Class: Ccrypto::Java::HKDFEngine

Inherits:
Object
  • Object
show all
Includes:
DataConversion, TR::CondUtils
Defined in:
lib/ccrypto/java/engines/hkdf_engine.rb

Defined Under Namespace

Classes: HKDFEngineError, HKDFSupportedDigest

Class Method Summary collapse

Instance Method Summary collapse

Methods included from DataConversion

#from_b64, #from_b64_mime, #from_hex, included, #to_b64, #to_b64_mime, #to_bin, #to_hex, #to_java_bytes, #to_str

Constructor Details

#initialize(*args, &block) ⇒ HKDFEngine

Returns a new instance of HKDFEngine.

Raises:

  • (KDFEngineException) 


54
55
56
57
58
59
60
 
# File 'lib/ccrypto/java/engines/hkdf_engine.rb', line 54

def initialize(*args, &block)
  @config = args.first

  raise KDFEngineException, "HKDF config is expected. Given #{@config}" if not @config.is_a?(Ccrypto::HKDFConfig)
  raise KDFEngineException, "Output bit length (outBitLength) value is not given or not a positive value (#{@config.outBitLength})" if is_empty?(@config.outBitLength) or @config.outBitLength <= 0

end

Class Method Details

.find_hkdf_config_by_digest(algo) ⇒ Object 



44
45
46
 
# File 'lib/ccrypto/java/engines/hkdf_engine.rb', line 44

def self.find_hkdf_config_by_digest(algo)
  supported_hkdf_configs.find({ calgo: algo })
end

.supported_hkdf_configsObject 



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/ccrypto/java/engines/hkdf_engine.rb', line 19

def self.supported_hkdf_configs
  if ENV[Java::ENV_PROBE_DIGEST_KEY] == "true"
    @_supportedHkdf = HKDFSupportedDigest.new
  else
    @_supportedHkdf = HKDFSupportedDigest.load_from_storage("supported_hkdf")
  end

  if @_supportedHkdf.empty?
    @_supportedHkdf = HKDFSupportedDigest.new
    Ccrypto::Java::DigestEngine.supported.each do |dig|
      bcDig = Ccrypto::Java::DigestEngine.to_bc_digest_inst(dig)
      if not bcDig.nil?
        logger.debug "Digest #{dig.inspect} has BC instance #{bcDig}"
        conf = Ccrypto::HKDFConfig.new
        conf.digest = dig
        conf.provider_config = { bc_digest: bcDig }
        @_supportedHkdf.register(conf, { tag_under: :calgo, tag_value: dig.algo })
      end
    end
    @_supportedHkdf.save_to_storage("supported_hkdf")
  end

  @_supportedHkdf
end

Instance Method Details

#derive(input, output = :binary) ⇒ Object 



62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
 
# File 'lib/ccrypto/java/engines/hkdf_engine.rb', line 62

def derive(input, output = :binary)
  begin

    logger.debug "HKDF config : #{@config.inspect}"

    case @config.digest
    when Symbol, String
      hkdfConf = self.class.find_hkdf_config_by_digest(@config.digest)
      raise HKDFEngineError, "Unsupported digest '#{@config.digest}'" if is_empty?(hkdfConf)
      digest = hkdfConf.first.digest
    when Ccrypto::DigestConfig
      digest = @config.digest
    else
      raise HKDFEngineError, "Unsupported digest '#{@config.digest}'"
    end

    logger.debug "Digest for HKDF : #{digest.inspect}"

    begin
      dig = Ccrypto::Java::DigestEngine.instance(digest) 
    rescue Exception => ex
      raise KDFEngineException, "Failed to initialize digest engine. Error was : #{ex}"
    end

    #bcDigest = Ccrypto::Java::DigestEngine.to_bc_digest_inst(digest.provider_config[:algo_name])
    #raise KDFEngineException, "Digest '#{digest.algo}' not supported. Please report to library owner for further verification" if bcDigest.nil?

    bcDigest = eval(@config.provider_config[:bc_digest])

    # https://soatok.blog/2021/11/17/understanding-hkdf/
    # info field should be the randomness entrophy compare to salt
    # HKDf can have fix or null salt but better have additional info for each purposes
    @config.info = "" if @config.info.nil?

    logger.debug "Salt length : #{@config.salt.nil? ? "0" : @config.salt.length}"
    logger.debug "Info length : #{@config.info.nil? ? "0" : @config.info.length}"
    logger.debug "Digest : #{bcDigest}"

    logger.warn "Salt is empty!" if is_empty?(@config.salt)

    hkdf = org.bouncycastle.crypto.generators.HKDFBytesGenerator.new(bcDigest)
    hkdfParam = org.bouncycastle.crypto.params.HKDFParameters.new(to_java_bytes(input), to_java_bytes(@config.salt) ,to_java_bytes(@config.info))
    hkdf.init(hkdfParam)

    out = ::Java::byte[@config.outBitLength/8].new
    hkdf.generateBytes(out, 0, out.length)

    case output
    when :b64
      to_b64(out)
    when :hex
      to_hex(out)
    else
      out
    end

  rescue Exception => ex
    raise KDFEngineException, ex
  end
  
end