botan 0.1.0

data/lib/botan/kdf.rb

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+# (c) 2017 Ribose Inc.
+
+require 'ffi'
+
+require 'botan/defaults'
+require 'botan/utils'
+
+module Botan
+  # Key Derivation Functions
+  #
+  # == Examples
+  # === examples/kdf.rb
+  # {include:file:examples/kdf.rb}
+  module KDF
+    # Derives a key using the given KDF algorithm.
+    #
+    # @param secret [String] the secret input
+    # @param key_length [Integer] the desired length of the key to produce
+    # @param label [String] purpose for the derived keying material
+    # @param algo [String] the KDF algorithm name
+    # @param salt [String] the randomly chosen salt
+    # @return [String] the derived key
+    def self.kdf(secret:, key_length:,
+                 label: '',
+                 algo: DEFAULT_KDF_ALGO,
+                 salt: RNG.get(DEFAULT_KDF_SALT_LENGTH))
+      out_buf = FFI::MemoryPointer.new(:uint8, key_length)
+
+      secret_buf = FFI::MemoryPointer.from_data(secret)
+      salt_buf = FFI::MemoryPointer.from_data(salt)
+      label_buf = FFI::MemoryPointer.from_data(label)
+      Botan.call_ffi(:botan_kdf,
+                     algo, out_buf, out_buf.size,
+                     secret_buf, secret_buf.size,
+                     salt_buf, salt_buf.size,
+                     label_buf, label_buf.size)
+      out_buf.read_bytes(key_length)
+    end
+
+    # Derives a key using the given PBKDF algorithm.
+    #
+    # @param password [String] the password to derive the key from
+    # @param key_length [Integer] the desired length of the key to produce
+    # @param algo [String] the PBKDF algorithm name
+    # @param iterations [Integer] the number of iterations to use
+    # @param salt [String] the randomly chosen salt
+    # @return [String] the derived key
+    def self.pbkdf(password:, key_length:,
+                   algo: DEFAULT_PBKDF_ALGO,
+                   iterations: DEFAULT_KDF_ITERATIONS,
+                   salt: RNG.get(DEFAULT_KDF_SALT_LENGTH))
+      out_buf = FFI::MemoryPointer.new(:uint8, key_length)
+      salt_buf = FFI::MemoryPointer.from_data(salt)
+      Botan.call_ffi(:botan_pbkdf,
+                     algo, out_buf, key_length,
+                     password, salt_buf, salt_buf.size, iterations)
+      out_buf.read_bytes(key_length)
+    end
+
+    # Derives a key using the given PBKDF algorithm.
+    #
+    # @param password [String] the password to derive the key from
+    # @param key_length [Integer] teh desired length of the key to rpoduce
+    # @param milliseconds [Integer] the number of milliseconds to run
+    # @param algo [String] the PBKDF algorithm name
+    # @param salt [String] the randomly chosen salt
+    # @return [Hash<Symbol>]
+    #   * :iterations [Integer] the iteration count used
+    #   * :key [String] the derived key
+    def self.pbkdf_timed(password:, key_length:, milliseconds:,
+                         algo: DEFAULT_PBKDF_ALGO,
+                         salt: RNG.get(DEFAULT_KDF_SALT_LENGTH))
+      out_buf = FFI::MemoryPointer.new(:uint8, key_length)
+      salt_buf = FFI::MemoryPointer.from_data(salt)
+      iterations_ptr = FFI::MemoryPointer.new(:size_t)
+      Botan.call_ffi(:botan_pbkdf_timed,
+                     algo, out_buf, key_length,
+                     password, salt_buf, salt_buf.size,
+                     milliseconds, iterations_ptr)
+      { iterations: iterations_ptr.read(:size_t),
+        key: out_buf.read_bytes(key_length) }
+    end
+  end # module
+end # module
+

data/lib/botan/mac.rb

@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+
+# (c) 2017 Ribose Inc.
+
+require 'ffi'
+
+require 'botan/error'
+require 'botan/ffi/libbotan'
+require 'botan/utils'
+
+module Botan
+  # Message Authentication Code
+  #
+  # == Examples
+  # === examples/mac.rb
+  # {include:file:examples/mac.rb}
+  class MAC
+    # @param algo [String] the MAC algorithm name
+    def initialize(algo)
+      flags = 0
+      ptr = FFI::MemoryPointer.new(:pointer)
+      Botan.call_ffi(:botan_mac_init, ptr, algo, flags)
+      ptr = ptr.read_pointer
+      raise Botan::Error, 'botan_mac_init returned NULL' if ptr.null?
+      @ptr = FFI::AutoPointer.new(ptr, self.class.method(:destroy))
+    end
+
+    # @api private
+    def self.destroy(ptr)
+      LibBotan.botan_mac_destroy(ptr)
+    end
+
+    # Resets the instace back to a clean state, as if no key and
+    # input have been supplied.
+    #
+    # @return [self]
+    def reset
+      Botan.call_ffi(:botan_mac_clear, @ptr)
+      self
+    end
+
+    # Retrieve the output length of the MAC.
+    #
+    # @return [Integer]
+    def output_length
+      length_ptr = FFI::MemoryPointer.new(:size_t)
+      Botan.call_ffi(:botan_mac_output_length, @ptr, length_ptr)
+      length_ptr.read(:size_t)
+    end
+
+    # Sets the key for the MAC.
+    # This must be called before {#update}.
+    #
+    # @param [String] key
+    def key=(key)
+      Botan.call_ffi(:botan_mac_set_key, @ptr, key, key.bytesize)
+    end
+
+    # Adds input to the MAC computation.
+    #
+    # @param [String] data
+    # @return [self]
+    def update(data)
+      Botan.call_ffi(:botan_mac_update, @ptr, data, data.bytesize)
+      self
+    end
+
+    def digest
+      out_buf = FFI::MemoryPointer.new(:uint8, output_length)
+      Botan.call_ffi(:botan_mac_final, @ptr, out_buf)
+      out_buf.read_bytes(out_buf.size)
+    end
+
+    def hexdigest
+      Botan.hex_encode(digest)
+    end
+
+    def inspect
+      Botan.inspect_ptr(self)
+    end
+
+    alias << update
+
+    # TODO: it's not safe to do this at the moment, since these
+    # methods mutate the state.
+    # alias inspect hexdigest
+    # alias to_s hexdigest
+  end # class
+end # module
+

data/lib/botan/pk/mceies.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+# (c) 2017 Ribose Inc.
+
+require 'ffi'
+
+require 'botan/ffi/libbotan'
+require 'botan/utils'
+
+module Botan
+  module PK
+    # Encrypts with McEliece.
+    #
+    # @param public_key [Botan::PK::PublicKey] the public key
+    # @param plaintext [String] the data to encrypt
+    # @param ad [String] the associated data
+    # @param aead [String] the (AEAD) cipher+mode
+    # @param rng [Botan::RNG] the RNG to use
+    # @return [String] the encrypted data
+    def self.mceies_encrypt(public_key:, plaintext:, ad:,
+                            aead: DEFAULT_AEAD,
+                            rng: Botan::RNG.new)
+      pt_buf = FFI::MemoryPointer.from_data(plaintext)
+      ad_buf = FFI::MemoryPointer.from_data(ad)
+      Botan.call_ffi_with_buffer(lambda { |b, bl|
+        LibBotan.botan_mceies_encrypt(public_key.ptr,
+                                      rng.ptr,
+                                      aead,
+                                      pt_buf,
+                                      pt_buf.size,
+                                      ad_buf,
+                                      ad_buf.size,
+                                      b,
+                                      bl)
+      })
+    end
+
+    # Decrypts with McEliece.
+    #
+    # @param private_key [Botan::PK::PrivateKey] the private key
+    # @param ciphertext [String] the data to decrypt
+    # @param ad [String] the associated data
+    # @param aead [String] the (AEAD) cipher+mode
+    # @return [String] the decrypted data
+    def self.mceies_decrypt(private_key:, ciphertext:, ad:,
+                            aead: DEFAULT_AEAD)
+      ct_buf = FFI::MemoryPointer.from_data(ciphertext)
+      ad_buf = FFI::MemoryPointer.from_data(ad)
+      Botan.call_ffi_with_buffer(lambda { |b, bl|
+        LibBotan.botan_mceies_decrypt(private_key.ptr,
+                                      aead,
+                                      ct_buf,
+                                      ct_buf.size,
+                                      ad_buf,
+                                      ad.size,
+                                      b,
+                                      bl)
+      })
+    end
+  end # module
+end # module
+

data/lib/botan/pk/op/decrypt.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+# (c) 2017 Ribose Inc.
+
+require 'ffi'
+
+require 'botan/defaults'
+require 'botan/error'
+require 'botan/ffi/libbotan'
+require 'botan/pk/privatekey'
+require 'botan/utils'
+
+module Botan
+  module PK
+    # Public Key Decrypt Operation
+    #
+    # See {Botan::PK::PrivateKey#decrypt} for a simpler interface.
+    class Decrypt
+      # @param key [Botan::PK::PrivateKey] the private key
+      # @param padding [String] the padding method name
+      def initialize(key:, padding: nil)
+        padding ||= Botan::DEFAULT_EME
+        unless key.instance_of?(PrivateKey)
+          raise Botan::Error, 'Decryption requires an instance of PrivateKey'
+        end
+        ptr = FFI::MemoryPointer.new(:pointer)
+        flags = 0
+        Botan.call_ffi(:botan_pk_op_decrypt_create,
+                       ptr, key.ptr, padding, flags)
+        ptr = ptr.read_pointer
+        if ptr.null?
+          raise Botan::Error, 'botan_pk_op_decrypt_create returned NULL'
+        end
+        @ptr = FFI::AutoPointer.new(ptr, self.class.method(:destroy))
+      end
+
+      # @api private
+      def self.destroy(ptr)
+        LibBotan.botan_pk_op_decrypt_destroy(ptr)
+      end
+
+      # Decrypts the provided data.
+      #
+      # @param msg [String] the data
+      # @return [String] the decrypted data
+      def decrypt(msg)
+        msg_buf = FFI::MemoryPointer.from_data(msg)
+        Botan.call_ffi_with_buffer(lambda { |b, bl|
+          LibBotan.botan_pk_op_decrypt(@ptr, b, bl, msg_buf, msg_buf.size)
+        })
+      end
+
+      def inspect
+        Botan.inspect_ptr(self)
+      end
+    end # class
+  end # module
+end # module
+

data/lib/botan/pk/op/encrypt.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+# (c) 2017 Ribose Inc.
+
+require 'ffi'
+
+require 'botan/defaults'
+require 'botan/error'
+require 'botan/ffi/libbotan'
+require 'botan/pk/publickey'
+require 'botan/rng'
+require 'botan/utils'
+
+module Botan
+  module PK
+    # Public Key Encrypt Operation
+    #
+    # See {Botan::PK::PublicKey#encrypt} for a simpler interface.
+    class Encrypt
+      # @param key [Botan::PK::PublicKey] the public key
+      # @param padding [String] the padding method name
+      def initialize(key:, padding: nil)
+        padding ||= Botan::DEFAULT_EME
+        unless key.instance_of?(PublicKey)
+          raise Botan::Error, 'Encryption requires an instance of PublicKey'
+        end
+        ptr = FFI::MemoryPointer.new(:pointer)
+        flags = 0
+        Botan.call_ffi(:botan_pk_op_encrypt_create,
+                       ptr, key.ptr, padding, flags)
+        ptr = ptr.read_pointer
+        if ptr.null?
+          raise Botan::Error, 'botan_pk_op_encrypt_create returned NULL'
+        end
+        @ptr = FFI::AutoPointer.new(ptr, self.class.method(:destroy))
+      end
+
+      # @api private
+      def self.destroy(ptr)
+        LibBotan.botan_pk_op_encrypt_destroy(ptr)
+      end
+
+      # Encrypts the provided data.
+      #
+      # @param msg [String] the data
+      # @param rng [Botan::PK::RNG] the RNG to use
+      # @return [String] the encrypted data
+      def encrypt(msg, rng: Botan::RNG.new)
+        msg_buf = FFI::MemoryPointer.from_data(msg)
+        Botan.call_ffi_with_buffer(lambda { |b, bl|
+          LibBotan.botan_pk_op_encrypt(@ptr, rng.ptr, b, bl,
+                                       msg_buf, msg_buf.size)
+        })
+      end
+
+      def inspect
+        Botan.inspect_ptr(self)
+      end
+    end # class
+  end # module
+end # module
+

data/lib/botan/pk/op/keyagreement.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+# (c) 2017 Ribose Inc.
+
+require 'ffi'
+
+require 'botan/defaults'
+require 'botan/error'
+require 'botan/ffi/libbotan'
+require 'botan/pk/privatekey'
+require 'botan/utils'
+
+module Botan
+  module PK
+    # Public Key Key Agreement Operation
+    class KeyAgreement
+      attr_reader :public_value
+      # @param key [Botan::PK::PrivateKey] the private key
+      # @param kdf [String] the KDF algorithm name
+      def initialize(key:, kdf: Botan::DEFAULT_KDF_ALGO)
+        unless key.instance_of?(PrivateKey)
+          raise Botan::Error, 'KeyAgreement requires an instance of PrivateKey'
+        end
+        ptr = FFI::MemoryPointer.new(:pointer)
+        flags = 0
+        Botan.call_ffi(:botan_pk_op_key_agreement_create,
+                       ptr, key.ptr, kdf, flags)
+        ptr = ptr.read_pointer
+        if ptr.null?
+          raise Botan::Error, 'botan_pk_op_key_agreement_create returned NULL'
+        end
+        @ptr = FFI::AutoPointer.new(ptr, self.class.method(:destroy))
+        @public_value = Botan.call_ffi_with_buffer(lambda { |b, bl|
+          LibBotan.botan_pk_op_key_agreement_export_public(key.ptr, b, bl)
+        })
+      end
+
+      # @api private
+      def self.destroy(ptr)
+        LibBotan.botan_pk_op_key_agreement_destroy(ptr)
+      end
+
+      def agree(other_key:, key_length:, salt:)
+        other_buf = FFI::MemoryPointer.from_data(other_key)
+        salt_buf = FFI::MemoryPointer.from_data(salt)
+        Botan.call_ffi_with_buffer(lambda { |b, bl|
+          LibBotan.botan_pk_op_key_agreement(@ptr, b, bl,
+                                             other_buf, other_buf.size,
+                                             salt_buf, salt_buf.size)
+        }, guess: key_length)
+      end
+
+      def inspect
+        Botan.inspect_ptr(self)
+      end
+    end # class
+  end # module
+end # module
+

data/lib/botan/pk/op/sign.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+# (c) 2017 Ribose Inc.
+
+require 'ffi'
+
+require 'botan/defaults'
+require 'botan/error'
+require 'botan/ffi/libbotan'
+require 'botan/pk/privatekey'
+require 'botan/rng'
+require 'botan/utils'
+
+module Botan
+  module PK
+    # Public Key Sign Operation
+    #
+    # See {Botan::PK::PrivateKey#sign} for a simpler interface.
+    class Sign
+      # @param key [Botan::PK::PrivateKey] the private key
+      # @param padding [String] the padding method name
+      def initialize(key:, padding: nil)
+        padding ||= Botan::DEFAULT_EMSA[key.algo]
+        unless key.instance_of?(PrivateKey)
+          raise Botan::Error, 'Signing requires an instance of PrivateKey'
+        end
+        ptr = FFI::MemoryPointer.new(:pointer)
+        flags = 0
+        Botan.call_ffi(:botan_pk_op_sign_create, ptr, key.ptr, padding, flags)
+        ptr = ptr.read_pointer
+        raise Botan::Error, 'botan_pk_op_sign_create returned NULL' if ptr.null?
+        @ptr = FFI::AutoPointer.new(ptr, self.class.method(:destroy))
+      end
+
+      # @api private
+      def self.destroy(ptr)
+        LibBotan.botan_pk_op_sign_destroy(ptr)
+      end
+
+      # Adds data to the message currently being signed.
+      #
+      # @param msg [String] the data to add
+      # @return [self]
+      def update(msg)
+        msg_buf = FFI::MemoryPointer.from_data(msg)
+        Botan.call_ffi(:botan_pk_op_sign_update, @ptr, msg_buf, msg_buf.size)
+        self
+      end
+
+      # Finalizes the signature operation.
+      #
+      # @param rng [Botan::PK::RNG] the RNG to use
+      # @return [String] the signature
+      def finish(rng = Botan::RNG.new)
+        Botan.call_ffi_with_buffer(lambda { |b, bl|
+          LibBotan.botan_pk_op_sign_finish(@ptr, rng.ptr, b, bl)
+        })
+      end
+
+      def inspect
+        Botan.inspect_ptr(self)
+      end
+
+      alias << update
+    end # class
+  end # module
+end # module
+