cose 1.0.0 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f3fdc6957e5130367c9a1e8ab223b5c145d6caca1c04b01552410ef6d14bc740
-  data.tar.gz: 6849a1803ff3bb2e92bdf90b4226c8d023b07012b7cb18a915b9f816aed2e1dc
+  metadata.gz: 8a7da6d20b462494510800b95be262f6100a46b0b066c8255de6f1250a41429b
+  data.tar.gz: a758caf5a05445bc36b4c8e2e64f562c181546eb9740d065e48d2c3c5ea22726
 SHA512:
-  metadata.gz: cc1093c925a437283fb6b7658bacd6bcd2f8427962dd4f1a5ac9a9a81341a5beaa8f1d21ce40b74372dd86fddf5df1f7702a6790f79d166fd1a5ea8ca359d66a
-  data.tar.gz: 6d11eb89cfc72edaaa9d3533c87f39d509efcff65d7c10070321c39144f91b3ef421bf8dd32b250d621f31fde8a766c98e2c516d8091af802749c707a25ee9d0
+  metadata.gz: 47e4e46bb5e633a1e0eccb8fc9081411d1ff09439046f8ead15070aa2a2f3329d3b34e9744aa56a13a1cb0e6ff0490abc3148efe8e87d5d9efcaeb0f86fa514b
+  data.tar.gz: 2bc529d8091353b0a90a7b04b8e33d490371bfc87c43149a977cde769234b69e9645d9ca8c5677088a91faef8630806c24435ad304551fe467dba4d0cd421971

data/.github/workflows/build.yml

@@ -0,0 +1,42 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: build
+
+on: push
+
+jobs:
+  test:
+    runs-on: ubuntu-20.04
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - 3.0.0
+          - 2.7.2
+          - 2.6.6
+          - 2.5.8
+          - 2.4.10
+        gemfile:
+          - openssl_3_0
+          - openssl_2_2
+          - openssl_2_1
+          - openssl_default
+        exclude:
+          - ruby: '2.4.10'
+            gemfile: openssl_3_0
+          - ruby: '2.5.8'
+            gemfile: openssl_3_0
+    env:
+      BUNDLE_GEMFILE: gemfiles/${{ matrix.gemfile }}.gemfile
+    steps:
+    - uses: actions/checkout@v2
+    - uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+        bundler-cache: true
+    - run: bundle exec rake

data/Appraisals

@@ -1,15 +1,15 @@
 # frozen_string_literal: true
 
-appraise "openssl_head" do
-  gem "openssl", git: "https://github.com/ruby/openssl"
+appraise "openssl_2_2" do
+  gem "openssl", "~> 2.2.0"
 end
 
 appraise "openssl_2_1" do
   gem "openssl", "~> 2.1.0"
 end
 
-appraise "openssl_2_0" do
-  gem "openssl", "~> 2.0.0"
+appraise "openssl_3_0" do
+  gem "openssl", "~> 3.0.0"
 end
 
 appraise "openssl_default" do

data/CHANGELOG.md

@@ -1,12 +1,32 @@
 # Changelog
 
+## [v1.3.0] - 2022-10-28
+
+- Add support for EdDSA (#55). Credits to @bdewater.
+
+## [v1.2.1] - 2022-07-03
+
+- Support OpenSSL ~>3.0.0. Credits to @ClearlyClaire <3
+
+## [v1.2.0] - 2020-07-10
+
+### Added
+
+- Support ES256K signature algorithm
+
+## [v1.1.0] - 2020-07-09
+
+### Dependencies
+
+- Update `openssl-signature_algorithm` runtime dependency from `~> 0.4.0` to `~> 1.0`.
+
 ## [v1.0.0] - 2020-03-29
 
 ### Added
 
 - Signature verification validates key `alg` is compatible with the signature algorithm
 
-NOTE: No breaking changes. Moving out of v0.x` to express the intention to keep the public API stable.
+NOTE: No breaking changes. Moving out of `v0.x` to express the intention to keep the public API stable.
 
 ## [v0.11.0] - 2020-01-30
 
@@ -123,6 +143,10 @@ NOTE: No breaking changes. Moving out of v0.x` to express the intention to keep
 - EC2 key object
 - Works with ruby 2.5
 
+[v1.3.0]: https://github.com/cedarcode/cose-ruby/compare/v1.2.1...v1.3.0/
+[v1.2.1]: https://github.com/cedarcode/cose-ruby/compare/v1.2.0...v1.2.1/
+[v1.2.0]: https://github.com/cedarcode/cose-ruby/compare/v1.1.0...v1.2.0/
+[v1.1.0]: https://github.com/cedarcode/cose-ruby/compare/v1.0.0...v1.1.0/
 [v1.0.0]: https://github.com/cedarcode/cose-ruby/compare/v0.11.0...v1.0.0/
 [v0.11.0]: https://github.com/cedarcode/cose-ruby/compare/v0.10.0...v0.11.0/
 [v0.10.0]: https://github.com/cedarcode/cose-ruby/compare/v0.9.0...v0.10.0/

data/README.md

@@ -3,7 +3,7 @@
 Ruby implementation of RFC [8152](https://tools.ietf.org/html/rfc8152) CBOR Object Signing and Encryption (COSE)
 
 [![Gem](https://img.shields.io/gem/v/cose.svg?style=flat-square&color=informational)](https://rubygems.org/gems/cose)
-[![Travis](https://img.shields.io/travis/cedarcode/cose-ruby.svg?style=flat-square)](https://travis-ci.org/cedarcode/cose-ruby)
+[![Actions Build](https://github.com/cedarcode/cose-ruby/workflows/build/badge.svg)](https://github.com/cedarcode/cose-ruby/actions)
 
 ## Installation
 

data/bin/setup

@@ -3,6 +3,8 @@ set -euo pipefail
 IFS=$'\n\t'
 set -vx
 
+git submodule update --init --recursive
+
 bundle install
 
 # Do any other automated setup that you need to do here

data/cose.gemspec

@@ -32,7 +32,7 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = ">= 2.4"
 
   spec.add_dependency "cbor", "~> 0.5.9"
-  spec.add_dependency "openssl-signature_algorithm", "~> 0.4.0"
+  spec.add_dependency "openssl-signature_algorithm", "~> 1.0"
 
   spec.add_development_dependency "appraisal", "~> 2.2.0"
   spec.add_development_dependency "bundler", ">= 1.17", "< 3"

data/gemfiles/{openssl_2_0.gemfile → openssl_2_2.gemfile}

@@ -2,6 +2,6 @@
 
 source "https://rubygems.org"
 
-gem "openssl", "~> 2.0.0"
+gem "openssl", "~> 2.2.0"
 
 gemspec path: "../"

data/gemfiles/{openssl_head.gemfile → openssl_3_0.gemfile}

@@ -2,6 +2,6 @@
 
 source "https://rubygems.org"
 
-gem "openssl", git: "https://github.com/ruby/openssl"
+gem "openssl", "~> 3.0.0"
 
 gemspec path: "../"

data/lib/cose/algorithm/ecdsa.rb

@@ -2,6 +2,7 @@
 
 require "cose/algorithm/signature_algorithm"
 require "cose/error"
+require "cose/key/curve"
 require "cose/key/ec2"
 require "openssl"
 require "openssl/signature_algorithm/ecdsa"
@@ -9,12 +10,13 @@ require "openssl/signature_algorithm/ecdsa"
 module COSE
   module Algorithm
     class ECDSA < SignatureAlgorithm
-      attr_reader :hash_function
+      attr_reader :hash_function, :curve
 
-      def initialize(*args, hash_function:)
+      def initialize(*args, hash_function:, curve_name:)
         super(*args)
 
         @hash_function = hash_function
+        @curve = COSE::Key::Curve.by_name(curve_name) || raise("Couldn't find curve with name='#{curve_name}'")
       end
 
       private
@@ -29,6 +31,14 @@ module COSE
         OpenSSL::SignatureAlgorithm::ECDSA
       end
 
+      def signature_algorithm_parameters
+        if curve
+          super.merge(curve: curve.pkey_name)
+        else
+          super
+        end
+      end
+
       def to_pkey(key)
         case key
         when COSE::Key::EC2

data/lib/cose/algorithm/eddsa.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require "cose/algorithm/signature_algorithm"
+require "cose/error"
+require "cose/key/okp"
+require "openssl"
+
+module COSE
+  module Algorithm
+    class EdDSA < SignatureAlgorithm
+      private
+
+      def valid_key?(key)
+        cose_key = to_cose_key(key)
+
+        cose_key.is_a?(COSE::Key::OKP) && (!cose_key.alg || cose_key.alg == id)
+      end
+
+      def to_pkey(key)
+        case key
+        when COSE::Key::OKP
+          key.to_pkey
+        when OpenSSL::PKey::PKey
+          key
+        else
+          raise(COSE::Error, "Incompatible key for algorithm")
+        end
+      end
+
+      def valid_signature?(key, signature, verification_data)
+        pkey = to_pkey(key)
+
+        begin
+          pkey.verify(nil, signature, verification_data)
+        rescue OpenSSL::PKey::PKeyError
+          false
+        end
+      end
+    end
+  end
+end

data/lib/cose/algorithm/signature_algorithm.rb

@@ -20,7 +20,7 @@ module COSE
       private
 
       def valid_signature?(key, signature, verification_data)
-        signature_algorithm = signature_algorithm_class.new(hash_function[3..-1])
+        signature_algorithm = signature_algorithm_class.new(**signature_algorithm_parameters)
         signature_algorithm.verify_key = to_pkey(key)
 
         begin
@@ -30,6 +30,10 @@ module COSE
         end
       end
 
+      def signature_algorithm_parameters
+        { hash_function: hash_function }
+      end
+
       def to_cose_key(key)
         case key
         when COSE::Key::Base

data/lib/cose/algorithm.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require "cose/algorithm/ecdsa"
+require "cose/algorithm/eddsa"
 require "cose/algorithm/hmac"
 require "cose/algorithm/rsa_pss"
 
@@ -26,9 +27,11 @@ module COSE
       @registered_by_name[name]
     end
 
-    register(ECDSA.new(-7, "ES256", hash_function: "SHA256"))
-    register(ECDSA.new(-35, "ES384", hash_function: "SHA384"))
-    register(ECDSA.new(-36, "ES512", hash_function: "SHA512"))
+    register(ECDSA.new(-7, "ES256", hash_function: "SHA256", curve_name: "P-256"))
+    register(ECDSA.new(-35, "ES384", hash_function: "SHA384", curve_name: "P-384"))
+    register(ECDSA.new(-36, "ES512", hash_function: "SHA512", curve_name: "P-521"))
+    register(ECDSA.new(-47, "ES256K", hash_function: "SHA256", curve_name: "secp256k1"))
+    register(EdDSA.new(-8, "EdDSA"))
     register(RSAPSS.new(-37, "PS256", hash_function: "SHA256", salt_length: 32))
     register(RSAPSS.new(-38, "PS384", hash_function: "SHA384", salt_length: 48))
     register(RSAPSS.new(-39, "PS512", hash_function: "SHA512", salt_length: 64))

data/lib/cose/key/base.rb

@@ -41,14 +41,12 @@ module COSE
       end
 
       def map
-        map = {
+        {
           LABEL_BASE_IV => base_iv,
           LABEL_KEY_OPS => key_ops,
           LABEL_ALG => alg,
           LABEL_KID => kid,
-        }
-
-        map.reject { |_k, v| v.nil? }
+        }.compact
       end
     end
   end

data/lib/cose/key/curve.rb

@@ -32,3 +32,6 @@ end
 COSE::Key::Curve.register(1, "P-256", "prime256v1")
 COSE::Key::Curve.register(2, "P-384", "secp384r1")
 COSE::Key::Curve.register(3, "P-521", "secp521r1")
+COSE::Key::Curve.register(6, "Ed25519", "ED25519")
+COSE::Key::Curve.register(7, "Ed448", "ED448")
+COSE::Key::Curve.register(8, "secp256k1", "secp256k1")

data/lib/cose/key/curve_key.rb

@@ -35,13 +35,11 @@ module COSE
       end
 
       def map
-        map = super.merge(
+        super.merge(
           LABEL_CRV => crv,
           LABEL_X => x,
           LABEL_D => d
-        )
-
-        map.reject { |_k, v| v.nil? }
+        ).compact
       end
     end
   end

data/lib/cose/key/ec2.rb

@@ -59,27 +59,48 @@ module COSE
       end
 
       def map
-        map = super.merge(
+        super.merge(
           Base::LABEL_KTY => KTY_EC2,
           LABEL_Y => y,
-        )
-
-        map.reject { |_k, v| v.nil? }
+        ).compact
       end
 
       def to_pkey
         if curve
           group = OpenSSL::PKey::EC::Group.new(curve.pkey_name)
-          pkey = OpenSSL::PKey::EC.new(group)
           public_key_bn = OpenSSL::BN.new("\x04" + x + y, 2)
           public_key_point = OpenSSL::PKey::EC::Point.new(group, public_key_bn)
-          pkey.public_key = public_key_point
+
+          # RFC5480 SubjectPublicKeyInfo
+          asn1 = OpenSSL::ASN1::Sequence(
+            [
+              OpenSSL::ASN1::Sequence(
+                [
+                  OpenSSL::ASN1::ObjectId("id-ecPublicKey"),
+                  OpenSSL::ASN1::ObjectId(curve.pkey_name),
+                ]
+              ),
+              OpenSSL::ASN1::BitString(public_key_point.to_octet_string(:uncompressed))
+            ]
+          )
 
           if d
-            pkey.private_key = OpenSSL::BN.new(d, 2)
+            # RFC5915 ECPrivateKey
+            asn1 = OpenSSL::ASN1::Sequence(
+              [
+                OpenSSL::ASN1::Integer.new(1),
+                # Not properly padded but OpenSSL doesn't mind
+                OpenSSL::ASN1::OctetString(OpenSSL::BN.new(d, 2).to_s(2)),
+                OpenSSL::ASN1::ObjectId(curve.pkey_name, 0, :EXPLICIT),
+                OpenSSL::ASN1::BitString(public_key_point.to_octet_string(:uncompressed), 1, :EXPLICIT),
+              ]
+            )
+
+            der = asn1.to_der
+            return OpenSSL::PKey::EC.new(der)
           end
 
-          pkey
+          OpenSSL::PKey::EC.new(asn1.to_der)
         else
           raise "Unsupported curve #{crv}"
         end

data/lib/cose/key/okp.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require "cose/key/curve"
 require "cose/key/curve_key"
 require "openssl"
 
@@ -14,9 +15,56 @@ module COSE
         end
       end
 
+      def self.from_pkey(pkey)
+        curve = Curve.by_pkey_name(pkey.oid) || raise("Unsupported edwards curve #{pkey.oid}")
+        attributes = { crv: curve.id }
+
+        asymmetric_key = pkey.public_to_der
+        public_key_bit_string = OpenSSL::ASN1.decode(asymmetric_key).value.last.value
+        attributes[:x] = public_key_bit_string
+        begin
+          asymmetric_key = pkey.private_to_der
+          private_key = OpenSSL::ASN1.decode(asymmetric_key).value.last.value
+          curve_private_key = OpenSSL::ASN1.decode(private_key).value
+          attributes[:d] = curve_private_key
+        rescue OpenSSL::PKey::PKeyError
+          # work around lack of https://github.com/ruby/openssl/pull/527, otherwise raises this error
+          # with message 'i2d_PKCS8PrivateKey_bio: error converting private key' for public keys
+          nil
+        end
+
+        new(**attributes)
+      end
+
       def map
         super.merge(LABEL_KTY => KTY_OKP)
       end
+
+      def to_pkey
+        if curve
+          private_key_algo = OpenSSL::ASN1::Sequence.new(
+            [OpenSSL::ASN1::ObjectId.new(curve.pkey_name)]
+          )
+          seq = if d
+                  version = OpenSSL::ASN1::Integer.new(0)
+                  curve_private_key = OpenSSL::ASN1::OctetString.new(d).to_der
+                  private_key = OpenSSL::ASN1::OctetString.new(curve_private_key)
+                  [version, private_key_algo, private_key]
+                else
+                  public_key = OpenSSL::ASN1::BitString.new(x)
+                  [private_key_algo, public_key]
+                end
+
+          asymmetric_key = OpenSSL::ASN1::Sequence.new(seq)
+          OpenSSL::PKey.read(asymmetric_key.to_der)
+        else
+          raise "Unsupported curve #{crv}"
+        end
+      end
+
+      def curve
+        Curve.find(crv)
+      end
     end
   end
 end

data/lib/cose/key/rsa.rb

@@ -74,7 +74,7 @@ module COSE
       end
 
       def map
-        map = super.merge(
+        super.merge(
           Base::LABEL_KTY => KTY_RSA,
           LABEL_N => n,
           LABEL_E => e,
@@ -84,37 +84,36 @@ module COSE
           LABEL_DP => dp,
           LABEL_DQ => dq,
           LABEL_QINV => qinv
-        )
-
-        map.reject { |_k, v| v.nil? }
+        ).compact
       end
 
       def to_pkey
-        pkey = OpenSSL::PKey::RSA.new
-
-        if pkey.respond_to?(:set_key)
-          pkey.set_key(bn(n), bn(e), bn(d))
-        else
-          pkey.n = bn(n)
-          pkey.e = bn(e)
-          pkey.d = bn(d)
-        end
+        # PKCS#1 RSAPublicKey
+        asn1 = OpenSSL::ASN1::Sequence(
+          [
+            OpenSSL::ASN1::Integer.new(bn(n)),
+            OpenSSL::ASN1::Integer.new(bn(e)),
+          ]
+        )
+        pkey = OpenSSL::PKey::RSA.new(asn1.to_der)
 
         if private?
-          if pkey.respond_to?(:set_factors)
-            pkey.set_factors(bn(p), bn(q))
-          else
-            pkey.p = bn(p)
-            pkey.q = bn(q)
-          end
+          # PKCS#1 RSAPrivateKey
+          asn1 = OpenSSL::ASN1::Sequence(
+            [
+              OpenSSL::ASN1::Integer.new(0),
+              OpenSSL::ASN1::Integer.new(bn(n)),
+              OpenSSL::ASN1::Integer.new(bn(e)),
+              OpenSSL::ASN1::Integer.new(bn(d)),
+              OpenSSL::ASN1::Integer.new(bn(p)),
+              OpenSSL::ASN1::Integer.new(bn(q)),
+              OpenSSL::ASN1::Integer.new(bn(dp)),
+              OpenSSL::ASN1::Integer.new(bn(dq)),
+              OpenSSL::ASN1::Integer.new(bn(qinv)),
+            ]
+          )
 
-          if pkey.respond_to?(:set_crt_params)
-            pkey.set_crt_params(bn(dp), bn(dq), bn(qinv))
-          else
-            pkey.dmp1 = bn(dp)
-            pkey.dmq1 = bn(dq)
-            pkey.iqmp = bn(qinv)
-          end
+          pkey = OpenSSL::PKey::RSA.new(asn1.to_der)
         end
 
         pkey

data/lib/cose/key.rb

@@ -24,6 +24,8 @@ module COSE
         COSE::Key::EC2.from_pkey(pkey)
       when OpenSSL::PKey::RSA
         COSE::Key::RSA.from_pkey(pkey)
+      when OpenSSL::PKey::PKey
+        COSE::Key::OKP.from_pkey(pkey)
       else
         raise "Unsupported #{pkey.class} object"
       end

data/lib/cose/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module COSE
-  VERSION = "1.0.0"
+  VERSION = "1.3.0"
 end

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: cose
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Gonzalo Rodriguez
 - Braulio Martinez
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-03-29 00:00:00.000000000 Z
+date: 2022-10-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cbor
@@ -31,14 +31,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.4.0
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.4.0
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: appraisal
   requirement: !ruby/object:Gem::Requirement
@@ -143,7 +143,7 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.4'
-description: 
+description:
 email:
 - gonzalo@cedarcode.com
 - braulio@cedarcode.com
@@ -151,11 +151,11 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/build.yml"
 - ".gitignore"
 - ".gitmodules"
 - ".rspec"
 - ".rubocop.yml"
-- ".travis.yml"
 - Appraisals
 - CHANGELOG.md
 - Gemfile
@@ -166,14 +166,15 @@ files:
 - bin/console
 - bin/setup
 - cose.gemspec
-- gemfiles/openssl_2_0.gemfile
 - gemfiles/openssl_2_1.gemfile
+- gemfiles/openssl_2_2.gemfile
+- gemfiles/openssl_3_0.gemfile
 - gemfiles/openssl_default.gemfile
-- gemfiles/openssl_head.gemfile
 - lib/cose.rb
 - lib/cose/algorithm.rb
 - lib/cose/algorithm/base.rb
 - lib/cose/algorithm/ecdsa.rb
+- lib/cose/algorithm/eddsa.rb
 - lib/cose/algorithm/hmac.rb
 - lib/cose/algorithm/rsa_pss.rb
 - lib/cose/algorithm/signature_algorithm.rb
@@ -204,7 +205,7 @@ metadata:
   bug_tracker_uri: https://github.com/cedarcode/cose-ruby/issues
   changelog_uri: https://github.com/cedarcode/cose-ruby/blob/master/CHANGELOG.md
   source_code_uri: https://github.com/cedarcode/cose-ruby
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -219,8 +220,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 3.2.32
+signing_key:
 specification_version: 4
 summary: Ruby implementation of RFC 8152 CBOR Object Signing and Encryption (COSE)
 test_files: []

data/.travis.yml

@@ -1,24 +0,0 @@
-dist: bionic
-language: ruby
-cache: bundler
-
-rvm:
-  - ruby-head
-  - 2.7.0
-  - 2.6.5
-  - 2.5.7
-  - 2.4.9
-
-gemfile:
-  - gemfiles/openssl_head.gemfile
-  - gemfiles/openssl_2_1.gemfile
-  - gemfiles/openssl_2_0.gemfile
-  - gemfiles/openssl_default.gemfile
-
-before_install: gem install bundler -v '~> 2.0'
-
-matrix:
-  fast_finish: true
-  allow_failures:
-    - rvm: ruby-head
-    - gemfile: gemfiles/openssl_head.gemfile