Class: Wampproto::Auth::Cryptosign

Inherits:

Base

• Object
• Base
• Wampproto::Auth::Cryptosign

Includes:

Helpers

Defined in:

lib/wampproto/auth/cryptosign.rb

Overview

generates wampcra authentication signature

Constant Summary

AUTH_METHOD =

"cryptosign"

Instance Attribute Summary

• #channel_id ⇒ Object

  Returns the value of attribute channel_id.

• #private_key ⇒ Object readonly

  Returns the value of attribute private_key.

Attributes inherited from Base

#authextra, #authid, #authmethod

Class Method Summary

• .create_challenge ⇒ Object
• .create_signature(private_key, challenge, channel_id = nil) ⇒ Object
• .handle_channel_binding(private_key, hex_challenge, channel_id) ⇒ Object
• .handle_without_channel_binding(private_key, hex_challenge) ⇒ Object
• .sign_challenge(private_key, challenge, channel_id = nil) ⇒ Object
• .verify_challenge(signature, msg, public_key) ⇒ Object
• .xored_strings(channel_id, challenge_str) ⇒ Object

Instance Method Summary

• #authenticate(challenge) ⇒ Object
• #initialize(private_key, authid, authextra = {}) ⇒ Cryptosign constructor

  A new instance of Cryptosign.

Methods included from Helpers

included

Constructor Details

#initialize(private_key, authid, authextra = {}) ⇒ Cryptosign

# File 'lib/wampproto/auth/cryptosign.rb', line 16

def initialize(private_key, authid, authextra = {})
  @private_key = Validate.string!("Private Key", private_key)
  super(AUTH_METHOD, authid, authextra)
end

Instance Attribute Details

#channel_id ⇒ Object

Returns the value of attribute channel_id.

# File 'lib/wampproto/auth/cryptosign.rb', line 12

def channel_id
  @channel_id
end

#private_key ⇒ Object (readonly)

Returns the value of attribute private_key.

# File 'lib/wampproto/auth/cryptosign.rb', line 11

def private_key
  @private_key
end

Class Method Details

.create_challenge ⇒ Object

# File 'lib/wampproto/auth/cryptosign.rb', line 27

def create_challenge
  binary_challenge = SecureRandom.random_bytes(32)
  binary_to_hex(binary_challenge)
end

.create_signature(private_key, challenge, channel_id = nil) ⇒ Object

# File 'lib/wampproto/auth/cryptosign.rb', line 48

def create_signature(private_key, challenge, channel_id = nil)
  return handle_channel_binding(private_key, challenge, channel_id) if channel_id

  handle_without_channel_binding(private_key, challenge)
end

.handle_channel_binding(private_key, hex_challenge, channel_id) ⇒ Object

# File 'lib/wampproto/auth/cryptosign.rb', line 64

def handle_channel_binding(private_key, hex_challenge, channel_id)
  key_pair = Ed25519::SigningKey.new(hex_to_binary(private_key))

  channel_id              = hex_to_binary(channel_id)
  challenge               = hex_to_binary(hex_challenge)
  xored_challenge         = xored_strings(channel_id, challenge)
  binary_signed_challenge = key_pair.sign(xored_challenge)
  signature               = binary_to_hex(binary_signed_challenge)
  hex_xored_challenge     = binary_to_hex(xored_challenge)
  "#{signature}#{hex_xored_challenge}"
end

.handle_without_channel_binding(private_key, hex_challenge) ⇒ Object

# File 'lib/wampproto/auth/cryptosign.rb', line 54

def handle_without_channel_binding(private_key, hex_challenge)
  key_pair = Ed25519::SigningKey.new(hex_to_binary(private_key))

  binary_challenge  = hex_to_binary(hex_challenge)
  binary_signature  = key_pair.sign(binary_challenge)
  signature         = binary_to_hex(binary_signature)

  "#{signature}#{hex_challenge}"
end

.sign_challenge(private_key, challenge, channel_id = nil) ⇒ Object

# File 'lib/wampproto/auth/cryptosign.rb', line 44

def sign_challenge(private_key, challenge, channel_id = nil)
  create_signature(private_key, challenge, channel_id)
end

.verify_challenge(signature, msg, public_key) ⇒ Object

# File 'lib/wampproto/auth/cryptosign.rb', line 32

def verify_challenge(signature, msg, public_key)
  verify_key = Ed25519::VerifyKey.new(hex_to_binary(public_key))

  binary_signature = hex_to_binary(signature)
  signature = binary_signature[0, 64].to_s
  message = binary_signature[64, 32].to_s
  return false if message.empty? || signature.empty?
  return false if msg != binary_to_hex(message)

  verify_key.verify(signature, message)
end

.xored_strings(channel_id, challenge_str) ⇒ Object

# File 'lib/wampproto/auth/cryptosign.rb', line 76

def xored_strings(channel_id, challenge_str)
  channel_id_bytes = channel_id.bytes
  challenge_bytes = challenge_str.bytes
  # Added || 0 like (byte1 || 0) to make steep check happy
  xored = channel_id_bytes.zip(challenge_bytes).map { |byte1, byte2| (byte1 || 0) ^ (byte2 || 0) }
  xored.pack("C*")
end

Instance Method Details

#authenticate(challenge) ⇒ Object

# File 'lib/wampproto/auth/cryptosign.rb', line 21

def authenticate(challenge)
  signature = self.class.create_signature(private_key, challenge.extra[:challenge], channel_id)
  Message::Authenticate.new(signature)
end