Module: JOSE::JWA::Ed25519_RbNaCl

Extended by:

Ed25519_RbNaCl

Included in:

Ed25519_RbNaCl

Defined in:

lib/jose/jwa/ed25519_rbnacl.rb

Instance Method Summary

• #keypair(secret = nil) ⇒ Object
• #sign(m, sk) ⇒ Object
• #sign_ph(m, sk) ⇒ Object
• #sk_to_pk(sk) ⇒ Object
• #verify(sig, m, pk) ⇒ Object
• #verify_ph(sig, m, pk) ⇒ Object

Instance Method Details

#keypair(secret = nil) ⇒ Object

# File 'lib/jose/jwa/ed25519_rbnacl.rb', line 5

def keypair(secret = nil)
  secret ||= RbNaCl::Random.random_bytes(RbNaCl::Signatures::Ed25519::SEEDBYTES)
  RbNaCl::Util.check_length(secret, RbNaCl::Signatures::Ed25519::SEEDBYTES, "secret")
  pk = RbNaCl::Util.zeros(RbNaCl::Signatures::Ed25519::VERIFYKEYBYTES)
  sk = RbNaCl::Util.zeros(RbNaCl::Signatures::Ed25519::SIGNINGKEYBYTES)
  RbNaCl::Signatures::Ed25519::SigningKey.sign_ed25519_seed_keypair(pk, sk, secret) || fail(RbNaCl::CryptoError, "Failed to generate a key pair")
  return pk, sk
end

#sign(m, sk) ⇒ Object

# File 'lib/jose/jwa/ed25519_rbnacl.rb', line 18

def sign(m, sk)
  signing_key = RbNaCl::Signatures::Ed25519::SigningKey.allocate
  signing_key.instance_variable_set(:@signing_key, sk)
  return signing_key.sign(m)
end

#sign_ph(m, sk) ⇒ Object

# File 'lib/jose/jwa/ed25519_rbnacl.rb', line 24

def sign_ph(m, sk)
  return sign(RbNaCl::Hash.sha512(m), sk)
end

#sk_to_pk(sk) ⇒ Object

# File 'lib/jose/jwa/ed25519_rbnacl.rb', line 14

def sk_to_pk(sk)
  return sk[RbNaCl::Signatures::Ed25519::VERIFYKEYBYTES..-1]
end

#verify(sig, m, pk) ⇒ Object

# File 'lib/jose/jwa/ed25519_rbnacl.rb', line 28

def verify(sig, m, pk)
  verify_key = RbNaCl::Signatures::Ed25519::VerifyKey.new(pk)
  if m.respond_to?(:bytesize) and m.bytesize == 0
    # RbNaCl does not allow empty message signatures.
    key = verify_key.instance_variable_get(:@key)
    signature = sig.to_str
    signature_bytes = verify_key.signature_bytes
    RbNaCl::Util.check_length(signature, signature_bytes, "signature")
    signed_message = signature + m
    raise RbNaCl::LengthError, "Signed message can not be nil" if signed_message.nil?
    raise RbNaCl::LengthError, "Signed message can not be shorter than a signature" if signed_message.bytesize < signature_bytes
    buffer = RbNaCl::Util.zeros(signed_message.bytesize)
    buffer_len = RbNaCl::Util.zeros(FFI::Type::LONG_LONG.size)
    success = verify_key.class.sign_ed25519_open(buffer, buffer_len, signed_message, signed_message.bytesize, key)
    raise(RbNaCl::BadSignatureError, "signature was forged/corrupt") unless success
    return true
  else
    return verify_key.verify(sig, m)
  end
end

#verify_ph(sig, m, pk) ⇒ Object

# File 'lib/jose/jwa/ed25519_rbnacl.rb', line 49

def verify_ph(sig, m, pk)
  return verify(sig, RbNaCl::Hash.sha512(m), pk)
end