Commits

Michael Granger  committed befddc1

Use the block size from the configured cipher

  • Participants
  • Parent commits 4b9120c

Comments (0)

Files changed (1)

File lib/strelka/scscookie.rb

 	CONFIG_DEFAULTS = {
 		cipher_type:     'aes-128-cbc',
 		digest_type:     'sha1',
-		block_size:      16,
 		framing_byte:    '|',
 		max_session_age: 3600,
 		compression:     false,
 	@digest_type = CONFIG_DEFAULTS[:digest_type]
 
 	##
-	# Number of bytes to use for the IV
-	singleton_attr_accessor :block_size
-	@block_size = CONFIG_DEFAULTS[:block_size]
-
-	##
 	# The explicit framing byte used to concatenate the parts of the authtag
 	singleton_attr_accessor :framing_byte
 	@framing_byte = CONFIG_DEFAULTS[:framing_byte]
 
 		self.cipher_type     = config[:cipher_type]     || CONFIG_DEFAULTS[:cipher_type]
 		self.digest_type     = config[:digest_type]     || CONFIG_DEFAULTS[:digest_type]
-		self.block_size      = config[:block_size]      || CONFIG_DEFAULTS[:block_size]
 		self.framing_byte    = config[:framing_byte]    || CONFIG_DEFAULTS[:framing_byte]
 		self.max_session_age = config[:max_session_age] || CONFIG_DEFAULTS[:max_session_age]
 		self.compression     = config[:compression]     || CONFIG_DEFAULTS[:compression]
 
-		self.log.info "Configured: cipher: %s, digest: %s, blksize: %d, framebyte: %p, maxage: %ds, compression: %s" % [
+		self.log.info "Configured: cipher: %s, digest: %s, framebyte: %p, maxage: %ds, compression: %s" % [
 			self.cipher_type,
 			self.digest_type,
-			self.block_size,
 			self.framing_byte,
 			self.max_session_age,
 			self.compression
 	end
 
 
-	### Make a new key to use for encryption.
+	### Make a new key to use for encrypting the cookie data and return it.
 	def self::make_new_key
 		key_size = self.make_cipher.key_len
 		return OpenSSL::Random.random_bytes( key_size )
 	end
 
 
-	### Make a new key to use for the HMAC.
+	### Make a new key to use for the HMAC digest and return it.
 	def self::make_new_hkey
 		key_size = self.make_digest.size
 		return OpenSSL::Random.random_bytes( key_size )
 	end
 
 
-	### Generate a new transform ID of the specified +size+.
+	### Generate a new transform ID and return it.
 	def self::make_new_tid
-		size = [ self.block_size, SCS_TID_MAX ].min
+		size = [ self.make_cipher.block_size, SCS_TID_MAX ].min
 		data = OpenSSL::Random.random_bytes( size )
 		# Shift bytes into visible ASCII:
 		#   http://goo.gl/8QIVE
 	end
 
 
+	### Generate a new initialization vector and return it.
+	def self::make_new_iv
+		size = self.make_cipher.block_size
+		return OpenSSL::Random.random_bytes( size )
+	end
+
+
 	### Encrypt the specified +data+ using the specified +key+ and +iv+.
 	def self::encrypt( data, iv, key )
 		cipher = self.make_cipher
 	def initialize( name, value, options={} ) # :notnew:
 		@atime       = Time.now
 		@keyset      = self.class.current_keyset
-		@iv          = OpenSSL::Random.random_bytes( self.class.block_size )
+		@iv          = self.class.make_new_iv
 
 		super
 	end