid a whole range of
-side-channel attacks, however the RbNaCl code itself has not been
-written with the same degree of expertise. While the code is
-straightforward it should be considered experimental until audited
-by professional cryptographers.
-
-That said, it's probably still a million times better than OpenSSL...
-
 ## Reporting Security Problems
 
 If you have discovered a bug in RbNaCl of a sensitive nature, i.e.
@@ -207,5 +195,5 @@ Sure, here you go:
 
 ## License
 
-Copyright (c) 2012-14 Jonathan Stott, Tony Arcieri.
+Copyright (c) 2012-2015 Jonathan Stott, Tony Arcieri.
 Distributed under the MIT License. See LICENSE.txt for further details.

data/lib/rbnacl.rb

@@ -85,7 +85,7 @@ module RbNaCl
 end
 
 # Select platform-optimized versions of algorithms
-Thread.exclusive { RbNaCl::Init.sodium_init }
+RbNaCl::Init.sodium_init
 
 # Perform self test on load
 require "rbnacl/self_test" unless defined?($RBNACL_SELF_TEST) && $RBNACL_SELF_TEST == false

data/lib/rbnacl/boxes/curve25519xsalsa20poly1305.rb

@@ -143,7 +143,7 @@ module RbNaCl
       def open(nonce, ciphertext)
         Util.check_length(nonce, nonce_bytes, "Nonce")
         ct = Util.prepend_zeros(BOXZEROBYTES, ciphertext)
-        message  = Util.zeros(ct.bytesize)
+        message = Util.zeros(ct.bytesize)
 
         success = self.class.box_curve25519xsalsa20poly1305_open_afternm(message, ct, ct.bytesize, nonce, beforenm)
         fail CryptoError, "Decryption failed. Ciphertext failed verification." unless success

data/lib/rbnacl/hash.rb

@@ -21,7 +21,7 @@ module RbNaCl
     #
     # @raise [CryptoError] If the hashing fails for some reason.
     #
-    # @return [String] The SHA-256 hash as raw bytes (Or encoded as per the second argument)
+    # @return [String] The SHA-256 hash digest as raw bytes
     def self.sha256(data)
       data   = data.to_str
       digest = Util.zeros(SHA256::BYTES)
@@ -37,7 +37,7 @@ module RbNaCl
     #
     # @raise [CryptoError] If the hashing fails for some reason.
     #
-    # @return [String] The SHA-512 hash as raw bytes (Or encoded as per the second argument)
+    # @return [String] The SHA-512 hash digest as raw bytes
     def self.sha512(data)
       digest = Util.zeros(SHA512::BYTES)
       SHA512.hash_sha512(digest, data, data.bytesize) || fail(CryptoError, "Hashing failed!")
@@ -50,12 +50,16 @@ module RbNaCl
     # This method returns a 64-byte hash by default.
     #
     # @param [String] data The data, as a collection of bytes
-    # @option options [Fixnum] digest_size Size in bytes (1-64, default 64)
-    # @option options [String] key 64-byte (or less) key for keyed mode
+    # @option options [Fixnum]   digest_size Size in bytes (1-64, default 64)
+    # @option options [String]   key 64-byte (or less) key for keyed mode
+    # @option options [String]   salt  Provide a salt to support randomised hashing.
+    #                                  This is mixed into the parameters block to start the hashing.
+    # @option options [Personal] personal Provide personalisation string to allow pinning a hash for a particular purpose.
+    #                                     This is mixed into the parameters block to start the hashing
     #
     # @raise [CryptoError] If the hashing fails for some reason.
     #
-    # @return [String] The blake2b hash as raw bytes (Or encoded as per the second argument)
+    # @return [String] The Blake2b hash digest as raw bytes
     def self.blake2b(data, options = {})
       Blake2b.new(options).digest(data)
     end

data/lib/rbnacl/hash/blake2b.rb

@@ -19,16 +19,25 @@ module RbNaCl
       sodium_constant :BYTES_MAX
       sodium_constant :KEYBYTES_MIN
       sodium_constant :KEYBYTES_MAX
+      sodium_constant  :SALTBYTES
+      sodium_constant  :PERSONALBYTES
 
