RubyGems - pkcs11 - Versions diffs - 0.2.4-x64-mingw32 - Mend

pkcs11 0.2.4-x64-mingw32

Files changed (55) hide show

data.tar.gz.sig +0 -0
data/.autotest +23 -0
data/.gemtest +0 -0
data/.yardopts +1 -0
data/History.txt +57 -0
data/MIT-LICENSE +22 -0
data/Manifest.txt +57 -0
data/README.rdoc +205 -0
data/Rakefile +111 -0
data/ext/extconf.rb +7 -0
data/ext/generate_constants.rb +57 -0
data/ext/generate_structs.rb +206 -0
data/ext/generate_thread_funcs.rb +72 -0
data/ext/include/cryptoki.h +66 -0
data/ext/include/ct-kip.h +50 -0
data/ext/include/otp-pkcs11.h +125 -0
data/ext/include/pkcs-11v2-20a3.h +124 -0
data/ext/include/pkcs11.h +299 -0
data/ext/include/pkcs11f.h +912 -0
data/ext/include/pkcs11t.h +1885 -0
data/ext/pk11.c +1675 -0
data/ext/pk11.h +81 -0
data/ext/pk11_const.c +205 -0
data/ext/pk11_const_def.inc +452 -0
data/ext/pk11_const_macros.h +38 -0
data/ext/pk11_struct.doc +792 -0
data/ext/pk11_struct_def.inc +302 -0
data/ext/pk11_struct_impl.inc +302 -0
data/ext/pk11_struct_macros.h +435 -0
data/ext/pk11_thread_funcs.c +411 -0
data/ext/pk11_thread_funcs.h +482 -0
data/ext/pk11_version.h +6 -0
data/lib/2.0/pkcs11_ext.so +0 -0
data/lib/pkcs11.rb +9 -0
data/lib/pkcs11/extensions.rb +68 -0
data/lib/pkcs11/helper.rb +144 -0
data/lib/pkcs11/library.rb +140 -0
data/lib/pkcs11/object.rb +171 -0
data/lib/pkcs11/session.rb +765 -0
data/lib/pkcs11/slot.rb +102 -0
data/pkcs11_protect_server/Manifest.txt +14 -0
data/pkcs11_protect_server/README_PROTECT_SERVER.rdoc +89 -0
data/test/fixtures/softokn/cert8.db +0 -0
data/test/fixtures/softokn/key3.db +0 -0
data/test/fixtures/softokn/secmod.db +0 -0
data/test/helper.rb +58 -0
data/test/test_pkcs11.rb +71 -0
data/test/test_pkcs11_crypt.rb +220 -0
data/test/test_pkcs11_object.rb +122 -0
data/test/test_pkcs11_session.rb +123 -0
data/test/test_pkcs11_slot.rb +78 -0
data/test/test_pkcs11_structs.rb +166 -0
data/test/test_pkcs11_thread.rb +44 -0
metadata +213 -0
metadata.gz.sig +0 -0

