Class: OpenSSL::PKey::EC

Inherits:
PKey show all
Defined in:
ext/openssl/ossl_pkey_ec.c

Defined Under Namespace

Classes: Group, Point

Constant Summary

NAMED_CURVE = 
ULONG2NUM(OPENSSL_EC_NAMED_CURVE)

Class Method Summary (collapse)

Instance Method Summary (collapse)

Constructor Details

- (Object) OpenSSL::PKey::EC.new - (Object) OpenSSL::PKey::EC.new(ec_key) - (Object) OpenSSL::PKey::EC.new(ec_group) - (Object) OpenSSL::PKey::EC.new("secp112r1") - (Object) OpenSSL::PKey::EC.new(pem_string) - (Object) OpenSSL::PKey::EC.new(der_string)

See the OpenSSL documentation for:

EC_KEY_*



# File 'ext/openssl/ossl_pkey_ec.c'

static VALUE ossl_ec_key_initialize(int argc, VALUE *argv, VALUE self)
{
EVP_PKEY *pkey;
EC_KEY *ec = NULL;
VALUE arg, pass;
VALUE group = Qnil;

GetPKey(self, pkey);
if (pkey->pkey.ec)
    rb_raise(eECError, "EC_KEY already initialized");

rb_scan_args(argc, argv, "02", &arg, &pass);

if (NIL_P(arg)) {
    ec = EC_KEY_new();
}

Class Method Details

+ (Array) builtin_curves

See the OpenSSL documentation for EC_builtin_curves()

Returns:




# File 'ext/openssl/ossl_pkey_ec.c'

static VALUE ossl_s_builtin_curves(VALUE self)
{
EC_builtin_curve *curves = NULL;
int n;
int crv_len = EC_get_builtin_curves(NULL, 0);
VALUE ary, ret;

curves = ALLOCA_N(EC_builtin_curve, crv_len);
if (curves == NULL)
    return Qnil;
if (!EC_get_builtin_curves(curves, crv_len))
    ossl_raise(rb_eRuntimeError, "EC_get_builtin_curves");

ret = rb_ary_new2(crv_len);

for (n = 0; n < crv_len; n++) {
    const char *sname = OBJ_nid2sn(curves[n].nid);
    const char *comment = curves[n].comment;

    ary = rb_ary_new2(2);
    rb_ary_push(ary, rb_str_new2(sname));
    rb_ary_push(ary, comment ? rb_str_new2(comment) : Qnil);
    rb_ary_push(ret, ary);
}

Instance Method Details

- (true) check_key

Raises an exception if the key is invalid.

See the OpenSSL documentation for EC_KEY_check_key()

Returns:

  • (true) 



# File 'ext/openssl/ossl_pkey_ec.c'

static VALUE ossl_ec_key_check_key(VALUE self)
{
    EC_KEY *ec;

    Require_EC_KEY(self, ec);

    if (EC_KEY_check_key(ec) != 1)
    ossl_raise(eECError, "EC_KEY_check_key");

    return Qtrue;
}

- (Object) dh_compute_key(pubkey)

See the OpenSSL documentation for ECDH_compute_key()




# File 'ext/openssl/ossl_pkey_ec.c'

static VALUE ossl_ec_key_dh_compute_key(VALUE self, VALUE pubkey)
{
    EC_KEY *ec;
    EC_POINT *point;
    int buf_len;
    VALUE str;

    Require_EC_KEY(self, ec);
    SafeRequire_EC_POINT(pubkey, point);

/* BUG: need a way to figure out the maximum string size */
    buf_len = 1024;
    str = rb_bstr_new();
    rb_bstr_resize(str, buf_len);
/* BUG: take KDF as a block */
    buf_len = ECDH_compute_key(rb_bstr_bytes(str), buf_len,
        point, ec, NULL);
    if (buf_len < 0)
         ossl_raise(eECError, "ECDH_compute_key");

    rb_bstr_resize(str, buf_len);

    return str;
}

- (Object) dsa_sign_asn1(data)

See the OpenSSL documentation for ECDSA_sign()




# File 'ext/openssl/ossl_pkey_ec.c'

static VALUE ossl_ec_key_dsa_sign_asn1(VALUE self, VALUE data)
{
    EC_KEY *ec;
    unsigned int buf_len;
    VALUE str;

    Require_EC_KEY(self, ec);
    StringValue(data);

    if (EC_KEY_get0_private_key(ec) == NULL)
    ossl_raise(eECError, "Private EC key needed!");

    str = rb_bstr_new();
    rb_bstr_resize(str, ECDSA_size(ec) + 16);
    if (ECDSA_sign(0, (const unsigned char *) RSTRING_PTR(data), RSTRING_LEN(data), (unsigned char *) rb_bstr_bytes(str), &buf_len, ec) != 1)
         ossl_raise(eECError, "ECDSA_sign");

    rb_bstr_resize(str, buf_len);

    return str;
}

- (Boolean) dsa_verify(data, sig)

See the OpenSSL documentation for ECDSA_verify()

Returns:

  • (Boolean) 



# File 'ext/openssl/ossl_pkey_ec.c'

static VALUE ossl_ec_key_dsa_verify_asn1(VALUE self, VALUE data, VALUE sig)
{
EC_KEY *ec;

Require_EC_KEY(self, ec);
StringValue(data);
StringValue(sig);

switch (ECDSA_verify(0, (unsigned char *) RSTRING_PTR(data), RSTRING_LEN(data), (unsigned char *) RSTRING_PTR(sig), RSTRING_LEN(sig), ec)) {
case 1: return Qtrue;
case 0: return Qfalse;
default:    break;
}

- (EC) generate_key

See the OpenSSL documentation for EC_KEY_generate_key()

Returns:




# File 'ext/openssl/ossl_pkey_ec.c'

static VALUE ossl_ec_key_generate_key(VALUE self)
{
    EC_KEY *ec;

    Require_EC_KEY(self, ec);

    if (EC_KEY_generate_key(ec) != 1)
    ossl_raise(eECError, "EC_KEY_generate_key");

    return self;
}

- (Object) group

Returns a constant OpenSSL::EC::Group that is tied to the key. Modifying the returned group can make the key invalid.




# File 'ext/openssl/ossl_pkey_ec.c'

static VALUE ossl_ec_key_get_group(VALUE self)
{
VALUE group_v;
EC_KEY *ec;
ossl_ec_group *ec_group;
EC_GROUP *group;

Require_EC_KEY(self, ec);

group_v = rb_iv_get(self, "@group");
if (!NIL_P(group_v))
    return group_v;

if ((group = (EC_GROUP *)EC_KEY_get0_group(ec)) != NULL) {
    group_v = rb_obj_alloc(cEC_GROUP);
    SafeGet_ec_group(group_v, ec_group);
    ec_group->group = group;
    ec_group->dont_free = 1;
    rb_iv_set(group_v, "@key", self);
    rb_iv_set(self, "@group", group_v);
    return group_v;
}

- (Object) group=(group)

Returns the same object passed, not the group object associated with the key. If you wish to access the group object tied to the key call key.group after setting the group.

Setting the group will immediately destroy any previously assigned group object. The group is internally copied by OpenSSL. Modifying the original group after assignment will not effect the internal key structure. (your changes may be lost). BE CAREFUL.

EC_KEY_set_group calls EC_GROUP_free(key->group) then EC_GROUP_dup(), not EC_GROUP_copy. This documentation is accurate for OpenSSL 0.9.8b.




# File 'ext/openssl/ossl_pkey_ec.c'

static VALUE ossl_ec_key_set_group(VALUE self, VALUE group_v)
{
VALUE old_group_v;
EC_KEY *ec;
EC_GROUP *group;

Require_EC_KEY(self, ec);
SafeRequire_EC_GROUP(group_v, group);

old_group_v = rb_iv_get(self, "@group");
if (!NIL_P(old_group_v)) {
    ossl_ec_group *old_ec_group;
    SafeGet_ec_group(old_group_v, old_ec_group);

    old_ec_group->group = NULL;
    old_ec_group->dont_free = 0;
    rb_iv_set(old_group_v, "@key", Qnil);
}

- (Object) private_key

See the OpenSSL documentation for EC_KEY_get0_private_key()




# File 'ext/openssl/ossl_pkey_ec.c'

static VALUE ossl_ec_key_get_private_key(VALUE self)
{
    EC_KEY *ec;
    const BIGNUM *bn;

