sodium 0.5.0 → 0.6.0

data/.gitignore

@@ -2,3 +2,9 @@ build/
 coverage/
 
 Gemfile.lock
+
+Makefile
+*.o
+*.so
+*.bundle
+.*.time

data/.travis.yml

@@ -1,13 +1,16 @@
 script: bundle exec rake test
 
+bundler_args: --without tools
+
 env:
-  - >
-    LIBSODIUM_MIRROR="https://github.com/jedisct1/libsodium/tarball/%s"
-    LIBSODIUM_VERSION="master"
-# - >
-#   LIBSODIUM_MIRROR="http://download.dnscrypt.org/libsodium/releases/libsodium-%s.tar.gz"
-#   LIBSODIUM_VERSION=0.4.1
-#   LIBSODIUM_DIGEST=65756c7832950401cc0e6ee0e99b165974244e749f40f33d465f56447bae8ce3
+  matrix:
+    - >
+      LIBSODIUM_MIRROR="https://github.com/jedisct1/libsodium/tarball/%s"
+      LIBSODIUM_VERSION="master"
+#   - >
+#     LIBSODIUM_MIRROR="http://download.dnscrypt.org/libsodium/releases/libsodium-%s.tar.gz"
+#     LIBSODIUM_VERSION=0.4.1
+#     LIBSODIUM_DIGEST=65756c7832950401cc0e6ee0e99b165974244e749f40f33d465f56447bae8ce3
 
 rvm:
   - 1.8.7

data/CHANGELOG.md

@@ -0,0 +1,20 @@
+### 0.6.0 (2013-06-27)
+
+- Additions
+  * Sodium::Auth can be used entirely with class methods
+  * Sodium::Buffer gains many new API methods
+  * signed gem
+
+- Removals
+  * Sodium::Buffer loses #pad, #unpad
+
+- Enhancements
+  * Sodium::Buffer performance improvements
+
+- Bug Fixes
+  * using `pointer` type for FFI methods to avoid bugs related to
+    in/out buffers in JRuby
+
+### 0.5.0 (2013-06-05)
+
+- Initial release

data/Gemfile

@@ -2,7 +2,9 @@ source 'https://rubygems.org/'
 
 gemspec
 
-gem 'pry'
+group :tools do
+  gem 'pry'
+end
 
 group :test do
   gem 'coveralls', :require => false

data/README.md

@@ -108,4 +108,4 @@ Fork, commit, push. Submit pull request. When possible, try and follow existing
 [example-asymmetric-encryption]:    examples/TODO
 [example-asymmetric-signatures]:    examples/TODO
 
-[gpg-key]: sodium.pub.gpg
+[gpg-key]: certs/sodium@touset.org.pub.gpg

data/VERSION

@@ -1 +1 @@
-0.5.0
+0.6.0

data/certs/sodium@touset.org.cert

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMDCCAhigAwIBAgIBADANBgkqhkiG9w0BAQUFADA+MQ8wDQYDVQQDDAZzb2Rp
+dW0xFjAUBgoJkiaJk/IsZAEZFgZ0b3VzZXQxEzARBgoJkiaJk/IsZAEZFgNvcmcw
+HhcNMTMwNjI4MDEzMzQ4WhcNMTQwNjI4MDEzMzQ4WjA+MQ8wDQYDVQQDDAZzb2Rp
+dW0xFjAUBgoJkiaJk/IsZAEZFgZ0b3VzZXQxEzARBgoJkiaJk/IsZAEZFgNvcmcw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCh3C2P1jW4MvcpXioNkqW/
+HiD9ZpTew1tHTolQclBBmOmOApLUPc9PIsfbohph83Z82x+BWbjEdL5NAfEQjRVu
+O8JUBJh0YRDF9P7fDtd9w0b3mmhumujbEsmDYs1ru5VvjgCh+Hfxgddlpha0KmxQ
+0j3h/Uj27tFbE33dIRqb5dBBBnnIM5CqRMu5/gDeXN5GrjYK3JfZlzZRECjnfuR5
+qDqoQFJK5ZmaEFm9E88HdAIS+sV9zb1OCYlADr3EB/a3Shxedx4SsX7oBPyNfsRb
+kMdTr+VynH/OEPSo0dW1DuKpUCmNBscrTOwhn6hJUDNpr6f0CTfYG9jGJY3p5JMt
+AgMBAAGjOTA3MAkGA1UdEwQCMAAwHQYDVR0OBBYEFIu3aZS82t6UR4Z5eON3t2LI
+AHPeMAsGA1UdDwQEAwIEsDANBgkqhkiG9w0BAQUFAAOCAQEAkjXdsFKC9mQfT3tP
+PNtArZ+Y/MhEfNXgKeTIHuIXMaFe86ekTxYxfIziH5VpGtIzeVxXE4teNNI/tpSX
+DcBNspVsx4N/PBqVdtD2KqTO+yrHiER7T9XEEctMgmFQB+NGMLNIpde1tGS8hX2p
+mcWzr4EAsJwbtLa3HHPwNrr3+Xj1YA8SvLffsJ0nUv/DeqkDCr/CG8mfPO65KtvX
+rp7h6AAaApIXd1JOn/ady0QxBNc9Rcjg0iG3lF4bRozRR2/B3cNC9PlHUhObWLYh
+/fYRy+X91OOKL0AyBJRoXo4iT7YeerdeYuWB9HZjJZSR13qeIn2vgJOS4qpPgqyu
+S0VfcA==
+-----END CERTIFICATE-----

