diff options
| -rw-r--r-- | ext/openssl/ossl.c | 12 | ||||
| -rw-r--r-- | ext/openssl/ossl_cipher.c | 14 | ||||
| -rw-r--r-- | lib/openssl/hmac.rb | 25 | ||||
| -rw-r--r-- | test/openssl/test_cipher.rb | 8 | ||||
| -rw-r--r-- | test/openssl/test_hmac.rb | 4 |
5 files changed, 46 insertions, 17 deletions
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index ab418764..bb8fecb9 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -664,7 +664,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2) * ahold of the key may use it unless it is encrypted. In order to securely * export a key you may export it with a pass phrase. * - * cipher = OpenSSL::Cipher.new 'AES-256-CBC' + * cipher = OpenSSL::Cipher.new 'aes-256-cbc' * pass_phrase = 'my secure pass phrase goes here' * * key_secure = key.export cipher, pass_phrase @@ -772,7 +772,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2) * using PBKDF2. PKCS #5 v2.0 recommends at least 8 bytes for the salt, * the number of iterations largely depends on the hardware being used. * - * cipher = OpenSSL::Cipher.new 'AES-256-CBC' + * cipher = OpenSSL::Cipher.new 'aes-256-cbc' * cipher.encrypt * iv = cipher.random_iv * @@ -795,7 +795,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2) * Use the same steps as before to derive the symmetric AES key, this time * setting the Cipher up for decryption. * - * cipher = OpenSSL::Cipher.new 'AES-256-CBC' + * cipher = OpenSSL::Cipher.new 'aes-256-cbc' * cipher.decrypt * cipher.iv = iv # the one generated with #random_iv * @@ -830,7 +830,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2) * * First set up the cipher for encryption * - * encryptor = OpenSSL::Cipher.new 'AES-256-CBC' + * encryptor = OpenSSL::Cipher.new 'aes-256-cbc' * encryptor.encrypt * encryptor.pkcs5_keyivgen pass_phrase, salt * @@ -843,7 +843,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2) * * Use a new Cipher instance set up for decryption * - * decryptor = OpenSSL::Cipher.new 'AES-256-CBC' + * decryptor = OpenSSL::Cipher.new 'aes-256-cbc' * decryptor.decrypt * decryptor.pkcs5_keyivgen pass_phrase, salt * @@ -931,7 +931,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2) * ca_key = OpenSSL::PKey::RSA.new 2048 * pass_phrase = 'my secure pass phrase goes here' * - * cipher = OpenSSL::Cipher.new 'AES-256-CBC' + * cipher = OpenSSL::Cipher.new 'aes-256-cbc' * * open 'ca_key.pem', 'w', 0400 do |io| * io.write ca_key.export(cipher, pass_phrase) diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c index 5b92fc39..28f5c1b5 100644 --- a/ext/openssl/ossl_cipher.c +++ b/ext/openssl/ossl_cipher.c @@ -104,7 +104,7 @@ ossl_cipher_alloc(VALUE klass) * call-seq: * Cipher.new(string) -> cipher * - * The string must contain a valid cipher name like "AES-256-CBC". + * The string must contain a valid cipher name like "aes-256-cbc". * * A list of cipher names is available by calling OpenSSL::Cipher.ciphers. */ @@ -874,7 +874,7 @@ Init_ossl_cipher(void) * individual components name, key length and mode. Either all uppercase * or all lowercase strings may be used, for example: * - * cipher = OpenSSL::Cipher.new('AES-128-CBC') + * cipher = OpenSSL::Cipher.new('aes-128-cbc') * * === Choosing either encryption or decryption mode * @@ -904,7 +904,7 @@ Init_ossl_cipher(void) * without processing the password further. A simple and secure way to * create a key for a particular Cipher is * - * cipher = OpenSSL::Cipher.new('AES-256-CFB') + * cipher = OpenSSL::Cipher.new('aes-256-cfb') * cipher.encrypt * key = cipher.random_key # also sets the generated key on the Cipher * @@ -972,14 +972,14 @@ Init_ossl_cipher(void) * * data = "Very, very confidential data" * - * cipher = OpenSSL::Cipher.new('AES-128-CBC') + * cipher = OpenSSL::Cipher.new('aes-128-cbc') * cipher.encrypt * key = cipher.random_key * iv = cipher.random_iv * * encrypted = cipher.update(data) + cipher.final * ... - * decipher = OpenSSL::Cipher.new('AES-128-CBC') + * decipher = OpenSSL::Cipher.new('aes-128-cbc') * decipher.decrypt * decipher.key = key * decipher.iv = iv @@ -1015,7 +1015,7 @@ Init_ossl_cipher(void) * not to reuse the _key_ and _nonce_ pair. Reusing an nonce ruins the * security guarantees of GCM mode. * - * cipher = OpenSSL::Cipher.new('AES-128-GCM').encrypt + * cipher = OpenSSL::Cipher.new('aes-128-gcm').encrypt * cipher.key = key * cipher.iv = nonce * cipher.auth_data = auth_data @@ -1031,7 +1031,7 @@ Init_ossl_cipher(void) * ciphertext with a probability of 1/256. * * raise "tag is truncated!" unless tag.bytesize == 16 - * decipher = OpenSSL::Cipher.new('AES-128-GCM').decrypt + * decipher = OpenSSL::Cipher.new('aes-128-gcm').decrypt * decipher.key = key * decipher.iv = nonce * decipher.auth_tag = tag diff --git a/lib/openssl/hmac.rb b/lib/openssl/hmac.rb index 9bc8bc8d..c8c844d8 100644 --- a/lib/openssl/hmac.rb +++ b/lib/openssl/hmac.rb @@ -10,6 +10,14 @@ module OpenSSL OpenSSL.fixed_length_secure_compare(self.digest, other.digest) end + # :call-seq: + # hmac.base64digest -> string + # + # Returns the authentication code an a Base64-encoded string. + def base64digest + [digest].pack("m0") + end + class << self # :call-seq: # HMAC.digest(digest, key, data) -> aString @@ -48,6 +56,23 @@ module OpenSSL hmac << data hmac.hexdigest end + + # :call-seq: + # HMAC.base64digest(digest, key, data) -> aString + # + # Returns the authentication code as a Base64-encoded string. The _digest_ + # parameter specifies the digest algorithm to use. This may be a String + # representing the algorithm name or an instance of OpenSSL::Digest. + # + # === Example + # key = 'key' + # data = 'The quick brown fox jumps over the lazy dog' + # + # hmac = OpenSSL::HMAC.base64digest('SHA1', key, data) + # #=> "3nybhbi3iqa8ino29wqQcBydtNk=" + def base64digest(digest, key, data) + [digest(digest, key, data)].pack("m0") + end end end end diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb index 65b36dd1..45ec94a7 100644 --- a/test/openssl/test_cipher.rb +++ b/test/openssl/test_cipher.rb @@ -147,13 +147,13 @@ class OpenSSL::TestCipher < OpenSSL::TestCase def test_AES pt = File.read(__FILE__) - %w(ECB CBC CFB OFB).each{|mode| - c1 = OpenSSL::Cipher.new("AES-256-#{mode}") + %w(ecb cbc cfb ofb).each{|mode| + c1 = OpenSSL::Cipher.new("aes-256-#{mode}") c1.encrypt c1.pkcs5_keyivgen("passwd") ct = c1.update(pt) + c1.final - c2 = OpenSSL::Cipher.new("AES-256-#{mode}") + c2 = OpenSSL::Cipher.new("aes-256-#{mode}") c2.decrypt c2.pkcs5_keyivgen("passwd") assert_equal(pt, c2.update(ct) + c2.final) @@ -163,7 +163,7 @@ class OpenSSL::TestCipher < OpenSSL::TestCase def test_update_raise_if_key_not_set assert_raise(OpenSSL::Cipher::CipherError) do # it caused OpenSSL SEGV by uninitialized key [Bug #2768] - OpenSSL::Cipher.new("AES-128-ECB").update "." * 17 + OpenSSL::Cipher.new("aes-128-ecb").update "." * 17 end end diff --git a/test/openssl/test_hmac.rb b/test/openssl/test_hmac.rb index 7202a590..2f53a813 100644 --- a/test/openssl/test_hmac.rb +++ b/test/openssl/test_hmac.rb @@ -10,12 +10,14 @@ class OpenSSL::TestHMAC < OpenSSL::TestCase hmac.update("Hi There") assert_equal ["9294727a3638bb1c13f48ef8158bfc9d"].pack("H*"), hmac.digest assert_equal "9294727a3638bb1c13f48ef8158bfc9d", hmac.hexdigest + assert_equal "kpRyejY4uxwT9I74FYv8nQ==", hmac.base64digest # RFC 4231 4.2. Test Case 1 hmac = OpenSSL::HMAC.new(["0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"].pack("H*"), "SHA224") hmac.update("Hi There") assert_equal ["896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22"].pack("H*"), hmac.digest assert_equal "896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22", hmac.hexdigest + assert_equal "iW+xEoq73xloMhB81J3zP0e0sRaZErpPU2hLIg==", hmac.base64digest end def test_dup @@ -57,6 +59,8 @@ class OpenSSL::TestHMAC < OpenSSL::TestCase assert_equal ["9294727a3638bb1c13f48ef8158bfc9d"].pack("H*"), digest hexdigest = OpenSSL::HMAC.hexdigest("MD5", key, "Hi There") assert_equal "9294727a3638bb1c13f48ef8158bfc9d", hexdigest + b64digest = OpenSSL::HMAC.base64digest("MD5", key, "Hi There") + assert_equal "kpRyejY4uxwT9I74FYv8nQ==", b64digest end end |