attr_vault 0.0.8 → 0.0.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2d0a3de0fff55f7058208b4de5b820ff84a9f760
-  data.tar.gz: 48ddc0fa6e250d5c703969fc13a4418755d3bb41
+  metadata.gz: 79953f549103ea6e7aacb9e6a16202602b97cd63
+  data.tar.gz: f1ae2035a82fe167289b43756c43d9aa8bce0ce5
 SHA512:
-  metadata.gz: 90fbb003a54f495d1cbf0f982eac46d02fcf12965e9e7b97bda7b47e54d8bc42c840226778b55630b277cf2795e027b56cf81b5f6b7e7f45a5b8212cc6e391b5
-  data.tar.gz: bd252c8c14115555bf3383c53de388bb7ccd74fa173522641d3acc00c71740a112284aac0397fb755fd6cc2a8546cfbc5a40fea71f0d4145c1cd3c7312926f08
+  metadata.gz: bbfcd6f8aa8df8c3f082f2a6777c593fda49693978626e033c3848c4bdd996e41e5835d44c73b8116a7ecb8e208b4a106e117e517b0d19b9e0a2fe545766c791
+  data.tar.gz: 7d8b9d5126597a491ab1a5f40299c2b8f4356026b4b27b150675bc0c7183bb4e39648c96b75a80d5c13971d2728ae5d9ae36a0cd1518e24c9f5a6c36f7b99d3d

data/lib/attr_vault/cryptor.rb

@@ -2,18 +2,27 @@ require 'base64'
 
 module AttrVault
   module Cryptor
+
+    PARANOID = true
+
     def self.encrypt(value, key)
       return value if value.nil? || value.empty?
 
       secret = AttrVault::Secret.new(key)
+      encrypted_message, iv = Encryption.encrypt(key: secret.encryption_key,
+                                                 message: value)
+      encrypted_payload = iv + encrypted_message
+      mac = Encryption.hmac_digest(secret.signing_key, encrypted_payload)
 
-      encrypted_message, iv = Encryption.encrypt(
-        key:     secret.encryption_key,
-        message: value
-      )
+      if PARANOID
+        mac_again = Encryption.hmac_digest(secret.signing_key, encrypted_payload)
+        unless verify_signature(mac, mac_again)
+          raise InvalidCiphertext, "Could not reliably calculate HMAC; " +
+            "got #{Base64.encode64(mac)} and #{Base64.encode64(mac_again)} " +
+            "for the same values"
+        end
+      end
 
-      encrypted_payload = iv + encrypted_message
-      mac = OpenSSL::HMAC.digest('sha256', secret.signing_key, encrypted_payload)
       Sequel.blob(mac + encrypted_payload)
     end
 
@@ -21,10 +30,9 @@ module AttrVault
       return encrypted if encrypted.nil? || encrypted.empty?
 
       secret = AttrVault::Secret.new(key)
-
       hmac, encrypted_payload = encrypted[0...32], encrypted[32..-1]
-
       expected_hmac = Encryption.hmac_digest(secret.signing_key, encrypted_payload)
+
       unless verify_signature(expected_hmac, hmac)
         raise InvalidCiphertext,
           "Expected hmac #{Base64.encode64(expected_hmac)} for this value; " +
@@ -32,7 +40,6 @@ module AttrVault
       end
 
       iv, encrypted_message = encrypted_payload[0...16], encrypted_payload[16..-1]
-
       block_size = Encryption::AES_BLOCK_SIZE
       unless (encrypted_message.size % block_size).zero?
         raise InvalidCiphertext,

data/lib/attr_vault/version.rb

@@ -1,3 +1,3 @@
 module AttrVault
-  VERSION = "0.0.8"
+  VERSION = "0.0.9"
 end

data/spec/attr_vault_spec.rb

@@ -56,6 +56,15 @@ describe AttrVault do
         expect(s.secret_encrypted).to be_nil
       end
 
+      it "sets fields to empty that were previously not empty" do
+        s = item.create(secret: 'joyce hatto')
+        s.reload
+        s.update(secret: '')
+        s.reload
+        expect(s.secret).to eq ''
+        expect(s.secret_encrypted).not_to be_nil
+      end
+
       it "stores the key id" do
         secret = 'it was professor plum with the wrench in the library'
         s = item.create(secret: secret)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: attr_vault
 version: !ruby/object:Gem::Version
-  version: 0.0.8
+  version: 0.0.9
 platform: ruby
 authors:
 - Maciek Sakrejda
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-11-09 00:00:00.000000000 Z
+date: 2014-12-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec