tem_openssl 0.3.4 → 0.3.5

Sign up to get free protection for your applications and to get access to all the features.
data/CHANGELOG CHANGED
@@ -1,3 +1,5 @@
1
+ v0.3.5. Updated to the API of tem_Ruby 0.10.1.
2
+
1
3
  v0.3.4. Updated to the API of tem_ruby 0.10.0.
2
4
 
3
5
  v0.3.3. Updated to the API of tem_ruby 0.9.1.
data/Manifest CHANGED
@@ -1,10 +1,11 @@
1
1
  bin/openssl_tem
2
- Manifest
3
- LICENSE
4
- test/test_executor.rb
5
- lib/ossl/key.rb
6
- lib/ossl/executor.rb
7
- lib/ossl/tem_tools.rb
2
+ CHANGELOG
3
+ lib/openssl/executor.rb
4
+ lib/openssl/key.rb
5
+ lib/openssl/tem_tools.rb
8
6
  lib/tem_openssl.rb
7
+ LICENSE
8
+ Manifest
9
+ Rakefile
9
10
  README
10
- CHANGELOG
11
+ test/test_executor.rb
@@ -1,6 +1,7 @@
1
- require 'pp'
2
-
3
- class Tem::OpenSSL::Executor
1
+ # :nodoc: namespace
2
+ module Tem::OpenSSL
3
+
4
+ class Executor
4
5
  def initialize(args, test_options)
5
6
  @args = args
6
7
  # unknown args get thrown here
@@ -104,4 +105,6 @@ class Tem::OpenSSL::Executor
104
105
  ex.run
105
106
  ex.cleanup
106
107
  end
107
- end
108
+ end
109
+
110
+ end # namespace Tem::OpenSSL
@@ -0,0 +1,61 @@
1
+ require 'pp'
2
+
3
+ # :nodoc: namespace
4
+ module Tem::OpenSSL
5
+
6
+ class Key
7
+ include TemTools
8
+
9
+ attr_reader :pub_key
10
+
11
+ def initialize(pub_key, priv_decrypt_sec, priv_encrypt_sec, priv_sign_sec)
12
+ @pub_key = pub_key
13
+ @priv_decrypt_sec = priv_decrypt_sec
14
+ @priv_encrypt_sec = priv_encrypt_sec
15
+ @priv_sign_sec = priv_sign_sec
16
+ end
17
+
18
+ def to_tkfile
19
+ @pub_key.ssl_key.to_s + [@priv_decrypt_sec.to_array,
20
+ @priv_encrypt_sec.to_array,
21
+ @priv_sign_sec.to_array].to_yaml
22
+ end
23
+
24
+ def privk_decrypt(data, tem)
25
+ TemTools.crypt_with_sec data, @priv_decrypt_sec, tem
26
+ end
27
+
28
+ def privk_encrypt(data, tem)
29
+ TemTools.crypt_with_sec data, @priv_encrypt_sec, tem
30
+ end
31
+
32
+ def privk_sign(data, tem)
33
+ TemTools.sign_with_sec data, @priv_sign_sec, tem
34
+ end
35
+
36
+ def self.new_tem_key(tem)
37
+ keys = TemTools.generate_key_on_tem tem
38
+ decrypt_sec = TemTools.crypting_sec keys[:privk], tem, :decrypt
39
+ encrypt_sec = TemTools.crypting_sec keys[:privk], tem, :encrypt
40
+ sign_sec = TemTools.signing_sec keys[:privk], tem
41
+ self.new keys[:pubk], decrypt_sec, encrypt_sec, sign_sec
42
+ end
43
+
44
+ def self.load_from_tkfile(file)
45
+ ossl_pub_key = OpenSSL::PKey::RSA.new file
46
+ pub_key = Tem::Key.new_from_ssl_key ossl_pub_key
47
+ begin
48
+ ds_ary, es_ary, ss_ary = *YAML.load(file)
49
+ priv_decrypt_sec = Tem::SecPack.new_from_array ds_ary
50
+ priv_encrypt_sec = Tem::SecPack.new_from_array es_ary
51
+ priv_sign_sec = Tem::SecPack.new_from_array ss_ary
52
+ rescue
53
+ priv_decrypt_sec = nil
54
+ priv_encrypt_sec = nil
55
+ priv_sign_sec = nil
56
+ end
57
+ self.new pub_key, priv_decrypt_sec, priv_encrypt_sec, priv_sign_sec
58
+ end
59
+ end
60
+
61
+ end # namespace Tem::OpenSSL
@@ -1,18 +1,23 @@
1
- module Tem::OpenSSL::TemTools
2
- # generate an RSA key pair on the TEM
3
- # slower than OpenSSL-based generation, but uses a hardware RNG
1
+ # :nodoc: namespace
2
+ module Tem::OpenSSL
3
+
4
+ module TemTools
5
+ # Generate an RSA key pair on the TEM.
6
+ #
7
+ # Runs slower than OpenSSL-based generation, but uses a hardware RNG.
4
8
  def self.generate_key_on_tem(tem)
5
- kdata = tem.tk_gen_key(:asymmetric)
6
- pubk = tem.tk_read_key(kdata[:pubk_id], kdata[:authz])
7
- tem.tk_delete_key(kdata[:pubk_id], kdata[:authz])
8
- privk = tem.tk_read_key(kdata[:privk_id], kdata[:authz])
9
- tem.tk_delete_key(kdata[:privk_id], kdata[:authz])
9
+ kdata = tem.tk_gen_key :asymmetric
10
+ pubk = tem.tk_read_key kdata[:pubk_id], kdata[:authz]
11
+ tem.tk_delete_key kdata[:pubk_id], kdata[:authz]
12
+ privk = tem.tk_read_key kdata[:privk_id], kdata[:authz]
13
+ tem.tk_delete_key kdata[:privk_id], kdata[:authz]
10
14
 
11
15
  return {:privk => privk, :pubk => pubk}
12
16
  end
13
17
 
14
- # generates a SECpack that encrypts/decrypts a user-supplied blob
15
- # the SECpack is tied down to a TEM
18
+ # Generates a SECpack that encrypts/decrypts a user-supplied blob.
19
+ #
20
+ # The SECpack is tied down to a TEM.
16
21
  def self.crypting_sec(key, tem, mode = :decrypt)
17
22
  crypt_sec = tem.assemble do |s|
18
23
  # load the key in the TEM
@@ -45,12 +50,13 @@ module Tem::OpenSSL::TemTools
45
50
  s.stack
46
51
  s.extra 8
47
52
  end
48
- crypt_sec.bind(tem.pubek, :key_data, :input_length)
49
- return crypt_sec
53
+ crypt_sec.bind tem.pubek, :key_data, :input_length
54
+ crypt_sec
50
55
  end
51
56
 
52
- # generates a SECpack that decrypts a user-supplied blob
53
- # the SECpack is tied down to a TEM
57
+ # Generates a SECpack that decrypts a user-supplied blob.
58
+ #
59
+ # The SECpack is tied down to a TEM.
54
60
  def self.signing_sec(key, tem)
55
61
  sign_sec = tem.assemble do |s|
56
62
  # load the key in the TEM
@@ -83,42 +89,45 @@ module Tem::OpenSSL::TemTools
83
89
  s.stack
84
90
  s.extra 8
85
91
  end
86
- sign_sec.bind(tem.pubek, :key_data, :input_length)
87
- return sign_sec
92
+ sign_sec.bind tem.pubek, :key_data, :input_length
93
+ sign_sec
88
94
  end
89
95
 
90
96
 
91
- # encrypts/decrypts using a SECpack generated via a previous call to crypting_sec
97
+ # Encrypts/decrypts using a SECpack generated via a previous call to
98
+ # crypting_sec.
92
99
  def self.crypt_with_sec(encrypted_data, dec_sec, tem)
93
100
  # convert the data string to an array of numbers
94
- ed = encrypted_data.unpack('C*')
101
+ ed = encrypted_data.unpack 'C*'
95
102
 
96
103
  # patch the data and its length into the SEC
97
- elen = tem.to_tem_ushort(ed.length)
104
+ elen = tem.to_tem_ushort ed.length
98
105
  dec_sec.body[dec_sec.label_address(:input_length), elen.length] = elen
99
106
  dec_sec.body[dec_sec.label_address(:input_data), ed.length] = ed
100
107
 
101
108
  # run the sec and convert its output to a string
102
109
  dd = tem.execute dec_sec
103
- decrypted_data = dd.pack('C*')
110
+ decrypted_data = dd.pack 'C*'
104
111
 
105
112
  return decrypted_data
106
113
  end
107
114
 
108
- # signs using a SECpack generated via a previous call to signing_sec
115
+ # Signs using a SECpack generated via a previous call to signing_sec.
109
116
  def self.sign_with_sec(data, sign_sec, tem)
110
117
  # convert the data string to an array of numbers
111
- d = data.unpack('C*')
118
+ d = data.unpack 'C*'
112
119
 
113
120
  # patch the data and its length into the SEC
114
- len = tem.to_tem_ushort(d.length)
121
+ len = tem.to_tem_ushort d.length
115
122
  sign_sec.body[sign_sec.label_address(:input_length), len.length] = len
116
123
  sign_sec.body[sign_sec.label_address(:input_data), d.length] = d
117
124
 
