[feat] support OpenSSL::KDF as a (semi) OpenSSL::PKCS5 replacement

Author: kares

lib/openssl/pkcs5.rb

@@ -0,0 +1,22 @@
+#--
+# Ruby/OpenSSL Project
+# Copyright (C) 2017 Ruby/OpenSSL Project Authors
+#++
+
+# JOpenSSL has these - here for explicit require 'openssl/pkcs5' compatibility
+
+# module OpenSSL
+#   module PKCS5
+#     module_function
+#
+#     # OpenSSL::PKCS5.pbkdf2_hmac has been renamed to OpenSSL::KDF.pbkdf2_hmac.
+#     # This method is provided for backwards compatibility.
+#     def pbkdf2_hmac(pass, salt, iter, keylen, digest)
+#       OpenSSL::KDF.pbkdf2_hmac(pass, salt: salt, iterations: iter, length: keylen, hash: digest)
+#     end
+#
+#     def pbkdf2_hmac_sha1(pass, salt, iter, keylen)
+#       pbkdf2_hmac(pass, salt, iter, keylen, "sha1")
+#     end
+#   end
+# end

src/main/java/org/jruby/ext/openssl/KDF.java

@@ -0,0 +1,75 @@
+/*
+ * The MIT License
+ *
+ * Copyright (c) 2018 Karol Bucek LTD.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+package org.jruby.ext.openssl;
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+
+import org.jruby.*;
+import org.jruby.anno.JRubyMethod;
+import org.jruby.anno.JRubyModule;
+import org.jruby.exceptions.RaiseException;
+import org.jruby.runtime.ThreadContext;
+import org.jruby.runtime.builtin.IRubyObject;
+
+import static org.jruby.ext.openssl.Utils.extractKeywordArgs;
+
+/**
+ * Provides functionality of various KDFs (key derivation function).
+ *
+ * @author kares
+ */
+@JRubyModule(name = "OpenSSL::KDF")
+public class KDF {
+
+    static void createKDF(final Ruby runtime, final RubyModule OpenSSL) {
+        RubyModule KDF = OpenSSL.defineModuleUnder("KDF");
+        RubyClass OpenSSLError = OpenSSL.getClass("OpenSSLError");
+        KDF.defineClassUnder("KDFError", OpenSSLError, OpenSSLError.getAllocator());
+        KDF.defineAnnotatedMethods(KDF.class);
+    }
+
+    private static final String[] PBKDF2_ARGS = new String[] { "salt", "iterations", "length", "hash" };
+
+    @JRubyMethod(module = true) // pbkdf2_hmac(pass, salt:, iterations:, length:, hash:)
+    public static IRubyObject pbkdf2_hmac(ThreadContext context, IRubyObject self, IRubyObject pass, IRubyObject opts) {
+        IRubyObject[] args = extractKeywordArgs(context, (RubyHash) opts, PBKDF2_ARGS, 1);
+        args[0] = pass;
+        try {
+            return PKCS5.pbkdf2Hmac(context.runtime, args);
+        }
+        catch (NoSuchAlgorithmException|InvalidKeyException e) {
+            throw newKDFError(context.runtime, e.getMessage());
+        }
+    }
+
+    static RaiseException newKDFError(Ruby runtime, String message) {
+        return Utils.newError(runtime, _KDF(runtime).getClass("KDFError"), message);
+    }
+
+    static RubyClass _KDF(final Ruby runtime) {
+        return (RubyClass) runtime.getModule("OpenSSL").getConstant("KDF");
+    }
+
+}

src/main/java/org/jruby/ext/openssl/OpenSSL.java

@@ -81,6 +81,7 @@ public static void createOpenSSL(final Ruby runtime) {
         PKCS7.createPKCS7(runtime, _OpenSSL);
         PKCS5.createPKCS5(runtime, _OpenSSL);
         OCSP.createOCSP(runtime, _OpenSSL);
+        KDF.createKDF(runtime, _OpenSSL);
 
         runtime.getLoadService().require("jopenssl/version");
 

src/main/java/org/jruby/ext/openssl/PKCS5.java

@@ -34,11 +34,14 @@
 
 import org.jruby.Ruby;
 import org.jruby.RubyModule;
+import org.jruby.RubyNumeric;
 import org.jruby.RubyString;
 import org.jruby.anno.JRubyMethod;
 import org.jruby.anno.JRubyModule;
 import org.jruby.runtime.builtin.IRubyObject;
 
