Module: SSHData::PublicKey::SecurityKey

Included in:
SKECDSA, SKED25519
Defined in:
lib/ssh_data/public_key/security_key.rb

Constant Summary collapse

DEFAULT_SK_VERIFY_OPTS =

Defaults to match OpenSSH, user presence is required by verification is not.

{
  user_presence_required: true,
  user_verification_required: false
}
SK_FLAG_USER_PRESENCE = 
0b001
SK_FLAG_USER_VERIFICATION = 
0b100

Instance Method Summary collapse

Instance Method Details

#build_signing_blob(application, signed_data, signature) ⇒ Object 



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/ssh_data/public_key/security_key.rb', line 14

def build_signing_blob(application, signed_data, signature)
  read = 0
  sig_algo, raw_sig, signature_read = Encoding.decode_signature(signature)
  read += signature_read
  sk_flags, sk_flags_read = Encoding.decode_uint8(signature, read)
  read += sk_flags_read
  counter, counter_read = Encoding.decode_uint32(signature, read)
  read += counter_read

  if read != signature.bytesize
    raise DecodeError, "unexpected trailing data"
  end

  application_hash = OpenSSL::Digest::SHA256.digest(application)
  message_hash = OpenSSL::Digest::SHA256.digest(signed_data)

  blob =
    application_hash +
    Encoding.encode_uint8(sk_flags) +
    Encoding.encode_uint32(counter) +
    message_hash

  [sig_algo, raw_sig, sk_flags, blob]
end