RubyGems - ubiq-security - Versions diffs - 1.0.0 → 1.0.5 - Mend

ubiq-security 1.0.0 → 1.0.5

Files changed (12) hide show

@@ -13,154 +13,163 @@
 #
 #     https://ubiqsecurity.com/legal
 #
+# frozen_string_literal: true
 require 'rb-readline'
 require 'byebug'
 require 'httparty'
-require "active_support/all"
+require 'active_support/all'
 require_relative './auth.rb'
 require_relative './algo.rb'
 require 'webrick'
+# Ubiq Security Modules for encrypting / decrypting data
 module Ubiq
+  # Ubiq Encryption object
+  # This object represents a single data encryption key and can be used to
+  # encrypt several  separate plain texts using the same key
+  class Encryption
+    def initialize(creds, uses)
+      raise 'Some of your credentials are missing, please check!' unless validate_creds(creds)
-# Ubiq Encryption object
-# This object represents a single data encryption key and can be used to encrypt several  separate plain texts using the same key
-class Encryption
-  def initialize(creds, uses)
-    raise RuntimeError, 'Some of your credentials are missing, please check!' if !validate_creds(creds)
+      # Set host, either the default or the one given by caller
+      @host = creds.host.blank? ? UBIQ_HOST : creds.host
-    # Set host, either the default or the one given by caller
-    @host = creds.host.blank? ? UBIQ_HOST : creds.host
+      # Set the credentials in instance varibales to be used among methods
+      # The client's public API key (used to identify the client to the server
+      @papi = creds.access_key_id
-    # Set the credentials in instance varibales to be used among methods
-    # The client's public API key (used to identify the client to the server
-    @papi = creds.access_key_id
+      # The client's secret API key (used to authenticate HTTP requests)
+      @sapi = creds.secret_signing_key
-    # The client's secret API key (used to authenticate HTTP requests)
-    @sapi = creds.secret_signing_key
+      # The client's secret RSA encryption key/password (used to decrypt the
+      # client's RSA key from the server). This key is not retained by this object.
+      @srsa = creds.secret_crypto_access_key
-    # The client's secret RSA encryption key/password (used to decrypt the client's RSA key from the server). This key is not retained by this object.
-    @srsa = creds.secret_crypto_access_key
+      # Build the endpoint URL
+      url = endpoint_base + '/encryption/key'
-    # Build the endpoint URL
-    url = endpoint_base + '/encryption/key'
+      # Build the Request Body with the number of uses of key
+      query = { uses: uses }
-    # Build the Request Body with the number of uses of key
-    query = {uses: uses}
+      # Retrieve the necessary headers to make the request using Auth Object
+      headers = Auth.build_headers(@papi, @sapi, endpoint, query, @host, 'post')
-    # Retrieve the necessary headers to make the request using Auth Object
-    headers = Auth.build_headers(@papi, @sapi, endpoint, query, @host,'post')
+      @encryption_started = false
+      @encryption_ready = true
-    @encryption_started = false
-    @encryption_ready = true
+      # Request a new encryption key from the server. if the request
+      # fails, the function raises a HTTPError indicating
+      # the status code returned by the server. this exception is
+      # propagated back to the caller
-    # Request a new encryption key from the server. if the request
-    # fails, the function raises a HTTPError indicating
-    # the status code returned by the server. this exception is
-    # propagated back to the caller
-    begin
-      response = HTTParty.post(
-        url,
-        body: query.to_json,
-        headers: headers
-      )
-    rescue HTTParty::Error
-      raise RuntimeError, 'Cant reach server'
+      begin
+        response = HTTParty.post(
+          url,
+          body: query.to_json,
+          headers: headers
+        )
+      rescue HTTParty::Error
+        raise 'Cant reach server'
+      end
+      # Response status is 201 Created
+      if response.code == WEBrick::HTTPStatus::RC_CREATED
+        # The code below largely assumes that the server returns
+        # a json object that contains the members and is formatted
+        # according to the Ubiq REST specification.
+        # Build the key object
+        @key = {}
+        @key['id'] = response['key_fingerprint']
+        @key['session'] = response['encryption_session']
+        @key['security_model'] = response['security_model']
+        @key['algorithm'] = response['security_model']['algorithm'].downcase
+        @key['max_uses'] = response['max_uses']
+        @key['uses'] = 0
+        @key['encrypted'] = Base64.strict_decode64(response['encrypted_data_key'])
+        # Get encrypted private key from response body
+        encrypted_private_key = response['encrypted_private_key']
+        # Get wrapped data key from response body
+        wrapped_data_key = response['wrapped_data_key']
+        # Decrypt the encryped private key using @srsa supplied
+        private_key = OpenSSL::PKey::RSA.new(encrypted_private_key, @srsa)
+        # Decode WDK from base64 format
+        wdk = Base64.strict_decode64(wrapped_data_key)
+        # Use private key to decrypt the wrapped data key
+        dk = private_key.private_decrypt(wdk, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
+        @key['raw'] = dk
+        # Build the algorithm object
+        @algo = Algo.new.get_algo(@key['algorithm'])
+      else
+        # Raise the error if response is not 201
+        raise "HTTPError Response: Expected 201, got #{response.code}"
+      end
     end
-    # Response status is 201 Created
-    if response.code == WEBrick::HTTPStatus::RC_CREATED
-      # The code below largely assumes that the server returns
-      # a json object that contains the members and is formatted
-      # according to the Ubiq REST specification.
-      # Build the key object
-      @key = {}
-      @key['id'] = response['key_fingerprint']
-      @key['session'] = response['encryption_session']
-      @key['security_model'] = response['security_model']
-      @key['algorithm'] = response['security_model']['algorithm'].downcase
-      @key['max_uses'] = response['max_uses']
-      @key['uses'] = 0
-      @key['encrypted'] = Base64.strict_decode64(response['encrypted_data_key'])
-      # Get encrypted private key from response body
-      encrypted_private_key = response['encrypted_private_key']
-      # Get wrapped data key from response body
-      wrapped_data_key = response['wrapped_data_key']
-      # Decrypt the encryped private key using @srsa supplied
-      private_key = OpenSSL::PKey::RSA.new(encrypted_private_key,@srsa)
-      # Decode WDK from base64 format
-      wdk = Base64.strict_decode64(wrapped_data_key)
-      # Use private key to decrypt the wrapped data key
-      dk = private_key.private_decrypt(wdk,OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
-      @key['raw'] = dk
-      # Build the algorithm object
-      @algo = Algo.new.get_algo(@key['algorithm'])
-    else
-      # Raise the error if response is not 201
-      raise RuntimeError, "HTTPError Response: Expected 201, got #{response.code}"
+    def begin
+      # Begin the encryption process
+      # When this function is called, the encryption object increments
+      # the number of uses of the key and creates a new internal context
+      # to be used to encrypt the data.
+      # If the encryption object is not yet ready to be used, throw an error
+      raise 'Encryption not ready' unless @encryption_ready
+      # if Encryption cipher context already exists
+      raise 'Encryption already in progress' if @encryption_started
+      # If max uses > uses
+      raise 'Maximum key uses exceeded' if @key['uses'] >= @key['max_uses']
+      @key['uses'] += 1
+      # create a new Encryption context and initialization vector
+      @enc, @iv = Algo.new.encryptor(@algo, @key['raw'])
+      # Pack the result into bytes to get a byte string
+      struct = [0, Algo::UBIQ_HEADER_V0_FLAG_AAD, @algo[:id], @iv.length, @key['encrypted'].length].pack('CCCCn')
+      @enc.auth_data = struct + @iv + @key['encrypted']
+      @encryption_started = true
+      return struct + @iv + @key['encrypted']
     end
-  end
-  def begin
-    # Begin the encryption process
-    # When this function is called, the encryption object increments
-    # the number of uses of the key and creates a new internal context
-    # to be used to encrypt the data.
-    # If the encryption object is not yet ready to be used, throw an error
-    raise RuntimeError, 'Encryption not ready' if !@encryption_ready
-    # if Encryption cipher context already exists
-    raise RuntimeError, 'Encryption already in progress' if @encryption_started
-    # If max uses > uses
-    raise RuntimeError, 'Maximum key uses exceeded' if @key['uses'] >= @key['max_uses']
-    @key['uses'] += 1
-    # create a new Encryption context and initialization vector
-    @enc , @iv = Algo.new.encryptor(@algo, @key['raw'])
-    # Pack the result into bytes to get a byte string
-    struct = [0, 0, @algo[:id], @iv.length, @key['encrypted'].length].pack('CCCCn')
-    @encryption_started = true
-    return struct + @iv + @key['encrypted']
-  end
+    def update(data)
+      raise 'Encryption is not Started' unless @encryption_started
-  def update(data)
-    raise RuntimeError, 'Encryption is not Started' if !@encryption_started
-    # Encryption of some plain text is perfomed here
-    # Any cipher text produced by the operation is returned
-    @enc.update(data)
-  end
+      # Encryption of some plain text is perfomed here
+      # Any cipher text produced by the operation is returned
+      @enc.update(data)
+    end
-  def end
-    raise RuntimeError, 'Encryption is not Started' if !@encryption_started
-    # This function finalizes the encryption (producing the final
-    # cipher text for the encryption, if necessary) and adds any
-    # authentication information (if required by the algorithm).
-    # Any data produced is returned by the function.
-    # Finalize an encryption
-    res = @enc.final
-    if @algo[:tag_length] != 0
-      # Add the tag to the cipher text
-      res+= @enc.auth_tag
+    def end
+      raise 'Encryption is not Started' unless @encryption_started
+      # This function finalizes the encryption (producing the final
+      # cipher text for the encryption, if necessary) and adds any
+      # authentication information (if required by the algorithm).
+      # Any data produced is returned by the function.
+      # Finalize an encryption
+      res = @enc.final
+      if @algo[:tag_length] != 0
+        # Add the tag to the cipher text
+        res += @enc.auth_tag
+      end
+      @encryption_started = false
+      # Return the encrypted result
+      return res
     end
-    @encryption_started = false
-    # Return the encrypted result
-    return res
-  end
-  def close
-    raise RuntimeError, 'Encryption currently running' if @encryption_started
-    # If the key was used less times than was requested, send an update to the server
-    if @key['uses'] < @key['max_uses']
-      query_url = "#{endpoint}/#{@key['id']}/#{@key['session']}"
+    def close
+      raise 'Encryption currently running' if @encryption_started
+      # If the key was used less times than was requested, send an update to the server
+      if @key['uses'] < @key['max_uses']
+        query_url = "#{endpoint}/#{@key['id']}/#{@key['session']}"
         url = "#{endpoint_base}/encryption/key/#{@key['id']}/#{@key['session']}"
-        query = {actual: @key['uses'], requested: @key['max_uses']}
+        query = { actual: @key['uses'], requested: @key['max_uses'] }
         headers = Auth.build_headers(@papi, @sapi, query_url, query, @host, 'patch')
         response = HTTParty.patch(
           url,
@@ -168,40 +177,43 @@ class Encryption
           headers: headers
         )
         remove_instance_variable(:@key)
-      @encryption_ready = false;
+        @encryption_ready = false
+      end
     end
-  end
-  def endpoint_base
-    @host + '/api/v0'
-  end
+    def endpoint_base
+      @host + '/api/v0'
+    end
-  def endpoint
-    '/api/v0/encryption/key'
+    def endpoint
+      '/api/v0/encryption/key'
+    end
+    def validate_creds(credentials)
+      # This method checks for the presence of the credentials
+      !credentials.access_key_id.blank? &&
+        !credentials.secret_signing_key.blank? &&
+        !credentials.secret_crypto_access_key.blank?
+    end
   end
   def validate_creds(credentials)
     # This method checks for the presence of the credentials
-    !credentials.access_key_id.blank? and !credentials.secret_signing_key.blank? and !credentials.secret_crypto_access_key.blank?
+    !credentials.access_key_id.blank? &&
+      !credentials.secret_signing_key.blank? &&
+      !credentials.secret_crypto_access_key.blank?
   end
-end
-def validate_creds(credentials)
-  # This method checks for the presence of the credentials
-  !credentials.access_key_id.blank? and !credentials.secret_signing_key.blank? and !credentials.secret_crypto_access_key.blank?
-end
-def encrypt(creds, data)
-  begin
-    enc = Encryption.new(creds, 1)
-    res = enc.begin() + enc.update(data) + enc.end()
-    enc.close()
-  rescue
-    enc.close() if enc
-    raise
+  def encrypt(creds, data)
+    begin
+      enc = Encryption.new(creds, 1)
+      res = enc.begin + enc.update(data) + enc.end
+      enc.close
+    rescue StandardError
+      enc&.close
+      raise
+    end
+    return res
   end
-  return res
 end
-end

data/lib/ubiq/host.rb CHANGED

@@ -13,6 +13,9 @@
 #
 #     https://ubiqsecurity.com/legal
 #
+# frozen_string_literal: true
 module Ubiq
-   UBIQ_HOST = 'api.ubiqsecurity.com:8811'
+  UBIQ_HOST = 'api.ubiqsecurity.com'
 end

data/lib/ubiq/version.rb CHANGED

@@ -17,6 +17,5 @@
 # frozen_string_literal: true
 module Ubiq
-  VERSION = "1.0.0"
+  VERSION = '1.0.5'
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ubiq-security
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.5
 platform: ruby
 authors:
 - Ubiq Security, Inc.
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-08-20 00:00:00.000000000 Z
+date: 2020-09-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rb-readline
@@ -58,6 +58,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
 - LICENSE.txt