class SSHData::PublicKey::SKED25519

Attributes

application[R]

Public Class Methods

algorithm_identifier() click to toggle source
# File lib/ssh_data/public_key/sked25519.rb, line 12
def self.algorithm_identifier
  ALGO_SKED25519
end
new(algo:, pk:, application:) click to toggle source
Calls superclass method SSHData::PublicKey::ED25519::new
# File lib/ssh_data/public_key/sked25519.rb, line 7
def initialize(algo:, pk:, application:)
  @application = application
  super(algo: algo, pk: pk)
end

Public Instance Methods

==(other) click to toggle source
Calls superclass method SSHData::PublicKey::ED25519#==
# File lib/ssh_data/public_key/sked25519.rb, line 53
def ==(other)
  super && other.application == application
end
rfc4253() click to toggle source

RFC4253 binary encoding of the public key.

Returns a binary String.

# File lib/ssh_data/public_key/sked25519.rb, line 19
def rfc4253
  Encoding.encode_fields(
    [:string, algo],
    [:string, pk],
    [:string, application],
  )
end
verify(signed_data, signature, **opts) click to toggle source
# File lib/ssh_data/public_key/sked25519.rb, line 27
def verify(signed_data, signature, **opts)
  self.class.ed25519_gem_required!
  opts = DEFAULT_SK_VERIFY_OPTS.merge(opts)
  unknown_opts = opts.keys - DEFAULT_SK_VERIFY_OPTS.keys
  raise UnsupportedError, "Verification options #{unknown_opts.inspect} are not supported." unless unknown_opts.empty?

  sig_algo, raw_sig, sk_flags, blob = build_signing_blob(application, signed_data, signature)

  if sig_algo != self.class.algorithm_identifier
    raise DecodeError, "bad signature algorithm: #{sig_algo.inspect}"
  end

  result = begin
      ed25519_key.verify(raw_sig, blob)
    rescue Ed25519::VerifyError
      false
    end

  # We don't know that the flags are correct until after we've validated the signature
  # which embeds the flags, so always verify the signature first.
  return false if opts[:user_presence_required] && (sk_flags & SK_FLAG_USER_PRESENCE != SK_FLAG_USER_PRESENCE)
  return false if opts[:user_verification_required] && (sk_flags & SK_FLAG_USER_VERIFICATION != SK_FLAG_USER_VERIFICATION)

  result
end