RubyGems - ssh_data - Versions diffs - 1.1.0 → 1.2.0 - Mend

ssh_data 1.1.0 → 1.2.0

Files changed (11) hide show

checksums.yaml +4 -4
data/lib/ssh_data/certificate.rb +9 -7
data/lib/ssh_data/encoding.rb +31 -12
data/lib/ssh_data/error.rb +6 -5
data/lib/ssh_data/public_key/ecdsa.rb +5 -1
data/lib/ssh_data/public_key/ed25519.rb +6 -2
data/lib/ssh_data/public_key/skecdsa.rb +46 -0
data/lib/ssh_data/public_key/sked25519.rb +35 -0
data/lib/ssh_data/public_key.rb +15 -7
data/lib/ssh_data/version.rb +1 -1
metadata +16 -14

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aaa29fd598724a11d13c32aa423fdb26944b5ed7d027b852de0fb3b6c8808f54
-  data.tar.gz: 6737375c449655f42d8f6a629065ad1e493f301e6ed118ca23a2d6b939b2516c
+  metadata.gz: e2a37d746413f208ac72e4dca430d8e9ad71646cdab1a86a4beb1939d538ca00
+  data.tar.gz: 37c066043665eb883f68f1a0bbff2c7b814a6c11a32dcef02d19cb24a7fd9b17
 SHA512:
-  metadata.gz: 43afd3056dd763d3bfbeb44e98936a6a35a97172000772bb91107a516642c384b3398127e211a792193102351fe3ab6bafcf2d4e7674c7233f7610f743f80341
-  data.tar.gz: e0cc819489d6ac78f0cdf2e3fb9d22ded46dda75e11e6275d9e47a354d951ed753434a1cacc82377b4c1ef4c3469e8df73cc82e981062c2d0476513f7e9a287d
+  metadata.gz: 2e32a7671a4bebef2e1a9035a9be8692af5f8274e9b6e8ca8043421ed8adf620eb88878a8a55deca82d9b1c1fad725d6018230c5bd7a75a8bec727a39e8823f8
+  data.tar.gz: e0b84d38f45eb30d9ac0a1940e26b70a83677f68bb399c206f6a599194ffddd77a9a77f18e27b2cad94de5004c67e7bf63f009f621ab9b9dabc2637fba85f1ad

data/lib/ssh_data/certificate.rb CHANGED Viewed

@@ -12,16 +12,18 @@ module SSHData
     TYPE_HOST = 2
     # Certificate algorithm identifiers
-    ALGO_RSA      = "ssh-rsa-cert-v01@openssh.com"
-    ALGO_DSA      = "ssh-dss-cert-v01@openssh.com"
-    ALGO_ECDSA256 = "ecdsa-sha2-nistp256-cert-v01@openssh.com"
-    ALGO_ECDSA384 = "ecdsa-sha2-nistp384-cert-v01@openssh.com"
-    ALGO_ECDSA521 = "ecdsa-sha2-nistp521-cert-v01@openssh.com"
-    ALGO_ED25519  = "ssh-ed25519-cert-v01@openssh.com"
+    ALGO_RSA        = "ssh-rsa-cert-v01@openssh.com"
+    ALGO_DSA        = "ssh-dss-cert-v01@openssh.com"
+    ALGO_ECDSA256   = "ecdsa-sha2-nistp256-cert-v01@openssh.com"
+    ALGO_ECDSA384   = "ecdsa-sha2-nistp384-cert-v01@openssh.com"
+    ALGO_ECDSA521   = "ecdsa-sha2-nistp521-cert-v01@openssh.com"
+    ALGO_ED25519    = "ssh-ed25519-cert-v01@openssh.com"
+    ALGO_SKECDSA256 = "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com"
+    ALGO_SKED25519  = "sk-ssh-ed25519-cert-v01@openssh.com"
     ALGOS = [
       ALGO_RSA, ALGO_DSA, ALGO_ECDSA256, ALGO_ECDSA384, ALGO_ECDSA521,
-      ALGO_ED25519
+      ALGO_ED25519, ALGO_SKECDSA256, ALGO_SKED25519
     ]
     CRITICAL_OPTION_FORCE_COMMAND  = "force-command"

data/lib/ssh_data/encoding.rb CHANGED Viewed

@@ -62,27 +62,44 @@ module SSHData
       [:public_key, :string]
     ]
+    # Fields in an SK-ECDSA public key
+    SKECDSA_KEY_FIELDS = [
+      [:curve,      :string],
+      [:public_key, :string],
+      [:application, :string]
+    ]
     # Fields in a ED25519 public key
     ED25519_KEY_FIELDS = [
       [:pk, :string]
     ]
+    # Fields in a SK-ED25519 public key
+    SKED25519_KEY_FIELDS = [
+      [:pk, :string],
+      [:application, :string]
+    ]
     PUBLIC_KEY_ALGO_BY_CERT_ALGO = {
-      Certificate::ALGO_RSA      => PublicKey::ALGO_RSA,
-      Certificate::ALGO_DSA      => PublicKey::ALGO_DSA,
-      Certificate::ALGO_ECDSA256 => PublicKey::ALGO_ECDSA256,
-      Certificate::ALGO_ECDSA384 => PublicKey::ALGO_ECDSA384,
-      Certificate::ALGO_ECDSA521 => PublicKey::ALGO_ECDSA521,
-      Certificate::ALGO_ED25519  => PublicKey::ALGO_ED25519,
+      Certificate::ALGO_RSA        => PublicKey::ALGO_RSA,
+      Certificate::ALGO_DSA        => PublicKey::ALGO_DSA,
+      Certificate::ALGO_ECDSA256   => PublicKey::ALGO_ECDSA256,
+      Certificate::ALGO_ECDSA384   => PublicKey::ALGO_ECDSA384,
+      Certificate::ALGO_ECDSA521   => PublicKey::ALGO_ECDSA521,
+      Certificate::ALGO_ED25519    => PublicKey::ALGO_ED25519,
+      Certificate::ALGO_SKECDSA256 => PublicKey::ALGO_SKECDSA256,
+      Certificate::ALGO_SKED25519  => PublicKey::ALGO_SKED25519,
     }
     CERT_ALGO_BY_PUBLIC_KEY_ALGO = {
-      PublicKey::ALGO_RSA      => Certificate::ALGO_RSA,
-      PublicKey::ALGO_DSA      => Certificate::ALGO_DSA,
-      PublicKey::ALGO_ECDSA256 => Certificate::ALGO_ECDSA256,
-      PublicKey::ALGO_ECDSA384 => Certificate::ALGO_ECDSA384,
-      PublicKey::ALGO_ECDSA521 => Certificate::ALGO_ECDSA521,
-      PublicKey::ALGO_ED25519  => Certificate::ALGO_ED25519,
+      PublicKey::ALGO_RSA        => Certificate::ALGO_RSA,
+      PublicKey::ALGO_DSA        => Certificate::ALGO_DSA,
+      PublicKey::ALGO_ECDSA256   => Certificate::ALGO_ECDSA256,
+      PublicKey::ALGO_ECDSA384   => Certificate::ALGO_ECDSA384,
+      PublicKey::ALGO_ECDSA521   => Certificate::ALGO_ECDSA521,
+      PublicKey::ALGO_ED25519    => Certificate::ALGO_ED25519,
+      PublicKey::ALGO_SKECDSA256 => Certificate::ALGO_SKECDSA256,
+      PublicKey::ALGO_SKED25519  => Certificate::ALGO_SKED25519,
     }
     KEY_FIELDS_BY_PUBLIC_KEY_ALGO = {
@@ -92,6 +109,8 @@ module SSHData
       PublicKey::ALGO_ECDSA384 => ECDSA_KEY_FIELDS,
       PublicKey::ALGO_ECDSA521 => ECDSA_KEY_FIELDS,
       PublicKey::ALGO_ED25519  => ED25519_KEY_FIELDS,
+      PublicKey::ALGO_SKED25519 => SKED25519_KEY_FIELDS,
+      PublicKey::ALGO_SKECDSA256 => SKECDSA_KEY_FIELDS,
     }
     KEY_FIELDS_BY_PRIVATE_KEY_ALGO = {

data/lib/ssh_data/error.rb CHANGED Viewed

@@ -1,7 +1,8 @@
 module SSHData
-  Error          = Class.new(StandardError)
-  DecodeError    = Class.new(Error)
-  VerifyError    = Class.new(Error)
-  AlgorithmError = Class.new(Error)
-  DecryptError   = Class.new(Error)
+  Error            = Class.new(StandardError)
+  DecodeError      = Class.new(Error)
+  VerifyError      = Class.new(Error)
+  AlgorithmError   = Class.new(Error)
+  DecryptError     = Class.new(Error)
+  UnsupportedError = Class.new(Error)
 end

data/lib/ssh_data/public_key/ecdsa.rb CHANGED Viewed

@@ -65,7 +65,7 @@ module SSHData
         [Encoding.encode_mpint(r.value), Encoding.encode_mpint(s.value)].join
       end
-      def initialize(algo:, curve:, public_key:)
+      def self.check_algorithm!(algo, curve)
         unless [ALGO_ECDSA256, ALGO_ECDSA384, ALGO_ECDSA521].include?(algo)
           raise DecodeError, "bad algorithm: #{algo.inspect}"
         end
@@ -73,6 +73,10 @@ module SSHData
         unless algo == "ecdsa-sha2-#{curve}"
           raise DecodeError, "bad curve: #{curve.inspect}"
         end
+      end
+      def initialize(algo:, curve:, public_key:)
+        self.class.check_algorithm!(algo, curve)
         @curve = curve
         @public_key_bytes = public_key

data/lib/ssh_data/public_key/ed25519.rb CHANGED Viewed

@@ -16,8 +16,12 @@ module SSHData
         raise AlgorithmError, "the ed25519 gem is not loaded" unless enabled?
       end
+      def self.algorithm_identifier
+        ALGO_ED25519
+      end
       def initialize(algo:, pk:)
-        unless algo == ALGO_ED25519
+        unless algo == self.class.algorithm_identifier
           raise DecodeError, "bad algorithm: #{algo.inspect}"
         end
@@ -40,7 +44,7 @@ module SSHData
         self.class.ed25519_gem_required!
         sig_algo, raw_sig, _ = Encoding.decode_signature(signature)
-        if sig_algo != ALGO_ED25519
+        if sig_algo != self.class.algorithm_identifier
           raise DecodeError, "bad signature algorithm: #{sig_algo.inspect}"
         end

data/lib/ssh_data/public_key/skecdsa.rb ADDED Viewed

@@ -0,0 +1,46 @@
+module SSHData
+  module PublicKey
+    class SKECDSA < ECDSA
+      attr_reader :application
+      OPENSSL_CURVE_NAME_FOR_CURVE = {
+        NISTP256 => "prime256v1",
+      }
+      def self.check_algorithm!(algo, curve)
+        unless algo == ALGO_SKECDSA256
+          raise DecodeError, "bad algorithm: #{algo.inspect}"
+        end
+        unless algo == "sk-ecdsa-sha2-#{curve}@openssh.com"
+          raise DecodeError, "bad curve: #{curve.inspect}"
+        end
+      end
+      def initialize(algo:, curve:, public_key:, application:)
+        @application = application
+        super(algo: algo, curve: curve, public_key: public_key)
+      end
+      # RFC4253 binary encoding of the public key.
+      #
+      # Returns a binary String.
+      def rfc4253
+        Encoding.encode_fields(
+          [:string, algo],
+          [:string, curve],
+          [:string, public_key_bytes],
+          [:string, application],
+        )
+      end
+      def verify(signed_data, signature)
+        raise UnsupportedError, "SK-ECDSA verification is not supported."
+      end
+      def ==(other)
+        super && other.application == application
+      end
+    end
+  end
+end

data/lib/ssh_data/public_key/sked25519.rb ADDED Viewed

@@ -0,0 +1,35 @@
+module SSHData
+  module PublicKey
+    class SKED25519 < ED25519
+      attr_reader :application
+      def initialize(algo:, pk:, application:)
+        @application = application
+        super(algo: algo, pk: pk)
+      end
+      def self.algorithm_identifier
+        ALGO_SKED25519
+      end
+      # RFC4253 binary encoding of the public key.
+      #
+      # Returns a binary String.
+      def rfc4253
+        Encoding.encode_fields(
+          [:string, algo],
+          [:string, pk],
+          [:string, application],
+        )
+      end
+      def verify(signed_data, signature)
+        raise UnsupportedError, "SK-Ed25519 verification is not supported."
+      end
+      def ==(other)
+        super && other.application == application
+      end
+    end
+  end
+end

data/lib/ssh_data/public_key.rb CHANGED Viewed

@@ -1,12 +1,14 @@
 module SSHData
   module PublicKey
     # Public key algorithm identifiers
-    ALGO_RSA      = "ssh-rsa"
-    ALGO_DSA      = "ssh-dss"
-    ALGO_ECDSA256 = "ecdsa-sha2-nistp256"
-    ALGO_ECDSA384 = "ecdsa-sha2-nistp384"
-    ALGO_ECDSA521 = "ecdsa-sha2-nistp521"
-    ALGO_ED25519  = "ssh-ed25519"
+    ALGO_RSA        = "ssh-rsa"
+    ALGO_DSA        = "ssh-dss"
+    ALGO_ECDSA256   = "ecdsa-sha2-nistp256"
+    ALGO_ECDSA384   = "ecdsa-sha2-nistp384"
+    ALGO_ECDSA521   = "ecdsa-sha2-nistp521"
+    ALGO_ED25519    = "ssh-ed25519"
+    ALGO_SKED25519  = "sk-ssh-ed25519@openssh.com"
+    ALGO_SKECDSA256 = "sk-ecdsa-sha2-nistp256@openssh.com"
     # RSA SHA2 *signature* algorithms used with ALGO_RSA keys.
     # https://tools.ietf.org/html/draft-rsa-dsa-sha2-256-02
@@ -15,7 +17,7 @@ module SSHData
     ALGOS = [
       ALGO_RSA, ALGO_DSA, ALGO_ECDSA256, ALGO_ECDSA384, ALGO_ECDSA521,
-      ALGO_ED25519
+      ALGO_ED25519, ALGO_SKECDSA256, ALGO_SKED25519
     ]
     # Parse an OpenSSH public key in authorized_keys format (see sshd(8) manual
@@ -64,6 +66,10 @@ module SSHData
         ECDSA.new(**data)
       when ALGO_ED25519
         ED25519.new(**data)
+      when ALGO_SKED25519
+        SKED25519.new(**data)
+      when ALGO_SKECDSA256
+        SKECDSA.new(**data)
       else
         raise DecodeError, "unkown algo: #{data[:algo].inspect}"
       end
@@ -76,3 +82,5 @@ require "ssh_data/public_key/rsa"
 require "ssh_data/public_key/dsa"
 require "ssh_data/public_key/ecdsa"
 require "ssh_data/public_key/ed25519"
+require "ssh_data/public_key/sked25519"
+require "ssh_data/public_key/skecdsa"

data/lib/ssh_data/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module SSHData
-  VERSION = "1.1.0"
+  VERSION = "1.2.0"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ssh_data
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.0
 platform: ruby
 authors:
 - mastahyeti
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-11-20 00:00:00.000000000 Z
+date: 2021-12-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ed25519
@@ -30,43 +30,43 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '0.14'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '0.14'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.5'
+        version: '3.10'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.5'
+        version: '3.10'
 - !ruby/object:Gem::Dependency
   name: rspec-mocks
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.5'
+        version: '3.10'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.5'
-description:
+        version: '3.10'
+description:
 email: opensource+ssh_data@github.com
 executables: []
 extensions: []
@@ -89,18 +89,20 @@ files:
 - "./lib/ssh_data/public_key/ecdsa.rb"
 - "./lib/ssh_data/public_key/ed25519.rb"
 - "./lib/ssh_data/public_key/rsa.rb"
+- "./lib/ssh_data/public_key/skecdsa.rb"
+- "./lib/ssh_data/public_key/sked25519.rb"
 - "./lib/ssh_data/version.rb"
 homepage: https://github.com/github/ssh_data
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - "~>"
+  - - ">="
     - !ruby/object:Gem::Version
       version: '2.3'
 required_rubygems_version: !ruby/object:Gem::Requirement
@@ -109,8 +111,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.4
-signing_key:
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: Library for parsing SSH certificates
 test_files: []