RubyGems - security_client - Versions diffs - 0.1.0 → 0.1.5 - Mend

security_client 0.1.0 → 0.1.5

Files changed (6) hide show

checksums.yaml +4 -4
data/README.md +61 -1
data/lib/security_client.rb +163 -167
data/lib/security_client/version.rb +1 -1
data/security_client.gemspec +1 -1
metadata +3 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 055b4ebf4046542527af7b8df744c592ff0921a8e5d08af6f470e2e72c96c8c2
-  data.tar.gz: 694fa499f049beaae0480892cb2b2bc0100f1e22fed3eb94ab80c250b026d1a0
+  metadata.gz: 25ec3c95ad9fa1853fed49499126461b7872bb04688a677239ec8c1ad6963e5a
+  data.tar.gz: 61975e25115a99c7be9469d08c2ab9543e2923fd9155e657973eee62dba4846a
 SHA512:
-  metadata.gz: 0cb89ec2fca2a529d4a75c39505efcaefd6fd2b1716ec435cc206e56d7b7d03bd8f67b1437295c936147425d062afd6c0422ae5ba2854aefa4da31f01ff476e9
-  data.tar.gz: 1e6dc6e527eb4d63796d96f000f37245d5b83cf19a7eb9d72c26c955a797099889138d7f1178492a012ba4a5a9915188b58ccfdfda8db09ccb1ea810a94ff7c1
+  metadata.gz: 371bddc6ede995b027bc0f4933b7352a660ed74875f9bbd5b3059cc65c728fdf5935ea6667c203e78f8f4f5602e3c5ea840eb6bcb881fd5f9226627d4a628f48
+  data.tar.gz: 92a9a1a0951cf8c78082795fd597817bc9e46f6f35d2d47a2fa715e2ab3c189fd4e3771aba5d825b261c6fc4d0cc03086929d8f5c64eac6304ddd36ffba82096

data/README.md CHANGED

@@ -22,7 +22,67 @@ Or install it yourself as:
 ## Usage
-TODO: Write usage instructions here
+```ruby
+  # Initialize the Client
+  client = SecurityClient::Voltron.new(
+    access_key_id: 'Your access key',
+    secret_signing_key: 'Your secret signing key',
+    secret_crypto_access_key: 'Your secret crypto access key',
+    host: 'Your host'
+  )
+  # Simple Encryption
+  encrypted_result = client.encrypt(
+    uses: 'Key Uses',
+    data: 'Data to be encrypted'
+  )
+  # Simple Decryption
+  original_data = client.decrypt(
+    data: 'Encrypted Data'
+  )
+  # Piecewise Encryption
+    # Get your credentials ready
+    credentials = OpenStruct.new(
+      access_key_id: 'Your access key',
+      secret_signing_key: 'Your secret signing key',
+      secret_crypto_access_key: 'Your secret crypto access key',
+      host: 'Your host'
+    )
+    # Build the encryption object
+    enc = SecurityClient::Encryption.new(credentials, uses)
+    # Begin the encryption
+    enc.begin()
+    # Update the cipher with the raw data, can be supplied directly or in chunks
+    enc.update(data)
+    # End the encryption
+    enc.end()
+    # Reset the encryption object to initial state and cleanup the memory in use
+    enc.close()
+  # Piecewise Decryption
+    # Get your credentials ready
+    credentials = OpenStruct.new(
+      access_key_id: 'Your access key',
+      secret_signing_key: 'Your secret signing key',
+      secret_crypto_access_key: 'Your secret crypto access key',
+      host: 'Your host'
+    )
+    # Build the decryption object
+    dec = SecurityClient::Decryption.new(credentials)
+    # Begin the decryption
+    dec.begin()
+    # Update the cipher with the raw data, can be supplied directly or in chunks
+    dec.update(data)
+    # End the decryption
+    dec.end()
+    # Reset the decryption object to initial state and cleanup the memory in use
+    dec.close()
+```
 ## Development

data/lib/security_client.rb CHANGED

@@ -28,7 +28,6 @@ module SecurityClient
         enc.close() if enc
         raise
       end
-      puts res
       return res
     end
@@ -42,7 +41,6 @@ module SecurityClient
         dec.close() if dec
         raise
       end
-      puts res
       return res
     end
@@ -335,7 +333,7 @@ class SecurityClient::Decryption
   # Initialize the decryption module object
   # Set the credentials in instance varibales to be used among methods
   # the server to which to make the request
-  raise RuntimeError, 'Some of your credentials are missing, please check!' if !validate_creds(creds)
+  # raise RuntimeError, 'Some of your credentials are missing, please check!' if !validate_creds(creds)
   @host = creds.host.blank? ? VOLTRON_HOST : creds.host
   # The client's public API key (used to identify the client to the server
@@ -350,194 +348,192 @@ class SecurityClient::Decryption
   @decryption_ready = true
   @decryption_started = false
-end
+  end
-def endpoint_base
-  @host + '/api/v0'
-end
+  def endpoint_base
+    @host + '/api/v0'
+  end
-def endpoint
-  '/api/v0/decryption/key'
-end
+  def endpoint
+    '/api/v0/decryption/key'
+  end
-def begin
-  # Begin the decryption process
+  def begin
+    # Begin the decryption process
-  # This interface does not take any cipher text in its arguments
-  # in an attempt to maintain an API that corresponds to the
-  # encryption object. In doing so, the work that can take place
-  # in this function is limited. without any data, there is no
-  # way to determine which key is in use or decrypt any data.
-  #
-  # this function simply throws an error if starting an decryption
-  # while one is already in progress, and initializes the internal
-  # buffer
+    # This interface does not take any cipher text in its arguments
+    # in an attempt to maintain an API that corresponds to the
+    # encryption object. In doing so, the work that can take place
+    # in this function is limited. without any data, there is no
+    # way to determine which key is in use or decrypt any data.
+    #
+    # this function simply throws an error if starting an decryption
+    # while one is already in progress, and initializes the internal
+    # buffer
-  raise RuntimeError, 'Decryption is not ready' if !@decryption_ready
+    raise RuntimeError, 'Decryption is not ready' if !@decryption_ready
-  raise RuntimeError, 'Decryption Already Started' if @decryption_started
+    raise RuntimeError, 'Decryption Already Started' if @decryption_started
-  raise RuntimeError, 'Decryption already in progress' if @key.present? and @key.key?("dec")
-  @decryption_started = true
-  @data = ''
-end
+    raise RuntimeError, 'Decryption already in progress' if @key.present? and @key.key?("dec")
+    @decryption_started = true
+    @data = ''
+  end
-def update(data)
-  # Decryption of cipher text is performed here
-  # Cipher text must be passed to this function in the order in which it was output from the encryption.update function.
-  # Each encryption has a header on it that identifies the algorithm
-  # used  and an encryption of the data key that was used to encrypt
-  # the original plain text. there is no guarantee how much of that
-  # data will be passed to this function or how many times this
-  # function will be called to process all of the data. to that end,
-  # this function buffers data internally, when it is unable to
-  # process it.
-  #
-  # The function buffers data internally until the entire header is
-  # received. once the header has been received, the encrypted data
-  # key is sent to the server for decryption. after the header has
-  # been successfully handled, this function always decrypts all of
-  # the data in its internal buffer *except* for however many bytes
-  # are specified by the algorithm's tag size. see the end() function
-  # for details.
-  raise RuntimeError, 'Decryption is not Started' if !@decryption_started
-  # Append the incoming data in the internal data buffer
-  @data  = @data + data
-  # if there is no key or 'dec' member of key, then the code is still trying to build a complete header
-  if !@key.present? or !@key.key?("dec")
-    struct_length = [1,1,1,1,1].pack('CCCCn').length
-    packed_struct = @data[0...struct_length]
-    # Does the buffer contain enough of the header to
-    # determine the lengths of the initialization vector
-    # and the key?
-    if @data.length > struct_length
-      # Unpack the values packed in encryption
-      version, flag_for_later, algorithm_id, iv_length, key_length = packed_struct.unpack('CCCCn')
-      # verify flag and version are 0
-      raise RuntimeError, 'invalid encryption header' if version != 0 or flag_for_later != 0
-      # Does the buffer contain the entire header?
-      if @data.length > struct_length + iv_length + key_length
-        # Extract the initialization vector
-        iv = @data[struct_length...iv_length + struct_length]
-        # Extract the encryped key
-        encrypted_key = @data[struct_length + iv_length...key_length + struct_length + iv_length]
-        # Remove the header from the buffer
-        @data = @data[struct_length + iv_length + key_length..-1]
-        # generate a local identifier for the key
-        hash_sha512 = OpenSSL::Digest::SHA512.new
-        hash_sha512 << encrypted_key
-        client_id = hash_sha512.digest
-        if @key.present?
-          if @key['client_id'] != client_id
-            close()
+  def update(data)
+    # Decryption of cipher text is performed here
+    # Cipher text must be passed to this function in the order in which it was output from the encryption.update function.
+    # Each encryption has a header on it that identifies the algorithm
+    # used  and an encryption of the data key that was used to encrypt
+    # the original plain text. there is no guarantee how much of that
+    # data will be passed to this function or how many times this
+    # function will be called to process all of the data. to that end,
+    # this function buffers data internally, when it is unable to
+    # process it.
+    #
+    # The function buffers data internally until the entire header is
+    # received. once the header has been received, the encrypted data
+    # key is sent to the server for decryption. after the header has
+    # been successfully handled, this function always decrypts all of
+    # the data in its internal buffer *except* for however many bytes
+    # are specified by the algorithm's tag size. see the end() function
+    # for details.
+    raise RuntimeError, 'Decryption is not Started' if !@decryption_started
+    # Append the incoming data in the internal data buffer
+    @data  = @data + data
+    # if there is no key or 'dec' member of key, then the code is still trying to build a complete header
+    if !@key.present? or !@key.key?("dec")
+      struct_length = [1,1,1,1,1].pack('CCCCn').length
+      packed_struct = @data[0...struct_length]
+      # Does the buffer contain enough of the header to
+      # determine the lengths of the initialization vector
+      # and the key?
+      if @data.length > struct_length
+        # Unpack the values packed in encryption
+        version, flag_for_later, algorithm_id, iv_length, key_length = packed_struct.unpack('CCCCn')
+        # verify flag and version are 0
+        raise RuntimeError, 'invalid encryption header' if version != 0 or flag_for_later != 0
+        # Does the buffer contain the entire header?
+        if @data.length > struct_length + iv_length + key_length
+          # Extract the initialization vector
+          iv = @data[struct_length...iv_length + struct_length]
+          # Extract the encryped key
+          encrypted_key = @data[struct_length + iv_length...key_length + struct_length + iv_length]
+          # Remove the header from the buffer
+          @data = @data[struct_length + iv_length + key_length..-1]
+          # generate a local identifier for the key
+          hash_sha512 = OpenSSL::Digest::SHA512.new
+          hash_sha512 << encrypted_key
+          client_id = hash_sha512.digest
+          if @key.present?
+            if @key['client_id'] != client_id
+              close()
+            end
           end
-        end
-        # IF key object not exists, request a new one from the server
-        if !@key.present?
-          url = endpoint_base + "/decryption/key"
-          query = {encrypted_data_key: Base64.strict_encode64(encrypted_key)}
-          headers = Auth.build_headers(@papi, @sapi, endpoint, query, @host, 'post')
-          response = HTTParty.post(
-            url,
-            body: query.to_json,
-            headers: headers
-          )
-          # Response status is 200 OK
-          if response.code == WEBrick::HTTPStatus::RC_OK
-            @key = {}
-            @key['finger_print'] = response['key_fingerprint']
-            @key['client_id'] = client_id
-            @key['session'] = response['encryption_session']
-            @key['algorithm'] = 'aes-256-gcm'
-            encrypted_private_key = response['encrypted_private_key']
-            # Decrypt the encryped private key using SRSA
-            private_key = OpenSSL::PKey::RSA.new(encrypted_private_key,@srsa)
-            wrapped_data_key = response['wrapped_data_key']
-            # Decode WDK from base64 format
-            wdk = Base64.strict_decode64(wrapped_data_key)
-            # Use private key to decrypt the wrapped data key
-            dk = private_key.private_decrypt(wdk,OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
-            @key['raw'] = dk
-            @key['uses'] = 0
-          else
-            # Raise the error if response is not 200
-            raise RuntimeError, "HTTPError Response: Expected 201, got #{response.code}"
+          # IF key object not exists, request a new one from the server
+          if !@key.present?
+            url = endpoint_base + "/decryption/key"
+            query = {encrypted_data_key: Base64.strict_encode64(encrypted_key)}
+            headers = Auth.build_headers(@papi, @sapi, endpoint, query, @host, 'post')
+            response = HTTParty.post(
+              url,
+              body: query.to_json,
+              headers: headers
+            )
+            # Response status is 200 OK
+            if response.code == WEBrick::HTTPStatus::RC_OK
+              @key = {}
+              @key['finger_print'] = response['key_fingerprint']
+              @key['client_id'] = client_id
+              @key['session'] = response['encryption_session']
+              @key['algorithm'] = 'aes-256-gcm'
+              encrypted_private_key = response['encrypted_private_key']
+              # Decrypt the encryped private key using SRSA
+              private_key = OpenSSL::PKey::RSA.new(encrypted_private_key,@srsa)
+              wrapped_data_key = response['wrapped_data_key']
+              # Decode WDK from base64 format
+              wdk = Base64.strict_decode64(wrapped_data_key)
+              # Use private key to decrypt the wrapped data key
+              dk = private_key.private_decrypt(wdk,OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
+              @key['raw'] = dk
+              @key['uses'] = 0
+            else
+              # Raise the error if response is not 200
+              raise RuntimeError, "HTTPError Response: Expected 201, got #{response.code}"
+            end
           end
-        end
-        # If the key object exists, create a new decryptor
-        # with the initialization vector from the header and
-        # the decrypted key (which is either new from the
-        # server or cached from the previous decryption). in
-        # either case, increment the key usage
+          # If the key object exists, create a new decryptor
+          # with the initialization vector from the header and
+          # the decrypted key (which is either new from the
+          # server or cached from the previous decryption). in
+          # either case, increment the key usage
-        if @key.present?
-          @algo = Algo.new.get_algo(@key['algorithm'])
-          @key['dec'] = Algo.new.decryptor(@algo, @key['raw'], iv)
-          @key['uses'] += 1
+          if @key.present?
+            @algo = Algo.new.get_algo(@key['algorithm'])
+            @key['dec'] = Algo.new.decryptor(@algo, @key['raw'], iv)
+            @key['uses'] += 1
+          end
         end
       end
     end
-  end
-  # if the object has a key and a decryptor, then decrypt whatever
-  # data is in the buffer, less any data that needs to be saved to
-  # serve as the tag.
-  plain_text = ''
-  if @key.present? and @key.key?("dec")
-    size = @data.length - @algo[:tag_length]
-    if size > 0
-      puts @data[0..size-1]
-      plain_text = @key['dec'].update(@data[0..size-1])
-      @data = @data[size..-1]
+    # if the object has a key and a decryptor, then decrypt whatever
+    # data is in the buffer, less any data that needs to be saved to
+    # serve as the tag.
+    plain_text = ''
+    if @key.present? and @key.key?("dec")
+      size = @data.length - @algo[:tag_length]
+      if size > 0
+        plain_text = @key['dec'].update(@data[0..size-1])
+        @data = @data[size..-1]
+      end
+      return plain_text
     end
-    return plain_text
-  end
-end
+  end
-def end
-  raise RuntimeError, 'Decryption is not Started' if !@decryption_started
-  # The update function always maintains tag-size bytes in
-  # the buffer because this function provides no data parameter.
-  # by the time the caller calls this function, all data must
-  # have already been input to the decryption object.
+  def end
+    raise RuntimeError, 'Decryption is not Started' if !@decryption_started
+    # The update function always maintains tag-size bytes in
+    # the buffer because this function provides no data parameter.
+    # by the time the caller calls this function, all data must
+    # have already been input to the decryption object.
-  sz = @data.length - @algo[:tag_length]
+    sz = @data.length - @algo[:tag_length]
-  raise RuntimeError, 'Invalid Tag!' if sz < 0
-  if sz == 0
-    @key['dec'].auth_tag = @data
-    begin
-      pt = @key['dec'].final
-      # Delete the decryptor context
-      @key.delete('dec')
-      # Return the decrypted plain data
-      @decryption_started = false
-      return pt
-    rescue Exception => e
-      print 'Invalid cipher data or tag!'
-      return ''
+    raise RuntimeError, 'Invalid Tag!' if sz < 0
+    if sz == 0
+      @key['dec'].auth_tag = @data
+      begin
+        pt = @key['dec'].final
+        # Delete the decryptor context
+        @key.delete('dec')
+        # Return the decrypted plain data
+        @decryption_started = false
+        return pt
+      rescue Exception => e
+        print 'Invalid cipher data or tag!'
+        return ''
+      end
     end
   end
-end
   def close
     raise RuntimeError, 'Decryption currently running' if @decryption_started

data/lib/security_client/version.rb CHANGED

@@ -1,3 +1,3 @@
 module SecurityClient
-  VERSION = "0.1.0"
+  VERSION = "0.1.5"
 end

data/security_client.gemspec CHANGED

@@ -9,7 +9,7 @@ Gem::Specification.new do |spec|
   spec.email         = ["vinay.ymca@gmail.com"]
   spec.summary       = %q{Ubiq Security ruby client}
+  spec.homepage      = "https://github.com/vinaymehta/security_client"
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
   spec.files         = `git ls-files -z`.split("\x0").reject do |f|

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: security_client
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.5
 platform: ruby
 authors:
 - vinaymehta
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-08-18 00:00:00.000000000 Z
+date: 2020-08-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -70,7 +70,7 @@ files:
 - lib/security_client.rb
 - lib/security_client/version.rb
 - security_client.gemspec
-homepage:
+homepage: https://github.com/vinaymehta/security_client
 licenses: []
 metadata: {}
 post_install_message: