tem_ruby 0.13.0 → 0.14.0

Sign up to get free protection for your applications and to get access to all the features.
data/CHANGELOG CHANGED
@@ -1,3 +1,5 @@
1
+ v0.14.0. Finalized symmetric encryption (fw 1.14).
2
+
1
3
  v0.13.0. Public bits in TEM buffer stats (fw 1.13).
2
4
 
3
5
  v0.12.0. Direct version checking in the TEM (fw 1.12) and firmware upload files.
data/Manifest CHANGED
@@ -48,7 +48,6 @@ lib/tem/secpack.rb
48
48
  lib/tem/tem.rb
49
49
  lib/tem/toolkit.rb
50
50
  lib/tem_ruby.rb
51
- tem_ruby.gemspec
52
51
  test/_test_cert.rb
53
52
  test/builders/test_abi_builder.rb
54
53
  test/firmware/test_uploader.rb
@@ -56,8 +55,8 @@ test/tem_test_case.rb
56
55
  test/tem_unit/test_tem_alu.rb
57
56
  test/tem_unit/test_tem_bound_secpack.rb
58
57
  test/tem_unit/test_tem_branching.rb
59
- test/tem_unit/test_tem_crypto_asymmetric.rb
60
58
  test/tem_unit/test_tem_crypto_hash.rb
59
+ test/tem_unit/test_tem_crypto_keys.rb
61
60
  test/tem_unit/test_tem_crypto_pstore.rb
62
61
  test/tem_unit/test_tem_crypto_random.rb
63
62
  test/tem_unit/test_tem_emit.rb
@@ -66,5 +65,6 @@ test/tem_unit/test_tem_memory_compare.rb
66
65
  test/tem_unit/test_tem_output.rb
67
66
  test/tem_unit/test_tem_yaml_secpack.rb
68
67
  test/test_auto_conf.rb
68
+ test/test_crypto_engine.rb
69
69
  test/test_driver.rb
70
70
  test/test_exceptions.rb
@@ -8,8 +8,9 @@
8
8
  module Tem::Apdus
9
9
 
10
10
  module Keys
11
- def devchip_generate_key_pair
12
- response = @transport.iso_apdu! :ins => 0x40
11
+ def devchip_generate_key_pair(symmetric_key = false)
12
+ response = @transport.iso_apdu! :ins => 0x40,
13
+ :p1 => (symmetric_key ? 0x80 : 0x00)
13
14
  return { :privkey_id => read_tem_byte(response, 0),
14
15
  :pubkey_id => read_tem_byte(response, 1) }
15
16
  end
@@ -67,12 +67,12 @@ class Crypto < Abi
67
67
  :read => lambda { |k| Tem::Keys::Symmetric.new k },
68
68
  :to => lambda { |k| k.ssl_key },
69
69
  :new => lambda { |klass|
70
- k = cipher_class cipher_name
70
+ k = cipher_class.new cipher_name
71
71
 
72
72
  unless k.respond_to? :key
73
73
  # Some ciphers don't give back the key that they receive.
74
74
  # We need to synthesize that.
75
- class << k
75
+ class <<k
76
76
  def key=(new_key)
77
77
  super
78
78
  @_key = new_key
@@ -82,6 +82,7 @@ class Crypto < Abi
82
82
  end
83
83
  end
84
84
  end
85
+ k
85
86
  }
86
87
  end
87
88
 
@@ -27,7 +27,7 @@ module Tem::Abi
27
27
  [:p, :q, :dmp1, :dmq1, :iqmp], :signed => false, :big_endian => true
28
28
  abi.packed_variable_length_numbers :tem_pubrsa_numbers, :tem_ushort,
29
29
  [:e, :n], :signed => false, :big_endian => true
30
- abi.fixed_length_string :tem_aes_key_string, 16
30
+ abi.fixed_length_string :tem_3des_key_string, 16
31
31
  end
32
32
 
33
33
  Tem::Builders::Crypto.define_crypto self do |crypto|
@@ -52,11 +52,11 @@ module Tem::Abi
52
52
  Tem::Keys::Asymmetric.new key
53
53
  }
54
54
 
55
- crypto.symmetric_key :tem_aes_key, OpenSSL::Cipher::AES, 'ECB',
56
- :tem_aes_key_string
55
+ crypto.symmetric_key :tem_3des_key, OpenSSL::Cipher::DES, 'EDE-CBC',
56
+ :tem_3des_key_string
57
57
 
58
58
  crypto.conditional_wrapper :tem_key, 1,
59
- [{:tag => [0x99], :type => :tem_key,
59
+ [{:tag => [0x99], :type => :tem_3des_key,
60
60
  :class => Tem::Keys::Symmetric },
61
61
  {:tag => [0xAA], :type => :public_tem_rsa,
62
62
  :class => Tem::Keys::Asymmetric,
Binary file
@@ -1,6 +1,13 @@
1
+ # Ruby implementation of the TEM's asymmetric key operations.
2
+ #
3
+ # Author:: Victor Costan
4
+ # Copyright:: Copyright (C) 2007 Massachusetts Institute of Technology
5
+ # License:: MIT
6
+
1
7
  # :nodoc: namespace
2
8
  module Tem::Keys
3
9
 
10
+
4
11
  # Wraps a TEM asymmetric key, e.g. an RSA key.
5
12
  class Asymmetric < Tem::Key
6
13
  def self.new_from_array(array)
@@ -95,22 +102,22 @@ class Asymmetric < Tem::Key
95
102
  i = 0
96
103
  while i < data.length do
97
104
  block_size = (data.length - i < in_size) ? data.length - i : in_size
98
- if data.kind_of? String
99
- block = data[i...(i+block_size)]
100
- else
105
+ if data.respond_to? :pack
101
106
  block = data[i...(i+block_size)].pack('C*')
107
+ else
108
+ block = data[i...(i+block_size)]
102
109
  end
103
110
  o_block = yield block
104
- if data.kind_of? String
105
- output += o_block
106
- else
111
+ if data.respond_to? :pack
107
112
  output += o_block.unpack('C*')
113
+ else
114
+ output += o_block
108
115
  end
109
116
  i += block_size
110
117
  end
111
118
  return output
112
119
  end
113
120
  private :chug_data
114
- end
121
+ end # class Tem::Keys::Asymmetric
115
122
 
