Updates for 1.9.3

Author: Hiroshi Nakamura

rubykaigi2006/1_basic/11_encryption/111_aes+ecb/decrypt.rb

@@ -1,7 +1,7 @@
 require 'openssl'
 
 # load SECRET key
-key = File.read("seckey.bin")
+key = File.binread("seckey.bin")
 
 # create AES engine
 cipher = OpenSSL::Cipher::Cipher.new("AES-128-ECB")

rubykaigi2006/1_basic/11_encryption/111_aes+ecb/encrypt.rb

@@ -1,7 +1,7 @@
 require 'openssl'
 
 # load SECRET key
-key = File.read("seckey.bin")
+key = File.binread("seckey.bin")
 
 # create AES engine
 # 128/192/256 must match key length (bits)

rubykaigi2006/1_basic/11_encryption/112_aes+cbc/decrypt.rb

@@ -1,7 +1,7 @@
 require 'openssl'
 
 # load SECRET key
-key = File.read("seckey.bin")
+key = File.binread("seckey.bin")
 
 # create AES engine
 cipher = OpenSSL::Cipher::Cipher.new("AES-256-CBC")

rubykaigi2006/1_basic/11_encryption/112_aes+cbc/encrypt.rb

@@ -1,7 +1,7 @@
 require 'openssl'
 
 # load SECRET key
-key = File.read("seckey.bin")
+key = File.binread("seckey.bin")
 
 # create AES engine
 # 128/192/256 must match key length (bits)
@@ -21,4 +21,4 @@
 print iv
 
 # encryption
-print cipher.update(ARGF.read) + cipher.final
+print cipher.update(ARGF.binread) + cipher.final

rubykaigi2006/1_basic/11_encryption/113_aespassword/decrypt.rb

@@ -1,15 +1,18 @@
 require 'openssl'
 
 # load password
-password = File.read("password.txt")
+password = File.binread("password.txt")
 
 # create AES engine
 cipher = OpenSSL::Cipher::Cipher.new("AES-256-CBC")
 
+# salt is needed for key
+salt = ARGF.read(8)
+
 # initialize
 cipher.decrypt
 # calc key and IV from password
-cipher.pkcs5_keyivgen(password)
+cipher.pkcs5_keyivgen(password, salt)
 
 # decryption
 print cipher.update(ARGF.read) + cipher.final

rubykaigi2006/1_basic/11_encryption/113_aespassword/encrypt.rb

@@ -1,15 +1,21 @@
 require 'openssl'
 
 # load password
-password = File.read("password.txt")
+password = File.binread("password.txt")
 
 # create AES engine
 cipher = OpenSSL::Cipher::Cipher.new("AES-256-CBC")
 
+# create salt; must be 8 bytes
+salt = OpenSSL::Random.random_bytes(8)
+
 # initialize
 cipher.encrypt
-# calc key and IV from password
-cipher.pkcs5_keyivgen(password)
+# calc key and IV from password and salt
+cipher.pkcs5_keyivgen(password, salt)
+
+# salt is needed for key
+print salt
 
 # encryption
 print cipher.update(ARGF.read) + cipher.final

rubykaigi2006/1_basic/11_encryption/115_rsa/decrypt.rb

@@ -1,8 +1,7 @@
 require 'openssl'
 
 # load PRIVATE key
-privkey =
-  OpenSSL::PKey::RSA.new(File.read("privkey.pem"))
+privkey = OpenSSL::PKey::RSA.new(File.read("privkey.pem"))
 
 # decryption
 print privkey.private_decrypt(ARGF.read)

rubykaigi2006/1_basic/11_encryption/115_rsa/encrypt.rb

@@ -1,8 +1,7 @@
 require 'openssl'
 
 # load PUBLIC key
-pubkey =
-  OpenSSL::PKey::RSA.new(File.read("pubkey.pem"))
+pubkey = OpenSSL::PKey::RSA.new(File.read("pubkey.pem"))
 
 # encryption
 # CAUTION: ARGF must be shorter than key size!

rubykaigi2006/1_basic/12_authentication/121_hmac/alice_sign/sign.rb

@@ -4,12 +4,9 @@
 plain = ARGF.read
 
 # load SECRET key
-key = File.read("seckey.bin")
+key = File.binread("seckey.bin")
 
 # sign
-# CAUTION: digester must be an instance of
-#   ::OpenSSL::Digest::* not ::Digest::* even if
-#   openssl is loaded.
 digester = OpenSSL::Digest::SHA1.new
 sig = OpenSSL::HMAC.digest(digester, key, plain)
 

rubykaigi2006/1_basic/12_authentication/121_hmac/bob_verify/verify.rb

@@ -1,11 +1,11 @@
 require 'openssl'
 
 # load SECRET key
-key = File.read("seckey.bin")
+key = File.binread("seckey.bin")
 
 # load text and sig
-plain = File.read("plain.txt")
-sig = File.read("plain.sig.bin")
+plain = File.binread("../alice_sign/plain.txt")
+sig = File.binread("../alice_sign/plain.sig.bin")
 
 # self sign calculation
 digester = OpenSSL::Digest::SHA1.new

rubykaigi2006/1_basic/12_authentication/122_rsa/bob_verify/verify.rb

@@ -1,12 +1,11 @@
 require 'openssl'
 
 # load PUBLIC key
-pubkey =
-  OpenSSL::PKey::RSA.new(File.read("pubkey.pem"))
+pubkey = OpenSSL::PKey::RSA.new(File.read("pubkey.pem"))
 
 # load text and sig
-plain = File.read("plain.txt")
-sig = File.read("plain.sig.bin")
+plain = File.binread("../alice_sign/plain.txt")
+sig = File.binread("../alice_sign/plain.sig.bin")
 
 # verify
 digester = OpenSSL::Digest::SHA1.new

rubykaigi2006/1_basic/12_authentication/123_dsa/bob_verify/verify.rb

@@ -1,12 +1,11 @@
 require 'openssl'
 
 # load PUBLIC key
-pubkey =
-  OpenSSL::PKey::DSA.new(File.read("pubkey.pem"))
+pubkey = OpenSSL::PKey::DSA.new(File.read("pubkey.pem"))
 
 # load text and sig
-plain = File.read("plain.txt")
-sig = File.read("plain.sig.bin")
+plain = File.binread("../alice_sign/plain.txt")
+sig = File.binread("../alice_sign/plain.sig.bin")
 
 # verify
 if pubkey.verify(OpenSSL::Digest::DSS1.new, sig, plain)

rubykaigi2006/2_application/21_clientauth/host/host_client.rb

@@ -10,7 +10,7 @@ def initialize
 
     @logger = Logger.new(STDERR)
     @server = WEBrick::GenericServer.new(
-      :Port => 1235, :Logger => @logger)
+      :Port => 1234, :Logger => @logger)
   end
 
   def start

rubykaigi2006/2_application/21_clientauth/proxy/proxy_client.rb

@@ -3,8 +3,7 @@
 
 class ProxyClientAuth
   def initialize
-    @signkey =
-      OpenSSL::PKey::RSA.new(File.read("privkey.pem"))
+    @signkey = OpenSSL::PKey::RSA.new(File.read("privkey.pem"))
   end
 
   def evaluate(source)

rubykaigi2006/2_application/23_mastercontrol/host/host_mastercontrol.rb

@@ -5,13 +5,11 @@
 
 class HostMasterControl
   def initialize
-    @masterpubkey = OpenSSL::PKey::RSA.new(
-      File.read("masterpubkey.pem"))
+    @masterpubkey = OpenSSL::PKey::RSA.new(File.read("masterpubkey.pem"))
     @digester = OpenSSL::Digest::SHA256.new
 
     @logger = Logger.new(STDERR)
-    @server = WEBrick::GenericServer.new(
-      :Port => 1234, :Logger => @logger)
+    @server = WEBrick::GenericServer.new(:Port => 1234, :Logger => @logger)
   end
 
   def start

rubykaigi2006/2_application/23_mastercontrol/proxy/proxy_mastercontrol.rb

@@ -4,11 +4,9 @@
 
 class ProxyMasterControl
   def initialize
-    @pubkey =
-      OpenSSL::PKey::RSA.new(File.read("pubkey.pem"))
+    @pubkey = OpenSSL::PKey::RSA.new(File.read("pubkey.pem"))
     @pubsig = File.read("pubkey.pem.sig")
-    @signkey =
-      OpenSSL::PKey::RSA.new(File.read("privkey.pem"))
+    @signkey = OpenSSL::PKey::RSA.new(File.read("privkey.pem"))
   end
 
   def evaluate(source)

rubykaigi2006/2_application/24_nglist/host/Rakefile

@@ -4,12 +4,19 @@ CLEAN.include('*.pem')
 CLEAN.include('../proxy/pubkey.pem.sig')
 CLEAN.include('nglist.txt')
 
-task :default => ['masterprivkey.pem', '../proxy/pubkey.pem.sig', 'nglist.txt']
+task :default => ['masterprivkey.pem', '../proxy/pubkey.pem.sig', 'nglist_listed.txt', 'nglist.txt']
 
 file 'nglist.txt' do
   File.open('nglist.txt', 'w') {}
 end
 
+file 'nglist_listed.txt' do
+  require 'openssl'
+  File.open('nglist_listed.txt', 'w') do |f|
+    f.puts(OpenSSL::PKey.read(File.read("../proxy/pubkey.pem")).n.to_s)
+  end
+end
+
 file 'masterprivkey.pem' do
   load 'generatemasterkey.rb'
 end

rubykaigi2006/2_application/25_noreplay/host/host_noreplay.rb

@@ -30,6 +30,7 @@ def start
         pubkey = Marshal.load(sock)
         pubsig = Marshal.load(sock)
         source = Marshal.load(sock)
+        p [:request, source]
         sourcesig = Marshal.load(sock)
         sock.close_read
         # verify

rubykaigi2006/2_application/26_encrypt/host/host_encrypt.rb

@@ -19,7 +19,7 @@ def initialize
 
     @logger = Logger.new(STDERR)
     @server = WEBrick::GenericServer.new(
-      :Port => 1235, :Logger => @logger)
+      :Port => 1234, :Logger => @logger)
   end
 
   def start
@@ -34,6 +34,7 @@ def start
         pubkey = Marshal.load(sock)
         pubsig = Marshal.load(sock)
         ciphertext = Marshal.load(sock)
+        p [:request, ciphertext]
         cipherkey = Marshal.load(sock)
         sourcesig = Marshal.load(sock)
         sock.close_read

rubykaigi2006/2_application/27_ssl/ca/gen_cert.rb

@@ -1,9 +1,9 @@
 #!/usr/bin/env ruby
 
 require 'openssl'
-require 'ca_config'
+require './ca_config'
 require 'fileutils'
-require 'getopts'
+require 'optparse'
 
 include OpenSSL
 
@@ -13,10 +13,21 @@ def usage
   exit
 end
 
-getopts nil, 'type:client', 'out:', 'force'
+cert_type = nil
+out_file = 'cert.pem'
+force = false
+OptionParser.new { |opts|
+  opts.on("-t TYPE", "--type TYPE") do |v|
+    cert_type = v
+  end
+  opts.on("-o OUT", "--out OUT") do |v|
+    out_file = v
+  end
+  opts.on(nil, "--force") do
+    force = true
+  end
+}.parse!
 
-cert_type = $OPT_type
-out_file = $OPT_out || 'cert.pem'
 csr_file = ARGV.shift or usage
 ARGV.empty? or usage
 
@@ -31,7 +42,7 @@ def usage
   raise "Key length too long"
 end
 if csr.subject.to_a[0, CAConfig::NAME.size] != CAConfig::NAME
-  unless $OPT_force
+  unless force
     p csr.subject.to_a
     p CAConfig::NAME
     puts "DN does not match"
@@ -111,7 +122,7 @@ def usage
 ex << ef.create_extension("crlDistributionPoints", CAConfig::CDP_LOCATION) if CAConfig::CDP_LOCATION
 ex << ef.create_extension("authorityInfoAccess", "OCSP;" << CAConfig::OCSP_LOCATION) if CAConfig::OCSP_LOCATION
 cert.extensions = ex
-cert.sign(ca_keypair, Digest::SHA1.new)
+cert.sign(ca_keypair, OpenSSL::Digest::SHA1.new)
 
 # For backup
 

rubykaigi2006/2_application/27_ssl/ca/gen_crl.rb

@@ -1,8 +1,7 @@
 #!/usr/bin/env ruby
 
 require 'openssl'
-require 'ca_config'
-require 'getopts'
+require './ca_config'
 
 include OpenSSL
 
@@ -49,7 +48,7 @@ def usage
   puts "+ Serial ##{re.serial} - revoked at #{re.time}"
 end
 
-crl.sign(ca_keypair, Digest::SHA1.new)
+crl.sign(ca_keypair, OpenSSL::Digest::SHA1.new)
 
 puts "Writing #{CAConfig::CRL_FILE}."
 File.open(CAConfig::CRL_FILE, "w") do |f|

rubykaigi2006/2_application/27_ssl/ca/init_ca.rb

@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby
 
 require 'openssl'
-require 'ca_config'
+require './ca_config'
 
 include OpenSSL
 
@@ -49,7 +49,7 @@
 cert.extensions = [ext1, ext2, ext3, ext4]
 ext0 = ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
 cert.add_extension(ext0)
-cert.sign(keypair, Digest::SHA1.new)
+cert.sign(keypair, OpenSSL::Digest::SHA1.new)
 
 keypair_file = CAConfig::KEYPAIR_FILE
 puts "Writing keypair."

rubykaigi2006/2_application/27_ssl/host/host_ssl.rb

@@ -1,25 +1,22 @@
 require 'webrick/ssl'
 require 'openssl'
+require '../sslsocket_fix'
 require 'logger'
 
 class HostSsl
   def initialize
     logger = Logger.new(STDERR)
-    servercert = OpenSSL::X509::Certificate.new(
-      File.read("servercert.pem"))
-    serverprivkey = OpenSSL::PKey::RSA.new(
-      File.read("privkey.pem"))
+    servercert = OpenSSL::X509::Certificate.new(File.read("servercert.pem"))
+    serverprivkey = OpenSSL::PKey::RSA.new(File.read("privkey.pem"))
     ca_file = '../ca/cacert.pem'
     # CAUTION: crl_file is not reloaded until the
     #   next server startup
     crl_file = '../ca/crl/ctor.pem'
 
     store = OpenSSL::X509::Store.new
     store.add_file(ca_file)
-    store.add_crl(
-      OpenSSL::X509::CRL.new(File.read(crl_file)))
-    store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK |
-      OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
+    store.add_crl(OpenSSL::X509::CRL.new(File.read(crl_file)))
+    store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK | OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
 
     @server = WEBrick::GenericServer.new(
       :X_SSLCertificateStoreCrlFile => crl_file,

rubykaigi2006/2_application/27_ssl/proxy/gen_key_and_certrequest.rb

@@ -33,7 +33,7 @@ def usage
 req.version = 0
 req.subject = name
 req.public_key = keypair.public_key
-req.sign(keypair, Digest::MD5.new)
+req.sign(keypair, OpenSSL::Digest::MD5.new)
 
 puts "Writing #{csrout}..."
 File.open(csrout, "w") do |f|