Module: JWE::Enc::AesCbcHs

Included in:

A128cbcHs256, A192cbcHs384, A256cbcHs512

Defined in:

lib/jwe/enc/aes_cbc_hs.rb

Defined Under Namespace

Modules: ClassMethods

Instance Attribute Summary

• #cek ⇒ Object

  Returns the value of attribute cek.

• #iv ⇒ Object

  Returns the value of attribute iv.

• #tag ⇒ Object

  Returns the value of attribute tag.

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #cipher ⇒ Object
• #decrypt(ciphertext, authenticated_data) ⇒ Object
• #enc_key ⇒ Object
• #encrypt(cleartext, authenticated_data) ⇒ Object
• #initialize(cek = nil, iv = nil) ⇒ Object
• #mac_key ⇒ Object

Instance Attribute Details

#cek ⇒ Object

Returns the value of attribute cek.

# File 'lib/jwe/enc/aes_cbc_hs.rb', line 4

def cek
  @cek
end

#iv ⇒ Object

Returns the value of attribute iv.

# File 'lib/jwe/enc/aes_cbc_hs.rb', line 5

def iv
  @iv
end

#tag ⇒ Object

Returns the value of attribute tag.

# File 'lib/jwe/enc/aes_cbc_hs.rb', line 6

def tag
  @tag
end

Class Method Details

.included(base) ⇒ Object

# File 'lib/jwe/enc/aes_cbc_hs.rb', line 75

def self.included(base)
  base.extend(ClassMethods)
end

Instance Method Details

#cipher ⇒ Object

# File 'lib/jwe/enc/aes_cbc_hs.rb', line 65

def cipher
  @cipher ||= OpenSSL::Cipher.new(cipher_name)
rescue RuntimeError
  raise JWE::NotImplementedError.new("The version of OpenSSL linked to your Ruby does not support the cipher #{cipher_name}.")
end

#decrypt(ciphertext, authenticated_data) ⇒ Object

# File 'lib/jwe/enc/aes_cbc_hs.rb', line 30

def decrypt(ciphertext, authenticated_data)
  raise JWE::BadCEK.new("The supplied key is invalid. Required length: #{key_length}") if cek.length != key_length

  length = [authenticated_data.length * 8].pack('Q>') # 64bit big endian
  to_sign = authenticated_data + iv + ciphertext + length
  signature = OpenSSL::HMAC.digest(OpenSSL::Digest.new(hash_name), mac_key, to_sign)
  if signature[0...mac_key.length] != tag
    raise JWE::InvalidData.new('Authentication tag verification failed')
  end

  cipher.decrypt
  cipher.key = enc_key
  cipher.iv = iv

  cipher.update(ciphertext) + cipher.final
rescue OpenSSL::Cipher::CipherError
  raise JWE::InvalidData.new('Invalid ciphertext or authentication tag')
end

#enc_key ⇒ Object

# File 'lib/jwe/enc/aes_cbc_hs.rb', line 61

def enc_key
  cek[key_length / 2..-1]
end

#encrypt(cleartext, authenticated_data) ⇒ Object

Raises:

• (JWE::BadCEK)

# File 'lib/jwe/enc/aes_cbc_hs.rb', line 13

def encrypt(cleartext, authenticated_data)
  raise JWE::BadCEK.new("The supplied key is invalid. Required length: #{key_length}") if cek.length != key_length

  cipher.encrypt
  cipher.key = enc_key
  cipher.iv = iv

  ciphertext = cipher.update(cleartext) + cipher.final
  length = [authenticated_data.length * 8].pack('Q>') # 64bit big endian

  to_sign = authenticated_data + iv + ciphertext + length
  signature = OpenSSL::HMAC.digest(OpenSSL::Digest.new(hash_name), mac_key, to_sign)
  self.tag = signature[0...mac_key.length]

  ciphertext
end

#initialize(cek = nil, iv = nil) ⇒ Object

# File 'lib/jwe/enc/aes_cbc_hs.rb', line 8

def initialize(cek = nil, iv = nil)
  self.iv = iv
  self.cek = cek
end

#mac_key ⇒ Object

# File 'lib/jwe/enc/aes_cbc_hs.rb', line 57

def mac_key
  cek[0...key_length / 2]
end