jose 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d815c65355a2d467ff34ae0ac101edfc95cf0f13
-  data.tar.gz: 6dce3b24964e2cc44d53d5626fd93c6f532b4606
+  metadata.gz: 7376ae594edf0f6ec851ffe557de7d6f0f1680cd
+  data.tar.gz: 9a65bee349e4419c92c7b1bd01e08008ae82a2b3
 SHA512:
-  metadata.gz: a8fbbbd04314ba7b7c3a27d3ff5954ecc239648fc55e08fde8243c8e5abed253e9a4de65bb4afcb306a7f972abb446b6e4846298ca7b7c411fd9b6c5227887f0
-  data.tar.gz: ff01ce855127f8a3a93c7437e5b961ec97134bfa76845f5127c584c976a978c80246cd8275c716807c249c7f1945df7a98ef5f009d8642a1b55f1a2e0a69394b
+  metadata.gz: ee8d43fd9d51f20753b853d1da36e8d2dc0cb8f725f20b88f825f5c8f369cb365027654f97bd0ac06f3865afc3119a5b9bbffb0d58e8353ae775b00221138c6b
+  data.tar.gz: 8700bb7d9c63aae53281e3619067d503b35d4ca6691bf7e1782d33709e4c14122a23598dc474e49601d9575fd09d6394c246723a42dca6a0a7758fad90aae39d

data/.ruby-version

@@ -1 +1 @@
-2.2.3
+2.3.0

data/.travis.yml

@@ -1,4 +1,13 @@
 language: ruby
+
+sudo: required
+dist: trusty
+
 rvm:
-  - 2.2.3
-before_install: gem install bundler -v 1.10.6
+  - 2.3.0
+
+notifications:
+  email: false
+
+before_install:
+  - "gem install bundler -v 1.11.2"

data/CHANGELOG.md

@@ -0,0 +1,69 @@
+# Changelog
+
+## 0.2.0 (2016-02-25)
+
+* Enhancements
+  * Add `JOSE.__crypto_fallback__` which can be set directly or with the `JOSE_CRYPTO_FALLBACK` environment variable.  EdDSA and EdDH algorithms not natively supported are disabled by default.
+  * Support [OKP](https://tools.ietf.org/html/draft-ietf-jose-cfrg-curves) key type with the following curves:
+    * `Ed25519` (external [RbNaCl](https://github.com/cryptosphere/rbnacl) or fallback supported)
+    * `Ed25519ph` (external [RbNaCl](https://github.com/cryptosphere/rbnacl) or fallback supported)
+    * `X25519` (external [RbNaCl](https://github.com/cryptosphere/rbnacl) or fallback supported)
+    * `Ed448` (no external, but fallback supported)
+    * `Ed448ph` (no external, but fallback supported)
+    * `X448` (no external, but fallback supported)
+  * Support [SHA-3](https://en.wikipedia.org/wiki/SHA-3) functions for use with `Ed448` and `Ed448ph`.
+  * Add `JOSE::JWK#shared_secret` for computing the shared secret between two `EC` or `OKP` keys.
+
+## 0.1.0 (2015-11-24)
+
+* Initial Release
+
+* Algorithm Support
+  * JSON Web Encryption (JWE) [RFC 7516](https://tools.ietf.org/html/rfc7516)
+    * `"alg"` [RFC 7518 Section 4](https://tools.ietf.org/html/rfc7518#section-4)
+      * `RSA1_5`
+      * `RSA-OAEP`
+      * `RSA-OAEP-256`
+      * `A128KW`
+      * `A192KW`
+      * `A256KW`
+      * `dir`
+      * `ECDH-ES`
+      * `ECDH-ES+A128KW`
+      * `ECDH-ES+A192KW`
+      * `ECDH-ES+A256KW`
+      * `A128GCMKW`
+      * `A192GCMKW`
+      * `A256GCMKW`
+      * `PBES2-HS256+A128KW`
+      * `PBES2-HS384+A192KW`
+      * `PBES2-HS512+A256KW`
+    * `"enc"` [RFC 7518 Section 5](https://tools.ietf.org/html/rfc7518#section-5)
+      * `A128CBC-HS256`
+      * `A192CBC-HS384`
+      * `A256CBC-HS512`
+      * `A128GCM`
+      * `A192GCM`
+      * `A256GCM`
+    * `"zip"` [RFC 7518 Section 7.3](https://tools.ietf.org/html/rfc7518#section-7.3)
+      * `DEF`
+  * JSON Web Key (JWK) [RFC 7517](https://tools.ietf.org/html/rfc7517)
+    * `"alg"` [RFC 7518 Section 6](https://tools.ietf.org/html/rfc7518#section-6)
+      * `EC`
+      * `RSA`
+      * `oct`
+  * JSON Web Signature (JWS) [RFC 7515](https://tools.ietf.org/html/rfc7515)
+    * `"alg"` [RFC 7518 Section 3](https://tools.ietf.org/html/rfc7518#section-3)
+      * `HS256`
+      * `HS384`
+      * `HS512`
+      * `RS256`
+      * `RS384`
+      * `RS512`
+      * `ES256`
+      * `ES384`
+      * `ES512`
+      * `PS256`
+      * `PS384`
+      * `PS512`
+      * `none`

data/README.md

@@ -1,8 +1,10 @@
 # JOSE
 
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/jose`. To experiment with that code, run `bin/console` for an interactive prompt.
+[![Build Status](https://travis-ci.org/potatosalad/ruby-jose.png?branch=master)](https://travis-ci.org/potatosalad/ruby-jose)
 
-TODO: Delete this and the text above, and describe your gem
+JSON Object Signing and Encryption (JOSE) for Ruby.
+
+Heavily based on [erlang-jose](https://github.com/potatosalad/erlang-jose).
 
 ## Installation
 
@@ -32,7 +34,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/jose. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](contributor-covenant.org) code of conduct.
+Bug reports and pull requests are welcome on GitHub at https://github.com/potatosalad/ruby-jose. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](contributor-covenant.org) code of conduct.
 
 
 ## License

data/jose.gemspec

@@ -29,8 +29,9 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency "hamster"
 
-  spec.add_development_dependency "bundler", "~> 1.10"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "bundler", "~> 1.11"
+  spec.add_development_dependency "rake", "~> 10.5"
   spec.add_development_dependency "minitest"
   spec.add_development_dependency "json"
+  spec.add_development_dependency "rbnacl-libsodium"
 end

data/lib/jose.rb

@@ -4,21 +4,48 @@ require 'base64'
 require 'hamster/hash'
 require 'json'
 require 'openssl'
+require 'thread'
 
 module JOSE
   class Map < Hamster::Hash; end
 end
 
-require 'jose/jwa'
-require 'jose/jwe'
-require 'jose/jwk'
-require 'jose/jws'
-require 'jose/jwt'
-
 module JOSE
 
   extend self
 
+  MUTEX = Mutex.new
+
+  @__crypto_fallback__ = ENV['JOSE_CRYPTO_FALLBACK'] ? true : false
+
+  def __crypto_fallback__
+    return @__crypto_fallback__
+  end
+
+  def __crypto_fallback__=(boolean)
+    boolean = !!boolean
+    MUTEX.synchronize {
+      @__crypto_fallback__ = boolean
+      __config_change__
+    }
+  end
+
+  def __curve25519_module__
+    return JOSE::JWA::Curve25519.__implementation__
+  end
+
+  def __curve25519_module__=(m)
+    JOSE::JWA::Curve25519.__implementation__ = m
+  end
+
+  def __curve448_module__
+    return JOSE::JWA::Curve448.__implementation__
+  end
+
+  def __curve448_module__=(m)
+    JOSE::JWA::Curve448.__implementation__ = m
+  end
+
   def decode(binary)
     return JSON.load(binary)
   end
@@ -43,6 +70,11 @@ module JOSE
 
 private
 
+  def __config_change__
+    JOSE::JWA::Curve25519.__config_change__
+    JOSE::JWA::Curve448.__config_change__
+  end
+
   def sort_maps(term)
     case term
     when Hash, JOSE::Map
@@ -59,3 +91,9 @@ private
   end
 
 end
+
+require 'jose/jwa'
+require 'jose/jwe'
+require 'jose/jwk'
+require 'jose/jws'
+require 'jose/jwt'

data/lib/jose/jwa.rb

@@ -3,6 +3,9 @@ module JOSE
 
     extend self
 
+    UCHAR_PACK = 'C*'.freeze
+    ZERO_PAD = [0].pack('C').force_encoding('BINARY').freeze
+
     def constant_time_compare(a, b)
       return false if a.empty? || b.empty? || a.bytesize != b.bytesize
       l = a.unpack "C#{a.bytesize}"
@@ -12,10 +15,30 @@ module JOSE
       return res == 0
     end
 
+    def exor(a, b)
+      a = a.to_bn if a.respond_to?(:to_bn)
+      b = b.to_bn if b.respond_to?(:to_bn)
+      a = a.to_s(2) if a.is_a?(OpenSSL::BN)
+      b = b.to_s(2) if b.is_a?(OpenSSL::BN)
+      as = a.bytesize
+      bs = b.bytesize
+      a.ljust!(bs, ZERO_PAD) if as < bs
+      b.ljust!(as, ZERO_PAD) if bs < as
+      return OpenSSL::BN.new(a.unpack(UCHAR_PACK).zip(b.unpack(UCHAR_PACK)).map do |ac,bc|
+        next (ac ^ bc)
+      end.reverse.pack(UCHAR_PACK), 2)
+    end
+
   end
 end
 
+require 'jose/jwa/field_element'
+require 'jose/jwa/edwards_point'
+require 'jose/jwa/sha3'
+
 require 'jose/jwa/aes_kw'
 require 'jose/jwa/concat_kdf'
+require 'jose/jwa/curve25519'
+require 'jose/jwa/curve448'
 require 'jose/jwa/pkcs1'
 require 'jose/jwa/pkcs7'

data/lib/jose/jwa/curve25519.rb

@@ -0,0 +1,102 @@
+module JOSE::JWA::Curve25519
+
+  extend self
+
+  MUTEX = Mutex.new
+
+  @__implementations__ = []
+  @__ruby_implementations__ = []
+
+  def __implementation__
+    return MUTEX.synchronize { @__implementation__ ||= __pick_best_implementation__ }
+  end
+
+  def __implementation__=(implementation)
+    return MUTEX.synchronize { @__implementation__ = implementation }
+  end
+
+  def __register__(implementation, ruby = false)
+    MUTEX.synchronize {
+      if ruby
+        @__ruby_implementations__.unshift(implementation)
+      else
+        @__implementations__.unshift(implementation)
+      end
+      __config_change__(false)
+      implementation
+    }
+  end
+
+  def __config_change__(lock = true)
+    MUTEX.lock if lock
+    @__implementation__ = __pick_best_implementation__ if @__implementation__.nil? or @__implementation__.__ruby__? or not @__implementation__.__supported__?
+    MUTEX.unlock if lock
+  end
+
+  def ed25519_keypair(secret = nil)
+    return (@__implementation__ || __implementation__).ed25519_keypair(secret)
+  end
+
+  def ed25519_secret_to_public(sk)
+    return (@__implementation__ || __implementation__).ed25519_secret_to_public(sk)
+  end
+
+  def ed25519_sign(m, sk)
+    return (@__implementation__ || __implementation__).ed25519_sign(m, sk)
+  end
+
+  def ed25519_verify(sig, m, pk)
+    return (@__implementation__ || __implementation__).ed25519_verify(sig, m, pk)
+  end
+
+  def ed25519ph_keypair(secret = nil)
+    return (@__implementation__ || __implementation__).ed25519ph_keypair(secret)
+  end
+
+  def ed25519ph_secret_to_public(sk)
+    return (@__implementation__ || __implementation__).ed25519ph_secret_to_public(sk)
+  end
+
+  def ed25519ph_sign(m, sk)
+    return (@__implementation__ || __implementation__).ed25519ph_sign(m, sk)
+  end
+
+  def ed25519ph_verify(sig, m, pk)
+    return (@__implementation__ || __implementation__).ed25519ph_verify(sig, m, pk)
+  end
+
+  def x25519_keypair(secret = nil)
+    return (@__implementation__ || __implementation__).x25519_keypair(secret)
+  end
+
+  def x25519_secret_to_public(sk)
+    return (@__implementation__ || __implementation__).x25519_secret_to_public(sk)
+  end
+
+  def x25519_shared_secret(pk, sk)
+    return (@__implementation__ || __implementation__).x25519_shared_secret(pk, sk)
+  end
+
+private
+  def __pick_best_implementation__
+    implementation = nil
+    implementation = @__implementations__.detect do |implementation|
+      next implementation.__supported__?
+    end
+    implementation ||= @__ruby_implementations__.detect do |implementation|
+      next implementation.__supported__?
+    end
+    implementation ||= JOSE::JWA::Curve25519_Unsupported
+    return implementation
+  end
+
+end
+
+require 'jose/jwa/ed25519'
+require 'jose/jwa/ed25519_rbnacl'
+require 'jose/jwa/x25519'
+require 'jose/jwa/x25519_rbnacl'
+
+require 'jose/jwa/curve25519_unsupported'
+require 'jose/jwa/curve25519_ruby'
+require 'jose/jwa/curve25519_rbnacl'

data/lib/jose/jwa/curve25519_rbnacl.rb

@@ -0,0 +1,67 @@
+module JOSE::JWA::Curve25519_RbNaCl
+
+  extend self
+
+  def __ruby__?; false; end
+
+  def __supported__?
+    return @supported ||= begin
+      begin
+        require 'rbnacl/libsodium'
+      rescue LoadError
+      end
+      begin
+        require 'rbnacl'
+      rescue LoadError
+      end
+      !!(defined?(RbNaCl::GroupElements::Curve25519))
+    end
+  end
+
+  def ed25519_keypair(secret = nil)
+    return JOSE::JWA::Ed25519_RbNaCl.keypair(secret)
+  end
+
+  def ed25519_secret_to_public(sk)
+    return JOSE::JWA::Ed25519_RbNaCl.sk_to_pk(sk)
+  end
+
+  def ed25519_sign(m, sk)
+    return JOSE::JWA::Ed25519_RbNaCl.sign(m, sk)
+  end
+
+  def ed25519_verify(sig, m, pk)
+    return JOSE::JWA::Ed25519_RbNaCl.verify(sig, m, pk)
+  end
+
+  def ed25519ph_keypair(secret = nil)
+    return JOSE::JWA::Ed25519_RbNaCl.keypair(secret)
+  end
+
+  def ed25519ph_secret_to_public(sk)
+    return JOSE::JWA::Ed25519_RbNaCl.sk_to_pk(sk)
+  end
+
+  def ed25519ph_sign(m, sk)
+    return JOSE::JWA::Ed25519_RbNaCl.sign_ph(m, sk)
+  end
+
+  def ed25519ph_verify(sig, m, pk)
+    return JOSE::JWA::Ed25519_RbNaCl.verify_ph(sig, m, pk)
+  end
+
+  def x25519_keypair(secret = nil)
+    return JOSE::JWA::X25519.keypair(secret)
+  end
+
+  def x25519_secret_to_public(sk)
+    return JOSE::JWA::X25519.sk_to_pk(sk)
+  end
+
+  def x25519_shared_secret(pk, sk)
+    return JOSE::JWA::X25519.shared_secret(pk, sk)
+  end
+
+end
+
+JOSE::JWA::Curve25519.__register__(JOSE::JWA::Curve25519_RbNaCl)

data/lib/jose/jwa/curve25519_ruby.rb

@@ -0,0 +1,54 @@
+module JOSE::JWA::Curve25519_Ruby
+
+  extend self
+
+  def __ruby__?; true; end
+  def __supported__?; JOSE.__crypto_fallback__; end
+
+  def ed25519_keypair(secret = nil)
+    return JOSE::JWA::Ed25519.keypair(secret)
+  end
+
+  def ed25519_secret_to_public(sk)
+    return JOSE::JWA::Ed25519.sk_to_pk(sk)
+  end
+
+  def ed25519_sign(m, sk)
+    return JOSE::JWA::Ed25519.sign(m, sk)
+  end
+
+  def ed25519_verify(sig, m, pk)
+    return JOSE::JWA::Ed25519.verify(sig, m, pk)
+  end
+
+  def ed25519ph_keypair(secret = nil)
+    return JOSE::JWA::Ed25519.keypair(secret)
+  end
+
+  def ed25519ph_secret_to_public(sk)
+    return JOSE::JWA::Ed25519.sk_to_pk(sk)
+  end
+
+  def ed25519ph_sign(m, sk)
+    return JOSE::JWA::Ed25519.sign_ph(m, sk)
+  end
+
+  def ed25519ph_verify(sig, m, pk)
+    return JOSE::JWA::Ed25519.verify_ph(sig, m, pk)
+  end
+
+  def x25519_keypair(secret = nil)
+    return JOSE::JWA::X25519.keypair(secret)
+  end
+
+  def x25519_secret_to_public(sk)
+    return JOSE::JWA::X25519.sk_to_pk(sk)
+  end
+
+  def x25519_shared_secret(pk, sk)
+    return JOSE::JWA::X25519.shared_secret(pk, sk)
+  end
+
+end
+
+JOSE::JWA::Curve25519.__register__(JOSE::JWA::Curve25519_Ruby, true)