Class: JOSE::JWK::KTY_EC

Inherits:
Struct
  • Object
show all
Defined in:
lib/jose/jwk/kty_ec.rb

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#keyObject

Returns the value of attribute key

Returns:

  • (Object)

    the current value of key


1
2
3
# File 'lib/jose/jwk/kty_ec.rb', line 1

def key
  @key
end

Class Method Details

.from_key(key) ⇒ Object

API functions


195
196
197
198
199
200
201
202
# File 'lib/jose/jwk/kty_ec.rb', line 195

def self.from_key(key)
  case key
  when OpenSSL::PKey::EC
    return JOSE::JWK::KTY_EC.new(key), JOSE::Map[]
  else
    raise ArgumentError, "'key' must be a OpenSSL::PKey::EC"
  end
end

.from_map(fields) ⇒ Object

JOSE::JWK callbacks


5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# File 'lib/jose/jwk/kty_ec.rb', line 5

def self.from_map(fields)
  if fields['kty'] == 'EC' and fields['crv'].is_a?(String) and fields['x'].is_a?(String) and fields['y'].is_a?(String)
    crv = case fields['crv']
    when 'P-256'
      'prime256v1'
    when 'P-384'
      'secp384r1'
    when 'P-521'
      'secp521r1'
    else
      raise ArgumentError, "invalid 'EC' JWK"
    end
    ec = OpenSSL::PKey::EC.new(crv)
    x = JOSE.urlsafe_decode64(fields['x'])
    y = JOSE.urlsafe_decode64(fields['y'])
    ec.public_key = OpenSSL::PKey::EC::Point.new(
      OpenSSL::PKey::EC::Group.new(crv),
      OpenSSL::BN.new([0x04, x, y].pack('Ca*a*'), 2)
    )
    if fields['d'].is_a?(String)
      ec.private_key = OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['d']), 2)
    end
    return JOSE::JWK::KTY_EC.new(ec), fields.except('kty', 'crv', 'd', 'x', 'y')
  else
    raise ArgumentError, "invalid 'EC' JWK"
  end
end

.generate_key(curve_name) ⇒ Object


120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# File 'lib/jose/jwk/kty_ec.rb', line 120

def self.generate_key(curve_name)
  if curve_name.is_a?(Array) and curve_name.length == 2 and curve_name[0] == :ec
    curve_name = curve_name[1]
  end
  curve_name = case curve_name
  when 'P-256'
    'prime256v1'
  when 'P-384'
    'secp384r1'
  when 'P-521'
    'secp521r1'
  else
    curve_name
  end
  if curve_name.is_a?(String)
    return from_key(OpenSSL::PKey::EC.new(curve_name).generate_key)
  else
    raise ArgumentError, "'curve_name' must be a String"
  end
end

Instance Method Details

#block_encryptor(fields) ⇒ Object

JOSE::JWK::KTY callbacks


85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# File 'lib/jose/jwk/kty_ec.rb', line 85

def block_encryptor(fields)
  if fields and fields['use'] == 'enc' and not fields['alg'].nil? and not fields['enc'].nil?
    jwe = JOSE::Map[
      'alg' => fields['alg'],
      'enc' => fields['enc']
    ]
    if not fields['apu'].nil?
      jwe = jwe.put('apu', fields['apu'])
    end
    if not fields['apv'].nil?
      jwe = jwe.put('apv', fields['apv'])
    end
    if not fields['epk'].nil?
      jwe = jwe.put('epk', fields['epk'])
    end
    return jwe
  else
    return JOSE::Map[
      'alg' => 'ECDH-ES',
      'enc' => 'A128GCM'
    ]
  end
end

#derive_key(my_private_key) ⇒ Object


109
110
111
112
113
114
115
116
117
118
# File 'lib/jose/jwk/kty_ec.rb', line 109

def derive_key(my_private_key)
  if my_private_key.is_a?(JOSE::JWK)
    my_private_key = my_private_key.to_key
  end
  if my_private_key.private_key?
    return my_private_key.dh_compute_key(key.public_key)
  else
    raise ArgumentError, "derive_key requires a private key as an argument"
  end
end

#generate_key(fields) ⇒ Object


141
142
143
144
# File 'lib/jose/jwk/kty_ec.rb', line 141

def generate_key(fields)
  kty, other_fields = JOSE::JWK::KTY_EC.generate_key([:ec, key.group.curve_name])
  return kty, fields.delete('kid').merge(other_fields)
end

#key_encryptor(fields, key) ⇒ Object


146
147
148
# File 'lib/jose/jwk/kty_ec.rb', line 146

def key_encryptor(fields, key)
  return JOSE::JWK::KTY.key_encryptor(self, fields, key)
end

#sign(message, digest_type) ⇒ Object


150
151
152
153
154
155
156
157
158
159
# File 'lib/jose/jwk/kty_ec.rb', line 150

def sign(message, digest_type)
  asn1_signature = key.dsa_sign_asn1(digest_type.digest(message))
  asn1_sequence = OpenSSL::ASN1.decode(asn1_signature)
  rbin = asn1_sequence.value[0].value.to_s(2)
  sbin = asn1_sequence.value[1].value.to_s(2)
  size = [rbin.bytesize, sbin.bytesize].max
  rpad = pad(rbin, size)
  spad = pad(sbin, size)
  return rpad.concat(spad)
end

#signer(fields = nil) ⇒ Object


161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
# File 'lib/jose/jwk/kty_ec.rb', line 161

def signer(fields = nil)
  if key.private_key? and fields and fields['use'] == 'sig' and not fields['alg'].nil?
    return JOSE::Map['alg' => fields['alg']]
  elsif key.private_key?
    alg = case key.group.curve_name
    when 'prime256v1', 'secp256r1'
      'ES256'
    when 'secp384r1'
      'ES384'
    when 'secp521r1'
      'ES512'
    else
      raise ArgumentError, "unhandled EC curve name: #{key.group.curve_name.inspect}"
    end
    return JOSE::Map['alg' => alg]
  else
    raise ArgumentError, "signing not supported for public keys"
  end
end

#to_keyObject


33
34
35
# File 'lib/jose/jwk/kty_ec.rb', line 33

def to_key
  return key
end

#to_map(fields) ⇒ Object


37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# File 'lib/jose/jwk/kty_ec.rb', line 37

def to_map(fields)
  ec_point = key.public_key.to_bn.to_s(2)
  ec_point_x, ec_point_y = case ec_point.bytesize
  when 65
    ec_point.unpack('xa32a32')
  when 97
    ec_point.unpack('xa48a48')
  when 133
    ec_point.unpack('xa66a66')
  else
    raise ArgumentError, "unhandled EC point size: #{ec_point.bytesize.inspect}"
  end
  crv = case key.group.curve_name
  when 'prime256v1', 'secp256r1'
    'P-256'
  when 'secp384r1'
    'P-384'
  when 'secp521r1'
    'P-521'
  else
    raise ArgumentError, "unhandled EC curve name: #{key.group.curve_name.inspect}"
  end
  if key.private_key?
    return fields.
      put('crv', crv).
      put('d',   JOSE.urlsafe_encode64(key.private_key.to_s(2))).
      put('kty', 'EC').
      put('x',   JOSE.urlsafe_encode64(ec_point_x)).
      put('y',   JOSE.urlsafe_encode64(ec_point_y))
  else
    return fields.
      put('crv', crv).
      put('kty', 'EC').
      put('x',   JOSE.urlsafe_encode64(ec_point_x)).
      put('y',   JOSE.urlsafe_encode64(ec_point_y))
  end
end

#to_pem(password = nil) ⇒ Object


204
205
206
# File 'lib/jose/jwk/kty_ec.rb', line 204

def to_pem(password = nil)
  return JOSE::JWK::PEM.to_binary(key, password)
end

#to_public_map(fields) ⇒ Object


75
76
77
# File 'lib/jose/jwk/kty_ec.rb', line 75

def to_public_map(fields)
  return to_map(fields).except('d')
end

#to_thumbprint_map(fields) ⇒ Object


79
80
81
# File 'lib/jose/jwk/kty_ec.rb', line 79

def to_thumbprint_map(fields)
  return to_public_map(fields).slice('crv', 'kty', 'x', 'y')
end

#verify(message, digest_type, signature) ⇒ Object


181
182
183
184
185
186
187
188
189
190
191
# File 'lib/jose/jwk/kty_ec.rb', line 181

def verify(message, digest_type, signature)
  n = signature.bytesize.div(2)
  r = OpenSSL::BN.new(signature[0..(n-1)], 2)
  s = OpenSSL::BN.new(signature[n..-1], 2)
  asn1_sequence = OpenSSL::ASN1::Sequence.new([
    OpenSSL::ASN1::Integer.new(r),
    OpenSSL::ASN1::Integer.new(s)
  ])
  asn1_signature = asn1_sequence.to_der
  return key.dsa_verify_asn1(digest_type.digest(message), asn1_signature)
end