data/config/nacl_ffi.yml

@@ -5,8 +5,8 @@
     - KEYBYTES
   
   :functions: 
-    ~      : [ buffer_out, buffer_in, ulong_long, buffer_in, int ]
-    :verify: [ buffer_in , buffer_in, ulong_long, buffer_in, int ]
+    ~      : [ pointer, pointer, ulong_long, pointer, int ]
+    :verify: [ pointer, pointer, ulong_long, pointer, int ]
 
   :primitives:
     - :HMACSHA512256
@@ -24,12 +24,12 @@
     - MACBYTES
     
   :functions:
-    ~            : [ buffer_out, buffer_in, ulong_long, buffer_in, buffer_in, buffer_in, int ]
-    :open        : [ buffer_out, buffer_in, ulong_long, buffer_in, buffer_in, buffer_in, int ]
-    :keypair     : [ buffer_out, buffer_out, int ]
-    :beforenm    : [ buffer_out, buffer_in, buffer_in, int ]
-    :afternm     : [ buffer_out, buffer_in, ulong_long, buffer_in, buffer_in, int ]
-    :open_afternm: [ buffer_out, buffer_in, ulong_long, buffer_in, buffer_in, int ]
+    ~            : [ pointer, pointer, ulong_long, pointer, pointer, pointer, int ]
+    :open        : [ pointer, pointer, ulong_long, pointer, pointer, pointer, int ]
+    :keypair     : [ pointer, pointer, int ]
+    :beforenm    : [ pointer, pointer, pointer, int ]
+    :afternm     : [ pointer, pointer, ulong_long, pointer, pointer, int ]
+    :open_afternm: [ pointer, pointer, ulong_long, pointer, pointer, int ]
 
   :primitives:
     - :Curve25519XSalsa20Poly1305
@@ -40,7 +40,7 @@
     - BYTES
 
   :functions:
-    ~: [ buffer_out, buffer_in, ulong_long, int ]
+    ~: [ pointer, pointer, ulong_long, int ]
 
   :primitives:
     - :SHA512
@@ -53,8 +53,8 @@
     - KEYBYTES
 
   :functions:
-    ~      : [ buffer_out, buffer_in, ulong_long, buffer_in, int ]
-    :verify: [ buffer_in , buffer_in, ulong_long, buffer_in, int ]
+    ~      : [ pointer, pointer, ulong_long, pointer, int ]
+    :verify: [ pointer, pointer, ulong_long, pointer, int ]
 
   :primitives:
     - :Poly1305
@@ -68,8 +68,8 @@
     - BOXZEROBYTES
 
   :functions:
-    ~    : [ buffer_out, buffer_in, ulong_long, buffer_in, buffer_in, int ]
-    :open: [ buffer_out, buffer_in, ulong_long, buffer_in, buffer_in, int ]
+    ~    : [ pointer, pointer, ulong_long, pointer, pointer, int ]
+    :open: [ pointer, pointer, ulong_long, pointer, pointer, int ]
 
   :primitives:
     - :XSalsa20Poly1305
@@ -82,9 +82,9 @@
     - SECRETKEYBYTES
 
   :functions:
-    ~      : [ buffer_out, buffer_out, buffer_in, ulong_long, buffer_in, int ]
-    open   : [ buffer_out, buffer_out, buffer_in, ulong_long, buffer_in, int ]
-    keypair: [ buffer_out, buffer_out, int ]
+    ~      : [ pointer, pointer, pointer, ulong_long, pointer, int ]
+    open   : [ pointer, pointer, pointer, ulong_long, pointer, int ]
+    keypair: [ pointer, pointer, int ]
 
