pkcs11_protect_server 0.2.2-x86-mingw32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gemtest +0 -0
- data/.yardopts +1 -0
- data/Manifest.txt +14 -0
- data/README_PROTECT_SERVER.rdoc +89 -0
- data/Rakefile +86 -0
- data/ext/extconf.rb +16 -0
- data/ext/generate_constants.rb +41 -0
- data/ext/generate_structs.rb +75 -0
- data/ext/pk11_const_macros.h +38 -0
- data/ext/pk11_struct_macros.h +435 -0
- data/ext/pk11_version.h +6 -0
- data/ext/pk11s.c +70 -0
- data/ext/pk11s_const_def.inc +182 -0
- data/ext/pk11s_struct.doc +206 -0
- data/ext/pk11s_struct_def.inc +79 -0
- data/ext/pk11s_struct_impl.inc +79 -0
- data/lib/1.8/pkcs11_protect_server_ext.so +0 -0
- data/lib/1.9/pkcs11_protect_server_ext.so +0 -0
- data/lib/pkcs11_protect_server.rb +11 -0
- data/lib/pkcs11_protect_server/extensions.rb +113 -0
- data/test/helper.rb +14 -0
- data/test/test_pkcs11_protect_server.rb +50 -0
- data/test/test_pkcs11_protect_server_crypt.rb +103 -0
- metadata +167 -0
@@ -0,0 +1,79 @@
|
|
1
|
+
PKCS11_DEFINE_STRUCT(CK_DES_CBC_PARAMS);
|
2
|
+
PKCS11_DEFINE_MEMBER(CK_DES_CBC_PARAMS, iv);
|
3
|
+
PKCS11_DEFINE_MEMBER(CK_DES_CBC_PARAMS, data);
|
4
|
+
|
5
|
+
PKCS11_DEFINE_STRUCT(CK_DES2_CBC_PARAMS);
|
6
|
+
PKCS11_DEFINE_MEMBER(CK_DES2_CBC_PARAMS, iv);
|
7
|
+
PKCS11_DEFINE_MEMBER(CK_DES2_CBC_PARAMS, data);
|
8
|
+
|
9
|
+
PKCS11_DEFINE_STRUCT(CK_DES3_CBC_PARAMS);
|
10
|
+
PKCS11_DEFINE_MEMBER(CK_DES3_CBC_PARAMS, iv);
|
11
|
+
PKCS11_DEFINE_MEMBER(CK_DES3_CBC_PARAMS, data);
|
12
|
+
|
13
|
+
PKCS11_DEFINE_STRUCT(CK_TIMESTAMP_PARAMS);
|
14
|
+
PKCS11_DEFINE_MEMBER(CK_TIMESTAMP_PARAMS, useMilliseconds);
|
15
|
+
PKCS11_DEFINE_MEMBER(CK_TIMESTAMP_PARAMS, timestampFormat);
|
16
|
+
|
17
|
+
PKCS11_DEFINE_STRUCT(CK_ATTRIBUTES);
|
18
|
+
PKCS11_DEFINE_MEMBER(CK_ATTRIBUTES, attributes);
|
19
|
+
|
20
|
+
PKCS11_DEFINE_STRUCT(CK_MECH_AND_OBJECT);
|
21
|
+
PKCS11_DEFINE_MEMBER(CK_MECH_AND_OBJECT, mechanism);
|
22
|
+
PKCS11_DEFINE_MEMBER(CK_MECH_AND_OBJECT, obj);
|
23
|
+
|
24
|
+
PKCS11_DEFINE_STRUCT(CK_MECH_TYPE_AND_OBJECT);
|
25
|
+
PKCS11_DEFINE_MEMBER(CK_MECH_TYPE_AND_OBJECT, mechanism);
|
26
|
+
PKCS11_DEFINE_MEMBER(CK_MECH_TYPE_AND_OBJECT, obj);
|
27
|
+
|
28
|
+
PKCS11_DEFINE_STRUCT(CK_MECH_AND_OBJECTS);
|
29
|
+
PKCS11_DEFINE_MEMBER(CK_MECH_AND_OBJECTS, mechanism);
|
30
|
+
|
31
|
+
PKCS11_DEFINE_STRUCT(CK_PKCS_7_PARAMS);
|
32
|
+
PKCS11_DEFINE_MEMBER(CK_PKCS_7_PARAMS, flags);
|
33
|
+
PKCS11_DEFINE_MEMBER(CK_PKCS_7_PARAMS, length);
|
34
|
+
PKCS11_DEFINE_MEMBER(CK_PKCS_7_PARAMS, signature);
|
35
|
+
PKCS11_DEFINE_MEMBER(CK_PKCS_7_PARAMS, encryption);
|
36
|
+
PKCS11_DEFINE_MEMBER(CK_PKCS_7_PARAMS, extensions);
|
37
|
+
|
38
|
+
PKCS11_DEFINE_STRUCT(CK_PP_LOAD_SECRET_PARAMS);
|
39
|
+
PKCS11_DEFINE_MEMBER(CK_PP_LOAD_SECRET_PARAMS, prompt);
|
40
|
+
PKCS11_DEFINE_MEMBER(CK_PP_LOAD_SECRET_PARAMS, bMaskInput);
|
41
|
+
PKCS11_DEFINE_MEMBER(CK_PP_LOAD_SECRET_PARAMS, cConvert);
|
42
|
+
/* unimplemented attr CK_CHAR cTimeout */
|
43
|
+
/* unimplemented attr CK_CHAR reserved */
|
44
|
+
|
45
|
+
PKCS11_DEFINE_STRUCT(CK_REPLICATE_TOKEN_PARAMS);
|
46
|
+
PKCS11_DEFINE_MEMBER(CK_REPLICATE_TOKEN_PARAMS, peerId);
|
47
|
+
|
48
|
+
PKCS11_DEFINE_STRUCT(CK_SECRET_SHARE_PARAMS);
|
49
|
+
PKCS11_DEFINE_MEMBER(CK_SECRET_SHARE_PARAMS, n);
|
50
|
+
PKCS11_DEFINE_MEMBER(CK_SECRET_SHARE_PARAMS, m);
|
51
|
+
|
52
|
+
PKCS11_DEFINE_STRUCT(CK_PKCS12_PBE_EXPORT_PARAMS);
|
53
|
+
PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_EXPORT_PARAMS, passwordAuthSafe);
|
54
|
+
PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_EXPORT_PARAMS, passwordHMAC);
|
55
|
+
PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_EXPORT_PARAMS, keyCert);
|
56
|
+
PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_EXPORT_PARAMS, safeBagKgMech);
|
57
|
+
PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_EXPORT_PARAMS, safeContentKgMech);
|
58
|
+
PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_EXPORT_PARAMS, hmacKgMech);
|
59
|
+
|
60
|
+
PKCS11_DEFINE_STRUCT(CK_PKCS12_PBE_IMPORT_PARAMS);
|
61
|
+
PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_IMPORT_PARAMS, certAttr);
|
62
|
+
PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_IMPORT_PARAMS, passwordAuthSafe);
|
63
|
+
PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_IMPORT_PARAMS, passwordHMAC);
|
64
|
+
/* unimplemented attr CK_OBJECT_HANDLE_PTR hCert */
|
65
|
+
PKCS11_DEFINE_MEMBER(CK_PKCS12_PBE_IMPORT_PARAMS, hCertCount);
|
66
|
+
|
67
|
+
PKCS11_DEFINE_STRUCT(CK_ECIES_PARAMS);
|
68
|
+
PKCS11_DEFINE_MEMBER(CK_ECIES_PARAMS, pSharedData1);
|
69
|
+
PKCS11_DEFINE_MEMBER(CK_ECIES_PARAMS, pSharedData2);
|
70
|
+
/* unimplemented attr CK_EC_DH_PRIMITIVE dhPrimitive */
|
71
|
+
PKCS11_DEFINE_MEMBER(CK_ECIES_PARAMS, kdf);
|
72
|
+
PKCS11_DEFINE_MEMBER(CK_ECIES_PARAMS, ulSharedDataLen1);
|
73
|
+
/* unimplemented attr CK_EC_ENC_SCHEME encScheme */
|
74
|
+
PKCS11_DEFINE_MEMBER(CK_ECIES_PARAMS, ulEncKeyLenInBits);
|
75
|
+
/* unimplemented attr CK_EC_MAC_SCHEME macScheme */
|
76
|
+
PKCS11_DEFINE_MEMBER(CK_ECIES_PARAMS, ulMacKeyLenInBits);
|
77
|
+
PKCS11_DEFINE_MEMBER(CK_ECIES_PARAMS, ulMacLenInBits);
|
78
|
+
PKCS11_DEFINE_MEMBER(CK_ECIES_PARAMS, ulSharedDataLen2);
|
79
|
+
|
@@ -0,0 +1,79 @@
|
|
1
|
+
PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_DES_CBC_PARAMS);
|
2
|
+
PKCS11_IMPLEMENT_STRING_ACCESSOR(CK_DES_CBC_PARAMS, iv);
|
3
|
+
PKCS11_IMPLEMENT_STRING_ACCESSOR(CK_DES_CBC_PARAMS, data);
|
4
|
+
|
5
|
+
PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_DES2_CBC_PARAMS);
|
6
|
+
PKCS11_IMPLEMENT_STRING_ACCESSOR(CK_DES2_CBC_PARAMS, iv);
|
7
|
+
PKCS11_IMPLEMENT_STRING_ACCESSOR(CK_DES2_CBC_PARAMS, data);
|
8
|
+
|
9
|
+
PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_DES3_CBC_PARAMS);
|
10
|
+
PKCS11_IMPLEMENT_STRING_ACCESSOR(CK_DES3_CBC_PARAMS, iv);
|
11
|
+
PKCS11_IMPLEMENT_STRING_ACCESSOR(CK_DES3_CBC_PARAMS, data);
|
12
|
+
|
13
|
+
PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_TIMESTAMP_PARAMS);
|
14
|
+
PKCS11_IMPLEMENT_BOOL_ACCESSOR(CK_TIMESTAMP_PARAMS, useMilliseconds);
|
15
|
+
PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_TIMESTAMP_PARAMS, timestampFormat);
|
16
|
+
|
17
|
+
PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_ATTRIBUTES);
|
18
|
+
PKCS11_IMPLEMENT_PKCS11_STRUCT_PTR_ARRAY_ACCESSOR(CK_ATTRIBUTES, CK_ATTRIBUTE, attributes, count);
|
19
|
+
|
20
|
+
PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_MECH_AND_OBJECT);
|
21
|
+
PKCS11_IMPLEMENT_PKCS11_STRUCT_ACCESSOR(CK_MECH_AND_OBJECT, CK_MECHANISM, mechanism);
|
22
|
+
PKCS11_IMPLEMENT_HANDLE_ACCESSOR(CK_MECH_AND_OBJECT, obj);
|
23
|
+
|
24
|
+
PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_MECH_TYPE_AND_OBJECT);
|
25
|
+
PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_MECH_TYPE_AND_OBJECT, mechanism);
|
26
|
+
PKCS11_IMPLEMENT_HANDLE_ACCESSOR(CK_MECH_TYPE_AND_OBJECT, obj);
|
27
|
+
|
28
|
+
PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_MECH_AND_OBJECTS);
|
29
|
+
PKCS11_IMPLEMENT_STRUCT_PTR_ARRAY_ACCESSOR(CK_MECH_AND_OBJECTS, CK_MECH_AND_OBJECT, mechanism, count);
|
30
|
+
|
31
|
+
PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_PKCS_7_PARAMS);
|
32
|
+
PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_PKCS_7_PARAMS, flags);
|
33
|
+
PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_PKCS_7_PARAMS, length);
|
34
|
+
PKCS11_IMPLEMENT_STRUCT_ACCESSOR(CK_PKCS_7_PARAMS, CK_MECH_AND_OBJECTS, signature);
|
35
|
+
PKCS11_IMPLEMENT_STRUCT_ACCESSOR(CK_PKCS_7_PARAMS, CK_MECH_AND_OBJECTS, encryption);
|
36
|
+
PKCS11_IMPLEMENT_STRUCT_ACCESSOR(CK_PKCS_7_PARAMS, CK_ATTRIBUTES, extensions);
|
37
|
+
|
38
|
+
PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_PP_LOAD_SECRET_PARAMS);
|
39
|
+
PKCS11_IMPLEMENT_STRING_PTR_ACCESSOR(CK_PP_LOAD_SECRET_PARAMS, prompt);
|
40
|
+
PKCS11_IMPLEMENT_BOOL_ACCESSOR(CK_PP_LOAD_SECRET_PARAMS, bMaskInput);
|
41
|
+
PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_PP_LOAD_SECRET_PARAMS, cConvert);
|
42
|
+
/* unimplemented attr CK_CHAR cTimeout */
|
43
|
+
/* unimplemented attr CK_CHAR reserved */
|
44
|
+
|
45
|
+
PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_REPLICATE_TOKEN_PARAMS);
|
46
|
+
PKCS11_IMPLEMENT_STRING_ACCESSOR(CK_REPLICATE_TOKEN_PARAMS, peerId);
|
47
|
+
|
48
|
+
PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_SECRET_SHARE_PARAMS);
|
49
|
+
PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_SECRET_SHARE_PARAMS, n);
|
50
|
+
PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_SECRET_SHARE_PARAMS, m);
|
51
|
+
|
52
|
+
PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_PKCS12_PBE_EXPORT_PARAMS);
|
53
|
+
PKCS11_IMPLEMENT_STRING_PTR_LEN_ACCESSOR(CK_PKCS12_PBE_EXPORT_PARAMS, passwordAuthSafe, passwordAuthSafeLen);
|
54
|
+
PKCS11_IMPLEMENT_STRING_PTR_LEN_ACCESSOR(CK_PKCS12_PBE_EXPORT_PARAMS, passwordHMAC, passwordHMACLen);
|
55
|
+
PKCS11_IMPLEMENT_HANDLE_ACCESSOR(CK_PKCS12_PBE_EXPORT_PARAMS, keyCert);
|
56
|
+
PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_PKCS12_PBE_EXPORT_PARAMS, safeBagKgMech);
|
57
|
+
PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_PKCS12_PBE_EXPORT_PARAMS, safeContentKgMech);
|
58
|
+
PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_PKCS12_PBE_EXPORT_PARAMS, hmacKgMech);
|
59
|
+
|
60
|
+
PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_PKCS12_PBE_IMPORT_PARAMS);
|
61
|
+
PKCS11_IMPLEMENT_PKCS11_STRUCT_PTR_ARRAY_ACCESSOR(CK_PKCS12_PBE_IMPORT_PARAMS, CK_ATTRIBUTE, certAttr, certAttrCount);
|
62
|
+
PKCS11_IMPLEMENT_STRING_PTR_LEN_ACCESSOR(CK_PKCS12_PBE_IMPORT_PARAMS, passwordAuthSafe, passwordAuthSafeLen);
|
63
|
+
PKCS11_IMPLEMENT_STRING_PTR_LEN_ACCESSOR(CK_PKCS12_PBE_IMPORT_PARAMS, passwordHMAC, passwordHMACLen);
|
64
|
+
/* unimplemented attr CK_OBJECT_HANDLE_PTR hCert */
|
65
|
+
PKCS11_IMPLEMENT_ULONG_PTR_ACCESSOR(CK_PKCS12_PBE_IMPORT_PARAMS, hCertCount);
|
66
|
+
|
67
|
+
PKCS11_IMPLEMENT_STRUCT_WITH_ALLOCATOR(CK_ECIES_PARAMS);
|
68
|
+
PKCS11_IMPLEMENT_STRING_PTR_ACCESSOR(CK_ECIES_PARAMS, pSharedData1);
|
69
|
+
PKCS11_IMPLEMENT_STRING_PTR_ACCESSOR(CK_ECIES_PARAMS, pSharedData2);
|
70
|
+
/* unimplemented attr CK_EC_DH_PRIMITIVE dhPrimitive */
|
71
|
+
PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_ECIES_PARAMS, kdf);
|
72
|
+
PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_ECIES_PARAMS, ulSharedDataLen1);
|
73
|
+
/* unimplemented attr CK_EC_ENC_SCHEME encScheme */
|
74
|
+
PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_ECIES_PARAMS, ulEncKeyLenInBits);
|
75
|
+
/* unimplemented attr CK_EC_MAC_SCHEME macScheme */
|
76
|
+
PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_ECIES_PARAMS, ulMacKeyLenInBits);
|
77
|
+
PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_ECIES_PARAMS, ulMacLenInBits);
|
78
|
+
PKCS11_IMPLEMENT_ULONG_ACCESSOR(CK_ECIES_PARAMS, ulSharedDataLen2);
|
79
|
+
|
Binary file
|
Binary file
|
@@ -0,0 +1,11 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
# Extend the search path for Windows binary gem, depending of the current ruby version
|
4
|
+
major_minor = RUBY_VERSION[ /^(\d+\.\d+)/ ] or
|
5
|
+
raise "Oops, can't extract the major/minor version from #{RUBY_VERSION.dump}"
|
6
|
+
$: << File.join(File.dirname(__FILE__), major_minor)
|
7
|
+
|
8
|
+
require 'rubygems'
|
9
|
+
require 'pkcs11'
|
10
|
+
require 'pkcs11_protect_server_ext'
|
11
|
+
require 'pkcs11_protect_server/extensions'
|
@@ -0,0 +1,113 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
module PKCS11
|
4
|
+
module ProtectServer
|
5
|
+
# Derive CK_ATTRIBUTE to get converted attributes.
|
6
|
+
class CK_ATTRIBUTE < PKCS11::CK_ATTRIBUTE
|
7
|
+
ATTRIBUTES = {
|
8
|
+
CKA_EXPORT => :bool,
|
9
|
+
CKA_EXPORTABLE => :bool,
|
10
|
+
CKA_TRUSTED => :bool,
|
11
|
+
CKA_DELETABLE => :bool,
|
12
|
+
CKA_SIGN_LOCAL_CERT => :bool,
|
13
|
+
CKA_IMPORT => :bool,
|
14
|
+
CKA_USAGE_COUNT => :ulong,
|
15
|
+
CKA_KEY_SIZE => :ulong,
|
16
|
+
}
|
17
|
+
|
18
|
+
def value
|
19
|
+
case ATTRIBUTES[type]
|
20
|
+
when :bool
|
21
|
+
super != "\0"
|
22
|
+
when :ulong
|
23
|
+
super.unpack("L!")[0]
|
24
|
+
else
|
25
|
+
super
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
# A ProtectServer::Library instance holds a handle to the opened +cryptoki.dll+ or +cryptoki.so+ file.
|
31
|
+
#
|
32
|
+
# This class is derived from
|
33
|
+
# PKCS11::Library[http://pkcs11.rubyforge.org/pkcs11/PKCS11/Library.html] of pkcs11.gem.
|
34
|
+
class Library < PKCS11::Library
|
35
|
+
MechanismParameters = {
|
36
|
+
CKM_DES_DERIVE_CBC => CK_DES_CBC_PARAMS,
|
37
|
+
CKM_DES3_DERIVE_CBC => CK_DES3_CBC_PARAMS,
|
38
|
+
CKM_ECIES => CK_ECIES_PARAMS,
|
39
|
+
CKM_ENCODE_X_509 => CK_MECH_TYPE_AND_OBJECT,
|
40
|
+
CKM_PKCS12_PBE_EXPORT => CK_PKCS12_PBE_EXPORT_PARAMS,
|
41
|
+
CKM_PKCS12_PBE_IMPORT => CK_PKCS12_PBE_IMPORT_PARAMS,
|
42
|
+
CKM_PP_LOAD_SECRET => CK_PP_LOAD_SECRET_PARAMS,
|
43
|
+
CKM_REPLICATE_TOKEN_RSA_AES => CK_REPLICATE_TOKEN_PARAMS,
|
44
|
+
CKM_SECRET_RECOVER_WITH_ATTRIBUTES => CK_SECRET_SHARE_PARAMS,
|
45
|
+
CKM_SHA1_RSA_PKCS_TIMESTAMP => CK_TIMESTAMP_PARAMS,
|
46
|
+
}
|
47
|
+
|
48
|
+
# Path and file name of the loaded cryptoki library.
|
49
|
+
attr_reader :so_path
|
50
|
+
|
51
|
+
# Load and initialize a pkcs11 dynamic library with Safenet Protect Server extensions.
|
52
|
+
#
|
53
|
+
# Set +so_path+ to +:hsm+, +:sw+ or +:logger+ in order to autodetect the cryptoki-HSM or
|
54
|
+
# software emulation library file.
|
55
|
+
#
|
56
|
+
# @param [String, Symbol, nil] so_path Shortcut-Symbol or path to the *.so or *.dll file to load.
|
57
|
+
# @param [Hash, CK_C_INITIALIZE_ARGS] args A Hash or CK_C_INITIALIZE_ARGS instance with load params.
|
58
|
+
#
|
59
|
+
# See also PKCS11::Library#initialize[http://pkcs11.rubyforge.org/pkcs11/PKCS11/Library.html#initialize-instance_method] of pkcs11.gem
|
60
|
+
def initialize(so_path = nil, args = {})
|
61
|
+
if [:sw, :hsm].include?(so_path)
|
62
|
+
if RUBY_PLATFORM =~ /mswin|mingw/
|
63
|
+
libctsw_so = "cryptoki.dll"
|
64
|
+
libctsw_so_paths = [
|
65
|
+
File.join(ENV['ProgramFiles'], "SafeNet/ProtectToolkit C SDK/bin/#{so_path}"),
|
66
|
+
]
|
67
|
+
else
|
68
|
+
libctsw_so = "libct#{so_path}.so"
|
69
|
+
libctsw_so_paths = [
|
70
|
+
"/opt/ETcpsdk/lib/linux-i386",
|
71
|
+
"/opt/ETcpsdk/lib/linux-x86_64",
|
72
|
+
"/opt/PTK/lib",
|
73
|
+
]
|
74
|
+
end
|
75
|
+
|
76
|
+
unless so_path=ENV['CRYPTOKI_SO']
|
77
|
+
paths = libctsw_so_paths.collect{|path| File.join(path, libctsw_so) }
|
78
|
+
so_path = paths.find{|path| File.exist?(path) }
|
79
|
+
end
|
80
|
+
|
81
|
+
raise "#{libctsw_so} not found - please install ProtectServer PTK-C or set ENV['CRYPTOKI_SO']" unless so_path
|
82
|
+
end
|
83
|
+
|
84
|
+
@so_path = so_path
|
85
|
+
super(so_path, args)
|
86
|
+
end
|
87
|
+
|
88
|
+
def vendor_const_get(name)
|
89
|
+
return ProtectServer.const_get(name) if ProtectServer.const_defined?(name)
|
90
|
+
super
|
91
|
+
end
|
92
|
+
|
93
|
+
def vendor_all_attribute_names
|
94
|
+
return ProtectServer::ATTRIBUTES.values + super
|
95
|
+
end
|
96
|
+
|
97
|
+
def vendor_mechanism_parameter_struct(mech)
|
98
|
+
MechanismParameters[mech] || super
|
99
|
+
end
|
100
|
+
|
101
|
+
def vendor_raise_on_return_value(rv)
|
102
|
+
if ex=ProtectServer::RETURN_VALUES[rv]
|
103
|
+
raise(ex, rv.to_s)
|
104
|
+
end
|
105
|
+
super
|
106
|
+
end
|
107
|
+
|
108
|
+
def vendor_class_CK_ATTRIBUTE
|
109
|
+
ProtectServer::CK_ATTRIBUTE
|
110
|
+
end
|
111
|
+
end
|
112
|
+
end
|
113
|
+
end
|
data/test/helper.rb
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
def open_ctsw
|
2
|
+
PKCS11::ProtectServer::Library.new(:sw, :flags=>0)
|
3
|
+
end
|
4
|
+
|
5
|
+
def adjust_parity(data)
|
6
|
+
out = []
|
7
|
+
count_digit = "1"
|
8
|
+
data.each_byte{|b|
|
9
|
+
b &= 0xfe
|
10
|
+
b |= 1 if b.to_s(2).count(count_digit) % 2 == 0
|
11
|
+
out << b
|
12
|
+
}
|
13
|
+
return out.pack("C*")
|
14
|
+
end
|
@@ -0,0 +1,50 @@
|
|
1
|
+
require "test/unit"
|
2
|
+
require "pkcs11_protect_server"
|
3
|
+
require "test/helper"
|
4
|
+
|
5
|
+
class TestPkcs11ProtectServer < Test::Unit::TestCase
|
6
|
+
include PKCS11
|
7
|
+
|
8
|
+
def test_CStruct
|
9
|
+
s = ProtectServer::CK_SECRET_SHARE_PARAMS.new
|
10
|
+
s.n, s.m = 2, 3
|
11
|
+
|
12
|
+
assert_match( /m=3/, s.inspect, 'There should be a n value in CK_SECRET_SHARE_PARAMS')
|
13
|
+
assert_equal ["n", "m"], s.members, 'CK_SECRET_SHARE_PARAMS should contain some attributes'
|
14
|
+
