lib/lockbox/aes_gcm.rb in lockbox-0.1.0 vs lib/lockbox/aes_gcm.rb in lockbox-0.1.1
- old
+ new
@@ -1,5 +1,7 @@
+require "openssl"
+
class Lockbox
class AES_GCM
def initialize(key)
raise ArgumentError, "Key must be 32 bytes" unless key && key.bytesize == 32
raise ArgumentError, "Key must be binary" unless key.encoding == Encoding::BINARY
@@ -7,10 +9,11 @@
@key = key
end
def encrypt(nonce, message, associated_data)
cipher = OpenSSL::Cipher.new("aes-256-gcm")
+ # do not change order of operations
cipher.encrypt
cipher.key = @key
cipher.iv = nonce
# From Ruby 2.5.3 OpenSSL::Cipher docs:
# If no associated data shall be used, this method must still be called with a value of ""
@@ -29,9 +32,10 @@
fail_decryption if nonce.to_s.bytesize != nonce_bytes
fail_decryption if auth_tag.to_s.bytesize != auth_tag_bytes
fail_decryption if ciphertext.to_s.bytesize == 0
cipher = OpenSSL::Cipher.new("aes-256-gcm")
+ # do not change order of operations
cipher.decrypt
cipher.key = @key
cipher.iv = nonce
cipher.auth_tag = auth_tag
# From Ruby 2.5.3 OpenSSL::Cipher docs: