Class: OpenSSL::PKey::EC

Inherits:
Object
  • Object
show all
Defined in:
lib/net/ssh/transport/openssl.rb

Overview

This class is originally defined in the OpenSSL module. As needed, methods have been added to it by the Net::SSH module for convenience in dealing with SSH functionality.

Defined Under Namespace

Classes: Point

Constant Summary collapse

CurveNameAlias = 
{
  'nistp256' => 'prime256v1',
  'nistp384' => 'secp384r1',
  'nistp521' => 'secp521r1'
}.freeze
CurveNameAliasInv = 
{
  'prime256v1' => 'nistp256',
  'secp384r1' => 'nistp384',
  'secp521r1' => 'nistp521'
}.freeze

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.read_keyblob(curve_name_in_type, buffer) ⇒ Object 



153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
 
# File 'lib/net/ssh/transport/openssl.rb', line 153

def self.read_keyblob(curve_name_in_type, buffer)
  curve_name_in_key = buffer.read_string

  unless curve_name_in_type == curve_name_in_key
    raise Net::SSH::Exception, "curve name mismatched (`#{curve_name_in_key}' with `#{curve_name_in_type}')"
  end

  public_key_oct = buffer.read_string
  begin
    curvename = OpenSSL::PKey::EC::CurveNameAlias[curve_name_in_key]
    group = OpenSSL::PKey::EC::Group.new(curvename)
    point = OpenSSL::PKey::EC::Point.new(group, OpenSSL::BN.new(public_key_oct, 2))
    asn1 = OpenSSL::ASN1::Sequence(
      [
        OpenSSL::ASN1::Sequence(
          [
            OpenSSL::ASN1::ObjectId("id-ecPublicKey"),
            OpenSSL::ASN1::ObjectId(curvename)
          ]
        ),
        OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed))
      ]
    )

    key = OpenSSL::PKey::EC.new(asn1.to_der)

    return key
  rescue OpenSSL::PKey::ECError
    raise NotImplementedError, "unsupported key type `#{type}'"
  end
end

Instance Method Details

#ssh_do_sign(data, sig_alg = nil) ⇒ Object

Returns the signature for the given data.



244
245
246
247
248
249
250
251
252
253
 
# File 'lib/net/ssh/transport/openssl.rb', line 244

def ssh_do_sign(data, sig_alg = nil)
  digest = digester.digest(data)
  sig = dsa_sign_asn1(digest)
  a1sig = OpenSSL::ASN1.decode(sig)

  sig_r = a1sig.value[0].value
  sig_s = a1sig.value[1].value

  Net::SSH::Buffer.from(:bignum, sig_r, :bignum, sig_s).to_s
end

#ssh_do_verify(sig, data, options = {}) ⇒ Object

Verifies the given signature matches the given data.



218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
 
# File 'lib/net/ssh/transport/openssl.rb', line 218

def ssh_do_verify(sig, data, options = {})
  digest = digester.digest(data)
  a1sig = nil

  begin
    sig_r_len = sig[0, 4].unpack('H*')[0].to_i(16)
    sig_l_len = sig[4 + sig_r_len, 4].unpack('H*')[0].to_i(16)

    sig_r = sig[4, sig_r_len].unpack('H*')[0]
    sig_s = sig[4 + sig_r_len + 4, sig_l_len].unpack('H*')[0]

    a1sig = OpenSSL::ASN1::Sequence([
                                      OpenSSL::ASN1::Integer(sig_r.to_i(16)),
                                      OpenSSL::ASN1::Integer(sig_s.to_i(16))
                                    ])
  rescue StandardError
  end

  if a1sig.nil?
    return false
  else
    dsa_verify_asn1(digest, a1sig.to_der)
  end
end

#ssh_typeObject Also known as: ssh_signature_type

Returns the description of this key type used by the SSH2 protocol, like “ecdsa-sha2-nistp256”



187
188
189
 
# File 'lib/net/ssh/transport/openssl.rb', line 187

def ssh_type
  "ecdsa-sha2-#{CurveNameAliasInv[group.curve_name]}"
end

#to_blobObject

Converts the key to a blob, according to the SSH2 protocol.



210
211
212
213
214
215
 
# File 'lib/net/ssh/transport/openssl.rb', line 210

def to_blob
  @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
                                  :string, CurveNameAliasInv[group.curve_name],
                                  :mstring, public_key.to_bn.to_s(2)).to_s
  @blob
end