ephemeral_calc 0.2.0

data/ext/curve25519/curve25519_module.c

@@ -0,0 +1,32 @@
+#include "ruby.h"
+
+VALUE curve25519_module = Qnil;
+
+int curve25519_donna(uint8_t *mypublic, const uint8_t *secret, const uint8_t *basepoint);
+
+VALUE method_mult(VALUE klass, VALUE a, VALUE b)
+{
+  VALUE result;
+  if (TYPE(a) != T_STRING || RSTRING_LEN(a) != 32 ||
+      TYPE(b) != T_STRING || RSTRING_LEN(b) != 32)
+  {
+    rb_raise(rb_eArgError, "Both arguments must be 32 byte strings");
+  }
+  result = rb_str_buf_new(32);
+  rb_str_set_len(result, 32);
+  curve25519_donna(
+    (uint8_t*)RSTRING_PTR(result),
+    (uint8_t*)RSTRING_PTR(a),
+    (uint8_t*)RSTRING_PTR(b)
+  );
+  return result;
+}
+
+void Init_curve25519()
+{
+  VALUE ephemeral_calc_module = rb_const_get(rb_cObject, rb_intern("EphemeralCalc"));
+  curve25519_module = rb_define_module_under(ephemeral_calc_module, "Curve25519");
+  rb_define_singleton_method(curve25519_module, "mult", method_mult, 2);
+  uint8_t basepoint[32] = {9};
+  rb_define_const(curve25519_module, "BASEPOINT", rb_str_new( (char*)basepoint, 32) );
+}

data/ext/curve25519/extconf.rb

@@ -0,0 +1,11 @@
+# Loads mkmf which is used to make makefiles for Ruby extensions
+require 'mkmf'
+
+# Give it a name
+extension_name = 'ephemeral_calc/curve25519'
+
+# The destination
+dir_config(extension_name)
+
+create_makefile(extension_name)
+

data/lib/ephemeral_calc/encryptor.rb

@@ -0,0 +1,94 @@
+require 'openssl'
+
+module EphemeralCalc
+  class Encryptor
+
+    attr_accessor :identity_key
+    attr_accessor :rotation_scalar
+    attr_accessor :initial_time
+
+    def initialize(identity_key, rotation_scalar, initial_time = Time.now)
+      if identity_key.size == 32
+        # 32 characters means this is a 16-byte hex string
+        self.identity_key = [identity_key].pack("H*")
+      else
+        self.identity_key = identity_key
+      end
+      self.rotation_scalar = rotation_scalar
+      self.initial_time = initial_time.to_i
+    end
+
+    def beacon_time
+      Time.now.to_i - self.initial_time
+    end
+
+    def quantum
+      beacon_time / (2**rotation_scalar)
+    end
+
+    # Output is an 8-byte encrypted identifier as a hex string
+    # e.g. "0102030405060708"
+    def get_identifier(beacon_time = nil)
+      beacon_time ||= self.beacon_time
+      return nil if beacon_time < 0
+      temporary_key = do_aes_encryption(self.identity_key, key_generation_data_block(beacon_time))
+      encrypted_data = do_aes_encryption(temporary_key, data_block(beacon_time)).bytes.to_a
+      # the identifier is the first 8 bytes of the encrypted output
+      identifier_array = encrypted_data[0,8]
+      identifier_array.map{|b| sprintf("%02X",b)}.join
+    end
+
+    # yields the current EID and each subsuquent EID, until the block returns :stop
+    def each_identifier
+      last_quantum = nil
+      loop do
+        if quantum != last_quantum
+          last_quantum = quantum
+          break if :stop == yield( get_identifier )
+        end
+        sleep 1
+      end
+    end
+
+  private
+
+    def seconds_counter_32_bit(time_in_seconds)
+      time_in_seconds ||= Time.now.to_i
+      time_in_seconds.to_i & 0xffffffff
+    end
+
+    def key_generation_data_block(time_in_seconds=nil)
+      time_b2 = (seconds_counter_32_bit(time_in_seconds) >> 16) & 0xff
+      time_b3 = (seconds_counter_32_bit(time_in_seconds) >> 24) & 0xff
+      [
+        0, 0, 0, 0,
+        0, 0, 0, 0,
+        0, 0, 0, 0xff,
+        0, 0, time_b3, time_b2
+      ].pack('c*')
+    end
+
+    # this is the 16 byte block to encrypt as an array of 16 numbers
+    def data_block(time_in_seconds=nil)
+      time = seconds_counter_32_bit(time_in_seconds) & (0xffffffff - (2**rotation_scalar-1))
+      time_b0 = time & 0xff
+      time_b1 = (time >> 8) & 0xff
+      time_b2 = (time >> 16) & 0xff
+      time_b3 = (time >> 24) & 0xff
+      [
+        0, 0, 0, 0,
+        0, 0, 0, 0,
+        0, 0, 0, rotation_scalar,
+        time_b3, time_b2, time_b1, time_b0
+      ].pack('c*')
+    end
+
+    def do_aes_encryption(key, data)
+      aes = OpenSSL::Cipher::Cipher.new("AES-128-ECB")
+      aes.encrypt
+      aes.key = key
+      #aes.iv = "what do I put here?"
+      aes.update(data) + aes.final
+    end
+  end
+end

