RubyGems - ccrypto - Versions diffs - 0.1.2 → 0.2.0 - Mend

ccrypto 0.1.2 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (31) hide show

checksums.yaml +4 -4
data/.release_history.yml +4 -0
data/.rubocop.yml +2 -0
data/Gemfile +2 -0
data/Gemfile.lock +43 -31
data/Rakefile +1 -2
data/ccrypto.gemspec +3 -1
data/lib/ccrypto/capability.rb +15 -0
data/lib/ccrypto/configs/algo_config.rb +5 -5
data/lib/ccrypto/configs/cipher_config.rb +59 -97
data/lib/ccrypto/configs/digest_config.rb +89 -78
data/lib/ccrypto/configs/hmac_config.rb +8 -3
data/lib/ccrypto/configs/kdf_config.rb +73 -11
data/lib/ccrypto/configs/key_config.rb +8 -1
data/lib/ccrypto/configs/keypair_config.rb +94 -13
data/lib/ccrypto/configs/secret_sharing_config.rb +7 -0
data/lib/ccrypto/configs/x509_cert_profile.rb +10 -7
data/lib/ccrypto/configs/x509_csr_profile.rb +1 -1
data/lib/ccrypto/digest_matcher.rb +122 -0
data/lib/ccrypto/in_memory_record.rb +255 -0
data/lib/ccrypto/key_bundle.rb +20 -1
data/lib/ccrypto/keystore.rb +25 -0
data/lib/ccrypto/private_key.rb +8 -0
data/lib/ccrypto/public_key.rb +13 -0
data/lib/ccrypto/secret_key.rb +9 -4
data/lib/ccrypto/supported_cipher_list.rb +6 -113
data/lib/ccrypto/version.rb +1 -1
data/lib/ccrypto/x509_cert.rb +5 -0
data/lib/ccrypto/x509_csr.rb +2 -0
data/lib/ccrypto.rb +44 -0
metadata +12 -7

data/lib/ccrypto/configs/kdf_config.rb CHANGED Viewed

@@ -3,11 +3,12 @@
 module Ccrypto
   class KDFConfig
     include AlgoConfig
-    attr_accessor :algo, :outBitLength
+    attr_accessor :algo
   end
   class ScryptConfig < KDFConfig
-    attr_accessor :cost, :blockSize, :parallel, :salt
+    attr_accessor :cost, :blocksize, :parallel
+    attr_accessor :outBitLength, :salt
     # https://stackoverflow.com/questions/11126315/what-are-optimal-scrypt-work-factors
     # Specific good explanation:
@@ -43,35 +44,43 @@ module Ccrypto
     def initialize
       @algo = :scrypt
       @cost = 16384 # 2**14
-      @blockSize = 8
+      @blocksize = 8
       @parallel = 1
       @salt = SecureRandom.random_bytes(16)
     end
   end
   class HKDFConfig < KDFConfig
-    attr_accessor :salt, :info, :digest
+    attr_accessor :salt, :digest, :outBitLength
+    attr_accessor :info
+    attr_accessor :provider_config
     def initialize
       @algo = :hkdf
       @salt = SecureRandom.random_bytes(16)
       @digest = :sha3_256
     end
-  end
+  end # HKDFConfig
   class PBKDF2Config < KDFConfig
     attr_accessor :salt, :digest, :iter
+    attr_accessor :outBitLength
     def initialize
       @algo = :pbkdf2
       @salt = SecureRandom.random_bytes(16)
       @digest = :sha3_256
       @iter = rand(300000..500000)
     end
-  end
+  end # PBKDF2Config
   class Argon2Config < KDFConfig
     attr_accessor :cost, :salt, :secret, :parallel, :iter
     attr_accessor :variant
+    attr_accessor :outBitLength
+    def self.variants
+      [:argon2d, :argon2i, :argon2id, :argon2_version_10, :argon2_version_13].freeze
+    end
     def initialize
@@ -81,13 +90,18 @@ module Ccrypto
       @salt = SecureRandom.random_bytes(16)
       # Secret value which has to be stored in a different secure location from the password hashes
-      @secret = SecureRandom.random_bytes(16)
+      #@secret = SecureRandom.random_bytes(16)
-      # The RFC recommends 4 GB for backend authentication and 1 GB for frontend authentication.
-      @cost = 1*1024*1024*1024
+      # The RFC recommends 4 GB for backend authentication and 1 GB for frontend authentication.
+      # Unit is in Kilobytes. Min is 8 kb. Convert internally to kb hence the value is 8192
+      # 1024*1024 = 1048576 (1GB)
+      #@cost = 1048576
+      # 25 Dec 2023 - Change it to 2**@cont value below
+      # 1GB = 2**20 hence the @cont value should be 20 if 1GB RAM is required
+      @cont = 20
       # Choose the Number of CPU-Threads you can afford each call (2 Cores = 4 Threads)
-      @parallel = 4
+      @parallel = 1
       # Set the number of Iterations each call -> More Iterations = Better Security + more Hashing Time
       # > 3 Iterations recommended
@@ -103,6 +117,54 @@ module Ccrypto
     end
-  end
+  end # Argon2Config
+  #
+  # BCrypt returns fixed 24 bytes (192 bits) output
+  #
+  class BCryptConfig < KDFConfig
+    # Salt is 16 bytes long
+    attr_accessor :salt
+    # Cost is exponent 2^cost, range from 4 - 31 inclusive
+    attr_accessor :cost
+    # Fixed output length of 24 bytes / 192 bits
+    attr_reader :outBitLength, :max_input_byte_length
+    attr_reader :salt_length, :cost_lowest_bound, :cost_upper_bound
+    def self.outBitLength
+      192
+    end
+    def self.outByteLength
+      24
+    end
+    def self.max_input_byte_length
+      72
+    end
+    def self.salt_length
+      16
+    end
+    def self.cost_lowest_bound
+      4
+    end
+    def self.cost_upper_bound
+      31
+    end
+    def initialize
+      #@salt = SecureRandom.random_bytes(16)
+      @cost = 16
+      @outBitLength = self.class.outBitLength
+      @max_input_byte_length = self.class.max_input_byte_length # 72 # bcrypt can only handle password  <= 72 bytes (Java BC)
+      @salt_length = self.class.salt_length
+      @cost_lowest_bound = self.class.cost_lowest_bound
+      @cost_upper_bound = self.class.cost_upper_bound
+    end
+  end # BCryptConfig
 end

data/lib/ccrypto/configs/key_config.rb CHANGED Viewed

@@ -4,7 +4,14 @@ module Ccrypto
   class KeyConfig
     include AlgoConfig
-    attr_accessor :algo, :keysize
+    attr_reader :algo, :keysize
+    attr_accessor :provider_config
+    def initialize(algo, keysize)
+      @algo = algo
+      @keysize = keysize
+    end
     def to_s
       "#{@algo}/#{@keysize}"

data/lib/ccrypto/configs/keypair_config.rb CHANGED Viewed

@@ -17,6 +17,8 @@ module Ccrypto
     attr_reader :default
+    attr_accessor :provider_config
     def initialize(status = Algo_Active, default = false)
       @algo_status = status
       @default = default
@@ -62,20 +64,28 @@ module Ccrypto
   class ECCConfig < KeypairConfig
-    def self.name
-      "Elliptic Curve (ECC)"
+    def self.algo_name
+      "Elliptic Curve (ECC) (Classical - Signing and Encryption)"
+    end
+    def self.algo_key
+      :ecc
     end
-    attr_accessor :curve
+    attr_reader :curve
     def initialize(curve = nil, status = Algo_Active, default = false)
-      @algo = :ecc
+      @algo = self.class.algo_key
       @curve = curve || :prime256v1
       @curve = @curve.to_sym if not @curve.is_a?(Symbol)
       super(status, default)
     end
+    def param
+      @curve
+    end
     def to_s
-      "#{@curve}"
+      "ECC - #{@curve}"
     end
     def self.supported_curves(&block)
@@ -84,16 +94,25 @@ module Ccrypto
   end # ECCConfig
   class RSAConfig < KeypairConfig
-    def self.name
-      "RSA"
+    def self.algo_name
+      "RSA (Classical - Signing and Encryption)"
     end
-    attr_accessor :keysize
+    def self.algo_key
+      :rsa
+    end
+    attr_reader :keysize
     def initialize(keysize = 2048, status = Algo_Active, default = false)
+      @algo = self.class.algo_key
       @keysize = keysize
       super(status, default)
     end
+    def param
+      @keysize
+    end
     def to_s
       "RSA-#{keysize} bits"
     end
@@ -105,25 +124,87 @@ module Ccrypto
   # ED25519 for data signature
   class ED25519Config < KeypairConfig
-    def self.name
-      "ED25519 (Signing Only)"
+    def self.algo_name
+      "ED25519 (Classical - Signing Only)"
+    end
+    def self.algo_key
+      :ed25519
     end
     def initialize
-      algo = :ed25519
+      @algo = self.class.algo_key
       super(Algo_Active, true)
     end
+    def param
+      nil
+    end
   end
   # X25519 for key exchange
   class X25519Config < KeypairConfig
-    def self.name
+    def self.algo_name
       "X25519 (Data Encipherment only)"
     end
+    def self.algo_key
+      :x25519
+    end
     def initialize
-      algo = :x25519
+      @algo = self.class.algo_key
       super(Algo_Active, true)
     end
+    def param
+      nil
+    end
+  end
+  # PQ Crystal Kyber
+  class CrystalKyberConfig < KeypairConfig
+    def self.algo_name
+      "Crystal Kyber (PQC - Signing)"
+    end
+    def self.algo_key
+      :crystal_kyber
+    end
+    attr_reader :param
+    def initialize(kyberParam, default = false)
+      @param = kyberParam
+      @algo = self.class.algo_key
+      super(Algo_Active, default)
+    end
+    def to_s
+      "PQ Crystal Kyber #{@param}"
+    end
+  end
+  # PQ Crystal Dlithium
+  class CrystalDilithiumConfig < KeypairConfig
+    # has unintended consequences during YAML dump and load
+    #def self.name
+    #  "PQ Crystal Dilithium Family (for Signing)"
+    #end
+    def self.algo_name
+      "Crystal Dilithium (PQC - Encryption)"
+    end
+    def self.algo_key
+      :crystal_dilithium
+    end
+    attr_reader :param
+    def initialize(param, default = false)
+      @param = param
+      @algo = self.class.algo_key
+      super(Algo_Active, default)
+    end
+    def to_s
+      "PQ Crystal Dilithium #{@param}"
+    end
   end
 end

data/lib/ccrypto/configs/secret_sharing_config.rb CHANGED Viewed

@@ -7,5 +7,12 @@ module Ccrypto
     attr_accessor :split_into
     attr_accessor :required_parts
+    def initialize(val = {})
+      if val.is_a?(Hash)
+        @split_into = val[:split_into]
+        @required_parts = val[:required_parts]
+      end
+    end
   end
 end

data/lib/ccrypto/configs/x509_cert_profile.rb CHANGED Viewed

@@ -27,7 +27,7 @@ module Ccrypto
       attr_accessor :issuer_path_len
       def initialize
-        @hashAlgo = Ccrypto::SHA256
+        @hashAlgo = :sha256
         @serial = SecureRandom.hex(16)
         @subj_key_id = true
         @auth_key_id = true
@@ -231,6 +231,7 @@ module Ccrypto
         @not_after = @not_before.advance(adv)
       end
+      alias_method :valid_for, :validity
       def match_issuer_not_before(issuer_not_before)
         if not_empty?(issuer_not_before)
@@ -314,12 +315,12 @@ module Ccrypto
           emailProtection: "Email protection",
           timeStamping: "Time stamping",
           OCSPSigning: "Online Cert Status Protocol signing",
-          ipSecIKE: "IPSec Initial Key Exchange",
-          msCodeInd: "Microsoft Code Ind",
-          msCodeCom: "Microsoft Code Com",
-          msCtlsign: "Microsoft CTL Sign",
-          msEFS: "Microsoft EFS",
-          dvcs: "DVCS purposes"
+          #ipSecIKE: "IPSec Initial Key Exchange",
+          #msCodeInd: "Microsoft Code Ind",
+          #msCodeCom: "Microsoft Code Com",
+          #msCtlsign: "Microsoft CTL Sign",
+          #msEFS: "Microsoft EFS",
+          #dvcs: "DVCS purposes"
         }
@@ -371,6 +372,7 @@ module Ccrypto
       def add_custom_extension(oid, value, type = :string, critical = false)
         custom_extension[oid] = { type: type, value: value, critical: critical }
       end
+      alias_method :add_domain_extension, :add_custom_extension
       def custom_extension
         if @custom_extension.nil?
@@ -378,6 +380,7 @@ module Ccrypto
         end
         @custom_extension
       end
+      alias_method :domain_extension, :custom_extension
     end
   end

data/lib/ccrypto/configs/x509_csr_profile.rb CHANGED Viewed

@@ -16,7 +16,7 @@ module Ccrypto
       attr_accessor :hashAlgo
       def initialize
-        @hashAlgo = Ccrypto::SHA256
+        @hashAlgo = :sha256
       end
       def org_unit

data/lib/ccrypto/digest_matcher.rb ADDED Viewed

@@ -0,0 +1,122 @@
+module Ccrypto
+  class DigestMatcherError < StandardError; end
+  #
+  # Match specific digest algo into common name inside the Ccrypto realm.
+  # The name is essential to let program to decide what to do
+  # Indirectly this should be the master list of supported digest algo
+  # inside the library
+  #
+  class DigestMatcher
+    MatcherTestStr = "antrapol ensures data is secure when and where you want it to be".freeze
+    #
+    # Here is how the digest table value is generated
+    #
+    def self.generate_digest(digestConf)
+      raise DigestMatcherError, "CCrypto::DigestConfig is required. Given '#{digestConf}'" if not digestConf.is_a?(Ccrypto::DigestConfig)
+      dig = Ccrypto::AlgoFactory.engine(digestConf)
+      if digestConf.has_fixed_input_len_byte?
+        len = digestConf.fixed_input_len_byte
+        if len <= MatcherTestStr.length
+          dat = MatcherTestStr[0...digestConf.fixed_input_len_byte]
+        else
+          dat = "#{MatcherTestStr} #{MatcherTestStr[0..(len-MatcherTestStr.length)-2]}"
+        end
+        logger.debug "Digest #{digestConf.inspect} has fixed_input_len_byte #{digestConf.fixed_input_len_byte}. Test data length : #{dat.length}"
+      else
+        dat = MatcherTestStr[0...8]
+        logger.debug "Digest #{digestConf.inspect} has no fixed input length restriction. Test data length : #{dat.length}"
+      end
+      dig.digest(dat, :b64)
+    end
+    def self.find_digest_key(digest)
+      if @dtable.nil?
+        # key is always symbol
+        # Decision to use symbol instead of string is symbol has limited way to encode:
+        # e.g. not able to include space or "-"
+        # If use String the permutation has more combination which increase the chance of
+        # ambiguity
+        @dtable = {
+          blake2b160: "0pLDxiKPKtVreDFhuDjDyeHwbB4=",
+          blake2b256: "gNdYJkgjFG3iRHjbAh6ov3csxZnR21iPv2v2kLoQjfg=",
+          blake2b384: "CbsfQsXyD35cMGZua4e6zx8BbGcSj0l56gOiiALVnKlYpCxWmpTYMjJxAmeVgjMu",
+          blake2b512: "QiiQhD4DndbOlaZMczD78BAdovWG5UM3Ba4XtmiXGKVvosPFgMn3xnb5qZ0DmKCgMrCLNwNulpIZrBukfMImww==",
+          blake2s128: "3jy26+gJFpYpyw1fTS6cgA==",
+          blake2s160: "wTZb6KBFCN3wt21wFW8hAzs3Io0=",
+          blake2s224: "+eHnZDIeFdj0VFK7OzETys8HzPzE+02DHIPI3A==",
+          blake2s256: "PD5L2mMOlSI6pJHT6Va/x6EDas0vZKjWPJ2+3nE/9Jk=",
+          blake3256:  "nZKbHB35VnexVgZ+6TQ2i7rDjBjy/yPPeZn2FHAvqo0=",
+          dstu7564_256: "OL9g8GSInAjTmNYKwiA7wzIAq3sElpJvK7gsDcPKvz0=",
+          dstu7564_384: "IS9kM7dStF5pnxTdnJHMzQzZH/RB4vtowHPzBUjpr0EYE2rFCIC+L7Iw/EUTQUDG",
+          dstu7564_512: "vHf5CRg+eE9369X66djajCEvZDO3UrReaZ8U3ZyRzM0M2R/0QeL7aMBz8wVI6a9BGBNqxQiAvi+yMPxFE0FAxg==",
+          gost3411: "V4SIGhgZ3iwbrELe0AtK4f0i1YWaLoiNtVXCsqEQ1Wk=",
+          gost3411_2012_256: "gVQfx7U8Vd5XiKS0EjGFgbGVu0ZGj0hPRvoGz+F62FE=",
+          gost3411_2012_512: "ZMzHqL34UQyUSOvJgHBYlxJg7F+nTL/Qk2BU6fmDa7l968I2D47GDVL+3aA6LG8ZCvRyLAzbh/MvsKlX833WKQ==",
+          haraka256: "2pKCohySDK5bQx1G4H2C+4u8f1B09JQRnBo6f01xQHQ=",
+          haraka512: "g6KV4sJyErkk+HXWdTm7PH/RruqQAwploXK6dMhHC+w=",
+          keccak224: "3gFqjSP2Pc91QyH5xdaHck6aAoWnR+mjHbtFBg==",
+          keccak256: "96OfrPDMlOaRrQSfgbnFzrBhTDIRu0SPqEReyblUJ4k=",
+          keccak288: "v6vOPybqNq/Nmh2F675IzjWC2fjPBXl4grIb5SDKPU/uiMWj",
+          keccak384: "x/pKD7QmWywC14LYltOluCDH0U74S3YZONomZlTwQep+HGud70cYOQ/7ie+sMml6",
+          keccak512: "jSKQMB0fPrQV2zqYeSw59iDvwMsQwyE300dt5hNg4xPD69JP5W56v78LoV3jakJ+x4c+ZIE8NudPH5mGLo9Iag==",
+          parallelhash128_256: "bfpgOoHKnrqUHTrOj0bMa6WZRTSrEYIcidQaOG//A2M=",
+          parallelhash256_512: "c9DA3ooYlZNbGtxQgmfDrCltzXTmoTSmyJPO+2DrDcxcCUSodsOHctslFg/RbCVeN7LXh+sPXOd9NfRuaLPPxQ==",
+          ripemd128: "icy8Y0N0gU8O87hG+MwR1Q==",
+          ripemd160: "flnmtKvfan+4WH97spKi8XtAHrE=",
+          ripemd256: "Mf7adgrLqqrcpxZ752ad6v6tU7prl9FnBq2TYNPPoWk=",
+          ripemd320: "YdBKsjywQJ7bmByl+6Zn9J6RWAUeyeYmvSM3SoCImv028PIuHO8m3w==",
+          sha1: "RwUUHm8U866yoBNfGM4V2Ad2/D4=",
+          sha224: "zpQtV56miDL6LejIkXJ30o+9OtqcRsGq+EZX/A==",
+          sha256: "sNTq2sf8uzHKDiUt+Y1Vr/HVrW8AgLevQZ/HHKJubDA=",
+          sha384: "5KqG3DsSm6KxmAeS+buH0avldfM2DcR1b9GMRZjlK1F5jR5Lwg0TGbRRJ5U3ylFB",
+          sha512: "T7J7I3/VFMRSKt8q8KrWi9fsnzjXpFNEvoL5eVGI1Vt0HHfmFH5SHNg6L4X3l5GBcg6X6zlUBSqZk1QiKy8b4g==",
+          sha512_224: "On15IMF7xtTypEN2zlbl9LMD0++AX7Vo0uEGGw==",
+          sha512_256: "t1xIQgjCiIapNoseg1q3DdQQO7rngCga9ewqZ44EqOg=",
+          sha3_224: "VjXrA6pwc0z7BFPaGFCLGWB6o5LaOKAw8XGs1A==",
+          sha3_256: "raUIZ+3KcfEJTtcCzQCSTmZPcZFhlOVUsjDghhfhPxo=",
+          sha3_384: "wiBHqnLyOzMl228JaQq8Zd5E9GFJQlY3lWIE/14AyQbY0csl3wUPoqmIFEBJ5EVz",
+          sha3_512: "5fNjwalHgZL2ROHQNtsdJhVIkrXOXCOfTZg0kNXGuGrDVCwl9ERVAG5wHNXKDFW/D72gqoW0XDUIwDt+DMyzyw==",
+          shake128_256: "ChxTTokFs354PoInE4eXcZU3RLslAjBAgogFUlZKAr8=",
+          shake256_512: "1c+ERFraWmph91mdDe7LEpmcjgl3fYocO4a5L09DBM7BsuUMrgXC/QOwW9Ug6U7bqzpLa2Wot9K1ilEhy9lsUw==",
+          skein1024_1024: "LSCcR3WLi7KbAn30M8xDbZVn/DA0UJcJj4PrO/IH1nwFJ3Hac9v5XC1ckHvUzmQeaygzV1yyDbqnvmnhFx8WWRNhJ6/9doUHt5pPdH9czupjV1F1J0CrjFbgnQaruyAEWPJ/roOpWR28sVohAiXlZT73/jvFA1qUn46kFr1KOFo=",
+          skein1024_384: "py97erCjOPwWNv4kE7KoV5op22Lkh0xq/JM5hw6ezu2+5Vm9ylvCgESbCFrgn+uy",
+          skein1024_512: "OnAy/fSXBykZpAFSkqfmRFPtiFe2SpEeGH8JVY1jhllbhOqGyLyL+flY9Buymc8O+bkRM95IZphkwgD1R5nlmw==",
+          skein256_128: "2IzEhmqfdrBzNJli8v9tHA==",
+          skein256_160: "mBFGB+cBumPVLdjNHg06szlvwNo=",
+          skein256_224: "ZG8Ia4m2/8W2+zI76zpensT84xYjZZeQBNmCOw==",
+          skein256_256: "s3hhdiS2r+nTJxE2f0Vkx0MvDvPc9j35zbXbziDkovM=",
+          skein512_128: "bb17DoKVvzqyA4IconI3vg==",
+          skein512_160: "BzoVjJObMVkGMx+sa7uLS/kNCIk=",
+          skein512_224: "LlxCIHa9sHm+g7wXTOesVpjSrk7TvOYMC5AknQ==",
+          skein512_256: "4UUxlYOSqITg96ZtlBYBUtQeh1mLgOuoMFP47SmJ4RA=",
+          skein512_384: "EDoBTYO6G2mbBCfYuan1lIuazB+ToGP4gUB8uj+248SUd0r57tY1mWEfOMQOoSiS",
+          skein512_512: "94/CDISu4nyY2Pobuq9N5lGA0Jdybc3gfdudSmUbuHdXYdjnameJt9UvunQIO9MCufG0QyEgOBsjBNasPw46XQ==",
+          sm3: "X1mEgSOAmjzrvU5jci1e2iK42HVyYvROhpxp0BiKw2s=",
+          tiger: "Y5UJEZq2ZEFkoOFSak1WmRcstCFuRe9H",
+          tuplehash128_256: "xTUUf5y3DDNvfYEY19ezdXygpzcx33nnpexAzU81HR4=",
+          tuplehash256_512: "Ey2RfbNNCYMu9CpmEwNq+BMrd90TPCCPV1fgefGdY9bNObnb76l+z+ju3ZPZ12+eGAz3xTXAX7HKOWqrw/8r2w==",
+          whirlpool: "CsHu74qufeIg1eG72WDiydOO+CkPg5XDIzMFL4izDmFg+YHWE/v1g/RYzTD3BipFUWrrHKz+1itoYTxuJ4w+Mg=="
+        }
+      end
+      @dtable.invert[digest]
+    end
+    private
+    def self.logger
+      Ccrypto.logger(:digest_matcher)
+    end
+  end
+end