openssl_rsa_pss_verify 0.0.3 → 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 48c4bb71d22cbc145e4979556197252e5a843fd8
+  data.tar.gz: 7a64d7620ba2eefccfb4b112597aad5aec82876e
+SHA512:
+  metadata.gz: d509de63265a6db4882985b2c3d3e40ab68f6f880738b7d537ad8e4fe56cef357aea8bb9b3aaab9ae7c5efa43234039f75ef81c27fd268bae591d4bc16e88cbc
+  data.tar.gz: d48eda8588b3bffe41e7e42217dbdb24de8c73e3818aa9558969b3dd8ce456828eaab9b877e0dc37158a50b93962822d9afbbc669130bcee5cf1785721011501

data/.ruby-version

@@ -1 +1 @@
-ruby-1.9.3-p448
+ruby-2.0.0-p247

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    openssl_rsa_pss_verify (0.0.2)
+    openssl_rsa_pss_verify (0.1.0)
 
 GEM
   remote: http://rubygems.org/

data/ext/openssl_rsa_pss_verify/extconf.rb

@@ -3,5 +3,5 @@ require 'mkmf'
 if have_const("RSA_PKCS1_PSS_PADDING", "openssl/rsa.h")
   create_makefile('openssl_rsa_pss_verify')
 else
-  fail "libcyrpto not found or too old!"
+  fail "libcrypto not found or too old!"
 end

data/ext/openssl_rsa_pss_verify/openssl_rsa_pss_verify_ext.c

@@ -1,8 +1,13 @@
 #include <ruby.h>
 
 #include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
 #include <openssl/rsa.h>
+#include <openssl/pem.h>
 #include <openssl/evp.h>
+#include <openssl/err.h>
 #include <openssl/engine.h>
 #include <openssl/opensslv.h>
 
@@ -11,38 +16,160 @@ static VALUE rb_mPKey;
 static VALUE rb_cRSA;
 static VALUE rb_cRSAError;
 
-VALUE openssl_rsa_pss_verify__verify_pss_sha1(VALUE self, VALUE vSig, VALUE vHashData, VALUE vSaltLen) {
-  EVP_PKEY * pkey;
-  EVP_PKEY_CTX * pkey_ctx;
-  int verify_rval, salt_len;
+static enum ORPV_errors {
+  OK,
+  KEY_OVERFLOW,
+  NOMEM,
+  PUBKEY_PARSE,
+  PKEY_INIT,
+  RSA_ASSIGN,
+  PKEY_CTX_INIT,
+  VERIFY_INIT,
+  SET_SIG_MD,
+  SET_PADDING,
+  SET_SALTLEN,
+} err = OK;
 
-  StringValue(vSig);
-  StringValue(vHashData);
+VALUE ORPV__verify_pss_sha1(VALUE self, VALUE vPubKey, VALUE vSig, VALUE vHashData, VALUE vSaltLen) {
+  BIO * pkey_bio = NULL;
+  RSA * rsa_pub_key = NULL;
+  EVP_PKEY * pkey = NULL;
+  EVP_PKEY_CTX * pkey_ctx = NULL;
+  char * pub_key = NULL;
+  
+  int verify_rval = -1, salt_len;
+  unsigned long ossl_errcode;
+
+  vPubKey = StringValue(vPubKey);
+  vSig = StringValue(vSig);
+  vHashData = StringValue(vHashData);
   salt_len = NUM2INT(vSaltLen);
 
-  Data_Get_Struct(self, EVP_PKEY, pkey);
+  if (RSTRING_LEN(vPubKey) > (long)INT_MAX) {
+    err = KEY_OVERFLOW;
+    goto Cleanup;
+  }
+
+  pub_key = malloc(RSTRING_LEN(vPubKey));
+  if (! pub_key) {
+    err = NOMEM;
+    goto Cleanup;
+  }
+  memcpy(pub_key, StringValuePtr(vPubKey), RSTRING_LEN(vPubKey));
+
+  pkey_bio = BIO_new_mem_buf(pub_key, (int)RSTRING_LEN(vPubKey));
+  rsa_pub_key = PEM_read_bio_RSA_PUBKEY(pkey_bio, NULL, NULL, NULL);
+  if (! rsa_pub_key) {
+    err = PUBKEY_PARSE;
+    goto Cleanup;
+  }
+
+  pkey = EVP_PKEY_new();
+  if (! pkey) {
+    err = PKEY_INIT;
+    goto Cleanup;
+  }
+
+  if (! EVP_PKEY_set1_RSA(pkey, rsa_pub_key)) {
+    err = RSA_ASSIGN;
+    goto Cleanup;
+  }
+
   pkey_ctx = EVP_PKEY_CTX_new(pkey, ENGINE_get_default_RSA());
+  if (! pkey_ctx) {
+    err = PKEY_CTX_INIT;
+    goto Cleanup;
+  }
+
+  if (EVP_PKEY_verify_init(pkey_ctx) <= 0) {
+    err = VERIFY_INIT;
+    goto Cleanup;
+  }
+
+  if (EVP_PKEY_CTX_set_signature_md(pkey_ctx, EVP_sha1()) <= 0) {
+    err = SET_SIG_MD;
+    goto Cleanup;
+  }
 
-  EVP_PKEY_verify_init(pkey_ctx);
-  EVP_PKEY_CTX_set_signature_md(pkey_ctx, EVP_sha1());
-  EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING);
-  EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len);
+  if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) <= 0) {
+    err = SET_PADDING;
+    goto Cleanup;
+  }
+
+  if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len) <= 0) {
+    err = SET_SALTLEN;
+    goto Cleanup;
+  }
 
   verify_rval = EVP_PKEY_verify(pkey_ctx, 
-                                (unsigned char*)RSTRING_PTR(vSig), RSTRING_LEN(vSig), 
-                                (unsigned char*)RSTRING_PTR(vHashData), RSTRING_LEN(vHashData));
+                                (unsigned char*)StringValuePtr(vSig), (size_t)RSTRING_LEN(vSig), 
+                                (unsigned char*)StringValuePtr(vHashData), (size_t)RSTRING_LEN(vHashData));
 
-  EVP_PKEY_CTX_free(pkey_ctx);
+Cleanup:
+  /*
+   * BIO * pkey_bio = NULL;
+   * RSA * rsa_pub_key = NULL;
+   * EVP_PKEY * pkey = NULL;
+   * EVP_PKEY_CTX * pkey_ctx = NULL;
+   * char * pub_key = NULL;
+   */
+  if (pkey_ctx) EVP_PKEY_CTX_free(pkey_ctx);
+  if (pkey) EVP_PKEY_free(pkey);
+  if (rsa_pub_key) RSA_free(rsa_pub_key);
+  if (pkey_bio) BIO_free(pkey_bio);
+  if (pub_key) free(pub_key);
 
-  switch (verify_rval) {
-    case 1:
-    return Qtrue;
-    case 0:
-    return Qfalse;
+  switch (err) {
+    case OK:
+      switch (verify_rval) {
+        case 1:
+          return Qtrue;
+        case 0:
+          return Qfalse;
+        default:
+          ossl_errcode = ERR_get_error();
+          if (ossl_errcode)
+            rb_raise(rb_cRSAError, "%s", ERR_error_string(ossl_errcode, NULL));
+          else
+            rb_raise(rb_cRSAError, "An unknown error occurred during validation.");
+      }
+      break;
+
+    case KEY_OVERFLOW:
+      rb_raise(rb_cRSAError, "Your public key is too big. How is that even possible?");
+      break;
+    case NOMEM:
+      rb_raise(rb_const_get_at(rb_mErrno, rb_intern("ENOMEM")), NULL);
+      break;
+    case PUBKEY_PARSE:
+      rb_raise(rb_cRSAError, "Error parsing public key");
+      break;
+    case PKEY_INIT:
+      rb_raise(rb_cRSAError, "Failed to initialize PKEY");
+      break;
+    case RSA_ASSIGN:
+      rb_raise(rb_cRSAError, "Failed to assign RSA object to PKEY");
+      break;
+    case PKEY_CTX_INIT:
+      rb_raise(rb_cRSAError, "Failed to initialize PKEY context.");
+      break;
+    case VERIFY_INIT:
+      rb_raise(rb_cRSAError, "Failed to initialize verification process.");
+      break;
+    case SET_SIG_MD:
+      rb_raise(rb_cRSAError, "Failed to set signature message digest to SHA1.");
+      break;
+    case SET_PADDING:
+      rb_raise(rb_cRSAError, "Failed to set PSS padding.");
+      break;
+    case SET_SALTLEN:
+      rb_raise(rb_cRSAError, "Failed to set salt length.");
+      break;
     default:
-    rb_raise(rb_cRSAError, NULL);
+      rb_raise(rb_eRuntimeError, "Something has gone horribly wrong.");
   }
-  return Qnil; //dummy
+
+  return Qnil;
 }
 
 
@@ -53,5 +180,5 @@ void Init_openssl_rsa_pss_verify() {
   rb_cRSA = rb_const_get_at(rb_mPKey, rb_intern("RSA"));
   rb_cRSAError = rb_const_get_at(rb_mPKey, rb_intern("RSAError"));
 
-  rb_define_method(rb_cRSA, "verify_pss_sha1", openssl_rsa_pss_verify__verify_pss_sha1, 3);
+  rb_define_private_method(rb_cRSA, "__verify_pss_sha1", ORPV__verify_pss_sha1, 4);
 }

data/lib/openssl_rsa_pss_verify/version.rb

@@ -1,3 +1,3 @@
 module OpenSSL_RSA_PSS_Verify
-  VERSION = "0.0.3"
+  VERSION = "0.1.0"
 end

data/lib/openssl_rsa_pss_verify.rb

@@ -1,2 +1,8 @@
 require 'openssl'
 require "openssl_rsa_pss_verify/openssl_rsa_pss_verify"
+
+class OpenSSL::PKey::RSA
+  def verify_pss_sha1(signature, data, saltlen)
+    __verify_pss_sha1(public_key.to_pem, signature, OpenSSL::Digest::SHA1.digest(data), saltlen)
+  end
+end

metadata

@@ -1,20 +1,18 @@
 --- !ruby/object:Gem::Specification
 name: openssl_rsa_pss_verify
 version: !ruby/object:Gem::Version
-  version: 0.0.3
-  prerelease: 
+  version: 0.1.0
 platform: ruby
 authors:
 - Jon Distad
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-08-05 00:00:00.000000000 Z
+date: 2013-08-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -22,7 +20,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -30,7 +27,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: fuubar
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -38,7 +34,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -46,7 +41,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rake-compiler
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -54,7 +48,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -85,28 +78,27 @@ files:
 - tasks/rspec.rake
 homepage: https://github.com/jondistad/openssl_rsa_pss_verify
 licenses: []
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 - ext
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: openssl_rsa_pss_verify
-rubygems_version: 1.8.25
+rubygems_version: 2.0.7
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Adds support for verifying RSA signatures using the Probabilistic Signature
   Scheme (PSS)
 test_files: []