Class: Ccrypto::Java::RSAEngine

Inherits:

Object

• Object
• Ccrypto::Java::RSAEngine

Includes:

DataConversion, TR::CondUtils, TeLogger::TeLogHelper

Defined in:

lib/ccrypto/java/engines/rsa_engine.rb

Overview

RSAKeyBundle

Class Method Summary

• .encrypt(pubKey, val, &block) ⇒ Object
• .supported_params ⇒ Object
• .verify(pubKey, val, ssign, &block) ⇒ Object

Instance Method Summary

• #decrypt(enc, &block) ⇒ Object
• #generate_keypair(&block) ⇒ Object
• #initialize(*args, &block) ⇒ RSAEngine constructor

  A new instance of RSAEngine.

• #sign(val, &block) ⇒ Object

Methods included from DataConversion

#from_b64, #from_b64_mime, #from_hex, included, #logger, #to_b64, #to_b64_mime, #to_bin, #to_hex, #to_java_bytes, #to_str

Constructor Details

#initialize(*args, &block) ⇒ RSAEngine

Returns a new instance of RSAEngine.

Raises:

• (KeypairEngineException)

# File 'lib/ccrypto/java/engines/rsa_engine.rb', line 183

def initialize(*args, &block)
  @config = args.first
  raise KeypairEngineException, "1st parameter must be a #{Ccrypto::KeypairConfig.class} object" if not @config.is_a?(Ccrypto::KeypairConfig)

end

Class Method Details

.encrypt(pubKey, val, &block) ⇒ Object

Raises:

• (KeypairEngineException)

# File 'lib/ccrypto/java/engines/rsa_engine.rb', line 234

def self.encrypt(pubKey, val, &block)

  raise KeypairEngineException, "Public key is required" if is_empty?(pubKey)

  prov = nil
  if block
    prov = block.call(:jce_provider)
    padding = block.call(:padding)
    digAlgo = block.call(:oaep_digest)
    mode = block.call(:mode)
  end
  padding = :oaep if is_empty?(padding)
  digAlgo = :sha256 if is_empty?(digAlgo)
  mode = :none if is_empty?(mode)

  case padding
  when :pkcs1
    teLogger.owarn "RSA with PKCS1Padding mode is vulnerable. :oeap mode recommended"
    transform = "RSA/#{mode.to_s.upcase}/PKCS1Padding"

  when :oaep
    transform = "RSA/None/OAEPWith#{digAlgo.to_s.upcase}AndMGF1Padding"

    # standardize BC vs Oracle defaults
    # https://stackoverflow.com/a/50299291/3625825
    case digAlgo
    when :sha1
      oaepSpec = javax.crypto.spec.OAEPParameterSpec.new(digAlgo.to_s.upcase, "MGF1", java.security.spec.MGF1ParameterSpec::SHA1, javax.crypto.spec.PSource::PSpecified::DEFAULT)
    when :sha224
      oaepSpec = javax.crypto.spec.OAEPParameterSpec.new(digAlgo.to_s.upcase, "MGF1", java.security.spec.MGF1ParameterSpec::SHA224, javax.crypto.spec.PSource::PSpecified::DEFAULT)
    when :sha256
      oaepSpec = javax.crypto.spec.OAEPParameterSpec.new(digAlgo.to_s.upcase, "MGF1", java.security.spec.MGF1ParameterSpec::SHA256, javax.crypto.spec.PSource::PSpecified::DEFAULT)
    when :sha384
      oaepSpec = javax.crypto.spec.OAEPParameterSpec.new(digAlgo.to_s.upcase, "MGF1", java.security.spec.MGF1ParameterSpec::SHA384, javax.crypto.spec.PSource::PSpecified::DEFAULT)
    when :sha512
      oaepSpec = javax.crypto.spec.OAEPParameterSpec.new(digAlgo.to_s.upcase, "MGF1", java.security.spec.MGF1ParameterSpec::SHA512, javax.crypto.spec.PSource::PSpecified::DEFAULT)
    else
      raise KeypairEngineException, "Unknown #{digAlgo} digest for OAEP mode"
    end

  when :no_padding
    teLogger.owarn "RSA with NoPadding mode is vulnerable. :oeap mode recommended"
    transform = "RSA/#{mode.to_s.upcase}/NoPadding"

  else
    raise KeypairEngineException, "Padding requires either :pkcs1, :no_padding or :oaep. Default is :oaep"
  end

  begin

    if prov.nil?
      teLogger.debug "Encrypt transformation #{transform} with nil provider"
      cipher = javax.crypto.Cipher.getInstance(transform)
    else
      teLogger.debug "Encrypt transformation #{transform} with provider #{prov.is_a?(String) ? prov : prov.name}"
      cipher = javax.crypto.Cipher.getInstance(transform, prov)
    end


    if oaepSpec.nil?
      teLogger.debug "Init cipher with default parameter spec"
      cipher.init(javax.crypto.Cipher::ENCRYPT_MODE, pubKey.native_pubKey)
    else
      teLogger.debug "Init cipher with parameter spec #{oaepSpec}"
      cipher.init(javax.crypto.Cipher::ENCRYPT_MODE, pubKey.native_pubKey, oaepSpec)
    end

    if block
      # this is share with caller to ensure input data should not be longer then this size
      block.call(:max_data_size, cipher.getBlockSize)
    end

    out = java.io.ByteArrayOutputStream.new
    case val
    when java.io.InputStream
      buf = ::Java::byte[102400].new
      while((read = val.read(buf, 0, buf.length)) != nil)
        out.write(cipher.update(buf, 0, read))
      end
    else
      inDat = to_java_bytes(val)
      teLogger.debug "Encrypting #{inDat.length} bytes"
      ed = cipher.update(inDat)
      out.write(ed) if not_empty?(ed)
    end

    last = cipher.doFinal
    out.write(last) if not_empty?(last)
    #out.write(cipher.doFinal)

    out.toByteArray

  rescue Exception => ex
    raise KeypairEngineException, ex
  end

end

.supported_params ⇒ Object

# File 'lib/ccrypto/java/engines/rsa_engine.rb', line 179

def self.supported_params
  [1024,2048,4096,8192]
end

.verify(pubKey, val, ssign, &block) ⇒ Object

# File 'lib/ccrypto/java/engines/rsa_engine.rb', line 218

def self.verify(pubKey, val, ssign, &block)
  if block
    pss = block.call(:pss_mode)
    pss = false if is_empty?(pss) or not is_bool?(pss)

    if pss
      verify_pss(pubKey, val, ssign, &block)
    else
      verify_typical()
    end

  else
    verify_typical(pubKey, val, ssign, &block)
  end
end

Instance Method Details

#decrypt(enc, &block) ⇒ Object

Raises:

• (KeypairEngineException)

# File 'lib/ccrypto/java/engines/rsa_engine.rb', line 332

def decrypt(enc, &block)

  raise KeypairEngineException, "Private key is required" if not @config.has_private_key?
  raise KeypairEngineException, "RSA private key is required. Given #{@config.private_key}" if not @config.private_key.is_a?(RSAPrivateKey)

  prov = nil
  if block
    prov = block.call(:jce_provider)
    padding = block.call(:padding)
    digAlgo = block.call(:oaep_digest)
    mode = block.call(:mode)
  end
  padding = :oaep if is_empty?(padding)
  digAlgo = :sha256 if is_empty?(digAlgo)
  mode = :none if is_empty?(mode)

  case padding
  when :pkcs1
    transform = "RSA/#{mode.to_s.upcase}/PKCS1Padding"
  when :oaep
    transform = "RSA/None/OAEPWith#{digAlgo.to_s.upcase}AndMGF1Padding"
  when :no_padding
    transform = "RSA/#{mode.to_s.upcase}/NoPadding"
  else
    raise KeypairEngineException, "Padding requires either :pkcs1, :no_padding or :oaep. Default is :oaep"
  end

  begin

    if prov.nil?
      cipher = javax.crypto.Cipher.getInstance(transform)
    else
      cipher = javax.crypto.Cipher.getInstance(transform, prov)
    end

    cipher.init(javax.crypto.Cipher::DECRYPT_MODE, @config.private_key.native_privKey)

    out = java.io.ByteArrayOutputStream.new
    case enc
    when java.io.InputStream
      buf = ::Java::byte[102400].new
      while((read = enc.read(buf, 0, buf.length)) != nil)
        out.write(cipher.update(buf,0, read))
      end
    else
      inDat = to_java_bytes(enc)
      teLogger.debug "Decrypting #{inDat.length} bytes"
      pd = cipher.update(inDat)
      out.write(pd) if not_empty?(pd)
    end

    last = cipher.doFinal
    out.write(last) if not_empty?(last)

    out.toByteArray

  rescue Exception => ex
    raise KeypairEngineException, ex
  end

end

#generate_keypair(&block) ⇒ Object

# File 'lib/ccrypto/java/engines/rsa_engine.rb', line 189

def generate_keypair(&block)
  prov = Ccrypto::Java::JCEProvider::DEFProv
  if block
    prov = block.call(:jce_provider)
  end
  prov = Ccrypto::Java::JCEProvider::DEFProv if is_empty?(prov)

  kpg = java.security.KeyPairGenerator.getInstance("RSA", prov)
  kpg.java_send :initialize, [::Java::int], @config.keysize
  kp = kpg.generate_key_pair

  RSAKeyBundle.new(kp)
end

#sign(val, &block) ⇒ Object

# File 'lib/ccrypto/java/engines/rsa_engine.rb', line 203

def sign(val, &block)
  if block
    pss = block.call(:pss_mode)
    pss = false if is_empty?(pss) or not is_bool?(pss)

    if pss
      sign_pss(val, &block) 
    else
      sign_typical(val, &block)
    end
  else
    sign_typical(val,&block)
  end
end