Module: Aws::S3::Encryption::Utils Private
- Defined in:
- lib/aws-sdk-s3/encryption/utils.rb
This module is part of a private API. You should avoid using this module if possible, as it may be removed or be changed in the future.
Constant Summary collapse
- UNSAFE_MSG =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
"unsafe encryption, data is longer than key length"
Class Method Summary collapse
- .aes_cipher(mode, block_mode, key, iv) ⇒ Object private
- .aes_decryption_cipher(block_mode, key = nil, iv = nil) ⇒ Object private
- .aes_encryption_cipher(block_mode, key = nil, iv = nil) ⇒ Object private
- .cipher_size(key) ⇒ Integer private
- .decrypt(key, data) ⇒ Object private
- .decrypt_aes_gcm(key, data, auth_data) ⇒ Object private
-
.decrypt_rsa(key, enc_data) ⇒ Object
private
returns the decrypted data + auth_data.
- .encrypt(key, data) ⇒ Object private
Class Method Details
.aes_cipher(mode, block_mode, key, iv) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
83 84 85 86 87 88 89 90 91 |
# File 'lib/aws-sdk-s3/encryption/utils.rb', line 83 def aes_cipher(mode, block_mode, key, iv) cipher = key ? OpenSSL::Cipher.new("aes-#{cipher_size(key)}-#{block_mode.downcase}") : OpenSSL::Cipher.new("aes-256-#{block_mode.downcase}") cipher.send(mode) # encrypt or decrypt cipher.key = key if key cipher.iv = iv if iv cipher end |
.aes_decryption_cipher(block_mode, key = nil, iv = nil) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
75 76 77 |
# File 'lib/aws-sdk-s3/encryption/utils.rb', line 75 def aes_decryption_cipher(block_mode, key = nil, iv = nil) aes_cipher(:decrypt, block_mode, key, iv) end |
.aes_encryption_cipher(block_mode, key = nil, iv = nil) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
68 69 70 |
# File 'lib/aws-sdk-s3/encryption/utils.rb', line 68 def aes_encryption_cipher(block_mode, key = nil, iv = nil) aes_cipher(:encrypt, block_mode, key, iv) end |
.cipher_size(key) ⇒ Integer
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
96 97 98 |
# File 'lib/aws-sdk-s3/encryption/utils.rb', line 96 def cipher_size(key) key.bytesize * 8 end |
.decrypt(key, data) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
# File 'lib/aws-sdk-s3/encryption/utils.rb', line 27 def decrypt(key, data) begin case key when OpenSSL::PKey::RSA # asymmetric decryption key.private_decrypt(data) when String # symmetric Decryption cipher = aes_cipher(:decrypt, :ECB, key, nil) cipher.update(data) + cipher.final end rescue OpenSSL::Cipher::CipherError msg = 'decryption failed, possible incorrect key' raise Errors::DecryptionError, msg end end |
.decrypt_aes_gcm(key, data, auth_data) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
43 44 45 46 47 48 49 50 51 52 53 |
# File 'lib/aws-sdk-s3/encryption/utils.rb', line 43 def decrypt_aes_gcm(key, data, auth_data) # data is iv (12B) + key + tag (16B) buf = data.unpack('C*') iv = buf[0,12].pack('C*') # iv will always be 12 bytes tag = buf[-16, 16].pack('C*') # tag is 16 bytes enc_key = buf[12, buf.size - (12+16)].pack('C*') cipher = aes_cipher(:decrypt, :GCM, key, iv) cipher.auth_tag = tag cipher.auth_data = auth_data cipher.update(enc_key) + cipher.final end |
.decrypt_rsa(key, enc_data) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
returns the decrypted data + auth_data
56 57 58 59 60 61 62 63 |
# File 'lib/aws-sdk-s3/encryption/utils.rb', line 56 def decrypt_rsa(key, enc_data) # Plaintext must be KeyLengthInBytes (1 Byte) + DataKey + AuthData buf = key.private_decrypt(enc_data, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING).unpack('C*') key_length = buf[0] data = buf[1, key_length].pack('C*') auth_data = buf[key_length+1, buf.length - key_length].pack('C*') [data, auth_data] end |
.encrypt(key, data) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
15 16 17 18 19 20 21 22 23 24 25 |
# File 'lib/aws-sdk-s3/encryption/utils.rb', line 15 def encrypt(key, data) case key when OpenSSL::PKey::RSA # asymmetric encryption warn(UNSAFE_MSG) if key.public_key.n.num_bits < cipher_size(data) key.public_encrypt(data) when String # symmetric encryption warn(UNSAFE_MSG) if cipher_size(key) < cipher_size(data) cipher = aes_encryption_cipher(:ECB, key) cipher.update(data) + cipher.final end end |