imobile 0.0.1 → 0.0.2

data/CHANGELOG

@@ -1 +1,3 @@
+v0.0.2. CryptoSupport fingerprints computation.
+
 v0.0.1. Initial release. In-App Purchase receipt validation.

data/Manifest

@@ -1,10 +1,14 @@
 CHANGELOG
+imobile.gemspec
+lib/imobile/crypto_app_fprint.rb
 lib/imobile/validate_receipt.rb
 lib/imobile.rb
 LICENSE
 Manifest
 Rakefile
 README
+test/crypto_app_fprint_test.rb
 test/validate_receipt_test.rb
+testdata/device_attributes.yml
 testdata/forged_sandbox_receipt
 testdata/valid_sandbox_receipt

data/Rakefile

@@ -1,3 +1,9 @@
+# Rakefile that uses echoe to manage imobile's gemspec. 
+#
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2009 Zergling.Net
+# License:: MIT
+
 require 'rubygems'
 require 'echoe'
 

data/imobile.gemspec

@@ -2,22 +2,22 @@
 
 Gem::Specification.new do |s|
   s.name = %q{imobile}
-  s.version = "0.0.1"
+  s.version = "0.0.2"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
   s.authors = ["Victor Costan"]
-  s.date = %q{2009-07-23}
+  s.date = %q{2009-07-24}
   s.description = %q{Library for servers backing iPhone applications.}
   s.email = %q{victor@zergling.net}
-  s.extra_rdoc_files = ["CHANGELOG", "lib/imobile/validate_receipt.rb", "lib/imobile.rb", "LICENSE", "README"]
-  s.files = ["CHANGELOG", "lib/imobile/validate_receipt.rb", "lib/imobile.rb", "LICENSE", "Manifest", "Rakefile", "README", "test/validate_receipt_test.rb", "testdata/forged_sandbox_receipt", "testdata/valid_sandbox_receipt", "imobile.gemspec"]
+  s.extra_rdoc_files = ["CHANGELOG", "lib/imobile/crypto_app_fprint.rb", "lib/imobile/validate_receipt.rb", "lib/imobile.rb", "LICENSE", "README"]
+  s.files = ["CHANGELOG", "imobile.gemspec", "lib/imobile/crypto_app_fprint.rb", "lib/imobile/validate_receipt.rb", "lib/imobile.rb", "LICENSE", "Manifest", "Rakefile", "README", "test/crypto_app_fprint_test.rb", "test/validate_receipt_test.rb", "testdata/device_attributes.yml", "testdata/forged_sandbox_receipt", "testdata/valid_sandbox_receipt"]
   s.homepage = %q{http://github.com/costan/imobile}
   s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Imobile", "--main", "README"]
   s.require_paths = ["lib"]
   s.rubyforge_project = %q{zerglings}
   s.rubygems_version = %q{1.3.5}
   s.summary = %q{Library for servers backing iPhone applications.}
-  s.test_files = ["test/validate_receipt_test.rb"]
+  s.test_files = ["test/crypto_app_fprint_test.rb", "test/validate_receipt_test.rb"]
 
   if s.respond_to? :specification_version then
     current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION

data/lib/imobile.rb

@@ -4,4 +4,5 @@
 # Copyright:: Copyright (C) 2009 Zergling.Net
 # License:: MIT
 
+require 'imobile/crypto_app_fprint.rb'
 require 'imobile/validate_receipt.rb'

data/lib/imobile/crypto_app_fprint.rb

@@ -0,0 +1,120 @@
+# Application integrity finger-printing used by ZergSupport's CryptoSupport.  
+#
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2009 Zergling.Net
+# License:: MIT
+
+require 'digest/md5'
+require 'digest/sha2'
+require 'set'
+require 'openssl'
+
+
+# :nodoc: namespace
+module Imobile
+
+# An iPhone application's finger-print, as implemented in CryptoSupport.
+#
+# Args:
+#   device_or_hash:: a Hash or ActiveRecord model representing the result of
+#                    calling [ZNDeviceFprint deviceAttributes] on the iMobile
+#                    device
+#   binary_path:: path to the application's binary (executable file)
+#                 corresponding to the application version on the device
+#                 (indicated by :app_version in the device attributes)
+#
+# Returns a finger-print that should prove the application's integrity. The
+# finger-print is a string consisting of printable characters.
+def self.crypto_app_fprint(device_or_hash, binary_path)
+  CryptoSupportAppFprint.app_fprint device_or_hash, binary_path
+end
+
+
+# Implementation details for crypto_app_fprint.
+module CryptoSupportAppFprint  
+  # The finger-print for a device's attributes, as implemented in CryptoSupport.
+  #
+  # The device attributes should be passed in a Hash that represents the result
+  # of calling [ZNDeviceFprint deviceAttributes] on the iMobile device.
+  #  
+  # The finger-print is returned as a raw string (no hex-formatting).
+  # In particular, the returned finger-print is suitable to be used as a key or
+  # IV for AES-128.
+  #
+  # The code mirrors the reference code in ZergSupport's test suite.
+  def self.device_fprint(device_attributes)
+    Digest::MD5.digest device_fprint_data(device_attributes)
+  end
+  
+  # The finger-print for a device's attributes, as implemented in CryptoSupport.
+  #
+  # This method resembles device_fprint, but returns the finger-print in a
+  # hex-formatted string, so that it can be used by Web services.  
+  def self.hex_device_fprint(device_attributes)
+    device_fprint(device_attributes).unpack('C*').map {|c| '%02x' % c}.join('')
+  end
+  
+  # The device data used for device finger-printing in CryptoSupport.
+  #
+  # The device attributes should be passed in a Hash that represents the result
+  # of calling [ZNDeviceFprint deviceAttributes] on the iMobile device.   
+  def self.device_fprint_data(device_attributes)
+    attrs = device_fprint_attributes
+    keys = device_attributes.keys.select { |k| attrs.include? k.to_s }
+    'D|' + keys.sort.map { |k| device_attributes[k] }.join('|')    
+  end
+
+  # The device attributes included in the finger-printing operation.  
+  def self.device_fprint_attributes
+    Set.new(['app_id', 'app_version', 'app_provisioning', 'hardware_model',
+             'os_name', 'os_version', 'unique_id'])
+  end
+  
+  # The finger-print for a data blob, as implemented in CryptoSupport.
+  #
+  # Args:
+  #   data_blob:: a raw string, usually the result of reading a file
+  #   key:: 16-byte string, to be used as an AES key
+  #   iv:: 16-byte string, to be used as an AES key
+  #
+  # The returned finger-print is a hex-formatted string.
+  def self.data_fprint(data_blob, key, iv = "\0" * 16)
+    cipher = OpenSSL::Cipher::Cipher.new 'aes-128-cbc'
+    cipher.encrypt
+    cipher.key, cipher.iv = key, iv
+    
+    plain = data_blob + "\0" * ((16 - (data_blob.length & 0x0f)) & 0x0f)
+    crypted = cipher.update plain
+    Digest::SHA2.hexdigest crypted
+  end
+    
+  # An iPhone application's finger-print, as implemented in CryptoSupport.
+  #
+  # The device attributes should be passed in a Hash that represents the result
+  # of calling [ZNDeviceFprint deviceAttributes] on the iMobile device. The
+  # manifest data should be the result of reading the application's manifest
+  # file (currently its executable file).
+  #
+  # The returned finger-print is a hex-formatted string.
+  def self.app_fprint_from_raw_data(device_attributes, manifest_data)
+    key = device_fprint device_attributes
+    iv = "\0" * 16
+    data_fprint manifest_data, key, iv
+  end
+  
+  # An iPhone application's finger-print, as implemented in CryptoSupport.
+  def self.app_fprint(device_or_hash, binary_path)
+    if device_or_hash.respond_to?(:[]) and device_or_hash.respond_to?(:keys)
+      # Hash-like object.
+      device_attributes = device_or_hash
+    else
+      # ActiveRecord model.
+      device_attributes = device_or_hash.attributes
+    end
+    
+    manifest_data = File.read binary_path
+    app_fprint_from_raw_data device_attributes, manifest_data
+  end    
+end
+
+end  # namespace Imobile

data/test/crypto_app_fprint_test.rb

@@ -0,0 +1,39 @@
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2009 Zergling.Net
+# License:: MIT
+
+require 'imobile'
+
+require 'time'
+require 'test/unit'
+
+require 'rubygems'
+require 'flexmock/test_unit'
+
+
+class CryptoAppFprintTest < Test::Unit::TestCase
+  def setup
+    testdata_path = File.join(File.dirname(__FILE__), '..', 'testdata')
+    @device_attrs = File.open(File.join(testdata_path,
+                                        'device_attributes.yml')) do |f| 
+      YAML.load f
+    end
+    
+    @mock_binary = '1a2b3c4d5e6f7g8h' * 16384
+  end
+  
+  def test_device_fprint
+    fprint = Imobile::CryptoSupportAppFprint.hex_device_fprint @device_attrs
+    assert_equal '9cef1c830742fa83ad213281c1ce47b5', fprint
+  end
+  
+  def test_crypto_app_fprint
+    mock_binary_path = '/binary/path'
+    flexmock(File).should_receive(:read).with(mock_binary_path).
+                   and_return(@mock_binary)
+    fprint = Imobile.crypto_app_fprint @device_attrs, mock_binary_path
+    gold_fprint =
+        'b5b45dec2177d095bff66dd895c624b1bc264e48575f2b39ed5456c3821c338f' 
+    assert_equal gold_fprint, fprint
+  end
+end

data/test/validate_receipt_test.rb

@@ -10,8 +10,7 @@ require 'test/unit'
 
 class ValidateReceiptTest < Test::Unit::TestCase
   def setup
-    testdata_path = File.join(File.dirname(__FILE__), '..', 'testdata')
-    
+    testdata_path = File.join(File.dirname(__FILE__), '..', 'testdata')    
     @forged_sandbox_blob = File.read File.join(testdata_path,
                                                'forged_sandbox_receipt')
     @valid_sandbox_blob = File.read File.join(testdata_path,
@@ -47,4 +46,7 @@ class ValidateReceiptTest < Test::Unit::TestCase
                  Imobile.validate_receipt(@forged_sandbox_blob, :sandbox),
                  "Forged receipt passed validation"
   end
+  
+  # TODO(costan): add tests against the real servers, as soon as someone donates
+  #               a receipt
 end

data/testdata/device_attributes.yml

@@ -0,0 +1,8 @@
+--- 
+app_id: us.costan.ZergSupportTests
+app_provisioning: s
+app_version: "1.9.8.3"
+hardware_model: i386
+os_name: iPhone OS
+os_version: "3.0"
+unique_id: sim:EEAE137F-205A-587E-8F62-C6855680879E

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: imobile
 version: !ruby/object:Gem::Version 
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors: 
 - Victor Costan
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-07-23 00:00:00 -04:00
+date: 2009-07-24 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -50,22 +50,26 @@ extensions: []
 
 extra_rdoc_files: 
 - CHANGELOG
+- lib/imobile/crypto_app_fprint.rb
 - lib/imobile/validate_receipt.rb
 - lib/imobile.rb
 - LICENSE
 - README
 files: 
 - CHANGELOG
+- imobile.gemspec
+- lib/imobile/crypto_app_fprint.rb
 - lib/imobile/validate_receipt.rb
 - lib/imobile.rb
 - LICENSE
 - Manifest
 - Rakefile
 - README
+- test/crypto_app_fprint_test.rb
 - test/validate_receipt_test.rb
+- testdata/device_attributes.yml
 - testdata/forged_sandbox_receipt
 - testdata/valid_sandbox_receipt
-- imobile.gemspec
 has_rdoc: true
 homepage: http://github.com/costan/imobile
 licenses: []
@@ -100,4 +104,5 @@ signing_key:
 specification_version: 3
 summary: Library for servers backing iPhone applications.
 test_files: 
+- test/crypto_app_fprint_test.rb
 - test/validate_receipt_test.rb