New Upstream Release - ruby-openssl-signature-algorithm
Ready changes
Summary
Merged new upstream version: 1.3.0 (was: 1.2.1).
Resulting package
Built on 2023-04-27T17:33 (took 6m31s)
The resulting binary packages can be installed (if you have the apt repository enabled) by running one of:
apt install -t fresh-releases ruby-openssl-signature-algorithm
Lintian Result
Diff
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 0000000..64f3d57
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,54 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: build
+
+on: push
+
+jobs:
+ test:
+ runs-on: ubuntu-20.04
+ strategy:
+ fail-fast: false
+ matrix:
+ ruby-version:
+ - 3.2.0
+ - 3.1.3
+ - 3.0.5
+ - 2.7.7
+ - 2.6.6
+ - 2.5.8
+ - 2.4.10
+ gemfile:
+ - openssl_3_1
+ - openssl_3_0
+ - openssl_2_2
+ - openssl_2_1
+ exclude:
+ - ruby-version: '2.4.10'
+ gemfile: openssl_3_0
+ - ruby-version: '2.5.8'
+ gemfile: openssl_3_0
+ - ruby-version: '2.4.10'
+ gemfile: openssl_3_1
+ - ruby-version: '2.5.8'
+ gemfile: openssl_3_1
+ env:
+ BUNDLE_GEMFILE: gemfiles/${{ matrix.gemfile }}.gemfile
+ steps:
+ - uses: actions/checkout@v2
+ - run: rm Gemfile.lock
+ - name: Set up Ruby ${{ matrix.ruby }}
+ uses: ruby/setup-ruby@v1
+ with:
+ ruby-version: ${{ matrix.ruby-version }}
+ bundler-cache: true
+ - name: Run rubocop
+ run: bundle exec rubocop
+ if: ${{ matrix.ruby == '3.2.0' }}
+ - name: Run tests
+ run: bundle exec rspec
diff --git a/.rubocop.yml b/.rubocop.yml
index 65c1eb3..e0bbd10 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -1,8 +1,10 @@
AllCops:
TargetRubyVersion: 2.4
DisabledByDefault: true
+ NewCops: disable
Exclude:
- "gemfiles/**/*"
+ - "vendor/bundle/**/*"
Bundler:
Enabled: true
@@ -19,6 +21,9 @@ Layout/LineLength:
Lint:
Enabled: true
+Lint/MissingSuper:
+ Enabled: false
+
Naming:
Enabled: true
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index 66f9097..0000000
--- a/.travis.yml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-dist: bionic
-language: ruby
-cache: bundler
-rvm:
- - ruby-head
- - 2.7.1
- - 2.6.6
- - 2.5.8
- - 2.4.10
-gemfile:
- - gemfiles/openssl_head.gemfile
- - gemfiles/openssl_2_2.gemfile
- - gemfiles/openssl_2_1.gemfile
- - gemfiles/openssl_2_0.gemfile
- - gemfiles/openssl_default.gemfile
-matrix:
- fast_finish: true
- allow_failures:
- - rvm: ruby-head
- - gemfile: gemfiles/openssl_head.gemfile
-before_install:
- - gem install bundler -v 2.1.4
- - rm Gemfile.lock
diff --git a/Appraisals b/Appraisals
index f305ee2..0d885f7 100644
--- a/Appraisals
+++ b/Appraisals
@@ -1,7 +1,11 @@
# frozen_string_literal: true
-appraise "openssl_head" do
- gem "openssl", git: "https://github.com/ruby/openssl"
+appraise "openssl_3_1" do
+ gem "openssl", "~> 3.1.0"
+end
+
+appraise "openssl_3_0" do
+ gem "openssl", "~> 3.0.0"
end
appraise "openssl_2_2" do
@@ -11,10 +15,3 @@ end
appraise "openssl_2_1" do
gem "openssl", "~> 2.1.0"
end
-
-appraise "openssl_2_0" do
- gem "openssl", "~> 2.0.0"
-end
-
-appraise "openssl_default" do
-end
diff --git a/CHANGELOG.md b/CHANGELOG.md
index b061911..399d3d4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,25 @@
# Changelog
+## [v1.3.0] - 2023-02-15
+
+- Loose OpenSSL dependency to support 3.1 users. Thanks @bdewater <3
+
+## [v1.2.1] - 2022-06-05
+
+- Support OpenSSL ~>3.0.0. Credits to @ClearlyClaire <3
+
+## [v1.1.1] - 2021-02-11
+
+### Fixed
+
+- Fix error asking for ed25519 gem when actually not using EdDSA
+
+## [v1.1.0] - 2021-02-11
+
+### Added
+
+- EdDSA support added (requires adding the `ed25519` gem to your `Gemfile`) ([@santiagorodriguez96])
+
## [v1.0.0] - 2020-07-08
### Added
@@ -72,9 +92,17 @@
- `OpenSSL::SignatureAlgorithm::RSAPSS`
- `OpenSSL::SignatureAlgorithm::RSAPKCS1`
+[v1.3.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v1.2.1...v1.3.0/
+[v1.2.1]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v1.1.1...v1.2.1/
+[v1.1.1]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v1.1.0...v1.1.1/
+[v1.1.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v1.0.0...v1.1.0/
[v1.0.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v0.4.0...v1.0.0/
[v0.4.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v0.3.0...v0.4.0/
[v0.3.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v0.2.0...v0.3.0/
[v0.2.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v0.1.1...v0.2.0/
[v0.1.1]: https://github.com/cedarcode/openssl-signature_algorithm/compare/v0.1.0...v0.1.1/
[v0.1.0]: https://github.com/cedarcode/openssl-signature_algorithm/compare/41887c277dc7fa0c884ccf8924cf990ff76784d9...v0.1.0/
+
+[@santiagorodriguez96]: https://github.com/santiagorodriguez96
+[@ClearlyClaire]: https://github.com/clearlyclaire
+[@bdewater]: https://github.com/bdewater
diff --git a/Gemfile b/Gemfile
index 19fd6e3..e8978c6 100644
--- a/Gemfile
+++ b/Gemfile
@@ -7,6 +7,7 @@ gemspec
gem "appraisal", "~> 2.2"
gem "byebug", "~> 11.0"
+gem "ed25519", "~> 1.2"
gem "rake", "~> 13.0"
gem "rspec", "~> 3.0"
-gem "rubocop", "~> 0.80.1"
+gem "rubocop", "~> 1.0"
diff --git a/Gemfile.lock b/Gemfile.lock
index a2cc97d..2ac73d9 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,7 +1,8 @@
PATH
remote: .
specs:
- openssl-signature_algorithm (1.0.0)
+ openssl-signature_algorithm (1.2.1)
+ openssl (> 2.0)
GEM
remote: https://rubygems.org/
@@ -10,16 +11,19 @@ GEM
bundler
rake
thor (>= 0.14.0)
- ast (2.4.0)
+ ast (2.4.2)
byebug (11.1.1)
diff-lcs (1.3)
- jaro_winkler (1.5.4)
- parallel (1.19.1)
- parser (2.7.0.5)
- ast (~> 2.4.0)
- rainbow (3.0.0)
+ ed25519 (1.2.4)
+ json (2.6.3)
+ openssl (3.0.0)
+ parallel (1.22.1)
+ parser (3.2.1.0)
+ ast (~> 2.4.1)
+ rainbow (3.1.1)
rake (13.0.1)
- rexml (3.2.4)
+ regexp_parser (2.7.0)
+ rexml (3.2.5)
rspec (3.9.0)
rspec-core (~> 3.9.0)
rspec-expectations (~> 3.9.0)
@@ -33,17 +37,21 @@ GEM
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.9.0)
rspec-support (3.9.2)
- rubocop (0.80.1)
- jaro_winkler (~> 1.5.1)
+ rubocop (1.45.1)
+ json (~> 2.3)
parallel (~> 1.10)
- parser (>= 2.7.0.1)
+ parser (>= 3.2.0.0)
rainbow (>= 2.2.2, < 4.0)
- rexml
+ regexp_parser (>= 1.8, < 3.0)
+ rexml (>= 3.2.5, < 4.0)
+ rubocop-ast (>= 1.24.1, < 2.0)
ruby-progressbar (~> 1.7)
- unicode-display_width (>= 1.4.0, < 1.7)
- ruby-progressbar (1.10.1)
+ unicode-display_width (>= 2.4.0, < 3.0)
+ rubocop-ast (1.24.1)
+ parser (>= 3.1.1.0)
+ ruby-progressbar (1.11.0)
thor (1.0.1)
- unicode-display_width (1.6.1)
+ unicode-display_width (2.4.2)
PLATFORMS
ruby
@@ -51,10 +59,11 @@ PLATFORMS
DEPENDENCIES
appraisal (~> 2.2)
byebug (~> 11.0)
+ ed25519 (~> 1.2)
openssl-signature_algorithm!
rake (~> 13.0)
rspec (~> 3.0)
- rubocop (~> 0.80.1)
+ rubocop (~> 1.0)
BUNDLED WITH
- 2.1.4
+ 2.3.26
diff --git a/README.md b/README.md
index 65890e6..cd33fc5 100644
--- a/README.md
+++ b/README.md
@@ -1,16 +1,18 @@
# OpenSSL::SignatureAlgorithm
-> ECDSA, RSA-PSS and RSA-PKCS#1 signature algorithms for ruby
+> ECDSA, EdDSA, RSA-PSS and RSA-PKCS#1 signature algorithms for ruby
Sign and verify using signature algorithm wrappers, instead of key objects.
-Provides `OpenSSL::SignatureAlgorithm::ECDSA`, `OpenSSL::SignatureAlgorithm::RSAPSS`
+Provides `OpenSSL::SignatureAlgorithm::ECDSA`, `OpenSSL::SignatureAlgorithm::EdDSA`, `OpenSSL::SignatureAlgorithm::RSAPSS`
and `OpenSSL::SignatureAlgorithm::RSAPKCS1` ruby object wrappers on top of `OpenSSL::PKey::EC`
and `OpenSSL::PKey::RSA`, so that you can reason in terms of the algorithms and do less when
signing or verifying signatures.
+Loosely inspired by [rbnacl](https://github.com/RubyCrypto/rbnacl)'s [Digital Signatures](https://github.com/RubyCrypto/rbnacl/wiki/Digital-Signatures) interface.
+
[![Gem](https://img.shields.io/gem/v/openssl-signature_algorithm.svg?style=flat-square&color=informational)](https://rubygems.org/gems/openssl-signature_algorithm)
-[![Travis](https://img.shields.io/travis/cedarcode/openssl-signature_algorithm/master.svg?style=flat-square)](https://travis-ci.org/cedarcode/openssl-signature_algorithm)
+[![Actions Build](https://github.com/cedarcode/openssl-signature_algorithm/workflows/build/badge.svg)](https://github.com/cedarcode/openssl-signature_algorithm/actions)
## Installation
@@ -50,6 +52,30 @@ algorithm.verify_key = verify_key
algorithm.verify(signature, to_be_signed)
```
+### EdDSA
+
+Requires adding the `ed25519` gem to your `Gemfile`
+
+```ruby
+require "openssl/signature_algorithm/eddsa"
+
+to_be_signed = "to-be-signed"
+
+# Signer
+algorithm = OpenSSL::SignatureAlgorithm::EdDSA.new
+signing_key = algorithm.generate_signing_key
+signature = algorithm.sign(to_be_signed)
+
+# Signer sends verify key to Verifier
+verify_key_string = signing_key.verify_key.serialize
+
+# Verifier
+verify_key = OpenSSL::SignatureAlgorithm::EdDSA::VerifyKey.deserialize(verify_key_string)
+algorithm = OpenSSL::SignatureAlgorithm::EdDSA.new
+algorithm.verify_key = verify_key
+algorithm.verify(signature, to_be_signed)
+```
+
### RSA-PSS
```ruby
diff --git a/debian/changelog b/debian/changelog
index 8269db0..30d732e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+ruby-openssl-signature-algorithm (1.3.0-1) UNRELEASED; urgency=low
+
+ * New upstream release.
+ * New upstream release.
+
+ -- Debian Janitor <janitor@jelmer.uk> Thu, 27 Apr 2023 17:27:52 -0000
+
ruby-openssl-signature-algorithm (1.0.0-1) unstable; urgency=medium
* New upstream version 1.0.0
diff --git a/debian/patches/remove-git-in-gemspec.patch b/debian/patches/remove-git-in-gemspec.patch
index fdf05e5..6ec468d 100644
--- a/debian/patches/remove-git-in-gemspec.patch
+++ b/debian/patches/remove-git-in-gemspec.patch
@@ -1,8 +1,10 @@
Debian build environment is not a git repo
---- a/openssl-signature_algorithm.gemspec
-+++ b/openssl-signature_algorithm.gemspec
-@@ -27,9 +27,7 @@
+Index: ruby-openssl-signature-algorithm.git/openssl-signature_algorithm.gemspec
+===================================================================
+--- ruby-openssl-signature-algorithm.git.orig/openssl-signature_algorithm.gemspec
++++ ruby-openssl-signature-algorithm.git/openssl-signature_algorithm.gemspec
+@@ -21,9 +21,7 @@ Gem::Specification.new do |spec|
# Specify which files should be added to the gem when it is released.
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
diff --git a/gemfiles/openssl_2_2.gemfile b/gemfiles/openssl_2_2.gemfile
index 2c1f786..e6fdb0d 100644
--- a/gemfiles/openssl_2_2.gemfile
+++ b/gemfiles/openssl_2_2.gemfile
@@ -4,9 +4,10 @@ source "https://rubygems.org"
gem "appraisal", "~> 2.2"
gem "byebug", "~> 11.0"
+gem "ed25519", "~> 1.2"
gem "rake", "~> 13.0"
gem "rspec", "~> 3.0"
-gem "rubocop", "~> 0.80.1"
+gem "rubocop", "~> 1.0"
gem "openssl", "~> 2.2.0"
gemspec path: "../"
diff --git a/gemfiles/openssl_2_0.gemfile b/gemfiles/openssl_3_0.gemfile
similarity index 71%
rename from gemfiles/openssl_2_0.gemfile
rename to gemfiles/openssl_3_0.gemfile
index b0d7205..3575e80 100644
--- a/gemfiles/openssl_2_0.gemfile
+++ b/gemfiles/openssl_3_0.gemfile
@@ -4,9 +4,10 @@ source "https://rubygems.org"
gem "appraisal", "~> 2.2"
gem "byebug", "~> 11.0"
+gem "ed25519", "~> 1.2"
gem "rake", "~> 13.0"
gem "rspec", "~> 3.0"
-gem "rubocop", "~> 0.80.1"
-gem "openssl", "~> 2.0.0"
+gem "rubocop", "~> 1.0"
+gem "openssl", "~> 3.0.0"
gemspec path: "../"
diff --git a/gemfiles/openssl_2_1.gemfile b/gemfiles/openssl_3_1.gemfile
similarity index 71%
rename from gemfiles/openssl_2_1.gemfile
rename to gemfiles/openssl_3_1.gemfile
index 1759155..366db82 100644
--- a/gemfiles/openssl_2_1.gemfile
+++ b/gemfiles/openssl_3_1.gemfile
@@ -4,9 +4,10 @@ source "https://rubygems.org"
gem "appraisal", "~> 2.2"
gem "byebug", "~> 11.0"
+gem "ed25519", "~> 1.2"
gem "rake", "~> 13.0"
gem "rspec", "~> 3.0"
-gem "rubocop", "~> 0.80.1"
-gem "openssl", "~> 2.1.0"
+gem "rubocop", "~> 1.0"
+gem "openssl", "~> 3.1.0"
gemspec path: "../"
diff --git a/gemfiles/openssl_default.gemfile b/gemfiles/openssl_default.gemfile
deleted file mode 100644
index bf2e7b0..0000000
--- a/gemfiles/openssl_default.gemfile
+++ /dev/null
@@ -1,11 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "appraisal", "~> 2.2"
-gem "byebug", "~> 11.0"
-gem "rake", "~> 13.0"
-gem "rspec", "~> 3.0"
-gem "rubocop", "~> 0.80.1"
-
-gemspec path: "../"
diff --git a/gemfiles/openssl_head.gemfile b/gemfiles/openssl_head.gemfile
deleted file mode 100644
index 5a3eda4..0000000
--- a/gemfiles/openssl_head.gemfile
+++ /dev/null
@@ -1,12 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "appraisal", "~> 2.2"
-gem "byebug", "~> 11.0"
-gem "rake", "~> 13.0"
-gem "rspec", "~> 3.0"
-gem "rubocop", "~> 0.80.1"
-gem "openssl", git: "https://github.com/ruby/openssl"
-
-gemspec path: "../"
diff --git a/lib/openssl/signature_algorithm/ecdsa.rb b/lib/openssl/signature_algorithm/ecdsa.rb
index 5341930..7259a23 100644
--- a/lib/openssl/signature_algorithm/ecdsa.rb
+++ b/lib/openssl/signature_algorithm/ecdsa.rb
@@ -1,5 +1,6 @@
# frozen_string_literal: true
+require "delegate"
require "openssl"
require "openssl/signature_algorithm/base"
@@ -8,9 +9,9 @@ module OpenSSL
class ECDSA < Base
BYTE_LENGTH = 8
- class SigningKey < OpenSSL::PKey::EC
+ class SigningKey < DelegateClass(OpenSSL::PKey::EC)
def initialize(*args)
- super(*args).generate_key
+ super(OpenSSL::PKey::EC.generate(*args))
end
def verify_key
@@ -18,7 +19,11 @@ module OpenSSL
end
end
- class VerifyKey < OpenSSL::PKey::EC::Point
+ class VerifyKey < DelegateClass(OpenSSL::PKey::EC::Point)
+ def initialize(*args)
+ super(OpenSSL::PKey::EC::Point.new(*args))
+ end
+
def self.deserialize(pem_string)
new(OpenSSL::PKey::EC.new(pem_string).public_key)
end
@@ -30,10 +35,20 @@ module OpenSSL
def ec_key
@ec_key ||=
begin
- ec_key = OpenSSL::PKey::EC.new(group)
- ec_key.public_key = self
-
- ec_key
+ # RFC5480 SubjectPublicKeyInfo
+ asn1 = OpenSSL::ASN1::Sequence(
+ [
+ OpenSSL::ASN1::Sequence(
+ [
+ OpenSSL::ASN1::ObjectId("id-ecPublicKey"),
+ OpenSSL::ASN1::ObjectId(group.curve_name),
+ ]
+ ),
+ OpenSSL::ASN1::BitString(to_octet_string(:uncompressed))
+ ]
+ )
+
+ OpenSSL::PKey::EC.new(asn1.to_der)
end
end
diff --git a/lib/openssl/signature_algorithm/eddsa.rb b/lib/openssl/signature_algorithm/eddsa.rb
new file mode 100644
index 0000000..88a755c
--- /dev/null
+++ b/lib/openssl/signature_algorithm/eddsa.rb
@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+begin
+ gem "ed25519", ">= 1.0.0"
+ require "ed25519"
+rescue LoadError
+ warn "OpenSSL::SignatureAlgorithm::EdDSA requires the ed25519 gem, version 1.0 or higher. "\
+ "Please add it to your Gemfile: `gem \"ed25519\", \"~> 1.0\"`"
+ raise
+end
+
+require "openssl/signature_algorithm/base"
+
+module OpenSSL
+ module SignatureAlgorithm
+ class EdDSA < Base
+ class SigningKey < ::Ed25519::SigningKey
+ def verify_key
+ VerifyKey.new(keypair[32, 32])
+ end
+ end
+
+ class VerifyKey < ::Ed25519::VerifyKey
+ def self.deserialize(key_bytes)
+ new(key_bytes)
+ end
+
+ def serialize
+ to_bytes
+ end
+ end
+
+ def generate_signing_key
+ @signing_key = SigningKey.generate
+ end
+
+ def sign(data)
+ signing_key.sign(data)
+ end
+
+ def verify(signature, verification_data)
+ verify_key.verify(signature, verification_data)
+ rescue ::Ed25519::VerifyError
+ raise(OpenSSL::SignatureAlgorithm::SignatureVerificationError, "Signature verification failed")
+ end
+ end
+ end
+end
diff --git a/lib/openssl/signature_algorithm/rsa.rb b/lib/openssl/signature_algorithm/rsa.rb
index 2891717..b1cdcd4 100644
--- a/lib/openssl/signature_algorithm/rsa.rb
+++ b/lib/openssl/signature_algorithm/rsa.rb
@@ -1,22 +1,31 @@
# frozen_string_literal: true
+require "delegate"
require "openssl"
require "openssl/signature_algorithm/base"
module OpenSSL
module SignatureAlgorithm
class RSA < Base
- class SigningKey < OpenSSL::PKey::RSA
+ class SigningKey < DelegateClass(OpenSSL::PKey::RSA)
+ def initialize(*args)
+ super(OpenSSL::PKey::RSA.new(*args))
+ end
+
def verify_key
VerifyKey.new(public_key.to_pem)
end
end
- class VerifyKey < OpenSSL::PKey::RSA
+ class VerifyKey < DelegateClass(OpenSSL::PKey::RSA)
class << self
alias_method :deserialize, :new
end
+ def initialize(*args)
+ super(OpenSSL::PKey::RSA.new(*args))
+ end
+
def serialize
to_pem
end
diff --git a/lib/openssl/signature_algorithm/version.rb b/lib/openssl/signature_algorithm/version.rb
index 106b56b..84b48c2 100644
--- a/lib/openssl/signature_algorithm/version.rb
+++ b/lib/openssl/signature_algorithm/version.rb
@@ -2,6 +2,6 @@
module OpenSSL
module SignatureAlgorithm
- VERSION = "1.0.0"
+ VERSION = "1.3.0"
end
end
diff --git a/openssl-signature_algorithm.gemspec b/openssl-signature_algorithm.gemspec
index fe0ed0c..8219ffd 100644
--- a/openssl-signature_algorithm.gemspec
+++ b/openssl-signature_algorithm.gemspec
@@ -9,7 +9,7 @@ Gem::Specification.new do |spec|
spec.email = ["gonzalo@cedarcode.com"]
spec.license = "Apache-2.0"
- spec.summary = "ECDSA, RSA-PSS and RSA-PKCS#1 algorithms for ruby"
+ spec.summary = "ECDSA, EdDSA, RSA-PSS and RSA-PKCS#1 algorithms for ruby"
spec.description = spec.summary
spec.homepage = "https://github.com/cedarcode/openssl-signature_algorithm"
@@ -27,4 +27,6 @@ Gem::Specification.new do |spec|
spec.bindir = "exe"
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
spec.require_paths = ["lib"]
+
+ spec.add_runtime_dependency "openssl", "> 2.0"
end