ccrypto-java 0.1.0 → 0.2.0

data/lib/ccrypto/java/engines/rsa_engine.rb

@@ -1,12 +1,11 @@
 
 require_relative '../data_conversion'
-require_relative '../keybundle_store/pkcs12'
-#require_relative '../keybundle_store/pem_store'
 
 module Ccrypto
   module Java
     
     class RSAPublicKey < Ccrypto::RSAPublicKey
+      include DataConversion
 
       def to_bin
         @native_pubKey.encoded
@@ -17,19 +16,87 @@ module Ccrypto
         RSAPublicKey.new(pubKey)
       end
 
+      def to_pem
+        cont = ["-----BEGIN RSA PUBLIC KEY-----\n"]
+        cont << to_b64(to_bin)
+        cont << "\n-----END RSA PUBLIC KEY-----"
+        cont.join
+      end
+
+      def self.from_pem(str)
+        if str =~ /RSA PUBLIC/
+          cont = str.lines[1..-2].join.strip
+          to_key(from_b64(cont))
+        else
+          raise KeypairEngineException, "Not an RSA public key"
+        end
+      end
+
       def method_missing(mtd, *args, &block)
         @native_pubKey.send(mtd, *args, &block)
       end
 
     end # RSAPublicKey
 
+
+    class RSAPrivateKey < Ccrypto::RSAPrivateKey
+      include DataConversion
+
+      def self.to_key(bin, &block)
+        if block
+          prov = block.call(:jce_provider)
+        else
+          prov = JCEProvider::BCProv
+        end
+
+        kf = java.security.KeyFactory.getInstance("RSA",prov)
+        priv = kf.generate_private(java.security.spec.PKCS8EncodedKeySpec.new(bin))
+        RSAPrivateKey.new(priv)
+
+      end
+
+      def to_pem
+        cont = ["-----BEGIN RSA PRIVATE KEY-----\n"]
+        cont << to_b64(@native_privKey.encoded)
+        cont << "\n-----END RSA PRIVATE KEY-----"
+        cont.join
+      end
+
+      def self.from_pem(str)
+        if str =~ /RSA PRIVATE/
+          cont = str.lines[1..-2].join.strip
+          to_key(from_b64(cont))
+        else
+          raise KeypairEngineException, "Not an RSA private key"
+        end
+      end
+
+      def to_bin
+        @native_privKey.encoded
+      end
+
+      def equals?(privKey)
+        if not @native_privKey.nil?
+          case privKey
+          when RSAPrivateKey
+            @native_privKey.encoded == privKey.to_bin
+          else
+            logger.warn "Unmatched private key : (native) #{@native_privKey} vs. (subject) #{privKey}"
+            false
+          end
+        else
+          logger.warn "RSAPrivateKey equals? returned false because native_privKey is nil"
+          false
+        end
+      end
+      alias_method :key_equals?, :equals?
+      
+    end # class RSAPrivateKey
+
     class RSAKeyBundle 
       include Ccrypto::RSAKeyBundle
       include TR::CondUtils
 
-      include PKCS12
-      #include PEMStore
-
       include TeLogger::TeLogHelper
 
       teLogger_tag :j_rsa_keybundle
@@ -52,11 +119,11 @@ module Ccrypto
         @privKey
       end
 
-      def to_storage(type, &block)
-        
-        case type
-        when :p12, :pkcs12
-          to_pkcs12 do |key|
+      def write_keystore(type, &block)
+        ksType = Keystore.map_keystore_type(type)
+        case ksType
+        when :pkcs12
+          Keystore::PKCS12Keystore.to_p12 do |key, *val|
             case key
             when :keypair
               @nativeKeypair
@@ -64,43 +131,26 @@ module Ccrypto
               block.call(key) if block
             end
           end
-
         when :jks
-          to_pkcs12 do |key|
+          Keystore::JKSKeystore.to_jks do |key, *val|
             case key
-            when :storeType
-              "JKS"
             when :keypair
               @nativeKeypair
             else
               block.call(key) if block
             end
           end
-        end
-
-      end
 
-      def self.from_storage(bin, &block)
-       
-        if is_pem?(bin)
         else
-          from_pkcs12(bin, &block)
-        end
-
-      end
-
-      def self.is_pem?(bin)
-        begin
-          (bin =~ /BEGIN/) != nil
-        rescue ArgumentError => ex
-          false
+          raise Ccrypto::Keystore::KeystoreException, "Unsupported keystore type '#{type}' for engine '#{self.class.name}'"
         end
       end
 
+     
       def equal?(kp)
         case kp
         when Ccrypto::RSAKeyBundle
-          @nativeKeypair.encoded == kp.private.encoded
+          private_key.encoded == kp.private_key.encoded
         else
           false
         end
@@ -126,6 +176,10 @@ module Ccrypto
 
       teLogger_tag :j_rsa
 
+      def self.supported_params
+        [1024,2048,4096,8192]
+      end
+
       def initialize(*args, &block)
         @config = args.first
         raise KeypairEngineException, "1st parameter must be a #{Ccrypto::KeypairConfig.class} object" if not @config.is_a?(Ccrypto::KeypairConfig)

data/lib/ccrypto/java/engines/scrypt_engine.rb

@@ -8,18 +8,22 @@ module Ccrypto
       include TR::CondUtils
 
       def initialize(conf, &block)
+
         raise KDFEngineException, "KDF config is expected" if not conf.is_a?(Ccrypto::KDFConfig)
         raise KDFEngineException, "Output bit length (outBitLength) value is not given or not a positive value (#{conf.outBitLength})" if is_empty?(conf.outBitLength) or conf.outBitLength <= 0
         @config = conf
 
         if is_empty?(@config.salt)
-          @config.salt = Java::byte[16].new
-          java.security.SecureRandom.getInstance("NativePRNG").random_bytes(@config.salt)
+          @config.salt = ::Java::byte[16].new
+          java.security.SecureRandom.getInstance("NativePRNG").next_bytes(@config.salt)
         end
       end
 
       def derive(input, output = :binary)
-        res =  org.bouncycastle.crypto.generators.SCrypt.generate(to_java_bytes(input), to_java_bytes(@config.salt),@config.cost, @config.blockSize, @config.parallel, @config.outBitLength/8)
+        res =  org.bouncycastle.crypto.generators.SCrypt.generate(to_java_bytes(input), to_java_bytes(@config.salt),@config.cost, @config.blocksize, @config.parallel, @config.outBitLength/8)
+        
+        #logger.debug "scrypt output : #{res.inspect}"
+
         case output
         when :hex
           to_hex(res)
@@ -30,6 +34,11 @@ module Ccrypto
         end
       end
 
+      private
+      def logger
+        Ccrypto::Java.logger(:scrypt_eng)
+      end
+
     end
   end
 end

data/lib/ccrypto/java/engines/secret_key_engine.rb

@@ -2,41 +2,106 @@
 
 module Ccrypto
   module Java
+
+    class SecretKeyEngineException < StandardError; end
+
     class SecretKeyEngine
+      include TR::CondUtils
+      include DataConversion
+
+      def self.supported_secret_key_configs
+        if @supKeyConf.nil?
+          @supKeyConf = []
+          supported_secret_key_config_table.each do |algo, keysize|
+            keysize.each do |k,v|
+              @supKeyConf << v
+            end
+          end
+        end
+        @supKeyConf
+      end
+
+      def self.find_supported_secret_key_config(algo, keysize = nil)
+        res = supported_secret_key_config_table[algo] || {}
+        res[keysize] || nil
+      end
+
+      def self.is_secret_key_config_supported?(algo, keysize = nil)
+        not find_supported_secret_key_config(algo. keysize).nil?
+      end
+
+      private
+      def self.supported_secret_key_config_table
+        if @seckey_configs.nil?
+          @seckey_configs = {}
 
-      include TeLogger::TeLogHelper
-      teLogger_tag :j_secretkey
-     
+          CipherEngine.supported_ciphers.each do |cf|
+            kf = cf.key_config
+            algo = kf.algo.to_sym
+            keysize = kf.keysize
+
+            if @seckey_configs[algo].nil?
+              @seckey_configs[algo] = {  }
+              @seckey_configs[algo][keysize] = kf
+            else
+              if is_empty?(@seckey_configs[algo][keysize])
+                @seckey_configs[algo][keysize] = kf
+              end
+            end
+
+          end
+        end
+        @seckey_configs
+      end
+
+      public
       def self.generate(*args, &block)
         config = args.first
 
-        raise SecretKeyEngineException, "KeyConfig is expected" if not config.is_a?(Ccrypto::KeyConfig) 
+        raise SecretKeyEngineException, "KeyConfig is expected but got '#{config.class.name}'" if not config.is_a?(Ccrypto::KeyConfig) 
+        raise SecretKeyEngineException, "Provider initialized KeyConfig is expected" if is_empty?(config.provider_config)
 
         if block
           kgProv = block.call(:keygen_jceProvider)
           ranProv = block.call(:random_jceProvider)
+        else
+          kgProv = config.provider_config[:key_jce_provider] || JCEProvider::DEFProv
         end
 
         if kgProv.nil?
-          teLogger.debug "KeyGen using algo #{config.algo.to_s} with null provider"
-          keyGen = javax.crypto.KeyGenerator.getInstance(config.algo.to_s)
+          logger.debug "KeyGen using algo #{config.algo.to_s} with null provider"
+          keyGen = javax.crypto.KeyGenerator.getInstance(config.provider_config[:keygen_algo])
         else
-          teLogger.debug "KeyGen using algo #{config.algo.to_s} with provider #{kgProv.is_a?(String) ? kgProv : kgProv.name}"
-          keyGen = javax.crypto.KeyGenerator.getInstance(config.algo.to_s, kgProv)
+          logger.debug "KeyGen using algo #{config.algo.to_s} with provider #{kgProv.is_a?(String) ? kgProv : kgProv.name}"
+          keyGen = javax.crypto.KeyGenerator.getInstance(config.provider_config[:keygen_algo], kgProv)
         end
 
         if ranProv.nil?
-          teLogger.debug "Init KeyGen with keysize #{config.keysize.to_i}"
+          logger.debug "Init KeyGen with keysize #{config.keysize.to_i}"
           keyGen.init(config.keysize.to_i)
         else
-          teLogger.debug "Init KeyGen with keysize #{config.keysize.to_i} with provider #{ranProv.is_a?(String) ? ranProv : ranProv.name}"
+          logger.debug "Init KeyGen with keysize #{config.keysize.to_i} with provider #{ranProv.is_a?(String) ? ranProv : ranProv.name}"
           keyGen.init(config.keysize.to_i, ranProv)
         end
 
         key = keyGen.generateKey
-        teLogger.debug "Secret key #{config} generated"
-        Ccrypto::SecretKey.new(config.algo, key)
+        logger.debug "Secret key #{config} generated"
+        sk = Ccrypto::SecretKey.new(config.algo, config.keysize, key)
+        sk.provider_config = config.provider_config
+        sk
+
+      end
+
+      def self.secret_key_from_bin(bin, algo, keysize)
+        raise SecretKeyEngineException, "No data given to convert to secret key" if is_empty?(bin)
+        raise SecretKeyEngineException, "Algo cannot be empty" if is_empty?(algo)
+        
+        Ccrypto::SecretKey.new(algo, keysize, javax.crypto.spec.SecretKeySpec.new(to_java_bytes(bin), algo.to_s))
+      end
 
+      private
+      def self.logger
+        Ccrypto::Java.logger(:seckey_eng)
       end
 
     end

data/lib/ccrypto/java/engines/secret_sharing_engine.rb

@@ -3,14 +3,22 @@ require_relative '../data_conversion'
 
 module Ccrypto
   module Java
+
+    class SecretSharingException < Ccrypto::SecretSharingException; end 
+
     class SecretSharingEngine
       include DataConversion
 
+
       def initialize(*args, &block)
         @config = args.first
+
         raise SecretSharingException, "SecretSharingConfig is required" if not @config.is_a?(Ccrypto::SecretSharingConfig)
-        raise SecretSharingException, "split_into value must be more than 1" if not @config.split_into.to_i > 1
-        raise SecretSharingException, "required_parts value (#{@config.required_parts}) must be less than or equal split_into value (#{@config.split_into})." if not @config.required_parts.to_i < @config.split_into.to_i
+        sit = @config.split_into.to_i
+        rp = @config.required_parts.to_i
+        raise SecretSharingException, "split_into value must be more than 1" if not sit > 1 
+        raise SecretSharingException, "required_parts value must be more than 0" if not rp > 0
+        raise SecretSharingException, "required_parts value (#{@config.required_parts}) must be less than or equal split_into value (#{@config.split_into})." if not rp <= sit.to_i
       end
 
       def split(secVal)
@@ -36,6 +44,7 @@ module Ccrypto
           # as the automated conversion of JRuby will turn the key into
           # java.lang.Long instead of java.lang.Integer
           # Using Map with parameterize auto conversion will failed inside the Java
+          partLength = -1
           parts.each do |k,v|
             if not v.is_a?(::Java::byte[])
               vv = to_java_bytes(v)
@@ -43,6 +52,12 @@ module Ccrypto
               vv = v
             end
 
+            if partLength == -1
+              partLength = vv.length
+            else
+              raise SecretSharingException, "Invalid parts are given. Inconsistant part length (#{partLength} vs. #{vv.length})" if partLength != vv.length
+            end
+
             jhash.put(java.lang.Integer.new(k),vv)
           end
         when java.util.Map

data/lib/ccrypto/java/engines/x25519_engine.rb

@@ -0,0 +1,249 @@
+
+require_relative '../data_conversion'
+
+module Ccrypto
+  module Java
+    
+    class X25519PublicKey < Ccrypto::X25519PublicKey
+      include DataConversion
+
+      def to_bin
+        res = @native_pubKey.encoded 
+        #puts "to_bion : #{to_hex(res)}"
+        res
+      end
+
+      def self.to_key(bin)
+        pubKey = java.security.KeyFactory.getInstance("X25519", "BC").generatePublic(java.security.spec.X509EncodedKeySpec.new(bin))
+        X25519PublicKey.new(pubKey)
+      end
+
+      def to_pem
+        cont = ["-----BEGIN X25519 PUBLIC KEY-----\n"]
+        cont << to_b64(to_bin)
+        cont << "\n-----END X25519 PUBLIC KEY-----"
+        cont.join
+      end
+
+      def self.from_pem(str)
+        if str =~ /X25519 PUBLIC/
+          cont = str.lines[1..-2].join.strip
+          to_key(from_b64(cont))
+        else
+          raise KeypairEngineException, "Not an X25519 public key"
+        end
+      end
+
+    end # X25519PublicKey
+
+    class X25519PrivateKey < Ccrypto::X25519PrivateKey
+      include DataConversion
+
+      def to_bin
+        @native_privKey.encoded  
+      end
+
+      def self.to_key(bin, &block)
+        if block
+          prov = block.call(:jce_provider)
+        else
+          prov = JCEProvider::BCProv
+        end
+
+        kf = java.security.KeyFactory.getInstance("X25519",prov)
+        priv = kf.generate_private(java.security.spec.PKCS8EncodedKeySpec.new(bin))
+        X25519PrivateKey.new(priv)
+
+      end
+
+      def to_pem
+        cont = ["-----BEGIN X25519 PRIVATE KEY-----\n"]
+        cont << to_b64(@native_privKey.encoded)
+        cont << "\n-----END X25519 PRIVATE KEY-----"
+        cont.join
+      end
+
+      def self.from_pem(str)
+        if str =~ /X25519 PRIVATE/
+          cont = str.lines[1..-2].join.strip
+          to_key(from_b64(cont))
+        else
+          raise KeypairEngineException, "Not an X25519 private key"
+        end
+      end
+
+      def equals?(privKey)
+        if not @native_privKey.nil?
+          case privKey
+          when X25519PrivateKey
+            @native_privKey.encoded == privKey.to_bin
+          else
+            logger.warn "Unmatched private key : (native) #{@native_privKey} vs. (subject) #{privKey}"
+            false
+          end
+        else
+          logger.warn "X25519PrivateKey equals? returned false because native_privKey is nil"
+          false
+        end
+      end
+      alias_method :key_equals?, :equals?
+
+    end # X25519PrivateKey
+
+    class X25519KeyBundle
+      include Ccrypto::X25519KeyBundle
+      include Ccrypto::X25519KeyBundle
+
+      include TR::CondUtils
+      include DataConversion
+
+      include TeLogger::TeLogHelper
+      teLogger_tag :x25519_kb_j
+
+      def initialize(kp)
+        @nativeKeypair = kp
+      end
+
+      def public_key
+        if @pubKey.nil?
+          @pubKey = X25519PublicKey.new(@nativeKeypair.getPublic)
+        end
+        @pubKey
+      end
+
+      def private_key
+        X25519PrivateKey.new(@nativeKeypair.getPrivate) 
+      end
+
+      def derive_dh_shared_secret(pubKey, &block)
+        
+        JCEProvider.instance.add_bc_provider
+
+        ka = javax.crypto.KeyAgreement.getInstance("X25519",JCEProvider::BCProv.name)
+        ka.init(@nativeKeypair.getPrivate)
+
+        case pubKey
+        when X25519PublicKey
+          uPubKey = pubKey.native_pubKey
+        else 
+          raise KeypairEngineException, "Unsupported public key type '#{pubKey.class}'"
+        end
+
+        ka.doPhase(uPubKey, true)
+        ka.generateSecret()
+
+      end
+
+      ## should be under keybundle_store but not sure how to do this
+      def to_storage(eng = :ccrypto, &block)
+        case eng
+        when :ccrypto
+          res = {  }
+
+          rawPrivate = false
+          rawPublic = false
+          if block
+            rawPrivate = block.call(:export_raw_private_key)
+            rawPublic = block.call(:export_raw_public_key)
+          end
+
+          res[:private] = private_key.to_bin
+          if rawPrivate == true
+            # 5th Sept 2022 - untested code
+            res[:private] = org.bouncycastle.crypto.params.X25519PrivateKeyParameters.new(res[:private],0).encoded 
+            res[:raw_private] = true
+          end
+
+          res[:public] = public_key.to_bin
+          if rawPublic == true
+            # 5th Sept 2022 - untested code
+            res[:public] = org.bouncycastle.crypto.params.X25519PublicKeyParameters.new(res[:public],0).encoded 
+            res[:raw_public] = true
+          end
+
+          res
+        else
+          raise KeypairEngineException, "Unsupported storage type '#{eng}'"
+        end
+      end
+
+      def self.from_storage(bin)
+        case bin
+        when Hash
+          res = {  }
+          JCEProvider.instance.add_bc_provider
+
+          kf = java.security.KeyFactory.getInstance("X25519", JCEProvider::BCProv.name)
+
+          if not_empty?(bin[:private])
+            # raw_private = true means the given private key is in its raw data form
+            # 5th Sept 22 - Not tested not sure how to generate raw key
+            if bin[:raw_private] == true
+              # 5th Sept 2022 - untested code
+              info = org.bouncycastle.asn1.pkcs.PrivateKeyInfo.new(org.bouncycastle.asn1.x509.AlgorithmIdentifier.new(org.bouncycastle.asn1.edec.EdECObjectIdentifiers::id_X25519), org.bouncycastle.asn1.DEROctetString.new(bin[:private]))
+
+              spec = java.security.spec.PKCS8EncodedKeySpec.new(info.encoded)
+            else
+              spec = java.security.spec.PKCS8EncodedKeySpec.new(bin[:private])
+            end
+
+            res[:private] = X25519PrivateKey.new(kf.generatePrivate(spec))
+
+            #res[:private] = X25519PrivateKey.new(org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters.new(bin[:private],0))
+          end
+
+          if not_empty?(bin[:public])
+            if bin[:raw_public] == true
+              # 5th Sept 2022 - untested code
+              #pubRaw = org.bouncycastle.crypto.params.Ed25519PublicKeyParameters.new(bin[:public],0).encoded
+              pubRaw = bin[:public]
+              info = org.bouncycastle.asn1.x509.SubjectPublicKeyInfo.new(org.bouncycastle.asn1.x509.AlgorithmIdentifier.new(org.bouncycastle.asn1.edec.EdECObjectIdentifiers::id_X25519), bin[:public])
+
+              spec = java.security.spec.X509EncodedKeySpec.new(info.encoded)
+            else
+              spec = java.security.spec.X509EncodedKeySpec.new(bin[:public])
+            end
+
+            res[:public] = X25519PublicKey.new(kf.generatePublic(spec))
+          end
+
+          res[:keypair] = X25519KeyBundle.new(java.security.KeyPair.new(res[:public].native_pubKey, res[:private].native_privKey)) if not_empty?(res[:public]) and not_empty?(res[:private])
+
+          res
+
+        else
+          raise KeypairEngineException, "No sure how to handle storage input '#{bin.class}'"
+        end
+      end
+
+    end # X25519KeyBundle
+
+    class X25519Engine
+      include TR::CondUtils
+      include DataConversion
+      
+      include TeLogger::TeLogHelper
+      teLogger_tag :x25519_eng_j
+
+      def self.supported_params
+        []
+      end
+
+      def initialize(*args, &block)
+        @config = args.first
+      end
+
+      def generate_keypair(&block)
+       
+        JCEProvider.instance.add_bc_provider
+        kg = java.security.KeyPairGenerator.getInstance("X25519", JCEProvider::BCProv.name)
+        kg.java_send(:initialize, [java.security.spec.AlgorithmParameterSpec], org.bouncycastle.jcajce.spec.XDHParameterSpec.new(org.bouncycastle.jcajce.spec.XDHParameterSpec::X25519))
+        X25519KeyBundle.new(kg.generateKeyPair)
+
+      end
+
+
+    end
+
+  end
+end