openssl_rsa_pss_verify 0.0.2 → 0.0.3

Sign up to get free protection for your applications and to get access to all the features.
data/.gitignore CHANGED
@@ -3,3 +3,4 @@
3
3
  *.bundle
4
4
  *.o
5
5
  *.dSYM
6
+ *.gem
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- openssl_rsa_pss_verify (0.0.1)
4
+ openssl_rsa_pss_verify (0.0.2)
5
5
 
6
6
  GEM
7
7
  remote: http://rubygems.org/
@@ -0,0 +1,33 @@
1
+ ## Support PSS signatures in RSA verification
2
+
3
+ This gem requires that ruby be built against OpenSSL 1.0.1 or higher! Earlier versions don't support PSS signature verification.
4
+
5
+ ### Usage
6
+
7
+ ```ruby
8
+ require 'openssl_rsa_pss_verify'
9
+ pubkey = OpenSSL::PKey::RSA.new File.read("my_pubkey.pem")
10
+ raw_data = File.read("my_raw_data")
11
+ signature = File.read("my_signature")
12
+ salt_lenth = 0
13
+
14
+ pubkey.verify_pss_sha1(signature,
15
+ OpenSSL::Digest::SHA1.digest(raw_data),
16
+ salt_length)
17
+ #=> true or false
18
+ ```
19
+
20
+ This the above is identical to
21
+ ```bash
22
+ openssl sha1 -binary my_raw_data > my_hashed_data
23
+ openssl pkeyutl -verify -in my_hashed_data -pubin -inkey my_pubkey.pem \
24
+ -sigfile my_signature -pkeyopt digest:sha1 -pkeyopt rsa_padding_mode:pss \
25
+ -pkeyopt rsa_pss_saltlen:0
26
+ ```
27
+
28
+ See the [man page](https://www.openssl.org/docs/apps/pkeyutl.html) for more information.
29
+
30
+ ### Notes
31
+
32
+ - Only supports SHA1
33
+ - OpenSSL 1.0.1 is not available on Heroku! I'm working on a custom buildpack, but it's very ad hoc.
@@ -14,10 +14,11 @@ static VALUE rb_cRSAError;
14
14
  VALUE openssl_rsa_pss_verify__verify_pss_sha1(VALUE self, VALUE vSig, VALUE vHashData, VALUE vSaltLen) {
15
15
  EVP_PKEY * pkey;
16
16
  EVP_PKEY_CTX * pkey_ctx;
17
- int verify_rval;
17
+ int verify_rval, salt_len;
18
18
 
19
19
  StringValue(vSig);
20
20
  StringValue(vHashData);
21
+ salt_len = NUM2INT(vSaltLen);
21
22
 
22
23
  Data_Get_Struct(self, EVP_PKEY, pkey);
23
24
  pkey_ctx = EVP_PKEY_CTX_new(pkey, ENGINE_get_default_RSA());
@@ -25,7 +26,7 @@ VALUE openssl_rsa_pss_verify__verify_pss_sha1(VALUE self, VALUE vSig, VALUE vHas
25
26
  EVP_PKEY_verify_init(pkey_ctx);
26
27
  EVP_PKEY_CTX_set_signature_md(pkey_ctx, EVP_sha1());
27
28
  EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING);
28
- EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, NUM2INT(vSaltLen));
29
+ EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len);
29
30
 
30
31
  verify_rval = EVP_PKEY_verify(pkey_ctx,
31
32
  (unsigned char*)RSTRING_PTR(vSig), RSTRING_LEN(vSig),
@@ -1,3 +1,3 @@
1
1
  module OpenSSL_RSA_PSS_Verify
2
- VERSION = "0.0.2"
2
+ VERSION = "0.0.3"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openssl_rsa_pss_verify
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.2
4
+ version: 0.0.3
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -74,7 +74,7 @@ files:
74
74
  - .ruby-version
75
75
  - Gemfile
76
76
  - Gemfile.lock
77
- - README
77
+ - README.md
78
78
  - Rakefile
79
79
  - ext/openssl_rsa_pss_verify/extconf.rb
80
80
  - ext/openssl_rsa_pss_verify/openssl_rsa_pss_verify_ext.c
data/README DELETED
@@ -1 +0,0 @@
1
- Support PSS signatures in RSA verification