nbfritz-encryptedattributes 0.1.0

data/lib/encryptedattributes.rb

@@ -0,0 +1,169 @@
+require 'openssl'
+require 'digest'
+require 'base64'
+
+# This module allows for the easy encryption/decryption of attributes
+#
+# Attributes to be encrypted are configured with an attr_encrypted, similar to
+# an attr_accessor call, at the beginning of the class. Eg:
+#
+#   class TestClass
+#     attr_encrypted :ssn
+#     ...
+#
+# One caveat: at this point, only attributes containing strings can be
+# encrypted. If you need to encrypt other types, you'll have to handle
+# the casting to and from String type manually.
+module EncryptedAttributes
+  module ClassMethods
+    # Class-level writer for the @@encrypted_attributes array
+    def encrypted_attributes=(attributes)
+      @encrypted_attributes = attributes
+    end
+
+    # Class-level reader for the @@encrypted_attributes array
+    def encrypted_attributes
+      @encrypted_attributes
+    end
+
+    # Generates a random IV for seeding a cipher
+    def random_iv
+      OpenSSL::Cipher::Cipher.new('aes-256-cbc').random_iv
+    end
+
+    # Generates a random IV for seeding a cipher
+    def random_key
+      OpenSSL::Cipher::Cipher.new('aes-256-cbc').random_key
+    end
+  end
+
+  module InstanceMethods
+    attr_writer   :cipher_iv
+    attr_accessor :cipher_key, :encrypted
+
+    # reader for @cipher_iv that returns a default value if none exists
+    def cipher_iv
+      @cipher_iv ||= "1234567812345678"  # 16 bytes (128 bits) of data
+    end
+
+    # Encrypts all encrypted attributes with the crypt_all private method
+    def encrypt_all; crypt_all(:encrypt); end
+
+    # Decrypts all encrypted attributes with the crypt_all private method
+    def decrypt_all; crypt_all(:decrypt); end
+
+    # Takes the supplied password and optional salt and sets the @cipher_key
+    def key_from_password(password, salt='')
+      @cipher_key = crypto_hash(salt+password)
+    end
+    
+    # Generates a random 256-bit hash
+    def random_key
+      @cipher_key = self.class.random_key
+    end
+
+    # Generates a random IV
+    def random_iv
+      @cipher_iv = self.class.random_iv
+    end
+
+    # Marshals the @cipher_key and @cipher_iv and returns it in base64
+    def credentials
+      Base64.encode64(Marshal.dump([self.cipher_key, self.cipher_iv]))
+    end
+
+    # Unmarshals supplied base64 data into @cipher_key and @cipher_iv
+    def credentials=(credentials)
+      (@cipher_key, @cipher_iv) = Marshal.load(Base64.decode64(credentials))
+    end
+
+    # Generates a 256-bit hash from the supplied data
+    def crypto_hash(data)
+      Digest::SHA256.digest(data)
+    end
+
+    # Returns a base64 encoded version of crypto_hash
+    def crypto_hash64(data)
+      Base64.encode64(crypto_hash(data))
+    end
+
+    private
+    # Encrypts or decrypts all encrypted attributes on this instance
+    #
+    # Mode must be either :encrypt or :decrypt
+    #
+    # Returns false if attempting a decrypt on an already decrypted instance
+    # or an encrypt on an already encrypted instance.
+    def crypt_all(mode = :decrypt)
+      if (mode == :decrypt && @encrypted) || (mode == :encrypt && !@encrypted)
+        self.class.encrypted_attributes.each do |attribute|
+          crypt_attr(attribute.to_s, mode)
+        end
+        @encrypted = (mode == :decrypt) ? false : true
+        return true
+      else
+        return false
+      end
+    end
+
+    # Handles the encryption of a single attribute
+    #
+    # If accessors are available, they will be used, otherwise, the instance
+    # variables will be read/written directly.
+    #
+    # Note: will skip encryption/decryption if the attribute is nil
+    def crypt_attr(attribute, mode = :decrypt)
+      method_list = self.methods
+      if method_list.include?(attribute.to_s) 
+        data = send(attribute)
+      else
+        data = instance_variable_get("@"+attribute)
+      end
+      
+      if data
+        if method_list.include?(writer = attribute.to_s+"=") 
+          send(writer, crypt(data, mode))
+        else
+          instance_variable_set("@"+attribute, crypt(data, mode))
+        end
+      end
+    end
+
+    # Does the real encryption/decryption
+    def crypt(data, mode = :decrypt)
+      data = Base64.decode64(data) if mode == :decrypt
+
+      raise "No key found" unless @cipher_key
+      raise "Only Strings can be encrypted" unless data.class == String
+      cipher = cipher_object(mode)
+      output = cipher.update(data)
+      output << cipher.final
+
+      return (mode == :encrypt) ? Base64.encode64(output) : output
+    end
+
+    # Returns a fresh cipher object.
+    #
+    # (developer note: The gotcha here is that the call to cipher to set
+    # the mode to either encrypt or decrypt must preceed the calls to supply
+    # the iv and key!)
+    def cipher_object(mode = :decrypt)
+      cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
+      cipher.send(mode.to_s)
+      cipher.key = self.cipher_key
+      cipher.iv  = self.cipher_iv
+      return cipher
+    end
+  end
+end
+
+class Class
+  # Add the attr_encrypted command to Class so new classes can use it
+  def attr_encrypted(*attrs)
+    self.extend(EncryptedAttributes::ClassMethods)
+    send(:encrypted_attributes=, attrs)
+    instance_eval do
+      send(:include, EncryptedAttributes::InstanceMethods)
+    end
+  end
+end

