pkcs11 0.1.0-x86-mswin32 → 0.2.0-x86-mswin32

data/lib/pkcs11/slot.rb

@@ -1,71 +1,90 @@
+require 'pkcs11/helper'
+
 module PKCS11
   # Each slot corresponds to a physical reader or other device interface.
   # It may contain a token.
   class Slot
+    include Helper
+
+    # @private
     def initialize(pkcs11, slot) # :nodoc:
       @pk, @slot = pkcs11, slot
     end
 
     # The slot handle.
+    # @return [Integer]
     def to_int
       @slot
     end
     alias to_i to_int
 
+    # @private
     def inspect # :nodoc:
       "#<#{self.class} #{@slot.inspect}>"
     end
 
     # Obtains information about a particular slot in the system.
+    # @return [PKCS11::CK_SLOT_INFO]
     def C_GetSlotInfo
       @pk.C_GetSlotInfo(@slot)
     end
     alias info C_GetSlotInfo
     
     # Obtains information about a particular token in the system.
+    # @return [PKCS11::CK_TOKEN_INFO]
     def C_GetTokenInfo
       @pk.C_GetTokenInfo(@slot)
     end
     alias token_info C_GetTokenInfo
     
     # Waits for a slot event, such as token insertion or token removal, to
-    # occur. flags determines whether or not the C_WaitForSlotEvent call blocks (i.e., waits
-    # for a slot event to occur);
+    # occur.
+    # @param flags determines whether or not the C_WaitForSlotEvent call blocks (i.e., waits
+    #   for a slot event to occur);
     def C_WaitForSlotEvent(flags)
       @pk.C_WaitForSlotEvent(@slot, flags)
     end
     alias wait_for_event C_WaitForSlotEvent
 
     # C_GetMechanismList is used to obtain a list of mechanism types supported by a token.
+    # @return [Array<PKCS11::CKM_*>]
     def C_GetMechanismList
-      @pk.C_GetMechanismList(@slot).map{|mech|
-        Mechanism.new MECHANISMS, mech
-      }
+      @pk.C_GetMechanismList(@slot)
     end
     alias mechanisms C_GetMechanismList
 
     # Obtains information about a particular mechanism possibly
     # supported by a token.
+    #
+    # @param [Integer, Symbol] mechanism
+    # @return [CK_MECHANISM_INFO]
     def C_GetMechanismInfo(mechanism)
-      @pk.C_GetMechanismInfo(@slot, Session.hash_to_mechanism(mechanism))
+      @pk.C_GetMechanismInfo(@slot, to_mechanism_int(mechanism))
     end
     alias mechanism_info C_GetMechanismInfo
 
-    # Initializes a token. pin is the SO’s initial PIN; label is the label of the token (max 32-byte). This standard allows PIN
+    # Initializes a token.
+    # @param [String] pin is the SO's initial PIN
+    # @param [String] label is the label of the token (max 32-byte).
+    #
+    # The standard allows PIN
     # values to contain any valid UTF8 character, but the token may impose subset restrictions.
+    # @return [PKCS11::Slot]
     def C_InitToken(pin, label)
       @pk.C_InitToken(@slot, pin, label.ljust(32, " "))
+      self
     end
     alias init_token C_InitToken
     
     # Opens a Session between an application and a token in a particular slot.
     #
-    # flags:: indicates the type of session. Default is read-only,
+    # @param [Integer] flags  indicates the type of session. Default is read-only,
     #         use <tt>CKF_SERIAL_SESSION | CKF_RW_SESSION</tt> for read-write session.
     #
     # * If called with block, yields the block with the session and closes the session
-    # when the is finished.
+    #   when the is finished.
     # * If called without block, returns the session object.
+    # @return [PKCS11::Session]
     def C_OpenSession(flags=CKF_SERIAL_SESSION)
       nr = @pk.C_OpenSession(@slot, flags)
       sess = Session.new @pk, nr
@@ -82,8 +101,10 @@ module PKCS11
     alias open C_OpenSession
     
     # Closes all sessions an application has with a token.
+    # @return [PKCS11::Slot]
     def C_CloseAllSessions
       @pk.C_CloseAllSessions(@slot)
+      self
     end
     alias close_all_sessions C_CloseAllSessions
   end

data/test/helper.rb

@@ -1,10 +1,9 @@
 require "openssl"
 
-def open_softokn
-  
-  if RUBY_PLATFORM =~ /win32/
+def find_softokn
+  if RUBY_PLATFORM =~ /mswin|mingw/
     lLIBSOFTOKEN3_SO = "softokn3.dll"
-    
+
     # Try to find the firefox path.
     unless ENV['SOFTOKN_PATH']
       require 'win32/registry'
@@ -31,13 +30,21 @@ def open_softokn
   end
 
   raise "#{lLIBSOFTOKEN3_SO} not found - please install firefox or set ENV['SOFTOKN_PATH']" unless so_path
+  so_path
+end
 
+def softokn_params
   dir = File.join(File.dirname(__FILE__), 'fixtures/softokn')
-  nNSS_INIT_ARGS = [
+  [
   "configDir='#{dir}'",
   "secmod='secmod.db'",
   "flags='readWrite'",
   ]
+end
+
+def open_softokn
+  so_path = find_softokn
+  nNSS_INIT_ARGS = softokn_params
 
-  pk11 = PKCS11.open(so_path, :flags=>0, :pReserved=>nNSS_INIT_ARGS.join(" "))
+  PKCS11.open(so_path, :flags=>0, :pReserved=>nNSS_INIT_ARGS.join(" "))
 end

data/test/test_pkcs11.rb

@@ -29,8 +29,19 @@ class TestPkcs11 < Test::Unit::TestCase
 
   def test_close
     pk.close
+    pk.unload_library
     assert_raise(PKCS11::Error){ pk.info }
-    pk.close
-    assert_raise(PKCS11::Error){ pk.active_slots }
+
+    @pk = PKCS11.open
+    pk.load_library(find_softokn)
+    
+    pk.C_GetFunctionList
+    
+    pargs = PKCS11::CK_C_INITIALIZE_ARGS.new
+    pargs.flags = 0
+    pargs.pReserved = softokn_params.join(" ")
+    pk.C_Initialize(pargs)
+    
+    pk.info
   end
 end

data/test/test_pkcs11_crypt.rb

@@ -18,7 +18,7 @@ class TestPkcs11Crypt < Test::Unit::TestCase
     @slots = pk.active_slots
     @slot = slots.last
     @session = slot.open
-    session.login(:USER, "")
+#     session.login(:USER, "")
     
     @rsa_pub_key = session.find_objects(:CLASS => CKO_PUBLIC_KEY,
                         :KEY_TYPE => CKK_RSA).first
@@ -34,7 +34,7 @@ class TestPkcs11Crypt < Test::Unit::TestCase
 
   def teardown
     @secret_key.destroy
-    @session.logout
+#     @session.logout
     @session.close
   end
 
@@ -66,7 +66,7 @@ class TestPkcs11Crypt < Test::Unit::TestCase
     valid = session.verify( :SHA1_RSA_PKCS, rsa_pub_key, signature, plaintext)
     assert  valid, 'The signature should be correct'
     
-    assert_raise(PKCS11::Error, 'The signature should be invalid on different text') do
+    assert_raise(CKR_SIGNATURE_INVALID, 'The signature should be invalid on different text') do
       session.verify( :SHA1_RSA_PKCS, rsa_pub_key, signature, "modified text")
     end
   end
@@ -132,6 +132,15 @@ class TestPkcs11Crypt < Test::Unit::TestCase
     key = session.generate_key(:DES2_KEY_GEN,
       {:ENCRYPT=>true, :WRAP=>true, :DECRYPT=>true, :UNWRAP=>true, :TOKEN=>false, :LOCAL=>true})
     assert_equal true, key[:LOCAL], 'Keys created on the token should be marked as local'
+    assert_equal CKK_DES2, key[:KEY_TYPE], 'Should be a 2 key 3des key'
+		
+		# other ways to use mechanisms
+    key = session.generate_key(CKM_DES2_KEY_GEN,
+      {:ENCRYPT=>true, :WRAP=>true, :DECRYPT=>true, :UNWRAP=>true, :TOKEN=>false, :LOCAL=>true})
+    assert_equal CKK_DES2, key[:KEY_TYPE], 'Should be a 2 key 3des key'
+    key = session.generate_key(CK_MECHANISM.new(CKM_DES2_KEY_GEN, nil),
+      {:ENCRYPT=>true, :WRAP=>true, :DECRYPT=>true, :UNWRAP=>true, :TOKEN=>false, :LOCAL=>true})
+    assert_equal CKK_DES2, key[:KEY_TYPE], 'Should be a 2 key 3des key'
   end
 
   def test_generate_key_pair
@@ -164,4 +173,30 @@ class TestPkcs11Crypt < Test::Unit::TestCase
 
     assert_equal new_key1[0,16], new_key2[:VALUE], 'Exchanged session key should be equal'
   end
+
+  def test_derive_key2
+    deriv_data = "\0"*16
+    new_key1 = session.derive_key( {CKM_XOR_BASE_AND_DATA => {:pData => deriv_data}}, secret_key,
+      :CLASS=>CKO_SECRET_KEY, :KEY_TYPE=>CKK_AES, :VALUE_LEN=>16, :ENCRYPT=>true, :DECRYPT=>true, :SENSITIVE=>false )
+
+    assert_equal secret_key[:VALUE], new_key1[:VALUE], 'Derived key should have equal key value'
+  end
+
+  def test_ssl3
+    pm_key = session.generate_key({:SSL3_PRE_MASTER_KEY_GEN => {:major=>3, :minor=>0}},
+        {:TOKEN=>false})
+    assert_equal 48, pm_key[:VALUE_LEN], "SSL3 pre master key should be 48 bytes long"
+
+    dp = CK_SSL3_MASTER_KEY_DERIVE_PARAMS.new
+    dp.RandomInfo.pServerRandom = 'srandom ' * 4
+    dp.RandomInfo.pClientRandom = 'crandom ' * 4
+    dp.pVersion = CK_VERSION.new
+    dp.pVersion.major = 3
+    dp.pVersion.minor = 1
+    ms_key = session.derive_key( {CKM_SSL3_MASTER_KEY_DERIVE => dp}, pm_key )
+
+    assert_equal 48, ms_key[:VALUE_LEN], "SSL3 master secret key should be 48 bytes long"
+    assert_equal 0, dp.pVersion.minor, 'SSL3 version number should have changed'
+  end
+
 end

data/test/test_pkcs11_object.rb

@@ -18,7 +18,7 @@ class TestPkcs11Object < Test::Unit::TestCase
     
     flags = CKF_SERIAL_SESSION #| CKF_RW_SESSION
     @session = slot.C_OpenSession(flags)
-    @session.login(:USER, "")
+#     @session.login(:USER, "")
     
     # Create session object for tests.
     @object = session.create_object(
@@ -29,7 +29,7 @@ class TestPkcs11Object < Test::Unit::TestCase
   end
 
   def teardown
-    @session.logout
+#     @session.logout
     @session.close
   end
 
@@ -84,10 +84,24 @@ class TestPkcs11Object < Test::Unit::TestCase
     assert object.size, 'There should be an object size'
   end
   
+  def test_copy_without_params
+    new_obj = object.copy
+    new_obj[:APPLICATION] = 'Copied object'
+    assert_equal 'Copied object', new_obj[:APPLICATION], "Application should be changed"
+    assert_equal 'My Application', object[:APPLICATION], "Original object should be unchanged"
+  end
+
+  def test_copy_with_params
+    new_obj = object.copy :APPLICATION=>'Copied object'
+    assert_equal 'value', new_obj[:VALUE], "Value should be copied"
+    assert_equal 'Copied object', new_obj[:APPLICATION], "Application should be changed"
+    assert_equal 'My Application', object[:APPLICATION], "Original object should be unchanged"
+  end
+  
   def test_destroy
     object.destroy
-    
-    assert_raise(PKCS11::Error, 'destroyed object shouldn\'t have any attributes') do
+
+    assert_raise(CKR_OBJECT_HANDLE_INVALID, 'destroyed object shouldn\'t have any attributes') do
       object[:VALUE]
     end
   end

data/test/test_pkcs11_session.rb

@@ -19,11 +19,11 @@ class TestPkcs11Session < Test::Unit::TestCase
     
     flags = CKF_SERIAL_SESSION #| CKF_RW_SESSION
     @session = slot.C_OpenSession(flags)
-    @session.login(:USER, "")
+#     @session.login(:USER, "")
   end
 
   def teardown
-    @session.logout
+#     @session.logout
     @session.close
   end
 
@@ -94,4 +94,30 @@ class TestPkcs11Session < Test::Unit::TestCase
     
     assert_equal 'test_create_public_key_object', obj[:LABEL], 'Value as created'
   end
+
+  def test_get_set_operation_state
+    plaintext = "secret text"
+
+    # Start a digest operation
+    session.C_DigestInit(:SHA_1)
+    session.C_DigestUpdate(plaintext[0..3])
+
+    # Save the current state and close the session
+    state = session.get_operation_state
+    @session.close
+
+    assert state.length >= 4, 'There should be at least some bytes for the first part of plaintext in the state'
+
+    # Open a new session and restore the previous state
+    @session = @slot.open
+    session.login(:USER, "")
+    session.set_operation_state(state)
+
+    # Finish the digest
+    session.C_DigestUpdate(plaintext[4..-1])
+    digest1 = session.C_DigestFinal
+    digest2 = OpenSSL::Digest::SHA1.new(plaintext).digest
+
+    assert_equal digest2, digest1, 'Digests should be equal'
+  end
 end

data/test/test_pkcs11_slot.rb

@@ -23,13 +23,16 @@ class TestPkcs11Slot < Test::Unit::TestCase
 
   def test_info
     sinfo = slot.info
-    
+
     assert sinfo.inspect =~ /manufacturerID=/, 'Slot info should tell about manufacturerID'
-    
-    [
-      sinfo.slotDescription, sinfo.manufacturerID, sinfo.flags,
-      sinfo.hardwareVersion, sinfo.firmwareVersion
-    ]
+
+    assert_equal Fixnum, sinfo.flags.class
+    assert sinfo.manufacturerID =~ /Mozilla/i, "It's the mozilla libaray we test against"
+    assert sinfo.slotDescription =~ /Private Key/i, "It's the slot with users private keys"
+    assert_equal Fixnum, sinfo.hardwareVersion.major.class, "Version should be a number"
+    assert_equal Fixnum, sinfo.hardwareVersion.minor.class, "Version should be a number"
+    assert_equal Fixnum, sinfo.firmwareVersion.major.class, "Version should be a number"
+    assert_equal Fixnum, sinfo.firmwareVersion.minor.class, "Version should be a number"
   end
 
