encryptor 2.0.0 → 3.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: dc166257be860dc17bd32f793762a69aa8d0bb17
-  data.tar.gz: 0229093567b3307695cb5cf2bdd12de1005cc32d
+  metadata.gz: d5d4bcdbbba4b2892936b7090113f5163e0d6a3f
+  data.tar.gz: 640677c6479a699550063209e5962948130d4cbb
 SHA512:
-  metadata.gz: 48dea5301f97036ce8198865090fb7ae13e8385ec1376332043a06ec25d9ae17dfb49d629fc962a193faa763f3cf9624252609b59149a3fba4fe6ead7230b7f1
-  data.tar.gz: 554b9fd4f471a8ef2131b0bce5c2fa843f0abe277f54bbe1a9d6c28e156aa56d0d23077be08c8f003a2d396f9c14347419bc41fc7026d6c2d9a46d8408977058
+  metadata.gz: 5b47895d39c43829d4a3d4b3734514d52d1ac9011ac51a14707401535517810a4e79c513b031879300ae0fb47a3051d22506096169dd5abc7cb1cbbe59015128
+  data.tar.gz: 74835ac60295fecdb2ec482c87f739d25a1bdedb3e934d8011aeb70d0c13a0df0081d80e646457550867850ef9bbe2a524a5f5b921d4bc042e431a59f1c3bbb3

data/CHANGELOG.md

@@ -1,6 +1,12 @@
 # Encryptor #
 
-## Unreleased ##
+## 3.0.0 ##
+
+* Fixed: GCM algorithms were not using IV. See https://github.com/attr-encrypted/encryptor/pull/22 for more info (@borama)
+    * Data previously encrypted with GCM will not be decryptable by default. See the README for info regarding a workaround.
+* Added: New option to enable backwards compatibility to allow decryption of data encrypted with AES-*-GCM algorithms from Encryptor v2.0.0. (@saghaulor)
+
+## 2.0.0 ##
 
 * Added support for MRI 2.1, 2.2, 2.3, and Rubinius. (@saghaulor)
 * Added support for Authenticated Encryption Authentiation Data (AEAD) via aes-###-gcm. (@saghaulor)

data/README.md

@@ -4,6 +4,9 @@
 
 A simple wrapper for the standard Ruby OpenSSL library
 
+## Upgrading from v2.0.0 to v3.0.0 ##
+A bug was discovered in Encryptor 2.0.0 wherein the IV was not being used when using an AES-\*-GCM algorithm. Unfornately fixing this major security issue results in the inability to decrypt records encrypted using an AES-\*-GCM algorithm from Encryptor v2.0.0. While the behavior change is minimal between v2.0.0 and v3.0.0, the change has a significant impact on users that used v2.0.0 and encrypted data using an AES-\*-GCM algorithm, which is the default algorithm for v2.0.0. Consequently, we decided to increment the version with a major bump to help people avoid a confusing situation where some of their data will not decrypt. A new option is available in Encryptor 3.0.0 that allows decryption of data encrypted using an AES-\*-GCM algorithm from Encryptor v2.0.0.
+
 ### Installation
 
 ```bash
@@ -56,10 +59,11 @@ decrypted_value = Encryptor.decrypt(encrypted_value, key: secret_key, iv: iv)
     { algorithm: 'aes-256-gcm',
       auth_data: '',
       insecure_mode: false,
-      hmac_iterations: 2000 }
+      hmac_iterations: 2000,
+      v2_gcm_iv: false }
 ```
 
-Older versions of Encryptor allowed you to use it in a less secure way. Namely, you were allowed to run Encryptor without an IV, or with a key of insufficient length. Encryptor now requires a key and IV of the correct length respective to the algorithm that you use. However, to maintain backwards compatibility you can run Encryptor with the `:insecure_mode` option.
+Older versions of Encryptor allowed you to use it in a less secure way. Namely, you were allowed to run Encryptor without an IV, or with a key of insufficient length. Encryptor now requires a key and IV of the correct length respective to the algorithm that you use. However, to maintain backwards compatibility you can run Encryptor with the `:insecure_mode` option. Additionally, when using AES-\*-GCM algorithms in Encryptor v2.0.0, the IV was set incorrectly and was not used. The `:v2_gcm_iv` option is available to allow Encryptor to set the IV as it was set in Encryptor v2.0.0. This is provided to assist with migrating data that unsafely encrypted using an AES-\*-GCM algorithm from Encryptor v2.0.0.
 
 You may also pass an `:algorithm`,`:salt`, and `hmac_iterations` option, however none of these options are required. If you pass the `:salt` option, a new unique key will be derived from the key that you passed in using PKCS5 with a default of 2000 iterations. You can change the number of PKCS5 iterations with the `hmac_iterations` option. As PKCS5 is slow, it is optional behavior, but it does provide more security to use a unique IV and key for every encryption operation.
 

data/checksum/encryptor-2.0.0.gem.sha256

@@ -0,0 +1 @@
+f144a0dd2485a61651c302a4870b6d56d3a0da22d48ce4c1dd0630cd14527b34

data/checksum/encryptor-2.0.0.gem.sha512

@@ -0,0 +1 @@
+c37d971669b34a0272e1e0918426ff519413a3547d100ebf972786c3faadc76348d39ac9d150186be28eae521971e6d734de93a54fe94cdc2d525eac47ec9fdd

data/encryptor.gemspec

@@ -38,4 +38,9 @@ Gem::Specification.new do |s|
 
   s.cert_chain  = ['certs/saghaulor.pem']
   s.signing_key = File.expand_path("~/.ssh/gem-private_key.pem") if $0 =~ /gem\z/
+
+  s.post_install_message  = "\n\n\nPlease be aware that Encryptor v2.0.0 had a major security bug when using AES-*-GCM algorithms.\n
+By default You will not be able to decrypt data that was previously encrypted using an AES-*-GCM algorithm.\n
+Please see the README and https://github.com/attr-encrypted/encryptor/pull/22 for more information.\n\n\n"
+
 end

data/lib/encryptor.rb

@@ -11,14 +11,16 @@ module Encryptor
   # Defaults to { algorithm: 'aes-256-gcm',
   #               auth_data: '',
   #               insecure_mode: false,
-  #               hmac_iterations: 2000 }
+  #               hmac_iterations: 2000,
+  #               v2_gcm_iv: false }
   #
   # Run 'openssl list-cipher-commands' in your terminal to view a list all cipher algorithms that are supported on your platform
   def default_options
     @default_options ||= { algorithm: 'aes-256-gcm',
                            auth_data: '',
                            insecure_mode: false,
-                           hmac_iterations: 2000 }
+                           hmac_iterations: 2000,
+                           v2_gcm_iv: false }
   end
 
   # Encrypts a <tt>:value</tt> with a specified <tt>:key</tt> and <tt>:iv</tt>.
@@ -60,7 +62,8 @@ module Encryptor
         raise ArgumentError.new("iv must be #{cipher.iv_len} bytes or longer") if options[:iv].bytesize < cipher.iv_len
       end
       if options[:iv]
-        cipher.iv = options[:iv]
+        # This is here for backwards compatibility for Encryptor v2.0.0.
+        cipher.iv = options[:iv] if options[:v2_gcm_iv]
         if options[:salt].nil?
           # Use a non-salted cipher.
           # This behaviour is retained for backwards compatibility. This mode
@@ -73,6 +76,7 @@ module Encryptor
           # secure) mode of operation.
           cipher.key = OpenSSL::PKCS5.pbkdf2_hmac_sha1(options[:key], options[:salt], options[:hmac_iterations], cipher.key_len)
         end
+        cipher.iv = options[:iv] unless options[:v2_gcm_iv]
       else
         # This is deprecated and needs to be changed.
         cipher.pkcs5_keyivgen(options[:key])

data/lib/encryptor/version.rb

@@ -1,7 +1,7 @@
 module Encryptor
   # Contains information about this gem's version
   module Version
-    MAJOR = 2
+    MAJOR = 3
     MINOR = 0
     PATCH = 0
 

data/test/compatibility_test.rb

@@ -93,5 +93,30 @@ class CompatibilityTest < Minitest::Test
       assert_equal 'my-fixed-input', result
     end
   end
+
+  def test_ciphertext_encrypted_with_v2_decrypts_with_v2_gcm_iv_option
+    result = Encryptor.decrypt(@decoded_options)
+    assert_equal @decoded_options[:plaintext], result
+  end
+
+  def test_ciphertext_encrypted_with_v2_does_not_decrypt_without_v2_gcm_iv_option
+    assert_raises OpenSSL::Cipher::CipherError do
+      @decoded_options.delete(:v2_gcm_iv)
+      Encryptor.decrypt(@decoded_options)
+    end
+  end
+
+  def setup
+    encoded_v2_options = {
+      plaintext: "9H/D+Sm9qMAHHsmWvEu7LGutbEspL6akB1Qb7pLtH0+YOvB9YhZxVuIpugv9\nB8PXrYFnxO+bSvspPgp4KFm4bA==\n",
+      value: "JR44j1NhT9WOR9SH1n6xYJMcjcGagbsYtnTtGZIe+BSavKZBR8gOtgAFJSTs\nwqtIhr28O8SC7uQepdEctnclahtNf9Nh1j/Wc76Fxlb81KI=\n",
+      key: "AquHbz6lrUKowAns+qRdwnfEupSbViADKuBMTe7DUpQ=\n",
+      iv: "YFQ4l87YMy/qQNc10AvmtQ==\n",
+      salt: "qy3crVknWZpYEjxr89IHUg==\n",
+    }
+
+    @decoded_options = { algorithm: 'aes-256-gcm' , v2_gcm_iv: true }
+    encoded_v2_options.each_with_object(@decoded_options) { |(k, v), memo| memo[k] = v.unpack("m").first }
+  end
 end
 

data/test/encryptor_test.rb

@@ -6,6 +6,7 @@ class EncryptorTest < Minitest::Test
 
   key = SecureRandom.random_bytes(32)
   iv = SecureRandom.random_bytes(16)
+  iv2 = SecureRandom.random_bytes(16)
   salt = SecureRandom.random_bytes(16)
   original_value = SecureRandom.random_bytes(64)
   auth_data = SecureRandom.random_bytes(64)
@@ -80,6 +81,14 @@ class EncryptorTest < Minitest::Test
 
   OpenSSLHelper::AUTHENTICATED_ENCRYPTION_ALGORITHMS.each do |algorithm|
 
+    define_method 'test_should_use_iv_to_initialize_encryption' do
+      encrypted_value_iv1 = Encryptor.encrypt(value: original_value, key: key, iv: iv, salt: salt, algorithm: algorithm)
+      encrypted_value_iv2 = Encryptor.encrypt(value: original_value, key: key, iv: iv2, salt: salt, algorithm: algorithm)
+      refute_equal original_value, encrypted_value_iv1
+      refute_equal original_value, encrypted_value_iv2
+      refute_equal encrypted_value_iv1, encrypted_value_iv2
+    end
+
     define_method 'test_should_use_the_default_authentication_data_if_it_is_not_specified' do
       encrypted_value = Encryptor.encrypt(value: original_value, key: key, iv: iv, salt: salt, algorithm: algorithm)
       decrypted_value = Encryptor.decrypt(value: encrypted_value, key: key, iv: iv, salt: salt, algorithm: algorithm)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: encryptor
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 3.0.0
 platform: ruby
 authors:
 - Sean Huber
@@ -33,7 +33,7 @@ cert_chain:
   ZjeLmnSDiwL6doiP5IiwALH/dcHU67ck3NGf6XyqNwQrrmtPY0mv1WVVL4Uh+vYE
   kHoFzE2no0BfBg78Re8fY69P5yES5ncC
   -----END CERTIFICATE-----
-date: 2016-01-12 00:00:00.000000000 Z
+date: 2016-03-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest
@@ -124,6 +124,8 @@ files:
 - README.md
 - Rakefile
 - certs/saghaulor.pem
+- checksum/encryptor-2.0.0.gem.sha256
+- checksum/encryptor-2.0.0.gem.sha512
 - encryptor.gemspec
 - lib/encryptor.rb
 - lib/encryptor/string.rb
@@ -139,7 +141,17 @@ homepage: http://github.com/attr-encrypted/encryptor
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message: |2+
+
+
+
+  Please be aware that Encryptor v2.0.0 had a major security bug when using AES-*-GCM algorithms.
+
+  By default You will not be able to decrypt data that was previously encrypted using an AES-*-GCM algorithm.
+
+  Please see the README and https://github.com/attr-encrypted/encryptor/pull/22 for more information.
+
+
 rdoc_options:
 - "--charset=UTF-8"
 - "--inline-source"
@@ -173,3 +185,4 @@ test_files:
 - test/legacy_encryptor_test.rb
 - test/openssl_helper.rb
 - test/test_helper.rb
+has_rdoc: