encrypted-cookies 0.3 → 1.0

data/README.rdoc

@@ -1,5 +1,19 @@
 = Encrypted Cookies
 
+== Important Notice
+
+There will be breaking changes from v0.3 -> v1.0. Usage won't change, but any cookies written with v0.3 will not be able to be read by v1.0. This is a security update and it is strongly encouraged that you update your projects accordingly.
+
+=== What the issue was with 0.3
+
+ActiveSupport::MessageEncryptor offers two encryption functions, encrypt and encrypt_and_verify. While I intended to use encrypt_and_verify when I released the gem, I accidently left the call to encrypt in the code. Life isn't all bad, though. Your cookie written with v0.3 are still strongly encrypted, and only the holder of the secret (i.e., you) will be able to decrypt them. The problem arises from the fact that there is no verification on the encrypted payload. If someone tampers with the encrypted payload, you won't know it. Well, you will know it becuase the decrypted tampered payload will be gibberish, but that might be hard to recognize under some circumstances. Using encrypt_and_verify will sign the encrypted payload so that if it is tampered with you will know it right away.
+
+ActiveSupport is actually deprecating encrypt and decrypt in v3.2 becuase of this very issue.
+
+TL;DR; You data is secure with v0.3, but it is harder to tell if someone is trying to tamper with it.
+
+Please feel free to contact me with any questions or concerns.
+
 == Description
 
 Encrypted cookie jar for Rails 3.

data/encrypted-cookies.gemspec

@@ -8,7 +8,7 @@ Gem::Specification.new do |s|
   s.platform    = Gem::Platform::RUBY
   s.authors     = ["Les Fletcher"]
   s.email       = ["les.fletcher@gmail.com"]
-  s.homepage    = ""
+  s.homepage    = "http://github.com/hmcfletch/encrypted-cookies"
   s.summary     = %q{Encrypted cookies for Rails 3}
   s.description = %q{Add an encrypted cookie jar for Rails 3 that can be chained with permanent and signed cookies}
 

data/lib/encrypted-cookies/encrypted_cookie_jar.rb

@@ -1,3 +1,5 @@
+require 'securerandom'
+
 module EncryptedCookies
   class EncryptedCookieJar < ActionDispatch::Cookies::CookieJar #:nodoc:
     MAX_COOKIE_SIZE = 4096 # Cookies can typically store 4096 bytes.
@@ -11,7 +13,7 @@ module EncryptedCookies
 
     def [](name)
       if encrypted_message = @parent_jar[name]
-        @encrypter.decrypt(encrypted_message)
+        @encrypter.decrypt_and_verify(encrypted_message)
       end
     rescue ActiveSupport::MessageVerifier::InvalidSignature
       nil
@@ -22,9 +24,9 @@ module EncryptedCookies
     def []=(key, options)
       if options.is_a?(Hash)
         options.symbolize_keys!
-        options[:value] = @encrypter.encrypt(options[:value])
+        options[:value] = @encrypter.encrypt_and_sign(options[:value])
       else
-        options = { :value => @encrypter.encrypt(options) }
+        options = { :value => @encrypter.encrypt_and_sign(options) }
       end
 
       raise CookieOverflow if options[:value].size > MAX_COOKIE_SIZE
@@ -50,7 +52,7 @@ module EncryptedCookies
 
       if secret.length < SECRET_MIN_LENGTH
         raise ArgumentError, "Secret should be something secure, " +
-          "like \"#{ActiveSupport::SecureRandom.hex(16)}\".  The value you " +
+          "like \"#{SecureRandom.hex(16)}\".  The value you " +
           "provided, \"#{secret}\", is shorter than the minimum length " +
           "of #{SECRET_MIN_LENGTH} characters"
       end

data/lib/encrypted-cookies/version.rb

@@ -1,3 +1,3 @@
 module EncryptedCookies
-  VERSION = "0.3"
+  VERSION = "1.0"
 end

data/test/encryped_cookie_test.rb

@@ -10,7 +10,6 @@ module EncryptedCookies
     def set_encrypted_value(name, value)
       @parent_jar[name] = value
     end
-
   end
 end
 
@@ -23,9 +22,10 @@ class TestEncryptedCookies < Test::Unit::TestCase
   def setup
     @cookie_jar             = ActionDispatch::Cookies::CookieJar.new
     @encrypted_cookie_jar   = EncryptedCookies::EncryptedCookieJar.new(@cookie_jar, GOOD_SECRET_1)
-    @str                    = "test string"
+    @str                    = "nothing to see here"
   end
 
+  # make sure we detect valid secrets
   def test_secret
     assert_raise (ArgumentError) { EncryptedCookies::EncryptedCookieJar.new(@cookie_jar, nil) }
     assert_raise (ArgumentError) { EncryptedCookies::EncryptedCookieJar.new(@cookie_jar, "") }
@@ -33,20 +33,27 @@ class TestEncryptedCookies < Test::Unit::TestCase
     assert_nothing_raised { EncryptedCookies::EncryptedCookieJar.new(@cookie_jar, GOOD_SECRET_1) }
   end
 
+  # quick test to see if the same thing comes out that goes in
   def test_basic_encryption_decryption
     @encrypted_cookie_jar[:test] = @str
-
-    assert @encrypted_cookie_jar.encrypted_value(:test) != @str
-    assert @encrypted_cookie_jar[:test] == @str
+    assert_equal @str, @encrypted_cookie_jar[:test]
   end
 
+  # monkey with the signature
   def test_tampered_signature
     @encrypted_cookie_jar[:test] = @str
     enc_value = @encrypted_cookie_jar.encrypted_value(:test)
+    enc_value = "#{enc_value}alittleextraattheend"
+    @encrypted_cookie_jar.set_encrypted_value(:test, enc_value)
+    assert @encrypted_cookie_jar[:test].nil?
+  end
 
-    data, digest = enc_value.split("--")
-    @encrypted_cookie_jar.set_encrypted_value(:test, "#{data}--sdgsad")
-
+  # monkey with the payload
+  def test_tampered_payload
+    @encrypted_cookie_jar[:test] = @str
+    enc_value = @encrypted_cookie_jar.encrypted_value(:test)
+    enc_value = "alittleextraatthefront#{enc_value}"
+    @encrypted_cookie_jar.set_encrypted_value(:test, enc_value)
     assert @encrypted_cookie_jar[:test].nil?
   end
 
@@ -69,7 +76,39 @@ class TestEncryptedCookies < Test::Unit::TestCase
     encrypted_cookie_jar_2 = EncryptedCookies::EncryptedCookieJar.new(@cookie_jar, GOOD_SECRET_1)
     encrypted_cookie_jar_2.set_encrypted_value(:test, enc_value)
 
-    assert encrypted_cookie_jar_2[:test] == @str
+    assert_equal @str, encrypted_cookie_jar_2[:test]
+  end
+
+  # some pieces of this test require checks against the version of ActiveSupport
+  # checking the individual pieces of the cookie payload
+  def test_full_encryption_path
+    @encrypted_cookie_jar[:test] = @str
+    enc_value = @encrypted_cookie_jar.encrypted_value(:test)
+    encryptor  = ActiveSupport::MessageEncryptor.new(GOOD_SECRET_1)
+
+    # ActiveSupport 3.2 fixes an issue where the payload is serialized twice during
+    # encryption and verification
+    if ActiveSupport::VERSION::MAJOR == 3 && ActiveSupport::VERSION::MINOR >= 2
+      serializer = ActiveSupport::MessageEncryptor::NullSerializer
+      verifier   = ActiveSupport::MessageVerifier.new(GOOD_SECRET_1, :serializer => serializer)
+    else
+      verifier   = ActiveSupport::MessageVerifier.new(GOOD_SECRET_1)
+    end
+
+    payload, signature = @encrypted_cookie_jar.encrypted_value(:test).split("--")
+    # ActiveSupport 3.2 deprecates encrypt and decrypt
+    if ActiveSupport::VERSION::MAJOR == 3 && ActiveSupport::VERSION::MINOR >= 2
+      decoded_payload    = ActiveSupport::Base64.decode64(payload)
+      decrypted_payload  = encryptor.send(:_decrypt, decoded_payload)
+    else
+      # part of the double serialization in ActiveSupport < 3.2
+      decoded_payload = Marshal.load(ActiveSupport::Base64.decode64(payload))
+      decrypted_payload = encryptor.decrypt(decoded_payload)
+    end
+    signature_control  = verifier.generate(decoded_payload)
+
+    assert_equal @str, decrypted_payload
+    assert_equal signature_control.split("--")[1], signature
   end
 
 end

metadata

@@ -2,7 +2,7 @@
 name: encrypted-cookies
 version: !ruby/object:Gem::Version 
   prerelease: 
-  version: "0.3"
+  version: "1.0"
 platform: ruby
 authors: 
 - Les Fletcher
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-06-17 00:00:00 -07:00
+date: 2011-12-04 00:00:00 -08:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -68,7 +68,7 @@ files:
 - test/encryped_cookie_test.rb
 - test/test_helper.rb
 has_rdoc: true
-homepage: ""
+homepage: http://github.com/hmcfletch/encrypted-cookies
 licenses: []
 
 post_install_message: