naoki 1.0.21 → 1.0.22

data/config/data_secure.yml

@@ -0,0 +1,14 @@
+data_secure_enabled: false
+properties_file: IngrianNAE.properties
+
+credentials:
+  document_store:
+    username: username
+    password: password
+    initialization_vector: "1234567890123456"
+    key_name: stg-new-test-key
+  account_number:
+    username: username
+    password: password
+    initialization_vector: "1234567890123456"
+    key_name: stg-new-test-key

data/lib/data_secure_wrapper.rb

@@ -19,6 +19,8 @@ else
 
   require 'ffi'
 
+  #
+  # This code is deprecated, please use Naoki::DataSecure moving forward.
   module DataSecureWrapper
     extend FFI::Library
     LIB_ICAPI_FILE = `uname -m`.match(/x86_64/) ? 'libICAPI_64.so' : 'libICAPI_32.so'

data/lib/naoki/data_secure.rb

@@ -3,34 +3,10 @@
 # NB: this class is not thread-safe.  Create an instance for each thread.
 module Naoki
   class DataSecure
-    @enabled = if File.exist?("config/data_secure.yml")
-      YAML.load(File.read("config/data_secure.yml"))['data_secure_enabled']
-    end
-
-    if !(`uname -s`.strip =~ /Linux/ && @enabled)
-
-      def self.init(file); end
-      def close; end
-
-      def encrypt_stream(input, out)
-        out.write("ENC")
-        count = 0
-        while block = input.read(4096)
-          count += block.size
-          out.write(block)
-        end
-        [count, count + 3]
-      end
-
-      def decrypt_stream(input, out)
-        val = input.read(3)
-        raise ArgumentError, "Invalid encrypted data (#{val})" if val != 'ENC'
-        count = IO.copy_stream(input, out)
-        [count + 3, count]
-      end
 
-    else
+    @Linux = `uname -s`.strip =~ /linux/i
 
+    if @Linux
       require 'ffi'
       extend FFI::Library
       LIB_ICAPI_FILE = `uname -m`.match(/x86_64/) ? 'libICAPI_64.so' : 'libICAPI_32.so'
@@ -60,115 +36,206 @@ module Naoki
       attach_function 'I_C_CryptFinal', [:pointer,:pointer,:pointer,:pointer], :int
       @blocking = true
       attach_function 'I_C_CryptUpdate', [:pointer, :pointer, :pointer, :uint, :pointer, :pointer], :int
+    end
+
+    DEFAULTS = {
+      'algorithm' => 'AES/CBC/PKCS5Padding',
+    }
+
+    MAX_SAFENET_BLOCK_SIZE = 31000
+    MAX_OUTPUT_BLOCK_SIZE = 32000
 
-      DEFAULTS = {
-        :algorithm => 'AES/CBC/PKCS5Padding',
-        :key_name => 'stg-new-test-key',
-        :initialization_vector => '1234567890123456',
-      }
+    def initialize(credential_to_use, data_secure_yml)
+      options = data_secure_yml
+      credential_to_use = credential_to_use.to_s
+      @live = self.class.init(options['data_secure_enabled'], options['properties_file'])
 
-      MAX_SAFENET_BLOCK_SIZE = 31000
-      MAX_OUTPUT_BLOCK_SIZE = 32000
+      if live?
+        @options = DEFAULTS.merge(data_secure_yml['credentials'][credential_to_use])
 
-      def initialize(key_to_use = :account_number, options={})
-        @options = DEFAULTS.merge(options.symbolize_keys)
-        #check { I_C_Initialize(I_T_Init_File, @options[:properties_file]) }
         @session_pointer = FFI::MemoryPointer.new :pointer
-        check { I_C_OpenSession(@session_pointer, I_T_Auth_Password, @options[:username], @options[:password]) }
+        check { I_C_OpenSession(@session_pointer, I_T_Auth_Password, @options['username'], @options['password']) }
         @cipherspec_pointer = FFI::MemoryPointer.new :pointer
-        check { I_C_CreateCipherSpec(@options[:algorithm], @options[:keys][key_to_use.to_s], @cipherspec_pointer) }
+        check { I_C_CreateCipherSpec(@options['algorithm'], @options['key_name'], @cipherspec_pointer) }
       end
+    end
 
-      def self.init(file)
-        check { I_C_Initialize(I_T_Init_File, file) }
-      end
+    def self.init(enabled, file)
+      return false unless file && enabled && @Linux
+      return true if @initialized
+      check { I_C_Initialize(I_T_Init_File, file) }
+      @initialized = true
+      true
+    end
 
-      def close
-        I_C_CloseSession(@session_pointer.get_pointer(0)) if @session_pointer
-      end
+    def close
+      return unless live?
+      check { I_C_DeleteCipherSpec(@cipherspec_pointer.get_pointer(0)) } if @cipherspec_pointer
+      @cipherspec_pointer = nil
+      I_C_CloseSession(@session_pointer.get_pointer(0)) if @session_pointer
+      @session_pointer = nil
+    end
 
-      def encrypt_stream(input_io, output_io)
-        transform_stream(I_T_Operation_Encrypt, input_io, output_io)
-      end
+    def encrypt_stream(input_io, output_io)
+      return dummy_encrypt_stream(input_io, output_io) unless live?
+      transform_stream(I_T_Operation_Encrypt, input_io, output_io)
+    end
 
-      def decrypt_stream(input_io, output_io)
-        transform_stream(I_T_Operation_Decrypt, input_io, output_io)
-      end
+    def decrypt_stream(input_io, output_io)
+      return dummy_decrypt_stream(input_io, output_io) unless live?
+      transform_stream(I_T_Operation_Decrypt, input_io, output_io)
+    end
 
-      private
+    def encrypt(plain_text)
+      return dummy_encrypt(plain_text) unless live?
+      transform(I_T_Operation_Encrypt, plain_text) do |transform_data_length_pointer|
+        check do
+          I_C_CalculateEncipheredSizeForKey(
+            @session_pointer.get_pointer(0),
+            @cipherspec_pointer.get_pointer(0),
+            I_T_Operation_Encrypt,
+            plain_text.length,
+            transform_data_length_pointer)
+        end
+      end
+    end
 
-      def transform_stream(op, input_io, output_io)
-        current_state = FFI::MemoryPointer.new :pointer
+    def decrypt(text)
+      return dummy_decrypt(text) unless live?
+      transform(I_T_Operation_Decrypt, text) do |transform_data_length_pointer|
         check do
-          I_C_CryptInit(
+          I_C_CalculateOutputSizeForKey(
             @session_pointer.get_pointer(0),
             @cipherspec_pointer.get_pointer(0),
-            op,
-            @options[:initialization_vector],
-            @options[:initialization_vector].length,
-            current_state)
+            I_T_Operation_Decrypt,
+            text.length,
+            transform_data_length_pointer)
         end
+      end
+    end
 
-        done = false
-        read_size = 0
-        wrote_size = 0
-        output_data = FFI::MemoryPointer.new :pointer, MAX_OUTPUT_BLOCK_SIZE
-        output_data_length_pointer = FFI::MemoryPointer.new :pointer
-
-        loop do
-          output_data_length_pointer.write_uint(MAX_OUTPUT_BLOCK_SIZE)
-
-          data = input_io.read(MAX_SAFENET_BLOCK_SIZE)
-          if !data || data.size == 0
-
-            check do
-              I_C_CryptFinal(
-                @session_pointer.get_pointer(0),
-                current_state.get_pointer(0),
-                output_data,
-                output_data_length_pointer)
-            end
-            done = true
-
-          elsif data.size <= MAX_SAFENET_BLOCK_SIZE
-            read_size += data.size
-            check do
-              I_C_CryptUpdate(
-                @session_pointer.get_pointer(0),
-                current_state.get_pointer(0),
-                data,
-                data.size,
-                output_data,
-                output_data_length_pointer)
-            end
-
-          else
-            raise "DataSecure, how did we get here? #{data}"
-          end
+    private
 
-          outsize = output_data_length_pointer.read_uint
-          enc_data = output_data.get_bytes(0, outsize)
-          wrote_size += output_io.write(enc_data)
-          break if done
-        end
+    def live?
+      @live
+    end
+
+    def dummy_encrypt(input)
+      "encrypted string"
+    end
+
+    def dummy_decrypt(input)
+      "decrypted string"
+    end
+
+    def dummy_encrypt_stream(input, out)
+      out.write("ENC")
+      count = 0
+      while block = input.read(4096)
+        count += block.size
+        out.write(block)
+      end
+      [count, count + 3]
+    end
+
+    def dummy_decrypt_stream(input, out)
+      val = input.read(3)
+      raise ArgumentError, "Invalid encrypted data (#{val})" if val != 'ENC'
+      count = IO.copy_stream(input, out)
+      [count + 3, count]
+    end
+
+    def transform(op, text)
+      yield(transform_data_length_pointer = FFI::MemoryPointer.new(:uint))
+
+      transform_data = FFI::MemoryPointer.new :char, transform_data_length_pointer.read_uint
 
-        [read_size, wrote_size]
+      check { I_C_Crypt(
+        @session_pointer.get_pointer(0),
+        @cipherspec_pointer.get_pointer(0),
+        op,
+        @options['initialization_vector'],
+        @options['initialization_vector'].length,
+        text,
+        text.length,
+        transform_data,
+        transform_data_length_pointer
+      ) }
+
+      transform_data.read_string(transform_data_length_pointer.read_uint)
+    end
+
+    def transform_stream(op, input_io, output_io)
+      current_state = FFI::MemoryPointer.new :pointer
+      check do
+        I_C_CryptInit(
+          @session_pointer.get_pointer(0),
+          @cipherspec_pointer.get_pointer(0),
+          op,
+          @options['initialization_vector'],
+          @options['initialization_vector'].length,
+          current_state)
       end
 
-      def check
-        return_code = yield
-        if return_code != I_E_OK
-          I_C_DeleteCipherSpec(@cipherspec_pointer.get_pointer(0)) if @cipherspec_pointer
-          @cipherspec_pointer = nil
-          raise I_C_GetErrorString(return_code)
+      done = false
+      read_size = 0
+      wrote_size = 0
+      output_data = FFI::MemoryPointer.new :pointer, MAX_OUTPUT_BLOCK_SIZE
+      output_data_length_pointer = FFI::MemoryPointer.new :pointer
+
+      loop do
+        output_data_length_pointer.write_uint(MAX_OUTPUT_BLOCK_SIZE)
+
+        data = input_io.read(MAX_SAFENET_BLOCK_SIZE)
+        if !data || data.size == 0
+
+          check do
+            I_C_CryptFinal(
+              @session_pointer.get_pointer(0),
+              current_state.get_pointer(0),
+              output_data,
+              output_data_length_pointer)
+          end
+          done = true
+
+        elsif data.size <= MAX_SAFENET_BLOCK_SIZE
+          read_size += data.size
+          check do
+            I_C_CryptUpdate(
+              @session_pointer.get_pointer(0),
+              current_state.get_pointer(0),
+              data,
+              data.size,
+              output_data,
+              output_data_length_pointer)
+          end
+
+        else
+          raise "DataSecure, how did we get here? #{data}"
         end
+
+        outsize = output_data_length_pointer.read_uint
+        enc_data = output_data.get_bytes(0, outsize)
+        wrote_size += output_io.write(enc_data)
+        break if done
       end
 
-      def self.check(&block)
-        return_code = yield
-        raise I_C_GetErrorString(return_code) if return_code != I_E_OK
+      [read_size, wrote_size]
+    end
+
+    def check
+      return_code = yield
+      if return_code != I_E_OK
+        I_C_DeleteCipherSpec(@cipherspec_pointer.get_pointer(0)) if @cipherspec_pointer
+        @cipherspec_pointer = nil
+        raise I_C_GetErrorString(return_code)
       end
+    end
 
+    def self.check(&block)
+      return_code = yield
+      raise I_C_GetErrorString(return_code) if return_code != I_E_OK
     end
+
   end
 end

data/naoki.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = "naoki"
-  s.version = "1.0.21"
+  s.version = "1.0.22"
   s.platform = Gem::Platform::RUBY
   s.homepage = ""
   s.summary = "C bindings for SafeNet DataSecure ICAPI"

data/test/helper.rb

@@ -1,23 +1,4 @@
+require 'yaml'
 require 'minitest/unit'
 require 'naoki'
-require '~/naoki_config'
-
-def one_time_setup
-  user_name = SAFENET_CONFIG[:username]
-  password =  SAFENET_CONFIG[:password]
-  algorithm = SAFENET_CONFIG[:algorithm]
-  key_name =  SAFENET_CONFIG[:key_name] # versioned key
-  initialization_vector = SAFENET_CONFIG[:initialization_vector]
-
-  properties_file = 'IngrianNAE.properties'
-
-  DataSecureWrapper.configure(properties_file)
-  DataSecureWrapper.open(user_name, password)
-
-  at_exit do
-    DataSecureWrapper.close
-  end
-end
-one_time_setup
-
 require 'minitest/autorun'

data/test/test_data_secure.rb

@@ -0,0 +1,53 @@
+require 'helper'
+require 'stringio'
+
+class TestDataSecure < MiniTest::Unit::TestCase
+  def setup
+    @data_secure = Naoki::DataSecure.new(:account_number, config_file)
+  end
+
+  def teardown
+    @data_secure.close
+    @data_secure = nil
+  end
+
+  def test_hello_world
+    expected = 'hello world!'
+    encrypted_data = @data_secure.encrypt(expected)
+    decrypted_data = @data_secure.decrypt(encrypted_data)
+    assert(expected == decrypted_data || "decrypted string" == decrypted_data)
+  end
+
+  def test_documents
+    13.times do |idx|
+      str = '01234567'*(1 << idx)
+      encrypt_and_decrypt(str.size, StringIO.new(str))
+    end
+  end
+
+  private
+
+  def encrypt_and_decrypt(size, unencrypted)
+    encrypted = StringIO.new
+    unencrypted_size = unencrypted.size
+
+    (read_bytes, written_bytes) = @data_secure.encrypt_stream(unencrypted, encrypted)
+
+    assert_equal unencrypted_size, read_bytes
+    assert(read_bytes < written_bytes)
+
+    encrypted.rewind
+
+    decrypted = StringIO.new
+    (read_bytes, written_bytes) = @data_secure.decrypt_stream(encrypted, decrypted)
+
+    unencrypted.rewind
+    decrypted.rewind
+    assert(read_bytes > written_bytes)
+    assert_equal(unencrypted.read, decrypted.read)
+  end
+
+  def config_file
+    YAML.load(File.read('config/data_secure.yml'))
+  end
+end

metadata

@@ -2,7 +2,7 @@
 name: naoki
 version: !ruby/object:Gem::Version 
   prerelease: 
-  version: 1.0.21
+  version: 1.0.22
 platform: ruby
 authors: 
 - Chris Apolzon
@@ -11,7 +11,8 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-06-21 00:00:00 Z
+date: 2011-06-21 00:00:00 -07:00
+default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: ffi
@@ -38,6 +39,7 @@ files:
 - .rvmrc
 - Gemfile
 - Rakefile
+- config/data_secure.yml
 - lib/data_secure_wrapper.rb
 - lib/libICAPI_32.so
 - lib/libICAPI_64.so
@@ -46,7 +48,8 @@ files:
 - naoki.gemspec
 - sample.rb
 - test/helper.rb
-- test/test_data_secure_wrapper.rb
+- test/test_data_secure.rb
+has_rdoc: true
 homepage: ""
 licenses: []
 
@@ -70,7 +73,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.7.2
+rubygems_version: 1.5.2
 signing_key: 
 specification_version: 3
 summary: C bindings for SafeNet DataSecure ICAPI

data/test/test_data_secure_wrapper.rb

@@ -1,53 +0,0 @@
-require 'helper'
-require 'stringio'
-
-class TestDataSecureWrapper < MiniTest::Unit::TestCase
-
-  def test_hello_world
-    expected = 'hello world!'
-    encrypted_data = encrypt(expected)
-    decrypted_data = decrypt(encrypted_data)
-    assert(expected == decrypted_data || "decrypted_string" == decrypted_data)
-  end
-
-  def test_documents
-    ds = Naoki::DataSecure.new(:document_store, SAFENET_CONFIG)
-
-    15.times do |idx|
-      str = '01234567'*(1 << idx)
-      encrypt_and_decrypt(ds, str.size, StringIO.new(str))
-    end
-  ensure
-    ds.close
-  end
-
-  private
-
-  def encrypt_and_decrypt(ds, size, unencrypted)
-    encrypted = StringIO.new
-    unencrypted_size = unencrypted.size
-
-    (read_bytes, written_bytes) = ds.encrypt_stream(unencrypted, encrypted)
-
-    assert_equal unencrypted_size, read_bytes
-    assert(read_bytes < written_bytes)
-
-    encrypted.rewind
-
-    decrypted = StringIO.new
-    (read_bytes, written_bytes) = ds.decrypt_stream(encrypted, decrypted)
-
-    unencrypted.rewind
-    decrypted.rewind
-    assert(read_bytes > written_bytes)
-    assert_equal(unencrypted.read, decrypted.read)
-  end
-
-  def decrypt(data)
-    DataSecureWrapper.decrypt(SAFENET_CONFIG[:algorithm], SAFENET_CONFIG[:key_name], SAFENET_CONFIG[:initialization_vector], data)
-  end
-
-  def encrypt(data)
-    DataSecureWrapper.encrypt(SAFENET_CONFIG[:algorithm], SAFENET_CONFIG[:key_name], SAFENET_CONFIG[:initialization_vector], data)
-  end
-end