siv-rb 0.0.1

data/ext/siv/aes_locl.h

@@ -0,0 +1,89 @@
+/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef HEADER_AES_LOCL_H
+#define HEADER_AES_LOCL_H
+
+#include <openssl/e_os2.h>
+
+#ifdef OPENSSL_NO_AES
+#error AES is disabled.
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
+# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
+# define GETU32(p) SWAP(*((u32 *)(p)))
+# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
+#else
+# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
+# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
+#endif
+
+#ifdef AES_LONG
+typedef unsigned long u32;
+#else
+typedef unsigned int u32;
+#endif
+typedef unsigned short u16;
+typedef unsigned char u8;
+
+#define MAXKC   (256/32)
+#define MAXKB   (256/8)
+#define MAXNR   14
+
+/* This controls loop-unrolling in aes_core.c */
+#undef FULL_UNROLL
+
+#endif /* !HEADER_AES_LOCL_H */

data/ext/siv/extconf.rb

@@ -0,0 +1,6 @@
+require 'mkmf'
+
+dir_config('openssl')
+have_header("openssl/ssl.h")
+have_library("ssl", "SSLv23_method")
+create_makefile('siv/wrapper')

data/ext/siv/siv.c

@@ -0,0 +1,364 @@
+/*
+ * Copyright (c) The Industrial Lounge, 2007
+ *
+ *  Copyright holder grants permission for redistribution and use in source 
+ *  and binary forms, with or without modification, provided that the 
+ *  following conditions are met:
+ *     1. Redistribution of source code must retain the above copyright
+ *        notice, this list of conditions, and the following disclaimer
+ *        in all source files.
+ *     2. Redistribution in binary form must retain the above copyright
+ *        notice, this list of conditions, and the following disclaimer
+ *        in the documentation and/or other materials provided with the
+ *        distribution.
+ *     3. All advertising materials and documentation mentioning features
+ *	  or use of this software must display the following acknowledgement:
+ *
+ *        "This product includes software written by
+ *         Dan Harkins (dharkins at lounge dot org)"
+ *
+ *  "DISCLAIMER OF LIABILITY
+ *  
+ *  THIS SOFTWARE IS PROVIDED BY THE INDUSTRIAL LOUNGE ``AS IS'' 
+ *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 
+ *  THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
+ *  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE INDUSTRIAL LOUNGE BE LIABLE
+ *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ *  DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
+ *  SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ *  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ *  LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ *  OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ *  SUCH DAMAGE."
+ *
+ * This license and distribution terms cannot be changed. In other words,
+ * this code cannot simply be copied and put under another distribution
+ * license (including the GNU public license).
+ */
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/aes.h>
+#include "siv.h"
+#include "aes_locl.h"
+
+#define Rb		0x87
+
+static void
+xor (unsigned char *output, const unsigned char *input)
+{
+    int i;
+
+    i = AES_BLOCK_SIZE - 1;
+    do {
+	output[i] ^= input[i];
+	i--;
+    } while (i >= 0);
+    return;
+}
+
+static void
+times_two (unsigned char *output, unsigned char *input)
+{
+    int i;
+    unsigned char *out = output, *in = input;
+    unsigned char carry = 0;
+
+    out = output + AES_BLOCK_SIZE - 1;
+    in = input + AES_BLOCK_SIZE - 1;
+    for (i = 0; i < AES_BLOCK_SIZE; i++) {
+	*(out--) = (*in << 1) | carry;
+	carry = (*(in--) & 0x80) ? 1 : 0;
+    }
+
+    if (carry) {
+	output[AES_BLOCK_SIZE-1] ^= Rb;
+    }
+    return;
+}
+
+static void
+pad (unsigned char *buf, int len)
+{
+    int i;
+
+    i = len;
+    buf[i++] = 0x80;
+    if (i < AES_BLOCK_SIZE) {