+import static org.jruby.ext.openssl.KDF.newKDFError;
+
 /**
  * OpenSSL::PKCS5
  *
@@ -53,7 +56,7 @@ public static void createPKCS5(final Ruby runtime, final RubyModule ossl) {
     }
 
     // def pbkdf2_hmac_sha1(pass, salt, iter, keylen)
-    @JRubyMethod(meta = true, required = 4)
+    @JRubyMethod(module = true, required = 4)
     public static IRubyObject pbkdf2_hmac_sha1(final IRubyObject self, final IRubyObject[] args) {
         //final byte[] pass = args[0].asString().getBytes();
         final char[] pass = args[0].asString().toString().toCharArray();
@@ -65,12 +68,26 @@ public static IRubyObject pbkdf2_hmac_sha1(final IRubyObject self, final IRubyOb
     }
 
     // def pbkdf2_hmac_sha1(pass, salt, iter, keylen, digest)
-    @JRubyMethod(meta = true, required = 5)
+    @JRubyMethod(module = true, required = 5)
     public static IRubyObject pbkdf2_hmac(final IRubyObject self, final IRubyObject[] args) {
-        final byte[] pass = args[0].asString().getBytes();
-        final byte[] salt = args[1].asString().getBytes();
-        final int iter = (int) args[2].convertToInteger().getLongValue();
-        final int keylen = (int) args[3].convertToInteger().getLongValue();
+        final Ruby runtime = self.getRuntime();
+        try {
+            return pbkdf2Hmac(runtime, args);
+        }
+        catch (NoSuchAlgorithmException ex) {
+            throw Utils.newRuntimeError(runtime, ex); // should no happen
+        }
+        catch (InvalidKeyException ex) {
+            throw newKDFError(runtime, ex.getMessage()); // in MRI PKCS5 delegates to KDF impl
+        }
+    }
+
+    static RubyString pbkdf2Hmac(final Ruby runtime, final IRubyObject[] args)
+        throws NoSuchAlgorithmException, InvalidKeyException {
+        final byte[] pass = args[0].convertToString().getBytes();
+        final byte[] salt = args[1].convertToString().getBytes();
+        final int iter = RubyNumeric.num2int(args[2]);
+        final int keylen = RubyNumeric.num2int(args[3]);
 
         final String digestAlg;
         final IRubyObject digest = args[4];
@@ -83,20 +100,15 @@ public static IRubyObject pbkdf2_hmac(final IRubyObject self, final IRubyObject[
 
         // NOTE: on our own since e.g. "PBKDF2WithHmacMD5" not supported by Java
 
+        // key = SecurityHelper.getSecretKeyFactory("PBKDF2WithHmac" + hash).generateSecret(spec);
+        // return StringHelper.newString(runtime, key.getEncoded());
+
         final String macAlg = "Hmac" + digestAlg;
-        final Ruby runtime = self.getRuntime();
-        try {
-            final Mac mac = SecurityHelper.getMac( macAlg );
-            mac.init( new SimpleSecretKey(macAlg, pass) );
-            final byte[] key = deriveKey(mac, salt, iter, keylen);
-            return StringHelper.newString(runtime, key);
-        }
-        catch (NoSuchAlgorithmException ex) {
-            throw Utils.newRuntimeError(runtime, ex); // should no happen
-        }
-        catch (InvalidKeyException ex) {
-            throw Utils.newRuntimeError(runtime, ex); // TODO
-        }
+
+        final Mac mac = SecurityHelper.getMac( macAlg );
+        mac.init( new SimpleSecretKey(macAlg, pass) );
+        final byte[] key = deriveKey(mac, salt, iter, keylen);
+        return StringHelper.newString(runtime, key);
     }
 
     private static String mapDigestName(final String name) {
@@ -107,18 +119,15 @@ private static String mapDigestName(final String name) {
         return mapped;
     }
 
-    private static RubyString generatePBEKey(final Ruby runtime,
+    static RubyString generatePBEKey(final Ruby runtime,
         final char[] pass, final byte[] salt, final int iter, final int keySize) {
         PBEParametersGenerator generator = new PKCS5S2ParametersGenerator();
         generator.init(PBEParametersGenerator.PKCS5PasswordToBytes(pass), salt, iter);
         CipherParameters params = generator.generateDerivedParameters(keySize * 8);
         return StringHelper.newString(runtime, ((KeyParameter) params).getKey());
     }
 
-    // http://stackoverflow.com/questions/9147463/java-pbkdf2-with-hmacsha256-as-the-prf
-
-    public static byte[] deriveKey( final Mac prf, byte[] salt, int iterationCount, int dkLen )
-        throws NoSuchAlgorithmException, InvalidKeyException {
+    public static byte[] deriveKey( final Mac prf, byte[] salt, int iterationCount, int dkLen ) {
 
         // Note: hLen, dkLen, l, r, T, F, etc. are horrible names for
         //       variables and functions in this day and age, but they

src/main/java/org/jruby/ext/openssl/Utils.java

@@ -28,16 +28,16 @@
 package org.jruby.ext.openssl;
 
 import java.io.IOException;
+import java.util.HashSet;
 
-import org.jruby.Ruby;
-import org.jruby.RubyClass;
-import org.jruby.RubyModule;
+import org.jruby.*;
 import org.jruby.exceptions.RaiseException;
 import org.jruby.internal.runtime.methods.DynamicMethod;
 import org.jruby.internal.runtime.methods.UndefinedMethod;
 import org.jruby.runtime.Block;
 import org.jruby.runtime.ThreadContext;
 import org.jruby.runtime.builtin.IRubyObject;
+import org.jruby.util.TypeConverter;
 
 /**
  * @author <a href="mailto:ola.bini@ki.se">Ola Bini</a>
@@ -149,4 +149,40 @@ private static <T extends Throwable> void throwsUnchecked(Throwable t) throws T
         throw (T) t;
     }
 
+    // from JRuby's ArgsUtil :
+
+    static IRubyObject[] extractKeywordArgs(final ThreadContext context, RubyHash options, String... validKeys) {
+        return extractKeywordArgs(context, options, validKeys, 0);
+    }
+
+    static IRubyObject[] extractKeywordArgs(final ThreadContext context, RubyHash options, String[] validKeys, int offset) {
+        final IRubyObject[] ret = new IRubyObject[offset + validKeys.length];
+
+        final HashSet<RubySymbol> validKeySet = new HashSet<>(ret.length);
+
+        // Build the return values
+        for (int i=0; i<validKeys.length; i++) {
+            final String key = validKeys[i];
+            RubySymbol keySym = context.runtime.newSymbol(key);
+            IRubyObject val = options.fastARef(keySym);
+            ret[offset + i] = val != null ? val : RubyBasicObject.UNDEF;
+            validKeySet.add(keySym);
+        }
+
+        // Check for any unknown keys
+        options.visitAll(new RubyHash.Visitor() {
+            public void visit(IRubyObject key, IRubyObject value) {
+                if (!validKeySet.contains(key)) {
+                    throw context.runtime.newArgumentError("unknown keyword: " + key);
+                }
+            }
+        });
+
+        return ret;
+    }
+
+    static IRubyObject extractKeywordArg(ThreadContext context, String keyword, RubyHash opts) {
+        return opts.op_aref(context, context.runtime.newSymbol(keyword));
+    }
+
 }// Utils

src/test/ruby/pkcs5/test_pbkdf2.rb

@@ -1,44 +1,65 @@
 require File.expand_path('../test_helper', File.dirname(__FILE__))
 
-module Jopenssl
-  class TestPKCS5 < TestCase
-
-    def test_pbkdf2_hmac_sha1
-      pass = 'secret'
-      salt = 'sugar0'
-      iter = 42
-      keylen = 24
-      expected = "\a\xB6I\xE1)\xD8\xA6\x84\xC8D\b\xB2h(]\xBA\x87\xDE\e\xFC\x7F\e\xC3\x06"
-      expected.force_encoding('ASCII-8BIT') if ''.respond_to?(:force_encoding)
-      assert_equal expected, OpenSSL::PKCS5.pbkdf2_hmac_sha1(pass, salt, iter, keylen)
-    end
-
-    def test_pbkdf2_hmac_sha1_with_empty_salt
-      pass = ' '
-      expected = "\x81\e\xE9F\xD8op\xA6\x9D\xF4=\tX\x13\x82D\xF7\xF3\x7F\xC8aFR+"
-      expected.force_encoding('ASCII-8BIT') if ''.respond_to?(:force_encoding)
-      assert_equal expected, OpenSSL::PKCS5.pbkdf2_hmac_sha1(pass, '', 16, 24)
-    end
-
-    def test_pbkdf2_hmac
-      pass = 'SecreT2'
-      salt = '0123456789001234567890'
-
-      digest = OpenSSL::Digest::MD5.new
-      expected = "\xC10D2\x8F\xEA}\xF7ag\xB5\xC8Ad\xFBN9Ff\x9D}\xA6\a\x86\x8F\xC4&HI\x85\x89<cGl\x02W\xF9\xD8\xF9\x1C\xAB\xFF\xA3\xC9C>U"
-      expected.force_encoding('ASCII-8BIT') if ''.respond_to?(:force_encoding)
-      assert_equal expected, OpenSSL::PKCS5.pbkdf2_hmac(pass, salt, 120, 48, digest)
-      assert_equal expected, OpenSSL::PKCS5.pbkdf2_hmac(pass, salt, 120, 48, digest)
-
-      digest = OpenSSL::Digest::SHA256.new
-      expected = "}\xF4\xE3\xBF\xA7u\xB3[l\xE0(\x84\x96W\xFA\x00h\xA1l#\xB8\xC0Ptirz\v\xBA\x0Es\n<\xF8\xB5(\x85\xDA\xFE\x02y\x14\xB5A`\x8F\xA3\x03\x95\xA7G\xB4pU\xB6pf=Q\x1Fz\x12u\x83"
-      expected.force_encoding('ASCII-8BIT') if ''.respond_to?(:force_encoding)
-      assert_equal expected, OpenSSL::PKCS5.pbkdf2_hmac(pass, salt, 100, 64, digest)
-
-      expected = "\x03\x1C\x86\xC7N?\xC3\xBC\xF30W\xEC\x9B\x89I\x8D\xE6|\xA1Y\xEF\bt\xB4\x17\xA9\x87\xCB\xEA\x7F\x92\xDB\x88N@\xCB\x17\xDF\xC4\x8F\xE48L\x1Dy<\xD8\x9B\x8Cx\x85\x93\n\xA3`\xE9]\x90\xA2\x10I[\xE9\x84"
-      expected.force_encoding('ASCII-8BIT') if ''.respond_to?(:force_encoding)
-      assert_equal expected, OpenSSL::PKCS5.pbkdf2_hmac(pass, salt, 100, 64, 'SHA512')
-    end
+class TestPKCS5 < TestCase
 
+  def test_pbkdf2_hmac_sha1
+    pass = 'secret'
+    salt = 'sugar0'
+    iter = 42
+    keylen = 24
+    expected = "\a\xB6I\xE1)\xD8\xA6\x84\xC8D\b\xB2h(]\xBA\x87\xDE\e\xFC\x7F\e\xC3\x06"
+    expected.force_encoding('ASCII-8BIT') if ''.respond_to?(:force_encoding)
+    assert_equal expected, OpenSSL::PKCS5.pbkdf2_hmac_sha1(pass, salt, iter, keylen)
   end
+
+  def test_pbkdf2_hmac_sha1_with_empty_salt
+    pass = ' '
+    expected = "\x81\e\xE9F\xD8op\xA6\x9D\xF4=\tX\x13\x82D\xF7\xF3\x7F\xC8aFR+"
+    expected.force_encoding('ASCII-8BIT') if ''.respond_to?(:force_encoding)
+    assert_equal expected, OpenSSL::PKCS5.pbkdf2_hmac_sha1(pass, '', 16, 24)
+  end
+
+  def test_pbkdf2_hmac
+    pass = 'SecreT2'
+    salt = '0123456789001234567890'
+
+    digest = OpenSSL::Digest::MD5.new
+    expected = "\xC10D2\x8F\xEA}\xF7ag\xB5\xC8Ad\xFBN9Ff\x9D}\xA6\a\x86\x8F\xC4&HI\x85\x89<cGl\x02W\xF9\xD8\xF9\x1C\xAB\xFF\xA3\xC9C>U"
+    expected.force_encoding('ASCII-8BIT') if ''.respond_to?(:force_encoding)
+    assert_equal expected, OpenSSL::PKCS5.pbkdf2_hmac(pass, salt, 120, 48, digest)
+    assert_equal expected, OpenSSL::PKCS5.pbkdf2_hmac(pass, salt, 120, 48, digest)
+
+    digest = OpenSSL::Digest::SHA256.new
+    expected = "}\xF4\xE3\xBF\xA7u\xB3[l\xE0(\x84\x96W\xFA\x00h\xA1l#\xB8\xC0Ptirz\v\xBA\x0Es\n<\xF8\xB5(\x85\xDA\xFE\x02y\x14\xB5A`\x8F\xA3\x03\x95\xA7G\xB4pU\xB6pf=Q\x1Fz\x12u\x83"
+    expected.force_encoding('ASCII-8BIT') if ''.respond_to?(:force_encoding)
+    assert_equal expected, OpenSSL::PKCS5.pbkdf2_hmac(pass, salt, 100, 64, digest)
+
+    expected = "\x03\x1C\x86\xC7N?\xC3\xBC\xF30W\xEC\x9B\x89I\x8D\xE6|\xA1Y\xEF\bt\xB4\x17\xA9\x87\xCB\xEA\x7F\x92\xDB\x88N@\xCB\x17\xDF\xC4\x8F\xE48L\x1Dy<\xD8\x9B\x8Cx\x85\x93\n\xA3`\xE9]\x90\xA2\x10I[\xE9\x84"
+    expected.force_encoding('ASCII-8BIT') if ''.respond_to?(:force_encoding)
+    assert_equal expected, OpenSSL::PKCS5.pbkdf2_hmac(pass, salt, 100, 64, 'SHA512')
+  end
+
+
+  def test_pbkdf2_hmac_sha1_rfc6070_c_4096_len_16
+    p ="pass\0word"
+    s = "sa\0lt"
+    c = 4096
+    len = 16
+    raw = %w{ 56 fa 6a a7 55 48 09 9d cc 37 d7 f0 34 25 e0 c3 }
+    expected = [raw.join('')].pack('H*')
+    value = OpenSSL::KDF.pbkdf2_hmac(p, salt: s, iterations: c, length: len, hash: 'sha1')
+    assert_equal(expected, value)
+  end
+
+  def test_pbkdf2_hmac_sha256_c_20000_len_32
+    p ="password"
+    s = OpenSSL::Random.random_bytes(16)
+    c = 20000
+    len = 32
+    digest = OpenSSL::Digest::SHA256.new
+    value1 = OpenSSL::PKCS5.pbkdf2_hmac(p, s, c, len, digest)
+    value2 = OpenSSL::KDF.pbkdf2_hmac(p, salt: s, iterations: c, length: len, hash: digest)
+    assert_equal(value1, value2)
+  end
+
 end