-
Notifications
You must be signed in to change notification settings - Fork 14
/
aes_gcm.rb
74 lines (60 loc) · 1.82 KB
/
aes_gcm.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
require 'jwe/enc/cipher'
module JWE
module Enc
# Abstract AES in Galois Counter mode for different key sizes.
module AesGcm
attr_accessor :cek
attr_accessor :iv
attr_accessor :tag
def initialize(cek = nil, iv = nil)
self.iv = iv
self.cek = cek
end
def encrypt(cleartext, authenticated_data)
raise JWE::BadCEK, "The supplied key is too short. Required length: #{key_length}" if cek.length < key_length
setup_cipher(:encrypt, authenticated_data)
ciphertext = cipher.update(cleartext) + cipher.final
self.tag = cipher.auth_tag
ciphertext
end
def decrypt(ciphertext, authenticated_data)
raise JWE::BadCEK, "The supplied key is too short. Required length: #{key_length}" if cek.length < key_length
setup_cipher(:decrypt, authenticated_data)
cipher.update(ciphertext) + cipher.final
rescue OpenSSL::Cipher::CipherError
raise JWE::InvalidData, 'Invalid ciphertext or authentication tag'
end
def setup_cipher(direction, auth_data)
cipher.send(direction)
cipher.key = cek
cipher.iv = iv
cipher.auth_tag = tag if direction == :decrypt
cipher.auth_data = auth_data
end
def iv
@iv ||= SecureRandom.random_bytes(12)
end
def cek
@cek ||= SecureRandom.random_bytes(key_length)
end
def cipher
@cipher ||= Cipher.for(cipher_name)
end
def tag
@tag || ''
end
def self.included(base)
base.extend(ClassMethods)
end
# Provides availability checks for Key Encryption algorithms
module ClassMethods
def available?
new.cipher
true
rescue JWE::NotImplementedError
false
end
end
end
end
end