data/tests/setup.rb

@@ -0,0 +1,2 @@
+require 'test/unit'
+require File.dirname(__FILE__) + '/../lib/encryptedattributes.rb'

data/tests/test_encryption.rb

@@ -0,0 +1,72 @@
+require File.dirname(__FILE__) + '/setup.rb'
+
+class TestClassAccessors
+  attr_accessor  :x, :y
+  attr_encrypted :x, :y
+end
+
+class TestRandomEncryption < Test::Unit::TestCase
+  def setup
+    @test_a = TestClassAccessors.new
+    @key = @test_a.random_key
+    @iv = @test_a.random_iv
+    @test_a.x = "test text 1"
+    @test_a.y = "test text 2"
+  end
+
+  def test_random_key
+    assert_equal 32, @key.length
+    assert_instance_of String, @key
+  end
+
+  def test_random_iv
+    assert_equal 16, @iv.length
+    assert_instance_of String, @iv
+  end
+
+  def test_encryption
+    @before = @test_a.x
+    @test_a.encrypt_all
+    @after = @test_a.x
+
+    assert_not_equal @before, @after
+  end
+end
+
+class TestFixedEncryption < Test::Unit::TestCase
+  def setup
+    @test_a = TestClassAccessors.new
+    @key = @test_a.key_from_password('password')
+    @iv = @test_a.cipher_iv = 'a'*16
+    @test_a.x = "test text 1"
+    @test_a.y = "test text 2"
+
+    @credentials = "BAhbByIlXohImNooBHFR0OVvjcYpJ3NgPQ1qq73WKhHvch0VQtgiFWFhYWFh\n"+
+                   "YWFhYWFhYWFhYWE=\n"
+    @encrypted = "LJ/4bevW6+N+9YuthORrqA==\n"
+  end
+
+  def test_fixed_key
+    assert_equal 32, @key.length
+    assert_instance_of String, @key
+  end
+
+  def test_fixed_iv
+    assert_equal 16, @iv.length
+    assert_instance_of String, @iv
+  end
+
+  def test_encryption
+    @before = @test_a.x
+    @test_a.encrypt_all
+    @after = @test_a.x
+
+    assert_not_equal @before, @after
+    assert_equal @after, @encrypted
+  end
+
+  def test_credentials
+    assert_equal 78, @test_a.credentials.size
+    assert_equal @credentials, @test_a.credentials
+  end
+end

metadata

@@ -0,0 +1,55 @@
+--- !ruby/object:Gem::Specification 
+name: nbfritz-encryptedattributes
+version: !ruby/object:Gem::Version 
+  version: 0.1.0
+platform: ruby
+authors: 
+- Nathan Fritz
+autorequire: encryptedattributes
+bindir: bin
+cert_chain: []
+
+date: 2008-05-03 00:00:00 -07:00
+default_executable: 
+dependencies: []
+
+description: This module adds the attr_encrypted call (use it like attr_accessor) to add two-way encryption capabilities to any class being defined.
+email: fritzn@crown.edu
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- tests/setup.rb
+- tests/test_encryption.rb
+- lib/encryptedattributes.rb
+has_rdoc: true
+homepage: http://n.thefritzes.net
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.0.1
+signing_key: 
+specification_version: 2
+summary: Basic module to add symmetric encryption of attributes/instance variables to Ruby classes.
+test_files: 
+- tests/test_encryption.rb