cose 0.8.0 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3f2e83dd45585da762903b90f50376dcc75f175acf5ebbc3804763a963dfedfc
-  data.tar.gz: 6f83ee059a2b00539f20b932c9b6382df837aef0dbb42e201be344b055a51dbf
+  metadata.gz: ad1f050dae008442fcd66013cf0b0dcd6c192b66c8fb308b7aeed1fdd53687f7
+  data.tar.gz: 2917bb5f18b73c9651ca33946aea646f72fcfb3d3ee84dc26bf653b7e2573a71
 SHA512:
-  metadata.gz: 536b1620403cf8f2a6d54ffd8c7918fc0196e3fbb14b0c8ccf99ad85620184463cc92140b6ad1e810d06afeb84c4b9ce03d17c926a316270df2a3eb77f922f10
-  data.tar.gz: 230af044b097a08fd714bb180ce41e3df194c6c880f046d7628acb984d954c0f7308a5e9a89c52705c0e9341f2404f24753a4cc5e47da89784d21a7b32734a23
+  metadata.gz: da3842878fc2de2d47006aeea49fdc644197226362de585f4b1692929676d0fa048567b29091682ede9f31aeda0a704db88a79f0773548342720c4bcb5a98969
+  data.tar.gz: edf9e3bef367c32a46c8a554a422df690c2156fcabc61c55c658cfa1f0b67f70471a9566052574c92bb640002196dc33244a19c86bb7368d00c35447142a4063

data/.gitmodules

@@ -0,0 +1,3 @@
+[submodule "spec/fixtures/cose-wg-examples"]
+	path = spec/fixtures/cose-wg-examples
+	url = https://github.com/cose-wg/Examples

data/.rubocop.yml

@@ -6,7 +6,7 @@ inherit_mode:
     - Exclude
 
 AllCops:
-  TargetRubyVersion: 2.2
+  TargetRubyVersion: 2.3
   DisabledByDefault: true
   Exclude:
     - "gemfiles/**/*"

data/.travis.yml

@@ -5,11 +5,10 @@ cache: bundler
 rvm:
   - ruby-head
   - 2.7.0-preview1
-  - 2.6.3
-  - 2.5.5
-  - 2.4.6
+  - 2.6.4
+  - 2.5.6
+  - 2.4.7
   - 2.3.8
-  - 2.2.10
 
 gemfile:
   - gemfiles/openssl_head.gemfile
@@ -17,19 +16,11 @@ gemfile:
   - gemfiles/openssl_2_0.gemfile
   - gemfiles/openssl_default.gemfile
 
-before_install: gem install bundler -v '~> 1.17'
+before_install: gem install bundler -v '~> 2.0'
 
 matrix:
   fast_finish: true
   allow_failures:
     - rvm: ruby-head
     - rvm: 2.7.0-preview1
-    - rvm: 2.2.10
     - gemfile: gemfiles/openssl_head.gemfile
-  exclude:
-    - rvm: 2.2.10
-      gemfile: gemfiles/openssl_head.gemfile
-    - rvm: 2.2.10
-      gemfile: gemfiles/openssl_2_1.gemfile
-    - rvm: 2.2.10
-      gemfile: gemfiles/openssl_2_0.gemfile

data/Appraisals

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 appraise "openssl_head" do
   gem "openssl", git: "https://github.com/ruby/openssl"
 end

data/CHANGELOG.md

@@ -1,5 +1,14 @@
 # Changelog
 
+## [v0.9.0] - 2019-08-31
+
+### Added
+
+- `COSE::Sign1#verify`
+- `COSE::Sign#verify`
+- `COSE::Mac0#verify`
+- `COSE::Mac#verify`
+
 ## [v0.8.0] - 2019-08-17
 
 ### Added
@@ -86,6 +95,7 @@
 - EC2 key object
 - Works with ruby 2.5
 
+[v0.8.0]: https://github.com/cedarcode/cose-ruby/compare/v0.8.0...v0.9.0/
 [v0.8.0]: https://github.com/cedarcode/cose-ruby/compare/v0.7.0...v0.8.0/
 [v0.7.0]: https://github.com/cedarcode/cose-ruby/compare/v0.6.1...v0.7.0/
 [v0.6.1]: https://github.com/cedarcode/cose-ruby/compare/v0.6.0...v0.6.1/

data/README.md

@@ -145,15 +145,14 @@ cbor_data = "..."
 
 sign = COSE::Sign.deserialize(cbor_data)
 
-sign.protected_headers
-sign.unprotected_headers
-sign.payload
+# Verify by doing (key should be a COSE::Key):
+sign.verify(key)
 
-sign.signatures.each do |signature|
-  signature.protected_headers
-  signature.unprotected_headers
-  signature.signature
-end
+# or, if externally supplied authenticated data exists:
+sign.verify(key, external_aad)
+
+# Then access payload
+sign.payload
 ```
 
 #### COSE_Sign1
@@ -163,10 +162,14 @@ cbor_data = "..."
 
 sign1 = COSE::Sign1.deserialize(cbor_data)
 
-sign1.protected_headers
-sign1.unprotected_headers
+# Verify by doing (key should be a COSE::Key):
+sign1.verify(key)
+
+# or, if externally supplied authenticated data exists:
+sign1.verify(key, external_aad)
+
+# Then access payload
 sign1.payload
-sign1.signature
 ```
 
 ### MAC Objects
@@ -178,24 +181,14 @@ cbor_data = "..."
 
 mac = COSE::Mac.deserialize(cbor_data)
 
-mac.protected_headers
-mac.unprotected_headers
-mac.payload
-mac.tag
+# Verify by doing (key should be a COSE::Key::Symmetric):
+mac.verify(key)
 
-mac.recipients.each do |recipient|
-  recipient.protected_headers
-  recipient.unprotected_headers
-  recipient.ciphertext
+# or, if externally supplied authenticated data exists:
+mac.verify(key, external_aad)
 
-  if recipient.recipients
-    recipient.recipients.each do |recipient|
-      recipient.protected_headers
-      recipient.unprotected_headers
-      recipient.ciphertext
-    end
-  end
-end
+# Then access payload
+mac.payload
 ```
 
 #### COSE_Mac0
@@ -205,10 +198,14 @@ cbor_data = "..."
 
 mac0 = COSE::Mac0.deserialize(cbor_data)
 
-mac0.protected_headers
-mac0.unprotected_headers
+# Verify by doing (key should be a COSE::Key::Symmetric):
+mac0.verify(key)
+
+# or, if externally supplied authenticated data exists:
+mac0.verify(key, external_aad)
+
+# Then access payload
 mac0.payload
-mac0.tag
 ```
 
 ### Encryption Objects

data/SECURITY.md

@@ -4,9 +4,9 @@
 
 | Version | Supported          |
 | ------- | ------------------ |
+| 0.9.z   | :white_check_mark: |
 | 0.8.z   | :white_check_mark: |
-| 0.7.z   | :white_check_mark: |
-| < 0.7   | :x:                |
+| < 0.8   | :x:                |
 
 ## Reporting a Vulnerability
 

data/cose.gemspec

@@ -29,7 +29,7 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.required_ruby_version = ">= 2.2"
+  spec.required_ruby_version = ">= 2.3"
 
   spec.add_dependency "cbor", "~> 0.5.9"
 
@@ -38,6 +38,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "byebug", ">= 10.0"
   spec.add_development_dependency "rake", "~> 12.3"
   spec.add_development_dependency "rspec", "~> 3.8"
-  spec.add_development_dependency "rubocop", "0.68.0"
-  spec.add_development_dependency "rubocop-performance", "~> 1.3"
+  spec.add_development_dependency "rubocop", "0.74.0"
+  spec.add_development_dependency "rubocop-performance", "~> 1.4"
 end

data/lib/cose.rb

@@ -2,6 +2,7 @@
 
 require "cose/encrypt"
 require "cose/encrypt0"
+require "cose/error"
 require "cose/key"
 require "cose/mac"
 require "cose/mac0"

data/lib/cose/algorithm.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require "cose/algorithm/ecdsa"
+require "cose/algorithm/hmac"
+require "cose/algorithm/rsa_pss"
+
+module COSE
+  module Algorithm
+    @registered_by_id = {}
+    @registered_by_name = {}
+
+    def self.register(algorithm)
+      @registered_by_id[algorithm.id] = algorithm
+      @registered_by_name[algorithm.name] = algorithm
+    end
+
+    def self.find(id_or_name)
+      by_id(id_or_name) || by_name(id_or_name)
+    end
+
+    def self.by_id(id)
+      @registered_by_id[id]
+    end
+
+    def self.by_name(name)
+      @registered_by_name[name]
+    end
+
+    register(ECDSA.new(-7, "ES256", hash_function: "SHA256"))
+    register(ECDSA.new(-35, "ES384", hash_function: "SHA384"))
+    register(ECDSA.new(-36, "ES512", hash_function: "SHA512"))
+    register(RSAPSS.new(-37, "PS256", hash_function: "SHA256", salt_length: 32))
+    register(RSAPSS.new(-38, "PS384", hash_function: "SHA384", salt_length: 48))
+    register(RSAPSS.new(-39, "PS512", hash_function: "SHA512", salt_length: 64))
+    register(HMAC.new(4, "HMAC 256/64", hash_function: "SHA256", tag_length: 64))
+    register(HMAC.new(5, "HMAC 256/256", hash_function: "SHA256", tag_length: 256))
+    register(HMAC.new(6, "HMAC 384/384", hash_function: "SHA384", tag_length: 384))
+    register(HMAC.new(7, "HMAC 512/512", hash_function: "SHA512", tag_length: 512))
+  end
+end

data/lib/cose/algorithm/base.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module COSE
+  module Algorithm
+    class Base
+      BYTE_LENGTH = 8
+
+      attr_reader :id, :name
+
+      def initialize(id, name)
+        @id = id
+        @name = name
+      end
+    end
+  end
+end

data/lib/cose/algorithm/ecdsa.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+require "cose/algorithm/signature_algorithm"
+require "cose/error"
+require "cose/key/ec2"
+require "openssl"
+
+module COSE
+  module Algorithm
+    class ECDSA < SignatureAlgorithm
+      attr_reader :hash_function
+
+      def initialize(*args, hash_function:)
+        super(*args)
+
+        @hash_function = hash_function
+      end
+
+      def compatible_key?(key)
+        to_pkey(key)
+      rescue COSE::Error
+        false
+      end
+
+      private
+
+      def valid_signature?(key, signature, verification_data)
+        pkey = to_pkey(key)
+
+        pkey.verify(hash_function, in_der(signature, pkey.group.degree), verification_data)
+      end
+
+      def to_pkey(key)
+        case key
+        when COSE::Key::EC2
+          key.to_pkey
+        when OpenSSL::PKey::EC
+          key
+        else
+          raise(COSE::Error, "Incompatible key for algorithm")
+        end
+      end
+
+      # Borrowed from jwt rubygem.
+      # https://github.com/jwt/ruby-jwt/blob/7a6a3f1dbaff806993156d1dff9c217bb2523ff8/lib/jwt/security_utils.rb#L34-L39
+      #
+      # Hopefully this will be provided by openssl rubygem in the future.
+      def in_der(signature, key_length)
+        n = (key_length.to_f / BYTE_LENGTH).ceil
+
+        if signature.size == n * 2
+          r = signature[0..(n - 1)]
+          s = signature[n..-1]
+
+          OpenSSL::ASN1::Sequence.new([r, s].map { |int| OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(int, 2)) }).to_der
+        else
+          signature
+        end
+      end
+    end
+  end
+end

data/lib/cose/algorithm/hmac.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require "cose/algorithm/base"
+require "openssl"
+
+module COSE
+  module Algorithm
+    class HMAC < Base
+      attr_reader :hash_function, :tag_length
+
+      def initialize(*args, hash_function:, tag_length:)
+        super(*args)
+
+        @hash_function = hash_function
+        @tag_length = tag_length
+      end
+
+      def mac(key, to_be_signed)
+        mac = OpenSSL::HMAC.digest(hash_function, key, to_be_signed)
+
+        if tag_bytesize && tag_bytesize < mac.bytesize
+          mac.byteslice(0, tag_bytesize)
+        else
+          mac
+        end
+      end
+
+      private
+
+      def tag_bytesize
+        @tag_bytesize ||=
+          if tag_length
+            tag_length / BYTE_LENGTH
+          end
+      end
+    end
+  end
+end

data/lib/cose/algorithm/rsa_pss.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+require "cose/algorithm/signature_algorithm"
+require "cose/key/rsa"
+require "cose/error"
+require "openssl"
+
+module COSE
+  module Algorithm
+    class RSAPSS < SignatureAlgorithm
+      attr_reader :hash_function, :salt_length
+
+      def initialize(*args, hash_function:, salt_length:)
+        super(*args)
+
+        @hash_function = hash_function
+        @salt_length = salt_length
+      end
+
+      def compatible_key?(key)
+        to_pkey(key)
+      rescue COSE::Error
+        false
+      end
+
+      private
+
+      def valid_signature?(key, signature, verification_data)
+        pkey = to_pkey(key)
+
+        if pkey.respond_to?(:verify_pss)
+          pkey.verify_pss(hash_function, signature, verification_data, salt_length: :digest, mgf1_hash: hash_function)
+        else
+          raise(COSE::Error, "Update to openssl gem >= v2.1 to have RSA-PSS support")
+        end
+      end
+
+      def to_pkey(key)
+        case key
+        when COSE::Key::RSA
+          key.to_pkey
+        when OpenSSL::PKey::RSA
+          key
+        else
+          raise(COSE::Error, "Incompatible key for algorithm")
+        end
+      end
+    end
+  end
+end

data/lib/cose/algorithm/signature_algorithm.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+require "cose/algorithm/base"
+require "cose/error"
+
+module COSE
+  module Algorithm
+    class SignatureAlgorithm < Base
+      def verify(key, signature, verification_data)
+        valid_signature?(key, signature, verification_data) || raise(COSE::Error, "Signature verification failed")
+      end
+    end
+  end
+end

data/lib/cose/encrypt.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "cose/security_message"
 require "cose/recipient"
 

data/lib/cose/encrypt0.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "cose/security_message"
 
 module COSE

data/lib/cose/error.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module COSE
+  class Error < StandardError; end
+end

data/lib/cose/key.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "cbor"
 require "cose/key/ec2"
 require "cose/key/okp"

data/lib/cose/key/curve.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module COSE
   module Key
     # https://tools.ietf.org/html/rfc8152#section-13.1

data/lib/cose/mac.rb

@@ -1,25 +1,42 @@
-require "cbor"
+# frozen_string_literal: true
+
 require "cose/recipient"
-require "cose/security_message"
+require "cose/mac0"
 
 module COSE
-  class Mac < SecurityMessage
-    attr_reader :payload, :tag, :recipients
+  class Mac < Mac0
+    CONTEXT = "MAC"
+
+    attr_reader :recipients
 
     def self.keyword_arguments_for_initialize(decoded)
-      {
-        payload: CBOR.decode(decoded[0]),
-        tag: decoded[1],
-        recipients: decoded[2].map { |s| COSE::Recipient.deserialize(s) }
-      }
+      super.merge(recipients: decoded.last.map { |r| COSE::Recipient.from_array(r) })
     end
 
-    def initialize(payload:, tag:, recipients:, **keyword_arguments)
+    def self.tag
+      97
+    end
+
+    def initialize(recipients:, **keyword_arguments)
       super(**keyword_arguments)
 
-      @payload = payload
-      @tag = tag
       @recipients = recipients
     end
+
+    def verify(key, external_aad = nil)
+      recipient = recipients.detect { |r| r.headers.kid == key.kid }
+
+      if recipient
+        super
+      else
+        raise(COSE::Error, "No recipient match the key")
+      end
+    end
+
+    private
+
+    def context
+      CONTEXT
+    end
   end
 end

data/lib/cose/mac0.rb

@@ -1,12 +1,21 @@
+# frozen_string_literal: true
+
 require "cbor"
 require "cose/security_message"
+require "openssl"
 
 module COSE
   class Mac0 < SecurityMessage
+    CONTEXT = "MAC0"
+
     attr_reader :payload, :tag
 
