jose 1.1.3 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bfd5ea4addb2127fc84ce5fe41ba48895c8906a1a1252dae1731c05cf530fcdd
-  data.tar.gz: 12051ba779da5cbc36666f1d2b1b8df8b6a781e03878afebacdd17456012e6bd
+  metadata.gz: 00444dded2474f952af57bd18fc928b39a932a22a734facdc1b0c1080911c1bb
+  data.tar.gz: 28aa16c478f8830c3783ac0b0dcb3bd05f6bfd1b56def6c63c4152b3fc710b08
 SHA512:
-  metadata.gz: 300be47e599d8fc493c955bca536d33aca2ce92d28f7088985f916e70bea4dbdf1d8d3e45e34a1d2fb2adda6103915bba7b76f8c072553e1dc209e9e790f93e2
-  data.tar.gz: c1e31e5479b471a86203d048b2a2efe9fb67f14941be4409a91438b74dc87cce6d075f7d2164c8a991e0d0af0477a3790211fc3a53fbb2a207cd6cd23f4f49f2
+  metadata.gz: a92cfb67f1868ac68933e56bdb7d492c99be01ab53a0f89e727f9cc721073216ce78bc4890eb07a0ebb64e7aef4b49d5810ed040ffc5a5fac5a6bb49fca943b3
+  data.tar.gz: 45da14c6b71bf5853cabc1de030fe321fbee4badc1525a6d0471bd952513ba7cf53ef9d90f3343f030e1b0416dbc4f884291db4306a0261f55086c646ce9c7c8

data/.github/workflows/ci.yml

@@ -0,0 +1,27 @@
+name: CI
+
+on: [push, pull_request]
+
+env:
+  CODECOV_TOKEN: "${{ secrets.CODECOV_TOKEN }}"
+  COVERAGE: true
+  JOSE_CRYPTO_FALLBACK: true
+  RUBYOPT: "-W0"
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: ['2.7.8', '3.2.2', '3.3.0']
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+      - run: bundle exec rake

data/.ruby-version

@@ -1 +1 @@
-2.5.1
+3.2.2

data/CHANGELOG.md

@@ -1,5 +1,16 @@
 # Changelog
 
+## 1.2.0 (2024-01-08)
+
+* Enhancements
+  * Add support for C20P and C20PKW (see [61fb00b](https://github.com/potatosalad/ruby-jose/commit/61fb00b1576225653851fbcb97289306270a14ef) and [2f38f78](https://github.com/potatosalad/ruby-jose/commit/2f38f78996f354b463e8b1208161e9bb7a69437b)).
+  * Add support for XC20P and XC20PKW (see [29d0942](https://github.com/potatosalad/ruby-jose/commit/29d09424de720f69050b5f13d3476cb75968c4c5)).
+  * Relicense library under MIT license (thanks to [@jessieay](https://github.com/jessieay) in [#14](https://github.com/potatosalad/ruby-jose/pull/14)).
+
+* Fixes
+  * Use RSA PSS salt length of hash/digest length instead of max length (thanks to [@abhiuppala](https://github.com/abhiuppala) for reporting in [#12](https://github.com/potatosalad/ruby-jose/issues/12), see [646bdde](https://github.com/potatosalad/ruby-jose/commit/646bdde5a8f7b551056e063a5590c1e822a74b75))
+  * Full Ruby 3 and OpenSSL 3 compatibility (thanks to [@beanieboi](https://github.com/beanieboi), see [#25](https://github.com/potatosalad/ruby-jose/pull/25)).
+
 ## 1.1.3 (2018-09-20)
 
 * Enhancements

data/Gemfile

@@ -10,12 +10,19 @@ platforms :ruby do
 end
 
 group :test do
+  gem "bundler"
+  gem "rake"
+  gem "minitest"
+  gem "json"
+  gem "rbnacl"
+  gem "ed25519"
+  gem "x25519"
   gem 'minitest-focus', require: false
   gem 'minitest-perf', require: false
-  gem 'rantly', github: 'abargnesi/rantly', ref: '2875f63bfc695d270ecb574c56d1a7d8f6af0153', require: false
+  gem 'rantly', github: 'rantly-rb/rantly', ref: '9ea88a43d6437db76a0b5341a3c41c2687e18cd8', require: false
   gem 'simplecov', require: false
   if ENV['CI']
-    gem 'coveralls', require: false
+    gem 'codecov', require: false
   end
 end
 

