Class: CyberplatPKI::Key

Inherits:

Object

• Object
• CyberplatPKI::Key

Defined in:

lib/cyberplat_pki/key.rb

Defined Under Namespace

Modules: Helpers

Instance Attribute Summary

• #ca_key ⇒ Object

  Returns the value of attribute ca_key.

• #name ⇒ Object

  Returns the value of attribute name.

• #packets ⇒ Object

  Returns the value of attribute packets.

• #serial ⇒ Object

  Returns the value of attribute serial.

• #signature ⇒ Object

  Returns the value of attribute signature.

Class Method Summary

• .new_private(source, password = nil) ⇒ Object
• .new_public(source, serial, ca_key = nil) ⇒ Object

Instance Method Summary

• #initialize ⇒ Key constructor

  A new instance of Key.

• #sign(data) ⇒ Object
• #validate ⇒ Object
• #verify(data_with_signature) ⇒ Object

Constructor Details

#initialize ⇒ Key

Returns a new instance of Key.

# File 'lib/cyberplat_pki/key.rb', line 64

def initialize
  @serial = nil
  @name = nil
  @signature = nil
  @ca_key = nil
  @packets = nil
end

Instance Attribute Details

#ca_key ⇒ Object

Returns the value of attribute ca_key.

# File 'lib/cyberplat_pki/key.rb', line 31

def ca_key
  @ca_key
end

#name ⇒ Object

Returns the value of attribute name.

# File 'lib/cyberplat_pki/key.rb', line 31

def name
  @name
end

#packets ⇒ Object

Returns the value of attribute packets.

# File 'lib/cyberplat_pki/key.rb', line 31

def packets
  @packets
end

#serial ⇒ Object

Returns the value of attribute serial.

# File 'lib/cyberplat_pki/key.rb', line 31

def serial
  @serial
end

#signature ⇒ Object

Returns the value of attribute signature.

# File 'lib/cyberplat_pki/key.rb', line 31

def signature
  @signature
end

Class Method Details

.new_private(source, password = nil) ⇒ Object

# File 'lib/cyberplat_pki/key.rb', line 33

def self.new_private(source, password = nil)
  documents = Document.load source

  key, document = Helpers.key_from_document_set documents, :NM, 0, password
  key.ca_key = key

  key
end

.new_public(source, serial, ca_key = nil) ⇒ Object

# File 'lib/cyberplat_pki/key.rb', line 42

def self.new_public(source, serial, ca_key = nil)
  documents = Document.load source

  key, document = Helpers.key_from_document_set documents, :NS, serial
  if ca_key.nil?
    if document.subject == document.ca
      key.ca_key = key
    else
      key.ca_key, ca_document = Helpers.key_from_document_set documents, :NS, document.ca.key_serial
      key.ca_key.ca_key = key.ca_key

      key.ca_key.validate
    end
  else
    key.ca_key = ca_key
  end

  key.validate

  key
end

Instance Method Details

#sign(data) ⇒ Object

# File 'lib/cyberplat_pki/key.rb', line 72

def sign(data)
  signature = SignaturePacket.new

  signature.metadata = [
    0x01,         # Signature type
    serial,       # Signing key serial number
    Time.now.to_i # Timestamp
  ].pack("CNN")

  key_packet = Helpers.find_record packets, KeyPacket

  digest = OpenSSL::Digest::MD5.new
  signature.signature = key_packet.key.sign digest, data + signature.metadata

  # Re-hash to get 'first word of digest'
  digest.reset
  digest.update data
  digest.update signature.metadata
  signature.hash_msw = digest.digest[0..1]

  trust = TrustPacket.new
  trust.trust = 0xC7.chr

  signature_block = Packet.save([ signature, trust ])

  doc = Document.new
  doc.engine      = 1
  doc.type        = :SM
  doc.subject     = KeyId.new @name, @serial
  doc.ca          = KeyId.new '', 0
  doc.data_length = data.length
  doc.body        = data
  doc.signature   = Document.encode64 signature_block

  text = Document.save [ doc ]

  text
end

#validate ⇒ Object

# File 'lib/cyberplat_pki/key.rb', line 126

def validate
  signature_packet = Helpers.find_record signature,      SignaturePacket
  key_packet       = Helpers.find_record packets,        KeyPacket
  user_id_packet   = Helpers.find_record packets,        UserIdPacket
  ca_key_packet    = Helpers.find_record ca_key.packets, KeyPacket

  io = StringIO.open ''.encode('BINARY'), 'wb'
  io.extend PacketIORoutines

  io.seek 3
  key_packet.save io, nil

  data_length = io.pos - 3
  io.rewind
  io.write [ 0x99, data_length ].pack "Cn"
  io.seek 0, IO::SEEK_END

  io.write user_id_packet.user_id
  io.write signature_packet.metadata

  digest = OpenSSL::Digest::MD5.new
  signature = signature_packet.signature.rjust ca_key_packet.key.n.num_bytes, 0.chr
  valid = ca_key_packet.key.verify digest, signature, io.string

  raise "CyberplatPKI: CRYPT_ERR_INVALID_KEY (key signature verification failed)" unless valid
end

#verify(data_with_signature) ⇒ Object

# File 'lib/cyberplat_pki/key.rb', line 111

def verify(data_with_signature)
  documents = Document.load data_with_signature

  raise "CyberplatPKI: CRYPT_ERR_INVALID_FORMAT (expected one document of type SM)" if documents.length != 1 || documents[0].type != :SM

  document, = *documents

  signature_packet, = Packet.load Document.decode64(document.signature)
  key_packet        = Helpers.find_record packets, KeyPacket

  digest = OpenSSL::Digest::MD5.new
  signature = signature_packet.signature.ljust key_packet.key.n.num_bytes, 0.chr
  key_packet.key.verify digest, signature, document.body + signature_packet.metadata
end