ipcrypt 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: ffcebf3891f542221e9130fc8399490e5ec66a865f0ee64dc4bad819a9d4cd9d
+  data.tar.gz: ba53bcec1d4002cf843190fce26eddfec44a11e2f6f92281b3435395399960f0
+SHA512:
+  metadata.gz: 935359db9f48e1280a9a0c1d29c270a92329649e0f353d3e022dbff79a43a76bf60858d1023ce12b21eb662dbb0787d8cdf656b72def425d86c9353006d2c2cc
+  data.tar.gz: 5b39e89d7f0193de858f9a944a34190eac1167d6d877c7af45a3b51eba4c0018c573f0c5ed91fabed218d8e93a808281f3913102ab462cbbf6cdde1a9dc5bdb5

data/Gemfile

@@ -0,0 +1,3 @@
+source "https://rubygems.org"
+git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+gemspec

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 Edwin Onuonga
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,129 @@
+[![Ruby Version](https://img.shields.io/badge/ruby-~%3E%202.5-red.svg)](https://github.com/eonu/ipcrypt/blob/945450c32a145d7675b5d2b0c796708195d42388/ipcrypt.gemspec#L20)
+[![Gem](https://img.shields.io/gem/v/ipcrypt.svg)](https://rubygems.org/gems/ipcrypt)
+[![Build Status](https://travis-ci.org/eonu/ipcrypt.svg?branch=master)](https://travis-ci.org/eonu/ipcrypt)
+[![License](https://img.shields.io/github/license/eonu/ipcrypt.svg)](https://github.com/eonu/ipcrypt/blob/master/LICENSE)
+
+# IPCrypt
+
+Ruby implementation of the format-preserving IPCrypt encryption algorithm for IPv4 addresses.
+
+---
+
+IPCrypt is a format-preserving cipher for IPv4 addresses - that is, a cipher that accepts an IPv4 address for encryption, and generates a new decryptable IPv4 address.
+
+The cipher was developed by Jean-Philippe Aumasson, initially in the form of a [python implementation](https://github.com/veorq/ipcrypt) which is the reference for this Ruby implementation.
+
+## Features
+
+This gem provides:
+
+- A CLI tool (`ipcrypt`) for the encryption/decryption of IPv4 addresses stored in CSV files
+- A Ruby interface in the form of a module (`IPCrypt::IP`) for the encryption/decryption of IPv4 addresses of the class `String` within Ruby applications
+
+## Installation
+
+Install the `ipcrypt` gem:
+
+```bash
+$ gem install ipcrypt
+```
+
+### Installation for CLI usage
+
+The CLI should be available to use after the gem has been installed:
+
+```bash
+$ ipcrypt
+Commands:
+  ipcrypt d [CSV] [COLUMN]  # Decrypt IPv4 addresses from a CSV file
+  ipcrypt e [CSV] [COLUMN]  # Encrypt IPv4 addresses from a CSV file
+
+Options:
+  -k, --key=KEY  # 16-byte key
+```
+
+### Installation for usage within Ruby applications
+
+1. Add the gem to your application's Gemfile:
+
+  ```ruby
+  gem 'ipcrypt'
+  ```
+
+2. Execute the following command:
+
+  ```bash
+  $ bundle install
+  ```
+
+## CLI Usage
+
+```bash
+$ cat test.csv
+id,firstname,lastname,ip_address,country
+1,a,b,127.0.0.1,c
+2,d,e,0.0.0.0,f
+3,g,h,255.255.255.255,i
+4,j,k,192.168.2.1,l
+
+$ ipcrypt e test.csv ip_address -k '16-byte-key-123!' > encrypted.csv
+
+$ cat encrypted.csv
+id,firstname,lastname,ip_address,country
+1,a,b,94.99.154.180,c
+2,d,e,34.112.126.36,f
+3,g,h,6.156.93.249,i
+4,j,k,41.85.161.64,l
+
+$ ipcrypt d encrypted.csv ip_address -k '16-byte-key-123!'
+id,firstname,lastname,ip_address,country
+1,a,b,127.0.0.1,c
+2,d,e,0.0.0.0,f
+3,g,h,255.255.255.255,i
+4,j,k,192.168.2.1,l
+```
+
+## Usage within Ruby applications
+
+The `IPCrypt::IP` is an interface for instantiating an `IPCrypt::Engine` - this class performs the task of encryption and decryption.
+
+A random 16-byte key will be generated and stored as the `@default_key` instance variable - this can be retrieved with the `#default_key` attribute reader. This default key is used as the encryption key if none is specified as an argument for the `#encrypt` instance method.
+
+### Using a default key
+
+```ruby
+encrypter = IPCrypt::IP['94.175.013.122', '73.155.92.01']
+=> #<IPCrypt::Engine:0x00007ff9f904fc68 @default_key="\x95\xC6\rM\xE5\xFAKE\xAD\x16\x80\x9A\xF6\xA9\v\x8B", @ips=["94.175.013.122", "73.155.92.01"]>
+
+encrypted = encrypter.encrypt
+=> ["221.69.213.73", "80.1.170.94"]
+
+decrypter = IPCrypt::IP[encrypted]
+=> #<IPCrypt::Engine:0x00007ff9f91618e0 @default_key="\xF8\x00\x8Cdj\xFF\xE9\x82\xE9\v\x85e\xF6\x7F 8", @ips=["221.69.213.73", "80.1.170.94"]>
+
+decrypted = decrypter.decrypt encrypter.default_key
+=> ["94.175.13.122", "73.155.92.1"]
+```
+
+### Using a set key
+
+```ruby
+key = '16-byte-key-123!'
+=> "16-byte-key-123"
+
+encrypter = IPCrypt::IP['94.175.013.122', '73.155.92.01']
+=> #<IPCrypt::Engine:0x00007fe851049db8 @default_key="\xCC\xE0j\x13s\xB9B+\xEF'\xC8\xFC\xD4\xA5\xFCW", @ips=["94.175.013.122", "73.155.92.01"]>
+
+encrypted = encrypter.encrypt key
+=> ["74.248.51.155", "132.12.16.129"]
+
+decrypter = IPCrypt::IP[encrypted]
+=> #<IPCrypt::Engine:0x00007fe85117b1c8 @default_key="\xFA\x9C\x1E\xEE\xA7\xE3\xA1\xFD(9Q\x94\x11\xA4\x90\x19", @ips=["74.248.51.155", "132.12.16.129"]>
+
+decrypted = decrypter.decrypt key
+=> ["94.175.13.122", "73.155.92.1"]
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/eonu/ipcrypt.

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+task :default => [:spec]
+
+desc "Run the specs"
+RSpec::Core::RakeTask.new(:spec)

data/bin/ipcrypt

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require 'ipcrypt/cli'
+IPCrypt::CLI.start

data/ipcrypt.gemspec

@@ -0,0 +1,28 @@
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'ipcrypt/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'ipcrypt'
+  spec.version       = IPCrypt::VERSION
+  spec.authors       = ['Edwin Onuonga']
+  spec.email         = %w[edwinonuonga@gmail.com]
+  spec.license       = 'MIT'
+  spec.summary       = %q{Ruby implementation of the format-preserving IPCrypt encryption algorithm for IPv4 addresses.}
+  spec.homepage      = 'https://github.com/eonu/ipcrypt'
+  spec.metadata      = {'source_code_uri' => 'https://github.com/eonu/ipcrypt/'}
+
+  spec.files         = Dir.glob(File.join('lib', '**', '*'), File::FNM_DOTMATCH) + %w[Gemfile LICENSE README.md Rakefile ipcrypt.gemspec bin/ipcrypt]
+  spec.bindir        = 'bin'
+  spec.executables   = 'ipcrypt'
+  spec.require_paths = ['lib']
+
+  spec.required_ruby_version = "~> 2.5"
+
+  spec.add_development_dependency 'bundler', '~> 1.16'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec', '~> 3.8'
+  spec.add_development_dependency 'rspec-collection_matchers', '~> 1.1'
+  spec.add_development_dependency 'faker', '~> 1.9'
+  spec.add_runtime_dependency 'thor', '~> 0.20'
+end

