Module: JWE::Enc::AesGcm

Included in:

A128gcm, A192gcm, A256gcm

Defined in:

lib/jwe/enc/aes_gcm.rb

Overview

Abstract AES in Galois Counter mode for different key sizes.

Defined Under Namespace

Modules: ClassMethods

Instance Attribute Summary

• #cek ⇒ Object

  Returns the value of attribute cek.

• #iv ⇒ Object

  Returns the value of attribute iv.

• #tag ⇒ Object

  Returns the value of attribute tag.

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #cipher ⇒ Object
• #decrypt(ciphertext, authenticated_data) ⇒ Object
• #encrypt(cleartext, authenticated_data) ⇒ Object
• #initialize(cek = nil, iv = nil) ⇒ Object
• #setup_cipher(direction, auth_data) ⇒ Object

Instance Attribute Details

#cek ⇒ Object

Returns the value of attribute cek.

# File 'lib/jwe/enc/aes_gcm.rb', line 9

def cek
  @cek
end

#iv ⇒ Object

Returns the value of attribute iv.

# File 'lib/jwe/enc/aes_gcm.rb', line 10

def iv
  @iv
end

#tag ⇒ Object

Returns the value of attribute tag.

# File 'lib/jwe/enc/aes_gcm.rb', line 11

def tag
  @tag
end

Class Method Details

.included(base) ⇒ Object

# File 'lib/jwe/enc/aes_gcm.rb', line 65

def self.included(base)
  base.extend(ClassMethods)
end

Instance Method Details

#cipher ⇒ Object

# File 'lib/jwe/enc/aes_gcm.rb', line 57

def cipher
  @cipher ||= Cipher.for(cipher_name)
end

#decrypt(ciphertext, authenticated_data) ⇒ Object

# File 'lib/jwe/enc/aes_gcm.rb', line 28

def decrypt(ciphertext, authenticated_data)
  raise JWE::BadCEK, "The supplied key is too short. Required length: #{key_length}" if cek.length < key_length

  setup_cipher(:decrypt, authenticated_data)
  cipher.update(ciphertext) + cipher.final
rescue OpenSSL::Cipher::CipherError
  raise JWE::InvalidData, 'Invalid ciphertext or authentication tag'
end

#encrypt(cleartext, authenticated_data) ⇒ Object

Raises:

• (JWE::BadCEK)

# File 'lib/jwe/enc/aes_gcm.rb', line 18

def encrypt(cleartext, authenticated_data)
  raise JWE::BadCEK, "The supplied key is too short. Required length: #{key_length}" if cek.length < key_length

  setup_cipher(:encrypt, authenticated_data)
  ciphertext = cipher.update(cleartext) + cipher.final
  self.tag = cipher.auth_tag

  ciphertext
end

#initialize(cek = nil, iv = nil) ⇒ Object

# File 'lib/jwe/enc/aes_gcm.rb', line 13

def initialize(cek = nil, iv = nil)
  self.iv = iv
  self.cek = cek
end

#setup_cipher(direction, auth_data) ⇒ Object

# File 'lib/jwe/enc/aes_gcm.rb', line 37

def setup_cipher(direction, auth_data)
  cipher.send(direction)
  cipher.key = cek
  cipher.iv = iv
  if direction == :decrypt
    raise JWE::InvalidData, 'Invalid ciphertext or authentication tag' unless tag.bytesize == 16

    cipher.auth_tag = tag
  end
  cipher.auth_data = auth_data
end