    Require_EC_KEY(self, ec);

    if ((bn = EC_KEY_get0_private_key(ec)) == NULL)
        return Qnil;

    return ossl_bn_new(bn);
}

- (Object) private_key=(openssl_bn)

See the OpenSSL documentation for EC_KEY_set_private_key()




# File 'ext/openssl/ossl_pkey_ec.c'

static VALUE ossl_ec_key_set_private_key(VALUE self, VALUE private_key)
{
EC_KEY *ec;
BIGNUM *bn = NULL;

Require_EC_KEY(self, ec);
if (!NIL_P(private_key))
    bn = GetBNPtr(private_key);

switch (EC_KEY_set_private_key(ec, bn)) {
case 1:
    break;
case 0:
    if (bn == NULL)
        break;
default:
    ossl_raise(eECError, "EC_KEY_set_private_key");
}

- (Boolean) private_key?

Both public_key? and private_key? may return false at the same time unlike other PKey classes.

Returns:

  • (Boolean) 



# File 'ext/openssl/ossl_pkey_ec.c'

static VALUE ossl_ec_key_is_private_key(VALUE self)
{
    EC_KEY *ec;

    Require_EC_KEY(self, ec);

    return (EC_KEY_get0_private_key(ec) ? Qtrue : Qfalse);
}

- (Object) public_key

See the OpenSSL documentation for EC_KEY_get0_public_key()




# File 'ext/openssl/ossl_pkey_ec.c'

static VALUE ossl_ec_key_get_public_key(VALUE self)
{
    EC_KEY *ec;
    const EC_POINT *point;
    VALUE group;

    Require_EC_KEY(self, ec);

    if ((point = EC_KEY_get0_public_key(ec)) == NULL)
        return Qnil;

    group = rb_funcall(self, rb_intern("group"), 0);
    if (NIL_P(group))
        ossl_raise(eECError, "EC_KEY_get0_get0_group (has public_key but no group???");

    return ossl_ec_point_dup(point, group);
}

- (Object) public_key=(ec_point)

See the OpenSSL documentation for EC_KEY_set_public_key()




# File 'ext/openssl/ossl_pkey_ec.c'

static VALUE ossl_ec_key_set_public_key(VALUE self, VALUE public_key)
{
EC_KEY *ec;
EC_POINT *point = NULL;

Require_EC_KEY(self, ec);
if (!NIL_P(public_key))
    SafeRequire_EC_POINT(public_key, point);

switch (EC_KEY_set_public_key(ec, point)) {
case 1:
    break;
case 0:
    if (point == NULL)
        break;
default:
    ossl_raise(eECError, "EC_KEY_set_public_key");
}

- (Boolean) public_key?

Both public_key? and private_key? may return false at the same time unlike other PKey classes.

Returns:

  • (Boolean) 



# File 'ext/openssl/ossl_pkey_ec.c'

static VALUE ossl_ec_key_is_public_key(VALUE self)
{
    EC_KEY *ec;

    Require_EC_KEY(self, ec);

    return (EC_KEY_get0_public_key(ec) ? Qtrue : Qfalse);
}

- (Object) to_der

See the OpenSSL documentation for i2d_ECPrivateKey_bio()




# File 'ext/openssl/ossl_pkey_ec.c'

static VALUE ossl_ec_key_to_der(VALUE self)
{
    return ossl_ec_key_to_string(self, EXPORT_DER);
}

- (Object) to_pem

See the OpenSSL documentation for PEM_write_bio_ECPrivateKey()




# File 'ext/openssl/ossl_pkey_ec.c'

static VALUE ossl_ec_key_to_pem(VALUE self)
{
    return ossl_ec_key_to_string(self, EXPORT_PEM);
}

- (Object) to_text

See the OpenSSL documentation for EC_KEY_print()




# File 'ext/openssl/ossl_pkey_ec.c'

static VALUE ossl_ec_key_to_text(VALUE self)
{
EC_KEY *ec;
BIO *out;
VALUE str;

Require_EC_KEY(self, ec);
if (!(out = BIO_new(BIO_s_mem()))) {
ossl_raise(eECError, "BIO_new(BIO_s_mem())");
}