ubiq-security 1.0.4 → 1.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 35f6376d379fdebaeda8a17d77949217fe2990b01fc31a2cff938abd7297d404
-  data.tar.gz: 5a1847bccf50187573ba326848ef713e651ca8b2fa8da2b3430370a2d75e32e0
+  metadata.gz: 729b8860bf9bec12fd7185973e265accb516232460ee85dcf862a556d7008c53
+  data.tar.gz: 1b93971fda83f73f28e74adda5ae631c86f7fc826ae31f786f5e716f726351aa
 SHA512:
-  metadata.gz: 8676c73c34928dba6bab74ea0f4d58441a43dc1212f2393e19f8ea7a8643eb1ad6067f0caef9f50df0fc676f57dbe5b462f9bece298f109023776757265d9a61
-  data.tar.gz: b0b7f399ba98b63f814d5e8efb15361111026146d3e5e521d2d2db663c0f8acecdce082701599c30675c137a9d58570bbd87a7b45d2100a224d238d7319533e1
+  metadata.gz: fd5b18aaf1ede170f03511a2352bf324a9cbe137507eca720c2fe0b00c8e25124a7dc963ba583621d16911a15bc42b988d2f650cf6edcbb252dc34aeb2b7a614
+  data.tar.gz: 3a083c6fe5d1e1f29102adf845a0356ef0f4951f592a49d627bf381c360789fd7d43c9f5dd819cd0e63ec21a271e8586e8100c9e1bb556772bb8780c59d310ad

data/CHANGELOG.md

@@ -0,0 +1,9 @@
+# Changelog
+
+## 1.0.5 - 2020-09-23
+* Remove dead code
+* Pass client library name and version to server
+* Added AAD information to ciphers for encrypt and decrypy
+
+## 1.0.1 - 2020-08-20
+* Initial Version

data/README.md

@@ -130,7 +130,7 @@ BLOCK_SIZE = 1024 * 1024
    # Loop until the end of the input file is reached
     until infile.eof?
       chunk = infile.read BLOCK_SIZE
-      encrypted_data += encryption.update(chunk))
+      encrypted_data += encryption.update(chunk)
     end
     # Make sure any additional encrypted data is retrieved from encryption instance
     encrypted_data += encryption.end()
@@ -161,7 +161,7 @@ BLOCK_SIZE = 1024 * 1024
     decryption = Decryption(credentials)
 
     # Start the decryption and get any header information
-    plaintext_data = decryption.begin())
+    plaintext_data = decryption.begin()
 
     # Loop until the end of the input file is reached
     until infile.eof?
@@ -182,7 +182,7 @@ BLOCK_SIZE = 1024 * 1024
 [bundler]: https://bundler.io
 [rubygems]: https://rubygems.org
 [gem]: https://rubygems.org/gems/uniq-security
-[dashboard]:https://dev.ubiqsecurity.com/docs/dashboard
+[dashboard]:https://dashboard.ubiqsecurity.com/
 [credentials]:https://dev.ubiqsecurity.com/docs/how-to-create-api-keys
 [apidocs]:https://dev.ubiqsecurity.com/docs/api
 

data/lib/ubiq/algo.rb

@@ -23,7 +23,11 @@ module Ubiq
   # Class to provide some basic information mapping between an
   # encryption algorithm name and the cooresponding
   # key size, initialization vector length, and tag
+
   class Algo
+
+    UBIQ_HEADER_V0_FLAG_AAD = 0b00000001
+
     def set_algo
       @algorithm = {
         'aes-256-gcm' => {

data/lib/ubiq/auth.rb

@@ -48,6 +48,7 @@ module Ubiq
 
       # Initialize the headers object to be returned via this method
       all_headers = {}
+      all_headers['user-agent'] = 'ubiq-ruby/' + Ubiq::VERSION
       # The content type of request
       all_headers['content-type'] = 'application/json'
       # The request target calculated above(reqt)

data/lib/ubiq/decrypt.rb

@@ -123,10 +123,10 @@ module Ubiq
         # and the key?
         if @data.length > struct_length
           # Unpack the values packed in encryption
-          version, flag_for_later, algorithm_id, iv_length, key_length = packed_struct.unpack('CCCCn')
+          version, flags, algorithm_id, iv_length, key_length = packed_struct.unpack('CCCCn')
 
-          # verify flag and version are 0
-          raise 'invalid encryption header' if (version != 0) || (flag_for_later != 0)
+          # verify flag are correct and version is 0
+          raise 'invalid encryption header' if (version != 0 ) || ((flags & ~Algo::UBIQ_HEADER_V0_FLAG_AAD) != 0)
 
           # Does the buffer contain the entire header?
           if @data.length > struct_length + iv_length + key_length
@@ -195,6 +195,15 @@ module Ubiq
             if @key.present?
               @algo = Algo.new.get_algo(@key['algorithm'])
               @key['dec'] = Algo.new.decryptor(@algo, @key['raw'], iv)
+              # Documentation indicates the auth_data has to be set AFTER auth_tag
+              # but we get an OpenSSL error when it is set AFTER an update call.
+              # Checking OpenSSL documentation, there is not a requirement to set
+              # auth_data before auth_tag so Ruby documentation seems to be
+              # wrong.  This approach works and is compatible with the encrypted
+              # data produced by the other languages' client library
+              if (flags & Algo::UBIQ_HEADER_V0_FLAG_AAD) != 0
+                 @key['dec'].auth_data = packed_struct + iv + encrypted_key
+              end
               @key['uses'] += 1
             end
           end

data/lib/ubiq/encrypt.rb

@@ -128,7 +128,9 @@ module Ubiq
       @enc, @iv = Algo.new.encryptor(@algo, @key['raw'])
 
       # Pack the result into bytes to get a byte string
-      struct = [0, 0, @algo[:id], @iv.length, @key['encrypted'].length].pack('CCCCn')
+      struct = [0, Algo::UBIQ_HEADER_V0_FLAG_AAD, @algo[:id], @iv.length, @key['encrypted'].length].pack('CCCCn')
+        
+      @enc.auth_data = struct + @iv + @key['encrypted']
       @encryption_started = true
       return struct + @iv + @key['encrypted']
     end

data/lib/ubiq/version.rb

@@ -17,5 +17,5 @@
 # frozen_string_literal: true
 
 module Ubiq
-  VERSION = '1.0.4'
+  VERSION = '1.0.5'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ubiq-security
 version: !ruby/object:Gem::Version
-  version: 1.0.4
+  version: 1.0.5
 platform: ruby
 authors:
 - Ubiq Security, Inc.
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-08-26 00:00:00.000000000 Z
+date: 2020-09-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rb-readline
@@ -58,6 +58,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
 - LICENSE.txt