openssl_rsa_pss_verify 0.0.1

data/.gitignore

@@ -0,0 +1,5 @@
+/pkg
+/tmp
+*.bundle
+*.o
+*.dSYM

data/.rspec

@@ -0,0 +1,2 @@
+--debug
+--format Fuuber

data/.ruby-gemset

@@ -0,0 +1 @@
+openssl_rsa_pss_verify

data/.ruby-version

@@ -0,0 +1 @@
+ruby-1.9.3-p448

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in bamfcsv.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,35 @@
+PATH
+  remote: .
+  specs:
+    openssl_rsa_pss_verify (0.0.1)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    diff-lcs (1.2.4)
+    fuubar (1.1.1)
+      rspec (~> 2.0)
+      rspec-instafail (~> 0.2.0)
+      ruby-progressbar (~> 1.0)
+    rake (10.1.0)
+    rake-compiler (0.8.3)
+      rake
+    rspec (2.14.1)
+      rspec-core (~> 2.14.0)
+      rspec-expectations (~> 2.14.0)
+      rspec-mocks (~> 2.14.0)
+    rspec-core (2.14.4)
+    rspec-expectations (2.14.0)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-instafail (0.2.4)
+    rspec-mocks (2.14.2)
+    ruby-progressbar (1.1.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  fuubar (~> 1.1.1)
+  openssl_rsa_pss_verify!
+  rake-compiler (~> 0.8.3)
+  rspec (~> 2.14.1)

data/README

@@ -0,0 +1 @@
+Support PSS signatures in RSA verification

data/Rakefile

@@ -0,0 +1,4 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks
+
+Dir['tasks/*.rake'].sort.each { |f| load f }

data/ext/openssl_rsa_pss_verify/extconf.rb

@@ -0,0 +1,15 @@
+require 'mkmf'
+
+openssl_path = File.expand_path("../../../vendor/openssl", __FILE__)
+
+if RUBY_PLATFORM =~ /linux/
+  $LDFLAGS << "-L#{openssl_path}/lib"
+  $LDFLAGS << "-lcrypto"
+  $CFLAGS << "-I#{openssl_path}/include"
+end
+
+if have_const("RSA_PKCS1_PSS_PADDING", "openssl/rsa.h")
+  create_makefile('openssl_rsa_pss_verify')
+else
+  fail "libcyrpto not found or too old!"
+end

data/ext/openssl_rsa_pss_verify/openssl_rsa_pss_verify_ext.c

@@ -0,0 +1,56 @@
+#include <ruby.h>
+
+#include <stdio.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include <openssl/opensslv.h>
+
+static VALUE rb_mOpenSSL;
+static VALUE rb_mPKey;
+static VALUE rb_cRSA;
+static VALUE rb_cRSAError;
+
+VALUE openssl_rsa_pss_verify__verify_pss_sha1(VALUE self, VALUE vSig, VALUE vHashData, VALUE vSaltLen) {
+  EVP_PKEY * pkey;
+  EVP_PKEY_CTX * pkey_ctx;
+  int verify_rval;
+
+  StringValue(vSig);
+  StringValue(vHashData);
+
+  Data_Get_Struct(self, EVP_PKEY, pkey);
+  pkey_ctx = EVP_PKEY_CTX_new(pkey, ENGINE_get_default_RSA());
+
+  EVP_PKEY_verify_init(pkey_ctx);
+  EVP_PKEY_CTX_set_signature_md(pkey_ctx, EVP_sha1());
+  EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING);
+  EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, NUM2INT(vSaltLen));
+
+  verify_rval = EVP_PKEY_verify(pkey_ctx, 
+                                (unsigned char*)RSTRING_PTR(vSig), RSTRING_LEN(vSig), 
+                                (unsigned char*)RSTRING_PTR(vHashData), RSTRING_LEN(vHashData));
+
+  EVP_PKEY_CTX_free(pkey_ctx);
+
+  switch (verify_rval) {
+    case 1:
+    return Qtrue;
+    case 0:
+    return Qfalse;
+    default:
+    rb_raise(rb_cRSAError, NULL);
+  }
+  return Qnil; //dummy
+}
+
+
+void Init_openssl_rsa_pss_verify() {
+  fprintf(stderr, "VERSION: %s\n", SSLeay_version(SSLEAY_VERSION));
+  rb_mOpenSSL = rb_const_get_at(rb_cObject, rb_intern("OpenSSL"));
+  rb_mPKey = rb_const_get_at(rb_mOpenSSL, rb_intern("PKey"));
+  rb_cRSA = rb_const_get_at(rb_mPKey, rb_intern("RSA"));
+  rb_cRSAError = rb_const_get_at(rb_mPKey, rb_intern("RSAError"));
+
+  rb_define_method(rb_cRSA, "verify_pss_sha1", openssl_rsa_pss_verify__verify_pss_sha1, 3);
+}

data/lib/openssl_rsa_pss_verify/version.rb

@@ -0,0 +1,3 @@
+module OpenSSL_RSA_PSS_Verify
+  VERSION = "0.0.1"
+end

data/lib/openssl_rsa_pss_verify.rb

@@ -0,0 +1,2 @@
+require 'openssl'
+require "openssl_rsa_pss_verify/openssl_rsa_pss_verify"

data/openssl_rsa_pss_verify.gemspec

@@ -0,0 +1,26 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "openssl_rsa_pss_verify/version"
+
+Gem::Specification.new do |s|
+  s.name        = "openssl_rsa_pss_verify"
+  s.version     = OpenSSL_RSA_PSS_Verify::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.authors     = ["Jon Distad"]
+  s.email       = ["jon.distad@gmail.com"]
+  s.homepage    = "https://github.com/jondistad/openssl_rsa_pss_verify"
+  s.summary     = %q{Adds support for verifying RSA signatures using the Probabilistic Signature Scheme (PSS)}
+  s.description = %q{Adds support for verifying RSA signatures using the Probabilistic Signature Scheme (PSS)}
+
+  s.rubyforge_project = "openssl_rsa_pss_verify"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib", "ext"]
+  s.extensions = %w{ext/openssl_rsa_pss_verify/extconf.rb}
+
+  s.add_development_dependency "rspec", "~> 2.14.1"
+  s.add_development_dependency "fuubar", "~> 1.1.1"
+  s.add_development_dependency 'rake-compiler', "~> 0.8.3"
+end

data/tasks/compile.rake

@@ -0,0 +1,12 @@
+require "rake/extensiontask"
+load File.expand_path("../rspec.rake", __FILE__)
+
+def gemspec
+  @clean_gemspec ||= eval(File.read(File.expand_path('../../openssl_rsa_pss_verify.gemspec', __FILE__)))
+end
+
+Rake::ExtensionTask.new("openssl_rsa_pss_verify", gemspec) do |ext|
+  ext.lib_dir = File.join 'lib', 'openssl_rsa_pss_verify'
+  CLEAN.include "#{ext.lib_dir}/*.#{RbConfig::CONFIG['DLEXT']}"
+end
+Rake::Task[:spec].prerequisites << :compile

data/tasks/rspec.rake

@@ -0,0 +1,12 @@
+begin
+  require 'rspec'
+  require 'rspec/core/rake_task'
+
+  RSpec::Core::RakeTask.new('spec') do |t|
+    t.verbose = true
+  end
+
+  task :default => :spec
+rescue LoadError
+  puts "rspec, or one of its dependencies, is not available. Install it with: sudo gem install rspec"
+end

data/vendor/openssl/include/openssl/aes.h

@@ -0,0 +1,147 @@
+/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef HEADER_AES_H
+#define HEADER_AES_H
+
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_NO_AES
+#error AES is disabled.
+#endif
+
+#include <stddef.h>
+
+#define AES_ENCRYPT	1
+#define AES_DECRYPT	0
+
+/* Because array size can't be a const in C, the following two are macros.
+   Both sizes are in bytes. */
+#define AES_MAXNR 14
+#define AES_BLOCK_SIZE 16
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* This should be a hidden type, but EVP requires that the size be known */
+struct aes_key_st {
+#ifdef AES_LONG
+    unsigned long rd_key[4 *(AES_MAXNR + 1)];
+#else
+    unsigned int rd_key[4 *(AES_MAXNR + 1)];
+#endif
+    int rounds;
+};
+typedef struct aes_key_st AES_KEY;
+
+const char *AES_options(void);
+
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+	AES_KEY *key);
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+	AES_KEY *key);
+
+int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+	AES_KEY *key);
+int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+	AES_KEY *key);
+
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+	const AES_KEY *key);
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+	const AES_KEY *key);
+
+void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
+	const AES_KEY *key, const int enc);
+void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+	size_t length, const AES_KEY *key,
+	unsigned char *ivec, const int enc);
+void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+	size_t length, const AES_KEY *key,
+	unsigned char *ivec, int *num, const int enc);
+void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+	size_t length, const AES_KEY *key,
+	unsigned char *ivec, int *num, const int enc);
+void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+	size_t length, const AES_KEY *key,
+	unsigned char *ivec, int *num, const int enc);
+void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+	size_t length, const AES_KEY *key,
+	unsigned char *ivec, int *num);
+void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+	size_t length, const AES_KEY *key,
+	unsigned char ivec[AES_BLOCK_SIZE],
+	unsigned char ecount_buf[AES_BLOCK_SIZE],
+	unsigned int *num);
+/* NB: the IV is _two_ blocks long */
+void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
+		     size_t length, const AES_KEY *key,
+		     unsigned char *ivec, const int enc);
+/* NB: the IV is _four_ blocks long */
+void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
+			size_t length, const AES_KEY *key,
+			const AES_KEY *key2, const unsigned char *ivec,
+			const int enc);
+
+int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+		unsigned char *out,
+		const unsigned char *in, unsigned int inlen);
+int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+		unsigned char *out,
+		const unsigned char *in, unsigned int inlen);
+
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* !HEADER_AES_H */