Module: Aws::S3::Encryption::Utils Private

Defined in:
lib/aws-sdk-s3/encryption/utils.rb

This module is part of a private API. You should avoid using this module if possible, as it may be removed or be changed in the future.

Constant Summary collapse

UNSAFE_MSG =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

"unsafe encryption, data is longer than key length"

Class Method Summary collapse

Class Method Details

.aes_cipher(mode, block_mode, key, iv) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Parameters:

  • mode (String)

    “encrypt” or “decrypt”

  • block_mode (String)

    “CBC” or “ECB”

  • key (OpenSSL::PKey::RSA, String, nil)
  • iv (String, nil)

    The initialization vector



58
59
60
61
62
63
64
65
66
# File 'lib/aws-sdk-s3/encryption/utils.rb', line 58

def aes_cipher(mode, block_mode, key, iv)
  cipher = key ?
    OpenSSL::Cipher.new("aes-#{cipher_size(key)}-#{block_mode.downcase}") :
    OpenSSL::Cipher.new("aes-256-#{block_mode.downcase}")
  cipher.send(mode) # encrypt or decrypt
  cipher.key = key if key
  cipher.iv = iv if iv
  cipher
end

.aes_decryption_cipher(block_mode, key = nil, iv = nil) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Parameters:

  • block_mode (String)

    “CBC” or “ECB”

  • key (OpenSSL::PKey::RSA, String, nil) (defaults to: nil)
  • iv (String, nil) (defaults to: nil)

    The initialization vector



50
51
52
# File 'lib/aws-sdk-s3/encryption/utils.rb', line 50

def aes_decryption_cipher(block_mode, key = nil, iv = nil)
  aes_cipher(:decrypt, block_mode, key, iv)
end

.aes_encryption_cipher(block_mode, key = nil, iv = nil) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Parameters:

  • block_mode (String)

    “CBC” or “ECB”

  • key (OpenSSL::PKey::RSA, String, nil) (defaults to: nil)
  • iv (String, nil) (defaults to: nil)

    The initialization vector



43
44
45
# File 'lib/aws-sdk-s3/encryption/utils.rb', line 43

def aes_encryption_cipher(block_mode, key = nil, iv = nil)
  aes_cipher(:encrypt, block_mode, key, iv)
end

.cipher_size(key) ⇒ Integer

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Parameters:

  • key (String)

Returns:

  • (Integer)

Raises:

  • ArgumentError



71
72
73
# File 'lib/aws-sdk-s3/encryption/utils.rb', line 71

def cipher_size(key)
  key.bytesize * 8
end

.decrypt(key, data) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



25
26
27
28
29
30
31
32
33
34
35
36
37
38
# File 'lib/aws-sdk-s3/encryption/utils.rb', line 25

def decrypt(key, data)
  begin
    case key
    when OpenSSL::PKey::RSA # asymmetric decryption
      key.private_decrypt(data)
    when String # symmetric Decryption
      cipher = aes_cipher(:decrypt, :ECB, key, nil)
      cipher.update(data) + cipher.final
    end
  rescue OpenSSL::Cipher::CipherError
    msg = 'decryption failed, possible incorrect key'
    raise Errors::DecryptionError, msg
  end
end

.encrypt(key, data) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



13
14
15
16
17
18
19
20
21
22
23
# File 'lib/aws-sdk-s3/encryption/utils.rb', line 13

def encrypt(key, data)
  case key
  when OpenSSL::PKey::RSA # asymmetric encryption
    warn(UNSAFE_MSG) if key.public_key.n.num_bits < cipher_size(data)
    key.public_encrypt(data)
  when String # symmetric encryption
    warn(UNSAFE_MSG) if cipher_size(key) < cipher_size(data)
    cipher = aes_encryption_cipher(:ECB, key)
    cipher.update(data) + cipher.final
  end
end