lockbox 0.3.3 → 0.3.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/README.md +1 -1
- data/lib/lockbox/box.rb +1 -1
- data/lib/lockbox/encryptor.rb +5 -0
- data/lib/lockbox/migrator.rb +1 -1
- data/lib/lockbox/model.rb +23 -3
- data/lib/lockbox/padding.rb +14 -7
- data/lib/lockbox/utils.rb +1 -0
- data/lib/lockbox/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c64ea693f929a79e495419fe5203760f73a2e1047602031eb90dcfd6542448d7
|
|
4
|
+
data.tar.gz: d5c43889eb01598b80ed47bb2d521fbd4970a94bf0e0880770f66f54d0ccfca9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 760e4d28aaa0e3c059541ee91367112036e34bb87b64232d6de3a5e0c016ed59d47c79ea8549d67bb30922277869eed1187d2c5d77349430b7de81d50f2bc7d3
|
|
7
|
+
data.tar.gz: cee190766d994e26e05fce781c17404fd99fa74d1606c57f1103ed4e428abb0f2256779f005ace00123e07901fd3c4435083e6e950d8d01e92609625dfeca2da
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -472,7 +472,7 @@ class UsersController < ApplicationController
|
|
|
472
472
|
LockboxAudit.create!(
|
|
473
473
|
subject: @user,
|
|
474
474
|
viewer: current_user,
|
|
475
|
-
data: ["
|
|
475
|
+
data: ["name", "email"],
|
|
476
476
|
context: "#{controller_name}##{action_name}",
|
|
477
477
|
ip: request.remote_ip
|
|
478
478
|
)
|
data/lib/lockbox/box.rb
CHANGED
|
@@ -70,7 +70,7 @@ module Lockbox
|
|
|
70
70
|
nonce, ciphertext = extract_nonce(@box, ciphertext)
|
|
71
71
|
@box.decrypt(nonce, ciphertext, associated_data)
|
|
72
72
|
end
|
|
73
|
-
message = Lockbox.unpad(message, size: @padding) if @padding
|
|
73
|
+
message = Lockbox.unpad!(message, size: @padding) if @padding
|
|
74
74
|
message
|
|
75
75
|
end
|
|
76
76
|
|
data/lib/lockbox/encryptor.rb
CHANGED
|
@@ -3,6 +3,8 @@ module Lockbox
|
|
|
3
3
|
def initialize(**options)
|
|
4
4
|
options = Lockbox.default_options.merge(options)
|
|
5
5
|
@encode = options.delete(:encode)
|
|
6
|
+
# option may be renamed to binary: true
|
|
7
|
+
# warn "[lockbox] Lockbox 1.0 will default to encode: true. Pass encode: false to keep the current behavior." if @encode.nil?
|
|
6
8
|
previous_versions = options.delete(:previous_versions)
|
|
7
9
|
|
|
8
10
|
@boxes =
|
|
@@ -81,16 +83,19 @@ module Lockbox
|
|
|
81
83
|
target.set_encoding(source.external_encoding) if source.respond_to?(:external_encoding)
|
|
82
84
|
end
|
|
83
85
|
|
|
86
|
+
# TODO remove in 0.4.0
|
|
84
87
|
# legacy for attr_encrypted
|
|
85
88
|
def self.encrypt(options)
|
|
86
89
|
box(options).encrypt(options[:value])
|
|
87
90
|
end
|
|
88
91
|
|
|
92
|
+
# TODO remove in 0.4.0
|
|
89
93
|
# legacy for attr_encrypted
|
|
90
94
|
def self.decrypt(options)
|
|
91
95
|
box(options).decrypt(options[:value])
|
|
92
96
|
end
|
|
93
97
|
|
|
98
|
+
# TODO remove in 0.4.0
|
|
94
99
|
# legacy for attr_encrypted
|
|
95
100
|
def self.box(options)
|
|
96
101
|
options = options.slice(:key, :encryption_key, :decryption_key, :algorithm, :previous_versions)
|
data/lib/lockbox/migrator.rb
CHANGED
data/lib/lockbox/model.rb
CHANGED
|
@@ -125,7 +125,13 @@ module Lockbox
|
|
|
125
125
|
serialize name, JSON if options[:type] == :json
|
|
126
126
|
serialize name, Hash if options[:type] == :hash
|
|
127
127
|
elsif !attributes_to_define_after_schema_loads.key?(name.to_s)
|
|
128
|
-
|
|
128
|
+
# when migrating it's best to specify the type directly
|
|
129
|
+
# however, we can try to use the original type if its already defined
|
