openssl-signature_algorithm 1.0.0 → 1.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 14fbf64f6f493adb44ffe4e2f8dc537a8800a6af79c7716c85a49eaab5664ce0
-  data.tar.gz: 700d2d7ebfa40f05f004735eca6dc938066b69a02015c2b2cca0349db1b330ed
+  metadata.gz: 829f2b6155e541e120828301a89ccf7dccdf850f6e0c011dd9f3a24d4c0481e3
+  data.tar.gz: eba31639c4813641c2eea718c96913534e4454388fdf6401eb3f4f189c2456bf
 SHA512:
-  metadata.gz: dd9b7bd8aca161cc531427cb7b2b2e0dfcc5143b5d4443069f95bf4d135fb5d936806372de7c5ed8f91739c8ebe7b1e98f8268bd1186df4061a1a587fc722b3c
-  data.tar.gz: 36ceaa919dbd5dfda0dfcf90848c53d5e9eeed9be7cc1eaafdf1d15c5351b4f9782ee4c501c40cad9db147b6c1955f1c8ce3405cd4a49ccb9cf741e5878512b3
+  metadata.gz: 986c6f9e6593cb407f0023d80364257846281377d2b623066c006a13fb3c8543d72c0d4db6aaea11e626f16e0a7d4c9c7ff2e17f12d6f5409d84e8f40f328ebf
+  data.tar.gz: 36fba5619a93296702fa2656277926c5f8e26d08ba46938e7b73c39440542aaf4fa8d3f29da693880e954db7ae9b8733052d0a7e453cce6ca9c1cba7ed2c67aa

data/.github/workflows/build.yml

@@ -0,0 +1,38 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: build
+
+on: push
+
+jobs:
+  test:
+    runs-on: ubuntu-20.04
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby-version:
+          - 3.0.0
+          - 2.7.2
+          - 2.6.6
+          - 2.5.8
+          - 2.4.10
+        gemfile:
+          - openssl_3_0
+          - openssl_2_2
+          - openssl_2_1
+          - openssl_2_0
+    env:
+      BUNDLE_GEMFILE: gemfiles/${{ matrix.gemfile }}.gemfile
+    steps:
+    - uses: actions/checkout@v2
+    - run: rm Gemfile.lock
+    - uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true
+    - run: bundle exec rake

data/.rubocop.yml

@@ -3,6 +3,7 @@ AllCops:
   DisabledByDefault: true
   Exclude:
     - "gemfiles/**/*"
+    - "vendor/bundle/**/*"
 
 Bundler:
   Enabled: true

data/Appraisals

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-appraise "openssl_head" do
-  gem "openssl", git: "https://github.com/ruby/openssl"
+appraise "openssl_3_0" do
+  gem "openssl", "~> 3.0.0"
 end
 
 appraise "openssl_2_2" do
@@ -15,6 +15,3 @@ end
 appraise "openssl_2_0" do
   gem "openssl", "~> 2.0.0"
 end
-
-appraise "openssl_default" do
-end

data/CHANGELOG.md

@@ -1,5 +1,21 @@
 # Changelog
 
+## [v1.2.1] - 2022-06-05
+
+- Support OpenSSL ~>3.0.0. Credits to @ClearlyClaire <3
+
+## [v1.1.1] - 2021-02-11
+
+### Fixed
+
+- Fix error asking for ed25519 gem when actually not using EdDSA
+
+## [v1.1.0] - 2021-02-11
+
+### Added
+
+- EdDSA support added (requires adding the `ed25519` gem to your `Gemfile`) ([@santiagorodriguez96])
+
 ## [v1.0.0] - 2020-07-08
 
 ### Added
@@ -72,9 +88,15 @@
 - `OpenSSL::SignatureAlgorithm::RSAPSS`
 - `OpenSSL::SignatureAlgorithm::RSAPKCS1`
 
+[v1.2.1]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v1.1.1...v1.2.1/
+[v1.1.1]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v1.1.0...v1.1.1/
+[v1.1.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v1.0.0...v1.1.0/
 [v1.0.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v0.4.0...v1.0.0/
 [v0.4.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v0.3.0...v0.4.0/
 [v0.3.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v0.2.0...v0.3.0/
 [v0.2.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v0.1.1...v0.2.0/
 [v0.1.1]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v0.1.0...v0.1.1/
 [v0.1.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/41887c277dc7fa0c884ccf8924cf990ff76784d9...v0.1.0/
+
+[@santiagorodriguez96]: https://github.com/santiagorodriguez96
+[@ClearlyClaire]: https://github.com/clearlyclaire

data/Gemfile

@@ -7,6 +7,7 @@ gemspec
 
 gem "appraisal", "~> 2.2"
 gem "byebug", "~> 11.0"
+gem "ed25519", "~> 1.2"
 gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"
 gem "rubocop", "~> 0.80.1"

data/Gemfile.lock

@@ -1,7 +1,8 @@
 PATH
   remote: .
   specs:
-    openssl-signature_algorithm (1.0.0)
+    openssl-signature_algorithm (1.1.1)
+      openssl (> 2.0, < 3.1)
 
 GEM
   remote: https://rubygems.org/
@@ -13,7 +14,9 @@ GEM
     ast (2.4.0)
     byebug (11.1.1)
     diff-lcs (1.3)
+    ed25519 (1.2.4)
     jaro_winkler (1.5.4)
+    openssl (3.0.0)
     parallel (1.19.1)
     parser (2.7.0.5)
       ast (~> 2.4.0)
@@ -51,10 +54,11 @@ PLATFORMS
 DEPENDENCIES
   appraisal (~> 2.2)
   byebug (~> 11.0)
+  ed25519 (~> 1.2)
   openssl-signature_algorithm!
   rake (~> 13.0)
   rspec (~> 3.0)
   rubocop (~> 0.80.1)
 
 BUNDLED WITH
-   2.1.4
+   2.2.8

data/README.md

@@ -1,16 +1,18 @@
 # OpenSSL::SignatureAlgorithm
 
-> ECDSA, RSA-PSS and RSA-PKCS#1 signature algorithms for ruby
+> ECDSA, EdDSA, RSA-PSS and RSA-PKCS#1 signature algorithms for ruby
 
 Sign and verify using signature algorithm wrappers, instead of key objects.
 
-Provides `OpenSSL::SignatureAlgorithm::ECDSA`, `OpenSSL::SignatureAlgorithm::RSAPSS`
+Provides `OpenSSL::SignatureAlgorithm::ECDSA`, `OpenSSL::SignatureAlgorithm::EdDSA`, `OpenSSL::SignatureAlgorithm::RSAPSS`
 and `OpenSSL::SignatureAlgorithm::RSAPKCS1` ruby object wrappers on top of `OpenSSL::PKey::EC`
 and `OpenSSL::PKey::RSA`, so that you can reason in terms of the algorithms and do less when
 signing or verifying signatures.
 
+Loosely inspired by [rbnacl](https://github.com/RubyCrypto/rbnacl)'s [Digital Signatures](https://github.com/RubyCrypto/rbnacl/wiki/Digital-Signatures) interface.
+
 [![Gem](https://img.shields.io/gem/v/openssl-signature_algorithm.svg?style=flat-square&color=informational)](https://rubygems.org/gems/openssl-signature_algorithm)
-[![Travis](https://img.shields.io/travis/cedarcode/openssl-signature_algorithm/master.svg?style=flat-square)](https://travis-ci.org/cedarcode/openssl-signature_algorithm)
+[![Actions Build](https://github.com/cedarcode/openssl-signature_algorithm/workflows/build/badge.svg)](https://github.com/cedarcode/openssl-signature_algorithm/actions)
 
 ## Installation
 
@@ -50,6 +52,30 @@ algorithm.verify_key = verify_key
 algorithm.verify(signature, to_be_signed)
 ```
 
+### EdDSA
+
+Requires adding the `ed25519` gem to your `Gemfile`
+
+```ruby
+require "openssl/signature_algorithm/eddsa"
+
+to_be_signed = "to-be-signed"
+
+# Signer
+algorithm = OpenSSL::SignatureAlgorithm::EdDSA.new
+signing_key = algorithm.generate_signing_key
+signature = algorithm.sign(to_be_signed)
+
+# Signer sends verify key to Verifier
+verify_key_string = signing_key.verify_key.serialize
+
+# Verifier
+verify_key = OpenSSL::SignatureAlgorithm::EdDSA::VerifyKey.deserialize(verify_key_string)
+algorithm = OpenSSL::SignatureAlgorithm::EdDSA.new
+algorithm.verify_key = verify_key
+algorithm.verify(signature, to_be_signed)
+```
+
 ### RSA-PSS
 
 ```ruby

data/gemfiles/openssl_2_0.gemfile

@@ -7,6 +7,7 @@ gem "byebug", "~> 11.0"
 gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"
 gem "rubocop", "~> 0.80.1"
+gem "ed25519", "~> 1.2"
 gem "openssl", "~> 2.0.0"
 
 gemspec path: "../"

data/gemfiles/openssl_2_1.gemfile

@@ -7,6 +7,7 @@ gem "byebug", "~> 11.0"
 gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"
 gem "rubocop", "~> 0.80.1"
+gem "ed25519", "~> 1.2"
 gem "openssl", "~> 2.1.0"
 
 gemspec path: "../"

data/gemfiles/openssl_2_2.gemfile

@@ -7,6 +7,7 @@ gem "byebug", "~> 11.0"
 gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"
 gem "rubocop", "~> 0.80.1"
+gem "ed25519", "~> 1.2"
 gem "openssl", "~> 2.2.0"
 
 gemspec path: "../"

data/lib/openssl/signature_algorithm/ecdsa.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require "delegate"
 require "openssl"
 require "openssl/signature_algorithm/base"
 
@@ -8,9 +9,9 @@ module OpenSSL
     class ECDSA < Base
       BYTE_LENGTH = 8
 
-      class SigningKey < OpenSSL::PKey::EC
+      class SigningKey < DelegateClass(OpenSSL::PKey::EC)
         def initialize(*args)
-          super(*args).generate_key
+          super(OpenSSL::PKey::EC.generate(*args))
         end
 
         def verify_key
@@ -18,7 +19,11 @@ module OpenSSL
         end
       end
 
-      class VerifyKey < OpenSSL::PKey::EC::Point
+      class VerifyKey < DelegateClass(OpenSSL::PKey::EC::Point)
+        def initialize(*args)
+          super(OpenSSL::PKey::EC::Point.new(*args))
+        end
+
         def self.deserialize(pem_string)
           new(OpenSSL::PKey::EC.new(pem_string).public_key)
         end
@@ -30,10 +35,16 @@ module OpenSSL
         def ec_key
           @ec_key ||=
             begin
-              ec_key = OpenSSL::PKey::EC.new(group)
-              ec_key.public_key = self
-
-              ec_key
+              # RFC5480 SubjectPublicKeyInfo
+              asn1 = OpenSSL::ASN1::Sequence([
+                OpenSSL::ASN1::Sequence([
+                  OpenSSL::ASN1::ObjectId("id-ecPublicKey"),
+                  OpenSSL::ASN1::ObjectId(group.curve_name),
+                ]),
+                OpenSSL::ASN1::BitString(to_octet_string(:uncompressed))
+              ])
+
+              OpenSSL::PKey::EC.new(asn1.to_der)
             end
         end
 

data/lib/openssl/signature_algorithm/eddsa.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+begin
+  gem "ed25519", ">= 1.0.0"
+  require "ed25519"
+rescue LoadError
+  warn "OpenSSL::SignatureAlgorithm::EdDSA requires the ed25519 gem, version 1.0 or higher. "\
+        "Please add it to your Gemfile: `gem \"ed25519\", \"~> 1.0\"`"
+  raise
+end
+
+require "openssl/signature_algorithm/base"
+
+module OpenSSL
+  module SignatureAlgorithm
+    class EdDSA < Base
+      class SigningKey < ::Ed25519::SigningKey
+        def verify_key
+          VerifyKey.new(keypair[32, 32])
+        end
+      end
+
+      class VerifyKey < ::Ed25519::VerifyKey
+        def self.deserialize(key_bytes)
+          new(key_bytes)
+        end
+
+        def serialize
+          to_bytes
+        end
+      end
+
+      def generate_signing_key
+        @signing_key = SigningKey.generate
+      end
+
+      def sign(data)
+        signing_key.sign(data)
+      end
+
+      def verify(signature, verification_data)
+        verify_key.verify(signature, verification_data)
+      rescue ::Ed25519::VerifyError
+        raise(OpenSSL::SignatureAlgorithm::SignatureVerificationError, "Signature verification failed")
+      end
+    end
+  end
+end

data/lib/openssl/signature_algorithm/rsa.rb

@@ -1,22 +1,31 @@
 # frozen_string_literal: true
 
+require "delegate"
 require "openssl"
 require "openssl/signature_algorithm/base"
 
 module OpenSSL
   module SignatureAlgorithm
     class RSA < Base
-      class SigningKey < OpenSSL::PKey::RSA
+      class SigningKey < DelegateClass(OpenSSL::PKey::RSA)
+        def initialize(*args)
+          super(OpenSSL::PKey::RSA.new(*args))
+        end
+
         def verify_key
           VerifyKey.new(public_key.to_pem)
         end
       end
 
-      class VerifyKey < OpenSSL::PKey::RSA
+      class VerifyKey < DelegateClass(OpenSSL::PKey::RSA)
         class << self
           alias_method :deserialize, :new
         end
 
