blind_index 0.3.0 → 0.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 651caa81ae68cdce70f5f0f83d3f2b1d0d2365c2c34765414d3ae0e523e5cdab
-  data.tar.gz: 4a7d274aec56ba615a9569ab19c222b24d4a052166e8acdc0bfd2a5c65b4855b
+  metadata.gz: fe8410b6e972d6fe7aa37648396462b1e2a70358813e97db153d62ed5ac3fbad
+  data.tar.gz: 37d9baa7fb293ee2aa6e0a9fb5d253f8d0c7a83807dade72a8ac532825dc0220
 SHA512:
-  metadata.gz: e169875cc33b23da106311fbbc41a2647bbd6b3abfd5e904f9ad7315ea71117d2dd69cc829ff16b222640397ba5576d12094fe2a62000e9c6962409dc6ccd478
-  data.tar.gz: a7ee41ba497568c4580d98508c204f956aff7ed1ee04bb4452b78fe2897e98015ec3e9718bc6ef174b432912bfb7cf55bd94db79c45e14041ad057f04a49055f
+  metadata.gz: c647598d872e02b829377d5436442f0d929575722ee3330396c773d4dea556aabf74083e4868923fb597478df5648487fbfa26361eb6a341b1709dea3bb2e137
+  data.tar.gz: 1a9c501115e25cecf73e59ccb7ee5b23c96ccb01c81e4a62e48c1858546cf67a9c83f4f482cbf212ca2f38de559bbb668c39bf90a131ede9732eb4e390f45d3b

data/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 0.3.2
+
+- Added support for dynamic finders
+- Added support for inherited models
+
+## 0.3.1
+
+- Added scrypt and Argon2 algorithms
+- Added `cost` option
+
 ## 0.3.0
 
 - Enforce secure key generation

data/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2017 Andrew Kane
+Copyright (c) 2017-2018 Andrew Kane
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -42,7 +42,7 @@ class User < ApplicationRecord
 end
 ```
 
-We use environment variables to store the keys ([dotenv](https://github.com/bkeepers/dotenv) is great for this). *Do not commit them to source control.* Generate one key for encryption and one key for hashing. You can generate keys in the Rails console with:
+We use environment variables to store the keys as hex-encoded strings ([dotenv](https://github.com/bkeepers/dotenv) is great for this). *Do not commit them to source control.* Generate one key for encryption and one key for hashing. You can generate keys in the Rails console with:
 
 ```ruby
 SecureRandom.hex(32)
@@ -143,11 +143,8 @@ end
 
 The default is `10000`. Changing this value requires you to recompute the blind index.
 
-
 ### scrypt
 
-:warning: *Not production ready yet*
-
 Add [scrypt](https://github.com/pbhogan/scrypt) to your Gemfile and use:
 
 ```ruby
@@ -156,9 +153,15 @@ class User < ApplicationRecord
 end
 ```
 
-### Argon2
+Set the cost parameters with:
 
-:warning: *Not production ready yet*
+```ruby
+class User < ApplicationRecord
+  blind_index :email, algorithm: :scrypt, cost: {n: 4096, r: 8, p: 1}, ...
+end
+```
+
+### Argon2
 
 Add [argon2](https://github.com/technion/ruby-argon2) to your Gemfile and use:
 
@@ -168,6 +171,14 @@ class User < ApplicationRecord
 end
 ```
 
+Set the cost parameters with:
+
+```ruby
+class User < ApplicationRecord
+  blind_index :email, algorithm: :argon2, cost: {t: 3, m: 12}, ...
+end
+```
+
 ## Reference
 
 By default, blind indexes are encoded in Base64. Set a different encoding with:
@@ -194,7 +205,15 @@ We recommend rotating your key if it doesn’t meet this criteria. You can gener
 SecureRandom.hex(32)
 ```
 
-Set the new key and recompute the blind index.
+Update your model to convert the hex key to binary.
+
+```ruby
+class User < ApplicationRecord
+  blind_index :email, key: [ENV["EMAIL_BLIND_INDEX_KEY"]].pack("H*")
+end
+```
+
+And recompute the blind index.
 
 ```ruby
 User.find_each do |user|

data/Rakefile

@@ -10,19 +10,47 @@ end
 
 task default: :test
 
-task :benchmark do
-  require "securerandom"
-  require "benchmark/ips"
-  require "blind_index"
-  require "scrypt"
-  require "argon2"
-
-  key = SecureRandom.random_bytes(32)
-  value = "secret"
-
-  Benchmark.ips do |x|
-    x.report("pbkdf2_hmac") { BlindIndex.generate_bidx(value, key: key, algorithm: :pbkdf2_hmac) }
-    x.report("scrypt") { BlindIndex.generate_bidx(value, key: key, algorithm: :scrypt) }
-    x.report("argon2") { BlindIndex.generate_bidx(value, key: key, algorithm: :argon2) }
+namespace :benchmark do
+  task :algorithms do
+    require "securerandom"
+    require "benchmark/ips"
+    require "blind_index"
+    require "scrypt"
+    require "argon2"
+
+    key = SecureRandom.random_bytes(32)
+    value = "secret"
+
+    Benchmark.ips do |x|
+      x.report("pbkdf2_hmac") { BlindIndex.generate_bidx(value, key: key, algorithm: :pbkdf2_hmac) }
+      x.report("scrypt") { BlindIndex.generate_bidx(value, key: key, algorithm: :scrypt) }
+      x.report("argon2") { BlindIndex.generate_bidx(value, key: key, algorithm: :argon2) }
+    end
+  end
+
+  task :queries do
+    require "benchmark/ips"
+    require "active_record"
+    require "blind_index"
+
+    ActiveRecord::Base.establish_connection adapter: "sqlite3", database: ":memory:"
+
+    ActiveRecord::Migration.create_table :users do
+    end
+
+    ActiveRecord::Migration.create_table :cities do
+    end
+
+    class User < ActiveRecord::Base
+      blind_index :email
+    end
+
+    class City < ActiveRecord::Base
+    end
+
+    Benchmark.ips do |x|
+      x.report("no index") { City.where(id: 1).first }
+      x.report("index") { User.where(id: 1).first }
+    end
   end
 end

data/lib/blind_index.rb

@@ -15,7 +15,8 @@ module BlindIndex
     iterations: 10000,
     algorithm: :pbkdf2_hmac,
     insecure_key: false,
-    encode: true
+    encode: true,
+    cost: {}
   }
 
   def self.generate_bidx(value, key:, **options)
@@ -39,16 +40,22 @@ module BlindIndex
 
       # gist to compare algorithm results
       # https://gist.github.com/ankane/fe3ac63fbf1c4550ee12554c664d2b8c
+      cost_options = options[:cost]
+
       value =
         case algorithm
         when :scrypt
-          # n, p (keep r at 8)
-          SCrypt::Engine.scrypt(value.to_s, key, 4096, 8, 1, 32)
+          n = cost_options[:n] || 4096
+          r = cost_options[:r] || 8
+          cp = cost_options[:p] || 1
+          SCrypt::Engine.scrypt(value.to_s, key, n, r, cp, 32)
         when :argon2
-          # t_cost, m_cost
-          [Argon2::Engine.hash_argon2i(value.to_s, key, 2, 12)].pack("H*")
+          t = cost_options[:t] || 3
+          m = cost_options[:m] || 12
+          [Argon2::Engine.hash_argon2i(value.to_s, key, t, m)].pack("H*")
         when :pbkdf2_hmac
-          OpenSSL::PKCS5.pbkdf2_hmac(value.to_s, key, options[:iterations], 32, "sha256")
+          iterations = cost_options[:iterations] || options[:iterations]
+          OpenSSL::PKCS5.pbkdf2_hmac(value.to_s, key, iterations, 32, "sha256")
         else
           raise BlindIndex::Error, "Unknown algorithm"
         end
@@ -77,6 +84,8 @@ ActiveSupport.on_load(:active_record) do
     ActiveRecord::PredicateBuilder.singleton_class.prepend(BlindIndex::Extensions::PredicateBuilder)
   end
 
+  ActiveRecord::DynamicMatchers::Method.prepend(BlindIndex::Extensions::DynamicMatchers)
+
   unless ActiveRecord::VERSION::STRING.start_with?("5.1.")
     ActiveRecord::Validations::UniquenessValidator.prepend(BlindIndex::Extensions::UniquenessValidator)
   end

data/lib/blind_index/extensions.rb

@@ -67,5 +67,15 @@ module BlindIndex
         end
       end
     end
+
+    module DynamicMatchers
+      def valid?
+        attribute_names.all? { |name| model.columns_hash[name] || model.reflect_on_aggregation(name.to_sym) || blind_index?(name.to_sym) }
+      end
+
+      def blind_index?(name)
+        model.respond_to?(:blind_indexes) && model.blind_indexes[name]
+      end
+    end
   end
 end

data/lib/blind_index/model.rb

@@ -1,6 +1,6 @@
 module BlindIndex
   module Model
-    def blind_index(name, key: nil, iterations: nil, attribute: nil, expression: nil, bidx_attribute: nil, callback: true, algorithm: nil, insecure_key: nil, encode: nil)
+    def blind_index(name, key: nil, iterations: nil, attribute: nil, expression: nil, bidx_attribute: nil, callback: true, algorithm: nil, insecure_key: nil, encode: nil, cost: nil)
       iterations ||= 10000
       attribute ||= name
       bidx_attribute ||= :"encrypted_#{name}_bidx"
@@ -10,15 +10,24 @@ module BlindIndex
       method_name = :"compute_#{name}_bidx"
 
       class_eval do
-        class << self
-          def blind_indexes
-            @blind_indexes ||= {}
-          end unless method_defined?(:blind_indexes)
+        @blind_indexes ||= {}
+
+        unless respond_to?(:blind_indexes)
+          def self.blind_indexes
+            parent_indexes =
+              if superclass.respond_to?(:blind_indexes)
+                superclass.blind_indexes
+              else
+                {}
+              end
+
+            parent_indexes.merge(@blind_indexes || {})
+          end
         end
 
         raise BlindIndex::Error, "Duplicate blind index: #{name}" if blind_indexes[name]
 
-        blind_indexes[name] = {
+        @blind_indexes[name] = {
           key: key,
           iterations: iterations,
           attribute: attribute,
@@ -26,9 +35,11 @@ module BlindIndex
           bidx_attribute: bidx_attribute,
           algorithm: algorithm,
           insecure_key: insecure_key,
-          encode: encode
+          encode: encode,
+          cost: cost
         }.reject { |_, v| v.nil? }
 
+        # should have been named generate_#{name}_bidx
         define_singleton_method method_name do |value|
           BlindIndex.generate_bidx(value, blind_indexes[name])
         end

data/lib/blind_index/version.rb

@@ -1,3 +1,3 @@
 module BlindIndex
-  VERSION = "0.3.0"
+  VERSION = "0.3.2"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: blind_index
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.2
 platform: ruby
 authors:
 - Andrew Kane
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-06-03 00:00:00.000000000 Z
+date: 2018-06-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport