Class: TTTLS13::Cryptograph::Aead
- Inherits:
-
Object
- Object
- TTTLS13::Cryptograph::Aead
- Defined in:
- lib/tttls1.3/cryptograph/aead.rb
Instance Attribute Summary collapse
-
#auth_tag_len ⇒ Object
readonly
Returns the value of attribute auth_tag_len.
Instance Method Summary collapse
-
#decrypt(encrypted_record, auth_data) ⇒ String, TTTLS13::Message::ContentType
NOTE: AEAD-Decrypt(peer_write_key, nonce, additional_data, AEADEncrypted).
-
#encrypt(content, type) ⇒ String
NOTE: AEAD-Encrypt(write_key, nonce, additional_data, plaintext).
-
#initialize(cipher_suite:, write_key:, write_iv:, sequence_number:, length_of_padding: 0) ⇒ Aead
constructor
A new instance of Aead.
- #tlsplaintext_length_limit(record_size_limit) ⇒ Integer
Constructor Details
#initialize(cipher_suite:, write_key:, write_iv:, sequence_number:, length_of_padding: 0) ⇒ Aead
Returns a new instance of Aead.
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
# File 'lib/tttls1.3/cryptograph/aead.rb', line 15 def initialize(cipher_suite:, write_key:, write_iv:, sequence_number:, length_of_padding: 0) @cipher_suite = cipher_suite case cipher_suite when CipherSuite::TLS_AES_128_GCM_SHA256 @cipher = OpenSSL::Cipher::AES128.new(:GCM) when CipherSuite::TLS_AES_256_GCM_SHA384 @cipher = OpenSSL::Cipher::AES256.new(:GCM) when CipherSuite::TLS_CHACHA20_POLY1305_SHA256 @cipher = OpenSSL::Cipher.new('chacha20-poly1305') else # Note: # not supported # CipherSuite::TLS_AES_128_CCM_SHA256 # CipherSuite::TLS_AES_128_CCM_8_SHA256 raise Error::ErrorAlerts, :internal_error end @write_key = write_key @write_iv = write_iv @sequence_number = sequence_number @length_of_padding = length_of_padding @auth_tag_len = CipherSuite.auth_tag_len(@cipher_suite) end |
Instance Attribute Details
#auth_tag_len ⇒ Object (readonly)
Returns the value of attribute auth_tag_len.
8 9 10 |
# File 'lib/tttls1.3/cryptograph/aead.rb', line 8 def auth_tag_len @auth_tag_len end |
Instance Method Details
#decrypt(encrypted_record, auth_data) ⇒ String, TTTLS13::Message::ContentType
NOTE:
AEAD-Decrypt(peer_write_key, nonce,
additional_data, AEADEncrypted)
67 68 69 70 71 72 73 74 75 76 77 78 79 |
# File 'lib/tttls1.3/cryptograph/aead.rb', line 67 def decrypt(encrypted_record, auth_data) decipher = reset_decipher auth_tag = encrypted_record[-@auth_tag_len..-1] decipher.auth_tag = auth_tag decipher.auth_data = auth_data # record header of TLSCiphertext clear = decipher.update(encrypted_record[0...-@auth_tag_len]) decipher.final zeros_len = scan_zeros(clear) postfix_len = 1 + zeros_len # type || zeros @sequence_number.succ [clear[0...-postfix_len], clear[-postfix_len]] end |
#encrypt(content, type) ⇒ String
NOTE:
AEAD-Encrypt(write_key, nonce, additional_data, plaintext)
46 47 48 49 50 51 52 53 54 |
# File 'lib/tttls1.3/cryptograph/aead.rb', line 46 def encrypt(content, type) cipher = reset_cipher plaintext = content + type + "\x00" * @length_of_padding cipher.auth_data = additional_data(plaintext.length) encrypted_data = cipher.update(plaintext) + cipher.final @sequence_number.succ encrypted_data + cipher.auth_tag end |
#tlsplaintext_length_limit(record_size_limit) ⇒ Integer
NOTE:
struct {
opaque content[TLSPlaintext.length];
ContentType type;
uint8 zeros[length_of_padding];
} TLSInnerPlaintext;
91 92 93 |
# File 'lib/tttls1.3/cryptograph/aead.rb', line 91 def tlsplaintext_length_limit(record_size_limit) record_size_limit - 1 - @length_of_padding end |