* createDecipher * @param {number} cryptoScheme - cryptoScheme being used * @param {buffer} dataKey - the unencrypted key (either from the * appliance on a get or originally generated by kms in the case of a put) * @param {number} offset - offset * @param {object} log -
(cryptoScheme, dataKey, offset, log, cb)
| 119 | * @callback called with (err, decipher: ReadWritable.stream) |
| 120 | */ |
| 121 | static createDecipher(cryptoScheme, dataKey, offset, log, cb) { |
| 122 | this._deriveKey( |
| 123 | cryptoScheme, dataKey, log, |
| 124 | (err, derivedKey, derivedIV) => { |
| 125 | if (err) { |
| 126 | log.debug('key derivation failed', { error: err }); |
| 127 | return cb(err); |
| 128 | } |
| 129 | const aesBlockSize = this._aesBlockSize(); |
| 130 | const blocks = Math.floor(offset / aesBlockSize); |
| 131 | const toSkip = offset % aesBlockSize; |
| 132 | const iv = this._incrementIV(derivedIV, blocks); |
| 133 | const cipher = crypto.createDecipheriv(this._algorithm(), |
| 134 | derivedKey, iv); |
| 135 | if (toSkip) { |
| 136 | /* Above, we advanced to the latest boundary not |
| 137 | greater than the offset amount. Here we advance by |
| 138 | the toSkip amount if necessary. */ |
| 139 | const dummyBuffer = Buffer.alloc(toSkip); |
| 140 | cipher.write(dummyBuffer); |
| 141 | cipher.read(); |
| 142 | } |
| 143 | return cb(null, cipher); |
| 144 | }); |
| 145 | } |
| 146 | |
| 147 | /** |
| 148 | * createCipher (currently same as createDecipher function above. this |
no test coverage detected