coin-op 0.4.3 → 0.4.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 482ce5f6a886789d878fe1deeb82331bb5f57bf0
-  data.tar.gz: 4236d35aa587afde392f84d27e49c82df2397ad4
+  metadata.gz: 763ee324d095d2518ed75c63c176c03bc3c2cf8e
+  data.tar.gz: b6eec07e082b37b2cadb269bd741713aad1be530
 SHA512:
-  metadata.gz: 5766d93ae76df0503e23403200d8ef76e266b9ba25de4e4ce8c94011634922457b3de9acff2776b4dc05048de7ee35e9723edd35244ff006056fe6791ce466e9
-  data.tar.gz: 2cc169b1b66b3b8823e89697da361aedaf389d1bb94977d9b9afcd91153d11463e32d3d0c3b2d848b1caed72774b51184d7b909641528f4c500149018e9525f0
+  metadata.gz: 241a753e6a272af37c651c303bf96aa239b725b232a68381e9221e98577d05a21901f8a8ac4f1e01a02b556a2117c19ba907a7e0b480f3ac1f69b2b16b873cb5
+  data.tar.gz: 0c823fc19951647daa65312e0f5af73395594bb52461c5f09dc432a716b9789de484cc5168fb8159308e1d0bc104109506edb1d347b413753cb2d6760da56bc2

data.tar.gz.sig

@@ -1 +1 @@
-��W�g����;��{��������M�y���.5R�]K����C8_�!���{�K�(c�_�W��0e^w�o�|��H�~| Ɔ����-1������.�ar�'���䢚��m^p�;*���
+,��JH�?:~=\t�U]	��R0�\$ӡ^����P����s��L�bg��\��ٖ����S�i��{��!j��w?-Oe"QTsǍdtMT��U3L1�`�H����/b�l�C�Ӣ�����5U�%ym��z|~��68i��w��C2�A���[��t�Z�������M�ؾ�%���dr�m �ۥ�ĿH
�

data/lib/coin-op.rb

@@ -4,8 +4,7 @@ module CoinOp
 
 end
 
-require_relative "coin-op/encodings"
-require_relative "coin-op/crypto"
-require_relative "coin-op/bit"
-require_relative "coin-op/blockchain/blockr"
+require_relative 'coin-op/encodings'
+require_relative 'coin-op/crypto'
+require_relative 'coin-op/bit'
 

data/lib/coin-op/crypto.rb

@@ -1,6 +1,7 @@
 # Ruby bindings for libsodium, a port of DJB's NaCl crypto library
-require "rbnacl"
-require "openssl"
+require 'rbnacl'
+require 'openssl'
+
 
 module CoinOp
   module Crypto
@@ -29,7 +30,12 @@ module CoinOp
       include CoinOp::Encodings
 
       # PBKDF2 work factor
-      ITERATIONS = 100_000
+      ITERATIONS = 90_000
+      ITERATIONS_WINDOW = 20_000
+
+      SALT_RANDOM_BYTES = 16
+      KEY_SIZE = 32
+      AES_CIPHER = 'AES-256-CBC'
 
       # Given passphrase and plaintext as strings, returns a Hash
       # containing the ciphertext and other values needed for later
@@ -43,10 +49,18 @@ module CoinOp
       #   :salt => salt, :nonce => nonce, :ciphertext => ciphertext
       #
       def self.decrypt(passphrase, hash)
-        salt, nonce, ciphertext =
-          hash.values_at(:salt, :nonce, :ciphertext).map {|s| decode_hex(s) }
-        box = self.new(passphrase, salt, hash[:iterations])
-        box.decrypt(nonce, ciphertext)
+        salt, iv, nonce, ciphertext =
+          hash.values_at(:salt, :iv, :nonce, :ciphertext).map {|s| decode_hex(s) }
+
+        mode = nil
+        if iv.empty?
+          mode = :nacl
+        elsif nonce.empty?
+          mode = :aes
+        end
+        
+        box = self.new(passphrase, mode, salt, hash[:iterations] || ITERATIONS)
+        box.decrypt(iv, nonce, ciphertext)
       end
 
