costan-tem_ruby 0.10.2

data/lib/tem/transport/jcop_remote_transport.rb

@@ -0,0 +1,65 @@
+require 'socket'
+
+# :nodoc: namespace
+module Tem::Transport
+  
+# Implements the transport layer for a JCOP simulator instance.
+class JcopRemoteTransport
+  include JavaCardMixin
+  include JcopRemoteProtocol
+  
+  # Creates a new unconnected transport for a JCOP simulator serving TCP/IP.
+  #
+  # The options parameter must have the following keys:
+  #   host:: the DNS name or IP of the host running the JCOP simulator
+  #   port:: the TCP/IP port of the JCOP simulator server
+  def initialize(options)
+    @host, @port = options[:host], options[:port]
+    @socket = nil
+  end
+  
+  # 
+  def exchange_apdu(apdu)
+    send_message @socket, :type => 1, :node => 0, :data => apdu
+    recv_message(@socket)[:data]
+  end  
+
+  # Makes a transport-level connection to the TEM.
+  def connect
+    begin
+      Socket.getaddrinfo(@host, @port, Socket::AF_INET,
+                         Socket::SOCK_STREAM).each do |addr_info|
+        begin
+          @socket = Socket.new(addr_info[4], addr_info[5], addr_info[6])
+          @socket.connect Socket.pack_sockaddr_in(addr_info[1], addr_info[3])
+          break
+        rescue
+          @socket = nil
+        end
+      end  
+      raise 'Connection refused' unless @socket
+      
+      # Wait for the card to be inserted.
+      send_message @socket, :type => 0, :node => 0, :data => [0, 1, 0, 0]
+      recv_message @socket  # ATR should come here, but who cares      
+    rescue Exception
+      @socket = nil
+      raise
+    end
+  end
+
+  # Breaks down the transport-level connection to the TEM.
+  def disconnect
+    if @socket
+      @socket.close
+      @socket = nil
+    end
+  end
+  
+  def to_s
+    "#<JCOP Remote Terminal: disconnected>" if @socket.nil?
+    "#<JCOP Remote Terminal: #{@host}:#{@port}>"
+  end  
+end  # class JcopRemoteTransport 
+
+end  # module Tem::Transport

data/lib/tem/transport/pcsc_transport.rb

@@ -0,0 +1,87 @@
+require 'rubygems'
+require 'smartcard'
+
+# :nodoc: namespace
+module Tem::Transport
+  
+class PcscTransport
+  include JavaCardMixin
+  PCSC = Smartcard::PCSC
+  
+  def initialize(options)
+    @options = options
+    @context = nil
+    @card = nil
+  end
+
+  def exchange_apdu(apdu)
+    xmit_apdu_string = apdu.pack('C*')
+    result_string = @card.transmit xmit_apdu_string, @xmit_ioreq, @recv_ioreq
+    return result_string.unpack('C*')
+  end
+  
+  def connect
+    @context = PCSC::Context.new(PCSC::SCOPE_SYSTEM) if @context.nil?
+    
+    if @options[:reader_name]
+      @reader_name = reader_name
+    else
+      # get the first reader      
+      readers = @context.list_readers nil
+      @reader_name = readers[@options[:reader_index] || 0]
+    end
+    
+    # get the reader's status
+    reader_states = PCSC::ReaderStates.new(1)
+    reader_states.set_reader_name_of!(0, @reader_name)
+    reader_states.set_current_state_of!(0, PCSC::STATE_UNKNOWN)
+    @context.get_status_change reader_states, 100
+    reader_states.acknowledge_events!
+    
+    # prompt for card insertion unless that already happened
+    if (reader_states.current_state_of(0) & PCSC::STATE_PRESENT) == 0
+      puts "Please insert TEM card in reader #{@reader_name}\n"
+      while (reader_states.current_state_of(0) & PCSC::STATE_PRESENT) == 0 do
+        @context.get_status_change reader_states, PCSC::INFINITE_TIMEOUT
+        reader_states.acknowledge_events!
