Class: SSHData::PublicKey::SKED25519

Inherits:

ED25519

• Object
• Base
• ED25519
• SSHData::PublicKey::SKED25519

Includes:

SecurityKey

Defined in:

lib/ssh_data/public_key/sked25519.rb

Constant Summary

Constants included from SecurityKey

SSHData::PublicKey::SecurityKey::DEFAULT_SK_VERIFY_OPTS, SSHData::PublicKey::SecurityKey::SK_FLAG_USER_PRESENCE, SSHData::PublicKey::SecurityKey::SK_FLAG_USER_VERIFICATION

Instance Attribute Summary

• #application ⇒ Object readonly

  Returns the value of attribute application.

Attributes inherited from ED25519

#ed25519_key, #pk

Attributes inherited from Base

#algo

Class Method Summary

• .algorithm_identifier ⇒ Object

Instance Method Summary

• #==(other) ⇒ Object
• #initialize(algo:, pk:, application:) ⇒ SKED25519 constructor

  A new instance of SKED25519.

• #rfc4253 ⇒ Object

  RFC4253 binary encoding of the public key.

• #verify(signed_data, signature, **opts) ⇒ Object

Methods included from SecurityKey

#build_signing_blob

Methods inherited from ED25519

ed25519_gem_required!, enabled?

Methods inherited from Base

#fingerprint, #openssh, #sign

Constructor Details

#initialize(algo:, pk:, application:) ⇒ SKED25519

Returns a new instance of SKED25519.

# File 'lib/ssh_data/public_key/sked25519.rb', line 7

def initialize(algo:, pk:, application:)
  @application = application
  super(algo: algo, pk: pk)
end

Instance Attribute Details

#application ⇒ Object (readonly)

Returns the value of attribute application.

# File 'lib/ssh_data/public_key/sked25519.rb', line 5

def application
  @application
end

Class Method Details

.algorithm_identifier ⇒ Object

# File 'lib/ssh_data/public_key/sked25519.rb', line 12

def self.algorithm_identifier
  ALGO_SKED25519
end

Instance Method Details

#==(other) ⇒ Object

# File 'lib/ssh_data/public_key/sked25519.rb', line 53

def ==(other)
  super && other.application == application
end

#rfc4253 ⇒ Object

RFC4253 binary encoding of the public key.

Returns a binary String.

# File 'lib/ssh_data/public_key/sked25519.rb', line 19

def rfc4253
  Encoding.encode_fields(
    [:string, algo],
    [:string, pk],
    [:string, application],
  )
end

#verify(signed_data, signature, **opts) ⇒ Object

Raises:

• (UnsupportedError)

# File 'lib/ssh_data/public_key/sked25519.rb', line 27

def verify(signed_data, signature, **opts)
  self.class.ed25519_gem_required!
  opts = DEFAULT_SK_VERIFY_OPTS.merge(opts)
  unknown_opts = opts.keys - DEFAULT_SK_VERIFY_OPTS.keys
  raise UnsupportedError, "Verification options #{unknown_opts.inspect} are not supported." unless unknown_opts.empty?

  sig_algo, raw_sig, sk_flags, blob = build_signing_blob(application, signed_data, signature)

  if sig_algo != self.class.algorithm_identifier
    raise DecodeError, "bad signature algorithm: #{sig_algo.inspect}"
  end

  result = begin
      ed25519_key.verify(raw_sig, blob)
    rescue Ed25519::VerifyError
      false
    end

  # We don't know that the flags are correct until after we've validated the signature
  # which embeds the flags, so always verify the signature first.
  return false if opts[:user_presence_required] && (sk_flags & SK_FLAG_USER_PRESENCE != SK_FLAG_USER_PRESENCE)
  return false if opts[:user_verification_required] && (sk_flags & SK_FLAG_USER_VERIFICATION != SK_FLAG_USER_VERIFICATION)

  result
end