data/lib/ipcrypt.rb

@@ -0,0 +1,3 @@
+require 'ipcrypt/version'
+require 'ipcrypt/ip'
+require 'ipcrypt/engine'

data/lib/ipcrypt/cli.rb

@@ -0,0 +1,42 @@
+require 'ipcrypt/engine'
+require 'thor'
+require 'csv'
+module IPCrypt
+  class CLI < Thor
+    class_option :key, aliases: '-k', type: :string, :desc => '16-byte key', required: true
+
+    %w[encrypt decrypt].each do |crypt|
+      desc "#{crypt} [CSV] [COLUMN]", "#{crypt.capitalize} IPv4 addresses from a CSV file"
+      define_method crypt do |file, column|
+        csv = CSV.read(file, headers: true)
+        puts csv.headers * ?,
+
+        _crypted = Engine.new(*csv[column]).send(crypt, options[:key])
+
+        CSV.foreach(file, headers: true).with_index do |row, i|
+          puts csv.headers.map {|h| h == column ? _crypted[i] : row[h]} * ?,
+        end
+      end
+    end
+
+    def self.help(shell, subcommand = false)
+      list = printable_commands(true, subcommand)
+      Thor::Util.thor_classes_in(self).each do |klass|
+        list += klass.printable_commands(false)
+      end
+      list.sort! { |a, b| a[0] <=> b[0] }
+      list.reject! { |e| /.*help.*/.match? e.first }
+      list.map! {|c| c.map {|s| s.gsub('decrypt', ?d).gsub('encrypt', ?e)} }
+
+      if defined?(@package_name) && @package_name
+        shell.say "#{@package_name} commands:"
+      else
+        shell.say "Commands:"
+      end
+
+      shell.print_table(list, :indent => 2, :truncate => true)
+      shell.say
+      class_options_help(shell)
+    end
+  end
+end