   :primitives:
     - :Ed25519

data/ext/sodium/memory/extconf.rb

@@ -0,0 +1,11 @@
+#
+# FIXME: workaround for JRuby 1.7.4, where C extensions are
+# disabled. This can be removed, apparently, when 1.7.5 is released.
+#
+if defined? ENV_JAVA
+  ENV_JAVA['jruby.cext.enabled'] = 'true'
+end
+
+require 'mkmf'
+
+create_makefile('sodium/ffi/memory')

data/ext/sodium/memory/memory.c

@@ -0,0 +1,16 @@
+#include <stddef.h>
+
+void
+sodium_memxor(unsigned char *out, unsigned char *buf1, unsigned char *buf2, size_t size) {
+	size_t i;
+	for(i = 0; i < size; i++)
+		out[i] = buf1[i] ^ buf2[i];
+}
+
+void
+sodium_memput(unsigned char *out, unsigned char *in, size_t offset, size_t size) {
+	size_t i;
+	for (i = 0; i < size; i++) {
+		out[offset + i] = in[i];
+	}
+}

data/lib/sodium/auth.rb

@@ -7,35 +7,45 @@ class Sodium::Auth
     Sodium::Buffer.key self.implementation[:KEYBYTES]
   end
 
-  def initialize(key)
-    @key = self.class._key(key)
-  end
-
-  def auth(message)
-    message = self.class._message(message)
+  def self.auth(key, message)
+    key     = self._key(key)
+    message = self._message(message)
 
     Sodium::Buffer.empty self.implementation[:BYTES] do |authenticator|
       self.implementation.nacl(
         authenticator.to_str,
         message.to_str,
         message.to_str.bytesize,
-        @key.to_str
+        key.to_str
       ) or raise Sodium::CryptoError, 'failed to generate an authenticator'
     end
   end
 
-  def verify(message, authenticator)
-    message       = self.class._message(message)
-    authenticator = self.class._authenticator(authenticator)
+  def self.verify(key, message, authenticator)
+    key           = self._key(key)
+    message       = self._message(message)
+    authenticator = self._authenticator(authenticator)
 
     self.implementation.nacl_verify(
       authenticator.to_str,
       message.to_str,
       message.to_str.bytesize,
-      @key.to_str
+      key.to_str
     )
   end
 
+  def initialize(key)
+    @key = self.class._key(key)
+  end
+
+  def auth(message)
+    self.class.auth(@key, message)
+  end
+
+  def verify(message, authenticator)
+    self.class.verify(@key, message, authenticator)
+  end
+
   private
 
   def self._key(k)

data/lib/sodium/box.rb

@@ -28,7 +28,7 @@ class Sodium::Box
         nonce.to_str,
         shared_key.to_str
       ) or raise Sodium::CryptoError, 'failed to close the box'
-    end.unpad self.implementation[:BOXZEROBYTES]
+    end.ldrop self.implementation[:BOXZEROBYTES]
   end
 
   def self.open_afternm(shared_key, ciphertext, nonce)
@@ -44,7 +44,7 @@ class Sodium::Box
         nonce.to_str,
         shared_key.to_str
       ) or raise Sodium::CryptoError, 'failed to open the box'
-    end.unpad self.implementation[:ZEROBYTES]
+    end.ldrop self.implementation[:ZEROBYTES]
   end
 
 
@@ -70,7 +70,7 @@ class Sodium::Box
         @public_key.to_str,
         @secret_key.to_str
       ) or raise Sodium::CryptoError, 'failed to close the box'
-    end.unpad self.implementation[:BOXZEROBYTES]
+    end.ldrop self.implementation[:BOXZEROBYTES]
   end
 
   def open(ciphertext, nonce)
@@ -86,7 +86,7 @@ class Sodium::Box
         @public_key.to_str,
         @secret_key.to_str
       ) or raise Sodium::CryptoError, 'failed to open the box'
-    end.unpad self.implementation[:ZEROBYTES]
+    end.ldrop self.implementation[:ZEROBYTES]
   end
 
   def beforenm
@@ -114,11 +114,11 @@ class Sodium::Box
   end
 
   def self._message(m)
-    Sodium::Buffer.new(m).pad self.implementation[:ZEROBYTES]
+    Sodium::Buffer.lpad m, self.implementation[:ZEROBYTES]
   end
 
   def self._ciphertext(c)
-    Sodium::Buffer.new(c).pad self.implementation[:BOXZEROBYTES]
+    Sodium::Buffer.lpad c, self.implementation[:BOXZEROBYTES]
   end
 
   def self._nonce(n)

data/lib/sodium/buffer.rb

@@ -14,6 +14,30 @@ class Sodium::Buffer
     self.new("\0" * size).tap {|buffer| yield buffer if block_given? }
   end
 
