Add constant-time comparison for Sodium::Buffer

Lots of crypto operations will require comparing Sodium::Buffers. Since
we haven't already defined Sodium::Buffer#==, we have now done so in a
way that ensures timing attacks are avoided.

lib/sodium/buffer.rb

@@ -65,6 +65,19 @@ def initialize(bytes)
     self.freeze
   end
 
+  def ==(bytes)
+    bytes = Sodium::Buffer.new(bytes)
+
+    return false unless
+      self.bytesize == bytes.bytesize
+
+    Sodium::FFI::Crypto.sodium_memcmp(
+      self.to_str,
+      bytes.to_str,
+      bytes.bytesize
+    ) == 0
+  end
+
   def +(bytes)
     Sodium::Buffer.empty(self.bytesize + bytes.bytesize) do |buffer|
       buffer[0,             self .bytesize] = self

lib/sodium/ffi/crypto.rb

@@ -92,8 +92,9 @@ module Sodium::FFI::Crypto
 
   ffi_lib 'sodium'
 
-  attach_function 'sodium_init',    [],                  :void
-  attach_function 'sodium_memzero', [:pointer, :size_t], :void
+  attach_function 'sodium_init',    [],                            :void
+  attach_function 'sodium_memzero', [:pointer, :size_t],           :void
+  attach_function 'sodium_memcmp',  [:pointer, :pointer, :size_t], :int
 
   sodium_init
 

test/sodium/buffer_test.rb

@@ -86,6 +86,15 @@
   it '#initialize must wipe the buffer during finalization'
   it '#initialize must prevent the string from being paged to disk'
 
+  it '#== must compare equality of two buffers' do
+    subject.new('xyz').==('xyz') .must_equal true
+    subject.new('xyz').==('xy')  .must_equal false
+    subject.new('xyz').==('xyzz').must_equal false
+    subject.new('xyz').==('abc') .must_equal false
+  end
+
+  it '#== must compare equality of two buffers in constant time'
+
   it '#+ must append two buffers' do
     subject.new('xyz').+('abc').to_str.must_equal 'xyzabc'
   end