Module: Aws::S3::Encryption::Utils Private

Defined in:: lib/aws-sdk-s3/encryption/utils.rb

This module is part of a private API. You should avoid using this module if possible, as it may be removed or be changed in the future.

Constant Summary collapse

UNSAFE_MSG =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

"unsafe encryption, data is longer than key length"

Class Method Summary collapse

.aes_cipher(mode, block_mode, key, iv) ⇒ Object private
.aes_decryption_cipher(block_mode, key = nil, iv = nil) ⇒ Object private
.aes_encryption_cipher(block_mode, key = nil, iv = nil) ⇒ Object private
.cipher_size(key) ⇒ Integer private
.decrypt(key, data) ⇒ Object private
.encrypt(key, data) ⇒ Object private

Class Method Details

.aes_cipher(mode, block_mode, key, iv) ⇒ `Object`

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-s3/encryption/utils.rb', line 58

def aes_cipher(mode, block_mode, key, iv)
  cipher = key ?
    OpenSSL::Cipher.new("aes-#{cipher_size(key)}-#{block_mode.downcase}") :
    OpenSSL::Cipher.new("aes-256-#{block_mode.downcase}")
  cipher.send(mode) # encrypt or decrypt
  cipher.key = key if key
  cipher.iv = iv if iv
  cipher
end

.aes_decryption_cipher(block_mode, key = nil, iv = nil) ⇒ `Object`

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



50
51
52

# File 'lib/aws-sdk-s3/encryption/utils.rb', line 50

def aes_decryption_cipher(block_mode, key = nil, iv = nil)
  aes_cipher(:decrypt, block_mode, key, iv)
end

.aes_encryption_cipher(block_mode, key = nil, iv = nil) ⇒ `Object`

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



43
44
45

# File 'lib/aws-sdk-s3/encryption/utils.rb', line 43

def aes_encryption_cipher(block_mode, key = nil, iv = nil)
  aes_cipher(:encrypt, block_mode, key, iv)
end

.cipher_size(key) ⇒ `Integer`

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Raises:

ArgumentError



71
72
73

# File 'lib/aws-sdk-s3/encryption/utils.rb', line 71

def cipher_size(key)
  key.bytesize * 8
end

.decrypt(key, data) ⇒ `Object`

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-s3/encryption/utils.rb', line 25

def decrypt(key, data)
  begin
    case key
    when OpenSSL::PKey::RSA # asymmetric decryption
      key.private_decrypt(data)
    when String # symmetric Decryption
      cipher = aes_cipher(:decrypt, :ECB, key, nil)
      cipher.update(data) + cipher.final
    end
  rescue OpenSSL::Cipher::CipherError
    msg = 'decryption failed, possible incorrect key'
    raise Errors::DecryptionError, msg
  end
end

.encrypt(key, data) ⇒ `Object`

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-s3/encryption/utils.rb', line 13

def encrypt(key, data)
  case key
  when OpenSSL::PKey::RSA # asymmetric encryption
    warn(UNSAFE_MSG) if key.public_key.n.num_bits < cipher_size(data)
    key.public_encrypt(data)
  when String # symmetric encryption
    warn(UNSAFE_MSG) if cipher_size(key) < cipher_size(data)
    cipher = aes_encryption_cipher(:ECB, key)
    cipher.update(data) + cipher.final
  end
end