+  def self.ljust(string, size)
+    size = (size > string.bytesize) ? size : string.bytesize
+
+    self.empty(size) do |buffer|
+      buffer[0, string.bytesize] = string
+    end
+  end
+
+  def self.rjust(string, size)
+    size = (size > string.bytesize) ? size : string.bytesize
+
+    self.empty(size) do |buffer|
+      buffer[size - string.bytesize, string.bytesize] = string
+    end
+  end
+
+  def self.lpad(string, size, &block)
+    self.rjust(string, string.bytesize + size, &block)
+  end
+
+  def self.rpad(string, size, &block)
+    self.ljust(string, string.bytesize + size, &block)
+  end
+
   def self.new(bytes, size = bytes.bytesize)
     raise Sodium::LengthError, "buffer must be exactly #{size} bytes long" unless
       bytes.bytesize == size
@@ -37,26 +61,67 @@ class Sodium::Buffer
 
     ObjectSpace.define_finalizer self,
       self.class._finalizer(@bytes)
+
+    self.freeze
   end
 
-  def +(other)
-    Sodium::Buffer.new(
-      self.to_str +
-      Sodium::Buffer.new(other).to_str
-    )
+  def ==(bytes)
+    bytes = Sodium::Buffer.new(bytes)
+
+    return false unless
+      self.bytesize == bytes.bytesize
+
+    Sodium::FFI::Crypto.sodium_memcmp(
+      self.to_str,
+      bytes.to_str,
+      bytes.bytesize
+    ) == 0
   end
 
-  def pad(size)
-    self.class.new(
-      ("\0" * size) + @bytes
-    )
+  def +(bytes)
+    Sodium::Buffer.empty(self.bytesize + bytes.bytesize) do |buffer|
+      buffer[0,             self .bytesize] = self
+      buffer[self.bytesize, bytes.bytesize] = bytes
+    end
+  end
+
+  def ^(bytes)
+    bytes = Sodium::Buffer.new(bytes)
+
+    raise ArgumentError, %{must only XOR strings of equal length} unless
+      self.bytesize == bytes.bytesize
+
+    Sodium::Buffer.empty(self.bytesize) do |buffer|
+      Sodium::FFI::Memory.sodium_memxor(
+        buffer.to_str,
+        self.to_str,
+        bytes.to_str,
+        bytes.bytesize
+      )
+    end
   end
 
-  def unpad(size)
-    self.byteslice(size .. -1)
+  def []=(offset, size, bytes)
+    raise ArgumentError, %{must only assign to existing bytes in the buffer} unless
+      self.bytesize >= offset + size
+
+    raise ArgumentError, %{must reassign only a fixed number of bytes} unless
+      size == bytes.bytesize
+
+    # ensure the original bytes get cleared
+    bytes = Sodium::Buffer.new(bytes)
+
+    Sodium::FFI::Memory.sodium_memput(
+      self.to_str,
+      bytes.to_str,
+      offset,
+      size
+    )
+
+    true
   end
 
-  def byteslice(*args)
+  def [](*args)
     return self.class.new(
       @bytes.byteslice(*args).to_s
     ) if (
@@ -103,6 +168,9 @@ class Sodium::Buffer
     finish += self.bytesize if finish < 0
     size    = finish - start + 1
 
+    # this approach ensures the bytes are copied into new memory, so
+    # instantiating a new buffer doesn't clear the bytes in the
+    # existing buffer
     bytes = (start >= 0 and size >= 0)         ?
       @bytes.unpack("@#{start}a#{size}").first :
       ''
@@ -110,10 +178,20 @@ class Sodium::Buffer
     self.class.new(bytes)
   end
 
+  alias byteslice []
+
   def bytesize
     @bytes.bytesize
   end
 
+  def rdrop(size)
+    self[0, self.bytesize - size]
+  end
+
+  def ldrop(size)
+    self[size, self.bytesize - size]
+  end
+
   def inspect
     # this appears to be equivalent to the default Object#inspect,
     # albeit without instance variables

data/lib/sodium/ffi.rb

@@ -6,4 +6,5 @@ end
 
 require 'sodium/ffi/lib_c'
 require 'sodium/ffi/crypto'
+require 'sodium/ffi/memory'
 require 'sodium/ffi/random'

data/lib/sodium/ffi/crypto.rb

@@ -92,8 +92,9 @@ module Sodium::FFI::Crypto
 
   ffi_lib 'sodium'
 
-  attach_function 'sodium_init',    [],                  :void
-  attach_function 'sodium_memzero', [:pointer, :size_t], :void
+  attach_function 'sodium_init',    [],                            :void
+  attach_function 'sodium_memzero', [:pointer, :size_t],           :void
+  attach_function 'sodium_memcmp',  [:pointer, :pointer, :size_t], :int
 
   sodium_init
 

data/lib/sodium/ffi/memory.rb

@@ -0,0 +1,12 @@
+require 'pathname'
+
+module Sodium::FFI::Memory
+  extend FFI::Library
+
+  ffi_lib Pathname.new(__FILE__).dirname.join(
+    %{memory.#{RbConfig::MAKEFILE_CONFIG['DLEXT']}}
+  )
+
+  attach_function 'sodium_memxor', [:pointer, :pointer, :pointer, :size_t ], :void
+  attach_function 'sodium_memput', [:pointer, :pointer, :size_t,  :size_t ], :void
+end

data/lib/sodium/secret_box.rb

@@ -27,7 +27,7 @@ class Sodium::SecretBox
         nonce.to_str,
         @key.to_str
       ) or raise Sodium::CryptoError, 'failed to close the secret box'
-    end.unpad self.implementation[:BOXZEROBYTES]
+    end.ldrop self.implementation[:BOXZEROBYTES]
   end
 
   def open(ciphertext, nonce)
@@ -42,7 +42,7 @@ class Sodium::SecretBox
         nonce.to_str,
         @key.to_str
       ) or raise Sodium::CryptoError, 'failed to open the secret box'
-    end.unpad self.implementation[:ZEROBYTES]
+    end.ldrop self.implementation[:ZEROBYTES]
   end
 
   private
@@ -52,11 +52,11 @@ class Sodium::SecretBox
   end
 
   def self._message(m)
-    Sodium::Buffer.new(m).pad self.implementation[:ZEROBYTES]
+    Sodium::Buffer.lpad m, self.implementation[:ZEROBYTES]
   end
 
   def self._ciphertext(c)
-    Sodium::Buffer.new(c).pad self.implementation[:BOXZEROBYTES]
+    Sodium::Buffer.lpad c, self.implementation[:BOXZEROBYTES]
   end
 
   def self._nonce(n)

data/sodium.gemspec

@@ -10,14 +10,19 @@ Gem::Specification.new do |gem|
   gem.description = 'A library for performing cryptography based on modern ciphers and protocols'
 
   gem.bindir      = 'bin'
-  gem.files       = `git ls-files`            .split("\n")
-  gem.extensions  = `git ls-files -- ext/*.rb`.split("\n")
-  gem.executables = `git ls-files -- bin/*`   .split("\n").map {|e| File.basename(e) }
-  gem.test_files  = `git ls-files -- spec/*`  .split("\n")
+  gem.files       = `git ls-files`               .split("\n")
+  gem.executables = `git ls-files -- bin/*`      .split("\n").map {|e| File.basename(e) }
+  gem.extensions  = `git ls-files -- ext/**/*.rb`.split("\n")
+  gem.test_files  = `git ls-files -- spec/*`     .split("\n")
+
+  gem.requirements << 'libsodium ~> 0.5'
 
   gem.add_dependency 'ffi', '~> 1'
 
   gem.add_development_dependency 'rake',     '~> 10'
   gem.add_development_dependency 'minitest', '~> 5'
   gem.add_development_dependency 'version',  '~> 1'
+
+  gem.signing_key = '/Volumes/Sensitive/Keys/Gems/sodium@touset.org.key'
+  gem.cert_chain  = [ 'certs/sodium@touset.org.cert' ]
 end

data/tasks/extensions.rake

@@ -0,0 +1,24 @@
+namespace :compile do
+  LIB_PATH   = File.expand_path('../../lib',        __FILE__)
+  EXT_PATH   = File.expand_path('../../ext/sodium', __FILE__)
+
+  MEMORY_PATH = File.join EXT_PATH,    'memory'
+  MEMORY_SRC  = File.join MEMORY_PATH, '*.c'
+  MEMORY_LIB  = 'memory.' + RbConfig::CONFIG['DLEXT']
+
+  desc 'Compile the memory extension'
+  task :memory => %{#{LIB_PATH}/sodium/ffi/#{MEMORY_LIB}}
+
+  file %{#{LIB_PATH}/sodium/ffi/#{MEMORY_LIB}} => %{#{MEMORY_PATH}/Makefile} do
+    sh %{make -C #{MEMORY_PATH} install sitearchdir="#{LIB_PATH}"}
+  end
+
+  file %{#{MEMORY_PATH}/Makefile} => FileList[MEMORY_SRC] do
+    Dir.chdir(MEMORY_PATH) { ruby %{extconf.rb} }
+  end
+end
+
+desc 'Compile all native extensions'
+task :compile => %w{ compile:memory }
+
+task :test => %w{ compile }

data/test/sodium/auth/hmacsha256_test.rb

@@ -33,12 +33,23 @@ describe Sodium::Auth::HMACSHA256 do
   end
 
   it 'must generate authenticators' do
+    self.klass.auth(
+      self.key,
+      self.plaintext
+    ).to_str.must_equal self.authenticator
+
     self.subject.auth(
       self.plaintext
     ).to_str.must_equal self.authenticator
   end
 
   it 'must verify authenticators' do
+    self.klass.verify(
+      self.key,
+      self.plaintext,
+      self.authenticator
+    ).must_equal true
+
     self.subject.verify(
       self.plaintext,
       self.authenticator

data/test/sodium/auth/hmacsha512256_test.rb

@@ -32,12 +32,23 @@ describe Sodium::Auth::HMACSHA512256 do
   end
 
   it 'must generate authenticators' do
+    self.klass.auth(
+      self.key,
+      self.plaintext
+    ).to_str.must_equal self.authenticator
+
     self.subject.auth(
       self.plaintext
     ).to_str.must_equal self.authenticator
   end
 
   it 'must verify authenticators' do
+    self.klass.verify(
+      self.key,
+      self.plaintext,
+      self.authenticator
+    ).must_equal true
+
     self.subject.verify(
       self.plaintext,
       self.authenticator

data/test/sodium/buffer_test.rb

@@ -37,6 +37,32 @@ describe Sodium::Buffer do
     mock.verify
   end
 
+  it '::ljust must pad zero bytes on the end' do
+    subject.ljust('xyz', 5).to_str.must_equal "xyz\0\0"
+  end
+
+  it '::ljust must not pad bytes when not needed' do
+    subject.ljust('xyz', 2).to_str.must_equal 'xyz'
+  end
+
+  it '::rjust must pad zero bytes onto the front' do
+    subject.rjust('xyz', 5).to_str.must_equal "\0\0xyz"
+  end
+
+  it '::rjust must not pad bytes when not needed' do
+    subject.rjust('xyz', 2).to_str.must_equal 'xyz'
+  end
+
+  it '::lpad must prepend the required number of bytes' do
+    subject.lpad('xyz', 0).to_str.must_equal 'xyz'
+    subject.lpad('xyz', 2).to_str.must_equal "\0\0xyz"
+  end
+
+  it '::rpad must append the required number of bytes' do
+    subject.rpad('xyz', 0).to_str.must_equal 'xyz'
+    subject.rpad('xyz', 2).to_str.must_equal "xyz\0\0"
+  end
+
   it '::new must create a buffer containing the specified string' do
     subject.new('xyz'     ).to_str.must_equal('xyz')
     subject.new('xyz' * 50).to_str.must_equal('xyz' * 50)
@@ -60,56 +86,87 @@ describe Sodium::Buffer do
   it '#initialize must wipe the buffer during finalization'
   it '#initialize must prevent the string from being paged to disk'
 
-  it '#pad bytes onto the front' do
-    subject.new('s').pad(3).to_str.must_equal "\0\0\0s"
+  it '#== must compare equality of two buffers' do
+    subject.new('xyz').==('xyz') .must_equal true
+    subject.new('xyz').==('xy')  .must_equal false
+    subject.new('xyz').==('xyzz').must_equal false
+    subject.new('xyz').==('abc') .must_equal false
   end
 
-  it '#unpad bytes from the front' do
-    subject.new("\0\0\0s").unpad(3).to_str.must_equal 's'
+  it '#== must compare equality of two buffers in constant time'
+
+  it '#+ must append two buffers' do
+    subject.new('xyz').+('abc').to_str.must_equal 'xyzabc'
+  end
+
+  it '#^ must XOR two buffers' do
+    subject.new('xyz').^('xyz').to_str.must_equal "\0\0\0"
+    subject.new('xyz').^('xyz').to_str.must_equal "\0\0\0"
   end
 
-  it '#byteslice must accept an indivdual byte offset to return' do
+  it '#[]= must allow replacement of byte ranges' do
+    subject.new('xyz').tap {|b| b[0, 3] = 'abc' }.to_str.must_equal 'abc'
+    subject.new('xyz').tap {|b| b[0, 2] = 'ab'  }.to_str.must_equal 'abz'
+    subject.new('xyz').tap {|b| b[2, 1] = 'c'   }.to_str.must_equal 'xyc'
+  end
+
+  it '#[]= must not allow resizing the buffer' do
+    lambda { subject.new('xyz')[0, 1] = 'ab' }.must_raise ArgumentError
+    lambda { subject.new('xyz')[0, 2] = 'a'  }.must_raise ArgumentError
+    lambda { subject.new('xyz')[3, 1] = 'a'  }.must_raise ArgumentError
+    lambda { subject.new('xyz')[2, 2] = 'ab' }.must_raise ArgumentError
+  end
+
+  it '#[] must accept an indivdual byte offset to return' do
     subject.new('xyz').tap do |buffer|
-      buffer.byteslice(-4).to_str.must_equal ''
-      buffer.byteslice(-3).to_str.must_equal 'x'
-      buffer.byteslice(-2).to_str.must_equal 'y'
-      buffer.byteslice(-1).to_str.must_equal 'z'
-      buffer.byteslice( 0).to_str.must_equal 'x'
-      buffer.byteslice( 1).to_str.must_equal 'y'
-      buffer.byteslice( 2).to_str.must_equal 'z'
-      buffer.byteslice( 3).to_str.must_equal ''
+      buffer[-4].to_str.must_equal ''
+      buffer[-3].to_str.must_equal 'x'
+      buffer[-2].to_str.must_equal 'y'
+      buffer[-1].to_str.must_equal 'z'
+      buffer[ 0].to_str.must_equal 'x'
+      buffer[ 1].to_str.must_equal 'y'
+      buffer[ 2].to_str.must_equal 'z'
+      buffer[ 3].to_str.must_equal ''
     end
   end
 
-  it '#byteslice must accept ranges of bytes to return' do
+  it '#[] must accept ranges of bytes to return' do
     subject.new('xyz').tap do |buffer|
-      buffer.byteslice( 0.. 0).to_str.must_equal 'x'
-      buffer.byteslice( 0.. 1).to_str.must_equal 'xy'
-      buffer.byteslice( 0.. 2).to_str.must_equal 'xyz'
-      buffer.byteslice( 0.. 3).to_str.must_equal 'xyz'
-      buffer.byteslice( 1..-1).to_str.must_equal 'yz'
-      buffer.byteslice( 2..-2).to_str.must_equal ''
-      buffer.byteslice(-3..-1).to_str.must_equal 'xyz'
-      buffer.byteslice(-4.. 1).to_str.must_equal ''
+      buffer[ 0.. 0].to_str.must_equal 'x'
+      buffer[ 0.. 1].to_str.must_equal 'xy'
+      buffer[ 0.. 2].to_str.must_equal 'xyz'
+      buffer[ 0.. 3].to_str.must_equal 'xyz'
+      buffer[ 1..-1].to_str.must_equal 'yz'
+      buffer[ 2..-2].to_str.must_equal ''
+      buffer[-3..-1].to_str.must_equal 'xyz'
+      buffer[-4.. 1].to_str.must_equal ''
     end
   end
 
-  it '#byteslice must accept an offset and number of bytes to return' do
+  it '#[] must accept an offset and number of bytes to return' do
     subject.new('xyz').tap do |buffer|
-      buffer.byteslice( 0,  0).to_str.must_equal ''
-      buffer.byteslice( 0,  1).to_str.must_equal 'x'
-      buffer.byteslice( 0,  3).to_str.must_equal 'xyz'
-      buffer.byteslice( 2,  4).to_str.must_equal 'z'
-      buffer.byteslice( 2,  1).to_str.must_equal 'z'
-      buffer.byteslice(-2,  1).to_str.must_equal 'y'
-      buffer.byteslice( 0, -1).to_str.must_equal ''
+      buffer[ 0,  0].to_str.must_equal ''
+      buffer[ 0,  1].to_str.must_equal 'x'
+      buffer[ 0,  3].to_str.must_equal 'xyz'
+      buffer[ 2,  4].to_str.must_equal 'z'
+      buffer[ 2,  1].to_str.must_equal 'z'
+      buffer[-2,  1].to_str.must_equal 'y'
+      buffer[ 0, -1].to_str.must_equal ''
     end
   end
 
-  it '#bytesize must return its length' do
+  it '#[] must return its length' do
     subject.new('testing').bytesize.must_equal 7
   end
 
+  it '#ldrop must drop bytes off the left' do
+    subject.new('xyz').ldrop(2).to_str.must_equal('z')
+  end
+
+  it '#rdrop must drop bytes off the right' do
+    subject.new('xyz').rdrop(2).to_str.must_equal('x')
+  end
+
   it '#inspect must not reveal its instance variables' do
     subject.new('blah').inspect.wont_include 'blah'
   end

metadata

@@ -1,15 +1,36 @@
 --- !ruby/object:Gem::Specification
 name: sodium
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.6.0
   prerelease: 
 platform: ruby
 authors:
 - Stephen Touset
 autorequire: 
 bindir: bin
-cert_chain: []
-date: 2013-06-05 00:00:00.000000000 Z
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDMDCCAhigAwIBAgIBADANBgkqhkiG9w0BAQUFADA+MQ8wDQYDVQQDDAZzb2Rp
+  dW0xFjAUBgoJkiaJk/IsZAEZFgZ0b3VzZXQxEzARBgoJkiaJk/IsZAEZFgNvcmcw
+  HhcNMTMwNjI4MDEzMzQ4WhcNMTQwNjI4MDEzMzQ4WjA+MQ8wDQYDVQQDDAZzb2Rp
+  dW0xFjAUBgoJkiaJk/IsZAEZFgZ0b3VzZXQxEzARBgoJkiaJk/IsZAEZFgNvcmcw
+  ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCh3C2P1jW4MvcpXioNkqW/
+  HiD9ZpTew1tHTolQclBBmOmOApLUPc9PIsfbohph83Z82x+BWbjEdL5NAfEQjRVu
+  O8JUBJh0YRDF9P7fDtd9w0b3mmhumujbEsmDYs1ru5VvjgCh+Hfxgddlpha0KmxQ
+  0j3h/Uj27tFbE33dIRqb5dBBBnnIM5CqRMu5/gDeXN5GrjYK3JfZlzZRECjnfuR5
+  qDqoQFJK5ZmaEFm9E88HdAIS+sV9zb1OCYlADr3EB/a3Shxedx4SsX7oBPyNfsRb
+  kMdTr+VynH/OEPSo0dW1DuKpUCmNBscrTOwhn6hJUDNpr6f0CTfYG9jGJY3p5JMt
+  AgMBAAGjOTA3MAkGA1UdEwQCMAAwHQYDVR0OBBYEFIu3aZS82t6UR4Z5eON3t2LI
+  AHPeMAsGA1UdDwQEAwIEsDANBgkqhkiG9w0BAQUFAAOCAQEAkjXdsFKC9mQfT3tP
+  PNtArZ+Y/MhEfNXgKeTIHuIXMaFe86ekTxYxfIziH5VpGtIzeVxXE4teNNI/tpSX
+  DcBNspVsx4N/PBqVdtD2KqTO+yrHiER7T9XEEctMgmFQB+NGMLNIpde1tGS8hX2p
+  mcWzr4EAsJwbtLa3HHPwNrr3+Xj1YA8SvLffsJ0nUv/DeqkDCr/CG8mfPO65KtvX
+  rp7h6AAaApIXd1JOn/ady0QxBNc9Rcjg0iG3lF4bRozRR2/B3cNC9PlHUhObWLYh
+  /fYRy+X91OOKL0AyBJRoXo4iT7YeerdeYuWB9HZjJZSR13qeIn2vgJOS4qpPgqyu
+  S0VfcA==
+  -----END CERTIFICATE-----
+date: 2013-06-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -78,16 +99,22 @@ dependencies:
 description: A library for performing cryptography based on modern ciphers and protocols
 email: stephen@touset.org
 executables: []
-extensions: []
+extensions:
+- ext/sodium/memory/extconf.rb
 extra_rdoc_files: []
 files:
 - .gitignore
 - .travis.yml
+- CHANGELOG.md
 - Gemfile
 - README.md
 - Rakefile
 - VERSION
+- certs/sodium@touset.org.cert
+- certs/sodium@touset.org.pub.gpg
 - config/nacl_ffi.yml
+- ext/sodium/memory/extconf.rb
+- ext/sodium/memory/memory.c
 - lib/sodium.rb
 - lib/sodium/auth.rb
 - lib/sodium/box.rb
@@ -96,6 +123,7 @@ files:
 - lib/sodium/ffi.rb
 - lib/sodium/ffi/crypto.rb
 - lib/sodium/ffi/lib_c.rb
+- lib/sodium/ffi/memory.rb
 - lib/sodium/ffi/random.rb
 - lib/sodium/hash.rb
 - lib/sodium/one_time_auth.rb
@@ -104,7 +132,7 @@ files:
 - lib/sodium/sign.rb
 - lib/sodium/version.rb
 - sodium.gemspec
-- sodium.pub.gpg
+- tasks/extensions.rake
 - tasks/libsodium.rake
 - tasks/test.rake
 - tasks/version.rake
@@ -144,7 +172,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
   - - '>='
     - !ruby/object:Gem::Version
       version: '0'
-requirements: []
+requirements:
+- libsodium ~> 0.5
 rubyforge_project: 
 rubygems_version: 1.8.25
 signing_key: