asherah 0.1.0.beta.2-aarch64-linux → 0.4.1-aarch64-linux
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +1 -0
- data/CHANGELOG.md +26 -0
- data/Gemfile +2 -0
- data/README.md +26 -12
- data/Rakefile +13 -80
- data/asherah.gemspec +3 -2
- data/ext/asherah/checksums.yml +5 -0
- data/ext/asherah/extconf.rb +7 -0
- data/ext/asherah/native_file.rb +64 -0
- data/lib/asherah/error.rb +4 -2
- data/lib/asherah/native/libasherah-arm64.so +0 -0
- data/lib/asherah/version.rb +1 -1
- data/lib/asherah.rb +38 -83
- metadata +11 -10
- data/lib/asherah/data_row_record.rb +0 -20
- data/lib/asherah/envelope_key_record.rb +0 -22
- data/lib/asherah/key_meta.rb +0 -18
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 552ed1c9e334c3f83bab7b90e0c522e00218a690d3e67bf59347e0065aa7a6d5
|
4
|
+
data.tar.gz: 98dcb37bc214640dec990ecaff49bea688d0966bc77f6182b43b19fe3fc686a8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3248250cf38f0ffb145c1e3d99a530d1167a903f4907216f010b77a1a5168a4ca8c54ee979853630035efa1f6f495f1aeea7d2ab82b66fd513ad9ecbfcdaed55
|
7
|
+
data.tar.gz: e9531283d182efb3c47f8234c4cd1b8e7dbb505a987a407d57847a07eb57b1994ba6d0fb2ce6c42d62e572e9a7031728ab718a3d53c657e8c35f11c908de8c47
|
data/.rubocop.yml
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,31 @@
|
|
1
1
|
## [Unreleased]
|
2
2
|
|
3
|
+
## [0.4.1] - 2022-03-25
|
4
|
+
|
5
|
+
- Build and release platform gems
|
6
|
+
|
7
|
+
## [0.4.0] - 2022-03-25
|
8
|
+
|
9
|
+
- Download native file during gem install and verify checksum
|
10
|
+
- Upgrade to use asherah-cobhan v0.4.11
|
11
|
+
|
12
|
+
## [0.3.0] - 2022-03-22
|
13
|
+
|
14
|
+
- Free up cobhan buffers after encrypt/decrypt to prevent growing heap memory
|
15
|
+
- Use local `estimate_buffer` calculation instead of FFI call
|
16
|
+
- Upgrade to use asherah-cobhan v0.4.3
|
17
|
+
|
18
|
+
## [0.2.0] - 2022-03-21
|
19
|
+
|
20
|
+
- Implement versioning for asherah-cobhan binaries
|
21
|
+
- Upgrade to use asherah-cobhan v0.3.1
|
22
|
+
- Add BadConfig error and expose error codes
|
23
|
+
- Remove DRR methods and use JSON exclusively
|
24
|
+
- Cross language testing using Asherah Go
|
25
|
+
|
26
|
+
## [0.1.0] - 2022-03-14
|
27
|
+
|
28
|
+
- First official release
|
3
29
|
|
4
30
|
## [0.1.0.beta2] - 2022-03-14
|
5
31
|
|
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -1,8 +1,8 @@
|
|
1
1
|
# Asherah
|
2
2
|
|
3
|
-
Asherah is a Ruby wrapper around [Asherah
|
3
|
+
Asherah is a Ruby FFI wrapper around Go version of [Asherah](https://github.com/godaddy/asherah) application-layer encryption SDK. Asherah provides advanced encryption features and defense in depth against compromise. It uses a technique known as "envelope encryption" and supports cloud-agnostic data storage and key management.
|
4
4
|
|
5
|
-
Check out the following documentation to get more familiar with
|
5
|
+
Check out the following documentation to get more familiar with the concepts and configuration options:
|
6
6
|
|
7
7
|
- [Design and Architecture](https://github.com/godaddy/asherah/blob/master/docs/DesignAndArchitecture.md)
|
8
8
|
- [Key Caching](https://github.com/godaddy/asherah/blob/master/docs/KeyCaching.md)
|
@@ -10,6 +10,10 @@ Check out the following documentation to get more familiar with its concepts:
|
|
10
10
|
- [Metastore](https://github.com/godaddy/asherah/blob/master/docs/Metastore.md)
|
11
11
|
- [System Requirements](https://github.com/godaddy/asherah/blob/master/docs/SystemRequirements.md)
|
12
12
|
|
13
|
+
## Supported Platforms
|
14
|
+
|
15
|
+
Currently supported platforms are Linux and Darwin operating systems for x64 and arm64 CPU architectures.
|
16
|
+
|
13
17
|
## Installation
|
14
18
|
|
15
19
|
Add this line to your application's Gemfile:
|
@@ -34,10 +38,10 @@ Configure Asherah:
|
|
34
38
|
|
35
39
|
```ruby
|
36
40
|
Asherah.configure do |config|
|
37
|
-
config.
|
41
|
+
config.kms = 'static'
|
38
42
|
config.metastore = 'memory'
|
39
|
-
config.service_name = '
|
40
|
-
config.product_id = '
|
43
|
+
config.service_name = 'service'
|
44
|
+
config.product_id = 'product'
|
41
45
|
end
|
42
46
|
```
|
43
47
|
|
@@ -45,23 +49,33 @@ Encrypt some data for a `partition_id`
|
|
45
49
|
|
46
50
|
```ruby
|
47
51
|
partition_id = 'user_1'
|
48
|
-
data = '
|
49
|
-
|
50
|
-
|
52
|
+
data = 'PII data'
|
53
|
+
data_row_record_json = Asherah.encrypt(partition_id, data)
|
54
|
+
puts data_row_record_json
|
51
55
|
```
|
52
56
|
|
53
|
-
Decrypt `
|
57
|
+
Decrypt `data_row_record_json`
|
54
58
|
|
55
59
|
```ruby
|
56
|
-
decrypted_data = Asherah.decrypt(partition_id,
|
57
|
-
|
60
|
+
decrypted_data = Asherah.decrypt(partition_id, data_row_record_json)
|
61
|
+
puts decrypted_data
|
58
62
|
```
|
59
63
|
|
60
64
|
## Development
|
61
65
|
|
62
66
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
63
67
|
|
64
|
-
To install this gem onto your local machine, run `
|
68
|
+
To install this gem onto your local machine, run `rake install`.
|
69
|
+
|
70
|
+
To release a new version, update the version number in `version.rb`, create and push a version tag:
|
71
|
+
|
72
|
+
```
|
73
|
+
git tag -a v$(rake version) -m "Version $(rake version)"
|
74
|
+
git push origin v$(rake version)
|
75
|
+
```
|
76
|
+
|
77
|
+
And then create a release in Github with title `echo "Version $(rake version)"` that will trigger `.github/workflows/publish.yml` workflow and push the `.gem` file to [rubygems.org](https://rubygems.org):
|
78
|
+
|
65
79
|
|
66
80
|
## Contributing
|
67
81
|
|
data/Rakefile
CHANGED
@@ -2,8 +2,6 @@
|
|
2
2
|
|
3
3
|
require 'bundler/gem_tasks'
|
4
4
|
require 'rspec/core/rake_task'
|
5
|
-
require 'rubygems/package'
|
6
|
-
require 'open-uri'
|
7
5
|
|
8
6
|
RSpec::Core::RakeTask.new(:spec)
|
9
7
|
|
@@ -11,86 +9,21 @@ require 'rubocop/rake_task'
|
|
11
9
|
|
12
10
|
RuboCop::RakeTask.new
|
13
11
|
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
'arm64-darwin' => ['libasherah-arm64.dylib']
|
21
|
-
}.freeze
|
22
|
-
|
23
|
-
def native_build(platform, native_files)
|
24
|
-
puts "Building gem for #{platform}"
|
25
|
-
|
26
|
-
pkg_dir = File.join(__dir__, 'pkg')
|
27
|
-
FileUtils.mkdir_p(pkg_dir)
|
28
|
-
|
29
|
-
tmp_gem_dir = File.join(__dir__, 'tmp', platform)
|
30
|
-
FileUtils.rm_rf(tmp_gem_dir, verbose: true)
|
31
|
-
FileUtils.mkdir_p(tmp_gem_dir, verbose: true)
|
32
|
-
|
33
|
-
# Copy files to tmp gem dir
|
34
|
-
gemspec = Bundler.load_gemspec('asherah.gemspec')
|
35
|
-
gemspec.files.each do |file|
|
36
|
-
dir = File.dirname(file)
|
37
|
-
filename = File.basename(file)
|
38
|
-
FileUtils.mkdir_p(File.join(tmp_gem_dir, dir))
|
39
|
-
FileUtils.copy_file(file, File.join(tmp_gem_dir, dir, filename))
|
40
|
-
end
|
41
|
-
|
42
|
-
# Set platform for native gem build and remove extentions
|
43
|
-
gemspec.platform = Gem::Platform.new(platform)
|
44
|
-
|
45
|
-
native_dir = 'lib/asherah/native'
|
46
|
-
FileUtils.cd(tmp_gem_dir, verbose: true) do
|
47
|
-
FileUtils.mkdir_p(native_dir)
|
48
|
-
native_files.each do |native_file|
|
49
|
-
native_file_path = File.join(native_dir, native_file)
|
50
|
-
gemspec.files << native_file_path
|
51
|
-
|
52
|
-
File.open(native_file_path, 'wb') do |file|
|
53
|
-
url = "https://github.com/godaddy/asherah-cobhan/releases/download/current/#{native_file}"
|
54
|
-
puts "Downloading #{url}"
|
55
|
-
file << URI.parse(url).open.read
|
56
|
-
end
|
57
|
-
end
|
58
|
-
|
59
|
-
package = Gem::Package.build gemspec
|
60
|
-
FileUtils.mv package, File.join(pkg_dir, package)
|
12
|
+
desc 'Download the binary for the current platform'
|
13
|
+
task :download do
|
14
|
+
tmp_dir = 'tmp'
|
15
|
+
FileUtils.mkdir_p(tmp_dir)
|
16
|
+
FileUtils.cd(tmp_dir, verbose: true) do
|
17
|
+
system('ruby ../ext/asherah/extconf.rb')
|
61
18
|
end
|
62
19
|
end
|
63
20
|
|
64
|
-
|
65
|
-
|
66
|
-
task :build do
|
67
|
-
DISTRIBUTIONS.each do |platform, native_files|
|
68
|
-
native_build(platform, native_files)
|
69
|
-
end
|
70
|
-
end
|
71
|
-
|
72
|
-
namespace :build do
|
73
|
-
DISTRIBUTIONS.each do |platform, native_files|
|
74
|
-
desc "Build native gem for #{platform}"
|
75
|
-
task :"#{platform}" do
|
76
|
-
native_build(platform, native_files)
|
77
|
-
end
|
78
|
-
end
|
79
|
-
end
|
80
|
-
|
81
|
-
namespace :smoke do
|
82
|
-
require 'cobhan'
|
83
|
-
|
84
|
-
filename = Class.new.extend(Cobhan).library_file_name('libasherah')
|
85
|
-
platform, _files = DISTRIBUTIONS.detect { |_k, v| v.include?(filename) }
|
86
|
-
|
87
|
-
desc "Smoke test native gem on #{platform} platform"
|
88
|
-
task "#{platform}": :"build:#{platform}" do
|
89
|
-
gemspec = Bundler.load_gemspec('asherah.gemspec')
|
90
|
-
gemspec.platform = Gem::Platform.new(platform)
|
21
|
+
task default: %i[spec rubocop]
|
22
|
+
task spec: :download
|
91
23
|
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
end
|
24
|
+
desc 'Print current version'
|
25
|
+
task :version do
|
26
|
+
puts Asherah::VERSION
|
96
27
|
end
|
28
|
+
|
29
|
+
Rake.add_rakelib 'tasks'
|
data/asherah.gemspec
CHANGED
@@ -27,14 +27,15 @@ Gem::Specification.new do |spec|
|
|
27
27
|
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
28
28
|
spec.files = Dir.chdir(File.expand_path(__dir__)) do
|
29
29
|
`git ls-files -z`.split("\x0").reject do |f|
|
30
|
-
(f == __FILE__) || f.match(%r{\A(?:(?:bin|test|spec|features)/|\.(?:git|travis|circleci)|appveyor)})
|
30
|
+
(f == __FILE__) || f.match(%r{\A(?:(?:bin|test|spec|features|tasks)/|\.(?:git|travis|circleci)|appveyor)})
|
31
31
|
end
|
32
32
|
end
|
33
33
|
spec.bindir = 'exe'
|
34
34
|
spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
|
35
35
|
spec.require_paths = ['lib']
|
36
|
+
spec.extensions = ['ext/asherah/extconf.rb']
|
36
37
|
|
37
|
-
spec.add_dependency 'cobhan', '~> 0.
|
38
|
+
spec.add_dependency 'cobhan', '~> 0.2.0'
|
38
39
|
spec.add_development_dependency 'dotenv', '~> 2.7.6'
|
39
40
|
spec.add_development_dependency 'rspec', '~> 3.10.0'
|
40
41
|
spec.add_development_dependency 'rubocop', '~> 1.7'
|
@@ -0,0 +1,5 @@
|
|
1
|
+
version: v0.4.11
|
2
|
+
libasherah-arm64.so: bc044b74453fc8fceca564fb127c9f2748aeac107791bd24c680ced1fcb7b816
|
3
|
+
libasherah-x64.so: 82f10505ef11fba2c8e027668d9b5c89584f73eb1e53a9f5ff21d5705ecffb3a
|
4
|
+
libasherah-arm64.dylib: 0b843d002212722c442c990d84e6ceac73c78e1663260be8c3f759a9a283b14a
|
5
|
+
libasherah-x64.dylib: fd0592ed4cdfbc7b3a2534b540c22301a9669c6c37dfb3d28f600ccc9ba975f8
|
@@ -0,0 +1,64 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'open-uri'
|
4
|
+
require 'fileutils'
|
5
|
+
require 'digest'
|
6
|
+
require 'yaml'
|
7
|
+
require 'cobhan'
|
8
|
+
|
9
|
+
# Downloads native file and verifies checksum
|
10
|
+
class NativeFile
|
11
|
+
LIB_NAME = 'libasherah'
|
12
|
+
ROOT_DIR = File.expand_path('../../', __dir__)
|
13
|
+
CHECKSUMS_FILE = File.expand_path('checksums.yml', __dir__)
|
14
|
+
CHECKSUMS = YAML.load_file(CHECKSUMS_FILE)
|
15
|
+
VERSION = CHECKSUMS.fetch('version')
|
16
|
+
RETRIES = 3
|
17
|
+
RETRY_DELAY = 1
|
18
|
+
|
19
|
+
class << self
|
20
|
+
def download(
|
21
|
+
file_name: Class.new.extend(Cobhan).library_file_name(LIB_NAME),
|
22
|
+
dir: File.join(ROOT_DIR, 'lib/asherah/native')
|
23
|
+
)
|
24
|
+
file_path = File.join(dir, file_name)
|
25
|
+
if File.exist?(file_path)
|
26
|
+
puts "#{file_path} already exists ... skipping download"
|
27
|
+
return
|
28
|
+
end
|
29
|
+
|
30
|
+
checksum = CHECKSUMS.fetch(file_name) do
|
31
|
+
abort "Unsupported platform #{RUBY_PLATFORM}"
|
32
|
+
end
|
33
|
+
|
34
|
+
content = download_content(file_name)
|
35
|
+
|
36
|
+
sha256 = Digest::SHA256.hexdigest(content)
|
37
|
+
abort "Could not verify checksum of #{file_name}" if sha256 != checksum
|
38
|
+
|
39
|
+
FileUtils.mkdir_p(dir)
|
40
|
+
File.binwrite(file_path, content)
|
41
|
+
end
|
42
|
+
|
43
|
+
private
|
44
|
+
|
45
|
+
def download_content(file_name)
|
46
|
+
tries = 0
|
47
|
+
|
48
|
+
begin
|
49
|
+
tries += 1
|
50
|
+
url = "https://github.com/godaddy/asherah-cobhan/releases/download/#{VERSION}/#{file_name}"
|
51
|
+
puts "Downloading #{url}"
|
52
|
+
URI.parse(url).open.read
|
53
|
+
rescue Net::OpenTimeout, Net::ReadTimeout => e
|
54
|
+
if tries <= RETRIES
|
55
|
+
puts "Got #{e.class}... retrying in #{RETRY_DELAY} seconds"
|
56
|
+
sleep RETRY_DELAY
|
57
|
+
retry
|
58
|
+
else
|
59
|
+
raise e
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
data/lib/asherah/error.rb
CHANGED
@@ -9,20 +9,22 @@ module Asherah
|
|
9
9
|
GetSessionFailed = Class.new(StandardError)
|
10
10
|
EncryptFailed = Class.new(StandardError)
|
11
11
|
DecryptFailed = Class.new(StandardError)
|
12
|
+
BadConfig = Class.new(StandardError)
|
12
13
|
|
13
14
|
CODES = {
|
14
15
|
-100 => NotInitialized,
|
15
16
|
-101 => AlreadyInitialized,
|
16
17
|
-102 => GetSessionFailed,
|
17
18
|
-103 => EncryptFailed,
|
18
|
-
-104 => DecryptFailed
|
19
|
+
-104 => DecryptFailed,
|
20
|
+
-105 => BadConfig
|
19
21
|
}.freeze
|
20
22
|
|
21
23
|
def self.check_result!(result, message)
|
22
24
|
return unless result.negative?
|
23
25
|
|
24
26
|
error_class = Error::CODES.fetch(result, StandardError)
|
25
|
-
raise error_class, message
|
27
|
+
raise error_class, "#{message} (#{result})"
|
26
28
|
end
|
27
29
|
end
|
28
30
|
end
|
Binary file
|
data/lib/asherah/version.rb
CHANGED
data/lib/asherah.rb
CHANGED
@@ -3,9 +3,6 @@
|
|
3
3
|
require_relative 'asherah/version'
|
4
4
|
require 'asherah/config'
|
5
5
|
require 'asherah/error'
|
6
|
-
require 'asherah/key_meta'
|
7
|
-
require 'asherah/data_row_record'
|
8
|
-
require 'asherah/envelope_key_record'
|
9
6
|
require 'cobhan'
|
10
7
|
|
11
8
|
# Asherah is a Ruby wrapper around Asherah Go application-layer encryption SDK.
|
@@ -15,13 +12,15 @@ module Asherah
|
|
15
12
|
LIB_ROOT_PATH = File.expand_path('asherah/native', __dir__)
|
16
13
|
load_library(LIB_ROOT_PATH, 'libasherah', [
|
17
14
|
[:SetupJson, [:pointer], :int32],
|
18
|
-
[:Encrypt, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int32],
|
19
|
-
[:Decrypt, [:pointer, :pointer, :pointer, :int64, :pointer, :int64, :pointer], :int32],
|
20
15
|
[:EncryptToJson, [:pointer, :pointer, :pointer], :int32],
|
21
16
|
[:DecryptFromJson, [:pointer, :pointer, :pointer], :int32],
|
22
17
|
[:Shutdown, [], :void]
|
23
18
|
].freeze)
|
24
19
|
|
20
|
+
ESTIMATED_ENCRYPTION_OVERHEAD = 48
|
21
|
+
ESTIMATED_ENVELOPE_OVERHEAD = 185
|
22
|
+
BASE64_OVERHEAD = 1.34
|
23
|
+
|
25
24
|
class << self
|
26
25
|
# Configures Asherah
|
27
26
|
#
|
@@ -31,6 +30,7 @@ module Asherah
|
|
31
30
|
config = Config.new
|
32
31
|
yield config
|
33
32
|
config.validate!
|
33
|
+
@intermediated_key_overhead_bytesize = config.product_id.bytesize + config.service_name.bytesize
|
34
34
|
|
35
35
|
config_buffer = string_to_cbuffer(config.to_json)
|
36
36
|
|
@@ -38,110 +38,65 @@ module Asherah
|
|
38
38
|
Error.check_result!(result, 'SetupJson failed')
|
39
39
|
end
|
40
40
|
|
41
|
-
# Encrypts data for a given partition_id and returns DataRowRecord
|
41
|
+
# Encrypts data for a given partition_id and returns DataRowRecord in JSON format.
|
42
42
|
#
|
43
|
-
#
|
44
|
-
#
|
45
|
-
#
|
46
|
-
def encrypt(partition_id, data)
|
47
|
-
partition_id_buffer = string_to_cbuffer(partition_id)
|
48
|
-
data_buffer = string_to_cbuffer(data)
|
49
|
-
output_encrypted_data_buffer = allocate_cbuffer(data.length + 256)
|
50
|
-
output_encrypted_key_buffer = allocate_cbuffer(256)
|
51
|
-
output_created_buffer = int_to_buffer(0)
|
52
|
-
output_parent_key_id_buffer = allocate_cbuffer(256)
|
53
|
-
output_parent_key_created_buffer = int_to_buffer(0)
|
54
|
-
|
55
|
-
result = Encrypt(
|
56
|
-
partition_id_buffer,
|
57
|
-
data_buffer,
|
58
|
-
output_encrypted_data_buffer,
|
59
|
-
output_encrypted_key_buffer,
|
60
|
-
output_created_buffer,
|
61
|
-
output_parent_key_id_buffer,
|
62
|
-
output_parent_key_created_buffer
|
63
|
-
)
|
64
|
-
Error.check_result!(result, 'Encrypt failed')
|
65
|
-
|
66
|
-
parent_key_meta = KeyMeta.new(
|
67
|
-
id: cbuffer_to_string(output_parent_key_id_buffer),
|
68
|
-
created: buffer_to_int(output_parent_key_created_buffer)
|
69
|
-
)
|
70
|
-
envelope_key_record = EnvelopeKeyRecord.new(
|
71
|
-
encrypted_key: cbuffer_to_string(output_encrypted_key_buffer),
|
72
|
-
created: buffer_to_int(output_created_buffer),
|
73
|
-
parent_key_meta: parent_key_meta
|
74
|
-
)
|
75
|
-
|
76
|
-
DataRowRecord.new(
|
77
|
-
data: cbuffer_to_string(output_encrypted_data_buffer),
|
78
|
-
key: envelope_key_record
|
79
|
-
)
|
80
|
-
end
|
81
|
-
|
82
|
-
# Decrypts a data_row_record for a partition_id and returns decrypted data
|
43
|
+
# DataRowRecord contains the encrypted key and data, as well as the information
|
44
|
+
# required to decrypt the key encryption key. This object data should be stored
|
45
|
+
# in your data persistence as it's required to decrypt data.
|
83
46
|
#
|
84
|
-
#
|
85
|
-
#
|
86
|
-
#
|
87
|
-
|
88
|
-
|
89
|
-
encrypted_data_buffer = string_to_cbuffer(data_row_record.data)
|
90
|
-
encrypted_key_buffer = string_to_cbuffer(data_row_record.key.encrypted_key)
|
91
|
-
created = data_row_record.key.created
|
92
|
-
parent_key_id_buffer = string_to_cbuffer(data_row_record.key.parent_key_meta.id)
|
93
|
-
parent_key_created = data_row_record.key.parent_key_meta.created
|
94
|
-
|
95
|
-
output_data_buffer = allocate_cbuffer(encrypted_data_buffer.size + 256)
|
96
|
-
|
97
|
-
result = Decrypt(
|
98
|
-
partition_id_buffer,
|
99
|
-
encrypted_data_buffer,
|
100
|
-
encrypted_key_buffer,
|
101
|
-
created,
|
102
|
-
parent_key_id_buffer,
|
103
|
-
parent_key_created,
|
104
|
-
output_data_buffer
|
105
|
-
)
|
106
|
-
Error.check_result!(result, 'Decrypt failed')
|
107
|
-
|
108
|
-
cbuffer_to_string(output_data_buffer)
|
109
|
-
end
|
110
|
-
|
111
|
-
def shutdown
|
112
|
-
Shutdown()
