RubyGems - cose - Versions diffs - 1.2.0 → 1.3.0 - Mend

cose 1.2.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

checksums.yaml +4 -4
data/.github/workflows/build.yml +42 -0
data/Appraisals +2 -6
data/CHANGELOG.md +10 -0
data/README.md +1 -1
data/gemfiles/{openssl_2_0.gemfile → openssl_3_0.gemfile} +1 -1
data/lib/cose/algorithm/eddsa.rb +41 -0
data/lib/cose/algorithm.rb +2 -0
data/lib/cose/key/curve.rb +2 -0
data/lib/cose/key/ec2.rb +27 -4
data/lib/cose/key/okp.rb +48 -0
data/lib/cose/key/rsa.rb +23 -22
data/lib/cose/key.rb +2 -0
data/lib/cose/version.rb +1 -1
metadata +10 -10
data/.travis.yml +0 -25
data/gemfiles/openssl_head.gemfile +0 -7

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a9bd8e1fa2c7e0f08d903f81ec2303a60a2377e6ba63c548b0c7f72d1c3197ee
-  data.tar.gz: ccf797d8600edc7020c9248db5bfc60ffdfd7c07f11f7c39cad172116176430e
+  metadata.gz: 8a7da6d20b462494510800b95be262f6100a46b0b066c8255de6f1250a41429b
+  data.tar.gz: a758caf5a05445bc36b4c8e2e64f562c181546eb9740d065e48d2c3c5ea22726
 SHA512:
-  metadata.gz: 5f27deece5637039eb3fd8ce9a8d33baf99c31fab75036462e40d599c4e0df789cf6f5ada85fcd4df75ebfddef91faa49132b0f08486f2e322e731cf2e217808
-  data.tar.gz: 6eebcecddf4fc55ce1b8f7f219d9dc8bd37f1e01a18a4e3877b47b84398de883cae204d6013349e409836111b82c254a6374e9b104e552c4339ad7a94153df4b
+  metadata.gz: 47e4e46bb5e633a1e0eccb8fc9081411d1ff09439046f8ead15070aa2a2f3329d3b34e9744aa56a13a1cb0e6ff0490abc3148efe8e87d5d9efcaeb0f86fa514b
+  data.tar.gz: 2bc529d8091353b0a90a7b04b8e33d490371bfc87c43149a977cde769234b69e9645d9ca8c5677088a91faef8630806c24435ad304551fe467dba4d0cd421971

data/.github/workflows/build.yml ADDED Viewed

@@ -0,0 +1,42 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+name: build
+on: push
+jobs:
+  test:
+    runs-on: ubuntu-20.04
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - 3.0.0
+          - 2.7.2
+          - 2.6.6
+          - 2.5.8
+          - 2.4.10
+        gemfile:
+          - openssl_3_0
+          - openssl_2_2
+          - openssl_2_1
+          - openssl_default
+        exclude:
+          - ruby: '2.4.10'
+            gemfile: openssl_3_0
+          - ruby: '2.5.8'
+            gemfile: openssl_3_0
+    env:
+      BUNDLE_GEMFILE: gemfiles/${{ matrix.gemfile }}.gemfile
+    steps:
+    - uses: actions/checkout@v2
+    - uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+        bundler-cache: true
+    - run: bundle exec rake

data/Appraisals CHANGED Viewed

@@ -1,9 +1,5 @@
 # frozen_string_literal: true
-appraise "openssl_head" do
-  gem "openssl", git: "https://github.com/ruby/openssl"
-end
 appraise "openssl_2_2" do
   gem "openssl", "~> 2.2.0"
 end
@@ -12,8 +8,8 @@ appraise "openssl_2_1" do
   gem "openssl", "~> 2.1.0"
 end
-appraise "openssl_2_0" do
-  gem "openssl", "~> 2.0.0"
+appraise "openssl_3_0" do
+  gem "openssl", "~> 3.0.0"
 end
 appraise "openssl_default" do

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,13 @@
 # Changelog
+## [v1.3.0] - 2022-10-28
+- Add support for EdDSA (#55). Credits to @bdewater.
+## [v1.2.1] - 2022-07-03
+- Support OpenSSL ~>3.0.0. Credits to @ClearlyClaire <3
 ## [v1.2.0] - 2020-07-10
 ### Added
@@ -135,6 +143,8 @@ NOTE: No breaking changes. Moving out of `v0.x` to express the intention to keep
 - EC2 key object
 - Works with ruby 2.5
+[v1.3.0]: https://github.com/cedarcode/cose-ruby/compare/v1.2.1...v1.3.0/
+[v1.2.1]: https://github.com/cedarcode/cose-ruby/compare/v1.2.0...v1.2.1/
 [v1.2.0]: https://github.com/cedarcode/cose-ruby/compare/v1.1.0...v1.2.0/
 [v1.1.0]: https://github.com/cedarcode/cose-ruby/compare/v1.0.0...v1.1.0/
 [v1.0.0]: https://github.com/cedarcode/cose-ruby/compare/v0.11.0...v1.0.0/

data/README.md CHANGED Viewed

@@ -3,7 +3,7 @@
 Ruby implementation of RFC [8152](https://tools.ietf.org/html/rfc8152) CBOR Object Signing and Encryption (COSE)
 [![Gem](https://img.shields.io/gem/v/cose.svg?style=flat-square&color=informational)](https://rubygems.org/gems/cose)
-[![Travis](https://img.shields.io/travis/cedarcode/cose-ruby.svg?style=flat-square)](https://travis-ci.org/cedarcode/cose-ruby)
+[![Actions Build](https://github.com/cedarcode/cose-ruby/workflows/build/badge.svg)](https://github.com/cedarcode/cose-ruby/actions)
 ## Installation

data/gemfiles/{openssl_2_0.gemfile → openssl_3_0.gemfile} RENAMED Viewed

@@ -2,6 +2,6 @@
 source "https://rubygems.org"
-gem "openssl", "~> 2.0.0"
+gem "openssl", "~> 3.0.0"
 gemspec path: "../"

data/lib/cose/algorithm/eddsa.rb ADDED Viewed

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+require "cose/algorithm/signature_algorithm"
+require "cose/error"
+require "cose/key/okp"
+require "openssl"
+module COSE
+  module Algorithm
+    class EdDSA < SignatureAlgorithm
+      private
+      def valid_key?(key)
+        cose_key = to_cose_key(key)
+        cose_key.is_a?(COSE::Key::OKP) && (!cose_key.alg || cose_key.alg == id)
+      end
+      def to_pkey(key)
+        case key
+        when COSE::Key::OKP
+          key.to_pkey
+        when OpenSSL::PKey::PKey
+          key
+        else
+          raise(COSE::Error, "Incompatible key for algorithm")
+        end
+      end
+      def valid_signature?(key, signature, verification_data)
+        pkey = to_pkey(key)
+        begin
+          pkey.verify(nil, signature, verification_data)
+        rescue OpenSSL::PKey::PKeyError
+          false
+        end
+      end
+    end
+  end
+end

data/lib/cose/algorithm.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 require "cose/algorithm/ecdsa"
+require "cose/algorithm/eddsa"
 require "cose/algorithm/hmac"
 require "cose/algorithm/rsa_pss"
@@ -30,6 +31,7 @@ module COSE
     register(ECDSA.new(-35, "ES384", hash_function: "SHA384", curve_name: "P-384"))
     register(ECDSA.new(-36, "ES512", hash_function: "SHA512", curve_name: "P-521"))
     register(ECDSA.new(-47, "ES256K", hash_function: "SHA256", curve_name: "secp256k1"))
+    register(EdDSA.new(-8, "EdDSA"))
     register(RSAPSS.new(-37, "PS256", hash_function: "SHA256", salt_length: 32))
     register(RSAPSS.new(-38, "PS384", hash_function: "SHA384", salt_length: 48))
     register(RSAPSS.new(-39, "PS512", hash_function: "SHA512", salt_length: 64))

data/lib/cose/key/curve.rb CHANGED Viewed

@@ -32,4 +32,6 @@ end
 COSE::Key::Curve.register(1, "P-256", "prime256v1")
 COSE::Key::Curve.register(2, "P-384", "secp384r1")
 COSE::Key::Curve.register(3, "P-521", "secp521r1")
+COSE::Key::Curve.register(6, "Ed25519", "ED25519")
+COSE::Key::Curve.register(7, "Ed448", "ED448")
 COSE::Key::Curve.register(8, "secp256k1", "secp256k1")

data/lib/cose/key/ec2.rb CHANGED Viewed

@@ -68,16 +68,39 @@ module COSE
       def to_pkey
         if curve
           group = OpenSSL::PKey::EC::Group.new(curve.pkey_name)
-          pkey = OpenSSL::PKey::EC.new(group)
           public_key_bn = OpenSSL::BN.new("\x04" + x + y, 2)
           public_key_point = OpenSSL::PKey::EC::Point.new(group, public_key_bn)
-          pkey.public_key = public_key_point
+          # RFC5480 SubjectPublicKeyInfo
+          asn1 = OpenSSL::ASN1::Sequence(
+            [
+              OpenSSL::ASN1::Sequence(
+                [
+                  OpenSSL::ASN1::ObjectId("id-ecPublicKey"),
+                  OpenSSL::ASN1::ObjectId(curve.pkey_name),
+                ]
+              ),
+              OpenSSL::ASN1::BitString(public_key_point.to_octet_string(:uncompressed))
+            ]
+          )
           if d
-            pkey.private_key = OpenSSL::BN.new(d, 2)
+            # RFC5915 ECPrivateKey
+            asn1 = OpenSSL::ASN1::Sequence(
+              [
+                OpenSSL::ASN1::Integer.new(1),
+                # Not properly padded but OpenSSL doesn't mind
+                OpenSSL::ASN1::OctetString(OpenSSL::BN.new(d, 2).to_s(2)),
+                OpenSSL::ASN1::ObjectId(curve.pkey_name, 0, :EXPLICIT),
+                OpenSSL::ASN1::BitString(public_key_point.to_octet_string(:uncompressed), 1, :EXPLICIT),
+              ]
+            )
+            der = asn1.to_der
+            return OpenSSL::PKey::EC.new(der)
           end
-          pkey
+          OpenSSL::PKey::EC.new(asn1.to_der)
         else
           raise "Unsupported curve #{crv}"
         end

data/lib/cose/key/okp.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
+require "cose/key/curve"
 require "cose/key/curve_key"
 require "openssl"
@@ -14,9 +15,56 @@ module COSE
         end
       end
+      def self.from_pkey(pkey)
+        curve = Curve.by_pkey_name(pkey.oid) || raise("Unsupported edwards curve #{pkey.oid}")
+        attributes = { crv: curve.id }
+        asymmetric_key = pkey.public_to_der
+        public_key_bit_string = OpenSSL::ASN1.decode(asymmetric_key).value.last.value
+        attributes[:x] = public_key_bit_string
+        begin
+          asymmetric_key = pkey.private_to_der
+          private_key = OpenSSL::ASN1.decode(asymmetric_key).value.last.value
+          curve_private_key = OpenSSL::ASN1.decode(private_key).value
+          attributes[:d] = curve_private_key
+        rescue OpenSSL::PKey::PKeyError
+          # work around lack of https://github.com/ruby/openssl/pull/527, otherwise raises this error
+          # with message 'i2d_PKCS8PrivateKey_bio: error converting private key' for public keys
+          nil
+        end
+        new(**attributes)
+      end
       def map
         super.merge(LABEL_KTY => KTY_OKP)
       end
+      def to_pkey
+        if curve
+          private_key_algo = OpenSSL::ASN1::Sequence.new(
+            [OpenSSL::ASN1::ObjectId.new(curve.pkey_name)]
+          )
+          seq = if d
+                  version = OpenSSL::ASN1::Integer.new(0)
+                  curve_private_key = OpenSSL::ASN1::OctetString.new(d).to_der
+                  private_key = OpenSSL::ASN1::OctetString.new(curve_private_key)
+                  [version, private_key_algo, private_key]
+                else
+                  public_key = OpenSSL::ASN1::BitString.new(x)
+                  [private_key_algo, public_key]
+                end
+          asymmetric_key = OpenSSL::ASN1::Sequence.new(seq)
+          OpenSSL::PKey.read(asymmetric_key.to_der)
+        else
+          raise "Unsupported curve #{crv}"
+        end
+      end
+      def curve
+        Curve.find(crv)
+      end
     end
   end
 end

data/lib/cose/key/rsa.rb CHANGED Viewed

@@ -88,31 +88,32 @@ module COSE
       end
       def to_pkey
-        pkey = OpenSSL::PKey::RSA.new
-        if pkey.respond_to?(:set_key)
-          pkey.set_key(bn(n), bn(e), bn(d))
-        else
-          pkey.n = bn(n)
-          pkey.e = bn(e)
-          pkey.d = bn(d)
-        end
+        # PKCS#1 RSAPublicKey
+        asn1 = OpenSSL::ASN1::Sequence(
+          [
+            OpenSSL::ASN1::Integer.new(bn(n)),
+            OpenSSL::ASN1::Integer.new(bn(e)),
+          ]
+        )
+        pkey = OpenSSL::PKey::RSA.new(asn1.to_der)
         if private?
-          if pkey.respond_to?(:set_factors)
-            pkey.set_factors(bn(p), bn(q))
-          else
-            pkey.p = bn(p)
-            pkey.q = bn(q)
-          end
+          # PKCS#1 RSAPrivateKey
+          asn1 = OpenSSL::ASN1::Sequence(
+            [
+              OpenSSL::ASN1::Integer.new(0),
+              OpenSSL::ASN1::Integer.new(bn(n)),
+              OpenSSL::ASN1::Integer.new(bn(e)),
+              OpenSSL::ASN1::Integer.new(bn(d)),
+              OpenSSL::ASN1::Integer.new(bn(p)),
+              OpenSSL::ASN1::Integer.new(bn(q)),
+              OpenSSL::ASN1::Integer.new(bn(dp)),
+              OpenSSL::ASN1::Integer.new(bn(dq)),
+              OpenSSL::ASN1::Integer.new(bn(qinv)),
+            ]
+          )
-          if pkey.respond_to?(:set_crt_params)
-            pkey.set_crt_params(bn(dp), bn(dq), bn(qinv))
-          else
-            pkey.dmp1 = bn(dp)
-            pkey.dmq1 = bn(dq)
-            pkey.iqmp = bn(qinv)
-          end
+          pkey = OpenSSL::PKey::RSA.new(asn1.to_der)
         end
         pkey

data/lib/cose/key.rb CHANGED Viewed

@@ -24,6 +24,8 @@ module COSE
         COSE::Key::EC2.from_pkey(pkey)
       when OpenSSL::PKey::RSA
         COSE::Key::RSA.from_pkey(pkey)
+      when OpenSSL::PKey::PKey
+        COSE::Key::OKP.from_pkey(pkey)
       else
         raise "Unsupported #{pkey.class} object"
       end

data/lib/cose/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module COSE
-  VERSION = "1.2.0"
+  VERSION = "1.3.0"
 end

metadata CHANGED Viewed

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: cose
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Gonzalo Rodriguez
 - Braulio Martinez
-autorequire:
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-07-10 00:00:00.000000000 Z
+date: 2022-10-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cbor
@@ -143,7 +143,7 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.4'
-description:
+description:
 email:
 - gonzalo@cedarcode.com
 - braulio@cedarcode.com
@@ -151,11 +151,11 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/build.yml"
 - ".gitignore"
 - ".gitmodules"
 - ".rspec"
 - ".rubocop.yml"
-- ".travis.yml"
 - Appraisals
 - CHANGELOG.md
 - Gemfile
@@ -166,15 +166,15 @@ files:
 - bin/console
 - bin/setup
 - cose.gemspec
-- gemfiles/openssl_2_0.gemfile
 - gemfiles/openssl_2_1.gemfile
 - gemfiles/openssl_2_2.gemfile
+- gemfiles/openssl_3_0.gemfile
 - gemfiles/openssl_default.gemfile
-- gemfiles/openssl_head.gemfile
 - lib/cose.rb
 - lib/cose/algorithm.rb
 - lib/cose/algorithm/base.rb
 - lib/cose/algorithm/ecdsa.rb
+- lib/cose/algorithm/eddsa.rb
 - lib/cose/algorithm/hmac.rb
 - lib/cose/algorithm/rsa_pss.rb
 - lib/cose/algorithm/signature_algorithm.rb
@@ -205,7 +205,7 @@ metadata:
   bug_tracker_uri: https://github.com/cedarcode/cose-ruby/issues
   changelog_uri: https://github.com/cedarcode/cose-ruby/blob/master/CHANGELOG.md
   source_code_uri: https://github.com/cedarcode/cose-ruby
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -220,8 +220,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key:
+rubygems_version: 3.2.32
+signing_key:
 specification_version: 4
 summary: Ruby implementation of RFC 8152 CBOR Object Signing and Encryption (COSE)
 test_files: []

data/.travis.yml DELETED Viewed

@@ -1,25 +0,0 @@
-dist: bionic
-language: ruby
-cache: bundler
-rvm:
-  - ruby-head
-  - 2.7.1
-  - 2.6.6
-  - 2.5.8
-  - 2.4.10
-gemfile:
-  - gemfiles/openssl_head.gemfile
-  - gemfiles/openssl_2_2.gemfile
-  - gemfiles/openssl_2_1.gemfile
-  - gemfiles/openssl_2_0.gemfile
-  - gemfiles/openssl_default.gemfile
-before_install: gem install bundler -v '~> 2.0'
-matrix:
-  fast_finish: true
-  allow_failures:
-    - rvm: ruby-head
-    - gemfile: gemfiles/openssl_head.gemfile

data/gemfiles/openssl_head.gemfile DELETED Viewed

@@ -1,7 +0,0 @@
-# This file was generated by Appraisal
-source "https://rubygems.org"
-gem "openssl", git: "https://github.com/ruby/openssl"
-gemspec path: "../"