tanker-core 2.4.0.alpha.1

data/lib/tanker/core/stream.rb

@@ -0,0 +1,231 @@
+# frozen_string_literal: true
+
+require 'English'
+require 'tanker/c_tanker'
+
+module Tanker
+  class Core
+    def encrypt_stream(stream, encryption_options = nil)
+      Stream.do_stream_action(stream) { |cb| CTanker.tanker_stream_encrypt(@ctanker, cb, encryption_options, nil) }
+    end
+
+    def decrypt_stream(stream)
+      Stream.do_stream_action(stream) { |cb| CTanker.tanker_stream_decrypt(@ctanker, cb, nil) }
+    end
+  end
+
+  module Stream
+    def self.do_stream_action(stream)
+      in_wrapper = IoToTankerStreamWrapper.new(stream)
+      tanker_stream = (yield in_wrapper.read_method).get
+      out_wrapper = TankerStreamToIoWrapper.new(tanker_stream, in_wrapper)
+
+      out_io = out_wrapper.init_io
+
+      # The chain of possession is
+      # returned IO -> out_wrapper -> in_wrapper
+      # This allows us to close all the chain when the returned IO is closed
+      out_io.instance_eval do
+        @tanker_out_wrapper = out_wrapper
+
+        extend IoMixin
+      end
+
+      out_io
+    end
+  end
+
+  module IoMixin
+    def read(*)
+      out = super
+      raise @tanker_out_wrapper.error if @tanker_out_wrapper.error
+
+      out
+    end
+
+    def read_nonblock(*)
+      out = super
+      raise @tanker_out_wrapper.error if @tanker_out_wrapper.error
+
+      out
+    end
+
+    def readbyte(*)
+      out = super
+      raise @tanker_out_wrapper.error if @tanker_out_wrapper.error
+
+      out
+    end
+
+    def readchar(*)
+      out = super
+      raise @tanker_out_wrapper.error if @tanker_out_wrapper.error
+
+      out
+    end
+
+    def readline(*)
+      out = super
+      raise @tanker_out_wrapper.error if @tanker_out_wrapper.error
+
+      out
+    end
+
+    def readlines(*)
+      out = super
+      raise @tanker_out_wrapper.error if @tanker_out_wrapper.error
+
+      out
+    end
+
+    def readpartial(*)
+      out = super
+      raise @tanker_out_wrapper.error if @tanker_out_wrapper.error
+
+      out
+    end
+
+    def close(*)
+      if @tanker_out_wrapper
+        @tanker_out_wrapper.close
+        @tanker_out_wrapper = nil
+      end
+
+      super
+    end
+  end
+
+  # IMPORTANT: about synchronization
+  # Because of a design flaw in the Tanker C streaming API, it is difficult to
+  # handle cancelation. When canceling a read (closing the stream), Tanker
+  # doesn't forward the cancelation request to the input stream (there's no
+  # callback for that), which means that the callback maybe writing to a buffer
+  # that's being freed. We worked around that by adding a mutex and locking it
+  # in both the output stream and the input stream.
+  # Things to be careful about:
+  # - Do not copy data to the Tanker buffer if tanker_stream_close has been
+  # called
+  # - Do not call tanker_stream_read_operation_finish if tanker_stream_close has
+  # been called
+  # - On the output stream, do not call tanker_stream_read on a closed/closing
+  # stream. Though it is ok to close the stream after the call, but before the
+  # future is resolved.
+  class IoToTankerStreamWrapper
+    attr_reader :error
+    attr_reader :read_method
+    attr_reader :mutex
+
+    def initialize(read_in)
+      @read_in = read_in
+      # This is the object we will pass to ffi, it must be kept alive
+      @read_method = method(:read)
+      @closed = false
+      @mutex = Mutex.new
+    end
+
+    def close
+      raise 'mutex should be locked by the caller' unless @mutex.owned?
+
+      @closed = true
+      @read_in.close
+    end
+
+    def read(buffer, buffer_size, operation, _)
+      # We must not block Tanker's thread, for performance but also to avoid
+      # deadlocks, so let's run this function somewhere else
+      Thread.new do
+        do_read(buffer, buffer_size, operation)
+      end
+    end
+
+    private
+
+    def do_read(buffer, buffer_size, operation)
+      @mutex.synchronize do
+        return if @closed
+
+        if @read_in.eof?
+          CTanker.tanker_stream_read_operation_finish(operation, 0)
+          return
+        end
+      end
+
+      rbbuf = @read_in.readpartial(buffer_size)
+
+      @mutex.synchronize do
+        return if @closed
+
+        buffer.put_bytes(0, rbbuf)
+        CTanker.tanker_stream_read_operation_finish(operation, rbbuf.size)
+      end
+    rescue StandardError => e
+      @mutex.synchronize do
+        return if @closed
+
+        @error = e
+        CTanker.tanker_stream_read_operation_finish(operation, -1)
+      end
+    end
+  end
+
+  class TankerStreamToIoWrapper
+    attr_reader :error
+
+    def initialize(tanker_stream, substream)
+      @tanker_stream = tanker_stream
+      @substream = substream
+
+      # The user will only read on the pipe, so we need something that reads
+      # from Tanker and writes to the pipe, it's this thread.
+      Thread.new { read_thread }
+    end
+
+    def init_io
+      read, @write = IO.pipe
+      read
+    end
+
+    def close
+      tanker_stream = nil
+      @substream.mutex.synchronize do
+        @substream.close
+        tanker_stream = @tanker_stream
+        @tanker_stream = nil
+      end
+      CTanker.tanker_stream_close(tanker_stream).get
+    end
+
+    private
+
+    READ_SIZE = 1024 * 1024
+
+    def read_thread
+      ffibuf = FFI::MemoryPointer.new(:char, READ_SIZE)
+      begin
+        loop do
+          nb_read_fut = nil
+          @substream.mutex.synchronize do
+            unless @tanker_stream
+              raise TankerError, { error_code: Errors::OPERATION_CANCELED, error_message: 'stream operation canceled' }
+            end
+
+            nb_read_fut = CTanker.tanker_stream_read(@tanker_stream, ffibuf, READ_SIZE)
+          end
+          nb_read = nb_read_fut.get.address
+          break if nb_read.zero? # EOF
+
+          @write.write(ffibuf.read_string(nb_read))
+        end
+      rescue StandardError => e
+        @error = @substream.error || e
+      ensure
+        @write.close
+      end
+    end
+  end
+
+  private_constant :Stream
+  private_constant :IoMixin
+  private_constant :IoToTankerStreamWrapper
+  private_constant :TankerStreamToIoWrapper
+end

data/lib/tanker/core/verification.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+require 'ffi'
+require 'tanker/c_tanker/c_string'
+
+module Tanker
+  class Verification; end
+
+  class EmailVerification < Verification
+    attr_reader :email, :verification_code
+
+    def initialize(email, verif_code)
+      ASSERT_UTF8.call(email)
+      ASSERT_UTF8.call(verif_code)
+
+      @email = email
+      @verification_code = verif_code
+    end
+  end
+
+  class PassphraseVerification < Verification
+    attr_reader :passphrase
+
+    def initialize(passphrase)
+      ASSERT_UTF8.call(passphrase)
+
+      @passphrase = passphrase
+    end
+  end
+
+  class VerificationKeyVerification < Verification
+    attr_reader :verification_key
+
+    def initialize(verif_key)
+      ASSERT_UTF8.call(verif_key)
+
+      @verification_key = verif_key
+    end
+  end
+
+  class OIDCIDTokenVerification < Verification
+    attr_reader :oidc_id_token
+
+    def initialize(oidc_id_token)
+      ASSERT_UTF8.call(oidc_id_token)
+
+      @oidc_id_token = oidc_id_token
+    end
+  end
+end

data/lib/tanker/core/verification_method.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require 'ffi'
+require 'tanker/c_tanker/c_string'
+
+module Tanker
+  class VerificationMethod
+    def ==(other)
+      self.class == other.class
+    end
+  end
+
+  class PassphraseVerificationMethod < VerificationMethod; end
+  class VerificationKeyVerificationMethod < VerificationMethod; end
+  class OIDCIDTokenVerificationMethod < VerificationMethod; end
+  class EmailVerificationMethod < VerificationMethod
+    attr_reader :email
+
+    def initialize(email)
+      @email = email
+    end
+
+    def ==(other)
+      super && email == other.email
+    end
+  end
+end

data/lib/tanker/core/version.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Tanker
+  class Core
+    VERSION = '2.4.0.alpha.1'
+
+    def self.native_version
+      CTanker.tanker_version_string
+    end
+  end
+end

data/lib/tanker/error.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require 'tanker/c_tanker/c_tanker_error'
+
+module Tanker
+  # Errors returned by native tanker futures
+  class Error < StandardError
+    NO_ERROR = 0
+    INVALID_ARGUMENT = 1
+    INTERNAL_ERROR = 2
+    NETWORK_ERROR = 3
+    PRECONDITION_FAILED = 4
+    OPERATION_CANCELED = 5
+
+    DECRYPTION_FAILED = 6
+
+    GROUP_TOO_BIG = 7
+
+    INVALID_VERIFICATION = 8
+    TOO_MANY_ATTEMPTS = 9
+    EXPIRED_VERIFICATION = 10
+    IO_ERROR = 11
+    DEVICE_REVOKED = 12
+
+    CONFLICT = 13
+
+    def initialize(ctanker_error)
+      @code = ctanker_error[:error_code]
+      @message = ctanker_error[:error_message]
+    end
+
+    attr_reader :code
+    attr_reader :message
+  end
+end

data/lib/tanker/sharing_options.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+require 'ffi'
+require 'tanker/c_tanker/c_string'
+
+module Tanker
+  module CommonSharingOptions
+    def initialize(share_with_users: [], share_with_groups: [])
+      @recipients = FFI::MemoryPointer.new(:pointer, share_with_users.length)
+      @recipients.write_array_of_pointer(share_with_users.map { |id| CTanker.new_cstring id })
+
+      @groups = FFI::MemoryPointer.new(:pointer, share_with_groups.length)
+      @groups.write_array_of_pointer(share_with_groups.map { |id| CTanker.new_cstring id })
+
+      self[:version] = 2
+      self[:recipient_public_identities] = @recipients
+      self[:nb_recipient_public_identities] = share_with_users.length
+      self[:recipient_group_ids] = @groups
+      self[:nb_recipient_group_ids] = share_with_groups.length
+    end
+
+    def self.included(base)
+      base.layout :version, :uint8,
+                  :recipient_public_identities, :pointer,
+                  :nb_recipient_public_identities, :uint32,
+                  :recipient_group_ids, :pointer,
+                  :nb_recipient_group_ids, :uint32
+    end
+  end
+
+  # Options that can be given when sharing data
+  class SharingOptions < FFI::Struct
+    include CommonSharingOptions
+  end
+
+  # Options that can be given when encrypting data
+  class EncryptionOptions < FFI::Struct
+    include CommonSharingOptions
+  end
+
+  private_constant :CommonSharingOptions
+end

metadata

@@ -0,0 +1,192 @@
+--- !ruby/object:Gem::Specification
+name: tanker-core
+version: !ruby/object:Gem::Version
+  version: 2.4.0.alpha.1
+platform: ruby
+authors:
+- Tanker team
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-06-29 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: ffi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: bundler-audit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.85.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.85.1
+- !ruby/object:Gem::Dependency
+  name: rubygems-tasks
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.5
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.5
+- !ruby/object:Gem::Dependency
+  name: tanker-identity
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+description: |
+  Ruby bindings for the Tanker SDK.
+  Tanker is a platform as a service that allows you to easily protect your users' data with end-to-end encryption through a SDK
+email:
+- tech@tanker.io
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.rst
+- lib/tanker-core.rb
+- lib/tanker/admin.rb
+- lib/tanker/admin/app.rb
+- lib/tanker/admin/c_admin.rb
+- lib/tanker/admin/c_admin/c_app_descriptor.rb
+- lib/tanker/c_tanker.rb
+- lib/tanker/c_tanker/c_device_info.rb
+- lib/tanker/c_tanker/c_event.rb
+- lib/tanker/c_tanker/c_future.rb
+- lib/tanker/c_tanker/c_log_record.rb
+- lib/tanker/c_tanker/c_string.rb
+- lib/tanker/c_tanker/c_tanker_error.rb
+- lib/tanker/c_tanker/c_verification.rb
+- lib/tanker/c_tanker/c_verification_method.rb
+- lib/tanker/core.rb
+- lib/tanker/core/attach_result.rb
+- lib/tanker/core/encryption.rb
+- lib/tanker/core/encryption_session.rb
+- lib/tanker/core/group.rb
+- lib/tanker/core/init.rb
+- lib/tanker/core/log_record.rb
+- lib/tanker/core/options.rb
+- lib/tanker/core/session.rb
+- lib/tanker/core/status.rb
+- lib/tanker/core/stream.rb
+- lib/tanker/core/verification.rb
+- lib/tanker/core/verification_method.rb
+- lib/tanker/core/version.rb
+- lib/tanker/error.rb
+- lib/tanker/sharing_options.rb
+- vendor/libctanker/linux64/tanker/lib/libctanker.so
+homepage: https://tanker.io
+licenses:
+- Apache-2.0
+metadata:
+  homepage_uri: https://tanker.io
+  source_code_uri: https://github.com/TankerHQ/sdk-ruby
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.5.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">"
+    - !ruby/object:Gem::Version
+      version: 1.3.1
+requirements: []
+rubygems_version: 3.0.6
+signing_key: 
+specification_version: 4
+summary: Ruby SDK for Tanker
+test_files: []