Class: CcipherBox::SecureBox

Inherits:
Object
  • Object
show all
Includes:
TR::CondUtils
Defined in:
lib/ccipher_box/secure_box.rb

Overview

SecureBox is a secure container protected by user password which has multiple SecureRings (crypto configurations)

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(rings = nil) ⇒ SecureBox

Returns a new instance of SecureBox.



15
16
17
18
19
20
21
22
23
 
# File 'lib/ccipher_box/secure_box.rb', line 15

def initialize(rings = nil)
  @rings = {  }
  @keyConfigs = []
  if not_empty?(rings)
    rings.each do |r|
      @rings[r.name] = r
    end
  end
end

Instance Attribute Details

#ringsObject

Returns the value of attribute rings.



13
14
15
 
# File 'lib/ccipher_box/secure_box.rb', line 13

def rings
  @rings
end

Class Method Details

.load_storage(bin, &block) ⇒ Object

Raises:



216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
 
# File 'lib/ccipher_box/secure_box.rb', line 216

def self.load_storage(bin, &block)
  
  raise CcipherBox::Error, "Block is required" if not block

  pass = block.call(:password)
  raise CcipherBox::Error, "Password is required" if is_empty?(pass)

  st = BinStruct.instance.struct_from_bin(bin)
  payload = pass
  st.keyConfigs[0..-2].each do |kc|
    kb = Keybox.from_encoded(kc)
    kb.baseMat = payload
    payload = kb.dkey
  end

  sk = CcipherFactory::SymKey.from_encoded(st.keyConfigs[-1]) do |ops|
    case ops
    when :password
      payload
    end
  end

  begin
    
    dec = CcipherFactory::SymKeyCipher.att_decryptor
    intOut = MemBuf.new
    dec.output(intOut)
    dec.key = sk
    dec.att_decrypt_init
    dec.att_decrypt_update(st.engines)
    dec.att_decrypt_final

    cboxes = BinStruct.instance.struct_from_bin(intOut.bytes)
    rings = []
    cboxes.secure_rings.each do |cb|
      rings << CcipherBox::SecureRing.from_encoded(cb)
    end

    SecureBox.new(rings)

  rescue CcipherFactory::SymKeyDecryptionError => ex
    raise SecureBoxDecryptionError, ex
  end

end

Instance Method Details

#add_ring(ring) ⇒ Object

SecureRing management

Allow external created ring



29
30
31
 
# File 'lib/ccipher_box/secure_box.rb', line 29

def add_ring(ring)
  @rings[ring.name] = ring
end

#decrypt(bin, &block) ⇒ Object

Single line decryption

Raises:



119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
 
# File 'lib/ccipher_box/secure_box.rb', line 119

def decrypt(bin, &block)

  raise CcipherBox::Error, "No SecureRing is laoded" if is_empty?(@rings)

  intBuf = false
  if block
    output = block.call(:output) 
  end

  if output.nil?
    intBuf = true
    output = MemBuf.new
  end

  res = nil
  lastEx = nil
  @rings.values.each do |v|
    begin
      dec = v.new_decryption_engine
      dec.init(output)
      dec.update(bin)
      dec.final

      res = output.bytes.clone
      output.dispose

      break
    rescue KeyNotRegistered => ex
      lastEx = ex
    end
  end

  if intBuf
    raise KeyNotRegistered, "Decryption failed. #{lastEx.nil? ? "" : "(#{lastEx.message})"}" if res.nil?
    res
  else
    nil
  end

end

#decryption_session(ringName) ⇒ Object

Decryption in chunk



77
78
79
80
 
# File 'lib/ccipher_box/secure_box.rb', line 77

def decryption_session(ringName)
  ring = find_ring(ringName, { auto_create_ring: false }) 
  ring.new_decryption_engine
end

#encrypt(data, *specs, &block) ⇒ Object

Single line encryption



85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
 
# File 'lib/ccipher_box/secure_box.rb', line 85

def encrypt(data, *specs, &block)

  opts = block.call(:options) if block
  opts = {  } if opts.nil?

  keys = []
  specs.each do |spec|
    ss = split_encryption_spec(spec)
    ringName = ss[0]
    keyName = ss[1]
    ring = find_ring(ringName, opts) 
    if not ring.is_key_registered?(keyName)
      ring.generate_key(keyName, opts)
      block.call(:new_key_generated) if block
    end
    keys << ring.get_key(keyName)
  end

  eng = EncryptionEngine.new(*keys)
  intBuf = MemBuf.new
  eng.init(intBuf)
  eng.update(data)
  eng.final

  res = intBuf.bytes.clone
  intBuf.dispose

  res
  
end

#encryption_session(*specs, &block) ⇒ Object

Implicit SecureRing management

Encryption in chunk



55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 
# File 'lib/ccipher_box/secure_box.rb', line 55

def encryption_session(*specs, &block)

  opts = block.call(:options) if block
  opts = {  } if opts.nil?

  keys = []
  specs.each do |spec|
    ss = split_encryption_spec(spec)
    ringName = ss[0]
    keyName = ss[1]
    ring = find_ring(ringName, opts) 
    ring.generate_key(keyName, opts) if not ring.is_key_registered?(keyName)
    keys << ring.get_key(keyName)
  end

  #puts "Encryption key : #{keys}"
  EncryptionEngine.new(*keys)
end

#init_ring(spec, opts = { }) ⇒ Object 



41
42
43
44
45
46
47
48
49
 
# File 'lib/ccipher_box/secure_box.rb', line 41

def init_ring(spec, opts = {  })
 
  ss = split_encryption_spec(spec)

  ring = find_ring(ss[0], opts)
  ring.generate_key(ss[1], opts) if not ring.is_key_registered?(ss[1])
  ring

end

#remove_ring(ring_name) ⇒ Object 



33
34
35
 
# File 'lib/ccipher_box/secure_box.rb', line 33

def remove_ring(ring_name)
  @rings.delete(ring_name)
end

#to_storage(&block) ⇒ Object

Raises:



163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
 
# File 'lib/ccipher_box/secure_box.rb', line 163

def to_storage(&block)
  
  raise CcipherBox::Error, "Block is required" if not block

  pass = block.call(:password)
  raise CcipherBox::Error, "Password is required" if is_empty?(pass)

  deriveLevel = block.call(:derive_level) || 2

  keyConfigs = []
  payload = pass
  (0..deriveLevel).each do |i|
    
    kb = Keybox.new
    kb.baseMat = payload
    kb.outBitLength = 256
    payload = kb.dkey 

    keyConfigs << kb.encoded
  end

  ringBin = []
  @rings.values.each do |e|
    ringBin << e.encoded
  end

  cboxes = BinStruct.instance.struct(:secure_rings)
  cboxes.secure_rings = ringBin

  sk = CcipherFactory::SymKeyGenerator.derive(:aes, payload.length*8)  do |ops|
    case ops
    when :password
      payload
    end
  end

  keyConfigs << sk.encoded

  enc = CcipherFactory::SymKeyCipher.att_encryptor
  intOut = MemBuf.new
  enc.output(intOut)
  enc.key = sk
  enc.att_encrypt_init
  enc.att_encrypt_update(cboxes.encoded)
  enc.att_encrypt_final

  st = BinStruct.instance.struct(:securebox) 
  st.keyConfigs = keyConfigs
  st.engines = intOut.bytes
  st.encoded

end