block_io 1.0.1 → 1.0.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0a5c7f9ebfcf7f608010b2f742ebe7e2c44035ab
4
- data.tar.gz: 29253bde1cdcf14f17c7000165ea00571936fef7
3
+ metadata.gz: 4d6707d92cd82ae2d2ac1fa8fac10003e2428c38
4
+ data.tar.gz: f039eddd8e676ecd72483c0b6009eca69adf1d3a
5
5
  SHA512:
6
- metadata.gz: d999194b92fe5b45ba67ebb21a422f4e1796ffaadfe5a6bb57c0735486e9150339cc0c8638f1577e68fe1392047ba3e8773abea859d7ab26fc12574ca5dc655e
7
- data.tar.gz: 0332287b974c9bab30ed52f59031d0508b1e410be694c1bcb9b5363e459b1efbf74ebcd59443146f9f35bf8a7b38816926f68753532e26801340177afe9d3565
6
+ metadata.gz: 1c86cf460f1e41c8f54dbfa4112229c35236286eb68110357e8e755c4e2b88792349ae2efc924c59fd98328ac28f5493303b3250676d8c49f89adcfee6a4ae0d
7
+ data.tar.gz: 7ecb21200297d0719e76238ce6e45294689f4576769786917999cc51531a1be536f780c4bd1db9510f5e1bcfe86076bed7c38372d00a808a6f2908a44562c26c
@@ -0,0 +1,2 @@
1
+ Gemfile.lock
2
+ pkg
data/README.md CHANGED
@@ -14,14 +14,11 @@ And then execute:
14
14
 
15
15
  Or install it yourself as:
16
16
 
17
- $ gem install block_io
17
+ $ gem install block_io -v=1.0.2
18
18
 
19
19
  ## Changelog
20
20
 
21
- *09/27/14*: Now supporting client-side signatures. API v2 recommended.
22
-
23
- *07/01/14*: Forcing TLSv1 usage since Block.io does not support SSLv3 due to its vulnerable nature. Fixed:
24
- HTTPClient.new.ssl_config.ssl_version = :TLSv1
21
+ *10/18/14*: Now using deterministic signatures (RFC6979), and BIP62 to hinder transaction malleability.
25
22
 
26
23
 
27
24
  ## Usage
@@ -160,14 +160,20 @@ module BlockIo
160
160
  def sign(data)
161
161
  # signed the given hexadecimal string
162
162
 
163
- nonce = 1 + SecureRandom.random_number(@group.order - 1) # nonce, can be made deterministic TODO
163
+ nonce = deterministicGenerateK([data].pack("H*"), @private_key) # RFC6979
164
164
 
165
- signature = ECDSA.sign(@group, @private_key, [data].pack("H*"), nonce)
165
+ signature = ECDSA.sign(@group, @private_key, data.to_i(16), nonce)
166
166
 
167
- # DER encode this, and return it in hex form
167
+ # BIP0062 -- use lower S values only
168
+ r, s = signature.components
168
169
 
169
- return ECDSA::Format::SignatureDerString.encode(signature).unpack("H*")[0]
170
+ over_two = @group.order >> 1 # half of what it was
171
+ s = @group.order - s if (s > over_two)
170
172
 
173
+ signature = ECDSA::Signature.new(r, s)
174
+
175
+ # DER encode this, and return it in hex form
176
+ return ECDSA::Format::SignatureDerString.encode(signature).unpack("H*")[0]
171
177
  end
172
178
 
173
179
  def self.from_passphrase(passphrase)
@@ -182,6 +188,60 @@ module BlockIo
182
188
  return Key.new(hashed_key)
183
189
  end
184
190
 
191
+ def isPositive(i)
192
+ sig = "!+-"[i <=> 0]
193
+
194
+ return sig.eql?("+")
195
+ end
196
+
197
+ def deterministicGenerateK(data, privkey, group = ECDSA::Group::Secp256k1)
198
+ # returns a deterministic K -- RFC6979
199
+
200
+ hash = data.bytes.to_a
201
+
202
+ x = [privkey.to_s(16)].pack("H*").bytes.to_a
203
+
204
+ k = []
205
+ 32.times { k.insert(0, 0) }
206
+
207
+ v = []
208
+ 32.times { v.insert(0, 1) }
209
+
210
+ # step D
211
+ k = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), k.pack("C*"), [].concat(v).concat([0]).concat(x).concat(hash).pack("C*")).bytes.to_a
212
+
213
+ # step E
214
+ v = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), k.pack("C*"), v.pack("C*")).bytes.to_a
215
+
216
+ # puts "E: " + v.pack("C*").unpack("H*")[0]
217
+
218
+ # step F
219
+ k = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), k.pack("C*"), [].concat(v).concat([1]).concat(x).concat(hash).pack("C*")).bytes.to_a
220
+
221
+ # step G
222
+ v = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), k.pack("C*"), v.pack("C*")).bytes.to_a
223
+
224
+ # step H2b (Step H1/H2a ignored)
225
+ v = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), k.pack("C*"), v.pack("C*")).bytes.to_a
226
+
227
+ h2b = v.pack("C*").unpack("H*")[0]
228
+ tNum = h2b.to_i(16)
229
+
230
+ # step H3
231
+ while (!isPositive(tNum) or tNum >= group.order) do
232
+ # k = crypto.HmacSHA256(Buffer.concat([v, new Buffer([0])]), k)
233
+ k = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), k.pack("C*"), [].concat(v).concat([0]).pack("C*")).bytes.to_a
234
+
235
+ # v = crypto.HmacSHA256(v, k)
236
+ v = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), k.pack("C*"), v.pack("C*")).bytes.to_a
237
+
238
+ # T = BigInteger.fromBuffer(v)
239
+ tNum = v.pack("C*").unpack("H*")[0].to_i(16)
240
+ end
241
+
242
+ return tNum
243
+ end
244
+
185
245
  end
186
246
 
187
247
  module Helper
@@ -1,3 +1,3 @@
1
1
  module BlockIo
2
- VERSION = "1.0.1"
2
+ VERSION = "1.0.3"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: block_io
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1
4
+ version: 1.0.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Atif Nazir
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-10-05 00:00:00.000000000 Z
11
+ date: 2014-10-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -127,6 +127,7 @@ executables: []
127
127
  extensions: []
128
128
  extra_rdoc_files: []
129
129
  files:
130
+ - ".gitignore"
130
131
  - Gemfile
131
132
  - LICENSE
132
133
  - README.md