RubyGems - ubiq-security - Versions diffs - 1.0.1 → 1.0.6 - Mend

ubiq-security 1.0.1 → 1.0.6

Files changed (15) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a7988726fc44204d81c5fd65b343c14d34ff24e2fc6883b6fed4acdfc71afb98
-  data.tar.gz: c22cc110f282e5b93dd42fe49be499a1dff208d6fce0726329499a5b0b0fb93a
+  metadata.gz: eb202f29281352bd6b6054b8ee1593e063b34f5f4230b5f73e59fe3ce33544e1
+  data.tar.gz: 58f2192b4fad98886e30218925097539716107748de42d50c29fe83ef250cb0f
 SHA512:
-  metadata.gz: 91e17a9b5b5d52dc2f107585884bdda8e3a12cf2e405329b5204835ac28a9dd416bd044fc0fb530e6b43382d1ec6ecc9b0b9771b4317744fcfef6ae7bd9b9757
-  data.tar.gz: a428124dc92b6b956a8f5be93d19e00bc4541144894b73f3ee692f6db22bb8514e2be77f8977b140ed04f8f0ed3504d20523c5bec1d5f08399dda4654218afcc
+  metadata.gz: 1f5114fb90183ae27e4e706752e9d065cddbacf3230196ad8dce0949207bfc3db92502c607ce606b5ca73716676336514098342b6cb6ad61085467968fab2543
+  data.tar.gz: 6fd719b4f2c08b1bfcdfb4a33215002a85f51f2e7d03a24ff7a89e3b941044d470443241f9e447bcac049828548b1ffc9542a37ca9c50bc9b588182dff238d6c

data/CHANGELOG.md ADDED

@@ -0,0 +1,12 @@
+# Changelog
+## 1.0.6 - 2020-10-28
+* Change to MIT license
+## 1.0.5 - 2020-09-23
+* Remove dead code
+* Pass client library name and version to server
+* Added AAD information to ciphers for encrypt and decrypt
+## 1.0.1 - 2020-08-20
+* Initial Version

data/LICENSE ADDED

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2020- Ubiq Security, Inc. (https://ubiqsecurity.com)
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md CHANGED

@@ -31,8 +31,11 @@ To build and install directly from a clone of the gitlab repository source:
 ```sh
 git clone https://gitlab.com/ubiqsecurity/ubiq-ruby.git
 cd ubiq-ruby
-rake install:local
+bundle install
+gem build ubiq-security.gemspec
+gem install ./ubiq-security*.gem
 ```
+You may need to run the `gem install` commands above using sudo.
 ## Usage
@@ -82,7 +85,7 @@ Pass credentials and data into the encryption function.  The encrypted data will
 ```ruby
-require "ubiq-security"
+require 'ubiq-security'
 include Ubiq
 encrypted_data = encrypt(credentials, plaintext_data)
@@ -94,7 +97,7 @@ encrypted_data = encrypt(credentials, plaintext_data)
 Pass credentials and encrypted data into the decryption function.  The plaintext data will be returned.
 ```ruby
-require "ubiq-security"
+require 'ubiq-security'
 include Ubiq
 plaintext_data = decrypt(credentials, encrypted_data)
@@ -111,7 +114,7 @@ plaintext_data = decrypt(credentials, encrypted_data)
 ```ruby
-require "ubiq-security"
+require 'ubiq-security'
 include Ubiq
 # Process 1 MiB of plaintext data at a time
@@ -127,7 +130,7 @@ BLOCK_SIZE = 1024 * 1024
    # Loop until the end of the input file is reached
     until infile.eof?
       chunk = infile.read BLOCK_SIZE
-      encrypted_data += encryption.update(chunk))
+      encrypted_data += encryption.update(chunk)
     end
     # Make sure any additional encrypted data is retrieved from encryption instance
     encrypted_data += encryption.end()
@@ -146,7 +149,7 @@ BLOCK_SIZE = 1024 * 1024
 ```ruby
-require "ubiq-security"
+require 'ubiq-security'
 include Ubiq
 # Process 1 MiB of encrypted data at a time
@@ -158,7 +161,7 @@ BLOCK_SIZE = 1024 * 1024
     decryption = Decryption(credentials)
     # Start the decryption and get any header information
-    plaintext_data = decryption.begin())
+    plaintext_data = decryption.begin()
     # Loop until the end of the input file is reached
     until infile.eof?
@@ -179,7 +182,7 @@ BLOCK_SIZE = 1024 * 1024
 [bundler]: https://bundler.io
 [rubygems]: https://rubygems.org
 [gem]: https://rubygems.org/gems/uniq-security
-[dashboard]:https://dev.ubiqsecurity.com/docs/dashboard
+[dashboard]:https://dashboard.ubiqsecurity.com/
 [credentials]:https://dev.ubiqsecurity.com/docs/how-to-create-api-keys
 [apidocs]:https://dev.ubiqsecurity.com/docs/api

data/lib/ubiq-security.rb CHANGED

@@ -1,18 +1,3 @@
-# Copyright 2020 Ubiq Security, Inc., Proprietary and All Rights Reserved.
-#
-# NOTICE:  All information contained herein is, and remains the property
-# of Ubiq Security, Inc. The intellectual and technical concepts contained
-# herein are proprietary to Ubiq Security, Inc. and its suppliers and may be
-# covered by U.S. and Foreign Patents, patents in process, and are
-# protected by trade secret or copyright law. Dissemination of this
-# information or reproduction of this material is strictly forbidden
-# unless prior written permission is obtained from Ubiq Security, Inc.
-#
-# Your use of the software is expressly conditioned upon the terms
-# and conditions available at:
-#
-#     https://ubiqsecurity.com/legal
 # frozen_string_literal: true
 require 'ubiq/version'

data/lib/ubiq/algo.rb CHANGED

@@ -1,19 +1,3 @@
-# Copyright 2020 Ubiq Security, Inc., Proprietary and All Rights Reserved.
-#
-# NOTICE:  All information contained herein is, and remains the property
-# of Ubiq Security, Inc. The intellectual and technical concepts contained
-# herein are proprietary to Ubiq Security, Inc. and its suppliers and may be
-# covered by U.S. and Foreign Patents, patents in process, and are
-# protected by trade secret or copyright law. Dissemination of this
-# information or reproduction of this material is strictly forbidden
-# unless prior written permission is obtained from Ubiq Security, Inc.
-#
-# Your use of the software is expressly conditioned upon the terms
-# and conditions available at:
-#
-#     https://ubiqsecurity.com/legal
-#
 # frozen_string_literal: true
 require 'active_support/all'
@@ -23,7 +7,11 @@ module Ubiq
   # Class to provide some basic information mapping between an
   # encryption algorithm name and the cooresponding
   # key size, initialization vector length, and tag
   class Algo
+    UBIQ_HEADER_V0_FLAG_AAD = 0b00000001
     def set_algo
       @algorithm = {
         'aes-256-gcm' => {
@@ -33,10 +21,27 @@ module Ubiq
           key_length: 32,
           iv_length: 12,
           tag_length: 16
+        },
+        'aes-128-gcm' => {
+          id: 1,
+          algorithm: OpenSSL::Cipher::AES128,
+          mode: OpenSSL::Cipher::AES128.new(:GCM),
+          key_length: 16,
+          iv_length: 12,
+          tag_length: 16
         }
       }
     end
+    def find_alg(id)
+      set_algo.each do |k,v|
+        if v[:id] == id
+           return k
+         end
+      end
+      "unknown"
+    end
     def get_algo(name)
       set_algo[name]
     end

data/lib/ubiq/auth.rb CHANGED

@@ -1,19 +1,3 @@
-# Copyright 2020 Ubiq Security, Inc., Proprietary and All Rights Reserved.
-#
-# NOTICE:  All information contained herein is, and remains the property
-# of Ubiq Security, Inc. The intellectual and technical concepts contained
-# herein are proprietary to Ubiq Security, Inc. and its suppliers and may be
-# covered by U.S. and Foreign Patents, patents in process, and are
-# protected by trade secret or copyright law. Dissemination of this
-# information or reproduction of this material is strictly forbidden
-# unless prior written permission is obtained from Ubiq Security, Inc.
-#
-# Your use of the software is expressly conditioned upon the terms
-# and conditions available at:
-#
-#     https://ubiqsecurity.com/legal
-#
 # frozen_string_literal: true
 require 'active_support/all'
@@ -48,6 +32,7 @@ module Ubiq
       # Initialize the headers object to be returned via this method
       all_headers = {}
+      all_headers['user-agent'] = 'ubiq-ruby/' + Ubiq::VERSION
       # The content type of request
       all_headers['content-type'] = 'application/json'
       # The request target calculated above(reqt)
@@ -74,7 +59,7 @@ module Ubiq
       all_headers.delete('(created)')
       all_headers.delete('(request-target)')
       all_headers.delete('host')
       # Build the Signature header itself
       all_headers['signature']  = 'keyId="' + papi + '"'
       all_headers['signature'] += ', algorithm="hmac-sha512"'
@@ -87,9 +72,13 @@ module Ubiq
       return all_headers
     end
+    # Only want to return port in the URI if the
+    # host contained one, otherwise let gateway resolve it
     def self.get_host(host)
       uri = URI(host)
-      return "#{uri.hostname}:#{uri.port}"
+      ret = uri.hostname.to_s
+      ret += ":#{uri.port}" if host.match(/:[0-9]+/)
+      ret
     end
     def self.get_date

