openssl_rsa_pss_verify 0.0.2 → 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +1 -0
- data/Gemfile.lock +1 -1
- data/README.md +33 -0
- data/ext/openssl_rsa_pss_verify/openssl_rsa_pss_verify_ext.c +3 -2
- data/lib/openssl_rsa_pss_verify/version.rb +1 -1
- metadata +2 -2
- data/README +0 -1
data/.gitignore
CHANGED
data/Gemfile.lock
CHANGED
data/README.md
ADDED
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
## Support PSS signatures in RSA verification
|
|
2
|
+
|
|
3
|
+
This gem requires that ruby be built against OpenSSL 1.0.1 or higher! Earlier versions don't support PSS signature verification.
|
|
4
|
+
|
|
5
|
+
### Usage
|
|
6
|
+
|
|
7
|
+
```ruby
|
|
8
|
+
require 'openssl_rsa_pss_verify'
|
|
9
|
+
pubkey = OpenSSL::PKey::RSA.new File.read("my_pubkey.pem")
|
|
10
|
+
raw_data = File.read("my_raw_data")
|
|
11
|
+
signature = File.read("my_signature")
|
|
12
|
+
salt_lenth = 0
|
|
13
|
+
|
|
14
|
+
pubkey.verify_pss_sha1(signature,
|
|
15
|
+
OpenSSL::Digest::SHA1.digest(raw_data),
|
|
16
|
+
salt_length)
|
|
17
|
+
#=> true or false
|
|
18
|
+
```
|
|
19
|
+
|
|
20
|
+
This the above is identical to
|
|
21
|
+
```bash
|
|
22
|
+
openssl sha1 -binary my_raw_data > my_hashed_data
|
|
23
|
+
openssl pkeyutl -verify -in my_hashed_data -pubin -inkey my_pubkey.pem \
|
|
24
|
+
-sigfile my_signature -pkeyopt digest:sha1 -pkeyopt rsa_padding_mode:pss \
|
|
25
|
+
-pkeyopt rsa_pss_saltlen:0
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
See the [man page](https://www.openssl.org/docs/apps/pkeyutl.html) for more information.
|
|
29
|
+
|
|
30
|
+
### Notes
|
|
31
|
+
|
|
32
|
+
- Only supports SHA1
|
|
33
|
+
- OpenSSL 1.0.1 is not available on Heroku! I'm working on a custom buildpack, but it's very ad hoc.
|
|
@@ -14,10 +14,11 @@ static VALUE rb_cRSAError;
|
|
|
14
14
|
VALUE openssl_rsa_pss_verify__verify_pss_sha1(VALUE self, VALUE vSig, VALUE vHashData, VALUE vSaltLen) {
|
|
15
15
|
EVP_PKEY * pkey;
|
|
16
16
|
EVP_PKEY_CTX * pkey_ctx;
|
|
17
|
-
int verify_rval;
|
|
17
|
+
int verify_rval, salt_len;
|
|
18
18
|
|
|
19
19
|
StringValue(vSig);
|
|
20
20
|
StringValue(vHashData);
|
|
21
|
+
salt_len = NUM2INT(vSaltLen);
|
|
21
22
|
|
|
22
23
|
Data_Get_Struct(self, EVP_PKEY, pkey);
|
|
23
24
|
pkey_ctx = EVP_PKEY_CTX_new(pkey, ENGINE_get_default_RSA());
|
|
@@ -25,7 +26,7 @@ VALUE openssl_rsa_pss_verify__verify_pss_sha1(VALUE self, VALUE vSig, VALUE vHas
|
|
|
25
26
|
EVP_PKEY_verify_init(pkey_ctx);
|
|
26
27
|
EVP_PKEY_CTX_set_signature_md(pkey_ctx, EVP_sha1());
|
|
27
28
|
EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING);
|
|
28
|
-
EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx,
|
|
29
|
+
EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len);
|
|
29
30
|
|
|
30
31
|
verify_rval = EVP_PKEY_verify(pkey_ctx,
|
|
31
32
|
(unsigned char*)RSTRING_PTR(vSig), RSTRING_LEN(vSig),
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: openssl_rsa_pss_verify
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.3
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -74,7 +74,7 @@ files:
|
|
|
74
74
|
- .ruby-version
|
|
75
75
|
- Gemfile
|
|
76
76
|
- Gemfile.lock
|
|
77
|
-
- README
|
|
77
|
+
- README.md
|
|
78
78
|
- Rakefile
|
|
79
79
|
- ext/openssl_rsa_pss_verify/extconf.rb
|
|
80
80
|
- ext/openssl_rsa_pss_verify/openssl_rsa_pss_verify_ext.c
|
data/README
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
Support PSS signatures in RSA verification
|