nkeys 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 14f5eb34b132d8bbe6d8e058766d82e6f3eb4579aa14abb2327932e4ec53a343
+  data.tar.gz: 660dfbc5cf39956ef0e7f0d37bf5ad7699b7eedba2527ef6ab2fbe407dbd97bf
+SHA512:
+  metadata.gz: ce9433466b8f6d734b4291ccc899fe951632dc171bddc7c04d95c2787440650eb2a0662e6d0659f9260225862c248ed91c9c8e15abeeae77f6c386beab653188
+  data.tar.gz: a812e1099ded76d6e66155670ae12c9cf2dbd70254909bd2e8d73b811bd3f35032cc87ab237dedfc88768aa5c41f056c68c5262ecdbbc78c900925954cd7a93e

data/lib/nkeys.rb

@@ -0,0 +1,116 @@
+# Copyright 2018 The NATS Authors
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'base32'
+require_relative 'nkeys/keypair'
+
+module NKEYS
+
+  # PREFIX_BYTE_SEED is the version byte used for encoded NATS Seeds
+  PREFIX_BYTE_SEED     = 18 << 3    # Base32-encodes to 'S...'
+
+  # PREFIX_BYTE_PRIVATE is the version byte used for encoded NATS Private keys
+  PREFIX_BYTE_PRIVATE  = 15 << 3    # Base32-encodes to 'P...'
+
+  # PREFIX_BYTE_SERVER is the version byte used for encoded NATS Servers
+  PREFIX_BYTE_SERVER   = 13 << 3    # Base32-encodes to 'N...'
+
+  # PREFIX_BYTE_CLUSTER is the version byte used for encoded NATS Clusters
+  PREFIX_BYTE_CLUSTER  = 2 << 3     # Base32-encodes to 'C...'
+
+  # PREFIX_BYTE_OPERATOR is the version byte used for encoded NATS Operators
+  PREFIX_BYTE_OPERATOR = 14 << 3    # Base32-encodes to 'O...'
+
+  # PREFIX_BYTE_ACCOUNT is the version byte used for encoded NATS Accounts
+  PREFIX_BYTE_ACCOUNT  = 0          # Base32-encodes to 'A...'
+
+  # PREFIX_BYTE_USER is the version byte used for encoded NATS Users
+  PREFIX_BYTE_USER     = 20 << 3    # Base32-encodes to 'U...'
+
+  class << self
+
+    # Create a keypair to use for signing from a seed.
+    # @param [String] seed The seed from which can create a public/private KeyPair.
+    def from_seed(seed)
+      _, raw_seed = decode_seed(seed)
+      keys = Ed25519::SigningKey.new(raw_seed)
+
+      KeyPair.new(seed: seed, keys: keys)
+    end
+
+    # Create a keypair capable of verifying signatures.
+    # @param [String] public_key The public key to create the KeyPair.
+    def from_public_key(public_key)
+      KeyPair.new(public_key: public_key)
+    end
+
+    def decode_seed(src)
+      if src.nil? || src.empty?
+        raise NKEYS::InvalidSeed, "nkeys: Invalid Seed"
+      end
+
+      # Take the encoded seed if provided and generate the private and public keys,
+      # since both are needed to be able to sign things.
+      raw = nil
+      begin
+        base32_decoded = Base32.decode(src).bytes
+        raw = base32_decoded[0...(base32_decoded.size-2)]
+      rescue
+        raise NKEYS::InvalidSeed, "nkeys: Invalid Seed"
+      end
+
+      # 248 = 11111000
+      b1 = raw[0] & 248
+
+      # 7 = 00000111
+      b2 = (raw[0] & 7) << 5 | ((raw[1] & 248) >> 3)
+
+      if b1 != PREFIX_BYTE_SEED
+        raise NKEYS::InvalidSeed, "nkeys: Invalid Seed"
+      elsif !valid_public_prefix_byte(b2)
+        raise NKEYS::InvalidPrefixByte, "nkeys: Invalid Prefix Byte"
+      end
+
+      prefix = b2
+      result = raw[2..(raw.size)].pack('c*')
+
+      [prefix, result]
+    end
+
+    def valid_public_prefix_byte(prefix)
+      case
+      when prefix == PREFIX_BYTE_OPERATOR; true
+      when prefix == PREFIX_BYTE_SERVER; true
+      when prefix == PREFIX_BYTE_CLUSTER; true
+      when prefix == PREFIX_BYTE_ACCOUNT; true
+      when prefix == PREFIX_BYTE_USER; true
+      else
+        false
+      end
+    end
+
+    def valid_prefix_byte(prefix)
+      case
+      when prefix == PREFIX_BYTE_OPERATOR; true
+      when prefix == PREFIX_BYTE_SERVER; true
+      when prefix == PREFIX_BYTE_CLUSTER; true
+      when prefix == PREFIX_BYTE_ACCOUNT; true
+      when prefix == PREFIX_BYTE_USER; true
+      when prefix == PREFIX_BYTE_SEED; true
+      when prefix == PREFIX_BYTE_PRIVATE; true
+      else
+        false
+      end
+    end
+  end
+end

data/lib/nkeys/crc16.rb

@@ -0,0 +1,64 @@
+# Copyright 2018 The NATS Authors
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module NKEYS
+  class << self
+
+    def crc16(data)
+      crc = 0
+      data.each do |b|
+        crc = ((crc << 8) & 0xffff) ^ CRC16TAB[((crc>>8)^b)&0x00FF]
+      end
+
+      crc
+    end
+
+    private
+
+    CRC16TAB = [
+      0x0000, 0x1021, 0x2042, 0x3063, 0x4084, 0x50a5, 0x60c6, 0x70e7,
+      0x8108, 0x9129, 0xa14a, 0xb16b, 0xc18c, 0xd1ad, 0xe1ce, 0xf1ef,
+      0x1231, 0x0210, 0x3273, 0x2252, 0x52b5, 0x4294, 0x72f7, 0x62d6,
+      0x9339, 0x8318, 0xb37b, 0xa35a, 0xd3bd, 0xc39c, 0xf3ff, 0xe3de,
+      0x2462, 0x3443, 0x0420, 0x1401, 0x64e6, 0x74c7, 0x44a4, 0x5485,
+      0xa56a, 0xb54b, 0x8528, 0x9509, 0xe5ee, 0xf5cf, 0xc5ac, 0xd58d,
+      0x3653, 0x2672, 0x1611, 0x0630, 0x76d7, 0x66f6, 0x5695, 0x46b4,
+      0xb75b, 0xa77a, 0x9719, 0x8738, 0xf7df, 0xe7fe, 0xd79d, 0xc7bc,
+      0x48c4, 0x58e5, 0x6886, 0x78a7, 0x0840, 0x1861, 0x2802, 0x3823,
+      0xc9cc, 0xd9ed, 0xe98e, 0xf9af, 0x8948, 0x9969, 0xa90a, 0xb92b,
+      0x5af5, 0x4ad4, 0x7ab7, 0x6a96, 0x1a71, 0x0a50, 0x3a33, 0x2a12,
+      0xdbfd, 0xcbdc, 0xfbbf, 0xeb9e, 0x9b79, 0x8b58, 0xbb3b, 0xab1a,
+      0x6ca6, 0x7c87, 0x4ce4, 0x5cc5, 0x2c22, 0x3c03, 0x0c60, 0x1c41,
+      0xedae, 0xfd8f, 0xcdec, 0xddcd, 0xad2a, 0xbd0b, 0x8d68, 0x9d49,
+      0x7e97, 0x6eb6, 0x5ed5, 0x4ef4, 0x3e13, 0x2e32, 0x1e51, 0x0e70,
+      0xff9f, 0xefbe, 0xdfdd, 0xcffc, 0xbf1b, 0xaf3a, 0x9f59, 0x8f78,
+      0x9188, 0x81a9, 0xb1ca, 0xa1eb, 0xd10c, 0xc12d, 0xf14e, 0xe16f,
+      0x1080, 0x00a1, 0x30c2, 0x20e3, 0x5004, 0x4025, 0x7046, 0x6067,
+      0x83b9, 0x9398, 0xa3fb, 0xb3da, 0xc33d, 0xd31c, 0xe37f, 0xf35e,
+      0x02b1, 0x1290, 0x22f3, 0x32d2, 0x4235, 0x5214, 0x6277, 0x7256,
+      0xb5ea, 0xa5cb, 0x95a8, 0x8589, 0xf56e, 0xe54f, 0xd52c, 0xc50d,
+      0x34e2, 0x24c3, 0x14a0, 0x0481, 0x7466, 0x6447, 0x5424, 0x4405,
+      0xa7db, 0xb7fa, 0x8799, 0x97b8, 0xe75f, 0xf77e, 0xc71d, 0xd73c,
+      0x26d3, 0x36f2, 0x0691, 0x16b0, 0x6657, 0x7676, 0x4615, 0x5634,
+      0xd94c, 0xc96d, 0xf90e, 0xe92f, 0x99c8, 0x89e9, 0xb98a, 0xa9ab,
+      0x5844, 0x4865, 0x7806, 0x6827, 0x18c0, 0x08e1, 0x3882, 0x28a3,
+      0xcb7d, 0xdb5c, 0xeb3f, 0xfb1e, 0x8bf9, 0x9bd8, 0xabbb, 0xbb9a,
+      0x4a75, 0x5a54, 0x6a37, 0x7a16, 0x0af1, 0x1ad0, 0x2ab3, 0x3a92,
+      0xfd2e, 0xed0f, 0xdd6c, 0xcd4d, 0xbdaa, 0xad8b, 0x9de8, 0x8dc9,
+      0x7c26, 0x6c07, 0x5c64, 0x4c45, 0x3ca2, 0x2c83, 0x1ce0, 0x0cc1,
+      0xef1f, 0xff3e, 0xcf5d, 0xdf7c, 0xaf9b, 0xbfba, 0x8fd9, 0x9ff8,
+      0x6e17, 0x7e36, 0x4e55, 0x5e74, 0x2e93, 0x3eb2, 0x0ed1, 0x1ef0,
+    ]
+  end
+end

data/lib/nkeys/keypair.rb

@@ -0,0 +1,91 @@
+
+# Copyright 2018 The NATS Authors
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'ed25519'
+require 'base32'
+require 'nkeys/version'
+require 'nkeys/crc16'
+
+module NKEYS
+
+  class Error < StandardError; end #:nodoc:
+
+  class InvalidSeed < Error; end #:nodoc:
+
+  class InvalidPrefixByte < Error; end #:nodoc:
+
+  class KeyPair
+    attr_reader :seed, :public_key, :private_key
+
+    def initialize(opts={})
+      @seed = opts[:seed]
+      @public_key = opts[:public_key]
+      @private_key = opts[:private_key]
+      @keys = opts[:keys]
+    end
+
+    # Sign will sign the input with KeyPair's private key.
+    # @param [String] input
+    # @return [String] signed raw data
+    def sign(input)
+      raise ::NKEYS::Error, "nkeys: Missing keys for signing" if @keys.nil?
+
+      @keys.sign(input)
+    end
+
+    # Verify the input againt a signature utilizing the public key.
+    # @param [String] input
+    # @param [String] sig
+    # @return [Bool] the result of verifying the signed input.
+    def verify(input, sig)
+      # TODO
+      return
+    end
+
+    def public_key
+      return @public_key unless @public_key.nil?
+      # TODO: If no keys present then try to generate from seed.
+      # prefix, public_raw = ::NATS::NKEYS::decode_seed(@seed)
+
+      pk = @keys.verify_key.to_bytes.unpack("C*")
+      pk.prepend(PREFIX_BYTE_USER)
+
+      # Include crc16 checksum.
+      crc16 = NKEYS::crc16(pk)
+      crc16_suffix = [crc16].pack("s<*")
+      crc16_suffix.each_byte do |b|
+        pk << b
+      end
+      res = pk.pack("c*")
+
+      # Remove padding since Base32 library always uses padding...
+      @public_key = Base32.encode(res).gsub("=", '')
+
+      @public_key
+    end
+
+    def private_key
+      return @private_key unless @private_key.nil?
+      # TODO
+    end
+
+    def wipe
+      @seed.clear if @seed
+      @public_key.clear if @public_key
+      @private_key.clear if @private_key
+      @keys = nil
+    end
+    alias_method :wipe!, :wipe
+  end
+end

data/lib/nkeys/version.rb

@@ -0,0 +1,16 @@
+# Copyright 2018 The NATS Authors
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module NKEYS
+  VERSION = "0.1.0"
+end

data/nkeys.gemspec

@@ -0,0 +1,40 @@
+# Copyright 2010-2018 The NATS Authors
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+lib = File.expand_path('../lib/', __FILE__)
+$:.unshift lib unless $:.include?(lib)
+
+require File.expand_path('../lib/nkeys/version', __FILE__)
+
+spec = Gem::Specification.new do |s|
+  s.name = 'nkeys'
+  s.version = NKEYS::VERSION
+  s.summary = 'NKEYS for Ruby'
+  s.homepage = 'https://nats.io'
+  s.description = 'NATS Keys for Ruby'
+  s.licenses = ['MIT']
+  s.authors = ['Waldemar Quevedo']
+  s.email = ['wally@synadia.com']
+  s.add_dependency('ed25519', '~> 1.2')
+  s.add_dependency('base32', '~> 0.3')
+  s.require_paths = ['lib']
+
+  s.files = %w[
+    nkeys.gemspec
+    lib/nkeys.rb
+    lib/nkeys/crc16.rb
+    lib/nkeys/keypair.rb
+    lib/nkeys/version.rb
+  ]
+end

metadata

@@ -0,0 +1,76 @@
+--- !ruby/object:Gem::Specification
+name: nkeys
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Waldemar Quevedo
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-06-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: ed25519
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: base32
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.3'
+description: NATS Keys for Ruby
+email:
+- wally@synadia.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/nkeys.rb
+- lib/nkeys/crc16.rb
+- lib/nkeys/keypair.rb
+- lib/nkeys/version.rb
+- nkeys.gemspec
+homepage: https://nats.io
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.2
+signing_key: 
+specification_version: 4
+summary: NKEYS for Ruby
+test_files: []