vault-tree 0.1.0 → 0.3.3

data/lib/vault-tree/keywords/public_encryption_key.rb

@@ -7,15 +7,11 @@ module VaultTree
     end
 
     def evaluate
-      key_pair.public_key(decryption_key)
+      LockSmith.new(private_key: decryption_key).generate_public_key
     end
 
     private
 
-    def key_pair
-      LockSmith::EncryptionKeyPair.new
-    end
-
     def decryption_key
       begin
         contract.retrieve_contents(vault_id)

data/lib/vault-tree/keywords/random_number.rb

@@ -2,7 +2,7 @@ module VaultTree
   class RandomNumber < Keyword
 
     def evaluate
-      LockSmith::RandomNumber.compute
+      LockSmith.new().random_number
     end
 
   end

data/lib/vault-tree/keywords/split_key.rb

@@ -0,0 +1,19 @@
+module VaultTree
+  class SplitKey < Keyword
+    attr_reader :required_key_vaults
+
+    def post_initialize(arg_array)
+      @required_key_vaults = arg_array
+    end
+
+    def evaluate
+      SplitKeyCrypto.new(required_keys: required_keys).generate
+    end
+
+    private
+
+    def required_keys
+      required_key_vaults.map {|id| contract.retrieve_contents(id) }
+    end
+  end
+end

data/lib/vault-tree/keywords/unlocked.rb

@@ -2,7 +2,7 @@ module VaultTree
   class Unlocked < Keyword
 
     def evaluate
-      LockSmith::CryptoHash.compute('UNLOCKED')
+      LockSmith.new(message: 'UNLOCKED').secure_hash
     end
 
   end

data/lib/vault-tree/lock_smith.rb

@@ -0,0 +1,182 @@
+require 'rbnacl'
+
+module VaultTree
+  # VaultTree::LockSmith Interface to Crypto Primatives
+  #
+  # This class provides a interface all of the cryptographic functions used
+  # by Vault Tree.
+  #
+  # Specifically, it exposed the functionallity of the RbNaCl Gem and the
+  # vault-tree-ss secret sharing gem.
+  class LockSmith
+
+    def initialize(opts = {})
+      @message = opts[:message]
+      @cipher_text = opts[:cipher_text]
+      @secret_key = opts[:secret_key]
+      @private_key = opts[:private_key]
+      @public_key = opts[:public_key]
+      @signing_key = opts[:signing_key]
+      @verify_key = opts[:verify_key]
+      @signature = opts[:signature]
+      @outstanding_secret_shares = opts[:outstanding_secret_shares]
+      @secret_recovery_threshold = opts[:secret_recovery_threshold]
+      @secret_shares = opts[:secret_shares]
+    end
+
+    # Random Key for Semetric Encryption
+    #
+    # @return [String] Hex encoded Secret Key
+    def generate_secret_key
+      bin2hex RbNaCl::Hash.sha256(RbNaCl::Random.random_bytes(128))
+    end
+
+    # Randomly Generated Private Key
+    #
+    # @return [String] Hex encoded Private Key
+    def generate_private_key
+      bin2hex(RbNaCl::PrivateKey.generate.to_bytes)
+    end
+
+    # Public Key Derived from a given private key
+    #
+    # @return [String] Hex encoded Public Key
+    def generate_public_key
+      bin2hex(RbNaCl::PrivateKey.new(private_key).public_key.to_bytes)
+    end
+
+    # Randomly Generated Signing Key
+    #
+    # @return [String] Hex encoded Signing Key
+    def generate_signing_key
+      bin2hex(RbNaCl::SigningKey.generate.to_bytes)
+    end
+
+
+    # Public Signature Verification Key
+    # Derived from a given signing key
+    #
+    # @return [String] Hex encoded Verify Key
+    def generate_verify_key
+      bin2hex(RbNaCl::SigningKey.new(signing_key).verify_key.to_bytes)
+    end
+
+    # Check the validity of a message's signature
+    # Will raise RbNaCl::BadSignatureError if the signature check fails
+    def verify_message
+      RbNaCl::VerifyKey.new(verify_key).verify(message, signature)
+    end
+
+    # Symmetric Encryption of the given message
+    #
+    # @return [String] Hex encoded message ciphertext
+    def symmetric_encrypt
+      bin2hex RbNaCl::RandomNonceBox.from_secret_key(secret_key).box(message)
+    end
+
+    # Symmetric Decryption of the given ciphertext
+    #
+    # @return [String] Decoded plaintext message
+    def symmetric_decrypt
+      RbNaCl::RandomNonceBox.from_secret_key(secret_key).open(cipher_text)
+    end
+
+    # Asymmetric Encryption of the given message
+    #LockSmith.new()
+    #
+    # @return [String] Hex encoded message ciphertext
+    def asymmetric_encrypt
+      pri = RbNaCl::PrivateKey.new(private_key)
+      pub = RbNaCl::PublicKey.new(public_key)
+      box = RbNaCl::Box.new(pub,pri)
+      bin2hex RbNaCl::RandomNonceBox.new(box).box(message)
+    end
+
+    # Asymmetric Decryption of the given ciphertext
+    #
+    # @return [String] Decoded plaintext message
+    def asymmetric_decrypt
+      pri = RbNaCl::PrivateKey.new(private_key)
+      pub = RbNaCl::PublicKey.new(public_key)
+      box = RbNaCl::Box.new(pub,pri)
+      RbNaCl::RandomNonceBox.new(box).open(cipher_text)
+    end
+
+    # Random number generation
+    #
+    # This uses the underlying source of random number generation on the OS, so
+    # /dev/urandom on UNIX-like systems, and the MS crypto providor on windows.
+    def random_number
+      bin2hex RbNaCl::Random.random_bytes
+    end
+
+    # Returns the SHA-256 hash of the given data
+    #
+    # There's no streaming done, just pass in the data and be done with it.
+    #
+    # @raise [CryptoError] If the hashing fails for some reason.
+    #
+    # @return [String] The SHA-256 hash as hex
+    def secure_hash
+      bin2hex RbNaCl::Hash.sha256(message)
+    end
+
+    # Sign a message with the signing key
+    def sign_message
+      bin2hex RbNaCl::SigningKey.new(signing_key).sign(message)
+    end
+
+    # Check the validity of a message's signature
+    # Will raise RbNaCl::BadSignatureError if the signature check fails
+    def verify_message
+      RbNaCl::VerifyKey.new(verify_key).verify(signature, message)
+    end
+
+    # Recovers the shared secret from the shares provided
+    # in the initializer.
+    #
+    # @return [String] Secure Hash digest of the assembled secret
+    def combine_secret_shares
+    end
+
+    # Secret Shares associated with the split message
+    #
+    # @return [Array] Array of strings
+    def split_secret
+    end
+
+    private
+
+    def message; @message end
+
+    # Locksmith always expects hex representations
+    # of keys and ciphertext. Convert to binary to
+    # give to RbNaCl.
+    def cipher_text; hex2bin @cipher_text end
+    def private_key; hex2bin @private_key end
+    def public_key; hex2bin @public_key end
+    def secret_key; hex2bin @secret_key end
+    def signing_key; hex2bin @signing_key end
+    def verify_key; hex2bin @verify_key end
+    def signature; hex2bin @signature end
+
+    # Hex encodes a message
+    #
+    # @param [String] The bytes to encode
+    #
+    # @return [String] hexadecimal
+    def bin2hex(bytes)
+      bytes.to_s.unpack("H*").first
+    end
+
+    # Hex decodes a message
+    #
+    # @param [String] hex to decode.
+    #
+    # @return [String] crisp and clean bytes
+    def hex2bin(hex)
+      [hex.to_s].pack("H*")
+    end
+
+  end
+end

data/lib/vault-tree/lock_smith/assembled_shamir_key.rb

@@ -0,0 +1,64 @@
+require 'secretsharing'
+
+module VaultTree
+  module Crypto
+    class AssembledShamirKey
+      attr_reader :key_shares
+
+      # Creates a new AssembledShamirKey object
+      #
+      # @param [Hash]
+      # @option opts [Array] :key_shares Secret Shares as strings
+      #
+      # @return [AssembledShamirKey]
+      def initialize(params)
+        @key_shares = params[:key_shares]
+        validate_key_shares
+      end
+
+      # Recovers the shared secret from the shares provided
+      # in the initializer.
+      #
+      # @return [String] Secure Hash digest of the assembled secret
+      def assemble
+        LockSmith.new(message: assembled_secret).secure_hash
+      end
+
+      private
+
+      def assembled_secret
+        assemble_secret_object
+        assembled_object_string
+      end
+
+      def assemble_secret_object
+        key_shares.each { |s| assembled_object << s }
+      end
+
+      def assembled_object
+        @assembled_object ||= SecretSharing::Shamir.new(total_key_shares)
+      end
+
+      def assembled_object_string
+        assembled_object.secret.to_s
+      end
+
+      def total_key_shares
+        key_shares.length
+      end
+
+      def validate_key_shares
+        raise(TypeError, 'nil key_shares passed') if key_shares.nil?
+        raise(TypeError) if any_none_string_key_shares?
+      end
+
+      def any_none_string_key_shares?
+        key_shares.any? { |s| not_a_string?(s)}
+      end
+
+      def not_a_string?(s)
+        ! s.kind_of?(String)
+      end
+    end
+  end
+end

data/lib/vault-tree/lock_smith/dh_key_pair.rb

@@ -0,0 +1,10 @@
+module VaultTree
+  class DHKeyPair
+    attr_reader :public_key, :secret_key
+
+    def initialize(opts)
+      @public_key = opts[:public_key]
+      @secret_key = opts[:secret_key]
+    end
+  end
+end

data/lib/vault-tree/lock_smith/generated_shamir_key.rb

@@ -0,0 +1,65 @@
+require 'secretsharing'
+
+module VaultTree
+  module Crypto
+    class GeneratedShamirKey
+
+      def initialize(params)
+        @outstanding_shares = params[:outstanding_shares]
+        @recovery_threshold = params[:recovery_threshold]
+      end
+
+      # String representation of the newly generated sharmir key
+      #
+      # @return [String] Secure Hash digest of the generated secret integer
+      def key
+        create_secret
+        LockSmith.new(message: secret_string).secure_hash
+      end
+
+      # Shares associated with the newly generated Sharmir key
+      #
+      # @return [Array] Array of strings
+      def shares
+        create_secret
+        shares_array.map{|s| s.to_s}
+      end
+
+      # Fixnum representation if string value given
+      #
+      # @return [FixNum]
+      def outstanding_shares
+        @outstanding_shares.to_i
+      end
+
+      # Fixnum representation if string value given
+      #
+      # @return [FixNum]
+      def recovery_threshold
+        @recovery_threshold.to_i
+      end
+
+      private
+
+      def secret_string
+        shamir_object.secret.to_s
+      end
+
+      def shares_array
+        shamir_object.shares
+      end
+
+      def shamir_object
+        @shamir_object ||= SecretSharing::Shamir.new(outstanding_shares, recovery_threshold)
+      end
+
+      def create_secret
+        shamir_object.create_random_secret unless secret_set?
+      end
+
+      def secret_set?
+        shamir_object.secret_set?
+      end
+    end
+  end
+end

data/lib/vault-tree/lock_smith/split_key.rb

@@ -0,0 +1,23 @@
+module VaultTree
+  class SplitKeyCrypto
+    attr_reader :required_keys
+
+    def initialize(opts)
+      @required_keys = opts[:required_keys]
+    end
+
+    def generate
+      secure_hash key_digests.join('')
+    end
+
+    private
+
+    def key_digests
+      required_keys.map{|k| secure_hash(k) }
+    end
+
+    def secure_hash(s)
+      LockSmith.new(message: s).secure_hash
+    end
+  end
+end

data/lib/vault-tree/{config/path_helpers.rb → path_helpers.rb}

@@ -7,7 +7,7 @@ module VaultTree
     end 
 
     def walk_to_root
-      '../../../'
+      '../../'
     end 
 
     def project_dir
@@ -27,13 +27,17 @@ module VaultTree
     end
 
     def fixtures_dir
-      "#{project_dir}/spec/support/fixtures"
+      "#{project_dir}/features/support/contract_fixtures"
     end
 
     def reference_contract
       "#{fixtures_dir}/reference_contract.1.0.0.json"
     end
 
+    def shared_secret_contract
+      "#{fixtures_dir}/shared_secret_contract.json"
+    end
+
     def broken_contract
       "#{fixtures_dir}/broken_contract.json"
     end
@@ -45,5 +49,25 @@ module VaultTree
     def simple_test_contract
       "#{fixtures_dir}/simple_test_contract.json"
     end
+
+    def exceptions_files
+      Dir["#{project_dir}/lib/vault-tree/exceptions/*.rb"]
+    end
+
+    def keywords_files
+      Dir["#{project_dir}/lib/vault-tree/keywords/*.rb"]
+    end
+
+    def lock_smith_files
+      Dir["#{project_dir}/lib/vault-tree/lock_smith/*.rb"]
+    end
+
+    def contract_files
+      Dir["#{project_dir}/lib/vault-tree/contract/*.rb"]
+    end
+
+    def core_contracts(file)
+      "#{fixtures_dir}/#{file}"
+    end
   end
 end