Add primitive names to all algorithms

This change places all primitives into their own module. I have to say that by
doing this, the organization of the source code seems much improved to me.

The original API is preserved (with some changes) by aliasing shorthand class
names to their algorithm-specific versions.

lib/rbnacl.rb

@@ -1,4 +1,14 @@
 # encoding: binary
+require "rbnacl/version"
+require "rbnacl/nacl"
+require "rbnacl/serializable"
+require "rbnacl/key_comparator"
+require "rbnacl/auth"
+require "rbnacl/util"
+require "rbnacl/random"
+require "rbnacl/random_nonce_box"
+require "rbnacl/test_vectors"
+
 module RbNaCl
   # Oh no, something went wrong!
   #
@@ -18,29 +28,48 @@ class LengthError < ArgumentError; end
   # This indicates that an attempt has been made to use something (probably a key)
   # with an incorrect primitive
   class IncorrectPrimitiveError < ArgumentError; end
-end
 
-require "rbnacl/nacl"
-require "rbnacl/version"
-require "rbnacl/serializable"
-require "rbnacl/keys/key_comparator"
-require "rbnacl/keys/private_key"
-require "rbnacl/keys/public_key"
-require "rbnacl/keys/signing_key"
-require "rbnacl/keys/verify_key"
-require "rbnacl/box"
-require "rbnacl/secret_box"
-require "rbnacl/hash"
-require "rbnacl/hash/blake2b"
-require "rbnacl/util"
-require "rbnacl/auth"
-require "rbnacl/hmac/sha512256"
-require "rbnacl/hmac/sha256"
-require "rbnacl/auth/one_time"
-require "rbnacl/random"
-require "rbnacl/point"
-require "rbnacl/random_nonce_box"
-require "rbnacl/test_vectors"
+  # The signature was forged or otherwise corrupt
+  class BadSignatureError < CryptoError; end
+
+  # Public Key Encryption (Box): Curve25519XSalsa20Poly1305
+  require "rbnacl/curve25519xsalsa20poly1305/private_key"
+  require "rbnacl/curve25519xsalsa20poly1305/public_key"
+  require "rbnacl/curve25519xsalsa20poly1305/box"
+
+  # Secret Key Encryption (SecretBox): XSalsa20Poly1305
+  require "rbnacl/xsalsa20poly1305/secret_box"
+
+  # Digital Signatures: Ed25519
+  require "rbnacl/ed25519/signing_key"
+  require "rbnacl/ed25519/verify_key"
+
+  # Diffie-Hellman: Curve25519
+  require "rbnacl/curve25519/point"
+
+  # One-time Authentication: Poly1305
+  require "rbnacl/poly1305/one_time_auth"
+
+  # Blake2b hash function
+  require "rbnacl/blake2b/hash"
+
+  # NIST hash and HMAC functions
+  require "rbnacl/hash"
+  require "rbnacl/sha256/hmac"
+  require "rbnacl/sha512256/hmac"
+
+  #
+  # Bind aliases used by the public API
+  #
+  Box         = Curve25519XSalsa20Poly1305::Box
+  PrivateKey  = Curve25519XSalsa20Poly1305::PrivateKey
+  PublicKey   = Curve25519XSalsa20Poly1305::PublicKey
+  SecretBox   = XSalsa20Poly1305::SecretBox
+  SigningKey  = Ed25519::SigningKey
+  VerifyKey   = Ed25519::VerifyKey
+  Point       = Curve25519::Point
+  OneTimeAuth = Poly1305::OneTimeAuth
+end
 
 # Select platform-optimized versions of algorithms
 Thread.exclusive { RbNaCl::NaCl.sodium_init }

lib/rbnacl/hash/blake2b.rb → lib/rbnacl/blake2b/hash.rb

@@ -1,5 +1,5 @@
 module RbNaCl
-  module Hash
+  module Blake2b
     # The Blake2b hash function
     #
     # Blake2b is based on Blake, a SHA3 finalist which was snubbed in favor of
@@ -9,7 +9,7 @@ module Hash
     #
     # Blake2b provides for up to 64-bit digests and also supports a keyed mode
     # similar to HMAC
-    class Blake2b
+    class Hash
       # Create a new Blake2b hash object
       #
       # @param [Hash] opts Blake2b configuration

lib/rbnacl/curve25519/point.rb

@@ -0,0 +1,69 @@
+# encoding: binary
+module RbNaCl
+  module Curve25519
+    # NaCl's base point (a.k.a. standard group element), serialized as hex
+    STANDARD_GROUP_ELEMENT = ["0900000000000000000000000000000000000000000000000000000000000000"].pack("H*").freeze
+
+    # Order of the standard group
+    STANDARD_GROUP_ORDER = 2**252 + 27742317777372353535851937790883648493
+
+    # Points provide the interface to NaCl's Curve25519 high-speed elliptic
+    # curve cryptography, which can be used for implementing Diffie-Hellman
+    # and other forms of public key cryptography (e.g. RbNaCl::Box)
+    #
+    # Objects of the Point class represent points on Edwards curves. NaCl
+    # defines a base point (the "standard group element") which we can
+    # multiply by an arbitrary integer. This is how NaCl computes public
+    # keys from private keys.
+    class Point
+      include KeyComparator
+      include Serializable
+
+      # Number of bytes in a scalar on this curve
+      SCALARBYTES = NaCl::ED25519_SCALARBYTES
+
+      # Creates a new Point from the given serialization
+      #
+      # @param [String] point location of a group element (32-bytes)
+      #
+      # @return [RbNaCl::Point] the Point at this location
+      def initialize(point)
+        @point = point.to_str
+
+        # FIXME: really should have a separate constant here for group element size
+        # Group elements and scalars are both 32-bits, but that's for convenience
+        Util.check_length(@point, SCALARBYTES, "group element")
+      end
+
+      # Multiply the given integer by this point
+      # This ordering is a bit confusing because traditionally the point
+      # would be the right-hand operand.
+      #
+      # @param [String] integer value to multiply with this Point (32-bytes)
+      #
+      # @return [RbNaCl::Point] result as a Point object
+      def mult(integer, encoding = :raw)
+        integer = integer.to_str
+        Util.check_length(integer, SCALARBYTES, "integer")
+
+        result = Util.zeros(SCALARBYTES)
+        NaCl.crypto_scalarmult_curve25519(result, integer, @point)
+
+        self.class.new(result)
+      end
+
+      # Return the point serialized as bytes
+      #
+      # @return [String] 32-byte string representing this point
+      def to_bytes; @point; end
+
+      @base_point = Point.new(STANDARD_GROUP_ELEMENT)
+
+      # NaCl's standard base point for all Curve25519 public keys
+      #
+      # @return [RbNaCl::Point] standard base point (a.k.a. standard group element)
+      def self.base; @base_point; end
+      def self.base_point; @base_point; end
+    end
+  end
+end