Add salt/personalisation strings for Blake2b

They are exposed as options on the hash constructor. Strings are zero-padded out to 16 bytes. If they are not provided then a blank string is passed into the hash.
RubyCrypto · Sep 20, 2014 · 03752e4 · 03752e4
1 parent 02308ca
commit 03752e4
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 3 deletions.
diff --git a/lib/rbnacl/hash/blake2b.rb b/lib/rbnacl/hash/blake2b.rb
@@ -19,16 +19,23 @@ class Blake2b
       sodium_constant  :BYTES_MAX
       sodium_constant  :KEYBYTES_MIN
       sodium_constant  :KEYBYTES_MAX
+      sodium_constant  :SALTBYTES
+      sodium_constant  :PERSONALBYTES
 
       sodium_function  :generichash_blake2b,
-                       :crypto_generichash_blake2b,
-                       [:pointer, :size_t, :pointer, :ulong_long, :pointer, :size_t]
+                       :crypto_generichash_blake2b_salt_personal,
+                       [:pointer, :size_t, :pointer, :ulong_long, :pointer, :size_t, :pointer, :pointer]
+
+      EMPTY_PERSONAL = ("\0"*PERSONALBYTES).freeze
+      EMPTY_SALT     = ("\0"*SALTBYTES).freeze
 
       # Create a new Blake2b hash object
       #
       # @param [Hash] opts Blake2b configuration
       # @option opts [String]  :key for Blake2b keyed mode
       # @option opts [Integer] :digest_size size of output digest in bytes
+      # @option opts [String]  :salt  Provide a salt to support randomised hashing.  This is mixed into the parameters block to start the hashing.
+      # @option opts [Personal] :personal Provide personalisation string to allow pinning a hash for a particular purpose.  This is mixed into the parameters block to start the hashing
       #
       # @raise [RbNaCl::LengthError] Invalid length specified for one or more options
       #
@@ -47,6 +54,12 @@ def initialize(opts = {})
         @digest_size = opts.fetch(:digest_size, BYTES_MAX)
         raise LengthError, "digest size too short" if @digest_size < BYTES_MIN
         raise LengthError, "digest size too long"  if @digest_size > BYTES_MAX
+
+        @personal = opts.fetch(:personal, EMPTY_PERSONAL)
+        @personal = Util.zero_pad(PERSONALBYTES, @personal)
+
+        @salt     = opts.fetch(:salt, EMPTY_SALT)
+        @salt     = Util.zero_pad(SALTBYTES, @salt)
       end
 
       # Calculate a Blake2b digest
@@ -56,7 +69,7 @@ def initialize(opts = {})
       # @return [String] Blake2b digest of the string as raw bytes
       def digest(message)
         digest = Util.zeros(@digest_size)
-        self.class.generichash_blake2b(digest, @digest_size, message, message.bytesize, @key, @key_size) || raise(CryptoError, "Hashing failed!")
+        self.class.generichash_blake2b(digest, @digest_size, message, message.bytesize, @key, @key_size, @salt, @personal) || raise(CryptoError, "Hashing failed!")
         digest
       end
     end

diff --git a/lib/rbnacl/util.rb b/lib/rbnacl/util.rb
@@ -45,6 +45,25 @@ def remove_zeros(n, message)
       message.slice!(n, message.bytesize - n)
     end
 
+    # Pad a string out to n characters with zeros
+    #
+    # @param [Integer] n The length of the resulting string
+    # @param [String]  message the message to be padded
+    #
+    # @raise [RbNaCl::LengthError] If the string is too long
+    #
+    # @return [String] A string, n bytes long
+    def zero_pad(n, message)
+      len = message.bytesize
+      if len == n
+        message
+      elsif len > n
+        raise LengthError, "String too long for zero-padding to #{n} bytes"
+      else
+        message + zeros(n - len)
+      end
+    end
+
     # Check the length of the passed in string
     #
     # In several places through the codebase we have to be VERY strict with