Class: BlockCipherKit::AES256CTRScheme

Inherits:
BaseScheme
  • Object
show all
Defined in:
lib/block_cipher_kit/aes_256_ctr_scheme.rb

Constant Summary collapse

NONCE_LENGTH_BYTES = 
4
IV_LENGTH_BYTES = 
8

Instance Method Summary collapse

Methods inherited from BaseScheme

#decrypt_range, #inspect

Constructor Details

#initialize(encryption_key, iv_generator: SecureRandom) ⇒ AES256CTRScheme

Returns a new instance of AES256CTRScheme.

Parameters:

  • encryption_key (String)

    a String in binary encoding containing the key for the cipher

  • iv_generator (Random, SecureRandom) (defaults to: SecureRandom)

    RNG that can output bytes. A deterministic substitute can be used for testing.

Raises:

  • (ArgumentError) 


7
8
9
10
11
 
# File 'lib/block_cipher_kit/aes_256_ctr_scheme.rb', line 7

def initialize(encryption_key, iv_generator: SecureRandom)
  raise ArgumentError, "#{required_encryption_key_length} bytes of key material needed, at the minimum" unless encryption_key.bytesize >= required_encryption_key_length
  @iv_generator = iv_generator
  @key = encryption_key.byteslice(0, 32)
end

Instance Method Details

#required_encryption_key_lengthObject 



13
14
15
 
# File 'lib/block_cipher_kit/aes_256_ctr_scheme.rb', line 13

def required_encryption_key_length
  32
end

#streaming_decrypt(from_ciphertext_io:, into_plaintext_io: nil, &blk) ⇒ Object 



28
29
30
31
32
33
34
35
36
 
# File 'lib/block_cipher_kit/aes_256_ctr_scheme.rb', line 28

def streaming_decrypt(from_ciphertext_io:, into_plaintext_io: nil, &blk)
  nonce_and_iv = from_ciphertext_io.read(NONCE_LENGTH_BYTES + IV_LENGTH_BYTES)

  cipher = OpenSSL::Cipher.new("aes-256-ctr")
  cipher.decrypt
  cipher.iv = ctr_iv(nonce_and_iv, _for_block_n = 0)
  cipher.key = @key
  read_copy_stream_via_cipher(source_io: from_ciphertext_io, cipher: cipher, destination_io: into_plaintext_io, &blk)
end

#streaming_decrypt_range(from_ciphertext_io:, range:, into_plaintext_io: nil, &blk) ⇒ Object 



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
 
# File 'lib/block_cipher_kit/aes_256_ctr_scheme.rb', line 38

def streaming_decrypt_range(from_ciphertext_io:, range:, into_plaintext_io: nil, &blk)
  block_size = 16
  n_bytes_to_read = range.end - range.begin + 1
  n_blocks_to_skip, offset_into_first_block = range.begin.divmod(block_size)

  nonce_and_iv = from_ciphertext_io.read(NONCE_LENGTH_BYTES + IV_LENGTH_BYTES)
  ciphertext_starts_at = from_ciphertext_io.pos

  cipher = OpenSSL::Cipher.new("aes-256-ctr")
  cipher.decrypt
  cipher.key = @key
  cipher.iv = ctr_iv(nonce_and_iv, n_blocks_to_skip) # Set the counter for the first block we will be reading

  writable = BlockCipherKit::BlockWritable.new(into_plaintext_io, &blk)
  lens = BlockCipherKit::WriteWindowIO.new(writable, offset_into_first_block, n_bytes_to_read)

  # With CTR we do not need to read until the end of ciphertext as the cipher does not validate
  from_ciphertext_io.seek(ciphertext_starts_at + (n_blocks_to_skip * block_size))
  n_blocks_to_read = (n_bytes_to_read.to_f / block_size).ceil + 1
  read_copy_stream_via_cipher(source_io: from_ciphertext_io, destination_io: lens, cipher: cipher, read_limit: n_blocks_to_read * block_size)
end

#streaming_encrypt(into_ciphertext_io:, from_plaintext_io: nil, &blk) ⇒ Object 



17
18
19
20
21
22
23
24
25
26
 
# File 'lib/block_cipher_kit/aes_256_ctr_scheme.rb', line 17

def streaming_encrypt(into_ciphertext_io:, from_plaintext_io: nil, &blk)
  nonce_and_iv = @iv_generator.bytes(NONCE_LENGTH_BYTES + IV_LENGTH_BYTES)
  into_ciphertext_io.write(nonce_and_iv)

  cipher = OpenSSL::Cipher.new("aes-256-ctr")
  cipher.encrypt
  cipher.iv = ctr_iv(nonce_and_iv, _for_block_n = 0)
  cipher.key = @key
  write_copy_stream_via_cipher(source_io: from_plaintext_io, cipher: cipher, destination_io: into_ciphertext_io, &blk)
end