data/lib/ipcrypt/engine.rb

@@ -0,0 +1,120 @@
+require 'ipcrypt/exceptions'
+require 'securerandom'
+module IPCrypt
+  class Engine
+    attr_reader :default_key
+    IPv4 = /^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/
+
+    def initialize(*ips)
+      @default_key = SecureRandom.random_bytes(16)
+      @ips = ips.flatten.map do |ip|
+        raise InvalidIPv4Error.new(ip) unless IPv4.match? ip
+        ip
+      end
+    end
+
+    def encrypt(key = @default_key)
+      raise InvalidKeyTypeError.new(key, key.class) unless key.is_a? String
+
+      bytes = key.bytesize
+      raise InvalidKeyBytesError.new(key, bytes) unless bytes == 16
+
+      encrypted = @ips.map do |ip|
+        k     = key.chars.map {|c| c.unpack('<C').first }
+        state = ip.split(?.).map &:to_i
+
+        state = xor4 state, k[0...4]
+        state = permute_fwd state
+        state = xor4 state, k[4...8]
+        state = permute_fwd state
+        state = xor4 state, k[8...12]
+        state = permute_fwd state
+        state = xor4 state, k[12...16]
+
+        state * ?.
+      end
+
+      encrypted.size == 1 ? encrypted.first : encrypted
+    end
+
+    def decrypt(key)
+      raise InvalidKeyTypeError.new(key, key.class) unless key.is_a? String
+
+      bytes = key.bytesize
+      raise InvalidKeyBytesError.new(key, bytes) unless bytes == 16
+
+      decrypted = @ips.map do |ip|
+        k     = key.chars.map {|c| c.unpack('<C').first }
+        state = ip.split(?.).map &:to_i
+
+        state = xor4 state, k[12...16]
+        state = permute_bwd state
+        state = xor4 state, k[8...12]
+        state = permute_bwd state
+        state = xor4 state, k[4...8]
+        state = permute_bwd state
+        state = xor4 state, k[0...4]
+
+        state * ?.
+      end
+
+      decrypted.size == 1 ? decrypted.first : decrypted
+    end
+
+    private
+
+    def rotl(b, r)
+      ((b << r) & 0xff) | (b >> (8 - r))
+    end
+
+    def xor4(x, y)
+      (0..3).map {|i| (x[i] ^ y[i]) & 0xff }
+    end
+
+    def permute_fwd(state)
+      b0, b1, b2, b3 = state
+      b0 += b1
+      b2 += b3
+      b0 &= 0xff
+      b2 &= 0xff
+      b1 = rotl b1, 2
+      b3 = rotl b3, 5
+      b1 ^= b0
+      b3 ^= b2
+      b0 = rotl b0, 4
+      b0 += b3
+      b2 += b1
+      b0 &= 0xff
+      b2 &= 0xff
+      b1 = rotl b1, 3
+      b3 = rotl b3, 7
+      b1 ^= b2
+      b3 ^= b0
+      b2 = rotl b2, 4
+      [b0, b1, b2, b3]
+    end
+
+    def permute_bwd(state)
+      b0, b1, b2, b3 = state
+      b2 = rotl b2, 4
+      b1 ^= b2
+      b3 ^= b0
+      b1 = rotl b1, 5
+      b3 = rotl b3, 1
+      b0 -= b3
+      b2 -= b1
+      b0 &= 0xff
+      b2 &= 0xff
+      b0 = rotl b0, 4
+      b1 ^= b0
+      b3 ^= b2
+      b1 = rotl b1, 6
+      b3 = rotl b3, 3
+      b0 -= b1
+      b2 -= b3
+      b0 &= 0xff
+      b2 &= 0xff
+      [b0, b1, b2, b3]
+    end
+  end
+end

data/lib/ipcrypt/exceptions.rb

@@ -0,0 +1,17 @@
+module IPCrypt
+  class InvalidIPv4Error < Exception
+    def initialize(ip)
+      super "Invalid IPv4 address: #{ip}"
+    end
+  end
+  class InvalidKeyTypeError < Exception
+    def initialize(key, type)
+      super "Expected key '#{key}' to be a String, got #{type}"
+    end
+  end
+  class InvalidKeyBytesError < Exception
+    def initialize(key, bytes)
+      super "Expected key '#{key}' to be 16-byte, got #{bytes} byte#{bytes == 1 ? '' : ?s}"
+    end
+  end
+end

data/lib/ipcrypt/ip.rb

@@ -0,0 +1,6 @@
+require 'ipcrypt/engine'
+module IPCrypt
+  module IP
+    def self.[](*ips) Engine.new(*ips) end
+  end
+end

data/lib/ipcrypt/version.rb

@@ -0,0 +1,3 @@
+module IPCrypt
+  VERSION = "1.0.0"
+end

metadata

@@ -0,0 +1,143 @@
+--- !ruby/object:Gem::Specification
+name: ipcrypt
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Edwin Onuonga
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-12-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.8'
+- !ruby/object:Gem::Dependency
+  name: rspec-collection_matchers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: faker
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.20'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.20'
+description: 
+email:
+- edwinonuonga@gmail.com
+executables:
+- ipcrypt
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- bin/ipcrypt
+- ipcrypt.gemspec
+- lib/ipcrypt.rb
+- lib/ipcrypt/cli.rb
+- lib/ipcrypt/engine.rb
+- lib/ipcrypt/exceptions.rb
+- lib/ipcrypt/ip.rb
+- lib/ipcrypt/version.rb
+homepage: https://github.com/eonu/ipcrypt
+licenses:
+- MIT
+metadata:
+  source_code_uri: https://github.com/eonu/ipcrypt/
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - "~>"
+    - !ruby/object:Gem::Version
+      version: '2.5'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: Ruby implementation of the format-preserving IPCrypt encryption algorithm
+  for IPv4 addresses.
+test_files: []