ccrypto-java 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.java-version +1 -1
- data/.release_history.yml +4 -0
- data/.ruby-version +1 -0
- data/Gemfile +1 -1
- data/Gemfile.lock +68 -53
- data/Rakefile +2 -1
- data/bin/console +14 -0
- data/jars/bcjmail-jdk18on-172.jar +0 -0
- data/jars/bcmail-jdk18on-172.jar +0 -0
- data/jars/bcpg-jdk18on-172.1.jar +0 -0
- data/jars/bcpkix-jdk18on-172.jar +0 -0
- data/jars/bcprov-ext-jdk18on-172.jar +0 -0
- data/jars/bcprov-jdk18on-172.jar +0 -0
- data/jars/bctls-jdk18on-172.jar +0 -0
- data/jars/bcutil-jdk18on-172.jar +0 -0
- data/lib/ccrypto/java/bc_const_mapping.rb +42 -0
- data/lib/ccrypto/java/data_conversion.rb +23 -2
- data/lib/ccrypto/java/engines/argon2_engine.rb +95 -0
- data/lib/ccrypto/java/engines/asn1_engine.rb +2 -1
- data/lib/ccrypto/java/engines/bcrypt_engine.rb +56 -0
- data/lib/ccrypto/java/engines/cipher_engine.rb +462 -130
- data/lib/ccrypto/java/engines/compression_engine.rb +7 -28
- data/lib/ccrypto/java/engines/crystal_dilithium_engine.rb +226 -0
- data/lib/ccrypto/java/engines/crystal_kyber_engine.rb +260 -0
- data/lib/ccrypto/java/engines/decompression_engine.rb +5 -4
- data/lib/ccrypto/java/engines/digest_engine.rb +221 -139
- data/lib/ccrypto/java/engines/ecc_engine.rb +249 -96
- data/lib/ccrypto/java/engines/ed25519_engine.rb +211 -0
- data/lib/ccrypto/java/engines/hkdf_engine.rb +82 -23
- data/lib/ccrypto/java/engines/hmac_engine.rb +98 -23
- data/lib/ccrypto/java/engines/pbkdf2_engine.rb +82 -33
- data/lib/ccrypto/java/engines/pkcs7_engine.rb +44 -33
- data/lib/ccrypto/java/engines/rsa_engine.rb +85 -31
- data/lib/ccrypto/java/engines/scrypt_engine.rb +12 -3
- data/lib/ccrypto/java/engines/secret_key_engine.rb +77 -12
- data/lib/ccrypto/java/engines/secret_sharing_engine.rb +17 -2
- data/lib/ccrypto/java/engines/x25519_engine.rb +249 -0
- data/lib/ccrypto/java/engines/x509_csr_engine.rb +141 -0
- data/lib/ccrypto/java/engines/x509_engine.rb +365 -71
- data/lib/ccrypto/java/ext/secret_key.rb +37 -25
- data/lib/ccrypto/java/ext/x509_cert.rb +429 -5
- data/lib/ccrypto/java/ext/x509_csr.rb +151 -0
- data/lib/ccrypto/java/jce_provider.rb +0 -11
- data/lib/ccrypto/java/keystore/jce_keystore.rb +205 -0
- data/lib/ccrypto/java/keystore/jks_keystore.rb +52 -0
- data/lib/ccrypto/java/keystore/keystore.rb +97 -0
- data/lib/ccrypto/java/keystore/pem_keystore.rb +147 -0
- data/lib/ccrypto/java/keystore/pkcs12_keystore.rb +56 -0
- data/lib/ccrypto/java/utils/comparator.rb +25 -2
- data/lib/ccrypto/java/version.rb +1 -1
- data/lib/ccrypto/java.rb +46 -0
- data/lib/ccrypto/provider.rb +139 -3
- metadata +40 -24
- data/ccrypto-java.gemspec +0 -44
- data/jars/bcmail-jdk15on-165.jar +0 -0
- data/jars/bcpg-jdk15on-165.jar +0 -0
- data/jars/bcpkix-jdk15on-165.jar +0 -0
- data/jars/bcprov-ext-jdk15on-165.jar +0 -0
- data/jars/bcprov-jdk15on-165.jar +0 -0
- data/jars/bctls-jdk15on-165.jar +0 -0
- data/lib/ccrypto/java/keybundle_store/pkcs12.rb +0 -125
@@ -7,36 +7,11 @@ module Ccrypto
|
|
7
7
|
include DataConversion
|
8
8
|
include TR::CondUtils
|
9
9
|
|
10
|
-
include TeLogger::TeLogHelper
|
11
|
-
|
12
|
-
teLogger_tag :j_compression
|
13
|
-
|
14
10
|
def initialize(*args, &block)
|
15
11
|
|
16
12
|
@config = args.first
|
17
13
|
raise CompressionError, "Compress Config is expected. Given #{@config}" if not @config.is_a?(Ccrypto::CompressionConfig)
|
18
14
|
|
19
|
-
#if block
|
20
|
-
|
21
|
-
# outPath = block.call(:out_path)
|
22
|
-
# if is_empty?(outPath)
|
23
|
-
# outFile = block.call(:out_file)
|
24
|
-
# raise CompressionError, "OutputStream required" if not outFile.is_a?(java.io.OutputStream)
|
25
|
-
# @out = outFile
|
26
|
-
# else
|
27
|
-
# @out = java.io.RandomAccessFile.new(java.io.File.new(outPath), "w")
|
28
|
-
# end
|
29
|
-
|
30
|
-
# @intBufSize = block.call(:int_buf_size) || 102400
|
31
|
-
|
32
|
-
#else
|
33
|
-
# @intBufSize = 102400
|
34
|
-
|
35
|
-
#end
|
36
|
-
|
37
|
-
#@in = java.io.RandomAccessFile.new(java.nio.file.Files.createTempFile(nil,".zl").toFile, "rw")
|
38
|
-
#@inPtr = 0
|
39
|
-
|
40
15
|
case @config.level
|
41
16
|
when :best_compression
|
42
17
|
teLogger.debug "Compression with best compression"
|
@@ -63,15 +38,13 @@ module Ccrypto
|
|
63
38
|
def update(val)
|
64
39
|
if val.length > 0
|
65
40
|
teLogger.debug "Given #{val.length} bytes for compression"
|
66
|
-
#teLogger.debug "Write ready-to-compress data : #{val.length}"
|
67
|
-
#@in.write(to_java_bytes(val))
|
68
41
|
|
69
42
|
@eng.setInput(to_java_bytes(val))
|
70
43
|
|
71
44
|
@eng.finish
|
72
45
|
|
73
46
|
baos = java.io.ByteArrayOutputStream.new
|
74
|
-
buf = ::Java::byte[
|
47
|
+
buf = ::Java::byte[READ_BUF_SIZE].new
|
75
48
|
while not @eng.finished
|
76
49
|
done = @eng.deflate(buf)
|
77
50
|
@os.write(buf,0,done)
|
@@ -87,6 +60,12 @@ module Ccrypto
|
|
87
60
|
|
88
61
|
end
|
89
62
|
|
63
|
+
private
|
64
|
+
def teLogger
|
65
|
+
Java.logger(:comp_eng)
|
66
|
+
end
|
67
|
+
|
68
|
+
|
90
69
|
end
|
91
70
|
end
|
92
71
|
end
|
@@ -0,0 +1,226 @@
|
|
1
|
+
|
2
|
+
require_relative '../data_conversion'
|
3
|
+
|
4
|
+
java_import org.bouncycastle.pqc.crypto.crystals.dilithium.DilithiumParameters
|
5
|
+
java_import org.bouncycastle.pqc.crypto.crystals.dilithium.DilithiumKeyGenerationParameters
|
6
|
+
java_import org.bouncycastle.pqc.crypto.crystals.dilithium.DilithiumKeyPairGenerator
|
7
|
+
java_import org.bouncycastle.pqc.crypto.crystals.dilithium.DilithiumPublicKeyParameters
|
8
|
+
java_import org.bouncycastle.pqc.crypto.crystals.dilithium.DilithiumSigner
|
9
|
+
|
10
|
+
module Ccrypto
|
11
|
+
module Java
|
12
|
+
|
13
|
+
class CrystalDilithiumEngineError < StandardError; end
|
14
|
+
|
15
|
+
class CrystalDilithiumPublicKey < Ccrypto::PublicKey
|
16
|
+
include DataConversion
|
17
|
+
include TR::CondUtils
|
18
|
+
|
19
|
+
attr_reader :param
|
20
|
+
def initialize(pubKey, param)
|
21
|
+
super(pubKey)
|
22
|
+
@param = param
|
23
|
+
end
|
24
|
+
|
25
|
+
def to_bin
|
26
|
+
@native_pubKey.encoded
|
27
|
+
end
|
28
|
+
|
29
|
+
def encoded
|
30
|
+
to_bin
|
31
|
+
end
|
32
|
+
|
33
|
+
def self.to_key(params, bin)
|
34
|
+
bin = to_java_bytes(bin) if not bin.is_a?(::Java::byte[])
|
35
|
+
|
36
|
+
case params
|
37
|
+
when Ccrypto::CrystalDilithiumConfig
|
38
|
+
pa = params.provider_config[:params]
|
39
|
+
when Symbol
|
40
|
+
pa = CrystalDilithiumEngine.supported_configs[params]
|
41
|
+
if not_empty?(pa)
|
42
|
+
pa = pa.provider_config[:params]
|
43
|
+
end
|
44
|
+
else
|
45
|
+
raise CrystalDilithiumEngineError, "Unsupported params type '#{params.class}'"
|
46
|
+
end
|
47
|
+
|
48
|
+
raise CrystalDilithiumEngineError, "Unknown param '#{param}'" if is_empty?(pa)
|
49
|
+
|
50
|
+
pubKey = DilithiumPublicKeyParameters.new(pa, bin)
|
51
|
+
CrystalDilithiumPublicKey.new(pubKey, pa)
|
52
|
+
end
|
53
|
+
|
54
|
+
def equals?(pubKey)
|
55
|
+
if not @native_pubKey.nil?
|
56
|
+
case pubKey
|
57
|
+
when CrystalDilithiumPublicKey
|
58
|
+
@native_pubKey.encoded == pubKey.to_bin
|
59
|
+
else
|
60
|
+
logger.warn "Unmatched public key : (native) #{@native_pubKey} vs. (subject) #{pubKey}"
|
61
|
+
false
|
62
|
+
end
|
63
|
+
else
|
64
|
+
logger.warn "CrystalDilithiumPublicKey equals? returned false because native_pubKey is nil"
|
65
|
+
false
|
66
|
+
end
|
67
|
+
end
|
68
|
+
alias_method :key_equals?, :equals?
|
69
|
+
|
70
|
+
end # class CrystalDilithiumPublicKey
|
71
|
+
|
72
|
+
class CrystalDilithiumPrivateKey < Ccrypto::PrivateKey
|
73
|
+
|
74
|
+
attr_reader :param
|
75
|
+
def initialize(privKey, param)
|
76
|
+
super(privKey)
|
77
|
+
@param = param
|
78
|
+
end
|
79
|
+
|
80
|
+
def to_bin
|
81
|
+
@native_privKey.encoded
|
82
|
+
end
|
83
|
+
|
84
|
+
def self.to_key(params = {})
|
85
|
+
param = params[:param]
|
86
|
+
bcParam = CrystalDilithiumEngine.find_config(param)
|
87
|
+
bcPrivKey = org.bouncycastle.pqc.crypto.crystals.dilithium::DilithiumPrivateKeyParameters.new(bcParam.provider_config[:params], params[:rho].to_java_bytes, params[:k].to_java_bytes, params[:tr].to_java_bytes, params[:s1].to_java_bytes, params[:s2].to_java_bytes, params[:t0].to_java_bytes, params[:t1].to_java_bytes)
|
88
|
+
CrystalDilithiumPrivateKey.new(bcPrivKey, param)
|
89
|
+
end
|
90
|
+
|
91
|
+
def equals?(privKey)
|
92
|
+
if not @native_privKey.nil?
|
93
|
+
case privKey
|
94
|
+
when CrystalDilithiumPrivateKey
|
95
|
+
@native_privKey.encoded == privKey.to_bin
|
96
|
+
else
|
97
|
+
logger.warn "Unmatched private key : (native) #{@native_privKey} vs. (subject) #{privKey}"
|
98
|
+
false
|
99
|
+
end
|
100
|
+
else
|
101
|
+
logger.warn "ED25519PrivateKey equals? returned false because native_privKey is nil"
|
102
|
+
false
|
103
|
+
end
|
104
|
+
end
|
105
|
+
alias_method :key_equals?, :equals?
|
106
|
+
|
107
|
+
end # class CrystalDilithiumPrivateKey
|
108
|
+
|
109
|
+
#
|
110
|
+
# Crystal-Dilithium mainly for data signing
|
111
|
+
#
|
112
|
+
class CrystalDilithiumKeyBundle
|
113
|
+
include Ccrypto::KeyBundle
|
114
|
+
include TR::CondUtils
|
115
|
+
|
116
|
+
def initialize(kp, param)
|
117
|
+
@nativeKeypair = kp
|
118
|
+
@param = param
|
119
|
+
raise KeypairEngineException, "Given keypair is nil" if @param.nil?
|
120
|
+
end
|
121
|
+
|
122
|
+
def public_key
|
123
|
+
if @_pubKey.nil?
|
124
|
+
@_pubKey = CrystalDilithiumPublicKey.new(@nativeKeypair.getPublic(), @param.param)
|
125
|
+
end
|
126
|
+
@_pubKey
|
127
|
+
end
|
128
|
+
|
129
|
+
def private_key
|
130
|
+
if @_privKey.nil?
|
131
|
+
@_privKey = CrystalDilithiumPrivateKey.new(@nativeKeypair.getPrivate(), @param.param)
|
132
|
+
end
|
133
|
+
@_privKey
|
134
|
+
end
|
135
|
+
|
136
|
+
def is_public_key_equal?(pubKey)
|
137
|
+
@nativeKeypair.getPublic().encoded == pubKey.encoded
|
138
|
+
end
|
139
|
+
|
140
|
+
end # class CrystalDilithiumKeyBundle
|
141
|
+
|
142
|
+
class CrystalDilithiumEngine
|
143
|
+
include DataConversion
|
144
|
+
include TR::CondUtils
|
145
|
+
|
146
|
+
def self.supported_params
|
147
|
+
supported_configs.keys
|
148
|
+
end
|
149
|
+
|
150
|
+
def self.supported_configs
|
151
|
+
if @supportedConfig.nil?
|
152
|
+
@supportedConfig = {}
|
153
|
+
{
|
154
|
+
dilithium2: DilithiumParameters::dilithium2,
|
155
|
+
dilithium3: DilithiumParameters::dilithium3,
|
156
|
+
dilithium5: DilithiumParameters::dilithium5,
|
157
|
+
dilithium2_aes: DilithiumParameters::dilithium2_aes,
|
158
|
+
dilithium3_aes: DilithiumParameters::dilithium3_aes,
|
159
|
+
dilithium5_aes: DilithiumParameters::dilithium5_aes,
|
160
|
+
}.each do |k,kp|
|
161
|
+
conf = Ccrypto::CrystalDilithiumConfig.new(k)
|
162
|
+
conf.provider_config = { params: kp.dup }
|
163
|
+
@supportedConfig[k] = conf
|
164
|
+
end
|
165
|
+
end
|
166
|
+
@supportedConfig.freeze
|
167
|
+
end
|
168
|
+
|
169
|
+
def self.find_config(conf)
|
170
|
+
supported_configs.select { |k,v| k == conf }.first[1]
|
171
|
+
end
|
172
|
+
|
173
|
+
def self.logger
|
174
|
+
Ccrypto::Java.logger(:dilithium_engine)
|
175
|
+
end
|
176
|
+
|
177
|
+
def initialize(*args, &block)
|
178
|
+
@config = args.first
|
179
|
+
raise KeypairEngineException, "1st parameter must be a #{Ccrypto::KeypairConfig.class} object" if not @config.is_a?(Ccrypto::KeypairConfig)
|
180
|
+
end
|
181
|
+
|
182
|
+
def generate_keypair(&block)
|
183
|
+
|
184
|
+
rand = java.security.SecureRandom.getInstanceStrong
|
185
|
+
kpg = DilithiumKeyPairGenerator.new
|
186
|
+
#logger.debug "CD config : #{@config.inspect}"
|
187
|
+
#logger.debug "CD config : #{DilithiumKeyGenerationParameters}"
|
188
|
+
#logger.debug "CD provider config : #{@config.provider_config}"
|
189
|
+
#logger.debug "CD provider config params : #{@config.provider_config[:params]}"
|
190
|
+
#logger.debug "CD provider config params : #{DilithiumParameters::dilithium2}"
|
191
|
+
param = DilithiumKeyGenerationParameters.new(rand, @config.provider_config[:params])
|
192
|
+
logger.debug "CD param : #{param.inspect}"
|
193
|
+
kpg.init(param)
|
194
|
+
|
195
|
+
CrystalDilithiumKeyBundle.new(kpg.generateKeyPair(), @config)
|
196
|
+
|
197
|
+
end
|
198
|
+
|
199
|
+
def sign(data, &block)
|
200
|
+
|
201
|
+
raise KeypairEngineException, "Keypair is required" if @config.keypair.nil?
|
202
|
+
raise KeypairEngineException, "Crystal Dilithium keypair is required. Given #{@config.keypair}" if not @config.keypair.is_a?(CrystalDilithiumKeyBundle)
|
203
|
+
kp = @config.keypair
|
204
|
+
|
205
|
+
signer = DilithiumSigner.new
|
206
|
+
signer.init(true, kp.private_key.native)
|
207
|
+
signer.generateSignature(to_java_bytes(data))
|
208
|
+
|
209
|
+
end
|
210
|
+
|
211
|
+
def self.verify(pubKey, data, sign)
|
212
|
+
raise KeypairEngineException, "Given public key to verify is empty" if is_empty?(pubKey)
|
213
|
+
raise KeypairEngineException, "Given data to verify is empty" if is_empty?(data)
|
214
|
+
raise KeypairEngineException, "Given signature to verify is empty" if is_empty?(sign)
|
215
|
+
|
216
|
+
ver = DilithiumSigner.new
|
217
|
+
puts "verifying public key #{pubKey.inspect}"
|
218
|
+
ver.init(false, pubKey.native)
|
219
|
+
|
220
|
+
ver.verifySignature(to_java_bytes(data), to_java_bytes(sign))
|
221
|
+
end
|
222
|
+
|
223
|
+
end # class CrystalDilithiumEngine
|
224
|
+
|
225
|
+
end
|
226
|
+
end
|
@@ -0,0 +1,260 @@
|
|
1
|
+
|
2
|
+
require_relative '../data_conversion'
|
3
|
+
|
4
|
+
java_import org.bouncycastle.pqc.crypto.crystals.kyber.KyberParameters
|
5
|
+
java_import org.bouncycastle.pqc.crypto.crystals.kyber.KyberKeyGenerationParameters
|
6
|
+
java_import org.bouncycastle.pqc.crypto.crystals.kyber.KyberPublicKeyParameters
|
7
|
+
java_import org.bouncycastle.pqc.crypto.crystals.kyber.KyberKEMGenerator
|
8
|
+
java_import org.bouncycastle.pqc.crypto.crystals.kyber.KyberKEMExtractor
|
9
|
+
|
10
|
+
require_relative '../data_conversion'
|
11
|
+
|
12
|
+
module Ccrypto
|
13
|
+
module Java
|
14
|
+
|
15
|
+
class CrystalKyberPublicKey < Ccrypto::CrystalKyberPublicKey
|
16
|
+
include DataConversion
|
17
|
+
include TR::CondUtils
|
18
|
+
|
19
|
+
def initialize(kp, param)
|
20
|
+
super(kp)
|
21
|
+
@keyParam = param
|
22
|
+
end
|
23
|
+
|
24
|
+
# Public API
|
25
|
+
def key_param
|
26
|
+
@keyParam
|
27
|
+
end
|
28
|
+
alias_method :param, :key_param
|
29
|
+
|
30
|
+
# Public API
|
31
|
+
def to_bin
|
32
|
+
@native_pubKey.encoded
|
33
|
+
end
|
34
|
+
|
35
|
+
# Public API
|
36
|
+
def encoded
|
37
|
+
to_bin
|
38
|
+
end
|
39
|
+
|
40
|
+
def to_s
|
41
|
+
"Crystal Kyber - #{@keyParam} : #{native.inspect}"
|
42
|
+
end
|
43
|
+
|
44
|
+
# Public API
|
45
|
+
def self.to_key(params, bin)
|
46
|
+
bin = to_java_bytes(bin) if not bin.is_a?(::Java::byte[])
|
47
|
+
|
48
|
+
case params
|
49
|
+
when Ccrypto::CrystalKyberConfig
|
50
|
+
pa = params.provider_config[:params]
|
51
|
+
when Symbol
|
52
|
+
pa = CrystalKyberEngine.supported_configs[params]
|
53
|
+
if not_empty?(pa)
|
54
|
+
pa = pa.provider_config[:params]
|
55
|
+
end
|
56
|
+
else
|
57
|
+
raise CrystalKyberEngineError, "Unsupported params type '#{params.class}'"
|
58
|
+
end
|
59
|
+
|
60
|
+
raise CrystalKyberEngineError, "Unknown param '#{param}'" if is_empty?(pa)
|
61
|
+
|
62
|
+
pubKey = KyberPublicKeyParameters.new(pa, bin)
|
63
|
+
CrystalKyberPublicKey.new(pubKey, params)
|
64
|
+
end
|
65
|
+
|
66
|
+
def key_equals?(pubKey)
|
67
|
+
if not @native_pubKey.nil?
|
68
|
+
case pubKey
|
69
|
+
when CrystalKyberPublicKey
|
70
|
+
@native_pubKey.encoded == pubKey.to_bin
|
71
|
+
else
|
72
|
+
logger.warn "Unmatched public key : (native) #{@native_pubKey} vs. (subject) #{pubKey}"
|
73
|
+
|
74
|
+
false
|
75
|
+
end
|
76
|
+
else
|
77
|
+
logger.warn "CrystalKyberPublicKey equals? returned false because native_pubKey is nil"
|
78
|
+
false
|
79
|
+
end
|
80
|
+
end
|
81
|
+
alias_method :equals?, :key_equals?
|
82
|
+
|
83
|
+
end # class CrystalKyberPublicKey
|
84
|
+
|
85
|
+
class CrystalKyberPrivateKey < Ccrypto::PrivateKey
|
86
|
+
|
87
|
+
def initialize(kp, param)
|
88
|
+
super(kp)
|
89
|
+
@keyParam = param
|
90
|
+
end
|
91
|
+
|
92
|
+
def key_param
|
93
|
+
@keyParam
|
94
|
+
end
|
95
|
+
alias_method :param, :key_param
|
96
|
+
|
97
|
+
def to_bin
|
98
|
+
@native_privKey.encoded
|
99
|
+
end
|
100
|
+
|
101
|
+
def self.to_key(params = {})
|
102
|
+
param = params[:param]
|
103
|
+
bcParam = CrystalKyberEngine.find_config(param)
|
104
|
+
bcPrivKey = org.bouncycastle.pqc.crypto.crystals.kyber::KyberPrivateKeyParameters.new(bcParam.provider_config[:params], params[:s].to_java_bytes, params[:hpk].to_java_bytes, params[:nonce].to_java_bytes, params[:t].to_java_bytes, params[:rho].to_java_bytes)
|
105
|
+
CrystalKyberPrivateKey.new(bcPrivKey, param)
|
106
|
+
end
|
107
|
+
|
108
|
+
def equals?(privKey)
|
109
|
+
if not @native_privKey.nil?
|
110
|
+
case privKey
|
111
|
+
when CrystalKyberPrivateKey
|
112
|
+
@native_privKey.encoded == privKey.to_bin
|
113
|
+
else
|
114
|
+
logger.warn "Unmatched private key : (native) #{@native_privKey} vs. (subject) #{privKey}"
|
115
|
+
false
|
116
|
+
end
|
117
|
+
else
|
118
|
+
logger.warn "CrystalKyberPrivateKey equals? returned false because native_privKey is nil"
|
119
|
+
false
|
120
|
+
end
|
121
|
+
end
|
122
|
+
alias_method :key_equals?, :equals?
|
123
|
+
|
124
|
+
end # class CrystalKyberPrivateKey
|
125
|
+
|
126
|
+
class CrystalKyberKEM
|
127
|
+
include TR::CondUtils
|
128
|
+
include DataConversion
|
129
|
+
|
130
|
+
def initialize(kem)
|
131
|
+
@kem = kem
|
132
|
+
raise KeypairEngineException, "KEM cannot be empty" if is_empty?(@kem)
|
133
|
+
end
|
134
|
+
|
135
|
+
def for_recipient
|
136
|
+
@kem.getEncapsulation()
|
137
|
+
end
|
138
|
+
|
139
|
+
def for_cipher
|
140
|
+
@kem.getSecret()
|
141
|
+
end
|
142
|
+
|
143
|
+
def native
|
144
|
+
@kem
|
145
|
+
end
|
146
|
+
|
147
|
+
end # class CrystalKyberKEM
|
148
|
+
|
149
|
+
#
|
150
|
+
# Crystal-Kyber mainly for encryption via derivation
|
151
|
+
#
|
152
|
+
class CrystalKyberKeyBundle
|
153
|
+
include Ccrypto::KeyBundle
|
154
|
+
include TR::CondUtils
|
155
|
+
include DataConversion
|
156
|
+
|
157
|
+
def initialize(kp, params)
|
158
|
+
@nativeKeypair = kp
|
159
|
+
@nativeParam = params
|
160
|
+
end
|
161
|
+
|
162
|
+
def enc_derive(pubKey, &block)
|
163
|
+
raise KeypairEngineException, "Given public key to derive cannot be empty" if is_empty?(pubKey)
|
164
|
+
raise KeypairEngineException, "Given public key need to be a Crystal Kyber public key" if not pubKey.is_a?(CrystalKyberPublicKey)
|
165
|
+
|
166
|
+
rand = java.security.SecureRandom.getInstanceStrong()
|
167
|
+
kemGen = KyberKEMGenerator.new(rand)
|
168
|
+
CrystalKyberKEM.new(kemGen.generateEncapsulated(pubKey.native))
|
169
|
+
end
|
170
|
+
alias_method :derive_enc_shared_secret, :enc_derive
|
171
|
+
|
172
|
+
def dec_derive(kem, &block)
|
173
|
+
raise KeypairEngineException, "Native Keypair not available" if is_empty?(@nativeKeypair)
|
174
|
+
|
175
|
+
kemExt = KyberKEMExtractor.new(@nativeKeypair.getPrivate)
|
176
|
+
kemExt.extractSecret(to_java_bytes(kem))
|
177
|
+
end
|
178
|
+
alias_method :derive_dec_shared_secret, :dec_derive
|
179
|
+
|
180
|
+
def public_key
|
181
|
+
if @_pubKey.nil?
|
182
|
+
@_pubKey = CrystalKyberPublicKey.new(@nativeKeypair.getPublic(), @nativeParam.param)
|
183
|
+
end
|
184
|
+
@_pubKey
|
185
|
+
end
|
186
|
+
|
187
|
+
def private_key
|
188
|
+
if @_privKey.nil?
|
189
|
+
@_privKey = CrystalKyberPrivateKey.new(@nativeKeypair.getPrivate(), @nativeParam.param)
|
190
|
+
end
|
191
|
+
@_privKey
|
192
|
+
end
|
193
|
+
|
194
|
+
end # class CrystalKyberKeyBundle
|
195
|
+
|
196
|
+
class CrystalKyberEngine
|
197
|
+
|
198
|
+
def self.supported_params
|
199
|
+
supported_configs.keys
|
200
|
+
end
|
201
|
+
|
202
|
+
def self.supported_configs
|
203
|
+
if @supportedConfig.nil?
|
204
|
+
@supportedConfig = {}
|
205
|
+
{
|
206
|
+
kyber512: KyberParameters::kyber512,
|
207
|
+
kyber768: KyberParameters::kyber768,
|
208
|
+
kyber1024: KyberParameters::kyber1024,
|
209
|
+
kyber512_aes: KyberParameters::kyber512_aes,
|
210
|
+
kyber768_aes: KyberParameters::kyber768_aes,
|
211
|
+
kyber1024_aes: KyberParameters::kyber1024_aes,
|
212
|
+
}.each do |k,kp|
|
213
|
+
conf = Ccrypto::CrystalKyberConfig.new(k)
|
214
|
+
conf.provider_config = { params: kp }
|
215
|
+
@supportedConfig[k] = conf
|
216
|
+
end
|
217
|
+
end
|
218
|
+
@supportedConfig.freeze
|
219
|
+
end
|
220
|
+
|
221
|
+
def self.find_config(conf)
|
222
|
+
supported_configs.select { |k,v| k == conf }.first[1]
|
223
|
+
end
|
224
|
+
|
225
|
+
def self.get_available_session_keysize
|
226
|
+
[512, 768, 1024].freeze
|
227
|
+
end
|
228
|
+
|
229
|
+
def self.get_session_keysize_param(keysize, with_aes = false)
|
230
|
+
case keysize.to_i
|
231
|
+
when 512, 768, 1024
|
232
|
+
if with_aes
|
233
|
+
supported_configs["kyber#{keysize.to_i}_aes".to_sym]
|
234
|
+
else
|
235
|
+
supported_configs["kyber#{keysize.to_i}".to_sym]
|
236
|
+
end
|
237
|
+
else
|
238
|
+
raise KeypairEngineException, "Crystal Kyber only has keysizes of 512,768 and 1024"
|
239
|
+
end
|
240
|
+
end
|
241
|
+
|
242
|
+
def initialize(*args, &block)
|
243
|
+
@config = args.first
|
244
|
+
raise KeypairEngineException, "1st parameter must be a #{Ccrypto::KeypairConfig.class} object" if not @config.is_a?(Ccrypto::KeypairConfig)
|
245
|
+
end
|
246
|
+
|
247
|
+
def generate_keypair(&block)
|
248
|
+
|
249
|
+
rand = java.security.SecureRandom.getInstanceStrong
|
250
|
+
kpg = org.bouncycastle.pqc.crypto.crystals.kyber.KyberKeyPairGenerator.new
|
251
|
+
kpg.init(KyberKeyGenerationParameters.new(rand, @config.provider_config[:params]))
|
252
|
+
|
253
|
+
CrystalKyberKeyBundle.new(kpg.generateKeyPair(), @config)
|
254
|
+
|
255
|
+
end
|
256
|
+
|
257
|
+
end # class CrystalKyberEngine
|
258
|
+
|
259
|
+
end
|
260
|
+
end
|
@@ -7,9 +7,6 @@ module Ccrypto
|
|
7
7
|
include DataConversion
|
8
8
|
include TR::CondUtils
|
9
9
|
|
10
|
-
include TeLogger::TeLogHelper
|
11
|
-
teLogger_tag :j_decompression
|
12
|
-
|
13
10
|
def initialize(*args,&block)
|
14
11
|
|
15
12
|
@eng = java.util.zip.Inflater.new
|
@@ -25,7 +22,7 @@ module Ccrypto
|
|
25
22
|
@eng.setInput(to_java_bytes(val))
|
26
23
|
|
27
24
|
baos = java.io.ByteArrayOutputStream.new
|
28
|
-
buf = ::Java::byte[
|
25
|
+
buf = ::Java::byte[READ_BUF_SIZE].new
|
29
26
|
while not @eng.finished
|
30
27
|
done = @eng.inflate(buf)
|
31
28
|
teLogger.debug "Done #{done} bytes"
|
@@ -43,6 +40,10 @@ module Ccrypto
|
|
43
40
|
def final
|
44
41
|
end
|
45
42
|
|
43
|
+
def teLogger
|
44
|
+
Java.logger(:decomp_eng)
|
45
|
+
end
|
46
|
+
|
46
47
|
end
|
47
48
|
end
|
48
49
|
end
|