pkcs11 0.2.3 → 0.2.4

data.tar.gz.sig

@@ -0,0 +1 @@
+�S\���x~O��#t�3�_��a�rq��	�<�2��$���'��8��_���'L���F�*�Fd�ۚ\�QR�跢|���[;���4�
.)������B�8L��3�/�]a�	�L��jbV��dg�T�l^���g���q
2
'���9�UcG��ohC?�

data/History.txt

@@ -1,3 +1,8 @@
+=== 0.2.4 / 2013-04-05
+
+* Build and package binary x64 version for Windows in addition to x86.
+* Allow to use big positive numbers (>0x80000000) in 32bit mode (Anton Fedorov)
+
 === 0.2.3 / 2012-01-25
 
 * fix C_WaitForSlotEvent to be a Library- instead of a Slot-method

data/README.rdoc

@@ -1,7 +1,9 @@
+{<img src="https://travis-ci.org/larskanis/pkcs11.png?branch=master" alt="Build Status" />}[https://travis-ci.org/larskanis/pkcs11]
+
 = PKCS #11/Ruby Interface
 
 * Homepage: http://github.com/larskanis/pkcs11
-* API documentation: http://pkcs11.rubyforge.org/pkcs11/
+* API documentation: http://pkcs11.rubyforge.org/pkcs11/frames.html
 
 This module allows Ruby programs to interface with "RSA Security Inc.
 PKCS #11 Cryptographic Token Interface (Cryptoki)".
@@ -33,7 +35,7 @@ While this seems to be true for C, it shouldn't for Ruby.
 * {PKCS11::Object} represents a key, data or certificate object.
 * all constants defined in PKCS#11 v2.20 are available in the module {PKCS11}
   and contain the associated Integer value (CKA_KEY_TYPE, CKK_AES, CKM_SHA_1 etc.)
-* also all structs are available in the module {PKCS11} as proper ruby classes
+* also all PKCS#11 v2.20 structs are available in the module {PKCS11} as proper ruby classes
   ({PKCS11::CK_VERSION}, {PKCS11::CK_OTP_PARAMS} etc.)
 
 === Example
@@ -42,19 +44,19 @@ While this seems to be true for C, it shouldn't for Ruby.
   include PKCS11
 
   pkcs11 = PKCS11.open("/path/to/pkcs11.so")
-  p pkcs11.info
-  session = pkcs11.active_slots.first.open
-  session.login(:USER, "1234")
-  secret_key = session.generate_key(:DES2_KEY_GEN,
-    :ENCRYPT=>true, :DECRYPT=>true, :SENSITIVE=>true, :TOKEN=>true, :LABEL=>'my key')
-  cryptogram = session.encrypt( {:DES3_CBC_PAD=>"\0"*8}, secret_key, "some plaintext")
-  session.logout
-  session.close
-
-This opens a PKCS#11 library and prints it's information block.
-Then a {PKCS11::Session} to the first active slot of the device is opened and
-a login is done on the user account. Now, a 112 bit DES3 key is generated and
-some plaintext is encrypted with it. A 8-byte zero IV is used. In many cases method parameters
+  p pkcs11.info  # => #<PKCS11::CK_INFO cryptokiVersion=...>
+  pkcs11.active_slots.first.open do |session|
+    session.login(:USER, "1234")
+    secret_key = session.generate_key(:DES2_KEY_GEN,
+      :ENCRYPT=>true, :DECRYPT=>true, :SENSITIVE=>true, :TOKEN=>true, :LABEL=>'my key')
+    cryptogram = session.encrypt( {:DES3_CBC_PAD=>"\0"*8}, secret_key, "some plaintext")
+    session.logout
+  end
+
+This opens a {PKCS11::Library PKCS#11 library} and prints it's {PKCS11::CK_INFO information block}.
+Then a {PKCS11::Session} to the first {PKCS11::Library#active_slots active slot} of the device is opened and
+a {PKCS11::Session#login login} is done on the user account. Now, a 112 bit DES3 {PKCS11::Object key object} is generated and
+some plaintext is {PKCS11::Session#encrypt encrypted} with it. A 8-byte zero IV is used. In many cases method parameters
 can be Integer (like PKCS11::CKA_LABEL) or, as in the sample, Symbol (:LABEL) which is internally
 converted.
 
@@ -76,7 +78,7 @@ The pkcs11 binding fully supports native, background Ruby threads.
 This of course only applies to Rubinius and Ruby 1.9.x or higher since
 earlier versions of Ruby do not support native threads.
 
-Calling the Cryptoki library from multiple threads simultaneously,
+According to the standard, calling the Cryptoki library from multiple threads simultaneously,
 requires to open it with flag PKCS11::CKF_OS_LOCKING_OK.
 Application-supplied synchronization primitives
 (CreateMutex, DestroyMutex, LockMutex, UnlockMutex) are not supported.

data/Rakefile

@@ -26,7 +26,7 @@ hoe = Hoe.spec 'pkcs11' do
   extra_dev_deps << ['yard', '>= 0.6']
   extra_dev_deps << ['rake-compiler', '>= 0.7']
 
-  self.url = 'http://github.com/larskanis/pkcs11'
+  self.urls = ['http://github.com/larskanis/pkcs11']
   self.summary = 'PKCS#11 binding for Ruby'
   self.description = 'This module allows Ruby programs to interface with "RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki)".'
 
@@ -39,12 +39,12 @@ hoe = Hoe.spec 'pkcs11' do
   self.rdoc_locations << "larskanis@rack.rubyforge.org:/var/www/gforge-projects/pkcs11/pkcs11/"
 end
 
-ENV['RUBY_CC_VERSION'] ||= '1.8.7:1.9.2'
+ENV['RUBY_CC_VERSION'] ||= '1.8.7:1.9.3:2.0.0'
 
 Rake::ExtensionTask.new('pkcs11_ext', hoe.spec) do |ext|
   ext.ext_dir = 'ext'
   ext.cross_compile = true                # enable cross compilation (requires cross compile toolchain)
-  ext.cross_platform = ['i386-mingw32']     # forces the Windows platform instead of the default one
+  ext.cross_platform = ['i386-mingw32', 'x64-mingw32']     # forces the Windows platform instead of the default one
 end
 
 file 'ext/extconf.rb' => ['ext/pk11_struct_def.inc', 'ext/pk11_thread_funcs.c']
@@ -66,6 +66,17 @@ end
 file 'ext/pk11_thread_funcs.c' => 'ext/pk11_thread_funcs.h'
 file 'ext/pk11.h' => 'ext/pk11_thread_funcs.h'
 
+task 'copy:pkcs11_ext:i386-mingw32:1.9.3' do |t|
+  sh "i686-w64-mingw32-strip -S tmp/i386-mingw32/stage/lib/1.9/pkcs11_ext.so"
+end
+task 'copy:pkcs11_ext:i386-mingw32:2.0.0' do |t|
+  sh "i686-w64-mingw32-strip -S tmp/i386-mingw32/stage/lib/2.0/pkcs11_ext.so"
+end
+task 'copy:pkcs11_ext:x64-mingw32:2.0.0' do |t|
+  sh "x86_64-w64-mingw32-strip -S tmp/x64-mingw32/stage/lib/2.0/pkcs11_ext.so"
+end
+
+
 task :docs_of_vendor_extensions do
   Dir['pkcs11_*'].each do |dir|
     chdir(dir) do

data/ext/pk11.c

@@ -1376,6 +1376,7 @@ ck_attr_initialize(int argc, VALUE *argv, VALUE self)
     attr->ulValueLen = 0;
     break;
   case T_FIXNUM:
+  case T_BIGNUM:
     attr->pValue = (CK_BYTE_PTR)malloc(sizeof(CK_OBJECT_CLASS));
     *((CK_OBJECT_CLASS*)attr->pValue) = NUM2ULONG(value);
     attr->ulValueLen = sizeof(CK_OBJECT_CLASS);
@@ -1531,6 +1532,7 @@ cCK_MECHANISM_set_pParameter(VALUE self, VALUE value)
     m->ulParameterLen = RSTRING_LEN(value);
     break;
   case T_FIXNUM:
+  case T_BIGNUM:
     ulong_val = NUM2ULONG(value);
     value = rb_obj_freeze(rb_str_new((char*)&ulong_val, sizeof(ulong_val)));
     m->pParameter = RSTRING_PTR(value);

data/ext/pk11_version.h

@@ -1,6 +1,6 @@
 #ifndef RUBY_PK11_VERSION_H
 #define RUBY_PK11_VERSION_H
 
-static const char *VERSION = "0.2.3";
+static const char *VERSION = "0.2.4";
 
