tem_ruby 0.11.3 → 0.11.4

data/CHANGELOG

@@ -1,3 +1,5 @@
+v0.11.4. Removed Ruby warnings. Updated for smartcard API 0.4.
+
 v0.11.3. Autoconf improvement: $tem becomes nil if $tem.disconnect is called.
 
 v0.11.2. tem_proxy improvement: exit if transport auto-configuration fails.

data/Manifest

@@ -40,13 +40,6 @@ lib/tem/seclosures.rb
 lib/tem/secpack.rb
 lib/tem/tem.rb
 lib/tem/toolkit.rb
-lib/tem/transport/auto_configurator.rb
-lib/tem/transport/java_card_mixin.rb
-lib/tem/transport/jcop_remote_protocol.rb
-lib/tem/transport/jcop_remote_server.rb
-lib/tem/transport/jcop_remote_transport.rb
-lib/tem/transport/pcsc_transport.rb
-lib/tem/transport/transport.rb
 lib/tem_ruby.rb
 LICENSE
 Manifest
@@ -67,8 +60,6 @@ test/tem_unit/test_tem_memory.rb
 test/tem_unit/test_tem_memory_compare.rb
 test/tem_unit/test_tem_output.rb
 test/tem_unit/test_tem_yaml_secpack.rb
+test/test_auto_conf.rb
 test/test_driver.rb
 test/test_exceptions.rb
-test/transport/test_auto_configurator.rb
-test/transport/test_java_card_mixin.rb
-test/transport/test_jcop_remote.rb

data/Rakefile

@@ -10,7 +10,7 @@ Echoe.new('tem_ruby') do |p|
   p.email = 'victor@costan.us'
   p.summary = 'TEM (Trusted Execution Module) driver, written in and for ruby.'
   p.url = 'http://tem.rubyforge.org'
-  p.dependencies = ['smartcard >=0.3.0']
+  p.dependencies = ['smartcard >=0.4.0']
   
   p.need_tar_gz = !Platform.windows?
   p.need_zip = !Platform.windows?

data/bin/tem_proxy

@@ -10,7 +10,7 @@ require 'tem_ruby'
 
 # JCOP remote serving logic implementing a proxy to another transport. 
 class ServingLogic
-  include Tem::Transport::JcopRemoteServingStubs
+  include Smartcard::Iso::JcopRemoteServingStubs
   def initialize(serving_transport, logging = false)
     @serving = serving_transport
     @logger = Logger.new STDERR
@@ -47,15 +47,15 @@ def serve(options)
   @logger = Logger.new STDERR
   @logger.level = options[:logging] ? Logger::DEBUG : Logger::FATAL
 
-  serving_transport = Tem::Transport.auto_transport
+  serving_transport = Smartcard::Iso.auto_transport
   unless serving_transport
-    @logger.error "Transport auto-configuration failed"
+    @logger.error "ISO7816 smart-card transport auto-configuration failed"
     return
   end
   @logger.info "Proxying to #{serving_transport.inspect}\n"
   @logger.info "Serving with #{options.inspect}\n"
   serving_logic = ServingLogic.new serving_transport, options[:logging]
-  Tem::Transport::JcopRemoteServer.new(options, serving_logic).run
+  Smartcard::Iso::JcopRemoteServer.new(options, serving_logic).run
 end
 
 # Parses the commmand-line arguments into an options hash suitable for #serve.

data/lib/tem/apdus/buffers.rb

@@ -1,23 +1,30 @@
+# TEM buffer management using the APDU API. 
+#
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2009 Massachusetts Institute of Technology
+# License:: MIT
+
 # :nodoc: namespace
 module Tem::Apdus
 
+
 module Buffers
   def alloc_buffer(length)
-    response = @transport.applet_apdu! :ins => 0x20,
+    response = @transport.iso_apdu! :ins => 0x20,
                                        :p12 => to_tem_short(length)
     return read_tem_byte(response, 0)
   end
   
   def release_buffer(buffer_id)
-    @transport.applet_apdu! :ins => 0x21, :p1 => buffer_id
+    @transport.iso_apdu! :ins => 0x21, :p1 => buffer_id
   end
 
   def flush_buffers
-    @transport.applet_apdu! :ins => 0x26
+    @transport.iso_apdu! :ins => 0x26
   end
   
   def get_buffer_length(buffer_id)
-    response = @transport.applet_apdu! :ins => 0x22, :p1 => buffer_id
+    response = @transport.iso_apdu! :ins => 0x22, :p1 => buffer_id
     return read_tem_short(response, 0)
   end
   
@@ -27,7 +34,7 @@ module Buffers
     buffer = []
     chunk_id = 0
     while true do
-      response = @transport.applet_apdu! :ins => 0x23, :p1 => buffer_id,
+      response = @transport.iso_apdu! :ins => 0x23, :p1 => buffer_id,
                                         :p2 => chunk_id
       buffer += response
       break if response.length != @buffer_chunk_size
@@ -42,7 +49,7 @@ module Buffers
     chunk_id, offset = 0, 0
     while offset < data.length do
       write_size = [data.length - offset, @buffer_chunk_size].min
-      @transport.applet_apdu! :ins => 0x24, :p1 => buffer_id, :p2 => chunk_id,
+      @transport.iso_apdu! :ins => 0x24, :p1 => buffer_id, :p2 => chunk_id,
                               :data => data[offset, write_size]
       chunk_id += 1
       offset += write_size
@@ -54,12 +61,12 @@ module Buffers
   end
   
   def guess_buffer_chunk_size!
-    response = @transport.applet_apdu! :ins => 0x25
+    response = @transport.iso_apdu! :ins => 0x25
     return read_tem_short(response, 0)
   end
   
   def stat_buffers
-    response = @transport.applet_apdu! :ins => 0x27
+    response = @transport.iso_apdu! :ins => 0x27
     
     memory_types = [:persistent, :clear_on_reset, :clear_on_deselect]
     stat = {:free => {}, :buffers => []}

data/lib/tem/apdus/keys.rb

@@ -1,20 +1,26 @@
+# TEM cryptographic key manipulation using the APDU API. 
+#
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2007 Massachusetts Institute of Technology
+# License:: MIT
+
 # :nodoc: namespace
 module Tem::Apdus
   
 module Keys
   def devchip_generate_key_pair
-    response = @transport.applet_apdu! :ins => 0x40
+    response = @transport.iso_apdu! :ins => 0x40
     return { :privkey_id => read_tem_byte(response, 0),
              :pubkey_id => read_tem_byte(response, 1) }    
   end
   
   def devchip_release_key(key_id)
-    @transport.applet_apdu! :ins => 0x41, :p1 => key_id
+    @transport.iso_apdu! :ins => 0x41, :p1 => key_id
     return true
   end
   
   def devchip_save_key(key_id)
-    response = @transport.applet_apdu! :ins => 0x43, :p1 => key_id
+    response = @transport.iso_apdu! :ins => 0x43, :p1 => key_id
     buffer_id = read_tem_byte response, 0 
     buffer_length = read_tem_short response, 1
     key_buffer = read_buffer buffer_id
@@ -26,7 +32,7 @@ module Keys
   def devchip_encrypt_decrypt(data, key_id, opcode)
     buffer_id = post_buffer data
     begin
-      response = @transport.applet_apdu! :ins => opcode, :p1 => key_id,
+      response = @transport.iso_apdu! :ins => opcode, :p1 => key_id,
                                          :p2 => buffer_id
     ensure
       release_buffer buffer_id
@@ -47,7 +53,7 @@ module Keys
   end
   
   def stat_keys
-    response = @transport.applet_apdu! :ins => 0x27, :p1 => 0x01
+    response = @transport.iso_apdu! :ins => 0x27, :p1 => 0x01
     key_types = { 0x99 => :symmetric, 0x55 => :private, 0xAA => :public }
     stat = {:keys => {}}
     offset = 0

data/lib/tem/apdus/lifecycle.rb

@@ -1,12 +1,19 @@
+# TEM life-cycle management using the APDU API. 
+#
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2007 Massachusetts Institute of Technology
+# License:: MIT
+
 # :nodoc: namespace
 module Tem::Apdus
-  
+
+
 module Lifecycle
   def activate
-    @transport.applet_apdu(:ins => 0x10)[:status] == 0x9000
+    @transport.iso_apdu(:ins => 0x10)[:status] == 0x9000
   end
   def kill
-    @transport.applet_apdu(:ins => 0x11)[:status] == 0x9000
+    @transport.iso_apdu(:ins => 0x11)[:status] == 0x9000
   end
 end
 

data/lib/tem/apdus/tag.rb

@@ -1,25 +1,32 @@
+# TEM tag management using the APDU API. 
+#
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2007 Massachusetts Institute of Technology
+# License:: MIT
+
 # :nodoc: namespace
 module Tem::Apdus
   
+  
 module Tag
   def set_tag(tag_data)    
     buffer_id = post_buffer tag_data
     begin
-      @transport.applet_apdu! :ins => 0x30, :p1 => buffer_id
+      @transport.iso_apdu! :ins => 0x30, :p1 => buffer_id
     ensure
       release_buffer buffer_id
     end
   end
   
   def get_tag_length
-    response = @transport.applet_apdu! :ins => 0x31
+    response = @transport.iso_apdu! :ins => 0x31
     return read_tem_short(response, 0)
   end
   
   def get_tag_data(offset, length)
     buffer_id = alloc_buffer length
     begin
-      @transport.applet_apdu! :ins => 0x32, :p1 => buffer_id,
+      @transport.iso_apdu! :ins => 0x32, :p1 => buffer_id,
                               :data => [to_tem_short(offset),
                                         to_tem_short(length)].flatten
       tag_data = read_buffer buffer_id

data/lib/tem/auto_conf.rb

@@ -7,10 +7,13 @@ module Tem
   #
   # It is safe to call auto_conf multiple times. A single session will be open.
   def self.auto_conf
-    return $tem if $tem
-    $tem = auto_tem
-    class << $tem
+    return @tem if defined?(@tem) and @tem
+    
+    @tem = auto_tem
+    $tem = @tem
+    class << @tem
       def disconnect
+        Tem.instance_variable_set :@tem, nil
         $tem = nil
         super
       end
@@ -24,8 +27,8 @@ module Tem
   # In case of success, returns a Tem::Session that can be used to talk to some
   # TEM. An exception will be raised if the session creation fails. 
   def self.auto_tem
-    transport = Tem::Transport.auto_transport
-    raise 'No suitable TEM was found' unless transport
+    transport = Smartcard::Iso.auto_transport
+    raise 'No suitable ISO7816 smart-card was found' unless transport
     Tem::Session.new transport
   end
 end

data/lib/tem/benchmarks/benchmarks.rb

@@ -1,3 +1,9 @@
+# Master file for running the TEM benchmarks. 
+#
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2008 Massachusetts Institute of Technology
+# License:: MIT
+
 require 'tem_ruby'
 
 require 'tem/benchmarks/blank_bound_secpack.rb'
@@ -8,6 +14,7 @@ require 'tem/benchmarks/simple_apdu.rb'
 require 'tem/benchmarks/vm_perf.rb'
 require 'tem/benchmarks/vm_perf_bound.rb'
 
+
 class Tem::Benchmarks
   def setup
     @tem = Tem.auto_tem

data/lib/tem/benchmarks/blank_bound_secpack.rb

@@ -1,3 +1,13 @@
+# Benchmarks decrypting a bound SECpack. 
+#
+# This is a lower bound on the time it takes to execute any bound SECpack.
+#
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2008 Massachusetts Institute of Technology
+# License:: MIT
+
+
+# :nodoc:
 class Tem::Benchmarks
   def time_blank_bound_secpack
     secpack = @tem.assemble { |s|

data/lib/tem/benchmarks/blank_sec.rb

@@ -1,3 +1,17 @@
+# Benchmarks SECpack loading. 
+#
+# Any SECpack execution will take the overhead of loading the SECpack. Loading a
+# SECpack requires placing the SECpack's contents into a buffer. The difference
+# between the time it takes to post a buffer and the time it takes to load a
+# SECpack is overhead in the TEM firmware. This overhead should be kept to a
+# minimum.
+#
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2008 Massachusetts Institute of Technology
+# License:: MIT
+
+
+# :nodoc:
 class Tem::Benchmarks
   def time_blank_sec
     secpack = @tem.assemble { |s|

data/lib/tem/benchmarks/devchip_decrypt.rb

@@ -1,3 +1,15 @@
+# Benchmarks the TEM hardware's decryption facility. 
+#
+# This is the chip's native decryption speed. The difference between this time
+# and the time it takes to decrypt a bound SECpack is overhead added by the TEM
+# firmware. That overhead should be kept to a minimum.  
+#
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2008 Massachusetts Institute of Technology
+# License:: MIT
+
+
+# :nodoc:
 class Tem::Benchmarks
   def time_devchip_decrypt
     pubek = @tem.pubek

data/lib/tem/benchmarks/post_buffer.rb

@@ -1,3 +1,11 @@
+# Benchmarks the TEM's buffer management code. 
+#
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2008 Massachusetts Institute of Technology
+# License:: MIT
+
+
+# :nodoc:
 class Tem::Benchmarks
   def time_post_buffer
     data = (0...490).map { |i| (39 * i * i + 91 * i + 17) % 256 }

data/lib/tem/benchmarks/simple_apdu.rb

@@ -1,3 +1,14 @@
+# Benchmarks the TEM hardware's overhead for an APDU round-trip.
+#
+# This overhead applies to any TEM operation, because each operation involves
+# one or more APDU exchanges. 
+#
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2008 Massachusetts Institute of Technology
+# License:: MIT
+
+
+# :nodoc:
 class Tem::Benchmarks
   def time_simple_apdu
     do_timing { @tem.get_tag_length }

data/lib/tem/benchmarks/vm_perf.rb

@@ -1,3 +1,14 @@
+# Benchmarks the TEM virtual machine's execution speed.
+#
+# The difference between this time and the time it takes to execute a blank
+# SECpack is pure VM execution time.
+#
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2008 Massachusetts Institute of Technology
+# License:: MIT
+
+
+# :nodoc:
 class Tem::Benchmarks
   def time_vm_perf
     secpack = @tem.assemble { |s|

data/lib/tem/benchmarks/vm_perf_bound.rb

@@ -1,3 +1,15 @@
+# Benchmarks the TEM virtual machine's execution speed on bound SECpacks.
+#
+# The difference between this time and the time it takes to execute a blank
+# bound SECpack is pure VM execution time. This execution time should not be
+# significantly different from the execution time for unbound SECpacks.
+#
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2008 Massachusetts Institute of Technology
+# License:: MIT
+
+
+# :nodoc:
 class Tem::Benchmarks
   def time_vm_perf_bound
     secpack = @tem.assemble { |s|

data/lib/tem/builders/abi.rb

@@ -1,9 +1,15 @@
-require 'openssl'
+# ABI (Abstract Binary Interface) builder.
+#
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2009 Massachusetts Institute of Technology
+# License:: MIT
 
+require 'openssl'
 
 # :nodoc: namespace
 module Tem::Builders  
 
+
 # Builder class for the ABI (Abstract Binary Interface) builder.
 class Abi
   # Creates a builder targeting a module / class.
@@ -44,8 +50,8 @@ class Abi
       define_method(:"#{name}_length") { bytes }
     end
     
-    @target.class_eval &defines
-    (class << @target; self; end).module_eval &defines
+    @target.class_eval(&defines)
+    (class << @target; self; end).module_eval(&defines)
   end
   
   # Defines the methods for handling a variable-length number type in an ABI.
@@ -86,8 +92,8 @@ class Abi
       end
     end
     
-    @target.class_eval &defines
-    (class << @target; self; end).module_eval &defines    
+    @target.class_eval(&defines)
+    (class << @target; self; end).module_eval(&defines)    
   end
   
   # Defines the methods for handling a group of packed variable-length numbers
@@ -160,8 +166,8 @@ class Abi
       define_method(:"#{name}_components") { sub_names }
     end
     
-    @target.class_eval &defines
-    (class << @target; self; end).module_eval &defines    
+    @target.class_eval(&defines)
+    (class << @target; self; end).module_eval(&defines)    
   end
   
   # Defines the methods for handling a fixed-length string type in an ABI.
@@ -190,8 +196,8 @@ class Abi
       define_method(:"#{name}_length") { bytes }
     end
     
-    @target.class_eval &defines
-    (class << @target; self; end).module_eval &defines
+    @target.class_eval(&defines)
+    (class << @target; self; end).module_eval(&defines)
   end
   
   # Defines methods for handling a complex ABI structure wrapped into an object.
@@ -299,9 +305,9 @@ class Abi
       define_method(:"#{name}_tohook", &hooks[:to]) if hooks[:to]      
     end
     
-    @target.class_eval &defines
+    @target.class_eval(&defines)
     @target.class_eval define_str
-    (class << @target; self; end).module_eval &defines
+    (class << @target; self; end).module_eval(&defines)
     (class << @target; self; end).module_eval define_str
   end
   
@@ -351,8 +357,8 @@ class Abi
       define_method(:"#{name}_length") { bytes }
     end
     
-    @target.class_eval &defines
-    (class << @target; self; end).module_eval &defines    
+    @target.class_eval(&defines)
+    (class << @target; self; end).module_eval(&defines)    
   end
   
   # The module / class impacted by the builder.

data/lib/tem/builders/assembler.rb

@@ -1,6 +1,13 @@
+# Assembler (as in opcode assembler) builder.
+#
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2009 Massachusetts Institute of Technology
+# License:: MIT
+
 # :nodoc: namespace
 module Tem::Builders  
 
+
 # Builder class for the code assembler builder.
 class Assembler
   # Creates a builder targeting a module / class.
@@ -56,8 +63,8 @@ class Assembler
         end
       end
     end    
-    @proxy_class.class_eval &proxy_defines
-    (class << @proxy_class; self; end).module_eval &proxy_defines    
+    @proxy_class.class_eval(&proxy_defines)
+    (class << @proxy_class; self; end).module_eval(&proxy_defines)    
   end
   
   # Defines the methods for implementing a labeling directive.
@@ -73,8 +80,8 @@ class Assembler
         @assembler.emit_label label_name.to_sym
       end
     end    
-    @proxy_class.class_eval &proxy_defines
-    (class << @proxy_class; self; end).module_eval &proxy_defines    
+    @proxy_class.class_eval(&proxy_defines)
+    (class << @proxy_class; self; end).module_eval(&proxy_defines)    
   end
   
   # Defines the methods for implementing a special label directive.
@@ -90,8 +97,8 @@ class Assembler
         @assembler.emit_label label_name.to_sym
       end
     end    
-    @proxy_class.class_eval &proxy_defines
-    (class << @proxy_class; self; end).module_eval &proxy_defines
+    @proxy_class.class_eval(&proxy_defines)
+    (class << @proxy_class; self; end).module_eval(&proxy_defines)
   end
 
   # Defines the methods for implementing a zero-inserting directive.
@@ -115,8 +122,8 @@ class Assembler
         @assembler.emit_bytes name, :emit => Array.new(bytes, 0)
       end
     end    
-    @proxy_class.class_eval &proxy_defines
-    (class << @proxy_class; self; end).module_eval &proxy_defines    
+    @proxy_class.class_eval(&proxy_defines)
+    (class << @proxy_class; self; end).module_eval(&proxy_defines)    
   end
     
   # Defines the methods for implementing a data-emitting directive.
@@ -137,8 +144,8 @@ class Assembler
         @assembler.emit_bytes :immed, :emit => data
       end
     end    
-    @proxy_class.class_eval &proxy_defines
-    (class << @proxy_class; self; end).module_eval &proxy_defines    
+    @proxy_class.class_eval(&proxy_defines)
+    (class << @proxy_class; self; end).module_eval(&proxy_defines)    
   end
   
   # (private) Defines the builder class used during assembly.
@@ -194,8 +201,8 @@ class Assembler
         end
       end
     end
-    @proxy_class.class_eval &proxy_defines
-    (class << @proxy_class; self; end).module_eval &proxy_defines    
+    @proxy_class.class_eval(&proxy_defines)
+    (class << @proxy_class; self; end).module_eval(&proxy_defines)    
   end
   private :define_proxy_class
     
@@ -226,8 +233,8 @@ class Assembler
       end
       private :_assemble
     end
-    @target.class_eval &defines
-    (class << @target; self; end).module_eval &defines        
+    @target.class_eval(&defines)
+    (class << @target; self; end).module_eval(&defines)        
   end
   
   # The module / class impacted by the builder.
@@ -306,8 +313,8 @@ module Assembler::CodeBuilderBase
     end
     
     # Wrap all the built data into a nice package and return it.
-    { :bytes => @bytes, :link_directives => @link_direcives, :labels => @labels,
-      :line_info => @line_info }
+    { :bytes => @bytes, :link_directives => @link_directives,
+      :labels => @labels, :line_info => @line_info }
   end
 end
 

data/lib/tem/builders/crypto.rb

@@ -1,9 +1,15 @@
-require 'openssl'
+# Cryptography ABI builder.
+#
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2009 Massachusetts Institute of Technology
+# License:: MIT
 
+require 'openssl'
 
 # :nodoc: namespace
 module Tem::Builders  
 
+
 # Builder class and namespace for the cryptography builder.
 class Crypto < Abi
   # Creates a builder targeting a module / class.
@@ -100,8 +106,8 @@ class Crypto < Abi
       define_method(:"#{name}_length") { digest_length }
     end
     
-    @target.class_eval &defines
-    (class << @target; self; end).module_eval &defines    
+    @target.class_eval(&defines)
+    (class << @target; self; end).module_eval(&defines)    
   end
 end  # class Crypto
 

data/lib/tem/builders/isa.rb

@@ -1,9 +1,15 @@
-require 'openssl'
+# ISA (Instruction Set Architeture) builder.
+#
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2009 Massachusetts Institute of Technology
+# License:: MIT
 
+require 'openssl'
 
 # :nodoc: namespace
 module Tem::Builders  
 
+
 # Builder class for the ISA (Instruction Set Architecture) builder.
 class Isa
   # Creates a builder targeting a module / class.
@@ -82,7 +88,7 @@ class Isa
         emit = encoded_opcode
         link_directives = []
         fargs.each_with_index do |arg, i|
-          if (arg.kind_of? Numeric) && !arg[:reladdr]
+          if arg.kind_of?(Numeric) && !iargs[i][:reladdr]
             emit += abi.send arg_encode_msgs[i], arg
           else
             link_directive = { :type => iargs[i][:type], :offset => emit.length,
@@ -100,8 +106,8 @@ class Isa
       end
     end
     
-    @target.class_eval &defines
-    (class << @target; self; end).module_eval &defines
+    @target.class_eval(&defines)
+    (class << @target; self; end).module_eval(&defines)
   end  
   
   # The module / class impacted by the builder.

data/lib/tem/definitions/abi.rb

@@ -1,3 +1,12 @@
+# The TEM's ABI (Abstract Binary Interface) definition.
+#
+# This code is the official specification, because Victor likes executable
+# specifications.
+#
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2007 Massachusetts Institute of Technology
+# License:: MIT
+
 require 'openssl'
 require 'digest/sha1'