akero 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. data/benchmark/bm_rate.png +0 -0
  2. data/benchmark/bm_size.png +0 -0
  3. data/lib/akero.rb +18 -34
  4. data/lib/akero/version.rb +1 -1
  5. data/spec/akero_spec.rb +2 -3
  6. metadata +4 -4
data/benchmark/bm_rate.png CHANGED
Binary file
data/benchmark/bm_size.png CHANGED
Binary file
data/lib/akero.rb CHANGED
@@ -73,7 +73,6 @@ class Akero
73
73
  ERR_MSG_NOT_STRING_NOR_PKCS7 = "Message must be of type String or OpenSSL::PKCS7" # @private
74
74
  ERR_MSG_CORRUPT_CERT = "Malformed message: Embedded certificate could not be verified; POSSIBLE SPOOF ATTEMPT!" # @private
75
75
  ERR_MSG_TOO_MANY_SIGNERS = "Corrupt message: Zero or multiple signers, expected exactly 1; POSSIBLE SPOOF ATTEMPT" # @private
76
- ERR_MSG_SIG_MISMATCH = "Inner signature does not match outer signature; POSSIBLE SPOOF ATTEMPT" # @private
77
76
 
78
77
  PKEY_HEADER = "-----BEGIN AKERO PRIVATE KEY-----\n" # @private
79
78
  PKEY_FOOTER = "-----END AKERO PRIVATE KEY-----\n" # @private
@@ -200,7 +199,7 @@ class Akero
200
199
  raise RuntimeError, ERR_INVALID_RECIPIENT
201
200
  end
202
201
  }
203
- Akero.replate(_sign(_encrypt(to, _sign(plaintext))).to_s, PLATE_CRYPTED)
202
+ Akero.replate(_sign(_encrypt(to, _sign(plaintext, false))).to_s, PLATE_CRYPTED)
204
203
  end
205
204
 
206
205
  # Receive an Akero message.
@@ -210,7 +209,7 @@ class Akero
210
209
  def receive(ciphertext)
211
210
  ciphertext = Akero.replate(ciphertext, Akero::PLATE_CRYPTED, true)
212
211
  begin
213
- body, outer_signer_cert, body_type = verify(ciphertext)
212
+ body, signer_cert, body_type = verify(ciphertext, nil)
214
213
  rescue ArgumentError
215
214
  raise RuntimeError, ERR_MSG_MALFORMED_ENV
216
215
  end
@@ -218,16 +217,12 @@ class Akero
218
217
  case body_type.ord
219
218
  when 0x00
220
219
  # public message (signed)
221
- return Message.new(body, outer_signer_cert, :signed)
220
+ return Message.new(body, signer_cert, :signed)
222
221
  when 0x01
223
222
  # private message (signed, crypted, signed)
224
223
  signed_plaintext = _decrypt(body)
225
- plaintext, inner_signer_cert, body_type = verify(signed_plaintext)
226
- msg = Message.new(plaintext, inner_signer_cert, :encrypted)
227
-
228
- if msg.from != Akero.fingerprint_from_cert(outer_signer_cert)
229
- raise RuntimeError, ERR_MSG_SIG_MISMATCH
230
- end
224
+ plaintext, verified_cert, body_type = verify(signed_plaintext, signer_cert)
225
+ msg = Message.new(plaintext, signer_cert, :encrypted)
231
226
  return msg
232
227
  end
233
228
  raise RuntimeError, ERR_MSG_MALFORMED_BODY
@@ -280,25 +275,13 @@ class Akero
280
275
  end
281
276
  end
282
277
 
283
- # Encrypt a message for one ore more recipients.
284
- #
285
- # @return [Array] Message_body, signer_certificate, body_type
286
278
  def _encrypt(to, msg, cipher=nil)
287
279
  cipher ||= OpenSSL::Cipher::new("AES-256-CFB")
288
280
  OpenSSL::PKCS7::encrypt(to, msg.to_der, cipher, OpenSSL::PKCS7::BINARY)
289
281
  end
290
282
 
291
- # Sign a message.
292
- #
293
- # @overload _sign(message)
294
- # Sign a message.
295
- # @param [String] message Message
296
- # @return [OpenSSL::PKCS7] Signed message
297
- # @overload _sign(message)
298
- # Sign a message.
299
- # @param [OpenSSL::PKCS7] message Message
300
- # @return [OpenSSL::PKCS7] Signed message
301
- def _sign(message)
283
+ def _sign(message, embed_cert=true)
284
+ flags = embed_cert ? OpenSSL::PKCS7::BINARY : (OpenSSL::PKCS7::BINARY | OpenSSL::PKCS7::NOCERTS)
302
285
  case message
303
286
  when String
304
287
  type = 0x00
@@ -308,25 +291,26 @@ class Akero
308
291
  raise RuntimeError, ERR_MSG_NOT_STRING_NOR_PKCS7
309
292
  end
310
293
  message = message.to_der if message.is_a? OpenSSL::PKCS7
311
- OpenSSL::PKCS7::sign(@cert, @key, type.chr + message, [], OpenSSL::PKCS7::BINARY)
294
+ OpenSSL::PKCS7::sign(@cert, @key, type.chr + message, [], flags)
312
295
  end
313
296
 
314
- # Verify a signed message against its embedded certificate.
315
- #
316
- # @return [Array] message_body, signer_certificate, body_type
317
- def verify(signed_msg)
297
+ def verify(signed_msg, cert)
318
298
  signed_msg = OpenSSL::PKCS7.new(signed_msg) if signed_msg.is_a? String
319
299
  store = OpenSSL::X509::Store.new
320
- if signed_msg.certificates.nil? or signed_msg.certificates.length != 1
321
- raise RuntimeError, ERR_MSG_TOO_MANY_SIGNERS
300
+
301
+ if cert.nil?
302
+ if signed_msg.certificates.nil? or signed_msg.certificates.length != 1
303
+ raise RuntimeError, ERR_MSG_TOO_MANY_SIGNERS
304
+ end
305
+
306
+ cert = signed_msg.certificates[0]
322
307
  end
323
308
 
324
- signer_cert = signed_msg.certificates[0]
325
- unless signed_msg.verify([signer_cert], store, nil, OpenSSL::PKCS7::NOINTERN | OpenSSL::PKCS7::NOVERIFY)
309
+ unless signed_msg.verify([cert], store, nil, OpenSSL::PKCS7::NOINTERN | OpenSSL::PKCS7::NOVERIFY)
326
310
  raise RuntimeError, ERR_MSG_CORRUPT_CERT
327
311
  end
328
312
 
329
- [signed_msg.data[1..-1], signer_cert, signed_msg.data[0]]
313
+ [signed_msg.data[1..-1], cert, signed_msg.data[0]]
330
314
  end
331
315
 
332
316
  # Generate new RSA keypair and certificate.
data/lib/akero/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  class Akero
2
- VERSION = "1.0.1"
2
+ VERSION = "1.0.2"
3
3
  end
data/spec/akero_spec.rb CHANGED
@@ -176,7 +176,7 @@ describe Akero do
176
176
  b = oscar.send(:_sign, a).to_s
177
177
  c = Akero.replate(b, Akero::PLATE_CRYPTED)
178
178
  subject.receive(c)
179
- }.should raise_error RuntimeError, Akero::ERR_MSG_SIG_MISMATCH
179
+ }.should raise_error RuntimeError, Akero::ERR_MSG_CORRUPT_CERT
180
180
  end
181
181
 
182
182
  it "raises RuntimeError on malformed inner message" do
@@ -205,10 +205,9 @@ describe Akero do
205
205
  fake_msg.stub(:verify).and_return(false)
206
206
  fake_msg.stub_chain(:certificates, :length).and_return(1)
207
207
  fake_msg.stub_chain(:certificates, :[]).and_return(nil)
208
- subject.send(:verify, fake_msg)
208
+ subject.send(:verify, fake_msg, nil)
209
209
  }.should raise_error RuntimeError, Akero::ERR_MSG_CORRUPT_CERT
210
210
  end
211
-
212
211
  end
213
212
 
214
213
  describe '#inspect' do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: akero
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1
4
+ version: 1.0.2
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-01-15 00:00:00.000000000 Z
12
+ date: 2013-01-16 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rb-inotify
@@ -192,7 +192,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
192
192
  version: '0'
193
193
  segments:
194
194
  - 0
195
- hash: 2497079939017139128
195
+ hash: 1964830564918929784
196
196
  required_rubygems_version: !ruby/object:Gem::Requirement
197
197
  none: false
198
198
  requirements:
@@ -201,7 +201,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
201
201
  version: '0'
202
202
  segments:
203
203
  - 0
204
- hash: 2497079939017139128
204
+ hash: 1964830564918929784
205
205
  requirements: []
206
206
  rubyforge_project:
207
207
  rubygems_version: 1.8.23