scrypty 0.0.3 → 0.0.4

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 9ced050fcbd6b14dd5467920da66ed04decc423c
+  data.tar.gz: 4ff8de717cc7268c962292c5c5605c9467be38a2
+SHA512:
+  metadata.gz: 830ad2a43e9064dbe82a18230e0c3a6cbbe0a4281eda1035f5199b15b45e17c0b2ffd7b607d86341f5a37442441a93285dcb5f2940517fd1cab66fc5d7bc2f17
+  data.tar.gz: ee25bc76c5df9a75d1996eec9f8649c9982a6f93717f6bf0332aceb9c8015e2c1dc9b7e23b4654991ce7c1c1c52f92fd9fe84f59017a0bdcb4e4bf85df88ea8b

data/Rakefile

@@ -1,4 +1,5 @@
 require "bundler/gem_tasks"
+require "rake/testtask"
 require "rake/clean"
 
 file "ext/Makefile" => "ext/extconf.rb" do
@@ -32,5 +33,12 @@ task :prefix do
   end
 end
 
+Rake::TestTask.new do |t|
+  t.test_files = FileList['test/test_*.rb']
+  t.verbose = true
+end
+task :test => :compile
+task :default => :test
+
 CLEAN.clear
 CLEAN.include(["ext/*.o", "ext/*.so", "lib/*.so", "ext/extconf.h", "ext/Makefile"])

data/ext/extconf.rb

@@ -1,7 +1,21 @@
 require 'mkmf'
 
+dir_config("openssl")
+
+result = pkg_config("openssl") && have_header("openssl/ssl.h")
+
+unless result
+  result = have_header("openssl/ssl.h")
+  result &&= %w[crypto libeay32].any? {|lib| have_library(lib, "AES_set_encrypt_key")}
+  result &&= %w[ssl ssleay32].any? {|lib| have_library(lib, "AES_set_encrypt_key")}
+  unless result
+    Logging::message "=== Checking for required stuff failed. ===\n"
+    Logging::message "Makefile wasn't created. Fix the errors above.\n"
+    exit 1
+  end
+end
+
 have_library('rt', 'clock_gettime')
-have_library('crypto', 'AES_set_encrypt_key')
 %w{err.h fcntl.h inttypes.h memory.h stddef.h stdint.h stdlib.h string.h strings.h sys/endian.h sys/param.h sys/stat.h sys/time.h sys/types.h termios.h unistd.h}.each do |header|
   have_header(header)
 end

data/ext/ruby_ext.c

@@ -1,7 +1,13 @@
 #include <ruby.h>
 #include <ruby/io.h>
 #include <stdio.h>
+#include <errno.h>
 #include "scryptenc.h"
+#include "scryptenc_cpuperf.h"
+#include "memlimit.h"
+#include "crypto_scrypt.h"
+#include "crypto_aesctr.h"
+#include "sha256.h"
 
 VALUE mScrypty;
 
@@ -291,6 +297,347 @@ scrypty_decrypt_file(rb_obj, rb_infn, rb_outfn, rb_password, rb_maxmem, rb_maxme
       rb_maxmemfrac, rb_maxtime, 0);
 }
 
