$ docker run --rm --name validator-libsodium-usage-ruby-rbnacl-secretbox-keygen-bytes-2732 -t --mount type=bind,src=/tmp/validator-status-libsodium-usage-ruby-rbnacl-secretbox-keygen-bytes,dst=/validator/status validator-libsodium-shared bash -lc 'set -euo pipefail
/validator/tests/_shared/install_override_debs.sh
exec /validator/tests/_shared/run_library_tests.sh "$@"' validator-testcase libsodium usage-ruby-rbnacl-secretbox-keygen-bytes -- bash -c 'PS4=$1; shift; set -x; source "$@"' validator-xtrace '__VALIDATOR_XTRACE__ ' /validator/tests/libsodium/tests/cases/usage/usage-ruby-rbnacl-secretbox-keygen-bytes.sh
no override packages found; continuing with apt originals
key = RbNaCl::Random.random_bytes(RbNaCl::SecretBox::KEYBYTES)
raise "unexpected key length: #{key.bytesize}" unless key.bytesize == 32

box = RbNaCl::SecretBox.new(key)
raise "SecretBox::KEYBYTES != 32" unless RbNaCl::SecretBox::KEYBYTES == 32
raise "SecretBox::NONCEBYTES != 24" unless RbNaCl::SecretBox::NONCEBYTES == 24
raise "instance key_bytes != 32" unless box.key_bytes == 32
raise "instance nonce_bytes != 24" unless box.nonce_bytes == 24

# tag_bytes (Poly1305 authenticator length) is exposed on the instance.
# Some RbNaCl versions do not expose a SecretBox::MACBYTES constant, so fall
# back to the libsodium wire constant 16 if neither tag_bytes nor MACBYTES is
# available.
tag_bytes =
  if box.respond_to?(:tag_bytes)
    box.tag_bytes
  elsif RbNaCl::SecretBox.const_defined?(:MACBYTES)
    RbNaCl::SecretBox::MACBYTES
  else
    16
  end
raise "unexpected tag_bytes: #{tag_bytes}" unless tag_bytes == 16

nonce = ("\x00".b * box.nonce_bytes)
plaintext = "rbnacl secretbox length payload"
ciphertext = box.encrypt(nonce, plaintext)
expected_len = plaintext.bytesize + tag_bytes
raise "ciphertext length #{ciphertext.bytesize} != expected #{expected_len}" unless ciphertext.bytesize == expected_len

recovered = box.decrypt(nonce, ciphertext)
raise "roundtrip mismatch" unless recovered == plaintext

puts "ok #{ciphertext.bytesize}"
'
ok 47