     def self.keyword_arguments_for_initialize(decoded)
-      { payload: CBOR.decode(decoded[0]), tag: decoded[1] }
+      { payload: decoded[0], tag: decoded[1] }
+    end
+
+    def self.tag
+      17
     end
 
     def initialize(payload:, tag:, **keyword_arguments)
@@ -15,5 +24,19 @@ module COSE
       @payload = payload
       @tag = tag
     end
+
+    def verify(key, external_aad = nil)
+      tag == algorithm.mac(key.k, data(external_aad)) || raise(COSE::Error, "Mac0 verification failed")
+    end
+
+    private
+
+    def data(external_aad = nil)
+      CBOR.encode([context, serialized_map(protected_headers), external_aad || zero_length_bin_string, payload])
+    end
+
+    def context
+      CONTEXT
+    end
   end
 end

data/lib/cose/recipient.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "cose/security_message"
 
 module COSE

data/lib/cose/security_message.rb

@@ -1,26 +1,71 @@
+# frozen_string_literal: true
+
 require "cbor"
+require "cose/algorithm"
+require "cose/error"
+require "cose/security_message/headers"
 
 module COSE
   class SecurityMessage
+    ZERO_LENGTH_BIN_STRING = "".b
+
     attr_reader :protected_headers, :unprotected_headers
 
     def self.deserialize(cbor)
       decoded = CBOR.decode(cbor)
 
-      if decoded.respond_to?(:value)
+      if decoded.is_a?(CBOR::Tagged)
+        if respond_to?(:tag) && tag != decoded.tag
+          raise(COSE::Error, "Invalid CBOR tag")
+        end
+
         decoded = decoded.value
       end
 
+      from_array(decoded)
+    end
+
+    def self.from_array(array)
       new(
-        protected_headers: CBOR.decode(decoded[0]),
-        unprotected_headers: decoded[1],
-        **keyword_arguments_for_initialize(decoded[2..-1])
+        protected_headers: deserialize_headers(array[0]),
+        unprotected_headers: array[1],
+        **keyword_arguments_for_initialize(array[2..-1])
       )
     end
 
+    def self.deserialize_headers(data)
+      if data == ZERO_LENGTH_BIN_STRING
+        {}
+      else
+        CBOR.decode(data)
+      end
+    end
+
     def initialize(protected_headers:, unprotected_headers:)
       @protected_headers = protected_headers
       @unprotected_headers = unprotected_headers
     end
+
+    def algorithm
+      @algorithm ||= COSE::Algorithm.find(headers.alg) || raise(COSE::Error, "Unsupported algorithm '#{headers.alg}'")
+    end
+
+    def headers
+      @headers ||= Headers.new(protected_headers, unprotected_headers)
+    end
+
+    private
+
+    def serialized_map(map)
+      if map && !map.empty?
+        map.to_cbor
+      else
+        zero_length_bin_string
+      end
+    end
+
+    def zero_length_bin_string
+      ZERO_LENGTH_BIN_STRING
+    end
   end
 end

data/lib/cose/security_message/headers.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module COSE
+  class SecurityMessage
+    class Headers
+      HEADER_LABEL_ALG = 1
+      HEADER_LABEL_KID = 4
+
+      attr_reader :protected_bucket, :unprotected_bucket
+
+      def initialize(protected_bucket, unprotected_bucket)
+        @protected_bucket = protected_bucket
+        @unprotected_bucket = unprotected_bucket
+      end
+
+      def alg
+        header(HEADER_LABEL_ALG)
+      end
+
+      def kid
+        header(HEADER_LABEL_KID)
+      end
+
+      private
+
+      def header(label)
+        protected_bucket[label] || unprotected_bucket[label]
+      end
+    end
+  end
+end

data/lib/cose/sign.rb

@@ -1,13 +1,22 @@
+# frozen_string_literal: true
+
 require "cbor"
+require "cose/error"
 require "cose/security_message"
 require "cose/signature"
 
 module COSE
   class Sign < SecurityMessage
+    CONTEXT = "Signature"
+
     attr_reader :payload, :signatures
 
     def self.keyword_arguments_for_initialize(decoded)
-      { payload: CBOR.decode(decoded[0]), signatures: decoded[1].map { |s| COSE::Signature.deserialize(s) } }
+      { payload: decoded[0], signatures: decoded[1].map { |s| COSE::Signature.from_array(s) } }
+    end
+
+    def self.tag
+      98
     end
 
     def initialize(payload:, signatures:, **keyword_arguments)
@@ -16,5 +25,30 @@ module COSE
       @payload = payload
       @signatures = signatures
     end
+
+    def verify(key, external_aad = nil)
+      signature = signatures.detect { |s| s.headers.kid == key.kid }
+
+      if signature
+        signature.algorithm.verify(key, signature.signature, verification_data(signature, external_aad))
+      else
+        raise(COSE::Error, "No signature matches key kid")
+      end
+    end
+
+    private
+
+    def verification_data(signature, external_aad = nil)
+      @verification_data ||=
+        CBOR.encode(
+          [
+            CONTEXT,
+            serialized_map(protected_headers),
+            serialized_map(signature.protected_headers),
+            external_aad || ZERO_LENGTH_BIN_STRING,
+            payload
+          ]
+        )
+    end
   end
 end

data/lib/cose/sign1.rb

@@ -1,12 +1,21 @@
+# frozen_string_literal: true
+
 require "cbor"
+require "cose/error"
 require "cose/security_message"
 
 module COSE
   class Sign1 < SecurityMessage
+    CONTEXT = "Signature1"
+
     attr_reader :payload, :signature
 
     def self.keyword_arguments_for_initialize(decoded)
-      { payload: CBOR.decode(decoded[0]), signature: decoded[1] }
+      { payload: decoded[0], signature: decoded[1] }
+    end
+
+    def self.tag
+      18
     end
 
     def initialize(payload:, signature:, **keyword_arguments)
@@ -15,5 +24,19 @@ module COSE
       @payload = payload
       @signature = signature
     end
+
+    def verify(key, external_aad = nil)
+      if key.kid == headers.kid
+        algorithm.verify(key, signature, verification_data(external_aad))
+      else
+        raise(COSE::Error, "Non matching kid")
+      end
+    end
+
+    private
+
+    def verification_data(external_aad = nil)
+      CBOR.encode([CONTEXT, serialized_map(protected_headers), external_aad || ZERO_LENGTH_BIN_STRING, payload])
+    end
   end
 end

data/lib/cose/signature.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "cose/security_message"
 
 module COSE

data/lib/cose/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module COSE
-  VERSION = "0.8.0"
+  VERSION = "0.9.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cose
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.9.0
 platform: ruby
 authors:
 - Gonzalo Rodriguez
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-08-17 00:00:00.000000000 Z
+date: 2019-08-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cbor
@@ -107,28 +107,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.68.0
+        version: 0.74.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.68.0
+        version: 0.74.0
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1.4'
 description: 
 email:
 - gonzalo@cedarcode.com
@@ -138,6 +138,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".gitmodules"
 - ".rspec"
 - ".rubocop.yml"
 - ".travis.yml"
@@ -156,8 +157,15 @@ files:
 - gemfiles/openssl_default.gemfile
 - gemfiles/openssl_head.gemfile
 - lib/cose.rb
+- lib/cose/algorithm.rb
+- lib/cose/algorithm/base.rb
+- lib/cose/algorithm/ecdsa.rb
+- lib/cose/algorithm/hmac.rb
+- lib/cose/algorithm/rsa_pss.rb
+- lib/cose/algorithm/signature_algorithm.rb
 - lib/cose/encrypt.rb
 - lib/cose/encrypt0.rb
+- lib/cose/error.rb
 - lib/cose/key.rb
 - lib/cose/key/base.rb
 - lib/cose/key/curve.rb
@@ -170,6 +178,7 @@ files:
 - lib/cose/mac0.rb
 - lib/cose/recipient.rb
 - lib/cose/security_message.rb
+- lib/cose/security_message/headers.rb
 - lib/cose/sign.rb
 - lib/cose/sign1.rb
 - lib/cose/signature.rb
@@ -189,7 +198,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.2'
+      version: '2.3'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="