porky_lib 0.6.0 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e9fc0377b60b55e6f387143be5826f6d07ec548168b22dca37eab9a083bff4df
4
- data.tar.gz: 2a4c7a8a622bf52d4789df58f1d4c4a2db0705dea5b6e4eb9790a84bbf97f37f
3
+ metadata.gz: 53ca6a913c5a5f9c9a71bb22032a31caecba2a460aff2e03fae6ac7fcfa93f54
4
+ data.tar.gz: '0978ad17a78ee37962a36d563ea08061f9e8d8ee84ec838c9e31295a27883764'
5
5
  SHA512:
6
- metadata.gz: 7969589afe6815aa4579759bc16946d549311c692b68aa8414dc4ffa8074a99de53b466a69dd42f500e9539185be112bdf7f4153db8053aa58be6da499e2755f
7
- data.tar.gz: 2494291f740c2ed15f3bdef5fa15a35a434e2b881d7262a077edfa1947505181656cd58bbc647b7efccce24fdce7e46b1fd4dbdc2957710d76c22a291d4cfe18
6
+ metadata.gz: f05acefd1344c4ca9003fe0388084709dd6bcb8bc21899c00cdc37dae0575a02dd16dec2e5d05de7f8ab7096fc8dc7676a8f759ff6a84f0bc328ad2567fd46e0
7
+ data.tar.gz: 9399aa25b56b4bfbbbfcb4904eab7a5609c67d6304c6803b3b14b101b03cceb4ddc4e56870e3106fcca2b691eda7163ab196396e63125fc1b7de176b974572c2
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- porky_lib (0.6.0)
4
+ porky_lib (0.6.1)
5
5
  aws-sdk-kms
6
6
  aws-sdk-s3
7
7
  msgpack
@@ -12,20 +12,20 @@ GEM
12
12
  remote: https://rubygems.org/
13
13
  specs:
14
14
  ast (2.4.0)
15
- aws-eventstream (1.0.2)
16
- aws-partitions (1.151.0)
17
- aws-sdk-core (3.48.4)
15
+ aws-eventstream (1.0.3)
16
+ aws-partitions (1.193.0)
17
+ aws-sdk-core (3.61.1)
18
18
  aws-eventstream (~> 1.0, >= 1.0.2)
19
19
  aws-partitions (~> 1.0)
20
20
  aws-sigv4 (~> 1.1)
21
21
  jmespath (~> 1.0)
22
- aws-sdk-kms (1.17.0)
23
- aws-sdk-core (~> 3, >= 3.48.2)
22
+ aws-sdk-kms (1.24.0)
23
+ aws-sdk-core (~> 3, >= 3.61.1)
24
24
  aws-sigv4 (~> 1.1)
25
- aws-sdk-s3 (1.36.1)
26
- aws-sdk-core (~> 3, >= 3.48.2)
25
+ aws-sdk-s3 (1.46.0)
26
+ aws-sdk-core (~> 3, >= 3.61.1)
27
27
  aws-sdk-kms (~> 1)
28
- aws-sigv4 (~> 1.0)
28
+ aws-sigv4 (~> 1.1)
29
29
  aws-sigv4 (1.1.0)
30
30
  aws-eventstream (~> 1.0, >= 1.0.2)
31
31
  bundler-audit (0.6.1)
@@ -37,17 +37,17 @@ GEM
37
37
  simplecov
38
38
  url
39
39
  diff-lcs (1.3)
40
- docile (1.3.1)
40
+ docile (1.3.2)
41
41
  ffi (1.10.0)
42
- jaro_winkler (1.5.2)
42
+ jaro_winkler (1.5.3)
43
43
  jmespath (1.4.0)
44
44
  json (2.2.0)
45
- msgpack (1.2.10)
45
+ msgpack (1.3.1)
46
46
  parallel (1.17.0)
47
47
  parser (2.6.3.0)
48
48
  ast (~> 2.4.0)
49
49
  rainbow (3.0.0)
50
- rake (12.3.2)
50
+ rake (12.3.3)
51
51
  rbnacl (5.0.0)
52
52
  ffi
53
53
  rbnacl-libsodium (1.0.16)
@@ -63,33 +63,33 @@ GEM
63
63
  rspec-expectations (3.8.2)
64
64
  diff-lcs (>= 1.2.0, < 2.0)
65
65
  rspec-support (~> 3.8.0)
66
- rspec-mocks (3.8.0)
66
+ rspec-mocks (3.8.1)
67
67
  diff-lcs (>= 1.2.0, < 2.0)
68
68
  rspec-support (~> 3.8.0)
69
- rspec-support (3.8.0)
69
+ rspec-support (3.8.2)
70
70
  rspec_junit_formatter (0.4.1)
71
71
  rspec-core (>= 2, < 4, != 2.12.0)
72
- rubocop (0.68.0)
72
+ rubocop (0.74.0)
73
73
  jaro_winkler (~> 1.5.1)
74
74
  parallel (~> 1.10)
75
- parser (>= 2.5, != 2.5.1.1)
75
+ parser (>= 2.6)
76
76
  rainbow (>= 2.2.2, < 4.0)
77
77
  ruby-progressbar (~> 1.7)
78
- unicode-display_width (>= 1.4.0, < 1.6)
79
- rubocop-performance (1.1.0)
80
- rubocop (>= 0.67.0)
81
- rubocop-rspec (1.32.0)
78
+ unicode-display_width (>= 1.4.0, < 1.7)
79
+ rubocop-performance (1.4.1)
80
+ rubocop (>= 0.71.0)
81
+ rubocop-rspec (1.35.0)
82
82
  rubocop (>= 0.60.0)
83
- rubocop_runner (2.1.0)
84
- ruby-progressbar (1.10.0)
85
- simplecov (0.16.1)
83
+ rubocop_runner (2.2.0)
84
+ ruby-progressbar (1.10.1)
85
+ simplecov (0.17.0)
86
86
  docile (~> 1.1)
87
87
  json (>= 1.8, < 3)
88
88
  simplecov-html (~> 0.10.0)
89
89
  simplecov-html (0.10.2)
90
90
  thor (0.20.3)
91
91
  timecop (0.9.1)
92
- unicode-display_width (1.5.0)
92
+ unicode-display_width (1.6.0)
93
93
  url (0.3.2)
94
94
 
95
95
  PLATFORMS
@@ -122,4 +122,4 @@ RUBY VERSION
122
122
  ruby 2.6.3p62
123
123
 
124
124
  BUNDLED WITH
125
- 2.0.1
125
+ 2.0.2
data/SECURITY.md ADDED
@@ -0,0 +1,5 @@
1
+ # Security Policy
2
+
3
+ ## Reporting a Vulnerability
4
+
5
+ For reporting confirmed or suspected vulnerabilities, please refer to https://www.arioplatform.com/security.
@@ -3,6 +3,7 @@
3
3
  require 'aws-sdk-kms'
4
4
  require 'rbnacl/libsodium'
5
5
  require 'singleton'
6
+ require 'benchmark'
6
7
 
7
8
  class PorkyLib::Symmetric
8
9
  include Singleton
@@ -110,7 +111,95 @@ class PorkyLib::Symmetric
110
111
  [message, should_reencrypt]
111
112
  end
112
113
 
114
+ def encrypt_with_benchmark(data, cmk_key_id, ciphertext_dek = nil, encryption_context = nil)
115
+ return if data.nil? || cmk_key_id.nil?
116
+
117
+ encryption_statistics = {}
118
+
119
+ # Generate a new data encryption key or decrypt existing key, if provided
120
+ if ciphertext_dek
121
+ plaintext_key = benchmark_block(encryption_statistics, :decrypt_key) do
122
+ decrypt_data_encryption_key(ciphertext_dek, encryption_context)
123
+ end
124
+
125
+ ciphertext_key = ciphertext_dek
126
+ else
127
+ plaintext_key, ciphertext_key = benchmark_block(encryption_statistics, :generate_key) do
128
+ generate_data_encryption_key(cmk_key_id, encryption_context)
129
+ end
130
+ end
131
+
132
+ nonce, ciphertext = benchmark_block(encryption_statistics, :encrypt) do
133
+ # Initialize the box
134
+ secret_box = RbNaCl::SecretBox.new(plaintext_key)
135
+
136
+ # First, make a nonce: A single-use value never repeated under the same key
137
+ # The nonce isn't secret, and can be sent with the ciphertext.
138
+ # The cipher instance has a nonce_bytes method for determining how many bytes should be in a nonce
139
+ nonce = RbNaCl::Random.random_bytes(secret_box.nonce_bytes)
140
+
141
+ # Encrypt a message with SecretBox
142
+ ciphertext = secret_box.encrypt(nonce, data)
143
+
144
+ [nonce, ciphertext]
145
+ end
146
+
147
+ benchmark_block(encryption_statistics, :clear_key) do
148
+ # Securely delete the plaintext value from memory
149
+ plaintext_key.replace(secure_delete_plaintext_key(plaintext_key.bytesize))
150
+ end
151
+
152
+ [ciphertext_key, ciphertext, nonce, encryption_statistics]
153
+ end
154
+
155
+ def decrypt_with_benchmark(ciphertext_dek, ciphertext, nonce, encryption_context = nil)
156
+ return if ciphertext.nil? || ciphertext_dek.nil? || nonce.nil?
157
+
158
+ encryption_statistics = {}
159
+
160
+ plaintext_key = benchmark_block(encryption_statistics, :decrypt_key) do
161
+ # Decrypt the data encryption key
162
+ decrypt_data_encryption_key(ciphertext_dek, encryption_context)
163
+ end
164
+
165
+ message, should_reencrypt = benchmark_block(encryption_statistics, :decrypt) do
166
+ secret_box = RbNaCl::SecretBox.new(plaintext_key)
167
+
168
+ should_reencrypt = false
169
+ begin
170
+ # Decrypt the message
171
+ message = secret_box.decrypt(nonce, ciphertext)
172
+ rescue RbNaCl::CryptoError
173
+ # For backwards compatibility due to a code error in a previous release
174
+ plaintext_key.replace(secure_delete_plaintext_key(plaintext_key.bytesize))
175
+ message = secret_box.decrypt(nonce, ciphertext)
176
+ should_reencrypt = true
177
+ end
178
+
179
+ [message, should_reencrypt, encryption_statistics]
180
+ end
181
+
182
+ benchmark_block(encryption_statistics, :clear_key) do
183
+ # Securely delete the plaintext value from memory
184
+ plaintext_key.replace(secure_delete_plaintext_key(plaintext_key.bytesize))
185
+ end
186
+
187
+ [message, should_reencrypt, encryption_statistics]
188
+ end
189
+
113
190
  def secure_delete_plaintext_key(length)
114
191
  "\0" * length
115
192
  end
193
+
194
+ private
195
+
196
+ def benchmark_block(statistics, stat_label)
197
+ results = nil
198
+
199
+ measurement = Benchmark.measure { results = yield }
200
+
201
+ statistics[stat_label] = measurement
202
+
203
+ results
204
+ end
116
205
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PorkyLib
4
- VERSION = "0.6.0"
4
+ VERSION = "0.6.1"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: porky_lib
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.0
4
+ version: 0.6.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Greg Fletcher
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-04-30 00:00:00.000000000 Z
11
+ date: 2019-08-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-kms
@@ -378,6 +378,7 @@ files:
378
378
  - Gemfile.lock
379
379
  - README.md
380
380
  - Rakefile
381
+ - SECURITY.md
381
382
  - bin/console
382
383
  - bin/setup
383
384
  - lib/porky_lib.rb