Test to validate encryption integrity & add widget_id key derivation

lib/core_extensions/string/binary_hex.rb

@@ -10,10 +10,14 @@ def htb
       end
 
       def force_binary
-        return htb if match(/^[0-9A-F]+$/i).is_a? MatchData
-        return self if bth.match(/^[0-9A-F]+$/i).is_a? MatchData
+        return htb if hex?
+        return self if bth.hex?
         raise ArgumentError, 'Invalid encoding, hex or binary'
       end
+
+      def hex?
+        match(/^[0-9A-F]+$/i).is_a? MatchData
+      end
     end
   end
 end

lib/mifiel/crypto.rb

@@ -1,4 +1,5 @@
 require_relative '../core_extensions.rb'
+require 'money-tree'
 CoreExtensions.load
 
 module Mifiel
@@ -30,5 +31,16 @@ def self.encrypt(document, password)
       params[:cipher_text] = Mifiel::Crypto::AES.encrypt(params.slice(:key, :iv, :data))
       Mifiel::Crypto::PKCS5.new(params.slice(:salt, :iv, :iterations, :cipher_text))
     end
+
+    def self.derive_path(key, path)
+      master = key.is_a?(MoneyTree::Master) ? key : MoneyTree::Master.from_bip32(key)
+      master.node_for_path(path)
+    end
+
+    def self.derive_from_widget(key, widget_id)
+      path = widget_id.split('-')
+      raise Mifiel::ERROR unless path.count == 7
+      derive_path(key, path.last(2).join('/'))
+    end
   end
 end

lib/mifiel/crypto/aes.rb

@@ -1,4 +1,3 @@
-require 'openssl'
 module Mifiel
   module Crypto
     class AES

mifiel.gemspec

@@ -22,6 +22,7 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency 'api-auth',           '~> 1.4'
   spec.add_runtime_dependency 'json',               '~> 1.8'
   spec.add_runtime_dependency 'rest-client',        '>= 1.8'
+  spec.add_runtime_dependency 'money-tree',        '>= 0.10.0'
   # Use Gem::Version to parse the Ruby version for reliable comparison
   # ActiveSupport 5+ requires Ruby 2.2.2
   if Gem::Version.new(RUBY_VERSION) > Gem::Version.new('2.2.2')

spec/fixtures/widget_ids.json

@@ -0,0 +1,42 @@
+{
+  "master_seed": "000102030405060708090a0b0c0d0e0f",
+  "ids": [
+    "67dd2d0a-9852-4d75-a11f-5fdda36846b8-456-1023",
+    "67dd2d0a-9852-4d75-a11f-5fdda36846b8-0-234",
+    "67dd2d0a-9852-4d75-a11f-5fdda36846b8-4-13",
+    "67dd2d0a-9852-4d75-a11f-5fdda36846b8-1-2",
+    "67dd2d0a-9852-4d75-a11f-5fdda36846b8-45-33",
+    "67dd2d0a-9852-4d75-a11f-5fdda36846b8-12-888",
+    "67dd2d0a-9852-4d75-a11f-5fdda36846b8-34-3"
+  ],
+  "keys": [
+    {
+      "priv": "b21ab38d62adc2f2248302300caf1926ca14a9b19ee80130424a7a6ced85f578",
+      "pub": "035507ffc29904f955eab279e5f82151529bacca2b7a7623fca2ad95c6281ad5b9"
+    },
+    {
+      "priv": "827697afbf1b2244369dcbdd2cb26714f032fb959d909fad645f4afae2d44381",
+      "pub": "0354492c44d62b1548c27f48171f3e0839cf2d8381808f8c00d5e6219b1b3ca764"
+    },
+    {
+      "priv": "21b03a3504c9d5712d912da748ae1d8d131f070ba7c6d765e72c0da5ab5bbab2",
+      "pub": "02b551bdc9353c20eb7cae3ed0949b4042006ace9db42a7e4f95b1dbba7fab4cf7"
+    },
+    {
+      "priv": "e31c5f2e2d8bea5ea02d04129af841bfd1e2f875c1614c4d4d4c72fc1a711951",
+      "pub": "03d18a97975c5f2e11dfa22dd686315f27b35c2db5d32cd7d0c11aea146fdd17c2"
+    },
+    {
+      "priv": "602ace22b1ac42d8b590ce97028eb1d0b8d59a7c8631e87790298dcb7ab651fa",
+      "pub": "025570318f733b57b920cf37c31aad4fbdadcae8fe50c4e68f4c33e9c5f84aa4c9"
+    },
+    {
+      "priv": "0cef0f50ea92135a56e3be1bc738d92f17dedfe8a9b14b80e80ae9fabac32de2",
+      "pub": "0322193b830d0356dedeb42895f3520f92ed2ddf5aa00af613b81c1d040b15e2f0"
+    },
+    {
+      "priv": "4f5fe53512bedf353d2950bf8d43eb3933472ef897581a2de38b9239f5afbb82",
+      "pub": "0291ef5fcc3061b99ec902b2ef2c13f16a879ee4c6a2b614a8fc2b67c2f185cf7c"
+    }
+  ]
+}

spec/mifiel/crypto_spec.rb

@@ -1,5 +1,8 @@
 describe Mifiel::Crypto do
   pkcs5_fixture = JSON.parse(File.read('spec/fixtures/pkcs5.json'), symbolize_names: true)
+  widgets = JSON.parse(File.read('spec/fixtures/widget_ids.json'), symbolize_names: true)
+  pdf = File.open('spec/fixtures/example.pdf', 'rb', &:read)
+
   describe '#Crypto' do
     pkcs5_fixture[:valid].each do |v|
       describe "ASN1: #{v[:asn1]}" do
@@ -8,12 +11,39 @@
           expect(decrypted).to eq(pkcs5_fixture[:plain_text])
         end
       end
-      it "Should encrypt a document, password: #{v[:password]}" do
-        pdf = File.read('spec/fixtures/example.pdf')
-        encrypted = Mifiel::Crypto.encrypt(pdf, v[:password])
-        encrypted_parsed = Mifiel::Crypto::PKCS5.parse(encrypted.to_der)
-        expect(encrypted).to be_a Mifiel::Crypto::PKCS5
-        expect(encrypted == encrypted_parsed).to be true
+
+      describe 'Document encryption' do
+        document_hash = 'f4dee35b52fc06aa9d47f6297c7cff51e8bcebf90683da234a07ed507dafd57b'
+        let(:sha256) { OpenSSL::Digest::SHA256.new }
+        let(:encrypted) { Mifiel::Crypto.encrypt(pdf, v[:password]) }
+
+        it "Should encrypt & decrypt a document, password: #{v[:password]}" do
+          expect(encrypted).to be_a Mifiel::Crypto::PKCS5
+          expect(encrypted == Mifiel::Crypto::PKCS5.parse(encrypted.to_der)).to be true
+        end
+
+        it "should decrypt document and validate doc_hash #{document_hash}" do
+          expect(sha256.digest(Mifiel::Crypto.decrypt(encrypted.to_der, v[:password])).bth).to eq(document_hash)
+        end
+      end
+    end
+  end
+
+  describe 'Key derivation from widget_id' do
+    let(:master) { MoneyTree::Master.new seed_hex: widgets[:master_seed] }
+    keys = widgets[:keys]
+    widgets[:ids].each_with_index do |widget_id, idx|
+      describe "Derive #{widget_id} to keys #{keys[idx]}" do
+        let(:priv) { keys[idx][:priv] }
+        let(:pub) { keys[idx][:pub] }
+
+        it 'should derive priv key' do
+          expect(Mifiel::Crypto.derive_from_widget(master.to_bip32(:private), widget_id).private_key.to_hex).to eq(priv)
+        end
+
+        it 'should derive pub key' do
+          expect(Mifiel::Crypto.derive_from_widget(master.to_bip32(:public), widget_id).public_key.to_hex).to eq(pub)
+        end
       end
     end
   end