asherah 0.2.0-arm64-darwin → 0.3.0-arm64-darwin

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 36d11cdfa0e749a52efaf5be5ee101fc2991333f3c213e093fef10bd8c4de57e
-  data.tar.gz: 884d871772aac9491693c40e8eaf84798549f8558ec2d0e7b3f284f6a4374c52
+  metadata.gz: 6a43b4d34ccce682cf20e8e0154704be1e88f43fd83243143b1eb29cb184e5e1
+  data.tar.gz: 4e1f4ba3d4f67096204bc126eea95e2dcc50666ecf1dc4d3e4f2dac2108b19e4
 SHA512:
-  metadata.gz: f6fe6c2b92a504aefb07f5837df30e08415e16280c76514cc6c326ecf2f922616d7d6f48c3fa1afdfefb93328db28154f9a4d664e50565780f4086c783a98ce6
-  data.tar.gz: 4e0edff8c2f9b9b609977036c771cbcd94d94e3022e379f4bc1d3ccc84a35c3436fcd22e4877b084e9c9deaa35330d22e67cc9a01141b1f6268b03be41f841aa
+  metadata.gz: 5ff13c55e0d1eee27ed301a854e353fe0edc7acdbe99f9da41a1e215ee64f7311353bc45f89f1ad652508545e74e9f1949e92e50e9dd6d41ebe8c2bea47ef1c6
+  data.tar.gz: 63dab48dfb85fe4e794dc5a5431cf1a7e5abc2f27ff62a90d9e7cec7939e85e24e04ccdd14107274a341f9f7b1020867bcae41b93ef0ce8d4064d48bf544bc3e

data/CHANGELOG.md

@@ -1,5 +1,11 @@
 ## [Unreleased]
 
+## [0.3.0] - 2022-03-22
+
+- Free up cobhan buffers after encrypt/decrypt to prevent growing heap memory
+- Use local `estimate_buffer` calculation instead of FFI call
+- Upgrade to use asherah-cobhan v0.4.3
+
 ## [0.2.0] - 2022-03-21
 
 - Implement versioning for asherah-cobhan binaries

data/lib/asherah/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Asherah
-  VERSION = '0.2.0'
+  VERSION = '0.3.0'
 end

data/lib/asherah.rb

@@ -14,10 +14,13 @@ module Asherah
     [:SetupJson, [:pointer], :int32],
     [:EncryptToJson, [:pointer, :pointer, :pointer], :int32],
     [:DecryptFromJson, [:pointer, :pointer, :pointer], :int32],
-    [:EstimateBuffer, [:int32, :int32], :int32],
     [:Shutdown, [], :void]
   ].freeze)
 
+  ESTIMATED_ENCRYPTION_OVERHEAD = 48
+  ESTIMATED_ENVELOPE_OVERHEAD = 185
+  BASE64_OVERHEAD = 1.34
+
   class << self
     # Configures Asherah
     #
@@ -27,6 +30,7 @@ module Asherah
       config = Config.new
       yield config
       config.validate!
+      @intermediated_key_overhead_bytesize = config.product_id.bytesize + config.service_name.bytesize
 
       config_buffer = string_to_cbuffer(config.to_json)
 
@@ -52,13 +56,15 @@ module Asherah
     def encrypt(partition_id, data)
       partition_id_buffer = string_to_cbuffer(partition_id)
       data_buffer = string_to_cbuffer(data)
-      estimated_length = EstimateBuffer(data.bytesize, partition_id.bytesize)
-      output_buffer = allocate_cbuffer(estimated_length)
+      estimated_buffer_bytesize = estimate_buffer(data.bytesize, partition_id.bytesize)
+      output_buffer = allocate_cbuffer(estimated_buffer_bytesize)
 
       result = EncryptToJson(partition_id_buffer, data_buffer, output_buffer)
       Error.check_result!(result, 'EncryptToJson failed')
 
       cbuffer_to_string(output_buffer)
+    ensure
+      [partition_id_buffer, data_buffer, output_buffer].map(&:free)
     end
 
     # Decrypts a DataRowRecord in JSON format for a partition_id and returns decrypted data.
@@ -75,11 +81,22 @@ module Asherah
       Error.check_result!(result, 'DecryptFromJson failed')
 
       cbuffer_to_string(output_buffer)
+    ensure
+      [partition_id_buffer, data_buffer, output_buffer].map(&:free)
     end
 
     # Stop the Asherah instance
     def shutdown
       Shutdown()
     end
+
+    private
+
+    def estimate_buffer(data_bytesize, partition_bytesize)
+      ESTIMATED_ENVELOPE_OVERHEAD +
+        @intermediated_key_overhead_bytesize +
+        partition_bytesize +
+        ((data_bytesize + ESTIMATED_ENCRYPTION_OVERHEAD) * BASE64_OVERHEAD)
+    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: asherah
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: arm64-darwin
 authors:
 - GoDaddy
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-03-21 00:00:00.000000000 Z
+date: 2022-03-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cobhan