data/lib/ubiq/credentials.rb CHANGED

@@ -1,24 +1,10 @@
-# Copyright 2020 Ubiq Security, Inc., Proprietary and All Rights Reserved.
-#
-# NOTICE:  All information contained herein is, and remains the property
-# of Ubiq Security, Inc. The intellectual and technical concepts contained
-# herein are proprietary to Ubiq Security, Inc. and its suppliers and may be
-# covered by U.S. and Foreign Patents, patents in process, and are
-# protected by trade secret or copyright law. Dissemination of this
-# information or reproduction of this material is strictly forbidden
-# unless prior written permission is obtained from Ubiq Security, Inc.
-#
-# Your use of the software is expressly conditioned upon the terms
-# and conditions available at:
-#
-#     https://ubiqsecurity.com/legal
-#
 # frozen_string_literal: true
 require 'configparser'
 require 'rb-readline'
 require 'byebug'
+require_relative './host.rb'
 module Ubiq
   # Access Credentials used by the library to validate service calls
@@ -76,6 +62,10 @@ module Ubiq
         d = config['default']
       end
+      if !d.key?('SERVER')
+        d['SERVER'] = Ubiq::UBIQ_HOST
+      end
       # get the supplied profile if there is one
       if config[profile].present?
         p = config[profile]

data/lib/ubiq/decrypt.rb CHANGED

@@ -1,19 +1,3 @@
-# Copyright 2020 Ubiq Security, Inc., Proprietary and All Rights Reserved.
-#
-# NOTICE:  All information contained herein is, and remains the property
-# of Ubiq Security, Inc. The intellectual and technical concepts contained
-# herein are proprietary to Ubiq Security, Inc. and its suppliers and may be
-# covered by U.S. and Foreign Patents, patents in process, and are
-# protected by trade secret or copyright law. Dissemination of this
-# information or reproduction of this material is strictly forbidden
-# unless prior written permission is obtained from Ubiq Security, Inc.
-#
-# Your use of the software is expressly conditioned upon the terms
-# and conditions available at:
-#
-#     https://ubiqsecurity.com/legal
-#
 # frozen_string_literal: true
 require 'rb-readline'
@@ -123,10 +107,10 @@ module Ubiq
         # and the key?
         if @data.length > struct_length
           # Unpack the values packed in encryption
-          version, flag_for_later, algorithm_id, iv_length, key_length = packed_struct.unpack('CCCCn')
+          version, flags, algorithm_id, iv_length, key_length = packed_struct.unpack('CCCCn')
-          # verify flag and version are 0
-          raise 'invalid encryption header' if (version != 0) || (flag_for_later != 0)
+          # verify flag are correct and version is 0
+          raise 'invalid encryption header' if (version != 0 ) || ((flags & ~Algo::UBIQ_HEADER_V0_FLAG_AAD) != 0)
           # Does the buffer contain the entire header?
           if @data.length > struct_length + iv_length + key_length
@@ -165,7 +149,8 @@ module Ubiq
                 @key['client_id'] = client_id
                 @key['session'] = response['encryption_session']
-                @key['algorithm'] = 'aes-256-gcm'
+                # Get the algorithm name from the internal algorithm id in the header
+                @key['algorithm'] = Algo.new.find_alg(algorithm_id)
                 encrypted_private_key = response['encrypted_private_key']
                 # Decrypt the encryped private key using SRSA
@@ -194,6 +179,15 @@ module Ubiq
             if @key.present?
               @algo = Algo.new.get_algo(@key['algorithm'])
               @key['dec'] = Algo.new.decryptor(@algo, @key['raw'], iv)
+              # Documentation indicates the auth_data has to be set AFTER auth_tag
+              # but we get an OpenSSL error when it is set AFTER an update call.
+              # Checking OpenSSL documentation, there is not a requirement to set
+              # auth_data before auth_tag so Ruby documentation seems to be
+              # wrong.  This approach works and is compatible with the encrypted
+              # data produced by the other languages' client library
+              if (flags & Algo::UBIQ_HEADER_V0_FLAG_AAD) != 0
+                 @key['dec'].auth_data = packed_struct + iv + encrypted_key
+              end
               @key['uses'] += 1
             end
           end

data/lib/ubiq/encrypt.rb CHANGED

@@ -1,19 +1,3 @@
-# Copyright 2020 Ubiq Security, Inc., Proprietary and All Rights Reserved.
-#
-# NOTICE:  All information contained herein is, and remains the property
-# of Ubiq Security, Inc. The intellectual and technical concepts contained
-# herein are proprietary to Ubiq Security, Inc. and its suppliers and may be
-# covered by U.S. and Foreign Patents, patents in process, and are
-# protected by trade secret or copyright law. Dissemination of this
-# information or reproduction of this material is strictly forbidden
-# unless prior written permission is obtained from Ubiq Security, Inc.
-#
-# Your use of the software is expressly conditioned upon the terms
-# and conditions available at:
-#
-#     https://ubiqsecurity.com/legal
-#
 # frozen_string_literal: true
 require 'rb-readline'
@@ -128,7 +112,9 @@ module Ubiq
       @enc, @iv = Algo.new.encryptor(@algo, @key['raw'])
       # Pack the result into bytes to get a byte string
-      struct = [0, 0, @algo[:id], @iv.length, @key['encrypted'].length].pack('CCCCn')
+      struct = [0, Algo::UBIQ_HEADER_V0_FLAG_AAD, @algo[:id], @iv.length, @key['encrypted'].length].pack('CCCCn')
+      @enc.auth_data = struct + @iv + @key['encrypted']
       @encryption_started = true
       return struct + @iv + @key['encrypted']
     end

data/lib/ubiq/host.rb CHANGED

@@ -1,18 +1,5 @@
-# Copyright 2020 Ubiq Security, Inc., Proprietary and All Rights Reserved.
-#
-# NOTICE:  All information contained herein is, and remains the property
-# of Ubiq Security, Inc. The intellectual and technical concepts contained
-# herein are proprietary to Ubiq Security, Inc. and its suppliers and may be
-# covered by U.S. and Foreign Patents, patents in process, and are
-# protected by trade secret or copyright law. Dissemination of this
-# information or reproduction of this material is strictly forbidden
-# unless prior written permission is obtained from Ubiq Security, Inc.
-#
-# Your use of the software is expressly conditioned upon the terms
-# and conditions available at:
-#
-#     https://ubiqsecurity.com/legal
-#
+# frozen_string_literal: true
 module Ubiq
-  UBIQ_HOST = 'api.ubiqsecurity.com:8811'
+  UBIQ_HOST = 'api.ubiqsecurity.com'
 end

data/lib/ubiq/version.rb CHANGED

@@ -1,21 +1,5 @@
-# Copyright 2020 Ubiq Security, Inc., Proprietary and All Rights Reserved.
-#
-# NOTICE:  All information contained herein is, and remains the property
-# of Ubiq Security, Inc. The intellectual and technical concepts contained
-# herein are proprietary to Ubiq Security, Inc. and its suppliers and may be
-# covered by U.S. and Foreign Patents, patents in process, and are
-# protected by trade secret or copyright law. Dissemination of this
-# information or reproduction of this material is strictly forbidden
-# unless prior written permission is obtained from Ubiq Security, Inc.
-#
-# Your use of the software is expressly conditioned upon the terms
-# and conditions available at:
-#
-#     https://ubiqsecurity.com/legal
-#
 # frozen_string_literal: true
 module Ubiq
-  VERSION = '1.0.1'
+  VERSION = '1.0.6'
 end

data/ubiq-security.gemspec CHANGED

@@ -10,7 +10,7 @@ Gem::Specification.new do |spec|
   spec.description   = "Provide data encryption to any application with a couple of API calls.  " \
                        "See https://www.ubiqsecurity.com for details."
   spec.homepage      = "https://dev.ubiqsecurity.com/docs/ruby-library"
-  spec.license       = "Nonstandard"
+  spec.license       = "MIT"
   spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
   spec.metadata["homepage_uri"] = spec.homepage

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ubiq-security
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.0.6
 platform: ruby
 authors:
 - Ubiq Security, Inc.
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-08-20 00:00:00.000000000 Z
+date: 2020-10-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rb-readline
@@ -58,9 +58,10 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
-- LICENSE.txt
+- LICENSE
 - README.md
 - Rakefile
 - lib/ubiq-security.rb
@@ -74,7 +75,7 @@ files:
 - ubiq-security.gemspec
 homepage: https://dev.ubiqsecurity.com/docs/ruby-library
 licenses:
-- Nonstandard
+- MIT
 metadata:
   homepage_uri: https://dev.ubiqsecurity.com/docs/ruby-library
   source_code_uri: https://gitlab.com/ubiqsecurity/ubiq-ruby

data/LICENSE.txt DELETED

@@ -1,17 +0,0 @@
- Copyright 2020 Ubiq Security, Inc., Proprietary and All Rights Reserved.
- NOTICE:  All information contained herein is, and remains the property
- of Ubiq Security, Inc. The intellectual and technical concepts contained
- herein are proprietary to Ubiq Security, Inc. and its suppliers and may be
- covered by U.S. and Foreign Patents, patents in process, and are
- protected by trade secret or copyright law. Dissemination of this
- information or reproduction of this material is strictly forbidden
- unless prior written permission is obtained from Ubiq Security, Inc.
- Your use of the software is expressly conditioned upon the terms
- and conditions available at:
-     https://ubiqsecurity.com/legal