cose 0.11.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1e9fc90b31beed1be2df01a443242f9ec5a7fdebb05ef995d067777e330be73b
4
- data.tar.gz: 99264ff526cfb7d4bfd058ef0ffdd44cc65449fddc0eae35a89eb9520a4bd173
3
+ metadata.gz: f3fdc6957e5130367c9a1e8ab223b5c145d6caca1c04b01552410ef6d14bc740
4
+ data.tar.gz: 6849a1803ff3bb2e92bdf90b4226c8d023b07012b7cb18a915b9f816aed2e1dc
5
5
  SHA512:
6
- metadata.gz: a75f55dfd35bc92435032765b7f69127b1c832c5ffe5d96626f86c159689c4b04bbfd07fe95785d522cdb201a48de2ff129b3af2c0e11623381bdd10ff42fef9
7
- data.tar.gz: e3f98bc5c363da8e812fa3ba1e75175c2a0136679a929b96e1b8b353fcbbc1a60fd1fbcc50083a3e5e24378bcc66054b440baaaa472f66def24f260a1f550db2
6
+ metadata.gz: cc1093c925a437283fb6b7658bacd6bcd2f8427962dd4f1a5ac9a9a81341a5beaa8f1d21ce40b74372dd86fddf5df1f7702a6790f79d166fd1a5ea8ca359d66a
7
+ data.tar.gz: 6d11eb89cfc72edaaa9d3533c87f39d509efcff65d7c10070321c39144f91b3ef421bf8dd32b250d621f31fde8a766c98e2c516d8091af802749c707a25ee9d0
data/.rspec CHANGED
@@ -1,3 +1,3 @@
1
- --format documentation
2
1
  --color
3
2
  --require spec_helper
3
+ --order random
@@ -20,13 +20,12 @@ Gemspec:
20
20
  Layout:
21
21
  Enabled: true
22
22
 
23
+ Layout/LineLength:
24
+ Max: 120
25
+
23
26
  Lint:
24
27
  Enabled: true
25
28
 
26
- Metrics/LineLength:
27
- Max: 120
28
- IgnoreCopDirectives: true
29
-
30
29
  Naming:
31
30
  Enabled: true
32
31
 
@@ -1,5 +1,13 @@
1
1
  # Changelog
2
2
 
3
+ ## [v1.0.0] - 2020-03-29
4
+
5
+ ### Added
6
+
7
+ - Signature verification validates key `alg` is compatible with the signature algorithm
8
+
9
+ NOTE: No breaking changes. Moving out of v0.x` to express the intention to keep the public API stable.
10
+
3
11
  ## [v0.11.0] - 2020-01-30
4
12
 
5
13
  ### Added
@@ -115,6 +123,7 @@
115
123
  - EC2 key object
116
124
  - Works with ruby 2.5
117
125
 
126
+ [v1.0.0]: https://github.com/cedarcode/cose-ruby/compare/v0.11.0...v1.0.0/
118
127
  [v0.11.0]: https://github.com/cedarcode/cose-ruby/compare/v0.10.0...v0.11.0/
119
128
  [v0.10.0]: https://github.com/cedarcode/cose-ruby/compare/v0.9.0...v0.10.0/
120
129
  [v0.9.0]: https://github.com/cedarcode/cose-ruby/compare/v0.8.0...v0.9.0/
data/README.md CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  Ruby implementation of RFC [8152](https://tools.ietf.org/html/rfc8152) CBOR Object Signing and Encryption (COSE)
4
4
 
5
- [![Gem](https://img.shields.io/gem/v/cose.svg?style=flat-square)](https://rubygems.org/gems/cose)
5
+ [![Gem](https://img.shields.io/gem/v/cose.svg?style=flat-square&color=informational)](https://rubygems.org/gems/cose)
6
6
  [![Travis](https://img.shields.io/travis/cedarcode/cose-ruby.svg?style=flat-square)](https://travis-ci.org/cedarcode/cose-ruby)
7
7
 
8
8
  ## Installation
@@ -32,13 +32,13 @@ Gem::Specification.new do |spec|
32
32
  spec.required_ruby_version = ">= 2.4"
33
33
 
34
34
  spec.add_dependency "cbor", "~> 0.5.9"
35
- spec.add_dependency "openssl-signature_algorithm", "~> 0.3.0"
35
+ spec.add_dependency "openssl-signature_algorithm", "~> 0.4.0"
36
36
 
37
37
  spec.add_development_dependency "appraisal", "~> 2.2.0"
38
38
  spec.add_development_dependency "bundler", ">= 1.17", "< 3"
39
39
  spec.add_development_dependency "byebug", "~> 11.0"
40
40
  spec.add_development_dependency "rake", "~> 13.0"
41
41
  spec.add_development_dependency "rspec", "~> 3.8"
42
- spec.add_development_dependency "rubocop", "0.75.1"
42
+ spec.add_development_dependency "rubocop", "0.80.1"
43
43
  spec.add_development_dependency "rubocop-performance", "~> 1.4"
44
44
  end
@@ -19,6 +19,12 @@ module COSE
19
19
 
20
20
  private
21
21
 
22
+ def valid_key?(key)
23
+ cose_key = to_cose_key(key)
24
+
25
+ cose_key.is_a?(COSE::Key::EC2) && (!cose_key.alg || cose_key.alg == id)
26
+ end
27
+
22
28
  def signature_algorithm_class
23
29
  OpenSSL::SignatureAlgorithm::ECDSA
24
30
  end
@@ -20,6 +20,10 @@ module COSE
20
20
 
21
21
  private
22
22
 
23
+ def valid_key?(key)
24
+ to_cose_key(key).is_a?(COSE::Key::RSA)
25
+ end
26
+
23
27
  def signature_algorithm_class
24
28
  OpenSSL::SignatureAlgorithm::RSAPSS
25
29
  end
@@ -7,11 +7,12 @@ module COSE
7
7
  module Algorithm
8
8
  class SignatureAlgorithm < Base
9
9
  def verify(key, signature, verification_data)
10
+ compatible_key?(key) || raise(COSE::Error, "Incompatible key for signature verification")
10
11
  valid_signature?(key, signature, verification_data) || raise(COSE::Error, "Signature verification failed")
11
12
  end
12
13
 
13
14
  def compatible_key?(key)
14
- to_pkey(key)
15
+ valid_key?(key) && to_pkey(key)
15
16
  rescue COSE::Error
16
17
  false
17
18
  end
@@ -29,10 +30,25 @@ module COSE
29
30
  end
30
31
  end
31
32
 
33
+ def to_cose_key(key)
34
+ case key
35
+ when COSE::Key::Base
36
+ key
37
+ when OpenSSL::PKey::PKey
38
+ COSE::Key.from_pkey(key)
39
+ else
40
+ raise(COSE::Error, "Don't know how to transform #{key.class} to COSE::Key")
41
+ end
42
+ end
43
+
32
44
  def signature_algorithm_class
33
45
  raise NotImplementedError
34
46
  end
35
47
 
48
+ def valid_key?(_key)
49
+ raise NotImplementedError
50
+ end
51
+
36
52
  def to_pkey(_key)
37
53
  raise NotImplementedError
38
54
  end
@@ -20,7 +20,7 @@ module COSE
20
20
  }
21
21
  end
22
22
 
23
- def initialize(crv:, x: nil, d: nil, **keyword_arguments) # rubocop:disable Naming/UncommunicativeMethodParamName
23
+ def initialize(crv:, x: nil, d: nil, **keyword_arguments) # rubocop:disable Naming/MethodParameterName
24
24
  super(**keyword_arguments)
25
25
 
26
26
  if !crv
@@ -48,7 +48,7 @@ module COSE
48
48
 
49
49
  attr_reader :y
50
50
 
51
- def initialize(y: nil, **keyword_arguments) # rubocop:disable Naming/UncommunicativeMethodParamName
51
+ def initialize(y: nil, **keyword_arguments) # rubocop:disable Naming/MethodParameterName
52
52
  if (!y || !keyword_arguments[:x]) && !keyword_arguments[:d]
53
53
  raise ArgumentError, "Both x and y are required if d is missing"
54
54
  else
@@ -47,7 +47,7 @@ module COSE
47
47
 
48
48
  attr_reader :n, :e, :d, :p, :q, :dp, :dq, :qinv
49
49
 
50
- def initialize(n:, e:, d: nil, p: nil, q: nil, dp: nil, dq: nil, qinv: nil, **keyword_arguments) # rubocop:disable Naming/UncommunicativeMethodParamName
50
+ def initialize(n:, e:, d: nil, p: nil, q: nil, dp: nil, dq: nil, qinv: nil, **keyword_arguments) # rubocop:disable Naming/MethodParameterName
51
51
  super(**keyword_arguments)
52
52
 
53
53
  if !n
@@ -17,7 +17,7 @@ module COSE
17
17
  end
18
18
  end
19
19
 
20
- def initialize(k:, **keyword_arguments) # rubocop:disable Naming/UncommunicativeMethodParamName
20
+ def initialize(k:, **keyword_arguments) # rubocop:disable Naming/MethodParameterName
21
21
  super(**keyword_arguments)
22
22
 
23
23
  if !k
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module COSE
4
- VERSION = "0.11.0"
4
+ VERSION = "1.0.0"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cose
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.11.0
4
+ version: 1.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gonzalo Rodriguez
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: exe
11
11
  cert_chain: []
12
- date: 2020-01-30 00:00:00.000000000 Z
12
+ date: 2020-03-29 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: cbor
@@ -31,14 +31,14 @@ dependencies:
31
31
  requirements:
32
32
  - - "~>"
33
33
  - !ruby/object:Gem::Version
34
- version: 0.3.0
34
+ version: 0.4.0
35
35
  type: :runtime
36
36
  prerelease: false
37
37
  version_requirements: !ruby/object:Gem::Requirement
38
38
  requirements:
39
39
  - - "~>"
40
40
  - !ruby/object:Gem::Version
41
- version: 0.3.0
41
+ version: 0.4.0
42
42
  - !ruby/object:Gem::Dependency
43
43
  name: appraisal
44
44
  requirement: !ruby/object:Gem::Requirement
@@ -121,14 +121,14 @@ dependencies:
121
121
  requirements:
122
122
  - - '='
123
123
  - !ruby/object:Gem::Version
124
- version: 0.75.1
124
+ version: 0.80.1
125
125
  type: :development
126
126
  prerelease: false
127
127
  version_requirements: !ruby/object:Gem::Requirement
128
128
  requirements:
129
129
  - - '='
130
130
  - !ruby/object:Gem::Version
131
- version: 0.75.1
131
+ version: 0.80.1
132
132
  - !ruby/object:Gem::Dependency
133
133
  name: rubocop-performance
134
134
  requirement: !ruby/object:Gem::Requirement