RubyGems - rbnacl - Versions diffs - 4.0.1 → 4.0.2 - Mend

rbnacl 4.0.1 → 4.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/.ruby-version +1 -1
data/.travis.yml +1 -0
data/CHANGES.md +33 -29
data/LICENSE.txt +1 -2
data/README.md +6 -4
data/lib/rbnacl/group_elements/curve25519.rb +7 -1
data/lib/rbnacl/version.rb +1 -1
data/spec/rbnacl/group_element_spec.rb +6 -0
metadata +3 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2ad004cd262c6ed52566b6a3a957d8880e468038
-  data.tar.gz: 807e63c3416eb1329c105f34be304f0ec0fd3d2d
+  metadata.gz: 06b62936ca905b101e22418710c37dfc78cd5d11
+  data.tar.gz: 0b8b8ba5efb7e6673bb8811e19695a7fbb714fbd
 SHA512:
-  metadata.gz: 576e8ff0844842e967a529c052e89b3c58bfe0b914d890ec69f78f388a6f15162de6605a5cc67bea1ea0a24d58fcc37c03929054b0752d7d0d3fc65cb4c7239e
-  data.tar.gz: e0d8b0ffd5a309dee7dd43c1d279c523afd0c3ab497b077d7e3c4e56f3d33c6e1145164ae2ec4dff7e09c108234a52f179f5eb3d066c09fa063b66322221431a
+  metadata.gz: 69a6b4e5aaeee71020409df122943399ba64c1b46a76c4a75b4abaf113fb6d3d93c553f128f8b42e2a52d57a7e8081e45749b6c585b6aca434cbda1eea972fb7
+  data.tar.gz: 20d228a8f6a56e5c710288fb6e73b16ad39d0185f369bd29b519f8742c1da1b5523388ea6bdfea8e1d21df892019761cc99e6e920f44bfdae8e671fa2cb00fe3

data/.ruby-version CHANGED

	@@ -1 +1 @@
1	- 2.3.3
1	+ 2.4.0

data/.travis.yml CHANGED

@@ -12,6 +12,7 @@ rvm:
   - jruby-9.1.6.0
   - 2.2.6
   - 2.3.3
+  - 2.4.0
 env:
   - LIBSODIUM_VERSION=1.0.0  # Minimum supported

data/CHANGES.md CHANGED

@@ -1,12 +1,16 @@
-4.0.1 (2016-12-04)
-------------------
+## 4.0.2 (2016-03-12)
+* [#157](https://github.com/cryptosphere/rbnacl/pull/157)
+  Raise error on degenerate keys (fixes #152).
+  ([@paragonie-scott], [@tarcieri])
+## 4.0.1 (2016-12-04)
 * [#148](https://github.com/cryptosphere/rbnacl/pull/148)
   Last minute changes to the ChaCha20Poly1305 API.
   ([@tarcieri])
-4.0.0 (2016-12-04)
-------------------
+## 4.0.0 (2016-12-04)
 * [#141](https://github.com/cryptosphere/rbnacl/pull/141)
   Add wrappers for ChaCha20Poly1305 AEAD ciphers.
@@ -20,18 +24,18 @@
   Require Ruby 2.2.6+.
   ([@tarcieri])
-3.4.0 (2015-05-07)
-------------------
+## 3.4.0 (2015-05-07)
 * [#135](https://github.com/cryptosphere/rbnacl/pull/135)
-  Expose RbNaCl::Signatures::Ed25519#keypair_bytes.
+  Expose `RbNaCl::Signatures::Ed25519#keypair_bytes`.
   ([@grempe])
 * [#137](https://github.com/cryptosphere/rbnacl/pull/137)
   Expose HMAC-SHA512 (with 64-byte keys)
   ([@mwpastore])
-3.3.0 (2015-12-29)
-------------------
+## 3.3.0 (2015-12-29)
 * [#105](https://github.com/cryptosphere/rbnacl/pull/105)
   Add salt/personalisation strings for Blake2b.
   ([@namelessjon])
@@ -40,39 +44,39 @@
   Remove use of Thread.exclusive when initializing library.
   ([@tarcieri])
-3.2.0 (2015-05-31)
-------------------
+## 3.2.0 (2015-05-31)
 * Fix method signature for blake2b
 * RuboCop-friendly codebase
-3.1.2 (2014-08-30)
-------------------
+## 3.1.2 (2014-08-30)
 * Fix scrypt support with libsodium 0.7.0 (scryptsalsa208sha256)
-3.1.1 (2014-06-14)
-------------------
+## 3.1.1 (2014-06-14)
 * Fix undefined variable warning
 * RSpec 3 fixups
 * RuboCop
-3.1.0 (2014-05-22)
-------------------
-* The scrypt password hashing function: RbNaCl::PasswordHash.scrypt
+## 3.1.0 (2014-05-22)
+* The scrypt password hashing function: `RbNaCl::PasswordHash.scrypt`
+## 3.0.1 (2014-05-12)
-3.0.1 (2014-05-12)
-------------------
-* Load gem from RBNACL_LIBSODIUM_GEM_LIB_PATH if set. Used by rbnacl-libsodium
+* Load gem from `RBNACL_LIBSODIUM_GEM_LIB_PATH` if set. Used by rbnacl-libsodium
   gem to use libsodium compiled from a gem.
-3.0.0 (2014-04-22)
-------------------
+## 3.0.0 (2014-04-22)
 * Rename RandomNonceBox to SimpleBox (backwards compatibility preserved)
 * Reverse documented order of SimpleBox/RandomNonceBox initialize parameters.
   Technically backwards compatible, but confusing.
 * Ensure all strings are ASCII-8BIT/BINARY encoding prior to use
-2.0.0 (2013-11-07)
-------------------
+## 2.0.0 (2013-11-07)
 * Add encrypt/decrypt aliases for Crypto::RandomNonceBox
 * Rename Crypto module to RbNaCl module
 * RbNaCl::VerifyKey#verify operand order was reversed. New operand order is
@@ -91,15 +95,14 @@
 * Changes in the low level binding for libsodium and removal of the NaCl module
 * Add a mutex around calls to randombytes in libsodium
-1.1.0 (2013-04-19)
-------------------
+## 1.1.0 (2013-04-19)
 * Provide API for querying primitives and details about them, such as key
   lengths, nonce lengths, etc.
 * Fixed bug on passing null bytes to sha256, sha512 functions.
-1.0.0 (2013-03-08)
-------------------
+## 1.0.0 (2013-03-08)
 * Initial release
 [@namelessjon]: https://github.com/namelessjon
@@ -108,3 +111,4 @@
 [@grempe]: https://github.com/grempe
 [@mwpastore]: https://github.com/mwpastore
 [@elijh]: https://github.com/elijh
+[@paragonie-scott]: https://github.com/paragonie-scott

