Module: HrrRbSsh::Algorithm::Publickey::EcdsaSha2

Includes:

Loggable

Included in:

EcdsaSha2Nistp256, EcdsaSha2Nistp384, EcdsaSha2Nistp521

Defined in:

lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2.rb,
lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2/signature.rb,
lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2/public_key_blob.rb,
lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2/ecdsa_signature_blob.rb

Defined Under Namespace

Classes: EcdsaSignatureBlob, PublicKeyBlob, Signature

Instance Attribute Summary

Attributes included from Loggable

#log_key, #logger

Instance Method Summary

• #ecdsa_signature_blob(signature_blob) ⇒ Object
• #initialize(arg, logger: nil) ⇒ Object
• #new_by_key_str(key_str) ⇒ Object
• #new_by_public_key_blob(public_key_blob) ⇒ Object
• #sign(signature_blob) ⇒ Object
• #to_pem ⇒ Object
• #to_public_key_blob ⇒ Object
• #verify(signature, signature_blob) ⇒ Object

Methods included from Loggable

#log_debug, #log_error, #log_fatal, #log_info, #log_warn

Instance Method Details

#ecdsa_signature_blob(signature_blob) ⇒ Object

# File 'lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2.rb', line 45

def ecdsa_signature_blob signature_blob
  hash = OpenSSL::Digest.digest(self.class::DIGEST, signature_blob)
  sign_der = @publickey.dsa_sign_asn1(hash)
  sign_asn1 = OpenSSL::ASN1.decode sign_der
  r = sign_asn1.value[0].value.to_i
  s = sign_asn1.value[1].value.to_i
  ecdsa_signature_blob_h = {
    :'r' => r,
    :'s' => s,
  }
  EcdsaSignatureBlob.new(logger: logger).encode ecdsa_signature_blob_h
end

#initialize(arg, logger: nil) ⇒ Object

# File 'lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2.rb', line 13

def initialize arg, logger: nil
  self.logger = logger
  begin
    new_by_key_str arg
  rescue OpenSSL::PKey::ECError
    new_by_public_key_blob arg
  end
end

#new_by_key_str(key_str) ⇒ Object

# File 'lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2.rb', line 22

def new_by_key_str key_str
  @publickey = OpenSSL::PKey::EC.new(key_str.delete(0.chr))
end

#new_by_public_key_blob(public_key_blob) ⇒ Object

# File 'lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2.rb', line 26

def new_by_public_key_blob public_key_blob
  public_key_blob_h = PublicKeyBlob.new(logger: logger).decode public_key_blob
  @publickey = OpenSSL::PKey::EC.new(self.class::CURVE_NAME)
  @publickey.public_key = OpenSSL::PKey::EC::Point.new(@publickey.group, OpenSSL::BN.new(public_key_blob_h[:'Q'], 2))
end

#sign(signature_blob) ⇒ Object

# File 'lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2.rb', line 58

def sign signature_blob
  signature_h = {
    :'public key algorithm name' => self.class::NAME,
    :'ecdsa signature blob'      => ecdsa_signature_blob(signature_blob),
  }
  Signature.new(logger: logger).encode signature_h
end

#to_pem ⇒ Object

# File 'lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2.rb', line 32

def to_pem
  @publickey.to_pem
end

#to_public_key_blob ⇒ Object

# File 'lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2.rb', line 36

def to_public_key_blob
  public_key_blob_h = {
    :'public key algorithm name' => self.class::NAME,
    :'identifier'                => self.class::IDENTIFIER,
    :'Q'                         => @publickey.public_key.to_bn.to_s(2)
  }
  PublicKeyBlob.new(logger: logger).encode public_key_blob_h
end

#verify(signature, signature_blob) ⇒ Object

# File 'lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2.rb', line 66

def verify signature, signature_blob
  signature_h = Signature.new(logger: logger).decode signature
  ecdsa_signature_blob_h = EcdsaSignatureBlob.new(logger: logger).decode signature_h[:'ecdsa signature blob']
  r = ecdsa_signature_blob_h[:'r']
  s = ecdsa_signature_blob_h[:'s']
  sign_asn1 = OpenSSL::ASN1::Sequence.new(
    [
      OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(r)),
      OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(s)),
    ]
  )
  sign_der = sign_asn1.to_der
  hash = OpenSSL::Digest.digest(self.class::DIGEST, signature_blob)
  signature_h[:'public key algorithm name'] == self.class::NAME && @publickey.dsa_verify_asn1(hash, sign_der)
end