RubyGems - openpgp - Versions diffs - 0.0.1 → 0.0.2 - Mend

openpgp 0.0.1 → 0.0.2

Files changed (32) hide show

data/AUTHORS +2 -0
data/README +55 -48
data/UNLICENSE +24 -0
data/VERSION +1 -1
data/lib/openpgp.rb +16 -5
data/lib/openpgp/algorithm.rb +1 -1
data/lib/openpgp/armor.rb +55 -49
data/lib/openpgp/buffer.rb +100 -0
data/lib/openpgp/cipher.rb +117 -0
data/lib/openpgp/cipher/3des.rb +9 -0
data/lib/openpgp/cipher/aes.rb +26 -0
data/lib/openpgp/cipher/blowfish.rb +9 -0
data/lib/openpgp/cipher/cast5.rb +9 -0
data/lib/openpgp/cipher/idea.rb +9 -0
data/lib/openpgp/cipher/twofish.rb +9 -0
data/lib/openpgp/client/gnupg.rb +583 -0
data/lib/openpgp/digest.rb +60 -0
data/lib/openpgp/digest/md5.rb +7 -0
data/lib/openpgp/digest/rmd160.rb +7 -0
data/lib/openpgp/digest/sha1.rb +7 -0
data/lib/openpgp/digest/sha2.rb +19 -0
data/lib/openpgp/engine.rb +46 -0
data/lib/openpgp/{gnupg.rb → engine/gnupg.rb} +31 -7
data/lib/openpgp/engine/openssl.rb +47 -0
data/lib/openpgp/message.rb +55 -4
data/lib/openpgp/packet.rb +240 -27
data/lib/openpgp/random.rb +31 -0
data/lib/openpgp/s2k.rb +186 -0
data/lib/openpgp/util.rb +65 -0
data/lib/openpgp/version.rb +5 -2
metadata +40 -9
data/LICENSE +0 -19

@@ -0,0 +1,60 @@
+module OpenPGP
+  ##
+  # OpenPGP message digest algorithm.
+  #
+  # @see http://tools.ietf.org/html/rfc4880#section-9.4
+  class Digest
+    autoload :MD5,       'openpgp/digest/md5'
+    autoload :SHA1,      'openpgp/digest/sha1'
+    autoload :RIPEMD160, 'openpgp/digest/rmd160'
+    autoload :SHA256,    'openpgp/digest/sha2'
+    autoload :SHA384,    'openpgp/digest/sha2'
+    autoload :SHA512,    'openpgp/digest/sha2'
+    autoload :SHA224,    'openpgp/digest/sha2'
+    DEFAULT = SHA1
+    def self.for(identifier)
+      case identifier
+        when Symbol then const_get(identifier.to_s.upcase)
+        when String then const_get(identifier.upcase.to_sym)
+        when 1      then const_get(:MD5)
+        when 2      then const_get(:SHA1)
+        when 3      then const_get(:RIPEMD160)
+        when 8      then const_get(:SHA256)
+        when 9      then const_get(:SHA384)
+        when 10     then const_get(:SHA512)
+        when 11     then const_get(:SHA224)
+      end
+    end
+    def self.to_i() identifier end
+    def self.identifier
+      const_get(:IDENTIFIER)
+    end
+    def self.algorithm
+      name.split('::').last.to_sym unless self == Digest
+    end
+    def self.hexsize
+      size * 2
+    end
+    def self.size
+      require 'digest' unless defined?(::Digest)
+      ::Digest.const_get(algorithm).new.digest_length
+    end
+    def self.hexdigest(data)
+      require 'digest' unless defined?(::Digest)
+      ::Digest.const_get(algorithm).hexdigest(data).upcase
+    end
+    def self.digest(data)
+      require 'digest' unless defined?(::Digest)
+      ::Digest.const_get(algorithm).digest(data)
+    end
+  end
+end

data/lib/openpgp/digest/md5.rb ADDED

@@ -0,0 +1,7 @@
+module OpenPGP
+  class Digest
+    class MD5 < Digest
+      IDENTIFIER = 1
+    end
+  end
+end

data/lib/openpgp/digest/rmd160.rb ADDED

@@ -0,0 +1,7 @@
+module OpenPGP
+  class Digest
+    class RIPEMD160 < Digest
+      IDENTIFIER = 3
+    end
+  end
+end

data/lib/openpgp/digest/sha1.rb ADDED

@@ -0,0 +1,7 @@
+module OpenPGP
+  class Digest
+    class SHA1 < Digest
+      IDENTIFIER = 2
+    end
+  end
+end

data/lib/openpgp/digest/sha2.rb ADDED

@@ -0,0 +1,19 @@
+module OpenPGP
+  class Digest
+    class SHA224 < Digest
+      IDENTIFIER = 11
+    end
+    class SHA256 < Digest
+      IDENTIFIER = 8
+    end
+    class SHA384 < Digest
+      IDENTIFIER = 9
+    end
+    class SHA512 < Digest
+      IDENTIFIER = 10
+    end
+  end
+end

data/lib/openpgp/engine.rb ADDED

@@ -0,0 +1,46 @@
+module OpenPGP
+  class Engine
+    autoload :GnuPG,   'openpgp/engine/gnupg'
+    autoload :OpenSSL, 'openpgp/engine/openssl'
+    def self.available?
+      begin
+        load!(true)
+        return true
+      rescue LoadError => e
+        return false
+      end
+    end
+    def self.load!(reload = false)
+      raise LoadError
+    end
+    def self.install!
+      load!
+    end
+    def self.use(&block)
+      load!
+      block.call(self)
+    end
+    protected
+      def self.install_extensions!(extension)
+        name = extension.name.split('::').last.to_sym
+        klass = OpenPGP.const_get(name)
+        extension.constants.each do |const|
+          klass.send(:remove_const, const)
+          klass.const_set(const, extension.const_get(const))
+        end
+        target = (class << klass; self; end)
+        extension.instance_methods(false).each do |method|
+          target.send(:remove_method, method)
+          target.send(:include, extension)
+        end
+      end
+  end
+end

data/lib/openpgp/{gnupg.rb → engine/gnupg.rb} RENAMED

@@ -1,11 +1,15 @@
-module OpenPGP
+module OpenPGP class Engine
   ##
   # GNU Privacy Guard (GnuPG) wrapper.
   #
   # @see http://www.gnupg.org/
-  class GnuPG
+  class GnuPG < Engine
     class Error < IOError; end
+    def self.available?
+      self.new.available?
+    end
     OPTIONS = {
       :batch                 => true,
       :quiet                 => true,
@@ -60,16 +64,30 @@ module OpenPGP
     ##
     # Exports a specified key from the GnuPG keyring.
-    def export(key_id = nil)
-      OpenPGP::Message.parse(exec([:export, *[key_id].flatten]).read)
+    def export(key_id = nil, opts = {})
+      OpenPGP::Message.parse(exec([:export, *[key_id].flatten], opts ).read)
     end
+    ##
     ##
     # Imports a specified keyfile into the GnuPG keyring.
     def import()
       # TODO
     end
+    def delete_secret_and_public_key(key_id)
+      opts = {:batch => true}
+      OpenPGP::Message.parse(exec([:delete_secret_and_public_key, key_fingerprint(key_id)], opts ).read)
+    end
+    def key_fingerprint(key_id, opts = {})
+      message = exec([:fingerprint, *[key_id].flatten], opts ).read
+      if message =~ /Key fingerprint = (.*)\n/
+        return $1.delete(" ")
+      end
+      nil
+    end
     ##
     # Returns an array of key IDs/titles of the keys in the public keyring.
     def list_keys()
@@ -94,6 +112,12 @@ module OpenPGP
       # TODO
     end
+    ##
+    # Makes an OpenPGP signature.
+    def sign_file(key_id, file, passphrase)
+      OpenPGP::Message.parse(exec([:sign, file],{ :local_user => key_id, :passphrase => passphrase}).read)
+    end
     ##
     # Makes a clear text OpenPGP signature.
     def clearsign()
@@ -108,8 +132,8 @@ module OpenPGP
     ##
     # Verifies an OpenPGP signature.
-    def verify()
-      # TODO
+    def verify(key_id, file)
+      OpenPGP::Message.parse(exec([:verify, file],{ :local_user => key_id}).read)
     end
     ##
@@ -166,4 +190,4 @@ module OpenPGP
         "--" << option.to_s.gsub('_', '-')
       end
   end
-end
+end end

data/lib/openpgp/engine/openssl.rb ADDED

@@ -0,0 +1,47 @@
+module OpenPGP
+  class Engine
+    class OpenSSL < Engine
+      def self.load!(reload = false)
+        require 'openssl' unless defined?(::OpenSSL) || reload
+      end
+      def self.install!
+        load!
+        [Random, Digest].each { |mod| install_extensions! mod }
+      end
+      module Random #:nodoc:
+        def number(bits = 32, options = {})
+          ::OpenSSL::BN.rand(bits)
+        end
+        def prime(bits, options = {})
+          ::OpenSSL::BN.generate_prime(bits, options[:safe])
+        end
+        def bytes(count, &block)
+          ::OpenSSL::Random.random_bytes(count)
+        end
+      end
+      module Digest #:nodoc:
+        def size
+          ::OpenSSL::Digest.new(algorithm.to_s).digest_length
+        end
+        def hexdigest(data)
+          ::OpenSSL::Digest.hexdigest(algorithm.to_s, data).upcase
+        end
+        def digest(data)
+          ::OpenSSL::Digest.digest(algorithm.to_s, data)
+        end
+      end
+      module Cipher #:nodoc:
+        # TODO
+      end
+    end
+  end
+end

data/lib/openpgp/message.rb CHANGED

@@ -6,16 +6,49 @@ module OpenPGP
   # @see http://tools.ietf.org/html/rfc4880#section-11
   # @see http://tools.ietf.org/html/rfc4880#section-11.3
   class Message
+    include Enumerable
     attr_accessor :packets
+    ##
+    # Creates an encrypted OpenPGP message.
+    def self.encrypt(data, options = {}, &block)
+      if options[:symmetric]
+        key    = (options[:key]    || S2K::DEFAULT.new(options[:passphrase]))
+        cipher = (options[:cipher] || Cipher::DEFAULT).new(key)
+        msg    = self.new do |msg|
+          msg << Packet::SymmetricSessionKey.new(:algorithm => cipher.identifier, :s2k => key)
+          msg << Packet::EncryptedData.new do |packet|
+            plaintext = self.write do |msg|
+              case data
+                when Message then data.each { |packet| msg << packet }
+                when Packet  then msg << data
+                else msg << Packet::LiteralData.new(:data => data)
+              end
+            end
+            packet.data = cipher.encrypt(plaintext)
+          end
+        end
+        block_given? ? block.call(msg) : msg
+      else
+        raise NotImplementedError # TODO
+      end
+    end
+    ##
+    def self.decrypt(data, options = {}, &block)
+      raise NotImplementedError # TODO
+    end
     ##
     # Parses an OpenPGP message.
     #
     # @see http://tools.ietf.org/html/rfc4880#section-4.1
     # @see http://tools.ietf.org/html/rfc4880#section-4.2
     def self.parse(data)
-      require 'stringio'
-      data = StringIO.new(data.to_str) if data.respond_to?(:to_str)
+      data = Buffer.new(data.to_str) if data.respond_to?(:to_str)
       msg = self.new
       until data.eof?
@@ -28,8 +61,14 @@ module OpenPGP
       msg
     end
-    def initialize(packets = [])
-      @packets = packets
+    def self.write(io = nil, &block)
+      data = self.new(&block).to_s
+      io.respond_to?(:write) ? io.write(data) : data
+    end
+    def initialize(*packets, &block)
+      @packets = packets.flatten
+      block.call(self) if block_given?
     end
     def each(&block) # :yields: packet
@@ -51,5 +90,17 @@ module OpenPGP
     def size
       inject(0) { |sum, packet| sum + packet.size }
     end
+    def to_s
+      Buffer.write do |buffer|
+        packets.each do |packet|
+          if body = packet.body
+            buffer.write_byte(packet.class.tag | 0xC0)
+            buffer.write_byte(body.size)
+            buffer.write_bytes(body)
+          end
+        end
+      end
+    end
   end
 end

data/lib/openpgp/packet.rb CHANGED

@@ -5,17 +5,26 @@ module OpenPGP
   # @see http://tools.ietf.org/html/rfc4880#section-4.1
   # @see http://tools.ietf.org/html/rfc4880#section-4.3
   class Packet
-    attr_accessor :tag
-    attr_accessor :size
-    attr_accessor :data
+    attr_accessor :tag, :size, :data
+    ##
+    # Returns the implementation class for a packet tag.
+    def self.for(tag)
+      @@tags[tag.to_i] || self
+    end
+    ##
+    # Returns the packet tag for this class.
+    def self.tag
+      @@tags.index(self)
+    end
     ##
     # Parses an OpenPGP packet.
     #
     # @see http://tools.ietf.org/html/rfc4880#section-4.2
     def self.parse(data)
-      require 'stringio'
-      data = StringIO.new(data.to_str) if data.respond_to?(:to_str)
+      data = Buffer.new(data.to_str) if data.respond_to?(:to_str)
       unless data.eof?
         new = ((tag = data.getc) & 64).nonzero? # bit 6 indicates new packet format if set
@@ -43,7 +52,7 @@ module OpenPGP
           data_length = (data.getc << 24) | (data.getc << 16) | (data.getc << 8) | data.getc
       end
-      Packet.for(tag).new(tag, data.read(data_length))
+      Packet.for(tag).parse_body(Buffer.new(data.read(data_length)), :tag => tag)
     end
     ##
@@ -67,23 +76,44 @@ module OpenPGP
           raise "Invalid OpenPGP packet length-type: expected 0..3 but got #{len}"
       end
-      Packet.for(tag).new(tag, data_length ? data.read(data_length) : data.read)
+      Packet.for(tag).parse_body(Buffer.new(data_length ? data.read(data_length) : data.read), :tag => tag)
     end
-    def self.for(tag)
-      @@tags[tag.to_i] || self
+    ##
+    def self.parse_body(body, options = {})
+      self.new(options)
+    end
+    def initialize(options = {}, &block)
+      options.each { |k, v| send("#{k}=", v) }
+      block.call(self) if block_given?
     end
-    def initialize(tag = nil, data = nil)
-      @tag, @data, @size = tag, data, data ? data.size : 0
+    #def to_s() body end
+    def size() body.size end
+    def body
+      respond_to?(:write_body) ? Buffer.write { |buffer| write_body(buffer) } : ""
     end
     ##
     # OpenPGP Public-Key Encrypted Session Key packet (tag 1).
     #
     # @see http://tools.ietf.org/html/rfc4880#section-5.1
+    # @see http://tools.ietf.org/html/rfc4880#section-13.1
     class AsymmetricSessionKey < Packet
-      # TODO
+      attr_accessor :version, :key_id, :algorithm
+      def self.parse_body(body, options = {})
+        case version = body.read_byte
+          when 3
+            self.new(:version => version, :key_id => body.read_number(8, 16), :algorithm => body.read_byte)
+            # TODO: read the encrypted session key.
+          else
+            raise "Invalid OpenPGP public-key ESK packet version: #{version}"
+        end
+      end
     end
     ##
@@ -91,7 +121,56 @@ module OpenPGP
     #
     # @see http://tools.ietf.org/html/rfc4880#section-5.2
     class Signature < Packet
-      # TODO
+      attr_accessor :version, :type
+      attr_accessor :key_algorithm, :hash_algorithm
+      attr_accessor :key_id
+      attr_accessor :fields
+      def self.parse_body(body, options = {})
+        case version = body.read_byte
+          when 3 then self.new(:version => 3).send(:read_v3_signature, body)
+          when 4 then self.new(:version => 4).send(:read_v4_signature, body)
+          else raise "Invalid OpenPGP signature packet version: #{version}"
+        end
+      end
+      protected
+        ##
+        # @see http://tools.ietf.org/html/rfc4880#section-5.2.2
+        def read_v3_signature(body)
+          raise "Invalid OpenPGP signature packet V3 header" if body.read_byte != 5
+          @type, @timestamp, @key_id = body.read_byte, body.read_number(4), body.read_number(8, 16)
+          @key_algorithm, @hash_algorithm = body.read_byte, body.read_byte
+          body.read_bytes(2)
+          read_signature(body)
