rbnacl 4.0.1 → 4.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.ruby-version +1 -1
- data/.travis.yml +1 -0
- data/CHANGES.md +33 -29
- data/LICENSE.txt +1 -2
- data/README.md +6 -4
- data/lib/rbnacl/group_elements/curve25519.rb +7 -1
- data/lib/rbnacl/version.rb +1 -1
- data/spec/rbnacl/group_element_spec.rb +6 -0
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 06b62936ca905b101e22418710c37dfc78cd5d11
|
|
4
|
+
data.tar.gz: 0b8b8ba5efb7e6673bb8811e19695a7fbb714fbd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 69a6b4e5aaeee71020409df122943399ba64c1b46a76c4a75b4abaf113fb6d3d93c553f128f8b42e2a52d57a7e8081e45749b6c585b6aca434cbda1eea972fb7
|
|
7
|
+
data.tar.gz: 20d228a8f6a56e5c710288fb6e73b16ad39d0185f369bd29b519f8742c1da1b5523388ea6bdfea8e1d21df892019761cc99e6e920f44bfdae8e671fa2cb00fe3
|
data/.ruby-version
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
2.
|
|
1
|
+
2.4.0
|
data/.travis.yml
CHANGED
data/CHANGES.md
CHANGED
|
@@ -1,12 +1,16 @@
|
|
|
1
|
-
4.0.
|
|
2
|
-
|
|
1
|
+
## 4.0.2 (2016-03-12)
|
|
2
|
+
|
|
3
|
+
* [#157](https://github.com/cryptosphere/rbnacl/pull/157)
|
|
4
|
+
Raise error on degenerate keys (fixes #152).
|
|
5
|
+
([@paragonie-scott], [@tarcieri])
|
|
6
|
+
|
|
7
|
+
## 4.0.1 (2016-12-04)
|
|
3
8
|
|
|
4
9
|
* [#148](https://github.com/cryptosphere/rbnacl/pull/148)
|
|
5
10
|
Last minute changes to the ChaCha20Poly1305 API.
|
|
6
11
|
([@tarcieri])
|
|
7
12
|
|
|
8
|
-
4.0.0 (2016-12-04)
|
|
9
|
-
------------------
|
|
13
|
+
## 4.0.0 (2016-12-04)
|
|
10
14
|
|
|
11
15
|
* [#141](https://github.com/cryptosphere/rbnacl/pull/141)
|
|
12
16
|
Add wrappers for ChaCha20Poly1305 AEAD ciphers.
|
|
@@ -20,18 +24,18 @@
|
|
|
20
24
|
Require Ruby 2.2.6+.
|
|
21
25
|
([@tarcieri])
|
|
22
26
|
|
|
23
|
-
3.4.0 (2015-05-07)
|
|
24
|
-
|
|
27
|
+
## 3.4.0 (2015-05-07)
|
|
28
|
+
|
|
25
29
|
* [#135](https://github.com/cryptosphere/rbnacl/pull/135)
|
|
26
|
-
Expose RbNaCl::Signatures::Ed25519#keypair_bytes
|
|
30
|
+
Expose `RbNaCl::Signatures::Ed25519#keypair_bytes`.
|
|
27
31
|
([@grempe])
|
|
28
32
|
|
|
29
33
|
* [#137](https://github.com/cryptosphere/rbnacl/pull/137)
|
|
30
34
|
Expose HMAC-SHA512 (with 64-byte keys)
|
|
31
35
|
([@mwpastore])
|
|
32
36
|
|
|
33
|
-
3.3.0 (2015-12-29)
|
|
34
|
-
|
|
37
|
+
## 3.3.0 (2015-12-29)
|
|
38
|
+
|
|
35
39
|
* [#105](https://github.com/cryptosphere/rbnacl/pull/105)
|
|
36
40
|
Add salt/personalisation strings for Blake2b.
|
|
37
41
|
([@namelessjon])
|
|
@@ -40,39 +44,39 @@
|
|
|
40
44
|
Remove use of Thread.exclusive when initializing library.
