pgcrypto 0.0.1

data/.rspec

@@ -0,0 +1 @@
+--colour

data/CHANGES

@@ -0,0 +1,4 @@
+0.0.1
+	* INSERT, SELECT, and UPDATE statements are working. But I wrote this
+	  while testing with a production app, and thus haven't written
+    specific tests, so don't get your panties in a twist.

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) Phillip Sasser
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.markdown

@@ -0,0 +1,95 @@
+PGCrypto for ActiveRecord::Base
+===
+
+**PGCrypto** adds seamless column-level encryption to your ActiveRecord::Base subclasses. It's literally *one giant hack,*
+so I make no promises as to its efficacy in the real world beyond my tiny, Rails-3.2-based utopia.
+
+Installation
+-
+
+You need to have PGCrypto installed before this guy will work. [LMGTFY](http://lmgtfy.com/?q=how+to+install+pgcrypto).
+
+1. Add this to your Gemfile:
+	
+		gem "pgcrypto"
+
+2. Do this now:
+	
+		bundle
+
+3. Now point it to your public and private GPG keys:
+	
+		PGCrypto.keys[:private] = {:path => "~/.keys/private.key"}
+		PGCrypto.keys[:public] = {:path => "~/.keys/public.key"}
+
+4. PGCrypto columns are named `attribute_encrypted` and in the `binary` format, so do something like this:
+		
+		add_column :users, :social\_security\_number\_encrypted, :binary
+
+5. Tell the User class to encrypt and decrypt the `social_security_number` attribute on the fly:
+		
+		class User < ActiveRecord::Base
+			# ... all kinds of neat stuff ...
+
+			pgcrypto :social_security_number
+
+			# ... some other fun stuff
+		end
+
+6. Profit
+		
+		User.create!(:social_security_number => "466-99-1234") #=> #<User with stuff>
+		User.last.social_security_number #=> "466-99-1234"
+
+BAM. It looks innocuous on your end, but on the back end that beast is storing the social security number in
+a GPG-encrypted column that can only be decrypted with your secure key.
+
+Keys
+-
+
+You can tell PGCrypto about your keys in a number of fun ways. The most straightforward is to assign the actual
+content of the key manually:
+
+	PGCrypto.keys[:private] = "-----BEGIN PGP PRIVATE KEY BLOCK----- ..."
+
+You can also give it more specific stuff:
+
+	PGCrypto.keys[:private] = {:path => ".private.key", :armored => true, :password => "myKeyPASSwhichizneededBRO"}
+
+This is especially important if you password protect your private key files (and you SHOULD, for the record)!
+
+You can also specify different keys for different purposes:
+
+	PGCrypto.keys[:user_public] = {:path => '.user_public.key'}
+	PGCrypto.keys[:user_private] = {:path => '.user_private.key'}
+
+If you do that, just tell PGCrypto which keys to use on which columns, using an optional hash on the end of the `pgcrypto` call:
+
+	class User < ActiveRecord::Base
+		pgcrypto :social_security_number, :private_key => :user_private, :public_key => :user_public
+	end
+
+FINALLY, if you want to bundle your public key with your application, PGCrypto will automatically load Rails.root/.pgcrypto,
+so feel free to put your public key in there. I recommend deploy-time passing of your private key and password, to ensure it
+doesn't wind up in any long-term storage on the server:
+
+	PGCrypto.keys[:private] = {:value => ENV['PRIVATE_KEY'], :password => ENV['PRIVATE_KEY_PASSWORD']}
+
+Warranty
+-
+
+As I mentioned before, this library is one HUGE hack. When you're using something like this alongside data that needs to be
+well protected, this is just scratching the surface. This will make it easy to follow the basics of asymmetric, GPG-based,
+column-level encryption in PostgreSQL but that's about it.
+
+As such, the author and Delightful Widgets Inc. offer ABSOLUTELY NO GODDAMN WARRANTY. As I mentioned, this works great in our
+Rails 3.2 world, but YMMV if your version of Arel or ActiveRecord are ahead or behind ours. Sorry, folks.
+
+WTF NO TESTS?!!
+-
+
+Nope. We built this inside of a production application, and used its test suite to debug everything. Since this is really just
+a preview release, I haven't written a suite for it yet. Sorry.
+
+Authored by Flip Sasser
+Copyright (C) 2012 Delightful Widgets, Inc.

data/Rakefile

@@ -0,0 +1,38 @@
+require 'rake'
+
+task :default => :spec
+
+begin
+  require 'spec/rake/spectask'
+
+  desc "Run all examples"
+  Spec::Rake::SpecTask.new('spec') do |t|
+    t.spec_files = FileList['spec/**/*.rb']
+  end
+
+  desc "Run all examples with RCov"
+  Spec::Rake::SpecTask.new('spec:rcov') do |t|
+    t.spec_files = FileList['spec/**/*.rb']
+    t.rcov = true
+    t.rcov_opts = ['--exclude', 'spec,gem']
+  end
+rescue LoadError
+  puts "Could not load Rspec. To run tests, use `gem install rspec`"
+end
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gemspec|
+    gemspec.name = "pgcrypto"
+    gemspec.summary = "A transparent ActiveRecord::Base extension for encrypted columns"
+    gemspec.description = %{
+      PGCrypto is an ActiveRecord::Base extension that allows you to asymmetrically
+      encrypt PostgreSQL columns with as little trouble as possible. It's totally
+      freaking rad.
+    }
+    gemspec.email = "flip@x451.com"
+    gemspec.homepage = "http://github.com/Plinq/pgcrypto"
+    gemspec.authors = ["Flip Sasser"]
+  end
+rescue LoadError
+end

data/VERSION

@@ -0,0 +1 @@
+0.0.1

data/lib/pgcrypto.rb

@@ -0,0 +1,55 @@
+require 'pgcrypto/active_record'
+require 'pgcrypto/arel'
+require 'pgcrypto/key'
+require 'pgcrypto/table_manager'
+
+module PGCrypto
+  class << self
+    def [](key)
+      (@table_manager ||= TableManager.new)[key]
+    end
+
+    def keys
+      @keys ||= KeyManager.new
+    end
+  end
+
+  class Error < StandardError; end
+
+  module ClassMethods
+    def pgcrypto(*column_names)
+
+      options = column_names.last.is_a?(Hash) ? column_names.pop : {}
+      options = {:type => :pgp}.merge(options)
+
+      column_names.map(&:to_s).each do |column_name|
+        encrypted_column_name = "#{column_name}_encrypted"
+        unless columns_hash[encrypted_column_name]
+          puts "WARNING: You defined #{column_name} as an encrypted column, but you don't have a corresponding #{encrypted_column_name} column in your database!"
+        end
+        # Stash the encryption type in our module so various monkeypatches can access it later!
+        PGCrypto[table_name][encrypted_column_name] = options.symbolize_keys!
+
+        # Add attribute readers/writers to keep this baby as fluid and clean as possible.
+        class_eval <<-encrypted_attribute_writer
+        def #{column_name}
+          @attributes["#{column_name}"]
+        end
+        
+        # We write the attribute twice - once as the alias so the accessor keeps working, and once
+        # so the actual attribute value is dirty and will be queued up for assignment
+        def #{column_name}=(value)
+          @attributes["#{column_name}"] = value
+          write_attribute(:#{encrypted_column_name}, value)
+        end
+        encrypted_attribute_writer
+        # Did you notice how I was all, "clean as possible" before I fucked w/AR's internal
+        # instance variables rather than use the API? *Hilarious.*
+      end
+    end
+  end
+end
+
+PGCrypto.keys[:public] = {:path => '.pgcrypto'} if File.file?('.pgcrypto')
+
+ActiveRecord::Base.extend PGCrypto::ClassMethods if defined? ActiveRecord::Base

data/lib/pgcrypto/active_record.rb

@@ -0,0 +1,107 @@
+require 'active_record/connection_adapters/postgresql_adapter'
+
+ActiveRecord::ConnectionAdapters::PostgreSQLAdapter.class_eval do
+  alias :original_to_sql :to_sql
+  def to_sql(arel)
+    case arel
+    when Arel::InsertManager
+      pgcrypto_tweak_insert(arel)
+    when Arel::SelectManager
+      pgcrypto_tweak_select(arel)
+    when Arel::UpdateManager
+      pgcrypto_tweak_update(arel)
+    end
+    original_to_sql(arel)
+  end
+
+  private
+  def pgcrypto_tweak_insert(arel)
+    table = arel.ast.relation.name
+    unless PGCrypto[table].empty?
+      arel.ast.columns.each_with_index do |column, i|
+        if options = PGCrypto[table][column.name]
+          key = PGCrypto.keys[options[:public_key] || :public]
+          value = arel.ast.values.expressions[i]
+          quoted_value = quote_string(value)
+          encryption_instruction = %[pgp_pub_encrypt(#{quoted_value}, #{key.dearmored})]
+          arel.ast.values.expressions[i] = Arel::Nodes::SqlLiteral.new(encryption_instruction)
+        end
+      end
+    end
+  end
+
+  def pgcrypto_tweak_select(arel)
+    # We start by looping through each "core," which is just
+    # a SelectStatement, and tweaking both *what* it's selecting
+    # and correcting plain-text queries against an encrypted
+    # column...
+    joins = {}
+    arel.ast.cores.each do |core|
+      # Now we loop through each SelectStatement's actual selction -
+      # typically it's just '*'; and, in fact, that one of the only
+      # things we care about!
+      new_projections = []
+      core.projections.each do |projection|
+        next unless projection.respond_to?(:relation)
+        # The one other situation we might care about is if the projection is
+        # selecting a specifically encrypted column, in which case, we want to
+        # _wrap_ it. See how that's different?
+        if !PGCrypto[projection.relation.name].empty?
+          # Okay, so first, check if it's a broad select
+          if projection.name == '*'
+            # In this case, we want to just grap all the keys from columns in this table
+            # and select them fancy-like
+            PGCrypto[projection.relation.name].each do |column, options|
+              new_projections.push(pgcrypto_tweak_select_column(column, options, joins))
+            end
+          elsif options = PGCrypto[projection.relation.name][projection.name]
+            # And in this case, we're just selecting a single column!
+            new_projections.push(pgcrypto_tweak_select_column(projection.name, options, joins))
+          end
+        end
+      end
+      core.projections.push(*new_projections)
+
+      # Dios mio! What an operation! Now we'll do something similar for the WHERE statements
+      core.wheres.each do |where|
+        # Now loop through the children to encrypt them for the SELECT
+        where.children.each do |child|
+          if options = PGCrypto[child.left.relation.name]["#{child.left.name}_encrypted"]
+            key = PGCrypto.keys[options[:private_key] || :private]
+            joins[key.name] ||= "#{key.dearmored} AS #{key.name}_key"
+            child.left = Arel::Nodes::SqlLiteral.new("pgp_pub_decrypt(#{child.left.name}_encrypted, keys.#{key.name}_key)")
+          end
+        end
+      end
+    end
+    unless joins.empty?
+      arel.join(Arel::Nodes::SqlLiteral.new("CROSS JOIN (SELECT #{joins.values.join(', ')}) AS keys"))
+    end
+  end
+
+  def pgcrypto_tweak_select_column(column, options, joins)
+    return nil unless options[:type] == :pgp
+    key = PGCrypto.keys[options[:private_key] || :private]
+    select = %[pgp_pub_decrypt(#{column}, keys.#{key.name}_key#{", '#{key.password}'" if key.password}) AS "#{column.to_s.gsub(/_encrypted$/, '')}"]
+    joins[key.name] ||= "#{key.dearmored} AS #{key.name}_key"
+    Arel::Nodes::SqlLiteral.new(select)
+  end
+
+  def pgcrypto_tweak_update(arel)
+    # Loop through the assignments and make sure we take care of that whole
+    # NULL value thing!
+    arel.ast.values.each do |value|
+      if options = PGCrypto[value.left.relation.name][value.left.name]
+        case value.right
+        when NilClass
+          value.right = Arel::Nodes::SqlLiteral.new('NULL')
+        else
+          key = PGCrypto.keys[options[:public_key] || :public]
+          quoted_right = quote_string(value.right)
+          encryption_instruction = %[pgp_pub_encrypt('#{quoted_right}', #{key.dearmored})]
+          value.right = Arel::Nodes::SqlLiteral.new(encryption_instruction)
+        end
+      end
+    end
+  end
+end

data/lib/pgcrypto/arel.rb

@@ -0,0 +1,22 @@
+require 'arel/visitors/postgresql'
+
+# We override some fun stuff in the PostgreSQL visitor class inside of Arel.
+# This is the _most_ direct approach to tweaking the SQL to INSERT, SELECT,
+# and UPDATE values as encrypted. Unfortunately, the visitor API doesn't
+# give us access to managers as well as nodes, so we have use the public
+# Arel API via the connection adapter's to_sql method. Then we tweak the
+# more specific bits here!
+
+Arel::Visitors::PostgreSQL.class_eval do
+  alias :original_visit_Arel_Nodes_Assignment :visit_Arel_Nodes_Assignment
+  def visit_Arel_Nodes_Assignment(assignment)
+    # Hijack the normally inoccuous assignment that happens, seeing as how
+    # Arel normally forwards this shit to someone else and I hate it. 
+    if PGCrypto[assignment.left.relation.name][assignment.left.name]
+      # raise "#{visit(assignment.left)} = #{visit(assignment.right)}"
+      "#{visit(assignment.left)} = #{visit(assignment.right)}"
+    else
+      original_visit_Arel_Nodes_Assignment(assignment)
+    end
+  end
+end

data/lib/pgcrypto/key.rb

@@ -0,0 +1,55 @@
+module PGCrypto
+  class KeyManager < Hash
+    def []=(key, value)
+      unless value.is_a?(Key)
+        value = Key.new(value)
+      end
+      value.name = key
+      super key, value
+    end
+  end
+
+  class Key
+    attr_accessor :name, :password, :value
+    attr_reader :path
+    attr_writer :armored
+
+    def armored?
+      @armored
+    end
+
+    def dearmored
+      "#{'dearmor(' if armored?}'#{self}'#{')' if armored?}"
+    end
+
+    def initialize(options = {})
+      if options.is_a?(String)
+        self.value = key
+      elsif options.is_a?(Hash)
+        options.each do |key, value|
+          send("#{key}=", value)
+        end
+      end
+    end
+
+    def path=(keyfile)
+      keyfile = File.expand_path(keyfile)
+      raise PGCrypto::Error, "\#{keyfile} does not exist!" unless File.file?(keyfile)
+      @path = keyfile
+      self.value = File.read(keyfile)
+    end
+
+    def to_s
+      value
+    end
+
+    def value=(key)
+      if key =~ /^-----BEGIN PGP /
+        self.armored = true
+      else
+        self.armored = false
+      end
+      @value = key.dup.freeze
+    end
+  end
+end

data/lib/pgcrypto/table_manager.rb

@@ -0,0 +1,18 @@
+module PGCrypto
+  class Table < Hash
+    def [](key)
+      super(key.to_sym)
+    end
+
+    def []=(key, value)
+      super key.to_sym, value
+    end
+  end
+
+  class TableManager < Table
+    def [](key)
+      return {} unless key
+      super(key) || self[key] = Table.new
+    end
+  end
+end

metadata

@@ -0,0 +1,59 @@
+--- !ruby/object:Gem::Specification
+name: pgcrypto
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Flip Sasser
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-02-24 00:00:00.000000000 Z
+dependencies: []
+description: ! "\n      PGCrypto is an ActiveRecord::Base extension that allows you
+  to asymmetrically\n      encrypt PostgreSQL columns with as little trouble as possible.
+  It's totally\n      freaking rad.\n    "
+email: flip@x451.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- LICENSE
+- README.markdown
+files:
+- .rspec
+- CHANGES
+- LICENSE
+- README.markdown
+- Rakefile
+- VERSION
+- lib/pgcrypto.rb
+- lib/pgcrypto/active_record.rb
+- lib/pgcrypto/arel.rb
+- lib/pgcrypto/key.rb
+- lib/pgcrypto/table_manager.rb
+homepage: http://github.com/Plinq/pgcrypto
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.10
+signing_key: 
+specification_version: 3
+summary: A transparent ActiveRecord::Base extension for encrypted columns
+test_files: []