openssl_pkcs8 0.1.0 → 0.1.1

data/README.rdoc

@@ -5,10 +5,20 @@ is part of standard Ruby distributions.
 
 Example:
 
-  key = OpenSSL::PKey::RSA.new(1024)
+    key = OpenSSL::PKey::RSA.new(1024)
+    
+    key.to_pem_pkcs8
+    # => "-----BEGIN PRIVATE KEY----- ..."
+
+This will export the private key in PKCS8 format, and will export public keys
+in the PUBKEY format used by OpenSSL. Note the absence of "RSA" in both of
+the headers.
   
-  key.to_pem_pkcs8
-  # => "-----BEGIN PRIVATE KEY----- ..."
+== Installation
+
+Using the Gem distribution is probably easiest:
+
+    gem install openssl_pkcs8
 
 == Copyright
 

data/VERSION

@@ -0,0 +1 @@
+0.1.1

data/ext/openssl_pkcs8/openssl_pkcs8.c

@@ -0,0 +1,191 @@
+#include "ruby.h"
+
+#include <openssl/err.h>
+#include <openssl/ossl_typ.h>
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509v3.h>
+#include <openssl/ssl.h>
+#include <openssl/pkcs12.h>
+#include <openssl/pkcs7.h>
+#include <openssl/hmac.h>
+#include <openssl/rand.h>
+#include <openssl/conf.h>
+#include <openssl/conf_api.h>
+
+VALUE mOSSL;
+VALUE mPKey;
+VALUE cRSA;
+VALUE eRSAError;
+VALUE ePKeyError;
+VALUE eOSSLError;
+VALUE cCipher;
+
+#define GetPKey(obj, pkey) do {\
+    Data_Get_Struct(obj, EVP_PKEY, pkey);\
+    if (!pkey) { \
+    	rb_raise(rb_eRuntimeError, "PKEY wasn't initialized!");\
+    } \
+} while (0)
+#define GetPKeyRSA(obj, pkey) do { \
+    GetPKey(obj, pkey); \
+    if (EVP_PKEY_type(pkey->type) != EVP_PKEY_RSA) { /* PARANOIA? */ \
+    	ossl_raise(rb_eRuntimeError, "THIS IS NOT A RSA!") ; \
+    } \
+} while (0)
+#define OSSL_PKEY_SET_PRIVATE(obj) rb_iv_set((obj), "private", Qtrue)
+#define OSSL_PKEY_SET_PUBLIC(obj)  rb_iv_set((obj), "private", Qfalse)
+#define OSSL_PKEY_IS_PRIVATE(obj)  (rb_iv_get((obj), "private") == Qtrue)
+#define RSA_HAS_PRIVATE(rsa) ((rsa)->p && (rsa)->q)
+#define GetCipher(obj, ctx) do { \
+    Data_Get_Struct(obj, EVP_CIPHER_CTX, ctx); \
+    if (!ctx) { \
+    	ossl_raise(rb_eRuntimeError, "Cipher not inititalized!"); \
+    } \
+} while (0)
+#define SafeGetCipher(obj, ctx) do { \
+    OSSL_Check_Kind(obj, cCipher); \
+    GetCipher(obj, ctx); \
+} while (0)
+
+VALUE ossl_membio2str0(BIO *bio)
+{
+    VALUE ret;
+    BUF_MEM *buf;
+
+    BIO_get_mem_ptr(bio, &buf);
+    ret = rb_str_new(buf->data, buf->length);
+
+    return ret;
+}
+
+VALUE ossl_protect_membio2str(BIO *bio, int *status)
+{
+    return rb_protect((VALUE(*)_((VALUE)))ossl_membio2str0, (VALUE)bio, status);
+}
+
+VALUE ossl_membio2str(BIO *bio)
+{
+    VALUE ret;
+    int status = 0;
+
+    ret = ossl_protect_membio2str(bio, &status);
+    BIO_free(bio);
+    if(status) rb_jump_tag(status);
+
+    return ret;
+}
+
+const EVP_CIPHER* GetCipherPtr(VALUE obj)
+{
+    EVP_CIPHER_CTX* ctx;
+
+    SafeGetCipher(obj, ctx);
+
+    return EVP_CIPHER_CTX_cipher(ctx);
+}
+
+static VALUE openssl_pkcs8_pem_passwd_cb0(VALUE flag)
+{
+    VALUE pass;
+
+    pass = rb_yield(flag);
+    SafeStringValue(pass);
+
+    return pass;
+}
+
+int openssl_pkcs8_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd)
+{
+  int len, status = 0;
+  VALUE rflag, pass;
+
+  if (pwd || !rb_block_given_p())
+    return PEM_def_callback(buf, max_len, flag, pwd);
+
+  while (1) {
+    /*
+    * when the flag is nonzero, this passphrase
+    * will be used to perform encryption; otherwise it will
+    * be used to perform decryption.
+    */
+    rflag = flag ? Qtrue : Qfalse;
+    pass  = rb_protect(openssl_pkcs8_pem_passwd_cb0, rflag, &status);
+    if (status) return -1; /* exception was raised. */
+    len = (int) RSTRING_LEN(pass);
+    if (len < 4) { /* 4 is OpenSSL hardcoded limit */
+      rb_warning("password must be longer than 4 bytes");
+      continue;
+    }
+    if (len > max_len) {
+      rb_warning("password must be shorter then %d bytes", max_len-1);
+      continue;
+    }
+    memcpy(buf, RSTRING_PTR(pass), len);
+    break;
+  }
+  return len;
+}
+
+static VALUE openssl_rsa_to_pem_pkcs8(int argc, VALUE *argv, VALUE self)
+{
+  EVP_PKEY *pkey;
+  BIO *out;
+  const EVP_CIPHER *ciph = NULL;
+  char *passwd = NULL;
+  VALUE cipher, pass;
+
+  GetPKeyRSA(self, pkey);
+
+  rb_scan_args(argc, argv, "02", &cipher, &pass);
+
+  if (!NIL_P(cipher))
+  {
+    ciph = GetCipherPtr(cipher);
+    if (!NIL_P(pass))
+    {
+      passwd = StringValuePtr(pass);
+    }
+  }
+
+  if (!(out = BIO_new(BIO_s_mem())))
+  {
+    ossl_raise(eRSAError, NULL);
+  }
+
+  if (RSA_HAS_PRIVATE(pkey->pkey.rsa))
+  {
+    if (!PEM_write_bio_PKCS8PrivateKey(
+      out, pkey, ciph,
+      NULL, 0, openssl_pkcs8_pem_passwd_cb, passwd))
+    {
+      BIO_free(out);
+      ossl_raise(eRSAError, NULL);
+    }
+  }
+  else
+  {
+    if (!PEM_write_bio_PUBKEY(out, pkey))
+    {
+      BIO_free(out);
+      ossl_raise(eRSAError, NULL);
+    }
+  }
+
+  return ossl_membio2str(out);
+}
+
+void Init_openssl_pkcs8()
+{
+  mOSSL = rb_const_get(rb_cObject, rb_intern("OpenSSL"));
+  mPKey = rb_const_get(mOSSL, rb_intern("PKey"));
+  cRSA = rb_const_get(mPKey, rb_intern("RSA"));
+  cCipher = rb_const_get(mOSSL, rb_intern("Cipher"));
+
+  eOSSLError = rb_const_get(mOSSL,rb_intern("OpenSSLError"));
+  ePKeyError = rb_const_get(mPKey, rb_intern("PKeyError"));
+  eRSAError = rb_const_get(mPKey, rb_intern("RSAError"));
+  
+  rb_define_method(cRSA, "to_pem_pkcs8", openssl_rsa_to_pem_pkcs8, -1);
+}

data/lib/openssl_pkcs8.rb

@@ -0,0 +1,3 @@
+require 'openssl'
+
+require 'openssl_pkcs8/openssl_pkcs8'

data/openssl_pkcs8.gemspec

@@ -0,0 +1,54 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = "openssl_pkcs8"
+  s.version = "0.1.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Scott Tadman"]
+  s.date = "2012-01-16"
+  s.description = "Adds PKCS8 key format support to OpenSSL::PKey::RSA"
+  s.email = "github@tadman.ca"
+  s.extensions = ["ext/openssl_pkcs8/extconf.rb"]
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.rdoc"
+  ]
+  s.files = [
+    ".document",
+    "Gemfile",
+    "LICENSE.txt",
+    "README.rdoc",
+    "Rakefile",
+    "VERSION",
+    "ext/openssl_pkcs8/extconf.rb",
+    "ext/openssl_pkcs8/openssl_pkcs8.c",
+    "ext/openssl_pkcs8/openssl_pkcs8.o",
+    "lib/openssl_pkcs8.rb",
+    "openssl-pkcs8.o",
+    "openssl_pkcs8.gemspec",
+    "test/helper.rb",
+    "test/test_openssl_pkcs8.rb"
+  ]
+  s.homepage = "http://github.com/twg/openssl_pkcs8"
+  s.licenses = ["MIT"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = "1.8.11"
+  s.summary = "OpenSSL RSA PKCS8 Extension"
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<jeweler>, ["~> 1.6.4"])
+    else
+      s.add_dependency(%q<jeweler>, ["~> 1.6.4"])
+    end
+  else
+    s.add_dependency(%q<jeweler>, ["~> 1.6.4"])
+  end
+end
+

data/test/test_openssl_pkcs8.rb

@@ -0,0 +1,24 @@
+require 'helper'
+
+class TestOpensslPkcs8 < Test::Unit::TestCase
+  def test_rsa_key
+    key = OpenSSL::PKey::RSA.new(1024)
+    
+    assert key.respond_to?(:to_pem_pkcs8), "Extension method not defined"
+    
+    encoded = key.to_pem_pkcs8
+
+    puts key.to_pem
+    puts encoded
+    
+    assert encoded
+
+    encoded_public = key.public_key.to_pem_pkcs8
+    
+    puts key.public_key.to_pem
+    puts encoded_public
+
+    assert encoded_public
+    assert encoded_public.match(/BEGIN PUBLIC KEY/)
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: openssl_pkcs8
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
   prerelease: 
 platform: ruby
 authors:
@@ -13,7 +13,7 @@ date: 2012-01-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jeweler
-  requirement: &2153405400 !ruby/object:Gem::Requirement
+  requirement: &2153224500 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -21,7 +21,7 @@ dependencies:
         version: 1.6.4
   type: :development
   prerelease: false
-  version_requirements: *2153405400
+  version_requirements: *2153224500
 description: Adds PKCS8 key format support to OpenSSL::PKey::RSA
 email: github@tadman.ca
 executables: []
@@ -36,8 +36,15 @@ files:
 - LICENSE.txt
 - README.rdoc
 - Rakefile
-- test/helper.rb
+- VERSION
 - ext/openssl_pkcs8/extconf.rb
+- ext/openssl_pkcs8/openssl_pkcs8.c
+- ext/openssl_pkcs8/openssl_pkcs8.o
+- lib/openssl_pkcs8.rb
+- openssl-pkcs8.o
+- openssl_pkcs8.gemspec
+- test/helper.rb
+- test/test_openssl_pkcs8.rb
 homepage: http://github.com/twg/openssl_pkcs8
 licenses:
 - MIT