aliquot-pay 0.11.0 → 0.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7eec587d3281533552894fd70d6cc8d4ced90cbdda7db6c73e1e76eb309ae7b0
-  data.tar.gz: 90fee6c67eb4788f465637edd52ace8896a27bf5306d686348734697b4e5a02b
+  metadata.gz: a5d8f8763b6da348c202d9ac6b747deb0f4c4e22b7ee63301dffc9c483f54369
+  data.tar.gz: 00a805257ee340456dfa3aa9920fac250f8831ed2061c8634402910e42c579d0
 SHA512:
-  metadata.gz: 1a760627b5669689879a54400603d3aecdd1df42b4a196a609cd28aeb1480c5dce7786eee56a1be694219ad0f5256e5585f4e11f453ed8f31efaeeaa3209d1fe
-  data.tar.gz: 78cb8535539ca5f6638a722528bb338381da856c25dd03eb25006020bc75b384f66165f83e0748232e145e308997e05828fdefd620541d8396d5281820aec37e
+  metadata.gz: b64c6ceaa8c0645557a1ec10c54fd10458ed4c03b5d52e223d10b0245ef222bed81cae829094a1eeac4958948e578cf577041c01eeaa0f7085f14aedf8692c9e
+  data.tar.gz: c2a7637c5bf0f7f6238045dbde732766267782de8b1d60af57ae533bd83a45c1a6610a73783356fe397609a48c5d904316199b16ac37570f4320dbf5fd2ad621

data/lib/aliquot-pay.rb

@@ -20,11 +20,20 @@ module AliquotPay
     Base64.strict_encode64(key.sign(d, message))
   end
 
-  def self.encrypt(cleartext_message, recipient, cipher, info = 'Google')
+  def self.encrypt(cleartext_message, recipient, protocol_version, info = 'Google')
     eph = AliquotPay::Util.generate_ephemeral_key
     ss  = AliquotPay::Util.generate_shared_secret(eph, recipient.public_key)
 
-    keys = AliquotPay::Util.derive_keys(eph.public_key.to_bn.to_s(2), ss, info, length: cipher.key_len)
+    case protocol_version
+    when :ECv1
+      cipher = OpenSSL::Cipher::AES128.new(:CTR)
+    when :ECv2
+      cipher = OpenSSL::Cipher::AES256.new(:CTR)
+    else
+      raise StandardError, "Invalid protocol_version #{protocol_version}"
+    end
+
+    keys = AliquotPay::Util.derive_keys(eph.public_key.to_bn.to_s(2), ss, info, protocol_version)
 
     cipher.encrypt
     cipher.key = keys[:aes_key]
@@ -75,17 +84,17 @@ module AliquotPay
   def self.generate_signature(*args)
     args.map do |s|
       four_byte_length(s) + s
-    end.join('')
+    end.join
   end
 
   def self.signature_string(
     message,
-    recipient_id:     "merchant:#{DEFAULTS[:merchant_id]}",
+    merchant_id:      DEFAULTS[:merchant_id],
     sender_id:        DEFAULTS[:info],
     protocol_version: 'ECv1'
   )
 
-    generate_signature(sender_id, recipient_id, protocol_version, message)
+    generate_signature(sender_id, "merchant:#{merchant_id}", protocol_version, message)
   end
 
   # payment::        Google Pay token as a ruby Hash
@@ -93,8 +102,7 @@ module AliquotPay
   # recipient::      OpenSSL::PKey::EC
   # signed_message:: Pass a customized message to sign as signed messaged.
   def self.generate_token_ecv1(payment, signing_key, recipient, signed_message = nil)
-    cipher = OpenSSL::Cipher::AES128.new(:CTR)
-    signed_message ||= JSON.unparse(encrypt(JSON.unparse(payment), recipient, cipher))
+    signed_message ||= encrypt(payment.to_json, recipient, :ECv1).to_json
     signature_string = signature_string(signed_message)
 
     {
@@ -106,17 +114,16 @@ module AliquotPay
 
   def self.generate_token_ecv2(payment, signing_key, intermediate_key, recipient,
                                signed_message: nil, expire_time:  "#{Time.now.to_i + 3600}000")
-    cipher = OpenSSL::Cipher::AES256.new(:CTR)
-    signed_message ||= JSON.unparse(encrypt(JSON.unparse(payment), recipient, cipher))
+    signed_message ||= encrypt(payment.to_json, recipient, :ECv2).to_json
     sig = signature_string(signed_message, protocol_version: 'ECv2')
 
     intermediate_pub = OpenSSL::PKey::EC.new(EC_CURVE)
     intermediate_pub.public_key = intermediate_key.public_key
 
-    signed_key = JSON.unparse(
+    signed_key = {
       'keyExpiration' => expire_time,
       'keyValue'      => Base64.strict_encode64(intermediate_pub.to_der)
-    )
+    }.to_json
 
     ik_signature_string = generate_signature('Google', 'ECv2', signed_key)
     signatures = [sign(signing_key, ik_signature_string)]

data/lib/aliquot-pay/util.rb

@@ -11,18 +11,27 @@ module AliquotPay
       private_key.dh_compute_key(public_key)
     end
 
-    def self.derive_keys(ephemeral_public_key, shared_secret, info, length: 32)
+    def self.derive_keys(ephemeral_public_key, shared_secret, info, protocol_version = :ECv2)
+      case protocol_version
+      when :ECv1
+        key_length = 16
+      when :ECv2
+        key_length = 32
+      else
+        raise StandardError, "invalid protocol_version #{protocol_version}"
+      end
+
       input_keying_material = ephemeral_public_key + shared_secret
       if OpenSSL.const_defined?(:KDF) && OpenSSL::KDF.respond_to?(:hkdf)
         h = OpenSSL::Digest::SHA256.new
-        hbytes = OpenSSL::KDF.hkdf(input_keying_material, hash: h, salt: '', length: length * 2, info: info)
+        hbytes = OpenSSL::KDF.hkdf(input_keying_material, hash: h, salt: '', length: key_length * 2, info: info)
       else
-        hbytes = HKDF.new(input_keying_material, algorithm: 'SHA256', info: info).next_bytes(length * 2)
+        hbytes = HKDF.new(input_keying_material, algorithm: 'SHA256', info: info).next_bytes(key_length * 2)
       end
 
       {
-        aes_key: hbytes[0..length - 1],
-        mac_key: hbytes[length..2 * length],
+        aes_key: hbytes[0, key_length],
+        mac_key: hbytes[key_length, key_length],
       }
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aliquot-pay
 version: !ruby/object:Gem::Version
-  version: 0.11.0
+  version: 0.12.0
 platform: ruby
 authors:
 - Clearhaus
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-01-11 00:00:00.000000000 Z
+date: 2019-01-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: hkdf
@@ -65,8 +65,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 3.0.2
 signing_key: 
 specification_version: 4
 summary: Generates Google Pay test dummy tokens