ccrypto 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 708c818b1776a95812b03efc9cc90bffb7e75ef5fe3325c455dfd3b5ae8b52fe
+  data.tar.gz: f62763565bb50a8216d461e02dfb9737cb20867b8606c06e7f1200a161960d9a
+SHA512:
+  metadata.gz: b35007b3c2e4316328d14fa4a2929f2c8b6be032468711586efb63aeaf4271d5b9714f8d8723b4f0e9871bc46b4bab4e9afcf2dc9a43a7679bd33377cf6fabcb
+  data.tar.gz: '08e2704618f620d371b4d1eebfbe4715b0516a88b1ab09a336d631bedfbccc7dbb96d19ea872918976c6909bdda81c1dbb0f700bf29474083a6ffa961ee42af2'

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/Gemfile

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in ccrypto.gemspec
+gemspec
+
+gem "rake", "~> 13.0"
+
+gem "rspec", "~> 3.0"

data/Gemfile.lock

@@ -0,0 +1,42 @@
+PATH
+  remote: .
+  specs:
+    ccrypto (0.1.0)
+      teLogger
+      toolrack
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    base58 (0.2.3)
+    diff-lcs (1.5.0)
+    rake (13.0.6)
+    rspec (3.11.0)
+      rspec-core (~> 3.11.0)
+      rspec-expectations (~> 3.11.0)
+      rspec-mocks (~> 3.11.0)
+    rspec-core (3.11.0)
+      rspec-support (~> 3.11.0)
+    rspec-expectations (3.11.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.11.0)
+    rspec-mocks (3.11.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.11.0)
+    rspec-support (3.11.0)
+    teLogger (0.1.0)
+    tlogger (0.26.3)
+    toolrack (0.18.3)
+      base58
+      tlogger
+
+PLATFORMS
+  x86_64-linux
+
+DEPENDENCIES
+  ccrypto!
+  rake (~> 13.0)
+  rspec (~> 3.0)
+
+BUNDLED WITH
+   2.2.28

data/README.md

@@ -0,0 +1,65 @@
+# Ccrypto
+
+Ccrypto - Common Crypto is the attempt to normalize cryptography API between Ruby and Java, and possibly other runtime supported by Ruby.
+
+It is rooted in Ruby because of its expressiveness.
+
+This gem is mainly provide high level common elements for the implemented runtime to select a proper implementation.
+
+This including all the classes under the lib/ccrypto/configs/ directory. Those are suppose to be parameter pass to the runtime implementation to pick the required implementation under that runtime.
+
+Note this layer is suppose to be barebone native cryptographic algorithm API which should be just thin wrapper around the runtime cryptographic library
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'ccrypto'
+
+# select runtime
+# if Ruby runtime backed by OpenSSL
+# https://github.com/cameronian/ccrypto-ruby
+gem 'ccrypto-ruby'
+
+# or on Java runtime backed by JCE + bouncycastle
+# https://github.com/cameronian/ccrypto-java
+gem 'ccrypto-java'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install ccrypto
+    $ gem install ccrypto-ruby # for Ruby runtime
+    $ gem install ccrypto-java # for Java runtime
+
+
+## Usage
+
+Detail usage refers to spec files in ccrypto-ruby and ccrypto-java.
+
+## Development hint
+
+To add a different provider, runtime implementation requires to implement a provider class that has the following methods:
+
+* All static method
+  * provider\_name() - returns string indicating the provider
+  * algo\_instance(\*args,&block) - return specific implementation class for the given arguments
+  * asn1\_engine(\*args, &block) - return ASN1 engine from the runtime for given arguments
+  * util\_instance(\*args, &block) - return utilities from the runtime. For example memory buffer, compression engine, data conversion etc. 
+
+
+In the main entry for the runtime implementation, register this provider by calling:
+```ruby
+Ccrypto::Provider.instance.register(<provider class>)
+```
+
+That's it.
+
+Refers to [Ccrypto ruby runtime](https://github.com/cameronian/ccrypto-ruby) or [Ccrypto Java runtime](https://github.com/cameronian/ccrypto-java) for more info.
+
+

data/Rakefile

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+require 'devops_assist'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/bin/console

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "ccrypto"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/ccrypto.gemspec

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+require_relative "lib/ccrypto/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "ccrypto"
+  spec.version       = Ccrypto::VERSION
+  spec.authors       = ["Ian"]
+  spec.email         = ["cameronian0@protonmail.com"]
+
+  spec.summary       = ""
+  spec.description   = ""
+  spec.homepage      = "https://github.com/cameronian/ccrypto"
+  spec.required_ruby_version = ">= 2.4.0"
+
+  #spec.metadata["allowed_push_host"] = "TODO: Set to your gem server 'https://example.com'"
+
+  #spec.metadata["homepage_uri"] = spec.homepage
+  #spec.metadata["source_code_uri"] = "TODO: Put your gem's public repo URL here."
+  #spec.metadata["changelog_uri"] = "TODO: Put your gem's CHANGELOG.md URL here."
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject do |f|
+      (f == __FILE__) || f.match(%r{\A(?:(?:test|spec|features)/|\.(?:git|travis|circleci)|appveyor)})
+    end
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency 'teLogger'
+  spec.add_dependency 'toolrack'
+
+  spec.add_dependency 'activesupport'
+
+  spec.add_development_dependency 'devops_assist'
+
+  # Uncomment to register a new dependency of your gem
+  # spec.add_dependency "example-gem", "~> 1.0"
+
+  # For more information and examples about making a new gem, checkout our
+  # guide at: https://bundler.io/guides/creating_gem.html
+end

data/lib/ccrypto/algo_factory.rb

@@ -0,0 +1,11 @@
+
+
+module Ccrypto
+  class AlgoFactory
+    
+    def self.engine(*args, &block)
+      Provider.instance.provider.algo_instance(*args, &block)
+    end
+
+  end
+end

data/lib/ccrypto/asn1.rb

@@ -0,0 +1,11 @@
+
+
+module Ccrypto
+  class ASN1
+
+    def self.engine(*args, &block)
+      Provider.instance.provider.asn1_engine(*args, &block) 
+    end
+
+  end
+end

data/lib/ccrypto/asn1_object.rb

@@ -0,0 +1,24 @@
+
+
+module Ccrypto
+  class ASN1Object
+    attr_reader :asn1_type
+
+    def initialize(type, asn1)
+      @asn1_type = type
+      @asn1 = asn1
+    end
+
+    def native_asn1
+      @asn1
+    end
+
+    def is_type?(type)
+      @asn1_type.to_s.downcase.to_sym == type.to_s.downcase.to_sym
+    end
+
+    def method_missing(mtd, *args, &block)
+      @asn1.send(mtd, *args, &block)
+    end
+  end
+end

data/lib/ccrypto/configs/algo_config.rb

@@ -0,0 +1,20 @@
+
+
+module Ccrypto
+  module AlgoConfig
+   
+    module ClassMethods
+
+    end
+    def self.include(klass)
+      klass.extend(ClassMethods)
+    end
+
+    attr_accessor :provider_config
+    def provider_info(val)
+      @provider_config = val
+      self
+    end
+
+  end
+end

data/lib/ccrypto/configs/cipher_config.rb

@@ -0,0 +1,150 @@
+
+
+module Ccrypto
+
+  module CipherGCMMode
+    attr_accessor :auth_data, :auth_tag
+  end
+
+  class CipherConfig
+    include AlgoConfig
+    include TR::CondUtils
+
+    attr_accessor :algo, :key
+    attr_accessor :keysize, :mode, :padding
+    attr_accessor :iv, :ivLength
+    attr_accessor :cipherOps
+
+    def initialize(algo, opts = {  }, &block)
+      @algo = algo
+
+      @logger = Tlogger.new
+      @logger.tag = :cipher_conf
+      
+      if not_empty?(opts) and opts.is_a?(Hash)
+        @mode = opts[:mode]
+
+        if is_mode?(:gcm)
+          self.extend CipherGCMMode
+          @logger.debug "Extending GCM mode"
+
+          @auth_data = opts[:auth_data]
+          @auth_tag = opts[:auth_tag]
+
+          #p "auth data : #{@auth_data}"
+        end
+
+        @iv = opts[:iv] 
+        @ivLength = opts[:ivLength] if is_empty?(@iv)
+
+        @key = opts[:key]
+        @keysize = opts[:keysize] if is_empty?(@key)
+
+        @padding = opts[:padding]
+
+        @cipherOps = opts[:cipherOps]
+      end
+
+      if block
+        @mode = block.call(:mode)
+
+        if is_mode?(:gcm)
+          self.extend CipherGCMMode
+          @logger.debug "Extending GCM mode"
+
+          @auth_data = block.call(:auth_data)
+          @auth_tag = block.call(:auth_tag)
+        end
+
+        @iv = block.call(:iv)
+        @ivLength = block.call(:ivLength) || 16 if @iv.nil?
+
+        @key = block.call(:key)
+        @keysize = block.call(:keysize) if @key.nil?
+
+        @padding = block.call(:padding)
+
+        @cipherOps = block.call(:cipherOps)
+      end
+
+    end
+
+    def has_iv?
+      not_empty?(@iv)
+    end
+
+    def has_key?
+      not_empty?(@key)
+    end
+
+    def is_algo?(algo)
+      if @algo.nil? or is_empty?(@algo)
+        false
+      else
+        (@algo.to_s.downcase =~ /#{algo}/) != nil
+      end
+    end
+
+    def is_mode?(mode)
+      if @mode.nil? or is_empty?(@mode)
+        false
+      else
+        (@mode.to_s.downcase =~ /#{mode.to_s}/) != nil
+      end
+    end
+
+    def encrypt_cipher_mode
+      @cipherOps = :encrypt
+    end
+    def is_encrypt_cipher_mode?
+      case @cipherOps
+      when :encrypt, :enc
+        true
+      else
+        false
+      end
+    end
+
+    def decrypt_cipher_mode
+      @cipherOps = :decrypt
+    end
+    def is_decrypt_cipher_mode?
+      case @cipherOps
+      when :decrypt, :dec
+        true
+      else
+        false
+      end
+    end
+
+    def to_s
+      "#{@algo}-#{@keysize}-#{@mode}-#{@padding}"
+    end
+
+    def logger
+      if @logger.nil?
+        @logger = Tlogger.new
+        @logger.tag = :cipher_conf
+      end
+      @logger
+    end
+  end
+
+  class DirectCipherConfig < CipherConfig
+    # str can be String or Hash
+    # If String it will be directly used by underlying
+    # engine with minimum parsing which means might not have other
+    # info
+    def initialize(str)
+      raise CipherConfigException, "Hash is expected" if not str.is_a?(Hash)
+      super(str[:algo], str)
+    end
+
+  end
+
+  class CipherEngineConfig < CipherConfig
+    # engine that is discovered by cipher engine
+    # Means can directly use the object
+  end
+
+end

data/lib/ccrypto/configs/compress_config.rb

@@ -0,0 +1,16 @@
+
+require_relative 'algo_config'
+
+module Ccrypto
+  class CompressionConfig
+    include AlgoConfig
+
+    attr_accessor :level, :strategy
+
+    def initialize
+      @level = :default
+      @strategy = :default
+    end
+
+  end
+end

data/lib/ccrypto/configs/digest_config.rb

@@ -0,0 +1,98 @@
+
+
+module Ccrypto
+  class DigestConfig
+    include AlgoConfig
+    include TR::CondUtils
+
+    attr_accessor :algo, :outBitLength
+    attr_accessor :hardInBitLength
+    attr_accessor :nativeDigestEngine
+    def initialize(algo, outBitLen, opts = {  })
+      @algo = algo
+      @outBitLength = outBitLen
+      if not_empty?(opts)
+        @provider_config = opts[:provider_config]
+        @hardInBitLength = opts[:hard_in_bit_length]
+      end
+    end
+
+    def has_hard_in_bit_length?
+      (not @hardInBitLength.nil?) or @hardInBitLength.to_i > 0
+    end
+  end
+
+  SHA1 = DigestConfig.new(:sha1, 160)
+  SHA224 = DigestConfig.new(:sha224, 224)
+  SHA256 = DigestConfig.new(:sha256, 256)
+  SHA384 = DigestConfig.new(:sha384, 384)
+  SHA512 = DigestConfig.new(:sha512, 512)
+  SHA512_224 = DigestConfig.new(:sha512_224, 224)
+  SHA512_256 = DigestConfig.new(:sha512_256, 256)
+
+  SHA3_224 = DigestConfig.new(:sha3_224, 224)
+  SHA3_256 = DigestConfig.new(:sha3_256, 256)
+  SHA3_384 = DigestConfig.new(:sha3_384, 384)
+  SHA3_512 = DigestConfig.new(:sha3_512, 512)
+
+  BLAKE2b160 = DigestConfig.new(:blake2b160, 160)
+  BLAKE2b256 = DigestConfig.new(:blake2b256, 256)
+  BLAKE2b384 = DigestConfig.new(:blake2b384, 384)
+  BLAKE2b512 = DigestConfig.new(:blake2b512, 512)
+
+  BLAKE2s128 = DigestConfig.new(:blake2s128, 128)
+  BLAKE2s160 = DigestConfig.new(:blake2s160, 160)
+  BLAKE2s224 = DigestConfig.new(:blake2s224, 224)
+  BLAKE2s256 = DigestConfig.new(:blake2s256, 256)
+
+  DSTU7564_256 = DigestConfig.new(:dstu7564_256, 256)
+  KUPYNA_256 = DSTU7564_256
+  DSTU7564_384 = DigestConfig.new(:dstu7564_384, 384)
+  KUPYNA_384 = DSTU7564_384
+  DSTU7564_512 = DigestConfig.new(:dstu7564_512, 512)
+  KUPYNA_512 = DSTU7564_512
+
+  GOSH3411 = DigestConfig.new(:gosh3411, 256)
+  GOSH3411_2012_256 = DigestConfig.new(:gosh3411_2012_256, 256) 
+  GOSH3411_2012_512 = DigestConfig.new(:gosh3411_2012_512, 512) 
+
+  HARAKA256 = DigestConfig.new(:haraka256, 256, { hard_in_bit_length: 256 })
+  HARAKA512 = DigestConfig.new(:haraka512, 256, { hard_in_bit_length: 512 })
+
+  KECCAK224 = DigestConfig.new(:keccak224, 224)
+  KECCAK256 = DigestConfig.new(:keccak256, 256)
+  KECCAK288 = DigestConfig.new(:keccak288, 288)
+  KECCAK384 = DigestConfig.new(:keccak384, 384)
+  KECCAK512 = DigestConfig.new(:keccak512, 512)
+
+  RIPEMD128 = DigestConfig.new(:ripemd128, 128)
+  RIPEMD160 = DigestConfig.new(:ripemd160, 160)
+  RIPEMD256 = DigestConfig.new(:ripemd256, 256)
+  RIPEMD320 = DigestConfig.new(:ripemd320, 320)
+
+  SHAKE128_256 = DigestConfig.new(:shake128_256, 256)
+  SHAKE256_512 = DigestConfig.new(:shake256_512, 512)
+  SHAKE128 = DigestConfig.new(:shake128, 128)
+  SHAKE256 = DigestConfig.new(:shake256, 256)
+
+  SKEIN1024_1024 = DigestConfig.new(:skein1024_1024, 1024)
+  SKEIN1024_384 = DigestConfig.new(:skein1024_384, 384)
+  SKEIN1024_512 = DigestConfig.new(:skein1024_512, 512)
+  
+  SKEIN256_128 = DigestConfig.new(:skein256_128, 128)
+  SKEIN256_160 = DigestConfig.new(:skein256_160, 160)
+  SKEIN256_224 = DigestConfig.new(:skein256_224, 224)
+  SKEIN256_256 = DigestConfig.new(:skein256_256, 256)
+
+  SKEIN512_128 = DigestConfig.new(:skein512_128, 128)
+  SKEIN512_160 = DigestConfig.new(:skein512_160, 160)
+  SKEIN512_224 = DigestConfig.new(:skein512_224, 224)
+  SKEIN512_256 = DigestConfig.new(:skein512_256, 256)
+  SKEIN512_384 = DigestConfig.new(:skein512_384, 384)
+  SKEIN512_512 = DigestConfig.new(:skein512_512, 512)
+
+  SM3 = DigestConfig.new(:sm3, 256)
+
+  WHIRLPOOL = DigestConfig.new(:whirlpool, 512)
+
+end

data/lib/ccrypto/configs/hmac_config.rb

@@ -0,0 +1,13 @@
+
+
+module Ccrypto
+  class HMACConfig
+    include AlgoConfig
+
+    attr_accessor :key, :digest
+
+    def initialize
+      @digest = :sha256
+    end
+  end
+end

data/lib/ccrypto/configs/kdf_config.rb

@@ -0,0 +1,67 @@
+
+
+module Ccrypto
+  class KDFConfig
+    include AlgoConfig
+    attr_accessor :algo, :outBitLength 
+  end
+
+  class ScryptConfig < KDFConfig
+    attr_accessor :cost, :blockSize, :parallel, :salt
+    
+    # https://stackoverflow.com/questions/11126315/what-are-optimal-scrypt-work-factors
+    # Specific good explanation:
+    # https://stackoverflow.com/a/30308723/3625825
+    # Memory requirement : 128 bytes x Cost Factor x block size
+    # at cost factor 2^14 = 16384 == 128 bytes x 16384 (cost) x 8 (block size) === 16 MB 
+    # if at cost factor 2 ^ 14 = 16384 == 128 x 16384 (cost) x 512 (block size) === 1 GB 
+    # Tuning the cost & block size can change how much memory needed to process this
+    # for EACH TIME PROCESSING...
+    # 
+    # Legitimate user only need to do once
+    # Attacker using brute force may not be feasiable anymore if the value is high
+    #
+    # BC source code indicated 
+    # Cost parameter bound  >= 1 and < 65536 (2^16) (value must be power of 2, i.e 2^1 = 2, 2^2 = 4 etc)
+    # the actual is the max value should be 2^(128*blocksize/8)
+    # block size = 1 == 2^(128*1/8) == 2^(128/8) == 2^16
+    # block size = 2 == 2^(128*2/8) == 2^32 == 4 GB
+    # If want higher value, change block size 2^16 is min in this case because block must be 1 and above
+    # block size>= 1
+    # parallelization must be > 1 and < Integer.MAX_VALUE / (128 * parallelization * 8)
+    # tested on Java 8 Integer.MAX_VALUE = 2GB (2^31)
+    # if parallelization value == 1, the supported parallel is 2048,000
+    # Hmm that's why I think nobody use more then 1?
+    #
+    # this config shall be 16 MB per process
+    #costParam = opts[:costParam] || 2 ** 14 # 2 ^ 16
+    #blockSize = opts[:blockSize] || 8
+    # this one also 16 MB per process
+    # but apparently there are saying higher r is better 
+    # https://stackoverflow.com/a/33297994/3625825
+
+    def initialize
+      @cost = 16384 # 2**14
+      @blockSize = 8
+      @parallel = 1
+      @salt = SecureRandom.random_bytes(16)
+    end
+  end
+
+  class HKDFConfig < KDFConfig
+    attr_accessor :salt, :info, :digest
+    def initialize
+      @salt = SecureRandom.random_bytes(16)
+      @digest = :sha256
+    end
+  end
+
+  class PBKDF2Config < KDFConfig
+    attr_accessor :salt, :digest, :iter
+    def initialize
+      @salt = SecureRandom.random_bytes(16)
+      @digest = :sha256
+      @iter = rand(200000..400000)
+    end
+  end
+end

data/lib/ccrypto/configs/key_config.rb

@@ -0,0 +1,14 @@
+
+
+module Ccrypto
+  class KeyConfig
+    include AlgoConfig
+
+    attr_accessor :algo, :keysize
+
+    def to_s
+      "#{@algo}/#{@keysize}"
+    end
+
+  end
+end