Class: Eco::Data::Crypto::OpenSSL

Inherits:

Object

• Object
• Eco::Data::Crypto::OpenSSL

Defined in:

lib/eco/data/crypto/encryption.rb

Constant Summary

DEFAULT_KEY_LENGTH =

256

DEFAULT_RSA_LENGTH =

2048

SALT_LENGTH =

128

SALT_SEED =

"$%!@_halt9000"

BLOCK_OCTETS =

512

Instance Attribute Summary

• #cipher ⇒ Object readonly

  Returns the value of attribute cipher.

• #digest ⇒ Object readonly

  Returns the value of attribute digest.

• #kdf ⇒ Object readonly

  Returns the value of attribute kdf.

• #pkcs5 ⇒ Object readonly

  Returns the value of attribute pkcs5.

• #rsa ⇒ Object readonly

  Returns the value of attribute rsa.

• #salt ⇒ Object readonly

  Returns the value of attribute salt.

• #salt_seed ⇒ Object

  Returns the value of attribute salt_seed.

Instance Method Summary

• #aes256_decrypt(data, key:, iv:, block_octets: BLOCK_OCTETS) ⇒ Object
• #aes256_encrypt(data, key: nil, iv: nil, block_octets: BLOCK_OCTETS) ⇒ Object
• #aes256_pass(pass) ⇒ Object

  def scrypt (pass, salt: @salt, cost: 14, length: DEFAULT_KEY_LENGTH) block_size = 8 parallelization = 1 octets = length.div(8) @kdf.scrypt(pass, salt: salt, N: 2**cost, r: block_size, p: parallelization, length: octets) end.

• #initialize(init = {}) ⇒ OpenSSL constructor

  A new instance of OpenSSL.

• #pbkdf2(pass, salt: @salt || "salt", iterations: 1000, length: DEFAULT_KEY_LENGTH, hash: "sha256") ⇒ Object

  default hmac hash to "sha256" -> https://github.com/hueniverse/iron/issues/55.

• #pbkdf2_sha1(pass, salt: @salt, iterations: 1000, length: DEFAULT_KEY_LENGTH) ⇒ Object
• #rsa_keygen(length = DEFAULT_RSA_LENGTH, filename: "rsa") ⇒ Object
• #rsa_keygen_ssh(length = DEFAULT_RSA_LENGTH, filename: "rsa") ⇒ Object
• #rsa_keypairs?(private_key, public_key) ⇒ Boolean
• #sha256(str = nil) ⇒ Object
• #sha512(str = nil) ⇒ Object

Constructor Details

#initialize(init = {}) ⇒ OpenSSL

Returns a new instance of OpenSSL.

# File 'lib/eco/data/crypto/encryption.rb', line 80

def initialize(init = {})
  @digest = ::OpenSSL::Digest
  @pkcs5 = ::OpenSSL::PKCS5
  #@kdf = ::OpenSSL::KDF
  @cipher = ::OpenSSL::Cipher
  self.salt_seed = SALT_SEED
  @rsa = ::OpenSSL::PKey::RSA
end

Instance Attribute Details

#cipher ⇒ Object (readonly)

Returns the value of attribute cipher.

# File 'lib/eco/data/crypto/encryption.rb', line 78

def cipher
  @cipher
end

#digest ⇒ Object (readonly)

Returns the value of attribute digest.

# File 'lib/eco/data/crypto/encryption.rb', line 78

def digest
  @digest
end

#kdf ⇒ Object (readonly)

Returns the value of attribute kdf.

# File 'lib/eco/data/crypto/encryption.rb', line 78

def kdf
  @kdf
end

#pkcs5 ⇒ Object (readonly)

Returns the value of attribute pkcs5.

# File 'lib/eco/data/crypto/encryption.rb', line 78

def pkcs5
  @pkcs5
end

#rsa ⇒ Object (readonly)

Returns the value of attribute rsa.

# File 'lib/eco/data/crypto/encryption.rb', line 78

def rsa
  @rsa
end

#salt ⇒ Object (readonly)

Returns the value of attribute salt.

# File 'lib/eco/data/crypto/encryption.rb', line 79

def salt
  @salt
end

#salt_seed ⇒ Object

Returns the value of attribute salt_seed.

# File 'lib/eco/data/crypto/encryption.rb', line 77

def salt_seed
  @salt_seed
end

Instance Method Details

#aes256_decrypt(data, key:, iv:, block_octets: BLOCK_OCTETS) ⇒ Object

# File 'lib/eco/data/crypto/encryption.rb', line 152

def aes256_decrypt(data, key: , iv: , block_octets: BLOCK_OCTETS)
  block_bits = block_bits * 8
  #validation = encrypted_data && encrypted_data.key && encrypted_data.iv
  # return nil unless validation
  cipher = @cipher.new('aes-256-cbc')
  cipher.decrypt
  cipher.key = key
  cipher.iv  = iv
  #cipher.key = encrypted_data.key
  #cipher.iv = encrypted_data.iv
  #str_c = encrypted_data.content
  str_c = data
  str = ""
  while str_c.length > 0
    str += cipher.update(str_c.slice!(0, block_bits))
    #puts str[-50..-1] || str
  end
  str += cipher.final
  return str
end

#aes256_encrypt(data, key: nil, iv: nil, block_octets: BLOCK_OCTETS) ⇒ Object

# File 'lib/eco/data/crypto/encryption.rb', line 130

def aes256_encrypt(data, key: nil, iv: nil, block_octets: BLOCK_OCTETS)
  block_bits = block_bits * 8
  cipher = @cipher.new('aes-256-cbc')
  cipher.encrypt

  if key ; cipher.key = key
  else   ; key = cipher.random_key
  end
  if iv  ; cipher.iv = iv
  else   ; iv = cipher.random_iv
  end

  str_c = ""
  while str.length > 0
    str_c += cipher.update(str.slice!(0, block_bits))
  end
  str_c += cipher.final
  return str_c
  #EncryptedData.new({content: str_c, key: key, iv: iv})


end

#aes256_pass(pass) ⇒ Object

def scrypt (pass, salt: @salt, cost: 14, length: DEFAULT_KEY_LENGTH) block_size = 8 parallelization = 1 octets = length.div(8) @kdf.scrypt(pass, salt: salt, N: 2**cost, r: block_size, p: parallelization, length: octets) end

# File 'lib/eco/data/crypto/encryption.rb', line 127

def aes256_pass(pass)
  self.pbkdf2(pass, length: 256)
end

#pbkdf2(pass, salt: @salt || "salt", iterations: 1000, length: DEFAULT_KEY_LENGTH, hash: "sha256") ⇒ Object

default hmac hash to "sha256" -> https://github.com/hueniverse/iron/issues/55

# File 'lib/eco/data/crypto/encryption.rb', line 105

def pbkdf2 (pass, salt: @salt || "salt", iterations: 1000, length: DEFAULT_KEY_LENGTH, hash: "sha256")
  octets = length.div(8)
  #puts "this has been called"
  #puts "pass: #{pass}"
  #puts "salt: #{salt}"
  #puts "iterations: #{iterations}"
  #puts "length: #{length}"
  #puts "hash: #{hash}"
  @pkcs5.pbkdf2_hmac(pass, salt, iterations, octets, hash)
end

#pbkdf2_sha1(pass, salt: @salt, iterations: 1000, length: DEFAULT_KEY_LENGTH) ⇒ Object

# File 'lib/eco/data/crypto/encryption.rb', line 115

def pbkdf2_sha1 (pass, salt: @salt, iterations: 1000, length: DEFAULT_KEY_LENGTH)
  #self.pbkdf2(pass, salt: salt, iterations: iternations, length: length, hash: "sha1")
  @pkcs5.pbkdf2_hmac(pass, salt, iterations, octets, "sha1")
end

#rsa_keygen(length = DEFAULT_RSA_LENGTH, filename: "rsa") ⇒ Object

# File 'lib/eco/data/crypto/encryption.rb', line 172

def rsa_keygen(length = DEFAULT_RSA_LENGTH, filename: "rsa")
  filename = "rsa" if !filename
  key =  @rsa.new(length)
  File.open('./' + filename + '.pem',"w") {|fd| fd << key.to_pem }
  File.open('./' + filename + '.pub',"w") {|fd| fd << key.public_key.to_pem }
end

#rsa_keygen_ssh(length = DEFAULT_RSA_LENGTH, filename: "rsa") ⇒ Object

# File 'lib/eco/data/crypto/encryption.rb', line 178

def rsa_keygen_ssh(length = DEFAULT_RSA_LENGTH, filename: "rsa")
  # to do conersion pem to ssh-rsa: https://stackoverflow.com/a/3162593/4352306
  # conversion explained here: http://blog.oddbit.com/2011/05/08/converting-openssh-public-keys/
  # much simpler developed in php here: https://stackoverflow.com/a/5524323/4352306
  filename = "rsa" if !filename
  key =  @rsa.new(length)
  File.open('./' + filename + '.der',"w") {|fd| fd << key.ssh_type }
  File.open('./' + filename + '.pub',"w") {|fd| fd << key.public_key.ssh_type }
end

#rsa_keypairs?(private_key, public_key) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/eco/data/crypto/encryption.rb', line 187

def rsa_keypairs?(private_key, public_key)
  str_original = "See, my mule don’t like people laughing"

  pub_key = @rsa.new(public_key)
  str_original.force_encoding(Encoding::UTF_8)
  encrypted_data = Base64.encode64(pub_key.public_encrypt(str_original))

  priv_key = @rsa.new(private_key)
  begin # see here: https://stackoverflow.com/a/13251160/4352306 (padding error when false pub key)
    decrypted_data = priv_key.private_decrypt(Base64.decode64(encrypted_data))
    # OpenSSL core Ruby library is written in C which uses different encoding (ASCII-8BIT)
    # that's why we force UTF-8 encoding (before and after encryption)
    # see this answer: https://stackoverflow.com/a/27326915/4352306
    decrypted_data.force_encoding(Encoding::UTF_8)
  rescue
    return false
  end

  puts "encrypted string: #{str_original}"
  puts "decrypted string: #{decrypted_data}"
  return (decrypted_data == str_original)
end

#sha256(str = nil) ⇒ Object

# File 'lib/eco/data/crypto/encryption.rb', line 92

def sha256 (str = nil)
  sha = @digest.SHA256.new
  digest = sha.digest(str) unless !str
  sha.reset
  digest
end

#sha512(str = nil) ⇒ Object

# File 'lib/eco/data/crypto/encryption.rb', line 98

def sha512 (str = nil)
  sha = @digest.SHA512.new
  digest = sha.digest(str) unless !str
  sha.reset
  digest
end