aliquot-pay 0.6.0 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d6ef1cc665eda9098620eba68b1ad54f84fbf95a7451000aed962e955df683bc
-  data.tar.gz: a6126ced2a1928849052ebed350163990d5f74aff97d26100f54a60189bb092f
+  metadata.gz: 44e7c529e137eb8f24695acbee32655f9a1099fb129037ae7a6b7fb9df7eb024
+  data.tar.gz: 30134f32f42423d14db49b1ddd3d52d1f9e2efc30c8646ffe64f1ffac199863b
 SHA512:
-  metadata.gz: 7ad4156b308d5f0cb263f0ceb2b64db99ec373f073bb71339cb0866812979448345cfee99beddebeaf816cdd38e0d17cb793c39832f366dfa108c9d368a257a8
-  data.tar.gz: 87a621a3d085c84cec0b393a737a3d05ae5d7afa5b144cfecac0babd1e8ce55d06727428b7fabad9f247c3191a2b26c6ae3369b9c2137e0930d4a9fb8f7ab362
+  metadata.gz: 8e8475d0481e3a95fa3211a305645921d07bbd5c50ff5d4e7288a7adbb8974da04fc91c886f3f22d628e5acb1cfc06f988f5203605fd59cdf934b13b1ed54f76
+  data.tar.gz: 4057c7276c7ce1f0fb9cc6cdfac418fa1a83a0e2a422570ab61205e49b6d0b19cdbdcd64e8c4612be6c4078af5b2a2448c8210a38a478a74b0e1b76fde46faf0

data/lib/aliquot-pay/util.rb

@@ -11,18 +11,18 @@ module AliquotPay
       private_key.dh_compute_key(public_key)
     end
 
-    def self.derive_keys(ephemeral_public_key, shared_secret, info)
+    def self.derive_keys(ephemeral_public_key, shared_secret, info, length: 32)
       input_keying_material = ephemeral_public_key + shared_secret
       if OpenSSL.const_defined?(:KDF) && OpenSSL::KDF.respond_to?(:hkdf)
         h = OpenSSL::Digest::SHA256.new
-        hbytes = OpenSSL::KDF.hkdf(input_keying_material, hash: h, salt: '', length: 32, info: info)
+        hbytes = OpenSSL::KDF.hkdf(input_keying_material, hash: h, salt: '', length: length * 2, info: info)
       else
-        hbytes = HKDF.new(input_keying_material, algorithm: 'SHA256', info: info).next_bytes(32)
+        hbytes = HKDF.new(input_keying_material, algorithm: 'SHA256', info: info).next_bytes(length * 2)
       end
 
       {
-        aes_key: hbytes[0..15],
-        mac_key: hbytes[16..32],
+        aes_key: hbytes[0..length - 1],
+        mac_key: hbytes[length..2 * length],
       }
     end
 

data/lib/aliquot-pay.rb

@@ -1,5 +1,6 @@
 require 'base64'
 require 'openssl'
+require 'json'
 
 require 'aliquot-pay/util'
 
@@ -13,23 +14,22 @@ module AliquotPay
     merchant_id: 'merchant:0123456789',
   }.freeze
 
-  def self.sign(key, encrypted_message)
+  def self.sign(key, message)
     d = OpenSSL::Digest::SHA256.new
     def key.private?; private_key?; end
-    Base64.strict_encode64(key.sign(d, encrypted_message))
+    Base64.strict_encode64(key.sign(d, message))
   end
 
-  def self.encrypt(cleartext_message, recipient, info = 'Google')
+  def self.encrypt(cleartext_message, recipient, cipher, info = 'Google')
     eph = AliquotPay::Util.generate_ephemeral_key
     ss  = AliquotPay::Util.generate_shared_secret(eph, recipient.public_key)
 
-    keys = AliquotPay::Util.derive_keys(eph.public_key.to_bn.to_s(2), ss, info)
+    keys = AliquotPay::Util.derive_keys(eph.public_key.to_bn.to_s(2), ss, info, length: cipher.key_len)
 
-    c = OpenSSL::Cipher::AES128.new(:CTR)
-    c.encrypt
-    c.key = keys[:aes_key]
+    cipher.encrypt
+    cipher.key = keys[:aes_key]
 
-    encrypted_message = c.update(cleartext_message) + c.final
+    encrypted_message = cipher.update(cleartext_message) + cipher.final
 
     tag = AliquotPay::Util.calculate_tag(keys[:mac_key], encrypted_message)
 
@@ -72,6 +72,12 @@ module AliquotPay
     [str.length].pack('V')
   end
 
+  def self.generate_signature(*args)
+    args.map do |s|
+      four_byte_length(s) + s
+    end.join('')
+  end
+
   def self.signature_string(
     message,
     recipient_id     = DEFAULTS[:merchant_id],
@@ -79,29 +85,46 @@ module AliquotPay
     protocol_version = 'ECv1'
   )
 
-    four_byte_length(sender_id) +
-      sender_id +
-      four_byte_length(recipient_id) +
-      recipient_id +
-      four_byte_length(protocol_version) +
-      protocol_version +
-      four_byte_length(message) +
-      message
+    generate_signature(sender_id, recipient_id, protocol_version, message)
   end
 
-  # payment:: Google Pay token as a ruby Hash
-  # signing_key::           OpenSSL::PKEY::EC
-  # recipient::             OpenSSL::PKey::EC
-  # encrypted_message::     SignedMessage
-  def self.generate_token(payment, signing_key, recipient, signed_message = nil)
-    signed_message ||= JSON.unparse(AliquotPay.encrypt(JSON.unparse(payment), recipient))
-
-    signature_string = AliquotPay.signature_string(signed_message)
+  # payment::        Google Pay token as a ruby Hash
+  # signing_key::    OpenSSL::PKEY::EC
+  # recipient::      OpenSSL::PKey::EC
+  # signed_message:: Pass a customized message to sign as signed messaged.
+  def self.generate_token_ecv1(payment, signing_key, recipient, signed_message = nil)
+    cipher = OpenSSL::Cipher::AES128.new(:CTR)
+    signed_message ||= JSON.unparse(encrypt(JSON.unparse(payment), recipient, cipher))
+    signature_string = signature_string(signed_message)
 
     {
       'protocolVersion' => 'ECv1',
-      'signature' =>       AliquotPay.sign(signing_key, signature_string),
+      'signature' =>       sign(signing_key, signature_string),
+      'signedMessage' =>   signed_message,
+    }
+  end
+
+  def self.generate_token_ecv2(payment, signing_key, intermediate_key, recipient, signed_message)
+    cipher = OpenSSL::Cipher::AES256.new(:CTR)
+    signed_message ||= JSON.unparse(encrypt(JSON.unparse(payment), recipient, cipher))
+    signature_string = signature_string(signed_message)
+
+    signed_key = JSON.unparse(
+      'keyExpiration' => "#{Time.now.to_i + 3600}000",
+      'keyValue'      => Base64.strict_encode64(intermediate_key.public_key.to_bn.to_s(2))
+    )
+
+    ik_signature_string = generate_signature('Google', 'ECv2', signed_key)
+    signatures = [sign(signing_key, ik_signature_string)]
+
+    {
+      'protocolVersion' => 'ECv2',
+      'signature' =>       sign(intermediate_key, signature_string),
       'signedMessage' =>   signed_message,
+      'interMediateSigningKey' => {
+        'signedKey'  => signed_key,
+        'signatures' => signatures,
+      },
     }
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aliquot-pay
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.7.0
 platform: ruby
 authors:
 - Clearhaus
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-01-08 00:00:00.000000000 Z
+date: 2019-01-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: hkdf