ccipher_factory 0.1.0

data/lib/ccipher_factory/shamir/shamir_sharing_helper.rb

@@ -0,0 +1,88 @@
+
+#require_relative 'shamir_sharing'
+
+module CcipherFactory
+  module ShamirSharingHelper
+
+    class ShamirSharingError < StandardError; end
+    class InvalidShare < StandardError; end
+    class NotEnoughShare < StandardError; end
+
+    def shamir_split(data, totalShare, reqShare)
+
+      rand = Ccrypto::AlgoFactory.engine(Ccrypto::SecureRandomConfig)
+
+      ssc = Ccrypto::SecretSharingConfig.new
+      ssc.split_into = totalShare
+      ssc.required_parts = reqShare
+      ss = Ccrypto::AlgoFactory.engine(ssc)
+
+      serial = rand.random_bytes(8)
+      shares = ss.split(data)
+      shares = shares.map { |s| 
+        ts = BinStruct.instance.struct(:shared_secret)
+        ts.req_share = reqShare
+        ts.share_id = s[0]
+        ts.serial = serial
+        ts.shared_value = s[1]
+        ts.encoded
+      }
+
+      #shares = []
+      #(1..totalShare).each do |i|
+      #  share = ss.compute_share(i)
+      #  ts = Encoding::ASN1Encoder.instance(:shared_secret)
+      #  ts.set(:req_share, reqShare)
+      #  ts.set(:share_id, share[0])
+      #  ts.set(:serial, serial)
+      #  sbin = share[1].map { |v| v.chr }.join
+      #  ts.set(:shared_value, sbin) 
+      #  shares << ts.to_asn1
+      #end
+
+      shares
+
+    end
+
+    def shamir_recover(shares)
+
+      shares = [shares] if not shares.is_a?(Array)
+      shares = [] if is_empty?(shares)
+
+      reqShare = nil
+      res = { }
+      foundSerial = nil
+      shares.each do |s|
+        ts = BinStruct.instance.struct_from_bin(s)
+
+        raise ShamirSharingError, "Not a shared secret envelope [#{ts.id}]" if ts.oid != BTag.constant_value(:shared_secret)
+
+        serial = ts.serial
+        raise InvalidShare, "Given share not in same batch. Cannot proceed" if not_empty?(foundSerial) and serial != foundSerial
+
+        rs = ts.req_share
+        raise ShamirSharingError, "Inconsistancy required shares value in given shares" if not_empty?(reqShare) and rs != reqShare
+        reqShare = rs  
+
+        sid = ts.share_id
+        if not res.keys.include?(sid)
+          val = ts.shared_value
+          #res[sid.to_i] = val.chars.map(&:ord)
+          res[sid.to_i] = val
+        end
+
+        foundSerial = serial
+      end
+
+      raise NotEnoughShare, "Required #{reqShare} share(s) but only #{res.size} is/are given" if res.size < reqShare or res.size == 0
+
+      #ssc = Ccrypto::SecretSharingConfig.new
+      #ssc.required_parts = reqShare
+      #ss = Ccrypto::AlgoFactory.engine(ssc)
+      ss = Ccrypto::AlgoFactory.engine(Ccrypto::SecretSharingConfig)
+      ss.combine(reqShare, res)
+
+    end
+
+  end
+end

data/lib/ccipher_factory/symkey/derived_symkey.rb

@@ -0,0 +1,110 @@
+
+require_relative '../kdf/kdf'
+
+module CcipherFactory
+  class DerivedSymKey
+    include TR::CondUtils
+    include SymKey
+    include Common
+
+    def self.from_encoded(bin, &block)
+      ts = BinStruct.instance.struct_from_bin(bin)
+      from_tspec(ts, &block)
+    end
+
+    def self.from_tspec(ts, &block)
+
+      raise SymKeyError, "Block is required" if not block
+
+      pass = block.call(:password)
+      raise SymKeyError, "Password to derive symkey is not available" if is_empty?(pass)
+
+      keytype = BTag.value_constant(ts.keytype)
+      keysize = ts.keysize
+      dsk = DerivedSymKey.new(keytype, keysize) 
+      dsk.kdf = KDF.from_encoded(ts.kdf_config)
+      dsk.derive(pass)
+
+      kcvBin = ts.kcv
+
+      # default is NOT to generate the KCV flag to beat the recursive test 
+      if block
+        if not_empty?(kcvBin) and block.call(:pre_verify_password) == true
+          kcv = KCV.from_encoded(kcvBin)
+          kcv.key = dsk
+          raise SymKeyError, "Given password is incorrect" if not kcv.is_matched?
+        end
+        #else
+        #  raise SymKeyError, "Given password is incorrect" if not kcv.is_matched?
+      end
+
+      dsk
+
+    end
+
+    def self.logger
+      if @logger.nil?
+        @logger = Tlogger.new
+        @logger.tag = :derived_symkey
+      end
+      @logger
+    end
+
+    attr_accessor :kdf
+    def activate_password_verifier
+      @passVer = true
+    end
+    def deactivate_password_verifier
+      @passVer = false
+    end
+
+    def derive(pass, eng = :scrypt, &block)
+
+      if is_empty?(@kdf)
+        @kdf = KDF.instance(eng) 
+        if block
+          case eng
+          when :scrypt
+            @kdf.cost = block.call(:kdf_scrypt_cost)
+            @kdf.parallel = block.call(:kdf_scrypt_parallel)
+            @kdf.blocksize = block.call(:kdf_scrypt_blocksize)
+            @kdf.salt = block.call(:kdf_scrypt_salt)
+            @kdf.digestAlgo = block.call(:kdf_scrypt_digestAlgo)
+          end
+        end
+
+        @kdf.derive_init(@keysize)
+      end
+
+      @kdf.derive_update(pass)
+      @kdfAsn1 = @kdf.derive_final
+
+      @key = @kdf.derivedVal
+
+      #logger.debug "Derived : #{@key}"
+
+    end
+
+    def encoded
+
+      ts = BinStruct.instance.struct(:symkey_derived)
+      ts.keytype = BTag.constant_value(@keytype)
+      ts.keysize = @keysize
+      ts.kdf_config = @kdfAsn1
+      if @passVer == true
+        kcv = KCV.new
+        kcv.key = self
+        ts.kcv = kcv.encoded
+      else
+        ts.kcv = ""
+      end
+      ts.encoded
+
+    end
+
+    def logger
+      self.class.logger
+    end
+
+  end
+end

data/lib/ccipher_factory/symkey/soft_symkey.rb

@@ -0,0 +1,63 @@
+
+require_relative 'symkey'
+
+module CcipherFactory
+  class SoftSymKey
+    include TR::CondUtils
+    include SymKey
+    include Common
+
+    def self.from_encoded(bin, &block)
+      ts = BinStruct.instance.struct_from_bin(bin)
+      from_tspec(ts, &block)
+    end
+
+    def self.from_tspec(ts, &block)
+      
+      #raise SymKeyError, "Given envelope not symkey enveloppe [#{ts.id}]" if ts.id != :symkey
+      raise SymKeyError, "Given envelope not symkey enveloppe [#{ts.oid}]" if ts.oid != BTag.constant_value(:symkey)
+
+      #keytype = Tag.constant_key(ts.value(:keytype))
+      #keysize = ts.value(:keysize)
+      #key = ts.value(:key)
+
+      keytype = BTag.value_constant(ts.keytype)
+      keysize = ts.keysize
+      key = ts.key
+      if is_empty?(key)
+        if not block
+          raise SymKeyError, "Key is not in the meta data. Key is required to complete the construction of the object"
+        end
+        key = block.call(:key)
+      end
+
+      SoftSymKey.new(keytype, keysize, key) 
+    end
+
+    ## 
+    # Mixin methods
+    ##
+    def initialize(keytype, keysize, key = nil)
+      super(keytype, keysize, key)
+    end
+
+    def encoded
+      ts = BinStruct.instance.struct(:symkey)
+      ts.keytype = BTag.constant_value(@keytype)
+      ts.keysize = @keysize
+      if is_attach_mode? 
+        case @key
+        when String
+          ts.key = @key
+        else
+          ts.key = @key.to_bin
+        end
+      else
+        ts.key = ""
+      end
+      ts.encoded
+
+    end
+
+  end
+end

data/lib/ccipher_factory/symkey/symkey.rb

@@ -0,0 +1,122 @@
+
+require_relative '../shamir/shamir_sharing_helper'
+
+module CcipherFactory
+  # 
+  # Generic category to handle 4 types of symkey:
+  # - software internal generated symkey (key value is generated internally)
+  # - software external generated symkey (key value is being set by caller)
+  # - derived symkey (key value is derived from password)
+  # - hardware symkey (key value is stored in hardware and not going to be available)
+  module SymKey
+    extend TR::CondUtils
+    include ShamirSharingHelper
+
+    class SymKeyError < StandardError; end
+
+
+    #module ClassMethods
+    #  include ShamirSharingHelper
+
+    #  def from_shares(keytype, keysize, shares)
+    #    #self.send(:initialize, *[keytype, keysize, shamir_recover(shares)])
+    #    #SymKey.instance_method(:initialize).bind(self).call(keytype, keysize, shamir_recover(shares))  
+
+    #  end
+    #end
+    #def self.included(klass)
+    #  klass.extend(ClassMethods)
+    #end
+
+    ## 
+    # Mixin methods
+    ##
+    
+    # Symmetric key type. Supported key type refers 
+    # CcipherFactory::SymKeyGenerator#supported_symkey
+    attr_accessor :keytype
+    
+    # Key length in bits
+    attr_accessor :keysize
+    
+    # Raw key. It could be bytes or key object
+    attr_accessor :key
+
+    def initialize(keytype, keysize, key = nil)
+      @keytype = keytype
+      @keysize = keysize
+      @key = key
+    end
+
+    # split the raw key value into secret shares
+    def split_key(totalShare, reqShare, &block)
+      shamir_split(@key, totalShare, reqShare)
+    end
+
+    # merge the splited share values into raw key value back
+    def merge_key(shares)
+      @key = shamir_recover(shares)
+    end
+
+    def dispose
+      @key = nil
+      GC.start
+    end
+
+    def raw_key
+      if not @key.nil?
+        nativeHelper = Ccrypto::UtilFactory.instance(:native_helper)
+        if @key.is_a?(String) or nativeHelper.is_byte_array?(@key)
+          @key
+        elsif @key.respond_to?(:to_bin)
+          @key.to_bin
+        else
+          raise SymKeyError, "Not sure how to get raw_key for #{@key.inspect}"
+        end
+        #case @key
+        #when String, ::Java::byte[]
+        #  @key
+        #else
+        #  if @key.respond_to?(:to_bin)
+        #    @key.to_bin
+        #  else
+        #    raise SymKeyError, "Not sure how to get raw_key for #{@key.inspect}"
+        #  end
+        #end
+      else
+        raise SymKeyError, "Key instance is nil. Cannot get raw_key from nil instance"
+      end
+    end
+
+    def is_equals?(key)
+      comp = Ccrypto::UtilFactory.instance(:comparator)
+      comp.is_equal?(@key, key)
+    end
+
+    def self.from_encoded(bin, &block)
+      raise SymKeyError, "Input should not be empty" if is_empty?(bin)
+
+      ts = BinStruct.instance.struct_from_bin(bin)
+      case ts.oid
+      when BTag.constant_value(:symkey_derived)
+        DerivedSymKey.from_tspec(ts, &block)
+      when BTag.constant_value(:symkey)
+        SoftSymKey.from_tspec(ts, &block)
+      else
+        raise SymKeyError, "Unknown symkey envelope '#{ts.oid}'"
+      end
+
+
+      #case ts.id
+      #when :symkey_derived
+      #  DerivedSymKey.from_tspec(ts, &block)
+      #when :symkey
+      #  SoftSymKey.from_tspec(ts, &block)
+      #else
+      #  raise SymKeyError, "Unknown symkey envelope '#{ts.id}'"
+      #end
+
+    end
+
+  end
+end

data/lib/ccipher_factory/symkey/symkey_generator.rb

@@ -0,0 +1,70 @@
+
+require 'openssl'
+require 'securerandom'
+
+require_relative 'soft_symkey'
+require_relative 'derived_symkey'
+
+module CcipherFactory
+  module SymKeyGenerator
+    include TR::CondUtils
+
+    class SymKeyGeneratorError < StandardError; end
+
+    def self.supported_symkey
+      #{ 
+      #  aes: [[128, 256], [:cbc, :cfb, :ctr, :ofb, :gcm]], 
+      #  chacha20: [[256],[:poly1305]], 
+      #  blowfish: [[128],[:ecb, :cbc, :cfb, :ofb]],
+      #  camellia: [[128,192,256],[:ecb, :cbc, :cfb, :ofb, :ctr]],
+      #  aria: [[128,192,256],[:ecb, :cbc, :cfb, :ofb, :ctr, :gcm]]
+      #}
+      { 
+        aes: { keysize: [128, 192, 256], mode: [:cbc, :cfb, :ctr, :ofb, :gcm] }, 
+        chacha20: { keysize: [256], mode: [:poly1305] }, 
+        blowfish: { keysize: [128], mode: [:ecb, :cbc, :cfb, :ofb] },
+        camellia: { keysize: [128, 192, 256], mode: [:ecb, :cbc, :cfb, :ofb, :ctr] },
+        aria: { keysize: [128, 192, 256], mode: [:ecb, :cbc, :cfb, :ofb, :ctr, :gcm] }
+      }.freeze
+
+    end
+
+    def self.generate(keytype, keysize, *args, &block)
+      raise SymKeyGeneratorError, "Unsupported symmetric key algo '#{keytype}'. Supported symmetric keys are: #{supported_symkey.keys.join(", ")}" if not supported_symkey.keys.include?(keytype)
+
+      kc = Ccrypto::KeyConfig.new
+      kc.algo = keytype
+      kc.keysize = keysize
+      ke = Ccrypto::AlgoFactory.engine(Ccrypto::KeyConfig)
+      sk = ke.generate(kc)
+
+      #SoftSymKey.new(keytype, keysize, SecureRandom.random_bytes(keysize/8))
+      SoftSymKey.new(keytype, keysize, sk)
+    end
+
+    def self.derive(keytype, keysize, *args, &block)
+      raise SymKeyGeneratorError, "Unsupported symmetric key algo '#{keytype}'. Supported symmetric keys are: #{supported_symkey.keys.join(", ")}" if not supported_symkey.keys.include?(keytype)
+
+      raise SymKeyGeneratorError, "Block is required" if not block
+
+      kdf = block.call(:kdf)
+      kdf = :scrypt if is_empty?(kdf)
+
+      pass = block.call(:password)
+      raise SymKeyGeneratorError, "Password is not given to derive the symkey" if is_empty?(pass)
+
+      dsk = DerivedSymKey.new(keytype, keysize) 
+      dsk.derive(pass, kdf, &block)
+      dsk
+    end
+
+    def self.logger
+      if @logger.nil?
+        @logger = Tlogger.new
+        @logger.tag = :symkey_gen
+      end
+      @logger
+    end
+
+  end
+end

data/lib/ccipher_factory/symkey_cipher/symkey_att_decrypt.rb

@@ -0,0 +1,64 @@
+
+
+module CcipherFactory
+  module SymKeyCipher
+    module SymKeyAttDecrypt
+      include Common
+
+      attr_accessor :key
+      def att_decrypt_init(*args, &block)
+
+        raise SymKeyCipherError, "Output is required for attached decryption" if not is_output_given?
+
+        @initParams = args
+
+        if block
+          instance_eval(&block)
+          att_decrypt_final
+        else
+          self
+        end
+
+      end
+
+      def att_decrypt_update(val)
+        if @dec.nil?
+          intOutputBuf.write(val)
+          begin
+            Encoding.extract_meta(intOutputBuf) do |meta, bal|
+
+              @dec = SymKeyCipher.decryptor
+              @dec.output(@output)
+              @dec.key = @key
+              @dec.decrypt_init(*@initParams)
+              @dec.decrypt_update_meta(meta)
+
+              logger.tdebug :att_dec, "Balance has data length #{bal.length}"
+              att_decrypt_update(bal) if bal.length > 0
+
+              disposeOutput(intOutputBuf)
+
+            end
+          rescue Encoding::InsufficientData => e
+          end
+        else
+          logger.tdebug :att_dec, "Updating cipher size #{val.length}"
+          @dec.decrypt_update_cipher(val)
+        end
+      end
+
+      def att_decrypt_final
+        @dec.decrypt_final
+      end
+
+      private
+      def logger
+        if @logger.nil?
+          @logger = Tlogger.new
+        end
+        @logger
+      end
+
+    end
+  end
+end

data/lib/ccipher_factory/symkey_cipher/symkey_att_encrypt.rb

@@ -0,0 +1,65 @@
+
+require_relative 'symkey_cipher'
+
+require_relative '../compression/compression_helper'
+
+module CcipherFactory
+
+  module SymKeyCipher
+    module SymKeyAttEncrypt
+      include Common
+      include Compression::CompressionHelper
+
+      attr_accessor :key, :mode
+      def att_encrypt_init(*args, &block) 
+
+        raise SymKeyCipherError, "Cipher requires output to be set" if not is_output_given?
+
+        @enc = SymKeyCipher.encryptor 
+        @enc.compression_on if is_compression_on?
+        @enc.output(intOutputFile)
+        @enc.key = @key
+        @enc.mode = @mode if not_empty?(@mode)
+
+        @enc.encrypt_init(*args)
+
+        if block
+          instance_eval(&block)
+          att_encrypt_final
+        else
+          self
+        end
+
+      end
+
+      def att_encrypt_update(val)
+        raise SymKeyCipherError, "Please call att_encrypt_init() before calling update()" if @enc.nil?
+
+        @enc.encrypt_update(val) 
+      end
+
+      def att_encrypt_final
+
+        meta = @enc.encrypt_final
+
+        write_to_output(meta)
+        intOutputFile.rewind
+        while not intOutputFile.eof?
+          write_to_output(intOutputFile.read)
+        end
+
+        intOutputFile.close!
+
+        nil
+
+      end
+
+      def method_missing(mtd, *args, &block)
+        if not_empty?(@enc)
+          @enc.send(mtd, *args, &block) 
+        end
+      end
+
+    end
+  end
+end

data/lib/ccipher_factory/symkey_cipher/symkey_att_sign.rb

@@ -0,0 +1,84 @@
+
+require_relative 'symkey_signer'
+
+require_relative '../compression/compression_helper'
+
+module CcipherFactory
+  module SymKeySigner
+
+    module SymKeyAttSign
+
+      include Common
+      include Compression::CompressionHelper
+
+      attr_accessor :signing_key
+
+      def att_sign_init(opts = { }, &block)
+
+        @signer = SymKeySigner.signer
+        @signer.signing_key = @signing_key
+        @signer.sign_init(opts)
+
+        @totalPlain = 0
+        @totalCompressed = 0
+
+        if block
+          instance_eval(&block)
+          att_sign_final
+        else
+          self
+        end
+
+      end
+
+      def att_sign_update(val)
+        raise SymKeySignerError, "Output is required for attached sign" if not is_output_given?
+
+        @totalPlain += val.length
+        @signer.sign_update(val)
+        res = compress_data_if_active(val)
+        intOutputFile.write(res)
+        @totalCompressed += res.length
+      end
+
+      def att_sign_final
+
+        meta = @signer.sign_final
+
+        #ts = Encoding::ASN1Encoder.instance(:symkey_att_sign)
+        ts = BinStruct.instance.struct(:symkey_att_sign)
+        ts.symkey_signature = meta
+
+        if is_compression_on?
+          compRes = compressor.compress_final
+          ts.compression = compRes
+        else
+          ts.compression = encode_null_compressor
+        end
+
+        attMeta = ts.encoded
+
+        write_to_output(attMeta)
+        intOutputFile.rewind
+        while not intOutputFile.eof?
+          write_to_output(intOutputFile.read)
+        end
+
+        logger.tdebug :symkey_att_sign, "Total Plain : #{@totalPlain} / Total Compressed : #{@totalCompressed} = #{(@totalCompressed*1.0)/@totalPlain*100} %" if is_compression_on?
+
+        intOutputFile.close!
+
+        attMeta
+
+      end
+
+      def logger
+        if @logger.nil?
+          @logger = Tlogger.new
+        end
+        @logger
+      end
+
+    end
+  end
+end