encryptor 1.3.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +1 -0
- data/.gitignore +5 -0
- data/.travis.yml +19 -0
- data/CHANGELOG.md +24 -0
- data/Gemfile +3 -0
- data/README.md +168 -73
- data/Rakefile +5 -14
- data/certs/saghaulor.pem +21 -0
- data/encryptor.gemspec +41 -0
- data/lib/encryptor.rb +54 -19
- data/lib/encryptor/string.rb +3 -3
- data/lib/encryptor/version.rb +2 -2
- data/test/compatibility_test.rb +29 -25
- data/test/encryptor_string_test.rb +60 -0
- data/test/encryptor_test.rb +57 -65
- data/test/legacy_encryptor_string_test.rb +56 -0
- data/test/legacy_encryptor_test.rb +22 -63
- data/test/openssl_helper.rb +24 -4
- data/test/test_helper.rb +21 -12
- metadata +94 -39
- metadata.gz.sig +0 -0
data/lib/encryptor/string.rb
CHANGED
|
@@ -3,7 +3,7 @@ module Encryptor
|
|
|
3
3
|
module String
|
|
4
4
|
# Returns a new string containing the encrypted version of itself
|
|
5
5
|
def encrypt(options = {})
|
|
6
|
-
Encryptor.encrypt(options.merge(:
|
|
6
|
+
Encryptor.encrypt(options.merge(value: self))
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
# Replaces the contents of a string with the encrypted version of itself
|
|
@@ -13,11 +13,11 @@ module Encryptor
|
|
|
13
13
|
|
|
14
14
|
# Returns a new string containing the decrypted version of itself
|
|
15
15
|
def decrypt(options = {})
|
|
16
|
-
Encryptor.decrypt(options.merge(:
|
|
16
|
+
Encryptor.decrypt(options.merge(value: self))
|
|
17
17
|
end
|
|
18
18
|
|
|
19
19
|
# Replaces the contents of a string with the decrypted version of itself
|
|
20
|
-
def decrypt!(options ={})
|
|
20
|
+
def decrypt!(options = {})
|
|
21
21
|
replace decrypt(options)
|
|
22
22
|
end
|
|
23
23
|
end
|
data/lib/encryptor/version.rb
CHANGED
data/test/compatibility_test.rb
CHANGED
|
@@ -5,7 +5,7 @@ require File.expand_path('../test_helper', __FILE__)
|
|
|
5
5
|
# for data stored in databases and allows consumers of the gem to upgrade with
|
|
6
6
|
# confidence in the future.
|
|
7
7
|
#
|
|
8
|
-
class CompatibilityTest < Test
|
|
8
|
+
class CompatibilityTest < Minitest::Test
|
|
9
9
|
ALGORITHM = 'aes-256-cbc'
|
|
10
10
|
|
|
11
11
|
def self.base64_encode(value)
|
|
@@ -21,10 +21,11 @@ class CompatibilityTest < Test::Unit::TestCase
|
|
|
21
21
|
key = Digest::SHA256.hexdigest('my-fixed-key')
|
|
22
22
|
iv = Digest::SHA256.hexdigest('my-fixed-iv')
|
|
23
23
|
result = Encryptor.encrypt(
|
|
24
|
-
:
|
|
25
|
-
:
|
|
26
|
-
:
|
|
27
|
-
:
|
|
24
|
+
algorithm: ALGORITHM,
|
|
25
|
+
value: 'my-fixed-input',
|
|
26
|
+
key: key,
|
|
27
|
+
iv: iv,
|
|
28
|
+
insecure_mode: true
|
|
28
29
|
)
|
|
29
30
|
assert_equal 'nGuyGniksFXnMYj/eCxXKQ==', self.class.base64_encode(result)
|
|
30
31
|
end
|
|
@@ -32,9 +33,10 @@ class CompatibilityTest < Test::Unit::TestCase
|
|
|
32
33
|
def test_encrypt_without_iv
|
|
33
34
|
key = Digest::SHA256.hexdigest('my-fixed-key')
|
|
34
35
|
result = Encryptor.encrypt(
|
|
35
|
-
:
|
|
36
|
-
:
|
|
37
|
-
:
|
|
36
|
+
algorithm: ALGORITHM,
|
|
37
|
+
value: 'my-fixed-input',
|
|
38
|
+
key: key,
|
|
39
|
+
insecure_mode: true
|
|
38
40
|
)
|
|
39
41
|
assert_equal 'XbwHRMFWqR5M80kgwRcEEg==', self.class.base64_encode(result)
|
|
40
42
|
end
|
|
@@ -43,10 +45,11 @@ class CompatibilityTest < Test::Unit::TestCase
|
|
|
43
45
|
key = Digest::SHA256.hexdigest('my-fixed-key')
|
|
44
46
|
iv = Digest::SHA256.hexdigest('my-fixed-iv')
|
|
45
47
|
result = Encryptor.decrypt(
|
|
46
|
-
:
|
|
47
|
-
:
|
|
48
|
-
:
|
|
49
|
-
:
|
|
48
|
+
algorithm: ALGORITHM,
|
|
49
|
+
value: self.class.base64_decode('nGuyGniksFXnMYj/eCxXKQ=='),
|
|
50
|
+
key: key,
|
|
51
|
+
iv: iv,
|
|
52
|
+
insecure_mode: true
|
|
50
53
|
)
|
|
51
54
|
assert_equal 'my-fixed-input', result
|
|
52
55
|
end
|
|
@@ -54,9 +57,10 @@ class CompatibilityTest < Test::Unit::TestCase
|
|
|
54
57
|
def test_decrypt_without_iv
|
|
55
58
|
key = Digest::SHA256.hexdigest('my-fixed-key')
|
|
56
59
|
result = Encryptor.decrypt(
|
|
57
|
-
:
|
|
58
|
-
:
|
|
59
|
-
:
|
|
60
|
+
algorithm: ALGORITHM,
|
|
61
|
+
value: self.class.base64_decode('XbwHRMFWqR5M80kgwRcEEg=='),
|
|
62
|
+
key: key,
|
|
63
|
+
insecure_mode: true
|
|
60
64
|
)
|
|
61
65
|
assert_equal 'my-fixed-input', result
|
|
62
66
|
end
|
|
@@ -66,11 +70,11 @@ class CompatibilityTest < Test::Unit::TestCase
|
|
|
66
70
|
iv = Digest::SHA256.hexdigest('my-fixed-iv')
|
|
67
71
|
salt = 'my-fixed-salt'
|
|
68
72
|
result = Encryptor.encrypt(
|
|
69
|
-
:
|
|
70
|
-
:
|
|
71
|
-
:
|
|
72
|
-
:
|
|
73
|
-
:
|
|
73
|
+
algorithm: ALGORITHM,
|
|
74
|
+
value: 'my-fixed-input',
|
|
75
|
+
key: key,
|
|
76
|
+
iv: iv,
|
|
77
|
+
salt: salt
|
|
74
78
|
)
|
|
75
79
|
assert_equal 'DENuQSh9b0eW8GN3YLzLGw==', self.class.base64_encode(result)
|
|
76
80
|
end
|
|
@@ -80,11 +84,11 @@ class CompatibilityTest < Test::Unit::TestCase
|
|
|
80
84
|
iv = Digest::SHA256.hexdigest('my-fixed-iv')
|
|
81
85
|
salt = 'my-fixed-salt'
|
|
82
86
|
result = Encryptor.decrypt(
|
|
83
|
-
:
|
|
84
|
-
:
|
|
85
|
-
:
|
|
86
|
-
:
|
|
87
|
-
:
|
|
87
|
+
algorithm: ALGORITHM,
|
|
88
|
+
value: self.class.base64_decode('DENuQSh9b0eW8GN3YLzLGw=='),
|
|
89
|
+
key: key,
|
|
90
|
+
iv: iv,
|
|
91
|
+
salt: salt
|
|
88
92
|
)
|
|
89
93
|
assert_equal 'my-fixed-input', result
|
|
90
94
|
end
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
require 'test_helper'
|
|
2
|
+
|
|
3
|
+
class EncryptorStringTest < Minitest::Test
|
|
4
|
+
|
|
5
|
+
original_value = StringWithEncryptor.new
|
|
6
|
+
key = SecureRandom.random_bytes(64)
|
|
7
|
+
iv = SecureRandom.random_bytes(64)
|
|
8
|
+
salt = Time.now.to_i.to_s
|
|
9
|
+
original_value << SecureRandom.random_bytes(64)
|
|
10
|
+
auth_data = SecureRandom.random_bytes(64)
|
|
11
|
+
wrong_auth_tag = SecureRandom.random_bytes(16)
|
|
12
|
+
|
|
13
|
+
OpenSSLHelper::ALGORITHMS.each do |algorithm|
|
|
14
|
+
encrypted_value_with_iv = StringWithEncryptor.new
|
|
15
|
+
encrypted_value_without_iv = StringWithEncryptor.new
|
|
16
|
+
encrypted_value_with_iv << Encryptor.encrypt(value: original_value, key: key, iv: iv, salt: salt, algorithm: algorithm)
|
|
17
|
+
encrypted_value_without_iv << Encryptor.encrypt(value: original_value, key: key, algorithm: algorithm, insecure_mode: true)
|
|
18
|
+
|
|
19
|
+
define_method "test_should_call_encrypt_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
|
|
20
|
+
assert_equal encrypted_value_with_iv, original_value.encrypt(key: key, iv: iv, salt: salt, algorithm: algorithm)
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
define_method "test_should_call_encrypt_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
|
|
24
|
+
assert_equal encrypted_value_without_iv, original_value.encrypt(key: key, algorithm: algorithm, insecure_mode: true)
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
define_method "test_should_call_decrypt_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
|
|
28
|
+
assert_equal original_value, encrypted_value_with_iv.decrypt(key: key, iv: iv, salt: salt, algorithm: algorithm)
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
define_method "test_should_call_decrypt_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
|
|
32
|
+
assert_equal original_value, encrypted_value_without_iv.decrypt(key: key, algorithm: algorithm, insecure_mode: true)
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
define_method "test_string_encrypt!_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
|
|
36
|
+
original_value_dup = original_value.dup
|
|
37
|
+
original_value_dup.encrypt!(key: key, iv: iv, salt: salt, algorithm: algorithm)
|
|
38
|
