Class: SSHData::PublicKey::SKED25519
- Includes:
- SecurityKey
- Defined in:
- lib/ssh_data/public_key/sked25519.rb
Constant Summary
Constants included from SecurityKey
SSHData::PublicKey::SecurityKey::DEFAULT_SK_VERIFY_OPTS, SSHData::PublicKey::SecurityKey::SK_FLAG_USER_PRESENCE, SSHData::PublicKey::SecurityKey::SK_FLAG_USER_VERIFICATION
Instance Attribute Summary collapse
-
#application ⇒ Object
readonly
Returns the value of attribute application.
Attributes inherited from ED25519
Attributes inherited from Base
Class Method Summary collapse
Instance Method Summary collapse
- #==(other) ⇒ Object
-
#initialize(algo:, pk:, application:) ⇒ SKED25519
constructor
A new instance of SKED25519.
-
#rfc4253 ⇒ Object
RFC4253 binary encoding of the public key.
- #verify(signed_data, signature, **opts) ⇒ Object
Methods included from SecurityKey
Methods inherited from ED25519
ed25519_gem_required!, enabled?
Methods inherited from Base
Constructor Details
#initialize(algo:, pk:, application:) ⇒ SKED25519
Returns a new instance of SKED25519.
7 8 9 10 |
# File 'lib/ssh_data/public_key/sked25519.rb', line 7 def initialize(algo:, pk:, application:) @application = application super(algo: algo, pk: pk) end |
Instance Attribute Details
#application ⇒ Object (readonly)
Returns the value of attribute application.
5 6 7 |
# File 'lib/ssh_data/public_key/sked25519.rb', line 5 def application @application end |
Class Method Details
.algorithm_identifier ⇒ Object
12 13 14 |
# File 'lib/ssh_data/public_key/sked25519.rb', line 12 def self.algorithm_identifier ALGO_SKED25519 end |
Instance Method Details
#==(other) ⇒ Object
53 54 55 |
# File 'lib/ssh_data/public_key/sked25519.rb', line 53 def ==(other) super && other.application == application end |
#rfc4253 ⇒ Object
RFC4253 binary encoding of the public key.
Returns a binary String.
19 20 21 22 23 24 25 |
# File 'lib/ssh_data/public_key/sked25519.rb', line 19 def rfc4253 Encoding.encode_fields( [:string, algo], [:string, pk], [:string, application], ) end |
#verify(signed_data, signature, **opts) ⇒ Object
27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
# File 'lib/ssh_data/public_key/sked25519.rb', line 27 def verify(signed_data, signature, **opts) self.class.ed25519_gem_required! opts = DEFAULT_SK_VERIFY_OPTS.merge(opts) unknown_opts = opts.keys - DEFAULT_SK_VERIFY_OPTS.keys raise UnsupportedError, "Verification options #{unknown_opts.inspect} are not supported." unless unknown_opts.empty? sig_algo, raw_sig, sk_flags, blob = build_signing_blob(application, signed_data, signature) if sig_algo != self.class.algorithm_identifier raise DecodeError, "bad signature algorithm: #{sig_algo.inspect}" end result = begin ed25519_key.verify(raw_sig, blob) rescue Ed25519::VerifyError false end # We don't know that the flags are correct until after we've validated the signature # which embeds the flags, so always verify the signature first. return false if opts[:user_presence_required] && (sk_flags & SK_FLAG_USER_PRESENCE != SK_FLAG_USER_PRESENCE) return false if opts[:user_verification_required] && (sk_flags & SK_FLAG_USER_VERIFICATION != SK_FLAG_USER_VERIFICATION) result end |