ccipher_factory 0.1.0

data/lib/ccipher_factory/symkey_cipher/symkey_att_verify.rb

@@ -0,0 +1,85 @@
+
+require_relative 'symkey_signer'
+
+module CcipherFactory
+  module SymKeySigner
+
+    module SymKeyAttVerify
+      include Common
+      include Compression::CompressionHelper
+
+      attr_accessor :verification_key
+      def att_verify_init(opts = {  }, &block)
+
+        @params = opts
+
+        raise SymKeySignerError, "Please provide output for attached verify" if not is_output_given?
+
+        if block
+          instance_eval(&block)
+          att_verify_final
+        else
+          self
+        end
+
+      end
+
+      def att_verify_update(val)
+
+        if @ver.nil?
+          intOutputBuf.write(val)
+          begin
+            Encoding.extract_meta(intOutputBuf) do |meta, bal|
+
+              ts = BinStruct.instance.struct_from_bin(meta)
+
+              vmeta = ts.symkey_signature
+              compression = ts.compression
+
+              cts = BinStruct.instance.struct_from_bin(compression)
+              if cts.oid == BTag.constant_value(:compression_zlib)
+                compression_on
+                decompressor.decompress_update_meta(compression)
+              end
+
+              @ver = SymKeySigner.verifier
+
+              @ver.verification_key = @verification_key
+              @ver.verify_init(@params)
+              @ver.verify_update_meta(vmeta)
+
+              att_verify_update(bal) if bal.length > 0
+
+              intOutputBuf.rewind
+              intOutputBuf = nil
+            end
+          rescue Encoding::InsufficientData
+          end
+        else
+          res = decompress_data_if_active(val)
+          @ver.verify_update_data(res)
+          intOutputFile.write(res)
+        end
+
+      end
+
+      def att_verify_final
+        res = @ver.verify_final 
+
+        if res
+          intOutputFile.rewind
+          while not intOutputFile.eof?
+            write_to_output(intOutputFile.read)
+          end
+
+          disposeOutput(intOutputFile)
+        end
+
+        res
+
+      end
+
+    end
+
+  end
+end

data/lib/ccipher_factory/symkey_cipher/symkey_cipher.rb

@@ -0,0 +1,101 @@
+
+
+require_relative 'symkey_encrypt'
+require_relative 'symkey_decrypt'
+
+require_relative 'symkey_att_encrypt'
+require_relative 'symkey_att_decrypt'
+
+module CcipherFactory
+  module SymKeyCipher
+    include TR::CondUtils
+
+    class SKCipher; end
+
+    #class SymKeyCipherError < StandardError; end
+
+    def self.encryptor
+      c = SKCipher.new
+      c.extend(SymKeyEncrypt)
+      c  
+    end
+
+    def self.decryptor
+      dec = SKCipher.new
+      dec.extend(SymKeyDecrypt)
+      dec
+    end
+
+    def self.att_encryptor
+      c = SKCipher.new
+      c.extend(SymKeyAttEncrypt)
+      c
+    end
+
+    def self.att_decryptor
+      c = SKCipher.new
+      c.extend(SymKeyAttDecrypt)
+      c
+    end
+
+    #def self.mode_to_spec(mode)
+    #  if not_empty?(mode)
+    #    mode.to_s.upcase
+    #  else
+    #    mode
+    #  end
+    #end
+
+    #def self.key_to_spec(key, mode)
+    #  if not_empty?(key)
+    #    case key.keytype
+    #    when :aes
+    #      "AES-#{key.keysize}-#{mode_to_spec(mode)}"
+    #    when :chacha20_poly1305, :chacha20
+    #      "chacha20-poly1305"
+    #    when :blowfish
+    #      "bf-#{mode_to_spec(mode)}"
+    #    when :camellia
+    #      "camellia-#{key.keysize}-#{mode_to_spec(mode)}"
+    #    when :aria
+    #      "aria-#{key.keysize}-#{mode_to_spec(mode)}"
+    #    else
+    #      raise SymKeyCipherError, "Unknown key type '#{key.keytype}'"
+    #    end
+    #  else
+    #    raise SymKeyCipherError, "Given key to translate to spec is nil"
+    #  end
+    #end
+
+    #def self.iv_length(key, mode)
+    #  c = OpenSSL::Cipher.new(key_to_spec(key, mode))
+    #  c.random_iv.length
+    #end
+
+    def SymKeyCipher.algo_default(algo)
+      case algo
+      when :aes
+        # param 0: Algo name for spec
+        # param 1: key size
+        # param 2: default mdoe
+        #["AES", 256, :gcm]
+        Ccrypto::DirectCipherConfig.new({ algo: :aes, keysize: 256, mode: :gcm, padding: :pkcs5 })
+      when :chacha20_poly1305, :chacha20
+        Ccrypto::DirectCipherConfig.new({ algo: :chacha20, keysize: 256, mode: :poly1305 })
+        #["chacha20-poly1305", 256]
+      when :blowfish
+        Ccrypto::DirectCipherConfig.new({ algo: :blowfish, keysize: 128, mode: :cfb, padding: :pkcs5 })
+        #["bf", 128, :ofb]
+      when :camellia
+        Ccrypto::DirectCipherConfig.new({ algo: :camellia, keysize: 256, mode: :ctr, padding: :pkcs5 })
+        #["camellia", 256, :ctr]
+      when :aria
+        Ccrypto::DirectCipherConfig.new({ algo: :aria, keysize: 256, mode: :gcm, padding: :pkcs5 })
+        #["aria", 256, :gcm]
+      else
+        raise SymKeyCipherError, "Unknown algo '#{algo}' default"
+      end
+    end
+
+  end
+end

