Initial commit

.editorconfig

@@ -0,0 +1,7 @@
+[*.cr]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+indent_style = space
+indent_size = 2
+trim_trailing_whitespace = true

.gitignore

@@ -0,0 +1,8 @@
+/doc/
+/lib/
+/bin/
+/.shards/
+
+# Libraries don't need dependency lock
+# Dependencies will be locked in application that uses them
+/shard.lock

.travis.yml

@@ -0,0 +1 @@
+language: crystal

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Andrew Hamon
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

README.md

@@ -0,0 +1,52 @@
+# cox
+
+Crystal bindings for the [libsodium box API](https://download.libsodium.org/doc/public-key_cryptography/authenticated_encryption.html)
+
+Given a recipients public key, you can encrypt and sign a message for them. Upon
+receipt, they can decrypt and authenticate the message as having come from you.
+
+## Installation
+
+Add this to your application's `shard.yml`:
+
+```yaml
+dependencies:
+  cox:
+    github: andrewhamon/cox
+```
+
+## Usage
+
+```crystal
+require "cox"
+
+data = "Hello World!"
+
+# Alice is the sender
+alice = Cox::KeyPair.new
+
+# Bob is the recipient
+bob = Cox::KeyPair.new
+
+# Encrypt a message for Bob using his public key, signing it with Alice's
+# secret key
+nonce, encrypted = Cox.encrypt(data, bob.public, alice.secret)
+
+# Decrypt the message using Bob's secret key, and verify its signature against
+# Alice's public key
+decrypted = Cox.decrypt(encrypted, nonce, alice.public, bob.secret)
+
+String.new(decrypted) # => "Hello World!"
+```
+
+## Contributing
+
+1. Fork it ( https://github.com/andrewhamon/cox/fork )
+2. Create your feature branch (git checkout -b my-new-feature)
+3. Commit your changes (git commit -am 'Add some feature')
+4. Push to the branch (git push origin my-new-feature)
+5. Create a new Pull Request
+
+## Contributors
+
+- [andrewhamon](https://github.com/andrewhamon) Andrew Hamon - creator, maintainer

shard.yml

@@ -0,0 +1,9 @@
+name: cox
+version: 0.1.0
+
+authors:
+  - Andrew Hamon <andrew@hamon.cc>
+
+crystal: 0.23.0
+
+license: MIT

spec/cox_spec.cr

@@ -0,0 +1,25 @@
+require "./spec_helper"
+
+describe Cox do
+  # TODO: Write tests
+
+  it "works" do
+    data = "Hello World!"
+
+    # Alice is the sender
+    alice = Cox::KeyPair.new
+
+    # Bob is the recipient
+    bob = Cox::KeyPair.new
+
+    # Encrypt a message for Bob using his public key, signing it with Alice's
+    # secret key
+    nonce, encrypted = Cox.encrypt(data, bob.public, alice.secret)
+
+    # Decrypt the message using Bob's secret key, and verify its signature against
+    # Alice's public key
+    decrypted = Cox.decrypt(encrypted, nonce, alice.public, bob.secret)
+
+    String.new(decrypted).should eq(data)
+  end
+end

spec/spec_helper.cr

@@ -0,0 +1,2 @@
+require "spec"
+require "../src/cox"

src/cox.cr

@@ -0,0 +1,30 @@
+require "./cox/*"
+require "secure_random"
+
+module Cox
+  def self.encrypt(data, nonce : Nonce, recipient_public_key : PublicKey, sender_secret_key : SecretKey)
+    data_buffer = data.to_slice
+    data_size = data_buffer.bytesize
+    output_buffer = Bytes.new(data_buffer.bytesize + LibSodium::MAC_BYTES)
+    LibSodium.crypto_box_easy(output_buffer.to_unsafe, data_buffer, data_size, nonce.pointer, recipient_public_key.pointer, sender_secret_key.pointer)
+    output_buffer
+  end
+
+  def self.encrypt(data, recipient_public_key : PublicKey, sender_secret_key : SecretKey)
+    nonce = Nonce.new
+    {nonce, encrypt(data, nonce, recipient_public_key, sender_secret_key)}
+  end
+
+  def self.decrypt(data, nonce : Nonce, sender_public_key : PublicKey, recipient_secret_key : SecretKey)
+    data_buffer = data.to_slice
+    data_size = data_buffer.bytesize
+    output_buffer = Bytes.new(data_buffer.bytesize - LibSodium::MAC_BYTES)
+    LibSodium.crypto_box_open_easy(output_buffer.to_unsafe, data_buffer.to_unsafe, data_size, nonce.pointer, sender_public_key.pointer, recipient_secret_key.pointer)
+    output_buffer
+  end
+end
+
+if Cox::LibSodium.sodium_init() == -1
+  STDERR.puts("Failed to init libsodium")
+  exit(1)
+end

