jodid 0.0.1.pre → 0.0.2.pre
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/jodid/cryptor.rb +37 -18
- data/lib/jodid/keychain.rb +7 -6
- data/lib/jodid/storage/in_mem_store.rb +1 -1
- data/lib/jodid/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2c79d13bd3f7253f5a9f07efec4e86ec0f8ba4e8
|
|
4
|
+
data.tar.gz: 7de7209db7375cd438bc89c6ccf0f6f0927c9fbf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3a45d1620b8b13481a678b0ffa5f4ec4aa82e10086f6f8da2a836be803e9e4bb5eca8ab6dfbdcae72df52088feec4b0cc3f9a46855717abf388c69d5c1a04a87
|
|
7
|
+
data.tar.gz: 9a1708fb8a00b194b89f3e4763c59a19ca2b4f8041b2dfe92573c3ea846b523d0320c5b9671295d960313823ec1cc135845eee357d61adcf07023f28c6a69674
|
data/lib/jodid/cryptor.rb
CHANGED
|
@@ -5,11 +5,12 @@
|
|
|
5
5
|
attr_reader :public_key
|
|
6
6
|
|
|
7
7
|
def initialize(public_key, secret_key, keychain)
|
|
8
|
-
check_length(public_key, Crypto::
|
|
9
|
-
check_length(secret_key, Crypto::
|
|
8
|
+
check_length(public_key, Crypto::Sign::PUBLICKEYBYTES, :PublicKey)
|
|
9
|
+
check_length(secret_key, Crypto::Sign::SECRETKEYBYTES, :SecretKey)
|
|
10
10
|
|
|
11
11
|
@public_key = public_key
|
|
12
12
|
@secret_key = secret_key
|
|
13
|
+
@curve25519_sk = Crypto::Sign::Ed25519.sk_to_curve25519(@secret_key)
|
|
13
14
|
@keychain = keychain
|
|
14
15
|
|
|
15
16
|
@shared_secrets = {}
|
|
@@ -17,34 +18,36 @@
|
|
|
17
18
|
|
|
18
19
|
def secretbox(value)
|
|
19
20
|
nonce = Crypto::SecretBox.nonce
|
|
20
|
-
nonce << Crypto::SecretBox.secretbox(value, nonce, @
|
|
21
|
+
nonce << Crypto::SecretBox.secretbox(value, nonce, @curve25519_sk)
|
|
21
22
|
end
|
|
22
23
|
|
|
23
24
|
def secretbox_open(ciphertext, encoding = Encoding.default_external)
|
|
24
25
|
Crypto::SecretBox.open(
|
|
25
26
|
ciphertext[Crypto::SecretBox::NONCEBYTES..-1],
|
|
26
27
|
ciphertext[0...Crypto::SecretBox::NONCEBYTES],
|
|
27
|
-
@
|
|
28
|
+
@curve25519_sk, encoding)
|
|
28
29
|
end
|
|
29
30
|
|
|
30
31
|
def secretbox!(value)
|
|
31
32
|
data = String(value)
|
|
32
33
|
nonce = Crypto::SecretBox.nonce
|
|
33
34
|
Crypto::SecretBox.secretbox!(data, nonce,
|
|
34
|
-
@
|
|
35
|
+
@curve25519_sk).prepend(nonce)
|
|
35
36
|
end
|
|
36
37
|
|
|
37
38
|
def secretbox_open!(ciphertext, encoding = Encoding.default_external)
|
|
38
39
|
nonce = ciphertext.slice!(0...Crypto::SecretBox::NONCEBYTES)
|
|
39
40
|
Crypto::SecretBox.open!(ciphertext, nonce,
|
|
40
|
-
@
|
|
41
|
+
@curve25519_sk, encoding)
|
|
41
42
|
end
|
|
42
43
|
|
|
43
44
|
def box(value, recipient)
|
|
44
45
|
public_key = @keychain.fetch(recipient, :public_key)
|
|
45
46
|
shared_secret = @shared_secrets.fetch(public_key) do
|
|
46
47
|
@shared_secrets.store(public_key,
|
|
47
|
-
Crypto::Box.beforenm(
|
|
48
|
+
Crypto::Box.beforenm(
|
|
49
|
+
Crypto::Sign::Ed25519.pk_to_curve25519(public_key),
|
|
50
|
+
@curve25519_sk))
|
|
48
51
|
end
|
|
49
52
|
nonce = Crypto::Box.nonce
|
|
50
53
|
ciphertext = Crypto::SecretBox.secretbox(value, nonce,
|
|
@@ -53,19 +56,21 @@
|
|
|
53
56
|
end
|
|
54
57
|
|
|
55
58
|
def box_open(ciphertext, encoding = Encoding.default_external)
|
|
56
|
-
public_key = ciphertext[0...Crypto::
|
|
59
|
+
public_key = ciphertext[0...Crypto::Sign::PUBLICKEYBYTES]
|
|
57
60
|
if (shared_secret = @shared_secrets[public_key])
|
|
58
61
|
message = Crypto::SecretBox.open(
|
|
59
|
-
ciphertext[Crypto::
|
|
60
|
-
ciphertext[Crypto::
|
|
62
|
+
ciphertext[Crypto::Sign::PUBLICKEYBYTES + Crypto::Box::NONCEBYTES..-1],
|
|
63
|
+
ciphertext[Crypto::Sign::PUBLICKEYBYTES, Crypto::Box::NONCEBYTES],
|
|
61
64
|
shared_secret, encoding)
|
|
62
65
|
else
|
|
66
|
+
pk = Crypto::Sign::Ed25519.pk_to_curve25519(public_key)
|
|
63
67
|
message = Crypto::Box.open(
|
|
64
|
-
ciphertext[Crypto::
|
|
65
|
-
ciphertext[Crypto::
|
|
66
|
-
|
|
68
|
+
ciphertext[Crypto::Sign::PUBLICKEYBYTES + Crypto::Box::NONCEBYTES..-1],
|
|
69
|
+
ciphertext[Crypto::Sign::PUBLICKEYBYTES, Crypto::Box::NONCEBYTES],
|
|
70
|
+
pk, @curve25519_sk, encoding)
|
|
67
71
|
@shared_secrets.store(public_key,
|
|
68
|
-
Crypto::Box.beforenm(
|
|
72
|
+
Crypto::Box.beforenm(
|
|
73
|
+
pk, @curve25519_sk))
|
|
69
74
|
end
|
|
70
75
|
|
|
71
76
|
message
|
|
@@ -75,7 +80,9 @@
|
|
|
75
80
|
public_key = @keychain.fetch(recipient, :public_key)
|
|
76
81
|
shared_secret = @shared_secrets.fetch(public_key) do
|
|
77
82
|
@shared_secrets.store(public_key,
|
|
78
|
-
Crypto::Box.beforenm(
|
|
83
|
+
Crypto::Box.beforenm(
|
|
84
|
+
Crypto::Sign::Ed25519.pk_to_curve25519(public_key),
|
|
85
|
+
@curve25519_sk))
|
|
79
86
|
end
|
|
80
87
|
data = String(value)
|
|
81
88
|
nonce = Crypto::Box.nonce
|
|
@@ -84,20 +91,32 @@
|
|
|
84
91
|
end
|
|
85
92
|
|
|
86
93
|
def box_open!(ciphertext, encoding = Encoding.default_external)
|
|
87
|
-
public_key = ciphertext.slice!(0...Crypto::
|
|
94
|
+
public_key = ciphertext.slice!(0...Crypto::Sign::PUBLICKEYBYTES)
|
|
88
95
|
nonce = ciphertext.slice!(0...Crypto::Box::NONCEBYTES)
|
|
89
96
|
if (shared_secret = @shared_secrets[public_key])
|
|
90
97
|
message = Crypto::SecretBox.open!(ciphertext, nonce,
|
|
91
98
|
shared_secret, encoding)
|
|
92
99
|
else
|
|
100
|
+
pk = Crypto::Sign::Ed25519.pk_to_curve25519(public_key)
|
|
93
101
|
message = Crypto::Box.open!(ciphertext, nonce,
|
|
94
|
-
|
|
102
|
+
pk, @curve25519_sk, encoding)
|
|
95
103
|
@shared_secrets.store(public_key,
|
|
96
|
-
Crypto::Box.beforenm(
|
|
104
|
+
Crypto::Box.beforenm(pk, @curve25519_sk))
|
|
97
105
|
end
|
|
98
106
|
|
|
99
107
|
message
|
|
100
108
|
end
|
|
109
|
+
|
|
110
|
+
def sign_detached(message)
|
|
111
|
+
Crypto::Sign.detached(message, @secret_key).prepend(@public_key)
|
|
112
|
+
end
|
|
113
|
+
|
|
114
|
+
def sign_verify_detached(signature, message)
|
|
115
|
+
public_key = signature[0...Crypto::Sign::PUBLICKEYBYTES]
|
|
116
|
+
Crypto::Sign.verify_detached(
|
|
117
|
+
signature[Crypto::Sign::PUBLICKEYBYTES..-1],
|
|
118
|
+
message, public_key)
|
|
119
|
+
end
|
|
101
120
|
end
|
|
102
121
|
|
|
103
122
|
Cryptor.freeze
|
data/lib/jodid/keychain.rb
CHANGED
|
@@ -17,10 +17,11 @@ module Jodid
|
|
|
17
17
|
|
|
18
18
|
def auth(identity, password)
|
|
19
19
|
salt = Crypto::PwHash::ScryptSalsa208SHA256.salt
|
|
20
|
-
|
|
20
|
+
key = Crypto::PwHash::ScryptSalsa208SHA256.scryptsalsa208sha256(
|
|
21
21
|
Crypto::OneTimeAuth::KEYBYTES, password, salt)
|
|
22
|
-
|
|
23
|
-
|
|
22
|
+
mac = Crypto::OneTimeAuth.onetimeauth(password, key)
|
|
23
|
+
|
|
24
|
+
public_key, secret_key = Crypto::Sign.memory_locked_seed_keypair(key)
|
|
24
25
|
@storage.store(identity, :salt, salt)
|
|
25
26
|
store_public_key(identity, public_key)
|
|
26
27
|
@storage.store(identity, :mac, mac)
|
|
@@ -30,14 +31,14 @@ module Jodid
|
|
|
30
31
|
end
|
|
31
32
|
|
|
32
33
|
def verify(identity, password)
|
|
33
|
-
|
|
34
|
+
key = Crypto::PwHash::ScryptSalsa208SHA256.scryptsalsa208sha256(
|
|
34
35
|
Crypto::OneTimeAuth::KEYBYTES, password,
|
|
35
36
|
@storage.fetch(identity, :salt))
|
|
36
37
|
|
|
37
38
|
if Crypto::OneTimeAuth.verify(@storage.fetch(identity, :mac),
|
|
38
|
-
password,
|
|
39
|
+
password, key)
|
|
39
40
|
|
|
40
|
-
Cryptor.new(
|
|
41
|
+
Cryptor.new(*Crypto::Sign.memory_locked_seed_keypair(key), self)
|
|
41
42
|
end
|
|
42
43
|
ensure
|
|
43
44
|
password.clear
|
|
@@ -34,7 +34,7 @@
|
|
|
34
34
|
end
|
|
35
35
|
|
|
36
36
|
def store_public_key(identity, public_key)
|
|
37
|
-
check_length(public_key, Crypto::
|
|
37
|
+
check_length(public_key, Crypto::Sign::PUBLICKEYBYTES, :PublicKey)
|
|
38
38
|
|
|
39
39
|
store(identity, :public_key, public_key)
|
|
40
40
|
@pk_to_id.store(public_key, identity)
|
data/lib/jodid/version.rb
CHANGED