openssl-signature_algorithm 0.4.0 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b7bc92eb1796a3b0f57e24b861d0eab80d3889189b2dcf48988f205e9d81cd69
-  data.tar.gz: 365f011c31592f9d3d34a58a45b8ce3713227efbe5ea4a3bfc5fac0f87e68d14
+  metadata.gz: 05b32cb5c229b287708d0931b8ac52b8c90c98f53d31e146df38406870300e95
+  data.tar.gz: 0b35e770ff3342d8d7d7008f8a76a4cb40e63dfe756676276e84e72da0af6677
 SHA512:
-  metadata.gz: 8f13ef1875e61ff4318e2888bba525388dbdddf6295a8eac737cfb02dc070a5d6de38b57297374368b1e8d0a8b1e380b6e1fa12c0d0c004a3300c1fe1d1763f6
-  data.tar.gz: 96f2e6e633eb38af1d5df34ca33d1428f5fee4ee7945eb92354e481810601a13ce689705aaea29f84984a78eb8e46619fe48b7a623a1c93239f7b8c5fc544ec0
+  metadata.gz: f5bfe46225bf0fa061ef6046d94e7297bfd124be0b95cd4fc3cc125f8fcd58a288a8945a64f9af8f50ff3fdd22c148e3495bd643c9de5b535ca8ecb14c266649
+  data.tar.gz: 34a46fea3bde198cdbbc3b9e024dec9d635aa8c15484a819d8350bdd3b3a996dff75b6f64b6f9971f890c2796873594c555e0970f83a0e72adce9b22bf54c992

data/.github/workflows/build.yml

@@ -0,0 +1,54 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: build
+
+on: push
+
+jobs:
+  test:
+    runs-on: ubuntu-20.04
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby-version:
+          - 3.2.0
+          - 3.1.3
+          - 3.0.5
+          - 2.7.7
+          - 2.6.6
+          - 2.5.8
+          - 2.4.10
+        gemfile:
+          - openssl_3_1
+          - openssl_3_0
+          - openssl_2_2
+          - openssl_2_1
+        exclude:
+          - ruby-version: '2.4.10'
+            gemfile: openssl_3_0
+          - ruby-version: '2.5.8'
+            gemfile: openssl_3_0
+          - ruby-version: '2.4.10'
+            gemfile: openssl_3_1
+          - ruby-version: '2.5.8'
+            gemfile: openssl_3_1
+    env:
+      BUNDLE_GEMFILE: gemfiles/${{ matrix.gemfile }}.gemfile
+    steps:
+    - uses: actions/checkout@v2
+    - run: rm Gemfile.lock
+    - name: Set up Ruby ${{ matrix.ruby }}
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true
+    - name: Run rubocop
+      run: bundle exec rubocop
+      if: ${{ matrix.ruby == '3.2.0' }}
+    - name: Run tests
+      run: bundle exec rspec

data/.gitignore

@@ -10,3 +10,5 @@
 # rspec failure tracking
 .rspec_status
 .byebug_history
+
+/gemfiles/*.gemfile.lock

data/.rspec

@@ -1,3 +1,4 @@
 --format documentation
 --color
 --require spec_helper
+--order random

data/.rubocop.yml

@@ -1,6 +1,10 @@
 AllCops:
   TargetRubyVersion: 2.4
   DisabledByDefault: true
+  NewCops: disable
+  Exclude:
+    - "gemfiles/**/*"
+    - "vendor/bundle/**/*"
 
 Bundler:
   Enabled: true
@@ -17,6 +21,9 @@ Layout/LineLength:
 Lint:
   Enabled: true
 
+Lint/MissingSuper:
+  Enabled: false
+
 Naming:
   Enabled: true
 
@@ -26,9 +33,6 @@ Security:
 Style/BlockComments:
   Enabled: true
 
-Style/BracesAroundHashParameters:
-  Enabled: true
-
 Style/CaseEquality:
   Enabled: true
 

data/Appraisals

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+appraise "openssl_3_1" do
+  gem "openssl", "~> 3.1.0"
+end
+
+appraise "openssl_3_0" do
+  gem "openssl", "~> 3.0.0"
+end
+
+appraise "openssl_2_2" do
+  gem "openssl", "~> 2.2.0"
+end
+
+appraise "openssl_2_1" do
+  gem "openssl", "~> 2.1.0"
+end

data/CHANGELOG.md

@@ -1,5 +1,65 @@
 # Changelog
 
+## [v1.3.0] - 2023-02-15
+
+- Loose OpenSSL dependency to support 3.1 users. Thanks @bdewater <3
+
+## [v1.2.1] - 2022-06-05
+
+- Support OpenSSL ~>3.0.0. Credits to @ClearlyClaire <3
+
+## [v1.1.1] - 2021-02-11
+
+### Fixed
+
+- Fix error asking for ed25519 gem when actually not using EdDSA
+
+## [v1.1.0] - 2021-02-11
+
+### Added
+
+- EdDSA support added (requires adding the `ed25519` gem to your `Gemfile`) ([@santiagorodriguez96])
+
+## [v1.0.0] - 2020-07-08
+
+### Added
+
+- ECDSA with **secp256k1** curve support added:
+  ```rb
+  OpenSSL::SignatureAlgorithm::ECDSA.new(curve: "secp256k1")
+  ```
+- Algorithm **arguments** are now **optional**. The following works:
+
+  ```rb
+  OpenSSL::SignatureAlgorithm::ECDSA.new
+  # defaults to ECDSA with SHA-256 and NIST P256 curve
+  # Same as OpenSSL::SignatureAlgorithm::ECDSA.new(hash_function: "SHA256", curve: "prime256v1")
+
+  OpenSSL::SignatureAlgorithm::RSAPSS.new
+  # defaults to SHA-256
+  # Same as OpenSSL::SignatureAlgorithm::RSAPSS.new(hash_function: "SHA256")
+
+  OpenSSL::SignatureAlgorithm::RSAPKCS1.new
+  # defaults to SHA-256
+  # Same as OpenSSL::SignatureAlgorithm::RSAPSS.new(hash_function: "SHA256")
+  ```
+
+### Changed
+
+- Algorithm **instantiation** changed. The positional argument `digest_length` is replaced with keyword arguments, `hash_function:` for RSA algorithms and `hash_function:` and `curve:` for ECDSA. None are required arguments, you get sane defaults if you don't provide any arguments. Code migration examples:
+  ```rb
+  # Change this
+  # OpenSSL::SignatureAlgorithm::ECDSA.new("256")
+  # to
+  OpenSSL::SignatureAlgorithm::ECDSA.new(hash_function: "SHA256")
+  ```
+  ```rb
+  # Change this
+  # OpenSSL::SignatureAlgorithm::RSAPSS.new("384")
+  # to
+  OpenSSL::SignatureAlgorithm::RSAPSS.new(hash_function: "SHA384")
+  ```
+
 ## [v0.4.0] - 2020-01-31
 
 ### Added
@@ -32,8 +92,17 @@
 - `OpenSSL::SignatureAlgorithm::RSAPSS`
 - `OpenSSL::SignatureAlgorithm::RSAPKCS1`
 
+[v1.3.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v1.2.1...v1.3.0/
+[v1.2.1]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v1.1.1...v1.2.1/
+[v1.1.1]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v1.1.0...v1.1.1/
+[v1.1.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v1.0.0...v1.1.0/
+[v1.0.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v0.4.0...v1.0.0/
 [v0.4.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v0.3.0...v0.4.0/
 [v0.3.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v0.2.0...v0.3.0/
 [v0.2.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v0.1.1...v0.2.0/
 [v0.1.1]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v0.1.0...v0.1.1/
 [v0.1.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/41887c277dc7fa0c884ccf8924cf990ff76784d9...v0.1.0/
+
+[@santiagorodriguez96]: https://github.com/santiagorodriguez96
+[@ClearlyClaire]: https://github.com/clearlyclaire
+[@bdewater]: https://github.com/bdewater

data/Gemfile

@@ -5,7 +5,9 @@ source "https://rubygems.org"
 # Specify your gem's dependencies in openssl-signature_algorithm.gemspec
 gemspec
 
+gem "appraisal", "~> 2.2"
 gem "byebug", "~> 11.0"
-gem "rake", "~> 12.0"
+gem "ed25519", "~> 1.2"
+gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"
-gem "rubocop", "~> 0.79.0"
+gem "rubocop", "~> 1.0"

data/Gemfile.lock

@@ -1,52 +1,69 @@
 PATH
   remote: .
   specs:
-    openssl-signature_algorithm (0.4.0)
+    openssl-signature_algorithm (1.2.1)
+      openssl (> 2.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    ast (2.4.0)
+    appraisal (2.2.0)
+      bundler
+      rake
+      thor (>= 0.14.0)
+    ast (2.4.2)
     byebug (11.1.1)
     diff-lcs (1.3)
-    jaro_winkler (1.5.4)
-    parallel (1.19.1)
-    parser (2.7.0.2)
-      ast (~> 2.4.0)
-    rainbow (3.0.0)
-    rake (12.3.3)
+    ed25519 (1.2.4)
+    json (2.6.3)
+    openssl (3.0.0)
+    parallel (1.22.1)
+    parser (3.2.1.0)
+      ast (~> 2.4.1)
+    rainbow (3.1.1)
+    rake (13.0.1)
+    regexp_parser (2.7.0)
+    rexml (3.2.5)
     rspec (3.9.0)
       rspec-core (~> 3.9.0)
       rspec-expectations (~> 3.9.0)
       rspec-mocks (~> 3.9.0)
     rspec-core (3.9.1)
       rspec-support (~> 3.9.1)
-    rspec-expectations (3.9.0)
+    rspec-expectations (3.9.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
     rspec-mocks (3.9.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
     rspec-support (3.9.2)
-    rubocop (0.79.0)
-      jaro_winkler (~> 1.5.1)
+    rubocop (1.45.1)
+      json (~> 2.3)
       parallel (~> 1.10)
-      parser (>= 2.7.0.1)
+      parser (>= 3.2.0.0)
       rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.24.1, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 1.7)
-    ruby-progressbar (1.10.1)
-    unicode-display_width (1.6.1)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.24.1)
+      parser (>= 3.1.1.0)
+    ruby-progressbar (1.11.0)
+    thor (1.0.1)
+    unicode-display_width (2.4.2)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
+  appraisal (~> 2.2)
   byebug (~> 11.0)
+  ed25519 (~> 1.2)
   openssl-signature_algorithm!
-  rake (~> 12.0)
+  rake (~> 13.0)
   rspec (~> 3.0)
-  rubocop (~> 0.79.0)
+  rubocop (~> 1.0)
 
 BUNDLED WITH
-   2.1.4
+   2.3.26

data/README.md

@@ -1,12 +1,18 @@
 # OpenSSL::SignatureAlgorithm
 
-Provides `OpenSSL::SignatureAlgorithm::ECDSA`, `OpenSSL::SignatureAlgorithm::RSAPSS`
-and `OpenSSL::SignatureAlgorithm::RSAPKCS1` ruby object wrapers on top of `OpenSSL::PKey::EC`
-and `OpenSSL::PKey::RSA`, so that you can reason in terms of signature algorithms when
-signing and/or verifying signatures, instead of keys.
+> ECDSA, EdDSA, RSA-PSS and RSA-PKCS#1 signature algorithms for ruby
+
+Sign and verify using signature algorithm wrappers, instead of key objects.
+
+Provides `OpenSSL::SignatureAlgorithm::ECDSA`, `OpenSSL::SignatureAlgorithm::EdDSA`, `OpenSSL::SignatureAlgorithm::RSAPSS`
+and `OpenSSL::SignatureAlgorithm::RSAPKCS1` ruby object wrappers on top of `OpenSSL::PKey::EC`
+and `OpenSSL::PKey::RSA`, so that you can reason in terms of the algorithms and do less when
+signing or verifying signatures.
+
+Loosely inspired by [rbnacl](https://github.com/RubyCrypto/rbnacl)'s [Digital Signatures](https://github.com/RubyCrypto/rbnacl/wiki/Digital-Signatures) interface.
 
 [![Gem](https://img.shields.io/gem/v/openssl-signature_algorithm.svg?style=flat-square&color=informational)](https://rubygems.org/gems/openssl-signature_algorithm)
-[![Travis](https://img.shields.io/travis/cedarcode/openssl-signature_algorithm.svg?style=flat-square)](https://travis-ci.org/cedarcode/openssl-signature_algorithm)
+[![Actions Build](https://github.com/cedarcode/openssl-signature_algorithm/workflows/build/badge.svg)](https://github.com/cedarcode/openssl-signature_algorithm/actions)
 
 ## Installation
 
@@ -32,7 +38,7 @@ Or install it yourself as:
 to_be_signed = "to-be-signed"
 
 # Signer
-algorithm = OpenSSL::SignatureAlgorithm::ECDSA.new("256")
+algorithm = OpenSSL::SignatureAlgorithm::ECDSA.new
 signing_key = algorithm.generate_signing_key
 signature = algorithm.sign(to_be_signed)
 
@@ -41,7 +47,31 @@ verify_key_string = signing_key.verify_key.serialize
 
 # Verifier
 verify_key = OpenSSL::SignatureAlgorithm::ECDSA::VerifyKey.deserialize(verify_key_string)
-algorithm = OpenSSL::SignatureAlgorithm::ECDSA.new("256")
+algorithm = OpenSSL::SignatureAlgorithm::ECDSA.new
+algorithm.verify_key = verify_key
+algorithm.verify(signature, to_be_signed)
+```
+
+### EdDSA
+
+Requires adding the `ed25519` gem to your `Gemfile`
+
+```ruby
+require "openssl/signature_algorithm/eddsa"
+
+to_be_signed = "to-be-signed"
+
+# Signer
+algorithm = OpenSSL::SignatureAlgorithm::EdDSA.new
+signing_key = algorithm.generate_signing_key
+signature = algorithm.sign(to_be_signed)
+
+# Signer sends verify key to Verifier
+verify_key_string = signing_key.verify_key.serialize
+
+# Verifier
+verify_key = OpenSSL::SignatureAlgorithm::EdDSA::VerifyKey.deserialize(verify_key_string)
+algorithm = OpenSSL::SignatureAlgorithm::EdDSA.new
 algorithm.verify_key = verify_key
 algorithm.verify(signature, to_be_signed)
 ```
@@ -52,7 +82,7 @@ algorithm.verify(signature, to_be_signed)
 to_be_signed = "to-be-signed"
 
 # Signer
-algorithm = OpenSSL::SignatureAlgorithm::RSAPSS.new("256")
+algorithm = OpenSSL::SignatureAlgorithm::RSAPSS.new
 signing_key = algorithm.generate_signing_key
 signature = algorithm.sign(to_be_signed)
 
@@ -61,7 +91,7 @@ verify_key_string = signing_key.verify_key.serialize
 
 # Verifier
 verify_key = OpenSSL::SignatureAlgorithm::RSAPSS::VerifyKey.deserialize(verify_key_string)
-algorithm = OpenSSL::SignatureAlgorithm::RSAPSS.new("256")
+algorithm = OpenSSL::SignatureAlgorithm::RSAPSS.new
 algorithm.verify_key = verify_key
 algorithm.verify(signature, to_be_signed)
 ```
@@ -72,7 +102,7 @@ algorithm.verify(signature, to_be_signed)
 to_be_signed = "to-be-signed"
 
 # Signer
-algorithm = OpenSSL::SignatureAlgorithm::RSAPKCS1.new("256")
+algorithm = OpenSSL::SignatureAlgorithm::RSAPKCS1.new
 signing_key = algorithm.generate_signing_key
 signature = algorithm.sign(to_be_signed)
 
@@ -81,7 +111,7 @@ verify_key_string = signing_key.verify_key.serialize
 
 # Verifier
 verify_key = OpenSSL::SignatureAlgorithm::RSAPKCS1::VerifyKey.deserialize(verify_key_string)
-algorithm = OpenSSL::SignatureAlgorithm::RSAPKCS1.new("256")
+algorithm = OpenSSL::SignatureAlgorithm::RSAPKCS1.new
 algorithm.verify_key = verify_key
 algorithm.verify(signature, to_be_signed)
 ```

data/gemfiles/.bundle/config

@@ -0,0 +1,2 @@
+---
+BUNDLE_RETRY: "1"

data/gemfiles/openssl_2_1.gemfile

@@ -0,0 +1,13 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "appraisal", "~> 2.2"
+gem "byebug", "~> 11.0"
+gem "ed25519", "~> 1.2"
+gem "rake", "~> 13.0"
+gem "rspec", "~> 3.0"
+gem "rubocop", "~> 1.0"
+gem "openssl", "~> 2.1.0"
+
+gemspec path: "../"

data/gemfiles/openssl_2_2.gemfile

@@ -0,0 +1,13 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "appraisal", "~> 2.2"
+gem "byebug", "~> 11.0"
+gem "ed25519", "~> 1.2"
+gem "rake", "~> 13.0"
+gem "rspec", "~> 3.0"
+gem "rubocop", "~> 1.0"
+gem "openssl", "~> 2.2.0"
+
+gemspec path: "../"

data/gemfiles/openssl_3_0.gemfile

@@ -0,0 +1,13 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "appraisal", "~> 2.2"
+gem "byebug", "~> 11.0"
+gem "ed25519", "~> 1.2"
+gem "rake", "~> 13.0"
+gem "rspec", "~> 3.0"
+gem "rubocop", "~> 1.0"
+gem "openssl", "~> 3.0.0"
+
+gemspec path: "../"

data/gemfiles/openssl_3_1.gemfile

@@ -0,0 +1,13 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "appraisal", "~> 2.2"
+gem "byebug", "~> 11.0"
+gem "ed25519", "~> 1.2"
+gem "rake", "~> 13.0"
+gem "rspec", "~> 3.0"
+gem "rubocop", "~> 1.0"
+gem "openssl", "~> 3.1.0"
+
+gemspec path: "../"

data/lib/openssl/signature_algorithm/base.rb

@@ -5,20 +5,27 @@ require "openssl/signature_algorithm/error"
 
 module OpenSSL
   module SignatureAlgorithm
+    class SignatureVerificationError < Error; end
+    class UnsupportedParameterError < Error; end
+    class VerifyKeyError < Error; end
+
     class Base
-      attr_reader :digest_length, :signing_key
-      attr_accessor :verify_key
+      attr_reader :signing_key, :verify_key
 
-      def initialize(digest_length)
-        @digest_length = digest_length
+      def verify_key=(key)
+        if compatible_verify_key?(key)
+          @verify_key = key
+        else
+          raise(OpenSSL::SignatureAlgorithm::VerifyKeyError, "Incompatible verify key for algorithm")
+        end
       end
 
-      def sign(data)
-        signing_key.sign(hash_function, data)
+      def compatible_verify_key?(verify_key)
+        verify_key.respond_to?(:verify)
       end
 
-      def hash_function
-        OpenSSL::Digest.new("sha#{digest_length}")
+      def sign(data)
+        signing_key.sign(hash_function, data)
       end
 
       def verify(signature, verification_data)
@@ -30,7 +37,7 @@ module OpenSSL
           end
 
         verify_key.verify(hash_function, formatted_signature, verification_data) ||
-          raise(OpenSSL::SignatureAlgorithm::Error, "Signature verification failed")
+          raise(OpenSSL::SignatureAlgorithm::SignatureVerificationError, "Signature verification failed")
       end
     end
   end

data/lib/openssl/signature_algorithm/ecdsa.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require "delegate"
 require "openssl"
 require "openssl/signature_algorithm/base"
 
@@ -8,9 +9,9 @@ module OpenSSL
     class ECDSA < Base
       BYTE_LENGTH = 8
 
-      class SigningKey < OpenSSL::PKey::EC
+      class SigningKey < DelegateClass(OpenSSL::PKey::EC)
         def initialize(*args)
-          super(*args).generate_key
+          super(OpenSSL::PKey::EC.generate(*args))
         end
 
         def verify_key
@@ -18,7 +19,11 @@ module OpenSSL
         end
       end
 
-      class VerifyKey < OpenSSL::PKey::EC::Point
+      class VerifyKey < DelegateClass(OpenSSL::PKey::EC::Point)
+        def initialize(*args)
+          super(OpenSSL::PKey::EC::Point.new(*args))
+        end
+
         def self.deserialize(pem_string)
           new(OpenSSL::PKey::EC.new(pem_string).public_key)
         end
@@ -30,10 +35,20 @@ module OpenSSL
         def ec_key
           @ec_key ||=
             begin
-              ec_key = OpenSSL::PKey::EC.new(group)
-              ec_key.public_key = self
-
-              ec_key
+              # RFC5480 SubjectPublicKeyInfo
+              asn1 = OpenSSL::ASN1::Sequence(
+                [
+                  OpenSSL::ASN1::Sequence(
+                    [
+                      OpenSSL::ASN1::ObjectId("id-ecPublicKey"),
+                      OpenSSL::ASN1::ObjectId(group.curve_name),
+                    ]
+                  ),
+                  OpenSSL::ASN1::BitString(to_octet_string(:uncompressed))
+                ]
+              )
+
+              OpenSSL::PKey::EC.new(asn1.to_der)
             end
         end
 
@@ -42,19 +57,25 @@ module OpenSSL
         end
       end
 
-      CURVE_BY_DIGEST_LENGTH = {
-        "256" => "prime256v1",
-        "384" => "secp384r1",
-        "512" => "secp521r1"
-      }.freeze
+      ACCEPTED_PARAMETERS = [
+        { curve: "prime256v1", hash_function: "SHA256" },
+        { curve: "secp384r1", hash_function: "SHA384" },
+        { curve: "secp521r1", hash_function: "SHA512" },
+        { curve: "secp256k1", hash_function: "SHA256" }
+      ].freeze
+
+      attr_reader :curve, :hash_function
+
+      def initialize(curve: nil, hash_function: nil)
+        @curve, @hash_function = pick_parameters(curve, hash_function)
+      end
 
       def generate_signing_key
-        @signing_key = SigningKey.new(curve_name)
+        @signing_key = SigningKey.new(curve)
       end
 
-      def curve_name
-        CURVE_BY_DIGEST_LENGTH[digest_length] ||
-          raise(OpenSSL::SignatureAlgorithm::Error, "Unsupported digest length #{digest_length}")
+      def compatible_verify_key?(key)
+        super && key.respond_to?(:group) && key.group.curve_name == curve
       end
 
       private
@@ -79,6 +100,28 @@ module OpenSSL
       def verify_key_length
         verify_key.group.degree
       end
+
+      def pick_parameters(curve, hash_function)
+        parameters = ACCEPTED_PARAMETERS.detect do |params|
+          if curve
+            if hash_function
+              params[:curve] == curve && params[:hash_function] == hash_function
+            else
+              params[:curve] == curve
+            end
+          elsif hash_function
+            params[:hash_function] == hash_function
+          else
+            true
+          end
+        end
+
+        if parameters
+          [parameters[:curve], parameters[:hash_function]]
+        else
+          raise(OpenSSL::SignatureAlgorithm::UnsupportedParameterError, "Unsupported algorithm parameters")
+        end
+      end
     end
   end
 end

data/lib/openssl/signature_algorithm/eddsa.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+begin
+  gem "ed25519", ">= 1.0.0"
+  require "ed25519"
+rescue LoadError
+  warn "OpenSSL::SignatureAlgorithm::EdDSA requires the ed25519 gem, version 1.0 or higher. "\
+        "Please add it to your Gemfile: `gem \"ed25519\", \"~> 1.0\"`"
+  raise
+end
+
+require "openssl/signature_algorithm/base"
+
+module OpenSSL
+  module SignatureAlgorithm
+    class EdDSA < Base
+      class SigningKey < ::Ed25519::SigningKey
+        def verify_key
+          VerifyKey.new(keypair[32, 32])
+        end
+      end
+
+      class VerifyKey < ::Ed25519::VerifyKey
+        def self.deserialize(key_bytes)
+          new(key_bytes)
+        end
+
+        def serialize
+          to_bytes
+        end
+      end
+
+      def generate_signing_key
+        @signing_key = SigningKey.generate
+      end
+
+      def sign(data)
+        signing_key.sign(data)
+      end
+
+      def verify(signature, verification_data)
+        verify_key.verify(signature, verification_data)
+      rescue ::Ed25519::VerifyError
+        raise(OpenSSL::SignatureAlgorithm::SignatureVerificationError, "Signature verification failed")
+      end
+    end
+  end
+end

data/lib/openssl/signature_algorithm/rsa.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require "delegate"
+require "openssl"
+require "openssl/signature_algorithm/base"
+
+module OpenSSL
+  module SignatureAlgorithm
+    class RSA < Base
+      class SigningKey < DelegateClass(OpenSSL::PKey::RSA)
+        def initialize(*args)
+          super(OpenSSL::PKey::RSA.new(*args))
+        end
+
+        def verify_key
+          VerifyKey.new(public_key.to_pem)
+        end
+      end
+
+      class VerifyKey < DelegateClass(OpenSSL::PKey::RSA)
+        class << self
+          alias_method :deserialize, :new
+        end
+
+        def initialize(*args)
+          super(OpenSSL::PKey::RSA.new(*args))
+        end
+
+        def serialize
+          to_pem
+        end
+      end
+
+      ACCEPTED_HASH_FUNCTIONS = ["SHA256", "SHA384", "SHA512"].freeze
+      DEFAULT_KEY_SIZE = 2048
+
+      attr_reader :hash_function
+
+      def initialize(hash_function: self.class::ACCEPTED_HASH_FUNCTIONS.first)
+        if self.class::ACCEPTED_HASH_FUNCTIONS.include?(hash_function)
+          @hash_function = hash_function
+        else
+          raise(OpenSSL::SignatureAlgorithm::UnsupportedParameterError, "Unsupported hash function '#{hash_function}'")
+        end
+      end
+
+      def generate_signing_key(size: DEFAULT_KEY_SIZE)
+        @signing_key = SigningKey.new(size)
+      end
+    end
+  end
+end

data/lib/openssl/signature_algorithm/rsapkcs1.rb

@@ -1,32 +1,11 @@
 # frozen_string_literal: true
 
 require "openssl"
-require "openssl/signature_algorithm/base"
+require "openssl/signature_algorithm/rsa"
 
 module OpenSSL
   module SignatureAlgorithm
-    class RSAPKCS1 < Base
-      class SigningKey < OpenSSL::PKey::RSA
-        def verify_key
-          VerifyKey.new(public_key.to_pem)
-        end
-      end
-
-      class VerifyKey < OpenSSL::PKey::RSA
-        class << self
-          alias_method :deserialize, :new
-        end
-
-        def serialize
-          to_pem
-        end
-      end
-
-      DEFAULT_KEY_SIZE = 2048
-
-      def generate_signing_key(size: DEFAULT_KEY_SIZE)
-        @signing_key = SigningKey.new(size)
-      end
+    class RSAPKCS1 < RSA
     end
   end
 end

data/lib/openssl/signature_algorithm/rsapss.rb

@@ -1,33 +1,11 @@
 # frozen_string_literal: true
 
 require "openssl"
-require "openssl/signature_algorithm/base"
+require "openssl/signature_algorithm/rsa"
 
 module OpenSSL
   module SignatureAlgorithm
-    class RSAPSS < Base
-      class SigningKey < OpenSSL::PKey::RSA
-        def verify_key
-          VerifyKey.new(public_key.to_pem)
-        end
-      end
-
-      class VerifyKey < OpenSSL::PKey::RSA
-        class << self
-          alias_method :deserialize, :new
-        end
-
-        def serialize
-          to_pem
-        end
-      end
-
-      DEFAULT_KEY_SIZE = 2048
-
-      def generate_signing_key(size: DEFAULT_KEY_SIZE)
-        @signing_key = SigningKey.new(size)
-      end
-
+    class RSAPSS < RSA
       def sign(data)
         signing_key.sign_pss(hash_function, data, salt_length: :max, mgf1_hash: mgf1_hash_function)
       end
@@ -39,7 +17,7 @@ module OpenSSL
           verification_data,
           salt_length: :auto,
           mgf1_hash: mgf1_hash_function
-        ) || raise(OpenSSL::SignatureAlgorithm::Error, "Signature verification failed")
+        ) || raise(OpenSSL::SignatureAlgorithm::SignatureVerificationError, "Signature verification failed")
       end
 
       def mgf1_hash_function

data/lib/openssl/signature_algorithm/version.rb

@@ -2,6 +2,6 @@
 
 module OpenSSL
   module SignatureAlgorithm
-    VERSION = "0.4.0"
+    VERSION = "1.3.0"
   end
 end

data/openssl-signature_algorithm.gemspec

@@ -9,14 +9,8 @@ Gem::Specification.new do |spec|
   spec.email         = ["gonzalo@cedarcode.com"]
   spec.license = "Apache-2.0"
 
-  spec.summary = "OpenSSL::SignatureAlgorithm helpers for signing and verifying signatures with openssl ruby gem"
-
-  spec.description = <<-DESC
-    Provides OpenSSL::SignatureAlgorithm::ECDSA, OpenSSL::SignatureAlgorithm::RSAPSS
-    and OpenSSL::SignatureAlgorithm::RSAPKCS1 ruby object wrapers on top of OpenSSL::PKey::EC
-    and OpenSSL::PKey::RSA, so that you can reason in terms of signature algorithms when
-    signing and/or verifying signatures, instead of keys.
-  DESC
+  spec.summary = "ECDSA, EdDSA, RSA-PSS and RSA-PKCS#1 algorithms for ruby"
+  spec.description = spec.summary
 
   spec.homepage = "https://github.com/cedarcode/openssl-signature_algorithm"
   spec.required_ruby_version = Gem::Requirement.new(">= 2.4.0")
@@ -33,4 +27,6 @@ Gem::Specification.new do |spec|
   spec.bindir        = "exe"
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency "openssl", "> 2.0"
 end

metadata

@@ -1,30 +1,41 @@
 --- !ruby/object:Gem::Specification
 name: openssl-signature_algorithm
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Gonzalo Rodriguez
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-01-31 00:00:00.000000000 Z
-dependencies: []
-description: |2
-      Provides OpenSSL::SignatureAlgorithm::ECDSA, OpenSSL::SignatureAlgorithm::RSAPSS
-      and OpenSSL::SignatureAlgorithm::RSAPKCS1 ruby object wrapers on top of OpenSSL::PKey::EC
-      and OpenSSL::PKey::RSA, so that you can reason in terms of signature algorithms when
-      signing and/or verifying signatures, instead of keys.
+date: 2023-02-15 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: openssl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+description: ECDSA, EdDSA, RSA-PSS and RSA-PKCS#1 algorithms for ruby
 email:
 - gonzalo@cedarcode.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/build.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
-- ".travis.yml"
+- Appraisals
 - CHANGELOG.md
 - Gemfile
 - Gemfile.lock
@@ -33,10 +44,17 @@ files:
 - Rakefile
 - bin/console
 - bin/setup
+- gemfiles/.bundle/config
+- gemfiles/openssl_2_1.gemfile
+- gemfiles/openssl_2_2.gemfile
+- gemfiles/openssl_3_0.gemfile
+- gemfiles/openssl_3_1.gemfile
 - lib/openssl/signature_algorithm.rb
 - lib/openssl/signature_algorithm/base.rb
 - lib/openssl/signature_algorithm/ecdsa.rb
+- lib/openssl/signature_algorithm/eddsa.rb
 - lib/openssl/signature_algorithm/error.rb
+- lib/openssl/signature_algorithm/rsa.rb
 - lib/openssl/signature_algorithm/rsapkcs1.rb
 - lib/openssl/signature_algorithm/rsapss.rb
 - lib/openssl/signature_algorithm/version.rb
@@ -48,7 +66,7 @@ metadata:
   homepage_uri: https://github.com/cedarcode/openssl-signature_algorithm
   source_code_uri: https://github.com/cedarcode/openssl-signature_algorithm
   changelog_uri: https://github.com/cedarcode/openssl-signature_algorithm/blob/master/CHANGELOG.md
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -63,9 +81,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 3.2.32
+signing_key:
 specification_version: 4
-summary: OpenSSL::SignatureAlgorithm helpers for signing and verifying signatures
-  with openssl ruby gem
+summary: ECDSA, EdDSA, RSA-PSS and RSA-PKCS#1 algorithms for ruby
 test_files: []

data/.travis.yml

@@ -1,10 +0,0 @@
----
-dist: bionic
-language: ruby
-cache: bundler
-rvm:
-  - 2.7.0
-  - 2.6.5
-  - 2.5.7
-  - 2.4.9
-before_install: gem install bundler -v 2.1.4