ece 0.1.2 → 0.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 9d5b4405985580581acc70aecdc06679e790a0c2
-  data.tar.gz: d2e1bf3c52a065fb8cdc84630ab841da02921531
+SHA256:
+  metadata.gz: e83a743e5e15a8603358906d330f2152763bcdc48d0bb7793ccbb7a8f30cc86c
+  data.tar.gz: 2251ca33088306a752a496d2e5204658daee8a7c2ef7782f119f6840a8fb7d78
 SHA512:
-  metadata.gz: 72508ea873779630f61ec4308112c4d950681bf0db93a33eb7af9225ec09c422c389d2c06076b70dcecc458f60578e1f5ea0ed4a8b0ada22c444329f371b198e
-  data.tar.gz: ce9d268b04c7a2bd3a75e06775a74a86c7eb6b38d232859226da25afab44bee58a4a96a8800d54c253e5373a5f972745d3ea15a210b0e3dc986a8affcefe459a
+  metadata.gz: 47e9b83318a4e511dc962b8ab1a42e45b351e2d2961a392ae9096425337b55d7df583d05a54c798cfffa0a3294aba0e6fe1426a3cd47725cad155c548ae2b5f6
+  data.tar.gz: '09ac0852fbb993ffa142a1ccfb5d4de2f7c45ea8dc93c0c4d8fe46f07d8b7c3f8024a62c5314ebd7d6fc4e20293eddc385a2b609a6ce88b79e2496388e42551d'

data/README.md

@@ -1,6 +1,6 @@
-# Ece
+# ECE
 
-Ruby implementation of encrypted content-encoding. 
+Ruby implementation of encrypted content-encoding.
 
 https://tools.ietf.org/html/draft-thomson-http-encryption-02
 
@@ -31,14 +31,38 @@ key = Random.new.bytes(16)
 salt = Random.new.bytes(16)
 data = "Your very private data"
 
-encrypted_data = Ece.encrypt(data, key: key, salt: salt)
+encrypted_data = ECE.encrypt(data, key: key, salt: salt)
 ```
 Decrypting:
+
 ```ruby
-Ece.decrypt(encrypted_data, key: key, salt: salt)
+ECE.decrypt(encrypted_data, key: key, salt: salt)
 ```
 Data can be bytestring as well.
+
+Encrypting data with elliptical curve Diffie-Hellman (ECDH) key agreement
+protocol using client keys providing by a [Web Push subscription](https://developer.mozilla.org/en-US/docs/Web/API/PushSubscription/getKey):
+
+```ruby
+user_public_key # Provided by the browser, effectively: Random.new.bytes(65)
+user_auth # Provided by the browser, effectively: Random.new.bytes(16)
+
+local_curve = OpenSSL::PKey::EC.new("prime256v1")
+local_curve.generate_key
+user_public_key_point = OpenSSL::PKey::EC::Point.new(local_curve.group, OpenSSL::BN.new(user_public_key, 2))
+
+key = local_curve.dh_compute_key(user_public_key_point)
+server_public_key = local_curve.public_key.to_bn.to_s(2)
+salt = Random.new.bytes(16)
+
+encrypted_data = ECE.encrypt(data,
+  key: key,
+  salt: salt
+  server_public_key: server_public_key,
+  user_public_key: user_public_key,
+  auth: user_auth)
+```
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/randomlogin/ece.
-

data/Rakefile

@@ -1,2 +1,10 @@
 require "bundler/gem_tasks"
-task :default => :spec
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList["test/**/*_test.rb"]
+end
+
+task :default => :test

data/ece.gemspec

@@ -5,7 +5,7 @@ require 'ece/version'
 
 Gem::Specification.new do |spec|
   spec.name          = "ece"
-  spec.version       = Ece::VERSION
+  spec.version       = ECE::VERSION
   spec.authors       = ["Alexander Shevtsov"]
   spec.email         = ["randomlogin76@gmail.com"]
   spec.license       = "MIT"
@@ -18,6 +18,6 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_development_dependency "bundler", "~> 1.11"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rake", "~> 12.3.3"
   spec.add_dependency 'hkdf'
 end

data/lib/ece.rb

@@ -1,3 +1,2 @@
 require 'ece/version'
 require 'ece/ece'
-

data/lib/ece/ece.rb

@@ -4,26 +4,45 @@ require 'base64'
 
 #TODO: variable padding
 
-class Ece
+class ECE
 
   KEY_LENGTH=16
   TAG_LENGTH=16
   NONCE_LENGTH=12
+  SHA256_LENGTH=32
 
   def self.hmac_hash(key, input)
     digest = OpenSSL::Digest.new('sha256')
     OpenSSL::HMAC.digest(digest, key, input)
   end
 
-  def self.hkdf_extract(salt, ikm)
+  def self.hkdf_extract(salt, ikm) #ikm stays for input keying material
     hmac_hash(salt,ikm)
   end
 
+  def self.get_info(type, client_public, server_public)
+    cl_len_no = [client_public.size].pack('n')
+    sv_len_no = [server_public.size].pack('n')
+    "Content-Encoding: #{type}\x00P-256\x00#{cl_len_no}#{client_public}#{sv_len_no}#{server_public}"
+  end
+
   def self.extract_key(params)
     raise "Salt must be 16-bytes long" unless params[:salt].length==16
-    key =  HKDF.new(params[:key], salt: params[:salt], algorithm: 'sha256', info: "Content-Encoding: aesgcm128")
-    nonce =  HKDF.new(params[:key], salt: params[:salt], algorithm: 'sha256', info: "Content-Encoding: nonce")
-    {key: key.next_bytes(KEY_LENGTH), nonce: nonce.next_bytes(NONCE_LENGTH)}
+
+    input_key = params[:key]
+    auth = false
+    if params.has_key?(:auth) # Encrypted Content Encoding, March 11 2016, http://httpwg.org/http-extensions/draft-ietf-httpbis-encryption-encoding.html
+      auth = true
+      input = HKDF.new(input_key, {salt: params[:auth] , algorithm: 'sha256', info: "Content-Encoding: auth\x00"})
+      input_key = input.next_bytes(SHA256_LENGTH)
+      secret =  HKDF.new(input_key, {salt: params[:salt], algorithm: 'sha256', info: get_info("aesgcm", params[:user_public_key], params[:server_public_key])})
+      nonce =  HKDF.new(input_key, salt: params[:salt], algorithm: 'sha256', info: get_info("nonce", params[:user_public_key], params[:server_public_key]))
+    else
+      secret =  HKDF.new(input_key, {salt: params[:salt], algorithm: 'sha256', info: "Content-Encoding: aesgcm128"})
+      nonce =  HKDF.new(input_key, salt: params[:salt], algorithm: 'sha256', info: "Content-Encoding: nonce")
+    end
+
+    {key: secret.next_bytes(KEY_LENGTH), nonce: nonce.next_bytes(NONCE_LENGTH), auth: auth}
   end
 
   def self.generate_nonce(nonce, counter)
@@ -31,27 +50,42 @@ class Ece
     output = nonce.dup
     integer = nonce[-6..-1].unpack('B*')[0].to_i(2) #taking last 6 bytes, treating as integer
     x = ((integer ^ counter) & 0xffffff) + ((((integer / 0x1000000) ^ (counter / 0x1000000)) & 0xffffff) * 0x1000000)
-    output[-6..-1] = [x.to_s(16)].pack('H*')
-    output
+    bytestring = x.to_s(16).length < 12 ? "0"*(12-x.to_s(16).length)+x.to_s(16) : x.to_s(16) #it's for correct handling of cases when generated integer is less than 6 bytes
+    output[-6..-1] = [bytestring].pack('H*')                                                 #without it packing would produce less than 6 bytes
+    output                                                                                   #I didn't find pack directive for such usage, so there is a such solution
   end
 
-  def self.encrypt_record(params, counter, buffer, pad=0)
-    raise "Key must be #{KEY_LENGTH} bytes long" unless params[:key].length == KEY_LENGTH
-    gcm = OpenSSL::Cipher.new('aes-128-gcm')
-    gcm.encrypt
-    gcm.key = params[:key]
-    gcm.iv = generate_nonce(params[:nonce], counter)
-    enc = gcm.update("\x00"+buffer) + gcm.final + gcm.auth_tag  #enc = gcm.update("\x00"*pad+buffer)+gcm.final + gcm.auth_tag padding is not fully implemented for now
-    enc
+  def self.encrypt(data, params)
+    key = extract_key(params)
+    rs = params[:rs] ? params [:rs] : 4096
+    padsize = params[:padsize] ? params [:padsize] : 0
+    raise "The rs parameter must be greater than 1." if rs <= 1
+    rs -=1 #this ensures encrypted data cannot be truncated
+    result = ""
+    pad_bytes = 1
+    if params[:auth] # old spec used 1 byte for padding, latest one always uses 2 bytes
+      pad_bytes = 2
+    end
+
+    counter = 0
+    (0..data.length).step(rs-pad_bytes+1) do |i|
+      block = encrypt_record(key, counter, data[i..i+rs-pad_bytes], padsize)
+      result += block
+      counter +=1
+    end
+    result
   end
 
-  def self.encrypt(data, params)
+  def self.decrypt(data, params)
     key = extract_key(params)
-    rs = 4095 #should be variable, but for now it's constant
+    rs = params[:rs] ? params [:rs] : 4096
+    raise "The rs parameter must be greater than 1." if rs <= 1
+    rs += TAG_LENGTH
+    raise "Message is truncated" if data.length % rs == 0
     result = ""
     counter = 0
     (0..data.length).step(rs) do |i|
-      block = encrypt_record(key, counter, data[i..i+rs-1])
+      block = decrypt_record(key, counter, data[i..i+rs-1])
       result += block
       counter +=1
     end
@@ -59,30 +93,49 @@ class Ece
   end
 
   def self.decrypt_record(params, counter, buffer, pad=0)
-    raise "Key must be #{KEY_LENGTH} bytes long" unless params[:key].length == KEY_LENGTH
     gcm = OpenSSL::Cipher.new('aes-128-gcm')
     gcm.decrypt
     gcm.key = params[:key]
     gcm.iv = generate_nonce(params[:nonce], counter)
+    pad_bytes = 1
+    if params[:auth] # old spec used 1 byte for padding, latest one always uses 2 bytes
+      pad_bytes = 2
+    end
+    raise "Block is too small" if buffer.length <= TAG_LENGTH+pad_bytes
     gcm.auth_tag = buffer[-TAG_LENGTH..-1]
     decrypted = gcm.update(buffer[0..-TAG_LENGTH-1]) + gcm.final
-    #padding = decrypted[0]  -- this would be used once variable record-size is implemented
-    #padding_length = decrypted[0].unpack("C")
-    #raise Err unless padding = "\x00"*padding_length
-    decrypted[1..-1]
+
+    if params[:auth]
+      padding_length = decrypted[0..1].unpack("n")[0]
+      raise "Padding is too big" if padding_length+2 > decrypted.length
+      padding = decrypted[2..padding_length]
+      raise "Wrong padding"  unless padding = "\x00"*padding_length
+      return decrypted[2+padding_length..-1]
+    else
+      padding_length = decrypted[0].unpack("C")[0]
+      raise "Padding is too big" if padding_length+1 > decrypted.length
+      padding = decrypted[1..padding_length]
+      raise "Wrong padding"  unless padding = "\x00"*padding_length
+      return decrypted[1..-1]
+    end
   end
 
-  def self.decrypt(data, params)
-    key = extract_key(params)
-    rs = 4096+16 #not changeable for now
-    result = ""
-    counter = 0
-    (0..data.length).step(rs) do |i|
-      block = decrypt_record(key, counter, data[i..i+rs-1])
-      result += block
-      counter +=1
+  def self.encrypt_record(params, counter, buffer, pad=0)
+    gcm = OpenSSL::Cipher.new('aes-128-gcm')
+    gcm.encrypt
+    gcm.key = params[:key]
+    gcm.iv = generate_nonce(params[:nonce], counter)
+    gcm.auth_data = ""
+    padding = ""
+    if params[:auth]
+      padding = [pad].pack('n') + "\x00"*pad # 2 bytes, big endian, then n zero bytes of padding
+      buf = padding+buffer
+      record = gcm.update(buf)
+    else
+      record = gcm.update("\x00"+buffer) # 1 padding byte, not fully implemented
     end
-    result
+    enc = record + gcm.final + gcm.auth_tag
+    enc
   end
 
 end

data/lib/ece/version.rb

@@ -1,3 +1,3 @@
-class Ece
-  VERSION = "0.1.2"
+class ECE
+  VERSION = "0.2.2"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ece
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.2.2
 platform: ruby
 authors:
 - Alexander Shevtsov
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2015-12-21 00:00:00.000000000 Z
+date: 2021-04-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
 - !ruby/object:Gem::Dependency
   name: hkdf
   requirement: !ruby/object:Gem::Requirement
@@ -87,8 +87,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.8
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Ruby implementation of encrypted content-encoding