1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
# encoding: binary
# frozen_string_literal: true
start = Time.now if $DEBUG
# NaCl/libsodium for Ruby
module RbNaCl
class SelfTestFailure < RbNaCl::CryptoError; end
# Self-test performed at startup
module SelfTest
module_function
def vector(name)
[TEST_VECTORS[name]].pack("H*")
end
def box_test
alicepk = RbNaCl::PublicKey.new(vector(:alice_public))
bobsk = RbNaCl::PrivateKey.new(vector(:bob_private))
box = RbNaCl::Box.new(alicepk, bobsk)
box_common_test(box)
end
def secret_box_test
box = SecretBox.new(vector(:secret_key))
box_common_test(box)
end
def box_common_test(box)
nonce = vector :box_nonce
message = vector :box_message
ciphertext = vector :box_ciphertext
raise SelfTestFailure, "failed to generate correct ciphertext" unless box.encrypt(nonce, message) == ciphertext
raise SelfTestFailure, "failed to decrypt ciphertext correctly" unless box.decrypt(nonce, ciphertext) == message
begin
passed = false
corrupt_ct = ciphertext.dup
corrupt_ct[23] = " "
box.decrypt(nonce, corrupt_ct)
rescue CryptoError
passed = true
ensure
passed || raise(SelfTestFailure, "failed to detect corrupt ciphertext")
end
end
def digital_signature_test
signing_key = SigningKey.new(vector(:sign_private))
verify_key = signing_key.verify_key
unless verify_key.to_s == vector(:sign_public)
# :nocov:
raise SelfTestFailure, "failed to generate verify key correctly"
# :nocov:
end
message = vector :sign_message
signature = signing_key.sign(message)
unless signature == vector(:sign_signature)
# :nocov:
raise SelfTestFailure, "failed to generate correct signature"
# :nocov:
end
unless verify_key.verify(signature, message)
# :nocov:
raise SelfTestFailure, "failed to verify a valid signature"
# :nocov:
end
begin
passed = false
bad_signature = signature[0, 63] + "0"
verify_key.verify(bad_signature, message)
rescue CryptoError
passed = true
ensure
passed || raise(SelfTestFailure, "failed to detect corrupt ciphertext")
end
end
def sha256_test
message = vector :sha256_message
digest = vector :sha256_digest
raise SelfTestFailure, "failed to generate a correct SHA256 digest" unless RbNaCl::Hash.sha256(message) == digest
end
def hmac_test(klass, tag)
authenticator = klass.new(vector("auth_key_#{klass.key_bytes}".to_sym))
message = vector :auth_message
raise SelfTestFailure, "#{klass} generated incorrect authentication tag" unless authenticator.auth(message) == vector(tag)
raise SelfTestFailure, "#{klass} failed to verify authentication tag" unless authenticator.verify(vector(tag), message)
begin
passed = false
authenticator.verify(vector(tag), message + " ")
rescue CryptoError
passed = true
ensure
passed || raise(SelfTestFailure, "failed to detect corrupt ciphertext")
end
end
end
end
RbNaCl::SelfTest.box_test
RbNaCl::SelfTest.secret_box_test
RbNaCl::SelfTest.digital_signature_test
RbNaCl::SelfTest.sha256_test
RbNaCl::SelfTest.hmac_test RbNaCl::HMAC::SHA256, :auth_hmacsha256
RbNaCl::SelfTest.hmac_test RbNaCl::HMAC::SHA512256, :auth_hmacsha512256
RbNaCl::SelfTest.hmac_test RbNaCl::OneTimeAuth, :auth_onetime
puts "POST Completed in #{Time.now - start} s" if $DEBUG
|
