pkcs11 0.2.1-x86-mingw32 → 0.2.2-x86-mingw32

data/ext/pk11_struct_impl.inc

@@ -274,10 +274,10 @@ PKCS11_IMPLEMENT_STRING_PTR_LEN_ACCESSOR(CK_OTP_PARAM, pValue, ulValueLen);
 PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_OTP_PARAM, type);
 
 PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_OTP_PARAMS);
-PKCS11_IMPLEMENT_STRUCT_PTR_ARRAY_ACCESSOR(CK_OTP_PARAMS, CK_OTP_PARAM, pParams, ulCount);
+PKCS11_IMPLEMENT_PKCS11_STRUCT_PTR_ARRAY_ACCESSOR(CK_OTP_PARAMS, CK_OTP_PARAM, pParams, ulCount);
 
 PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_OTP_SIGNATURE_INFO);
-PKCS11_IMPLEMENT_STRUCT_PTR_ARRAY_ACCESSOR(CK_OTP_SIGNATURE_INFO, CK_OTP_PARAM, pParams, ulCount);
+PKCS11_IMPLEMENT_PKCS11_STRUCT_PTR_ARRAY_ACCESSOR(CK_OTP_SIGNATURE_INFO, CK_OTP_PARAM, pParams, ulCount);
 
 PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_KIP_PARAMS);
 PKCS11_IMPLEMENT_STRING_PTR_LEN_ACCESSOR(CK_KIP_PARAMS, pSeed, ulSeedLen);

data/ext/pk11_struct_macros.h

@@ -79,13 +79,14 @@ get_ulong_ptr(VALUE obj, off_t offset)
 static VALUE
 set_ulong_ptr(VALUE obj, VALUE value, const char *name, off_t offset)
 {
+  VALUE new_obj;
   CK_ULONG_PTR *ptr = (CK_ULONG_PTR *)((char*)DATA_PTR(obj) + offset);
   if (NIL_P(value)){
     rb_iv_set(obj, name, value);
     *ptr = NULL_PTR;
     return value;
   }
-  VALUE new_obj = Data_Make_Struct(rb_cInteger, CK_ULONG, 0, free, *ptr);
+  new_obj = Data_Make_Struct(rb_cInteger, CK_ULONG, 0, free, *ptr);
   rb_iv_set(obj, name, new_obj);
   **ptr = NUM2ULONG(value);
   return value;
@@ -236,9 +237,10 @@ get_struct_ptr_array(VALUE obj, VALUE klass, off_t offset, off_t offset_len, int
   unsigned long l = *(unsigned long*)(ptr+offset_len);
   VALUE ary = rb_ary_new();
   for (i = 0; i < l; i++){
+    VALUE new_obj;
     void *mem = xmalloc(sizeofstruct);
     memcpy(mem, p + sizeofstruct * i, sizeofstruct);
-    VALUE new_obj = Data_Wrap_Struct(klass, 0, -1, mem);
+    new_obj = Data_Wrap_Struct(klass, 0, -1, mem);
     rb_ary_push(ary, new_obj);
   }
   return ary;
@@ -396,6 +398,16 @@ static VALUE c##s##_set_##f(VALUE o, VALUE v){ \
   return set_struct_ptr_array(o, c##k, #k, v, #f, OFFSET_OF(s, f), OFFSET_OF(s, l), sizeof(k)); \
 }
 
+#define PKCS11_IMPLEMENT_PKCS11_STRUCT_PTR_ARRAY_ACCESSOR(s, k, f, l) \
+static VALUE c##s##_get_##f(VALUE o){ \
+  VALUE klass = rb_const_get(rb_const_get(rb_cObject, rb_intern("PKCS11")), rb_intern(#k)); \
+  return get_struct_ptr_array(o, klass, OFFSET_OF(s, f), OFFSET_OF(s, l), sizeof(k)); \
+} \
+static VALUE c##s##_set_##f(VALUE o, VALUE v){ \
+  VALUE klass = rb_const_get(rb_const_get(rb_cObject, rb_intern("PKCS11")), rb_intern(#k)); \
+  return set_struct_ptr_array(o, klass, #k, v, #f, OFFSET_OF(s, f), OFFSET_OF(s, l), sizeof(k)); \
+}
+
 
