Class: Themis::ScellSeal

Inherits:
Scell
  • Object
show all
Includes:
ThemisCommon, ThemisImport
Defined in:
lib/rbthemis.rb

Overview

Secure Cell in Seal mode.

Direct Known Subclasses

ScellSealPassphrase

Constant Summary

Constants included from ThemisImport

ThemisImport::THEMIS_KEY_EC_PRIVATE, ThemisImport::THEMIS_KEY_EC_PUBLIC, ThemisImport::THEMIS_KEY_INVALID, ThemisImport::THEMIS_KEY_RSA_PRIVATE, ThemisImport::THEMIS_KEY_RSA_PUBLIC

Constants inherited from Scell

Themis::Scell::CONTEXT_IMPRINT_MODE, Themis::Scell::SEAL_MODE, Themis::Scell::TOKEN_PROTECT_MODE

Instance Method Summary collapse

Methods included from ThemisImport

canonical_themis_paths, load_themis

Methods included from ThemisCommon

empty?, string_to_pointer_size

Constructor Details

#initialize(key) ⇒ ScellSeal

Make a new Secure Cell with given key. The key must not be empty and is treated as binary data. You can use Themis::gen_sym_key to generate new keys.



608
609
610
611
612
613
 
# File 'lib/rbthemis.rb', line 608

def initialize(key)
  if empty? key
    raise ThemisError, "key cannot be empty"
  end
  @key, @key_length = string_to_pointer_size(key)
end

Instance Method Details

#decrypt(message, context = nil) ⇒ Object

Decrypts message with given context. The context must be the same as the one used during encryption, or be omitted or set to nil if no context were used. Decrypted message is returned as binary data.



653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
 
# File 'lib/rbthemis.rb', line 653

def decrypt(message, context = nil)
  if empty? message
    raise ThemisError, "message cannot be empty"
  end

  message_, message_length_ = string_to_pointer_size(message)
  context_, context_length_ =
    context.nil? ? [nil, 0] : string_to_pointer_size(context)

  decrypted_length = FFI::MemoryPointer.new(:uint)
  res = themis_secure_cell_decrypt_seal(
    @key, @key_length, context_, context_length_,
    message_, message_length_, nil, decrypted_length)
  if res != BUFFER_TOO_SMALL
    raise ThemisError.new(res), "decrypt failed"
  end

  decrypted_message = FFI::MemoryPointer.new(:char, decrypted_length.read_uint)
  res = themis_secure_cell_decrypt_seal(
    @key, @key_length, context_, context_length_,
    message_, message_length_, decrypted_message, decrypted_length)
  if res != SUCCESS
    raise ThemisError.new(res), "decrypt failed"
  end

  decrypted_message.get_bytes(0, decrypted_length.read_uint)
end

#encrypt(message, context = nil) ⇒ Object

Encrypts message with given optional context. The context is cryptographically combined with message but is not included into encrypted data, you will need to provide the same context for decryption. Resulting encrypted message includes authentication token. Message must not be empty, but context may be omitted. Both message and context are treated as binary data.



621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
 
# File 'lib/rbthemis.rb', line 621

def encrypt(message, context = nil)
  if empty? message
    raise ThemisError, "message cannot be empty"
  end

  message_, message_length_ = string_to_pointer_size(message)
  context_, context_length_ =
    context.nil? ? [nil, 0] : string_to_pointer_size(context)

  encrypted_length = FFI::MemoryPointer.new(:uint)
  res = themis_secure_cell_encrypt_seal(
    @key, @key_length, context_, context_length_,
    message_, message_length_, nil, encrypted_length)
  if res != BUFFER_TOO_SMALL
    raise ThemisError.new(res), "encrypt failed"
  end

  encrypted_message = FFI::MemoryPointer.new(:char, encrypted_length.read_uint)
  res = themis_secure_cell_encrypt_seal(
    @key, @key_length, context_, context_length_,
    message_, message_length_, encrypted_message, encrypted_length)
  if res != SUCCESS
    raise ThemisError.new(res), "encrypt failed"
  end

  encrypted_message.get_bytes(0, encrypted_length.read_uint)
end