ccrypto-java 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.java-version +1 -1
- data/.release_history.yml +4 -0
- data/.ruby-version +1 -0
- data/Gemfile +1 -1
- data/Gemfile.lock +68 -53
- data/Rakefile +2 -1
- data/bin/console +14 -0
- data/jars/bcjmail-jdk18on-172.jar +0 -0
- data/jars/bcmail-jdk18on-172.jar +0 -0
- data/jars/bcpg-jdk18on-172.1.jar +0 -0
- data/jars/bcpkix-jdk18on-172.jar +0 -0
- data/jars/bcprov-ext-jdk18on-172.jar +0 -0
- data/jars/bcprov-jdk18on-172.jar +0 -0
- data/jars/bctls-jdk18on-172.jar +0 -0
- data/jars/bcutil-jdk18on-172.jar +0 -0
- data/lib/ccrypto/java/bc_const_mapping.rb +42 -0
- data/lib/ccrypto/java/data_conversion.rb +23 -2
- data/lib/ccrypto/java/engines/argon2_engine.rb +95 -0
- data/lib/ccrypto/java/engines/asn1_engine.rb +2 -1
- data/lib/ccrypto/java/engines/bcrypt_engine.rb +56 -0
- data/lib/ccrypto/java/engines/cipher_engine.rb +462 -130
- data/lib/ccrypto/java/engines/compression_engine.rb +7 -28
- data/lib/ccrypto/java/engines/crystal_dilithium_engine.rb +226 -0
- data/lib/ccrypto/java/engines/crystal_kyber_engine.rb +260 -0
- data/lib/ccrypto/java/engines/decompression_engine.rb +5 -4
- data/lib/ccrypto/java/engines/digest_engine.rb +221 -139
- data/lib/ccrypto/java/engines/ecc_engine.rb +249 -96
- data/lib/ccrypto/java/engines/ed25519_engine.rb +211 -0
- data/lib/ccrypto/java/engines/hkdf_engine.rb +82 -23
- data/lib/ccrypto/java/engines/hmac_engine.rb +98 -23
- data/lib/ccrypto/java/engines/pbkdf2_engine.rb +82 -33
- data/lib/ccrypto/java/engines/pkcs7_engine.rb +44 -33
- data/lib/ccrypto/java/engines/rsa_engine.rb +85 -31
- data/lib/ccrypto/java/engines/scrypt_engine.rb +12 -3
- data/lib/ccrypto/java/engines/secret_key_engine.rb +77 -12
- data/lib/ccrypto/java/engines/secret_sharing_engine.rb +17 -2
- data/lib/ccrypto/java/engines/x25519_engine.rb +249 -0
- data/lib/ccrypto/java/engines/x509_csr_engine.rb +141 -0
- data/lib/ccrypto/java/engines/x509_engine.rb +365 -71
- data/lib/ccrypto/java/ext/secret_key.rb +37 -25
- data/lib/ccrypto/java/ext/x509_cert.rb +429 -5
- data/lib/ccrypto/java/ext/x509_csr.rb +151 -0
- data/lib/ccrypto/java/jce_provider.rb +0 -11
- data/lib/ccrypto/java/keystore/jce_keystore.rb +205 -0
- data/lib/ccrypto/java/keystore/jks_keystore.rb +52 -0
- data/lib/ccrypto/java/keystore/keystore.rb +97 -0
- data/lib/ccrypto/java/keystore/pem_keystore.rb +147 -0
- data/lib/ccrypto/java/keystore/pkcs12_keystore.rb +56 -0
- data/lib/ccrypto/java/utils/comparator.rb +25 -2
- data/lib/ccrypto/java/version.rb +1 -1
- data/lib/ccrypto/java.rb +46 -0
- data/lib/ccrypto/provider.rb +139 -3
- metadata +40 -24
- data/ccrypto-java.gemspec +0 -44
- data/jars/bcmail-jdk15on-165.jar +0 -0
- data/jars/bcpg-jdk15on-165.jar +0 -0
- data/jars/bcpkix-jdk15on-165.jar +0 -0
- data/jars/bcprov-ext-jdk15on-165.jar +0 -0
- data/jars/bcprov-jdk15on-165.jar +0 -0
- data/jars/bctls-jdk15on-165.jar +0 -0
- data/lib/ccrypto/java/keybundle_store/pkcs12.rb +0 -125
|
@@ -7,36 +7,11 @@ module Ccrypto
|
|
|
7
7
|
include DataConversion
|
|
8
8
|
include TR::CondUtils
|
|
9
9
|
|
|
10
|
-
include TeLogger::TeLogHelper
|
|
11
|
-
|
|
12
|
-
teLogger_tag :j_compression
|
|
13
|
-
|
|
14
10
|
def initialize(*args, &block)
|
|
15
11
|
|
|
16
12
|
@config = args.first
|
|
17
13
|
raise CompressionError, "Compress Config is expected. Given #{@config}" if not @config.is_a?(Ccrypto::CompressionConfig)
|
|
18
14
|
|
|
19
|
-
#if block
|
|
20
|
-
|
|
21
|
-
# outPath = block.call(:out_path)
|
|
22
|
-
# if is_empty?(outPath)
|
|
23
|
-
# outFile = block.call(:out_file)
|
|
24
|
-
# raise CompressionError, "OutputStream required" if not outFile.is_a?(java.io.OutputStream)
|
|
25
|
-
# @out = outFile
|
|
26
|
-
# else
|
|
27
|
-
# @out = java.io.RandomAccessFile.new(java.io.File.new(outPath), "w")
|
|
28
|
-
# end
|
|
29
|
-
|
|
30
|
-
# @intBufSize = block.call(:int_buf_size) || 102400
|
|
31
|
-
|
|
32
|
-
#else
|
|
33
|
-
# @intBufSize = 102400
|
|
34
|
-
|
|
35
|
-
#end
|
|
36
|
-
|
|
37
|
-
#@in = java.io.RandomAccessFile.new(java.nio.file.Files.createTempFile(nil,".zl").toFile, "rw")
|
|
38
|
-
#@inPtr = 0
|
|
39
|
-
|
|
40
15
|
case @config.level
|
|
41
16
|
when :best_compression
|
|
42
17
|
teLogger.debug "Compression with best compression"
|
|
@@ -63,15 +38,13 @@ module Ccrypto
|
|
|
63
38
|
def update(val)
|
|
64
39
|
if val.length > 0
|
|
65
40
|
teLogger.debug "Given #{val.length} bytes for compression"
|
|
66
|
-
#teLogger.debug "Write ready-to-compress data : #{val.length}"
|
|
67
|
-
#@in.write(to_java_bytes(val))
|
|
68
41
|
|
|
69
42
|
@eng.setInput(to_java_bytes(val))
|
|
70
43
|
|
|
71
44
|
@eng.finish
|
|
72
45
|
|
|
73
46
|
baos = java.io.ByteArrayOutputStream.new
|
|
74
|
-
buf = ::Java::byte[
|
|
47
|
+
buf = ::Java::byte[READ_BUF_SIZE].new
|
|
75
48
|
while not @eng.finished
|
|
76
49
|
done = @eng.deflate(buf)
|
|
77
50
|
@os.write(buf,0,done)
|
|
@@ -87,6 +60,12 @@ module Ccrypto
|
|
|
87
60
|
|
|
88
61
|
end
|
|
89
62
|
|
|
63
|
+
private
|
|
64
|
+
def teLogger
|
|
65
|
+
Java.logger(:comp_eng)
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
|
|
90
69
|
end
|
|
91
70
|
end
|
|
92
71
|
end
|
|
@@ -0,0 +1,226 @@
|
|
|
1
|
+
|
|
2
|
+
require_relative '../data_conversion'
|
|
3
|
+
|
|
4
|
+
java_import org.bouncycastle.pqc.crypto.crystals.dilithium.DilithiumParameters
|
|
5
|
+
java_import org.bouncycastle.pqc.crypto.crystals.dilithium.DilithiumKeyGenerationParameters
|
|
6
|
+
java_import org.bouncycastle.pqc.crypto.crystals.dilithium.DilithiumKeyPairGenerator
|
|
7
|
+
java_import org.bouncycastle.pqc.crypto.crystals.dilithium.DilithiumPublicKeyParameters
|
|
8
|
+
java_import org.bouncycastle.pqc.crypto.crystals.dilithium.DilithiumSigner
|
|
9
|
+
|
|
10
|
+
module Ccrypto
|
|
11
|
+
module Java
|
|
12
|
+
|
|
13
|
+
class CrystalDilithiumEngineError < StandardError; end
|
|
14
|
+
|
|
15
|
+
class CrystalDilithiumPublicKey < Ccrypto::PublicKey
|
|
16
|
+
include DataConversion
|
|
17
|
+
include TR::CondUtils
|
|
18
|
+
|
|
19
|
+
attr_reader :param
|
|
20
|
+
def initialize(pubKey, param)
|
|
21
|
+
super(pubKey)
|
|
22
|
+
@param = param
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def to_bin
|
|
26
|
+
@native_pubKey.encoded
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def encoded
|
|
30
|
+
to_bin
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def self.to_key(params, bin)
|
|
34
|
+
bin = to_java_bytes(bin) if not bin.is_a?(::Java::byte[])
|
|
35
|
+
|
|
36
|
+
case params
|
|
37
|
+
when Ccrypto::CrystalDilithiumConfig
|
|
38
|
+
pa = params.provider_config[:params]
|
|
39
|
+
when Symbol
|
|
40
|
+
pa = CrystalDilithiumEngine.supported_configs[params]
|
|
41
|
+
if not_empty?(pa)
|
|
42
|
+
pa = pa.provider_config[:params]
|
|
43
|
+
end
|
|
44
|
+
else
|
|
45
|
+
raise CrystalDilithiumEngineError, "Unsupported params type '#{params.class}'"
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
raise CrystalDilithiumEngineError, "Unknown param '#{param}'" if is_empty?(pa)
|
|
49
|
+
|
|
50
|
+
pubKey = DilithiumPublicKeyParameters.new(pa, bin)
|
|
51
|
+
CrystalDilithiumPublicKey.new(pubKey, pa)
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
def equals?(pubKey)
|
|
55
|
+
if not @native_pubKey.nil?
|
|
56
|
+
case pubKey
|
|
57
|
+
when CrystalDilithiumPublicKey
|
|
58
|
+
@native_pubKey.encoded == pubKey.to_bin
|
|
59
|
+
else
|
|
60
|
+
logger.warn "Unmatched public key : (native) #{@native_pubKey} vs. (subject) #{pubKey}"
|
|
61
|
+
false
|
|
62
|
+
end
|
|
63
|
+
else
|
|
64
|
+
logger.warn "CrystalDilithiumPublicKey equals? returned false because native_pubKey is nil"
|
|
65
|
+
false
|
|
66
|
+
end
|
|
67
|
+
end
|
|
68
|
+
alias_method :key_equals?, :equals?
|
|
69
|
+
|
|
70
|
+
end # class CrystalDilithiumPublicKey
|
|
71
|
+
|
|
72
|
+
class CrystalDilithiumPrivateKey < Ccrypto::PrivateKey
|
|
73
|
+
|
|
74
|
+
attr_reader :param
|
|
75
|
+
def initialize(privKey, param)
|
|
76
|
+
super(privKey)
|
|
77
|
+
@param = param
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
def to_bin
|
|
81
|
+
@native_privKey.encoded
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
def self.to_key(params = {})
|
|
85
|
+
param = params[:param]
|
|
86
|
+
bcParam = CrystalDilithiumEngine.find_config(param)
|
|
87
|
+
bcPrivKey = org.bouncycastle.pqc.crypto.crystals.dilithium::DilithiumPrivateKeyParameters.new(bcParam.provider_config[:params], params[:rho].to_java_bytes, params[:k].to_java_bytes, params[:tr].to_java_bytes, params[:s1].to_java_bytes, params[:s2].to_java_bytes, params[:t0].to_java_bytes, params[:t1].to_java_bytes)
|
|
88
|
+
CrystalDilithiumPrivateKey.new(bcPrivKey, param)
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
def equals?(privKey)
|
|
92
|
+
if not @native_privKey.nil?
|
|
93
|
+
case privKey
|
|
94
|
+
when CrystalDilithiumPrivateKey
|
|
95
|
+
@native_privKey.encoded == privKey.to_bin
|
|
96
|
+
else
|
|
97
|
+
logger.warn "Unmatched private key : (native) #{@native_privKey} vs. (subject) #{privKey}"
|
|
98
|
+
false
|
|
99
|
+
end
|
|
100
|
+
else
|
|
101
|
+
logger.warn "ED25519PrivateKey equals? returned false because native_privKey is nil"
|
|
102
|
+
false
|
|
103
|
+
end
|
|
104
|
+
end
|
|
105
|
+
alias_method :key_equals?, :equals?
|
|
106
|
+
|
|
107
|
+
end # class CrystalDilithiumPrivateKey
|
|
108
|
+
|
|
109
|
+
#
|
|
110
|
+
# Crystal-Dilithium mainly for data signing
|
|
111
|
+
#
|
|
112
|
+
class CrystalDilithiumKeyBundle
|
|
113
|
+
include Ccrypto::KeyBundle
|
|
114
|
+
include TR::CondUtils
|
|
115
|
+
|
|
116
|
+
def initialize(kp, param)
|
|
117
|
+
@nativeKeypair = kp
|
|
118
|
+
@param = param
|
|
119
|
+
raise KeypairEngineException, "Given keypair is nil" if @param.nil?
|
|
120
|
+
end
|
|
121
|
+
|
|
122
|
+
def public_key
|
|
123
|
+
if @_pubKey.nil?
|
|
124
|
+
@_pubKey = CrystalDilithiumPublicKey.new(@nativeKeypair.getPublic(), @param.param)
|
|
125
|
+
end
|
|
126
|
+
@_pubKey
|
|
127
|
+
end
|
|
128
|
+
|
|
129
|
+
def private_key
|
|
130
|
+
if @_privKey.nil?
|
|
131
|
+
@_privKey = CrystalDilithiumPrivateKey.new(@nativeKeypair.getPrivate(), @param.param)
|
|
132
|
+
end
|
|
133
|
+
@_privKey
|
|
134
|
+
end
|
|
135
|
+
|
|
136
|
+
def is_public_key_equal?(pubKey)
|
|
137
|
+
@nativeKeypair.getPublic().encoded == pubKey.encoded
|
|
138
|
+
end
|
|
139
|
+
|
|
140
|
+
end # class CrystalDilithiumKeyBundle
|
|
141
|
+
|
|
142
|
+
class CrystalDilithiumEngine
|
|
143
|
+
include DataConversion
|
|
144
|
+
include TR::CondUtils
|
|
145
|
+
|
|
146
|
+
def self.supported_params
|
|
147
|
+
supported_configs.keys
|
|
148
|
+
end
|
|
149
|
+
|
|
150
|
+
def self.supported_configs
|
|
151
|
+
if @supportedConfig.nil?
|
|
152
|
+
@supportedConfig = {}
|
|
153
|
+
{
|
|
154
|
+
dilithium2: DilithiumParameters::dilithium2,
|
|
155
|
+
dilithium3: DilithiumParameters::dilithium3,
|
|
156
|
+
dilithium5: DilithiumParameters::dilithium5,
|
|
157
|
+
dilithium2_aes: DilithiumParameters::dilithium2_aes,
|
|
158
|
+
dilithium3_aes: DilithiumParameters::dilithium3_aes,
|
|
159
|
+
dilithium5_aes: DilithiumParameters::dilithium5_aes,
|
|
160
|
+
}.each do |k,kp|
|
|
161
|
+
conf = Ccrypto::CrystalDilithiumConfig.new(k)
|
|
162
|
+
conf.provider_config = { params: kp.dup }
|
|
163
|
+
@supportedConfig[k] = conf
|
|
164
|
+
end
|
|
165
|
+
end
|
|
166
|
+
@supportedConfig.freeze
|
|
167
|
+
end
|
|
168
|
+
|
|
169
|
+
def self.find_config(conf)
|
|
170
|
+
supported_configs.select { |k,v| k == conf }.first[1]
|
|
171
|
+
end
|
|
172
|
+
|
|
173
|
+
def self.logger
|
|
174
|
+
Ccrypto::Java.logger(:dilithium_engine)
|
|
175
|
+
end
|
|
176
|
+
|
|
177
|
+
def initialize(*args, &block)
|
|
178
|
+
@config = args.first
|
|
179
|
+
raise KeypairEngineException, "1st parameter must be a #{Ccrypto::KeypairConfig.class} object" if not @config.is_a?(Ccrypto::KeypairConfig)
|
|
180
|
+
end
|
|
181
|
+
|
|
182
|
+
def generate_keypair(&block)
|
|
183
|
+
|
|
184
|
+
rand = java.security.SecureRandom.getInstanceStrong
|
|
185
|
+
kpg = DilithiumKeyPairGenerator.new
|
|
186
|
+
#logger.debug "CD config : #{@config.inspect}"
|
|
187
|
+
#logger.debug "CD config : #{DilithiumKeyGenerationParameters}"
|
|
188
|
+
#logger.debug "CD provider config : #{@config.provider_config}"
|
|
189
|
+
#logger.debug "CD provider config params : #{@config.provider_config[:params]}"
|
|
190
|
+
#logger.debug "CD provider config params : #{DilithiumParameters::dilithium2}"
|
|
191
|
+
param = DilithiumKeyGenerationParameters.new(rand, @config.provider_config[:params])
|
|
192
|
+
logger.debug "CD param : #{param.inspect}"
|
|
193
|
+
kpg.init(param)
|
|
194
|
+
|
|
195
|
+
CrystalDilithiumKeyBundle.new(kpg.generateKeyPair(), @config)
|
|
196
|
+
|
|
197
|
+
end
|
|
198
|
+
|
|
199
|
+
def sign(data, &block)
|
|
200
|
+
|
|
201
|
+
raise KeypairEngineException, "Keypair is required" if @config.keypair.nil?
|
|
202
|
+
raise KeypairEngineException, "Crystal Dilithium keypair is required. Given #{@config.keypair}" if not @config.keypair.is_a?(CrystalDilithiumKeyBundle)
|
|
203
|
+
kp = @config.keypair
|
|
204
|
+
|
|
205
|
+
signer = DilithiumSigner.new
|
|
206
|
+
signer.init(true, kp.private_key.native)
|
|
207
|
+
signer.generateSignature(to_java_bytes(data))
|
|
208
|
+
|
|
209
|
+
end
|
|
210
|
+
|
|
211
|
+
def self.verify(pubKey, data, sign)
|
|
212
|
+
raise KeypairEngineException, "Given public key to verify is empty" if is_empty?(pubKey)
|
|
213
|
+
raise KeypairEngineException, "Given data to verify is empty" if is_empty?(data)
|
|
214
|
+
raise KeypairEngineException, "Given signature to verify is empty" if is_empty?(sign)
|
|
215
|
+
|
|
216
|
+
ver = DilithiumSigner.new
|
|
217
|
+
puts "verifying public key #{pubKey.inspect}"
|
|
218
|
+
ver.init(false, pubKey.native)
|
|
219
|
+
|
|
220
|
+
ver.verifySignature(to_java_bytes(data), to_java_bytes(sign))
|
|
221
|
+
end
|
|
222
|
+
|
|
223
|
+
end # class CrystalDilithiumEngine
|
|
224
|
+
|
|
225
|
+
end
|
|
226
|
+
end
|
|
@@ -0,0 +1,260 @@
|
|
|
1
|
+
|
|
2
|
+
require_relative '../data_conversion'
|
|
3
|
+
|
|
4
|
+
java_import org.bouncycastle.pqc.crypto.crystals.kyber.KyberParameters
|
|
5
|
+
java_import org.bouncycastle.pqc.crypto.crystals.kyber.KyberKeyGenerationParameters
|
|
6
|
+
java_import org.bouncycastle.pqc.crypto.crystals.kyber.KyberPublicKeyParameters
|
|
7
|
+
java_import org.bouncycastle.pqc.crypto.crystals.kyber.KyberKEMGenerator
|
|
8
|
+
java_import org.bouncycastle.pqc.crypto.crystals.kyber.KyberKEMExtractor
|
|
9
|
+
|
|
10
|
+
require_relative '../data_conversion'
|
|
11
|
+
|
|
12
|
+
module Ccrypto
|
|
13
|
+
module Java
|
|
14
|
+
|
|
15
|
+
class CrystalKyberPublicKey < Ccrypto::CrystalKyberPublicKey
|
|
16
|
+
include DataConversion
|
|
17
|
+
include TR::CondUtils
|
|
18
|
+
|
|
19
|
+
def initialize(kp, param)
|
|
20
|
+
super(kp)
|
|
21
|
+
@keyParam = param
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
# Public API
|
|
25
|
+
def key_param
|
|
26
|
+
@keyParam
|
|
27
|
+
end
|
|
28
|
+
alias_method :param, :key_param
|
|
29
|
+
|
|
30
|
+
# Public API
|
|
31
|
+
def to_bin
|
|
32
|
+
@native_pubKey.encoded
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
# Public API
|
|
36
|
+
def encoded
|
|
37
|
+
to_bin
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def to_s
|
|
41
|
+
"Crystal Kyber - #{@keyParam} : #{native.inspect}"
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
# Public API
|
|
45
|
+
def self.to_key(params, bin)
|
|
46
|
+
bin = to_java_bytes(bin) if not bin.is_a?(::Java::byte[])
|
|
47
|
+
|
|
48
|
+
case params
|
|
49
|
+
when Ccrypto::CrystalKyberConfig
|
|
50
|
+
pa = params.provider_config[:params]
|
|
51
|
+
when Symbol
|
|
52
|
+
pa = CrystalKyberEngine.supported_configs[params]
|
|
53
|
+
if not_empty?(pa)
|
|
54
|
+
pa = pa.provider_config[:params]
|
|
55
|
+
end
|
|
56
|
+
else
|
|
57
|
+
raise CrystalKyberEngineError, "Unsupported params type '#{params.class}'"
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
raise CrystalKyberEngineError, "Unknown param '#{param}'" if is_empty?(pa)
|
|
61
|
+
|
|
62
|
+
pubKey = KyberPublicKeyParameters.new(pa, bin)
|
|
63
|
+
CrystalKyberPublicKey.new(pubKey, params)
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
def key_equals?(pubKey)
|
|
67
|
+
if not @native_pubKey.nil?
|
|
68
|
+
case pubKey
|
|
69
|
+
when CrystalKyberPublicKey
|
|
70
|
+
@native_pubKey.encoded == pubKey.to_bin
|
|
71
|
+
else
|
|
72
|
+
logger.warn "Unmatched public key : (native) #{@native_pubKey} vs. (subject) #{pubKey}"
|
|
73
|
+
|
|
74
|
+
false
|
|
75
|
+
end
|
|
76
|
+
else
|
|
77
|
+
logger.warn "CrystalKyberPublicKey equals? returned false because native_pubKey is nil"
|
|
78
|
+
false
|
|
79
|
+
end
|
|
80
|
+
end
|
|
81
|
+
alias_method :equals?, :key_equals?
|
|
82
|
+
|
|
83
|
+
end # class CrystalKyberPublicKey
|
|
84
|
+
|
|
85
|
+
class CrystalKyberPrivateKey < Ccrypto::PrivateKey
|
|
86
|
+
|
|
87
|
+
def initialize(kp, param)
|
|
88
|
+
super(kp)
|
|
89
|
+
@keyParam = param
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
def key_param
|
|
93
|
+
@keyParam
|
|
94
|
+
end
|
|
95
|
+
alias_method :param, :key_param
|
|
96
|
+
|
|
97
|
+
def to_bin
|
|
98
|
+
@native_privKey.encoded
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
def self.to_key(params = {})
|
|
102
|
+
param = params[:param]
|
|
103
|
+
bcParam = CrystalKyberEngine.find_config(param)
|
|
104
|
+
bcPrivKey = org.bouncycastle.pqc.crypto.crystals.kyber::KyberPrivateKeyParameters.new(bcParam.provider_config[:params], params[:s].to_java_bytes, params[:hpk].to_java_bytes, params[:nonce].to_java_bytes, params[:t].to_java_bytes, params[:rho].to_java_bytes)
|
|
105
|
+
CrystalKyberPrivateKey.new(bcPrivKey, param)
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
def equals?(privKey)
|
|
109
|
+
if not @native_privKey.nil?
|
|
110
|
+
case privKey
|
|
111
|
+
when CrystalKyberPrivateKey
|
|
112
|
+
@native_privKey.encoded == privKey.to_bin
|
|
113
|
+
else
|
|
114
|
+
logger.warn "Unmatched private key : (native) #{@native_privKey} vs. (subject) #{privKey}"
|
|
115
|
+
false
|
|
116
|
+
end
|
|
117
|
+
else
|
|
118
|
+
logger.warn "CrystalKyberPrivateKey equals? returned false because native_privKey is nil"
|
|
119
|
+
false
|
|
120
|
+
end
|
|
121
|
+
end
|
|
122
|
+
alias_method :key_equals?, :equals?
|
|
123
|
+
|
|
124
|
+
end # class CrystalKyberPrivateKey
|
|
125
|
+
|
|
126
|
+
class CrystalKyberKEM
|
|
127
|
+
include TR::CondUtils
|
|
128
|
+
include DataConversion
|
|
129
|
+
|
|
130
|
+
def initialize(kem)
|
|
131
|
+
@kem = kem
|
|
132
|
+
raise KeypairEngineException, "KEM cannot be empty" if is_empty?(@kem)
|
|
133
|
+
end
|
|
134
|
+
|
|
135
|
+
def for_recipient
|
|
136
|
+
@kem.getEncapsulation()
|
|
137
|
+
end
|
|
138
|
+
|
|
139
|
+
def for_cipher
|
|
140
|
+
@kem.getSecret()
|
|
141
|
+
end
|
|
142
|
+
|
|
143
|
+
def native
|
|
144
|
+
@kem
|
|
145
|
+
end
|
|
146
|
+
|
|
147
|
+
end # class CrystalKyberKEM
|
|
148
|
+
|
|
149
|
+
#
|
|
150
|
+
# Crystal-Kyber mainly for encryption via derivation
|
|
151
|
+
#
|
|
152
|
+
class CrystalKyberKeyBundle
|
|
153
|
+
include Ccrypto::KeyBundle
|
|
154
|
+
include TR::CondUtils
|
|
155
|
+
include DataConversion
|
|
156
|
+
|
|
157
|
+
def initialize(kp, params)
|
|
158
|
+
@nativeKeypair = kp
|
|
159
|
+
@nativeParam = params
|
|
160
|
+
end
|
|
161
|
+
|
|
162
|
+
def enc_derive(pubKey, &block)
|
|
163
|
+
raise KeypairEngineException, "Given public key to derive cannot be empty" if is_empty?(pubKey)
|
|
164
|
+
raise KeypairEngineException, "Given public key need to be a Crystal Kyber public key" if not pubKey.is_a?(CrystalKyberPublicKey)
|
|
165
|
+
|
|
166
|
+
rand = java.security.SecureRandom.getInstanceStrong()
|
|
167
|
+
kemGen = KyberKEMGenerator.new(rand)
|
|
168
|
+
CrystalKyberKEM.new(kemGen.generateEncapsulated(pubKey.native))
|
|
169
|
+
end
|
|
170
|
+
alias_method :derive_enc_shared_secret, :enc_derive
|
|
171
|
+
|
|
172
|
+
def dec_derive(kem, &block)
|
|
173
|
+
raise KeypairEngineException, "Native Keypair not available" if is_empty?(@nativeKeypair)
|
|
174
|
+
|
|
175
|
+
kemExt = KyberKEMExtractor.new(@nativeKeypair.getPrivate)
|
|
176
|
+
kemExt.extractSecret(to_java_bytes(kem))
|
|
177
|
+
end
|
|
178
|
+
alias_method :derive_dec_shared_secret, :dec_derive
|
|
179
|
+
|
|
180
|
+
def public_key
|
|
181
|
+
if @_pubKey.nil?
|
|
182
|
+
@_pubKey = CrystalKyberPublicKey.new(@nativeKeypair.getPublic(), @nativeParam.param)
|
|
183
|
+
end
|
|
184
|
+
@_pubKey
|
|
185
|
+
end
|
|
186
|
+
|
|
187
|
+
def private_key
|
|
188
|
+
if @_privKey.nil?
|
|
189
|
+
@_privKey = CrystalKyberPrivateKey.new(@nativeKeypair.getPrivate(), @nativeParam.param)
|
|
190
|
+
end
|
|
191
|
+
@_privKey
|
|
192
|
+
end
|
|
193
|
+
|
|
194
|
+
end # class CrystalKyberKeyBundle
|
|
195
|
+
|
|
196
|
+
class CrystalKyberEngine
|
|
197
|
+
|
|
198
|
+
def self.supported_params
|
|
199
|
+
supported_configs.keys
|
|
200
|
+
end
|
|
201
|
+
|
|
202
|
+
def self.supported_configs
|
|
203
|
+
if @supportedConfig.nil?
|
|
204
|
+
@supportedConfig = {}
|
|
205
|
+
{
|
|
206
|
+
kyber512: KyberParameters::kyber512,
|
|
207
|
+
kyber768: KyberParameters::kyber768,
|
|
208
|
+
kyber1024: KyberParameters::kyber1024,
|
|
209
|
+
kyber512_aes: KyberParameters::kyber512_aes,
|
|
210
|
+
kyber768_aes: KyberParameters::kyber768_aes,
|
|
211
|
+
kyber1024_aes: KyberParameters::kyber1024_aes,
|
|
212
|
+
}.each do |k,kp|
|
|
213
|
+
conf = Ccrypto::CrystalKyberConfig.new(k)
|
|
214
|
+
conf.provider_config = { params: kp }
|
|
215
|
+
@supportedConfig[k] = conf
|
|
216
|
+
end
|
|
217
|
+
end
|
|
218
|
+
@supportedConfig.freeze
|
|
219
|
+
end
|
|
220
|
+
|
|
221
|
+
def self.find_config(conf)
|
|
222
|
+
supported_configs.select { |k,v| k == conf }.first[1]
|
|
223
|
+
end
|
|
224
|
+
|
|
225
|
+
def self.get_available_session_keysize
|
|
226
|
+
[512, 768, 1024].freeze
|
|
227
|
+
end
|
|
228
|
+
|
|
229
|
+
def self.get_session_keysize_param(keysize, with_aes = false)
|
|
230
|
+
case keysize.to_i
|
|
231
|
+
when 512, 768, 1024
|
|
232
|
+
if with_aes
|
|
233
|
+
supported_configs["kyber#{keysize.to_i}_aes".to_sym]
|
|
234
|
+
else
|
|
235
|
+
supported_configs["kyber#{keysize.to_i}".to_sym]
|
|
236
|
+
end
|
|
237
|
+
else
|
|
238
|
+
raise KeypairEngineException, "Crystal Kyber only has keysizes of 512,768 and 1024"
|
|
239
|
+
end
|
|
240
|
+
end
|
|
241
|
+
|
|
242
|
+
def initialize(*args, &block)
|
|
243
|
+
@config = args.first
|
|
244
|
+
raise KeypairEngineException, "1st parameter must be a #{Ccrypto::KeypairConfig.class} object" if not @config.is_a?(Ccrypto::KeypairConfig)
|
|
245
|
+
end
|
|
246
|
+
|
|
247
|
+
def generate_keypair(&block)
|
|
248
|
+
|
|
249
|
+
rand = java.security.SecureRandom.getInstanceStrong
|
|
250
|
+
kpg = org.bouncycastle.pqc.crypto.crystals.kyber.KyberKeyPairGenerator.new
|
|
251
|
+
kpg.init(KyberKeyGenerationParameters.new(rand, @config.provider_config[:params]))
|
|
252
|
+
|
|
253
|
+
CrystalKyberKeyBundle.new(kpg.generateKeyPair(), @config)
|
|
254
|
+
|
|
255
|
+
end
|
|
256
|
+
|
|
257
|
+
end # class CrystalKyberEngine
|
|
258
|
+
|
|
259
|
+
end
|
|
260
|
+
end
|
|
@@ -7,9 +7,6 @@ module Ccrypto
|
|
|
7
7
|
include DataConversion
|
|
8
8
|
include TR::CondUtils
|
|
9
9
|
|
|
10
|
-
include TeLogger::TeLogHelper
|
|
11
|
-
teLogger_tag :j_decompression
|
|
12
|
-
|
|
13
10
|
def initialize(*args,&block)
|
|
14
11
|
|
|
15
12
|
@eng = java.util.zip.Inflater.new
|
|
@@ -25,7 +22,7 @@ module Ccrypto
|
|
|
25
22
|
@eng.setInput(to_java_bytes(val))
|
|
26
23
|
|
|
27
24
|
baos = java.io.ByteArrayOutputStream.new
|
|
28
|
-
buf = ::Java::byte[
|
|
25
|
+
buf = ::Java::byte[READ_BUF_SIZE].new
|
|
29
26
|
while not @eng.finished
|
|
30
27
|
done = @eng.inflate(buf)
|
|
31
28
|
teLogger.debug "Done #{done} bytes"
|
|
@@ -43,6 +40,10 @@ module Ccrypto
|
|
|
43
40
|
def final
|
|
44
41
|
end
|
|
45
42
|
|
|
43
|
+
def teLogger
|
|
44
|
+
Java.logger(:decomp_eng)
|
|
45
|
+
end
|
|
46
|
+
|
|
46
47
|
end
|
|
47
48
|
end
|
|
48
49
|
end
|