+	memset(buf + i, 0, AES_BLOCK_SIZE - i);
+    }
+}
+
+void
+aes_cmac (siv_ctx *ctx, const unsigned char *msg, int mlen, unsigned char *C)
+{
+    int n, i, slop;
+    unsigned char Mn[AES_BLOCK_SIZE], *ptr;
+
+    // NOTE(jacobsa): For some reason, weird things happen when when `zero` is
+    // a global, as in the original program.
+    unsigned char zero[AES_BLOCK_SIZE] = {
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    };
+
+    memcpy(C, zero, AES_BLOCK_SIZE);
+
+    n = (mlen+(AES_BLOCK_SIZE-1))/AES_BLOCK_SIZE;
+
+    ptr = (unsigned char *)msg;
+    for (i = 0; i < (n-1); i++) {
+	xor(C, ptr);
+	AES_ecb_encrypt(C, C, &ctx->s2v_sched, AES_ENCRYPT);
+	ptr += AES_BLOCK_SIZE;
+    }
+
+    memset(Mn, 0, AES_BLOCK_SIZE);
+    if ((slop = (mlen % AES_BLOCK_SIZE)) != 0) {
+	memcpy(Mn, ptr, slop);
+	pad(Mn, slop);
+	xor(Mn, ctx->K2);
+    } else {
+	if (msg != NULL && mlen != 0) {
+	    memcpy(Mn, ptr, AES_BLOCK_SIZE);
+	    xor(Mn, ctx->K1);
+	} else {
+	    pad(Mn, 0);
+	    xor(Mn, ctx->K2);
+	}
+    }
+    xor(C, Mn);
+    AES_ecb_encrypt(C, C, &ctx->s2v_sched, AES_ENCRYPT);
+    return;
+}
+
+int
+s2v_final (siv_ctx *ctx, const unsigned char *X, int xlen, unsigned char *digest)
+{
+    unsigned char T[AES_BLOCK_SIZE], C[AES_BLOCK_SIZE];
+    unsigned char padX[AES_BLOCK_SIZE], *ptr;
+    int blocks, i, slop;
+
+    // NOTE(jacobsa): For some reason, weird things happen when when `zero` is
+    // a global, as in the original program.
+    unsigned char zero[AES_BLOCK_SIZE] = {
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    };
+
+    if (xlen < AES_BLOCK_SIZE) {
+	memcpy(padX, X, xlen);
+	pad(padX, xlen);
+
+	times_two(T, ctx->T);
+	xor(T, padX);
+	aes_cmac(ctx, T, AES_BLOCK_SIZE, digest);
+    } else {
+        if (xlen == AES_BLOCK_SIZE) {
+            memcpy(T, X, AES_BLOCK_SIZE);
+            xor(T, ctx->T);
+            aes_cmac(ctx, T, AES_BLOCK_SIZE, digest);
+        } else {
+            blocks = (xlen+(AES_BLOCK_SIZE-1))/AES_BLOCK_SIZE - 1;
+            ptr = (unsigned char *)X;
+            memcpy(C, zero, AES_BLOCK_SIZE);
+            if (blocks > 1) {
+                for (i = 0; i < (blocks-1); i++) {
+                    xor(C, ptr);
+                    AES_ecb_encrypt(C, C, &ctx->s2v_sched, AES_ENCRYPT);
+                    ptr += AES_BLOCK_SIZE;
+                }
+            }
+            memcpy(T, ptr, AES_BLOCK_SIZE);
+            slop = xlen % AES_BLOCK_SIZE;
+            if (slop) {
+                for (i = 0; i < AES_BLOCK_SIZE - slop; i++) {
+                    T[i + slop] ^= ctx->T[i];
+                }
+                xor(C, T);
+                AES_ecb_encrypt(C, C, &ctx->s2v_sched, AES_ENCRYPT);
+                ptr += AES_BLOCK_SIZE;
+                memset(T, 0, AES_BLOCK_SIZE);
+                memcpy(T, ptr, slop);
+                for (i = 0; i < slop; i++) {
+                    T[i] ^= ctx->T[(AES_BLOCK_SIZE-slop)+i];
+                }
+                pad(T, slop);
+                xor(T, ctx->K2);
+            } else {
+                xor(C, ptr);
+                AES_ecb_encrypt(C, C, &ctx->s2v_sched, AES_ENCRYPT);
+                ptr += AES_BLOCK_SIZE;
+                memcpy(T, ptr, AES_BLOCK_SIZE);
+                xor(T, ctx->T);
+                xor(T, ctx->K1);
+            }
+            xor(C, T);
+            AES_ecb_encrypt(C, digest, &ctx->s2v_sched, AES_ENCRYPT);
+        }
+
+    }
+    return 0;
+}
+
+void
+s2v_add (siv_ctx *ctx, const unsigned char *Y)
+{
+    unsigned char T[AES_BLOCK_SIZE];
+
+    memcpy(T, ctx->T, AES_BLOCK_SIZE);
+    times_two(ctx->T, T);
+    xor(ctx->T, Y);
+}
+
+void
+s2v_update (siv_ctx *ctx, const unsigned char *X, int xlen)
+{
+    unsigned char Y[AES_BLOCK_SIZE];
+
+    aes_cmac(ctx, X, xlen, Y);
+    s2v_add(ctx, Y);
+}
+
+int
+siv_init (siv_ctx *ctx, const unsigned char *key, int keylen)
+{
+    unsigned char L[AES_BLOCK_SIZE];
+
+    // NOTE(jacobsa): For some reason, weird things happen when when `zero` is
+    // a global, as in the original program.
+    unsigned char zero[AES_BLOCK_SIZE] = {
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    };
+
+    memset((char *)ctx, 0, sizeof(siv_ctx));
+    switch (keylen) {
+        case SIV_512:
+            AES_set_encrypt_key(key, 256, &ctx->s2v_sched);
+            AES_set_encrypt_key(key+AES_256_BYTES, 256, &ctx->ctr_sched);
+            break;
+        case SIV_384:
+            AES_set_encrypt_key(key, 192, &ctx->s2v_sched);
+            AES_set_encrypt_key(key+AES_192_BYTES, 192, &ctx->ctr_sched);
+            break;
+        case SIV_256:
+            AES_set_encrypt_key(key, 128, &ctx->s2v_sched);
+            AES_set_encrypt_key(key+AES_128_BYTES, 128, &ctx->ctr_sched);
+            break;
+        default:
+            return -1;
+    }
+
+    AES_ecb_encrypt(zero, L, &ctx->s2v_sched, AES_ENCRYPT);
+    times_two(ctx->K1, L);
+    times_two(ctx->K2, ctx->K1);
+
+    memset(ctx->benchmark, 0, AES_BLOCK_SIZE);
+    aes_cmac(ctx, zero, AES_BLOCK_SIZE, ctx->T);
+    return 1;
+}    
+
+void
+siv_restart (siv_ctx *ctx)
+{
+    // NOTE(jacobsa): For some reason, weird things happen when when `zero` is
+    // a global, as in the original program.
+    unsigned char zero[AES_BLOCK_SIZE] = {
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    };
+
+    memset(ctx->benchmark, 0, AES_BLOCK_SIZE);
+    memset(ctx->T, 0, AES_BLOCK_SIZE);
+    aes_cmac(ctx, zero, AES_BLOCK_SIZE, ctx->T);
+}
+
+void
+s2v_benchmark (siv_ctx *ctx)
+{
+    memcpy(ctx->benchmark, ctx->T, AES_BLOCK_SIZE);
+}
+
+void
+s2v_reset (siv_ctx *ctx)
+{
+    memcpy(ctx->T, ctx->benchmark, AES_BLOCK_SIZE);
+}
+
+void
+siv_aes_ctr (siv_ctx *ctx, const unsigned char *p, const int lenp,
+             unsigned char *c, const unsigned char *iv)
+{
+    int i, j;
+    unsigned char ctr[AES_BLOCK_SIZE], ecr[AES_BLOCK_SIZE];
+    unsigned long inc;
+
+    memcpy(ctr, iv, AES_BLOCK_SIZE);
+    ctr[12] &= 0x7f; ctr[8] &= 0x7f;
+    inc = GETU32(ctr + 12);
+    for (i = 0; i < lenp; i+=AES_BLOCK_SIZE) {
+        AES_ecb_encrypt(ctr, ecr, &ctx->ctr_sched, AES_ENCRYPT);
+        for (j = 0; j < AES_BLOCK_SIZE; j++) {
+            if ((i + j) == lenp) {
+                return;
+            }
+            c[i+j] = p[i+j] ^ ecr[j];
+        }
+        inc++; inc &= 0xffffffff;
+        PUTU32(ctr + 12, inc);
+    }
+}
+
+int
+siv_encrypt (siv_ctx *ctx, const unsigned char *p, unsigned char *c,
+             const int len, unsigned char *counter, 
+             const int nad, const int* adlens, const unsigned char** ads)
+{
+    const unsigned char *ad;
+    int adlen;
+    int i;
+    unsigned char ctr[AES_BLOCK_SIZE];
+
+		for (i = 0; i < nad; ++i) {
+				ad = ads[i];
+				adlen = adlens[i];
+				s2v_update(ctx, ad, adlen);
+		}
+
+    s2v_final(ctx, p, len, ctr);
+    memcpy(counter, ctr, AES_BLOCK_SIZE);
+    siv_aes_ctr(ctx, p, len, c, ctr);
+    siv_restart(ctx);
+    return 1;
+}
+
+int
+siv_decrypt (siv_ctx *ctx, const unsigned char *c, unsigned char *p,
+             const int len, unsigned char *counter, 
+             const int nad, const int* adlens, const unsigned char** ads)
+{
+    va_list ap;
+    const unsigned char *ad;
+    int adlen;
+    int i;
+    unsigned char ctr[AES_BLOCK_SIZE];
+
+    memcpy(ctr, counter, AES_BLOCK_SIZE);
+    siv_aes_ctr(ctx, c, len, p, ctr);
+    for (i = 0; i < nad; ++i) {
+      ad = ads[i];
+      adlen = adlens[i];
+      s2v_update(ctx, ad, adlen);
+    }
+    s2v_final(ctx, p, len, ctr);
+
+    siv_restart(ctx);
+    if (memcmp(ctr, counter, AES_BLOCK_SIZE)) {
+        memset(p, 0, len);
+        return -1;
+    } else {
+        return 1;
+    }
+}

