Class: JOSE::JWE::ALG_PBES2

Inherits:

Struct

• Object
• Struct
• JOSE::JWE::ALG_PBES2

Defined in:

lib/jose/jwe/alg_pbes2.rb

Instance Attribute Summary

• #bits ⇒ Object

  Returns the value of attribute bits.

• #hmac ⇒ Object

  Returns the value of attribute hmac.

• #iter ⇒ Object

  Returns the value of attribute iter.

• #salt ⇒ Object

  Returns the value of attribute salt.

Class Method Summary

• .from_map(fields) ⇒ Object

  JOSE::JWE callbacks.

Instance Method Summary

• #key_decrypt(key, enc, encrypted_key) ⇒ Object

  JOSE::JWE::ALG callbacks.

• #key_encrypt(key, enc, decrypted_key) ⇒ Object
• #next_cek(key, enc) ⇒ Object
• #to_map(fields) ⇒ Object

Instance Attribute Details

#bits ⇒ Object

Returns the value of attribute bits

Returns:

• (Object) —

  the current value of bits

# File 'lib/jose/jwe/alg_pbes2.rb', line 1

def bits
  @bits
end

#hmac ⇒ Object

Returns the value of attribute hmac

Returns:

• (Object) —

  the current value of hmac

# File 'lib/jose/jwe/alg_pbes2.rb', line 1

def hmac
  @hmac
end

#iter ⇒ Object

Returns the value of attribute iter

Returns:

• (Object) —

  the current value of iter

# File 'lib/jose/jwe/alg_pbes2.rb', line 1

def iter
  @iter
end

#salt ⇒ Object

Returns the value of attribute salt

Returns:

• (Object) —

  the current value of salt

# File 'lib/jose/jwe/alg_pbes2.rb', line 1

def salt
  @salt
end

Class Method Details

.from_map(fields) ⇒ Object

JOSE::JWE callbacks

# File 'lib/jose/jwe/alg_pbes2.rb', line 5

def self.from_map(fields)
  bits = nil
  hmac = nil
  case fields['alg']
  when 'PBES2-HS256+A128KW'
    bits = 128
    hmac = OpenSSL::Digest::SHA256
  when 'PBES2-HS384+A192KW'
    bits = 192
    hmac = OpenSSL::Digest::SHA384
  when 'PBES2-HS512+A256KW'
    bits = 256
    hmac = OpenSSL::Digest::SHA512
  else
    raise ArgumentError, "invalid 'alg' for JWE: #{fields['alg'].inspect}"
  end
  iter = nil
  if fields['p2c'].is_a?(Integer) and fields['p2c'] >= 0
    iter = fields['p2c']
  else
    raise ArgumentError, "invalid 'p2c' for JWE: #{fields['p2c'].inspect}"
  end
  salt = nil
  if fields.has_key?('p2s') and fields['p2s'].is_a?(String)
    salt = wrap_salt(fields['alg'], JOSE.urlsafe_decode64(fields['p2s']))
  else
    raise ArgumentError, "invalid 'p2s' for JWE: #{fields['p2s'].inspect}"
  end
  return new(hmac, bits, salt, iter), fields.except('alg', 'p2c', 'p2s')
end

Instance Method Details

#key_decrypt(key, enc, encrypted_key) ⇒ Object

JOSE::JWE::ALG callbacks

# File 'lib/jose/jwe/alg_pbes2.rb', line 53

def key_decrypt(key, enc, encrypted_key)
  if key.is_a?(JOSE::JWK)
    key = key.kty.derive_key
  end
  derived_key = OpenSSL::PKCS5.pbkdf2_hmac(key, salt, iter, bits.div(8) + (bits % 8), hmac.new)
  decrypted_key = JOSE::JWA::AES_KW.unwrap(encrypted_key, derived_key)
  return decrypted_key
end

#key_encrypt(key, enc, decrypted_key) ⇒ Object

# File 'lib/jose/jwe/alg_pbes2.rb', line 62

def key_encrypt(key, enc, decrypted_key)
  if key.is_a?(JOSE::JWK)
    key = key.kty.derive_key
  end
  derived_key = OpenSSL::PKCS5.pbkdf2_hmac(key, salt, iter, bits.div(8) + (bits % 8), hmac.new)
  encrypted_key = JOSE::JWA::AES_KW.wrap(decrypted_key, derived_key)
  return encrypted_key, self
end

#next_cek(key, enc) ⇒ Object

# File 'lib/jose/jwe/alg_pbes2.rb', line 71

def next_cek(key, enc)
  return enc.next_cek
end

#to_map(fields) ⇒ Object

# File 'lib/jose/jwe/alg_pbes2.rb', line 36

def to_map(fields)
  alg = if hmac == OpenSSL::Digest::SHA256
    'PBES2-HS256+A128KW'
  elsif hmac == OpenSSL::Digest::SHA384
    'PBES2-HS384+A192KW'
  elsif hmac == OpenSSL::Digest::SHA512
    'PBES2-HS512+A256KW'
  else
    raise ArgumentError, "unhandled JOSE::JWE::ALG_PBES2 hmac: #{hmac.inspect}"
  end
  p2c = iter
  p2s = JOSE.urlsafe_encode64(unwrap_salt(alg, salt))
  return fields.put('alg', alg).put('p2c', p2c).put('p2s', p2s)
end