aead 1.3.0

data/spec/aead/nonce_spec.rb

@@ -0,0 +1,124 @@
+require 'spec_helper'
+
+require 'aead/nonce'
+require 'tempfile'
+require 'set'
+
+describe AEAD::Nonce do
+  subject { AEAD::Nonce.new }
+
+  before do
+    subject.class.send(:stub_for_testing!, self.state_file)
+  end
+
+  after do
+    subject.send(:state_file).unlink
+  end
+
+  let(:temp_file) do
+    Tempfile.new('ruby-aead')
+  end
+
+  let(:state_file) do
+    Pathname.new(self.temp_file.path)
+  end
+
+  it 'must create nonexistent state files with restrictive permissions' do
+    _, err = capture_io do
+      self.state_file.unlink
+
+      subject.shift
+
+      self.state_file          .must_be :exist?
+      self.state_file.stat.mode.must_equal 0100600
+      self.state_file.size     .must_equal 12
+    end
+
+    err.must_match %{WARNING}
+  end
+
+  it 'must generate 12-byte nonces' do
+    subject.shift.bytesize.must_equal 12
+  end
+
+  it 'must generate sequential nonces' do
+    subject.shift.must_be :<, subject.shift
+  end
+
+  it 'must never generate duplicate nonces across multiple instances' do
+    subject.shift # ensure state is initialized
+
+    copy  = subject.clone
+    count = subject.class::COUNTER_BATCH_SIZE * 10
+
+    t_1 = Thread.new { Set.new.tap {|s| count.times { s << subject.shift } } }
+    t_2 = Thread.new { Set.new.tap {|s| count.times { s << copy   .shift } } }
+
+    (t_1.value + t_2.value).length.must_equal(count * 2)
+  end
+
+  it 'must be thread-safe' do
+    count   = subject.class::COUNTER_BATCH_SIZE * 5
+    thread  = -> { Set.new.tap {|s| count.times { s << subject.shift } } }
+    threads = 5.times.map { Thread.new(&thread) }
+
+    threads.map(&:value).inject(&:+).length.must_equal(count * 5)
+  end
+
+  it 'must not allow the counter to roll over' do
+    self.state_file.open('w') do |io|
+      io.write [
+        '1' * 12,
+        '0' *  4,
+        '%08x' % (subject.class::COUNTER_MAXIMUM_VALUE.hex - 5),
+      ].pack(subject.class::PACK_FORMAT)
+    end
+
+    subject.shift(5)
+
+    -> { subject.shift }.must_raise ArgumentError
+  end
+
+  it 'must reserve chunks of nonces in the state file' do
+    subject.shift # prime the state_file
+
+    self.state_file.open('rb') do |io|
+      io.read.must_equal subject.shift(subject.class::COUNTER_BATCH_SIZE).last
+      io.rewind
+
+      subject.shift
+
+      io.read.must_equal subject.shift(subject.class::COUNTER_BATCH_SIZE).last
+    end
+  end
+
+  it 'must abort when the nonce state file can be determined to be corrupt' do
+    [1, 11, 13, 500].each do |count|
+      self.state_file.open('w') do |io|
+        io.write SecureRandom.random_bytes(count)
+      end
+
+      -> { subject.shift }.must_raise ArgumentError
+    end
+  end
+
+  it 'must abort when the nonce contains the MAC for a different machine' do
+    self.state_file.open('w') do |io|
+      io.write [
+        # FIXME: use ~MAC_MULTICAST_MASK, but figure out how to do so
+        # reliably given Ruby's inability to do binary math correctly :(
+        (SecureRandom.hex(6).hex & 0xfeffffffffff).to_s(16),
+        SecureRandom.hex(2),
+        SecureRandom.hex(4),
+      ].pack(subject.class::PACK_FORMAT)
+    end
+
+    -> { subject.shift }.must_raise ArgumentError
+  end
+
+  it 'must not abort when the nonce contains a pseudo MAC address' do
+    subject.stub(:mac_address, subject.send(:mac_address_pseudo)) do
+      subject.shift.must_be_kind_of String
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,26 @@
+require 'simplecov'
+
+unless defined?(RUBY_ENGINE) and RUBY_ENGINE == 'rbx'
+  SimpleCov.start do
+    command_name 'MiniTest'
+    add_filter   '/spec/'
+    add_filter   '/vendor/'
+  end
+
+  SimpleCov.at_exit do
+    SimpleCov.result.format!
+
+    path = Pathname.new('coverage/coverage.txt')
+    path.dirname.mkpath
+    path.open('w') do |io|
+      io << SimpleCov.result.source_files.covered_percent
+    end
+  end
+end
+
+require 'minitest/autorun'
+require 'minitest/pride'
+require 'minitest/spec'
+require 'minitest/benchmark'
+
+$LOAD_PATH << File.expand_path('../../lib',  __FILE__)

metadata

@@ -0,0 +1,287 @@
+--- !ruby/object:Gem::Specification
+name: aead
+version: !ruby/object:Gem::Version
+  version: 1.3.0
+  prerelease: 
+platform: ruby
+authors:
+- Stephen Touset
+autorequire: 
+bindir: script
+cert_chain: []
+date: 2012-09-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: macaddr
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: cane
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-minitest
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-yard
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: markdown
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: redcarpet
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: version
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Ruby library to generate AEADs
+email: stephen@touset.org
+executables: []
+extensions:
+- ext/openssl/cipher/aead/extconf.rb
+extra_rdoc_files: []
+files:
+- .gitignore
+- .travis.yml
+- .yardopts
+- Gemfile
+- Guardfile
+- LICENSE.md
+- README.md
+- Rakefile
+- VERSION
+- aead.gemspec
+- ext/openssl/cipher/aead/.gitignore
+- ext/openssl/cipher/aead/aead.c
+- ext/openssl/cipher/aead/extconf.rb
+- lib/aead.rb
+- lib/aead/cipher.rb
+- lib/aead/cipher/aes_256_cbc_hmac_sha_256.rb
+- lib/aead/cipher/aes_256_ctr_hmac_sha_256.rb
+- lib/aead/cipher/aes_256_gcm.rb
+- lib/aead/cipher/aes_hmac.rb
+- lib/aead/nonce.rb
+- lib/openssl/cipher/.gitignore
+- spec/aead/cipher/aes_256_cbc_hmac_sha_256_spec.rb
+- spec/aead/cipher/aes_256_ctr_hmac_sha_256_spec.rb
+- spec/aead/cipher/aes_256_gcm_spec.rb
+- spec/aead/cipher_spec.rb
+- spec/aead/nonce_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/onelogin/aead
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: Ruby library to generate AEADs
+test_files:
+- spec/aead/cipher/aes_256_cbc_hmac_sha_256_spec.rb
+- spec/aead/cipher/aes_256_ctr_hmac_sha_256_spec.rb
+- spec/aead/cipher/aes_256_gcm_spec.rb
+- spec/aead/cipher_spec.rb
+- spec/aead/nonce_spec.rb
+- spec/spec_helper.rb
+has_rdoc: