rbnacl 4.0.2 → 5.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 06b62936ca905b101e22418710c37dfc78cd5d11
-  data.tar.gz: 0b8b8ba5efb7e6673bb8811e19695a7fbb714fbd
+  metadata.gz: 0ff080260ca84ccc368c7c8414627267dffa9348
+  data.tar.gz: 2a3275a27b2ca89e36223529316076b67f895cac
 SHA512:
-  metadata.gz: 69a6b4e5aaeee71020409df122943399ba64c1b46a76c4a75b4abaf113fb6d3d93c553f128f8b42e2a52d57a7e8081e45749b6c585b6aca434cbda1eea972fb7
-  data.tar.gz: 20d228a8f6a56e5c710288fb6e73b16ad39d0185f369bd29b519f8742c1da1b5523388ea6bdfea8e1d21df892019761cc99e6e920f44bfdae8e671fa2cb00fe3
+  metadata.gz: 32bd4e83ea75ce57d93dcc7c1b2f3249d7e0010694c03d7d9a73a20e1a310ec6b9b6f40e0f190fb454f64eda528ea4e7eb35367d49d04f5ea7aafad270d26ff2
+  data.tar.gz: 9408f5ae9713e018e29a943bb9ddbb64010e9ace49d4cff37b2769e886f09025edba7776dcfbe81372363051b8d7b68cd7e04a583b8eeda87b3d48a17f39607b

data/.rubocop.yml

@@ -35,3 +35,6 @@ Style/SpaceBeforeFirstArg:
 
 Style/GlobalVars:
   Enabled: false
+
+Style/SafeNavigation:
+  Enabled: false

data/CHANGES.md

@@ -1,4 +1,10 @@
-## 4.0.2 (2016-03-12)
+## 5.0.0 (2017-06-13)
+
+* [#159](https://github.com/cryptosphere/rbnacl/pull/159)
+  Support the BLAKE2b Initialize-Update-Finalize API.
+  ([@fudanchii])
+
+## 4.0.2 (2017-03-12)
 
 * [#157](https://github.com/cryptosphere/rbnacl/pull/157)
   Raise error on degenerate keys (fixes #152).
@@ -112,3 +118,4 @@
 [@mwpastore]: https://github.com/mwpastore
 [@elijh]: https://github.com/elijh
 [@paragonie-scott]: https://github.com/paragonie-scott
+[@fudanchii]: https://github.com/fudanchii

data/README.md

@@ -6,10 +6,10 @@
 [![Coverage Status](https://coveralls.io/repos/cryptosphere/rbnacl/badge.svg?branch=master)](https://coveralls.io/r/cryptosphere/rbnacl)
 [![MIT licensed](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/cryptosphere/rbnacl/blob/master/LICENSE.txt)
 
-_NOTE: This is the 4.x **stable** branch of RbNaCl. For the 3.x **legacy**
+_NOTE: This is the 5.x **stable** branch of RbNaCl. For the 4.x **legacy**
 branch, please see:_
 
-https://github.com/cryptosphere/rbnacl/tree/3-x-stable
+https://github.com/cryptosphere/rbnacl/tree/4-x-stable
 
 A Ruby binding to the state-of-the-art [Networking and Cryptography][nacl]
 library by [Daniel J. Bernstein][djb]. This is **NOT** Google Native Client.

data/lib/rbnacl/hash.rb

@@ -63,7 +63,7 @@ module RbNaCl
     #
     # @return [String] The Blake2b hash digest as raw bytes
     def self.blake2b(data, options = {})
-      Blake2b.new(options).digest(data)
+      Blake2b.digest(data, options)
     end
   end
 end

data/lib/rbnacl/hash/blake2b.rb

@@ -28,12 +28,25 @@ module RbNaCl
                        :crypto_generichash_blake2b_salt_personal,
                        [:pointer, :size_t, :pointer, :ulong_long, :pointer, :size_t, :pointer, :pointer]
 
+      sodium_function :generichash_blake2b_init,
+                      :crypto_generichash_blake2b_init_salt_personal,
+                      [:pointer, :pointer, :size_t, :size_t, :pointer, :pointer]
+
+      sodium_function :generichash_blake2b_update,
+                      :crypto_generichash_blake2b_update,
+                      [:pointer, :pointer, :ulong_long]
+
+      sodium_function :generichash_blake2b_final,
+                      :crypto_generichash_blake2b_final,
+                      [:pointer, :pointer, :size_t]
+
       EMPTY_PERSONAL = ("\0" * PERSONALBYTES).freeze
       EMPTY_SALT     = ("\0" * SALTBYTES).freeze
 
-      # Create a new Blake2b hash object
+      # Calculate a Blake2b digest
       #
-      # @param [Hash] opts Blake2b configuration
+      # @param [String] message Message to be hashed
+      # @param [Hash] options Blake2b configuration
       # @option opts [String]  :key for Blake2b keyed mode
       # @option opts [Integer] :digest_size size of output digest in bytes
       # @option opts [String]  :salt  Provide a salt to support randomised hashing.
@@ -43,39 +56,126 @@ module RbNaCl
       #
       # @raise [RbNaCl::LengthError] Invalid length specified for one or more options
       #
-      # @return [RbNaCl::Hash::Blake2b] A Blake2b hasher object
-      def initialize(opts = {})
-        @key = opts.fetch(:key, nil)
+      # @return [String] Blake2b digest of the string as raw bytes
+      def self.digest(message, options)
+        opts = validate_opts(options)
+        digest = Util.zeros(opts[:digest_size])
+        generichash_blake2b(digest, opts[:digest_size], message, message.bytesize,
+                            opts[:key], opts[:key_size], opts[:salt], opts[:personal]) ||
+          raise(CryptoError, "Hashing failed!")
+        digest
+      end
 
-        if @key
-          @key_size = @key.bytesize
-          raise LengthError, "key too short" if @key_size < KEYBYTES_MIN
-          raise LengthError, "key too long"  if @key_size > KEYBYTES_MAX
+      # Validate and sanitize values for Blake2b configuration
+      #
+      # @param [Hash] options Blake2b configuration
+      # @option opts [String]  :key for Blake2b keyed mode
+      # @option opts [Integer] :digest_size size of output digest in bytes
+      # @option opts [String]  :salt  Provide a salt to support randomised hashing.
+      #                               This is mixed into the parameters block to start the hashing.
+      # @option opts [Personal] :personal Provide personalisation string to allow pinning a hash for a particular purpose.
+      #                                   This is mixed into the parameters block to start the hashing
+      #
+      # @raise [RbNaCl::LengthError] Invalid length specified for one or more options
+      #
+      # @return [Hash] opts Configuration hash with sanitized values
+      def self.validate_opts(opts)
+        key = opts.fetch(:key, nil)
+        if key
+          key_size = key.bytesize
+          raise LengthError, "key too short" if key_size < KEYBYTES_MIN
+          raise LengthError, "key too long"  if key_size > KEYBYTES_MAX
         else
-          @key_size = 0
+          key_size = 0
         end
+        opts[:key_size] = key_size
 
-        @digest_size = opts.fetch(:digest_size, BYTES_MAX)
-        raise LengthError, "digest size too short" if @digest_size < BYTES_MIN
-        raise LengthError, "digest size too long"  if @digest_size > BYTES_MAX
+        digest_size = opts.fetch(:digest_size, BYTES_MAX)
+        raise LengthError, "digest size too short" if digest_size < BYTES_MIN
+        raise LengthError, "digest size too long"  if digest_size > BYTES_MAX
+        opts[:digest_size] = digest_size
 
-        @personal = opts.fetch(:personal, EMPTY_PERSONAL)
-        @personal = Util.zero_pad(PERSONALBYTES, @personal)
+        personal = opts.fetch(:personal, EMPTY_PERSONAL)
+        opts[:personal] = Util.zero_pad(PERSONALBYTES, personal)
 
-        @salt     = opts.fetch(:salt, EMPTY_SALT)
-        @salt     = Util.zero_pad(SALTBYTES, @salt)
+        salt = opts.fetch(:salt, EMPTY_SALT)
+        opts[:salt] = Util.zero_pad(SALTBYTES, salt)
+        opts
       end
 
-      # Calculate a Blake2b digest
+      private_class_method :validate_opts
+
+      def self.new(opts = {})
+        opts = validate_opts(opts)
+        super
+      end
+
+      # Create a new Blake2b hash object
+      #
+      # @param [Hash] opts Blake2b configuration
+      # @option opts [String]  :key for Blake2b keyed mode
+      # @option opts [Integer] :digest_size size of output digest in bytes
+      # @option opts [String]  :salt  Provide a salt to support randomised hashing.
+      #                               This is mixed into the parameters block to start the hashing.
+      # @option opts [Personal] :personal Provide personalisation string to allow pinning a hash for a particular purpose.
+      #                                   This is mixed into the parameters block to start the hashing
+      #
+      # @raise [RbNaCl::LengthError] Invalid length specified for one or more options
+      #
+      # @return [RbNaCl::Hash::Blake2b] A Blake2b hasher object
+      def initialize(opts = {})
+        @key         = opts[:key]
+        @key_size    = opts[:key_size]
+        @digest_size = opts[:digest_size]
+        @personal    = opts[:personal]
+        @salt        = opts[:salt]
+
+        @incycle  = false
+        @instate  = nil
+      end
+
+      # Initialize state for Blake2b hash calculation,
+      # this will be called automatically from #update if needed
+      def reset
+        @instate.release if @instate
+        @instate = State.new
+        self.class.generichash_blake2b_init(@instate.pointer, @key, @key_size, @digest_size, @salt, @personal) ||
+          raise(CryptoError, "Hash init failed!")
+        @incycle = true
+        @digest = nil
+      end
+
+      # Reentrant version of Blake2b digest calculation method
       #
       # @param [String] message Message to be hashed
+      def update(message)
+        reset unless @incycle
+        self.class.generichash_blake2b_update(@instate.pointer, message, message.bytesize) ||
+          raise(CryptoError, "Hashing failed!")
+      end
+      alias << update
+
+      # Finalize digest calculation, return cached digest if any
       #
       # @return [String] Blake2b digest of the string as raw bytes
-      def digest(message)
-        digest = Util.zeros(@digest_size)
-        self.class.generichash_blake2b(digest, @digest_size, message, message.bytesize, @key, @key_size, @salt, @personal) ||
-          raise(CryptoError, "Hashing failed!")
-        digest
+      def digest
+        raise(CryptoError, "No message to hash yet!") unless @incycle
+        return @digest if @digest
+        @digest = Util.zeros(@digest_size)
+        self.class.generichash_blake2b_final(@instate.pointer, @digest, @digest_size) ||
+          raise(CryptoError, "Hash finalization failed!")
+        @digest
+      end
+
+      # The crypto_generichash_blake2b_state struct representation
+      # ref: jedisct1/libsodium/src/libsodium/include/sodium/crypto_generichash_blake2b.h#L23
+      class State < FFI::Struct
+        layout :h, [:uint64, 8],
+               :t, [:uint64, 2],
+               :f, [:uint64, 2],
+               :buf, [:uint8, 2 * 128],
+               :buflen, :size_t,
+               :last_node, :uint8
       end
     end
   end

data/lib/rbnacl/version.rb

@@ -4,5 +4,5 @@
 # NaCl/libsodium for Ruby
 module RbNaCl
   # The library's version
-  VERSION = "4.0.2"
+  VERSION = "5.0.0"
 end

data/spec/rbnacl/hash/blake2b_spec.rb

@@ -14,6 +14,29 @@ RSpec.describe RbNaCl::Hash::Blake2b do
     expect(RbNaCl::Hash.blake2b("")).to eq empty_string_hash
   end
 
