Sha256: cd591a703dc933f68c7d5136e813af3dac34d9e876899be472b1520e943f720d
Contents?: true
Size: 1.2 KB
Versions: 3
Compression:
Stored size: 1.2 KB
Contents
class Lockbox
class KeyGenerator
def initialize(master_key)
@master_key = master_key
end
# pattern ported from CipherSweet
# https://ciphersweet.paragonie.com/internals/key-hierarchy
def attribute_key(table:, attribute:)
raise ArgumentError, "Missing table for key generation" if table.to_s.empty?
raise ArgumentError, "Missing attribute for key generation" if attribute.to_s.empty?
c = "\xB4"*32
hkdf(Lockbox::Utils.decode_key(@master_key), salt: table.to_s, info: "#{c}#{attribute}", length: 32, hash: "sha384")
end
private
def hash_hmac(hash, ikm, salt)
OpenSSL::HMAC.digest(hash, salt, ikm)
end
def hkdf(ikm, salt:, info:, length:, hash:)
if OpenSSL::KDF.respond_to?(:hkdf)
return OpenSSL::KDF.hkdf(ikm, salt: salt, info: info, length: length, hash: hash)
end
prk = hash_hmac(hash, ikm, salt)
# empty binary string
t = String.new
last_block = String.new
block_index = 1
while t.bytesize < length
last_block = hash_hmac(hash, last_block + info + [block_index].pack("C"), prk)
t << last_block
block_index += 1
end
t[0, length]
end
end
end
Version data entries
3 entries across 3 versions & 1 rubygems
| Version | Path |
|---|---|
| lockbox-0.2.2 | lib/lockbox/key_generator.rb |
| lockbox-0.2.1 | lib/lockbox/key_generator.rb |
| lockbox-0.2.0 | lib/lockbox/key_generator.rb |