red25519 1.1.0-jruby

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+lib/red25519_engine.*
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rspec

@@ -0,0 +1,4 @@
+--color
+--format documentation
+--backtrace
+--default_path spec

data/.travis.yml

@@ -0,0 +1,14 @@
+rvm:
+  - 1.8.7
+  - 1.9.3
+  - ruby-head
+  - rbx-18mode
+  - rbx-19mode
+  - jruby-18mode
+  - jruby-19mode
+
+matrix:
+  allow_failures:
+    - rvm: ruby-head
+    - rvm: jruby-18mode
+    - rvm: jruby-19mode

data/CHANGES.md

@@ -0,0 +1,3 @@
+1.0.0
+-----
+* Initial release

data/Gemfile

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in red25519.gemspec
+gemspec
+
+gem 'jruby-openssl', :platform => :jruby

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2012 Tony Arcieri
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,140 @@
+Red25519
+========
+[![Build Status](https://secure.travis-ci.org/tarcieri/red25519.png?branch=master)](http://travis-ci.org/tarcieri/red25519)
+
+Red25519 provides a Ruby binding to the Ed25519 public-key signature system
+based on elliptic curves and created by Dan Bernstein et al. Two
+implementations are provided: a MRI C extension which uses the "ref"
+implementation from the SUPERCOP benchmark suite, and a pure Java version
+which is a direct port of the Python implementation.
+
+Ed25519 provides a 128-bit security level, that is to say, all known attacks
+take at least 2^128 operations, providing the same security level as AES-128,
+NIST P-256, and RSA-3072.
+
+![Ed25519 Diagram](https://raw.github.com/tarcieri/red25519/master/ed25519.png)
+
+Ed25519 has a number of unique properties that make it one of the best-in-class
+digital signature algorithms:
+
+* ***Small keys***: Ed25519 keys are only 256-bits (32 bytes), making them
+  small enough to easily copy around. Ed25519 also allows the public key
+  to be derived from the private key, meaning that it doesn't need to be
+  included in a serialized private key in cases you want both.
+* ***Small signatures***: Ed25519 signatures are only 512-bits (64 bytes),
+  one of the smallest signature sizes available.
+* ***Deterministic***: Unlike (EC)DSA, Ed25519 does not rely on an entropy
+  source when signing messages. This can be a potential attack vector if
+  the entropy source is not generating good random numbers. Ed25519 avoids
+  this problem entirely and will always generate the same signature for the
+  same data.
+* ***Collision Resistant***: Hash-function collisions do not break this
+  system. This adds a layer of defense against the possibility of weakness
+  in the selected hash function.
+
+You can read more on [Dan Bernstein's Ed25519 site](http://ed25519.cr.yp.to/).
+
+Installation
+------------
+
+Add this line to your application's Gemfile:
+
+    gem 'red25519'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install red25519
+
+Usage
+-----
+
+Require red25519 in your Ruby program:
+
+```ruby
+require 'red25519'
+```
+
+Generate a new random signing key:
+
+```ruby
+signing_key = Ed25519::SigningKey.generate
+```
+
+Sign a message with the signing key:
+
+```ruby
+signature = signing_key.sign(message)
+```
+
+Obtain the verify key for a given signing key:
+
+```ruby
+verify_key = signing_key.verify_key
+```
+
+Check the validity of a signature:
+
+```ruby
+verify_key.verify(signature, message)
+```
+
+The verify method will return `true` or `false` depending on if the signature matches.
+
+### Serializing Keys
+
+Keys can be serialized as 32-byte binary strings as follows:
+
+```ruby
+signature_key_bytes = signing_key.to_bytes
+verify_key_bytes = verify_key.to_bytes
+```
+
+The binary serialization can be passed directly into the constructor for a given key type:
+
+```ruby
+signing_key = Ed25519::SigningKey.new(signature_key_bytes)
+verify_key  = Ed25519::VerifyKey.new(verify_key_bytes)
+```
+
+You can also serialize keys to a hex string instead of a binary string:
+
+```ruby
+signing_key_hex = signing_key.to_hex
+```
+
+The hex representation can also be passed into the constructor:
+
+```ruby
+signing_key = Ed25519::SigningKey.new(signing_key_hex)
+```
+
+JRuby Notes
+-----------
+
+red25519 provides a pure Java backend, however this backend is much slower
+than the C-based version. While red25519 will function on JRuby, it may be
+too slow to be usable for a given use case. You should benchmark your
+application to determine if it will be fast enough for your purposes.
+
+In the future, red25519 can use an FFI extension to provide better performance
+on JRuby. Alternatively, red25519 can be abandoned for a more comprehensive
+FFI binding to Dan Bernstein's NaCl library, which will soon incorporate
+the SUPERCOP implementation of Ed25519.
+
+Contributing
+------------
+
+* Fork this repository on github
+* Make your changes and send me a pull request
+* If I like them I'll merge them
+* If I've accepted a patch, feel free to ask for commit access
+
+License
+-------
+
+Copyright (c) 2012 Tony Arcieri. Distributed under the MIT License. See
+LICENSE for further details.

data/Rakefile

@@ -0,0 +1,9 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+require "rake/clean"
+
+Dir[File.expand_path("../tasks/**/*.rake", __FILE__)].each { |task| load task }
+
+task :default => %w(compile spec)
+
+CLEAN.include "**/*.o", "**/*.so", "**/*.bundle", "**/*.jar", "pkg", "tmp"

data/ext/red25519/api.h

@@ -0,0 +1,4 @@
+#define CRYPTO_SECRETKEYBYTES 64
+#define CRYPTO_PUBLICKEYBYTES 32
+#define CRYPTO_BYTES 64
+

data/ext/red25519/crypto_int32.h

@@ -0,0 +1,6 @@
+#ifndef crypto_int32_h
+#define crypto_int32_h
+
+typedef int crypto_int32;
+
+#endif

data/ext/red25519/crypto_sign.h

@@ -0,0 +1,13 @@
+#ifndef crypto_sign_edwards25519sha512batch_H
+#define crypto_sign_edwards25519sha512batch_H
+
+#define SECRETKEYBYTES 64
+#define PUBLICKEYBYTES 32
+#define SIGNATUREBYTES 64
+
+extern int crypto_sign(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *);
+extern int crypto_sign_open(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *);
+extern int crypto_sign_keypair(unsigned char *,unsigned char *);
+extern int crypto_sign_publickey(unsigned char *pk, unsigned char *sk, unsigned char *seed);
+
+#endif

data/ext/red25519/crypto_uint32.h

@@ -0,0 +1,6 @@
+#ifndef crypto_uint32_h
+#define crypto_uint32_h
+
+typedef unsigned int crypto_uint32;
+
+#endif

data/ext/red25519/crypto_verify_32.h

@@ -0,0 +1,7 @@
+#ifndef crypto_verify_32_H
+#define crypto_verify_32_H
+
+#define crypto_verify_32_ref_BYTES 32
+extern int crypto_verify_32(const unsigned char *,const unsigned char *);
+
+#endif

data/ext/red25519/ed25519.c

@@ -0,0 +1,136 @@
+#include "crypto_sign.h"
+
+#include "crypto_verify_32.h"
+#include "sha512.h"
+
+#include "ge25519.h"
+
+static void get_hram(unsigned char *hram, const unsigned char *sm, const unsigned char *pk, unsigned char *playground, unsigned long long smlen)
+{
+  unsigned long long i;
+
+  for (i =  0;i < 32;++i)    playground[i] = sm[i];
+  for (i = 32;i < 64;++i)    playground[i] = pk[i-32];
+  for (i = 64;i < smlen;++i) playground[i] = sm[i];
+
+  crypto_hash_sha512(hram,playground,smlen);
+}
+
+
+int crypto_sign_publickey(
+    unsigned char *pk,  // write 32 bytes into this
+    unsigned char *sk,  // write 64 bytes into this (seed+pubkey)
+    unsigned char *seed // 32 bytes
+    )
+{
+  sc25519 scsk;
+  ge25519 gepk;
+  int i;
+
+  crypto_hash_sha512(sk, seed, 32);
+  sk[0] &= 248;
+  sk[31] &= 127;
+  sk[31] |= 64;
+
+  sc25519_from32bytes(&scsk,sk);
+  
+  ge25519_scalarmult_base(&gepk, &scsk);
+  ge25519_pack(pk, &gepk);
+  for(i=0;i<32;i++)
+    sk[32 + i] = pk[i];
+  for(i=0;i<32;i++)
+    sk[i] = seed[i];
+  return 0;
+}
+
+int crypto_sign(
+    unsigned char *sm,unsigned long long *smlen,
+    const unsigned char *m,unsigned long long mlen,
+    const unsigned char *sk
+    )
+{
+  sc25519 sck, scs, scsk;
+  ge25519 ger;
+  unsigned char r[32];
+  unsigned char s[32];
+  unsigned char extsk[64];
+  unsigned long long i;
+  unsigned char hmg[crypto_hash_sha512_BYTES];
+  unsigned char hram[crypto_hash_sha512_BYTES];
+
+  crypto_hash_sha512(extsk, sk, 32);
+  extsk[0] &= 248;
+  extsk[31] &= 127;
+  extsk[31] |= 64;
+
+  *smlen = mlen+64;
+  for(i=0;i<mlen;i++)
+    sm[64 + i] = m[i];
+  for(i=0;i<32;i++)
+    sm[32 + i] = extsk[32+i];
+
+  crypto_hash_sha512(hmg, sm+32, mlen+32); /* Generate k as h(extsk[32],...,extsk[63],m) */
+
+  /* Computation of R */
+  sc25519_from64bytes(&sck, hmg);
+  ge25519_scalarmult_base(&ger, &sck);
+  ge25519_pack(r, &ger);
+  
+  /* Computation of s */
+  for(i=0;i<32;i++)
+    sm[i] = r[i];
+
+  get_hram(hram, sm, sk+32, sm, mlen+64);
+
+  sc25519_from64bytes(&scs, hram);
+  sc25519_from32bytes(&scsk, extsk);
+  sc25519_mul(&scs, &scs, &scsk);
+  
+  sc25519_add(&scs, &scs, &sck);
+
+  sc25519_to32bytes(s,&scs); /* cat s */
+  for(i=0;i<32;i++)
+    sm[32 + i] = s[i]; 
+
+  return 0;
+}
+
+int crypto_sign_open(
+    unsigned char *m,unsigned long long *mlen,
+    const unsigned char *sm,unsigned long long smlen,
+    const unsigned char *pk
+    )
+{
+  int i, ret;
+  unsigned char t2[32];
+  ge25519 get1, get2;
+  sc25519 schram, scs;
+  unsigned char hram[crypto_hash_sha512_BYTES];
+
+  if (ge25519_unpackneg_vartime(&get1, pk)) return -1;
+
+  get_hram(hram,sm,pk,m,smlen);
+
+  sc25519_from64bytes(&schram, hram);
+
+  sc25519_from32bytes(&scs, sm+32);
+
+  ge25519_double_scalarmult_vartime(&get2, &get1, &schram, &ge25519_base, &scs);
+  ge25519_pack(t2, &get2);
+
+  ret = crypto_verify_32(sm, t2);
+
+  if (!ret)
+  {
+    for(i=0;i<smlen-64;i++)
+      m[i] = sm[i + 64];
+    *mlen = smlen-64;
+  }
+  else
+  {
+    for(i=0;i<smlen-64;i++)
+      m[i] = 0;
+    *mlen = (unsigned long long) -1;
+  }
+  return ret;
+}

data/ext/red25519/extconf.rb

@@ -0,0 +1,4 @@
+require 'mkmf'
+
+dir_config 'red25519_engine'
+create_makefile 'red25519_engine'