jose 1.1.2 → 1.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: aa018b696c9f264acc7691bb2ae92a7e48ec95e7
-  data.tar.gz: c07468825b96248e7e15376711e573913f0d33ce
+SHA256:
+  metadata.gz: bfd5ea4addb2127fc84ce5fe41ba48895c8906a1a1252dae1731c05cf530fcdd
+  data.tar.gz: 12051ba779da5cbc36666f1d2b1b8df8b6a781e03878afebacdd17456012e6bd
 SHA512:
-  metadata.gz: 41a28230b46f5e9ea6ef56c7c8bdc2f353f7472f18faea6923d39326eb8d87f77a3ae247d22181ef5a4babe550cab1db31361e657d066959e8629a6df87c8e6d
-  data.tar.gz: 00c55722c8dc85d65c53a7628abdd9baa4c536d409249dd5de4487a7b3d8e34254035151526cbedf520809401153604f7c301705274d70d02fbc05fe1665a4e2
+  metadata.gz: 300be47e599d8fc493c955bca536d33aca2ce92d28f7088985f916e70bea4dbdf1d8d3e45e34a1d2fb2adda6103915bba7b76f8c072553e1dc209e9e790f93e2
+  data.tar.gz: c1e31e5479b471a86203d048b2a2efe9fb67f14941be4409a91438b74dc87cce6d075f7d2164c8a991e0d0af0477a3790211fc3a53fbb2a207cd6cd23f4f49f2

data/.ruby-version

@@ -1 +1 @@
-2.3.1
+2.5.1

data/.travis.yml

@@ -9,10 +9,10 @@ env:
     - RUBYOPT="-W0"
 
 rvm:
-  - 2.3.1
+  - 2.5.1
 
 notifications:
   email: false
 
 before_install:
-  - "gem install bundler -v 1.12.2"
+  - "gem install bundler -v 1.16.4"

data/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## 1.1.3 (2018-09-20)
+
+* Enhancements
+  * Add support for [crypto-rb/ed25519](https://github.com/crypto-rb/ed25519) and [crypto-rb/x25519](https://github.com/crypto-rb/x25519) for curve25519 operations.
+
+* Fixes
+  * Support for Ruby 2.5.x RSA keys (thanks to [@waynerobinson](https://github.com/waynerobinson) see [#7](https://github.com/potatosalad/ruby-jose/pull/7))
+
 ## 1.1.2 (2016-07-07)
 
 * Enhancements

data/Gemfile

@@ -12,7 +12,7 @@ end
 group :test do
   gem 'minitest-focus', require: false
   gem 'minitest-perf', require: false
-  gem 'rantly', github: 'abargnesi/rantly', ref: '4d219ea3eb340a5153a43d051b2e22ccb2bce274', require: false
+  gem 'rantly', github: 'abargnesi/rantly', ref: '2875f63bfc695d270ecb574c56d1a7d8f6af0153', require: false
   gem 'simplecov', require: false
   if ENV['CI']
     gem 'coveralls', require: false

data/jose.gemspec

@@ -7,7 +7,7 @@ Gem::Specification.new do |spec|
   spec.name          = "jose"
   spec.version       = JOSE::VERSION
   spec.authors       = ["Andrew Bennett"]
-  spec.email         = ["andrew@pixid.com"]
+  spec.email         = ["potatosaladx@gmail.com"]
 
   spec.summary       = %q{JSON Object Signing and Encryption}
   spec.description   = %q{JSON Object Signing and Encryption}
@@ -29,9 +29,11 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency "hamster"
 
-  spec.add_development_dependency "bundler", "~> 1.12"
-  spec.add_development_dependency "rake", "~> 11.1"
+  spec.add_development_dependency "bundler", "~> 1.16"
+  spec.add_development_dependency "rake", "~> 12.3"
   spec.add_development_dependency "minitest"
   spec.add_development_dependency "json"
   spec.add_development_dependency "rbnacl-libsodium"
+  spec.add_development_dependency "ed25519"
+  spec.add_development_dependency "x25519"
 end

data/lib/jose.rb

@@ -6,6 +6,7 @@ require 'json'
 require 'openssl'
 require 'securerandom'
 require 'thread'
+require 'zlib'
 
 # JOSE stands for JSON Object Signing and Encryption which is a is a set of
 # standards established by the [JOSE Working Group](https://datatracker.ietf.org/wg/jose).

data/lib/jose/jwa/curve25519.rb

@@ -94,10 +94,13 @@ private
 end
 
 require 'jose/jwa/ed25519'
+require 'jose/jwa/ed25519_cryptorb'
 require 'jose/jwa/ed25519_rbnacl'
 require 'jose/jwa/x25519'
+require 'jose/jwa/x25519_cryptorb'
 require 'jose/jwa/x25519_rbnacl'
 
 require 'jose/jwa/curve25519_unsupported'
 require 'jose/jwa/curve25519_ruby'
+require 'jose/jwa/curve25519_cryptorb'
 require 'jose/jwa/curve25519_rbnacl'

data/lib/jose/jwa/curve25519_cryptorb.rb

@@ -0,0 +1,67 @@
+module JOSE::JWA::Curve25519_CryptoRb
+
+  extend self
+
+  def __ruby__?; false; end
+
+  def __supported__?
+    return @supported ||= begin
+      begin
+        require 'ed25519'
+      rescue LoadError
+      end
+      begin
+        require 'x25519'
+      rescue LoadError
+      end
+      !!(defined?(Ed25519::SigningKey) and defined?(X25519::Scalar))
+    end
+  end
+
+  def ed25519_keypair(secret = nil)
+    return JOSE::JWA::Ed25519_CryptoRb.keypair(secret)
+  end
+
+  def ed25519_secret_to_public(sk)
+    return JOSE::JWA::Ed25519_CryptoRb.sk_to_pk(sk)
+  end
+
+  def ed25519_sign(m, sk)
+    return JOSE::JWA::Ed25519_CryptoRb.sign(m, sk)
+  end
+
+  def ed25519_verify(sig, m, pk)
+    return JOSE::JWA::Ed25519_CryptoRb.verify(sig, m, pk)
+  end
+
+  def ed25519ph_keypair(secret = nil)
+    return JOSE::JWA::Ed25519_CryptoRb.keypair(secret)
+  end
+
+  def ed25519ph_secret_to_public(sk)
+    return JOSE::JWA::Ed25519_CryptoRb.sk_to_pk(sk)
+  end
+
+  def ed25519ph_sign(m, sk)
+    return JOSE::JWA::Ed25519_CryptoRb.sign_ph(m, sk)
+  end
+
+  def ed25519ph_verify(sig, m, pk)
+    return JOSE::JWA::Ed25519_CryptoRb.verify_ph(sig, m, pk)
+  end
+
+  def x25519_keypair(secret = nil)
+    return JOSE::JWA::X25519_CryptoRb.keypair(secret)
+  end
+
+  def x25519_secret_to_public(sk)
+    return JOSE::JWA::X25519_CryptoRb.sk_to_pk(sk)
+  end
+
+  def x25519_shared_secret(pk, sk)
+    return JOSE::JWA::X25519_CryptoRb.shared_secret(pk, sk)
+  end
+
+end
+
+JOSE::JWA::Curve25519.__register__(JOSE::JWA::Curve25519_CryptoRb)

data/lib/jose/jwa/ed25519.rb

@@ -114,4 +114,79 @@ module JOSE::JWA::Ed25519
     return verify(sig, Digest::SHA512.digest(m), pk)
   end
 
+  def coerce_publickey_bytes!(publickey)
+    raise ArgumentError, "publickey size must be #{C_publickeybytes} bytes" if not valid_publickey?(publickey)
+    publickey = publickey.to_bytes(C_bits) if publickey.is_a?(JOSE::JWA::FieldElement)
+    publickey = publickey.to_bn if not publickey.is_a?(OpenSSL::BN) and publickey.respond_to?(:to_bn)
+    publickey = publickey.to_s(2).rjust(C_bytes, JOSE::JWA::ZERO_PAD).reverse if publickey.is_a?(OpenSSL::BN)
+    return publickey
+  end
+
+  def coerce_secret_bytes!(secret)
+    raise ArgumentError, "secret size must be #{C_secretbytes} bytes" if not valid_secret?(secret)
+    secret = secret.to_bytes(C_bits) if secret.is_a?(JOSE::JWA::FieldElement)
+    secret = secret.to_bn if not secret.is_a?(OpenSSL::BN) and secret.respond_to?(:to_bn)
+    secret = secret.to_s(2).rjust(C_bytes, JOSE::JWA::ZERO_PAD).reverse if secret.is_a?(OpenSSL::BN)
+    return secret
+  end
+
+  def coerce_secretkey_bytes!(secretkey)
+    raise ArgumentError, "secretkey size must be #{C_secretkeybytes} bytes" if not valid_secretkey?(secretkey)
+    secretkey = secretkey.to_bytes(C_secretkeybytes * 8) if secretkey.is_a?(JOSE::JWA::FieldElement)
+    secretkey = secretkey.to_bn if not secretkey.is_a?(OpenSSL::BN) and secretkey.respond_to?(:to_bn)
+    secretkey = secretkey.to_s(2).rjust(C_secretkeybytes, JOSE::JWA::ZERO_PAD).reverse if secretkey.is_a?(OpenSSL::BN)
+    return secretkey
+  end
+
+  def valid_publickey?(publickey)
+    return true if publickey.is_a?(JOSE::JWA::FieldElement) and publickey.p == C_p
+    if not publickey.is_a?(OpenSSL::BN) and publickey.respond_to?(:to_bn)
+      publickey = publickey.to_bn
+    end
+    pkbytes = 0
+    if publickey.is_a?(OpenSSL::BN)
+      if publickey.num_bytes > C_publickeybytes
+        pkbytes = publickey.num_bytes
+      else
+        pkbytes = C_publickeybytes
+      end
+    end
+    pkbytes = publickey.bytesize if publickey.respond_to?(:bytesize)
+    return !!(pkbytes == C_publickeybytes)
+  end
+
+  def valid_secret?(secret)
+    return true if secret.is_a?(JOSE::JWA::FieldElement) and secret.p == C_p
+    if not secret.is_a?(OpenSSL::BN) and secret.respond_to?(:to_bn)
+      secret = secret.to_bn
+    end
+    seedbytes = 0
+    if secret.is_a?(OpenSSL::BN)
+      if secret.num_bytes > C_secretbytes
+        seedbytes = secret.num_bytes
+      else
+        seedbytes = C_secretbytes
+      end
+    end
+    seedbytes = secret.bytesize if secret.respond_to?(:bytesize)
+    return !!(seedbytes == C_secretbytes)
+  end
+
+  def valid_secretkey?(secretkey)
+    return true if secretkey.is_a?(JOSE::JWA::FieldElement) and secretkey.p == C_p
+    if not secretkey.is_a?(OpenSSL::BN) and secretkey.respond_to?(:to_bn)
+      secretkey = secretkey.to_bn
+    end
+    skbytes = 0
+    if secretkey.is_a?(OpenSSL::BN)
+      if secretkey.num_bytes > C_secretkeybytes
+        skbytes = secretkey.num_bytes
+      else
+        skbytes = C_secretkeybytes
+      end
+    end
+    skbytes = secretkey.bytesize if secretkey.respond_to?(:bytesize)
+    return !!(skbytes == C_secretkeybytes)
+  end
+
 end

data/lib/jose/jwa/ed25519_cryptorb.rb

@@ -0,0 +1,55 @@
+module JOSE::JWA::Ed25519_CryptoRb
+
+  extend self
+
+  def keypair(secret = nil)
+    secret ||= Ed25519::SigningKey.generate()
+    sk = coerce_signing_key!(secret)
+    pk = sk.verify_key()
+    return pk.to_bytes(), sk.keypair()
+  end
+
+  def sk_to_pk(sk)
+    return sk[Ed25519::KEY_SIZE..-1]
+  end
+
+  def sign(m, sk)
+    signing_key = coerce_signing_key!(sk)
+    return signing_key.sign(m)
+  end
+
+  def sign_ph(m, sk)
+    return sign(Digest::SHA512.digest(m), sk)
+  end
+
+  def verify(sig, m, pk)
+    return Ed25519::VerifyKey.new(pk).verify(sig, m)
+  end
+
+  def verify_ph(sig, m, pk)
+    return verify(sig, Digest::SHA512.digest(m), pk)
+  end
+
+  def coerce_signing_key!(sk)
+    return sk if sk.is_a?(Ed25519::SigningKey)
+    sk =
+      if not sk.respond_to?(:bytesize)
+        begin
+          JOSE::JWA::Ed25519.coerce_secret_bytes!(sk)
+        rescue ArgumentError
+          JOSE::JWA::Ed25519.coerce_secretkey_bytes!(sk)
+        end
+      else
+        sk
+      end
+    return Ed25519::SigningKey.from_keypair(sk) if sk.bytesize === JOSE::JWA::Ed25519::C_secretkeybytes
+    return Ed25519::SigningKey.new(sk)
+  end
+
+  def coerce_verify_key!(pk)
+    return pk if pk.is_a?(Ed25519::VerifyKey)
+    pk = JOSE::JWA::Ed25519.coerce_publickey_bytes!(pk) if not pk.respond_to?(:bytesize)
+    return Ed25519::VerifyKey.new(pk)
+  end
+
+end

data/lib/jose/jwa/x25519_cryptorb.rb

@@ -0,0 +1,47 @@
+module JOSE::JWA::X25519_CryptoRb
+
+  extend self
+
+  def curve25519(k, u)
+    k = coerce_scalar!(k)
+    u = coerce_montgomery_u!(u)
+    return k.diffie_hellman(u)
+  end
+
+  def x25519(sk, pk)
+    return curve25519(sk, pk).to_bytes()
+  end
+
+  def x25519_base(sk)
+    scalar = coerce_scalar!(sk)
+    return scalar.public_key.to_bytes()
+  end
+
+  def keypair(sk = nil)
+    sk ||= X25519::Scalar.generate()
+    scalar = coerce_scalar!(sk)
+    pk = sk_to_pk(scalar)
+    return pk, scalar.to_bytes()
+  end
+
+  def shared_secret(pk, sk)
+    return x25519(sk, pk)
+  end
+
+  def sk_to_pk(sk)
+    return x25519_base(sk)
+  end
+
+  def coerce_montgomery_u!(pk)
+    return pk if pk.is_a?(X25519::MontgomeryU)
+    pk = JOSE::JWA::X25519.coerce_coordinate_bytes!(u) if not pk.respond_to?(:bytesize)
+    return X25519::MontgomeryU.new(pk)
+  end
+
+  def coerce_scalar!(sk)
+    return sk if sk.is_a?(X25519::Scalar)
+    sk = JOSE::JWA::X25519.coerce_scalar_bytes!(sk) if not sk.respond_to?(:bytesize)
+    return X25519::Scalar.new(sk)
+  end
+
+end

data/lib/jose/jwk/kty_rsa.rb

@@ -9,14 +9,20 @@ class JOSE::JWK::KTY_RSA < Struct.new(:key)
       elsif fields['d'].is_a?(String)
         if fields['dp'].is_a?(String) and fields['dq'].is_a?(String) and fields['p'].is_a?(String) and fields['q'].is_a?(String) and fields['qi'].is_a?(String)
           rsa      = OpenSSL::PKey::RSA.new
-          rsa.d    = OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['d']), 2)
-          rsa.dmp1 = OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['dp']), 2)
-          rsa.dmq1 = OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['dq']), 2)
-          rsa.e    = OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['e']), 2)
-          rsa.n    = OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['n']), 2)
-          rsa.p    = OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['p']), 2)
-          rsa.q    = OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['q']), 2)
-          rsa.iqmp = OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['qi']), 2)
+          rsa.set_key(
+            OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['n']), 2),
+            OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['e']), 2),
+            OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['d']), 2)
+          )
+          rsa.set_factors(
+            OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['p']), 2),
+            OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['q']), 2)
+          )
+          rsa.set_crt_params(
+            OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['dp']), 2),
+            OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['dq']), 2),
+            OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['qi']), 2)
+          )
           return JOSE::JWK::KTY_RSA.new(JOSE::JWK::PKeyProxy.new(rsa)), fields.except('kty', 'd', 'dp', 'dq', 'e', 'n', 'p', 'q', 'qi')
         else
           d   = OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['d']), 2)
@@ -27,8 +33,11 @@ class JOSE::JWK::KTY_RSA < Struct.new(:key)
         end
       else
         rsa   = OpenSSL::PKey::RSA.new
-        rsa.e = OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['e']), 2)
-        rsa.n = OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['n']), 2)
+        rsa.set_key(
+          OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['n']), 2),
+          OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['e']), 2),
+          nil
+        )
         return JOSE::JWK::KTY_RSA.new(JOSE::JWK::PKeyProxy.new(rsa)), fields.except('kty', 'e', 'n')
       end
     else
@@ -220,15 +229,12 @@ private
     dp = d % (p - 1)
     dq = d % (q - 1)
     qi = q.mod_inverse(p)
-    rsa      = OpenSSL::PKey::RSA.new
-    rsa.d    = d
-    rsa.dmp1 = dp
-    rsa.dmq1 = dq
-    rsa.e    = e
-    rsa.n    = n
-    rsa.p    = p
-    rsa.q    = q
-    rsa.iqmp = qi
+
+    rsa = OpenSSL::PKey::RSA.new
+    rsa.set_key(n, e, d)
+    rsa.set_factors(p, q)
+    rsa.set_crt_params(dp, dq, qi)
+
     return rsa
   end
 

data/lib/jose/version.rb

@@ -1,3 +1,3 @@
 module JOSE
-  VERSION = "1.1.2"
+  VERSION = "1.1.3"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jose
 version: !ruby/object:Gem::Version
-  version: 1.1.2
+  version: 1.1.3
 platform: ruby
 authors:
 - Andrew Bennett
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-07-08 00:00:00.000000000 Z
+date: 2018-09-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: hamster
@@ -30,28 +30,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.12'
+        version: '1.16'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.12'
+        version: '1.16'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '11.1'
+        version: '12.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '11.1'
+        version: '12.3'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -94,9 +94,37 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: ed25519
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: x25519
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: JSON Object Signing and Encryption
 email:
-- andrew@pixid.com
+- potatosaladx@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -125,6 +153,7 @@ files:
 - lib/jose/jwa/aes_kw.rb
 - lib/jose/jwa/concat_kdf.rb
 - lib/jose/jwa/curve25519.rb
+- lib/jose/jwa/curve25519_cryptorb.rb
 - lib/jose/jwa/curve25519_rbnacl.rb
 - lib/jose/jwa/curve25519_ruby.rb
 - lib/jose/jwa/curve25519_unsupported.rb
@@ -132,6 +161,7 @@ files:
 - lib/jose/jwa/curve448_ruby.rb
 - lib/jose/jwa/curve448_unsupported.rb
 - lib/jose/jwa/ed25519.rb
+- lib/jose/jwa/ed25519_cryptorb.rb
 - lib/jose/jwa/ed25519_rbnacl.rb
 - lib/jose/jwa/ed448.rb
 - lib/jose/jwa/edwards_point.rb
@@ -140,6 +170,7 @@ files:
 - lib/jose/jwa/pkcs7.rb
 - lib/jose/jwa/sha3.rb
 - lib/jose/jwa/x25519.rb
+- lib/jose/jwa/x25519_cryptorb.rb
 - lib/jose/jwa/x25519_rbnacl.rb
 - lib/jose/jwa/x448.rb
 - lib/jose/jwe.rb
@@ -200,9 +231,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: JSON Object Signing and Encryption
 test_files: []
-has_rdoc: