Merge fc13b71 into 420b87d

lib/rbnacl.rb

@@ -1,4 +1,14 @@
 # encoding: binary
+require "rbnacl/version"
+require "rbnacl/nacl"
+require "rbnacl/serializable"
+require "rbnacl/key_comparator"
+require "rbnacl/auth"
+require "rbnacl/util"
+require "rbnacl/random"
+require "rbnacl/random_nonce_box"
+require "rbnacl/test_vectors"
+
 module RbNaCl
   # Oh no, something went wrong!
   #
@@ -18,29 +28,48 @@ class LengthError < ArgumentError; end
   # This indicates that an attempt has been made to use something (probably a key)
   # with an incorrect primitive
   class IncorrectPrimitiveError < ArgumentError; end
-end
 
-require "rbnacl/nacl"
-require "rbnacl/version"
-require "rbnacl/serializable"
-require "rbnacl/keys/key_comparator"
-require "rbnacl/keys/private_key"
-require "rbnacl/keys/public_key"
-require "rbnacl/keys/signing_key"
-require "rbnacl/keys/verify_key"
-require "rbnacl/box"
-require "rbnacl/secret_box"
-require "rbnacl/hash"
-require "rbnacl/hash/blake2b"
-require "rbnacl/util"
-require "rbnacl/auth"
-require "rbnacl/hmac/sha512256"
-require "rbnacl/hmac/sha256"
-require "rbnacl/auth/one_time"
-require "rbnacl/random"
-require "rbnacl/point"
-require "rbnacl/random_nonce_box"
-require "rbnacl/test_vectors"
+  # The signature was forged or otherwise corrupt
+  class BadSignatureError < CryptoError; end
+
+  # Public Key Encryption (Box): Curve25519XSalsa20Poly1305
+  require "rbnacl/curve25519xsalsa20poly1305/private_key"
+  require "rbnacl/curve25519xsalsa20poly1305/public_key"
+  require "rbnacl/curve25519xsalsa20poly1305/box"
+
+  # Secret Key Encryption (SecretBox): XSalsa20Poly1305
+  require "rbnacl/xsalsa20poly1305/secret_box"
+
+  # Digital Signatures: Ed25519
+  require "rbnacl/ed25519/signing_key"
+  require "rbnacl/ed25519/verify_key"
+
+  # Diffie-Hellman: Curve25519
+  require "rbnacl/curve25519/point"
+
+  # One-time Authentication: Poly1305
+  require "rbnacl/poly1305/one_time_auth"
+
+  # Blake2b hash function
+  require "rbnacl/blake2b/hash"
+
+  # NIST hash and HMAC functions
+  require "rbnacl/hash"
+  require "rbnacl/sha256/hmac"
+  require "rbnacl/sha512256/hmac"
+
+  #
+  # Bind aliases used by the public API
+  #
+  Box         = Curve25519XSalsa20Poly1305::Box
+  PrivateKey  = Curve25519XSalsa20Poly1305::PrivateKey
+  PublicKey   = Curve25519XSalsa20Poly1305::PublicKey
+  SecretBox   = XSalsa20Poly1305::SecretBox
+  SigningKey  = Ed25519::SigningKey
+  VerifyKey   = Ed25519::VerifyKey
+  Point       = Curve25519::Point
+  OneTimeAuth = Poly1305::OneTimeAuth
+end
 
 # Select platform-optimized versions of algorithms
 Thread.exclusive { RbNaCl::NaCl.sodium_init }

lib/rbnacl/hash/blake2b.rb → lib/rbnacl/blake2b/hash.rb

@@ -1,5 +1,5 @@
 module RbNaCl
-  module Hash
+  module Blake2b
     # The Blake2b hash function
     #
     # Blake2b is based on Blake, a SHA3 finalist which was snubbed in favor of
@@ -9,7 +9,7 @@ module Hash
     #
     # Blake2b provides for up to 64-bit digests and also supports a keyed mode
     # similar to HMAC
-    class Blake2b
+    class Hash
       # Create a new Blake2b hash object
       #
       # @param [Hash] opts Blake2b configuration

lib/rbnacl/curve25519/point.rb

@@ -0,0 +1,69 @@
+# encoding: binary
+module RbNaCl
+  module Curve25519
+    # NaCl's base point (a.k.a. standard group element), serialized as hex
+    STANDARD_GROUP_ELEMENT = ["0900000000000000000000000000000000000000000000000000000000000000"].pack("H*").freeze
+
+    # Order of the standard group
+    STANDARD_GROUP_ORDER = 2**252 + 27742317777372353535851937790883648493
+
+    # Points provide the interface to NaCl's Curve25519 high-speed elliptic
+    # curve cryptography, which can be used for implementing Diffie-Hellman
+    # and other forms of public key cryptography (e.g. RbNaCl::Box)
+    #
+    # Objects of the Point class represent points on Edwards curves. NaCl
+    # defines a base point (the "standard group element") which we can
+    # multiply by an arbitrary integer. This is how NaCl computes public
+    # keys from private keys.
+    class Point
+      include KeyComparator
+      include Serializable
+
+      # Number of bytes in a scalar on this curve
+      SCALARBYTES = NaCl::ED25519_SCALARBYTES
+
+      # Creates a new Point from the given serialization
+      #
+      # @param [String] point location of a group element (32-bytes)
+      #
+      # @return [RbNaCl::Point] the Point at this location
+      def initialize(point)
+        @point = point.to_str
+
+        # FIXME: really should have a separate constant here for group element size
+        # Group elements and scalars are both 32-bits, but that's for convenience
+        Util.check_length(@point, SCALARBYTES, "group element")
+      end
+
+      # Multiply the given integer by this point
+      # This ordering is a bit confusing because traditionally the point
+      # would be the right-hand operand.
+      #
+      # @param [String] integer value to multiply with this Point (32-bytes)
+      #
+      # @return [RbNaCl::Point] result as a Point object
+      def mult(integer, encoding = :raw)
+        integer = integer.to_str
+        Util.check_length(integer, SCALARBYTES, "integer")
+
+        result = Util.zeros(SCALARBYTES)
+        NaCl.crypto_scalarmult_curve25519(result, integer, @point)
+
+        self.class.new(result)
+      end
+
+      # Return the point serialized as bytes
+      #
+      # @return [String] 32-byte string representing this point
+      def to_bytes; @point; end
+
+      @base_point = Point.new(STANDARD_GROUP_ELEMENT)
+
+      # NaCl's standard base point for all Curve25519 public keys
+      #
+      # @return [RbNaCl::Point] standard base point (a.k.a. standard group element)
+      def self.base; @base_point; end
+      def self.base_point; @base_point; end
+    end
+  end
+end