cose 0.10.0 → 0.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5cece173dd677644851673495e5ed8d9940683a19e435d1bdfeb7320676fc29a
-  data.tar.gz: d2d7d17a2681bc98d5071f7fcecd1169c287cb6c120967772b69cfa0ac981cae
+  metadata.gz: 1e9fc90b31beed1be2df01a443242f9ec5a7fdebb05ef995d067777e330be73b
+  data.tar.gz: 99264ff526cfb7d4bfd058ef0ffdd44cc65449fddc0eae35a89eb9520a4bd173
 SHA512:
-  metadata.gz: f6ad46ff1820c19f0ec92305b8ac019082da03273cd2230fdc6e8031ec07f12bc79f678b2c451d69231305982bbc16551bc8b7996898912aba0f84d9bedce6fd
-  data.tar.gz: 5652309b708b29c6cf51611d1f07214cd6d25b0ddfb34d22ebc8e25dbd1023c79914d1345d46fa9c1d991be5fe0c68cb4b2c4c489e2a37a61aeda966701767f5
+  metadata.gz: a75f55dfd35bc92435032765b7f69127b1c832c5ffe5d96626f86c159689c4b04bbfd07fe95785d522cdb201a48de2ff129b3af2c0e11623381bdd10ff42fef9
+  data.tar.gz: e3f98bc5c363da8e812fa3ba1e75175c2a0136679a929b96e1b8b353fcbbc1a60fd1fbcc50083a3e5e24378bcc66054b440baaaa472f66def24f260a1f550db2

data/.rubocop.yml

@@ -6,7 +6,7 @@ inherit_mode:
     - Exclude
 
 AllCops:
-  TargetRubyVersion: 2.3
+  TargetRubyVersion: 2.4
   DisabledByDefault: true
   Exclude:
     - "gemfiles/**/*"

data/.travis.yml

@@ -4,11 +4,10 @@ cache: bundler
 
 rvm:
   - ruby-head
-  - 2.7.0-preview3
+  - 2.7.0
   - 2.6.5
   - 2.5.7
   - 2.4.9
-  - 2.3.8
 
 gemfile:
   - gemfiles/openssl_head.gemfile

data/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## [v0.11.0] - 2020-01-30
+
+### Added
+
+- Let others easily support more signature algorithms by making `COSE::Algorithm::SignatureAlgorithm` smarter
+
 ## [v0.10.0] - 2019-12-19
 
 ### Added
@@ -109,6 +115,7 @@
 - EC2 key object
 - Works with ruby 2.5
 
+[v0.11.0]: https://github.com/cedarcode/cose-ruby/compare/v0.10.0...v0.11.0/
 [v0.10.0]: https://github.com/cedarcode/cose-ruby/compare/v0.9.0...v0.10.0/
 [v0.9.0]: https://github.com/cedarcode/cose-ruby/compare/v0.8.0...v0.9.0/
 [v0.8.0]: https://github.com/cedarcode/cose-ruby/compare/v0.7.0...v0.8.0/

data/cose.gemspec

@@ -29,9 +29,10 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.required_ruby_version = ">= 2.3"
+  spec.required_ruby_version = ">= 2.4"
 
   spec.add_dependency "cbor", "~> 0.5.9"
+  spec.add_dependency "openssl-signature_algorithm", "~> 0.3.0"
 
   spec.add_development_dependency "appraisal", "~> 2.2.0"
   spec.add_development_dependency "bundler", ">= 1.17", "< 3"

data/lib/cose/algorithm/base.rb

@@ -3,8 +3,6 @@
 module COSE
   module Algorithm
     class Base
-      BYTE_LENGTH = 8
-
       attr_reader :id, :name
 
       def initialize(id, name)

data/lib/cose/algorithm/ecdsa.rb

@@ -4,6 +4,7 @@ require "cose/algorithm/signature_algorithm"
 require "cose/error"
 require "cose/key/ec2"
 require "openssl"
+require "openssl/signature_algorithm/ecdsa"
 
 module COSE
   module Algorithm
@@ -16,18 +17,10 @@ module COSE
         @hash_function = hash_function
       end
 
-      def compatible_key?(key)
-        to_pkey(key)
-      rescue COSE::Error
-        false
-      end
-
       private
 
-      def valid_signature?(key, signature, verification_data)
-        pkey = to_pkey(key)
-
-        pkey.verify(hash_function, in_der(signature, pkey.group.degree), verification_data)
+      def signature_algorithm_class
+        OpenSSL::SignatureAlgorithm::ECDSA
       end
 
       def to_pkey(key)
@@ -40,23 +33,6 @@ module COSE
           raise(COSE::Error, "Incompatible key for algorithm")
         end
       end
-
-      # Borrowed from jwt rubygem.
-      # https://github.com/jwt/ruby-jwt/blob/7a6a3f1dbaff806993156d1dff9c217bb2523ff8/lib/jwt/security_utils.rb#L34-L39
-      #
-      # Hopefully this will be provided by openssl rubygem in the future.
-      def in_der(signature, key_length)
-        n = (key_length.to_f / BYTE_LENGTH).ceil
-
-        if signature.size == n * 2
-          r = signature[0..(n - 1)]
-          s = signature[n..-1]
-
-          OpenSSL::ASN1::Sequence.new([r, s].map { |int| OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(int, 2)) }).to_der
-        else
-          signature
-        end
-      end
     end
   end
 end

data/lib/cose/algorithm/hmac.rb

@@ -6,6 +6,8 @@ require "openssl"
 module COSE
   module Algorithm
     class HMAC < Base
+      BYTE_LENGTH = 8
+
       attr_reader :hash_function, :tag_length
 
       def initialize(*args, hash_function:, tag_length:)

data/lib/cose/algorithm/rsa_pss.rb

@@ -4,6 +4,7 @@ require "cose/algorithm/signature_algorithm"
 require "cose/key/rsa"
 require "cose/error"
 require "openssl"
+require "openssl/signature_algorithm/rsapss"
 
 module COSE
   module Algorithm
@@ -17,22 +18,10 @@ module COSE
         @salt_length = salt_length
       end
 
-      def compatible_key?(key)
-        to_pkey(key)
-      rescue COSE::Error
-        false
-      end
-
       private
 
-      def valid_signature?(key, signature, verification_data)
-        pkey = to_pkey(key)
-
-        if pkey.respond_to?(:verify_pss)
-          pkey.verify_pss(hash_function, signature, verification_data, salt_length: :digest, mgf1_hash: hash_function)
-        else
-          raise(COSE::Error, "Update to openssl gem >= v2.1 to have RSA-PSS support")
-        end
+      def signature_algorithm_class
+        OpenSSL::SignatureAlgorithm::RSAPSS
       end
 
       def to_pkey(key)

data/lib/cose/algorithm/signature_algorithm.rb

@@ -9,6 +9,33 @@ module COSE
       def verify(key, signature, verification_data)
         valid_signature?(key, signature, verification_data) || raise(COSE::Error, "Signature verification failed")
       end
+
+      def compatible_key?(key)
+        to_pkey(key)
+      rescue COSE::Error
+        false
+      end
+
+      private
+
+      def valid_signature?(key, signature, verification_data)
+        signature_algorithm = signature_algorithm_class.new(hash_function[3..-1])
+        signature_algorithm.verify_key = to_pkey(key)
+
+        begin
+          signature_algorithm.verify(signature, verification_data)
+        rescue OpenSSL::SignatureAlgorithm::Error
+          false
+        end
+      end
+
+      def signature_algorithm_class
+        raise NotImplementedError
+      end
+
+      def to_pkey(_key)
+        raise NotImplementedError
+      end
     end
   end
 end

data/lib/cose/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module COSE
-  VERSION = "0.10.0"
+  VERSION = "0.11.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cose
 version: !ruby/object:Gem::Version
-  version: 0.10.0
+  version: 0.11.0
 platform: ruby
 authors:
 - Gonzalo Rodriguez
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-12-19 00:00:00.000000000 Z
+date: 2020-01-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cbor
@@ -25,6 +25,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.5.9
+- !ruby/object:Gem::Dependency
+  name: openssl-signature_algorithm
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.0
 - !ruby/object:Gem::Dependency
   name: appraisal
   requirement: !ruby/object:Gem::Requirement
@@ -198,14 +212,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.3'
+      version: '2.4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.1
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Ruby implementation of RFC 8152 CBOR Object Signing and Encryption (COSE)