lanet 0.1.0 → 0.2.1

data/lib/lanet/cli.rb

@@ -14,27 +14,55 @@ module Lanet
       false
     end
 
-    desc "send --target IP --message MSG [--key KEY] [--port PORT]", "Send a message to a specific target"
-    option :target, required: true
-    option :message, required: true
-    option :key
-    option :port, type: :numeric, default: 5000
+    desc "send", "Send a message to a specific target"
+    method_option :target, type: :string, required: true, desc: "Target IP address"
+    method_option :message, type: :string, required: true, desc: "Message to send"
+    method_option :key, type: :string, desc: "Encryption key (optional)"
+    method_option :private_key_file, type: :string, desc: "Path to private key file for signing (optional)"
+    method_option :port, type: :numeric, default: 5000, desc: "Port number"
     def send
-      sender = Sender.new(options[:port])
-      message = Encryptor.prepare_message(options[:message], options[:key])
+      sender = Lanet::Sender.new(options[:port])
+
+      private_key = nil
+      if options[:private_key_file]
+        begin
+          private_key = File.read(options[:private_key_file])
+          puts "Message will be digitally signed"
+        rescue StandardError => e
+          puts "Error reading private key file: #{e.message}"
+          return
+        end
+      end
+
+      message = Lanet::Encryptor.prepare_message(options[:message], options[:key], private_key)
+
       sender.send_to(options[:target], message)
       puts "Message sent to #{options[:target]}"
     end
 
-    desc "broadcast --message MSG [--key KEY] [--port PORT]", "Broadcast a message to all devices"
-    option :message, required: true
-    option :key
-    option :port, type: :numeric, default: 5000
+    desc "broadcast", "Broadcast a message to all devices on the network"
+    method_option :message, type: :string, required: true, desc: "Message to broadcast"
+    method_option :key, type: :string, desc: "Encryption key (optional)"
+    method_option :private_key_file, type: :string, desc: "Path to private key file for signing (optional)"
+    method_option :port, type: :numeric, default: 5000, desc: "Port number"
     def broadcast
-      sender = Sender.new(options[:port])
-      message = Encryptor.prepare_message(options[:message], options[:key])
+      sender = Lanet::Sender.new(options[:port])
+
+      private_key = nil
+      if options[:private_key_file]
+        begin
+          private_key = File.read(options[:private_key_file])
+          puts "Message will be digitally signed"
+        rescue StandardError => e
+          puts "Error reading private key file: #{e.message}"
+          return
+        end
+      end
+
+      message = Lanet::Encryptor.prepare_message(options[:message], options[:key], private_key)
+
       sender.broadcast(message)
-      puts "Message broadcasted"
+      puts "Message broadcasted to the network"
     end
 
     desc "scan --range CIDR [--timeout TIMEOUT] [--threads THREADS] [--verbose]",
@@ -77,64 +105,84 @@ module Lanet
       end
     end
 
-    desc "listen [--port PORT] [--key KEY]", "Listen for incoming messages"
-    option :port, type: :numeric, default: 5000
-    option :key
+    desc "listen", "Listen for incoming messages"
+    method_option :encryption_key, type: :string, desc: "Encryption key for decrypting messages (optional)"
+    method_option :public_key_file, type: :string, desc: "Path to public key file for signature verification (optional)"
+    method_option :port, type: :numeric, default: 5000, desc: "Port to listen on"
     def listen
-      receiver = Receiver.new(options[:port])
-      puts "Listening on port #{options[:port]}..."
-      receiver.listen do |data, ip|
-        message = Encryptor.process_message(data, options[:key])
-        puts "From #{ip}: #{message}"
+      receiver = Lanet::Receiver.new(options[:port])
+
+      public_key = nil
+      if options[:public_key_file]
+        begin
+          public_key = File.read(options[:public_key_file])
+          puts "Digital signature verification enabled"
+        rescue StandardError => e
+          puts "Error reading public key file: #{e.message}"
+          return
+        end
       end
-    end
 
-    desc "ping [HOST]", "Ping a host or multiple hosts with real-time output"
-    option :host, type: :string, desc: "Single host to ping"
-    option :hosts, type: :string, desc: "Comma-separated list of hosts to ping"
-    option :timeout, type: :numeric, default: 1, desc: "Ping timeout in seconds"
-    option :count, type: :numeric, default: 5, desc: "Number of ping packets to send"
-    option :quiet, type: :boolean, default: false, desc: "Only display summary"
-    option :continuous, type: :boolean, default: false, desc: "Ping continuously until interrupted"
-    def ping(target_host = nil)
-      # Support both traditional command (lanet ping 192.168.1.1) and option-style (--host)
-      target = target_host || options[:host] || options[:hosts]
-
-      unless target
-        puts "Error: Missing host to ping"
-        puts "Usage: lanet ping HOST"
-        puts "   or: lanet ping --host HOST"
-        puts "   or: lanet ping --hosts HOST1,HOST2,HOST3"
-        return
-      end
+      puts "Listening for messages on port #{options[:port]}..."
+      puts "Press Ctrl+C to stop"
 
-      pinger = Lanet::Ping.new(timeout: options[:timeout], count: options[:count])
+      receiver.listen do |data, sender_ip|
+        result = Lanet::Encryptor.process_message(data, options[:encryption_key], public_key)
 
-      if target_host || options[:host]
-        # For a single host, we use real-time output unless quiet is specified
-        host = target_host || options[:host]
-        if options[:quiet]
-          result = pinger.ping_host(host, false, options[:continuous])
-          display_ping_summary(host, result)
-        else
-          pinger.ping_host(host, true, options[:continuous]) # Real-time output with optional continuous mode
-        end
-      else
-        hosts = options[:hosts].split(",").map(&:strip)
+        puts "\nMessage from #{sender_ip}:"
+        puts "Content: #{result[:content]}"
 
-        if options[:quiet]
-          results = pinger.ping_hosts(hosts, false, options[:continuous])
-          hosts.each do |host|
-            display_ping_summary(host, results[host])
-            puts "\n" unless host == hosts.last
-          end
-        else
-          # Real-time output for multiple hosts
-          pinger.ping_hosts(hosts, true, options[:continuous])
+        if result.key?(:verified)
+          verification_status = if result[:verified]
+                                  "VERIFIED"
+                                else
+                                  "NOT VERIFIED: #{result[:verification_status]}"
+                                end
+          puts "Signature: #{verification_status}"
         end
+
+        puts "-" * 40
       end
     end
 
+    desc "ping", "Ping a host to check connectivity"
+    method_option :host, type: :string, desc: "Host to ping"
+    method_option :hosts, type: :string, desc: "Comma-separated list of hosts to ping"
+    method_option :timeout, type: :numeric, default: 1, desc: "Timeout in seconds"
+    method_option :count, type: :numeric, default: 4, desc: "Number of pings"
+    method_option :continuous, type: :boolean, default: false, desc: "Ping continuously until interrupted"
+    method_option :quiet, type: :boolean, default: false, desc: "Show only summary"
+    def ping(single_host = nil)
+      # This is a placeholder for the ping implementation
+      target_host = single_host || options[:host]
+      puts "Pinging #{target_host || options[:hosts]}..."
+      puts "Ping functionality not implemented yet"
+    end
+
+    desc "keygen", "Generate key pair for digital signatures"
+    method_option :bits, type: :numeric, default: 2048, desc: "Key size in bits"
+    method_option :output, type: :string, default: ".", desc: "Output directory"
+    def keygen
+      key_pair = Lanet::Signer.generate_key_pair(options[:bits])
+
+      private_key_file = File.join(options[:output], "lanet_private.key")
+      public_key_file = File.join(options[:output], "lanet_public.key")
+
+      File.write(private_key_file, key_pair[:private_key])
+      File.write(public_key_file, key_pair[:public_key])
+
+      puts "Key pair generated!"
+      puts "Private key saved to: #{private_key_file}"
+      puts "Public key saved to: #{public_key_file}"
+      puts "\nIMPORTANT: Keep your private key secure and never share it."
+      puts "Share your public key with others who need to verify your messages."
+    end
+
+    desc "version", "Display the version of Lanet"
+    def version
+      puts "Lanet version #{Lanet::VERSION}"
+    end
+
     private
 
     def display_ping_details(host, result)

data/lib/lanet/encryptor.rb

@@ -3,6 +3,7 @@
 require "openssl"
 require "digest"
 require "base64"
+require_relative "signer"
 
 module Lanet
   class Encryptor
@@ -10,16 +11,50 @@ module Lanet
     CIPHER_ALGORITHM = "AES-256-CBC"
     ENCRYPTED_PREFIX = "E"
     PLAINTEXT_PREFIX = "P"
+    SIGNED_ENCRYPTED_PREFIX = "SE"
+    SIGNED_PLAINTEXT_PREFIX = "SP"
     IV_SIZE = 16
+    SIGNATURE_DELIMITER = "||SIG||"
+    MAX_KEY_LENGTH = 64
 
     # Error class for encryption/decryption failures
     class Error < StandardError; end
 
-    # Encrypts a message if key is provided, otherwise marks it as plaintext
+    # Prepares a message with encryption and/or signing
     # @param message [String] the message to prepare
-    # @param key [String, nil] encryption key or nil for plaintext
+    # @param encryption_key [String, nil] encryption key or nil for plaintext
+    # @param private_key [String, nil] PEM-encoded private key for signing or nil for unsigned
     # @return [String] prepared message with appropriate prefix
-    def self.prepare_message(message, key)
+    def self.prepare_message(message, encryption_key, private_key = nil)
+      if private_key.nil? || private_key.empty?
+        prepare_unsigned_message(message, encryption_key)
+      else
+        # Sign the message
+        signature = Signer.sign(message.to_s, private_key)
+        message_with_signature = "#{message}#{SIGNATURE_DELIMITER}#{signature}"
+
+        return "#{SIGNED_PLAINTEXT_PREFIX}#{message_with_signature}" if encryption_key.nil? || encryption_key.empty?
+
+        # Signed but not encrypted
+
+        # Signed and encrypted
+        begin
+          cipher = OpenSSL::Cipher.new("AES-128-CBC")
+          cipher.encrypt
+          cipher.key = derive_key(encryption_key)
+          iv = cipher.random_iv
+          encrypted = cipher.update(message_with_signature) + cipher.final
+          encoded = Base64.strict_encode64(iv + encrypted)
+          "#{SIGNED_ENCRYPTED_PREFIX}#{encoded}"
+        rescue StandardError => e
+          raise Error, "Encryption failed: #{e.message}"
+        end
+
+      end
+    end
+
+    # Original prepare_message renamed
+    def self.prepare_unsigned_message(message, key)
       return PLAINTEXT_PREFIX + message.to_s if key.nil? || key.empty?
 
       begin
@@ -35,35 +70,78 @@ module Lanet
       end
     end
 
-    # Processes a message, decrypting if necessary
+    # Processes a message, decrypting and verifying if necessary
     # @param data [String] the data to process
-    # @param key [String, nil] decryption key or nil
-    # @return [String] processed message
-    def self.process_message(data, key)
-      return "[Empty message]" if data.nil? || data.empty?
+    # @param encryption_key [String, nil] decryption key or nil
+    # @param public_key [String, nil] PEM-encoded public key for verification or nil
+    # @return [Hash] processed message with content and verification status
+    def self.process_message(data, encryption_key = nil, public_key = nil)
+      return { content: "[Empty message]", verified: false } if data.nil? || data.empty?
 
-      prefix = data[0]
-      content = data[1..]
+      prefix = data[0..0] # First character for simple prefixes
+      prefix = data[0..1] if data.length > 1 && %w[SE SP].include?(data[0..1]) # Two characters for complex prefixes
+      content = data[prefix.length..]
 
       case prefix
       when ENCRYPTED_PREFIX
-        if key.nil? || key.strip.empty?
-          "[Encrypted message received, but no key provided]"
+        if encryption_key.nil? || encryption_key.strip.empty?
+          { content: "[Encrypted message received, but no key provided]", verified: false }
         else
           begin
-            decode_encrypted_message(content, key)
+            decrypted = decode_encrypted_message(content, encryption_key)
+            { content: decrypted, verified: false }
           rescue StandardError => e
-            "Decryption failed: #{e.message}"
+            { content: "Decryption failed: #{e.message}", verified: false }
           end
         end
       when PLAINTEXT_PREFIX
-        content
+        { content: content, verified: false }
+      when SIGNED_ENCRYPTED_PREFIX
+        if encryption_key.nil? || encryption_key.strip.empty?
+          { content: "[Signed encrypted message received, but no encryption key provided]", verified: false }
+        else
+          begin
+            decrypted = decode_encrypted_message(content, encryption_key)
+            process_signed_content(decrypted, public_key)
+          rescue StandardError => e
+            { content: "Processing signed encrypted message failed: #{e.message}", verified: false }
+          end
+        end
+      when SIGNED_PLAINTEXT_PREFIX
+        process_signed_content(content, public_key)
       else
-        "[Invalid message format]"
+        { content: "[Invalid message format]", verified: false }
+      end
+    end
+
+    # Process content that contains a signature
+    def self.process_signed_content(content, public_key)
+      if content.include?(SIGNATURE_DELIMITER)
+        message, signature = content.split(SIGNATURE_DELIMITER, 2)
+
+        if public_key.nil? || public_key.strip.empty?
+          { content: message, verified: false, verification_status: "No public key provided for verification" }
+        else
+          begin
+            verified = Signer.verify(message, signature, public_key)
+            { content: message, verified: verified,
+              verification_status: verified ? "Verified" : "Signature verification failed" }
+          rescue StandardError => e
+            { content: message, verified: false, verification_status: "Verification error: #{e.message}" }
+          end
+        end
+      else
+        { content: content, verified: false, verification_status: "No signature found" }
       end
     end
 
     def self.derive_key(key)
+      # Add validation to reject keys that are too long
+      if key && key.length > MAX_KEY_LENGTH
+        raise Error,
+              "Encryption key is too long (maximum #{MAX_KEY_LENGTH} characters)"
+      end
+
       digest = OpenSSL::Digest.new("SHA256")
       OpenSSL::PKCS5.pbkdf2_hmac(key, "salt", 1000, 16, digest)
     end