+
assert_equal original_value.encrypt(key: key, iv: iv, salt: salt, algorithm: algorithm), original_value_dup
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
define_method "test_string_encrypt!_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
|
|
42
|
+
original_value_dup = original_value.dup
|
|
43
|
+
original_value_dup.encrypt!(key: key, algorithm: algorithm, insecure_mode: true)
|
|
44
|
+
assert_equal original_value.encrypt(key: key, algorithm: algorithm, insecure_mode: true), original_value_dup
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
define_method "test_string_decrypt!_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
|
|
48
|
+
encrypted_value_with_iv_dup = encrypted_value_with_iv.dup
|
|
49
|
+
encrypted_value_with_iv_dup.decrypt!(key: key, iv: iv, salt: salt, algorithm: algorithm)
|
|
50
|
+
assert_equal original_value, encrypted_value_with_iv_dup
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
define_method "test_string_decrypt!_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
|
|
54
|
+
encrypted_value_without_iv_dup = encrypted_value_without_iv.dup
|
|
55
|
+
encrypted_value_without_iv_dup.decrypt!(key: key, algorithm: algorithm, insecure_mode: true)
|
|
56
|
+
assert_equal original_value, encrypted_value_without_iv_dup
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
end
|
data/test/encryptor_test.rb
CHANGED
|
@@ -1,89 +1,50 @@
|
|
|
1
|
-
require
|
|
2
|
-
require File.expand_path('../openssl_helper', __FILE__)
|
|
1
|
+
require 'test_helper'
|
|
3
2
|
|
|
4
3
|
# Tests for new preferred salted encryption mode
|
|
5
4
|
#
|
|
6
|
-
class EncryptorTest < Test
|
|
5
|
+
class EncryptorTest < Minitest::Test
|
|
7
6
|
|
|
8
|
-
key =
|
|
9
|
-
iv =
|
|
10
|
-
salt =
|
|
11
|
-
original_value =
|
|
7
|
+
key = SecureRandom.random_bytes(32)
|
|
8
|
+
iv = SecureRandom.random_bytes(16)
|
|
9
|
+
salt = SecureRandom.random_bytes(16)
|
|
10
|
+
original_value = SecureRandom.random_bytes(64)
|
|
11
|
+
auth_data = SecureRandom.random_bytes(64)
|
|
12
|
+
wrong_auth_tag = SecureRandom.random_bytes(16)
|
|
12
13
|
|
|
13
14
|
OpenSSLHelper::ALGORITHMS.each do |algorithm|
|
|
14
|
-
encrypted_value_with_iv = Encryptor.encrypt(:
|
|
15
|
-
encrypted_value_without_iv = Encryptor.encrypt(:
|
|
15
|
+
encrypted_value_with_iv = Encryptor.encrypt(value: original_value, key: key, iv: iv, salt: salt, algorithm: algorithm)
|
|
16
|
+
encrypted_value_without_iv = Encryptor.encrypt(value: original_value, key: key, algorithm: algorithm, insecure_mode: true)
|
|
16
17
|
|
|
17
18
|
define_method "test_should_crypt_with_the_#{algorithm}_algorithm_with_iv" do
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
assert_equal original_value, Encryptor.decrypt(:
|
|
19
|
+
refute_equal original_value, encrypted_value_with_iv
|
|
20
|
+
refute_equal encrypted_value_without_iv, encrypted_value_with_iv
|
|
21
|
+
assert_equal original_value, Encryptor.decrypt(value: encrypted_value_with_iv, key: key, iv: iv, salt: salt, algorithm: algorithm)
|
|
21
22
|
end
|
|
22
23
|
|
|
23
24
|
define_method "test_should_crypt_with_the_#{algorithm}_algorithm_without_iv" do
|
|
24
|
-
|
|
25
|
-
assert_equal original_value, Encryptor.decrypt(:
|
|
25
|
+
refute_equal original_value, encrypted_value_without_iv
|
|
26
|
+
assert_equal original_value, Encryptor.decrypt(value: encrypted_value_without_iv, key: key, algorithm: algorithm, insecure_mode: true)
|
|
26
27
|
end
|
|
27
28
|
|
|
28
29
|
define_method "test_should_encrypt_with_the_#{algorithm}_algorithm_with_iv_with_the_first_arg_as_the_value" do
|
|
29
|
-
assert_equal encrypted_value_with_iv, Encryptor.encrypt(original_value, :
|
|
30
|
+
assert_equal encrypted_value_with_iv, Encryptor.encrypt(original_value, key: key, iv: iv, salt: salt, algorithm: algorithm)
|
|
30
31
|
end
|
|
31
32
|
|
|
32
33
|
define_method "test_should_encrypt_with_the_#{algorithm}_algorithm_without_iv_with_the_first_arg_as_the_value" do
|
|
33
|
-
assert_equal encrypted_value_without_iv, Encryptor.encrypt(original_value, :
|
|
34
|
+
assert_equal encrypted_value_without_iv, Encryptor.encrypt(original_value, key: key, algorithm: algorithm, insecure_mode: true)
|
|
34
35
|
end
|
|
35
36
|
|
|
36
37
|
define_method "test_should_decrypt_with_the_#{algorithm}_algorithm_with_iv_with_the_first_arg_as_the_value" do
|
|
37
|
-
assert_equal original_value, Encryptor.decrypt(encrypted_value_with_iv, :
|
|
38
|
+
assert_equal original_value, Encryptor.decrypt(encrypted_value_with_iv, key: key, iv: iv, salt: salt, algorithm: algorithm)
|
|
38
39
|
end
|
|
39
40
|
|
|
40
41
|
define_method "test_should_decrypt_with_the_#{algorithm}_algorithm_without_iv_with_the_first_arg_as_the_value" do
|
|
41
|
-
assert_equal original_value, Encryptor.decrypt(encrypted_value_without_iv, :
|
|
42
|
-
end
|
|
43
|
-
|
|
44
|
-
define_method "test_should_call_encrypt_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
|
|
45
|
-
assert_equal encrypted_value_with_iv, original_value.encrypt(:key => key, :iv => iv, :salt => salt, :algorithm => algorithm)
|
|
46
|
-
end
|
|
47
|
-
|
|
48
|
-
define_method "test_should_call_encrypt_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
|
|
49
|
-
assert_equal encrypted_value_without_iv, original_value.encrypt(:key => key, :algorithm => algorithm)
|
|
50
|
-
end
|
|
51
|
-
|
|
52
|
-
define_method "test_should_call_decrypt_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
|
|
53
|
-
assert_equal original_value, encrypted_value_with_iv.decrypt(:key => key, :iv => iv, :salt => salt, :algorithm => algorithm)
|
|
54
|
-
end
|
|
55
|
-
|
|
56
|
-
define_method "test_should_call_decrypt_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
|
|
57
|
-
assert_equal original_value, encrypted_value_without_iv.decrypt(:key => key, :algorithm => algorithm)
|
|
58
|
-
end
|
|
59
|
-
|
|
60
|
-
define_method "test_string_encrypt!_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
|
|
61
|
-
original_value_dup = original_value.dup
|
|
62
|
-
original_value_dup.encrypt!(:key => key, :iv => iv, :salt => salt, :algorithm => algorithm)
|
|
63
|
-
assert_equal original_value.encrypt(:key => key, :iv => iv, :salt => salt, :algorithm => algorithm), original_value_dup
|
|
64
|
-
end
|
|
65
|
-
|
|
66
|
-
define_method "test_string_encrypt!_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
|
|
67
|
-
original_value_dup = original_value.dup
|
|
68
|
-
original_value_dup.encrypt!(:key => key, :algorithm => algorithm)
|
|
69
|
-
assert_equal original_value.encrypt(:key => key, :algorithm => algorithm), original_value_dup
|
|
70
|
-
end
|
|
71
|
-
|
|
72
|
-
define_method "test_string_decrypt!_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
|
|
73
|
-
encrypted_value_with_iv_dup = encrypted_value_with_iv.dup
|
|
74
|
-
encrypted_value_with_iv_dup.decrypt!(:key => key, :iv => iv, :salt => salt, :algorithm => algorithm)
|
|
75
|
-
assert_equal original_value, encrypted_value_with_iv_dup
|
|
76
|
-
end
|
|
77
|
-
|
|
78
|
-
define_method "test_string_decrypt!_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
|
|
79
|
-
encrypted_value_without_iv_dup = encrypted_value_without_iv.dup
|
|
80
|
-
encrypted_value_without_iv_dup.decrypt!(:key => key, :algorithm => algorithm)
|
|
81
|
-
assert_equal original_value, encrypted_value_without_iv_dup
|
|
42
|
+
assert_equal original_value, Encryptor.decrypt(encrypted_value_without_iv, key: key, algorithm: algorithm, insecure_mode: true)
|
|
82
43
|
end
|
|
83
44
|
end
|
|
84
45
|
|
|
85
46
|
define_method 'test_should_use_the_default_algorithm_if_one_is_not_specified' do
|
|
86
|
-
assert_equal Encryptor.encrypt(:
|
|
47
|
+
assert_equal Encryptor.encrypt(value: original_value, key: key, salt: salt, iv: iv, algorithm: Encryptor.default_options[:algorithm]), Encryptor.encrypt(value: original_value, key: key, salt: salt, iv: iv)
|
|
87
48
|
end
|
|
88
49
|
|
|
89
50
|
def test_should_have_a_default_algorithm
|
|
@@ -92,17 +53,48 @@ class EncryptorTest < Test::Unit::TestCase
|
|
|
92
53
|
end
|
|
93
54
|
|
|
94
55
|
def test_should_raise_argument_error_if_key_is_not_specified
|
|
95
|
-
assert_raises(ArgumentError) { Encryptor.encrypt('some value') }
|
|
96
|
-
assert_raises(ArgumentError) { Encryptor.decrypt('some encrypted string') }
|
|
97
|
-
|
|
98
|
-
|
|
56
|
+
assert_raises(ArgumentError, "must specify a key") { Encryptor.encrypt('some value') }
|
|
57
|
+
assert_raises(ArgumentError, "must specify a key") { Encryptor.decrypt('some encrypted string') }
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
def test_should_raise_argument_error_if_key_is_too_short
|
|
61
|
+
assert_raises(ArgumentError, "key must be 32 bytes or longer") { Encryptor.encrypt('some value', key: '') }
|
|
62
|
+
assert_raises(ArgumentError, "key must be 32 bytes or longer") { Encryptor.decrypt('some encrypted string', key: '') }
|
|
99
63
|
end
|
|
100
64
|
|
|
101
|
-
|
|
65
|
+
define_method 'test_should_raise_argument_error_if_iv_is_not_specified' do
|
|
66
|
+
assert_raises(ArgumentError, "must specify an iv") { Encryptor.encrypt('some value', key: key) }
|
|
67
|
+
assert_raises(ArgumentError, "must specify an iv") { Encryptor.decrypt('some encrypted string', key: key) }
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
define_method 'test_should_raise_argument_error_if_iv_is_too_short' do
|
|
71
|
+
assert_raises(ArgumentError, "iv must be 16 bytes or longer") { Encryptor.encrypt('some value', key: key, iv: 'a') }
|
|
72
|
+
assert_raises(ArgumentError, "iv must be 16 bytes or longer") { Encryptor.decrypt('some encrypted string', key: key, iv: 'a') }
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
define_method 'test_should_yield_block_with_cipher_and_options' do
|
|
102
76
|
called = false
|
|
103
|
-
Encryptor.encrypt('some value', :key
|
|
77
|
+
Encryptor.encrypt('some value', key: key, iv: iv, salt: salt) { |cipher, options| called = true }
|
|
104
78
|
assert called
|
|
105
79
|
end
|
|
106
80
|
|
|
81
|
+
OpenSSLHelper::AUTHENTICATED_ENCRYPTION_ALGORITHMS.each do |algorithm|
|
|
82
|
+
|
|
83
|
+
define_method 'test_should_use_the_default_authentication_data_if_it_is_not_specified' do
|
|
84
|
+
encrypted_value = Encryptor.encrypt(value: original_value, key: key, iv: iv, salt: salt, algorithm: algorithm)
|
|
85
|
+
decrypted_value = Encryptor.decrypt(value: encrypted_value, key: key, iv: iv, salt: salt, algorithm: algorithm)
|
|
86
|
+
refute_equal original_value, encrypted_value
|
|
87
|
+
assert_equal original_value, decrypted_value
|
|
88
|
+
assert_raises(OpenSSL::Cipher::CipherError) { Encryptor.decrypt(value: encrypted_value[0..-17] + wrong_auth_tag, key: key, iv: iv, salt: salt, algorithm: algorithm) }
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
define_method 'test_should_use_authentication_data_if_it_is_specified' do
|
|
92
|
+
encrypted_value = Encryptor.encrypt(value: original_value, key: key, iv: iv, salt: salt, algorithm: algorithm, auth_data: auth_data)
|
|
93
|
+
decrypted_value = Encryptor.decrypt(value: encrypted_value, key: key, iv: iv, salt: salt, algorithm: algorithm, auth_data: auth_data)
|
|
94
|
+
refute_equal original_value, encrypted_value
|
|
95
|
+
assert_equal original_value, decrypted_value
|
|
96
|
+
assert_raises(OpenSSL::Cipher::CipherError) { Encryptor.decrypt(value: encrypted_value[0..-17] + wrong_auth_tag, key: key, iv: iv, salt: salt, algorithm: algorithm) }
|
|
97
|
+
end
|
|
98
|
+
end
|
|
107
99
|
end
|
|
108
100
|
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
require 'test_helper'
|
|
2
|
+
|
|
3
|
+
class LegacyEncryptorStringTest < Minitest::Test
|
|
4
|
+
|
|
5
|
+
key = SecureRandom.random_bytes(64)
|
|
6
|
+
iv = SecureRandom.random_bytes(64)
|
|
7
|
+
original_value = StringWithEncryptor.new
|
|
8
|
+
original_value << SecureRandom.random_bytes(64)
|
|
9
|
+
|
|
10
|
+
OpenSSLHelper::ALGORITHMS.each do |algorithm|
|
|
11
|
+
encrypted_value_with_iv = StringWithEncryptor.new
|
|
12
|
+
encrypted_value_with_iv << Encryptor.encrypt(value: original_value, key: key, iv: iv, algorithm: algorithm, insecure_mode: true)
|
|
13
|
+
encrypted_value_without_iv = StringWithEncryptor.new
|
|
14
|
+
encrypted_value_without_iv << Encryptor.encrypt(value: original_value, key: key, algorithm: algorithm, insecure_mode: true)
|
|
15
|
+
|
|
16
|
+
define_method "test_should_call_encrypt_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
|
|
17
|
+
assert_equal encrypted_value_with_iv, original_value.encrypt(key: key, iv: iv, algorithm: algorithm, insecure_mode: true)
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
define_method "test_should_call_encrypt_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
|
|
21
|
+
assert_equal encrypted_value_without_iv, original_value.encrypt(key: key, algorithm: algorithm, insecure_mode: true)
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
define_method "test_should_call_decrypt_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
|
|
25
|
+
assert_equal original_value, encrypted_value_with_iv.decrypt(key: key, iv: iv, algorithm: algorithm, insecure_mode: true)
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
define_method "test_should_call_decrypt_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
|
|
29
|
+
assert_equal original_value, encrypted_value_without_iv.decrypt(key: key, algorithm: algorithm, insecure_mode: true)
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
define_method "test_string_encrypt!_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
|
|
33
|
+
original_value_dup = original_value.dup
|
|
34
|
+
original_value_dup.encrypt!(key: key, iv: iv, algorithm: algorithm, insecure_mode: true)
|
|
35
|
+
assert_equal original_value.encrypt(key: key, iv: iv, algorithm: algorithm, insecure_mode: true), original_value_dup
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
define_method "test_string_encrypt!_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
|
|
39
|
+
original_value_dup = original_value.dup
|
|
40
|
+
original_value_dup.encrypt!(key: key, algorithm: algorithm, insecure_mode: true)
|
|
41
|
+
assert_equal original_value.encrypt(key: key, algorithm: algorithm, insecure_mode: true), original_value_dup
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
define_method "test_string_decrypt!_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
|
|
45
|
+
encrypted_value_with_iv_dup = encrypted_value_with_iv.dup
|
|
46
|
+
encrypted_value_with_iv_dup.decrypt!(key: key, iv: iv, algorithm: algorithm, insecure_mode: true)
|
|
47
|
+
assert_equal original_value, encrypted_value_with_iv_dup
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
define_method "test_string_decrypt!_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
|
|
51
|
+
encrypted_value_without_iv_dup = encrypted_value_without_iv.dup
|
|
52
|
+
encrypted_value_without_iv_dup.decrypt!(key: key, algorithm: algorithm, insecure_mode: true)
|
|
53
|
+
assert_equal original_value, encrypted_value_without_iv_dup
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
end
|
|
@@ -1,88 +1,47 @@
|
|
|
1
|
-
require
|
|
2
|
-
require File.expand_path('../openssl_helper', __FILE__)
|
|
1
|
+
require 'test_helper'
|
|
3
2
|
|
|
4
3
|
# Tests for legacy (non-salted) encryption mode
|
|
5
4
|
#
|
|
6
|
-
class LegacyEncryptorTest < Test
|
|
5
|
+
class LegacyEncryptorTest < Minitest::Test
|
|
7
6
|
|
|
8
|
-
key =
|
|
9
|
-
iv =
|
|
10
|
-
original_value =
|
|
7
|
+
key = SecureRandom.random_bytes(64)
|
|
8
|
+
iv = SecureRandom.random_bytes(64)
|
|
9
|
+
original_value = SecureRandom.random_bytes(64)
|
|
11
10
|
|
|
12
11
|
OpenSSLHelper::ALGORITHMS.each do |algorithm|
|
|
13
|
-
encrypted_value_with_iv = Encryptor.encrypt(:
|
|
14
|
-
encrypted_value_without_iv = Encryptor.encrypt(:
|
|
12
|
+
encrypted_value_with_iv = Encryptor.encrypt(value: original_value, key: key, iv: iv, algorithm: algorithm, insecure_mode: true)
|
|
13
|
+
encrypted_value_without_iv = Encryptor.encrypt(value: original_value, key: key, algorithm: algorithm, insecure_mode: true)
|
|
15
14
|
|
|
16
15
|
define_method "test_should_crypt_with_the_#{algorithm}_algorithm_with_iv" do
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
assert_equal original_value, Encryptor.decrypt(:
|
|
16
|
+
refute_equal original_value, encrypted_value_with_iv
|
|
17
|
+
refute_equal encrypted_value_without_iv, encrypted_value_with_iv
|
|
18
|
+
assert_equal original_value, Encryptor.decrypt(value: encrypted_value_with_iv, key: key, iv: iv, algorithm: algorithm, insecure_mode: true)
|
|
20
19
|
end
|
|
21
20
|
|
|
22
21
|
define_method "test_should_crypt_with_the_#{algorithm}_algorithm_without_iv" do
|
|
23
|
-
|
|
24
|
-
assert_equal original_value, Encryptor.decrypt(:
|
|
22
|
+
refute_equal original_value, encrypted_value_without_iv
|
|
23
|
+
assert_equal original_value, Encryptor.decrypt(value: encrypted_value_without_iv, key: key, algorithm: algorithm, insecure_mode: true)
|
|
25
24
|
end
|
|
26
25
|
|
|
27
26
|
define_method "test_should_encrypt_with_the_#{algorithm}_algorithm_with_iv_with_the_first_arg_as_the_value" do
|
|
28
|
-
assert_equal encrypted_value_with_iv, Encryptor.encrypt(original_value, :
|
|
27
|
+
assert_equal encrypted_value_with_iv, Encryptor.encrypt(original_value, key: key, iv: iv, algorithm: algorithm, insecure_mode: true)
|
|
29
28
|
end
|
|
30
29
|
|
|
31
30
|
define_method "test_should_encrypt_with_the_#{algorithm}_algorithm_without_iv_with_the_first_arg_as_the_value" do
|
|
32
|
-
assert_equal encrypted_value_without_iv, Encryptor.encrypt(original_value, :
|
|
31
|
+
assert_equal encrypted_value_without_iv, Encryptor.encrypt(original_value, key: key, algorithm: algorithm, insecure_mode: true)
|
|
33
32
|
end
|
|
34
33
|
|
|
35
34
|
define_method "test_should_decrypt_with_the_#{algorithm}_algorithm_with_iv_with_the_first_arg_as_the_value" do
|
|
36
|
-
assert_equal original_value, Encryptor.decrypt(encrypted_value_with_iv, :
|
|
35
|
+
assert_equal original_value, Encryptor.decrypt(encrypted_value_with_iv, key: key, iv: iv, algorithm: algorithm, insecure_mode: true)
|
|
37
36
|
end
|
|
38
37
|
|
|
39
38
|
define_method "test_should_decrypt_with_the_#{algorithm}_algorithm_without_iv_with_the_first_arg_as_the_value" do
|
|
40
|
-
assert_equal original_value, Encryptor.decrypt(encrypted_value_without_iv, :
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
define_method "test_should_call_encrypt_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
|
|
44
|
-
assert_equal encrypted_value_with_iv, original_value.encrypt(:key => key, :iv => iv, :algorithm => algorithm)
|
|
45
|
-
end
|
|
46
|
-
|
|
47
|
-
define_method "test_should_call_encrypt_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
|
|
48
|
-
assert_equal encrypted_value_without_iv, original_value.encrypt(:key => key, :algorithm => algorithm)
|
|
49
|
-
end
|
|
50
|
-
|
|
51
|
-
define_method "test_should_call_decrypt_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
|
|
52
|
-
assert_equal original_value, encrypted_value_with_iv.decrypt(:key => key, :iv => iv, :algorithm => algorithm)
|
|
53
|
-
end
|
|
54
|
-
|
|
55
|
-
define_method "test_should_call_decrypt_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
|
|
56
|
-
assert_equal original_value, encrypted_value_without_iv.decrypt(:key => key, :algorithm => algorithm)
|
|
57
|
-
end
|
|
58
|
-
|
|
59
|
-
define_method "test_string_encrypt!_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
|
|
60
|
-
original_value_dup = original_value.dup
|
|
61
|
-
original_value_dup.encrypt!(:key => key, :iv => iv, :algorithm => algorithm)
|
|
62
|
-
assert_equal original_value.encrypt(:key => key, :iv => iv, :algorithm => algorithm), original_value_dup
|
|
63
|
-
end
|
|
64
|
-
|
|
65
|
-
define_method "test_string_encrypt!_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
|
|
66
|
-
original_value_dup = original_value.dup
|
|
67
|
-
original_value_dup.encrypt!(:key => key, :algorithm => algorithm)
|
|
68
|
-
assert_equal original_value.encrypt(:key => key, :algorithm => algorithm), original_value_dup
|
|
69
|
-
end
|
|
70
|
-
|
|
71
|
-
define_method "test_string_decrypt!_on_a_string_with_the_#{algorithm}_algorithm_with_iv" do
|
|
72
|
-
encrypted_value_with_iv_dup = encrypted_value_with_iv.dup
|
|
73
|
-
encrypted_value_with_iv_dup.decrypt!(:key => key, :iv => iv, :algorithm => algorithm)
|
|
74
|
-
assert_equal original_value, encrypted_value_with_iv_dup
|
|
75
|
-
end
|
|
76
|
-
|
|
77
|
-
define_method "test_string_decrypt!_on_a_string_with_the_#{algorithm}_algorithm_without_iv" do
|
|
78
|
-
encrypted_value_without_iv_dup = encrypted_value_without_iv.dup
|
|
79
|
-
encrypted_value_without_iv_dup.decrypt!(:key => key, :algorithm => algorithm)
|
|
80
|
-
assert_equal original_value, encrypted_value_without_iv_dup
|
|
39
|
+
assert_equal original_value, Encryptor.decrypt(encrypted_value_without_iv, key: key, algorithm: algorithm, insecure_mode: true)
|
|
81
40
|
end
|
|
82
41
|
end
|
|
83
42
|
|
|
84
43
|
define_method 'test_should_use_the_default_algorithm_if_one_is_not_specified' do
|
|
85
|
-
assert_equal Encryptor.encrypt(:
|
|
44
|
+
assert_equal Encryptor.encrypt(value: original_value, key: key, algorithm: Encryptor.default_options[:algorithm], insecure_mode: true), Encryptor.encrypt(value: original_value, key: key, insecure_mode: true)
|
|
86
45
|
end
|
|
87
46
|
|
|
88
47
|
def test_should_have_a_default_algorithm
|
|
@@ -91,15 +50,15 @@ class LegacyEncryptorTest < Test::Unit::TestCase
|
|
|
91
50
|
end
|
|
92
51
|
|
|
93
52
|
def test_should_raise_argument_error_if_key_is_not_specified
|
|
94
|
-
assert_raises(ArgumentError) { Encryptor.encrypt('some value') }
|
|
95
|
-
assert_raises(ArgumentError) { Encryptor.decrypt('some encrypted string') }
|
|
96
|
-
assert_raises(ArgumentError) { Encryptor.encrypt('some value', :
|
|
97
|
-
assert_raises(ArgumentError) { Encryptor.decrypt('some encrypted string', :
|
|
53
|
+
assert_raises(ArgumentError) { Encryptor.encrypt('some value', insecure_mode: true) }
|
|
54
|
+
assert_raises(ArgumentError) { Encryptor.decrypt('some encrypted string', insecure_mode: true) }
|
|
55
|
+
assert_raises(ArgumentError) { Encryptor.encrypt('some value', key: '', insecure_mode: true) }
|
|
56
|
+
assert_raises(ArgumentError) { Encryptor.decrypt('some encrypted string', key: '', insecure_mode: true) }
|
|
98
57
|
end
|
|
99
58
|
|
|
100
59
|
def test_should_yield_block_with_cipher_and_options
|
|
101
60
|
called = false
|
|
102
|
-
Encryptor.encrypt('some value', :
|
|
61
|
+
Encryptor.encrypt('some value', key: 'some key', insecure_mode: true) { |cipher, options| called = true }
|
|
103
62
|
assert called
|
|
104
63
|
end
|
|
105
64
|
|