assert_equal [2, 3], s.values, 'values of CK_SECRET_SHARE_PARAMS'
|
15
|
+
assert_equal( {:n=>2, :m=>3}, s.to_hash, 'CK_SECRET_SHARE_PARAMS as hash' )
|
16
|
+
end
|
17
|
+
|
18
|
+
def test_CK_PKCS12_PBE_IMPORT_PARAMS
|
19
|
+
s = ProtectServer::CK_PKCS12_PBE_IMPORT_PARAMS.new
|
20
|
+
assert_equal [], s.certAttr
|
21
|
+
s1 = CK_ATTRIBUTE.new ProtectServer::CKA_EXPORT, true
|
22
|
+
s2 = CK_ATTRIBUTE.new ProtectServer::CKA_EXPORTABLE, false
|
23
|
+
s.certAttr = [s1, s2]
|
24
|
+
assert_equal [s1.to_hash, s2.to_hash], s.certAttr.map{|e| e.to_hash }
|
25
|
+
GC.start
|
26
|
+
assert_raise(ArgumentError){ s.certAttr = [s1, s2, nil] }
|
27
|
+
assert_equal [s1.to_hash, s2.to_hash], s.certAttr.map{|e| e.to_hash }
|
28
|
+
|
29
|
+
s.certAttr = []
|
30
|
+
assert_equal [], s.certAttr
|
31
|
+
end
|
32
|
+
|
33
|
+
def test_constants
|
34
|
+
assert_equal 0x80000990, ProtectServer::CKM_OS_UPGRADE, "CKM_OS_UPGRADE should be defined"
|
35
|
+
assert_equal 0x80000128, ProtectServer::CKA_EXPORT, "CKA_EXPORT should be defined"
|
36
|
+
assert_equal 0x80000129, ProtectServer::CKA_EXPORTABLE, "CKA_EXPORTABLE should be defined"
|
37
|
+
assert ProtectServer::CKR_ET_NOT_ODD_PARITY.ancestors.include?(PKCS11::Error), "CKR_ET_NOT_ODD_PARITY should be defined"
|
38
|
+
assert_equal 0x8000020c, ProtectServer::CKO_FM, "CKO_FM should be defined"
|
39
|
+
end
|
40
|
+
|
41
|
+
def test_loading
|
42
|
+
pk = PKCS11::ProtectServer::Library.new(:sw, :flags=>0)
|
43
|
+
so_path = pk.so_path
|
44
|
+
pk.close
|
45
|
+
assert !so_path.empty?, "Used path shouldn't be empty"
|
46
|
+
|
47
|
+
pk = PKCS11::ProtectServer::Library.new(so_path, :flags=>0)
|
48
|
+
pk.close
|
49
|
+
end
|
50
|
+
end
|
@@ -0,0 +1,103 @@
|
|
1
|
+
require "test/unit"
|
2
|
+
require "pkcs11_protect_server"
|
3
|
+
require "test/helper"
|
4
|
+
|
5
|
+
class TestPkcs11ProtectServerCrypt < Test::Unit::TestCase
|
6
|
+
include PKCS11
|
7
|
+
attr_reader :slots
|
8
|
+
attr_reader :slot
|
9
|
+
attr_reader :session
|
10
|
+
attr_reader :secret_key
|
11
|
+
|
12
|
+
def setup
|
13
|
+
$pkcs11 ||= open_ctsw
|
14
|
+
@slots = pk.active_slots
|
15
|
+
@slot = slots.first
|
16
|
+
|
17
|
+
# Init SO-PIN if not already done.
|
18
|
+
if slot.token_info.flags & CKF_TOKEN_INITIALIZED == 0
|
19
|
+
slot.init_token('1234', 'test-token')
|
20
|
+
assert_match(/^test-token/, slot.token_info.label, "Token label should be set now")
|
21
|
+
end
|
22
|
+
assert_equal CKF_TOKEN_INITIALIZED, slot.token_info.flags & CKF_TOKEN_INITIALIZED, "Token should be initialized"
|
23
|
+
|
24
|
+
# Init USER-PIN if not already done.
|
25
|
+
if slot.token_info.flags & CKF_USER_PIN_INITIALIZED == 0
|
26
|
+
s = slot.open(CKF_SERIAL_SESSION | CKF_RW_SESSION)
|
27
|
+
assert_equal CKF_RW_SESSION, s.info.flags & CKF_RW_SESSION, "Session should be read/write"
|
28
|
+
assert_equal CKS_RW_PUBLIC_SESSION, s.info.state, "Session should be in logoff state"
|
29
|
+
s.login(:SO, '1234')
|
30
|
+
assert_equal CKS_RW_SO_FUNCTIONS, s.info.state, "Session should be in SO state"
|
31
|
+
s.init_pin('1234')
|
32
|
+
s.close
|
33
|
+
end
|
34
|
+
assert_equal CKF_USER_PIN_INITIALIZED, slot.token_info.flags & CKF_USER_PIN_INITIALIZED, "User PIN should be initialized"
|
35
|
+
|
36
|
+
@session = slot.open
|
37
|
+
assert_equal CKS_RO_PUBLIC_SESSION, session.info.state, "Session should be in logoff state"
|
38
|
+
session.login(:USER, ENV['CRYPTOKI_PIN'] || '1234')
|
39
|
+
assert_equal CKS_RO_USER_FUNCTIONS, session.info.state, "Session should be in USER state"
|
40
|
+
|
41
|
+
@secret_key = session.create_object(
|
42
|
+
:CLASS=>CKO_SECRET_KEY,
|
43
|
+
:KEY_TYPE=>CKK_DES2,
|
44
|
+
:ENCRYPT=>true, :WRAP=>true, :DECRYPT=>true, :UNWRAP=>true, :TOKEN=>false, :DERIVE=>true,
|
45
|
+
:USAGE_COUNT=>0, :EXPORTABLE=>true,
|
46
|
+
:VALUE=>adjust_parity("0123456789abcdef"),
|
47
|
+
:LABEL=>'test_secret_key')
|
48
|
+
end
|
49
|
+
|
50
|
+
def teardown
|
51
|
+
@secret_key.destroy
|
52
|
+
@session.logout
|
53
|
+
@session.close
|
54
|
+
end
|
55
|
+
|
56
|
+
def pk
|
57
|
+
$pkcs11
|
58
|
+
end
|
59
|
+
|
60
|
+
def test_bad_parity
|
61
|
+
assert_raise(ProtectServer::CKR_ET_NOT_ODD_PARITY) do
|
62
|
+
session.create_object(
|
63
|
+
:CLASS=>CKO_SECRET_KEY,
|
64
|
+
:KEY_TYPE=>CKK_DES2,
|
65
|
+
:VALUE=>"0123456789abcdef",
|
66
|
+
:LABEL=>'test_secret_key2')
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
def test_derive_des_cbc
|
71
|
+
pa = ProtectServer::CK_DES3_CBC_PARAMS.new
|
72
|
+
pa.data = "1"*16
|
73
|
+
pa.iv = "2"*8
|
74
|
+
|
75
|
+
new_key1 = session.derive_key( {ProtectServer::CKM_DES3_DERIVE_CBC => pa}, secret_key,
|
76
|
+
:CLASS=>CKO_SECRET_KEY, :KEY_TYPE=>CKK_DES2, :ENCRYPT=>true, :DECRYPT=>true, :SENSITIVE=>false )
|
77
|
+
assert_not_equal secret_key[:VALUE], new_key1[:VALUE], 'Derived key shouldn\'t have equal key value'
|
78
|
+
|
79
|
+
new_key2 = session.derive_key( {:DES3_DERIVE_CBC => {:data=>"1"*16, :iv=>"2"*16}}, secret_key,
|
80
|
+
:CLASS=>CKO_SECRET_KEY, :KEY_TYPE=>CKK_DES2, :ENCRYPT=>true, :DECRYPT=>true, :SENSITIVE=>false )
|
81
|
+
assert_equal new_key1[:VALUE], new_key2[:VALUE], 'Both derived key should be equal'
|
82
|
+
|
83
|
+
encrypted_key_value = session.encrypt( {:DES3_CBC => "2"*8}, secret_key, "1"*16)
|
84
|
+
encrypted_key_value = adjust_parity(encrypted_key_value)
|
85
|
+
assert_equal new_key1[:VALUE], encrypted_key_value, 'Encrypted data should equal derived key value'
|
86
|
+
|
87
|
+
assert_equal 3, secret_key[:USAGE_COUNT], 'The secret key should be used 3 times'
|
88
|
+
end
|
89
|
+
|
90
|
+
|
91
|
+
def test_attributes
|
92
|
+
assert_equal true, secret_key[:EXPORTABLE], 'CKA_EXTRACTABLE should be usable'
|
93
|
+
secret_key[:EXPORTABLE] = false
|
94
|
+
assert_equal false, secret_key[:EXPORTABLE], 'CKA_EXTRACTABLE should be usable'
|
95
|
+
|
96
|
+
assert_equal 0, secret_key[:USAGE_COUNT], 'CKA_USAGE_COUNT should be usable'
|
97
|
+
secret_key[:USAGE_COUNT] = 5
|
98
|
+
assert_equal 5, secret_key[:USAGE_COUNT], 'CKA_USAGE_COUNT should be usable'
|
99
|
+
|
100
|
+
assert_equal false, secret_key[:IMPORT], 'CKA_IMPORT should default to false'
|
101
|
+
assert_not_nil secret_key.attributes.find{|a| a.type==ProtectServer::CKA_EXPORT}, 'CKA_EXPORT should be returned for Object#attributes'
|
102
|
+
end
|
103
|
+
end
|