ubiq-security 1.0.4 → 1.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/README.md +3 -3
- data/lib/ubiq/algo.rb +4 -0
- data/lib/ubiq/auth.rb +1 -0
- data/lib/ubiq/decrypt.rb +12 -3
- data/lib/ubiq/encrypt.rb +3 -1
- data/lib/ubiq/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 729b8860bf9bec12fd7185973e265accb516232460ee85dcf862a556d7008c53
|
4
|
+
data.tar.gz: 1b93971fda83f73f28e74adda5ae631c86f7fc826ae31f786f5e716f726351aa
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fd5b18aaf1ede170f03511a2352bf324a9cbe137507eca720c2fe0b00c8e25124a7dc963ba583621d16911a15bc42b988d2f650cf6edcbb252dc34aeb2b7a614
|
7
|
+
data.tar.gz: 3a083c6fe5d1e1f29102adf845a0356ef0f4951f592a49d627bf381c360789fd7d43c9f5dd819cd0e63ec21a271e8586e8100c9e1bb556772bb8780c59d310ad
|
data/CHANGELOG.md
ADDED
data/README.md
CHANGED
@@ -130,7 +130,7 @@ BLOCK_SIZE = 1024 * 1024
|
|
130
130
|
# Loop until the end of the input file is reached
|
131
131
|
until infile.eof?
|
132
132
|
chunk = infile.read BLOCK_SIZE
|
133
|
-
encrypted_data += encryption.update(chunk)
|
133
|
+
encrypted_data += encryption.update(chunk)
|
134
134
|
end
|
135
135
|
# Make sure any additional encrypted data is retrieved from encryption instance
|
136
136
|
encrypted_data += encryption.end()
|
@@ -161,7 +161,7 @@ BLOCK_SIZE = 1024 * 1024
|
|
161
161
|
decryption = Decryption(credentials)
|
162
162
|
|
163
163
|
# Start the decryption and get any header information
|
164
|
-
plaintext_data = decryption.begin()
|
164
|
+
plaintext_data = decryption.begin()
|
165
165
|
|
166
166
|
# Loop until the end of the input file is reached
|
167
167
|
until infile.eof?
|
@@ -182,7 +182,7 @@ BLOCK_SIZE = 1024 * 1024
|
|
182
182
|
[bundler]: https://bundler.io
|
183
183
|
[rubygems]: https://rubygems.org
|
184
184
|
[gem]: https://rubygems.org/gems/uniq-security
|
185
|
-
[dashboard]:https://
|
185
|
+
[dashboard]:https://dashboard.ubiqsecurity.com/
|
186
186
|
[credentials]:https://dev.ubiqsecurity.com/docs/how-to-create-api-keys
|
187
187
|
[apidocs]:https://dev.ubiqsecurity.com/docs/api
|
188
188
|
|
data/lib/ubiq/algo.rb
CHANGED
@@ -23,7 +23,11 @@ module Ubiq
|
|
23
23
|
# Class to provide some basic information mapping between an
|
24
24
|
# encryption algorithm name and the cooresponding
|
25
25
|
# key size, initialization vector length, and tag
|
26
|
+
|
26
27
|
class Algo
|
28
|
+
|
29
|
+
UBIQ_HEADER_V0_FLAG_AAD = 0b00000001
|
30
|
+
|
27
31
|
def set_algo
|
28
32
|
@algorithm = {
|
29
33
|
'aes-256-gcm' => {
|
data/lib/ubiq/auth.rb
CHANGED
@@ -48,6 +48,7 @@ module Ubiq
|
|
48
48
|
|
49
49
|
# Initialize the headers object to be returned via this method
|
50
50
|
all_headers = {}
|
51
|
+
all_headers['user-agent'] = 'ubiq-ruby/' + Ubiq::VERSION
|
51
52
|
# The content type of request
|
52
53
|
all_headers['content-type'] = 'application/json'
|
53
54
|
# The request target calculated above(reqt)
|
data/lib/ubiq/decrypt.rb
CHANGED
@@ -123,10 +123,10 @@ module Ubiq
|
|
123
123
|
# and the key?
|
124
124
|
if @data.length > struct_length
|
125
125
|
# Unpack the values packed in encryption
|
126
|
-
version,
|
126
|
+
version, flags, algorithm_id, iv_length, key_length = packed_struct.unpack('CCCCn')
|
127
127
|
|
128
|
-
# verify flag and version
|
129
|
-
raise 'invalid encryption header' if (version != 0) || (
|
128
|
+
# verify flag are correct and version is 0
|
129
|
+
raise 'invalid encryption header' if (version != 0 ) || ((flags & ~Algo::UBIQ_HEADER_V0_FLAG_AAD) != 0)
|
130
130
|
|
131
131
|
# Does the buffer contain the entire header?
|
132
132
|
if @data.length > struct_length + iv_length + key_length
|
@@ -195,6 +195,15 @@ module Ubiq
|
|
195
195
|
if @key.present?
|
196
196
|
@algo = Algo.new.get_algo(@key['algorithm'])
|
197
197
|
@key['dec'] = Algo.new.decryptor(@algo, @key['raw'], iv)
|
198
|
+
# Documentation indicates the auth_data has to be set AFTER auth_tag
|
199
|
+
# but we get an OpenSSL error when it is set AFTER an update call.
|
200
|
+
# Checking OpenSSL documentation, there is not a requirement to set
|
201
|
+
# auth_data before auth_tag so Ruby documentation seems to be
|
202
|
+
# wrong. This approach works and is compatible with the encrypted
|
203
|
+
# data produced by the other languages' client library
|
204
|
+
if (flags & Algo::UBIQ_HEADER_V0_FLAG_AAD) != 0
|
205
|
+
@key['dec'].auth_data = packed_struct + iv + encrypted_key
|
206
|
+
end
|
198
207
|
@key['uses'] += 1
|
199
208
|
end
|
200
209
|
end
|
data/lib/ubiq/encrypt.rb
CHANGED
@@ -128,7 +128,9 @@ module Ubiq
|
|
128
128
|
@enc, @iv = Algo.new.encryptor(@algo, @key['raw'])
|
129
129
|
|
130
130
|
# Pack the result into bytes to get a byte string
|
131
|
-
struct = [0,
|
131
|
+
struct = [0, Algo::UBIQ_HEADER_V0_FLAG_AAD, @algo[:id], @iv.length, @key['encrypted'].length].pack('CCCCn')
|
132
|
+
|
133
|
+
@enc.auth_data = struct + @iv + @key['encrypted']
|
132
134
|
@encryption_started = true
|
133
135
|
return struct + @iv + @key['encrypted']
|
134
136
|
end
|
data/lib/ubiq/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ubiq-security
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ubiq Security, Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-09-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rb-readline
|
@@ -58,6 +58,7 @@ executables: []
|
|
58
58
|
extensions: []
|
59
59
|
extra_rdoc_files: []
|
60
60
|
files:
|
61
|
+
- CHANGELOG.md
|
61
62
|
- CODE_OF_CONDUCT.md
|
62
63
|
- Gemfile
|
63
64
|
- LICENSE.txt
|