Class: Saro::Dat::DatSignature

Inherits:
Object
  • Object
show all
Defined in:
lib/saro/dat/signature.rb

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(algorithm, signing_key, verifying_key, config = nil) ⇒ DatSignature

Returns a new instance of DatSignature.



39
40
41
42
43
44
 
# File 'lib/saro/dat/signature.rb', line 39

def initialize(algorithm, signing_key, verifying_key, config = nil)
  @algorithm = algorithm
  @signing_key = signing_key
  @verifying_key = verifying_key
  @config = config || Saro::Dat.get_signature_config(algorithm)
end

Instance Attribute Details

#algorithmObject (readonly)

Returns the value of attribute algorithm.



37
38
39
 
# File 'lib/saro/dat/signature.rb', line 37

def algorithm
  @algorithm
end

#signing_keyObject (readonly)

Returns the value of attribute signing_key.



37
38
39
 
# File 'lib/saro/dat/signature.rb', line 37

def signing_key
  @signing_key
end

#verifying_keyObject (readonly)

Returns the value of attribute verifying_key.



37
38
39
 
# File 'lib/saro/dat/signature.rb', line 37

def verifying_key
  @verifying_key
end

Class Method Details

.generate(algorithm) ⇒ Object 



72
73
74
75
76
77
78
79
80
81
 
# File 'lib/saro/dat/signature.rb', line 72

def self.generate(algorithm)
  config = Saro::Dat.get_signature_config(algorithm)
  if config[:name] == "HMAC"
    key = OpenSSL::Random.random_bytes(config[:hmac_len])
    new(algorithm, key, key, config)
  else
    key = OpenSSL::PKey::EC.generate(config[:curve])
    new(algorithm, key, key, config)
  end
end

.imports(algorithm, base64_str) ⇒ Object 



83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
 
# File 'lib/saro/dat/signature.rb', line 83

def self.imports(algorithm, base64_str)
  config = Saro::Dat.get_signature_config(algorithm)
  bytes_data = Saro::Dat::Util.decode_base64_url(base64_str)

  if config[:name] == "HMAC"
    if bytes_data.bytesize != config[:hmac_len]
      raise ArgumentError, "Invalid HMAC key length: expected #{config[:hmac_len]}, got #{bytes_data.bytesize}"
    end
    new(algorithm, bytes_data, bytes_data, config)
  else
    private_len = config[:private_len]
    public_len = config[:public_len]

    signing_key = nil
    verifying_key = nil

    if bytes_data.bytesize == private_len + public_len
      private_bytes = bytes_data[0, private_len]
      public_bytes = bytes_data[private_len, public_len]
      
      d_value = OpenSSL::BN.new(private_bytes, 2)
      signing_key = create_ec_key(config[:curve], d_value, public_bytes)
      verifying_key = signing_key
    elsif bytes_data.bytesize == public_len
      verifying_key = create_ec_key(config[:curve], nil, bytes_data)
    else
      raise ArgumentError, "Invalid ECDSA key length"
    end

    new(algorithm, signing_key, verifying_key, config)
  end
end

Instance Method Details

#exports(verify_only = false) ⇒ Object 



116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
 
# File 'lib/saro/dat/signature.rb', line 116

def exports(verify_only = false)
  if @config[:name] == "HMAC"
    Saro::Dat::Util.encode_base64_url_str(@verifying_key)
  else
    if verify_only || !@signing_key&.private_key
      public_bytes = @verifying_key.public_key.to_octet_string(:uncompressed)
      Saro::Dat::Util.encode_base64_url_str(public_bytes)
    else
      d_value = @signing_key.private_key
      curve_size = (@signing_key.group.degree + 7) / 8
      d_bytes = d_value.to_s(2).rjust(curve_size, "\x00".b)
      
      public_bytes = @verifying_key.public_key.to_octet_string(:uncompressed)
      Saro::Dat::Util.encode_base64_url_str(d_bytes + public_bytes)
    end
  end
end

#pairObject 



181
182
183
 
# File 'lib/saro/dat/signature.rb', line 181

def pair
  @config[:name] == "ECDSA"
end

#sign(body) ⇒ Object

Raises:

  • (ArgumentError) 


134
135
136
137
138
139
140
141
142
143
144
145
146
 
# File 'lib/saro/dat/signature.rb', line 134

def sign(body)
  raise ArgumentError, "Signature key is not supported - verifying only key" unless @signing_key
  body = body.encode('utf-8') if body.is_a?(String) && body.encoding != Encoding::BINARY
  raise ArgumentError, "Sign Error - body is empty" if body.nil? || body.empty?

  if @config[:name] == "HMAC"
    OpenSSL::HMAC.digest(@config[:hash], @signing_key, body)
  else
    digest = OpenSSL::Digest.new(@config[:hash])
    signature_der = @signing_key.dsa_sign_asn1(digest.digest(body))
    der_to_raw_signature(signature_der)
  end
end

#signableObject 



177
178
179
 
# File 'lib/saro/dat/signature.rb', line 177

def signable
  !@signing_key.nil?
end

#verify(body, signature) ⇒ Object 



148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
 
# File 'lib/saro/dat/signature.rb', line 148

def verify(body, signature)
  body = body.encode('utf-8') if body.is_a?(String) && body.encoding != Encoding::BINARY
  return false if body.nil? || body.empty?

  sig_bytes = if signature.is_a?(String) && signature.encoding != Encoding::BINARY
                Saro::Dat::Util.decode_base64_url(signature)
              else
                signature
              end

  if @config[:name] == "HMAC"
    begin
      actual_sig = OpenSSL::HMAC.digest(@config[:hash], @verifying_key, body)
      # Use fixed-time comparison if possible
      return actual_sig == sig_bytes
    rescue StandardError
      return false
    end
  else
    begin
      der_sig = raw_to_der_signature(sig_bytes)
      digest = OpenSSL::Digest.new(@config[:hash])
      @verifying_key.dsa_verify_asn1(digest.digest(body), der_sig)
    rescue StandardError
      false
    end
  end
end