Module: Tem::OpenSSL::TemTools

Included in:: Key

Defined in:: lib/ossl/tem_tools.rb

Class Method Summary collapse

.crypt_with_sec(encrypted_data, dec_sec, tem) ⇒ Object

encrypts/decrypts using a SECpack generated via a previous call to crypting_sec.
.crypting_sec(key, tem, mode = :decrypt) ⇒ Object

generates a SECpack that encrypts/decrypts a user-supplied blob the SECpack is tied down to a TEM.
.generate_key_on_tem(tem) ⇒ Object

generate an RSA key pair on the TEM slower than OpenSSL-based generation, but uses a hardware RNG.
.sign_with_sec(data, sign_sec, tem) ⇒ Object

signs using a SECpack generated via a previous call to signing_sec.
.signing_sec(key, tem) ⇒ Object

generates a SECpack that decrypts a user-supplied blob the SECpack is tied down to a TEM.

Class Method Details

.crypt_with_sec(encrypted_data, dec_sec, tem) ⇒ `Object`

encrypts/decrypts using a SECpack generated via a previous call to crypting_sec

# File 'lib/ossl/tem_tools.rb', line 92

def self.crypt_with_sec(encrypted_data, dec_sec, tem)
  # convert the data string to an array of numbers
  ed = encrypted_data.unpack('C*')
  
  # patch the data and its length into the SEC 
  elen = tem.to_tem_ushort(ed.length)
  dec_sec.body[dec_sec.label_address(:input_length), elen.length] = elen
  dec_sec.body[dec_sec.label_address(:input_data), ed.length] = ed
  
  # run the sec and convert its output to a string
  dd = tem.execute dec_sec
  decrypted_data = dd.pack('C*')
  
  return decrypted_data
end

.crypting_sec(key, tem, mode = :decrypt) ⇒ `Object`

generates a SECpack that encrypts/decrypts a user-supplied blob the SECpack is tied down to a TEM

# File 'lib/ossl/tem_tools.rb', line 16

def self.crypting_sec(key, tem, mode = :decrypt)
  crypt_sec = tem.assemble do |s|
    # load the key in the TEM
    s.ldwc :const => :key_data
    s.rdk
    # allocate the output buffer
    s.ldwc :const => 512
    s.outnew
    # decrypt the given data
    s.ldw :from => :input_length
    s.ldwc :const => :input_data
    s.ldwc :const => -1
    s.send({:encrypt => :kevb, :decrypt => :kdvb}[mode])
    s.halt
    
    # key material
    s.label :key_data
    s.immed :ubyte, key.to_tem_key
    
    # user-supplied argument: the length of the blob to be encrypted/decrypted
    s.label :input_length
    s.immed :ushort, 256
    
    # user-supplied argument: the blob to be encrypted/decrypted
    s.label :input_data
    s.filler :ubyte, 512
    
    # the TEM stack
    s.label :sec_stack
    s.stack
    s.extra 8
  end
  crypt_sec.bind(tem.pubek, :key_data, :input_length)
  return crypt_sec
end

.generate_key_on_tem(tem) ⇒ `Object`

generate an RSA key pair on the TEM slower than OpenSSL-based generation, but uses a hardware RNG

# File 'lib/ossl/tem_tools.rb', line 4

def self.generate_key_on_tem(tem)
  kdata = tem.tk_gen_key(:asymmetric)
  pubk = tem.tk_read_key(kdata[:pubk_id], kdata[:authz])
  tem.tk_delete_key(kdata[:pubk_id], kdata[:authz])
  privk = tem.tk_read_key(kdata[:privk_id], kdata[:authz])
  tem.tk_delete_key(kdata[:privk_id], kdata[:authz])
  
  return {:privk => privk, :pubk => pubk}
end

.sign_with_sec(data, sign_sec, tem) ⇒ `Object`

signs using a SECpack generated via a previous call to signing_sec

# File 'lib/ossl/tem_tools.rb', line 109

def self.sign_with_sec(data, sign_sec, tem)
  # convert the data string to an array of numbers
  d = data.unpack('C*')
  
  # patch the data and its length into the SEC 
  len = tem.to_tem_ushort(d.length)
  sign_sec.body[sign_sec.label_address(:input_length), len.length] = len
  sign_sec.body[sign_sec.label_address(:input_data), d.length] = d
  
  # run the sec and convert its output to a string
  s = tem.execute sign_sec
  signature = s.pack('C*')
  
  return signature
end

.signing_sec(key, tem) ⇒ `Object`

generates a SECpack that decrypts a user-supplied blob the SECpack is tied down to a TEM

# File 'lib/ossl/tem_tools.rb', line 54

def self.signing_sec(key, tem)
  sign_sec = tem.assemble do |s|
    # load the key in the TEM
    s.ldwc :const => :key_data
    s.rdk
    # allocate the output buffer
    s.ldwc :const => key.ssl_key.n.num_bytes + 1
    s.outnew
    # sign the given data
    s.ldw :from => :input_length
    s.ldwc :const => :input_data
    s.ldwc :const => -1
    s.ksvb
    s.halt
    
    # key material
    s.label :key_data
    s.immed :ubyte, key.to_tem_key
    
    # user-supplied argument: the length of the blob to be signed
    s.label :input_length
    s.immed :ushort, 256
    
    # user-supplied argument: the blob to be signed
    s.label :input_data
    s.filler :ubyte, 512
    
    # the TEM stack
    s.label :sec_stack
    s.stack
    s.extra 8
  end
  sign_sec.bind(tem.pubek, :key_data, :input_length)
  return sign_sec
end

Module: Tem::OpenSSL::TemTools

Class Method Summary collapse

Class Method Details

.crypt_with_sec(encrypted_data, dec_sec, tem) ⇒ Object

.crypting_sec(key, tem, mode = :decrypt) ⇒ Object

.generate_key_on_tem(tem) ⇒ Object

.sign_with_sec(data, sign_sec, tem) ⇒ Object

.signing_sec(key, tem) ⇒ Object

.crypt_with_sec(encrypted_data, dec_sec, tem) ⇒ `Object`

.crypting_sec(key, tem, mode = :decrypt) ⇒ `Object`

.generate_key_on_tem(tem) ⇒ `Object`

.sign_with_sec(data, sign_sec, tem) ⇒ `Object`

.signing_sec(key, tem) ⇒ `Object`