Module: Mongo::Crypt::Hooks Private

Defined in:

build/ruby-driver-v2.17/lib/mongo/crypt/hooks.rb

Overview

This module is part of a private API. You should avoid using this module if possible, as it may be removed or be changed in the future.

A helper module that implements cryptography methods required for native Ruby crypto hooks. These methods are passed into FFI as C callbacks and called from the libmongocrypt library.

Class Method Summary

• .aes(key, iv, input, decrypt: false) ⇒ String private

  An AES encrypt or decrypt method.

• .hash_sha256(input) ⇒ String private

  A crypto hash (SHA-256) function.

• .hmac_sha(digest_name, key, input) ⇒ String private

  An HMAC SHA-512 or SHA-256 function.

• .random(num_bytes) ⇒ String private

  Crypto secure random function.

Class Method Details

.aes(key, iv, input, decrypt: false) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

An AES encrypt or decrypt method.

Parameters:

• key (String) —

  The 32-byte AES encryption key

• iv (String) —

  The 16-byte AES IV

• input (String) —

  The data to be encrypted/decrypted

• decrypt (true | false) (defaults to: false) —

  Whether this method is decrypting. Default is false, which means the method will create an encryption cipher by default

Returns:

• (String) —

  Output

Raises:

• (Exception) —

  Exceptions raised during encryption are propagated to caller.

# File 'build/ruby-driver-v2.17/lib/mongo/crypt/hooks.rb', line 42

def aes(key, iv, input, decrypt: false)
  cipher = OpenSSL::Cipher::AES.new(256, :CBC)

  decrypt ? cipher.decrypt : cipher.encrypt
  cipher.key = key
  cipher.iv = iv
  cipher.padding = 0

  encrypted = cipher.update(input)
end

.hash_sha256(input) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

A crypto hash (SHA-256) function

Parameters:

• input (String) —

  The data to be hashed

Returns:

• (String)

Raises:

• (Exception) —

  Exceptions raised during encryption are propagated to caller.

# File 'build/ruby-driver-v2.17/lib/mongo/crypt/hooks.rb', line 87

def hash_sha256(input)
  Digest::SHA2.new(256).digest(input)
end

.hmac_sha(digest_name, key, input) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

An HMAC SHA-512 or SHA-256 function

Parameters:

• digest_name (String) —

  The name of the digest, either “SHA256” or “SHA512”

• key (String) —

  The 32-byte AES encryption key

• input (String) —

  The data to be tagged

Returns:

• (String)

Raises:

• (Exception) —

  Exceptions raised during encryption are propagated to caller.

# File 'build/ruby-driver-v2.17/lib/mongo/crypt/hooks.rb', line 75

def hmac_sha(digest_name, key, input)
  OpenSSL::HMAC.digest(digest_name, key, input)
end

.random(num_bytes) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Crypto secure random function

Parameters:

• num_bytes (Integer) —

  The number of random bytes requested

Returns:

• (String)

Raises:

• (Exception) —

  Exceptions raised during encryption are propagated to caller.

# File 'build/ruby-driver-v2.17/lib/mongo/crypt/hooks.rb', line 61

def random(num_bytes)
  SecureRandom.random_bytes(num_bytes)
end