data/LICENSE.txt CHANGED

@@ -1,5 +1,4 @@
-Copyright (c) 2012 Tony Arcieri
-Copyright (c) 2013 Jonathan Stott
+Copyright (c) 2012-2017 Tony Arcieri, Jonathan Stott
 MIT License

data/README.md CHANGED

@@ -151,7 +151,7 @@ are supported:
 Additional power-user features are available. Please see the Wiki for further
 information.
-[RDoc documentation][rdoc] is also available.
+[YARD API documentation][yard] is also available.
 [wiki]: https://github.com/cryptosphere/rbnacl/wiki
 [simplebox]: https://github.com/cryptosphere/rbnacl/wiki/SimpleBox
@@ -160,7 +160,7 @@ information.
 [signatures]: https://github.com/cryptosphere/rbnacl/wiki/Digital-Signatures
 [macs]: https://github.com/cryptosphere/rbnacl/wiki/Authenticators
 [hashes]: https://github.com/cryptosphere/rbnacl/wiki/Hash-Functions
-[rdoc]: http://rubydoc.info/github/cryptosphere/rbnacl/master/frames
+[yard]: http://www.rubydoc.info/gems/rbnacl
 ## Learn More
@@ -209,5 +209,7 @@ Sure, here you go:
 ## License
-Copyright (c) 2012-2016 Jonathan Stott, Tony Arcieri. Distributed under the MIT License.
-See LICENSE.txt for further details.
+Copyright (c) 2012-2017 Tony Arcieri, Jonathan Stott. Distributed under the MIT License.
+See [LICENSE.txt] for further details.
+[LICENSE.txt]: https://github.com/cryptosphere/rbnacl/blob/master/LICENSE.txt

data/lib/rbnacl/group_elements/curve25519.rb CHANGED

@@ -18,6 +18,9 @@ module RbNaCl
       # Order of the standard group
       STANDARD_GROUP_ORDER = 2**252 + 27_742_317_777_372_353_535_851_937_790_883_648_493
+      # Degenerate key (all-zeroes, results in an all-zero shared secret)
+      DEGENERATE_KEY = ("\0" * 32).freeze
       include KeyComparator
       include Serializable
@@ -44,6 +47,8 @@ module RbNaCl
       def initialize(point)
         @point = point.to_str
+        raise CryptoError, "degenerate key detected" if @point == DEGENERATE_KEY
         # FIXME: really should have a separate constant here for group element size
         # Group elements and scalars are both 32-bits, but that's for convenience
         Util.check_length(@point, SCALARBYTES, "group element")
@@ -61,8 +66,8 @@ module RbNaCl
         Util.check_length(integer, SCALARBYTES, "integer")
         result = Util.zeros(SCALARBYTES)
-        self.class.scalarmult_curve25519(result, integer, @point)
+        raise CryptoError, "degenerate key detected" unless self.class.scalarmult_curve25519(result, integer, @point)
         self.class.new(result)
       end
@@ -79,6 +84,7 @@ module RbNaCl
       #
       # @return [RbNaCl::Point] standard base point (a.k.a. standard group element)
       def self.base
+        # TODO: better support fixed-based scalar multiplication (this glosses over native support)
         @base_point
       end
       class << self

data/lib/rbnacl/version.rb CHANGED

@@ -4,5 +4,5 @@
 # NaCl/libsodium for Ruby
 module RbNaCl
   # The library's version
-  VERSION = "4.0.1"
+  VERSION = "4.0.2"
 end

data/spec/rbnacl/group_element_spec.rb CHANGED

@@ -9,6 +9,8 @@ RSpec.describe RbNaCl::GroupElement do
   let(:alice_mult_bob) { vector :alice_mult_bob }
+  let(:degenerate_key) { RbNaCl::GroupElements::Curve25519::DEGENERATE_KEY }
   subject { described_class.new(bob_public) }
   it "multiplies integers with the base point" do
@@ -23,5 +25,9 @@ RSpec.describe RbNaCl::GroupElement do
     expect(subject.to_bytes).to eq bob_public
   end
+  it "detects degenerate keys" do
+    expect { described_class.new(degenerate_key).mult(alice_private) }.to raise_error RbNaCl::CryptoError
+  end
   include_examples "serializable"
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rbnacl
 version: !ruby/object:Gem::Version
-  version: 4.0.1
+  version: 4.0.2
 platform: ruby
 authors:
 - Tony Arcieri
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-12-24 00:00:00.000000000 Z
+date: 2017-03-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -149,7 +149,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.5.2
+rubygems_version: 2.6.10
 signing_key:
 specification_version: 4
 summary: Ruby binding to the Networking and Cryptography (NaCl) library