Class: OpenSSL::PKey::EC
- Includes:
- Marshal
- Defined in:
- ext/openssl/ossl_pkey_ec.c,
lib/openssl/pkey.rb,
ext/openssl/ossl_pkey_ec.c
Overview
OpenSSL::PKey::EC provides access to Elliptic Curve Digital Signature Algorithm (ECDSA) and Elliptic Curve Diffie-Hellman (ECDH).
Key exchange
ec1 = OpenSSL::PKey::EC.generate("prime256v1")
ec2 = OpenSSL::PKey::EC.generate("prime256v1")
# ec1 and ec2 have own private key respectively
shared_key1 = ec1.dh_compute_key(ec2.public_key)
shared_key2 = ec2.dh_compute_key(ec1.public_key)
p shared_key1 == shared_key2 #=> true
Defined Under Namespace
Constant Summary collapse
- NAMED_CURVE =
INT2NUM(OPENSSL_EC_NAMED_CURVE)
- EXPLICIT_CURVE =
INT2NUM(OPENSSL_EC_EXPLICIT_CURVE)
Class Method Summary collapse
-
.builtin_curves ⇒ Array
Obtains a list of all predefined curves by the OpenSSL.
-
.generate(arg) ⇒ Object
Creates a new EC instance with a new random private and public key.
Instance Method Summary collapse
-
#check_key ⇒ true
Raises an exception if the key is invalid.
-
#dh_compute_key(pubkey) ⇒ Object
:call-seq: ec.dh_compute_key(pubkey) -> string.
-
#dsa_sign_asn1(data) ⇒ Object
:call-seq: key.dsa_sign_asn1(data) -> String.
-
#dsa_verify_asn1(data, sig) ⇒ Object
:call-seq: key.dsa_verify_asn1(data, sig) -> true | false.
-
#export(*args) ⇒ Object
(also: #to_pem)
Outputs the EC key in PEM encoding.
-
#generate_key! ⇒ self
(also: #generate_key)
Generates a new random private and public key.
-
#group ⇒ Object
Returns the EC::Group that the key is associated with.
-
#group=(group) ⇒ Object
Sets the EC::Group for the key.
-
#initialize(*args) ⇒ Object
constructor
Creates a new EC object from given arguments.
- #initialize_copy(other) ⇒ Object
-
#private? ⇒ Boolean
(also: #private_key?)
Returns whether this EC instance has a private key.
-
#private_key ⇒ OpenSSL::BN
See the OpenSSL documentation for EC_KEY_get0_private_key().
-
#private_key=(openssl_bn) ⇒ Object
See the OpenSSL documentation for EC_KEY_set_private_key().
-
#public? ⇒ Boolean
(also: #public_key?)
Returns whether this EC instance has a public key.
-
#public_key ⇒ OpenSSL::PKey::EC::Point
See the OpenSSL documentation for EC_KEY_get0_public_key().
-
#public_key=(ec_point) ⇒ Object
See the OpenSSL documentation for EC_KEY_set_public_key().
-
#to_der ⇒ String
See the OpenSSL documentation for i2d_ECPrivateKey_bio().
Methods included from Marshal
Constructor Details
#OpenSSL::PKey::EC.new ⇒ Object #OpenSSL::PKey::EC.new(ec_key) ⇒ Object #OpenSSL::PKey::EC.new(ec_group) ⇒ Object #OpenSSL::PKey::EC.new("secp112r1") ⇒ Object #OpenSSL::PKey::EC.new(pem_string[, pwd]) ⇒ Object #OpenSSL::PKey::EC.new(der_string) ⇒ Object
Creates a new EC object from given arguments.
139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 |
# File 'ext/openssl/ossl_pkey_ec.c', line 139
static VALUE ossl_ec_key_initialize(int argc, VALUE *argv, VALUE self)
{
EVP_PKEY *pkey;
EC_KEY *ec;
BIO *in;
VALUE arg, pass;
int type;
TypedData_Get_Struct(self, EVP_PKEY, &ossl_evp_pkey_type, pkey);
if (pkey)
rb_raise(rb_eTypeError, "pkey already initialized");
rb_scan_args(argc, argv, "02", &arg, &pass);
if (NIL_P(arg)) {
if (!(ec = EC_KEY_new()))
ossl_raise(eECError, "EC_KEY_new");
goto legacy;
}
else if (rb_obj_is_kind_of(arg, cEC_GROUP)) {
ec = ec_key_new_from_group(arg);
goto legacy;
}
pass = ossl_pem_passwd_value(pass);
arg = ossl_to_der_if_possible(arg);
in = ossl_obj2bio(&arg);
pkey = ossl_pkey_read_generic(in, pass);
BIO_free(in);
if (!pkey) {
ossl_clear_error();
ec = ec_key_new_from_group(arg);
goto legacy;
}
type = EVP_PKEY_base_id(pkey);
if (type != EVP_PKEY_EC) {
EVP_PKEY_free(pkey);
rb_raise(eDSAError, "incorrect pkey type: %s", OBJ_nid2sn(type));
}
RTYPEDDATA_DATA(self) = pkey;
return self;
legacy:
pkey = EVP_PKEY_new();
if (!pkey || EVP_PKEY_assign_EC_KEY(pkey, ec) != 1) {
EVP_PKEY_free(pkey);
EC_KEY_free(ec);
ossl_raise(eECError, "EVP_PKEY_assign_EC_KEY");
}
RTYPEDDATA_DATA(self) = pkey;
return self;
}
|
Class Method Details
.builtin_curves ⇒ Array
Obtains a list of all predefined curves by the OpenSSL. Curve names are returned as sn.
See the OpenSSL documentation for EC_get_builtin_curves().
802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 |
# File 'ext/openssl/ossl_pkey_ec.c', line 802
static VALUE ossl_s_builtin_curves(VALUE self)
{
EC_builtin_curve *curves = NULL;
int n;
int crv_len = rb_long2int(EC_get_builtin_curves(NULL, 0));
VALUE ary, ret;
curves = ALLOCA_N(EC_builtin_curve, crv_len);
if (curves == NULL)
return Qnil;
if (!EC_get_builtin_curves(curves, crv_len))
ossl_raise(rb_eRuntimeError, "EC_get_builtin_curves");
ret = rb_ary_new2(crv_len);
for (n = 0; n < crv_len; n++) {
const char *sname = OBJ_nid2sn(curves[n].nid);
const char *comment = curves[n].comment;
ary = rb_ary_new2(2);
rb_ary_push(ary, rb_str_new2(sname));
rb_ary_push(ary, comment ? rb_str_new2(comment) : Qnil);
rb_ary_push(ret, ary);
}
return ret;
}
|
.generate(ec_group) ⇒ Object .generate(string) ⇒ Object
Creates a new EC instance with a new random private and public key.
104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 |
# File 'ext/openssl/ossl_pkey_ec.c', line 104
static VALUE
ossl_ec_key_s_generate(VALUE klass, VALUE arg)
{
EVP_PKEY *pkey;
EC_KEY *ec;
VALUE obj;
obj = rb_obj_alloc(klass);
ec = ec_key_new_from_group(arg);
pkey = EVP_PKEY_new();
if (!pkey || EVP_PKEY_assign_EC_KEY(pkey, ec) != 1) {
EVP_PKEY_free(pkey);
EC_KEY_free(ec);
ossl_raise(eECError, "EVP_PKEY_assign_EC_KEY");
}
RTYPEDDATA_DATA(obj) = pkey;
if (!EC_KEY_generate_key(ec))
ossl_raise(eECError, "EC_KEY_generate_key");
return obj;
}
|
Instance Method Details
#check_key ⇒ true
Raises an exception if the key is invalid.
See also the man page EVP_PKEY_public_check(3).
477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 |
# File 'ext/openssl/ossl_pkey_ec.c', line 477
static VALUE ossl_ec_key_check_key(VALUE self)
{
#ifdef HAVE_EVP_PKEY_CHECK
EVP_PKEY *pkey;
EVP_PKEY_CTX *pctx;
int ret;
GetPKey(self, pkey);
pctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL);
if (!pctx)
ossl_raise(eDHError, "EVP_PKEY_CTX_new");
ret = EVP_PKEY_public_check(pctx);
EVP_PKEY_CTX_free(pctx);
if (ret != 1)
ossl_raise(eECError, "EVP_PKEY_public_check");
#else
EC_KEY *ec;
GetEC(self, ec);
if (EC_KEY_check_key(ec) != 1)
ossl_raise(eECError, "EC_KEY_check_key");
#endif
return Qtrue;
}
|
#dh_compute_key(pubkey) ⇒ Object
:call-seq:
ec.dh_compute_key(pubkey) -> string
Derives a shared secret by ECDH. pubkey must be an instance of OpenSSL::PKey::EC::Point and must belong to the same group.
This method is provided for backwards compatibility, and calls #derive internally.
276 277 278 279 280 281 282 283 284 285 |
# File 'lib/openssl/pkey.rb', line 276 def dh_compute_key(pubkey) obj = OpenSSL::ASN1.Sequence([ OpenSSL::ASN1.Sequence([ OpenSSL::ASN1.ObjectId("id-ecPublicKey"), group.to_der, ]), OpenSSL::ASN1.BitString(pubkey.to_octet_string(:uncompressed)), ]) derive(OpenSSL::PKey.read(obj.to_der)) end |
#dsa_sign_asn1(data) ⇒ Object
:call-seq:
key.dsa_sign_asn1(data) -> String
Deprecated in version 3.0. Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
251 252 253 254 255 |
# File 'lib/openssl/pkey.rb', line 251 def dsa_sign_asn1(data) sign_raw(nil, data) rescue OpenSSL::PKey::PKeyError raise OpenSSL::PKey::ECError, $!. end |
#dsa_verify_asn1(data, sig) ⇒ Object
:call-seq:
key.dsa_verify_asn1(data, sig) -> true | false
Deprecated in version 3.0. Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
262 263 264 265 266 |
# File 'lib/openssl/pkey.rb', line 262 def dsa_verify_asn1(data, sig) verify_raw(nil, sig, data) rescue OpenSSL::PKey::PKeyError raise OpenSSL::PKey::ECError, $!. end |
#export([cipher, pass_phrase]) ⇒ String #to_pem([cipher, pass_phrase]) ⇒ String Also known as: to_pem
Outputs the EC key in PEM encoding. If cipher and pass_phrase are given they will be used to encrypt the key. cipher must be an OpenSSL::Cipher instance. Note that encryption will only be effective for a private key, public keys will always be encoded in plain text.
411 412 413 414 415 416 417 418 419 420 421 |
# File 'ext/openssl/ossl_pkey_ec.c', line 411
static VALUE
ossl_ec_key_export(int argc, VALUE *argv, VALUE self)
{
EC_KEY *ec;
GetEC(self, ec);
if (EC_KEY_get0_private_key(ec))
return ossl_pkey_export_traditional(argc, argv, self, 0);
else
return ossl_pkey_export_spki(self, 0);
}
|
#generate_key! ⇒ self Also known as: generate_key
454 455 456 457 458 459 460 461 462 463 464 465 466 467 |
# File 'ext/openssl/ossl_pkey_ec.c', line 454
static VALUE ossl_ec_key_generate_key(VALUE self)
{
#if OSSL_OPENSSL_PREREQ(3, 0, 0)
rb_raise(ePKeyError, "pkeys are immutable on OpenSSL 3.0");
#else
EC_KEY *ec;
GetEC(self, ec);
if (EC_KEY_generate_key(ec) != 1)
ossl_raise(eECError, "EC_KEY_generate_key");
return self;
#endif
}
|
#group ⇒ Object
Returns the EC::Group that the key is associated with. Modifying the returned group does not affect key.
227 228 229 230 231 232 233 234 235 236 237 238 239 |
# File 'ext/openssl/ossl_pkey_ec.c', line 227
static VALUE
ossl_ec_key_get_group(VALUE self)
{
EC_KEY *ec;
const EC_GROUP *group;
GetEC(self, ec);
group = EC_KEY_get0_group(ec);
if (!group)
return Qnil;
return ec_group_new(group);
}
|
#group=(group) ⇒ Object
Sets the EC::Group for the key. The group structure is internally copied so modification to group after assigning to a key has no effect on the key.
248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 |
# File 'ext/openssl/ossl_pkey_ec.c', line 248
static VALUE
ossl_ec_key_set_group(VALUE self, VALUE group_v)
{
#if OSSL_OPENSSL_PREREQ(3, 0, 0)
rb_raise(ePKeyError, "pkeys are immutable on OpenSSL 3.0");
#else
EC_KEY *ec;
EC_GROUP *group;
GetEC(self, ec);
GetECGroup(group_v, group);
if (EC_KEY_set_group(ec, group) != 1)
ossl_raise(eECError, "EC_KEY_set_group");
return group_v;
#endif
}
|
#initialize_copy(other) ⇒ Object
194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 |
# File 'ext/openssl/ossl_pkey_ec.c', line 194
static VALUE
ossl_ec_key_initialize_copy(VALUE self, VALUE other)
{
EVP_PKEY *pkey;
EC_KEY *ec, *ec_new;
TypedData_Get_Struct(self, EVP_PKEY, &ossl_evp_pkey_type, pkey);
if (pkey)
rb_raise(rb_eTypeError, "pkey already initialized");
GetEC(other, ec);
ec_new = EC_KEY_dup(ec);
if (!ec_new)
ossl_raise(eECError, "EC_KEY_dup");
pkey = EVP_PKEY_new();
if (!pkey || EVP_PKEY_assign_EC_KEY(pkey, ec_new) != 1) {
EC_KEY_free(ec_new);
ossl_raise(eECError, "EVP_PKEY_assign_EC_KEY");
}
RTYPEDDATA_DATA(self) = pkey;
return self;
}
|
#private? ⇒ Boolean Also known as: private_key?
Returns whether this EC instance has a private key. The private key (BN) can be retrieved with EC#private_key.
392 393 394 395 396 397 398 399 |
# File 'ext/openssl/ossl_pkey_ec.c', line 392
static VALUE ossl_ec_key_is_private(VALUE self)
{
EC_KEY *ec;
GetEC(self, ec);
return EC_KEY_get0_private_key(ec) ? Qtrue : Qfalse;
}
|
#private_key ⇒ OpenSSL::BN
See the OpenSSL documentation for EC_KEY_get0_private_key()
273 274 275 276 277 278 279 280 281 282 283 |
# File 'ext/openssl/ossl_pkey_ec.c', line 273
static VALUE ossl_ec_key_get_private_key(VALUE self)
{
EC_KEY *ec;
const BIGNUM *bn;
GetEC(self, ec);
if ((bn = EC_KEY_get0_private_key(ec)) == NULL)
return Qnil;
return ossl_bn_new(bn);
}
|
#private_key=(openssl_bn) ⇒ Object
See the OpenSSL documentation for EC_KEY_set_private_key()
291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 |
# File 'ext/openssl/ossl_pkey_ec.c', line 291
static VALUE ossl_ec_key_set_private_key(VALUE self, VALUE private_key)
{
#if OSSL_OPENSSL_PREREQ(3, 0, 0)
rb_raise(ePKeyError, "pkeys are immutable on OpenSSL 3.0");
#else
EC_KEY *ec;
BIGNUM *bn = NULL;
GetEC(self, ec);
if (!NIL_P(private_key))
bn = GetBNPtr(private_key);
switch (EC_KEY_set_private_key(ec, bn)) {
case 1:
break;
case 0:
if (bn == NULL)
break;
/* fallthrough */
default:
ossl_raise(eECError, "EC_KEY_set_private_key");
}
return private_key;
#endif
}
|
#public? ⇒ Boolean Also known as: public_key?
Returns whether this EC instance has a public key. The public key (EC::Point) can be retrieved with EC#public_key.
376 377 378 379 380 381 382 383 |
# File 'ext/openssl/ossl_pkey_ec.c', line 376
static VALUE ossl_ec_key_is_public(VALUE self)
{
EC_KEY *ec;
GetEC(self, ec);
return EC_KEY_get0_public_key(ec) ? Qtrue : Qfalse;
}
|
#public_key ⇒ OpenSSL::PKey::EC::Point
See the OpenSSL documentation for EC_KEY_get0_public_key()
324 325 326 327 328 329 330 331 332 333 334 |
# File 'ext/openssl/ossl_pkey_ec.c', line 324
static VALUE ossl_ec_key_get_public_key(VALUE self)
{
EC_KEY *ec;
const EC_POINT *point;
GetEC(self, ec);
if ((point = EC_KEY_get0_public_key(ec)) == NULL)
return Qnil;
return ec_point_new(point, EC_KEY_get0_group(ec));
}
|
#public_key=(ec_point) ⇒ Object
See the OpenSSL documentation for EC_KEY_set_public_key()
342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 |
# File 'ext/openssl/ossl_pkey_ec.c', line 342
static VALUE ossl_ec_key_set_public_key(VALUE self, VALUE public_key)
{
#if OSSL_OPENSSL_PREREQ(3, 0, 0)
rb_raise(ePKeyError, "pkeys are immutable on OpenSSL 3.0");
#else
EC_KEY *ec;
EC_POINT *point = NULL;
GetEC(self, ec);
if (!NIL_P(public_key))
GetECPoint(public_key, point);
switch (EC_KEY_set_public_key(ec, point)) {
case 1:
break;
case 0:
if (point == NULL)
break;
/* fallthrough */
default:
ossl_raise(eECError, "EC_KEY_set_public_key");
}
return public_key;
#endif
}
|
#to_der ⇒ String
See the OpenSSL documentation for i2d_ECPrivateKey_bio()
429 430 431 432 433 434 435 436 437 438 439 |
# File 'ext/openssl/ossl_pkey_ec.c', line 429
static VALUE
ossl_ec_key_to_der(VALUE self)
{
EC_KEY *ec;
GetEC(self, ec);
if (EC_KEY_get0_private_key(ec))
return ossl_pkey_export_traditional(0, NULL, self, 1);
else
return ossl_pkey_export_spki(self, 1);
}
|