+VALUE
+scrypty_memlimit(rb_obj, rb_maxmem, rb_maxmemfrac)
+  VALUE rb_obj;
+  VALUE rb_maxmem;
+  VALUE rb_maxmemfrac;
+{
+  long l_maxmem;
+  size_t maxmem, memlimit, max_size;
+  double maxmemfrac;
+
+  max_size = (size_t) -1;
+
+  if (TYPE(rb_maxmem) == T_FIXNUM) {
+    l_maxmem = FIX2LONG(rb_maxmem);
+
+    if (l_maxmem < 0) {
+      rb_raise(rb_eArgError, "maxmem (%ld) must not be less than 0", l_maxmem);
+    }
+    else if ((unsigned long) l_maxmem > (unsigned long) max_size) {
+      rb_raise(rb_eArgError, "maxmem (%ld) cannot exceed %zu", l_maxmem, max_size);
+    }
+    else {
+      maxmem = (size_t) l_maxmem;
+    }
+  }
+  else {
+    rb_raise(rb_eTypeError, "first argument (maxmem) must be a Fixnum");
+  }
+
+  if (FIXNUM_P(rb_maxmemfrac) || TYPE(rb_maxmemfrac) == T_FLOAT) {
+    maxmemfrac = NUM2DBL(rb_maxmemfrac);
+  }
+  else {
+    rb_raise(rb_eTypeError, "second argument (maxmemfrac) must be a Fixnum or Float");
+  }
+
+  if (scrypty_memtouse(maxmem, maxmemfrac, &memlimit) != 0) {
+    rb_raise(rb_eRuntimeError, "could not determine memory limit");
+  }
+
+  return SIZET2NUM(memlimit);
+}
+
+VALUE
+scrypty_opslimit(rb_obj, rb_maxtime)
+  VALUE rb_obj;
+  VALUE rb_maxtime;
+{
+  double opps, maxtime, opslimit;
+
+  if (FIXNUM_P(rb_maxtime) || TYPE(rb_maxtime) == T_FLOAT) {
+    maxtime = NUM2DBL(rb_maxtime);
+  }
+  else {
+    rb_raise(rb_eTypeError, "first argument (maxtime) must be a Fixnum or Float");
+  }
+
+  /* Figure out how fast the CPU is. */
+  if (scrypty_scryptenc_cpuperf(&opps) != 0) {
+    rb_raise(rb_eRuntimeError, "could not determine CPU performance");
+  }
+  opslimit = opps * maxtime;
+
+  /* Allow a minimum of 2^15 salsa20/8 cores. */
+  if (opslimit < 32768)
+    opslimit = 32768;
+
+  return DBL2NUM(opslimit);
+}
+
+/* Calculate parameters used for creating a derived key with the
+ * scrypt algorithm. */
+VALUE
+scrypty_params(rb_obj, rb_memlimit, rb_opslimit)
+  VALUE rb_obj;
+  VALUE rb_memlimit;
+  VALUE rb_opslimit;
+{
+  VALUE rb_result;
+  long l_memlimit;
+  size_t memlimit, max_size;
+  double opslimit;
+  double maxN, maxrp;
+  int logN;
+  uint64_t N = 0;
+  uint32_t r = 0, p = 0;
+
+  max_size = (size_t) -1;
+
+  if (TYPE(rb_memlimit) == T_FIXNUM) {
+    l_memlimit = FIX2LONG(rb_memlimit);
+
+    if (l_memlimit < 0) {
+      rb_raise(rb_eArgError, "memlimit (%ld) must not be less than 0", l_memlimit);
+    }
+    else if ((unsigned long) l_memlimit > (unsigned long) max_size) {
+      rb_raise(rb_eArgError, "memlimit (%ld) cannot exceed %zu", l_memlimit, max_size);
+    }
+    else {
+      memlimit = (size_t) l_memlimit;
+    }
+  }
+  else {
+    rb_raise(rb_eTypeError, "first argument (memlimit) must be a Fixnum");
+  }
+
+  if (FIXNUM_P(rb_opslimit) || TYPE(rb_opslimit) == T_FLOAT) {
+    opslimit = NUM2DBL(rb_opslimit);
+  }
+  else {
+    rb_raise(rb_eTypeError, "second argument (opslimit) must be a Fixnum or Float");
+  }
+
+  /* Fix r = 8 for now. */
+  r = 8;
+
+  if (opslimit < memlimit/32) {
+    /* Set p = 1 and choose N based on the CPU limit. */
+    p = 1;
+    maxN = opslimit / (r * 4);
+    for (logN = 1; logN < 63; logN += 1) {
+      if ((uint64_t)(1) << logN > maxN / 2)
+        break;
+    }
+  } else {
+    /* Set N based on the memory limit. */
+    maxN = memlimit / (r * 128);
+    for (logN = 1; logN < 63; logN += 1) {
+      N = (uint64_t)(1) << logN;
+      if (N > maxN / 2)
+        break;
+    }
+
+    /* Choose p based on the CPU limit. */
+    maxrp = (opslimit / 4) / ((uint64_t)(1) << logN);
+    if (maxrp > 0x3fffffff)
+      maxrp = 0x3fffffff;
+    p = (uint32_t)(maxrp) / r;
+  }
+
+  rb_result = rb_ary_new3(3, UINT2NUM(N), UINT2NUM(r), UINT2NUM(p));
+  return rb_result;
+};
+
+VALUE
+scrypty_dk(rb_obj, rb_password, rb_salt, rb_n, rb_r, rb_p, rb_keylen)
+  VALUE rb_obj;
+  VALUE rb_password;
+  VALUE rb_salt;
+  VALUE rb_n;
+  VALUE rb_r;
+  VALUE rb_p;
+  VALUE rb_keylen;
+{
+  VALUE rb_dk;
+  const uint8_t *password, *salt;
+  uint8_t *dk;
+  uint64_t N;
+  uint32_t r, p;
+  size_t password_len, salt_len, keylen;
+
+  if (TYPE(rb_password) == T_STRING) {
+    password = (const uint8_t *) RSTRING_PTR(rb_password);
+    password_len = (size_t) RSTRING_LEN(rb_password);
+  }
+  else {
+    rb_raise(rb_eTypeError, "first argument (password) must be a String");
+  }
+
+  if (TYPE(rb_salt) == T_STRING) {
+    salt = (const uint8_t *) RSTRING_PTR(rb_salt);
+    salt_len = (size_t) RSTRING_LEN(rb_salt);
+  }
+  else {
+    rb_raise(rb_eTypeError, "second argument (salt) must be a String");
+  }
+
+  if (FIXNUM_P(rb_n)) {
+    N = (uint64_t) NUM2ULL(rb_n);
+  }
+  else {
+    rb_raise(rb_eTypeError, "third argument (n) must be a Fixnum");
+  }
+
+  if (FIXNUM_P(rb_r)) {
+    r = (uint32_t) NUM2ULONG(rb_r);
+  }
+  else {
+    rb_raise(rb_eTypeError, "fourth argument (r) must be a Fixnum");
+  }
+
+  if (FIXNUM_P(rb_p)) {
+    p = (uint32_t) NUM2ULONG(rb_p);
+  }
+  else {
+    rb_raise(rb_eTypeError, "fifth argument (p) must be a Fixnum");
+  }
+
+  if (FIXNUM_P(rb_keylen)) {
+    keylen = NUM2SIZET(rb_keylen);
+  }
+  else {
+    rb_raise(rb_eTypeError, "sixth argument (keylen) must be a Fixnum");
+  }
+
+  rb_dk = rb_str_buf_new(keylen);
+  dk = (uint8_t *) RSTRING_PTR(rb_dk);
+
+  if (scrypty_crypto_scrypt(password, password_len, salt,
+        salt_len, N, r, p, dk, keylen) != 0) {
+
+    switch (errno) {
+      case EFBIG:
+        rb_raise(rb_eRuntimeError, "parameters were too big");
+        break;
+
+      case EINVAL:
+        rb_raise(rb_eRuntimeError, "parameters were invalid");
+        break;
+
+      case ENOMEM:
+        rb_raise(rb_eNoMemError, "not enough memory to create derived key");
+        break;
+
+      default:
+        rb_raise(rb_eRuntimeError, "%s", strerror(errno));
+    }
+  }
+
+  rb_str_set_len(rb_dk, keylen);
+  return rb_dk;
+}
+
+VALUE
+scrypty_encrypt_raw(rb_obj, rb_data, rb_dk)
+  VALUE rb_obj;
+  VALUE rb_data;
+  VALUE rb_dk;
+{
+  VALUE rb_out;
+  uint8_t *data, *dk, *out, *key_enc, *key_hmac;
+  uint8_t hbuf[32];
+  size_t data_len;
+  scrypty_HMAC_SHA256_CTX hctx;
+  AES_KEY key_enc_exp;
+  struct crypto_aesctr *AES;
+
+  if (TYPE(rb_data) == T_STRING) {
+    data = (uint8_t *) RSTRING_PTR(rb_data);
+    data_len = (size_t) RSTRING_LEN(rb_data);
+  }
+  else {
+    rb_raise(rb_eTypeError, "first argument (data) must be a String");
+  }
+
+  if (TYPE(rb_dk) == T_STRING) {
+    dk = (uint8_t *) RSTRING_PTR(rb_dk);
+  }
+  else {
+    rb_raise(rb_eTypeError, "second argument (dk) must be a String");
+  }
+  key_enc = dk;
+  key_hmac = &dk[32];
+
+  rb_out = rb_str_buf_new(data_len + 32);
+  out = (uint8_t *) RSTRING_PTR(rb_out);
+
+  /* Encrypt data. */
+  if (AES_set_encrypt_key(key_enc, 256, &key_enc_exp))
+    rb_raise(eOpenSSLError, "OpenSSL error");
+
+  if ((AES = scrypty_crypto_aesctr_init(&key_enc_exp, 0)) == NULL)
+    rb_raise(rb_eNoMemError, "couldn't allocate memory");
+
+  scrypty_crypto_aesctr_stream(AES, data, out, data_len);
+  scrypty_crypto_aesctr_free(AES);
+
+  /* Add signature. */
+  scrypty_HMAC_SHA256_Init(&hctx, key_hmac, 32);
+  scrypty_HMAC_SHA256_Update(&hctx, out, data_len);
+  scrypty_HMAC_SHA256_Final(hbuf, &hctx);
+  memcpy(&out[data_len], hbuf, 32);
+
+  rb_str_set_len(rb_out, data_len + 32);
+  return rb_out;
+}
+
+VALUE
+scrypty_decrypt_raw(rb_obj, rb_data, rb_dk)
+  VALUE rb_obj;
+  VALUE rb_data;
+  VALUE rb_dk;
+{
+  VALUE rb_out;
+  uint8_t *data, *dk, *out, *key_enc, *key_hmac;
+  uint8_t hbuf[32];
+  size_t data_len;
+  scrypty_HMAC_SHA256_CTX hctx;
+  AES_KEY key_enc_exp;
+  struct crypto_aesctr *AES;
+
+  if (TYPE(rb_data) == T_STRING) {
+    data = (uint8_t *) RSTRING_PTR(rb_data);
+    data_len = (size_t) RSTRING_LEN(rb_data);
+  }
+  else {
+    rb_raise(rb_eTypeError, "first argument (data) must be a String");
+  }
+
+  if (TYPE(rb_dk) == T_STRING) {
+    dk = (uint8_t *) RSTRING_PTR(rb_dk);
+  }
+  else {
+    rb_raise(rb_eTypeError, "second argument (dk) must be a String");
+  }
+  key_enc = dk;
+  key_hmac = &dk[32];
+
+  rb_out = rb_str_buf_new(data_len - 32);
+  out = (uint8_t *) RSTRING_PTR(rb_out);
+
+  /* Decrypt data. */
+  if (AES_set_encrypt_key(key_enc, 256, &key_enc_exp))
+    rb_raise(eOpenSSLError, "OpenSSL error");
+  if ((AES = scrypty_crypto_aesctr_init(&key_enc_exp, 0)) == NULL)
+    rb_raise(rb_eNoMemError, "couldn't allocate memory");
+
+  scrypty_crypto_aesctr_stream(AES, data, out, data_len - 32);
+  scrypty_crypto_aesctr_free(AES);
+
+  /* Verify signature. */
+  scrypty_HMAC_SHA256_Init(&hctx, key_hmac, 32);
+  scrypty_HMAC_SHA256_Update(&hctx, data, data_len - 32);
+  scrypty_HMAC_SHA256_Final(hbuf, &hctx);
+  if (memcmp(hbuf, &data[data_len - 32], 32))
+    rb_raise(eInvalidBlockError, "data is not a valid scrypt-encrypted block");
+
+  rb_str_set_len(rb_out, data_len - 32);
+  return rb_out;
+}
+
 void
 Init_scrypty_ext(void)
 {
@@ -299,6 +646,12 @@ Init_scrypty_ext(void)
   rb_define_singleton_method(mScrypty, "decrypt", scrypty_decrypt_buffer, 5);
   rb_define_singleton_method(mScrypty, "encrypt_file", scrypty_encrypt_file, 6);
   rb_define_singleton_method(mScrypty, "decrypt_file", scrypty_decrypt_file, 6);
+  rb_define_singleton_method(mScrypty, "memlimit", scrypty_memlimit, 2);
+  rb_define_singleton_method(mScrypty, "opslimit", scrypty_opslimit, 1);
+  rb_define_singleton_method(mScrypty, "params", scrypty_params, 2);
+  rb_define_singleton_method(mScrypty, "dk", scrypty_dk, 6);
+  rb_define_singleton_method(mScrypty, "encrypt_raw", scrypty_encrypt_raw, 2);
+  rb_define_singleton_method(mScrypty, "decrypt_raw", scrypty_decrypt_raw, 2);
 
   eScryptyError = rb_define_class_under(mScrypty, "Exception", rb_eException);
   eMemoryLimitError = rb_define_class_under(mScrypty, "MemoryLimitError", eScryptyError);

data/lib/scrypty/version.rb

@@ -1,3 +1,3 @@
 module Scrypty
-  VERSION = "0.0.3"
+  VERSION = "0.0.4"
 end

data/scrypty.gemspec

@@ -17,4 +17,6 @@ Gem::Specification.new do |gem|
   gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
   gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
   gem.require_paths = ["lib"]
+
+  gem.add_development_dependency('test-unit')
 end

data/test/test_scrypty.rb

@@ -0,0 +1,44 @@
+require 'test/unit'
+require 'securerandom'
+require 'scrypty'
+
+class TestScrypty < Test::Unit::TestCase
+  test 'memlimit' do
+    result = Scrypty.memlimit(2 ** 27, 0.5)
+    assert result >= (2 ** 27)
+  end
+
+  test 'opslimit' do
+    result = Scrypty.opslimit(5)
+    assert result >= 32768
+  end
+
+  test 'params' do
+    memlimit = Scrypty.memlimit(2 ** 27, 0.5)
+    opslimit = Scrypty.opslimit(5)
+    n, r, p = Scrypty.params(memlimit, opslimit)
+
+    assert_includes 1...63, Math.log2(n)
+    assert_equal 8, r
+    assert p > 0
+  end
+
+  test 'dk' do
+    memlimit = Scrypty.memlimit(2 ** 27, 0.5)
+    opslimit = Scrypty.opslimit(2)
+    n, r, p = Scrypty.params(memlimit, opslimit)
+    dk = Scrypty.dk("secret", SecureRandom.random_bytes(32), n, r, p, 64)
+    assert_equal 64, dk.length
+  end
+
+  test 'raw roundtrip' do
+    memlimit = Scrypty.memlimit(2 ** 27, 0.5)
+    opslimit = Scrypty.opslimit(2)
+    n, r, p = Scrypty.params(memlimit, opslimit)
+    dk = Scrypty.dk("secret", SecureRandom.random_bytes(32), n, r, p, 64)
+
+    ciphertext = Scrypty.encrypt_raw("foobar", dk);
+    plaintext = Scrypty.decrypt_raw(ciphertext, dk);
+    assert_equal "foobar", plaintext
+  end
+end

metadata

@@ -1,16 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: scrypty
 version: !ruby/object:Gem::Version
-  version: 0.0.3
-  prerelease: 
+  version: 0.0.4
 platform: ruby
 authors:
 - Jeremy Stephens
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-12-10 00:00:00.000000000 Z
-dependencies: []
+date: 2013-10-31 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: test-unit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Uses the scrypt algorithm by Colin Percival to encrypt/decrypt data
 email:
 - viking@pillageandplunder.net
@@ -45,28 +58,29 @@ files:
 - lib/scrypty.rb
 - lib/scrypty/version.rb
 - scrypty.gemspec
+- test/test_scrypty.rb
 homepage: https://github.com/viking/scrypty
 licenses: []
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.23
+rubygems_version: 2.0.3
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Utility to encrypt/decrypt data with the scrypt algorithm
-test_files: []
+test_files:
+- test/test_scrypty.rb