afsplitter 0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 5fcd1489dd788aa2d0b9cbe4b7b36b98fbd9a9b5
+  data.tar.gz: 8d8f199beee6ff749939cba86a8c1f0cd697087e
+SHA512:
+  metadata.gz: c65bf55f79be5a3bab596f17b99e9220546dbe2345b837b6e5e0d299b2c7fdffdb529a2835128a5da9ef5409d770f9a4c2ee9c361862ed41ef0c17cc41934742
+  data.tar.gz: fbca410d5c9c876e17fff5a8bc17566799016a49f9459ab99cc7e3c571a6efcd9689c7371b339c50e11b73938fe38cfcf3d079a3c4768b17e46c34dab7bd5f64

data/.gitignore

@@ -0,0 +1,15 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log
+.*.un~

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in afsplitter.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,24 @@
+Copyright (c) 2014 John Lane
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+http://www.opensource.org/licenses/mit-license.php

data/README.md

@@ -0,0 +1,110 @@
+# Afsplitter - Anti-forensic Information Splitter
+
+This is a Ruby implementation of the [AFsplitter][1] used by `cryptsetup`
+when storing encrypted key data in a [LUKS][2] volume header.
+
+There are two implementations:
+
+* A version using [FFI][3] bindings to the AFsplitter library;
+* A pure Ruby implementation.
+
+RubyGems: https://rubygems.org/gems/afsplitter
+Github:   https://github.com/johnlane/afsplitter
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'afsplitter'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install afsplitter
+
+Using the FFI version requires the `libafsplit.so` AFSPlitter library to
+be installed in the system's library search path (typically in the `/usr/lib`
+directory) but it is not included in this package.
+
+The library source code can be [downloaded][4] from the [official website][1]
+or from Git:
+
+    $ git clone https://github.com/johnlane/libafsplit
+
+To build the library
+
+    $ cd libafsplit
+    $ make
+    $ cp libafsplit.so $GEM_HOME...
+
+The official version is [AFsplitter-0.1.tar.bz2][4] ( SHA1: baf2857b3c87f369a36a67bb8603a6c417eba43e)
+
+**Note:** the official version's `Makefile` only builds a stand-alone test executable; it does not
+build the `libafsplit.so` library. The [Makefile][6] in the Git [repository][5] builds the
+shared library, however.
+
+## Usage
+
+For the FFI implementation
+
+    require 'afsplitter_ffi'
+
+For the Ruby implementation:
+
+    require 'afsplitter'
+
+Then, to split
+
+    str_split  = Afsplitter.split(str, iterations)
+
+And to merge:
+
+    str_merged = Afsplitter.merge(str_split, iterations)
+
+Which should result in
+
+    str_merged == str
+
+Refer to the tests in the `test` subdirectory for working examples.
+
+## Tests
+
+There are two tests:
+
+* `test_afsplitter.rb` split and merge test using the native Ruby implementation.
+* `test_afsplitter_ffi.rb` split and merge test using the `libafsplit.so` FFI implementation.
+
+To run all tests
+
+    $ rake
+
+To run individual tests
+
+    $ rake native
+    $ rake ffi
+
+## License
+
+MIT License: see the `LICENSE.txt` file.
+
+The `libafsplit.so` library is licensed as described on its [web site][4].
+
+## Contributing
+
+1. Fork it ( https://github.com/johnlane/afsplitter )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request
+
+[1]:http://clemens.endorphin.org/AFsplitter
+[2]:https://code.google.com/p/cryptsetup
+[3]:https://github.com/ffi/ffi "Foreign Function Interface"
+[4]:http://clemens.endorphin.org/AFsplitter-0.1.tar.bz2 "AFsplitter-0.1.tar.bz2"
+[5]:https://github.com/johnlane/libafsplit
+[6]:https://raw.githubusercontent.com/johnlane/libafsplit/master/Makefile "Makefile"

data/Rakefile

@@ -0,0 +1,14 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:ffi) { |t| t.test_files = %w(test/test_afsplitter_ffi.rb) }
+Rake::TestTask.new(:native) { |t| t.test_files = %w(test/test_afsplitter.rb) }
+
+desc "Run all tests"
+task :default => [:ffi, :native]
+
+desc "Run FFI test"
+task :ffi
+
+desc "Test native Ruby implementation"
+task :native

data/afsplitter.gemspec

@@ -0,0 +1,25 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'afsplitter/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "afsplitter"
+  spec.version       = Afsplitter::VERSION
+  spec.authors       = ["John Lane"]
+  spec.email         = ["john@lane.uk.net"]
+  spec.summary       = Afsplitter::SUMMARY
+  spec.description   = Afsplitter::DESCRIPTION
+  spec.homepage      = "https://github.com/johnlane/afsplitter"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.6"
+  spec.add_development_dependency "rake", "~> 10.0"
+
+  spec.add_dependency "ffi", '~> 1.9', '>= 1.9.6'
+end

