roostify_pkcs11_luna 0.2.5

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: feb72630e1eeafa2e9e140548ce5e5764a5a2927
+  data.tar.gz: 91e5fa56735cf20e889ec8ab2fe2377749807b0a
+SHA512:
+  metadata.gz: 1cd90a4079b898b186a5e859c6d87dfa6292b2a7b352be4173fdf653993600374538881291c194d6b58e1a5d4f481ee9e17259daa47eea0f9a26b2e8431f7809
+  data.tar.gz: 085834d7ab130cfe82287dca2b73c48a7fe730803205ed33cd21a46ed94cbf771bfe0b4e5182ac3bb73551b9d8f58540cacf376fa39c1dd41eb9d6bb07597048

data/.yardopts

@@ -0,0 +1 @@
+--title "PKCS#11-Luna/Ruby Interface" --no-private lib/**/*.rb ext/*.c ext/*.doc

data/Manifest.txt

@@ -0,0 +1,24 @@
+.gemtest
+.yardopts
+Manifest.txt
+README_LUNA.rdoc
+Rakefile
+ext/extconf.rb
+ext/generate_constants.rb
+ext/generate_structs.rb
+ext/pk11l.c
+lib/pkcs11_luna.rb
+lib/pkcs11_luna/extensions.rb
+test/luna_helper.rb
+test/app_id_helper.rb
+test/test_pkcs11_luna.rb
+test/test_pkcs11_luna_crypt.rb
+examples/config.rb
+examples/derive_aes_ecdh_key.rb
+examples/sign_verify.rb
+examples/encrypt_decrypt_aes.rb
+examples/encrypt_decrypt_rsa.rb
+examples/mechanism_list.rb
+examples/multithread.rb
+examples/objects_list.rb
+examples/slot_info.rb

data/README_LUNA.rdoc

@@ -0,0 +1,103 @@
+= PKCS #11/Ruby Interface for Safenet Luna HSM
+
+* Homepage: http://github.com/larskanis/pkcs11
+* API documentation: http://pkcs11.rubyforge.org/pkcs11/
+* Safenet[http://www.safenet-inc.com] - Luna HSM
+
+This ruby gem is an add-on to ruby-pkcs11[http://github.com/larskanis/pkcs11] .
+It allows to use Luna specific extensions, which are beyond the PKCS#11 standard.
+The module works on the Unix like operating systems and win32.
+
+== Requirements
+
+* Luna Client installed including the Luna Sofware Development Kit (SDK)
+* pkcs11 gem installed (use: <tt>gem install pkcs11</tt> )
+
+== Installation
+
+First check the permissions for the directories in the sdk.  It may be required to run:
+  chmod a+x <luna client include dir>
+  chmod a+x <luna client include dir>/RSA
+
+  gem install pkcs11_luna -- --with-luna-dir-include=<luna client include dir>
+
+This installs the Luna-PKCS#11 extension either by compiling (Unix)
+or by using the precompiled gem for Win32.
+
+  git clone git://github.com/larskanis/pkcs11.git
+  cd pkcs11_luna
+  gem install hoe rake-compiler minitest
+  rake gem LUNA_INCLUDE_DIR=<luna client include dir>
+  gem install --verbose  pkg/pkcs11_luna-<version>.gem -- --with-luna-dir-include=<luna client include dir>
+  
+  rake test
+  cd ../
+  rake test
+
+Downloads and installs the gem from git source.  If LUNA_INCLUDE_DIR and --with-luna-dir-include are not specified,
+  The default of /usr/safenet/lunaclient/samples/include is used.
+  
+
+== Usage
+
+Open the software emulation library and login to a session:
+
+  require "rubygems"
+  require "pkcs11_luna"
+
+  pkcs11 = PKCS11::Luna::Library.new
+  p pkcs11.info
+  session = pkcs11.active_slots.last.open
+  session.login(:USER, "1234")
+  # ... crypto operations
+  session.logout
+  session.close
+  
+  Look in the examples directories for some more usage examples.
+
+{PKCS11::Luna::Library#initialize} reads the crystoki.ini or /etc/Chrystoki.conf
+and parses the configuration file to determine what .so or .dll to use.  You may pass 
+the full path to the .dll or .so file.
+
+== Cross compiling for mswin32
+
+Using rake-compiler a cross compiled pkcs11_luna.gem can be build on a linux host for
+the win32 platform. There are no runtime dependencies to any but the standard Windows DLLs.
+
+Install mingw32. On a debian based system this should work:
+
+  apt-get install mingw32
+
+On MacOS X, if you have MacPorts installed:
+
+  port install i386-mingw32-gcc
+
+Install the rake-compiler:
+
+  gem install rake-compiler
+
+Download and cross compile ruby for win32:
+
+  rake-compiler cross-ruby VERSION=1.8.7-p352
+  rake-compiler cross-ruby VERSION=1.9.2-p290
+
+Download and cross compile pkcs11_luna for win32:
+
+  rake cross native gem LUNA_CLIENT_DIR=<luna client dir>
+
+If everything works, there should be pkcs11_luna-VERSION-x86-mswin32.gem in the pkg
+directory.
+
+
+== ToDo
+
+* implement Luna specific function calls
+* implement possibility to use callbacks
+* add all structs and constants
+
+== Authors
+* Lars Kanis <kanis@comcard.de>
+* Jonathan Patchell
+
+== Copying
+See MIT-LICENSE included in the package.

data/Rakefile

@@ -0,0 +1,91 @@
+# -*- coding: utf-8 -*-
+# -*- ruby -*-
+
+require 'rubygems'
+require 'hoe'
+require 'rake/extensiontask'
+require 'rbconfig'
+
+LUNA_INCLUDE_DIR = ENV['LUNA_INCLUDE_DIR'] || '/usr/safenet/lunaclient/samples/include'
+RUBY_PKCS11_EXT_DIR = File.expand_path('../ext')
+
+
+GENERATED_FILES = [
+  'ext/pk11l_struct_impl.inc',
+  'ext/pk11l_struct_def.inc',
+  'ext/pk11l_const_def.inc',
+  'ext/pk11l_struct.doc',
+  'ext/pk11_struct_macros.h',
+  'ext/pk11_const_macros.h',
+  'ext/pk11_version.h',
+]
+
+CLEAN.include GENERATED_FILES
+CLEAN.include 'lib/pkcs11_luna_ext.so'
+CLEAN.include 'tmp'
+CLEAN.include 'examples/output'
+
+def pkcs11_version
+  file = File.join(RUBY_PKCS11_EXT_DIR, 'pk11_version.h')
+  version_re = /VERSION += +([\"\'])([\d][\d\w\.]+)\1/
+  File.read_utf(file)[version_re, 2]
+end
+
+hoe = Hoe.spec 'roostify_pkcs11_luna' do
+  developer('SafeNet', 'support@safenet-inc.com')
+  developer('Zee@Roostify', 'zee@roostify.com')
+  extra_deps << ['roostify-pkcs11', "= #{pkcs11_version}"]
+  extra_dev_deps << ['yard', '>= 0.6']
+  extra_dev_deps << ['rake-compiler', '>= 0.7']
+
+  self.urls = ['http://github.com/roostify/pkcs11']
+  self.summary = 'SafeNet-Luna extensions for PKCS#11-Ruby'
+  self.description = 'This module allows Ruby programs to use vendor extensions for SafeNet Luna.'
+  self.version = pkcs11_version
+
+  self.readme_file = 'README_LUNA.rdoc'
+  self.history_file = '../History.txt'
+  self.extra_rdoc_files << self.readme_file << 'ext/pk11l.c'
+  spec_extras[:extensions] = 'ext/extconf.rb'
+  spec_extras[:files] = File.read_utf("Manifest.txt").split(/\r?\n\r?/)
+  spec_extras[:files] += GENERATED_FILES
+  spec_extras[:has_rdoc] = 'yard'
+end
+
+ENV['RUBY_CC_VERSION'] ||= '1.8.7:1.9.3'
+
+Rake::ExtensionTask.new('pkcs11_luna_ext', hoe.spec) do |ext|
+  ext.ext_dir = 'ext'
+  ext.cross_compile = true                # enable cross compilation (requires cross compile toolchain)
+  ext.cross_platform = ['i386-mingw32']     # forces the Windows platform instead of the default one
+  puts "LUNA_INCLUDE_DIR: #{LUNA_INCLUDE_DIR.inspect}"
+  ext.config_options << "--with-luna-dir-include=\"#{LUNA_INCLUDE_DIR}\""
+end
+
+def copy_from_base_task(filename)
+  file File.join('ext', filename) => File.join(RUBY_PKCS11_EXT_DIR, filename) do |t|
+    cp t.prerequisites.first, t.name, :verbose=>true
+  end
+end
+
+copy_from_base_task 'pk11_struct_macros.h'
+copy_from_base_task 'pk11_const_macros.h'
+copy_from_base_task 'pk11_version.h'
+
+HEADER_FILES = "#{LUNA_INCLUDE_DIR}/RSA/pkcs11t.h #{LUNA_INCLUDE_DIR}/cryptoki_v2.h"
+
+file 'ext/extconf.rb' => ['ext/pk11l_struct_def.inc', 'ext/pk11l_const_def.inc', 'ext/pk11_struct_macros.h', 'ext/pk11_const_macros.h', 'ext/pk11_version.h']
+file 'ext/pk11l_struct_def.inc' => 'ext/generate_structs.rb' do
+  sh "#{RbConfig::CONFIG['ruby_install_name']} ext/generate_structs.rb --def ext/pk11l_struct_def.inc --impl ext/pk11l_struct_impl.inc --doc ext/pk11l_struct.doc #{HEADER_FILES}"
+end
+file 'ext/pk11l_struct_impl.inc' => 'ext/pk11l_struct_def.inc'
+file 'ext/pk11l_struct.doc' => 'ext/pk11l_struct_def.inc'
+
+file 'ext/pk11l_const_def.inc' => 'ext/generate_constants.rb' do
+  sh "#{RbConfig::CONFIG['ruby_install_name']} ext/generate_constants.rb --const ext/pk11l_const_def.inc #{HEADER_FILES}"
+end
+file 'ext/pk11l.c' => ['ext/pk11l_struct_def.inc', 'ext/pk11l_struct_impl.inc', 'ext/pk11l_const_def.inc']
+
+task :doc_files => 'ext/pk11l_struct.doc'
+
+# vim: syntax=ruby

data/examples/config.rb

@@ -0,0 +1,5 @@
+#These settings are used to control the examples.
+module SamplesConfig
+  SLOT = 1
+  PIN = "userpin"
+end

data/examples/derive_aes_ecdh_key.rb

@@ -0,0 +1,108 @@
+#!/usr/bin/env ruby
+
+require 'rubygems'
+require 'pkcs11_luna'
+require File.join(File.dirname(__FILE__), 'config')
+include PKCS11
+
+#This example demonstrates deriving an AES key using the ECDH public key of 
+#another participant and using the keys to encrypt and decrypt data.
+
+
+PUBLIC_KEY_LABEL = "'s Ruby Public EC Key"
+PRIVATE_KEY_LABEL = "'s Ruby Private EC Key"
+DERIVED_KEY_LABEL = "'s Ruby ECDH Derived AES Key"
+
+def destroy_object(session, label)
+  session.find_objects(:LABEL=>label) do |obj|
+    puts "Destroying object: #{obj.to_i}"
+    obj.destroy
+  end
+end
+
+class Party
+  include PKCS11
+  
+  attr_reader :pub_key
+  attr_reader :priv_key
+  
+  def initialize(session, name)
+    @session = session
+    @name = name
+    @shared_data = "SHARED DATA"
+  end
+  
+  def generate_key()
+    destroy_object(@session, @name + PUBLIC_KEY_LABEL)
+    destroy_object(@session, @name + PRIVATE_KEY_LABEL)
+    
+    #DER encoding of OID 1.3.132.0.10 secp256k1
+    curve_oid_der = [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x0A].pack("C*")
+    
+    attributes_public = {:TOKEN=>true, :ENCRYPT=>true, :VERIFY=>true, :WRAP=>true,
+      :EC_PARAMS=>curve_oid_der, :LABEL=>@name + PUBLIC_KEY_LABEL}
+    attributes_private = {:TOKEN=>true, :DECRYPT=>true, :SIGN=>true, 
+      :DERIVE=>true, :UNWRAP=>true, :SENSITIVE=>true, :LABEL=>@name + PRIVATE_KEY_LABEL}
+                         
+    @pub_key, @priv_key = @session.generate_key_pair(:EC_KEY_PAIR_GEN, attributes_public, attributes_private)
+      
+    puts "Generated Public EC key: (#{@pub_key[:LABEL]}, #{@pub_key.to_i})"
+    puts "Generated Private EC key: (#{@priv_key[:LABEL]}, #{@priv_key.to_i})"
+  end
+  
+  def derive_key(other)
+    destroy_object(@session, @name + DERIVED_KEY_LABEL)
+    
+    ec_point = other.pub_key.attributes(:EC_POINT)[0].value
+    mechanism = {:ECDH1_DERIVE=>{:kdf=>Luna::CKD_SHA512_KDF, :pSharedData=>@shared_data, :pPublicData=>ec_point}}
+    
+    derive_attributes = {:CLASS=>CKO_SECRET_KEY, :KEY_TYPE=>CKK_AES, :TOKEN=>true, :SENSITIVE=>true, :PRIVATE=>true,
+    :ENCRYPT=>true, :DECRYPT=>true, :SIGN=>true, :VERIFY=>true, :VALUE_LEN=>32, :LABEL=>@name + DERIVED_KEY_LABEL}
+    
+    @derived_key = @session.derive_key(mechanism, @priv_key, derive_attributes)
+    
+    puts "Derived AES key: (#{@derived_key[:LABEL]}, #{@derived_key.to_i})"
+  end
+  
+  def send_message(message)
+    iv = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16].pack("C*")
+    encrypted_message = @session.encrypt({:AES_CBC_PAD=>iv}, @derived_key, message)
+    hex = encrypted_message.bytes.map { |b| sprintf("%02X",b) }.join  
+    puts "#{@name} sent encrypted message: #{hex}"
+    return encrypted_message
+  end
+  
+  def receive_message(encrypted_message)
+    iv = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16].pack("C*")
+    decrypted_message = @session.decrypt({:AES_CBC_PAD=>iv}, @derived_key, encrypted_message)
+    puts "#{@name} decrypted message: #{decrypted_message}"
+    return decrypted_message
+  end
+    
+end
+
+
+pkcs11 = Luna::Library.new
+
+slot = PKCS11::Slot.new(pkcs11, SamplesConfig::SLOT)
+session = slot.open
+ 
+session.login(:USER, SamplesConfig::PIN)
+
+alice = Party.new(session, "Alice")
+bob = Party.new(session, "Bob")
+alice.generate_key()
+bob.generate_key()
+alice.derive_key(bob)
+bob.derive_key(alice)
+
+encrypted_message = alice.send_message("Hello Bob!")
+bob.receive_message(encrypted_message)
+
+encrypted_message = bob.send_message("Hi Alice!")
+alice.receive_message(encrypted_message)
+
+
+session.logout
+session.close
+pkcs11.close

data/examples/encrypt_decrypt_aes.rb

@@ -0,0 +1,41 @@
+require 'rubygems'
+require 'pkcs11_luna'
+require File.join(File.dirname(__FILE__), 'config')
+include PKCS11  
+
+#This example generates an AES key and uses it to encrypt and decrypt a message
+
+pkcs11 = Luna::Library.new
+
+KEY_LABEL = "Ruby AES Key"
+
+slot = Slot.new(pkcs11, SamplesConfig::SLOT)
+session = slot.open(CKF_RW_SESSION | CKF_SERIAL_SESSION)
+session.login(:USER, SamplesConfig::PIN)
+
+session.find_objects(:LABEL=>KEY_LABEL) do |obj|
+  puts "Destroying object: #{obj.to_i}"
+  obj.destroy
+end
+
+key = session.generate_key(:AES_KEY_GEN,
+  :CLASS=>CKO_SECRET_KEY, :ENCRYPT=>true, :DECRYPT=>true, :SENSITIVE=>true, 
+  :TOKEN=>true, :VALUE_LEN=>32, :LABEL=>KEY_LABEL)
+  
+puts "Generated AES key: (#{key[:LABEL]}, #{key.to_i})"
+
+iv = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16].pack('C*')
+mechanism = {:AES_CBC_PAD=>iv}
+cryptogram = ""
+cryptogram = session.encrypt(mechanism, key, "Can you read this?")
+  
+puts "Encrypted: " + cryptogram.bytes.map { |b| sprintf("%02X",b) }.join
+
+decrypted = session.decrypt(mechanism, key, cryptogram)
+
+puts "Decrypted: " + decrypted
+
+session.logout
+session.close
+pkcs11.close
+  

data/examples/encrypt_decrypt_rsa.rb

@@ -0,0 +1,47 @@
+require 'rubygems'
+require 'pkcs11_luna'
+require File.join(File.dirname(__FILE__), 'config')
+include PKCS11
+
+#This example generates a public/private RSA key pair and uses the public key
+#to encrypt a message and the private key to decrypt it.
+
+pkcs11 = Luna::Library.new
+
+def destroy_object(session, label)
+  session.find_objects(:LABEL=>label) do |obj|
+    puts "Destroying object: #{obj.to_i}"
+    obj.destroy
+  end
+end
+
+slot = Slot.new(pkcs11, SamplesConfig::SLOT)
+session = slot.open(CKF_RW_SESSION | CKF_SERIAL_SESSION)
+session.login(:USER, SamplesConfig::PIN)
+
+pub_label = "Ruby RSA public key"
+priv_label = "Ruby RSA private key"
+destroy_object(session, pub_label)
+destroy_object(session, priv_label)
+    
+pub_attr = {:ENCRYPT=>true, :VERIFY=>true, :MODULUS_BITS=>2048, 
+  :TOKEN=>true, :WRAP=>true, :LABEL=>pub_label}
+priv_attr = {:DECRYPT=>true, :SIGN=>true, :SENSITIVE=>true, :PRIVATE=>true, :TOKEN=>true, 
+  :UNWRAP=>true, :LABEL=>pub_label}
+    
+#RSA_PKCS_KEY_PAIR_GEN
+pub_key, priv_key = session.generate_key_pair(:RSA_FIPS_186_3_AUX_PRIME_KEY_PAIR_GEN, pub_attr, priv_attr)  
+  
+puts "Generated RSA public/private keys: #{pub_key[:LABEL]} (#{pub_key.to_i}), #{priv_key[:LABEL]} (#{priv_key.to_i})"
+
+ciphertext = session.encrypt(:RSA_PKCS, pub_key, "Can you read this?")
+puts "Encrypted: " + ciphertext.bytes.map { |b| sprintf("%02X",b) }.join
+
+decrypted = session.decrypt(:RSA_PKCS, priv_key, ciphertext)
+
+puts "Decrypted: " + decrypted
+
+session.logout
+session.close
+pkcs11.close
+  

data/examples/mechanism_list.rb

@@ -0,0 +1,20 @@
+require 'rubygems'
+require 'pkcs11_luna'
+require File.join(File.dirname(__FILE__), 'config')
+
+include PKCS11
+
+#This example gets the mechanisms list and displays each mechanism's 
+#name and id
+
+pkcs11 = Luna::Library.new
+
+slot = Slot.new(pkcs11, SamplesConfig::SLOT)
+mechanisms = slot.mechanisms
+
+puts "Mechanisms(#{mechanisms.size}): "
+mechanisms.each do |mech|
+  puts "#{Luna::MECHANISMS[mech]}: #{mech}"
+end
+
+pkcs11.close