From 953e8aca2be6a74a4829f8729cd4ba8e501207fe Mon Sep 17 00:00:00 2001 From: technorama Date: Thu, 5 Apr 2007 05:59:22 +0000 Subject: * ext/openssl/ossl_pkcs5.c: New module. * ext/openssl/ossl_{cipher,digest,pkcs7,pkcs12}.c: Remove redundant module namespace. * ext/openssl/lib/openssl/{cipher,digest}.rb Add backwards compatibile classes for rearranged classes. * ext/openssl/ossl_{pkcs7,pkcs12}.c: Add documentation. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@12148 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ext/openssl/ossl_pkcs5.c | 96 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) create mode 100644 ext/openssl/ossl_pkcs5.c (limited to 'ext/openssl/ossl_pkcs5.c') diff --git a/ext/openssl/ossl_pkcs5.c b/ext/openssl/ossl_pkcs5.c new file mode 100644 index 0000000000..ca02a18c67 --- /dev/null +++ b/ext/openssl/ossl_pkcs5.c @@ -0,0 +1,96 @@ +/* + * $Id$ + * Copyright (C) 2007 Technorama Ltd. + */ +#include "ossl.h" + +VALUE mPKCS5; +VALUE ePKCS5; + +/* + * call-seq: + * PKCS5.pbkdf2_hmac(pass, salt, iter, keylen, digest) => string + * + * === Parameters + * * +pass+ - string + * * +salt+ - string + * * +iter+ - integer - should be greater than 1000. 2000 is better. + * * +keylen+ - integer + * * +digest+ - a string or OpenSSL::Digest object. + * + * Available in OpenSSL 0.9.9?. + * + * Digests other than SHA1 may not be supported by other cryptography libraries. + */ +static VALUE +ossl_pkcs5_pbkdf2_hmac(VALUE self, VALUE pass, VALUE salt, VALUE iter, VALUE keylen, VALUE digest) +{ +#ifdef HAVE_PKCS5_PBKDF2_HMAC + VALUE str; + const EVP_MD md; + int len = NUM2INT(keylen); + + StringValue(pass); + StringValue(salt); + md = GetDigestPtr(digest); + + str = rb_str_new(0, len); + + if (PKCS5_PBKDF2_HMAC(RSTRING_PTR(pass), RSTRING_LEN(pass), RSTRING_PTR(salt), RSTRING_LEN(salt), NUM2INT(iter), md, len, RSTRING_PTR(str)) != 1) + ossl_raise(ePKCS5, "PKCS5_PBKDF2_HMAC"); + + return str; +#else + rb_notimplement(); +#endif +} + + +/* + * call-seq: + * PKCS5.pbkdf2_hmac_sha1(pass, salt, iter, keylen) => string + * + * === Parameters + * * +pass+ - string + * * +salt+ - string + * * +iter+ - integer - should be greater than 1000. 2000 is better. + * * +keylen+ - integer + * + * This method is available almost any version OpenSSL. + * + * Conforms to rfc2898. + */ +static VALUE +ossl_pkcs5_pbkdf2_hmac_sha1(VALUE self, VALUE pass, VALUE salt, VALUE iter, VALUE keylen) +{ +#ifdef HAVE_PKCS5_PBKDF2_HMAC_SHA1 + VALUE str; + int len = NUM2INT(keylen); + + StringValue(pass); + StringValue(salt); + + str = rb_str_new(0, len); + + if (PKCS5_PBKDF2_HMAC_SHA1(RSTRING_PTR(pass), RSTRING_LEN(pass), RSTRING_PTR(salt), RSTRING_LEN(salt), NUM2INT(iter), len, RSTRING_PTR(str)) != 1) + ossl_raise(ePKCS5, "PKCS5_PBKDF2_HMAC_SHA1"); + + return str; +#else + rb_notimplement(); +#endif +} + +void +Init_ossl_pkcs5() +{ + /* + * Password-based Encryption + * + */ + mPKCS5 = rb_define_module_under(mOSSL, "PKCS5"); + ePKCS5 = rb_define_class_under(mPKCS5, "PKCS5Error", eOSSLError); + + rb_define_module_function(mPKCS5, "pbkdf2_hmac", ossl_pkcs5_pbkdf2_hmac, 5); + rb_define_module_function(mPKCS5, "pbkdf2_hmac_sha1", ossl_pkcs5_pbkdf2_hmac_sha1, 4); +} -- cgit v1.2.3