oroku_saki 1.1.0 → 1.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +10 -2
- data/ext/oroku_saki/oroku_saki.c +10 -4
- data/lib/oroku_saki.rb +1 -1
- data/lib/oroku_saki/version.rb +1 -1
- data/oroku_saki.gemspec +4 -3
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7a969ea2bfd10a3057470e5ddf1f8224b146070b
|
|
4
|
+
data.tar.gz: 993dc9431b14b241a4827d39e346d98bd049e8a7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 83631618395302ee122ff73b95cf94b9f236057a554058b230b2f877d0d8041495198353141cad20847d09687d12816f13d49863f72f08b8ac9a8a195fb535f6
|
|
7
|
+
data.tar.gz: 9b25c6035f28126972e0c3f89a3f9a34f2273987ae6a0660b6a51213667841a3b8f966c23f1fcd4560ff9c5db07eab6c2f47c763995deb746679fe3f93e8bda0
|
data/README.md
CHANGED
|
@@ -38,17 +38,25 @@ second_secret = 'another sekret'
|
|
|
38
38
|
second_secret.shred! # => "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000"
|
|
39
39
|
```
|
|
40
40
|
|
|
41
|
-
Setting a string to be shredded before garbage collection:
|
|
41
|
+
Setting a string to be shredded before garbage collection via a finalizer:
|
|
42
|
+
|
|
42
43
|
```ruby
|
|
43
44
|
my_secret = 'super sekret value!!!'
|
|
44
45
|
OrokuSaki.shred_later(my_secret) # => nil
|
|
45
46
|
puts my_secret # => "super sekret value!!!"
|
|
46
|
-
# A finalizer shreds the str just before it gets collected.
|
|
47
47
|
|
|
48
48
|
second_secret = 'another sekret'
|
|
49
49
|
second_scret.shred_later
|
|
50
50
|
```
|
|
51
51
|
|
|
52
|
+
Comparing Strings in constant time (nearly as fast as `==` for small inputs):
|
|
53
|
+
|
|
54
|
+
```ruby
|
|
55
|
+
hmac = '16b9b8ae8e164768d0505bcb16269efb35804643dd351084b3c6ebbc6f7db2c8'
|
|
56
|
+
other_hmac = '16b9b8ae8e164768d0505bcb16269efb35804643dd351084b3c6ebbc6f7db2c8'
|
|
57
|
+
OrokuSaki.secure_compare(hmac, other_hmac) #=> true
|
|
58
|
+
```
|
|
59
|
+
|
|
52
60
|
## Development
|
|
53
61
|
|
|
54
62
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
data/ext/oroku_saki/oroku_saki.c
CHANGED
|
@@ -39,9 +39,15 @@ int secure_compare(VALUE rb_str_a, VALUE rb_str_b) {
|
|
|
39
39
|
return (1 & ((d - 1) >> 8)) - 1;
|
|
40
40
|
}
|
|
41
41
|
|
|
42
|
-
/* The C implementation of
|
|
43
|
-
*
|
|
44
|
-
*
|
|
42
|
+
/* The C implementation of secure compare, don't use!
|
|
43
|
+
*
|
|
44
|
+
* The return type is a Fixnum to avoid certain optimizations that cause the
|
|
45
|
+
* branch predictor to potentially leak timing information.
|
|
46
|
+
*
|
|
47
|
+
* @param [String] rb_str_a
|
|
48
|
+
* @param [String] rb_str_b
|
|
49
|
+
* @return [Fixnum] Zero for success, other values for failure.
|
|
50
|
+
* @api private
|
|
45
51
|
*/
|
|
46
52
|
VALUE oroku_saki_secure_compare(VALUE rb_module, VALUE rb_str_a, VALUE rb_str_b) {
|
|
47
53
|
raise_unless_string(rb_str_a, "OrokuSaki.secure_compare");
|
|
@@ -60,7 +66,7 @@ VALUE oroku_saki_secure_compare(VALUE rb_module, VALUE rb_str_a, VALUE rb_str_b)
|
|
|
60
66
|
* it does not respect frozen states of strings so make sure you're actually
|
|
61
67
|
* done with the String before using this method.
|
|
62
68
|
*
|
|
63
|
-
* @param [String]
|
|
69
|
+
* @param [String] rb_str The string to be zeroed out.
|
|
64
70
|
* @raise [TypeError] When passed something other than a String
|
|
65
71
|
* @return [nil]
|
|
66
72
|
*/
|
data/lib/oroku_saki.rb
CHANGED
|
@@ -29,7 +29,7 @@ module OrokuSaki
|
|
|
29
29
|
raise TypeError,
|
|
30
30
|
"OrokuSaki.shred_later received #{str} (#{str.class}), expected String!"
|
|
31
31
|
end
|
|
32
|
-
ObjectSpace.define_finalizer(str, STRING_FINALIZER)
|
|
32
|
+
ObjectSpace.define_finalizer(str, STRING_FINALIZER) unless str.frozen?
|
|
33
33
|
str
|
|
34
34
|
end
|
|
35
35
|
|
data/lib/oroku_saki/version.rb
CHANGED
data/oroku_saki.gemspec
CHANGED
|
@@ -10,9 +10,10 @@ Gem::Specification.new do |spec|
|
|
|
10
10
|
spec.email = ["t.pickett66@gmail.com"]
|
|
11
11
|
|
|
12
12
|
spec.summary = %q{OrokuSaki, a.k.a. Shredder, is the destroyer of strings and attacker's worst nightmare!}
|
|
13
|
-
spec.description = "OrokuSaki, a.k.a. Shredder, is a small collection
|
|
14
|
-
"ensuring the strings used in cryptographic operations
|
|
15
|
-
"
|
|
13
|
+
spec.description = "OrokuSaki, a.k.a. Shredder, is a small collection of " \
|
|
14
|
+
"utilities for ensuring the strings used in cryptographic operations " \
|
|
15
|
+
"remain secret. This currently includes memory zeroing and constant time " \
|
|
16
|
+
"String comparisons."
|
|
16
17
|
spec.homepage = "https://github.com/tpickett66/oroku_saki"
|
|
17
18
|
spec.license = "MIT"
|
|
18
19
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oroku_saki
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tyler Pickett
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-05-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -94,9 +94,9 @@ dependencies:
|
|
|
94
94
|
- - "~>"
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
96
|
version: 0.8.7
|
|
97
|
-
description: OrokuSaki, a.k.a. Shredder, is a small collection for ensuring
|
|
98
|
-
used in cryptographic operations remain secret.
|
|
99
|
-
|
|
97
|
+
description: OrokuSaki, a.k.a. Shredder, is a small collection of utilities for ensuring
|
|
98
|
+
the strings used in cryptographic operations remain secret. This currently includes
|
|
99
|
+
memory zeroing and constant time String comparisons.
|
|
100
100
|
email:
|
|
101
101
|
- t.pickett66@gmail.com
|
|
102
102
|
executables: []
|