smaak 0.2.1 → 0.2.2

data/lib/smaak/crypto.rb

@@ -7,7 +7,7 @@ module Smaak
     end
 
     def self.generate_nonce
-      SecureRandom::random_number(10000000000)
+      SecureRandom.random_number(10000000000)
     end
 
     def self.encode64(data)
@@ -20,7 +20,7 @@ module Smaak
 
     def self.sign_data(data, private_key)
       digest = OpenSSL::Digest::SHA256.new
-      private_key.sign(digest, Smaak::Crypto::encode64(data))
+      private_key.sign(digest, Smaak::Crypto.encode64(data))
     end
 
     def self.verify_signature(signature, data, public_key)

data/lib/smaak/server.rb

@@ -31,23 +31,87 @@ module Smaak
     end
 
     def build_auth_message_from_request(adaptor)
-      puts "[smaak error]: x-smaak-* headers not all present. Is this a smaak request?" if adaptor.header("x-smaak-recipient").nil? or adaptor.header("x-smaak-psk").nil? or adaptor.header("x-smaak-expires").nil? or adaptor.header("x-smaak-identifier").nil? or adaptor.header("x-smaak-nonce").nil? or adaptor.header("x-smaak-encrypt").nil?
-      recipient_public_key = Smaak::Crypto::decode64(adaptor.header("x-smaak-recipient"))
+      puts "[smaak error]: x-smaak-* headers not all present. Is this a smaak request?" unless smaak_headers_all_present?(adaptor)
+      recipient_public_key = Smaak::Crypto.decode64(adaptor.header("x-smaak-recipient"))
       psk = adaptor.header("x-smaak-psk")
       expires = adaptor.header("x-smaak-expires")
       identifier = adaptor.header("x-smaak-identifier")
       route_info = adaptor.header("x-smaak-route-info")
       nonce = adaptor.header("x-smaak-nonce")
       encrypt = adaptor.header("x-smaak-encrypt")
-      auth_message = Smaak::AuthMessage.build(recipient_public_key, psk, expires, identifier, route_info, nonce, encrypt)
+      Smaak::AuthMessage.build(recipient_public_key, psk, expires, identifier, route_info, nonce, encrypt)
     end
 
     def verify_auth_message(auth_message)
-      if not auth_message_unique?(auth_message)
+      return false unless verify_message_characteristics?(auth_message)
+      identifier = auth_message.identifier
+      verify_association_characteristics?(auth_message, identifier)
+    end
+
+    def verify_signed_request(request)
+      adaptor = Smaak.create_adaptor(request)
+      auth_message = build_auth_message_from_request(adaptor)
+      unless verify_auth_message(auth_message)
+        puts "[smaak error]: could not verify auth_message"
+        return false
+      end
+      pubkey = @association_store[auth_message.identifier]['public_key']
+      puts "[smaak warning]: pubkey not specified" if (pubkey.nil?) or (pubkey == "")
+      body = Smaak::Crypto.sink(adaptor.body)
+      body = Smaak::Crypto.decrypt(body, @private_key) if auth_message.encrypt
+      unless Smaak.verify_authorization_headers(adaptor, pubkey)
+        puts "[smaak error]: could not verify authorization headers"
+        return false, nil
+      end
+      return auth_message, body # TBD return ID from cert
+    end
+
+    def compile_response(auth_message, data)
+      return Smaak::Crypto.encrypt(data, @association_store[auth_message.identifier]['public_key']) if auth_message.encrypt
+      data
+    end
+
+    private
+
+    def verify_message_characteristics?(auth_message)
+      verify_unique?(auth_message) and
+      verify_public_key? and
+      verify_intended_recipient?(auth_message)
+    end
+
+    def verify_association_characteristics?(auth_message, identifier)
+      verify_associate?(identifier) and
+      verify_expiry?(auth_message) and
+      verify_psk?(auth_message, identifier)
+    end
+
+    def smaak_headers_all_present?(adaptor)
+      not 
+       (adaptor.header("x-smaak-recipient").nil? or
+        adaptor.header("x-smaak-psk").nil? or
+        adaptor.header("x-smaak-expires").nil? or
+        adaptor.header("x-smaak-identifier").nil? or
+        adaptor.header("x-smaak-nonce").nil? or
+        adaptor.header("x-smaak-encrypt").nil?)
+    end
+
+    def verify_unique?(auth_message)
+      unless auth_message_unique?(auth_message)
         puts "[smaak error]: message not unique"
         return false
       end
-      puts "[smaak error]: public key not set. Did you call set_public_key() ?" if @key.nil?
+      true
+    end
+
+    def verify_public_key?
+      if @key.nil? 
+        puts "[smaak error]: public key not set. Did you call set_public_key() ?" 
+        return false
+      end
+      true
+    end
+
+    def verify_intended_recipient?(auth_message)
       if (@verify_recipient) and (not auth_message.intended_for_recipient?(@key.export))
         puts "[smaak error]: message not intended for this recipient"
         return false
@@ -56,49 +120,37 @@ module Smaak
       #  if auth_message.router_info
       #    verified = auth_message.intended_for_recipient?(@association_store[auth_message.router_info])
       #  end
-      #  if not verified
+      #  unless verified
       #    puts "[smaak error]: message not intended for this recipient"
       #    return false
       #  end
       end
-      identifier = auth_message.identifier
+      true
+    end
+
+    def verify_associate?(identifier)
       if @association_store[identifier].nil?
         puts "[smaak error]: unknown associate #{identifier}"
         return false
       end
+      true
+    end
+
+    def verify_expiry?(auth_message)
       if auth_message.expired?
         puts "[smaak error]: message expired. Are the sender and receiver's clocks in sync?"
         return false
       end
-      psk = @association_store[identifier]['psk']
-      if not auth_message.verify(psk)
-        puts "[smaak error]: PSK mismatch"
-        return false
-      end
       true
     end
 
-    def verify_signed_request(request)
-      adaptor = Smaak::create_adaptor(request)
-      auth_message = build_auth_message_from_request(adaptor)
-      if not verify_auth_message(auth_message)
-        puts "[smaak error]: could not verify auth_message"
+    def verify_psk?(auth_message, identifier)
+      psk = @association_store[identifier]['psk']
+      unless auth_message.verify(psk)
+        puts "[smaak error]: PSK mismatch"
         return false
       end
-      pubkey = @association_store[auth_message.identifier]['public_key']
-      puts "[smaak warning]: pubkey not specified" if (pubkey.nil?) or (pubkey == "")
-      body = Smaak::Crypto::sink(adaptor.body)
-      body = Smaak::Crypto::decrypt(body, @private_key) if auth_message.encrypt
-      if not Smaak::verify_authorization_headers(adaptor, pubkey)
-        puts "[smaak error]: could not verify authorization headers"
-        return false, nil
-      end
-      return auth_message, body # TBD return ID from cert
-    end
-
-    def compile_response(auth_message, data)
-      return Smaak::Crypto::encrypt(data, @association_store[auth_message.identifier]['public_key']) if auth_message.encrypt
-      data
+      true
     end
   end
 end

data/lib/smaak/smaak_service.rb

@@ -21,7 +21,7 @@ module Smaak
       configure_services(configuration)
     end
 
-    def configure_services(configuration = nil)
+    def configure_services(_configuration = nil)
       # @smaak_server.set_public_key(File.read('/service-provider-pub.pem'))
       # @smaak_server.add_association('service-client-01', File.read('service-client-01-public.pem'), 'pre-shared-key')
     end

data/lib/smaak/utils.rb

@@ -2,7 +2,7 @@ module Smaak
   class Utils
     def self.non_blank_string?(s)
       return false if s.nil?
-      return false if not s.is_a? String
+      return false unless s.is_a? String
       return false if s.strip == ""
       return true
     end

data/lib/smaak/version.rb

@@ -1,3 +1,3 @@
 module Smaak
-  VERSION = "0.2.1"
+  VERSION = "0.2.2"
 end

data/smaak.gemspec

@@ -23,8 +23,9 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "bundler", "~> 1.3"
   spec.add_development_dependency "rake", "~> 10.5.0"
   spec.add_development_dependency "byebug"
-  spec.add_development_dependency 'simplecov', "~> 0.11.1"
-  spec.add_development_dependency 'simplecov-rcov', "~> 0.2.3"
+  spec.add_development_dependency 'coveralls'
+#  spec.add_development_dependency 'simplecov', "~> 0.11.1"
+#  spec.add_development_dependency 'simplecov-rcov', "~> 0.2.3"
   spec.add_development_dependency 'rspec', "~> 3.4.0"
   spec.add_development_dependency 'rack', "~> 1.6.4"
 end

data/spec/lib/smaak/adaptors/net_http_adaptor_spec.rb

@@ -58,17 +58,17 @@ describe Smaak::NetHttpAdaptor do
         one = true if header == "one" and value == "1"
         two = true if header == "two" and value == "2"
       end
-      expect(count).to eq(5) #some default headers come with a vanilla request
+      expect(count).to eq(5) # some default headers come with a vanilla request
       expect(one).to eq(true)
       expect(two).to eq(true)
     end
 
     it "should not iterate any headers if there are no headers set" do
       count = 0
-      @iut.each_header do |header, value|
+      @iut.each_header do |_header, _value|
         count = count + 1
       end
-      expect(count).to eq(3) #some default headers come with a vanilla request
+      expect(count).to eq(3) # some default headers come with a vanilla request
     end
   end
 

data/spec/lib/smaak/auth_message_spec.rb

@@ -17,7 +17,7 @@ describe Smaak::AuthMessage do
 
   before :each do
     @test_expires = Time.now.to_i + @test_token_life
-    @iut = Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, @test_encrypt)
+    @iut = Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto.obfuscate_psk(@test_psk), @test_recipient, @test_encrypt)
   end
 
   context "when initialized" do
@@ -76,7 +76,7 @@ describe Smaak::AuthMessage do
     end
 
     it "should remember the psk provided" do
-      expect(@iut.psk).to eq(Smaak::Crypto::obfuscate_psk(@test_psk))
+      expect(@iut.psk).to eq(Smaak::Crypto.obfuscate_psk(@test_psk))
     end
 
     it "should remember the recipient provided" do
@@ -88,23 +88,23 @@ describe Smaak::AuthMessage do
     end
 
     it "should translate the encrypt parameter from string to boolean" do
-      iut = Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, false)
+      iut = Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto.obfuscate_psk(@test_psk), @test_recipient, false)
       expect(iut.encrypt).to eq(false)
       
-      iut = Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, true)
+      iut = Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto.obfuscate_psk(@test_psk), @test_recipient, true)
       expect(iut.encrypt).to eq(true)
       
-      iut = Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, "false")
+      iut = Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto.obfuscate_psk(@test_psk), @test_recipient, "false")
       expect(iut.encrypt).to eq(false)
       
-      iut = Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, "true")
+      iut = Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto.obfuscate_psk(@test_psk), @test_recipient, "true")
       expect(iut.encrypt).to eq(true)
     end
   end
 
   context "when asked if it has expired" do
     it "should return true if the current timestamp exceeds that of the message expiry" do
-      iut = Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, Time.now - 1, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, false)
+      iut = Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, Time.now - 1, Smaak::Crypto.obfuscate_psk(@test_psk), @test_recipient, false)
       expect(iut.expired?).to eq(true)
     end
 
@@ -141,7 +141,7 @@ describe Smaak::AuthMessage do
   context "when asked to verify the message" do
     it "should try and match the PSK and return false if it cannot" do
       expect(@iut).to(receive(:psk_match?)).and_return(false)
-      expect(@iut.verify(Smaak::Crypto::obfuscate_psk(@test_psk))).to eq(false)
+      expect(@iut.verify(Smaak::Crypto.obfuscate_psk(@test_psk))).to eq(false)
     end
 
     it "should return true if the message was successfully verified" do
@@ -152,15 +152,15 @@ describe Smaak::AuthMessage do
   context "when asked to create an AuthMessage from scratch" do
     it "should initialize with the recipient_public_key, psk, expires, identifier, nonce, encrypt provided, calculating expiry, generating a nonce, and obfuscating the PSK" do
       allow(Smaak::Crypto).to receive(:generate_nonce).and_return(@test_nonce)
-      expect(Smaak::AuthMessage).to receive(:new).with(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, @test_encrypt)
+      expect(Smaak::AuthMessage).to receive(:new).with(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto.obfuscate_psk(@test_psk), @test_recipient, @test_encrypt)
       Smaak::AuthMessage.create(@test_recipient, @test_psk, @test_token_life, @test_identifier, @test_route_info, @test_encrypt)
     end
   end
 
   context "when asked to build an AuthMessage from existing data" do
     it "should initialize with the recipient_public_key, psk, expires, identifier, nonce, encrypt provided" do
-      expect(Smaak::AuthMessage).to receive(:new).with(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, @test_encrypt)
-      Smaak::AuthMessage.build(@test_recipient, Smaak::Crypto::obfuscate_psk(@test_psk), @test_expires, @test_identifier, @test_route_info, @test_nonce, @test_encrypt)
+      expect(Smaak::AuthMessage).to receive(:new).with(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto.obfuscate_psk(@test_psk), @test_recipient, @test_encrypt)
+      Smaak::AuthMessage.build(@test_recipient, Smaak::Crypto.obfuscate_psk(@test_psk), @test_expires, @test_identifier, @test_route_info, @test_nonce, @test_encrypt)
     end
   end
 end

data/spec/lib/smaak/cavage_04_spec.rb

@@ -21,7 +21,7 @@ describe Smaak::Cavage04 do
       @test_route_info = 'identifier'
       @test_recipient = @test_server_public_key.export
       @test_encrypt = true
-      @auth_message = Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, @test_encrypt)
+      @auth_message = Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto.obfuscate_psk(@test_psk), @test_recipient, @test_encrypt)
     end
 
     context "as a specification implementation" do
@@ -31,14 +31,14 @@ describe Smaak::Cavage04 do
       end
 
       it "should provide a list of headers to be signed" do
-        expect(Smaak::Cavage04::headers_to_be_signed.include? "host").to eq(true)
-        expect(Smaak::Cavage04::headers_to_be_signed.include? "date").to eq(true)
-        expect(Smaak::Cavage04::headers_to_be_signed.include? "digest").to eq(true)
-        expect(Smaak::Cavage04::headers_to_be_signed.include? "content-length").to eq(true)
+        expect(Smaak::Cavage04.headers_to_be_signed.include? "host").to eq(true)
+        expect(Smaak::Cavage04.headers_to_be_signed.include? "date").to eq(true)
+        expect(Smaak::Cavage04.headers_to_be_signed.include? "digest").to eq(true)
+        expect(Smaak::Cavage04.headers_to_be_signed.include? "content-length").to eq(true)
       end
 
       it "should indicate that the specification specific header (request-target) is to be signed" do
-        expect(Smaak::Cavage04::headers_to_be_signed.include? "(request-target)").to eq(true)
+        expect(Smaak::Cavage04.headers_to_be_signed.include? "(request-target)").to eq(true)
       end
     end
 
@@ -54,10 +54,10 @@ describe Smaak::Cavage04 do
       end
 
       it "should set its headers to be signed to that of the specification and that of Smaak" do
-        Smaak::Cavage04::headers_to_be_signed.each do |header|
+        Smaak::Cavage04.headers_to_be_signed.each do |header|
           expect(@iut.headers_to_be_signed.include? header).to eq(true)
         end
-        Smaak::headers_to_be_signed.each do |header|
+        Smaak.headers_to_be_signed.each do |header|
           expect(@iut.headers_to_be_signed.include? header).to eq(true)
         end
       end
@@ -217,7 +217,7 @@ describe Smaak::Cavage04 do
       end
 
       it "should return the signature headers in the order expressed in the signature, so that signature verification can succeed" do
-        #host date digest x-smaak-recipient x-smaak-identifier x-smaak-route-info x-smaak-psk x-smaak-expires x-smaak-nonce x-smaak-encrypt content-length
+        # host date digest x-smaak-recipient x-smaak-identifier x-smaak-route-info x-smaak-psk x-smaak-expires x-smaak-nonce x-smaak-encrypt content-length
         expect(@iut.extract_signature_headers).to eq(\
 "(request-target): post /secure-service\nhost: service-provider-internal\ndate: 2015-06-23 13:40:07 GMT\ndigest: SHA-256=748957b58cc24d2bb9eb8f9c468571712a14f6a89ce936c0fb2d3c5016e4dbdc\nx-smaak-recipient: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUFxL2tiYjdBNWllQWV1WlBBVnI3MAo5cjl1TkFzc2dmYkdjeGMzZTc3RDNndkY4U2tzbURNQmQyTUt5TUh0ZjBrM1pqSVdZemJJVG5jQXM1Nnd4cmRSClhiVHpIZnhjMll1dDMwd0ljR2YvUVk4ZTJXNmdMWko4aVM3MXlYb0JQNFpEc2lLSXd4ajFsenYyVFlXWnNSL3EKd28xSzBxZ1NzOXJJVEVkWDVqampycHBYWTdobHNPMGVKQ2JBRG0weEtnU1hMcFQycnJzUnJ2OFllRXFvZTRMaQpDOFd6RjZZRlh1U3RHR1E4SXlxbjdPaTN5aVU2WFc3OTl2cFpIeHJlaERYaytDalZuU0ZXWkVPUHg3cENpam9SCnlXb0gyUmR6QVpQczdVdVJWOUdGWWFQeHRudmttNVdVZDVTdWVCNlMxT2E4dVZ3UnpyeXl6WkRjdG0xdWs1VjIKUE0zLzFqbFJMbFJzTWxSeHdZUDRzaFMzVlhjTkdGYjkvbzkvTjkzbitKZUFpSGd4YU5pQjN6YVV0a05XWWs0Vgozang2d0psTythOUNxdGJJeXg2ZzdyTHhOanVqRFpRZTZGcUdsMzVkVDR5MHA2UmVuUWQ4b1p5aWw3dlpqSkJaCjluTWRJblMyU05wWUZFclBsb25rdXNZKzZsam9TbFNLMXVSRmd2S3dzeGE3RmROMXZWSnRJQk9qdVJzSk9DaHYKOTB2K0ZEQWwxSnNZVUNPUnByUmtMWXB2TWI4Q1BZaUlzb3JmTUdKNnI3NktYUEIzRS9xejRmaWJ1UmZVeWJxMgp5eGxRTVJKb216d1BPemUrbWRQUU5Hd3VTTjU0VnByYXhoNGFpcWtaUVBsSWpRb1dFaFVKRWxMb0NtQXZ4TmtxCmRBcVZJMXZ3cS9FRXFBTEh3amJKRXIwQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=\nx-smaak-identifier: service-provider-public\nx-smaak-route-info: \nx-smaak-psk: 917e5f9bcf6d7c20a338d8a39bbf79ef\nx-smaak-expires: 1435066809\nx-smaak-nonce: 6457661831\nx-smaak-encrypt: false\ncontent-length: 25")
       end

data/spec/lib/smaak/crypto_spec.rb

@@ -4,7 +4,7 @@ describe Smaak::Crypto do
   before :all do
     @private_key = OpenSSL::PKey::RSA.new(4096)
     @data = {'a' => 'B'}.to_json
-    @bdata = Base64::strict_encode64(@data)
+    @bdata = Base64.strict_encode64(@data)
     @digest = OpenSSL::Digest::SHA256.new
     @signature = @private_key.sign(@digest, @bdata)
     @public_key = @private_key.public_key
@@ -12,22 +12,22 @@ describe Smaak::Crypto do
 
   context "when asked to obfuscate a clear-text psk" do
     it "should reverse the psk and apply an MD5 hexadecimal digest to the result" do
-      expect(Smaak::Crypto::obfuscate_psk('sharedsecret')).to eq(Digest::MD5.hexdigest('sharedsecret'.reverse))
+      expect(Smaak::Crypto.obfuscate_psk('sharedsecret')).to eq(Digest::MD5.hexdigest('sharedsecret'.reverse))
     end
   end
 
   context "when asked to generate a nonce" do
     it "should generate a random nonce with at most 1 in a ten billion probability of a consecutive clash" do
       expect(SecureRandom).to receive(:random_number).with(10000000000)
-      Smaak::Crypto::generate_nonce
+      Smaak::Crypto.generate_nonce
     end
 
     it "should generate a different nonce every time with high probability (less than 1 in 10000) given a history of 1000000 nonces" do
       repeat = {}
       failed = 0
       threshold = 1000000
-      for i in 1..threshold do
-        value = Smaak::Crypto::generate_nonce
+      threshold.times do
+        value = Smaak::Crypto.generate_nonce
         failed = failed + 1 if repeat[value] == 1
         repeat[value] = 1
       end
@@ -40,47 +40,47 @@ describe Smaak::Crypto do
   context "when asked to encode data using base 64" do
     it "should encode the data without newlines or line feeds using base 64 (strict)" do
       data = "some data"
-      expect(Smaak::Crypto::encode64(data)).to eq(Base64.strict_encode64(data))
+      expect(Smaak::Crypto.encode64(data)).to eq(Base64.strict_encode64(data))
     end
   end
 
   context "when asked to decode data using base 64" do
     it "should decode the data using base 64 (strict)" do
-      expect(Smaak::Crypto::decode64(Base64.strict_encode64("some data"))).to eq("some data")
+      expect(Smaak::Crypto.decode64(Base64.strict_encode64("some data"))).to eq("some data")
     end
   end
 
   context "when asked to sign data given a private key" do
     it "should sign a strict Base64 representation of the data with the key using a 256 bit SHA digest" do
-      expect(Smaak::Crypto::sign_data(@data, @private_key)).to eq(@signature)
+      expect(Smaak::Crypto.sign_data(@data, @private_key)).to eq(@signature)
     end
   end
 
   context "when asked to verify a signature given data and a public key" do
     it "should verify using a 256 bit SHA digest" do
       expect(OpenSSL::Digest::SHA256).to receive(:new).and_return(@digest)
-      Smaak::Crypto::verify_signature(@signature, @bdata, @public_key)
+      Smaak::Crypto.verify_signature(@signature, @bdata, @public_key)
     end 
 
     it "should return true when the signature is verified by the public key" do
-      expect(Smaak::Crypto::verify_signature(@signature, @bdata, @public_key)).to eq(true)
+      expect(Smaak::Crypto.verify_signature(@signature, @bdata, @public_key)).to eq(true)
     end
 
     it "should return false when the signature cannot be verified by the public key" do
       other_key = OpenSSL::PKey::RSA.new(4096).public_key
-      expect(Smaak::Crypto::verify_signature(@signature, @bdata, other_key)).to eq(false)
+      expect(Smaak::Crypto.verify_signature(@signature, @bdata, other_key)).to eq(false)
     end
   end
 
   context "when asked to encrypt data given a public key" do
     it "should return a base64 representation of the data encrypted with the public key" do
-      expect(@private_key.private_decrypt(Base64.strict_decode64(Smaak::Crypto::encrypt(@data, @public_key)))).to eq(@data)
+      expect(@private_key.private_decrypt(Base64.strict_decode64(Smaak::Crypto.encrypt(@data, @public_key)))).to eq(@data)
     end
   end
 
   context "when asked to decrypt encrypted data given a private key" do
     it "should return a decryption using the private key of a base64 decode of the data" do
-      expect(Smaak::Crypto::decrypt(Base64.strict_encode64(@public_key.public_encrypt(@data)), @private_key)).to eq(@data)
+      expect(Smaak::Crypto.decrypt(Base64.strict_encode64(@public_key.public_encrypt(@data)), @private_key)).to eq(@data)
     end
   end
 
@@ -88,7 +88,7 @@ describe Smaak::Crypto do
     it "should sink all data from the stream, collating when nil is read" do
       mock_stream = double(Object)
       allow(mock_stream).to receive(:gets).and_return("a", "b", nil)
-      expect(Smaak::Crypto::sink(mock_stream)).to eq("ab")
+      expect(Smaak::Crypto.sink(mock_stream)).to eq("ab")
     end
   end
 end