tanker-core 2.4.0.alpha.1

data/lib/tanker/c_tanker/c_verification_method.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require 'ffi'
+require 'tanker/core/verification_method'
+require 'tanker/c_tanker/c_string'
+
+module Tanker
+  module CTanker
+    class CVerificationMethod < FFI::Struct
+      layout :version, :uint8,
+             :type, :uint8,
+             :email, :pointer
+
+      TYPE_EMAIL = 1
+      TYPE_PASSPHRASE = 2
+      TYPE_VERIFICATION_KEY = 3
+      TYPE_OIDC_ID_TOKEN = 4
+
+      def to_verification_method
+        case self[:type]
+        when TYPE_EMAIL
+          EmailVerificationMethod.new(self[:email].read_string.force_encoding(Encoding::UTF_8))
+        when TYPE_PASSPHRASE
+          PassphraseVerificationMethod.new
+        when TYPE_VERIFICATION_KEY
+          VerificationKeyVerificationMethod.new
+        when TYPE_OIDC_ID_TOKEN
+          OIDCIDTokenVerificationMethod.new
+        else
+          raise "Unknown VerificationMethod type #{self[:type]}!"
+        end
+      end
+    end
+  end
+end

data/lib/tanker/core.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require 'set'
+# always keep this file first, it defines the module and the class
+require_relative 'core/version'
+require_relative 'c_tanker'
+require_relative 'error'
+require_relative 'core/session'
+require_relative 'core/verification'
+require_relative 'core/encryption'
+require_relative 'core/stream'
+require_relative 'sharing_options'
+require_relative 'core/group'
+require_relative 'core/encryption_session'
+require_relative 'core/log_record'
+require_relative 'core/attach_result'
+require_relative 'core/init'

data/lib/tanker/core/attach_result.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class Tanker::Core
+  class AttachResult
+    attr_reader :status, :verification_method
+
+    def initialize(status, verification_method)
+      @status = status
+      @verification_method = verification_method
+    end
+  end
+end

data/lib/tanker/core/encryption.rb

@@ -0,0 +1,109 @@
+# frozen_string_literal: true
+
+require 'tanker/c_tanker'
+require_relative 'encryption_session'
+
+module Tanker
+  class Core
+    def encrypt_data(data, encryption_options = nil)
+      unless data.is_a?(String)
+        raise TypeError, "expected data to be an ASCII-8BIT binary String, but got a #{data.class}"
+      end
+      unless data.encoding == Encoding::ASCII_8BIT
+        raise ArgumentError, "expected data to be an ASCII-8BIT binary String, but it was #{data.encoding} encoded"
+      end
+
+      encrypt_common data, encryption_options
+    end
+
+    def encrypt_utf8(str, encryption_options = nil)
+      ASSERT_UTF8.call(str)
+
+      encrypt_common str, encryption_options
+    end
+
+    def decrypt_data(data)
+      inbuf = FFI::MemoryPointer.from_string(data)
+
+      decrypted_size = CTanker.tanker_decrypted_size(inbuf, data.bytesize).get.address
+      outbuf = FFI::MemoryPointer.new(:char, decrypted_size)
+
+      CTanker.tanker_decrypt(@ctanker, outbuf, inbuf, data.bytesize).get
+
+      outbuf.read_string decrypted_size
+    end
+
+    def decrypt_utf8(data)
+      decrypted = decrypt_data data
+      decrypted.force_encoding(Encoding::UTF_8)
+    end
+
+    def get_resource_id(data)
+      unless data.is_a?(String)
+        raise TypeError, "expected data to be an ASCII-8BIT binary String, but got a #{data.class}"
+      end
+      unless data.encoding == Encoding::ASCII_8BIT
+        raise ArgumentError, "expected data to be an ASCII-8BIT binary String, but it was #{data.encoding} encoded"
+      end
+
+      inbuf = FFI::MemoryPointer.from_string(data)
+      CTanker.tanker_get_resource_id(inbuf, data.bytesize).get_string
+    end
+
+    def share(resource_ids, sharing_options)
+      unless resource_ids.is_a?(Array)
+        raise TypeError, "expected resource_ids to be an array of strings, but got a #{resource_ids.class}"
+      end
+      unless sharing_options.is_a?(SharingOptions)
+        raise TypeError, "expected sharing_options to be a SharingOptions, but got a #{sharing_options.class}"
+      end
+
+      cresource_ids = CTanker.new_cstring_array resource_ids
+      cusers = sharing_options[:recipient_public_identities]
+      nb_cusers = sharing_options[:nb_recipient_public_identities]
+      cgroups = sharing_options[:recipient_group_ids]
+      nb_cgroups = sharing_options[:nb_recipient_group_ids]
+
+      CTanker.tanker_share(@ctanker, cusers, nb_cusers,
+                           cgroups, nb_cgroups,
+                           cresource_ids, resource_ids.length).get
+    end
+
+    def create_encryption_session(sharing_options = nil)
+      if sharing_options.nil?
+        cusers = nil
+        nb_cusers = 0
+        cgroups = nil
+        nb_cgroups = 0
+      else
+        cusers = sharing_options[:recipient_public_identities]
+        nb_cusers = sharing_options[:nb_recipient_public_identities]
+        cgroups = sharing_options[:recipient_group_ids]
+        nb_cgroups = sharing_options[:nb_recipient_group_ids]
+      end
+
+      csession = CTanker.tanker_encryption_session_open(@ctanker, cusers, nb_cusers,
+                                                        cgroups, nb_cgroups).get
+      EncryptionSession.new(csession)
+    end
+
+    def self.prehash_password(str)
+      ASSERT_UTF8.call(str)
+
+      CTanker.tanker_prehash_password(str).get_string
+    end
+
+    private
+
+    def encrypt_common(data, encryption_options = nil)
+      inbuf = FFI::MemoryPointer.from_string(data)
+
+      encrypted_size = CTanker.tanker_encrypted_size data.bytesize
+      outbuf = FFI::MemoryPointer.new(:char, encrypted_size)
+
+      CTanker.tanker_encrypt(@ctanker, outbuf, inbuf, data.bytesize, encryption_options).get
+
+      outbuf.read_string encrypted_size
+    end
+  end
+end

data/lib/tanker/core/encryption_session.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require 'tanker/c_tanker'
+require 'tanker/core/stream'
+
+module Tanker
+  class Core::EncryptionSession
+    def initialize(csession)
+      @csession = csession
+      csession_addr = @csession.address
+      ObjectSpace.define_finalizer(@csession) do |_|
+        CTanker.tanker_encryption_session_close(FFI::Pointer.new(:void, csession_addr)).get
+      end
+    end
+
+    def encrypt_data(data)
+      unless data.is_a?(String)
+        raise TypeError, "expected data to be an ASCII-8BIT binary String, but got a #{data.class}"
+      end
+      unless data.encoding == Encoding::ASCII_8BIT
+        raise ArgumentError, "expected data to be an ASCII-8BIT binary String, but it was #{data.encoding} encoded"
+      end
+
+      encrypt_common(data)
+    end
+
+    def encrypt_utf8(str)
+      ASSERT_UTF8.call(str)
+
+      encrypt_common str
+    end
+
+    def encrypt_common(data)
+      inbuf = FFI::MemoryPointer.from_string(data)
+
+      encrypted_size = CTanker.tanker_encryption_session_encrypted_size data.bytesize
+      outbuf = FFI::MemoryPointer.new(:char, encrypted_size)
+
+      CTanker.tanker_encryption_session_encrypt(@csession, outbuf, inbuf, data.bytesize).get
+
+      outbuf.read_string encrypted_size
+    end
+
+    def encrypt_stream(stream)
+      Stream.do_stream_action(stream) { |cb| CTanker.tanker_encryption_session_stream_encrypt(@csession, cb, nil) }
+    end
+
+    def resource_id
+      CTanker.tanker_encryption_session_get_resource_id(@csession).get_string
+    end
+  end
+end

data/lib/tanker/core/group.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require 'tanker/c_tanker'
+
+module Tanker
+  class Core
+    def create_group(member_identities)
+      cmember_identities = CTanker.new_cstring_array member_identities
+      CTanker.tanker_create_group(@ctanker, cmember_identities, member_identities.length).get_string
+    end
+
+    def update_group_members(group_id, users_to_add:)
+      cidentities = CTanker.new_cstring_array users_to_add
+      CTanker.tanker_update_group_members(@ctanker, group_id, cidentities, users_to_add.length).get
+    end
+  end
+end

data/lib/tanker/core/init.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module Tanker
+  # Main entry point for the Tanker SDK. Can open a Tanker session.
+  class Core
+    CTanker.tanker_init
+
+    def initialize(options)
+      @revoke_event_handlers = Set.new
+      @ctanker = CTanker.tanker_create(options).get
+      ctanker_addr = @ctanker.address
+      ObjectSpace.define_finalizer(@ctanker) do |_|
+        CTanker.tanker_destroy(FFI::Pointer.new(:void, ctanker_addr)).get
+      end
+
+      @device_revoked_handler = ->(_) { @revoke_event_handlers.each(&:call) }
+      CTanker.tanker_event_connect(@ctanker, CTanker::CTankerEvent::DEVICE_REVOKED, @device_revoked_handler, nil).get
+    end
+
+    def self.set_log_handler(&block) # rubocop:disable Naming/AccessorMethodName
+      @log_handler = lambda do |clog|
+        block.call LogRecord.new clog[:category], clog[:level], clog[:file], clog[:line], clog[:message]
+      end
+      CTanker.tanker_set_log_handler @log_handler
+    end
+
+    def connect_device_revoked_handler(&block)
+      @revoke_event_handlers.add block
+    end
+
+    def disconnect_handler(&block)
+      @revoke_event_handlers.delete block
+    end
+  end
+
+  ASSERT_UTF8 = lambda do |str|
+    raise TypeError, "expected a String, but got a #{str.class}" unless str.is_a?(String)
+
+    encoding = str.encoding # Workaround rubocop bug
+    raise ArgumentError, "expected an UTF-8 String, but it was #{encoding} encoded" unless encoding == Encoding::UTF_8
+  end
+  private_constant :ASSERT_UTF8
+end

data/lib/tanker/core/log_record.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+class Tanker::Core
+  class LogRecord
+    attr_reader :category, :level, :file, :line, :message
+
+    LEVEL_DEBUG = 1
+    LEVEL_INFO = 2
+    LEVEL_WARNING = 3
+    LEVEL_ERROR = 4
+
+    def initialize(category, level, file, line, message)
+      @category = category
+      @level = level
+      @file = file
+      @line = line
+      @message = message
+    end
+  end
+end

data/lib/tanker/core/options.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'ffi'
+require 'tanker/c_tanker/c_string'
+
+module Tanker
+  # Options that can be given when opening a Tanker session
+  class Core::Options < FFI::Struct
+    layout :version, :uint8,
+           :app_id, :pointer,
+           :url, :pointer,
+           :writable_path, :pointer,
+           :sdk_type, :pointer,
+           :sdk_version, :pointer
+
+    SDK_TYPE = CTanker.new_cstring 'client-ruby'
+    SDK_VERSION = CTanker.new_cstring Core::VERSION
+
+    def initialize(app_id:, url: nil, writable_path: nil)
+      # Note: Instance variables are required to keep the CStrings alive
+      @app_id = CTanker.new_cstring app_id
+      @url = CTanker.new_cstring url
+      @writable_path = CTanker.new_cstring writable_path
+
+      self[:version] = 2
+      self[:app_id] = @app_id
+      self[:url] = @url
+      self[:writable_path] = @writable_path
+      self[:sdk_type] = SDK_TYPE
+      self[:sdk_version] = SDK_VERSION
+    end
+  end
+end

data/lib/tanker/core/session.rb

@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+require 'tanker/c_tanker'
+require_relative 'status'
+
+module Tanker
+  class Core
+    def start(identity)
+      CTanker.tanker_start(@ctanker, identity).get.address
+    end
+
+    def generate_verification_key
+      CTanker.tanker_generate_verification_key(@ctanker).get_string
+    end
+
+    def register_identity(verification)
+      cverif = CTanker::CVerification.new(verification)
+      CTanker.tanker_register_identity(@ctanker, cverif).get
+    end
+
+    def verify_identity(verification)
+      cverif = CTanker::CVerification.new(verification)
+      CTanker.tanker_verify_identity(@ctanker, cverif).get
+    end
+
+    def set_verification_method(verification) # rubocop:disable Naming/AccessorMethodName (this is not a setter)
+      cverif = CTanker::CVerification.new(verification)
+      CTanker.tanker_set_verification_method(@ctanker, cverif).get
+    end
+
+    def get_verification_methods # rubocop:disable Naming/AccessorMethodName
+      method_list_ptr = CTanker.tanker_get_verification_methods(@ctanker).get
+      count = method_list_ptr.get(:uint32, FFI::Pointer.size)
+
+      method_base_addr = method_list_ptr.read_pointer
+      method_list = count.times.map do |i|
+        method_ptr = method_base_addr + i * CTanker::CVerificationMethod.size
+        CTanker::CVerificationMethod.new(method_ptr).to_verification_method
+      end
+      CTanker.tanker_free_verification_method_list method_list_ptr
+      method_list
+    end
+
+    def device_id
+      CTanker.tanker_device_id(@ctanker).get_string
+    end
+
+    def device_list
+      device_list_ptr = CTanker.tanker_get_device_list(@ctanker).get
+      count = device_list_ptr.get(:uint32, FFI::Pointer.size)
+
+      method_base_addr = device_list_ptr.read_pointer
+      device_info_list = count.times.map do |i|
+        method_ptr = method_base_addr + i * CTanker::CDeviceInfo.size
+        CTanker::CDeviceInfo.new(method_ptr)
+      end
+      CTanker.tanker_free_device_list device_list_ptr
+      device_info_list
+    end
+
+    def revoke_device(device_id)
+      CTanker.tanker_revoke_device(@ctanker, device_id).get
+    end
+
+    def stop
+      CTanker.tanker_stop(@ctanker).get
+    end
+
+    def status
+      CTanker.tanker_status(@ctanker)
+    end
+
+    def attach_provisional_identity(provisional_identity)
+      attach_ptr = CTanker.tanker_attach_provisional_identity(@ctanker, provisional_identity).get
+      attach_status = attach_ptr.get(:uint8, 1)
+      method_ptr = attach_ptr.get_pointer(FFI::Pointer.size)
+      method = CTanker::CVerificationMethod.new(method_ptr).to_verification_method
+      AttachResult.new attach_status, method
+    end
+
+    def verify_provisional_identity(verification)
+      cverif = CTanker::CVerification.new(verification)
+      CTanker.tanker_verify_provisional_identity(@ctanker, cverif).get
+    end
+  end
+end

data/lib/tanker/core/status.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+# Status of a Tanker session
+module Tanker::Status
+  STOPPED = 0
+  READY = 1
+  IDENTITY_REGISTRATION_NEEDED = 2
+  IDENTITY_VERIFICATION_NEEDED = 3
+end