tem_ruby 0.10.1 → 0.10.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGELOG +2 -0
- data/Manifest +17 -3
- data/lib/tem/apdus/buffers.rb +1 -2
- data/lib/tem/builders/abi.rb +2 -2
- data/lib/tem/builders/assembler.rb +314 -0
- data/lib/tem/builders/crypto.rb +17 -8
- data/lib/tem/builders/isa.rb +120 -0
- data/lib/tem/definitions/abi.rb +8 -10
- data/lib/tem/definitions/assembler.rb +23 -0
- data/lib/tem/definitions/isa.rb +188 -0
- data/lib/tem/ecert.rb +15 -16
- data/lib/tem/sec_exec_error.rb +21 -3
- data/lib/tem/seclosures.rb +9 -5
- data/lib/tem/secpack.rb +50 -30
- data/lib/tem/toolkit.rb +11 -15
- data/lib/tem/transport/jcop_remote_protocol.rb +10 -2
- data/lib/tem_ruby.rb +4 -2
- data/tem_ruby.gemspec +5 -5
- data/test/tem_unit/test_tem_alu.rb +33 -0
- data/test/tem_unit/test_tem_bound_secpack.rb +51 -0
- data/test/tem_unit/test_tem_branching.rb +56 -0
- data/test/tem_unit/test_tem_crypto_asymmetric.rb +123 -0
- data/test/tem_unit/test_tem_crypto_hash.rb +35 -0
- data/test/tem_unit/test_tem_crypto_pstore.rb +53 -0
- data/test/tem_unit/test_tem_crypto_random.rb +25 -0
- data/test/tem_unit/test_tem_emit.rb +23 -0
- data/test/tem_unit/test_tem_memory.rb +48 -0
- data/test/tem_unit/test_tem_memory_compare.rb +65 -0
- data/test/tem_unit/test_tem_output.rb +32 -0
- data/test/tem_unit/test_tem_yaml_secpack.rb +47 -0
- data/test/test_exceptions.rb +1 -2
- data/timings/blank_bound_secpack.rb +3 -5
- data/timings/blank_sec.rb +2 -3
- data/timings/timings.rb +7 -2
- data/timings/vm_perf.rb +9 -10
- data/timings/vm_perf_bound.rb +9 -10
- metadata +35 -9
- data/lib/tem/sec_assembler.rb +0 -90
- data/lib/tem/sec_opcodes.rb +0 -154
- data/test/test_tem.rb +0 -524
|
@@ -0,0 +1,188 @@
|
|
|
1
|
+
module Tem::Isa
|
|
2
|
+
Tem::Builders::Isa.define_isa self, Tem::Abi,
|
|
3
|
+
:opcode_type => :tem_ubyte do |isa|
|
|
4
|
+
# 2 ST -> 1 ST
|
|
5
|
+
isa.instruction 0x10, :add
|
|
6
|
+
# 2 ST -> 1 ST
|
|
7
|
+
isa.instruction 0x11, :sub
|
|
8
|
+
# 2 ST -> 1 ST
|
|
9
|
+
isa.instruction 0x12, :mul
|
|
10
|
+
# 2 ST -> 1 ST
|
|
11
|
+
isa.instruction 0x13, :div
|
|
12
|
+
# 2 ST -> 1 ST
|
|
13
|
+
isa.instruction 0x14, :mod
|
|
14
|
+
# 2 ST -> 1 ST
|
|
15
|
+
isa.instruction 0x1E, :rnd
|
|
16
|
+
|
|
17
|
+
|
|
18
|
+
# 2 ST -> 1 ST
|
|
19
|
+
isa.instruction 0x3A, :stbv
|
|
20
|
+
# 2 ST -> 1 ST
|
|
21
|
+
isa.instruction 0x3B, :stwv
|
|
22
|
+
|
|
23
|
+
# 2 ST -> 1 ST
|
|
24
|
+
isa.instruction 0x5B, :stk
|
|
25
|
+
|
|
26
|
+
|
|
27
|
+
# 1 ST, 1 IM -> 1 ST
|
|
28
|
+
isa.instruction 0x38, :stb, {:name => :to, :type => :tem_ushort}
|
|
29
|
+
# 1 ST, 1 IM -> 1 ST
|
|
30
|
+
isa.instruction 0x39, :stw, {:name => :to, :type => :tem_ushort}
|
|
31
|
+
|
|
32
|
+
|
|
33
|
+
# 2 IM -> 1 ST
|
|
34
|
+
isa.instruction 0x48, :psupfxb, {:name => :addr, :type => :tem_ushort},
|
|
35
|
+
{:name => :from, :type => :tem_ushort}
|
|
36
|
+
# 2 ST -> 1 ST
|
|
37
|
+
isa.instruction 0x49, :psupvb
|
|
38
|
+
# 2 IM -> 1 ST
|
|
39
|
+
isa.instruction 0x4A, :pswrfxb, {:name => :addr, :type => :tem_ushort},
|
|
40
|
+
{:name => :from, :type => :tem_ushort}
|
|
41
|
+
# 2 ST -> 1 ST
|
|
42
|
+
isa.instruction 0x4B, :pswrvb
|
|
43
|
+
# 2 IM -> 1 ST
|
|
44
|
+
isa.instruction 0x4C, :psrdfxb, {:name => :addr, :type => :tem_ushort},
