easy-crypto 0.1.5 → 0.1.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5efd19b2abcdb117cb3d09a29a78b67d250d05510040d24f60e316c9141dad95
-  data.tar.gz: 9f32de6d1fa839450fc2d20e662303344d03a91bf5d7a851d2cdc35bc6eb19c2
+  metadata.gz: 31671eab7f89fa8fc412441808f40e9d9e4ccbe1a969070b5249d56a5cef5bcc
+  data.tar.gz: 36d78c9ef113c69143b7588a3bf9a9884e0c9b2c0179efd6936622b9b41da401
 SHA512:
-  metadata.gz: 32984a7de2a56bd8e01bd269543e769c4ada0c32e11afd002bef92f1f4dd219b6fe783e85b6053079b32ca82bae7bca295d366acb30faac5b13eb738bd648c65
-  data.tar.gz: 87f80569ad96f5cc6efbec5719861a48ef83313e18ea08fff67095ebbd4accbfd8088b100bc18d5969a5e1d9120960d850bcaab761c753654fa77ae87947ee0a
+  metadata.gz: c5ce234ec34ea19d1701f6c2810539013bb64c7af5ea9b19692995012f1db6398b199bbd9b7c830eb9de80513f58c724a4b4a336cfa552742251b0f4c1bc0e26
+  data.tar.gz: 48282d3f7edef07f465e33e5adad4cfe8e597cfd8c4e5c497032eecc23fb23a82dc744efafc4745eab566e8470519b454e70fe9e2487d9994d1d5ead89b04d98

data/.gitignore

@@ -0,0 +1,3 @@
+*.gem
+.bundle/
+vendor/

data/.travis.yml

@@ -0,0 +1,13 @@
+sudo: false
+language: ruby
+rvm:
+- 2.4.1
+before_install: gem install bundler -v 1.16.1
+deploy:
+  provider: rubygems
+  api_key: ${RUBYGEMS_API_KEY}
+  gem: easy-crypto
+  gemspec: easy-crypto.gemspec
+  skip_cleanup: true
+  on:
+    tags: true

data/Gemfile

@@ -0,0 +1,2 @@
+source "https://rubygems.org"
+gemspec

data/Gemfile.lock

@@ -0,0 +1,39 @@
+PATH
+  remote: .
+  specs:
+    easy-crypto (0.1.7)
+      openssl (~> 2.1.1, >= 2.1.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    diff-lcs (1.3)
+    ipaddr (1.2.2)
+    openssl (2.1.2)
+      ipaddr
+    rake (12.3.2)
+    rspec (3.8.0)
+      rspec-core (~> 3.8.0)
+      rspec-expectations (~> 3.8.0)
+      rspec-mocks (~> 3.8.0)
+    rspec-core (3.8.0)
+      rspec-support (~> 3.8.0)
+    rspec-expectations (3.8.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-mocks (3.8.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-support (3.8.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.16)
+  easy-crypto!
+  rake (~> 12.3)
+  rspec (~> 3.0)
+
+BUNDLED WITH
+   1.17.3

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2018 Emarsys Technologies
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,63 @@
+# EasyCrypto [![Build Status](https://travis-ci.org/emartech/ruby-easy-crypto.svg?branch=master)](https://travis-ci.org/emartech/ruby-easy-crypto) [![Gem Version](https://badge.fury.io/rb/easy-crypto.svg)](https://badge.fury.io/rb/easy-crypto)
+
+Provides simple wrappers around the openssl crypto implementation. The library provides two interfaces: simple and advanced. Simple mode is designed for ease-of-use and advanced mode provides some performance benefits in certain use-cases. See below for more details.
+
+All the underlying crypto operations are the same.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'easy-crypto'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install easy-crypto
+
+## Simple usage (Recommended)
+
+```ruby
+require 'easycrypto'
+
+password = 'secret password'
+plaintext = 'some data'
+
+ecrypto = EasyCrypto::Crypto.new
+
+encrypted = ecrypto.encrypt(password, plaintext)
+decrypted = ecrypto.encrypt(password, encrypted)
+
+decrypted == plaintext
+```
+
+## Advanced usage (Use for performance)
+
+[Key derivation](https://en.wikipedia.org/wiki/Key_derivation_function) is a resource heavy process. The simple interface abstracts this away and forces you to recompute the key before each encryption/decryption process.
+
+This interface allows you to cache the result of the key derivation. This is required if you need to encrypt/decrypt multiple times with the same derived key. Caching the key saves you the time to have to recompute it before every encryption/decryption.
+
+```ruby
+require 'easycrypto'
+
+password = 'secret password'
+plaintext = 'data to encrypt ...'
+
+ecrypto = EasyCrypto::Crypto.new
+
+key = EasyCrypto::Key.generate(key_password)
+
+encrypted = ecrypto.encrypt_with_key(key, plaintext)
+decrypted = ecrypto.decrypt_with_key(key, encrypted)
+
+decrypted == plaintext
+```
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/easy-crypto.gemspec

@@ -0,0 +1,23 @@
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'easycrypto/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'easy-crypto'
+  spec.version       = EasyCrypto::VERSION
+  spec.authors       = ['Emarsys Security']
+  spec.email         = ['security@emarsys.com']
+
+  spec.summary       = 'Provides simple wrappers around openssl crypto implementation.'
+  spec.homepage      = 'https://github.com/emartech/ruby-easy-crypto'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.require_paths = ['lib']
+
+  spec.add_development_dependency 'bundler', '~> 1.16'
+  spec.add_development_dependency 'rake', '~> 12.3'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+
+  spec.add_runtime_dependency 'openssl', '~> 2.1.1', '>= 2.1.1'
+end

data/lib/easycrypto/crypto.rb

@@ -0,0 +1,86 @@
+require 'base64'
+require 'openssl'
+require_relative 'key'
+
+module EasyCrypto
+  class Crypto
+    KEY_BITS = 256
+    AES_MODE = :GCM
+    IV_LEN = 12
+    AUTH_TAG_LEN = 16
+
+    def initialize(salt_length = DEFAULT_SALT_LENGTH)
+      @salt_length = salt_length
+    end
+
+    def encrypt(password, plaintext)
+      key = EasyCrypto::Key.generate(password, @salt_length)
+
+      encrypt_with_key(key, plaintext)
+    end
+
+    def encrypt_with_key(key, plaintext)
+      validate_key_type(key)
+      validate_plaintext(plaintext)
+
+      iv = OpenSSL::Random.random_bytes(Crypto::IV_LEN)
+      cipher = create_cipher(key, iv)
+
+      encrypted = cipher.update(plaintext) + cipher.final
+
+      Base64.strict_encode64(key.salt + iv + encrypted + cipher.auth_tag)
+    end
+
+    def decrypt(password, ciphertext)
+      salt = get_salt_from_ciphertext(ciphertext)
+      key = EasyCrypto::Key.generate_with_salt(password, salt)
+
+      decrypt_with_key(key, ciphertext)
+    end
+
+    def decrypt_with_key(key, ciphertext)
+      validate_key_type(key)
+
+      raw_ciphertext = Base64.strict_decode64(ciphertext)
+
+      iv = raw_ciphertext[key.salt.length, IV_LEN]
+      encrypted = raw_ciphertext[(key.salt.length + IV_LEN)..-(AUTH_TAG_LEN + 1)]
+      auth_tag = raw_ciphertext[-AUTH_TAG_LEN..-1]
+
+      decipher = create_decipher(key, iv, auth_tag)
+
+      decipher.update(encrypted) + decipher.final
+    end
+
+    private
+
+    def validate_key_type(key)
+      raise TypeError, 'key must have Key type' unless key.is_a?(EasyCrypto::Key)
+    end
+
+    def validate_plaintext(plaintext)
+      raise TypeError, 'Encryptable data must be a string' unless plaintext.is_a?(String)
+      raise ArgumentError, 'Encryptable data must not be empty' if plaintext.empty?
+    end
+
+    def create_cipher(key, iv)
+      cipher = OpenSSL::Cipher::AES.new(Crypto::KEY_BITS, Crypto::AES_MODE).encrypt
+      cipher.key = key.key
+      cipher.iv = iv
+      cipher
+    end
+
+    def create_decipher(key, iv, auth_tag)
+      decipher = OpenSSL::Cipher::AES.new(Crypto::KEY_BITS, Crypto::AES_MODE).decrypt
+      decipher.key = key.key
+      decipher.iv = iv
+      decipher.auth_tag = auth_tag
+      decipher
+    end
+
+    def get_salt_from_ciphertext(ciphertext)
+      raw_ciphertext = Base64.strict_decode64(ciphertext)
+      raw_ciphertext[0, @salt_length]
+    end
+  end
+end

data/lib/easycrypto/key.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require 'openssl'
+
+module EasyCrypto
+  class Key
+    ITERATION_COUNT = 10_000
+    KEY_LENGTH = 32
+    HASH_ALGO = 'sha256'
+
+    attr_reader :key, :salt
+
+    def initialize(key, salt)
+      @key = key
+      @salt = salt
+    end
+
+    def self.generate(password, salt_length = DEFAULT_SALT_LENGTH)
+      salt = OpenSSL::Random.random_bytes(salt_length)
+
+      generate_with_salt(password, salt)
+    end
+
+    def self.generate_with_salt(password, salt)
+      key = OpenSSL::KDF.pbkdf2_hmac(
+        password,
+        salt: salt,
+        iterations: Key::ITERATION_COUNT,
+        length: Key::KEY_LENGTH,
+        hash: Key::HASH_ALGO
+      )
+
+      new(key, salt)
+    end
+  end
+end

data/lib/easycrypto/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module EasyCrypto
+  VERSION = '0.1.7'
+end

data/lib/easycrypto.rb

@@ -0,0 +1,7 @@
+module EasyCrypto
+  DEFAULT_SALT_LENGTH = 12
+
+  require 'easycrypto/version'
+  require 'easycrypto/key'
+  require 'easycrypto/crypto'
+end

data/spec/easycrypto/crypto_spec.rb

@@ -0,0 +1,89 @@
+require 'easycrypto'
+
+RSpec.describe EasyCrypto::Crypto do
+  let(:salt) { 'aaaaaaaaaaaa' }
+  let(:iv) { 'bbbbbbbbbbbb' }
+  let(:password) { 'some password' }
+  let(:data) { 'some data' }
+  let(:key) { EasyCrypto::Key.generate_with_salt(password, salt) }
+
+  it 'has a version number' do
+    expect(EasyCrypto::VERSION).not_to be nil
+  end
+
+  it 'can encrypt and decrypt data' do
+    ciphertext = subject.encrypt(password, data)
+    plaintext = subject.decrypt(password, ciphertext)
+
+    expect(plaintext).to eq data
+  end
+
+  it 'can encrypt and decrypt data with given key' do
+    key = EasyCrypto::Key.generate(password)
+
+    ciphertext = subject.encrypt_with_key(key, data)
+    plaintext = subject.decrypt_with_key(key, ciphertext)
+
+    expect(plaintext).to eq data
+  end
+
+  describe '#encrypt' do
+    before do
+      allow(OpenSSL::Random).to receive(:random_bytes).and_return(iv)
+      allow(EasyCrypto::Key).to receive(:generate).and_return(key)
+    end
+
+    it 'can encrypt data' do
+      result = subject.encrypt(password, data)
+      raw_result = Base64.strict_decode64(result)
+
+      expect(raw_result[0,12]).to eq salt
+      expect(raw_result[12,12]).to eq iv
+    end
+  end
+
+  describe '#encrypt_with_key' do
+    before do
+      allow(OpenSSL::Random).to receive(:random_bytes).and_return(iv)
+    end
+
+    it 'returns encrypted text as a single line' do
+      ciphertext = subject.encrypt_with_key(key, data)
+
+      expect(ciphertext).not_to include("\n")
+    end
+
+    it 'raise error if the encryptable data is not a string' do
+      expect{
+        subject.encrypt_with_key(key, 1234)
+      }.to raise_error(TypeError, 'Encryptable data must be a string')
+    end
+
+    it 'raise error if the encryptable data is empty' do
+      expect{
+        subject.encrypt_with_key(key, '')
+      }.to raise_error(ArgumentError, 'Encryptable data must not be empty')
+    end
+
+    it 'can encrypt data with given key' do
+      expected_ciphertext = 'YWFhYWFhYWFhYWFhYmJiYmJiYmJiYmJifAUY9TEdvoOQ79sxKd3zv1dT67K1GM36mQ=='
+      expect(subject.encrypt_with_key(key, data)).to eq expected_ciphertext
+    end
+  end
+
+  describe '#decrypt' do
+    it 'can decrypt encrypted data' do
+      ciphertext = 'FPXj2e2DZrFYRVUhqoBWXhVVVGUO2ZJgayU2F1f6duLtBjYOINvAZPWIXjIVHHslgg=='
+
+      expect(subject.decrypt(password, ciphertext)).to eq data
+    end
+  end
+
+  describe '#decrypt_with_key' do
+    it 'can decrypt encrypted data' do
+      ciphertext = 'YWFhYWFhYWFhYWFhzs8I/ks+nAy2V+Q7xIrJAnOHefyfO4zYwwmz1F2y1mf1wfXDqA=='
+
+      expect(subject.decrypt_with_key(key, ciphertext)).to eq data
+    end
+  end
+end

data/spec/easycrypto/key_spec.rb

@@ -0,0 +1,34 @@
+require 'easycrypto'
+
+RSpec.describe EasyCrypto::Key do
+  describe '#generate' do
+    it 'returns key with a salt of the specified length' do
+      key = EasyCrypto::Key.generate('key password', 24)
+
+      expect(key.salt.length).to be 24
+    end
+
+    it 'returns key with a 12 byte length salt' do
+      key = EasyCrypto::Key.generate('key password')
+
+      expect(key.salt.length).to be 12
+    end
+  end
+
+  describe '#generate_with_salt' do
+    let(:salt) { 'aaaaaaaaaaaa' }
+
+    it 'generates key with the given salt' do
+      key = EasyCrypto::Key.generate_with_salt('key password', salt)
+
+      expect(key.salt).to eq salt
+    end
+
+    it 'generates the same key with the same password and salt' do
+      key_1 = EasyCrypto::Key.generate_with_salt('key password', salt)
+      key_2 = EasyCrypto::Key.generate_with_salt('key password', salt)
+
+      expect(key_1.key).to eq key_2.key
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,10 @@
+lib = File.expand_path('../../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+RSpec.configure do |config|
+  config.disable_monkey_patching!
+
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: easy-crypto
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.1.7
 platform: ruby
 authors:
 - Emarsys Security
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-01-07 00:00:00.000000000 Z
+date: 2019-01-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -78,7 +78,22 @@ email:
 executables: []
 extensions: []
 extra_rdoc_files: []
-files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- easy-crypto.gemspec
+- lib/easycrypto.rb
+- lib/easycrypto/crypto.rb
+- lib/easycrypto/key.rb
+- lib/easycrypto/version.rb
+- spec/easycrypto/crypto_spec.rb
+- spec/easycrypto/key_spec.rb
+- spec/spec_helper.rb
 homepage: https://github.com/emartech/ruby-easy-crypto
 licenses:
 - MIT
@@ -98,7 +113,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.1
+rubygems_version: 3.0.2
 signing_key: 
 specification_version: 4
 summary: Provides simple wrappers around openssl crypto implementation.