ccipher_box 0.1.0

data/lib/ccipher_box/secure_box.rb

@@ -0,0 +1,299 @@
+
+
+module CcipherBox
+ 
+
+  # 
+  # SecureBox is a secure container protected by user password
+  # which has multiple SecureRings (crypto configurations)
+  #
+  class SecureBox
+    include TR::CondUtils
+
+    attr_accessor :rings
+
+    def initialize(rings = nil)
+      @rings = {  }
+      @keyConfigs = []
+      if not_empty?(rings)
+        rings.each do |r|
+          @rings[r.name] = r
+        end
+      end
+    end
+
+    ##
+    # SecureRing management
+    #
+    # Allow external created ring
+    def add_ring(ring)
+      @rings[ring.name] = ring
+    end
+
+    def remove_ring(ring_name)
+      @rings.delete(ring_name)
+    end
+
+    def rings
+      @rings.freeze
+    end
+
+    def init_ring(spec, opts = {  })
+     
+      ss = split_encryption_spec(spec)
+
+      ring = find_ring(ss[0], opts)
+      ring.generate_key(ss[1], opts) if not ring.is_key_registered?(ss[1])
+      ring
+
+    end
+
+    # Implicit SecureRing management
+    #
+    # Encryption in chunk
+    #
+    def encryption_session(*specs, &block)
+
+      opts = block.call(:options) if block
+      opts = {  } if opts.nil?
+
+      keys = []
+      specs.each do |spec|
+        ss = split_encryption_spec(spec)
+        ringName = ss[0]
+        keyName = ss[1]
+        ring = find_ring(ringName, opts) 
+        ring.generate_key(keyName, opts) if not ring.is_key_registered?(keyName)
+        keys << ring.get_key(keyName)
+      end
+
+      #puts "Encryption key : #{keys}"
+      EncryptionEngine.new(*keys)
+    end
+
+    # 
+    # Decryption in chunk
+    #
+    def decryption_session(ringName)
+      ring = find_ring(ringName, { auto_create_ring: false }) 
+      ring.new_decryption_engine
+    end
+
+    # 
+    # Single line encryption
+    #
+    def encrypt(data, *specs, &block)
+
+      opts = block.call(:options) if block
+      opts = {  } if opts.nil?
+
+      keys = []
+      specs.each do |spec|
+        ss = split_encryption_spec(spec)
+        ringName = ss[0]
+        keyName = ss[1]
+        ring = find_ring(ringName, opts) 
+        if not ring.is_key_registered?(keyName)
+          ring.generate_key(keyName, opts)
+          block.call(:new_key_generated) if block
+        end
+        keys << ring.get_key(keyName)
+      end
+
+      eng = EncryptionEngine.new(*keys)
+      intBuf = MemBuf.new
+      eng.init(intBuf)
+      eng.update(data)
+      eng.final
+
+      res = intBuf.bytes.clone
+      intBuf.dispose
+
+      res
+      
+    end
+
+    # 
+    # Single line decryption
+    #
+    def decrypt(bin, &block)
+
+      raise CcipherBox::Error, "No SecureRing is laoded" if is_empty?(@rings)
+
+      intBuf = false
+      if block
+        output = block.call(:output) 
+      end
+
+      if output.nil?
+        intBuf = true
+        output = MemBuf.new
+      end
+    
+      res = nil
+      lastEx = nil
+      @rings.values.each do |v|
+        begin
+          dec = v.new_decryption_engine
+          dec.init(output)
+          dec.update(bin)
+          dec.final
+
+          res = output.bytes.clone
+          output.dispose
+
+          break
+        rescue KeyNotRegistered => ex
+          lastEx = ex
+        end
+      end
+
+      if intBuf
+        raise KeyNotRegistered, "Decryption failed. #{lastEx.nil? ? "" : "(#{lastEx.message})"}" if res.nil?
+        res
+      else
+        nil
+      end
+
+    end
+
+    ## end SecureRing management
+    
+
+    def to_storage(&block)
+      
+      raise CcipherBox::Error, "Block is required" if not block
+
+      pass = block.call(:password)
+      raise CcipherBox::Error, "Password is required" if is_empty?(pass)
+
+      deriveLevel = block.call(:derive_level) || 2
+
+      keyConfigs = []
+      payload = pass
+      (0..deriveLevel).each do |i|
+        
+        kb = Keybox.new
+        kb.baseMat = payload
+        kb.outBitLength = 256
+        payload = kb.dkey 
+
+        keyConfigs << kb.encoded
+      end
+
+      ringBin = []
+      @rings.values.each do |e|
+        ringBin << e.encoded
+      end
+
+      cboxes = BinStruct.instance.struct(:secure_rings)
+      cboxes.secure_rings = ringBin
+
+      sk = CcipherFactory::SymKeyGenerator.derive(:aes, payload.length*8)  do |ops|
+        case ops
+        when :password
+          payload
+        end
+      end
+
+      keyConfigs << sk.encoded
+
+      enc = CcipherFactory::SymKeyCipher.att_encryptor
+      intOut = MemBuf.new
+      enc.output(intOut)
+      enc.key = sk
+      enc.att_encrypt_init
+      enc.att_encrypt_update(cboxes.encoded)
+      enc.att_encrypt_final
+
+      st = BinStruct.instance.struct(:securebox) 
+      st.keyConfigs = keyConfigs
+      st.engines = intOut.bytes
+      st.encoded
+
+    end
+
+    def self.load_storage(bin, &block)
+      
+      raise CcipherBox::Error, "Block is required" if not block
+
+      pass = block.call(:password)
+      raise CcipherBox::Error, "Password is required" if is_empty?(pass)
+
+      st = BinStruct.instance.struct_from_bin(bin)
+      payload = pass
+      st.keyConfigs[0..-2].each do |kc|
+        kb = Keybox.from_encoded(kc)
+        kb.baseMat = payload
+        payload = kb.dkey
+      end
+
+      sk = CcipherFactory::SymKey.from_encoded(st.keyConfigs[-1]) do |ops|
+        case ops
+        when :password
+          payload
+        end
+      end
+
+      begin
+        
+        dec = CcipherFactory::SymKeyCipher.att_decryptor
+        intOut = MemBuf.new
+        dec.output(intOut)
+        dec.key = sk
+        dec.att_decrypt_init
+        dec.att_decrypt_update(st.engines)
+        dec.att_decrypt_final
+
+        cboxes = BinStruct.instance.struct_from_bin(intOut.bytes)
+        rings = []
+        cboxes.secure_rings.each do |cb|
+          rings << CcipherBox::SecureRing.from_encoded(cb)
+        end
+
+        SecureBox.new(rings)
+
+      rescue CcipherFactory::SymKeyDecryptionError => ex
+        raise SecureBoxDecryptionError, ex
+      end
+
+    end
+
+    private
+    def find_ring(ringName, opts = {  })
+      
+      raise SecureBoxError, "Ring name cannot be empty" if is_empty?(ringName)
+
+      if not @rings.keys.include?(ringName) 
+        autoCreate = opts[:auto_create_ring]
+        autoCreate = true if is_empty?(autoCreate)
+        if autoCreate
+          logger.debug "auto_create_ring is true. Creating ring '#{ringName}'."
+          ring = SecureRing.new({ name: ringName })
+          @rings[ringName] = ring
+        else
+          logger.debug "auto_create_ring is false"
+          raise SecureRingNotExist, "Ring '#{ringName}' does not exist and auto create is not active."
+        end
+      end
+
+      @rings[ringName]
+      
+    end
+
+    def split_encryption_spec(spec)
+      ss = spec.split("/")
+      raise SecureBoxEncryptionSpecError, "Spec requires to in format ring_name/key_name format" if ss.length != 2
+      ss
+    end
+
+    def logger
+      if @logger.nil?
+        @logger = TeLogger::Tlogger.new
+        @logger.tag = :secbox
+      end
+      @logger
+    end
+
+  end
+end

data/lib/ccipher_box/secure_ring.rb

@@ -0,0 +1,129 @@
+
+require_relative 'encryption_engine'
+require_relative 'decryption_engine'
+
+require_relative 'enc_key_config'
+
+module CcipherBox
+
+  # 
+  # SecureRing that carries a unique seed for data encryption and decryption
+  # Typically SecureRing contains one key vault for data protection
+  #
+  # Different between SecureRing and MemVault is the encrypt/decrypt
+  # function of MemVault only for limited data however for SecureRing
+  # the data size is limited only by the algorithm limitation
+  #
+  class SecureRing
+    include TR::CondUtils
+
+    attr_accessor :name
+    def initialize(opts = {  })
+
+      @name = opts[:name] || "Genesis"
+
+      @vault = MemVault.new(@name)
+
+      # seed for data encryption key derivation
+      @encSeed = opts[:encSeed] || SecureRandom.random_bytes(64)
+
+      # keep link between encryption key config with a name
+      @encKeyConfig = EncKeyConfig.new
+      if not_empty?(opts[:encKeyConfig])
+        conf = opts[:encKeyConfig].keyConfigs
+        conf.each do |name, kc|
+          regenerate_key(name, kc)
+        end
+      end
+    end
+
+    # generate new operation key for data encryption and decryption
+    def generate_key(name, opts = {  })
+      algo = opts[:algo] || :aes
+      keysize = opts[:keysize] || 256
+
+      sk = CcipherFactory::SymKeyGenerator.derive(algo, keysize) do |ops|
+        case ops
+        when :password
+          @encSeed
+        end
+      end
+
+      @vault.register(name, sk)
+      @encKeyConfig.register_config(name, sk.encoded)
+    end
+
+    def dispose_key(name)
+      @vault.deregister(name)
+      self
+    end
+
+    def is_key_registered?(name)
+      @vault.is_registered?(name)
+    end
+
+    def registered_keys
+      @vault.keys.freeze
+    end
+
+    def get_key(name)
+      @vault.get_key(name)
+    end
+
+    def new_encryption_engine(*keyNames)
+      names = []
+      keyNames.each do |name|
+        raise KeyNotRegistered, "Key with name '#{name}' not registered" if not is_key_registered?(name)
+        names << @vault.get_key(name)
+      end
+      EncryptionEngine.new(*names)
+    end
+
+    def new_decryption_engine
+      DecryptionEngine.new(@vault)
+    end
+
+    def encoded
+      st = BinStruct.instance.struct(:secure_ring)
+      st.name = @name
+      st.cipherSeed = @encSeed
+      st.keyConfigs = @encKeyConfig.encoded
+      st.encoded
+    end
+
+    def self.from_encoded(bin)
+      st = BinStruct.instance.struct_from_bin(bin)
+      encKeyConfig = EncKeyConfig.from_encoded(st.keyConfigs)
+      SecureRing.new({ encSeed: st.cipherSeed, encKeyConfig: encKeyConfig, name: st.name })
+    end
+
+    private
+    # regenerate key based on config loaded from external
+    def regenerate_key(name, config)
+      
+      sk = CcipherFactory::SymKey.from_encoded(config[:config]) do |ops|
+        case ops
+        when :password
+          if @encKeyConfig.is_derived_key?(config)
+          else
+            @encSeed
+          end
+        end
+      end
+
+      @vault.register(name, sk)
+
+    end
+
+    def logger
+      if @logger.nil?
+        @logger = TeLogger::Tlogger.new
+        @logger.tag = :secure_ring
+      end
+      @logger
+    end
+
+
+  end
+  
+end

data/lib/ccipher_box/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module CcipherBox
+  VERSION = "0.1.0"
+end

data/lib/ccipher_box.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require_relative "ccipher_box/version"
+
+require_relative 'ccipher_box/keybox'
+require_relative 'ccipher_box/mem_vault'
+
+require_relative 'ccipher_box/secure_box'
+require_relative 'ccipher_box/secure_ring'
+
+module CcipherBox
+  class Error < StandardError; end
+
+  class KeyboxException < StandardError; end
+  class KeyboxRegisterException < StandardError; end
+  class KeyNotRegistered < StandardError; end
+
+  class InsufficientData < StandardError; end
+
+
+  class SecureBoxError < StandardError; end
+  class SecureBoxDecryptionError < StandardError; end
+  class SecureRingNotExist < StandardError; end
+
+  # Your code goes here...
+
+
+end

data/run_test.rb

@@ -0,0 +1,27 @@
+
+
+require 'toolrack'
+require 'fileutils'
+
+gemfile = File.join(File.dirname(__FILE__),"Gemfile.lock")
+if TR::RTUtils.on_jruby?
+  rtGemFile = File.join(File.dirname(__FILE__),"Gemfile.lock-java")
+else
+  rtGemFile = File.join(File.dirname(__FILE__),"Gemfile.lock-ruby")
+end
+
+if File.exist?(rtGemFile)
+  
+  FileUtils.rm_f gemfile if File.exist?(gemfile)
+
+  FileUtils.cp rtGemFile, gemfile
+
+  cmd = "bundle exec rspec #{ARGV.join(" ")}"
+
+  system(cmd)
+
+else
+
+  STDERR.puts "No java or ruby Gemfile.lock found. Please create the environment first."
+
+end

metadata

@@ -0,0 +1,148 @@
+--- !ruby/object:Gem::Specification
+name: ccipher_box
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Ian
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2022-08-11 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: toolrack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: teLogger
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: ccrypto
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: binenc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: ccipher_factory
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: devops_assist
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: ''
+email:
+- cameronian0@protonmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".rspec"
+- Gemfile
+- Gemfile.lock-java
+- Gemfile.lock-ruby
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- ccipher_box.gemspec
+- lib/ccipher_box.rb
+- lib/ccipher_box/bin_struct.rb
+- lib/ccipher_box/binenc_constant.rb
+- lib/ccipher_box/decryption_engine.rb
+- lib/ccipher_box/enc_key_config.rb
+- lib/ccipher_box/encryption_engine.rb
+- lib/ccipher_box/keybox.rb
+- lib/ccipher_box/mem_key.rb
+- lib/ccipher_box/mem_vault.rb
+- lib/ccipher_box/secure_box.rb
+- lib/ccipher_box/secure_ring.rb
+- lib/ccipher_box/version.rb
+- run_test.rb
+homepage: ''
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.4.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.22
+signing_key: 
+specification_version: 4
+summary: ''
+test_files: []