vault-tree 0.1.0

data/.gitignore

@@ -0,0 +1,26 @@
+# simple_cove generated
+coverage
+coverage.data
+
+# rdoc generated
+rdoc
+
+# yard generated
+doc
+.yardoc
+
+# bundler
+.bundle
+
+# jeweler generated
+pkg
+
+# Vagrant
+.vagrant/
+package.box
+
+# ignore contracts directory
+contracts/
+
+# ignore built gem
+*.gem

data/Gemfile

@@ -0,0 +1,2 @@
+source 'http://rubygems.org'
+gemspec

data/Gemfile.lock

@@ -0,0 +1,43 @@
+PATH
+  remote: .
+  specs:
+    vault-tree (0.1.3)
+      rbnacl (= 1.1.0)
+      require_all
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    builder (3.2.2)
+    cucumber (1.3.8)
+      builder (>= 2.1.2)
+      diff-lcs (>= 1.1.3)
+      gherkin (~> 2.12.1)
+      multi_json (>= 1.7.5, < 2.0)
+      multi_test (>= 0.0.2)
+    diff-lcs (1.2.4)
+    ffi (1.9.3)
+    gherkin (2.12.2)
+      multi_json (~> 1.3)
+    multi_json (1.8.1)
+    multi_test (0.0.2)
+    rbnacl (1.1.0)
+      ffi
+    require_all (1.3.2)
+    rspec (2.14.1)
+      rspec-core (~> 2.14.0)
+      rspec-expectations (~> 2.14.0)
+      rspec-mocks (~> 2.14.0)
+    rspec-core (2.14.5)
+    rspec-expectations (2.14.3)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.14.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.3)
+  cucumber
+  rspec
+  vault-tree!

data/LICENSE.txt

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2013 Andrew Bashelor
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,118 @@
+## Vault Tree
+
+_The Self Enforcing Contract_
+
+Vault Tree is a collection of tools for building and executing distributed cryptographic contracts.
+
+Before you begin make sure you checkout the [Vault Tree Homepage] for an overview of the project.
+
+[Vault Tree Homepage]: http://www.vault-tree.org
+
+### Welcome!
+
+The Vault Tree Project consists of:
+
+* A JSON based DSL for building Distributed Crytographic Contracts
+* A a Ruby library to execute these contracts
+* A Github [Contracts Repository] that acts as a focal point of collaboration for developers writing and testing interesting crytographic contracts
+
+[Contracts Repository]: https://github.com/VaultTree/contracts
+
+### Install
+
+Before you start:
+
+* If you just want to use Vault Tree to build and execute contracts go to the [Contracts Repository].
+* To use the library in your application or want to contribute code, you're in the right place.
+* Before you pull the trigger on the install remember we have a Vagrant Box.
+
+[Contracts Repository]: https://github.com/VaultTree/contracts
+
+Okay, lets begin.
+
+As a prerequisite get [libsodium] on you machine. This is the underlying cryptographic library that Vault Tree depends on.
+
+[libsodium]: https://github.com/jedisct1/libsodium
+
+* If you are on _OSX_ there is a [brew] package available. So just:
+
+  ```
+  brew install libsodium
+  ```
+
+[brew]: http://brew.sh/
+
+* If you're on a Debian based system, there is no _apt-get_ package that I know of, but there
+  are some helpful install scripts on the web. I've checked one of these in at:
+
+  ```
+  vault-tree/support/scripts/libsodium_ubuntu.sh
+  ```
+
+* If you're on Windows, the Vagrant install gives you a Linux virtual machine that helps you to pretend that you're not on Windows.
+
+Now that you have libsodium, if you're a Ruby developer you know the drill from here:
+
+```
+gem install vault-tree
+```
+
+and then 
+
+```
+require 'vault-tree'
+```
+
+somewhere before you use it.
+
+
+### Vagrant
+
+I think it should be easy for you to get a Vault Tree development environment up and running. If you don't know about Vagrant, you should, it's awesome!
+ 
+* Follow the [Vagrant] download and install steps
+* Clone the Vault Tree Repo and go into it:
+
+[Vagrant]: http://www.vagrantup.com/
+
+```
+  git clone git@github.com:VaultTree/vault-tree.git
+  cd ~/path/to/vault-tree/
+```
+
+Now you just need to Vagrant Up!
+
+```
+  vagrant up
+```
+
+This will download and boot a pre-packaged Linux virtual machine with Vault-Tree and all dependencies already installed.
+
+Once your VM is downloaded and built. You can go inside with:
+ 
+```
+  vagrant shh
+```
+
+As a developer working on Vault Tree you can now go to the VM's directory:
+
+```
+/vagrant 
+```
+
+and run `rake`. This will run all the tests and put you in a good spot to start exploring the code.
+
+If you're not already familiar, take a few minutes to learn about how Vagrant will [sync your files] to and from the guest machine.
+
+[sync your files]: http://docs.vagrantup.com/v2/getting-started/synced_folders.html
+
+### Is it production ready?
+
+Absolutely not. We have a long way to go.
+
+Here are some of the big issues that I could use your help on as we move to version 1.0:
+
+* This is a crypto application so vulnerabilities need to be identified and corrected. We need more eyes in this area.
+* We we need to figure out if the supported keywords are sufficient to implement basic secure computation schemes.
+  - For example, Digital Signatures and HMACs are not implemented but could be.
+  - Should they be implemented? What is the use case? Ect. We need to have these conversations.

data/Rakefile

@@ -0,0 +1,17 @@
+require_relative 'lib/vault-tree.rb'
+require 'cucumber'
+require 'cucumber/rake/task'
+require 'rspec/core/rake_task'
+require "bundler/gem_tasks"
+
+task :default => 'spec'
+
+Cucumber::Rake::Task.new('cuke') do |t|
+  # -r means you require all support files first
+  # this allows you to organize and run by subdirectory
+  t.cucumber_opts = "-r features features --format pretty"
+end
+
+task :spec => 'cuke' do
+  STDOUT.write %x[rspec --format doc]
+end

data/VagrantFile

@@ -0,0 +1,30 @@
+Vagrant::Config.run do |config|
+  config.vm.box = "vault-tree-box"
+  config.vm.box_url = "http://vault-tree-box.s3.amazonaws.com/package.box"
+  #config.vm.provision :chef_solo do |chef|
+  #  chef.cookbooks_path = "support/cookbooks"
+  #   chef.add_recipe("git")
+  #   chef.add_recipe("build-essential")
+  #   chef.add_recipe("ruby_build")
+  #   chef.add_recipe("chruby")
+  #   chef.add_recipe("install_ruby")
+  #end
+end
+
+module VagrantHelpers
+  module PathHelpers
+    extend self
+
+    def provision_dir
+      "#{project_dir}/lib/vagrant"
+    end
+
+    def project_dir
+      File.expand_path(current_dir_rel)
+    end
+
+    def current_dir_rel
+      File.dirname(__FILE__)
+    end
+  end
+end

data/features/core.feature

@@ -0,0 +1,44 @@
+Feature: Core Functionality
+
+Scenario: Close And Open With Master Password
+  Given I have a blank reference contract
+  When I lock a message in a vault with my Master Password
+  Then I can recover the message with my Master Password
+
+Scenario: Close And Open With Random Key
+  Given I have a blank reference contract
+  When I lock away a random vault key
+  And I use the random key to lock a message
+  Then I can recover the message with the Random Key
+
+Scenario: Transfer Key Via Unlocked Vault
+  Given I have a blank reference contract
+  When I lock away a random vault key
+  And I use the random key to lock a message
+  And I put this random key in an unlocked vault
+  Then another user can recover the message with the Unlocked Random Key
+
+Scenario: Asymmetric Vault
+  Given I have a blank reference contract
+  And I have access to the another user's unlocked public key
+  And I lock a simple message with a shared key
+  When I transfer the contract to the other user
+  Then they can create a shared key and unlock the message
+
+Scenario: Example - Alice and Bob Execute a One Two Three Contract
+  Given Alice has the blank contract
+  When she locks all of her attributes
+  And she sends the contract to Bob  
+  Then Bob can access her public attributes
+  When Bob locks his attributes
+  And He fills and locks each of the three vaults
+  Then Alice can execute the contract to recover the final message
+
+Scenario: Example - A Simple Block Chain Key Transfer
+  Given the SENDER has the blank BTC Key Transfer template
+  And the SENDER chooses an origin wallet address and concealed destination address
+  And he locks away the secret BTC signing key
+  When the SENDER transfers the Vault-Tree contract to the RECEIVER
+  Then the RECEIVER can access the origin wallet address
+  When the SENDER reveals the hidden wallet address by Blockchain payment from the origin address
+  Then the RECEIVER can unlock the vault to recover the transfered signing key

data/features/exceptions.feature

@@ -0,0 +1,41 @@
+Feature: Vault Tree Exceptions
+
+Scenario: Empty Vault
+  Given the broken contract
+  When I attempt to open an empty vault
+  Then an EmptyVault exception is raised
+
+Scenario: Attempted Fill with Master Password 
+  Given the broken contract
+  When I attempt fill a vault with my Master Password  
+  Then a FillAttemptMasterPassword exception is raised
+
+Scenario: Missing External Data
+  Given the broken contract
+  When I attempt fill a vault with External Data that does not exists
+  Then a MissingExternalData exception is raised
+
+Scenario: Missing Passphrase
+  Given a valid blank contract
+  When I attempt fill a vault without providing a master passphrase 
+  Then a MissingPassphrase exception is raised
+
+Scenario: Unsupported Keyword
+  Given the broken contract
+  When I attempt fill a vault with an unsupported Keyword
+  Then an UnsupportedKeyword exception is raised
+
+Scenario: Vault Does Not Exists on Retrieval
+  Given the broken contract
+  When I attempt to open a vault that does not exists
+  Then a VaultDoesNotExist exception is raised
+
+Scenario: Vault Does Not Exists on Closing
+  Given the broken contract
+  When I attempt to close a vault that does not exists
+  Then a VaultDoesNotExist exception is raised
+
+Scenario: Missing Partner Decryption Key
+  Given the broken contract
+  When I attempt to fill with an encryption key without first establishing the decryption key
+  Then a MissingPartnerDecryptionKey exception is raised

data/features/steps/core.steps.rb

@@ -0,0 +1,168 @@
+Given(/^Alice has the blank contract$/) do
+  contract_path = VaultTree::PathHelpers.reference_contract
+  @contract_json = File.read(contract_path)
+end
+
+# Change this to just attributes vice public attributes
+When(/^she locks all of her attributes$/) do
+  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'ALICE_SECURE_PASS', external_data: {})
+  @contract = @contract.close_vault('alice_decryption_key')
+  @contract = @contract.close_vault('alice_public_encryption_key')
+end
+
+When(/^she sends the contract to Bob$/) do
+  @contract_json = @contract.as_json 
+  @bobs_external_data = {"congratulations_message" => "CONGRATS! YOU OPENED THE THIRD VAULT."}
+  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'BOB_SECURE_PASS', external_data: @bobs_external_data)
+end
+
+Then(/^Bob can access her public attributes$/) do
+  @contents = @contract.retrieve_contents('alice_public_encryption_key')
+end
+
+When(/^Bob locks his attributes$/) do
+
+  @contract = @contract.close_vault('bob_decryption_key')
+  # Verify can reopen
+  @contract.retrieve_contents('bob_decryption_key')
+
+  @contract = @contract.close_vault('congratulations_message')
+  # Verify can reopen
+  @contract.retrieve_contents('congratulations_message')
+
+  @contract = @contract.close_vault('vault_two_key')
+  # Verify they can reopen
+  @contract.retrieve_contents('vault_two_key')
+
+  @contract = @contract.close_vault('vault_three_key')
+  # Verify they can reopen
+  @contract.retrieve_contents('vault_three_key')
+
+  @contract = @contract.close_vault('bob_public_encryption_key')
+  # Verify they can reopen
+  @contract.retrieve_contents('bob_public_encryption_key')
+end
+
+When(/^He fills and locks each of the three vaults$/) do
+  @contract = @contract.close_vault('first')
+  @contract = @contract.close_vault('second')
+  @contract = @contract.close_vault('third')
+end
+
+Then(/^Alice can execute the contract to recover the final message$/) do
+  @contract_json = @contract.as_json 
+  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'ALICE_SECURE_PASS', external_data: {})
+  puts @contract.retrieve_contents('third')
+  @contract.retrieve_contents('third').should == @bobs_external_data['congratulations_message']
+end
+
+Given(/^the SENDER has the blank BTC Key Transfer template$/) do
+  contract_path = VaultTree::PathHelpers.reference_contract
+  @contract_json = File.read(contract_path)
+end
+
+Given(/^the SENDER chooses an origin wallet address and concealed destination address$/) do
+  @sender_external_data =
+    {
+      'sender_origin_wallet_address' => '1XJEBF8EUBF855NEBHVENPFE9JE74E',
+      'sender_concealed_destination_wallet_address' => '1JVKE8HD5JDHFEJHF678JEH8DEJGHE',
+      'sender_btc_signing_key' => 'BITCOIN_SIGNING_KEY_KEEP_IT_SECRET'
+    }
+  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'SENDER_SECURE_PASS', external_data: @sender_external_data)
+  @contract = @contract.close_vault('sender_origin_wallet_address')
+  @contract = @contract.close_vault('sender_concealed_destination_wallet_address')
+end
+
+Given(/^he locks away the secret BTC signing key$/) do
+  @contract = @contract.close_vault('sender_btc_signing_key')
+end
+
+When(/^the SENDER transfers the Vault\-Tree contract to the RECEIVER$/) do
+  @contract_json_over_the_wire = @contract.as_json
+  @contract = VaultTree::Contract.new(@contract_json_over_the_wire, master_passphrase: 'RECEIVER_SECURE_PASS')
+end
+
+Then(/^the RECEIVER can access the origin wallet address$/) do
+  @contract.retrieve_contents('sender_origin_wallet_address').should == @sender_external_data['sender_origin_wallet_address']
+end
+
+When(/^the SENDER reveals the hidden wallet address by Blockchain payment from the origin address$/) do
+  @contract_json = @contract.as_json # save the json state
+  wallet_address_from_watching_blockchain = @sender_external_data['sender_concealed_destination_wallet_address']
+  @receiver_external_data = { 'receiver_revealed_destination_wallet_address' => wallet_address_from_watching_blockchain}
+  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'RECEIVER_SECURE_PASS', external_data: @receiver_external_data)
+  @contract = @contract.close_vault('receiver_revealed_destination_wallet_address')
+end
+
+Then(/^the RECEIVER can unlock the vault to recover the transfered signing key$/) do
+  transfered_secret_key = @contract.retrieve_contents('sender_btc_signing_key')
+  transfered_secret_key.should ==  @sender_external_data['sender_btc_signing_key']
+  puts "PROPERLY TRANSFERED: #{transfered_secret_key} !"
+end
+
+Given(/^I have a blank reference contract$/) do
+  contract_path = VaultTree::PathHelpers.reference_contract
+  @contract_json = File.read(contract_path)
+end
+
+When(/^I lock a message in a vault with my Master Password$/) do
+  @external_data = {"message" => "CONGRATS! YOU OPENED THE VAULT."}
+  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'MY_SECURE_PASS', external_data: @external_data)
+  @contract = @contract.close_vault('message')
+end
+
+Then(/^I can recover the message with my Master Password$/) do
+  @contract.retrieve_contents('message').should == @external_data['message']
+end
+
+When(/^I lock away a random vault key$/) do
+  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'MY_SECURE_PASS')
+  @contract = @contract.close_vault('random_vault_key')
+end
+
+When(/^I use the random key to lock a message$/) do
+  @external_data = {"message_locked_with_random" => "CONGRATS! YOU OPENED THE VAULT WITH A RANDOM KEY."}
+  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'MY_SECURE_PASS', external_data: @external_data)
+  @contract = @contract.close_vault('message_locked_with_random')
+end
+
+Then(/^I can recover the message with the Random Key$/) do
+  @contract.retrieve_contents('message_locked_with_random').should == @external_data['message_locked_with_random']
+end
+
+When(/^I put this random key in an unlocked vault$/) do
+  @contract = @contract.close_vault('unlocked_random_key')
+end
+
+Then(/^another user can recover the message with the Unlocked Random Key$/) do
+  @contract = @contract.close_vault('message_locked_with_unlocked_random_number')
+  @contract_json = @contract.as_json
+  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'ANOTHER_SECURE_PASS')
+  @contract.retrieve_contents('message_locked_with_unlocked_random_number').should == @external_data['message_locked_with_random']
+end
+
+Given(/^I have access to the another user's unlocked public key$/) do
+  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'ANOTHER_USERS_SECURE_PASS')
+  @contract = @contract.close_vault('another_decryption_key')
+  @contract = @contract.close_vault('another_public_key')
+  @contract_json = @contract.as_json
+  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'MY_SECURE_PASS')
+  @contract = @contract.close_vault('my_decryption_key')
+  @contract = @contract.close_vault('my_public_key')
+end
+
+Given(/^I lock a simple message with a shared key$/) do
+  @contract_json = @contract.as_json
+  @external_data = {"asymmetric_message" => "CONGRATS! YOU OPENED THE ASYMMETRIC VAULT."}
+  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'MY_SECURE_PASS', external_data: @external_data)
+  @contract = @contract.close_vault('asymmetric_message')
+end
+
+When(/^I transfer the contract to the other user$/) do
+  @contract_json = @contract.as_json
+  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'ANOTHER_USERS_SECURE_PASS')
+end
+
+Then(/^they can create a shared key and unlock the message$/) do
+  @contract.retrieve_contents('asymmetric_message').should == @external_data['asymmetric_message']
+end