messagesodium 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c060a1d38eee8f3a480390a7150ea112f68fb0fa
-  data.tar.gz: a5c72b3f85ed0b3a43f33f5ef03aeaa402dc3478
+  metadata.gz: 3bbe8437f3f0156fccf90bb3defdf1b565057196
+  data.tar.gz: 01b0de5ed925df8cc9c501b83b07899acfa83b9b
 SHA512:
-  metadata.gz: 8df7f3adaae862c22ebd497eeed5ab8af18e3bbc8d716fe294d6d88bd4f5c46e86a568754e0b9a53aeb9af1cbed0c4e139ff8ade3467cd6defe87bc221e6b4c9
-  data.tar.gz: ee86b1d422e378c337b0f5792867fb0a19c5b06325bef6668dacb359466ac3553dbaab975836bfa3eecb344e3a420121e1f4c679b0f70e80b8d77b226fbdf20e
+  metadata.gz: 7d901c443944865798e2485a7d78da76abdd6110d2d432f1255887c5352bd5470691290cfb74b3c297e6b4f98d71d3348f2cb7d6c3c22ee3c71e21bb6b271a15
+  data.tar.gz: 75cb3cafda0ebbd2792c8f7a049f3fa0854dcfe8e10e88ccb0b7a2968c654f5bfb0af74acb80d7ce04e83d1657e494da41bc4b352f8fe231c2b539fe4001ff21

data/.rubocop.yml

@@ -0,0 +1,14 @@
+Style/StringLiterals:
+  Enabled: false
+
+Metrics/AbcSize:
+  Max: 30
+
+Metrics/LineLength:
+  Max: 90
+
+Style/PercentLiteralDelimiters:
+  Enabled: false
+
+Style/UnneededPercentQ:
+  Enabled: false

data/README.md

@@ -3,3 +3,72 @@
 Project status: Turbo Pre-alpha
 
 Patches Cookiestore to use libsodium for encryption and verification.
+
+# Cookistore
+
+Rails [Cookiestore](https://www.justinweiss.com/articles/how-rails-sessions-work/) is a heavily underrated feature. It bought commonsense to session management at a time when [saving every user session in its own tmpfile on a server](http://php.net/manual/en/function.session-start.php) was slow and unreasonable to scale, and XXX.
+
+This gem brings an alternative backend to CookieStore.
+
+# Use
+
+Just insert this gem into your Gemfile like any other:
+
+    gem 'messagesodium'
+
+And run your usual bundle installation. Any existing sessions will be invalidated, much like if you changed your secret key.
+You can test it is active by looking at any session cookie. The absence of the "--" delimeter will confirm you are using this gem.
+
+# Demonstration
+
+[This gist](https://gist.github.com/technion/5cb2c6fbc570f6c1bc66e30bfb072cdf) shows a few interesting benchmarks, which we can refer to when describing what this gem offers.
+
+```
+
+Cookiestore data is: SWFQbTg0dCtheE45TXU0dWRtT25ndjJVSEdWTE8vei9LMVpZYWVjaWZjaFppdUk5aklVRWZEUy9TOUJuMFpYd2dDMndVZkt0eTR5Sm04Y1FjQzk0M00wRnhTRERHdDhnT3c1dTBvTnRad009LS16WlFaeE82dy84VzA4NThYQzk5bTVBPT0=--efcb8809421d2dc1665c9d9afa9638c1c2a763eb
+which is 222 in length
+Sodium data is: SGwQn0DD+pOvTPo68nvNYQLRFMt+Mf7rFU6BkiKhA0qHGT8BHVuqXRqEOYy+xcOoMCCRh99eeb/sVWlPzA4/FavTyg4U0PUAns0bx/Q9j4gcoD6K/h0z8yZvW0425g==
+which is 128 in length
+                                       user     system      total        real
+to_json                            2.470000   0.000000   2.470000 (  2.514048)
+JSON.dump                          0.520000   0.000000   0.520000 (  0.534084)
+cookiestore encrypt and sign       1.810000   0.030000   1.840000 (  1.915375)
+cookiestore decrypt and verify     2.730000   0.000000   2.730000 (  2.824819)
+libsodium encrypt and sign         1.580000   0.060000   1.640000 (  1.738750)
+libsodium decrypt                  1.010000   0.000000   1.010000 (  1.035354)
+
+```
+
+## Smaller cookies
+
+A welcome consequence is that of smaller cookies. This isn't strictly the result of changed encryption algorithms, but CookieStore's message packing is somewhat ineffecient. It is effectively:
+
+    Base64(Base64(iv) || "--" || Base64(message)) || "--" HMAC
+
+If you can understand the reasoning for double Base64 encoding you're smarter than I am, but it adds to the four delimiting bytes. The authenticator on Poly1305 is also four bytes shorter than SHA1. You can see the end result in the above benchmark - 222 bytes vs 128 for our sample.
+
+Smaller cookies are a good thing. It's less data on the wire for every single page hit, and it's more room to move around the 4Kb limit.
+
+## More performant
+
+The above benchmark shows our approach as much more performant. Some of that is just crypto, which can be hardware dependant.
+
+But some of this is down to the message packing. Dipping into Base64 functions three separate times to open one cookie is ineffecient. When the IV is known to be of BLOCKSIZE length, choosing to cut it by using split() and a delimiter is the long way around. In the end, performance is great.
+
+## A modern security approach
+
+Let's be clear about the fact that I have no known issue with the current CookieStore implementation. However, it's worth having a read of the view of [Google's Adam Langley](https://www.imperialviolet.org/2013/10/07/chacha20.html) when describing "a strong motivation to replace it" when describing CBC mode.
+
+Indeed, the are several comments in the original Rails source code to the effect of "this dance is done in the hope we don't introduce a vulnerability".
+
+What you'll find in this gem is a much smaller, more easily audited codebase without any hoops to jump through.
+
+# Approach
+
+This gem is designed largely as a drop-in replacement for MessageEncryptor, which in turn is used by CookieStore. In a defualt environment, Rails astracts away everything I say below.
+
+MessageEncryptor takes a "secret", and a "signing secret", using them as two different secrets. Libsodium only needs a 256-bit secret.
+
+MessageEncryptor offers the option to provide an OpenSSL cipher. Obviously none of these apply to our gem. Finally, MessageEncryptor offers its choice of serializers. It defaults to Marshal, which was always a bad move, so Rails started to implicitly set JSON as the serializer in version 4.1. There's no reason in my view to let people have a footgun like this, so all this gem supports is JSON.
+
+In order to make this "drop in", all the above parameters can still be provided, they are just ignored.

data/Rakefile

@@ -4,7 +4,8 @@ require "rake/testtask"
 Rake::TestTask.new(:test) do |t|
   t.libs << "test"
   t.libs << "lib"
+  t.warning = true
   t.test_files = FileList['test/**/*_test.rb']
 end
 
-task :default => :test
+task default: :test

data/lib/messagesodium.rb

@@ -10,37 +10,37 @@ module ActiveSupport
   #
   # The cipher text and initialization vector are base64 encoded and returned
   # to you.
-  #
   class MessageEncryptor
     class InvalidMessage < StandardError; end
 
-    def initialize(secret, *signature_key_or_options)
-      # The options and signature fields are unused.
-      # However we need to retain them as they exist in the original function
+    # Uses "secret" as a libsodium Simplebox initialiser
+    # Secret must be 32 bytes (256-bit) long
+    # The options and signature fields are unused as lidsodium does not require
+    # a second key for an HMAC.
+    # However we need to retain them as they exist in the original function
+    def initialize(secret, *_signature_key_or_options)
       @box = RbNaCl::SimpleBox.from_secret_key(secret)
     end
 
-    # Encrypt and sign a message. We need to sign the message in order to avoid
-    # padding attacks. Reference: http://www.limited-entropy.com/padding-oracle-attacks.
+    # Encrypt and authenticate using libsodium XSalsa20/Poly1305
+    # Serialise with JSON.dump
+    # Returns base64(random nonce + cipher + auth tag)
     def encrypt_and_sign(value)
-      Base64.strict_encode64(@box.encrypt(value.to_json))
+      Base64.strict_encode64(@box.encrypt(::JSON.dump(value)))
     end
 
-    # Decrypt and verify a message. We need to verify the message in order to
-    # avoid padding attacks. Reference: http://www.limited-entropy.com/padding-oracle-attacks.
+    # Decrypt the message, and check the auth tag in the process.
     def decrypt_and_verify(value)
-      begin
-        JSON.parse(@box.decrypt(Base64.decode64(value)), symbolize_names: true)
-      rescue RbNaCl::CryptoError
-        raise InvalidMessage
-      end
+      ::JSON.parse(@box.decrypt(Base64.decode64(value)), symbolize_names: true)
+    rescue RbNaCl::CryptoError
+      raise InvalidMessage
     end
 
-    # Given a cipher, returns the key length of the cipher to help generate the key of desired size
-    def self.key_len(cipher)
+    # Given a cipher, returns the key length of the cipher to help generate
+    # the key of desired size
+    def self.key_len(_cipher = nil)
       # Ignore the cipher - libsodium knows what it's doing.
       RbNaCl::SecretBox.key_bytes
     end
   end
-
 end

data/lib/messagesodium/version.rb

@@ -1,3 +1,3 @@
 module Messagesodium
-  VERSION = "0.1.0"
+  VERSION = "0.2.0".freeze
 end

data/messagesodium.gemspec

@@ -9,8 +9,8 @@ Gem::Specification.new do |spec|
   spec.authors       = ["Technion"]
   spec.email         = ["technion@lolware.net"]
 
-  spec.summary       = %q{Patches Cookiestore to use Libsodium for encryption and verification.}
-  spec.description   = %q{Write a longer description or delete this line.}
+  spec.summary       = %q{Patches MessageEncryptor/Cookiestore to use Libsodium .}
+  spec.description   = %q{Introduces modern crypto, higher performance, smaller cookies to your sessions.}
   spec.homepage      = "https://github.com/technion/messagesodium"
   spec.license       = "MIT"
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: messagesodium
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Technion
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-09-03 00:00:00.000000000 Z
+date: 2017-09-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rbnacl-libsodium
@@ -66,7 +66,8 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '5.0'
-description: Write a longer description or delete this line.
+description: Introduces modern crypto, higher performance, smaller cookies to your
+  sessions.
 email:
 - technion@lolware.net
 executables: []
@@ -74,6 +75,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".rubocop.yml"
 - ".travis.yml"
 - Gemfile
 - LICENSE.txt
@@ -107,5 +109,5 @@ rubyforge_project:
 rubygems_version: 2.6.11
 signing_key: 
 specification_version: 4
-summary: Patches Cookiestore to use Libsodium for encryption and verification.
+summary: Patches MessageEncryptor/Cookiestore to use Libsodium .
 test_files: []