data/ext/siv/siv.h

@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) The Industrial Lounge, 2007
+ *
+ *  Copyright holder grants permission for redistribution and use in source 
+ *  and binary forms, with or without modification, provided that the 
+ *  following conditions are met:
+ *     1. Redistribution of source code must retain the above copyright
+ *        notice, this list of conditions, and the following disclaimer
+ *        in all source files.
+ *     2. Redistribution in binary form must retain the above copyright
+ *        notice, this list of conditions, and the following disclaimer
+ *        in the documentation and/or other materials provided with the
+ *        distribution.
+ *     3. All advertising materials and documentation mentioning features
+ *	  or use of this software must display the following acknowledgement:
+ *
+ *        "This product includes software written by
+ *         Dan Harkins (dharkins at lounge dot org)"
+ *
+ *  "DISCLAIMER OF LIABILITY
+ *  
+ *  THIS SOFTWARE IS PROVIDED BY THE INDUSTRIAL LOUNGE ``AS IS'' 
+ *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 
+ *  THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
+ *  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE INDUSTRIAL LOUNGE BE LIABLE
+ *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ *  DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
+ *  SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ *  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ *  LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ *  OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ *  SUCH DAMAGE."
+ *
+ * This license and distribution terms cannot be changed. In other words,
+ * this code cannot simply be copied and put under another distribution
+ * license (including the GNU public license).
+ */
+#ifndef _SIV_H_
+#define _SIV_H_
+
+#include <openssl/aes.h>
+
+#define AES_128_BYTES	16
+#define AES_192_BYTES	24
+#define AES_256_BYTES	32
+#define SIV_256         256
+#define SIV_384         384
+#define SIV_512         512
+
+typedef struct _siv_ctx {
+    unsigned char K1[AES_BLOCK_SIZE];
+    unsigned char K2[AES_BLOCK_SIZE];
+    unsigned char T[AES_BLOCK_SIZE];
+    unsigned char benchmark[AES_BLOCK_SIZE];
+    AES_KEY ctr_sched;
+    AES_KEY s2v_sched;
+} siv_ctx;
+
+/*
+ * exported APIs
+ */
+void aes_cmac (siv_ctx *, const unsigned char *, int, unsigned char *);
+int siv_init(siv_ctx *, const unsigned char *, int);
+void siv_reset(siv_ctx *);
+void s2v_benchmark(siv_ctx *);
+void s2v_add(siv_ctx *, const unsigned char *);
+void s2v_update(siv_ctx *, const unsigned char *, int);
+int s2v_final(siv_ctx *, const unsigned char *, int, unsigned char *);
+void siv_restart(siv_ctx *);
+void siv_aes_ctr(siv_ctx *, const unsigned char *, const int, unsigned char *, 
+                 const unsigned char *);
+int siv_encrypt (siv_ctx *ctx, const unsigned char *p, unsigned char *c,
+             const int len, unsigned char *counter,
+             const int nad, const int* adlens, const unsigned char** ads);
+int siv_decrypt(siv_ctx *, const unsigned char *, unsigned char *,
+                const int, unsigned char *,
+                const int nad, const int* adlens, const unsigned char** ads);
+
+#endif /* _SIV_H_ */

