$ docker run --rm --name validator-libsodium-usage-ruby-rbnacl-r14-hmac-sha512-auth-verify-2732 -t --mount type=bind,src=/tmp/validator-status-libsodium-usage-ruby-rbnacl-r14-hmac-sha512-auth-verify,dst=/validator/status validator-libsodium-shared bash -lc 'set -euo pipefail
/validator/tests/_shared/install_override_debs.sh
exec /validator/tests/_shared/run_library_tests.sh "$@"' validator-testcase libsodium usage-ruby-rbnacl-r14-hmac-sha512-auth-verify -- bash -c 'PS4=$1; shift; set -x; source "$@"' validator-xtrace '__VALIDATOR_XTRACE__ ' /validator/tests/libsodium/tests/cases/usage/usage-ruby-rbnacl-r14-hmac-sha512-auth-verify.sh
no override packages found; continuing with apt originals
key = ("\x14".b * 32)
message = "rbnacl r14 hmac-sha512 payload"

auth = RbNaCl::HMAC::SHA512.new(key)
tag = auth.auth(message)
raise "unexpected tag length: #{tag.bytesize}" unless tag.bytesize == 64

# Matching tag must verify.
auth.verify(tag, message)

# Flip one byte: must raise.
tampered = tag.dup
tampered.setbyte(0, tampered.getbyte(0) ^ 0x01)
rejected = false
begin
  auth.verify(tampered, message)
rescue RbNaCl::BadAuthenticatorError
  rejected = true
end
raise "tampered tag accepted" unless rejected

# Determinism.
again = RbNaCl::HMAC::SHA512.new(key).auth(message)
raise "non-deterministic hmac-sha512" unless again == tag

puts "ok #{tag.bytesize}"
'
ok 64