armor 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: d38e8f64ee2202c50a7ba0112760c891afab81df
+  data.tar.gz: 6218494c71b80ec48173c37e7cd33ae5b2f0bcba
+SHA512:
+  metadata.gz: bd75de939639c9bb1d5c946f8213e2f85fa8a327f0e1e6c38b31a8aa93cb47a18d605bec91fa4b5dc72ff61bc97d4c142e208b28f4700e6707c7c674c7e30316
+  data.tar.gz: 724e0ae4b2b91aec61d6405d57054f777d4da2217dd68b4db22e8d26e2a7216018a94602d934507fca65c2281c5603ae88067c1787320b77406956c3410e49b1

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2012 Cyril David, Michel Martens
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README

@@ -0,0 +1,17 @@
+armor
+====
+
+shield's partner in crime.
+
+Description
+-----------
+
+A PBKDF2 pure ruby implementation.
+
+## Installation
+
+As usual, you can install it using rubygems.
+
+```
+$ gem install armor
+```

data/bin/armor

@@ -0,0 +1,16 @@
+#! /usr/bin/env ruby
+
+require File.expand_path("../lib/armor", File.dirname(__FILE__))
+
+if ARGV.empty?
+  abort("Usage: armor [N]    # Where N = number of iterations")
+end
+
+require "benchmark"
+
+t = Benchmark.realtime do
+  ENV["ARMOR_ITER"] = ARGV[0]
+  Armor.digest("password", "EXAMPLE.COMpianist")
+end
+
+puts "Iterations: %d, Time: %.2f" % [ARGV[0], t]

data/lib/armor.rb

@@ -0,0 +1,107 @@
+require "openssl"
+
+module Armor
+  # Syntactic sugar for the underlying mathematical definition of PBKDF2.
+  #
+  # This function does not allow passing in of a dkLen (in other words
+  # does not allow truncation of the final derived key).
+  #
+  # Returns: Binary representation of the derived key (DK).
+  #
+  # The default value for iter is set to 5000, and it can be
+  # configured via `ENV['ARMOR_ITER']`.
+  #
+  # The default value for hash is "sha512", and it can also be
+  # configured via `ENV['ARMOR_HASH']`.
+  def self.digest(password, salt)
+    iter = ENV["ARMOR_ITER"] || 5000
+    hash = ENV["ARMOR_HASH"] || "sha512"
+
+    digest = OpenSSL::Digest::Digest.new(hash)
+    length = digest.digest_length
+
+    hex(pbkdf2(digest, password, salt, Integer(iter), length))
+  end
+
+  def self.randomize(digest, password, seed)
+    OpenSSL::HMAC.digest(digest, password, seed)
+  end
+
+  # Binary to hex convenience method.
+  def self.hex(str)
+    str.unpack("H*").first
+  end
+
+  # The PBKDF2 key derivation function has five input parameters:
+  #
+  #     DK = PBKDF2(PRF, Password, Salt, c, dkLen)
+  #
+  # where:
+  #
+  # - PRF is a pseudorandom function of two parameters
+  # - Password is the master password from which a derived key is generated
+  # - Salt is a cryptographic salt
+  # - c is the number of iterations desired
+  # - dkLen is the desired length of the derived key
+  #
+  #   DK is the generated derived key.
+  #
+  def self.pbkdf2(digest, password, salt, c, dk_len)
+    blocks_needed = (dk_len.to_f / digest.size).ceil
+
+    result = ""
+
+    # main block-calculating loop:
+    1.upto(blocks_needed) do |n|
+      result << concatenate(digest, password, salt, c, n)
+    end
+
+    # truncate to desired length:
+    result.slice(0, dk_len)
+  end
+
+  # The function F is the xor (^) of c iterations of chained PRFs.
+  # The first iteration of PRF uses Password as the PRF key and Salt
+  # concatenated to i encoded as a big-endian 32-bit integer.
+  #
+  # Note that i is a 1-based index. Subsequent iterations of PRF use
+  # Password as the PRF key and the output of the previous PRF
+  # computation as the salt:
+  #
+  # Definition:
+  #
+  #     F(Password, Salt, Iterations, i) = U1 ^ U2 ^ ... ^ Uc
+  #
+  def self.concatenate(digest, password, salt, iterations, i)
+
+    # U1 -> password, salt and 1 encoded as big-endian 32-bit integer.
+    u = randomize(digest, password, salt + [i].pack("N"))
+
+    ret = u
+
+    # U2 through Uc:
+    2.upto(iterations) do
+
+      # calculate Un
+      u = randomize(digest, password, u)
+
+      # xor it with the previous results
+      ret = xor(ret, u)
+    end
+
+    ret
+  end
+
+private
+  def self.xor(a, b)
+    result = "".encode("ASCII-8BIT")
+
+    b_bytes = b.bytes.to_a
+
+    a.bytes.each_with_index do |c, i|
+      result << (c ^ b_bytes[i])
+    end
+
+    result
+  end
+end

data/makefile

@@ -0,0 +1,2 @@
+test:
+	cutest tests/*_test.rb

data/tests/armor_test.rb

@@ -0,0 +1,33 @@
+require File.expand_path("../lib/armor", File.dirname(__FILE__))
+
+test "length assertions" do
+  ENV["ARMOR_HASH"] = "sha1"
+  assert_equal 40, Armor.digest("monkey", "salt").length
+
+  ENV["ARMOR_HASH"] = "sha256"
+  assert_equal 64, Armor.digest("monkey", "salt").length
+
+  ENV["ARMOR_HASH"] = "sha512"
+  assert_equal 128, Armor.digest("monkey", "salt").length
+end
+
+# The old library PBKDF2 used to have bugs related to iteration count.
+#
+# Let's add a regression test to make sure we never get the problem.
+test "iterations" do
+  ENV["ARMOR_ITER"] = "1"
+  assert_equal 128, Armor.digest("monkey", "salt").length
+
+  ENV["ARMOR_ITER"] = "2"
+  assert_equal 128, Armor.digest("monkey", "salt").length
+
+  ENV["ARMOR_ITER"] = "5000"
+  assert_equal 128, Armor.digest("monkey", "salt").length
+end
+
+test "equality of identical keys" do
+  a = Armor.digest("monkey", "salt")
+  b = Armor.digest("monkey", "salt")
+
+  assert_equal a, b
+end

data/tests/rfc3962_test.rb

@@ -0,0 +1,75 @@
+require File.expand_path("../lib/armor", File.dirname(__FILE__))
+
+# see http://www.rfc-archive.org/getrfc.php?rfc=3962
+# all examples there use HMAC-SHA1
+
+test "first test case in appendix B of RFC 3962" do
+  # Iteration count = 1
+  #
+  # Pass phrase = "password"
+  #
+  # Salt = "ATHENA.MIT.EDUraeburn"
+  #
+  # 128-bit PBKDF2 output:
+  #    cd ed b5 28 1b b2 f8 01 56 5a 11 22 b2 56 35 15
+  #
+  # 256-bit PBKDF2 output:
+  #    cd ed b5 28 1b b2 f8 01 56 5a 11 22 b2 56 35 15
+  #    0a d1 f7 a0 4b b9 f3 a3 33 ec c0 e2 e1 f7 08 37
+
+  expected = "cd ed b5 28 1b b2 f8 01 56 5a 11 22 b2 56 35 15 0a d1 f7 a0"
+
+  ENV["ARMOR_ITER"] = "1"
+  ENV["ARMOR_HASH"] = "sha1"
+  actual = Armor.digest("password", "ATHENA.MIT.EDUraeburn")
+
+  assert_equal expected.tr(' ', ''), actual
+end
+
+test "second test case in appendix B of RFC 3962" do
+  # Iteration count = 2
+  # Pass phrase = "password"
+  # Salt="ATHENA.MIT.EDUraeburn"
+  #
+  # 128-bit PBKDF2 output:
+  #    01 db ee 7f 4a 9e 24 3e 98 8b 62 c7 3c da 93 5d
+  #
+  # 256-bit PBKDF2 output:
+  #    01 db ee 7f 4a 9e 24 3e 98 8b 62 c7 3c da 93 5d
+  #    a0 53 78 b9 32 44 ec 8f 48 a9 9e 61 ad 79 9d 86
+
+  ENV["ARMOR_ITER"] = "2"
+  ENV["ARMOR_HASH"] = "sha1"
+  actual = Armor.digest("password", "ATHENA.MIT.EDUraeburn")
+
+  expected =  "01 db ee 7f 4a 9e 24 3e 98 8b 62 c7 3c da 93 5d a0 53 78 b9"
+
+  assert_equal expected.tr(' ', ''), actual
+end
+
+test "should match the third test case in appendix B of RFC 3962" do
+  # Iteration count = 1200
+  # Pass phrase = "password"
+  # Salt = "ATHENA.MIT.EDUraeburn"
+  #
+  # 128-bit PBKDF2 output:
+  #    5c 08 eb 61 fd f7 1e 4e 4e c3 cf 6b a1 f5 51 2b
+  #
+  # 256-bit PBKDF2 output:
+  #    5c 08 eb 61 fd f7 1e 4e 4e c3 cf 6b a1 f5 51 2b
+  #    a7 e5 2d db c5 e5 14 2f 70 8a 31 e2 e6 2b 1e 13
+
+  digest = OpenSSL::Digest::Digest.new("sha1")
+
+  actual = Armor.pbkdf2(digest, "password", "ATHENA.MIT.EDUraeburn", 1200, 16)
+
+  expected = "5c 08 eb 61 fd f7 1e 4e 4e c3 cf 6b a1 f5 51 2b"
+  assert_equal expected.tr(' ', ''), Armor.hex(actual)
+
+  expected =  "5c 08 eb 61 fd f7 1e 4e 4e c3 cf 6b a1 f5 51 2b" +
+              "a7 e5 2d db c5 e5 14 2f 70 8a 31 e2 e6 2b 1e 13"
+
+  actual = Armor.pbkdf2(digest, "password", "ATHENA.MIT.EDUraeburn", 1200, 32) 
+
+  assert_equal expected.tr(' ', ''), Armor.hex(actual)
+end

metadata

@@ -0,0 +1,53 @@
+--- !ruby/object:Gem::Specification
+name: armor
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Cyril David
+- Michel Martens
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-04-13 00:00:00.000000000 Z
+dependencies: []
+description: A PBKDF2 pure ruby implementation.
+email:
+- cyx@cyx.is
+- michel@soveran.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README
+- LICENSE
+- makefile
+- lib/armor.rb
+- tests/armor_test.rb
+- tests/rfc3962_test.rb
+- bin/armor
+homepage: http://github.com/cyx/armor
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.0
+signing_key: 
+specification_version: 4
+summary: shield's partner in crime.
+test_files: []