+  context "arbitrary length message API" do
+    let(:blake2b) { RbNaCl::Hash::Blake2b.new }
+
+    it "calculates the correct hash for a reference string" do
+      blake2b << reference_string
+      expect(blake2b.digest).to eq reference_string_hash
+    end
+
+    it "calculates the correct hash for an empty string" do
+      blake2b << ""
+      expect(blake2b.digest).to eq empty_string_hash
+    end
+
+    it "raise CryptoError when digest called without reset / message" do
+      expect { blake2b.digest }.to raise_error(RbNaCl::CryptoError)
+    end
+
+    it "calculates hash for empty string when digest called directly after reset" do
+      blake2b.reset
+      expect(blake2b.digest).to eq empty_string_hash
+    end
+  end
+
   context "keyed" do
     let(:reference_string)      { vector :blake2b_keyed_message }
     let(:reference_key)         { vector :blake2b_key }
@@ -26,6 +49,23 @@ RSpec.describe RbNaCl::Hash::Blake2b do
     it "doesn't accept empty strings as a key" do
       expect { RbNaCl::Hash.blake2b(reference_string, key: "") }.to raise_error(RbNaCl::LengthError)
     end
+
+    context "arbitrary length message API" do
+      let(:blake2b)    { RbNaCl::Hash::Blake2b.new(key: "") }
+      let(:blake2b_wk) { RbNaCl::Hash::Blake2b.new(key: reference_key) }
+
+      it "calculates keyed hashes correctly" do
+        blake2b_wk << reference_string
+        expect(blake2b_wk.digest).to eq reference_string_hash
+      end
+
+      it "doesn't accept empty strings as a key" do
+        expect do
+          blake2b << reference_string
+          blake2b.digest
+        end.to raise_error(RbNaCl::LengthError)
+      end
+    end
   end
 
   context "personalized" do
@@ -42,6 +82,21 @@ RSpec.describe RbNaCl::Hash::Blake2b do
     it "calculates personalised hashes correctly with a short personal" do
       expect(RbNaCl::Hash.blake2b(reference_string, personal: reference_personal_short)).to eq reference_personal_short_hash
     end
+
+    context "arbitrary length message API" do
+      let(:blake2b)    { RbNaCl::Hash::Blake2b.new(personal: reference_personal) }
+      let(:blake2b_sh) { RbNaCl::Hash::Blake2b.new(personal: reference_personal_short) }
+
+      it "calculates personalised hashes correctly" do
+        blake2b << reference_string
+        expect(blake2b.digest).to eq reference_personal_hash
+      end
+
+      it "calculates personalised hashes correctly with a short personal" do
+        blake2b_sh << reference_string
+        expect(blake2b_sh.digest).to eq reference_personal_short_hash
+      end
+    end
   end
 
   context "salted" do
@@ -58,5 +113,20 @@ RSpec.describe RbNaCl::Hash::Blake2b do
     it "calculates saltised hashes correctly with a short salt" do
       expect(RbNaCl::Hash.blake2b(reference_string, salt: reference_salt_short)).to eq reference_salt_short_hash
     end
+
+    context "arbitrary length message API" do
+      let(:blake2b)    { RbNaCl::Hash::Blake2b.new(salt: reference_salt) }
+      let(:blake2b_sh) { RbNaCl::Hash::Blake2b.new(salt: reference_salt_short) }
+
+      it "calculates saltised hashes correctly" do
+        blake2b << reference_string
+        expect(blake2b.digest).to eq reference_salt_hash
+      end
+
+      it "calculates saltised hashes correctly with a short salt" do
+        blake2b_sh << reference_string
+        expect(blake2b_sh.digest).to eq reference_salt_short_hash
+      end
+    end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rbnacl
 version: !ruby/object:Gem::Version
-  version: 4.0.2
+  version: 5.0.0
 platform: ruby
 authors:
 - Tony Arcieri
@@ -9,34 +9,34 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-13 00:00:00.000000000 Z
+date: 2017-06-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 description: The Networking and Cryptography (NaCl) library provides a high-level
@@ -48,13 +48,13 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".coveralls.yml"
-- ".gitignore"
-- ".rspec"
-- ".rubocop.yml"
-- ".ruby-version"
-- ".travis.yml"
-- ".yardopts"
+- .coveralls.yml
+- .gitignore
+- .rspec
+- .rubocop.yml
+- .ruby-version
+- .travis.yml
+- .yardopts
 - CHANGES.md
 - Gemfile
 - Guardfile
@@ -139,17 +139,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: 2.2.6
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.10
+rubygems_version: 2.0.14.1
 signing_key: 
 specification_version: 4
 summary: Ruby binding to the Networking and Cryptography (NaCl) library