ccipher_factory 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.rspec +3 -0
- data/Gemfile +30 -0
- data/Gemfile.lock-java +65 -0
- data/Gemfile.lock-ruby +67 -0
- data/README.md +80 -0
- data/Rakefile +10 -0
- data/bin/console +15 -0
- data/bin/setup +8 -0
- data/ccipher_factory.gemspec +46 -0
- data/lib/ccipher_factory/asymkey/asymkey.rb +16 -0
- data/lib/ccipher_factory/asymkey/asymkey_generator.rb +87 -0
- data/lib/ccipher_factory/asymkey/ecc_keypair.rb +56 -0
- data/lib/ccipher_factory/asymkey_cipher/asymkey_cipher.rb +63 -0
- data/lib/ccipher_factory/asymkey_cipher/asymkey_signer.rb +44 -0
- data/lib/ccipher_factory/asymkey_cipher/ecc/ecc_att_decrypt.rb +55 -0
- data/lib/ccipher_factory/asymkey_cipher/ecc/ecc_att_encrypt.rb +70 -0
- data/lib/ccipher_factory/asymkey_cipher/ecc/ecc_att_signer.rb +88 -0
- data/lib/ccipher_factory/asymkey_cipher/ecc/ecc_att_verifier.rb +100 -0
- data/lib/ccipher_factory/asymkey_cipher/ecc/ecc_decrypt.rb +80 -0
- data/lib/ccipher_factory/asymkey_cipher/ecc/ecc_encrypt.rb +101 -0
- data/lib/ccipher_factory/asymkey_cipher/ecc/ecc_signer.rb +80 -0
- data/lib/ccipher_factory/asymkey_cipher/ecc/ecc_verifier.rb +56 -0
- data/lib/ccipher_factory/composite_cipher/composite_cipher.rb +28 -0
- data/lib/ccipher_factory/composite_cipher/decrypt_verifier.rb +116 -0
- data/lib/ccipher_factory/composite_cipher/sign_encryptor.rb +100 -0
- data/lib/ccipher_factory/compression/compression_helper.rb +103 -0
- data/lib/ccipher_factory/compression/compressor.rb +55 -0
- data/lib/ccipher_factory/compression/zlib_compressor.rb +48 -0
- data/lib/ccipher_factory/compression/zlib_decompressor.rb +67 -0
- data/lib/ccipher_factory/digest/digest.rb +180 -0
- data/lib/ccipher_factory/digest/supported_digest.rb +47 -0
- data/lib/ccipher_factory/encoding/asn1.rb +43 -0
- data/lib/ccipher_factory/encoding/bin_struct.rb +207 -0
- data/lib/ccipher_factory/encoding/binenc_constant.rb +149 -0
- data/lib/ccipher_factory/helpers/common.rb +124 -0
- data/lib/ccipher_factory/kcv/kcv.rb +89 -0
- data/lib/ccipher_factory/kdf/hkdf.rb +114 -0
- data/lib/ccipher_factory/kdf/kdf.rb +73 -0
- data/lib/ccipher_factory/kdf/pbkdf2.rb +82 -0
- data/lib/ccipher_factory/kdf/scrypt.rb +105 -0
- data/lib/ccipher_factory/shamir/shamir_sharing.rb +293 -0
- data/lib/ccipher_factory/shamir/shamir_sharing_helper.rb +88 -0
- data/lib/ccipher_factory/symkey/derived_symkey.rb +110 -0
- data/lib/ccipher_factory/symkey/hardware_symkey.rb +0 -0
- data/lib/ccipher_factory/symkey/soft_symkey.rb +63 -0
- data/lib/ccipher_factory/symkey/symkey.rb +122 -0
- data/lib/ccipher_factory/symkey/symkey_generator.rb +70 -0
- data/lib/ccipher_factory/symkey_cipher/symkey_att_decrypt.rb +64 -0
- data/lib/ccipher_factory/symkey_cipher/symkey_att_encrypt.rb +65 -0
- data/lib/ccipher_factory/symkey_cipher/symkey_att_sign.rb +84 -0
- data/lib/ccipher_factory/symkey_cipher/symkey_att_verify.rb +85 -0
- data/lib/ccipher_factory/symkey_cipher/symkey_cipher.rb +101 -0
- data/lib/ccipher_factory/symkey_cipher/symkey_decrypt.rb +144 -0
- data/lib/ccipher_factory/symkey_cipher/symkey_encrypt.rb +164 -0
- data/lib/ccipher_factory/symkey_cipher/symkey_sign.rb +70 -0
- data/lib/ccipher_factory/symkey_cipher/symkey_signer.rb +59 -0
- data/lib/ccipher_factory/symkey_cipher/symkey_verify.rb +76 -0
- data/lib/ccipher_factory/version.rb +5 -0
- data/lib/ccipher_factory.rb +52 -0
- data/run_test.rb +27 -0
- metadata +172 -0
@@ -0,0 +1,85 @@
|
|
1
|
+
|
2
|
+
require_relative 'symkey_signer'
|
3
|
+
|
4
|
+
module CcipherFactory
|
5
|
+
module SymKeySigner
|
6
|
+
|
7
|
+
module SymKeyAttVerify
|
8
|
+
include Common
|
9
|
+
include Compression::CompressionHelper
|
10
|
+
|
11
|
+
attr_accessor :verification_key
|
12
|
+
def att_verify_init(opts = { }, &block)
|
13
|
+
|
14
|
+
@params = opts
|
15
|
+
|
16
|
+
raise SymKeySignerError, "Please provide output for attached verify" if not is_output_given?
|
17
|
+
|
18
|
+
if block
|
19
|
+
instance_eval(&block)
|
20
|
+
att_verify_final
|
21
|
+
else
|
22
|
+
self
|
23
|
+
end
|
24
|
+
|
25
|
+
end
|
26
|
+
|
27
|
+
def att_verify_update(val)
|
28
|
+
|
29
|
+
if @ver.nil?
|
30
|
+
intOutputBuf.write(val)
|
31
|
+
begin
|
32
|
+
Encoding.extract_meta(intOutputBuf) do |meta, bal|
|
33
|
+
|
34
|
+
ts = BinStruct.instance.struct_from_bin(meta)
|
35
|
+
|
36
|
+
vmeta = ts.symkey_signature
|
37
|
+
compression = ts.compression
|
38
|
+
|
39
|
+
cts = BinStruct.instance.struct_from_bin(compression)
|
40
|
+
if cts.oid == BTag.constant_value(:compression_zlib)
|
41
|
+
compression_on
|
42
|
+
decompressor.decompress_update_meta(compression)
|
43
|
+
end
|
44
|
+
|
45
|
+
@ver = SymKeySigner.verifier
|
46
|
+
|
47
|
+
@ver.verification_key = @verification_key
|
48
|
+
@ver.verify_init(@params)
|
49
|
+
@ver.verify_update_meta(vmeta)
|
50
|
+
|
51
|
+
att_verify_update(bal) if bal.length > 0
|
52
|
+
|
53
|
+
intOutputBuf.rewind
|
54
|
+
intOutputBuf = nil
|
55
|
+
end
|
56
|
+
rescue Encoding::InsufficientData
|
57
|
+
end
|
58
|
+
else
|
59
|
+
res = decompress_data_if_active(val)
|
60
|
+
@ver.verify_update_data(res)
|
61
|
+
intOutputFile.write(res)
|
62
|
+
end
|
63
|
+
|
64
|
+
end
|
65
|
+
|
66
|
+
def att_verify_final
|
67
|
+
res = @ver.verify_final
|
68
|
+
|
69
|
+
if res
|
70
|
+
intOutputFile.rewind
|
71
|
+
while not intOutputFile.eof?
|
72
|
+
write_to_output(intOutputFile.read)
|
73
|
+
end
|
74
|
+
|
75
|
+
disposeOutput(intOutputFile)
|
76
|
+
end
|
77
|
+
|
78
|
+
res
|
79
|
+
|
80
|
+
end
|
81
|
+
|
82
|
+
end
|
83
|
+
|
84
|
+
end
|
85
|
+
end
|
@@ -0,0 +1,101 @@
|
|
1
|
+
|
2
|
+
|
3
|
+
require_relative 'symkey_encrypt'
|
4
|
+
require_relative 'symkey_decrypt'
|
5
|
+
|
6
|
+
require_relative 'symkey_att_encrypt'
|
7
|
+
require_relative 'symkey_att_decrypt'
|
8
|
+
|
9
|
+
module CcipherFactory
|
10
|
+
module SymKeyCipher
|
11
|
+
include TR::CondUtils
|
12
|
+
|
13
|
+
class SKCipher; end
|
14
|
+
|
15
|
+
#class SymKeyCipherError < StandardError; end
|
16
|
+
|
17
|
+
def self.encryptor
|
18
|
+
c = SKCipher.new
|
19
|
+
c.extend(SymKeyEncrypt)
|
20
|
+
c
|
21
|
+
end
|
22
|
+
|
23
|
+
def self.decryptor
|
24
|
+
dec = SKCipher.new
|
25
|
+
dec.extend(SymKeyDecrypt)
|
26
|
+
dec
|
27
|
+
end
|
28
|
+
|
29
|
+
def self.att_encryptor
|
30
|
+
c = SKCipher.new
|
31
|
+
c.extend(SymKeyAttEncrypt)
|
32
|
+
c
|
33
|
+
end
|
34
|
+
|
35
|
+
def self.att_decryptor
|
36
|
+
c = SKCipher.new
|
37
|
+
c.extend(SymKeyAttDecrypt)
|
38
|
+
c
|
39
|
+
end
|
40
|
+
|
41
|
+
#def self.mode_to_spec(mode)
|
42
|
+
# if not_empty?(mode)
|
43
|
+
# mode.to_s.upcase
|
44
|
+
# else
|
45
|
+
# mode
|
46
|
+
# end
|
47
|
+
#end
|
48
|
+
|
49
|
+
#def self.key_to_spec(key, mode)
|
50
|
+
# if not_empty?(key)
|
51
|
+
# case key.keytype
|
52
|
+
# when :aes
|
53
|
+
# "AES-#{key.keysize}-#{mode_to_spec(mode)}"
|
54
|
+
# when :chacha20_poly1305, :chacha20
|
55
|
+
# "chacha20-poly1305"
|
56
|
+
# when :blowfish
|
57
|
+
# "bf-#{mode_to_spec(mode)}"
|
58
|
+
# when :camellia
|
59
|
+
# "camellia-#{key.keysize}-#{mode_to_spec(mode)}"
|
60
|
+
# when :aria
|
61
|
+
# "aria-#{key.keysize}-#{mode_to_spec(mode)}"
|
62
|
+
# else
|
63
|
+
# raise SymKeyCipherError, "Unknown key type '#{key.keytype}'"
|
64
|
+
# end
|
65
|
+
# else
|
66
|
+
# raise SymKeyCipherError, "Given key to translate to spec is nil"
|
67
|
+
# end
|
68
|
+
#end
|
69
|
+
|
70
|
+
#def self.iv_length(key, mode)
|
71
|
+
# c = OpenSSL::Cipher.new(key_to_spec(key, mode))
|
72
|
+
# c.random_iv.length
|
73
|
+
#end
|
74
|
+
|
75
|
+
def SymKeyCipher.algo_default(algo)
|
76
|
+
case algo
|
77
|
+
when :aes
|
78
|
+
# param 0: Algo name for spec
|
79
|
+
# param 1: key size
|
80
|
+
# param 2: default mdoe
|
81
|
+
#["AES", 256, :gcm]
|
82
|
+
Ccrypto::DirectCipherConfig.new({ algo: :aes, keysize: 256, mode: :gcm, padding: :pkcs5 })
|
83
|
+
when :chacha20_poly1305, :chacha20
|
84
|
+
Ccrypto::DirectCipherConfig.new({ algo: :chacha20, keysize: 256, mode: :poly1305 })
|
85
|
+
#["chacha20-poly1305", 256]
|
86
|
+
when :blowfish
|
87
|
+
Ccrypto::DirectCipherConfig.new({ algo: :blowfish, keysize: 128, mode: :cfb, padding: :pkcs5 })
|
88
|
+
#["bf", 128, :ofb]
|
89
|
+
when :camellia
|
90
|
+
Ccrypto::DirectCipherConfig.new({ algo: :camellia, keysize: 256, mode: :ctr, padding: :pkcs5 })
|
91
|
+
#["camellia", 256, :ctr]
|
92
|
+
when :aria
|
93
|
+
Ccrypto::DirectCipherConfig.new({ algo: :aria, keysize: 256, mode: :gcm, padding: :pkcs5 })
|
94
|
+
#["aria", 256, :gcm]
|
95
|
+
else
|
96
|
+
raise SymKeyCipherError, "Unknown algo '#{algo}' default"
|
97
|
+
end
|
98
|
+
end
|
99
|
+
|
100
|
+
end
|
101
|
+
end
|
@@ -0,0 +1,144 @@
|
|
1
|
+
|
2
|
+
require_relative '../compression/compressor'
|
3
|
+
|
4
|
+
module CcipherFactory
|
5
|
+
module SymKeyCipher
|
6
|
+
module SymKeyDecrypt
|
7
|
+
include TR::CondUtils
|
8
|
+
include Common
|
9
|
+
include Compression::CompressionHelper
|
10
|
+
|
11
|
+
class SymKeyDecryptError < StandardError; end
|
12
|
+
|
13
|
+
attr_accessor :key
|
14
|
+
|
15
|
+
def init
|
16
|
+
|
17
|
+
end
|
18
|
+
|
19
|
+
def decrypt_init(*args, &block)
|
20
|
+
|
21
|
+
#@decKey = args.first
|
22
|
+
raise SymKeyDecryptError, "Decryption key is required" if is_empty?(@key)
|
23
|
+
|
24
|
+
if block
|
25
|
+
instance_eval(&block)
|
26
|
+
decrypt_final
|
27
|
+
else
|
28
|
+
self
|
29
|
+
end
|
30
|
+
|
31
|
+
end
|
32
|
+
|
33
|
+
def decrypt_update_meta(val)
|
34
|
+
|
35
|
+
intOutputBuf.write(val)
|
36
|
+
begin
|
37
|
+
Encoding.extract_meta(intOutputBuf) do |meta, bal|
|
38
|
+
|
39
|
+
ts = BinStruct.instance.struct_from_bin(meta)
|
40
|
+
@mode = BTag.value_constant(ts.mode)
|
41
|
+
iv = ts.iv
|
42
|
+
comp = ts.compression
|
43
|
+
|
44
|
+
cts = BinStruct.instance.struct_from_bin(comp)
|
45
|
+
if cts.oid == BTag.constant_value(:compression_zlib)
|
46
|
+
@decompressor = CcipherFactory::Compression::Compressor.new
|
47
|
+
@decompressor.decompress
|
48
|
+
@decompressor.decompress_init
|
49
|
+
@decompressor.decompress_update_meta(comp)
|
50
|
+
|
51
|
+
compression_on
|
52
|
+
logger.tdebug :symkey_dec, "Compression is active"
|
53
|
+
else
|
54
|
+
compression_off
|
55
|
+
logger.tdebug :symkey_dec, "Compression is NOT active"
|
56
|
+
end
|
57
|
+
|
58
|
+
authTag = ts.auth_tag
|
59
|
+
|
60
|
+
algoDef = SymKeyCipher.algo_default(@key.keytype)
|
61
|
+
|
62
|
+
cconf = Ccrypto::DirectCipherConfig.new({ algo: @key.keytype, keysize: @key.keysize, mode: @mode, padding: :pkcs5 })
|
63
|
+
cconf.cipherOps = :decrypt
|
64
|
+
cconf.key = @key.key
|
65
|
+
cconf.iv = iv if not_empty?(iv)
|
66
|
+
cconf.auth_tag = authTag if cconf.respond_to?(:auth_tag=)
|
67
|
+
@cipher = Ccrypto::AlgoFactory.engine(cconf)
|
68
|
+
|
69
|
+
@cipher
|
70
|
+
|
71
|
+
end
|
72
|
+
rescue Encoding::InsufficientData => e
|
73
|
+
end
|
74
|
+
|
75
|
+
|
76
|
+
end
|
77
|
+
|
78
|
+
def decrypt_update_cipher(val)
|
79
|
+
|
80
|
+
raise SymKeyCipherError, "Please call update_meta() first before update_cipher()" if @cipher.nil?
|
81
|
+
|
82
|
+
logger.debug "Given cipher data : #{val.length}"
|
83
|
+
|
84
|
+
dec = @cipher.update(val)
|
85
|
+
|
86
|
+
|
87
|
+
if not_empty?(dec) and dec.length > 0
|
88
|
+
|
89
|
+
logger.debug "After cipher before compression check : #{dec.length}"
|
90
|
+
res = decompress_data_if_active(dec)
|
91
|
+
write_to_output(res)
|
92
|
+
|
93
|
+
#if @decompressor.nil?
|
94
|
+
# dc = dec
|
95
|
+
#else
|
96
|
+
# begin
|
97
|
+
# dc = @decompressor.decompress_update(dec)
|
98
|
+
# rescue Zlib::Error => ex
|
99
|
+
# raise SymKeyDecryptionError, "Data decompression failed: #{ex.message}"
|
100
|
+
# end
|
101
|
+
#end
|
102
|
+
|
103
|
+
#write_to_output(dc)
|
104
|
+
|
105
|
+
else
|
106
|
+
|
107
|
+
logger.debug "Cipher update returns nothing"
|
108
|
+
end
|
109
|
+
|
110
|
+
end
|
111
|
+
|
112
|
+
def decrypt_final
|
113
|
+
|
114
|
+
begin
|
115
|
+
dec = @cipher.final
|
116
|
+
logger.debug "Final length : #{dec.length}"
|
117
|
+
res = decompress_data_if_active(dec)
|
118
|
+
write_to_output(res)
|
119
|
+
rescue Ccrypto::CipherEngineException => ex
|
120
|
+
raise SymKeyDecryptionError, ex
|
121
|
+
end
|
122
|
+
|
123
|
+
@cipher = nil
|
124
|
+
|
125
|
+
@key = nil
|
126
|
+
# this is to clear up the cipher object from memory
|
127
|
+
# including key and IV value
|
128
|
+
# Tested with aes-finder utility on ruby 3.0.2
|
129
|
+
# https://github.com/mmozeiko/aes-finder
|
130
|
+
GC.start
|
131
|
+
|
132
|
+
end
|
133
|
+
|
134
|
+
def logger
|
135
|
+
if @logger.nil?
|
136
|
+
@logger = Tlogger.new
|
137
|
+
@logger.tag = :symkey_dec
|
138
|
+
end
|
139
|
+
@logger
|
140
|
+
end
|
141
|
+
|
142
|
+
end
|
143
|
+
end
|
144
|
+
end
|
@@ -0,0 +1,164 @@
|
|
1
|
+
|
2
|
+
require_relative '../compression/compression_helper'
|
3
|
+
|
4
|
+
module CcipherFactory
|
5
|
+
module SymKeyCipher
|
6
|
+
module SymKeyEncrypt
|
7
|
+
include TR::CondUtils
|
8
|
+
include Common
|
9
|
+
include Compression::CompressionHelper
|
10
|
+
|
11
|
+
attr_accessor :key, :mode, :iv
|
12
|
+
|
13
|
+
def encrypt_init(*args, &block)
|
14
|
+
|
15
|
+
raise SymKeyCipherError, "Encryption key is required" if is_empty?(@key)
|
16
|
+
raise SymKeyCipherError, "SymKey object is required" if not @key.is_a?(SymKey)
|
17
|
+
raise SymKeyCipherError, "Cipher requires output to be set" if not is_output_given?
|
18
|
+
|
19
|
+
#_, _, mode = SymKeyCipher.algo_default(@key.keytype)
|
20
|
+
@cconf = SymKeyCipher.algo_default(@key.keytype)
|
21
|
+
@cconf.key = @key.key
|
22
|
+
@cconf.keysize = @key.keysize
|
23
|
+
@cconf.iv = @iv if not_empty?(@iv)
|
24
|
+
if is_empty?(@mode)
|
25
|
+
@mode = @cconf.mode
|
26
|
+
else
|
27
|
+
@cconf.mode = @mode
|
28
|
+
end
|
29
|
+
|
30
|
+
#spec = SymKeyCipher.key_to_spec(@key, @mode)
|
31
|
+
logger.tdebug :symkey_enc, "Encrypt cipher spec : #{@cconf}"
|
32
|
+
|
33
|
+
|
34
|
+
@cconf.cipherOps = :encrypt
|
35
|
+
begin
|
36
|
+
@cipher = Ccrypto::AlgoFactory.engine(@cconf)
|
37
|
+
#rescue Ccrypto::CipherEngineException => ex
|
38
|
+
rescue Exception => ex
|
39
|
+
raise SymKeyCipherError, ex
|
40
|
+
end
|
41
|
+
|
42
|
+
|
43
|
+
#@cipher = OpenSSL::Cipher.new(cconf.provider_config)
|
44
|
+
#@cipher.encrypt
|
45
|
+
#@cipher.key = @key.key
|
46
|
+
|
47
|
+
#if is_empty?(@iv)
|
48
|
+
# @iv = @cipher.random_iv
|
49
|
+
#else
|
50
|
+
# @cipher.iv = @iv
|
51
|
+
#end
|
52
|
+
|
53
|
+
if is_compression_on?
|
54
|
+
logger.tdebug :symkey_enc, "Compression on"
|
55
|
+
else
|
56
|
+
logger.tdebug :symkey_enc, "Compression off"
|
57
|
+
end
|
58
|
+
|
59
|
+
@totalPlain = 0
|
60
|
+
@totalCompressed = 0
|
61
|
+
|
62
|
+
if block
|
63
|
+
instance_eval(&block)
|
64
|
+
encrypt_final
|
65
|
+
else
|
66
|
+
self
|
67
|
+
end
|
68
|
+
|
69
|
+
end
|
70
|
+
|
71
|
+
def encrypt_update(val)
|
72
|
+
|
73
|
+
if not_empty?(val)
|
74
|
+
@totalPlain += val.length
|
75
|
+
cval = compress_data_if_active(val)
|
76
|
+
@totalCompressed += cval.length
|
77
|
+
|
78
|
+
enc = @cipher.update(cval)
|
79
|
+
if not_empty?(enc)
|
80
|
+
write_to_output(enc)
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
end
|
85
|
+
|
86
|
+
def encrypt_final
|
87
|
+
|
88
|
+
#if not is_gcm_mode?
|
89
|
+
enc = @cipher.final
|
90
|
+
logger.debug "Cipher final returns #{enc.length} bytes"
|
91
|
+
write_to_output(enc)
|
92
|
+
#end
|
93
|
+
|
94
|
+
@cipher = nil
|
95
|
+
# this is to clear up the cipher object from memory
|
96
|
+
# including key and IV value
|
97
|
+
# Tested with aes-finder utility on ruby 3.0.2
|
98
|
+
# https://github.com/mmozeiko/aes-finder
|
99
|
+
GC.start
|
100
|
+
|
101
|
+
@iv = @cconf.iv if is_empty?(@iv)
|
102
|
+
|
103
|
+
conv = Ccrypto::UtilFactory.instance(:data_converter)
|
104
|
+
#logger.debug "Key : #{conv.to_hex(@key.key)}"
|
105
|
+
#logger.debug "IV : #{conv.to_hex(@iv)}"
|
106
|
+
#logger.debug "Mode : #{@mode}"
|
107
|
+
#logger.debug "Output : #{conv.to_hex(@output.string)}"
|
108
|
+
|
109
|
+
#ts = Encoding::ASN1Encoder.instance(:symkey_cipher)
|
110
|
+
ts = BinStruct.instance.struct(:symkey_cipher)
|
111
|
+
if is_empty?(@mode)
|
112
|
+
ts.mode = 0
|
113
|
+
logger.debug "Encoding null mode"
|
114
|
+
else
|
115
|
+
ts.mode = BTag.constant_value(@mode)
|
116
|
+
logger.debug "Encoding mode #{@mode}"
|
117
|
+
end
|
118
|
+
|
119
|
+
if is_empty?(@iv)
|
120
|
+
ts.iv = ""
|
121
|
+
logger.debug "Encoding empty IV"
|
122
|
+
else
|
123
|
+
ts.iv = @iv
|
124
|
+
logger.debug "Encoding IV of #{@iv.length} bytes"
|
125
|
+
end
|
126
|
+
|
127
|
+
if is_compression_on?
|
128
|
+
ts.compression = compressor.compress_final
|
129
|
+
logger.tdebug :symkey_enc, "Plain : #{@totalPlain} / Compressed : #{@totalCompressed} = #{(@totalCompressed*1.0)/@totalPlain*100} %"
|
130
|
+
else
|
131
|
+
ts.compression = BinStruct.instance.struct(:compression_none).encoded
|
132
|
+
end
|
133
|
+
|
134
|
+
if @cconf.respond_to?(:auth_tag)
|
135
|
+
if is_empty?(@cconf.auth_tag)
|
136
|
+
ts.auth_tag = ""
|
137
|
+
logger.debug "Encoding empty AuthTag"
|
138
|
+
else
|
139
|
+
ts.auth_tag = @cconf.auth_tag
|
140
|
+
logger.debug "Encoding AuthTag of #{@cconf.auth_tag.length}"
|
141
|
+
end
|
142
|
+
else
|
143
|
+
ts.auth_tag = ""
|
144
|
+
logger.debug "AuthTag not relevent"
|
145
|
+
end
|
146
|
+
|
147
|
+
#logger.debug "encoding : #{ts.inspect}"
|
148
|
+
|
149
|
+
ts.encoded
|
150
|
+
|
151
|
+
end
|
152
|
+
|
153
|
+
private
|
154
|
+
def logger
|
155
|
+
if @logger.nil?
|
156
|
+
@logger = Tlogger.new
|
157
|
+
@logger.tag = :symkey_enc
|
158
|
+
end
|
159
|
+
@logger
|
160
|
+
end
|
161
|
+
|
162
|
+
end
|
163
|
+
end
|
164
|
+
end
|
@@ -0,0 +1,70 @@
|
|
1
|
+
|
2
|
+
require 'openssl'
|
3
|
+
|
4
|
+
require_relative '../digest/supported_digest'
|
5
|
+
|
6
|
+
module CcipherFactory
|
7
|
+
module SymKeySigner
|
8
|
+
|
9
|
+
module SymKeySign
|
10
|
+
include TR::CondUtils
|
11
|
+
include Common
|
12
|
+
|
13
|
+
attr_accessor :signing_key, :digest_algo
|
14
|
+
|
15
|
+
def init
|
16
|
+
@digest_algo = Digest::SupportedDigest.instance.default_digest
|
17
|
+
end
|
18
|
+
|
19
|
+
def sign_init(opts = { }, &block)
|
20
|
+
|
21
|
+
raise SymKeySignerError, "Signing symkey is required" if is_empty?(@signing_key)
|
22
|
+
raise SymKeySignerError, "Given digest algo is not supported" if not Digest::SupportedDigest.instance.is_supported?(@digest_algo)
|
23
|
+
|
24
|
+
hconf = Ccrypto::HMACConfig.new
|
25
|
+
hconf.key = Ccrypto::SecretKey.new(@signing_key.keytype, @signing_key.key)
|
26
|
+
hconf.digest = @digest_algo
|
27
|
+
|
28
|
+
@hmac = Ccrypto::AlgoFactory.engine(hconf)
|
29
|
+
|
30
|
+
#@hmac = OpenSSL::HMAC.new(@signing_key.key, OpenSSL::Digest.new(Digest.to_digest_string(@digest_algo)))
|
31
|
+
|
32
|
+
if block
|
33
|
+
instance_eval(&block)
|
34
|
+
sign_final
|
35
|
+
else
|
36
|
+
self
|
37
|
+
end
|
38
|
+
|
39
|
+
end
|
40
|
+
|
41
|
+
def sign_update(val)
|
42
|
+
raise SymKeySignerError, "Please call sign_init before sign_update" if @hmac.nil?
|
43
|
+
@hmac.hmac_update(val)
|
44
|
+
end
|
45
|
+
|
46
|
+
def sign_final
|
47
|
+
|
48
|
+
raise SymKeySignerError, "Please call sign_init before sign_update" if @hmac.nil?
|
49
|
+
|
50
|
+
sign = @hmac.hmac_final
|
51
|
+
|
52
|
+
ts = BinStruct.instance.struct(:symkey_signature)
|
53
|
+
ts.digest_algo = BTag.constant_value(@digest_algo)
|
54
|
+
ts.signature = sign
|
55
|
+
ts.encoded
|
56
|
+
|
57
|
+
end
|
58
|
+
|
59
|
+
def logger
|
60
|
+
if @logger.nil?
|
61
|
+
@logger = Tlogger.new
|
62
|
+
@logger.tag = :symkey_sign
|
63
|
+
end
|
64
|
+
@logger
|
65
|
+
end
|
66
|
+
|
67
|
+
end
|
68
|
+
|
69
|
+
end
|
70
|
+
end
|
@@ -0,0 +1,59 @@
|
|
1
|
+
|
2
|
+
|
3
|
+
module CcipherFactory
|
4
|
+
module SymKeySigner
|
5
|
+
include TR::CondUtils
|
6
|
+
|
7
|
+
class SKSigner; end
|
8
|
+
|
9
|
+
class SymKeySignerError < StandardError; end
|
10
|
+
|
11
|
+
def self.signer
|
12
|
+
s = SKSigner.new
|
13
|
+
s.extend(CcipherFactory::SymKeySigner::SymKeySign)
|
14
|
+
s.init if s.respond_to?(:init)
|
15
|
+
s
|
16
|
+
end
|
17
|
+
|
18
|
+
def self.att_signer
|
19
|
+
s = SKSigner.new
|
20
|
+
s.extend(SymKeyAttSign)
|
21
|
+
s.init if s.respond_to?(:init)
|
22
|
+
s
|
23
|
+
end
|
24
|
+
|
25
|
+
def self.verifier
|
26
|
+
s = SKSigner.new
|
27
|
+
s.extend(SymKeyVerify)
|
28
|
+
s.init if s.respond_to?(:init)
|
29
|
+
s
|
30
|
+
end
|
31
|
+
|
32
|
+
def self.att_verifier
|
33
|
+
s = SKSigner.new
|
34
|
+
s.extend(SymKeyAttVerify)
|
35
|
+
s.init if s.respond_to?(:init)
|
36
|
+
s
|
37
|
+
end
|
38
|
+
|
39
|
+
def SymKeySigner.algo_default(algo)
|
40
|
+
|
41
|
+
case algo
|
42
|
+
when :ecc
|
43
|
+
{ curve: :prime256v1 }
|
44
|
+
when :rsa
|
45
|
+
{ keysize: 2048 }
|
46
|
+
end
|
47
|
+
|
48
|
+
end
|
49
|
+
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
|
54
|
+
require_relative 'symkey_sign'
|
55
|
+
require_relative 'symkey_verify'
|
56
|
+
|
57
|
+
require_relative 'symkey_att_sign'
|
58
|
+
require_relative 'symkey_att_verify'
|
59
|
+
|
@@ -0,0 +1,76 @@
|
|
1
|
+
|
2
|
+
|
3
|
+
|
4
|
+
module CcipherFactory
|
5
|
+
module SymKeySigner
|
6
|
+
|
7
|
+
module SymKeyVerify
|
8
|
+
include TR::CondUtils
|
9
|
+
|
10
|
+
attr_accessor :verification_key
|
11
|
+
def verify_init(opts = { }, &block)
|
12
|
+
|
13
|
+
if block
|
14
|
+
instance_eval(&block)
|
15
|
+
verify_final
|
16
|
+
else
|
17
|
+
self
|
18
|
+
end
|
19
|
+
|
20
|
+
end
|
21
|
+
|
22
|
+
def verify_update_meta(meta)
|
23
|
+
|
24
|
+
ts = BinStruct.instance.struct_from_bin(meta)
|
25
|
+
digestAlgo = BTag.value_constant(ts.digest_algo)
|
26
|
+
@sign = ts.signature
|
27
|
+
|
28
|
+
raise SymKeySignerError, "Verification key must be given" if is_empty?(@verification_key)
|
29
|
+
|
30
|
+
raise SymKeySignerError, "Symmetric key type is expected" if not @verification_key.is_a?(SymKey)
|
31
|
+
|
32
|
+
raise SymKeySignerError, "Given digest algo '#{digestAlgo}' is not supported" if not Digest::SupportedDigest.instance.is_supported?(digestAlgo)
|
33
|
+
|
34
|
+
hconf = Ccrypto::HMACConfig.new
|
35
|
+
hconf.key = Ccrypto::SecretKey.new(@verification_key.keytype, @verification_key.key)
|
36
|
+
hconf.digest = digestAlgo
|
37
|
+
|
38
|
+
@hmac = Ccrypto::AlgoFactory.engine(hconf)
|
39
|
+
|
40
|
+
#@hmac = OpenSSL::HMAC.new(@verification_key.key, OpenSSL::Digest.new(Digest.to_digest_string(digestAlgo)))
|
41
|
+
|
42
|
+
end
|
43
|
+
|
44
|
+
def verify_update_data(val)
|
45
|
+
@hmac.hmac_update(val)
|
46
|
+
end
|
47
|
+
|
48
|
+
def verify_final
|
49
|
+
|
50
|
+
sign = @hmac.hmac_final
|
51
|
+
|
52
|
+
comp = Ccrypto::UtilFactory.instance(:comparator)
|
53
|
+
res = comp.is_equal?(sign, @sign)
|
54
|
+
#res = (sign == @sign)
|
55
|
+
|
56
|
+
if not res
|
57
|
+
logger.tdebug :symkey_ver, "Generated : #{sign}"
|
58
|
+
logger.tdebug :symkey_ver, "Enveloped : #{@sign}"
|
59
|
+
end
|
60
|
+
|
61
|
+
res
|
62
|
+
|
63
|
+
end
|
64
|
+
|
65
|
+
def logger
|
66
|
+
if @logger.nil?
|
67
|
+
@logger = Tlogger.new
|
68
|
+
@logger.tag = :symkey_ver
|
69
|
+
end
|
70
|
+
@logger
|
71
|
+
end
|
72
|
+
|
73
|
+
end
|
74
|
+
|
75
|
+
end
|
76
|
+
end
|