|
113
|
-
end
|
114
|
-
|
115
|
-
# Encrypts data for a given partition_id and returns DataRowRecord in JSON format
|
47
|
+
# EnvelopeKeyRecord represents an encrypted key and is the data structure used
|
48
|
+
# to persist the key in the key table. It also contains the meta data
|
49
|
+
# of the key used to encrypt it.
|
50
|
+
#
|
51
|
+
# KeyMeta contains the `id` and `created` timestamp for an encryption key.
|
116
52
|
#
|
117
53
|
# @param partition_id [String]
|
118
54
|
# @param data [String]
|
119
55
|
# @return [String], DataRowRecord in JSON format
|
120
|
-
def
|
56
|
+
def encrypt(partition_id, data)
|
121
57
|
partition_id_buffer = string_to_cbuffer(partition_id)
|
122
58
|
data_buffer = string_to_cbuffer(data)
|
123
|
-
|
59
|
+
estimated_buffer_bytesize = estimate_buffer(data.bytesize, partition_id.bytesize)
|
60
|
+
output_buffer = allocate_cbuffer(estimated_buffer_bytesize)
|
124
61
|
|
125
62
|
result = EncryptToJson(partition_id_buffer, data_buffer, output_buffer)
|
126
63
|
Error.check_result!(result, 'EncryptToJson failed')
|
127
64
|
|
128
65
|
cbuffer_to_string(output_buffer)
|
66
|
+
ensure
|
67
|
+
[partition_id_buffer, data_buffer, output_buffer].map(&:free)
|
129
68
|
end
|
130
69
|
|
131
|
-
# Decrypts a DataRowRecord in JSON format for a partition_id and returns decrypted data
|
70
|
+
# Decrypts a DataRowRecord in JSON format for a partition_id and returns decrypted data.
|
132
71
|
#
|
133
72
|
# @param partition_id [String]
|
134
73
|
# @param json [String], DataRowRecord in JSON format
|
135
74
|
# @return [String], Decrypted data
|
136
|
-
def
|
75
|
+
def decrypt(partition_id, json)
|
137
76
|
partition_id_buffer = string_to_cbuffer(partition_id)
|
138
77
|
data_buffer = string_to_cbuffer(json)
|
139
|
-
output_buffer = allocate_cbuffer(json.
|
78
|
+
output_buffer = allocate_cbuffer(json.bytesize)
|
140
79
|
|
141
80
|
result = DecryptFromJson(partition_id_buffer, data_buffer, output_buffer)
|
142
81
|
Error.check_result!(result, 'DecryptFromJson failed')
|
143
82
|
|
144
83
|
cbuffer_to_string(output_buffer)
|
84
|
+
ensure
|
85
|
+
[partition_id_buffer, data_buffer, output_buffer].map(&:free)
|
86
|
+
end
|
87
|
+
|
88
|
+
# Stop the Asherah instance
|
89
|
+
def shutdown
|
90
|
+
Shutdown()
|
91
|
+
end
|
92
|
+
|
93
|
+
private
|
94
|
+
|
95
|
+
def estimate_buffer(data_bytesize, partition_bytesize)
|
96
|
+
ESTIMATED_ENVELOPE_OVERHEAD +
|
97
|
+
@intermediated_key_overhead_bytesize +
|
98
|
+
partition_bytesize +
|
99
|
+
((data_bytesize + ESTIMATED_ENCRYPTION_OVERHEAD) * BASE64_OVERHEAD)
|
145
100
|
end
|
146
101
|
end
|
147
102
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: asherah
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1
|
4
|
+
version: 0.4.1
|
5
5
|
platform: aarch64-linux
|
6
6
|
authors:
|
7
7
|
- GoDaddy
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-03-
|
11
|
+
date: 2022-03-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: cobhan
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.2.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.2.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: dotenv
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -100,7 +100,8 @@ description: |
|
|
100
100
|
email:
|
101
101
|
- oss@godaddy.com
|
102
102
|
executables: []
|
103
|
-
extensions:
|
103
|
+
extensions:
|
104
|
+
- ext/asherah/extconf.rb
|
104
105
|
extra_rdoc_files: []
|
105
106
|
files:
|
106
107
|
- ".rspec"
|
@@ -115,12 +116,12 @@ files:
|
|
115
116
|
- Rakefile
|
116
117
|
- SECURITY.md
|
117
118
|
- asherah.gemspec
|
119
|
+
- ext/asherah/checksums.yml
|
120
|
+
- ext/asherah/extconf.rb
|
121
|
+
- ext/asherah/native_file.rb
|
118
122
|
- lib/asherah.rb
|
119
123
|
- lib/asherah/config.rb
|
120
|
-
- lib/asherah/data_row_record.rb
|
121
|
-
- lib/asherah/envelope_key_record.rb
|
122
124
|
- lib/asherah/error.rb
|
123
|
-
- lib/asherah/key_meta.rb
|
124
125
|
- lib/asherah/native/libasherah-arm64.so
|
125
126
|
- lib/asherah/version.rb
|
126
127
|
homepage: https://github.com/godaddy/asherah-ruby
|
@@ -142,9 +143,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
142
143
|
version: 2.5.0
|
143
144
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
144
145
|
requirements:
|
145
|
-
- - "
|
146
|
+
- - ">="
|
146
147
|
- !ruby/object:Gem::Version
|
147
|
-
version:
|
148
|
+
version: '0'
|
148
149
|
requirements: []
|
149
150
|
rubygems_version: 3.3.7
|
150
151
|
signing_key:
|
@@ -1,20 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Asherah
|
4
|
-
# DataRowRecord contains the encrypted key and data, as well as the information
|
5
|
-
# required to decrypt the key encryption key. This object data should be stored
|
6
|
-
# in your data persistence as it's required to decrypt data.
|
7
|
-
class DataRowRecord
|
8
|
-
attr_reader :data, :key
|
9
|
-
|
10
|
-
# Initializes a new DataRowRecord
|
11
|
-
#
|
12
|
-
# @param data [String]
|
13
|
-
# @param key [EnvelopeKeyRecord]
|
14
|
-
# @return DataRowRecord
|
15
|
-
def initialize(data:, key:)
|
16
|
-
@data = data
|
17
|
-
@key = key
|
18
|
-
end
|
19
|
-
end
|
20
|
-
end
|
@@ -1,22 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Asherah
|
4
|
-
# EnvelopeKeyRecord represents an encrypted key and is the data structure used
|
5
|
-
# to persist the key in the key table. It also contains the meta data
|
6
|
-
# of the key used to encrypt it.
|
7
|
-
class EnvelopeKeyRecord
|
8
|
-
attr_reader :encrypted_key, :created, :parent_key_meta
|
9
|
-
|
10
|
-
# Initializes a new EnvelopeKeyRecord
|
11
|
-
#
|
12
|
-
# @param encrypted_key [String]
|
13
|
-
# @param created [Integer]
|
14
|
-
# @param parent_key_meta [KeyMeta]
|
15
|
-
# @return EnvelopeKeyRecord
|
16
|
-
def initialize(encrypted_key:, created:, parent_key_meta:)
|
17
|
-
@encrypted_key = encrypted_key
|
18
|
-
@created = created
|
19
|
-
@parent_key_meta = parent_key_meta
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|
data/lib/asherah/key_meta.rb
DELETED
@@ -1,18 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Asherah
|
4
|
-
# KeyMeta contains the `id` and `created` timestamp for an encryption key.
|
5
|
-
class KeyMeta
|
6
|
-
attr_reader :id, :created
|
7
|
-
|
8
|
-
# Initializes a new KeyMeta
|
9
|
-
#
|
10
|
-
# @param id [String]
|
11
|
-
# @param created [Integer]
|
12
|
-
# @return KeyMeta
|
13
|
-
def initialize(id:, created:)
|
14
|
-
@id = id
|
15
|
-
@created = created
|
16
|
-
end
|
17
|
-
end
|
18
|
-
end
|