ccrypto 0.1.0

data/lib/ccrypto/configs/keypair_config.rb

@@ -0,0 +1,54 @@
+
+
+module Ccrypto
+  class KeypairConfig
+    include AlgoConfig
+
+    attr_accessor :algo
+    attr_accessor :keypair, :private_key, :public_key
+
+    def has_keypair?
+      (not @keypair.nil?) or not (@privateKey.nil? and @publicKey.nil?)
+    end
+
+    def has_private_key?
+      if has_keypair?
+        not @keypair.private_key.nil?
+      else
+        not @private_key.nil?
+      end
+    end
+
+    def has_public_key?
+      if has_keypair?
+        not @keypair.public_key.nil?
+      else
+        not @public_key.nil?
+      end
+    end
+  end
+
+  class ECCConfig < KeypairConfig
+    attr_accessor :curve
+    def initialize(curve = nil)
+      @algo = :ecc
+      @curve = curve || :prime256v1
+    end
+
+    def to_s
+      "ECC-#{@curve}"
+    end
+  end
+
+  class RSAConfig < KeypairConfig
+    attr_accessor :keysize
+    def initialize(keysize = 2048)
+      @keysize = keysize
+    end
+
+    def to_s
+      "RSA-#{keysize} bits"
+    end
+  end
+
+end

data/lib/ccrypto/configs/pkcs7_config.rb

@@ -0,0 +1,32 @@
+
+
+module Ccrypto
+  class PKCS7Config
+    include AlgoConfig
+    include TR::CondUtils
+
+    #attr_accessor :keybundle
+
+    attr_accessor :private_key, :public_key
+    # for signing operation
+    attr_accessor :signerCert
+    # for decryption operation
+    attr_accessor :certForDecryption
+
+    def add_recipient_cert(cert)
+      recpCerts << cert if not_empty?(cert)
+    end
+
+    def recipient_certs
+      recpCerts
+    end
+
+    protected
+    def recpCerts
+      if @recpCerts.nil?
+        @recpCerts = []
+      end
+      @recpCerts
+    end
+  end
+end

data/lib/ccrypto/configs/secret_sharing_config.rb

@@ -0,0 +1,11 @@
+
+
+module Ccrypto
+  class SecretSharingConfig
+    include AlgoConfig
+
+    attr_accessor :split_into
+    attr_accessor :required_parts
+
+  end
+end

data/lib/ccrypto/configs/secure_random_config.rb

@@ -0,0 +1,7 @@
+
+
+module Ccrypto
+  class SecureRandomConfig
+    include AlgoConfig
+  end
+end

data/lib/ccrypto/configs/x509_cert_profile.rb

@@ -0,0 +1,297 @@
+
+require 'active_support'
+require 'active_support/core_ext/time'
+
+module Ccrypto
+  module X509
+    class CertProfile
+      include Ccrypto::AlgoConfig
+      include TR::CondUtils
+
+      include TeLogger::TeLogHelper
+      teLogger_tag :cert_prof
+
+      class CertProfileException < StandardError; end
+
+      attr_accessor :owner_name, :org
+      attr_accessor :org_unit, :email, :dns_name, :ip_addr, :uri
+      attr_accessor :public_key, :serial, :not_before, :not_after
+      attr_accessor :subj_key_id, :auth_key_id
+      attr_accessor :crl_dist_point, :ocsp_url, :issuer_url
+      attr_accessor :issuer_cert
+      attr_accessor :hashAlgo
+      attr_accessor :raise_if_validity_date_not_in_issuer_range
+
+      def initialize
+        @hashAlgo = Ccrypto::SHA256
+        @serial = SecureRandom.hex(16)
+        @subj_key_id = true
+        @auth_key_id = true
+        @issuerCert = false
+        now = Time.now
+        @not_before = Time.new(now.year, now.month, now.day)
+        @not_after = Time.new(now.year+2, now.month, now.day)
+        @raise_if_validity_date_not_in_issuer_range = false
+      end
+
+      def gen_issuer_cert?
+        @issuerCert
+      end
+      def gen_issuer_cert=(val)
+        @issuerCert = val
+      end
+
+      def gen_subj_key_id?
+        @subj_key_id
+      end
+      def gen_subj_key_id=(val)
+        @subj_key_id = val
+      end
+
+      def gen_auth_key_id?
+        @auth_key_id
+      end
+      def gen_auth_key_id=(val)
+        @auth_key_id = val
+      end
+
+      def org_unit
+        if @org_unit.nil?
+          []
+        elsif not @org_unit.is_a?(Array)
+          [@org_unit]
+        else
+          @org_unit
+        end
+      end
+
+      def email
+        if @email.nil?
+          []
+        elsif not @email.is_a?(Array)
+          [@email]
+        else
+          @email
+        end
+      end
+
+      def dns_name
+        if @dns_name.nil?
+          []
+        elsif not @dns_name.is_a?(Array)
+          [@dns_name]
+        else
+          @dns_name
+        end
+      end
+
+      def ip_addr
+        if @ip_addr.nil?
+          []
+        elsif not @ip_addr.is_a?(Array)
+          [@ip_addr]
+        else
+          @ip_addr
+        end
+      end
+
+      def uri
+        if @uri.nil?
+          []
+        elsif not @uri.is_a?(Array)
+          [@uri]
+        else
+          @uri
+        end
+      end
+
+      def crl_dist_point
+        if @crl_dist_point.nil?
+          []
+        elsif not @crl_dist_point.is_a?(Array)
+          [@crl_dist_point]
+        else
+          @crl_dist_point
+        end
+      end
+
+      def ocsp_url
+        if @ocsp_url.nil?
+          []
+        elsif not @ocsp_url.is_a?(Array)
+          [@ocsp_url]
+        else
+          @ocsp_url
+        end
+      end
+
+      def issuer_url
+        if @issuer_url.nil?
+          []
+        elsif not @issuer_url.is_a?(Array)
+          [@issuer_url]
+        else
+          @issuer_url
+        end
+      end
+
+      def validity(qty, unit = :years)
+     
+        raise CertProfileException, "not_before has to set before validity can be set" if is_empty?(@not_before)
+
+        case unit
+        when :days, :day
+          adv = { days: qty }
+        when :months, :month
+          adv = { months: qty }
+        when :weeks, :week
+          adv = { weeks: qty }
+        when :years, :year
+          adv = { years: qty }
+        else
+          raise CertProfileException, "Unknown unit '#{unit}'"
+        end
+
+        @not_after = @not_before.advance(adv)
+
+      end
+
+      def match_issuer_not_before(issuer_not_before)
+        if not_empty?(issuer_not_before)
+          if issuer_not_before.is_a?(Time)
+            if issuer_not_before > @not_before
+              if @raise_if_validity_date_not_in_issuer_range
+                raise X509CertNotBeforeException, "Issuer not_before '#{issuer_not_before.localtime}' > To-be-signed cert not_before '#{@not_before.localtime}'"
+              else
+                teLogger.info "Issuer has not_before at #{issuer_not_before.localtime} but to-be-signed certificate has not_before at #{@not_before.localtime}. To-be-signed certificate cannot has not_before earlier than issuer not_before. Auto adjusting the to-be-signed certificate to #{issuer_not_before.localtime}."
+                @not_before = issuer_not_before
+              end
+            else
+              teLogger.debug "to-be-signed certificate has valid not_before value (#{@not_before}) : after issuer not_before (#{issuer_not_before})"
+            end
+          else
+            teLogger.warn "issuer_not_before is not a Time object. It is a '#{issuer_not_before.class}'"
+          end
+        end
+      end
+
+      def match_issuer_not_after(issuer_not_after)
+        if not_empty?(issuer_not_after)
+          if issuer_not_after.is_a?(Time)
+            if @not_after > issuer_not_after
+              if @raise_if_validity_date_not_in_issuer_range
+                raise X509CertNotAfterException, "Issuer not_after '#{issuer_not_after.localtime}' < To-be-signed cert not_after '#{@not_after.localtime}'"
+              else
+                teLogger.info "Issuer has not_after at #{issuer_not_after.localtime} but to-be-signed certificate has not_after at #{@not_after.localtime}. To-be-signed certificate cannot has not_after later than issuer not_after. Auto adjusting the to-be-signed certificate to #{issuer_not_after.localtime}."
+                @not_after = issuer_not_after
+              end
+            else
+              teLogger.debug "to-be-signed certificate has valid not_after value (#{@not_after}): before issuer not_after (#{issuer_not_after})"
+            end
+          else
+            teLogger.warn "issuer_not_after is not a Time object. It is a '#{issuer_not_after.class}'"
+          end
+        end
+      end
+
+      class KeyUsage
+        #Key = [:digitalSignature, :nonRepudiation, :keyEncipherment, :dataEncipherment, :keyAgreement, :keyCertSign, :crlSign, :encipherOnly, :decipherOnly]
+        Usages = {
+          digitalSignature: "Digital signature",
+          nonRepudiation: "Non Repudiation",
+          keyEncipherment: "Key encipherment",
+          dataEncipherment: "Data encipherment",
+          keyAgreement: "Key agreement",
+          keyCertSign: "Sign/Issue certificate",
+          crlSign: "Sign/Issue Certificate Revocation List (CRL)",
+          encipherOnly: "Data encipherment only",
+          decipherOnly: "Data decipherment only",
+        }
+
+        def initialize
+          @selected = {  }
+        end
+
+        def selected
+          @selected 
+        end
+
+        Usages.keys.each do |k|
+          class_eval <<-END
+            def enable_#{k}(critical = false)
+              @selected[:#{k}] = critical
+              self
+            end
+          END
+        end
+
+      end  # KeyUsage
+
+
+      class ExtKeyUsage
+        #Key = [:allPurpose, :serverAuth, :clientAuth, :codeSigning, :emailProtection, :timestamping, :ocspSigning, :ipSecIKE, :msCodeInd, :msCodeCom, :msCtlsign, :msEFS, :dvcs]
+        Usages = {
+          allPurpose: "All extended key usages",
+          serverAuth: "TLS server authentication",
+          clientAuth: "TLS client authentication",
+          codeSigning: "Code signing",
+          emailProtection: "Email protection",
+          timestamping: "Time stamping",
+          ocspSigning: "Online Cert Status Protocol signing",
+          ipSecIKE: "IPSec Initial Key Exchange",
+          msCodeInd: "Microsoft Code Ind",
+          msCodeCom: "Microsoft Code Com",
+          msCtlsign: "Microsoft CTL Sign",
+          msEFS: "Microsoft EFS",
+          dvcs: "DVCS purposes"
+        }
+
+
+        def initialize
+          @selected = {  }
+        end
+
+        def selected
+          @selected 
+        end
+
+        Usages.keys.each do |k|
+          class_eval <<-END
+            def enable_#{k}(critical = false)
+              @selected[:#{k}] = critical
+              self
+            end
+          END
+        end
+
+        
+      end  #extKeyUsage
+
+      def key_usage
+        if @keyUsage.nil?
+          @keyUsage = KeyUsage.new
+        end
+        @keyUsage
+      end
+
+      def ext_key_usage
+        if @extKeyUsage.nil?
+          @extKeyUsage = ExtKeyUsage.new
+        end
+        @extKeyUsage
+      end
+
+      def add_domain_key_usage(oid, critical = false)
+        domain_key_usage[oid] = critical
+      end
+
+      def domain_key_usage
+        if @domainKeyUsage.nil?
+          @domainKeyUsage = {  }
+        end
+        @domainKeyUsage
+      end
+
+    end
+  end
+end

data/lib/ccrypto/key_bundle.rb

@@ -0,0 +1,15 @@
+
+
+module Ccrypto
+  module KeyBundle
+    attr_accessor :nativeKeypair
+  end
+
+  module ECCKeyBundle
+    include KeyBundle
+  end
+
+  module RSAKeyBundle
+    include KeyBundle
+  end
+end

data/lib/ccrypto/private_key.rb

@@ -0,0 +1,30 @@
+
+
+module Ccrypto
+  class PrivateKey
+    attr_accessor :native_privKey
+    def initialize(privKey)
+      @native_privKey = privKey
+    end
+
+    def method_missing(mtd, *args, &block)
+      if @native_privKey.nil?
+        super
+      else
+        @native_privKey.send(mtd, *args, &block)
+      end
+    end
+
+    def respond_to_missing?(mtd, *args, &block)
+      if @native_privKey.nil?
+        false
+      else
+        @native_privKey.respond_to?(mtd)
+      end
+    end
+
+  end # PrivateKey
+
+  class ECCPrivateKey < PrivateKey; end
+  class RSAPrivateKey < PrivateKey; end
+end

data/lib/ccrypto/provider.rb

@@ -0,0 +1,93 @@
+
+require 'singleton'
+
+module Ccrypto
+  
+  class ProviderException < StandardError; end
+
+  class Provider
+    include Singleton
+    include TR::CondUtils
+
+    def register(prov)
+      raise ProviderException, "Provider cannot be nil" if prov.nil?
+      raise ProviderException, "Provider must have name" if not prov.respond_to?(:provider_name)
+
+      add_provider(prov)
+    end
+
+    def default_provider=(prov)
+      raise ProviderException, "Nil provider is not supported" if prov.nil?
+
+      case prov
+      when String
+        if is_provider_registered?(prov)
+          @defaultProvider = find_provider(prov)
+        else
+          raise ProviderException, "Given provider '#{prov}' to set as default has yet to be registered."
+        end
+      else
+        if prov.respond_to?(:provider_name) 
+          add_provider(prov) if not is_provider_registered?(prov.provider_name)
+          @defaultProvider = prov
+        else
+          raise ProviderException, "Given provider to set as default does not have name"
+        end
+      end
+
+      @defaultProvider
+    end
+    def default_provider
+      @defaultProvider
+    end
+
+
+    def find_provider(prov)
+      if not_empty?(prov)
+        providers[prov]
+      else
+        raise ProviderException, "Cannot find nil empty provider"
+      end
+    end
+
+    def provider
+      raise ProviderException, "No provider is registered" if is_providers_empty?
+      
+      if is_empty?(default_provider)
+        providers.values.first
+      else
+        default_provider
+      end
+    end
+
+
+    private
+    def add_provider(prov)
+      providers[prov.provider_name] = prov
+      logger.debug "Provider '#{prov.provider_name}' registered"
+    end
+
+    def is_provider_registered?(provName)
+      providers.keys.include?(provName)
+    end
+
+    def is_providers_empty?
+      providers.empty?
+    end
+
+    def providers
+      if @providers.nil?
+        @providers = {}
+      end
+      @providers
+    end
+
+    def logger
+      if @logger.nil?
+        @logger = Tlogger.new
+      end
+      @logger
+    end
+
+  end
+end

data/lib/ccrypto/public_key.rb

@@ -0,0 +1,30 @@
+
+
+module Ccrypto
+  class PublicKey
+    attr_accessor :native_pubKey
+    def initialize(pubkey)
+      @native_pubKey = pubkey
+    end
+
+    def method_missing(mtd, *args, &block)
+      if @native_pubKey.nil?
+        super
+      else
+        @native_pubKey.send(mtd, *args, &block)
+      end
+    end
+
+    def respond_to_missing?(mtd, *args, &block)
+      if @native_pubKey.nil?
+        false
+      else
+        @native_pubKey.respond_to?(mtd)
+      end
+    end
+
+  end # PublicKey
+
+  class ECCPublicKey < PublicKey; end
+  class RSAPublicKey < PublicKey; end
+end

data/lib/ccrypto/secret_key.rb

@@ -0,0 +1,13 @@
+
+
+module Ccrypto
+  class SecretKey
+    attr_accessor :algo
+    attr_accessor :key
+
+    def initialize(algo, key)
+      @algo = algo
+      @key = key
+    end
+  end
+end

data/lib/ccrypto/util_factory.rb

@@ -0,0 +1,9 @@
+
+
+module Ccrypto
+  class UtilFactory
+    def self.instance(*args, &block)
+      Provider.instance.provider.util_instance(*args, &block)
+    end
+  end
+end

data/lib/ccrypto/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Ccrypto
+  VERSION = "0.1.0"
+end

data/lib/ccrypto/x509_cert.rb

@@ -0,0 +1,12 @@
+
+
+module Ccrypto
+  class X509Cert
+    attr_accessor :nativeX509
+
+    def initialize(x509)
+      @nativeX509 = x509
+    end
+
+  end
+end

data/lib/ccrypto.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require 'toolrack'
+require 'tlogger'
+
+require_relative "ccrypto/version"
+
+require_relative 'ccrypto/provider'
+require_relative 'ccrypto/algo_factory'
+require_relative 'ccrypto/key_bundle'
+
+require_relative 'ccrypto/asn1'
+require_relative 'ccrypto/asn1_object'
+
+require_relative 'ccrypto/util_factory'
+
+Dir.glob(File.join(File.dirname(__FILE__),"ccrypto","configs","*.rb")) do |f|
+  require f
+end
+
+require_relative 'ccrypto/public_key'
+require_relative 'ccrypto/private_key'
+require_relative 'ccrypto/secret_key'
+
+require_relative 'ccrypto/x509_cert'
+
+module Ccrypto
+  class Error < StandardError; end
+  class CcryptoProviderException < StandardError; end
+
+  class DigestEngineException < StandardError; end
+  class KDFEngineException < StandardError; end
+  class HMACEngineException < StandardError; end
+  class KeypairEngineException < StandardError; end
+  class KeyBundleException < StandardError; end
+  class X509EngineException < StandardError; end
+  class CipherEngineException < StandardError; end
+  class ASN1EngineException < StandardError; end
+
+  class CompressionError < StandardError; end
+  class DecompressionException < StandardError; end
+
+  class MemoryBufferException < StandardError; end
+
+  class SecretSharingException < StandardError; end
+
+  class X509CertException < StandardError; end
+  class X509CertNotBeforeException < StandardError; end
+  class X509CertNotAfterException < StandardError; end
+
+  class KeyBundleStorageException < StandardError; end
+  # Your code goes here...
+end