ccipher_factory 0.1.0 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.release_history.yml +6 -0
- data/lib/ccipher_factory/encoding/bin_struct.rb +12 -1
- data/lib/ccipher_factory/encoding/binenc_constant.rb +4 -0
- data/lib/ccipher_factory/kdf/hkdf.rb +20 -0
- data/lib/ccipher_factory/kdf/kdf.rb +3 -0
- data/lib/ccipher_factory/kdf/pbkdf2.rb +21 -0
- data/lib/ccipher_factory/kdf/scrypt.rb +20 -0
- data/lib/ccipher_factory/symkey_keystore/symkey_keystore.rb +74 -0
- data/lib/ccipher_factory/version.rb +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bb2ce71c27c1cf55de4c778e9acd14c66eb67776886877ba62fc07dfa9e7d291
|
|
4
|
+
data.tar.gz: ab03a998acdad1131b9fe94d969f1854105767a2a81ac80c003e17967da2b5db
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4ae234edf1e0ca9c126600c8f5813950645912dbd400171bea2b2e911b7c5db18f76252636d4a699cbccc10b8ee281cc7f76236bbbf48831c1d2a4ab8f679f58
|
|
7
|
+
data.tar.gz: 85e8d6d06350ce23c78d649f94662c8a8bf2dbaa815c7f566742bed79037746c7f766d599022543459a94415f1ff5930443a0c1ed523543b8d53ba3bd5293d25
|
|
@@ -103,6 +103,7 @@ module CcipherFactory
|
|
|
103
103
|
int :digest
|
|
104
104
|
int :outByteLength
|
|
105
105
|
bin :salt
|
|
106
|
+
bin :value
|
|
106
107
|
end,
|
|
107
108
|
|
|
108
109
|
kdf_scrypt: Binenc::EngineFactory.instance(:bin_struct).define do
|
|
@@ -114,9 +115,9 @@ module CcipherFactory
|
|
|
114
115
|
int :blocksize
|
|
115
116
|
int :parallel
|
|
116
117
|
int :outByteLength
|
|
118
|
+
bin :value
|
|
117
119
|
end,
|
|
118
120
|
|
|
119
|
-
|
|
120
121
|
kdf_pbkdf2: Binenc::EngineFactory.instance(:bin_struct).define do
|
|
121
122
|
oid :oid, BTag.constant_value(:kdf_pbkdf2)
|
|
122
123
|
int :version, 0x0100
|
|
@@ -124,6 +125,7 @@ module CcipherFactory
|
|
|
124
125
|
bin :salt
|
|
125
126
|
int :iterations
|
|
126
127
|
int :outByteLength
|
|
128
|
+
bin :value
|
|
127
129
|
end,
|
|
128
130
|
|
|
129
131
|
|
|
@@ -150,6 +152,15 @@ module CcipherFactory
|
|
|
150
152
|
int :keysize
|
|
151
153
|
bin :key
|
|
152
154
|
end,
|
|
155
|
+
|
|
156
|
+
symkey_keystore: Binenc::EngineFactory.instance(:bin_struct).define do
|
|
157
|
+
oid :oid, BTag.constant_value(:symkey_keystore)
|
|
158
|
+
int :version, 0x0100
|
|
159
|
+
bin :symkey_derived
|
|
160
|
+
bin :symkey_cipher
|
|
161
|
+
bin :symkey
|
|
162
|
+
end,
|
|
163
|
+
|
|
153
164
|
|
|
154
165
|
symkey_att_sign: Binenc::EngineFactory.instance(:bin_struct).define do
|
|
155
166
|
oid :oid, BTag.constant_value(:symkey_att_sign)
|
|
@@ -27,6 +27,8 @@ if not defined?(BTag)
|
|
|
27
27
|
define_constant(:symkey_att_sign, "#.22")
|
|
28
28
|
|
|
29
29
|
define_constant(:kcv, "#.30")
|
|
30
|
+
|
|
31
|
+
define_constant(:symkey_keystore, "#.50")
|
|
30
32
|
end
|
|
31
33
|
|
|
32
34
|
define_constant(:compression, "#.40") do
|
|
@@ -44,6 +46,8 @@ if not defined?(BTag)
|
|
|
44
46
|
|
|
45
47
|
define_constant(:ecc_att_sign, "#.12")
|
|
46
48
|
end
|
|
49
|
+
|
|
50
|
+
define_constant(:asymkey_keystore, "#.50")
|
|
47
51
|
end
|
|
48
52
|
|
|
49
53
|
define_constant(:composite, "#.60") do
|
|
@@ -13,6 +13,7 @@ module CcipherFactory
|
|
|
13
13
|
|
|
14
14
|
attr_accessor :outByteLength, :salt
|
|
15
15
|
attr_accessor :digestAlgo
|
|
16
|
+
attr_accessor :attachedDigest, :attachedValue
|
|
16
17
|
attr_reader :derivedVal
|
|
17
18
|
def derive_init(*args, &block)
|
|
18
19
|
|
|
@@ -21,6 +22,12 @@ module CcipherFactory
|
|
|
21
22
|
|
|
22
23
|
@salt = SecureRandom.random_bytes(@outByteLength) if is_empty?(@salt)
|
|
23
24
|
|
|
25
|
+
if is_empty?(@attachedValue)
|
|
26
|
+
@attachedDigest = false if is_empty?(@attachedDigest)
|
|
27
|
+
else
|
|
28
|
+
@attachedDigest = true
|
|
29
|
+
end
|
|
30
|
+
|
|
24
31
|
if block
|
|
25
32
|
instance_eval(&block)
|
|
26
33
|
derive_final
|
|
@@ -96,10 +103,23 @@ module CcipherFactory
|
|
|
96
103
|
ts.digest = BTag.constant_value(digestId)
|
|
97
104
|
ts.salt = @salt
|
|
98
105
|
ts.outByteLength = @outByteLength
|
|
106
|
+
if is_bool?(@attachedDigest) and @attachedDigest
|
|
107
|
+
ts.value = @derivedVal
|
|
108
|
+
else
|
|
109
|
+
ts.value = ""
|
|
110
|
+
end
|
|
99
111
|
ts.encoded
|
|
100
112
|
|
|
101
113
|
end
|
|
102
114
|
|
|
115
|
+
def is_attached_mode?
|
|
116
|
+
if is_empty?(@attachedValue)
|
|
117
|
+
@attachedDigest
|
|
118
|
+
else
|
|
119
|
+
true
|
|
120
|
+
end
|
|
121
|
+
end
|
|
122
|
+
|
|
103
123
|
private
|
|
104
124
|
def logger
|
|
105
125
|
if @logger.nil?
|
|
@@ -47,6 +47,7 @@ module CcipherFactory
|
|
|
47
47
|
kdf.salt = ts.salt
|
|
48
48
|
kdf.outByteLength = ts.outByteLength
|
|
49
49
|
kdf.digest = Digest.from_encoded(ts.digest)
|
|
50
|
+
kdf.attachedValue = ts.value
|
|
50
51
|
kdf.derive_init
|
|
51
52
|
kdf
|
|
52
53
|
when :kdf_hkdf
|
|
@@ -55,6 +56,7 @@ module CcipherFactory
|
|
|
55
56
|
kdf.digestAlgo = BTag.value_constant(ts.digest)
|
|
56
57
|
kdf.salt = ts.salt
|
|
57
58
|
kdf.outByteLength = ts.outByteLength
|
|
59
|
+
kdf.attachedValue = ts.value
|
|
58
60
|
kdf.derive_init
|
|
59
61
|
when :kdf_pbkdf2
|
|
60
62
|
kdf = KDFEngine.new
|
|
@@ -63,6 +65,7 @@ module CcipherFactory
|
|
|
63
65
|
kdf.salt = ts.salt
|
|
64
66
|
kdf.iter = ts.iterations
|
|
65
67
|
kdf.outByteLength = ts.outByteLength
|
|
68
|
+
kdf.attachedValue = ts.value
|
|
66
69
|
kdf.derive_init
|
|
67
70
|
else
|
|
68
71
|
raise KDFError, "Unknown KDF envelope ID '#{ts.oid}'"
|
|
@@ -7,6 +7,8 @@ module CcipherFactory
|
|
|
7
7
|
include Common
|
|
8
8
|
|
|
9
9
|
attr_accessor :salt, :iter, :outByteLength, :digestAlgo
|
|
10
|
+
attr_accessor :attachedDigest, :attachedValue
|
|
11
|
+
attr_reader :derivedVal
|
|
10
12
|
|
|
11
13
|
def derive_init(*args, &block)
|
|
12
14
|
|
|
@@ -15,6 +17,12 @@ module CcipherFactory
|
|
|
15
17
|
|
|
16
18
|
@salt = SecureRandom.random_bytes(@outByteLength) if is_empty?(@salt)
|
|
17
19
|
|
|
20
|
+
if is_empty?(@attachedValue)
|
|
21
|
+
@attachedDigest = false if is_empty?(@attachedDigest)
|
|
22
|
+
else
|
|
23
|
+
@attachedDigest = true
|
|
24
|
+
end
|
|
25
|
+
|
|
18
26
|
if block
|
|
19
27
|
instance_eval(&block)
|
|
20
28
|
derive_final
|
|
@@ -65,10 +73,23 @@ module CcipherFactory
|
|
|
65
73
|
ts.salt = @salt
|
|
66
74
|
ts.outByteLength = @outByteLength
|
|
67
75
|
ts.iterations = hconf.iter
|
|
76
|
+
if is_bool?(@attachedDigest) and @attachedDigest
|
|
77
|
+
ts.value = @derivedVal
|
|
78
|
+
else
|
|
79
|
+
ts.value = ""
|
|
80
|
+
end
|
|
68
81
|
ts.encoded
|
|
69
82
|
|
|
70
83
|
end
|
|
71
84
|
|
|
85
|
+
def is_attached_mode?
|
|
86
|
+
if is_empty?(@attachedValue)
|
|
87
|
+
@attachedDigest
|
|
88
|
+
else
|
|
89
|
+
true
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
|
|
72
93
|
def logger
|
|
73
94
|
if @logger.nil?
|
|
74
95
|
@logger = TeLogger::Tlogger.new
|
|
@@ -14,6 +14,7 @@ module CcipherFactory
|
|
|
14
14
|
##
|
|
15
15
|
attr_accessor :cost, :parallel, :blocksize, :salt, :outByteLength
|
|
16
16
|
attr_accessor :digestAlgo, :digest
|
|
17
|
+
attr_accessor :attachedDigest, :attachedValue
|
|
17
18
|
attr_reader :derivedVal
|
|
18
19
|
def derive_init(*args, &block)
|
|
19
20
|
|
|
@@ -44,6 +45,12 @@ module CcipherFactory
|
|
|
44
45
|
|
|
45
46
|
@digest.output(intOutputBuf)
|
|
46
47
|
|
|
48
|
+
if is_empty?(@attachedValue)
|
|
49
|
+
@attachedDigest = false if is_empty?(@attachedDigest)
|
|
50
|
+
else
|
|
51
|
+
@attachedDigest = true
|
|
52
|
+
end
|
|
53
|
+
|
|
47
54
|
if block
|
|
48
55
|
instance_eval(&block)
|
|
49
56
|
derive_final
|
|
@@ -85,10 +92,23 @@ module CcipherFactory
|
|
|
85
92
|
ts.blocksize = @blocksize
|
|
86
93
|
ts.parallel = @parallel
|
|
87
94
|
ts.outByteLength = @outByteLength
|
|
95
|
+
if is_bool?(@attachedDigest) and @attachedDigest
|
|
96
|
+
ts.value = @derivedVal
|
|
97
|
+
else
|
|
98
|
+
ts.value = ""
|
|
99
|
+
end
|
|
88
100
|
ts.encoded
|
|
89
101
|
|
|
90
102
|
end
|
|
91
103
|
|
|
104
|
+
def is_attached_mode?
|
|
105
|
+
if is_empty?(@attachedValue)
|
|
106
|
+
@attachedDigest
|
|
107
|
+
else
|
|
108
|
+
true
|
|
109
|
+
end
|
|
110
|
+
end
|
|
111
|
+
|
|
92
112
|
private
|
|
93
113
|
def logger
|
|
94
114
|
if @logger.nil?
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
|
|
2
|
+
|
|
3
|
+
module CcipherFactory
|
|
4
|
+
class SymKeyKeystore
|
|
5
|
+
include TR::CondUtils
|
|
6
|
+
def self.from_encoded(bin, &block)
|
|
7
|
+
|
|
8
|
+
raise SymKeyCipherError, "Block is required" if not block
|
|
9
|
+
|
|
10
|
+
ts = BinStruct.instance.struct_from_bin(bin)
|
|
11
|
+
from_tspec(ts, &block)
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def self.from_tspec(ts, &block)
|
|
15
|
+
|
|
16
|
+
sk = CcipherFactory::SymKey.from_encoded(ts.symkey_derived) do |ops|
|
|
17
|
+
case ops
|
|
18
|
+
when :password
|
|
19
|
+
block.call(:password)
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
dec = CcipherFactory::SymKeyCipher.att_decryptor
|
|
24
|
+
decOut = MemBuf.new
|
|
25
|
+
dec.output(decOut)
|
|
26
|
+
dec.key = sk
|
|
27
|
+
dec.att_decrypt_init
|
|
28
|
+
dec.att_decrypt_update(ts.symkey_cipher)
|
|
29
|
+
dec.att_decrypt_final
|
|
30
|
+
|
|
31
|
+
CcipherFactory::SymKey.from_encoded(decOut.bytes)
|
|
32
|
+
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def to_keystore(key, &block)
|
|
36
|
+
|
|
37
|
+
raise SymKeyCipherError, "Key is required" if is_empty?(key)
|
|
38
|
+
raise SymKeyCipherError, "Block is required" if not block
|
|
39
|
+
|
|
40
|
+
# 1. Derive session key from user password
|
|
41
|
+
sk = CcipherFactory::SymKeyGenerator.derive(:aes, 256) do |ops|
|
|
42
|
+
case ops
|
|
43
|
+
when :password
|
|
44
|
+
pass = block.call(:password)
|
|
45
|
+
if is_empty?(pass)
|
|
46
|
+
raise SymKeyCipherError, "Password is required"
|
|
47
|
+
end
|
|
48
|
+
pass
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
# 2. Encrypt the given key with session key
|
|
53
|
+
enc = CcipherFactory::SymKeyCipher.att_encryptor
|
|
54
|
+
enc.mode = :gcm
|
|
55
|
+
enc.key = sk
|
|
56
|
+
|
|
57
|
+
encOut = MemBuf.new
|
|
58
|
+
enc.output(encOut)
|
|
59
|
+
|
|
60
|
+
key.attach_mode
|
|
61
|
+
|
|
62
|
+
enc.att_encrypt_init
|
|
63
|
+
enc.att_encrypt_update(key.encoded)
|
|
64
|
+
enc.att_encrypt_final
|
|
65
|
+
|
|
66
|
+
ts = BinStruct.instance.struct(:symkey_keystore)
|
|
67
|
+
ts.symkey_derived = sk.encoded
|
|
68
|
+
ts.symkey_cipher = encOut.bytes
|
|
69
|
+
ts.symkey = "testing"
|
|
70
|
+
ts.encoded
|
|
71
|
+
|
|
72
|
+
end
|
|
73
|
+
end
|
|
74
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ccipher_factory
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ian
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-03-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: toolrack
|
|
@@ -87,6 +87,7 @@ executables: []
|
|
|
87
87
|
extensions: []
|
|
88
88
|
extra_rdoc_files: []
|
|
89
89
|
files:
|
|
90
|
+
- ".release_history.yml"
|
|
90
91
|
- ".rspec"
|
|
91
92
|
- Gemfile
|
|
92
93
|
- Gemfile.lock-java
|
|
@@ -145,6 +146,7 @@ files:
|
|
|
145
146
|
- lib/ccipher_factory/symkey_cipher/symkey_sign.rb
|
|
146
147
|
- lib/ccipher_factory/symkey_cipher/symkey_signer.rb
|
|
147
148
|
- lib/ccipher_factory/symkey_cipher/symkey_verify.rb
|
|
149
|
+
- lib/ccipher_factory/symkey_keystore/symkey_keystore.rb
|
|
148
150
|
- lib/ccipher_factory/version.rb
|
|
149
151
|
- run_test.rb
|
|
150
152
|
homepage: https://github.com/cameronian/ccipher_factory
|