Class: JOSE::JWE::ENC_AES_CBC_HMAC

Inherits:

Struct

• Object
• Struct
• JOSE::JWE::ENC_AES_CBC_HMAC

Defined in:

lib/jose/jwe/enc_aes_cbc_hmac.rb

Instance Attribute Summary

• #bits ⇒ Object

  Returns the value of attribute bits.

• #cek_len ⇒ Object

  Returns the value of attribute cek_len.

• #cipher_name ⇒ Object

  Returns the value of attribute cipher_name.

• #enc_len ⇒ Object

  Returns the value of attribute enc_len.

• #hmac ⇒ Object

  Returns the value of attribute hmac.

• #iv_len ⇒ Object

  Returns the value of attribute iv_len.

• #mac_len ⇒ Object

  Returns the value of attribute mac_len.

• #tag_len ⇒ Object

  Returns the value of attribute tag_len.

Class Method Summary

• .from_map(fields) ⇒ Object

  JOSE::JWE callbacks.

Instance Method Summary

• #algorithm ⇒ Object

  JOSE::JWE::ENC callbacks.

• #block_decrypt(aad_cipher_text_cipher_tag, cek, iv) ⇒ Object
• #block_encrypt(aad_plain_text, cek, iv) ⇒ Object
• #next_cek ⇒ Object
• #next_iv ⇒ Object
• #to_map(fields) ⇒ Object

Instance Attribute Details

#bits ⇒ Object

Returns the value of attribute bits

Returns:

• (Object) —

  the current value of bits

# File 'lib/jose/jwe/enc_aes_cbc_hmac.rb', line 1

def bits
  @bits
end

#cek_len ⇒ Object

Returns the value of attribute cek_len

Returns:

• (Object) —

  the current value of cek_len

# File 'lib/jose/jwe/enc_aes_cbc_hmac.rb', line 1

def cek_len
  @cek_len
end

#cipher_name ⇒ Object

Returns the value of attribute cipher_name

Returns:

• (Object) —

  the current value of cipher_name

# File 'lib/jose/jwe/enc_aes_cbc_hmac.rb', line 1

def cipher_name
  @cipher_name
end

#enc_len ⇒ Object

Returns the value of attribute enc_len

Returns:

• (Object) —

  the current value of enc_len

# File 'lib/jose/jwe/enc_aes_cbc_hmac.rb', line 1

def enc_len
  @enc_len
end

#hmac ⇒ Object

Returns the value of attribute hmac

Returns:

• (Object) —

  the current value of hmac

# File 'lib/jose/jwe/enc_aes_cbc_hmac.rb', line 1

def hmac
  @hmac
end

#iv_len ⇒ Object

Returns the value of attribute iv_len

Returns:

• (Object) —

  the current value of iv_len

# File 'lib/jose/jwe/enc_aes_cbc_hmac.rb', line 1

def iv_len
  @iv_len
end

#mac_len ⇒ Object

Returns the value of attribute mac_len

Returns:

• (Object) —

  the current value of mac_len

# File 'lib/jose/jwe/enc_aes_cbc_hmac.rb', line 1

def mac_len
  @mac_len
end

#tag_len ⇒ Object

Returns the value of attribute tag_len

Returns:

• (Object) —

  the current value of tag_len

# File 'lib/jose/jwe/enc_aes_cbc_hmac.rb', line 1

def tag_len
  @tag_len
end

Class Method Details

.from_map(fields) ⇒ Object

JOSE::JWE callbacks

# File 'lib/jose/jwe/enc_aes_cbc_hmac.rb', line 5

def self.from_map(fields)
  case fields['enc']
  when 'A128CBC-HS256'
    return new('aes-128-cbc', 256, 32, 16, 16, 16, 16, OpenSSL::Digest::SHA256), fields.delete('enc')
  when 'A192CBC-HS384'
    return new('aes-192-cbc', 384, 48, 16, 24, 24, 24, OpenSSL::Digest::SHA384), fields.delete('enc')
  when 'A256CBC-HS512'
    return new('aes-256-cbc', 512, 64, 16, 32, 32, 32, OpenSSL::Digest::SHA512), fields.delete('enc')
  else
    raise ArgumentError, "invalid 'enc' for JWE: #{fields['enc'].inspect}"
  end
end

Instance Method Details

#algorithm ⇒ Object

JOSE::JWE::ENC callbacks

# File 'lib/jose/jwe/enc_aes_cbc_hmac.rb', line 24

def algorithm
  case cipher_name
  when 'aes-128-cbc'
    return 'A128CBC-HS256'
  when 'aes-192-cbc'
    return 'A192CBC-HS384'
  when 'aes-256-cbc'
    return 'A256CBC-HS512'
  else
    raise ArgumentError, "unhandled JOSE::JWE::ENC_AES_CBC_HMAC cipher name: #{cipher_name.inspect}"
  end
end

#block_decrypt(aad_cipher_text_cipher_tag, cek, iv) ⇒ Object

# File 'lib/jose/jwe/enc_aes_cbc_hmac.rb', line 37

def block_decrypt(aad_cipher_text_cipher_tag, cek, iv)
  aad, cipher_text, cipher_tag = aad_cipher_text_cipher_tag
  cek_s = StringIO.new(cek)
  mac_key = cek_s.read(mac_len)
  enc_key = cek_s.read(enc_len)
  aad_len = [(aad.bytesize * 8)].pack('Q>')
  mac_data = [aad, iv, cipher_text, aad_len].pack('a*a*a*a*')
  if cipher_tag != OpenSSL::HMAC.digest(hmac.new, mac_key, mac_data)[0...tag_len]
    raise ArgumentError, "decryption error"
  else
    cipher = OpenSSL::Cipher.new(cipher_name)
    cipher.decrypt
    cipher.key = enc_key
    cipher.iv = iv
    cipher.padding = 0
    plain_text = JOSE::JWA::PKCS7.unpad(cipher.update(cipher_text) + cipher.final)
    return plain_text
  end
end

#block_encrypt(aad_plain_text, cek, iv) ⇒ Object

# File 'lib/jose/jwe/enc_aes_cbc_hmac.rb', line 57

def block_encrypt(aad_plain_text, cek, iv)
  aad, plain_text = aad_plain_text
  cek_s = StringIO.new(cek)
  mac_key = cek_s.read(mac_len)
  enc_key = cek_s.read(enc_len)
  cipher = OpenSSL::Cipher.new(cipher_name)
  cipher.encrypt
  cipher.key = enc_key
  cipher.iv = iv
  cipher.padding = 0
  cipher_text = cipher.update(JOSE::JWA::PKCS7.pad(plain_text)) + cipher.final
  aad_len = [(aad.bytesize * 8)].pack('Q>')
  mac_data = [aad, iv, cipher_text, aad_len].pack('a*a*a*a*')
  cipher_tag = OpenSSL::HMAC.digest(hmac.new, mac_key, mac_data)[0...tag_len]
  return cipher_text, cipher_tag
end

#next_cek ⇒ Object

# File 'lib/jose/jwe/enc_aes_cbc_hmac.rb', line 74

def next_cek
  return SecureRandom.random_bytes(cek_len)
end

#next_iv ⇒ Object

# File 'lib/jose/jwe/enc_aes_cbc_hmac.rb', line 78

def next_iv
  return SecureRandom.random_bytes(iv_len)
end

#to_map(fields) ⇒ Object

# File 'lib/jose/jwe/enc_aes_cbc_hmac.rb', line 18

def to_map(fields)
  return fields.put('enc', algorithm)
end