openssl-signature_algorithm 0.4.0 → 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b7bc92eb1796a3b0f57e24b861d0eab80d3889189b2dcf48988f205e9d81cd69
4
- data.tar.gz: 365f011c31592f9d3d34a58a45b8ce3713227efbe5ea4a3bfc5fac0f87e68d14
3
+ metadata.gz: 14fbf64f6f493adb44ffe4e2f8dc537a8800a6af79c7716c85a49eaab5664ce0
4
+ data.tar.gz: 700d2d7ebfa40f05f004735eca6dc938066b69a02015c2b2cca0349db1b330ed
5
5
  SHA512:
6
- metadata.gz: 8f13ef1875e61ff4318e2888bba525388dbdddf6295a8eac737cfb02dc070a5d6de38b57297374368b1e8d0a8b1e380b6e1fa12c0d0c004a3300c1fe1d1763f6
7
- data.tar.gz: 96f2e6e633eb38af1d5df34ca33d1428f5fee4ee7945eb92354e481810601a13ce689705aaea29f84984a78eb8e46619fe48b7a623a1c93239f7b8c5fc544ec0
6
+ metadata.gz: dd9b7bd8aca161cc531427cb7b2b2e0dfcc5143b5d4443069f95bf4d135fb5d936806372de7c5ed8f91739c8ebe7b1e98f8268bd1186df4061a1a587fc722b3c
7
+ data.tar.gz: 36ceaa919dbd5dfda0dfcf90848c53d5e9eeed9be7cc1eaafdf1d15c5351b4f9782ee4c501c40cad9db147b6c1955f1c8ce3405cd4a49ccb9cf741e5878512b3
data/.gitignore CHANGED
@@ -10,3 +10,5 @@
10
10
  # rspec failure tracking
11
11
  .rspec_status
12
12
  .byebug_history
13
+
14
+ /gemfiles/*.gemfile.lock
data/.rspec CHANGED
@@ -1,3 +1,4 @@
1
1
  --format documentation
2
2
  --color
3
3
  --require spec_helper
4
+ --order random
@@ -1,6 +1,8 @@
1
1
  AllCops:
2
2
  TargetRubyVersion: 2.4
3
3
  DisabledByDefault: true
4
+ Exclude:
5
+ - "gemfiles/**/*"
4
6
 
5
7
  Bundler:
6
8
  Enabled: true
@@ -26,9 +28,6 @@ Security:
26
28
  Style/BlockComments:
27
29
  Enabled: true
28
30
 
29
- Style/BracesAroundHashParameters:
30
- Enabled: true
31
-
32
31
  Style/CaseEquality:
33
32
  Enabled: true
34
33
 
@@ -3,8 +3,22 @@ dist: bionic
3
3
  language: ruby
4
4
  cache: bundler
5
5
  rvm:
6
- - 2.7.0
7
- - 2.6.5
8
- - 2.5.7
9
- - 2.4.9
10
- before_install: gem install bundler -v 2.1.4
6
+ - ruby-head
7
+ - 2.7.1
8
+ - 2.6.6
9
+ - 2.5.8
10
+ - 2.4.10
11
+ gemfile:
12
+ - gemfiles/openssl_head.gemfile
13
+ - gemfiles/openssl_2_2.gemfile
14
+ - gemfiles/openssl_2_1.gemfile
15
+ - gemfiles/openssl_2_0.gemfile
16
+ - gemfiles/openssl_default.gemfile
17
+ matrix:
18
+ fast_finish: true
19
+ allow_failures:
20
+ - rvm: ruby-head
21
+ - gemfile: gemfiles/openssl_head.gemfile
22
+ before_install:
23
+ - gem install bundler -v 2.1.4
24
+ - rm Gemfile.lock
@@ -0,0 +1,20 @@
1
+ # frozen_string_literal: true
2
+
3
+ appraise "openssl_head" do
4
+ gem "openssl", git: "https://github.com/ruby/openssl"
5
+ end
6
+
7
+ appraise "openssl_2_2" do
8
+ gem "openssl", "~> 2.2.0"
9
+ end
10
+
11
+ appraise "openssl_2_1" do
12
+ gem "openssl", "~> 2.1.0"
13
+ end
14
+
15
+ appraise "openssl_2_0" do
16
+ gem "openssl", "~> 2.0.0"
17
+ end
18
+
19
+ appraise "openssl_default" do
20
+ end
@@ -1,5 +1,45 @@
1
1
  # Changelog
2
2
 
3
+ ## [v1.0.0] - 2020-07-08
4
+
5
+ ### Added
6
+
7
+ - ECDSA with **secp256k1** curve support added:
8
+ ```rb
9
+ OpenSSL::SignatureAlgorithm::ECDSA.new(curve: "secp256k1")
10
+ ```
11
+ - Algorithm **arguments** are now **optional**. The following works:
12
+
13
+ ```rb
14
+ OpenSSL::SignatureAlgorithm::ECDSA.new
15
+ # defaults to ECDSA with SHA-256 and NIST P256 curve
16
+ # Same as OpenSSL::SignatureAlgorithm::ECDSA.new(hash_function: "SHA256", curve: "prime256v1")
17
+
18
+ OpenSSL::SignatureAlgorithm::RSAPSS.new
19
+ # defaults to SHA-256
20
+ # Same as OpenSSL::SignatureAlgorithm::RSAPSS.new(hash_function: "SHA256")
21
+
22
+ OpenSSL::SignatureAlgorithm::RSAPKCS1.new
23
+ # defaults to SHA-256
24
+ # Same as OpenSSL::SignatureAlgorithm::RSAPSS.new(hash_function: "SHA256")
25
+ ```
26
+
27
+ ### Changed
28
+
29
+ - Algorithm **instantiation** changed. The positional argument `digest_length` is replaced with keyword arguments, `hash_function:` for RSA algorithms and `hash_function:` and `curve:` for ECDSA. None are required arguments, you get sane defaults if you don't provide any arguments. Code migration examples:
30
+ ```rb
31
+ # Change this
32
+ # OpenSSL::SignatureAlgorithm::ECDSA.new("256")
33
+ # to
34
+ OpenSSL::SignatureAlgorithm::ECDSA.new(hash_function: "SHA256")
35
+ ```
36
+ ```rb
37
+ # Change this
38
+ # OpenSSL::SignatureAlgorithm::RSAPSS.new("384")
39
+ # to
40
+ OpenSSL::SignatureAlgorithm::RSAPSS.new(hash_function: "SHA384")
41
+ ```
42
+
3
43
  ## [v0.4.0] - 2020-01-31
4
44
 
5
45
  ### Added
@@ -32,6 +72,7 @@
32
72
  - `OpenSSL::SignatureAlgorithm::RSAPSS`
33
73
  - `OpenSSL::SignatureAlgorithm::RSAPKCS1`
34
74
 
75
+ [v1.0.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v0.4.0...v1.0.0/
35
76
  [v0.4.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v0.3.0...v0.4.0/
36
77
  [v0.3.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v0.2.0...v0.3.0/
37
78
  [v0.2.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v0.1.1...v0.2.0/
data/Gemfile CHANGED
@@ -5,7 +5,8 @@ source "https://rubygems.org"
5
5
  # Specify your gem's dependencies in openssl-signature_algorithm.gemspec
6
6
  gemspec
7
7
 
8
+ gem "appraisal", "~> 2.2"
8
9
  gem "byebug", "~> 11.0"
9
- gem "rake", "~> 12.0"
10
+ gem "rake", "~> 13.0"
10
11
  gem "rspec", "~> 3.0"
11
- gem "rubocop", "~> 0.79.0"
12
+ gem "rubocop", "~> 0.80.1"
@@ -1,52 +1,60 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- openssl-signature_algorithm (0.4.0)
4
+ openssl-signature_algorithm (1.0.0)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
8
8
  specs:
9
+ appraisal (2.2.0)
10
+ bundler
11
+ rake
12
+ thor (>= 0.14.0)
9
13
  ast (2.4.0)
10
14
  byebug (11.1.1)
11
15
  diff-lcs (1.3)
12
16
  jaro_winkler (1.5.4)
13
17
  parallel (1.19.1)
14
- parser (2.7.0.2)
18
+ parser (2.7.0.5)
15
19
  ast (~> 2.4.0)
16
20
  rainbow (3.0.0)
17
- rake (12.3.3)
21
+ rake (13.0.1)
22
+ rexml (3.2.4)
18
23
  rspec (3.9.0)
19
24
  rspec-core (~> 3.9.0)
20
25
  rspec-expectations (~> 3.9.0)
21
26
  rspec-mocks (~> 3.9.0)
22
27
  rspec-core (3.9.1)
23
28
  rspec-support (~> 3.9.1)
24
- rspec-expectations (3.9.0)
29
+ rspec-expectations (3.9.1)
25
30
  diff-lcs (>= 1.2.0, < 2.0)
26
31
  rspec-support (~> 3.9.0)
27
32
  rspec-mocks (3.9.1)
28
33
  diff-lcs (>= 1.2.0, < 2.0)
29
34
  rspec-support (~> 3.9.0)
30
35
  rspec-support (3.9.2)
31
- rubocop (0.79.0)
36
+ rubocop (0.80.1)
32
37
  jaro_winkler (~> 1.5.1)
33
38
  parallel (~> 1.10)
34
39
  parser (>= 2.7.0.1)
35
40
  rainbow (>= 2.2.2, < 4.0)
41
+ rexml
36
42
  ruby-progressbar (~> 1.7)
37
43
  unicode-display_width (>= 1.4.0, < 1.7)
38
44
  ruby-progressbar (1.10.1)
45
+ thor (1.0.1)
39
46
  unicode-display_width (1.6.1)
40
47
 
41
48
  PLATFORMS
42
49
  ruby
43
50
 
44
51
  DEPENDENCIES
52
+ appraisal (~> 2.2)
45
53
  byebug (~> 11.0)
46
54
  openssl-signature_algorithm!
47
- rake (~> 12.0)
55
+ rake (~> 13.0)
48
56
  rspec (~> 3.0)
49
- rubocop (~> 0.79.0)
57
+ rubocop (~> 0.80.1)
50
58
 
51
59
  BUNDLED WITH
52
60
  2.1.4
data/README.md CHANGED
@@ -1,12 +1,16 @@
1
1
  # OpenSSL::SignatureAlgorithm
2
2
 
3
+ > ECDSA, RSA-PSS and RSA-PKCS#1 signature algorithms for ruby
4
+
5
+ Sign and verify using signature algorithm wrappers, instead of key objects.
6
+
3
7
  Provides `OpenSSL::SignatureAlgorithm::ECDSA`, `OpenSSL::SignatureAlgorithm::RSAPSS`
4
- and `OpenSSL::SignatureAlgorithm::RSAPKCS1` ruby object wrapers on top of `OpenSSL::PKey::EC`
5
- and `OpenSSL::PKey::RSA`, so that you can reason in terms of signature algorithms when
6
- signing and/or verifying signatures, instead of keys.
8
+ and `OpenSSL::SignatureAlgorithm::RSAPKCS1` ruby object wrappers on top of `OpenSSL::PKey::EC`
9
+ and `OpenSSL::PKey::RSA`, so that you can reason in terms of the algorithms and do less when
10
+ signing or verifying signatures.
7
11
 
8
12
  [![Gem](https://img.shields.io/gem/v/openssl-signature_algorithm.svg?style=flat-square&color=informational)](https://rubygems.org/gems/openssl-signature_algorithm)
9
- [![Travis](https://img.shields.io/travis/cedarcode/openssl-signature_algorithm.svg?style=flat-square)](https://travis-ci.org/cedarcode/openssl-signature_algorithm)
13
+ [![Travis](https://img.shields.io/travis/cedarcode/openssl-signature_algorithm/master.svg?style=flat-square)](https://travis-ci.org/cedarcode/openssl-signature_algorithm)
10
14
 
11
15
  ## Installation
12
16
 
@@ -32,7 +36,7 @@ Or install it yourself as:
32
36
  to_be_signed = "to-be-signed"
33
37
 
34
38
  # Signer
35
- algorithm = OpenSSL::SignatureAlgorithm::ECDSA.new("256")
39
+ algorithm = OpenSSL::SignatureAlgorithm::ECDSA.new
36
40
  signing_key = algorithm.generate_signing_key
37
41
  signature = algorithm.sign(to_be_signed)
38
42
 
@@ -41,7 +45,7 @@ verify_key_string = signing_key.verify_key.serialize
41
45
 
42
46
  # Verifier
43
47
  verify_key = OpenSSL::SignatureAlgorithm::ECDSA::VerifyKey.deserialize(verify_key_string)
44
- algorithm = OpenSSL::SignatureAlgorithm::ECDSA.new("256")
48
+ algorithm = OpenSSL::SignatureAlgorithm::ECDSA.new
45
49
  algorithm.verify_key = verify_key
46
50
  algorithm.verify(signature, to_be_signed)
47
51
  ```
@@ -52,7 +56,7 @@ algorithm.verify(signature, to_be_signed)
52
56
  to_be_signed = "to-be-signed"
53
57
 
54
58
  # Signer
55
- algorithm = OpenSSL::SignatureAlgorithm::RSAPSS.new("256")
59
+ algorithm = OpenSSL::SignatureAlgorithm::RSAPSS.new
56
60
  signing_key = algorithm.generate_signing_key
57
61
  signature = algorithm.sign(to_be_signed)
58
62
 
@@ -61,7 +65,7 @@ verify_key_string = signing_key.verify_key.serialize
61
65
 
62
66
  # Verifier
63
67
  verify_key = OpenSSL::SignatureAlgorithm::RSAPSS::VerifyKey.deserialize(verify_key_string)
64
- algorithm = OpenSSL::SignatureAlgorithm::RSAPSS.new("256")
68
+ algorithm = OpenSSL::SignatureAlgorithm::RSAPSS.new
65
69
  algorithm.verify_key = verify_key
66
70
  algorithm.verify(signature, to_be_signed)
67
71
  ```
@@ -72,7 +76,7 @@ algorithm.verify(signature, to_be_signed)
72
76
  to_be_signed = "to-be-signed"
73
77
 
74
78
  # Signer
75
- algorithm = OpenSSL::SignatureAlgorithm::RSAPKCS1.new("256")
79
+ algorithm = OpenSSL::SignatureAlgorithm::RSAPKCS1.new
76
80
  signing_key = algorithm.generate_signing_key
77
81
  signature = algorithm.sign(to_be_signed)
78
82
 
@@ -81,7 +85,7 @@ verify_key_string = signing_key.verify_key.serialize
81
85
 
82
86
  # Verifier
83
87
  verify_key = OpenSSL::SignatureAlgorithm::RSAPKCS1::VerifyKey.deserialize(verify_key_string)
84
- algorithm = OpenSSL::SignatureAlgorithm::RSAPKCS1.new("256")
88
+ algorithm = OpenSSL::SignatureAlgorithm::RSAPKCS1.new
85
89
  algorithm.verify_key = verify_key
86
90
  algorithm.verify(signature, to_be_signed)
87
91
  ```
@@ -0,0 +1,2 @@
1
+ ---
2
+ BUNDLE_RETRY: "1"
@@ -0,0 +1,12 @@
1
+ # This file was generated by Appraisal
2
+
3
+ source "https://rubygems.org"
4
+
5
+ gem "appraisal", "~> 2.2"
6
+ gem "byebug", "~> 11.0"
7
+ gem "rake", "~> 13.0"
8
+ gem "rspec", "~> 3.0"
9
+ gem "rubocop", "~> 0.80.1"
10
+ gem "openssl", "~> 2.0.0"
11
+
12
+ gemspec path: "../"
@@ -0,0 +1,12 @@
1
+ # This file was generated by Appraisal
2
+
3
+ source "https://rubygems.org"
4
+
5
+ gem "appraisal", "~> 2.2"
6
+ gem "byebug", "~> 11.0"
7
+ gem "rake", "~> 13.0"
8
+ gem "rspec", "~> 3.0"
9
+ gem "rubocop", "~> 0.80.1"
10
+ gem "openssl", "~> 2.1.0"
11
+
12
+ gemspec path: "../"
@@ -0,0 +1,12 @@
1
+ # This file was generated by Appraisal
2
+
3
+ source "https://rubygems.org"
4
+
5
+ gem "appraisal", "~> 2.2"
6
+ gem "byebug", "~> 11.0"
7
+ gem "rake", "~> 13.0"
8
+ gem "rspec", "~> 3.0"
9
+ gem "rubocop", "~> 0.80.1"
10
+ gem "openssl", "~> 2.2.0"
11
+
12
+ gemspec path: "../"
@@ -0,0 +1,11 @@
1
+ # This file was generated by Appraisal
2
+
3
+ source "https://rubygems.org"
4
+
5
+ gem "appraisal", "~> 2.2"
6
+ gem "byebug", "~> 11.0"
7
+ gem "rake", "~> 13.0"
8
+ gem "rspec", "~> 3.0"
9
+ gem "rubocop", "~> 0.80.1"
10
+
11
+ gemspec path: "../"
@@ -0,0 +1,12 @@
1
+ # This file was generated by Appraisal
2
+
3
+ source "https://rubygems.org"
4
+
5
+ gem "appraisal", "~> 2.2"
6
+ gem "byebug", "~> 11.0"
7
+ gem "rake", "~> 13.0"
8
+ gem "rspec", "~> 3.0"
9
+ gem "rubocop", "~> 0.80.1"
10
+ gem "openssl", git: "https://github.com/ruby/openssl"
11
+
12
+ gemspec path: "../"
@@ -5,20 +5,27 @@ require "openssl/signature_algorithm/error"
5
5
 
6
6
  module OpenSSL
7
7
  module SignatureAlgorithm
8
+ class SignatureVerificationError < Error; end
9
+ class UnsupportedParameterError < Error; end
10
+ class VerifyKeyError < Error; end
11
+
8
12
  class Base
9
- attr_reader :digest_length, :signing_key
10
- attr_accessor :verify_key
13
+ attr_reader :signing_key, :verify_key
11
14
 
12
- def initialize(digest_length)
13
- @digest_length = digest_length
15
+ def verify_key=(key)
16
+ if compatible_verify_key?(key)
17
+ @verify_key = key
18
+ else
19
+ raise(OpenSSL::SignatureAlgorithm::VerifyKeyError, "Incompatible verify key for algorithm")
20
+ end
14
21
  end
15
22
 
16
- def sign(data)
17
- signing_key.sign(hash_function, data)
23
+ def compatible_verify_key?(verify_key)
24
+ verify_key.respond_to?(:verify)
18
25
  end
19
26
 
20
- def hash_function
21
- OpenSSL::Digest.new("sha#{digest_length}")
27
+ def sign(data)
28
+ signing_key.sign(hash_function, data)
22
29
  end
23
30
 
24
31
  def verify(signature, verification_data)
@@ -30,7 +37,7 @@ module OpenSSL
30
37
  end
31
38
 
32
39
  verify_key.verify(hash_function, formatted_signature, verification_data) ||
33
- raise(OpenSSL::SignatureAlgorithm::Error, "Signature verification failed")
40
+ raise(OpenSSL::SignatureAlgorithm::SignatureVerificationError, "Signature verification failed")
34
41
  end
35
42
  end
36
43
  end
@@ -42,19 +42,25 @@ module OpenSSL
42
42
  end
43
43
  end
44
44
 
45
- CURVE_BY_DIGEST_LENGTH = {
46
- "256" => "prime256v1",
47
- "384" => "secp384r1",
48
- "512" => "secp521r1"
49
- }.freeze
45
+ ACCEPTED_PARAMETERS = [
46
+ { curve: "prime256v1", hash_function: "SHA256" },
47
+ { curve: "secp384r1", hash_function: "SHA384" },
48
+ { curve: "secp521r1", hash_function: "SHA512" },
49
+ { curve: "secp256k1", hash_function: "SHA256" }
50
+ ].freeze
51
+
52
+ attr_reader :curve, :hash_function
53
+
54
+ def initialize(curve: nil, hash_function: nil)
55
+ @curve, @hash_function = pick_parameters(curve, hash_function)
56
+ end
50
57
 
51
58
  def generate_signing_key
52
- @signing_key = SigningKey.new(curve_name)
59
+ @signing_key = SigningKey.new(curve)
53
60
  end
54
61
 
55
- def curve_name
56
- CURVE_BY_DIGEST_LENGTH[digest_length] ||
57
- raise(OpenSSL::SignatureAlgorithm::Error, "Unsupported digest length #{digest_length}")
62
+ def compatible_verify_key?(key)
63
+ super && key.respond_to?(:group) && key.group.curve_name == curve
58
64
  end
59
65
 
60
66
  private
@@ -79,6 +85,28 @@ module OpenSSL
79
85
  def verify_key_length
80
86
  verify_key.group.degree
81
87
  end
88
+
89
+ def pick_parameters(curve, hash_function)
90
+ parameters = ACCEPTED_PARAMETERS.detect do |params|
91
+ if curve
92
+ if hash_function
93
+ params[:curve] == curve && params[:hash_function] == hash_function
94
+ else
95
+ params[:curve] == curve
96
+ end
97
+ elsif hash_function
98
+ params[:hash_function] == hash_function
99
+ else
100
+ true
101
+ end
102
+ end
103
+
104
+ if parameters
105
+ [parameters[:curve], parameters[:hash_function]]
106
+ else
107
+ raise(OpenSSL::SignatureAlgorithm::UnsupportedParameterError, "Unsupported algorithm parameters")
108
+ end
109
+ end
82
110
  end
83
111
  end
84
112
  end
@@ -0,0 +1,43 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "openssl"
4
+ require "openssl/signature_algorithm/base"
5
+
6
+ module OpenSSL
7
+ module SignatureAlgorithm
8
+ class RSA < Base
9
+ class SigningKey < OpenSSL::PKey::RSA
10
+ def verify_key
11
+ VerifyKey.new(public_key.to_pem)
12
+ end
13
+ end
14
+
15
+ class VerifyKey < OpenSSL::PKey::RSA
16
+ class << self
17
+ alias_method :deserialize, :new
18
+ end
19
+
20
+ def serialize
21
+ to_pem
22
+ end
23
+ end
24
+
25
+ ACCEPTED_HASH_FUNCTIONS = ["SHA256", "SHA384", "SHA512"].freeze
26
+ DEFAULT_KEY_SIZE = 2048
27
+
28
+ attr_reader :hash_function
29
+
30
+ def initialize(hash_function: self.class::ACCEPTED_HASH_FUNCTIONS.first)
31
+ if self.class::ACCEPTED_HASH_FUNCTIONS.include?(hash_function)
32
+ @hash_function = hash_function
33
+ else
34
+ raise(OpenSSL::SignatureAlgorithm::UnsupportedParameterError, "Unsupported hash function '#{hash_function}'")
35
+ end
36
+ end
37
+
38
+ def generate_signing_key(size: DEFAULT_KEY_SIZE)
39
+ @signing_key = SigningKey.new(size)
40
+ end
41
+ end
42
+ end
43
+ end
@@ -1,32 +1,11 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "openssl"
4
- require "openssl/signature_algorithm/base"
4
+ require "openssl/signature_algorithm/rsa"
5
5
 
6
6
  module OpenSSL
7
7
  module SignatureAlgorithm
8
- class RSAPKCS1 < Base
9
- class SigningKey < OpenSSL::PKey::RSA
10
- def verify_key
11
- VerifyKey.new(public_key.to_pem)
12
- end
13
- end
14
-
15
- class VerifyKey < OpenSSL::PKey::RSA
16
- class << self
17
- alias_method :deserialize, :new
18
- end
19
-
20
- def serialize
21
- to_pem
22
- end
23
- end
24
-
25
- DEFAULT_KEY_SIZE = 2048
26
-
27
- def generate_signing_key(size: DEFAULT_KEY_SIZE)
28
- @signing_key = SigningKey.new(size)
29
- end
8
+ class RSAPKCS1 < RSA
30
9
  end
31
10
  end
32
11
  end
@@ -1,33 +1,11 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "openssl"
4
- require "openssl/signature_algorithm/base"
4
+ require "openssl/signature_algorithm/rsa"
5
5
 
6
6
  module OpenSSL
7
7
  module SignatureAlgorithm
8
- class RSAPSS < Base
9
- class SigningKey < OpenSSL::PKey::RSA
10
- def verify_key
11
- VerifyKey.new(public_key.to_pem)
12
- end
13
- end
14
-
15
- class VerifyKey < OpenSSL::PKey::RSA
16
- class << self
17
- alias_method :deserialize, :new
18
- end
19
-
20
- def serialize
21
- to_pem
22
- end
23
- end
24
-
25
- DEFAULT_KEY_SIZE = 2048
26
-
27
- def generate_signing_key(size: DEFAULT_KEY_SIZE)
28
- @signing_key = SigningKey.new(size)
29
- end
30
-
8
+ class RSAPSS < RSA
31
9
  def sign(data)
32
10
  signing_key.sign_pss(hash_function, data, salt_length: :max, mgf1_hash: mgf1_hash_function)
33
11
  end
@@ -39,7 +17,7 @@ module OpenSSL
39
17
  verification_data,
40
18
  salt_length: :auto,
41
19
  mgf1_hash: mgf1_hash_function
42
- ) || raise(OpenSSL::SignatureAlgorithm::Error, "Signature verification failed")
20
+ ) || raise(OpenSSL::SignatureAlgorithm::SignatureVerificationError, "Signature verification failed")
43
21
  end
44
22
 
45
23
  def mgf1_hash_function
@@ -2,6 +2,6 @@
2
2
 
3
3
  module OpenSSL
4
4
  module SignatureAlgorithm
5
- VERSION = "0.4.0"
5
+ VERSION = "1.0.0"
6
6
  end
7
7
  end
@@ -9,14 +9,8 @@ Gem::Specification.new do |spec|
9
9
  spec.email = ["gonzalo@cedarcode.com"]
10
10
  spec.license = "Apache-2.0"
11
11
 
12
- spec.summary = "OpenSSL::SignatureAlgorithm helpers for signing and verifying signatures with openssl ruby gem"
13
-
14
- spec.description = <<-DESC
15
- Provides OpenSSL::SignatureAlgorithm::ECDSA, OpenSSL::SignatureAlgorithm::RSAPSS
16
- and OpenSSL::SignatureAlgorithm::RSAPKCS1 ruby object wrapers on top of OpenSSL::PKey::EC
17
- and OpenSSL::PKey::RSA, so that you can reason in terms of signature algorithms when
18
- signing and/or verifying signatures, instead of keys.
19
- DESC
12
+ spec.summary = "ECDSA, RSA-PSS and RSA-PKCS#1 algorithms for ruby"
13
+ spec.description = spec.summary
20
14
 
21
15
  spec.homepage = "https://github.com/cedarcode/openssl-signature_algorithm"
22
16
  spec.required_ruby_version = Gem::Requirement.new(">= 2.4.0")
metadata CHANGED
@@ -1,20 +1,16 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openssl-signature_algorithm
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 1.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gonzalo Rodriguez
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-01-31 00:00:00.000000000 Z
11
+ date: 2020-07-08 00:00:00.000000000 Z
12
12
  dependencies: []
13
- description: |2
14
- Provides OpenSSL::SignatureAlgorithm::ECDSA, OpenSSL::SignatureAlgorithm::RSAPSS
15
- and OpenSSL::SignatureAlgorithm::RSAPKCS1 ruby object wrapers on top of OpenSSL::PKey::EC
16
- and OpenSSL::PKey::RSA, so that you can reason in terms of signature algorithms when
17
- signing and/or verifying signatures, instead of keys.
13
+ description: ECDSA, RSA-PSS and RSA-PKCS#1 algorithms for ruby
18
14
  email:
19
15
  - gonzalo@cedarcode.com
20
16
  executables: []
@@ -25,6 +21,7 @@ files:
25
21
  - ".rspec"
26
22
  - ".rubocop.yml"
27
23
  - ".travis.yml"
24
+ - Appraisals
28
25
  - CHANGELOG.md
29
26
  - Gemfile
30
27
  - Gemfile.lock
@@ -33,10 +30,17 @@ files:
33
30
  - Rakefile
34
31
  - bin/console
35
32
  - bin/setup
33
+ - gemfiles/.bundle/config
34
+ - gemfiles/openssl_2_0.gemfile
35
+ - gemfiles/openssl_2_1.gemfile
36
+ - gemfiles/openssl_2_2.gemfile
37
+ - gemfiles/openssl_default.gemfile
38
+ - gemfiles/openssl_head.gemfile
36
39
  - lib/openssl/signature_algorithm.rb
37
40
  - lib/openssl/signature_algorithm/base.rb
38
41
  - lib/openssl/signature_algorithm/ecdsa.rb
39
42
  - lib/openssl/signature_algorithm/error.rb
43
+ - lib/openssl/signature_algorithm/rsa.rb
40
44
  - lib/openssl/signature_algorithm/rsapkcs1.rb
41
45
  - lib/openssl/signature_algorithm/rsapss.rb
42
46
  - lib/openssl/signature_algorithm/version.rb
@@ -63,9 +67,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
63
67
  - !ruby/object:Gem::Version
64
68
  version: '0'
65
69
  requirements: []
66
- rubygems_version: 3.1.2
70
+ rubygems_version: 3.1.4
67
71
  signing_key:
68
72
  specification_version: 4
69
- summary: OpenSSL::SignatureAlgorithm helpers for signing and verifying signatures
70
- with openssl ruby gem
73
+ summary: ECDSA, RSA-PSS and RSA-PKCS#1 algorithms for ruby
71
74
  test_files: []