data/LICENSE.md

@@ -1,373 +1,22 @@
-Mozilla Public License Version 2.0
-==================================
-
-1. Definitions
---------------
-
-1.1. "Contributor"
-    means each individual or legal entity that creates, contributes to
-    the creation of, or owns Covered Software.
-
-1.2. "Contributor Version"
-    means the combination of the Contributions of others (if any) used
-    by a Contributor and that particular Contributor's Contribution.
-
-1.3. "Contribution"
-    means Covered Software of a particular Contributor.
-
-1.4. "Covered Software"
-    means Source Code Form to which the initial Contributor has attached
-    the notice in Exhibit A, the Executable Form of such Source Code
-    Form, and Modifications of such Source Code Form, in each case
-    including portions thereof.
-
-1.5. "Incompatible With Secondary Licenses"
-    means
-
-    (a) that the initial Contributor has attached the notice described
-        in Exhibit B to the Covered Software; or
-
-    (b) that the Covered Software was made available under the terms of
-        version 1.1 or earlier of the License, but not also under the
-        terms of a Secondary License.
-
-1.6. "Executable Form"
-    means any form of the work other than Source Code Form.
-
-1.7. "Larger Work"
-    means a work that combines Covered Software with other material, in
-    a separate file or files, that is not Covered Software.
-
-1.8. "License"
-    means this document.
-
-1.9. "Licensable"
-    means having the right to grant, to the maximum extent possible,
-    whether at the time of the initial grant or subsequently, any and
-    all of the rights conveyed by this License.
-
-1.10. "Modifications"
-    means any of the following:
-
-    (a) any file in Source Code Form that results from an addition to,
-        deletion from, or modification of the contents of Covered
-        Software; or
-
-    (b) any new file in Source Code Form that contains any Covered
-        Software.
-
-1.11. "Patent Claims" of a Contributor
-    means any patent claim(s), including without limitation, method,
-    process, and apparatus claims, in any patent Licensable by such
-    Contributor that would be infringed, but for the grant of the
-    License, by the making, using, selling, offering for sale, having
-    made, import, or transfer of either its Contributions or its
-    Contributor Version.
-
-1.12. "Secondary License"
-    means either the GNU General Public License, Version 2.0, the GNU
-    Lesser General Public License, Version 2.1, the GNU Affero General
-    Public License, Version 3.0, or any later versions of those
-    licenses.
-
-1.13. "Source Code Form"
-    means the form of the work preferred for making modifications.
-
-1.14. "You" (or "Your")
-    means an individual or a legal entity exercising rights under this
-    License. For legal entities, "You" includes any entity that
-    controls, is controlled by, or is under common control with You. For
-    purposes of this definition, "control" means (a) the power, direct
-    or indirect, to cause the direction or management of such entity,
-    whether by contract or otherwise, or (b) ownership of more than
-    fifty percent (50%) of the outstanding shares or beneficial
-    ownership of such entity.
-
-2. License Grants and Conditions
---------------------------------
-
-2.1. Grants
-
-Each Contributor hereby grants You a world-wide, royalty-free,
-non-exclusive license:
-
-(a) under intellectual property rights (other than patent or trademark)
-    Licensable by such Contributor to use, reproduce, make available,
-    modify, display, perform, distribute, and otherwise exploit its
-    Contributions, either on an unmodified basis, with Modifications, or
-    as part of a Larger Work; and
-
-(b) under Patent Claims of such Contributor to make, use, sell, offer
-    for sale, have made, import, and otherwise transfer either its
-    Contributions or its Contributor Version.
-
-2.2. Effective Date
-
-The licenses granted in Section 2.1 with respect to any Contribution
-become effective for each Contribution on the date the Contributor first
-distributes such Contribution.
-
-2.3. Limitations on Grant Scope
-
-The licenses granted in this Section 2 are the only rights granted under
-this License. No additional rights or licenses will be implied from the
-distribution or licensing of Covered Software under this License.
-Notwithstanding Section 2.1(b) above, no patent license is granted by a
-Contributor:
-
-(a) for any code that a Contributor has removed from Covered Software;
-    or
-
-(b) for infringements caused by: (i) Your and any other third party's
-    modifications of Covered Software, or (ii) the combination of its
-    Contributions with other software (except as part of its Contributor
-    Version); or
-
-(c) under Patent Claims infringed by Covered Software in the absence of
-    its Contributions.
-
-This License does not grant any rights in the trademarks, service marks,
-or logos of any Contributor (except as may be necessary to comply with
-the notice requirements in Section 3.4).
-
-2.4. Subsequent Licenses
-
-No Contributor makes additional grants as a result of Your choice to
-distribute the Covered Software under a subsequent version of this
-License (see Section 10.2) or under the terms of a Secondary License (if
-permitted under the terms of Section 3.3).
-
-2.5. Representation
-
-Each Contributor represents that the Contributor believes its
-Contributions are its original creation(s) or it has sufficient rights
-to grant the rights to its Contributions conveyed by this License.
-
-2.6. Fair Use
-
-This License is not intended to limit any rights You have under
-applicable copyright doctrines of fair use, fair dealing, or other
-equivalents.
-
-2.7. Conditions
-
-Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
-in Section 2.1.
-
-3. Responsibilities
--------------------
-
-3.1. Distribution of Source Form
-
-All distribution of Covered Software in Source Code Form, including any
-Modifications that You create or to which You contribute, must be under
-the terms of this License. You must inform recipients that the Source
-Code Form of the Covered Software is governed by the terms of this
-License, and how they can obtain a copy of this License. You may not
-attempt to alter or restrict the recipients' rights in the Source Code
-Form.
-
-3.2. Distribution of Executable Form
-
-If You distribute Covered Software in Executable Form then:
-
-(a) such Covered Software must also be made available in Source Code
-    Form, as described in Section 3.1, and You must inform recipients of
-    the Executable Form how they can obtain a copy of such Source Code
-    Form by reasonable means in a timely manner, at a charge no more
-    than the cost of distribution to the recipient; and
-
-(b) You may distribute such Executable Form under the terms of this
-    License, or sublicense it under different terms, provided that the
-    license for the Executable Form does not attempt to limit or alter
-    the recipients' rights in the Source Code Form under this License.
-
-3.3. Distribution of a Larger Work
-
-You may create and distribute a Larger Work under terms of Your choice,
-provided that You also comply with the requirements of this License for
-the Covered Software. If the Larger Work is a combination of Covered
-Software with a work governed by one or more Secondary Licenses, and the
-Covered Software is not Incompatible With Secondary Licenses, this
-License permits You to additionally distribute such Covered Software
-under the terms of such Secondary License(s), so that the recipient of
-the Larger Work may, at their option, further distribute the Covered
-Software under the terms of either this License or such Secondary
-License(s).
-
-3.4. Notices
-
-You may not remove or alter the substance of any license notices
-(including copyright notices, patent notices, disclaimers of warranty,
-or limitations of liability) contained within the Source Code Form of
-the Covered Software, except that You may alter any license notices to
-the extent required to remedy known factual inaccuracies.
-
-3.5. Application of Additional Terms
-
-You may choose to offer, and to charge a fee for, warranty, support,
-indemnity or liability obligations to one or more recipients of Covered
-Software. However, You may do so only on Your own behalf, and not on
-behalf of any Contributor. You must make it absolutely clear that any
-such warranty, support, indemnity, or liability obligation is offered by
-You alone, and You hereby agree to indemnify every Contributor for any
-liability incurred by such Contributor as a result of warranty, support,
-indemnity or liability terms You offer. You may include additional
-disclaimers of warranty and limitations of liability specific to any
-jurisdiction.
-
-4. Inability to Comply Due to Statute or Regulation
----------------------------------------------------
-
-If it is impossible for You to comply with any of the terms of this
-License with respect to some or all of the Covered Software due to
-statute, judicial order, or regulation then You must: (a) comply with
-the terms of this License to the maximum extent possible; and (b)
-describe the limitations and the code they affect. Such description must
-be placed in a text file included with all distributions of the Covered
-Software under this License. Except to the extent prohibited by statute
-or regulation, such description must be sufficiently detailed for a
-recipient of ordinary skill to be able to understand it.
-
-5. Termination
---------------
-
-5.1. The rights granted under this License will terminate automatically
-if You fail to comply with any of its terms. However, if You become
-compliant, then the rights granted under this License from a particular
-Contributor are reinstated (a) provisionally, unless and until such
-Contributor explicitly and finally terminates Your grants, and (b) on an
-ongoing basis, if such Contributor fails to notify You of the
-non-compliance by some reasonable means prior to 60 days after You have
-come back into compliance. Moreover, Your grants from a particular
-Contributor are reinstated on an ongoing basis if such Contributor
-notifies You of the non-compliance by some reasonable means, this is the
-first time You have received notice of non-compliance with this License
-from such Contributor, and You become compliant prior to 30 days after
-Your receipt of the notice.
-
-5.2. If You initiate litigation against any entity by asserting a patent
-infringement claim (excluding declaratory judgment actions,
-counter-claims, and cross-claims) alleging that a Contributor Version
-directly or indirectly infringes any patent, then the rights granted to
-You by any and all Contributors for the Covered Software under Section
-2.1 of this License shall terminate.
-
-5.3. In the event of termination under Sections 5.1 or 5.2 above, all
-end user license agreements (excluding distributors and resellers) which
-have been validly granted by You or Your distributors under this License
-prior to termination shall survive termination.
-
-************************************************************************
-*                                                                      *
-*  6. Disclaimer of Warranty                                           *
-*  -------------------------                                           *
-*                                                                      *
-*  Covered Software is provided under this License on an "as is"       *
-*  basis, without warranty of any kind, either expressed, implied, or  *
-*  statutory, including, without limitation, warranties that the       *
-*  Covered Software is free of defects, merchantable, fit for a        *
-*  particular purpose or non-infringing. The entire risk as to the     *
-*  quality and performance of the Covered Software is with You.        *
-*  Should any Covered Software prove defective in any respect, You     *
-*  (not any Contributor) assume the cost of any necessary servicing,   *
-*  repair, or correction. This disclaimer of warranty constitutes an   *
-*  essential part of this License. No use of any Covered Software is   *
-*  authorized under this License except under this disclaimer.         *
-*                                                                      *
-************************************************************************
-
-************************************************************************
-*                                                                      *
-*  7. Limitation of Liability                                          *
-*  --------------------------                                          *
-*                                                                      *
-*  Under no circumstances and under no legal theory, whether tort      *
-*  (including negligence), contract, or otherwise, shall any           *
-*  Contributor, or anyone who distributes Covered Software as          *
-*  permitted above, be liable to You for any direct, indirect,         *
-*  special, incidental, or consequential damages of any character      *
-*  including, without limitation, damages for lost profits, loss of    *
-*  goodwill, work stoppage, computer failure or malfunction, or any    *
-*  and all other commercial damages or losses, even if such party      *
-*  shall have been informed of the possibility of such damages. This   *
-*  limitation of liability shall not apply to liability for death or   *
-*  personal injury resulting from such party's negligence to the       *
-*  extent applicable law prohibits such limitation. Some               *
-*  jurisdictions do not allow the exclusion or limitation of           *
-*  incidental or consequential damages, so this exclusion and          *
-*  limitation may not apply to You.                                    *
-*                                                                      *
-************************************************************************
-
-8. Litigation
--------------
-
-Any litigation relating to this License may be brought only in the
-courts of a jurisdiction where the defendant maintains its principal
-place of business and such litigation shall be governed by laws of that
-jurisdiction, without reference to its conflict-of-law provisions.
-Nothing in this Section shall prevent a party's ability to bring
-cross-claims or counter-claims.
-
-9. Miscellaneous
-----------------
-
-This License represents the complete agreement concerning the subject
-matter hereof. If any provision of this License is held to be
-unenforceable, such provision shall be reformed only to the extent
-necessary to make it enforceable. Any law or regulation which provides
-that the language of a contract shall be construed against the drafter
-shall not be used to construe this License against a Contributor.
-
-10. Versions of the License
----------------------------
-
-10.1. New Versions
-
-Mozilla Foundation is the license steward. Except as provided in Section
-10.3, no one other than the license steward has the right to modify or
-publish new versions of this License. Each version will be given a
-distinguishing version number.
-
-10.2. Effect of New Versions
-
-You may distribute the Covered Software under the terms of the version
-of the License under which You originally received the Covered Software,
-or under the terms of any subsequent version published by the license
-steward.
-
-10.3. Modified Versions
-
-If you create software not governed by this License, and you want to
-create a new license for such software, you may create and use a
-modified version of this License if you rename the license and remove
-any references to the name of the license steward (except to note that
-such modified license differs from this License).
-
-10.4. Distributing Source Code Form that is Incompatible With Secondary
-Licenses
-
-If You choose to distribute Source Code Form that is Incompatible With
-Secondary Licenses under the terms of this version of the License, the
-notice described in Exhibit B of this License must be attached.
-
-Exhibit A - Source Code Form License Notice
--------------------------------------------
-
-  This Source Code Form is subject to the terms of the Mozilla Public
-  License, v. 2.0. If a copy of the MPL was not distributed with this
-  file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-If it is not possible or desirable to put the notice in a particular
-file, then You may include the notice in a location (such as a LICENSE
-file in a relevant directory) where a recipient would be likely to look
-for such a notice.
-
-You may add additional accurate notices of copyright ownership.
-
-Exhibit B - "Incompatible With Secondary Licenses" Notice
----------------------------------------------------------
-
-  This Source Code Form is "Incompatible With Secondary Licenses", as
-  defined by the Mozilla Public License, v. 2.0.
+The MIT License (MIT)
+=====================
+
+Copyright (c) 2015-2020, Andrew Bennett <potatosaladx@gmail.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -1,6 +1,6 @@
 # JOSE
 
-[![Travis](https://img.shields.io/travis/potatosalad/ruby-jose.svg?maxAge=86400)](https://travis-ci.org/potatosalad/ruby-jose) [![Coverage Status](https://coveralls.io/repos/github/potatosalad/ruby-jose/badge.svg?branch=master)](https://coveralls.io/github/potatosalad/ruby-jose?branch=master) [![Gem](https://img.shields.io/gem/v/jose.svg?maxAge=86400)](https://rubygems.org/gems/jose) [![Docs](https://img.shields.io/badge/yard-docs-blue.svg?maxAge=86400)](http://www.rubydoc.info/gems/jose) [![Inline docs](http://inch-ci.org/github/potatosalad/ruby-jose.svg?branch=master&style=shields)](http://inch-ci.org/github/potatosalad/ruby-jose)
+[![CI](https://github.com/potatosalad/ruby-jose/actions/workflows/ci.yml/badge.svg?branch=master)](https://github.com/potatosalad/ruby-jose/actions/workflows/ci.yml) [![codecov](https://codecov.io/gh/potatosalad/ruby-jose/branch/master/graph/badge.svg)](https://codecov.io/gh/potatosalad/ruby-jose) [![Gem](https://img.shields.io/gem/v/jose.svg?maxAge=86400)](https://rubygems.org/gems/jose) [![Docs](https://img.shields.io/badge/yard-docs-blue.svg?maxAge=86400)](http://www.rubydoc.info/gems/jose) [![Inline docs](http://inch-ci.org/github/potatosalad/ruby-jose.svg?branch=master&style=shields)](http://inch-ci.org/github/potatosalad/ruby-jose)
 
 JSON Object Signing and Encryption (JOSE) for Ruby.
 
@@ -65,4 +65,4 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/potato
 
 ## License
 
-The gem is available as open source under the terms of the [MPL-2.0 License](http://opensource.org/licenses/MPL-2.0).
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -5,6 +5,7 @@ Rake::TestTask.new(:test) do |t|
   t.libs << "test"
   t.libs << "lib"
   t.test_files = FileList['test/**/*_test.rb']
+  t.ruby_opts += ["-W0"]
 end
 
 task :default => :test

data/jose.gemspec

@@ -12,7 +12,7 @@ Gem::Specification.new do |spec|
   spec.summary       = %q{JSON Object Signing and Encryption}
   spec.description   = %q{JSON Object Signing and Encryption}
   spec.homepage      = "https://github.com/potatosalad/ruby-jose"
-  spec.license       = "MPL-2.0"
+  spec.license       = "MIT"
 
   # Prevent pushing this gem to RubyGems.org by setting 'allowed_push_host', or
   # delete this section to allow pushing this gem to any host.
@@ -27,13 +27,14 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "hamster"
+  spec.add_dependency "base64"
+  spec.add_dependency "immutable-ruby"
 
-  spec.add_development_dependency "bundler", "~> 1.16"
-  spec.add_development_dependency "rake", "~> 12.3"
+  spec.add_development_dependency "bundler", "~> 2.5"
+  spec.add_development_dependency "rake", "~> 13.1"
   spec.add_development_dependency "minitest"
   spec.add_development_dependency "json"
-  spec.add_development_dependency "rbnacl-libsodium"
+  spec.add_development_dependency "rbnacl"
   spec.add_development_dependency "ed25519"
   spec.add_development_dependency "x25519"
 end

data/lib/jose/jwa/curve25519_rbnacl.rb

@@ -6,10 +6,6 @@ module JOSE::JWA::Curve25519_RbNaCl
 
   def __supported__?
     return @supported ||= begin
-      begin
-        require 'rbnacl/libsodium'
-      rescue LoadError
-      end
       begin
         require 'rbnacl'
       rescue LoadError

data/lib/jose/jwa/ed25519_rbnacl.rb

@@ -26,7 +26,24 @@ module JOSE::JWA::Ed25519_RbNaCl
   end
 
   def verify(sig, m, pk)
-    return RbNaCl::Signatures::Ed25519::VerifyKey.new(pk).verify(sig, m)
+    verify_key = RbNaCl::Signatures::Ed25519::VerifyKey.new(pk)
+    if m.respond_to?(:bytesize) and m.bytesize == 0
+      # RbNaCl does not allow empty message signatures.
+      key = verify_key.instance_variable_get(:@key)
+      signature = sig.to_str
+      signature_bytes = verify_key.signature_bytes
+      RbNaCl::Util.check_length(signature, signature_bytes, "signature")
+      signed_message = signature + m
+      raise RbNaCl::LengthError, "Signed message can not be nil" if signed_message.nil?
+      raise RbNaCl::LengthError, "Signed message can not be shorter than a signature" if signed_message.bytesize < signature_bytes
+      buffer = RbNaCl::Util.zeros(signed_message.bytesize)
+      buffer_len = RbNaCl::Util.zeros(FFI::Type::LONG_LONG.size)
+      success = verify_key.class.sign_ed25519_open(buffer, buffer_len, signed_message, signed_message.bytesize, key)
+      raise(RbNaCl::BadSignatureError, "signature was forged/corrupt") unless success
+      return true
+    else
+      return verify_key.verify(sig, m)
+    end
   end
 
   def verify_ph(sig, m, pk)

data/lib/jose/jwa/pkcs1.rb

@@ -59,7 +59,7 @@ module JOSE::JWA::PKCS1
     if hash.is_a?(String)
       hash = OpenSSL::Digest.new(hash)
     end
-    salt ||= -2
+    salt ||= -1
     if salt.is_a?(Integer)
       salt_len = salt
       if salt_len == -2
@@ -102,7 +102,7 @@ module JOSE::JWA::PKCS1
     if hash.is_a?(String)
       hash = OpenSSL::Digest.new(hash)
     end
-    salt_len ||= -2
+    salt_len ||= -1
     if salt_len == -2
       hash_len = hash.digest('').bytesize
       em_len = (em_bits / 8.0).ceil

data/lib/jose/jwa/xchacha20poly1305.rb

@@ -0,0 +1,61 @@
+module JOSE::JWA::XChaCha20Poly1305
+
+  extend self
+
+  MUTEX = Mutex.new
+
+  @__implementations__ = []
+  @__ruby_implementations__ = []
+
+  def __implementation__
+    return MUTEX.synchronize { @__implementation__ ||= __pick_best_implementation__ }
+  end
+
+  def __implementation__=(implementation)
+    return MUTEX.synchronize { @__implementation__ = implementation }
+  end
+
+  def __register__(implementation, ruby = false)
+    MUTEX.synchronize {
+      if ruby
+        @__ruby_implementations__.unshift(implementation)
+      else
+        @__implementations__.unshift(implementation)
+      end
+      __config_change__(false)
+      implementation
+    }
+  end
+
+  def __config_change__(lock = true)
+    MUTEX.lock if lock
+    @__implementation__ ||= nil
+    @__implementation__ = __pick_best_implementation__ if @__implementation__.nil? or @__implementation__.__ruby__? or not @__implementation__.__supported__?
+    MUTEX.unlock if lock
+  end
+
+  def xchacha20poly1305_aead_encrypt(key, nonce, aad, plaintext)
+    return (@__implementation__ || __implementation__).xchacha20poly1305_aead_encrypt(key, nonce, aad, plaintext)
+  end
+
+  def xchacha20poly1305_aead_decrypt(key, nonce, aad, ciphertext, tag)
+    return (@__implementation__ || __implementation__).xchacha20poly1305_aead_decrypt(key, nonce, aad, ciphertext, tag)
+  end
+
+private
+  def __pick_best_implementation__
+    implementation = nil
+    implementation = @__implementations__.detect do |mod|
+      next mod.__supported__?
+    end
+    implementation ||= @__ruby_implementations__.detect do |mod|
+      next mod.__supported__?
+    end
+    implementation ||= JOSE::JWA::XChaCha20Poly1305_Unsupported
+    return implementation
+  end
+
+end
+
+require 'jose/jwa/xchacha20poly1305_unsupported'
+require 'jose/jwa/xchacha20poly1305_rbnacl'