asherah 0.2.0-x86_64-linux → 0.3.0-x86_64-linux

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1a3ea6ba3aca16701b48b1435b5dde4a014d0e3769cc66d6609af670b3d4b6cf
-  data.tar.gz: d2cf924ab75bc682deeea77addea8fad85585460748e702e66005dd0d2af18e7
+  metadata.gz: 758ad70b5b231d10c180fb71a049d96afd32a037fc57677c1f68d0073a21dbc5
+  data.tar.gz: 2d7ca84aad9d29edbc0d4d50b06a59eeefa2b6f42538255888de8a46bf8d6e26
 SHA512:
-  metadata.gz: 23a1ebfb0229e3245111a9b9abd7298e194a61b5e5d5172afcede238e4f5bc8456f54b81f585bf665354fce05420220d45e0593678c984fbd12471c95b77b01e
-  data.tar.gz: d094f921ae9a0c2150ccff3285475449ead10a0609829449bc5336a9e968addb7ae9263e43a4f6899dbbd785a9a298ce8360165525759436c6b3dc2b16cf542b
+  metadata.gz: 595dfddbec67e401d03ca1173da193806ef9685883570345c8a2fb3b485cc68e7c9ed3c97c8b90ebcdab53ea4dcd221760d054f26ad3b9ff14ea2431552730b2
+  data.tar.gz: 5369890fc487da0e6108b3bb6ad50d47b01d80ac4a1f77c2e4d5253047d121fa381e14980da2a8fd2d3f48b9035ac3c2fc0f8afeeb10c3f183fbe9a51f74d638

data/CHANGELOG.md

@@ -1,5 +1,11 @@
 ## [Unreleased]
 
+## [0.3.0] - 2022-03-22
+
+- Free up cobhan buffers after encrypt/decrypt to prevent growing heap memory
+- Use local `estimate_buffer` calculation instead of FFI call
+- Upgrade to use asherah-cobhan v0.4.3
+
 ## [0.2.0] - 2022-03-21
 
 - Implement versioning for asherah-cobhan binaries

data/lib/asherah/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Asherah
-  VERSION = '0.2.0'
+  VERSION = '0.3.0'
 end

data/lib/asherah.rb

@@ -14,10 +14,13 @@ module Asherah
     [:SetupJson, [:pointer], :int32],
     [:EncryptToJson, [:pointer, :pointer, :pointer], :int32],
     [:DecryptFromJson, [:pointer, :pointer, :pointer], :int32],
-    [:EstimateBuffer, [:int32, :int32], :int32],
     [:Shutdown, [], :void]
   ].freeze)
 
+  ESTIMATED_ENCRYPTION_OVERHEAD = 48
+  ESTIMATED_ENVELOPE_OVERHEAD = 185
+  BASE64_OVERHEAD = 1.34
+
   class << self
     # Configures Asherah
     #
@@ -27,6 +30,7 @@ module Asherah
       config = Config.new
       yield config
       config.validate!
+      @intermediated_key_overhead_bytesize = config.product_id.bytesize + config.service_name.bytesize
 
       config_buffer = string_to_cbuffer(config.to_json)
 
@@ -52,13 +56,15 @@ module Asherah
     def encrypt(partition_id, data)
       partition_id_buffer = string_to_cbuffer(partition_id)
       data_buffer = string_to_cbuffer(data)
-      estimated_length = EstimateBuffer(data.bytesize, partition_id.bytesize)
-      output_buffer = allocate_cbuffer(estimated_length)
+      estimated_buffer_bytesize = estimate_buffer(data.bytesize, partition_id.bytesize)
+      output_buffer = allocate_cbuffer(estimated_buffer_bytesize)
 
       result = EncryptToJson(partition_id_buffer, data_buffer, output_buffer)
       Error.check_result!(result, 'EncryptToJson failed')
 
       cbuffer_to_string(output_buffer)
+    ensure
+      [partition_id_buffer, data_buffer, output_buffer].map(&:free)
     end
 
     # Decrypts a DataRowRecord in JSON format for a partition_id and returns decrypted data.
@@ -75,11 +81,22 @@ module Asherah
       Error.check_result!(result, 'DecryptFromJson failed')
 
       cbuffer_to_string(output_buffer)
+    ensure
+      [partition_id_buffer, data_buffer, output_buffer].map(&:free)
     end
 
     # Stop the Asherah instance
     def shutdown
       Shutdown()
     end
+
+    private
+
+    def estimate_buffer(data_bytesize, partition_bytesize)
+      ESTIMATED_ENVELOPE_OVERHEAD +
+        @intermediated_key_overhead_bytesize +
+        partition_bytesize +
+        ((data_bytesize + ESTIMATED_ENCRYPTION_OVERHEAD) * BASE64_OVERHEAD)
+    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: asherah
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: x86_64-linux
 authors:
 - GoDaddy
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-03-21 00:00:00.000000000 Z
+date: 2022-03-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cobhan