116
- end # namespace Tem::Keys
123
+ end # namespace Tem::Keys
data/lib/tem/keys/key.rb CHANGED
@@ -1,3 +1,10 @@
1
+ # Superclass for Ruby implementations of the TEM's key operations.
2
+ #
3
+ # Author:: Victor Costan
4
+ # Copyright:: Copyright (C) 2009 Massachusetts Institute of Technology
5
+ # License:: MIT
6
+
7
+
1
8
  # Base class for the TEM keys.
2
9
  #
3
10
  # This class consists of stubs describing the interface implemented by
@@ -39,10 +46,10 @@ class Tem::Key
39
46
  def self.new_from_ssl_key(ssl_key)
40
47
  if ssl_key.kind_of? OpenSSL::PKey::PKey
41
48
  Tem::Keys::Asymmetric.new ssl_key
42
- elsif ssl_key.kind_of? OpenSSL::Cipher::Cipher
49
+ elsif ssl_key.kind_of? OpenSSL::Cipher or ssl_key.kind_of? String
43
50
  Tem::Keys::Symmetric.new ssl_key
44
51
  else
45
52
  raise "Can't handle keys of class #{ssl_key.class}"
46
53
  end
47
54
  end
48
- end
55
+ end # class Tem::Key
@@ -1,23 +1,55 @@
1
+ # Ruby implementation of the TEM's symmetric key operations.
2
+ #
3
+ # Author:: Victor Costan
4
+ # Copyright:: Copyright (C) 2009 Massachusetts Institute of Technology
5
+ # License:: MIT
6
+
1
7
  # :nodoc: namespace
2
8
  module Tem::Keys
3
9
 
10
+
4
11
  # Wraps a TEM symmetric key, e.g. an AES key.
5
12
  class Symmetric < Tem::Key
6
- @@cipher_mode = 'ECB'
13
+ @@cipher_mode = 'EDE-CBC'
14
+ @@signature_mode = 'CBC'
7
15
 
8
16
  # Generates a new symmetric key.
9
17
  def self.generate
10
- cipher = OpenSSL::Cipher::AES128.new @@cipher_mode
18
+ cipher = OpenSSL::Cipher::DES.new @@cipher_mode
11
19
  key = cipher.random_key
12
20
  self.new key
13
21
  end
14
22
 
15
23
  # Creates a new symmetric key based on an OpenSSL Cipher instance, augmented
16
24
  # with a key accessor.
17
- def initialize(ssl_key)
18
- super ssl_key
19
- @key = ssl_key.key
20
- @cipher_class = ssl_key.class
25
+ #
26
+ # Args:
27
+ # ssl_key:: the OpenSSL key, or a string containing the raw key
28
+ # raw_key:: if the OpenSSL key does not support calls to +key+, the raw key
29
+ def initialize(ssl_key, raw_key = nil)
30
+ if ssl_key.kind_of? OpenSSL::Cipher
31
+ @key = raw_key || ssl_key.key
32
+ @cipher_class = ssl_key.class
33
+ else
34
+ @key = ssl_key
35
+ @cipher_class = OpenSSL::Cipher::DES
36
+ end
37
+
38
+ # Create an OpenSSL wrapper for the key we received.
39
+ cipher = @cipher_class.new @@cipher_mode
40
+ class <<cipher
41
+ def key=(new_key)
42
+ super
43
+ @_key = new_key
44
+ end
45
+ def key
46
+ @_key
47
+ end
48
+ end
49
+ cipher.key = @key
50
+ cipher.iv = "\0" * 16
51
+
52
+ super cipher
21
53
  end
22
54
  public_class_method :new
23
55
 
@@ -26,22 +58,88 @@ class Symmetric < Tem::Key
26
58
  do_encrypt ? cipher.encrypt : cipher.decrypt
27
59
  cipher.key = @key
28
60
  cipher.iv = "\0" * 16
61
+ cipher.padding = 0
62
+
63
+ pdata = data.respond_to?(:pack) ? data.pack('C*') : data
64
+ if do_encrypt
65
+ pdata << "\x80"
66
+ if pdata.length % cipher.block_size != 0
67
+ pdata << "\0" * (cipher.block_size - pdata.length % cipher.block_size)
68
+ end
69
+ end
70
+
71
+ result = cipher.update pdata
72
+ result += cipher.final
29
73
 
74
+ unless do_encrypt
75
+ result_length = result.length
76
+ loop do
77
+ result_length -= 1
78
+ next if result[result_length].ord == 0
79
+ raise "Invalid padding" unless result[result_length].ord == 0x80
80
+ break
81
+ end
82
+ result = result[0, result_length]
83
+ end
84
+ data.respond_to?(:pack) ? result.unpack('C*') : result
30
85
  end
31
86
 
32
87
  def encrypt(data)
33
- cipher.encrypt_or_decrypt data, true
88
+ encrypt_or_decrypt data, true
34
89
  end
35
90
 
36
91
  def decrypt(data)
37
- cipher.encrypt_or_decrypt data, false
92
+ encrypt_or_decrypt data, false
38
93
  end
39
94
 
40
- def sign(data)
95
+ def sign(data)
96
+ cipher = @cipher_class.new @@cipher_mode
97
+ cipher.encrypt
98
+ cipher.key = @key
99
+ cipher.iv = "\0" * 16
100
+ cipher.padding = 0
101
+
102
+ pdata = data.respond_to?(:pack) ? data.pack('C*') : data
103
+ pdata << "\x80"
104
+ if pdata.length % cipher.block_size != 0
105
+ pdata << "\0" * (cipher.block_size - pdata.length % cipher.block_size)
106
+ end
107
+
108
+ result = cipher.update pdata
109
+ result += cipher.final
110
+ result = result[-cipher.block_size, cipher.block_size]
111
+ data.respond_to?(:pack) ? result.unpack('C*') : result
112
+ end
113
+
114
+ def verify(data, signature)
115
+ hmac = sign(data)
116
+ hmac = hmac.pack('C*') if hmac.respond_to?(:pack)
117
+ signature = signature.pack('C*') if signature.respond_to?(:pack)
118
+ hmac == signature
41
119
  end
42
120
 
43
- def verify(data)
121
+ def self.new_from_array(array)
122
+ cipher_class = array[0].split('::').inject(Kernel) do |scope, name|
123
+ scope.const_get name
124
+ end
125
+
126
+ # Cipher instance used solely to point to the right class.
127
+ cipher = cipher_class.new @@cipher_mode
128
+ self.new cipher, array[1]
129
+ end
130
+
131
+ def self.new_from_yaml_str(yaml_str)
132
+ array = YAML.load yaml_str
133
+ new_from_array array
134
+ end
135
+
136
+ def to_array
137
+ [@cipher_class.name, @key]
138
+ end
139
+
140
+ def to_yaml_str
141
+ self.to_array.to_yaml.to_s
44
142
  end
45
- end
143
+ end # class Tem::Keys::Symmetric
46
144
 
47
145
  end # namespace Tem::Keys
data/lib/tem/secpack.rb CHANGED
@@ -109,6 +109,7 @@ class Tem::SecPack
109
109
  @labels.to_a.reverse_each do |info|
110
110
  return info.reverse if addr >= info[1]
111
111
  end
112
+ return [0, :__start]
112
113
  end
113
114
 
114
115
  # Methods for interacting with the plaintext content of a SECpack.
data/lib/tem/toolkit.rb CHANGED
@@ -4,7 +4,7 @@ module Tem::Toolkit
4
4
  s.ldbc authz.nil? ? 24 : 4
5
5
  s.outnew
6
6
  if authz.nil?
7
- # no authorization given, must generate one
7
+ # No authorization given, must generate one.
8
8
  s.ldbc 20
9
9
  s.ldwc :key_auth
10
10
  s.dupn :n => 2
@@ -12,10 +12,12 @@ module Tem::Toolkit
12
12
  s.outvb
13
13
  end
14
14
  s.genkp :type => (type == :asymmetric) ? 0x00 : 0x80
15
- s.authk :auth => :key_auth
16
- s.outw
17
- s.authk :auth => :key_auth
15
+ s.authk :auth => :key_auth
18
16
  s.outw
17
+ if type == :asymmetric
18
+ s.authk :auth => :key_auth
19
+ s.outw
20
+ end
19
21
  s.halt
20
22
  s.label :key_auth
21
23
  if authz.nil?
@@ -28,14 +30,14 @@ module Tem::Toolkit
28
30
 
29
31
  kp_buffer = execute gen_sec
30
32
  keys_offset = authz.nil? ? 20 : 0
31
- k1id = read_tem_ushort kp_buffer, keys_offset
32
- k2id = read_tem_ushort kp_buffer, keys_offset + 2
33
+ k1id = read_tem_ushort kp_buffer, keys_offset
34
+ k2id = read_tem_ushort kp_buffer, keys_offset + 2 if type == :asymmetric
33
35
  if type == :asymmetric
34
36
  return_val = { :pubk_id => k1id, :privk_id => k2id }
35
37
  else
36
38
  return_val = { :key_id => k1id }
37
39
  end
38
- return { :authz => authz.nil? ? kp_buffer[0...20] : authz }.merge!(return_val)
40
+ return { :authz => authz || kp_buffer[0...20] }.merge!(return_val)
39
41
  end
40
42
 
41
43
  def tk_read_key(key_id, authz)
data/tem_ruby.gemspec CHANGED
@@ -2,23 +2,23 @@
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = %q{tem_ruby}
5
- s.version = "0.13.0"
5
+ s.version = "0.14.0"
6
6
 
7
7
  s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
8
8
  s.authors = ["Victor Costan"]
9
- s.date = %q{2009-11-11}
9
+ s.date = %q{2009-11-12}
10
10
  s.description = %q{TEM (Trusted Execution Module) driver, written in and for ruby.}
11
11
  s.email = %q{victor@costan.us}
12
12
  s.executables = ["tem_bench", "tem_ca", "tem_irb", "tem_proxy", "tem_stat", "tem_upload_fw"]
13
13
  s.extra_rdoc_files = ["CHANGELOG", "LICENSE", "README", "bin/tem_bench", "bin/tem_ca", "bin/tem_irb", "bin/tem_proxy", "bin/tem_stat", "bin/tem_upload_fw", "lib/tem/_cert.rb", "lib/tem/apdus/buffers.rb", "lib/tem/apdus/keys.rb", "lib/tem/apdus/lifecycle.rb", "lib/tem/apdus/tag.rb", "lib/tem/auto_conf.rb", "lib/tem/benchmarks/benchmarks.rb", "lib/tem/benchmarks/blank_bound_secpack.rb", "lib/tem/benchmarks/blank_sec.rb", "lib/tem/benchmarks/devchip_decrypt.rb", "lib/tem/benchmarks/post_buffer.rb", "lib/tem/benchmarks/simple_apdu.rb", "lib/tem/benchmarks/vm_perf.rb", "lib/tem/benchmarks/vm_perf_bound.rb", "lib/tem/builders/abi.rb", "lib/tem/builders/assembler.rb", "lib/tem/builders/crypto.rb", "lib/tem/builders/isa.rb", "lib/tem/ca.rb", "lib/tem/definitions/abi.rb", "lib/tem/definitions/assembler.rb", "lib/tem/definitions/isa.rb", "lib/tem/ecert.rb", "lib/tem/firmware/tc.cap", "lib/tem/firmware/uploader.rb", "lib/tem/hive.rb", "lib/tem/keys/asymmetric.rb", "lib/tem/keys/key.rb", "lib/tem/keys/symmetric.rb", "lib/tem/sec_exec_error.rb", "lib/tem/seclosures.rb", "lib/tem/secpack.rb", "lib/tem/tem.rb", "lib/tem/toolkit.rb", "lib/tem_ruby.rb"]
14
- s.files = ["CHANGELOG", "LICENSE", "Manifest", "README", "Rakefile", "bin/tem_bench", "bin/tem_ca", "bin/tem_irb", "bin/tem_proxy", "bin/tem_stat", "bin/tem_upload_fw", "dev_ca/ca_cert.cer", "dev_ca/ca_cert.pem", "dev_ca/ca_key.pem", "dev_ca/config.yml", "lib/tem/_cert.rb", "lib/tem/apdus/buffers.rb", "lib/tem/apdus/keys.rb", "lib/tem/apdus/lifecycle.rb", "lib/tem/apdus/tag.rb", "lib/tem/auto_conf.rb", "lib/tem/benchmarks/benchmarks.rb", "lib/tem/benchmarks/blank_bound_secpack.rb", "lib/tem/benchmarks/blank_sec.rb", "lib/tem/benchmarks/devchip_decrypt.rb", "lib/tem/benchmarks/post_buffer.rb", "lib/tem/benchmarks/simple_apdu.rb", "lib/tem/benchmarks/vm_perf.rb", "lib/tem/benchmarks/vm_perf_bound.rb", "lib/tem/builders/abi.rb", "lib/tem/builders/assembler.rb", "lib/tem/builders/crypto.rb", "lib/tem/builders/isa.rb", "lib/tem/ca.rb", "lib/tem/definitions/abi.rb", "lib/tem/definitions/assembler.rb", "lib/tem/definitions/isa.rb", "lib/tem/ecert.rb", "lib/tem/firmware/tc.cap", "lib/tem/firmware/uploader.rb", "lib/tem/hive.rb", "lib/tem/keys/asymmetric.rb", "lib/tem/keys/key.rb", "lib/tem/keys/symmetric.rb", "lib/tem/sec_exec_error.rb", "lib/tem/seclosures.rb", "lib/tem/secpack.rb", "lib/tem/tem.rb", "lib/tem/toolkit.rb", "lib/tem_ruby.rb", "tem_ruby.gemspec", "test/_test_cert.rb", "test/builders/test_abi_builder.rb", "test/firmware/test_uploader.rb", "test/tem_test_case.rb", "test/tem_unit/test_tem_alu.rb", "test/tem_unit/test_tem_bound_secpack.rb", "test/tem_unit/test_tem_branching.rb", "test/tem_unit/test_tem_crypto_asymmetric.rb", "test/tem_unit/test_tem_crypto_hash.rb", "test/tem_unit/test_tem_crypto_pstore.rb", "test/tem_unit/test_tem_crypto_random.rb", "test/tem_unit/test_tem_emit.rb", "test/tem_unit/test_tem_memory.rb", "test/tem_unit/test_tem_memory_compare.rb", "test/tem_unit/test_tem_output.rb", "test/tem_unit/test_tem_yaml_secpack.rb", "test/test_auto_conf.rb", "test/test_driver.rb", "test/test_exceptions.rb"]
14
+ s.files = ["CHANGELOG", "LICENSE", "Manifest", "README", "Rakefile", "bin/tem_bench", "bin/tem_ca", "bin/tem_irb", "bin/tem_proxy", "bin/tem_stat", "bin/tem_upload_fw", "dev_ca/ca_cert.cer", "dev_ca/ca_cert.pem", "dev_ca/ca_key.pem", "dev_ca/config.yml", "lib/tem/_cert.rb", "lib/tem/apdus/buffers.rb", "lib/tem/apdus/keys.rb", "lib/tem/apdus/lifecycle.rb", "lib/tem/apdus/tag.rb", "lib/tem/auto_conf.rb", "lib/tem/benchmarks/benchmarks.rb", "lib/tem/benchmarks/blank_bound_secpack.rb", "lib/tem/benchmarks/blank_sec.rb", "lib/tem/benchmarks/devchip_decrypt.rb", "lib/tem/benchmarks/post_buffer.rb", "lib/tem/benchmarks/simple_apdu.rb", "lib/tem/benchmarks/vm_perf.rb", "lib/tem/benchmarks/vm_perf_bound.rb", "lib/tem/builders/abi.rb", "lib/tem/builders/assembler.rb", "lib/tem/builders/crypto.rb", "lib/tem/builders/isa.rb", "lib/tem/ca.rb", "lib/tem/definitions/abi.rb", "lib/tem/definitions/assembler.rb", "lib/tem/definitions/isa.rb", "lib/tem/ecert.rb", "lib/tem/firmware/tc.cap", "lib/tem/firmware/uploader.rb", "lib/tem/hive.rb", "lib/tem/keys/asymmetric.rb", "lib/tem/keys/key.rb", "lib/tem/keys/symmetric.rb", "lib/tem/sec_exec_error.rb", "lib/tem/seclosures.rb", "lib/tem/secpack.rb", "lib/tem/tem.rb", "lib/tem/toolkit.rb", "lib/tem_ruby.rb", "test/_test_cert.rb", "test/builders/test_abi_builder.rb", "test/firmware/test_uploader.rb", "test/tem_test_case.rb", "test/tem_unit/test_tem_alu.rb", "test/tem_unit/test_tem_bound_secpack.rb", "test/tem_unit/test_tem_branching.rb", "test/tem_unit/test_tem_crypto_hash.rb", "test/tem_unit/test_tem_crypto_keys.rb", "test/tem_unit/test_tem_crypto_pstore.rb", "test/tem_unit/test_tem_crypto_random.rb", "test/tem_unit/test_tem_emit.rb", "test/tem_unit/test_tem_memory.rb", "test/tem_unit/test_tem_memory_compare.rb", "test/tem_unit/test_tem_output.rb", "test/tem_unit/test_tem_yaml_secpack.rb", "test/test_auto_conf.rb", "test/test_crypto_engine.rb", "test/test_driver.rb", "test/test_exceptions.rb", "tem_ruby.gemspec"]
15
15
  s.homepage = %q{http://tem.rubyforge.org}
16
16
  s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Tem_ruby", "--main", "README"]
17
17
  s.require_paths = ["lib"]
18
18
  s.rubyforge_project = %q{tem}
19
19
  s.rubygems_version = %q{1.3.5}
20
20
  s.summary = %q{TEM (Trusted Execution Module) driver, written in and for ruby.}
21
- s.test_files = ["test/test_driver.rb", "test/firmware/test_uploader.rb", "test/test_auto_conf.rb", "test/builders/test_abi_builder.rb", "test/tem_unit/test_tem_emit.rb", "test/tem_unit/test_tem_crypto_asymmetric.rb", "test/tem_unit/test_tem_yaml_secpack.rb", "test/tem_unit/test_tem_alu.rb", "test/tem_unit/test_tem_crypto_hash.rb", "test/tem_unit/test_tem_bound_secpack.rb", "test/tem_unit/test_tem_memory_compare.rb", "test/tem_unit/test_tem_output.rb", "test/tem_unit/test_tem_crypto_random.rb", "test/tem_unit/test_tem_memory.rb", "test/tem_unit/test_tem_branching.rb", "test/tem_unit/test_tem_crypto_pstore.rb", "test/test_exceptions.rb"]
21
+ s.test_files = ["test/builders/test_abi_builder.rb", "test/firmware/test_uploader.rb", "test/tem_unit/test_tem_alu.rb", "test/tem_unit/test_tem_bound_secpack.rb", "test/tem_unit/test_tem_branching.rb", "test/tem_unit/test_tem_crypto_hash.rb", "test/tem_unit/test_tem_crypto_keys.rb", "test/tem_unit/test_tem_crypto_pstore.rb", "test/tem_unit/test_tem_crypto_random.rb", "test/tem_unit/test_tem_emit.rb", "test/tem_unit/test_tem_memory.rb", "test/tem_unit/test_tem_memory_compare.rb", "test/tem_unit/test_tem_output.rb", "test/tem_unit/test_tem_yaml_secpack.rb", "test/test_auto_conf.rb", "test/test_crypto_engine.rb", "test/test_driver.rb", "test/test_exceptions.rb"]
22
22
 
23
23
  if s.respond_to? :specification_version then
24
24
  current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
@@ -18,7 +18,7 @@ class UploaderTest < Test::Unit::TestCase
18
18
  end
19
19
 
20
20
  def test_fw_version
21
- assert_equal({:major => 1, :minor => 12}, Uploader.fw_version)
21
+ assert_equal({:major => 1, :minor => 14}, Uploader.fw_version)
22
22
  end
23
23
 
24
24
  def test_upload
@@ -0,0 +1,189 @@
1
+ require 'test/tem_test_case.rb'
2
+
3
+ class TemCryptoKeysTest < TemTestCase
4
+ def i_crypt(data, key_id, authz, mode = :encrypt, direct_io = true,
5
+ symmetric = false)
6
+ if symmetric
7
+ max_output = case mode
8
+ when :encrypt
9
+ ((data.length + 8) / 8) * 8
10
+ when :decrypt
11
+ data.length
12
+ when :sign
13
+ 8
14
+ end
15
+ else
16
+ max_output = case mode
17
+ when :encrypt
18
+ ((data.length + 239) / 240) * 256
19
+ when :decrypt
20
+ data.length
21
+ when :sign
22
+ 256
23
+ end
24
+ end
25
+
26
+ crypt_opcode =
27
+ {:encrypt => :kefxb, :decrypt => :kdfxb, :sign => :ksfxb}[mode]
28
+ ex_sec = @tem.assemble { |s|
29
+ s.ldwc :const => max_output
30
+ s.outnew
31
+ s.ldbc :const => key_id
32
+ s.authk :auth => :key_auth
33
+ s.send crypt_opcode, :from => :data, :size => data.length,
34
+ :to => (direct_io ? 0xFFFF : :outdata)
35
+ s.outvlb :from => :outdata unless direct_io
36
+ s.halt
37
+
38
+ s.label :key_auth
39
+ s.data :tem_ubyte, authz
40
+ s.label :data
41
+ s.data :tem_ubyte, data
42
+ unless direct_io
43
+ s.label :outdata
44
+ s.zeros :tem_ubyte, max_output
45
+ end
46
+ s.stack 5
47
+ }
48
+ return @tem.execute(ex_sec)
49
+ end
50
+
51
+ def i_verify(data, signature, key_id, authz)
52
+ sign_sec = @tem.assemble { |s|
53
+ s.ldbc :const => 1
54
+ s.outnew
55
+ s.ldbc :const => key_id
56
+ s.authk :auth => :key_auth
57
+ s.kvsfxb :from => :data, :size => data.length, :signature => :signature
58
+ s.outb
59
+ s.halt
60
+
61
+ s.label :key_auth
62
+ s.data :tem_ubyte, authz
63
+ s.label :data
64
+ s.data :tem_ubyte, data
65
+ s.label :signature
66
+ s.data :tem_ubyte, signature
67
+ s.stack 5
68
+ }
69
+ return @tem.execute(sign_sec)[0] == 1
70
+ end
71
+
72
+ def i_test_crypto_pks_ops(pubk_id, privk_id, pubk, privk, authz)
73
+ garbage = (0...569).map { |i| (i * i * 217 + i * 661 + 393) % 256 }
74
+
75
+ # SEC/priv-sign + CPU/pub-verify, direct IO.
76
+ signed_garbage = i_crypt garbage, privk_id, authz, :sign, true
77
+ assert privk.verify(garbage, signed_garbage),
78
+ 'SEC priv-signing + CPU pub-verify failed on good data'
79
+
80
+ # SEC/priv-sign + CPU/pub-verify, indirect IO.
81
+ signed_garbage = i_crypt garbage, privk_id, authz, :sign, false
82
+ assert privk.verify(garbage, signed_garbage),
83
+ 'SEC priv-signing + CPU pub-verify failed on good data'
84
+
85
+ # CPU/priv-sign + SEC/pub-verify.
86
+ signed_garbage = privk.sign garbage
87
+ assert i_verify(garbage, signed_garbage, pubk_id, authz),
88
+ 'CPU priv-signing + SEC pub-verify failed on good data'
89
+
90
+ # CPU/priv-encrypt + SEC/pub-decrypt, indirect IO.
91
+ encrypted_garbage = privk.encrypt garbage
92
+ decrypted_garbage = i_crypt encrypted_garbage, pubk_id, authz, :decrypt,
93
+ false
94
+ assert_equal garbage, decrypted_garbage,
95
+ 'CPU priv-encryption + SEC pub-decryption/i messed up the data'
96
+
97
+ # SEC/pub-encrypt + CPU/priv-decrypt, indirect IO.
98
+ encrypted_garbage = i_crypt garbage, pubk_id, authz, :encrypt, false
99
+ decrypted_garbage = privk.decrypt encrypted_garbage
100
+ assert_equal garbage, decrypted_garbage,
101
+ 'SEC pub-encryption/i + CPU priv-decryption messed up the data'
102
+
103
+ # CPU/pub-encrypt + SEC/priv-decrypt, direct-IO.
104
+ encrypted_garbage = pubk.encrypt garbage
105
+ decrypted_garbage = i_crypt encrypted_garbage, privk_id, authz, :decrypt,
106
+ true
107
+ assert_equal garbage, decrypted_garbage,
108
+ 'CPU pub-encryption + SEC priv-decryption messed up the data'
109
+
110
+ # SEC/priv-encrypt + CPU/pub-decrypt, direct-IO.
111
+ encrypted_garbage = i_crypt garbage, privk_id, authz, :encrypt, true
112
+ decrypted_garbage = pubk.decrypt encrypted_garbage
113
+ assert_equal garbage, decrypted_garbage,
114
+ 'SEC priv-encryption + CPU pub-decryption messed up the data'
115
+ end
116
+
117
+ def test_crypto_asymmetric
118
+ # Crypto run with an internally generated key.
119
+ keyd = @tem.tk_gen_key :asymmetric
120
+ pubk = @tem.tk_read_key keyd[:pubk_id], keyd[:authz]
121
+ privk = @tem.tk_read_key keyd[:privk_id], keyd[:authz]
122
+ i_test_crypto_pks_ops keyd[:pubk_id], keyd[:privk_id], pubk, privk,
123
+ keyd[:authz]
124
+
125
+ # Crypto run with an externally generated key.
126
+ ekey = OpenSSL::PKey::RSA.generate(2048, 65537)
127
+ pubk = Tem::Key.new_from_ssl_key ekey.public_key
128
+ privk = Tem::Key.new_from_ssl_key ekey
129
+ pubk_id = @tem.tk_post_key pubk, keyd[:authz]
130
+ privk_id = @tem.tk_post_key privk, keyd[:authz]
131
+ i_test_crypto_pks_ops pubk_id, privk_id, pubk, privk, keyd[:authz]
132
+ end
133
+
134
+ def i_test_crypto_sks_ops(skey_id, skey, authz)
135
+ garbage = (0...569).map { |i| (i * i * 217 + i * 661 + 393) % 256 }
136
+
137
+ # SEC/sign + CPU/verify, direct IO.
138
+ signed_garbage = i_crypt garbage, skey_id, authz, :sign, true, true
139
+ assert skey.verify(garbage, signed_garbage),
140
+ 'SEC signing + CPU verify failed on good data'
141
+
142
+ # SEC/sign + CPU/verify, indirect IO.
143
+ signed_garbage = i_crypt garbage, skey_id, authz, :sign, false, true
144
+ assert skey.verify(garbage, signed_garbage),
145
+ 'SEC signing + CPU verify failed on good data'
146
+
147
+ # CPU/sign + SEC/verify.
148
+ signed_garbage = skey.sign garbage
149
+ assert i_verify(garbage, signed_garbage, skey_id, authz),
150
+ 'CPU signing + SEC verify failed on good data'
151
+
152
+ # CPU/encrypt + SEC/decrypt, indirect IO.
153
+ encrypted_garbage = skey.encrypt garbage
154
+ decrypted_garbage = i_crypt encrypted_garbage, skey_id, authz, :decrypt,
155
+ false, true
156
+ assert_equal garbage, decrypted_garbage,
157
+ 'CPU encryption + SEC decryption/i messed up the data'
158
+
159
+ # SEC/encrypt + CPU/decrypt, indirect IO.
160
+ encrypted_garbage = i_crypt garbage, skey_id, authz, :encrypt, false, true
161
+ decrypted_garbage = skey.decrypt encrypted_garbage
162
+ assert_equal garbage, decrypted_garbage,
163
+ 'SEC encryption/i + CPU decryption messed up the data'
164
+
165
+ # CPU/encrypt + SEC/decrypt, direct IO.
166
+ encrypted_garbage = skey.encrypt garbage
167
+ decrypted_garbage = i_crypt encrypted_garbage, skey_id, authz, :decrypt,
168
+ true, true
169
+ assert_equal garbage, decrypted_garbage,
170
+ 'CPU encryption + SEC decryption messed up the data'
171
+
172
+ # SEC/encrypt + CPU/decrypt, direct IO.
173
+ encrypted_garbage = i_crypt garbage, skey_id, authz, :encrypt, true, true
174
+ decrypted_garbage = skey.decrypt encrypted_garbage
175
+ assert_equal garbage, decrypted_garbage,
176
+ 'SEC encryption + CPU decryption messed up the data'
177
+ end
178
+
179
+ def test_crypto_symmetric
180
+ keyd = @tem.tk_gen_key :symmetric
181
+ skey = @tem.tk_read_key keyd[:key_id], keyd[:authz]
182
+ i_test_crypto_sks_ops keyd[:key_id], skey, keyd[:authz]
183
+
184
+ ekey = OpenSSL::Cipher::Cipher.new('DES-EDE-CBC').random_key
185
+ skey = Tem::Key.new_from_ssl_key ekey
186
+ skey_id = @tem.tk_post_key skey, keyd[:authz]
187
+ i_test_crypto_sks_ops skey_id, skey, keyd[:authz]
188
+ end
189
+ end
@@ -0,0 +1,116 @@
1
+ require 'test/tem_test_case.rb'
2
+
3
+
4
+ class CryptoEngineTest < TemTestCase
5
+ def test_crypto_pks
6
+ garbage = (0...415).map { |i| (i * i * 217 + i * 661 + 393) % 256 }
7
+ key_pair = @tem.devchip_generate_key_pair
8
+ pubkey = @tem.devchip_save_key key_pair[:pubkey_id]
9
+
10
+ encrypted_garbage = @tem.devchip_encrypt garbage, key_pair[:privkey_id]
11
+ decrypted_garbage = pubkey.decrypt encrypted_garbage
12
+ assert_equal garbage, decrypted_garbage,
13
+ 'Onchip-encryption + offchip-decryption messed up the data.'
14
+
15
+ encrypted_garbage = pubkey.encrypt garbage
16
+ decrypted_garbage = @tem.devchip_decrypt encrypted_garbage,
17
+ key_pair[:privkey_id]
18
+ assert_equal garbage, decrypted_garbage,
19
+ 'Offchip-encryption + onchip-decryption messed up the data.'
20
+
21
+ key_stat = @tem.stat_keys
22
+ assert key_stat[:keys], 'Key stat does not contain key information.'
23
+ assert_equal :public, key_stat[:keys][key_pair[:pubkey_id]][:type],
24
+ 'Key stat reports wrong type for public key.'
25
+ assert_equal :private, key_stat[:keys][key_pair[:privkey_id]][:type],
26
+ 'Key stat reports wrong type for private key.'
27
+ assert_in_delta 2, 2048, key_stat[:keys][key_pair[:pubkey_id]][:bits],
28
+ 'Key stat reports wrong size for public key.'
29
+ assert_in_delta 2, 2048, key_stat[:keys][key_pair[:privkey_id]][:bits],
30
+ 'Key stat reports wrong size for private key.'
31
+
32
+ [:pubkey_id, :privkey_id].each do |key|
33
+ @tem.devchip_release_key key_pair[key]
34
+ end
35
+ end
36
+
37
+ def test_crypto_symmetric
38
+ garbage = (0...415).map { |i| (i * i * 217 + i * 661 + 393) % 256 }
39
+ key_pair = @tem.devchip_generate_key_pair true
40
+ assert_equal(-1, key_pair[:pubkey_id],
41
+ 'Key generation should yield INVALID_KEY for the public key')
42
+ key = @tem.devchip_save_key key_pair[:privkey_id]
43
+
44
+ encrypted_garbage = @tem.devchip_encrypt garbage, key_pair[:privkey_id]
45
+ decrypted_garbage = key.decrypt encrypted_garbage
46
+ assert_equal garbage, decrypted_garbage,
47
+ 'Onchip-encryption + offchip-decryption messed up the data'
48
+
49
+ encrypted_garbage = key.encrypt garbage
50
+ decrypted_garbage = @tem.devchip_decrypt encrypted_garbage,
51
+ key_pair[:privkey_id]
52
+ assert_equal garbage, decrypted_garbage,
53
+ 'Offchip-encryption + onchip-decryption messed up the data.'
54
+
55
+ key_stat = @tem.stat_keys
56
+ assert key_stat[:keys], 'Key stat does not contain key information.'
57
+ assert_equal :symmetric, key_stat[:keys][key_pair[:privkey_id]][:type],
58
+ 'Key stat reports wrong type for symmetric key.'
59
+ assert_equal 128, key_stat[:keys][key_pair[:privkey_id]][:bits],
60
+ 'Key stat reports wrong size for symmetric key.'
61
+
62
+ @tem.devchip_release_key key_pair[:privkey_id]
63
+ end
64
+
65
+ def test_crypto_abi
66
+ ekey = OpenSSL::PKey::RSA.generate(2048, 65537)
67
+ pubk = Tem::Key.new_from_ssl_key ekey.public_key
68
+ privk = Tem::Key.new_from_ssl_key ekey
69
+
70
+ skey = OpenSSL::Cipher::Cipher.new('DES-EDE-CBC').random_key
71
+ symk = Tem::Key.new_from_ssl_key skey
72
+
73
+ # Array and string encryption/decryption.
74
+ garbage = (1...569).map { |i| (i * i * 217 + i * 661 + 393) % 256 }
75
+ [garbage, garbage.pack('C*')].each do |g|
76
+ encrypted_garbage = pubk.encrypt g
77
+ decrypted_garbage = privk.decrypt encrypted_garbage
78
+ assert_equal g, decrypted_garbage,
79
+ 'Pub-encryption + priv-decryption messed up the data'
80
+ encrypted_garbage = privk.encrypt g
81
+ decrypted_garbage = pubk.decrypt encrypted_garbage
82
+ assert_equal g, decrypted_garbage,
83
+ 'Priv-encryption + pub-decryption messed up the data'
84
+
85
+ encrypted_garbage = symk.encrypt g[0, 560]
86
+ decrypted_garbage = symk.decrypt encrypted_garbage
87
+ assert_equal g[0, 560], decrypted_garbage,
88
+ 'Symmetric encryption + decryption messed up the data'
89
+ end
90
+
91
+ # Test key serialization/deserialization through encryption/decryption.
92
+ pubk_ys = pubk.to_yaml_str
93
+ pubk2 = Tem::Keys::Asymmetric.new_from_yaml_str pubk_ys
94
+ privk_ys = privk.to_yaml_str
95
+ privk2 = Tem::Keys::Asymmetric.new_from_yaml_str privk_ys
96
+ encrypted_garbage = pubk.encrypt garbage
97
+ decrypted_garbage = privk2.decrypt encrypted_garbage
98
+ assert_equal garbage, decrypted_garbage,
99
+ 'YAML pub-encryption + priv-decryption messed up the data.'
100
+ encrypted_garbage = privk.encrypt garbage
101
+ decrypted_garbage = pubk2.decrypt encrypted_garbage
102
+ assert_equal garbage, decrypted_garbage,
103
+ 'YAML priv-encryption + pub-decryption messed up the data.'
104
+
105
+ symk_ys = symk.to_yaml_str
106
+ symk2 = Tem::Keys::Symmetric.new_from_yaml_str symk_ys
107
+ encrypted_garbage = symk.encrypt garbage[0, 560]
108
+ decrypted_garbage = symk2.decrypt encrypted_garbage
109
+ assert_equal garbage[0, 560], decrypted_garbage,
110
+ 'Symmetric encryption + YAML decryption messed up the data'
111
+ encrypted_garbage = symk2.encrypt garbage[0, 560]
112
+ decrypted_garbage = symk.decrypt encrypted_garbage
113
+ assert_equal garbage[0, 560], decrypted_garbage,
114
+ 'YAML symmetric encryption + decryption messed up the data'
115
+ end
116
+ end
data/test/test_driver.rb CHANGED
@@ -61,56 +61,4 @@ class DriverTest < TemTestCase
61
61
  @tem.set_tag garbage
62
62
  assert_equal garbage, @tem.get_tag, 'error in posted tag data'
63
63
  end
64
-
65
- def test_crypto
66
- garbage = (1...415).map { |i| (i * i * 217 + i * 661 + 393) % 256 }
67
- key_pair = @tem.devchip_generate_key_pair
68
- pubkey = @tem.devchip_save_key key_pair[:pubkey_id]
69
-
70
- encrypted_garbage = @tem.devchip_encrypt garbage, key_pair[:privkey_id]
71
- decrypted_garbage = pubkey.decrypt encrypted_garbage
72
- assert_equal garbage, decrypted_garbage, 'priv-encryption+pub-decryption messed up the data'
73
-
74
- encrypted_garbage = pubkey.encrypt garbage
75
- decrypted_garbage = @tem.devchip_decrypt encrypted_garbage, key_pair[:privkey_id]
76
- assert_equal garbage, decrypted_garbage, 'pub-encryption+priv-decryption messed up the data'
77
-
78
- key_stat = @tem.stat_keys
79
- assert key_stat[:keys], 'key stat does not contain key information'
80
- assert_equal :public, key_stat[:keys][key_pair[:pubkey_id]][:type], 'key stat reports wrong type for public key'
81
- assert_equal :private, key_stat[:keys][key_pair[:privkey_id]][:type], 'key stat reports wrong type for private key'
82
- assert_in_delta 2, 2048, key_stat[:keys][key_pair[:pubkey_id]][:bits], 'key stat reports wrong size for public key'
83
- assert_in_delta 2, 2048, key_stat[:keys][key_pair[:privkey_id]][:bits], 'key stat reports wrong size for private key'
84
-
85
- [:pubkey_id, :privkey_id].each { |ki| @tem.devchip_release_key key_pair[ki] }
86
- end
87
-
88
- def test_crypto_abi
89
- ekey = OpenSSL::PKey::RSA.generate(2048, 65537)
90
- pubk = Tem::Key.new_from_ssl_key ekey.public_key
91
- privk = Tem::Key.new_from_ssl_key ekey
92
-
93
- # array and string encryption/decryption
94
- garbage = (1...569).map { |i| (i * i * 217 + i * 661 + 393) % 256 }
95
- [garbage, garbage.pack('C*')].each do |g|
96
- encrypted_garbage = pubk.encrypt g
97
- decrypted_garbage = privk.decrypt encrypted_garbage
98
- assert_equal g, decrypted_garbage, 'pub-encryption+priv-decryption messed up the data'
99
- encrypted_garbage = privk.encrypt g
100
- decrypted_garbage = pubk.decrypt encrypted_garbage
101
- assert_equal g, decrypted_garbage, 'priv-encryption+pub-decryption messed up the data'
102
- end
103
-
104
- # test key serialization/deserialization through encryption/decryption
105
- pubk_ys = pubk.to_yaml_str
106
- pubk2 = Tem::Keys::Asymmetric.new_from_yaml_str(pubk_ys)
107
- privk_ys = privk.to_yaml_str
108
- privk2 = Tem::Keys::Asymmetric.new_from_yaml_str(privk_ys)
109
- encrypted_garbage = pubk.encrypt garbage
110
- decrypted_garbage = privk2.decrypt encrypted_garbage
111
- assert_equal garbage, decrypted_garbage, 'pub-encryption+priv-decryption messed up the data'
112
- encrypted_garbage = privk.encrypt garbage
113
- decrypted_garbage = pubk2.decrypt encrypted_garbage
114
- assert_equal garbage, decrypted_garbage, 'priv-encryption+pub-decryption messed up the data'
115
- end
116
64
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: tem_ruby
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.13.0
4
+ version: 0.14.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Victor Costan
@@ -9,7 +9,7 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2009-11-11 00:00:00 -05:00
12
+ date: 2009-11-12 00:00:00 -05:00
13
13
  default_executable:
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
@@ -149,7 +149,6 @@ files:
149
149
  - lib/tem/tem.rb
150
150
  - lib/tem/toolkit.rb
151
151
  - lib/tem_ruby.rb
152
- - tem_ruby.gemspec
153
152
  - test/_test_cert.rb
154
153
  - test/builders/test_abi_builder.rb
155
154
  - test/firmware/test_uploader.rb
@@ -157,8 +156,8 @@ files:
157
156
  - test/tem_unit/test_tem_alu.rb
158
157
  - test/tem_unit/test_tem_bound_secpack.rb
159
158
  - test/tem_unit/test_tem_branching.rb
160
- - test/tem_unit/test_tem_crypto_asymmetric.rb
161
159
  - test/tem_unit/test_tem_crypto_hash.rb
160
+ - test/tem_unit/test_tem_crypto_keys.rb
162
161
  - test/tem_unit/test_tem_crypto_pstore.rb
163
162
  - test/tem_unit/test_tem_crypto_random.rb
164
163
  - test/tem_unit/test_tem_emit.rb
@@ -167,8 +166,10 @@ files:
167
166
  - test/tem_unit/test_tem_output.rb
168
167
  - test/tem_unit/test_tem_yaml_secpack.rb
169
168
  - test/test_auto_conf.rb
169
+ - test/test_crypto_engine.rb
170
170
  - test/test_driver.rb
171
171
  - test/test_exceptions.rb
172
+ - tem_ruby.gemspec
172
173
  has_rdoc: true
173
174
  homepage: http://tem.rubyforge.org
174
175
  licenses: []
@@ -203,20 +204,21 @@ signing_key:
203
204
  specification_version: 3
204
205
  summary: TEM (Trusted Execution Module) driver, written in and for ruby.
205
206
  test_files:
206
- - test/test_driver.rb
207
- - test/firmware/test_uploader.rb
208
- - test/test_auto_conf.rb
209
207
  - test/builders/test_abi_builder.rb
210
- - test/tem_unit/test_tem_emit.rb
211
- - test/tem_unit/test_tem_crypto_asymmetric.rb
212
- - test/tem_unit/test_tem_yaml_secpack.rb
208
+ - test/firmware/test_uploader.rb
213
209
  - test/tem_unit/test_tem_alu.rb
214
- - test/tem_unit/test_tem_crypto_hash.rb
215
210
  - test/tem_unit/test_tem_bound_secpack.rb
216
- - test/tem_unit/test_tem_memory_compare.rb
217
- - test/tem_unit/test_tem_output.rb
218
- - test/tem_unit/test_tem_crypto_random.rb
219
- - test/tem_unit/test_tem_memory.rb
220
211
  - test/tem_unit/test_tem_branching.rb
212
+ - test/tem_unit/test_tem_crypto_hash.rb
213
+ - test/tem_unit/test_tem_crypto_keys.rb
221
214
  - test/tem_unit/test_tem_crypto_pstore.rb
215
+ - test/tem_unit/test_tem_crypto_random.rb
216
+ - test/tem_unit/test_tem_emit.rb
217
+ - test/tem_unit/test_tem_memory.rb
218
+ - test/tem_unit/test_tem_memory_compare.rb
219
+ - test/tem_unit/test_tem_output.rb
220
+ - test/tem_unit/test_tem_yaml_secpack.rb
221
+ - test/test_auto_conf.rb
222
+ - test/test_crypto_engine.rb
223
+ - test/test_driver.rb
222
224
  - test/test_exceptions.rb
@@ -1,123 +0,0 @@
1
- require 'test/tem_test_case.rb'
2
-
3
- class TemCryptoAsymmetricTest < TemTestCase
4
- def i_crypt(data, key_id, authz, mode = :encrypt, direct_io = true, max_output = nil)
5
- if max_output.nil?
6
- max_output = case mode
7
- when :encrypt
8
- ((data.length + 239) / 240) * 256
9
- when :decrypt
10
- data.length
11
- when :sign
12
- 256
13
- end
14
- end
15
-
16
- crypt_opcode = {:encrypt => :kefxb, :decrypt => :kdfxb, :sign => :ksfxb}[mode]
17
- ex_sec = @tem.assemble { |s|
18
- # buffer
19
- s.ldwc :const => max_output
20
- s.outnew
21
- s.ldbc :const => key_id
22
- s.authk :auth => :key_auth
23
- s.send crypt_opcode, :from => :data, :size => data.length, :to => (direct_io ? 0xFFFF : :outdata)
24
- s.outvlb :from => :outdata unless direct_io
25
- s.halt
26
-
27
- s.label :key_auth
28
- s.data :tem_ubyte, authz
29
- s.label :data
30
- s.data :tem_ubyte, data
31
- unless direct_io
32
- s.label :outdata
33
- s.zeros :tem_ubyte, max_output
34
- end
35
- s.stack 5
36
- }
37
- return @tem.execute(ex_sec)
38
- end
39
-
40
- def i_verify(data, signature, key_id, authz)
41
- sign_sec = @tem.assemble { |s|
42
- # buffer
43
- s.ldbc :const => 1
44
- s.outnew
45
- s.ldbc :const => key_id
46
- s.authk :auth => :key_auth
47
- s.kvsfxb :from => :data, :size => data.length, :signature => :signature
48
- s.outb
49
- s.halt
50
-
51
- s.label :key_auth
52
- s.data :tem_ubyte, authz
53
- s.label :data
54
- s.data :tem_ubyte, data
55
- s.label :signature
56
- s.data :tem_ubyte, signature
57
- s.stack 5
58
- }
59
- return @tem.execute(sign_sec)[0] == 1
60
- end
61
-
62
- def i_test_crypto_pki_ops(pubk_id, privk_id, pubk, privk, authz)
63
- garbage = (1...569).map { |i| (i * i * 217 + i * 661 + 393) % 256 }
64
-
65
- # SEC/priv-sign + CPU/pub-verify, direct IO
66
- signed_garbage = i_crypt garbage, privk_id, authz, :sign, true
67
- assert privk.verify(garbage, signed_garbage),
68
- 'SEC priv-signing + CPU pub-verify failed on good data'
69
-
70
- # SEC/priv-sign + CPU/pub-verify, indirect IO
71
- signed_garbage = i_crypt garbage, privk_id, authz, :sign, false
72
- assert privk.verify(garbage, signed_garbage),
73
- 'SEC priv-signing + CPU pub-verify failed on good data'
74
-
75
- # CPU/priv-sign + SEC/pub-verify
76
- signed_garbage = privk.sign garbage
77
- assert i_verify(garbage, signed_garbage, pubk_id, authz),
78
- 'CPU priv-signing + SEC pub-verify failed on good data'
79
-
80
- # CPU/priv-encrypt + SEC/pub-decrypt, indirect IO
81
- encrypted_garbage = privk.encrypt garbage
82
- decrypted_garbage = i_crypt encrypted_garbage, pubk_id, authz, :decrypt,
83
- false
84
- assert_equal garbage, decrypted_garbage,
85
- 'SEC priv-encryption + CPU pub-decryption messed up the data'
86
-
87
- # SEC/pub-encrypt + CPU/priv-decrypt, indirect IO
88
- encrypted_garbage = i_crypt garbage, pubk_id, authz, :encrypt, false
89
- decrypted_garbage = privk.decrypt encrypted_garbage
90
- assert_equal garbage, decrypted_garbage,
91
- 'SEC priv-encryption + CPU pub-decryption messed up the data'
92
-
93
- # CPU/pub-encrypt + SEC/priv-decrypt, direct-IO
94
- encrypted_garbage = pubk.encrypt garbage
95
- decrypted_garbage = i_crypt encrypted_garbage, privk_id, authz, :decrypt,
96
- true
97
- assert_equal garbage, decrypted_garbage,
98
- 'CPU pub-encryption + SEC priv-decryption messed up the data'
99
-
100
- # SEC/priv-encrypt + CPU/pub-decrypt, direct-IO
101
- encrypted_garbage = i_crypt garbage, privk_id, authz, :encrypt, true
102
- decrypted_garbage = pubk.decrypt encrypted_garbage
103
- assert_equal garbage, decrypted_garbage,
104
- 'SEC priv-encryption + CPU pub-decryption messed up the data'
105
- end
106
-
107
- def test_crypto_asymmetric
108
- # crypto run with an internally generated key
109
- keyd = @tem.tk_gen_key :asymmetric
110
- pubk = @tem.tk_read_key keyd[:pubk_id], keyd[:authz]
111
- privk = @tem.tk_read_key keyd[:privk_id], keyd[:authz]
112
- i_test_crypto_pki_ops keyd[:pubk_id], keyd[:privk_id], pubk, privk,
113
- keyd[:authz]
114
-
115
- # crypto run with an externally generated key
116
- ekey = OpenSSL::PKey::RSA.generate(2048, 65537)
117
- pubk = Tem::Key.new_from_ssl_key ekey.public_key
118
- privk = Tem::Key.new_from_ssl_key ekey
119
- pubk_id = @tem.tk_post_key pubk, keyd[:authz]
120
- privk_id = @tem.tk_post_key privk, keyd[:authz]
121
- i_test_crypto_pki_ops pubk_id, privk_id, pubk, privk, keyd[:authz]
122
- end
123
- end