data/lib/afsplitter.rb

@@ -0,0 +1,76 @@
+# https://rubygems.org/gems/afsplitter
+require 'afsplitter/version'
+require 'openssl'
+
+module Afsplitter
+
+  def self.merge(data,stripes,digest='sha1')
+
+    puts "Blocksize mismatch" unless data.size % stripes == 0
+
+    blocksize = data.size / stripes
+    bufblock = "\0" * blocksize
+
+    (0...stripes-1).each do |i|
+      bufblock = _xor(data[i*blocksize,blocksize], bufblock)
+      bufblock = _diffuse(bufblock, blocksize, digest)
+    end
+
+    return _xor(data[(stripes-1)*blocksize..-1], bufblock)
+  end
+
+  def self.split(data,stripes,digest='sha1')
+
+    blocksize = data.size
+    rand = Random.new
+    bufblock = "\0" * blocksize
+   
+    ret = ''
+    (stripes-1).times do
+
+      # Get some random data
+      r = rand.bytes(blocksize)
+      ret += r
+
+      bufblock = _xor(r, bufblock)
+      bufblock = _diffuse(bufblock, blocksize, digest)
+    end
+
+    ret += _xor(bufblock, data)
+
+  end
+
+  private
+
+    def self._xor(a,b)
+      a.unpack('C*').zip(b.unpack('C*')).map{ |a,b| a^b }.pack('C*')
+    end
+    
+    def self._diffuse(block,size,digest)
+      digest = OpenSSL::Digest.new(digest)
+      digest_size = digest.digest_length
+      full_blocks = block.size / digest_size
+      padding = block.size % digest_size
+    
+      # hash the full blocks
+      ret = ''
+      (0..full_blocks-1).each do |i|
+        digest.reset
+        digest << [i].pack('N')
+        digest << block[i*digest_size,digest_size]
+        ret+=digest.digest
+      end
+    
+      # Hash the remaining data
+      if padding > 0
+        digest.reset
+        digest << [full_blocks].pack('N')
+        digest << block[full_blocks * digest_size..-1]
+        ret += digest.digest[0,padding]
+      end
+    
+      ret
+    
+    end
+    
+end

data/lib/afsplitter/version.rb

@@ -0,0 +1,17 @@
+module Afsplitter
+  VERSION = "0.1"
+
+  SUMMARY = "AFsplitter - Anti-forensic Information Splitter"
+
+  DESCRIPTION = <<-EOS
+
+  The AFsplitter is used by LUKS to store encrypted keys in its header.
+
+  There is a native Ruby implementation and a FFI implementation that
+  binds the "libafsplit.so" shared library.
+
+  AFsplitter is documented at http://clemens.endorphin.org/AFsplitter.
+
+  EOS
+
+end

data/lib/afsplitter_ffi.rb

@@ -0,0 +1,38 @@
+# https://rubygems.org/gems/afsplitter
+require "afsplitter/version"
+require "ffi"
+
+module Afsplitter
+
+  extend FFI::Library
+
+  def self.split(str,iterations,digest=nil)
+    size=str.size
+    original = FFI::MemoryPointer.from_string(str)
+    result = FFI::MemoryPointer.from_string(Random.new.bytes(size*iterations))
+    af_split(original,result,size,iterations)
+    return result.read_string(size*iterations)
+  end
+
+  def self.merge(str,iterations,digest=nil)
+    size=str.size / iterations
+    original = FFI::MemoryPointer.from_string(str)
+    result = FFI::MemoryPointer.from_string(Random.new.bytes(size))
+    af_merge(original,result,size,iterations)
+    return result.read_string(size)
+  end
+
+  private
+
+  ffi_lib 'libafsplit.so'
+
+  typedef :pointer, :src
+  typedef :pointer, :dest
+
+  #int AF_split(char *src, char *dst, int blocksize, int blocknumbers);
+  attach_function :af_split, :AF_split, [:src, :dest, :int, :int], :int
+  
+  #int AF_merge(char *src, char *dst, int blocksize, int blocknumbers);
+  attach_function :af_merge, :AF_merge, [:src, :dest, :int, :int], :int
+
+end

data/test/test_afsplitter.rb

@@ -0,0 +1,21 @@
+# https://rubygems.org/gems/afsplitter
+require 'afsplitter'
+
+SIZE = 10000
+TIMES = 3000
+
+str_orig = Random.new.bytes(SIZE)
+
+print "Splitting..."
+str_split  = Afsplitter.split(str_orig, TIMES)
+puts "split size=#{str_split.size}"
+
+print "Merging..."
+str_merged = Afsplitter.merge(str_split, TIMES)
+puts "merged size=#{str_merged.size}"
+
+if str_merged == str_orig
+  puts "The strings match"
+else
+  puts "The strings do not match"
+end

data/test/test_afsplitter_ffi.rb

@@ -0,0 +1,21 @@
+# https://rubygems.org/gems/afsplitter
+require 'afsplitter_ffi'
+
+SIZE = 10000
+TIMES = 3000
+
+str_orig = Random.new.bytes(SIZE)
+
+print "Splitting..."
+str_split  = Afsplitter.split(str_orig, TIMES)
+puts "split size=#{str_split.size}"
+
+print "Merging..."
+str_merged = Afsplitter.merge(str_split, TIMES)
+puts "merged size=#{str_merged.size}"
+
+if str_merged == str_orig
+  puts "The strings match"
+else
+  puts "The strings do not match"
+end

metadata

@@ -0,0 +1,113 @@
+--- !ruby/object:Gem::Specification
+name: afsplitter
+version: !ruby/object:Gem::Version
+  version: '0.1'
+platform: ruby
+authors:
+- John Lane
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-11-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: ffi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.9.6
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.9.6
+description: |2+
+
+    The AFsplitter is used by LUKS to store encrypted keys in its header.
+
+    There is a native Ruby implementation and a FFI implementation that
+    binds the "libafsplit.so" shared library.
+
+    AFsplitter is documented at http://clemens.endorphin.org/AFsplitter.
+
+email:
+- john@lane.uk.net
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- afsplitter.gemspec
+- lib/afsplitter.rb
+- lib/afsplitter/version.rb
+- lib/afsplitter_ffi.rb
+- test/test_afsplitter.rb
+- test/test_afsplitter_ffi.rb
+homepage: https://github.com/johnlane/afsplitter
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: AFsplitter - Anti-forensic Information Splitter
+test_files:
+- test/test_afsplitter.rb
+- test/test_afsplitter_ffi.rb