src/cox/key.cr

@@ -0,0 +1,21 @@
+module Cox
+  abstract class Key
+    abstract def bytes
+
+    def pointer
+      bytes.to_unsafe
+    end
+
+    def pointer(size)
+      bytes.pointer(size)
+    end
+
+    def to_base64
+      Base64.encode(bytes)
+    end
+
+    def self.from_base64(encoded_key)
+      new(Base64.decode(encoded_key))
+    end
+  end
+end

src/cox/key_pair.cr

@@ -0,0 +1,25 @@
+require "./lib_sodium"
+
+
+module Cox
+  class KeyPair
+    property public : PublicKey
+    property secret : SecretKey
+
+    def initialize(@public, @secret)
+    end
+
+    def self.new(pub : Bytes, sec : Bytes)
+      new(PublicKey.new(pub), SecretKey.new(sec))
+    end
+
+    def self.new
+      public_key = Bytes.new(PublicKey::KEY_LENGTH)
+      secret_key = Bytes.new(SecretKey::KEY_LENGTH)
+
+      LibSodium.crypto_box_keypair(public_key.to_unsafe, secret_key.to_unsafe)
+
+      new(public_key, secret_key)
+    end
+  end
+end

src/cox/lib_sodium.cr

@@ -0,0 +1,39 @@
+module Cox
+  @[Link("sodium")]
+  lib LibSodium
+    fun sodium_init() : LibC::Int
+
+    fun crypto_box_publickeybytes() : LibC::SizeT
+    fun crypto_box_secretkeybytes() : LibC::SizeT
+    fun crypto_box_noncebytes()     : LibC::SizeT
+    fun crypto_box_macbytes()       : LibC::SizeT
+
+    PUBLIC_KEY_BYTES = crypto_box_publickeybytes()
+    SECRET_KEY_BYTES = crypto_box_secretkeybytes()
+    NONCE_BYTES      = crypto_box_macbytes()
+    MAC_BYTES        = crypto_box_macbytes()
+
+    fun crypto_box_keypair(
+      public_key_output : Pointer(LibC::UChar),
+      secret_key_output : Pointer(LibC::UChar)
+    )
+
+    fun crypto_box_easy(
+      output               : Pointer(LibC::UChar),
+      data                 : Pointer(LibC::UChar),
+      data_size            : LibC::ULongLong,
+      nonce                : Pointer(LibC::UChar),
+      recipient_public_key : Pointer(LibC::UChar),
+      sender_secret_key    : Pointer(LibC::UChar)
+    ) : LibC::Int
+
+    fun crypto_box_open_easy(
+      output               : Pointer(LibC::UChar),
+      data                 : Pointer(LibC::UChar),
+      data_size            : LibC::ULongLong,
+      nonce                : Pointer(LibC::UChar),
+      sender_public_key    : Pointer(LibC::UChar),
+      recipient_secret_key : Pointer(LibC::UChar)
+    ) : LibC::Int
+  end
+end

src/cox/nonce.cr

@@ -0,0 +1,28 @@
+require "./lib_sodium"
+require "secure_random"
+
+module Cox
+  class Nonce
+    property bytes : Bytes
+
+    NONCE_LENGTH = LibSodium::NONCE_BYTES
+
+    def initialize(@bytes : Bytes)
+      if bytes.bytesize != NONCE_LENGTH
+        raise ArgumentError.new("Nonce must be #{NONCE_LENGTH} bytes, got #{bytes.bytesize}")
+      end
+    end
+
+    def self.new
+      new(SecureRandom.random_bytes(NONCE_LENGTH))
+    end
+
+    def pointer
+      bytes.to_unsafe
+    end
+
+    def pointer(size)
+      bytes.pointer(size)
+    end
+  end
+end

src/cox/public_key.cr

@@ -0,0 +1,15 @@
+require "./lib_sodium"
+
+module Cox
+  class PublicKey < Key
+    property bytes : Bytes
+
+    KEY_LENGTH = LibSodium::PUBLIC_KEY_BYTES
+
+    def initialize(@bytes : Bytes)
+      if bytes.bytesize != KEY_LENGTH
+        raise ArgumentError.new("Public key must be #{KEY_LENGTH} bytes, got #{bytes.bytesize}")
+      end
+    end
+  end
+end

src/cox/secret_key.cr

@@ -0,0 +1,15 @@
+require "./lib_sodium"
+
+module Cox
+  class SecretKey < Key
+    property bytes : Bytes
+
+    KEY_LENGTH = LibSodium::SECRET_KEY_BYTES
+
+    def initialize(@bytes : Bytes)
+      if bytes.bytesize != KEY_LENGTH
+        raise ArgumentError.new("Secret key must be #{KEY_LENGTH} bytes, got #{bytes.bytesize}")
+      end
+    end
+  end
+end

src/cox/version.cr

@@ -0,0 +1,3 @@
+module Cox
+  VERSION = "0.1.0"
+end