+      end
+      puts "Card detected\n"
+    end
+    
+    # connect to card
+    @card = PCSC::Card.new @context, @reader_name, PCSC::SHARE_EXCLUSIVE,
+                           PCSC::PROTOCOL_ANY
+    
+    # build the transmit / receive IoRequests
+    status = @card.status
+    @xmit_ioreq = @@xmit_iorequest[status[:protocol]]
+    if RUBY_PLATFORM =~ /win/ and (not RUBY_PLATFORM =~ /darwin/)
+      @recv_ioreq = nil
+    else
+      @recv_ioreq = PCSC::IoRequest.new
+    end
+  end
+  
+  def disconnect
+    unless @card.nil?
+      @card.disconnect PCSC::DISPOSITION_LEAVE
+      @card = nil
+    end
+    unless @context.nil?
+      @context.release
+      @context = nil
+    end
+  end  
+
+  def to_s
+    "#<PC/SC Terminal: disconnected>" if @card.nil?
+    "#<PC/SC Terminal: #{@reader_name}>"
+  end
+  
+  @@xmit_iorequest = {
+    Smartcard::PCSC::PROTOCOL_T0 => Smartcard::PCSC::IOREQUEST_T0,
+    Smartcard::PCSC::PROTOCOL_T1 => Smartcard::PCSC::IOREQUEST_T1,
+  }
+end  # class PcscTransport
+
+end  # module Tem::Transport

data/lib/tem/transport/transport.rb

@@ -0,0 +1,10 @@
+# The transport module contains classes responsible for transferring low-level
+# commands issed by the high-level TEM methods to actual TEMs, which can be
+# connected to the system in various ways.  
+module Tem::Transport
+
+  # Shortcut for Tem::Transport::AutoConfigurator#auto_transport
+  def self.auto_transport
+    Tem::Transport::AutoConfigurator.auto_transport
+  end
+end

data/lib/tem_ruby.rb

@@ -0,0 +1,47 @@
+# gems
+require 'rubygems'
+require 'smartcard'
+
+# :nodoc:
+module Tem
+end
+
+# :nodoc:
+module Tem::Transport
+end
+
+require 'tem/transport/transport.rb'
+require 'tem/transport/java_card_mixin.rb'
+require 'tem/transport/pcsc_transport.rb'
+require 'tem/transport/jcop_remote_protocol.rb'
+require 'tem/transport/jcop_remote_transport.rb'
+require 'tem/transport/jcop_remote_server.rb'
+require 'tem/transport/auto_configurator.rb'
+
+require 'tem/keys/key.rb'
+require 'tem/keys/asymmetric.rb'
+require 'tem/keys/symmetric.rb'
+
+require 'tem/builders/abi.rb'
+require 'tem/builders/assembler.rb'
+require 'tem/builders/crypto.rb'
+require 'tem/builders/isa.rb'
+
+require 'tem/definitions/abi.rb'
+require 'tem/definitions/isa.rb'
+require 'tem/definitions/assembler.rb'
+
+require 'tem/auto_conf.rb'
+require 'tem/apdus/buffers.rb'
+require 'tem/apdus/keys.rb'
+require 'tem/apdus/lifecycle.rb'
+require 'tem/apdus/tag.rb'
+
+require 'tem/ca.rb'
+require 'tem/ecert.rb'
+require 'tem/hive.rb'
+require 'tem/sec_exec_error.rb'
+require 'tem/seclosures.rb'
+require 'tem/secpack.rb'
+require 'tem/toolkit.rb'
+require 'tem/tem.rb'

data/tem_ruby.gemspec

@@ -0,0 +1,35 @@
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{tem_ruby}
+  s.version = "0.10.2"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Victor Costan"]
+  s.date = %q{2009-05-31}
+  s.description = %q{TEM (Trusted Execution Module) driver, written in and for ruby.}
+  s.email = %q{victor@costan.us}
+  s.executables = ["tem_bench", "tem_ca", "tem_irb", "tem_proxy", "tem_stat"]
+  s.extra_rdoc_files = ["bin/tem_bench", "bin/tem_ca", "bin/tem_irb", "bin/tem_proxy", "bin/tem_stat", "CHANGELOG", "lib/tem/_cert.rb", "lib/tem/apdus/buffers.rb", "lib/tem/apdus/keys.rb", "lib/tem/apdus/lifecycle.rb", "lib/tem/apdus/tag.rb", "lib/tem/auto_conf.rb", "lib/tem/builders/abi.rb", "lib/tem/builders/assembler.rb", "lib/tem/builders/crypto.rb", "lib/tem/builders/isa.rb", "lib/tem/ca.rb", "lib/tem/definitions/abi.rb", "lib/tem/definitions/assembler.rb", "lib/tem/definitions/isa.rb", "lib/tem/ecert.rb", "lib/tem/hive.rb", "lib/tem/keys/asymmetric.rb", "lib/tem/keys/key.rb", "lib/tem/keys/symmetric.rb", "lib/tem/sec_exec_error.rb", "lib/tem/seclosures.rb", "lib/tem/secpack.rb", "lib/tem/tem.rb", "lib/tem/toolkit.rb", "lib/tem/transport/auto_configurator.rb", "lib/tem/transport/java_card_mixin.rb", "lib/tem/transport/jcop_remote_protocol.rb", "lib/tem/transport/jcop_remote_server.rb", "lib/tem/transport/jcop_remote_transport.rb", "lib/tem/transport/pcsc_transport.rb", "lib/tem/transport/transport.rb", "lib/tem_ruby.rb", "LICENSE", "README"]
+  s.files = ["bin/tem_bench", "bin/tem_ca", "bin/tem_irb", "bin/tem_proxy", "bin/tem_stat", "CHANGELOG", "dev_ca/ca_cert.cer", "dev_ca/ca_cert.pem", "dev_ca/ca_key.pem", "dev_ca/config.yml", "lib/tem/_cert.rb", "lib/tem/apdus/buffers.rb", "lib/tem/apdus/keys.rb", "lib/tem/apdus/lifecycle.rb", "lib/tem/apdus/tag.rb", "lib/tem/auto_conf.rb", "lib/tem/builders/abi.rb", "lib/tem/builders/assembler.rb", "lib/tem/builders/crypto.rb", "lib/tem/builders/isa.rb", "lib/tem/ca.rb", "lib/tem/definitions/abi.rb", "lib/tem/definitions/assembler.rb", "lib/tem/definitions/isa.rb", "lib/tem/ecert.rb", "lib/tem/hive.rb", "lib/tem/keys/asymmetric.rb", "lib/tem/keys/key.rb", "lib/tem/keys/symmetric.rb", "lib/tem/sec_exec_error.rb", "lib/tem/seclosures.rb", "lib/tem/secpack.rb", "lib/tem/tem.rb", "lib/tem/toolkit.rb", "lib/tem/transport/auto_configurator.rb", "lib/tem/transport/java_card_mixin.rb", "lib/tem/transport/jcop_remote_protocol.rb", "lib/tem/transport/jcop_remote_server.rb", "lib/tem/transport/jcop_remote_transport.rb", "lib/tem/transport/pcsc_transport.rb", "lib/tem/transport/transport.rb", "lib/tem_ruby.rb", "LICENSE", "Manifest", "Rakefile", "README", "tem_ruby.gemspec", "test/_test_cert.rb", "test/builders/test_abi_builder.rb", "test/tem_test_case.rb", "test/tem_unit/test_tem_alu.rb", "test/tem_unit/test_tem_bound_secpack.rb", "test/tem_unit/test_tem_branching.rb", "test/tem_unit/test_tem_crypto_asymmetric.rb", "test/tem_unit/test_tem_crypto_hash.rb", "test/tem_unit/test_tem_crypto_pstore.rb", "test/tem_unit/test_tem_crypto_random.rb", "test/tem_unit/test_tem_emit.rb", "test/tem_unit/test_tem_memory.rb", "test/tem_unit/test_tem_memory_compare.rb", "test/tem_unit/test_tem_output.rb", "test/tem_unit/test_tem_yaml_secpack.rb", "test/test_driver.rb", "test/test_exceptions.rb", "test/transport/test_auto_configurator.rb", "test/transport/test_java_card_mixin.rb", "test/transport/test_jcop_remote.rb", "timings/blank_bound_secpack.rb", "timings/blank_sec.rb", "timings/devchip_decrypt.rb", "timings/post_buffer.rb", "timings/simple_apdu.rb", "timings/timings.rb", "timings/vm_perf.rb", "timings/vm_perf_bound.rb"]
+  s.homepage = %q{http://tem.rubyforge.org}
+  s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Tem_ruby", "--main", "README"]
+  s.require_paths = ["lib"]
+  s.rubyforge_project = %q{tem}
+  s.rubygems_version = %q{1.3.3}
+  s.summary = %q{TEM (Trusted Execution Module) driver, written in and for ruby.}
+  s.test_files = ["test/builders/test_abi_builder.rb", "test/tem_unit/test_tem_alu.rb", "test/tem_unit/test_tem_bound_secpack.rb", "test/tem_unit/test_tem_branching.rb", "test/tem_unit/test_tem_crypto_asymmetric.rb", "test/tem_unit/test_tem_crypto_hash.rb", "test/tem_unit/test_tem_crypto_pstore.rb", "test/tem_unit/test_tem_crypto_random.rb", "test/tem_unit/test_tem_emit.rb", "test/tem_unit/test_tem_memory.rb", "test/tem_unit/test_tem_memory_compare.rb", "test/tem_unit/test_tem_output.rb", "test/tem_unit/test_tem_yaml_secpack.rb", "test/test_driver.rb", "test/test_exceptions.rb", "test/transport/test_auto_configurator.rb", "test/transport/test_java_card_mixin.rb", "test/transport/test_jcop_remote.rb"]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<smartcard>, [">= 0.3.0"])
+    else
+      s.add_dependency(%q<smartcard>, [">= 0.3.0"])
+    end
+  else
+    s.add_dependency(%q<smartcard>, [">= 0.3.0"])
+  end
+end

data/test/_test_cert.rb

@@ -0,0 +1,70 @@
+# Victor Costan:
+#    dropped because it wasn't hooked up to the rest of the code
+#    preserved to move all the features into the new ca.rb / ecert.rb
+
+require 'tem_ruby'
+require 'test/unit'
+require 'openssl'
+
+# Integration work by Victor Costan 
+
+
+#Author: Jorge de la Garza (MIT '08), mongoose08@alum.mit.edu
+#This unit test does the following:
+#1. Makes issuer's (manufacturer's) X.509 certificate, which is self-signed.
+#2. Makes subject's (TEM's) X.509 certificate, which is signed with the issuers private key.
+#3. Constructs the TEMTag from the subject's:
+#    -Serial number   (4 bytes)
+#    -Not before date (4 bytes)
+#    -Not after date  (4 bytes)
+#    -Modulus         (256 bytes)
+#    -Public key exp  (3 bytes)
+#    -Signature       (256 bytes)
+#4.  Sets the TEMTag on the TEM
+#5.  Reads back the TEMTag
+#6.  Constructs a new X.509 certificate from the TEMTag and asserts that this is equal to the original certificate
+
+class CertTest < Test::Unit::TestCase
+  def setup
+    @tem = Tem.auto_tem
+    
+    @tem.kill
+    @tem.activate
+  end
+  
+  def teardown
+    @tem.disconnect unless @tem.nil?
+  end
+  
+  def test_cert
+    #Create issuer's (manufacturer's) certificate
+    issuer_key = OpenSSL::PKey::RSA.new 2048, 0x10001
+    issuer_cert = Tem::Cert.create_issuer_cert(issuer_key)
+    
+    #Create subject's (TEM's) certificate
+    subject_key = OpenSSL::PKey::RSA.new 2048, 0x10001
+    subject_cert = Tem::Cert.create_subject_cert(subject_key, issuer_key, issuer_cert)
+    
+    #Create the tag that will go on the TEM from it's certificate
+    written_tag = Tem::Cert.create_tag_from_cert(subject_cert)
+    
+    #Set the tag on the TEM, assert that tag read = tag written
+    @tem.set_tag(written_tag)
+    read_tag = @tem.get_tag[2..-1] #chop off first two bytes, TEM puts firmware version on front of written tag
+    assert_equal written_tag, read_tag, 'error in posted tag data'
+    
+    #Now reconstruct original certificate from tag data
+    read_cert = Tem::Cert.create_cert_from_tag(read_tag, issuer_cert)
+    read_cert.sign issuer_key, OpenSSL::Digest::SHA1.new
+    
+    assert_equal Tem::Cert.extract_sig_from_cert(subject_cert), Tem::Cert.extract_sig_from_cert(read_cert), 'signatures do not match'
+    #If the signature of the original certificate matches the signature of the reconstructed certificate,
+    #we can be pretty much certain that the certificates are identical
+    
+    #TODO: PROBLEM:
+    #There is no way to set the signature to a known value.
+    #The only way to set the signature is to sign the certificate, and only the issuer (manufacturer) can do this.
+    #This means that the manufacturer has to be contacted every time the user wants to verify the TEM's certificate,
+    #and this may not be practical.
+  end  
+end

data/test/builders/test_abi_builder.rb

@@ -0,0 +1,298 @@
+require 'openssl'
+require 'test/unit'
+
+require 'tem_ruby'
+
+class AbiBuilderTest < Test::Unit::TestCase
+  class Wrapped
+    attr_accessor :p, :q, :n
+    attr_accessor :d  # Derived value.
+    attr_accessor :c  # Constructor value.
+    
+    def initialize(ctor_value = 'ctor default')
+      self.c = ctor_value
+    end
+  end
+  
+  class Multi
+    attr_accessor :p, :q, :n
+    attr_accessor :a, :b, :c
+    attr_accessor :str, :const
+  end
+  
+  module Abi
+    Tem::Builders::Abi.define_abi self do |abi|
+      abi.fixed_length_number :byte, 1, :signed => true
+      abi.fixed_length_number :ubyte, 1, :signed => false
+
+      abi.fixed_length_number :word, 2, :signed => true, :big_endian => false
+      abi.fixed_length_number :netword, 2, :signed => true, :big_endian => true
+                           
+      abi.fixed_length_number :dword, 4, :signed => true, :big_endian => true
+      abi.fixed_length_number :udword, 4, :signed => false, :big_endian => false
+      
+      abi.variable_length_number :vln, :word, :signed => false,
+                                 :big_endian => false
+      abi.variable_length_number :net_vln, :netword, :signed => false,
+                                 :big_endian => true
+      abi.packed_variable_length_numbers :packed, :word, [:p, :q, :n],
+                                         :signed => false,
+                                         :big_endian => false
+      abi.packed_variable_length_numbers :net_packed, :netword,
+                                         [:x, :y, :z, :a],
+                                         :signed => false,
+                                         :big_endian => true
+      abi.fixed_length_string :mac_id, 6
+      abi.object_wrapper :wrapped_raw, Wrapped, [:packed, nil]
+      abi.object_wrapper :wrapped, Wrapped, [:packed, nil],
+          :to => lambda { |o| w = Wrapped.new
+                              w.p, w.q, w.n = o.p, o.q, o.n * 100
+                              w },
+          :read => lambda { |o| w = Wrapped.new(o.c); w.d = o.p * o.q; w },
+          :new => lambda { |klass| klass.new('hook-new') }
+      abi.object_wrapper :multi, Multi,
+                         [:packed, nil,:packed, { :p => :a, :q => :b, :n => :c},
+                          :mac_id, :str, 'constant string', :const]
+    
+      abi.conditional_wrapper :conditional, 2,
+          [{:tag => [0x59, 0xAF], :class => String, :type => :mac_id},
+           {:tag => [0x59, 0xAC], :class => Integer, :type => :net_vln,
+            :predicate => lambda { |n| n % 2 == 1 } },
+           {:tag => [0x59, 0xAD], :type => :dword,
+            :predicate => lambda { |n| n % 3 == 1 } }]
+    end
+  end
+  
+  def setup
+    @garbage = [0xFD, 0xFC, 0xFD, 0xFC, 0xFD] * 5    
+  end
+  
+  def test_fixed_and_variable_length_number_encoding
+    [
+     [:byte, 0, [0]], [:byte, 127, [127]],
+     [:byte, -1, [255]], [:byte, -127, [129]], [:byte, -128, [128]],
+     [:byte, 128, nil], [:byte, -129, nil],
+      
+     [:word, 0, [0, 0]], [:word, 127, [127, 0]], [:word, 128, [128, 0]],
+     [:word, 256, [0, 1]], [:word, 32767, [255, 127]], 
+     [:word, -1, [255, 255]], [:word, -127, [129, 255]],
+     [:word, -128, [128, 255]], [:word, -256, [0, 255]],
+     [:word, -32767, [1, 128], [:word, -32768, [0, 128]]],
+     [:word, 32768, nil], [:byte, -32769, nil],
+      
+     [:netword, 0, [0, 0]], [:netword, 127, [0, 127]], 
+     [:netword, 128, [0, 128]],
+     [:netword, 256, [1, 0]], [:netword, 32767, [127, 255]], 
+     [:netword, -1, [255, 255]], [:netword, -127, [255, 129]],
+     [:netword, -128, [255, 128]], [:netword, -256, [255, 0]],
+     [:netword, -32767, [128, 1], [:netword, -32768, [128, 0]]],
+     [:netword, 32768, nil], [:netword, -32769, nil],
+      
+     [:dword, 0x12345678, [0x12, 0x34, 0x56, 0x78]],
+     [:udword, 0x12345678, [0x78, 0x56, 0x34, 0x12]],
+     [:udword, 0xFFFFFFFF, [255, 255, 255, 255]],
+     [:udword, 0xFFFFFFFE, [254, 255, 255, 255]],
+     
+     [:vln, 0, [0x01, 0x00, 0x00]], [:vln, 1, [0x01, 0x00, 0x01]],
+     [:vln, 256, [0x02, 0x00, 0x00, 0x01]],
+     [:vln, 65537, [0x03, 0x00, 0x01, 0x00, 0x01]],
+     [:vln, 0x12345678, [0x04, 0x00, 0x78, 0x56, 0x34, 0x12]],
+     [:vln, 0xFFFFFFFF, [0x04, 0x00, 255, 255, 255, 255]],
+     [:vln, 0xFFFFFFFE, [0x04, 0x00, 254, 255, 255, 255]],
+
+     [:net_vln, 0, [0x00, 0x01, 0x00]], [:net_vln, 1, [0x00, 0x01, 0x01]],
+     [:net_vln, 256, [0x00, 0x02, 0x01, 0x00]],
+     [:net_vln, 65537, [0x00, 0x03, 0x01, 0x00, 0x01]],
+     [:net_vln, 0x12345678, [0x00, 0x04, 0x12, 0x34, 0x56, 0x78]],
+     [:net_vln, 0xFFFFFFFF, [0x00, 0x04, 255, 255, 255, 255]],
+     [:net_vln, 0xFFFFFFFE, [0x00, 0x04, 255, 255, 255, 254]],
+    ].each do |test_line|
+      type, number, array = *test_line
+      if array
+        assert_equal array, Abi.send(:"to_#{type}", number),
+                     "#{type} failed on Ruby number -> array"
+        assert_equal array, Abi.send(:"to_#{type}",
+                                     OpenSSL::BN.new(number.to_s)),
+                     "#{type} failed on OpenSSL number -> array"
+        assert_equal number, Abi.send(:"read_#{type}", @garbage + array,
+                                      @garbage.length)
+        if Abi.respond_to? :"#{type}_length"
+          assert_equal array.length, Abi.send(:"#{type}_length"),
+                       "#{type} failed on length"
+        elsif Abi.respond_to? :"read_#{type}_length"
+          assert_equal array.length,
+                       Abi.send(:"read_#{type}_length", @garbage + array,
+                                @garbage.length),
+                       "#{type} failed on read_#{type}_length"
+        else
+          flunk "#{type} does not provide _length or read_#{type}_length"
+        end
+      else
+        assert_raise RuntimeError do
+          assert_equal array, Abi.send(:"to_#{type}", number)
+        end
+        assert_raise RuntimeError do
+          assert_equal array, Abi.send(:"to_#{type}",
+                                       OpenSSL::BN.new(number.to_s))
+        end
+      end
+    end
+    
+    assert_equal [255, 255, 255, 255], Abi.signed_to_udword(-1),
+                 'Failed on signed_to_udword'
+  end
+  
+  def test_packed_number_encoding
+    packed = { :p => 0x123, :q => 0xABCDEF, :n => 5 }
+    gold_packed = [0x02, 0x00, 0x03, 0x00, 0x01, 0x00, 0x23, 0x01, 0xEF, 0xCD,
+                   0xAB, 0x05]
+    assert_equal gold_packed, Abi.to_packed(packed), 'packed'
+    assert_equal packed, Abi.read_packed(@garbage + gold_packed,
+                                         @garbage.length), 'packed'
+    assert_equal gold_packed.length,
+                 Abi.read_packed_length(@garbage + gold_packed,
+                                        @garbage.length),
+                 'read_packed_length'
+    
+    net_packed = { :x => 0x271, :y => 0x314159, :z => 0, :a => 0x5AA5 }
+    gold_net_packed = [0x00, 0x02, 0x00, 0x03, 0x00, 0x01, 0x00, 0x02,
+                       0x02, 0x71, 0x31, 0x41, 0x59, 0x00, 0x5A, 0xA5 ]
+    assert_equal gold_net_packed, Abi.to_net_packed(net_packed), 'net-packed'
+    assert_equal net_packed, Abi.read_net_packed(@garbage + gold_net_packed,
+                                                 @garbage.length),
+                 'net_packed'
+    assert_equal gold_net_packed.length,
+                 Abi.read_net_packed_length(@garbage + gold_net_packed,
+                                            @garbage.length),
+                 'read_net_packed_length'
+    components = Abi.net_packed_components
+    assert_equal [:x, :y, :z, :a], components,
+                 'incorrect result from _components'
+    assert_raise TypeError, '_components result is mutable' do    
+      components[0] = :w
+    end
+  end
+  
+  def test_fixed_length_string_encoding
+    [
+      [:mac_id, "abcdef", nil, [?a, ?b, ?c, ?d, ?e, ?f]],
+      [:mac_id, "abc", "abc\0\0\0", [?a, ?b, ?c, 0, 0, 0]],
+      [:mac_id, "", "\0\0\0\0\0\0", [0, 0, 0, 0, 0, 0]],
+      [:mac_id, "abcdefg", nil, nil],
+      [:mac_id, [?a, ?b, ?c, ?d, ?e, ?f], "abcdef", [?a, ?b, ?c, ?d, ?e, ?f]],
+      [:mac_id, [?a, ?b, ?c], "abc\0\0\0", [?a, ?b, ?c, 0, 0, 0]],
+      [:mac_id, [], "\0\0\0\0\0\0", [0, 0, 0, 0, 0, 0]],
+      [:mac_id, [?a, ?b, ?c, ?d, ?e, ?f, ?g], nil, nil],
+    ].each do |line|
+      type, source, string, array = *line
+      string ||= source
+      if array
+        assert_equal array, Abi.send(:"to_#{type}", source),
+                     "#{type} failed on string -> array"
+        assert_equal string, Abi.send(:"read_#{type}", @garbage + array,
+                                      @garbage.length)
+      else
+        assert_raise RuntimeError do
+          assert_equal array, Abi.send(:"to_#{type}", source)
+        end
+      end      
+    end    
+  end
+  
+  def test_object_wrapper_directs
+    packed = { :p => 2301, :q => 4141, :n => 60 } 
+    gold_packed = Abi.to_packed packed
+    wrapped = Abi.read_wrapped_raw @garbage + gold_packed, @garbage.length
+    assert_equal Wrapped, wrapped.class,
+                 'Reading wrapped object instantiated wrong class'
+    assert_equal [packed[:p], packed[:q], packed[:n], nil, 'ctor default'],
+                 [wrapped.p, wrapped.q, wrapped.n, wrapped.d, wrapped.c],
+                 'Reading wrapped object gave wrong attributes'
+    assert_equal gold_packed.length,
+                 Abi.read_wrapped_raw_length(@garbage + gold_packed,
+                                             @garbage.length),
+                 'Reading wrapped object length'
+    assert_equal gold_packed, Abi.to_wrapped_raw(wrapped),
+                 'Wrapped object -> array'
+  end
+  
+  def test_object_wrapper_schema
+    packed = { :p => 2301, :q => 4141, :n => 60 } 
+    xpacked = { :p => 6996, :q => 1331, :n => 22 }
+    gold_multi = Abi.to_packed(packed) + Abi.to_packed(xpacked) +
+                  Abi.to_mac_id("abc")
+    multi = Abi.read_multi @garbage + gold_multi, @garbage.length
+    assert_equal Multi, multi.class,
+                'Reading wrapped object instantiated wrong class'
+    assert_equal [packed[:p], packed[:q], packed[:n],
+                  xpacked[:p], xpacked[:q], xpacked[:n], "abc\0\0\0",
+                  "constant string"],
+                 [multi.p, multi.q, multi.n, multi.a, multi.b, multi.c,
+                  multi.str, multi.const],
+                 'Reading wrapped object gave wrong attributes'
+    assert_equal gold_multi, Abi.to_multi(multi),
+                 'Wrapped object -> array'
+    assert_equal gold_multi.length,
+                 Abi.read_multi_length(@garbage + gold_multi, @garbage.length),
+                 'Reading wrapped object length'
+  end
+
+  def test_object_wrapper_hooks
+    packed = { :p => 2301, :q => 4141, :n => 60 } 
+    gold_packed = Abi.to_packed packed
+    wrapped = Abi.read_wrapped @garbage + gold_packed, @garbage.length
+    assert_equal Wrapped, wrapped.class,
+                 'Reading wrapped object instantiated wrong class'
+    assert_equal [nil, nil, nil, packed[:p] * packed[:q], 'hook-new'],
+                 [wrapped.p, wrapped.q, wrapped.n, wrapped.d, wrapped.c],
+                 'Reading wrapped object with hook gave wrong attributes'
+                 
+    wrapped = Abi.read_wrapped_raw gold_packed, 0
+    packed[:n] *= 100
+    gold_packed = Abi.to_packed packed
+    assert_equal gold_packed, Abi.to_wrapped(wrapped),
+                 'Wrapped object -> array (with hook)'
+
+    assert_equal gold_packed.length,
+                 Abi.read_packed_length(@garbage + gold_packed,
+                                        @garbage.length),
+                 'Reading wrapped object length'
+  end
+  
+  def test_conditional_wrapper
+    [
+     [:conditional, "abcdef", [0x59, 0xAF, ?a, ?b, ?c, ?d, ?e, ?f]],
+     [:conditional, 3, [0x59, 0xAC, 0x00, 0x01, 0x03]],
+     [:conditional, 4, [0x59, 0xAD, 0x00, 0x00, 0x00, 0x04]],     
+     [:conditional, OpenSSL::BN.new('7'), [0x59, 0xAD, 0x00, 0x00, 0x00, 0x07]],
+     [:conditional, 6, nil]
+    ].each do |test_line|
+      type, object, array = *test_line
+      if array
+        assert_equal array, Abi.send(:"to_#{type}", object),
+                     "Object #{object.inspect} -> array"
+        assert_equal object, Abi.send(:"read_#{type}", @garbage + array,
+                                      @garbage.length)
+        assert_equal array.length,
+                     Abi.send(:"read_#{type}_length", @garbage + array,
+                              @garbage.length),
+                     "#{type} failed on read_#{type}_length"
+      else
+        assert_raise RuntimeError do
+          assert_equal array, Abi.send(:"to_#{type}", object)
+        end
+      end
+    end
+  end
+  
+  def test_length
+    [[:byte, 1], [:ubyte, 1],
+     [:word, 2], [:netword, 2],
+     [:dword, 4], [:udword, 4],
+     [:mac_id, 6]
+    ].each do |test_line|
+      assert_equal test_line.last, Abi.send(:"#{test_line.first}_length"),
+                   "length failed for #{test_line.first}"
+    end
+  end
+end