sodium 0.0.0 → 0.5.0

data/lib/sodium/sign.rb

@@ -0,0 +1,75 @@
+require 'sodium'
+
+class Sodium::Sign
+  include Sodium::Delegate
+
+  def self.keypair
+    public_key = Sodium::Buffer.empty self.implementation[:PUBLICKEYBYTES]
+    secret_key = Sodium::Buffer.empty self.implementation[:SECRETKEYBYTES]
+
+    self.implementation.nacl_keypair(
+      public_key.to_str,
+      secret_key.to_str
+    ) or raise Sodium::CryptoError, 'failed to generate a keypair'
+
+    return secret_key, public_key
+  end
+
+  def self.verify(key, message, signature)
+    key       = self._public_key(key)
+    signature = self._signature(message, signature)
+    message   = Sodium::Buffer.empty(signature.bytesize)
+    mlen      = FFI::MemoryPointer.new(:ulong_long, 1, true)
+
+    self.implementation.nacl_open(
+      message.to_str,
+      mlen,
+      signature.to_str,
+      signature.to_str.bytesize,
+      key.to_str
+    )
+  end
+
+  def initialize(key)
+    @key = self.class._secret_key(key)
+  end
+
+  def sign(message)
+    message   = self.class._message(message)
+    signature = Sodium::Buffer.empty(message.bytesize + self.implementation[:BYTES])
+    slen      = FFI::MemoryPointer.new(:ulong_long, 1, true)
+
+    self.implementation.nacl(
+      signature.to_str,
+      slen,
+      message.to_str,
+      message.to_str.bytesize,
+      @key.to_str
+    ) or raise Sodium::CryptoError, 'failed to generate signature'
+
+    # signatures actually encode the message itself at the end, so we
+    # slice off only the signature bytes
+    signature.byteslice(
+      0,
+      slen.read_ulong_long - message.to_str.bytesize
+    )
+  end
+
+  private
+
+  def self._public_key(k)
+    Sodium::Buffer.new k, self.implementation[:PUBLICKEYBYTES]
+  end
+
+  def self._secret_key(k)
+    Sodium::Buffer.new k, self.implementation[:SECRETKEYBYTES]
+  end
+
+  def self._message(m)
+    Sodium::Buffer.new m
+  end
+
+  def self._signature(m, s)
+    Sodium::Buffer.new(s) + m
+  end
+end

data/lib/sodium/version.rb

@@ -0,0 +1,5 @@
+require 'version'
+
+module Sodium
+  is_versioned
+end

data/sodium.gemspec

@@ -1,17 +1,23 @@
 Gem::Specification.new do |gem|
   gem.name    = 'sodium'
-  gem.version = '0.0.0'
+  gem.version = File.read('VERSION') rescue '0.0.0'
 
   gem.author = 'Stephen Touset'
   gem.email  = 'stephen@touset.org'
 
   gem.homepage    = 'https://github.com/stouset/sodium'
-  gem.summary     = %{TBD}
-  gem.description = %{TBD}
+  gem.summary     = 'A Ruby binding to the easy-to-use high-speed crypto library libsodium'
+  gem.description = 'A library for performing cryptography based on modern ciphers and protocols'
 
   gem.bindir      = 'bin'
   gem.files       = `git ls-files`            .split("\n")
   gem.extensions  = `git ls-files -- ext/*.rb`.split("\n")
   gem.executables = `git ls-files -- bin/*`   .split("\n").map {|e| File.basename(e) }
   gem.test_files  = `git ls-files -- spec/*`  .split("\n")
+
+  gem.add_dependency 'ffi', '~> 1'
+
+  gem.add_development_dependency 'rake',     '~> 10'
+  gem.add_development_dependency 'minitest', '~> 5'
+  gem.add_development_dependency 'version',  '~> 1'
 end

data/sodium.pub.gpg

@@ -0,0 +1,37 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.13 (Darwin)
+
+mQENBFGujbABCACtPMrS6tCS6CVeIj3S9DTfq68DZy9LnesKgwZVugajsAhpE22P
+SOsguveQzdtkCJ8bEScXwXBBs/9AdWGIbTedZ0dq0MWpbzxgv+juxwdi6RML+2Ph
+vePWi7wob492/er+ochVskii74BsRkol6T0z5cVjyg8JBy1IhKhMXcicZT+qIbrt
+HO5K+5H7x4Bw1KSnQB7fbp5XMp2p4lzrqF8dFtyjSxz7dYFhDNWFGO7Il25aVlHW
+8+Z+uaSol418Syl7529C+EtyU4wT1ee1bIlog9tDecjoGaQ9BYcsE9Kv7c/T44DG
+yA1GjRi5JqLKFQ59j2C5YtLtffhksmsFyO6/ABEBAAG0KFNvZGl1bSBTZWN1cml0
+eSBUZWFtIDxzb2RpdW1AdG91c2V0Lm9yZz6JAT4EEwECACgFAlGujbACGwMFCQlm
+AYAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEMlH9Yv/zuDXYngH/02+4btH
+Ele6LK6+j8RdvWb8wEzQXRu4u2CVuKbeVAcDtKPQlyYs4XKVmsOwngAeb1IUF4YT
+lrmsIonb3Hx9ZYMlLa2P+KlGZQO044T79m3U/tP8dpdeuqGy99272y12wYAjTX3m
+Rfo/o7R8bEHvJwp1PWliypeJhifoej9pjyzhoPp+YJmLpZvosnzcYCyNtymqIJlA
+S9tnXTP+27gb6Y/VYx4inbDM/09PiziLVtUiN3AMExe1knqFU24IB3AzgfRi7XlM
+VLrusU6lICjtuAqPaPqCDxognGp+rn1bU2Uck9hQVEtNwBm/4x37LULn9V8x8f4K
+cRvnS5i3LE45eLiJARwEEAECAAYFAlGujnEACgkQLuw5kw0rXao+Wwf/Xr6pmAbn
+EOkhHz+wGlx9jnxEKcNzEAfKaTZYK/Jwt4jVDOWcSGTxYnRoZTxkqRLsF7zRVc5K
+BivGbdPLw2oxNbQlBLA45KHkiaaSuM0jH65p/IlDGo8QCpWH1KChDsHoktb8EFKi
+Z2WdFy1TzYow/hwLWv18YEkGlMKtify4MW8VsJ50FCfJufQ/WrnLydXouU/lzJrl
+82Ol5KUeW55I8Diz5TShq3qAeosndlb0wAPtr+zakWrLgSnR4bdsOVQBjV9vEVPI
+AG60Hp47I852E7pVTIqB1koyb/fZg+1Y4QScSWGrhxITgB/Rv6/01tRl/bZfpDJT
+rT6EYoLcGUrfw7kBDQRRro2wAQgA67JMeMXXPmN98WW8e4sbrp1POW9543EJe+55
+FpOnaPu2JPG7uBPKE2QFRTku7ZlRW4O5qaD+dESw00AGm6oJh1HYeFWmlUhPMUwe
+dUldtuZG3R1WsULyAGR+f6uePOXgvoTa1ENH471r0ikBDNyWNbl+xM4emEl5V3xm
+jpKwn5sM0lv4O324dNewn6YR3aGczIKAXjoJo1xgi3NoW6BvBi1UVND6NaTriK8s
+xeZZ4jnFcr/g7bdkiwc5lpfq74o0j3VCSRkNOe2CfY3M5C/qnxEO7BVITyPyQoJn
+KvR40zdQXjnCDFecfLLW/j/SXzHYR/+MK27dcH0km8y1dPWcnwARAQABiQElBBgB
+AgAPBQJRro2wAhsMBQkJZgGAAAoJEMlH9Yv/zuDXe4EIAKx3nGifGQLCTFQFOyyO
+hnXbviimTq4xf8oEP5Qe4aJJ56VhA/pfcRwAQO/36bMKPaRT2SPo8L3+fqQHJGxb
+sUJCUWGESUdsTRPlXG3b+SUOTEWW7tEd67l1FUOlGfL1lDc7NTuWTAF39id+nlg7
+Rsdk+ZA+8apKcgBk0eNg4K4dhJJjAdLQBql33SVd6EvicOsdEr70kMMcPjI0xQL5
+sD6jNU3R9c0g0qaFMZH3RefDTOfIvJOzvsFSsAjJdCoEbG2dJIlZEeH2mFjpUwST
+sTRaUyAuefoUIrhUsTGTYgfVBLQvv456le6mtf9YjDYfY3fnlx80F+h+iMn0Vq0A
+4AA=
+=JlbY
+-----END PGP PUBLIC KEY BLOCK-----

data/tasks/libsodium.rake

@@ -0,0 +1,70 @@
+require 'rake/clean'
+
+require 'rbconfig'
+require 'digest/sha2'
+
+
+LIBSODIUM_MIRROR  = ENV['LIBSODIUM_MIRROR']  || "https://github.com/jedisct1/libsodium/tarball/%s"
+LIBSODIUM_VERSION = ENV['LIBSODIUM_VERSION'] || 'master'
+LIBSODIUM_DIGEST  = ENV['LIBSODIUM_DIGEST']  || nil
+
+LIBSODIUM_URL       = LIBSODIUM_MIRROR % LIBSODIUM_VERSION
+LIBSODIUM_PATH      = "libsodium-#{LIBSODIUM_VERSION}"
+LIBSODIUM_TARBALL   = "build/#{LIBSODIUM_PATH}.tar.gz"
+LIBSODIUM_BUILD     = "build/#{LIBSODIUM_PATH}"
+LIBSODIUM_LIBDIR    = "#{LIBSODIUM_BUILD}/src/libsodium/.libs"
+LIBSODIUM_LIB       = "libsodium.a"
+LIBSODIUM           = "#{LIBSODIUM_LIBDIR}/#{LIBSODIUM_LIB}"
+
+namespace :libsodium do
+  directory LIBSODIUM_BUILD
+
+  file LIBSODIUM_TARBALL => LIBSODIUM_BUILD do
+    sh %{curl -L -o #{LIBSODIUM_TARBALL} #{LIBSODIUM_URL}}
+
+    next if LIBSODIUM_DIGEST.nil?
+    next if LIBSODIUM_DIGEST == Digest::SHA256.hexdigest(
+      File.read(LIBSODIUM_TARBALL)
+    )
+
+    rm LIBSODIUM_TARBALL
+    raise "#{LIBSODIUM_TARBALL} failed checksum"
+  end
+
+  file "#{LIBSODIUM_BUILD}/autogen.sh" => [
+    LIBSODIUM_BUILD,
+    LIBSODIUM_TARBALL,
+  ] do
+    sh %{tar -C #{LIBSODIUM_BUILD} --strip-components 1 -m -xf #{LIBSODIUM_TARBALL}}
+  end
+
+  file "#{LIBSODIUM_BUILD}/configure" => "#{LIBSODIUM_BUILD}/autogen.sh" do
+    sh %{cd #{LIBSODIUM_BUILD} && ./autogen.sh}
+  end
+
+  file "#{LIBSODIUM_BUILD}/Makefile" => "#{LIBSODIUM_BUILD}/configure" do
+    sh %{cd #{LIBSODIUM_BUILD} && ./configure}
+  end
+
+  file LIBSODIUM => "#{LIBSODIUM_BUILD}/Makefile" do
+    sh %{cd #{LIBSODIUM_BUILD} && make}
+  end
+
+  desc 'Compile a local copy of libsodium'
+  task :compile => LIBSODIUM do
+    # allow use of the library by the dynamic linker
+    ENV['DYLD_LIBRARY_PATH'] = LIBSODIUM_LIBDIR
+    ENV[  'LD_LIBRARY_PATH'] = LIBSODIUM_LIBDIR
+  end
+
+  task :clean do
+    sh %{cd #{LIBSODIUM_BUILD} && make mostlyclean}
+  end
+
+  task :clobber do
+    CLOBBER.add 'build'
+  end
+end
+
+task :clean   => 'libsodium:clean'
+task :clobber => 'libsodium:clobber'

data/tasks/test.rake

@@ -0,0 +1,6 @@
+require 'rake/testtask'
+
+Rake::TestTask.new 'test' => 'libsodium:compile' do |t|
+  t.libs   << 'test'
+  t.pattern = "test/**/*_test.rb"
+end

data/tasks/version.rake

@@ -0,0 +1,3 @@
+require 'rake/version_task'
+
+Rake::VersionTask.new

data/test/sodium/auth/hmacsha256_test.rb

@@ -0,0 +1,54 @@
+require 'test_helper'
+
+describe Sodium::Auth::HMACSHA256 do
+  include SodiumTestHelpers
+
+  subject { self.klass.new(self.key) }
+
+  let(:klass)     { Sodium::Auth::HMACSHA256 }
+  let(:primitive) { :hmacsha256 }
+
+  let :constants do
+    { :BYTES    => 32,
+      :KEYBYTES => 32, }
+  end
+
+  let_64(:key)           { 'XMfWD8/yrcNDzJyGhxRIwi5tSGKf8D0ul9FyX/djvjg=' }
+  let_64(:authenticator) { '6WDKvxKevcZts0Yc1HWGnylNYEpcxPO9tVtApEK8XWc=' }
+  let_64(:plaintext)     { 'bWVzc2FnZQ==' }
+
+  it '::primitive must be correct' do
+    self.klass.primitive.must_equal self.primitive
+  end
+
+  it 'must have correct values for its constants' do
+    self.constants.each_pair do |name, value|
+      self.klass[name].must_equal value
+    end
+  end
+
+  it 'must mint keys' do
+    self.klass.key.bytesize.
+      must_equal self.klass[:KEYBYTES]
+  end
+
+  it 'must generate authenticators' do
+    self.subject.auth(
+      self.plaintext
+    ).to_str.must_equal self.authenticator
+  end
+
+  it 'must verify authenticators' do
+    self.subject.verify(
+      self.plaintext,
+      self.authenticator
+    ).must_equal true
+  end
+
+  it 'must not verify forged authenticators' do
+    self.subject.verify(
+      self.plaintext,
+      self.authenticator.succ
+    ).must_equal false
+  end
+end

data/test/sodium/auth/hmacsha512256_test.rb

@@ -0,0 +1,53 @@
+require 'test_helper'
+
+describe Sodium::Auth::HMACSHA512256 do
+  include SodiumTestHelpers
+
+  subject { self.klass.new(self.key) }
+
+  let(:klass)     { Sodium::Auth::HMACSHA512256 }
+  let(:primitive) { :hmacsha512256 }
+
+  let :constants do
+    { :BYTES    => 32,
+      :KEYBYTES => 32, }
+  end
+
+  let_64(:key)           { 'XMfWD8/yrcNDzJyGhxRIwi5tSGKf8D0ul9FyX/djvjg=' }
+  let_64(:authenticator) { '6BN5+HNq0F8skQKkta+CLiBJ7mrrJaGw3G2J7jMT2qA=' }
+  let_64(:plaintext)     { 'bWVzc2FnZQ==' }
+
+  it '::primitive must be correct' do
+    self.klass.primitive.must_equal self.primitive
+  end
+
+  it 'must have correct values for its constants' do
+    self.constants.each_pair do |name, value|
+      self.klass[name].must_equal value
+    end
+  end
+
+  it 'must mint keys' do
+    self.klass.key.bytesize.must_equal self.klass[:KEYBYTES]
+  end
+
+  it 'must generate authenticators' do
+    self.subject.auth(
+      self.plaintext
+    ).to_str.must_equal self.authenticator
+  end
+
+  it 'must verify authenticators' do
+    self.subject.verify(
+      self.plaintext,
+      self.authenticator
+    ).must_equal true
+  end
+
+  it 'must not verify forged authenticators' do
+    self.subject.verify(
+      self.plaintext,
+      self.authenticator.succ
+    ).must_equal false
+  end
+end

data/test/sodium/auth_test.rb

@@ -0,0 +1,49 @@
+require 'test_helper'
+
+describe Sodium::Auth do
+  include SodiumTestHelpers
+
+  subject     { self.klass.new(self.key) }
+  let(:klass) { Sodium::Auth             }
+  let(:key)   { self.klass.key           }
+
+  it 'must default to the HMACSHA512256 implementation' do
+    self.klass.implementation.
+      must_equal Sodium::Auth::HMACSHA512256
+  end
+
+  it 'must allow access to alternate implementations' do
+    self.klass.implementation(:hmacsha256).
+      must_equal Sodium::Auth::HMACSHA256
+  end
+
+  it 'must instantiate the default implementation' do
+    self.subject.
+      must_be_kind_of Sodium::Auth::HMACSHA512256
+  end
+
+  it 'must mint keys from the default implementation' do
+    sodium_mock_default(self.klass) do |klass, mock|
+      mock.expect :[], 0, [:KEYBYTES]
+
+      klass.key.to_str.must_equal ''
+    end
+  end
+
+  it 'must raise when instantiating with an invalid key' do
+    lambda { self.klass.new(self.key.to_str[0..-2]) }.
+      must_raise Sodium::LengthError
+  end
+
+  it 'must raise when verifying an invalid authenticator' do
+    lambda { self.subject.verify('message', 'blaaah') }.
+      must_raise Sodium::LengthError
+  end
+
+  it 'must raise when failing to generate an authenticator' do
+    sodium_stub_failure(self.klass, :nacl) do
+      lambda { self.subject.auth('message') }.
+        must_raise Sodium::CryptoError
+    end
+  end
+end

data/test/sodium/box/curve25519xsalsa20poly1305_test.rb

@@ -0,0 +1,79 @@
+require 'test_helper'
+
+describe Sodium::Box::Curve25519XSalsa20Poly1305 do
+  include SodiumTestHelpers
+
+  subject { self.klass.new(self.secret_key, self.public_key) }
+
+  let(:klass)      { Sodium::Box::Curve25519XSalsa20Poly1305 }
+  let(:primitive)  { :curve25519xsalsa20poly1305 }
+
+  let :constants do
+    { :PUBLICKEYBYTES => 32,
+      :SECRETKEYBYTES => 32,
+      :BEFORENMBYTES  => 32,
+      :NONCEBYTES     => 24,
+      :ZEROBYTES      => 32,
+      :BOXZEROBYTES   => 16,
+      :MACBYTES       => 16, }
+  end
+
+  let_64(:secret_key) { 'f52WNdyy0r1YA5NCGlcF+vJ5HPG8yfHwzn/HJSJzfQk=' }
+  let_64(:public_key) { 'es8h5AH9GGD7PF10D1txeHAFAB2UNc9OZF+JqFWE9y8=' }
+  let_64(:shared_key) { 'TTp8bQBhIuiiQ0plVcqS3Cj62i/IdAFnopx4t9di2Kg=' }
+  let_64(:nonce)      { 'i72xIDJ4tcHCOHGYAzI6PoiVm31PFVgx' }
+  let_64(:ciphertext) { 'lHhCSFzopX4z02nlIuInHe3hFwpHFdA=' }
+  let_64(:plaintext)  { 'bWVzc2FnZQ==' }
+
+  it '::primitive must be correct' do
+    self.klass.primitive.must_equal self.primitive
+  end
+
+  it 'must have correct values for its constants' do
+    self.constants.each_pair do |name, value|
+      self.klass[name].must_equal value
+    end
+  end
+
+  it 'must mint secret keys' do
+    self.klass.keypair[0].bytesize.must_equal self.klass[:SECRETKEYBYTES]
+  end
+
+  it 'must mint public keys' do
+    self.klass.keypair[1].bytesize.must_equal self.klass[:PUBLICKEYBYTES]
+  end
+
+  it 'must generate closed boxes' do
+    self.subject.box(
+      self.plaintext,
+      self.nonce
+    ).to_str.must_equal self.ciphertext
+  end
+
+  it 'must open boxes' do
+    self.subject.open(
+      self.ciphertext,
+      self.nonce
+    ).to_str.must_equal self.plaintext
+  end
+
+  it 'must generate shared keys' do
+    self.subject.beforenm.to_str.must_equal self.shared_key
+  end
+
+  it 'must generate closed boxes with shared keys' do
+    self.klass.afternm(
+      self.shared_key,
+      self.plaintext,
+      self.nonce
+    ).to_str.must_equal self.ciphertext
+  end
+
+  it 'must open boxes with shared keys' do
+    self.klass.open_afternm(
+      self.shared_key,
+      self.ciphertext,
+      self.nonce
+    ).to_str.must_equal self.plaintext
+  end
+end