ccipher_factory 0.1.0

data/lib/ccipher_factory/composite_cipher/decrypt_verifier.rb

@@ -0,0 +1,116 @@
+
+require_relative '../asymkey_cipher/asymkey_cipher'
+require_relative '../symkey_cipher/symkey_cipher'
+
+module CcipherFactory
+  module CompositeCipher
+
+    module DecryptVerifier
+      include TR::CondUtils
+      include Common
+
+      include TeLogger::TeLogHelper
+      teLogger_tag :decVer
+
+      attr_accessor :decryption_key, :verification_key
+      def decrypt_verify_init(opts = {  }, &block)
+
+        #@dKey = opts[:decryption_key]
+        #@vKey = opts[:verification_key] # optional as asymkey the key is included
+
+        raise CompositeCipherError, "Decryption key is required" if is_empty?(@decryption_key)
+        raise CompositeCipherError, "Output is required" if not is_output_given?
+
+        if block
+          instance_eval(&block)
+          decrypt_verify_final
+        else
+          self
+        end
+
+      end
+
+      def decrypt_verify_update_meta(meta)
+
+        intOutputBuf.write(meta)
+
+        begin
+
+          Encoding.extract_meta(intOutputBuf) do |meta, bal|
+
+            ts = BinStruct.instance.struct_from_bin(meta)
+            ccBin = ts.cipher_config
+            cc = BinStruct.instance.struct_from_bin(ccBin)
+            scBin = ts.signer_config
+            sc = BinStruct.instance.struct_from_bin(scBin)
+
+            case BTag.value_constant(cc.oid)
+            when :symkey_cipher
+              @cipher = CcipherFactory::SymKeyCipher.decryptor
+              @cipher.output(intOutputFile)
+              @cipher.key = @decryption_key
+              @cipher.decrypt_init
+              @cipher.decrypt_update_meta(ccBin)
+            when :ecc_cipher
+              @cipher = CcipherFactory::AsymKeyCipher.decryptor
+              @cipher.output(intOutputFile)
+              @cipher.decryption_key = @decryption_key
+              @cipher.decrypt_init
+              @cipher.decrypt_update_meta(ccBin)
+            else
+              raise CompositeCipherError, "Unknown envelope type '#{cc.id}'"
+            end
+
+            case BTag.value_constant(sc.oid)
+            when :ecc_att_sign
+              @verifier = AsymKeySigner.att_verifier
+              @verifier.output(@output)
+            when :symkey_att_sign
+              @verifier = SymKeySigner.att_verifier
+              @verifier.output(@output)
+              @verifier.verification_key = @verification_key
+              @verifier.att_verify_init
+            else
+              raise CompositeCipherError, "Unknown signer type '#{sc.id}'"
+            end
+
+            decrypt_verify_update_cipher(bal) if bal.length > 0
+
+            disposeOutput(intOutputBuf)
+
+          end
+
+        rescue Encoding::InsufficientData
+        end
+
+
+
+      end
+
+      def decrypt_verify_update_cipher(cipher)
+        raise CompositeCipherError, "Please call update_meta() before calling update_cipher()" if is_empty?(@cipher) 
+
+        @cipher.decrypt_update_cipher(cipher)
+      end
+
+      def decrypt_verify_final
+
+        @cipher.decrypt_final
+
+        intOutputFile.rewind
+        while not intOutputFile.eof?
+          @verifier.att_verify_update(intOutputFile.read)
+        end
+
+        @verifier.att_verify_final
+
+      end
+
+      def embedded_signer
+        @verifier.embedded_signer if not_empty?(@verifier) and @verifier.respond_to?(:embedded_signer)
+      end
+
+    end
+
+  end
+end