118
125
  # run the sec and convert its output to a string
119
126
  s = tem.execute sign_sec
120
- signature = s.pack('C*')
127
+ signature = s.pack 'C*'
121
128
 
122
129
  return signature
123
130
  end
124
131
  end
132
+
133
+ end # namespace Tem::OpenSSL
@@ -4,6 +4,6 @@ require 'tem_ruby'
4
4
  module Tem::OpenSSL
5
5
  end
6
6
 
7
- require 'ossl/tem_tools.rb'
8
- require 'ossl/key.rb'
9
- require 'ossl/executor.rb'
7
+ require 'openssl/tem_tools.rb'
8
+ require 'openssl/key.rb'
9
+ require 'openssl/executor.rb'
@@ -2,39 +2,35 @@
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = %q{tem_openssl}
5
- s.version = "0.3.4"
5
+ s.version = "0.3.5"
6
6
 
7
7
  s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
8
8
  s.authors = ["Victor Costan"]
9
- s.date = %q{2009-04-08}
9
+ s.date = %q{2009-05-26}
10
10
  s.default_executable = %q{openssl_tem}
11
11
  s.description = %q{TEM (Trusted Execution Module) engine for OpenSSL.}
12
12
  s.email = %q{victor@costan.us}
13
13
  s.executables = ["openssl_tem"]
14
- s.extra_rdoc_files = ["bin/openssl_tem", "LICENSE", "lib/ossl/key.rb", "lib/ossl/executor.rb", "lib/ossl/tem_tools.rb", "lib/tem_openssl.rb", "README", "CHANGELOG"]
15
- s.files = ["bin/openssl_tem", "Manifest", "LICENSE", "test/test_executor.rb", "lib/ossl/key.rb", "lib/ossl/executor.rb", "lib/ossl/tem_tools.rb", "lib/tem_openssl.rb", "README", "CHANGELOG", "tem_openssl.gemspec", "Rakefile"]
16
- s.has_rdoc = true
14
+ s.extra_rdoc_files = ["bin/openssl_tem", "CHANGELOG", "lib/openssl/executor.rb", "lib/openssl/key.rb", "lib/openssl/tem_tools.rb", "lib/tem_openssl.rb", "LICENSE", "README"]
15
+ s.files = ["bin/openssl_tem", "CHANGELOG", "lib/openssl/executor.rb", "lib/openssl/key.rb", "lib/openssl/tem_tools.rb", "lib/tem_openssl.rb", "LICENSE", "Manifest", "Rakefile", "README", "test/test_executor.rb", "tem_openssl.gemspec"]
17
16
  s.homepage = %q{http://tem.rubyforge.org}
18
17
  s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Tem_openssl", "--main", "README"]
19
18
  s.require_paths = ["lib"]
20
19
  s.rubyforge_project = %q{tem}
21
- s.rubygems_version = %q{1.3.1}
20
+ s.rubygems_version = %q{1.3.3}
22
21
  s.summary = %q{TEM (Trusted Execution Module) engine for OpenSSL.}
23
22
  s.test_files = ["test/test_executor.rb"]
24
23
 
25
24
  if s.respond_to? :specification_version then
26
25
  current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
27
- s.specification_version = 2
26
+ s.specification_version = 3
28
27
 
29
28
  if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
30
29
  s.add_runtime_dependency(%q<tem_ruby>, [">= 0.9.0"])
31
- s.add_development_dependency(%q<echoe>, [">= 0"])
32
30
  else
33
31
  s.add_dependency(%q<tem_ruby>, [">= 0.9.0"])
34
- s.add_dependency(%q<echoe>, [">= 0"])
35
32
  end
36
33
  else
37
34
  s.add_dependency(%q<tem_ruby>, [">= 0.9.0"])
38
- s.add_dependency(%q<echoe>, [">= 0"])
39
35
  end
40
36
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: tem_openssl
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.4
4
+ version: 0.3.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Victor Costan
@@ -9,7 +9,7 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2009-04-08 00:00:00 -04:00
12
+ date: 2009-05-26 00:00:00 -04:00
13
13
  default_executable:
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
@@ -22,16 +22,6 @@ dependencies:
22
22
  - !ruby/object:Gem::Version
23
23
  version: 0.9.0
24
24
  version:
25
- - !ruby/object:Gem::Dependency
26
- name: echoe
27
- type: :development
28
- version_requirement:
29
- version_requirements: !ruby/object:Gem::Requirement
30
- requirements:
31
- - - ">="
32
- - !ruby/object:Gem::Version
33
- version: "0"
34
- version:
35
25
  description: TEM (Trusted Execution Module) engine for OpenSSL.
36
26
  email: victor@costan.us
37
27
  executables:
@@ -40,28 +30,30 @@ extensions: []
40
30
 
41
31
  extra_rdoc_files:
42
32
  - bin/openssl_tem
43
- - LICENSE
44
- - lib/ossl/key.rb
45
- - lib/ossl/executor.rb
46
- - lib/ossl/tem_tools.rb
33
+ - CHANGELOG
34
+ - lib/openssl/executor.rb
35
+ - lib/openssl/key.rb
36
+ - lib/openssl/tem_tools.rb
47
37
  - lib/tem_openssl.rb
38
+ - LICENSE
48
39
  - README
49
- - CHANGELOG
50
40
  files:
51
41
  - bin/openssl_tem
52
- - Manifest
53
- - LICENSE
54
- - test/test_executor.rb
55
- - lib/ossl/key.rb
56
- - lib/ossl/executor.rb
57
- - lib/ossl/tem_tools.rb
42
+ - CHANGELOG
43
+ - lib/openssl/executor.rb
44
+ - lib/openssl/key.rb
45
+ - lib/openssl/tem_tools.rb
58
46
  - lib/tem_openssl.rb
47
+ - LICENSE
48
+ - Manifest
49
+ - Rakefile
59
50
  - README
60
- - CHANGELOG
51
+ - test/test_executor.rb
61
52
  - tem_openssl.gemspec
62
- - Rakefile
63
53
  has_rdoc: true
64
54
  homepage: http://tem.rubyforge.org
55
+ licenses: []
56
+
65
57
  post_install_message:
66
58
  rdoc_options:
67
59
  - --line-numbers
@@ -87,9 +79,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
87
79
  requirements: []
88
80
 
89
81
  rubyforge_project: tem
90
- rubygems_version: 1.3.1
82
+ rubygems_version: 1.3.3
91
83
  signing_key:
92
- specification_version: 2
84
+ specification_version: 3
93
85
  summary: TEM (Trusted Execution Module) engine for OpenSSL.
94
86
  test_files:
95
87
  - test/test_executor.rb
@@ -1,55 +0,0 @@
1
- require 'pp'
2
-
3
- class Tem::OpenSSL::Key
4
- include Tem::OpenSSL::TemTools
5
-
6
- attr_reader :pub_key
7
-
8
- def initialize(pub_key, priv_decrypt_sec, priv_encrypt_sec, priv_sign_sec)
9
- @pub_key = pub_key
10
- @priv_decrypt_sec = priv_decrypt_sec
11
- @priv_encrypt_sec = priv_encrypt_sec
12
- @priv_sign_sec = priv_sign_sec
13
- end
14
-
15
- def to_tkfile
16
- @pub_key.ssl_key.to_s + [@priv_decrypt_sec.to_array, @priv_encrypt_sec.to_array, @priv_sign_sec.to_array].to_yaml
17
- end
18
-
19
- def privk_decrypt(data, tem)
20
- Tem::OpenSSL::TemTools.crypt_with_sec(data, @priv_decrypt_sec, tem)
21
- end
22
-
23
- def privk_encrypt(data, tem)
24
- Tem::OpenSSL::TemTools.crypt_with_sec(data, @priv_encrypt_sec, tem)
25
- end
26
-
27
- def privk_sign(data, tem)
28
- Tem::OpenSSL::TemTools.sign_with_sec(data, @priv_sign_sec, tem)
29
- end
30
-
31
- def self.new_tem_key(tem)
32
- keys = Tem::OpenSSL::TemTools.generate_key_on_tem(tem)
33
- priv_decrypt_sec = Tem::OpenSSL::TemTools.crypting_sec(keys[:privk], tem, :decrypt)
34
- priv_encrypt_sec = Tem::OpenSSL::TemTools.crypting_sec(keys[:privk], tem, :encrypt)
35
- priv_sign_sec = Tem::OpenSSL::TemTools.signing_sec(keys[:privk], tem)
36
- return self.new(keys[:pubk], priv_decrypt_sec, priv_encrypt_sec, priv_sign_sec)
37
- end
38
-
39
- def self.load_from_tkfile(f)
40
- ossl_pub_key = OpenSSL::PKey::RSA.new(f)
41
- pub_key = Tem::CryptoAbi::new_key_from_ssl(ossl_pub_key, true)
42
- begin
43
- ds_ary, es_ary, ss_ary = *YAML.load(f)
44
- priv_decrypt_sec = Tem::SecPack.new_from_array(ds_ary)
45
- priv_encrypt_sec = Tem::SecPack.new_from_array(es_ary)
46
- priv_sign_sec = Tem::SecPack.new_from_array(ss_ary)
47
- rescue
48
- priv_decrypt_sec = nil
49
- priv_encrypt_sec = nil
50
- priv_sign_sec = nil
51
- end
52
- return self.new(pub_key, priv_decrypt_sec, priv_encrypt_sec, priv_sign_sec)
53
- end
54
-
55
- end