crypto_toolchain 0.1.0

data/lib/crypto_toolchain/utilities/hmac.rb

@@ -0,0 +1,73 @@
+module CryptoToolchain
+  module Utilities
+    class HMAC
+      class << self
+        def digest(message, key: , hash: CryptoToolchain::Utilities::SHA1)
+          new(key: key, hash: hash).digest(message)
+        end
+
+        def hexdigest(message, key: , hash: CryptoToolchain::Utilities::SHA1)
+          new(key: key, hash: hash).hexdigest(message)
+        end
+
+      end
+
+      def initialize(key: , hash: , blocksize: nil)
+        @key = key
+        @hash = hash
+        @blocksize = blocksize || determine_blocksize
+      end
+
+      def digest(message)
+        hash.digest(outer_pad + hash.digest(inner_pad + message))
+      end
+
+      def hexdigest(message)
+        digest(message).to_hex
+      end
+
+      def determine_blocksize
+        case hash.to_s.split(':').last.downcase.gsub(/[^a-z0-9]/i, '')
+        when /md(4|5)/
+          64
+        when /sha(1|224|256)/
+          64
+        else
+          raise ArgumentError.new("Unsupported hash #{hash}")
+        end
+      end
+
+      private
+
+      def outer_pad
+        @outer_pad ||= (0x5c.chr * blocksize) ^ blocksize_key
+      end
+
+      def inner_pad
+        @inner_pad ||= (0x36.chr * blocksize) ^ blocksize_key
+      end
+
+      def blocksize_key
+        @blocksize_key ||= padded(shortened(key))
+      end
+
+      def padded(input)
+        if input.bytesize < blocksize
+          input.ljust(blocksize, 0.chr)
+        else
+          input
+        end
+      end
+
+      def shortened(input)
+        if input.bytesize > blocksize
+          hash.digest(input)
+        else
+          input
+        end
+      end
+
+      attr_reader :blocksize, :key, :hash
+    end
+  end
+end

data/lib/crypto_toolchain/utilities/md4.rb

@@ -0,0 +1,106 @@
+#encoding: ASCII-8BIT
+module CryptoToolchain
+  module Utilities
+    class MD4
+      class << self
+        def hexdigest(str, state: INITIAL_STATE, append_length: 0 )
+          CryptoToolchain::Utilities::MD4.new(str).hexdigest(state: state, append_length: append_length)
+        end
+
+        def bindigest(str, state: INITIAL_STATE, append_length: 0)
+          CryptoToolchain::Utilities::MD4.new(str).bindigest(state: state, append_length: append_length)
+        end
+        alias_method :digest, :bindigest
+
+        def padding(str)
+          num_null_pad = (56 - (str.bytesize + 1) ) % 64
+          0x80.chr + (0.chr * num_null_pad) + [(str.bytesize * 8)].pack("Q<")
+        end
+      end
+
+      def initialize(message)
+        @original = message
+      end
+
+      def hexdigest(state: INITIAL_STATE, append_length: 0)
+        bindigest(state: state, append_length: append_length).unpack("H*").join
+      end
+
+      def bindigest(state: INITIAL_STATE, append_length: 0)
+        running_state = registers_from(state)
+
+        length = original.bytesize + append_length
+
+        padding_len = (56 - (length + 1) ) % 64
+        str_length = [(length * 8)].pack("Q<")
+        padding = (0x80.chr + (0.chr * padding_len) + str_length)
+
+        (original + padding).in_blocks(64).each do |block|
+          w = block.unpack("L<16")
+
+          a, b, c, d = running_state
+          # Extraction of each 16-operation round into a loop over four elements originally
+          # found at https://rosettacode.org/wiki/MD4#Ruby
+          [0, 4, 8, 12].each do |i|
+            a = f(a, b, c, d, w[i]).lrot(3)
+            d = f(d, a, b, c, w[i+1]).lrot(7)
+            c = f(c, d, a, b, w[i+2]).lrot(11)
+            b = f(b, c, d, a, w[i+3]).lrot(19)
+          end
+          [0, 1, 2, 3].each do |i|
+            a = g(a, b, c, d, w[i]).lrot(3)
+            d = g(d, a, b, c, w[i+4]).lrot(5)
+            c = g(c, d, a, b, w[i+8]).lrot(9)
+            b = g(b, c, d, a, w[i+12]).lrot(13)
+          end
+          [0, 2, 1, 3].each do |i|
+            a = h(a, b, c, d, w[i]).lrot(3)
+            d = h(d, a, b, c, w[i+8]).lrot(9)
+            c = h(c, d, a, b, w[i+4]).lrot(11)
+            b = h(b, c, d, a, w[i+12]).lrot(15)
+          end
+
+          [a, b, c, d].each_with_index do |val, i|
+            running_state[i] = (running_state[i] + val) & 0xffffffff
+          end
+        end
+
+        running_state.pack("L<4")
+      end
+      alias_method :digest, :bindigest
+
+      private
+
+      attr_reader :original
+
+      def f(arg, x, y, z, block)
+         arg +
+           ((x & y) | (~x & z)) +
+           block
+      end
+
+      def g(arg, x, y, z, block)
+        arg +
+          ((x & y) | (x & z) | (y & z)) +
+          block +
+          0x5a827999
+      end
+
+      def h(arg, x, y, z, block)
+        arg +
+          (x ^ y ^ z) +
+          block +
+          0x6ed9eba1
+      end
+
+      # Equivalent to [ 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476 ]
+      INITIAL_STATE = "0123456789abcdeffedcba9876543210"
+
+      def registers_from(hex_str)
+        raise ArgumentError.new("Argument must be a hex string") unless hex_str.hex?
+        raise ArgumentError.new("Argument must be 32 characters long") unless hex_str.length == 32
+        hex_str.from_hex.unpack("L<4")
+      end
+    end
+  end
+end

data/lib/crypto_toolchain/utilities/mt_19937.rb

@@ -0,0 +1,218 @@
+#encoding: ASCII-8BIT
+
+# Note: 64 bit is untested
+module CryptoToolchain
+  module Utilities
+    class MT19937
+      PARAMETERS_32 = {
+          w: 32, n: 624, m: 397, r: 31,
+          a: 0x9908b0df,
+          u: 11, d: 0xFFFFFFFF,
+          s: 7,  b: 0x9d2c5680,
+          t: 15, c: 0xefc60000,
+          l: 18,
+          f: 1812433253
+        }.freeze
+      PARAMETERS_64 = {
+        w: 64, n: 312, m: 156, r: 31,
+        a: 0xB5026F5AA96619E9,
+        u: 29, d: 0x5555555555555555,
+        s: 17, b: 0x71D67FFFEDA60000,
+        t: 37, c: 0xFFF7EEE000000000,
+        l: 43,
+        f: 6364136223846793005
+      }.freeze
+
+      def self.from_array(arr, bits: 32, index: parameters_for(bits).fetch(:n))
+        mt = new(0, bits: bits)
+        mt.send(:state=, arr)
+        mt.send(:index=, index)
+        mt
+      end
+
+      def self.parameters_for(bits)
+        case bits
+        when 32
+          PARAMETERS_32
+        when 64
+          PARAMETERS_64
+        else
+          raise ArgumentError.new("Bits must be 32 or 64")
+        end
+      end
+
+      def initialize(seed, bits: 32)
+        @seed = seed
+        set_vars!(self.class.parameters_for(bits))
+        @index = n
+        @state = build_state!
+      end
+
+      def ==(other)
+        return false unless other.is_a?(self.class)
+        other.send(:state) == state && other.send(:index) == index
+      end
+
+      def extract
+        twist! if index >= n
+        temper(state[index])
+      ensure
+        @index += 1
+      end
+
+      def temper(y)
+        y ^= (y >> u) & d
+        y ^= (y << s) & b
+        y ^= (y << t) & c
+        y ^= (y >> l)
+        lowest_bits(y)
+      end
+
+      def untemper(y)
+        y = untemper_rshift(y, shift: l)
+        y = untemper_lshift(y, shift: t, mask: c)
+        y = untemper_lshift(y, shift: s, mask: b)
+        untemper_rshift(y, shift: u, mask: d)
+      end
+
+      private
+
+      attr_reader(*(PARAMETERS_32.keys))
+      attr_accessor :seed, :state, :index
+
+      # General principle:
+      #   x ^= (x << y) is periodic.
+      #
+      # What we want to do, then, is exploit this periodicity:
+      #    a -> b -> c -> d
+      #    ^              v
+      #    |------<-------|
+      # Where the temper function went from c -> d, we want to go d->a->b->c to untemper
+      # So we do the most naive thing possible, rather than the performant method below which never quite
+      # clicked in the ol' brain
+      def untemper_lshift(val, shift: , mask: 0xffffffff)
+        original = val
+        loop do
+          prev = val
+          val ^= ((val << shift) & mask)
+          return prev if val == original
+        end
+      end
+
+      def untemper_rshift(val, shift: , mask: 0xffffffff)
+        original = val
+        loop do
+          prev = val
+          val ^= ((val >> shift) & mask)
+          return prev if val == original
+        end
+      end
+
+      def defunct_untemper_step_for_posterity(y, debug: false)
+        # We're reversing
+        #     y ^= (y <<  7) & 0x9d2cf80
+        # so, take the bottom 25 bits of y, shift them over, and & that with the constant 0x9d2c5680,
+        # and xor the result with the top 25 bits of y.  Notably, this leaves the bottom 7 bits of y
+        # untouched.  The general idea is that we iteratively recover bits.  The input shares the bottom 7
+        # bits with the proper output.  We work in 7-bit chunks (the last chunk is only 4 bits of course),
+        # shifting and xor-ing (and &ing with the appropriate chunk of the mask) as we go.
+        #
+        # This algorithm never has varying periodicity, unlike the brute force method above.  My current
+        # thought is that this is because I'm not appropriately breaking the mask up into chunks like I do
+        # here, but I'm not quite sure.  For now, I'll stick with the naive algorithm until I have a complete
+        # understanding of this one.
+        if debug
+          puts " y    #{y.to_bits} #{y}"
+          puts
+          puts "y<<7  #{((y<<7) & 0xffffffff).to_bits}"
+          puts "&with #{(0x00003f80 & b).to_bits}"
+          puts "    = #{((y << 7) & (0x00003f80 & b)).to_bits}"
+          puts "xor y #{y.to_bits}"
+        end
+
+        y ^= (y << 7) & (0x00003f80 & b)
+
+        if debug
+          puts "    = #{y.to_bits}"
+          puts
+          puts "y<<7  #{((y<<7) & 0xffffffff).to_bits}"
+          puts "&with #{(0x001fc000 & b).to_bits}"
+          puts "    = #{((y << 7) & (0x001fc000 & b)).to_bits}"
+          puts "xor y #{y.to_bits}"
+        end
+
+        y ^= (y << 7) & (0x001fc000 & b)
+
+        if debug
+          puts "    = #{y.to_bits}"
+          puts
+          puts "y<<7  #{((y<<7) & 0xffffffff).to_bits}"
+          puts "&with #{(0x0fe00000 & b).to_bits}"
+          puts "    = #{((y << 7) & (0x0fe00000 & b)).to_bits}"
+          puts "xor y #{y.to_bits}"
+        end
+
+        y ^= (y << 7) & (0x0fe00000 & b)
+
+        if debug
+          puts "    = #{y.to_bits}"
+          puts
+          puts "y<<7  #{((y<<7) & 0xffffffff).to_bits}"
+          puts "&with #{(0xf0000000 & b).to_bits}"
+          puts "    = #{((y << 7) & (0xf0000000 & b)).to_bits}"
+          puts "xor y #{y.to_bits}"
+        end
+
+        y ^= (y << 7) & (0xf0000000 & b)
+
+        if debug
+          puts "    = #{y.to_bits}"
+          puts y
+        end
+        y
+      end
+
+      def build_state!
+        _state = [seed]
+        for i in (1...n)
+          prev = _state[i - 1]
+          val = lowest_bits((f * (prev ^ (prev >> (w-2)) ) + i))
+          _state << val
+        end
+        _state
+      end
+
+      def twist!
+        for i in (0...n)
+          cur = state[i]
+          x = (cur & upper_mask) + (state[(i+1) % n] & lower_mask)
+          xA = x >> 1
+          if (x % 2) != 0
+            xA = xA ^ a
+          end
+          state[i] = state[(i + m) % n] ^ xA
+        end
+        @index = 0
+        nil
+      end
+
+      def lower_mask
+        @lower_mask ||= (1 << r) - 1
+      end
+
+      def upper_mask
+        @upper_mask ||= lowest_bits(~lower_mask)
+      end
+
+      def set_vars!(parameters)
+        parameters.each do |k, v|
+          instance_variable_set("@#{k}", v)
+        end
+      end
+
+      def lowest_bits(num)
+        num & 0xffffffff
+      end
+    end
+  end
+end

data/lib/crypto_toolchain/utilities/sha1.rb

@@ -0,0 +1,95 @@
+#encoding: ASCII-8BIT
+module CryptoToolchain
+  module Utilities
+    class SHA1
+      class << self
+        def hexdigest(str, state: INITIAL_STATE, append_length: 0 )
+          CryptoToolchain::Utilities::SHA1.new(str).hexdigest(state: state, append_length: append_length)
+        end
+
+        def bindigest(str, state: INITIAL_STATE, append_length: 0)
+          CryptoToolchain::Utilities::SHA1.new(str).bindigest(state: state, append_length: append_length)
+        end
+        alias_method :digest, :bindigest
+
+        def padding(str)
+          num_null_pad = (56 - (str.bytesize + 1) ) % 64
+          0x80.chr + (0.chr * num_null_pad) + [str.bytesize * 8].pack("Q>")
+        end
+      end
+
+      def initialize(message)
+        @original = message
+      end
+
+      def hexdigest(state: INITIAL_STATE, append_length: 0)
+        bindigest(state: state, append_length: append_length).unpack("H*").join
+      end
+
+      def bindigest(state: INITIAL_STATE, append_length: 0)
+        h = registers_from(state).dup
+
+        length = original.bytesize + append_length
+
+        # while (string.size % 64) != 56
+        num_null_pad = (56 - (length + 1) ) % 64
+        padding = 0x80.chr + (0.chr * num_null_pad) + [length * 8].pack("Q>")
+
+        (original + padding).in_blocks(64).each do |_block|
+          w = _block.unpack("L>16")
+          (16..79).each do |i|
+            w[i] = (w[i-3] ^ w[i-8] ^ w[i-14] ^ w[i-16]).lrot(1)
+          end
+
+          a, b, c, d, e = h
+
+          (0..79).each do |i|
+            func, k = f_and_k_for(i)
+            f = func.call(b, c, d)
+            temp = (a.lrot(5) + f + e + k + w[i]) & 0xffffffff
+            e = d
+            d = c
+            c = b.lrot(30)
+            b = a
+            a = temp
+          end
+
+          [a, b, c, d, e].each_with_index do |val, i|
+            h[i] = (h[i] + val) & 0xffffffff
+          end
+        end
+        h.pack("L>5")
+      end
+      alias_method :digest, :bindigest
+
+      private
+
+      attr_reader :original
+
+      F_FUNCTIONS = [
+        ->(b,c,d) { (b & c) | ((~b) & d) },
+        ->(b,c,d) { b ^ c ^ d },
+        ->(b,c,d) { (b & c) | (b & d) | (c & d) },
+        ->(b,c,d) { b ^ c ^ d },
+      ].freeze
+
+      K_CONSTANTS = [ 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6 ].freeze
+
+      CONSTANTS = F_FUNCTIONS.zip(K_CONSTANTS).freeze
+
+      # Equivalent to [ 0x67452301, 0xefcdaB89, 0x98badcfe, 0x10325476, 0xc3d2e1f0 ] when using registers
+      INITIAL_STATE = "67452301efcdab8998badcfe10325476c3d2e1f0".freeze
+
+      def registers_from(hex_str)
+        raise ArgumentError.new("Argument must be a hex string") unless hex_str.hex?
+        raise ArgumentError.new("Argument must be 40 characters long") unless hex_str.length == 40
+        hex_str.from_hex.unpack("L>*")
+      end
+
+      def f_and_k_for(i)
+        raise ArgumentError.new("i must be in 0..79") unless i >=0 && i <= 79
+        CONSTANTS[i/20]
+      end
+    end
+  end
+end

data/lib/crypto_toolchain/utilities.rb

@@ -0,0 +1,9 @@
+require "crypto_toolchain/utilities/mt_19937"
+require "crypto_toolchain/utilities/sha1"
+require "crypto_toolchain/utilities/hmac"
+require "crypto_toolchain/utilities/md4"
+
+module CryptoToolchain
+  module Utilities
+  end
+end

data/lib/crypto_toolchain/version.rb

@@ -0,0 +1,3 @@
+module CryptoToolchain
+  VERSION = "0.1.0"
+end

data/lib/crypto_toolchain.rb

@@ -0,0 +1,34 @@
+# encoding: ASCII-8BIT
+
+require "base64"
+require "pry-byebug"
+require "pp"
+require "uri"
+require 'json'
+require 'securerandom'
+require "bigdecimal"
+require "crypto_toolchain/version"
+require "crypto_toolchain/extensions"
+require "crypto_toolchain/utilities"
+require "crypto_toolchain/tools"
+require "crypto_toolchain/black_boxes"
+require "crypto_toolchain/diffie_hellman"
+require "crypto_toolchain/srp"
+
+module CryptoToolchain
+  AES_BLOCK_SIZE = 16
+  PRINTABLE_CHARACTERS = ((0x20..0x7e).to_a + [0x0a, 0x0d]).map(&:chr).freeze
+  NIST_P = 0xffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca237327ffffffffffffffff
+  NIST_G = 2
+  ASN1 = {
+    md5:    "0 0\f\x06\b*\x86H\x86\xF7\r\x02\x05\x05\x00\x04\x10",
+    sha1:   "0!0\t\x06\x05+\x0E\x03\x02\x1A\x05\x00\x04\x14",
+    sha256: "010\r\x06\t`\x86H\x01e\x03\x04\x02\x01\x05\x00\x04 ",
+    sha384: "0A0\r\x06\t`\x86H\x01e\x03\x04\x02\x02\x05\x00\x040",
+    sha512: "0Q0\r\x06\t`\x86H\x01e\x03\x04\x02\x03\x05\x00\x04@"
+  }.freeze
+
+  DSA_P = 0x800000000000000089e1855218a0e7dac38136ffafa72eda7859f2171e25e65eac698c1702578b07dc2a1076da241c76c62d374d8389ea5aeffd3226a0530cc565f3bf6b50929139ebeac04f48c3c84afb796d61e5a4f9a8fda812ab59494232c7d2b4deb50aa18ee9e132bfa85ac4374d7f9091abc3d015efc871a584471bb1
+  DSA_Q = 0xf4f47f05794b256174bba6e9b396a7707e563c5b
+  DSA_G = 0x5958c9d3898b224b12672c0b98e06c60df923cb8bc999d119458fef538b8fa4046c8db53039db620c094c9fa077ef389b5322a559946a71903f990f1f7e0e025e2d7f7cf494aff1a0470f5b64c36b625a097f1651fe775323556fe00b3608c887892878480e99041be601a62166ca6894bdd41a7054ec89f756ba9fc95302291
+end