ecdsa 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: d725d0e513f16f2ec4b24170b5d2f85c26472d79
+  data.tar.gz: 866b36f01ad0f3e0cf3f32b2ec01881252e564b7
+SHA512:
+  metadata.gz: d00fa2b23d9fc9225b6bbe7ae9e1b84254b3e31a5163974179f3ce8bbd3cde4c7d48012de2ba54a238d76cc068f9d0f0310eff985ebdb296191036fbba9f6c07
+  data.tar.gz: 84610f1b18e5e8e3b633e932fc58eb950d37a4b193a87ea49e9a16bfd454a1c961278276f0bad1c49d26c7d19cf8c4f3ee4b3690e29cc13ca1c9a79b3ba5c070

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org/'
+
+gem 'rspec'
+gem 'rubocop', '0.19.1'

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 David Grayson.
+
+Permission is hereby granted, free of charge, to any person
+obtaining a copy of this software and associated documentation
+files (the "Software"), to deal in the Software without
+restriction, including without limitation the rights to use,
+copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,29 @@
+# ECDSA gem for Ruby
+
+This gem implements the Elliptic Curve Digital Signature Algorithm (ECDSA) almost entirely in pure Ruby.
+It aims to be easier to use and easier to understand than Ruby's [OpenSSL EC support](http://www.ruby-doc.org/stdlib/libdoc/openssl/rdoc/OpenSSL/PKey/EC.html).
+This gem does use OpenSSL but it only uses it to decode and encode ASN1 strings for ECDSA signatures.
+All cryptographic calculations are done in pure Ruby.
+
+The main classes of this gem are `ECDSA::Group`, `ECDSA::Point`, and `ECDSA::Signature`.
+These classes operate on Ruby integers and do not deal at all with binary formatting.
+Encoding and decoding of binary formats is solely handled by classes under the `ECDSA::Format` module.
+
+You can enter your own curve parameters by instantiating a new `ECDSA::Group` object or you can
+use a pre-existing group object such as `ECDSA::Group::Secp256k1`.
+The pre-existing groups can be seen in the `lib/ecdsa/group` folder, and include all the curves
+defined in [SEC2](http://www.secg.org/collateral/sec2_final.pdf) and [NIST's Recommended Elliptic Curves for Federal Government Use](http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf).
+
+This gem is hosted at the [DavidEGrayson/ruby_ecdsa github repository](https://github.com/DavidEGrayson/ruby_ecdsa).
+
+## Current limitations
+
+- This gem only supports fields of integers modulo a prime number (_F<sub>p</sub>_).
+  ECDSA's characteristic 2 fields are not supported.
+- This gem can only compute square roots in prime fields over a prime _p_
+  that is one less than a multiple of 4.
+  Computing a square root is required for parsing public keys stored in compressed form.
+- There is no documentation.  If you know ECDSA and know how to read Ruby source code,
+  you can probably figure it out though.
+- The algorithms have not been optimized for speed, and will probably never be, because that
+  would hinder the goal of helping people understand ECDSA.

data/lib/ecdsa.rb

@@ -0,0 +1,59 @@
+require_relative 'ecdsa/group'
+require_relative 'ecdsa/signature'
+require_relative 'ecdsa/verify'
+require_relative 'ecdsa/sign'
+require_relative 'ecdsa/format'
+require_relative 'ecdsa/version'
+
+module ECDSA
+  def self.byte_length(integer)
+    length = 0
+    while integer > 0
+      length += 1
+      integer >>= 8
+    end
+    length
+  end
+
+  def self.bit_length(integer)
+    length = 0
+    while integer > 0
+      length += 1
+      integer >>= 1
+    end
+    length
+  end
+
+  def self.convert_digest_to_integer(digest)
+    case digest
+    when Integer then digest
+    when String then convert_octet_string_to_bit_string(digest)
+    else raise "Invalid digest: #{digest.inspect}"
+    end
+  end
+
+  def self.leftmost_bits(n, bit_length)
+    if n >= (1 << (8 * bit_length))
+      raise 'Have not yet written code to handle this case'
+    else
+      n
+    end
+  end
+
+  def self.normalize_digest(digest, bit_length)
+    digest_num = convert_digest_to_integer(digest)
+    leftmost_bits(digest_num, bit_length)
+  end
+
+  # SEC1, Section 2.3.2.
+  # My interpretation of that section is that we treat the octet string as BIG endian.
+  def self.convert_octet_string_to_bit_string(string)
+    string.bytes.reduce { |n, b| (n << 8) + b }
+  end
+end
+
+class String
+  def hex_inspect
+    '"' + each_byte.map { |b| '\x%02x' % b }.join + '"'
+  end
+end

data/lib/ecdsa/format.rb

@@ -0,0 +1,5 @@
+require 'ecdsa/format/decode_error'
+require 'ecdsa/format/point_octet_string'
+require 'ecdsa/format/integer_octet_string'
+require 'ecdsa/format/field_element_octet_string'
+require 'ecdsa/format/signature_der_string'

data/lib/ecdsa/format/decode_error.rb

@@ -0,0 +1,11 @@
+module ECDSA
+  module Format
+    # Raising instance of this class as an exception indicates that
+    # the data being decoded was invalid, but does not necessarily
+    # indicate a bug in the program, unlike most other exceptions
+    # because it is possible the data being decoded is coming from
+    # an untrusted source.
+    class DecodeError < StandardError
+    end
+  end
+end

data/lib/ecdsa/format/field_element_octet_string.rb

@@ -0,0 +1,27 @@
+# Defined in http://www.secg.org/collateral/sec1_final.pdf
+# section 2.3.5: FieldElement-to-OctetString Conversion
+
+module ECDSA
+  module Format
+    module FieldElementOctetString
+      # @param integer (Integer) The integer to encode
+      # @param length (Integer) The number of bytes desired in the output string.
+      def self.encode(element, field)
+        raise ArgumentError, 'Given element is not an element of the field.' if !field.include?(element)
+        length = ECDSA.byte_length(field.prime)
+        IntegerOctetString.encode(element, length)
+      end
+
+      def self.decode(string, field)
+        int = IntegerOctetString.decode(string)
+
+        if !field.include?(int)
+          # The integer has to be non-negative, so it must be too big.
+          raise DecodeError, 'Decoded integer is too large for field: 0x%x >= 0x%x.' % [int, field.prime]
+        end
+
+        int
+      end
+    end
+  end
+end

data/lib/ecdsa/format/integer_octet_string.rb

@@ -0,0 +1,28 @@
+# Defined in http://www.secg.org/collateral/sec1_final.pdf :
+# Section 2.3.7: Integer-to-OctetString Conversion
+# Section 2.3.8: OctetString-to-Integer Conversion
+
+module ECDSA
+  module Format
+    module IntegerOctetString
+      # @param integer (Integer) The integer to encode
+      # @param length (Integer) The number of bytes desired in the output string.
+      def self.encode(integer, length)
+        raise ArgumentError, 'Integer to encode is negative.' if integer < 0
+        raise ArgumentError, 'Integer to encode is too large.' if integer >= (1 << (8 * length))
+
+        length.pred.downto(0).map do |i|
+          integer >> (8 * i)
+        end.pack('C*')
+      end
+
+      def self.decode(string)
+        integer = 0
+        string.each_byte do |b|
+          integer = (integer << 8) + b.ord
+        end
+        integer
+      end
+    end
+  end
+end

data/lib/ecdsa/format/point_octet_string.rb

@@ -0,0 +1,87 @@
+# encoding: US-ASCII
+
+# The point octet string format is defined in http://www.secg.org/collateral/sec1_final.pdf .
+# Section 2.3.3: EllipticCurvePoint-to-OctetString Conversion
+# Section 2.3.4: OctetString-to-EllipticCurvePoint Conversion
+
+require_relative '../point'
+
+module ECDSA
+  module Format
+    module PointOctetString
+      def self.encode(point, opts = {})
+        return "\x00" if point.infinity?
+
+        if opts[:compression]
+          start_byte = point.y.even? ? "\x02" : "\x03"
+          start_byte + FieldElementOctetString.encode(point.x, point.group.field)
+        else
+          "\x04" +
+            FieldElementOctetString.encode(point.x, point.group.field) +
+            FieldElementOctetString.encode(point.y, point.group.field)
+        end
+      end
+
+      # This is equivalent to ec_GFp_simple_oct2point in OpenSSL:
+      # https://github.com/openssl/openssl/blob/a898936218bc279b5d7cdf76d58a25e7a2d419cb/crypto/ec/ecp_oct.c
+      def self.decode(string, group)
+        raise DecodeError, 'Point octet string is empty.' if string.empty?
+
+        case string[0].ord
+        when 0
+          check_length string, 1
+          return group.infinity_point
+        when 2
+          decode_compressed string, group, 0
+        when 3
+          decode_compressed string, group, 1
+        when 4
+          decode_uncompressed string, group
+        else
+          raise DecodeError, 'Unrecognized start byte for point octet string: 0x%x' % string[0].ord
+        end
+      end
+
+      private
+
+      def self.decode_compressed(string, group, y_lsb)
+        expected_length = 1 + group.byte_length
+        check_length string, expected_length
+
+        x_string = string[1, group.byte_length]
+        x = ECDSA::Format::FieldElementOctetString.decode x_string, group.field
+
+        possible_ys = group.solve_for_y(x)
+        y = possible_ys.find { |py| (py % 2) == y_lsb }
+
+        finish_decode x, y, group
+      end
+
+      def self.decode_uncompressed(string, group)
+        expected_length = 1 + 2 * group.byte_length
+        check_length string, expected_length
+
+        x_string = string[1, group.byte_length]
+        y_string = string[1 + group.byte_length, group.byte_length]
+        x = ECDSA::Format::FieldElementOctetString.decode x_string, group.field
+        y = ECDSA::Format::FieldElementOctetString.decode y_string, group.field
+
+        finish_decode x, y, group
+      end
+
+      def self.finish_decode(x, y, group)
+        point = group.new_point [x, y]
+        if !group.include? point
+          raise DecodeError, "Decoded point does not satisfy curve equation: #{point.inspect}."
+        end
+        point
+      end
+
+      def self.check_length(string, expected_length)
+        if string.length != expected_length
+          raise DecodeError, "Expected point octet string to be length #{expected_length} but it was #{string.length}."
+        end
+      end
+    end
+  end
+end

data/lib/ecdsa/format/signature_der_string.rb

@@ -0,0 +1,22 @@
+require 'openssl'
+require_relative '../signature'
+
+module ECDSA
+  module Format
+    module SignatureDerString
+      def self.decode(der_string)
+        asn1 = OpenSSL::ASN1.decode(der_string)
+        r = asn1.value[0].value.to_i
+        s = asn1.value[1].value.to_i
+        Signature.new(r, s)
+      end
+
+      def self.encode(signature)
+        ra = OpenSSL::ASN1::Integer.new signature.r
+        sa = OpenSSL::ASN1::Integer.new signature.s
+        asn1 = OpenSSL::ASN1::Sequence.new [ra, sa]
+        asn1.to_der
+      end
+    end
+  end
+end

data/lib/ecdsa/group.rb

@@ -0,0 +1,126 @@
+require_relative 'prime_field'
+require_relative 'point'
+
+module ECDSA
+  class Group
+    attr_reader :name
+
+    attr_reader :generator
+
+    attr_reader :order
+
+    attr_reader :param_a
+
+    attr_reader :param_b
+
+    attr_reader :field
+
+    # These parameters are defined in http://www.secg.org/collateral/sec2_final.pdf
+    #
+    # - +p+: A prime number that defines the field used.  The field will be F_p.
+    # - +a+: The a parameter in the curve equation (y^2 = x^3 + ax + b).
+    # - +b+: The b parameter in the curve equation.
+    # - +g+: The base point as an octet string.
+    # - +n+: The order of g.
+    # - +h+: The cofactor.
+    def initialize(opts)
+      @opts = opts
+
+      @name = opts.fetch(:name) { '%#x' % object_id }
+      @field = PrimeField.new(opts[:p])
+      @param_a = opts[:a]
+      @param_b = opts[:b]
+      @generator = new_point(@opts[:g])
+      @order = opts[:n]
+      @cofactor = opts[:h]
+
+      @param_a.is_a?(Integer) or raise ArgumentError, 'Invalid a.'
+      @param_b.is_a?(Integer) or raise ArgumentError, 'Invalid b.'
+
+      @param_a = field.mod @param_a
+      @param_b = field.mod @param_b
+    end
+
+    def new_point(p)
+      case p
+      when :infinity
+        infinity_point
+      when Array
+        x, y = p
+        Point.new(self, x, y)
+      when Integer
+        generator.multiply_by_scalar(p)
+      else
+        raise ArgumentError, "Invalid point specifier #{p.inspect}."
+      end
+    end
+
+    def infinity_point
+      @infinity_point ||= Point.new(self, :infinity)
+    end
+
+    # The number of bits that it takes to represent a member of the field.
+    # Log base 2 of the prime p, rounded up.
+    def bit_length
+      @bit_length ||= ECDSA.bit_length(field.prime)
+    end
+
+    def byte_length
+      @byte_length ||= ECDSA.byte_length(field.prime)
+    end
+
+    # Verify that the point is a solution to the curve's defining equation.
+    def include?(point)
+      raise 'Group mismatch.' if point.group != self
+      point.infinity? or point_satisfies_equation?(point)
+    end
+
+    # You should probably use include? instead of this.
+    def point_satisfies_equation?(point)
+      field.mod(point.y * point.y) == equation_right_hand_side(point.x)
+    end
+
+    def equation_right_hand_side(x)
+      field.mod(x * x * x + param_a * x + param_b)
+    end
+
+    def solve_for_y(x)
+      field.square_roots equation_right_hand_side x
+    end
+
+    def inspect
+      "#<#{self.class}:#{name}>"
+    end
+
+    def to_s
+      inspect
+    end
+
+    NAMES = %w(
+      Secp112r1
+      Secp112r2
+      Secp128r1
+      Secp128r2
+      Secp160k1
+      Secp160r1
+      Secp160r2
+      Secp192k1
+      Secp192r1
+      Secp224k1
+      Secp224r1
+      Secp256k1
+      Secp256r1
+      Secp384r1
+      Secp521r1
+      Nistp192
+      Nistp224
+      Nistp256
+      Nistp384
+      Nistp521
+    )
+
+    NAMES.each do |name|
+      autoload name, 'ecdsa/group/' + name.downcase
+    end
+  end
+end

data/lib/ecdsa/group/nistp192.rb

@@ -0,0 +1,16 @@
+# Source: http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf
+
+module ECDSA
+  class Group
+    Nistp192 = new(
+      name: 'nistp192',
+      p: 62771017353866807638357894232076664160839087_00390324961279,
+      a: -3,
+      b: 0x64210519_e59c80e7_0fa7e9ab_72243049_feb8deec_c146b9b1,
+      g: [0x188da80e_b03090f6_7cbf20eb_43a18800_f4ff0afd_82ff1012,
+          0x07192b95_ffc8da78_631011ed_6b24cdd5_73f977a1_1e794811],
+      n: 62771017353866807638357894231760590137671947_73182842284081,
+      h: nil,  # cofactor not given in NIST document
+    )
+  end
+end

data/lib/ecdsa/group/nistp224.rb

@@ -0,0 +1,16 @@
+# Source: http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf
+
+module ECDSA
+  class Group
+    Nistp224 = new(
+      name: 'nistp224',
+      p: 26959946667150639794667015087019630673557916_260026308143510066298881,
+      a: -3,
+      b: 0xb4050a85_0c04b3ab_f5413256_5044b0b7_d7bfd8ba_270b3943_2355ffb4,
+      g: [0xb70e0cbd_6bb4bf7f_321390b9_4a03c1d3_56c21122_343280d6_115c1d21,
+          0xbd376388_b5f723fb_4c22dfe6_cd4375a0_5a074764_44d58199_85007e34],
+      n: 26959946667150639794667015087019625940457807_714424391721682722368061,
+      h: nil,  # cofactor not given in NIST document
+    )
+  end
+end

data/lib/ecdsa/group/nistp256.rb

@@ -0,0 +1,16 @@
+# Source: http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf
+
+module ECDSA
+  class Group
+    Nistp256 = new(
+      name: 'nistp256',
+      p: 11579208921035624876269744694940757353008614_3415290314195533631308867097853951,
+      a: -3,
+      b: 0x5ac635d8_aa3a93e7_b3ebbd55_769886bc_651d06b0_cc53b0f6_3bce3c3e_27d2604b,
+      g: [0x6b17d1f2_e12c4247_f8bce6e5_63a440f2_77037d81_2deb33a0_f4a13945_d898c296,
+          0x4fe342e2_fe1a7f9b_8ee7eb4a_7c0f9e16_2bce3357_6b315ece_cbb64068_37bf51f5],
+      n: 11579208921035624876269744694940757352999695_5224135760342422259061068512044369,
+      h: nil,  # cofactor not given in NIST document
+    )
+  end
+end

data/lib/ecdsa/group/nistp384.rb

@@ -0,0 +1,17 @@
+# Source: http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf
+
+module ECDSA
+  class Group
+    Nistp384 = new(
+      name: 'nistp384',
+      p: 39402006196394479212279040100143613805079739_27046544666794829340424572177149687032904726_6088258938001861606973112319,
+      a: -3,
+      b: 0xb3312fa7_e23ee7e4_988e056b_e3f82d19_181d9c6e_fe814112_0314088f_5013875a_c656398d_8a2ed19d_2a85c8ed_d3ec2aef,
+      g: [0xaa87ca22_be8b0537_8eb1c71e_f320ad74_6e1d3b62_8ba79b98_59f741e0_82542a38_5502f25d_bf55296c_3a545e38_72760ab7,
+          0x3617de4a_96262c6f_5d9e98bf_9292dc29_f8f41dbd_289a147c_e9da3113_b5f0b8c0_0a60b1ce_1d7e819d_7a431d7c_90ea0e5f,
+         ],
+      n: 39402006196394479212279040100143613805079739_27046544666794690527962765939911326356939895_6308152294913554433653942643,
+      h: nil,  # cofactor not given in NIST document
+    )
+  end
+end

data/lib/ecdsa/group/nistp521.rb

@@ -0,0 +1,16 @@
+# Source: "Curve P-256" from http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.doc
+
+module ECDSA
+  class Group
+    Nistp521 = new(
+      name: 'nistp521',
+      p: 68647976601306097149819007990813932172694353_00143305409394463459185543183397656052122559_64066145455497729631139148085803712198799971_6643812574028291115057151,
+      a: -3,
+      b: 0x051_953eb961_8e1c9a1f_929a21a0_b68540ee_a2da725b_99b315f3_b8b48991_8ef109e1_56193951_ec7e937b_1652c0bd_3bb1bf07_3573df88_3d2c34f1_ef451fd4_6b503f00,
+      g: [0x00c6_858e06b7_0404e9cd_9e3ecb66_2395b442_9c648139_053fb521_f828af60_6b4d3dba_a14b5e77_efe75928_fe1dc127_a2ffa8de_3348b3c1_856a429b_f97e7e31_c2e5bd66,
+          0x0118_39296a78_9a3bc004_5c8a5fb4_2c7d1bd9_98f54449_579b4468_17afbd17_273e662c_97ee7299_5ef42640_c550b901_3fad0761_353c7086_a272c240_88be9476_9fd16650],
+      n: 68647976601306097149819007990813932172694353_00143305409394463459185543183397655394245057_74633321719753296399637136332111386476861244_0380340372808892707005449,
+      h: nil,  # cofactor not given in NIST document
+    )
+  end
+end

data/lib/ecdsa/group/secp112r1.rb

@@ -0,0 +1,16 @@
+# Source: http://www.secg.org/collateral/sec2_final.pdf
+
+module ECDSA
+  class Group
+    Secp112r1 = new(
+      name: 'secp112r1',
+      p: 0xDB7C_2ABF62E3_5E668076_BEAD208B,
+      a: 0xDB7C_2ABF62E3_5E668076_BEAD2088,
+      b: 0x659E_F8BA0439_16EEDE89_11702B22,
+      g: [0x0948_7239995A_5EE76B55_F9C2F098,
+          0xA89C_E5AF8724_C0A23E0E_0FF77500],
+      n: 0xDB7C_2ABF62E3_5E7628DF_AC6561C5,
+      h: 1,
+    )
+  end
+end

data/lib/ecdsa/group/secp112r2.rb

@@ -0,0 +1,16 @@
+# Source: http://www.secg.org/collateral/sec2_final.pdf
+
+module ECDSA
+  class Group
+    Secp112r2 = new(
+      name: 'secp112r2',
+      p: 0xDB7C_2ABF62E3_5E668076_BEAD208B,
+      a: 0x6127_C24C05F3_8A0AAAF6_5C0EF02C,
+      b: 0x51DE_F1815DB5_ED74FCC3_4C85D709,
+      g: [0x4BA3_0AB5E892_B4E1649D_D0928643,
+          0xADCD_46F5882E_3747DEF3_6E956E97],
+      n: 0x36DF_0AAFD8B8_D7597CA1_0520D04B,
+      h: 4,
+    )
+  end
+end

data/lib/ecdsa/group/secp128r1.rb

@@ -0,0 +1,16 @@
+# Source: http://www.secg.org/collateral/sec2_final.pdf
+
+module ECDSA
+  class Group
+    Secp128r1 = new(
+      name: 'secp128r1',
+      p: 0xFFFFFFFD_FFFFFFFF_FFFFFFFF_FFFFFFFF,
+      a: 0xFFFFFFFD_FFFFFFFF_FFFFFFFF_FFFFFFFC,
+      b: 0xE87579C1_1079F43D_D824993C_2CEE5ED3,
+      g: [0x161FF752_8B899B2D_0C28607C_A52C5B86,
+          0xCF5AC839_5BAFEB13_C02DA292_DDED7A83],
+      n: 0xFFFFFFFE_00000000_75A30D1B_9038A115,
+      h: 1,
+    )
+  end
+end

data/lib/ecdsa/group/secp128r2.rb

@@ -0,0 +1,16 @@
+# Source: http://www.secg.org/collateral/sec2_final.pdf
+
+module ECDSA
+  class Group
+    Secp128r2 = new(
+      name: 'secp128r2',
+      p: 0xFFFFFFFD_FFFFFFFF_FFFFFFFF_FFFFFFFF,
+      a: 0xD6031998_D1B3BBFE_BF59CC9B_BFF9AEE1,
+      b: 0x5EEEFCA3_80D02919_DC2C6558_BB6D8A5D,
+      g: [0x7B6AA5D8_5E572983_E6FB32A7_CDEBC140,
+          0x27B6916A_894D3AEE_7106FE80_5FC34B44],
+      n: 0x3FFFFFFF_7FFFFFFF_BE002472_0613B5A3,
+      h: 4,
+    )
+  end
+end

data/lib/ecdsa/group/secp160k1.rb

@@ -0,0 +1,16 @@
+# Source: http://www.secg.org/collateral/sec2_final.pdf
+
+module ECDSA
+  class Group
+    Secp160k1 = new(
+      name: 'secp160k1',
+      p: 0xFFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFE_FFFFAC73,
+      a: 0,
+      b: 7,
+      g: [0x3B4C382C_E37AA192_A4019E76_3036F4F5_DD4D7EBB,
+          0x938CF935_318FDCED_6BC28286_531733C3_F03C4FEE],
+      n: 0x01_00000000_00000000_0001B8FA_16DFAB9A_CA16B6B3,
+      h: 1,
+    )
+  end
+end

data/lib/ecdsa/group/secp160r1.rb

@@ -0,0 +1,16 @@
+# Source: http://www.secg.org/collateral/sec2_final.pdf
+
+module ECDSA
+  class Group
+    Secp160r1 = new(
+      name: 'secp160r1',
+      p: 0xFFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_7FFFFFFF,
+      a: 0xFFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_7FFFFFFC,
+      b: 0x1C97BEFC_54BD7A8B_65ACF89F_81D4D4AD_C565FA45,
+      g: [0x4A96B568_8EF57328_46646989_68C38BB9_13CBFC82,
+          0x23A62855_3168947D_59DCC912_04235137_7AC5FB32],
+      n: 0x01_00000000_00000000_0001F4C8_F927AED3_CA752257,
+      h: 1,
+    )
+  end
+end

data/lib/ecdsa/group/secp160r2.rb

@@ -0,0 +1,16 @@
+# Source: http://www.secg.org/collateral/sec2_final.pdf
+
+module ECDSA
+  class Group
+    Secp160r2 = new(
+      name: 'secp160r2',
+      p: 0xFFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFE_FFFFAC73,
+      a: 0xFFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFE_FFFFAC70,
+      b: 0xB4E134D3_FB59EB8B_AB572749_04664D5A_F50388BA,
+      g: [0x52DCB034_293A117E_1F4FF11B_30F7199D_3144CE6D,
+          0xFEAFFEF2_E331F296_E071FA0D_F9982CFE_A7D43F2E],
+      n: 0x01_00000000_00000000_0000351E_E786A818_F3A1A16B,
+      h: 1,
+    )
+  end
+end

data/lib/ecdsa/group/secp192k1.rb

@@ -0,0 +1,16 @@
+# Source: http://www.secg.org/collateral/sec2_final.pdf
+
+module ECDSA
+  class Group
+    Secp192k1 = new(
+      name: 'secp192k1',
+      p: 0xFFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFE_FFFFEE37,
+      a: 0,
+      b: 3,
+      g: [0xDB4FF10E_C057E9AE_26B07D02_80B7F434_1DA5D1B1_EAE06C7D,
+          0x9B2F2F6D_9C5628A7_844163D0_15BE8634_4082AA88_D95E2F9D],
+      n: 0xFFFFFFFF_FFFFFFFF_FFFFFFFE_26F2FC17_0F69466A_74DEFD8D,
+      h: 1,
+    )
+  end
+end

data/lib/ecdsa/group/secp192r1.rb

@@ -0,0 +1,16 @@
+# Source: http://www.secg.org/collateral/sec2_final.pdf
+
+module ECDSA
+  class Group
+    Secp192r1 = new(
+      name: 'secp192r1',
+      p: 0xFFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFE_FFFFFFFF_FFFFFFFF,
+      a: 0xFFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFE_FFFFFFFF_FFFFFFFC,
+      b: 0x64210519_E59C80E7_0FA7E9AB_72243049_FEB8DEEC_C146B9B1,
+      g: [0x188DA80E_B03090F6_7CBF20EB_43A18800_F4FF0AFD_82FF1012,
+          0x07192B95_FFC8DA78_631011ED_6B24CDD5_73F977A1_1E794811],
+      n: 0xFFFFFFFF_FFFFFFFF_FFFFFFFF_99DEF836_146BC9B1_B4D22831,
+      h: 1,
+    )
+  end
+end

data/lib/ecdsa/group/secp224k1.rb

@@ -0,0 +1,16 @@
+# Source: http://www.secg.org/collateral/sec2_final.pdf
+
+module ECDSA
+  class Group
+    Secp224k1 = new(
+      name: 'secp224k1',
+      p: 0xFFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFE_FFFFE56D,
+      a: 0,
+      b: 5,
+      g: [0xA1455B33_4DF099DF_30FC28A1_69A467E9_E47075A9_0F7E650E_B6B7A45C,
+          0x7E089FED_7FBA3442_82CAFBD6_F7E319F7_C0B0BD59_E2CA4BDB_556D61A5],
+      n: 0x01_00000000_00000000_00000000_0001DCE8_D2EC6184_CAF0A971_769FB1F7,
+      h: 1,
+    )
+  end
+end

data/lib/ecdsa/group/secp224r1.rb

@@ -0,0 +1,16 @@
+# Source: http://www.secg.org/collateral/sec2_final.pdf
+
+module ECDSA
+  class Group
+    Secp224r1 = new(
+      name: 'secp224r1',
+      p: 0xFFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_00000000_00000000_00000001,
+      a: 0xFFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFE_FFFFFFFF_FFFFFFFF_FFFFFFFE,
+      b: 0xB4050A85_0C04B3AB_F5413256_5044B0B7_D7BFD8BA_270B3943_2355FFB4,
+      g: [0xB70E0CBD_6BB4BF7F_321390B9_4A03C1D3_56C21122_343280D6_115C1D21,
+          0xBD376388_B5F723FB_4C22DFE6_CD4375A0_5A074764_44D58199_85007E34],
+      n: 0xFFFFFFFF_FFFFFFFF_FFFFFFFF_FFFF16A2_E0B8F03E_13DD2945_5C5C2A3D,
+      h: 1,
+    )
+  end
+end

data/lib/ecdsa/group/secp256k1.rb

@@ -0,0 +1,18 @@
+# Source: http://www.secg.org/collateral/sec2_final.pdf
+
+module ECDSA
+  class Group
+    Secp256k1 = new(
+      name: 'secp256k1',
+      p: 0xFFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFE_FFFFFC2F,
+      a: 0,
+      b: 7,
+      g: [0x79BE667E_F9DCBBAC_55A06295_CE870B07_029BFCDB_2DCE28D9_59F2815B_16F81798,
+          0x483ADA77_26A3C465_5DA4FBFC_0E1108A8_FD17B448_A6855419_9C47D08F_FB10D4B8],
+      n: 0xFFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFE_BAAEDCE6_AF48A03B_BFD25E8C_D0364141,
+      h: 1,
+    )
+
+      # compressed G: "\x02\x79\xBE\x66\x7E\xF9\xDC\xBB\xAC\x55\xA0\x62\x95\xCE\x87\x0B\x07\x02\x9B\xFC\xDB\x2D\xCE\x28\xD9\x59\xF2\x81\x5B\x16\xF8\x17\x98",
+  end
+end

data/lib/ecdsa/group/secp256r1.rb

@@ -0,0 +1,16 @@
+# Source: http://www.secg.org/collateral/sec2_final.pdf
+
+module ECDSA
+  class Group
+    Secp256r1 = new(
+      name: 'secp256r1',
+      p: 0xFFFFFFFF_00000001_00000000_00000000_00000000_FFFFFFFF_FFFFFFFF_FFFFFFFF,
+      a: 0xFFFFFFFF_00000001_00000000_00000000_00000000_FFFFFFFF_FFFFFFFF_FFFFFFFC,
+      b: 0x5AC635D8_AA3A93E7_B3EBBD55_769886BC_651D06B0_CC53B0F6_3BCE3C3E_27D2604B,
+      g: [0x6B17D1F2_E12C4247_F8BCE6E5_63A440F2_77037D81_2DEB33A0_F4A13945_D898C296,
+          0x4FE342E2_FE1A7F9B_8EE7EB4A_7C0F9E16_2BCE3357_6B315ECE_CBB64068_37BF51F5],
+      n: 0xFFFFFFFF_00000000_FFFFFFFF_FFFFFFFF_BCE6FAAD_A7179E84_F3B9CAC2_FC632551,
+      h: 1,
+    )
+  end
+end

data/lib/ecdsa/group/secp384r1.rb

@@ -0,0 +1,16 @@
+# Source: http://www.secg.org/collateral/sec2_final.pdf
+
+module ECDSA
+  class Group
+    Secp384r1 = new(
+      name: 'secp384r1',
+      p: 0xFFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFE_FFFFFFFF_00000000_00000000_FFFFFFFF,
+      a: 0xFFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFE_FFFFFFFF_00000000_00000000_FFFFFFFC,
+      b: 0xB3312FA7_E23EE7E4_988E056B_E3F82D19_181D9C6E_FE814112_0314088F_5013875A_C656398D_8A2ED19D_2A85C8ED_D3EC2AEF,
+      g: [0xAA87CA22_BE8B0537_8EB1C71E_F320AD74_6E1D3B62_8BA79B98_59F741E0_82542A38_5502F25D_BF55296C_3A545E38_72760AB7,
+          0x3617DE4A_96262C6F_5D9E98BF_9292DC29_F8F41DBD_289A147C_E9DA3113_B5F0B8C0_0A60B1CE_1D7E819D_7A431D7C_90EA0E5F],
+      n: 0xFFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_C7634D81_F4372DDF_581A0DB2_48B0A77A_ECEC196A_CCC52973,
+      h: 1,
+    )
+  end
+end

data/lib/ecdsa/group/secp521r1.rb

@@ -0,0 +1,16 @@
+# Source: http://www.secg.org/collateral/sec2_final.pdf
+
+module ECDSA
+  class Group
+    Secp521r1 = new(
+      name: 'secp521r1',
+      p: 0x01FF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF,
+      a: 0x01FF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFC,
+      b: 0x0051_953EB961_8E1C9A1F_929A21A0_B68540EE_A2DA725B_99B315F3_B8B48991_8EF109E1_56193951_EC7E937B_1652C0BD_3BB1BF07_3573DF88_3D2C34F1_EF451FD4_6B503F00,
+      g: [0x00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66,
+          0x011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650],
+      n: 0x01FF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFF_FFFFFFFA_51868783_BF2F966B_7FCC0148_F709A5D0_3BB5C9B8_899C47AE_BB6FB71E_91386409,
+      h: 1,
+    )
+  end
+end

data/lib/ecdsa/point.rb

@@ -0,0 +1,113 @@
+# http://www.secg.org/collateral/sec1_final.pdf
+
+module ECDSA
+  class Point
+    attr_reader :group
+
+    attr_reader :x
+
+    attr_reader :y
+
+    def initialize(group, *args)
+      @group = group
+
+      if args == [:infinity]
+        @infinity = true
+        # leave @x and @y nil
+      else
+        x, y = args
+        raise ArgumentError, "Invalid x: #{x.inspect}" if !x.is_a? Integer
+        raise ArgumentError, "Invalid y: #{y.inspect}" if !y.is_a? Integer
+
+        @x = x
+        @y = y
+      end
+    end
+
+    def coords
+      [x, y]
+    end
+
+    def add_to_point(point)
+      check_group! point
+
+      # Assertions:
+      # raise "point given (#{point.inspect}) does not belong to #{group.name}" if !group.include?(point)
+      # raise "point (#{inspect}) does not belong to #{group.name}" if !group.include?(self)
+
+      # SEC1, section 2.2.1, rules 1 and 2
+      return point if infinity?
+      return self if point.infinity?
+
+      # SEC1, section 2.2.1, rule 3
+      return group.infinity_point if x == point.x && y == field.mod(-point.y)
+
+      # SEC1, section 2.2.1, rule 4
+      if x != point.x
+        gamma = field.mod((point.y - y) * field.inverse(point.x - x))
+        sum_x = field.mod(gamma * gamma - x - point.x)
+        sum_y = field.mod(gamma * (x - sum_x) - y)
+        return self.class.new(group, sum_x, sum_y)
+      end
+
+      # SEC2, section 2.2.1, rule 5
+      return double if self == point
+
+      raise "Failed to add #{inspect} to #{point.inspect}: No addition rules matched."
+    end
+
+    def negate
+      return self if infinity?
+      self.class.new(group, x, field.mod(-y))
+    end
+
+    def double
+      gamma = field.mod((3 * x * x + @group.param_a) * field.inverse(2 * y))
+      new_x = field.mod(gamma * gamma - 2 * x)
+      new_y = field.mod(gamma * (x - new_x) - y)
+      self.class.new(group, new_x, new_y)
+    end
+
+    def multiply_by_scalar(i)
+      result = group.infinity_point
+      v = self
+      while i > 0
+        result = result.add_to_point(v) if i.odd?
+        v = v.double
+        i >>= 1
+      end
+      result
+    end
+
+    def eql?(other)
+      return false if !other.is_a?(Point) || other.group != group
+      x == other.x && y == other.y
+    end
+
+    def ==(other)
+      eql?(other)
+    end
+
+    def infinity?
+      @infinity == true
+    end
+
+    def inspect
+      if infinity?
+        '#<%s: %s, infinity>' % [self.class, group.name]
+      else
+        '#<%s: %s, 0x%x, 0x%x>' % [self.class, group.name, x, y]
+      end
+    end
+
+    private
+
+    def check_group!(point)
+      raise 'Mismatched groups.' if point.group != group
+    end
+
+    def field
+      group.field
+    end
+  end
+end

data/lib/ecdsa/prime_field.rb

@@ -0,0 +1,81 @@
+module ECDSA
+  class PrimeField
+    attr_reader :prime
+
+    def initialize(prime)
+      raise ArgumentError, "Invalid prime #{prime.inspect}" if !prime.is_a?(Integer)
+      @prime = prime
+    end
+
+    def include?(e)
+      e.is_a?(Integer) && e >= 0 && e < prime
+    end
+
+    def mod(num)
+      num % prime
+    end
+
+    # http://en.wikipedia.org/wiki/Extended_Euclidean_algorithm
+    def inverse(num)
+      raise ArgumentError, '0 has no multiplicative inverse.' if num.zero?
+
+      # For every i, we make sure that num * s[i] + prime * t[i] = r[i].
+      # Eventually r[i] will equal 1 because gcd(num, prime) is always 1.
+      # At that point, s[i] is the multiplicative inverse of num in the field.
+
+      remainders = [num, prime]
+      s = [1, 0]
+      t = [0, 1]
+      arrays = [remainders, s, t]
+      while remainders.last > 0
+        quotient = remainders[-2] / remainders[-1]
+        arrays.each do |array|
+          array << array[-2] - quotient * array[-1]
+        end
+      end
+
+      raise 'Inversion bug: remainder is not than 1.' if remainders[-2] != 1
+      mod s[-2]
+    end
+
+    # Computes n raised to the power m.
+    # This algorithm uses the same idea as Point#multiply_by_scalar.
+    def power(n, m)
+      result = 1
+      v = n
+      while m > 0
+        result = mod result * v if m.odd?
+        v = square v
+        m >>= 1
+      end
+      result
+    end
+
+    # Computes n^2.
+    def square(n)
+      mod n * n
+    end
+
+    def square_roots(n)
+      raise ArgumentError, "Not a member of the field: #{n}." if !include?(n)
+      if (prime % 4) == 3
+        square_roots_for_p_3_mod_4(n)
+      else
+        raise NotImplementedError, 'Square root is only implemented in fields where the prime is equal to 3 mod 4.'
+      end
+    end
+
+    private
+
+    # This is Algorithm 1 from http://math.stanford.edu/~jbooher/expos/sqr_qnr.pdf
+    # The algorithm assumes that its input actually does have a square root.
+    # To get around that, we double check the answer after running the algorithm to make
+    # sure it works.
+    def square_roots_for_p_3_mod_4(n)
+      candidate = power n, (prime + 1) / 4
+      return [] if square(candidate) != n
+      return [candidate] if candidate.zero?
+      [candidate, mod(-candidate)].sort
+    end
+  end
+end

data/lib/ecdsa/sign.rb

@@ -0,0 +1,37 @@
+module ECDSA
+  class SZeroError < StandardError
+  end
+
+  # From http://www.secg.org/collateral/sec1_final.pdf section 4.1.3
+  # Warning: Never use the same k value twice for two different messages
+  # or else it will be trivial for someone to calculate your private key.
+  # k should be generated with a secure random number generator.
+  def self.sign(group, private_key, digest, k)
+    # Second part of step 1: Select ephemeral elliptic curve key pair
+    # k was already selected for us by the caller
+    r_point = group.new_point k
+
+    # Step 2
+    xr = r_point.x
+
+    # Step 3
+    point_field = PrimeField.new(group.order)
+    r = point_field.mod(xr)
+
+    # Step 4, calculating the hash, was already performed by the caller.
+
+    # Step 5
+    e = normalize_digest(digest, group.bit_length)
+
+    # Step 6
+    s = point_field.mod(point_field.inverse(k) * (e + r * private_key))
+
+    if s.zero?
+      # We need to go back to step 1, so the caller should generate another
+      # random number k and try again.
+      return nil
+    end
+
+    Signature.new r, s
+  end
+end

data/lib/ecdsa/signature.rb

@@ -0,0 +1,16 @@
+module ECDSA
+  class Signature
+    attr_reader :r
+    attr_reader :s
+
+    def initialize(r, s)
+      @r, @s = r, s
+      r.is_a?(Integer) or raise ArgumentError, 'r is not an integer.'
+      s.is_a?(Integer) or raise ArgumentError, 's is not an integer.'
+    end
+
+    def components
+      [r, s]
+    end
+  end
+end

data/lib/ecdsa/verify.rb

@@ -0,0 +1,48 @@
+module ECDSA
+  class InvalidSignatureError < StandardError
+  end
+
+  # Algorithm taken from http://www.secg.org/collateral/sec1_final.pdf Section 4.1.4.
+  def self.valid_signature?(public_key, digest, signature)
+    check_signature! public_key, digest, signature
+  rescue InvalidSignatureError
+    false
+  end
+
+  def self.check_signature!(public_key, digest, signature)
+    group = public_key.group
+    field = group.field
+
+    # Step 1: r and s must be in the field and non-zero
+    raise InvalidSignatureError, 'r value is not the field.' if !field.include?(signature.r)
+    raise InvalidSignatureError, 's value is not the field.' if !field.include?(signature.s)
+    raise InvalidSignatureError, 'r is zero.' if signature.r.zero?
+    raise InvalidSignatureError, 's is zero.' if signature.s.zero?
+
+    # Step 2 was already performed when the digest of the message was computed.
+
+    # Step 3: Convert octet string to number and take leftmost bits.
+    e = normalize_digest(digest, group.bit_length)
+
+    # Step 4
+    point_field = PrimeField.new(group.order)
+    s_inverted = point_field.inverse(signature.s)
+    u1 = point_field.mod(e * s_inverted)
+    u2 = point_field.mod(signature.r * s_inverted)
+
+    # Step 5
+    r = group.generator.multiply_by_scalar(u1).add_to_point public_key.multiply_by_scalar(u2)
+    raise InvalidSignatureError, 'R is infinity in step 5.' if r.infinity?
+
+    # Step 6
+    xr = r.x
+
+    # Step 7
+    v = point_field.mod xr
+
+    # Step 8
+    raise InvalidSignatureError, 'v does not equal r.' if v != signature.r
+
+    true
+  end
+end

data/lib/ecdsa/version.rb

@@ -0,0 +1,3 @@
+module ECDSA
+  VERSION = '0.1.0'
+end

metadata

@@ -0,0 +1,82 @@
+--- !ruby/object:Gem::Specification
+name: ecdsa
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- David Grayson
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-03-18 00:00:00.000000000 Z
+dependencies: []
+description: 
+email: davidegrayson@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/ecdsa/format/decode_error.rb
+- lib/ecdsa/format/field_element_octet_string.rb
+- lib/ecdsa/format/integer_octet_string.rb
+- lib/ecdsa/format/point_octet_string.rb
+- lib/ecdsa/format/signature_der_string.rb
+- lib/ecdsa/format.rb
+- lib/ecdsa/group/nistp192.rb
+- lib/ecdsa/group/nistp224.rb
+- lib/ecdsa/group/nistp256.rb
+- lib/ecdsa/group/nistp384.rb
+- lib/ecdsa/group/nistp521.rb
+- lib/ecdsa/group/secp112r1.rb
+- lib/ecdsa/group/secp112r2.rb
+- lib/ecdsa/group/secp128r1.rb
+- lib/ecdsa/group/secp128r2.rb
+- lib/ecdsa/group/secp160k1.rb
+- lib/ecdsa/group/secp160r1.rb
+- lib/ecdsa/group/secp160r2.rb
+- lib/ecdsa/group/secp192k1.rb
+- lib/ecdsa/group/secp192r1.rb
+- lib/ecdsa/group/secp224k1.rb
+- lib/ecdsa/group/secp224r1.rb
+- lib/ecdsa/group/secp256k1.rb
+- lib/ecdsa/group/secp256r1.rb
+- lib/ecdsa/group/secp384r1.rb
+- lib/ecdsa/group/secp521r1.rb
+- lib/ecdsa/group.rb
+- lib/ecdsa/point.rb
+- lib/ecdsa/prime_field.rb
+- lib/ecdsa/sign.rb
+- lib/ecdsa/signature.rb
+- lib/ecdsa/verify.rb
+- lib/ecdsa/version.rb
+- lib/ecdsa.rb
+- Gemfile
+- README.md
+- LICENSE.txt
+homepage: https://github.com/pololu/rpicsim
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '2'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.0
+signing_key: 
+specification_version: 4
+summary: This gem implements the Ellipctic Curve Digital Signature Algorithm (ECDSA)
+  almost entirely in pure Ruby.
+test_files: []
+has_rdoc: