Class: Themis::ScellTokenProtect
- Includes:
- ThemisCommon, ThemisImport
- Defined in:
- lib/rbthemis.rb
Overview
Secure Cell in Token Protect mode.
Constant Summary
Constants included from ThemisImport
ThemisImport::THEMIS_KEY_EC_PRIVATE, ThemisImport::THEMIS_KEY_EC_PUBLIC, ThemisImport::THEMIS_KEY_INVALID, ThemisImport::THEMIS_KEY_RSA_PRIVATE, ThemisImport::THEMIS_KEY_RSA_PUBLIC
Constants inherited from Scell
Themis::Scell::CONTEXT_IMPRINT_MODE, Themis::Scell::SEAL_MODE, Themis::Scell::TOKEN_PROTECT_MODE
Instance Method Summary collapse
-
#decrypt(message, token = nil, context = nil) ⇒ Object
Decrypts message with given authentication token and context.
-
#encrypt(message, context = nil) ⇒ Object
Encrypts message with given optional context.
-
#initialize(key) ⇒ ScellTokenProtect
constructor
Make a new Secure Cell with given key.
Methods included from ThemisCommon
empty?, string_to_pointer_size
Constructor Details
#initialize(key) ⇒ ScellTokenProtect
Make a new Secure Cell with given key. The key must not be empty and is treated as binary data. You can use Themis::gen_sym_key to generate new keys.
733 734 735 736 737 738 |
# File 'lib/rbthemis.rb', line 733 def initialize(key) if empty? key raise ThemisError, "key cannot be empty" end @key, @key_length = string_to_pointer_size(key) end |
Instance Method Details
#decrypt(message, token = nil, context = nil) ⇒ Object
Decrypts message with given authentication token and context. The context must be the same as the one used during encryption, or be omitted or set to nil if no context were used. The token also must be the one returned during encryption. Decrypted message is returned as binary data.
783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 |
# File 'lib/rbthemis.rb', line 783 def decrypt(, token = nil, context = nil) # For compatibility with older API we allow the message and token to be # provided as a list in the first argument. In this case the second one # contains (an optional) context. Then there is no third argument. if .kind_of? Array context = token , token = end if empty? raise ThemisError, "message cannot be empty" end if empty? token raise ThemisError, "token cannot be empty" end , = string_to_pointer_size() token_, token_length_ = string_to_pointer_size(token) context_, context_length_ = context.nil? ? [nil, 0] : string_to_pointer_size(context) decrypted_length = FFI::MemoryPointer.new(:uint) res = themis_secure_cell_decrypt_token_protect( @key, @key_length, context_, context_length_, , , token_, token_length_, nil, decrypted_length) if res != BUFFER_TOO_SMALL raise ThemisError.new(res), "decrypt failed" end = FFI::MemoryPointer.new(:char, decrypted_length.read_uint) res = themis_secure_cell_decrypt_token_protect( @key, @key_length, context_, context_length_, , , token_, token_length_, , decrypted_length) if res != SUCCESS raise ThemisError.new(res), "decrypt failed" end .get_bytes(0, decrypted_length.read_uint) end |
#encrypt(message, context = nil) ⇒ Object
Encrypts message with given optional context. The context is cryptographically combined with message but is not included into encrypted data, you will need to provide the same context for decryption. Resulting encrypted message (the same length as input) and authentication token are returned separately; you will need to provide them both for decryption. Message must not be empty, but context may be omitted. Both message and context are treated as binary data.
747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 |
# File 'lib/rbthemis.rb', line 747 def encrypt(, context = nil) if empty? raise ThemisError, "message cannot be empty" end , = string_to_pointer_size() context_, context_length_ = context.nil? ? [nil, 0] : string_to_pointer_size(context) auth_token_length = FFI::MemoryPointer.new(:uint) encrypted_length = FFI::MemoryPointer.new(:uint) res = themis_secure_cell_encrypt_token_protect( @key, @key_length, context_, context_length_, , , nil, auth_token_length, nil, encrypted_length) if res != BUFFER_TOO_SMALL raise ThemisError.new(res), "encrypt failed" end auth_token = FFI::MemoryPointer.new(:char, auth_token_length.read_uint) = FFI::MemoryPointer.new(:char, encrypted_length.read_uint) res = themis_secure_cell_encrypt_token_protect( @key, @key_length, context_, context_length_, , , auth_token, auth_token_length, , encrypted_length) if res != SUCCESS raise ThemisError.new(res), "encrypt failed" end [.get_bytes(0, encrypted_length.read_uint), auth_token.get_bytes(0, auth_token_length.read_uint),] end |