data/lib/ephemeral_calc/google_api/client.rb

@@ -0,0 +1,82 @@
+require 'json'
+require 'uri'
+require 'net/http'
+require 'base64'
+
+module EphemeralCalc
+  module GoogleAPI
+    class Client
+
+      PROXIMITY_BEACON_ROOT = "https://proximitybeacon.googleapis.com/v1beta1/"
+      EIDPARAMS_URI = URI(PROXIMITY_BEACON_ROOT + "eidparams")
+      BEACON_REGISTER_URI = URI(PROXIMITY_BEACON_ROOT + "beacons:register")
+
+      attr_accessor :credentials
+
+      def initialize(credentials = OAuth.new.get_credentials)
+        self.credentials = credentials
+      end
+
+      def eidparams
+        response = Request.get(EIDPARAMS_URI, credentials)
+        # response = request(:get, EIDPARAMS_URI, credentials.access_token)
+        return JSON.parse(response.body)
+      end
+
+      def register_eid(beacon_public_key, rotation_exp, initial_eid, initial_clock, uid_bytes)
+        service_public_key_base64 = get_eidparams["serviceEcdhPublicKey"]
+        response = Request.post(BEACON_REGISTER_URI, credentials) {|request|
+          request.add_field "Content-Type", "application/json"
+          request.body = {
+            ephemeralIdRegistration: {
+              beaconEcdhPublicKey: Base64.strict_encode64(beacon_public_key),
+              serviceEcdhPublicKey: service_public_key_base64,
+              rotationPeriodExponent: rotation_exp,
+              initialClockValue: initial_clock,
+              initialEid: Base64.strict_encode64(initial_eid)
+            },
+            advertisedId: {
+              type: "EDDYSTONE",
+              id: Base64.strict_encode64(uid_bytes)
+            },
+            status: "ACTIVE",
+            description: "EphemeralCalc Registered EID"
+          }.to_json
+        }
+        JSON.parse(response.body)
+      end
+
+      def get_resource(resource_name)
+        uri = URI(PROXIMITY_BEACON_ROOT + resource_name)
+        response = Request.get(uri, credentials)
+        JSON.parse(response.body)
+      end
+
+      def getforobserved(eids, api_key = ENV["GOOGLE_API_KEY"])
+        uri = URI("#{PROXIMITY_BEACON_ROOT}beaconinfo:getforobserved?key=#{api_key}")
+        response = Request.post(uri) {|request|
+          observations = Array(eids).map {|eid|
+            {advertisedId: {type: "EDDYSTONE_EID", id: base64_eid(eid)}}
+          }
+          request.body = {
+            observations: observations,
+            namespacedTypes: "*",
+          }.to_json
+          request.add_field "Content-Type", "application/json"
+        }
+        JSON.parse(response.body)
+      end
+
+    private
+
+      def base64_eid(eid)
+        if eid.size == 16
+          Base64.strict_encode64([eid].pack("H*"))
+        else
+          Base64.strict_encode64(eid)
+        end
+      end
+
+    end
+  end
+end

data/lib/ephemeral_calc/google_api/credentials.rb

@@ -0,0 +1,39 @@
+require 'yaml'
+
+module EphemeralCalc
+  module GoogleAPI
+    class Credentials
+
+      DEFAULT_FILE_STORE = File.expand_path("~/.ephemeral_calc_google_credentials.yaml")
+      attr_accessor :access_token, :refresh_token, :expires_at
+
+      def self.from_file(file = DEFAULT_FILE_STORE)
+        return nil unless File.exist?(file)
+        self.new YAML.load_file(file)
+      end
+
+      def initialize(opts = {})
+        # convert string keys to symbols
+        opts = opts.inject({}){|memo,(k,v)| memo[k.to_sym] = v; memo}
+
+        self.access_token = opts[:access_token]
+        self.refresh_token = opts[:refresh_token]
+        self.expires_at = opts[:expires_at] || (Time.now + opts[:expires_in].to_i)
+      end
+
+      def save(file = DEFAULT_FILE_STORE)
+        data = {
+          access_token:  access_token,
+          refresh_token: refresh_token,
+          expires_at:    expires_at
+        }.to_yaml
+        File.open(file, 'w') {|f| f.write(data) }
+      end
+
+      def expired?
+        self.expires_at < Time.now
+      end
+
+    end
+  end
+end

data/lib/ephemeral_calc/google_api/oauth.rb

@@ -0,0 +1,87 @@
+require 'json'
+require 'uri'
+require 'net/http'
+
+module EphemeralCalc
+  module GoogleAPI
+    class OAuth
+
+      SCOPES = [
+        "https://www.googleapis.com/auth/userlocation.beacon.registry",
+        "https://www.googleapis.com/auth/cloud-platform",
+      ]
+
+      REDIRECT_URI = "urn:ietf:wg:oauth:2.0:oob"
+      TOKEN_URI = URI("https://www.googleapis.com/oauth2/v4/token")
+
+      attr_accessor :client_id, :secret
+
+      def initialize(client_id = ENV["GOOGLE_CLIENT_ID"], secret = ENV["GOOGLE_CLIENT_SECRET"])
+        if client_id.nil? || secret.nil?
+          raise ArgumentError, "No Google Client ID or Secret was set. These can set in the environment variables \"GOOGLE_CLIENT_ID\" and \"GOOGLE_CLIENT_SECRET\" respectively. Credentials must be created for your project at \"https://console.developers.google.com/apis/credentials\"."
+        end
+        self.client_id = client_id
+        self.secret = secret
+      end
+
+      def get_code
+        puts("Performing OAuth with Google...")
+        if RUBY_PLATFORM =~ /darwin/
+          system("open \"#{url}\"")
+        else
+          puts("Open this URL in your browser: \"#{url}\"\n\n")
+        end
+        printf "Copy and paste code from web browser here: "
+        _code = STDIN.gets.chomp
+      end
+
+      def get_credentials(old_credentials = Credentials.from_file)
+        return old_credentials if old_credentials && !old_credentials.expired?
+        response = Request.post(TOKEN_URI) {|request|
+          request.body = hash_to_params( token_request_params(old_credentials) )
+        }
+        json = JSON.parse(response.body)
+        credentials = Credentials.new(json)
+        if old_credentials
+          credentials.refresh_token = old_credentials.refresh_token
+        end
+        return credentials
+      end
+
+      def url
+        params = hash_to_params(
+          scope: SCOPES.join("%20"),
+          redirect_uri: REDIRECT_URI,
+          response_type: "code",
+          client_id: client_id,
+        )
+        "https://accounts.google.com/o/oauth2/v2/auth?#{params}"
+      end
+
+      def token_request_params(old_credentials)
+        if old_credentials == nil
+          {
+            code: get_code,
+            client_id: client_id,
+            client_secret: secret,
+            redirect_uri: REDIRECT_URI,
+            grant_type: "authorization_code",
+          }
+        else
+          # this is a refresh of the old credentials
+          {
+            refresh_token: old_credentials.refresh_token,
+            client_id: client_id,
+            client_secret: secret,
+            grant_type: "refresh_token",
+          }
+        end
+      end
+
+      def hash_to_params(hash)
+        hash.map {|k,v| "#{k}=#{v}"}.join("&")
+      end
+
+    end
+  end
+end

data/lib/ephemeral_calc/google_api/request.rb

@@ -0,0 +1,69 @@
+require 'forwardable'
+require 'uri'
+require 'net/http'
+require 'base64'
+
+module EphemeralCalc
+  module GoogleAPI
+    class Request
+      extend Forwardable
+
+      attr_accessor :method, :uri, :credentials
+      def_delegators :request, :add_field, :body=
+
+      def self.get(uri, credentials = nil)
+        result = self.new(:get, uri, credentials)
+        result.perform {|r| yield r if block_given? }
+      end
+
+      def self.post(uri, credentials = nil)
+        result = self.new(:post, uri, credentials)
+        result.perform {|r| yield r if block_given? }
+      end
+
+      def initialize(method, uri, credentials = nil)
+        self.method = method
+        self.uri = uri
+        self.credentials = credentials
+        yield self if block_given?
+      end
+
+      def perform
+        http_opts = {use_ssl: true}
+        response = Net::HTTP.start(uri.host, uri.port, http_opts) do |http|
+          add_field "Authorization", "Bearer #{credentials.access_token}" if credentials
+          add_field "Accept", "application/json"
+          yield self if block_given?
+          http.request request
+        end
+        if (200..299).include?(response.code.to_i)
+          return response
+        else
+          raise RequestError.new(response.code.to_i), "Error #{response.code} (#{response.msg}) - #{uri}\n#{response.body}"
+        end
+      end
+
+    private
+
+      def request
+        @request ||=
+          begin
+            case method
+            when :get
+              Net::HTTP::Get.new uri.request_uri
+            when :post
+              Net::HTTP::Post.new uri.request_uri
+            end
+          end
+      end
+    end
+
+    class RequestError < StandardError
+      attr_accessor :code
+      def initialize(code)
+        self.code = code
+      end
+    end
+
+  end
+end

data/lib/ephemeral_calc/key_pair.rb

@@ -0,0 +1,67 @@
+require 'openssl'
+require 'securerandom'
+
+module EphemeralCalc
+  class KeyPair
+    attr_reader :private_key
+
+    def initialize(private_key = nil)
+      self.private_key = private_key || KeyPair.generate_private_key
+    end
+
+    def private_key=(new_key)
+      @private_key = convert_key(new_key)
+    end
+
+    def public_key
+      @public_key ||= begin
+        Curve25519.mult(self.private_key, Curve25519::BASEPOINT)
+      end
+    end
+
+    def shared_secret(other_public_key)
+      Curve25519.mult(self.private_key, other_public_key)
+    end
+
+    # opts must contain the key :resolver_public_key or :beacon_public_key
+    def identity_key(opts)
+      if opts[:resolver_public_key]
+        resolver_public_key = convert_key(opts[:resolver_public_key])
+        beacon_public_key = self.public_key
+        secret = shared_secret(resolver_public_key)
+      elsif opts[:beacon_public_key]
+        resolver_public_key = self.public_key
+        beacon_public_key = convert_key(opts[:beacon_public_key])
+        secret = shared_secret(beacon_public_key)
+      else
+        raise ArgumentError, "Must pass a resolver_public_key or a beacon_public_key"
+      end
+      salt = resolver_public_key + beacon_public_key
+      hkdf(secret, salt)[0..15]
+    end
+
+    def convert_key(key_string)
+      if key_string.size == 64
+        [key_string].pack("H*")
+      else
+        key_string
+      end
+    end
+
+    def self.generate_private_key
+      # reference: https://code.google.com/archive/p/curve25519-donna/
+      # See section on "generating a private key"
+      key = SecureRandom.random_bytes(32).bytes
+      key[0] &= 248
+      key[31] &= 127
+      key[31] |= 64
+      return key.pack("C*")
+    end
+
+    def hkdf(secret, salt)
+      digest = OpenSSL::Digest.new("SHA256")
+      prk = OpenSSL::HMAC.digest(digest, salt, secret)
+      OpenSSL::HMAC.digest(digest, prk, "\x01")
+    end
+  end
+end

data/lib/ephemeral_calc/version.rb

@@ -0,0 +1,3 @@
+module EphemeralCalc
+  VERSION = "0.2.0"
+end

data/lib/ephemeral_calc.rb

@@ -0,0 +1,12 @@
+require "ephemeral_calc/version"
+require "ephemeral_calc/curve25519"
+require "ephemeral_calc/encryptor"
+require "ephemeral_calc/key_pair"
+require "ephemeral_calc/google_api/oauth"
+require "ephemeral_calc/google_api/credentials"
+require "ephemeral_calc/google_api/request"
+require "ephemeral_calc/google_api/client"
+
+module EphemeralCalc
+  # Your code goes here...
+end

metadata

@@ -0,0 +1,138 @@
+--- !ruby/object:Gem::Specification
+name: ephemeral_calc
+version: !ruby/object:Gem::Version
+  version: 0.2.0
+platform: ruby
+authors:
+- Radius Networks
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2016-08-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake-compiler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Tools to calculate Eddystone ephemeral identifiers
+email:
+- support@radiusnetworks.com
+executables:
+- ephemeral_calc
+extensions:
+- ext/curve25519/extconf.rb
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- README.md
+- Rakefile
+- bin/console
+- bin/rspec
+- bin/setup
+- ephemeral_calc.gemspec
+- exe/ephemeral_calc
+- ext/curve25519/curve25519-donna.c
+- ext/curve25519/curve25519_module.c
+- ext/curve25519/extconf.rb
+- lib/ephemeral_calc.rb
+- lib/ephemeral_calc/encryptor.rb
+- lib/ephemeral_calc/google_api/client.rb
+- lib/ephemeral_calc/google_api/credentials.rb
+- lib/ephemeral_calc/google_api/oauth.rb
+- lib/ephemeral_calc/google_api/request.rb
+- lib/ephemeral_calc/key_pair.rb
+- lib/ephemeral_calc/version.rb
+homepage: https://github.com/RadiusNetworks/ephemeral_calc
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.6
+signing_key: 
+specification_version: 4
+summary: Tools to calculate Eddystone ephemeral identifiers
+test_files: []