class Chef::EncryptedDataBagItem::Decryptor::Version2Decryptor
Public Instance Methods
Source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 171 def decrypted_data validate_hmac! unless @decrypted_data super end
Calls superclass method
Chef::EncryptedDataBagItem::Decryptor::Version1Decryptor#decrypted_data
Source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 176 def validate_hmac! digest = OpenSSL::Digest.new("sha256") raw_hmac = OpenSSL::HMAC.digest(digest, key, @encrypted_data["encrypted_data"]) if candidate_hmac_matches?(raw_hmac) true else raise DecryptionFailure, "Error decrypting data bag value: invalid hmac. Most likely the provided key is incorrect" end end
Private Instance Methods
Source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 189 def candidate_hmac_matches?(expected_hmac) return false unless @encrypted_data["hmac"] expected_bytes = expected_hmac.bytes.to_a candidate_hmac_bytes = Base64.decode64(@encrypted_data["hmac"]).bytes.to_a valid = expected_bytes.size ^ candidate_hmac_bytes.size expected_bytes.zip(candidate_hmac_bytes) { |x, y| valid |= x ^ y.to_i } valid == 0 end