linzer 0.3.0 → 0.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/README.md +1 -1
- data/lib/linzer/ecdsa.rb +39 -2
- data/lib/linzer/key/helper.rb +1 -1
- data/lib/linzer/signature.rb +3 -1
- data/lib/linzer/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a250923256b7bc421d1d0af152f360709b54a349c3ff9b50d15463e38f3e72e5
|
4
|
+
data.tar.gz: 2b3875de00e05baf2314495f9b889b028f71d334c237f3c183e602ac64a25668
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c56717b6aa31d7f3ba2186e1865e7e1aa927f401df8931514f53de7969eb7a675d402a6519491d5446548cbabe57682d34fe6ace836278a36acf525b511a74c4
|
7
|
+
data.tar.gz: a5e3313e341c479b38f6975a06b430a509211acfc5e7d9d7fe71a802ca16d82ee548b8d19270dfd6c0a4e8c480ea81ae39a6353bd7745f795274c7d529639048
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -60,7 +60,7 @@ lib/linzer/verifier.rb:34:in `verify_or_fail': Failed to verify message: Invalid
|
|
60
60
|
|
61
61
|
For now, to consult additional details, just take a look at source code and/or the unit tests.
|
62
62
|
|
63
|
-
Please note that is still early days and extensive testing is still ongoing. For now only the following algorithms are supported: RSASSA-PSS using SHA-512, HMAC-SHA256, Ed25519 and ECDSA P-256
|
63
|
+
Please note that is still early days and extensive testing is still ongoing. For now only the following algorithms are supported: RSASSA-PSS using SHA-512, HMAC-SHA256, Ed25519 and ECDSA (P-256 and P-384 curves).
|
64
64
|
|
65
65
|
I'll be expanding the library to cover more functionality specified in the RFC
|
66
66
|
in subsequent releases.
|
data/lib/linzer/ecdsa.rb
CHANGED
@@ -9,11 +9,48 @@ module Linzer
|
|
9
9
|
end
|
10
10
|
|
11
11
|
def sign(data)
|
12
|
-
material.sign(@params[:digest], data)
|
12
|
+
decode_der_signature(material.sign(@params[:digest], data))
|
13
13
|
end
|
14
14
|
|
15
15
|
def verify(signature, data)
|
16
|
-
material.verify(@params[:digest], signature, data)
|
16
|
+
material.verify(@params[:digest], der_signature(signature), data)
|
17
|
+
end
|
18
|
+
|
19
|
+
private
|
20
|
+
|
21
|
+
def der_signature(sig)
|
22
|
+
digest = @params[:digest]
|
23
|
+
msg = "Cannot verify invalid signature."
|
24
|
+
|
25
|
+
case digest
|
26
|
+
when "SHA256"
|
27
|
+
raise Linzer::Error.new(msg) if sig.length != 64
|
28
|
+
r_bn = OpenSSL::BN.new(sig[0..31].unpack1("H*").to_i(16))
|
29
|
+
s_bn = OpenSSL::BN.new(sig[32..63].unpack1("H*").to_i(16))
|
30
|
+
when "SHA384"
|
31
|
+
raise Linzer::Error.new(msg) if sig.length != 96
|
32
|
+
r_bn = OpenSSL::BN.new(sig[0..47].unpack1("H*").to_i(16))
|
33
|
+
s_bn = OpenSSL::BN.new(sig[48..95].unpack1("H*").to_i(16))
|
34
|
+
else
|
35
|
+
msg = "Cannot verify signature, unsupported digest algorithm: '%s'" % digest
|
36
|
+
raise Linzer::Error.new(msg)
|
37
|
+
end
|
38
|
+
|
39
|
+
r = OpenSSL::ASN1::Integer(r_bn)
|
40
|
+
s = OpenSSL::ASN1::Integer(s_bn)
|
41
|
+
|
42
|
+
seq = OpenSSL::ASN1::Sequence.new([r, s])
|
43
|
+
seq.to_der
|
44
|
+
end
|
45
|
+
|
46
|
+
def decode_der_signature(der_sig)
|
47
|
+
OpenSSL::ASN1
|
48
|
+
.decode(der_sig)
|
49
|
+
.value
|
50
|
+
.map { |n| n.value.to_s(16) }
|
51
|
+
.map { |s| [s].pack("H*") }
|
52
|
+
.reduce(:<<)
|
53
|
+
.force_encoding(Encoding::ASCII_8BIT)
|
17
54
|
end
|
18
55
|
end
|
19
56
|
end
|
data/lib/linzer/key/helper.rb
CHANGED
@@ -63,7 +63,7 @@ module Linzer
|
|
63
63
|
# https://www.rfc-editor.org/rfc/rfc4492.html#appendix-A
|
64
64
|
# Table 6: Equivalent curves defined by SECG, ANSI, and NIST
|
65
65
|
# secp384r1 | | NIST P-384
|
66
|
-
def
|
66
|
+
def generate_ecdsa_p384_sha384_key(key_id = nil)
|
67
67
|
material = OpenSSL::PKey::EC.generate("secp384r1")
|
68
68
|
Linzer::ECDSA::Key.new(material, id: key_id, digest: "SHA384")
|
69
69
|
end
|
data/lib/linzer/signature.rb
CHANGED
@@ -36,7 +36,9 @@ module Linzer
|
|
36
36
|
signature = parse_field(headers, "signature")
|
37
37
|
fail_with_signature_not_found label unless signature.key?(label)
|
38
38
|
|
39
|
-
raw_signature =
|
39
|
+
raw_signature =
|
40
|
+
signature[label].value
|
41
|
+
.force_encoding(Encoding::ASCII_8BIT)
|
40
42
|
|
41
43
|
fail_due_invalid_components unless input[label].value.respond_to?(:each)
|
42
44
|
|
data/lib/linzer/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: linzer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Miguel Landaeta
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-02
|
11
|
+
date: 2024-03-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ed25519
|