diff --git a/CHANGELOG.md b/CHANGELOG.md index 306b6db..1697440 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ ## [Unreleased] +## [0.8.2] - 2026-03-09 + +- Upgrade to use asherah-cobhan v0.5.3 +- Add null_data_check configuration option + ## [0.8.1] - 2026-03-05 - Upgrade to use asherah-cobhan v0.5.1 diff --git a/ext/asherah/checksums.yml b/ext/asherah/checksums.yml index 339b3aa..6047bca 100644 --- a/ext/asherah/checksums.yml +++ b/ext/asherah/checksums.yml @@ -1,5 +1,5 @@ -version: v0.5.1 -libasherah-arm64.so: eb1cf59da6e7006ba8044fa9b4ec471f32576f7edb1169e30f059c5f8815c044 -libasherah-x64.so: 16237a58335e86c510a20a0a6e9afa6502026e9f5fd374012db8ee9130f41eed -libasherah-arm64.dylib: 03260e6552b7eb17b7cbe0cb6c16486bc4d17a110c1dc8ab9293cc4b678a8b80 -libasherah-x64.dylib: df7d71223bdfc23afc29a5bf72e0294b12d632b63f135e7ac4194ec8d69c3766 +version: v0.5.3 +libasherah-arm64.so: 9315240c2eb0aafb342ddbd399ada545faf51cbc651c8f69c3d2dd64eb31c63c +libasherah-x64.so: a873fafb85b0ee310c78d1cbf8cd5db1684bea7d4db9c6b53dcd8e68e546fcf2 +libasherah-arm64.dylib: 76b4652b02e745992ff1c064722628432fa5e04f49ef2cfed2299215ea71290a +libasherah-x64.dylib: 0e78b9318a35bbb4bbe12aeed09ee2b850de43ba3660460c5d3b220b010c04f0 diff --git a/lib/asherah/config.rb b/lib/asherah/config.rb index 54168bb..842c97a 100644 --- a/lib/asherah/config.rb +++ b/lib/asherah/config.rb @@ -22,6 +22,7 @@ module Asherah # @attr [Integer] check_interval, The amount of time in seconds before cached keys are considered stale # @attr [Boolean] enable_session_caching, Enable shared session caching # @attr [Boolean] disable_zero_copy, Disable zero-copy FFI input buffers to prevent use-after-free from caller runtime + # @attr [Boolean] null_data_check, Log an error if input data is all null before or after encryption # @attr [Boolean] verbose, Enable verbose logging output class Config MAPPING = { @@ -42,6 +43,7 @@ class Config session_cache_duration: :SessionCacheDuration, enable_session_caching: :EnableSessionCaching, disable_zero_copy: :DisableZeroCopy, + null_data_check: :NullDataCheck, expire_after: :ExpireAfter, check_interval: :CheckInterval, verbose: :Verbose diff --git a/lib/asherah/version.rb b/lib/asherah/version.rb index 31d3464..b689cc5 100644 --- a/lib/asherah/version.rb +++ b/lib/asherah/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Asherah - VERSION = '0.8.1' + VERSION = '0.8.2' end diff --git a/spec/asherah_spec.rb b/spec/asherah_spec.rb index 6acdfec..2a175a8 100644 --- a/spec/asherah_spec.rb +++ b/spec/asherah_spec.rb @@ -11,6 +11,25 @@ end } + def capture_stderr + require 'tempfile' + tmpfile = Tempfile.new('stderr') + original_stderr = $stderr.dup + $stderr.reopen(tmpfile) + + yield + + $stderr.reopen(original_stderr) + tmpfile.rewind + tmpfile.read + ensure + unless original_stderr.closed? + $stderr.reopen(original_stderr) + original_stderr.close + end + tmpfile.close! unless tmpfile.closed? + end + before :each do Asherah.configure do |config| base_config.call(config) @@ -72,4 +91,24 @@ # ENV set by CGO is visible in Ruby expect(ENV.fetch('VAR1')).to eq('VALUE1') end + + it 'encrypts null bytes with null_data_check enabled' do + Asherah.shutdown + Asherah.configure do |config| + base_config.call(config) + config.null_data_check = true + end + + null_data = "\x00" * 100 + json = nil + stderr_output = capture_stderr { json = Asherah.encrypt(partition_id, null_data) } + + expect(json).to include('Data') + expect(json).to include('Key') + expect(stderr_output).to include( + 'asherah-cobhan: EncryptToJson: input data buffer is all null before encryption (len=100)' + ) + decrypted = Asherah.decrypt(partition_id, json) + expect(decrypted).to eq(null_data) + end end diff --git a/spec/config_spec.rb b/spec/config_spec.rb index 6434256..12524c1 100644 --- a/spec/config_spec.rb +++ b/spec/config_spec.rb @@ -206,6 +206,7 @@ config.session_cache_duration = 3600 config.enable_session_caching = true config.disable_zero_copy = true + config.null_data_check = true config.expire_after = 7200 config.check_interval = 1800 config.verbose = true @@ -230,6 +231,7 @@ 'SessionCacheDuration' => 3600, 'EnableSessionCaching' => true, 'DisableZeroCopy' => true, + 'NullDataCheck' => true, 'ExpireAfter' => 7200, 'CheckInterval' => 1800, 'Verbose' => true