+        def initialize(*args)
+          super(OpenSSL::PKey::RSA.new(*args))
+        end
+
         def serialize
           to_pem
         end

data/lib/openssl/signature_algorithm/version.rb

@@ -2,6 +2,6 @@
 
 module OpenSSL
   module SignatureAlgorithm
-    VERSION = "1.0.0"
+    VERSION = "1.2.1"
   end
 end

data/openssl-signature_algorithm.gemspec

@@ -9,7 +9,7 @@ Gem::Specification.new do |spec|
   spec.email         = ["gonzalo@cedarcode.com"]
   spec.license = "Apache-2.0"
 
-  spec.summary = "ECDSA, RSA-PSS and RSA-PKCS#1 algorithms for ruby"
+  spec.summary = "ECDSA, EdDSA, RSA-PSS and RSA-PKCS#1 algorithms for ruby"
   spec.description = spec.summary
 
   spec.homepage = "https://github.com/cedarcode/openssl-signature_algorithm"
@@ -27,4 +27,6 @@ Gem::Specification.new do |spec|
   spec.bindir        = "exe"
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency "openssl", "> 2.0", "< 3.1"
 end

metadata

@@ -1,26 +1,46 @@
 --- !ruby/object:Gem::Specification
 name: openssl-signature_algorithm
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.2.1
 platform: ruby
 authors:
 - Gonzalo Rodriguez
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-07-08 00:00:00.000000000 Z
-dependencies: []
-description: ECDSA, RSA-PSS and RSA-PKCS#1 algorithms for ruby
+date: 2022-06-05 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: openssl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+description: ECDSA, EdDSA, RSA-PSS and RSA-PKCS#1 algorithms for ruby
 email:
 - gonzalo@cedarcode.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/build.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
-- ".travis.yml"
 - Appraisals
 - CHANGELOG.md
 - Gemfile
@@ -34,11 +54,10 @@ files:
 - gemfiles/openssl_2_0.gemfile
 - gemfiles/openssl_2_1.gemfile
 - gemfiles/openssl_2_2.gemfile
-- gemfiles/openssl_default.gemfile
-- gemfiles/openssl_head.gemfile
 - lib/openssl/signature_algorithm.rb
 - lib/openssl/signature_algorithm/base.rb
 - lib/openssl/signature_algorithm/ecdsa.rb
+- lib/openssl/signature_algorithm/eddsa.rb
 - lib/openssl/signature_algorithm/error.rb
 - lib/openssl/signature_algorithm/rsa.rb
 - lib/openssl/signature_algorithm/rsapkcs1.rb
@@ -52,7 +71,7 @@ metadata:
   homepage_uri: https://github.com/cedarcode/openssl-signature_algorithm
   source_code_uri: https://github.com/cedarcode/openssl-signature_algorithm
   changelog_uri: https://github.com/cedarcode/openssl-signature_algorithm/blob/master/CHANGELOG.md
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -67,8 +86,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key: 
+rubygems_version: 3.2.32
+signing_key:
 specification_version: 4
-summary: ECDSA, RSA-PSS and RSA-PKCS#1 algorithms for ruby
+summary: ECDSA, EdDSA, RSA-PSS and RSA-PKCS#1 algorithms for ruby
 test_files: []

data/.travis.yml

@@ -1,24 +0,0 @@
----
-dist: bionic
-language: ruby
-cache: bundler
-rvm:
-  - ruby-head
-  - 2.7.1
-  - 2.6.6
-  - 2.5.8
-  - 2.4.10
-gemfile:
-  - gemfiles/openssl_head.gemfile
-  - gemfiles/openssl_2_2.gemfile
-  - gemfiles/openssl_2_1.gemfile
-  - gemfiles/openssl_2_0.gemfile
-  - gemfiles/openssl_default.gemfile
-matrix:
-  fast_finish: true
-  allow_failures:
-    - rvm: ruby-head
-    - gemfile: gemfiles/openssl_head.gemfile
-before_install:
-  - gem install bundler -v 2.1.4
-  - rm Gemfile.lock

data/gemfiles/openssl_default.gemfile

@@ -1,11 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "appraisal", "~> 2.2"
-gem "byebug", "~> 11.0"
-gem "rake", "~> 13.0"
-gem "rspec", "~> 3.0"
-gem "rubocop", "~> 0.80.1"
-
-gemspec path: "../"

data/gemfiles/openssl_head.gemfile

@@ -1,12 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "appraisal", "~> 2.2"
-gem "byebug", "~> 11.0"
-gem "rake", "~> 13.0"
-gem "rspec", "~> 3.0"
-gem "rubocop", "~> 0.80.1"
-gem "openssl", git: "https://github.com/ruby/openssl"
-
-gemspec path: "../"