data/lib/ccipher_factory/symkey_cipher/symkey_decrypt.rb

@@ -0,0 +1,144 @@
+
+require_relative '../compression/compressor'
+
+module CcipherFactory
+  module SymKeyCipher
+    module SymKeyDecrypt
+      include TR::CondUtils
+      include Common
+      include Compression::CompressionHelper
+
+      class SymKeyDecryptError < StandardError; end
+
+      attr_accessor :key
+
+      def init
+
+      end
+
+      def decrypt_init(*args, &block)
+
+        #@decKey = args.first
+        raise SymKeyDecryptError, "Decryption key is required" if is_empty?(@key)
+
+        if block
+          instance_eval(&block)
+          decrypt_final
+        else
+          self
+        end
+
+      end
+
+      def decrypt_update_meta(val)
+
+        intOutputBuf.write(val)
+        begin
+          Encoding.extract_meta(intOutputBuf) do |meta, bal|
+
+            ts = BinStruct.instance.struct_from_bin(meta)
+            @mode = BTag.value_constant(ts.mode)
+            iv = ts.iv
+            comp = ts.compression
+
+            cts = BinStruct.instance.struct_from_bin(comp)
+            if cts.oid == BTag.constant_value(:compression_zlib)
+              @decompressor = CcipherFactory::Compression::Compressor.new
+              @decompressor.decompress
+              @decompressor.decompress_init
+              @decompressor.decompress_update_meta(comp)
+
+              compression_on
+              logger.tdebug :symkey_dec, "Compression is active"
+            else
+              compression_off
+              logger.tdebug :symkey_dec, "Compression is NOT active"
+            end
+
+            authTag = ts.auth_tag
+
+            algoDef = SymKeyCipher.algo_default(@key.keytype)
+
+            cconf = Ccrypto::DirectCipherConfig.new({ algo: @key.keytype, keysize: @key.keysize, mode: @mode, padding: :pkcs5 })
+            cconf.cipherOps = :decrypt
+            cconf.key = @key.key
+            cconf.iv = iv if not_empty?(iv)
+            cconf.auth_tag = authTag if cconf.respond_to?(:auth_tag=)
+            @cipher = Ccrypto::AlgoFactory.engine(cconf)
+
+            @cipher
+
+          end
+        rescue Encoding::InsufficientData => e
+        end
+
+
+      end
+
+      def decrypt_update_cipher(val)
+
+        raise SymKeyCipherError, "Please call update_meta() first before update_cipher()" if @cipher.nil?
+        
+        logger.debug "Given cipher data : #{val.length}"
+
+        dec = @cipher.update(val)
+
+
+        if not_empty?(dec) and dec.length > 0
+
+          logger.debug "After cipher before compression check : #{dec.length}"
+          res = decompress_data_if_active(dec)
+          write_to_output(res)
+
+          #if @decompressor.nil?
+          #  dc = dec
+          #else
+          #  begin
+          #    dc = @decompressor.decompress_update(dec)
+          #  rescue Zlib::Error => ex
+          #    raise SymKeyDecryptionError, "Data decompression failed: #{ex.message}"
+          #  end
+          #end
+
+          #write_to_output(dc)
+
+        else
+
+          logger.debug "Cipher update returns nothing"
+        end
+
+      end
+
+      def decrypt_final
+
+        begin
+          dec = @cipher.final 
+          logger.debug "Final length : #{dec.length}"
+          res = decompress_data_if_active(dec)
+          write_to_output(res)
+        rescue Ccrypto::CipherEngineException => ex
+          raise SymKeyDecryptionError, ex
+        end
+
+        @cipher = nil
+
+        @key = nil
+        # this is to clear up the cipher object from memory 
+        # including key and IV value
+        # Tested with aes-finder utility on ruby 3.0.2
+        # https://github.com/mmozeiko/aes-finder
+        GC.start
+
+      end
+
+      def logger
+        if @logger.nil?
+          @logger = Tlogger.new
+          @logger.tag = :symkey_dec
+        end
+        @logger
+      end
+
+    end
+  end
+end

data/lib/ccipher_factory/symkey_cipher/symkey_encrypt.rb

@@ -0,0 +1,164 @@
+
+require_relative '../compression/compression_helper'
+
+module CcipherFactory
+  module SymKeyCipher
+    module SymKeyEncrypt
+      include TR::CondUtils
+      include Common
+      include Compression::CompressionHelper
+
+      attr_accessor :key, :mode, :iv
+
+      def encrypt_init(*args, &block)
+
+        raise SymKeyCipherError, "Encryption key is required" if is_empty?(@key)
+        raise SymKeyCipherError, "SymKey object is required" if not @key.is_a?(SymKey)
+        raise SymKeyCipherError, "Cipher requires output to be set" if not is_output_given?
+
+        #_, _, mode = SymKeyCipher.algo_default(@key.keytype)
+        @cconf = SymKeyCipher.algo_default(@key.keytype)
+        @cconf.key = @key.key
+        @cconf.keysize = @key.keysize
+        @cconf.iv = @iv if not_empty?(@iv)
+        if is_empty?(@mode)
+          @mode = @cconf.mode
+        else
+          @cconf.mode = @mode
+        end
+
+        #spec = SymKeyCipher.key_to_spec(@key, @mode)
+        logger.tdebug :symkey_enc, "Encrypt cipher spec : #{@cconf}"
+
+       
+        @cconf.cipherOps = :encrypt
+        begin
+          @cipher = Ccrypto::AlgoFactory.engine(@cconf)
+        #rescue Ccrypto::CipherEngineException => ex
+        rescue Exception => ex
+          raise SymKeyCipherError, ex
+        end
+
+
+        #@cipher = OpenSSL::Cipher.new(cconf.provider_config)
+        #@cipher.encrypt
+        #@cipher.key = @key.key
+
+        #if is_empty?(@iv)
+        #  @iv = @cipher.random_iv
+        #else
+        #  @cipher.iv = @iv
+        #end
+
+        if is_compression_on?
+          logger.tdebug :symkey_enc, "Compression on"
+        else
+          logger.tdebug :symkey_enc, "Compression off"
+        end
+
+        @totalPlain = 0
+        @totalCompressed = 0
+
+        if block
+          instance_eval(&block)
+          encrypt_final
+        else
+          self
+        end
+
+      end
+
+      def encrypt_update(val)
+
+        if not_empty?(val)
+          @totalPlain += val.length
+          cval = compress_data_if_active(val)
+          @totalCompressed += cval.length
+
+          enc = @cipher.update(cval)
+          if not_empty?(enc)
+            write_to_output(enc)
+          end
+        end
+
+      end
+
+      def encrypt_final
+
+        #if not is_gcm_mode?
+          enc = @cipher.final
+          logger.debug "Cipher final returns #{enc.length} bytes"
+          write_to_output(enc)
+        #end
+
+        @cipher = nil
+        # this is to clear up the cipher object from memory 
+        # including key and IV value
+        # Tested with aes-finder utility on ruby 3.0.2
+        # https://github.com/mmozeiko/aes-finder
+        GC.start  
+
+        @iv = @cconf.iv if is_empty?(@iv)
+
+        conv = Ccrypto::UtilFactory.instance(:data_converter)
+        #logger.debug "Key : #{conv.to_hex(@key.key)}"
+        #logger.debug "IV : #{conv.to_hex(@iv)}"
+        #logger.debug "Mode : #{@mode}"
+        #logger.debug "Output : #{conv.to_hex(@output.string)}"
+
+        #ts = Encoding::ASN1Encoder.instance(:symkey_cipher)
+        ts = BinStruct.instance.struct(:symkey_cipher)
+        if is_empty?(@mode)
+          ts.mode = 0
+          logger.debug "Encoding null mode"
+        else
+          ts.mode = BTag.constant_value(@mode)
+          logger.debug "Encoding mode #{@mode}"
+        end
+
+        if is_empty?(@iv)
+          ts.iv = ""
+          logger.debug "Encoding empty IV"
+        else
+          ts.iv = @iv
+          logger.debug "Encoding IV of #{@iv.length} bytes"
+        end
+
+        if is_compression_on?
+          ts.compression = compressor.compress_final
+          logger.tdebug :symkey_enc, "Plain : #{@totalPlain} / Compressed : #{@totalCompressed} = #{(@totalCompressed*1.0)/@totalPlain*100} %"
+        else
+          ts.compression = BinStruct.instance.struct(:compression_none).encoded
+        end
+
+        if @cconf.respond_to?(:auth_tag)
+          if is_empty?(@cconf.auth_tag)
+            ts.auth_tag = ""
+            logger.debug "Encoding empty AuthTag"
+          else
+            ts.auth_tag = @cconf.auth_tag
+            logger.debug "Encoding AuthTag of #{@cconf.auth_tag.length}"
+          end
+        else
+          ts.auth_tag = ""
+          logger.debug "AuthTag not relevent"
+        end
+
+        #logger.debug "encoding : #{ts.inspect}"
+
+        ts.encoded
+
+      end
+
+      private
+      def logger
+        if @logger.nil?
+          @logger = Tlogger.new
+          @logger.tag = :symkey_enc
+        end
+        @logger
+      end
+
+    end
+  end
+end

data/lib/ccipher_factory/symkey_cipher/symkey_sign.rb

@@ -0,0 +1,70 @@
+
+require 'openssl'
+
+require_relative '../digest/supported_digest'
+
+module CcipherFactory
+  module SymKeySigner
+
+    module SymKeySign
+      include TR::CondUtils
+      include Common
+
+      attr_accessor :signing_key, :digest_algo
+
+      def init
+        @digest_algo = Digest::SupportedDigest.instance.default_digest
+      end
+
+      def sign_init(opts = { }, &block)
+
+        raise SymKeySignerError, "Signing symkey is required" if is_empty?(@signing_key)
+        raise SymKeySignerError, "Given digest algo is not supported" if not Digest::SupportedDigest.instance.is_supported?(@digest_algo)
+
+        hconf = Ccrypto::HMACConfig.new
+        hconf.key = Ccrypto::SecretKey.new(@signing_key.keytype, @signing_key.key)
+        hconf.digest = @digest_algo
+
+        @hmac = Ccrypto::AlgoFactory.engine(hconf)
+
+        #@hmac = OpenSSL::HMAC.new(@signing_key.key, OpenSSL::Digest.new(Digest.to_digest_string(@digest_algo)))
+
+        if block
+          instance_eval(&block)
+          sign_final
+        else
+          self
+        end
+
+      end
+
+      def sign_update(val)
+        raise SymKeySignerError, "Please call sign_init before sign_update" if @hmac.nil?
+        @hmac.hmac_update(val)
+      end
+
+      def sign_final
+
+        raise SymKeySignerError, "Please call sign_init before sign_update" if @hmac.nil?
+
+        sign = @hmac.hmac_final
+
+        ts = BinStruct.instance.struct(:symkey_signature) 
+        ts.digest_algo = BTag.constant_value(@digest_algo)
+        ts.signature = sign
+        ts.encoded
+
+      end
+
+      def logger
+        if @logger.nil?
+          @logger = Tlogger.new
+          @logger.tag = :symkey_sign
+        end
+        @logger
+      end
+
+    end
+
+  end
+end

data/lib/ccipher_factory/symkey_cipher/symkey_signer.rb

@@ -0,0 +1,59 @@
+
+
+module CcipherFactory
+  module SymKeySigner
+    include TR::CondUtils
+
+    class SKSigner; end
+
+    class SymKeySignerError < StandardError; end
+
+    def self.signer
+      s = SKSigner.new
+      s.extend(CcipherFactory::SymKeySigner::SymKeySign)
+      s.init if s.respond_to?(:init)
+      s
+    end
+
+    def self.att_signer
+      s = SKSigner.new
+      s.extend(SymKeyAttSign)
+      s.init if s.respond_to?(:init)
+      s
+    end
+
+    def self.verifier
+      s = SKSigner.new
+      s.extend(SymKeyVerify)
+      s.init if s.respond_to?(:init)
+      s
+    end
+
+    def self.att_verifier
+      s = SKSigner.new
+      s.extend(SymKeyAttVerify)
+      s.init if s.respond_to?(:init)
+      s
+    end
+
+    def SymKeySigner.algo_default(algo)
+
+      case algo
+      when :ecc
+        { curve: :prime256v1 }
+      when :rsa
+        { keysize: 2048  }
+      end
+
+    end
+
+  end
+end
+
+
+require_relative 'symkey_sign'
+require_relative 'symkey_verify'
+
+require_relative 'symkey_att_sign'
+require_relative 'symkey_att_verify'
+

data/lib/ccipher_factory/symkey_cipher/symkey_verify.rb

@@ -0,0 +1,76 @@
+
+
+
+module CcipherFactory
+  module SymKeySigner
+
+    module SymKeyVerify
+      include TR::CondUtils
+
+      attr_accessor :verification_key
+      def verify_init(opts = {  }, &block)
+
+        if block
+          instance_eval(&block)
+          verify_final
+        else
+          self
+        end
+
+      end
+
+      def verify_update_meta(meta)
+
+        ts = BinStruct.instance.struct_from_bin(meta)
+        digestAlgo = BTag.value_constant(ts.digest_algo)
+        @sign = ts.signature
+
+        raise SymKeySignerError, "Verification key must be given" if is_empty?(@verification_key)
+
+        raise SymKeySignerError, "Symmetric key type is expected" if not @verification_key.is_a?(SymKey)
+
+        raise SymKeySignerError, "Given digest algo '#{digestAlgo}' is not supported" if not Digest::SupportedDigest.instance.is_supported?(digestAlgo)
+
+        hconf = Ccrypto::HMACConfig.new
+        hconf.key = Ccrypto::SecretKey.new(@verification_key.keytype, @verification_key.key)
+        hconf.digest = digestAlgo
+
+        @hmac = Ccrypto::AlgoFactory.engine(hconf)
+
+        #@hmac = OpenSSL::HMAC.new(@verification_key.key, OpenSSL::Digest.new(Digest.to_digest_string(digestAlgo)))
+
+      end
+
+      def verify_update_data(val)
+        @hmac.hmac_update(val) 
+      end
+
+      def verify_final
+
+        sign = @hmac.hmac_final
+
+        comp = Ccrypto::UtilFactory.instance(:comparator)
+        res = comp.is_equal?(sign, @sign)
+        #res = (sign == @sign)
+
+        if not res
+          logger.tdebug :symkey_ver, "Generated : #{sign}"
+          logger.tdebug :symkey_ver, "Enveloped : #{@sign}"
+        end
+
+        res
+
+      end
+
+      def logger
+        if @logger.nil?
+          @logger = Tlogger.new
+          @logger.tag = :symkey_ver
+        end
+        @logger
+      end
+
+    end
+
+  end
+end

data/lib/ccipher_factory/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module CcipherFactory
+  VERSION = "0.1.0"
+end