xstream 0.0.0 → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.gitignore +1 -0
- data/.rspec +2 -1
- data/.rubocop.yml +14 -7
- data/Gemfile +4 -3
- data/README.md +83 -4
- data/ci.sh +6 -0
- data/lib/xstream.rb +16 -0
- data/lib/xstream/version.rb +3 -1
- data/lib/xstream/x25519hkdf.rb +94 -0
- data/xstream.gemspec +5 -0
- metadata +47 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 869cb2a3a6326ac15f6711049d9e8a47cb801d5d5cba5850274558e34fc7ddef
|
|
4
|
+
data.tar.gz: 7d21c47213ec45151b556eea0ddbddf4b0fefcd2093464d6fbff42abadb40543
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c1f0e99de71f5d377ebaa83dba2f466407dc880e429c4573639ab5af62841d89060a900342f4fdd3fb9c1be67147fb29d96b11e39c71708878dfa2ef8a9976a2
|
|
7
|
+
data.tar.gz: cc2a84038f14803c81671838cf86710912f7e02821ad2a01d900a7e61e059bc204c6eeca179ce5fc87f4ee00c2cf16943a650f0c09a4105283eedf80f9f342db
|
data/.gitignore
CHANGED
data/.rspec
CHANGED
data/.rubocop.yml
CHANGED
|
@@ -1,13 +1,7 @@
|
|
|
1
1
|
AllCops:
|
|
2
|
+
TargetRubyVersion: 2.2
|
|
2
3
|
DisplayCopNames: true
|
|
3
4
|
|
|
4
|
-
#
|
|
5
|
-
# Style
|
|
6
|
-
#
|
|
7
|
-
|
|
8
|
-
Style/StringLiterals:
|
|
9
|
-
EnforcedStyle: double_quotes
|
|
10
|
-
|
|
11
5
|
#
|
|
12
6
|
# Metrics
|
|
13
7
|
#
|
|
@@ -15,6 +9,9 @@ Style/StringLiterals:
|
|
|
15
9
|
Metrics/AbcSize:
|
|
16
10
|
Enabled: false
|
|
17
11
|
|
|
12
|
+
Metrics/BlockLength:
|
|
13
|
+
Max: 100
|
|
14
|
+
|
|
18
15
|
Metrics/CyclomaticComplexity:
|
|
19
16
|
Enabled: false
|
|
20
17
|
|
|
@@ -29,3 +26,13 @@ Metrics/LineLength:
|
|
|
29
26
|
|
|
30
27
|
Metrics/MethodLength:
|
|
31
28
|
Max: 25
|
|
29
|
+
|
|
30
|
+
#
|
|
31
|
+
# Style
|
|
32
|
+
#
|
|
33
|
+
|
|
34
|
+
Style/FrozenStringLiteralComment:
|
|
35
|
+
Enabled: true
|
|
36
|
+
|
|
37
|
+
Style/StringLiterals:
|
|
38
|
+
EnforcedStyle: double_quotes
|
data/Gemfile
CHANGED
|
@@ -5,7 +5,8 @@ source "https://rubygems.org"
|
|
|
5
5
|
gemspec
|
|
6
6
|
|
|
7
7
|
group :development, :test do
|
|
8
|
-
gem "rake"
|
|
9
|
-
gem "rspec",
|
|
10
|
-
gem "rubocop", "0.
|
|
8
|
+
gem "rake", require: false
|
|
9
|
+
gem "rspec", "~> 3.7", require: false
|
|
10
|
+
gem "rubocop", "0.52.0", require: false
|
|
11
|
+
gem "tjson", "~> 0.5", require: false
|
|
11
12
|
end
|
data/README.md
CHANGED
|
@@ -1,6 +1,61 @@
|
|
|
1
|
-
# xstream.rb
|
|
1
|
+
# xstream.rb [![Latest Version][gem-shield]][gem-link] [![Build Status][build-image]][build-link] [![Yard Docs][docs-image]][docs-link] [![MIT licensed][license-image]][license-link] [![Gitter Chat][gitter-image]][gitter-link]
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
[gem-shield]: https://badge.fury.io/rb/xstream.svg
|
|
4
|
+
[gem-link]: https://rubygems.org/gems/xstream
|
|
5
|
+
[build-image]: https://secure.travis-ci.org/miscreant/xstream.svg?branch=master
|
|
6
|
+
[build-link]: http://travis-ci.org/miscreant/xstream
|
|
7
|
+
[docs-image]: https://img.shields.io/badge/yard-docs-blue.svg
|
|
8
|
+
[docs-link]: http://www.rubydoc.info/gems/xstream/0.0.0
|
|
9
|
+
[license-image]: https://img.shields.io/badge/license-MIT/Apache2.0-blue.svg
|
|
10
|
+
[license-link]: https://github.com/miscreant/xstream#license
|
|
11
|
+
[gitter-image]: https://badges.gitter.im/badge.svg
|
|
12
|
+
[gitter-link]: https://gitter.im/miscreant/Lobby
|
|
13
|
+
|
|
14
|
+
**XSTREAM** (pronounced *"extreme!"*) is a public key encryption system combining
|
|
15
|
+
X25519 Elliptic Curve Diffie-Hellman ([RFC 7748]) with the [STREAM] construction.
|
|
16
|
+
|
|
17
|
+
The implementations in this repository are built on top of the
|
|
18
|
+
[Miscreant] misuse-resistant symmetric encryption library, which provides
|
|
19
|
+
the [AES-SIV] and [AES-PMAC-SIV] algorithms.
|
|
20
|
+
|
|
21
|
+
[More information on XSTREAM](https://github.com/miscreant/xstream/wiki/XSTREAM)
|
|
22
|
+
is available in the Wiki.
|
|
23
|
+
|
|
24
|
+
[RFC 7748]: https://tools.ietf.org/html/rfc7748
|
|
25
|
+
[STREAM]: https://github.com/miscreant/miscreant/wiki/STREAM
|
|
26
|
+
[Miscreant]: https://github.com/miscreant/miscreant
|
|
27
|
+
[AES-SIV]: https://github.com/miscreant/miscreant/wiki/AES-SIV
|
|
28
|
+
[AES-PMAC-SIV]: https://github.com/miscreant/miscreant/wiki/AES-PMAC-SIV
|
|
29
|
+
|
|
30
|
+
## Help and Discussion
|
|
31
|
+
|
|
32
|
+
Have questions? Want to suggest a feature or change?
|
|
33
|
+
|
|
34
|
+
* [Gitter]: web-based chat about miscreant projects including **miscreant.rb**
|
|
35
|
+
* [Google Group]: join via web or email ([miscreant-crypto+subscribe@googlegroups.com])
|
|
36
|
+
|
|
37
|
+
[Gitter]: https://gitter.im/miscreant/Lobby
|
|
38
|
+
[Google Group]: https://groups.google.com/forum/#!forum/miscreant-crypto
|
|
39
|
+
[miscreant-crypto+subscribe@googlegroups.com]: mailto:miscreant-crypto+subscribe@googlegroups.com?subject=subscribe
|
|
40
|
+
|
|
41
|
+
## Security Notice
|
|
42
|
+
|
|
43
|
+
Though this library is written by cryptographic professionals, it has not
|
|
44
|
+
undergone a thorough security audit, and cryptographic professionals are still
|
|
45
|
+
humans that make mistakes.
|
|
46
|
+
|
|
47
|
+
Use this library at your own risk.
|
|
48
|
+
|
|
49
|
+
## Requirements
|
|
50
|
+
|
|
51
|
+
This library is tested against the following MRI versions:
|
|
52
|
+
|
|
53
|
+
- 2.2
|
|
54
|
+
- 2.3
|
|
55
|
+
- 2.4
|
|
56
|
+
- 2.5
|
|
57
|
+
|
|
58
|
+
Other Ruby versions may work, but are not officially supported.
|
|
4
59
|
|
|
5
60
|
## Installation
|
|
6
61
|
|
|
@@ -18,11 +73,35 @@ Or install it yourself as:
|
|
|
18
73
|
|
|
19
74
|
$ gem install xstream
|
|
20
75
|
|
|
21
|
-
##
|
|
76
|
+
## Documentation
|
|
77
|
+
|
|
78
|
+
[Please see the XSTREAM Wiki](https://github.com/miscreant/xstream/wiki/Ruby-Documentation)
|
|
79
|
+
for API documentation.
|
|
80
|
+
|
|
81
|
+
[Yard documentation][docs-link] is also available.
|
|
82
|
+
|
|
83
|
+
## Code of Conduct
|
|
84
|
+
|
|
85
|
+
We abide by the [Contributor Covenant][cc] and ask that you do as well.
|
|
22
86
|
|
|
23
|
-
|
|
87
|
+
For more information, please see [CODE_OF_CONDUCT.md].
|
|
88
|
+
|
|
89
|
+
[cc]: https://contributor-covenant.org
|
|
90
|
+
[CODE_OF_CONDUCT.md]: https://github.com/miscreant/xstream/blob/master/CODE_OF_CONDUCT.md
|
|
24
91
|
|
|
25
92
|
## Contributing
|
|
26
93
|
|
|
27
94
|
Bug reports and pull requests are welcome on GitHub at https://github.com/miscreant/xstream.
|
|
28
95
|
|
|
96
|
+
## License
|
|
97
|
+
|
|
98
|
+
Copyright (c) 2017 [The Miscreant Developers][AUTHORS].
|
|
99
|
+
|
|
100
|
+
All XSTREAM libraries are licensed under either of:
|
|
101
|
+
|
|
102
|
+
* Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0)
|
|
103
|
+
* MIT license ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT)
|
|
104
|
+
|
|
105
|
+
at your option.
|
|
106
|
+
|
|
107
|
+
[AUTHORS]: https://github.com/miscreant/miscreant/blob/master/AUTHORS.md
|
data/lib/xstream.rb
CHANGED
|
@@ -1,5 +1,21 @@
|
|
|
1
|
+
# encoding: binary
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
1
4
|
require "xstream/version"
|
|
2
5
|
|
|
6
|
+
require "securerandom"
|
|
7
|
+
|
|
8
|
+
require "hkdf"
|
|
9
|
+
require "miscreant"
|
|
10
|
+
require "x25519"
|
|
11
|
+
|
|
12
|
+
require "xstream/x25519hkdf"
|
|
13
|
+
|
|
3
14
|
# Public key encryption system combining X25519 Diffie-Hellman with the STREAM construction
|
|
4
15
|
module XStream
|
|
16
|
+
# STREAM nonce of all zeroes (since we always derive a unique key per STREAM)
|
|
17
|
+
NONCE = "\0\0\0\0\0\0\0\0".freeze
|
|
18
|
+
|
|
19
|
+
# Default XSTREAM encryptor type
|
|
20
|
+
Encryptor = X25519HKDF::Encryptor
|
|
5
21
|
end
|
data/lib/xstream/version.rb
CHANGED
|
@@ -0,0 +1,94 @@
|
|
|
1
|
+
# encoding: binary
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
module XStream
|
|
5
|
+
# XSTREAM with X25519 key agreement and HKDF as the key derivation function
|
|
6
|
+
module X25519HKDF
|
|
7
|
+
# Domain separation string passed as HKDF info
|
|
8
|
+
HKDF_INFO = "XSTREAM_X25519_HKDF".freeze
|
|
9
|
+
|
|
10
|
+
# Size of an AES-128 key * 2 (for SIV mode)
|
|
11
|
+
SYMMETRIC_KEY_SIZE = 32
|
|
12
|
+
|
|
13
|
+
# XSTREAM encryptor with X25519+HKDF key derivation
|
|
14
|
+
class Encryptor < ::Miscreant::STREAM::Encryptor
|
|
15
|
+
# Generate an XSTREAM encryptor object with a random ephemeral key
|
|
16
|
+
#
|
|
17
|
+
# @param public_key [String] 32-byte X25519 public key (i.e. compressed Montgomery-u coordinate)
|
|
18
|
+
# @param encryption_alg [String] symmetric encryption algorithm to use with STREAM (default `"AES-PMAC-SIV"`)
|
|
19
|
+
# @param digest_alg [String] digest algorithm to use with HKDF (default `"SHA256"`)
|
|
20
|
+
# @param salt [String] (optional) salt value to pass to HKDF
|
|
21
|
+
# @param csrng [#random_bytes] secure RNG to use to derive ephemeral X25519 key (default `SecureRandom`)
|
|
22
|
+
#
|
|
23
|
+
# @return [Array(XStream::X25519HKDF, String)] STREAM encryptor and ephemeral public key
|
|
24
|
+
def self.generate(
|
|
25
|
+
public_key,
|
|
26
|
+
encryption_alg: "AES-PMAC-SIV",
|
|
27
|
+
digest_alg: "SHA-256",
|
|
28
|
+
salt: nil,
|
|
29
|
+
csrng: SecureRandom
|
|
30
|
+
)
|
|
31
|
+
ephemeral_scalar = csrng.random_bytes(::X25519::KEY_SIZE)
|
|
32
|
+
ephemeral_public = ::X25519.calculate_public_key(ephemeral_scalar)
|
|
33
|
+
|
|
34
|
+
symmetric_key = X25519HKDF.kdf(
|
|
35
|
+
ephemeral_scalar,
|
|
36
|
+
public_key,
|
|
37
|
+
salt: salt,
|
|
38
|
+
digest_alg: digest_alg,
|
|
39
|
+
output_size: SYMMETRIC_KEY_SIZE
|
|
40
|
+
)
|
|
41
|
+
|
|
42
|
+
stream = new(encryption_alg, symmetric_key, XStream::NONCE)
|
|
43
|
+
[stream, ephemeral_public]
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
# XSTREAM decryptor class with X25519+HKDF key derivation
|
|
48
|
+
class Decryptor < ::Miscreant::STREAM::Decryptor
|
|
49
|
+
# Create an XSTREAM decryptor object using our private key and an ephemeral public key
|
|
50
|
+
#
|
|
51
|
+
# @param private_key [String] 32-byte X25519 private key (i.e. private scalar)
|
|
52
|
+
# @param ephemeral_public [String] 32-byte X25519 ephemeral public key from XSTREAM encryption
|
|
53
|
+
# @param encryption_alg [String] symmetric encryption algorithm to use with STREAM (default `"AES-PMAC-SIV"`)
|
|
54
|
+
# @param digest_alg [String] digest algorithm to use with HKDF (default `"SHA256"`)
|
|
55
|
+
# @param salt [String] (optional) salt value to pass to HKDF
|
|
56
|
+
def initialize(
|
|
57
|
+
private_key,
|
|
58
|
+
ephemeral_public,
|
|
59
|
+
encryption_alg: "AES-PMAC-SIV",
|
|
60
|
+
digest_alg: "SHA-256",
|
|
61
|
+
salt: nil
|
|
62
|
+
)
|
|
63
|
+
# Perform an X25519 elliptic curve Diffie-Hellman operation and use
|
|
64
|
+
# the resulting shared secret to derive a symmetric key (using HKDF)
|
|
65
|
+
symmetric_key = X25519HKDF.kdf(
|
|
66
|
+
private_key,
|
|
67
|
+
ephemeral_public,
|
|
68
|
+
salt: salt,
|
|
69
|
+
digest_alg: digest_alg,
|
|
70
|
+
output_size: SYMMETRIC_KEY_SIZE
|
|
71
|
+
)
|
|
72
|
+
|
|
73
|
+
super(encryption_alg, symmetric_key, XStream::NONCE)
|
|
74
|
+
end
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
# Derive a symmetric encryption key from the combination of a public and
|
|
78
|
+
# private key and salt using X25519 D-H and HKDF
|
|
79
|
+
def self.kdf(private_key, public_key, output_size:, salt: nil, digest_alg: "SHA-256")
|
|
80
|
+
raise ArgumentError, "invalid digest_alg: #{digest_alg}" unless digest_alg == "SHA-256"
|
|
81
|
+
|
|
82
|
+
# Use X25519 to compute a shared secret
|
|
83
|
+
shared_secret = X25519.diffie_hellman(private_key, public_key)
|
|
84
|
+
|
|
85
|
+
# Use HKDF to derive a symmetric encryption key from the shared secret
|
|
86
|
+
::HKDF.new(
|
|
87
|
+
shared_secret,
|
|
88
|
+
salt: salt,
|
|
89
|
+
info: HKDF_INFO,
|
|
90
|
+
algorithm: "SHA256"
|
|
91
|
+
).next_bytes(output_size)
|
|
92
|
+
end
|
|
93
|
+
end
|
|
94
|
+
end
|
data/xstream.gemspec
CHANGED
|
@@ -20,5 +20,10 @@ Gem::Specification.new do |spec|
|
|
|
20
20
|
spec.require_paths = ["lib"]
|
|
21
21
|
|
|
22
22
|
spec.required_ruby_version = ">= 2.2.2"
|
|
23
|
+
|
|
24
|
+
spec.add_runtime_dependency "hkdf", "~> 0.3"
|
|
25
|
+
spec.add_runtime_dependency "miscreant", "~> 0.3"
|
|
26
|
+
spec.add_runtime_dependency "x25519", "~> 1.0"
|
|
27
|
+
|
|
23
28
|
spec.add_development_dependency "bundler", "~> 1.16"
|
|
24
29
|
end
|
metadata
CHANGED
|
@@ -1,15 +1,57 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: xstream
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tony Arcieri
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2018-01-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: hkdf
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - "~>"
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '0.3'
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - "~>"
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: '0.3'
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: miscreant
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - "~>"
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: '0.3'
|
|
34
|
+
type: :runtime
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - "~>"
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: '0.3'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: x25519
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - "~>"
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: '1.0'
|
|
48
|
+
type: :runtime
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - "~>"
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: '1.0'
|
|
13
55
|
- !ruby/object:Gem::Dependency
|
|
14
56
|
name: bundler
|
|
15
57
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -39,8 +81,10 @@ files:
|
|
|
39
81
|
- Gemfile
|
|
40
82
|
- README.md
|
|
41
83
|
- Rakefile
|
|
84
|
+
- ci.sh
|
|
42
85
|
- lib/xstream.rb
|
|
43
86
|
- lib/xstream/version.rb
|
|
87
|
+
- lib/xstream/x25519hkdf.rb
|
|
44
88
|
- xstream.gemspec
|
|
45
89
|
homepage: https://github.com/miscreant/xstream/
|
|
46
90
|
licenses: []
|
|
@@ -61,7 +105,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
61
105
|
version: '0'
|
|
62
106
|
requirements: []
|
|
63
107
|
rubyforge_project:
|
|
64
|
-
rubygems_version: 2.
|
|
108
|
+
rubygems_version: 2.7.4
|
|
65
109
|
signing_key:
|
|
66
110
|
specification_version: 4
|
|
67
111
|
summary: Public key encryption system combining X25519 Diffie-Hellman with the STREAM
|