Class: Themis::ScellTokenProtect

Inherits:
Scell
  • Object
show all
Includes:
ThemisCommon, ThemisImport
Defined in:
lib/rbthemis.rb

Overview

Secure Cell in Token Protect mode.

Constant Summary

Constants included from ThemisImport

ThemisImport::THEMIS_KEY_EC_PRIVATE, ThemisImport::THEMIS_KEY_EC_PUBLIC, ThemisImport::THEMIS_KEY_INVALID, ThemisImport::THEMIS_KEY_RSA_PRIVATE, ThemisImport::THEMIS_KEY_RSA_PUBLIC

Constants inherited from Scell

Themis::Scell::CONTEXT_IMPRINT_MODE, Themis::Scell::SEAL_MODE, Themis::Scell::TOKEN_PROTECT_MODE

Instance Method Summary collapse

Methods included from ThemisCommon

empty?, string_to_pointer_size

Constructor Details

#initialize(key) ⇒ ScellTokenProtect

Make a new Secure Cell with given key. The key must not be empty and is treated as binary data. You can use Themis::gen_sym_key to generate new keys.



733
734
735
736
737
738
 
# File 'lib/rbthemis.rb', line 733

def initialize(key)
  if empty? key
    raise ThemisError, "key cannot be empty"
  end
  @key, @key_length = string_to_pointer_size(key)
end

Instance Method Details

#decrypt(message, token = nil, context = nil) ⇒ Object

Decrypts message with given authentication token and context. The context must be the same as the one used during encryption, or be omitted or set to nil if no context were used. The token also must be the one returned during encryption. Decrypted message is returned as binary data.



783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
 
# File 'lib/rbthemis.rb', line 783

def decrypt(message, token = nil, context = nil)
  # For compatibility with older API we allow the message and token to be
  # provided as a list in the first argument. In this case the second one
  # contains (an optional) context. Then there is no third argument.
  if message.kind_of? Array
    context = token
    message, token = message
  end

  if empty? message
    raise ThemisError, "message cannot be empty"
  end
  if empty? token
    raise ThemisError, "token cannot be empty"
  end

  message_, message_length_ = string_to_pointer_size(message)
  token_, token_length_ = string_to_pointer_size(token)
  context_, context_length_ =
    context.nil? ? [nil, 0] : string_to_pointer_size(context)

  decrypted_length = FFI::MemoryPointer.new(:uint)
  res = themis_secure_cell_decrypt_token_protect(
    @key, @key_length, context_, context_length_,
    message_, message_length_, token_, token_length_,
    nil, decrypted_length)
  if res != BUFFER_TOO_SMALL
    raise ThemisError.new(res), "decrypt failed"
  end

  decrypted_message = FFI::MemoryPointer.new(:char, decrypted_length.read_uint)
  res = themis_secure_cell_decrypt_token_protect(
    @key, @key_length, context_, context_length_,
    message_, message_length_, token_, token_length_,
    decrypted_message, decrypted_length)
  if res != SUCCESS
    raise ThemisError.new(res), "decrypt failed"
  end

  decrypted_message.get_bytes(0, decrypted_length.read_uint)
end

#encrypt(message, context = nil) ⇒ Object

Encrypts message with given optional context. The context is cryptographically combined with message but is not included into encrypted data, you will need to provide the same context for decryption. Resulting encrypted message (the same length as input) and authentication token are returned separately; you will need to provide them both for decryption. Message must not be empty, but context may be omitted. Both message and context are treated as binary data.



747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
 
# File 'lib/rbthemis.rb', line 747

def encrypt(message, context = nil)
  if empty? message
    raise ThemisError, "message cannot be empty"
  end

  message_, message_length_ = string_to_pointer_size(message)
  context_, context_length_ =
    context.nil? ? [nil, 0] : string_to_pointer_size(context)

  auth_token_length = FFI::MemoryPointer.new(:uint)
  encrypted_length = FFI::MemoryPointer.new(:uint)
  res = themis_secure_cell_encrypt_token_protect(
    @key, @key_length, context_, context_length_, message_, message_length_,
    nil, auth_token_length, nil, encrypted_length)
  if res != BUFFER_TOO_SMALL
    raise ThemisError.new(res), "encrypt failed"
  end

  auth_token = FFI::MemoryPointer.new(:char, auth_token_length.read_uint)
  encrypted_message = FFI::MemoryPointer.new(:char, encrypted_length.read_uint)
  res = themis_secure_cell_encrypt_token_protect(
    @key, @key_length, context_, context_length_, message_, message_length_,
    auth_token, auth_token_length, encrypted_message, encrypted_length)
  if res != SUCCESS
    raise ThemisError.new(res), "encrypt failed"
  end

  [encrypted_message.get_bytes(0, encrypted_length.read_uint),
   auth_token.get_bytes(0, auth_token_length.read_uint),]
end