krypt 0.0.1 → 0.0.2.rc1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 30b370a608db6282de81d662b2db509b063ddc88
+  data.tar.gz: 37443d86f9ef7fbaf1458d35f9d8df69de258d62
+SHA512:
+  metadata.gz: c84ae1f12244e091658b5e4edcf502cf31c75c3126f3f982d5569c52d79f8f333c2e8a69fe606e6dc99d6c7f5095377607ce7c6f021418183e852ecf20875f14
+  data.tar.gz: 82e764512b1871163de9d4888b0f3e40415666555465752ff698888ccc2eb208e60e15ae2964329e7d1ed2830ebf20611e5ed0620db3c4eacb3e99bd62633d47

data/lib/krypt.rb

@@ -37,13 +37,13 @@ end
 require_relative 'krypt_missing'
 require_relative 'krypt/provider'
 require_relative 'krypt/digest'
-require_relative 'krypt/hmac'
-require_relative 'krypt/pkcs5'
 
-require 'krypt-core'
+require 'krypt/core'
 
 # The following files depend on krypt-core being loaded
 require_relative 'krypt/asn1'
 require_relative 'krypt/x509'
 require_relative 'krypt/codec'
+require_relative 'krypt/pkcs5'
+require_relative 'krypt/hmac'
 

data/lib/krypt/hmac.rb

@@ -1,6 +1,5 @@
 module Krypt
   class HMAC
-    include Krypt::Helper::XOR
 
     def initialize(digest, key)
       @digest = digest

data/lib/krypt/ossl.rb

@@ -0,0 +1,40 @@
+=begin
+
+= Info
+
+krypt-ossl - A krypt shim to offer the same API as the Ruby OpenSSL extension 
+
+Copyright (C) 2013
+Martin Bosslet <martin.bosslet@gmail.com>
+All rights reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+=end
+
+if RUBY_VERSION.to_f >= 1.9
+  require 'krypt'
+
+  module OpenSSL
+    class Error < StandardError; end 
+  end unless defined? OpenSSL
+
+  require_relative 'ossl/pkcs5'
+end

data/lib/krypt/ossl/pkcs5.rb

@@ -0,0 +1,17 @@
+module OpenSSL
+
+  #
+  # Offers the same functionality as OpenSSL::PKCS5
+  #
+  module PKCS5
+    module_function
+
+    def pbkdf2_hmac_sha1(pass, salt, iter, keylen)
+      Krypt::PBKDF2.new(Krypt::Digest::SHA1.new).generate(pass, salt, iter, keylen)
+    end
+
+    def pbkdf2_hmac(pass, salt, iter, keylen, digest)
+      Krypt::PBKDF2.new(digest).generate(pass, salt, iter, keylen)
+    end
+  end unless defined? OpenSSL::PKCS5
+end 

data/lib/krypt/provider.rb

@@ -1,35 +1,2 @@
-module Krypt::Provider
-
-  PROVIDERS = {}
-  PROVIDER_LIST = []
-
-  class AlreadyExistsError < Krypt::Error; end
-
-  class ServiceNotAvailableError < Krypt::Error; end
-
-  module_function
-
-    def register(name, provider)
-      raise AlreadyExistsError.new("There already is a Provider named #{name}") if PROVIDERS.has_key?(name)
-      PROVIDERS[name] = provider
-      PROVIDER_LIST << name
-    end
-
-    def by_name(name)
-      PROVIDERS[name]
-    end
-
-    def remove(name)
-      PROVIDERS.delete(name)
-      PROVIDER_LIST.delete(name)
-    end
-
-    def new_service(klass, *args)
-      PROVIDER_LIST.reverse.each do |name| 
-        service = PROVIDERS[name].new_service(klass, *args)
-        return service if service
-      end
-      raise ServiceNotAvailableError.new("The requested service is not available")
-    end
-
-end
+require_relative 'provider/provider'
+require_relative 'provider/ffi'

data/lib/krypt/provider/ffi.rb

@@ -0,0 +1,6 @@
+require 'ffi'
+
+require_relative 'ffi/provider'
+require_relative 'ffi/ffi_helper'
+require_relative 'ffi/provider_api'
+require_relative 'ffi/digest'

data/lib/krypt/provider/ffi/digest.rb

@@ -0,0 +1,226 @@
+module Krypt::FFI
+  
+  ##
+  # A Krypt::Digest implementation using FFI.
+  #
+  class Digest
+    include Krypt::FFI::LibC
+
+    ##
+    # call-seq:
+    #    Krypt::FFI::Digest.new(provider, name_or_oid) -> Digest
+    #
+    # Creates a Digest using a C struct krypt_provider as +provider+
+    # argument. The +provider+ is typically obtained by a separate FFI
+    # call to a publicly visible function offered by the implementation
+    # of the krypt Provider C API. +name_or_oid+ can be either the name
+    # of the digest algorithm to be used (e.g. "SHA1") or the OID String
+    # uniquely identifying the digest algorithm.
+    #
+    def initialize(provider, type)
+      unless (@handle = interface_for_name(provider, type))
+        unless (@handle = interface_for_oid(provider, type))
+          raise Krypt::Provider::ServiceNotAvailableError.new("Unknown digest algorithm: #{type}")
+        end
+      end
+    end
+
+    ##
+    # call-seq:
+    #    digest.reset -> self
+    #
+    # Resets the Digest in the sense that any Digest#update that has been
+    # performed is abandoned and the Digest is set to its initial state again.
+    #
+    def reset
+      result = @handle.interface[:md_reset].call(@handle.container)
+      raise_on_error("Error while resetting digest", result)
+      self
+    end
+
+    ## 
+    # call-seq:
+    #    digest.update(string) -> aString
+    #
+    # Not every message digest can be computed in one single pass. If a message
+    # digest is to be computed from several subsequent sources, then each may
+    # be passed individually to the Digest instance.
+    #
+    # === Example
+    #   
+    #  digest = Krypt::Digest::SHA256.new
+    #  digest.update('First input')
+    #  digest << 'Second input' # equivalent to digest.update('Second input')
+    #  result = digest.digest
+    #
+    def update(data)
+      result = @handle.interface[:md_update].call(@handle.container, data, data.length)
+      raise_on_error("Error while updating digest", result)
+      self
+    end
+    alias << update
+
+    ##
+    # call-seq:
+    #    digest.digest([string]) -> String
+    #
+    # When called with no arguments, the result will be the hash of the data that
+    # has been fed to this Digest instance so far. If called with a String
+    # argument, the hash of that argument will be computed.
+    #
+    # === Example
+    #
+    #  digest = Krypt::Digest::SHA256.new
+    #  result = digest.digest('First input')
+    #
+    # is equivalent to
+    #   
+    #  digest = Krypt::Digest::SHA256.new
+    #  digest << 'First input' # equivalent to digest.update('Second input')
+    #  result = digest.digest
+    #
+    def digest(data=nil)
+      if data
+        ret = digest_once(data)
+      else
+        ret = digest_finalize
+      end
+      reset
+      ret
+    end
+
+    ## 
+    # call-seq:
+    #    digest.hexdigest([string]) -> String
+    #
+    # Works the with the same semantics as Digest#digest with the difference that
+    # instead of the raw bytes the hex-encoded form of the raw representation is
+    # returned.
+    #
+    def hexdigest(data=nil)
+      Krypt::Hex.encode(digest(data))
+    end
+
+    ##
+    # call-seq:
+    #    digest.digest_length -> integer
+    #
+    # Returns the output size of the digest, i.e. the length in bytes of the
+    # final message digest result.
+    #
+    # === Example
+    #  digest = Krypt::Digest::SHA1.new
+    #  puts digest.digest_length # => 20
+    #
+    def digest_length
+      read_length(@handle.interface[:md_digest_length])
+    end
+
+    ##
+    # call-seq:
+    #    digest.block_length -> integer
+    #
+    # Returns the block length of the digest algorithm, i.e. the length in bytes
+    # of an individual block. Most modern algorithms partition a message to be
+    # digested into a sequence of fix-sized blocks that are processed
+    # consecutively.
+    #
+    # === Example
+    #  digest = Krypt::Digest::SHA1.new
+    #  puts digest.block_length # => 64
+    #
+    def block_length
+      read_length(@handle.interface[:md_block_length])
+    end
+
+    ##
+    # call-seq:
+    #    digest.name -> string
+    #
+    # Returns the sn of this Digest instance.
+    #
+    # === Example
+    #
+    #  digest = Krypt::Digest::SHA512.new
+    #  puts digest.name # => SHA512
+    #
+    def name
+      name_ptr = FFI::MemoryPointer.new(:pointer)
+      result = @handle.interface[:md_name].call(@handle.container, name_ptr)
+      raise_on_error("Error while obtaining digest name", result)
+
+      name_ptr.read_pointer.get_string(0)
+    end
+
+    private
+
+      def raise_on_error(msg, result)
+        raise Krypt::Digest::DigestError.new(msg) unless result == Krypt::FFI::ProviderAPI::KRYPT_OK
+      end
+
+      def digest_once(data)
+        digest_ptr = ::FFI::MemoryPointer.new(:pointer)
+        size_ptr = ::FFI::MemoryPointer.new(:pointer)
+        result = @handle.interface[:md_digest].call(@handle.container, data, data.length, digest_ptr, size_ptr)
+        raise_on_error("Error while computing digest", result)
+
+        digest_ptr = digest_ptr.read_pointer
+        size = size_ptr.read_int
+        ret = digest_ptr.get_bytes(0, size)
+        free(digest_ptr)
+        ret
+      end
+
+      def digest_finalize
+        digest_ptr = ::FFI::MemoryPointer.new(:pointer)
+        size_ptr = ::FFI::MemoryPointer.new(:pointer)
+        result = @handle.interface[:md_final].call(@handle.container, digest_ptr, size_ptr)
+        raise_on_error("Error while computing digest", result)
+
+        digest_ptr = digest_ptr.read_pointer
+        size = size_ptr.read_int
+        ret = digest_ptr.get_bytes(0, size)
+        free(digest_ptr)
+        ret
+      end
+
+      def read_length(fp)
+        size_ptr = ::FFI::MemoryPointer.new(:pointer)
+        result = fp.call(@handle.container, size_ptr)
+        raise_on_error("Error while obtaining block length", result)
+
+        size_ptr.read_int
+      end
+
+      def interface_for_name(provider, name)
+        digest_ctor = provider[:md_new_name]
+        get_native_handle(provider, digest_ctor, name)
+      end
+
+      def interface_for_oid(provider, oid)
+        digest_ctor = provider[:md_new_oid]
+        get_native_handle(provider, digest_ctor, oid)
+      end
+
+      def get_native_handle(provider, digest_ctor, type)
+        container_ptr = digest_ctor.call(provider, type)
+        return nil if nil == container_ptr || container_ptr.null?
+
+        container = Krypt::FFI::ProviderAPI::KryptMd.new(container_ptr)
+        interface_ptr = container[:methods]
+        interface = Krypt::FFI::ProviderAPI::DigestInterface.new(interface_ptr)
+        NativeHandle.new(container, interface)
+      end
+
+    class NativeHandle #:nodoc:
+      attr_reader :container
+      attr_reader :interface
+
+      def initialize(container, interface)
+        @container = container
+        @interface = interface
+      end
+    end
+
+  end
+end

data/lib/krypt/provider/ffi/ffi_helper.rb

@@ -0,0 +1,13 @@
+module Krypt::FFI
+
+  module LibC
+    extend ::FFI::Library
+
+    ffi_lib ::FFI::Library::LIBC
+
+    attach_function :malloc, [:size_t], :pointer
+    attach_function :free, [:pointer], :void
+    attach_function :memcpy, [:pointer, :pointer, :size_t], :void
+  end
+
+end

data/lib/krypt/provider/ffi/provider.rb

@@ -0,0 +1,72 @@
+module Krypt::FFI
+
+  ##
+  # A Krypt::Provider implementation for C-based implementations of the
+  # krypt Provider C API (krypt-provider.h). Provides the necessary "glue"
+  # to link the native implementation to the corresponding Ruby interfaces.
+  #
+  class Provider
+
+    ##
+    # call-seq: 
+    #    Krypt::FFI::Provider.new(native_provider) -> Provider
+    #
+    # The +native_provider+ is typically obtained by a separate FFI
+    # call to a publicly visible function offered by the implementation
+    # of the krypt Provider C API. 
+    #
+    def initialize(native_provider)
+      @provider = Krypt::FFI::ProviderAPI::ProviderInterface.new(native_provider)
+      @provider[:init].call(@provider, nil)
+    end
+
+    ##
+    # call-seq:
+    #     provider.name -> String
+    #
+    # Every Provider has a default name identifying it.
+    #
+    def name
+      @provider[:name]
+    end
+
+    ##
+    # call-seq:
+    #     provider.new_service(klass, [arg1, arg2, ...]) -> service
+    #
+    # Provides access to the individual services offered by this provider.
+    # +klass+ is the Ruby class of the desired service (e.g. Krypt::Digest),
+    # followed by optional additional arguments needed to create an instance
+    # of the service.
+    #
+    # === Example
+    #
+    # digest = provider.new_service(Krypt::Digest, "SHA1")
+    #
+    def new_service(klass, *args)
+      return new_digest(*args) if klass == Krypt::Digest
+      nil
+    end
+
+    ##
+    # call-seq:
+    #    provider.finalize -> nil
+    #
+    # Depending on its implementation, it may be possible that a native krypt
+    # provider needs to do some cleanup before it is subject to GC. This method
+    # delegates to the native krypt_provider implementation of finalize. It is
+    # called whenever a Provider::delete is called to remove a specific
+    # provider. 
+    #
+    def finalize
+      @provider[:finalize].call(@provider)
+    end
+
+    private
+      
+      def new_digest(name_or_oid)
+        Krypt::FFI::Digest.new(@provider, name_or_oid)
+      end
+
+  end
+end

data/lib/krypt/provider/ffi/provider_api.rb

@@ -0,0 +1,54 @@
+module Krypt::FFI
+
+  module ProviderAPI 
+    extend ::FFI::Library
+
+    ffi_lib ::FFI::CURRENT_PROCESS
+
+    KRYPT_OK = 1
+    KRYPT_ERR = -1
+
+    callback :fp_init, [:pointer, :pointer], :void
+    callback :fp_finalize, [:pointer], :void
+    callback :fp_md_new_name, [:pointer, :string], :pointer
+    callback :fp_md_new_oid, [:pointer, :string], :pointer
+    
+    class ProviderInterface < ::FFI::Struct
+      layout :name,           :string,
+             :init,           :fp_init,
+             :finalize,       :fp_finalize,
+             :md_new_oid,     :fp_md_new_oid,
+             :md_new_name,    :fp_md_new_name
+    end
+
+    class KryptMd < ::FFI::Struct
+      layout :provider,         :pointer,
+             :methods,          :pointer
+    end
+
+    callback :fp_md_reset, [:pointer], :int
+    #callback :fp_md_update, [:pointer, :buffer_in, :size_t], :int
+    callback :fp_md_update, [:pointer, :pointer, :size_t], :int
+    callback :fp_md_final, [:pointer, :pointer, :pointer], :int
+    callback :fp_md_digest, [:pointer, :pointer, :size_t, :pointer, :pointer], :int
+    callback :fp_md_digest_length, [:pointer, :pointer], :int
+    callback :fp_md_block_length, [:pointer, :pointer], :int
+    callback :fp_md_name, [:pointer, :pointer], :int
+    callback :fp_md_mark, [:pointer], :void
+    callback :fp_md_free, [:pointer], :void
+
+    class DigestInterface < ::FFI::Struct
+      layout :md_reset,         :fp_md_reset,
+             :md_update,        :fp_md_update,
+             :md_final,         :fp_md_final,
+             :md_digest,        :fp_md_digest,
+             :md_digest_length, :fp_md_digest_length,
+             :md_block_length,  :fp_md_block_length,
+             :md_name,          :fp_md_name,
+             :md_mark,          :fp_md_mark,
+             :md_free,          :fp_md_free
+    end
+  end
+
+end
+

data/lib/krypt/provider/provider.rb

@@ -0,0 +1,37 @@
+module Krypt::Provider
+
+  PROVIDERS = {}
+  PROVIDER_LIST = []
+
+  class AlreadyExistsError < Krypt::Error; end
+
+  class ServiceNotAvailableError < Krypt::Error; end
+
+  module_function
+
+    def register(provider, name=nil)
+      name ||= provider.name
+      raise AlreadyExistsError.new("There already is a Provider named #{name}") if PROVIDERS.has_key?(name)
+      PROVIDERS[name] = provider
+      PROVIDER_LIST.unshift(name)
+    end
+
+    def by_name(name)
+      PROVIDERS[name]
+    end
+
+    def remove(name)
+      p = PROVIDERS.delete(name)
+      PROVIDER_LIST.delete(name)
+      p.finalize
+    end
+
+    def new_service(klass, *args)
+      PROVIDER_LIST.each do |name| 
+        service = PROVIDERS[name].new_service(klass, *args)
+        return service if service
+      end
+      raise ServiceNotAvailableError.new("The requested service is not available")
+    end
+
+end

data/lib/krypt/version.rb

@@ -0,0 +1,3 @@
+module Krypt
+  VERSION = "0.0.2.rc1"
+end

data/spec/krypt-core/asn1/asn1_parser_spec.rb

@@ -23,9 +23,9 @@ describe Krypt::ASN1::Parser do
   it "should be reusable for several IOs" do
     parser = Krypt::ASN1::Parser.new
     io = Resources.certificate_io
-    do_and_close(io) { |io| parser.next(io).should_not be_nil }
+    do_and_close(io) { |nio| parser.next(nio).should_not be_nil }
     io = Resources.certificate_io
-    do_and_close(io) { |io| parser.next(io).should_not be_nil }
+    do_and_close(io) { |nio| parser.next(nio).should_not be_nil }
   end
   
 end
@@ -36,7 +36,7 @@ describe Krypt::ASN1::Parser, "#next" do
 
   it "returns a Header when called on an IO representing an ASN.1" do
     io = Resources.certificate_io
-    do_and_close(io) { |io| parse_next io }
+    do_and_close(io) { |nio| parse_next nio }
     parse_next(StringIO.new(Resources.certificate))
   end
 

data/spec/krypt/codec/base64_decoder_spec.rb

@@ -41,7 +41,7 @@ describe Krypt::Base64::Decoder do
       specify "failed execution of the block" do
         io = StringIO.new
         begin
-          klass.new(io) do |b64|
+          klass.new(io) do
             raise RuntimeError.new 
           end
         rescue RuntimeError

data/spec/krypt/codec/base64_encoder_spec.rb

@@ -41,7 +41,7 @@ describe Krypt::Base64::Encoder do
       specify "failed execution of the block" do
         io = StringIO.new
         begin
-          klass.new(io) do |b64|
+          klass.new(io) do
             raise RuntimeError.new 
           end
         rescue RuntimeError

data/spec/krypt/codec/hex_decoder_spec.rb

@@ -41,7 +41,7 @@ describe Krypt::Hex::Decoder do
       specify "failed execution of the block" do
         io = StringIO.new
         begin
-          klass.new(io) do |hex|
+          klass.new(io) do
             raise RuntimeError.new 
           end
         rescue RuntimeError

data/spec/krypt/codec/hex_encoder_spec.rb

@@ -41,7 +41,7 @@ describe Krypt::Hex::Encoder do
       specify "failed execution of the block" do
         io = StringIO.new
         begin
-          klass.new(io) do |hex|
+          klass.new(io) do
             raise RuntimeError.new 
           end
         rescue RuntimeError

data/spec/krypt/provider/provider_spec.rb

@@ -11,9 +11,23 @@ describe "Krypt::Provider" do
   let(:prov) { Krypt::Provider }
 
   describe "#register=" do
+    it "takes an optional name parameter" do
+      -> { prov.register(:name, Object.new) }.should_not raise_error
+    end
+
+    it "takes the name from the provider directly if none is provided" do
+      p1 = Object.new
+      p2 = Object.new
+      def p2.name
+        "test"
+      end
+      -> { prov.register(p1) }.should raise_error NoMethodError
+      -> { prov.register(p2) }.should_not raise_error
+    end
+
     it "does not allow to register a provider twice under the same name" do
-      prov.register(:name, Object.new)
-      -> { prov.register(:name, Object.new) }.should raise_error prov::AlreadyExistsError
+      prov.register(Object.new, :name)
+      -> { prov.register(Object.new, :name) }.should raise_error prov::AlreadyExistsError
     end
   end
 
@@ -25,7 +39,7 @@ describe "Krypt::Provider" do
     context "returns the provider that has been assigned to a given name" do
       let(:instance) { Object.new }
       specify do
-        prov.register(:name, instance)
+        prov.register(instance, :name)
         prov.by_name(:name).should eq(instance)
       end
     end
@@ -52,28 +66,28 @@ describe "Krypt::Provider" do
 
     context "returns provider features based on the order they were registered" do
       it "raises ServiceNotAvailableError if a requested feature is not supported by any provider" do
-        prov.register(:a, provider_a)
-        prov.register(:b, provider_b)
+        prov.register(provider_a, :a)
+        prov.register(provider_b, :b)
         -> { prov.new_service(Object, "test") }.should raise_error prov::ServiceNotAvailableError
       end
 
       it "finds a service only available in a specific provider" do
-        prov.register(:a, provider_a)
-        prov.register(:b, provider_b)
+        prov.register(provider_a, :a)
+        prov.register(provider_b, :b)
         prov.new_service(String).should eq(:A)
         prov.new_service(Integer).should eq(:B)
       end
 
       context "returns the service of the provider registered last if the service is supported by more than one provider" do
         specify "first a, then b" do
-          prov.register(:a, provider_a)
-          prov.register(:b, provider_b)
+          prov.register(provider_a, :a)
+          prov.register(provider_b, :b)
           prov.new_service(Krypt::Digest).should eq(:B)
         end
 
         specify "first b, then a" do
-          prov.register(:b, provider_b)
-          prov.register(:a, provider_a)
+          prov.register(provider_b, :b)
+          prov.register(provider_a, :a)
           prov.new_service(Krypt::Digest).should eq(:A)
         end
       end

data/test/test_krypt_asn1.rb

@@ -94,8 +94,8 @@ class Krypt::ASN1Test < Test::Unit::TestCase
       io = StringIO.new
       cons_header.encode_to(io)
       asn1 = Krypt::ASN1.decode(val)
-      asn1.each do |val|
-        val.encode_to(io)
+      asn1.each do |value|
+        value.encode_to(io)
       end
       assert_equal(val, io.string.force_encoding("ASCII-8BIT"))
     end

data/test/test_krypt_parser.rb

@@ -73,19 +73,6 @@ class Krypt::ParserTest < Test::Unit::TestCase
     assert_header_value_equal(raw, header)
   end
 
-  def test_parse_constructed
-    raw = [%w{30 06 04 01 01 04 01 02}.join("")].pack("H*")
-    parser = Krypt::ASN1::Parser.new
-    io = StringIO.new(raw)
-    header = parser.next(io)
-    assert_equal(Krypt::ASN1::SEQUENCE, header.tag)
-    assert_equal(:UNIVERSAL, header.tag_class)
-    assert_equal(true, header.constructed?)
-    assert_equal(false, header.infinite?)
-    assert_equal(6, header.length)
-    assert_equal(2, header.header_length)
-    assert_header_value_equal(raw, header)
-  end
 
   def test_parse_constructed
     raw = [%w{30 02 80 01 00}.join("")].pack("H*")
@@ -297,6 +284,7 @@ class Krypt::ParserTest < Test::Unit::TestCase
     when :AT_ONCE
       result << value_io.read
     when :STREAMING
+      buf = nil
       while buf = value_io.read(3, buf)
         result << buf
       end

metadata

@@ -1,32 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: krypt
 version: !ruby/object:Gem::Version
-  version: 0.0.1
-  prerelease: 
+  version: 0.0.2.rc1
 platform: ruby
 authors:
 - Hiroshi Nakamura, Martin Bosslet
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-02-27 00:00:00.000000000 Z
+date: 2014-02-23 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: ffi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: krypt-core
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.0.1
+        version: 0.0.2.rc1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.0.1
+        version: 0.0.2.rc1
 description: krypt provides a unified framework for Ruby cryptography by offering
   a platform- and library-independent provider mechanism.
 email: Martin.Bosslet@gmail.com
@@ -35,100 +46,108 @@ extensions: []
 extra_rdoc_files:
 - README.md
 files:
-- lib/krypt/x509/certificate.rb
-- lib/krypt/x509/common.rb
-- lib/krypt/x509/crl.rb
-- lib/krypt/codec/base_codec.rb
+- LICENSE
+- README.md
+- lib/krypt.rb
+- lib/krypt/asn1.rb
+- lib/krypt/asn1/common.rb
+- lib/krypt/asn1/template.rb
+- lib/krypt/codec.rb
 - lib/krypt/codec/base64.rb
+- lib/krypt/codec/base_codec.rb
 - lib/krypt/codec/hex.rb
+- lib/krypt/digest.rb
+- lib/krypt/hmac.rb
+- lib/krypt/ossl.rb
+- lib/krypt/ossl/pkcs5.rb
+- lib/krypt/pkcs5.rb
 - lib/krypt/pkcs5/pbkdf2.rb
 - lib/krypt/provider.rb
+- lib/krypt/provider/ffi.rb
+- lib/krypt/provider/ffi/digest.rb
+- lib/krypt/provider/ffi/ffi_helper.rb
+- lib/krypt/provider/ffi/provider.rb
+- lib/krypt/provider/ffi/provider_api.rb
+- lib/krypt/provider/provider.rb
+- lib/krypt/version.rb
 - lib/krypt/x509.rb
-- lib/krypt/asn1/template.rb
-- lib/krypt/asn1/common.rb
-- lib/krypt/hmac.rb
-- lib/krypt/pkcs5.rb
-- lib/krypt/digest.rb
-- lib/krypt/asn1.rb
-- lib/krypt/codec.rb
-- lib/krypt.rb
+- lib/krypt/x509/certificate.rb
+- lib/krypt/x509/common.rb
+- lib/krypt/x509/crl.rb
 - lib/krypt_missing.rb
-- spec/krypt/codec/hex_decoder_spec.rb
-- spec/krypt/codec/hex_mixed_spec.rb
-- spec/krypt/codec/hex_encoder_spec.rb
-- spec/krypt/codec/base64_encoder_spec.rb
-- spec/krypt/codec/base64_mixed_spec.rb
-- spec/krypt/codec/identity_shared.rb
-- spec/krypt/codec/base64_decoder_spec.rb
-- spec/krypt/pkcs5/pbkdf2_spec.rb
-- spec/krypt/hmac/hmac_spec.rb
-- spec/krypt/provider/provider_spec.rb
-- spec/krypt-core/digest/digest_spec.rb
 - spec/krypt-core/MEMO.txt
-- spec/krypt-core/hex/hex_spec.rb
-- spec/krypt-core/asn1/asn1_pem_spec.rb
+- spec/krypt-core/asn1/asn1_bit_string_spec.rb
+- spec/krypt-core/asn1/asn1_boolean_spec.rb
+- spec/krypt-core/asn1/asn1_constants_spec.rb
 - spec/krypt-core/asn1/asn1_data_spec.rb
+- spec/krypt-core/asn1/asn1_end_of_contents_spec.rb
+- spec/krypt-core/asn1/asn1_enumerated_spec.rb
 - spec/krypt-core/asn1/asn1_generalized_time_spec.rb
-- spec/krypt-core/asn1/asn1_parser_spec.rb
 - spec/krypt-core/asn1/asn1_integer_spec.rb
-- spec/krypt-core/asn1/asn1_set_spec.rb
-- spec/krypt-core/asn1/asn1_enumerated_spec.rb
-- spec/krypt-core/asn1/asn1_octet_string_spec.rb
-- spec/krypt-core/asn1/asn1_bit_string_spec.rb
-- spec/krypt-core/asn1/asn1_constants_spec.rb
-- spec/krypt-core/asn1/asn1_utc_time_spec.rb
 - spec/krypt-core/asn1/asn1_null_spec.rb
-- spec/krypt-core/asn1/asn1_sequence_spec.rb
-- spec/krypt-core/asn1/asn1_boolean_spec.rb
 - spec/krypt-core/asn1/asn1_object_id_spec.rb
+- spec/krypt-core/asn1/asn1_octet_string_spec.rb
+- spec/krypt-core/asn1/asn1_parser_spec.rb
+- spec/krypt-core/asn1/asn1_pem_spec.rb
+- spec/krypt-core/asn1/asn1_sequence_spec.rb
+- spec/krypt-core/asn1/asn1_set_spec.rb
+- spec/krypt-core/asn1/asn1_utc_time_spec.rb
 - spec/krypt-core/asn1/asn1_utf8_string_spec.rb
 - spec/krypt-core/asn1/resources.rb
-- spec/krypt-core/asn1/asn1_end_of_contents_spec.rb
 - spec/krypt-core/base64/base64_spec.rb
+- spec/krypt-core/digest/digest_spec.rb
+- spec/krypt-core/hex/hex_spec.rb
 - spec/krypt-core/pem/pem_decode_spec.rb
+- spec/krypt-core/resources.rb
 - spec/krypt-core/template/template_choice_parse_spec.rb
-- spec/krypt-core/template/template_seq_parse_spec.rb
-- spec/krypt-core/template/template_seq_of_parse_spec.rb
 - spec/krypt-core/template/template_dsl_spec.rb
-- spec/krypt-core/resources.rb
-- spec/resources.rb
-- spec/res/certificate.pem
+- spec/krypt-core/template/template_seq_of_parse_spec.rb
+- spec/krypt-core/template/template_seq_parse_spec.rb
+- spec/krypt/codec/base64_decoder_spec.rb
+- spec/krypt/codec/base64_encoder_spec.rb
+- spec/krypt/codec/base64_mixed_spec.rb
+- spec/krypt/codec/hex_decoder_spec.rb
+- spec/krypt/codec/hex_encoder_spec.rb
+- spec/krypt/codec/hex_mixed_spec.rb
+- spec/krypt/codec/identity_shared.rb
+- spec/krypt/hmac/hmac_spec.rb
+- spec/krypt/pkcs5/pbkdf2_spec.rb
+- spec/krypt/provider/provider_spec.rb
 - spec/res/ca-bundle.crt
-- spec/res/multiple_certs.pem
 - spec/res/certificate.cer
-- test/test_krypt_parser.rb
-- test/scratch.rb
+- spec/res/certificate.pem
+- spec/res/multiple_certs.pem
+- spec/resources.rb
 - test/helper.rb
-- test/test_krypt_asn1.rb
-- test/resources.rb
 - test/res/certificate.cer
-- LICENSE
-- README.md
+- test/resources.rb
+- test/scratch.rb
+- test/test_krypt_asn1.rb
+- test/test_krypt_parser.rb
 homepage: https://github.com/krypt/krypt
 licenses:
 - MIT
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.23
+rubygems_version: 2.2.0
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Platform- and library-independent cryptography for Ruby
 test_files:
-- test/test_krypt_parser.rb
 - test/test_krypt_asn1.rb
+- test/test_krypt_parser.rb