Class: TTTLS13::Cryptograph::Aead

Inherits:
Object
  • Object
show all
Defined in:
lib/tttls1.3/cryptograph/aead.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(cipher_suite:, write_key:, write_iv:, sequence_number:, length_of_padding: 0) ⇒ Aead

Returns a new instance of Aead.

Parameters:

  • cipher_suite (TTTLS13::CipherSuite)
  • write_key (String)
  • write_iv (String)
  • sequence_number (String)

    uint64

  • length_of_padding (Integer) (defaults to: 0) 


15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/tttls1.3/cryptograph/aead.rb', line 15

def initialize(cipher_suite:, write_key:, write_iv:,
               sequence_number:, length_of_padding: 0)
  @cipher_suite = cipher_suite
  case cipher_suite
  when CipherSuite::TLS_AES_128_GCM_SHA256
    @cipher = OpenSSL::Cipher.new('aes-128-gcm')
  when CipherSuite::TLS_AES_256_GCM_SHA384
    @cipher = OpenSSL::Cipher.new('aes-256-gcm')
  when CipherSuite::TLS_CHACHA20_POLY1305_SHA256
    @cipher = OpenSSL::Cipher.new('chacha20-poly1305')
  when CipherSuite::TLS_AES_128_CCM_SHA256,
       CipherSuite::TLS_AES_128_CCM_8_SHA256
    @cipher = OpenSSL::Cipher.new('aes-128-ccm')
  else
    raise Error::ErrorAlerts, :internal_error
  end
  @write_key = write_key
  @write_iv = write_iv
  @sequence_number = sequence_number
  @length_of_padding = length_of_padding
  @auth_tag_len = CipherSuite.auth_tag_len(@cipher_suite)
end

Instance Attribute Details

#auth_tag_lenObject (readonly)

Returns the value of attribute auth_tag_len.



8
9
10
 
# File 'lib/tttls1.3/cryptograph/aead.rb', line 8

def auth_tag_len
  @auth_tag_len
end

Instance Method Details

#decrypt(encrypted_record, auth_data) ⇒ String, TTTLS13::Message::ContentType

AEAD-Decrypt(peer_write_key, nonce,

additional_data, AEADEncrypted)

Parameters:

  • encrypted_record (String)
  • auth_data (String)

Returns:

Raises:

  • (OpenSSL::Cipher::CipherError) 


66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
 
# File 'lib/tttls1.3/cryptograph/aead.rb', line 66

def decrypt(encrypted_record, auth_data)
  decipher = reset_decipher
  cipher_text = encrypted_record[0...-@auth_tag_len]
  decipher.ccm_data_len = cipher_text.length \
    if CipherSuite.ccm?(@cipher_suite)
  auth_tag = encrypted_record[-@auth_tag_len..]
  decipher.auth_tag = auth_tag
  decipher.auth_data = auth_data # record header of TLSCiphertext
  plain_text = decipher.update(cipher_text)
  decipher.final
  zeros_len = scan_zeros(plain_text)
  postfix_len = 1 + zeros_len # type || zeros
  @sequence_number.succ

  [plain_text[0...-postfix_len], plain_text[-postfix_len]]
end

#encrypt(content, type) ⇒ String

AEAD-Encrypt(write_key, nonce, additional_data, plaintext)

Parameters:

Returns:

  • (String) 


44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/tttls1.3/cryptograph/aead.rb', line 44

def encrypt(content, type)
  cipher = reset_cipher
  plain_text = content + type + @length_of_padding.zeros
  cipher.ccm_data_len = plain_text.length \
    if CipherSuite.ccm?(@cipher_suite)
  cipher.auth_data = additional_data(plain_text.length)
  cipher_text = cipher.update(plain_text) + cipher.final
  @sequence_number.succ

  cipher_text + cipher.auth_tag
end

#tlsplaintext_length_limit(record_size_limit) ⇒ Integer

struct {

    opaque content[TLSPlaintext.length];
    ContentType type;
    uint8 zeros[length_of_padding];
} TLSInnerPlaintext;

Parameters:

  • record_size_limit (Integer)

Returns:

  • (Integer) 


92
93
94
 
# File 'lib/tttls1.3/cryptograph/aead.rb', line 92

def tlsplaintext_length_limit(record_size_limit)
  record_size_limit - 1 - @length_of_padding
end