Class: SSHData::PublicKey::SKECDSA
- Includes:
- SecurityKey
- Defined in:
- lib/ssh_data/public_key/skecdsa.rb
Constant Summary collapse
- OPENSSL_CURVE_NAME_FOR_CURVE =
{ NISTP256 => "prime256v1", }
Constants included from SecurityKey
SSHData::PublicKey::SecurityKey::DEFAULT_SK_VERIFY_OPTS, SSHData::PublicKey::SecurityKey::SK_FLAG_USER_PRESENCE, SSHData::PublicKey::SecurityKey::SK_FLAG_USER_VERIFICATION
Constants inherited from ECDSA
ECDSA::CURVE_FOR_OPENSSL_CURVE_NAME, ECDSA::DIGEST_FOR_CURVE, ECDSA::NISTP256, ECDSA::NISTP384, ECDSA::NISTP521
Instance Attribute Summary collapse
-
#application ⇒ Object
readonly
Returns the value of attribute application.
Attributes inherited from ECDSA
#curve, #openssl, #public_key_bytes
Attributes inherited from Base
Class Method Summary collapse
Instance Method Summary collapse
- #==(other) ⇒ Object
-
#initialize(algo:, curve:, public_key:, application:) ⇒ SKECDSA
constructor
A new instance of SKECDSA.
-
#rfc4253 ⇒ Object
RFC4253 binary encoding of the public key.
- #verify(signed_data, signature, **opts) ⇒ Object
Methods included from SecurityKey
Methods inherited from ECDSA
#digest, openssl_signature, ssh_signature
Methods inherited from Base
Constructor Details
#initialize(algo:, curve:, public_key:, application:) ⇒ SKECDSA
Returns a new instance of SKECDSA.
21 22 23 24 |
# File 'lib/ssh_data/public_key/skecdsa.rb', line 21 def initialize(algo:, curve:, public_key:, application:) @application = application super(algo: algo, curve: curve, public_key: public_key) end |
Instance Attribute Details
#application ⇒ Object (readonly)
Returns the value of attribute application.
5 6 7 |
# File 'lib/ssh_data/public_key/skecdsa.rb', line 5 def application @application end |
Class Method Details
.check_algorithm!(algo, curve) ⇒ Object
11 12 13 14 15 16 17 18 19 |
# File 'lib/ssh_data/public_key/skecdsa.rb', line 11 def self.check_algorithm!(algo, curve) unless algo == ALGO_SKECDSA256 raise DecodeError, "bad algorithm: #{algo.inspect}" end unless algo == "sk-ecdsa-sha2-#{curve}@openssh.com" raise DecodeError, "bad curve: #{curve.inspect}" end end |
Instance Method Details
#==(other) ⇒ Object
59 60 61 |
# File 'lib/ssh_data/public_key/skecdsa.rb', line 59 def ==(other) super && other.application == application end |
#rfc4253 ⇒ Object
RFC4253 binary encoding of the public key.
Returns a binary String.
29 30 31 32 33 34 35 36 |
# File 'lib/ssh_data/public_key/skecdsa.rb', line 29 def rfc4253 Encoding.encode_fields( [:string, algo], [:string, curve], [:string, public_key_bytes], [:string, application], ) end |
#verify(signed_data, signature, **opts) ⇒ Object
38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
# File 'lib/ssh_data/public_key/skecdsa.rb', line 38 def verify(signed_data, signature, **opts) opts = DEFAULT_SK_VERIFY_OPTS.merge(opts) unknown_opts = opts.keys - DEFAULT_SK_VERIFY_OPTS.keys raise UnsupportedError, "Verification options #{unknown_opts.inspect} are not supported." unless unknown_opts.empty? sig_algo, raw_sig, sk_flags, blob = build_signing_blob(application, signed_data, signature) self.class.check_algorithm!(sig_algo, curve) openssl_sig = self.class.openssl_signature(raw_sig) digest = DIGEST_FOR_CURVE[curve] result = openssl.verify(digest.new, openssl_sig, blob) # We don't know that the flags are correct until after we've validated the signature # which embeds the flags, so always verify the signature first. return false if opts[:user_presence_required] && (sk_flags & SK_FLAG_USER_PRESENCE != SK_FLAG_USER_PRESENCE) return false if opts[:user_verification_required] && (sk_flags & SK_FLAG_USER_VERIFICATION != SK_FLAG_USER_VERIFICATION) result end |