RubyGems - openpgp - Versions diffs - 0.0.1 → 0.0.2 - Mend

openpgp 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

data/AUTHORS +2 -0
data/README +55 -48
data/UNLICENSE +24 -0
data/VERSION +1 -1
data/lib/openpgp.rb +16 -5
data/lib/openpgp/algorithm.rb +1 -1
data/lib/openpgp/armor.rb +55 -49
data/lib/openpgp/buffer.rb +100 -0
data/lib/openpgp/cipher.rb +117 -0
data/lib/openpgp/cipher/3des.rb +9 -0
data/lib/openpgp/cipher/aes.rb +26 -0
data/lib/openpgp/cipher/blowfish.rb +9 -0
data/lib/openpgp/cipher/cast5.rb +9 -0
data/lib/openpgp/cipher/idea.rb +9 -0
data/lib/openpgp/cipher/twofish.rb +9 -0
data/lib/openpgp/client/gnupg.rb +583 -0
data/lib/openpgp/digest.rb +60 -0
data/lib/openpgp/digest/md5.rb +7 -0
data/lib/openpgp/digest/rmd160.rb +7 -0
data/lib/openpgp/digest/sha1.rb +7 -0
data/lib/openpgp/digest/sha2.rb +19 -0
data/lib/openpgp/engine.rb +46 -0
data/lib/openpgp/{gnupg.rb → engine/gnupg.rb} +31 -7
data/lib/openpgp/engine/openssl.rb +47 -0
data/lib/openpgp/message.rb +55 -4
data/lib/openpgp/packet.rb +240 -27
data/lib/openpgp/random.rb +31 -0
data/lib/openpgp/s2k.rb +186 -0
data/lib/openpgp/util.rb +65 -0
data/lib/openpgp/version.rb +5 -2
metadata +40 -9
data/LICENSE +0 -19

data/lib/openpgp/digest.rb ADDED

@@ -0,0 +1,60 @@
+module OpenPGP
+  ##
+  # OpenPGP message digest algorithm.
+  #
+  # @see http://tools.ietf.org/html/rfc4880#section-9.4
+  class Digest
+    autoload :MD5,       'openpgp/digest/md5'
+    autoload :SHA1,      'openpgp/digest/sha1'
+    autoload :RIPEMD160, 'openpgp/digest/rmd160'
+    autoload :SHA256,    'openpgp/digest/sha2'
+    autoload :SHA384,    'openpgp/digest/sha2'
+    autoload :SHA512,    'openpgp/digest/sha2'
+    autoload :SHA224,    'openpgp/digest/sha2'
+    DEFAULT = SHA1
+    def self.for(identifier)
+      case identifier
+        when Symbol then const_get(identifier.to_s.upcase)
+        when String then const_get(identifier.upcase.to_sym)
+        when 1      then const_get(:MD5)
+        when 2      then const_get(:SHA1)
+        when 3      then const_get(:RIPEMD160)
+        when 8      then const_get(:SHA256)
+        when 9      then const_get(:SHA384)
+        when 10     then const_get(:SHA512)
+        when 11     then const_get(:SHA224)
+      end
+    end
+    def self.to_i() identifier end
+    def self.identifier
+      const_get(:IDENTIFIER)
+    end
+    def self.algorithm
+      name.split('::').last.to_sym unless self == Digest
+    end
+    def self.hexsize
+      size * 2
+    end
+    def self.size
+      require 'digest' unless defined?(::Digest)
+      ::Digest.const_get(algorithm).new.digest_length
+    end
+    def self.hexdigest(data)
+      require 'digest' unless defined?(::Digest)
+      ::Digest.const_get(algorithm).hexdigest(data).upcase
+    end
+    def self.digest(data)
+      require 'digest' unless defined?(::Digest)
+      ::Digest.const_get(algorithm).digest(data)
+    end
+  end
+end

data/lib/openpgp/digest/md5.rb ADDED

@@ -0,0 +1,7 @@
+module OpenPGP
+  class Digest
+    class MD5 < Digest
+      IDENTIFIER = 1
+    end
+  end
+end

data/lib/openpgp/digest/rmd160.rb ADDED

@@ -0,0 +1,7 @@
+module OpenPGP
+  class Digest
+    class RIPEMD160 < Digest
+      IDENTIFIER = 3
+    end
+  end
+end

data/lib/openpgp/digest/sha1.rb ADDED

@@ -0,0 +1,7 @@
+module OpenPGP
+  class Digest
+    class SHA1 < Digest
+      IDENTIFIER = 2
+    end
+  end
+end

data/lib/openpgp/digest/sha2.rb ADDED

@@ -0,0 +1,19 @@
+module OpenPGP
+  class Digest
+    class SHA224 < Digest
+      IDENTIFIER = 11
+    end
+    class SHA256 < Digest
+      IDENTIFIER = 8
+    end
+    class SHA384 < Digest
+      IDENTIFIER = 9
+    end
+    class SHA512 < Digest
+      IDENTIFIER = 10
+    end
+  end
+end

data/lib/openpgp/engine.rb ADDED

@@ -0,0 +1,46 @@
+module OpenPGP
+  class Engine
+    autoload :GnuPG,   'openpgp/engine/gnupg'
+    autoload :OpenSSL, 'openpgp/engine/openssl'
+    def self.available?
+      begin
+        load!(true)
+        return true
+      rescue LoadError => e
+        return false
+      end
+    end
+    def self.load!(reload = false)
+      raise LoadError
+    end
+    def self.install!
+      load!
+    end
+    def self.use(&block)
+      load!
+      block.call(self)
+    end
+    protected
+      def self.install_extensions!(extension)
+        name = extension.name.split('::').last.to_sym
+        klass = OpenPGP.const_get(name)
+        extension.constants.each do |const|
+          klass.send(:remove_const, const)
+          klass.const_set(const, extension.const_get(const))
+        end
+        target = (class << klass; self; end)
+        extension.instance_methods(false).each do |method|
+          target.send(:remove_method, method)
+          target.send(:include, extension)
+        end
+      end
+  end
+end

data/lib/openpgp/{gnupg.rb → engine/gnupg.rb} RENAMED

@@ -1,11 +1,15 @@
-module OpenPGP
+module OpenPGP class Engine
   ##
   # GNU Privacy Guard (GnuPG) wrapper.
   #
   # @see http://www.gnupg.org/
-  class GnuPG
+  class GnuPG < Engine
     class Error < IOError; end
+    def self.available?
+      self.new.available?
+    end
     OPTIONS = {
       :batch                 => true,
       :quiet                 => true,
@@ -60,16 +64,30 @@ module OpenPGP
     ##
     # Exports a specified key from the GnuPG keyring.
-    def export(key_id = nil)
-      OpenPGP::Message.parse(exec([:export, *[key_id].flatten]).read)
+    def export(key_id = nil, opts = {})
+      OpenPGP::Message.parse(exec([:export, *[key_id].flatten], opts ).read)
     end
+    ##
     ##
     # Imports a specified keyfile into the GnuPG keyring.
     def import()
       # TODO
     end
+    def delete_secret_and_public_key(key_id)
+      opts = {:batch => true}
+      OpenPGP::Message.parse(exec([:delete_secret_and_public_key, key_fingerprint(key_id)], opts ).read)
+    end
+    def key_fingerprint(key_id, opts = {})
+      message = exec([:fingerprint, *[key_id].flatten], opts ).read
+      if message =~ /Key fingerprint = (.*)\n/
+        return $1.delete(" ")
+      end
+      nil
+    end
     ##
     # Returns an array of key IDs/titles of the keys in the public keyring.
     def list_keys()
@@ -94,6 +112,12 @@ module OpenPGP
       # TODO
     end
+    ##
+    # Makes an OpenPGP signature.
+    def sign_file(key_id, file, passphrase)
+      OpenPGP::Message.parse(exec([:sign, file],{ :local_user => key_id, :passphrase => passphrase}).read)
+    end
     ##
     # Makes a clear text OpenPGP signature.
     def clearsign()
@@ -108,8 +132,8 @@ module OpenPGP
     ##
     # Verifies an OpenPGP signature.
-    def verify()
-      # TODO
+    def verify(key_id, file)
+      OpenPGP::Message.parse(exec([:verify, file],{ :local_user => key_id}).read)
     end
     ##
@@ -166,4 +190,4 @@ module OpenPGP
         "--" << option.to_s.gsub('_', '-')
       end
   end
-end
+end end

data/lib/openpgp/engine/openssl.rb ADDED

@@ -0,0 +1,47 @@
+module OpenPGP
+  class Engine
+    class OpenSSL < Engine
+      def self.load!(reload = false)
+        require 'openssl' unless defined?(::OpenSSL) || reload
+      end
+      def self.install!
+        load!
+        [Random, Digest].each { |mod| install_extensions! mod }
+      end
+      module Random #:nodoc:
+        def number(bits = 32, options = {})
+          ::OpenSSL::BN.rand(bits)
+        end
+        def prime(bits, options = {})
+          ::OpenSSL::BN.generate_prime(bits, options[:safe])
+        end
+        def bytes(count, &block)
+          ::OpenSSL::Random.random_bytes(count)
+        end
+      end
+      module Digest #:nodoc:
+        def size
+          ::OpenSSL::Digest.new(algorithm.to_s).digest_length
+        end
+        def hexdigest(data)
+          ::OpenSSL::Digest.hexdigest(algorithm.to_s, data).upcase
+        end
+        def digest(data)
+          ::OpenSSL::Digest.digest(algorithm.to_s, data)
+        end
+      end
+      module Cipher #:nodoc:
+        # TODO
+      end
+    end
+  end
+end

data/lib/openpgp/message.rb CHANGED

@@ -6,16 +6,49 @@ module OpenPGP
   # @see http://tools.ietf.org/html/rfc4880#section-11
   # @see http://tools.ietf.org/html/rfc4880#section-11.3
   class Message
+    include Enumerable
     attr_accessor :packets
+    ##
+    # Creates an encrypted OpenPGP message.
+    def self.encrypt(data, options = {}, &block)
+      if options[:symmetric]
+        key    = (options[:key]    || S2K::DEFAULT.new(options[:passphrase]))
+        cipher = (options[:cipher] || Cipher::DEFAULT).new(key)
+        msg    = self.new do |msg|
+          msg << Packet::SymmetricSessionKey.new(:algorithm => cipher.identifier, :s2k => key)
+          msg << Packet::EncryptedData.new do |packet|
+            plaintext = self.write do |msg|
+              case data
+                when Message then data.each { |packet| msg << packet }
+                when Packet  then msg << data
+                else msg << Packet::LiteralData.new(:data => data)
+              end
+            end
+            packet.data = cipher.encrypt(plaintext)
+          end
+        end
+        block_given? ? block.call(msg) : msg
+      else
+        raise NotImplementedError # TODO
+      end
+    end
+    ##
+    def self.decrypt(data, options = {}, &block)
+      raise NotImplementedError # TODO
+    end
     ##
     # Parses an OpenPGP message.
     #
     # @see http://tools.ietf.org/html/rfc4880#section-4.1
     # @see http://tools.ietf.org/html/rfc4880#section-4.2
     def self.parse(data)
-      require 'stringio'
-      data = StringIO.new(data.to_str) if data.respond_to?(:to_str)
+      data = Buffer.new(data.to_str) if data.respond_to?(:to_str)
       msg = self.new
       until data.eof?
@@ -28,8 +61,14 @@ module OpenPGP
       msg
     end
-    def initialize(packets = [])
-      @packets = packets
+    def self.write(io = nil, &block)
+      data = self.new(&block).to_s
+      io.respond_to?(:write) ? io.write(data) : data
+    end
+    def initialize(*packets, &block)
+      @packets = packets.flatten
+      block.call(self) if block_given?
     end
     def each(&block) # :yields: packet
@@ -51,5 +90,17 @@ module OpenPGP
     def size
       inject(0) { |sum, packet| sum + packet.size }
     end
+    def to_s
+      Buffer.write do |buffer|
+        packets.each do |packet|
+          if body = packet.body
+            buffer.write_byte(packet.class.tag | 0xC0)
+            buffer.write_byte(body.size)
+            buffer.write_bytes(body)
+          end
+        end
+      end
+    end
   end
 end

data/lib/openpgp/packet.rb CHANGED

@@ -5,17 +5,26 @@ module OpenPGP
   # @see http://tools.ietf.org/html/rfc4880#section-4.1
   # @see http://tools.ietf.org/html/rfc4880#section-4.3
   class Packet
-    attr_accessor :tag
-    attr_accessor :size
-    attr_accessor :data
+    attr_accessor :tag, :size, :data
+    ##
+    # Returns the implementation class for a packet tag.
+    def self.for(tag)
+      @@tags[tag.to_i] || self
+    end
+    ##
+    # Returns the packet tag for this class.
+    def self.tag
+      @@tags.index(self)
+    end
     ##
     # Parses an OpenPGP packet.
     #
     # @see http://tools.ietf.org/html/rfc4880#section-4.2
     def self.parse(data)
-      require 'stringio'
-      data = StringIO.new(data.to_str) if data.respond_to?(:to_str)
+      data = Buffer.new(data.to_str) if data.respond_to?(:to_str)
       unless data.eof?
         new = ((tag = data.getc) & 64).nonzero? # bit 6 indicates new packet format if set
@@ -43,7 +52,7 @@ module OpenPGP
           data_length = (data.getc << 24) | (data.getc << 16) | (data.getc << 8) | data.getc
       end
-      Packet.for(tag).new(tag, data.read(data_length))
+      Packet.for(tag).parse_body(Buffer.new(data.read(data_length)), :tag => tag)
     end
     ##
@@ -67,23 +76,44 @@ module OpenPGP
           raise "Invalid OpenPGP packet length-type: expected 0..3 but got #{len}"
       end
-      Packet.for(tag).new(tag, data_length ? data.read(data_length) : data.read)
+      Packet.for(tag).parse_body(Buffer.new(data_length ? data.read(data_length) : data.read), :tag => tag)
     end
-    def self.for(tag)
-      @@tags[tag.to_i] || self
+    ##
+    def self.parse_body(body, options = {})
+      self.new(options)
+    end
+    def initialize(options = {}, &block)
+      options.each { |k, v| send("#{k}=", v) }
+      block.call(self) if block_given?
     end
-    def initialize(tag = nil, data = nil)
-      @tag, @data, @size = tag, data, data ? data.size : 0
+    #def to_s() body end
+    def size() body.size end
+    def body
+      respond_to?(:write_body) ? Buffer.write { |buffer| write_body(buffer) } : ""
     end
     ##
     # OpenPGP Public-Key Encrypted Session Key packet (tag 1).
     #
     # @see http://tools.ietf.org/html/rfc4880#section-5.1
+    # @see http://tools.ietf.org/html/rfc4880#section-13.1
     class AsymmetricSessionKey < Packet
-      # TODO
+      attr_accessor :version, :key_id, :algorithm
+      def self.parse_body(body, options = {})
+        case version = body.read_byte
+          when 3
+            self.new(:version => version, :key_id => body.read_number(8, 16), :algorithm => body.read_byte)
+            # TODO: read the encrypted session key.
+          else
+            raise "Invalid OpenPGP public-key ESK packet version: #{version}"
+        end
+      end
     end
     ##
@@ -91,7 +121,56 @@ module OpenPGP
     #
     # @see http://tools.ietf.org/html/rfc4880#section-5.2
     class Signature < Packet
-      # TODO
+      attr_accessor :version, :type
+      attr_accessor :key_algorithm, :hash_algorithm
+      attr_accessor :key_id
+      attr_accessor :fields
+      def self.parse_body(body, options = {})
+        case version = body.read_byte
+          when 3 then self.new(:version => 3).send(:read_v3_signature, body)
+          when 4 then self.new(:version => 4).send(:read_v4_signature, body)
+          else raise "Invalid OpenPGP signature packet version: #{version}"
+        end
+      end
+      protected
+        ##
+        # @see http://tools.ietf.org/html/rfc4880#section-5.2.2
+        def read_v3_signature(body)
+          raise "Invalid OpenPGP signature packet V3 header" if body.read_byte != 5
+          @type, @timestamp, @key_id = body.read_byte, body.read_number(4), body.read_number(8, 16)
+          @key_algorithm, @hash_algorithm = body.read_byte, body.read_byte
+          body.read_bytes(2)
+          read_signature(body)
+          self
+        end
+        ##
+        # @see http://tools.ietf.org/html/rfc4880#section-5.2.3
+        def read_v4_signature(body)
+          @type = body.read_byte
+          @key_algorithm, @hash_algorithm = body.read_byte, body.read_byte
+          body.read_bytes(hashed_count = body.read_number(2))
+          body.read_bytes(unhashed_count = body.read_number(2))
+          body.read_bytes(2)
+          read_signature(body)
+          self
+        end
+        ##
+        # @see http://tools.ietf.org/html/rfc4880#section-5.2.2
+        def read_signature(body)
+          case key_algorithm
+            when Algorithm::Asymmetric::RSA
+              @fields = [body.read_mpi]
+            when Algorithm::Asymmetric::DSA
+              @fields = [body.read_mpi, body.read_mpi]
+            else
+              raise "Unknown OpenPGP signature packet public-key algorithm: #{key_algorithm}"
+          end
+        end
     end
     ##
@@ -99,7 +178,31 @@ module OpenPGP
     #
     # @see http://tools.ietf.org/html/rfc4880#section-5.3
     class SymmetricSessionKey < Packet
-      # TODO
+      attr_accessor :version, :algorithm, :s2k
+      def self.parse_body(body, options = {})
+        case version = body.read_byte
+          when 4
+            self.new({:version => version, :algorithm => body.read_byte, :s2k => body.read_s2k}.merge(options))
+          else
+            raise "Invalid OpenPGP symmetric-key ESK packet version: #{version}"
+        end
+      end
+      def initialize(options = {}, &block)
+        defaults = {
+          :version   => 4,
+          :algorithm => Cipher::DEFAULT.to_i,
+          :s2k       => S2K::DEFAULT.new,
+        }
+        super(defaults.merge(options), &block)
+      end
+      def write_body(buffer)
+        buffer.write_byte(version)
+        buffer.write_byte(algorithm.to_i)
+        buffer.write_s2k(s2k)
+      end
     end
     ##
@@ -118,7 +221,53 @@ module OpenPGP
     # @see http://tools.ietf.org/html/rfc4880#section-11.1
     # @see http://tools.ietf.org/html/rfc4880#section-12
     class PublicKey < Packet
-      # TODO
+      attr_accessor :size
+      attr_accessor :version, :timestamp, :algorithm
+      attr_accessor :key, :key_fields, :key_id, :fingerprint
+      #def parse(data) # FIXME
+      def self.parse_body(body, options = {})
+        case version = body.read_byte
+          when 2, 3
+            # TODO
+          when 4
+            packet = self.new(:version => version, :timestamp => body.read_timestamp, :algorithm => body.read_byte, :key => {}, :size => body.size)
+            packet.read_key_material(body)
+            packet
+          else
+            raise "Invalid OpenPGP public-key packet version: #{version}"
+        end
+      end
+      ##
+      # @see http://tools.ietf.org/html/rfc4880#section-5.5.2
+      def read_key_material(body)
+        @key_fields = case algorithm
+          when Algorithm::Asymmetric::RSA   then [:n, :e]
+          when Algorithm::Asymmetric::ELG_E then [:p, :g, :y]
+          when Algorithm::Asymmetric::DSA   then [:p, :q, :g, :y]
+          else raise "Unknown OpenPGP key algorithm: #{algorithm}"
+        end
+        @key_fields.each { |field| key[field] = body.read_mpi }
+        @key_id = fingerprint[-8..-1]
+      end
+      ##
+      # @see http://tools.ietf.org/html/rfc4880#section-12.2
+      # @see http://tools.ietf.org/html/rfc4880#section-3.3
+      def fingerprint
+        @fingerprint ||= case version
+          when 2, 3
+            Digest::MD5.hexdigest([key[:n], key[:e]].join).upcase
+          when 4
+            material = [0x99.chr, [size].pack('n'), version.chr, [timestamp].pack('N'), algorithm.chr]
+            key_fields.each do |key_field|
+              material << [OpenPGP.bitlength(key[key_field])].pack('n')
+              material << key[key_field]
+            end
+            Digest::SHA1.hexdigest(material.join).upcase
+        end
+      end
     end
     ##
@@ -167,7 +316,19 @@ module OpenPGP
     #
     # @see http://tools.ietf.org/html/rfc4880#section-5.7
     class EncryptedData < Packet
-      # TODO
+      attr_accessor :data
+      def self.parse_body(body, options = {})
+        self.new({:data => body.read}.merge(options))
+      end
+      def initialize(options = {}, &block)
+        super(options, &block)
+      end
+      def write_body(buffer)
+        buffer.write(data)
+      end
     end
     ##
@@ -183,7 +344,39 @@ module OpenPGP
     #
     # @see http://tools.ietf.org/html/rfc4880#section-5.9
     class LiteralData < Packet
-      # TODO
+      attr_accessor :format, :filename, :timestamp, :data
+      def self.parse_body(body, options = {})
+        defaults = {
+          :format    => body.read_byte.chr.to_sym,
+          :filename  => body.read_string,
+          :timestamp => body.read_timestamp,
+          :data      => body.read,
+        }
+        self.new(defaults.merge(options))
+      end
+      def initialize(options = {}, &block)
+        defaults = {
+          :format    => :b,
+          :filename  => "",
+          :timestamp => 0,
+          :data      => "",
+        }
+        super(defaults.merge(options), &block)
+      end
+      def write_body(buffer)
+        buffer.write_byte(format)
+        buffer.write_string(filename)
+        buffer.write_timestamp(timestamp)
+        buffer.write(data.to_s)
+      end
+      EYES_ONLY = '_CONSOLE'
+      def eyes_only!() filename = EYES_ONLY end
+      def eyes_only?() filename == EYES_ONLY end
     end
     ##
@@ -191,7 +384,15 @@ module OpenPGP
     #
     # @see http://tools.ietf.org/html/rfc4880#section-5.10
     class Trust < Packet
-      # TODO
+      attr_accessor :data
+      def self.parse_body(body, options = {})
+        self.new({:data => body.read}.merge(options))
+      end
+      def write_body(buffer)
+        buffer.write(data)
+      end
     end
     ##
@@ -202,26 +403,29 @@ module OpenPGP
     class UserID < Packet
       attr_accessor :name, :comment, :email
-      def initialize(tag = nil, data = nil)
-        super
-        case data
+      def self.parse_body(body, options = {})
+        case body.read
           # User IDs of the form: "name (comment) <email>"
           when /^([^\(]+)\(([^\)]+)\)\s+<([^>]+)>$/
-            @name, @comment, @email = $1, $2, $3
+            self.new(:name => $1.strip, :comment => $2.strip, :email => $3.strip)
           # User IDs of the form: "name <email>"
           when /^([^<]+)\s+<([^>]+)>$/
-            @name, @comment, @email = $1, nil, $2
+            self.new(:name => $1.strip, :comment => nil, :email => $2.strip)
           # User IDs of the form: "name"
           when /^([^<]+)$/
-            @name, @comment, @email = $1, nil, nil
+            self.new(:name => $1.strip, :comment => nil, :email => nil)
           # User IDs of the form: "<email>"
           when /^<([^>]+)>$/
-            @name, @comment, @email = nil, nil, $2
+            self.new(:name => nil, :comment => nil, :email => $1.strip)
           else
-            @name, @comment, @email = nil
+            self.new(:name => nil, :comment => nil, :email => nil)
         end
       end
+      def write_body(buffer)
+        buffer.write(to_s)
+      end
       def to_s
         text = []
         text << name if name
@@ -247,7 +451,16 @@ module OpenPGP
     #
     # @see http://tools.ietf.org/html/rfc4880#section-5.13
     class IntegrityProtectedData < Packet
-      # TODO
+      attr_accessor :version
+      def self.parse_body(body, options = {})
+        case version = body.read_byte
+          when 1
+            self.new(:version => version) # TODO: read the encrypted data.
+          else
+            raise "Invalid OpenPGP integrity-protected data packet version: #{version}"
+        end
+      end
     end
     ##