moac 0.4.8

data/lib/moac/key.rb

@@ -0,0 +1,71 @@
+module Moac
+  class Key
+    autoload :Decrypter, 'moac/key/decrypter'
+    autoload :Encrypter, 'moac/key/encrypter'
+
+    attr_reader :private_key, :public_key
+
+    def self.encrypt(key, password)
+      key = new(priv: key) unless key.is_a?(Key)
+
+      Encrypter.perform key.private_hex, password
+    end
+
+    def self.decrypt(data, password)
+      priv = Decrypter.perform data, password
+      new priv: priv
+    end
+
+
+    def initialize(priv: nil)
+      @private_key = MoneyTree::PrivateKey.new key: priv
+      @public_key = MoneyTree::PublicKey.new private_key, compressed: false
+    end
+
+    def private_hex
+      private_key.to_hex
+    end
+
+    def public_bytes
+      public_key.to_bytes
+    end
+
+    def public_hex
+      public_key.to_hex
+    end
+
+    def address
+      Utils.public_key_to_address public_hex
+    end
+    alias_method :to_address, :address
+
+    def sign(message)
+      sign_hash message_hash(message)
+    end
+
+    def sign_hash(hash)
+      loop do
+        signature = OpenSsl.sign_compact hash, private_hex, public_hex
+        return signature if valid_s? signature
+      end
+    end
+
+    def verify_signature(message, signature)
+      hash = message_hash(message)
+      public_hex == OpenSsl.recover_compact(hash, signature)
+    end
+
+
+    private
+
+    def message_hash(message)
+      Utils.keccak256 message
+    end
+
+    def valid_s?(signature)
+      s_value = Utils.v_r_s_for(signature).last
+      s_value <= Secp256k1::N/2 && s_value != 0
+    end
+
+  end
+end

data/lib/moac/key/decrypter.rb

@@ -0,0 +1,113 @@
+require 'json'
+require 'scrypt'
+
+class Moac::Key::Decrypter
+  include Moac::Utils
+
+  def self.perform(data, password)
+    new(data, password).perform
+  end
+
+  def initialize(data, password)
+    @data = JSON.parse(data)
+    @password = password
+  end
+
+  def perform
+    derive_key password
+    check_macs
+    bin_to_hex decrypted_data
+  end
+
+
+  private
+
+  attr_reader :data, :key, :password
+
+  def derive_key(password)
+    case kdf
+    when 'pbkdf2'
+      @key = OpenSSL::PKCS5.pbkdf2_hmac(password, salt, iterations, key_length, digest)
+    when 'scrypt'
+      # OpenSSL 1.1 inclues OpenSSL::KDF.scrypt, but it is not available usually, otherwise we could do: OpenSSL::KDF.scrypt(password, salt: salt, N: n, r: r, p: p, length: key_length)
+      @key = SCrypt::Engine.scrypt(password, salt, n, r, p, key_length)
+    else
+      raise "Unsupported key derivation function: #{kdf}!"
+    end
+  end
+
+  def check_macs
+    mac1 = keccak256(key[(key_length/2), key_length] + ciphertext)
+    mac2 = hex_to_bin crypto_data['mac']
+
+    if mac1 != mac2
+      raise "Message Authentications Codes do not match!"
+    end
+  end
+
+  def decrypted_data
+    @decrypted_data ||= cipher.update(ciphertext) + cipher.final
+  end
+
+  def crypto_data
+    @crypto_data ||= data['crypto'] || data['Crypto']
+  end
+
+  def ciphertext
+    hex_to_bin crypto_data['ciphertext']
+  end
+
+  def cipher_name
+    "aes-128-ctr"
+  end
+
+  def cipher
+    @cipher ||= OpenSSL::Cipher.new(cipher_name).tap do |cipher|
+      cipher.decrypt
+      cipher.key = key[0, (key_length/2)]
+      cipher.iv = iv
+    end
+  end
+
+  def iv
+    hex_to_bin crypto_data['cipherparams']['iv']
+  end
+
+  def salt
+    hex_to_bin crypto_data['kdfparams']['salt']
+  end
+
+  def iterations
+    crypto_data['kdfparams']['c'].to_i
+  end
+
+  def kdf
+    crypto_data['kdf']
+  end
+
+  def key_length
+    crypto_data['kdfparams']['dklen'].to_i
+  end
+
+  def n
+    crypto_data['kdfparams']['n'].to_i
+  end
+
+  def r
+    crypto_data['kdfparams']['r'].to_i
+  end
+
+  def p
+    crypto_data['kdfparams']['p'].to_i
+  end
+
+  def digest
+    OpenSSL::Digest.new digest_name
+  end
+
+  def digest_name
+    "sha256"
+  end
+  
+
+end

data/lib/moac/key/encrypter.rb

@@ -0,0 +1,128 @@
+require 'json'
+require 'securerandom'
+
+class Moac::Key::Encrypter
+  include Moac::Utils
+
+  def self.perform(key, password, options = {})
+    new(key, options).perform(password)
+  end
+
+  def initialize(key, options = {})
+    @key = key
+    @options = options
+  end
+
+  def perform(password)
+    derive_key password
+    encrypt
+
+    data.to_json
+  end
+
+  def data
+    {
+      crypto: {
+        cipher: cipher_name,
+        cipherparams: {
+          iv: bin_to_hex(iv),
+        },
+        ciphertext: bin_to_hex(encrypted_key),
+        kdf: "pbkdf2",
+        kdfparams: {
+          c: iterations,
+          dklen: 32,
+          prf: prf,
+          salt: bin_to_hex(salt),
+        },
+        mac: bin_to_hex(mac),
+      },
+      id: id,
+      version: 3,
+    }.tap do |data|
+      data[:address] = address unless options[:skip_address]
+    end
+  end
+
+  def id
+    @id ||= options[:id] || SecureRandom.uuid
+  end
+
+
+  private
+
+  attr_reader :derived_key, :encrypted_key, :key, :options
+
+  def cipher
+    @cipher ||= OpenSSL::Cipher.new(cipher_name).tap do |cipher|
+      cipher.encrypt
+      cipher.iv = iv
+      cipher.key = derived_key[0, (key_length/2)]
+    end
+  end
+
+  def digest
+    @digest ||= OpenSSL::Digest.new digest_name
+  end
+
+  def derive_key(password)
+    @derived_key = OpenSSL::PKCS5.pbkdf2_hmac(password, salt, iterations, key_length, digest)
+  end
+
+  def encrypt
+    @encrypted_key = cipher.update(hex_to_bin key) + cipher.final
+  end
+
+  def mac
+    keccak256(derived_key[(key_length/2), key_length] + encrypted_key)
+  end
+
+  def cipher_name
+    "aes-128-ctr"
+  end
+
+  def digest_name
+    "sha256"
+  end
+
+  def prf
+    "hmac-#{digest_name}"
+  end
+
+  def key_length
+    32
+  end
+
+  def salt_length
+    32
+  end
+
+  def iv_length
+    16
+  end
+
+  def iterations
+    options[:iterations] || 262_144
+  end
+
+  def salt
+    @salt ||= if options[:salt]
+      hex_to_bin options[:salt]
+    else
+      SecureRandom.random_bytes(salt_length)
+    end
+  end
+
+  def iv
+    @iv ||= if options[:iv]
+      hex_to_bin options[:iv]
+    else
+      SecureRandom.random_bytes(iv_length)
+    end
+  end
+
+  def address
+    Moac::Key.new(priv: key).address
+  end
+
+end

data/lib/moac/open_ssl.rb

@@ -0,0 +1,197 @@
+# originally lifted from https://github.com/lian/bitcoin-ruby
+# thanks to everyone there for figuring this out
+
+module Moac
+  class OpenSsl
+    extend FFI::Library
+
+    if FFI::Platform.windows?
+      ffi_lib 'libeay32', 'ssleay32'
+    else
+      ffi_lib ['libssl.so.1.0.0', 'libssl.so.10', 'ssl']
+    end
+
+    NID_secp256k1 = 714
+    POINT_CONVERSION_COMPRESSED = 2
+    POINT_CONVERSION_UNCOMPRESSED = 4
+
+    attach_function :SSL_library_init, [], :int
+    attach_function :ERR_load_crypto_strings, [], :void
+    attach_function :SSL_load_error_strings, [], :void
+    attach_function :RAND_poll, [], :int
+
+    attach_function :BN_CTX_free, [:pointer], :int
+    attach_function :BN_CTX_new, [], :pointer
+    attach_function :BN_add, [:pointer, :pointer, :pointer], :int
+    attach_function :BN_bin2bn, [:pointer, :int, :pointer], :pointer
+    attach_function :BN_bn2bin, [:pointer, :pointer], :int
+    attach_function :BN_cmp, [:pointer, :pointer], :int
+    attach_function :BN_dup, [:pointer], :pointer
+    attach_function :BN_free, [:pointer], :int
+    attach_function :BN_mod_inverse, [:pointer, :pointer, :pointer, :pointer], :pointer
+    attach_function :BN_mod_mul, [:pointer, :pointer, :pointer, :pointer, :pointer], :int
+    attach_function :BN_mod_sub, [:pointer, :pointer, :pointer, :pointer, :pointer], :int
+    attach_function :BN_mul_word, [:pointer, :int], :int
+    attach_function :BN_new, [], :pointer
+    attach_function :BN_num_bits, [:pointer], :int
+    attach_function :BN_rshift, [:pointer, :pointer, :int], :int
+    attach_function :BN_set_word, [:pointer, :int], :int
+    attach_function :ECDSA_SIG_free, [:pointer], :void
+    attach_function :ECDSA_do_sign, [:pointer, :uint, :pointer], :pointer
+    attach_function :EC_GROUP_get_curve_GFp, [:pointer, :pointer, :pointer, :pointer, :pointer], :int
+    attach_function :EC_GROUP_get_degree, [:pointer], :int
+    attach_function :EC_GROUP_get_order, [:pointer, :pointer, :pointer], :int
+    attach_function :EC_KEY_free, [:pointer], :int
+    attach_function :EC_KEY_get0_group, [:pointer], :pointer
+    attach_function :EC_KEY_new_by_curve_name, [:int], :pointer
+    attach_function :EC_KEY_set_conv_form, [:pointer, :int], :void
+    attach_function :EC_KEY_set_private_key, [:pointer, :pointer], :int
+    attach_function :EC_KEY_set_public_key,  [:pointer, :pointer], :int
+    attach_function :EC_POINT_free, [:pointer], :int
+    attach_function :EC_POINT_mul, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int
+    attach_function :EC_POINT_new, [:pointer], :pointer
+    attach_function :EC_POINT_set_compressed_coordinates_GFp, [:pointer, :pointer, :pointer, :int, :pointer], :int
+    attach_function :i2o_ECPublicKey, [:pointer, :pointer], :uint
+
+    class << self
+      def BN_num_bytes(ptr)
+        (BN_num_bits(ptr) + 7) / 8
+      end
+
+      def sign_compact(hash, private_key, public_key_hex)
+        private_key = [private_key].pack("H*") if private_key.bytesize >= 64
+        pubkey_compressed = false
+
+        init_ffi_ssl
+        eckey = EC_KEY_new_by_curve_name(NID_secp256k1)
+        priv_key = BN_bin2bn(private_key, private_key.bytesize, BN_new())
+
+        group, order, ctx = EC_KEY_get0_group(eckey), BN_new(), BN_CTX_new()
+        EC_GROUP_get_order(group, order, ctx)
+
+        pub_key = EC_POINT_new(group)
+        EC_POINT_mul(group, pub_key, priv_key, nil, nil, ctx)
+        EC_KEY_set_private_key(eckey, priv_key)
+        EC_KEY_set_public_key(eckey, pub_key)
+
+        signature = ECDSA_do_sign(hash, hash.bytesize, eckey)
+
+        BN_free(order)
+        BN_CTX_free(ctx)
+        EC_POINT_free(pub_key)
+        BN_free(priv_key)
+        EC_KEY_free(eckey)
+
+        buf, rec_id, head = FFI::MemoryPointer.new(:uint8, 32), nil, nil
+        r, s = signature.get_array_of_pointer(0, 2).map{|i| BN_bn2bin(i, buf); buf.read_string(BN_num_bytes(i)).rjust(32, "\x00") }
+
+        if signature.get_array_of_pointer(0, 2).all?{|i| BN_num_bits(i) <= 256 }
+          4.times{|i|
+            head = [ Moac.v_base + i ].pack("C")
+            if public_key_hex == recover_public_key_from_signature(hash, [head, r, s].join, i, pubkey_compressed)
+              rec_id = i; break
+            end
+          }
+        end
+
+        ECDSA_SIG_free(signature)
+
+        [ head, [r,s] ].join if rec_id
+      end
+
+      def recover_public_key_from_signature(message_hash, signature, rec_id, is_compressed)
+        return nil if rec_id < 0 or signature.bytesize != 65
+        init_ffi_ssl
+
+        signature = FFI::MemoryPointer.from_string(signature)
+        r = BN_bin2bn(signature[1], 32, BN_new())
+        s = BN_bin2bn(signature[33], 32, BN_new())
+
+        _n, i = 0, rec_id / 2
+        eckey = EC_KEY_new_by_curve_name(NID_secp256k1)
+
+        EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED) if is_compressed
+
+        group = EC_KEY_get0_group(eckey)
+        order = BN_new()
+        EC_GROUP_get_order(group, order, nil)
+        x = BN_dup(order)
+        BN_mul_word(x, i)
+        BN_add(x, x, r)
+
+        field = BN_new()
+        EC_GROUP_get_curve_GFp(group, field, nil, nil, nil)
+
+        if BN_cmp(x, field) >= 0
+          bn_free_each r, s, order, x, field
+          EC_KEY_free(eckey)
+          return nil
+        end
+
+        big_r = EC_POINT_new(group)
+        EC_POINT_set_compressed_coordinates_GFp(group, big_r, x, rec_id % 2, nil)
+
+        big_q = EC_POINT_new(group)
+        n = EC_GROUP_get_degree(group)
+        e = BN_bin2bn(message_hash, message_hash.bytesize, BN_new())
+        BN_rshift(e, e, 8 - (n & 7)) if 8 * message_hash.bytesize > n
+
+        ctx = BN_CTX_new()
+        zero, rr, sor, eor = BN_new(), BN_new(), BN_new(), BN_new()
+        BN_set_word(zero, 0)
+        BN_mod_sub(e, zero, e, order, ctx)
+        BN_mod_inverse(rr, r, order, ctx)
+        BN_mod_mul(sor, s, rr, order, ctx)
+        BN_mod_mul(eor, e, rr, order, ctx)
+        EC_POINT_mul(group, big_q, eor, big_r, sor, ctx)
+        EC_KEY_set_public_key(eckey, big_q)
+        BN_CTX_free(ctx)
+
+        bn_free_each r, s, order, x, field, e, zero, rr, sor, eor
+        [big_r, big_q].each{|j| EC_POINT_free(j) }
+
+        recover_public_hex eckey
+      end
+
+      def recover_compact(hash, signature)
+        return false if signature.bytesize != 65
+
+        version = signature.unpack('C')[0]
+        v_base = Moac.replayable_v?(version) ? Moac.replayable_chain_id : Moac.v_base
+        return false if version < v_base
+
+        recover_public_key_from_signature(hash, signature, (version - v_base), false)
+      end
+
+      def init_ffi_ssl
+        return if @ssl_loaded
+        SSL_library_init()
+        ERR_load_crypto_strings()
+        SSL_load_error_strings()
+        RAND_poll()
+        @ssl_loaded = true
+      end
+
+
+      private
+
+      def bn_free_each(*list)
+        list.each{|j| BN_free(j) }
+      end
+
+      def recover_public_hex(eckey)
+        length = i2o_ECPublicKey(eckey, nil)
+        buf = FFI::MemoryPointer.new(:uint8, length)
+        ptr = FFI::MemoryPointer.new(:pointer).put_pointer(0, buf)
+        pub_hex = if i2o_ECPublicKey(eckey, ptr) == length
+          buf.read_string(length).unpack("H*")[0]
+        end
+
+        EC_KEY_free(eckey)
+
+        pub_hex
+      end
+    end
+
+  end
+end