Module: JWE::Enc::AesCbcHs

Included in:

A128cbcHs256, A192cbcHs384, A256cbcHs512

Defined in:

lib/jwe/enc/aes_cbc_hs.rb

Overview

Abstract AES in Block cipher mode, with message signature for different key sizes.

Defined Under Namespace

Modules: ClassMethods

Instance Attribute Summary

• #cek ⇒ Object

  Returns the value of attribute cek.

• #iv ⇒ Object

  Returns the value of attribute iv.

• #tag ⇒ Object

  Returns the value of attribute tag.

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #cipher ⇒ Object
• #cipher_round(direction, iv, data) ⇒ Object
• #decrypt(ciphertext, authenticated_data) ⇒ Object
• #enc_key ⇒ Object
• #encrypt(cleartext, authenticated_data) ⇒ Object
• #generate_tag(authenticated_data, iv, ciphertext) ⇒ Object
• #initialize(cek = nil, iv = nil) ⇒ Object
• #mac_key ⇒ Object

Instance Attribute Details

#cek ⇒ Object

Returns the value of attribute cek.

# File 'lib/jwe/enc/aes_cbc_hs.rb', line 7

def cek
  @cek
end

#iv ⇒ Object

Returns the value of attribute iv.

# File 'lib/jwe/enc/aes_cbc_hs.rb', line 8

def iv
  @iv
end

#tag ⇒ Object

Returns the value of attribute tag.

# File 'lib/jwe/enc/aes_cbc_hs.rb', line 9

def tag
  @tag
end

Class Method Details

.included(base) ⇒ Object

# File 'lib/jwe/enc/aes_cbc_hs.rb', line 80

def self.included(base)
  base.extend(ClassMethods)
end

Instance Method Details

#cipher ⇒ Object

# File 'lib/jwe/enc/aes_cbc_hs.rb', line 72

def cipher
  @cipher ||= Cipher.for(cipher_name)
end

#cipher_round(direction, iv, data) ⇒ Object

# File 'lib/jwe/enc/aes_cbc_hs.rb', line 40

def cipher_round(direction, iv, data)
  cipher.send(direction)
  cipher.key = enc_key
  cipher.iv = iv

  cipher.update(data) + cipher.final
end

#decrypt(ciphertext, authenticated_data) ⇒ Object

# File 'lib/jwe/enc/aes_cbc_hs.rb', line 27

def decrypt(ciphertext, authenticated_data)
  raise JWE::BadCEK, "The supplied key is invalid. Required length: #{key_length}" if cek.length != key_length

  signature = generate_tag(authenticated_data, iv, ciphertext)
  if signature != tag
    raise JWE::InvalidData, 'Authentication tag verification failed'
  end

  cipher_round(:decrypt, iv, ciphertext)
rescue OpenSSL::Cipher::CipherError
  raise JWE::InvalidData, 'Invalid ciphertext or authentication tag'
end

#enc_key ⇒ Object

# File 'lib/jwe/enc/aes_cbc_hs.rb', line 68

def enc_key
  cek[key_length / 2..-1]
end

#encrypt(cleartext, authenticated_data) ⇒ Object

Raises:

• (JWE::BadCEK)

# File 'lib/jwe/enc/aes_cbc_hs.rb', line 16

def encrypt(cleartext, authenticated_data)
  raise JWE::BadCEK.new("The supplied key is invalid. Required length: #{key_length}") if cek.length != key_length

  ciphertext = cipher_round(:encrypt, iv, cleartext)

  signature = generate_tag(authenticated_data, iv, ciphertext)
  self.tag = signature

  ciphertext
end

#generate_tag(authenticated_data, iv, ciphertext) ⇒ Object

# File 'lib/jwe/enc/aes_cbc_hs.rb', line 48

def generate_tag(authenticated_data, iv, ciphertext)
  length = [authenticated_data.length * 8].pack('Q>') # 64bit big endian
  to_sign = authenticated_data + iv + ciphertext + length
  signature = OpenSSL::HMAC.digest(OpenSSL::Digest.new(hash_name), mac_key, to_sign)

  signature[0...mac_key.length]
end

#initialize(cek = nil, iv = nil) ⇒ Object

# File 'lib/jwe/enc/aes_cbc_hs.rb', line 11

def initialize(cek = nil, iv = nil)
  self.iv = iv
  self.cek = cek
end

#mac_key ⇒ Object

# File 'lib/jwe/enc/aes_cbc_hs.rb', line 64

def mac_key
  cek[0...key_length / 2]
end