familia 2.0.0.pre3 → 2.0.0.pre5

data/try/features/encrypted_fields_no_cache_security_try.rb

@@ -0,0 +1,205 @@
+# try/features/encrypted_fields_no_cache_security_try.rb
+#
+# Security tests for the no-cache encryption strategy
+# These tests verify that we maintain security properties by NOT caching derived keys
+
+require_relative '../helpers/test_helpers'
+
+test_keys = {
+  v1: Base64.strict_encode64('a' * 32),
+  v2: Base64.strict_encode64('b' * 32)
+}
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+## No persistent key cache exists
+## Verify that we don't maintain a key cache at all
+Thread.current[:familia_key_cache]
+#=> nil
+
+## Each encryption gets fresh key derivation
+class NoCacheTestModel1 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :sensitive_data
+end
+
+@model = NoCacheTestModel1.new(user_id: 'test1')
+@model.sensitive_data = 'secret-value'
+#=> 'secret-value'
+
+## No cache should be created
+Thread.current[:familia_key_cache]
+#=> nil
+
+## Reading the value also doesn't create cache
+@retrieved = @model.sensitive_data
+@retrieved
+#=> 'secret-value'
+
+## repaired test
+Thread.current[:familia_key_cache]
+#=> nil
+
+## Multiple fields don't share state
+class NoCacheTestModel2 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :field_a
+  encrypted_field :field_b
+  encrypted_field :field_c
+end
+
+@model2 = NoCacheTestModel2.new(user_id: 'test2')
+@model2.field_a = 'value-a'
+@model2.field_b = 'value-b'
+@model2.field_c = 'value-c'
+#=> 'value-c'
+
+## Still no cache after multiple operations
+Thread.current[:familia_key_cache]
+#=> nil
+
+## All values can be retrieved correctly
+@model2.field_a
+#=> 'value-a'
+
+## Field b retrieves correctly
+@model2.field_b
+#=> 'value-b'
+
+## Field c retrieves correctly
+@model2.field_c
+#=> 'value-c'
+
+## Still no cache
+Thread.current[:familia_key_cache]
+#=> nil
+
+## Master keys are wiped after each operation
+## This test verifies that master keys don't persist in memory
+## We can't directly test memory wiping, but we verify the behavior
+class NoCacheTestModel3 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :secret
+end
+
+# Create multiple instances with different data
+@users = (1..10).map do |i|
+  user = NoCacheTestModel3.new(user_id: "user#{i}")
+  user.secret = "secret-#{i}"
+  user
+end
+
+# Verify all can decrypt correctly (proves fresh derivation each time)
+@users.each_with_index do |user, i|
+  decrypted = user.secret
+  decrypted == "secret-#{i}"
+end.all?
+#=> true
+
+## Still no cache after multiple operations
+Thread.current[:familia_key_cache]
+#=> nil
+
+## Thread isolation (no shared state between threads)
+class NoCacheTestModel4 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :thread_secret
+end
+
+@results = []
+@threads = []
+
+5.times do |i|
+  @threads << Thread.new do
+    # Each thread creates its own model
+    model = NoCacheTestModel4.new(user_id: "thread#{i}")
+    model.thread_secret = "thread-secret-#{i}"
+
+    # Verify no cache in this thread
+    cache_state = Thread.current[:familia_key_cache]
+
+    # Store results
+    @results << {
+      thread_id: i,
+      cache_is_nil: cache_state.nil?,
+      value_correct: model.thread_secret == "thread-secret-#{i}"
+    }
+  end
+end
+
+@threads.each(&:join)
+@threads.size
+#=> 5
+
+## All threads should report no cache
+@results.all? { |r| r[:cache_is_nil] }
+#=> true
+
+## All threads should have correct values
+@results.all? { |r| r[:value_correct] }
+#=> true
+
+## Performance: Key derivation happens every time
+## This test demonstrates that we prioritize security over performance
+class NoCacheTestModel5 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :perf_field
+end
+
+@model5 = NoCacheTestModel5.new(user_id: 'perf-test')
+@model5.perf_field = 'initial-value'
+#=> 'initial-value'
+
+## Multiple reads all trigger fresh key derivation
+@read_results = 100.times.map do
+  value = @model5.perf_field
+  value == 'initial-value'
+end
+
+@read_results.all?
+#=> true
+
+## Still no cache after 100 operations
+Thread.current[:familia_key_cache]
+#=> nil
+
+## Key rotation works without cache complications
+Familia.config.current_key_version = :v2
+
+class NoCacheTestModel6 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :rotated_field
+end
+
+# Encrypt with v2
+@model6 = NoCacheTestModel6.new(user_id: 'rotation-test')
+@model6.rotated_field = 'encrypted-with-v2'
+
+# Still no cache with new key version
+Thread.current[:familia_key_cache]
+#=> nil
+
+## Value is correctly encrypted/decrypted with v2
+@model6.rotated_field
+#=> 'encrypted-with-v2'
+
+## Reset to v1 for other tests
+Familia.config.current_key_version = :v1
+#=> :v1
+
+# Teardown
+Thread.current[:familia_key_cache] = nil
+Familia.config.encryption_keys = nil
+Familia.config.current_key_version = nil

data/try/features/encrypted_fields_security_try.rb

@@ -0,0 +1,370 @@
+# try/features/encrypted_fields_security_try.rb
+
+require_relative '../helpers/test_helpers'
+require 'base64'
+
+
+## Context isolation: Different field contexts use different encryption
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+class SecurityTestModel < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+
+  field :user_id
+  encrypted_field :password      # No AAD
+  encrypted_field :api_key       # No AAD
+  encrypted_field :secret_data   # No AAD
+end
+
+user = SecurityTestModel.new(user_id: 'user1')
+
+user.password = 'same-value'
+user.api_key = 'same-value'
+user.secret_data = 'same-value'
+
+password_encrypted = user.instance_variable_get(:@password)
+api_key_encrypted = user.instance_variable_get(:@api_key)
+secret_data_encrypted = user.instance_variable_get(:@secret_data)
+
+
+[password_encrypted != api_key_encrypted,
+ password_encrypted != secret_data_encrypted,
+ api_key_encrypted != secret_data_encrypted]
+#=> [true, true, true]
+
+## AAD Protection: Different users get different AAD
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+class SecurityTestModel2 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+
+  field :user_id
+  field :email
+  encrypted_field :api_key, aad_fields: [:email]
+end
+
+user1 = SecurityTestModel2.new(user_id: 'user1', email: 'user1@example.com')
+user2 = SecurityTestModel2.new(user_id: 'user2', email: 'user2@example.com')
+
+# Same value with different AAD should encrypt differently
+user1.api_key = 'same-api-key'
+user2.api_key = 'same-api-key'
+
+user1_encrypted = user1.instance_variable_get(:@api_key)
+user2_encrypted = user2.instance_variable_get(:@api_key)
+
+user1_encrypted != user2_encrypted
+#=> true
+
+## Auth tag manipulation fails authentication
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+class SecurityTestModel3 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :password
+end
+
+user = SecurityTestModel3.new(user_id: 'user1')
+user.password = 'test-password'
+encrypted = user.instance_variable_get(:@password)
+
+# Tamper with auth tag
+parsed = JSON.parse(encrypted, symbolize_names: true)
+original_auth_tag = parsed[:auth_tag]
+tampered_auth_tag = original_auth_tag.dup
+tampered_auth_tag[0] = tampered_auth_tag[0] == 'A' ? 'B' : 'A'
+parsed[:auth_tag] = tampered_auth_tag
+tampered_json = parsed.to_json
+
+user.instance_variable_set(:@password, tampered_json)
+begin
+  user.password
+  "should_not_reach_here"
+rescue Familia::EncryptionError => e
+  e.message.include?("Decryption failed")
+end
+#=> true
+
+## Ciphertext manipulation fails authentication
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+class SecurityTestModel4 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :password
+end
+
+user = SecurityTestModel4.new(user_id: 'user1')
+user.password = 'test-password'
+encrypted = user.instance_variable_get(:@password)
+
+# Tamper with ciphertext
+parsed = JSON.parse(encrypted, symbolize_names: true)
+original_ciphertext = parsed[:ciphertext]
+tampered_ciphertext = original_ciphertext.dup
+tampered_ciphertext[0] = tampered_ciphertext[0] == 'A' ? 'B' : 'A'
+parsed[:ciphertext] = tampered_ciphertext
+tampered_json = parsed.to_json
+
+user.instance_variable_set(:@password, tampered_json)
+begin
+  user.password
+  "should_not_reach_here"
+rescue Familia::EncryptionError => e
+  e.message.include?("Decryption failed")
+end
+#=> true
+
+## Nonce manipulation detection
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+class SecurityTestModel5 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :password
+end
+
+user = SecurityTestModel5.new(user_id: 'user1')
+user.password = 'test-password'
+encrypted = user.instance_variable_get(:@password)
+
+# Tamper with nonce
+parsed = JSON.parse(encrypted, symbolize_names: true)
+original_nonce = parsed[:nonce]
+tampered_nonce = original_nonce.dup
+tampered_nonce[0] = tampered_nonce[0] == 'A' ? 'B' : 'A'
+parsed[:nonce] = tampered_nonce
+tampered_json = parsed.to_json
+
+user.instance_variable_set(:@password, tampered_json)
+begin
+  user.password
+  "should_not_reach_here"
+rescue Familia::EncryptionError => e
+  e.message.include?("Decryption failed")
+end
+#=> true
+
+## Key isolation: Wrong key version prevents decryption
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+class SecurityTestModel6 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :password
+end
+
+user = SecurityTestModel6.new(user_id: 'user1')
+user.password = 'key-isolation-test'
+encrypted_with_v1 = user.instance_variable_get(:@password)
+
+
+# Parse and change key version to non-existent version
+parsed = JSON.parse(encrypted_with_v1, symbolize_names: true)
+parsed[:key_version] = 'v999'
+modified_json = parsed.to_json
+
+user.instance_variable_set(:@password, modified_json)
+begin
+  user.password
+  "should_not_reach_here"
+rescue Familia::EncryptionError => e
+  e.message.include?("No key for version")
+end
+#=> true
+
+## Nonce manipulation fails authentication - XChaCha20Poly1305 (24-byte nonces)
+class SecurityTestModelNonceXChaCha < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :password
+end
+
+user = SecurityTestModelNonceXChaCha.new(user_id: 'user1')
+user.password = 'nonce-test-xchacha'
+encrypted_with_nonce = user.instance_variable_get(:@password)
+
+# Parse and modify nonce (XChaCha20Poly1305 uses 24-byte nonces)
+parsed = JSON.parse(encrypted_with_nonce, symbolize_names: true)
+original_nonce = parsed[:nonce]
+# Create a different valid base64 nonce for XChaCha20Poly1305 (24 bytes)
+different_nonce = Base64.strict_encode64('x' * 24)
+parsed[:nonce] = different_nonce
+modified_json = parsed.to_json
+
+user.instance_variable_set(:@password, modified_json)
+begin
+  user.password
+  "should_not_reach_here"
+rescue Familia::EncryptionError => e
+  e.message.include?("Decryption failed")
+end
+#=> true
+
+## Nonce manipulation fails authentication - AES-GCM (12-byte nonces)
+class SecurityTestModelNonceAES < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :password
+end
+
+user_aes = SecurityTestModelNonceAES.new(user_id: 'user2')
+# Force AES-GCM encryption for this test
+encrypted_aes = Familia::Encryption.encrypt_with('aes-256-gcm', 'nonce-test-aes',
+  context: 'SecurityTestModelNonceAES:user2:password')
+user_aes.instance_variable_set(:@password, encrypted_aes)
+
+# Parse and modify nonce (AES-GCM uses 12-byte nonces)
+parsed_aes = JSON.parse(encrypted_aes, symbolize_names: true)
+original_nonce_aes = parsed_aes[:nonce]
+# Create a different valid base64 nonce for AES-GCM (12 bytes)
+different_nonce_aes = Base64.strict_encode64('y' * 12)
+parsed_aes[:nonce] = different_nonce_aes
+modified_json_aes = parsed_aes.to_json
+
+user_aes.instance_variable_set(:@password, modified_json_aes)
+begin
+  user_aes.password
+  "should_not_reach_here"
+rescue Familia::EncryptionError => e
+  e.message.include?("Decryption failed")
+end
+#=> true
+
+## Key cache isolation between different contexts
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+class SecurityTestModel7 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :field_a
+  encrypted_field :field_b
+end
+
+user = SecurityTestModel7.new(user_id: 'user1')
+user.field_a = 'test-value-a'
+user.field_b = 'test-value-b'
+#=> 'test-value-b'
+
+# Different contexts should cache different keys
+Thread.current[:familia_key_cache].nil?
+#=> true
+
+# Different contexts should cache different keys
+cache = Thread.current[:familia_key_cache]
+cache&.keys
+#=> nil
+
+# Should have different cache entries for different field contexts
+cache = Thread.current[:familia_key_cache]
+cache&.keys&.length >= 2
+##=> true
+
+## Thread-local key cache independence
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+class SecurityTestModel8 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :password
+end
+
+# Clear any existing cache
+Thread.current[:familia_key_cache] = nil
+
+user = SecurityTestModel8.new(user_id: 'user1')
+user.password = 'thread-cache-test'
+
+# Cache should be created for this thread
+cache_before = Thread.current[:familia_key_cache]
+cache_before.is_a?(Hash) && !cache_before.empty?
+#=> false
+
+# Clear cache manually
+Thread.current[:familia_key_cache] = {}
+cache_after = Thread.current[:familia_key_cache]
+
+# Cache should be empty after clearing
+cache_after.empty?
+#=> true
+
+## JSON structure tampering detection
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+class SecurityTestModel9 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :password
+end
+
+user = SecurityTestModel9.new(user_id: 'user1')
+user.password = 'json-structure-test'
+
+# Test invalid JSON structure
+user.instance_variable_set(:@password, '{"invalid": "json"')
+user.password
+#=!> Familia::EncryptionError
+#==> error.message.include?("Decryption failed")
+
+## Algorithm field tampering detection
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+class SecurityTestModel10 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :password
+end
+
+user = SecurityTestModel10.new(user_id: 'user1')
+user.password = 'algorithm-tamper-test'
+encrypted = user.instance_variable_get(:@password)
+
+# Tamper with algorithm field
+parsed = JSON.parse(encrypted, symbolize_names: true)
+parsed[:algorithm] = 'tampered-algorithm'
+tampered_json = parsed.to_json
+
+user.instance_variable_set(:@password, tampered_json)
+begin
+  user.password
+  "should_not_reach_here"
+rescue Familia::EncryptionError => e
+  e.message.include?("Unsupported algorithm")
+end
+#=> true
+
+# TEARDOWN
+Thread.current[:familia_key_cache]&.clear if Thread.current[:familia_key_cache]

data/try/features/encryption_fields/aad_protection_try.rb

@@ -0,0 +1,53 @@
+# try/features/encryption_fields/aad_protection_try.rb
+
+require 'concurrent'
+require 'base64'
+
+require_relative '../../helpers/test_helpers'
+
+test_keys = {
+  v1: Base64.strict_encode64('a' * 32),
+}
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+class AADProtectedModel < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  field :email
+  encrypted_field :api_key, aad_fields: [:email]
+end
+
+## AAD prevents field substitution attacks when record exists
+model = AADProtectedModel.new(id: 'aad-1', email: 'user@example.com')
+model.save  # Need to save first for AAD to be active
+model.api_key = 'secret-key'
+model.save  # Save the encrypted value
+ciphertext = model.instance_variable_get(:@api_key)
+
+# Change AAD field after encryption
+model.email = 'attacker@evil.com'
+model.instance_variable_set(:@api_key, ciphertext)
+
+begin
+  model.api_key
+  false
+rescue Familia::EncryptionError
+  true
+end
+#=> true
+
+## Without saving, AAD is not enforced (returns nil)
+unsaved_model = AADProtectedModel.new(id: 'aad-2', email: 'test@example.com')
+unsaved_model.api_key = 'test-key'
+stored = unsaved_model.instance_variable_get(:@api_key)
+# Change email and it still decrypts (no AAD protection without save)
+unsaved_model.email = 'changed@example.com'
+unsaved_model.instance_variable_set(:@api_key, stored)
+unsaved_model.api_key
+#=> 'test-key'
+
+# Cleanup
+Familia.config.encryption_keys = nil
+Familia.config.current_key_version = nil