* ext/openssl/ossl_cipher.c (ossl_cipher_encrypt, ossl_cipher_decrypt):

  re-implemnt (the arguments for this method is ).

* ext/openssl/ossl_cipher.c (ossl_cipher_pkcs5_keyivgen): new method
  OpenSSL::Cipher::Cipher#pkcs5_keyivgen. it calls EVP_BytesToKey().

* ext/openssl/ossl_cipher.c (ossl_cipher_set_key_length): new method
  OpenSSL::Cipher::Cipher#key_len=.

* ext/openssl/ossl_cipher.c (ossl_cipher_set_padding): the type of
  argument is changed from integer to boolean.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6549 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Author: gotoyuzo

ChangeLog

@@ -1,3 +1,17 @@
+Thu Jul  1 00:44:42 2004  GOTOU Yuuzou  <gotoyuzo@notwork.org>
+
+	* ext/openssl/ossl_cipher.c (ossl_cipher_encrypt, ossl_cipher_decrypt):
+	  re-implemnt (the arguments for this method is ).
+
+	* ext/openssl/ossl_cipher.c (ossl_cipher_pkcs5_keyivgen): new method
+	  OpenSSL::Cipher::Cipher#pkcs5_keyivgen. it calls EVP_BytesToKey().
+
+	* ext/openssl/ossl_cipher.c (ossl_cipher_set_key_length): new method
+	  OpenSSL::Cipher::Cipher#key_len=.
+
+	* ext/openssl/ossl_cipher.c (ossl_cipher_set_padding): the type of
+	  argument is changed from integer to boolean.
+
 Wed Jun 30 19:48:09 2004  GOTOU Yuuzou  <gotoyuzo@notwork.org>
 
 	* ext/openssl/extconf.rb: check for EVP_CIPHER_CTX_copy, ENGINE_add,

ext/openssl/ossl_cipher.c

@@ -132,100 +132,85 @@ ossl_cipher_reset(VALUE self)
 }
 
 static VALUE
-ossl_cipher_encrypt(int argc, VALUE *argv, VALUE self)
+ossl_cipher_init(int argc, VALUE *argv, VALUE self, int mode)
 {
     EVP_CIPHER_CTX *ctx;
-    unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH];
+    unsigned char key[EVP_MAX_KEY_LENGTH], *p_key = NULL;
+    unsigned char iv[EVP_MAX_IV_LENGTH], *p_iv = NULL;
     VALUE pass, init_v;
 
     GetCipher(self, ctx);
-	
-    rb_scan_args(argc, argv, "02", &pass, &init_v);
-	
-    if (NIL_P(init_v)) {
+    if(rb_scan_args(argc, argv, "02", &pass, &init_v) > 0){
 	/*
-	 * TODO:
-	 * random IV generation!
-	 */ 
-	memcpy(iv, "OpenSSL for Ruby rulez!", sizeof(iv));
-	/*
-	  RAND_add(data,i,0); where from take data?
-	  if (RAND_pseudo_bytes(iv, 8) < 0) {
-	  ossl_raise(eCipherError, NULL);
-	  }
-	*/
-    }
-    else {
-	init_v = rb_obj_as_string(init_v);
-	if (EVP_MAX_IV_LENGTH > RSTRING(init_v)->len) {
-	    memset(iv, 0, EVP_MAX_IV_LENGTH);
-	    memcpy(iv, RSTRING(init_v)->ptr, RSTRING(init_v)->len);
-	}
-	else {
-	    memcpy(iv, RSTRING(init_v)->ptr, sizeof(iv));
+	 * oops. this code mistakes salt for IV.
+	 * We deprecated the arguments for this method, but we decided
+	 * keeping this behaviour for backward compatibility.
+	 */
+	StringValue(pass);
+	if (NIL_P(init_v)) memcpy(iv, "OpenSSL for Ruby rulez!", sizeof(iv));
+	else{
+	    char *cname  = rb_class2name(rb_obj_class(self));
+	    rb_warning("key derivation by %s#encrypt is deprecated; "
+		       "use %s::pkcs5_keyivgen instead", cname, cname);
+	    StringValue(init_v);
+	    if (EVP_MAX_IV_LENGTH > RSTRING(init_v)->len) {
+		memset(iv, 0, EVP_MAX_IV_LENGTH);
+		memcpy(iv, RSTRING(init_v)->ptr, RSTRING(init_v)->len);
+	    }
+	    else memcpy(iv, RSTRING(init_v)->ptr, sizeof(iv));
 	}
+	EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), EVP_md5(), iv,
+		       RSTRING(pass)->ptr, RSTRING(pass)->len, 1, key, NULL);
+	p_key = key;
+	p_iv = iv;
     }
-
-    if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, 1) != 1) {
-        ossl_raise(eCipherError, NULL);
-    }
-
-    if (!NIL_P(pass)) {
-        StringValue(pass);
-
-        EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), EVP_md5(), iv,
-		   RSTRING(pass)->ptr, RSTRING(pass)->len, 1, key, NULL);
-        if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, -1) != 1) {
-            ossl_raise(eCipherError, NULL);
-        }
+    if (EVP_CipherInit_ex(ctx, NULL, NULL, p_key, p_iv, mode) != 1) {
+	ossl_raise(eCipherError, NULL);
     }
 
     return self;
 }
 
 static VALUE
-ossl_cipher_decrypt(int argc, VALUE *argv, VALUE self)
+ossl_cipher_encrypt(int argc, VALUE *argv, VALUE self)
 {
-    EVP_CIPHER_CTX *ctx;
-    unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH];
-    VALUE pass, init_v;
-	
-    GetCipher(self, ctx);
-    rb_scan_args(argc, argv, "02", &pass, &init_v);
-
-    if (NIL_P(init_v)) {
-	/*
-	 * TODO:
-	 * random IV generation!
-	 */
-	memcpy(iv, "OpenSSL for Ruby rulez!", EVP_MAX_IV_LENGTH);
-    }
-    else {
-	init_v = rb_obj_as_string(init_v);
-	if (EVP_MAX_IV_LENGTH > RSTRING(init_v)->len) {
-	    memset(iv, 0, EVP_MAX_IV_LENGTH);
-	    memcpy(iv, RSTRING(init_v)->ptr, RSTRING(init_v)->len);
-	}
-	else {
-	    memcpy(iv, RSTRING(init_v)->ptr, EVP_MAX_IV_LENGTH);
-	}
-    }
+    return ossl_cipher_init(argc, argv, self, 1);
+}
 
-    if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, 0) != 1) {
-        ossl_raise(eCipherError, NULL);
-    }
+static VALUE
+ossl_cipher_decrypt(int argc, VALUE *argv, VALUE self)
+{
+    return ossl_cipher_init(argc, argv, self, 0);
+}
 
-    if (!NIL_P(pass)) {
-        StringValue(pass);
+static VALUE
+ossl_cipher_pkcs5_keyivgen(int argc, VALUE *argv, VALUE self)
+{
+    EVP_CIPHER_CTX *ctx;
+    const EVP_MD *digest;
+    VALUE vpass, vsalt, viter, vdigest;
+    unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH], *salt = NULL;
+    int iter;
 
-        EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), EVP_md5(), iv,
-		   RSTRING(pass)->ptr, RSTRING(pass)->len, 1, key, NULL);
-        if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, -1) != 1) {
-            ossl_raise(eCipherError, NULL);
-        }
+    GetCipher(self, ctx);
+    rb_scan_args(argc, argv, "13", &vpass, &vsalt, &viter, &vdigest);
+    StringValue(vpass);
+    if(!NIL_P(vsalt)){
+	StringValue(vsalt);
+	if(RSTRING(vsalt)->len != PKCS5_SALT_LEN)
+	    rb_raise(eCipherError, "salt must be an 8-octet string.");
+	salt = RSTRING(vsalt)->ptr;
     }
+    iter = NIL_P(viter) ? 2048 : NUM2INT(viter);
+    digest = NIL_P(vdigest) ? EVP_md5() : GetDigestPtr(vdigest);
+    EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), digest, salt,
+		   RSTRING(vpass)->ptr, RSTRING(vpass)->len, iter, key, iv); 
+    if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, -1) != 1)
+	ossl_raise(eCipherError, NULL);
+    OPENSSL_cleanse(key, sizeof key);
+    OPENSSL_cleanse(iv, sizeof iv);
 
-    return self;
+    return Qnil;
 }
 
 static VALUE 
@@ -312,14 +297,26 @@ ossl_cipher_set_iv(VALUE self, VALUE iv)
     return iv;
 }
 
+static VALUE
+ossl_cipher_set_key_length(VALUE self, VALUE key_length)
+{
+    EVP_CIPHER_CTX *ctx;
+ 
+    GetCipher(self, ctx);
+    if (EVP_CIPHER_CTX_set_key_length(ctx, NUM2INT(key_length)) != 1)
+        ossl_raise(eCipherError, NULL);
+
+    return key_length;
+}
+
 static VALUE
 ossl_cipher_set_padding(VALUE self, VALUE padding)
 {
 #if defined(HAVE_EVP_CIPHER_CTX_SET_PADDING)
     EVP_CIPHER_CTX *ctx;
 
     GetCipher(self, ctx);
-    if (EVP_CIPHER_CTX_set_padding(ctx, NUM2INT(padding)) != 1)
+    if (EVP_CIPHER_CTX_set_padding(ctx, RTEST(padding)) != 1)
 	ossl_raise(eCipherError, NULL);
 #else
     rb_notimplement();
@@ -355,10 +352,12 @@ Init_ossl_cipher(void)
     rb_define_method(cCipher, "reset", ossl_cipher_reset, 0);
     rb_define_method(cCipher, "encrypt", ossl_cipher_encrypt, -1);
     rb_define_method(cCipher, "decrypt", ossl_cipher_decrypt, -1);
+    rb_define_method(cCipher, "pkcs5_keyivgen", ossl_cipher_pkcs5_keyivgen, -1);
     rb_define_method(cCipher, "update", ossl_cipher_update, 1);
     rb_define_method(cCipher, "final", ossl_cipher_final, 0);
     rb_define_method(cCipher, "name", ossl_cipher_name, 0);
     rb_define_method(cCipher, "key=", ossl_cipher_set_key, 1);
+    rb_define_method(cCipher, "key_len=", ossl_cipher_set_key_length, 1);
     rb_define_method(cCipher, "key_len", ossl_cipher_key_length, 0);
     rb_define_method(cCipher, "iv=", ossl_cipher_set_iv, 1);
     rb_define_method(cCipher, "iv_len", ossl_cipher_iv_length, 0);