-      sodium_function :generichash_blake2b,
-                      :crypto_generichash_blake2b,
-                      [:pointer, :size_t, :pointer, :ulong_long, :pointer, :size_t]
+      sodium_function  :generichash_blake2b,
+                       :crypto_generichash_blake2b_salt_personal,
+                       [:pointer, :size_t, :pointer, :ulong_long, :pointer, :size_t, :pointer, :pointer]
+
+      EMPTY_PERSONAL = ("\0" * PERSONALBYTES).freeze
+      EMPTY_SALT     = ("\0" * SALTBYTES).freeze
 
       # Create a new Blake2b hash object
       #
       # @param [Hash] opts Blake2b configuration
       # @option opts [String]  :key for Blake2b keyed mode
       # @option opts [Integer] :digest_size size of output digest in bytes
+      # @option opts [String]  :salt  Provide a salt to support randomised hashing.
+      #                               This is mixed into the parameters block to start the hashing.
+      # @option opts [Personal] :personal Provide personalisation string to allow pinning a hash for a particular purpose.
+      #                                   This is mixed into the parameters block to start the hashing
       #
       # @raise [RbNaCl::LengthError] Invalid length specified for one or more options
       #
@@ -47,6 +56,12 @@ module RbNaCl
         @digest_size = opts.fetch(:digest_size, BYTES_MAX)
         fail LengthError, "digest size too short" if @digest_size < BYTES_MIN
         fail LengthError, "digest size too long"  if @digest_size > BYTES_MAX
+
+        @personal = opts.fetch(:personal, EMPTY_PERSONAL)
+        @personal = Util.zero_pad(PERSONALBYTES, @personal)
+
+        @salt     = opts.fetch(:salt, EMPTY_SALT)
+        @salt     = Util.zero_pad(SALTBYTES, @salt)
       end
 
       # Calculate a Blake2b digest
@@ -56,7 +71,8 @@ module RbNaCl
       # @return [String] Blake2b digest of the string as raw bytes
       def digest(message)
         digest = Util.zeros(@digest_size)
-        self.class.generichash_blake2b(digest, @digest_size, message, message.bytesize, @key, @key_size) || fail(CryptoError, "Hashing failed!")
+        self.class.generichash_blake2b(digest, @digest_size, message, message.bytesize, @key, @key_size, @salt, @personal) ||
+          fail(CryptoError, "Hashing failed!")
         digest
       end
     end

data/lib/rbnacl/secret_boxes/xsalsa20poly1305.rb

@@ -91,7 +91,7 @@ module RbNaCl
       def open(nonce, ciphertext)
         Util.check_length(nonce, nonce_bytes, "Nonce")
         ct = Util.prepend_zeros(BOXZEROBYTES, ciphertext)
-        message  = Util.zeros(ct.bytesize)
+        message = Util.zeros(ct.bytesize)
 
         success = self.class.secretbox_xsalsa20poly1305_open(message, ct, ct.bytesize, nonce, @key)
         fail CryptoError, "Decryption failed. Ciphertext failed verification." unless success

data/lib/rbnacl/self_test.rb

@@ -73,7 +73,7 @@ module RbNaCl
       end
 
       begin
-        passed         = false
+        passed = false
         bad_signature = signature[0, 63] + "0"
         verify_key.verify(bad_signature, message)
       rescue CryptoError
@@ -99,7 +99,7 @@ module RbNaCl
       fail SelfTestFailure, "#{klass} failed to verify correct authentication tag" unless authenticator.verify(vector(tag), message)
 
       begin
-        passed         = false
+        passed = false
         authenticator.verify(vector(tag), message + " ")
       rescue CryptoError
         passed = true

data/lib/rbnacl/simple_box.rb

@@ -33,36 +33,36 @@ module RbNaCl
     extend Forwardable
     def_delegators :@box, :nonce_bytes, :primitive
 
-    # Create a new RandomNonceBox
+    # Create a new SimpleBox
     #
     # @param box [SecretBox, Box] the SecretBox or Box to use.
     #
-    # @return [RandomNonceBox] Ready for use
+    # @return [SimpleBox] Ready for use
     def initialize(box)
       @box = box
     end
 
-    # Use a secret key to create a RandomNonceBox
+    # Use a secret key to create a SimpleBox
     #
     # This is a convenience method.  It takes a secret key and instantiates a
-    # SecretBox under the hood, then returns the new RandomNonceBox.
+    # SecretBox under the hood, then returns the new SimpleBox.
     #
     # @param secret_key [String] The secret key, 32 bytes long.
     #
-    # @return [RandomNonceBox] Ready for use
+    # @return [SimpleBox] Ready for use
     def self.from_secret_key(secret_key)
       new(SecretBox.new(secret_key))
     end
 
