Permalink
Browse files

Add OpenSSL::PKCS5

  • Loading branch information...
1 parent c858dc7 commit 66f03f9b9a544af784280ac6edadec887abe529c @emboss emboss committed Jan 20, 2013
Showing with 314 additions and 2 deletions.
  1. +6 −0 .gitignore
  2. +18 −0 .travis.yml
  3. +23 −0 Gemfile
  4. +20 −0 LICENSE
  5. +11 −2 README.md
  6. +10 −0 Rakefile
  7. +50 −0 ci/travis.rb
  8. +16 −0 krypt-ossl.gemspec
  9. +38 −0 lib/krypt/ossl.rb
  10. +17 −0 lib/krypt/ossl/pkcs5.rb
  11. +100 −0 test/test_pkcs5.rb
  12. +5 −0 test/utils.rb
View
@@ -1,3 +1,9 @@
+tmp
+*.swp
+*.swo
+*~
+.rbx/
+.idea/
*.gem
*.rbc
.bundle
View
@@ -0,0 +1,18 @@
+script: 'ci/travis.rb'
+rvm:
+ - ruby-head
+ - 1.9.3
+ - jruby-19mode
+ - jruby-head
+ - rbx-19mode
+gemfile:
+ - Gemfile
+notifications:
+ email:
+ recipients:
+ - Martin.Bosslet@googlemail.com
+ on_success: always
+ on_failure: always
+branches:
+ only:
+ - master
View
23 Gemfile
@@ -0,0 +1,23 @@
+source 'https://rubygems.org'
+
+gem 'krypt', :github => 'krypt/krypt', :branch => 'master'
+
+gem 'binyo', :platforms => :ruby, :github => 'krypt/binyo', :branch => 'master'
+gem 'krypt-provider-openssl', :platforms => :ruby, :github => 'krypt/krypt-provider-openssl', :branch => 'master'
+gem 'krypt-core-c', :platforms => :ruby, :github => 'krypt/krypt-core-c', :branch => 'master'
+
+gem 'krypt-provider-jdk', :platforms => :jruby, :github => 'krypt/krypt-provider-jdk', :branch => 'master'
+gem 'krypt-core-java', :platforms => :jruby, :github => 'krypt/krypt-core-java', :branch => 'master'
+
+group :development do
+ gem 'rake'
+ gem 'rspec'
+ gem 'jruby-openssl', :platforms => :jruby
+end
+
+group :test do
+ gem 'simplecov', :require => false
+ gem 'fuzzbert', :github => 'krypt/FuzzBert', :branch => 'master'
+end
+
+gemspec
View
20 LICENSE
@@ -0,0 +1,20 @@
+Copyright (c) 2013 Martin Boßlet
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
View
@@ -1,4 +1,13 @@
krypt-ossl
-==========
+-----------------
-A krypt shim that provides the same interface as the Ruby OpenSSL extension.
+A [krypt](https://github.com/krypt/krypt) shim that provides the same
+interface as the Ruby OpenSSL extension.
+
+For more information about krypt, please have a look at the project and its
+wiki at
+
+https://github.com/krypt/krypt
+
+Copyright (c) 2013
+Martin Boßlet <Martin.Bosslet@gmail.com>
View
@@ -0,0 +1,10 @@
+require 'rake'
+require 'rake/testtask'
+
+task :default => :test
+
+Rake::TestTask.new(:test) do |test|
+ test.libs << 'lib'
+ test.verbose = true
+ test.test_files = Dir.glob('test/test_*.rb')
+end
View
@@ -0,0 +1,50 @@
+#!/usr/bin/env ruby
+
+class Runner
+ def initialize(tasks)
+ @tasks = tasks
+ @results = {}
+ end
+
+ def run!
+ header "krypt-ossl CI started."
+ puts "Ruby version:"
+ system "ruby -v"
+ @tasks.each do |t|
+ cmd = "bundle exec rake #{t.to_s}"
+ @results[t] = system(cmd)
+ end
+ end
+
+ def evaluate
+ failed = @results.select { |k,v| v == false }
+ puts
+ if failed.empty?
+ echo_success "The build was successful."
+ echo_success "All tasks have completed successfully."
+ exit(true)
+ else
+ echo_failure "The build has failed."
+ echo_failure "Failed tasks: #{failed.keys.join(', ')}"
+ exit(false)
+ end
+ end
+
+ private
+
+ def header(msg)
+ puts "\n\e[1;34m#{msg}\e[m\n"
+ end
+
+ def echo_failure(msg)
+ puts "\n\e[1;31m#{msg}\e[m\n"
+ end
+
+ def echo_success(msg)
+ puts "\n\e[1;32m#{msg}\e[m\n"
+ end
+end
+
+r = Runner.new [:test]
+r.run!
+r.evaluate
View
@@ -0,0 +1,16 @@
+require 'fileutils'
+
+Gem::Specification.new do |s|
+ s.name = 'krypt-ossl'
+ s.version = '0.1.0'
+ s.author = 'Martin Bosslet'
+ s.email = 'Martin.Bosslet@gmail.com'
+ s.homepage = 'https://github.com/krypt/krypt-ossl'
+ s.summary = 'A krypt shim to offer the same API as the Ruby OpenSSL extension'
+ s.files = Dir.glob('lib/**/*')
+ s.files += ['LICENSE']
+ s.test_files = Dir.glob('test/**/test_*.rb')
+ s.extra_rdoc_files = [ "README.md" ]
+ s.require_path = "lib"
+ s.license = 'MIT'
+end
View
@@ -0,0 +1,38 @@
+=begin
+
+= Info
+
+krypt-ossl - A krypt shim to offer the same API as the Ruby OpenSSL extension
+
+Copyright (C) 2013
+Martin Bosslet <martin.bosslet@gmail.com>
+All rights reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+=end
+
+require 'krypt'
+
+module OpenSSL
+ class Error < StandardError; end
+end unless defined? OpenSSL
+
+require_relative 'ossl/pkcs5'
View
@@ -0,0 +1,17 @@
+module OpenSSL
+
+ #
+ # Offers the same functionality as OpenSSL::PKCS5
+ #
+ module PKCS5
+ module_function
+
+ def pbkdf2_hmac_sha1(pass, salt, iter, keylen)
+ Krypt::PBKDF2.new(Krypt::Digest::SHA1.new).generate(pass, salt, iter, keylen)
+ end
+
+ def pbkdf2_hmac(pass, salt, iter, keylen, digest)
+ Krypt::PBKDF2.new(digest).generate(pass, salt, iter, keylen)
+ end
+ end
+end
View
@@ -0,0 +1,100 @@
+# encoding: US-ASCII
+require_relative 'utils'
+
+class OpenSSL::TestPKCS5 < Test::Unit::TestCase
+
+ def test_pbkdf2_hmac_sha1_rfc6070_c_1_len_20
+ p ="password"
+ s = "salt"
+ c = 1
+ dk_len = 20
+ raw = %w{ 0c 60 c8 0f 96 1f 0e 71
+ f3 a9 b5 24 af 60 12 06
+ 2f e0 37 a6 }
+ expected = [raw.join('')].pack('H*')
+ value = OpenSSL::PKCS5.pbkdf2_hmac_sha1(p, s, c, dk_len)
+ assert_equal(expected, value)
+ end
+
+ def test_pbkdf2_hmac_sha1_rfc6070_c_2_len_20
+ p ="password"
+ s = "salt"
+ c = 2
+ dk_len = 20
+ raw = %w{ ea 6c 01 4d c7 2d 6f 8c
+ cd 1e d9 2a ce 1d 41 f0
+ d8 de 89 57 }
+ expected = [raw.join('')].pack('H*')
+ value = OpenSSL::PKCS5.pbkdf2_hmac_sha1(p, s, c, dk_len)
+ assert_equal(expected, value)
+ end
+
+ def test_pbkdf2_hmac_sha1_rfc6070_c_4096_len_20
+ p ="password"
+ s = "salt"
+ c = 4096
+ dk_len = 20
+ raw = %w{ 4b 00 79 01 b7 65 48 9a
+ be ad 49 d9 26 f7 21 d0
+ 65 a4 29 c1 }
+ expected = [raw.join('')].pack('H*')
+ value = OpenSSL::PKCS5.pbkdf2_hmac_sha1(p, s, c, dk_len)
+ assert_equal(expected, value)
+ end
+
+# takes too long!
+# def test_pbkdf2_hmac_sha1_rfc6070_c_16777216_len_20
+# p ="password"
+# s = "salt"
+# c = 16777216
+# dk_len = 20
+# raw = %w{ ee fe 3d 61 cd 4d a4 e4
+# e9 94 5b 3d 6b a2 15 8c
+# 26 34 e9 84 }
+# expected = [raw.join('')].pack('H*')
+# value = OpenSSL::PKCS5.pbkdf2_hmac_sha1(p, s, c, dk_len)
+# assert_equal(expected, value)
+# end
+
+ def test_pbkdf2_hmac_sha1_rfc6070_c_4096_len_25
+ p ="passwordPASSWORDpassword"
+ s = "saltSALTsaltSALTsaltSALTsaltSALTsalt"
+ c = 4096
+ dk_len = 25
+
+ raw = %w{ 3d 2e ec 4f e4 1c 84 9b
+ 80 c8 d8 36 62 c0 e4 4a
+ 8b 29 1a 96 4c f2 f0 70
+ 38 }
+ expected = [raw.join('')].pack('H*')
+ value = OpenSSL::PKCS5.pbkdf2_hmac_sha1(p, s, c, dk_len)
+ assert_equal(expected, value)
+ end
+
+ def test_pbkdf2_hmac_sha1_rfc6070_c_4096_len_16
+ p ="pass\0word"
+ s = "sa\0lt"
+ c = 4096
+ dk_len = 16
+ raw = %w{ 56 fa 6a a7 55 48 09 9d
+ cc 37 d7 f0 34 25 e0 c3 }
+ expected = [raw.join('')].pack('H*')
+ value = OpenSSL::PKCS5.pbkdf2_hmac_sha1(p, s, c, dk_len)
+ assert_equal(expected, value)
+ end
+
+ def test_pbkdf2_hmac_sha256_c_20000_len_32
+ #unfortunately no official test vectors available yet for SHA-2
+ p ="password"
+ #s = OpenSSL::Random.random_bytes(16)
+ s = Random.new.bytes(16)
+ c = 20000
+ dk_len = 32
+ #digest = OpenSSL::Digest::SHA256.new
+ digest = Krypt::Digest::SHA256.new
+ value1 = OpenSSL::PKCS5.pbkdf2_hmac(p, s, c, dk_len, digest)
+ value2 = OpenSSL::PKCS5.pbkdf2_hmac(p, s, c, dk_len, digest)
+ assert_equal(value1, value2)
+ end if OpenSSL::PKCS5.respond_to?(:pbkdf2_hmac)
+
+end
View
@@ -0,0 +1,5 @@
+require 'minitest/unit'
+require 'minitest/autorun'
+require 'krypt/ossl'
+
+Test = MiniTest

0 comments on commit 66f03f9

Please sign in to comment.