Class: Slosilo::Symmetric

Inherits:

Object

• Object
• Slosilo::Symmetric

Defined in:

lib/slosilo/symmetric.rb

Constant Summary

VERSION_MAGIC =

'G'

TAG_LENGTH =

16

Instance Method Summary

• #cipher_name ⇒ Object

  This lets us do a final sanity check in migrations from older encryption versions.

• #decrypt(ciphertext, opts = {}) ⇒ Object
• #encrypt(plaintext, opts = {}) ⇒ Object
• #initialize ⇒ Symmetric constructor

  A new instance of Symmetric.

• #random_iv ⇒ Object
• #random_key ⇒ Object

Constructor Details

#initialize ⇒ Symmetric

Returns a new instance of Symmetric.

# File 'lib/slosilo/symmetric.rb', line 6

def initialize
  @cipher = OpenSSL::Cipher.new 'aes-256-gcm' # NB: has to be lower case for whatever reason.
  @cipher_mutex = Mutex.new
end

Instance Method Details

#cipher_name ⇒ Object

This lets us do a final sanity check in migrations from older encryption versions

# File 'lib/slosilo/symmetric.rb', line 12

def cipher_name
  @cipher.name
end

#decrypt(ciphertext, opts = {}) ⇒ Object

# File 'lib/slosilo/symmetric.rb', line 31

def decrypt ciphertext, opts = {}
  version, tag, iv, ctext = unpack ciphertext

  raise "Invalid version magic: expected #{VERSION_MAGIC} but was #{version}" unless version == VERSION_MAGIC

  # All of these operations in OpenSSL must occur atomically, so we
  # synchronize their access to make this step thread-safe.
  @cipher_mutex.synchronize do
    @cipher.reset
    @cipher.decrypt
    @cipher.key = opts[:key]
    @cipher.iv = iv
    @cipher.auth_tag = tag
    @cipher.auth_data = opts[:aad] || ""
    @cipher.update(ctext) + @cipher.final
  end
end

#encrypt(plaintext, opts = {}) ⇒ Object

# File 'lib/slosilo/symmetric.rb', line 16

def encrypt plaintext, opts = {}
  # All of these operations in OpenSSL must occur atomically, so we
  # synchronize their access to make this step thread-safe.
  @cipher_mutex.synchronize do
    @cipher.reset
    @cipher.encrypt
    @cipher.key = (opts[:key] or raise("missing :key option"))
    @cipher.iv = iv = random_iv
    @cipher.auth_data = opts[:aad] || "" # Nothing good happens if you set this to nil, or don't set it at all
    ctext = @cipher.update(plaintext) + @cipher.final
    tag = @cipher.auth_tag(TAG_LENGTH)
    "#{VERSION_MAGIC}#{tag}#{iv}#{ctext}"
  end
end

#random_iv ⇒ Object

# File 'lib/slosilo/symmetric.rb', line 49

def random_iv
  @cipher.random_iv
end

#random_key ⇒ Object

# File 'lib/slosilo/symmetric.rb', line 53

def random_key
  @cipher.random_key
end