donjon 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/donjon/encrypted_file.rb +15 -6
- data/lib/donjon/version.rb +1 -1
- data/spec/donjon/encrypted_file_spec.rb +14 -7
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9d9c1aee2f9e8deb7f1916188d17e7c69dc7bdfb
|
|
4
|
+
data.tar.gz: e7cae5314480d167f12b68c01f67cd46c6ca5b9a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d726b19737a97fe66cb1413b3a3b74cface9462327e23230427c26cb5f04e8763d2a9fabd7d0220d27f5f16197c379da48c5468544b41f71d4b3abc5367625d2
|
|
7
|
+
data.tar.gz: 0ae68d0ea317b138591e997b660468c93d29b3488c3441a63f77ec7445c10f6a57363dafb3ecd7621fc03e087e9b5fc5ccbbfb1b389860923b637f5b95be381a
|
|
@@ -42,6 +42,14 @@ module Donjon
|
|
|
42
42
|
|
|
43
43
|
private
|
|
44
44
|
|
|
45
|
+
# encrypted file format:
|
|
46
|
+
# - 256 B encrypted AES key
|
|
47
|
+
# - variable payload
|
|
48
|
+
# payload format:
|
|
49
|
+
# - 32 B encoding
|
|
50
|
+
# - variable data
|
|
51
|
+
# - PADDING B padding
|
|
52
|
+
|
|
45
53
|
# random bytes added to the data to encrypt to obfuscate it
|
|
46
54
|
PADDING = 256
|
|
47
55
|
|
|
@@ -49,23 +57,24 @@ module Donjon
|
|
|
49
57
|
encrypted_key = data[0...256]
|
|
50
58
|
encrypted_data = data[256..-1]
|
|
51
59
|
|
|
52
|
-
# _log_key "before decrypt", encrypted_key
|
|
53
60
|
decrypted_pw = user.key.private_decrypt(encrypted_key)
|
|
54
|
-
# _log_key "decrypted", decrypted_pw
|
|
55
61
|
|
|
56
62
|
assert(decrypted_pw.size == 32)
|
|
57
63
|
payload = Gibberish::AES.new(decrypted_pw).decrypt(encrypted_data, binary: true)
|
|
58
|
-
payload[0
|
|
64
|
+
encoding = payload[0...32].strip
|
|
65
|
+
payload[32...-PADDING].force_encoding(encoding)
|
|
59
66
|
end
|
|
60
67
|
|
|
61
68
|
def _encrypt_for(user, data)
|
|
62
|
-
|
|
69
|
+
encoding = data.encoding
|
|
70
|
+
data = data.force_encoding(Encoding::BINARY)
|
|
71
|
+
|
|
72
|
+
encoding_field = ("%-32s" % encoding).force_encoding(Encoding::BINARY)
|
|
73
|
+
payload = encoding_field + data + OpenSSL::Random.random_bytes(PADDING)
|
|
63
74
|
password = OpenSSL::Random.random_bytes(32)
|
|
64
75
|
encrypted_data = Gibberish::AES.new(password).encrypt(payload, binary: true)
|
|
65
76
|
|
|
66
|
-
# _log_key "before crypto", password
|
|
67
77
|
encrypted_key = user.key.public_encrypt(password)
|
|
68
|
-
# _log_key "encrypted", encrypted_key
|
|
69
78
|
|
|
70
79
|
assert(encrypted_key.size == 256)
|
|
71
80
|
encrypted_key + encrypted_data
|
data/lib/donjon/version.rb
CHANGED
|
@@ -56,25 +56,32 @@ describe Donjon::EncryptedFile do
|
|
|
56
56
|
end
|
|
57
57
|
|
|
58
58
|
describe '#read' do
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
59
|
+
let(:cleartext) { 'hello, world!' }
|
|
60
|
+
before { actor.save ; other_user.save }
|
|
61
|
+
|
|
62
|
+
def write
|
|
63
63
|
described_class.
|
|
64
64
|
new(actor: actor, path: options[:path]).
|
|
65
|
-
write(
|
|
65
|
+
write(cleartext)
|
|
66
66
|
end
|
|
67
67
|
|
|
68
|
-
|
|
69
68
|
it 'returns decrypted contents' do
|
|
69
|
+
write
|
|
70
70
|
expect(subject.read).to eq('hello, world!')
|
|
71
71
|
end
|
|
72
72
|
|
|
73
|
+
it 'works with non-ASCII characters' do
|
|
74
|
+
cleartext.replace 'é~øØ'
|
|
75
|
+
write
|
|
76
|
+
expect(subject.read).to eq('é~øØ')
|
|
77
|
+
end
|
|
78
|
+
|
|
73
79
|
it 'works for other users' do
|
|
80
|
+
write
|
|
74
81
|
data = described_class.
|
|
75
82
|
new(actor: other_user, path: options[:path]).
|
|
76
83
|
read
|
|
77
|
-
expect(data).to eq(
|
|
84
|
+
expect(data).to eq(cleartext)
|
|
78
85
|
end
|
|
79
86
|
end
|
|
80
87
|
|