hpke 0.2.0 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/hpke.gemspec +1 -1
- data/lib/hpke/version.rb +1 -1
- data/lib/hpke.rb +27 -31
- metadata +8 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9172f40ce30fde1a8dc74e45379371d3dcb85ffc28502fe3ff3c3e845b169a94
|
|
4
|
+
data.tar.gz: 1caa20117210b78f224146272cad6b63c1a6abdbcf1315752063d44f20f7cdd8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a4bfef8659dbed463b0c4f6eead0881f20fd74bc05519ab73b1f8e4661a0bd054eb4a1224bbf1b1a91c4b2572b60d131e0861a14722cf39b20e259b57982ca62
|
|
7
|
+
data.tar.gz: '00398459076f9dbccbf85f530ae071835456c11b6de178f0fe7347f5ca9584cdc6cde4aadee28d9dbfb28b99d745d3dc9d5b2253485cd3237c17ec3831002aa9'
|
data/hpke.gemspec
CHANGED
|
@@ -29,7 +29,7 @@ Gem::Specification.new do |spec|
|
|
|
29
29
|
spec.require_paths = ["lib"]
|
|
30
30
|
|
|
31
31
|
# Uncomment to register a new dependency of your gem
|
|
32
|
-
spec.add_dependency "openssl", "~> 3.3.0"
|
|
32
|
+
spec.add_dependency "openssl", "~> 3.3.0", ">= 3.0"
|
|
33
33
|
|
|
34
34
|
# For more information and examples about making a new gem, check out our
|
|
35
35
|
# guide at: https://bundler.io/guides/creating_gem.html
|
data/lib/hpke/version.rb
CHANGED
data/lib/hpke.rb
CHANGED
|
@@ -168,6 +168,30 @@ class HPKE
|
|
|
168
168
|
@hkdf.labeled_expand(exporter_secret, 'sec', exporter_context, len, suite_id)
|
|
169
169
|
end
|
|
170
170
|
|
|
171
|
+
def aead_encrypt(key, nonce, aad, pt)
|
|
172
|
+
cipher = OpenSSL::Cipher.new(aead_name)
|
|
173
|
+
cipher.encrypt
|
|
174
|
+
cipher.key = key
|
|
175
|
+
cipher.iv = nonce
|
|
176
|
+
cipher.auth_data = aad
|
|
177
|
+
cipher.padding = 0
|
|
178
|
+
s = cipher.update(pt) << cipher.final
|
|
179
|
+
s + cipher.auth_tag
|
|
180
|
+
end
|
|
181
|
+
|
|
182
|
+
def aead_decrypt(key, nonce, aad, ct)
|
|
183
|
+
ct_body = ct[0, ct.length - n_t]
|
|
184
|
+
tag = ct[-n_t, n_t]
|
|
185
|
+
cipher = OpenSSL::Cipher.new(aead_name)
|
|
186
|
+
cipher.decrypt
|
|
187
|
+
cipher.key = key
|
|
188
|
+
cipher.iv = nonce
|
|
189
|
+
cipher.auth_tag = tag
|
|
190
|
+
cipher.auth_data = aad
|
|
191
|
+
cipher.padding = 0
|
|
192
|
+
cipher.update(ct_body) << cipher.final
|
|
193
|
+
end
|
|
194
|
+
|
|
171
195
|
private
|
|
172
196
|
|
|
173
197
|
def suite_id
|
|
@@ -254,47 +278,19 @@ class HPKE::ContextS < HPKE::Context
|
|
|
254
278
|
def seal(aad, pt)
|
|
255
279
|
raise Exception.new('AEAD is export only') if @hpke.aead_name == :export_only
|
|
256
280
|
|
|
257
|
-
ct =
|
|
281
|
+
ct = @hpke.aead_encrypt(@key, compute_nonce(@sequence_number), aad, pt)
|
|
258
282
|
increment_seq
|
|
259
283
|
ct
|
|
260
284
|
end
|
|
261
|
-
|
|
262
|
-
private
|
|
263
|
-
|
|
264
|
-
def cipher_seal(key, nonce, aad, pt)
|
|
265
|
-
cipher = OpenSSL::Cipher.new(@hpke.aead_name)
|
|
266
|
-
cipher.encrypt
|
|
267
|
-
cipher.key = key
|
|
268
|
-
cipher.iv = nonce
|
|
269
|
-
cipher.auth_data = aad
|
|
270
|
-
cipher.padding = 0
|
|
271
|
-
s = cipher.update(pt) << cipher.final
|
|
272
|
-
s + cipher.auth_tag
|
|
273
|
-
end
|
|
274
285
|
end
|
|
275
286
|
|
|
276
287
|
class HPKE::ContextR < HPKE::Context
|
|
277
288
|
def open(aad, ct)
|
|
278
289
|
raise Exception.new('AEAD is export only') if @hpke.aead_name == :export_only
|
|
279
290
|
|
|
280
|
-
pt =
|
|
291
|
+
pt = @hpke.aead_decrypt(@key, compute_nonce(@sequence_number), aad, ct)
|
|
281
292
|
# TODO: catch openerror then send out own openerror
|
|
282
293
|
increment_seq
|
|
283
294
|
pt
|
|
284
295
|
end
|
|
285
|
-
|
|
286
|
-
private
|
|
287
|
-
|
|
288
|
-
def cipher_open(key, nonce, aad, ct)
|
|
289
|
-
ct_body = ct[0, ct.length - @hpke.n_t]
|
|
290
|
-
tag = ct[-@hpke.n_t, @hpke.n_t]
|
|
291
|
-
cipher = OpenSSL::Cipher.new(@hpke.aead_name)
|
|
292
|
-
cipher.decrypt
|
|
293
|
-
cipher.key = key
|
|
294
|
-
cipher.iv = nonce
|
|
295
|
-
cipher.auth_tag = tag
|
|
296
|
-
cipher.auth_data = aad
|
|
297
|
-
cipher.padding = 0
|
|
298
|
-
cipher.update(ct_body) << cipher.final
|
|
299
|
-
end
|
|
300
|
-
end
|
|
296
|
+
end
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hpke
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ryo Kajiwara
|
|
8
8
|
bindir: exe
|
|
9
9
|
cert_chain: []
|
|
10
|
-
date: 2025-04-
|
|
10
|
+
date: 2025-04-04 00:00:00.000000000 Z
|
|
11
11
|
dependencies:
|
|
12
12
|
- !ruby/object:Gem::Dependency
|
|
13
13
|
name: openssl
|
|
@@ -16,6 +16,9 @@ dependencies:
|
|
|
16
16
|
- - "~>"
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
18
|
version: 3.3.0
|
|
19
|
+
- - ">="
|
|
20
|
+
- !ruby/object:Gem::Version
|
|
21
|
+
version: '3.0'
|
|
19
22
|
type: :runtime
|
|
20
23
|
prerelease: false
|
|
21
24
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -23,6 +26,9 @@ dependencies:
|
|
|
23
26
|
- - "~>"
|
|
24
27
|
- !ruby/object:Gem::Version
|
|
25
28
|
version: 3.3.0
|
|
29
|
+
- - ">="
|
|
30
|
+
- !ruby/object:Gem::Version
|
|
31
|
+
version: '3.0'
|
|
26
32
|
description: Hybrid Public Key Encryption (HPKE; RFC 9180) on Ruby
|
|
27
33
|
email:
|
|
28
34
|
- sylph01@s01.ninja
|