zwiebel 0.0.3 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a178968188ad9e5311134ddd77ecba849f4f8708da9580800e55053f7e459355
-  data.tar.gz: 8bed48748a9f51a1236493e63c4b808d6e9ee55c621db83eb58b2b62cedc87e5
+  metadata.gz: a8bf194bb0d78b479d0b88fe66545f06108cd9180b9d7be9644b5c517f8935cb
+  data.tar.gz: fcbe181944b14678dccae2b87eda1539d637980c39bf6157e7b51ce774e35666
 SHA512:
-  metadata.gz: f98941b8129bc0ad692a8a17e780311accafe7be99e62a056f6c2b831e2633dbf76fa643ddd8f593a4d89fe22fac18e243c8e75ecc5213624d315cbd4c0dde9a
-  data.tar.gz: 7ed879c1236fb10f54a672041878ad64f63a8175a45dcf9b4556f3203ae84a9e69e73ae1beb5fbda5d1e1075f395c0aaf372f80ef9954c0e016cf5053ec06357
+  metadata.gz: 56158c5fe35b4f6fdba0c69c9ee4f897d5cb37d942fc64d4f4b3c9676ddd22cb3b7cd6c5ad0f7914656f55274531e99e3ed6361dfe792fe2fe5dd824140a40ce
+  data.tar.gz: 8fa7d94d7c4d4f81454a5c1802ff7a87b056a65e7f74e9afbde49c9477e880b527dc830061525f7c63d0eb3943ea6d27d821bf9fde63ddef08e38d9642685584

data/lib/zwiebel/control.rb

@@ -1,4 +1,4 @@
-# Copyright 2023, Kurt Meyerhofer
+# Copyright 2023-2024, Kurt Meyerhofer
 # This file is part of zwiebel.
 
 # zwiebel is free software: you can redistribute it and/or modify it under the terms of
@@ -15,7 +15,7 @@
 
 module Zwiebel
   class Control
-    attr_accessor :cookie, :host, :port
+    attr_accessor :cookie, :host, :port, :socket
 
     def initialize(host: "127.0.0.1", port: 9051, cookie: nil)
       @host = host

data/lib/zwiebel/ed25519_certificate.rb

@@ -0,0 +1,83 @@
+# Copyright 2023-2024, Kurt Meyerhofer
+# This file is part of zwiebel.
+
+# zwiebel is free software: you can redistribute it and/or modify it under the terms of
+# the GNU Lesser General Public License as published by the Free Software Foundation,
+# either version 3 of the License, or (at your option) any later version.
+
+# zwiebel is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for
+# more details.
+
+# You should have received a copy of the GNU Lesser General Public License along with zwiebel.
+# If not, see <https://www.gnu.org/licenses/>.
+
+module Zwiebel
+  class Ed25519Certificate
+    Extension = Struct.new(:data, :extension_type, :flags)
+    KEY_LENGTH = 32
+    HEADER_LENGTH = 40
+    SIGNATURE_LENGTH = 64
+    attr_accessor :cert_type, :descriptor_data, :extension_data_with_header, :extensions, :expiration_hours, :expires, :key, :signature, :version
+
+    def initialize(descriptor_data:)
+      @descriptor_data = descriptor_data
+      @extensions = []
+      unpack
+    end
+
+    def unpack
+      content = descriptor_data.gsub("-----BEGIN ED25519 CERT-----\n", "").gsub("\n-----END ED25519 CERT-----", "")
+      base64_decoded = Base64.decode64(content)
+
+      if base64_decoded.length < HEADER_LENGTH + SIGNATURE_LENGTH
+        raise ContentLengthError, "certificate should be at least #{HEADER_LENGTH + SIGNATURE_LENGTH} bytes"
+      end
+      @signature = base64_decoded.byteslice((base64_decoded.length - SIGNATURE_LENGTH)..-1)
+      index = 0
+      @version = base64_decoded.byteslice(index, 1).unpack1("C")
+      index += 1
+      @cert_type = base64_decoded.byteslice(index, 1).unpack1("C")
+      index += 1
+      @expiration_hours = base64_decoded.byteslice(index, 4).unpack1("L>") * 3600
+      index += 4
+      key_type = base64_decoded.byteslice(index, 1)
+      index += 1
+      @key = base64_decoded.byteslice(index, KEY_LENGTH)
+      index += KEY_LENGTH
+      extension_count = base64_decoded.byteslice(index, 1)
+      index += 1
+      @extension_data_with_header = base64_decoded.byteslice(index..-(SIGNATURE_LENGTH + 1))
+      @expires = Time.at(@expiration_hours).getutc
+
+      index = 0
+      extension_count.unpack1("C").times do
+        data_size = extension_data_with_header.byteslice(index, 2).unpack1("S>*")
+        index += 2
+        extension_type = extension_data_with_header.byteslice(index, 1).unpack1("C")
+        index += 1
+        flags = extension_data_with_header.byteslice(index, 1).unpack1("C")
+        index += 1
+        data = extension_data_with_header.byteslice(index, data_size)
+        index += data_size
+        extensions.push(Extension.new(data, extension_type, flags))
+      end
+    end
+
+    def extension_data
+      extension_data_with_header.byteslice(4..-1)
+    end
+
+    def signing_key
+      k = extensions.select do |extension|
+        extension.extension_type == 4
+      end.first
+      k&.data
+    end
+
+    def expired?
+      expiration_hours < Time.now.to_i
+    end
+  end
+end

data/lib/zwiebel/errors.rb

@@ -0,0 +1,28 @@
+# Copyright 2023-2024, Kurt Meyerhofer
+# This file is part of zwiebel.
+
+# zwiebel is free software: you can redistribute it and/or modify it under the terms of
+# the GNU Lesser General Public License as published by the Free Software Foundation,
+# either version 3 of the License, or (at your option) any later version.
+
+# zwiebel is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for
+# more details.
+
+# You should have received a copy of the GNU Lesser General Public License along with zwiebel.
+# If not, see <https://www.gnu.org/licenses/>.
+
+module Zwiebel
+  class ContentLengthError < StandardError
+  end
+
+  class DataError < StandardError
+  end
+
+  class FileReadError < StandardError
+  end
+
+  class InvalidAddressError < StandardError
+  end
+end

data/lib/zwiebel/hidden_service/descriptor.rb

@@ -0,0 +1,83 @@
+# Copyright 2023 - 2024, Kurt Meyerhofer
+# This file is part of zwiebel.
+
+# zwiebel is free software: you can redistribute it and/or modify it under the terms of
+# the GNU Lesser General Public License as published by the Free Software Foundation,
+# either version 3 of the License, or (at your option) any later version.
+
+# zwiebel is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for
+# more details.
+
+# You should have received a copy of the GNU Lesser General Public License along with zwiebel.
+# If not, see <https://www.gnu.org/licenses/>.
+
+module Zwiebel
+  module HiddenService
+    class Descriptor
+      FIELDS = %w(hs-descriptor descriptor-lifetime descriptor-signing-key-cert revision-counter superencrypted signature).freeze
+      attr_accessor :certificate, :string
+
+      def initialize(string:)
+        @string = string
+        parse
+        @certificate = Ed25519Certificate.new(descriptor_data: descriptor_signing_key_cert)
+      end
+
+      def parse
+        @hs_descriptor = {}
+        descriptor_current_field = nil
+        string.each_line do |line|
+          line_field = line.split(" ")[0]
+          if FIELDS.include?(line_field)
+            descriptor_current_field = line_field
+
+            if @hs_descriptor[descriptor_current_field].nil? && !line.split(" ")[1..-1].nil?
+              @hs_descriptor[descriptor_current_field] = line.split(" ")[1..-1].join(" ")
+            else
+              @hs_descriptor[descriptor_current_field] = ""
+            end
+          else
+            hs_descriptor_value = @hs_descriptor[descriptor_current_field]
+
+            if hs_descriptor_value.nil?
+              @hs_descriptor[descriptor_current_field] = line
+            else
+              @hs_descriptor[descriptor_current_field] = hs_descriptor_value + line
+            end
+          end
+        end
+      end
+
+      def hs_descriptor
+        @hs_descriptor["hs-descriptor"]&.to_i
+      end
+
+      def descriptor_lifetime
+        @hs_descriptor["descriptor-lifetime"]&.to_i
+      end
+
+      def descriptor_signing_key_cert
+        @hs_descriptor["descriptor-signing-key-cert"]
+      end
+
+      def revision_counter
+        @hs_descriptor["revision-counter"]&.to_i
+      end
+
+      def superencrypted
+        @hs_descriptor["superencrypted"]
+      end
+
+      def signature
+        @hs_descriptor["signature"]
+      end
+
+      def subcredential(identity_public_key)
+        credential = OpenSSL::Digest.digest("SHA3-256", "credential" + identity_public_key)
+        OpenSSL::Digest.digest("SHA3-256", "subcredential" + credential + certificate.signing_key)
+      end
+    end
+  end
+end

data/lib/zwiebel/hidden_service/inner_layer.rb

@@ -0,0 +1,81 @@
+# Copyright 2023 - 2024, Kurt Meyerhofer
+# This file is part of zwiebel.
+
+# zwiebel is free software: you can redistribute it and/or modify it under the terms of
+# the GNU Lesser General Public License as published by the Free Software Foundation,
+# either version 3 of the License, or (at your option) any later version.
+
+# zwiebel is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for
+# more details.
+
+# You should have received a copy of the GNU Lesser General Public License along with zwiebel.
+# If not, see <https://www.gnu.org/licenses/>.
+
+module Zwiebel
+  module HiddenService
+    class InnerLayer
+      FIELDS = %w(create2-formats intro-auth-required single-onion-service introduction-point).freeze
+      INTRODUCTION_POINT_FIELDS = %w(onion-key auth-key enc-key enc-key-cert legacy-key legacy-key-cert).freeze
+      attr_accessor :decrypted_data, :introduction_points
+
+      def initialize(decrypted_data:)
+        @decrypted_data = decrypted_data
+        @introduction_points = []
+        parse
+      end
+
+      def parse
+        @inner_layer = {}
+        layer_current_field = nil
+        current_introduction_point_data = nil
+        decrypted_data.each_line do |line|
+          line_field = line.split(" ")[0]
+
+          if FIELDS.include?(line_field)
+            layer_current_field = line_field
+            if layer_current_field == "introduction-point"
+              introduction_points.push(IntroductionPoint.new(data: current_introduction_point_data)) unless current_introduction_point_data.nil?
+              current_introduction_point_data = { layer_current_field => line.split(" ")[1] }
+            else
+              if @inner_layer[layer_current_field].nil? && !line.split(" ")[1..-1].nil?
+                @inner_layer[layer_current_field] = line.split(" ")[1..-1].join(" ")
+              elsif !@inner_layer[layer_current_field].nil? && !line.split(" ")[1..-1].nil?
+                @inner_layer[layer_current_field] += line.split(" ")[1..-1].join(" ")
+              elsif layer_current_field == "single-onion-service"
+                @inner_layer[layer_current_field] = true
+              else
+                @inner_layer[layer_current_field] = ""
+              end
+            end
+          elsif INTRODUCTION_POINT_FIELDS.include?(line_field) || INTRODUCTION_POINT_FIELDS.include?(layer_current_field)
+            layer_current_field = line_field unless !INTRODUCTION_POINT_FIELDS.include?(line_field)
+            if current_introduction_point_data[layer_current_field].nil?
+              current_introduction_point_data[layer_current_field] = line.split(" ")[1..-1].join(" ")
+            else
+              current_introduction_point_data[layer_current_field] += line
+            end
+          end
+        end
+        introduction_points.push(IntroductionPoint.new(data: current_introduction_point_data)) unless current_introduction_point_data.nil?
+      end
+
+      def create2_formats
+        @inner_layer["create2-formats"].to_i
+      end
+
+      def intro_auth_required
+        @inner_layer["intro-auth-required"]
+      end
+
+      def single_onion_service?
+        !!@inner_layer["single-onion-service"]
+      end
+
+      def encrypted
+        @inner_layer["encrypted"]
+      end
+    end
+  end
+end

data/lib/zwiebel/hidden_service/introduction_point.rb

@@ -0,0 +1,83 @@
+# Copyright 2023 - 2024, Kurt Meyerhofer
+# This file is part of zwiebel.
+
+# zwiebel is free software: you can redistribute it and/or modify it under the terms of
+# the GNU Lesser General Public License as published by the Free Software Foundation,
+# either version 3 of the License, or (at your option) any later version.
+
+# zwiebel is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for
+# more details.
+
+# You should have received a copy of the GNU Lesser General Public License along with zwiebel.
+# If not, see <https://www.gnu.org/licenses/>.
+
+module Zwiebel
+  module HiddenService
+    class IntroductionPoint
+      LinkSpecifier = Struct.new(:address, :fingerprint, :port)
+      attr_accessor :auth_key_ed25519, :link_specifiers, :enc_key_cert_ed25519
+
+      def initialize(data:)
+        @link_specifiers = []
+        @link_specifier  = data["introduction-point"]
+        @onion_key       = data["onion-key"]
+        @auth_key        = data["auth-key"]
+        @enc_key         = data["enc-key"]
+        @enc_key_cert    = data["enc-key-cert"]
+        @legacy_key      = data["legacy-key"]
+        @legacy_key_cert = data["legacy-key-cert"]
+        store_keys
+        decode_link_specifier
+      end
+
+      def onion_key
+        @onion_key&.gsub("ntor ", "")
+      end
+
+      def enc_key
+        @enc_key&.gsub("ntor ", "")
+      end
+
+      private
+
+      def store_keys
+        @auth_key_ed25519 = Ed25519Certificate.new(descriptor_data: @auth_key) unless @auth_key.nil?
+        @enc_key_cert_ed25519 = Ed25519Certificate.new(descriptor_data: @enc_key_cert) unless @enc_key_cert.nil?
+      end
+
+      def decode_link_specifier
+        content = Base64.decode64(@link_specifier)
+
+        index = 0
+        count = content.byteslice(index, 1)
+        index += 1
+
+        count.unpack1("C").times do |x|
+          type = content.byteslice(index, 1).unpack1("C")
+          index += 1
+          value_size = content.byteslice(index, 1).unpack1("C")
+          index += 1
+          value = content.byteslice(index, value_size)
+          index += value_size
+
+          if type == 0
+            address = value.byteslice(0, 4).bytes.join(".")
+            port = value.byteslice(4, 2).unpack1("S>*")
+            @link_specifiers.push(LinkSpecifier.new(address, nil, port))
+          elsif type == 1
+            address = (0..14).step(2).map do |x|
+              sprintf("%04x", value.byteslice(x, x + 2).unpack1("S>*"))
+            end.join(":")
+            port = value.byteslice(16, 2).unpack1("S>*")
+            @link_specifiers.push(LinkSpecifier.new(address, nil, port))
+          else
+            # Type 2, 3 and above
+            @link_specifiers.push(LinkSpecifier.new(nil, value, nil))
+          end
+        end
+      end
+    end
+  end
+end

data/lib/zwiebel/hidden_service/outer_layer.rb

@@ -0,0 +1,85 @@
+# Copyright 2023 - 2024, Kurt Meyerhofer
+# This file is part of zwiebel.
+
+# zwiebel is free software: you can redistribute it and/or modify it under the terms of
+# the GNU Lesser General Public License as published by the Free Software Foundation,
+# either version 3 of the License, or (at your option) any later version.
+
+# zwiebel is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for
+# more details.
+
+# You should have received a copy of the GNU Lesser General Public License along with zwiebel.
+# If not, see <https://www.gnu.org/licenses/>.
+
+module Zwiebel
+  module HiddenService
+    class OuterLayer
+      FIELDS = %w(desc-auth-type desc-auth-ephemeral-key auth-client encrypted).freeze
+      attr_accessor :decrypted_data
+
+      def initialize(decrypted_data:)
+        @decrypted_data = decrypted_data
+        parse
+      end
+
+      def parse
+        @outer_layer = {}
+        layer_current_field = nil
+        decrypted_data.gsub("\x00", "").each_line do |line|
+          line_field = line.split(" ")[0]
+          if FIELDS.include?(line_field)
+            layer_current_field = line_field
+            if layer_current_field == "auth-client"
+              if !@outer_layer[layer_current_field].nil?
+                _, client_id, iv, cookie = line.split(" ")
+                @outer_layer[layer_current_field].push({
+                  client_id: client_id,
+                  iv: iv,
+                  cookie: cookie
+                })
+              else
+                _, client_id, iv, cookie = line.split(" ")
+                @outer_layer[layer_current_field] = [{
+                  client_id: client_id,
+                  iv: iv,
+                  cookie: cookie
+                }]
+              end
+            elsif @outer_layer[layer_current_field].nil? && !line.split(" ")[1..-1].nil?
+              @outer_layer[layer_current_field] = line.split(" ")[1..-1].join(" ")
+            elsif !@outer_layer[layer_current_field].nil? && !line.split(" ")[1..-1].nil?
+              @outer_layer[layer_current_field] += line.split(" ")[1..-1].join(" ")
+            else
+              @outer_layer[layer_current_field] = ""
+            end
+          else
+            outer_layer_value = @outer_layer[layer_current_field]
+            if outer_layer_value.nil?
+              @outer_layer[layer_current_field] = line
+            else
+              @outer_layer[layer_current_field] = outer_layer_value + line
+            end
+          end
+        end
+      end
+
+      def desc_auth_type
+        @outer_layer["desc-auth-type"]
+      end
+
+      def desc_auth_ephemeral_key
+        @outer_layer["desc-auth-ephemeral-key"]
+      end
+
+      def auth_clients
+        @outer_layer["auth-client"]
+      end
+
+      def encrypted
+        @outer_layer["encrypted"]
+      end
+    end
+  end
+end

data/lib/zwiebel/hidden_service/v3.rb

@@ -0,0 +1,49 @@
+# Copyright 2023 - 2024, Kurt Meyerhofer
+# This file is part of zwiebel.
+
+# zwiebel is free software: you can redistribute it and/or modify it under the terms of
+# the GNU Lesser General Public License as published by the Free Software Foundation,
+# either version 3 of the License, or (at your option) any later version.
+
+# zwiebel is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for
+# more details.
+
+# You should have received a copy of the GNU Lesser General Public License along with zwiebel.
+# If not, see <https://www.gnu.org/licenses/>.
+
+module Zwiebel
+  module HiddenService
+    class V3
+      attr_accessor :descriptor, :inner_layer, :onion_address, :outer_layer
+
+      def initialize(descriptor_string:, onion_address:)
+        @descriptor = Descriptor.new(string: descriptor_string)
+        @onion_address = onion_address
+      end
+
+      def decrypt
+        blinded_key = descriptor.certificate.signing_key
+        identity_public_key = Zwiebel.v3_address_pubkey(onion_address)
+        subcredential = descriptor.subcredential(identity_public_key)
+        decrypted_outer_layer = Utilities.decrypt_layer(
+          encrypted_data: descriptor.superencrypted,
+          constant: "hsdir-superencrypted-data",
+          revision_counter: descriptor.revision_counter,
+          subcredential: subcredential,
+          blinded_key: blinded_key
+        )
+        @outer_layer = OuterLayer.new(decrypted_data: decrypted_outer_layer)
+        decrypted_inner_layer = Utilities.decrypt_layer(
+          encrypted_data: outer_layer.encrypted,
+          constant: "hsdir-encrypted-data",
+          revision_counter: descriptor.revision_counter,
+          subcredential: subcredential,
+          blinded_key: blinded_key
+        )
+        @inner_layer = InnerLayer.new(decrypted_data: decrypted_inner_layer)
+      end
+    end
+  end
+end

data/lib/zwiebel/shake256.rb

@@ -0,0 +1,360 @@
+# Copyright 2023-2024, Kurt Meyerhofer
+# This file is part of zwiebel.
+
+# zwiebel is free software: you can redistribute it and/or modify it under the terms of
+# the GNU Lesser General Public License as published by the Free Software Foundation,
+# either version 3 of the License, or (at your option) any later version.
+
+# zwiebel is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for
+# more details.
+
+# You should have received a copy of the GNU Lesser General Public License along with zwiebel.
+# If not, see <https://www.gnu.org/licenses/>.
+
+module Zwiebel
+  class Shake256
+    HEX_CHARS = '0123456789abcdef'.freeze
+    PADDING = [31, 7936, 2031616, 520093696].freeze
+    SHIFT = [0, 8, 16, 24].freeze
+    RC = [
+      1, 0, 32898, 0, 32906, 2147483648, 2147516416, 2147483648, 32907, 0, 2147483649,
+      0, 2147516545, 2147483648, 32777, 2147483648, 138, 0, 136, 0, 2147516425, 0,
+      2147483658, 0, 2147516555, 0, 139, 2147483648, 32905, 2147483648, 32771,
+      2147483648, 32770, 2147483648, 128, 2147483648, 32778, 0, 2147483658, 2147483648,
+      2147516545, 2147483648, 32896, 2147483648, 2147483649, 0, 2147516424, 2147483648
+    ].freeze
+
+    def initialize(bit_length:, message_type: "string")
+      @bit_length = bit_length
+      @message_type = message_type
+      @finalized = false
+      @reset = true
+      @block = 0
+      @start = 0
+      @block_count = (1600 - (256 << 1)) >> 5
+      @byte_count = @block_count << 2
+      @output_blocks = @bit_length >> 5
+      @extra_bytes = (@bit_length & 31) >> 3
+      @s = Array.new(50, 0)
+      @blocks = Array.new(@block_count, 0)
+    end
+
+    def hexdigest(data)
+      return if data.nil?
+      if @message_type == "string"
+        data_codes = data.bytes
+        length = data.length
+      else
+        data_codes = [data].pack("H*").bytes
+        length = data_codes.length
+      end
+
+      index = 0
+      i = nil
+      while index < length
+        if @reset
+          @reset = false
+          @blocks[0] = @block
+          1.upto(@block_count + 1) do |x|
+            @blocks[x] = 0
+          end
+        end
+        i = @start
+        while index < length && i < @byte_count
+          code = data_codes[index]
+          if @message_type == "string"
+            if code < 0x80
+              @blocks[i >> 2] |= code << SHIFT[i & 3]
+              i += 1
+            elsif code < 0x800
+              @blocks[i >> 2] |= (0xc0 | (code >> 6)) << SHIFT[i & 3]
+              i += 1
+              @blocks[i >> 2] |= (0x80 | (code & 0x3f)) << SHIFT[i & 3]
+              i += 1
+            elsif code < 0xd800 || code >= 0xe000
+              @blocks[i >> 2] |= (0xe0 | (code >> 12)) << SHIFT[i & 3]
+              i += 1
+              @blocks[i >> 2] |= (0x80 | ((code >> 6) & 0x3f)) << SHIFT[i & 3]
+              i += 1
+              @blocks[i >> 2] |= (0x80 | (code & 0x3f)) << SHIFT[i & 3]
+              i += 1
+            else
+              code = 0x10000 + (((code & 0x3ff) << 10) | (data_codes[index += 1] & 0x3ff))
+              @blocks[i >> 2] |= (0xf0 | (code >> 18)) << SHIFT[i & 3]
+              i += 1
+              @blocks[i >> 2] |= (0x80 | ((code >> 12) & 0x3f)) << SHIFT[i & 3]
+              i += 1
+              @blocks[i >> 2] |= (0x80 | ((code >> 6) & 0x3f)) << SHIFT[i & 3]
+              i += 1
+              @blocks[i >> 2] |= (0x80 | (code & 0x3f)) << SHIFT[i & 3]
+              i += 1
+            end
+          else
+            @blocks[i >> 2] |= code << SHIFT[i & 3]
+            i += 1
+          end
+          index += 1
+        end
+
+        @last_byte_index = i
+
+        if i >= @byte_count
+          @start = i - @byte_count
+          @block = @blocks[@block_count]
+          0.upto(@block_count - 1) do |x|
+            @s[x] ^= @blocks[x]
+          end
+          keccak(@s)
+          @reset = true
+        else
+          @start = i
+        end
+      end
+
+      finalize
+
+      hex = ""
+      i = 0
+      j = 0
+      s = @s
+      block = nil
+      while j < @output_blocks
+        while i < @block_count && j < @output_blocks
+          block = s[i]
+          hex += HEX_CHARS[(block >> 4) & 0x0F] + HEX_CHARS[block & 0x0F] +
+            HEX_CHARS[(block >> 12) & 0x0F] + HEX_CHARS[(block >> 8) & 0x0F] +
+            HEX_CHARS[(block >> 20) & 0x0F] + HEX_CHARS[(block >> 16) & 0x0F] +
+            HEX_CHARS[(block >> 28) & 0x0F] + HEX_CHARS[(block >> 24) & 0x0F]
+          j += 1
+          i += 1
+        end
+
+        if j % @block_count == 0
+          s = s.dup
+          keccak(s)
+          i = 0
+        end
+      end
+
+      if @extra_bytes > 0
+        block = s[i]
+        hex += HEX_CHARS[(block >> 4) & 0x0F] + HEX_CHARS[block & 0x0F]
+        if @extra_bytes > 1
+          hex += HEX_CHARS[(block >> 12) & 0x0F] + HEX_CHARS[(block >> 8) & 0x0F]
+        end
+        if @extra_bytes > 2
+          hex += HEX_CHARS[(block >> 20) & 0x0F] + HEX_CHARS[(block >> 16) & 0x0F]
+        end
+      end
+
+      hex
+    end
+
+    private
+
+    def finalize
+      return if @finalized
+
+      @finalized = true
+      i = @last_byte_index.nil? ? 0 : @last_byte_index
+      @blocks[i >> 2] |= PADDING[i & 3]
+      if @last_byte_index == @byte_count
+        @blocks[0] = @blocks[@block_count]
+        1.upto(@block_count) do |x|
+          @blocks[x] = 0
+        end
+      end
+      @blocks[@block_count - 1] |= 0x80000000
+      0.upto(@block_count - 1) do |x|
+        @s[x] ^= @blocks[x]
+      end
+
+      keccak(@s)
+    end
+
+    def keccak(s)
+      (0..47).step(2) do |n|
+        c0 = s[0] ^ s[10] ^ s[20] ^ s[30] ^ s[40]
+        c1 = s[1] ^ s[11] ^ s[21] ^ s[31] ^ s[41]
+        c2 = s[2] ^ s[12] ^ s[22] ^ s[32] ^ s[42]
+        c3 = s[3] ^ s[13] ^ s[23] ^ s[33] ^ s[43]
+        c4 = s[4] ^ s[14] ^ s[24] ^ s[34] ^ s[44]
+        c5 = s[5] ^ s[15] ^ s[25] ^ s[35] ^ s[45]
+        c6 = s[6] ^ s[16] ^ s[26] ^ s[36] ^ s[46]
+        c7 = s[7] ^ s[17] ^ s[27] ^ s[37] ^ s[47]
+        c8 = s[8] ^ s[18] ^ s[28] ^ s[38] ^ s[48]
+        c9 = s[9] ^ s[19] ^ s[29] ^ s[39] ^ s[49]
+        h = c8 ^ ((c2 << 1) | (unsigned_shift_right(c3, 31)))
+        l = c9 ^ ((c3 << 1) | (unsigned_shift_right(c2, 31)))
+        s[0]  ^= h
+        s[1]  ^= l
+        s[10] ^= h
+        s[11] ^= l
+        s[20] ^= h
+        s[21] ^= l
+        s[30] ^= h
+        s[31] ^= l
+        s[40] ^= h
+        s[41] ^= l
+        h = c0 ^ ((c4 << 1) | (unsigned_shift_right(c5, 31)))
+        l = c1 ^ ((c5 << 1) | (unsigned_shift_right(c4, 31)))
+        s[2]  ^= h
+        s[3]  ^= l
+        s[12] ^= h
+        s[13] ^= l
+        s[22] ^= h
+        s[23] ^= l
+        s[32] ^= h
+        s[33] ^= l
+        s[42] ^= h
+        s[43] ^= l
+        h = c2 ^ ((c6 << 1) | (unsigned_shift_right(c7, 31)))
+        l = c3 ^ ((c7 << 1) | (unsigned_shift_right(c6, 31)))
+        s[4]  ^= h
+        s[5]  ^= l
+        s[14] ^= h
+        s[15] ^= l
+        s[24] ^= h
+        s[25] ^= l
+        s[34] ^= h
+        s[35] ^= l
+        s[44] ^= h
+        s[45] ^= l
+        h = c4 ^ ((c8 << 1) | (unsigned_shift_right(c9, 31)))
+        l = c5 ^ ((c9 << 1) | (unsigned_shift_right(c8, 31)))
+        s[6]  ^= h
+        s[7]  ^= l
+        s[16] ^= h
+        s[17] ^= l
+        s[26] ^= h
+        s[27] ^= l
+        s[36] ^= h
+        s[37] ^= l
+        s[46] ^= h
+        s[47] ^= l
+        h = c6 ^ ((c0 << 1) | (unsigned_shift_right(c1, 31)))
+        l = c7 ^ ((c1 << 1) | (unsigned_shift_right(c0, 31)))
+        s[8]  ^= h
+        s[9]  ^= l
+        s[18] ^= h
+        s[19] ^= l
+        s[28] ^= h
+        s[29] ^= l
+        s[38] ^= h
+        s[39] ^= l
+        s[48] ^= h
+        s[49] ^= l
+        b0 = s[0]
+        b1 = s[1]
+        b32 = (s[11] <<  4) | (unsigned_shift_right(s[10], 28))
+        b33 = (s[10] <<  4) | (unsigned_shift_right(s[11], 28))
+        b14 = (s[20] <<  3) | (unsigned_shift_right(s[21], 29))
+        b15 = (s[21] <<  3) | (unsigned_shift_right(s[20], 29))
+        b46 = (s[31] <<  9) | (unsigned_shift_right(s[30], 23))
+        b47 = (s[30] <<  9) | (unsigned_shift_right(s[31], 23))
+        b28 = (s[40] << 18) | (unsigned_shift_right(s[41], 14))
+        b29 = (s[41] << 18) | (unsigned_shift_right(s[40], 14))
+        b20 = (s[2]  <<  1) | (unsigned_shift_right(s[3],  31))
+        b21 = (s[3]  <<  1) | (unsigned_shift_right(s[2],  31))
+        b2  = (s[13] << 12) | (unsigned_shift_right(s[12], 20))
+        b3  = (s[12] << 12) | (unsigned_shift_right(s[13], 20))
+        b34 = (s[22] << 10) | (unsigned_shift_right(s[23], 22))
+        b35 = (s[23] << 10) | (unsigned_shift_right(s[22], 22))
+        b16 = (s[33] << 13) | (unsigned_shift_right(s[32], 19))
+        b17 = (s[32] << 13) | (unsigned_shift_right(s[33], 19))
+        b48 = (s[42] <<  2) | (unsigned_shift_right(s[43], 30))
+        b49 = (s[43] <<  2) | (unsigned_shift_right(s[42], 30))
+        b40 = (s[5]  << 30) | (unsigned_shift_right(s[4],   2))
+        b41 = (s[4]  << 30) | (unsigned_shift_right(s[5],   2))
+        b22 = (s[14] <<  6) | (unsigned_shift_right(s[15], 26))
+        b23 = (s[15] <<  6) | (unsigned_shift_right(s[14], 26))
+        b4  = (s[25] << 11) | (unsigned_shift_right(s[24], 21))
+        b5  = (s[24] << 11) | (unsigned_shift_right(s[25], 21))
+        b36 = (s[34] << 15) | (unsigned_shift_right(s[35], 17))
+        b37 = (s[35] << 15) | (unsigned_shift_right(s[34], 17))
+        b18 = (s[45] << 29) | (unsigned_shift_right(s[44],  3))
+        b19 = (s[44] << 29) | (unsigned_shift_right(s[45],  3))
+        b10 = (s[6]  << 28) | (unsigned_shift_right(s[7],   4))
+        b11 = (s[7]  << 28) | (unsigned_shift_right(s[6],   4))
+        b42 = (s[17] << 23) | (unsigned_shift_right(s[16],  9))
+        b43 = (s[16] << 23) | (unsigned_shift_right(s[17],  9))
+        b24 = (s[26] << 25) | (unsigned_shift_right(s[27],  7))
+        b25 = (s[27] << 25) | (unsigned_shift_right(s[26],  7))
+        b6  = (s[36] << 21) | (unsigned_shift_right(s[37], 11))
+        b7  = (s[37] << 21) | (unsigned_shift_right(s[36], 11))
+        b38 = (s[47] << 24) | (unsigned_shift_right(s[46],  8))
+        b39 = (s[46] << 24) | (unsigned_shift_right(s[47],  8))
+        b30 = (s[8]  << 27) | (unsigned_shift_right(s[9],   5))
+        b31 = (s[9]  << 27) | (unsigned_shift_right(s[8],   5))
+        b12 = (s[18] << 20) | (unsigned_shift_right(s[19], 12))
+        b13 = (s[19] << 20) | (unsigned_shift_right(s[18], 12))
+        b44 = (s[29] <<  7) | (unsigned_shift_right(s[28], 25))
+        b45 = (s[28] <<  7) | (unsigned_shift_right(s[29], 25))
+        b26 = (s[38] <<  8) | (unsigned_shift_right(s[39], 24))
+        b27 = (s[39] <<  8) | (unsigned_shift_right(s[38], 24))
+        b8  = (s[48] << 14) | (unsigned_shift_right(s[49], 18))
+        b9  = (s[49] << 14) | (unsigned_shift_right(s[48], 18))
+        s[0]  = b0  ^ (~b2  & b4)
+        s[1]  = b1  ^ (~b3  & b5)
+        s[10] = b10 ^ (~b12 & b14)
+        s[11] = b11 ^ (~b13 & b15)
+        s[20] = b20 ^ (~b22 & b24)
+        s[21] = b21 ^ (~b23 & b25)
+        s[30] = b30 ^ (~b32 & b34)
+        s[31] = b31 ^ (~b33 & b35)
+        s[40] = b40 ^ (~b42 & b44)
+        s[41] = b41 ^ (~b43 & b45)
+        s[2]  = b2  ^ (~b4  & b6)
+        s[3]  = b3  ^ (~b5  & b7)
+        s[12] = b12 ^ (~b14 & b16)
+        s[13] = b13 ^ (~b15 & b17)
+        s[22] = b22 ^ (~b24 & b26)
+        s[23] = b23 ^ (~b25 & b27)
+        s[32] = b32 ^ (~b34 & b36)
+        s[33] = b33 ^ (~b35 & b37)
+        s[42] = b42 ^ (~b44 & b46)
+        s[43] = b43 ^ (~b45 & b47)
+        s[4]  = b4  ^ (~b6  & b8)
+        s[5]  = b5  ^ (~b7  & b9)
+        s[14] = b14 ^ (~b16 & b18)
+        s[15] = b15 ^ (~b17 & b19)
+        s[24] = b24 ^ (~b26 & b28)
+        s[25] = b25 ^ (~b27 & b29)
+        s[34] = b34 ^ (~b36 & b38)
+        s[35] = b35 ^ (~b37 & b39)
+        s[44] = b44 ^ (~b46 & b48)
+        s[45] = b45 ^ (~b47 & b49)
+        s[6]  = b6  ^ (~b8  & b0)
+        s[7]  = b7  ^ (~b9  & b1)
+        s[16] = b16 ^ (~b18 & b10)
+        s[17] = b17 ^ (~b19 & b11)
+        s[26] = b26 ^ (~b28 & b20)
+        s[27] = b27 ^ (~b29 & b21)
+        s[36] = b36 ^ (~b38 & b30)
+        s[37] = b37 ^ (~b39 & b31)
+        s[46] = b46 ^ (~b48 & b40)
+        s[47] = b47 ^ (~b49 & b41)
+        s[8]  = b8  ^ (~b0  & b2)
+        s[9]  = b9  ^ (~b1  & b3)
+        s[18] = b18 ^ (~b10 & b12)
+        s[19] = b19 ^ (~b11 & b13)
+        s[28] = b28 ^ (~b20 & b22)
+        s[29] = b29 ^ (~b21 & b23)
+        s[38] = b38 ^ (~b30 & b32)
+        s[39] = b39 ^ (~b31 & b33)
+        s[48] = b48 ^ (~b40 & b42)
+        s[49] = b49 ^ (~b41 & b43)
+
+        s[0] ^= RC[n]
+        s[1] ^= RC[n + 1]
+      end
+    end
+
+    def unsigned_shift_right(val, amount)
+      mask = (1 << (32 - amount)) - 1
+      (val >> amount) & mask
+    end
+  end
+end

data/lib/zwiebel/utilities.rb

@@ -0,0 +1,68 @@
+# Copyright 2023-2024, Kurt Meyerhofer
+# This file is part of zwiebel.
+
+# zwiebel is free software: you can redistribute it and/or modify it under the terms of
+# the GNU Lesser General Public License as published by the Free Software Foundation,
+# either version 3 of the License, or (at your option) any later version.
+
+# zwiebel is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for
+# more details.
+
+# You should have received a copy of the GNU Lesser General Public License along with zwiebel.
+# If not, see <https://www.gnu.org/licenses/>.
+
+require "base64"
+
+module Zwiebel
+  class Utilities
+    SALT_LENGTH = 16
+    MAC_LENGTH = 32
+    S_KEY_LENGTH = 32
+    S_IV_LENGTH = 16
+
+    def self.current_time_period
+      # tor rend-spec-v3
+      # 2.2.1 [TIME-PERIODS]
+      current_time = Time.now.utc.to_i
+      (current_time / 60 - 1440) / 1440
+    end
+
+    def self.decrypt_layer(encrypted_data:, constant:, revision_counter:, subcredential:, blinded_key:)
+      cleaned_data = encrypted_data.gsub("-----BEGIN MESSAGE-----\n", "").gsub("\n-----END MESSAGE-----", "")
+      encrypted = Base64.decode64(cleaned_data)
+
+      if encrypted.length < SALT_LENGTH + MAC_LENGTH
+        raise ContentLengthError, "encrypted data should be at least #{SALT_LENGTH + MAC_LENGTH} bytes"
+      end
+
+      salt = encrypted.byteslice(0, SALT_LENGTH)
+      ciphertext = encrypted.byteslice(SALT_LENGTH..-(MAC_LENGTH + 1))
+      expected_mac = encrypted.byteslice(-MAC_LENGTH..-1)
+
+      key_digest = blinded_key + subcredential + [revision_counter].pack("Q>") + salt + constant
+      bit_length = (S_KEY_LENGTH + S_IV_LENGTH + MAC_LENGTH) * 8
+
+      keys = Shake256.new(bit_length: bit_length, message_type: "hex").hexdigest(key_digest.unpack1("H*"))
+      keys = [keys].pack("H*")
+
+      secret_key = keys.byteslice(0, S_KEY_LENGTH)
+      secret_iv = keys.byteslice(S_KEY_LENGTH, S_IV_LENGTH)
+      mac_key = keys.byteslice(S_KEY_LENGTH + S_IV_LENGTH, MAC_LENGTH)
+
+      mac_prefix = [mac_key.length].pack("Q>") + mac_key + [salt.length].pack("Q>") + salt
+      mac_for = OpenSSL::Digest.digest("SHA3-256", mac_prefix + ciphertext)
+
+      if expected_mac != mac_for
+        raise DataError, "incorrect message authentication code"
+      end
+
+      decipher = OpenSSL::Cipher.new("aes-256-ctr")
+      decipher.decrypt
+      decipher.key = secret_key
+      decipher.iv = secret_iv
+      decipher.update(ciphertext) + decipher.final
+    end
+  end
+end

data/lib/zwiebel/version.rb

@@ -1,3 +1,3 @@
 module Zwiebel
-  VERSION = "0.0.3"
+  VERSION = "0.0.4"
 end

data/lib/zwiebel.rb

@@ -1,4 +1,4 @@
-# Copyright 2023, Kurt Meyerhofer
+# Copyright 2023-2024, Kurt Meyerhofer
 # This file is part of zwiebel.
 
 # zwiebel is free software: you can redistribute it and/or modify it under the terms of
@@ -14,11 +14,58 @@
 # If not, see <https://www.gnu.org/licenses/>.
 
 require "base32"
+require_relative "zwiebel/hidden_service/v3"
+require_relative "zwiebel/hidden_service/descriptor"
+require_relative "zwiebel/hidden_service/outer_layer"
+require_relative "zwiebel/hidden_service/inner_layer"
+require_relative "zwiebel/hidden_service/introduction_point"
 require_relative "zwiebel/control"
+require_relative "zwiebel/ed25519_certificate"
+require_relative "zwiebel/errors"
+require_relative "zwiebel/shake256"
+require_relative "zwiebel/utilities"
 require_relative "zwiebel/version"
 
 module Zwiebel
 
+  def self.start(address, settings = {}, &block)
+    raise InvalidAddressError, "address invalid" unless v3_address_valid?(address)
+    setting_options = %i(host port cookie)
+    settings.delete_if do |k, _|
+      !setting_options.include?(k)
+    end
+
+    tor = Control.new(**settings)
+    tor.authenticate
+    address_without_suffix = address.gsub(".onion", "")
+    tor.send_command("GETINFO", "hs/client/desc/id/#{address_without_suffix}")
+
+    hs_reply = tor.read_reply
+    if hs_reply.start_with?("551")
+      # Put this into a reusable method # TODO
+      tor.send_command("HSFETCH", address_without_suffix)
+      tor.send_command("GETINFO", "hs/client/desc/id/#{address_without_suffix}")
+      hs_reply = tor.read_reply
+    end
+
+    hs_descriptor = ""
+    descriptor_current_field = nil
+    while hs_reply != "250 OK"
+      hs_reply = tor.read_reply
+      next if hs_reply == "." || hs_reply == "250 OK"
+      hs_descriptor += "#{hs_reply}\n"
+    end
+
+    if hs_descriptor.length < 1
+      raise DataError, "hidden service descriptor not found"
+    else
+      hidden_service_v3 = HiddenService::V3.new(
+        descriptor_string: hs_descriptor,
+        onion_address: address
+      ).decrypt
+    end
+  end
+
   def self.v3_address_valid?(address)
     # tor address-spec
     # onion_address = base32(PUBKEY | CHECKSUM | VERSION)
@@ -37,24 +84,28 @@ module Zwiebel
     pubkey = decoded_address.byteslice(0, 32)
     checksum = decoded_address.byteslice(32, 2)
     version = decoded_address.byteslice(34)
-
     onion_checksum = ".onion checksum"
     calculated_checksum = onion_checksum + pubkey + version
-
     digest = OpenSSL::Digest.digest("SHA3-256", calculated_checksum)
     checksum_truncated = digest.byteslice(0, 2)
-
     checksum_truncated == checksum
   end
 
+  def self.v3_address_pubkey(address)
+    raise InvalidAddressError, "address invalid" unless v3_address_valid?(address)
+
+    decoded_address = Base32.decode(address.gsub(".onion", "").upcase)
+    decoded_address.byteslice(0, 32)
+  end
+
   def self.cookie_file_hash(file_path:)
     if !File.exist?(file_path)
-      raise StandardError "cookie file not present"
+      raise FileReadError, "cookie file not present"
     elsif !File.readable?(file_path)
-      raise StandardError "not permitted to read cookie file"
+      raise FileReadError, "not permitted to read cookie file"
     else
       data = IO.binread(file_path)
-      data.unpack("H*")[0]
+      data.unpack1("H*")
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: zwiebel
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
 platform: ruby
 authors:
 - Kurt Meyerhofer
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-12-03 00:00:00.000000000 Z
+date: 2024-01-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: base32
@@ -47,6 +47,15 @@ extra_rdoc_files: []
 files:
 - lib/zwiebel.rb
 - lib/zwiebel/control.rb
+- lib/zwiebel/ed25519_certificate.rb
+- lib/zwiebel/errors.rb
+- lib/zwiebel/hidden_service/descriptor.rb
+- lib/zwiebel/hidden_service/inner_layer.rb
+- lib/zwiebel/hidden_service/introduction_point.rb
+- lib/zwiebel/hidden_service/outer_layer.rb
+- lib/zwiebel/hidden_service/v3.rb
+- lib/zwiebel/shake256.rb
+- lib/zwiebel/utilities.rb
 - lib/zwiebel/version.rb
 homepage: https://github.com/kmeyerhofer/zwiebel
 licenses:
@@ -67,7 +76,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements:
-- Tor (>= 0.3.2.1)
+- Tor (>= 0.4.1.1-alpha)
 rubygems_version: 3.2.22
 signing_key:
 specification_version: 4