Use [tag, message] ordering for all authenticators

RubyCrypto · Sep 14, 2013 · c409574 · c409574
1 parent 5ae6660
commit c409574
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 23 deletions.
diff --git a/lib/rbnacl/auth.rb b/lib/rbnacl/auth.rb
@@ -35,12 +35,12 @@ def self.auth(key, message)
     # Verifies the given authenticator with the message.
     #
     # @param [#to_str] key the key used for the authenticator
-    # @param [#to_str] message the message to be authenticated
     # @param [#to_str] authenticator to be checked
+    # @param [#to_str] message the message to be authenticated
     #
     # @return [Boolean] Was it valid?
-    def self.verify(key, message, authenticator)
-      new(key).verify(message, authenticator)
+    def self.verify(key, authenticator, message)
+      new(key).verify(authenticator, message)
     end
 
     # Compute authenticator for message
@@ -51,7 +51,7 @@ def self.verify(key, message, authenticator)
     def auth(message)
       authenticator = Util.zeros(tag_bytes)
       message = message.to_str
-      compute_authenticator(message, authenticator)
+      compute_authenticator(authenticator, message)
       authenticator
     end
 
@@ -61,10 +61,10 @@ def auth(message)
     # @param [#to_str] message the message to be authenticated
     #
     # @return [Boolean] Was it valid?
-    def verify(message, authenticator)
+    def verify(authenticator, message)
       auth = authenticator.to_s
       return false unless auth.bytesize == tag_bytes
-      verify_message(message, auth)
+      verify_message(auth, message)
     end
 
     # The crypto primitive for this authenticator instance
@@ -95,7 +95,7 @@ def self.tag_bytes; self::BYTES; end
     def tag_bytes; self.class.tag_bytes; end
 
     private
-    def compute_authenticator(message, authenticator); raise NotImplementedError; end
-    def verify_message(message, authenticator);        raise NotImplementedError; end
+    def compute_authenticator(authenticator, message); raise NotImplementedError; end
+    def verify_message(authenticator, message);        raise NotImplementedError; end
   end
 end
diff --git a/lib/rbnacl/auth/one_time.rb b/lib/rbnacl/auth/one_time.rb
@@ -32,11 +32,11 @@ def self.primitive
       end
 
       private
-      def compute_authenticator(message, authenticator)
+      def compute_authenticator(authenticator, message)
         NaCl.crypto_auth_onetime(authenticator, message, message.bytesize, key)
       end
 
-      def verify_message(message, authenticator)
+      def verify_message(authenticator, message)
         NaCl.crypto_auth_onetime_verify(authenticator, message, message.bytesize, key)
       end
 

diff --git a/lib/rbnacl/hmac/sha256.rb b/lib/rbnacl/hmac/sha256.rb
@@ -27,11 +27,11 @@ def self.primitive
       end
 
       private
-      def compute_authenticator(message, authenticator)
+      def compute_authenticator(authenticator, message)
         NaCl.crypto_auth_hmacsha256(authenticator, message, message.bytesize, key)
       end
 
-      def verify_message(message, authenticator)
+      def verify_message(authenticator, message)
         NaCl.crypto_auth_hmacsha256_verify(authenticator, message, message.bytesize, key)
       end
     end

diff --git a/lib/rbnacl/hmac/sha512256.rb b/lib/rbnacl/hmac/sha512256.rb
@@ -27,11 +27,11 @@ def self.primitive
       end
 
       private
-      def compute_authenticator(message, authenticator)
+      def compute_authenticator(authenticator, message)
         NaCl.crypto_auth_hmacsha512256(authenticator, message, message.bytesize, key)
       end
 
-      def verify_message(message, authenticator)
+      def verify_message(authenticator, message)
         NaCl.crypto_auth_hmacsha512256_verify(authenticator, message, message.bytesize, key)
       end
     end

diff --git a/lib/rbnacl/self_test.rb b/lib/rbnacl/self_test.rb
@@ -92,11 +92,11 @@ def hmac_test(klass, tag)
         raise SelfTestFailure, "#{klass} failed to generate correct authentication tag"
       end
 
-      unless authenticator.verify(message, vector(tag))
+      unless authenticator.verify(vector(tag), message)
         raise SelfTestFailure, "#{klass} failed to verify correct authentication tag"
       end
 
-      if authenticator.verify(message+' ', vector(tag))
+      if authenticator.verify(vector(tag), message + ' ')
         raise SelfTestFailure, "#{klass} failed to detect invalid authentication tag"
       end
     end

diff --git a/spec/shared/authenticator.rb b/spec/shared/authenticator.rb
@@ -41,27 +41,27 @@
 
   context ".verify" do
     it "verify an authenticator" do
-      described_class.verify(key, message, tag).should eq true
+      described_class.verify(key, tag, message).should eq true
     end
 
     it "raises TypeError on a nil key" do
-      expect { described_class.verify(nil, message, tag) }.to raise_error(TypeError)
+      expect { described_class.verify(nil, tag, message) }.to raise_error(TypeError)
     end
 
     it "raises ArgumentError on a key which is too long" do
-      expect { described_class.verify("\0"*33, message, tag) }.to raise_error(ArgumentError)
+      expect { described_class.verify("\0"*33, tag, message) }.to raise_error(ArgumentError)
     end
 
     it "fails to validate an invalid authenticator" do
-      described_class.verify(key, message+"\0", tag ).should be false
+      described_class.verify(key, tag, message+"\0").should be false
     end
 
     it "fails to validate a short authenticator" do
-      described_class.verify(key, message, tag[0,tag.bytesize - 2]).should be false
+      described_class.verify(key, tag[0,tag.bytesize - 2], message).should be false
     end
 
     it "fails to validate a long authenticator" do
-      described_class.verify(key, message, tag+"\0").should be false
+      described_class.verify(key, tag+"\0", message).should be false
     end
   end
 
@@ -77,7 +77,7 @@
 
     context "#verify" do
       it "verifies an authenticator" do
-        authenticator.verify(message, tag).should be true
+        authenticator.verify(tag, message).should be true
       end
 
       it "fails to validate an invalid authenticator" do