   def test_token_info

data/test/test_pkcs11_structs.rb

@@ -0,0 +1,134 @@
+require "test/unit"
+require "pkcs11"
+require "test/helper"
+
+class TestPkcs11Structs < Test::Unit::TestCase
+  include PKCS11
+  
+  def setup
+  end
+
+  def teardown
+  end
+
+  def test_STRING_ACCESSOR
+    s = CK_DATE.new
+    assert_equal "\0\0", s.day
+    assert_equal "\0\0\0\0", s.year
+    s.day = "12345"
+    assert_equal "12", s.day
+    s.day = "9"
+    assert_equal "9\0", s.day
+    assert_raise(TypeError){ s.day = nil }
+  end
+
+  def test_ULONG_ACCESSOR
+    s = CK_SSL3_KEY_MAT_PARAMS.new
+    assert_equal 0, s.ulIVSizeInBits
+    s.ulIVSizeInBits = 1234567890
+    assert_equal 1234567890, s.ulIVSizeInBits
+    s.ulIVSizeInBits = 2345678901
+    assert_equal 2345678901, s.ulIVSizeInBits
+    assert_raise(TypeError){ s.ulIVSizeInBits = nil }
+  end
+
+  def test_BOOL_ACCESSOR
+    s = CK_SSL3_KEY_MAT_PARAMS.new
+    assert_equal false, s.bIsExport
+    s.bIsExport = true
+    assert_equal true, s.bIsExport
+    s.bIsExport = false
+    assert_equal false, s.bIsExport
+    assert_raise(ArgumentError){ s.bIsExport = nil }
+  end
+
+  def test_STRING_PTR_ACCESSOR
+    s = CK_WTLS_MASTER_KEY_DERIVE_PARAMS.new
+    assert_nil s.pVersion
+    s.pVersion = "1.2.3"
+    assert_equal "1.2.3", s.pVersion
+    s.pVersion = nil
+    assert_nil s.pVersion
+  end
+
+  def test_STRUCT_ACCESSOR
+    s = CK_SSL3_KEY_MAT_PARAMS.new
+    ri = s.RandomInfo
+    ro = s.RandomInfo
+    assert_nil ri.pClientRandom
+    assert_nil ro.pServerRandom
+    GC.start
+    ri.pServerRandom = 'serv'
+    ro.pClientRandom = 'client'
+    GC.start
+    assert_equal 'client', ri.pClientRandom
+    assert_equal 'serv', ro.pServerRandom
+
+    ro = CK_SSL3_RANDOM_DATA.new
+    ro.pClientRandom = 'clrnd'
+    s.RandomInfo = ro
+    assert_equal 'clrnd', ri.pClientRandom
+    assert_nil ri.pServerRandom
+
+    assert_raise(ArgumentError){ s.RandomInfo = nil }
+  end
+
+  def test_gc_STRUCT_ACCESSOR
+    ri = CK_SSL3_KEY_MAT_PARAMS.new.RandomInfo
+    ro = CK_SSL3_KEY_MAT_PARAMS.new.RandomInfo
+    ri.pServerRandom = 'serv'
+    ro.pServerRandom = '_serv'
+    GC.start
+    assert_equal '_serv', ro.pServerRandom
+    assert_equal 'serv', ri.pServerRandom
+    assert_nil ro.pClientRandom
+    assert_nil ri.pClientRandom
+  end
+
+  def test_STRING_PTR_LEN_ACCESSOR
+    s = CK_SSL3_RANDOM_DATA.new
+    assert_nil s.pServerRandom
+    GC.start
+    s.pServerRandom = 'serv'
+    s.pClientRandom = 'client'
+    GC.start
+    assert_equal 'client', s.pClientRandom
+    assert_equal 'serv', s.pServerRandom
+    GC.start
+    s.pServerRandom = nil
+    assert_nil s.pServerRandom
+  end
+  
+  def test_STRUCT_PTR_ACCESSOR
+    s = CK_SSL3_KEY_MAT_PARAMS.new
+    assert_nil s.pReturnedKeyMaterial
+    ri = s.pReturnedKeyMaterial = CK_SSL3_KEY_MAT_OUT.new
+    assert_nil ri.pIVClient
+    ri.pIVClient = 'cli'
+    GC.start
+    assert_equal 'cli', ri.pIVClient
+    assert_equal 'cli', s.pReturnedKeyMaterial.pIVClient
+    s.pReturnedKeyMaterial = nil
+    assert_nil s.pReturnedKeyMaterial
+  end
+
+  def test_ULONG_PTR_ACCESSOR
+    s = CK_WTLS_PRF_PARAMS.new
+    assert_nil s.pulOutputLen
+    s.pulOutputLen = 123
+    GC.start
+    assert_equal 123, s.pulOutputLen
+    s.pulOutputLen = nil
+    assert_nil s.pulOutputLen
+  end
+
+  def test_CStruct
+    s = CK_DATE.new
+    s.day, s.month, s.year = "31", "12", "2010"
+
+    assert s.inspect =~ /year="2010"/, 'There should be a year in CK_DATE'
+    assert_equal ["day", "month", "year"], s.members, 'CK_DATE should contain some attributes'
+    assert_equal ["31", "12", "2010"], s.values, 'values of CK_DATE'
+    assert_equal( {:day=>"31", :month=>"12", :year=>"2010"}, s.to_hash, 'CK_DATE as hash' )
+  end
+end