 /**************************************************/
 /* struct/attribute definition                    */

data/ext/pk11_version.h

@@ -0,0 +1,6 @@
+#ifndef RUBY_PK11_VERSION_H
+#define RUBY_PK11_VERSION_H
+
+static const char *VERSION = "0.2.2";
+
+#endif

data/lib/pkcs11/helper.rb

@@ -89,13 +89,13 @@ module PKCS11
     def to_attributes(template)
       case template
         when Array
-          template.map{|v| PKCS11::CK_ATTRIBUTE.new(string_to_handle('CKA_', v), nil) }
+          template.map{|v| @pk.vendor_class_CK_ATTRIBUTE.new(string_to_handle('CKA_', v), nil) }
         when Hash
-          template.map{|k,v| PKCS11::CK_ATTRIBUTE.new(string_to_handle('CKA_', k), v) }
+          template.map{|k,v| @pk.vendor_class_CK_ATTRIBUTE.new(string_to_handle('CKA_', k), v) }
         when String, Symbol
-          [PKCS11::CK_ATTRIBUTE.new(string_to_handle('CKA_', template), nil)]
+          [@pk.vendor_class_CK_ATTRIBUTE.new(string_to_handle('CKA_', template), nil)]
         when Integer
-          [PKCS11::CK_ATTRIBUTE.new(template, nil)]
+          [@pk.vendor_class_CK_ATTRIBUTE.new(template, nil)]
         else
           template
       end
@@ -104,7 +104,7 @@ module PKCS11
     def string_to_handle(prefix, attribute) # :nodoc:
       case attribute
         when String, Symbol
-          PKCS11.const_get("#{prefix}#{attribute}")
+          @pk.vendor_const_get("#{prefix}#{attribute}")
         else
           attribute
       end
@@ -121,8 +121,8 @@ module PKCS11
           param = mechanism.values.first
           case param
           when Hash
-            param_class = MechanismParameters[mech]
-            raise ArgumentError, "unknown mechanism - please use mechanism parameter as String" unless param_class
+            param_class = @pk.vendor_mechanism_parameter_struct(mech)
+            raise ArgumentError, "unknown mechanism - please use String/Int/Struct as mechanism parameter" unless param_class
 
             pa = param_class.new
             param.each do |k, v|

data/lib/pkcs11/library.rb

@@ -54,14 +54,14 @@ module PKCS11
     alias info C_GetInfo
 
     alias unwrapped_C_GetSlotList C_GetSlotList
-    
+
     # Obtain an array of Slot objects in the system.
     #
     # @param [true, false] tokenPresent  indicates whether the list
     #    obtained includes only those slots with a token present (true), or
     #    all slots (false);
     # @return [Array<Slot>]
-    def C_GetSlotList(tokenPresent=true)
+    def C_GetSlotList(tokenPresent=false)
       slots = unwrapped_C_GetSlotList(tokenPresent)
       slots.map{|slot|
         Slot.new self, slot
@@ -74,7 +74,7 @@ module PKCS11
     def active_slots
       slots(true)
     end
-    
+
     # Obtain an array of Slot objects in the system regardless if a token is present.
     # @return [Array<Slot>]
     def all_slots
@@ -86,7 +86,31 @@ module PKCS11
       self.C_Finalize
       self.unload_library
     end
-    
+
+    # Return the value of a named constant. Used for CKA_* and CKM_* .
+    # This method could be overloaded for vendor specific extensions.
+    #
+    # @param [String] name Name of the constant
+    # @return [Integer] Value of the constant
+    def vendor_const_get(name)
+      PKCS11.const_get(name)
+    end
+
+    # Return an array of all known CKA_* attributes as String.
+    # This method could be overloaded for vendor specific extensions.
+    def vendor_all_attribute_names
+      return ATTRIBUTES.values
+    end
+
+    # Return the parameter struct of a given mechanism.
+    # This method could be overloaded for vendor specific extensions.
+    #
+    # @param [Integer] mech Mechanism
+    # @return [PKCS11::CStruct] appropriate class as parameter for the mechanism
+    def vendor_mechanism_parameter_struct(mech)
+      Helper::MechanismParameters[mech]
+    end
+
     private :unwrapped_initialize
     private :unwrapped_C_GetSlotList
     private :unwrapped_C_GetInfo

data/lib/pkcs11/object.rb

@@ -26,13 +26,15 @@ module PKCS11
       "#<#{self.class} #{@obj.inspect}>"
     end
 
-    # Get the value of one attribute of the object.
+    # Get the value of one or several attributes of the object.
     #
-    # @param [String, Symbol, Integer] attribute can be String or Symbol of the attribute constant
-    #             or the attribute number as Integer.
+    # @param [String, Symbol, Integer, Array] attribute can be String or Symbol
+    #             of the attribute(s) constant or the attribute(s) number as Integer.
     #
-    # @return [String, Integer, Boolean, nil] the attribute value as String, Integer or true/false
-    #   depending on the attribute type.
+    # @return [String, Integer, Boolean, Array, nil] the attribute value as String,
+    #   Integer or true/false depending on the attribute type.
+    #   If called with more than one parameter or with an Array, a Array
+    #   of attribute values is returned.
     # Unknown attributes (out of PKCS#11 v2.2) are not converted to adequate
     # ruby objects but returned as String.
     # That is true/false will be returned as "\\001" respectively "\\000".
@@ -40,18 +42,23 @@ module PKCS11
     # @example
     #     object[:VALUE] # => "\000\000\000\000\000\000\000\000"
     #     object[:MODULUS_BITS] # => 768
+    #     object[:MODULUS_BITS, :LABEL] # => [1024, "MyKey"]
     #
     # See PKCS#11 for attribute definitions.
-    def [](attribute)
-      attrs = C_GetAttributeValue( [attribute] )
-      attrs.first.value unless attrs.empty?
+    def [](*attributes)
+      attrs = C_GetAttributeValue( attributes.flatten )
+      if attrs.length>1 || attributes.first.kind_of?(Array)
+        attrs.map(&:value)
+      else
+        attrs.first.value unless attrs.empty?
+      end
     end
 
-    # Modifies the value of one attribute the object.
+    # Modifies the value of one or several attributes of the object.
     #
-    # @param [String, Symbol, Integer] attribute can be String or Symbol of the attribute constant
+    # @param [String, Symbol, Integer] attribute  can be String or Symbol of the attribute constant
     #             or the attribute value as Integer.
-    # @param [String, Integer, Boolean, nil] value value the attribute will be set to.
+    # @param [String, Integer, Boolean, Array, nil] value  value(s) the attribute(s) will be set to.
     #
     # Following value conversations are done from Ruby to C:
     #   true   -> 0x01
@@ -62,12 +69,16 @@ module PKCS11
     # @example
     #     object[:VALUE] = "\000\000\000\000\000\000\000\000"
     #     object[:MODULUS_BITS] = 768
+    #     object[:MODULUS_BITS, :LABEL] = 1024, 'MyKey'
     #
     # See PKCS#11 for attribute definitions.
     # @return value
-    def []=(attribute, value)
-      C_SetAttributeValue( attribute => value )
-      value
+    def []=(*attributes)
+      values = attributes.pop
+      values = [values] unless values.kind_of?(Array)
+      raise ArgumentError, "different number of attributes to set (#{attributes.length}) and given values (#{values.length})" unless attributes.length == values.length
+      map = values.each.with_index.inject({}){|s, v| s[attributes[v[1]]] = v[0]; s }
+      C_SetAttributeValue( map )
     end
 
     # Modifies the value of one or more attributes of the object in a single call.
@@ -80,7 +91,7 @@ module PKCS11
       template
     end
     alias attributes= C_SetAttributeValue
-    
+
     # Obtains the value of one or more attributes of the object in a single call.
     #
     # @param [Array<String, Symbol, Integer>, Hash, String, Integer] attribute attribute names
@@ -98,9 +109,9 @@ module PKCS11
     def C_GetAttributeValue(*template)
       case template.length
         when 0
-          return PKCS11::ATTRIBUTES.values.map{|attr|
+          return @pk.vendor_all_attribute_names.map{|attr|
             begin
-              attributes(PKCS11.const_get(attr))
+              attributes(@pk.vendor_const_get(attr))
             rescue PKCS11::Error
             end
           }.flatten.compact
@@ -148,7 +159,7 @@ module PKCS11
       self
     end
     alias destroy C_DestroyObject
-    
+
     # Gets the size of an object in bytes.
     # @return [Integer]
     def C_GetObjectSize()

data/pkcs11_protect_server/Manifest.txt

@@ -0,0 +1,14 @@
+.gemtest
+.yardopts
+Manifest.txt
+README_PROTECT_SERVER.rdoc
+Rakefile
+ext/extconf.rb
+ext/generate_constants.rb
+ext/generate_structs.rb
+ext/pk11s.c
+lib/pkcs11_protect_server.rb
+lib/pkcs11_protect_server/extensions.rb
+test/helper.rb
+test/test_pkcs11_protect_server.rb
+test/test_pkcs11_protect_server_crypt.rb

data/test/helper.rb

@@ -1,11 +1,11 @@
-require "openssl"
+require "pkcs11"
 
 def find_softokn
   if RUBY_PLATFORM =~ /mswin|mingw/
     lLIBSOFTOKEN3_SO = "softokn3.dll"
 
     # Try to find the firefox path.
-    unless ENV['SOFTOKN_PATH']
+    unless so_path = ENV['SOFTOKN_PATH']
       require 'win32/registry'
       begin
         firefox_path = Win32::Registry::HKEY_LOCAL_MACHINE.open('SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe'){|reg|
@@ -21,15 +21,22 @@ def find_softokn
   else
     lLIBSOFTOKEN3_SO = "libsoftokn3.so"
     lLIBNSS_PATHS = %w(
-      /usr/lib64 /usr/lib/ /usr/lib64/nss /usr/lib/nss
+      /usr/lib64
+      /usr/lib
+      /usr/lib64/nss
+      /usr/lib/nss
+      /usr/lib/i386-linux-gnu/nss
+      /usr/lib/x86_64-linux-gnu/nss
     )
     unless so_path = ENV['SOFTOKN_PATH']
       paths = lLIBNSS_PATHS.collect{|path| File.join(path, lLIBSOFTOKEN3_SO) }
-      so_path = paths.find{|path| File.exist?(path) }
+      so_path = paths.find do |path|
+        File.exist?(path) && open_softokn(path).close rescue false
+      end
     end
   end
 
-  raise "#{lLIBSOFTOKEN3_SO} not found - please install firefox or set ENV['SOFTOKN_PATH']" unless so_path
+  raise "#{lLIBSOFTOKEN3_SO} not found - please install firefox or libnss3 or set ENV['SOFTOKN_PATH']" unless so_path
   so_path
 end
 
@@ -42,9 +49,10 @@ def softokn_params
   ]
 end
 
-def open_softokn
-  so_path = find_softokn
-  nNSS_INIT_ARGS = softokn_params
+def softokn_params_string
+  softokn_params.join(" ")
+end
 
-  PKCS11.open(so_path, :flags=>0, :pReserved=>nNSS_INIT_ARGS.join(" "))
+def open_softokn(so_path=nil)
+  PKCS11.open(so_path || find_softokn, :flags=>0, :pReserved=>softokn_params_string)
 end

data/test/test_pkcs11.rb

@@ -16,7 +16,7 @@ class TestPkcs11 < Test::Unit::TestCase
   def pk
     @pk
   end
-  
+
   def test_info
     info = pk.info
     assert info.inspect =~ /cryptokiVersion=/, 'There should be a version in the library info'
@@ -34,14 +34,14 @@ class TestPkcs11 < Test::Unit::TestCase
 
     @pk = PKCS11.open
     pk.load_library(find_softokn)
-    
+
     pk.C_GetFunctionList
-    
+
     pargs = PKCS11::CK_C_INITIALIZE_ARGS.new
     pargs.flags = 0
     pargs.pReserved = softokn_params.join(" ")
     pk.C_Initialize(pargs)
-    
+
     pk.info
   end
 end

data/test/test_pkcs11_object.rb

@@ -1,7 +1,6 @@
 require "test/unit"
 require "pkcs11"
 require "test/helper"
-require "openssl"
 
 class TestPkcs11Object < Test::Unit::TestCase
   include PKCS11
@@ -15,11 +14,11 @@ class TestPkcs11Object < Test::Unit::TestCase
     $pkcs11 ||= open_softokn
     @slots = pk.active_slots
     @slot = slots.last
-    
+
     flags = CKF_SERIAL_SESSION #| CKF_RW_SESSION
     @session = slot.C_OpenSession(flags)
 #     @session.login(:USER, "")
-    
+
     # Create session object for tests.
     @object = session.create_object(
       :CLASS=>CKO_DATA,
@@ -55,11 +54,15 @@ class TestPkcs11Object < Test::Unit::TestCase
     end
 
     assert object.attributes.length>=4, 'There should be at least the 4 stored attributes readable'
+    assert_not_nil object.attributes.find{|a| a.type==CKA_CLASS}, 'CKA_CLASS should be returned for Object#attributes'
   end
 
   def test_accessor
     assert_equal 'value', object[:VALUE], "Value should be readable"
     assert_equal CKO_DATA, object[:CLASS], "Class should be readable"
+    assert_equal ['value', CKO_DATA], object[:VALUE, :CLASS], "multiple values should be readable"
+    assert_equal ['value', CKO_DATA], object[[:VALUE, :CLASS]], "multiple values should be readable"
+    assert_equal [], object[[]], "multiple values should be readable"
   end
 
   def test_attribute
@@ -71,19 +74,30 @@ class TestPkcs11Object < Test::Unit::TestCase
   def test_set_attribute
     object[:VALUE] = 'value2'
     assert_equal 'value2', object[:VALUE], "Value should have changed"
+
+    object[:VALUE] = ['value3']
+    assert_equal 'value3', object[:VALUE], "Value should have changed"
   end
 
   def test_set_attributes
-    object.attributes = {:VALUE => 'value2', PKCS11::CKA_APPLICATION => 'app2'}
+    object.attributes = {:VALUE => 'value4', PKCS11::CKA_APPLICATION => 'app4'}
+    assert_equal 'value4', object[:VALUE], "Value should have changed"
+    assert_equal 'app4', object[:APPLICATION], "App should have changed"
+
+    object[:VALUE, PKCS11::CKA_APPLICATION] = 'value5', 'app5'
+    assert_equal 'value5', object[:VALUE], "Value should have changed"
+    assert_equal 'app5', object[:APPLICATION], "App should have changed"
+    assert_raise(ArgumentError) do
+      object[:VALUE, PKCS11::CKA_APPLICATION, :CLASS] = 'value5', 'app5'
+    end
 
-    assert_equal 'value2', object[:VALUE], "Value should have changed"
-    assert_equal 'app2', object[:APPLICATION], "App should have changed"
+    assert_nothing_raised{ object[] = [] }
   end
 
   def test_size
     assert object.size, 'There should be an object size'
   end
-  
+
   def test_copy_without_params
     new_obj = object.copy
     new_obj[:APPLICATION] = 'Copied object'
@@ -97,7 +111,7 @@ class TestPkcs11Object < Test::Unit::TestCase
     assert_equal 'Copied object', new_obj[:APPLICATION], "Application should be changed"
     assert_equal 'My Application', object[:APPLICATION], "Original object should be unchanged"
   end
-  
+
   def test_destroy
     object.destroy
 

data/test/test_pkcs11_thread.rb

@@ -1,7 +1,6 @@
 require "test/unit"
 require "pkcs11"
 require "test/helper"
-require "openssl"
 
 class TestPkcs11Thread < Test::Unit::TestCase
   include PKCS11