module Aws::S3::Encryption::Utils

@api private

Constants

UNSAFE_MSG

Public Class Methods

aes_cipher(mode, block_mode, key, iv) click to toggle source

@param [String] mode “encrypt” or “decrypt” @param [String] block_mode “CBC” or “ECB” @param [OpenSSL::PKey::RSA, String, nil] key @param [String, nil] iv The initialization vector

# File lib/aws-sdk-s3/encryption/utils.rb, line 83
def aes_cipher(mode, block_mode, key, iv)
  cipher = key ?
    OpenSSL::Cipher.new("aes-#{cipher_size(key)}-#{block_mode.downcase}") :
    OpenSSL::Cipher.new("aes-256-#{block_mode.downcase}")
  cipher.send(mode) # encrypt or decrypt
  cipher.key = key if key
  cipher.iv = iv if iv
  cipher
end
aes_decryption_cipher(block_mode, key = nil, iv = nil) click to toggle source

@param [String] block_mode “CBC” or “ECB” @param [OpenSSL::PKey::RSA, String, nil] key @param [String, nil] iv The initialization vector

# File lib/aws-sdk-s3/encryption/utils.rb, line 75
def aes_decryption_cipher(block_mode, key = nil, iv = nil)
  aes_cipher(:decrypt, block_mode, key, iv)
end
aes_encryption_cipher(block_mode, key = nil, iv = nil) click to toggle source

@param [String] block_mode “CBC” or “ECB” @param [OpenSSL::PKey::RSA, String, nil] key @param [String, nil] iv The initialization vector

# File lib/aws-sdk-s3/encryption/utils.rb, line 68
def aes_encryption_cipher(block_mode, key = nil, iv = nil)
  aes_cipher(:encrypt, block_mode, key, iv)
end
cipher_size(key) click to toggle source

@param [String] key @return [Integer] @raise ArgumentError

# File lib/aws-sdk-s3/encryption/utils.rb, line 96
def cipher_size(key)
  key.bytesize * 8
end
decrypt(key, data) click to toggle source
# File lib/aws-sdk-s3/encryption/utils.rb, line 27
def decrypt(key, data)
  begin
    case key
    when OpenSSL::PKey::RSA # asymmetric decryption
      key.private_decrypt(data)
    when String # symmetric Decryption
      cipher = aes_cipher(:decrypt, :ECB, key, nil)
      cipher.update(data) + cipher.final
    end
  rescue OpenSSL::Cipher::CipherError
    msg = 'decryption failed, possible incorrect key'
    raise Errors::DecryptionError, msg
  end
end
decrypt_aes_gcm(key, data, auth_data) click to toggle source
# File lib/aws-sdk-s3/encryption/utils.rb, line 43
def decrypt_aes_gcm(key, data, auth_data)
  # data is iv (12B) + key + tag (16B)
  buf = data.unpack('C*')
  iv = buf[0,12].pack('C*') # iv will always be 12 bytes
  tag = buf[-16, 16].pack('C*') # tag is 16 bytes
  enc_key = buf[12, buf.size - (12+16)].pack('C*')
  cipher = aes_cipher(:decrypt, :GCM, key, iv)
  cipher.auth_tag = tag
  cipher.auth_data = auth_data
  cipher.update(enc_key) + cipher.final
end
decrypt_rsa(key, enc_data) click to toggle source

returns the decrypted data + auth_data

# File lib/aws-sdk-s3/encryption/utils.rb, line 56
def decrypt_rsa(key, enc_data)
  # Plaintext must be KeyLengthInBytes (1 Byte) + DataKey + AuthData
  buf = key.private_decrypt(enc_data, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING).unpack('C*')
  key_length = buf[0]
  data = buf[1, key_length].pack('C*')
  auth_data = buf[key_length+1, buf.length - key_length].pack('C*')
  [data, auth_data]
end
encrypt(key, data) click to toggle source
# File lib/aws-sdk-s3/encryption/utils.rb, line 15
def encrypt(key, data)
  case key
  when OpenSSL::PKey::RSA # asymmetric encryption
    warn(UNSAFE_MSG) if key.public_key.n.num_bits < cipher_size(data)
    key.public_encrypt(data)
  when String # symmetric encryption
    warn(UNSAFE_MSG) if cipher_size(key) < cipher_size(data)
    cipher = aes_encryption_cipher(:ECB, key)
    cipher.update(data) + cipher.final
  end
end