-    # Use a pair of keys to create a RandomNonceBox
+    # Use a pair of keys to create a SimpleBox
     #
     # This is a convenience method.  It takes a pair of keys and instantiates a
-    # Box under the hood, then returns the new RandomNonceBox.
+    # Box under the hood, then returns the new SimpleBox.
     #
     # @param public_key  [PublicKey,  String] The RbNaCl public key, as class or string
     # @param private_key [PrivateKey, String] The RbNaCl private key, as class or string
     #
-    # @return [RandomNonceBox] Ready for use
+    # @return [SimpleBox] Ready for use
     def self.from_keypair(public_key, private_key)
       new(Box.new(public_key, private_key))
     end

data/lib/rbnacl/test_vectors.rb

@@ -8,10 +8,10 @@ module RbNaCl
     # Curve25519 test vectors
     # Taken from the NaCl distribution
     #
-    alice_private: "77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a",
-    alice_public: "8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a",
-    bob_private: "5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb",
-    bob_public: "de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f",
+    alice_private:  "77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a",
+    alice_public:   "8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a",
+    bob_private:    "5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb",
+    bob_public:     "de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f",
     alice_mult_bob: "4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742",
 
     #
@@ -36,13 +36,13 @@ module RbNaCl
     # Ed25519 test vectors
     # Taken from the Python test vectors: http://ed25519.cr.yp.to/python/sign.input
     #
-    sign_private: "b18e1d0045995ec3d010c387ccfeb984d783af8fbb0f40fa7db126d889f6dadd",
-    sign_public: "77f48b59caeda77751ed138b0ec667ff50f8768c25d48309a8f386a2bad187fb",
-    sign_message: "916c7d1d268fc0e77c1bef238432573c39be577bbea0998936add2b50a653171" \
-                       "ce18a542b0b7f96c1691a3be6031522894a8634183eda38798a0c5d5d79fbd01" \
-                       "dd04a8646d71873b77b221998a81922d8105f892316369d5224c9983372d2313" \
-                       "c6b1f4556ea26ba49d46e8b561e0fc76633ac9766e68e21fba7edca93c4c7460" \
-                       "376d7f3ac22ff372c18f613f2ae2e856af40",
+    sign_private:   "b18e1d0045995ec3d010c387ccfeb984d783af8fbb0f40fa7db126d889f6dadd",
+    sign_public:    "77f48b59caeda77751ed138b0ec667ff50f8768c25d48309a8f386a2bad187fb",
+    sign_message:   "916c7d1d268fc0e77c1bef238432573c39be577bbea0998936add2b50a653171" \
+                    "ce18a542b0b7f96c1691a3be6031522894a8634183eda38798a0c5d5d79fbd01" \
+                    "dd04a8646d71873b77b221998a81922d8105f892316369d5224c9983372d2313" \
+                    "c6b1f4556ea26ba49d46e8b561e0fc76633ac9766e68e21fba7edca93c4c7460" \
+                    "376d7f3ac22ff372c18f613f2ae2e856af40",
     sign_signature: "6bd710a368c1249923fc7a1610747403040f0cc30815a00f9ff548a896bbda0b" \
                        "4eb2ca19ebcf917f0f34200a9edbad3901b64ab09cc5ef7b9bcc3c40c0ff7509",
 
@@ -50,66 +50,87 @@ module RbNaCl
     # SHA256 test vectors
     # Taken from the NSRL test vectors: http://www.nsrl.nist.gov/testdata/
     sha256_message: "6162636462636465636465666465666765666768666768696768696a68696a6b" \
-                       "696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071",
-    sha256_digest: "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1",
-    sha256_empty: "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+                    "696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071",
+    sha256_digest:  "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1",
+    sha256_empty:   "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
 
     #
     # SHA512 test vectors
     # self-created (FIXME: find standard test vectors)
     sha512_message: "54686520717569636b2062726f776e20666f78206a756d7073206f7665722074" \
-                       "6865206c617a7920646f672e",
-    sha512_digest: "91ea1245f20d46ae9a037a989f54f1f790f0a47607eeb8a14d12890cea77a1bb" \
-                       "c6c7ed9cf205e67b7f2b8fd4c7dfd3a7a8617e45f3c463d481c7e586c39ac1ed",
-    sha512_empty: "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce" \
-                       "47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
+                    "6865206c617a7920646f672e",
+    sha512_digest:  "91ea1245f20d46ae9a037a989f54f1f790f0a47607eeb8a14d12890cea77a1bb" \
+                    "c6c7ed9cf205e67b7f2b8fd4c7dfd3a7a8617e45f3c463d481c7e586c39ac1ed",
+    sha512_empty:   "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce" \
+                    "47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
 
     # Blake2b test vectors
     # self-created? (TODO: double check, fix)
     blake2b_message: "54686520717569636b2062726f776e20666f78206a756d7073206f7665722074" \
-                        "6865206c617a7920646f67",
-    blake2b_digest: "a8add4bdddfd93e4877d2746e62817b116364a1fa7bc148d95090bc7333b3673" \
-                        "f82401cf7aa2e4cb1ecd90296e3f14cb5413f8ed77be73045b13914cdcd6a918",
-    blake2b_empty: "786a02f742015903c6c6fd852552d272912f4740e15847618a86e217f71f5419" \
-                        "d25e1031afee585313896444934eb04b903a685b1448b755d56f701afe9be2ce",
+                     "6865206c617a7920646f67",
+    blake2b_digest:  "a8add4bdddfd93e4877d2746e62817b116364a1fa7bc148d95090bc7333b3673" \
+                     "f82401cf7aa2e4cb1ecd90296e3f14cb5413f8ed77be73045b13914cdcd6a918",
+    blake2b_empty:   "786a02f742015903c6c6fd852552d272912f4740e15847618a86e217f71f5419" \
+                     "d25e1031afee585313896444934eb04b903a685b1448b755d56f701afe9be2ce",
 
     # from the Blake2 paper(?) (TODO: double check)
     blake2b_keyed_message: "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" \
-                              "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f" \
-                              "404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f" \
-                              "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f" \
-                              "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f" \
-                              "a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebf" \
-                              "c0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedf" \
-                              "e0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfe",
-    blake2b_key: "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" \
-                              "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
-    blake2b_keyed_digest: "142709d62e28fcccd0af97fad0f8465b971e82201dc51070faa0372aa43e9248" \
-                              "4be1c1e73ba10906d5d1853db6a4106e0a7bf9800d373d6dee2d46d62ef2a461",
+                           "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f" \
+                           "404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f" \
+                           "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f" \
+                           "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f" \
+                           "a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebf" \
+                           "c0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedf" \
+                           "e0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfe",
+    blake2b_key:           "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" \
+                           "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
+    blake2b_keyed_digest:  "142709d62e28fcccd0af97fad0f8465b971e82201dc51070faa0372aa43e9248" \
+                           "4be1c1e73ba10906d5d1853db6a4106e0a7bf9800d373d6dee2d46d62ef2a461",
+
+    # Generated using the blake2 reference code
+    blake2b_personal:         "000102030405060708090a0b0c0d0e0f",
+
+    blake2b_personal_digest:  "7c86d3f929c9ac7f08c7940095da7c1cad2cf29db2e7a25fb05d99163e587cbd" \
+                              "f3564e8ce727b734a0559ee76f6ff5aeebd4e1e8872f1829174c9b1a9dab80e3",
+
+    blake2b_salt:             "000102030405060708090a0b0c0d0e0f",
+
+    blake2b_salt_digest:      "16e2e2cfb97e6061bccf2fcc1e605e117dee806c959ef2ad01249d4d12ce98cb" \
+                              "c993f400003ba57449f60a7b071ffdaff9c0acb16891a01a9b397ffe89db96bb",
+
+    blake2b_personal_short:   "0001020304050607",
+
+    blake2b_personal_short_digest: "41b984967f852308710a6042d25f5faf4a84900b2001039075dab13aecfab7c8" \
+                                   "40def9506326563fbb355b3da629181d97d2556e4624711d68f8f655b7cbb435",
+
+    blake2b_salt_short: "0001020304050607",
+
+    blake2b_salt_short_digest: "873f35a1ca28febc872d6f842a8cd23136f3a2c22c19e8f0dac4cc704ced3371"\
+                               "abe5105f65d344cd48bad8aba755620f63f1e0b35ae4439bf871ffe72485a309",
 
