RubyGems - aliquot - Versions diffs - 0.11.0 → 0.12.0 - Mend

aliquot 0.11.0 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4ba838f9284bf05a6b396005bf21c4bbecefe36432457b4b5dfb48c76997353e
-  data.tar.gz: 96a202458e4bb76634375857f4af9c3a1f0f3529d0e2089e64b295345590778e
+  metadata.gz: a327bbbe5f475b924454c120979cb3bc965c5363c2740366a9f1abea19a59707
+  data.tar.gz: 044dd4f0c2daa2d72685133fbd27408247281449276c0e36cba1141778d98176
 SHA512:
-  metadata.gz: 6607632c5489062965cc3a95eb66b2a572af1821f0b4506d2e5e20ea23ba974741beb6091dfc16de78b3ba53ccab62a87c16a183dbf1d4f8b6ae9b01d6bde94c
-  data.tar.gz: d39edb966edf213869963edfaf753893a11dbe13b8f72af130be3ffb0c12da3a1dbf65b21448492500be9d63abfb8fffbfb7fdd5087dd9fbce292cd1dbe66bd0
+  metadata.gz: f25a55664501aa93322675512975d3471c4586112855d2d30f32b0f61fcad6240fdd3750d36e418feaa415f3a49ee752271f2d7c1dc5fe28cd6615fc5d16811b
+  data.tar.gz: e48a4d748adc053caa2e8a7770d5ef580fee0867497fa2d98dfac8cfc202a8183e3e8c900b56bac1cd121a95fadc4d8699511442263e93076d10e95ce53407af

data/lib/aliquot/payment.rb CHANGED

@@ -12,6 +12,7 @@ module Aliquot
   # It is used to verify/decrypt the supplied token by using the shared secret,
   # thus avoiding having knowledge of merchant primary keys.
   class Payment
+    SUPPORTED_PROTOCOL_VERSIONS = %w[ECv1 ECv2].freeze
     ##
     # Parameters:
     # token_string::  Google Pay token (JSON string)
@@ -39,40 +40,37 @@ module Aliquot
     # Validate and decrypt the token.
     def process
       unless valid_protocol_version?
-        raise Error, 'only ECv1 protocolVersion is supported'
+        raise Error, "supported protocol versions are #{SUPPORTED_PROTOCOL_VERSIONS.join(', ')}"
+      end
+      if protocol_version == 'ECv2'
+        @intermediate_key = validate_intermediate_key
+        raise InvalidSignatureError, 'intermediate certificate expired' if intermediate_key_expired?
       end
       check_shared_secret
-      raise InvalidSignatureError unless valid_signature?
+      check_signature
-      validator = Aliquot::Validator::SignedMessage.new(JSON.parse(@token[:signedMessage]))
-      validator.validate
-      signed_message = validator.output
+      @signed_message = validate_signed_message
       begin
-        aes_key, mac_key = derive_keys(signed_message[:ephemeralPublicKey], @shared_secret, 'Google')
+        aes_key, mac_key = derive_keys(@signed_message[:ephemeralPublicKey], @shared_secret, 'Google')
       rescue => e
         raise KeyDerivationError, "unable to derive keys, #{e.message}"
       end
-      unless self.class.valid_mac?(mac_key, signed_message[:encryptedMessage], signed_message[:tag])
-        raise InvalidMacError
-      end
+      raise InvalidMacError unless valid_mac?(mac_key)
       begin
-        @message = JSON.parse(self.class.decrypt(aes_key, signed_message[:encryptedMessage]))
+        @message = JSON.parse(decrypt(aes_key, @signed_message[:encryptedMessage]))
       rescue JSON::JSONError => e
         raise InputError, "encryptedMessage JSON invalid, #{e.message}"
       rescue => e
         raise DecryptionError, "decryption failed, #{e.message}"
       end
-      message_validator = Aliquot::Validator::EncryptedMessageValidator.new(@message)
-      message_validator.validate
-      # Output is hashed with symbolized keys.
-      @message = message_validator.output
+      @message = validate_message
       raise TokenExpiredError if expired?
@@ -84,47 +82,161 @@ module Aliquot
     end
     def valid_protocol_version?
-      protocol_version == 'ECv1'
+      SUPPORTED_PROTOCOL_VERSIONS.include?(protocol_version)
     end
-    ##
-    # Check if the token is expired, according to the messageExpiration included
-    # in the token.
-    def expired?
-      @message[:messageExpiration].to_f / 1000.0 <= Time.now.to_f
+    def validate_intermediate_key
+      # Valid JSON as it has been checked by Token Validator.
+      intermediate_key = JSON.parse(@token[:intermediateSigningKey][:signedKey])
+      validator = Aliquot::Validator::SignedKeyValidator.new(intermediate_key)
+      validator.validate
+      validator.output
+    end
+    def intermediate_key_expired?
+      cur_millis = (Time.now.to_f * 1000).round
+      @intermediate_key[:keyExpiration].to_i < cur_millis
     end
-    def valid_signature?
-      signed_string = ['Google', @merchant_id, protocol_version, @token[:signedMessage]].map do |str|
+    def check_shared_secret
+      begin
+        decoded = Base64.strict_decode64(@shared_secret)
+      rescue
+        raise InvalidSharedSecretError, 'shared_secret must be base64'
+      end
+      raise InvalidSharedSecretError, 'shared_secret must be 32 bytes when base64 decoded' unless decoded.length == 32
+    end
+    def check_signature
+      signed_string_message = ['Google', @merchant_id, protocol_version, @token[:signedMessage]].map do |str|
         [str.length].pack('V') + str
       end.join
+      message_signature = Base64.strict_decode64(@token[:signature])
+      root_signing_keys = root_keys
+      case protocol_version
+      when 'ECv1'
+        # Check if signature was performed directly with any possible key.
+        success =
+          root_signing_keys.map do |key|
+            key.verify(new_digest, message_signature, signed_string_message)
+          end.any?
+        raise InvalidSignatureError unless success
+      when 'ECv2'
+        signed_key_signature = ['Google', 'ECv2', @token[:intermediateSigningKey][:signedKey]].map do |str|
+          [str.length].pack('V') + str
+        end.join
+        # Check that the intermediate key signed the message
+        pkey = OpenSSL::PKey::EC.new(Base64.strict_decode64(@intermediate_key[:keyValue]))
+        raise InvalidSignatureError, 'intermediate did not sign message' unless pkey.verify(new_digest, message_signature, signed_string_message)
+        intermediate_signatures = @token[:intermediateSigningKey][:signatures]
+        # Check that a root signing key signed the intermediate
+        success = valid_intermediate_key_signatures?(
+          root_signing_keys,
+          intermediate_signatures,
+          signed_key_signature
+        )
+        raise InvalidSignatureError, 'intermediate not signed' unless success
+      end
+    rescue OpenSSL::PKey::PKeyError => e
+      # Catches problems with verifying signature. Can be caused by signature
+      # being valid ASN1 but having invalid structure.
+      raise InvalidSignatureError, e.message
+    end
+    def root_keys
+      root_signing_keys = JSON.parse(@signing_keys)['keys'].select do |key|
+        key['protocolVersion'] == protocol_version
+      end
+      root_signing_keys.map! do |key|
+        OpenSSL::PKey::EC.new(Base64.strict_decode64(key['keyValue']))
+      end
+    end
+    def valid_intermediate_key_signatures?(signing_keys, signatures, signed)
+      signing_keys.product(signatures).each do |key, sig|
+        return true if key.verify(new_digest, Base64.strict_decode64(sig), signed)
+      end
+      false
+    end
+    def validate_signed_message
+      signed_message = @token[:signedMessage]
+      validator = Aliquot::Validator::SignedMessage.new(JSON.parse(signed_message))
+      validator.validate
+      validator.output
+    end
+    # Keys are derived according to the Google Pay specification.
+    def derive_keys(ephemeral_public_key, shared_secret, info)
+      input_keying_material = Base64.strict_decode64(ephemeral_public_key) + Base64.strict_decode64(shared_secret)
+      key_len = new_cipher.key_len
-      keys = JSON.parse(@signing_keys)['keys']
-      # Check if signature was performed with any possible key.
-      keys.map do |key|
-        next if key['protocolVersion'] != protocol_version
+      key_bytes = if OpenSSL.const_defined?(:KDF) && OpenSSL::KDF.respond_to?(:hkdf)
+                    OpenSSL::KDF.hkdf(input_keying_material, hash: new_digest, salt: '', length: 2 * key_len, info: info)
+                  else
+                    HKDF.new(input_keying_material, algorithm: 'SHA256', info: info).next_bytes(2 * key_len)
+                  end
-        ec = OpenSSL::PKey::EC.new(Base64.strict_decode64(key['keyValue']))
-        ec.verify(OpenSSL::Digest::SHA256.new, Base64.strict_decode64(@token[:signature]), signed_string)
-      end.any?
+      [key_bytes[0..key_len - 1], key_bytes[key_len..2 * key_len]]
     end
-    def self.decrypt(key, encrypted)
-      c = OpenSSL::Cipher::AES128.new(:CTR)
+    def valid_mac?(mac_key)
+      data = Base64.strict_decode64(@signed_message[:encryptedMessage])
+      tag = @signed_message[:tag]
+      mac = OpenSSL::HMAC.digest(new_digest, mac_key, data)
+      compare(Base64.strict_encode64(mac), tag)
+    end
+    def decrypt(key, encrypted)
+      c = new_cipher
       c.key = key
       c.decrypt
       c.update(Base64.strict_decode64(encrypted)) + c.final
     end
-    def self.valid_mac?(mac_key, data, tag)
-      digest = OpenSSL::Digest::SHA256.new
-      mac = OpenSSL::HMAC.digest(digest, mac_key, Base64.strict_decode64(data))
+    def validate_message
+      validator = Aliquot::Validator::EncryptedMessageValidator.new(@message)
+      validator.validate
-      compare(Base64.strict_encode64(mac), tag)
+      # Output is hashed with symbolized keys.
+      validator.output
     end
-    def self.compare(a, b)
+    ##
+    # Check if the token is expired, according to the messageExpiration included
+    # in the token.
+    def expired?
+      @message[:messageExpiration].to_f / 1000.0 <= Time.now.to_f
+    end
+    def new_cipher
+      case protocol_version
+      when 'ECv1'
+        OpenSSL::Cipher::AES128.new(:CTR)
+      when 'ECv2'
+        OpenSSL::Cipher::AES256.new(:CTR)
+      end
+    end
+    def new_digest
+      OpenSSL::Digest::SHA256.new
+    end
+    def compare(a, b)
       return false unless a.length == b.length
       diffs = 0
@@ -137,31 +249,5 @@ module Aliquot
       diffs.zero?
     end
-    private
-    # Keys are derived according to the Google Pay specification.
-    def derive_keys(ephemeral_public_key, shared_secret, info)
-      input_keying_material = Base64.strict_decode64(ephemeral_public_key) + Base64.strict_decode64(shared_secret)
-      if OpenSSL.const_defined?(:KDF) && OpenSSL::KDF.respond_to?(:hkdf)
-        h = OpenSSL::Digest::SHA256.new
-        key_bytes = OpenSSL::KDF.hkdf(input_keying_material, hash: h, salt: '', length: 32, info: info)
-      else
-        key_bytes = HKDF.new(input_keying_material, algorithm: 'SHA256', info: info).next_bytes(32)
-      end
-      [key_bytes[0..15], key_bytes[16..32]]
-    end
-    def check_shared_secret
-      begin
-        decoded = Base64.strict_decode64(@shared_secret)
-      rescue
-        raise InvalidSharedSecretError, 'shared_secret must be base64'
-      end
-      raise InvalidSharedSecretError, 'shared_secret must be 32 bytes when base64 decoded' unless decoded.length == 32
-    end
   end
 end

data/lib/aliquot/validator.rb CHANGED

@@ -21,6 +21,7 @@ module Aliquot
         integer_string?:  'must be string encoded integer',
         month?:           'must be a month (1..12)',
         year?:            'must be a year (2000..3000)',
+        base64_asn1?:     'must be base64 encoded asn1 value',
         authMethodCryptogram3DS: 'authMethod CRYPTOGRAM_3DS requires eciIndicator',
         authMethodCard:          'eciIndicator/cryptogram must be omitted when PAN_ONLY',
@@ -61,6 +62,8 @@ module Aliquot
       predicate(:month?) { |x| x.between?(1, 12) }
       predicate(:year?) { |x| x.between?(2000, 3000) }
+      predicate(:base64_asn1?) { |x| OpenSSL::ASN1.decode(Base64.strict_decode64(x)) rescue false }
     end
     # Base for DRY-Validation schemas used in Aliquot.
@@ -71,13 +74,32 @@ module Aliquot
       end
     end
+    # Schema used for the 'intermediateSigningKey' hash included in ECv2.
+    IntermediateSigningKeySchema = Dry::Validation.Schema(BaseSchema) do
+      required(:signedKey).filled(:str?, :json_string?)
+      # TODO: Check if elements of array are valid signatures
+      required(:signatures).filled(:array?) { each { base64? & base64_asn1? } }
+    end
+    SignedKeySchema = Dry::Validation.Schema(BaseSchema) do
+      required(:keyExpiration).filled(:integer_string?)
+      required(:keyValue).filled(:ec_public_key?)
+    end
     # DRY-Validation schema for Google Pay token
     TokenSchema = Dry::Validation.Schema(BaseSchema) do
-      required(:signature).filled(:str?, :base64?)
+      required(:signature).filled(:str?, :base64?, :base64_asn1?)
       # Currently supposed to be ECv1, but may evolve.
       required(:protocolVersion).filled(:str?)
       required(:signedMessage).filled(:str?, :json_string?)
+      optional(:intermediateSigningKey).schema(IntermediateSigningKeySchema)
+      rule('ECv2 implies intermediateSigningKey': %i[protocolVersion intermediateSigningKey]) do |version, intermediatekey|
+        version.eql?('ECv2') > intermediatekey.filled?
+      end
     end
     # DRY-Validation schema for signedMessage component Google Pay token
@@ -180,5 +202,14 @@ module Aliquot
         @schema = EncryptedMessageSchema
       end
     end
+    class SignedKeyValidator
+      include InstanceMethods
+      class Error < ::Aliquot::Error; end
+      def initialize(input)
+        @input = input
+        @schema = SignedKeySchema
+      end
+    end
   end
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aliquot
 version: !ruby/object:Gem::Version
-  version: 0.11.0
+  version: 0.12.0
 platform: ruby
 authors:
 - Clearhaus
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-01-08 00:00:00.000000000 Z
+date: 2019-01-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dry-validation
@@ -58,42 +58,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.0
+        version: '0.8'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.0
+        version: '0.8'
 - !ruby/object:Gem::Dependency
-  name: pry
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3'
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3'
+        version: '0'
 description:
 email: hello@clearhaus.com
 executables: []