jose 0.1.0 → 0.2.0

data/lib/jose/jwk/kty_okp_x25519.rb

@@ -0,0 +1,120 @@
+class JOSE::JWK::KTY_OKP_X25519 < Struct.new(:okp)
+
+  SECRET_BYTES = 32
+  PK_BYTES = 32
+  SK_BYTES = SECRET_BYTES + PK_BYTES
+
+  # JOSE::JWK callbacks
+
+  def self.from_map(fields)
+    if fields['kty'] == 'OKP' and fields['crv'] == 'X25519' and fields['x'].is_a?(String)
+      pk = JOSE.urlsafe_decode64(fields['x'])
+      secret = nil
+      if fields['d'].is_a?(String)
+        secret = JOSE.urlsafe_decode64(fields['d'])
+      end
+      if pk.bytesize == PK_BYTES and (secret.nil? or secret.bytesize == SECRET_BYTES)
+        if secret.nil?
+          return JOSE::JWK::KTY_OKP_X25519.new(pk), fields.except('kty', 'crv', 'x')
+        else
+          return JOSE::JWK::KTY_OKP_X25519.new(secret + pk), fields.except('kty', 'crv', 'x', 'd')
+        end
+      end
+    end
+    raise ArgumentError, "invalid 'OKP' crv 'X25519' JWK"
+  end
+
+  def to_key
+    return okp
+  end
+
+  def to_map(fields)
+    if okp.bytesize == SK_BYTES
+      secret, pk = okp[0, SECRET_BYTES], okp[SECRET_BYTES, SK_BYTES]
+      return fields.
+        put('crv', 'X25519').
+        put('d',   JOSE.urlsafe_encode64(secret)).
+        put('kty', 'OKP').
+        put('x',   JOSE.urlsafe_encode64(pk))
+    else
+      pk = okp
+      return fields.
+        put('crv', 'X25519').
+        put('kty', 'OKP').
+        put('x',   JOSE.urlsafe_encode64(pk))
+    end
+  end
+
+  def to_public_map(fields)
+    return to_map(fields).except('d')
+  end
+
+  def to_thumbprint_map(fields)
+    return to_public_map(fields).slice('crv', 'kty', 'x')
+  end
+
+  # JOSE::JWK::KTY callbacks
+
+  def block_encryptor(fields, plain_text)
+    return JOSE::Map[
+      'alg' => 'ECDH-ES',
+      'enc' => 'A128GCM'
+    ]
+  end
+
+  def derive_key(my_sk)
+    if my_sk.is_a?(JOSE::JWK) and my_sk.respond_to?(:to_okp)
+      my_sk_type, my_sk = my_sk.to_okp
+      raise ArgumentError, "derive_key requires a secret key of type :X25519 as an argument" if my_sk_type != :X25519
+    end
+    if my_sk.is_a?(String) and (my_sk.bytesize == SK_BYTES or my_sk.bytesize == SECRET_BYTES)
+      my_secret = my_sk
+      my_secret = my_sk[0, SECRET_BYTES] if my_sk.bytesize == SK_BYTES
+      your_pk = okp
+      your_pk = okp[SECRET_BYTES, SK_BYTES] if okp.bytesize == SK_BYTES
+      return JOSE::JWA::Curve25519.x25519_shared_secret(your_pk, my_secret)
+    else
+      raise ArgumentError, "derive_key requires a secret key as an argument"
+    end
+  end
+
+  def self.generate_key(okp_params)
+    secret = nil
+    if okp_params.is_a?(Array) and (okp_params.length == 2 or okp_params.length == 3) and okp_params[0] == :okp and okp_params[1] == :X25519
+      secret = okp_params[2] if okp_params.length == 3
+    elsif okp_params.is_a?(String)
+      secret = okp_params
+    end
+    if secret.nil? or (secret.is_a?(String) and secret.bytesize == SECRET_BYTES)
+      pk, secret = JOSE::JWA::Curve25519.x25519_keypair(secret)
+      sk = secret + pk
+      return from_okp([:X25519, sk])
+    else
+      raise ArgumentError, "'secret' must be nil or a String of #{SECRET_BYTES} bytes"
+    end
+  end
+
+  def generate_key(fields)
+    kty, other_fields = JOSE::JWK::KTY_OKP_X25519.generate_key([:okp, :X25519])
+    return kty, fields.delete('kid').merge(other_fields)
+  end
+
+  def key_encryptor(fields, key)
+    return JOSE::JWK::KTY.key_encryptor(self, fields, key)
+  end
+
+  # API functions
+
+  def self.from_okp(okp)
+    if okp.is_a?(Array) and okp.length == 2 and okp[0] == :X25519 and okp[1].is_a?(String) and (okp[1].bytesize == PK_BYTES or okp[1].bytesize == SK_BYTES)
+      return JOSE::JWK::KTY_OKP_X25519.new(okp[1]), JOSE::Map[]
+    else
+      raise ArgumentError, "'okp' must be an Array in the form of [:X25519, String]"
+    end
+  end
+
+  def to_okp
+    return [:X25519, okp]
+  end
+
+end

data/lib/jose/jwk/kty_okp_x448.rb

@@ -0,0 +1,120 @@
+class JOSE::JWK::KTY_OKP_X448 < Struct.new(:okp)
+
+  SECRET_BYTES = 56
+  PK_BYTES = 56
+  SK_BYTES = SECRET_BYTES + PK_BYTES
+
+  # JOSE::JWK callbacks
+
+  def self.from_map(fields)
+    if fields['kty'] == 'OKP' and fields['crv'] == 'X448' and fields['x'].is_a?(String)
+      pk = JOSE.urlsafe_decode64(fields['x'])
+      secret = nil
+      if fields['d'].is_a?(String)
+        secret = JOSE.urlsafe_decode64(fields['d'])
+      end
+      if pk.bytesize == PK_BYTES and (secret.nil? or secret.bytesize == SECRET_BYTES)
+        if secret.nil?
+          return JOSE::JWK::KTY_OKP_X448.new(pk), fields.except('kty', 'crv', 'x')
+        else
+          return JOSE::JWK::KTY_OKP_X448.new(secret + pk), fields.except('kty', 'crv', 'x', 'd')
+        end
+      end
+    end
+    raise ArgumentError, "invalid 'OKP' crv 'X448' JWK"
+  end
+
+  def to_key
+    return okp
+  end
+
+  def to_map(fields)
+    if okp.bytesize == SK_BYTES
+      secret, pk = okp[0, SECRET_BYTES], okp[SECRET_BYTES, SK_BYTES]
+      return fields.
+        put('crv', 'X448').
+        put('d',   JOSE.urlsafe_encode64(secret)).
+        put('kty', 'OKP').
+        put('x',   JOSE.urlsafe_encode64(pk))
+    else
+      pk = okp
+      return fields.
+        put('crv', 'X448').
+        put('kty', 'OKP').
+        put('x',   JOSE.urlsafe_encode64(pk))
+    end
+  end
+
+  def to_public_map(fields)
+    return to_map(fields).except('d')
+  end
+
+  def to_thumbprint_map(fields)
+    return to_public_map(fields).slice('crv', 'kty', 'x')
+  end
+
+  # JOSE::JWK::KTY callbacks
+
+  def block_encryptor(fields, plain_text)
+    return JOSE::Map[
+      'alg' => 'ECDH-ES',
+      'enc' => 'A128GCM'
+    ]
+  end
+
+  def derive_key(my_sk)
+    if my_sk.is_a?(JOSE::JWK) and my_sk.respond_to?(:to_okp)
+      my_sk_type, my_sk = my_sk.to_okp
+      raise ArgumentError, "derive_key requires a secret key of type :X448 as an argument" if my_sk_type != :X448
+    end
+    if my_sk.is_a?(String) and (my_sk.bytesize == SK_BYTES or my_sk.bytesize == SECRET_BYTES)
+      my_secret = my_sk
+      my_secret = my_sk[0, SECRET_BYTES] if my_sk.bytesize == SK_BYTES
+      your_pk = okp
+      your_pk = okp[SECRET_BYTES, SK_BYTES] if okp.bytesize == SK_BYTES
+      return JOSE::JWA::Curve448.x448_shared_secret(your_pk, my_secret)
+    else
+      raise ArgumentError, "derive_key requires a secret key as an argument"
+    end
+  end
+
+  def self.generate_key(okp_params)
+    secret = nil
+    if okp_params.is_a?(Array) and (okp_params.length == 2 or okp_params.length == 3) and okp_params[0] == :okp and okp_params[1] == :X448
+      secret = okp_params[2] if okp_params.length == 3
+    elsif okp_params.is_a?(String)
+      secret = okp_params
+    end
+    if secret.nil? or (secret.is_a?(String) and secret.bytesize == SECRET_BYTES)
+      pk, secret = JOSE::JWA::Curve448.x448_keypair(secret)
+      sk = secret + pk
+      return from_okp([:X448, sk])
+    else
+      raise ArgumentError, "'secret' must be nil or a String of #{SECRET_BYTES} bytes"
+    end
+  end
+
+  def generate_key(fields)
+    kty, other_fields = JOSE::JWK::KTY_OKP_X448.generate_key([:okp, :X448])
+    return kty, fields.delete('kid').merge(other_fields)
+  end
+
+  def key_encryptor(fields, key)
+    return JOSE::JWK::KTY.key_encryptor(self, fields, key)
+  end
+
+  # API functions
+
+  def self.from_okp(okp)
+    if okp.is_a?(Array) and okp.length == 2 and okp[0] == :X448 and okp[1].is_a?(String) and (okp[1].bytesize == PK_BYTES or okp[1].bytesize == SK_BYTES)
+      return JOSE::JWK::KTY_OKP_X448.new(okp[1]), JOSE::Map[]
+    else
+      raise ArgumentError, "'okp' must be an Array in the form of [:X448, String]"
+    end
+  end
+
+  def to_okp
+    return [:X448, okp]
+  end
+
+end

data/lib/jose/jws.rb

@@ -192,6 +192,8 @@ module JOSE
 
   private
 
+    EDDSA_ALG_LIST = ['Ed25519'.freeze, 'Ed25519ph'.freeze, 'Ed448'.freeze, 'Ed448ph'.freeze].freeze
+
     def self.from_fields(jws, modules)
       if jws.fields.has_key?('b64')
         jws.b64 = jws.fields['b64']
@@ -207,6 +209,8 @@ module JOSE
           JOSE::JWS::ALG_RSA_PSS
         when jws.fields['alg'].start_with?('RS')
           JOSE::JWS::ALG_RSA_PKCS1_V1_5
+        when EDDSA_ALG_LIST.include?(jws.fields['alg'])
+          JOSE::JWS::ALG_EDDSA
         when jws.fields['alg'] == 'none'
           JOSE::JWS::ALG_none
         else

data/lib/jose/jws/alg.rb

@@ -5,6 +5,7 @@ module JOSE::JWS::ALG
 end
 
 require 'jose/jws/alg_ecdsa'
+require 'jose/jws/alg_eddsa'
 require 'jose/jws/alg_hmac'
 require 'jose/jws/alg_rsa_pkcs1_v1_5'
 require 'jose/jws/alg_rsa_pss'

data/lib/jose/jws/alg_eddsa.rb

@@ -0,0 +1,35 @@
+class JOSE::JWS::ALG_EDDSA < Struct.new(:sign_type)
+
+  # JOSE::JWS callbacks
+
+  def self.from_map(fields)
+    case fields['alg']
+    when 'Ed25519'
+      return new(:Ed25519), fields.delete('alg')
+    when 'Ed25519ph'
+      return new(:Ed25519ph), fields.delete('alg')
+    when 'Ed448'
+      return new(:Ed448), fields.delete('alg')
+    when 'Ed448ph'
+      return new(:Ed448ph), fields.delete('alg')
+    else
+      raise ArgumentError, "invalid 'alg' for JWS: #{fields['alg'].inspect}"
+    end
+  end
+
+  def to_map(fields)
+    alg = sign_type.to_s
+    return fields.put('alg', alg)
+  end
+
+  # JOSE::JWS::ALG callbacks
+
+  def sign(jwk, message)
+    return jwk.kty.sign(message, sign_type)
+  end
+
+  def verify(jwk, message, signature)
+    return jwk.kty.verify(message, sign_type, signature)
+  end
+
+end

data/lib/jose/version.rb

@@ -1,3 +1,3 @@
 module JOSE
-  VERSION = "0.1.0"
+  VERSION = "0.2.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jose
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Andrew Bennett
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2015-11-25 00:00:00.000000000 Z
+date: 2016-02-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: hamster
@@ -30,28 +30,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: '1.11'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: '1.11'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '10.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '10.5'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -80,6 +80,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rbnacl-libsodium
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: JSON Object Signing and Encryption
 email:
 - andrew@pixid.com
@@ -92,6 +106,7 @@ files:
 - ".ruby-gemset"
 - ".ruby-version"
 - ".travis.yml"
+- CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
 - LICENSE.txt
@@ -104,8 +119,24 @@ files:
 - lib/jose/jwa.rb
 - lib/jose/jwa/aes_kw.rb
 - lib/jose/jwa/concat_kdf.rb
+- lib/jose/jwa/curve25519.rb
+- lib/jose/jwa/curve25519_rbnacl.rb
+- lib/jose/jwa/curve25519_ruby.rb
+- lib/jose/jwa/curve25519_unsupported.rb
+- lib/jose/jwa/curve448.rb
+- lib/jose/jwa/curve448_ruby.rb
+- lib/jose/jwa/curve448_unsupported.rb
+- lib/jose/jwa/ed25519.rb
+- lib/jose/jwa/ed25519_rbnacl.rb
+- lib/jose/jwa/ed448.rb
+- lib/jose/jwa/edwards_point.rb
+- lib/jose/jwa/field_element.rb
 - lib/jose/jwa/pkcs1.rb
 - lib/jose/jwa/pkcs7.rb
+- lib/jose/jwa/sha3.rb
+- lib/jose/jwa/x25519.rb
+- lib/jose/jwa/x25519_rbnacl.rb
+- lib/jose/jwa/x448.rb
 - lib/jose/jwe.rb
 - lib/jose/jwe/alg.rb
 - lib/jose/jwe/alg_aes_gcm_kw.rb
@@ -123,12 +154,19 @@ files:
 - lib/jose/jwk/kty.rb
 - lib/jose/jwk/kty_ec.rb
 - lib/jose/jwk/kty_oct.rb
+- lib/jose/jwk/kty_okp_ed25519.rb
+- lib/jose/jwk/kty_okp_ed25519ph.rb
+- lib/jose/jwk/kty_okp_ed448.rb
+- lib/jose/jwk/kty_okp_ed448ph.rb
+- lib/jose/jwk/kty_okp_x25519.rb
+- lib/jose/jwk/kty_okp_x448.rb
 - lib/jose/jwk/kty_rsa.rb
 - lib/jose/jwk/pem.rb
 - lib/jose/jwk/set.rb
 - lib/jose/jws.rb
 - lib/jose/jws/alg.rb
 - lib/jose/jws/alg_ecdsa.rb
+- lib/jose/jws/alg_eddsa.rb
 - lib/jose/jws/alg_hmac.rb
 - lib/jose/jws/alg_rsa_pkcs1_v1_5.rb
 - lib/jose/jws/alg_rsa_pss.rb
@@ -154,7 +192,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5.1
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: JSON Object Signing and Encryption