ece 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 44649fdca6ff58ef3b0831277607fa979a2c206c
+  data.tar.gz: 8197c1f1d10916433b2ef9a42fce6fa4b47c12df
+SHA512:
+  metadata.gz: f6e325e8147ed9d6f60fef039ce81fb632b01499b9e662b8cb5d20612714d0fbef19ec89eee9563580ce01bb7d6a7ff9278d0f8ace6162a63f2818faf656b202
+  data.tar.gz: 4cde40d586d950843e4e853a7c3f8d5c8137bdad88e5faa751380a59aba5e74d7e2cc1a5cdda5de83ef9e2ca6c9d1c14fac6cc8db19420112d76e8aedb0900cc

data/.gitignore

@@ -0,0 +1,10 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/*.gem

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in ece.gemspec
+gemspec

data/README.md

@@ -0,0 +1,40 @@
+# Ece
+
+Ruby implementation of encrypted content-encoding. 
+
+https://tools.ietf.org/html/draft-thomson-http-encryption-02
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'ece'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install ece
+
+## Usage
+
+```
+require 'ece'
+
+key = Random.new.bytes(16)
+salt = Random.new.bytes(16)
+data = "Your very private data"
+
+Ece.encrypt(data, key: key, salt: salt)
+
+Ece.decrypt(data, key: key, salt: salt)
+```
+Data can be bytestring as well.
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/randomlogin/ece.
+

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+task :default => :spec

data/ece.gemspec

@@ -0,0 +1,23 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'ece/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "ece"
+  spec.version       = Ece::VERSION
+  spec.authors       = ["Alexander Shevtsov"]
+  spec.email         = ["randomlogin76@gmail.com"]
+
+  spec.summary       = "Ruby implementation of encrypted content-encoding"
+  spec.homepage      = "https://github.com/randomlogin/ece"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.11"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_dependency 'hkdf'
+end

data/lib/ece.rb

@@ -0,0 +1,3 @@
+require 'ece/version'
+require 'ece/ece'
+

data/lib/ece/ece.rb

@@ -0,0 +1,89 @@
+require 'openssl'
+require 'hkdf'
+require 'base64'
+
+#fore testing purposes only
+#TODO: variable padding
+
+class Ece
+
+  KEY_LENGTH=16
+  TAG_LENGTH=16
+  NONCE_LENGTH=12
+
+  def self.hmac_hash(key, input)
+    digest = OpenSSL::Digest.new('sha256')
+    OpenSSL::HMAC.digest(digest, key, input)
+  end
+
+  def self.hkdf_extract(salt, ikm)
+    hmac_hash(salt,ikm)
+  end
+
+  def self.extract_key(params)
+    raise "Salt must be 16-bytes long" unless params[:salt].length==16
+    key =  HKDF.new(params[:key], salt: params[:salt], algorithm: 'sha256', info: "Content-Encoding: aesgcm128")
+    nonce =  HKDF.new(params[:key], salt: params[:salt], algorithm: 'sha256', info: "Content-Encoding: nonce")
+    {key: key.next_bytes(KEY_LENGTH), nonce: nonce.next_bytes(NONCE_LENGTH)}
+  end
+
+  def self.generate_nonce(nonce, counter)
+    raise "Nonce must be #{NONCE_LENGTH} bytes long." unless nonce.length == NONCE_LENGTH
+    output = nonce.dup
+    integer = nonce[-6..-1].unpack('B*')[0].to_i(2) #taking last 6 bytes, treating as integer
+    x = ((integer ^ counter) & 0xffffff) + ((((integer / 0x1000000) ^ (counter / 0x1000000)) & 0xffffff) * 0x1000000)
+    output[-6..-1] = [x.to_s(16)].pack('H*')
+    output
+  end
+
+  def self.encrypt_record(params, counter, buffer, pad=0)
+    raise "Key must be #{KEY_LENGTH} bytes long" unless params[:key].length == KEY_LENGTH
+    gcm = OpenSSL::Cipher.new('aes-128-gcm')
+    gcm.encrypt
+    gcm.key = params[:key]
+    gcm.iv = generate_nonce(params[:nonce], counter)
+    enc = gcm.update("\x00"+buffer) + gcm.final + gcm.auth_tag  #enc = gcm.update("\x00"*pad+buffer)+gcm.final + gcm.auth_tag padding is not fully implemented for now
+    enc
+  end
+
+  def self.encrypt(data, params)
+    key = extract_key(params)
+    rs = 4095 #look TODO
+    result = ""
+    counter = 0
+    (0..data.length).step(rs) do |i|
+      block = encrypt_record(key, counter, data[i..i+rs-1])
+      result += block
+      counter +=1
+    end
+    result
+  end
+
+  def self.decrypt_record(params, counter, buffer, pad=0)
+    raise "Key must be #{KEY_LENGTH} bytes long" unless params[:key].length == KEY_LENGTH
+    gcm = OpenSSL::Cipher.new('aes-128-gcm')
+    gcm.decrypt
+    gcm.key = params[:key]
+    gcm.iv = generate_nonce(params[:nonce], counter)
+    gcm.auth_tag = buffer[-16..-1]
+    decrypted = gcm.update(buffer[0..-17]) + gcm.final
+    #padding = decrypted[0]
+    #padding_length = decrypted[0].unpack("C")
+    #raise Err unless padding = "\x00"*padding_length
+    decrypted[1..-1]
+  end
+
+  def self.decrypt(data, params)
+    key = extract_key(params)
+    rs = 4096+16 #not changeable for now
+    result = ""
+    counter = 0
+    (0..data.length).step(rs) do |i|
+      block = decrypt_record(key, counter, data[i..i+rs-1])
+      result += block
+      counter +=1
+    end
+    result
+  end
+
+end

data/lib/ece/version.rb

@@ -0,0 +1,3 @@
+class Ece
+  VERSION = "0.1.0"
+end

metadata

@@ -0,0 +1,93 @@
+--- !ruby/object:Gem::Specification
+name: ece
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Alexander Shevtsov
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2015-12-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: hkdf
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- randomlogin76@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- README.md
+- Rakefile
+- ece.gemspec
+- lib/ece.rb
+- lib/ece/ece.rb
+- lib/ece/version.rb
+homepage: https://github.com/randomlogin/ece
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: Ruby implementation of encrypted content-encoding
+test_files: []