enveloperb 0.1.4-x86_64-darwin → 0.1.5.4.g10f5d39-x86_64-darwin

data/ext/enveloperb/Cargo.toml

@@ -0,0 +1,17 @@
+[package]
+name = "enveloperb"
+version = "0.0.0"
+edition = "2021"
+
+[dependencies]
+enveloper = { git = "https://github.com/cipherstash/enveloper", branch = "main" }
+lazy_static = "^0.2.2"
+rb-sys = "0.8.0"
+rutie = { git = "https://github.com/mpalmer/rutie", branch = "rb_sys" }
+tokio = { version = "^1.17.0", features = [ "rt-multi-thread" ] }
+aws-config = "0.10.1"
+aws-sdk-kms = "0.10.1"
+aws-types = { version = "0.10.1", features = [ "hardcoded-credentials" ] }
+
+[lib]
+crate-type = ["cdylib"]

data/ext/enveloperb/extconf.rb

@@ -0,0 +1,4 @@
+require "mkmf"
+require "rb_sys/mkmf"
+
+create_rust_makefile("enveloperb/enveloperb")

data/ext/enveloperb/src/lib.rs

@@ -0,0 +1,195 @@
+#[macro_use]
+extern crate rutie;
+
+#[macro_use]
+extern crate lazy_static;
+
+// I have deliberately not used more-specific symbols inside the aws_* crates because the
+// names are quite generic, and in the near future when we have more providers, we'll
+// almost certainly end up with naming clashes.
+use aws_config;
+use aws_sdk_kms;
+use aws_types;
+use enveloper::{EncryptedRecord, EnvelopeCipher, KMSKeyProvider, SimpleKeyProvider};
+use std::borrow::Cow;
+use tokio::runtime::Runtime;
+use rutie::{Class, Encoding, Hash, Module, Object, RString, Symbol, VerifiedObject, VM};
+
+module!(Enveloperb);
+class!(EnveloperbSimple);
+class!(EnveloperbAWSKMS);
+class!(EnveloperbEncryptedRecord);
+
+impl VerifiedObject for EnveloperbEncryptedRecord {
+    fn is_correct_type<T: Object>(object: &T) -> bool {
+        let klass = Module::from_existing("Enveloperb").get_nested_class("EncryptedRecord");
+        klass.case_equals(object)
+    }
+
+    fn error_message() -> &'static str {
+        "Error converting to Enveloperb::EncryptedRecord"
+    }
+}
+
+pub struct SimpleCipher {
+    cipher: EnvelopeCipher<SimpleKeyProvider>,
+    runtime: Runtime,
+}
+
+pub struct AWSKMSCipher {
+    cipher: EnvelopeCipher<KMSKeyProvider>,
+    runtime: Runtime,
+}
+
+wrappable_struct!(SimpleCipher, SimpleCipherWrapper, SIMPLE_CIPHER_WRAPPER);
+wrappable_struct!(AWSKMSCipher, AWSKMSCipherWrapper, AWSKMS_CIPHER_WRAPPER);
+wrappable_struct!(EncryptedRecord, EncryptedRecordWrapper, ENCRYPTED_RECORD_WRAPPER);
+
+methods!(
+    EnveloperbSimple,
+    rbself,
+
+    fn enveloperb_simple_new(rbkey: RString) -> EnveloperbSimple {
+        let mut key: [u8; 16] = Default::default();
+
+        key.clone_from_slice(rbkey.unwrap().to_bytes_unchecked());
+
+        let provider = SimpleKeyProvider::init(key);
+        let cipher = EnvelopeCipher::init(provider);
+
+        let klass = Module::from_existing("Enveloperb").get_nested_class("Simple");
+        return klass.wrap_data(SimpleCipher{ cipher: cipher, runtime: Runtime::new().unwrap() }, &*SIMPLE_CIPHER_WRAPPER);
+    }
+
+    fn enveloperb_simple_encrypt(rbtext: RString) -> EnveloperbEncryptedRecord {
+        let cipher = rbself.get_data(&*SIMPLE_CIPHER_WRAPPER);
+        let er_r = cipher.runtime.block_on(async {
+            cipher.cipher.encrypt(rbtext.unwrap().to_bytes_unchecked()).await
+        });
+        let er = er_r.map_err(|e| VM::raise(Class::from_existing("RuntimeError"), &format!("Failed to perform encryption: {:?}", e))).unwrap();
+
+        let klass = Module::from_existing("Enveloperb").get_nested_class("EncryptedRecord");
+        return klass.wrap_data(er, &*ENCRYPTED_RECORD_WRAPPER);
+    }
+
+    fn enveloperb_simple_decrypt(rbrecord: EnveloperbEncryptedRecord) -> RString {
+        let cipher = rbself.get_data(&*SIMPLE_CIPHER_WRAPPER);
+        let e_record = rbrecord.unwrap();
+        let record = e_record.get_data(&*ENCRYPTED_RECORD_WRAPPER);
+
+        let vec_r = cipher.runtime.block_on(async {
+            cipher.cipher.decrypt(record).await
+        });
+        let vec = vec_r.map_err(|e| VM::raise(Class::from_existing("RuntimeError"), &format!("Failed to perform decryption: {:?}", e))).unwrap();
+
+        return RString::from_bytes(&vec, &Encoding::find("BINARY").unwrap());
+    }
+);
+
+methods!(
+    EnveloperbAWSKMS,
+    rbself,
+
+    fn enveloperb_awskms_new(rbkey: RString, rbcreds: Hash) -> EnveloperbAWSKMS {
+        let raw_creds = rbcreds.unwrap();
+        let rt = Runtime::new().unwrap();
+
+        let kmsclient_config = if raw_creds.at(&Symbol::new("access_key_id")).is_nil() {
+            rt.block_on(async {
+                aws_config::load_from_env().await
+            })
+        } else {
+            let rbregion = raw_creds.at(&Symbol::new("region")).try_convert_to::<RString>().unwrap();
+            let region   = Some(aws_types::region::Region::new(rbregion.to_str().to_owned()));
+
+            let rbkey_id = raw_creds.at(&Symbol::new("access_key_id")).try_convert_to::<RString>().unwrap();
+            let key_id   = rbkey_id.to_str();
+
+            let rbsecret = raw_creds.at(&Symbol::new("secret_access_key")).try_convert_to::<RString>().unwrap();
+            let secret   = rbsecret.to_str();
+
+            let token = match raw_creds.at(&Symbol::new("session_token")).try_convert_to::<RString>() {
+                Ok(str) => Some(str.to_string()),
+                Err(_)  => None
+            };
+
+            let aws_creds = aws_types::Credentials::from_keys(key_id, secret, token);
+            let creds_provider = aws_types::credentials::SharedCredentialsProvider::new(aws_creds);
+
+            aws_types::sdk_config::SdkConfig::builder().region(region).credentials_provider(creds_provider).build()
+        };
+
+        let kmsclient = aws_sdk_kms::Client::new(&kmsclient_config);
+        let provider = KMSKeyProvider::new(kmsclient, rbkey.unwrap().to_string());
+        let cipher = EnvelopeCipher::init(provider);
+
+        let klass = Module::from_existing("Enveloperb").get_nested_class("AWSKMS");
+        return klass.wrap_data(AWSKMSCipher{ cipher: cipher, runtime: rt }, &*AWSKMS_CIPHER_WRAPPER);
+    }
+
+    fn enveloperb_awskms_encrypt(rbtext: RString) -> EnveloperbEncryptedRecord {
+        let cipher = rbself.get_data(&*AWSKMS_CIPHER_WRAPPER);
+        let er_r = cipher.runtime.block_on(async {
+            cipher.cipher.encrypt(rbtext.unwrap().to_bytes_unchecked()).await
+        });
+        let er = er_r.map_err(|e| VM::raise(Class::from_existing("RuntimeError"), &format!("Failed to perform encryption: {:?}", e))).unwrap();
+
+        let klass = Module::from_existing("Enveloperb").get_nested_class("EncryptedRecord");
+        return klass.wrap_data(er, &*ENCRYPTED_RECORD_WRAPPER);
+    }
+
+    fn enveloperb_awskms_decrypt(rbrecord: EnveloperbEncryptedRecord) -> RString {
+        let cipher = rbself.get_data(&*AWSKMS_CIPHER_WRAPPER);
+        let e_record = rbrecord.unwrap();
+        let record = e_record.get_data(&*ENCRYPTED_RECORD_WRAPPER);
+
+        let vec_r = cipher.runtime.block_on(async {
+            cipher.cipher.decrypt(record).await
+        });
+        let vec = vec_r.map_err(|e| VM::raise(Class::from_existing("RuntimeError"), &format!("Failed to perform decryption: {:?}", e))).unwrap();
+
+        return RString::from_bytes(&vec, &Encoding::find("BINARY").unwrap());
+    }
+);
+
+methods!(
+    EnveloperbEncryptedRecord,
+    rbself,
+
+    fn enveloperb_encrypted_record_new(serialized_record: RString) -> EnveloperbEncryptedRecord {
+        let s = serialized_record.unwrap().to_vec_u8_unchecked();
+        let ct = EncryptedRecord::from_vec(s).map_err(|e| VM::raise(Class::from_existing("ArgumentError"), &format!("Failed to decode encrypted record: {:?}", e))).unwrap();
+
+        let klass = Module::from_existing("Enveloperb").get_nested_class("EncryptedRecord");
+        return klass.wrap_data(ct, &*ENCRYPTED_RECORD_WRAPPER);
+    }
+
+    fn enveloperb_encrypted_record_serialize() -> RString {
+        let record = rbself.get_data(&*ENCRYPTED_RECORD_WRAPPER);
+
+        return RString::from_bytes(&record.to_vec().map_err(|e| VM::raise(Class::from_existing("RuntimeError"), &format!("Failed to encode encrypted record: {:?}", e))).unwrap(), &Encoding::find("BINARY").unwrap());
+    }
+);
+
+#[allow(non_snake_case)]
+#[no_mangle]
+pub extern "C" fn Init_enveloperb() {
+    Module::from_existing("Enveloperb").define(|envmod| {
+        envmod.define_nested_class("Simple", None).define(|klass| {
+            klass.singleton_class().def_private("_new", enveloperb_simple_new);
+            klass.def_private("_encrypt", enveloperb_simple_encrypt);
+            klass.def_private("_decrypt", enveloperb_simple_decrypt);
+        });
+
+        envmod.define_nested_class("AWSKMS", None).define(|klass| {
+            klass.singleton_class().def_private("_new", enveloperb_awskms_new);
+            klass.def_private("_encrypt", enveloperb_awskms_encrypt);
+            klass.def_private("_decrypt", enveloperb_awskms_decrypt);
+        });
+
+        envmod.define_nested_class("EncryptedRecord", None).define(|klass| {
+            klass.singleton_class().def_private("_new", enveloperb_encrypted_record_new);
+            klass.def_private("_serialize", enveloperb_encrypted_record_serialize);
+        });
+    });
+}

data/lib/enveloperb.rb

@@ -1,12 +1,14 @@
-require "fiddle"
+module Enveloperb
+end
 
 begin
-  Fiddle::Function.new(Fiddle.dlopen("#{__dir__}/#{RbConfig::CONFIG["ruby_version"]}/libenveloperb.#{RbConfig::CONFIG["SOEXT"]}")["Init_libenveloperb"], [], Fiddle::TYPE_VOIDP).call
-rescue Fiddle::DLError
+  RUBY_VERSION =~ /(\d+\.\d+)/
+  require_relative "./#{RUBY_VERSION}/enveloperb"
+rescue LoadError
   begin
-    Fiddle::Function.new(Fiddle.dlopen("#{__dir__}/libenveloperb.#{RbConfig::CONFIG["SOEXT"]}")["Init_libenveloperb"], [], Fiddle::TYPE_VOIDP).call
-  rescue Fiddle::DLError
-    raise LoadError, "Failed to initialize libenveloperb.#{RbConfig::CONFIG["SOEXT"]}; either it hasn't been built, or was built incorrectly for your system"
+    require_relative "./enveloperb.#{RbConfig::CONFIG["DLEXT"]}"
+  rescue LoadError
+    raise LoadError, "Failed to load enveloperb.#{RbConfig::CONFIG["DLEXT"]}; either it hasn't been built, or was built incorrectly for your system"
   end
 end
 

metadata

@@ -1,29 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: enveloperb
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.5.4.g10f5d39
 platform: x86_64-darwin
 authors:
 - Matt Palmer
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-05-02 00:00:00.000000000 Z
+date: 2022-05-05 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: fiddle
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.1'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.1'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -72,20 +58,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.4'
-    - - ">="
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 10.4.2
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: rake-compiler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.4'
-    - - ">="
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: rake-compiler-dock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 10.4.2
+        version: '1.2'
 - !ruby/object:Gem::Dependency
   name: rb-inotify
   requirement: !ruby/object:Gem::Requirement
@@ -100,6 +108,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
+- !ruby/object:Gem::Dependency
+  name: rb_sys
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
 - !ruby/object:Gem::Dependency
   name: redcarpet
   requirement: !ruby/object:Gem::Requirement
@@ -156,7 +178,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: 
+description:
 email:
 - matt@cipherstash.com
 executables: []
@@ -168,7 +190,14 @@ files:
 - LICENCE
 - README.md
 - enveloperb.gemspec
-- lib/2.7.0/libenveloperb.dylib
+- ext/enveloperb/.gitignore
+- ext/enveloperb/Cargo.lock
+- ext/enveloperb/Cargo.toml
+- ext/enveloperb/extconf.rb
+- ext/enveloperb/src/lib.rs
+- lib/2.7/enveloperb.bundle
+- lib/3.0/enveloperb.bundle
+- lib/3.1/enveloperb.bundle
 - lib/enveloperb.rb
 - lib/enveloperb/awskms.rb
 - lib/enveloperb/encrypted_record.rb
@@ -176,23 +205,26 @@ files:
 homepage: https://github.com/cipherstash/enveloperb
 licenses: []
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - "~>"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 2.7.0
+      version: '2.7'
+  - - "<"
+    - !ruby/object:Gem::Version
+      version: 3.2.dev
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubygems_version: 3.1.6
-signing_key: 
+rubygems_version: 3.4.0.dev
+signing_key:
 specification_version: 4
 summary: Ruby bindings for the envelopers envelope encryption library
 test_files: []