netpgp 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: baa8e73adf9e05b9b6fb5be2b2a9447ce72149f3
+  data.tar.gz: 66db535e3a79f188424cfd237381dbad0fe81e71
+SHA512:
+  metadata.gz: a17b99842d2b900e2babd24fa8c5f0e80059935b4b627f0c7971f03ad36bd791833f35b243d454fe851509845bc3e1cb6a9421735436233267db7718250bbb7b
+  data.tar.gz: dfb73d76203ac990bbb3605783b83eb7c47333d02e64712813965fe335092d53ecef24aee35dbf2839060fca5b09bdd6d7f71c0c2eaa20556636be7ab98d5dfd

data/lib/netpgp.rb

@@ -0,0 +1,3 @@
+require_relative 'netpgp/lowlevel'
+require_relative 'netpgp/highlevel'
+

data/lib/netpgp/highlevel.rb

@@ -0,0 +1,5 @@
+require_relative 'highlevel/constants'
+require_relative 'highlevel/publickey'
+require_relative 'highlevel/secretkey'
+require_relative 'highlevel/keyring'
+

data/lib/netpgp/highlevel/constants.rb

@@ -0,0 +1,96 @@
+require 'rubygems'
+
+module NetPGP
+
+class PublicKeyAlgorithm
+  NONE = 0
+  RSA = 1
+  RSA_ENCRYPT_ONLY = 2
+  RSA_SIGN_ONLY = 3
+  ELGAMAL = 16
+  DSA = 17
+  ECDH = 18
+  ECDSA = 19
+  FORMERLY_ELGAMAL = 20
+
+  def self.from_native(alg)
+    raise if alg.class != Symbol
+    LibNetPGP::PGP_PUBKEY_ALG_T[alg]
+  end
+
+  def self.to_native(alg)
+    # avoid a warning on newer versions of ruby
+    if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.4.0')
+      raise if alg.class != Integer
+    else
+      raise if alg.class != Fixnum
+    end
+    LibNetPGP::PGP_PUBKEY_ALG_T[alg]
+  end
+
+end
+
+class HashAlgorithm
+  MD5 = 1
+  SHA1 = 2
+  RIPEMD = 3
+  SHA256 = 8
+  SHA384 = 9
+  SHA512 = 10
+  SHA224 = 11
+
+  # see pgp_str_to_hash_alg
+  STRING_MAPPING = {
+    MD5 => 'md5',
+    SHA1 => 'sha1',
+    SHA256 => 'sha256',
+    SHA384 => 'sha384',
+    SHA512 => 'sha512'
+  }
+
+  def self.to_s(alg)
+    STRING_MAPPING[alg]
+  end
+
+end
+
+class SymmetricKeyAlgorithm
+  PLAINTEXT = 0
+  IDEA = 1
+  TRIPLEDES = 2
+  CAST5 = 3
+  BLOWFISH = 4
+  AES128 = 7
+  AES192 = 8
+  AES256 = 9
+  TWOFISH256 = 10
+
+  # see pgp_str_to_cipher
+  STRING_MAPPING = {
+    IDEA => 'idea',
+    TRIPLEDES => 'tripledes',
+    CAST5 => 'cast5',
+    AES128 => 'aes128',
+    AES256 => 'aes256'
+  }
+
+  def self.to_s(alg)
+    STRING_MAPPING[alg]
+  end
+
+end
+
+class StringToKeyUsage
+  NONE = 0
+  ENCRYPTED_AND_HASHED = 254
+  ENCRYPTED = 255
+end
+
+class StringToKeySpecifier
+  SIMPLE = 0
+  SALTED = 1
+  ITERATED_AND_SALTED = 3
+end
+
+end
+

data/lib/netpgp/highlevel/keyring.rb

@@ -0,0 +1,259 @@
+require 'English'
+require 'forwardable'
+
+module NetPGP
+
+class Keyring
+  extend Forwardable
+  delegate [:size, :each, :select, :[], :push, :clear] => :@keys
+
+  attr_reader :keys
+
+  def initialize
+    @keys = []
+  end
+
+  def self.load(data, armored=true, &passphrase_provider)
+    kr = Keyring.new
+    kr.add(data, armored, &passphrase_provider)
+    kr
+  end
+
+  def add(data, armored=true, &passphrase_provider)
+    keys = NetPGP::load_keys(data, armored, &passphrase_provider)
+    @keys.push(*keys)
+    keys.size
+  end
+
+  def verify(data, armored=true)
+    NetPGP::verify(@keys, data, armored)
+  end
+
+  def export(key, armored=true)
+    raise if key.parent
+    is_public = key.is_a?(PublicKey)
+    if is_public
+      seckey = secret_keys.find {|sk| sk.key_id == key.key_id}
+    else
+      seckey = key
+    end
+    return nil if not seckey
+    output_ptr = FFI::MemoryPointer.new(:pointer)
+    mem_ptr = FFI::MemoryPointer.new(:pointer)
+    output = nil
+    mem = nil
+    decrypted_seckey = nil
+    begin
+      LibNetPGP::pgp_setup_memory_write(output_ptr, mem_ptr, 4096)
+      output = LibNetPGP::PGPOutput.new(output_ptr.read_pointer)
+      mem = LibNetPGP::PGPMemory.new(mem_ptr.read_pointer)
+      native_ptr = LibC::calloc(1, LibNetPGP::PGPKey.size)
+      native = LibNetPGP::PGPKey.new(native_ptr)
+      native_auto = FFI::AutoPointer.new(native_ptr, LibNetPGP::PGPKey.method(:release))
+      key.to_native_key(native)
+      decrypted_seckey = seckey.decrypted_seckey
+      return nil if not decrypted_seckey
+      # this is necessary for signatures
+      seckey = SecretKey.from_native(decrypted_seckey)
+      seckey.to_native(native[:key][:seckey])
+      native[:type] = :PGP_PTAG_CT_SECRET_KEY
+      if is_public
+        LibNetPGP::dynarray_clear(native, 'uid', :string)
+        key.userids.each {|userid|
+          LibNetPGP::pgp_add_selfsigned_userid(native, userid)
+        }
+      end
+      # PGPKeyring is a ManagedStruct
+      subkeysring_ptr = LibC::calloc(1, LibNetPGP::PGPKeyring.size)
+      subkeysring = LibNetPGP::PGPKeyring.new(subkeysring_ptr)
+      NetPGP::keys_to_native_keyring(key.subkeys, subkeysring)
+      # add a binding signature to each subkey
+      (0..LibNetPGP::dynarray_count(subkeysring, 'key') - 1).each {|n|
+        subkey = LibNetPGP::dynarray_get_item(subkeysring, 'key', LibNetPGP::PGPKey, n)
+        LibNetPGP::dynarray_clear(subkey, 'packet', LibNetPGP::PGPSubPacket)
+        NetPGP::add_subkey_signature(native, subkey)
+      }
+      if is_public
+        ret = LibNetPGP::pgp_write_xfer_pubkey(output, native, subkeysring, armored ? 1 : 0)
+      else
+        decrypted_key_ptr = LibC::calloc(1, LibNetPGP::PGPKey.size)
+        decrypted_key = LibNetPGP::PGPKey.new(decrypted_key_ptr)
+        decrypted_key_auto = FFI::AutoPointer.new(decrypted_key_ptr, LibNetPGP::PGPKey.method(:release))
+        seckey.to_native_key(decrypted_key)
+        key.userids.each {|userid|
+          LibNetPGP::pgp_add_selfsigned_userid(decrypted_key, userid)
+        }
+        decrypted_key[:key][:seckey][:s2k_usage] = :PGP_S2KU_ENCRYPTED_AND_HASHED
+        decrypted_key[:key][:seckey][:alg] = :PGP_SA_CAST5
+        decrypted_key[:key][:seckey][:s2k_specifier] = :PGP_S2KS_SALTED
+        (0..LibNetPGP::dynarray_count(subkeysring, 'key') - 1).each {|n|
+          subkey = LibNetPGP::dynarray_get_item(subkeysring, 'key', LibNetPGP::PGPKey, n)
+          subkey[:key][:seckey][:s2k_usage] = :PGP_S2KU_ENCRYPTED_AND_HASHED
+          subkey[:key][:seckey][:alg] = :PGP_SA_CAST5
+          subkey[:key][:seckey][:s2k_specifier] = :PGP_S2KS_SALTED
+        }
+        ret = LibNetPGP::pgp_write_xfer_seckey(output, decrypted_key, key.passphrase, key.passphrase.size, subkeysring, armored ? 1 : 0)
+      end
+      return nil if ret != 1
+      data = mem[:buf].read_bytes(mem[:length])
+      data
+    ensure
+      LibNetPGP::pgp_teardown_memory_write(output, mem) if mem
+      LibNetPGP::pgp_seckey_free(decrypted_seckey) if decrypted_seckey
+    end
+  end
+
+  def public_keys
+    self.select {|key|
+      key.is_a?(PublicKey)
+    }
+  end
+
+  def secret_keys
+    self.select {|key|
+      key.is_a?(SecretKey)
+    }
+  end
+
+  def to_native(native)
+    keys_to_native_keyring(@keys, native)
+  end
+
+end
+
+PARSE_KEYRING = Proc.new do |state, passphrase_provider, pkt, data|
+  next :PGP_RELEASE_MEMORY if state[:errors].any?
+
+  begin
+    lastkey = state[:keys].last
+    case pkt[:tag]
+    when :PGP_PTAG_CT_PUBLIC_KEY
+      key = PublicKey::from_native(pkt[:u][:pubkey])
+      state[:keys].push(key)
+    when :PGP_PTAG_CT_PUBLIC_SUBKEY
+      key = PublicKey::from_native(pkt[:u][:pubkey])
+      lastkey.add_subkey(key)
+      state[:keys].push(key)
+    when :PGP_PTAG_CT_ENCRYPTED_SECRET_KEY
+      key = SecretKey::from_native(pkt[:u][:seckey], true)
+      state[:keys].push(key)
+    when :PGP_PTAG_CT_ENCRYPTED_SECRET_SUBKEY
+      key = SecretKey::from_native(pkt[:u][:seckey], true)
+      lastkey.add_subkey(key)
+      state[:keys].push(key)
+    when :PGP_PTAG_CT_SECRET_KEY
+      key = SecretKey::from_native(pkt[:u][:seckey])
+      if state[:passphrase]
+        key.passphrase = state[:passphrase]
+        state[:passphrase] = nil
+      end
+      state[:keys].push(key)
+    when :PGP_PTAG_CT_SECRET_SUBKEY
+      key = SecretKey::from_native(pkt[:u][:seckey])
+      lastkey.add_subkey(key)
+      state[:keys].push(key)
+    when :PGP_GET_PASSPHRASE
+      seckey_ptr = pkt[:u][:skey_passphrase][:seckey]
+      seckey = LibNetPGP::PGPSecKey.new(seckey_ptr)
+      key = SecretKey::from_native(seckey)
+      passphrase = passphrase_provider.call(key)
+      if passphrase and passphrase != ''
+        passphrase_mem = LibC::calloc(1, passphrase.bytesize + 1)
+        passphrase_mem.write_bytes(passphrase)
+        pkt[:u][:skey_passphrase][:passphrase].write_pointer(passphrase_mem)
+        state[:passphrase] = passphrase
+        next :PGP_KEEP_MEMORY
+      end
+    when :PGP_PARSER_PACKET_END
+      if lastkey.is_a? NetPGP::SecretKey
+        raw_packet = pkt[:u][:packet]
+        bytes = raw_packet[:raw].read_bytes(raw_packet[:length])
+        lastkey.raw_subpackets.push(bytes)
+      end
+    when :PGP_PTAG_CT_USER_ID
+      lastkey.userids.push(pkt[:u][:userid].force_encoding('utf-8'))
+    when :PGP_PTAG_SS_KEY_EXPIRY
+      lastkey.expiration_time = lastkey.creation_time + pkt[:u][:ss_time]
+    else
+      # For debugging
+      #puts "Unhandled tag: #{pkt[:tag]}"
+    end # case
+  rescue
+    state[:errors].push($ERROR_INFO)
+  end
+  next :PGP_RELEASE_MEMORY
+end
+
+DEFAULT_PASSPHRASE_PROVIDER = Proc.new do |seckey|
+  nil
+end
+
+def self.load_keys(data, armored=true, &passphrase_provider)
+  # Just for readability
+  print_errors = 0
+  stream_mem = LibC::calloc(1, LibNetPGP::PGPStream.size)
+  # This will free the above memory (PGPStream is a ManagedStruct)
+  stream = LibNetPGP::PGPStream.new(stream_mem)
+  stream[:readinfo][:accumulate] = 1
+  LibNetPGP::pgp_parse_options(stream, :PGP_PTAG_SS_ALL, :PGP_PARSE_PARSED)
+
+  # This memory will be GC'd
+  mem = FFI::MemoryPointer.new(:uint8, data.bytesize)
+  mem.write_bytes(data)
+
+  LibNetPGP::pgp_reader_set_memory(stream, mem, mem.size)
+  state = {keys: [], errors: []}
+  provider = block_given? ? passphrase_provider : DEFAULT_PASSPHRASE_PROVIDER
+  callback = NetPGP::PARSE_KEYRING.curry[state][provider]
+  LibNetPGP::pgp_set_callback(stream, callback, nil)
+  LibNetPGP::pgp_reader_push_dearmour(stream) if armored
+  if LibNetPGP::pgp_parse(stream, print_errors) != 1
+    state[:errors].push('pgp_parse failed')
+  end
+  LibNetPGP::pgp_reader_pop_dearmour(stream) if armored
+
+  errors = stream_errors(stream)
+  state[:errors].push(errors) if errors.any?
+
+  raise state[:errors].join("\n") if state[:errors].any?
+  state[:keys]
+end
+
+def self.keys_to_native_keyring(keys, native)
+  raise if not native[:keys].null?
+
+  for key in keys
+    native_key = LibNetPGP::PGPKey.new
+    key.to_native_key(native_key)
+    LibNetPGP::dynarray_append_item(native, 'key', LibNetPGP::PGPKey, native_key)
+  end
+end
+
+def self.verify(keys, data, armored=true)
+  native_keyring_ptr = LibC::calloc(1, LibNetPGP::PGPKeyring.size)
+  native_keyring = LibNetPGP::PGPKeyring.new(native_keyring_ptr)
+  NetPGP::keys_to_native_keyring(keys, native_keyring)
+
+  pgpio = LibNetPGP::PGPIO.new
+  pgpio[:outs] = LibC::fdopen($stdout.to_i, 'w')
+  pgpio[:errs] = LibC::fdopen($stderr.to_i, 'w')
+  pgpio[:res] = pgpio[:errs]
+
+  data_buf = FFI::MemoryPointer.new(:uint8, data.bytesize)
+  data_buf.write_bytes(data)
+
+  # pgp_validate_mem frees this
+  mem_ptr = LibC::calloc(1, LibNetPGP::PGPMemory.size)
+  mem = LibNetPGP::PGPMemory.new(mem_ptr)
+  LibNetPGP::pgp_memory_add(mem, data_buf, data_buf.size)
+
+  # ManagedStruct, this frees itself
+  result_ptr = LibC::calloc(1, LibNetPGP::PGPValidation.size)
+  result = LibNetPGP::PGPValidation.new(result_ptr)
+
+  ret = LibNetPGP::pgp_validate_mem(pgpio, result, mem, nil, armored ? 1 : 0, native_keyring)
+  ret == 1
+end
+
+end # module NetPGP
+

data/lib/netpgp/highlevel/publickey.rb

@@ -0,0 +1,150 @@
+module NetPGP
+
+require_relative 'utils'
+
+class PublicKey
+  attr_accessor :version,
+                :creation_time,
+                :expiration_time,
+                :public_key_algorithm,
+                :mpi,
+                :userids,
+                :parent,
+                :subkeys
+
+  def initialize
+    @version = nil
+    @creation_time = nil
+    @expiration_time = 0
+    @public_key_algorithm = nil
+    @mpi = {}
+    @userids = []
+    @parent = nil
+    @subkeys = []
+  end
+
+  def fingerprint
+    fp = LibNetPGP::PGPFingerprint.new
+    native_pubkey_ptr = LibC::calloc(1, LibNetPGP::PGPPubKey.size)
+    native_pubkey = LibNetPGP::PGPPubKey.new(native_pubkey_ptr)
+    native_pubkey_auto = FFI::AutoPointer.new(native_pubkey_ptr, LibNetPGP::PGPPubKey.method(:release))
+    to_native(native_pubkey)
+    hash = @version == 3 ? :PGP_HASH_MD5 : :PGP_HASH_SHA1
+    ret = LibNetPGP::pgp_fingerprint(fp, native_pubkey, hash)
+    raise 'pgp_fingerprint failed' if ret != 1
+    fp[:fingerprint].to_s[0, fp[:length]]
+  end
+
+  def fingerprint_hex
+    fingerprint.bytes.collect {|byte| '%02X' % byte}.join
+  end
+
+  def key_id
+    keyid_ptr = FFI::MemoryPointer.new(:uint8, LibNetPGP::PGP_KEY_ID_SIZE)
+    native_pubkey = LibNetPGP::PGPPubKey.new
+    to_native(native_pubkey)
+    ret = LibNetPGP::pgp_keyid(keyid_ptr, LibNetPGP::PGP_KEY_ID_SIZE, native_pubkey, :PGP_HASH_SHA1)
+    raise 'pgp_keyid failed' if ret != 1
+    keyid_ptr.read_bytes(LibNetPGP::PGP_KEY_ID_SIZE)
+  end
+
+  def key_id_hex
+    key_id.bytes.collect {|byte| '%02X' % byte}.join
+  end
+
+  def key_length
+    case @public_key_algorithm
+    when PublicKeyAlgorithm::RSA,
+         PublicKeyAlgorithm::RSA_ENCRYPT_ONLY,
+         PublicKeyAlgorithm::RSA_SIGN_ONLY
+      return NetPGP::bignum_byte_count(@mpi[:n]) * 8
+    when PublicKeyAlgorithm::DSA
+      case NetPGP::bignum_byte_count(@mpi[:q])
+      when 20
+        1024
+      when 28
+        2048
+      when 32
+        3072
+      end
+    when PublicKeyAlgorithm::ELGAMAL
+      NetPGP::bignum_byte_count(@mpi[:y]) * 8
+    end
+    0
+  end
+
+  def encrypt(data, armored=true, sk_algorithm=SymmetricKeyAlgorithm::CAST5)
+    cipher = SymmetricKeyAlgorithm::to_s(sk_algorithm)
+    memory = nil
+
+    begin
+      pubkey_ptr = LibC::calloc(1, LibNetPGP::PGPKey.size)
+      pubkey = LibNetPGP::PGPKey.new(pubkey_ptr)
+      pubkey_auto = FFI::AutoPointer.new(pubkey_ptr, LibNetPGP::PGPKey.method(:release))
+
+      to_native_key(pubkey)
+      data_buf = FFI::MemoryPointer.new(:uint8, data.bytesize)
+      data_buf.write_bytes(data)
+      pgpio = LibNetPGP::PGPIO.new
+      pgpio[:outs] = LibC::fdopen($stdout.to_i, 'w')
+      pgpio[:errs] = LibC::fdopen($stderr.to_i, 'w')
+      pgpio[:res] = pgpio[:errs]
+      memory_ptr = LibNetPGP::pgp_encrypt_buf(pgpio, data_buf, data_buf.size, pubkey, armored ? 1 : 0, cipher)
+      return nil if memory_ptr.null?
+      memory = LibNetPGP::PGPMemory.new(memory_ptr)
+      memory[:buf].read_bytes(memory[:length])
+    ensure
+      LibNetPGP::pgp_memory_free(memory) if memory
+    end
+  end
+
+  def verify(data, armored=true)
+    NetPGP::verify([self], data, armored)
+  end
+
+  def add_subkey(subkey)
+    raise if subkey.subkeys.any?
+    subkey.parent = self
+    subkey.userids = @userids
+    @subkeys.push(subkey)
+  end
+
+  def self.from_native(native)
+    pubkey = PublicKey.new
+    pubkey.version = LibNetPGP::enum_value(native[:version])
+    pubkey.creation_time = Time.at(native[:birthtime])
+    if pubkey.version == 3
+      pubkey.expiration_time = Time.at(native[:birthtime]) + (native[:days_valid] * 86400)
+    end
+    pubkey.public_key_algorithm = PublicKeyAlgorithm::from_native(native[:alg])
+    pubkey.mpi = NetPGP::mpis_from_native(native[:alg], native)
+    pubkey
+  end
+
+  def to_native(native)
+    native[:version] = @version
+    native[:birthtime] = @creation_time.to_i
+    if @version == 3 and @expiration_time 
+      native[:days_valid] = ((@expiration_time.to_i - @creation_time.to_i) / 86400).to_i
+    else
+      native[:duration] = (@expiration_time.to_i - @creation_time.to_i).to_i
+    end
+    native[:alg] = @public_key_algorithm
+    NetPGP::mpis_to_native(native[:alg], @mpi, native)
+  end
+
+  def to_native_key(native_key)
+    native_key[:type] = :PGP_PTAG_CT_PUBLIC_KEY
+    native_key[:sigid] = key_id
+    to_native(native_key[:key][:pubkey])
+    if not @parent
+      @userids.each {|userid|
+        LibNetPGP::dynarray_append_item(native_key, 'uid', :string, userid)
+      }
+    end
+  end
+
+end
+
+end # module NetPGP
+