RubyGems - jose - Versions diffs - 1.1.1 → 1.1.2 - Mend

jose 1.1.1 → 1.1.2

Files changed (14) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +9 -0
data/docs/SignatureAlgorithms.md +1 -0
data/lib/jose/jwa.rb +2 -0
data/lib/jose/jwe/zip_def.rb +11 -3
data/lib/jose/jwk/kty_okp_ed25519.rb +6 -6
data/lib/jose/jwk/kty_okp_ed25519ph.rb +4 -4
data/lib/jose/jwk/kty_okp_ed448.rb +6 -6
data/lib/jose/jwk/kty_okp_ed448ph.rb +6 -6
data/lib/jose/jwk/kty_rsa.rb +65 -1
data/lib/jose/jws.rb +20 -1
data/lib/jose/jws/alg_eddsa.rb +4 -1
data/lib/jose/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0d737f594b6ef3c926a323bc2c06b797ce24fc09
-  data.tar.gz: 8a4989e67d3dcbea62c84f1f60a40b41f3ca5a74
+  metadata.gz: aa018b696c9f264acc7691bb2ae92a7e48ec95e7
+  data.tar.gz: c07468825b96248e7e15376711e573913f0d33ce
 SHA512:
-  metadata.gz: 5f079c8178b435afd07a54c61e415b84ac4f9c0197b7961adde3313e460088a1b979a3d79f8308d4a64be686d5d4da7dba4af1bce38dc918c198102898717279
-  data.tar.gz: 569191e6793162f0ca29a9efa2d45fd09208f629b8e2e043ca08db21c4590f58c15aec92af220b7ad32bc2f8a3bc29819ef5efe1cdd81d2bb58bacdca8002e46
+  metadata.gz: 41a28230b46f5e9ea6ef56c7c8bdc2f353f7472f18faea6923d39326eb8d87f77a3ae247d22181ef5a4babe550cab1db31361e657d066959e8629a6df87c8e6d
+  data.tar.gz: 00c55722c8dc85d65c53a7628abdd9baa4c536d409249dd5de4487a7b3d8e34254035151526cbedf520809401153604f7c301705274d70d02fbc05fe1665a4e2

data/CHANGELOG.md CHANGED

@@ -1,5 +1,14 @@
 # Changelog
+## 1.1.2 (2016-07-07)
+* Enhancements
+  * Improved handling of RSA private keys in SMF (Straightforward Method) form to CRT (Chinese Remainder Theorem) form, see [potatosalad/erlang-jose#19](https://github.com/potatosalad/erlang-jose/issues/19)  This is especially useful for keys produced by Java programs using the `RSAPrivateKeySpec` API as mentioned in [Section 9.3 of RFC 7517](https://tools.ietf.org/html/rfc7517#section-9.3).
+  * Updated EdDSA operations to comply with draft 04 of [draft-ietf-jose-cfrg-curves-04](https://tools.ietf.org/html/draft-ietf-jose-cfrg-curves-04).
+* Fixes
+  * Fixed compression encoding bug for `{"zip":"DEF"}` operations (thanks to [@amadden734](https://github.com/amadden734) see [#3](https://github.com/potatosalad/ruby-jose/pull/3))
 ## 1.1.1 (2016-05-27)
 * Enhancements

data/docs/SignatureAlgorithms.md CHANGED

@@ -21,6 +21,7 @@ Here are the supported options for the `alg` parameter, grouped by similar funci
   - [`Ed25519ph`](http://www.rubydoc.info/gems/jose/JOSE/JWS#EdDSA-25519-group)
   - [`Ed448`](http://www.rubydoc.info/gems/jose/JOSE/JWS#EdDSA-448-group)
   - [`Ed448ph`](http://www.rubydoc.info/gems/jose/JOSE/JWS#EdDSA-448-group)
+  - [`EdDSA`](http://www.rubydoc.info/gems/jose/JOSE/JWS#EdDSA-group)
 - HMAC using SHA-2
   - [`HS256`](http://www.rubydoc.info/gems/jose/JOSE/JWS#HMACSHA2-group)
   - [`HS384`](http://www.rubydoc.info/gems/jose/JOSE/JWS#HMACSHA2-group)

data/lib/jose/jwa.rb CHANGED

@@ -104,6 +104,7 @@ module JOSE
     #     #      "Ed25519ph",
     #     #      "Ed448",
     #     #      "Ed448ph",
+    #     #      "EdDSA",
     #     #      "ES256",
     #     #      "ES384",
     #     #      "ES512",
@@ -161,6 +162,7 @@ module JOSE
         'Ed25519ph',
         'Ed448',
         'Ed448ph',
+        'EdDSA',
         'ES256',
         'ES384',
         'ES512',

data/lib/jose/jwe/zip_def.rb CHANGED

@@ -1,4 +1,4 @@
-class JOSE::JWE::ZIP_DEF
+class JOSE::JWE::ZIP_DEF < Struct.new(nil)
   # JOSE::JWE callbacks
@@ -18,11 +18,19 @@ class JOSE::JWE::ZIP_DEF
   # JOSE::JWE::ZIP callbacks
   def compress(plain_text)
-    return Zlib.deflate(plain_text)
+    zstream = Zlib::Deflate.new(nil, -Zlib::MAX_WBITS)
+    buf = zstream.deflate(plain_text, Zlib::FINISH)
+    zstream.finish
+    zstream.close
+    return buf
   end
   def uncompress(cipher_text)
-    return Zlib.inflate(cipher_text)
+    zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
+    buf = zstream.inflate(cipher_text)
+    zstream.finish
+    zstream.close
+    return buf
   end
 end

data/lib/jose/jwk/kty_okp_ed25519.rb CHANGED

@@ -78,8 +78,8 @@ class JOSE::JWK::KTY_OKP_Ed25519 < Struct.new(:okp)
     return JOSE::JWK::KTY.key_encryptor(self, fields, key)
   end
-  def sign(message, digest_type)
-    raise ArgumentError, "'digest_type' must be :Ed25519" if digest_type != :Ed25519
+  def sign(message, sign_type)
+    raise ArgumentError, "'sign_type' must be :Ed25519 or :EdDSA" if sign_type != :Ed25519 and sign_type != :EdDSA
     raise NotImplementedError, "Ed25519 public key cannot be used for signing" if okp.bytesize != SK_BYTES
     return JOSE::JWA::Curve25519.ed25519_sign(message, okp)
   end
@@ -88,7 +88,7 @@ class JOSE::JWK::KTY_OKP_Ed25519 < Struct.new(:okp)
     if okp.bytesize == SK_BYTES and fields and fields['use'] == 'sig' and not fields['alg'].nil?
       return JOSE::Map['alg' => fields['alg']]
     elsif okp.bytesize == SK_BYTES
-      return JOSE::Map['alg' => 'Ed25519']
+      return JOSE::Map['alg' => 'EdDSA']
     else
       raise ArgumentError, "signing not supported for public keys"
     end
@@ -98,12 +98,12 @@ class JOSE::JWK::KTY_OKP_Ed25519 < Struct.new(:okp)
     if fields and fields['use'] == 'sig' and not fields['alg'].nil?
       return [fields['alg']]
     else
-      return ['Ed25519']
+      return ['Ed25519', 'EdDSA']
     end
   end
-  def verify(message, digest_type, signature)
-    raise ArgumentError, "'digest_type' must be :Ed25519" if digest_type != :Ed25519
+  def verify(message, sign_type, signature)
+    raise ArgumentError, "'sign_type' must be :Ed25519 or :EdDSA" if sign_type != :Ed25519 and sign_type != :EdDSA
     pk = okp
     pk = JOSE::JWA::Curve25519.ed25519_secret_to_public(okp) if okp.bytesize == SK_BYTES
     return JOSE::JWA::Curve25519.ed25519_verify(signature, message, pk)

data/lib/jose/jwk/kty_okp_ed25519ph.rb CHANGED

@@ -79,7 +79,7 @@ class JOSE::JWK::KTY_OKP_Ed25519ph < Struct.new(:okp)
   end
   def sign(message, sign_type)
-    raise ArgumentError, "'sign_type' must be :Ed25519ph" if sign_type != :Ed25519ph
+    raise ArgumentError, "'sign_type' must be :Ed25519ph or :EdDSA" if sign_type != :Ed25519ph and sign_type != :EdDSA
     raise NotImplementedError, "Ed25519ph public key cannot be used for signing" if okp.bytesize != SK_BYTES
     return JOSE::JWA::Curve25519.ed25519ph_sign(message, okp)
   end
@@ -88,7 +88,7 @@ class JOSE::JWK::KTY_OKP_Ed25519ph < Struct.new(:okp)
     if okp.bytesize == SK_BYTES and fields and fields['use'] == 'sig' and not fields['alg'].nil?
       return JOSE::Map['alg' => fields['alg']]
     elsif okp.bytesize == SK_BYTES
-      return JOSE::Map['alg' => 'Ed25519ph']
+      return JOSE::Map['alg' => 'EdDSA']
     else
       raise ArgumentError, "signing not supported for public keys"
     end
@@ -98,12 +98,12 @@ class JOSE::JWK::KTY_OKP_Ed25519ph < Struct.new(:okp)
     if fields and fields['use'] == 'sig' and not fields['alg'].nil?
       return [fields['alg']]
     else
-      return ['Ed25519ph']
+      return ['Ed25519ph', 'EdDSA']
     end
   end
   def verify(message, sign_type, signature)
-    raise ArgumentError, "'sign_type' must be :Ed25519ph" if sign_type != :Ed25519ph
+    raise ArgumentError, "'sign_type' must be :Ed25519ph or :EdDSA" if sign_type != :Ed25519ph and sign_type != :EdDSA
     pk = okp
     pk = JOSE::JWA::Curve25519.ed25519ph_secret_to_public(okp) if okp.bytesize == SK_BYTES
     return JOSE::JWA::Curve25519.ed25519ph_verify(signature, message, pk)

data/lib/jose/jwk/kty_okp_ed448.rb CHANGED

@@ -78,8 +78,8 @@ class JOSE::JWK::KTY_OKP_Ed448 < Struct.new(:okp)
     return JOSE::JWK::KTY.key_encryptor(self, fields, key)
   end
-  def sign(message, digest_type)
-    raise ArgumentError, "'digest_type' must be :Ed448" if digest_type != :Ed448
+  def sign(message, sign_type)
+    raise ArgumentError, "'sign_type' must be :Ed448 or :EdDSA" if sign_type != :Ed448 and sign_type != :EdDSA
     raise NotImplementedError, "Ed448 public key cannot be used for signing" if okp.bytesize != SK_BYTES
     return JOSE::JWA::Curve448.ed448_sign(message, okp)
   end
@@ -88,7 +88,7 @@ class JOSE::JWK::KTY_OKP_Ed448 < Struct.new(:okp)
     if okp.bytesize == SK_BYTES and fields and fields['use'] == 'sig' and not fields['alg'].nil?
       return JOSE::Map['alg' => fields['alg']]
     elsif okp.bytesize == SK_BYTES
-      return JOSE::Map['alg' => 'Ed448']
+      return JOSE::Map['alg' => 'EdDSA']
     else
       raise ArgumentError, "signing not supported for public keys"
     end
@@ -98,12 +98,12 @@ class JOSE::JWK::KTY_OKP_Ed448 < Struct.new(:okp)
     if fields and fields['use'] == 'sig' and not fields['alg'].nil?
       return [fields['alg']]
     else
-      return ['Ed448']
+      return ['Ed448', 'EdDSA']
     end
   end
-  def verify(message, digest_type, signature)
-    raise ArgumentError, "'digest_type' must be :Ed448" if digest_type != :Ed448
+  def verify(message, sign_type, signature)
+    raise ArgumentError, "'sign_type' must be :Ed448 or :EdDSA" if sign_type != :Ed448 and sign_type != :EdDSA
     pk = okp
     pk = JOSE::JWA::Curve448.ed448_secret_to_public(okp) if okp.bytesize == SK_BYTES
     return JOSE::JWA::Curve448.ed448_verify(signature, message, pk)

data/lib/jose/jwk/kty_okp_ed448ph.rb CHANGED

@@ -78,8 +78,8 @@ class JOSE::JWK::KTY_OKP_Ed448ph < Struct.new(:okp)
     return JOSE::JWK::KTY.key_encryptor(self, fields, key)
   end
-  def sign(message, digest_type)
-    raise ArgumentError, "'digest_type' must be :Ed448ph" if digest_type != :Ed448ph
+  def sign(message, sign_type)
+    raise ArgumentError, "'sign_type' must be :Ed448ph or :EdDSA" if sign_type != :Ed448ph and sign_type != :EdDSA
     raise NotImplementedError, "Ed448ph public key cannot be used for signing" if okp.bytesize != SK_BYTES
     return JOSE::JWA::Curve448.ed448ph_sign(message, okp)
   end
@@ -88,7 +88,7 @@ class JOSE::JWK::KTY_OKP_Ed448ph < Struct.new(:okp)
     if okp.bytesize == SK_BYTES and fields and fields['use'] == 'sig' and not fields['alg'].nil?
       return JOSE::Map['alg' => fields['alg']]
     elsif okp.bytesize == SK_BYTES
-      return JOSE::Map['alg' => 'Ed448ph']
+      return JOSE::Map['alg' => 'EdDSA']
     else
       raise ArgumentError, "signing not supported for public keys"
     end
@@ -98,12 +98,12 @@ class JOSE::JWK::KTY_OKP_Ed448ph < Struct.new(:okp)
     if fields and fields['use'] == 'sig' and not fields['alg'].nil?
       return [fields['alg']]
     else
-      return ['Ed448ph']
+      return ['Ed448ph', 'EdDSA']
     end
   end
-  def verify(message, digest_type, signature)
-    raise ArgumentError, "'digest_type' must be :Ed448ph" if digest_type != :Ed448ph
+  def verify(message, sign_type, signature)
+    raise ArgumentError, "'sign_type' must be :Ed448ph or :EdDSA" if sign_type != :Ed448ph and sign_type != :EdDSA
     pk = okp
     pk = JOSE::JWA::Curve448.ed448ph_secret_to_public(okp) if okp.bytesize == SK_BYTES
     return JOSE::JWA::Curve448.ed448ph_verify(signature, message, pk)

data/lib/jose/jwk/kty_rsa.rb CHANGED

@@ -19,7 +19,11 @@ class JOSE::JWK::KTY_RSA < Struct.new(:key)
           rsa.iqmp = OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['qi']), 2)
           return JOSE::JWK::KTY_RSA.new(JOSE::JWK::PKeyProxy.new(rsa)), fields.except('kty', 'd', 'dp', 'dq', 'e', 'n', 'p', 'q', 'qi')
         else
-          raise ArgumentError, "invalid 'RSA' JWK"
+          d   = OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['d']), 2)
+          e   = OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['e']), 2)
+          n   = OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['n']), 2)
+          rsa = convert_sfm_to_crt(d, e, n)
+          return JOSE::JWK::KTY_RSA.new(JOSE::JWK::PKeyProxy.new(rsa)), fields.except('kty', 'd', 'dp', 'dq', 'e', 'n', 'p', 'q', 'qi')
         end
       else
         rsa   = OpenSSL::PKey::RSA.new
@@ -200,4 +204,64 @@ class JOSE::JWK::KTY_RSA < Struct.new(:key)
     return JOSE::JWK::PEM.to_binary(key, password)
   end
+  # Internal functions
+private
+  def self.convert_sfm_to_crt(d, e, n)
+    ktot = d * e - 1
+    t = convert_sfm_to_crt_find_t(ktot)
+    a = 2.to_bn
+    k = t
+    p = convert_sfm_to_crt_find_p(ktot, t, k, a, n, d)
+    q, = n / p
+    if q > p
+      p, q = q, p
+    end
+    dp = d % (p - 1)
+    dq = d % (q - 1)
+    qi = q.mod_inverse(p)
+    rsa      = OpenSSL::PKey::RSA.new
+    rsa.d    = d
+    rsa.dmp1 = dp
+    rsa.dmq1 = dq
+    rsa.e    = e
+    rsa.n    = n
+    rsa.p    = p
+    rsa.q    = q
+    rsa.iqmp = qi
+    return rsa
+  end
+  def self.convert_sfm_to_crt_find_t(ktot)
+    t = ktot
+    loop do
+      if t > 0 and (t % 2) == 0
+        t, = t / 2
+      else
+        break
+      end
+    end
+    return t
+  end
+  def self.convert_sfm_to_crt_find_p(ktot, t, k, a, n, d)
+    p = nil
+    loop do
+      break if not p.nil?
+      loop do
+        break if not p.nil?
+        break if k >= ktot
+        c = a.mod_exp(k, n)
+        if c != 1 and c != (n - 1) and c.mod_exp(2, n) == 1
+          p = (c + 1).gcd(n)
+        else
+          k = k * 2
+        end
+      end
+      break if not p.nil?
+      k = t
+      a = a + 2
+    end
+    return p
+  end
 end

data/lib/jose/jws.rb CHANGED

@@ -59,6 +59,7 @@ module JOSE
   #   * `"Ed25519ph"`
   #   * `"Ed448"`
   #   * `"Ed448ph"`
+  #   * `"EdDSA"`
   #   * `"ES256"`
   #   * `"ES384"`
   #   * `"ES512"`
@@ -115,6 +116,18 @@ module JOSE
   #     JOSE::JWS.verify(jwk_ed448ph, signed_ed448ph).first
   #     # => true
   #
+  # ### <a name="EdDSA-group">EdDSA</a>
+  #
+  #     # EdDSA works with Ed25519, Ed25519ph, Ed448, and Ed448ph keys.
+  #     # However, it defaults to Ed25519 for key generation.
+  #     jwk_eddsa = JOSE::JWS.generate_key({ "alg" => "EdDSA" })
+  #
+  #     # EdDSA
+  #     signed_eddsa = JOSE::JWS.sign(jwk_eddsa, "{}", { "alg" => "EdDSA" }).compact
+  #     # => "eyJhbGciOiJFZERTQSJ9.e30.rhb5ZY7MllNbW9q-SCn_NglhYtaRGMXEUDj6BvJjltOt19tEI_1wFrVK__jL91i9hO7WtVqRH_OfHiilnO1CAQ"
+  #     JOSE::JWS.verify(jwk_eddsa, signed_eddsa).first
+  #     # => true
+  #
   # ### <a name="ECDSA-group">ES256, ES384, and ES512</a>
   #
   #     !!!ruby
@@ -681,7 +694,13 @@ module JOSE
   private
-    EDDSA_ALG_LIST = ['Ed25519'.freeze, 'Ed25519ph'.freeze, 'Ed448'.freeze, 'Ed448ph'.freeze].freeze
+    EDDSA_ALG_LIST = [
+      'Ed25519'.freeze,
+      'Ed25519ph'.freeze,
+      'Ed448'.freeze,
+      'Ed448ph'.freeze,
+      'EdDSA'.freeze
+    ].freeze
     def self.from_fields(jws, modules)
       if jws.fields.has_key?('b64')

data/lib/jose/jws/alg_eddsa.rb CHANGED

@@ -12,6 +12,8 @@ class JOSE::JWS::ALG_EDDSA < Struct.new(:sign_type)
       return new(:Ed448), fields.delete('alg')
     when 'Ed448ph'
       return new(:Ed448ph), fields.delete('alg')
+    when 'EdDSA'
+      return new(:EdDSA), fields.delete('alg')
     else
       raise ArgumentError, "invalid 'alg' for JWS: #{fields['alg'].inspect}"
     end
@@ -25,7 +27,8 @@ class JOSE::JWS::ALG_EDDSA < Struct.new(:sign_type)
   # JOSE::JWS::ALG callbacks
   def generate_key(fields)
-    return JOSE::JWS::ALG.generate_key([:okp, sign_type], sign_type.to_s)
+    okp_type = sign_type == :EdDSA ? :Ed25519 : sign_type
+    return JOSE::JWS::ALG.generate_key([:okp, okp_type], sign_type.to_s)
   end
   def sign(jwk, message)

data/lib/jose/version.rb CHANGED

@@ -1,3 +1,3 @@
 module JOSE
-  VERSION = "1.1.1"
+  VERSION = "1.1.2"
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jose
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 1.1.2
 platform: ruby
 authors:
 - Andrew Bennett
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2016-05-27 00:00:00.000000000 Z
+date: 2016-07-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: hamster