+          self
+        end
+        ##
+        # @see http://tools.ietf.org/html/rfc4880#section-5.2.3
+        def read_v4_signature(body)
+          @type = body.read_byte
+          @key_algorithm, @hash_algorithm = body.read_byte, body.read_byte
+          body.read_bytes(hashed_count = body.read_number(2))
+          body.read_bytes(unhashed_count = body.read_number(2))
+          body.read_bytes(2)
+          read_signature(body)
+          self
+        end
+        ##
+        # @see http://tools.ietf.org/html/rfc4880#section-5.2.2
+        def read_signature(body)
+          case key_algorithm
+            when Algorithm::Asymmetric::RSA
+              @fields = [body.read_mpi]
+            when Algorithm::Asymmetric::DSA
+              @fields = [body.read_mpi, body.read_mpi]
+            else
+              raise "Unknown OpenPGP signature packet public-key algorithm: #{key_algorithm}"
+          end
+        end
     end
     ##
@@ -99,7 +178,31 @@ module OpenPGP
     #
     # @see http://tools.ietf.org/html/rfc4880#section-5.3
     class SymmetricSessionKey < Packet
-      # TODO
+      attr_accessor :version, :algorithm, :s2k
+      def self.parse_body(body, options = {})
+        case version = body.read_byte
+          when 4
+            self.new({:version => version, :algorithm => body.read_byte, :s2k => body.read_s2k}.merge(options))
+          else
+            raise "Invalid OpenPGP symmetric-key ESK packet version: #{version}"
+        end
+      end
+      def initialize(options = {}, &block)
+        defaults = {
+          :version   => 4,
+          :algorithm => Cipher::DEFAULT.to_i,
+          :s2k       => S2K::DEFAULT.new,
+        }
+        super(defaults.merge(options), &block)
+      end
+      def write_body(buffer)
+        buffer.write_byte(version)
+        buffer.write_byte(algorithm.to_i)
+        buffer.write_s2k(s2k)
+      end
     end
     ##
@@ -118,7 +221,53 @@ module OpenPGP
     # @see http://tools.ietf.org/html/rfc4880#section-11.1
     # @see http://tools.ietf.org/html/rfc4880#section-12
     class PublicKey < Packet
-      # TODO
+      attr_accessor :size
+      attr_accessor :version, :timestamp, :algorithm
+      attr_accessor :key, :key_fields, :key_id, :fingerprint
+      #def parse(data) # FIXME
+      def self.parse_body(body, options = {})
+        case version = body.read_byte
+          when 2, 3
+            # TODO
+          when 4
+            packet = self.new(:version => version, :timestamp => body.read_timestamp, :algorithm => body.read_byte, :key => {}, :size => body.size)
+            packet.read_key_material(body)
+            packet
+          else
+            raise "Invalid OpenPGP public-key packet version: #{version}"
+        end
+      end
+      ##
+      # @see http://tools.ietf.org/html/rfc4880#section-5.5.2
+      def read_key_material(body)
+        @key_fields = case algorithm
+          when Algorithm::Asymmetric::RSA   then [:n, :e]
+          when Algorithm::Asymmetric::ELG_E then [:p, :g, :y]
+          when Algorithm::Asymmetric::DSA   then [:p, :q, :g, :y]
+          else raise "Unknown OpenPGP key algorithm: #{algorithm}"
+        end
+        @key_fields.each { |field| key[field] = body.read_mpi }
+        @key_id = fingerprint[-8..-1]
+      end
+      ##
+      # @see http://tools.ietf.org/html/rfc4880#section-12.2
+      # @see http://tools.ietf.org/html/rfc4880#section-3.3
+      def fingerprint
+        @fingerprint ||= case version
+          when 2, 3
+            Digest::MD5.hexdigest([key[:n], key[:e]].join).upcase
+          when 4
+            material = [0x99.chr, [size].pack('n'), version.chr, [timestamp].pack('N'), algorithm.chr]
+            key_fields.each do |key_field|
+              material << [OpenPGP.bitlength(key[key_field])].pack('n')
+              material << key[key_field]
+            end
+            Digest::SHA1.hexdigest(material.join).upcase
