Module: JWE::Enc::AesCbcHs
- Included in:
- A128cbcHs256, A192cbcHs384, A256cbcHs512
- Defined in:
- lib/jwe/enc/aes_cbc_hs.rb
Overview
Abstract AES in Block cipher mode, with message signature for different key sizes.
Defined Under Namespace
Modules: ClassMethods
Instance Attribute Summary collapse
-
#cek ⇒ Object
Returns the value of attribute cek.
-
#iv ⇒ Object
Returns the value of attribute iv.
-
#tag ⇒ Object
Returns the value of attribute tag.
Class Method Summary collapse
Instance Method Summary collapse
- #cipher ⇒ Object
- #cipher_round(direction, iv, data) ⇒ Object
- #decrypt(ciphertext, authenticated_data) ⇒ Object
- #enc_key ⇒ Object
- #encrypt(cleartext, authenticated_data) ⇒ Object
- #generate_tag(authenticated_data, iv, ciphertext) ⇒ Object
- #initialize(cek = nil, iv = nil) ⇒ Object
- #mac_key ⇒ Object
Instance Attribute Details
#cek ⇒ Object
Returns the value of attribute cek.
7 8 9 |
# File 'lib/jwe/enc/aes_cbc_hs.rb', line 7 def cek @cek end |
#iv ⇒ Object
Returns the value of attribute iv.
8 9 10 |
# File 'lib/jwe/enc/aes_cbc_hs.rb', line 8 def iv @iv end |
#tag ⇒ Object
Returns the value of attribute tag.
9 10 11 |
# File 'lib/jwe/enc/aes_cbc_hs.rb', line 9 def tag @tag end |
Class Method Details
.included(base) ⇒ Object
80 81 82 |
# File 'lib/jwe/enc/aes_cbc_hs.rb', line 80 def self.included(base) base.extend(ClassMethods) end |
Instance Method Details
#cipher ⇒ Object
72 73 74 |
# File 'lib/jwe/enc/aes_cbc_hs.rb', line 72 def cipher @cipher ||= Cipher.for(cipher_name) end |
#cipher_round(direction, iv, data) ⇒ Object
40 41 42 43 44 45 46 |
# File 'lib/jwe/enc/aes_cbc_hs.rb', line 40 def cipher_round(direction, iv, data) cipher.send(direction) cipher.key = enc_key cipher.iv = iv cipher.update(data) + cipher.final end |
#decrypt(ciphertext, authenticated_data) ⇒ Object
27 28 29 30 31 32 33 34 35 36 37 38 |
# File 'lib/jwe/enc/aes_cbc_hs.rb', line 27 def decrypt(ciphertext, authenticated_data) raise JWE::BadCEK, "The supplied key is invalid. Required length: #{key_length}" if cek.length != key_length signature = generate_tag(authenticated_data, iv, ciphertext) if signature != tag raise JWE::InvalidData, 'Authentication tag verification failed' end cipher_round(:decrypt, iv, ciphertext) rescue OpenSSL::Cipher::CipherError raise JWE::InvalidData, 'Invalid ciphertext or authentication tag' end |
#enc_key ⇒ Object
68 69 70 |
# File 'lib/jwe/enc/aes_cbc_hs.rb', line 68 def enc_key cek[key_length / 2..-1] end |
#encrypt(cleartext, authenticated_data) ⇒ Object
16 17 18 19 20 21 22 23 24 25 |
# File 'lib/jwe/enc/aes_cbc_hs.rb', line 16 def encrypt(cleartext, authenticated_data) raise JWE::BadCEK.new("The supplied key is invalid. Required length: #{key_length}") if cek.length != key_length ciphertext = cipher_round(:encrypt, iv, cleartext) signature = generate_tag(authenticated_data, iv, ciphertext) self.tag = signature ciphertext end |
#generate_tag(authenticated_data, iv, ciphertext) ⇒ Object
48 49 50 51 52 53 54 |
# File 'lib/jwe/enc/aes_cbc_hs.rb', line 48 def generate_tag(authenticated_data, iv, ciphertext) length = [authenticated_data.length * 8].pack('Q>') # 64bit big endian to_sign = authenticated_data + iv + ciphertext + length signature = OpenSSL::HMAC.digest(OpenSSL::Digest.new(hash_name), mac_key, to_sign) signature[0...mac_key.length] end |
#initialize(cek = nil, iv = nil) ⇒ Object
11 12 13 14 |
# File 'lib/jwe/enc/aes_cbc_hs.rb', line 11 def initialize(cek = nil, iv = nil) self.iv = iv self.cek = cek end |
#mac_key ⇒ Object
64 65 66 |
# File 'lib/jwe/enc/aes_cbc_hs.rb', line 64 def mac_key cek[0...key_length / 2] end |