Module: JWA::Algorithms::ContentEncryption::AesGcm

Included in:

A128Gcm, A192Gcm, A256Gcm

Defined in:

lib/jwa/algorithms/content_encryption/aes_gcm.rb

Overview

Abstract AES in Galois Counter mode for different key sizes.

Defined Under Namespace

Modules: ClassMethods

Instance Attribute Summary

• #iv ⇒ Object readonly

  Returns the value of attribute iv.

• #key ⇒ Object readonly

  Returns the value of attribute key.

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #cipher ⇒ Object
• #decrypt(ciphertext, authenticated_data, tag) ⇒ Object
• #encrypt(plaintext, authenticated_data) ⇒ Object
• #initialize(key, iv = nil) ⇒ Object
• #setup_cipher(direction, auth_data, tag = nil) ⇒ Object

Instance Attribute Details

#iv ⇒ Object (readonly)

Returns the value of attribute iv.

# File 'lib/jwa/algorithms/content_encryption/aes_gcm.rb', line 8

def iv
  @iv
end

#key ⇒ Object (readonly)

Returns the value of attribute key.

# File 'lib/jwa/algorithms/content_encryption/aes_gcm.rb', line 8

def key
  @key
end

Class Method Details

.included(base) ⇒ Object

# File 'lib/jwa/algorithms/content_encryption/aes_gcm.rb', line 49

def self.included(base)
  base.extend(ClassMethods)
end

Instance Method Details

#cipher ⇒ Object

# File 'lib/jwa/algorithms/content_encryption/aes_gcm.rb', line 45

def cipher
  @cipher ||= Cipher.for(self.class.cipher_name)
end

#decrypt(ciphertext, authenticated_data, tag) ⇒ Object

# File 'lib/jwa/algorithms/content_encryption/aes_gcm.rb', line 30

def decrypt(ciphertext, authenticated_data, tag)
  setup_cipher(:decrypt, authenticated_data, tag)
  cipher.update(ciphertext) + cipher.final
rescue OpenSSL::Cipher::CipherError
  raise JWA::BadDecrypt, 'Invalid ciphertext or authentication tag'
end

#encrypt(plaintext, authenticated_data) ⇒ Object

# File 'lib/jwa/algorithms/content_encryption/aes_gcm.rb', line 23

def encrypt(plaintext, authenticated_data)
  setup_cipher(:encrypt, authenticated_data)
  ciphertext = cipher.update(plaintext) + cipher.final

  [ciphertext, cipher.auth_tag]
end

#initialize(key, iv = nil) ⇒ Object

# File 'lib/jwa/algorithms/content_encryption/aes_gcm.rb', line 10

def initialize(key, iv = nil)
  @key = key
  @iv = iv || SecureRandom.random_bytes(12)

  if @key.length != self.class.key_length
    raise ArgumentError, "Invalid Key. Expected length: #{self.class.key_length}. Actual: #{@key.length}."
  end

  if @iv.length != 12
    raise ArgumentError, "Invalid IV. Expected length: 12. Actual: #{@iv.length}."
  end
end

#setup_cipher(direction, auth_data, tag = nil) ⇒ Object

# File 'lib/jwa/algorithms/content_encryption/aes_gcm.rb', line 37

def setup_cipher(direction, auth_data, tag = nil)
  cipher.send(direction)
  cipher.key = @key
  cipher.iv = @iv
  cipher.auth_tag = tag if tag
  cipher.auth_data = auth_data
end