tem_openssl 0.3.4 → 0.3.5

data/CHANGELOG

@@ -1,3 +1,5 @@
+v0.3.5. Updated to the API of tem_Ruby 0.10.1.
+
 v0.3.4. Updated to the API of tem_ruby 0.10.0.
 
 v0.3.3. Updated to the API of tem_ruby 0.9.1.

data/Manifest

@@ -1,10 +1,11 @@
 bin/openssl_tem
-Manifest
-LICENSE
-test/test_executor.rb
-lib/ossl/key.rb
-lib/ossl/executor.rb
-lib/ossl/tem_tools.rb
+CHANGELOG
+lib/openssl/executor.rb
+lib/openssl/key.rb
+lib/openssl/tem_tools.rb
 lib/tem_openssl.rb
+LICENSE
+Manifest
+Rakefile
 README
-CHANGELOG
+test/test_executor.rb

data/lib/{ossl → openssl}/executor.rb

@@ -1,6 +1,7 @@
-require 'pp'
-
-class Tem::OpenSSL::Executor
+# :nodoc: namespace
+module Tem::OpenSSL
+  
+class Executor
   def initialize(args, test_options)
     @args = args
     # unknown args get thrown here
@@ -104,4 +105,6 @@ class Tem::OpenSSL::Executor
     ex.run
     ex.cleanup
   end
-end
+end
+
+end  # namespace Tem::OpenSSL

data/lib/openssl/key.rb

@@ -0,0 +1,61 @@
+require 'pp'
+
+# :nodoc: namespace
+module Tem::OpenSSL
+
+class Key
+  include TemTools
+  
+  attr_reader :pub_key
+  
+  def initialize(pub_key, priv_decrypt_sec, priv_encrypt_sec, priv_sign_sec)
+    @pub_key = pub_key
+    @priv_decrypt_sec = priv_decrypt_sec
+    @priv_encrypt_sec = priv_encrypt_sec
+    @priv_sign_sec = priv_sign_sec
+  end
+  
+  def to_tkfile
+    @pub_key.ssl_key.to_s + [@priv_decrypt_sec.to_array,
+                             @priv_encrypt_sec.to_array,
+                             @priv_sign_sec.to_array].to_yaml
+  end
+  
+  def privk_decrypt(data, tem)
+    TemTools.crypt_with_sec data, @priv_decrypt_sec, tem
+  end
+
+  def privk_encrypt(data, tem)
+    TemTools.crypt_with_sec data, @priv_encrypt_sec, tem
+  end
+  
+  def privk_sign(data, tem)
+    TemTools.sign_with_sec data, @priv_sign_sec, tem
+  end
+  
+  def self.new_tem_key(tem)
+    keys = TemTools.generate_key_on_tem tem
+    decrypt_sec = TemTools.crypting_sec keys[:privk], tem, :decrypt
+    encrypt_sec = TemTools.crypting_sec keys[:privk], tem, :encrypt
+    sign_sec = TemTools.signing_sec keys[:privk], tem
+    self.new keys[:pubk], decrypt_sec, encrypt_sec, sign_sec
+  end
+  
+  def self.load_from_tkfile(file)
+    ossl_pub_key = OpenSSL::PKey::RSA.new file
+    pub_key = Tem::Key.new_from_ssl_key ossl_pub_key
+    begin
+      ds_ary, es_ary, ss_ary = *YAML.load(file)
+      priv_decrypt_sec = Tem::SecPack.new_from_array ds_ary
+      priv_encrypt_sec = Tem::SecPack.new_from_array es_ary      
+      priv_sign_sec = Tem::SecPack.new_from_array ss_ary
+    rescue
+      priv_decrypt_sec = nil
+      priv_encrypt_sec = nil
+      priv_sign_sec = nil
+    end
+    self.new pub_key, priv_decrypt_sec, priv_encrypt_sec, priv_sign_sec
+  end  
+end
+
+end  # namespace Tem::OpenSSL

data/lib/{ossl → openssl}/tem_tools.rb

@@ -1,18 +1,23 @@
-module Tem::OpenSSL::TemTools
-  # generate an RSA key pair on the TEM
-  # slower than OpenSSL-based generation, but uses a hardware RNG
+# :nodoc: namespace
+module Tem::OpenSSL
+  
+module TemTools
+  # Generate an RSA key pair on the TEM.
+  #
+  # Runs slower than OpenSSL-based generation, but uses a hardware RNG.
   def self.generate_key_on_tem(tem)
-    kdata = tem.tk_gen_key(:asymmetric)
-    pubk = tem.tk_read_key(kdata[:pubk_id], kdata[:authz])
-    tem.tk_delete_key(kdata[:pubk_id], kdata[:authz])
-    privk = tem.tk_read_key(kdata[:privk_id], kdata[:authz])
-    tem.tk_delete_key(kdata[:privk_id], kdata[:authz])
+    kdata = tem.tk_gen_key :asymmetric
+    pubk = tem.tk_read_key kdata[:pubk_id], kdata[:authz]
+    tem.tk_delete_key kdata[:pubk_id], kdata[:authz]
+    privk = tem.tk_read_key kdata[:privk_id], kdata[:authz]
+    tem.tk_delete_key kdata[:privk_id], kdata[:authz]
     
     return {:privk => privk, :pubk => pubk}
   end
   
-  # generates a SECpack that encrypts/decrypts a user-supplied blob
-  # the SECpack is tied down to a TEM
+  # Generates a SECpack that encrypts/decrypts a user-supplied blob.
+  #
+  # The SECpack is tied down to a TEM.
   def self.crypting_sec(key, tem, mode = :decrypt)
     crypt_sec = tem.assemble do |s|
       # load the key in the TEM
@@ -45,12 +50,13 @@ module Tem::OpenSSL::TemTools
       s.stack
       s.extra 8
     end
-    crypt_sec.bind(tem.pubek, :key_data, :input_length)
-    return crypt_sec
+    crypt_sec.bind tem.pubek, :key_data, :input_length
+    crypt_sec
   end
   
-  # generates a SECpack that decrypts a user-supplied blob
-  # the SECpack is tied down to a TEM
+  # Generates a SECpack that decrypts a user-supplied blob.
+  #
+  # The SECpack is tied down to a TEM.
   def self.signing_sec(key, tem)
     sign_sec = tem.assemble do |s|
       # load the key in the TEM
@@ -83,42 +89,45 @@ module Tem::OpenSSL::TemTools
       s.stack
       s.extra 8
     end
-    sign_sec.bind(tem.pubek, :key_data, :input_length)
-    return sign_sec
+    sign_sec.bind tem.pubek, :key_data, :input_length
+    sign_sec
   end
   
   
-  # encrypts/decrypts using a SECpack generated via a previous call to crypting_sec
+  # Encrypts/decrypts using a SECpack generated via a previous call to
+  # crypting_sec.
   def self.crypt_with_sec(encrypted_data, dec_sec, tem)
     # convert the data string to an array of numbers
-    ed = encrypted_data.unpack('C*')
+    ed = encrypted_data.unpack 'C*'
     
     # patch the data and its length into the SEC 
-    elen = tem.to_tem_ushort(ed.length)
+    elen = tem.to_tem_ushort ed.length
     dec_sec.body[dec_sec.label_address(:input_length), elen.length] = elen
     dec_sec.body[dec_sec.label_address(:input_data), ed.length] = ed
     
     # run the sec and convert its output to a string
     dd = tem.execute dec_sec
-    decrypted_data = dd.pack('C*')
+    decrypted_data = dd.pack 'C*'
     
     return decrypted_data
   end
   
-  # signs using a SECpack generated via a previous call to signing_sec
+  # Signs using a SECpack generated via a previous call to signing_sec.
   def self.sign_with_sec(data, sign_sec, tem)
     # convert the data string to an array of numbers
-    d = data.unpack('C*')
+    d = data.unpack 'C*'
     
     # patch the data and its length into the SEC 
-    len = tem.to_tem_ushort(d.length)
+    len = tem.to_tem_ushort d.length
     sign_sec.body[sign_sec.label_address(:input_length), len.length] = len
     sign_sec.body[sign_sec.label_address(:input_data), d.length] = d
     
     # run the sec and convert its output to a string
     s = tem.execute sign_sec
-    signature = s.pack('C*')
+    signature = s.pack 'C*'
     
     return signature
   end  
 end
+
+end  # namespace Tem::OpenSSL

data/lib/tem_openssl.rb

@@ -4,6 +4,6 @@ require 'tem_ruby'
 module Tem::OpenSSL  
 end
 
-require 'ossl/tem_tools.rb'
-require 'ossl/key.rb'
-require 'ossl/executor.rb'
+require 'openssl/tem_tools.rb'
+require 'openssl/key.rb'
+require 'openssl/executor.rb'

data/tem_openssl.gemspec

@@ -2,39 +2,35 @@
 
 Gem::Specification.new do |s|
   s.name = %q{tem_openssl}
-  s.version = "0.3.4"
+  s.version = "0.3.5"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
   s.authors = ["Victor Costan"]
-  s.date = %q{2009-04-08}
+  s.date = %q{2009-05-26}
   s.default_executable = %q{openssl_tem}
   s.description = %q{TEM (Trusted Execution Module) engine for OpenSSL.}
   s.email = %q{victor@costan.us}
   s.executables = ["openssl_tem"]
-  s.extra_rdoc_files = ["bin/openssl_tem", "LICENSE", "lib/ossl/key.rb", "lib/ossl/executor.rb", "lib/ossl/tem_tools.rb", "lib/tem_openssl.rb", "README", "CHANGELOG"]
-  s.files = ["bin/openssl_tem", "Manifest", "LICENSE", "test/test_executor.rb", "lib/ossl/key.rb", "lib/ossl/executor.rb", "lib/ossl/tem_tools.rb", "lib/tem_openssl.rb", "README", "CHANGELOG", "tem_openssl.gemspec", "Rakefile"]
-  s.has_rdoc = true
+  s.extra_rdoc_files = ["bin/openssl_tem", "CHANGELOG", "lib/openssl/executor.rb", "lib/openssl/key.rb", "lib/openssl/tem_tools.rb", "lib/tem_openssl.rb", "LICENSE", "README"]
+  s.files = ["bin/openssl_tem", "CHANGELOG", "lib/openssl/executor.rb", "lib/openssl/key.rb", "lib/openssl/tem_tools.rb", "lib/tem_openssl.rb", "LICENSE", "Manifest", "Rakefile", "README", "test/test_executor.rb", "tem_openssl.gemspec"]
   s.homepage = %q{http://tem.rubyforge.org}
   s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Tem_openssl", "--main", "README"]
   s.require_paths = ["lib"]
   s.rubyforge_project = %q{tem}
-  s.rubygems_version = %q{1.3.1}
+  s.rubygems_version = %q{1.3.3}
   s.summary = %q{TEM (Trusted Execution Module) engine for OpenSSL.}
   s.test_files = ["test/test_executor.rb"]
 
   if s.respond_to? :specification_version then
     current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
-    s.specification_version = 2
+    s.specification_version = 3
 
     if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
       s.add_runtime_dependency(%q<tem_ruby>, [">= 0.9.0"])
-      s.add_development_dependency(%q<echoe>, [">= 0"])
     else
       s.add_dependency(%q<tem_ruby>, [">= 0.9.0"])
-      s.add_dependency(%q<echoe>, [">= 0"])
     end
   else
     s.add_dependency(%q<tem_ruby>, [">= 0.9.0"])
-    s.add_dependency(%q<echoe>, [">= 0"])
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: tem_openssl
 version: !ruby/object:Gem::Version 
-  version: 0.3.4
+  version: 0.3.5
 platform: ruby
 authors: 
 - Victor Costan
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-04-08 00:00:00 -04:00
+date: 2009-05-26 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -22,16 +22,6 @@ dependencies:
       - !ruby/object:Gem::Version 
         version: 0.9.0
     version: 
-- !ruby/object:Gem::Dependency 
-  name: echoe
-  type: :development
-  version_requirement: 
-  version_requirements: !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: "0"
-    version: 
 description: TEM (Trusted Execution Module) engine for OpenSSL.
 email: victor@costan.us
 executables: 
@@ -40,28 +30,30 @@ extensions: []
 
 extra_rdoc_files: 
 - bin/openssl_tem
-- LICENSE
-- lib/ossl/key.rb
-- lib/ossl/executor.rb
-- lib/ossl/tem_tools.rb
+- CHANGELOG
+- lib/openssl/executor.rb
+- lib/openssl/key.rb
+- lib/openssl/tem_tools.rb
 - lib/tem_openssl.rb
+- LICENSE
 - README
-- CHANGELOG
 files: 
 - bin/openssl_tem
-- Manifest
-- LICENSE
-- test/test_executor.rb
-- lib/ossl/key.rb
-- lib/ossl/executor.rb
-- lib/ossl/tem_tools.rb
+- CHANGELOG
+- lib/openssl/executor.rb
+- lib/openssl/key.rb
+- lib/openssl/tem_tools.rb
 - lib/tem_openssl.rb
+- LICENSE
+- Manifest
+- Rakefile
 - README
-- CHANGELOG
+- test/test_executor.rb
 - tem_openssl.gemspec
-- Rakefile
 has_rdoc: true
 homepage: http://tem.rubyforge.org
+licenses: []
+
 post_install_message: 
 rdoc_options: 
 - --line-numbers
@@ -87,9 +79,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: tem
-rubygems_version: 1.3.1
+rubygems_version: 1.3.3
 signing_key: 
-specification_version: 2
+specification_version: 3
 summary: TEM (Trusted Execution Module) engine for OpenSSL.
 test_files: 
 - test/test_executor.rb

data/lib/ossl/key.rb

@@ -1,55 +0,0 @@
-require 'pp'
-
-class Tem::OpenSSL::Key
-  include Tem::OpenSSL::TemTools
-  
-  attr_reader :pub_key
-  
-  def initialize(pub_key, priv_decrypt_sec, priv_encrypt_sec, priv_sign_sec)
-    @pub_key = pub_key
-    @priv_decrypt_sec = priv_decrypt_sec
-    @priv_encrypt_sec = priv_encrypt_sec
-    @priv_sign_sec = priv_sign_sec
-  end
-  
-  def to_tkfile
-    @pub_key.ssl_key.to_s + [@priv_decrypt_sec.to_array, @priv_encrypt_sec.to_array, @priv_sign_sec.to_array].to_yaml
-  end
-  
-  def privk_decrypt(data, tem)
-    Tem::OpenSSL::TemTools.crypt_with_sec(data, @priv_decrypt_sec, tem)
-  end
-
-  def privk_encrypt(data, tem)
-    Tem::OpenSSL::TemTools.crypt_with_sec(data, @priv_encrypt_sec, tem)
-  end
-  
-  def privk_sign(data, tem)
-    Tem::OpenSSL::TemTools.sign_with_sec(data, @priv_sign_sec, tem)    
-  end
-  
-  def self.new_tem_key(tem)
-    keys = Tem::OpenSSL::TemTools.generate_key_on_tem(tem)
-    priv_decrypt_sec = Tem::OpenSSL::TemTools.crypting_sec(keys[:privk], tem, :decrypt)
-    priv_encrypt_sec = Tem::OpenSSL::TemTools.crypting_sec(keys[:privk], tem, :encrypt)
-    priv_sign_sec = Tem::OpenSSL::TemTools.signing_sec(keys[:privk], tem)
-    return self.new(keys[:pubk], priv_decrypt_sec, priv_encrypt_sec, priv_sign_sec)
-  end
-  
-  def self.load_from_tkfile(f)
-    ossl_pub_key = OpenSSL::PKey::RSA.new(f)
-    pub_key = Tem::CryptoAbi::new_key_from_ssl(ossl_pub_key, true)
-    begin
-      ds_ary, es_ary, ss_ary = *YAML.load(f)
-      priv_decrypt_sec = Tem::SecPack.new_from_array(ds_ary)
-      priv_encrypt_sec = Tem::SecPack.new_from_array(es_ary)      
-      priv_sign_sec = Tem::SecPack.new_from_array(ss_ary)
-    rescue
-      priv_decrypt_sec = nil
-      priv_encrypt_sec = nil
-      priv_sign_sec = nil
-    end
-    return self.new(pub_key, priv_decrypt_sec, priv_encrypt_sec, priv_sign_sec)
-  end
-  
-end