openssl-signature_algorithm 0.1.0 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 76f8dacd6dc7e43d630421e43c7e2849bb99bf857bdedd10a732b04122cf2499
-  data.tar.gz: 8030c5dfcc2c70ae600778cebcc9bb02d7d70fb28b345b67608dc8fa14b65f81
+  metadata.gz: 14fbf64f6f493adb44ffe4e2f8dc537a8800a6af79c7716c85a49eaab5664ce0
+  data.tar.gz: 700d2d7ebfa40f05f004735eca6dc938066b69a02015c2b2cca0349db1b330ed
 SHA512:
-  metadata.gz: 0c04ce36ef91da99f985f22154842e5cdc3440bf7c74e2e94ec819e8774f0cfc7f216e241f61d4b4ed87da48aaad288db12e2b33a3590c5aa1a31f694db6af32
-  data.tar.gz: 7335e381e291719ef449ba8967b0a1417262ccc3f37fe139b36a757842cf8e5e5d346b605c72ef276c445c21e41415edb5ab3e02efa03dc8a6600f4c03b177e5
+  metadata.gz: dd9b7bd8aca161cc531427cb7b2b2e0dfcc5143b5d4443069f95bf4d135fb5d936806372de7c5ed8f91739c8ebe7b1e98f8268bd1186df4061a1a587fc722b3c
+  data.tar.gz: 36ceaa919dbd5dfda0dfcf90848c53d5e9eeed9be7cc1eaafdf1d15c5351b4f9782ee4c501c40cad9db147b6c1955f1c8ce3405cd4a49ccb9cf741e5878512b3

data/.gitignore

@@ -9,3 +9,6 @@
 
 # rspec failure tracking
 .rspec_status
+.byebug_history
+
+/gemfiles/*.gemfile.lock

data/.rspec

@@ -1,3 +1,4 @@
 --format documentation
 --color
 --require spec_helper
+--order random

data/.rubocop.yml

@@ -1,6 +1,8 @@
 AllCops:
-  TargetRubyVersion: 2.5
+  TargetRubyVersion: 2.4
   DisabledByDefault: true
+  Exclude:
+    - "gemfiles/**/*"
 
 Bundler:
   Enabled: true
@@ -26,9 +28,6 @@ Security:
 Style/BlockComments:
   Enabled: true
 
-Style/BracesAroundHashParameters:
-  Enabled: true
-
 Style/CaseEquality:
   Enabled: true
 

data/.travis.yml

@@ -1,8 +1,24 @@
 ---
+dist: bionic
 language: ruby
 cache: bundler
 rvm:
-  - 2.7.0
-  - 2.6.5
-  - 2.5.7
-before_install: gem install bundler -v 2.1.4
+  - ruby-head
+  - 2.7.1
+  - 2.6.6
+  - 2.5.8
+  - 2.4.10
+gemfile:
+  - gemfiles/openssl_head.gemfile
+  - gemfiles/openssl_2_2.gemfile
+  - gemfiles/openssl_2_1.gemfile
+  - gemfiles/openssl_2_0.gemfile
+  - gemfiles/openssl_default.gemfile
+matrix:
+  fast_finish: true
+  allow_failures:
+    - rvm: ruby-head
+    - gemfile: gemfiles/openssl_head.gemfile
+before_install:
+  - gem install bundler -v 2.1.4
+  - rm Gemfile.lock

data/Appraisals

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+appraise "openssl_head" do
+  gem "openssl", git: "https://github.com/ruby/openssl"
+end
+
+appraise "openssl_2_2" do
+  gem "openssl", "~> 2.2.0"
+end
+
+appraise "openssl_2_1" do
+  gem "openssl", "~> 2.1.0"
+end
+
+appraise "openssl_2_0" do
+  gem "openssl", "~> 2.0.0"
+end
+
+appraise "openssl_default" do
+end

data/CHANGELOG.md

@@ -0,0 +1,80 @@
+# Changelog
+
+## [v1.0.0] - 2020-07-08
+
+### Added
+
+- ECDSA with **secp256k1** curve support added:
+  ```rb
+  OpenSSL::SignatureAlgorithm::ECDSA.new(curve: "secp256k1")
+  ```
+- Algorithm **arguments** are now **optional**. The following works:
+
+  ```rb
+  OpenSSL::SignatureAlgorithm::ECDSA.new
+  # defaults to ECDSA with SHA-256 and NIST P256 curve
+  # Same as OpenSSL::SignatureAlgorithm::ECDSA.new(hash_function: "SHA256", curve: "prime256v1")
+
+  OpenSSL::SignatureAlgorithm::RSAPSS.new
+  # defaults to SHA-256
+  # Same as OpenSSL::SignatureAlgorithm::RSAPSS.new(hash_function: "SHA256")
+
+  OpenSSL::SignatureAlgorithm::RSAPKCS1.new
+  # defaults to SHA-256
+  # Same as OpenSSL::SignatureAlgorithm::RSAPSS.new(hash_function: "SHA256")
+  ```
+
+### Changed
+
+- Algorithm **instantiation** changed. The positional argument `digest_length` is replaced with keyword arguments, `hash_function:` for RSA algorithms and `hash_function:` and `curve:` for ECDSA. None are required arguments, you get sane defaults if you don't provide any arguments. Code migration examples:
+  ```rb
+  # Change this
+  # OpenSSL::SignatureAlgorithm::ECDSA.new("256")
+  # to
+  OpenSSL::SignatureAlgorithm::ECDSA.new(hash_function: "SHA256")
+  ```
+  ```rb
+  # Change this
+  # OpenSSL::SignatureAlgorithm::RSAPSS.new("384")
+  # to
+  OpenSSL::SignatureAlgorithm::RSAPSS.new(hash_function: "SHA384")
+  ```
+
+## [v0.4.0] - 2020-01-31
+
+### Added
+
+- `VerifyKey` serialization and deserialization for easy transmission over the network
+
+## [v0.3.0] - 2020-01-30
+
+### Added
+
+- Support ruby v2.4 (without RSA-PSS)
+
+## [v0.2.0] - 2020-01-29
+
+### Added
+
+- `OpenSSL::SignatureAlgorithm::ECDSA#verify` now supports raw (non DER) signatures
+
+## [v0.1.1] - 2020-01-29
+
+### Fixed
+
+- Fixed error in `OpenSSL::SignatureAlgorithm::RSAPSS#sign`
+
+## [v0.1.0] - 2020-01-29
+
+### Added
+
+- `OpenSSL::SignatureAlgorithm::ECDSA`
+- `OpenSSL::SignatureAlgorithm::RSAPSS`
+- `OpenSSL::SignatureAlgorithm::RSAPKCS1`
+
+[v1.0.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v0.4.0...v1.0.0/
+[v0.4.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v0.3.0...v0.4.0/
+[v0.3.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v0.2.0...v0.3.0/
+[v0.2.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v0.1.1...v0.2.0/
+[v0.1.1]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v0.1.0...v0.1.1/
+[v0.1.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/41887c277dc7fa0c884ccf8924cf990ff76784d9...v0.1.0/

data/Gemfile

@@ -5,6 +5,8 @@ source "https://rubygems.org"
 # Specify your gem's dependencies in openssl-signature_algorithm.gemspec
 gemspec
 
-gem "rake", "~> 12.0"
+gem "appraisal", "~> 2.2"
+gem "byebug", "~> 11.0"
+gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"
-gem "rubocop", "~> 0.79.0"
+gem "rubocop", "~> 0.80.1"

data/Gemfile.lock

@@ -1,50 +1,60 @@
 PATH
   remote: .
   specs:
-    openssl-signature_algorithm (0.1.0)
+    openssl-signature_algorithm (1.0.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
+    appraisal (2.2.0)
+      bundler
+      rake
+      thor (>= 0.14.0)
     ast (2.4.0)
+    byebug (11.1.1)
     diff-lcs (1.3)
     jaro_winkler (1.5.4)
     parallel (1.19.1)
-    parser (2.7.0.2)
+    parser (2.7.0.5)
       ast (~> 2.4.0)
     rainbow (3.0.0)
-    rake (12.3.3)
+    rake (13.0.1)
+    rexml (3.2.4)
     rspec (3.9.0)
       rspec-core (~> 3.9.0)
       rspec-expectations (~> 3.9.0)
       rspec-mocks (~> 3.9.0)
     rspec-core (3.9.1)
       rspec-support (~> 3.9.1)
-    rspec-expectations (3.9.0)
+    rspec-expectations (3.9.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
     rspec-mocks (3.9.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
     rspec-support (3.9.2)
-    rubocop (0.79.0)
+    rubocop (0.80.1)
       jaro_winkler (~> 1.5.1)
       parallel (~> 1.10)
       parser (>= 2.7.0.1)
       rainbow (>= 2.2.2, < 4.0)
+      rexml
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 1.7)
     ruby-progressbar (1.10.1)
+    thor (1.0.1)
     unicode-display_width (1.6.1)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
+  appraisal (~> 2.2)
+  byebug (~> 11.0)
   openssl-signature_algorithm!
-  rake (~> 12.0)
+  rake (~> 13.0)
   rspec (~> 3.0)
-  rubocop (~> 0.79.0)
+  rubocop (~> 0.80.1)
 
 BUNDLED WITH
    2.1.4

data/README.md

@@ -1,8 +1,16 @@
 # OpenSSL::SignatureAlgorithm
 
-This tiny library introduces `OpenSSL::SignatureAlgorithm::ECDSA`, `OpenSSL::SignatureAlgorithm::RSAPSS` and `OpenSSL::SignatureAlgorithm::RSAPKCS1`, so that you can reason in terms of signature algorithms when signing and/or verifying signatures―instead of keys.
+> ECDSA, RSA-PSS and RSA-PKCS#1 signature algorithms for ruby
 
-This provides a higher level of abstraction, on top of `openssl`'s gem `OpenSSL::PKey::EC`, `OpenSSL::PKey::EC::Point` and `OpenSSL::PKey::RSA`.
+Sign and verify using signature algorithm wrappers, instead of key objects.
+
+Provides `OpenSSL::SignatureAlgorithm::ECDSA`, `OpenSSL::SignatureAlgorithm::RSAPSS`
+and `OpenSSL::SignatureAlgorithm::RSAPKCS1` ruby object wrappers on top of `OpenSSL::PKey::EC`
+and `OpenSSL::PKey::RSA`, so that you can reason in terms of the algorithms and do less when
+signing or verifying signatures.
+
+[![Gem](https://img.shields.io/gem/v/openssl-signature_algorithm.svg?style=flat-square&color=informational)](https://rubygems.org/gems/openssl-signature_algorithm)
+[![Travis](https://img.shields.io/travis/cedarcode/openssl-signature_algorithm/master.svg?style=flat-square)](https://travis-ci.org/cedarcode/openssl-signature_algorithm)
 
 ## Installation
 
@@ -28,15 +36,16 @@ Or install it yourself as:
 to_be_signed = "to-be-signed"
 
 # Signer
-algorithm = OpenSSL::SignatureAlgorithm::ECDSA.new("256")
+algorithm = OpenSSL::SignatureAlgorithm::ECDSA.new
 signing_key = algorithm.generate_signing_key
 signature = algorithm.sign(to_be_signed)
 
 # Signer sends verify key to Verifier
-verify_key = signing_key.verify_key
+verify_key_string = signing_key.verify_key.serialize
 
 # Verifier
-algorithm = OpenSSL::SignatureAlgorithm::ECDSA.new("256")
+verify_key = OpenSSL::SignatureAlgorithm::ECDSA::VerifyKey.deserialize(verify_key_string)
+algorithm = OpenSSL::SignatureAlgorithm::ECDSA.new
 algorithm.verify_key = verify_key
 algorithm.verify(signature, to_be_signed)
 ```
@@ -47,15 +56,16 @@ algorithm.verify(signature, to_be_signed)
 to_be_signed = "to-be-signed"
 
 # Signer
-algorithm = OpenSSL::SignatureAlgorithm::RSAPSS.new("256")
+algorithm = OpenSSL::SignatureAlgorithm::RSAPSS.new
 signing_key = algorithm.generate_signing_key
 signature = algorithm.sign(to_be_signed)
 
 # Signer sends verify key to Verifier
-verify_key = signing_key.verify_key
+verify_key_string = signing_key.verify_key.serialize
 
 # Verifier
-algorithm = OpenSSL::SignatureAlgorithm::RSAPSS.new("256")
+verify_key = OpenSSL::SignatureAlgorithm::RSAPSS::VerifyKey.deserialize(verify_key_string)
+algorithm = OpenSSL::SignatureAlgorithm::RSAPSS.new
 algorithm.verify_key = verify_key
 algorithm.verify(signature, to_be_signed)
 ```
@@ -66,15 +76,16 @@ algorithm.verify(signature, to_be_signed)
 to_be_signed = "to-be-signed"
 
 # Signer
-algorithm = OpenSSL::SignatureAlgorithm::RSAPKCS1.new("256")
+algorithm = OpenSSL::SignatureAlgorithm::RSAPKCS1.new
 signing_key = algorithm.generate_signing_key
 signature = algorithm.sign(to_be_signed)
 
 # Signer sends verify key to Verifier
-verify_key = signing_key.verify_key
+verify_key_string = signing_key.verify_key.serialize
 
 # Verifier
-algorithm = OpenSSL::SignatureAlgorithm::RSAPKCS1.new("256")
+verify_key = OpenSSL::SignatureAlgorithm::RSAPKCS1::VerifyKey.deserialize(verify_key_string)
+algorithm = OpenSSL::SignatureAlgorithm::RSAPKCS1.new
 algorithm.verify_key = verify_key
 algorithm.verify(signature, to_be_signed)
 ```

data/gemfiles/.bundle/config

@@ -0,0 +1,2 @@
+---
+BUNDLE_RETRY: "1"

data/gemfiles/openssl_2_0.gemfile

@@ -0,0 +1,12 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "appraisal", "~> 2.2"
+gem "byebug", "~> 11.0"
+gem "rake", "~> 13.0"
+gem "rspec", "~> 3.0"
+gem "rubocop", "~> 0.80.1"
+gem "openssl", "~> 2.0.0"
+
+gemspec path: "../"

data/gemfiles/openssl_2_1.gemfile

@@ -0,0 +1,12 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "appraisal", "~> 2.2"
+gem "byebug", "~> 11.0"
+gem "rake", "~> 13.0"
+gem "rspec", "~> 3.0"
+gem "rubocop", "~> 0.80.1"
+gem "openssl", "~> 2.1.0"
+
+gemspec path: "../"

data/gemfiles/openssl_2_2.gemfile

@@ -0,0 +1,12 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "appraisal", "~> 2.2"
+gem "byebug", "~> 11.0"
+gem "rake", "~> 13.0"
+gem "rspec", "~> 3.0"
+gem "rubocop", "~> 0.80.1"
+gem "openssl", "~> 2.2.0"
+
+gemspec path: "../"

data/gemfiles/openssl_default.gemfile

@@ -0,0 +1,11 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "appraisal", "~> 2.2"
+gem "byebug", "~> 11.0"
+gem "rake", "~> 13.0"
+gem "rspec", "~> 3.0"
+gem "rubocop", "~> 0.80.1"
+
+gemspec path: "../"

data/gemfiles/openssl_head.gemfile

@@ -0,0 +1,12 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "appraisal", "~> 2.2"
+gem "byebug", "~> 11.0"
+gem "rake", "~> 13.0"
+gem "rspec", "~> 3.0"
+gem "rubocop", "~> 0.80.1"
+gem "openssl", git: "https://github.com/ruby/openssl"
+
+gemspec path: "../"

data/lib/openssl/signature_algorithm/base.rb

@@ -5,25 +5,39 @@ require "openssl/signature_algorithm/error"
 
 module OpenSSL
   module SignatureAlgorithm
+    class SignatureVerificationError < Error; end
+    class UnsupportedParameterError < Error; end
+    class VerifyKeyError < Error; end
+
     class Base
-      attr_reader :digest_length, :signing_key
-      attr_accessor :verify_key
+      attr_reader :signing_key, :verify_key
 
-      def initialize(digest_length)
-        @digest_length = digest_length
+      def verify_key=(key)
+        if compatible_verify_key?(key)
+          @verify_key = key
+        else
+          raise(OpenSSL::SignatureAlgorithm::VerifyKeyError, "Incompatible verify key for algorithm")
+        end
       end
 
-      def sign(data)
-        signing_key.sign(hash_function, data)
+      def compatible_verify_key?(verify_key)
+        verify_key.respond_to?(:verify)
       end
 
-      def hash_function
-        OpenSSL::Digest.new("sha#{digest_length}")
+      def sign(data)
+        signing_key.sign(hash_function, data)
       end
 
       def verify(signature, verification_data)
-        verify_key.verify(hash_function, signature, verification_data) ||
-          raise(OpenSSL::SignatureAlgorithm::Error, "Signature verification failed")
+        formatted_signature =
+          if respond_to?(:formatted_signature, true)
+            formatted_signature(signature)
+          else
+            signature
+          end
+
+        verify_key.verify(hash_function, formatted_signature, verification_data) ||
+          raise(OpenSSL::SignatureAlgorithm::SignatureVerificationError, "Signature verification failed")
       end
     end
   end

data/lib/openssl/signature_algorithm/ecdsa.rb

@@ -6,6 +6,8 @@ require "openssl/signature_algorithm/base"
 module OpenSSL
   module SignatureAlgorithm
     class ECDSA < Base
+      BYTE_LENGTH = 8
+
       class SigningKey < OpenSSL::PKey::EC
         def initialize(*args)
           super(*args).generate_key
@@ -17,27 +19,93 @@ module OpenSSL
       end
 
       class VerifyKey < OpenSSL::PKey::EC::Point
-        def verify(*args)
-          ec_key = OpenSSL::PKey::EC.new(group)
-          ec_key.public_key = self
+        def self.deserialize(pem_string)
+          new(OpenSSL::PKey::EC.new(pem_string).public_key)
+        end
 
+        def serialize
+          ec_key.to_pem
+        end
+
+        def ec_key
+          @ec_key ||=
+            begin
+              ec_key = OpenSSL::PKey::EC.new(group)
+              ec_key.public_key = self
+
+              ec_key
+            end
+        end
+
+        def verify(*args)
           ec_key.verify(*args)
         end
       end
 
-      CURVE_BY_DIGEST_LENGTH = {
-        "256" => "prime256v1",
-        "384" => "secp384r1",
-        "512" => "secp521r1"
-      }.freeze
+      ACCEPTED_PARAMETERS = [
+        { curve: "prime256v1", hash_function: "SHA256" },
+        { curve: "secp384r1", hash_function: "SHA384" },
+        { curve: "secp521r1", hash_function: "SHA512" },
+        { curve: "secp256k1", hash_function: "SHA256" }
+      ].freeze
+
+      attr_reader :curve, :hash_function
+
+      def initialize(curve: nil, hash_function: nil)
+        @curve, @hash_function = pick_parameters(curve, hash_function)
+      end
 
       def generate_signing_key
-        @signing_key = SigningKey.new(curve_name)
+        @signing_key = SigningKey.new(curve)
       end
 
-      def curve_name
-        CURVE_BY_DIGEST_LENGTH[digest_length] ||
-          raise(OpenSSL::SignatureAlgorithm::Error, "Unsupported digest length #{digest_length}")
+      def compatible_verify_key?(key)
+        super && key.respond_to?(:group) && key.group.curve_name == curve
+      end
+
+      private
+
+      # Borrowed from jwt rubygem.
+      # https://github.com/jwt/ruby-jwt/blob/7a6a3f1dbaff806993156d1dff9c217bb2523ff8/lib/jwt/security_utils.rb#L34-L39
+      #
+      # Hopefully this will be provided by openssl rubygem in the future.
+      def formatted_signature(signature)
+        n = (verify_key_length.to_f / BYTE_LENGTH).ceil
+
+        if signature.size == n * 2
+          r = signature[0..(n - 1)]
+          s = signature[n..-1]
+
+          OpenSSL::ASN1::Sequence.new([r, s].map { |int| OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(int, 2)) }).to_der
+        else
+          signature
+        end
+      end
+
+      def verify_key_length
+        verify_key.group.degree
+      end
+
+      def pick_parameters(curve, hash_function)
+        parameters = ACCEPTED_PARAMETERS.detect do |params|
+          if curve
+            if hash_function
+              params[:curve] == curve && params[:hash_function] == hash_function
+            else
+              params[:curve] == curve
+            end
+          elsif hash_function
+            params[:hash_function] == hash_function
+          else
+            true
+          end
+        end
+
+        if parameters
+          [parameters[:curve], parameters[:hash_function]]
+        else
+          raise(OpenSSL::SignatureAlgorithm::UnsupportedParameterError, "Unsupported algorithm parameters")
+        end
       end
     end
   end

data/lib/openssl/signature_algorithm/rsa.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require "openssl"
+require "openssl/signature_algorithm/base"
+
+module OpenSSL
+  module SignatureAlgorithm
+    class RSA < Base
+      class SigningKey < OpenSSL::PKey::RSA
+        def verify_key
+          VerifyKey.new(public_key.to_pem)
+        end
+      end
+
+      class VerifyKey < OpenSSL::PKey::RSA
+        class << self
+          alias_method :deserialize, :new
+        end
+
+        def serialize
+          to_pem
+        end
+      end
+
+      ACCEPTED_HASH_FUNCTIONS = ["SHA256", "SHA384", "SHA512"].freeze
+      DEFAULT_KEY_SIZE = 2048
+
+      attr_reader :hash_function
+
+      def initialize(hash_function: self.class::ACCEPTED_HASH_FUNCTIONS.first)
+        if self.class::ACCEPTED_HASH_FUNCTIONS.include?(hash_function)
+          @hash_function = hash_function
+        else
+          raise(OpenSSL::SignatureAlgorithm::UnsupportedParameterError, "Unsupported hash function '#{hash_function}'")
+        end
+      end
+
+      def generate_signing_key(size: DEFAULT_KEY_SIZE)
+        @signing_key = SigningKey.new(size)
+      end
+    end
+  end
+end

data/lib/openssl/signature_algorithm/rsapkcs1.rb

@@ -1,22 +1,11 @@
 # frozen_string_literal: true
 
 require "openssl"
-require "openssl/signature_algorithm/base"
+require "openssl/signature_algorithm/rsa"
 
 module OpenSSL
   module SignatureAlgorithm
-    class RSAPKCS1 < Base
-      class SigningKey < OpenSSL::PKey::RSA
-        def verify_key
-          public_key
-        end
-      end
-
-      DEFAULT_KEY_SIZE = 2048
-
-      def generate_signing_key(size: DEFAULT_KEY_SIZE)
-        @signing_key = SigningKey.new(size)
-      end
+    class RSAPKCS1 < RSA
     end
   end
 end

data/lib/openssl/signature_algorithm/rsapss.rb

@@ -1,25 +1,13 @@
 # frozen_string_literal: true
 
 require "openssl"
-require "openssl/signature_algorithm/base"
+require "openssl/signature_algorithm/rsa"
 
 module OpenSSL
   module SignatureAlgorithm
-    class RSAPSS < Base
-      class SigningKey < OpenSSL::PKey::RSA
-        def verify_key
-          public_key
-        end
-      end
-
-      DEFAULT_KEY_SIZE = 2048
-
-      def generate_signing_key(size: DEFAULT_KEY_SIZE)
-        @signing_key = SigningKey.new(size)
-      end
-
+    class RSAPSS < RSA
       def sign(data)
-        signing_key.sign_pss(hash_function, data, salt_length: salt_length, mgf1_hash: mgf1_hash_function)
+        signing_key.sign_pss(hash_function, data, salt_length: :max, mgf1_hash: mgf1_hash_function)
       end
 
       def verify(signature, verification_data)
@@ -27,13 +15,9 @@ module OpenSSL
           hash_function,
           signature,
           verification_data,
-          salt_length: salt_length,
+          salt_length: :auto,
           mgf1_hash: mgf1_hash_function
-        ) || raise(OpenSSL::SignatureAlgorithm::Error, "Signature verification failed")
-      end
-
-      def salt_length
-        :auto
+        ) || raise(OpenSSL::SignatureAlgorithm::SignatureVerificationError, "Signature verification failed")
       end
 
       def mgf1_hash_function

data/lib/openssl/signature_algorithm/version.rb

@@ -2,6 +2,6 @@
 
 module OpenSSL
   module SignatureAlgorithm
-    VERSION = "0.1.0"
+    VERSION = "1.0.0"
   end
 end

data/openssl-signature_algorithm.gemspec

@@ -5,20 +5,15 @@ require_relative 'lib/openssl/signature_algorithm/version'
 Gem::Specification.new do |spec|
   spec.name          = "openssl-signature_algorithm"
   spec.version       = OpenSSL::SignatureAlgorithm::VERSION
-  spec.authors       = ["Gonzalo"]
+  spec.authors       = ["Gonzalo Rodriguez"]
   spec.email         = ["gonzalo@cedarcode.com"]
   spec.license = "Apache-2.0"
 
-  spec.summary       = "Signature Algorithm abstraction for openssl ruby gem"
-  spec.description = <<-DESC
-    This tiny library introduces `OpenSSL::SignatureAlgorithm::ECDSA`,
-    `OpenSSL::SignatureAlgorithm::RSAPSS` and `OpenSSL::SignatureAlgorithm::RSAPKCS1`,
-    so that you can reason in terms of signature algorithms when signing and/or
-    verifying signatures―instead of keys.
-  DESC
+  spec.summary = "ECDSA, RSA-PSS and RSA-PKCS#1 algorithms for ruby"
+  spec.description = spec.summary
 
-  spec.homepage      = "https://github.com/cedarcode/openssl-signature_algorithm"
-  spec.required_ruby_version = Gem::Requirement.new(">= 2.5.0")
+  spec.homepage = "https://github.com/cedarcode/openssl-signature_algorithm"
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.4.0")
 
   spec.metadata["homepage_uri"] = spec.homepage
   spec.metadata["source_code_uri"] = spec.homepage

metadata

@@ -1,20 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: openssl-signature_algorithm
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 1.0.0
 platform: ruby
 authors:
-- Gonzalo
+- Gonzalo Rodriguez
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-01-29 00:00:00.000000000 Z
+date: 2020-07-08 00:00:00.000000000 Z
 dependencies: []
-description: |2
-      This tiny library introduces `OpenSSL::SignatureAlgorithm::ECDSA`,
-      `OpenSSL::SignatureAlgorithm::RSAPSS` and `OpenSSL::SignatureAlgorithm::RSAPKCS1`,
-      so that you can reason in terms of signature algorithms when signing and/or
-      verifying signatures―instead of keys.
+description: ECDSA, RSA-PSS and RSA-PKCS#1 algorithms for ruby
 email:
 - gonzalo@cedarcode.com
 executables: []
@@ -25,6 +21,8 @@ files:
 - ".rspec"
 - ".rubocop.yml"
 - ".travis.yml"
+- Appraisals
+- CHANGELOG.md
 - Gemfile
 - Gemfile.lock
 - LICENSE
@@ -32,10 +30,17 @@ files:
 - Rakefile
 - bin/console
 - bin/setup
+- gemfiles/.bundle/config
+- gemfiles/openssl_2_0.gemfile
+- gemfiles/openssl_2_1.gemfile
+- gemfiles/openssl_2_2.gemfile
+- gemfiles/openssl_default.gemfile
+- gemfiles/openssl_head.gemfile
 - lib/openssl/signature_algorithm.rb
 - lib/openssl/signature_algorithm/base.rb
 - lib/openssl/signature_algorithm/ecdsa.rb
 - lib/openssl/signature_algorithm/error.rb
+- lib/openssl/signature_algorithm/rsa.rb
 - lib/openssl/signature_algorithm/rsapkcs1.rb
 - lib/openssl/signature_algorithm/rsapss.rb
 - lib/openssl/signature_algorithm/version.rb
@@ -55,15 +60,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.5.0
+      version: 2.4.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
-summary: Signature Algorithm abstraction for openssl ruby gem
+summary: ECDSA, RSA-PSS and RSA-PKCS#1 algorithms for ruby
 test_files: []