RubyGems - security_client - Versions diffs - 0.1.0 → 0.1.1 - Mend

security_client 0.1.0 → 0.1.1

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/security_client.rb +164 -164
data/lib/security_client/version.rb +1 -1
metadata +1 -1

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 055b4ebf4046542527af7b8df744c592ff0921a8e5d08af6f470e2e72c96c8c2
-  data.tar.gz: 694fa499f049beaae0480892cb2b2bc0100f1e22fed3eb94ab80c250b026d1a0
+  metadata.gz: 7640165682c873870551c45afd84185c197cfeb8a00ca31b8f52ceabe500168e
+  data.tar.gz: c413c6901b56ff802ea984cec4b36616113254add9c06e96cb1c6235e6ee7787
 SHA512:
-  metadata.gz: 0cb89ec2fca2a529d4a75c39505efcaefd6fd2b1716ec435cc206e56d7b7d03bd8f67b1437295c936147425d062afd6c0422ae5ba2854aefa4da31f01ff476e9
-  data.tar.gz: 1e6dc6e527eb4d63796d96f000f37245d5b83cf19a7eb9d72c26c955a797099889138d7f1178492a012ba4a5a9915188b58ccfdfda8db09ccb1ea810a94ff7c1
+  metadata.gz: a3586c80fb88719b618ed1ff4bebb50c3c3fbfb5f87d5b3e7144e8b6ceda8046a4452c339251ed849551480d02a8de1b599f1cb12b673b0b94b89220bee00c33
+  data.tar.gz: 7e5bdd1ef3c9bf4d1e76b1d1503f1a32122891ebfee8250b4db2ce9bda381bd99ec5c84e59b42a98b1dd9c81afaaab685ae04d189a288bce98787ade279a9862

data/lib/security_client.rb CHANGED

@@ -350,194 +350,194 @@ class SecurityClient::Decryption
   @decryption_ready = true
   @decryption_started = false
-end
+  end
-def endpoint_base
-  @host + '/api/v0'
-end
+  def endpoint_base
+    @host + '/api/v0'
+  end
-def endpoint
-  '/api/v0/decryption/key'
-end
+  def endpoint
+    '/api/v0/decryption/key'
+  end
-def begin
-  # Begin the decryption process
+  def begin
+    # Begin the decryption process
-  # This interface does not take any cipher text in its arguments
-  # in an attempt to maintain an API that corresponds to the
-  # encryption object. In doing so, the work that can take place
-  # in this function is limited. without any data, there is no
-  # way to determine which key is in use or decrypt any data.
-  #
-  # this function simply throws an error if starting an decryption
-  # while one is already in progress, and initializes the internal
-  # buffer
+    # This interface does not take any cipher text in its arguments
+    # in an attempt to maintain an API that corresponds to the
+    # encryption object. In doing so, the work that can take place
+    # in this function is limited. without any data, there is no
+    # way to determine which key is in use or decrypt any data.
+    #
+    # this function simply throws an error if starting an decryption
+    # while one is already in progress, and initializes the internal
+    # buffer
-  raise RuntimeError, 'Decryption is not ready' if !@decryption_ready
+    raise RuntimeError, 'Decryption is not ready' if !@decryption_ready
-  raise RuntimeError, 'Decryption Already Started' if @decryption_started
+    raise RuntimeError, 'Decryption Already Started' if @decryption_started
-  raise RuntimeError, 'Decryption already in progress' if @key.present? and @key.key?("dec")
-  @decryption_started = true
-  @data = ''
-end
+    raise RuntimeError, 'Decryption already in progress' if @key.present? and @key.key?("dec")
+    @decryption_started = true
+    @data = ''
+  end
-def update(data)
-  # Decryption of cipher text is performed here
-  # Cipher text must be passed to this function in the order in which it was output from the encryption.update function.
-  # Each encryption has a header on it that identifies the algorithm
-  # used  and an encryption of the data key that was used to encrypt
-  # the original plain text. there is no guarantee how much of that
-  # data will be passed to this function or how many times this
-  # function will be called to process all of the data. to that end,
-  # this function buffers data internally, when it is unable to
-  # process it.
-  #
-  # The function buffers data internally until the entire header is
-  # received. once the header has been received, the encrypted data
-  # key is sent to the server for decryption. after the header has
-  # been successfully handled, this function always decrypts all of
-  # the data in its internal buffer *except* for however many bytes
-  # are specified by the algorithm's tag size. see the end() function
-  # for details.
-  raise RuntimeError, 'Decryption is not Started' if !@decryption_started
-  # Append the incoming data in the internal data buffer
-  @data  = @data + data
-  # if there is no key or 'dec' member of key, then the code is still trying to build a complete header
-  if !@key.present? or !@key.key?("dec")
-    struct_length = [1,1,1,1,1].pack('CCCCn').length
-    packed_struct = @data[0...struct_length]
-    # Does the buffer contain enough of the header to
-    # determine the lengths of the initialization vector
-    # and the key?
-    if @data.length > struct_length
-      # Unpack the values packed in encryption
-      version, flag_for_later, algorithm_id, iv_length, key_length = packed_struct.unpack('CCCCn')
-      # verify flag and version are 0
-      raise RuntimeError, 'invalid encryption header' if version != 0 or flag_for_later != 0
-      # Does the buffer contain the entire header?
-      if @data.length > struct_length + iv_length + key_length
-        # Extract the initialization vector
-        iv = @data[struct_length...iv_length + struct_length]
-        # Extract the encryped key
-        encrypted_key = @data[struct_length + iv_length...key_length + struct_length + iv_length]
-        # Remove the header from the buffer
-        @data = @data[struct_length + iv_length + key_length..-1]
-        # generate a local identifier for the key
-        hash_sha512 = OpenSSL::Digest::SHA512.new
-        hash_sha512 << encrypted_key
-        client_id = hash_sha512.digest
-        if @key.present?
-          if @key['client_id'] != client_id
-            close()
+  def update(data)
+    # Decryption of cipher text is performed here
+    # Cipher text must be passed to this function in the order in which it was output from the encryption.update function.
+    # Each encryption has a header on it that identifies the algorithm
+    # used  and an encryption of the data key that was used to encrypt
+    # the original plain text. there is no guarantee how much of that
+    # data will be passed to this function or how many times this
+    # function will be called to process all of the data. to that end,
+    # this function buffers data internally, when it is unable to
+    # process it.
+    #
+    # The function buffers data internally until the entire header is
+    # received. once the header has been received, the encrypted data
+    # key is sent to the server for decryption. after the header has
+    # been successfully handled, this function always decrypts all of
+    # the data in its internal buffer *except* for however many bytes
+    # are specified by the algorithm's tag size. see the end() function
+    # for details.
+    raise RuntimeError, 'Decryption is not Started' if !@decryption_started
+    # Append the incoming data in the internal data buffer
+    @data  = @data + data
+    # if there is no key or 'dec' member of key, then the code is still trying to build a complete header
+    if !@key.present? or !@key.key?("dec")
+      struct_length = [1,1,1,1,1].pack('CCCCn').length
+      packed_struct = @data[0...struct_length]
+      # Does the buffer contain enough of the header to
+      # determine the lengths of the initialization vector
+      # and the key?
+      if @data.length > struct_length
+        # Unpack the values packed in encryption
+        version, flag_for_later, algorithm_id, iv_length, key_length = packed_struct.unpack('CCCCn')
+        # verify flag and version are 0
+        raise RuntimeError, 'invalid encryption header' if version != 0 or flag_for_later != 0
+        # Does the buffer contain the entire header?
+        if @data.length > struct_length + iv_length + key_length
+          # Extract the initialization vector
+          iv = @data[struct_length...iv_length + struct_length]
+          # Extract the encryped key
+          encrypted_key = @data[struct_length + iv_length...key_length + struct_length + iv_length]
+          # Remove the header from the buffer
+          @data = @data[struct_length + iv_length + key_length..-1]
+          # generate a local identifier for the key
+          hash_sha512 = OpenSSL::Digest::SHA512.new
+          hash_sha512 << encrypted_key
+          client_id = hash_sha512.digest
+          if @key.present?
+            if @key['client_id'] != client_id
+              close()
+            end
           end
-        end
-        # IF key object not exists, request a new one from the server
-        if !@key.present?
-          url = endpoint_base + "/decryption/key"
-          query = {encrypted_data_key: Base64.strict_encode64(encrypted_key)}
-          headers = Auth.build_headers(@papi, @sapi, endpoint, query, @host, 'post')
-          response = HTTParty.post(
-            url,
-            body: query.to_json,
-            headers: headers
-          )
-          # Response status is 200 OK
-          if response.code == WEBrick::HTTPStatus::RC_OK
-            @key = {}
-            @key['finger_print'] = response['key_fingerprint']
-            @key['client_id'] = client_id
-            @key['session'] = response['encryption_session']
-            @key['algorithm'] = 'aes-256-gcm'
-            encrypted_private_key = response['encrypted_private_key']
-            # Decrypt the encryped private key using SRSA
-            private_key = OpenSSL::PKey::RSA.new(encrypted_private_key,@srsa)
-            wrapped_data_key = response['wrapped_data_key']
-            # Decode WDK from base64 format
-            wdk = Base64.strict_decode64(wrapped_data_key)
-            # Use private key to decrypt the wrapped data key
-            dk = private_key.private_decrypt(wdk,OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
-            @key['raw'] = dk
-            @key['uses'] = 0
-          else
-            # Raise the error if response is not 200
-            raise RuntimeError, "HTTPError Response: Expected 201, got #{response.code}"
+          # IF key object not exists, request a new one from the server
+          if !@key.present?
+            url = endpoint_base + "/decryption/key"
+            query = {encrypted_data_key: Base64.strict_encode64(encrypted_key)}
+            headers = Auth.build_headers(@papi, @sapi, endpoint, query, @host, 'post')
+            response = HTTParty.post(
+              url,
+              body: query.to_json,
+              headers: headers
+            )
+            # Response status is 200 OK
+            if response.code == WEBrick::HTTPStatus::RC_OK
+              @key = {}
+              @key['finger_print'] = response['key_fingerprint']
+              @key['client_id'] = client_id
+              @key['session'] = response['encryption_session']
+              @key['algorithm'] = 'aes-256-gcm'
+              encrypted_private_key = response['encrypted_private_key']
+              # Decrypt the encryped private key using SRSA
+              private_key = OpenSSL::PKey::RSA.new(encrypted_private_key,@srsa)
+              wrapped_data_key = response['wrapped_data_key']
+              # Decode WDK from base64 format
+              wdk = Base64.strict_decode64(wrapped_data_key)
+              # Use private key to decrypt the wrapped data key
+              dk = private_key.private_decrypt(wdk,OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
+              @key['raw'] = dk
+              @key['uses'] = 0
+            else
+              # Raise the error if response is not 200
+              raise RuntimeError, "HTTPError Response: Expected 201, got #{response.code}"
+            end
           end
-        end
-        # If the key object exists, create a new decryptor
-        # with the initialization vector from the header and
-        # the decrypted key (which is either new from the
-        # server or cached from the previous decryption). in
-        # either case, increment the key usage
+          # If the key object exists, create a new decryptor
+          # with the initialization vector from the header and
+          # the decrypted key (which is either new from the
+          # server or cached from the previous decryption). in
+          # either case, increment the key usage
-        if @key.present?
-          @algo = Algo.new.get_algo(@key['algorithm'])
-          @key['dec'] = Algo.new.decryptor(@algo, @key['raw'], iv)
-          @key['uses'] += 1
+          if @key.present?
+            @algo = Algo.new.get_algo(@key['algorithm'])
+            @key['dec'] = Algo.new.decryptor(@algo, @key['raw'], iv)
+            @key['uses'] += 1
+          end
         end
       end
     end
-  end
-  # if the object has a key and a decryptor, then decrypt whatever
-  # data is in the buffer, less any data that needs to be saved to
-  # serve as the tag.
-  plain_text = ''
-  if @key.present? and @key.key?("dec")
-    size = @data.length - @algo[:tag_length]
-    if size > 0
-      puts @data[0..size-1]
-      plain_text = @key['dec'].update(@data[0..size-1])
-      @data = @data[size..-1]
+    # if the object has a key and a decryptor, then decrypt whatever
+    # data is in the buffer, less any data that needs to be saved to
+    # serve as the tag.
+    plain_text = ''
+    if @key.present? and @key.key?("dec")
+      size = @data.length - @algo[:tag_length]
+      if size > 0
+        puts @data[0..size-1]
+        plain_text = @key['dec'].update(@data[0..size-1])
+        @data = @data[size..-1]
+      end
+      return plain_text
     end
-    return plain_text
-  end
-end
+  end
-def end
-  raise RuntimeError, 'Decryption is not Started' if !@decryption_started
-  # The update function always maintains tag-size bytes in
-  # the buffer because this function provides no data parameter.
-  # by the time the caller calls this function, all data must
-  # have already been input to the decryption object.
+  def end
+    raise RuntimeError, 'Decryption is not Started' if !@decryption_started
+    # The update function always maintains tag-size bytes in
+    # the buffer because this function provides no data parameter.
+    # by the time the caller calls this function, all data must
+    # have already been input to the decryption object.
-  sz = @data.length - @algo[:tag_length]
+    sz = @data.length - @algo[:tag_length]
-  raise RuntimeError, 'Invalid Tag!' if sz < 0
-  if sz == 0
-    @key['dec'].auth_tag = @data
-    begin
-      pt = @key['dec'].final
-      # Delete the decryptor context
-      @key.delete('dec')
-      # Return the decrypted plain data
-      @decryption_started = false
-      return pt
-    rescue Exception => e
-      print 'Invalid cipher data or tag!'
-      return ''
+    raise RuntimeError, 'Invalid Tag!' if sz < 0
+    if sz == 0
+      @key['dec'].auth_tag = @data
+      begin
+        pt = @key['dec'].final
+        # Delete the decryptor context
+        @key.delete('dec')
+        # Return the decrypted plain data
+        @decryption_started = false
+        return pt
+      rescue Exception => e
+        print 'Invalid cipher data or tag!'
+        return ''
+      end
     end
   end
-end
   def close
     raise RuntimeError, 'Decryption currently running' if @decryption_started

data/lib/security_client/version.rb CHANGED

@@ -1,3 +1,3 @@
 module SecurityClient
-  VERSION = "0.1.0"
+  VERSION = "0.1.1"
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: security_client
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - vinaymehta