|
130
|
+
if attributes_to_define_after_schema_loads.key?(original_name.to_s)
|
|
131
|
+
attribute name, attributes_to_define_after_schema_loads[original_name.to_s].first
|
|
132
|
+
else
|
|
133
|
+
attribute name, :string
|
|
134
|
+
end
|
|
129
135
|
end
|
|
130
136
|
|
|
131
137
|
define_method("#{name}_was") do
|
|
@@ -330,9 +336,23 @@ module Lockbox
|
|
|
330
336
|
end
|
|
331
337
|
|
|
332
338
|
if options[:migrating]
|
|
333
|
-
|
|
334
|
-
|
|
339
|
+
# TODO reuse module
|
|
340
|
+
m = Module.new do
|
|
341
|
+
define_method "#{original_name}=" do |value|
|
|
342
|
+
result = super(value)
|
|
343
|
+
send("#{name}=", send(original_name))
|
|
344
|
+
result
|
|
345
|
+
end
|
|
346
|
+
|
|
347
|
+
unless activerecord
|
|
348
|
+
define_method "reset_#{original_name}!" do
|
|
349
|
+
result = super()
|
|
350
|
+
send("#{name}=", send(original_name))
|
|
351
|
+
result
|
|
352
|
+
end
|
|
353
|
+
end
|
|
335
354
|
end
|
|
355
|
+
prepend m
|
|
336
356
|
end
|
|
337
357
|
end
|
|
338
358
|
end
|
data/lib/lockbox/padding.rb
CHANGED
|
@@ -3,16 +3,24 @@ module Lockbox
|
|
|
3
3
|
PAD_FIRST_BYTE = "\x80".b
|
|
4
4
|
PAD_ZERO_BYTE = "\x00".b
|
|
5
5
|
|
|
6
|
+
def pad(str, **options)
|
|
7
|
+
pad!(str.dup, **options)
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def unpad(str, **options)
|
|
11
|
+
unpad!(str.dup, **options)
|
|
12
|
+
end
|
|
13
|
+
|
|
6
14
|
# ISO/IEC 7816-4
|
|
7
15
|
# same as Libsodium
|
|
8
16
|
# https://libsodium.gitbook.io/doc/padding
|
|
9
17
|
# apply prior to encryption
|
|
10
18
|
# note: current implementation does not
|
|
11
19
|
# try to minimize side channels
|
|
12
|
-
def pad(str, size: 16)
|
|
20
|
+
def pad!(str, size: 16)
|
|
13
21
|
raise ArgumentError, "Invalid size" if size < 1
|
|
14
22
|
|
|
15
|
-
str
|
|
23
|
+
str.force_encoding(Encoding::BINARY)
|
|
16
24
|
|
|
17
25
|
pad_length = size - 1
|
|
18
26
|
pad_length -= str.bytesize % size
|
|
@@ -27,12 +35,10 @@ module Lockbox
|
|
|
27
35
|
|
|
28
36
|
# note: current implementation does not
|
|
29
37
|
# try to minimize side channels
|
|
30
|
-
def unpad(str, size: 16)
|
|
38
|
+
def unpad!(str, size: 16)
|
|
31
39
|
raise ArgumentError, "Invalid size" if size < 1
|
|
32
40
|
|
|
33
|
-
|
|
34
|
-
str = str.dup.force_encoding(Encoding::BINARY)
|
|
35
|
-
end
|
|
41
|
+
str.force_encoding(Encoding::BINARY)
|
|
36
42
|
|
|
37
43
|
i = 1
|
|
38
44
|
while i <= size
|
|
@@ -40,7 +46,8 @@ module Lockbox
|
|
|
40
46
|
when PAD_ZERO_BYTE
|
|
41
47
|
i += 1
|
|
42
48
|
when PAD_FIRST_BYTE
|
|
43
|
-
|
|
49
|
+
str.slice!(-i..-1)
|
|
50
|
+
return str
|
|
44
51
|
else
|
|
45
52
|
break
|
|
46
53
|
end
|
data/lib/lockbox/utils.rb
CHANGED
|
@@ -2,6 +2,7 @@ module Lockbox
|
|
|
2
2
|
class Utils
|
|
3
3
|
def self.build_box(context, options, table, attribute)
|
|
4
4
|
options = options.except(:attribute, :encrypted_attribute, :migrating, :attached, :type)
|
|
5
|
+
options[:encode] = false unless options.key?(:encode)
|
|
5
6
|
options.each do |k, v|
|
|
6
7
|
if v.is_a?(Proc)
|
|
7
8
|
options[k] = context.instance_exec(&v) if v.respond_to?(:call)
|
data/lib/lockbox/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: lockbox
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Kane
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-04-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|