Class: Pedicel::EC

Inherits:

Base

• Object
• Base
• Pedicel::EC

Defined in:

lib/pedicel/ec.rb

Constant Summary

Constants inherited from Base

Base::SUPPORTED_VERSIONS

Instance Attribute Summary

Attributes inherited from Base

#config

Class Method Summary

• .merchant_id(certificate:, mid_oid: ) ⇒ Object
• .symmetric_key(merchant_id:, shared_secret:) ⇒ Object

Instance Method Summary

• #decrypt(symmetric_key: nil, merchant_id: nil, certificate: nil, private_key: nil, ca_certificate_pem: @config[:trusted_ca_pem], now: Time.now) ⇒ Object
• #ephemeral_public_key ⇒ Object
• #shared_secret(private_key:) ⇒ Object
• #symmetric_key(private_key: nil, merchant_id: nil, certificate: nil) ⇒ Object

Methods inherited from Base

#application_data, #decrypt_aes, #encrypted_data, extract_certificates, #initialize, #private_key_class, #signature, #symmetric_algorithm, #transaction_id, #valid_signature?, verify_root_certificate, #verify_signature, verify_signed_time, verify_x509_chain, #version

Constructor Details

This class inherits a constructor from Pedicel::Base

Class Method Details

.merchant_id(certificate:, mid_oid: ) ⇒ Object

Raises:

• (CertificateError)

# File 'lib/pedicel/ec.rb', line 114

def self.merchant_id(certificate:, mid_oid: Pedicel::DEFAULT_CONFIG[:oid_merchant_identifier_field])
  begin
    cert = OpenSSL::X509::Certificate.new(certificate)
  rescue => e
    raise CertificateError, "invalid PEM format of certificate: #{e.message}"
  end

  merchant_id_hex =
    cert
    .extensions
    .find { |x| x.oid == mid_oid }
    &.value # Hex encoded Merchant ID plus perhaps extra non-hex chars.
    &.delete('^[0-9a-fA-F]') # Remove non-hex chars.

  raise CertificateError, 'no merchant identifier in certificate' unless merchant_id_hex

  [merchant_id_hex].pack('H*')
end

.symmetric_key(merchant_id:, shared_secret:) ⇒ Object

Raises:

• (ArgumentError)

# File 'lib/pedicel/ec.rb', line 69

def self.symmetric_key(merchant_id:, shared_secret:)
  raise ArgumentError, 'merchant_id must be a SHA256' unless merchant_id.is_a?(String) && merchant_id.length == 32
  raise ArgumentError, 'shared_secret must be a string' unless shared_secret.is_a?(String)

  # http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf
  # Section 5.8.1.1, The Single-Step KDF Specification.
  #
  # With slight adjustments:
  # > 1. Set `reps = ceil(keydatalen/hashlen)`
  # > 2. If `reps > (2^32 - 1)`, then return an error indicator without
  # >    performing the remaining actions.
  # > 3. Initialize a 32-bit, big-endian bit string `counter` as 00000001 base
  # >    16 (i.e. 0x00000001).
  # > 4. If `counter || Z || OtherInfo` is more than `max_H_inputlen` bits
  # >    long, then return an error indicator without performing the remaining
  # >    actions.
  # > 5. For `i = 1` to `reps` by `1`, do the following:
  # >      5.1  Compute `K(i) = H(counter || Z || OtherInfo)`.
  # >      5.2  Increment `counter` (modulo `2^32`), treating it as an
  # >           unsigned 32-bit integer.
  # > 6. Let `K_Last` be set to `K(reps)` if `keydatalen / hashlen` is an
  # >    integer; otherwise, let `K_Last` be set to the `keydatalen mod
  # >    hashlen` leftmost bits of `K(reps)`.
  # > 7. Return `K(1) || K(2) || ... || K(reps-1) || K_Last`.
  #
  # Digest::SHA256 will do the calculations when we throw Z and OtherInfo
  # into the digest.

  sha256 = Digest::SHA256.new

  # Step 3
  sha256 << "\x00\x00\x00\x01"

  # Z
  sha256 << shared_secret

  # OtherInfo
  # https://developer.apple.com/library/content/documentation/PassKit/Reference/PaymentTokenJSON/PaymentTokenJSON.html
  sha256 << "\x0d" + 'id-aes256-GCM' # AlgorithmID
  sha256 << 'Apple' # PartyUInfo
  sha256 << merchant_id # PartyVInfo

  sha256.digest
end

Instance Method Details

#decrypt(symmetric_key: nil, merchant_id: nil, certificate: nil, private_key: nil, ca_certificate_pem: @config[:trusted_ca_pem], now: Time.now) ⇒ Object

# File 'lib/pedicel/ec.rb', line 9

def decrypt(symmetric_key: nil, merchant_id: nil, certificate: nil, private_key: nil,
            ca_certificate_pem: @config[:trusted_ca_pem], now: Time.now)
  # Check for necessary parameters.
  unless symmetric_key || ((merchant_id || certificate) && private_key)
    raise ArgumentError, 'missing parameters'
  end

  # Check for uniqueness among the supplied parameters used directly here.
  if symmetric_key && (merchant_id || certificate || private_key)
    raise ArgumentError, "leave out other parameters when supplying 'symmetric_key'"
  end

  verify_signature(ca_certificate_pem: ca_certificate_pem, now: now)

  symmetric_key ||= symmetric_key(private_key: private_key,
                                  merchant_id: merchant_id,
                                  certificate: certificate)

  decrypt_aes(key: symmetric_key)
end

#ephemeral_public_key ⇒ Object

# File 'lib/pedicel/ec.rb', line 5

def ephemeral_public_key
  Base64.decode64(@token[:header][:ephemeralPublicKey])
end

#shared_secret(private_key:) ⇒ Object

# File 'lib/pedicel/ec.rb', line 48

def shared_secret(private_key:)
  begin
    privkey = OpenSSL::PKey::EC.new(private_key)
  rescue => e
    raise EcKeyError, "invalid PEM format of private key for EC: #{e.message}"
  end

  begin
    pubkey = OpenSSL::PKey::EC.new(ephemeral_public_key).public_key
  rescue => e
    raise EcKeyError, "invalid ephemeralPublicKey (from token) for EC: #{e.message}"
  end

  unless privkey.group == pubkey.group
    raise EcKeyError, "private_key curve '%s' differs from token ephemeralPublicKey curve '%s'" %
                      [privkey.group.curve_name, pubkey.group.curve_name]
  end

  privkey.dh_compute_key(pubkey)
end

#symmetric_key(private_key: nil, merchant_id: nil, certificate: nil) ⇒ Object

# File 'lib/pedicel/ec.rb', line 30

def symmetric_key(private_key: nil, merchant_id: nil, certificate: nil)
  # Check for necessary parameters.
  unless private_key && (merchant_id || certificate)
    raise ArgumentError, 'missing parameters'
  end

  # Check for uniqueness among the supplied parameters.
  if merchant_id && certificate
    raise ArgumentError, "leave out 'certificate' when supplying 'merchant_id'"
  end

  shared_secret = shared_secret(private_key: private_key)

  merchant_id ||= self.class.merchant_id(certificate: certificate, mid_oid: @config[:oid_merchant_identifier_field])

  self.class.symmetric_key(shared_secret: shared_secret, merchant_id: merchant_id)
end