class RbNaCl::AEAD::Base
Abstract base class for Authenticated Encryption with Additional Data
This construction encrypts a message, and computes an authentication tag for the encrypted message and some optional additional data
RbNaCl
provides wrappers for both ChaCha20-Poly1305 AEAD
implementations in libsodium: the original, and the IETF version.
Constants
- KEYBYTES
Number of bytes in a valid key
- NPUBBYTES
Number of bytes in a valid nonce
Attributes
Public Class Methods
The key bytes for the AEAD
class
@return [Integer] The number of bytes in a valid key
# File lib/rbnacl/aead/base.rb, line 102 def self.key_bytes self::KEYBYTES end
Create a new AEAD
using the IETF chacha20poly1305 construction
Sets up AEAD
with a secret key for encrypting and decrypting messages.
@param key [String] The key to encrypt and decrypt with
@raise [RbNaCl::LengthError] on invalid keys
@return [RbNaCl::AEAD::Chacha20Poly1305IETF] The new AEAD
construct, ready to use
# File lib/rbnacl/aead/base.rb, line 32 def initialize(key) @key = Util.check_string(key, key_bytes, "Secret key") end
The nonce bytes for the AEAD
class
@return [Integer] The number of bytes in a valid nonce
# File lib/rbnacl/aead/base.rb, line 88 def self.nonce_bytes self::NPUBBYTES end
The number bytes in the tag or authenticator from this AEAD
class
@return [Integer] number of tag bytes
# File lib/rbnacl/aead/base.rb, line 116 def self.tag_bytes self::ABYTES end
Public Instance Methods
Decrypts and verifies an encrypted message with additional authenticated data
@param nonce [String] An 8-byte string containing the nonce. @param ciphertext [String] The message to be decrypted. @param additional_data [String] The additional authenticated data
@raise [RbNaCl::LengthError] If the nonce is not valid @raise [RbNaCl::CryptoError] If the ciphertext cannot be authenticated.
@return [String] The decrypted message
# File lib/rbnacl/aead/base.rb, line 67 def decrypt(nonce, ciphertext, additional_data) Util.check_length(nonce, nonce_bytes, "Nonce") message_len = Util.zeros(1) message = Util.zeros(data_len(ciphertext) - tag_bytes) success = do_decrypt(message, message_len, nonce, ciphertext, additional_data) raise CryptoError, "Decryption failed. Ciphertext failed verification." unless success message end
Encrypts and authenticates a message with additional authenticated data
@param nonce [String] An 8-byte string containing the nonce. @param message [String] The message to be encrypted. @param additional_data [String] The additional authenticated data
@raise [RbNaCl::LengthError] If the nonce is not valid @raise [RbNaCl::CryptoError] If the ciphertext cannot be authenticated.
@return [String] The encrypted message with the authenticator tag appended
# File lib/rbnacl/aead/base.rb, line 46 def encrypt(nonce, message, additional_data) Util.check_length(nonce, nonce_bytes, "Nonce") ciphertext_len = Util.zeros(1) ciphertext = Util.zeros(data_len(message) + tag_bytes) success = do_encrypt(ciphertext, ciphertext_len, nonce, message, additional_data) raise CryptoError, "Encryption failed" unless success ciphertext end
The key bytes for the AEAD
instance
@return [Integer] The number of bytes in a valid key
# File lib/rbnacl/aead/base.rb, line 109 def key_bytes self.class.key_bytes end
The nonce bytes for the AEAD
instance
@return [Integer] The number of bytes in a valid nonce
# File lib/rbnacl/aead/base.rb, line 95 def nonce_bytes self.class.nonce_bytes end
The crypto primitive for this aead instance
@return [Symbol] The primitive used
# File lib/rbnacl/aead/base.rb, line 81 def primitive self.class.primitive end
The number of bytes in the tag or authenticator for this AEAD
instance
@return [Integer] number of tag bytes
# File lib/rbnacl/aead/base.rb, line 123 def tag_bytes self.class.tag_bytes end
Private Instance Methods
# File lib/rbnacl/aead/base.rb, line 129 def data_len(data) return 0 if data.nil? data.bytesize end
# File lib/rbnacl/aead/base.rb, line 138 def do_decrypt(_message, _message_len, _nonce, _ciphertext, _additional_data) raise NotImplementedError end
# File lib/rbnacl/aead/base.rb, line 134 def do_encrypt(_ciphertext, _ciphertext_len, _nonce, _message, _additional_data) raise NotImplementedError end