data/lib/ccipher_factory/composite_cipher/sign_encryptor.rb

@@ -0,0 +1,100 @@
+
+
+require_relative '../asymkey_cipher/asymkey_cipher'
+require_relative '../symkey_cipher/symkey_cipher'
+
+module CcipherFactory
+  module CompositeCipher
+
+    module SignEncryptor
+      include TR::CondUtils
+      include Common
+      include Compression::CompressionHelper
+
+      attr_accessor :signing_key, :encryption_key, :sender_keypair
+
+      def sign_encrypt_init(opts = {  }, &block)
+
+        sKey = @signing_key
+        eKey = @encryption_key
+        sender = @sender_keypair
+
+        compress = opts[:compress] || false
+
+        raise CompositeCipherError, "Signing key is required" if is_empty?(sKey)
+        raise CompositeCipherError, "Encryption key is required" if is_empty?(eKey)
+        raise CompositeCipherError, "Output is required" if not is_output_given?
+
+        @signingBuf = Tempfile.new
+        @signingBuf.binmode
+
+        case sKey
+        when SymKey
+          @signer = SymKeySigner.att_signer
+          @signer.output(@signingBuf)
+          @signer.compression_on if is_compression_on?
+          @signer.signing_key = sKey
+          @signer.att_sign_init
+        when AsymKey
+          @signer = AsymKeySigner.att_signer
+          @signer.output(@signingBuf)
+          @signer.compression_on if is_compression_on?
+          @signer.signing_key = sKey
+          @signer.att_sign_init
+        else
+          raise CompositeCipherError, "Unknown signing key type '#{sKey.class}'"
+        end
+
+        # Encryption Key
+        case eKey
+        when SymKey
+          @enc = SymKeyCipher.encryptor
+          @enc.output(@output)
+          @enc.key = eKey
+          @enc.encrypt_init
+        when AsymKey, Ccrypto::PublicKey #, OpenSSL::PKey::EC::Point
+          @enc = AsymKeyCipher.encryptor
+          @enc.output(@output)
+          @enc.recipient_key = eKey
+          @enc.sender_keypair = sender if not_empty?(sender)
+          @enc.encrypt_init
+        else
+          raise CompositeCipherError, "Unknown encryption key type '#{eKey.class}'"
+        end
+
+        if block
+          instance_eval(&block)
+          sign_encrypt_final
+        else
+          self
+        end
+
+      end
+
+      def sign_encrypt_update(data)
+        @signer.att_sign_update(data)   
+      end
+
+      def sign_encrypt_final
+
+        smeta = @signer.att_sign_final 
+
+        @signingBuf.rewind
+        while not @signingBuf.eof?
+          @enc.encrypt_update(@signingBuf.read)
+        end
+
+        meta = @enc.encrypt_final
+
+        ts = BinStruct.instance.struct(:sign_encrypt_cipher)
+        ts.signer_config = smeta
+        ts.cipher_config = meta
+        ts.encoded
+
+      end
+
+    end
+
+  end
+end
+

data/lib/ccipher_factory/compression/compression_helper.rb

@@ -0,0 +1,103 @@
+
+require_relative 'compressor'
+
+module CcipherFactory
+  module Compression
+
+    module CompressionHelper
+
+      def decompressor_from_encoded(bin)
+
+        ts = BinStruct.instance.struct_from_bin(bin)
+        case BTag.value_constant(ts.oid)
+        when :compression_zlib
+          compression_on
+        when :compression_none
+          compression_off
+        else
+          compression_off
+        end
+
+        decompressor.decompress_update_meta(bin)
+
+      end
+
+      def compression_on
+        @compress = true
+      end
+
+      def compression_off
+        @compress = false
+      end
+
+      def is_compression_on?
+        if @compress.nil?
+          false
+        else
+          @compress
+        end
+      end
+
+      def compressor
+        if @compressor.nil? 
+          if is_compression_on?
+            @compressor = Compressor.instance.compress 
+            @compressor.compress_init
+          else
+            @compressor = Compressor.instance.null_engine
+          end
+        end
+
+        @compressor
+      end
+
+      def compress_data_if_active(val)
+        if is_compression_on?
+          logger.tdebug :compress_if_active, "Compression is on"
+          compressor.compress_update(val)
+        else
+          logger.tdebug :compress_if_active, "Compression is OFF"
+          val
+        end
+      end
+
+      def decompress_data_if_active(val)
+        if is_compression_on?
+          logger.tdebug :decompress_if_active, "Decompression is on"
+          decompressor.decompress_update(val)
+        else
+          logger.tdebug :decompress_if_active, "decompression is OFF"
+          val
+        end
+      end
+
+      def decompressor
+        if @decompressor.nil?
+          if is_compression_on?
+            @decompressor = Compressor.instance.decompress
+            @decompressor.decompress_init
+          else
+            @decompressor = Compressor.instance.null_engine
+          end
+        end
+
+        @decompressor
+      end
+
+      def encode_null_compressor
+        BinStruct.instance.struct(:compression_none).encoded
+      end
+
+      def logger
+        if @logger.nil?
+          @logger = Tlogger.new
+          @logger.tag = :comp_helper
+        end
+        @logger
+      end
+
+    end
+
+
+  end
+end

data/lib/ccipher_factory/compression/compressor.rb

@@ -0,0 +1,55 @@
+
+require_relative 'zlib_compressor'
+require_relative 'zlib_decompressor'
+
+module CcipherFactory
+  class CompressionError < StandardError; end
+  class DecompressionError < StandardError; end
+end
+
+module CcipherFactory
+  module Compression
+    #class CompressionError < StandardError; end
+    #class DecompressionError < StandardError; end
+
+    module NullCompressor
+      def method_missing(mtd, *args, &block)
+        # sink hole
+        #args
+      end
+    end
+
+    class Compressor
+
+      def self.instance(eng = :zlib)
+        Compressor.new
+      end
+
+      def compress
+        self.extend(ZlibCompressor)
+        self
+      end
+
+      def decompress
+        self.extend(ZlibDecompressor)
+        self
+      end
+
+      def null_engine
+        self.extend(NullCompressor)
+        self
+      end
+
+      def self.supported_envelope
+        [:compression_none, :compression_zlib]
+      end
+
+      def self.rebuild(ts, &block)
+        Compressor.new
+      end
+
+    end
+  end
+end
+
+

data/lib/ccipher_factory/compression/zlib_compressor.rb

@@ -0,0 +1,48 @@
+
+require 'zlib'
+
+module CcipherFactory
+  module Compression
+    module ZlibCompressor
+      include CcipherFactory::Common
+
+      def compress_init(*args, &block)
+
+        @compressor = Ccrypto::UtilFactory.instance(:compression, Ccrypto::CompressionConfig.new)
+        #@compressor = Zlib::Deflate.new
+
+        if block
+          instance_eval(&block)
+          compress_final
+        else
+          self
+        end
+
+      end
+
+      def compress_update(val)
+        res = @compressor.update(val)
+        #res = @compressor.deflate(val, Zlib::SYNC_FLUSH)
+        write_to_output(res)
+        res
+      end
+
+      def compress_final
+        @compressor.final
+
+        ts = BinStruct.instance.struct(:compression_zlib)
+        ts.encoded
+      end
+
+      private
+      def logger
+        if @logger.nil?
+          @logger = Tlogger.new
+          @logger.tag = :zlibComp
+        end
+        @logger
+      end
+
+    end
+  end
+end

data/lib/ccipher_factory/compression/zlib_decompressor.rb

@@ -0,0 +1,67 @@
+
+require 'zlib'
+
+module CcipherFactory 
+  module Compression
+    module ZlibDecompressor
+      include CcipherFactory::Common
+
+      def decompress_init(*args, &block)
+
+        if block
+          instance_eval(&block)
+          decompress_final
+        else
+          self
+        end
+
+      end
+
+      def decompress_update_meta(val)
+        if @decompressor.nil?
+          begin
+            intOutputBuf.write(val)
+            Encoding.extract_meta(intOutputBuf) do |meta, bal|
+              ts = BinStruct.instance.struct_from_bin(meta)
+
+              case ts.oid
+              when BTag.constant_value(:compression_zlib)
+                @decompressor = Ccrypto::UtilFactory.instance(:decompression)
+              else
+                raise DecompressionError, "Unknown compression type '#{ts.id}'"
+              end
+
+              decompress_update(bal)
+            end
+          rescue Encoding::InsufficientData => e
+          end
+        else
+          decompress_update(val)
+        end
+      end
+
+      def decompress_update(val)
+        if val.length > 0
+          check_state
+          begin
+            res = @decompressor.update(val)
+            write_to_output(res)
+            res
+          rescue Exception => ex
+            raise DecompressionError, ex
+          end
+        end
+      end
+
+      def decompress_final
+        @decompressor.final
+      end
+
+      private
+      def check_state
+        raise DecompressionError, "Please call decompress_update_meta() to setup the state first." if @decompressor.nil?
+      end
+
+    end
+  end
+end

data/lib/ccipher_factory/digest/digest.rb

@@ -0,0 +1,180 @@
+
+require_relative 'supported_digest'
+
+module CcipherFactory
+  module Digest
+    include TR::CondUtils
+    include CcipherFactory::Common
+
+    class DigestError < StandardError; end
+
+    class DigestEngine; end
+
+    def self.instance #(eng = SupportedDigest.instance.default_digest, *args)
+      #raise DigestEror, "Digest '#{eng}' is not supported" if not SupportedDigest.instance.is_supported?(eng)
+      dig = DigestEngine.new
+      dig.extend(Digest)
+      dig
+    end
+
+    def self.from_encoded(bin, &block)
+      ts = BinStruct.instance.struct_from_bin(bin)
+      from_tspec(ts, &block)
+    end
+
+    def self.from_tspec(ts, &block)
+
+      if ts.oid == BTag.constant_value(:digest_attached)
+        dig = from_encoded(ts.digest_config)
+        dig.digestVal = ts.digest_value
+        dig
+      else
+
+        algo = BTag.value_constant(ts.digest_algo)
+        logger.debug "from_encoded algo : #{algo}"
+        dig = instance
+        dig.salt = ts.salt
+        dig.digest_init(algo, dig.salt, &block)
+      end
+    end
+
+    def self.parse(bin, &block)
+     
+      res = {  }
+      ts = BinStruct.instance.struct_from_bin(bin)
+      res[:type] = BTag.value_constant(ts.oid)
+
+      if res[:type] == :digest_attached
+        #conf = Encoding::ASN1Decoder.from_encoded(ts.value(:digest_config))
+        conf = BinStruct.instance.struct_from_bin(ts.digest_config)
+        res[:algo] = BTag.value_constant(conf.digest_algo)
+        res[:salt] = conf.salt
+        #res[:algo] = Tag.constant_key(conf.value(:digest_algo)) 
+        #res[:salt] = conf.value(:salt)
+      end
+
+      res[:digest] = ts.digest_value
+
+      res
+
+    end
+
+    def self.logger
+      if @logger.nil?
+        @logger = Tlogger.new
+        @logger.tag = :ccfact_digest
+      end
+      @logger
+    end
+
+    ## 
+    # Mixin methods
+    ##
+    attr_accessor :algo, :salt, :digestVal
+    def digest_init(*args, &block)
+
+      logger.debug "args : #{args}"
+
+      @algo = args.first
+      @algo = SupportedDigest.instance.default_digest if is_empty?(@algo)
+      raise DigestError, "Given digest '#{@algo}' is not supported.\nPossible digest algo including: #{SupportedDigest.instance.supported.join(", ")}" if not SupportedDigest.instance.is_supported?(@algo)
+
+      logger.debug "Digest algo in init : #{@algo}"
+
+      @digest = Ccrypto::AlgoFactory.engine(Ccrypto::DigestConfig).digest(@algo)
+
+      #@digest = OpenSSL::Digest.new(Digest.to_digest_string(@algo))
+
+      salt = args[1]
+      if not_empty?(salt)
+        logger.debug "Salt given #{salt} / #{salt.length}"
+
+        case salt
+        when :random_salt, :random
+          saltLen = args[2] || 16
+          sre = Ccrypto::AlgoFactory.engine(Ccrypto::SecureRandomConfig)
+          @salt = sre.random_bytes(saltLen)
+          @digest.digest_update(@salt)
+        else
+          if salt.is_a?(String)
+            @salt = salt
+            @digest.digest_update(@salt)
+          else
+            raise DigestError, "Unknown option '#{salt}' for salt"
+          end
+        end
+      end
+
+      if block
+        instance_eval(&block)
+        digest_final
+      else
+        self
+      end
+
+    end
+
+    def digest_update(val)
+      raise DigestError, "Please call digest_init first before call update() (#{@digest.inspect})" if @digest.nil?
+      @digest.digest_update(val) 
+    end
+
+    def digest_final
+
+      raise DigestError, "Please call digest_init first before call final() (#{@digest.inspect})" if @digest.nil?
+
+      @digestVal = @digest.digest_final
+      @digest = nil
+
+      write_to_output(@digestVal)
+
+      #ts = Encoding::ASN1Encoder.instance(:digest)
+      ts = BinStruct.instance.struct(:digest)
+      ts.digest_algo = BTag.constant_value(@algo)
+      if not_empty?(@salt)
+        ts.salt = @salt
+      else
+        ts.salt = ""
+      end
+
+      if is_attach_mode?
+        tsd = BinStruct.instance.struct(:digest_attached)
+        #tsd = Encoding::ASN1Encoder.instance(:digest_attached)
+        tsd.digest_config = ts.encoded
+        tsd.digest_value = @digestVal
+        res = tsd.encoded
+      else
+        res = ts.encoded
+      end
+
+      res
+
+    end
+
+    def self.to_digest_string(sym)
+      if not_empty?(sym)
+        sym.to_s.gsub("_","-")
+      else
+        sym
+      end
+    end
+
+    #def self.from_digest_engine_to_symbol(str)
+    #  if not_empty?(str)
+    #    str.gsub("-","_").to_sym
+    #  else
+    #    str
+    #  end
+    #end
+
+    #def self.init_native_digest_object(digest)
+    #  OpenSSL::Digest.new(to_digest_string(digest)) 
+    #end
+
+    private
+    def logger
+      Digest.logger
+    end
+
+  end
+end

data/lib/ccipher_factory/digest/supported_digest.rb

@@ -0,0 +1,47 @@
+
+require 'singleton'
+
+module CcipherFactory
+  module Digest
+
+    class SupportedDigest
+      include Singleton
+      attr_reader :supported, :possible, :default_digest
+      def initialize
+        #@possible = [:sha1, :sha224, :sha256, :sha384, :sha512, :sha3_224, :sha3_256, :sha3_384, :sha3_512, :shake128, :shake256]
+        #@supported = []
+        #test_algo
+
+        @dig = Ccrypto::AlgoFactory.engine(Ccrypto::DigestConfig)
+
+        @possible = @dig.engineKeys.keys
+        @supported = @possible
+
+        if @dig.is_supported?(:sha3_256)
+          @default_digest = :sha3_256
+        elsif @dig.is_supported?(:sha256)
+          @default_digest = :sha256
+        else
+          raise DigestError, "Failed to set default digest" 
+        end
+      end
+
+      def is_supported?(algo)
+        #@supported.include?(algo)
+        @dig.is_supported?(algo)
+      end
+
+      #def test_algo
+      #  @possible.each do |dig|
+      #    begin
+      #      OpenSSL::Digest.new(Digest.to_digest_string(dig)) 
+      #      @supported << dig
+      #    rescue NotImplementedError => e
+      #    end
+      #  end
+      #end
+
+    end # class SupportedDigest
+
+  end
+end