aws-sdk-resources 2.11.561 → 2.11.562

Sign up to get free protection for your applications and to get access to all the features.
Files changed (31) hide show
  1. checksums.yaml +4 -4
  2. data/lib/aws-sdk-resources/services/s3.rb +1 -0
  3. data/lib/aws-sdk-resources/services/s3/encryption.rb +3 -0
  4. data/lib/aws-sdk-resources/services/s3/encryption/client.rb +24 -7
  5. data/lib/aws-sdk-resources/services/s3/encryption/decrypt_handler.rb +65 -25
  6. data/lib/aws-sdk-resources/services/s3/encryption/default_cipher_provider.rb +43 -5
  7. data/lib/aws-sdk-resources/services/s3/encryption/default_key_provider.rb +2 -0
  8. data/lib/aws-sdk-resources/services/s3/encryption/encrypt_handler.rb +13 -2
  9. data/lib/aws-sdk-resources/services/s3/encryption/errors.rb +2 -0
  10. data/lib/aws-sdk-resources/services/s3/encryption/io_auth_decrypter.rb +2 -0
  11. data/lib/aws-sdk-resources/services/s3/encryption/io_decrypter.rb +8 -1
  12. data/lib/aws-sdk-resources/services/s3/encryption/io_encrypter.rb +2 -0
  13. data/lib/aws-sdk-resources/services/s3/encryption/key_provider.rb +2 -0
  14. data/lib/aws-sdk-resources/services/s3/encryption/kms_cipher_provider.rb +36 -3
  15. data/lib/aws-sdk-resources/services/s3/encryption/materials.rb +8 -6
  16. data/lib/aws-sdk-resources/services/s3/encryption/utils.rb +25 -0
  17. data/lib/aws-sdk-resources/services/s3/encryptionV2/client.rb +559 -0
  18. data/lib/aws-sdk-resources/services/s3/encryptionV2/decrypt_handler.rb +214 -0
  19. data/lib/aws-sdk-resources/services/s3/encryptionV2/default_cipher_provider.rb +170 -0
  20. data/lib/aws-sdk-resources/services/s3/encryptionV2/default_key_provider.rb +40 -0
  21. data/lib/aws-sdk-resources/services/s3/encryptionV2/encrypt_handler.rb +69 -0
  22. data/lib/aws-sdk-resources/services/s3/encryptionV2/errors.rb +37 -0
  23. data/lib/aws-sdk-resources/services/s3/encryptionV2/io_auth_decrypter.rb +58 -0
  24. data/lib/aws-sdk-resources/services/s3/encryptionV2/io_decrypter.rb +37 -0
  25. data/lib/aws-sdk-resources/services/s3/encryptionV2/io_encrypter.rb +73 -0
  26. data/lib/aws-sdk-resources/services/s3/encryptionV2/key_provider.rb +31 -0
  27. data/lib/aws-sdk-resources/services/s3/encryptionV2/kms_cipher_provider.rb +169 -0
  28. data/lib/aws-sdk-resources/services/s3/encryptionV2/materials.rb +60 -0
  29. data/lib/aws-sdk-resources/services/s3/encryptionV2/utils.rb +103 -0
  30. data/lib/aws-sdk-resources/services/s3/encryption_v2.rb +24 -0
  31. metadata +18 -4
data/lib/aws-sdk-resources/services/s3/encryptionV2/utils.rb ADDED
@@ -0,0 +1,103 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'openssl'
4
+
5
+ module Aws
6
+ module S3
7
+ module EncryptionV2
8
+ # @api private
9
+ module Utils
10
+
11
+ class << self
12
+
13
+ def encrypt_aes_gcm(key, data, auth_data)
14
+ cipher = aes_encryption_cipher(:GCM, key)
15
+ cipher.iv = (iv = cipher.random_iv)
16
+ cipher.auth_data = auth_data
17
+
18
+ iv + cipher.update(data) + cipher.final + cipher.auth_tag
19
+ end
20
+
21
+ def encrypt_rsa(key, data, auth_data)
22
+ # Plaintext must be KeyLengthInBytes (1 Byte) + DataKey + AuthData
23
+ buf = [data.bytesize] + data.unpack('C*') + auth_data.unpack('C*')
24
+ key.public_encrypt(buf.pack('C*'), OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
25
+ end
26
+
27
+ def decrypt(key, data)
28
+ begin
29
+ case key
30
+ when OpenSSL::PKey::RSA # asymmetric decryption
31
+ key.private_decrypt(data)
32
+ when String # symmetric Decryption
33
+ cipher = aes_cipher(:decrypt, :ECB, key, nil)
34
+ cipher.update(data) + cipher.final
35
+ end
36
+ rescue OpenSSL::Cipher::CipherError
37
+ msg = 'decryption failed, possible incorrect key'
38
+ raise Errors::DecryptionError, msg
39
+ end
40
+ end
41
+
42
+ def decrypt_aes_gcm(key, data, auth_data)
43
+ # data is iv (12B) + key + tag (16B)
44
+ buf = data.unpack('C*')
45
+ iv = buf[0,12].pack('C*') # iv will always be 12 bytes
46
+ tag = buf[-16, 16].pack('C*') # tag is 16 bytes
47
+ enc_key = buf[12, buf.size - (12+16)].pack('C*')
48
+ cipher = aes_cipher(:decrypt, :GCM, key, iv)
49
+ cipher.auth_tag = tag
50
+ cipher.auth_data = auth_data
51
+ cipher.update(enc_key) + cipher.final
52
+ end
53
+
54
+ # returns the decrypted data + auth_data
55
+ def decrypt_rsa(key, enc_data)
56
+ # Plaintext must be KeyLengthInBytes (1 Byte) + DataKey + AuthData
57
+ buf = key.private_decrypt(enc_data, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING).unpack('C*')
58
+ key_length = buf[0]
59
+ data = buf[1, key_length].pack('C*')
60
+ auth_data = buf[key_length+1, buf.length - key_length].pack('C*')
61
+ [data, auth_data]
62
+ end
63
+
64
+ # @param [String] block_mode "CBC" or "ECB"
65
+ # @param [OpenSSL::PKey::RSA, String, nil] key
66
+ # @param [String, nil] iv The initialization vector
67
+ def aes_encryption_cipher(block_mode, key = nil, iv = nil)
68
+ aes_cipher(:encrypt, block_mode, key, iv)
69
+ end
70
+
71
+ # @param [String] block_mode "CBC" or "ECB"
72
+ # @param [OpenSSL::PKey::RSA, String, nil] key
73
+ # @param [String, nil] iv The initialization vector
74
+ def aes_decryption_cipher(block_mode, key = nil, iv = nil)
75
+ aes_cipher(:decrypt, block_mode, key, iv)
76
+ end
77
+
78
+ # @param [String] mode "encrypt" or "decrypt"
79
+ # @param [String] block_mode "CBC" or "ECB"
80
+ # @param [OpenSSL::PKey::RSA, String, nil] key
81
+ # @param [String, nil] iv The initialization vector
82
+ def aes_cipher(mode, block_mode, key, iv)
83
+ cipher = key ?
84
+ OpenSSL::Cipher.new("aes-#{cipher_size(key)}-#{block_mode.downcase}") :
85
+ OpenSSL::Cipher.new("aes-256-#{block_mode.downcase}")
86
+ cipher.send(mode) # encrypt or decrypt
87
+ cipher.key = key if key
88
+ cipher.iv = iv if iv
89
+ cipher
90
+ end
91
+
92
+ # @param [String] key
93
+ # @return [Integer]
94
+ # @raise ArgumentError
95
+ def cipher_size(key)
96
+ key.bytesize * 8
97
+ end
98
+
99
+ end
100
+ end
101
+ end
102
+ end
103
+ end
data/lib/aws-sdk-resources/services/s3/encryption_v2.rb ADDED
@@ -0,0 +1,24 @@
1
+ module Aws
2
+ module S3
3
+ module EncryptionV2
4
+
5
+ AES_GCM_TAG_LEN_BYTES = 16
6
+ EC_USER_AGENT = 'S3CryptoV2'
7
+
8
+ autoload :Client, 'aws-sdk-resources/services/s3/encryptionV2/client'
9
+ autoload :DecryptHandler, 'aws-sdk-resources/services/s3/encryptionV2/decrypt_handler'
10
+ autoload :DefaultCipherProvider, 'aws-sdk-resources/services/s3/encryptionV2/default_cipher_provider'
11
+ autoload :DefaultKeyProvider, 'aws-sdk-resources/services/s3/encryptionV2/default_key_provider'
12
+ autoload :EncryptHandler, 'aws-sdk-resources/services/s3/encryptionV2/encrypt_handler'
13
+ autoload :Errors, 'aws-sdk-resources/services/s3/encryptionV2/errors'
14
+ autoload :IOEncrypter, 'aws-sdk-resources/services/s3/encryptionV2/io_encrypter'
15
+ autoload :IOAuthDecrypter, 'aws-sdk-resources/services/s3/encryptionV2/io_auth_decrypter'
16
+ autoload :IODecrypter, 'aws-sdk-resources/services/s3/encryptionV2/io_decrypter'
17
+ autoload :KeyProvider, 'aws-sdk-resources/services/s3/encryptionV2/key_provider'
18
+ autoload :KmsCipherProvider, 'aws-sdk-resources/services/s3/encryptionV2/kms_cipher_provider'
19
+ autoload :Materials, 'aws-sdk-resources/services/s3/encryptionV2/materials'
20
+ autoload :Utils, 'aws-sdk-resources/services/s3/encryptionV2/utils'
21
+
22
+ end
23
+ end
24
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-resources
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.11.561
4
+ version: 2.11.562
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-06 00:00:00.000000000 Z
11
+ date: 2020-08-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 2.11.561
19
+ version: 2.11.562
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 2.11.561
26
+ version: 2.11.562
27
27
  description: AWS SDK For Ruby V2 has been marked as deprecated. Please upgrade to
28
28
  AWS SDK For Ruby V3.Provides resource oriented interfaces and other higher-level
29
29
  abstractions for many AWS services. This gem is part of the official AWS SDK for
@@ -74,6 +74,20 @@ files:
74
74
  - lib/aws-sdk-resources/services/s3/encryption/kms_cipher_provider.rb
75
75
  - lib/aws-sdk-resources/services/s3/encryption/materials.rb
76
76
  - lib/aws-sdk-resources/services/s3/encryption/utils.rb
77
+ - lib/aws-sdk-resources/services/s3/encryptionV2/client.rb
78
+ - lib/aws-sdk-resources/services/s3/encryptionV2/decrypt_handler.rb
79
+ - lib/aws-sdk-resources/services/s3/encryptionV2/default_cipher_provider.rb
80
+ - lib/aws-sdk-resources/services/s3/encryptionV2/default_key_provider.rb
81
+ - lib/aws-sdk-resources/services/s3/encryptionV2/encrypt_handler.rb
82
+ - lib/aws-sdk-resources/services/s3/encryptionV2/errors.rb
83
+ - lib/aws-sdk-resources/services/s3/encryptionV2/io_auth_decrypter.rb
84
+ - lib/aws-sdk-resources/services/s3/encryptionV2/io_decrypter.rb
85
+ - lib/aws-sdk-resources/services/s3/encryptionV2/io_encrypter.rb
86
+ - lib/aws-sdk-resources/services/s3/encryptionV2/key_provider.rb
87
+ - lib/aws-sdk-resources/services/s3/encryptionV2/kms_cipher_provider.rb
88
+ - lib/aws-sdk-resources/services/s3/encryptionV2/materials.rb
89
+ - lib/aws-sdk-resources/services/s3/encryptionV2/utils.rb
90
+ - lib/aws-sdk-resources/services/s3/encryption_v2.rb
77
91
  - lib/aws-sdk-resources/services/s3/file_downloader.rb
78
92
  - lib/aws-sdk-resources/services/s3/file_part.rb
79
93
  - lib/aws-sdk-resources/services/s3/file_uploader.rb