* ext/openssl/extconf.rb: add check for OBJ_NAME_do_all_sorted.

* ext/openssl/ossl_cipher.c (ossl_s_ciphers): new method
  OpenSSL::Cipher.ciphers. it returns all the cipher names.

* ext/openssl/ossl_cipher.c (ossl_cipher_init): refine warning message.

* ext/openssl/lib/openssl/cipher.rb: reimplement without eval() and
  add constants AES128, AES192, AES256. [ruby-dev:28610]

* ext/openssl/lib/openssl/digest.rb: reimplement without eval().

* test/openssl/test_cipher.rb, test_digest: fix about reimplemented               features.

* sample/openssl/cipher.rb: rewrite all.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@10137 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
gotoyuzo 2006-05-08 00:12:00 +00:00
Родитель 911655fd17
Коммит 55ef220fe0
8 изменённых файлов: 182 добавлений и 64 удалений

Просмотреть файл

@ -1,3 +1,22 @@
Mon May 8 09:10:31 2006 GOTOU Yuuzou <gotoyuzo@notwork.org>
* ext/openssl/extconf.rb: add check for OBJ_NAME_do_all_sorted.
* ext/openssl/ossl_cipher.c (ossl_s_ciphers): new method
OpenSSL::Cipher.ciphers. it returns all the cipher names.
* ext/openssl/ossl_cipher.c (ossl_cipher_init): refine warning message.
* ext/openssl/lib/openssl/cipher.rb: reimplement without eval() and
add constants AES128, AES192, AES256. [ruby-dev:28610]
* ext/openssl/lib/openssl/digest.rb: reimplement without eval().
* test/openssl/test_cipher.rb, test_digest: fix about reimplemented
features.
* sample/openssl/cipher.rb: rewrite all.
Sun May 7 03:09:51 2006 Stephan Maka <stephan@spaceboyz.net>
* lib/resolv.rb (Resolv::DNS::Requester::ConnectedUDP#initialize):

Просмотреть файл

@ -91,6 +91,7 @@ have_func("X509_CRL_set_version")
have_func("X509_CRL_sort")
have_func("X509_STORE_get_ex_data")
have_func("X509_STORE_set_ex_data")
have_func("OBJ_NAME_do_all_sorted")
have_func("OPENSSL_cleanse")
if try_compile("#define FOO(a, ...) foo(a, ##__VA_ARGS__)\n int x(){FOO(1);FOO(1,2);FOO(1,2,3);}\n")
$defs.push("-DHAVE_VA_ARGS_MACRO")

Просмотреть файл

@ -20,19 +20,25 @@
module OpenSSL
module Cipher
%w(AES CAST5 BF DES IDEA RC2 RC4 RC5).each{|cipher|
eval(<<-EOD)
class #{cipher} < Cipher
def initialize(*args)
args = args.join('-')
if args.size == 0
super(\"#{cipher}\")
else
super(\"#{cipher}-#\{args\}\")
end
end
end
EOD
%w(AES CAST5 BF DES IDEA RC2 RC4 RC5).each{|name|
klass = Class.new(Cipher){
define_method(:initialize){|*args|
cipher_name = args.inject(name){|n, arg| "#{n}-#{arg}" }
super(cipher_name)
}
}
const_set(name, klass)
}
%w(128 192 256).each{|keylen|
klass = Class.new(Cipher){
define_method(:initialize){|mode|
mode ||= "CBC"
cipher_name = "AES-#{keylen}-#{mode}"
super(cipher_name)
}
}
const_set("AES#{keylen}", klass)
}
class Cipher

Просмотреть файл

@ -26,22 +26,22 @@ module OpenSSL
alg += %w(SHA224 SHA256 SHA384 SHA512)
end
alg.each{|digest|
self.module_eval(<<-EOD)
class #{digest} < Digest
def initialize(data=nil)
super(\"#{digest}\", data)
alg.each{|name|
klass = Class.new(Digest){
define_method(:initialize){|*data|
if data.length > 1
raise ArgumentError,
"wrong number of arguments (#{data.length} for 1)"
end
def #{digest}::digest(data)
Digest::digest(\"#{digest}\", data)
end
def #{digest}::hexdigest(data)
Digest::hexdigest(\"#{digest}\", data)
end
end
EOD
super(name, data.first)
}
}
singleton = (class <<klass; self; end)
singleton.class_eval{
define_method(:digest){|data| Digest.digest(name, data) }
define_method(:hexdigest){|data| Digest.hexdigest(name, data) }
}
const_set(name, klass)
}
end # Digest

Просмотреть файл

@ -117,6 +117,29 @@ ossl_cipher_copy(VALUE self, VALUE other)
return self;
}
static void*
add_cipher_name_to_ary(const OBJ_NAME *name, VALUE ary)
{
rb_ary_push(ary, rb_str_new2(name->name));
}
static VALUE
ossl_s_ciphers(VALUE self)
{
#ifdef HAVE_OBJ_NAME_DO_ALL_SORTED
VALUE ary;
ary = rb_ary_new();
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
(void(*)(const OBJ_NAME*,void*))add_cipher_name_to_ary,
(void*)ary);
return ary;
#else
rb_notimplement();
#endif
}
static VALUE
ossl_cipher_reset(VALUE self)
{
@ -143,13 +166,14 @@ ossl_cipher_init(int argc, VALUE *argv, VALUE self, int mode)
* We deprecated the arguments for this method, but we decided
* keeping this behaviour for backward compatibility.
*/
char *cname = rb_class2name(rb_obj_class(self));
rb_warn("argumtents for %s#encrypt and %s#decrypt were deprecated; "
"use %s#pkcs5_keyivgen to derive key and IV",
cname, cname, cname);
StringValue(pass);
GetCipher(self, ctx);
if (NIL_P(init_v)) memcpy(iv, "OpenSSL for Ruby rulez!", sizeof(iv));
else{
char *cname = rb_class2name(rb_obj_class(self));
rb_warning("key derivation by %s#encrypt is deprecated; "
"use %s::pkcs5_keyivgen instead", cname, cname);
StringValue(init_v);
if (EVP_MAX_IV_LENGTH > RSTRING(init_v)->len) {
memset(iv, 0, EVP_MAX_IV_LENGTH);
@ -352,6 +376,7 @@ Init_ossl_cipher(void)
rb_define_alloc_func(cCipher, ossl_cipher_alloc);
rb_define_copy_func(cCipher, ossl_cipher_copy);
rb_define_module_function(mCipher, "ciphers", ossl_s_ciphers, 0);
rb_define_method(cCipher, "initialize", ossl_cipher_initialize, 1);
rb_define_method(cCipher, "reset", ossl_cipher_reset, 0);
rb_define_method(cCipher, "encrypt", ossl_cipher_encrypt, -1);

Просмотреть файл

@ -1,29 +1,54 @@
#!/usr/bin/env ruby
require 'openssl'
def crypt_by_password(alg, pass, salt, text)
puts "--Setup--"
puts %(cipher alg: "#{alg}")
puts %(plain text: "#{text}")
puts %(password: "#{pass}")
puts %(salt: "#{salt}")
puts
puts "--Encrypting--"
enc = OpenSSL::Cipher::Cipher.new(alg)
enc.encrypt
enc.pkcs5_keyivgen(pass, salt)
cipher = enc.update(text)
cipher << enc.final
puts %(encrypted text: #{cipher.inspect})
puts
puts "--Decrypting--"
dec = OpenSSL::Cipher::Cipher.new(alg)
dec.decrypt
dec.pkcs5_keyivgen(pass, salt)
plain = dec.update(cipher)
plain << dec.final
puts %(decrypted text: "#{plain}")
puts
end
def ciphers
ciphers = OpenSSL::Cipher.ciphers.sort
ciphers.each{|i|
if i.upcase != i && ciphers.include?(i.upcase)
ciphers.delete(i)
end
}
return ciphers
end
puts "Supported ciphers in #{OpenSSL::OPENSSL_VERSION}:"
ciphers.each_with_index{|name, i|
printf("%-15s", name)
puts if (i + 1) % 5 == 0
}
puts
puts
alg = ARGV.shift || ciphers.first
pass = "secret password"
salt = "8 octets" # or nil
text = "abcdefghijklmnopqrstuvwxyz"
key = "key"
alg = "DES-EDE3-CBC"
#alg = "AES-128-CBC"
puts "--Setup--"
puts %(clear text: "#{text}")
puts %(symmetric key: "#{key}")
puts %(cipher alg: "#{alg}")
puts
puts "--Encrypting--"
des = OpenSSL::Cipher::Cipher.new(alg)
des.encrypt(key) #, "iv12345678")
cipher = des.update(text)
cipher << des.final
puts %(encrypted text: #{cipher.inspect})
puts
puts "--Decrypting--"
des = OpenSSL::Cipher::Cipher.new(alg)
des.decrypt(key) #, "iv12345678")
out = des.update(cipher)
out << des.final
puts %(decrypted text: "#{out}")
puts
crypt_by_password(alg, pass, salt, text)

Просмотреть файл

@ -11,7 +11,7 @@ class OpenSSL::TestCipher < Test::Unit::TestCase
@c1 = OpenSSL::Cipher::Cipher.new("DES-EDE3-CBC")
@c2 = OpenSSL::Cipher::DES.new(:EDE3, "CBC")
@key = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
@iv = @key
@iv = "\0\0\0\0\0\0\0\0"
@hexkey = "0000000000000000000000000000000000000000000000"
@hexiv = "0000000000000000"
@data = "DATA"
@ -22,11 +22,16 @@ class OpenSSL::TestCipher < Test::Unit::TestCase
end
def test_crypt
s1 = @c1.encrypt(@key, @iv).update(@data) + @c1.final
s2 = @c2.encrypt(@key, @iv).update(@data) + @c2.final
@c1.encrypt.pkcs5_keyivgen(@key, @iv)
@c2.encrypt.pkcs5_keyivgen(@key, @iv)
s1 = @c1.update(@data) + @c1.final
s2 = @c2.update(@data) + @c2.final
assert_equal(s1, s2, "encrypt")
assert_equal(@data, @c1.decrypt(@key, @iv).update(s2)+@c1.final, "decrypt")
assert_equal(@data, @c2.decrypt(@key, @iv).update(s1)+@c2.final, "decrypt")
@c1.decrypt.pkcs5_keyivgen(@key, @iv)
@c2.decrypt.pkcs5_keyivgen(@key, @iv)
assert_equal(@data, @c1.update(s1)+@c1.final, "decrypt")
assert_equal(@data, @c2.update(s2)+@c2.final, "decrypt")
end
def test_info
@ -62,6 +67,29 @@ class OpenSSL::TestCipher < Test::Unit::TestCase
@c1.encrypt
assert_raises(ArgumentError){ @c1.update("") }
end
if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00907000
def test_ciphers
OpenSSL::Cipher.ciphers.each{|name|
assert(OpenSSL::Cipher::Cipher.new(name).is_a?(OpenSSL::Cipher::Cipher))
}
end
def test_AES
pt = File.read(__FILE__)
%w(ECB CBC CFB OFB).each{|mode|
c1 = OpenSSL::Cipher::AES256.new(mode)
c1.encrypt
c1.pkcs5_keyivgen("passwd")
ct = c1.update(pt) + c1.final
c2 = OpenSSL::Cipher::AES256.new(mode)
c2.decrypt
c2.pkcs5_keyivgen("passwd")
assert_equal(pt, c2.update(ct) + c2.final)
}
end
end
end
end

Просмотреть файл

@ -62,11 +62,25 @@ class OpenSSL::TestDigest < Test::Unit::TestCase
end
if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00908000
def encode16(str)
str.unpack("H*").first
end
def test_098_features
assert_equal("abd37534c7d9a2efb9465de931cd7055ffdb8879563ae98078d6d6d5", OpenSSL::Digest::SHA224.hexdigest("a"))
assert_equal("ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb", OpenSSL::Digest::SHA256.hexdigest("a"))
assert_equal("54a59b9f22b0b80880d8427e548b7c23abd873486e1f035dce9cd697e85175033caa88e6d57bc35efae0b5afd3145f31", OpenSSL::Digest::SHA384.hexdigest("a"))
assert_equal("1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75", OpenSSL::Digest::SHA512.hexdigest("a"))
sha224_a = "abd37534c7d9a2efb9465de931cd7055ffdb8879563ae98078d6d6d5"
sha256_a = "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"
sha384_a = "54a59b9f22b0b80880d8427e548b7c23abd873486e1f035dce9cd697e85175033caa88e6d57bc35efae0b5afd3145f31"
sha512_a = "1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75"
assert_equal(sha224_a, OpenSSL::Digest::SHA224.hexdigest("a"))
assert_equal(sha256_a, OpenSSL::Digest::SHA256.hexdigest("a"))
assert_equal(sha384_a, OpenSSL::Digest::SHA384.hexdigest("a"))
assert_equal(sha512_a, OpenSSL::Digest::SHA512.hexdigest("a"))
assert_equal(sha224_a, encode16(OpenSSL::Digest::SHA224.digest("a")))
assert_equal(sha256_a, encode16(OpenSSL::Digest::SHA256.digest("a")))
assert_equal(sha384_a, encode16(OpenSSL::Digest::SHA384.digest("a")))
assert_equal(sha512_a, encode16(OpenSSL::Digest::SHA512.digest("a")))
end
end
end