1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
# frozen_string_literal: true
require "cose"
require "cose/algorithm/signature_algorithm"
require "cose/error"
require "cose/key/rsa"
require "openssl/signature_algorithm/rsapkcs1"
class RSAPKCS1Algorithm < COSE::Algorithm::SignatureAlgorithm
attr_reader :hash_function
def initialize(*args, hash_function:)
super(*args)
@hash_function = hash_function
end
private
def signature_algorithm_class
OpenSSL::SignatureAlgorithm::RSAPKCS1
end
def valid_key?(key)
to_cose_key(key).is_a?(COSE::Key::RSA)
end
def to_pkey(key)
case key
when COSE::Key::RSA
key.to_pkey
when OpenSSL::PKey::RSA
key
else
raise(COSE::Error, "Incompatible key for algorithm")
end
end
end
COSE::Algorithm.register(RSAPKCS1Algorithm.new(-257, "RS256", hash_function: "SHA256"))
COSE::Algorithm.register(RSAPKCS1Algorithm.new(-258, "RS384", hash_function: "SHA384"))
COSE::Algorithm.register(RSAPKCS1Algorithm.new(-259, "RS512", hash_function: "SHA512"))
# Patch openssl-signature_algorithm gem to support discouraged/deprecated RSA-PKCS#1 with SHA-1
# (RS1 in JOSE/COSE terminology) algorithm needed for WebAuthn.
OpenSSL::SignatureAlgorithm::RSAPKCS1.const_set(
:ACCEPTED_HASH_FUNCTIONS,
OpenSSL::SignatureAlgorithm::RSAPKCS1::ACCEPTED_HASH_FUNCTIONS + ["SHA1"]
)
COSE::Algorithm.register(RSAPKCS1Algorithm.new(-65535, "RS1", hash_function: "SHA1"))
|
