porky_lib 0.2.2 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 7879d7909e1917a068bba6b5307da171c85f6113
4
- data.tar.gz: a179366a0d21510f4c6174f0cf16693336ed1fed
3
+ metadata.gz: 19b718381824aafedef703480921fd9fe899e626
4
+ data.tar.gz: b64260ec8053b525a43d069892ca2e54da7f99b6
5
5
  SHA512:
6
- metadata.gz: 4253b66c677db7697f3b4208135e2c5983feb9e4d4cbbe43e407be7c4930f895359ed1164e5fb485cba46fb948fb2beebf50a62c29571e4810df166b25cb7b5b
7
- data.tar.gz: '008a054f3e78c95948d31730c1c48b8ef0a7bdbcbd0c4300652e190a6be871926513e79721ceb44f520af5a557ecf120e611ce52334ef91f8bea3827bb9e59ba'
6
+ metadata.gz: cfcf429664d82469a425401afbf5b6d149ec71ef942b9c88b3c5b9a588c2731ae5f5945e4fb17f23ec9332858e40acaf4a23bff5dbda3e546b657cc6f585f119
7
+ data.tar.gz: e8ce54df309f48201fc36c7835673c80e9d438a9d88c1474cc56bc57a9dc973f2bd7885b0ba70d84bb2ff1b401566f4fe43ebce5d37e67971dd5b8a02999675f
data/CODEOWNERS ADDED
@@ -0,0 +1,15 @@
1
+ # For help consult: https://help.github.com/articles/about-codeowners/
2
+
3
+ # Lines starting with '#' are comments.
4
+ # Each line is a file pattern followed by one or more owners.
5
+
6
+ # These owners will be the default owners for everything in the repo.
7
+ * @Zetatango/security
8
+
9
+ # Order is important. The last matching pattern has the most precedence.
10
+ # So if a pull request only touches javascript files, only these owners
11
+ # will be requested to review.
12
+ # *.js @octocat @github/js
13
+
14
+ # You can also use email addresses if you prefer.
15
+ # docs/* docs@example.com
data/Gemfile.lock CHANGED
@@ -1,10 +1,11 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- porky_lib (0.2.2)
4
+ porky_lib (0.3.0)
5
5
  aws-sdk-kms
6
6
  aws-sdk-s3
7
7
  msgpack
8
+ rbnacl (= 5.0.0)
8
9
  rbnacl-libsodium
9
10
 
10
11
  GEM
@@ -12,17 +13,17 @@ GEM
12
13
  specs:
13
14
  ast (2.4.0)
14
15
  aws-eventstream (1.0.1)
15
- aws-partitions (1.104.0)
16
- aws-sdk-core (3.27.0)
16
+ aws-partitions (1.115.0)
17
+ aws-sdk-core (3.39.0)
17
18
  aws-eventstream (~> 1.0)
18
19
  aws-partitions (~> 1.0)
19
20
  aws-sigv4 (~> 1.0)
20
21
  jmespath (~> 1.0)
21
- aws-sdk-kms (1.9.0)
22
- aws-sdk-core (~> 3, >= 3.26.0)
22
+ aws-sdk-kms (1.12.0)
23
+ aws-sdk-core (~> 3, >= 3.39.0)
23
24
  aws-sigv4 (~> 1.0)
24
- aws-sdk-s3 (1.20.0)
25
- aws-sdk-core (~> 3, >= 3.26.0)
25
+ aws-sdk-s3 (1.25.0)
26
+ aws-sdk-core (~> 3, >= 3.39.0)
26
27
  aws-sdk-kms (~> 1)
27
28
  aws-sigv4 (~> 1.0)
28
29
  aws-sigv4 (1.0.3)
@@ -42,7 +43,7 @@ GEM
42
43
  json (2.1.0)
43
44
  msgpack (1.2.4)
44
45
  parallel (1.12.1)
45
- parser (2.5.1.2)
46
+ parser (2.5.3.0)
46
47
  ast (~> 2.4.0)
47
48
  powerpack (0.1.2)
48
49
  rainbow (3.0.0)
@@ -68,14 +69,14 @@ GEM
68
69
  rspec-support (3.8.0)
69
70
  rspec_junit_formatter (0.4.1)
70
71
  rspec-core (>= 2, < 4, != 2.12.0)
71
- rubocop (0.59.1)
72
+ rubocop (0.60.0)
72
73
  jaro_winkler (~> 1.5.1)
73
74
  parallel (~> 1.10)
74
75
  parser (>= 2.5, != 2.5.1.1)
75
76
  powerpack (~> 0.1)
76
77
  rainbow (>= 2.2.2, < 4.0)
77
78
  ruby-progressbar (~> 1.7)
78
- unicode-display_width (~> 1.0, >= 1.0.1)
79
+ unicode-display_width (~> 1.4.0)
79
80
  rubocop-rspec (1.29.1)
80
81
  rubocop (>= 0.58.0)
81
82
  rubocop_runner (2.1.0)
@@ -111,4 +112,4 @@ DEPENDENCIES
111
112
  timecop
112
113
 
113
114
  BUNDLED WITH
114
- 1.16.2
115
+ 1.17.1
data/README.md CHANGED
@@ -1,4 +1,4 @@
1
- [![CircleCI](https://circleci.com/gh/Zetatango/porky_lib.svg?style=svg&circle-token=f1a41896097b814585e5042a8e38425b4d1cdc0b)](https://circleci.com/gh/Zetatango/porky_lib) [![codecov](https://codecov.io/gh/Zetatango/porky_lib/branch/master/graph/badge.svg?token=WxED9350q4)](https://codecov.io/gh/Zetatango/porky_lib)
1
+ [![CircleCI](https://circleci.com/gh/Zetatango/porky_lib.svg?style=svg&circle-token=f1a41896097b814585e5042a8e38425b4d1cdc0b)](https://circleci.com/gh/Zetatango/porky_lib) [![codecov](https://codecov.io/gh/Zetatango/porky_lib/branch/master/graph/badge.svg?token=WxED9350q4)](https://codecov.io/gh/Zetatango/porky_lib) [![Gem Version](https://badge.fury.io/rb/porky_lib.svg)](https://badge.fury.io/rb/porky_lib)
2
2
 
3
3
  # PorkyLib
4
4
 
@@ -51,13 +51,14 @@ class PorkyLib::Symmetric
51
51
  resp = client.generate_data_key(key_id: cmk_key_id, key_spec: SYMMETRIC_KEY_SPEC, encryption_context: encryption_context) if encryption_context
52
52
  resp = client.generate_data_key(key_id: cmk_key_id, key_spec: SYMMETRIC_KEY_SPEC) unless encryption_context
53
53
 
54
- [resp.to_h[:plaintext], resp.to_h[:ciphertext_blob]]
54
+ [resp.plaintext, resp.ciphertext_blob]
55
55
  end
56
56
 
57
57
  def decrypt_data_encryption_key(ciphertext_key, encryption_context = nil)
58
- return client.decrypt(ciphertext_blob: ciphertext_key, encryption_context: encryption_context).to_h[:plaintext] if encryption_context
58
+ return client.decrypt(ciphertext_blob: ciphertext_key, encryption_context: encryption_context).plaintext if encryption_context
59
59
 
60
- client.decrypt(ciphertext_blob: ciphertext_key).to_h[:plaintext]
60
+ resp = client.decrypt(ciphertext_blob: ciphertext_key)
61
+ resp.plaintext
61
62
  end
62
63
 
63
64
  def encrypt(data, cmk_key_id, ciphertext_dek = nil, encryption_context = nil)
@@ -71,9 +72,6 @@ class PorkyLib::Symmetric
71
72
  # Initialize the box
72
73
  secret_box = RbNaCl::SecretBox.new(plaintext_key)
73
74
 
74
- # Securely delete the plaintext value from memory
75
- plaintext_key.replace(secure_delete_plaintext_key(plaintext_key.bytesize))
76
-
77
75
  # First, make a nonce: A single-use value never repeated under the same key
78
76
  # The nonce isn't secret, and can be sent with the ciphertext.
79
77
  # The cipher instance has a nonce_bytes method for determining how many bytes should be in a nonce
@@ -81,6 +79,10 @@ class PorkyLib::Symmetric
81
79
 
82
80
  # Encrypt a message with SecretBox
83
81
  ciphertext = secret_box.encrypt(nonce, data)
82
+
83
+ # Securely delete the plaintext value from memory
84
+ plaintext_key.replace(secure_delete_plaintext_key(plaintext_key.bytesize))
85
+
84
86
  [ciphertext_key, ciphertext, nonce]
85
87
  end
86
88
 
@@ -89,13 +91,23 @@ class PorkyLib::Symmetric
89
91
 
90
92
  # Decrypt the data encryption key
91
93
  plaintext_key = decrypt_data_encryption_key(ciphertext_dek, encryption_context)
92
-
93
94
  secret_box = RbNaCl::SecretBox.new(plaintext_key)
94
95
 
96
+ should_reencrypt = false
97
+ begin
98
+ # Decrypt the message
99
+ message = secret_box.decrypt(nonce, ciphertext)
100
+ rescue RbNaCl::CryptoError
101
+ # For backwards compatibility due to a code error in a previous release
102
+ plaintext_key.replace(secure_delete_plaintext_key(plaintext_key.bytesize))
103
+ message = secret_box.decrypt(nonce, ciphertext)
104
+ should_reencrypt = true
105
+ end
106
+
95
107
  # Securely delete the plaintext value from memory
96
108
  plaintext_key.replace(secure_delete_plaintext_key(plaintext_key.bytesize))
97
109
 
98
- secret_box.decrypt(nonce, ciphertext)
110
+ [message, should_reencrypt]
99
111
  end
100
112
 
101
113
  def secure_delete_plaintext_key(length)
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PorkyLib
4
- VERSION = "0.2.2"
4
+ VERSION = "0.3.0"
5
5
  end
data/porky_lib.gemspec CHANGED
@@ -38,5 +38,6 @@ Gem::Specification.new do |spec|
38
38
  spec.add_dependency 'aws-sdk-kms'
39
39
  spec.add_dependency 'aws-sdk-s3'
40
40
  spec.add_dependency 'msgpack'
41
+ spec.add_dependency 'rbnacl', '=5.0.0'
41
42
  spec.add_dependency 'rbnacl-libsodium'
42
43
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: porky_lib
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.2
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Greg Fletcher
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-09-28 00:00:00.000000000 Z
11
+ date: 2018-11-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -248,6 +248,20 @@ dependencies:
248
248
  - - ">="
249
249
  - !ruby/object:Gem::Version
250
250
  version: '0'
251
+ - !ruby/object:Gem::Dependency
252
+ name: rbnacl
253
+ requirement: !ruby/object:Gem::Requirement
254
+ requirements:
255
+ - - '='
256
+ - !ruby/object:Gem::Version
257
+ version: 5.0.0
258
+ type: :runtime
259
+ prerelease: false
260
+ version_requirements: !ruby/object:Gem::Requirement
261
+ requirements:
262
+ - - '='
263
+ - !ruby/object:Gem::Version
264
+ version: 5.0.0
251
265
  - !ruby/object:Gem::Dependency
252
266
  name: rbnacl-libsodium
253
267
  requirement: !ruby/object:Gem::Requirement
@@ -274,6 +288,7 @@ files:
274
288
  - ".gitignore"
275
289
  - ".rspec"
276
290
  - ".rubocop.yml"
291
+ - CODEOWNERS
277
292
  - Gemfile
278
293
  - Gemfile.lock
279
294
  - README.md