tem_ruby 0.14.1 → 0.15.1

data/CHANGELOG

@@ -1,3 +1,7 @@
+v0.15.1. SECpack migrations.
+
+v0.15.0. Opcode for computing the size of encrypted data (fw 1.15).
+
 v0.14.1. Benchmarks for symmetric encryption.
 
 v0.14.0. Finalized symmetric encryption (fw 1.14).

data/Manifest

@@ -14,6 +14,8 @@ dev_ca/ca_cert.pem
 dev_ca/ca_key.pem
 dev_ca/config.yml
 lib/tem/_cert.rb
+lib/tem/admin/emit.rb
+lib/tem/admin/migrate.rb
 lib/tem/apdus/buffers.rb
 lib/tem/apdus/keys.rb
 lib/tem/apdus/lifecycle.rb
@@ -62,9 +64,11 @@ test/tem_unit/test_tem_crypto_random.rb
 test/tem_unit/test_tem_emit.rb
 test/tem_unit/test_tem_memory.rb
 test/tem_unit/test_tem_memory_compare.rb
+test/tem_unit/test_tem_migrate.rb
 test/tem_unit/test_tem_output.rb
 test/tem_unit/test_tem_yaml_secpack.rb
 test/test_auto_conf.rb
 test/test_crypto_engine.rb
 test/test_driver.rb
 test/test_exceptions.rb
+test/test_tag.rb

data/dev_ca/config.yml

@@ -1,5 +1,5 @@
 --- 
-# the development CA is valid for 10 years
+# The development CA is valid for 10 years.
 :ca_validity_days: 3652
 :issuer: 
   CN: Trusted Execution Module Development CA
@@ -8,7 +8,7 @@
   C: US
   O: Massachusetts Insitute of Technology
   OU: Computer Science and Artificial Intelligence Laboratory
-# a TEM is valid for two days
+# A TEM is valid for two years.
 :ecert_validity_days: 730
 :subject: 
   CN: Trusted Execution Module DevChip

data/lib/tem/admin/emit.rb

@@ -0,0 +1,115 @@
+# Logic for the TEM emission process.
+#
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2009 Massachusetts Institute of Technology
+# License:: MIT
+
+# :nodoc: namespace
+module Tem::Admin
+
+
+# Logic for the TEM emission process.
+module Emit
+  # The SEClosure that performs key generation for the TEM.
+  def self.emit_keygen_seclosure
+    Tem::Assembler.assemble { |s|
+      # Generate Endorsement Key pair, should end up in slots (0, 1).
+      s.genkp :type => 0
+      s.ldbc 1
+      s.sub
+      s.jne :to => :not_ok
+      s.ldbc 0
+      s.sub
+      s.jne :to => :not_ok
+      
+      # Generate and output random authorization for PrivEK.
+      s.ldbc 20
+      s.dupn :n => 1
+      s.outnew
+      s.ldwc :privek_auth
+      s.dupn :n => 2
+      s.rnd
+      s.outvb
+      # Set authorizations for PrivEK and PubkEK.
+      s.ldbc 0
+      s.authk :auth => :privek_auth
+      s.ldbc 1 # PubEK always has its initial authorization be all zeroes.
+      s.authk :auth => :pubek_auth
+      s.halt
+      
+      # Emitting didn't go well, return nothing and leave.
+      s.label :not_ok
+      s.ldbc 0
+      s.outnew
+      s.halt
+      
+      s.label :privek_auth
+      s.zeros :tem_ubyte, 20
+      s.label :pubek_auth
+      s.zeros :tem_ubyte, 20
+      s.stack 4    
+    }
+  end
+  
+  # Performs the key generation step of the TEM emitting process.
+  #
+  # Args:
+  #   tem:: session to the TEM that will be emitted
+  #
+  # Returns nil if key generation fails. In case of success, a hash with the
+  # following keys is returned.
+  #   :pubek:: the public Endorsement Key (PubEK) -- not stored on the TEM
+  #   :privek_auth:: the authentication key for the private Endorsement Key
+  #                  (PrivEK), which will always be stored on the chip
+  def self.emit_keygen(tem)
+    sec = emit_keygen_seclosure
+    r = tem.execute sec
+    return nil if r.empty?
+    
+    privek_auth = r[0...20]
+    pubek_auth = (0...20).map {|i| 0}
+    pubek = tem.tk_read_key 1, pubek_auth
+    tem.tk_delete_key 1, pubek_auth
+    { :privek_auth => privek_auth, :pubek => pubek }
+  end
+  
+  # Drives a TEM though the emit process.
+  #  
+  # Args:
+  #   tem:: session to the TEM that will be emitted.
+  #
+  # Returns nil if the emit process fails (most likely, the TEM was already
+  # emitted). If the process completes, a hash with the following keys is
+  # returned.
+  #   :privek_auth:: the authorization token for the private Endorsement Key
+  #                  (PrivEK) -- this value should be handled with care
+  def self.emit(tem)
+    tag = {}
+
+    return nil unless key_data = emit_keygen(tem)
+    
+    # Build the Endorsement Certificate.
+    ecert = Tem::CA.new_ecert key_data[:pubek].ssl_key
+    tag.merge! Tem::ECert.ecert_tag ecert
+
+    # Build administrative SECpacks.
+    tag.merge! Tem::Admin::Migrate.tag_data key_data[:pubek],
+                                            key_data[:privek_auth]
+    
+    tem.set_tag tag
+    key_data
+  end
+
+  # Emits the TEM.
+  #
+  # Returns nil if the emit process fails (most likely, the TEM was already
+  # emitted). If the process completes, it returns the authorization token for
+  # the private Endorsement Key (PrivEK). This value is very sensitive and its
+  # disclosure will compromise the TEM.
+  def emit
+    emit_data = Tem::Admin::Emit.emit self
+    emit_data and emit_data[:privek_auth]
+  end
+end  # module Tem::Admin::Emit
+
+end  # namespace Tem::Admin

data/lib/tem/admin/migrate.rb

@@ -0,0 +1,219 @@
+# Logic for SECpack migration.
+#
+# Author:: Victor Costan
+# Copyright:: Copyright (C) 2009 Massachusetts Institute of Technology
+# License:: MIT
+
+require 'openssl'
+
+# :nodoc: namespace
+module Tem::Admin
+
+
+# Logic for migrating SECpacks.
+module Migrate
+  # SEClosure that verifies the destination TEM's ECert.
+  #
+  # Args:
+  #   key_ps_addr:: the PStore address used to store the TEM key's ID
+  #   authz:: the authentication secret for the TEM's PrivEK 
+  def self.ecert_verify_seclosure(key_ps_addr, authz)
+    Tem::Assembler.assemble { |s|
+      # TODO: some actual verification, jump to :failure if it doesn't work
+      
+      s.ldwc :const => :pubek        
+      s.rdk
+      s.authk :auth => :authz
+      s.stw :to => :key_id
+      s.pswrfxb :addr => :pstore_addr, :from => :key_id
+      s.label :success
+      s.ldbc :const => 1
+      s.dupn :n => 1
+      s.outnew
+      s.outb
+      s.halt
+      
+      s.label :failure
+      s.ldbc :const => 1
+      s.outnew
+      s.ldbc :const => 0
+      s.outb
+      s.halt
+      
+      s.label :key_id
+      s.zeros :tem_ps_value  # Will hold the ID of the loaded PubEK.
+      
+      s.label :secret
+      s.label :authz  # The authentication key for the PrivEK.
+      s.data :tem_ubyte, authz
+      s.label :pstore_addr
+      s.data :tem_ps_addr, key_ps_addr
+      s.label :plain
+      # ARG: the target TEM's public endorsement key.
+      s.label :pubek
+      s.zeros :tem_ubyte, 300
+      # ARG: the target TEM's endorsement certificate.
+      s.label :ecert
+      s.stack 10
+    }
+  end
+  
+  # Blank version of the SEClosure that verifies the destination TEM's ECert.
+  #
+  # The returned SEClosure is not suitable for execution. Its encrypted bytes
+  # should be replaced with the bytes from a SECpack generated with live data.
+  def self.blank_ecert_verify_seclosure
+    ecert_verify_seclosure [0] * Tem::Abi.tem_ps_addr_length,
+                           [0] * Tem::Abi.tem_hash_length
+  end  
+  
+  # SEClosure that migrates a SECpack.
+  #
+  # Args:
+  #   key_ps_addr:: the PStore address used to store the TEM key's ID
+  #   authz:: the authentication secret for the TEM's PrivEK 
+  def self.migrate_seclosure(key_ps_addr, authz)
+    Tem::Assembler.assemble { |s|
+      s.ldbc :const => 0        # Authorize PrivEK.
+      s.authk :auth => :authz
+      s.dupn :n => 1             # Compute the size of the encrypted blob.
+      s.ldw :from => :secpack_secret_size
+      s.ldkel
+      
+      # Decrypt secpack.
+      s.ldwc :const => :secpack_encrypted
+      s.ldwc :const => :secpack_encrypted
+      s.kdvb
+      s.ldw :from => :secpack_secret_size  # Fail for wrong blob size.
+      s.sub
+      s.jnz :failure
+
+      # Authorize target PubEK.
+      s.psrdfxb :addr => :pstore_addr, :to => :key_id
+      s.ldw :from => :key_id
+      s.authk :auth => :authz
+      
+      s.dupn :n => 1  # Prepare output buffer.
+      s.ldw :from => :secpack_secret_size
+      s.ldkel
+      s.outnew
+
+      s.ldw :from => :secpack_secret_size  # Re-encrypt the blob.
+      s.ldwc :const => :secpack_encrypted
+      s.ldwc :const => -1
+      s.kevb
+      
+      s.ldw :from => :key_id   # Clean up.
+      s.relk
+      s.ldbc :const => -1
+      s.stw :to => :key_id
+      s.pswrfxb :addr => :pstore_addr, :from => :key_id
+      s.halt
+      
+      s.label :failure  # Communicate some failure.
+      s.ldbc :const => 0
+      s.outnew
+      s.halt
+
+      s.label :key_id
+      s.zeros :tem_ps_value  # Will hold the ID of the loaded PubEK.
+      
+      s.label :secret
+      s.label :authz  # The authentication key for the PrivEK.
+      s.data :tem_ubyte, authz
+      s.label :pstore_addr
+      s.data :tem_ps_addr, key_ps_addr
+      s.label :plain
+      s.stack 20
+      # ARG: the 'encrypted size' field in the SECpack header. 
+      s.label :secpack_secret_size 
+      s.zeros :tem_short, 1
+      # ARG: the encrypted blob in the SECpack.
+      s.label :secpack_encrypted
+      s.zeros :tem_ubyte, 1
+      s.label :secpack_encrypted_end
+    }
+  end
+  
+  # Blank version of the SEClosure that verifies the destination TEM's ECert.
+  #
+  # The returned SEClosure is not suitable for execution. Its encrypted bytes
+  # should be replaced with the bytes from a SECpack generated with live data.
+  def self.blank_migrate_seclosure
+    migrate_seclosure [0] * Tem::Abi.tem_ps_addr_length,
+                      [0] * Tem::Abi.tem_hash_length
+  end  
+  
+  # The key storing the encrypted bytes of the ecert_verify SECpack in the
+  # TEM's tag.
+  def self.ecert_verify_bytes_tag_key
+    0x11
+  end
+  
+  # The key storing the encrypted bytes of the migrate SECpack in the TEM's tag.
+  def self.migrate_bytes_tag_key
+    0x12
+  end
+  
+  # Data to be included in a TEM's tag to support migration.
+  #
+  # Returns a hash of tag key-values to be included in the TEM's tag during
+  # emission.
+  def self.tag_data(pubek, privek_authz)
+    ps_addr = OpenSSL::Random.random_bytes(Tem::Abi.tem_ps_addr_length).
+        unpack('C*')
+    ev_sec = ecert_verify_seclosure ps_addr, privek_authz
+    ev_sec.bind pubek
+    
+    m_sec = migrate_seclosure ps_addr, privek_authz
+    m_sec.bind pubek
+    
+    {
+      ecert_verify_bytes_tag_key => ev_sec.encrypted_data,
+      migrate_bytes_tag_key => m_sec.encrypted_data
+    }
+  end
+  
+  # Recovers the migration-related SECpacks from the TEM's tag data.
+  def self.seclosures_from_tag_data(tem)
+    tag_data = tem.tag
+    
+    ecert_verify = blank_ecert_verify_seclosure
+    ecert_verify.fake_bind
+    ecert_verify.encrypted_data = tag_data[ecert_verify_bytes_tag_key]
+    
+    migrate = blank_migrate_seclosure
+    migrate.fake_bind
+    migrate.encrypted_data = tag_data[migrate_bytes_tag_key]
+    
+    { :ecert_verify => ecert_verify, :migrate => migrate }
+  end
+  
+  # Migrates a SECpack to another TEM.
+  #
+  # Args:
+  #   secpack:: the SECpack to be migrated
+  #   ecert:: the Endorsement Certificate of the destination TEM
+  #
+  # Returns the migrated SECpack, or nil if the Endorsement Certificate was
+  # rejected.
+  def migrate(secpack, ecert)
+    migrated = secpack.copy
+    secpacks = Tem::Admin::Migrate.seclosures_from_tag_data self
+    
+    verify = secpacks[:ecert_verify]
+    verify.set_bytes :pubek,
+                     Tem::Key.new_from_ssl_key(ecert.public_key).to_tem_key
+    return nil if execute(verify) != [1]
+    
+    migrate = secpacks[:migrate]
+    migrate.set_value :secpack_secret_size, :tem_short, secpack.secret_bytes +
+                      Tem::Abi.tem_hash_length
+    migrate.set_bytes :secpack_encrypted, migrated.encrypted_data
+    return nil unless new_encrypted_data = execute(migrate)
+    migrated.encrypted_data = new_encrypted_data
+    migrated
+  end
+end  # module Tem::Admin::Migrate
+
+end  # namespace Tem::Admin

data/lib/tem/apdus/tag.rb

@@ -9,7 +9,15 @@ module Tem::Apdus
   
   
 module Tag
-  def set_tag(tag_data)    
+  # Writes an array of bytes to the TEM's tag.
+  #
+  # The TEM's tag can only be written once, when the TEM is emitted.
+  #
+  # Args:
+  #   tag_data:: the array of bytes to write to the TEM's tag
+  #
+  # The return value is unspecified. 
+  def set_raw_tag_data(tag_data)    
     buffer_id = post_buffer tag_data
     begin
       @transport.iso_apdu! :ins => 0x30, :p1 => buffer_id
@@ -18,12 +26,22 @@ module Tag
     end
   end
   
-  def get_tag_length
+  # The number of bytes in the TEM's tag.
+  #
+  # This method issues an APDU when it's called (i.e. no caching is done).
+  def get_raw_tag_length
     response = @transport.iso_apdu! :ins => 0x31
     return read_tem_short(response, 0)
   end
   
-  def get_tag_data(offset, length)
+  # Reads raw bytes in the TEM's tag.
+  #
+  # Args:
+  #   offset:: the offset of the first byte to be read from the TEM's tag
+  #   length:: the number of bytes to be read from the TEM's tag.
+  #
+  # Returns an array of bytes containing the requested TEM tag data.  
+  def get_raw_tag_data(offset, length)
     buffer_id = alloc_buffer length
     begin
       @transport.iso_apdu! :ins => 0x32, :p1 => buffer_id,
@@ -36,9 +54,63 @@ module Tag
     tag_data
   end
 
-  def get_tag
-    tag_length = self.get_tag_length
-    get_tag_data 0, tag_length
+  # Encodes structured tag data into raw TLV tag data.
+  #
+  # Args:
+  #   data:: a hash whose keys are numbers (tag keys), and whose values are
+  #          arrays of bytes (values associated with the tag keys)
+  #
+  # Returns an array of bytes with the raw data.
+  def self.encode_tag(data)
+    data.keys.sort.map { |key|
+      value = data[key]
+      [Tem::Abi.to_tem_ubyte(key), Tem::Abi.to_tem_short(value.length), value]
+    }.flatten
+  end
+  
+  # Decodes raw TLV tag data into its structured form.
+  #
+  # Args:
+  #  raw_data:: an array of bytes containing the raw data in the TEM tag
+  #
+  # Returns a hash whose keys are numbers (tag keys), and whose values are
+  # arrays of bytes (values associated with the tag keys). 
+  def self.decode_tag(raw_data)    
+    data = {}
+    index = 0
+    while index < raw_data.length
+      key = Tem::Abi.read_tem_ubyte raw_data, index
+      value_length = Tem::Abi.read_tem_short raw_data, index + 1
+      data[key] = raw_data[index + 3, value_length]
+      index += 3 + value_length
+    end
+    data
+  end
+
+  # Writes an structured data to the TEM's tag.
+  #
+  # The TEM's tag can only be written once, when the TEM is emitted.
+  #
+  # Args:
+  #   tag_data:: the array of bytes to write to the TEM's tag
+  #
+  # The return value is unspecified. 
+  def set_tag(data)
+    raw_data = Tem::Apdus::Tag.encode_tag data
+    set_raw_tag_data raw_data
+    icache[:tag] = Tem::Apdus::Tag.decode_tag raw_data
+  end
+
+  # The TEM's tag data.
+  #
+  # Returns a hash whose keys are numbers (tag keys), and whose values are
+  # arrays of bytes (values associated with the tag keys). The result of this
+  # method is cached. 
+  def tag
+    return icache[:tag] if icache[:tag]
+
+    raw_tag_data = get_raw_tag_data 0, get_raw_tag_length
+    icache[:tag] = Tem::Apdus::Tag.decode_tag raw_tag_data
   end
 end
 

data/lib/tem/benchmarks/benchmarks.rb

@@ -64,7 +64,7 @@ class Tem::Benchmarks
     benchmarks = {}
     t = Tem::Benchmarks.new
     t.setup
-    t.methods.select { |m| m =~ /time_/ }.each do |m|
+    t.methods.select { |m| m =~ /time_/ }.sort.each do |m|
       print "Timing: #{m[5..-1]}...\n"
       t.send m.to_sym
       benchmarks[m] = t.timing

data/lib/tem/ca.rb

@@ -4,7 +4,7 @@ require 'yaml'
 # Certificate Authority (CA) functionality for TEM manufacturers
 module Tem::CA
   # Creates an Endorsement Certificate for a TEM's Public Endorsement Key.
-  def new_ecert(pubek)
+  def self.new_ecert(pubek)
     ca_cert = Tem::CA.ca_cert
     ca_key = Tem::CA.ca_key
     conf = Tem::CA.config

data/lib/tem/definitions/isa.rb

@@ -190,13 +190,16 @@ module Tem::Isa
     isa.instruction 0x46, :halt
     # 1 ST -> 0 ST
     isa.instruction 0x47, :psrm
-    
+
+    # 2 ST -> 1 ST
+    isa.instruction 0x58, :ldkel
     # 1 ST -> 1 ST
-    isa.instruction 0x5A, :rdk     
+    isa.instruction 0x5A, :rdk
     # 1 ST -> 0 ST
     isa.instruction 0x5C, :relk
-    
+    # 1 ST -> 1 ST
     isa.instruction 0x5D, :ldkl
+    
     # 1 IM_B -> 2 ST
     isa.instruction 0x5E, :genkp, {:name => :type, :type => :tem_ubyte }
     # 1 ST, 1 IM -> 1 ST

data/lib/tem/ecert.rb

@@ -1,14 +1,20 @@
 require 'openssl'
 
 module Tem::ECert
-  # Writes an Endorsement Certificate to the TEM's tag.
-  def set_ecert(ecert)
-    set_tag ecert.to_der.unpack('C*')
+  # The key storing the Endorsement Certificate in the TEM's tag.
+  def self.ecert_tag_key
+    0x01
+  end
+  
+  # The tag contents for an endorsement certificate.
+  def self.ecert_tag(ecert)
+    { ecert_tag_key => ecert.to_der.unpack('C*') }
   end
   
   # Retrieves the TEM's Endorsement Certificate.
   def endorsement_cert
-    OpenSSL::X509::Certificate.new get_tag.pack('C*')
+    raw_cert = tag[Tem::ECert.ecert_tag_key].pack('C*')
+    OpenSSL::X509::Certificate.new raw_cert
   end
   
   # Retrieves the certificate of the TEM's Manfacturer (CA).
@@ -19,59 +25,5 @@ module Tem::ECert
   # Retrieves the TEM's Public Endorsement Key.
   def pubek
     Tem::Key.new_from_ssl_key endorsement_cert.public_key
-  end
-  
-  # Drives a TEM though the emitting process.
-  def emit
-    emit_sec = assemble do |s|
-      # Generate Endorsement Key pair, should end up in slots (0, 1).
-      s.genkp :type => 0
-      s.ldbc 1
-      s.sub
-      s.jne :to => :not_ok
-      s.ldbc 0
-      s.sub
-      s.jne :to => :not_ok
-      
-      # Generate and output random authorization for PrivEK.
-      s.ldbc 20
-      s.dupn :n => 1
-      s.outnew
-      s.ldwc :privek_auth
-      s.dupn :n => 2
-      s.rnd
-      s.outvb
-      # Set authorizations for PrivEK and PubkEK.
-      s.ldbc 0
-      s.authk :auth => :privek_auth
-      s.ldbc 1 # PubEK always has its initial authorization be all zeroes.
-      s.authk :auth => :pubek_auth
-      s.halt
-      
-      # Emitting didn't go well, return nothing and leave.
-      s.label :not_ok
-      s.ldbc 0
-      s.outnew
-      s.halt
-      
-      s.label :privek_auth
-      s.zeros :tem_ubyte, 20
-      s.label :pubek_auth
-      s.zeros :tem_ubyte, 20
-      s.stack 4
-    end
-    
-    r = execute emit_sec
-    if r.length == 0
-      return nil
-    else
-      privk_auth = r[0...20]
-      pubek_auth = (0...20).map {|i| 0}
-      pubek = tk_read_key 1, pubek_auth
-      tk_delete_key 1, pubek_auth      
-      ecert = new_ecert pubek.ssl_key
-      set_ecert ecert
-      return { :privek_auth => privk_auth }
-    end
-  end
+  end  
 end

data/lib/tem/secpack.rb

@@ -2,7 +2,7 @@ require 'yaml'
 
 class Tem::SecPack
   @@serialized_ivars = [:body, :labels, :ep, :sp, :extra_bytes, :signed_bytes,
-                        :encrypted_bytes, :bound, :lines]    
+                        :secret_bytes, :bound, :lines]    
  
   def self.new_from_array(array)
     arg_hash = { }
@@ -14,6 +14,11 @@ class Tem::SecPack
     array = YAML.load yaml_str
     new_from_array array
   end
+  
+  # Creates a deep copy of the SECpack.
+  def copy
+    Tem::SecPack.new_from_array self.to_array
+  end
 
   def to_array
     @@serialized_ivars.map { |m| self.instance_variable_get :"@#{m}" }
@@ -23,7 +28,13 @@ class Tem::SecPack
     self.to_array.to_yaml.to_s
   end
   
-  attr_reader :body, :bound
+  # The size of the secret data in the SECpack.
+  attr_reader :secret_bytes
+  # The SECpack's body.
+  attr_reader :body
+  # The size of the encrypted data, if the SECpack is bound. False otherwise.
+  attr_reader :bound
+  # Debugging information.
   attr_reader :lines
   
   def trim_extra_bytes
@@ -51,37 +62,100 @@ class Tem::SecPack
   def label_address(label_name)
     @labels[label_name.to_sym]
   end
+  
+  def bind(public_key, secret_from = :secret, plain_from = :plain)
+    raise "SECpack is already bound" if @bound
     
-  def bind(public_key, encrypt_from = 0, plaintext_from = 0)
     expand_extra_bytes
-    encrypt_from = @labels[encrypt_from.to_sym] unless encrypt_from.kind_of? Numeric
-    plaintext_from = @labels[plaintext_from.to_sym] unless plaintext_from.kind_of? Numeric
-    
-    @signed_bytes = encrypt_from
-    @encrypted_bytes = plaintext_from - encrypt_from
+    unless secret_from.kind_of? Numeric
+      secret_from_label = secret_from
+      secret_from = @labels[secret_from.to_sym]
+      raise "Undefined label #{secret_from_label}" unless secret_from
+    end
+    unless plain_from.kind_of? Numeric
+      plain_from_label = plain_from
+      plain_from = @labels[plain_from.to_sym]
+      raise "Undefined label #{plain_from_label}" unless plain_from      
+    end
     
-    secpack_sig = Tem::Abi.tem_hash [tem_header, @body[0...plaintext_from]].flatten
-    crypt = public_key.encrypt [@body[encrypt_from...plaintext_from], secpack_sig].flatten
-    @body = [@body[0...encrypt_from], crypt, @body[plaintext_from..-1]].flatten
+    @signed_bytes = secret_from
+    @secret_bytes = plain_from - secret_from
+
+    secpack_sig = Tem::Abi.tem_hash tem_header + @body[0, plain_from]
+    crypt = public_key.encrypt @body[secret_from, @secret_bytes] + secpack_sig
+    @body = [@body[0, secret_from], crypt, @body[plain_from..-1]].flatten
       
-    label_delta = crypt.length - @encrypted_bytes         
+    label_delta = crypt.length - @secret_bytes
+    relocate_labels secret_from, plain_from, label_delta
+    
+    #trim_extra_bytes
+    @bound = crypt.length
+  end
+
+  def fake_bind(secret_from = :secret, plain_from = :plain)
+    raise "SECpack is already bound" if @bound
+    
+    expand_extra_bytes
+    unless secret_from.kind_of? Numeric
+      secret_from_label = secret_from
+      secret_from = @labels[secret_from.to_sym]
+      raise "Undefined label #{secret_from_label}" unless secret_from
+    end
+    unless plain_from.kind_of? Numeric
+      plain_from_label = plain_from
+      plain_from = @labels[plain_from.to_sym]
+      raise "Undefined label #{plain_from_label}" unless plain_from      
+    end
+    
+    @signed_bytes = secret_from
+    @secret_bytes = plain_from - secret_from
+    
+    #trim_extra_bytes
+    @bound = @secret_bytes    
+  end
+  
+  # Relocates the labels to reflect a change in the size of encrypted bytes.
+  #
+  # Args:
+  #   same_until:: the end of the signed area (no relocations done there)
+  #   delete_until:: the end of the old encrypted area (labels are removed)
+  #   delta:: the size difference between the new and the old encrypted areas
+  def relocate_labels(same_until, delete_until, delta)
     @labels = Hash[*(@labels.map { |k, v|
-      if v < encrypt_from
+      if v <= same_until
         [k, v] 
-      elsif v < plaintext_from
+      elsif v < delete_until
         []
       else
-        [k, v + label_delta]
+        [k, v + delta]
       end
-    }.flatten)]
+    }.flatten)]    
+  end
     
-    #trim_extra_bytes
-    @bound = true
+  # The encrypted data in a SECpack.
+  #
+  # This is useful for SECpack migration -- the encrypted bytes are the only
+  # part that has to be migrated.
+  def encrypted_data
+    @body[@signed_bytes, @bound]
+  end
+  
+  # Replaces the encrypted bytes in a SECpack.
+  #
+  # This is used in SECpack migration -- the encryption bytes are the only part
+  # that changes during migration.
+  def encrypted_data=(new_encrypted_bytes)
+    raise "SECpack is not bound. See #bind and #fake_bind." unless @bound
+    
+    @body[@signed_bytes, @bound] = new_encrypted_bytes
+    relocate_labels @signed_bytes, @signed_bytes + @bound, 
+                    new_encrypted_bytes.length - @bound 
+    @bound = new_encrypted_bytes.length
   end
   
   def tem_header
     # TODO: use 0x0100 (no tracing) depending on options
-    hh = [0x0101, @signed_bytes || 0, @encrypted_bytes || 0, @extra_bytes, @sp,
+    hh = [0x0101, @signed_bytes || 0, @secret_bytes || 0, @extra_bytes, @sp,
           @ep].map { |n| Tem::Abi.to_tem_ushort n }.flatten
     hh += Array.new((Tem::Abi.tem_hash [0]).length - hh.length, 0)
     return hh

data/lib/tem/tem.rb

@@ -5,6 +5,9 @@ class Tem::Session
   include Tem::Apdus::Lifecycle
   include Tem::Apdus::Tag
   
+  include Tem::Admin::Emit
+  include Tem::Admin::Migrate
+  
   include Tem::CA
   include Tem::ECert
   include Tem::SeClosures
@@ -12,20 +15,39 @@ class Tem::Session
   
   CAPPLET_AID = [0x19, 0x83, 0x12, 0x29, 0x10, 0xBA, 0xBE]
   
+  # The transport used for this TEM.
   attr_reader :transport
   
+  # The TEM instance cache.
+  #
+  # This cache stores information about the TEM connected to this session. The
+  # cache can be safely cleared without losing correctness.
+  #
+  # The cache should not be modified directly by client code.
+  attr_reader :icache
+  
   def initialize(transport)
     @transport = transport
     @transport.extend Smartcard::Gp::GpCardMixin
     @transport.select_application CAPPLET_AID
+    
+    @icache = {}
   end
-  
+    
   def disconnect
     return unless @transport
     @transport.disconnect
     @transport = nil
+    clear_icache
   end
   
+  # Clears the TEM instance cache.
+  #
+  # This should be called when connecting to a different TEM.
+  def clear_icache
+    @icache.clear
+  end  
+  
   def tem_secpack_error(response)
     raise "TEM refused the SECpack"
   end

data/lib/tem_ruby.rb

@@ -27,6 +27,9 @@ require 'tem/apdus/tag.rb'
 
 require 'tem/firmware/uploader.rb'
 
+require 'tem/admin/emit.rb'
+require 'tem/admin/migrate.rb'
+
 require 'tem/ca.rb'
 require 'tem/ecert.rb'
 require 'tem/hive.rb'

data/tem_ruby.gemspec

@@ -2,23 +2,23 @@
 
 Gem::Specification.new do |s|
   s.name = %q{tem_ruby}
-  s.version = "0.14.1"
+  s.version = "0.15.1"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
   s.authors = ["Victor Costan"]
-  s.date = %q{2009-11-16}
+  s.date = %q{2009-11-18}
   s.description = %q{TEM (Trusted Execution Module) driver, written in and for ruby.}
   s.email = %q{victor@costan.us}
   s.executables = ["tem_bench", "tem_ca", "tem_irb", "tem_proxy", "tem_stat", "tem_upload_fw"]
-  s.extra_rdoc_files = ["CHANGELOG", "LICENSE", "README", "bin/tem_bench", "bin/tem_ca", "bin/tem_irb", "bin/tem_proxy", "bin/tem_stat", "bin/tem_upload_fw", "lib/tem/_cert.rb", "lib/tem/apdus/buffers.rb", "lib/tem/apdus/keys.rb", "lib/tem/apdus/lifecycle.rb", "lib/tem/apdus/tag.rb", "lib/tem/auto_conf.rb", "lib/tem/benchmarks/benchmarks.rb", "lib/tem/benchmarks/blank_bound_secpack.rb", "lib/tem/benchmarks/blank_sec.rb", "lib/tem/benchmarks/devchip_decrypt.rb", "lib/tem/benchmarks/post_buffer.rb", "lib/tem/benchmarks/simple_apdu.rb", "lib/tem/benchmarks/vm_perf.rb", "lib/tem/benchmarks/vm_perf_bound.rb", "lib/tem/builders/abi.rb", "lib/tem/builders/assembler.rb", "lib/tem/builders/crypto.rb", "lib/tem/builders/isa.rb", "lib/tem/ca.rb", "lib/tem/definitions/abi.rb", "lib/tem/definitions/assembler.rb", "lib/tem/definitions/isa.rb", "lib/tem/ecert.rb", "lib/tem/firmware/tc.cap", "lib/tem/firmware/uploader.rb", "lib/tem/hive.rb", "lib/tem/keys/asymmetric.rb", "lib/tem/keys/key.rb", "lib/tem/keys/symmetric.rb", "lib/tem/sec_exec_error.rb", "lib/tem/seclosures.rb", "lib/tem/secpack.rb", "lib/tem/tem.rb", "lib/tem/toolkit.rb", "lib/tem_ruby.rb"]
-  s.files = ["CHANGELOG", "LICENSE", "Manifest", "README", "Rakefile", "bin/tem_bench", "bin/tem_ca", "bin/tem_irb", "bin/tem_proxy", "bin/tem_stat", "bin/tem_upload_fw", "dev_ca/ca_cert.cer", "dev_ca/ca_cert.pem", "dev_ca/ca_key.pem", "dev_ca/config.yml", "lib/tem/_cert.rb", "lib/tem/apdus/buffers.rb", "lib/tem/apdus/keys.rb", "lib/tem/apdus/lifecycle.rb", "lib/tem/apdus/tag.rb", "lib/tem/auto_conf.rb", "lib/tem/benchmarks/benchmarks.rb", "lib/tem/benchmarks/blank_bound_secpack.rb", "lib/tem/benchmarks/blank_sec.rb", "lib/tem/benchmarks/devchip_decrypt.rb", "lib/tem/benchmarks/post_buffer.rb", "lib/tem/benchmarks/simple_apdu.rb", "lib/tem/benchmarks/vm_perf.rb", "lib/tem/benchmarks/vm_perf_bound.rb", "lib/tem/builders/abi.rb", "lib/tem/builders/assembler.rb", "lib/tem/builders/crypto.rb", "lib/tem/builders/isa.rb", "lib/tem/ca.rb", "lib/tem/definitions/abi.rb", "lib/tem/definitions/assembler.rb", "lib/tem/definitions/isa.rb", "lib/tem/ecert.rb", "lib/tem/firmware/tc.cap", "lib/tem/firmware/uploader.rb", "lib/tem/hive.rb", "lib/tem/keys/asymmetric.rb", "lib/tem/keys/key.rb", "lib/tem/keys/symmetric.rb", "lib/tem/sec_exec_error.rb", "lib/tem/seclosures.rb", "lib/tem/secpack.rb", "lib/tem/tem.rb", "lib/tem/toolkit.rb", "lib/tem_ruby.rb", "test/_test_cert.rb", "test/builders/test_abi_builder.rb", "test/firmware/test_uploader.rb", "test/tem_test_case.rb", "test/tem_unit/test_tem_alu.rb", "test/tem_unit/test_tem_bound_secpack.rb", "test/tem_unit/test_tem_branching.rb", "test/tem_unit/test_tem_crypto_hash.rb", "test/tem_unit/test_tem_crypto_keys.rb", "test/tem_unit/test_tem_crypto_pstore.rb", "test/tem_unit/test_tem_crypto_random.rb", "test/tem_unit/test_tem_emit.rb", "test/tem_unit/test_tem_memory.rb", "test/tem_unit/test_tem_memory_compare.rb", "test/tem_unit/test_tem_output.rb", "test/tem_unit/test_tem_yaml_secpack.rb", "test/test_auto_conf.rb", "test/test_crypto_engine.rb", "test/test_driver.rb", "test/test_exceptions.rb", "tem_ruby.gemspec"]
+  s.extra_rdoc_files = ["CHANGELOG", "LICENSE", "README", "bin/tem_bench", "bin/tem_ca", "bin/tem_irb", "bin/tem_proxy", "bin/tem_stat", "bin/tem_upload_fw", "lib/tem/_cert.rb", "lib/tem/admin/emit.rb", "lib/tem/admin/migrate.rb", "lib/tem/apdus/buffers.rb", "lib/tem/apdus/keys.rb", "lib/tem/apdus/lifecycle.rb", "lib/tem/apdus/tag.rb", "lib/tem/auto_conf.rb", "lib/tem/benchmarks/benchmarks.rb", "lib/tem/benchmarks/blank_bound_secpack.rb", "lib/tem/benchmarks/blank_sec.rb", "lib/tem/benchmarks/devchip_decrypt.rb", "lib/tem/benchmarks/post_buffer.rb", "lib/tem/benchmarks/simple_apdu.rb", "lib/tem/benchmarks/vm_perf.rb", "lib/tem/benchmarks/vm_perf_bound.rb", "lib/tem/builders/abi.rb", "lib/tem/builders/assembler.rb", "lib/tem/builders/crypto.rb", "lib/tem/builders/isa.rb", "lib/tem/ca.rb", "lib/tem/definitions/abi.rb", "lib/tem/definitions/assembler.rb", "lib/tem/definitions/isa.rb", "lib/tem/ecert.rb", "lib/tem/firmware/tc.cap", "lib/tem/firmware/uploader.rb", "lib/tem/hive.rb", "lib/tem/keys/asymmetric.rb", "lib/tem/keys/key.rb", "lib/tem/keys/symmetric.rb", "lib/tem/sec_exec_error.rb", "lib/tem/seclosures.rb", "lib/tem/secpack.rb", "lib/tem/tem.rb", "lib/tem/toolkit.rb", "lib/tem_ruby.rb"]
+  s.files = ["CHANGELOG", "LICENSE", "Manifest", "README", "Rakefile", "bin/tem_bench", "bin/tem_ca", "bin/tem_irb", "bin/tem_proxy", "bin/tem_stat", "bin/tem_upload_fw", "dev_ca/ca_cert.cer", "dev_ca/ca_cert.pem", "dev_ca/ca_key.pem", "dev_ca/config.yml", "lib/tem/_cert.rb", "lib/tem/admin/emit.rb", "lib/tem/admin/migrate.rb", "lib/tem/apdus/buffers.rb", "lib/tem/apdus/keys.rb", "lib/tem/apdus/lifecycle.rb", "lib/tem/apdus/tag.rb", "lib/tem/auto_conf.rb", "lib/tem/benchmarks/benchmarks.rb", "lib/tem/benchmarks/blank_bound_secpack.rb", "lib/tem/benchmarks/blank_sec.rb", "lib/tem/benchmarks/devchip_decrypt.rb", "lib/tem/benchmarks/post_buffer.rb", "lib/tem/benchmarks/simple_apdu.rb", "lib/tem/benchmarks/vm_perf.rb", "lib/tem/benchmarks/vm_perf_bound.rb", "lib/tem/builders/abi.rb", "lib/tem/builders/assembler.rb", "lib/tem/builders/crypto.rb", "lib/tem/builders/isa.rb", "lib/tem/ca.rb", "lib/tem/definitions/abi.rb", "lib/tem/definitions/assembler.rb", "lib/tem/definitions/isa.rb", "lib/tem/ecert.rb", "lib/tem/firmware/tc.cap", "lib/tem/firmware/uploader.rb", "lib/tem/hive.rb", "lib/tem/keys/asymmetric.rb", "lib/tem/keys/key.rb", "lib/tem/keys/symmetric.rb", "lib/tem/sec_exec_error.rb", "lib/tem/seclosures.rb", "lib/tem/secpack.rb", "lib/tem/tem.rb", "lib/tem/toolkit.rb", "lib/tem_ruby.rb", "test/_test_cert.rb", "test/builders/test_abi_builder.rb", "test/firmware/test_uploader.rb", "test/tem_test_case.rb", "test/tem_unit/test_tem_alu.rb", "test/tem_unit/test_tem_bound_secpack.rb", "test/tem_unit/test_tem_branching.rb", "test/tem_unit/test_tem_crypto_hash.rb", "test/tem_unit/test_tem_crypto_keys.rb", "test/tem_unit/test_tem_crypto_pstore.rb", "test/tem_unit/test_tem_crypto_random.rb", "test/tem_unit/test_tem_emit.rb", "test/tem_unit/test_tem_memory.rb", "test/tem_unit/test_tem_memory_compare.rb", "test/tem_unit/test_tem_migrate.rb", "test/tem_unit/test_tem_output.rb", "test/tem_unit/test_tem_yaml_secpack.rb", "test/test_auto_conf.rb", "test/test_crypto_engine.rb", "test/test_driver.rb", "test/test_exceptions.rb", "test/test_tag.rb", "tem_ruby.gemspec"]
   s.homepage = %q{http://tem.rubyforge.org}
   s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Tem_ruby", "--main", "README"]
   s.require_paths = ["lib"]
   s.rubyforge_project = %q{tem}
   s.rubygems_version = %q{1.3.5}
   s.summary = %q{TEM (Trusted Execution Module) driver, written in and for ruby.}
-  s.test_files = ["test/test_driver.rb", "test/firmware/test_uploader.rb", "test/test_auto_conf.rb", "test/builders/test_abi_builder.rb", "test/tem_unit/test_tem_emit.rb", "test/tem_unit/test_tem_crypto_keys.rb", "test/tem_unit/test_tem_yaml_secpack.rb", "test/tem_unit/test_tem_alu.rb", "test/tem_unit/test_tem_crypto_hash.rb", "test/tem_unit/test_tem_bound_secpack.rb", "test/tem_unit/test_tem_memory_compare.rb", "test/tem_unit/test_tem_output.rb", "test/tem_unit/test_tem_crypto_random.rb", "test/tem_unit/test_tem_memory.rb", "test/tem_unit/test_tem_branching.rb", "test/tem_unit/test_tem_crypto_pstore.rb", "test/test_exceptions.rb", "test/test_crypto_engine.rb"]
+  s.test_files = ["test/builders/test_abi_builder.rb", "test/firmware/test_uploader.rb", "test/tem_unit/test_tem_alu.rb", "test/tem_unit/test_tem_bound_secpack.rb", "test/tem_unit/test_tem_branching.rb", "test/tem_unit/test_tem_crypto_hash.rb", "test/tem_unit/test_tem_crypto_keys.rb", "test/tem_unit/test_tem_crypto_pstore.rb", "test/tem_unit/test_tem_crypto_random.rb", "test/tem_unit/test_tem_emit.rb", "test/tem_unit/test_tem_memory.rb", "test/tem_unit/test_tem_memory_compare.rb", "test/tem_unit/test_tem_migrate.rb", "test/tem_unit/test_tem_output.rb", "test/tem_unit/test_tem_yaml_secpack.rb", "test/test_auto_conf.rb", "test/test_crypto_engine.rb", "test/test_driver.rb", "test/test_exceptions.rb", "test/test_tag.rb"]
 
   if s.respond_to? :specification_version then
     current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION

data/test/firmware/test_uploader.rb

@@ -18,7 +18,7 @@ class UploaderTest < Test::Unit::TestCase
   end
   
   def test_fw_version
-    assert_equal({:major => 1, :minor => 14}, Uploader.fw_version)
+    assert_equal({:major => 1, :minor => 15}, Uploader.fw_version)
   end
   
   def test_upload

data/test/tem_unit/test_tem_crypto_keys.rb

@@ -1,35 +1,48 @@
 require 'test/tem_test_case.rb'
 
 class TemCryptoKeysTest < TemTestCase
+  def i_crypt_len(data_length, key_id, authz)
+    ex_sec = @tem.assemble { |s|
+      s.ldbc :const => 2
+      s.outnew
+      s.ldbc :const => key_id
+      s.authk :auth => :key_auth
+      s.ldwc :const => data_length
+      s.ldkel
+      s.outw
+      s.halt
+      s.label :key_auth
+      s.data :tem_ubyte, authz
+      s.stack 6
+    }
+    Tem::Abi.read_tem_short @tem.execute(ex_sec), 0
+  end
+  
   def i_crypt(data, key_id, authz, mode = :encrypt, direct_io = true,
               symmetric = false)
-    if symmetric
-      max_output = case mode
-      when :encrypt
-        ((data.length + 8) / 8) * 8
-      when :decrypt
-        data.length
-      when :sign
-        8
-      end
-    else
-      max_output = case mode
-      when :encrypt
-        ((data.length + 239) / 240) * 256
-      when :decrypt
-        data.length
-      when :sign
-        256
-      end
+    max_output = case mode
+    when :encrypt
+      (data.length + 239) / 240 * 256
+    when :decrypt
+      data.length
+    when :sign
+      256
     end
     
     crypt_opcode =
         {:encrypt => :kefxb, :decrypt => :kdfxb, :sign => :ksfxb}[mode]
     ex_sec = @tem.assemble { |s|
-      s.ldwc :const => max_output
-      s.outnew
       s.ldbc :const => key_id
       s.authk :auth => :key_auth
+      if mode == :encrypt  # Use ldkel to get the max_output value.
+        s.dupn :n => 1
+        s.ldwc :const => data.length
+        s.ldkel        
+      else
+        s.ldwc :const => max_output
+      end
+      s.outnew
+      
       s.send crypt_opcode, :from => :data, :size => data.length,
                            :to => (direct_io ? 0xFFFF : :outdata) 
       s.outvlb :from => :outdata unless direct_io
@@ -45,7 +58,7 @@ class TemCryptoKeysTest < TemTestCase
       end
       s.stack 5
     }
-    return @tem.execute(ex_sec)
+    @tem.execute ex_sec
   end
   
   def i_verify(data, signature, key_id, authz)
@@ -66,12 +79,17 @@ class TemCryptoKeysTest < TemTestCase
       s.data :tem_ubyte, signature
       s.stack 5
     }
-    return @tem.execute(sign_sec)[0] == 1
+    @tem.execute(sign_sec)[0] == 1
   end
   
   def i_test_crypto_pks_ops(pubk_id, privk_id, pubk, privk, authz)
     garbage = (0...569).map { |i| (i * i * 217 + i * 661 + 393) % 256 }
 
+    # Obtaining the length of encrypted data.
+    crypt_length = i_crypt_len garbage.length, pubk_id, authz
+    assert_equal((garbage.length + 239) / 240 * 256, crypt_length,
+                 'Incorrect result from ldkel')
+
     # SEC/priv-sign + CPU/pub-verify, direct IO.
     signed_garbage = i_crypt garbage, privk_id, authz, :sign, true
     assert privk.verify(garbage, signed_garbage),
@@ -134,6 +152,11 @@ class TemCryptoKeysTest < TemTestCase
   def i_test_crypto_sks_ops(skey_id, skey, authz)
     garbage = (0...569).map { |i| (i * i * 217 + i * 661 + 393) % 256 }
 
+    # Obtaining the length of encrypted data.
+    crypt_length = i_crypt_len garbage.length, skey_id, authz
+    assert_equal((garbage.length + 8) / 8 * 8, crypt_length,
+                 'Incorrect result from ldkel')
+
     # SEC/sign + CPU/verify, direct IO.
     signed_garbage = i_crypt garbage, skey_id, authz, :sign, true, true
     assert skey.verify(garbage, signed_garbage),

data/test/tem_unit/test_tem_crypto_pstore.rb

@@ -2,12 +2,12 @@ require 'test/tem_test_case.rb'
 
 class TemCryptoPstoreTest < TemTestCase
   def test_crypto_pstore
-    addr1 = (0...(@tem.tem_ps_addr_length)).map { |x| (61 * x * x + 62 * x + 10) % 256 }
+    addr1 = (0...(Tem::Abi.tem_ps_addr_length)).map { |x| (61 * x * x + 62 * x + 10) % 256 }
     addr2 = addr1.dup; addr2[addr2.length - 1] += 1
-    random_value = (0...(@tem.tem_ps_value_length)).map { |x| (69 * x * x + 62 * x + 10) % 256 }
+    random_value = (0...(Tem::Abi.tem_ps_value_length)).map { |x| (69 * x * x + 62 * x + 10) % 256 }
     
     sec = @tem.assemble { |s|
-      s.ldwc 3 * @tem.tem_ushort_length + @tem.tem_ps_value_length * 2
+      s.ldwc 2 * @tem.tem_ushort_length + @tem.tem_ps_value_length
       s.outnew
       
       # check that the location is blank
@@ -23,10 +23,39 @@ class TemCryptoPstoreTest < TemTestCase
       # re-read (should get what was written)
       s.ldwc :pstore_addr
       s.ldwc :s_value2
-      s.psrdvb
+      s.psrdvb      
       s.ldwc :s_value2
       s.outvb
+      s.halt
+
+      s.label :pstore_addr
+      s.data :tem_ubyte, addr1
+      s.label :s_value
+      s.data :tem_ubyte, random_value
+      s.label :s_value2
+      s.zeros :tem_ps_value
+      s.stack 8
+    }
+    expected = @tem.to_tem_ushort(0) + @tem.to_tem_ushort(1) + random_value
+    result = @tem.execute sec
+    assert_equal expected, result,
+                 "Persistent store locations aren\'t working well"   
       
+    sec = @tem.assemble { |s|
+      s.ldwc 2 * @tem.tem_ushort_length + @tem.tem_ps_value_length
+      s.outnew
+    
+      # check that the location isn't blank anymore
+      s.pshkfxb :addr => :pstore_addr
+      s.outw
+
+      # re-read (should get what was written)
+      s.ldwc :pstore_addr
+      s.ldwc :s_value2
+      s.psrdvb      
+      s.ldwc :s_value2
+      s.outvb
+
       # drop the location
       s.ldwc :pstore_addr
       s.dupn :n => 1
@@ -45,9 +74,9 @@ class TemCryptoPstoreTest < TemTestCase
       s.zeros :tem_ps_value
       s.stack 8
     }    
-    expected = @tem.to_tem_ushort(0) + @tem.to_tem_ushort(1) + random_value +
-               @tem.to_tem_ushort(0)
+    expected = @tem.to_tem_ushort(1) + random_value + @tem.to_tem_ushort(0)
     result = @tem.execute sec
-    assert_equal expected, result, 'persistent store locations aren\'t working well'    
+    assert_equal expected, result,
+                 "Persistent store data didn't survive across SECpack execution"   
   end
 end

data/test/tem_unit/test_tem_emit.rb

@@ -2,22 +2,21 @@ require 'test/tem_test_case.rb'
 
 class TemEmitTest < TemTestCase
   def test_emit
-    # try to emit
-    er = @tem.emit
-    assert er != nil, 'TEM emitting failed'
+    # Try to emit the TEM.
+    privek_auth = @tem.emit
+    assert privek_auth != nil, 'TEM emitting failed'
     
-    # now verify that the private key is good and the authorization matches
-    privek = @tem.tk_read_key 0, er[:privek_auth]
-    assert((not privek.is_public?), 'TEM emission failed to produce a proper PrivEK')
+    # Verify that the private key is good and the authorization matches.
+    privek = @tem.tk_read_key 0, privek_auth
+    assert((not privek.is_public?),
+           'TEM emission failed to produce a proper PrivEK')
 
-    # verify that the public key can be read from the ECert
+    # Verify that the public key can be read from the ECert.
     pubek = @tem.pubek
     assert pubek.is_public?, 'TEM emission failed to produce a proper PubEK'
 
-    # verify the PrivEK against the ECert
+    # Verify the PrivEK against the ECert.
     ecert = @tem.endorsement_cert
     ecert.verify privek.ssl_key
-    
-    @tem.tk_delete_key 0, er[:privek_auth]
-  end  
+  end
 end

data/test/tem_unit/test_tem_migrate.rb

@@ -0,0 +1,43 @@
+require 'test/tem_test_case.rb'
+
+class TemMigrateTest < TemTestCase
+  def _migrate_test_secret
+    [0x31, 0x41, 0x59, 0x65, 0x35]
+  end
+  
+  def _migrate_test_seclosure
+    Tem::Assembler.assemble { |s|
+      s.label :secret
+      s.ldbc :const => _migrate_test_secret.length
+      s.dupn :n => 1
+      s.outnew
+      s.outvlb :from => :dump_data
+      s.halt
+      s.label :dump_data
+      s.data :tem_ubyte, _migrate_test_secret
+      s.label :plain
+    }
+  end
+  
+  def test_migrate
+    # Emit the TEM, bind the SECpack, and test it.
+    privek_auth = @tem.emit
+    sec = _migrate_test_seclosure
+    sec.bind @tem.pubek, :secret, :plain
+    assert_equal _migrate_test_secret, @tem.execute(sec),
+                 'Migration test SECpack incorrect'
+    
+    # The migration target key pair.
+    ekey = OpenSSL::PKey::RSA.generate(2048, 65537)
+    privk = Tem::Key.new_from_ssl_key ekey
+    pubk = Tem::Key.new_from_ssl_key ekey.public_key
+    ecert2 = Tem::CA.new_ecert pubk.ssl_key
+    migrated = @tem.migrate sec, ecert2
+    
+    authz = [0] * 20
+    privk_id = @tem.tk_post_key privk, authz
+    assert_equal _migrate_test_secret, @tem.execute(migrated, privk_id),
+                 'Migrated SECpack executed incorrectly'
+    @tem.tk_delete_key privk_id, authz
+  end
+end

data/test/test_driver.rb

@@ -49,16 +49,5 @@ class DriverTest < TemTestCase
     end
 
     b_ids.each { |bid| @tem.release_buffer(bid) }
-  end
-  
-  def test_tag
-    garbage = (1...569).map { |i| (i * i * 217 + i * 661 + 393) % 256 }
-    
-    assert_raise Smartcard::Iso::ApduError, 'tag returned before being set' do
-      @tem.get_tag
-    end
-    
-    @tem.set_tag garbage
-    assert_equal garbage, @tem.get_tag, 'error in posted tag data'    
-  end
+  end  
 end

data/test/test_tag.rb

@@ -0,0 +1,42 @@
+require 'test/tem_test_case.rb'
+
+
+class DriverTest < TemTestCase
+  def test_tag_reading_before_writing
+    assert_raise Smartcard::Iso::ApduError,
+                 'Tag length returned before being set' do
+      @tem.get_raw_tag_length
+    end
+
+    assert_raise Smartcard::Iso::ApduError,
+                 'Tag data returned before being set' do
+      @tem.get_raw_tag_data 0, 1
+    end    
+  end
+  
+  def test_raw_tag_io
+    garbage = (1...569).map { |i| (i * i * 217 + i * 661 + 393) % 256 }
+        
+    @tem.set_raw_tag_data garbage    
+    assert_equal garbage.length, @tem.get_raw_tag_length,
+                 'Error in raw tag length'
+    assert_equal garbage[19, 400], @tem.get_raw_tag_data(19, 400),
+                 'Error in raw tag data partial read'    
+    assert_equal garbage, @tem.get_raw_tag_data(0, garbage.length),
+                 'Error in raw tag data full read'    
+  end
+  
+  def test_structured_tag
+    g1 = (1...569).map { |i| (i * i * 217 + i * 661 + 393) % 256 }
+    g2 = (570...1032).map { |i| (i * i * 217 + i * 661 + 393) % 256 }
+    tag_data = { 0x01 => g1, 0x11 => g2 }
+    
+    encoded = Tem::Apdus::Tag.encode_tag tag_data
+    assert_equal tag_data, Tem::Apdus::Tag.decode_tag(encoded),
+                 'Inconsistency in TLV encoding / decoding'
+                 
+    @tem.set_tag tag_data
+    @tem.clear_icache
+    assert_equal tag_data, @tem.tag
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: tem_ruby
 version: !ruby/object:Gem::Version 
-  version: 0.14.1
+  version: 0.15.1
 platform: ruby
 authors: 
 - Victor Costan
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-11-16 00:00:00 -05:00
+date: 2009-11-18 00:00:00 -05:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -64,6 +64,8 @@ extra_rdoc_files:
 - bin/tem_stat
 - bin/tem_upload_fw
 - lib/tem/_cert.rb
+- lib/tem/admin/emit.rb
+- lib/tem/admin/migrate.rb
 - lib/tem/apdus/buffers.rb
 - lib/tem/apdus/keys.rb
 - lib/tem/apdus/lifecycle.rb
@@ -115,6 +117,8 @@ files:
 - dev_ca/ca_key.pem
 - dev_ca/config.yml
 - lib/tem/_cert.rb
+- lib/tem/admin/emit.rb
+- lib/tem/admin/migrate.rb
 - lib/tem/apdus/buffers.rb
 - lib/tem/apdus/keys.rb
 - lib/tem/apdus/lifecycle.rb
@@ -163,12 +167,14 @@ files:
 - test/tem_unit/test_tem_emit.rb
 - test/tem_unit/test_tem_memory.rb
 - test/tem_unit/test_tem_memory_compare.rb
+- test/tem_unit/test_tem_migrate.rb
 - test/tem_unit/test_tem_output.rb
 - test/tem_unit/test_tem_yaml_secpack.rb
 - test/test_auto_conf.rb
 - test/test_crypto_engine.rb
 - test/test_driver.rb
 - test/test_exceptions.rb
+- test/test_tag.rb
 - tem_ruby.gemspec
 has_rdoc: true
 homepage: http://tem.rubyforge.org
@@ -204,21 +210,23 @@ signing_key:
 specification_version: 3
 summary: TEM (Trusted Execution Module) driver, written in and for ruby.
 test_files: 
-- test/test_driver.rb
-- test/firmware/test_uploader.rb
-- test/test_auto_conf.rb
 - test/builders/test_abi_builder.rb
-- test/tem_unit/test_tem_emit.rb
-- test/tem_unit/test_tem_crypto_keys.rb
-- test/tem_unit/test_tem_yaml_secpack.rb
+- test/firmware/test_uploader.rb
 - test/tem_unit/test_tem_alu.rb
-- test/tem_unit/test_tem_crypto_hash.rb
 - test/tem_unit/test_tem_bound_secpack.rb
-- test/tem_unit/test_tem_memory_compare.rb
-- test/tem_unit/test_tem_output.rb
-- test/tem_unit/test_tem_crypto_random.rb
-- test/tem_unit/test_tem_memory.rb
 - test/tem_unit/test_tem_branching.rb
+- test/tem_unit/test_tem_crypto_hash.rb
+- test/tem_unit/test_tem_crypto_keys.rb
 - test/tem_unit/test_tem_crypto_pstore.rb
-- test/test_exceptions.rb
+- test/tem_unit/test_tem_crypto_random.rb
+- test/tem_unit/test_tem_emit.rb
+- test/tem_unit/test_tem_memory.rb
+- test/tem_unit/test_tem_memory_compare.rb
+- test/tem_unit/test_tem_migrate.rb
+- test/tem_unit/test_tem_output.rb
+- test/tem_unit/test_tem_yaml_secpack.rb
+- test/test_auto_conf.rb
 - test/test_crypto_engine.rb
+- test/test_driver.rb
+- test/test_exceptions.rb
+- test/test_tag.rb