pkcs11_luna 0.2.7

data/test/test_pkcs11_luna.rb

@@ -0,0 +1,112 @@
+require "minitest/autorun"
+require "pkcs11_luna"
+require "test/luna_helper"
+
+class TestPkcs11Luna < Minitest::Test
+  include PKCS11
+  
+  RUBY = File.join(RbConfig::CONFIG['bindir'], RbConfig::CONFIG['ruby_install_name'])
+  FILE = File.dirname(__FILE__)
+  
+  @slot = LunaHelper.get_slot_password()
+  
+  def get_password
+    STDIN.echo = false
+    while ((c = STDIN.getch) != '\n')
+      print c
+    end
+    STDIN.echo = true
+  end
+  
+  def setup
+    @pk = Luna::Library.new
+    @slot, @password = LunaHelper.get_slot_password()
+  end
+  
+  def teardown
+    @pk.close
+  end
+
+=begin 
+  def test_slots_are_luna
+    pkcs11 = @pk
+    pkcs11.slots.each do |slot|
+      assert_equal(slot.class.to_s, "PKCS11::Luna::Slot")
+    end
+  end
+
+
+  MAJOR = 10
+  MINOR = 10
+  def test_application_id 
+    pkcs11 = @pk
+    pkcs11.set_application_id(MAJOR, MINOR)
+    slot = Luna::Slot.new(pkcs11, @slot)
+    begin
+      slot.open_application_id(MAJOR, MINOR)
+    rescue CKR_DATA_INVALID
+      slot.close_application_id(MAJOR, MINOR)
+    end
+    session = slot.open(CKF_RW_SESSION | CKF_SERIAL_SESSION)
+    session.login(:USER, @password)
+    file = File.join(FILE, 'app_id_helper.rb')
+    cmd = "#{RUBY} #{file} #{@slot}"  
+    IO.popen(cmd, 'r') do |p|
+       p.read
+    end
+    assert $?.success?, "The subprocess did not return successfully."
+    
+    
+    session.logout
+    session.close
+    slot.close_application_id(MAJOR, MINOR)
+  end
+=end
+  
+  def test_mechanisms_list
+    pkcs11 = @pk
+    slot = Slot.new(pkcs11, @slot)
+    mechanisms = slot.mechanisms
+    mechanisms.each do |mech_id|
+      assert(Luna::MECHANISMS.key?(mech_id))
+    end
+  end
+  
+  def test_init_token
+    pkcs11 = @pk
+    slot = Slot.new(pkcs11, @slot)
+    
+    assert_raises(Luna::CKR_OPERATION_NOT_ALLOWED, CKR_USER_TYPE_INVALID) {
+      slot.init_token("anypin", "new_label")
+    }   
+  end
+  
+  def test_init_pin
+    pkcs11 = @pk
+    slot = Slot.new(pkcs11, @slot)
+    session = slot.open(CKF_RW_SESSION | CKF_SERIAL_SESSION)
+    session.login(:USER, @password)
+    assert_raises(Luna::CKR_OPERATION_NOT_ALLOWED, CKR_FUNCTION_NOT_SUPPORTED) {
+      session.init_pin("anypin")
+    }
+    session.logout
+    session.close
+  end
+  
+  def test_set_pin
+    pkcs11 = @pk
+    slot = Slot.new(pkcs11, @slot)
+    session = slot.open(CKF_RW_SESSION | CKF_SERIAL_SESSION)
+    session.login(:USER, @password)
+    session.set_pin(@password, @password)
+    session.logout
+    session.close
+  end
+  
+  def test_wait_for_slot_event
+    assert_raises(Luna::CKR_OPERATION_NOT_ALLOWED, CKR_FUNCTION_NOT_SUPPORTED) {
+      @pk.wait_for_slot_event
+    }
+  end
+  
+end

data/test/test_pkcs11_luna_crypt.rb

@@ -0,0 +1,260 @@
+require "minitest/autorun"
+require "pkcs11_luna"
+require "test/luna_helper"
+
+class TestPkcs11LunaCrypt < Minitest::Test
+  include PKCS11
+  
+  def setup
+    @pk = Luna::Library.new
+    slot_id, password = LunaHelper.get_slot_password()
+    @slot = Slot.new(@pk, slot_id)    
+    @session = @slot.open(PKCS11::CKF_RW_SESSION | PKCS11::CKF_SERIAL_SESSION)
+    @session.login(:USER, password)
+  end
+  
+  def teardown
+    @session.logout
+    @session.close
+    @pk.close
+  end
+  
+  def destroy_object(session, label)
+    session.find_objects(:LABEL=>label) do |obj|
+      obj.destroy
+    end
+  end
+
+  
+  def test_ec_pair_gen_derive_aes
+    pub_label = "EC Public Key"
+    priv_label = "EC Private Key"
+    derived_label = "EC Derived Key "
+    destroy_object(@session, pub_label)
+    destroy_object(@session, priv_label)
+    destroy_object(@session, derived_label + '1')
+    destroy_object(@session, derived_label + '2')
+        
+    #DER encoding of OID 1.3.132.0.10 secp256k1
+    curve_oid_der = [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x0A].pack("C*")
+        
+    attributes_public = {:TOKEN=>true, :ENCRYPT=>true, :VERIFY=>true, :WRAP=>true,
+      :EC_PARAMS=>curve_oid_der, :LABEL=>pub_label}
+    attributes_private = {:TOKEN=>true, :DECRYPT=>true, :SIGN=>true, 
+      :DERIVE=>true, :UNWRAP=>true, :SENSITIVE=>true, :LABEL=>priv_label}
+                             
+    pub_key1, priv_key1 = @session.generate_key_pair(:EC_KEY_PAIR_GEN, attributes_public, attributes_private)    
+    pub_key2, priv_key2 = @session.generate_key_pair(:EC_KEY_PAIR_GEN, attributes_public, attributes_private)
+    
+    shared_data = "SHARED DATA"
+    
+    ec_point1 = pub_key1.attributes(:EC_POINT)[0].value
+    ec_point2 = pub_key2.attributes(:EC_POINT)[0].value
+    mechanism = {:ECDH1_DERIVE=>{:kdf=>Luna::CKD_SHA512_KDF, :pSharedData=>shared_data}}
+      
+    derive_attributes = {:CLASS=>CKO_SECRET_KEY, :KEY_TYPE=>CKK_AES, :TOKEN=>true, :SENSITIVE=>true, :PRIVATE=>true,
+    :ENCRYPT=>true, :DECRYPT=>true, :SIGN=>true, :VERIFY=>true, :VALUE_LEN=>32, :LABEL=>derived_label+'1'}
+    
+    assert_raises(Luna::CKR_ECC_POINT_INVALID) do
+      @session.derive_key(mechanism, priv_key1, derive_attributes)
+    end
+    
+    mechanism[:ECDH1_DERIVE][:pPublicData] = ec_point2     
+    derived_key1 = @session.derive_key(mechanism, priv_key1, derive_attributes)
+    mechanism[:ECDH1_DERIVE][:pPublicData] = ec_point1
+    derive_attributes[:LABEL] = derived_label + '2'
+    derived_key2 = @session.derive_key(mechanism, priv_key2, derive_attributes)
+    
+    iv = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16].pack('C*')
+    message = "Text to encrypt"
+    cipher_text = @session.encrypt({:AES_CBC_PAD=>iv}, derived_key1, message)
+    decrypted = @session.decrypt({:AES_CBC_PAD=>iv}, derived_key2, cipher_text)
+    assert_equal(decrypted, message)    
+  end
+  
+  def test_encrypt_decrypt_aes
+    label = "Test AES Key"
+    destroy_object(@session, label)
+    key = @session.generate_key(:AES_KEY_GEN,
+      :CLASS=>CKO_SECRET_KEY, :ENCRYPT=>true, :DECRYPT=>true, :SENSITIVE=>true, 
+      :TOKEN=>true, :VALUE_LEN=>32, :LABEL=>label)
+      
+    assert key[Luna::CKA_FINGERPRINT_SHA256].size == 32
+      
+    message = "Text to encrypt"
+    iv = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16].pack('C*')
+    cipher_text = @session.encrypt({:AES_CBC_PAD=>iv}, key, message)
+    decrypted_text = @session.decrypt({:AES_CBC_PAD=>iv}, key, cipher_text)
