Class: RbNaCl::AEAD::Base

Inherits:

Object

• Object
• RbNaCl::AEAD::Base

Defined in:

lib/rbnacl/aead/base.rb

Overview

Abstract base class for Authenticated Encryption with Additional Data

This construction encrypts a message, and computes an authentication tag for the encrypted message and some optional additional data

RbNaCl provides wrappers for both ChaCha20-Poly1305 AEAD implementations in libsodium: the original, and the IETF version.

Direct Known Subclasses

ChaCha20Poly1305IETF, ChaCha20Poly1305Legacy, XChaCha20Poly1305IETF

Constant Summary

KEYBYTES =

Number of bytes in a valid key

0

NPUBBYTES =

Number of bytes in a valid nonce

0

Class Method Summary

• .key_bytes ⇒ Integer

  The key bytes for the AEAD class.

• .nonce_bytes ⇒ Integer

  The nonce bytes for the AEAD class.

• .tag_bytes ⇒ Integer

  The number bytes in the tag or authenticator from this AEAD class.

Instance Method Summary

• #decrypt(nonce, ciphertext, additional_data) ⇒ String

  Decrypts and verifies an encrypted message with additional authenticated data.

• #encrypt(nonce, message, additional_data) ⇒ String

  Encrypts and authenticates a message with additional authenticated data.

• #initialize(key) ⇒ RbNaCl::AEAD::Chacha20Poly1305IETF constructor

  Create a new AEAD using the IETF chacha20poly1305 construction.

• #key_bytes ⇒ Integer

  The key bytes for the AEAD instance.

• #nonce_bytes ⇒ Integer

  The nonce bytes for the AEAD instance.

• #primitive ⇒ Symbol

  The crypto primitive for this aead instance.

• #tag_bytes ⇒ Integer

  The number of bytes in the tag or authenticator for this AEAD instance.

Constructor Details

#initialize(key) ⇒ RbNaCl::AEAD::Chacha20Poly1305IETF

Create a new AEAD using the IETF chacha20poly1305 construction

Sets up AEAD with a secret key for encrypting and decrypting messages.

Parameters:

• key (String) —

  The key to encrypt and decrypt with

Raises:

• (RbNaCl::LengthError) —

  on invalid keys

# File 'lib/rbnacl/aead/base.rb', line 32

def initialize(key)
  @key = Util.check_string(key, key_bytes, "Secret key")
end

Class Method Details

.key_bytes ⇒ Integer

The key bytes for the AEAD class

Returns:

• (Integer) —

  The number of bytes in a valid key

# File 'lib/rbnacl/aead/base.rb', line 104

def self.key_bytes
  self::KEYBYTES
end

.nonce_bytes ⇒ Integer

The nonce bytes for the AEAD class

Returns:

• (Integer) —

  The number of bytes in a valid nonce

# File 'lib/rbnacl/aead/base.rb', line 90

def self.nonce_bytes
  self::NPUBBYTES
end

.tag_bytes ⇒ Integer

The number bytes in the tag or authenticator from this AEAD class

Returns:

• (Integer) —

  number of tag bytes

# File 'lib/rbnacl/aead/base.rb', line 118

def self.tag_bytes
  self::ABYTES
end

Instance Method Details

#decrypt(nonce, ciphertext, additional_data) ⇒ String

Decrypts and verifies an encrypted message with additional authenticated data

Parameters:

• nonce (String) —

  An 8-byte string containing the nonce.

• ciphertext (String) —

  The message to be decrypted.

• additional_data (String) —

  The additional authenticated data

Returns:

• (String) —

  The decrypted message

Raises:

• (RbNaCl::LengthError) —

  If the nonce is not valid

• (RbNaCl::CryptoError) —

  If the ciphertext cannot be authenticated.

# File 'lib/rbnacl/aead/base.rb', line 68

def decrypt(nonce, ciphertext, additional_data)
  Util.check_length(nonce, nonce_bytes, "Nonce")

  message_len = Util.zeros(1)
  message = Util.zeros(data_len(ciphertext) - tag_bytes)

  success = do_decrypt(message, message_len, nonce, ciphertext, additional_data)
  raise CryptoError, "Decryption failed. Ciphertext failed verification." unless success

  message
end

#encrypt(nonce, message, additional_data) ⇒ String

Encrypts and authenticates a message with additional authenticated data

Parameters:

• nonce (String) —

  An 8-byte string containing the nonce.

• message (String) —

  The message to be encrypted.

• additional_data (String) —

  The additional authenticated data

Returns:

• (String) —

  The encrypted message with the authenticator tag appended

Raises:

• (RbNaCl::LengthError) —

  If the nonce is not valid

• (RbNaCl::CryptoError) —

  If the ciphertext cannot be authenticated.

# File 'lib/rbnacl/aead/base.rb', line 46

def encrypt(nonce, message, additional_data)
  Util.check_length(nonce, nonce_bytes, "Nonce")

  ciphertext_len = Util.zeros(1)
  ciphertext = Util.zeros(data_len(message) + tag_bytes)

  success = do_encrypt(ciphertext, ciphertext_len, nonce, message, additional_data)
  raise CryptoError, "Encryption failed" unless success

  ciphertext
end

#key_bytes ⇒ Integer

The key bytes for the AEAD instance

Returns:

• (Integer) —

  The number of bytes in a valid key

# File 'lib/rbnacl/aead/base.rb', line 111

def key_bytes
  self.class.key_bytes
end

#nonce_bytes ⇒ Integer

The nonce bytes for the AEAD instance

Returns:

• (Integer) —

  The number of bytes in a valid nonce

# File 'lib/rbnacl/aead/base.rb', line 97

def nonce_bytes
  self.class.nonce_bytes
end

#primitive ⇒ Symbol

The crypto primitive for this aead instance

Returns:

• (Symbol) —

  The primitive used

# File 'lib/rbnacl/aead/base.rb', line 83

def primitive
  self.class.primitive
end

#tag_bytes ⇒ Integer

The number of bytes in the tag or authenticator for this AEAD instance

Returns:

• (Integer) —

  number of tag bytes

# File 'lib/rbnacl/aead/base.rb', line 125

def tag_bytes
  self.class.tag_bytes
end