gala 0.3.2 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4227537dc0b299428df76e8558c2191c30d065b0
-  data.tar.gz: 87347e9b12ab6fb03644a13c18c171d4f90801cd
+  metadata.gz: a0d3e1fc4a6b470c17fd047d0976d3bb38313a66
+  data.tar.gz: 4f0ad1ff3596351cb1c5f01d4eff262fd92010ad
 SHA512:
-  metadata.gz: 04c1581817cf346028e8b575802150c3e4639e7b87c44f49c35b83058c939c0d7eff0f5ebc9e98d0e9a14dbb535f5688de72c014ead1a7169727f637c735c0a7
-  data.tar.gz: 0f12a08997bdba5a6996811f2713c6b68d7cca61de3835b712d4786f6f62c949b2fb930140e912d3a1852ed21458480ae79bab5e58e2d5253e95c86b0ec845a1
+  metadata.gz: 519d9de49800d7b2138bbf031c934dd39f00fb66ffa7e705ed8e37c2b939545ec2c6711c255441c92aedb48abb2942262662d223d9b1bad4542a5380d4c32906
+  data.tar.gz: aa05c2c3e4a959a0718496bee973d26a4c8461f1f3382c9e271acb3cb938ca4cf61b91058389aeea88e2d7dfd3ab9d3e1cc2d845d8cb998c1929170acbb51ddf

data/.circleci/config.yml

@@ -1,22 +1,15 @@
 version: 2
 jobs:
-  ruby-2.1:
+  ruby-2.4:
     docker:
-      - image: circleci/ruby:2.1.10
+      - image: circleci/ruby:2.4.4
     steps:
       - checkout
       - run: bundle
       - run: rake test
-  ruby-2.2:
+  ruby-2.5:
     docker:
-      - image: circleci/ruby:2.2.10
-    steps:
-      - checkout
-      - run: bundle
-      - run: rake test
-  ruby-2.3:
-    docker:
-      - image: circleci/ruby:2.3.7
+      - image: circleci/ruby:2.5.1
     steps:
       - checkout
       - run: bundle
@@ -25,6 +18,5 @@ workflows:
   version: 2
   rubies:
     jobs:
-      - ruby-2.1
-      - ruby-2.2
-      - ruby-2.3
+      - ruby-2.4
+      - ruby-2.5

data/Gemfile

@@ -1,3 +1,3 @@
-gemspec
+source 'https://rubygems.org'
 
-gem 'aead', git: 'https://github.com/Shopify/aead.git', ref: '340e7718d8bd9c1fcf3c443e32f439436ea2b70d'
+gemspec

data/Gemfile.lock

@@ -1,35 +1,24 @@
-GIT
-  remote: https://github.com/Shopify/aead.git
-  revision: 340e7718d8bd9c1fcf3c443e32f439436ea2b70d
-  ref: 340e7718d8bd9c1fcf3c443e32f439436ea2b70d
-  specs:
-    aead (1.8.2)
-      macaddr (~> 1)
-
 PATH
   remote: .
   specs:
-    gala (0.3.1)
-      aead (~> 1.8)
+    gala (0.3.2)
+      openssl (~> 2.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    macaddr (1.7.1)
-      systemu (~> 2.6.2)
     minitest (5.11.3)
-    rake (12.0.0)
-    systemu (2.6.5)
+    openssl (2.1.0)
+    rake (12.3.1)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  aead!
   bundler (~> 1.14)
   gala!
   minitest
   rake (~> 12.0)
 
 BUNDLED WITH
-   1.15.4
+   1.16.1

data/README.md

@@ -4,20 +4,23 @@ Named after the [Gala apple](http://en.wikipedia.org/wiki/Gala_(apple)), Gala is
 
 Gala is available under the MIT License.
 
+## Ruby support
+
+* For Ruby v2.3 and below, please use the [legacy-ruby branch](https://github.com/spreedly/gala/commits/legacy-ruby), or specify gala v0.3.2.
+* For Ruby >= 2.4, use the master branch or specify gala v0.4 and above
+
 ## Install
 
-Add both `gala` and `aead` to your `Gemfile`. Specifying `aead` is necessary to pull in the Shopify version of the library which has been updated to support Ruby versions 2.2 and above.
+Add `gala` to your `Gemfile`.
 
 ```ruby
-gem "gala", "~> 0.3.1"
-gem 'aead', git: 'https://github.com/Shopify/aead.git', ref: '340e7718d8bd9c1fcf3c443e32f439436ea2b70d'
+gem "gala", "~> 0.4.0"
 ```
 
 If you need to track a development branch or reference functionality not yet contained in the RubyGem release you can specify the gala repo directly.
 
 ```ruby
 gem "gala", git: "https://github.com/spreedly/gala.git", ref: :master
-gem 'aead', git: 'https://github.com/Shopify/aead.git', ref: '340e7718d8bd9c1fcf3c443e32f439436ea2b70d'
 ```
 
 Then `bundle install` to fetch Gala into your local environment.
@@ -91,6 +94,11 @@ $ rake release
 
 ## Changelog
 
+### v0.4.0
+
+* Remove unmaintained `aead` gem dependency
+* Rely on Ruby 2.4 openssl support for aes-256-gcm ciphers (and specifying the initialization vector length).
+
 ### v0.3.2
 
 * Setup CircleCI for more comprehensive Ruby version/compatibility testing

data/gala.gemspec

@@ -17,11 +17,11 @@ Gem::Specification.new do |spec|
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test)/}) }
   spec.test_files    = `git ls-files -- test/*`.split("\n")
   spec.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
-  spec.require_paths = ["lib"]
+  spec.require_paths = ['lib']
 
-  spec.required_ruby_version = ">= 1.8.7"
+  spec.required_ruby_version = '>= 2.4.0'
 
-  spec.add_runtime_dependency 'aead', '~> 1.8'
+  spec.add_runtime_dependency 'openssl', '~> 2.0'
 
   spec.add_development_dependency 'bundler', '~> 1.14'
   spec.add_development_dependency 'rake', '~> 12.0'

data/lib/gala/payment_token.rb

@@ -1,6 +1,5 @@
 require 'openssl'
 require 'base64'
-require 'aead'
 
 module Gala
   class PaymentToken
@@ -56,7 +55,7 @@ module Gala
         raise InvalidSignatureError, "Signature does not contain the correct custom OIDs." unless leaf_cert && intermediate_cert
 
         # Ensure that the root CA is the Apple Root CA - G3
-        root_cert = certificate = OpenSSL::X509::Certificate.new(APPLE_ROOT_CERT)
+        root_cert = OpenSSL::X509::Certificate.new(APPLE_ROOT_CERT)
 
         # Ensure that there is a valid X.509 chain of trust from the signature to the root CA
         raise InvalidSignatureError, "Unable to verify a valid chain of trust from signature to root certificate." unless chain_of_trust_verified?(leaf_cert, intermediate_cert, root_cert)
@@ -111,11 +110,26 @@ module Gala
       end
 
       def decrypt(encrypted_data, symmetric_key)
-        init_length = 16
-        init_vector = 0.chr * init_length
-        mode = ::AEAD::Cipher.new('aes-256-gcm')
-        cipher = mode.new(symmetric_key, iv_len: init_length)
-        cipher.decrypt(init_vector, '', encrypted_data)
+        # Initialization vector of 16 null bytes
+        iv_length = 16
+        # 0.chr => "\x00"
+        iv = 0.chr * iv_length
+
+        # Last 16 bytes (iv_length) of encrypted data
+        tag = encrypted_data[-iv_length..-1]
+        # Data without tag
+        encrypted_data = encrypted_data[0..(-iv_length - 1)]
+
+        cipher = OpenSSL::Cipher.new("aes-256-gcm").decrypt
+        cipher.key = symmetric_key
+        cipher.iv_len = iv_length
+        cipher.iv = iv
+
+        # Decipher without associated authentication data
+        cipher.auth_tag = tag
+        cipher.auth_data = ''
+
+        cipher.update(encrypted_data) + cipher.final
       end
     end
   end

data/lib/gala/version.rb

@@ -1,3 +1,3 @@
 module Gala
-  VERSION = "0.3.2" unless defined? Gala::VERSION
+  VERSION = "0.4.0" unless defined? Gala::VERSION
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gala
 version: !ruby/object:Gem::Version
-  version: 0.3.2
+  version: 0.4.0
 platform: ruby
 authors:
 - Mark Bennett
@@ -12,19 +12,19 @@ cert_chain: []
 date: 2018-05-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: aead
+  name: openssl
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -103,7 +103,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 1.8.7
+      version: 2.4.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -111,7 +111,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.5
+rubygems_version: 2.6.11
 signing_key: 
 specification_version: 4
 summary: Apple Pay payment token decryption library