Class: JOSE::JWK::KTY_EC

Inherits:

Struct

• Object
• Struct
• JOSE::JWK::KTY_EC

Defined in:

lib/jose/jwk/kty_ec.rb

Instance Attribute Summary

• #key ⇒ Object

  Returns the value of attribute key.

Class Method Summary

• .from_key(key) ⇒ Object

  API functions.

• .from_map(fields) ⇒ Object

  JOSE::JWK callbacks.

• .generate_key(curve_name) ⇒ Object

Instance Method Summary

• #block_encryptor(fields) ⇒ Object

  JOSE::JWK::KTY callbacks.

• #derive_key(my_private_key) ⇒ Object
• #generate_key(fields) ⇒ Object
• #key_encryptor(fields, key) ⇒ Object
• #sign(message, digest_type) ⇒ Object
• #signer(fields = nil) ⇒ Object
• #to_key ⇒ Object
• #to_map(fields) ⇒ Object
• #to_pem(password = nil) ⇒ Object
• #to_public_map(fields) ⇒ Object
• #to_thumbprint_map(fields) ⇒ Object
• #verifier(fields) ⇒ Object
• #verify(message, digest_type, signature) ⇒ Object

Instance Attribute Details

#key ⇒ Object

Returns the value of attribute key

Returns:

• (Object) —

  the current value of key

# File 'lib/jose/jwk/kty_ec.rb', line 1

def key
  @key
end

Class Method Details

.from_key(key) ⇒ Object

API functions

# File 'lib/jose/jwk/kty_ec.rb', line 228

def self.from_key(key)
  key = key.__getobj__ if key.is_a?(JOSE::JWK::PKeyProxy)
  case key
  when OpenSSL::PKey::EC
    return JOSE::JWK::KTY_EC.new(JOSE::JWK::PKeyProxy.new(key)), JOSE::Map[]
  else
    raise ArgumentError, "'key' must be a OpenSSL::PKey::EC"
  end
end

.from_map(fields) ⇒ Object

JOSE::JWK callbacks

# File 'lib/jose/jwk/kty_ec.rb', line 5

def self.from_map(fields)
  if fields['kty'] == 'EC' and fields['crv'].is_a?(String) and fields['x'].is_a?(String) and fields['y'].is_a?(String)
    crv = case fields['crv']
    when 'P-256'
      'prime256v1'
    when 'P-384'
      'secp384r1'
    when 'P-521'
      'secp521r1'
    else
      raise ArgumentError, "invalid 'EC' JWK"
    end

    x = JOSE.urlsafe_decode64(fields['x'])
    y = JOSE.urlsafe_decode64(fields['y'])
    point    = OpenSSL::PKey::EC::Point.new(
      OpenSSL::PKey::EC::Group.new(crv),
      OpenSSL::BN.new([0x04, x, y].pack('Ca*a*'), 2)
    )

    sequence = if fields['d'].is_a?(String)
      OpenSSL::ASN1::Sequence([
        OpenSSL::ASN1::Integer(1),
        OpenSSL::ASN1::OctetString(OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['d']), 2).to_s(2)),
        OpenSSL::ASN1::ObjectId(crv, 0, :EXPLICIT),
        OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed), 1, :EXPLICIT)
      ])
    else
      OpenSSL::ASN1::Sequence([
        OpenSSL::ASN1::Sequence([
          OpenSSL::ASN1::ObjectId("id-ecPublicKey"),
          OpenSSL::ASN1::ObjectId(crv)
        ]),
        OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed))
      ])
    end
    ec = OpenSSL::PKey::EC.new(sequence.to_der)
    return JOSE::JWK::KTY_EC.new(JOSE::JWK::PKeyProxy.new(ec)), fields.except('kty', 'crv', 'd', 'x', 'y')
  else
    raise ArgumentError, "invalid 'EC' JWK"
  end
end

.generate_key(curve_name) ⇒ Object

# File 'lib/jose/jwk/kty_ec.rb', line 135

def self.generate_key(curve_name)
  if curve_name.is_a?(Array) and curve_name.length == 2 and curve_name[0] == :ec
    curve_name = curve_name[1]
  end
  curve_name = case curve_name
  when 'P-256'
    'prime256v1'
  when 'P-384'
    'secp384r1'
  when 'P-521'
    'secp521r1'
  else
    curve_name
  end
  if curve_name.is_a?(String)
    return from_key(OpenSSL::PKey::EC.generate(curve_name))
  else
    raise ArgumentError, "'curve_name' must be a String"
  end
end

Instance Method Details

#block_encryptor(fields) ⇒ Object

JOSE::JWK::KTY callbacks

# File 'lib/jose/jwk/kty_ec.rb', line 100

def block_encryptor(fields)
  if fields and fields['use'] == 'enc' and not fields['alg'].nil? and not fields['enc'].nil?
    jwe = JOSE::Map[
      'alg' => fields['alg'],
      'enc' => fields['enc']
    ]
    if not fields['apu'].nil?
      jwe = jwe.put('apu', fields['apu'])
    end
    if not fields['apv'].nil?
      jwe = jwe.put('apv', fields['apv'])
    end
    if not fields['epk'].nil?
      jwe = jwe.put('epk', fields['epk'])
    end
    return jwe
  else
    return JOSE::Map[
      'alg' => 'ECDH-ES',
      'enc' => 'A128GCM'
    ]
  end
end

#derive_key(my_private_key) ⇒ Object

# File 'lib/jose/jwk/kty_ec.rb', line 124

def derive_key(my_private_key)
  if my_private_key.is_a?(JOSE::JWK)
    my_private_key = my_private_key.to_key
  end
  if my_private_key.private_key?
    return my_private_key.dh_compute_key(key.public_key)
  else
    raise ArgumentError, "derive_key requires a private key as an argument"
  end
end

#generate_key(fields) ⇒ Object

# File 'lib/jose/jwk/kty_ec.rb', line 156

def generate_key(fields)
  kty, other_fields = JOSE::JWK::KTY_EC.generate_key([:ec, key.group.curve_name])
  return kty, fields.delete('kid').merge(other_fields)
end

#key_encryptor(fields, key) ⇒ Object

# File 'lib/jose/jwk/kty_ec.rb', line 161

def key_encryptor(fields, key)
  return JOSE::JWK::KTY.key_encryptor(self, fields, key)
end

#sign(message, digest_type) ⇒ Object

# File 'lib/jose/jwk/kty_ec.rb', line 165

def sign(message, digest_type)
  asn1_signature = key.dsa_sign_asn1(digest_type.digest(message))
  asn1_sequence = OpenSSL::ASN1.decode(asn1_signature)
  rbin = asn1_sequence.value[0].value.to_s(2)
  sbin = asn1_sequence.value[1].value.to_s(2)
  size = [rbin.bytesize, sbin.bytesize].max
  rpad = pad(rbin, size)
  spad = pad(sbin, size)
  return rpad.concat(spad)
end

#signer(fields = nil) ⇒ Object

# File 'lib/jose/jwk/kty_ec.rb', line 176

def signer(fields = nil)
  if key.private_key? and fields and fields['use'] == 'sig' and not fields['alg'].nil?
    return JOSE::Map['alg' => fields['alg']]
  elsif key.private_key?
    alg = case key.group.curve_name
    when 'prime256v1', 'secp256r1'
      'ES256'
    when 'secp384r1'
      'ES384'
    when 'secp521r1'
      'ES512'
    else
      raise ArgumentError, "unhandled EC curve name: #{key.group.curve_name.inspect}"
    end
    return JOSE::Map['alg' => alg]
  else
    raise ArgumentError, "signing not supported for public keys"
  end
end

#to_key ⇒ Object

# File 'lib/jose/jwk/kty_ec.rb', line 48

def to_key
  return key.__getobj__
end

#to_map(fields) ⇒ Object

# File 'lib/jose/jwk/kty_ec.rb', line 52

def to_map(fields)
  ec_point = key.public_key.to_bn.to_s(2)
  ec_point_x, ec_point_y = case ec_point.bytesize
  when 65
    ec_point.unpack('xa32a32')
  when 97
    ec_point.unpack('xa48a48')
  when 133
    ec_point.unpack('xa66a66')
  else
    raise ArgumentError, "unhandled EC point size: #{ec_point.bytesize.inspect}"
  end
  crv = case key.group.curve_name
  when 'prime256v1', 'secp256r1'
    'P-256'
  when 'secp384r1'
    'P-384'
  when 'secp521r1'
    'P-521'
  else
    raise ArgumentError, "unhandled EC curve name: #{key.group.curve_name.inspect}"
  end
  if key.private_key?
    return fields.
      put('crv', crv).
      put('d',   JOSE.urlsafe_encode64(key.private_key.to_s(2))).
      put('kty', 'EC').
      put('x',   JOSE.urlsafe_encode64(ec_point_x)).
      put('y',   JOSE.urlsafe_encode64(ec_point_y))
  else
    return fields.
      put('crv', crv).
      put('kty', 'EC').
      put('x',   JOSE.urlsafe_encode64(ec_point_x)).
      put('y',   JOSE.urlsafe_encode64(ec_point_y))
  end
end

#to_pem(password = nil) ⇒ Object

# File 'lib/jose/jwk/kty_ec.rb', line 238

def to_pem(password = nil)
  return JOSE::JWK::PEM.to_binary(key, password)
end

#to_public_map(fields) ⇒ Object

# File 'lib/jose/jwk/kty_ec.rb', line 90

def to_public_map(fields)
  return to_map(fields).except('d')
end

#to_thumbprint_map(fields) ⇒ Object

# File 'lib/jose/jwk/kty_ec.rb', line 94

def to_thumbprint_map(fields)
  return to_public_map(fields).slice('crv', 'kty', 'x', 'y')
end

#verifier(fields) ⇒ Object

# File 'lib/jose/jwk/kty_ec.rb', line 196

def verifier(fields)
  if fields and fields['use'] == 'sig' and not fields['alg'].nil?
    return [fields['alg']]
  else
    alg = case key.group.curve_name
    when 'prime256v1', 'secp256r1'
      'ES256'
    when 'secp384r1'
      'ES384'
    when 'secp521r1'
      'ES512'
    else
      raise ArgumentError, "unhandled EC curve name: #{key.group.curve_name.inspect}"
    end
    return [alg]
  end
end

#verify(message, digest_type, signature) ⇒ Object

# File 'lib/jose/jwk/kty_ec.rb', line 214

def verify(message, digest_type, signature)
  n = signature.bytesize.div(2)
  r = OpenSSL::BN.new(signature[0..(n-1)], 2)
  s = OpenSSL::BN.new(signature[n..-1], 2)
  asn1_sequence = OpenSSL::ASN1::Sequence.new([
    OpenSSL::ASN1::Integer.new(r),
    OpenSSL::ASN1::Integer.new(s)
  ])
  asn1_signature = asn1_sequence.to_der
  return key.dsa_verify_asn1(digest_type.digest(message), asn1_signature)
end