asherah 0.1.0.beta.1-aarch64-linux

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 34d923ebd19903e064dbb021dc188b42a20e3ea26dfc387b8eebd27faecf8124
4
+ data.tar.gz: 9ef0178a5b6d440a40ce470097e73b4c88b286ed5ef5743b14438554da56ced2
5
+ SHA512:
6
+ metadata.gz: 2a66d75b94988ec99bae8c7f9563dbfa3be4ec811926758a51f878b584efe971986c1cb5ac37b42bd54724491d343541ac9da64686b64d09fd4500a193109093
7
+ data.tar.gz: b408f29b7332e26fdb42d38486048a66769f0ff0fa2972a11eabf9f68f59b367cf108f3430f8f73cb4a198f9e0333ae4f999cc9d4f4e7b81af022e4f5a725cb8
data/.rspec ADDED
@@ -0,0 +1,3 @@
1
+ --format documentation
2
+ --color
3
+ --require spec_helper
data/.rubocop.yml ADDED
@@ -0,0 +1,39 @@
1
+ AllCops:
2
+ TargetRubyVersion: 2.5
3
+ NewCops: enable
4
+ SuggestExtensions: false
5
+ Exclude:
6
+ - 'vendor/**/*' # Github Actions
7
+
8
+ Layout/LineLength:
9
+ Max: 120
10
+
11
+ Metrics/BlockLength:
12
+ Enabled: false
13
+
14
+ Metrics/MethodLength:
15
+ Enabled: false
16
+
17
+ Style/WordArray:
18
+ Enabled: false
19
+
20
+ Style/SymbolArray:
21
+ Enabled: false
22
+
23
+ Style/MultilineBlockChain:
24
+ Enabled: false
25
+
26
+ Style/BlockDelimiters:
27
+ Enabled: false
28
+
29
+ Style/HashAsLastArrayItem:
30
+ Enabled: false
31
+
32
+ Metrics/AbcSize:
33
+ Enabled: false
34
+
35
+ Metrics/ParameterLists:
36
+ Enabled: false
37
+
38
+ Metrics/ModuleLength:
39
+ Enabled: false
data/.ruby-version ADDED
@@ -0,0 +1 @@
1
+ 3.1.0
data/CHANGELOG.md ADDED
@@ -0,0 +1,5 @@
1
+ ## [Unreleased]
2
+
3
+ ## [0.1.0] - 2022-03-02
4
+
5
+ - Initial release
@@ -0,0 +1,77 @@
1
+ # Contributor Covenant Code of Conduct
2
+
3
+ ## Our Pledge
4
+
5
+ In the interest of fostering an open and welcoming environment, we as
6
+ contributors and maintainers pledge to making participation in our project and
7
+ our community a harassment-free experience for everyone, regardless of age, body
8
+ size, disability, ethnicity, sex characteristics, gender identity and expression,
9
+ level of experience, education, socio-economic status, nationality, personal
10
+ appearance, race, religion, or sexual identity and orientation.
11
+
12
+ ## Our Standards
13
+
14
+ Examples of behavior that contributes to creating a positive environment
15
+ include:
16
+
17
+ * Using welcoming and inclusive language
18
+ * Being respectful of differing viewpoints and experiences
19
+ * Gracefully accepting constructive criticism
20
+ * Focusing on what is best for the community
21
+ * Showing empathy towards other community members
22
+
23
+ Examples of unacceptable behavior by participants include:
24
+
25
+ * The use of sexualized language or imagery and unwelcome sexual attention or
26
+ advances
27
+ * Trolling, insulting/derogatory comments, and personal or political attacks
28
+ * Public or private harassment
29
+ * Publishing others' private information, such as a physical or electronic
30
+ address, without explicit permission
31
+ * Other conduct which could reasonably be considered inappropriate in a
32
+ professional setting
33
+
34
+ ## Our Responsibilities
35
+
36
+ Project maintainers are responsible for clarifying the standards of acceptable
37
+ behavior and are expected to take appropriate and fair corrective action in
38
+ response to any instances of unacceptable behavior.
39
+
40
+ Project maintainers have the right and responsibility to remove, edit, or
41
+ reject comments, commits, code, wiki edits, issues, and other contributions
42
+ that are not aligned to this Code of Conduct, or to ban temporarily or
43
+ permanently any contributor for other behaviors that they deem inappropriate,
44
+ threatening, offensive, or harmful.
45
+
46
+ ## Scope
47
+
48
+ This Code of Conduct applies within all project spaces, and it also applies when
49
+ an individual is representing the project or its community in public spaces.
50
+ Examples of representing a project or community include using an official
51
+ project e-mail address, posting via an official social media account, or acting
52
+ as an appointed representative at an online or offline event. Representation of
53
+ a project may be further defined and clarified by project maintainers.
54
+
55
+ ## Enforcement
56
+
57
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be
58
+ reported by contacting the project team at oss@godaddy.com. All
59
+ complaints will be reviewed and investigated and will result in a response that
60
+ is deemed necessary and appropriate to the circumstances. The project team is
61
+ obligated to maintain confidentiality with regard to the reporter of an incident.
62
+ Further details of specific enforcement policies may be posted separately.
63
+
64
+ Project maintainers who do not follow or enforce the Code of Conduct in good
65
+ faith may face temporary or permanent repercussions as determined by other
66
+ members of the project's leadership.
67
+
68
+ ## Attribution
69
+
70
+ This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
71
+ available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
72
+
73
+ [homepage]: https://www.contributor-covenant.org
74
+
75
+ For answers to common questions about this code of conduct, see
76
+ https://www.contributor-covenant.org/faq
77
+
data/CONTRIBUTING.md ADDED
@@ -0,0 +1,128 @@
1
+ # Contributing
2
+
3
+ Everyone is welcome to contribute to GoDaddy's Open Source Software.
4
+ Contributing doesn’t just mean submitting pull requests. To get involved,
5
+ you can report or triage bugs, and participate in discussions on the
6
+ evolution of each project.
7
+
8
+ No matter how you want to get involved, we ask that you first learn what’s
9
+ expected of anyone who participates in the project by reading the Contribution
10
+ Guidelines and our [Code of Conduct][coc].
11
+
12
+ **Please Note:** GitHub is for bug reports and contributions primarily -
13
+ if you have a support question head over to [GoDaddy's Open Source
14
+ Software Slack channel][slack]. You can request an invite
15
+ [here][invite].
16
+
17
+ ## Answering Questions
18
+
19
+ One of the most important and immediate ways you can support this project is
20
+ to answer questions on [Slack][slack] or [Github][issues]. Whether you’re
21
+ helping a newcomer understand a feature or troubleshooting an edge case with a
22
+ seasoned developer, your knowledge and experience with a programming language
23
+ can go a long way to help others.
24
+
25
+ ## Reporting Bugs
26
+
27
+ **Do not report potential security vulnerabilities here. Refer to
28
+ [SECURITY.md](./SECURITY.md) for more details about the process of reporting
29
+ security vulnerabilities.**
30
+
31
+ Before submitting a ticket, please search our [Issue Tracker][issues] to make
32
+ sure it does not already exist and have a simple replication of the behavior. If
33
+ the issue is isolated to one of the dependencies of this project, please create
34
+ a Github issue in that project. All dependencies should be open source software
35
+ and can be found on Github.
36
+
37
+ Submit a ticket for your issue, assuming one does not already exist:
38
+
39
+ - Create it on the project's [issue Tracker][issues].
40
+ - Clearly describe the issue by following the template layout
41
+ - Make sure to include steps to reproduce the bug.
42
+ - A reproducible (unit) test could be helpful in solving the bug.
43
+ - Describe the environment that (re)produced the problem.
44
+
45
+ ## Triaging bugs or contributing code
46
+
47
+ If you're triaging a bug, first make sure that you can reproduce it. Once a bug
48
+ can be reproduced, reduce it to the smallest amount of code possible. Reasoning
49
+ about a sample or unit test that reproduces a bug in just a few lines of code
50
+ is easier than reasoning about a longer sample.
51
+
52
+ From a practical perspective, contributions are as simple as:
53
+
54
+ 1. Fork and clone the repo, [see Github's instructions if you need help.][fork]
55
+ 1. Create a branch for your PR with `git checkout -b pr/your-branch-name`
56
+ 1. Make changes on the branch of your forked repository.
57
+ 1. When committing, reference your issue (if present) and include a note about
58
+ the fix.
59
+ 1. Please also add/update unit tests for your changes.
60
+ 1. Push the changes to your fork and submit a pull request to the 'main
61
+ development branch' branch of the projects' repository.
62
+
63
+ If you are interested in making a large change and feel unsure about its overall
64
+ effect, start with opening an Issue in the project's [Issue Tracker][issues]
65
+ with a high-level proposal and discuss it with the core contributors through
66
+ Github comments or in [Slack][slack]. After reaching a consensus with core
67
+ contributors about the change, discuss the best way to go about implementing it.
68
+
69
+ > Tip: Keep your main branch pointing at the original repository and make
70
+ > pull requests from branches on your fork. To do this, run:
71
+ >
72
+ > ```sh
73
+ > git remote add upstream https://github.com/godaddy/asherah-ruby.git
74
+ > git fetch upstream
75
+ > git branch --set-upstream-to=upstream/main main
76
+ > ```
77
+ >
78
+ > This will add the original repository as a "remote" called "upstream," Then
79
+ > fetch the git information from that remote, then set your local main
80
+ > branch to use the upstream main branch whenever you run git pull. Then you
81
+ > can make all of your pull request branches based on this main branch.
82
+ > Whenever you want to update your version of main, do a regular git pull.
83
+
84
+ ## Code Review
85
+
86
+ Any open source project relies heavily on code review to improve software
87
+ quality. All significant changes, by all developers, must be reviewed before
88
+ they are committed to the repository. Code reviews are conducted on GitHub
89
+ through comments on pull requests or commits. The developer responsible for a
90
+ code change is also responsible for making all necessary review-related changes.
91
+
92
+ Sometimes code reviews will take longer than you would hope for, especially for
93
+ larger features. Here are some accepted ways to speed up review times for your
94
+ patches:
95
+
96
+ - Review other people’s changes. If you help out, others will more likely be
97
+ willing to do the same for you.
98
+ - Split your change into multiple smaller changes. The smaller your change,
99
+ the higher the probability that somebody will take a quick look at it.
100
+ - Mention the change on [Slack][slack]. If it is urgent, provide reasons why it
101
+ is important to get this change landed. Remember that you are asking for valuable
102
+ time from other professional developers.
103
+
104
+ **Note that anyone is welcome to review and give feedback on a change, but only
105
+ people with commit access to the repository can approve it.**
106
+
107
+ ## Attribution of Changes
108
+
109
+ When contributors submit a change to this project, after that change is
110
+ approved, other developers with commit access may commit it for the author. When
111
+ doing so, it is important to retain correct attribution of the contribution.
112
+ Generally speaking, Git handles attribution automatically.
113
+
114
+ ## Code Style and Documentation
115
+
116
+ Ensure that your contribution follows the standards set by the project's style
117
+ guide with respect to patterns, naming, documentation and testing.
118
+
119
+ # Additional Resources
120
+
121
+ - [General GitHub Documentation](https://help.github.com/)
122
+ - [GitHub Pull Request documentation](https://help.github.com/send-pull-requests/)
123
+
124
+ [issues]: https://github.com/godaddy/asherah-ruby/issues/
125
+ [coc]: ./CODE_OF_CONDUCT.md
126
+ [slack]: https://godaddy-oss.slack.com/
127
+ [fork]: https://help.github.com/en/articles/fork-a-repo
128
+ [invite]: https://godaddy-oss-slack.herokuapp.com
data/Gemfile ADDED
@@ -0,0 +1,12 @@
1
+ # frozen_string_literal: true
2
+
3
+ source 'https://rubygems.org'
4
+
5
+ # Specify your gem's dependencies in asherah.gemspec
6
+ gemspec
7
+
8
+ gem 'rake', '~> 13.0'
9
+
10
+ gem 'rspec', '~> 3.0'
11
+
12
+ gem 'rubocop', '~> 1.21'
data/LICENSE.txt ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2022 GoDaddy Operating Company, LLC.
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,39 @@
1
+ # Asherah
2
+
3
+ Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/asherah`. To experiment with that code, run `bin/console` for an interactive prompt.
4
+
5
+ TODO: Delete this and the text above, and describe your gem
6
+
7
+ ## Installation
8
+
9
+ Add this line to your application's Gemfile:
10
+
11
+ ```ruby
12
+ gem 'asherah'
13
+ ```
14
+
15
+ And then execute:
16
+
17
+ $ bundle install
18
+
19
+ Or install it yourself as:
20
+
21
+ $ gem install asherah
22
+
23
+ ## Usage
24
+
25
+ TODO: Write usage instructions here
26
+
27
+ ## Development
28
+
29
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
30
+
31
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
32
+
33
+ ## Contributing
34
+
35
+ Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/asherah.
36
+
37
+ ## License
38
+
39
+ The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
data/Rakefile ADDED
@@ -0,0 +1,97 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'bundler/gem_tasks'
4
+ require 'rspec/core/rake_task'
5
+ require 'rubygems/package'
6
+ require "open-uri"
7
+
8
+ RSpec::Core::RakeTask.new(:spec)
9
+
10
+ require 'rubocop/rake_task'
11
+
12
+ RuboCop::RakeTask.new
13
+
14
+ task default: %i[spec rubocop]
15
+
16
+ DISTRIBUTIONS = {
17
+ 'x86_64-linux' => ['libasherah-x64.so'],
18
+ 'x86_64-darwin' => ['libasherah-x64.dylib'],
19
+ 'aarch64-linux' => ['libasherah-arm64.so'],
20
+ 'arm64-darwin' => ['libasherah-arm64.dylib']
21
+ }
22
+
23
+ def native_build(platform, native_files)
24
+ puts "Building gem for #{platform}"
25
+
26
+ pkg_dir = File.join(__dir__, 'pkg')
27
+ FileUtils.mkdir_p(pkg_dir)
28
+
29
+ tmp_gem_dir = File.join(__dir__, 'tmp', platform)
30
+ FileUtils.rm_rf(tmp_gem_dir, verbose: true)
31
+ FileUtils.mkdir_p(tmp_gem_dir, verbose: true)
32
+
33
+ # Copy files to tmp gem dir
34
+ gemspec = Bundler.load_gemspec('asherah.gemspec')
35
+ gemspec.files.each do |file|
36
+ dir = File.dirname(file)
37
+ filename = File.basename(file)
38
+ FileUtils.mkdir_p(File.join(tmp_gem_dir, dir))
39
+ FileUtils.copy_file(file, File.join(tmp_gem_dir, dir, filename))
40
+ end
41
+
42
+ # Set platform for native gem build and remove extentions
43
+ gemspec.platform = Gem::Platform.new(platform)
44
+
45
+ native_dir = 'lib/asherah/native'
46
+ FileUtils.cd(tmp_gem_dir, verbose: true) do
47
+ FileUtils.mkdir_p(native_dir)
48
+ native_files.each do |native_file|
49
+ native_file_path = File.join(native_dir, native_file)
50
+ gemspec.files << native_file_path
51
+
52
+ URI.open(native_file_path, 'wb') do |file|
53
+ url = "https://github.com/godaddy/asherah-cobhan/releases/download/current/#{native_file}"
54
+ puts "Downloading #{url}"
55
+ file << URI.open(url).read
56
+ end
57
+ end
58
+
59
+ package = Gem::Package.build gemspec
60
+ FileUtils.mv package, File.join(pkg_dir, package)
61
+ end
62
+ end
63
+
64
+
65
+ namespace :native do
66
+ namespace :build do
67
+ desc "Build all native gems"
68
+ task :all do
69
+ DISTRIBUTIONS.each do |platform, native_files|
70
+ native_build(platform, native_files)
71
+ end
72
+ end
73
+
74
+ DISTRIBUTIONS.each do |platform, native_files|
75
+ desc "Build native gem for #{platform}"
76
+ task :"#{platform}" do
77
+ native_build(platform, native_files)
78
+ end
79
+ end
80
+ end
81
+
82
+ namespace :smoke do
83
+ require 'cobhan'
84
+
85
+ filename = Class.new.extend(Cobhan).library_file_name('libasherah')
86
+ platform, _ = DISTRIBUTIONS.detect { |k, v| v.include?(filename) }
87
+
88
+ desc "Smoke test native gem on #{platform} platform"
89
+ task :"#{platform}" => :"build:#{platform}" do
90
+ gemspec = Bundler.load_gemspec('asherah.gemspec')
91
+ gemspec.platform = Gem::Platform.new(platform)
92
+
93
+ sh("gem install pkg/#{gemspec.file_name}")
94
+ sh("ruby spec/smoke_test.rb")
95
+ end
96
+ end
97
+ end
data/SECURITY.md ADDED
@@ -0,0 +1,19 @@
1
+ # Reporting Security Issues
2
+
3
+ We take security very seriously at GoDaddy. We appreciate your efforts to
4
+ responsibly disclose your findings, and will make every effort to acknowledge
5
+ your contributions.
6
+
7
+ ## Where should I report security issues?
8
+
9
+ In order to give the community time to respond and upgrade, we strongly urge you
10
+ report all security issues privately.
11
+
12
+ To report a security issue in one of our Open Source projects email us directly
13
+ at **oss@godaddy.com** and include the word "SECURITY" in the subject line.
14
+
15
+ This mail is delivered to our Open Source Security team.
16
+
17
+ After the initial reply to your report, the team will keep you informed of the
18
+ progress being made towards a fix and announcement, and may ask for additional
19
+ information or guidance.
data/asherah.gemspec ADDED
@@ -0,0 +1,38 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative 'lib/asherah/version'
4
+
5
+ Gem::Specification.new do |spec|
6
+ spec.name = 'asherah'
7
+ spec.version = Asherah::VERSION
8
+ spec.authors = ['GoDaddy']
9
+ spec.email = ['oss@godaddy.com']
10
+
11
+ spec.summary = 'Application Layer Encryption SDK'
12
+ spec.description = <<~DESCRIPTION
13
+ Asherah is an application-layer encryption SDK that provides advanced
14
+ encryption features and defense in depth against compromise.
15
+ DESCRIPTION
16
+
17
+ spec.homepage = 'https://github.com/godaddy/asherah-ruby'
18
+ spec.license = 'MIT'
19
+ spec.required_ruby_version = '>= 2.5.0'
20
+
21
+ spec.metadata['homepage_uri'] = spec.homepage
22
+ spec.metadata['source_code_uri'] = 'https://github.com/godaddy/asherah-ruby'
23
+ spec.metadata['changelog_uri'] = 'https://github.com/godaddy/asherah-ruby/blob/main/CHANGELOG.md'
24
+ spec.metadata['rubygems_mfa_required'] = 'true'
25
+
26
+ # Specify which files should be added to the gem when it is released.
27
+ # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
28
+ spec.files = Dir.chdir(File.expand_path(__dir__)) do
29
+ `git ls-files -z`.split("\x0").reject do |f|
30
+ (f == __FILE__) || f.match(%r{\A(?:(?:bin|test|spec|features)/|\.(?:git|travis|circleci)|appveyor)})
31
+ end
32
+ end
33
+ spec.bindir = 'exe'
34
+ spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
35
+ spec.require_paths = ['lib']
36
+
37
+ spec.add_dependency 'cobhan', '~> 0.1.2'
38
+ end
@@ -0,0 +1,21 @@
1
+
2
+ module Asherah
3
+ module Error
4
+ ResultError = Class.new(StandardError)
5
+
6
+ CODES = {
7
+ -100 => 'not initialized',
8
+ -101 => 'already initialized',
9
+ -102 => 'get session failed',
10
+ -103 => 'encrypt failed',
11
+ -104 => 'eecrypt failed'
12
+ }
13
+
14
+ def self.check_result!(scope, result)
15
+ if result.negative?
16
+ error_message = Error::CODES.fetch(result) { 'unrecognized' }
17
+ raise Error::ResultError.new("#{scope} failed: #{error_message}")
18
+ end
19
+ end
20
+ end
21
+ end
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Asherah
4
+ VERSION = '0.1.0.beta.1'
5
+ end
data/lib/asherah.rb ADDED
@@ -0,0 +1,187 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative 'asherah/version'
4
+ require 'asherah/error'
5
+ require 'cobhan'
6
+
7
+ # Asherah uses the following data structures: `data_row_record`, `envelope_key_record`, and `key_meta`.
8
+ #
9
+ # `data_row_record` contains the encrypted key and provided data, as well as the information
10
+ # required to decrypt the key encryption key. This struct should be stored in your
11
+ # data persistence as it's required to decrypt data.
12
+ #
13
+ # data_row_record [Hash]
14
+ # key [Hash], envelope_key_record
15
+ # data [String]
16
+ #
17
+ # `envelope_key_record` represents an encrypted key and is the data structure used
18
+ # to persist the key in our key table. It also contains the meta data
19
+ # of the key used to encrypt it.
20
+ #
21
+ # envelope_key_record [Hash]
22
+ # created [Integer]
23
+ # encrypted_key [String]
24
+ # parent_key_meta [Hash], key_meta
25
+ #
26
+ # `key_meta` contains the `id` and `created` timestamp for an encryption key.
27
+ #
28
+ # key_meta [Hash]
29
+ # id [String]
30
+ # created [Integer]
31
+ module Asherah
32
+ extend Cobhan
33
+
34
+ LIB_ROOT_PATH = File.expand_path('asherah/native', __dir__)
35
+ load_library(LIB_ROOT_PATH, 'libasherah', [
36
+ [
37
+ :Setup,
38
+ [
39
+ :pointer, :pointer, :pointer, :pointer, :pointer, :pointer, :int32,
40
+ :pointer, :pointer, :pointer, :pointer, :int32, :int32, :int32
41
+ ],
42
+ :int32
43
+ ],
44
+ [:Encrypt, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int32],
45
+ [:Decrypt, [:pointer, :pointer, :pointer, :int64, :pointer, :int64, :pointer], :int32]
46
+ ].freeze)
47
+
48
+ class << self
49
+ # Initializes Asherah encryption session
50
+ #
51
+ # @param kms_type [String]
52
+ # @param metastore [String]
53
+ # @param service_name [String]
54
+ # @param product_id [String]
55
+ # @param rdbms_connection_string [String]
56
+ # @param dynamo_db_endpoint [String]
57
+ # @param dynamo_db_region [String]
58
+ # @param dynamo_db_table_name [String]
59
+ # @param enable_region_suffix [Boolean]
60
+ # @param preferred_region [String]
61
+ # @param region_map [String]
62
+ # @param verbose [Boolean]
63
+ # @param session_cache [Boolean]
64
+ # @param debug_output [Boolean]
65
+ def setup(
66
+ kms_type:,
67
+ metastore:,
68
+ service_name:,
69
+ product_id:,
70
+ rdbms_connection_string: '',
71
+ dynamo_db_endpoint: '',
72
+ dynamo_db_region: '',
73
+ dynamo_db_table_name: '',
74
+ enable_region_suffix: false,
75
+ preferred_region: '',
76
+ region_map: '',
77
+ verbose: false,
78
+ session_cache: false,
79
+ debug_output: false
80
+ )
81
+ kms_type_buffer = string_to_cbuffer(kms_type)
82
+ metastore_buffer = string_to_cbuffer(metastore)
83
+ rdbms_connection_string_buffer = string_to_cbuffer(rdbms_connection_string)
84
+ dynamo_db_endpoint_buffer = string_to_cbuffer(dynamo_db_endpoint)
85
+ dynamo_db_region_buffer = string_to_cbuffer(dynamo_db_region)
86
+ dynamo_db_table_name_buffer = string_to_cbuffer(dynamo_db_table_name)
87
+ enable_region_suffix_int = enable_region_suffix ? 1 : 0
88
+ service_name_buffer = string_to_cbuffer(service_name)
89
+ product_id_buffer = string_to_cbuffer(product_id)
90
+ preferred_region_buffer = string_to_cbuffer(preferred_region)
91
+ region_map_buffer = string_to_cbuffer(region_map)
92
+ verbose_int = verbose ? 1 : 0
93
+ session_cache_int = session_cache ? 1 : 0
94
+ debug_output_int = debug_output ? 1 : 0
95
+
96
+ result = Setup(
97
+ kms_type_buffer,
98
+ metastore_buffer,
99
+ rdbms_connection_string_buffer,
100
+ dynamo_db_endpoint_buffer,
101
+ dynamo_db_region_buffer,
102
+ dynamo_db_table_name_buffer,
103
+ enable_region_suffix_int,
104
+ service_name_buffer,
105
+ product_id_buffer,
106
+ preferred_region_buffer,
107
+ region_map_buffer,
108
+ verbose_int,
109
+ session_cache_int,
110
+ debug_output_int
111
+ )
112
+
113
+ Error.check_result!('setup', result)
114
+ end
115
+
116
+ # Encrypts data for a given partition_id
117
+ #
118
+ # @param partition_id [String]
119
+ # @param data [String]
120
+ # @return [Hash], data_row_record
121
+ def encrypt(partition_id, data)
122
+ partition_id_buffer = string_to_cbuffer(partition_id)
123
+ data_buffer = string_to_cbuffer(data)
124
+ output_encrypted_data_buffer = allocate_cbuffer(data.length + 256)
125
+ output_encrypted_key_buffer = allocate_cbuffer(256)
126
+ output_created_buffer = int_to_buffer(0)
127
+ output_parent_key_id_buffer = allocate_cbuffer(256)
128
+ output_parent_key_created_buffer = int_to_buffer(0)
129
+
130
+ result = Encrypt(
131
+ partition_id_buffer,
132
+ data_buffer,
133
+ output_encrypted_data_buffer,
134
+ output_encrypted_key_buffer,
135
+ output_created_buffer,
136
+ output_parent_key_id_buffer,
137
+ output_parent_key_created_buffer
138
+ )
139
+
140
+ Error.check_result!('encrypt', result)
141
+
142
+ parent_key_id = cbuffer_to_string(output_parent_key_id_buffer)
143
+
144
+ {
145
+ data: cbuffer_to_string(output_encrypted_data_buffer),
146
+ key: {
147
+ encrypted_key: cbuffer_to_string(output_encrypted_key_buffer),
148
+ created: buffer_to_int(output_created_buffer),
149
+ parent_key_meta: {
150
+ id: parent_key_id,
151
+ created: buffer_to_int(output_parent_key_created_buffer)
152
+ }
153
+ }
154
+ }
155
+ end
156
+
157
+ # Decrypts a data_row_record for a partition_id
158
+ #
159
+ # @param partition_id [String]
160
+ # @param data_row_record [Hash], data_row_record
161
+ # @return [String]
162
+ def decrypt(partition_id, data_row_record)
163
+ partition_id_buffer = string_to_cbuffer(partition_id)
164
+ encrypted_data_buffer = string_to_cbuffer(data_row_record[:data])
165
+ encrypted_key_buffer = string_to_cbuffer(data_row_record[:key][:encrypted_key])
166
+ created = data_row_record[:key][:created]
167
+ parent_key_id_buffer = string_to_cbuffer(data_row_record[:key][:parent_key_meta][:id])
168
+ parent_key_created = data_row_record[:key][:parent_key_meta][:created]
169
+
170
+ output_data_buffer = allocate_cbuffer(encrypted_data_buffer.size + 256)
171
+
172
+ result = Decrypt(
173
+ partition_id_buffer,
174
+ encrypted_data_buffer,
175
+ encrypted_key_buffer,
176
+ created,
177
+ parent_key_id_buffer,
178
+ parent_key_created,
179
+ output_data_buffer
180
+ )
181
+
182
+ Error.check_result!('decrypt', result)
183
+
184
+ cbuffer_to_string(output_data_buffer)
185
+ end
186
+ end
187
+ end
metadata ADDED
@@ -0,0 +1,79 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: asherah
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0.beta.1
5
+ platform: aarch64-linux
6
+ authors:
7
+ - GoDaddy
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2022-03-07 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: cobhan
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: 0.1.2
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: 0.1.2
27
+ description: |
28
+ Asherah is an application-layer encryption SDK that provides advanced
29
+ encryption features and defense in depth against compromise.
30
+ email:
31
+ - oss@godaddy.com
32
+ executables: []
33
+ extensions: []
34
+ extra_rdoc_files: []
35
+ files:
36
+ - ".rspec"
37
+ - ".rubocop.yml"
38
+ - ".ruby-version"
39
+ - CHANGELOG.md
40
+ - CODE_OF_CONDUCT.md
41
+ - CONTRIBUTING.md
42
+ - Gemfile
43
+ - LICENSE.txt
44
+ - README.md
45
+ - Rakefile
46
+ - SECURITY.md
47
+ - asherah.gemspec
48
+ - lib/asherah.rb
49
+ - lib/asherah/error.rb
50
+ - lib/asherah/native/libasherah-arm64.so
51
+ - lib/asherah/version.rb
52
+ homepage: https://github.com/godaddy/asherah-ruby
53
+ licenses:
54
+ - MIT
55
+ metadata:
56
+ homepage_uri: https://github.com/godaddy/asherah-ruby
57
+ source_code_uri: https://github.com/godaddy/asherah-ruby
58
+ changelog_uri: https://github.com/godaddy/asherah-ruby/blob/main/CHANGELOG.md
59
+ rubygems_mfa_required: 'true'
60
+ post_install_message:
61
+ rdoc_options: []
62
+ require_paths:
63
+ - lib
64
+ required_ruby_version: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: 2.5.0
69
+ required_rubygems_version: !ruby/object:Gem::Requirement
70
+ requirements:
71
+ - - ">"
72
+ - !ruby/object:Gem::Version
73
+ version: 1.3.1
74
+ requirements: []
75
+ rubygems_version: 3.3.3
76
+ signing_key:
77
+ specification_version: 4
78
+ summary: Application Layer Encryption SDK
79
+ test_files: []