pubnub 5.2.2 → 5.3.1

data/lib/pubnub/modules/crypto/cryptors/aes_cbc_cryptor.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module Pubnub
+  module Crypto
+    # AES-256-CBC cryptor.
+    #
+    # The cryptor provides _encryption_ and _decryption_ using <i>AES-256</i> in
+    # <i>CBC</i> mode with a cipher key and random initialization vector.
+    # When it is registered as a secondary with other cryptors, it will provide
+    # backward compatibility with previously encrypted data.
+    class AesCbcCryptor < Cryptor
+      # AES-128 CBC block size.
+      BLOCK_SIZE = 16
+
+      # Create AES-256-CBC cryptor instance.
+      #
+      # @param cipher_key [String] Key for data <i>encryption</i> and
+      #   <i>decryption</i>.
+      def initialize(cipher_key)
+        @cipher_key = Digest::SHA256.digest(cipher_key)
+        @alg = 'AES-256-CBC'
+        super()
+      end
+
+      def identifier
+        'ACRH'
+      end
+
+      def encrypt(data)
+        if data.nil? || data.empty?
+          puts 'Pubnub :: ENCRYPTION ERROR: Empty data for encryption'
+          return nil
+        end
+
+        iv = OpenSSL::Random.random_bytes BLOCK_SIZE
+        cipher = OpenSSL::Cipher.new(@alg).encrypt
+        cipher.key = @cipher_key
+        cipher.iv = iv
+
+        encoded_message = cipher.update data
+        encoded_message << cipher.final
+        Crypto::EncryptedData.new(encoded_message, iv)
+      rescue StandardError => e
+        puts "Pubnub :: ENCRYPTION ERROR: #{e}"
+        nil
+      end
+
+      def decrypt(data)
+        if data.metadata.length != BLOCK_SIZE
+          puts "Pubnub :: DECRYPTION ERROR: Unexpected initialization vector length:
+#{data.metadata.length} bytes (#{BLOCK_SIZE} bytes is expected)"
+          return nil
+        end
+
+        cipher = OpenSSL::Cipher.new(@alg).decrypt
+        cipher.key = @cipher_key
+        cipher.iv = data.metadata
+
+        decrypted = cipher.update data.data
+        decrypted << cipher.final
+      rescue StandardError => e
+        puts "Pubnub :: DECRYPTION ERROR: #{e}"
+        nil
+      end
+    end
+  end
+end

data/lib/pubnub/modules/crypto/cryptors/legacy_cryptor.rb

@@ -0,0 +1,84 @@
+module Pubnub
+  module Crypto
+    # Legacy cryptor.
+    #
+    # The cryptor provides _encryption_ and _decryption_ using <i>`AES-256</i> in
+    # <i>CBC</i> mode with a cipher key and configurable initialization vector
+    # randomness.
+    # When it is registered as a secondary with other cryptors, it will provide
+    # backward compatibility with previously encrypted data.
+    #
+    # <b>Important</b>: It has been reported that the digest from cipherKey has
+    # low entropy, and it is suggested to use <i>AesCbcCryptor</i> instead.
+    class LegacyCryptor < Cryptor
+      # AES-128 CBC block size.
+      BLOCK_SIZE = 16
+
+      # Create legacy cryptor instance.
+      #
+      # @param cipher_key [String] Key for data <i>encryption</i> and
+      #   <i>decryption</i>.
+      # @param use_random_iv [Boolean] Whether random IV should be used.
+      def initialize(cipher_key, use_random_iv = true)
+        @alg = 'AES-256-CBC'
+        @original_cipher_key = cipher_key
+        @cipher_key = Digest::SHA256.hexdigest(cipher_key.to_s).slice(0, 32)
+        @iv = use_random_iv ? nil : '0123456789012345'
+        super()
+      end
+
+      def identifier
+        '\x00\x00\x00\x00'
+      end
+
+      def encrypt(data)
+        if data.nil? || data.empty?
+          puts 'Pubnub :: ENCRYPTION ERROR: Empty data for encryption'
+          return nil
+        end
+
+        iv = @iv || OpenSSL::Random.random_bytes(BLOCK_SIZE)
+        cipher = OpenSSL::Cipher.new(@alg).encrypt
+        cipher.key = @cipher_key
+        cipher.iv = iv
+
+        encoded_message = ''
+        encoded_message << iv if @iv.nil? && iv
+        encoded_message << cipher.update(data)
+        encoded_message << cipher.final
+        Crypto::EncryptedData.new(encoded_message)
+      rescue StandardError => e
+        puts "Pubnub :: ENCRYPTION ERROR: #{e}"
+        nil
+      end
+
+      def decrypt(data)
+        encrypted_data = data.data
+        iv = if @iv.nil? && encrypted_data.length >= BLOCK_SIZE
+               encrypted_data.slice!(0..(BLOCK_SIZE - 1)) if encrypted_data.length >= BLOCK_SIZE
+             else
+               @iv
+             end
+        if iv.length != BLOCK_SIZE
+          puts "Pubnub :: DECRYPTION ERROR: Unexpected initialization vector length: #{data.metadata.length} bytes (#{BLOCK_SIZE} bytes is expected)"
+          return nil
+        end
+
+        unless encrypted_data.length.positive?
+          puts 'Pubnub :: DECRYPTION ERROR: Empty data for decryption'
+          return nil
+        end
+
+        cipher = OpenSSL::Cipher.new(@alg).decrypt
+        cipher.key = @cipher_key
+        cipher.iv = iv
+
+        decrypted = cipher.update encrypted_data
+        decrypted << cipher.final
+      rescue StandardError => e
+        puts "Pubnub :: DECRYPTION ERROR: #{e}"
+        nil
+      end
+    end
+  end
+end

data/lib/pubnub/modules/crypto/module.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require 'pubnub/modules/crypto/cryptor'
+require 'pubnub/modules/crypto/cryptors/aes_cbc_cryptor'
+require 'pubnub/modules/crypto/cryptors/legacy_cryptor'
+require 'pubnub/modules/crypto/crypto_provider'
+require 'pubnub/modules/crypto/cryptor_header'
+require 'pubnub/modules/crypto/crypto_module'

data/lib/pubnub/subscribe_event/formatter.rb

@@ -33,13 +33,12 @@ module Pubnub
       end
 
       def decipher_payload(message)
-        return message[:payload] if message[:channel].end_with?('-pnpres') || (@app.env[:cipher_key].nil? && @cipher_key.nil? && @cipher_key_selector.nil? && @env[:cipher_key_selector].nil?)
-        data = message.reject { |k, _v| k == :payload }
-        cipher_key = compute_cipher_key(data)
-        random_iv = compute_random_iv(data)
-        crypto = Pubnub::Crypto.new(cipher_key, random_iv)
-        JSON.parse(crypto.decrypt(message[:payload]), quirks_mode: true)
-      rescue StandardError
+        # TODO: Uncomment code below when cryptor implementations will be added.
+        return message[:payload] if message[:channel].end_with?('-pnpres') || crypto_module.nil?
+
+        encrypted_message = Base64.decode64(message[:payload])
+        JSON.parse(crypto_module.decrypt(encrypted_message), quirks_mode: true)
+      rescue StandardError, UnknownCryptorError
         message[:payload]
       end
 
@@ -51,7 +50,8 @@ module Pubnub
         # STATUS
         envelopes = if messages.empty?
                       [plain_envelope(req_res_objects, timetoken)]
-                    else # RESULT
+                    else
+                      # RESULT
                       messages.map do |message|
                         encrypted_envelope(req_res_objects, message, timetoken)
                       end

data/lib/pubnub/version.rb

@@ -1,4 +1,4 @@
 # Toplevel Pubnub module.
 module Pubnub
-  VERSION = '5.2.2'.freeze
+  VERSION = '5.3.1'.freeze
 end

data/pubnub.gemspec

@@ -9,8 +9,8 @@ Gem::Specification.new do |spec|
   spec.email = ['support@pubnub.com']
   spec.summary = 'PubNub Official Ruby gem.'
   spec.description = 'Ruby anywhere in the world in 250ms with PubNub!'
-  spec.homepage = 'http://github.com/pubnub/ruby'
-  spec.license = 'MIT'
+  spec.homepage = 'https://github.com/pubnub/ruby'
+  spec.licenses = ['LicenseRef-LICENSE.txt']
 
   spec.files = `git ls-files -z`.split("\x0").grep_v(/^(test|spec|fixtures)/)
   spec.executables = spec.files.grep(%r{^bin\/}) { |f| File.basename(f) }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pubnub
 version: !ruby/object:Gem::Version
-  version: 5.2.2
+  version: 5.3.1
 platform: ruby
 authors:
 - PubNub
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-03-15 00:00:00.000000000 Z
+date: 2023-11-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -151,6 +151,8 @@ files:
 - config/cucumber.yml
 - docs.md
 - features/step_definitions/access_steps.rb
+- features/step_definitions/crypto_steps.rb
+- features/support/cryptor.rb
 - features/support/env.rb
 - features/support/helper.rb
 - features/support/hooks.rb
@@ -171,7 +173,6 @@ files:
 - lib/pubnub/client/paged_history.rb
 - lib/pubnub/configuration.rb
 - lib/pubnub/constants.rb
-- lib/pubnub/crypto.rb
 - lib/pubnub/envelope.rb
 - lib/pubnub/error.rb
 - lib/pubnub/error_envelope.rb
@@ -222,6 +223,13 @@ files:
 - lib/pubnub/format.rb
 - lib/pubnub/formatter.rb
 - lib/pubnub/heart.rb
+- lib/pubnub/modules/crypto/crypto_module.rb
+- lib/pubnub/modules/crypto/crypto_provider.rb
+- lib/pubnub/modules/crypto/cryptor.rb
+- lib/pubnub/modules/crypto/cryptor_header.rb
+- lib/pubnub/modules/crypto/cryptors/aes_cbc_cryptor.rb
+- lib/pubnub/modules/crypto/cryptors/legacy_cryptor.rb
+- lib/pubnub/modules/crypto/module.rb
 - lib/pubnub/origin_manager.rb
 - lib/pubnub/pam.rb
 - lib/pubnub/schemas/envelope_schema.rb
@@ -281,9 +289,9 @@ files:
 - lib/pubnub/validators/where_now.rb
 - lib/pubnub/version.rb
 - pubnub.gemspec
-homepage: http://github.com/pubnub/ruby
+homepage: https://github.com/pubnub/ruby
 licenses:
-- MIT
+- LicenseRef-LICENSE.txt
 metadata: {}
 post_install_message: 
 rdoc_options: []
@@ -306,6 +314,8 @@ specification_version: 4
 summary: PubNub Official Ruby gem.
 test_files:
 - features/step_definitions/access_steps.rb
+- features/step_definitions/crypto_steps.rb
+- features/support/cryptor.rb
 - features/support/env.rb
 - features/support/helper.rb
 - features/support/hooks.rb

data/lib/pubnub/crypto.rb

@@ -1,70 +0,0 @@
-# Toplevel Pubnub module.
-module Pubnub
-  # Internal Crypto class used for message encryption and decryption
-  class Crypto
-    def initialize(cipher_key, use_random_iv)
-      @alg = 'AES-256-CBC'
-      sha256_key = Digest::SHA256.hexdigest(cipher_key.to_s)
-      @key = sha256_key.slice(0, 32)
-      @using_random_iv = use_random_iv
-      @iv = @using_random_iv == true ? random_iv : '0123456789012345'
-    end
-
-    def encrypt(message)
-      aes = OpenSSL::Cipher.new(@alg)
-      aes.encrypt
-      aes.key = @key
-      aes.iv = @iv
-
-      json_message = message.to_json
-      cipher = @using_random_iv == true ? @iv : ''
-      cipher << aes.update(json_message)
-      cipher << aes.final
-
-      Base64.strict_encode64(cipher)
-    end
-
-    def decrypt(cipher_text)
-      undecoded_text = Base64.decode64(cipher_text)
-      iv = @iv
-
-      if cipher_text.length > 16 && @using_random_iv == true
-        iv = undecoded_text.slice!(0..15)
-      end
-
-      decode_cipher = OpenSSL::Cipher.new(@alg).decrypt
-      decode_cipher.key = @key
-      decode_cipher.iv = iv
-
-      plain_text = decryption(undecoded_text, decode_cipher)
-      load_json(plain_text)
-
-      Pubnub.logger.debug('Pubnub') { 'Finished decrypting' }
-
-      plain_text
-    end
-
-    private
-
-    def decryption(cipher_text, decode_cipher)
-      plain_text = decode_cipher.update(cipher_text)
-      plain_text << decode_cipher.final
-    rescue StandardError => e
-      Pubnub.error('Pubnub') { "DECRYPTION ERROR #{e}" }
-      '"DECRYPTION ERROR"'
-    end
-
-    def load_json(plain_text)
-      JSON.load(plain_text)
-    rescue JSON::ParserError
-      JSON.load("[#{plain_text}]")[0]
-    end
-
-    private
-
-    def random_iv
-      random_bytes = Random.new.bytes(16).unpack('NnnnnN')
-      format('%08x%04x%04x', *random_bytes)
-    end
-  end
-end