pkcs11 0.1.0

data/.autotest

@@ -0,0 +1,23 @@
+# -*- ruby -*-
+
+require 'autotest/restart'
+
+# Autotest.add_hook :initialize do |at|
+#   at.extra_files << "../some/external/dependency.rb"
+#
+#   at.libs << ":../some/external"
+#
+#   at.add_exception 'vendor'
+#
+#   at.add_mapping(/dependency.rb/) do |f, _|
+#     at.files_matching(/test_.*rb$/)
+#   end
+#
+#   %w(TestA TestB).each do |klass|
+#     at.extra_class_map[klass] = "test/test_misc.rb"
+#   end
+# end
+
+# Autotest.add_hook :run_command do |at|
+#   system "rake build"
+# end

data/History.txt

@@ -0,0 +1,3 @@
+=== 0.1.0 / 2010-05-03
+
+* first rubygem version

data/MIT-LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2008 Ryosuke Kutsuna <ryosuke@deer-n-horse.jp>
+Copyright (c) 2008 GOTOU Yuuzou <gotoyuzo@notwork.org>
+Copyright (c) 2010 Lars Kanis <kanis@comcard.de>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Manifest.txt

@@ -0,0 +1,34 @@
+.autotest
+History.txt
+MIT-LICENSE
+Manifest.txt
+README.rdoc
+Rakefile
+ext/extconf.rb
+ext/include/cryptoki.h
+ext/include/ct-kip.h
+ext/include/otp-pkcs11.h
+ext/include/pkcs-11v2-20a3.h
+ext/include/pkcs11.h
+ext/include/pkcs11f.h
+ext/include/pkcs11t.h
+ext/pk11.c
+ext/pk11.h
+ext/pk11_const.c
+lib/pkcs11.rb
+lib/pkcs11/extensions.rb
+lib/pkcs11/library.rb
+lib/pkcs11/object.rb
+lib/pkcs11/session.rb
+lib/pkcs11/slot.rb
+sample/firefox_certs.rb
+sample/nssckbi.rb
+test/fixtures/softokn/cert8.db
+test/fixtures/softokn/key3.db
+test/fixtures/softokn/secmod.db
+test/helper.rb
+test/test_pkcs11.rb
+test/test_pkcs11_crypt.rb
+test/test_pkcs11_object.rb
+test/test_pkcs11_session.rb
+test/test_pkcs11_slot.rb

