RubyGems - cose - Versions diffs - 1.0.0 → 1.2.1 - Mend

cose 1.0.0 → 1.2.1

Files changed (19) hide show

checksums.yaml +4 -4
data/.github/workflows/build.yml +38 -0
data/Appraisals +6 -2
data/CHANGELOG.md +20 -1
data/README.md +1 -1
data/bin/setup +2 -0
data/cose.gemspec +1 -1
data/gemfiles/{openssl_head.gemfile → openssl_2_2.gemfile} +1 -1
data/lib/cose/algorithm/ecdsa.rb +12 -2
data/lib/cose/algorithm/signature_algorithm.rb +5 -1
data/lib/cose/algorithm.rb +4 -3
data/lib/cose/key/base.rb +2 -4
data/lib/cose/key/curve.rb +1 -0
data/lib/cose/key/curve_key.rb +2 -4
data/lib/cose/key/ec2.rb +23 -7
data/lib/cose/key/rsa.rb +22 -27
data/lib/cose/version.rb +1 -1
metadata +11 -11
data/.travis.yml +0 -24

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f3fdc6957e5130367c9a1e8ab223b5c145d6caca1c04b01552410ef6d14bc740
-  data.tar.gz: 6849a1803ff3bb2e92bdf90b4226c8d023b07012b7cb18a915b9f816aed2e1dc
+  metadata.gz: 3065ed49e2bb4795f22f0fe132fd1645f7db6062ce7102cf6fde7aeb23859657
+  data.tar.gz: c4dc7b4bab6fd4c2898be067c60ca52b43ca743ee8b1dae5359a1a659a0f8d2c
 SHA512:
-  metadata.gz: cc1093c925a437283fb6b7658bacd6bcd2f8427962dd4f1a5ac9a9a81341a5beaa8f1d21ce40b74372dd86fddf5df1f7702a6790f79d166fd1a5ea8ca359d66a
-  data.tar.gz: 6d11eb89cfc72edaaa9d3533c87f39d509efcff65d7c10070321c39144f91b3ef421bf8dd32b250d621f31fde8a766c98e2c516d8091af802749c707a25ee9d0
+  metadata.gz: ce3922d45c7dfca8cc649e89e775169ade6bc2ea7d5fdad829380452c7337c79989b33c198105fc134e36719bc147324678638c0e5235fd4a5776412c2e9d07f
+  data.tar.gz: ae49b8afa26ee2bf25f90f3052f9cd9cf20f68c12b2541859b80c524e9b0d8a9d9b433dd82f247ade6b2430bff852eb67c83724ee60edf61676b0505096a393d

data/.github/workflows/build.yml ADDED Viewed

@@ -0,0 +1,38 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+name: build
+on: push
+jobs:
+  test:
+    runs-on: ubuntu-20.04
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - 3.0.0
+          - 2.7.2
+          - 2.6.6
+          - 2.5.8
+          - 2.4.10
+        gemfile:
+          - openssl_3_0
+          - openssl_2_2
+          - openssl_2_1
+          - openssl_2_0
+          - openssl_default
+    env:
+      BUNDLE_GEMFILE: gemfiles/${{ matrix.gemfile }}.gemfile
+    steps:
+    - uses: actions/checkout@v2
+    - uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+        bundler-cache: true
+    - run: bundle exec rake

data/Appraisals CHANGED Viewed

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
-appraise "openssl_head" do
-  gem "openssl", git: "https://github.com/ruby/openssl"
+appraise "openssl_2_2" do
+  gem "openssl", "~> 2.2.0"
 end
 appraise "openssl_2_1" do
@@ -12,5 +12,9 @@ appraise "openssl_2_0" do
   gem "openssl", "~> 2.0.0"
 end
+appraise "openssl_3_0" do
+  gem "openssl", "~> 3.0.0"
+end
 appraise "openssl_default" do
 end

data/CHANGELOG.md CHANGED Viewed

@@ -1,12 +1,28 @@
 # Changelog
+## [v1.2.1] - 2022-07-03
+- Support OpenSSL ~>3.0.0. Credits to @ClearlyClaire <3
+## [v1.2.0] - 2020-07-10
+### Added
+- Support ES256K signature algorithm
+## [v1.1.0] - 2020-07-09
+### Dependencies
+- Update `openssl-signature_algorithm` runtime dependency from `~> 0.4.0` to `~> 1.0`.
 ## [v1.0.0] - 2020-03-29
 ### Added
 - Signature verification validates key `alg` is compatible with the signature algorithm
-NOTE: No breaking changes. Moving out of v0.x` to express the intention to keep the public API stable.
+NOTE: No breaking changes. Moving out of `v0.x` to express the intention to keep the public API stable.
 ## [v0.11.0] - 2020-01-30
@@ -123,6 +139,9 @@ NOTE: No breaking changes. Moving out of v0.x` to express the intention to keep
 - EC2 key object
 - Works with ruby 2.5
+[v1.2.0]: https://github.com/cedarcode/cose-ruby/compare/v1.2.0...v1.2.1/
+[v1.2.0]: https://github.com/cedarcode/cose-ruby/compare/v1.1.0...v1.2.0/
+[v1.1.0]: https://github.com/cedarcode/cose-ruby/compare/v1.0.0...v1.1.0/
 [v1.0.0]: https://github.com/cedarcode/cose-ruby/compare/v0.11.0...v1.0.0/
 [v0.11.0]: https://github.com/cedarcode/cose-ruby/compare/v0.10.0...v0.11.0/
 [v0.10.0]: https://github.com/cedarcode/cose-ruby/compare/v0.9.0...v0.10.0/

data/README.md CHANGED Viewed

@@ -3,7 +3,7 @@
 Ruby implementation of RFC [8152](https://tools.ietf.org/html/rfc8152) CBOR Object Signing and Encryption (COSE)
 [![Gem](https://img.shields.io/gem/v/cose.svg?style=flat-square&color=informational)](https://rubygems.org/gems/cose)
-[![Travis](https://img.shields.io/travis/cedarcode/cose-ruby.svg?style=flat-square)](https://travis-ci.org/cedarcode/cose-ruby)
+[![Actions Build](https://github.com/cedarcode/cose-ruby/workflows/build/badge.svg)](https://github.com/cedarcode/cose-ruby/actions)
 ## Installation

data/bin/setup CHANGED Viewed

@@ -3,6 +3,8 @@ set -euo pipefail
 IFS=$'\n\t'
 set -vx
+git submodule update --init --recursive
 bundle install
 # Do any other automated setup that you need to do here

data/cose.gemspec CHANGED Viewed

@@ -32,7 +32,7 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = ">= 2.4"
   spec.add_dependency "cbor", "~> 0.5.9"
-  spec.add_dependency "openssl-signature_algorithm", "~> 0.4.0"
+  spec.add_dependency "openssl-signature_algorithm", "~> 1.0"
   spec.add_development_dependency "appraisal", "~> 2.2.0"
   spec.add_development_dependency "bundler", ">= 1.17", "< 3"

data/gemfiles/{openssl_head.gemfile → openssl_2_2.gemfile} RENAMED Viewed

@@ -2,6 +2,6 @@
 source "https://rubygems.org"
-gem "openssl", git: "https://github.com/ruby/openssl"
+gem "openssl", "~> 2.2.0"
 gemspec path: "../"

data/lib/cose/algorithm/ecdsa.rb CHANGED Viewed

@@ -2,6 +2,7 @@
 require "cose/algorithm/signature_algorithm"
 require "cose/error"
+require "cose/key/curve"
 require "cose/key/ec2"
 require "openssl"
 require "openssl/signature_algorithm/ecdsa"
@@ -9,12 +10,13 @@ require "openssl/signature_algorithm/ecdsa"
 module COSE
   module Algorithm
     class ECDSA < SignatureAlgorithm
-      attr_reader :hash_function
+      attr_reader :hash_function, :curve
-      def initialize(*args, hash_function:)
+      def initialize(*args, hash_function:, curve_name:)
         super(*args)
         @hash_function = hash_function
+        @curve = COSE::Key::Curve.by_name(curve_name) || raise("Couldn't find curve with name='#{curve_name}'")
       end
       private
@@ -29,6 +31,14 @@ module COSE
         OpenSSL::SignatureAlgorithm::ECDSA
       end
+      def signature_algorithm_parameters
+        if curve
+          super.merge(curve: curve.pkey_name)
+        else
+          super
+        end
+      end
       def to_pkey(key)
         case key
         when COSE::Key::EC2

data/lib/cose/algorithm/signature_algorithm.rb CHANGED Viewed

@@ -20,7 +20,7 @@ module COSE
       private
       def valid_signature?(key, signature, verification_data)
-        signature_algorithm = signature_algorithm_class.new(hash_function[3..-1])
+        signature_algorithm = signature_algorithm_class.new(**signature_algorithm_parameters)
         signature_algorithm.verify_key = to_pkey(key)
         begin
@@ -30,6 +30,10 @@ module COSE
         end
       end
+      def signature_algorithm_parameters
+        { hash_function: hash_function }
+      end
       def to_cose_key(key)
         case key
         when COSE::Key::Base

data/lib/cose/algorithm.rb CHANGED Viewed

@@ -26,9 +26,10 @@ module COSE
       @registered_by_name[name]
     end
-    register(ECDSA.new(-7, "ES256", hash_function: "SHA256"))
-    register(ECDSA.new(-35, "ES384", hash_function: "SHA384"))
-    register(ECDSA.new(-36, "ES512", hash_function: "SHA512"))
+    register(ECDSA.new(-7, "ES256", hash_function: "SHA256", curve_name: "P-256"))
+    register(ECDSA.new(-35, "ES384", hash_function: "SHA384", curve_name: "P-384"))
+    register(ECDSA.new(-36, "ES512", hash_function: "SHA512", curve_name: "P-521"))
+    register(ECDSA.new(-47, "ES256K", hash_function: "SHA256", curve_name: "secp256k1"))
     register(RSAPSS.new(-37, "PS256", hash_function: "SHA256", salt_length: 32))
     register(RSAPSS.new(-38, "PS384", hash_function: "SHA384", salt_length: 48))
     register(RSAPSS.new(-39, "PS512", hash_function: "SHA512", salt_length: 64))

data/lib/cose/key/base.rb CHANGED Viewed

@@ -41,14 +41,12 @@ module COSE
       end
       def map
-        map = {
+        {
           LABEL_BASE_IV => base_iv,
           LABEL_KEY_OPS => key_ops,
           LABEL_ALG => alg,
           LABEL_KID => kid,
-        }
-        map.reject { |_k, v| v.nil? }
+        }.compact
       end
     end
   end

data/lib/cose/key/curve.rb CHANGED Viewed

@@ -32,3 +32,4 @@ end
 COSE::Key::Curve.register(1, "P-256", "prime256v1")
 COSE::Key::Curve.register(2, "P-384", "secp384r1")
 COSE::Key::Curve.register(3, "P-521", "secp521r1")
+COSE::Key::Curve.register(8, "secp256k1", "secp256k1")

data/lib/cose/key/curve_key.rb CHANGED Viewed

@@ -35,13 +35,11 @@ module COSE
       end
       def map
-        map = super.merge(
+        super.merge(
           LABEL_CRV => crv,
           LABEL_X => x,
           LABEL_D => d
-        )
-        map.reject { |_k, v| v.nil? }
+        ).compact
       end
     end
   end

data/lib/cose/key/ec2.rb CHANGED Viewed

@@ -59,12 +59,10 @@ module COSE
       end
       def map
-        map = super.merge(
+        super.merge(
           Base::LABEL_KTY => KTY_EC2,
           LABEL_Y => y,
-        )
-        map.reject { |_k, v| v.nil? }
+        ).compact
       end
       def to_pkey
@@ -73,13 +71,31 @@ module COSE
           pkey = OpenSSL::PKey::EC.new(group)
           public_key_bn = OpenSSL::BN.new("\x04" + x + y, 2)
           public_key_point = OpenSSL::PKey::EC::Point.new(group, public_key_bn)
-          pkey.public_key = public_key_point
+          # RFC5480 SubjectPublicKeyInfo
+          asn1 = OpenSSL::ASN1::Sequence([
+            OpenSSL::ASN1::Sequence([
+              OpenSSL::ASN1::ObjectId("id-ecPublicKey"),
+              OpenSSL::ASN1::ObjectId(curve.pkey_name),
+            ]),
+            OpenSSL::ASN1::BitString(public_key_point.to_octet_string(:uncompressed))
+          ])
           if d
-            pkey.private_key = OpenSSL::BN.new(d, 2)
+            # RFC5915 ECPrivateKey
+            asn1 = OpenSSL::ASN1::Sequence([
+              OpenSSL::ASN1::Integer.new(1),
+              # Not properly padded but OpenSSL doesn't mind
+              OpenSSL::ASN1::OctetString(OpenSSL::BN.new(d, 2).to_s(2)),
+              OpenSSL::ASN1::ObjectId(curve.pkey_name, 0, :EXPLICIT),
+              OpenSSL::ASN1::BitString(public_key_point.to_octet_string(:uncompressed), 1, :EXPLICIT),
+            ])
+            der = asn1.to_der
+            return OpenSSL::PKey::EC.new(der)
           end
-          pkey
+          OpenSSL::PKey::EC.new(asn1.to_der)
         else
           raise "Unsupported curve #{crv}"
         end

data/lib/cose/key/rsa.rb CHANGED Viewed

@@ -74,7 +74,7 @@ module COSE
       end
       def map
-        map = super.merge(
+        super.merge(
           Base::LABEL_KTY => KTY_RSA,
           LABEL_N => n,
           LABEL_E => e,
@@ -84,37 +84,32 @@ module COSE
           LABEL_DP => dp,
           LABEL_DQ => dq,
           LABEL_QINV => qinv
-        )
-        map.reject { |_k, v| v.nil? }
+        ).compact
       end
       def to_pkey
-        pkey = OpenSSL::PKey::RSA.new
-        if pkey.respond_to?(:set_key)
-          pkey.set_key(bn(n), bn(e), bn(d))
-        else
-          pkey.n = bn(n)
-          pkey.e = bn(e)
-          pkey.d = bn(d)
-        end
+        # PKCS#1 RSAPublicKey
+        asn1 = OpenSSL::ASN1::Sequence([
+          OpenSSL::ASN1::Integer.new(bn(n)),
+          OpenSSL::ASN1::Integer.new(bn(e)),
+        ])
+        pkey = OpenSSL::PKey::RSA.new(asn1.to_der)
         if private?
-          if pkey.respond_to?(:set_factors)
-            pkey.set_factors(bn(p), bn(q))
-          else
-            pkey.p = bn(p)
-            pkey.q = bn(q)
-          end
-          if pkey.respond_to?(:set_crt_params)
-            pkey.set_crt_params(bn(dp), bn(dq), bn(qinv))
-          else
-            pkey.dmp1 = bn(dp)
-            pkey.dmq1 = bn(dq)
-            pkey.iqmp = bn(qinv)
-          end
+          # PKCS#1 RSAPrivateKey
+          asn1 = OpenSSL::ASN1::Sequence([
+            OpenSSL::ASN1::Integer.new(0),
+            OpenSSL::ASN1::Integer.new(bn(n)),
+            OpenSSL::ASN1::Integer.new(bn(e)),
+            OpenSSL::ASN1::Integer.new(bn(d)),
+            OpenSSL::ASN1::Integer.new(bn(p)),
+            OpenSSL::ASN1::Integer.new(bn(q)),
+            OpenSSL::ASN1::Integer.new(bn(dp)),
+            OpenSSL::ASN1::Integer.new(bn(dq)),
+            OpenSSL::ASN1::Integer.new(bn(qinv)),
+          ])
+          pkey = OpenSSL::PKey::RSA.new(asn1.to_der)
         end
         pkey

data/lib/cose/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module COSE
-  VERSION = "1.0.0"
+  VERSION = "1.2.1"
 end

metadata CHANGED Viewed

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: cose
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.2.1
 platform: ruby
 authors:
 - Gonzalo Rodriguez
 - Braulio Martinez
-autorequire:
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-03-29 00:00:00.000000000 Z
+date: 2022-07-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cbor
@@ -31,14 +31,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.4.0
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.4.0
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: appraisal
   requirement: !ruby/object:Gem::Requirement
@@ -143,7 +143,7 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.4'
-description:
+description:
 email:
 - gonzalo@cedarcode.com
 - braulio@cedarcode.com
@@ -151,11 +151,11 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/build.yml"
 - ".gitignore"
 - ".gitmodules"
 - ".rspec"
 - ".rubocop.yml"
-- ".travis.yml"
 - Appraisals
 - CHANGELOG.md
 - Gemfile
@@ -168,8 +168,8 @@ files:
 - cose.gemspec
 - gemfiles/openssl_2_0.gemfile
 - gemfiles/openssl_2_1.gemfile
+- gemfiles/openssl_2_2.gemfile
 - gemfiles/openssl_default.gemfile
-- gemfiles/openssl_head.gemfile
 - lib/cose.rb
 - lib/cose/algorithm.rb
 - lib/cose/algorithm/base.rb
@@ -204,7 +204,7 @@ metadata:
   bug_tracker_uri: https://github.com/cedarcode/cose-ruby/issues
   changelog_uri: https://github.com/cedarcode/cose-ruby/blob/master/CHANGELOG.md
   source_code_uri: https://github.com/cedarcode/cose-ruby
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -219,8 +219,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key:
+rubygems_version: 3.2.32
+signing_key:
 specification_version: 4
 summary: Ruby implementation of RFC 8152 CBOR Object Signing and Encryption (COSE)
 test_files: []

data/.travis.yml DELETED Viewed

@@ -1,24 +0,0 @@
-dist: bionic
-language: ruby
-cache: bundler
-rvm:
-  - ruby-head
-  - 2.7.0
-  - 2.6.5
-  - 2.5.7
-  - 2.4.9
-gemfile:
-  - gemfiles/openssl_head.gemfile
-  - gemfiles/openssl_2_1.gemfile
-  - gemfiles/openssl_2_0.gemfile
-  - gemfiles/openssl_default.gemfile
-before_install: gem install bundler -v '~> 2.0'
-matrix:
-  fast_finish: true
-  allow_failures:
-    - rvm: ruby-head
-    - gemfile: gemfiles/openssl_head.gemfile