linzer 0.3.2 → 0.4.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/lib/linzer/ecdsa.rb +15 -7
- data/lib/linzer/message.rb +3 -1
- data/lib/linzer/signature.rb +6 -1
- data/lib/linzer/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e05d05474d794c882d28a6fb83949147497218f141ae1e40e6c07e750407b421
|
|
4
|
+
data.tar.gz: 58b26e247acd0ca13e9029ace69ebb7459f1639b7908733e07ac88566ac255d1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3af97f2888d5c4bd40900c490945590077604b93c954819c9308d2ab8fe767c491a08d2cbe5054aaced580a4da568a1d1cf11f82048048532feb5150dd59dfea
|
|
7
|
+
data.tar.gz: b4a47fd541623baef9582cc0b361975b504cc7824fd926f47f56f7f692f6a6d8dec0d8e4afdb5e64967d6e1d7a2107656165b95f383af5e902bddd26f0efe387
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,14 @@
|
|
|
1
1
|
## [Unreleased]
|
|
2
2
|
|
|
3
|
+
## [0.4.1] - 2024-03-25
|
|
4
|
+
|
|
5
|
+
- Fix one-off error on ECDSA P-256 and P-384 curve signature generation.
|
|
6
|
+
In some cases, an invalid signature of 63 or 95 bytes could be generated.
|
|
7
|
+
|
|
8
|
+
## [0.4.0] - 2024-03-16
|
|
9
|
+
|
|
10
|
+
- Add support for capitalized HTTP header names.
|
|
11
|
+
|
|
3
12
|
## [0.3.2] - 2024-03-16
|
|
4
13
|
|
|
5
14
|
- Force signature component name strings to be encoded as ASCII.
|
data/lib/linzer/ecdsa.rb
CHANGED
|
@@ -25,12 +25,12 @@ module Linzer
|
|
|
25
25
|
case digest
|
|
26
26
|
when "SHA256"
|
|
27
27
|
raise Linzer::Error.new(msg) if sig.length != 64
|
|
28
|
-
r_bn = OpenSSL::BN.new(sig[0..31].unpack1("
|
|
29
|
-
s_bn = OpenSSL::BN.new(sig[32..63].unpack1("
|
|
28
|
+
r_bn = OpenSSL::BN.new(sig[0..31].unpack1("H64").to_i(16))
|
|
29
|
+
s_bn = OpenSSL::BN.new(sig[32..63].unpack1("H64").to_i(16))
|
|
30
30
|
when "SHA384"
|
|
31
31
|
raise Linzer::Error.new(msg) if sig.length != 96
|
|
32
|
-
r_bn = OpenSSL::BN.new(sig[0..47].unpack1("
|
|
33
|
-
s_bn = OpenSSL::BN.new(sig[48..95].unpack1("
|
|
32
|
+
r_bn = OpenSSL::BN.new(sig[0..47].unpack1("H96").to_i(16))
|
|
33
|
+
s_bn = OpenSSL::BN.new(sig[48..95].unpack1("H96").to_i(16))
|
|
34
34
|
else
|
|
35
35
|
msg = "Cannot verify signature, unsupported digest algorithm: '%s'" % digest
|
|
36
36
|
raise Linzer::Error.new(msg)
|
|
@@ -44,13 +44,21 @@ module Linzer
|
|
|
44
44
|
end
|
|
45
45
|
|
|
46
46
|
def decode_der_signature(der_sig)
|
|
47
|
+
digest = @params[:digest]
|
|
48
|
+
msg = "Unsupported digest algorithm: '%s'" % digest
|
|
47
49
|
OpenSSL::ASN1
|
|
48
50
|
.decode(der_sig)
|
|
49
51
|
.value
|
|
50
|
-
.map
|
|
51
|
-
|
|
52
|
+
.map do |n|
|
|
53
|
+
case digest
|
|
54
|
+
when "SHA256" then "%.64x" % n.value
|
|
55
|
+
when "SHA384" then "%.96x" % n.value
|
|
56
|
+
else raise Linzer::Error.new(msg)
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
.map { |s| [s].pack("H#{s.length}") }
|
|
52
60
|
.reduce(:<<)
|
|
53
|
-
.
|
|
61
|
+
.encode(Encoding::ASCII_8BIT)
|
|
54
62
|
end
|
|
55
63
|
end
|
|
56
64
|
end
|
data/lib/linzer/message.rb
CHANGED
|
@@ -3,8 +3,10 @@
|
|
|
3
3
|
module Linzer
|
|
4
4
|
class Message
|
|
5
5
|
def initialize(request_data)
|
|
6
|
-
@headers = Hash(request_data[:headers].clone).freeze
|
|
7
6
|
@http = Hash(request_data[:http].clone).freeze
|
|
7
|
+
@headers = Hash(request_data.fetch(:headers, {})
|
|
8
|
+
.transform_keys(&:downcase)
|
|
9
|
+
.clone).freeze
|
|
8
10
|
freeze
|
|
9
11
|
end
|
|
10
12
|
|
data/lib/linzer/signature.rb
CHANGED
|
@@ -27,6 +27,8 @@ module Linzer
|
|
|
27
27
|
private :new
|
|
28
28
|
|
|
29
29
|
def build(headers, options = {})
|
|
30
|
+
basic_validate headers
|
|
31
|
+
headers.transform_keys!(&:downcase)
|
|
30
32
|
validate headers
|
|
31
33
|
|
|
32
34
|
input = parse_field(headers, "signature-input")
|
|
@@ -51,9 +53,12 @@ module Linzer
|
|
|
51
53
|
|
|
52
54
|
private
|
|
53
55
|
|
|
54
|
-
def
|
|
56
|
+
def basic_validate(headers)
|
|
55
57
|
raise Error.new "Cannot build signature: Request headers cannot be null" if headers.nil?
|
|
56
58
|
raise Error.new "Cannot build signature: No request headers found" if headers.empty?
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def validate(headers)
|
|
57
62
|
raise Error.new "Cannot build signature: No \"signature-input\" header found" unless headers.key?("signature-input")
|
|
58
63
|
raise Error.new "Cannot build signature: No \"signature\" header found" unless headers.key?("signature")
|
|
59
64
|
end
|
data/lib/linzer/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: linzer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Miguel Landaeta
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-03-
|
|
11
|
+
date: 2024-03-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ed25519
|