RubyGems - jose - Versions diffs - 1.1.1 → 1.1.2 - Mend

jose 1.1.1 → 1.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +9 -0
data/docs/SignatureAlgorithms.md +1 -0
data/lib/jose/jwa.rb +2 -0
data/lib/jose/jwe/zip_def.rb +11 -3
data/lib/jose/jwk/kty_okp_ed25519.rb +6 -6
data/lib/jose/jwk/kty_okp_ed25519ph.rb +4 -4
data/lib/jose/jwk/kty_okp_ed448.rb +6 -6
data/lib/jose/jwk/kty_okp_ed448ph.rb +6 -6
data/lib/jose/jwk/kty_rsa.rb +65 -1
data/lib/jose/jws.rb +20 -1
data/lib/jose/jws/alg_eddsa.rb +4 -1
data/lib/jose/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0d737f594b6ef3c926a323bc2c06b797ce24fc09
-  data.tar.gz: 8a4989e67d3dcbea62c84f1f60a40b41f3ca5a74
+  metadata.gz: aa018b696c9f264acc7691bb2ae92a7e48ec95e7
+  data.tar.gz: c07468825b96248e7e15376711e573913f0d33ce
 SHA512:
-  metadata.gz: 5f079c8178b435afd07a54c61e415b84ac4f9c0197b7961adde3313e460088a1b979a3d79f8308d4a64be686d5d4da7dba4af1bce38dc918c198102898717279
-  data.tar.gz: 569191e6793162f0ca29a9efa2d45fd09208f629b8e2e043ca08db21c4590f58c15aec92af220b7ad32bc2f8a3bc29819ef5efe1cdd81d2bb58bacdca8002e46
+  metadata.gz: 41a28230b46f5e9ea6ef56c7c8bdc2f353f7472f18faea6923d39326eb8d87f77a3ae247d22181ef5a4babe550cab1db31361e657d066959e8629a6df87c8e6d
+  data.tar.gz: 00c55722c8dc85d65c53a7628abdd9baa4c536d409249dd5de4487a7b3d8e34254035151526cbedf520809401153604f7c301705274d70d02fbc05fe1665a4e2

data/CHANGELOG.md CHANGED

@@ -1,5 +1,14 @@
 # Changelog
+## 1.1.2 (2016-07-07)
+* Enhancements
+  * Improved handling of RSA private keys in SMF (Straightforward Method) form to CRT (Chinese Remainder Theorem) form, see [potatosalad/erlang-jose#19](https://github.com/potatosalad/erlang-jose/issues/19)  This is especially useful for keys produced by Java programs using the `RSAPrivateKeySpec` API as mentioned in [Section 9.3 of RFC 7517](https://tools.ietf.org/html/rfc7517#section-9.3).
+  * Updated EdDSA operations to comply with draft 04 of [draft-ietf-jose-cfrg-curves-04](https://tools.ietf.org/html/draft-ietf-jose-cfrg-curves-04).
+* Fixes
+  * Fixed compression encoding bug for `{"zip":"DEF"}` operations (thanks to [@amadden734](https://github.com/amadden734) see [#3](https://github.com/potatosalad/ruby-jose/pull/3))
 ## 1.1.1 (2016-05-27)
 * Enhancements

data/docs/SignatureAlgorithms.md CHANGED

@@ -21,6 +21,7 @@ Here are the supported options for the `alg` parameter, grouped by similar funci
   - [`Ed25519ph`](http://www.rubydoc.info/gems/jose/JOSE/JWS#EdDSA-25519-group)
   - [`Ed448`](http://www.rubydoc.info/gems/jose/JOSE/JWS#EdDSA-448-group)
   - [`Ed448ph`](http://www.rubydoc.info/gems/jose/JOSE/JWS#EdDSA-448-group)
+  - [`EdDSA`](http://www.rubydoc.info/gems/jose/JOSE/JWS#EdDSA-group)
 - HMAC using SHA-2
   - [`HS256`](http://www.rubydoc.info/gems/jose/JOSE/JWS#HMACSHA2-group)
   - [`HS384`](http://www.rubydoc.info/gems/jose/JOSE/JWS#HMACSHA2-group)

data/lib/jose/jwa.rb CHANGED

@@ -104,6 +104,7 @@ module JOSE
     #     #      "Ed25519ph",
     #     #      "Ed448",
     #     #      "Ed448ph",
+    #     #      "EdDSA",
     #     #      "ES256",
     #     #      "ES384",
     #     #      "ES512",
@@ -161,6 +162,7 @@ module JOSE
         'Ed25519ph',
         'Ed448',
         'Ed448ph',
+        'EdDSA',
         'ES256',
         'ES384',
         'ES512',

data/lib/jose/jwe/zip_def.rb CHANGED

@@ -1,4 +1,4 @@
-class JOSE::JWE::ZIP_DEF
+class JOSE::JWE::ZIP_DEF < Struct.new(nil)
   # JOSE::JWE callbacks
@@ -18,11 +18,19 @@ class JOSE::JWE::ZIP_DEF
   # JOSE::JWE::ZIP callbacks
   def compress(plain_text)
-    return Zlib.deflate(plain_text)
+    zstream = Zlib::Deflate.new(nil, -Zlib::MAX_WBITS)
+    buf = zstream.deflate(plain_text, Zlib::FINISH)
+    zstream.finish
+    zstream.close
+    return buf
   end
   def uncompress(cipher_text)
-    return Zlib.inflate(cipher_text)
+    zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
+    buf = zstream.inflate(cipher_text)
+    zstream.finish
+    zstream.close
+    return buf
   end
 end

data/lib/jose/jwk/kty_okp_ed25519.rb CHANGED

@@ -78,8 +78,8 @@ class JOSE::JWK::KTY_OKP_Ed25519 < Struct.new(:okp)
     return JOSE::JWK::KTY.key_encryptor(self, fields, key)
   end
-  def sign(message, digest_type)
-    raise ArgumentError, "'digest_type' must be :Ed25519" if digest_type != :Ed25519
+  def sign(message, sign_type)
+    raise ArgumentError, "'sign_type' must be :Ed25519 or :EdDSA" if sign_type != :Ed25519 and sign_type != :EdDSA
     raise NotImplementedError, "Ed25519 public key cannot be used for signing" if okp.bytesize != SK_BYTES
     return JOSE::JWA::Curve25519.ed25519_sign(message, okp)
   end
@@ -88,7 +88,7 @@ class JOSE::JWK::KTY_OKP_Ed25519 < Struct.new(:okp)
     if okp.bytesize == SK_BYTES and fields and fields['use'] == 'sig' and not fields['alg'].nil?
       return JOSE::Map['alg' => fields['alg']]
     elsif okp.bytesize == SK_BYTES
-      return JOSE::Map['alg' => 'Ed25519']
+      return JOSE::Map['alg' => 'EdDSA']
     else
       raise ArgumentError, "signing not supported for public keys"
     end
@@ -98,12 +98,12 @@ class JOSE::JWK::KTY_OKP_Ed25519 < Struct.new(:okp)
     if fields and fields['use'] == 'sig' and not fields['alg'].nil?
       return [fields['alg']]
     else
-      return ['Ed25519']
+      return ['Ed25519', 'EdDSA']
     end
   end
-  def verify(message, digest_type, signature)
-    raise ArgumentError, "'digest_type' must be :Ed25519" if digest_type != :Ed25519
+  def verify(message, sign_type, signature)
+    raise ArgumentError, "'sign_type' must be :Ed25519 or :EdDSA" if sign_type != :Ed25519 and sign_type != :EdDSA
     pk = okp
     pk = JOSE::JWA::Curve25519.ed25519_secret_to_public(okp) if okp.bytesize == SK_BYTES
     return JOSE::JWA::Curve25519.ed25519_verify(signature, message, pk)

data/lib/jose/jwk/kty_okp_ed25519ph.rb CHANGED

@@ -79,7 +79,7 @@ class JOSE::JWK::KTY_OKP_Ed25519ph < Struct.new(:okp)
   end
   def sign(message, sign_type)
-    raise ArgumentError, "'sign_type' must be :Ed25519ph" if sign_type != :Ed25519ph
+    raise ArgumentError, "'sign_type' must be :Ed25519ph or :EdDSA" if sign_type != :Ed25519ph and sign_type != :EdDSA
     raise NotImplementedError, "Ed25519ph public key cannot be used for signing" if okp.bytesize != SK_BYTES
     return JOSE::JWA::Curve25519.ed25519ph_sign(message, okp)
   end
@@ -88,7 +88,7 @@ class JOSE::JWK::KTY_OKP_Ed25519ph < Struct.new(:okp)
     if okp.bytesize == SK_BYTES and fields and fields['use'] == 'sig' and not fields['alg'].nil?
       return JOSE::Map['alg' => fields['alg']]
     elsif okp.bytesize == SK_BYTES
-      return JOSE::Map['alg' => 'Ed25519ph']
+      return JOSE::Map['alg' => 'EdDSA']
     else
       raise ArgumentError, "signing not supported for public keys"
     end
@@ -98,12 +98,12 @@ class JOSE::JWK::KTY_OKP_Ed25519ph < Struct.new(:okp)
     if fields and fields['use'] == 'sig' and not fields['alg'].nil?
       return [fields['alg']]
     else
-      return ['Ed25519ph']
+      return ['Ed25519ph', 'EdDSA']
     end
   end
   def verify(message, sign_type, signature)
-    raise ArgumentError, "'sign_type' must be :Ed25519ph" if sign_type != :Ed25519ph
+    raise ArgumentError, "'sign_type' must be :Ed25519ph or :EdDSA" if sign_type != :Ed25519ph and sign_type != :EdDSA
     pk = okp
     pk = JOSE::JWA::Curve25519.ed25519ph_secret_to_public(okp) if okp.bytesize == SK_BYTES
     return JOSE::JWA::Curve25519.ed25519ph_verify(signature, message, pk)

data/lib/jose/jwk/kty_okp_ed448.rb CHANGED

@@ -78,8 +78,8 @@ class JOSE::JWK::KTY_OKP_Ed448 < Struct.new(:okp)
     return JOSE::JWK::KTY.key_encryptor(self, fields, key)
   end
-  def sign(message, digest_type)
-    raise ArgumentError, "'digest_type' must be :Ed448" if digest_type != :Ed448
+  def sign(message, sign_type)
+    raise ArgumentError, "'sign_type' must be :Ed448 or :EdDSA" if sign_type != :Ed448 and sign_type != :EdDSA
     raise NotImplementedError, "Ed448 public key cannot be used for signing" if okp.bytesize != SK_BYTES
     return JOSE::JWA::Curve448.ed448_sign(message, okp)
   end
@@ -88,7 +88,7 @@ class JOSE::JWK::KTY_OKP_Ed448 < Struct.new(:okp)
     if okp.bytesize == SK_BYTES and fields and fields['use'] == 'sig' and not fields['alg'].nil?
       return JOSE::Map['alg' => fields['alg']]
     elsif okp.bytesize == SK_BYTES
-      return JOSE::Map['alg' => 'Ed448']
+      return JOSE::Map['alg' => 'EdDSA']
     else
       raise ArgumentError, "signing not supported for public keys"
     end
@@ -98,12 +98,12 @@ class JOSE::JWK::KTY_OKP_Ed448 < Struct.new(:okp)
     if fields and fields['use'] == 'sig' and not fields['alg'].nil?
       return [fields['alg']]
     else
-      return ['Ed448']
+      return ['Ed448', 'EdDSA']
     end
   end
-  def verify(message, digest_type, signature)
-    raise ArgumentError, "'digest_type' must be :Ed448" if digest_type != :Ed448
+  def verify(message, sign_type, signature)
+    raise ArgumentError, "'sign_type' must be :Ed448 or :EdDSA" if sign_type != :Ed448 and sign_type != :EdDSA
     pk = okp
     pk = JOSE::JWA::Curve448.ed448_secret_to_public(okp) if okp.bytesize == SK_BYTES
     return JOSE::JWA::Curve448.ed448_verify(signature, message, pk)

data/lib/jose/jwk/kty_okp_ed448ph.rb CHANGED

@@ -78,8 +78,8 @@ class JOSE::JWK::KTY_OKP_Ed448ph < Struct.new(:okp)
     return JOSE::JWK::KTY.key_encryptor(self, fields, key)
   end
-  def sign(message, digest_type)
-    raise ArgumentError, "'digest_type' must be :Ed448ph" if digest_type != :Ed448ph
+  def sign(message, sign_type)
+    raise ArgumentError, "'sign_type' must be :Ed448ph or :EdDSA" if sign_type != :Ed448ph and sign_type != :EdDSA
     raise NotImplementedError, "Ed448ph public key cannot be used for signing" if okp.bytesize != SK_BYTES
     return JOSE::JWA::Curve448.ed448ph_sign(message, okp)
   end
@@ -88,7 +88,7 @@ class JOSE::JWK::KTY_OKP_Ed448ph < Struct.new(:okp)
     if okp.bytesize == SK_BYTES and fields and fields['use'] == 'sig' and not fields['alg'].nil?
       return JOSE::Map['alg' => fields['alg']]
     elsif okp.bytesize == SK_BYTES
-      return JOSE::Map['alg' => 'Ed448ph']
+      return JOSE::Map['alg' => 'EdDSA']
     else
       raise ArgumentError, "signing not supported for public keys"
     end
@@ -98,12 +98,12 @@ class JOSE::JWK::KTY_OKP_Ed448ph < Struct.new(:okp)
     if fields and fields['use'] == 'sig' and not fields['alg'].nil?
       return [fields['alg']]
     else
-      return ['Ed448ph']
+      return ['Ed448ph', 'EdDSA']
     end
   end
-  def verify(message, digest_type, signature)
-    raise ArgumentError, "'digest_type' must be :Ed448ph" if digest_type != :Ed448ph
+  def verify(message, sign_type, signature)
+    raise ArgumentError, "'sign_type' must be :Ed448ph or :EdDSA" if sign_type != :Ed448ph and sign_type != :EdDSA
     pk = okp
     pk = JOSE::JWA::Curve448.ed448ph_secret_to_public(okp) if okp.bytesize == SK_BYTES
     return JOSE::JWA::Curve448.ed448ph_verify(signature, message, pk)

data/lib/jose/jwk/kty_rsa.rb CHANGED

@@ -19,7 +19,11 @@ class JOSE::JWK::KTY_RSA < Struct.new(:key)
           rsa.iqmp = OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['qi']), 2)
           return JOSE::JWK::KTY_RSA.new(JOSE::JWK::PKeyProxy.new(rsa)), fields.except('kty', 'd', 'dp', 'dq', 'e', 'n', 'p', 'q', 'qi')
         else
-          raise ArgumentError, "invalid 'RSA' JWK"
+          d   = OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['d']), 2)
+          e   = OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['e']), 2)
+          n   = OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['n']), 2)
+          rsa = convert_sfm_to_crt(d, e, n)
+          return JOSE::JWK::KTY_RSA.new(JOSE::JWK::PKeyProxy.new(rsa)), fields.except('kty', 'd', 'dp', 'dq', 'e', 'n', 'p', 'q', 'qi')
         end
       else
         rsa   = OpenSSL::PKey::RSA.new
@@ -200,4 +204,64 @@ class JOSE::JWK::KTY_RSA < Struct.new(:key)
     return JOSE::JWK::PEM.to_binary(key, password)
   end
+  # Internal functions
+private
+  def self.convert_sfm_to_crt(d, e, n)
+    ktot = d * e - 1
+    t = convert_sfm_to_crt_find_t(ktot)
+    a = 2.to_bn
+    k = t
+    p = convert_sfm_to_crt_find_p(ktot, t, k, a, n, d)
+    q, = n / p
+    if q > p
+      p, q = q, p
+    end
+    dp = d % (p - 1)
+    dq = d % (q - 1)
+    qi = q.mod_inverse(p)
+    rsa      = OpenSSL::PKey::RSA.new
+    rsa.d    = d
+    rsa.dmp1 = dp
+    rsa.dmq1 = dq
+    rsa.e    = e
+    rsa.n    = n
+    rsa.p    = p
+    rsa.q    = q
+    rsa.iqmp = qi
+    return rsa
+  end
+  def self.convert_sfm_to_crt_find_t(ktot)
+    t = ktot
+    loop do
+      if t > 0 and (t % 2) == 0
+        t, = t / 2
+      else
+        break
+      end
+    end
+    return t
+  end
+  def self.convert_sfm_to_crt_find_p(ktot, t, k, a, n, d)
+    p = nil
+    loop do
+      break if not p.nil?
+      loop do
+        break if not p.nil?
+        break if k >= ktot
+        c = a.mod_exp(k, n)
+        if c != 1 and c != (n - 1) and c.mod_exp(2, n) == 1
+          p = (c + 1).gcd(n)
+        else
+          k = k * 2
+        end
+      end
+      break if not p.nil?
+      k = t
+      a = a + 2
+    end
+    return p
+  end
 end

data/lib/jose/jws.rb CHANGED

@@ -59,6 +59,7 @@ module JOSE
   #   * `"Ed25519ph"`
   #   * `"Ed448"`
   #   * `"Ed448ph"`
+  #   * `"EdDSA"`
   #   * `"ES256"`
   #   * `"ES384"`
   #   * `"ES512"`
@@ -115,6 +116,18 @@ module JOSE
   #     JOSE::JWS.verify(jwk_ed448ph, signed_ed448ph).first
   #     # => true
   #
+  # ### <a name="EdDSA-group">EdDSA</a>
+  #
+  #     # EdDSA works with Ed25519, Ed25519ph, Ed448, and Ed448ph keys.
+  #     # However, it defaults to Ed25519 for key generation.
+  #     jwk_eddsa = JOSE::JWS.generate_key({ "alg" => "EdDSA" })
+  #
+  #     # EdDSA
+  #     signed_eddsa = JOSE::JWS.sign(jwk_eddsa, "{}", { "alg" => "EdDSA" }).compact
+  #     # => "eyJhbGciOiJFZERTQSJ9.e30.rhb5ZY7MllNbW9q-SCn_NglhYtaRGMXEUDj6BvJjltOt19tEI_1wFrVK__jL91i9hO7WtVqRH_OfHiilnO1CAQ"
+  #     JOSE::JWS.verify(jwk_eddsa, signed_eddsa).first
+  #     # => true
+  #
   # ### <a name="ECDSA-group">ES256, ES384, and ES512</a>
   #
   #     !!!ruby
@@ -681,7 +694,13 @@ module JOSE
   private
-    EDDSA_ALG_LIST = ['Ed25519'.freeze, 'Ed25519ph'.freeze, 'Ed448'.freeze, 'Ed448ph'.freeze].freeze
+    EDDSA_ALG_LIST = [
+      'Ed25519'.freeze,
+      'Ed25519ph'.freeze,
+      'Ed448'.freeze,
+      'Ed448ph'.freeze,
+      'EdDSA'.freeze
+    ].freeze
     def self.from_fields(jws, modules)
       if jws.fields.has_key?('b64')

data/lib/jose/jws/alg_eddsa.rb CHANGED

@@ -12,6 +12,8 @@ class JOSE::JWS::ALG_EDDSA < Struct.new(:sign_type)
       return new(:Ed448), fields.delete('alg')
     when 'Ed448ph'
       return new(:Ed448ph), fields.delete('alg')
+    when 'EdDSA'
+      return new(:EdDSA), fields.delete('alg')
     else
       raise ArgumentError, "invalid 'alg' for JWS: #{fields['alg'].inspect}"
     end
@@ -25,7 +27,8 @@ class JOSE::JWS::ALG_EDDSA < Struct.new(:sign_type)
   # JOSE::JWS::ALG callbacks
   def generate_key(fields)
-    return JOSE::JWS::ALG.generate_key([:okp, sign_type], sign_type.to_s)
+    okp_type = sign_type == :EdDSA ? :Ed25519 : sign_type
+    return JOSE::JWS::ALG.generate_key([:okp, okp_type], sign_type.to_s)
   end
   def sign(jwk, message)

data/lib/jose/version.rb CHANGED

@@ -1,3 +1,3 @@
 module JOSE
-  VERSION = "1.1.1"
+  VERSION = "1.1.2"
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jose
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 1.1.2
 platform: ruby
 authors:
 - Andrew Bennett
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2016-05-27 00:00:00.000000000 Z
+date: 2016-07-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: hamster