|
|
45
|
+
{:name => :to, :type => :tem_ushort}
|
|
46
|
+
# 2 ST -> 1 ST
|
|
47
|
+
isa.instruction 0x4D, :psrdvb
|
|
48
|
+
# 2 IM -> 1 ST
|
|
49
|
+
isa.instruction 0x4E, :pshkfxb, {:name => :addr, :type => :tem_ushort}
|
|
50
|
+
# 2 ST -> 1 ST
|
|
51
|
+
isa.instruction 0x4F, :pshkvb
|
|
52
|
+
|
|
53
|
+
|
|
54
|
+
# 3 IM -> 1 ST
|
|
55
|
+
isa.instruction 0x18, :mdfxb, {:name => :size, :type => :tem_ushort},
|
|
56
|
+
{:name => :from, :type => :tem_ushort},
|
|
57
|
+
{:name => :to, :type => :tem_ushort}
|
|
58
|
+
# 3 ST -> 1 ST
|
|
59
|
+
isa.instruction 0x19, :mdvb
|
|
60
|
+
# 3 IM -> 1 ST
|
|
61
|
+
isa.instruction 0x1A, :mcmpfxb, {:name => :size, :type => :tem_ushort},
|
|
62
|
+
{:name => :op1, :type => :tem_ushort},
|
|
63
|
+
{:name => :op2, :type => :tem_ushort}
|
|
64
|
+
# 3 ST -> 1 ST
|
|
65
|
+
isa.instruction 0x1B, :mcmpvb
|
|
66
|
+
# 3 IM -> 1 ST
|
|
67
|
+
isa.instruction 0x1C, :mcfxb, {:name => :size, :type => :tem_ushort},
|
|
68
|
+
{:name => :from, :type => :tem_ushort},
|
|
69
|
+
{:name => :to, :type => :tem_ushort}
|
|
70
|
+
# 3 ST -> 1 ST
|
|
71
|
+
isa.instruction 0x1D, :mcvb
|
|
72
|
+
|
|
73
|
+
# 1 ST, 3 IM -> 1 ST
|
|
74
|
+
isa.instruction 0x50, :kefxb, {:name => :size, :type => :tem_ushort},
|
|
75
|
+
{:name => :from, :type => :tem_ushort},
|
|
76
|
+
{:name => :to, :type => :tem_ushort}
|
|
77
|
+
# 4 ST -> 1 ST
|
|
78
|
+
isa.instruction 0x51, :kevb
|
|
79
|
+
# 1 ST, 3 IM -> 1 ST
|
|
80
|
+
isa.instruction 0x52, :kdfxb, {:name => :size, :type => :tem_ushort},
|
|
81
|
+
{:name => :from, :type => :tem_ushort},
|
|
82
|
+
{:name => :to, :type => :tem_ushort}
|
|
83
|
+
# 4 ST -> 1 ST
|
|
84
|
+
isa.instruction 0x53, :kdvb
|
|
85
|
+
# 1 ST, 3 IM -> 1 ST
|
|
86
|
+
isa.instruction 0x54, :ksfxb, {:name => :size, :type => :tem_ushort},
|
|
87
|
+
{:name => :from, :type => :tem_ushort},
|
|
88
|
+
{:name => :to, :type => :tem_ushort}
|
|
89
|
+
# 4 ST -> 1 ST
|
|
90
|
+
isa.instruction 0x55, :ksvb
|
|
91
|
+
# 1 ST, 3 IM -> 1 ST
|
|
92
|
+
isa.instruction 0x56, :kvsfxb, {:name => :size, :type => :tem_ushort},
|
|
93
|
+
{:name => :from, :type => :tem_ushort},
|
|
94
|
+
{:name => :signature, :type => :tem_ushort}
|
|
95
|
+
# 4 ST -> 1 ST
|
|
96
|
+
isa.instruction 0x57, :kvsvb
|
|
97
|
+
|
|
98
|
+
|
|
99
|
+
# 0 ST -> 0 ST; IP
|
|
100
|
+
isa.instruction 0x27, :jmp, {:name => :to, :type => :tem_ushort,
|
|
101
|
+
:reladdr => 2}
|
|
102
|
+
# 1 ST -> 0 ST; IP
|
|
103
|
+
isa.instruction 0x21, :jz, {:name => :to, :type => :tem_ushort,
|
|
104
|
+
:reladdr => 2}
|
|
105
|
+
isa.instruction 0x21, :je, {:name => :to, :type => :tem_ushort,
|
|
106
|
+
:reladdr => 2}
|
|
107
|
+
# 1 ST -> 0 ST; IP
|
|
108
|
+
isa.instruction 0x26, :jnz, {:name => :to, :type => :tem_ushort,
|
|
109
|
+
:reladdr => 2}
|
|
110
|
+
isa.instruction 0x26, :jne, {:name => :to, :type => :tem_ushort,
|
|
111
|
+
:reladdr => 2}
|
|
112
|
+
# 1 ST -> 0 ST; IP
|
|
113
|
+
isa.instruction 0x22, :ja, {:name => :to, :type => :tem_ushort,
|
|
114
|
+
:reladdr => 2}
|
|
115
|
+
isa.instruction 0x22, :jg, {:name => :to, :type => :tem_ushort,
|
|
116
|
+
:reladdr => 2}
|
|
117
|
+
# 1 ST -> 0 ST; IP
|
|
118
|
+
isa.instruction 0x23, :jae, {:name => :to, :type => :tem_ushort,
|
|
119
|
+
:reladdr => 2}
|
|
120
|
+
isa.instruction 0x23, :jge, {:name => :to, :type => :tem_ushort,
|
|
121
|
+
:reladdr => 2}
|
|
122
|
+
# 1 ST -> 0 ST; IP
|
|
123
|
+
isa.instruction 0x24, :jb, {:name => :to, :type => :tem_ushort,
|
|
124
|
+
:reladdr => 2}
|
|
125
|
+
isa.instruction 0x24, :jl, {:name => :to, :type => :tem_ushort,
|
|
126
|
+
:reladdr => 2}
|
|
127
|
+
# 1 ST -> 0 ST; IP
|
|
128
|
+
isa.instruction 0x25, :jbe, {:name => :to, :type => :tem_ushort,
|
|
129
|
+
:reladdr => 2}
|
|
130
|
+
isa.instruction 0x25, :jle, {:name => :to, :type => :tem_ushort,
|
|
131
|
+
:reladdr => 2}
|
|
132
|
+
|
|
133
|
+
# 1 IM_B -> 1 ST
|
|
134
|
+
isa.instruction 0x30, :ldbc, {:name => :const, :type => :tem_byte}
|
|
135
|
+
# 1 IM -> 1 ST
|
|
136
|
+
isa.instruction 0x31, :ldwc, {:name => :const, :type => :tem_short}
|
|
137
|
+
# 1 ST -> 1 ST
|
|
138
|
+
isa.instruction 0x32, :ldb, {:name => :from, :type => :tem_ushort}
|
|
139
|
+
# 1 ST -> 1 ST
|
|
140
|
+
isa.instruction 0x33, :ldw, {:name => :from, :type => :tem_ushort}
|
|
141
|
+
# 1 ST -> 1 ST
|
|
142
|
+
isa.instruction 0x36, :ldbv
|
|
143
|
+
# 1 ST -> 1 ST
|
|
144
|
+
isa.instruction 0x37, :ldwv
|
|
145
|
+
|
|
146
|
+
# 1 ST -> 0 ST
|
|
147
|
+
isa.instruction 0x42, :outnew
|
|
148
|
+
# 1 ST -> 0 ST
|
|
149
|
+
isa.instruction 0x44, :outb
|
|
150
|
+
# 1 ST -> 0 ST
|
|
151
|
+
isa.instruction 0x45, :outw
|
|
152
|
+
|
|
153
|
+
# 1 ST -> 0 ST
|
|
154
|
+
isa.instruction 0x34, :pop
|
|
155
|
+
# 2 ST -> 0 ST
|
|
156
|
+
isa.instruction 0x35, :pop2
|
|
157
|
+
|
|
158
|
+
# 1 IM, x ST -> 2x ST
|
|
159
|
+
isa.instruction 0x3C, :dupn, {:name => :n, :type => :tem_ubyte}
|
|
160
|
+
# 1 IM, x ST -> x ST
|
|
161
|
+
isa.instruction 0x3D, :flipn, {:name => :n, :type => :tem_ubyte}
|
|
162
|
+
|
|
163
|
+
# 2 IM -> 0 ST
|
|
164
|
+
isa.instruction 0x40, :outfxb, {:name => :size, :type => :tem_ushort},
|
|
165
|
+
{:name => :from, :type => :tem_ushort}
|
|
166
|
+
# 2 ST -> 0 ST
|
|
167
|
+
isa.instruction 0x41, :outvlb, {:name => :from, :type => :tem_ushort}
|
|
168
|
+
|
|
169
|
+
|
|
170
|
+
# 1 IM, 1 ST -> 0 ST
|
|
171
|
+
isa.instruction 0x43, :outvb
|
|
172
|
+
# 0 ST -> 0 ST;;
|
|
173
|
+
isa.instruction 0x46, :halt
|
|
174
|
+
# 1 ST -> 0 ST
|
|
175
|
+
isa.instruction 0x47, :psrm
|
|
176
|
+
|
|
177
|
+
# 1 ST -> 1 ST
|
|
178
|
+
isa.instruction 0x5A, :rdk
|
|
179
|
+
# 1 ST -> 0 ST
|
|
180
|
+
isa.instruction 0x5C, :relk
|
|
181
|
+
|
|
182
|
+
isa.instruction 0x5D, :ldkl
|
|
183
|
+
# 1 IM_B -> 2 ST
|
|
184
|
+
isa.instruction 0x5E, :genkp, {:name => :type, :type => :tem_ubyte }
|
|
185
|
+
# 1 ST, 1 IM -> 1 ST
|
|
186
|
+
isa.instruction 0x5F, :authk, {:name => :auth, :type => :tem_ushort }
|
|
187
|
+
end
|
|
188
|
+
end
|
data/lib/tem/ecert.rb
CHANGED
|
@@ -1,30 +1,30 @@
|
|
|
1
1
|
require 'openssl'
|
|
2
2
|
|
|
3
3
|
module Tem::ECert
|
|
4
|
-
#
|
|
4
|
+
# Writes an Endorsement Certificate to the TEM's tag.
|
|
5
5
|
def set_ecert(ecert)
|
|
6
6
|
set_tag ecert.to_der.unpack('C*')
|
|
7
7
|
end
|
|
8
8
|
|
|
9
|
-
#
|
|
9
|
+
# Retrieves the TEM's Endorsement Certificate.
|
|
10
10
|
def endorsement_cert
|
|
11
11
|
OpenSSL::X509::Certificate.new get_tag[2..-1].pack('C*')
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
-
#
|
|
14
|
+
# Retrieves the certificate of the TEM's Manfacturer (CA).
|
|
15
15
|
def manufacturer_cert
|
|
16
16
|
Tem::CA.ca_cert
|
|
17
17
|
end
|
|
18
18
|
|
|
19
|
-
#
|
|
19
|
+
# Retrieves the TEM's Public Endorsement Key.
|
|
20
20
|
def pubek
|
|
21
21
|
Tem::Key.new_from_ssl_key endorsement_cert.public_key
|
|
22
22
|
end
|
|
23
23
|
|
|
24
|
-
#
|
|
24
|
+
# Drives a TEM though the emitting process.
|
|
25
25
|
def emit
|
|
26
26
|
emit_sec = assemble do |s|
|
|
27
|
-
#
|
|
27
|
+
# Generate Endorsement Key pair, should end up in slots (0, 1).
|
|
28
28
|
s.genkp :type => 0
|
|
29
29
|
s.ldbc 1
|
|
30
30
|
s.sub
|
|
@@ -33,7 +33,7 @@ module Tem::ECert
|
|
|
33
33
|
s.sub
|
|
34
34
|
s.jne :to => :not_ok
|
|
35
35
|
|
|
36
|
-
#
|
|
36
|
+
# Generate and output random authorization for PrivEK.
|
|
37
37
|
s.ldbc 20
|
|
38
38
|
s.dupn :n => 1
|
|
39
39
|
s.outnew
|
|
@@ -41,25 +41,24 @@ module Tem::ECert
|
|
|
41
41
|
s.dupn :n => 2
|
|
42
42
|
s.rnd
|
|
43
43
|
s.outvb
|
|
44
|
-
#
|
|
44
|
+
# Set authorizations for PrivEK and PubkEK.
|
|
45
45
|
s.ldbc 0
|
|
46
46
|
s.authk :auth => :privek_auth
|
|
47
|
-
s.ldbc 1 # PubEK always has its initial authorization be all zeroes
|
|
47
|
+
s.ldbc 1 # PubEK always has its initial authorization be all zeroes.
|
|
48
48
|
s.authk :auth => :pubek_auth
|
|
49
49
|
s.halt
|
|
50
50
|
|
|
51
|
-
#
|
|
51
|
+
# Emitting didn't go well, return nothing and leave.
|
|
52
52
|
s.label :not_ok
|
|
53
53
|
s.ldbc 0
|
|
54
54
|
s.outnew
|
|
55
55
|
s.halt
|
|
56
56
|
|
|
57
57
|
s.label :privek_auth
|
|
58
|
-
s.
|
|
58
|
+
s.zeros :tem_ubyte, 20
|
|
59
59
|
s.label :pubek_auth
|
|
60
|
-
s.
|
|
61
|
-
s.stack
|
|
62
|
-
s.extra 8
|
|
60
|
+
s.zeros :tem_ubyte, 20
|
|
61
|
+
s.stack 4
|
|
63
62
|
end
|
|
64
63
|
|
|
65
64
|
r = execute emit_sec
|
|
@@ -74,5 +73,5 @@ module Tem::ECert
|
|
|
74
73
|
set_ecert ecert
|
|
75
74
|
return { :privek_auth => privk_auth }
|
|
76
75
|
end
|
|
77
|
-
end
|
|
78
|
-
end
|
|
76
|
+
end
|
|
77
|
+
end
|
data/lib/tem/sec_exec_error.rb
CHANGED
|
@@ -1,14 +1,23 @@
|
|
|
1
1
|
# raised when executing a SEC
|
|
2
2
|
class Tem::SecExecError < StandardError
|
|
3
|
+
attr_reader :line_info
|
|
3
4
|
attr_reader :buffer_state, :key_state
|
|
4
5
|
attr_reader :trace
|
|
5
6
|
|
|
6
|
-
def initialize(
|
|
7
|
+
def initialize(line_info, tem_trace, buffer_state, key_state)
|
|
7
8
|
super 'SEC execution failed on the TEM'
|
|
8
|
-
|
|
9
|
+
@line_info = line_info
|
|
10
|
+
line_ip, atom, backtrace = *line_info
|
|
11
|
+
@atom = atom
|
|
12
|
+
if tem_trace and tem_trace[:ip]
|
|
13
|
+
@ip_delta = tem_trace[:ip] - line_ip
|
|
14
|
+
else
|
|
15
|
+
@ip_delta = 0
|
|
16
|
+
end
|
|
9
17
|
@trace = tem_trace
|
|
10
18
|
@buffer_state = buffer_state
|
|
11
19
|
@key_state = key_state
|
|
20
|
+
set_backtrace backtrace
|
|
12
21
|
end
|
|
13
22
|
|
|
14
23
|
def bstat_str
|
|
@@ -36,7 +45,16 @@ class Tem::SecExecError < StandardError
|
|
|
36
45
|
end
|
|
37
46
|
|
|
38
47
|
def to_s
|
|
39
|
-
|
|
48
|
+
string = <<ENDSTRING
|
|
49
|
+
SECpack execution generated an exception on the TEM
|
|
50
|
+
|
|
51
|
+
TEM Trace: #{trace_str}
|
|
52
|
+
TEM Buffer Status:#{bstat_str}
|
|
53
|
+
TEM Key Status:#{kstat_str}
|
|
54
|
+
|
|
55
|
+
TEM execution error at #{@atom}+#{@ip_delta}
|
|
56
|
+
ENDSTRING
|
|
57
|
+
string.strip
|
|
40
58
|
end
|
|
41
59
|
|
|
42
60
|
def inspect
|
data/lib/tem/seclosures.rb
CHANGED
|
@@ -2,8 +2,8 @@ require 'yaml'
|
|
|
2
2
|
|
|
3
3
|
module Tem::SeClosures
|
|
4
4
|
module MixedMethods
|
|
5
|
-
def assemble(&
|
|
6
|
-
return Tem::
|
|
5
|
+
def assemble(&block)
|
|
6
|
+
return Tem::Assembler.assemble(&block)
|
|
7
7
|
end
|
|
8
8
|
end
|
|
9
9
|
|
|
@@ -53,9 +53,13 @@ module Tem::SeClosures
|
|
|
53
53
|
# there is an exception, try to collect the trace
|
|
54
54
|
b_stat = stat_buffers() rescue nil
|
|
55
55
|
k_stat = stat_keys() rescue nil
|
|
56
|
-
trace = sec_trace()
|
|
57
|
-
|
|
58
|
-
|
|
56
|
+
trace = sec_trace()
|
|
57
|
+
if trace and trace[:ip]
|
|
58
|
+
line_info = secpack.line_info_for_ip(trace[:ip])
|
|
59
|
+
else
|
|
60
|
+
line_info = [0, :unknown, Kernel.caller]
|
|
61
|
+
end
|
|
62
|
+
sec_exception = Tem::SecExecError.new line_info, trace, b_stat, k_stat
|
|
59
63
|
break
|
|
60
64
|
when 4 # persistent store fault
|
|
61
65
|
solve_psfault
|
data/lib/tem/secpack.rb
CHANGED
|
@@ -1,12 +1,13 @@
|
|
|
1
1
|
require 'yaml'
|
|
2
2
|
|
|
3
3
|
class Tem::SecPack
|
|
4
|
-
@@
|
|
5
|
-
|
|
4
|
+
@@serialized_ivars = [:body, :labels, :ep, :sp, :extra_bytes, :signed_bytes,
|
|
5
|
+
:encrypted_bytes, :bound, :lines]
|
|
6
|
+
|
|
6
7
|
def self.new_from_array(array)
|
|
7
|
-
arg_hash = {
|
|
8
|
-
@@
|
|
9
|
-
self.new
|
|
8
|
+
arg_hash = { }
|
|
9
|
+
@@serialized_ivars.each_with_index { |name, i| arg_hash[name] = array[i] }
|
|
10
|
+
self.new arg_hash
|
|
10
11
|
end
|
|
11
12
|
|
|
12
13
|
def self.new_from_yaml_str(yaml_str)
|
|
@@ -15,7 +16,7 @@ class Tem::SecPack
|
|
|
15
16
|
end
|
|
16
17
|
|
|
17
18
|
def to_array
|
|
18
|
-
@@
|
|
19
|
+
@@serialized_ivars.map { |m| self.instance_variable_get :"@#{m}" }
|
|
19
20
|
end
|
|
20
21
|
|
|
21
22
|
def to_yaml_str
|
|
@@ -25,32 +26,41 @@ class Tem::SecPack
|
|
|
25
26
|
attr_reader :body, :bound
|
|
26
27
|
attr_reader :lines
|
|
27
28
|
|
|
29
|
+
def trim_extra_bytes
|
|
30
|
+
@extra_bytes = 0
|
|
31
|
+
while @extra_bytes < @body.length
|
|
32
|
+
break if @body[-@extra_bytes - 1] != 0
|
|
33
|
+
@extra_bytes += 1
|
|
34
|
+
end
|
|
35
|
+
@body.slice! @body.length - @extra_bytes, @extra_bytes
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def expand_extra_bytes
|
|
39
|
+
@body += [0] * @extra_bytes
|
|
40
|
+
@extra_bytes = 0
|
|
41
|
+
end
|
|
42
|
+
|
|
28
43
|
def initialize(args)
|
|
29
|
-
|
|
30
|
-
@@serialized_members.map { |m| self.instance_variable_set "@#{m}", args[m] }
|
|
44
|
+
@@serialized_ivars.map { |m| self.instance_variable_set :"@#{m}", args[m] }
|
|
31
45
|
@bound ||= false
|
|
46
|
+
|
|
47
|
+
@extra_bytes ||= 0
|
|
48
|
+
# trim_extra_bytes if @extra_bytes == 0
|
|
32
49
|
end
|
|
33
50
|
|
|
34
51
|
def label_address(label_name)
|
|
35
52
|
@labels[label_name.to_sym]
|
|
36
53
|
end
|
|
37
|
-
|
|
38
|
-
def tem_header
|
|
39
|
-
# TODO: use 0x0100 (no tracing) depending on options
|
|
40
|
-
hh = [0x0101, @signed_bytes || 0, @encrypted_bytes || 0, @extra_bytes, @sp,
|
|
41
|
-
@ep].map { |n| @tem_klass.to_tem_ushort n }.flatten
|
|
42
|
-
hh += Array.new((@tem_klass.tem_hash [0]).length - hh.length, 0)
|
|
43
|
-
return hh
|
|
44
|
-
end
|
|
45
|
-
|
|
54
|
+
|
|
46
55
|
def bind(public_key, encrypt_from = 0, plaintext_from = 0)
|
|
47
|
-
|
|
48
|
-
|
|
56
|
+
expand_extra_bytes
|
|
57
|
+
encrypt_from = @labels[encrypt_from.to_sym] unless encrypt_from.kind_of? Numeric
|
|
58
|
+
plaintext_from = @labels[plaintext_from.to_sym] unless plaintext_from.kind_of? Numeric
|
|
49
59
|
|
|
50
60
|
@signed_bytes = encrypt_from
|
|
51
61
|
@encrypted_bytes = plaintext_from - encrypt_from
|
|
52
62
|
|
|
53
|
-
secpack_sig =
|
|
63
|
+
secpack_sig = Tem::Abi.tem_hash [tem_header, @body[0...plaintext_from]].flatten
|
|
54
64
|
crypt = public_key.encrypt [@body[encrypt_from...plaintext_from], secpack_sig].flatten
|
|
55
65
|
@body = [@body[0...encrypt_from], crypt, @body[plaintext_from..-1]].flatten
|
|
56
66
|
|
|
@@ -65,23 +75,33 @@ class Tem::SecPack
|
|
|
65
75
|
end
|
|
66
76
|
}.flatten)]
|
|
67
77
|
|
|
78
|
+
#trim_extra_bytes
|
|
68
79
|
@bound = true
|
|
69
80
|
end
|
|
70
81
|
|
|
71
|
-
def
|
|
72
|
-
|
|
82
|
+
def tem_header
|
|
83
|
+
# TODO: use 0x0100 (no tracing) depending on options
|
|
84
|
+
hh = [0x0101, @signed_bytes || 0, @encrypted_bytes || 0, @extra_bytes, @sp,
|
|
85
|
+
@ep].map { |n| Tem::Abi.to_tem_ushort n }.flatten
|
|
86
|
+
hh += Array.new((Tem::Abi.tem_hash [0]).length - hh.length, 0)
|
|
87
|
+
return hh
|
|
88
|
+
end
|
|
89
|
+
private :tem_header
|
|
90
|
+
|
|
91
|
+
def tem_formatted_body
|
|
92
|
+
# HACK: Ideally, we would allocate a bigger buffer, and then only fill part
|
|
93
|
+
# of it. Realistically, we'll just send in extra_bytes 0s.
|
|
94
|
+
[tem_header, @body, [0] * @extra_bytes].flatten
|
|
73
95
|
end
|
|
74
96
|
|
|
75
|
-
def
|
|
97
|
+
def line_info_for_ip(ip)
|
|
76
98
|
return nil unless @lines
|
|
77
99
|
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
# of the offending instruction has been read, so assume offending_ip < ip
|
|
83
|
-
max_value, st = st_ip, stack if st_ip < ip && max_value < st_ip
|
|
100
|
+
@lines.reverse_each do |info|
|
|
101
|
+
# If something breaks, it's likely to happen after the opcode of the
|
|
102
|
+
# offending instruction has been read, so assume offending_ip < ip.
|
|
103
|
+
return info if ip >= info[0]
|
|
84
104
|
end
|
|
85
|
-
return
|
|
105
|
+
return info.first
|
|
86
106
|
end
|
|
87
107
|
end
|
data/lib/tem/toolkit.rb
CHANGED
|
@@ -24,12 +24,11 @@ module Tem::Toolkit
|
|
|
24
24
|
s.halt
|
|
25
25
|
s.label :key_auth
|
|
26
26
|
if authz.nil?
|
|
27
|
-
s.
|
|
27
|
+
s.zeros :tem_ubyte, 20
|
|
28
28
|
else
|
|
29
|
-
s.
|
|
29
|
+
s.data :tem_ubyte, authz
|
|
30
30
|
end
|
|
31
|
-
s.stack
|
|
32
|
-
s.extra 8
|
|
31
|
+
s.stack 4
|
|
33
32
|
end
|
|
34
33
|
|
|
35
34
|
kp_buffer = execute gen_sec
|
|
@@ -55,9 +54,8 @@ module Tem::Toolkit
|
|
|
55
54
|
s.stk
|
|
56
55
|
s.halt
|
|
57
56
|
s.label :key_auth
|
|
58
|
-
s.
|
|
59
|
-
s.stack
|
|
60
|
-
s.extra 8
|
|
57
|
+
s.data :tem_ubyte, authz
|
|
58
|
+
s.stack 4
|
|
61
59
|
end
|
|
62
60
|
|
|
63
61
|
key_string = execute read_sec
|
|
@@ -75,9 +73,8 @@ module Tem::Toolkit
|
|
|
75
73
|
s.outb
|
|
76
74
|
s.halt
|
|
77
75
|
s.label :key_auth
|
|
78
|
-
s.
|
|
79
|
-
s.stack
|
|
80
|
-
s.extra 8
|
|
76
|
+
s.data :tem_ubyte, authz
|
|
77
|
+
s.stack 4
|
|
81
78
|
end
|
|
82
79
|
|
|
83
80
|
execute del_sec
|
|
@@ -93,13 +90,12 @@ module Tem::Toolkit
|
|
|
93
90
|
s.outb
|
|
94
91
|
s.halt
|
|
95
92
|
s.label :key_data
|
|
96
|
-
s.
|
|
93
|
+
s.data :tem_ubyte, key.to_tem_key
|
|
97
94
|
s.label :key_auth
|
|
98
|
-
s.
|
|
99
|
-
s.stack
|
|
100
|
-
s.extra 8
|
|
95
|
+
s.data :tem_ubyte, authz
|
|
96
|
+
s.stack 4
|
|
101
97
|
end
|
|
102
98
|
id_string = execute post_sec
|
|
103
99
|
return read_tem_ubyte(id_string, 0)
|
|
104
100
|
end
|
|
105
|
-
end
|
|
101
|
+
end
|
|
@@ -30,14 +30,22 @@ module JcopRemoteProtocol
|
|
|
30
30
|
def recv_message(socket)
|
|
31
31
|
header = ''
|
|
32
32
|
while header.length < 4
|
|
33
|
-
|
|
33
|
+
begin
|
|
34
|
+
partial = socket.recv 4 - header.length
|
|
35
|
+
rescue # Abrupt hangups result in exceptions that we catch here.
|
|
36
|
+
return nil
|
|
37
|
+
end
|
|
34
38
|
return false if partial.length == 0
|
|
35
39
|
header += partial
|
|
36
40
|
end
|
|
37
41
|
message_type, node_address, data_length = *header.unpack('CCn')
|
|
38
42
|
raw_data = ''
|
|
39
43
|
while raw_data.length < data_length
|
|
40
|
-
|
|
44
|
+
begin
|
|
45
|
+
partial = socket.recv data_length - raw_data.length
|
|
46
|
+
rescue # Abrupt hangups result in exceptions that we catch here.
|
|
47
|
+
return nil
|
|
48
|
+
end
|
|
41
49
|
return false if partial.length == 0
|
|
42
50
|
raw_data += partial
|
|
43
51
|
end
|
data/lib/tem_ruby.rb
CHANGED
|
@@ -23,9 +23,13 @@ require 'tem/keys/asymmetric.rb'
|
|
|
23
23
|
require 'tem/keys/symmetric.rb'
|
|
24
24
|
|
|
25
25
|
require 'tem/builders/abi.rb'
|
|
26
|
+
require 'tem/builders/assembler.rb'
|
|
26
27
|
require 'tem/builders/crypto.rb'
|
|
28
|
+
require 'tem/builders/isa.rb'
|
|
27
29
|
|
|
28
30
|
require 'tem/definitions/abi.rb'
|
|
31
|
+
require 'tem/definitions/isa.rb'
|
|
32
|
+
require 'tem/definitions/assembler.rb'
|
|
29
33
|
|
|
30
34
|
require 'tem/auto_conf.rb'
|
|
31
35
|
require 'tem/apdus/buffers.rb'
|
|
@@ -36,8 +40,6 @@ require 'tem/apdus/tag.rb'
|
|
|
36
40
|
require 'tem/ca.rb'
|
|
37
41
|
require 'tem/ecert.rb'
|
|
38
42
|
require 'tem/hive.rb'
|
|
39
|
-
require 'tem/sec_assembler.rb'
|
|
40
|
-
require 'tem/sec_opcodes.rb'
|
|
41
43
|
require 'tem/sec_exec_error.rb'
|
|
42
44
|
require 'tem/seclosures.rb'
|
|
43
45
|
require 'tem/secpack.rb'
|
data/tem_ruby.gemspec
CHANGED
|
@@ -2,23 +2,23 @@
|
|
|
2
2
|
|
|
3
3
|
Gem::Specification.new do |s|
|
|
4
4
|
s.name = %q{tem_ruby}
|
|
5
|
-
s.version = "0.10.
|
|
5
|
+
s.version = "0.10.2"
|
|
6
6
|
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
|
|
8
8
|
s.authors = ["Victor Costan"]
|
|
9
|
-
s.date = %q{2009-05-
|
|
9
|
+
s.date = %q{2009-05-31}
|
|
10
10
|
s.description = %q{TEM (Trusted Execution Module) driver, written in and for ruby.}
|
|
11
11
|
s.email = %q{victor@costan.us}
|
|
12
12
|
s.executables = ["tem_bench", "tem_ca", "tem_irb", "tem_proxy", "tem_stat"]
|
|
13
|
-
s.extra_rdoc_files = ["bin/tem_bench", "bin/tem_ca", "bin/tem_irb", "bin/tem_proxy", "bin/tem_stat", "CHANGELOG", "lib/tem/_cert.rb", "lib/tem/apdus/buffers.rb", "lib/tem/apdus/keys.rb", "lib/tem/apdus/lifecycle.rb", "lib/tem/apdus/tag.rb", "lib/tem/auto_conf.rb", "lib/tem/builders/abi.rb", "lib/tem/builders/crypto.rb", "lib/tem/ca.rb", "lib/tem/definitions/abi.rb", "lib/tem/
|
|
14
|
-
s.files = ["bin/tem_bench", "bin/tem_ca", "bin/tem_irb", "bin/tem_proxy", "bin/tem_stat", "CHANGELOG", "dev_ca/ca_cert.cer", "dev_ca/ca_cert.pem", "dev_ca/ca_key.pem", "dev_ca/config.yml", "lib/tem/_cert.rb", "lib/tem/apdus/buffers.rb", "lib/tem/apdus/keys.rb", "lib/tem/apdus/lifecycle.rb", "lib/tem/apdus/tag.rb", "lib/tem/auto_conf.rb", "lib/tem/builders/abi.rb", "lib/tem/builders/crypto.rb", "lib/tem/ca.rb", "lib/tem/definitions/abi.rb", "lib/tem/
|
|
13
|
+
s.extra_rdoc_files = ["bin/tem_bench", "bin/tem_ca", "bin/tem_irb", "bin/tem_proxy", "bin/tem_stat", "CHANGELOG", "lib/tem/_cert.rb", "lib/tem/apdus/buffers.rb", "lib/tem/apdus/keys.rb", "lib/tem/apdus/lifecycle.rb", "lib/tem/apdus/tag.rb", "lib/tem/auto_conf.rb", "lib/tem/builders/abi.rb", "lib/tem/builders/assembler.rb", "lib/tem/builders/crypto.rb", "lib/tem/builders/isa.rb", "lib/tem/ca.rb", "lib/tem/definitions/abi.rb", "lib/tem/definitions/assembler.rb", "lib/tem/definitions/isa.rb", "lib/tem/ecert.rb", "lib/tem/hive.rb", "lib/tem/keys/asymmetric.rb", "lib/tem/keys/key.rb", "lib/tem/keys/symmetric.rb", "lib/tem/sec_exec_error.rb", "lib/tem/seclosures.rb", "lib/tem/secpack.rb", "lib/tem/tem.rb", "lib/tem/toolkit.rb", "lib/tem/transport/auto_configurator.rb", "lib/tem/transport/java_card_mixin.rb", "lib/tem/transport/jcop_remote_protocol.rb", "lib/tem/transport/jcop_remote_server.rb", "lib/tem/transport/jcop_remote_transport.rb", "lib/tem/transport/pcsc_transport.rb", "lib/tem/transport/transport.rb", "lib/tem_ruby.rb", "LICENSE", "README"]
|
|
14
|
+
s.files = ["bin/tem_bench", "bin/tem_ca", "bin/tem_irb", "bin/tem_proxy", "bin/tem_stat", "CHANGELOG", "dev_ca/ca_cert.cer", "dev_ca/ca_cert.pem", "dev_ca/ca_key.pem", "dev_ca/config.yml", "lib/tem/_cert.rb", "lib/tem/apdus/buffers.rb", "lib/tem/apdus/keys.rb", "lib/tem/apdus/lifecycle.rb", "lib/tem/apdus/tag.rb", "lib/tem/auto_conf.rb", "lib/tem/builders/abi.rb", "lib/tem/builders/assembler.rb", "lib/tem/builders/crypto.rb", "lib/tem/builders/isa.rb", "lib/tem/ca.rb", "lib/tem/definitions/abi.rb", "lib/tem/definitions/assembler.rb", "lib/tem/definitions/isa.rb", "lib/tem/ecert.rb", "lib/tem/hive.rb", "lib/tem/keys/asymmetric.rb", "lib/tem/keys/key.rb", "lib/tem/keys/symmetric.rb", "lib/tem/sec_exec_error.rb", "lib/tem/seclosures.rb", "lib/tem/secpack.rb", "lib/tem/tem.rb", "lib/tem/toolkit.rb", "lib/tem/transport/auto_configurator.rb", "lib/tem/transport/java_card_mixin.rb", "lib/tem/transport/jcop_remote_protocol.rb", "lib/tem/transport/jcop_remote_server.rb", "lib/tem/transport/jcop_remote_transport.rb", "lib/tem/transport/pcsc_transport.rb", "lib/tem/transport/transport.rb", "lib/tem_ruby.rb", "LICENSE", "Manifest", "Rakefile", "README", "tem_ruby.gemspec", "test/_test_cert.rb", "test/builders/test_abi_builder.rb", "test/tem_test_case.rb", "test/tem_unit/test_tem_alu.rb", "test/tem_unit/test_tem_bound_secpack.rb", "test/tem_unit/test_tem_branching.rb", "test/tem_unit/test_tem_crypto_asymmetric.rb", "test/tem_unit/test_tem_crypto_hash.rb", "test/tem_unit/test_tem_crypto_pstore.rb", "test/tem_unit/test_tem_crypto_random.rb", "test/tem_unit/test_tem_emit.rb", "test/tem_unit/test_tem_memory.rb", "test/tem_unit/test_tem_memory_compare.rb", "test/tem_unit/test_tem_output.rb", "test/tem_unit/test_tem_yaml_secpack.rb", "test/test_driver.rb", "test/test_exceptions.rb", "test/transport/test_auto_configurator.rb", "test/transport/test_java_card_mixin.rb", "test/transport/test_jcop_remote.rb", "timings/blank_bound_secpack.rb", "timings/blank_sec.rb", "timings/devchip_decrypt.rb", "timings/post_buffer.rb", "timings/simple_apdu.rb", "timings/timings.rb", "timings/vm_perf.rb", "timings/vm_perf_bound.rb"]
|
|
15
15
|
s.homepage = %q{http://tem.rubyforge.org}
|
|
16
16
|
s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Tem_ruby", "--main", "README"]
|
|
17
17
|
s.require_paths = ["lib"]
|
|
18
18
|
s.rubyforge_project = %q{tem}
|
|
19
19
|
s.rubygems_version = %q{1.3.3}
|
|
20
20
|
s.summary = %q{TEM (Trusted Execution Module) driver, written in and for ruby.}
|
|
21
|
-
s.test_files = ["test/builders/test_abi_builder.rb", "test/
|
|
21
|
+
s.test_files = ["test/builders/test_abi_builder.rb", "test/tem_unit/test_tem_alu.rb", "test/tem_unit/test_tem_bound_secpack.rb", "test/tem_unit/test_tem_branching.rb", "test/tem_unit/test_tem_crypto_asymmetric.rb", "test/tem_unit/test_tem_crypto_hash.rb", "test/tem_unit/test_tem_crypto_pstore.rb", "test/tem_unit/test_tem_crypto_random.rb", "test/tem_unit/test_tem_emit.rb", "test/tem_unit/test_tem_memory.rb", "test/tem_unit/test_tem_memory_compare.rb", "test/tem_unit/test_tem_output.rb", "test/tem_unit/test_tem_yaml_secpack.rb", "test/test_driver.rb", "test/test_exceptions.rb", "test/transport/test_auto_configurator.rb", "test/transport/test_java_card_mixin.rb", "test/transport/test_jcop_remote.rb"]
|
|
22
22
|
|
|
23
23
|
if s.respond_to? :specification_version then
|
|
24
24
|
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
require 'test/tem_test_case'
|
|
2
|
+
|
|
3
|
+
class TemAluTest < TemTestCase
|
|
4
|
+
def test_alu
|
|
5
|
+
sec = @tem.assemble { |s|
|
|
6
|
+
s.ldbc 10
|
|
7
|
+
s.outnew
|
|
8
|
+
s.ldwc 0x1234
|
|
9
|
+
s.ldwc 0x5678
|
|
10
|
+
s.dupn :n => 2
|
|
11
|
+
s.add
|
|
12
|
+
s.outw
|
|
13
|
+
s.sub
|
|
14
|
+
s.outw
|
|
15
|
+
s.ldwc 0x0155
|
|
16
|
+
s.ldwc 0x02AA
|
|
17
|
+
s.mul
|
|
18
|
+
s.outw
|
|
19
|
+
s.ldwc 0x390C
|
|
20
|
+
s.ldwc 0x00AA
|
|
21
|
+
s.dupn :n => 2
|
|
22
|
+
s.div
|
|
23
|
+
s.outw
|
|
24
|
+
s.mod
|
|
25
|
+
s.outw
|
|
26
|
+
s.halt
|
|
27
|
+
s.stack 5
|
|
28
|
+
}
|
|
29
|
+
result = @tem.execute sec
|
|
30
|
+
assert_equal [0x68, 0xAC, 0xBB, 0xBC, 0x8C, 0x72, 0x00, 0x55, 0x00, 0x9A],
|
|
31
|
+
result, 'the ALU isn\'t working well'
|
|
32
|
+
end
|
|
33
|
+
end
|