class OpenSSL::PKey::EC

with SSH functionality.
have been added to it by the Net::SSH module for convenience in dealing
This class is originally defined in the OpenSSL module. As needed, methods

def self.read_keyblob(curve_name_in_type, buffer)

def self.read_keyblob(curve_name_in_type, buffer)
  curve_name_in_key = buffer.read_string
  unless curve_name_in_type == curve_name_in_key
    raise Net::SSH::Exception, "curve name mismatched (`#{curve_name_in_key}' with `#{curve_name_in_type}')"
  end
  public_key_oct = buffer.read_string
  begin
    curvename = OpenSSL::PKey::EC::CurveNameAlias[curve_name_in_key]
    group = OpenSSL::PKey::EC::Group.new(curvename)
    point = OpenSSL::PKey::EC::Point.new(group, OpenSSL::BN.new(public_key_oct, 2))
    asn1 = OpenSSL::ASN1::Sequence(
      [
        OpenSSL::ASN1::Sequence(
          [
            OpenSSL::ASN1::ObjectId("id-ecPublicKey"),
            OpenSSL::ASN1::ObjectId(curvename)
          ]
        ),
        OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed))
      ]
    )
    key = OpenSSL::PKey::EC.new(asn1.to_der)
    return key
  rescue OpenSSL::PKey::ECError
    raise NotImplementedError, "unsupported key type `#{type}'"
  end
end

def digester

def digester
  if group.curve_name =~ /^[a-z]+(\d+)\w*\z/
    curve_size = Regexp.last_match(1).to_i
    if curve_size <= 256
      OpenSSL::Digest::SHA256.new
    elsif curve_size <= 384
      OpenSSL::Digest::SHA384.new
    else
      OpenSSL::Digest::SHA512.new
    end
  else
    OpenSSL::Digest::SHA256.new
  end
end

def ssh_do_sign(data, sig_alg = nil)

Returns the signature for the given data.

def ssh_do_sign(data, sig_alg = nil)
  digest = digester.digest(data)
  sig = dsa_sign_asn1(digest)
  a1sig = OpenSSL::ASN1.decode(sig)
  sig_r = a1sig.value[0].value
  sig_s = a1sig.value[1].value
  Net::SSH::Buffer.from(:bignum, sig_r, :bignum, sig_s).to_s
end

def ssh_do_verify(sig, data, options = {})

Verifies the given signature matches the given data.

def ssh_do_verify(sig, data, options = {})
  digest = digester.digest(data)
  a1sig = nil
  begin
    sig_r_len = sig[0, 4].unpack('H*')[0].to_i(16)
    sig_l_len = sig[4 + sig_r_len, 4].unpack('H*')[0].to_i(16)
    sig_r = sig[4, sig_r_len].unpack('H*')[0]
    sig_s = sig[4 + sig_r_len + 4, sig_l_len].unpack('H*')[0]
    a1sig = OpenSSL::ASN1::Sequence([
                                      OpenSSL::ASN1::Integer(sig_r.to_i(16)),
                                      OpenSSL::ASN1::Integer(sig_s.to_i(16))
                                    ])
  rescue StandardError
  end
  if a1sig.nil?
    return false
  else
    dsa_verify_asn1(digest, a1sig.to_der)
  end
end

def ssh_type

SSH2 protocol, like "ecdsa-sha2-nistp256"
Returns the description of this key type used by the

def ssh_type
  "ecdsa-sha2-#{CurveNameAliasInv[group.curve_name]}"
end

def to_blob

Converts the key to a blob, according to the SSH2 protocol.

def to_blob
  @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
                                  :string, CurveNameAliasInv[group.curve_name],
                                  :mstring, public_key.to_bn.to_s(2)).to_s
  @blob
end

Instance Methods

Defined in

lib/net/ssh/transport/openssl.rb