ruby_nacl 0.1.0

data/ext/ruby_nacl/NaCl/crypto_sign/edwards25519sha512batch/ref/ge25519.h

@@ -0,0 +1,34 @@
+#ifndef GE25519_H
+#define GE25519_H
+
+#include "fe25519.h"
+#include "sc25519.h"
+
+#define ge25519 crypto_sign_edwards25519sha512batch_ge25519
+#define ge25519_unpack_vartime crypto_sign_edwards25519sha512batch_ge25519_unpack_vartime
+#define ge25519_pack crypto_sign_edwards25519sha512batch_ge25519_pack
+#define ge25519_add crypto_sign_edwards25519sha512batch_ge25519_add
+#define ge25519_double crypto_sign_edwards25519sha512batch_ge25519_double
+#define ge25519_scalarmult crypto_sign_edwards25519sha512batch_ge25519_scalarmult
+#define ge25519_scalarmult_base crypto_sign_edwards25519sha512batch_ge25519_scalarmult_base
+
+typedef struct {
+  fe25519 x;
+  fe25519 y;
+  fe25519 z;
+  fe25519 t;
+} ge25519;
+
+int ge25519_unpack_vartime(ge25519 *r, const unsigned char p[32]);
+
+void ge25519_pack(unsigned char r[32], const ge25519 *p);
+
+void ge25519_add(ge25519 *r, const ge25519 *p, const ge25519 *q);
+
+void ge25519_double(ge25519 *r, const ge25519 *p);
+
+void ge25519_scalarmult(ge25519 *r, const ge25519 *p, const sc25519 *s);
+
+void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s);
+
+#endif

data/ext/ruby_nacl/NaCl/crypto_sign/edwards25519sha512batch/ref/sc25519.c

@@ -0,0 +1,146 @@
+#include "sc25519.h"
+
+/*Arithmetic modulo the group order n = 2^252 +  27742317777372353535851937790883648493 = 7237005577332262213973186563042994240857116359379907606001950938285454250989 */
+
+static const crypto_uint32 m[32] = {0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2, 0xDE, 0xF9, 0xDE, 0x14, 
+                                    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10};
+
+static const crypto_uint32 mu[33] = {0x1B, 0x13, 0x2C, 0x0A, 0xA3, 0xE5, 0x9C, 0xED, 0xA7, 0x29, 0x63, 0x08, 0x5D, 0x21, 0x06, 0x21, 
+                                     0xEB, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F};
+
+/* Reduce coefficients of r before calling reduce_add_sub */
+static void reduce_add_sub(sc25519 *r)
+{
+  int i, b, pb=0, nb;
+  unsigned char t[32];
+
+  for(i=0;i<32;i++) 
+  {
+    b = (r->v[i]<pb+m[i]);
+    t[i] = r->v[i]-pb-m[i]+b*256;
+    pb = b;
+  }
+  nb = 1-b;
+  for(i=0;i<32;i++) 
+    r->v[i] = r->v[i]*b + t[i]*nb;
+}
+
+/* Reduce coefficients of x before calling barrett_reduce */
+static void barrett_reduce(sc25519 *r, const crypto_uint32 x[64])
+{
+  /* See HAC, Alg. 14.42 */
+  int i,j;
+  crypto_uint32 q2[66] = {0};
+  crypto_uint32 *q3 = q2 + 33;
+  crypto_uint32 r1[33];
+  crypto_uint32 r2[33] = {0};
+  crypto_uint32 carry;
+  int b, pb=0;
+
+  for(i=0;i<33;i++)
+    for(j=0;j<33;j++)
+      if(i+j >= 31) q2[i+j] += mu[i]*x[j+31];
+  carry = q2[31] >> 8;
+  q2[32] += carry;
+  carry = q2[32] >> 8;
+  q2[33] += carry;
+
+  for(i=0;i<33;i++)r1[i] = x[i];
+  for(i=0;i<32;i++)
+    for(j=0;j<33;j++)
+      if(i+j < 33) r2[i+j] += m[i]*q3[j];
+
+  for(i=0;i<32;i++)
+  {
+    carry = r2[i] >> 8;
+    r2[i+1] += carry;
+    r2[i] &= 0xff;
+  }
+
+  for(i=0;i<32;i++) 
+  {
+    b = (r1[i]<pb+r2[i]);
+    r->v[i] = r1[i]-pb-r2[i]+b*256;
+    pb = b;
+  }
+
+  /* XXX: Can it really happen that r<0?, See HAC, Alg 14.42, Step 3 
+   * If so: Handle  it here!
+   */
+
+  reduce_add_sub(r);
+  reduce_add_sub(r);
+}
+
+/*
+static int iszero(const sc25519 *x)
+{
+  // Implement
+  return 0;
+}
+*/
+
+void sc25519_from32bytes(sc25519 *r, const unsigned char x[32])
+{
+  int i;
+  crypto_uint32 t[64] = {0};
+  for(i=0;i<32;i++) t[i] = x[i];
+  barrett_reduce(r, t);
+}
+
+void sc25519_from64bytes(sc25519 *r, const unsigned char x[64])
+{
+  int i;
+  crypto_uint32 t[64] = {0};
+  for(i=0;i<64;i++) t[i] = x[i];
+  barrett_reduce(r, t);
+}
+
+/* XXX: What we actually want for crypto_group is probably just something like
+ * void sc25519_frombytes(sc25519 *r, const unsigned char *x, size_t xlen)
+ */
+
+void sc25519_to32bytes(unsigned char r[32], const sc25519 *x)
+{
+  int i;
+  for(i=0;i<32;i++) r[i] = x->v[i];
+}
+
+void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y)
+{
+  int i, carry;
+  for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i];
+  for(i=0;i<31;i++)
+  {
+    carry = r->v[i] >> 8;
+    r->v[i+1] += carry;
+    r->v[i] &= 0xff;
+  }
+  reduce_add_sub(r);
+}
+
+void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y)
+{
+  int i,j,carry;
+  crypto_uint32 t[64];
+  for(i=0;i<64;i++)t[i] = 0;
+
+  for(i=0;i<32;i++)
+    for(j=0;j<32;j++)
+      t[i+j] += x->v[i] * y->v[j];
+
+  /* Reduce coefficients */
+  for(i=0;i<63;i++)
+  {
+    carry = t[i] >> 8;
+    t[i+1] += carry;
+    t[i] &= 0xff;
+  }
+
+  barrett_reduce(r, t);
+}
+
+void sc25519_square(sc25519 *r, const sc25519 *x)
+{
+  sc25519_mul(r, x, x);
+}

data/ext/ruby_nacl/NaCl/crypto_sign/edwards25519sha512batch/ref/sc25519.h

@@ -0,0 +1,51 @@
+#ifndef SC25519_H
+#define SC25519_H
+
+#define sc25519 crypto_sign_edwards25519sha512batch_sc25519
+#define sc25519_from32bytes crypto_sign_edwards25519sha512batch_sc25519_from32bytes
+#define sc25519_from64bytes crypto_sign_edwards25519sha512batch_sc25519_from64bytes
+#define sc25519_to32bytes crypto_sign_edwards25519sha512batch_sc25519_to32bytes
+#define sc25519_pack crypto_sign_edwards25519sha512batch_sc25519_pack
+#define sc25519_getparity crypto_sign_edwards25519sha512batch_sc25519_getparity
+#define sc25519_setone crypto_sign_edwards25519sha512batch_sc25519_setone
+#define sc25519_setzero crypto_sign_edwards25519sha512batch_sc25519_setzero
+#define sc25519_neg crypto_sign_edwards25519sha512batch_sc25519_neg
+#define sc25519_add crypto_sign_edwards25519sha512batch_sc25519_add
+#define sc25519_sub crypto_sign_edwards25519sha512batch_sc25519_sub
+#define sc25519_mul crypto_sign_edwards25519sha512batch_sc25519_mul
+#define sc25519_square crypto_sign_edwards25519sha512batch_sc25519_square
+#define sc25519_invert crypto_sign_edwards25519sha512batch_sc25519_invert
+
+#include "crypto_uint32.h"
+
+typedef struct {
+  crypto_uint32 v[32]; 
+} sc25519;
+
+void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]);
+
+void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]);
+
+void sc25519_to32bytes(unsigned char r[32], const sc25519 *x);
+
+void sc25519_pack(unsigned char r[32], const sc25519 *x);
+
+unsigned char sc25519_getparity(const sc25519 *x);
+
+void sc25519_setone(sc25519 *r);
+
+void sc25519_setzero(sc25519 *r);
+
+void sc25519_neg(sc25519 *r, const sc25519 *x);
+
+void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y);
+
+void sc25519_sub(sc25519 *r, const sc25519 *x, const sc25519 *y);
+
+void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y);
+
+void sc25519_square(sc25519 *r, const sc25519 *x);
+
+void sc25519_invert(sc25519 *r, const sc25519 *x);
+
+#endif

data/ext/ruby_nacl/NaCl/crypto_sign/edwards25519sha512batch/ref/sign.c

@@ -0,0 +1,103 @@
+#include "api.h"
+#include "crypto_sign.h"
+#include "crypto_hash_sha512.h"
+#include "randombytes.h"
+#include "crypto_verify_32.h"
+
+#include "ge25519.h"
+
+int crypto_sign_keypair(
+    unsigned char *pk,
+    unsigned char *sk
+    )
+{
+  sc25519 scsk;
+  ge25519 gepk;
+
+  randombytes(sk, 32);
+  crypto_hash_sha512(sk, sk, 32);
+  sk[0] &= 248;
+  sk[31] &= 127;
+  sk[31] |= 64;
+
+  sc25519_from32bytes(&scsk,sk);
+  
+  ge25519_scalarmult_base(&gepk, &scsk);
+  ge25519_pack(pk, &gepk);
+  return 0;
+}
+
+int crypto_sign(
+    unsigned char *sm,unsigned long long *smlen,
+    const unsigned char *m,unsigned long long mlen,
+    const unsigned char *sk
+    )
+{
+  sc25519 sck, scs, scsk;
+  ge25519 ger;
+  unsigned char r[32];
+  unsigned char s[32];
+  unsigned long long i;
+  unsigned char hmg[crypto_hash_sha512_BYTES];
+  unsigned char hmr[crypto_hash_sha512_BYTES];
+
+  *smlen = mlen+64;
+  for(i=0;i<mlen;i++)
+    sm[32 + i] = m[i];
+  for(i=0;i<32;i++)
+    sm[i] = sk[32+i];
+  crypto_hash_sha512(hmg, sm, mlen+32); /* Generate k as h(m,sk[32],...,sk[63]) */
+
+  sc25519_from64bytes(&sck, hmg);
+  ge25519_scalarmult_base(&ger, &sck);
+  ge25519_pack(r, &ger);
+  
+  for(i=0;i<32;i++)
+    sm[i] = r[i];
+
+  crypto_hash_sha512(hmr, sm, mlen+32); /* Compute h(m,r) */
+  sc25519_from64bytes(&scs, hmr);
+  sc25519_mul(&scs, &scs, &sck);
+  
+  sc25519_from32bytes(&scsk, sk);
+  sc25519_add(&scs, &scs, &scsk);
+
+  sc25519_to32bytes(s,&scs); /* cat s */
+  for(i=0;i<32;i++)
+    sm[mlen+32+i] = s[i]; 
+
+  return 0;
+}
+
+int crypto_sign_open(
+    unsigned char *m,unsigned long long *mlen,
+    const unsigned char *sm,unsigned long long smlen,
+    const unsigned char *pk
+    )
+{
+  int i;
+  unsigned char t1[32], t2[32];
+  ge25519 get1, get2, gepk;
+  sc25519 schmr, scs;
+  unsigned char hmr[crypto_hash_sha512_BYTES];
+
+  if (ge25519_unpack_vartime(&get1, sm)) return -1;
+  if (ge25519_unpack_vartime(&gepk, pk)) return -1;
+
+  crypto_hash_sha512(hmr,sm,smlen-32);
+
+  sc25519_from64bytes(&schmr, hmr);
+  ge25519_scalarmult(&get1, &get1, &schmr);
+  ge25519_add(&get1, &get1, &gepk);
+  ge25519_pack(t1, &get1);
+
+  sc25519_from32bytes(&scs, &sm[smlen-32]);
+  ge25519_scalarmult_base(&get2, &scs);
+  ge25519_pack(t2, &get2);
+
+  for(i=0;i<smlen-64;i++)
+    m[i] = sm[i + 32];
+  *mlen = smlen-64;
+
+  return crypto_verify_32(t1, t2);
+}

data/ext/ruby_nacl/NaCl/crypto_sign/measure.c

@@ -0,0 +1,83 @@
+#include <stdlib.h>
+#include "randombytes.h"
+#include "cpucycles.h"
+#include "crypto_sign.h"
+
+extern void printentry(long long,const char *,long long *,long long);
+extern unsigned char *alignedcalloc(unsigned long long);
+extern const char *primitiveimplementation;
+extern const char *implementationversion;
+extern const char *sizenames[];
+extern const long long sizes[];
+extern void allocate(void);
+extern void measure(void);
+
+const char *primitiveimplementation = crypto_sign_IMPLEMENTATION;
+const char *implementationversion = crypto_sign_VERSION;
+const char *sizenames[] = { "outputbytes", "publickeybytes", "secretkeybytes", 0 };
+const long long sizes[] = { crypto_sign_BYTES, crypto_sign_PUBLICKEYBYTES, crypto_sign_SECRETKEYBYTES };
+
+#define MAXTEST_BYTES 100000
+
+static unsigned char *pk;
+static unsigned char *sk;
+static unsigned char *m; unsigned long long mlen;
+static unsigned char *sm; unsigned long long smlen;
+static unsigned char *t; unsigned long long tlen;
+
+void preallocate(void)
+{
+#ifdef RAND_R_PRNG_NOT_SEEDED
+  RAND_status();
+#endif
+}
+
+void allocate(void)
+{
+  pk = alignedcalloc(crypto_sign_PUBLICKEYBYTES);
+  sk = alignedcalloc(crypto_sign_SECRETKEYBYTES);
+  m = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
+  sm = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
+  t = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
+}
+
+#define TIMINGS 31
+static long long cycles[TIMINGS + 1];
+static long long bytes[TIMINGS + 1];
+
+void measure(void)
+{
+  int i;
+  int loop;
+
+  for (loop = 0;loop < LOOPS;++loop) {
+    for (i = 0;i <= TIMINGS;++i) {
+      cycles[i] = cpucycles();
+      crypto_sign_keypair(pk,sk);
+    }
+    for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+    printentry(-1,"keypair_cycles",cycles,TIMINGS);
+
+    for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / 4) {
+      randombytes(m,mlen);
+
+      for (i = 0;i <= TIMINGS;++i) {
+        cycles[i] = cpucycles();
+        bytes[i] = crypto_sign(sm,&smlen,m,mlen,sk);
+	if (bytes[i] == 0) bytes[i] = smlen;
+      }
+      for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+      printentry(mlen,"cycles",cycles,TIMINGS);
+      printentry(mlen,"bytes",bytes,TIMINGS);
+
+      for (i = 0;i <= TIMINGS;++i) {
+        cycles[i] = cpucycles();
+        bytes[i] = crypto_sign_open(t,&tlen,sm,smlen,pk);
+	if (bytes[i] == 0) bytes[i] = tlen;
+      }
+      for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+      printentry(mlen,"open_cycles",cycles,TIMINGS);
+      printentry(mlen,"open_bytes",bytes,TIMINGS);
+    }
+  }
+}

data/ext/ruby_nacl/NaCl/crypto_sign/try.c

@@ -0,0 +1,86 @@
+/*
+ * crypto_sign/try.c version 20090118
+ * D. J. Bernstein
+ * Public domain.
+ */
+
+#include <stdlib.h>
+#include "randombytes.h"
+#include "crypto_sign.h"
+
+#define MAXTEST_BYTES 10000
+#define TUNE_BYTES 1536
+
+extern unsigned char *alignedcalloc(unsigned long long);
+
+const char *primitiveimplementation = crypto_sign_IMPLEMENTATION;
+
+static unsigned char *pk;
+static unsigned char *sk;
+static unsigned char *m; unsigned long long mlen;
+static unsigned char *sm; unsigned long long smlen;
+static unsigned char *t; unsigned long long tlen;
+
+void preallocate(void)
+{
+#ifdef RAND_R_PRNG_NOT_SEEDED
+  RAND_status();
+#endif
+}
+
+void allocate(void)
+{
+  pk = alignedcalloc(crypto_sign_PUBLICKEYBYTES);
+  sk = alignedcalloc(crypto_sign_SECRETKEYBYTES);
+  m = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
+  sm = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
+  t = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
+}
+
+void predoit(void)
+{
+  crypto_sign_keypair(pk,sk);
+  mlen = TUNE_BYTES;
+  smlen = 0;
+  randombytes(m,mlen);
+  crypto_sign(sm,&smlen,m,mlen,sk);
+}
+
+void doit(void)
+{
+  crypto_sign_open(t,&tlen,sm,smlen,pk);
+}
+
+char checksum[crypto_sign_BYTES * 2 + 1];
+
+const char *checksum_compute(void)
+{
+  long long mlen;
+  long long i;
+  long long j;
+
+  if (crypto_sign_keypair(pk,sk) != 0) return "crypto_sign_keypair returns nonzero";
+  for (mlen = 0;mlen < MAXTEST_BYTES;mlen += 1 + (mlen / 16)) {
+    if (crypto_sign(sm,&smlen,m,mlen,sk) != 0) return "crypto_sign returns nonzero";
+    if (crypto_sign_open(t,&tlen,sm,smlen,pk) != 0) return "crypto_sign_open returns nonzero";
+    if (tlen != mlen) return "crypto_sign_open does not match length";
+    for (i = 0;i < tlen;++i)
+      if (t[i] != m[i])
+        return "crypto_sign_open does not match contents";
+
+    j = random() % smlen;
+    sm[j] ^= 1;
+    if (crypto_sign_open(t,&tlen,sm,smlen,pk) == 0) {
+      if (tlen != mlen) return "crypto_sign_open allows trivial forgery of length";
+      for (i = 0;i < tlen;++i)
+        if (t[i] != m[i])
+          return "crypto_sign_open allows trivial forgery of contents";
+    }
+    sm[j] ^= 1;
+
+  }
+
+  /* do some long-term checksum */
+  checksum[0] = 0;
+  return 0;
+}

data/ext/ruby_nacl/NaCl/crypto_sign/wrapper-keypair.cpp

@@ -0,0 +1,12 @@
+#include <string>
+using std::string;
+#include "crypto_sign.h"
+
+string crypto_sign_keypair(string *sk_string)
+{
+  unsigned char pk[crypto_sign_PUBLICKEYBYTES];
+  unsigned char sk[crypto_sign_SECRETKEYBYTES];
+  crypto_sign_keypair(pk,sk);
+  *sk_string = string((char *) sk,sizeof sk);
+  return string((char *) pk,sizeof pk);
+}

data/ext/ruby_nacl/NaCl/crypto_sign/wrapper-sign-open.cpp

@@ -0,0 +1,24 @@
+#include <string>
+using std::string;
+#include "crypto_sign.h"
+
+string crypto_sign_open(const string &sm_string, const string &pk_string)
+{
+  if (pk_string.size() != crypto_sign_PUBLICKEYBYTES) throw "incorrect public-key length";
+  size_t smlen = sm_string.size();
+  unsigned char m[smlen];
+  unsigned long long mlen;
+  for (int i = 0;i < smlen;++i) m[i] = sm_string[i];
+  if (crypto_sign_open(
+        m,
+        &mlen,
+        m,
+        smlen,
+        (const unsigned char *) pk_string.c_str()
+        ) != 0)
+    throw "ciphertext fails verification";
+  return string(
+    (char *) m,
+    mlen
+  );
+}

data/ext/ruby_nacl/NaCl/crypto_sign/wrapper-sign.cpp

@@ -0,0 +1,23 @@
+#include <string>
+using std::string;
+#include "crypto_sign.h"
+
+string crypto_sign(const string &m_string, const string &sk_string)
+{
+  if (sk_string.size() != crypto_sign_SECRETKEYBYTES) throw "incorrect secret-key length";
+  size_t mlen = m_string.size();
+  unsigned char m[mlen+crypto_sign_BYTES];
+  unsigned long long smlen;
+  for (int i = 0;i < mlen;++i) m[i] = m_string[i];
+  crypto_sign(
+      m, 
+      &smlen, 
+      m, 
+      mlen, 
+      (const unsigned char *) sk_string.c_str()
+      );
+  return string(
+      (char *) m,
+      smlen
+  );
+}

data/ext/ruby_nacl/NaCl/crypto_stream/aes128ctr/checksum

@@ -0,0 +1 @@
+6e9966897837aae181e93261ae88fdf0