jose 0.1.0 → 0.2.0

data/lib/jose/jwk/kty.rb

@@ -31,4 +31,10 @@ end
 
 require 'jose/jwk/kty_ec'
 require 'jose/jwk/kty_oct'
+require 'jose/jwk/kty_okp_ed25519'
+require 'jose/jwk/kty_okp_ed25519ph'
+require 'jose/jwk/kty_okp_ed448'
+require 'jose/jwk/kty_okp_ed448ph'
+require 'jose/jwk/kty_okp_x25519'
+require 'jose/jwk/kty_okp_x448'
 require 'jose/jwk/kty_rsa'

data/lib/jose/jwk/kty_okp_ed25519.rb

@@ -0,0 +1,112 @@
+class JOSE::JWK::KTY_OKP_Ed25519 < Struct.new(:okp)
+
+  SECRET_BYTES = 32
+  PK_BYTES = 32
+  SK_BYTES = SECRET_BYTES + PK_BYTES
+
+  # JOSE::JWK callbacks
+
+  def self.from_map(fields)
+    if fields['kty'] == 'OKP' and fields['crv'] == 'Ed25519' and fields['x'].is_a?(String)
+      pk = JOSE.urlsafe_decode64(fields['x'])
+      secret = nil
+      if fields['d'].is_a?(String)
+        secret = JOSE.urlsafe_decode64(fields['d'])
+      end
+      if pk.bytesize == PK_BYTES and (secret.nil? or secret.bytesize == SECRET_BYTES)
+        if secret.nil?
+          return JOSE::JWK::KTY_OKP_Ed25519.new(pk), fields.except('kty', 'crv', 'x')
+        else
+          return JOSE::JWK::KTY_OKP_Ed25519.new(secret + pk), fields.except('kty', 'crv', 'x', 'd')
+        end
+      end
+    end
+    raise ArgumentError, "invalid 'OKP' crv 'Ed25519' JWK"
+  end
+
+  def to_key
+    return okp
+  end
+
+  def to_map(fields)
+    if okp.bytesize == SK_BYTES
+      secret, pk = okp[0, SECRET_BYTES], okp[SECRET_BYTES, SK_BYTES]
+      return fields.
+        put('crv', 'Ed25519').
+        put('d',   JOSE.urlsafe_encode64(secret)).
+        put('kty', 'OKP').
+        put('x',   JOSE.urlsafe_encode64(pk))
+    else
+      pk = okp
+      return fields.
+        put('crv', 'Ed25519').
+        put('kty', 'OKP').
+        put('x',   JOSE.urlsafe_encode64(pk))
+    end
+  end
+
+  def to_public_map(fields)
+    return to_map(fields).except('d')
+  end
+
+  def to_thumbprint_map(fields)
+    return to_public_map(fields).slice('crv', 'kty', 'x')
+  end
+
+  # JOSE::JWK::KTY callbacks
+
+  def self.generate_key(okp_params)
+    secret = nil
+    if okp_params.is_a?(Array) and (okp_params.length == 2 or okp_params.length == 3) and okp_params[0] == :okp and okp_params[1] == :Ed25519
+      secret = okp_params[2] if okp_params.length == 3
+    elsif okp_params.is_a?(String)
+      secret = okp_params
+    end
+    if secret.nil? or (secret.is_a?(String) and secret.bytesize == SECRET_BYTES)
+      return from_okp([:Ed25519, JOSE::JWA::Curve25519.ed25519_keypair(secret)[1]])
+    else
+      raise ArgumentError, "'secret' must be nil or a String of #{SECRET_BYTES} bytes"
+    end
+  end
+
+  def generate_key(fields)
+    kty, other_fields = JOSE::JWK::KTY_OKP_Ed25519.generate_key([:okp, :Ed25519])
+    return kty, fields.delete('kid').merge(other_fields)
+  end
+
+  def key_encryptor(fields, key)
+    return JOSE::JWK::KTY.key_encryptor(self, fields, key)
+  end
+
+  def sign(message, digest_type)
+    raise ArgumentError, "'digest_type' must be :Ed25519" if digest_type != :Ed25519
+    raise NotImplementedError, "Ed25519 public key cannot be used for signing" if okp.bytesize != SK_BYTES
+    return JOSE::JWA::Curve25519.ed25519_sign(message, okp)
+  end
+
+  def signer(fields = nil, plain_text = nil)
+    return JOSE::Map['alg' => 'Ed25519']
+  end
+
+  def verify(message, digest_type, signature)
+    raise ArgumentError, "'digest_type' must be :Ed25519" if digest_type != :Ed25519
+    pk = okp
+    pk = JOSE::JWA::Curve25519.ed25519_secret_to_public(okp) if okp.bytesize == SK_BYTES
+    return JOSE::JWA::Curve25519.ed25519_verify(signature, message, pk)
+  end
+
+  # API functions
+
+  def self.from_okp(okp)
+    if okp.is_a?(Array) and okp.length == 2 and okp[0] == :Ed25519 and okp[1].is_a?(String) and (okp[1].bytesize == PK_BYTES or okp[1].bytesize == SK_BYTES)
+      return JOSE::JWK::KTY_OKP_Ed25519.new(okp[1]), JOSE::Map[]
+    else
+      raise ArgumentError, "'okp' must be an Array in the form of [:Ed25519, String]"
+    end
+  end
+
+  def to_okp
+    return [:Ed25519, okp]
+  end
+
+end

data/lib/jose/jwk/kty_okp_ed25519ph.rb

@@ -0,0 +1,112 @@
+class JOSE::JWK::KTY_OKP_Ed25519ph < Struct.new(:okp)
+
+  SECRET_BYTES = 32
+  PK_BYTES = 32
+  SK_BYTES = SECRET_BYTES + PK_BYTES
+
+  # JOSE::JWK callbacks
+
+  def self.from_map(fields)
+    if fields['kty'] == 'OKP' and fields['crv'] == 'Ed25519ph' and fields['x'].is_a?(String)
+      pk = JOSE.urlsafe_decode64(fields['x'])
+      secret = nil
+      if fields['d'].is_a?(String)
+        secret = JOSE.urlsafe_decode64(fields['d'])
+      end
+      if pk.bytesize == PK_BYTES and (secret.nil? or secret.bytesize == SECRET_BYTES)
+        if secret.nil?
+          return JOSE::JWK::KTY_OKP_Ed25519ph.new(pk), fields.except('kty', 'crv', 'x')
+        else
+          return JOSE::JWK::KTY_OKP_Ed25519ph.new(secret + pk), fields.except('kty', 'crv', 'x', 'd')
+        end
+      end
+    end
+    raise ArgumentError, "invalid 'OKP' crv 'Ed25519ph' JWK"
+  end
+
+  def to_key
+    return okp
+  end
+
+  def to_map(fields)
+    if okp.bytesize == SK_BYTES
+      secret, pk = okp[0, SECRET_BYTES], okp[SECRET_BYTES, SK_BYTES]
+      return fields.
+        put('crv', 'Ed25519ph').
+        put('d',   JOSE.urlsafe_encode64(secret)).
+        put('kty', 'OKP').
+        put('x',   JOSE.urlsafe_encode64(pk))
+    else
+      pk = okp
+      return fields.
+        put('crv', 'Ed25519ph').
+        put('kty', 'OKP').
+        put('x',   JOSE.urlsafe_encode64(pk))
+    end
+  end
+
+  def to_public_map(fields)
+    return to_map(fields).except('d')
+  end
+
+  def to_thumbprint_map(fields)
+    return to_public_map(fields).slice('crv', 'kty', 'x')
+  end
+
+  # JOSE::JWK::KTY callbacks
+
+  def self.generate_key(okp_params)
+    secret = nil
+    if okp_params.is_a?(Array) and (okp_params.length == 2 or okp_params.length == 3) and okp_params[0] == :okp and okp_params[1] == :Ed25519ph
+      secret = okp_params[2] if okp_params.length == 3
+    elsif okp_params.is_a?(String)
+      secret = okp_params
+    end
+    if secret.nil? or (secret.is_a?(String) and secret.bytesize == SECRET_BYTES)
+      return from_okp([:Ed25519ph, JOSE::JWA::Curve25519.ed25519ph_keypair(secret)[1]])
+    else
+      raise ArgumentError, "'secret' must be nil or a String of #{SECRET_BYTES} bytes"
+    end
+  end
+
+  def generate_key(fields)
+    kty, other_fields = JOSE::JWK::KTY_OKP_Ed25519ph.generate_key([:okp, :Ed25519ph])
+    return kty, fields.delete('kid').merge(other_fields)
+  end
+
+  def key_encryptor(fields, key)
+    return JOSE::JWK::KTY.key_encryptor(self, fields, key)
+  end
+
+  def sign(message, sign_type)
+    raise ArgumentError, "'sign_type' must be :Ed25519ph" if sign_type != :Ed25519ph
+    raise NotImplementedError, "Ed25519ph public key cannot be used for signing" if okp.bytesize != SK_BYTES
+    return JOSE::JWA::Curve25519.ed25519ph_sign(message, okp)
+  end
+
+  def signer(fields = nil, plain_text = nil)
+    return JOSE::Map['alg' => 'Ed25519ph']
+  end
+
+  def verify(message, sign_type, signature)
+    raise ArgumentError, "'sign_type' must be :Ed25519ph" if sign_type != :Ed25519ph
+    pk = okp
+    pk = JOSE::JWA::Curve25519.ed25519ph_secret_to_public(okp) if okp.bytesize == SK_BYTES
+    return JOSE::JWA::Curve25519.ed25519ph_verify(signature, message, pk)
+  end
+
+  # API functions
+
+  def self.from_okp(okp)
+    if okp.is_a?(Array) and okp.length == 2 and okp[0] == :Ed25519ph and okp[1].is_a?(String) and (okp[1].bytesize == PK_BYTES or okp[1].bytesize == SK_BYTES)
+      return JOSE::JWK::KTY_OKP_Ed25519ph.new(okp[1]), JOSE::Map[]
+    else
+      raise ArgumentError, "'okp' must be an Array in the form of [:Ed25519ph, String]"
+    end
+  end
+
+  def to_okp
+    return [:Ed25519, okp]
+  end
+
+end

data/lib/jose/jwk/kty_okp_ed448.rb

@@ -0,0 +1,121 @@
+class JOSE::JWK::KTY_OKP_Ed448 < Struct.new(:okp)
+
+  SECRET_BYTES = 57
+  LEGACY_SECRET_BYTES = 32
+  PK_BYTES = 57
+  SK_BYTES = SECRET_BYTES + PK_BYTES
+  LEGACY_SK_BYTES = LEGACY_SECRET_BYTES + PK_BYTES
+
+  # JOSE::JWK callbacks
+
+  def self.from_map(fields)
+    if fields['kty'] == 'OKP' and fields['crv'] == 'Ed448' and fields['x'].is_a?(String)
+      pk = JOSE.urlsafe_decode64(fields['x'])
+      secret = nil
+      if fields['d'].is_a?(String)
+        secret = JOSE.urlsafe_decode64(fields['d'])
+      end
+      if pk.bytesize == PK_BYTES and (secret.nil? or secret.bytesize == SECRET_BYTES or secret.bytesize == LEGACY_SECRET_BYTES)
+        if secret.nil?
+          return JOSE::JWK::KTY_OKP_Ed448.new(pk), fields.except('kty', 'crv', 'x')
+        else
+          return JOSE::JWK::KTY_OKP_Ed448.new(secret + pk), fields.except('kty', 'crv', 'x', 'd')
+        end
+      end
+    end
+    raise ArgumentError, "invalid 'OKP' crv 'Ed448' JWK"
+  end
+
+  def to_key
+    return okp
+  end
+
+  def to_map(fields)
+    if okp.bytesize == SK_BYTES
+      secret, pk = okp[0, SECRET_BYTES], okp[SECRET_BYTES, SK_BYTES]
+      return fields.
+        put('crv', 'Ed448').
+        put('d',   JOSE.urlsafe_encode64(secret)).
+        put('kty', 'OKP').
+        put('x',   JOSE.urlsafe_encode64(pk))
+    elsif okp.bytesize == LEGACY_SK_BYTES
+      secret, pk = okp[0, LEGACY_SECRET_BYTES], okp[LEGACY_SECRET_BYTES, LEGACY_SK_BYTES]
+      return fields.
+        put('crv', 'Ed448').
+        put('d',   JOSE.urlsafe_encode64(secret)).
+        put('kty', 'OKP').
+        put('x',   JOSE.urlsafe_encode64(pk))
+    else
+      pk = okp
+      return fields.
+        put('crv', 'Ed448').
+        put('kty', 'OKP').
+        put('x',   JOSE.urlsafe_encode64(pk))
+    end
+  end
+
+  def to_public_map(fields)
+    return to_map(fields).except('d')
+  end
+
+  def to_thumbprint_map(fields)
+    return to_public_map(fields).slice('crv', 'kty', 'x')
+  end
+
+  # JOSE::JWK::KTY callbacks
+
+  def self.generate_key(okp_params)
+    secret = nil
+    if okp_params.is_a?(Array) and (okp_params.length == 2 or okp_params.length == 3) and okp_params[0] == :okp and okp_params[1] == :Ed448
+      secret = okp_params[2] if okp_params.length == 3
+    elsif okp_params.is_a?(String)
+      secret = okp_params
+    end
+    if secret.nil? or (secret.is_a?(String) and (secret.bytesize == SECRET_BYTES or secret.bytesize == LEGACY_SECRET_BYTES))
+      return from_okp([:Ed448, JOSE::JWA::Curve448.ed448_keypair(secret)[1]])
+    else
+      raise ArgumentError, "'secret' must be nil or a String of #{SECRET_BYTES} bytes"
+    end
+  end
+
+  def generate_key(fields)
+    kty, other_fields = JOSE::JWK::KTY_OKP_Ed448.generate_key([:okp, :Ed448])
+    return kty, fields.delete('kid').merge(other_fields)
+  end
+
+  def key_encryptor(fields, key)
+    return JOSE::JWK::KTY.key_encryptor(self, fields, key)
+  end
+
+  def sign(message, digest_type)
+    raise ArgumentError, "'digest_type' must be :Ed448" if digest_type != :Ed448
+    raise NotImplementedError, "Ed448 public key cannot be used for signing" if okp.bytesize != SK_BYTES and okp.bytesize != LEGACY_SK_BYTES
+    return JOSE::JWA::Curve448.ed448_sign(message, okp)
+  end
+
+  def signer(fields = nil, plain_text = nil)
+    return JOSE::Map['alg' => 'Ed448']
+  end
+
+  def verify(message, digest_type, signature)
+    raise ArgumentError, "'digest_type' must be :Ed448" if digest_type != :Ed448
+    pk = okp
+    pk = JOSE::JWA::Curve448.ed448_secret_to_public(okp) if okp.bytesize == SK_BYTES or okp.bytesize == LEGACY_SK_BYTES
+    return JOSE::JWA::Curve448.ed448_verify(signature, message, pk)
+  end
+
+  # API functions
+
+  def self.from_okp(okp)
+    if okp.is_a?(Array) and okp.length == 2 and okp[0] == :Ed448 and okp[1].is_a?(String) and (okp[1].bytesize == PK_BYTES or okp[1].bytesize == SK_BYTES or okp[1].bytesize == LEGACY_SK_BYTES)
+      return JOSE::JWK::KTY_OKP_Ed448.new(okp[1]), JOSE::Map[]
+    else
+      raise ArgumentError, "'okp' must be an Array in the form of [:Ed448, String]"
+    end
+  end
+
+  def to_okp
+    return [:Ed448, okp]
+  end
+
+end

data/lib/jose/jwk/kty_okp_ed448ph.rb

@@ -0,0 +1,121 @@
+class JOSE::JWK::KTY_OKP_Ed448ph < Struct.new(:okp)
+
+  SECRET_BYTES = 57
+  LEGACY_SECRET_BYTES = 32
+  PK_BYTES = 57
+  SK_BYTES = SECRET_BYTES + PK_BYTES
+  LEGACY_SK_BYTES = LEGACY_SECRET_BYTES + PK_BYTES
+
+  # JOSE::JWK callbacks
+
+  def self.from_map(fields)
+    if fields['kty'] == 'OKP' and fields['crv'] == 'Ed448ph' and fields['x'].is_a?(String)
+      pk = JOSE.urlsafe_decode64(fields['x'])
+      secret = nil
+      if fields['d'].is_a?(String)
+        secret = JOSE.urlsafe_decode64(fields['d'])
+      end
+      if pk.bytesize == PK_BYTES and (secret.nil? or secret.bytesize == SECRET_BYTES or secret.bytesize == LEGACY_SECRET_BYTES)
+        if secret.nil?
+          return JOSE::JWK::KTY_OKP_Ed448ph.new(pk), fields.except('kty', 'crv', 'x')
+        else
+          return JOSE::JWK::KTY_OKP_Ed448ph.new(secret + pk), fields.except('kty', 'crv', 'x', 'd')
+        end
+      end
+    end
+    raise ArgumentError, "invalid 'OKP' crv 'Ed448ph' JWK"
+  end
+
+  def to_key
+    return okp
+  end
+
+  def to_map(fields)
+    if okp.bytesize == SK_BYTES
+      secret, pk = okp[0, SECRET_BYTES], okp[SECRET_BYTES, SK_BYTES]
+      return fields.
+        put('crv', 'Ed448ph').
+        put('d',   JOSE.urlsafe_encode64(secret)).
+        put('kty', 'OKP').
+        put('x',   JOSE.urlsafe_encode64(pk))
+    elsif okp.bytesize == LEGACY_SK_BYTES
+      secret, pk = okp[0, LEGACY_SECRET_BYTES], okp[LEGACY_SECRET_BYTES, LEGACY_SK_BYTES]
+      return fields.
+        put('crv', 'Ed448ph').
+        put('d',   JOSE.urlsafe_encode64(secret)).
+        put('kty', 'OKP').
+        put('x',   JOSE.urlsafe_encode64(pk))
+    else
+      pk = okp
+      return fields.
+        put('crv', 'Ed448ph').
+        put('kty', 'OKP').
+        put('x',   JOSE.urlsafe_encode64(pk))
+    end
+  end
+
+  def to_public_map(fields)
+    return to_map(fields).except('d')
+  end
+
+  def to_thumbprint_map(fields)
+    return to_public_map(fields).slice('crv', 'kty', 'x')
+  end
+
+  # JOSE::JWK::KTY callbacks
+
+  def self.generate_key(okp_params)
+    secret = nil
+    if okp_params.is_a?(Array) and (okp_params.length == 2 or okp_params.length == 3) and okp_params[0] == :okp and okp_params[1] == :Ed448ph
+      secret = okp_params[2] if okp_params.length == 3
+    elsif okp_params.is_a?(String)
+      secret = okp_params
+    end
+    if secret.nil? or (secret.is_a?(String) and (secret.bytesize == SECRET_BYTES or secret.bytesize == LEGACY_SECRET_BYTES))
+      return from_okp([:Ed448ph, JOSE::JWA::Curve448.ed448ph_keypair(secret)[1]])
+    else
+      raise ArgumentError, "'secret' must be nil or a String of #{SECRET_BYTES} bytes"
+    end
+  end
+
+  def generate_key(fields)
+    kty, other_fields = JOSE::JWK::KTY_OKP_Ed448ph.generate_key([:okp, :Ed448ph])
+    return kty, fields.delete('kid').merge(other_fields)
+  end
+
+  def key_encryptor(fields, key)
+    return JOSE::JWK::KTY.key_encryptor(self, fields, key)
+  end
+
+  def sign(message, digest_type)
+    raise ArgumentError, "'digest_type' must be :Ed448ph" if digest_type != :Ed448ph
+    raise NotImplementedError, "Ed448ph public key cannot be used for signing" if okp.bytesize != SK_BYTES and okp.bytesize != LEGACY_SK_BYTES
+    return JOSE::JWA::Curve448.ed448ph_sign(message, okp)
+  end
+
+  def signer(fields = nil, plain_text = nil)
+    return JOSE::Map['alg' => 'Ed448ph']
+  end
+
+  def verify(message, digest_type, signature)
+    raise ArgumentError, "'digest_type' must be :Ed448ph" if digest_type != :Ed448ph
+    pk = okp
+    pk = JOSE::JWA::Curve448.ed448ph_secret_to_public(okp) if okp.bytesize == SK_BYTES or okp.bytesize == LEGACY_SK_BYTES
+    return JOSE::JWA::Curve448.ed448ph_verify(signature, message, pk)
+  end
+
+  # API functions
+
+  def self.from_okp(okp)
+    if okp.is_a?(Array) and okp.length == 2 and okp[0] == :Ed448ph and okp[1].is_a?(String) and (okp[1].bytesize == PK_BYTES or okp[1].bytesize == SK_BYTES or okp[1].bytesize == LEGACY_SK_BYTES)
+      return JOSE::JWK::KTY_OKP_Ed448ph.new(okp[1]), JOSE::Map[]
+    else
+      raise ArgumentError, "'okp' must be an Array in the form of [:Ed448ph, String]"
+    end
+  end
+
+  def to_okp
+    return [:Ed448ph, okp]
+  end
+
+end