asherah 0.2.0-x86_64-darwin → 0.3.0-x86_64-darwin

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f78dcaa66db09c33f15a1e2a0d79e6003387e7249abcd94dd75f4b39d3d1495f
-  data.tar.gz: ec27e86d304692f3f244d566d02d72fab3221bc343414c308a53659245b2caed
+  metadata.gz: 19b2444c560043be159c67a8ce073d195efdc97621bf2bc83aa51ccf782e05cf
+  data.tar.gz: d8cc8af342fe2738ff2775f87ac2a5a708a3efc22fd1abc5c1ce31c75bb31abf
 SHA512:
-  metadata.gz: b6e74b580a3a09a6b6ecd730069f0fcfba950d0209b2aab30a4ebc34b51aad3fcd1cebf236e39221d4cb8d08aa14c03009fa1e38ae2a8dce8920d985af878b95
-  data.tar.gz: 11f6e7b2c2f5b686c617255aac4d1e4a7c98be675dcc95a0da0baf9298e438303e54a99a716c884c374950f6dedcb0f0957757cf105414bbdc6663e67317c847
+  metadata.gz: e3306522c79aba79a641be8be76e8dd884717a229cad7ab1f880a3ff1918691e24c6e4021fdc73431446d9dbb8c60d389d260f2358bc07f728f88980609bdbdc
+  data.tar.gz: d3afd3c3a65aa26183328496a75a2e278764b4056516ea8a1fcd5121109aaf07078f8089ff43ed2e125532052dac3da9efa5c50ea826dd12273ed030acec36b6

data/CHANGELOG.md

@@ -1,5 +1,11 @@
 ## [Unreleased]
 
+## [0.3.0] - 2022-03-22
+
+- Free up cobhan buffers after encrypt/decrypt to prevent growing heap memory
+- Use local `estimate_buffer` calculation instead of FFI call
+- Upgrade to use asherah-cobhan v0.4.3
+
 ## [0.2.0] - 2022-03-21
 
 - Implement versioning for asherah-cobhan binaries

data/lib/asherah/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Asherah
-  VERSION = '0.2.0'
+  VERSION = '0.3.0'
 end

data/lib/asherah.rb

@@ -14,10 +14,13 @@ module Asherah
     [:SetupJson, [:pointer], :int32],
     [:EncryptToJson, [:pointer, :pointer, :pointer], :int32],
     [:DecryptFromJson, [:pointer, :pointer, :pointer], :int32],
-    [:EstimateBuffer, [:int32, :int32], :int32],
     [:Shutdown, [], :void]
   ].freeze)
 
+  ESTIMATED_ENCRYPTION_OVERHEAD = 48
+  ESTIMATED_ENVELOPE_OVERHEAD = 185
+  BASE64_OVERHEAD = 1.34
+
   class << self
     # Configures Asherah
     #
@@ -27,6 +30,7 @@ module Asherah
       config = Config.new
       yield config
       config.validate!
+      @intermediated_key_overhead_bytesize = config.product_id.bytesize + config.service_name.bytesize
 
       config_buffer = string_to_cbuffer(config.to_json)
 
@@ -52,13 +56,15 @@ module Asherah
     def encrypt(partition_id, data)
       partition_id_buffer = string_to_cbuffer(partition_id)
       data_buffer = string_to_cbuffer(data)
-      estimated_length = EstimateBuffer(data.bytesize, partition_id.bytesize)
-      output_buffer = allocate_cbuffer(estimated_length)
+      estimated_buffer_bytesize = estimate_buffer(data.bytesize, partition_id.bytesize)
+      output_buffer = allocate_cbuffer(estimated_buffer_bytesize)
 
       result = EncryptToJson(partition_id_buffer, data_buffer, output_buffer)
       Error.check_result!(result, 'EncryptToJson failed')
 
       cbuffer_to_string(output_buffer)
+    ensure
+      [partition_id_buffer, data_buffer, output_buffer].map(&:free)
     end
 
     # Decrypts a DataRowRecord in JSON format for a partition_id and returns decrypted data.
@@ -75,11 +81,22 @@ module Asherah
       Error.check_result!(result, 'DecryptFromJson failed')
 
       cbuffer_to_string(output_buffer)
+    ensure
+      [partition_id_buffer, data_buffer, output_buffer].map(&:free)
     end
 
     # Stop the Asherah instance
     def shutdown
       Shutdown()
     end
+
+    private
+
+    def estimate_buffer(data_bytesize, partition_bytesize)
+      ESTIMATED_ENVELOPE_OVERHEAD +
+        @intermediated_key_overhead_bytesize +
+        partition_bytesize +
+        ((data_bytesize + ESTIMATED_ENCRYPTION_OVERHEAD) * BASE64_OVERHEAD)
+    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: asherah
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: x86_64-darwin
 authors:
 - GoDaddy
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-03-21 00:00:00.000000000 Z
+date: 2022-03-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cobhan