class Chef::EncryptedDataBagItem::Decryptor::Version2Decryptor
Public Instance Methods
decrypted_data()
click to toggle source
Calls superclass method
Chef::EncryptedDataBagItem::Decryptor::Version1Decryptor#decrypted_data
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 167 def decrypted_data validate_hmac! unless @decrypted_data super end
validate_hmac!()
click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 172 def validate_hmac! digest = OpenSSL::Digest.new("sha256") raw_hmac = OpenSSL::HMAC.digest(digest, key, @encrypted_data["encrypted_data"]) if candidate_hmac_matches?(raw_hmac) true else raise DecryptionFailure, "Error decrypting data bag value: invalid hmac. Most likely the provided key is incorrect" end end
Private Instance Methods
candidate_hmac_matches?(expected_hmac)
click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 185 def candidate_hmac_matches?(expected_hmac) return false unless @encrypted_data["hmac"] expected_bytes = expected_hmac.bytes.to_a candidate_hmac_bytes = Base64.decode64(@encrypted_data["hmac"]).bytes.to_a valid = expected_bytes.size ^ candidate_hmac_bytes.size expected_bytes.zip(candidate_hmac_bytes) { |x, y| valid |= x ^ y.to_i } valid == 0 end