cose 0.11.0 → 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1e9fc90b31beed1be2df01a443242f9ec5a7fdebb05ef995d067777e330be73b
4
- data.tar.gz: 99264ff526cfb7d4bfd058ef0ffdd44cc65449fddc0eae35a89eb9520a4bd173
3
+ metadata.gz: f3fdc6957e5130367c9a1e8ab223b5c145d6caca1c04b01552410ef6d14bc740
4
+ data.tar.gz: 6849a1803ff3bb2e92bdf90b4226c8d023b07012b7cb18a915b9f816aed2e1dc
5
5
  SHA512:
6
- metadata.gz: a75f55dfd35bc92435032765b7f69127b1c832c5ffe5d96626f86c159689c4b04bbfd07fe95785d522cdb201a48de2ff129b3af2c0e11623381bdd10ff42fef9
7
- data.tar.gz: e3f98bc5c363da8e812fa3ba1e75175c2a0136679a929b96e1b8b353fcbbc1a60fd1fbcc50083a3e5e24378bcc66054b440baaaa472f66def24f260a1f550db2
6
+ metadata.gz: cc1093c925a437283fb6b7658bacd6bcd2f8427962dd4f1a5ac9a9a81341a5beaa8f1d21ce40b74372dd86fddf5df1f7702a6790f79d166fd1a5ea8ca359d66a
7
+ data.tar.gz: 6d11eb89cfc72edaaa9d3533c87f39d509efcff65d7c10070321c39144f91b3ef421bf8dd32b250d621f31fde8a766c98e2c516d8091af802749c707a25ee9d0
data/.rspec CHANGED
@@ -1,3 +1,3 @@
1
- --format documentation
2
1
  --color
3
2
  --require spec_helper
3
+ --order random
@@ -20,13 +20,12 @@ Gemspec:
20
20
  Layout:
21
21
  Enabled: true
22
22
 
23
+ Layout/LineLength:
24
+ Max: 120
25
+
23
26
  Lint:
24
27
  Enabled: true
25
28
 
26
- Metrics/LineLength:
27
- Max: 120
28
- IgnoreCopDirectives: true
29
-
30
29
  Naming:
31
30
  Enabled: true
32
31
 
@@ -1,5 +1,13 @@
1
1
  # Changelog
2
2
 
3
+ ## [v1.0.0] - 2020-03-29
4
+
5
+ ### Added
6
+
7
+ - Signature verification validates key `alg` is compatible with the signature algorithm
8
+
9
+ NOTE: No breaking changes. Moving out of v0.x` to express the intention to keep the public API stable.
10
+
3
11
  ## [v0.11.0] - 2020-01-30
4
12
 
5
13
  ### Added
@@ -115,6 +123,7 @@
115
123
  - EC2 key object
116
124
  - Works with ruby 2.5
117
125
 
126
+ [v1.0.0]: https://github.com/cedarcode/cose-ruby/compare/v0.11.0...v1.0.0/
118
127
  [v0.11.0]: https://github.com/cedarcode/cose-ruby/compare/v0.10.0...v0.11.0/
119
128
  [v0.10.0]: https://github.com/cedarcode/cose-ruby/compare/v0.9.0...v0.10.0/
120
129
  [v0.9.0]: https://github.com/cedarcode/cose-ruby/compare/v0.8.0...v0.9.0/
data/README.md CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  Ruby implementation of RFC [8152](https://tools.ietf.org/html/rfc8152) CBOR Object Signing and Encryption (COSE)
4
4
 
5
- [![Gem](https://img.shields.io/gem/v/cose.svg?style=flat-square)](https://rubygems.org/gems/cose)
5
+ [![Gem](https://img.shields.io/gem/v/cose.svg?style=flat-square&color=informational)](https://rubygems.org/gems/cose)
6
6
  [![Travis](https://img.shields.io/travis/cedarcode/cose-ruby.svg?style=flat-square)](https://travis-ci.org/cedarcode/cose-ruby)
7
7
 
8
8
  ## Installation
@@ -32,13 +32,13 @@ Gem::Specification.new do |spec|
32
32
  spec.required_ruby_version = ">= 2.4"
33
33
 
34
34
  spec.add_dependency "cbor", "~> 0.5.9"
35
- spec.add_dependency "openssl-signature_algorithm", "~> 0.3.0"
35
+ spec.add_dependency "openssl-signature_algorithm", "~> 0.4.0"
36
36
 
37
37
  spec.add_development_dependency "appraisal", "~> 2.2.0"
38
38
  spec.add_development_dependency "bundler", ">= 1.17", "< 3"
39
39
  spec.add_development_dependency "byebug", "~> 11.0"
40
40
  spec.add_development_dependency "rake", "~> 13.0"
41
41
  spec.add_development_dependency "rspec", "~> 3.8"
42
- spec.add_development_dependency "rubocop", "0.75.1"
42
+ spec.add_development_dependency "rubocop", "0.80.1"
43
43
  spec.add_development_dependency "rubocop-performance", "~> 1.4"
44
44
  end
@@ -19,6 +19,12 @@ module COSE
19
19
 
20
20
  private
21
21
 
22
+ def valid_key?(key)
23
+ cose_key = to_cose_key(key)
24
+
25
+ cose_key.is_a?(COSE::Key::EC2) && (!cose_key.alg || cose_key.alg == id)
26
+ end
27
+
22
28
  def signature_algorithm_class
23
29
  OpenSSL::SignatureAlgorithm::ECDSA
24
30
  end
@@ -20,6 +20,10 @@ module COSE
20
20
 
21
21
  private
22
22
 
23
+ def valid_key?(key)
24
+ to_cose_key(key).is_a?(COSE::Key::RSA)
25
+ end
26
+
23
27
  def signature_algorithm_class
24
28
  OpenSSL::SignatureAlgorithm::RSAPSS
25
29
  end
@@ -7,11 +7,12 @@ module COSE
7
7
  module Algorithm
8
8
  class SignatureAlgorithm < Base
9
9
  def verify(key, signature, verification_data)
10
+ compatible_key?(key) || raise(COSE::Error, "Incompatible key for signature verification")
10
11
  valid_signature?(key, signature, verification_data) || raise(COSE::Error, "Signature verification failed")
11
12
  end
12
13
 
13
14
  def compatible_key?(key)
14
- to_pkey(key)
15
+ valid_key?(key) && to_pkey(key)
15
16
  rescue COSE::Error
16
17
  false
17
18
  end
@@ -29,10 +30,25 @@ module COSE
29
30
  end
30
31
  end
31
32
 
33
+ def to_cose_key(key)
34
+ case key
35
+ when COSE::Key::Base
36
+ key
37
+ when OpenSSL::PKey::PKey
38
+ COSE::Key.from_pkey(key)
39
+ else
40
+ raise(COSE::Error, "Don't know how to transform #{key.class} to COSE::Key")
41
+ end
42
+ end
43
+
32
44
  def signature_algorithm_class
33
45
  raise NotImplementedError
34
46
  end
35
47
 
48
+ def valid_key?(_key)
49
+ raise NotImplementedError
50
+ end
51
+
36
52
  def to_pkey(_key)
37
53
  raise NotImplementedError
38
54
  end
@@ -20,7 +20,7 @@ module COSE
20
20
  }
21
21
  end
22
22
 
23
- def initialize(crv:, x: nil, d: nil, **keyword_arguments) # rubocop:disable Naming/UncommunicativeMethodParamName
23
+ def initialize(crv:, x: nil, d: nil, **keyword_arguments) # rubocop:disable Naming/MethodParameterName
24
24
  super(**keyword_arguments)
25
25
 
26
26
  if !crv
@@ -48,7 +48,7 @@ module COSE
48
48
 
49
49
  attr_reader :y
50
50
 
51
- def initialize(y: nil, **keyword_arguments) # rubocop:disable Naming/UncommunicativeMethodParamName
51
+ def initialize(y: nil, **keyword_arguments) # rubocop:disable Naming/MethodParameterName
52
52
  if (!y || !keyword_arguments[:x]) && !keyword_arguments[:d]
53
53
  raise ArgumentError, "Both x and y are required if d is missing"
54
54
  else
@@ -47,7 +47,7 @@ module COSE
47
47
 
48
48
  attr_reader :n, :e, :d, :p, :q, :dp, :dq, :qinv
49
49
 
50
- def initialize(n:, e:, d: nil, p: nil, q: nil, dp: nil, dq: nil, qinv: nil, **keyword_arguments) # rubocop:disable Naming/UncommunicativeMethodParamName
50
+ def initialize(n:, e:, d: nil, p: nil, q: nil, dp: nil, dq: nil, qinv: nil, **keyword_arguments) # rubocop:disable Naming/MethodParameterName
51
51
  super(**keyword_arguments)
52
52
 
53
53
  if !n
@@ -17,7 +17,7 @@ module COSE
17
17
  end
18
18
  end
19
19
 
20
- def initialize(k:, **keyword_arguments) # rubocop:disable Naming/UncommunicativeMethodParamName
20
+ def initialize(k:, **keyword_arguments) # rubocop:disable Naming/MethodParameterName
21
21
  super(**keyword_arguments)
22
22
 
23
23
  if !k
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module COSE
4
- VERSION = "0.11.0"
4
+ VERSION = "1.0.0"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cose
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.11.0
4
+ version: 1.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gonzalo Rodriguez
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: exe
11
11
  cert_chain: []
12
- date: 2020-01-30 00:00:00.000000000 Z
12
+ date: 2020-03-29 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: cbor
@@ -31,14 +31,14 @@ dependencies:
31
31
  requirements:
32
32
  - - "~>"
33
33
  - !ruby/object:Gem::Version
34
- version: 0.3.0
34
+ version: 0.4.0
35
35
  type: :runtime
36
36
  prerelease: false
37
37
  version_requirements: !ruby/object:Gem::Requirement
38
38
  requirements:
39
39
  - - "~>"
40
40
  - !ruby/object:Gem::Version
41
- version: 0.3.0
41
+ version: 0.4.0
42
42
  - !ruby/object:Gem::Dependency
43
43
  name: appraisal
44
44
  requirement: !ruby/object:Gem::Requirement
@@ -121,14 +121,14 @@ dependencies:
121
121
  requirements:
122
122
  - - '='
123
123
  - !ruby/object:Gem::Version
124
- version: 0.75.1
124
+ version: 0.80.1
125
125
  type: :development
126
126
  prerelease: false
127
127
  version_requirements: !ruby/object:Gem::Requirement
128
128
  requirements:
129
129
  - - '='
130
130
  - !ruby/object:Gem::Version
131
- version: 0.75.1
131
+ version: 0.80.1
132
132
  - !ruby/object:Gem::Dependency
133
133
  name: rubocop-performance
134
134
  requirement: !ruby/object:Gem::Requirement