ccrypto-ruby 0.1.0

data/lib/ccrypto/ruby/engines/cipher_engine.rb

@@ -0,0 +1,170 @@
+
+require_relative '../data_conversion'
+
+module Ccrypto
+  module Ruby
+    class CipherEngine
+      include TR::CondUtils
+      include DataConversion
+
+      include TeLogger::TeLogHelper
+
+      teLogger_tag :r_cipher_eng
+
+      def self.supported_ciphers
+        if @sCipher.nil?
+          @sCipher = OpenSSL::Cipher.ciphers
+        end
+
+        @sCipher
+
+      end
+
+      def self.is_supported_cipher?(c)
+        case c
+        when String
+          supported_ciphers.include?(c)  
+        when Hash
+          spec = to_openssl_spec(c)
+          begin
+            OpenSSL::Cipher.new(spec)
+            true
+          rescue Exception => ex
+            false
+          end
+        else
+          raise Ccrypto::CipherEngineException, "Unsupported input #{c} to check supported cipher"
+        end
+      end
+
+      def self.to_openssl_spec(spec)
+        res = []
+
+        teLogger.debug "to_openssl_spec #{spec}"
+        case spec.algo
+        when :blowfish
+          res << "bf"
+        else
+          res << spec.algo
+        end
+
+        res << spec.keysize if not_empty?(spec.keysize) and spec.keysize.to_i > 0 and not spec.is_algo?(:chacha20) and not spec.is_algo?(:seed) and not spec.is_algo?(:sm4) and not spec.is_algo?(:blowfish)
+
+        res << spec.mode 
+
+        teLogger.debug "to_openssl_spec #{res}"
+
+        res.join("-")
+        
+      end
+
+      def initialize(*args, &block)
+        @spec = args.first
+
+        #teLogger = TteLogger.new
+        teLogger.debug "Cipher spec : #{@spec}"
+
+        begin
+          case @spec
+          #when String
+          #  @cipher = OpenSSL::Cipher.new(@spec)
+          when Ccrypto::CipherEngineConfig
+            @cipher = OpenSSL::Cipher.new(@spec.provider_config)
+          when Ccrypto::DirectCipherConfig
+            @cipher = OpenSSL::Cipher.new(self.class.to_openssl_spec(@spec))
+          else
+            raise Ccrypto::CipherEngineException, "Not supported cipher init type #{@spec.class}"
+          end
+        rescue OpenSSL::Cipher::CipherError, RuntimeError => ex
+          raise Ccrypto::CipherEngineException, ex
+        end
+
+        case @spec.cipherOps
+        when :encrypt, :enc
+          teLogger.debug "Operation encrypt"
+          @cipher.encrypt
+        when :decrypt, :dec
+          teLogger.debug "Operation decrypt"
+          @cipher.decrypt
+        else
+          raise Ccrypto::CipherEngineException, "Cipher operation (encrypt/decrypt) must be given"
+        end
+
+
+        if @spec.has_iv?
+          teLogger.debug "IV from spec"
+          @cipher.iv = @spec.iv
+          teLogger.debug "IV : #{to_hex(@spec.iv)}"
+        else
+          teLogger.debug "Generate random IV"
+          @spec.iv = @cipher.random_iv
+          teLogger.debug "IV : #{to_hex(@spec.iv)}"
+        end
+
+
+        if @spec.has_key?
+          teLogger.debug "Key from spec"
+          case @spec.key
+          when Ccrypto::SecretKey
+            @cipher.key = @spec.key.to_bin
+          when String
+            @cipher.key = @spec.key
+          else
+            raise Ccrypto::CipherEngineException, "Unknown key type for processing #{@spec.key}"
+          end
+        else
+          teLogger.debug "Generate random Key"
+          @spec.key = @cipher.random_key
+        end
+
+
+        if @spec.is_mode?(:gcm)
+
+          if not_empty?(@spec.auth_data) 
+            teLogger.debug "Setting auth data"
+            @cipher.auth_data = @spec.auth_data
+          end
+
+          if not_empty?(@spec.auth_tag) 
+            raise CipherEngineException, "Tag length of 16 bytes is expected" if @spec.auth_tag.bytesize != 16
+            teLogger.debug "Setting auth tag"
+            @cipher.auth_tag = @spec.auth_tag
+          end
+
+        end
+
+      end
+
+      def update(val)
+        @cipher.update(val) 
+      end
+
+      def final(val = nil)
+        res = []
+
+        begin
+
+          if not_empty?(val)
+            res << @cipher.update(val)
+          end
+
+          res << @cipher.final
+
+        rescue Exception => ex
+          raise CipherEngineException, ex
+        end
+
+        if @spec.is_mode?(:gcm) and @spec.is_encrypt_cipher_mode?
+          @spec.auth_tag = @cipher.auth_tag 
+        end
+
+        res.join
+      end
+
+      def reset
+        @cipher.reset
+      end
+
+    end
+  end
+end

data/lib/ccrypto/ruby/engines/compression_engine.rb

@@ -0,0 +1,61 @@
+
+
+module Ccrypto
+  module Ruby
+    class Compression
+
+      include TeLogger::TeLogHelper
+
+      teLogger_tag :r_compression
+
+      def initialize(*args, &block)
+
+        @config = args.first
+        raise CompressionError, "Compress Config is expected. Given #{@config}" if not @config.is_a?(Ccrypto::CompressionConfig)
+        
+        if block
+
+          outPath = block.call(:out_path)
+          if is_empty?(outPath)
+            outFile = block.call(:out_file) 
+            raise CompressionError, "Given out_file required to support write() call" if not outFile.respond_to?(:write)
+            @out = outFile
+          else
+            @out = Tempfile.new(SecureRandom.hex(24)) 
+          end
+
+          @intBufSize = block.call(:int_buf_size) || 102400
+
+        else
+          @intBufSize = 102400
+
+        end
+
+        case @config.level
+        when :best_compression
+          teLogger.debug "Best compression"
+          @eng = Zlib::Deflate.new(Zlib::BEST_COMPRESSION)
+        when :best_speed
+          teLogger.debug "Best compression"
+          @eng = Zlib::Deflate.new(Zlib::BEST_SPEED)
+        when :no_compression
+          teLogger.debug "No compression"
+          @eng = Zlib::Deflate.new(Zlib::NO_COMPRESSION)
+        else
+          teLogger.debug "Default compression"
+          @eng = Zlib::Deflate.new(Zlib::DEFAULT_COMPRESSION)
+        end
+
+      end
+
+      def update(val)
+        @eng.deflate(val, Zlib::SYNC_FLUSH)
+      end
+
+      def final
+        
+      end
+
+    end
+  end
+end

data/lib/ccrypto/ruby/engines/data_conversion_engine.rb

@@ -0,0 +1,9 @@
+
+
+module Ccrypto
+  module Ruby
+    class DataConversionEngine
+      extend DataConversion
+    end
+  end
+end

data/lib/ccrypto/ruby/engines/decompression_engine.rb

@@ -0,0 +1,70 @@
+
+
+module Ccrypto
+  module Ruby
+    class Decompression
+
+      def initialize(*args, &block)
+        if block
+
+          outPath = block.call(:out_path)
+          if is_empty?(outPath)
+            outFile = block.call(:out_file) 
+            raise CompressionError, "Given out_file required to support write() call" if not outFile.respond_to?(:write)
+            @out = outFile
+          else
+            @out = Tempfile.new(SecureRandom.hex(16)) 
+          end
+
+          @intBufSize = block.call(:int_buf_size) || 102400
+
+        else
+          @intBufSize = 102400
+
+        end
+
+        @eng = Zlib::Inflate.new
+
+        #@in = Tempfile.new(SecureRandom.hex(16)) 
+      end
+
+      def update(val)
+        begin
+          @eng.inflate(val)
+        rescue Zlib::DataError
+        end
+      end
+
+      def final
+       
+        #eng = Zlib::Inflate.new
+
+        #@in.seek(0)
+
+        #intBuf = false
+        #if @out.nil?
+        #  @out = StringIO.new
+        #  intBuf = true
+        #end
+
+        #chunk = 102400
+        #loop do
+        #  compressed = @in.read(chunk)
+        #  res = eng.inflate(compressed) #, Zlib::SYNC_FLUSH)
+        #  @out.write(res)
+
+        #  break if @in.eof?
+        #end
+
+        #if intBuf
+        #  @out.string
+        #else
+        #  @out
+        #end
+
+      end
+
+
+    end
+  end
+end

data/lib/ccrypto/ruby/engines/digest_engine.rb

@@ -0,0 +1,127 @@
+
+require_relative '../data_conversion'
+
+module Ccrypto
+  module Ruby
+    class DigestEngine
+      include Ccrypto::Ruby::DataConversion
+      include TR::CondUtils
+
+      include TeLogger::TeLogHelper
+
+      teLogger_tag :r_digest
+      
+      SupportedDigest = [
+        Ccrypto::SHA1.provider_info("sha1"),
+        Ccrypto::SHA224.provider_info("sha224"),
+        Ccrypto::SHA256.provider_info("sha256"),
+        Ccrypto::SHA384.provider_info("sha384"),
+        Ccrypto::SHA512.provider_info("sha512"),
+        Ccrypto::SHA512_224.provider_info("sha512-224"),
+        Ccrypto::SHA512_256.provider_info("sha512-256"),
+        Ccrypto::SHA3_224.provider_info("sha3-224"),
+        Ccrypto::SHA3_256.provider_info("sha3-256"),
+        Ccrypto::SHA3_384.provider_info("sha3-384"),
+        Ccrypto::SHA3_512.provider_info("sha3-512"),
+        Ccrypto::SHAKE128.provider_info("shake128"),
+        Ccrypto::SHAKE256.provider_info("shake256"),
+        Ccrypto::BLAKE2b512.provider_info("BLAKE2b512"),
+        Ccrypto::BLAKE2s256.provider_info("BLAKE2s256"),
+        Ccrypto::SM3.provider_info("SM3"),
+        Ccrypto::RIPEMD160.provider_info("RIPEMD160"),
+        Ccrypto::WHIRLPOOL.provider_info("whirlpool")
+      ]
+
+
+      def self.supported
+        SupportedDigest
+      end
+
+      def self.is_supported?(eng)
+        res = supported.include?(eng)
+        begin
+          res = digest(eng) if not res
+        rescue DigestEngineException => ex
+          res = false
+        end
+
+        res
+      end
+
+      def self.instance(*args, &block)
+        conf = args.first
+        if not_empty?(conf.provider_config)
+          teLogger.debug "Creating digest engine #{conf.provider_config}"
+          DigestEngine.new(OpenSSL::Digest.new(conf.provider_config))
+        else
+          raise DigestEngineException, "Given digest config #{conf.algo} does not have provider key mapping. Most likely this config is not supported by provider #{Ccrypto::Ruby::Provider.provider_name}"
+        end
+      end
+
+      def self.digest(key)
+        
+        res = engineKeys[key]
+        if is_empty?(res)
+          teLogger.debug "No digest available for #{key}"
+          raise DigestEngineException, "Not supported digest engine #{key}"
+        else
+          teLogger.debug "Found digest #{key.to_sym}"
+          DigestEngine.new(OpenSSL::Digest.new(res.provider_config))
+        end
+
+      end
+
+      def self.engineKeys
+        if @engineKeys.nil?
+          @engineKeys = {}
+          supported.map do |e|
+            @engineKeys[e.algo.to_sym] = e
+          end
+        end
+        @engineKeys
+      end
+
+      def initialize(inst)
+        @inst = inst
+      end
+
+      def native_digest_engine
+        @inst
+      end
+      alias_method :native_instance, :native_digest_engine
+
+      def digest(val, output = :binary)
+        digest_update(val)
+        digest_final(output)
+      end
+
+      def digest_update(val)
+        case val
+        when MemoryBuffer
+          @inst.update(val.bytes)
+        else
+          @inst.update(val)
+        end
+      end
+
+      def digest_final(output = :binary)
+        
+        res = @inst.digest
+        @inst.reset
+        case output
+        when :hex
+          to_hex(res)
+        when :b64
+          to_b64(res)
+        else
+          res
+        end
+      end
+
+      def reset
+        @inst.reset
+      end
+
+    end
+  end
+end

data/lib/ccrypto/ruby/engines/ecc_engine.rb

@@ -0,0 +1,218 @@
+
+require 'openssl'
+module PKeyPatch
+  def to_pem; public_key.to_pem end
+  def to_der; public_key.to_der end
+
+  #private
+  def public_key
+    key = ::OpenSSL::PKey::EC.new group
+    key.public_key = self
+    key
+  end
+end
+OpenSSL::PKey::EC::Point.prepend PKeyPatch
+
+require_relative '../keybundle_store/pkcs12'
+require_relative '../keybundle_store/pem_store'
+
+module Ccrypto
+  module Ruby
+
+    class ECCPublicKey < Ccrypto::ECCPublicKey
+      
+      def to_bin
+        @native_pubKey.to_der
+      end
+
+      def self.to_key(bin)
+        ek = OpenSSL::PKey::EC.new(bin)
+        ECCPublicKey.new(ek)
+      end
+
+    end
+
+    class ECCKeyBundle
+      include Ccrypto::ECCKeyBundle
+      include TR::CondUtils
+
+      include PKCS12Store
+      include PEMStore
+
+      include TeLogger::TeLogHelper
+
+      teLogger_tag :r_ecc_keybundle
+
+      def initialize(keypair)
+        @nativeKeypair = keypair
+      end
+
+      def public_key
+        if @pubKey.nil?
+          @pubKey = ECCPublicKey.new(@nativeKeypair.public_key)
+        end
+        @pubKey
+      end
+
+      def private_key
+        ECCPrivateKey.new(@nativeKeypair)
+      end
+
+      def derive_dh_shared_secret(pubKey)
+
+        case pubKey
+        when OpenSSL::PKey::EC::Point
+          tkey = pubKey
+        when Ccrypto::ECCPublicKey
+          tkey = pubKey.native_pubKey
+          tkey = tkey.public_key if not tkey.is_a?(OpenSSL::PKey::EC::Point)
+        else
+          raise KeypairEngineException, "Unknown public key type #{pubKey.class}" 
+        end
+
+        raise KeypairEngineException, "OpenSSL::PKey::EC::Point is required. Given #{tkey.inspect}" if not tkey.is_a?(OpenSSL::PKey::EC::Point)
+        @nativeKeypair.dh_compute_key(tkey) 
+      end
+
+      def is_public_key_equal?(pubKey)
+
+        case pubKey
+        when OpenSSL::PKey::EC
+          targetKey = pubKey
+        when ECCKeyBundle
+          targetKey = pubKey.public_key
+        when ECCPublicKey
+          targetKey = pubKey.native_pubKey
+        else
+          raise KeypairEngineException, "Unknown public key type #{pubKey.class}" 
+        end
+
+        public_key.to_bin == targetKey.to_der
+      end
+
+      def to_storage(format, &block)
+        case format
+        when :pkcs12, :p12
+          to_pkcs12 do |key|
+            case key
+            when :keypair
+              @nativeKeypair
+            else
+              block.call(key) if block
+            end
+          end
+
+        when :pem 
+          to_pem do |key|
+            case key
+            when :keypair
+              @nativeKeypair
+            else
+              block.call(key) if block
+            end
+          end
+
+        else
+          raise KeyBundleStorageException, "Unknown storage format #{format}"
+        end
+      end
+
+      def self.from_storage(bin, &block)
+        raise KeypairEngineException, "Given data to load is empty" if is_empty?(bin)
+
+        case bin
+        when String
+          begin
+            teLogger.debug "Given String to load from storage"
+            if is_pem?(bin)
+              self.from_pem(bin, &block)
+            else
+              # binary buffer
+              teLogger.debug "Given binary to load from storage"
+              self.from_pkcs12(bin,&block)
+            end
+          rescue Ccrypto::Ruby::PKCS12Store::PKCS12StoreException => ex
+            raise KeyBundleStorageException, ex
+          end
+        else
+          raise KeyBundleStorageException, "Unsupported input type #{bin}"
+        end
+
+      end
+
+      def equal?(kp)
+        if kp.respond_to?(:to_der)
+          @nativeKeypair.to_der == kp.to_der
+        else 
+          @nativeKeypair == kp
+          #false
+        end
+      end
+
+      def method_missing(mtd, *args, &block)
+        if @nativeKeypair.respond_to?(mtd)
+          teLogger.debug "Sending to nativeKeypair #{mtd}"
+          @nativeKeypair.send(mtd,*args, &block)
+        else
+          super
+        end
+      end
+
+      def respond_to_missing?(mtd, *args, &block)
+        @nativeKeypair.respond_to?(mtd)
+      end
+
+    end
+
+    class ECCEngine
+      include TR::CondUtils
+
+      include TeLogger::TeLogHelper
+
+      teLogger_tag :r_ecc
+
+      def self.supported_curves
+        if @curves.nil?
+          @curves = OpenSSL::PKey::EC.builtin_curves.map { |c| Ccrypto::ECCConfig.new(c[0]) }
+        end
+        @curves
+      end
+
+      def initialize(*args, &block)
+        @config = args.first 
+        raise KeypairEngineException, "1st parameter must be a #{Ccrypto::KeypairConfig.class} object" if not @config.is_a?(Ccrypto::KeypairConfig)
+        teLogger.debug "Config #{@config}"
+      end
+
+      def generate_keypair(&block)
+        teLogger.debug "Generating keypair of curve #{@config.curve}"
+        kp = OpenSSL::PKey::EC.generate(@config.curve.to_s) 
+        #teLogger.debug "Generated keypair #{kp.inspect}"
+        ECCKeyBundle.new(kp)
+      end
+
+      def sign(val)
+        raise KeypairEngineException, "Keypair is required" if @config.keypair.nil?
+        raise KeypairEngineException, "ECC keypair is required" if not @config.keypair.is_a?(ECCKeyBundle)
+        kp = @config.keypair
+        
+        res = kp.nativeKeypair.dsa_sign_asn1(val)
+        teLogger.debug "Data of length #{val.length} signed "
+
+        res
+      end
+
+      def self.verify(pubKey, val, sign)
+        uPubKey = pubKey.native_pubKey
+        if pubKey.native_pubKey.is_a?(OpenSSL::PKey::EC::Point)
+          uPubKey = OpenSSL::PKey::EC.new(uPubKey.group)
+          uPubKey.public_key = pubKey.native_pubKey
+        end
+
+        res = uPubKey.dsa_verify_asn1(val, sign)
+        res
+      end
+
+    end
+  end
+end

data/lib/ccrypto/ruby/engines/hkdf_engine.rb

@@ -0,0 +1,54 @@
+
+require_relative '../data_conversion'
+
+module Ccrypto
+  module Ruby
+    class HKDFEngine
+      include DataConversion
+      include TR::CondUtils
+
+      def initialize(*args, &block)
+        @config = args.first
+
+        raise KDFEngineException, "KDF config is expected" if not @config.is_a?(Ccrypto::KDFConfig)
+        raise KDFEngineException, "Output bit length (outBitLength) value is not given or not a positive value (#{@config.outBitLength})" if is_empty?(@config.outBitLength) or @config.outBitLength <= 0
+
+
+        @config.salt = SecureRandom.random_bytes(16) if is_empty?(@config.salt)
+      end
+
+      def derive(input, output = :binary)
+
+        digest = init_digest(@config.digest)
+
+        @config.info = "" if @config.info.nil?
+
+        res = OpenSSL::KDF.hkdf(input, salt: @config.salt, info: @config.info, length: @config.outBitLength/8, hash: digest)
+
+        case output
+        when :hex
+          to_hex(res)
+        when :b64
+          to_b64(res)
+        else
+          res
+        end
+      end
+
+      private
+      def init_digest(algo)
+        if DigestEngine.is_supported?(algo)
+          conf = DigestEngine.engineKeys[algo]
+          if not_empty?(conf)
+            OpenSSL::Digest.new(conf.provider_config)
+          else
+            raise DigestEngineException, "Algo config '#{algo}' not found"
+          end
+        else
+          raise DigestEngineException, "Digest algo '#{algo}' is not supported"
+        end
+      end
+
+    end
+  end
+end