data/README.rdoc

@@ -0,0 +1,156 @@
+= PKCS #11/Ruby Interface
+
+* Homepage: http://github.com/larskanis/pkcs11
+* older SVN repository: http://coderepos.org/share/log/lang/ruby/pkcs11-ruby
+* API documentation: http://pkcs11.rubyforge.org/pkcs11/
+
+This module allows Ruby programs to interface with "RSA Security Inc.
+PKCS #11 Cryptographic Token Interface (Cryptoki)".
+PKCS #11 is the de-facto standard to access cryptographic devices.
+You must have the PKCS #11 v2.20 implementation library installed in
+order to use this module. Tested implementations of PKCS#11 librarys
+include:
+* OpenSC[http://www.opensc-project.org] supported Smart Cards
+* Safenet[http://www.safenet-inc.com] - Protect Server HSMs
+* Mozilla_Soft_Token[https://developer.mozilla.org/en/PKCS11] which comes with every firefox installation
+
+This module works on the Unix like operating systems and win32.
+
+== Installation
+
+  gem install pkcs11
+
+
+== Usage
+Cryptoki has a reputation to be complicated to implement and use.
+While this seems to be true for C it isn't for Ruby.
+
+PKCS11.open requires suitable PKCS #11 implementation as UN*X *.so file or Windows-DLL.
+
+  require "rubygems"
+  require "pkcs11"
+  include PKCS11
+
+  pkcs11 = PKCS11.open("/path/to/pkcs11.so")
+  p pkcs11.info
+  slot = pkcs11.active_slots.first
+  session = slot.open
+  session.login(:USER, "1234")
+  ...
+  session.logout
+  session.close
+
+See PKCS11::Library for API documentation. See unit tests in the <tt>test</tt>
+directory of the project or gem for further examples of the usage.
+
+Detail information for the API specification is provided by RSA Security Inc.
+Please refer the URL: http://www.rsa.com/rsalabs/node.asp?id=2133.
+
+
+== Cross compiling for mswin32
+
+Using rake-compiler a cross compiled pkcs11-gem can be build on a linux host for
+the win32 platform. There are no runtime dependencies to any but the standard Windows DLLs.
+
+Install mingw32. On a debian based system this should work:
+
+  apt-get install mingw32
+
+On MacOS X, if you have MacPorts installed:
+
+  port install i386-mingw32-gcc
+
+Install the rake-compiler:
+
+  gem install rake-compiler
+
+Download and cross compile ruby for win32:
+
+  rake-compiler cross-ruby VERSION=1.8.6-p287
+
+Download and cross compile pkcs11 for win32:
+
+  rake cross native gem
+
+If everything works, there should be pkcs11-VERSION-x86-mswin32.gem in the pkg
+directory.
+
+
+== ToDo
+
+* unit testing (with mozilla softoken)
+* implement all functions/structs
+* sample code
+
+== Development Status
+
+  STATE   FUNCTION               NOTE
+  ------  ---------------------  ----------------------------------------
+  N/A     C_Initialize           called in PKCS11#initialize("/path/to/pk11lib")
+  DONE    C_Finalize             called in GC
+  DONE    C_GetInfo
+  N/A     C_GetFunctionList      internal use only
+  DONE    C_GetSlotList
+  DONE    C_GetSlotInfo
+  DONE    C_GetTokenInfo
+  DONE    C_GetMechanismList
+  DONE    C_GetMechanismInfo
+  DONE    C_InitToken
+  DONE    C_InitPIN
+  DONE    C_SetPIN
+  DONE    C_OpenSession
+  DONE    C_CloseSession
+  DONE    C_CloseAllSessions
+  DONE    C_GetSessionInfo
+  DONE    C_GetOperationState
+  DONE    C_SetOperationState
+  DONE    C_Login
+  DONE    C_Logout
+  DONE    C_CreateObject
+  N/A     C_CopyObject           use C_GetAttributeValue and C_CreateObject
+  DONE    C_DestroyObject
+  DONE    C_GetObjectSize
+  DONE    C_GetAttributeValue
+  DONE    C_SetAttributeValue
+  DONE    C_FindObjectsInit
+  DONE    C_FindObjects
+  DONE    C_FindObjectsFinal
+  DONE    C_EncryptInit
+  DONE    C_Encrypt
+  DONE    C_EncryptUpdate
+  DONE    C_EncryptFinal
+  DONE    C_DecryptInit
+  DONE    C_Decrypt
+  DONE    C_DecryptUpdate
+  DONE    C_DecryptFinal
+  DONE    C_DigestInit
+  DONE    C_Digest
+  DONE    C_DigestUpdate
+  DONE    C_DigestKey
+  DONE    C_DigestFinal
+  DONE    C_SignInit
+  DONE    C_Sign
+  DONE    C_SignUpdate
+  DONE    C_SignFinal
+  DONE    C_SignRecoverInit
+  DONE    C_SignRecover
+  DONE    C_VerifyInit
+  DONE    C_Verify
+  DONE    C_VerifyUpdate
+  DONE    C_VerifyFinal
+  DONE    C_VerifyRecoverInit
+  DONE    C_VerifyRecover
+  DONE    C_DigestEncryptUpdate
+  DONE    C_DecryptDigestUpdate
+  DONE    C_SignEncryptUpdate
+  DONE    C_DecryptVerifyUpdate
+  DONE    C_GenerateKey
+  DONE    C_GenerateKeyPair
+  DONE    C_WrapKey
+  DONE    C_UnwrapKey
+  DONE    C_DeriveKey
+  DONE    C_SeedRandom
+  DONE    C_GenerateRandom
+  N/A     C_GetFunctionStatus    legacy function
+  N/A     C_CancelFunction       legacy function
+  DONE    C_WaitForSlotEvent

data/Rakefile

@@ -0,0 +1,36 @@
+# -*- coding: utf-8 -*-
+# -*- ruby -*-
+
+require 'rubygems'
+require 'hoe'
+require 'rake/extensiontask'
+
+hoe = Hoe.spec 'pkcs11' do
+  developer('Ryosuke Kutsuna', 'ryosuke@deer-n-horse.jp')
+  developer('GOTOU Yuuzou', 'gotoyuzo@notwork.org')
+  developer('Lars Kanis', 'kanis@comcard.de')
+  self.url = 'http://github.com/larskanis/pkcs11'
+  
+  self.readme_file = 'README.rdoc'
+  self.extra_rdoc_files << self.readme_file << 'ext/pk11.c'
+  spec_extras[:extensions] = 'ext/extconf.rb'
+end
+
+ENV['RUBY_CC_VERSION'] = '1.8.6:1.9.1'
+
+Rake::ExtensionTask.new('pkcs11_ext', hoe.spec) do |ext|
+  ext.ext_dir = 'ext'
+  ext.cross_compile = true                # enable cross compilation (requires cross compile toolchain)
+  ext.cross_platform = ['i386-mswin32', 'i386-mingw32']     # forces the Windows platform instead of the default one
+end
+
+# RDoc-upload task for github (currently on rubyforge)
+#
+# require 'grancher/task'
+# Grancher::Task.new do |g|
+#   g.branch = 'gh-pages'         # alternatively, g.refspec = 'ghpages:/refs/heads/ghpages'
+#   g.push_to = 'origin'
+#   g.directory 'doc'
+# end
+
+# vim: syntax=ruby

data/ext/extconf.rb

@@ -0,0 +1,6 @@
+require "mkmf"
+
+basedir = File.dirname(__FILE__)
+$CPPFLAGS += " -I \"#{basedir}/include\""
+have_func("rb_str_set_len")
+create_makefile("pkcs11_ext");

data/ext/include/cryptoki.h

@@ -0,0 +1,66 @@
+/* cryptoki.h include file for PKCS #11. */
+/* $Revision: 1.4 $ */
+
+/* License to copy and use this software is granted provided that it is
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
+ * (Cryptoki)" in all material mentioning or referencing this software.
+
+ * License is also granted to make and use derivative works provided that
+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or 
+ * referencing the derived work.
+
+ * RSA Security Inc. makes no representations concerning either the 
+ * merchantability of this software or the suitability of this software for
+ * any particular purpose. It is provided "as is" without express or implied
+ * warranty of any kind.
+ */
+
+/* This is a sample file containing the top level include directives
+ * for building Win32 Cryptoki libraries and applications.
+ */
+
+#ifndef ___CRYPTOKI_H_INC___
+#define ___CRYPTOKI_H_INC___
+
+#pragma pack(push, cryptoki, 1)
+
+/* Specifies that the function is a DLL entry point. */
+#define CK_IMPORT_SPEC __declspec(dllimport)
+
+/* Define CRYPTOKI_EXPORTS during the build of cryptoki libraries. Do
+ * not define it in applications.
+ */
+#ifdef CRYPTOKI_EXPORTS
+/* Specified that the function is an exported DLL entry point. */
+#define CK_EXPORT_SPEC __declspec(dllexport) 
+#else
+#define CK_EXPORT_SPEC CK_IMPORT_SPEC 
+#endif
+
+/* Ensures the calling convention for Win32 builds */
+#define CK_CALL_SPEC __cdecl
+
+#define CK_PTR *
+
+#define CK_DEFINE_FUNCTION(returnType, name) \
+  returnType CK_EXPORT_SPEC CK_CALL_SPEC name
+
+#define CK_DECLARE_FUNCTION(returnType, name) \
+  returnType CK_EXPORT_SPEC CK_CALL_SPEC name
+
+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
+  returnType CK_IMPORT_SPEC (CK_CALL_SPEC CK_PTR name)
+
+#define CK_CALLBACK_FUNCTION(returnType, name) \
+  returnType (CK_CALL_SPEC CK_PTR name)
+
+#ifndef NULL_PTR
+#define NULL_PTR 0
+#endif
+
+#include "pkcs11.h"
+
+#pragma pack(pop, cryptoki)
+
+#endif /* ___CRYPTOKI_H_INC___ */

data/ext/include/ct-kip.h

@@ -0,0 +1,50 @@
+/* ct-kip.h include file for the PKCS #11 Mechanisms for the
+ * Cryptographic Token Key Initialization Protocol OTPS document.
+ */
+
+/* $Revision: 1.3 $ */
+
+/* License to copy and use this software is granted provided that it is
+ * identified as "RSA Security Inc. Cryptographic Token Key Initialization
+ * Protocol (CT-KIP)" in all material mentioning or referencing this software.
+
+ * RSA Security Inc. makes no representations concerning either the 
+ * merchantability of this software or the suitability of this software for
+ * any particular purpose. It is provided "as is" without express or implied
+ * warranty of any kind.
+ */
+
+/* This file is preferably included after inclusion of pkcs11.h */
+
+#ifndef _CT_KIP_H_
+#define _CT_KIP_H_ 1
+
+/* Are the definitions of this file already included in pkcs11t.h? */
+#ifndef CKM_KIP_DERIVE
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Mechanism Identifiers */
+#define CKM_KIP_DERIVE	    0x00000510
+#define CKM_KIP_WRAP	    0x00000511
+#define CKM_KIP_MAC	    0x00000512
+
+/* Structures */
+typedef struct CK_KIP_PARAMS {
+    CK_MECHANISM_PTR  pMechanism;
+    CK_OBJECT_HANDLE  hKey;
+    CK_BYTE_PTR       pSeed;
+    CK_ULONG          ulSeedLen;
+} CK_KIP_PARAMS;
+
+typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+#endif

data/ext/include/otp-pkcs11.h

@@ -0,0 +1,125 @@
+/* otp-pkcs11.h include file for the PKCS #11 Mechanisms for One-Time
+   Password Tokens OTPS document. */ 
+/* $Revision: 1.6 $ */
+
+/* License to copy and use this software is granted provided that it is
+ * identified as "RSA Security Inc. PKCS #11 Mechanisms for One-Time
+ * Password Tokens" in all material mentioning or referencing this software.
+ *
+ * RSA Security Inc. makes no representations concerning either the
+ * merchantability of this software or the suitability of this software for
+ * any particular purpose. It is provided "as is" without express or implied
+ * warranty of any kind.
+ */
+
+/* This file is preferably included after inclusion of pkcs11.h */
+
+#ifndef _OTP_PKCS11_H_
+#define _OTP_PKCS11_H_ 1
+
+/* Are the definitions of this file already included in pkcs11t.h? */
+#ifndef CKO_OTP_KEY
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* A.1 Object classes */
+#define CKO_OTP_KEY    0x00000008
+
+/* A.2 Key types */
+#define CKK_SECURID    0x00000022
+#define CKK_HOTP       0x00000023
+#define CKK_ACTI       0x00000024
+
+/* A.3 Mechanisms */
+#define CKM_SECURID_KEY_GEN 0x00000280
+#define CKM_SECURID         0x00000282
+#define CKM_HOTP_KEY_GEN    0x00000290
+#define CKM_HOTP            0x00000291
+#define CKM_ACTI            0x000002A0
+#define CKM_ACTI_KEY_GEN    0x000002A1
+
+/* A.4 Attributes */
+#define CKA_OTP_FORMAT                0x00000220
+#define CKA_OTP_LENGTH                0x00000221
+#define CKA_OTP_TIME_INTERVAL         0x00000222
+#define CKA_OTP_USER_FRIENDLY_MODE    0x00000223
+#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224
+#define CKA_OTP_TIME_REQUIREMENT      0x00000225
+#define CKA_OTP_COUNTER_REQUIREMENT   0x00000226
+#define CKA_OTP_PIN_REQUIREMENT       0x00000227
+#define CKA_OTP_COUNTER               0x0000022E
+#define CKA_OTP_TIME                  0x0000022F
+#define CKA_OTP_USER_IDENTIFIER       0x0000022A
+#define CKA_OTP_SERVICE_IDENTIFIER    0x0000022B
+#define CKA_OTP_SERVICE_LOGO          0x0000022C
+#define CKA_OTP_SERVICE_LOGO_TYPE     0x0000022D
+
+/* A.5 Attribute constants */
+#define CK_OTP_FORMAT_DECIMAL      0
+#define CK_OTP_FORMAT_HEXADECIMAL  1
+#define CK_OTP_FORMAT_ALPHANUMERIC 2
+#define CK_OTP_FORMAT_BINARY       3
+
+#define CK_OTP_PARAM_IGNORED       0
+#define CK_OTP_PARAM_OPTIONAL      1
+#define CK_OTP_PARAM_MANDATORY     2
+
+/* A.6 Other constants */
+#define CK_OTP_VALUE          0
+#define CK_OTP_PIN            1
+#define CK_OTP_CHALLENGE      2
+#define CK_OTP_TIME           3
+#define CK_OTP_COUNTER        4
+#define CK_OTP_FLAGS          5
+#define CK_OTP_OUTPUT_LENGTH  6
+#define CK_OTP_OUTPUT_FORMAT  7
+
+#define CKF_NEXT_OTP          0x00000001
+#define CKF_EXCLUDE_TIME      0x00000002
+#define CKF_EXCLUDE_COUNTER   0x00000004
+#define CKF_EXCLUDE_CHALLENGE 0x00000008
+#define CKF_EXCLUDE_PIN       0x00000010
+#define CKF_USER_FRIENDLY_OTP 0x00000020
+
+/* A.7 Notifications */
+#define CKN_OTP_CHANGED       1
+
+/* A.8 Return values */
+#define CKR_NEW_PIN_MODE      0x000001B0
+#define CKR_NEXT_OTP          0x000001B1
+
+/* Structs */
+typedef CK_ULONG CK_OTP_PARAM_TYPE;
+typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* B/w compatibility */
+
+typedef struct CK_OTP_PARAM {
+    CK_OTP_PARAM_TYPE type;
+    CK_VOID_PTR pValue;
+    CK_ULONG ulValueLen;
+} CK_OTP_PARAM;
+
+typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR;
+
+typedef struct CK_OTP_PARAMS {
+    CK_OTP_PARAM_PTR pParams;
+    CK_ULONG ulCount;
+} CK_OTP_PARAMS;
+
+typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR;
+
+typedef struct CK_OTP_SIGNATURE_INFO {
+    CK_OTP_PARAM_PTR pParams;
+    CK_ULONG ulCount;
+} CK_OTP_SIGNATURE_INFO;
+
+typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+#endif