enveloperb 0.1.4-x86_64-darwin → 0.1.5.4.g10f5d39-x86_64-darwin

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,17 @@
1
+ [package]
2
+ name = "enveloperb"
3
+ version = "0.0.0"
4
+ edition = "2021"
5
+
6
+ [dependencies]
7
+ enveloper = { git = "https://github.com/cipherstash/enveloper", branch = "main" }
8
+ lazy_static = "^0.2.2"
9
+ rb-sys = "0.8.0"
10
+ rutie = { git = "https://github.com/mpalmer/rutie", branch = "rb_sys" }
11
+ tokio = { version = "^1.17.0", features = [ "rt-multi-thread" ] }
12
+ aws-config = "0.10.1"
13
+ aws-sdk-kms = "0.10.1"
14
+ aws-types = { version = "0.10.1", features = [ "hardcoded-credentials" ] }
15
+
16
+ [lib]
17
+ crate-type = ["cdylib"]
@@ -0,0 +1,4 @@
1
+ require "mkmf"
2
+ require "rb_sys/mkmf"
3
+
4
+ create_rust_makefile("enveloperb/enveloperb")
@@ -0,0 +1,195 @@
1
+ #[macro_use]
2
+ extern crate rutie;
3
+
4
+ #[macro_use]
5
+ extern crate lazy_static;
6
+
7
+ // I have deliberately not used more-specific symbols inside the aws_* crates because the
8
+ // names are quite generic, and in the near future when we have more providers, we'll
9
+ // almost certainly end up with naming clashes.
10
+ use aws_config;
11
+ use aws_sdk_kms;
12
+ use aws_types;
13
+ use enveloper::{EncryptedRecord, EnvelopeCipher, KMSKeyProvider, SimpleKeyProvider};
14
+ use std::borrow::Cow;
15
+ use tokio::runtime::Runtime;
16
+ use rutie::{Class, Encoding, Hash, Module, Object, RString, Symbol, VerifiedObject, VM};
17
+
18
+ module!(Enveloperb);
19
+ class!(EnveloperbSimple);
20
+ class!(EnveloperbAWSKMS);
21
+ class!(EnveloperbEncryptedRecord);
22
+
23
+ impl VerifiedObject for EnveloperbEncryptedRecord {
24
+ fn is_correct_type<T: Object>(object: &T) -> bool {
25
+ let klass = Module::from_existing("Enveloperb").get_nested_class("EncryptedRecord");
26
+ klass.case_equals(object)
27
+ }
28
+
29
+ fn error_message() -> &'static str {
30
+ "Error converting to Enveloperb::EncryptedRecord"
31
+ }
32
+ }
33
+
34
+ pub struct SimpleCipher {
35
+ cipher: EnvelopeCipher<SimpleKeyProvider>,
36
+ runtime: Runtime,
37
+ }
38
+
39
+ pub struct AWSKMSCipher {
40
+ cipher: EnvelopeCipher<KMSKeyProvider>,
41
+ runtime: Runtime,
42
+ }
43
+
44
+ wrappable_struct!(SimpleCipher, SimpleCipherWrapper, SIMPLE_CIPHER_WRAPPER);
45
+ wrappable_struct!(AWSKMSCipher, AWSKMSCipherWrapper, AWSKMS_CIPHER_WRAPPER);
46
+ wrappable_struct!(EncryptedRecord, EncryptedRecordWrapper, ENCRYPTED_RECORD_WRAPPER);
47
+
48
+ methods!(
49
+ EnveloperbSimple,
50
+ rbself,
51
+
52
+ fn enveloperb_simple_new(rbkey: RString) -> EnveloperbSimple {
53
+ let mut key: [u8; 16] = Default::default();
54
+
55
+ key.clone_from_slice(rbkey.unwrap().to_bytes_unchecked());
56
+
57
+ let provider = SimpleKeyProvider::init(key);
58
+ let cipher = EnvelopeCipher::init(provider);
59
+
60
+ let klass = Module::from_existing("Enveloperb").get_nested_class("Simple");
61
+ return klass.wrap_data(SimpleCipher{ cipher: cipher, runtime: Runtime::new().unwrap() }, &*SIMPLE_CIPHER_WRAPPER);
62
+ }
63
+
64
+ fn enveloperb_simple_encrypt(rbtext: RString) -> EnveloperbEncryptedRecord {
65
+ let cipher = rbself.get_data(&*SIMPLE_CIPHER_WRAPPER);
66
+ let er_r = cipher.runtime.block_on(async {
67
+ cipher.cipher.encrypt(rbtext.unwrap().to_bytes_unchecked()).await
68
+ });
69
+ let er = er_r.map_err(|e| VM::raise(Class::from_existing("RuntimeError"), &format!("Failed to perform encryption: {:?}", e))).unwrap();
70
+
71
+ let klass = Module::from_existing("Enveloperb").get_nested_class("EncryptedRecord");
72
+ return klass.wrap_data(er, &*ENCRYPTED_RECORD_WRAPPER);
73
+ }
74
+
75
+ fn enveloperb_simple_decrypt(rbrecord: EnveloperbEncryptedRecord) -> RString {
76
+ let cipher = rbself.get_data(&*SIMPLE_CIPHER_WRAPPER);
77
+ let e_record = rbrecord.unwrap();
78
+ let record = e_record.get_data(&*ENCRYPTED_RECORD_WRAPPER);
79
+
80
+ let vec_r = cipher.runtime.block_on(async {
81
+ cipher.cipher.decrypt(record).await
82
+ });
83
+ let vec = vec_r.map_err(|e| VM::raise(Class::from_existing("RuntimeError"), &format!("Failed to perform decryption: {:?}", e))).unwrap();
84
+
85
+ return RString::from_bytes(&vec, &Encoding::find("BINARY").unwrap());
86
+ }
87
+ );
88
+
89
+ methods!(
90
+ EnveloperbAWSKMS,
91
+ rbself,
92
+
93
+ fn enveloperb_awskms_new(rbkey: RString, rbcreds: Hash) -> EnveloperbAWSKMS {
94
+ let raw_creds = rbcreds.unwrap();
95
+ let rt = Runtime::new().unwrap();
96
+
97
+ let kmsclient_config = if raw_creds.at(&Symbol::new("access_key_id")).is_nil() {
98
+ rt.block_on(async {
99
+ aws_config::load_from_env().await
100
+ })
101
+ } else {
102
+ let rbregion = raw_creds.at(&Symbol::new("region")).try_convert_to::<RString>().unwrap();
103
+ let region = Some(aws_types::region::Region::new(rbregion.to_str().to_owned()));
104
+
105
+ let rbkey_id = raw_creds.at(&Symbol::new("access_key_id")).try_convert_to::<RString>().unwrap();
106
+ let key_id = rbkey_id.to_str();
107
+
108
+ let rbsecret = raw_creds.at(&Symbol::new("secret_access_key")).try_convert_to::<RString>().unwrap();
109
+ let secret = rbsecret.to_str();
110
+
111
+ let token = match raw_creds.at(&Symbol::new("session_token")).try_convert_to::<RString>() {
112
+ Ok(str) => Some(str.to_string()),
113
+ Err(_) => None
114
+ };
115
+
116
+ let aws_creds = aws_types::Credentials::from_keys(key_id, secret, token);
117
+ let creds_provider = aws_types::credentials::SharedCredentialsProvider::new(aws_creds);
118
+
119
+ aws_types::sdk_config::SdkConfig::builder().region(region).credentials_provider(creds_provider).build()
120
+ };
121
+
122
+ let kmsclient = aws_sdk_kms::Client::new(&kmsclient_config);
123
+ let provider = KMSKeyProvider::new(kmsclient, rbkey.unwrap().to_string());
124
+ let cipher = EnvelopeCipher::init(provider);
125
+
126
+ let klass = Module::from_existing("Enveloperb").get_nested_class("AWSKMS");
127
+ return klass.wrap_data(AWSKMSCipher{ cipher: cipher, runtime: rt }, &*AWSKMS_CIPHER_WRAPPER);
128
+ }
129
+
130
+ fn enveloperb_awskms_encrypt(rbtext: RString) -> EnveloperbEncryptedRecord {
131
+ let cipher = rbself.get_data(&*AWSKMS_CIPHER_WRAPPER);
132
+ let er_r = cipher.runtime.block_on(async {
133
+ cipher.cipher.encrypt(rbtext.unwrap().to_bytes_unchecked()).await
134
+ });
135
+ let er = er_r.map_err(|e| VM::raise(Class::from_existing("RuntimeError"), &format!("Failed to perform encryption: {:?}", e))).unwrap();
136
+
137
+ let klass = Module::from_existing("Enveloperb").get_nested_class("EncryptedRecord");
138
+ return klass.wrap_data(er, &*ENCRYPTED_RECORD_WRAPPER);
139
+ }
140
+
141
+ fn enveloperb_awskms_decrypt(rbrecord: EnveloperbEncryptedRecord) -> RString {
142
+ let cipher = rbself.get_data(&*AWSKMS_CIPHER_WRAPPER);
143
+ let e_record = rbrecord.unwrap();
144
+ let record = e_record.get_data(&*ENCRYPTED_RECORD_WRAPPER);
145
+
146
+ let vec_r = cipher.runtime.block_on(async {
147
+ cipher.cipher.decrypt(record).await
148
+ });
149
+ let vec = vec_r.map_err(|e| VM::raise(Class::from_existing("RuntimeError"), &format!("Failed to perform decryption: {:?}", e))).unwrap();
150
+
151
+ return RString::from_bytes(&vec, &Encoding::find("BINARY").unwrap());
152
+ }
153
+ );
154
+
155
+ methods!(
156
+ EnveloperbEncryptedRecord,
157
+ rbself,
158
+
159
+ fn enveloperb_encrypted_record_new(serialized_record: RString) -> EnveloperbEncryptedRecord {
160
+ let s = serialized_record.unwrap().to_vec_u8_unchecked();
161
+ let ct = EncryptedRecord::from_vec(s).map_err(|e| VM::raise(Class::from_existing("ArgumentError"), &format!("Failed to decode encrypted record: {:?}", e))).unwrap();
162
+
163
+ let klass = Module::from_existing("Enveloperb").get_nested_class("EncryptedRecord");
164
+ return klass.wrap_data(ct, &*ENCRYPTED_RECORD_WRAPPER);
165
+ }
166
+
167
+ fn enveloperb_encrypted_record_serialize() -> RString {
168
+ let record = rbself.get_data(&*ENCRYPTED_RECORD_WRAPPER);
169
+
170
+ return RString::from_bytes(&record.to_vec().map_err(|e| VM::raise(Class::from_existing("RuntimeError"), &format!("Failed to encode encrypted record: {:?}", e))).unwrap(), &Encoding::find("BINARY").unwrap());
171
+ }
172
+ );
173
+
174
+ #[allow(non_snake_case)]
175
+ #[no_mangle]
176
+ pub extern "C" fn Init_enveloperb() {
177
+ Module::from_existing("Enveloperb").define(|envmod| {
178
+ envmod.define_nested_class("Simple", None).define(|klass| {
179
+ klass.singleton_class().def_private("_new", enveloperb_simple_new);
180
+ klass.def_private("_encrypt", enveloperb_simple_encrypt);
181
+ klass.def_private("_decrypt", enveloperb_simple_decrypt);
182
+ });
183
+
184
+ envmod.define_nested_class("AWSKMS", None).define(|klass| {
185
+ klass.singleton_class().def_private("_new", enveloperb_awskms_new);
186
+ klass.def_private("_encrypt", enveloperb_awskms_encrypt);
187
+ klass.def_private("_decrypt", enveloperb_awskms_decrypt);
188
+ });
189
+
190
+ envmod.define_nested_class("EncryptedRecord", None).define(|klass| {
191
+ klass.singleton_class().def_private("_new", enveloperb_encrypted_record_new);
192
+ klass.def_private("_serialize", enveloperb_encrypted_record_serialize);
193
+ });
194
+ });
195
+ }
Binary file
Binary file
data/lib/enveloperb.rb CHANGED
@@ -1,12 +1,14 @@
1
- require "fiddle"
1
+ module Enveloperb
2
+ end
2
3
 
3
4
  begin
4
- Fiddle::Function.new(Fiddle.dlopen("#{__dir__}/#{RbConfig::CONFIG["ruby_version"]}/libenveloperb.#{RbConfig::CONFIG["SOEXT"]}")["Init_libenveloperb"], [], Fiddle::TYPE_VOIDP).call
5
- rescue Fiddle::DLError
5
+ RUBY_VERSION =~ /(\d+\.\d+)/
6
+ require_relative "./#{RUBY_VERSION}/enveloperb"
7
+ rescue LoadError
6
8
  begin
7
- Fiddle::Function.new(Fiddle.dlopen("#{__dir__}/libenveloperb.#{RbConfig::CONFIG["SOEXT"]}")["Init_libenveloperb"], [], Fiddle::TYPE_VOIDP).call
8
- rescue Fiddle::DLError
9
- raise LoadError, "Failed to initialize libenveloperb.#{RbConfig::CONFIG["SOEXT"]}; either it hasn't been built, or was built incorrectly for your system"
9
+ require_relative "./enveloperb.#{RbConfig::CONFIG["DLEXT"]}"
10
+ rescue LoadError
11
+ raise LoadError, "Failed to load enveloperb.#{RbConfig::CONFIG["DLEXT"]}; either it hasn't been built, or was built incorrectly for your system"
10
12
  end
11
13
  end
12
14
 
metadata CHANGED
@@ -1,29 +1,15 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: enveloperb
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.4
4
+ version: 0.1.5.4.g10f5d39
5
5
  platform: x86_64-darwin
6
6
  authors:
7
7
  - Matt Palmer
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-05-02 00:00:00.000000000 Z
11
+ date: 2022-05-05 00:00:00.000000000 Z
12
12
  dependencies:
13
- - !ruby/object:Gem::Dependency
14
- name: fiddle
15
- requirement: !ruby/object:Gem::Requirement
16
- requirements:
17
- - - "~>"
18
- - !ruby/object:Gem::Version
19
- version: '1.1'
20
- type: :runtime
21
- prerelease: false
22
- version_requirements: !ruby/object:Gem::Requirement
23
- requirements:
24
- - - "~>"
25
- - !ruby/object:Gem::Version
26
- version: '1.1'
27
13
  - !ruby/object:Gem::Dependency
28
14
  name: bundler
29
15
  requirement: !ruby/object:Gem::Requirement
@@ -72,20 +58,42 @@ dependencies:
72
58
  requirements:
73
59
  - - "~>"
74
60
  - !ruby/object:Gem::Version
75
- version: '10.4'
76
- - - ">="
61
+ version: '13.0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
77
67
  - !ruby/object:Gem::Version
78
- version: 10.4.2
68
+ version: '13.0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: rake-compiler
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '1.2'
79
76
  type: :development
80
77
  prerelease: false
81
78
  version_requirements: !ruby/object:Gem::Requirement
82
79
  requirements:
83
80
  - - "~>"
84
81
  - !ruby/object:Gem::Version
85
- version: '10.4'
86
- - - ">="
82
+ version: '1.2'
83
+ - !ruby/object:Gem::Dependency
84
+ name: rake-compiler-dock
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '1.2'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
87
95
  - !ruby/object:Gem::Version
88
- version: 10.4.2
96
+ version: '1.2'
89
97
  - !ruby/object:Gem::Dependency
90
98
  name: rb-inotify
91
99
  requirement: !ruby/object:Gem::Requirement
@@ -100,6 +108,20 @@ dependencies:
100
108
  - - "~>"
101
109
  - !ruby/object:Gem::Version
102
110
  version: '0.9'
111
+ - !ruby/object:Gem::Dependency
112
+ name: rb_sys
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - "~>"
116
+ - !ruby/object:Gem::Version
117
+ version: '0.1'
118
+ type: :development
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - "~>"
123
+ - !ruby/object:Gem::Version
124
+ version: '0.1'
103
125
  - !ruby/object:Gem::Dependency
104
126
  name: redcarpet
105
127
  requirement: !ruby/object:Gem::Requirement
@@ -156,7 +178,7 @@ dependencies:
156
178
  - - ">="
157
179
  - !ruby/object:Gem::Version
158
180
  version: '0'
159
- description:
181
+ description:
160
182
  email:
161
183
  - matt@cipherstash.com
162
184
  executables: []
@@ -168,7 +190,14 @@ files:
168
190
  - LICENCE
169
191
  - README.md
170
192
  - enveloperb.gemspec
171
- - lib/2.7.0/libenveloperb.dylib
193
+ - ext/enveloperb/.gitignore
194
+ - ext/enveloperb/Cargo.lock
195
+ - ext/enveloperb/Cargo.toml
196
+ - ext/enveloperb/extconf.rb
197
+ - ext/enveloperb/src/lib.rs
198
+ - lib/2.7/enveloperb.bundle
199
+ - lib/3.0/enveloperb.bundle
200
+ - lib/3.1/enveloperb.bundle
172
201
  - lib/enveloperb.rb
173
202
  - lib/enveloperb/awskms.rb
174
203
  - lib/enveloperb/encrypted_record.rb
@@ -176,23 +205,26 @@ files:
176
205
  homepage: https://github.com/cipherstash/enveloperb
177
206
  licenses: []
178
207
  metadata: {}
179
- post_install_message:
208
+ post_install_message:
180
209
  rdoc_options: []
181
210
  require_paths:
182
211
  - lib
183
212
  required_ruby_version: !ruby/object:Gem::Requirement
184
213
  requirements:
185
- - - "~>"
214
+ - - ">="
186
215
  - !ruby/object:Gem::Version
187
- version: 2.7.0
216
+ version: '2.7'
217
+ - - "<"
218
+ - !ruby/object:Gem::Version
219
+ version: 3.2.dev
188
220
  required_rubygems_version: !ruby/object:Gem::Requirement
189
221
  requirements:
190
- - - ">="
222
+ - - ">"
191
223
  - !ruby/object:Gem::Version
192
- version: '0'
224
+ version: 1.3.1
193
225
  requirements: []
194
- rubygems_version: 3.1.6
195
- signing_key:
226
+ rubygems_version: 3.4.0.dev
227
+ signing_key:
196
228
  specification_version: 4
197
229
  summary: Ruby bindings for the envelopers envelope encryption library
198
230
  test_files: []