xstream 0.0.0 → 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 32fee938822c8a5a7cd5ebd651b2b16f42081dbe
4
- data.tar.gz: 983432526edf0a8880096b26f7f81df759552aa9
2
+ SHA256:
3
+ metadata.gz: 869cb2a3a6326ac15f6711049d9e8a47cb801d5d5cba5850274558e34fc7ddef
4
+ data.tar.gz: 7d21c47213ec45151b556eea0ddbddf4b0fefcd2093464d6fbff42abadb40543
5
5
  SHA512:
6
- metadata.gz: de13fd1f52f3545c8f8def6ac917ff59a330d290c11102aeddee2f82654993815f5786399692199975be279c27a53b0be791e8499d47bc3a3993483c8f0e1a9a
7
- data.tar.gz: 59efd6a0f5b2ce2ffad2f2be16e41ec3f0d9067e9e5a5f997f0994c428c23992ac13ea2054c6064744c7df02a12e4b72a5a4327a8080aa3a0c038145a1abe64f
6
+ metadata.gz: c1f0e99de71f5d377ebaa83dba2f466407dc880e429c4573639ab5af62841d89060a900342f4fdd3fb9c1be67147fb29d96b11e39c71708878dfa2ef8a9976a2
7
+ data.tar.gz: cc2a84038f14803c81671838cf86710912f7e02821ad2a01d900a7e61e059bc204c6eeca179ce5fc87f4ee00c2cf16943a650f0c09a4105283eedf80f9f342db
data/.gitignore CHANGED
@@ -10,3 +10,4 @@
10
10
 
11
11
  # rspec failure tracking
12
12
  .rspec_status
13
+ .rakeTasks
data/.rspec CHANGED
@@ -1,4 +1,5 @@
1
1
  --color
2
- --format=documentation
2
+ --format documentation
3
3
  --order random
4
+ --warnings
4
5
  --require spec_helper
@@ -1,13 +1,7 @@
1
1
  AllCops:
2
+ TargetRubyVersion: 2.2
2
3
  DisplayCopNames: true
3
4
 
4
- #
5
- # Style
6
- #
7
-
8
- Style/StringLiterals:
9
- EnforcedStyle: double_quotes
10
-
11
5
  #
12
6
  # Metrics
13
7
  #
@@ -15,6 +9,9 @@ Style/StringLiterals:
15
9
  Metrics/AbcSize:
16
10
  Enabled: false
17
11
 
12
+ Metrics/BlockLength:
13
+ Max: 100
14
+
18
15
  Metrics/CyclomaticComplexity:
19
16
  Enabled: false
20
17
 
@@ -29,3 +26,13 @@ Metrics/LineLength:
29
26
 
30
27
  Metrics/MethodLength:
31
28
  Max: 25
29
+
30
+ #
31
+ # Style
32
+ #
33
+
34
+ Style/FrozenStringLiteralComment:
35
+ Enabled: true
36
+
37
+ Style/StringLiterals:
38
+ EnforcedStyle: double_quotes
data/Gemfile CHANGED
@@ -5,7 +5,8 @@ source "https://rubygems.org"
5
5
  gemspec
6
6
 
7
7
  group :development, :test do
8
- gem "rake"
9
- gem "rspec", "~> 3.7"
10
- gem "rubocop", "0.51.0"
8
+ gem "rake", require: false
9
+ gem "rspec", "~> 3.7", require: false
10
+ gem "rubocop", "0.52.0", require: false
11
+ gem "tjson", "~> 0.5", require: false
11
12
  end
data/README.md CHANGED
@@ -1,6 +1,61 @@
1
- # xstream.rb
1
+ # xstream.rb [![Latest Version][gem-shield]][gem-link] [![Build Status][build-image]][build-link] [![Yard Docs][docs-image]][docs-link] [![MIT licensed][license-image]][license-link] [![Gitter Chat][gitter-image]][gitter-link]
2
2
 
3
- Public key encryption system combining X25519 Diffie-Hellman with the STREAM construction
3
+ [gem-shield]: https://badge.fury.io/rb/xstream.svg
4
+ [gem-link]: https://rubygems.org/gems/xstream
5
+ [build-image]: https://secure.travis-ci.org/miscreant/xstream.svg?branch=master
6
+ [build-link]: http://travis-ci.org/miscreant/xstream
7
+ [docs-image]: https://img.shields.io/badge/yard-docs-blue.svg
8
+ [docs-link]: http://www.rubydoc.info/gems/xstream/0.0.0
9
+ [license-image]: https://img.shields.io/badge/license-MIT/Apache2.0-blue.svg
10
+ [license-link]: https://github.com/miscreant/xstream#license
11
+ [gitter-image]: https://badges.gitter.im/badge.svg
12
+ [gitter-link]: https://gitter.im/miscreant/Lobby
13
+
14
+ **XSTREAM** (pronounced *"extreme!"*) is a public key encryption system combining
15
+ X25519 Elliptic Curve Diffie-Hellman ([RFC 7748]) with the [STREAM] construction.
16
+
17
+ The implementations in this repository are built on top of the
18
+ [Miscreant] misuse-resistant symmetric encryption library, which provides
19
+ the [AES-SIV] and [AES-PMAC-SIV] algorithms.
20
+
21
+ [More information on XSTREAM](https://github.com/miscreant/xstream/wiki/XSTREAM)
22
+ is available in the Wiki.
23
+
24
+ [RFC 7748]: https://tools.ietf.org/html/rfc7748
25
+ [STREAM]: https://github.com/miscreant/miscreant/wiki/STREAM
26
+ [Miscreant]: https://github.com/miscreant/miscreant
27
+ [AES-SIV]: https://github.com/miscreant/miscreant/wiki/AES-SIV
28
+ [AES-PMAC-SIV]: https://github.com/miscreant/miscreant/wiki/AES-PMAC-SIV
29
+
30
+ ## Help and Discussion
31
+
32
+ Have questions? Want to suggest a feature or change?
33
+
34
+ * [Gitter]: web-based chat about miscreant projects including **miscreant.rb**
35
+ * [Google Group]: join via web or email ([miscreant-crypto+subscribe@googlegroups.com])
36
+
37
+ [Gitter]: https://gitter.im/miscreant/Lobby
38
+ [Google Group]: https://groups.google.com/forum/#!forum/miscreant-crypto
39
+ [miscreant-crypto+subscribe@googlegroups.com]: mailto:miscreant-crypto+subscribe@googlegroups.com?subject=subscribe
40
+
41
+ ## Security Notice
42
+
43
+ Though this library is written by cryptographic professionals, it has not
44
+ undergone a thorough security audit, and cryptographic professionals are still
45
+ humans that make mistakes.
46
+
47
+ Use this library at your own risk.
48
+
49
+ ## Requirements
50
+
51
+ This library is tested against the following MRI versions:
52
+
53
+ - 2.2
54
+ - 2.3
55
+ - 2.4
56
+ - 2.5
57
+
58
+ Other Ruby versions may work, but are not officially supported.
4
59
 
5
60
  ## Installation
6
61
 
@@ -18,11 +73,35 @@ Or install it yourself as:
18
73
 
19
74
  $ gem install xstream
20
75
 
21
- ## Usage
76
+ ## Documentation
77
+
78
+ [Please see the XSTREAM Wiki](https://github.com/miscreant/xstream/wiki/Ruby-Documentation)
79
+ for API documentation.
80
+
81
+ [Yard documentation][docs-link] is also available.
82
+
83
+ ## Code of Conduct
84
+
85
+ We abide by the [Contributor Covenant][cc] and ask that you do as well.
22
86
 
23
- TODO: Write usage instructions here
87
+ For more information, please see [CODE_OF_CONDUCT.md].
88
+
89
+ [cc]: https://contributor-covenant.org
90
+ [CODE_OF_CONDUCT.md]: https://github.com/miscreant/xstream/blob/master/CODE_OF_CONDUCT.md
24
91
 
25
92
  ## Contributing
26
93
 
27
94
  Bug reports and pull requests are welcome on GitHub at https://github.com/miscreant/xstream.
28
95
 
96
+ ## License
97
+
98
+ Copyright (c) 2017 [The Miscreant Developers][AUTHORS].
99
+
100
+ All XSTREAM libraries are licensed under either of:
101
+
102
+ * Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0)
103
+ * MIT license ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT)
104
+
105
+ at your option.
106
+
107
+ [AUTHORS]: https://github.com/miscreant/miscreant/blob/master/AUTHORS.md
data/ci.sh ADDED
@@ -0,0 +1,6 @@
1
+ #!/bin/bash
2
+
3
+ set -e
4
+
5
+ bundle
6
+ bundle exec rake
@@ -1,5 +1,21 @@
1
+ # encoding: binary
2
+ # frozen_string_literal: true
3
+
1
4
  require "xstream/version"
2
5
 
6
+ require "securerandom"
7
+
8
+ require "hkdf"
9
+ require "miscreant"
10
+ require "x25519"
11
+
12
+ require "xstream/x25519hkdf"
13
+
3
14
  # Public key encryption system combining X25519 Diffie-Hellman with the STREAM construction
4
15
  module XStream
16
+ # STREAM nonce of all zeroes (since we always derive a unique key per STREAM)
17
+ NONCE = "\0\0\0\0\0\0\0\0".freeze
18
+
19
+ # Default XSTREAM encryptor type
20
+ Encryptor = X25519HKDF::Encryptor
5
21
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module XStream
2
- VERSION = "0.0.0".freeze
4
+ VERSION = "0.1.0".freeze
3
5
  end
@@ -0,0 +1,94 @@
1
+ # encoding: binary
2
+ # frozen_string_literal: true
3
+
4
+ module XStream
5
+ # XSTREAM with X25519 key agreement and HKDF as the key derivation function
6
+ module X25519HKDF
7
+ # Domain separation string passed as HKDF info
8
+ HKDF_INFO = "XSTREAM_X25519_HKDF".freeze
9
+
10
+ # Size of an AES-128 key * 2 (for SIV mode)
11
+ SYMMETRIC_KEY_SIZE = 32
12
+
13
+ # XSTREAM encryptor with X25519+HKDF key derivation
14
+ class Encryptor < ::Miscreant::STREAM::Encryptor
15
+ # Generate an XSTREAM encryptor object with a random ephemeral key
16
+ #
17
+ # @param public_key [String] 32-byte X25519 public key (i.e. compressed Montgomery-u coordinate)
18
+ # @param encryption_alg [String] symmetric encryption algorithm to use with STREAM (default `"AES-PMAC-SIV"`)
19
+ # @param digest_alg [String] digest algorithm to use with HKDF (default `"SHA256"`)
20
+ # @param salt [String] (optional) salt value to pass to HKDF
21
+ # @param csrng [#random_bytes] secure RNG to use to derive ephemeral X25519 key (default `SecureRandom`)
22
+ #
23
+ # @return [Array(XStream::X25519HKDF, String)] STREAM encryptor and ephemeral public key
24
+ def self.generate(
25
+ public_key,
26
+ encryption_alg: "AES-PMAC-SIV",
27
+ digest_alg: "SHA-256",
28
+ salt: nil,
29
+ csrng: SecureRandom
30
+ )
31
+ ephemeral_scalar = csrng.random_bytes(::X25519::KEY_SIZE)
32
+ ephemeral_public = ::X25519.calculate_public_key(ephemeral_scalar)
33
+
34
+ symmetric_key = X25519HKDF.kdf(
35
+ ephemeral_scalar,
36
+ public_key,
37
+ salt: salt,
38
+ digest_alg: digest_alg,
39
+ output_size: SYMMETRIC_KEY_SIZE
40
+ )
41
+
42
+ stream = new(encryption_alg, symmetric_key, XStream::NONCE)
43
+ [stream, ephemeral_public]
44
+ end
45
+ end
46
+
47
+ # XSTREAM decryptor class with X25519+HKDF key derivation
48
+ class Decryptor < ::Miscreant::STREAM::Decryptor
49
+ # Create an XSTREAM decryptor object using our private key and an ephemeral public key
50
+ #
51
+ # @param private_key [String] 32-byte X25519 private key (i.e. private scalar)
52
+ # @param ephemeral_public [String] 32-byte X25519 ephemeral public key from XSTREAM encryption
53
+ # @param encryption_alg [String] symmetric encryption algorithm to use with STREAM (default `"AES-PMAC-SIV"`)
54
+ # @param digest_alg [String] digest algorithm to use with HKDF (default `"SHA256"`)
55
+ # @param salt [String] (optional) salt value to pass to HKDF
56
+ def initialize(
57
+ private_key,
58
+ ephemeral_public,
59
+ encryption_alg: "AES-PMAC-SIV",
60
+ digest_alg: "SHA-256",
61
+ salt: nil
62
+ )
63
+ # Perform an X25519 elliptic curve Diffie-Hellman operation and use
64
+ # the resulting shared secret to derive a symmetric key (using HKDF)
65
+ symmetric_key = X25519HKDF.kdf(
66
+ private_key,
67
+ ephemeral_public,
68
+ salt: salt,
69
+ digest_alg: digest_alg,
70
+ output_size: SYMMETRIC_KEY_SIZE
71
+ )
72
+
73
+ super(encryption_alg, symmetric_key, XStream::NONCE)
74
+ end
75
+ end
76
+
77
+ # Derive a symmetric encryption key from the combination of a public and
78
+ # private key and salt using X25519 D-H and HKDF
79
+ def self.kdf(private_key, public_key, output_size:, salt: nil, digest_alg: "SHA-256")
80
+ raise ArgumentError, "invalid digest_alg: #{digest_alg}" unless digest_alg == "SHA-256"
81
+
82
+ # Use X25519 to compute a shared secret
83
+ shared_secret = X25519.diffie_hellman(private_key, public_key)
84
+
85
+ # Use HKDF to derive a symmetric encryption key from the shared secret
86
+ ::HKDF.new(
87
+ shared_secret,
88
+ salt: salt,
89
+ info: HKDF_INFO,
90
+ algorithm: "SHA256"
91
+ ).next_bytes(output_size)
92
+ end
93
+ end
94
+ end
@@ -20,5 +20,10 @@ Gem::Specification.new do |spec|
20
20
  spec.require_paths = ["lib"]
21
21
 
22
22
  spec.required_ruby_version = ">= 2.2.2"
23
+
24
+ spec.add_runtime_dependency "hkdf", "~> 0.3"
25
+ spec.add_runtime_dependency "miscreant", "~> 0.3"
26
+ spec.add_runtime_dependency "x25519", "~> 1.0"
27
+
23
28
  spec.add_development_dependency "bundler", "~> 1.16"
24
29
  end
metadata CHANGED
@@ -1,15 +1,57 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: xstream
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.0
4
+ version: 0.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tony Arcieri
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-12-14 00:00:00.000000000 Z
11
+ date: 2018-01-05 00:00:00.000000000 Z
12
12
  dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: hkdf
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '0.3'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '0.3'
27
+ - !ruby/object:Gem::Dependency
28
+ name: miscreant
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '0.3'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '0.3'
41
+ - !ruby/object:Gem::Dependency
42
+ name: x25519
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '1.0'
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '1.0'
13
55
  - !ruby/object:Gem::Dependency
14
56
  name: bundler
15
57
  requirement: !ruby/object:Gem::Requirement
@@ -39,8 +81,10 @@ files:
39
81
  - Gemfile
40
82
  - README.md
41
83
  - Rakefile
84
+ - ci.sh
42
85
  - lib/xstream.rb
43
86
  - lib/xstream/version.rb
87
+ - lib/xstream/x25519hkdf.rb
44
88
  - xstream.gemspec
45
89
  homepage: https://github.com/miscreant/xstream/
46
90
  licenses: []
@@ -61,7 +105,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
61
105
  version: '0'
62
106
  requirements: []
63
107
  rubyforge_project:
64
- rubygems_version: 2.6.13
108
+ rubygems_version: 2.7.4
65
109
  signing_key:
66
110
  specification_version: 4
67
111
  summary: Public key encryption system combining X25519 Diffie-Hellman with the STREAM