RubyGems - sygna - Versions diffs - 0.1.3 → 0.1.7 - Mend

sygna 0.1.3 → 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a75991d67a893ff92a864d26baedbfb012eb3762b3fe64eeaa82e3342aab64f7
-  data.tar.gz: 1c01825849fb2ba32811dcaa167de8fbc39c21f320b1d4cce4e62e4560c8658b
+  metadata.gz: 207581b951aa254c6b3db5d358a28ea78130312d96f480ecd0917c2729c9c5e0
+  data.tar.gz: 4f4257a9ac614e9d77c686eae821929112c6e6057de2bdc9f1e1a9f1ecf247a3
 SHA512:
-  metadata.gz: e514458cd2e75782bfc5ff776370b59d8464fa32900cada13463e2ee728d62dc7684c7954f1f70bd61a6069dbea2892685870d1b7f17e31a2ae1f462b738cd0f
-  data.tar.gz: 77b4c48fc647d006dd679072c04574781d288203ce232a2e4fc694731c0b80550cc8d0221008d8133a7ac775f1a30823d37a8e1e92cda001daf7c20e2297c18b
+  metadata.gz: 74b1331f0a72b5ab457394f078fc6a19fe08cc8665140e59c84669a9859c74396ce19963a627f11f2f986d7b4d32a98e1782050b8d93277d086af915c97c41c2
+  data.tar.gz: 2d6f3f64d2d5c117ee1d7faba488bcf91fd3887c10a6d57ee8d86b1f7cda5398a6be99005bb6f6054b627b67dbe5802e2203947d367e7fbcfb50b944ac1d36e4

data/lib/sygna/crypt.rb CHANGED Viewed

@@ -25,32 +25,14 @@ module Sygna
     #     {CIPHERS}.
     # @param digest [String,OpenSSL::Digest] The digest algorithm to use for
     #     HMAC and KDF. Must be one of {DIGESTS}.
-    # @param mac_length [:half,:full] The length of the mac. If :half, the mac
-    #     length will be equal to half the mac_digest's digest_legnth. If
-    #     :full, the mac length will be equal to the mac_digest's
-    #     digest_length.
-    # @param kdf_digest [String,OpenSSL::Digest,nil] The digest algorithm to
-    #     use for KDF. If not specified, the `digest` argument will be used.
     # @param mac_digest [String,OpenSSL::Digest,nil] The digest algorithm to
     #     use for HMAC. If not specified, the `digest` argument will be used.
-    # @param kdf_shared_info [String] Optional. A string containing the shared
-    #     info used for KDF, also known as SharedInfo1.
-    # @param mac_shared_info [String] Optional. A string containing the shared
-    #     info used for MAC, also known as SharedInfo2.
-    def initialize(cipher: 'AES-256-CTR', digest: 'SHA256', mac_length: :half, kdf_digest: nil, mac_digest: nil, kdf_shared_info: '', mac_shared_info: '')
+    def initialize(cipher: 'AES-256-CTR', digest: 'SHA256', mac_digest: nil)
       @cipher = OpenSSL::Cipher.new(cipher)
       @mac_digest = OpenSSL::Digest.new(mac_digest || digest)
-      @kdf_digest = OpenSSL::Digest.new(kdf_digest || digest)
-      @kdf_shared_info = kdf_shared_info
-      @mac_shared_info = mac_shared_info
       CIPHERS.include?(@cipher.name) or raise "Cipher must be one of #{CIPHERS}"
       DIGESTS.include?(@mac_digest.name) or raise "Digest must be one of #{DIGESTS}"
-      DIGESTS.include?(@kdf_digest.name) or raise "Digest must be one of #{DIGESTS}"
-      [:half, :full].include?(mac_length) or raise "mac_length must be :half or :full"
-      @mac_length = @mac_digest.digest_length
-      @mac_length /= 2 if mac_length == :half
     end
     # Encrypts a message to a public key using ECIES.
@@ -63,23 +45,27 @@ module Sygna
       @cipher.reset
       group_copy = OpenSSL::PKey::EC::Group.new(key.group)
-      group_copy.point_conversion_form = :compressed
       ephemeral_key = OpenSSL::PKey::EC.new(group_copy).generate_key
       ephemeral_public_key_octet = ephemeral_key.public_key.to_bn.to_s(2)
       shared_secret = ephemeral_key.dh_compute_key(key.public_key)
-      key_pair = kdf(shared_secret, @cipher.key_len + @mac_length, ephemeral_public_key_octet)
-      cipher_key = key_pair.byteslice(0, @cipher.key_len)
-      hmac_key = key_pair.byteslice(-@mac_length, @mac_length)
+      hashed_secret = Digest::SHA512.digest(shared_secret)
+      cipher_key = hashed_secret.slice(0, 32)
+      hmac_key = hashed_secret.slice(32, hashed_secret.length - 32)
       @cipher.encrypt
       @cipher.iv = IV
       @cipher.key = cipher_key
       ciphertext = @cipher.update(message) + @cipher.final
-      mac = OpenSSL::HMAC.digest(@mac_digest, hmac_key, ciphertext + @mac_shared_info).byteslice(0, @mac_length)
+      data_to_mac = IV + ephemeral_public_key_octet + ciphertext
+      mac = OpenSSL::HMAC.digest(@mac_digest, hmac_key, data_to_mac)
+      # 65 + 20 + 16
       ephemeral_public_key_octet + mac + ciphertext
     end
@@ -93,25 +79,25 @@ module Sygna
       @cipher.reset
       group_copy = OpenSSL::PKey::EC::Group.new(key.group)
-      group_copy.point_conversion_form = :compressed
-      ephemeral_public_key_length = group_copy.generator.to_bn.to_s(2).bytesize
-      ciphertext_length = encrypted_message.bytesize - ephemeral_public_key_length - @mac_length
-      ciphertext_length > 0 or raise OpenSSL::PKey::ECError, "Encrypted message too short"
+      ephemeral_public_key_octet = encrypted_message.slice(0, 65)
+      mac = encrypted_message.slice(65, 20)
-      ephemeral_public_key_octet = encrypted_message.byteslice(0, ephemeral_public_key_length)
-      ciphertext = encrypted_message.byteslice(ephemeral_public_key_length, ciphertext_length)
-      mac = encrypted_message.byteslice(-@mac_length, @mac_length)
+      ciphertext = encrypted_message.slice(85, encrypted_message.size)
       ephemeral_public_key = OpenSSL::PKey::EC::Point.new(group_copy, OpenSSL::BN.new(ephemeral_public_key_octet, 2))
       shared_secret = key.dh_compute_key(ephemeral_public_key)
-      key_pair = kdf(shared_secret, @cipher.key_len + @mac_length, ephemeral_public_key_octet)
-      cipher_key = key_pair.byteslice(0, @cipher.key_len)
-      hmac_key = key_pair.byteslice(-@mac_length, @mac_length)
+      hashed_secret = Digest::SHA512.digest(shared_secret)
+      cipher_key = hashed_secret.slice(0, 32)
+      hmac_key = hashed_secret.slice(32, hashed_secret.length)
-      computed_mac = OpenSSL::HMAC.digest(@mac_digest, hmac_key, ciphertext + @mac_shared_info).byteslice(0, @mac_length)
+      data_to_mac = IV + ephemeral_public_key_octet + ciphertext
+      computed_mac = OpenSSL::HMAC.digest("SHA1", hmac_key, data_to_mac)
       computed_mac == mac or raise OpenSSL::PKey::ECError, "Invalid Message Authenticaton Code"
       @cipher.decrypt
@@ -121,43 +107,6 @@ module Sygna
       @cipher.update(ciphertext) + @cipher.final
     end
-    # Key-derivation function, compatible with ANSI-X9.63-KDF
-    #
-    # @param shared_secret [String] The shared secret from which the key will
-    #     be derived.
-    # @param length [Integer] The length of the key to generate.
-    # @param shared_info_suffix [String] The suffix to append to the
-    #     shared_info.
-    # @return [String] Octet string of the derived key.
-    def kdf(shared_secret, length, shared_info_suffix)
-      length >=0 or raise "length cannot be negative"
-      return "" if length == 0
-      if length / @kdf_digest.digest_length >= 0xFF_FF_FF_FF
-        raise "length too large"
-      end
-      io = StringIO.new(String.new)
-      counter = 0
-      loop do
-        counter += 1
-        counter_bytes = [counter].pack('N')
-        io << @kdf_digest.digest(shared_secret + counter_bytes + @kdf_shared_info + shared_info_suffix)
-        if io.pos >= length
-          return io.string.byteslice(0, length)
-        end
-      end
-    end
-    # @return [String] A string representing this Crypt's parameters.
-    def to_s
-      "KDF-#{@kdf_digest.name}_" +
-      "HMAC-SHA-#{@mac_digest.digest_length * 8}-#{@mac_length * 8}_" +
-      @cipher.name
-    end
     # Converts a hex-encoded public key to an `OpenSSL::PKey::EC`.
     #
     # @param hex_string [String] The hex-encoded public key.

data/lib/sygna/signature.rb CHANGED Viewed

@@ -8,14 +8,18 @@ module Sygna
       Secp256k1::Utils.encode_hex(ecdsa_private_key.ecdsa_serialize_compact(ecdsa_private_key.ecdsa_sign(object_string)))
     end
-    def self.verify(object, signature)
+    def self.verify(object, signature, public_key)
       object_string = object.merge(EMPTY_SIGNATURE).to_json
       raw_signature = Secp256k1::Utils.decode_hex(signature)
-      signature = ecdsa_private_key.pubkey.ecdsa_deserialize_compact(raw_signature)
+      public_key_binary = [public_key].pack("H*")
-      ecdsa_private_key.pubkey.ecdsa_verify(object_string, signature)
+      ecdsa_public_key = Secp256k1::PublicKey.new(pubkey: public_key)
+      signature = ecdsa_public_key.ecdsa_deserialize_compact(raw_signature)
+      ecdsa_public_key.ecdsa_verify(object_string, signature)
     end
     def self.ecdsa_private_key

data/lib/sygna/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Sygna
-  VERSION = "0.1.3"
+  VERSION = "0.1.7"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sygna
 version: !ruby/object:Gem::Version
-  version: 0.1.3
+  version: 0.1.7
 platform: ruby
 authors:
 - Nic
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-04-06 00:00:00.000000000 Z
+date: 2020-04-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler