class OpenSSL::PKey::EC

This class is originally defined in the OpenSSL module. As needed, methods have been added to it by the Net::SSH module for convenience in dealing with SSH functionality.

Constants

CurveNameAlias
CurveNameAliasInv

Public Class Methods

read_keyblob(curve_name_in_type, buffer) click to toggle source
# File lib/net/ssh/transport/openssl.rb, line 153
def self.read_keyblob(curve_name_in_type, buffer)
  curve_name_in_key = buffer.read_string

  unless curve_name_in_type == curve_name_in_key
    raise Net::SSH::Exception, "curve name mismatched (`#{curve_name_in_key}' with `#{curve_name_in_type}')"
  end

  public_key_oct = buffer.read_string
  begin
    curvename = OpenSSL::PKey::EC::CurveNameAlias[curve_name_in_key]
    group = OpenSSL::PKey::EC::Group.new(curvename)
    point = OpenSSL::PKey::EC::Point.new(group, OpenSSL::BN.new(public_key_oct, 2))
    asn1 = OpenSSL::ASN1::Sequence(
      [
        OpenSSL::ASN1::Sequence(
          [
            OpenSSL::ASN1::ObjectId("id-ecPublicKey"),
            OpenSSL::ASN1::ObjectId(curvename)
          ]
        ),
        OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed))
      ]
    )

    key = OpenSSL::PKey::EC.new(asn1.to_der)

    return key
  rescue OpenSSL::PKey::ECError
    raise NotImplementedError, "unsupported key type `#{type}'"
  end
end

Public Instance Methods

ssh_do_sign(data, sig_alg = nil) click to toggle source

Returns the signature for the given data.

# File lib/net/ssh/transport/openssl.rb, line 244
def ssh_do_sign(data, sig_alg = nil)
  digest = digester.digest(data)
  sig = dsa_sign_asn1(digest)
  a1sig = OpenSSL::ASN1.decode(sig)

  sig_r = a1sig.value[0].value
  sig_s = a1sig.value[1].value

  Net::SSH::Buffer.from(:bignum, sig_r, :bignum, sig_s).to_s
end
ssh_do_verify(sig, data, options = {}) click to toggle source

Verifies the given signature matches the given data.

# File lib/net/ssh/transport/openssl.rb, line 218
def ssh_do_verify(sig, data, options = {})
  digest = digester.digest(data)
  a1sig = nil

  begin
    sig_r_len = sig[0, 4].unpack('H*')[0].to_i(16)
    sig_l_len = sig[4 + sig_r_len, 4].unpack('H*')[0].to_i(16)

    sig_r = sig[4, sig_r_len].unpack('H*')[0]
    sig_s = sig[4 + sig_r_len + 4, sig_l_len].unpack('H*')[0]

    a1sig = OpenSSL::ASN1::Sequence([
                                      OpenSSL::ASN1::Integer(sig_r.to_i(16)),
                                      OpenSSL::ASN1::Integer(sig_s.to_i(16))
                                    ])
  rescue StandardError
  end

  if a1sig.nil?
    return false
  else
    dsa_verify_asn1(digest, a1sig.to_der)
  end
end
ssh_signature_type()
Alias for: ssh_type
ssh_type() click to toggle source

Returns the description of this key type used by the SSH2 protocol, like “ecdsa-sha2-nistp256”

# File lib/net/ssh/transport/openssl.rb, line 187
def ssh_type
  "ecdsa-sha2-#{CurveNameAliasInv[group.curve_name]}"
end
Also aliased as: ssh_signature_type
to_blob() click to toggle source

Converts the key to a blob, according to the SSH2 protocol.

# File lib/net/ssh/transport/openssl.rb, line 210
def to_blob
  @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
                                  :string, CurveNameAliasInv[group.curve_name],
                                  :mstring, public_key.to_bn.to_s(2)).to_s
  @blob
end

Private Instance Methods

digester() click to toggle source
# File lib/net/ssh/transport/openssl.rb, line 193
def digester
  if group.curve_name =~ /^[a-z]+(\d+)\w*\z/
    curve_size = Regexp.last_match(1).to_i
    if curve_size <= 256
      OpenSSL::Digest::SHA256.new
    elsif curve_size <= 384
      OpenSSL::Digest::SHA384.new
    else
      OpenSSL::Digest::SHA512.new
    end
  else
    OpenSSL::Digest::SHA256.new
  end
end