id_shuffler 0.0.2 → 0.0.3

data/ext/id_shuffler/id_shuffler.c

@@ -1,70 +1,156 @@
 #include <ruby.h>
+#include <stdint.h>
+
+/*
+ * the algorithm used here is based on greg rose's implementation of skip32
+ * (https://opensource.qualcomm.com/assets/dotc/skip32.c) and modified as
+ * follows:
+ *
+ * - using 30 bit numbers instead of 32 (so we get nice round 6-digit base-32
+ *   outputs, rather than having 7-digit base-32 numbers that never use the
+ *   upper 3 bits. when we need more than 30 bits, we should switch up to 40,
+ *   50, or 60 bits to keep the output string range fully utilized)
+ *
+ * - the feistel network round function returns 15 bits instead of 16
+ *
+ * - use uint32_t explicitely where necessary to ensure 32-bit numbers
+ *   on 64-bit platforms
+ *
+ * - use 6-digits of 'crockford' base-32 armor on the shuffled ids. this not
+ *   only prevents them from looking completely like numbers but also ensures
+ *   they are a constant length, which is very handy for the sake of future
+ *   compatibility since you can just say any 6-digit shuffle id is "version 1"
+ *   id, and a different length implies a different shuffler.
+ *
+ * note i am most certainly not a cryptographer. i assume my modifications have
+ * made the algorithm all the weaker. this should be considered an obfuscation
+ * tool, not a cryptographic tool. please assume a mildly determined attacker
+ * could decode the shuffled ids, especially if they can generate or otherwise
+ * order them sequentially which is not too hard for an end-user in most
+ * production systems.
+ *
+ */
+
+const char ftable[256] = { 
+0xa3,0xd7,0x09,0x83,0xf8,0x48,0xf6,0xf4,0xb3,0x21,0x15,0x78,0x99,0xb1,0xaf,0xf9,
+0xe7,0x2d,0x4d,0x8a,0xce,0x4c,0xca,0x2e,0x52,0x95,0xd9,0x1e,0x4e,0x38,0x44,0x28,
+0x0a,0xdf,0x02,0xa0,0x17,0xf1,0x60,0x68,0x12,0xb7,0x7a,0xc3,0xe9,0xfa,0x3d,0x53,
+0x96,0x84,0x6b,0xba,0xf2,0x63,0x9a,0x19,0x7c,0xae,0xe5,0xf5,0xf7,0x16,0x6a,0xa2,
+0x39,0xb6,0x7b,0x0f,0xc1,0x93,0x81,0x1b,0xee,0xb4,0x1a,0xea,0xd0,0x91,0x2f,0xb8,
+0x55,0xb9,0xda,0x85,0x3f,0x41,0xbf,0xe0,0x5a,0x58,0x80,0x5f,0x66,0x0b,0xd8,0x90,
+0x35,0xd5,0xc0,0xa7,0x33,0x06,0x65,0x69,0x45,0x00,0x94,0x56,0x6d,0x98,0x9b,0x76,
+0x97,0xfc,0xb2,0xc2,0xb0,0xfe,0xdb,0x20,0xe1,0xeb,0xd6,0xe4,0xdd,0x47,0x4a,0x1d,
+0x42,0xed,0x9e,0x6e,0x49,0x3c,0xcd,0x43,0x27,0xd2,0x07,0xd4,0xde,0xc7,0x67,0x18,
+0x89,0xcb,0x30,0x1f,0x8d,0xc6,0x8f,0xaa,0xc8,0x74,0xdc,0xc9,0x5d,0x5c,0x31,0xa4,
+0x70,0x88,0x61,0x2c,0x9f,0x0d,0x2b,0x87,0x50,0x82,0x54,0x64,0x26,0x7d,0x03,0x40,
+0x34,0x4b,0x1c,0x73,0xd1,0xc4,0xfd,0x3b,0xcc,0xfb,0x7f,0xab,0xe6,0x3e,0x5b,0xa5,
+0xad,0x04,0x23,0x9c,0x14,0x51,0x22,0xf0,0x29,0x79,0x71,0x7e,0xff,0x8c,0x0e,0xe2,
+0x0c,0xef,0xbc,0x72,0x75,0x6f,0x37,0xa1,0xec,0xd3,0x8e,0x62,0x8b,0x86,0x10,0xe8,
+0x08,0x77,0x11,0xbe,0x92,0x4f,0x24,0xc5,0x32,0x36,0x9d,0xcf,0xf3,0xa6,0xbb,0xac,
+0x5e,0x6c,0xa9,0x13,0x57,0x25,0xb5,0xe3,0xbd,0xa8,0x3a,0x01,0x05,0x59,0x2a,0x46
+};
+
+uint32_t g(char key[10], int k, uint32_t w)
+{
+    uint8_t g1, g2, g3, g4, g5, g6;
+
+    g1 = (w>>7)&0xff; /* shift 7 not 8, as w is actually 15-bit. so g1's LSB will be g2's MSB */
+    g2 = w&0xff;
+
+    g3 = ftable[g2 ^ key[(4*k)%10]] ^ g1;
+    g4 = ftable[g3 ^ key[(4*k+1)%10]] ^ g2;
+    g5 = ftable[g4 ^ key[(4*k+2)%10]] ^ g3;
+    g6 = ftable[g5 ^ key[(4*k+3)%10]] ^ g4;
+
+    return (((g5<<8) + g6) & 32767); /* clip result to 15 bits */
+}
+
+uint32_t skip30(char key[10], uint32_t num, int encrypt)
+{
+    int         k; /* round number */
+    int         i; /* round counter */
+    int         kstep;
+    uint32_t    wl, wr;
+
+    /* sort out direction */
+    if (encrypt)
+        kstep = 1, k = 0;
+    else
+        kstep = -1, k = 23;
+
+    /* pack into 15-bit words */
+    wl = (num >> 15) & 32767;
+    wr = num & 32767;
+
+    /* 24 feistel rounds, doubled up */
+    for (i = 0; i < 24/2; ++i) {
+        wr ^= g(key, k, wl) ^ k;
+        k += kstep;
+        wl ^= g(key, k, wr) ^ k;
+        k += kstep;
+    }
+
+    return (wr << 15) + (wl);
+}
 
 static VALUE r_base32_shuffle(VALUE self, VALUE original_num, VALUE key_str) {
-  // takes a number and a key string as input and returns a base-32 encoded
-  // shuffled id.
+  /* takes a number and a key string as input and returns a base-32 encoded
+   * shuffled id. */
 
-  // convert from ruby objects to local long/string
-  unsigned long original;
-  original = NUM2ULONG(original_num);
+  /* convert from ruby objects */
+  unsigned long original_ulong;
+  original_ulong = NUM2ULONG(original_num);
   char *key = StringValuePtr(key_str);
-  // bounds check the id
-  if (original >= (1 << 30)) {
-    return rb_str_new2("");
+
+  /* bounds check the id */
+  if (original_ulong >= (1 << 30)) {
+    return rb_str_new2("input integer exceeds 30-bit maximum");
   }
-  // initialize the feistel network and lfsr
-  unsigned int keypos, key_len;
-  unsigned long l, r, r_orig;
-  unsigned long lfsr, lfsr_check_bit, lfsr_out_bit, lfsr_round;
-  l = (original >> 15) & 32767;
-  r = original & 32767;
-  key_len = strlen(key);
-  // apply the feistel network in a loop over each char in key. the round
-  // function uses the current key character as the taps mask for several
-  // iterations of a 32-bit lfsr
-  for (keypos = 0; keypos < key_len; keypos++) {
-    r_orig = r;
-    lfsr = r + 255; // ensure nonzero starting condition in the lfsr
-    for (lfsr_round = 0; lfsr_round < 15; lfsr_round++) {
-      lfsr_out_bit = 0;
-      for (lfsr_check_bit = 0; lfsr_check_bit < 8; lfsr_check_bit++) {
-        if ((key[keypos] & (1 << lfsr_check_bit)) > 0) {
-          lfsr_out_bit = lfsr_out_bit ^ ((lfsr & (1 << lfsr_check_bit)) >> lfsr_check_bit);
-        }
-      }
-      lfsr = (lfsr << 1) + lfsr_out_bit;
-    }
-    lfsr = lfsr & 32767;
-    r = (l ^ lfsr);
-    l = r_orig;
+  if (RSTRING_LEN(key_str) < 10) {
+    /* the algorithm uses an 80-bit key. the key string must be at least 10
+     * chars long, and anything beyond that is ignored. */
+    return rb_str_new2("invalid key length");
   }
-  // base32 encode the result
-  unsigned long shuffled;
-  shuffled = (l << 15) + r;
+
+  /* encrypt */
+  uint32_t original = original_ulong;
+  uint32_t shuffled = skip30(key, original, 1);
+
+  /* base-32 encode the result using "crockford 32" alphabet */
   char buf[6];
-  char *digits = "0123456789abcdefghijklmnopqrstuv";
+  char *digits = "0123456789abcdefghjkmnpqrstvwxyz";
   int cpos;
   for (cpos = 0; cpos < 6; cpos ++) {
     buf[cpos] = digits[((shuffled >> (5*(5-cpos))) & 31)];
   }
-  // return a ruby string
-  return rb_str_new2(buf);
+
+  /* return a ruby string */
+  return rb_str_new(buf,6);
 }
 
 static VALUE r_base32_unshuffle(VALUE self, VALUE shuffled_str, VALUE key_str) {
-  // take the a base-32 encoded ruby string and a key string, decodes and
-  // unshuffles it, producing the original number.
+  /* take the a base-32 encoded ruby string and a key string, decodes and
+   * unshuffles it, producing the original number. */
 
-  // convert from ruby string to local buf
+  /* TODO: take advantage of crockford 32 and perform corrections on digits that
+   * may have been mistyped or case munged, for instance "l" -> 1, "o" -> 0, "A"
+   * -> "a" etc.  */
+
+  /* convert from ruby string to char buf */
   char *b32 = StringValuePtr(shuffled_str);
-  char *key = StringValuePtr(key_str);
-  // remove base32 encoding
-  unsigned int shuffled = 0;
-  char *found;
-  char *digits = "0123456789abcdefghijklmnopqrstuv";
-  if (strlen(b32) != 6) {
+  if (RSTRING_LEN(shuffled_str) != 6) {
+    /* must be 6 base-32 digits */
     return INT2NUM(-1);
   }
+  char *key = StringValuePtr(key_str);
+  if (RSTRING_LEN(key_str) < 10) {
+    return rb_str_new2("invalid key length");
+  }
+
+  /* remove base32 encoding */
+  uint32_t shuffled = 0;
+  char *found;
+  char *digits = "0123456789abcdefghjkmnpqrstvwxyz";
   int cpos = 0;
   for (cpos = 0; cpos < 6; cpos++) {
     found = strchr(digits,b32[cpos]);
@@ -72,41 +158,23 @@ static VALUE r_base32_unshuffle(VALUE self, VALUE shuffled_str, VALUE key_str) {
       int pos = (found - digits);
       shuffled = shuffled + (pos << (5 * (5-cpos)));
     } else {
+      /* not valid "crockford" base-32 */
       return INT2NUM(-1);
     }
   }
-  // unwind
-  int keypos,key_len;
-  unsigned long l, r, l_orig;
-  unsigned long lfsr, lfsr_check_bit, lfsr_out_bit, lfsr_round;
-  l = (shuffled >> 15) & 32767;
-  r = shuffled & 32767;
-  key_len = strlen(key);
-  for (keypos = (key_len - 1); keypos >= 0; keypos--) {
-    l_orig = l;
-    lfsr = l + 255;
-    for (lfsr_round = 0; lfsr_round < 15; lfsr_round++) {
-      lfsr_out_bit = 0;
-      for (lfsr_check_bit = 0; lfsr_check_bit < 8; lfsr_check_bit++) {
-        if ((key[keypos] & (1 << lfsr_check_bit)) > 0) {
-          lfsr_out_bit = lfsr_out_bit ^ ((lfsr & (1 << lfsr_check_bit)) >> lfsr_check_bit);
-        }
-      }
-      lfsr = (lfsr << 1) + lfsr_out_bit;
-    }
-    lfsr = lfsr & 32767;
-    l = (r ^ lfsr);
-    r = l_orig;
-  }
-  // return the resulting original number as a ruby fixnum
-  unsigned long original;
-  original = (l << 15) + r;
+
+  /* decrypt */
+  uint32_t original = skip30(key, shuffled, 0);
+
+  /* return a ruby number */
   return ULONG2NUM(original);
 }
 
 void Init_id_shuffler(void) {
-  // add two class methods to our IdShuffler class: shuffle and unshuffle, each
-  // of which take the object to be [unshuffled] and the key.
+  /* add two class methods to our IdShuffler class: shuffle and unshuffle, each
+   * of which take the object to be [unshuffled] and the key. the ruby module
+   * in id_shuffler.rb should be the only one to ever call these, clients
+   * should use the module's interface */
   VALUE klass = rb_define_class("IdShuffler", rb_cObject);
   rb_define_singleton_method(klass, "shuffle_with_raw_key", r_base32_shuffle, 2);
   rb_define_singleton_method(klass, "unshuffle_with_raw_key", r_base32_unshuffle, 2);

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: id_shuffler
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
   prerelease: 
 platform: ruby
 authors: