pkcs11 0.2.6 → 0.3.3

data/ext/pk11_thread_funcs.c

@@ -1,5 +1,4 @@
   #include "pk11_thread_funcs.h"
-  #ifdef HAVE_RB_THREAD_CALL_WITHOUT_GVL
       void * tbf_C_Initialize( void *data ){
         struct tbr_C_Initialize_params *p = (struct tbr_C_Initialize_params*)data;
         p->retval = p->func( p->params.pInitArgs );
@@ -408,4 +407,3 @@
         return NULL;
       }
 
-  #endif

data/ext/pk11_thread_funcs.h

@@ -1,7 +1,6 @@
   #ifndef EXT_PK11_THREAD_FUNCS_H
   #define EXT_PK11_THREAD_FUNCS_H
   #include "pk11.h"
-  #ifdef HAVE_RB_THREAD_CALL_WITHOUT_GVL
       struct tbr_C_Initialize_params {
         CK_C_Initialize func;
         struct { CK_VOID_PTR pInitArgs; } params;
@@ -479,4 +478,3 @@
       void * tbf_C_WaitForSlotEvent( void *data );
 
   #endif
-  #endif

data/ext/pk11_version.h

@@ -1,6 +1,6 @@
 #ifndef RUBY_PK11_VERSION_H
 #define RUBY_PK11_VERSION_H
 
-static const char *VERSION = "0.2.6";
+static const char *VERSION = "0.3.3";
 
 #endif

data/lib/pkcs11/helper.rb

@@ -133,9 +133,7 @@ module PKCS11
           end
 
           PKCS11::CK_MECHANISM.new(mech, param)
-        when Fixnum
-          PKCS11::CK_MECHANISM.new(mechanism)
-        when Bignum
+        when Integer
           PKCS11::CK_MECHANISM.new(mechanism)
         else
           mechanism

data/lib/pkcs11/library.rb

@@ -34,6 +34,10 @@ module PKCS11
     #   pkcs11.load_library(so_path)
     #   pkcs11.C_GetFunctionList
     #   pkcs11.C_Initialize(args)
+    #
+    # Note: When using RubyInstaller-2.4+ on Windows it might be required to add the path of dependent DLLs to the DLL search path.
+    # This can be done by the +RUBY_DLL_PATH+ environment variable.
+    # See https://github.com/oneclick/rubyinstaller2/wiki/For-gem-developers#user-content-dll-loading
     def initialize(so_path=nil, args={})
       unwrapped_initialize(so_path, args)
     end

data/lib/pkcs11/object.rb

@@ -64,7 +64,7 @@ module PKCS11
     #   true   -> 0x01
     #   false  -> 0x00
     #   nil    -> NULL pointer
-    #   Fixnum -> binary encoded unsigned long
+    #   Integer-> binary encoded unsigned long
     #
     # @example
     #     object[:VALUE] = "\000\000\000\000\000\000\000\000"
@@ -84,7 +84,7 @@ module PKCS11
     # Modifies the value of one or more attributes of the object in a single call.
     #
     # @example
-    #   object.attributes = {:SUBJECT => cert_subject, PKCS11::CKA_VALUE => cert_data}
+    #   object.attributes = {SUBJECT:  cert_subject, PKCS11::CKA_VALUE => cert_data}
     # @return template
     def C_SetAttributeValue(template={})
       @pk.C_SetAttributeValue(@sess, @obj, to_attributes(template))

data/lib/pkcs11/session.rb

@@ -109,7 +109,7 @@ module PKCS11
     # @return [Array<PKCS11::Object>]
     #
     # @example prints subject of all certificates stored in the token:
-    #   session.find_objects(:CLASS => PKCS11::CKO_CERTIFICATE) do |obj|
+    #   session.find_objects(CLASS:  PKCS11::CKO_CERTIFICATE) do |obj|
     #     p OpenSSL::X509::Name.new(obj[:SUBJECT])
     #   end
     def find_objects(template={})
@@ -146,9 +146,9 @@ module PKCS11
     # @return [PKCS11::Object] the newly created object
     # @example Creating a 112 bit DES key from plaintext
     #     secret_key = session.create_object(
-    #       :CLASS=>PKCS11::CKO_SECRET_KEY, :KEY_TYPE=>PKCS11::CKK_DES2,
-    #       :ENCRYPT=>true, :WRAP=>true, :DECRYPT=>true, :UNWRAP=>true,
-    #       :VALUE=>'0123456789abcdef', :LABEL=>'test_secret_key')
+    #       CLASS: PKCS11::CKO_SECRET_KEY, KEY_TYPE: PKCS11::CKK_DES2,
+    #       ENCRYPT: true, WRAP: true, DECRYPT: true, UNWRAP: true,
+    #       VALUE: '0123456789abcdef', LABEL: 'test_secret_key')
     def C_CreateObject(template={})
       handle = @pk.C_CreateObject(@sess, to_attributes(template))
       Object.new @pk, @sess, handle
@@ -302,12 +302,12 @@ module PKCS11
     #
     # @example for using single part operation
     #   iv = "12345678"
-    #   cryptogram = session.encrypt( {:DES_CBC_PAD=>iv}, key, "block 1block 2" )
+    #   cryptogram = session.encrypt( {DES_CBC_PAD: iv}, key, "block 1block 2" )
     #
     # @example for using multi part operation
     #   iv = "12345678"
     #   cryptogram = ''
-    #   cryptogram << session.encrypt( {:DES_CBC_PAD=>iv}, key ) do |cipher|
+    #   cryptogram << session.encrypt( {DES_CBC_PAD: iv}, key ) do |cipher|
     #     cryptogram << cipher.update("block 1")
     #     cryptogram << cipher.update("block 2")
     #   end
@@ -649,7 +649,7 @@ module PKCS11
     # @return [PKCS11::Object]  key Object of the new created key.
     # @example generate 112 bit DES key
     #     key = session.generate_key(:DES2_KEY_GEN,
-    #       {:ENCRYPT=>true, :WRAP=>true, :DECRYPT=>true, :UNWRAP=>true})
+    #       {ENCRYPT: true, WRAP: true, DECRYPT: true, UNWRAP: true})
     def C_GenerateKey(mechanism, template={})
       obj = @pk.C_GenerateKey(@sess, to_mechanism(mechanism), to_attributes(template))
       Object.new @pk, @sess, obj
@@ -664,8 +664,8 @@ module PKCS11
     # @return [Array<PKCS11::Object>]  an two-items array of new created public and private key Object.
     # @example
     #     pub_key, priv_key = session.generate_key_pair(:RSA_PKCS_KEY_PAIR_GEN,
-    #       {:ENCRYPT=>true, :VERIFY=>true, :WRAP=>true, :MODULUS_BITS=>768, :PUBLIC_EXPONENT=>3},
-    #       {:SUBJECT=>'test', :ID=>"ID", :DECRYPT=>true, :SIGN=>true, :UNWRAP=>true})
+    #       {ENCRYPT: true, VERIFY: true, WRAP: true, MODULUS_BITS: 768, PUBLIC_EXPONENT: 3},
+    #       {SUBJECT: 'test', ID: "ID", DECRYPT: true, SIGN: true, UNWRAP: true})
     def C_GenerateKeyPair(mechanism, pubkey_template={}, privkey_template={})
       objs = @pk.C_GenerateKeyPair(@sess, to_mechanism(mechanism), to_attributes(pubkey_template), to_attributes(privkey_template))
       objs.map{|obj| Object.new @pk, @sess, obj }
@@ -682,7 +682,7 @@ module PKCS11
     # @example Wrapping a secret key
     #     wrapped_key_value = session.wrap_key(:DES3_ECB, secret_key, secret_key)
     # @example Wrapping a private key
-    #     wrapped_key_value = session.wrap_key({:DES3_CBC_PAD=>"\0"*8}, secret_key, rsa_priv_key)
+    #     wrapped_key_value = session.wrap_key({DES3_CBC_PAD: "\0"*8}, secret_key, rsa_priv_key)
     def C_WrapKey(mechanism, wrapping_key, wrapped_key, out_size=nil)
       @pk.C_WrapKey(@sess, to_mechanism(mechanism), wrapping_key, wrapped_key, out_size)
     end
@@ -698,7 +698,7 @@ module PKCS11
     # @see Session#C_WrapKey
     # @example
     #     unwrapped_key = session.unwrap_key(:DES3_ECB, secret_key, wrapped_key_value,
-    #         :CLASS=>CKO_SECRET_KEY, :KEY_TYPE=>CKK_DES2, :ENCRYPT=>true, :DECRYPT=>true)
+    #         CLASS: CKO_SECRET_KEY, KEY_TYPE: CKK_DES2, ENCRYPT: true, DECRYPT: true)
     def C_UnwrapKey(mechanism, wrapping_key, wrapped_key, template={})
       obj = @pk.C_UnwrapKey(@sess, to_mechanism(mechanism), wrapping_key, wrapped_key, to_attributes(template))
       Object.new @pk, @sess, obj
@@ -713,8 +713,8 @@ module PKCS11
     # @return [PKCS11::Object]  key object of the new created key.
     # @example Derive a AES key by XORing with some derivation data
     #     deriv_data = "\0"*16
-    #     new_key = session.derive_key( {CKM_XOR_BASE_AND_DATA => {:pData => deriv_data}}, secret_key,
-    #       :CLASS=>CKO_SECRET_KEY, :KEY_TYPE=>CKK_AES, :VALUE_LEN=>16, :ENCRYPT=>true )
+    #     new_key = session.derive_key( {CKM_XOR_BASE_AND_DATA => {pData:  deriv_data}}, secret_key,
+    #       CLASS: CKO_SECRET_KEY, KEY_TYPE: CKK_AES, VALUE_LEN: 16, ENCRYPT: true )
     def C_DeriveKey(mechanism, base_key, template={})
       obj = @pk.C_DeriveKey(@sess, to_mechanism(mechanism), base_key, to_attributes(template))
       Object.new @pk, @sess, obj

data/pkcs11_luna/Manifest.txt

@@ -3,22 +3,22 @@
 Manifest.txt
 README_LUNA.rdoc
 Rakefile
-ext/extconf.rb
-ext/generate_constants.rb
-ext/generate_structs.rb
-ext/pk11l.c
-lib/pkcs11_luna.rb
-lib/pkcs11_luna/extensions.rb
-test/luna_helper.rb
-test/app_id_helper.rb
-test/test_pkcs11_luna.rb
-test/test_pkcs11_luna_crypt.rb
 examples/config.rb
 examples/derive_aes_ecdh_key.rb
-examples/sign_verify.rb
 examples/encrypt_decrypt_aes.rb
 examples/encrypt_decrypt_rsa.rb
 examples/mechanism_list.rb
 examples/multithread.rb
 examples/objects_list.rb
+examples/sign_verify.rb
 examples/slot_info.rb
+ext/extconf.rb
+ext/generate_luna_constants.rb
+ext/generate_luna_structs.rb
+ext/pk11l.c
+lib/pkcs11_luna.rb
+lib/pkcs11_luna/extensions.rb
+test/app_id_helper.rb
+test/luna_helper.rb
+test/test_pkcs11_luna.rb
+test/test_pkcs11_luna_crypt.rb

data/pkcs11_luna/README_LUNA.rdoc

@@ -1,8 +1,8 @@
 = PKCS #11/Ruby Interface for Safenet Luna HSM
 
-* Homepage: http://github.com/larskanis/pkcs11
-* API documentation: http://pkcs11.rubyforge.org/pkcs11/
-* Safenet[http://www.safenet-inc.com] - Luna HSM
+home :: http://github.com/larskanis/pkcs11
+API documentation :: http://pkcs11.rubyforge.org/pkcs11/
+Safenet Luna HSM :: http://www.safenet-inc.com
 
 This ruby gem is an add-on to ruby-pkcs11[http://github.com/larskanis/pkcs11] .
 It allows to use Luna specific extensions, which are beyond the PKCS#11 standard.

data/pkcs11_protect_server/Manifest.txt

@@ -4,8 +4,8 @@ Manifest.txt
 README_PROTECT_SERVER.rdoc
 Rakefile
 ext/extconf.rb
-ext/generate_constants.rb
-ext/generate_structs.rb
+ext/generate_protect_server_constants.rb
+ext/generate_protect_server_structs.rb
 ext/pk11s.c
 lib/pkcs11_protect_server.rb
 lib/pkcs11_protect_server/extensions.rb

data/pkcs11_protect_server/README_PROTECT_SERVER.rdoc

@@ -1,8 +1,8 @@
 = PKCS #11/Ruby Interface for Safenet Protect Server HSM
 
-* Homepage: http://github.com/larskanis/pkcs11
-* API documentation: http://pkcs11.rubyforge.org/pkcs11/
-* Safenet[http://www.safenet-inc.com] - Protect Server HSM
+home :: http://github.com/larskanis/pkcs11
+API documentation: http://pkcs11.rubyforge.org/pkcs11/
+Safenet Protect Server HSM : http://www.safenet-inc.com
 
 This ruby gem is an add-on to ruby-pkcs11[http://github.com/larskanis/pkcs11] .
 It allowes to use Protect Server specific extensions, which are beyond the PKCS#11 standard.

data/test/helper.rb

@@ -59,7 +59,7 @@ def open_softokn(so_path=nil)
     $stderr.puts "Using #{so} with params #{softokn_params_string.inspect}"
     $first_open = false
   end
-  PKCS11.open(so, :flags=>0, :pReserved=>softokn_params_string)
+  PKCS11.open(so, flags: 0, pReserved: softokn_params_string)
 end
 
 $pkcs11 = nil

data/test/test_pkcs11.rb

@@ -61,7 +61,7 @@ class TestPkcs11 < Minitest::Test
     pk = PKCS11.open
     pk.load_library(find_softokn)
     pk.C_GetFunctionList
-    pk.C_Initialize(:flags=>0, :pReserved=>softokn_params_string)
+    pk.C_Initialize(flags: 0, pReserved: softokn_params_string)
     pk.info
     pk.close
   end

data/test/test_pkcs11_crypt.rb

@@ -20,16 +20,16 @@ class TestPkcs11Crypt < Minitest::Test
     @session = slot.open
 #     session.login(:USER, "")
 
-    @rsa_pub_key = session.find_objects(:CLASS => CKO_PUBLIC_KEY,
-                        :KEY_TYPE => CKK_RSA).first
-    @rsa_priv_key = session.find_objects(:CLASS => CKO_PRIVATE_KEY,
-                        :KEY_TYPE => CKK_RSA).first
+    @rsa_pub_key = session.find_objects(CLASS:  CKO_PUBLIC_KEY,
+                        KEY_TYPE:  CKK_RSA).first
+    @rsa_priv_key = session.find_objects(CLASS:  CKO_PRIVATE_KEY,
+                        KEY_TYPE:  CKK_RSA).first
     @secret_key = session.create_object(
-      :CLASS=>CKO_SECRET_KEY,
-      :KEY_TYPE=>CKK_DES2,
-      :ENCRYPT=>true, :WRAP=>true, :DECRYPT=>true, :UNWRAP=>true, :TOKEN=>false,
-      :VALUE=>'0123456789abcdef',
-      :LABEL=>'test_secret_key')
+      CLASS: CKO_SECRET_KEY,
+      KEY_TYPE: CKK_DES2,
+      ENCRYPT: true, WRAP: true, DECRYPT: true, UNWRAP: true, TOKEN: false,
+      VALUE: '0123456789abcdef',
+      LABEL: 'test_secret_key')
   end
 
   def teardown
@@ -54,18 +54,18 @@ class TestPkcs11Crypt < Minitest::Test
 
   def test_endecrypt_des
     plaintext1 = "secret message "
-    cryptogram = session.encrypt( {:DES3_CBC_PAD=>"\0"*8}, secret_key, plaintext1)
+    cryptogram = session.encrypt( {DES3_CBC_PAD: "\0"*8}, secret_key, plaintext1)
     assert_equal 16, cryptogram.length, 'The cryptogram should contain some data'
     refute_equal cryptogram, plaintext1, 'The cryptogram should be different to plaintext'
 
     cryptogram2 = ''
-    cryptogram2 << session.encrypt( {:DES3_CBC_PAD=>"\0"*8}, secret_key ) do |cipher|
+    cryptogram2 << session.encrypt( {DES3_CBC_PAD: "\0"*8}, secret_key ) do |cipher|
       cryptogram2 << cipher.update(plaintext1[0, 8])
       cryptogram2 << cipher.update(plaintext1[8..-1])
     end
     assert_equal cryptogram, cryptogram2, "Encrypt with and w/o block should be lead to the same result"
 
-    plaintext2 = session.decrypt( {:DES3_CBC_PAD=>"\0"*8}, secret_key, cryptogram)
+    plaintext2 = session.decrypt( {DES3_CBC_PAD: "\0"*8}, secret_key, cryptogram)
     assert_equal plaintext1, plaintext2, 'Decrypted plaintext should be the same'
   end
 
@@ -90,8 +90,14 @@ class TestPkcs11Crypt < Minitest::Test
 
   def create_openssl_cipher(pk11_key)
     rsa = OpenSSL::PKey::RSA.new
-    rsa.n = OpenSSL::BN.new pk11_key[:MODULUS], 2
-    rsa.e = OpenSSL::BN.new pk11_key[:PUBLIC_EXPONENT], 2
+    n = OpenSSL::BN.new pk11_key[:MODULUS], 2
+    e = OpenSSL::BN.new pk11_key[:PUBLIC_EXPONENT], 2
+    if rsa.respond_to?(:set_key)
+      rsa.set_key(n, e, nil)
+    else
+      rsa.n = n
+      rsa.e = e
+    end
     rsa
   end
 
@@ -133,7 +139,7 @@ class TestPkcs11Crypt < Minitest::Test
     wrapped_key_value = session.wrap_key(:DES3_ECB, secret_key, secret_key)
     assert_equal 16, wrapped_key_value.length, '112 bit 3DES key should have same size wrapped'
 
-    unwrapped_key = session.unwrap_key(:DES3_ECB, secret_key, wrapped_key_value, :CLASS=>CKO_SECRET_KEY, :KEY_TYPE=>CKK_DES2, :ENCRYPT=>true, :DECRYPT=>true)
+    unwrapped_key = session.unwrap_key(:DES3_ECB, secret_key, wrapped_key_value, CLASS: CKO_SECRET_KEY, KEY_TYPE: CKK_DES2, ENCRYPT: true, DECRYPT: true)
 
     secret_key_kcv = session.encrypt( :DES3_ECB, secret_key, "\0"*8)
     unwrapped_key_kcv = session.encrypt( :DES3_ECB, unwrapped_key, "\0"*8)
@@ -141,30 +147,30 @@ class TestPkcs11Crypt < Minitest::Test
   end
 
   def test_wrap_private_key
-    wrapped_key_value = session.wrap_key({:DES3_CBC_PAD=>"\0"*8}, secret_key, rsa_priv_key)
+    wrapped_key_value = session.wrap_key({DES3_CBC_PAD: "\0"*8}, secret_key, rsa_priv_key)
     assert wrapped_key_value.length>100, 'RSA private key should have bigger size wrapped'
   end
 
   def test_generate_secret_key
     key = session.generate_key(:DES2_KEY_GEN,
-      {:ENCRYPT=>true, :WRAP=>true, :DECRYPT=>true, :UNWRAP=>true, :TOKEN=>false, :LOCAL=>true})
+      {ENCRYPT: true, WRAP: true, DECRYPT: true, UNWRAP: true, TOKEN: false, LOCAL: true})
     assert_equal true, key[:LOCAL], 'Keys created on the token should be marked as local'
     assert_equal CKK_DES2, key[:KEY_TYPE], 'Should be a 2 key 3des key'
 
 		# other ways to use mechanisms
     key = session.generate_key(CKM_DES2_KEY_GEN,
-      {:ENCRYPT=>true, :WRAP=>true, :DECRYPT=>true, :UNWRAP=>true, :TOKEN=>false, :LOCAL=>true})
+      {ENCRYPT: true, WRAP: true, DECRYPT: true, UNWRAP: true, TOKEN: false, LOCAL: true})
     assert_equal CKK_DES2, key[:KEY_TYPE], 'Should be a 2 key 3des key'
     key = session.generate_key(CK_MECHANISM.new(CKM_DES2_KEY_GEN, nil),
-      {:ENCRYPT=>true, :WRAP=>true, :DECRYPT=>true, :UNWRAP=>true, :TOKEN=>false, :LOCAL=>true})
+      {ENCRYPT: true, WRAP: true, DECRYPT: true, UNWRAP: true, TOKEN: false, LOCAL: true})
     assert_equal CKK_DES2, key[:KEY_TYPE], 'Should be a 2 key 3des key'
   end
 
   def test_generate_key_pair
     pub_key, priv_key = session.generate_key_pair(:RSA_PKCS_KEY_PAIR_GEN,
-      {:ENCRYPT=>true, :VERIFY=>true, :WRAP=>true, :MODULUS_BITS=>768, :PUBLIC_EXPONENT=>[3].pack("N"), :TOKEN=>false},
-      {:PRIVATE=>true, :SUBJECT=>'test', :ID=>[123].pack("n"),
-       :SENSITIVE=>true, :DECRYPT=>true, :SIGN=>true, :UNWRAP=>true, :TOKEN=>false, :LOCAL=>true})
+      {ENCRYPT: true, VERIFY: true, WRAP: true, MODULUS_BITS: 768, PUBLIC_EXPONENT: [65537].pack("N"), TOKEN: false},
+      {PRIVATE: true, SUBJECT: 'test', ID: [123].pack("n"),
+       SENSITIVE: true, DECRYPT: true, SIGN: true, UNWRAP: true, TOKEN: false, LOCAL: true})
 
     assert_equal true, priv_key[:LOCAL], 'Private keys created on the token should be marked as local'
     assert_equal priv_key[:CLASS], CKO_PRIVATE_KEY
@@ -178,15 +184,15 @@ class TestPkcs11Crypt < Minitest::Test
 
     # Generate key side 2 with same prime and base as side 1
     pub_key2, priv_key2 = session.generate_key_pair(:DH_PKCS_KEY_PAIR_GEN,
-      {:PRIME=>key1.p.to_s(2), :BASE=>key1.g.to_s(2), :TOKEN=>false},
-      {:VALUE_BITS=>512, :DERIVE=>true, :TOKEN=>false})
+      {PRIME: key1.p.to_s(2), BASE: key1.g.to_s(2), TOKEN: false},
+      {VALUE_BITS: 512, DERIVE: true, TOKEN: false})
 
     # Derive secret DES key for side 1 with OpenSSL
     new_key1 = key1.compute_key(OpenSSL::BN.new pub_key2[:VALUE], 2)
 
     # Derive secret DES key for side 2 with softokn3
-    new_key2 = session.derive_key( {:DH_PKCS_DERIVE=>key1.pub_key.to_s(2)}, priv_key2,
-      :CLASS=>CKO_SECRET_KEY, :KEY_TYPE=>CKK_AES, :VALUE_LEN=>16, :ENCRYPT=>true, :DECRYPT=>true, :SENSITIVE=>false )
+    new_key2 = session.derive_key( {DH_PKCS_DERIVE: key1.pub_key.to_s(2)}, priv_key2,
+      CLASS: CKO_SECRET_KEY, KEY_TYPE: CKK_AES, VALUE_LEN: 16, ENCRYPT: true, DECRYPT: true, SENSITIVE: false )
 
     # Some versions of softokn3 use left- and some use rightmost bits of exchanged key
     assert_operator [new_key1[0,16], new_key1[-16..-1]], :include?, new_key2[:VALUE], 'Exchanged session key should be equal'
@@ -194,15 +200,15 @@ class TestPkcs11Crypt < Minitest::Test
 
   def test_derive_key2
     deriv_data = "\0"*16
-    new_key1 = session.derive_key( {CKM_XOR_BASE_AND_DATA => {:pData => deriv_data}}, secret_key,
-      :CLASS=>CKO_SECRET_KEY, :KEY_TYPE=>CKK_AES, :VALUE_LEN=>16, :ENCRYPT=>true, :DECRYPT=>true, :SENSITIVE=>false )
+    new_key1 = session.derive_key( {CKM_XOR_BASE_AND_DATA => {pData:  deriv_data}}, secret_key,
+      CLASS: CKO_SECRET_KEY, KEY_TYPE: CKK_AES, VALUE_LEN: 16, ENCRYPT: true, DECRYPT: true, SENSITIVE: false )
 
     assert_equal secret_key[:VALUE], new_key1[:VALUE], 'Derived key should have equal key value'
   end
 
   def test_ssl3
-    pm_key = session.generate_key({:SSL3_PRE_MASTER_KEY_GEN => {:major=>3, :minor=>0}},
-        {:TOKEN=>false})
+    pm_key = session.generate_key({SSL3_PRE_MASTER_KEY_GEN:  {major: 3, minor: 0}},
+        {TOKEN: false})
     assert_equal 48, pm_key[:VALUE_LEN], "SSL3 pre master key should be 48 bytes long"
 
     dp = CK_SSL3_MASTER_KEY_DERIVE_PARAMS.new

data/test/test_pkcs11_object.rb

@@ -21,10 +21,10 @@ class TestPkcs11Object < Minitest::Test
 
     # Create session object for tests.
     @object = session.create_object(
-      :CLASS=>CKO_DATA,
-      :TOKEN=>false,
-      :APPLICATION=>'My Application',
-      :VALUE=>'value')
+      CLASS: CKO_DATA,
+      TOKEN: false,
+      APPLICATION: 'My Application',
+      VALUE: 'value')
   end
 
   def teardown
@@ -42,7 +42,7 @@ class TestPkcs11Object < Minitest::Test
     assert_equal CKO_DATA, object.attributes(:CLASS).first.value, 'Resulting attribute should be Integer value CKO_DATA'
     assert_equal 3, object.attributes(:VALUE, :TOKEN, :PRIVATE).length, 'An object should have some attributes'
     assert_equal 3, object.attributes([:VALUE, :TOKEN, :APPLICATION]).length, 'Another way to retieve attributes'
-    assert_equal 2, object.attributes(:VALUE=>nil, :TOKEN=>nil).length, 'Third way to retieve attributes'
+    assert_equal 2, object.attributes(VALUE: nil, TOKEN: nil).length, 'Third way to retieve attributes'
 
     # The C language way to retrieve the attribute values:
     template = [
@@ -59,6 +59,9 @@ class TestPkcs11Object < Minitest::Test
 
   def test_accessor
     assert_equal 'value', object[:VALUE], "Value should be readable"
+    assert_equal Encoding::BINARY, object[:VALUE].encoding
+    assert_equal 'My Application', object[:APPLICATION]
+    assert_equal Encoding::UTF_8, object[:APPLICATION].encoding
     assert_equal CKO_DATA, object[:CLASS], "Class should be readable"
     assert_equal ['value', CKO_DATA], object[:VALUE, :CLASS], "multiple values should be readable"
     assert_equal ['value', CKO_DATA], object[[:VALUE, :CLASS]], "multiple values should be readable"
@@ -80,15 +83,15 @@ class TestPkcs11Object < Minitest::Test
   end
 
   def test_set_attributes
-    object.attributes = {:VALUE => 'value4', PKCS11::CKA_APPLICATION => 'app4'}
+    object.attributes = {VALUE:  'value4', PKCS11::CKA_APPLICATION => 'Äpp4'}
     assert_equal 'value4', object[:VALUE], "Value should have changed"
-    assert_equal 'app4', object[:APPLICATION], "App should have changed"
+    assert_equal 'Äpp4', object[:APPLICATION], "App should have changed"
 
-    object[:VALUE, PKCS11::CKA_APPLICATION] = 'value5', 'app5'
+    object[:VALUE, PKCS11::CKA_APPLICATION] = 'value5', 'äpp5'
     assert_equal 'value5', object[:VALUE], "Value should have changed"
-    assert_equal 'app5', object[:APPLICATION], "App should have changed"
+    assert_equal 'äpp5', object[:APPLICATION], "App should have changed"
     assert_raises(ArgumentError) do
-      object[:VALUE, PKCS11::CKA_APPLICATION, :CLASS] = 'value5', 'app5'
+      object[:VALUE, PKCS11::CKA_APPLICATION, :CLASS] = 'value5', 'äpp5'
     end
 
     object[] = []
@@ -106,7 +109,7 @@ class TestPkcs11Object < Minitest::Test
   end
 
   def test_copy_with_params
-    new_obj = object.copy :APPLICATION=>'Copied object'
+    new_obj = object.copy APPLICATION: 'Copied object'
     assert_equal 'value', new_obj[:VALUE], "Value should be copied"
     assert_equal 'Copied object', new_obj[:APPLICATION], "Application should be changed"
     assert_equal 'My Application', object[:APPLICATION], "Original object should be unchanged"