asherah 0.1.0.beta.1-x86_64-linux

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: a65d91b29f13e7317ca89e9b6dbdaa58b7328119d1cc662a69961281c8e7fd28
+  data.tar.gz: 9fe9a9ec4f5236259a30c58fd9e7d4a6ca22d37856af42074bcbd488be9e1114
+SHA512:
+  metadata.gz: c1c1753de72e8226e229bda8f5c8506c75e992c0400a5dfd6079107c679ef0de28f291295648277ee17e070c608e3f1bacc92572f0efdbc863837f8be40996ad
+  data.tar.gz: 64726f3026aee1b6fcdac1bfc1fbcee0552feda9c3e9c8d95522a5cf7bbf131b6cbe98493b3b7f4e6c1b2934f65c0af6b30ee13289a667942d3230508402610f

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,39 @@
+AllCops:
+  TargetRubyVersion: 2.5
+  NewCops: enable
+  SuggestExtensions: false
+  Exclude:
+    - 'vendor/**/*' # Github Actions
+
+Layout/LineLength:
+  Max: 120
+
+Metrics/BlockLength:
+  Enabled: false
+
+Metrics/MethodLength:
+  Enabled: false
+
+Style/WordArray:
+  Enabled: false
+
+Style/SymbolArray:
+  Enabled: false
+
+Style/MultilineBlockChain:
+  Enabled: false
+
+Style/BlockDelimiters:
+  Enabled: false
+
+Style/HashAsLastArrayItem:
+  Enabled: false
+
+Metrics/AbcSize:
+  Enabled: false
+
+Metrics/ParameterLists:
+  Enabled: false
+
+Metrics/ModuleLength:
+  Enabled: false

data/.ruby-version

@@ -0,0 +1 @@
+3.1.0

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+## [Unreleased]
+
+## [0.1.0] - 2022-03-02
+
+- Initial release

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,77 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, sex characteristics, gender identity and expression,
+level of experience, education, socio-economic status, nationality, personal
+appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+  advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies within all project spaces, and it also applies when
+an individual is representing the project or its community in public spaces.
+Examples of representing a project or community include using an official
+project e-mail address, posting via an official social media account, or acting
+as an appointed representative at an online or offline event. Representation of
+a project may be further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at oss@godaddy.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see
+https://www.contributor-covenant.org/faq
+

data/CONTRIBUTING.md

@@ -0,0 +1,128 @@
+# Contributing
+
+Everyone is welcome to contribute to GoDaddy's Open Source Software.
+Contributing doesn’t just mean submitting pull requests. To get involved,
+you can report or triage bugs, and participate in discussions on the
+evolution of each project.
+
+No matter how you want to get involved, we ask that you first learn what’s
+expected of anyone who participates in the project by reading the Contribution
+Guidelines and our [Code of Conduct][coc].
+
+**Please Note:** GitHub is for bug reports and contributions primarily -
+if you have a support question head over to [GoDaddy's Open Source
+Software Slack channel][slack]. You can request an invite
+[here][invite].
+
+## Answering Questions
+
+One of the most important and immediate ways you can support this project is
+to answer questions on [Slack][slack] or [Github][issues]. Whether you’re
+helping a newcomer understand a feature or troubleshooting an edge case with a
+seasoned developer, your knowledge and experience with a programming language
+can go a long way to help others.
+
+## Reporting Bugs
+
+**Do not report potential security vulnerabilities here. Refer to
+[SECURITY.md](./SECURITY.md) for more details about the process of reporting
+security vulnerabilities.**
+
+Before submitting a ticket, please search our [Issue Tracker][issues] to make
+sure it does not already exist and have a simple replication of the behavior. If
+the issue is isolated to one of the dependencies of this project, please create
+a Github issue in that project. All dependencies should be open source software
+and can be found on Github.
+
+Submit a ticket for your issue, assuming one does not already exist:
+
+- Create it on the project's [issue Tracker][issues].
+- Clearly describe the issue by following the template layout
+  - Make sure to include steps to reproduce the bug.
+  - A reproducible (unit) test could be helpful in solving the bug.
+  - Describe the environment that (re)produced the problem.
+
+## Triaging bugs or contributing code
+
+If you're triaging a bug, first make sure that you can reproduce it. Once a bug
+can be reproduced, reduce it to the smallest amount of code possible. Reasoning
+about a sample or unit test that reproduces a bug in just a few lines of code
+is easier than reasoning about a longer sample.
+
+From a practical perspective, contributions are as simple as:
+
+1. Fork and clone the repo, [see Github's instructions if you need help.][fork]
+1. Create a branch for your PR with `git checkout -b pr/your-branch-name`
+1. Make changes on the branch of your forked repository.
+1. When committing, reference your issue (if present) and include a note about
+  the fix.
+1. Please also add/update unit tests for your changes.
+1. Push the changes to your fork and submit a pull request to the 'main
+   development branch' branch of the projects' repository.
+
+If you are interested in making a large change and feel unsure about its overall
+effect, start with opening an Issue in the project's [Issue Tracker][issues]
+with a high-level proposal and discuss it with the core contributors through
+Github comments or in [Slack][slack]. After reaching a consensus with core
+contributors about the change, discuss the best way to go about implementing it.
+
+> Tip: Keep your main branch pointing at the original repository and make
+> pull requests from branches on your fork. To do this, run:
+>
+>   ```sh
+> git remote add upstream https://github.com/godaddy/asherah-ruby.git
+> git fetch upstream
+> git branch --set-upstream-to=upstream/main main
+>   ```
+>
+> This will add the original repository as a "remote" called "upstream," Then
+> fetch the git information from that remote, then set your local main
+> branch to use the upstream main branch whenever you run git pull. Then you
+> can make all of your pull request branches based on this main branch.
+> Whenever you want to update your version of main, do a regular git pull.
+
+## Code Review
+
+Any open source project relies heavily on code review to improve software
+quality. All significant changes, by all developers, must be reviewed before
+they are committed to the repository. Code reviews are conducted on GitHub
+through comments on pull requests or commits. The developer responsible for a
+code change is also responsible for making all necessary review-related changes.
+
+Sometimes code reviews will take longer than you would hope for, especially for
+larger features. Here are some accepted ways to speed up review times for your
+patches:
+
+- Review other people’s changes. If you help out, others will more likely be
+willing to do the same for you.
+- Split your change into multiple smaller changes. The smaller your change,
+the higher the probability that somebody will take a quick look at it.
+- Mention the change on [Slack][slack]. If it is urgent, provide reasons why it
+is important to get this change landed. Remember that you are asking for valuable
+time from other professional developers.
+
+**Note that anyone is welcome to review and give feedback on a change, but only
+people with commit access to the repository can approve it.**
+
+## Attribution of Changes
+
+When contributors submit a change to this project, after that change is
+approved, other developers with commit access may commit it for the author. When
+doing so, it is important to retain correct attribution of the contribution.
+Generally speaking, Git handles attribution automatically.
+
+## Code Style and Documentation
+
+Ensure that your contribution follows the standards set by the project's style
+guide with respect to patterns, naming, documentation and testing.
+
+# Additional Resources
+
+- [General GitHub Documentation](https://help.github.com/)
+- [GitHub Pull Request documentation](https://help.github.com/send-pull-requests/)
+
+[issues]: https://github.com/godaddy/asherah-ruby/issues/
+[coc]: ./CODE_OF_CONDUCT.md
+[slack]: https://godaddy-oss.slack.com/
+[fork]: https://help.github.com/en/articles/fork-a-repo
+[invite]: https://godaddy-oss-slack.herokuapp.com

data/Gemfile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in asherah.gemspec
+gemspec
+
+gem 'rake', '~> 13.0'
+
+gem 'rspec', '~> 3.0'
+
+gem 'rubocop', '~> 1.21'

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2022 GoDaddy Operating Company, LLC.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,39 @@
+# Asherah
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/asherah`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'asherah'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install asherah
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/asherah.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,97 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+require 'rubygems/package'
+require "open-uri"
+
+RSpec::Core::RakeTask.new(:spec)
+
+require 'rubocop/rake_task'
+
+RuboCop::RakeTask.new
+
+task default: %i[spec rubocop]
+
+DISTRIBUTIONS = {
+  'x86_64-linux' => ['libasherah-x64.so'],
+  'x86_64-darwin' => ['libasherah-x64.dylib'],
+  'aarch64-linux' => ['libasherah-arm64.so'],
+  'arm64-darwin' => ['libasherah-arm64.dylib']
+}
+
+def native_build(platform, native_files)
+  puts "Building gem for #{platform}"
+
+  pkg_dir = File.join(__dir__, 'pkg')
+  FileUtils.mkdir_p(pkg_dir)
+
+  tmp_gem_dir = File.join(__dir__, 'tmp', platform)
+  FileUtils.rm_rf(tmp_gem_dir, verbose: true)
+  FileUtils.mkdir_p(tmp_gem_dir, verbose: true)
+
+  # Copy files to tmp gem dir
+  gemspec = Bundler.load_gemspec('asherah.gemspec')
+  gemspec.files.each do |file|
+    dir = File.dirname(file)
+    filename = File.basename(file)
+    FileUtils.mkdir_p(File.join(tmp_gem_dir, dir))
+    FileUtils.copy_file(file, File.join(tmp_gem_dir, dir, filename))
+  end
+
+  # Set platform for native gem build and remove extentions
+  gemspec.platform = Gem::Platform.new(platform)
+
+  native_dir = 'lib/asherah/native'
+  FileUtils.cd(tmp_gem_dir, verbose: true) do
+    FileUtils.mkdir_p(native_dir)
+    native_files.each do |native_file|
+      native_file_path = File.join(native_dir, native_file)
+      gemspec.files << native_file_path
+
+      URI.open(native_file_path, 'wb') do |file|
+        url = "https://github.com/godaddy/asherah-cobhan/releases/download/current/#{native_file}"
+        puts "Downloading #{url}"
+        file << URI.open(url).read
+      end
+    end
+
+    package = Gem::Package.build gemspec
+    FileUtils.mv package, File.join(pkg_dir, package)
+  end
+end
+
+
+namespace :native do
+  namespace :build do
+    desc "Build all native gems"
+    task :all do
+      DISTRIBUTIONS.each do |platform, native_files|
+        native_build(platform, native_files)
+      end
+    end
+
+    DISTRIBUTIONS.each do |platform, native_files|
+      desc "Build native gem for #{platform}"
+      task :"#{platform}" do
+        native_build(platform, native_files)
+      end
+    end
+  end
+
+  namespace :smoke do
+    require 'cobhan'
+
+    filename = Class.new.extend(Cobhan).library_file_name('libasherah')
+    platform, _ = DISTRIBUTIONS.detect { |k, v| v.include?(filename) }
+
+    desc "Smoke test native gem on #{platform} platform"
+    task :"#{platform}" => :"build:#{platform}" do
+      gemspec = Bundler.load_gemspec('asherah.gemspec')
+      gemspec.platform = Gem::Platform.new(platform)
+
+      sh("gem install pkg/#{gemspec.file_name}")
+      sh("ruby spec/smoke_test.rb")
+    end
+  end
+end

data/SECURITY.md

@@ -0,0 +1,19 @@
+# Reporting Security Issues
+
+We take security very seriously at GoDaddy. We appreciate your efforts to
+responsibly disclose your findings, and will make every effort to acknowledge
+your contributions.
+
+## Where should I report security issues?
+
+In order to give the community time to respond and upgrade, we strongly urge you
+report all security issues privately.
+
+To report a security issue in one of our Open Source projects email us directly
+at **oss@godaddy.com** and include the word "SECURITY" in the subject line.
+
+This mail is delivered to our Open Source Security team.
+
+After the initial reply to your report, the team will keep you informed of the
+progress being made towards a fix and announcement, and may ask for additional
+information or guidance.

data/asherah.gemspec

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require_relative 'lib/asherah/version'
+
+Gem::Specification.new do |spec|
+  spec.name = 'asherah'
+  spec.version = Asherah::VERSION
+  spec.authors = ['GoDaddy']
+  spec.email = ['oss@godaddy.com']
+
+  spec.summary = 'Application Layer Encryption SDK'
+  spec.description = <<~DESCRIPTION
+    Asherah is an application-layer encryption SDK that provides advanced
+    encryption features and defense in depth against compromise.
+  DESCRIPTION
+
+  spec.homepage = 'https://github.com/godaddy/asherah-ruby'
+  spec.license = 'MIT'
+  spec.required_ruby_version = '>= 2.5.0'
+
+  spec.metadata['homepage_uri'] = spec.homepage
+  spec.metadata['source_code_uri'] = 'https://github.com/godaddy/asherah-ruby'
+  spec.metadata['changelog_uri'] = 'https://github.com/godaddy/asherah-ruby/blob/main/CHANGELOG.md'
+  spec.metadata['rubygems_mfa_required'] = 'true'
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject do |f|
+      (f == __FILE__) || f.match(%r{\A(?:(?:bin|test|spec|features)/|\.(?:git|travis|circleci)|appveyor)})
+    end
+  end
+  spec.bindir = 'exe'
+  spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'cobhan', '~> 0.1.2'
+end

data/lib/asherah/error.rb

@@ -0,0 +1,21 @@
+
+module Asherah
+  module Error
+    ResultError = Class.new(StandardError)
+
+    CODES = {
+      -100 => 'not initialized',
+      -101 => 'already initialized',
+      -102 => 'get session failed',
+      -103 => 'encrypt failed',
+      -104 => 'eecrypt failed'
+    }
+
+    def self.check_result!(scope, result)
+      if result.negative?
+        error_message = Error::CODES.fetch(result) { 'unrecognized' }
+        raise Error::ResultError.new("#{scope} failed: #{error_message}")
+      end
+    end
+  end
+end

data/lib/asherah/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Asherah
+  VERSION = '0.1.0.beta.1'
+end

data/lib/asherah.rb

@@ -0,0 +1,187 @@
+# frozen_string_literal: true
+
+require_relative 'asherah/version'
+require 'asherah/error'
+require 'cobhan'
+
+# Asherah uses the following data structures: `data_row_record`, `envelope_key_record`, and `key_meta`.
+#
+# `data_row_record` contains the encrypted key and provided data, as well as the information
+# required to decrypt the key encryption key. This struct should be stored in your
+# data persistence as it's required to decrypt data.
+#
+# data_row_record [Hash]
+#   key [Hash], envelope_key_record
+#   data [String]
+#
+# `envelope_key_record` represents an encrypted key and is the data structure used
+# to persist the key in our key table. It also contains the meta data
+# of the key used to encrypt it.
+#
+# envelope_key_record [Hash]
+#   created [Integer]
+#   encrypted_key [String]
+#   parent_key_meta [Hash], key_meta
+#
+# `key_meta` contains the `id` and `created` timestamp for an encryption key.
+#
+# key_meta [Hash]
+#   id [String]
+#   created [Integer]
+module Asherah
+  extend Cobhan
+
+  LIB_ROOT_PATH = File.expand_path('asherah/native', __dir__)
+  load_library(LIB_ROOT_PATH, 'libasherah', [
+    [
+      :Setup,
+      [
+        :pointer, :pointer, :pointer, :pointer, :pointer, :pointer, :int32,
+        :pointer, :pointer, :pointer, :pointer, :int32, :int32, :int32
+      ],
+      :int32
+    ],
+    [:Encrypt, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int32],
+    [:Decrypt, [:pointer, :pointer, :pointer, :int64, :pointer, :int64, :pointer], :int32]
+  ].freeze)
+
+  class << self
+    # Initializes Asherah encryption session
+    #
+    # @param kms_type [String]
+    # @param metastore [String]
+    # @param service_name [String]
+    # @param product_id [String]
+    # @param rdbms_connection_string [String]
+    # @param dynamo_db_endpoint [String]
+    # @param dynamo_db_region [String]
+    # @param dynamo_db_table_name [String]
+    # @param enable_region_suffix [Boolean]
+    # @param preferred_region [String]
+    # @param region_map [String]
+    # @param verbose [Boolean]
+    # @param session_cache [Boolean]
+    # @param debug_output [Boolean]
+    def setup(
+      kms_type:,
+      metastore:,
+      service_name:,
+      product_id:,
+      rdbms_connection_string: '',
+      dynamo_db_endpoint: '',
+      dynamo_db_region: '',
+      dynamo_db_table_name: '',
+      enable_region_suffix: false,
+      preferred_region: '',
+      region_map: '',
+      verbose: false,
+      session_cache: false,
+      debug_output: false
+    )
+      kms_type_buffer = string_to_cbuffer(kms_type)
+      metastore_buffer = string_to_cbuffer(metastore)
+      rdbms_connection_string_buffer = string_to_cbuffer(rdbms_connection_string)
+      dynamo_db_endpoint_buffer = string_to_cbuffer(dynamo_db_endpoint)
+      dynamo_db_region_buffer = string_to_cbuffer(dynamo_db_region)
+      dynamo_db_table_name_buffer = string_to_cbuffer(dynamo_db_table_name)
+      enable_region_suffix_int = enable_region_suffix ? 1 : 0
+      service_name_buffer = string_to_cbuffer(service_name)
+      product_id_buffer = string_to_cbuffer(product_id)
+      preferred_region_buffer = string_to_cbuffer(preferred_region)
+      region_map_buffer = string_to_cbuffer(region_map)
+      verbose_int = verbose ? 1 : 0
+      session_cache_int = session_cache ? 1 : 0
+      debug_output_int = debug_output ? 1 : 0
+
+      result = Setup(
+        kms_type_buffer,
+        metastore_buffer,
+        rdbms_connection_string_buffer,
+        dynamo_db_endpoint_buffer,
+        dynamo_db_region_buffer,
+        dynamo_db_table_name_buffer,
+        enable_region_suffix_int,
+        service_name_buffer,
+        product_id_buffer,
+        preferred_region_buffer,
+        region_map_buffer,
+        verbose_int,
+        session_cache_int,
+        debug_output_int
+      )
+
+      Error.check_result!('setup', result)
+    end
+
+    # Encrypts data for a given partition_id
+    #
+    # @param partition_id [String]
+    # @param data [String]
+    # @return [Hash], data_row_record
+    def encrypt(partition_id, data)
+      partition_id_buffer = string_to_cbuffer(partition_id)
+      data_buffer = string_to_cbuffer(data)
+      output_encrypted_data_buffer = allocate_cbuffer(data.length + 256)
+      output_encrypted_key_buffer = allocate_cbuffer(256)
+      output_created_buffer = int_to_buffer(0)
+      output_parent_key_id_buffer = allocate_cbuffer(256)
+      output_parent_key_created_buffer = int_to_buffer(0)
+
+      result = Encrypt(
+        partition_id_buffer,
+        data_buffer,
+        output_encrypted_data_buffer,
+        output_encrypted_key_buffer,
+        output_created_buffer,
+        output_parent_key_id_buffer,
+        output_parent_key_created_buffer
+      )
+
+      Error.check_result!('encrypt', result)
+
+      parent_key_id = cbuffer_to_string(output_parent_key_id_buffer)
+
+      {
+        data: cbuffer_to_string(output_encrypted_data_buffer),
+        key: {
+          encrypted_key: cbuffer_to_string(output_encrypted_key_buffer),
+          created: buffer_to_int(output_created_buffer),
+          parent_key_meta: {
+            id: parent_key_id,
+            created: buffer_to_int(output_parent_key_created_buffer)
+          }
+        }
+      }
+    end
+
+    # Decrypts a data_row_record for a partition_id
+    #
+    # @param partition_id [String]
+    # @param data_row_record [Hash], data_row_record
+    # @return [String]
+    def decrypt(partition_id, data_row_record)
+      partition_id_buffer = string_to_cbuffer(partition_id)
+      encrypted_data_buffer = string_to_cbuffer(data_row_record[:data])
+      encrypted_key_buffer = string_to_cbuffer(data_row_record[:key][:encrypted_key])
+      created = data_row_record[:key][:created]
+      parent_key_id_buffer = string_to_cbuffer(data_row_record[:key][:parent_key_meta][:id])
+      parent_key_created = data_row_record[:key][:parent_key_meta][:created]
+
+      output_data_buffer = allocate_cbuffer(encrypted_data_buffer.size + 256)
+
+      result = Decrypt(
+        partition_id_buffer,
+        encrypted_data_buffer,
+        encrypted_key_buffer,
+        created,
+        parent_key_id_buffer,
+        parent_key_created,
+        output_data_buffer
+      )
+
+      Error.check_result!('decrypt', result)
+
+      cbuffer_to_string(output_data_buffer)
+    end
+  end
+end

metadata

@@ -0,0 +1,79 @@
+--- !ruby/object:Gem::Specification
+name: asherah
+version: !ruby/object:Gem::Version
+  version: 0.1.0.beta.1
+platform: x86_64-linux
+authors:
+- GoDaddy
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2022-03-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: cobhan
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.2
+description: |
+  Asherah is an application-layer encryption SDK that provides advanced
+  encryption features and defense in depth against compromise.
+email:
+- oss@godaddy.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".rspec"
+- ".rubocop.yml"
+- ".ruby-version"
+- CHANGELOG.md
+- CODE_OF_CONDUCT.md
+- CONTRIBUTING.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- SECURITY.md
+- asherah.gemspec
+- lib/asherah.rb
+- lib/asherah/error.rb
+- lib/asherah/native/libasherah-x64.so
+- lib/asherah/version.rb
+homepage: https://github.com/godaddy/asherah-ruby
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/godaddy/asherah-ruby
+  source_code_uri: https://github.com/godaddy/asherah-ruby
+  changelog_uri: https://github.com/godaddy/asherah-ruby/blob/main/CHANGELOG.md
+  rubygems_mfa_required: 'true'
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.5.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">"
+    - !ruby/object:Gem::Version
+      version: 1.3.1
+requirements: []
+rubygems_version: 3.3.3
+signing_key:
+specification_version: 4
+summary: Application Layer Encryption SDK
+test_files: []