linzer 0.3.2 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/lib/linzer/ecdsa.rb +15 -7
- data/lib/linzer/message.rb +3 -1
- data/lib/linzer/signature.rb +6 -1
- data/lib/linzer/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e05d05474d794c882d28a6fb83949147497218f141ae1e40e6c07e750407b421
|
|
4
|
+
data.tar.gz: 58b26e247acd0ca13e9029ace69ebb7459f1639b7908733e07ac88566ac255d1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3af97f2888d5c4bd40900c490945590077604b93c954819c9308d2ab8fe767c491a08d2cbe5054aaced580a4da568a1d1cf11f82048048532feb5150dd59dfea
|
|
7
|
+
data.tar.gz: b4a47fd541623baef9582cc0b361975b504cc7824fd926f47f56f7f692f6a6d8dec0d8e4afdb5e64967d6e1d7a2107656165b95f383af5e902bddd26f0efe387
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,14 @@
|
|
|
1
1
|
## [Unreleased]
|
|
2
2
|
|
|
3
|
+
## [0.4.1] - 2024-03-25
|
|
4
|
+
|
|
5
|
+
- Fix one-off error on ECDSA P-256 and P-384 curve signature generation.
|
|
6
|
+
In some cases, an invalid signature of 63 or 95 bytes could be generated.
|
|
7
|
+
|
|
8
|
+
## [0.4.0] - 2024-03-16
|
|
9
|
+
|
|
10
|
+
- Add support for capitalized HTTP header names.
|
|
11
|
+
|
|
3
12
|
## [0.3.2] - 2024-03-16
|
|
4
13
|
|
|
5
14
|
- Force signature component name strings to be encoded as ASCII.
|
data/lib/linzer/ecdsa.rb
CHANGED
|
@@ -25,12 +25,12 @@ module Linzer
|
|
|
25
25
|
case digest
|
|
26
26
|
when "SHA256"
|
|
27
27
|
raise Linzer::Error.new(msg) if sig.length != 64
|
|
28
|
-
r_bn = OpenSSL::BN.new(sig[0..31].unpack1("
|
|
29
|
-
s_bn = OpenSSL::BN.new(sig[32..63].unpack1("
|
|
28
|
+
r_bn = OpenSSL::BN.new(sig[0..31].unpack1("H64").to_i(16))
|
|
29
|
+
s_bn = OpenSSL::BN.new(sig[32..63].unpack1("H64").to_i(16))
|
|
30
30
|
when "SHA384"
|
|
31
31
|
raise Linzer::Error.new(msg) if sig.length != 96
|
|
32
|
-
r_bn = OpenSSL::BN.new(sig[0..47].unpack1("
|
|
33
|
-
s_bn = OpenSSL::BN.new(sig[48..95].unpack1("
|
|
32
|
+
r_bn = OpenSSL::BN.new(sig[0..47].unpack1("H96").to_i(16))
|
|
33
|
+
s_bn = OpenSSL::BN.new(sig[48..95].unpack1("H96").to_i(16))
|
|
34
34
|
else
|
|
35
35
|
msg = "Cannot verify signature, unsupported digest algorithm: '%s'" % digest
|
|
36
36
|
raise Linzer::Error.new(msg)
|
|
@@ -44,13 +44,21 @@ module Linzer
|
|
|
44
44
|
end
|
|
45
45
|
|
|
46
46
|
def decode_der_signature(der_sig)
|
|
47
|
+
digest = @params[:digest]
|
|
48
|
+
msg = "Unsupported digest algorithm: '%s'" % digest
|
|
47
49
|
OpenSSL::ASN1
|
|
48
50
|
.decode(der_sig)
|
|
49
51
|
.value
|
|
50
|
-
.map
|
|
51
|
-
|
|
52
|
+
.map do |n|
|
|
53
|
+
case digest
|
|
54
|
+
when "SHA256" then "%.64x" % n.value
|
|
55
|
+
when "SHA384" then "%.96x" % n.value
|
|
56
|
+
else raise Linzer::Error.new(msg)
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
.map { |s| [s].pack("H#{s.length}") }
|
|
52
60
|
.reduce(:<<)
|
|
53
|
-
.
|
|
61
|
+
.encode(Encoding::ASCII_8BIT)
|
|
54
62
|
end
|
|
55
63
|
end
|
|
56
64
|
end
|
data/lib/linzer/message.rb
CHANGED
|
@@ -3,8 +3,10 @@
|
|
|
3
3
|
module Linzer
|
|
4
4
|
class Message
|
|
5
5
|
def initialize(request_data)
|
|
6
|
-
@headers = Hash(request_data[:headers].clone).freeze
|
|
7
6
|
@http = Hash(request_data[:http].clone).freeze
|
|
7
|
+
@headers = Hash(request_data.fetch(:headers, {})
|
|
8
|
+
.transform_keys(&:downcase)
|
|
9
|
+
.clone).freeze
|
|
8
10
|
freeze
|
|
9
11
|
end
|
|
10
12
|
|
data/lib/linzer/signature.rb
CHANGED
|
@@ -27,6 +27,8 @@ module Linzer
|
|
|
27
27
|
private :new
|
|
28
28
|
|
|
29
29
|
def build(headers, options = {})
|
|
30
|
+
basic_validate headers
|
|
31
|
+
headers.transform_keys!(&:downcase)
|
|
30
32
|
validate headers
|
|
31
33
|
|
|
32
34
|
input = parse_field(headers, "signature-input")
|
|
@@ -51,9 +53,12 @@ module Linzer
|
|
|
51
53
|
|
|
52
54
|
private
|
|
53
55
|
|
|
54
|
-
def
|
|
56
|
+
def basic_validate(headers)
|
|
55
57
|
raise Error.new "Cannot build signature: Request headers cannot be null" if headers.nil?
|
|
56
58
|
raise Error.new "Cannot build signature: No request headers found" if headers.empty?
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def validate(headers)
|
|
57
62
|
raise Error.new "Cannot build signature: No \"signature-input\" header found" unless headers.key?("signature-input")
|
|
58
63
|
raise Error.new "Cannot build signature: No \"signature\" header found" unless headers.key?("signature")
|
|
59
64
|
end
|
data/lib/linzer/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: linzer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Miguel Landaeta
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-03-
|
|
11
|
+
date: 2024-03-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ed25519
|