rbnacl 6.0.0 → 6.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 00e82b69d0f03bb3d5e4dbe1dbcef2b70aabcbe33630a1c68b9d713a64f52c58
-  data.tar.gz: bdeb5770fd8d698b66ff967b0674c5a06b8e4bc77f24507128a0460dda7be97c
+  metadata.gz: 15129e7babc37c8c428aca4bedbf8e9577d7ddd6b1f0252de1c4c7e83034368b
+  data.tar.gz: 61a22eaacfd4043a3348db5ed4230745cb8df2d66607a39392e6b9dde0c817fd
 SHA512:
-  metadata.gz: a4d5e5c9f0d4a0cf0e264b4f0cc49e071131fd5a158bd732a2e5fb8134a480c63d5fa8f384b853b8ad2010cc5ffad99beb108bf553ae8aaa5ab15f06a96a0ee7
-  data.tar.gz: 5b583ce0415a169b899bac5dcf3210c2ef8b2383bf0e7f1c4a533925892fa8c83aa6dd34db10c772706b4bee0ee9576a6ab51d4326d291a5eba9177a061c9085
+  metadata.gz: c43e06b87c005bc4b3086df982add673eaae4b6554556fd6b47b89bb14e2da1028e804ef62d3617ba311820d1623948bd0875fd273152c52bd64da96452fc67d
+  data.tar.gz: 7cfaff058fbc58386614e9efe0d62ef47f550f6e571e6c1ff3f887627d36c95e05be295fabc52fea5bd739db21e9249606db8317d8038db3bf0907bd23d9106b

data/CHANGES.md

@@ -1,148 +1,123 @@
-## [6.0.0] (2018-11-08)
-
-[6.0.0]: https://github.com/crypto-rb/rbnacl/pull/182
+## [6.0.1] (2019-01-27)
 
-* [#180](https://github.com/crypto-rb/rbnacl/pull/180)
-  Deprecate rbnacl-libsodium.
-  ([@tarcieri])
+- Add fallback `sodium_constants` for Argon2 ([#189])
+- Support libsodium versions used by Heroku ([#186])
+- Sealed boxes ([#184])
 
-* [#176](https://github.com/crypto-rb/rbnacl/pull/176)
-  Add support for XChaCha20-Poly1305.
-  ([@AnIrishDuck])
-
-* [#174](https://github.com/crypto-rb/rbnacl/pull/174)
-  Fix buffer size type in `randombytes_buf` binding.
-  ([@elijh])
-
-* [#172](https://github.com/crypto-rb/rbnacl/pull/172)
-  Add support for argon2id digest.
-  ([@trofi])
+## [6.0.0] (2018-11-08)
 
-* [#166](https://github.com/crypto-rb/rbnacl/pull/166)
-  Support for non-32-byte HMAC-SHA256/512 keys.
-  ([@nsheremet])
+- Deprecate rbnacl-libsodium ([#180])
+- Add support for XChaCha20-Poly1305 ([#176])
+- Fix buffer size type in `randombytes_buf` binding ([#174])
+- Add support for argon2id digest ([#174])
+- Support for non-32-byte HMAC-SHA256/512 keys ([#166])
 
 ## 5.0.0 (2017-06-13)
 
-* [#159](https://github.com/crypto-rb/rbnacl/pull/159)
-  Support the BLAKE2b Initialize-Update-Finalize API.
-  ([@fudanchii])
+- Support the BLAKE2b Initialize-Update-Finalize API ([#159])
 
 ## 4.0.2 (2017-03-12)
 
-* [#157](https://github.com/crypto-rb/rbnacl/pull/157)
-  Raise error on degenerate keys (fixes #152).
-  ([@paragonie-scott], [@tarcieri])
+- Raise error on degenerate keys. Fixes #152 ([#157])
 
 ## 4.0.1 (2016-12-04)
 
-* [#148](https://github.com/crypto-rb/rbnacl/pull/148)
-  Last minute changes to the ChaCha20Poly1305 API.
-  ([@tarcieri])
+- Last minute changes to the ChaCha20Poly1305 API ([#148])
 
 ## 4.0.0 (2016-12-04)
 
-* [#141](https://github.com/crypto-rb/rbnacl/pull/141)
-  Add wrappers for ChaCha20Poly1305 AEAD ciphers.
-  ([@aadavids])
-
-* [#142](https://github.com/crypto-rb/rbnacl/pull/142)
-  Added support for Argon2 password hash.
-  ([@elijh])
-
-* [#143](https://github.com/crypto-rb/rbnacl/pull/143)
-  Require Ruby 2.2.6+.
-  ([@tarcieri])
+- Add wrappers for ChaCha20Poly1305 AEAD ciphers ([#141])
+- Added support for Argon2 password hash ([#142])
+- Require Ruby 2.2.6+ ([#143])
 
 ## 3.4.0 (2015-05-07)
 
-* [#135](https://github.com/crypto-rb/rbnacl/pull/135)
-  Expose `RbNaCl::Signatures::Ed25519#keypair_bytes`.
-  ([@grempe])
-
-* [#137](https://github.com/crypto-rb/rbnacl/pull/137)
-  Expose HMAC-SHA512 (with 64-byte keys)
-  ([@mwpastore])
+- Expose `RbNaCl::Signatures::Ed25519#keypair_bytes` ([#135])
+- Expose HMAC-SHA512 with 64-byte keys ([#137]) 
 
 ## 3.3.0 (2015-12-29)
 
-* [#105](https://github.com/crypto-rb/rbnacl/pull/105)
-  Add salt/personalisation strings for Blake2b.
-  ([@namelessjon])
-
-* [#128](https://github.com/crypto-rb/rbnacl/pull/128)
-  Remove use of Thread.exclusive when initializing library.
-  ([@tarcieri])
+- Remove use of Thread.exclusive when initializing library ([#128])
+- Add salt/personalisation strings for Blake2b ([#105])
 
 ## 3.2.0 (2015-05-31)
 
-* Fix method signature for blake2b
-* RuboCop-friendly codebase
+- Fix method signature for blake2b
+- RuboCop-friendly codebase
 
 ## 3.1.2 (2014-08-30)
 
-* Fix scrypt support with libsodium 0.7.0 (scryptsalsa208sha256)
+- Fix scrypt support with libsodium 0.7.0 (scryptsalsa208sha256)
 
 ## 3.1.1 (2014-06-14)
 
-* Fix undefined variable warning
-* RSpec 3 fixups
-* RuboCop
+- Fix undefined variable warning
+- RSpec 3 fixups
+- RuboCop
 
 ## 3.1.0 (2014-05-22)
 
-* The scrypt password hashing function: `RbNaCl::PasswordHash.scrypt`
+- The scrypt password hashing function: `RbNaCl::PasswordHash.scrypt`
 
 ## 3.0.1 (2014-05-12)
 
-* Load gem from `RBNACL_LIBSODIUM_GEM_LIB_PATH` if set. Used by rbnacl-libsodium
+- Load gem from `RBNACL_LIBSODIUM_GEM_LIB_PATH` if set. Used by rbnacl-libsodium
   gem to use libsodium compiled from a gem.
 
 ## 3.0.0 (2014-04-22)
 
-* Rename RandomNonceBox to SimpleBox (backwards compatibility preserved)
-* Reverse documented order of SimpleBox/RandomNonceBox initialize parameters.
+- Rename RandomNonceBox to SimpleBox (backwards compatibility preserved)
+- Reverse documented order of SimpleBox/RandomNonceBox initialize parameters.
   Technically backwards compatible, but confusing.
-* Ensure all strings are ASCII-8BIT/BINARY encoding prior to use
+- Ensure all strings are ASCII-8BIT/BINARY encoding prior to use
 
 ## 2.0.0 (2013-11-07)
 
-* Add encrypt/decrypt aliases for Crypto::RandomNonceBox
-* Rename Crypto module to RbNaCl module
-* RbNaCl::VerifyKey#verify operand order was reversed. New operand order is
+- Rename Crypto module to RbNaCl module
+- Add encrypt/decrypt aliases for `Crypto::RandomNonceBox`
+- `RbNaCl::VerifyKey#verify` operand order was reversed. New operand order is
   signature, message instead of message, signature
-* RbNaCL::SecretBox#open, RbNaCl::Box#open, Auth#verify and VerifyKey#verify 
-  all now raise a (descendent of) CryptoError if the check fails.  This ensures
-  failures are handled by the program.
-* RbNaCl::SecretBox, Box, etc. are all now aliases for the real implementations,
-  which are named after the primitives they provide
-* Encoders have now gone.
-* Add support for the Blake2b cryptographic hash algorithm.
-* Add checks that we have a sufficiently recent version of libsodium (0.4.3+)
-* Dropped ruby-1.8 support
-* Call the `sodium_init()` function, to select the best algorithms.
-* Fix some typos in the documentation
-* Changes in the low level binding for libsodium and removal of the NaCl module
-* Add a mutex around calls to randombytes in libsodium
+- `RbNaCL::SecretBox#open`, `RbNaCl::Box#open`, `Auth#verify` and
+  `VerifyKey#verify` all now raise a (descendent of) CryptoError if the check
+  fails.  This ensures failures are handled by the program.
+- `RbNaCl::SecretBox`, Box, etc. are all now aliases for the real
+  implementations, which are named after the primitives they provide
+- Removed encoder functionality.
+- Add support for the Blake2b cryptographic hash algorithm.
+- Add checks that we have a sufficiently recent version of libsodium (0.4.3+)
+- Dropped ruby-1.8 support
+- Call the `sodium_init()` function, to select the best algorithms.
+- Fix some typos in the documentation
+- Changes in the low level binding for libsodium and removal of the NaCl module
+- Add a mutex around calls to randombytes in libsodium
 
 ## 1.1.0 (2013-04-19)
 
-* Provide API for querying primitives and details about them, such as key
+- Provide API for querying primitives and details about them, such as key
   lengths, nonce lengths, etc.
-* Fixed bug on passing null bytes to sha256, sha512 functions.
+- Fixed bug on passing null bytes to sha256, sha512 functions.
 
 ## 1.0.0 (2013-03-08)
 
-* Initial release
-
-[@namelessjon]: https://github.com/namelessjon
-[@tarcieri]: https://github.com/tarcieri
-[@aadavids]: https://github.com/aadavids
-[@grempe]: https://github.com/grempe
-[@mwpastore]: https://github.com/mwpastore
-[@elijh]: https://github.com/elijh
-[@paragonie-scott]: https://github.com/paragonie-scott
-[@fudanchii]: https://github.com/fudanchii
-[@nsheremet]: https://github.com/nsheremet
-[@trofi]: https://github.com/trofi
-[@AnIrishDuck]: https://github.com/AnIrishDuck
+- Initial release
+
+[6.0.1]: https://github.com/crypto-rb/rbnacl/pull/191
+[#189]: https://github.com/crypto-rb/rbnacl/pull/189
+[#186]: https://github.com/crypto-rb/rbnacl/pull/186
+[#184]: https://github.com/crypto-rb/rbnacl/pull/184
+[6.0.0]: https://github.com/crypto-rb/rbnacl/pull/182
+[#180]: https://github.com/crypto-rb/rbnacl/pull/180
+[#176]: https://github.com/crypto-rb/rbnacl/pull/176
+[#174]: https://github.com/crypto-rb/rbnacl/pull/174
+[#172]: https://github.com/crypto-rb/rbnacl/pull/172
+[#166]: https://github.com/crypto-rb/rbnacl/pull/166
+[#159]: https://github.com/crypto-rb/rbnacl/pull/159
+[#157]: https://github.com/crypto-rb/rbnacl/pull/157
+[#148]: https://github.com/crypto-rb/rbnacl/pull/148
+[#143]: https://github.com/crypto-rb/rbnacl/pull/143
+[#142]: https://github.com/crypto-rb/rbnacl/pull/142
+[#141]: https://github.com/crypto-rb/rbnacl/pull/141
+[#137]: https://github.com/crypto-rb/rbnacl/pull/137
+[#135]: https://github.com/crypto-rb/rbnacl/pull/135
+[#128]: https://github.com/crypto-rb/rbnacl/pull/128
+[#105]: https://github.com/crypto-rb/rbnacl/pull/105

data/README.md

@@ -7,26 +7,13 @@
 [![MIT licensed](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/crypto-rb/rbnacl/blob/master/LICENSE.txt)
 [![Gitter Chat](https://badges.gitter.im/badge.svg)](https://gitter.im/crypto-rb/Lobby)
 
-_NOTE: This is the 5.x **stable** branch of RbNaCl. For the 4.x **legacy**
-branch, please see:_
-
-https://github.com/crypto-rb/rbnacl/tree/4-x-stable
-
-A Ruby binding to the state-of-the-art [Networking and Cryptography][nacl]
-library by [Daniel J. Bernstein][djb]. This is **NOT** Google Native Client.
-This is a crypto library.
-
-On a completely unrelated topic, RbNaCl is also the empirical formula for
-Rubidium Sodium Chloride.
-
-Need help with RbNaCl? Join the [RbNaCl Google Group][group].
-We're also on IRC at #crypto-rb on irc.freenode.net
+Ruby binding for [libsodium], a fork of the [Networking and Cryptography][nacl]
+library.
 
+[libsodium]: https://libsodium.org
 [nacl]:  http://nacl.cr.yp.to/
-[djb]:   http://cr.yp.to/djb.html
-[group]: http://groups.google.com/group/rbnacl
 
-## Why NaCl?
+## Why libsodium/NaCl?
 
 NaCl is a different kind of cryptographic library. In the past crypto
 libraries were kitchen sinks of little bits and pieces, like ciphers,
@@ -50,9 +37,6 @@ curves and the XSalsa20 stream cipher. This means with NaCl you not only get
 a system which is designed to be secure-by-default, you also get one which
 is extremely fast with comparatively small cryptographic keys.
 
-For more information on NaCl's goals, see Dan Bernstein's presentation
-[Blaming the Cryptographic User](http://cr.yp.to/talks/2012.08.08/slides.pdf)
-
 ### Is it any good?
 
 [Yes.](http://news.ycombinator.com/item?id=3067434)
@@ -75,29 +59,19 @@ You can use RbNaCl on platforms libsodium is supported (see below).
 This library aims to support and is [tested against][travis] the following Ruby
 versions:
 
-* Ruby 2.2.6+
-* Ruby 2.3.0+
-* Ruby 2.4.2+
-* JRuby 9.1.6.0+
+* Ruby 2.2
+* Ruby 2.3
+* Ruby 2.4
+* Ruby 2.5
+* JRuby 9.1
 
 If something doesn't work on one of these versions, it's a bug.
 
-This library may inadvertently work (or seem to work) on other Ruby versions,
-however support will only be provided for the versions listed above.
-
-If you would like this library to support another Ruby version or
-implementation, you may volunteer to be a maintainer. Being a maintainer
-entails making sure all tests run and pass on that implementation. When
-something breaks on your implementation, you will be responsible for providing
-patches in a timely fashion. If critical issues for a particular implementation
-exist at the time of a major release, support for that Ruby version may be
-dropped.
-
 [travis]: http://travis-ci.org/crypto-rb/rbnacl
 
 ## Installation
 
-Note: [Windows installation instructions are available](https://github.com/crypto-rb/rbnacl/wiki/Windows-Installation).
+Note: [Windows installation instructions are available](https://github.com/crypto-rb/rbnacl/wiki/Installing-libsodium#windows).
 
 ### libsodium
 

data/lib/rbnacl.rb

@@ -52,6 +52,9 @@ module RbNaCl
   require "rbnacl/boxes/curve25519xsalsa20poly1305/private_key"
   require "rbnacl/boxes/curve25519xsalsa20poly1305/public_key"
 
+  # Sealed boxes
+  require "rbnacl/boxes/sealed"
+
   # Secret Key Encryption (SecretBox): XSalsa20Poly1305
   require "rbnacl/secret_boxes/xsalsa20poly1305"
 
@@ -93,6 +96,7 @@ module RbNaCl
   Box          = Boxes::Curve25519XSalsa20Poly1305
   PrivateKey   = Boxes::Curve25519XSalsa20Poly1305::PrivateKey
   PublicKey    = Boxes::Curve25519XSalsa20Poly1305::PublicKey
+  SealedBox    = Boxes::Sealed
   SecretBox    = SecretBoxes::XSalsa20Poly1305
   SigningKey   = Signatures::Ed25519::SigningKey
   VerifyKey    = Signatures::Ed25519::VerifyKey

data/lib/rbnacl/boxes/curve25519xsalsa20poly1305.rb

@@ -73,7 +73,7 @@ module RbNaCl
       sodium_constant  :BOXZEROBYTES
       sodium_constant  :BEFORENMBYTES
       sodium_constant  :PUBLICKEYBYTES
-      sodium_constant  :SECRETKEYBYTES, :PRIVATEKEYBYTES
+      sodium_constant  :SECRETKEYBYTES, name: :PRIVATEKEYBYTES
 
       sodium_function :box_curve25519xsalsa20poly1305_beforenm,
                       :crypto_box_curve25519xsalsa20poly1305_beforenm,

data/lib/rbnacl/boxes/sealed.rb

@@ -0,0 +1,136 @@
+# encoding: binary
+# frozen_string_literal: true
+
+module RbNaCl
+  module Boxes
+    # Sealed boxes are designed to anonymously send messages to a recipient
+    # given its public key.
+    #
+    # Only the recipient can decrypt these messages, using its private key.
+    # While the recipient can verify the integrity of the message, it cannot
+    # verify the identity of the sender.
+    #
+    # A message is encrypted using an ephemeral key pair, whose secret part
+    # is destroyed right after the encryption process.
+    #
+    # Without knowing the secret key used for a given message, the sender
+    # cannot decrypt its own message later. And without additional data,
+    # a message cannot be correlated with the identity of its sender.
+    class Sealed
+      extend Sodium
+
+      sodium_type      :box
+      sodium_constant  :SEALBYTES
+      sodium_primitive :curve25519xsalsa20poly1305
+
+      sodium_function :box_seal,
+                      :crypto_box_seal,
+                      %i[pointer pointer ulong_long pointer]
+
+      sodium_function :box_seal_open,
+                      :crypto_box_seal_open,
+                      %i[pointer pointer ulong_long pointer pointer]
+
+      # WARNING: you should strongly prefer the from_private_key/from_public_key class methods.
+      #
+      # Create a new Sealed Box
+      #
+      # Sets up the Box for deriving the shared key and encrypting and
+      # decrypting messages.
+      #
+      # @param public_key [String,RbNaCl::PublicKey] The public key to encrypt to
+      # @param private_key [String,RbNaCl::PrivateKey] The private key to decrypt with
+      #
+      # @raise [RbNaCl::LengthError] on invalid keys
+      #
+      # @return [RbNaCl::SealedBox] The new Box, ready to use
+      def initialize(public_key, private_key = nil)
+        unless private_key.nil?
+          @private_key = private_key.is_a?(PrivateKey) ? private_key : PrivateKey.new(private_key)
+          raise IncorrectPrimitiveError unless @private_key.primitive == primitive
+
+          public_key = @private_key.public_key if public_key.nil?
+        end
+
+        @public_key = public_key.is_a?(PublicKey) ? public_key : PublicKey.new(public_key)
+        raise IncorrectPrimitiveError unless @public_key.primitive == primitive
+      end
+
+      # Create a new Sealed Box for encrypting
+      #
+      # Sets up the Box for encryoption of new messages.
+      #
+      # @param private_key [String,RbNaCl::PrivateKey] The private key to decrypt with
+      #
+      # @raise [RbNaCl::LengthError] on invalid keys
+      #
+      # @return [RbNaCl::SealedBox] The new Box, ready to use
+      def self.from_private_key(private_key)
+        new(nil, private_key)
+      end
+
+      # Create a new Sealed Box for decrypting
+      #
+      # Sets up the Box for decrytoption of new messages.
+      #
+      # @param public_key [String,RbNaCl::PublicKey] The public key to encrypt to
+      #
+      # @raise [RbNaCl::LengthError] on invalid keys
+      #
+      # @return [RbNaCl::SealedBox] The new Box, ready to use
+      def self.from_public_key(public_key)
+        new(public_key, nil)
+      end
+
+      # Encrypts a message
+      #
+      # @param message [String] The message to be encrypted.
+      #
+      # @raise [RbNaCl::CryptoError] If the encrytion fails.
+      #
+      # @return [String] The ciphertext (BINARY encoded)
+      def box(message)
+        # No padding needed.
+        msg = message # variable name to match other RbNaCl code.
+        # ensure enough space in result
+        ct  = Util.zeros(msg.bytesize + SEALBYTES)
+
+        success = self.class.box_seal(ct, msg, msg.bytesize, @public_key.to_s)
+        raise CryptoError, "Encryption failed" unless success
+
+        ct
+      end
+      alias encrypt box
+
+      # Decrypts a ciphertext
+      #
+      # @param ciphertext [String] The message to be decrypted.
+      #
+      # @raise [RbNaCl::CryptoError] If no private key is available.
+      # @raise [RbNaCl::CryptoError] If the ciphertext cannot be authenticated.
+      #
+      # @return [String] The decrypted message (BINARY encoded)
+      def open(ciphertext)
+        raise CryptoError, "Decryption failed. No private key." unless @private_key
+
+        ct = ciphertext
+        raise CryptoError, "Decryption failed. Ciphertext failed verification." if ct.bytesize < SEALBYTES
+
+        message = Util.zeros(ct.bytesize - SEALBYTES)
+
+        success = self.class.box_seal_open(message, ct, ct.bytesize, @public_key.to_s, @private_key.to_s)
+        raise CryptoError, "Decryption failed. Ciphertext failed verification." unless success
+
+        message
+      end
+      alias decrypt open
+
+      # The crypto primitive for the box class
+      #
+      # @return [Symbol] The primitive used
+      def primitive
+        self.class.primitive
+      end
+    end
+  end
+end

data/lib/rbnacl/init.rb

@@ -5,7 +5,7 @@ module RbNaCl
   # Defines the libsodium init function
   module Init
     extend FFI::Library
-    ffi_lib "sodium"
+    ffi_lib ["sodium", "libsodium.so.18", "libsodium.so.23"]
 
     attach_function :sodium_init, [], :int
   end

data/lib/rbnacl/password_hash/argon2.rb

@@ -18,18 +18,18 @@ module RbNaCl
       sodium_constant :ALG_ARGON2I13
       sodium_constant :ALG_ARGON2ID13 if Sodium::Version::ARGON2ID_SUPPORTED
 
-      sodium_constant :SALTBYTES             # 16
-      sodium_constant :STRBYTES              # 128
-      sodium_constant :OPSLIMIT_INTERACTIVE  # 4
-      sodium_constant :MEMLIMIT_INTERACTIVE  # 2 ** 25 (32mb)
-      sodium_constant :OPSLIMIT_MODERATE     # 6
-      sodium_constant :MEMLIMIT_MODERATE     # 2 ** 27 (128mb)
-      sodium_constant :OPSLIMIT_SENSITIVE    # 8
-      sodium_constant :MEMLIMIT_SENSITIVE    # 2 ** 29 (512mb)
-      sodium_constant :MEMLIMIT_MIN          # 8192
-      sodium_constant :MEMLIMIT_MAX          # 4_294_967_296
-      sodium_constant :OPSLIMIT_MIN          # 3
-      sodium_constant :OPSLIMIT_MAX          # 10
+      sodium_constant :SALTBYTES, fallback: 16
+      sodium_constant :STRBYTES, fallback: 128
+      sodium_constant :OPSLIMIT_INTERACTIVE, fallback: 4
+      sodium_constant :MEMLIMIT_INTERACTIVE, fallback: 2**25 # (32mb)
+      sodium_constant :OPSLIMIT_MODERATE, fallback: 6
+      sodium_constant :MEMLIMIT_MODERATE, fallback: 2**27 # (128mb)
+      sodium_constant :OPSLIMIT_SENSITIVE, fallback: 8
+      sodium_constant :MEMLIMIT_SENSITIVE, fallback: 2**29 # (512mb)
+      sodium_constant :MEMLIMIT_MIN, fallback: 8192
+      sodium_constant :MEMLIMIT_MAX, fallback: 4_294_967_296
+      sodium_constant :OPSLIMIT_MIN, fallback: 3
+      sodium_constant :OPSLIMIT_MAX, fallback: 10
 
       ARGON2_MIN_OUTLEN = 16
       ARGON2_MAX_OUTLEN = 0xFFFFFFFF

data/lib/rbnacl/signatures/ed25519.rb

@@ -10,9 +10,9 @@ module RbNaCl
       sodium_type      :sign
       sodium_primitive :ed25519
       sodium_constant  :SEEDBYTES
-      sodium_constant  :PUBLICKEYBYTES, :VERIFYKEYBYTES
-      sodium_constant  :SECRETKEYBYTES, :SIGNINGKEYBYTES
-      sodium_constant  :BYTES,          :SIGNATUREBYTES
+      sodium_constant  :PUBLICKEYBYTES, name: :VERIFYKEYBYTES
+      sodium_constant  :SECRETKEYBYTES, name: :SIGNINGKEYBYTES
+      sodium_constant  :BYTES,          name: :SIGNATUREBYTES
     end
   end
 end

data/lib/rbnacl/sodium.rb

@@ -8,7 +8,7 @@ module RbNaCl
   module Sodium
     def self.extended(klass)
       klass.extend FFI::Library
-      klass.ffi_lib "sodium"
+      klass.ffi_lib ["sodium", "libsodium.so.18", "libsodium.so.23"]
     end
 
     def sodium_type(type = nil)
@@ -29,14 +29,19 @@ module RbNaCl
       sodium_primitive
     end
 
-    def sodium_constant(constant, name = constant)
-      fn = if sodium_primitive
-             "crypto_#{sodium_type}_#{sodium_primitive}_#{constant.to_s.downcase}"
-           else
-             "crypto_#{sodium_type}_#{constant.to_s.downcase}"
-           end
-      attach_function fn, [], :size_t
-      const_set(name, public_send(fn))
+    def sodium_constant(constant, name: constant, fallback: nil)
+      fn_name_components = ["crypto", sodium_type, sodium_primitive, constant.to_s.downcase]
+      fn_name = fn_name_components.compact.join("_")
+
+      begin
+        attach_function fn_name, [], :size_t
+      rescue FFI::NotFoundError
+        raise if fallback.nil?
+
+        define_singleton_method fn_name, -> { fallback }
+      end
+
+      const_set(name, public_send(fn_name))
     end
 
     def sodium_function(name, function, arguments)

data/lib/rbnacl/version.rb

@@ -4,5 +4,5 @@
 # NaCl/libsodium for Ruby
 module RbNaCl
   # The library's version
-  VERSION = "6.0.0".freeze
+  VERSION = "6.0.1".freeze
 end

data/spec/rbnacl/boxes/sealed_spec.rb

@@ -0,0 +1,63 @@
+# encoding: binary
+# frozen_string_literal: true
+
+RSpec.describe RbNaCl::SealedBox do
+  let(:alicepk)   { vector :alice_public }
+  let(:alicesk)   { vector :alice_private }
+  let(:alice_pubkey) { RbNaCl::PublicKey.new(alicepk) }
+  let(:alice_privkey) { RbNaCl::PrivateKey.new(alicesk) }
+
+  context "new" do
+    it "accepts public key strings" do
+      expect do
+        RbNaCl::SealedBox.from_public_key(alicepk)
+      end.to_not raise_error
+    end
+
+    it "accepts public KeyPairs" do
+      expect do
+        RbNaCl::SealedBox.from_public_key(alice_pubkey)
+      end.to_not raise_error
+    end
+
+    it "accepts private key strings" do
+      expect do
+        RbNaCl::SealedBox.from_private_key(alicepk)
+      end.to_not raise_error
+    end
+
+    it "accepts private KeyPairs" do
+      expect do
+        RbNaCl::SealedBox.from_private_key(alice_privkey)
+      end.to_not raise_error
+    end
+
+    it "raises TypeError on a nil public key" do
+      expect do
+        RbNaCl::SealedBox.from_public_key(nil)
+      end.to raise_error(TypeError)
+    end
+
+    it "raises RbNaCl::LengthError on an invalid public key" do
+      expect do
+        RbNaCl::SealedBox.from_public_key("hello")
+      end.to raise_error(RbNaCl::LengthError, /Public key was 5 bytes \(Expected 32\)/)
+    end
+
+    it "raises TypeError on a nil private key" do
+      expect do
+        RbNaCl::SealedBox.from_private_key(nil)
+      end.to raise_error(TypeError)
+    end
+
+    it "raises RbNaCl::LengthError on an invalid private key" do
+      expect do
+        RbNaCl::SealedBox.from_private_key("hello")
+      end.to raise_error(RbNaCl::LengthError, /Private key was 5 bytes \(Expected 32\)/)
+    end
+  end
+
+  include_examples "sealed_box" do
+    let(:box) { RbNaCl::SealedBox.new(alicepk, alicesk) }
+  end
+end

data/spec/rbnacl/sodium_spec.rb

@@ -0,0 +1,51 @@
+RSpec.describe RbNaCl::Sodium do
+  subject(:sodium_class) do
+    class SodiumExtendedClass
+      extend RbNaCl::Sodium
+
+      sodium_type :auth
+      sodium_primitive :hmacsha512
+      # sodium_constant :BYTES
+      # sodium_constant :KEYBYTES
+    end
+    SodiumExtendedClass
+  end
+
+  context ".sodium_constant" do
+    it "retrieves the libsodium constant" do
+      sodium_class.sodium_constant :BYTES
+      expect(sodium_class::BYTES).to eq(64)
+    end
+
+    context "with alternate constant name" do
+      it "sets the alternate constant name" do
+        sodium_class.sodium_constant :BYTES, name: :COOL_BYTES
+        expect(sodium_class::COOL_BYTES).to eq(64)
+      end
+    end
+
+    context "when libsodium does not define the constant" do
+      it "raises an exception" do
+        expect do
+          sodium_class.sodium_constant :MIN_DANCING_PARTNERS
+        end.to raise_error(FFI::NotFoundError)
+      end
+    end
+
+    context "with fallback" do
+      context "when libsodium defines the constant" do
+        it "return the libsodium value" do
+          sodium_class.sodium_constant :BYTES, fallback: 888
+          expect(sodium_class::BYTES).to eq(64)
+        end
+      end
+
+      context "when libsodium does not define the constant" do
+        it "uses the fallback" do
+          sodium_class.sodium_constant :MAX_PANDAS, fallback: 24
+          expect(sodium_class::MAX_PANDAS).to eq(24)
+        end
+      end
+    end
+  end
+end

data/spec/shared/sealed_box.rb

@@ -0,0 +1,29 @@
+# encoding: binary
+# frozen_string_literal: true
+
+RSpec.shared_examples "sealed_box" do
+  let(:message)    { vector :box_message }
+  let(:ciphertext) { vector :box_ciphertext }
+  let(:corrupt_ciphertext) { ciphertext[80] = " " } # picked at random by fair diceroll
+
+  context "box" do
+    it "roundtrips" do
+      ciphertext = box.box(message)
+      expect(box.open(ciphertext)).to eq message
+    end
+  end
+
+  context "open" do
+    it "raises on a truncated message to decrypt" do
+      expect do
+        box.open(ciphertext[0, 64])
+      end.to raise_error(RbNaCl::CryptoError, /Decryption failed. Ciphertext failed verification./)
+    end
+
+    it "raises on a corrupt ciphertext" do
+      expect do
+        box.open(corrupt_ciphertext)
+      end.to raise_error(RbNaCl::CryptoError, /Decryption failed. Ciphertext failed verification./)
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -12,6 +12,7 @@ require "bundler/setup"
 require "rbnacl"
 
 require "shared/box"
+require "shared/sealed_box"
 require "shared/authenticator"
 require "shared/key_equality"
 require "shared/serializable"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rbnacl
 version: !ruby/object:Gem::Version
-  version: 6.0.0
+  version: 6.0.1
 platform: ruby
 authors:
 - Tony Arcieri
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-11-08 00:00:00.000000000 Z
+date: 2019-01-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -73,6 +73,7 @@ files:
 - lib/rbnacl/boxes/curve25519xsalsa20poly1305.rb
 - lib/rbnacl/boxes/curve25519xsalsa20poly1305/private_key.rb
 - lib/rbnacl/boxes/curve25519xsalsa20poly1305/public_key.rb
+- lib/rbnacl/boxes/sealed.rb
 - lib/rbnacl/group_elements/curve25519.rb
 - lib/rbnacl/hash.rb
 - lib/rbnacl/hash/blake2b.rb
@@ -108,6 +109,7 @@ files:
 - spec/rbnacl/boxes/curve25519xsalsa20poly1305/private_key_spec.rb
 - spec/rbnacl/boxes/curve25519xsalsa20poly1305/public_key_spec.rb
 - spec/rbnacl/boxes/curve25519xsalsa20poly1305_spec.rb
+- spec/rbnacl/boxes/sealed_spec.rb
 - spec/rbnacl/group_element_spec.rb
 - spec/rbnacl/hash/blake2b_spec.rb
 - spec/rbnacl/hash_spec.rb
@@ -121,12 +123,14 @@ files:
 - spec/rbnacl/signatures/ed25519/signing_key_spec.rb
 - spec/rbnacl/signatures/ed25519/verify_key_spec.rb
 - spec/rbnacl/simple_box_spec.rb
+- spec/rbnacl/sodium_spec.rb
 - spec/rbnacl/util_spec.rb
 - spec/shared/aead.rb
 - spec/shared/authenticator.rb
 - spec/shared/box.rb
 - spec/shared/hmac.rb
 - spec/shared/key_equality.rb
+- spec/shared/sealed_box.rb
 - spec/shared/serializable.rb
 - spec/spec_helper.rb
 - tasks/rspec.rake
@@ -163,6 +167,7 @@ test_files:
 - spec/rbnacl/boxes/curve25519xsalsa20poly1305/private_key_spec.rb
 - spec/rbnacl/boxes/curve25519xsalsa20poly1305/public_key_spec.rb
 - spec/rbnacl/boxes/curve25519xsalsa20poly1305_spec.rb
+- spec/rbnacl/boxes/sealed_spec.rb
 - spec/rbnacl/group_element_spec.rb
 - spec/rbnacl/hash/blake2b_spec.rb
 - spec/rbnacl/hash_spec.rb
@@ -176,11 +181,13 @@ test_files:
 - spec/rbnacl/signatures/ed25519/signing_key_spec.rb
 - spec/rbnacl/signatures/ed25519/verify_key_spec.rb
 - spec/rbnacl/simple_box_spec.rb
+- spec/rbnacl/sodium_spec.rb
 - spec/rbnacl/util_spec.rb
 - spec/shared/aead.rb
 - spec/shared/authenticator.rb
 - spec/shared/box.rb
 - spec/shared/hmac.rb
 - spec/shared/key_equality.rb
+- spec/shared/sealed_box.rb
 - spec/shared/serializable.rb
 - spec/spec_helper.rb