 #endif

data/lib/pkcs11/helper.rb

@@ -134,6 +134,8 @@ module PKCS11
           PKCS11::CK_MECHANISM.new(mech, param)
         when Fixnum
           PKCS11::CK_MECHANISM.new(mechanism)
+        when Bignum
+          PKCS11::CK_MECHANISM.new(mechanism)
         else
           mechanism
       end

data/lib/pkcs11/library.rb

@@ -39,6 +39,9 @@ module PKCS11
     end
 
     alias unwrapped_C_Initialize C_Initialize
+    # Initialize a pkcs11 dynamic library.
+    #
+    # @param [Hash, CK_C_INITIALIZE_ARGS] args  A Hash or CK_C_INITIALIZE_ARGS instance with load params.
     def C_Initialize(args=nil)
       case args
         when Hash

data/pkcs11_protect_server/README_PROTECT_SERVER.rdoc

@@ -0,0 +1,89 @@
+= PKCS #11/Ruby Interface for Safenet Protect Server HSM
+
+* Homepage: http://github.com/larskanis/pkcs11
+* API documentation: http://pkcs11.rubyforge.org/pkcs11/
+* Safenet[http://www.safenet-inc.com] - Protect Server HSM
+
+This ruby gem is an add-on to ruby-pkcs11[http://github.com/larskanis/pkcs11] .
+It allowes to use Protect Server specific extensions, which are beyond the PKCS#11 standard.
+That means CKA_EXPORT, CKM_DES3_DERIVE_CBC, structs like CK_DES3_CBC_PARAMS, special functions and so on.
+The module works on the Unix like operating systems and win32.
+
+== Requirements
+
+* ProtectServer PTKC-SDK to compile the module
+* pkcs11 gem installed (use: <tt>gem install pkcs11</tt> )
+
+== Installation
+
+  gem install pkcs11_protect_server -- --with-protect-server-sdk-dir=/path/to/ETcpsdk
+
+This installs the ProtectServer-PKCS#11 extension along with pkcs11-gem either by compiling (Unix)
+or by using the precompiled gem for Win32.
+
+  git clone git://github.com/larskanis/pkcs11.git
+  cd pkcs11_protect_server
+  rake gem PROTECT_SERVER_SDK_DIR=/path/to/ETcpsdk
+  gem install -l pkg/pkcs11_protect_server -- --with-protect-server-sdk-dir=/path/to/ETcpsdk
+
+Downloads and installs the gem from git source.
+
+== Usage
+
+Open the software emulation library and login to a session:
+
+  require "rubygems"
+  require "pkcs11_protect_server"
+
+  pkcs11 = PKCS11::ProtectServer::Library.new(:sw)
+  p pkcs11.info
+  session = pkcs11.active_slots.last.open
+  session.login(:USER, "1234")
+  # ... crypto operations
+  session.logout
+  session.close
+
+{PKCS11::ProtectServer::Library#initialize} tries to find the library file in
+the standard installation directory on Windows or Linux.
+
+== Cross compiling for mswin32
+
+Using rake-compiler a cross compiled pkcs11_protect_server.gem can be build on a linux host for
+the win32 platform. There are no runtime dependencies to any but the standard Windows DLLs.
+
+Install mingw32. On a debian based system this should work:
+
+  apt-get install mingw32
+
+On MacOS X, if you have MacPorts installed:
+
+  port install i386-mingw32-gcc
+
+Install the rake-compiler:
+
+  gem install rake-compiler
+
+Download and cross compile ruby for win32:
+
+  rake-compiler cross-ruby VERSION=1.8.7-p352
+  rake-compiler cross-ruby VERSION=1.9.2-p290
+
+Download and cross compile pkcs11_protect_server for win32:
+
+  rake cross native gem PROTECT_SERVER_SDK_DIR=/path/to/ETcpsdk
+
+If everything works, there should be pkcs11_protect_server-VERSION-x86-mswin32.gem in the pkg
+directory.
+
+
+== ToDo
+
+* implement ProtectServer specific function calls
+* implement possibility to use callbacks
+* add all structs and constants
+
+== Authors
+* Lars Kanis <kanis@comcard.de>
+
+== Copying
+See MIT-LICENSE included in the package.

data/test/test_pkcs11_crypt.rb

@@ -188,7 +188,8 @@ class TestPkcs11Crypt < Test::Unit::TestCase
     new_key2 = session.derive_key( {:DH_PKCS_DERIVE=>key1.pub_key.to_s(2)}, priv_key2,
       :CLASS=>CKO_SECRET_KEY, :KEY_TYPE=>CKK_AES, :VALUE_LEN=>16, :ENCRYPT=>true, :DECRYPT=>true, :SENSITIVE=>false )
 
-    assert_equal new_key1[0,16], new_key2[:VALUE], 'Exchanged session key should be equal'
+    # Some versions of softokn3 use left- and some use rightmost bits of exchanged key
+    assert_operator [new_key1[0,16], new_key1[-16..-1]], :include?, new_key2[:VALUE], 'Exchanged session key should be equal'
   end
 
   def test_derive_key2

data/test/test_pkcs11_structs.rb

@@ -150,4 +150,17 @@ class TestPkcs11Structs < Test::Unit::TestCase
     assert_equal ["2010", "12", "31"], s.values, 'values of CK_DATE'
     assert_equal( {:day=>"31", :month=>"12", :year=>"2010"}, s.to_hash, 'CK_DATE as hash' )
   end
+
+  def test_bignum_attribute
+    bignum = [-1].pack("l_").unpack("L_")[0]
+    attr = CK_ATTRIBUTE.new(CKA_KEY_TYPE, bignum)
+    assert_equal bignum, attr.value, "The bignum value should set"
+  end
+
+  def test_bignum_mechanism
+    bignum = [-1].pack("l_").unpack("L_")[0]
+    mech = CK_MECHANISM.new(bignum-1, bignum)
+    assert_equal bignum-1, mech.mechanism, "The bignum mechanism should set"
+    assert_equal [-1].pack("l_"), mech.pParameter, "The bignum parameter is retrieved as String"
+  end
 end

data/test/test_pkcs11_thread.rb

@@ -35,7 +35,7 @@ class TestPkcs11Thread < Test::Unit::TestCase
     }
     # This should take some seconds:
     pub_key, priv_key = session.generate_key_pair(:RSA_PKCS_KEY_PAIR_GEN,
-      {:MODULUS_BITS=>1408, :PUBLIC_EXPONENT=>[3].pack("N"), :TOKEN=>false},
+      {:MODULUS_BITS=>2048, :PUBLIC_EXPONENT=>[3].pack("N"), :TOKEN=>false},
       {})
     th.kill
     assert_operator count, :>, 10, "The second thread should count further concurrent to the key generation"

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: pkcs11
 version: !ruby/object:Gem::Version 
-  hash: 17
+  hash: 31
   prerelease: 
   segments: 
   - 0
   - 2
-  - 3
-  version: 0.2.3
+  - 4
+  version: 0.2.4
 platform: ruby
 authors: 
 - Ryosuke Kutsuna
@@ -15,53 +15,74 @@ authors:
 - Lars Kanis
 autorequire: 
 bindir: bin
-cert_chain: []
+cert_chain: 
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDPDCCAiSgAwIBAgIBADANBgkqhkiG9w0BAQUFADBEMQ0wCwYDVQQDDARsYXJz
+  MR8wHQYKCZImiZPyLGQBGRYPZ3JlaXotcmVpbnNkb3JmMRIwEAYKCZImiZPyLGQB
+  GRYCZGUwHhcNMTMwMzExMjAyMjIyWhcNMTQwMzExMjAyMjIyWjBEMQ0wCwYDVQQD
+  DARsYXJzMR8wHQYKCZImiZPyLGQBGRYPZ3JlaXotcmVpbnNkb3JmMRIwEAYKCZIm
+  iZPyLGQBGRYCZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZb4Uv
+  RFJfRu/VEWiy3psh2jinETjiuBrL0NeRFGf8H7iU9+gx/DI/FFhfHGLrDeIskrJx
+  YIWDMmEjVO10UUdj7wu4ZhmU++0Cd7Kq9/TyP/shIP3IjqHjVLCnJ3P6f1cl5rxZ
+  gqo+d3BAoDrmPk0rtaf6QopwUw9RBiF8V4HqvpiY+ruJotP5UQDP4/lVOKvA8PI9
+  P0GmVbFBrbc7Zt5h78N3UyOK0u+nvOC23BvyHXzCtcFsXCoEkt+Wwh0RFqVZdnjM
+  LMO2vULHKKHDdX54K/sbVCj9pN9h1aotNzrEyo55zxn0G9PHg/G3P8nMvAXPkUTe
+  brhXrfCwWRvOXA4TAgMBAAGjOTA3MAsGA1UdDwQEAwIEsDAJBgNVHRMEAjAAMB0G
+  A1UdDgQWBBRAHK81igrXodaDj8a8/BIKsaZrETANBgkqhkiG9w0BAQUFAAOCAQEA
+  Iswhcol3ytXthaUH3k5LopZ09viZrZHzAw0QleI3Opl/9QEGJ2BPV9+93iC0OrNL
+  hmnxig6vKK1EeJ5PHXJ8hOI3nTZBrOmQcEXNBqyToP1FHMWZqwZ8wiBPXtiCqDBR
+  ePQ25J9xFNzQ1ItgzNSpx5cs67QNKrx5woocoBHD6kStFbshZPJx4axl3GbUFQd5
+  H//3YdPQOH3jaVeUXhS+pz/gfbx8fhFAtsQ+855A3HO7g2ZRIg/atAp/0MFyn5s5
+  0rq+VHOIPyvxF5khT0mYAcNmZTC8z1yPsqdgwfYNDjsSWwiIRSPUSmJRvfjM8hsW
+  mMFp4kPUHbWOqCp2mz9gCA==
+  -----END CERTIFICATE-----
 
-date: 2012-01-25 00:00:00 Z
+date: 2013-04-05 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  name: yard
+  name: rdoc
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
-    - - ">="
+    - - ~>
       - !ruby/object:Gem::Version 
-        hash: 7
+        hash: 19
         segments: 
-        - 0
-        - 6
-        version: "0.6"
+        - 3
+        - 10
+        version: "3.10"
   type: :development
   version_requirements: *id001
 - !ruby/object:Gem::Dependency 
-  name: rake-compiler
+  name: yard
   prerelease: false
   requirement: &id002 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 5
+        hash: 7
         segments: 
         - 0
-        - 7
-        version: "0.7"
+        - 6
+        version: "0.6"
   type: :development
   version_requirements: *id002
 - !ruby/object:Gem::Dependency 
-  name: rdoc
+  name: rake-compiler
   prerelease: false
   requirement: &id003 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version 
-        hash: 19
+        hash: 5
         segments: 
-        - 3
-        - 10
-        version: "3.10"
+        - 0
+        - 7
+        version: "0.7"
   type: :development
   version_requirements: *id003
 - !ruby/object:Gem::Dependency 
@@ -72,11 +93,11 @@ dependencies:
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 27
+        hash: 7
         segments: 
-        - 2
-        - 12
-        version: "2.12"
+        - 3
+        - 0
+        version: "3.0"
   type: :development
   version_requirements: *id004
 description: "This module allows Ruby programs to interface with \"RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki)\"."
@@ -91,8 +112,9 @@ extensions:
 extra_rdoc_files: 
 - History.txt
 - Manifest.txt
-- pkcs11_protect_server/Manifest.txt
 - README.rdoc
+- pkcs11_protect_server/Manifest.txt
+- pkcs11_protect_server/README_PROTECT_SERVER.rdoc
 - ext/pk11.c
 files: 
 - .autotest
@@ -145,6 +167,7 @@ files:
 - ext/pk11_thread_funcs.h
 - ext/pk11_thread_funcs.c
 - pkcs11_protect_server/Manifest.txt
+- pkcs11_protect_server/README_PROTECT_SERVER.rdoc
 homepage: http://github.com/larskanis/pkcs11
 licenses: []
 
@@ -175,7 +198,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: pkcs11
-rubygems_version: 1.8.6
+rubygems_version: 1.8.17
 signing_key: 
 specification_version: 3
 summary: PKCS#11 binding for Ruby

metadata.gz.sig

@@ -0,0 +1,2 @@
+�ٲ��^$+ɺ	�R�@_������W����x�Or}��{h�jw!�Lj���J<<
+�S�Z\fY�/��Ww�/�W2#(?zZ���Z���A��ķ����S���XVE�27�ɧL���5�L��hx)BT�z�����<+u�*	�rK��JV��*#e|�AIE��a�6$a8"�69w�s{�
�'Q[Q�����wWTӀ��y-yP�����?�oJٲ�*�W����X�?�i�HM�l