@@ -0,0 +1,122 @@
+require "test/unit"
+require "pkcs11"
+require "test/helper"
+class TestPkcs11Object < Test::Unit::TestCase
+  include PKCS11
+  attr_reader :slots
+  attr_reader :slot
+  attr_reader :session
+  attr_reader :object
+  def setup
+    $pkcs11 ||= open_softokn
+    @slots = pk.active_slots
+    @slot = slots.last
+    flags = CKF_SERIAL_SESSION #| CKF_RW_SESSION
+    @session = slot.C_OpenSession(flags)
+#     @session.login(:USER, "")
+    # Create session object for tests.
+    @object = session.create_object(
+      :CLASS=>CKO_DATA,
+      :TOKEN=>false,
+      :APPLICATION=>'My Application',
+      :VALUE=>'value')
+  end
+  def teardown
+#     @session.logout
+    @session.close
+  end
+  def pk
+    $pkcs11
+  end
+  def test_attributes
+    assert_equal 1, object.attributes(:VALUE).length, 'There should be one resulting attribute'
+    assert_equal CK_ATTRIBUTE, object.attributes(:VALUE).first.class, 'Resulting attribute should be type CK_ATTRIBUTE'
+    assert_equal CKO_DATA, object.attributes(:CLASS).first.value, 'Resulting attribute should be Integer value CKO_DATA'
+    assert_equal 3, object.attributes(:VALUE, :TOKEN, :PRIVATE).length, 'An object should have some attributes'
+    assert_equal 3, object.attributes([:VALUE, :TOKEN, :APPLICATION]).length, 'Another way to retieve attributes'
+    assert_equal 2, object.attributes(:VALUE=>nil, :TOKEN=>nil).length, 'Third way to retieve attributes'
+    # The C language way to retrieve the attribute values:
+    template = [
+      CK_ATTRIBUTE.new(CKA_VALUE, nil),
+    ]
+    attrs = pk.C_GetAttributeValue(session, object, template)
+    attrs.each do |attr|
+      assert attr.value, 'There should be a value to the object'
+    end
+    assert object.attributes.length>=4, 'There should be at least the 4 stored attributes readable'
+    assert_not_nil object.attributes.find{|a| a.type==CKA_CLASS}, 'CKA_CLASS should be returned for Object#attributes'
+  end
+  def test_accessor
+    assert_equal 'value', object[:VALUE], "Value should be readable"
+    assert_equal CKO_DATA, object[:CLASS], "Class should be readable"
+    assert_equal ['value', CKO_DATA], object[:VALUE, :CLASS], "multiple values should be readable"
+    assert_equal ['value', CKO_DATA], object[[:VALUE, :CLASS]], "multiple values should be readable"
+    assert_equal [], object[[]], "multiple values should be readable"
+  end
+  def test_attribute
+    attr = object.attributes(:CLASS).first
+    assert attr.inspect =~ /CLASS/, 'The attribute should tell about it\'s type'
+    assert attr.inspect =~ /#{CKO_DATA}/, 'The attribute should tell about it\'s type'
+  end
+  def test_set_attribute
+    object[:VALUE] = 'value2'
+    assert_equal 'value2', object[:VALUE], "Value should have changed"
+    object[:VALUE] = ['value3']
+    assert_equal 'value3', object[:VALUE], "Value should have changed"
+  end
+  def test_set_attributes
+    object.attributes = {:VALUE => 'value4', PKCS11::CKA_APPLICATION => 'app4'}
+    assert_equal 'value4', object[:VALUE], "Value should have changed"
+    assert_equal 'app4', object[:APPLICATION], "App should have changed"
+    object[:VALUE, PKCS11::CKA_APPLICATION] = 'value5', 'app5'
+    assert_equal 'value5', object[:VALUE], "Value should have changed"
+    assert_equal 'app5', object[:APPLICATION], "App should have changed"
+    assert_raise(ArgumentError) do
+      object[:VALUE, PKCS11::CKA_APPLICATION, :CLASS] = 'value5', 'app5'
+    end
+    assert_nothing_raised{ object[] = [] }
+  end
+  def test_size
+    assert object.size, 'There should be an object size'
+  end
+  def test_copy_without_params
+    new_obj = object.copy
+    new_obj[:APPLICATION] = 'Copied object'
+    assert_equal 'Copied object', new_obj[:APPLICATION], "Application should be changed"
+    assert_equal 'My Application', object[:APPLICATION], "Original object should be unchanged"
+  end
+  def test_copy_with_params
+    new_obj = object.copy :APPLICATION=>'Copied object'
+    assert_equal 'value', new_obj[:VALUE], "Value should be copied"
+    assert_equal 'Copied object', new_obj[:APPLICATION], "Application should be changed"
+    assert_equal 'My Application', object[:APPLICATION], "Original object should be unchanged"
+  end
+  def test_destroy
+    object.destroy
+    assert_raise(CKR_OBJECT_HANDLE_INVALID, 'destroyed object shouldn\'t have any attributes') do
+      object[:VALUE]
+    end
+  end
+end

data/test/test_pkcs11_session.rb ADDED

@@ -0,0 +1,123 @@
+require "test/unit"
+require "pkcs11"
+require "test/helper"
+require "openssl"
+class TestPkcs11Session < Test::Unit::TestCase
+  include PKCS11
+  attr_reader :slots
+  attr_reader :slot
+  attr_reader :session
+  TestCert_ID = "\230Z\275=\2614\236\337\fY\017Y\346\202\212\v\025\335\0239"
+  def setup
+    $pkcs11 ||= open_softokn
+    @slots = pk.active_slots
+    @slot = slots.last
+    flags = CKF_SERIAL_SESSION #| CKF_RW_SESSION
+    @session = slot.C_OpenSession(flags)
+#     @session.login(:USER, "")
+  end
+  def teardown
+#     @session.logout
+    @session.close
+  end
+  def pk
+    $pkcs11
+  end
+  def test_find_objects
+    obj = session.find_objects(:CLASS => CKO_CERTIFICATE)
+    assert obj.length>2, 'There should be some certificates in the test database'
+    assert_equal PKCS11::Object, obj.first.class, 'Retuned objects should be class Object'
+    session.find_objects(:CLASS => CKO_CERTIFICATE) do |obj2|
+      assert obj2[:SUBJECT], 'A certificate should have a subject'
+      assert OpenSSL::X509::Name.new(obj2[:SUBJECT]).to_s =~ /\/CN=/i, 'Every certificate should have a CN in the subject'
+    end
+  end
+  def test_random
+    session.seed_random('some entropy')
+    rnd1 = session.generate_random(13)
+    assert_equal rnd1.length, 13, 'expected length'
+    rnd2 = session.generate_random(13)
+    assert_equal rnd2.length, 13, 'expected length'
+    assert_not_equal rnd1, rnd2, 'Two random blocks should be different'
+  end
+  def test_session_info
+    info = session.info
+    assert info.inspect =~ /flags=/, 'Session info should have a flag attribute'
+  end
+  def test_create_data_object
+    obj = session.create_object(
+      :CLASS=>CKO_DATA,
+      :TOKEN=>false,
+      :APPLICATION=>'My Application',
+      :VALUE=>'value')
+  end
+  def test_create_certificate_object
+    obj1 = session.find_objects(:CLASS => CKO_CERTIFICATE, :ID=>TestCert_ID).first
+    obj = session.create_object(
+      :CLASS=>CKO_CERTIFICATE,
+      :SUBJECT=>obj1[:SUBJECT],
+      :TOKEN=>false,
+      :LABEL=>'test_create_object',
+      :CERTIFICATE_TYPE=>CKC_X_509,
+      :ISSUER=>obj1[:ISSUER],
+      :VALUE=>obj1[:VALUE],
+      :SERIAL_NUMBER=>'12345'
+    )
+    assert_equal '12345', obj[:SERIAL_NUMBER], 'Value as created'
+  end
+  def test_create_public_key_object
+    rsa = OpenSSL::PKey::RSA.generate(512)
+    obj = session.create_object(
+      :CLASS=>CKO_PUBLIC_KEY,
+      :KEY_TYPE=>CKK_RSA,
+      :TOKEN=>false,
+      :MODULUS=>rsa.n.to_s(2),
+      :PUBLIC_EXPONENT=>rsa.e.to_s(2),
+      :LABEL=>'test_create_public_key_object')
+    assert_equal 'test_create_public_key_object', obj[:LABEL], 'Value as created'
+  end
+  def test_get_set_operation_state
+    plaintext = "secret text"
+    # Start a digest operation
+    session.C_DigestInit(:SHA_1)
+    session.C_DigestUpdate(plaintext[0..3])
+    # Save the current state and close the session
+    state = session.get_operation_state
+    @session.close
+    assert state.length >= 4, 'There should be at least some bytes for the first part of plaintext in the state'
+    # Open a new session and restore the previous state
+    @session = @slot.open
+    session.login(:USER, "")
+    session.set_operation_state(state)
+    # Finish the digest
+    session.C_DigestUpdate(plaintext[4..-1])
+    digest1 = session.C_DigestFinal
+    digest2 = OpenSSL::Digest::SHA1.new(plaintext).digest
+    assert_equal digest2, digest1, 'Digests should be equal'
+  end
+end

data/test/test_pkcs11_slot.rb ADDED

@@ -0,0 +1,78 @@
+require "test/unit"
+require "pkcs11"
+require "test/helper"
+class TestPkcs11Slot < Test::Unit::TestCase
+  include PKCS11
+  attr_reader :slots
+  attr_reader :slot
+  def setup
+    $pkcs11 ||= open_softokn
+    @slots = pk.active_slots
+    @slot = slots.last
+  end
+  def teardown
+  end
+  def pk
+    $pkcs11
+  end
+  def test_info
+    sinfo = slot.info
+    assert sinfo.inspect =~ /manufacturerID=/, 'Slot info should tell about manufacturerID'
+    assert_equal Fixnum, sinfo.flags.class
+    assert sinfo.manufacturerID =~ /Mozilla/i, "It's the mozilla libaray we test against"
+    assert sinfo.slotDescription =~ /Private Key/i, "It's the slot with users private keys"
+    assert_equal Fixnum, sinfo.hardwareVersion.major.class, "Version should be a number"
+    assert_equal Fixnum, sinfo.hardwareVersion.minor.class, "Version should be a number"
+    assert_equal Fixnum, sinfo.firmwareVersion.major.class, "Version should be a number"
+    assert_equal Fixnum, sinfo.firmwareVersion.minor.class, "Version should be a number"
+  end
+  def test_token_info
+    ti = slot.token_info
+    assert ti.inspect =~ /serialNumber=/, 'Token info should contain a serialNumber'
+  end
+  def test_mechanisms
+    assert_equal false, slot.mechanisms.empty?, 'There should be some mechanisms'
+    slot.mechanisms.each do |m|
+      info = slot.mechanism_info(m)
+      assert_equal CK_MECHANISM_INFO, info.class, 'Mechanism info should get a CK_MECHANISM_INFO'
+      assert info.inspect =~ /ulMaxKeySize=/, 'Mechanism info should tell about max key size'
+    end
+  end
+  def test_mechanism_info
+    info1 = slot.mechanism_info(:DES3_CBC)
+    assert_equal CK_MECHANISM_INFO, info1.class, 'Mechanism info should get a CK_MECHANISM_INFO'
+    assert info1.inspect =~ /ulMinKeySize=/, 'Mechanism info should tell about min key size'
+    info2 = slot.mechanism_info(CKM_DES3_CBC)
+    assert_equal info1.to_hash, info2.to_hash, 'Mechanism infos should be equal'
+  end
+  def test_session
+    flags = CKF_SERIAL_SESSION #| CKF_RW_SESSION
+    session = slot.open(flags){|_session|
+      assert _session.info.inspect =~ /state=/, 'Session info should tell about it\'s state'
+    }
+    session = slot.open(flags)
+    assert session.info.inspect =~ /flags=/, 'Session info should tell about it\'s flags'
+    session.close
+  end
+  def test_session2
+    flags = CKF_SERIAL_SESSION #| CKF_RW_SESSION
+    session = slot.open(flags)
+    slot.close_all_sessions
+  end
+end

data/test/test_pkcs11_structs.rb ADDED

@@ -0,0 +1,166 @@
+require "test/unit"
+require "pkcs11"
+require "test/helper"
+class TestPkcs11Structs < Test::Unit::TestCase
+  include PKCS11
+  def setup
+  end
+  def teardown
+  end
+  def test_STRING_ACCESSOR
+    s = CK_DATE.new
+    assert_equal "\0\0", s.day
+    assert_equal "\0\0\0\0", s.year
+    s.day = "12345"
+    assert_equal "12", s.day
+    s.day = "9"
+    assert_equal "9\0", s.day
+    assert_raise(TypeError){ s.day = nil }
+  end
+  def test_ULONG_ACCESSOR
+    s = CK_SSL3_KEY_MAT_PARAMS.new
+    assert_equal 0, s.ulIVSizeInBits
+    s.ulIVSizeInBits = 1234567890
+    assert_equal 1234567890, s.ulIVSizeInBits
+    s.ulIVSizeInBits = 2345678901
+    assert_equal 2345678901, s.ulIVSizeInBits
+    assert_raise(TypeError){ s.ulIVSizeInBits = nil }
+  end
+  def test_BOOL_ACCESSOR
+    s = CK_SSL3_KEY_MAT_PARAMS.new
+    assert_equal false, s.bIsExport
+    s.bIsExport = true
+    assert_equal true, s.bIsExport
+    s.bIsExport = false
+    assert_equal false, s.bIsExport
+    assert_raise(ArgumentError){ s.bIsExport = nil }
+  end
+  def test_STRING_PTR_ACCESSOR
+    s = CK_WTLS_MASTER_KEY_DERIVE_PARAMS.new
+    assert_nil s.pVersion
+    s.pVersion = "1.2.3"
+    assert_equal "1.2.3", s.pVersion
+    s.pVersion = nil
+    assert_nil s.pVersion
+  end
+  def test_STRUCT_ACCESSOR
+    s = CK_SSL3_KEY_MAT_PARAMS.new
+    ri = s.RandomInfo
+    ro = s.RandomInfo
+    assert_nil ri.pClientRandom
+    assert_nil ro.pServerRandom
+    GC.start
+    ri.pServerRandom = 'serv'
+    ro.pClientRandom = 'client'
+    GC.start
+    assert_equal 'client', ri.pClientRandom
+    assert_equal 'serv', ro.pServerRandom
+    ro = CK_SSL3_RANDOM_DATA.new
+    ro.pClientRandom = 'clrnd'
+    s.RandomInfo = ro
+    assert_equal 'clrnd', ri.pClientRandom
+    assert_nil ri.pServerRandom
+    assert_raise(ArgumentError){ s.RandomInfo = nil }
+  end
+  def test_gc_STRUCT_ACCESSOR
+    ri = CK_SSL3_KEY_MAT_PARAMS.new.RandomInfo
+    ro = CK_SSL3_KEY_MAT_PARAMS.new.RandomInfo
+    ri.pServerRandom = 'serv'
+    ro.pServerRandom = '_serv'
+    GC.start
+    assert_equal '_serv', ro.pServerRandom
+    assert_equal 'serv', ri.pServerRandom
+    assert_nil ro.pClientRandom
+    assert_nil ri.pClientRandom
+  end
+  def test_STRING_PTR_LEN_ACCESSOR
+    s = CK_SSL3_RANDOM_DATA.new
+    assert_nil s.pServerRandom
+    GC.start
+    s.pServerRandom = 'serv'
+    s.pClientRandom = 'client'
+    GC.start
+    assert_equal 'client', s.pClientRandom
+    assert_equal 'serv', s.pServerRandom
+    GC.start
+    s.pServerRandom = nil
+    assert_nil s.pServerRandom
+  end
+  def test_STRUCT_PTR_ACCESSOR
+    s = CK_SSL3_KEY_MAT_PARAMS.new
+    assert_nil s.pReturnedKeyMaterial
+    ri = s.pReturnedKeyMaterial = CK_SSL3_KEY_MAT_OUT.new
+    assert_nil ri.pIVClient
+    ri.pIVClient = 'cli'
+    GC.start
+    assert_equal 'cli', ri.pIVClient
+    assert_equal 'cli', s.pReturnedKeyMaterial.pIVClient
+    s.pReturnedKeyMaterial = nil
+    assert_nil s.pReturnedKeyMaterial
+  end
+  def test_ULONG_PTR_ACCESSOR
+    s = CK_WTLS_PRF_PARAMS.new
+    assert_nil s.pulOutputLen
+    s.pulOutputLen = 123
+    GC.start
+    assert_equal 123, s.pulOutputLen
+    s.pulOutputLen = nil
+    assert_nil s.pulOutputLen
+  end
+  def test_STRUCT_ARRAY_ACCESSOR
+    s = CK_OTP_PARAMS.new
+    assert_equal [], s.pParams
+    s1 = CK_OTP_PARAM.new
+    s1.type = CK_OTP_VALUE
+    s1.pValue = "\0xyz"
+    s2 = CK_OTP_PARAM.new
+    s2.type = CK_OTP_PIN
+    s2.pValue = "1234"
+    s.pParams = [s1, s2]
+    assert_equal [s1.to_hash, s2.to_hash], s.pParams.map{|e| e.to_hash }
+    GC.start
+    assert_raise(ArgumentError){ s.pParams = [s1, s2, nil] }
+    assert_equal [s1.to_hash, s2.to_hash], s.pParams.map{|e| e.to_hash }
+    s.pParams = []
+    assert_equal [], s.pParams
+  end
+  def test_CStruct
+    s = CK_DATE.new
+    s.day, s.month, s.year = "31", "12", "2010"
+    assert s.inspect =~ /year="2010"/, 'There should be a year in CK_DATE'
+    assert_equal ["year", "month", "day"], s.members, 'CK_DATE should contain some attributes'
+    assert_equal ["2010", "12", "31"], s.values, 'values of CK_DATE'
+    assert_equal( {:day=>"31", :month=>"12", :year=>"2010"}, s.to_hash, 'CK_DATE as hash' )
+  end
+  def test_bignum_attribute
+    bignum = [-1].pack("l_").unpack("L_")[0]
+    attr = CK_ATTRIBUTE.new(CKA_KEY_TYPE, bignum)
+    assert_equal bignum, attr.value, "The bignum value should set"
+  end
+  def test_bignum_mechanism
+    bignum = [-1].pack("l_").unpack("L_")[0]
+    mech = CK_MECHANISM.new(bignum-1, bignum)
+    assert_equal bignum-1, mech.mechanism, "The bignum mechanism should set"
+    assert_equal [-1].pack("l_"), mech.pParameter, "The bignum parameter is retrieved as String"
+  end
+end