data/ext/siv/wrapper.c

@@ -0,0 +1,302 @@
+#include <ruby.h>
+#include "siv.h"
+
+// Convenience constant for unsigned char size
+const int SIV_UCHAR_SIZE = sizeof(unsigned char);
+
+// Top-level objects for the native extension
+static VALUE siv_rb;
+static VALUE siv_rb_cipher;
+
+/* 
+ * Initialize an SIV::Cipher object with a key.
+ * Performs basic length validation on the key.
+ */
+static VALUE siv_rb_initialize(VALUE self, VALUE key) {
+ 
+  int keyLen;
+  
+  // Replace key value with key.to_str
+  StringValue(key);
+  
+  // Get the key length as an int.
+  keyLen = RSTRING_LEN(key);
+  
+  // Make sure key is not empty
+  if (keyLen == 0) {
+    rb_raise(rb_eArgError, "Key must be non-empty.");
+  }
+  
+  // Make sure key is acceptable size
+  if (keyLen * 8 != SIV_256 &&
+      keyLen * 8 != SIV_384 &&
+      keyLen * 8 != SIV_512) {
+    rb_raise(rb_eArgError, "Supported key sizes are 256, 384 and 512 bits.");
+  }
+  
+  // Set key as instance variable
+  rb_iv_set(self, "@key", key);
+  
+  return self;
+  
+}
+
+/*
+ * Get an siv_ctx object for the current instance
+ * by fetching the @key instance variable, converting
+ * it to a byte array and feeding it into siv_init.
+ * Called by siv_rb_encrypt and siv_rb_decrypt.
+ *
+ * Returns 1 upon success, 0 upon failure.
+ */
+static int siv_rb_get_ctx(VALUE self, siv_ctx* ctx) {
+  
+  VALUE key; unsigned char* cKey; int cKeyLen;
+  
+  // Get the key instance variable
+  key = rb_iv_get(self, "@key");
+  
+  // Convert the key to a byte array
+  cKey = (unsigned char*) RSTRING_PTR(key);
+  cKeyLen = RSTRING_LEN(key);
+  
+  // Initialize the context with the key
+  if (siv_init(ctx, cKey, cKeyLen * 8) < 0) {
+    return 0;
+  }
+  
+  // Return 1 upon successful initialization
+  return 1;
+  
+}
+
+/*
+ * Get the associated data as an array of integer lengths
+ * and an array of unsigned char arrays representing data.
+ */
+static int siv_rb_get_associated(VALUE associated, int* cAdLensIn, unsigned char** cAdsIn) {
+  
+  // Reference to arguments
+  int cAdNum; int* cAdLens;
+  unsigned char** cAds;
+  
+  // Values for iterator
+  int i; VALUE adElement;
+  unsigned char* cAdElement;
+  int cAdElementLen;
+  
+  // Set the references to arguments.
+  cAdLens = cAdLensIn; cAds = cAdsIn;
+  
+  // Get the number of associated data items
+  cAdNum = (int) RARRAY_LEN(associated);
+  
+  // Iterate over each associated data
+  for (i = 0; i < cAdNum; i++) {
+
+    // Get an element in the Ruby array
+    adElement = rb_ary_entry(associated, (long) i);
+    
+    // Convert the Ruby string to bytes
+    StringValue(adElement);
+    cAdElement = (unsigned char*) RSTRING_PTR(adElement);
+    cAdElementLen = RSTRING_LEN(adElement);
+    
+    // Set the element length
+    cAdLens[i] = cAdElementLen;
+    
+    // Set the element data
+    if (cAdElementLen > 0) {
+    
+      cAds[i] = (unsigned char*) malloc(SIV_UCHAR_SIZE * cAdElementLen);
+      cAds[i] = cAdElement;
+    
+    }
+    
+  }
+  
+  // Return 1 to indicate success;
+  return 1;
+
+}
+
+/*
+ * Encrypt a plaintext and some associated data
+ */
+static VALUE siv_rb_encrypt(VALUE self, VALUE plaintext, VALUE associated) {
+  
+  // Holds the SIV context object.
+  siv_ctx ctx;
+  
+  // Input plaintext as byte array.
+  const unsigned char* cPlaintext;
+  
+  // Length of the input plaintext.
+  int cPlaintextLen;
+  
+  // Holds the SIV counter object.
+  unsigned char cCounter[AES_BLOCK_SIZE];
+  
+  // Holds the SIV ciphertext object.
+  unsigned char* cCiphertext;
+  
+  // Hold the parsed associated data.
+  int cAdNum; int* cAdLens; unsigned char** cAds;
+  
+  // For concatenation of IV with data.
+  unsigned char* cOutput;
+  int cOutputLen; int outputInd;
+  
+  // Get the SIV context based on the instance's key.
+  if (!siv_rb_get_ctx(self, &ctx)) {
+    rb_raise(rb_eRuntimeError, "Could not get SIV context");
+  }
+  
+  // Replace the plaintext with plaintext.to_str
+  StringValue(plaintext);
+  
+  // Convert the plaintext to a byte array.
+  cPlaintext = (const unsigned char*) RSTRING_PTR(plaintext);
+  
+  // Get the length of the plaintext as an int.
+  cPlaintextLen = RSTRING_LEN(plaintext);
+  
+  cAdNum = (int) RARRAY_LEN(associated);
+  cAdLens = (int *) malloc(sizeof(int) * cAdNum);
+  cAds = (unsigned char **) malloc(sizeof(unsigned char*) * cAdNum);
+  
+  // Get the parsed associated data values.
+  if (!siv_rb_get_associated(associated, cAdLens, cAds)) {
+    rb_raise(rb_eRuntimeError, "Could not get associated data");
+  }
+  
+  // Allocate space for the ciphertext.
+  cCiphertext = (unsigned char*) malloc(SIV_UCHAR_SIZE * cPlaintextLen);
+  
+  // Call siv_encrypt with all parameters.
+  if (siv_encrypt( &ctx, cPlaintext, cCiphertext,
+                  (const int) cPlaintextLen, cCounter,
+                  (const int) cAdNum, cAdLens, cAds) < 0) {
+    rb_raise(rb_eRuntimeError, "SIV encryption failed");
+  }
+  
+  // Prepend the IV (counter) to the ciphertext.
+  cOutputLen = cPlaintextLen + AES_BLOCK_SIZE;
+  cOutput = (unsigned char*) malloc(SIV_UCHAR_SIZE * cOutputLen);
+  
+  // Iterate through the output to prepend the iv.
+  for (outputInd = 0; outputInd < cOutputLen; ++outputInd) {
+    cOutput[outputInd] = (outputInd < AES_BLOCK_SIZE) ?
+    cCounter[outputInd] : cCiphertext[outputInd - AES_BLOCK_SIZE];
+  }
+  
+  // Free up dynamically allocated memory.
+  free(cAdLens); free(cAds); free(cCiphertext);
+  
+  // Return a new Ruby string with the resulting value.
+  return rb_str_new((const char*) cOutput, cOutputLen);
+  
+}
+
+static VALUE siv_rb_decrypt(VALUE self, VALUE ciphertext, VALUE associated) {
+  
+  siv_ctx ctx;
+  
+  // Holds the counter object bytes
+  unsigned char cCounter[AES_BLOCK_SIZE];
+  
+  // Holds the iv + ciphertext bytes
+  const unsigned char* cCiphertext;
+  int cCiphertextLen;
+  
+  // Holds the ciphertext-only bytes
+  unsigned char* cCiphertextTrunc;
+  int j; int cCiphertextTruncLen;
+  
+  // Receives the plaintext bytes
+  const unsigned char* cPlaintext;
+  
+  // Holds associated-data
+  int cAdNum; int* cAdLens;
+  unsigned char** cAds;
+  
+  // Get the SIV context with the key
+  if (!siv_rb_get_ctx(self, &ctx)) {
+    rb_raise(rb_eRuntimeError, "Could not get SIV context");
+  }
+  
+  // Get the ciphertext bytes and length
+  StringValue(ciphertext);
+  cCiphertext = (unsigned char*) RSTRING_PTR(ciphertext);
+  cCiphertextLen = RSTRING_LEN(ciphertext);
+  
+  // Truncate the IV (counter) off the ciphertext
+  cCiphertextTrunc = (unsigned char*) malloc(
+    SIV_UCHAR_SIZE * (cCiphertextLen - AES_BLOCK_SIZE));
+  cCiphertextTruncLen = cCiphertextLen - AES_BLOCK_SIZE;
+  
+  // Iterate through the ciphertext to truncate
+  for (j = 0; j < cCiphertextLen; j++) {
+    if (j < AES_BLOCK_SIZE) cCounter[j] = cCiphertext[j];
+    else cCiphertextTrunc[j - AES_BLOCK_SIZE] = cCiphertext[j];
+  }
+  
+  // Get the number of associated data items in the array.
+  cAdNum = (int) RARRAY_LEN(associated);
+  cAdLens = (int *) malloc(sizeof(int) * cAdNum);
+  cAds = (unsigned char **) malloc(sizeof(unsigned char*) * cAdNum);
+  
+  // Get the associated data lengths and data arrays
+  if (!siv_rb_get_associated(associated, cAdLens, cAds)) {
+    rb_raise(rb_eRuntimeError, "Could not get associated data");
+  }
+	
+	// Allocate space to receive the plaintext.
+  cPlaintext = (unsigned char*) malloc(SIV_UCHAR_SIZE * cCiphertextTruncLen);
+  
+  // Decrypt the ciphertext using SIV.
+  if (siv_decrypt(&ctx, cCiphertextTrunc, cPlaintext,
+      (const int) cCiphertextTruncLen, cCounter,
+      (const int) cAdNum, cAdLens, cAds) < 0) {
+    rb_raise(rb_eRuntimeError, "SIV decryption failed");
+  }
+  
+  // Free up dynamically allocated memory.
+  free(cAdLens); free(cAds); free(cCiphertextTrunc);
+  
+  // Build and return a Ruby string object with the plaintext
+  return rb_str_new((const char*) cPlaintext, cCiphertextTruncLen);
+  
+}
+
+/*
+ * Main wrapper for the SIV Ruby native extension.
+ */
+void Init_wrapper(void) {
+  
+  // Define the top-level module
+	siv_rb = rb_define_module("SIV");
+	
+	// Define the cipher class
+	siv_rb_cipher = rb_define_class_under(siv_rb, "Cipher", rb_cObject);
+	
+	// Define the implemented methods.
+	rb_define_method(siv_rb_cipher, "initialize", siv_rb_initialize, 1);
+	rb_define_method(siv_rb_cipher, "encrypt_native", siv_rb_encrypt, 2);
+	rb_define_method(siv_rb_cipher, "decrypt_native", siv_rb_decrypt, 2);
+	
+  return;
+	
+}
+
+/*
+Debug helper method to print byte arrays in hex format.
+
+void print_hex(const char* header, const unsigned char *bytes, int len) {
+  
+  int i = 0; printf("\n%s (%d): ", header, len);
+  for (i = 0; i < len; ++i) printf("%x", bytes[i]);
+  printf("\n");
+  
+}
+*/

data/lib/siv-rb.rb

@@ -0,0 +1,18 @@
+require 'siv-rb/wrapper'
+require 'siv-rb/version'
+
+module SIV
+  
+  class Cipher
+    
+    def encrypt(pt, ad = [])
+      encrypt_native(pt, ad)
+    end
+    
+    def decrypt(ct, ad = [])
+      decrypt_native(ct, ad)
+    end
+    
+  end
+  
+end

data/lib/siv-rb/version.rb

@@ -0,0 +1,3 @@
+module SIV
+  VERSION = '0.0.1'
+end

metadata

@@ -0,0 +1,86 @@
+--- !ruby/object:Gem::Specification
+name: siv-rb
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Louis Mullie
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-04-29 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.12.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.12.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: ! ' Ruby C extension for the AES-SIV deterministic authenticated encryption
+  mode. '
+email:
+- louis.mullie@gmail.com
+executables: []
+extensions:
+- ext/siv/extconf.rb
+extra_rdoc_files: []
+files:
+- lib/siv-rb/version.rb
+- lib/siv-rb.rb
+- ext/siv/siv.c
+- ext/siv/wrapper.c
+- ext/siv/aes_locl.h
+- ext/siv/siv.h
+- ext/siv/extconf.rb
+homepage: https://github.com/cryodex/siv-rb
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.25
+signing_key: 
+specification_version: 3
+summary: Ruby C extension for the AES-SIV deterministic authenticated encryption mode.
+test_files: []