secretsharing 1.0.0 → 2.0.1

data/lib/secretsharing/version.rb

@@ -16,5 +16,5 @@
 
 # Module for specifying the current version of the gem.
 module SecretSharing
-  VERSION = '1.0.0'
+  VERSION = '2.0.1'
 end

data/secretsharing.gemspec

@@ -5,27 +5,32 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'secretsharing/version'
 
 Gem::Specification.new do |s|
-  s.name              = "secretsharing"
+  s.name              = 'secretsharing'
   s.version           = SecretSharing::VERSION
   s.platform          = Gem::Platform::RUBY
-  s.authors           = ["Alexander Klink", "Glenn Rempe"]
-  s.email             = ["glenn@rempe.us"]
-  s.homepage          = "https://github.com/grempe/secretsharing"
-  s.summary           = %q{A Ruby Gem to enable sharing secrets using Shamirs Secret Sharing.}
-  s.license           = "APACHE 2.0"
+  s.authors           = ['Alexander Klink', 'Glenn Rempe']
+  s.email             = ['glenn@rempe.us']
+  s.homepage          = 'https://github.com/grempe/secretsharing'
+  s.summary           = 'A Ruby Gem to enable sharing secrets using Shamirs Secret Sharing.'
+  s.license           = 'APACHE 2.0'
 
   s.has_rdoc          = 'true'
   s.extra_rdoc_files  = ['README.md']
 
-  s.rubyforge_project = "secretsharing"
+  s.rubyforge_project = 'secretsharing'
 
+  # rubocop:disable Style/SpecialGlobalVars
   s.files             = `git ls-files`.split($/)
+  # rubocop:enable Style/SpecialGlobalVars
+
   s.executables       = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
   s.test_files        = s.files.grep(%r{^(test|spec|features)/})
-  s.require_paths     = ["lib"]
+  s.require_paths     = ['lib']
 
-  s.add_dependency 'highline', '~> 1.6'
-  s.add_dependency 'multi_json', '~> 1.10'
+  s.add_dependency 'rbnacl-libsodium', '~> 1.0.8'
+  s.add_dependency 'rbnacl', '~> 3.3.0'
+  s.add_dependency 'highline', '~> 1.7.8'
+  s.add_dependency 'multi_json', '~> 1.11.2'
 
   s.add_development_dependency 'mocha'
   s.add_development_dependency 'minitest'
@@ -33,15 +38,17 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rb-fsevent'
   s.add_development_dependency 'rerun'
   s.add_development_dependency 'rubocop'
-  s.add_development_dependency 'bundler', '~> 1.7'
-  s.add_development_dependency 'rake', '~> 10.4'
-
-  s.description =<<'XEOF'
-Shamir's Secret Sharing is an algorithm in cryptography. It is a
-form of secret sharing, where a secret is divided into parts,
-giving each participant its own unique part, where some of the
-parts or all of them are needed in order to reconstruct the
-secret. Holders of a share gain no knowledge of the larger secret.
-XEOF
-
+  s.add_development_dependency 'bundler'
+  s.add_development_dependency 'rake'
+
+  # http://rubyquicktips.com/post/4438542511/heredoc-and-indent
+  s.description = <<-EOF.gsub(/^ {4}/, '')
+    4/12/2016 - NO LONGER MAINTAINED - See README.md
+
+    Shamirs Secret Sharing is an algorithm in cryptography. It is a
+    form of secret sharing, where a secret is divided into parts,
+    giving each participant its own unique part, where some of the
+    parts or all of them are needed in order to reconstruct the
+    secret. Holders of a share gain no knowledge of the larger secret.
+    EOF
 end

data/spec/shamir_container_spec.rb

@@ -17,9 +17,7 @@
 require File.expand_path('../spec_helper', __FILE__)
 
 describe SecretSharing::Shamir::Container do
-
   describe 'initialization' do
-
     it 'will raise when instantiated with no args' do
       lambda { SecretSharing::Shamir::Container.new }.must_raise(ArgumentError)
     end
@@ -101,15 +99,13 @@ describe SecretSharing::Shamir::Container do
     it 'must return the correct max shares constant value' do
       SecretSharing::Shamir::Container::MAX_SHARES.must_equal(512)
     end
-
   end # describe initialization
 
   describe 'creating a container and setting a secret' do
-
     before do
       @num_shares = 5
       @c = SecretSharing::Shamir::Container.new(@num_shares)
-      @secret_num = OpenSSL::BN.new('1234567890')
+      @secret_num = 1234567890
       @c.secret = SecretSharing::Shamir::Secret.new(:secret => @secret_num)
     end
 
@@ -142,14 +138,12 @@ describe SecretSharing::Shamir::Container do
     it 'must raise an exception if a secret is attempted to be set more than once' do
       lambda { @c.secret = SecretSharing::Shamir::Secret.new }.must_raise(ArgumentError)
     end
-
   end # creating a container and setting a secret
 
   describe 'generating shares when a secret is provided' do
-
     it 'should generate unique shares for the min number of shares and a tiny secret' do
       c1 = SecretSharing::Shamir::Container.new(2)
-      c1.secret  = SecretSharing::Shamir::Secret.new(:secret => OpenSSL::BN.new('123'))
+      c1.secret  = SecretSharing::Shamir::Secret.new(:secret => 123)
       shares = c1.shares
       shares.size.must_equal(2)
       uniq_shares = shares.uniq
@@ -158,7 +152,7 @@ describe SecretSharing::Shamir::Container do
 
     it 'should generate unique shares for the max number of shares and a tiny secret' do
       c1 = SecretSharing::Shamir::Container.new(512)
-      c1.secret  = SecretSharing::Shamir::Secret.new(:secret => OpenSSL::BN.new('123'))
+      c1.secret  = SecretSharing::Shamir::Secret.new(:secret => 123)
       shares = c1.shares
       shares.size.must_equal(512)
       uniq_shares = shares.uniq
@@ -167,8 +161,9 @@ describe SecretSharing::Shamir::Container do
 
     it 'should generate unique shares for the min number of shares and a large secret' do
       c1 = SecretSharing::Shamir::Container.new(2)
-# FIXME : Major Perf Issue : If OpenSSL::BN::rand(512) is given with 4096 instead of 512 this takes FOREVER
-      c1.secret  = SecretSharing::Shamir::Secret.new(:secret => OpenSSL::BN::rand(512))
+      # FIXME : Major Perf Issue : Large bit length secrets (>4096) cause major perf issue.
+      random_num = RbNaCl::Util.bin2hex(RbNaCl::Random.random_bytes(32).to_s).to_i(16)
+      c1.secret = SecretSharing::Shamir::Secret.new(:secret => random_num)
       shares = c1.shares
       shares.size.must_equal(2)
       uniq_shares = shares.uniq
@@ -177,18 +172,17 @@ describe SecretSharing::Shamir::Container do
 
     it 'should generate unique shares for the max number of shares and a large secret' do
       c1 = SecretSharing::Shamir::Container.new(512)
-# FIXME : Major Perf Issue : If OpenSSL::BN::rand(512) is given with 4096 instead of 512 this takes FOREVER
-      c1.secret  = SecretSharing::Shamir::Secret.new(:secret => OpenSSL::BN::rand(512))
+      # FIXME : Major Perf Issue : Large bit length secrets (>4096) cause major perf issue.
+      random_num = RbNaCl::Util.bin2hex(RbNaCl::Random.random_bytes(32).to_s).to_i(16)
+      c1.secret = SecretSharing::Shamir::Secret.new(:secret => random_num)
       shares = c1.shares
       shares.size.must_equal(512)
       uniq_shares = shares.uniq
       shares.must_equal(uniq_shares)
     end
-
   end
 