+        end
+      end
     end
     ##
@@ -167,7 +316,19 @@ module OpenPGP
     #
     # @see http://tools.ietf.org/html/rfc4880#section-5.7
     class EncryptedData < Packet
-      # TODO
+      attr_accessor :data
+      def self.parse_body(body, options = {})
+        self.new({:data => body.read}.merge(options))
+      end
+      def initialize(options = {}, &block)
+        super(options, &block)
+      end
+      def write_body(buffer)
+        buffer.write(data)
+      end
     end
     ##
@@ -183,7 +344,39 @@ module OpenPGP
     #
     # @see http://tools.ietf.org/html/rfc4880#section-5.9
     class LiteralData < Packet
-      # TODO
+      attr_accessor :format, :filename, :timestamp, :data
+      def self.parse_body(body, options = {})
+        defaults = {
+          :format    => body.read_byte.chr.to_sym,
+          :filename  => body.read_string,
+          :timestamp => body.read_timestamp,
+          :data      => body.read,
+        }
+        self.new(defaults.merge(options))
+      end
+      def initialize(options = {}, &block)
+        defaults = {
+          :format    => :b,
+          :filename  => "",
+          :timestamp => 0,
+          :data      => "",
+        }
+        super(defaults.merge(options), &block)
+      end
+      def write_body(buffer)
+        buffer.write_byte(format)
+        buffer.write_string(filename)
+        buffer.write_timestamp(timestamp)
+        buffer.write(data.to_s)
+      end
+      EYES_ONLY = '_CONSOLE'
+      def eyes_only!() filename = EYES_ONLY end
+      def eyes_only?() filename == EYES_ONLY end
     end
     ##
@@ -191,7 +384,15 @@ module OpenPGP
     #
     # @see http://tools.ietf.org/html/rfc4880#section-5.10
     class Trust < Packet
-      # TODO
+      attr_accessor :data
+      def self.parse_body(body, options = {})
+        self.new({:data => body.read}.merge(options))
+      end
+      def write_body(buffer)
+        buffer.write(data)
+      end
     end
     ##
@@ -202,26 +403,29 @@ module OpenPGP
     class UserID < Packet
       attr_accessor :name, :comment, :email
-      def initialize(tag = nil, data = nil)
-        super
-        case data
+      def self.parse_body(body, options = {})
+        case body.read
           # User IDs of the form: "name (comment) <email>"
           when /^([^\(]+)\(([^\)]+)\)\s+<([^>]+)>$/
-            @name, @comment, @email = $1, $2, $3
+            self.new(:name => $1.strip, :comment => $2.strip, :email => $3.strip)
           # User IDs of the form: "name <email>"
           when /^([^<]+)\s+<([^>]+)>$/
-            @name, @comment, @email = $1, nil, $2
+            self.new(:name => $1.strip, :comment => nil, :email => $2.strip)
           # User IDs of the form: "name"
           when /^([^<]+)$/
-            @name, @comment, @email = $1, nil, nil
+            self.new(:name => $1.strip, :comment => nil, :email => nil)
           # User IDs of the form: "<email>"
           when /^<([^>]+)>$/
-            @name, @comment, @email = nil, nil, $2
+            self.new(:name => nil, :comment => nil, :email => $1.strip)
           else
-            @name, @comment, @email = nil
+            self.new(:name => nil, :comment => nil, :email => nil)
         end
       end
+      def write_body(buffer)
+        buffer.write(to_s)
+      end
       def to_s
         text = []
         text << name if name
@@ -247,7 +451,16 @@ module OpenPGP
     #
     # @see http://tools.ietf.org/html/rfc4880#section-5.13
     class IntegrityProtectedData < Packet
-      # TODO
+      attr_accessor :version
+      def self.parse_body(body, options = {})
+        case version = body.read_byte
+          when 1
+            self.new(:version => version) # TODO: read the encrypted data.
+          else
+            raise "Invalid OpenPGP integrity-protected data packet version: #{version}"
+        end
+      end
     end
     ##