|
|
41
45
|
([@tarcieri])
|
|
42
46
|
|
|
43
|
-
3.2.0 (2015-05-31)
|
|
44
|
-
|
|
47
|
+
## 3.2.0 (2015-05-31)
|
|
48
|
+
|
|
45
49
|
* Fix method signature for blake2b
|
|
46
50
|
* RuboCop-friendly codebase
|
|
47
51
|
|
|
48
|
-
3.1.2 (2014-08-30)
|
|
49
|
-
|
|
52
|
+
## 3.1.2 (2014-08-30)
|
|
53
|
+
|
|
50
54
|
* Fix scrypt support with libsodium 0.7.0 (scryptsalsa208sha256)
|
|
51
55
|
|
|
52
|
-
3.1.1 (2014-06-14)
|
|
53
|
-
|
|
56
|
+
## 3.1.1 (2014-06-14)
|
|
57
|
+
|
|
54
58
|
* Fix undefined variable warning
|
|
55
59
|
* RSpec 3 fixups
|
|
56
60
|
* RuboCop
|
|
57
61
|
|
|
58
|
-
3.1.0 (2014-05-22)
|
|
59
|
-
|
|
60
|
-
* The scrypt password hashing function: RbNaCl::PasswordHash.scrypt
|
|
62
|
+
## 3.1.0 (2014-05-22)
|
|
63
|
+
|
|
64
|
+
* The scrypt password hashing function: `RbNaCl::PasswordHash.scrypt`
|
|
65
|
+
|
|
66
|
+
## 3.0.1 (2014-05-12)
|
|
61
67
|
|
|
62
|
-
|
|
63
|
-
------------------
|
|
64
|
-
* Load gem from RBNACL_LIBSODIUM_GEM_LIB_PATH if set. Used by rbnacl-libsodium
|
|
68
|
+
* Load gem from `RBNACL_LIBSODIUM_GEM_LIB_PATH` if set. Used by rbnacl-libsodium
|
|
65
69
|
gem to use libsodium compiled from a gem.
|
|
66
70
|
|
|
67
|
-
3.0.0 (2014-04-22)
|
|
68
|
-
|
|
71
|
+
## 3.0.0 (2014-04-22)
|
|
72
|
+
|
|
69
73
|
* Rename RandomNonceBox to SimpleBox (backwards compatibility preserved)
|
|
70
74
|
* Reverse documented order of SimpleBox/RandomNonceBox initialize parameters.
|
|
71
75
|
Technically backwards compatible, but confusing.
|
|
72
76
|
* Ensure all strings are ASCII-8BIT/BINARY encoding prior to use
|
|
73
77
|
|
|
74
|
-
2.0.0 (2013-11-07)
|
|
75
|
-
|
|
78
|
+
## 2.0.0 (2013-11-07)
|
|
79
|
+
|
|
76
80
|
* Add encrypt/decrypt aliases for Crypto::RandomNonceBox
|
|
77
81
|
* Rename Crypto module to RbNaCl module
|
|
78
82
|
* RbNaCl::VerifyKey#verify operand order was reversed. New operand order is
|
|
@@ -91,15 +95,14 @@
|
|
|
91
95
|
* Changes in the low level binding for libsodium and removal of the NaCl module
|
|
92
96
|
* Add a mutex around calls to randombytes in libsodium
|
|
93
97
|
|
|
94
|
-
1.1.0 (2013-04-19)
|
|
95
|
-
------------------
|
|
98
|
+
## 1.1.0 (2013-04-19)
|
|
96
99
|
|
|
97
100
|
* Provide API for querying primitives and details about them, such as key
|
|
98
101
|
lengths, nonce lengths, etc.
|
|
99
102
|
* Fixed bug on passing null bytes to sha256, sha512 functions.
|
|
100
103
|
|
|
101
|
-
1.0.0 (2013-03-08)
|
|
102
|
-
|
|
104
|
+
## 1.0.0 (2013-03-08)
|
|
105
|
+
|
|
103
106
|
* Initial release
|
|
104
107
|
|
|
105
108
|
[@namelessjon]: https://github.com/namelessjon
|
|
@@ -108,3 +111,4 @@
|
|
|
108
111
|
[@grempe]: https://github.com/grempe
|
|
109
112
|
[@mwpastore]: https://github.com/mwpastore
|
|
110
113
|
[@elijh]: https://github.com/elijh
|
|
114
|
+
[@paragonie-scott]: https://github.com/paragonie-scott
|
data/LICENSE.txt
CHANGED
data/README.md
CHANGED
|
@@ -151,7 +151,7 @@ are supported:
|
|
|
151
151
|
Additional power-user features are available. Please see the Wiki for further
|
|
152
152
|
information.
|
|
153
153
|
|
|
154
|
-
[
|
|
154
|
+
[YARD API documentation][yard] is also available.
|
|
155
155
|
|
|
156
156
|
[wiki]: https://github.com/cryptosphere/rbnacl/wiki
|
|
157
157
|
[simplebox]: https://github.com/cryptosphere/rbnacl/wiki/SimpleBox
|
|
@@ -160,7 +160,7 @@ information.
|
|
|
160
160
|
[signatures]: https://github.com/cryptosphere/rbnacl/wiki/Digital-Signatures
|
|
161
161
|
[macs]: https://github.com/cryptosphere/rbnacl/wiki/Authenticators
|
|
162
162
|
[hashes]: https://github.com/cryptosphere/rbnacl/wiki/Hash-Functions
|
|
163
|
-
[
|
|
163
|
+
[yard]: http://www.rubydoc.info/gems/rbnacl
|
|
164
164
|
|
|
165
165
|
## Learn More
|
|
166
166
|
|
|
@@ -209,5 +209,7 @@ Sure, here you go:
|
|
|
209
209
|
|
|
210
210
|
## License
|
|
211
211
|
|
|
212
|
-
Copyright (c) 2012-
|
|
213
|
-
See LICENSE.txt for further details.
|
|
212
|
+
Copyright (c) 2012-2017 Tony Arcieri, Jonathan Stott. Distributed under the MIT License.
|
|
213
|
+
See [LICENSE.txt] for further details.
|
|
214
|
+
|
|
215
|
+
[LICENSE.txt]: https://github.com/cryptosphere/rbnacl/blob/master/LICENSE.txt
|
|
@@ -18,6 +18,9 @@ module RbNaCl
|
|
|
18
18
|
# Order of the standard group
|
|
19
19
|
STANDARD_GROUP_ORDER = 2**252 + 27_742_317_777_372_353_535_851_937_790_883_648_493
|
|
20
20
|
|
|
21
|
+
# Degenerate key (all-zeroes, results in an all-zero shared secret)
|
|
22
|
+
DEGENERATE_KEY = ("\0" * 32).freeze
|
|
23
|
+
|
|
21
24
|
include KeyComparator
|
|
22
25
|
include Serializable
|
|
23
26
|
|
|
@@ -44,6 +47,8 @@ module RbNaCl
|
|
|
44
47
|
def initialize(point)
|
|
45
48
|
@point = point.to_str
|
|
46
49
|
|
|
50
|
+
raise CryptoError, "degenerate key detected" if @point == DEGENERATE_KEY
|
|
51
|
+
|
|
47
52
|
# FIXME: really should have a separate constant here for group element size
|
|
48
53
|
# Group elements and scalars are both 32-bits, but that's for convenience
|
|
49
54
|
Util.check_length(@point, SCALARBYTES, "group element")
|
|
@@ -61,8 +66,8 @@ module RbNaCl
|
|
|
61
66
|
Util.check_length(integer, SCALARBYTES, "integer")
|
|
62
67
|
|
|
63
68
|
result = Util.zeros(SCALARBYTES)
|
|
64
|
-
self.class.scalarmult_curve25519(result, integer, @point)
|
|
65
69
|
|
|
70
|
+
raise CryptoError, "degenerate key detected" unless self.class.scalarmult_curve25519(result, integer, @point)
|
|
66
71
|
self.class.new(result)
|
|
67
72
|
end
|
|
68
73
|
|
|
@@ -79,6 +84,7 @@ module RbNaCl
|
|
|
79
84
|
#
|
|
80
85
|
# @return [RbNaCl::Point] standard base point (a.k.a. standard group element)
|
|
81
86
|
def self.base
|
|
87
|
+
# TODO: better support fixed-based scalar multiplication (this glosses over native support)
|
|
82
88
|
@base_point
|
|
83
89
|
end
|
|
84
90
|
class << self
|
data/lib/rbnacl/version.rb
CHANGED
|
@@ -9,6 +9,8 @@ RSpec.describe RbNaCl::GroupElement do
|
|
|
9
9
|
|
|
10
10
|
let(:alice_mult_bob) { vector :alice_mult_bob }
|
|
11
11
|
|
|
12
|
+
let(:degenerate_key) { RbNaCl::GroupElements::Curve25519::DEGENERATE_KEY }
|
|
13
|
+
|
|
12
14
|
subject { described_class.new(bob_public) }
|
|
13
15
|
|
|
14
16
|
it "multiplies integers with the base point" do
|
|
@@ -23,5 +25,9 @@ RSpec.describe RbNaCl::GroupElement do
|
|
|
23
25
|
expect(subject.to_bytes).to eq bob_public
|
|
24
26
|
end
|
|
25
27
|
|
|
28
|
+
it "detects degenerate keys" do
|
|
29
|
+
expect { described_class.new(degenerate_key).mult(alice_private) }.to raise_error RbNaCl::CryptoError
|
|
30
|
+
end
|
|
31
|
+
|
|
26
32
|
include_examples "serializable"
|
|
27
33
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rbnacl
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.0.
|
|
4
|
+
version: 4.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tony Arcieri
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2017-03-13 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: ffi
|
|
@@ -149,7 +149,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
149
149
|
version: '0'
|
|
150
150
|
requirements: []
|
|
151
151
|
rubyforge_project:
|
|
152
|
-
rubygems_version: 2.
|
|
152
|
+
rubygems_version: 2.6.10
|
|
153
153
|
signing_key:
|
|
154
154
|
specification_version: 4
|
|
155
155
|
summary: Ruby binding to the Networking and Cryptography (NaCl) library
|