RubyGems - xaes_gcm - Versions diffs - 0.1.1 → 0.2.0 - Mend

xaes_gcm 0.1.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/README.md +5 -4
data/lib/xaes_gcm/version.rb +1 -1
data/lib/xaes_gcm/xaes256gcm/key.rb +83 -0
data/lib/xaes_gcm/xaes256gcm.rb +18 -0
data/lib/xaes_gcm.rb +4 -10
data/sig/xaes_gcm.rbs +21 -16
metadata +3 -2
data/lib/xaes_gcm/key.rb +0 -81

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8c94c5ea1a1fb9d1ee9045139a86f53f5c8b7ebf89edc7521136a4065e4e32b5
-  data.tar.gz: 4fd2f8e6b2eccb6de066608818177084ad4f5a9c289b9448842224eaa39ad9d7
+  metadata.gz: 455b27ec1f586df020e3abfdaad8b77cf6d0813ecdd026d22b771c582190e90a
+  data.tar.gz: 36d8ef0d413ecac690aa35ee2803e95776e65bd5a537ad9c691c163b1fa35877
 SHA512:
-  metadata.gz: c8a2dc2bc6fb43f227b9fb606cc05ff8caa0f90a160b5e704a19e65bcd959bc2496fa49ff1959b5903fe22087087cc816710ad914a53b498e9c57346e48ac109
-  data.tar.gz: c881c39b0475962a1ee080dfb23c3db5fbb64713ac6fb74225c816fdcac89623789c97ff6d5fa2f8bc0064f468fc6b9a1d2975355cbe9fc9d600069e604b5c38
+  metadata.gz: c9da599d720066ed4a880fa318f5bf4993163eab861b9d83de96425d2c91ca7f64681b7bfc10f342308122b141cb8cf5a1ea401efc87ef737c3d609ad9a7de57
+  data.tar.gz: 6aae306dc14a251b25ae1542ce17238c18ea2a96a72aded1916de9b178c419eefb5eb8c2b9343958c5f7e682ff903d859639dc7aefcb80e4a14436f91d9dd64f

data/README.md CHANGED Viewed

@@ -29,13 +29,13 @@ gem install xaes_gcm
 require "xaes_gcm"
 # Create a reusable key (precomputes the AES key schedule and subkey)
-key = OpenSSL::Random.random_bytes(XaesGcm::KEY_SIZE) # 32 bytes
-xkey = XaesGcm::Key.new(key)
+raw_key = OpenSSL::Random.random_bytes(XaesGcm::Xaes256gcm::KEY_SIZE) # 32 bytes
+key = XaesGcm.key(256, raw_key)
 # Encrypt (generates a random 192-bit nonce by default)
 cipher = OpenSSL::Cipher.new("aes-256-gcm")
 cipher.encrypt
-nonce = xkey.apply(cipher)
+nonce = key.apply(cipher)
 cipher.auth_data = "optional authenticated data"
 ciphertext = cipher.update(plaintext) + cipher.final
 tag = cipher.auth_tag
@@ -43,7 +43,7 @@ tag = cipher.auth_tag
 # Decrypt (pass the same nonce used for encryption)
 decipher = OpenSSL::Cipher.new("aes-256-gcm")
 decipher.decrypt
-xkey.apply(decipher, nonce:)
+key.apply(decipher, nonce:)
 decipher.auth_tag = tag
 decipher.auth_data = "optional authenticated data"
 plaintext = decipher.update(ciphertext) + decipher.final
@@ -60,6 +60,7 @@ Key differences:
 - Smaller code footprint
   - Leaving OpenSSL::Cipher setup to the user
 - Accumulated randomized test vectors are included in the test suite
+- rbs signature
 ## License

data/lib/xaes_gcm/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module XaesGcm
-  VERSION = "0.1.1"
+  VERSION = "0.2.0"
 end

data/lib/xaes_gcm/xaes256gcm/key.rb ADDED Viewed

@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+module XaesGcm
+  module Xaes256gcm
+    class Key
+      def initialize(key)
+        raise ArgumentError, "key must be #{KEY_SIZE} bytes" unless key.bytesize == KEY_SIZE
+        @cipher = OpenSSL::Cipher.new('aes-256-ecb')
+        @cipher.encrypt
+        @cipher.padding = 0
+        @cipher.key = key
+        raise "unexpected cipher block size" unless @cipher.block_size == 16
+        l = @cipher.update("\x00" * @cipher.block_size)
+        @cipher.freeze
+        # K1: shift L left by 1 bit, XOR last byte with 0x87 if MSB was set
+        msb = l.getbyte(0) >> 7
+        k1_bytes = Array.new(16) do |i|
+          next_bit = (i < 15) ? (l.getbyte(i + 1) >> 7) : 0
+          ((l.getbyte(i) << 1) | next_bit) & 0b11111111
+        end
+        k1_bytes[-1] ^= 0b10000111 & -(msb & 1)
+        @k1 = k1_bytes.pack('C*')
+      end
+      if HAVE_INSTANCE_VARIABLES_TO_INSPECT
+        def instance_variables_to_inspect = []
+      else
+        def inspect
+          "#<#{self.class}>"
+        end
+        alias to_s inspect
+      end
+      def enable_hazmat!
+        @enable_hazmat = true
+        self
+      end
+      def apply(cipher, nonce: OpenSSL::Random.random_bytes(NONCE_SIZE))
+        raise ArgumentError, "cipher must be AES-256-GCM" unless cipher.name == "AES-256-GCM"
+        dk = derive_key_raw(nonce:)
+        cipher.key = dk.key
+        cipher.iv = dk.nonce
+        nonce
+      end
+      def derive_key(nonce:)
+        raise RuntimeError, "derive_key is a hazmat API that exposes raw key material; call enable_hazmat! on the Key instance to use it directly" unless @enable_hazmat
+        derive_key_raw(nonce:)
+      end
+      private
+      def derive_key_raw(nonce:)
+        raise ArgumentError, "nonce must be #{NONCE_SIZE} bytes" unless nonce.bytesize == NONCE_SIZE
+        n12 = nonce.byteslice(0, 12)
+        m1 = "\x00\x01\x58\x00".b + n12
+        m2 = "\x00\x02\x58\x00".b + n12
+        m1_xored = xor_blocks(m1, @k1)
+        m2_xored = xor_blocks(m2, @k1)
+        cipher = @cipher.dup
+        derived = cipher.update(m1_xored + m2_xored)
+        DerivedKey.new(key: derived, nonce: nonce.byteslice(12, 12))
+      end
+      def xor_blocks(a, b)
+        a_bytes = a.unpack('C*')
+        b_bytes = b.unpack('C*')
+        a_bytes.length.times { |i| a_bytes[i] ^= b_bytes[i] }
+        a_bytes.pack('C*')
+      end
+    end
+  end
+end

data/lib/xaes_gcm/xaes256gcm.rb ADDED Viewed

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+module XaesGcm
+  module Xaes256gcm
+    KEY_SIZE = 32
+    NONCE_SIZE = 24
+    DerivedKey = Data.define(:key, :nonce) do
+      # Data.define#inspect doesn't use instance_variables_to_inspect
+      def inspect
+        "#<#{self.class}>"
+      end
+      alias to_s inspect
+    end
+  end
+end
+require_relative "xaes256gcm/key"

data/lib/xaes_gcm.rb CHANGED Viewed

@@ -6,9 +6,6 @@ require_relative "xaes_gcm/version"
 module XaesGcm
   class Error < StandardError; end
-  KEY_SIZE = 32
-  NONCE_SIZE = 24
   # Detect instance_variables_to_inspect support (Ruby feature #13555)
   HAVE_INSTANCE_VARIABLES_TO_INSPECT = begin
     klass = Class.new do
@@ -18,13 +15,10 @@ module XaesGcm
     !klass.new.inspect.include?("@secret")
   end
-  DerivedKey = Data.define(:key, :nonce) do
-    # Data.define#inspect doesn't use instance_variables_to_inspect
-    def inspect
-      "#<#{self.class}>"
-    end
-    alias to_s inspect
+  def self.key(key_length, key)
+    raise ArgumentError, "unsupported key length: #{key_length}" unless key_length == 256
+    Xaes256gcm::Key.new(key)
   end
 end
-require_relative "xaes_gcm/key"
+require_relative "xaes_gcm/xaes256gcm"

data/sig/xaes_gcm.rbs CHANGED Viewed

@@ -1,28 +1,33 @@
 module XaesGcm
   VERSION: String
-  KEY_SIZE: Integer
-  NONCE_SIZE: Integer
   class Error < StandardError
   end
-  class DerivedKey
-    attr_reader key: String
-    attr_reader nonce: String
+  def self.key: (Integer key_length, String key) -> Xaes256gcm::Key
-    def self.new: (key: String, nonce: String) -> DerivedKey
-    def self.[]: (key: String, nonce: String) -> DerivedKey
-  end
+  module Xaes256gcm
+    KEY_SIZE: Integer
+    NONCE_SIZE: Integer
+    class DerivedKey
+      attr_reader key: String
+      attr_reader nonce: String
+      def self.new: (key: String, nonce: String) -> DerivedKey
+      def self.[]: (key: String, nonce: String) -> DerivedKey
+    end
-  class Key
-    def initialize: (String key) -> void
-    def enable_hazmat!: () -> self
-    def apply: (OpenSSL::Cipher cipher, ?nonce: String) -> String
-    def derive_key: (nonce: String) -> DerivedKey
+    class Key
+      def initialize: (String key) -> void
+      def enable_hazmat!: () -> self
+      def apply: (OpenSSL::Cipher cipher, ?nonce: String) -> String
+      def derive_key: (nonce: String) -> DerivedKey
-    private
+      private
-    def derive_key_raw: (nonce: String) -> DerivedKey
-    def xor_blocks: (String a, String b) -> String
+      def derive_key_raw: (nonce: String) -> DerivedKey
+      def xor_blocks: (String a, String b) -> String
+    end
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: xaes_gcm
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Sorah Fukumori
@@ -22,8 +22,9 @@ files:
 - README.md
 - Rakefile
 - lib/xaes_gcm.rb
-- lib/xaes_gcm/key.rb
 - lib/xaes_gcm/version.rb
+- lib/xaes_gcm/xaes256gcm.rb
+- lib/xaes_gcm/xaes256gcm/key.rb
 - sig/xaes_gcm.rbs
 homepage: https://github.com/sorah/xaes_gcm
 licenses:

data/lib/xaes_gcm/key.rb DELETED Viewed

@@ -1,81 +0,0 @@
-# frozen_string_literal: true
-module XaesGcm
-  class Key
-    def initialize(key)
-      raise ArgumentError, "key must be #{KEY_SIZE} bytes" unless key.bytesize == KEY_SIZE
-      @cipher = OpenSSL::Cipher.new('aes-256-ecb')
-      @cipher.encrypt
-      @cipher.padding = 0
-      @cipher.key = key
-      # L = AES-256-ECB_K(0^128)
-      l = @cipher.update("\x00" * 16) + @cipher.final
-      # K1: shift L left by 1 bit, XOR last byte with 0x87 if MSB was set
-      msb = l.getbyte(0) >> 7
-      k1_bytes = Array.new(16) do |i|
-        next_bit = (i < 15) ? (l.getbyte(i + 1) >> 7) : 0
-        ((l.getbyte(i) << 1) | next_bit) & 0b11111111
-      end
-      k1_bytes[-1] ^= 0b10000111 & -(msb & 1)
-      @k1 = k1_bytes.pack('C*')
-      @cipher.freeze
-    end
-    if HAVE_INSTANCE_VARIABLES_TO_INSPECT
-      def instance_variables_to_inspect = []
-    else
-      def inspect
-        "#<#{self.class}>"
-      end
-      alias to_s inspect
-    end
-    def enable_hazmat!
-      @enable_hazmat = true
-      self
-    end
-    def apply(cipher, nonce: OpenSSL::Random.random_bytes(NONCE_SIZE))
-      raise ArgumentError, "cipher must be AES-256-GCM" unless cipher.name == "AES-256-GCM"
-      dk = derive_key_raw(nonce:)
-      cipher.key = dk.key
-      cipher.iv = dk.nonce
-      nonce
-    end
-    def derive_key(nonce:)
-      raise RuntimeError, "derive_key is a hazmat API that exposes raw key material; call enable_hazmat! on the Key instance to use it directly" unless @enable_hazmat
-      derive_key_raw(nonce:)
-    end
-    private
-    def derive_key_raw(nonce:)
-      raise ArgumentError, "nonce must be #{NONCE_SIZE} bytes" unless nonce.bytesize == NONCE_SIZE
-      n12 = nonce.byteslice(0, 12)
-      m1 = "\x00\x01X\x00".b + n12
-      m2 = "\x00\x02X\x00".b + n12
-      m1_xored = xor_blocks(m1, @k1)
-      m2_xored = xor_blocks(m2, @k1)
-      cipher = @cipher.dup
-      derived = cipher.update(m1_xored + m2_xored)
-      DerivedKey.new(key: derived, nonce: nonce.byteslice(12, 12))
-    end
-    def xor_blocks(a, b)
-      a_bytes = a.unpack('C*')
-      b_bytes = b.unpack('C*')
-      a_bytes.length.times { |i| a_bytes[i] ^= b_bytes[i] }
-      a_bytes.pack('C*')
-    end
-  end
-end