ccrypto-java 0.1.0

data/lib/ccrypto/java/engines/ecc_engine.rb

@@ -0,0 +1,263 @@
+
+require_relative '../data_conversion'
+
+require_relative '../keybundle_store/pkcs12'
+
+module Ccrypto
+  module Java
+
+    class ECCPublicKey < Ccrypto::ECCPublicKey
+      include DataConversion
+
+      def to_bin
+        @native_pubKey.encoded
+      end
+
+      def encoded
+        to_bin
+      end
+
+      def self.to_key(bin)
+        bin = to_java_bytes(bin) if not bin.is_a?(::Java::byte[])
+        pubKey = java.security.KeyFactory.getInstance("ECDSA", "BC").generatePublic(java.security.spec.X509EncodedKeySpec.new(bin))
+        ECCPublicKey.new(pubKey)
+      end
+
+    end
+
+    class ECCKeyBundle
+      include Ccrypto::ECCKeyBundle
+      include TR::CondUtils
+      include DataConversion
+
+      include PKCS12
+
+      include TeLogger::TeLogHelper
+
+      teLogger_tag :j_ecc_keybundle
+
+      def initialize(kp)
+        @keypair = kp
+      end
+
+      def native_keypair
+        @keypair
+      end
+
+      def public_key
+        if @pubKey.nil?
+          @pubKey = ECCPublicKey.new(@keypair.public)
+        end
+        @pubKey
+      end
+
+      def private_key
+        ECCPrivateKey.new(@keypair.private)
+      end
+
+      def derive_dh_shared_secret(pubKey, &block)
+
+        JCEProvider.instance.add_bc_provider
+
+        ka = javax.crypto.KeyAgreement.getInstance("ECDH", JCEProvider::DEFProv) 
+        ka.init(@keypair.private)
+
+        case pubKey
+        when ECCPublicKey
+          pub = pubKey.native_pubKey
+        when java.security.PublicKey
+          pub = pubKey
+        else
+          raise KeypairEngineException, "Unsupported public key type #{pubKey.class}"
+        end
+        ka.doPhase(pub, true)
+        #ka.doPhase(pubKey.native_pubKey, true)
+        if block
+          keyType = block.call(:keytype)
+        else
+          keyType = "AES"
+        end
+        keyType = "AES" if is_empty?(keyType)
+        teLogger.debug "Generate secret key type #{keyType}"
+        ka.generateSecret(keyType).encoded
+      end
+
+      def is_public_key_equal?(pubKey)
+        @keypair.public.encoded == pubKey.encoded
+      end
+
+      def to_storage(type, &block)
+        
+        case type
+        when :p12, :pkcs12
+          to_pkcs12 do |key|
+            case key
+            when :keypair
+              @keypair
+            else
+              block.call(key) if block
+            end
+          end
+
+        when :jks
+          to_pkcs12 do |key|
+            case key
+            when :storeType
+              "JKS"
+            when :keypair
+              @keypair
+            else
+              block.call(key) if key
+            end
+          end
+         
+        when :pem
+
+          header = "-----BEGIN EC PRIVATE KEY-----\n"
+          footer = "\n-----END EC PRIVATE KEY-----"
+
+          out = StringIO.new
+          out.write header
+          out.write to_b64_mime(@keypair.private.encoded)
+          out.write footer
+
+          out.string
+
+        else
+          raise KeypairEngineException, "Unknown storage type #{type}"
+        end
+
+      end
+
+      def self.from_storage(bin, &block)
+       
+        if is_pem?(bin)
+        else
+          from_pkcs12(bin, &block)
+        end
+
+      end
+
+      def self.is_pem?(bin)
+        begin
+          (bin =~ /BEGIN/) != nil
+        rescue ArgumentError => ex
+          false
+        end
+      end
+
+      def equal?(kp)
+        case kp
+        when Ccrypto::ECCKeyBundle
+          @keypair.encoded == kp.private.encoded
+        else
+          false
+        end
+      end
+
+      def method_missing(mtd, *args, &block)
+        teLogger.debug "Sending to native #{mtd}"
+        @keypair.send(mtd, *args, &block)
+      end
+
+      def respond_to_missing?(mtd, incPriv = false)
+        teLogger.debug "Respond to missing #{mtd}"
+        @keypair.respond_to?(mtd)
+      end
+
+    end
+
+    class ECCEngine
+      include TR::CondUtils
+      include DataConversion
+      
+      include TeLogger::TeLogHelper
+      teLogger_tag :j_ecc
+
+      def self.supported_curves
+        if @curves.nil?
+          @curves = org.bouncycastle.asn1.x9.ECNamedCurveTable.getNames.sort.to_a.map { |c| Ccrypto::ECCConfig.new(c) }
+        end
+        @curves
+      end
+
+      def initialize(*args,&block)
+        @config = args.first
+        raise KeypairEngineException, "1st parameter must be a #{Ccrypto::KeypairConfig.class} object" if not @config.is_a?(Ccrypto::KeypairConfig)
+      end
+
+      def generate_keypair(&block)
+
+        algoName = "ECDSA"
+        prov = Ccrypto::Java::JCEProvider::BCProv
+        randomEngine = java.security.SecureRandom.new
+        if block
+          # it is the responsibility of caller program to add the 
+          # provider into the provider list.
+          # Here provider string shall be used
+          uprov = block.call(:jce_provider)
+          prov = uprov if not is_empty?(uprov) 
+
+          uAlgo = block.call(:jce_algo_name)
+          algoName = uAlgo if not is_empty?(uAlgo)
+
+          uRandEng = block.call(:random_engine)
+          randomEngine = uRandEng if not uRandEng.nil?
+        end
+
+        kpg = java.security.KeyPairGenerator.getInstance(algoName, prov)
+        #kpg.java_send :initialize, [java.security.spec.AlgorithmParameterSpec, java.security.SecureRandom], java.security.spec.ECGenParameterSpec.new(curve), java.security.SecureRandom.new
+        kpg.java_send :initialize, [java.security.spec.AlgorithmParameterSpec, randomEngine.class], java.security.spec.ECGenParameterSpec.new(@config.curve), randomEngine
+        kp = kpg.generate_key_pair
+
+        kb = ECCKeyBundle.new(kp)
+        kb
+
+      end
+
+      def regenerate_keypair(pubKey, privKey, &block)
+        kp = java.security.KeyPair.new(pubKey, privKey) 
+        ECCKeyBundle.new(kp)
+      end
+
+      def sign(val, &block)
+        raise KeypairEngineException, "Keypair is required" if @config.keypair.nil?
+        raise KeypairEngineException, "ECC keypair is required. Given #{@config.keypair}" if not @config.keypair.is_a?(ECCKeyBundle)
+        kp = @config.keypair
+
+        sign = java.security.Signature.getInstance("SHA256WithECDSA")
+        sign.initSign(kp.private_key)
+        teLogger.debug "Signing data : #{val}" 
+        case val
+        when java.io.InputStream
+          buf = Java::byte[102400].new
+          while((read = val.read(buf, 0, buf.length)) != nil)
+            sign.update(buf,0,read)
+          end
+        else
+          sign.update(to_java_bytes(val))
+        end
+
+        sign.sign
+      end
+
+      def self.verify(pubKey, val, sign)
+        ver = java.security.Signature.getInstance("SHA256WithECDSA")
+        ver.initVerify(pubKey)
+        teLogger.debug "Verifing data : #{val}"
+        case val
+        when java.io.InputStream
+          buf = Java::byte[102400].new
+          while((read = val.read(buf, 0 ,buf.length)) != nil)
+            ver.update(buf,0, read)
+          end
+        else
+          ver.update(to_java_bytes(val))
+        end
+
+        ver.verify(to_java_bytes(sign))
+      end
+
+    end
+  end
+end

data/lib/ccrypto/java/engines/hkdf_engine.rb

@@ -0,0 +1,72 @@
+
+require_relative '../data_conversion'
+
+module Ccrypto
+  module Java
+    class HKDFEngine
+      include DataConversion
+      include TR::CondUtils
+
+      def initialize(*args, &block)
+        @config = args.first
+
+        raise KDFEngineException, "KDF config is expected. Given #{@config}" if not @config.is_a?(Ccrypto::KDFConfig)
+        raise KDFEngineException, "Output bit length (outBitLength) value is not given or not a positive value (#{@config.outBitLength})" if is_empty?(@config.outBitLength) or @config.outBitLength <= 0
+
+
+        @config.salt = SecureRandom.random_bytes(16) if is_empty?(@config.salt)
+      end
+
+      def derive(input, output = :binary)
+        begin
+
+          case @config.digest
+          when :sha1
+            dig = org.bouncycastle.crypto.digests.SHA1Digest.new
+          when :sha224
+            dig = org.bouncycastle.crypto.digests.SHA224Digest.new
+          when :sha256
+            dig = org.bouncycastle.crypto.digests.SHA256Digest.new
+          when :sha384
+            dig = org.bouncycastle.crypto.digests.SHA384Digest.new
+          when :sha512
+            dig = org.bouncycastle.crypto.digests.SHA512Digest.new
+          when :sha3_224
+            dig = org.bouncycastle.crypto.digests.SHA3Digest.new(224)
+          when :sha3_256
+            dig = org.bouncycastle.crypto.digests.SHA3Digest.new(256)
+          when :sha3_384
+            dig = org.bouncycastle.crypto.digests.SHA3Digest.new(384)
+          when :sha3_512
+            dig = org.bouncycastle.crypto.digests.SHA3Digest.new(512)
+          else
+            raise KDFEngineException, "Digest #{@config.digest} not supported"
+          end
+
+          @config.info = "" if @config.info.nil?
+
+          hkdf = org.bouncycastle.crypto.generators.HKDFBytesGenerator.new(dig)
+          hkdfParam = org.bouncycastle.crypto.params.HKDFParameters.new(to_java_bytes(input), to_java_bytes(@config.salt) ,to_java_bytes(@config.info))
+          hkdf.init(hkdfParam)
+
+          out = ::Java::byte[@config.outBitLength/8].new
+          hkdf.generateBytes(out, 0, out.length)
+
+          case output
+          when :b64
+            to_b64(out)
+          when :hex
+            to_hex(out)
+          else
+            out
+          end
+
+        rescue Exception => ex
+          raise KDFEngineException, ex
+        end
+        
+      end
+
+    end
+  end
+end

data/lib/ccrypto/java/engines/hmac_engine.rb

@@ -0,0 +1,75 @@
+
+require_relative '../data_conversion'
+
+module Ccrypto
+  module Java
+    class HMACEngine
+      include TR::CondUtils
+      include DataConversion
+
+      include TeLogger::TeLogHelper
+      teLogger_tag :j_hmac
+
+      def initialize(*args, &block)
+        @config = args.first
+
+        raise HMACEngineException, "HMAC config is expected" if not @config.is_a?(Ccrypto::HMACConfig) 
+
+        raise HMACEngineException, "Signing key is required" if is_empty?(@config.key)
+        raise HMACEngineException, "Secret key as signing key is required. Given #{@config.key.class}" if not @config.key.is_a?(Ccrypto::SecretKey)
+
+        teLogger.debug "Config : #{@config.inspect}"
+        begin
+          macAlgo = to_jce_spec(@config)
+          teLogger.debug "Mac algo : #{macAlgo}"
+          @hmac = javax.crypto.Mac.getInstance(to_jce_spec(@config))
+          @hmac.init(@config.key.to_jce_secret_key)
+        rescue Exception => ex
+          raise HMACEngineException, ex
+        end
+
+      end
+
+      def hmac_update(val)
+        @hmac.update(to_java_bytes(val)) if not_empty?(val)
+      end
+
+      def hmac_final
+        @hmac.doFinal 
+      end
+
+      def hmac_digest(val, output = :binary)
+        hmac_update(val)
+        res = hmac_final
+
+        case output
+        when :hex
+          to_hex(res)
+        when :b64
+          to_b64(res)
+        else
+          res
+        end
+      end
+
+
+      private
+      def to_jce_spec(config)
+        res = []
+        res << "HMAC"
+
+        salgo = config.digest.to_s
+        if salgo =~ /_/
+          res << salgo.gsub("_","-").upcase
+        else
+          res << salgo.upcase
+        end
+       
+        res.join
+
+      end
+
+
+    end
+  end
+end

data/lib/ccrypto/java/engines/pbkdf2_engine.rb

@@ -0,0 +1,87 @@
+
+require_relative '../data_conversion'
+
+module Ccrypto
+  module Java
+    
+    class PBKDF2Engine
+      include TR::CondUtils
+      include DataConversion
+
+      def initialize(*args, &block)
+        @config = args.first
+
+        raise KDFEngineException, "KDF config is expected. Given #{@config}" if not @config.is_a?(Ccrypto::PBKDF2Config)
+        raise KDFEngineException, "Output bit length (outBitLength) value is not given or not a positive value (#{@config.outBitLength})" if is_empty?(@config.outBitLength) or @config.outBitLength <= 0
+
+        raise KDFEngineException, "Digest algo is not supported. Given #{@config.digest}, supported: #{supported_digest.join(", ")}" if not @config.digest.nil? and not is_digest_supported?(@config.digest)
+
+        @config.digest = default_digest if is_empty?(@config.digest)
+
+        @config.salt = SecureRandom.random_bytes(16) if is_empty?(@config.salt)
+      end
+
+      def derive(input, output = :binary)
+        
+        begin
+
+          case input
+          when String
+            if input.ascii_only?
+              pass = input.to_java.toCharArray
+            else
+              pass = to_hex(to_java_bytes(input)).to_java.toCharArray
+            end
+          when ::Java::byte[]
+            pass = to_hex(to_java_bytes(input)).to_java.toCharArray
+          else
+            raise KDFEngineException, "Input type '#{input.class}' cannot convert to char array"
+          end
+
+          skf = javax.crypto.SecretKeyFactory.getInstance("PBKDF2WithHMAC#{@config.digest.upcase}",JCEProvider::DEFProv)
+          keySpec = javax.crypto.spec.PBEKeySpec.new(pass.to_java, to_java_bytes(@config.salt), @config.iter, @config.outBitLength)
+
+          sk = skf.generateSecret(keySpec)
+          out = sk.encoded
+
+          case output
+          when :b64
+            to_b64(out)
+          when :hex
+            to_hex(out)
+          else
+            out
+          end
+
+        rescue Exception => ex
+          raise KDFEngineException, ex
+        end
+        
+      end
+
+      def default_digest
+        :sha256
+      end
+
+      private
+      def logger
+        if @logger.nil?
+          @logger = TeLogger::Tlogger.new
+          @logger.tag = :j_pbkdf2
+        end
+        @logger
+      end
+
+      def is_digest_supported?(dig)
+        supported_digest.include?(dig)
+      end
+
+      def supported_digest
+        [:sha1, :sha256, :sha224, :sha384, :sha512]
+      end
+
+      
+    end
+
+  end
+end