linzer 0.3.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/README.md +1 -1
  4. data/lib/linzer/ecdsa.rb +39 -2
  5. data/lib/linzer/key/helper.rb +1 -1
  6. data/lib/linzer/signature.rb +3 -1
  7. data/lib/linzer/version.rb +1 -1
  8. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 22298d26596b660ac67a7f039ed0d05cc41715a5413c4583a4703ce452e6548c
4
- data.tar.gz: 735d31e3752eea02207baa7e093bd18a114281f4c493acf98cd7451d73e03fff
3
+ metadata.gz: a250923256b7bc421d1d0af152f360709b54a349c3ff9b50d15463e38f3e72e5
4
+ data.tar.gz: 2b3875de00e05baf2314495f9b889b028f71d334c237f3c183e602ac64a25668
5
5
  SHA512:
6
- metadata.gz: 81428b963ffaa3f39e86ed28e52927923998aaeeb07f773a852bb01abe9272f812c8b0a593813293908845f57799c849163da00d4ae4ca2ef62d36687055ce81
7
- data.tar.gz: 3f91ef995bd53bda69832e774ce383cf55a8ef903ffe615e8dbb1a586cf437b85a3d98f8082f39311a6757a3bd4f2657ac4b5d73c3270b4a4534ea571b9e8427
6
+ metadata.gz: c56717b6aa31d7f3ba2186e1865e7e1aa927f401df8931514f53de7969eb7a675d402a6519491d5446548cbabe57682d34fe6ace836278a36acf525b511a74c4
7
+ data.tar.gz: a5e3313e341c479b38f6975a06b430a509211acfc5e7d9d7fe71a802ca16d82ee548b8d19270dfd6c0a4e8c480ea81ae39a6353bd7745f795274c7d529639048
data/CHANGELOG.md CHANGED
@@ -1,5 +1,9 @@
1
1
  ## [Unreleased]
2
2
 
3
+ ## [0.3.1] - 2024-03-02
4
+
5
+ - Fix incorrect signing and verifying for ECDSA P-256 and P-384 curves.
6
+
3
7
  ## [0.3.0] - 2024-02-28
4
8
 
5
9
  - Add support for the following algorithms: Ed25519, HMAC-SHA256 and
data/README.md CHANGED
@@ -60,7 +60,7 @@ lib/linzer/verifier.rb:34:in `verify_or_fail': Failed to verify message: Invalid
60
60
 
61
61
  For now, to consult additional details, just take a look at source code and/or the unit tests.
62
62
 
63
- Please note that is still early days and extensive testing is still ongoing. For now only the following algorithms are supported: RSASSA-PSS using SHA-512, HMAC-SHA256, Ed25519 and ECDSA P-256 curve. ECDSA P-384 curve was also added but not tested yet.
63
+ Please note that is still early days and extensive testing is still ongoing. For now only the following algorithms are supported: RSASSA-PSS using SHA-512, HMAC-SHA256, Ed25519 and ECDSA (P-256 and P-384 curves).
64
64
 
65
65
  I'll be expanding the library to cover more functionality specified in the RFC
66
66
  in subsequent releases.
data/lib/linzer/ecdsa.rb CHANGED
@@ -9,11 +9,48 @@ module Linzer
9
9
  end
10
10
 
11
11
  def sign(data)
12
- material.sign(@params[:digest], data)
12
+ decode_der_signature(material.sign(@params[:digest], data))
13
13
  end
14
14
 
15
15
  def verify(signature, data)
16
- material.verify(@params[:digest], signature, data)
16
+ material.verify(@params[:digest], der_signature(signature), data)
17
+ end
18
+
19
+ private
20
+
21
+ def der_signature(sig)
22
+ digest = @params[:digest]
23
+ msg = "Cannot verify invalid signature."
24
+
25
+ case digest
26
+ when "SHA256"
27
+ raise Linzer::Error.new(msg) if sig.length != 64
28
+ r_bn = OpenSSL::BN.new(sig[0..31].unpack1("H*").to_i(16))
29
+ s_bn = OpenSSL::BN.new(sig[32..63].unpack1("H*").to_i(16))
30
+ when "SHA384"
31
+ raise Linzer::Error.new(msg) if sig.length != 96
32
+ r_bn = OpenSSL::BN.new(sig[0..47].unpack1("H*").to_i(16))
33
+ s_bn = OpenSSL::BN.new(sig[48..95].unpack1("H*").to_i(16))
34
+ else
35
+ msg = "Cannot verify signature, unsupported digest algorithm: '%s'" % digest
36
+ raise Linzer::Error.new(msg)
37
+ end
38
+
39
+ r = OpenSSL::ASN1::Integer(r_bn)
40
+ s = OpenSSL::ASN1::Integer(s_bn)
41
+
42
+ seq = OpenSSL::ASN1::Sequence.new([r, s])
43
+ seq.to_der
44
+ end
45
+
46
+ def decode_der_signature(der_sig)
47
+ OpenSSL::ASN1
48
+ .decode(der_sig)
49
+ .value
50
+ .map { |n| n.value.to_s(16) }
51
+ .map { |s| [s].pack("H*") }
52
+ .reduce(:<<)
53
+ .force_encoding(Encoding::ASCII_8BIT)
17
54
  end
18
55
  end
19
56
  end
data/lib/linzer/key/helper.rb CHANGED
@@ -63,7 +63,7 @@ module Linzer
63
63
  # https://www.rfc-editor.org/rfc/rfc4492.html#appendix-A
64
64
  # Table 6: Equivalent curves defined by SECG, ANSI, and NIST
65
65
  # secp384r1 | | NIST P-384
66
- def generate_ecdsa_p384_sha256_key(key_id = nil)
66
+ def generate_ecdsa_p384_sha384_key(key_id = nil)
67
67
  material = OpenSSL::PKey::EC.generate("secp384r1")
68
68
  Linzer::ECDSA::Key.new(material, id: key_id, digest: "SHA384")
69
69
  end
data/lib/linzer/signature.rb CHANGED
@@ -36,7 +36,9 @@ module Linzer
36
36
  signature = parse_field(headers, "signature")
37
37
  fail_with_signature_not_found label unless signature.key?(label)
38
38
 
39
- raw_signature = signature[label].value
39
+ raw_signature =
40
+ signature[label].value
41
+ .force_encoding(Encoding::ASCII_8BIT)
40
42
 
41
43
  fail_due_invalid_components unless input[label].value.respond_to?(:each)
42
44
 
data/lib/linzer/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Linzer
4
- VERSION = "0.3.0"
4
+ VERSION = "0.3.1"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: linzer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Miguel Landaeta
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-02-29 00:00:00.000000000 Z
11
+ date: 2024-03-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ed25519