Module: Ciri::Crypto

Extended by:
Crypto
Included in:
Crypto
Defined in:
lib/ciri/crypto.rb

Defined Under Namespace

Classes: ECIESDecryptionError

Constant Summary collapse

ECIES_CIPHER_NAME =
'aes-128-ctr'

Instance Method Summary collapse

Instance Method Details

#ecdsa_recover(msg, signature, return_raw_key: true) ⇒ Object


45
46
47
48
49
50
51
52
53
54
# File 'lib/ciri/crypto.rb', line 45

def ecdsa_recover(msg, signature, return_raw_key: true)
  pk = Secp256k1::PrivateKey.new(flags: Secp256k1::ALL_FLAGS)
  sig, recid = signature[0..-2], Ciri::Utils.big_endian_decode(signature[-1])

  recsig = pk.ecdsa_recoverable_deserialize(sig, recid)
  pubkey = pk.ecdsa_recover(msg, recsig, raw: true)

  key = Secp256k1::PublicKey.new(pubkey: pubkey)
  return_raw_key ? key.serialize(compressed: false) : key
end

#ecdsa_signature(key, data) ⇒ Object


39
40
41
42
43
# File 'lib/ciri/crypto.rb', line 39

def ecdsa_signature(key, data)
  secp256k1_key = ensure_secp256k1_key(privkey: key)
  signature, recid = secp256k1_key.ecdsa_recoverable_serialize(secp256k1_key.ecdsa_sign_recoverable(data, raw: true))
  signature + Ciri::Utils.big_endian_encode(recid, "\x00")
end

#ecies_decrypt(data, priv_key, shared_mac_data = '') ⇒ Object


79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# File 'lib/ciri/crypto.rb', line 79

def ecies_decrypt(data, priv_key, shared_mac_data = '')
  raise ECIESDecryptionError.new('invalid header') if data[0] != "\x04"

  # compute shared_secret
  ephem_raw_pubkey = data[0..64]  # add first byte tag

  ephem_pubkey = ec_pkey_from_raw(ephem_raw_pubkey)
  shared_secret = priv_key.dh_compute_key(ephem_pubkey.public_key)

  key = ecies_kdf(shared_secret, 32)
  key_enc, key_mac = key[0...16], key[16..-1]

  # verify data
  key_mac = Digest::SHA256.digest(key_mac)
  tag = data[-32..-1]
  unless Ciri::Utils.secret_compare(hmac_sha256(key_mac, data[65...-32] + shared_mac_data), tag)
    raise ECIESDecryptionError.new("Fail to verify data")
  end

  # decrypt data
  cipher = OpenSSL::Cipher.new(ECIES_CIPHER_NAME)

  iv_start = 65
  iv_end = iv_start + cipher.iv_len
  iv = data[iv_start...iv_end]
  ciphertext = data[iv_end...-32]

  cipher.decrypt
  cipher.key = key_enc
  cipher.iv = iv
  cipher.update(ciphertext) + cipher.final
end

#ecies_encrypt(message, raw_pubkey, shared_mac_data = '') ⇒ Object


56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# File 'lib/ciri/crypto.rb', line 56

def ecies_encrypt(message, raw_pubkey, shared_mac_data = '')
  pubkey = raw_pubkey.is_a?(OpenSSL::PKey::EC) ? raw_pubkey : ec_pkey_from_raw(raw_pubkey)

  # compute keys
  ephem_key = OpenSSL::PKey::EC.new('secp256k1')
  ephem_key.generate_key
  shared_secret = ephem_key.dh_compute_key(pubkey.public_key)
  key = ecies_kdf(shared_secret, 32)
  key_enc, key_mac = key[0...16], key[16..-1]

  key_mac = Digest::SHA256.digest(key_mac)
  ephem_raw_pubkey = ephem_key.public_key.to_bn.to_s(2)

  cipher = OpenSSL::Cipher.new(ECIES_CIPHER_NAME)
  cipher.encrypt
  iv = cipher.random_iv
  cipher.key = key_enc
  cipher_text = cipher.update(message) + cipher.final
  msg = ephem_raw_pubkey + iv + cipher_text
  tag = hmac_sha256(key_mac, msg[ephem_raw_pubkey.size..-1] + shared_mac_data)
  msg + tag
end

#ensure_secp256k1_key(privkey:) ⇒ Object


112
113
114
# File 'lib/ciri/crypto.rb', line 112

def ensure_secp256k1_key(privkey:)
  privkey.is_a?(Secp256k1::BaseKey) ? privkey : Secp256k1::PrivateKey.new(privkey: privkey)
end