Class: Themis::ScellTokenProtect

Inherits:
Scell
  • Object
show all
Includes:
ThemisCommon, ThemisImport
Defined in:
lib/rbthemis.rb

Overview

Secure Cell in Token Protect mode.

Constant Summary

Constants included from ThemisImport

ThemisImport::THEMIS_KEY_EC_PRIVATE, ThemisImport::THEMIS_KEY_EC_PUBLIC, ThemisImport::THEMIS_KEY_INVALID, ThemisImport::THEMIS_KEY_RSA_PRIVATE, ThemisImport::THEMIS_KEY_RSA_PUBLIC

Constants inherited from Scell

Themis::Scell::CONTEXT_IMPRINT_MODE, Themis::Scell::SEAL_MODE, Themis::Scell::TOKEN_PROTECT_MODE

Instance Method Summary collapse

Methods included from ThemisImport

canonical_themis_paths, load_themis

Methods included from ThemisCommon

empty?, string_to_pointer_size

Constructor Details

#initialize(key) ⇒ ScellTokenProtect

Make a new Secure Cell with given key. The key must not be empty and is treated as binary data. You can use Themis::gen_sym_key to generate new keys.



776
777
778
779
780
781
 
# File 'lib/rbthemis.rb', line 776

def initialize(key)
  if empty? key
    raise ThemisError, "key cannot be empty"
  end
  @key, @key_length = string_to_pointer_size(key)
end

Instance Method Details

#decrypt(message, token = nil, context = nil) ⇒ Object

Decrypts message with given authentication token and context. The context must be the same as the one used during encryption, or be omitted or set to nil if no context were used. The token also must be the one returned during encryption. Decrypted message is returned as binary data.



826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
 
# File 'lib/rbthemis.rb', line 826

def decrypt(message, token = nil, context = nil)
  # For compatibility with older API we allow the message and token to be
  # provided as a list in the first argument. In this case the second one
  # contains (an optional) context. Then there is no third argument.
  if message.kind_of? Array
    context = token
    message, token = message
  end

  if empty? message
    raise ThemisError, "message cannot be empty"
  end
  if empty? token
    raise ThemisError, "token cannot be empty"
  end

  message_, message_length_ = string_to_pointer_size(message)
  token_, token_length_ = string_to_pointer_size(token)
  context_, context_length_ =
    context.nil? ? [nil, 0] : string_to_pointer_size(context)

  decrypted_length = FFI::MemoryPointer.new(:uint)
  res = themis_secure_cell_decrypt_token_protect(
    @key, @key_length, context_, context_length_,
    message_, message_length_, token_, token_length_,
    nil, decrypted_length)
  if res != BUFFER_TOO_SMALL
    raise ThemisError.new(res), "decrypt failed"
  end

  decrypted_message = FFI::MemoryPointer.new(:char, decrypted_length.read_uint)
  res = themis_secure_cell_decrypt_token_protect(
    @key, @key_length, context_, context_length_,
    message_, message_length_, token_, token_length_,
    decrypted_message, decrypted_length)
  if res != SUCCESS
    raise ThemisError.new(res), "decrypt failed"
  end

  decrypted_message.get_bytes(0, decrypted_length.read_uint)
end

#encrypt(message, context = nil) ⇒ Object

Encrypts message with given optional context. The context is cryptographically combined with message but is not included into encrypted data, you will need to provide the same context for decryption. Resulting encrypted message (the same length as input) and authentication token are returned separately; you will need to provide them both for decryption. Message must not be empty, but context may be omitted. Both message and context are treated as binary data.



790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
 
# File 'lib/rbthemis.rb', line 790

def encrypt(message, context = nil)
  if empty? message
    raise ThemisError, "message cannot be empty"
  end

  message_, message_length_ = string_to_pointer_size(message)
  context_, context_length_ =
    context.nil? ? [nil, 0] : string_to_pointer_size(context)

  auth_token_length = FFI::MemoryPointer.new(:uint)
  encrypted_length = FFI::MemoryPointer.new(:uint)
  res = themis_secure_cell_encrypt_token_protect(
    @key, @key_length, context_, context_length_, message_, message_length_,
    nil, auth_token_length, nil, encrypted_length)
  if res != BUFFER_TOO_SMALL
    raise ThemisError.new(res), "encrypt failed"
  end

  auth_token = FFI::MemoryPointer.new(:char, auth_token_length.read_uint)
  encrypted_message = FFI::MemoryPointer.new(:char, encrypted_length.read_uint)
  res = themis_secure_cell_encrypt_token_protect(
    @key, @key_length, context_, context_length_, message_, message_length_,
    auth_token, auth_token_length, encrypted_message, encrypted_length)
  if res != SUCCESS
    raise ThemisError.new(res), "encrypt failed"
  end

  [encrypted_message.get_bytes(0, encrypted_length.read_uint),
   auth_token.get_bytes(0, auth_token_length.read_uint),]
end