     # scrypt test vectors
     # Taken from http://tools.ietf.org/html/draft-josefsson-scrypt-kdf-01#page-14
     scrypt_password: "4a857e2ee8aa9b6056f2424e84d24a72473378906ee04a46cb05311502d5250b" \
-                        "82ad86b83c8f20a23dbb74f6da60b0b6ecffd67134d45946ac8ebfb3064294bc" \
-                        "097d43ced68642bfb8bbbdd0f50b30118f5e",
-    scrypt_salt: "39d82eef32010b8b79cc5ba88ed539fbaba741100f2edbeca7cc171ffeabf258",
+                     "82ad86b83c8f20a23dbb74f6da60b0b6ecffd67134d45946ac8ebfb3064294bc" \
+                     "097d43ced68642bfb8bbbdd0f50b30118f5e",
+    scrypt_salt:     "39d82eef32010b8b79cc5ba88ed539fbaba741100f2edbeca7cc171ffeabf258",
     scrypt_opslimit: 758_010,
     scrypt_memlimit: 5_432_947,
-    scrypt_digest: "bcc5c2fd785e4781d1201ed43d84925537e2a540d3de55f5812f29e9dd0a4a00" \
-                        "451a5c8ddbb4862c03d45c75bf91b7fb49265feb667ad5c899fdbf2ca19eac67",
+    scrypt_digest:   "bcc5c2fd785e4781d1201ed43d84925537e2a540d3de55f5812f29e9dd0a4a00" \
+                     "451a5c8ddbb4862c03d45c75bf91b7fb49265feb667ad5c899fdbf2ca19eac67",
 
     # Auth test vectors
     # Taken from NaCl distribution
     #
-    auth_key: "eea6a7251c1e72916d11c2cb214d3c252539121d8e234e652d651fa4c8cff880",
+    auth_key:     "eea6a7251c1e72916d11c2cb214d3c252539121d8e234e652d651fa4c8cff880",
     auth_message: "8e993b9f48681273c29650ba32fc76ce48332ea7164d96a4476fb8c531a1186a" \
-                           "c0dfc17c98dce87b4da7f011ec48c97271d2c20f9b928fe2270d6fb863d51738" \
-                           "b48eeee314a7cc8ab932164548e526ae90224368517acfeabd6bb3732bc0e9da" \
-                           "99832b61ca01b6de56244a9e88d5f9b37973f622a43d14a6599b1f654cb45a74" \
-                           "e355a5",
+                  "c0dfc17c98dce87b4da7f011ec48c97271d2c20f9b928fe2270d6fb863d51738" \
+                  "b48eeee314a7cc8ab932164548e526ae90224368517acfeabd6bb3732bc0e9da" \
+                  "99832b61ca01b6de56244a9e88d5f9b37973f622a43d14a6599b1f654cb45a74" \
+                  "e355a5",
     auth_onetime: "f3ffc7703f9400e52a7dfb4b3d3305d9",
     # self-created (FIXME: find standard test vectors)
-    auth_hmacsha256: "7f7b9b707e8790ca8620ff94df5e6533ddc8e994060ce310c9d7de04d44aabc3",
+    auth_hmacsha256:    "7f7b9b707e8790ca8620ff94df5e6533ddc8e994060ce310c9d7de04d44aabc3",
     auth_hmacsha512256: "b2a31b8d4e01afcab2ee545b5caf4e3d212a99d7b3a116a97cec8e83c32e107d"
   }
 end

data/lib/rbnacl/util.rb

@@ -47,6 +47,25 @@ module RbNaCl
       message.slice!(n, message.bytesize - n)
     end
 
+    # Pad a string out to n characters with zeros
+    #
+    # @param [Integer] n The length of the resulting string
+    # @param [String]  message the message to be padded
+    #
+    # @raise [RbNaCl::LengthError] If the string is too long
+    #
+    # @return [String] A string, n bytes long
+    def zero_pad(n, message)
+      len = message.bytesize
+      if len == n
+        message
+      elsif len > n
+        fail LengthError, "String too long for zero-padding to #{n} bytes"
+      else
+        message + zeros(n - len)
+      end
+    end
+
     # Check the length of the passed in string
     #
     # In several places through the codebase we have to be VERY strict with

data/lib/rbnacl/version.rb

@@ -3,5 +3,5 @@
 # NaCl/libsodium for Ruby
 module RbNaCl
   # The library's version
-  VERSION = "3.2.0"
+  VERSION = "3.3.0"
 end

data/rbnacl.gemspec

@@ -11,7 +11,7 @@ Gem::Specification.new do |gem|
   gem.description   = "Ruby binding to the Networking and Cryptography (NaCl) library"
   gem.summary       = "The Networking and Cryptography (NaCl) library provides a high-level toolkit for building cryptographic systems and protocols"
   gem.homepage      = "https://github.com/cryptosphere/rbnacl"
-  gem.licenses    = ["MIT"]
+  gem.licenses      = ["MIT"]
 
   gem.files         = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
   gem.executables   = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) }

data/spec/rbnacl/boxes/curve25519xsalsa20poly1305/public_key_spec.rb

@@ -2,7 +2,7 @@
 require "spec_helper"
 
 RSpec.describe RbNaCl::PublicKey do
-  let(:alicepk)     { vector :alice_public }
+  let(:alicepk) { vector :alice_public }
 
   subject { RbNaCl::PublicKey.new(alicepk) }
 

data/spec/rbnacl/hash/blake2b_spec.rb

@@ -27,4 +27,36 @@ RSpec.describe RbNaCl::Hash::Blake2b do
       expect { RbNaCl::Hash.blake2b(reference_string, key: "") }.to raise_exception
     end
   end
+
+  context "personalized" do
+    let(:reference_string)              { vector :blake2b_message }
+    let(:reference_personal)            { vector :blake2b_personal }
+    let(:reference_personal_hash)       { vector :blake2b_personal_digest }
+    let(:reference_personal_short)      { vector :blake2b_personal_short }
+    let(:reference_personal_short_hash) { vector :blake2b_personal_short_digest }
+
+    it "calculates personalised hashes correctly" do
+      expect(RbNaCl::Hash.blake2b(reference_string, personal: reference_personal)).to eq reference_personal_hash
+    end
+
+    it "calculates personalised hashes correctly with a short personal" do
+      expect(RbNaCl::Hash.blake2b(reference_string, personal: reference_personal_short)).to eq reference_personal_short_hash
+    end
+  end
+
+  context "salted" do
+    let(:reference_string)          { vector :blake2b_message }
+    let(:reference_salt)            { vector :blake2b_salt }
+    let(:reference_salt_hash)       { vector :blake2b_salt_digest }
+    let(:reference_salt_short)      { vector :blake2b_salt_short }
+    let(:reference_salt_short_hash) { vector :blake2b_salt_short_digest }
+
+    it "calculates saltised hashes correctly" do
+      expect(RbNaCl::Hash.blake2b(reference_string, salt: reference_salt)).to eq reference_salt_hash
+    end
+
+    it "calculates saltised hashes correctly with a short salt" do
+      expect(RbNaCl::Hash.blake2b(reference_string, salt: reference_salt_short)).to eq reference_salt_short_hash
+    end
+  end
 end

data/spec/shared/box.rb

@@ -2,8 +2,8 @@
 
 RSpec.shared_examples "box" do
   let(:nonce) { vector :box_nonce }
-  let(:invalid_nonce) { nonce[0, 12]  } # too short!
-  let(:invalid_nonce_long) { nonce + nonce  } # too long!
+  let(:invalid_nonce) { nonce[0, 12] } # too short!
+  let(:invalid_nonce_long) { nonce + nonce } # too long!
   let(:message)    { vector :box_message }
   let(:ciphertext) { vector :box_ciphertext }
   let(:nonce_error_regex) { /Nonce.*(Expected #{box.nonce_bytes})/ }

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rbnacl
 version: !ruby/object:Gem::Version
-  version: 3.2.0
+  version: 3.3.0
 platform: ruby
 authors:
 - Tony Arcieri
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain:
 - bascule.cert
-date: 2015-06-01 00:00:00.000000000 Z
+date: 2015-12-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -168,7 +168,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.6
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: The Networking and Cryptography (NaCl) library provides a high-level toolkit
@@ -195,3 +195,4 @@ test_files:
 - spec/shared/key_equality.rb
 - spec/shared/serializable.rb
 - spec/spec_helper.rb
+has_rdoc: