opensecret 0.0.962 → 0.0.988

data/lib/logging/gem.logging.rb

@@ -24,13 +24,12 @@ require "session/user.home"
 #
 module OpenLogger
 
-  @@gem_name = "opensecret"
+  @@gem_name = "opensecret.io"
   @@gem_base = File.join OpenSession::Home.dir, ".#{@@gem_name}"
   FileUtils.mkdir_p @@gem_base unless File.exists? @@gem_base
   @@log_path = File.join @@gem_base, "opensecret-cli-activity.log"
 
 
-
   # Classes that include (MIXIN) this logging module will
   # have access to this logger method.
   #

data/lib/modules/cryptology.md

@@ -0,0 +1,43 @@
+
+
+In order for data to be secured for storage or transmission, it must be transformed in such a manner that it would be difficult for an unauthorized individual to be able to discover its true meaning. To do this, certain mathematical equations are used, which are very difficult to solve unless certain strict criteria are met. The level of difficulty of solving a given equation is known as its intractability. These types of equations form the basis of cryptography.
+
+Some of the most important are:
+
+== The Discrete Logarithm Problem
+
+The best way to describe this problem is first to show how its inverse concept works. The following applies to Galois fields (groups). Assume we have a prime number P (a number that is not divisible except by 1 and itself, P). This P is a large prime number of over 300 digits. Let us now assume we have two other integers, a and b. Now say we want to find the value of N, so that value is found by the following formula:
+
+N = ab mod P, where 0 <= N <= (P · 1)
+
+(meaning a to the power b mod P)
+(learn to do powers in markdown)!
+
+
+This is known as discrete exponentiation and is quite simple to compute. However, the opposite is true when we invert it. If we are given P, a, and N and are required to find b so that the equation is valid, then we face a tremendous level of difficulty.
+
+
+This problem forms the basis for a number of public key infrastructure algorithms, such as Diffie-Hellman and EIGamal. This problem has been studied for many years and cryptography based on it has withstood many forms of attacks.
+
+== The Integer Factorization Problem
+
+This is simple in concept. Say that one takes two prime numbers, P2 and P1, which are both "large" (a relative term, the definition of which continues to move forward as computing power increases). We then multiply these two primes to produce the product, N. The difficulty arises when, being given N, we try and find the original P1 and P2. The Rivest-Shamir-Adleman public key infrastructure encryption protocol is one of many based on this problem. To simplify matters to a great degree, the N product is the public key and the P1 and P2 numbers are, together, the private key.
+
+This problem is one of the most fundamental of all mathematical concepts. It has been studied intensely for the past 20 years and the consensus seems to be that there is some unproven or undiscovered law of mathematics that forbids any shortcuts. That said, the mere fact that it is being studied intensely leads many others to worry that, somehow, a breakthrough may be discovered.
+
+== The Elliptic Curve Discrete Logarithm Problem
+
+This is a new cryptographic protocol based upon a reasonably well-known mathematical problem. The properties of elliptic curves have been well known for centuries, but it is only recently that their application to the field of cryptography has been undertaken.
+
+First, imagine a huge piece of paper on which is printed a series of vertical and horizontal lines. Each line represents an integer with the vertical lines forming x class components and horizontal lines forming the y class components. The intersection of a horizontal and vertical line gives a set of coordinates (x,y). In the highly simplified example below, we have an elliptic curve that is defined by the equation:
+
+y2 + y = x3 · x2 (this is way too small for use in a real life application, but it will illustrate the general idea)
+
+For the above, given a definable operator, we can determine any third point on the curve given any two other points. This definable operator forms a "group" of finite length. To add two points on an elliptic curve, we first need to understand that any straight line that passes through this curve intersects it at precisely three points. Now, say we define two of these points as u and v: we can then draw a straight line through two of these points to find another intersecting point, at w. We can then draw a vertical line through w to find the final intersecting point at x. Now, we can see that u + v = x. This rule works, when we define another imaginary point, the Origin, or O, which exists at (theoretically) extreme points on the curve. As strange as this problem may seem, it does permit for an effective encryption system, but it does have its detractors.
+
+On the positive side, the problem appears to be quite intractable, requiring a shorter key length (thus allowing for quicker processing time) for equivalent security levels as compared to the Integer Factorization Problem and the Discrete Logarithm Problem. On the negative side, critics contend that this problem, since it has only recently begun to be implemented in cryptography, has not had the intense scrutiny of many years that is required to give it a sufficient level of trust as being secure.
+
+This leads us to more general problem of cryptology than of the intractability of the various mathematical concepts, which is that the more time, effort, and resources that can be devoted to studying a problem, then the greater the possibility that a solution, or at least a weakness, will be found.
+
+
+

data/lib/{plugins/ciphers → modules/cryptology}/aes-256.rb

@@ -3,6 +3,9 @@
 
 module OpenSecret
 
+  module ToolBelt
+
+
   # Aes256 is a symmetric encryption cipher which inherits extends the
   # {OpenSecret::Cipher} base class in order to implement plug and play
   # symmetric encryption.
@@ -145,4 +148,7 @@ module OpenSecret
   end
 
 
+  end
+
+
 end

data/lib/{crypto → modules/cryptology}/amalgam.rb

@@ -2,6 +2,9 @@
 
 module OpenSecret
 
+  module ToolBelt
+
+
   # This class knows how to amalgamate passwords, keys and string data in
   # a manner that is the cryptographical equivalent of synergy.
   #
@@ -61,4 +64,7 @@ module OpenSecret
   end
 
 
+  end
+
+
 end

data/lib/modules/cryptology/blowfish.rb

@@ -0,0 +1,130 @@
+#!/usr/bin/ruby
+# coding: utf-8
+
+module OpenSecret
+
+  module ToolBelt
+
+    # Blowfish is a symmetric encryption cipher which inherits extends the
+    # {OpenSecret::Cipher} base class in order to implement plug and play
+    # symmetric encryption.
+    #
+    # Blowfish is still uncrackable - however its successor (TwoFish) has
+    # been reinforced to counter the growth of super-computer brute force
+    # resources.
+    class Blowfish
+
+      # The blowfish cipher id constant is used to +initialize+
+      # an {OpenSSL::Cipher} class instance.
+      BLOWFISH_CIPHER_ID = "BF-ECB"
+
+
+      # Blowfish constrains the length of +incoming plain text+ forcing it
+      # to be a multiple of eight (8).
+      BLOWFISH_BLOCK_LEN = 8
+
+
+      # Encrypt the (plain) text parameter using the symmetric encryption key
+      # specified in the second parameter and return the base64 encoded
+      # representation of the cipher text.
+      #
+      # Blowfish is a block cipher meaning it needs both the key and the plain
+      # text inputted to conform to a divisible block length.
+      #
+      # Don't worry about this block length requirement as this encrption method
+      # takes care of it and its sister method {self.decryptor} will also perform
+      # the correct reversal activities to give you back the original plain text.
+      #
+      # {Base64.urlsafe_encode64} facilitates the ciphertext encoding returning text that
+      # is safe to write to a file.
+      #
+      # @param plain_text [String]
+      #    This parameter should be the non-nil text to encrypt using Blowfish.
+      #    Before encryption the text will be padded using a text string from
+      #    the {OpenSecret::Cipher::TEXT_PADDER} constant until it results in
+      #    a string with the required block length.
+      #
+      # @param encryption_key [String]
+      #    send a long strong unencoded key which does not have to be a multiple of
+      #    eight even though the algorithm demands it. Before the encryption this key
+      #    will be passed through a digest using behaviour from {Digest::SHA256.digest}
+      #
+      #    This behaviour returns a key whose length is a multiple of eight.
+      #
+      # @return [String] base64 representation of blowfish crypted ciphertext
+      #
+      # @raise [OpenSSL::Cipher::CipherError]
+      #    An (encryption) <tt>key length too short</tt> error is raised for short keys.
+      def self.encryptor plain_text, encryption_key
+
+        shortkey_msg = "The #{encryption_key.length} character encryption key is too short."
+        raise ArgumentError, shortkey_msg unless encryption_key.length > 8
+        log.info(x) { "os blowfish request to encrypt plain text with provided key." }
+
+        block_txt = plain_text
+        block_txt += CryptIO::TEXT_PADDER until block_txt.bytesize % BLOWFISH_BLOCK_LEN == 0
+        raw_stretched_key = Digest::SHA256.digest(encryption_key)
+
+        blowfish_encryptor = OpenSSL::Cipher.new(BLOWFISH_CIPHER_ID).encrypt
+        blowfish_encryptor.key = raw_stretched_key
+        return blowfish_encryptor.update(block_txt) << blowfish_encryptor.final
+
+      end
+
+
+      # Decrypt the cipher text parameter using the symmetric decryption key
+      # specified in the second parameter. The cipher text is expected to have
+      # already been decoded if necessary.
+      #
+      # Its okay to use a bespoke encryptor - just ensure you encode the result
+      # and override the padding constant.
+      #
+      # Blowfish is a block cipher meaning it needs both the key and the plain
+      # text inputted to conform to a divisible block length.
+      #
+      # Don't worry about this block length requirement as this decrption method
+      # takes care of the reversing the activities carried out by {self.encryptor}.
+      #
+      # @param cipher_text [String]
+      #    This incoming cipher text should already be encoded but it
+      #    will <b>chomped and stripped upon receipt</b> followed by
+      #    decryption using the Blowfish algorithm.
+      #
+      # @param decryption_key [String]
+      #    Send the same key that was used during the encryption phase. The encryption
+      #    phase passed the key through the {Digest::SHA256.digest} digest so here
+      #    the decryption does the exact same thing.
+      #
+      #    The digest processing guarantees a symmetric key whose length conforms to
+      #    the multiple of eight block length requirement.
+      #
+      # @return [String]
+      #    After decoding and decryption the plain text string will still be padded,
+      #    +but not with spaces+. The unlikely to occur padding string constant used
+      #    is the {OpenSecret::Cipher::TEXT_PADDER}.
+      #
+      #    If the plaintext ended with spaces these would be preserved. After padder
+      #    removal any trailing spaces will be preserved in the returned plain text.
+      #
+      def self.decryptor cipher_text, decryption_key
+
+        digested_key = Digest::SHA256.digest decryption_key
+
+        decrypt_tool = OpenSSL::Cipher.new(BLOWFISH_CIPHER_ID).decrypt
+        decrypt_tool.key = digested_key
+
+        padded_plaintxt = decrypt_tool.update(cipher_text) << decrypt_tool.final
+        pad_begin_index = padded_plaintxt.index CryptIO::TEXT_PADDER
+        return padded_plaintxt if pad_begin_index.nil?
+        return padded_plaintxt[ 0 .. (pad_begin_index-1) ]
+
+      end
+
+
+    end
+
+
+  end
+
+
+end

data/lib/modules/cryptology/cipher.rb

@@ -0,0 +1,207 @@
+#!/usr/bin/ruby
+# coding: utf-8
+
+module OpenSecret
+
+  module ToolBelt
+
+    require "base64"
+
+    # {OpenSecret::Cipher} is a base class that enables cipher varieties
+    # to be plugged and played with minimal effort. This Cipher implements much
+    # of the use case functionality - all extension classes need to do, is
+    # to subclass and implement only the core behaviour that define its identity.
+    #
+    # == Double Encryption | Cipher Parent vs Cipher Child
+    #
+    # Double encryption first with a symmetric and then an asymmetric one fulfills
+    # the +opensecret+ promise of making the stored ciphertext utterly worthless.
+    #
+    # The child ciphers implement the inner symmetric encyption whilst the parent
+    # implements the outer asymmetric encryption algorithm.
+    #
+    # The process is done twice resulting in two stores that are mirrored in structure.
+    # The front end store holds doubly encrypted keys whist the backend store holds
+    # the doubly encrypted secrets.
+    #
+    # Attackers wouldn't be able to distinguish one from the other. Even if they
+    # theoretically cracked the asymmetric encryption - they would then be faced
+    # with a powerful symmetric encryption algorithm which could be any one of the
+    # leading ciphers such as TwoFish or the Advanced Encryption Standard (AES).
+    #
+    # == Ciphers at 3 Levels
+    #
+    # Ciphers are implemented at three distinct levels.
+    #
+    # <b>Low Level Ciphers</b>
+    #
+    # Low level ciphers are given text to encrypt and an instantiated dictionary
+    # in which to place the encryption parameters such as keys and initialization
+    # vectors (iv)s.
+    #
+    # Some more specific ciphers can handle authorization data for example the
+    # Galois Counter Mode (GCM) cipher.
+    #
+    # Low level ciphers know nothing about text IO nor reading and writing to
+    # persistence structures like files, queues and databases.
+    #
+    # <b>Mid Level Ciphers</b>
+    #
+    # Mid level ciphers talk to the low level ciphers and bring in input and output
+    # textual formats like OpenSecret's two-part block structures.
+    #
+    # Mid level ciphers still know nothing of persistence structures like files,
+    # queues and databases.
+    #
+    # <b>Use Case Level Ciphers</b>
+    #
+    # The ciphers operating at the use case level talk to mid level ciphers. They
+    # interact with the <b>opensecret store API</b> which brings persistence
+    # functions such as <b>read/write</b> as well as remoting functions such as
+    # <b>push/pull</b>.
+    #
+    # Use Case level ciphers interact with the latest crypt technologies due to
+    # interface separation. Also they talk classes implementing persistence stores
+    # allowing assets liek Git, S3, DropBox, simple files, SSH filesystems, Samba
+    # to hold locked key and material crypts.
+    #
+    # Databases stores will be introduced soon allowing opensecret to plug in and
+    # exploit database managers like Mongo, Hadoop, MySQL, Maria, and PostgreSQL.
+    #
+    # Plugging into DevOps orchestration platforms like Terraform, Ansible, Chef
+    # and Puppet will soon be available. Add this with integrations to other credential
+    # managers like HashiCorp's Vault, Credstash, Amazon KMS, Git Secrets, PGP,
+    # LastPass, KeePass and KeePassX.
+    #
+    # == How to Implement a Cipher
+    #
+    # Extend this base class to inherit lots of +unexciting+ functionality
+    # that essentially
+    #
+    # - manages the main encryption and decryption use case flow
+    # - +concatenates+ the symmetric encryption meta data with ciphertext +after encryption+
+    # - _splits_ and objectifies the key/value metadata plus ciphertext +before decryption+
+    # - +handles file read/writes+ in conjunction with the store plugins
+    # - handles +exceptions+ and +malicious input detection+ and incubation
+    # - +_performs the asymmetric encryption_+ of the cipher's symmetrically encrypted output
+    #
+    # == What Behaviour Must Ciphers Implement
+    #
+    # Ciphers bring the cryptographic mathematics and implementation algorithms
+    # to the table. So when at home they must implement
+    #
+    # - <tt>do_symmetric_encryption(plain_text)</tt> - resulting in ciphertext
+    # - <tt>do_symmetric_decryption(ciphertext, encryption_dictionary)</tt> &raquo; plaintext
+    #
+    # and also set the <tt>@dictionary</tt> hash (map) of pertinent
+    # key/value pairs including the encryption algorithm, the encryption key and
+    # the ciphertext signature to thwart any at-rest tampering.
+    #
+    # That's It. Cipher children can rely on the {OpenSecret::Cipher} parent to
+    # do the nitty gritty of file-handling plus managing stores and paths.
+    class Cipher
+
+      # Ciphers use <b>symmetric algorithms</b> to encrypt the given text, which
+      # is then wrapped up along with the encryption key and other <b>metadata</b>
+      # pertinent to the algorithm, they then encrypt this bundle with the
+      # <b>public key</b> provided and return the text that can safely be stored in
+      # a text file.
+      #
+      # Ciphers should never interact with the filesystem which makes them
+      # reusable in API and remote store scenarios.
+      #
+      # Binary files should be converted into the base64 format before being
+      # presented to ciphers.
+      #
+      # Every component in the pipeline bears the responsibility for nullifying
+      # and rejecting malicious content.
+      #
+      # @param public_key [OpenSSL::PKey::RSA]
+      #    an {OpenSSL::PKey::RSA} public key. The unique selling point of
+      #    asymmetric encryption is it can be done without recourse to the heavily
+      #    protected private key. Thus the encryption process can continue with
+      #    just a public key as long as its authenticity is assured.
+      #
+      # @param payload_text [String]
+      #    plaintext (or base64 encoded) text to encrypt
+      #
+      # @return [String] doubly (symmetric and asymmetric) encrypted cipher text
+      def self.encrypt_it public_key, payload_text
+
+        crypt_data = {}
+        crypted_payload = Base64.encode64( Aes256.do_encrypt( crypt_data, payload_text ) )
+        unified_material = CryptIO.inner_crypt_serialize crypt_data, crypted_payload
+
+        outer_crypt_key = Engineer.strong_key( 128 )
+        crypted_cryptkey = Base64.encode64( public_key.public_encrypt( outer_crypt_key ) )
+
+        crypted_material = Base64.encode64(Blowfish.encryptor unified_material, outer_crypt_key)
+
+        return CryptIO.outer_crypt_serialize( crypted_cryptkey, crypted_material )
+
+      end
+
+
+      # This method takes and <b><em>opensecret formatted</em></b> cipher-text block
+      # generated by {self.encrypt_it} and returns the original message that has effectively
+      # been doubly encrypted using a symmetric and asymmetric cipher. This type of
+      # encryption is standard best practice when serializing secrets.
+      #
+      # opensecret cipher-text blocks <b><em>look like a two(2) part bundle</em></b>
+      # but they are <b><em>actually a three(3) part bundle</em></b> because the second
+      # part is in itself an amalgam of two distinct objects, serialized as text blocks.
+      #
+      # <b>The 3 OpenSecret Blocks</b>
+      #
+      # Even though the incoming text <b><em>appears to contain two (2) blocks</em></b>,
+      # it <b><em>actually contains three (3)</em></b>.
+      #
+      # - a massive symmetric encryption key (locked by an asymmetric keypair)
+      # - a dictionary denoting the algorithm and parameters used to encrypt the 3rd block
+      # - the true message whose encryption is parametized by the dictionary (in 2nd block)
+      #
+      # The second and third block are only revealed by asymmetrically decrypting
+      # the key in the first block and using it to symmetrically decrypt what appears
+      # to be a unified second block.
+      #
+      # @param private_key [OpenSSL::PKey::RSA]
+      #    the <b>asymmetric private key</b> whose corresponding public key was
+      #    employed during the encryption of a super-strong 128 character symmetric
+      #    key embalmed by the first ciphertext block.
+      #
+      # @param os_block_text [String]
+      #    the locked cipher text is the opensecret formatted block which comes
+      #    in two main chunks. First is the <b>long strong</b> symmetric encryption
+      #    key crypted with the public key portion of the private key in the first
+      #    parameter.
+      #
+      #    The second chunk is the symmetrically crypted text that was locked with
+      #    the encryption key revealed in the first chunk.
+      #
+      # @return [String]
+      #    the doubly encrypted plain text that is locked by a symmetric key and
+      #    that symmetric key itself locked using the public key portion of the
+      #    private key whose crypted form is presented in the first parameter.
+      def self.decrypt_it private_key, os_block_text
+
+        first_block = Base64.decode64( CryptIO.outer_crypt_deserialize os_block_text, true  )
+        trail_block = Base64.decode64( CryptIO.outer_crypt_deserialize os_block_text, false )
+
+        decrypt_key = private_key.private_decrypt first_block
+        inner_block = Blowfish.decryptor( trail_block, decrypt_key )
+
+        crypt_props = Hash.new
+        cipher_text = CryptIO.inner_crypt_deserialize( crypt_props, inner_block )
+
+        return Aes256.do_decrypt( crypt_props, cipher_text )
+
+      end
+
+
+    end
+
+
+  end
+
+
+end

data/lib/modules/cryptology/collect.rb

@@ -0,0 +1,118 @@
+#!/usr/bin/ruby
+
+module OpenSecret
+
+  module ToolBelt
+
+    require 'io/console'
+
+    # This class will be refactored into an interface implemented by a set
+    # of plugins that will capture sensitive information from users from an
+    # Ubuntu, Windows, RHEL, CoreOS, iOS or CentOS command line interface.
+    #
+    # An equivalent REST API will also be available for bringing in sensitive
+    # information in the most secure (but simple) manner.
+    class Collect
+
+
+      # <tt>Collect something sensitive from the command line</tt> with a
+      # minimum length specified in the first parameter. This method can't
+      # know whether the information is a password, a pin number or whatever
+      # so it takes the integer minimum size at its word.
+      #
+      # @param min_size [Integer] the minimum size of the collected secret
+      #    whereby one (1) is the least we can expect. The maximum bound is
+      #    not constrained here so will fall under what is allowed by the
+      #    interface, be it a CLI, Rest API, Web UI or Mobile App.
+      #
+      # @param prompt_twice [Boolean] indicate whether the user should be
+      #    prompted twice. If true the prompt_2 text must be provided and
+      #    converse is also true. A true value asserts that both times the
+      #    user enters the same (case sensitive) string.
+      #
+      # @param prompt_1 [String] the text (aide memoire) used to prompt the user
+      #
+      # @param prompt_2 [String] if the prompt twice boolean is TRUE, this
+      #    second prompt (aide memoire) must be provided.
+      #
+      # @return [String] the collected string text ( watch out for non-ascii chars)
+      # @raise [ArgumentError] if the minimum size is less than one
+      def self.secret_text min_size, prompt_twice, prompt_1, prompt_2=nil
+
+        assert_min_size min_size
+
+        sleep(1)
+        puts "\n#{prompt_1} : "
+        first_secret = STDIN.noecho(&:gets).chomp
+
+        assert_input_text_size first_secret.length, min_size
+        return first_secret unless prompt_twice
+
+        sleep(1)
+        puts "\n#{prompt_2} : "
+        check_secret = STDIN.noecho(&:gets).chomp
+
+        assert_same_size_text first_secret, check_secret
+        
+        return first_secret
+
+      end
+
+
+      # --
+      # -- Raise an exception if asked to collect text that is less
+      # -- than 3 characters in length.
+      # --
+      def self.assert_min_size min_size
+
+        min_length_msg = "\n\nCrypts with 2 (or less) characters open up exploitable holes.\n\n"
+        raise ArgumentError.new min_length_msg if min_size < 3
+
+      end
+
+
+      # --
+      # -- Output an error message and then exit if the entered input
+      # -- text size does not meet the minimum requirements.
+      # --
+      def self.assert_input_text_size input_size, min_size
+
+        if( input_size < min_size  )
+
+          puts
+          puts "Input is too short. Please enter at least #{min_size} characters."
+          puts
+
+          exit
+
+        end
+
+      end
+
+
+      # --
+      # -- Assert that the text entered the second time is exactly (case sensitive)
+      # -- the same as the text entered the first time.
+      # --
+      def self.assert_same_size_text first_text, second_text
+        
+        unless( first_text.eql? second_text )
+
+          puts
+          puts "Those two bits of text are not the same (in my book)!"
+          puts
+
+          exit
+
+        end
+
+      end
+
+
+    end
+
+
+  end
+
+
+end