Module: Mongo::Crypt::Hooks Private
- Defined in:
- lib/mongo/crypt/hooks.rb
Overview
This module is part of a private API. You should avoid using this module if possible, as it may be removed or be changed in the future.
A helper module that implements cryptography methods required for native Ruby crypto hooks. These methods are passed into FFI as C callbacks and called from the libmongocrypt library.
Class Method Summary collapse
-
.aes(key, iv, input, decrypt: false, mode: :CBC) ⇒ String
private
An AES encrypt or decrypt method.
-
.hash_sha256(input) ⇒ String
private
A crypto hash (SHA-256) function.
-
.hmac_sha(digest_name, key, input) ⇒ String
private
An HMAC SHA-512 or SHA-256 function.
-
.random(num_bytes) ⇒ String
private
Crypto secure random function.
-
.rsaes_pkcs_signature(key, input) ⇒ String
private
An RSASSA-PKCS1-v1_5 with SHA-256 signature function.
Class Method Details
.aes(key, iv, input, decrypt: false, mode: :CBC) ⇒ String
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
An AES encrypt or decrypt method.
43 44 45 46 47 48 49 50 51 52 |
# File 'lib/mongo/crypt/hooks.rb', line 43 def aes(key, iv, input, decrypt: false, mode: :CBC) cipher = OpenSSL::Cipher::AES.new(256, mode) decrypt ? cipher.decrypt : cipher.encrypt cipher.key = key cipher.iv = iv cipher.padding = 0 encrypted = cipher.update(input) end |
.hash_sha256(input) ⇒ String
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
A crypto hash (SHA-256) function
88 89 90 |
# File 'lib/mongo/crypt/hooks.rb', line 88 def hash_sha256(input) Digest::SHA2.new(256).digest(input) end |
.hmac_sha(digest_name, key, input) ⇒ String
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
An HMAC SHA-512 or SHA-256 function
76 77 78 |
# File 'lib/mongo/crypt/hooks.rb', line 76 def hmac_sha(digest_name, key, input) OpenSSL::HMAC.digest(digest_name, key, input) end |
.random(num_bytes) ⇒ String
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Crypto secure random function
62 63 64 |
# File 'lib/mongo/crypt/hooks.rb', line 62 def random(num_bytes) SecureRandom.random_bytes(num_bytes) end |
.rsaes_pkcs_signature(key, input) ⇒ String
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
An RSASSA-PKCS1-v1_5 with SHA-256 signature function.
99 100 101 102 103 104 105 106 107 108 109 110 111 112 |
# File 'lib/mongo/crypt/hooks.rb', line 99 def rsaes_pkcs_signature(key, input) private_key = if BSON::Environment.jruby? # JRuby cannot read DER format, we need to convert key into PEM first. key_pem = [ "-----BEGIN PRIVATE KEY-----", Base64.strict_encode64(Base64.decode64(key)).scan(/.{1,64}/), "-----END PRIVATE KEY-----", ].join("\n") OpenSSL::PKey::RSA.new(key_pem) else OpenSSL::PKey.read(Base64.decode64(key)) end private_key.sign(OpenSSL::Digest::SHA256.new, input) end |