Class: JOSE::JWE::ALG_AES_GCM_KW

Inherits:

Struct

• Object
• Struct
• JOSE::JWE::ALG_AES_GCM_KW

Defined in:

lib/jose/jwe/alg_aes_gcm_kw.rb

Instance Attribute Summary

• #bits ⇒ Object

  Returns the value of attribute bits.

• #cipher_name ⇒ Object

  Returns the value of attribute cipher_name.

• #iv ⇒ Object

  Returns the value of attribute iv.

• #tag ⇒ Object

  Returns the value of attribute tag.

Class Method Summary

• .from_map(fields) ⇒ Object

  JOSE::JWE callbacks.

Instance Method Summary

• #algorithm ⇒ Object

  API functions.

• #generate_key(fields, enc) ⇒ Object

  JOSE::JWE::ALG callbacks.

• #key_decrypt(key, enc, encrypted_key) ⇒ Object
• #key_encrypt(key, enc, decrypted_key) ⇒ Object
• #next_cek(key, enc) ⇒ Object
• #to_map(fields) ⇒ Object

Instance Attribute Details

#bits ⇒ Object

Returns the value of attribute bits

Returns:

• (Object) —

  the current value of bits

# File 'lib/jose/jwe/alg_aes_gcm_kw.rb', line 1

def bits
  @bits
end

#cipher_name ⇒ Object

Returns the value of attribute cipher_name

Returns:

• (Object) —

  the current value of cipher_name

# File 'lib/jose/jwe/alg_aes_gcm_kw.rb', line 1

def cipher_name
  @cipher_name
end

#iv ⇒ Object

Returns the value of attribute iv

Returns:

• (Object) —

  the current value of iv

# File 'lib/jose/jwe/alg_aes_gcm_kw.rb', line 1

def iv
  @iv
end

#tag ⇒ Object

Returns the value of attribute tag

Returns:

• (Object) —

  the current value of tag

# File 'lib/jose/jwe/alg_aes_gcm_kw.rb', line 1

def tag
  @tag
end

Class Method Details

.from_map(fields) ⇒ Object

JOSE::JWE callbacks

# File 'lib/jose/jwe/alg_aes_gcm_kw.rb', line 5

def self.from_map(fields)
  bits = nil
  cipher_name = nil
  case fields['alg']
  when 'A128GCMKW'
    bits = 128
    cipher_name = 'aes-128-gcm'
  when 'A192GCMKW'
    bits = 192
    cipher_name = 'aes-192-gcm'
  when 'A256GCMKW'
    bits = 256
    cipher_name = 'aes-256-gcm'
  else
    raise ArgumentError, "invalid 'alg' for JWE: #{fields['alg'].inspect}"
  end
  iv = nil
  if fields.has_key?('iv')
    iv = JOSE.urlsafe_decode64(fields['iv'])
  end
  tag = nil
  if fields.has_key?('tag')
    tag = JOSE.urlsafe_decode64(fields['tag'])
  end
  return new(cipher_name, bits, iv, tag), fields.except('alg', 'iv', 'tag')
end

Instance Method Details

#algorithm ⇒ Object

API functions

# File 'lib/jose/jwe/alg_aes_gcm_kw.rb', line 97

def algorithm
  case bits
  when 128
    'A128GCMKW'
  when 192
    'A192GCMKW'
  when 256
    'A256GCMKW'
  else
    raise ArgumentError, "unhandled JOSE::JWE::ALG_AES_GCM_KW bits: #{bits.inspect}"
  end
end

#generate_key(fields, enc) ⇒ Object

JOSE::JWE::ALG callbacks

# File 'lib/jose/jwe/alg_aes_gcm_kw.rb', line 46

def generate_key(fields, enc)
  return JOSE::JWE::ALG.generate_key([:oct, bits.div(8)], algorithm, enc.algorithm)
end

#key_decrypt(key, enc, encrypted_key) ⇒ Object

# File 'lib/jose/jwe/alg_aes_gcm_kw.rb', line 50

def key_decrypt(key, enc, encrypted_key)
  if iv.nil? or tag.nil?
    raise ArgumentError, "missing required fields for decryption: 'iv' and 'tag'"
  end
  if key.is_a?(JOSE::JWK)
    key = key.kty.derive_key
  end
  derived_key = key
  aad = ''
  cipher_text = encrypted_key
  cipher_tag = tag
  cipher = OpenSSL::Cipher.new(cipher_name)
  cipher.decrypt
  cipher.key = derived_key
  cipher.iv = iv
  cipher.padding = 0
  cipher.auth_data = aad
  cipher.auth_tag = cipher_tag
  plain_text = cipher.update(cipher_text) + cipher.final
  return plain_text
end

#key_encrypt(key, enc, decrypted_key) ⇒ Object

# File 'lib/jose/jwe/alg_aes_gcm_kw.rb', line 72

def key_encrypt(key, enc, decrypted_key)
  if key.is_a?(JOSE::JWK)
    key = key.kty.derive_key
  end
  new_alg = JOSE::JWE::ALG_AES_GCM_KW.new(cipher_name, bits, iv || SecureRandom.random_bytes(12))
  derived_key = key
  aad = ''
  plain_text = decrypted_key
  cipher = OpenSSL::Cipher.new(new_alg.cipher_name)
  cipher.encrypt
  cipher.key = derived_key
  cipher.iv = new_alg.iv
  cipher.padding = 0
  cipher.auth_data = aad
  cipher_text = cipher.update(plain_text) + cipher.final
  new_alg.tag = cipher.auth_tag
  return cipher_text, new_alg
end

#next_cek(key, enc) ⇒ Object

# File 'lib/jose/jwe/alg_aes_gcm_kw.rb', line 91

def next_cek(key, enc)
  return enc.next_cek, self
end

#to_map(fields) ⇒ Object

# File 'lib/jose/jwe/alg_aes_gcm_kw.rb', line 32

def to_map(fields)
  alg = algorithm
  fields = fields.put('alg', alg)
  if iv
    fields = fields.put('iv', JOSE.urlsafe_encode64(iv))
  end
  if tag
    fields = fields.put('tag', JOSE.urlsafe_encode64(tag))
  end
  return fields
end