slosilo 3.0.0 → 3.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/Jenkinsfile +4 -1
- data/dev/Dockerfile.dev +7 -0
- data/dev/docker-compose.yml +8 -0
- data/lib/slosilo/symmetric.rb +26 -17
- data/lib/slosilo/version.rb +1 -1
- data/publish-rubygem.sh +2 -2
- data/spec/symmetric_spec.rb +23 -2
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 239f3678eb01bdaf97f3c7c243740ff3cf8c1b8507833ea07b150380d5a79ee2
|
4
|
+
data.tar.gz: 2226342fa45964d0fb368712c6c181c3c587aa5a3e46bda6a780f19346cc4d0e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2ace59188f2bcdf101d45cfc94d1924f469522d3d1e4d076e444d017804fee4ebd862163d7bb9e07358c289257a9d485ade42a28b4bbab4f7cbfd6b70e3612e2
|
7
|
+
data.tar.gz: 061ade3a431b2a6073971343a2a15403ec93628a99aecd0150cfa7eb97c69382879a2c4ee45d5525053adfb2bf4b9ada5107d811eceeba4fe71280add15717a8
|
data/CHANGELOG.md
CHANGED
data/Jenkinsfile
CHANGED
@@ -3,6 +3,10 @@
|
|
3
3
|
pipeline {
|
4
4
|
agent { label 'executor-v2' }
|
5
5
|
|
6
|
+
triggers {
|
7
|
+
cron(getDailyCronString())
|
8
|
+
}
|
9
|
+
|
6
10
|
options {
|
7
11
|
timestamps()
|
8
12
|
buildDiscarder(logRotator(daysToKeepStr: '30'))
|
@@ -33,7 +37,6 @@ pipeline {
|
|
33
37
|
agent { label 'executor-v2' }
|
34
38
|
when {
|
35
39
|
allOf {
|
36
|
-
branch 'master'
|
37
40
|
expression {
|
38
41
|
boolean publish = false
|
39
42
|
|
data/dev/Dockerfile.dev
ADDED
data/lib/slosilo/symmetric.rb
CHANGED
@@ -5,6 +5,7 @@ module Slosilo
|
|
5
5
|
|
6
6
|
def initialize
|
7
7
|
@cipher = OpenSSL::Cipher.new 'aes-256-gcm' # NB: has to be lower case for whatever reason.
|
8
|
+
@cipher_mutex = Mutex.new
|
8
9
|
end
|
9
10
|
|
10
11
|
# This lets us do a final sanity check in migrations from older encryption versions
|
@@ -13,14 +14,18 @@ module Slosilo
|
|
13
14
|
end
|
14
15
|
|
15
16
|
def encrypt plaintext, opts = {}
|
16
|
-
|
17
|
-
|
18
|
-
@
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
17
|
+
# All of these operations in OpenSSL must occur atomically, so we
|
18
|
+
# synchronize their access to make this step thread-safe.
|
19
|
+
@cipher_mutex.synchronize do
|
20
|
+
@cipher.reset
|
21
|
+
@cipher.encrypt
|
22
|
+
@cipher.key = (opts[:key] or raise("missing :key option"))
|
23
|
+
@cipher.iv = iv = random_iv
|
24
|
+
@cipher.auth_data = opts[:aad] || "" # Nothing good happens if you set this to nil, or don't set it at all
|
25
|
+
ctext = @cipher.update(plaintext) + @cipher.final
|
26
|
+
tag = @cipher.auth_tag(TAG_LENGTH)
|
27
|
+
"#{VERSION_MAGIC}#{tag}#{iv}#{ctext}"
|
28
|
+
end
|
24
29
|
end
|
25
30
|
|
26
31
|
def decrypt ciphertext, opts = {}
|
@@ -28,19 +33,23 @@ module Slosilo
|
|
28
33
|
|
29
34
|
raise "Invalid version magic: expected #{VERSION_MAGIC} but was #{version}" unless version == VERSION_MAGIC
|
30
35
|
|
31
|
-
|
32
|
-
|
33
|
-
@
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
36
|
+
# All of these operations in OpenSSL must occur atomically, so we
|
37
|
+
# synchronize their access to make this step thread-safe.
|
38
|
+
@cipher_mutex.synchronize do
|
39
|
+
@cipher.reset
|
40
|
+
@cipher.decrypt
|
41
|
+
@cipher.key = opts[:key]
|
42
|
+
@cipher.iv = iv
|
43
|
+
@cipher.auth_tag = tag
|
44
|
+
@cipher.auth_data = opts[:aad] || ""
|
45
|
+
@cipher.update(ctext) + @cipher.final
|
46
|
+
end
|
38
47
|
end
|
39
|
-
|
48
|
+
|
40
49
|
def random_iv
|
41
50
|
@cipher.random_iv
|
42
51
|
end
|
43
|
-
|
52
|
+
|
44
53
|
def random_key
|
45
54
|
@cipher.random_key
|
46
55
|
end
|
data/lib/slosilo/version.rb
CHANGED
data/publish-rubygem.sh
CHANGED
@@ -2,10 +2,10 @@
|
|
2
2
|
|
3
3
|
docker pull registry.tld/conjurinc/publish-rubygem
|
4
4
|
|
5
|
-
|
5
|
+
git clean -fxd
|
6
6
|
|
7
7
|
summon --yaml "RUBYGEMS_API_KEY: !var rubygems/api-key" \
|
8
8
|
docker run --rm --env-file @SUMMONENVFILE -v "$(pwd)":/opt/src \
|
9
9
|
registry.tld/conjurinc/publish-rubygem slosilo
|
10
10
|
|
11
|
-
|
11
|
+
git clean -fxd
|
data/spec/symmetric_spec.rb
CHANGED
@@ -14,8 +14,29 @@ describe Slosilo::Symmetric do
|
|
14
14
|
expect(subject.encrypt(plaintext, key: key, aad: auth_data)).to eq(ciphertext)
|
15
15
|
end
|
16
16
|
end
|
17
|
-
|
17
|
+
|
18
18
|
describe '#decrypt' do
|
19
|
+
|
20
|
+
it "doesn't fail when called by multiple threads" do
|
21
|
+
threads = []
|
22
|
+
|
23
|
+
begin
|
24
|
+
# Verify we can successfuly decrypt using many threads without OpenSSL
|
25
|
+
# errors.
|
26
|
+
1000.times do
|
27
|
+
threads << Thread.new do
|
28
|
+
100.times do
|
29
|
+
expect(
|
30
|
+
subject.decrypt(ciphertext, key: key, aad: auth_data)
|
31
|
+
).to eq(plaintext)
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
ensure
|
36
|
+
threads.each(&:join)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
19
40
|
it "decrypts with AES-256-GCM" do
|
20
41
|
expect(subject.decrypt(ciphertext, key: key, aad: auth_data)).to eq(plaintext)
|
21
42
|
end
|
@@ -56,7 +77,7 @@ describe Slosilo::Symmetric do
|
|
56
77
|
end
|
57
78
|
end
|
58
79
|
end
|
59
|
-
|
80
|
+
|
60
81
|
describe '#random_iv' do
|
61
82
|
it "generates a random iv" do
|
62
83
|
expect_any_instance_of(OpenSSL::Cipher).to receive(:random_iv).and_return :iv
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: slosilo
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.0.
|
4
|
+
version: 3.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Rafał Rzepecki
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-02-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|
@@ -157,6 +157,8 @@ files:
|
|
157
157
|
- README.md
|
158
158
|
- Rakefile
|
159
159
|
- SECURITY.md
|
160
|
+
- dev/Dockerfile.dev
|
161
|
+
- dev/docker-compose.yml
|
160
162
|
- lib/slosilo.rb
|
161
163
|
- lib/slosilo/adapters/abstract_adapter.rb
|
162
164
|
- lib/slosilo/adapters/file_adapter.rb
|