Skip to content

Commit 627f344

Browse files
rubysamurairubysamurai
committed
feat: derive a key of the correct length based on the cipher
Derive a key of the appropriate length instead of default 32-byte digest from SHA256.
1 parent 804b1e2 commit 627f344

File tree

2 files changed

+73
-9
lines changed

2 files changed

+73
-9
lines changed

lib/cryptology.rb

+7-6
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,8 @@ module Cryptology
66
def self.encrypt(data:, key:, salt: nil, iter: 10_000, cipher: 'AES-256-CBC', iv: nil)
77
salt ||= OpenSSL::Random.random_bytes(16)
88
iv ||= OpenSSL::Cipher.new(cipher).random_iv
9-
encrypted = encrypt_data(data.to_s, digest_key(key, salt, iter), cipher, iv)
9+
derived_key = digest_key(key, salt, iter, OpenSSL::Cipher.new(cipher).key_len)
10+
encrypted = encrypt_data(data.to_s, derived_key, cipher, iv)
1011
{ 'cipher' => cipher,
1112
'salt' => salt,
1213
'iter' => iter,
@@ -16,7 +17,8 @@ def self.encrypt(data:, key:, salt: nil, iter: 10_000, cipher: 'AES-256-CBC', iv
1617

1718
def self.decrypt(data:, key:, salt:, iter: 10_000, cipher: 'AES-256-CBC', iv:)
1819
base64_decoded = ::Base64.decode64(data.to_s)
19-
decrypt_data(base64_decoded, digest_key(key, salt, iter), cipher, iv)
20+
derived_key = digest_key(key, salt, iter, OpenSSL::Cipher.new(cipher).key_len)
21+
decrypt_data(base64_decoded, derived_key, cipher, iv)
2022
.force_encoding('UTF-8').encode
2123
end
2224

@@ -42,10 +44,9 @@ def self.decrypt_data(data, key, cipher, iv)
4244
decipher.update(data) + decipher.final
4345
end
4446

45-
def self.digest_key(key, salt, iter)
46-
digest = OpenSSL::Digest::SHA256.new
47-
len = digest.digest_length
48-
OpenSSL::PKCS5.pbkdf2_hmac(key, salt, iter, len, digest)
47+
def self.digest_key(key, salt, iter, key_len)
48+
digest = OpenSSL::Digest.new('SHA256')
49+
OpenSSL::PKCS5.pbkdf2_hmac(key, salt, iter, key_len, digest)
4950
end
5051

5152
private_class_method :encrypt_data, :decrypt_data, :digest_key

spec/cryptology_spec.rb

+66-3
Original file line numberDiff line numberDiff line change
@@ -1,33 +1,96 @@
1-
CIPHERS = %w[AES-128-XTS
1+
CIPHERS = %w[AES-128-CBC
2+
AES-128-CFB
3+
AES-128-CFB1
4+
AES-128-CFB8
5+
AES-128-CTR
6+
AES-128-ECB
7+
AES-128-OFB
8+
AES-128-XTS
9+
AES-192-CBC
10+
AES-192-CFB
11+
AES-192-CFB1
12+
AES-192-CFB8
13+
AES-192-CTR
14+
AES-192-ECB
15+
AES-192-OFB
216
AES-256-CBC
317
AES-256-CFB
418
AES-256-CFB1
519
AES-256-CFB8
620
AES-256-CTR
721
AES-256-ECB
822
AES-256-OFB
23+
AES-256-XTS
24+
AES128
25+
AES192
926
AES256
1027

28+
ARIA-128-CBC
29+
ARIA-128-CFB
30+
ARIA-128-CFB1
31+
ARIA-128-CFB8
32+
ARIA-128-CTR
33+
ARIA-128-ECB
34+
ARIA-128-OFB
35+
ARIA-192-CBC
36+
ARIA-192-CFB
37+
ARIA-192-CFB1
38+
ARIA-192-CFB8
39+
ARIA-192-CTR
40+
ARIA-192-ECB
41+
ARIA-192-OFB
1142
ARIA-256-CBC
1243
ARIA-256-CFB
1344
ARIA-256-CFB1
1445
ARIA-256-CFB8
1546
ARIA-256-CTR
1647
ARIA-256-ECB
1748
ARIA-256-OFB
49+
ARIA128
50+
ARIA192
1851
ARIA256
1952

53+
CAMELLIA-128-CBC
54+
CAMELLIA-128-CFB
55+
CAMELLIA-128-CFB1
56+
CAMELLIA-128-CFB8
57+
CAMELLIA-128-CTR
58+
CAMELLIA-128-ECB
59+
CAMELLIA-128-OFB
60+
CAMELLIA-192-CBC
61+
CAMELLIA-192-CFB
62+
CAMELLIA-192-CFB1
63+
CAMELLIA-192-CFB8
64+
CAMELLIA-192-CTR
65+
CAMELLIA-192-ECB
66+
CAMELLIA-192-OFB
2067
CAMELLIA-256-CBC
2168
CAMELLIA-256-CFB
2269
CAMELLIA-256-CFB1
2370
CAMELLIA-256-CFB8
2471
CAMELLIA-256-CTR
2572
CAMELLIA-256-ECB
2673
CAMELLIA-256-OFB
74+
CAMELLIA128
75+
CAMELLIA192
2776
CAMELLIA256
2877

2978
CHACHA20
30-
CHACHA20-POLY1305].freeze
79+
CHACHA20-POLY1305
80+
81+
DES-EDE
82+
DES-EDE-CBC
83+
DES-EDE-CFB
84+
DES-EDE-ECB
85+
DES-EDE-OFB
86+
DES-EDE3
87+
DES-EDE3-CBC
88+
DES-EDE3-CFB
89+
DES-EDE3-CFB1
90+
DES-EDE3-CFB8
91+
DES-EDE3-ECB
92+
DES-EDE3-OFB
93+
DES3].freeze
3194

3295
RSpec.describe Cryptology do
3396
let(:data) { 'Very confidential data with UTF-8 symbols: ♠ я ü æ' }
@@ -195,7 +258,7 @@
195258
key: key,
196259
salt: salt,
197260
iter: iter,
198-
cipher: 'AES-256-CBC',
261+
cipher: 'AES-128-CCM',
199262
iv: iv)
200263
).to be false
201264
end

0 commit comments

Comments
 (0)