ccipher_factory 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 8e882748e988af57209ddc3342a3c791b60fcb8d78ad22ae83eaa607f1645d12
+  data.tar.gz: a2e9baaef537e4ede9201d677c8054e06c24344b2d8687481b13f0d31f8aa9b0
+SHA512:
+  metadata.gz: 95101b641134a18fcdab9627ec321806ca71cf7ce6b90927e4e71f5929a20e9ecf7bb1d3bed32489bde32cc0aee3fb560030d80f7e79693d4fc47e1bc0eacfca
+  data.tar.gz: '0559a64e2c0e866fdbd6fcdd6f2c6bf850be2cf4d67770175a019b3b0e7f867820e970bce678396c8a05266fcb6d9f938afba4747910f7bbae3c66bf80891a93'

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/Gemfile

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in ccipher_factory.gemspec
+gemspec
+
+gem "rake", "~> 13.0"
+
+gem "rspec", "~> 3.0"
+
+#gem 'ccrypto',  git: 'ccrypto', branch: 'main'
+#
+#gem 'binenc', git: "binenc", branch: "master"
+
+require 'toolrack'
+if TR::RTUtils.on_jruby?
+  #gem 'ccrypto-java', git: 'ccrypto-java', branch: 'main'
+  #gem 'binenc-java', git: 'binenc-java', branch: 'master'
+  gem 'ccrypto-java'
+  gem 'binenc-java'
+else
+  #gem 'ccrypto-ruby', git: 'ccrypto-ruby', branch: 'main'
+  #gem 'binenc-ruby', git: 'binenc-ruby', branch: 'master'
+  gem 'ccrypto-ruby'
+  gem 'binenc-ruby'
+end
+
+
+

data/Gemfile.lock-java

@@ -0,0 +1,65 @@
+GIT
+  remote: ccrypto
+  revision: beace29ef4e6eb76d77fcd90aea0f15bc5238e9f
+  branch: master
+  specs:
+    ccrypto (0.1.0)
+      tlogger
+      toolrack
+
+GIT
+  remote: ccrypto-java
+  revision: d2fd06975696f958fa989ac41274583433d9b0c3
+  branch: master
+  specs:
+    ccrypto-java (0.1.0)
+
+PATH
+  remote: .
+  specs:
+    ccipher_factory (0.1.0)
+      tlogger
+
+GIT
+  remote: toolrack
+  revision: 8e1c8caf8bee89abc3759528b8f5bb22a3128e48
+  branch: master
+  specs:
+    toolrack (0.18.3)
+      base58
+      tlogger
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    base58 (0.2.3)
+    diff-lcs (1.5.0)
+    rake (13.0.6)
+    rspec (3.11.0)
+      rspec-core (~> 3.11.0)
+      rspec-expectations (~> 3.11.0)
+      rspec-mocks (~> 3.11.0)
+    rspec-core (3.11.0)
+      rspec-support (~> 3.11.0)
+    rspec-expectations (3.11.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.11.0)
+    rspec-mocks (3.11.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.11.0)
+    rspec-support (3.11.0)
+    tlogger (0.26.3)
+
+PLATFORMS
+  universal-java-11
+
+DEPENDENCIES
+  ccipher_factory!
+  ccrypto!
+  ccrypto-java!
+  rake (~> 13.0)
+  rspec (~> 3.0)
+  toolrack!
+
+BUNDLED WITH
+   2.3.6

data/Gemfile.lock-ruby

@@ -0,0 +1,67 @@
+GIT
+  remote: ccrypto
+  revision: beace29ef4e6eb76d77fcd90aea0f15bc5238e9f
+  branch: master
+  specs:
+    ccrypto (0.1.0)
+      tlogger
+      toolrack
+
+GIT
+  remote: ccrypto-ruby
+  revision: e432e434e28bde01689a7b364cd08782f091120e
+  branch: master
+  specs:
+    ccrypto-ruby (0.1.0)
+      tlogger
+      toolrack
+
+PATH
+  remote: .
+  specs:
+    ccipher_factory (0.1.0)
+      tlogger
+
+GIT
+  remote: toolrack
+  revision: 8e1c8caf8bee89abc3759528b8f5bb22a3128e48
+  branch: master
+  specs:
+    toolrack (0.18.3)
+      base58
+      tlogger
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    base58 (0.2.3)
+    diff-lcs (1.5.0)
+    rake (13.0.6)
+    rspec (3.11.0)
+      rspec-core (~> 3.11.0)
+      rspec-expectations (~> 3.11.0)
+      rspec-mocks (~> 3.11.0)
+    rspec-core (3.11.0)
+      rspec-support (~> 3.11.0)
+    rspec-expectations (3.11.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.11.0)
+    rspec-mocks (3.11.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.11.0)
+    rspec-support (3.11.0)
+    tlogger (0.26.3)
+
+PLATFORMS
+  x86_64-linux
+
+DEPENDENCIES
+  ccipher_factory!
+  ccrypto!
+  ccrypto-ruby!
+  rake (~> 13.0)
+  rspec (~> 3.0)
+  toolrack!
+
+BUNDLED WITH
+   2.2.28

data/README.md

@@ -0,0 +1,80 @@
+# CcipherFactory
+
+CcipherFactory is the library that encapsulated all related parameters for a specific set of a cryptographic algorithms for operational requirement.
+
+Cryptographic algorithms mostly have some parameters which are configurable during a specific operation. For example for AES encryption, there are different _modes_ and an _iv_ that could be provided by the caller application (or the _iv_ could be generated internally). The same value is required during decryption however, which is expected that the same _iv_ and _mode_ info is to be used during decryption or the decryption shall failed. 
+
+Normally those parameters are pre-selected by application, like AES with key size 256 bits and GCM mode. However this resulted in a cryptosystem that is rigid because those selection will be likely hard coded and when there is a broken algorithm come into light by researcher for example, or any reasons that a mode is more preferable than the pre-selected mode, the crypto system will requires update and testing. By this time, there is likely also a higher level of applications already has some assumption about the cipher text and once some parameters changed, it might affect those application too. 
+
+If the application has provision of the dynamicity of the cryptographic algorithms, those pre-selected parameters shall be stored in external files such as xml/yaml/text/database or anything that make sense. However, we think that a binaray coding is a more appropriate way to deliver the purpose since the cipher text is mostly a set of binary data.
+
+Therefore the library upon signing/encryption cryptographic call, shall produce two outputs: the cipher text and the header.
+
+The header is basically binary encoded structure of the cryptographic parameters. The cipher text is the actual output of the cryptographic algorithm.
+
+During the reverse operations : verification / decryption, both pieces of the data shall be needed to be passed into the library in order for the operation to be successful.
+
+Currently the supported algorithms including:
+* Symmetric key
+  * Key generation / derivation from password
+  * Signing / verification (attached / detached)
+  * Encrypt / decrypt (attached / detached) with zlib compression option
+* Asymmetric key (currently ECC only)
+  * Keypair generation
+  * Signing / verification (attached / detached)
+  * Encrypt / decryption (attached / detached) with zlib compression option
+* Digest
+* Key derivation function
+  * scrypt
+  * hkdf
+* Shamir secret sharing 
+
+
+## Attached vs. Detached
+
+Attached mode is where the final output is the combination of the header and the cipher text. Therefore there is no separate storage required for the header and cipher text, instead a single file is what is needed for the cryptographic operation to operate.
+
+However, in the event that the combined output is not preferable, the application can store the header and cipher text in any location as wished and pass into the library whenever it is requested. 
+
+Note that there is no implicit linkage info between the header and the cipher text is generated for detached mode. It means that the library has no way to check if the header is corresponding to the cipher text being processed and if there is a mixed up, recursive way is the only way to see if the header is correct with the help of the correct key material.
+
+
+## Actual Supported Cryptographic Algorithms
+
+The actual supported cryptographic algorithms such as for symmetric, asymmetric etc is depending on the underlying cryptographic API. The project is integrated with [ccrypto](https://github.com/cameronian/ccrypto) which normalized the cryptographic API between Ruby and Java runtime.
+
+At CcipherFactory effort has been done to tag as much algorithms as supported by the Ccrypto libraries implemented runtime as possible, which the tagging is done inside lib/ccipher\_factory/encoding/binenc\_constant.rb and its binary structure is defined in lib/ccipher\_factory/encoding/bin\_struct.rb
+
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+# pre-requisite
+gem 'ccrypto'
+
+# if Ruby runtime
+gem 'ccrypto-ruby'
+# if Java runtime
+#gem 'ccrypto-java'
+
+# then include this
+gem 'ccipher_factory'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install ccipher_factory
+
+
+## Usage Examples
+
+Refers to files inside directory spec/ for more usage examples
+
+
+

data/Rakefile

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+require 'devops_assist'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/bin/console

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "ccipher_factory"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/ccipher_factory.gemspec

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require_relative "lib/ccipher_factory/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "ccipher_factory"
+  spec.version       = CcipherFactory::VERSION
+  spec.authors       = ["Ian"]
+  spec.email         = ["cameronian0@protonmail.com"]
+
+  spec.summary       = ""
+  spec.description   = ""
+  spec.homepage      = "https://github.com/cameronian/ccipher_factory"
+  spec.required_ruby_version = ">= 2.4.0"
+
+  #spec.metadata["allowed_push_host"] = "TODO: Set to your gem server 'https://example.com'"
+
+  #spec.metadata["homepage_uri"] = spec.homepage
+  #spec.metadata["source_code_uri"] = "TODO: Put your gem's public repo URL here."
+  #spec.metadata["changelog_uri"] = "TODO: Put your gem's CHANGELOG.md URL here."
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject do |f|
+      (f == __FILE__) || f.match(%r{\A(?:(?:test|spec|features)/|\.(?:git|travis|circleci)|appveyor)})
+    end
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency 'toolrack'
+  spec.add_dependency 'teLogger'
+
+  spec.add_dependency 'ccrypto'
+  spec.add_dependency 'binenc'
+
+  spec.add_development_dependency 'devops_assist'
+
+  # Uncomment to register a new dependency of your gem
+  # spec.add_dependency "example-gem", "~> 1.0"
+
+  # For more information and examples about making a new gem, checkout our
+  # guide at: https://bundler.io/guides/creating_gem.html
+end

data/lib/ccipher_factory/asymkey/asymkey.rb

@@ -0,0 +1,16 @@
+
+
+module CcipherFactory
+
+  module AsymKey
+
+    class AsymKeyError < StandardError; end
+
+    attr_accessor :keypair
+    def initialize(keypair = nil)
+      @keypair = keypair
+    end
+
+  end
+
+end

data/lib/ccipher_factory/asymkey/asymkey_generator.rb

@@ -0,0 +1,87 @@
+
+
+require 'openssl'
+require_relative 'ecc_keypair'
+
+module CcipherFactory
+    module AsymKeyGenerator
+      include TR::CondUtils
+     
+      class AsymKeyGeneratorError < StandardError; end
+
+      def self.supported_asymkey
+        {
+          #ecc: Ccrypto::KeypairGenerator.instance(:ecc).curves
+          ecc: Ccrypto::AlgoFactory.engine(Ccrypto::ECCConfig).supported_curves
+        }
+      end
+
+      def self.set_default(keytype, opts = { }, &block)
+        
+        defVal = algo_default(keytype)
+        defVal.merge!(opts)
+        defVal
+
+      end
+
+      def self.algo_default(keytype)
+        case keytype
+        when :ecc
+          @algoDef = { } if is_empty?(@algoDef)
+          @algoDef[:ecc] = { } if is_empty?(@algoDef[:ecc])
+          # default is NIST P-256
+          @algoDef[:ecc][:curve] = 'prime256v1' if is_empty?(@algoDef[:ecc][:curve])
+
+          @algoDef[:ecc]
+        else
+          raise AsymKeyGeneratorError, "Unknown default for '#{keytype}'"
+        end
+
+      end
+
+      def self.generate(keytype, opts = { }, &block)
+       
+        raise AsymKeyGeneratorError, "Given key type '#{keytype}' is not supported. Supported key type are: #{supported_asymkey.keys.join(",")}" if not supported_asymkey.keys.include?(keytype)
+
+        case keytype
+        when :ecc
+          
+          curve = opts[:curve]
+          curve = algo_default(:ecc)[:curve] if is_empty?(curve)
+
+          #raise AsymKeyGeneratorError, "Curve '#{curve}' is not supported. Supported curves are #{supported_asymkey[:ecc].join(", ")}" if not supported_asymkey[:ecc].include?(curve)
+
+          case curve
+          when Ccrypto::ECCConfig
+            logger.debug "ECCConfig"
+            key = Ccrypto::AlgoFactory.engine(curve).generate_keypair
+            ecKey = KeyPair::ECCKeyPair.new(key)
+            ecKey.curve = curve.curve
+          when String
+            logger.debug "String to ECCConfig"
+            key = Ccrypto::AlgoFactory.engine(Ccrypto::ECCConfig.new(curve)).generate_keypair
+            ecKey = KeyPair::ECCKeyPair.new(key)
+            ecKey.curve = curve
+          else
+            raise AsymKeyGeneratorError, "Unknown curve value type #{curve.class}"
+          end
+
+          logger.debug "Generated key : #{ecKey.inspect}"
+          ecKey
+
+        else
+          raise AsymKeyGeneratorError, "Unknown asymmetric key type '#{keytype}'"
+        end
+
+      end
+
+      def self.logger
+        if @logger.nil?
+          @logger = Tlogger.new
+          @logger.tag = :asym_keygen
+        end
+        @logger
+      end
+
+    end
+end

data/lib/ccipher_factory/asymkey/ecc_keypair.rb

@@ -0,0 +1,56 @@
+
+require_relative 'asymkey'
+
+
+module CcipherFactory
+  module KeyPair
+    class ECCKeyPair
+      include AsymKey
+      include TR::CondUtils
+
+      attr_writer :curve
+
+      def curve
+        if is_empty?(@curve) and not_empty?(@key)
+          @curve = @key.group.curve_name
+        end
+        @curve
+      end
+
+      def to_signer_info
+        bs = BinStruct.instance.struct(:ecc_signer_info)
+        bs.signer_info_value = @keypair.public_key.to_bin
+        bs.encoded
+      end
+
+      def self.from_signer_info(bin)
+
+        bs = BinStruct.instance.struct(:ecc_signer_info)
+        ts = bs.from_bin(bin)
+        siType = ts.signer_info_type
+        val = ts.signer_info_value
+        case BTag.value_constant(siType)
+        when :public_key
+          Ccrypto::AlgoFactory.engine(Ccrypto::ECCPublicKey).to_key(val)
+        else
+          raise AsymKeyError, "Unknown signer info type #{BTag.value_constant(siType)}"
+        end
+
+      end
+
+      def method_missing(mtd, *args, &block)
+        logger.debug "sending method #{mtd} to #{@keypair}"
+        @keypair.send(mtd, *args, &block)
+      end
+
+      def logger
+        if @logger.nil?
+          @logger = Tlogger.new
+          @logger.tag = :cf_ecc_keypair
+        end
+        @logger
+      end
+
+    end
+  end
+end

data/lib/ccipher_factory/asymkey_cipher/asymkey_cipher.rb

@@ -0,0 +1,63 @@
+
+
+module CcipherFactory
+  module AsymKeyCipher
+    include TR::CondUtils
+
+    class ASKCipher; end
+
+    class AsymKeyCipherError < StandardError; end
+
+    def self.encryptor(eng = :ecc)
+      c = ASKCipher.new
+      case eng
+      when :ecc
+        c.extend(ECCEncrypt)
+      else
+        raise AsymKeyCipherError, "Not supported encryptor engine '#{eng}'"
+      end
+      c
+    end
+
+    def self.decryptor(eng = :ecc)
+      c = ASKCipher.new
+      case eng
+      when :ecc
+        c.extend(ECCDecrypt)
+      else
+        raise AsymKeyCipherError, "Not supoprted decryptor engine '#{eng}'"
+      end
+      c
+    end
+
+    def self.att_encryptor(eng = :ecc)
+      c = ASKCipher.new
+      case eng
+      when :ecc
+        c.extend(ECCAttEncrypt)
+      else
+        raise AsymKeyCipherError, "Not supported encryptor engine '#{eng}'"
+      end
+      c
+    end
+
+    def self.att_decryptor(eng = :ecc)
+      c = ASKCipher.new
+      case eng
+      when :ecc
+        c.extend(ECCAttDecrypt)
+      else
+        raise AsymKeyCipherError, "Not supoprted decryptor engine '#{eng}'"
+      end
+      c
+    end
+
+  end
+end
+
+require_relative 'ecc/ecc_encrypt'
+require_relative 'ecc/ecc_decrypt'
+
+require_relative 'ecc/ecc_att_encrypt'
+require_relative 'ecc/ecc_att_decrypt'
+

data/lib/ccipher_factory/asymkey_cipher/asymkey_signer.rb

@@ -0,0 +1,44 @@
+
+
+module CcipherFactory
+  module AsymKeySigner
+
+    class ASKSigner; end
+    class ASKVerifier; end
+
+    class AsymKeySignerError < StandardError; end
+
+    def self.signer(eng = :ecc)
+      s = ASKSigner.new
+      s.extend(ECCSigner)
+      s
+    end
+
+    def self.verifier(eng = :ecc)
+      s = ASKSigner.new
+      s.extend(ECCVerifier)
+      s
+    end
+
+    def self.att_signer(eng = :ecc)
+      s = ASKSigner.new
+      s.extend(ECCAttSigner)
+      s
+    end
+
+    def self.att_verifier(eng = :ecc)
+      s = ASKSigner.new
+      s.extend(ECCAttVerifier)
+      s
+    end
+
+
+  end
+end
+
+require_relative 'ecc/ecc_signer'
+require_relative 'ecc/ecc_verifier'
+
+require_relative 'ecc/ecc_att_signer'
+require_relative 'ecc/ecc_att_verifier'
+

data/lib/ccipher_factory/asymkey_cipher/ecc/ecc_att_decrypt.rb

@@ -0,0 +1,55 @@
+
+
+module CcipherFactory
+  module AsymKeyCipher
+    module ECCAttDecrypt
+      include Common
+
+      attr_accessor :decryption_key 
+      def att_decrypt_init(opts = { }, &block)
+
+        if block
+          instance_eval(&block)
+          att_decrypt_final
+        else
+          self
+        end
+
+      end
+
+      def att_decrypt_update(val)
+
+        if @dec.nil?
+          intOutputBuf.write(val)
+          begin
+            Encoding.extract_meta(intOutputBuf) do |meta, bal|
+
+              @dec = AsymKeyCipher.decryptor(:ecc)
+              @dec.output(@output)
+              @dec.decryption_key = @decryption_key
+              @dec.decrypt_init
+              @dec.decrypt_update_meta(meta)
+
+              att_decrypt_update(bal) if bal.length > 0
+
+              intOutputBuf.rewind
+              intOutputBuf = nil
+
+            end
+          rescue Encoding::InsufficientData => e
+          end
+
+        else
+          @dec.decrypt_update_cipher(val)
+        end
+      end
+
+      def att_decrypt_final
+        @dec.decrypt_final 
+      end
+
+    end
+  end
+end
+
+