pkcs11 0.2.6 → 0.3.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.appveyor.yml +44 -0
- data/.gitignore +25 -0
- data/.travis.yml +5 -4
- data/Gemfile +4 -4
- data/History.txt +32 -0
- data/README.rdoc +11 -14
- data/Rakefile +11 -6
- data/ext/extconf.rb +0 -2
- data/ext/generate_constants.rb +2 -2
- data/ext/generate_structs.rb +21 -10
- data/ext/generate_thread_funcs.rb +0 -6
- data/ext/pk11.c +18 -23
- data/ext/pk11.h +2 -17
- data/ext/pk11_const.c +9 -8
- data/ext/pk11_const_macros.h +2 -1
- data/ext/pk11_struct.doc +90 -90
- data/ext/pk11_struct_impl.inc +90 -90
- data/ext/pk11_struct_macros.h +14 -13
- data/ext/pk11_thread_funcs.c +0 -2
- data/ext/pk11_thread_funcs.h +0 -2
- data/ext/pk11_version.h +1 -1
- data/lib/pkcs11/helper.rb +1 -3
- data/lib/pkcs11/library.rb +4 -0
- data/lib/pkcs11/object.rb +2 -2
- data/lib/pkcs11/session.rb +13 -13
- data/pkcs11_luna/Manifest.txt +11 -11
- data/pkcs11_luna/README_LUNA.rdoc +3 -3
- data/pkcs11_protect_server/Manifest.txt +2 -2
- data/pkcs11_protect_server/README_PROTECT_SERVER.rdoc +3 -3
- data/test/helper.rb +1 -1
- data/test/test_pkcs11.rb +1 -1
- data/test/test_pkcs11_crypt.rb +36 -30
- data/test/test_pkcs11_object.rb +14 -11
- data/test/test_pkcs11_session.rb +22 -22
- data/test/test_pkcs11_slot.rb +8 -8
- data/test/test_pkcs11_structs.rb +35 -9
- data/test/test_pkcs11_thread.rb +2 -2
- metadata +44 -16
- metadata.gz.sig +3 -0
- data/appveyor.yml +0 -38
data/ext/pk11_thread_funcs.c
CHANGED
@@ -1,5 +1,4 @@
|
|
1
1
|
#include "pk11_thread_funcs.h"
|
2
|
-
#ifdef HAVE_RB_THREAD_CALL_WITHOUT_GVL
|
3
2
|
void * tbf_C_Initialize( void *data ){
|
4
3
|
struct tbr_C_Initialize_params *p = (struct tbr_C_Initialize_params*)data;
|
5
4
|
p->retval = p->func( p->params.pInitArgs );
|
@@ -408,4 +407,3 @@
|
|
408
407
|
return NULL;
|
409
408
|
}
|
410
409
|
|
411
|
-
#endif
|
data/ext/pk11_thread_funcs.h
CHANGED
@@ -1,7 +1,6 @@
|
|
1
1
|
#ifndef EXT_PK11_THREAD_FUNCS_H
|
2
2
|
#define EXT_PK11_THREAD_FUNCS_H
|
3
3
|
#include "pk11.h"
|
4
|
-
#ifdef HAVE_RB_THREAD_CALL_WITHOUT_GVL
|
5
4
|
struct tbr_C_Initialize_params {
|
6
5
|
CK_C_Initialize func;
|
7
6
|
struct { CK_VOID_PTR pInitArgs; } params;
|
@@ -479,4 +478,3 @@
|
|
479
478
|
void * tbf_C_WaitForSlotEvent( void *data );
|
480
479
|
|
481
480
|
#endif
|
482
|
-
#endif
|
data/ext/pk11_version.h
CHANGED
data/lib/pkcs11/helper.rb
CHANGED
data/lib/pkcs11/library.rb
CHANGED
@@ -34,6 +34,10 @@ module PKCS11
|
|
34
34
|
# pkcs11.load_library(so_path)
|
35
35
|
# pkcs11.C_GetFunctionList
|
36
36
|
# pkcs11.C_Initialize(args)
|
37
|
+
#
|
38
|
+
# Note: When using RubyInstaller-2.4+ on Windows it might be required to add the path of dependent DLLs to the DLL search path.
|
39
|
+
# This can be done by the +RUBY_DLL_PATH+ environment variable.
|
40
|
+
# See https://github.com/oneclick/rubyinstaller2/wiki/For-gem-developers#user-content-dll-loading
|
37
41
|
def initialize(so_path=nil, args={})
|
38
42
|
unwrapped_initialize(so_path, args)
|
39
43
|
end
|
data/lib/pkcs11/object.rb
CHANGED
@@ -64,7 +64,7 @@ module PKCS11
|
|
64
64
|
# true -> 0x01
|
65
65
|
# false -> 0x00
|
66
66
|
# nil -> NULL pointer
|
67
|
-
#
|
67
|
+
# Integer-> binary encoded unsigned long
|
68
68
|
#
|
69
69
|
# @example
|
70
70
|
# object[:VALUE] = "\000\000\000\000\000\000\000\000"
|
@@ -84,7 +84,7 @@ module PKCS11
|
|
84
84
|
# Modifies the value of one or more attributes of the object in a single call.
|
85
85
|
#
|
86
86
|
# @example
|
87
|
-
# object.attributes = {:
|
87
|
+
# object.attributes = {SUBJECT: cert_subject, PKCS11::CKA_VALUE => cert_data}
|
88
88
|
# @return template
|
89
89
|
def C_SetAttributeValue(template={})
|
90
90
|
@pk.C_SetAttributeValue(@sess, @obj, to_attributes(template))
|
data/lib/pkcs11/session.rb
CHANGED
@@ -109,7 +109,7 @@ module PKCS11
|
|
109
109
|
# @return [Array<PKCS11::Object>]
|
110
110
|
#
|
111
111
|
# @example prints subject of all certificates stored in the token:
|
112
|
-
# session.find_objects(:
|
112
|
+
# session.find_objects(CLASS: PKCS11::CKO_CERTIFICATE) do |obj|
|
113
113
|
# p OpenSSL::X509::Name.new(obj[:SUBJECT])
|
114
114
|
# end
|
115
115
|
def find_objects(template={})
|
@@ -146,9 +146,9 @@ module PKCS11
|
|
146
146
|
# @return [PKCS11::Object] the newly created object
|
147
147
|
# @example Creating a 112 bit DES key from plaintext
|
148
148
|
# secret_key = session.create_object(
|
149
|
-
# :
|
150
|
-
# :
|
151
|
-
# :
|
149
|
+
# CLASS: PKCS11::CKO_SECRET_KEY, KEY_TYPE: PKCS11::CKK_DES2,
|
150
|
+
# ENCRYPT: true, WRAP: true, DECRYPT: true, UNWRAP: true,
|
151
|
+
# VALUE: '0123456789abcdef', LABEL: 'test_secret_key')
|
152
152
|
def C_CreateObject(template={})
|
153
153
|
handle = @pk.C_CreateObject(@sess, to_attributes(template))
|
154
154
|
Object.new @pk, @sess, handle
|
@@ -302,12 +302,12 @@ module PKCS11
|
|
302
302
|
#
|
303
303
|
# @example for using single part operation
|
304
304
|
# iv = "12345678"
|
305
|
-
# cryptogram = session.encrypt( {:
|
305
|
+
# cryptogram = session.encrypt( {DES_CBC_PAD: iv}, key, "block 1block 2" )
|
306
306
|
#
|
307
307
|
# @example for using multi part operation
|
308
308
|
# iv = "12345678"
|
309
309
|
# cryptogram = ''
|
310
|
-
# cryptogram << session.encrypt( {:
|
310
|
+
# cryptogram << session.encrypt( {DES_CBC_PAD: iv}, key ) do |cipher|
|
311
311
|
# cryptogram << cipher.update("block 1")
|
312
312
|
# cryptogram << cipher.update("block 2")
|
313
313
|
# end
|
@@ -649,7 +649,7 @@ module PKCS11
|
|
649
649
|
# @return [PKCS11::Object] key Object of the new created key.
|
650
650
|
# @example generate 112 bit DES key
|
651
651
|
# key = session.generate_key(:DES2_KEY_GEN,
|
652
|
-
# {:
|
652
|
+
# {ENCRYPT: true, WRAP: true, DECRYPT: true, UNWRAP: true})
|
653
653
|
def C_GenerateKey(mechanism, template={})
|
654
654
|
obj = @pk.C_GenerateKey(@sess, to_mechanism(mechanism), to_attributes(template))
|
655
655
|
Object.new @pk, @sess, obj
|
@@ -664,8 +664,8 @@ module PKCS11
|
|
664
664
|
# @return [Array<PKCS11::Object>] an two-items array of new created public and private key Object.
|
665
665
|
# @example
|
666
666
|
# pub_key, priv_key = session.generate_key_pair(:RSA_PKCS_KEY_PAIR_GEN,
|
667
|
-
# {:
|
668
|
-
# {:
|
667
|
+
# {ENCRYPT: true, VERIFY: true, WRAP: true, MODULUS_BITS: 768, PUBLIC_EXPONENT: 3},
|
668
|
+
# {SUBJECT: 'test', ID: "ID", DECRYPT: true, SIGN: true, UNWRAP: true})
|
669
669
|
def C_GenerateKeyPair(mechanism, pubkey_template={}, privkey_template={})
|
670
670
|
objs = @pk.C_GenerateKeyPair(@sess, to_mechanism(mechanism), to_attributes(pubkey_template), to_attributes(privkey_template))
|
671
671
|
objs.map{|obj| Object.new @pk, @sess, obj }
|
@@ -682,7 +682,7 @@ module PKCS11
|
|
682
682
|
# @example Wrapping a secret key
|
683
683
|
# wrapped_key_value = session.wrap_key(:DES3_ECB, secret_key, secret_key)
|
684
684
|
# @example Wrapping a private key
|
685
|
-
# wrapped_key_value = session.wrap_key({:
|
685
|
+
# wrapped_key_value = session.wrap_key({DES3_CBC_PAD: "\0"*8}, secret_key, rsa_priv_key)
|
686
686
|
def C_WrapKey(mechanism, wrapping_key, wrapped_key, out_size=nil)
|
687
687
|
@pk.C_WrapKey(@sess, to_mechanism(mechanism), wrapping_key, wrapped_key, out_size)
|
688
688
|
end
|
@@ -698,7 +698,7 @@ module PKCS11
|
|
698
698
|
# @see Session#C_WrapKey
|
699
699
|
# @example
|
700
700
|
# unwrapped_key = session.unwrap_key(:DES3_ECB, secret_key, wrapped_key_value,
|
701
|
-
# :
|
701
|
+
# CLASS: CKO_SECRET_KEY, KEY_TYPE: CKK_DES2, ENCRYPT: true, DECRYPT: true)
|
702
702
|
def C_UnwrapKey(mechanism, wrapping_key, wrapped_key, template={})
|
703
703
|
obj = @pk.C_UnwrapKey(@sess, to_mechanism(mechanism), wrapping_key, wrapped_key, to_attributes(template))
|
704
704
|
Object.new @pk, @sess, obj
|
@@ -713,8 +713,8 @@ module PKCS11
|
|
713
713
|
# @return [PKCS11::Object] key object of the new created key.
|
714
714
|
# @example Derive a AES key by XORing with some derivation data
|
715
715
|
# deriv_data = "\0"*16
|
716
|
-
# new_key = session.derive_key( {CKM_XOR_BASE_AND_DATA => {:
|
717
|
-
# :
|
716
|
+
# new_key = session.derive_key( {CKM_XOR_BASE_AND_DATA => {pData: deriv_data}}, secret_key,
|
717
|
+
# CLASS: CKO_SECRET_KEY, KEY_TYPE: CKK_AES, VALUE_LEN: 16, ENCRYPT: true )
|
718
718
|
def C_DeriveKey(mechanism, base_key, template={})
|
719
719
|
obj = @pk.C_DeriveKey(@sess, to_mechanism(mechanism), base_key, to_attributes(template))
|
720
720
|
Object.new @pk, @sess, obj
|
data/pkcs11_luna/Manifest.txt
CHANGED
@@ -3,22 +3,22 @@
|
|
3
3
|
Manifest.txt
|
4
4
|
README_LUNA.rdoc
|
5
5
|
Rakefile
|
6
|
-
ext/extconf.rb
|
7
|
-
ext/generate_constants.rb
|
8
|
-
ext/generate_structs.rb
|
9
|
-
ext/pk11l.c
|
10
|
-
lib/pkcs11_luna.rb
|
11
|
-
lib/pkcs11_luna/extensions.rb
|
12
|
-
test/luna_helper.rb
|
13
|
-
test/app_id_helper.rb
|
14
|
-
test/test_pkcs11_luna.rb
|
15
|
-
test/test_pkcs11_luna_crypt.rb
|
16
6
|
examples/config.rb
|
17
7
|
examples/derive_aes_ecdh_key.rb
|
18
|
-
examples/sign_verify.rb
|
19
8
|
examples/encrypt_decrypt_aes.rb
|
20
9
|
examples/encrypt_decrypt_rsa.rb
|
21
10
|
examples/mechanism_list.rb
|
22
11
|
examples/multithread.rb
|
23
12
|
examples/objects_list.rb
|
13
|
+
examples/sign_verify.rb
|
24
14
|
examples/slot_info.rb
|
15
|
+
ext/extconf.rb
|
16
|
+
ext/generate_luna_constants.rb
|
17
|
+
ext/generate_luna_structs.rb
|
18
|
+
ext/pk11l.c
|
19
|
+
lib/pkcs11_luna.rb
|
20
|
+
lib/pkcs11_luna/extensions.rb
|
21
|
+
test/app_id_helper.rb
|
22
|
+
test/luna_helper.rb
|
23
|
+
test/test_pkcs11_luna.rb
|
24
|
+
test/test_pkcs11_luna_crypt.rb
|
@@ -1,8 +1,8 @@
|
|
1
1
|
= PKCS #11/Ruby Interface for Safenet Luna HSM
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
|
3
|
+
home :: http://github.com/larskanis/pkcs11
|
4
|
+
API documentation :: http://pkcs11.rubyforge.org/pkcs11/
|
5
|
+
Safenet Luna HSM :: http://www.safenet-inc.com
|
6
6
|
|
7
7
|
This ruby gem is an add-on to ruby-pkcs11[http://github.com/larskanis/pkcs11] .
|
8
8
|
It allows to use Luna specific extensions, which are beyond the PKCS#11 standard.
|
@@ -4,8 +4,8 @@ Manifest.txt
|
|
4
4
|
README_PROTECT_SERVER.rdoc
|
5
5
|
Rakefile
|
6
6
|
ext/extconf.rb
|
7
|
-
ext/
|
8
|
-
ext/
|
7
|
+
ext/generate_protect_server_constants.rb
|
8
|
+
ext/generate_protect_server_structs.rb
|
9
9
|
ext/pk11s.c
|
10
10
|
lib/pkcs11_protect_server.rb
|
11
11
|
lib/pkcs11_protect_server/extensions.rb
|
@@ -1,8 +1,8 @@
|
|
1
1
|
= PKCS #11/Ruby Interface for Safenet Protect Server HSM
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
|
3
|
+
home :: http://github.com/larskanis/pkcs11
|
4
|
+
API documentation: http://pkcs11.rubyforge.org/pkcs11/
|
5
|
+
Safenet Protect Server HSM : http://www.safenet-inc.com
|
6
6
|
|
7
7
|
This ruby gem is an add-on to ruby-pkcs11[http://github.com/larskanis/pkcs11] .
|
8
8
|
It allowes to use Protect Server specific extensions, which are beyond the PKCS#11 standard.
|
data/test/helper.rb
CHANGED
@@ -59,7 +59,7 @@ def open_softokn(so_path=nil)
|
|
59
59
|
$stderr.puts "Using #{so} with params #{softokn_params_string.inspect}"
|
60
60
|
$first_open = false
|
61
61
|
end
|
62
|
-
PKCS11.open(so, :
|
62
|
+
PKCS11.open(so, flags: 0, pReserved: softokn_params_string)
|
63
63
|
end
|
64
64
|
|
65
65
|
$pkcs11 = nil
|
data/test/test_pkcs11.rb
CHANGED
@@ -61,7 +61,7 @@ class TestPkcs11 < Minitest::Test
|
|
61
61
|
pk = PKCS11.open
|
62
62
|
pk.load_library(find_softokn)
|
63
63
|
pk.C_GetFunctionList
|
64
|
-
pk.C_Initialize(:
|
64
|
+
pk.C_Initialize(flags: 0, pReserved: softokn_params_string)
|
65
65
|
pk.info
|
66
66
|
pk.close
|
67
67
|
end
|
data/test/test_pkcs11_crypt.rb
CHANGED
@@ -20,16 +20,16 @@ class TestPkcs11Crypt < Minitest::Test
|
|
20
20
|
@session = slot.open
|
21
21
|
# session.login(:USER, "")
|
22
22
|
|
23
|
-
@rsa_pub_key = session.find_objects(:
|
24
|
-
:
|
25
|
-
@rsa_priv_key = session.find_objects(:
|
26
|
-
:
|
23
|
+
@rsa_pub_key = session.find_objects(CLASS: CKO_PUBLIC_KEY,
|
24
|
+
KEY_TYPE: CKK_RSA).first
|
25
|
+
@rsa_priv_key = session.find_objects(CLASS: CKO_PRIVATE_KEY,
|
26
|
+
KEY_TYPE: CKK_RSA).first
|
27
27
|
@secret_key = session.create_object(
|
28
|
-
:
|
29
|
-
:
|
30
|
-
:
|
31
|
-
:
|
32
|
-
:
|
28
|
+
CLASS: CKO_SECRET_KEY,
|
29
|
+
KEY_TYPE: CKK_DES2,
|
30
|
+
ENCRYPT: true, WRAP: true, DECRYPT: true, UNWRAP: true, TOKEN: false,
|
31
|
+
VALUE: '0123456789abcdef',
|
32
|
+
LABEL: 'test_secret_key')
|
33
33
|
end
|
34
34
|
|
35
35
|
def teardown
|
@@ -54,18 +54,18 @@ class TestPkcs11Crypt < Minitest::Test
|
|
54
54
|
|
55
55
|
def test_endecrypt_des
|
56
56
|
plaintext1 = "secret message "
|
57
|
-
cryptogram = session.encrypt( {:
|
57
|
+
cryptogram = session.encrypt( {DES3_CBC_PAD: "\0"*8}, secret_key, plaintext1)
|
58
58
|
assert_equal 16, cryptogram.length, 'The cryptogram should contain some data'
|
59
59
|
refute_equal cryptogram, plaintext1, 'The cryptogram should be different to plaintext'
|
60
60
|
|
61
61
|
cryptogram2 = ''
|
62
|
-
cryptogram2 << session.encrypt( {:
|
62
|
+
cryptogram2 << session.encrypt( {DES3_CBC_PAD: "\0"*8}, secret_key ) do |cipher|
|
63
63
|
cryptogram2 << cipher.update(plaintext1[0, 8])
|
64
64
|
cryptogram2 << cipher.update(plaintext1[8..-1])
|
65
65
|
end
|
66
66
|
assert_equal cryptogram, cryptogram2, "Encrypt with and w/o block should be lead to the same result"
|
67
67
|
|
68
|
-
plaintext2 = session.decrypt( {:
|
68
|
+
plaintext2 = session.decrypt( {DES3_CBC_PAD: "\0"*8}, secret_key, cryptogram)
|
69
69
|
assert_equal plaintext1, plaintext2, 'Decrypted plaintext should be the same'
|
70
70
|
end
|
71
71
|
|
@@ -90,8 +90,14 @@ class TestPkcs11Crypt < Minitest::Test
|
|
90
90
|
|
91
91
|
def create_openssl_cipher(pk11_key)
|
92
92
|
rsa = OpenSSL::PKey::RSA.new
|
93
|
-
|
94
|
-
|
93
|
+
n = OpenSSL::BN.new pk11_key[:MODULUS], 2
|
94
|
+
e = OpenSSL::BN.new pk11_key[:PUBLIC_EXPONENT], 2
|
95
|
+
if rsa.respond_to?(:set_key)
|
96
|
+
rsa.set_key(n, e, nil)
|
97
|
+
else
|
98
|
+
rsa.n = n
|
99
|
+
rsa.e = e
|
100
|
+
end
|
95
101
|
rsa
|
96
102
|
end
|
97
103
|
|
@@ -133,7 +139,7 @@ class TestPkcs11Crypt < Minitest::Test
|
|
133
139
|
wrapped_key_value = session.wrap_key(:DES3_ECB, secret_key, secret_key)
|
134
140
|
assert_equal 16, wrapped_key_value.length, '112 bit 3DES key should have same size wrapped'
|
135
141
|
|
136
|
-
unwrapped_key = session.unwrap_key(:DES3_ECB, secret_key, wrapped_key_value, :
|
142
|
+
unwrapped_key = session.unwrap_key(:DES3_ECB, secret_key, wrapped_key_value, CLASS: CKO_SECRET_KEY, KEY_TYPE: CKK_DES2, ENCRYPT: true, DECRYPT: true)
|
137
143
|
|
138
144
|
secret_key_kcv = session.encrypt( :DES3_ECB, secret_key, "\0"*8)
|
139
145
|
unwrapped_key_kcv = session.encrypt( :DES3_ECB, unwrapped_key, "\0"*8)
|
@@ -141,30 +147,30 @@ class TestPkcs11Crypt < Minitest::Test
|
|
141
147
|
end
|
142
148
|
|
143
149
|
def test_wrap_private_key
|
144
|
-
wrapped_key_value = session.wrap_key({:
|
150
|
+
wrapped_key_value = session.wrap_key({DES3_CBC_PAD: "\0"*8}, secret_key, rsa_priv_key)
|
145
151
|
assert wrapped_key_value.length>100, 'RSA private key should have bigger size wrapped'
|
146
152
|
end
|
147
153
|
|
148
154
|
def test_generate_secret_key
|
149
155
|
key = session.generate_key(:DES2_KEY_GEN,
|
150
|
-
{:
|
156
|
+
{ENCRYPT: true, WRAP: true, DECRYPT: true, UNWRAP: true, TOKEN: false, LOCAL: true})
|
151
157
|
assert_equal true, key[:LOCAL], 'Keys created on the token should be marked as local'
|
152
158
|
assert_equal CKK_DES2, key[:KEY_TYPE], 'Should be a 2 key 3des key'
|
153
159
|
|
154
160
|
# other ways to use mechanisms
|
155
161
|
key = session.generate_key(CKM_DES2_KEY_GEN,
|
156
|
-
{:
|
162
|
+
{ENCRYPT: true, WRAP: true, DECRYPT: true, UNWRAP: true, TOKEN: false, LOCAL: true})
|
157
163
|
assert_equal CKK_DES2, key[:KEY_TYPE], 'Should be a 2 key 3des key'
|
158
164
|
key = session.generate_key(CK_MECHANISM.new(CKM_DES2_KEY_GEN, nil),
|
159
|
-
{:
|
165
|
+
{ENCRYPT: true, WRAP: true, DECRYPT: true, UNWRAP: true, TOKEN: false, LOCAL: true})
|
160
166
|
assert_equal CKK_DES2, key[:KEY_TYPE], 'Should be a 2 key 3des key'
|
161
167
|
end
|
162
168
|
|
163
169
|
def test_generate_key_pair
|
164
170
|
pub_key, priv_key = session.generate_key_pair(:RSA_PKCS_KEY_PAIR_GEN,
|
165
|
-
{:
|
166
|
-
{:
|
167
|
-
:
|
171
|
+
{ENCRYPT: true, VERIFY: true, WRAP: true, MODULUS_BITS: 768, PUBLIC_EXPONENT: [65537].pack("N"), TOKEN: false},
|
172
|
+
{PRIVATE: true, SUBJECT: 'test', ID: [123].pack("n"),
|
173
|
+
SENSITIVE: true, DECRYPT: true, SIGN: true, UNWRAP: true, TOKEN: false, LOCAL: true})
|
168
174
|
|
169
175
|
assert_equal true, priv_key[:LOCAL], 'Private keys created on the token should be marked as local'
|
170
176
|
assert_equal priv_key[:CLASS], CKO_PRIVATE_KEY
|
@@ -178,15 +184,15 @@ class TestPkcs11Crypt < Minitest::Test
|
|
178
184
|
|
179
185
|
# Generate key side 2 with same prime and base as side 1
|
180
186
|
pub_key2, priv_key2 = session.generate_key_pair(:DH_PKCS_KEY_PAIR_GEN,
|
181
|
-
{:
|
182
|
-
{:
|
187
|
+
{PRIME: key1.p.to_s(2), BASE: key1.g.to_s(2), TOKEN: false},
|
188
|
+
{VALUE_BITS: 512, DERIVE: true, TOKEN: false})
|
183
189
|
|
184
190
|
# Derive secret DES key for side 1 with OpenSSL
|
185
191
|
new_key1 = key1.compute_key(OpenSSL::BN.new pub_key2[:VALUE], 2)
|
186
192
|
|
187
193
|
# Derive secret DES key for side 2 with softokn3
|
188
|
-
new_key2 = session.derive_key( {:
|
189
|
-
:
|
194
|
+
new_key2 = session.derive_key( {DH_PKCS_DERIVE: key1.pub_key.to_s(2)}, priv_key2,
|
195
|
+
CLASS: CKO_SECRET_KEY, KEY_TYPE: CKK_AES, VALUE_LEN: 16, ENCRYPT: true, DECRYPT: true, SENSITIVE: false )
|
190
196
|
|
191
197
|
# Some versions of softokn3 use left- and some use rightmost bits of exchanged key
|
192
198
|
assert_operator [new_key1[0,16], new_key1[-16..-1]], :include?, new_key2[:VALUE], 'Exchanged session key should be equal'
|
@@ -194,15 +200,15 @@ class TestPkcs11Crypt < Minitest::Test
|
|
194
200
|
|
195
201
|
def test_derive_key2
|
196
202
|
deriv_data = "\0"*16
|
197
|
-
new_key1 = session.derive_key( {CKM_XOR_BASE_AND_DATA => {:
|
198
|
-
:
|
203
|
+
new_key1 = session.derive_key( {CKM_XOR_BASE_AND_DATA => {pData: deriv_data}}, secret_key,
|
204
|
+
CLASS: CKO_SECRET_KEY, KEY_TYPE: CKK_AES, VALUE_LEN: 16, ENCRYPT: true, DECRYPT: true, SENSITIVE: false )
|
199
205
|
|
200
206
|
assert_equal secret_key[:VALUE], new_key1[:VALUE], 'Derived key should have equal key value'
|
201
207
|
end
|
202
208
|
|
203
209
|
def test_ssl3
|
204
|
-
pm_key = session.generate_key({:
|
205
|
-
{:
|
210
|
+
pm_key = session.generate_key({SSL3_PRE_MASTER_KEY_GEN: {major: 3, minor: 0}},
|
211
|
+
{TOKEN: false})
|
206
212
|
assert_equal 48, pm_key[:VALUE_LEN], "SSL3 pre master key should be 48 bytes long"
|
207
213
|
|
208
214
|
dp = CK_SSL3_MASTER_KEY_DERIVE_PARAMS.new
|
data/test/test_pkcs11_object.rb
CHANGED
@@ -21,10 +21,10 @@ class TestPkcs11Object < Minitest::Test
|
|
21
21
|
|
22
22
|
# Create session object for tests.
|
23
23
|
@object = session.create_object(
|
24
|
-
:
|
25
|
-
:
|
26
|
-
:
|
27
|
-
:
|
24
|
+
CLASS: CKO_DATA,
|
25
|
+
TOKEN: false,
|
26
|
+
APPLICATION: 'My Application',
|
27
|
+
VALUE: 'value')
|
28
28
|
end
|
29
29
|
|
30
30
|
def teardown
|
@@ -42,7 +42,7 @@ class TestPkcs11Object < Minitest::Test
|
|
42
42
|
assert_equal CKO_DATA, object.attributes(:CLASS).first.value, 'Resulting attribute should be Integer value CKO_DATA'
|
43
43
|
assert_equal 3, object.attributes(:VALUE, :TOKEN, :PRIVATE).length, 'An object should have some attributes'
|
44
44
|
assert_equal 3, object.attributes([:VALUE, :TOKEN, :APPLICATION]).length, 'Another way to retieve attributes'
|
45
|
-
assert_equal 2, object.attributes(:
|
45
|
+
assert_equal 2, object.attributes(VALUE: nil, TOKEN: nil).length, 'Third way to retieve attributes'
|
46
46
|
|
47
47
|
# The C language way to retrieve the attribute values:
|
48
48
|
template = [
|
@@ -59,6 +59,9 @@ class TestPkcs11Object < Minitest::Test
|
|
59
59
|
|
60
60
|
def test_accessor
|
61
61
|
assert_equal 'value', object[:VALUE], "Value should be readable"
|
62
|
+
assert_equal Encoding::BINARY, object[:VALUE].encoding
|
63
|
+
assert_equal 'My Application', object[:APPLICATION]
|
64
|
+
assert_equal Encoding::UTF_8, object[:APPLICATION].encoding
|
62
65
|
assert_equal CKO_DATA, object[:CLASS], "Class should be readable"
|
63
66
|
assert_equal ['value', CKO_DATA], object[:VALUE, :CLASS], "multiple values should be readable"
|
64
67
|
assert_equal ['value', CKO_DATA], object[[:VALUE, :CLASS]], "multiple values should be readable"
|
@@ -80,15 +83,15 @@ class TestPkcs11Object < Minitest::Test
|
|
80
83
|
end
|
81
84
|
|
82
85
|
def test_set_attributes
|
83
|
-
object.attributes = {:
|
86
|
+
object.attributes = {VALUE: 'value4', PKCS11::CKA_APPLICATION => 'Äpp4'}
|
84
87
|
assert_equal 'value4', object[:VALUE], "Value should have changed"
|
85
|
-
assert_equal '
|
88
|
+
assert_equal 'Äpp4', object[:APPLICATION], "App should have changed"
|
86
89
|
|
87
|
-
object[:VALUE, PKCS11::CKA_APPLICATION] = 'value5', '
|
90
|
+
object[:VALUE, PKCS11::CKA_APPLICATION] = 'value5', 'äpp5'
|
88
91
|
assert_equal 'value5', object[:VALUE], "Value should have changed"
|
89
|
-
assert_equal '
|
92
|
+
assert_equal 'äpp5', object[:APPLICATION], "App should have changed"
|
90
93
|
assert_raises(ArgumentError) do
|
91
|
-
object[:VALUE, PKCS11::CKA_APPLICATION, :CLASS] = 'value5', '
|
94
|
+
object[:VALUE, PKCS11::CKA_APPLICATION, :CLASS] = 'value5', 'äpp5'
|
92
95
|
end
|
93
96
|
|
94
97
|
object[] = []
|
@@ -106,7 +109,7 @@ class TestPkcs11Object < Minitest::Test
|
|
106
109
|
end
|
107
110
|
|
108
111
|
def test_copy_with_params
|
109
|
-
new_obj = object.copy :
|
112
|
+
new_obj = object.copy APPLICATION: 'Copied object'
|
110
113
|
assert_equal 'value', new_obj[:VALUE], "Value should be copied"
|
111
114
|
assert_equal 'Copied object', new_obj[:APPLICATION], "Application should be changed"
|
112
115
|
assert_equal 'My Application', object[:APPLICATION], "Original object should be unchanged"
|