+    assert_equal(message, decrypted_text)
+  end
+  
+  def test_generate_rsa_key_pair
+    pub_label = "Test RSA public key"
+    priv_label = "Test RSA private key"
+    destroy_object(@session, pub_label)
+    destroy_object(@session, priv_label)
+    
+    pub_attr = {:ENCRYPT=>true, :VERIFY=>true, 
+      :MODULUS_BITS=>2048, :TOKEN=>true, :WRAP=>true, :LABEL=>pub_label}
+    priv_attr = {:DECRYPT=>true, :SIGN=>true, :SENSITIVE=>true, :PRIVATE=>true, 
+          :TOKEN=>true, :UNWRAP=>true, :LABEL=>priv_label}
+    
+    pub_key, priv_key = @session.generate_key_pair(:RSA_FIPS_186_3_AUX_PRIME_KEY_PAIR_GEN, pub_attr, priv_attr)    
+  end
+  
+  def test_encrypt_decrypt_rsa
+    pub_key, priv_key = test_generate_rsa_key_pair
+    message = "Text to encrypt using RSA keys"
+    encrypted = @session.encrypt(:RSA_PKCS, pub_key, message)
+    decrypted = @session.decrypt(:RSA_PKCS, priv_key, encrypted)
+    assert_equal(message, decrypted)    
+  end
+  
+  def test_sign_verify_rsa
+    pub_key, priv_key = test_generate_rsa_key_pair
+    data = "Text to sign/verify using RSA keys"
+    signature = @session.sign(:SHA512_RSA_PKCS, priv_key, data)
+    @session.verify(:SHA512_RSA_PKCS, pub_key, signature, data)
+  end
+  
+  def generate_aes_key(label)
+    label = "Ruby AES Key"
+    destroy_object(@session, label)
+    key = @session.generate_key(:AES_KEY_GEN,
+      :CLASS=>CKO_SECRET_KEY, :ENCRYPT=>true, :DECRYPT=>true, :SENSITIVE=>true, 
+      :TOKEN=>true, :EXTRACTABLE=>true, :VALUE_LEN=>32, :LABEL=>label)
+    
+    return key
+  end
+  
+  def test_wrap_unwrap
+    pub_key, priv_key = test_generate_rsa_key_pair
+        
+    aes_key = generate_aes_key("Wrapped AES Key")
+        
+    wrapped = @session.wrap_key(:RSA_PKCS, pub_key, aes_key)
+    
+    label = "Unwrapped AES Key"
+    destroy_object(@session, label)
+    
+    attributes = {:CLASS=>CKO_SECRET_KEY, :KEY_TYPE=>CKK_AES, :ENCRYPT=>true, :DECRYPT=>true, :SENSITIVE=>true, 
+    :TOKEN=>true, :VALUE_LEN=>32, :LABEL=>label}
+    
+    unwrapped_key = @session.unwrap_key(:RSA_PKCS, priv_key, wrapped, attributes)
+    
+    message = "Encrypt/Decrypt with a wrapped and unwrapped key"
+    iv = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16].pack('C*')
+    cipher_text = @session.encrypt({:AES_CBC_PAD=>iv}, aes_key, message)
+    decrypted_text = @session.decrypt({:AES_CBC_PAD=>iv}, unwrapped_key, cipher_text)
+    assert_equal(message, decrypted_text)
+  end
+  
+  def test_digest
+    data = "Data to digest."
+    digest = @session.digest(:SHA512, data)
+    hex = digest.bytes.map { |b| sprintf("%02X",b) }.join
+    assert_equal(hex, "B22A958E549B113FEC7FE2FBDE766A88D44E34FA47F3EED9DCBA9294AC46DA0CB2511F38943D1F1A533EB25C177F0FC38F2EFC87215D9043F67A103E849A2605")    
+  end
+  
+  def test_des3_cmac_general
+    label = "DES Key"
+    destroy_object(@session, label)
+    des_key = @session.generate_key(:DES3_KEY_GEN,
+          :CLASS=>CKO_SECRET_KEY, :SIGN=>true, :VERIFY=>true, :ENCRYPT=>true, :DECRYPT=>true, :SENSITIVE=>true, 
+          :TOKEN=>true, :EXTRACTABLE=>true, :LABEL=>label)
+          
+    data = "Data to be signed."
+    signature = @session.sign({:DES3_CMAC_GENERAL=>8}, des_key, data)
+    @session.verify({:DES3_CMAC_GENERAL=>8}, des_key, signature, data)      
+  end
+  
+  def get_data
+    plaintext = ""
+    (0..10000).each do |i|
+      plaintext << (i%26+65).chr
+    end
+    plaintext
+  end
+  
+  def test_encrypt_decrypt_multipart
+    key = generate_aes_key("Ruby AES Key")
+    
+    iv = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16].pack('C*')
+    mechanism = {:AES_CBC_PAD=>iv}
+    
+    chunk_size = 1024
+    plaintext = get_data
+    
+    encrypted = ""
+    index = 0
+    encrypted << @session.encrypt(mechanism, key) do |cipher|
+      while index < plaintext.size
+        s = plaintext.slice(index, chunk_size)
+        encrypted << cipher.update(s)
+        index += chunk_size
+      end
+    end
+    
+    decrypted = ""
+    index = 0
+    decrypted << @session.decrypt(mechanism, key) do |cipher|
+      while index < encrypted.size
+        s = encrypted.slice(index, chunk_size)
+        decrypted << cipher.update(s) 
+        index += chunk_size
+      end
+    end
+    assert plaintext == decrypted    
+  end
+  
+  def test_sign_verify
+    pub_key, priv_key = test_generate_rsa_key_pair
+    
+    plaintext = get_data    
+    
+    signature = @session.sign(:SHA512_RSA_PKCS, priv_key) {|c|
+      index = 0
+      while index < plaintext.size
+        c.update(plaintext.slice(index, 256))
+        index += 256
+      end
+    }
+    
+    @session.verify(:SHA512_RSA_PKCS, pub_key, signature) {|c|
+      index = 0
+      while index < plaintext.size
+        c.update(plaintext.slice(index, 256))
+        index += 256
+      end
+    }    
+  end
+  
+  def test_digest_encrypt_decrypt_update
+    assert_raises(CKR_FUNCTION_NOT_SUPPORTED) {
+      @session.C_DigestEncryptUpdate("Not supported")
+    }
+    assert_raises(CKR_FUNCTION_NOT_SUPPORTED) {
+      @session.C_DecryptDigestUpdate("Not supported")
+    }
+  end
+  
+  def test_verify_recover
+    pub_key, priv_key = test_generate_rsa_key_pair
+    assert_raises(CKR_FUNCTION_NOT_SUPPORTED) {
+      @session.C_VerifyRecoverInit(:SHA512_RSA_PKCS, pub_key)
+    }
+    assert_raises(CKR_FUNCTION_NOT_SUPPORTED) {
+      @session.C_VerifyRecover("Not supported")
+    }
+  end
+  
+  def test_sign_verify_encrypt_decrypt_update
+    assert_raises(CKR_FUNCTION_NOT_SUPPORTED) {
+      @session.C_SignEncryptUpdate("Not supported")
+    }
+    assert_raises(CKR_FUNCTION_NOT_SUPPORTED) {
+      @session.C_DecryptVerifyUpdate("Not supported")
+    }
+  end
+  
+end

metadata

@@ -0,0 +1,173 @@
+--- !ruby/object:Gem::Specification
+name: pkcs11_luna
+version: !ruby/object:Gem::Version
+  version: 0.2.7
+platform: ruby
+authors:
+- SafeNet
+autorequire: 
+bindir: bin
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDPDCCAiSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBEMQ0wCwYDVQQDDARsYXJz
+  MR8wHQYKCZImiZPyLGQBGRYPZ3JlaXotcmVpbnNkb3JmMRIwEAYKCZImiZPyLGQB
+  GRYCZGUwHhcNMTcwNDA0MTgyNDE1WhcNMTgwNDA0MTgyNDE1WjBEMQ0wCwYDVQQD
+  DARsYXJzMR8wHQYKCZImiZPyLGQBGRYPZ3JlaXotcmVpbnNkb3JmMRIwEAYKCZIm
+  iZPyLGQBGRYCZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZb4Uv
+  RFJfRu/VEWiy3psh2jinETjiuBrL0NeRFGf8H7iU9+gx/DI/FFhfHGLrDeIskrJx
+  YIWDMmEjVO10UUdj7wu4ZhmU++0Cd7Kq9/TyP/shIP3IjqHjVLCnJ3P6f1cl5rxZ
+  gqo+d3BAoDrmPk0rtaf6QopwUw9RBiF8V4HqvpiY+ruJotP5UQDP4/lVOKvA8PI9
+  P0GmVbFBrbc7Zt5h78N3UyOK0u+nvOC23BvyHXzCtcFsXCoEkt+Wwh0RFqVZdnjM
+  LMO2vULHKKHDdX54K/sbVCj9pN9h1aotNzrEyo55zxn0G9PHg/G3P8nMvAXPkUTe
+  brhXrfCwWRvOXA4TAgMBAAGjOTA3MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0G
+  A1UdDgQWBBRAHK81igrXodaDj8a8/BIKsaZrETANBgkqhkiG9w0BAQUFAAOCAQEA
+  Wbp+grpaqUH+RiXNXmi/5xBfvSYLbxWj+DZpCSnQW+DMfx46RVVko3b7BtKDs2zs
+  EtKM6r6s7VbllPgcYUzaP92uzPqCw8FncvqG0+B+Nd4C2jKzPxAQyzYXv/3bQhv1
+  sXAzEqLQqKx5V63eBDh1TPvPTEMfJwmjcdcbvMwFSt5EcUkT63W13ZJXX23JYp1K
+  KRW+N1WIYz8RSBNaQIP2v5Inb9vUA+jPUOcdyLHoi205lyZ28hE4lcnh9Zs02aHs
+  Ao8FZozVJz8xVEuYNJsL2k70w0FiwXwoWyvKyekgPBvYNUj4JGDMtBBayJTOpDs7
+  3EVmCm5IRuqZ1UcDFouQ9w==
+  -----END CERTIFICATE-----
+date: 2018-01-05 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: pkcs11
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.2.7
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.2.7
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.6'
+- !ruby/object:Gem::Dependency
+  name: rake-compiler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.7'
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: hoe
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.16'
+description: This module allows Ruby programs to use vendor extensions for SafeNet
+  Luna.
+email:
+- support@safenet-inc.com
+executables: []
+extensions:
+- ext/extconf.rb
+extra_rdoc_files:
+- Manifest.txt
+- README_LUNA.rdoc
+- ext/pk11l.c
+files:
+- ".gemtest"
+- ".yardopts"
+- Manifest.txt
+- README_LUNA.rdoc
+- Rakefile
+- examples/config.rb
+- examples/derive_aes_ecdh_key.rb
+- examples/encrypt_decrypt_aes.rb
+- examples/encrypt_decrypt_rsa.rb
+- examples/mechanism_list.rb
+- examples/multithread.rb
+- examples/objects_list.rb
+- examples/sign_verify.rb
+- examples/slot_info.rb
+- ext/extconf.rb
+- ext/generate_constants.rb
+- ext/generate_structs.rb
+- ext/pk11_const_macros.h
+- ext/pk11_struct_macros.h
+- ext/pk11_version.h
+- ext/pk11l.c
+- ext/pk11l_const_def.inc
+- ext/pk11l_struct.doc
+- ext/pk11l_struct_def.inc
+- ext/pk11l_struct_impl.inc
+- lib/pkcs11_luna.rb
+- lib/pkcs11_luna/extensions.rb
+- test/app_id_helper.rb
+- test/luna_helper.rb
+- test/test_pkcs11_luna.rb
+- test/test_pkcs11_luna_crypt.rb
+homepage: http://github.com/larskanis/pkcs11
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options:
+- "--main"
+- README_LUNA.rdoc
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.3
+signing_key: 
+specification_version: 4
+summary: SafeNet-Luna extensions for PKCS#11-Ruby
+test_files: []

metadata.gz.sig

@@ -0,0 +1 @@
+��V�5��J�d�0UH%�A!�yNQ��m�)�Vy�U2�Z�[.�l5��Iq��#“������4�/6m��E�UD4��H����!���5�(�0\G&���43o�����Jmx�#m�R���d�n5ב�k�J; F6��7��	VR��e�^�Ʋ���"![��P�|.�K�'��x	��*O�{깡묹.���)X�Q�@�X�T�@,8?�7\?� � ����$����DɎf��	\�ĶF�g�E