familia 2.0.0.pre4 → 2.0.0.pre6

data/try/features/encrypted_fields_no_cache_security_try.rb

@@ -0,0 +1,219 @@
+# try/features/encrypted_fields_no_cache_security_try.rb
+#
+# Security tests for the no-cache encryption strategy
+# These tests verify that we maintain security properties by NOT caching derived keys
+
+require_relative '../helpers/test_helpers'
+
+test_keys = {
+  v1: Base64.strict_encode64('a' * 32),
+  v2: Base64.strict_encode64('b' * 32)
+}
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+## No persistent key cache exists
+## Verify that we don't maintain a key cache at all
+Thread.current[:familia_key_cache]
+#=> nil
+
+## Each encryption gets fresh key derivation
+class NoCacheTestModel1 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :sensitive_data
+end
+
+@model = NoCacheTestModel1.new(user_id: 'test1')
+@model.sensitive_data = 'secret-value'
+#=> 'secret-value'
+
+## No cache should be created
+Thread.current[:familia_key_cache]
+#=> nil
+
+## Reading the value also doesn't create cache
+@retrieved = @model.sensitive_data
+@retrieved.reveal do |decrypted_value|
+  decrypted_value
+end
+#=> 'secret-value'
+
+## repaired test
+Thread.current[:familia_key_cache]
+#=> nil
+
+## Multiple fields don't share state
+class NoCacheTestModel2 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :field_a
+  encrypted_field :field_b
+  encrypted_field :field_c
+end
+
+@model2 = NoCacheTestModel2.new(user_id: 'test2')
+@model2.field_a = 'value-a'
+@model2.field_b = 'value-b'
+@model2.field_c = 'value-c'
+#=> 'value-c'
+
+## Still no cache after multiple operations
+Thread.current[:familia_key_cache]
+#=> nil
+
+## All values can be retrieved correctly
+@model2.field_a.reveal do |decrypted_value|
+  decrypted_value
+end
+#=> 'value-a'
+
+## Field b retrieves correctly
+@model2.field_b.reveal do |decrypted_value|
+  decrypted_value
+end
+#=> 'value-b'
+
+## Field c retrieves correctly
+@model2.field_c.reveal do |decrypted_value|
+  decrypted_value
+end
+#=> 'value-c'
+
+## Still no cache
+Thread.current[:familia_key_cache]
+#=> nil
+
+## Master keys are wiped after each operation
+## This test verifies that master keys don't persist in memory
+## We can't directly test memory wiping, but we verify the behavior
+class NoCacheTestModel3 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :secret
+end
+
+# Create multiple instances with different data
+@users = (1..10).map do |i|
+  user = NoCacheTestModel3.new(user_id: "user#{i}")
+  user.secret = "secret-#{i}"
+  user
+end
+
+# Verify all can decrypt correctly (proves fresh derivation each time)
+@users.each_with_index do |user, i|
+  decrypted = user.secret
+  decrypted == "secret-#{i}"
+end.all?
+#=> true
+
+## Still no cache after multiple operations
+Thread.current[:familia_key_cache]
+#=> nil
+
+## Thread isolation (no shared state between threads)
+class NoCacheTestModel4 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :thread_secret
+end
+
+@results = []
+@threads = []
+
+5.times do |i|
+  @threads << Thread.new do
+    # Each thread creates its own model
+    model = NoCacheTestModel4.new(user_id: "thread#{i}")
+    model.thread_secret = "thread-secret-#{i}"
+
+    # Verify no cache in this thread
+    cache_state = Thread.current[:familia_key_cache]
+
+    # Store results
+    @results << {
+      thread_id: i,
+      cache_is_nil: cache_state.nil?,
+      value_correct: model.thread_secret.reveal do |decrypted_value|
+        decrypted_value == "thread-secret-#{i}"
+      end
+    }
+  end
+end
+
+@threads.each(&:join)
+@threads.size
+#=> 5
+
+## All threads should report no cache
+@results.all? { |r| r[:cache_is_nil] }
+#=> true
+
+## All threads should have correct values
+@results.all? {|r| r[:value_correct] }
+#=> true
+
+## Performance: Key derivation happens every time
+## This test demonstrates that we prioritize security over performance
+class NoCacheTestModel5 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :perf_field
+end
+
+@model5 = NoCacheTestModel5.new(user_id: 'perf-test')
+@model5.perf_field = 'initial-value'
+#=> 'initial-value'
+
+## Multiple reads all trigger fresh key derivation
+@read_results = 100.times.map do
+  value = @model5.perf_field.reveal do |decrypted_value|
+    decrypted_value
+  end
+  value == 'initial-value'
+end
+
+@read_results.all?
+#=> true
+
+## Still no cache after 100 operations
+Thread.current[:familia_key_cache]
+#=> nil
+
+## Key rotation works without cache complications
+Familia.config.current_key_version = :v2
+
+class NoCacheTestModel6 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :rotated_field
+end
+
+# Encrypt with v2
+@model6 = NoCacheTestModel6.new(user_id: 'rotation-test')
+@model6.rotated_field = 'encrypted-with-v2'
+
+# Still no cache with new key version
+Thread.current[:familia_key_cache]
+#=> nil
+
+## Value is correctly encrypted/decrypted with v2
+@model6.rotated_field.reveal do |decrypted_value|
+  decrypted_value
+end
+#=> 'encrypted-with-v2'
+
+## Reset to v1 for other tests
+Familia.config.current_key_version = :v1
+#=> :v1
+
+# Teardown
+Thread.current[:familia_key_cache] = nil
+Familia.config.encryption_keys = nil
+Familia.config.current_key_version = nil

data/try/features/encrypted_fields_security_try.rb

@@ -0,0 +1,377 @@
+# try/features/encrypted_fields_security_try.rb
+
+require_relative '../helpers/test_helpers'
+require 'base64'
+
+# Define all test classes up front to avoid tryouts retry conflicts
+
+class SecurityTestModel < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :password      # No AAD
+  encrypted_field :api_key       # No AAD
+  encrypted_field :secret_data   # No AAD
+end
+
+class SecurityTestModel2 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  field :email
+  encrypted_field :api_key, aad_fields: [:email]
+end
+
+class SecurityTestModel3 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :password
+end
+
+class SecurityTestModel4 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :password
+end
+
+class SecurityTestModel5 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :password
+end
+
+class SecurityTestModel6 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :password
+end
+
+class SecurityTestModelNonceXChaCha < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :password
+end
+
+class SecurityTestModelNonceAES < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :password
+end
+
+class SecurityTestModel7 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :password
+end
+
+class SecurityTestModel8 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :password
+end
+
+class JsonTamperTestModel < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :userid
+  field :userid
+  encrypted_field :secret_data
+end
+
+class SecurityTestModel10 < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :user_id
+  field :user_id
+  encrypted_field :password
+end
+
+## Context isolation: Different field contexts use different encryption
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+user = SecurityTestModel.new(user_id: 'user1')
+
+user.password = 'same-value'
+user.api_key = 'same-value'
+user.secret_data = 'same-value'
+
+password_encrypted = user.instance_variable_get(:@password)
+api_key_encrypted = user.instance_variable_get(:@api_key)
+secret_data_encrypted = user.instance_variable_get(:@secret_data)
+
+[password_encrypted != api_key_encrypted,
+ password_encrypted != secret_data_encrypted,
+ api_key_encrypted != secret_data_encrypted]
+#=> [true, true, true]
+
+## AAD Protection: Different users get different AAD
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+user1 = SecurityTestModel2.new(user_id: 'user1', email: 'user1@example.com')
+user2 = SecurityTestModel2.new(user_id: 'user2', email: 'user2@example.com')
+
+# Same value with different AAD should encrypt differently
+user1.api_key = 'same-api-key-value'
+user2.api_key = 'same-api-key-value'
+
+user1_encrypted = user1.instance_variable_get(:@api_key)
+user2_encrypted = user2.instance_variable_get(:@api_key)
+
+user1_encrypted != user2_encrypted
+#=> true
+
+## Auth tag manipulation fails authentication
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+user = SecurityTestModel3.new(user_id: 'user1')
+user.password = 'test-password'
+encrypted = user.instance_variable_get(:@password)
+
+# Tamper with auth tag
+parsed = JSON.parse(encrypted.encrypted_value, symbolize_names: true)
+original_auth_tag = parsed[:auth_tag]
+tampered_auth_tag = original_auth_tag.dup
+tampered_auth_tag[0] = tampered_auth_tag[0] == 'A' ? 'B' : 'A'
+parsed[:auth_tag] = tampered_auth_tag
+tampered_json = parsed.to_json
+
+user.instance_variable_set(:@password, tampered_json)
+begin
+  user.password.reveal { |plain| plain }
+  "should_not_reach_here"
+rescue Familia::EncryptionError => e
+  e.message.include?("Decryption failed")
+end
+#=> true
+
+## Ciphertext manipulation fails authentication
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+user = SecurityTestModel4.new(user_id: 'user1')
+user.password = 'test-password'
+encrypted = user.instance_variable_get(:@password)
+
+# Tamper with ciphertext
+parsed = JSON.parse(encrypted.encrypted_value, symbolize_names: true)
+original_ciphertext = parsed[:ciphertext]
+tampered_ciphertext = original_ciphertext.dup
+tampered_ciphertext[0] = tampered_ciphertext[0] == 'A' ? 'B' : 'A'
+parsed[:ciphertext] = tampered_ciphertext
+tampered_json = parsed.to_json
+
+user.instance_variable_set(:@password, tampered_json)
+begin
+  user.password.reveal { |plain| plain }
+  "should_not_reach_here"
+rescue Familia::EncryptionError => e
+  e.message.include?("Decryption failed")
+end
+#=> true
+
+## Nonce manipulation detection
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+user = SecurityTestModel5.new(user_id: 'user1')
+user.password = 'test-password'
+encrypted = user.instance_variable_get(:@password)
+
+# Tamper with nonce
+parsed = JSON.parse(encrypted.encrypted_value, symbolize_names: true)
+original_nonce = parsed[:nonce]
+tampered_nonce = original_nonce.dup
+tampered_nonce[0] = tampered_nonce[0] == 'A' ? 'B' : 'A'
+parsed[:nonce] = tampered_nonce
+tampered_json = parsed.to_json
+
+user.instance_variable_set(:@password, tampered_json)
+begin
+  user.password.reveal { |plain| plain }
+  "should_not_reach_here"
+rescue Familia::EncryptionError => e
+  e.message.include?("Decryption failed")
+end
+#=> true
+
+## Key isolation: Wrong key version prevents decryption
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+user = SecurityTestModel6.new(user_id: 'user1')
+user.password = 'key-isolation-test'
+encrypted_with_v1 = user.instance_variable_get(:@password)
+
+
+# Parse and change key version to non-existent version
+parsed = JSON.parse(encrypted_with_v1.encrypted_value, symbolize_names: true)
+parsed[:key_version] = 'v999'
+modified_json = parsed.to_json
+
+user.instance_variable_set(:@password, modified_json)
+begin
+  user.password.reveal { |plain| plain }
+  "should_not_reach_here"
+rescue Familia::EncryptionError => e
+  e.message.include?("No key for version")
+end
+#=> true
+
+## Nonce manipulation fails authentication - XChaCha20Poly1305 (24-byte nonces)
+
+user = SecurityTestModelNonceXChaCha.new(user_id: 'user1')
+user.password = 'nonce-test-xchacha'
+encrypted_with_nonce = user.instance_variable_get(:@password)
+
+# Parse and modify nonce (XChaCha20Poly1305 uses 24-byte nonces)
+parsed = JSON.parse(encrypted_with_nonce.encrypted_value, symbolize_names: true)
+original_nonce = parsed[:nonce]
+# Create a different valid base64 nonce for XChaCha20Poly1305 (24 bytes)
+different_nonce = Base64.strict_encode64('x' * 24)
+parsed[:nonce] = different_nonce
+modified_json = parsed.to_json
+
+user.instance_variable_set(:@password, modified_json)
+begin
+  user.password.reveal { |plain| plain }
+  "should_not_reach_here"
+rescue Familia::EncryptionError => e
+  e.message.include?("Decryption failed")
+end
+#=> true
+
+## Nonce manipulation fails authentication - AES-GCM (12-byte nonces)
+
+user_aes = SecurityTestModelNonceAES.new(user_id: 'user2')
+# Force AES-GCM encryption for this test
+encrypted_aes = Familia::Encryption.encrypt_with('aes-256-gcm', 'nonce-test-aes',
+  context: 'SecurityTestModelNonceAES:user2:password')
+user_aes.instance_variable_set(:@password, encrypted_aes)
+
+# Parse and modify nonce (AES-GCM uses 12-byte nonces)
+parsed_aes = JSON.parse(encrypted_aes, symbolize_names: true)
+original_nonce_aes = parsed_aes[:nonce]
+# Create a different valid base64 nonce for AES-GCM (12 bytes)
+different_nonce_aes = Base64.strict_encode64('y' * 12)
+parsed_aes[:nonce] = different_nonce_aes
+modified_json_aes = parsed_aes.to_json
+
+user_aes.instance_variable_set(:@password, modified_json_aes)
+begin
+  user_aes.password.reveal { |plain| plain }
+  "should_not_reach_here"
+rescue Familia::EncryptionError => e
+  e.message.include?("Decryption failed")
+end
+#=> true
+
+## Key cache isolation between different contexts
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+user = SecurityTestModel7.new(user_id: 'cache-user')
+user.password = 'cache-test'
+
+# Use different encryption context
+other_user = SecurityTestModel8.new(user_id: 'cache-user')
+other_user.password = 'cache-test'
+
+user_encrypted = user.instance_variable_get(:@password)
+other_encrypted = other_user.instance_variable_get(:@password)
+
+# Different classes should have different key caches
+user_encrypted != other_encrypted
+#=> true
+
+## Cross-user encrypted data should not decrypt
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+user1 = SecurityTestModel7.new(user_id: 'user1')
+user2 = SecurityTestModel7.new(user_id: 'user2')
+
+user1.password = 'user1-password'
+user1_encrypted = user1.instance_variable_get(:@password)
+
+# Try to use user1's encrypted data with user2's context
+user2.instance_variable_set(:@password, user1_encrypted.encrypted_value)
+
+# This should fail due to different AAD contexts (user1 vs user2)
+begin
+  user2.password.reveal { |plain| plain }
+  false
+rescue Familia::EncryptionError => e
+  e.message.include?("Decryption failed")
+end
+#=> true
+
+## Thread-local key cache independence
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+user = SecurityTestModel8.new(user_id: 'thread-user')
+user.password = 'thread-test'
+main_encrypted = user.instance_variable_get(:@password)
+
+thread_encrypted = nil
+Thread.new do
+  thread_user = SecurityTestModel8.new(user_id: 'thread-user')
+  thread_user.password = 'thread-test'
+  thread_encrypted = thread_user.instance_variable_get(:@password)
+end.join
+
+# Different threads should have independent key caches
+# And different nonces mean different encrypted values even for same plaintext
+main_encrypted != thread_encrypted
+#=> true
+
+## JSON structure tampering detection
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+user = JsonTamperTestModel.new(userid: 'user1')
+user.secret_data = 'json-structure-test'
+
+# Test invalid JSON structure
+user.instance_variable_set(:@secret_data, '{"invalid": "json"')
+user.secret_data
+#=!> Familia::EncryptionError
+#==> error.message.include?("Invalid JSON structure")
+
+## Algorithm field tampering detection
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+user = SecurityTestModel10.new(user_id: 'user1')
+user.password = 'algorithm-test'
+encrypted = user.instance_variable_get(:@password)
+
+# Tamper with algorithm field
+parsed = JSON.parse(encrypted.encrypted_value, symbolize_names: true)
+parsed[:algorithm] = 'unsupported_algorithm'
+tampered_json = parsed.to_json
+
+user.instance_variable_set(:@password, tampered_json)
+user.password
+#=!> Familia::EncryptionError
+#==> error.message.include?("Unsupported algorithm")