pubnub 5.2.1 → 5.3.0

data/lib/pubnub/modules/crypto/cryptor_header.rb

@@ -0,0 +1,251 @@
+module Pubnub
+  module Crypto
+    # Cryptor data header.
+    #
+    # This instance used to parse header from received data and encode into
+    # binary for sending.
+    class CryptorHeader
+      module Versions
+        # Currently used cryptor data header schema version.
+        CURRENT_VERSION = 1
+
+        # Base class for cryptor data schema.
+        class CryptorHeaderData
+          # Cryptor header version.
+          #
+          # @return [Integer] Cryptor header version.
+          def version
+            raise NotImplementedError, 'Subclass should provide "version" method implementation.'
+          end
+
+          # Cryptor identifier.
+          #
+          # @return [String] Identifier of the cryptor which has been used to
+          #   encrypt data.
+          def identifier
+            raise NotImplementedError, 'Subclass should provide "identifier" method implementation.'
+          end
+
+          # Cryptor-defined data size.
+          #
+          # @return [Integer] Cryptor-defined data size.
+          def data_size
+            raise NotImplementedError, 'Subclass should provide "data_size" method implementation.'
+          end
+        end
+
+        # v1 cryptor header schema.
+        #
+        # This header consists of:
+        # * sentinel (4 bytes)
+        # * version (1 byte)
+        # * cryptor identifier (4 bytes)
+        # * cryptor data size (1 byte if less than 255 and 3 bytes in other cases)
+        # * cryptor-defined data
+        class CryptorHeaderV1Data < CryptorHeaderData
+          # Identifier of the cryptor which has been used to encrypt data.
+          #
+          # @return [String] Identifier of the cryptor which has been used to
+          #   encrypt data.
+          attr_reader :identifier
+
+          # Cryptor-defined data size.
+          #
+          # @return [Integer] Cryptor-defined data size.
+          attr_reader :data_size
+
+          # Create cryptor header data.
+          #
+          # @param identifier [String] Identifier of the cryptor which has been
+          #   used to encrypt data.
+          # @param data_size [Integer] Cryptor-defined data size.
+          def initialize(identifier, data_size)
+            @identifier = identifier
+            @data_size = data_size
+          end
+
+          def version
+            1
+          end
+        end
+      end
+
+      # Create cryptor header.
+      #
+      # @param identifier [String] Identifier of the cryptor which has been used
+      #   to encrypt data.
+      # @param metadata [String, nil] Cryptor-defined information.
+      def initialize(identifier = nil, metadata = nil)
+        @data = if identifier && identifier != '\x00\x00\x00\x00'
+                  Versions::CryptorHeaderV1Data.new(
+                    identifier.to_s,
+                    metadata&.length || 0
+                  )
+                end
+      end
+
+      # Parse cryptor header data to create instance.
+      #
+      # @param data [String] Data which <i>may</i> contain cryptor header
+      #   information.
+      # @return [CryptorHeader, nil] Header instance or <i>nil</i> in case of
+      #   encrypted data parse error.
+      #
+      # @raise [ArgumentError] Raise an exception if <i>data</i> is <i>nil</i>
+      #   or empty.
+      # @raise [UnknownCryptorError] Raise an exception if, during cryptor
+      #   header data parsing, an unknown cryptor header version is encountered.
+      def self.parse(data)
+        if data.nil? || data.empty?
+          raise ArgumentError, {
+            message: '\'data\' is required and should not be empty.'
+          }
+        end
+
+        # Data is too short to be encrypted. Assume legacy cryptor without
+        # header.
+        return CryptorHeader.new if data.length < 4 || data.unpack('A4').last != 'PNED'
+
+        # Malformed crypto header.
+        return nil if data.length < 10
+
+        # Unpack header bytes.
+        _, version, identifier, data_size = data.unpack('A4 C A4 C')
+
+        # Check whether version is within known range.
+        if version > current_version
+          raise UnknownCryptorError, {
+            message: 'Decrypting data created by unknown cryptor.'
+          }
+        end
+
+        if data_size == 255
+          data_size = data.unpack('A4 C A4 C n').last if data.length >= 12
+          return CryptorHeader.new if data.length < 12
+        end
+
+        header = CryptorHeader.new
+        header.send(
+          :update_header_data,
+          create_header_data(version.to_i, identifier.to_s, data_size.to_i)
+        )
+        header
+      end
+
+      # Overall header size.
+      #
+      # Full header size which includes:
+      # * sentinel
+      # * version
+      # * cryptor identifier
+      # * cryptor data size
+      # * cryptor-defined fields size.
+      def length
+        # Legacy payload doesn't have header.
+        return 0 if @data.nil?
+
+        9 + (data_size < 255 ? 1 : 3)
+      end
+
+      # Crypto header version Version module.
+      #
+      # @return [Integer] One of known versions from Version module.
+      def version
+        header_data&.version || 0
+      end
+
+      # Identifier of the cryptor which has been used to encrypt data.
+      #
+      # @return [String, nil] Identifier of the cryptor which has been used to
+      #   encrypt data.
+      def identifier
+        header_data&.identifier || nil
+      end
+
+      # Cryptor-defined information size.
+      #
+      # @return [Integer] Cryptor-defined information size.
+      def data_size
+        header_data&.data_size || 0
+      end
+
+      # Create cryptor header data object.
+      #
+      # @param version [Integer] Cryptor header data schema version.
+      # @param identifier [String] Encrypting cryptor identifier.
+      # @param size [Integer] Cryptor-defined data size
+      # @return [Versions::CryptorHeaderData] Cryptor header data.
+      def self.create_header_data(version, identifier, size)
+        Versions::CryptorHeaderV1Data.new(identifier, size) if version == 1
+      end
+
+      # Crypto header which is currently used to encrypt data.
+      #
+      # @return [Integer] Current cryptor header version.
+      def self.current_version
+        Versions::CURRENT_VERSION
+      end
+
+      # Serialize cryptor header.
+      #
+      # @return [String] Cryptor header data, which is serialized as a binary
+      #   string.
+      #
+      # @raise [ArgumentError] Raise an exception if a <i>cryptor</i> identifier
+      #   is not provided for a non-legacy <i>cryptor</i>.
+      def to_s
+        # We don't need to serialize header for legacy cryptor.
+        return '' if version.zero?
+
+        cryptor_identifier = identifier
+        if cryptor_identifier.nil? || cryptor_identifier.empty?
+          raise ArgumentError, {
+            message: '\'identifier\' is missing or empty.'
+          }
+        end
+
+        header_bytes = ['PNED', version, cryptor_identifier]
+        if data_size < 255
+          header_bytes.push(data_size)
+        else
+          header_bytes.push(255, data_size)
+        end
+
+        header_bytes.pack(data_size < 255 ? 'A4 C A4 C' : 'A4 C A4 C n')
+      end
+
+      private
+
+      # Versioned cryptor header data
+      #
+      # @return [Versions::CryptorHeaderData, nil] Cryptor header data.
+      def header_data
+        @data
+      end
+
+      # Update crypto header version.
+      #
+      # @param data [Versions::CryptorHeaderData] Header version number parsed from binary data.
+      def update_header_data(data)
+        @data = data
+      end
+
+      # Update crypto header version.
+      #
+      # @param value [Integer] Header version number parsed from binary data.
+      def update_version(value)
+        @version = value
+      end
+
+      # Update cryptor-defined data size.
+      #
+      # @param value [Integer] Cryptor-defined data size parsed from binary
+      #   data.
+      def update_data_size(value)
+        @data_size = value
+      end
+
+      private_class_method :create_header_data, :current_version
+    end
+  end
+end

data/lib/pubnub/modules/crypto/cryptors/aes_cbc_cryptor.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module Pubnub
+  module Crypto
+    # AES-256-CBC cryptor.
+    #
+    # The cryptor provides _encryption_ and _decryption_ using <i>AES-256</i> in
+    # <i>CBC</i> mode with a cipher key and random initialization vector.
+    # When it is registered as a secondary with other cryptors, it will provide
+    # backward compatibility with previously encrypted data.
+    class AesCbcCryptor < Cryptor
+      # AES-128 CBC block size.
+      BLOCK_SIZE = 16
+
+      # Create AES-256-CBC cryptor instance.
+      #
+      # @param cipher_key [String] Key for data <i>encryption</i> and
+      #   <i>decryption</i>.
+      def initialize(cipher_key)
+        @cipher_key = Digest::SHA256.digest(cipher_key)
+        @alg = 'AES-256-CBC'
+        super()
+      end
+
+      def identifier
+        'ACRH'
+      end
+
+      def encrypt(data)
+        if data.nil? || data.empty?
+          puts 'Pubnub :: ENCRYPTION ERROR: Empty data for encryption'
+          return nil
+        end
+
+        iv = OpenSSL::Random.random_bytes BLOCK_SIZE
+        cipher = OpenSSL::Cipher.new(@alg).encrypt
+        cipher.key = @cipher_key
+        cipher.iv = iv
+
+        encoded_message = cipher.update data
+        encoded_message << cipher.final
+        Crypto::EncryptedData.new(encoded_message, iv)
+      rescue StandardError => e
+        puts "Pubnub :: ENCRYPTION ERROR: #{e}"
+        nil
+      end
+
+      def decrypt(data)
+        if data.metadata.length != BLOCK_SIZE
+          puts "Pubnub :: DECRYPTION ERROR: Unexpected initialization vector length:
+#{data.metadata.length} bytes (#{BLOCK_SIZE} bytes is expected)"
+          return nil
+        end
+
+        cipher = OpenSSL::Cipher.new(@alg).decrypt
+        cipher.key = @cipher_key
+        cipher.iv = data.metadata
+
+        decrypted = cipher.update data.data
+        decrypted << cipher.final
+      rescue StandardError => e
+        puts "Pubnub :: DECRYPTION ERROR: #{e}"
+        nil
+      end
+    end
+  end
+end

data/lib/pubnub/modules/crypto/cryptors/legacy_cryptor.rb

@@ -0,0 +1,84 @@
+module Pubnub
+  module Crypto
+    # Legacy cryptor.
+    #
+    # The cryptor provides _encryption_ and _decryption_ using <i>`AES-256</i> in
+    # <i>CBC</i> mode with a cipher key and configurable initialization vector
+    # randomness.
+    # When it is registered as a secondary with other cryptors, it will provide
+    # backward compatibility with previously encrypted data.
+    #
+    # <b>Important</b>: It has been reported that the digest from cipherKey has
+    # low entropy, and it is suggested to use <i>AesCbcCryptor</i> instead.
+    class LegacyCryptor < Cryptor
+      # AES-128 CBC block size.
+      BLOCK_SIZE = 16
+
+      # Create legacy cryptor instance.
+      #
+      # @param cipher_key [String] Key for data <i>encryption</i> and
+      #   <i>decryption</i>.
+      # @param use_random_iv [Boolean] Whether random IV should be used.
+      def initialize(cipher_key, use_random_iv = true)
+        @alg = 'AES-256-CBC'
+        @original_cipher_key = cipher_key
+        @cipher_key = Digest::SHA256.hexdigest(cipher_key.to_s).slice(0, 32)
+        @iv = use_random_iv ? nil : '0123456789012345'
+        super()
+      end
+
+      def identifier
+        '\x00\x00\x00\x00'
+      end
+
+      def encrypt(data)
+        if data.nil? || data.empty?
+          puts 'Pubnub :: ENCRYPTION ERROR: Empty data for encryption'
+          return nil
+        end
+
+        iv = @iv || OpenSSL::Random.random_bytes(BLOCK_SIZE)
+        cipher = OpenSSL::Cipher.new(@alg).encrypt
+        cipher.key = @cipher_key
+        cipher.iv = iv
+
+        encoded_message = ''
+        encoded_message << iv if @iv.nil? && iv
+        encoded_message << cipher.update(data)
+        encoded_message << cipher.final
+        Crypto::EncryptedData.new(encoded_message)
+      rescue StandardError => e
+        puts "Pubnub :: ENCRYPTION ERROR: #{e}"
+        nil
+      end
+
+      def decrypt(data)
+        encrypted_data = data.data
+        iv = if @iv.nil? && encrypted_data.length >= BLOCK_SIZE
+               encrypted_data.slice!(0..(BLOCK_SIZE - 1)) if encrypted_data.length >= BLOCK_SIZE
+             else
+               @iv
+             end
+        if iv.length != BLOCK_SIZE
+          puts "Pubnub :: DECRYPTION ERROR: Unexpected initialization vector length: #{data.metadata.length} bytes (#{BLOCK_SIZE} bytes is expected)"
+          return nil
+        end
+
+        unless encrypted_data.length.positive?
+          puts 'Pubnub :: DECRYPTION ERROR: Empty data for decryption'
+          return nil
+        end
+
+        cipher = OpenSSL::Cipher.new(@alg).decrypt
+        cipher.key = @cipher_key
+        cipher.iv = iv
+
+        decrypted = cipher.update encrypted_data
+        decrypted << cipher.final
+      rescue StandardError => e
+        puts "Pubnub :: DECRYPTION ERROR: #{e}"
+        nil
+      end
+    end
+  end
+end

data/lib/pubnub/modules/crypto/module.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require 'pubnub/modules/crypto/cryptor'
+require 'pubnub/modules/crypto/cryptors/aes_cbc_cryptor'
+require 'pubnub/modules/crypto/cryptors/legacy_cryptor'
+require 'pubnub/modules/crypto/crypto_provider'
+require 'pubnub/modules/crypto/cryptor_header'
+require 'pubnub/modules/crypto/crypto_module'

data/lib/pubnub/subscribe_event/formatter.rb

@@ -33,13 +33,12 @@ module Pubnub
       end
 
       def decipher_payload(message)
-        return message[:payload] if message[:channel].end_with?('-pnpres') || (@app.env[:cipher_key].nil? && @cipher_key.nil? && @cipher_key_selector.nil? && @env[:cipher_key_selector].nil?)
-        data = message.reject { |k, _v| k == :payload }
-        cipher_key = compute_cipher_key(data)
-        random_iv = compute_random_iv(data)
-        crypto = Pubnub::Crypto.new(cipher_key, random_iv)
-        JSON.parse(crypto.decrypt(message[:payload]), quirks_mode: true)
-      rescue StandardError
+        # TODO: Uncomment code below when cryptor implementations will be added.
+        return message[:payload] if message[:channel].end_with?('-pnpres') || crypto_module.nil?
+
+        encrypted_message = Base64.decode64(message[:payload])
+        JSON.parse(crypto_module.decrypt(encrypted_message), quirks_mode: true)
+      rescue StandardError, UnknownCryptorError
         message[:payload]
       end
 
@@ -51,7 +50,8 @@ module Pubnub
         # STATUS
         envelopes = if messages.empty?
                       [plain_envelope(req_res_objects, timetoken)]
-                    else # RESULT
+                    else
+                      # RESULT
                       messages.map do |message|
                         encrypted_envelope(req_res_objects, message, timetoken)
                       end

data/lib/pubnub/version.rb

@@ -1,4 +1,4 @@
 # Toplevel Pubnub module.
 module Pubnub
-  VERSION = '5.2.1'.freeze
+  VERSION = '5.3.0'.freeze
 end

data/pubnub.gemspec

@@ -9,8 +9,8 @@ Gem::Specification.new do |spec|
   spec.email = ['support@pubnub.com']
   spec.summary = 'PubNub Official Ruby gem.'
   spec.description = 'Ruby anywhere in the world in 250ms with PubNub!'
-  spec.homepage = 'http://github.com/pubnub/ruby'
-  spec.license = 'MIT'
+  spec.homepage = 'https://github.com/pubnub/ruby'
+  spec.licenses = %w[MIT LicenseRef-LICENSE]
 
   spec.files = `git ls-files -z`.split("\x0").grep_v(/^(test|spec|fixtures)/)
   spec.executables = spec.files.grep(%r{^bin\/}) { |f| File.basename(f) }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pubnub
 version: !ruby/object:Gem::Version
-  version: 5.2.1
+  version: 5.3.0
 platform: ruby
 authors:
 - PubNub
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-12-13 00:00:00.000000000 Z
+date: 2023-10-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -143,7 +143,7 @@ files:
 - CHANGELOG.md
 - Gemfile
 - Gemfile.lock
-- LICENSE.txt
+- LICENSE
 - Pubnub Ruby SDK upgrade guide.md
 - README.md
 - Rakefile
@@ -151,6 +151,8 @@ files:
 - config/cucumber.yml
 - docs.md
 - features/step_definitions/access_steps.rb
+- features/step_definitions/crypto_steps.rb
+- features/support/cryptor.rb
 - features/support/env.rb
 - features/support/helper.rb
 - features/support/hooks.rb
@@ -171,7 +173,6 @@ files:
 - lib/pubnub/client/paged_history.rb
 - lib/pubnub/configuration.rb
 - lib/pubnub/constants.rb
-- lib/pubnub/crypto.rb
 - lib/pubnub/envelope.rb
 - lib/pubnub/error.rb
 - lib/pubnub/error_envelope.rb
@@ -222,6 +223,13 @@ files:
 - lib/pubnub/format.rb
 - lib/pubnub/formatter.rb
 - lib/pubnub/heart.rb
+- lib/pubnub/modules/crypto/crypto_module.rb
+- lib/pubnub/modules/crypto/crypto_provider.rb
+- lib/pubnub/modules/crypto/cryptor.rb
+- lib/pubnub/modules/crypto/cryptor_header.rb
+- lib/pubnub/modules/crypto/cryptors/aes_cbc_cryptor.rb
+- lib/pubnub/modules/crypto/cryptors/legacy_cryptor.rb
+- lib/pubnub/modules/crypto/module.rb
 - lib/pubnub/origin_manager.rb
 - lib/pubnub/pam.rb
 - lib/pubnub/schemas/envelope_schema.rb
@@ -281,9 +289,10 @@ files:
 - lib/pubnub/validators/where_now.rb
 - lib/pubnub/version.rb
 - pubnub.gemspec
-homepage: http://github.com/pubnub/ruby
+homepage: https://github.com/pubnub/ruby
 licenses:
 - MIT
+- LicenseRef-LICENSE
 metadata: {}
 post_install_message: 
 rdoc_options: []
@@ -306,6 +315,8 @@ specification_version: 4
 summary: PubNub Official Ruby gem.
 test_files:
 - features/step_definitions/access_steps.rb
+- features/step_definitions/crypto_steps.rb
+- features/support/cryptor.rb
 - features/support/env.rb
 - features/support/helper.rb
 - features/support/hooks.rb

data/LICENSE.txt

@@ -1,30 +0,0 @@
-PubNub Real-time Cloud-Hosted Push API and Push Notification Client Frameworks
-Copyright (c) 2013-2014 PubNub Inc.
-http://www.pubnub.com/
-http://www.pubnub.com/terms
-
-MIT License
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-PubNub Real-time Cloud-Hosted Push API and Push Notification Client Frameworks
-Copyright (c) 2013-2014 PubNub Inc.
-http://www.pubnub.com/
-http://www.pubnub.com/terms

data/lib/pubnub/crypto.rb

@@ -1,70 +0,0 @@
-# Toplevel Pubnub module.
-module Pubnub
-  # Internal Crypto class used for message encryption and decryption
-  class Crypto
-    def initialize(cipher_key, use_random_iv)
-      @alg = 'AES-256-CBC'
-      sha256_key = Digest::SHA256.hexdigest(cipher_key.to_s)
-      @key = sha256_key.slice(0, 32)
-      @using_random_iv = use_random_iv
-      @iv = @using_random_iv == true ? random_iv : '0123456789012345'
-    end
-
-    def encrypt(message)
-      aes = OpenSSL::Cipher.new(@alg)
-      aes.encrypt
-      aes.key = @key
-      aes.iv = @iv
-
-      json_message = message.to_json
-      cipher = @using_random_iv == true ? @iv : ''
-      cipher << aes.update(json_message)
-      cipher << aes.final
-
-      Base64.strict_encode64(cipher)
-    end
-
-    def decrypt(cipher_text)
-      undecoded_text = Base64.decode64(cipher_text)
-      iv = @iv
-
-      if cipher_text.length > 16 && @using_random_iv == true
-        iv = undecoded_text.slice!(0..15)
-      end
-
-      decode_cipher = OpenSSL::Cipher.new(@alg).decrypt
-      decode_cipher.key = @key
-      decode_cipher.iv = iv
-
-      plain_text = decryption(undecoded_text, decode_cipher)
-      load_json(plain_text)
-
-      Pubnub.logger.debug('Pubnub') { 'Finished decrypting' }
-
-      plain_text
-    end
-
-    private
-
-    def decryption(cipher_text, decode_cipher)
-      plain_text = decode_cipher.update(cipher_text)
-      plain_text << decode_cipher.final
-    rescue StandardError => e
-      Pubnub.error('Pubnub') { "DECRYPTION ERROR #{e}" }
-      '"DECRYPTION ERROR"'
-    end
-
-    def load_json(plain_text)
-      JSON.load(plain_text)
-    rescue JSON::ParserError
-      JSON.load("[#{plain_text}]")[0]
-    end
-
-    private
-
-    def random_iv
-      random_bytes = Random.new.bytes(16).unpack('NnnnnN')
-      format('%08x%04x%04x', *random_bytes)
-    end
-  end
-end