   describe 'recovering a secret from a container' do
-
     before do
       @c1 = SecretSharing::Shamir::Container.new(5)    # creator
       @c2 = SecretSharing::Shamir::Container.new(5)    # recipient
@@ -200,7 +194,6 @@ describe SecretSharing::Shamir::Container do
     end
 
     describe 'with a mix of valid and invalid shares' do
-
       before do
         # set a secret on the 'creators'
         @c1.secret  = SecretSharing::Shamir::Secret.new
@@ -258,11 +251,9 @@ describe SecretSharing::Shamir::Container do
         @c2 << @c1.shares[3]
         lambda { @c2 << @c1.shares[4] }.must_raise(ArgumentError)
       end
-
     end
 
     describe 'with valid shares resulting from a random secret' do
-
       before do
         extend SecretSharing::Shamir
         # set a secret on both of the 'creators'
@@ -272,12 +263,12 @@ describe SecretSharing::Shamir::Container do
 
       # This exposed a bug in the prime number generation; for instance 4*8
       # passes.
-      it 'should be able to recover secret with a bitlength of 5*8' do
-        secret = SecretSharing::Shamir::Secret.new(:secret => get_random_number(5*8))
-        c = SecretSharing::Shamir::Container.new(4,2)
+      it 'should be able to recover 40 bit secret' do
+        secret = SecretSharing::Shamir::Secret.new(:secret => get_random_number_with_bitlength(40))
+        c = SecretSharing::Shamir::Container.new(4, 2)
         c.secret = secret
 
-        (0...4).to_a.permutation(2).collect{|e| e.sort}.uniq.each do |indexes|
+        (0...4).to_a.permutation(2).collect(&:sort).uniq.each do |indexes|
           c2 = SecretSharing::Shamir::Container.new(2)
           indexes.each do |index|
             c2 << c.shares[index]
@@ -365,9 +356,6 @@ describe SecretSharing::Shamir::Container do
         @c4.secret?.must_equal(true)
         @c4.secret.must_equal(@c3.secret)
       end
-
     end
-
   end # recovering a secret from a container
-
 end # describe SecretSharing::Shamir::Container

data/spec/shamir_secret_spec.rb

@@ -17,11 +17,21 @@
 require File.expand_path('../spec_helper', __FILE__)
 
 describe SecretSharing::Shamir::Secret do
+  describe 'initialization with Fixnum' do
+    before do
+      @num = 12345
+      @s = SecretSharing::Shamir::Secret.new(:secret => @num)
+    end
 
-  describe 'initialization' do
+    it 'must initialize with a random secret and set @secret and @bitlength by default' do
+      @s.secret.is_a?(Integer).must_equal(true)
+      @s.bitlength.is_a?(Integer).must_equal(true)
+    end
+  end # describe initialization with Integer
 
+  describe 'initialization with Bignum' do
     before do
-      @num = OpenSSL::BN.new('1234567890')
+      @num = 12345678909123098902183908908213829013
       @s = SecretSharing::Shamir::Secret.new(:secret => @num)
     end
 
@@ -42,24 +52,26 @@ describe SecretSharing::Shamir::Secret do
     end
 
     it 'must initialize with a random secret and set @secret and @bitlength by default' do
-      @s.secret.is_a?(OpenSSL::BN).must_equal(true)
+      @s.secret.is_a?(Integer).must_equal(true)
       @s.bitlength.is_a?(Integer).must_equal(true)
     end
 
-    it 'must raise an ArgumentError if an Integer instead of an OpenSSL::BN is provided to the constructor' do
-      lambda { SecretSharing::Shamir::Secret.new(:secret => 1_234_567_890) }.must_raise(ArgumentError)
+    it 'must not raise an ArgumentError if the bitlength of the secret is equal to MAX_BITLENGTH' do
+      str_bits = '1' * SecretSharing::Shamir::Secret::MAX_BITLENGTH
+      s = SecretSharing::Shamir::Secret.new(:secret => str_bits.to_i(2))
+      s.is_a?(SecretSharing::Shamir::Secret).must_equal(true)
     end
 
     it 'must raise an ArgumentError if the bitlength of the secret is greater than MAX_BITLENGTH' do
-      # 1234 * 1's is 4097 num_bits
-      lambda { SecretSharing::Shamir::Secret.new(:secret => OpenSSL::BN.new("#{'1' * 1234}")) }.must_raise(ArgumentError)
+      str_bits = '1' * (SecretSharing::Shamir::Secret::MAX_BITLENGTH + 1)
+      lambda { SecretSharing::Shamir::Secret.new(:secret => str_bits.to_i(2)) }.must_raise(ArgumentError)
     end
 
-    it 'must initialize with a fixed secret and set @secret and @bitlength to the same if passed an OpenSSL::BN' do
-      @s.secret.is_a?(OpenSSL::BN).must_equal(true)
+    it 'must initialize with a fixed secret and set @secret and @bitlength to the same if passed a Bignum' do
+      @s.secret.is_a?(Integer).must_equal(true)
       @s.secret.must_equal(@num)
       @s.bitlength.is_a?(Integer).must_equal(true)
-      @s.bitlength.must_equal(@num.num_bits)
+      @s.bitlength.must_equal(@num.bit_length)
     end
 
     it 'must throw an exception if initialized with a String that does not base64 re-hydrate as expected from the output of #to_s' do
@@ -74,7 +86,7 @@ describe SecretSharing::Shamir::Secret do
 
     it 'must use Base64.decode64 instead of Base64.urlsafe_decode64 on platform that is not true for Base64.respond_to?(:urlsafe_encode64)' do
       Base64.stub(:respond_to?, false) do
-        num = OpenSSL::BN.new('1234567890123456789012345678901234567890')
+        num = 1234567890123456789012345678901234567890
         s1 = SecretSharing::Shamir::Secret.new(:secret => num)
         s1_str = s1.to_s
         s1_str.must_equal('MWl6aWJqZjR6dmRibXZxNjZkNndtOGcxY2k=')
@@ -86,8 +98,7 @@ describe SecretSharing::Shamir::Secret do
     end
 
     it 'must decode to the SAME String on mixed platforms that are, or are not, truthy for Base64.respond_to?(:urlsafe_decode64)' do
-
-      # NOTE : OpenSSL::BN.new('1234567890123456789012345678901234567890')
+      # NOTE : 1234567890123456789012345678901234567890
       str = 'MWl6aWJqZjR6dmRibXZxNjZkNndtOGcxY2k='
       s2 = nil
       s3 = nil
@@ -115,35 +126,33 @@ describe SecretSharing::Shamir::Secret do
     it 'must throw an ArgumentError if an unknown option hash key is passed in' do
       lambda { SecretSharing::Shamir::Secret.new(:secret => 'foo\nbar', :unknown_arg => true) }.must_raise(ArgumentError)
     end
-
   end # describe initialization
 
   describe '==' do
-
     before do
-      @num = OpenSSL::BN.new('1234567890')
+      @num = 1234567890
       @s = SecretSharing::Shamir::Secret.new(:secret => @num)
     end
 
-    it 'must return true if two secrets have the same OpenSSL::BN set internally' do
+    it 'must return true if two secrets have the same Integer set internally' do
       s2 = @s
       (@s == s2).must_equal(true)
     end
 
-    it 'must return false if two secrets have different OpenSSL::BN set internally' do
-      s2 = SecretSharing::Shamir::Secret.new(:secret => OpenSSL::BN.new('987654321'))
+    it 'must return false if two secrets have different Integers set internally' do
+      s2 = SecretSharing::Shamir::Secret.new(:secret => 987654321)
       (@s == s2).must_equal(false)
     end
   end
 
   describe 'secret?' do
     before do
-      @num = OpenSSL::BN.new('1234567890')
+      @num = 1234567890
       @s = SecretSharing::Shamir::Secret.new(:secret => @num)
     end
 
     it 'must return true if a secret is set' do
-      @s.secret.is_a?(OpenSSL::BN).must_equal(true)
+      @s.secret.is_a?(Integer).must_equal(true)
       @s.secret?.must_equal(true)
     end
 
@@ -155,12 +164,12 @@ describe SecretSharing::Shamir::Secret do
 
   describe 'secret()' do
     before do
-      @num = OpenSSL::BN.new('1234567890')
+      @num = 1234567890
       @s = SecretSharing::Shamir::Secret.new(:secret => @num)
     end
 
     it 'must return true if a secret is set' do
-      @s.secret.is_a?(OpenSSL::BN).must_equal(true)
+      @s.secret.is_a?(Integer).must_equal(true)
       @s.secret?.must_equal(true)
     end
 
@@ -172,7 +181,7 @@ describe SecretSharing::Shamir::Secret do
 
   describe 'to_s' do
     it 'must return a proper and consistent URL safe encoded String representation of @secret and allow round trip of that String' do
-      num = OpenSSL::BN.new('1234567890123456789012345678901234567890')
+      num = 1234567890123456789012345678901234567890
       s1 = SecretSharing::Shamir::Secret.new(:secret => num)
       s1_str = s1.to_s
       s1_str.must_equal('MWl6aWJqZjR6dmRibXZxNjZkNndtOGcxY2k=')
@@ -185,7 +194,7 @@ describe SecretSharing::Shamir::Secret do
 
   describe 'valid_hmac?' do
     before do
-      @num = OpenSSL::BN.new('1234567890')
+      @num = 1234567890
       @s = SecretSharing::Shamir::Secret.new(:secret => @num)
     end
 
@@ -202,7 +211,5 @@ describe SecretSharing::Shamir::Secret do
       @s.hmac = @s.hmac + 'a'
       @s.valid_hmac?.must_equal(false)
     end
-
   end
-
 end # describe SecretSharing::Shamir::Secret

data/spec/shamir_share_spec.rb

@@ -17,9 +17,7 @@
 require File.expand_path('../spec_helper', __FILE__)
 
 describe SecretSharing::Shamir::Share do
-
   describe 'initialization' do
-
     before do
       @args = { :hmac => 'foo', :k => 3, :n => 4, :x => 1, :y => 1, :prime => 1, :prime_bitlength => 1 }
     end
@@ -53,7 +51,5 @@ describe SecretSharing::Shamir::Share do
       @s2 = SecretSharing::Shamir::Share.new(:hmac => 'foo', :k => 3, :n => 4, :x => 1, :y => 1, :prime => 1, :prime_bitlength => 1)
       @s1.must_equal(@s2)
     end
-
   end
-
 end

data/spec/shamir_spec.rb

@@ -16,20 +16,120 @@
 
 require File.expand_path('../spec_helper', __FILE__)
 
-
 describe SecretSharing::Shamir do
+  include SecretSharing::Shamir
+
+  describe 'get_random_number' do
+    it 'will return a Bignum' do
+      r = get_random_number(32)
+      r.class.must_equal(Bignum)
+    end
+
+    it 'will return a Bignum with a size equaling the requested number of Bytes' do
+      r = get_random_number(32)
+      r.class.must_equal(Bignum)
+    end
+  end
+
+  describe 'get_random_number_with_bitlength' do
+    it 'will return a Bignum' do
+      bitlength = 256
+      r = get_random_number_with_bitlength(bitlength)
+      r.class.must_equal(Bignum)
+    end
+
+    it 'will return a random number of bitlength bits when bitlength is evenly divisible by 8' do
+      bitlength = 256
+      r = get_random_number_with_bitlength(bitlength)
+      r.bit_length.must_equal(bitlength)
+    end
+
+    it 'will return a random number of bitlength bits when bitlength is not evenly divisible by 8' do
+      bitlength = 257
+      r = get_random_number_with_bitlength(bitlength)
+      r.bit_length.must_equal(bitlength)
+    end
+  end
+
+  describe 'miller_rabin_prime?' do
+    it 'will return true for the known primes <= 100' do
+      primes = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97]
+      primes.each do |p|
+        miller_rabin_prime?(p, 1000).must_equal(true)
+      end
+    end
+
+    it 'will return true for 128 bit known primes' do
+      # each generated with: get_prime_number(128)
+      # each was also confirmed to be prime with Wolfram Alpha "Is N prime?"
+      primes = [
+        382767781724287998593870036291756450809,
+        356939410756484930113231794428360705287,
+        629759975992442345994901795062291065567,
+        438321932766749553579901302755893165357,
+        510959605072332037935633647489517878279
+      ]
+
+      primes.each do |p|
+        miller_rabin_prime?(p, 1000).must_equal(true)
+      end
+    end
+
+    it 'will return true for 512 bit known primes' do
+      # each generated with: get_prime_number(512)
+      # each was also confirmed to be prime with Wolfram Alpha "Is N prime?"
+      primes = [
+        23999707866903326489156183307465540658883197873852940711009335379108363305023805329984215621371398530337791438685939745980557830310369653441114726729488047,
+        26264879364280914726387337523874770984938759192907578453587351353319032004165834289093747124468183487116687747810871530759960877154788799650863513281542449,
+        21419943505124415306535132543073126636345087246929370277918349432585089088938166354019597382594479966007308711525355781449302321333323114286893173242617447,
+        15374852860017642027686544538337536903565786542098241857812378775632595902540222017334241111772863426942525633588495075859043584856426724378984665496611453,
+        20279656133141646288468910535277192664988817199276725796792464746874102110167503650047272184232978918686592075892731325814289300758175615144548978275489781
+      ]
+
+      primes.each do |p|
+        miller_rabin_prime?(p, 1000).must_equal(true)
+      end
+    end
 
-  describe 'usafe_encode64 and usafe_decode64' do
+    it 'will return false for 128 bit known non-primes' do
+      # each was also confirmed to NOT be prime with Wolfram Alpha "Is N prime?"
+      # these are the same as the 128 bit primes + 2
+      primes = [
+        382767781724287998593870036291756450809 + 2,
+        356939410756484930113231794428360705287 + 2,
+        629759975992442345994901795062291065567 + 2,
+        438321932766749553579901302755893165357 + 2,
+        510959605072332037935633647489517878279 + 2
+      ]
 
-    include SecretSharing::Shamir
+      primes.each do |p|
+        miller_rabin_prime?(p, 1000).must_equal(false)
+      end
+    end
+  end
+
+  describe 'get_prime_number' do
+    it 'will return a random prime odd number' do
+      p = get_prime_number(128)
+      p.odd?.must_equal(true)
+    end
 
-    it 'will encode and decode back to the original String' do
-      str = MultiJson.dump(:foo => 'bar', :bar => 12_345_678_748_390_743_789)
-      enc = usafe_encode64(str)
-      dec = usafe_decode64(enc)
-      dec.must_equal(str)
+    it 'will return a random prime number of at least the specified bit length + 1' do
+      bit_length = 128
+      p = get_prime_number(bit_length)
+      (p.bit_length >= bit_length + 1).must_equal(true)
     end
 
+    it 'will return a random prime number that tests prime with the miller-rabin test' do
+      p = get_prime_number(128)
+      miller_rabin_prime?(p).must_equal(true)
+    end
   end
 
+  describe 'invmod' do
+    it 'will return a known value' do
+      # http://rosettacode.org/wiki/Modular_inverse#Ruby
+      invmod(42, 2017).must_equal(1969)
+    end
+  end
 end