       attr_reader :salt
@@ -54,33 +68,82 @@ module CoinOp
       # Initialize with an existing salt and iterations to allow
       # decryption.  Otherwise, creates new values for these, meaning
       # it creates an entirely new secret-box.
-      def initialize(passphrase, salt=nil, iterations=nil)
-        @salt = salt || RbNaCl::Random.random_bytes(16)
-        @iterations = iterations || ITERATIONS
-
-        key = OpenSSL::PKCS5.pbkdf2_hmac_sha1(
-          passphrase, @salt,
-          # TODO: decide on a very safe work factor
-          # https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
-          #
-          @iterations, # number of iterations
-          32      # key length in bytes
-        )
-        @box = RbNaCl::SecretBox.new(key)
+      def initialize(passphrase, mode=:aes, salt=SecureRandom.random_bytes(SALT_RANDOM_BYTES), iterations=nil)
+        @salt = salt 
+        @iterations = iterations || ITERATIONS + SecureRandom.random_number(ITERATIONS_WINDOW) 
+        @mode = mode
+
+        if @mode == :aes
+          @key = OpenSSL::PKCS5.pbkdf2_hmac_sha1(
+            passphrase,
+            @salt,
+            # TODO: decide on a very safe work factor
+            # https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
+            #
+            @iterations, # number of iterations
+            KEY_SIZE * 2 # key length in bytes
+          )
+
+          @aes_key = @key[0, KEY_SIZE]
+          @hmac_key = @key[KEY_SIZE, KEY_SIZE]
+          @cipher = OpenSSL::Cipher.new(AES_CIPHER)
+          @cipher.padding = 0
+        elsif @mode == :nacl
+          @key = OpenSSL::PKCS5.pbkdf2_hmac_sha1(
+            passphrase,
+            @salt,
+            # TODO: decide on a very safe work factor
+            # https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
+            #
+            @iterations, # number of iterations
+            KEY_SIZE     # key length in bytes
+          )
+          @box = RbNaCl::SecretBox.new(@key)
+        end
+
       end
 
-      def encrypt(plaintext)
-        nonce = RbNaCl::Random.random_bytes(RbNaCl::SecretBox.nonce_bytes)
-        ciphertext = @box.encrypt(nonce, plaintext)
+      def encrypt(plaintext, iv=@cipher.random_iv)
+        @cipher.encrypt
+        @cipher.iv = iv
+        @cipher.key = @aes_key
+        encrypted = @cipher.update(plaintext)
+        encrypted << @cipher.final
+        digest = OpenSSL::Digest::SHA256.new
+        hmac_digest = OpenSSL::HMAC.digest(digest, @hmac_key, iv + encrypted)
+        ciphertext = encrypted + hmac_digest
         {
-          :iterations => @iterations,
-          :salt => hex(@salt),
-          :nonce => hex(nonce),
-          :ciphertext => hex(ciphertext)
+          iterations: @iterations,
+          salt: hex(@salt),
+          iv: hex(iv),
+          ciphertext: hex(ciphertext)
         }
       end
 
-      def decrypt(nonce, ciphertext)
+      def decrypt(iv, nonce, ciphertext)
+        if @mode == :aes
+          return decrypt_aes(iv, ciphertext)
+        elsif @mode == :nacl
+          return decrypt_nacl(nonce, ciphertext)
+        end
+        raise('Incompatible ciphertext')
+      end
+
+      def decrypt_aes(iv, ciphertext)
+        mac, ctext = ciphertext[-KEY_SIZE, KEY_SIZE], ciphertext[0...-KEY_SIZE]
+        digest = OpenSSL::Digest::SHA256.new
+        hmac_digest = OpenSSL::HMAC.digest(digest, @hmac_key, iv + ctext)
+        if hmac_digest != mac
+          raise('Invalid authentication code - this ciphertext may have been tampered with.')
+        end
+        @cipher.decrypt
+        @cipher.iv = iv
+        @cipher.key = @aes_key
+        decrypted = @cipher.update(ctext)
+        decrypted << @cipher.final
+      end
+
+      def decrypt_nacl(nonce, ciphertext)
         @box.decrypt(nonce, ciphertext)
       end
 

data/lib/coin-op/version.rb

@@ -1,3 +1,3 @@
 module CoinOp
-  VERSION = "0.4.3"
+  VERSION = "0.4.4"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: coin-op
 version: !ruby/object:Gem::Version
-  version: 0.4.3
+  version: 0.4.4
 platform: ruby
 authors:
 - Matthew King
@@ -32,7 +32,7 @@ cert_chain:
   tdc4VS7IlSRxlZ3dBOgiigy9GXpJ+7F831AqjxL39EPwdr7RguTNz+pi//RKaT/U
   IlpVB+Xfk0vQdP7iYfjGxDzUf0FACMjsR95waJmadKW1Iy6STw2hwPhYIQz1Hu1A
   -----END CERTIFICATE-----
-date: 2015-05-27 00:00:00.000000000 Z
+date: 2015-07-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bitcoin-ruby
@@ -62,20 +62,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
-- !ruby/object:Gem::Dependency
-  name: rbnacl-libsodium
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: hashie
   requirement: !ruby/object:Gem::Requirement
@@ -91,19 +77,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: starter
+  name: rbnacl-libsodium
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.1.12
-  type: :development
+        version: 1.0.3
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.1.12
+        version: 1.0.3
 - !ruby/object:Gem::Dependency
   name: sequel
   requirement: !ruby/object:Gem::Requirement
@@ -133,19 +119,33 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '1.3'
 - !ruby/object:Gem::Dependency
-  name: minitest-reporters
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '0'
 description: A pretty, simple to use interface for all of the cryptocurrency libraries
   you love to use.
 email:
@@ -168,7 +168,6 @@ files:
 - lib/coin-op/bit/script.rb
 - lib/coin-op/bit/spendable.rb
 - lib/coin-op/bit/transaction.rb
-- lib/coin-op/blockchain/blockr.rb
 - lib/coin-op/blockchain/mockchain.rb
 - lib/coin-op/crypto.rb
 - lib/coin-op/encodings.rb
@@ -193,7 +192,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
 summary: Crypto currency classes in Ruby

data/lib/coin-op/blockchain/blockr.rb

@@ -1,162 +0,0 @@
-require "http"
-require "json"
-require 'enumerator'
-
-require_relative "../bit"
-
-module CoinOp
-  module Blockchain
-
-    # Blockr.io API documentation:  http://blockr.io/documentation/api
-    class Blockr
-      include CoinOp::Encodings
-
-      def initialize(env=:test)
-        subdomain = (env.to_sym == :test) ? "tbtc" : "btc"
-        @base_url = "http://#{subdomain}.blockr.io/api/v1"
-
-        # Testing says 20 is the absolute max
-        @max_per_request = 20
-
-        @http = HTTP.with_headers(
-          "User-Agent" => "bv-blockchain-worker v0.1.0",
-          "Accept" => "application/json"
-        )
-      end
-
-
-      attr_accessor :max_per_request
-
-
-      def unspent(addresses, confirmations=6)
-
-        result = request(
-          :address, :unspent, addresses,
-          :confirmations => confirmations
-        )
-
-        outputs = []
-        result.each do |record|
-          record[:unspent].each do |output|
-            address = record[:address]
-
-            transaction_hex, index, value, script_hex =
-              output.values_at :tx, :n, :amount, :script
-
-            outputs << CoinOp::Bit::Output.new(
-              :transaction_hex => transaction_hex,
-              :index => index,
-              :value => bitcoins_to_satoshis(value),
-              :script => {:hex => script_hex},
-              :address => address
-            )
-          end
-        end
-
-        outputs.sort_by {|output| -output.value }
-      end
-
-
-      def balance(addresses)
-        result = request(:address, :balance, addresses)
-        balances = {}
-        result.each do |record|
-          balances[record[:address]] = float_to_satoshis(record[:balance])
-        end
-
-        balances
-      end
-
-
-      def transactions(tx_ids)
-        results = request(:tx, :raw, tx_ids)
-        results.map do |record|
-          hex = record[:tx][:hex]
-
-          transaction = CoinOp::Bit::Transaction.hex(hex)
-        end
-      end
-
-
-      def address_info(addresses, confirmations=6)
-        # Useful for testing transactions()
-        request(
-          :address, :info, addresses,
-          :confirmations => confirmations
-        )
-      end
-
-
-      def block_info(block_list)
-        request(:block, :info, block_list)
-      end
-
-
-      def block_txs(block_list)
-        request(:block, :txs, block_list)
-      end
-
-
-      # Helper methods
-
-      def bitcoins_to_satoshis(string)
-        string.gsub(".", "").to_i
-      end
-
-      def float_to_satoshis(float)
-        (float * 100_000_000).to_i
-      end
-
-
-      # Queries the Blockr Bitcoin from_type => to_type API with
-      # list, returning the results or throwing an exception on
-      # failure.
-      def request(from_type, to_type, args, query=nil)
-
-        unless args.is_a? Array
-          args = [args]
-        end
-
-        data = []
-        args.each_slice(@max_per_request) do |arg_slice|
-          # Permit calling with either an array or a scalar
-            slice_string = arg_slice.join(",")
-          url = "#{@base_url}/#{from_type}/#{to_type}/#{slice_string}"
-
-          # Construct query string if any params were passed.
-          if query
-            # TODO: validation.  The value of the "confirmations" parameter
-            # must be an integer.
-            params = query.map { |name, value| "#{name}=#{value}" }.join("&")
-            url = "#{url}?#{params}"
-          end
-
-          response = @http.request "GET", url, :response => :object
-          # FIXME:  rescue any JSON parsing exception and raise an
-          # exception explaining that it's blockr's fault.
-          begin
-            content = JSON.parse(response.body, :symbolize_names => true)
-          rescue JSON::ParserError => e
-            raise "Blockr returned invalid JSON: #{e}"
-          end
-
-          if content[:status] != "success"
-            raise "Blockr.io failure: #{content.to_json}"
-          end
-
-          slice_data = content[:data]
-          if content[:data].is_a? Array
-            data.concat slice_data
-          else
-            data << slice_data
-          end
-        end
-
-        data
-      end
-
-    end
-
-  end
-end
-