summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog19
-rw-r--r--ext/openssl/extconf.rb1
-rw-r--r--ext/openssl/lib/openssl/cipher.rb32
-rw-r--r--ext/openssl/lib/openssl/digest.rb30
-rw-r--r--ext/openssl/ossl_cipher.c31
-rw-r--r--sample/openssl/cipher.rb69
-rw-r--r--test/openssl/test_cipher.rb38
-rw-r--r--test/openssl/test_digest.rb22
8 files changed, 180 insertions, 62 deletions
diff --git a/ChangeLog b/ChangeLog
index b8d76f31730..7826e177644 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,22 @@
+Mon May 8 09:10:31 2006 GOTOU Yuuzou <gotoyuzo@notwork.org>
+
+ * ext/openssl/extconf.rb: add check for OBJ_NAME_do_all_sorted.
+
+ * ext/openssl/ossl_cipher.c (ossl_s_ciphers): new method
+ OpenSSL::Cipher.ciphers. it returns all the cipher names.
+
+ * ext/openssl/ossl_cipher.c (ossl_cipher_init): refine warning message.
+
+ * ext/openssl/lib/openssl/cipher.rb: reimplement without eval() and
+ add constants AES128, AES192, AES256. [ruby-dev:28610]
+
+ * ext/openssl/lib/openssl/digest.rb: reimplement without eval().
+
+ * test/openssl/test_cipher.rb, test_digest: fix about reimplemented
+ features.
+
+ * sample/openssl/cipher.rb: rewrite all.
+
Sun May 7 03:09:51 2006 Stephan Maka <stephan@spaceboyz.net>
* lib/resolv.rb (Resolv::DNS::Requester::ConnectedUDP#initialize):
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index 42afc9608c5..04c86e75056 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -91,6 +91,7 @@ have_func("X509_CRL_set_version")
have_func("X509_CRL_sort")
have_func("X509_STORE_get_ex_data")
have_func("X509_STORE_set_ex_data")
+have_func("OBJ_NAME_do_all_sorted")
have_func("OPENSSL_cleanse")
if try_compile("#define FOO(a, ...) foo(a, ##__VA_ARGS__)\n int x(){FOO(1);FOO(1,2);FOO(1,2,3);}\n")
$defs.push("-DHAVE_VA_ARGS_MACRO")
diff --git a/ext/openssl/lib/openssl/cipher.rb b/ext/openssl/lib/openssl/cipher.rb
index 9f8776d6fca..049533d06b8 100644
--- a/ext/openssl/lib/openssl/cipher.rb
+++ b/ext/openssl/lib/openssl/cipher.rb
@@ -20,19 +20,25 @@
module OpenSSL
module Cipher
- %w(AES CAST5 BF DES IDEA RC2 RC4 RC5).each{|cipher|
- eval(<<-EOD)
- class #{cipher} < Cipher
- def initialize(*args)
- args = args.join('-')
- if args.size == 0
- super(\"#{cipher}\")
- else
- super(\"#{cipher}-#\{args\}\")
- end
- end
- end
- EOD
+ %w(AES CAST5 BF DES IDEA RC2 RC4 RC5).each{|name|
+ klass = Class.new(Cipher){
+ define_method(:initialize){|*args|
+ cipher_name = args.inject(name){|n, arg| "#{n}-#{arg}" }
+ super(cipher_name)
+ }
+ }
+ const_set(name, klass)
+ }
+
+ %w(128 192 256).each{|keylen|
+ klass = Class.new(Cipher){
+ define_method(:initialize){|mode|
+ mode ||= "CBC"
+ cipher_name = "AES-#{keylen}-#{mode}"
+ super(cipher_name)
+ }
+ }
+ const_set("AES#{keylen}", klass)
}
class Cipher
diff --git a/ext/openssl/lib/openssl/digest.rb b/ext/openssl/lib/openssl/digest.rb
index 5745661c3c6..b3e44848056 100644
--- a/ext/openssl/lib/openssl/digest.rb
+++ b/ext/openssl/lib/openssl/digest.rb
@@ -26,22 +26,22 @@ module OpenSSL
alg += %w(SHA224 SHA256 SHA384 SHA512)
end
- alg.each{|digest|
- self.module_eval(<<-EOD)
- class #{digest} < Digest
- def initialize(data=nil)
- super(\"#{digest}\", data)
+ alg.each{|name|
+ klass = Class.new(Digest){
+ define_method(:initialize){|*data|
+ if data.length > 1
+ raise ArgumentError,
+ "wrong number of arguments (#{data.length} for 1)"
end
-
- def #{digest}::digest(data)
- Digest::digest(\"#{digest}\", data)
- end
-
- def #{digest}::hexdigest(data)
- Digest::hexdigest(\"#{digest}\", data)
- end
- end
- EOD
+ super(name, data.first)
+ }
+ }
+ singleton = (class <<klass; self; end)
+ singleton.class_eval{
+ define_method(:digest){|data| Digest.digest(name, data) }
+ define_method(:hexdigest){|data| Digest.hexdigest(name, data) }
+ }
+ const_set(name, klass)
}
end # Digest
diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c
index bc72d7e538f..c6df2bc797c 100644
--- a/ext/openssl/ossl_cipher.c
+++ b/ext/openssl/ossl_cipher.c
@@ -117,6 +117,29 @@ ossl_cipher_copy(VALUE self, VALUE other)
return self;
}
+static void*
+add_cipher_name_to_ary(const OBJ_NAME *name, VALUE ary)
+{
+ rb_ary_push(ary, rb_str_new2(name->name));
+}
+
+static VALUE
+ossl_s_ciphers(VALUE self)
+{
+#ifdef HAVE_OBJ_NAME_DO_ALL_SORTED
+ VALUE ary;
+
+ ary = rb_ary_new();
+ OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
+ (void(*)(const OBJ_NAME*,void*))add_cipher_name_to_ary,
+ (void*)ary);
+
+ return ary;
+#else
+ rb_notimplement();
+#endif
+}
+
static VALUE
ossl_cipher_reset(VALUE self)
{
@@ -143,13 +166,14 @@ ossl_cipher_init(int argc, VALUE *argv, VALUE self, int mode)
* We deprecated the arguments for this method, but we decided
* keeping this behaviour for backward compatibility.
*/
+ char *cname = rb_class2name(rb_obj_class(self));
+ rb_warn("argumtents for %s#encrypt and %s#decrypt were deprecated; "
+ "use %s#pkcs5_keyivgen to derive key and IV",
+ cname, cname, cname);
StringValue(pass);
GetCipher(self, ctx);
if (NIL_P(init_v)) memcpy(iv, "OpenSSL for Ruby rulez!", sizeof(iv));
else{
- char *cname = rb_class2name(rb_obj_class(self));
- rb_warning("key derivation by %s#encrypt is deprecated; "
- "use %s::pkcs5_keyivgen instead", cname, cname);
StringValue(init_v);
if (EVP_MAX_IV_LENGTH > RSTRING(init_v)->len) {
memset(iv, 0, EVP_MAX_IV_LENGTH);
@@ -352,6 +376,7 @@ Init_ossl_cipher(void)
rb_define_alloc_func(cCipher, ossl_cipher_alloc);
rb_define_copy_func(cCipher, ossl_cipher_copy);
+ rb_define_module_function(mCipher, "ciphers", ossl_s_ciphers, 0);
rb_define_method(cCipher, "initialize", ossl_cipher_initialize, 1);
rb_define_method(cCipher, "reset", ossl_cipher_reset, 0);
rb_define_method(cCipher, "encrypt", ossl_cipher_encrypt, -1);
diff --git a/sample/openssl/cipher.rb b/sample/openssl/cipher.rb
index 844b6eea4ee..58b10d60469 100644
--- a/sample/openssl/cipher.rb
+++ b/sample/openssl/cipher.rb
@@ -1,29 +1,54 @@
#!/usr/bin/env ruby
require 'openssl'
-text = "abcdefghijklmnopqrstuvwxyz"
-key = "key"
-alg = "DES-EDE3-CBC"
-#alg = "AES-128-CBC"
+def crypt_by_password(alg, pass, salt, text)
+ puts "--Setup--"
+ puts %(cipher alg: "#{alg}")
+ puts %(plain text: "#{text}")
+ puts %(password: "#{pass}")
+ puts %(salt: "#{salt}")
+ puts
-puts "--Setup--"
-puts %(clear text: "#{text}")
-puts %(symmetric key: "#{key}")
-puts %(cipher alg: "#{alg}")
-puts
+ puts "--Encrypting--"
+ enc = OpenSSL::Cipher::Cipher.new(alg)
+ enc.encrypt
+ enc.pkcs5_keyivgen(pass, salt)
+ cipher = enc.update(text)
+ cipher << enc.final
+ puts %(encrypted text: #{cipher.inspect})
+ puts
-puts "--Encrypting--"
-des = OpenSSL::Cipher::Cipher.new(alg)
-des.encrypt(key) #, "iv12345678")
-cipher = des.update(text)
-cipher << des.final
-puts %(encrypted text: #{cipher.inspect})
-puts
+ puts "--Decrypting--"
+ dec = OpenSSL::Cipher::Cipher.new(alg)
+ dec.decrypt
+ dec.pkcs5_keyivgen(pass, salt)
+ plain = dec.update(cipher)
+ plain << dec.final
+ puts %(decrypted text: "#{plain}")
+ puts
+end
+
+def ciphers
+ ciphers = OpenSSL::Cipher.ciphers.sort
+ ciphers.each{|i|
+ if i.upcase != i && ciphers.include?(i.upcase)
+ ciphers.delete(i)
+ end
+ }
+ return ciphers
+end
-puts "--Decrypting--"
-des = OpenSSL::Cipher::Cipher.new(alg)
-des.decrypt(key) #, "iv12345678")
-out = des.update(cipher)
-out << des.final
-puts %(decrypted text: "#{out}")
+puts "Supported ciphers in #{OpenSSL::OPENSSL_VERSION}:"
+ciphers.each_with_index{|name, i|
+ printf("%-15s", name)
+ puts if (i + 1) % 5 == 0
+}
puts
+puts
+
+alg = ARGV.shift || ciphers.first
+pass = "secret password"
+salt = "8 octets" # or nil
+text = "abcdefghijklmnopqrstuvwxyz"
+
+crypt_by_password(alg, pass, salt, text)
diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb
index c84b47b7f4f..d6719081653 100644
--- a/test/openssl/test_cipher.rb
+++ b/test/openssl/test_cipher.rb
@@ -11,7 +11,7 @@ class OpenSSL::TestCipher < Test::Unit::TestCase
@c1 = OpenSSL::Cipher::Cipher.new("DES-EDE3-CBC")
@c2 = OpenSSL::Cipher::DES.new(:EDE3, "CBC")
@key = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
- @iv = @key
+ @iv = "\0\0\0\0\0\0\0\0"
@hexkey = "0000000000000000000000000000000000000000000000"
@hexiv = "0000000000000000"
@data = "DATA"
@@ -22,11 +22,16 @@ class OpenSSL::TestCipher < Test::Unit::TestCase
end
def test_crypt
- s1 = @c1.encrypt(@key, @iv).update(@data) + @c1.final
- s2 = @c2.encrypt(@key, @iv).update(@data) + @c2.final
+ @c1.encrypt.pkcs5_keyivgen(@key, @iv)
+ @c2.encrypt.pkcs5_keyivgen(@key, @iv)
+ s1 = @c1.update(@data) + @c1.final
+ s2 = @c2.update(@data) + @c2.final
assert_equal(s1, s2, "encrypt")
- assert_equal(@data, @c1.decrypt(@key, @iv).update(s2)+@c1.final, "decrypt")
- assert_equal(@data, @c2.decrypt(@key, @iv).update(s1)+@c2.final, "decrypt")
+
+ @c1.decrypt.pkcs5_keyivgen(@key, @iv)
+ @c2.decrypt.pkcs5_keyivgen(@key, @iv)
+ assert_equal(@data, @c1.update(s1)+@c1.final, "decrypt")
+ assert_equal(@data, @c2.update(s2)+@c2.final, "decrypt")
end
def test_info
@@ -62,6 +67,29 @@ class OpenSSL::TestCipher < Test::Unit::TestCase
@c1.encrypt
assert_raises(ArgumentError){ @c1.update("") }
end
+
+ if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00907000
+ def test_ciphers
+ OpenSSL::Cipher.ciphers.each{|name|
+ assert(OpenSSL::Cipher::Cipher.new(name).is_a?(OpenSSL::Cipher::Cipher))
+ }
+ end
+
+ def test_AES
+ pt = File.read(__FILE__)
+ %w(ECB CBC CFB OFB).each{|mode|
+ c1 = OpenSSL::Cipher::AES256.new(mode)
+ c1.encrypt
+ c1.pkcs5_keyivgen("passwd")
+ ct = c1.update(pt) + c1.final
+
+ c2 = OpenSSL::Cipher::AES256.new(mode)
+ c2.decrypt
+ c2.pkcs5_keyivgen("passwd")
+ assert_equal(pt, c2.update(ct) + c2.final)
+ }
+ end
+ end
end
end
diff --git a/test/openssl/test_digest.rb b/test/openssl/test_digest.rb
index da5b6e49c5b..8941588b97e 100644
--- a/test/openssl/test_digest.rb
+++ b/test/openssl/test_digest.rb
@@ -62,11 +62,25 @@ class OpenSSL::TestDigest < Test::Unit::TestCase
end
if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00908000
+ def encode16(str)
+ str.unpack("H*").first
+ end
+
def test_098_features
- assert_equal("abd37534c7d9a2efb9465de931cd7055ffdb8879563ae98078d6d6d5", OpenSSL::Digest::SHA224.hexdigest("a"))
- assert_equal("ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb", OpenSSL::Digest::SHA256.hexdigest("a"))
- assert_equal("54a59b9f22b0b80880d8427e548b7c23abd873486e1f035dce9cd697e85175033caa88e6d57bc35efae0b5afd3145f31", OpenSSL::Digest::SHA384.hexdigest("a"))
- assert_equal("1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75", OpenSSL::Digest::SHA512.hexdigest("a"))
+ sha224_a = "abd37534c7d9a2efb9465de931cd7055ffdb8879563ae98078d6d6d5"
+ sha256_a = "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"
+ sha384_a = "54a59b9f22b0b80880d8427e548b7c23abd873486e1f035dce9cd697e85175033caa88e6d57bc35efae0b5afd3145f31"
+ sha512_a = "1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75"
+
+ assert_equal(sha224_a, OpenSSL::Digest::SHA224.hexdigest("a"))
+ assert_equal(sha256_a, OpenSSL::Digest::SHA256.hexdigest("a"))
+ assert_equal(sha384_a, OpenSSL::Digest::SHA384.hexdigest("a"))
+ assert_equal(sha512_a, OpenSSL::Digest::SHA512.hexdigest("a"))
+
+ assert_equal(sha224_a, encode16(OpenSSL::Digest::SHA224.digest("a")))
+ assert_equal(sha256_a, encode16(OpenSSL::Digest::SHA256.digest("a")))
+ assert_equal(sha384_a, encode16(OpenSSL::Digest::SHA384.digest("a")))
+ assert_equal(sha512_a, encode16(OpenSSL::Digest::SHA512.digest("a")))
end
end
end