secure_string 1.3.2 → 1.3.3

data/README.rdoc

@@ -234,6 +234,10 @@ or directly via e-mail at:
 mailto:jeff@paploo.net
 
 = Version History
+[1.3.3 - 2011-Jul-19] Added new functionality
+                      * (FEATURE) Added PKCS5 v2 keygen from a passphrase support.
+                      * (FEATURE) Addition of escaped hex string literal support for pasting into code.
+                      * (FIX) Hex conversion is more consistently fast now.
 [1.3.2 - 2011-Jun-15] Changed minimum requirements from 1.8.6 to 1.8.7.
                       * (CHANGE) Minimum requirements are 1.8.7 due to too many bugs in 1.8.6.
                       * (FIX) Update to the documentation to reflect 1.8.7 support.
@@ -280,7 +284,7 @@ mailto:jeff@paploo.net
 * See what happens when including SecurizeString into an object that is not a String.
   What are the expected root methods?  +to_s+, <tt>self.new(string)</tt> are two
   that I know of.
-
+* Add HMAC support.
 
 = License
 

data/lib/secure_string.rb

@@ -30,6 +30,12 @@ class SecureString < String
     return data_to_hex
   end
   
+  # Add a method to convert the internal binary dat into an escaped hex string
+  # which is suitable for pasting into Ruby and Javascript source files.
+  def to_escaped_hex
+    return data_to_escaped_hex
+  end
+  
   # Override the default inspect to return the hexidecimal
   # representation of the data contained in this string.
   def inspect

data/lib/securize_string/binary_string_data_methods.rb

@@ -25,7 +25,7 @@ module SecurizeString
         case data_type_hint
         when :hex
           hex_string = value.to_s.delete('^0-9a-fA-F')
-          data_string = [hex_string].pack('H' + hex_string.bytesize.to_s)
+          data_string = [hex_string].pack('H*')
         when :data
           data_string = value.to_s
         when :int
@@ -46,7 +46,7 @@ module SecurizeString
       
       # Returns the hexidecimal string representation of the data.
       def data_to_hex
-        return (self.to_s.empty? ? '' : self.to_s.unpack('H' + (self.to_s.bytesize*2).to_s)[0])
+        return (self.to_s.empty? ? '' : self.to_s.unpack('H*')[0])
       end
       
       # Returns the data converted from hexidecimal into an integer.
@@ -56,6 +56,26 @@ module SecurizeString
         return (self.to_s.empty? ? 0 : self.data_to_hex.hex)
       end
       
+      # Returns an escaped hex string representation of the data.
+      #
+      # This hex string is compatible with Ruby and Javascript.
+      def data_to_escaped_hex
+        # First we convert the string into a packed hex string.
+        hex_string = self.unpack('H*')[0]
+        
+        # Now we grab two elements at a time, prefix it, and add it to the buffer.
+        ptr = 0
+        len = self.bytesize
+        outbuf = ""
+        while(ptr<(len*2))
+          outbuf << '\x' + hex_string[ptr,2]
+          ptr+=2
+        end
+        
+        # Now we return the buffer
+        return outbuf
+      end
+      
     end
     
   end

data/lib/securize_string/cipher_methods.rb

@@ -28,12 +28,41 @@ module SecurizeString
         return [cipher.random_key, cipher.random_iv].map {|s| self.new(s)}
       end
       
-      # A convenience method for generating a random key and init vector for AES keys.
+      # A convenience method for generating a cipher key from a passphrase
+      # using PKCS5 v2 standards.  The key and the salt may be any string.
+      #
+      # This also derives a predictable initialization vector from the given
+      # passphrase in a manor consistent with RFC2898, though it is better to
+      # generate a random IV with each encryption of the same data if possible.
+      #
+      # Note that the OpenSSL::Cipher#pkcs5_keyivgen method is not PKCS5 v2
+      # compliant, and therefore will not be implemented.
+      def cipher_passphrase_keygen(cipher_name, passphrase, salt, iterations=2048)
+        # The first pits of a PBKDF2 are the same wether I build the key and IV
+        # at once, but when an IV is built in the RFC2898 standards, they do it
+        # this way.
+        cipher = OpenSSL::Cipher.new(cipher_name.to_s)
+        cipher.encrypt
+        key_and_iv = OpenSSL::PKCS5.pbkdf2_hmac_sha1(passphrase.to_s, salt.to_s, iterations.to_i, cipher.key_len+cipher.iv_len)
+        return [key_and_iv[0,cipher.key_len], key_and_iv[cipher.key_len, cipher.iv_len]].map {|s| self.new(s)}
+      end
+      
+      # A convenience method for generating a random key and init vector for AES
+      # encryption.
+      #
       # Defaults to a key length of 256.
       def aes_keygen(key_len=256)
         return cipher_keygen("aes-#{key_len.to_i}-cbc")
       end
       
+      # A convenience method for generating a key and init vector from a passphrase
+      # for AES encryption.
+      #
+      # Defaults to a key length of 256.
+      def aes_passphrase_keygen(key_len, passphrase, salt, iterations=2048)
+        return cipher_passphrase_keygen("aes-#{key_len.to_i}-cbc", passphrase, salt, iterations)
+      end
+      
     end
     
     # Adds instance methods for OpenSSL::Cipher support, including AES encryption,

data/spec/binary_string_data_methods_spec.rb

@@ -47,6 +47,14 @@ describe "SecurityString" do
       ss.data_to_i.should == 0
     end
     
+    it 'should be able to convert to an escaped hex string' do
+      @messages.each do |message|
+        ss = SecureString.new(message[:string])
+        ss.data_to_escaped_hex.delete('^0-9A-Fa-f').should == message[:hex]
+        ss.data_to_escaped_hex.should == message[:string].each_byte.map {|b| '\x' + ('%02x' % b)}.join
+      end
+    end
+    
   end
   
 end

data/spec/cipher_methods_spec.rb

@@ -18,11 +18,54 @@ describe "SecureString" do
         iv.should be_kind_of(SecureString)
       end
       
+      it 'should provide a passphrase keygen helper' do
+        SecureString.should respond_to(:cipher_passphrase_keygen)
+      end
+      
+      it 'should provide passphrase generated keys as a SecureString class' do
+        key, iv = SecureString.cipher_passphrase_keygen('DES', 'some passphrase', 'my salt')
+        
+        key.should_not be_nil
+        iv.should_not be_nil
+        
+        key.should be_kind_of(SecureString)
+        iv.should be_kind_of(SecureString)
+      end
+      
+      it 'should generate keys from passphrases with 2048 rounds by default' do
+        default_key, default_iv = SecureString.cipher_passphrase_keygen('DES', 'some passphrase', 'my_salt')
+        
+        key, iv = SecureString.cipher_passphrase_keygen('DES', 'some passphrase', 'my_salt', 2048)
+        key.should == default_key
+        iv.should == default_iv
+        
+        key, iv = SecureString.cipher_passphrase_keygen('DES', 'some passphrase', 'my_salt', 1024)
+        key.should_not == default_key
+        key.should_not == default_iv
+      end
+      
+      it 'should generate a predictable key from a given passphrase' do
+        SecureString.cipher_passphrase_keygen('DES', 'some passphrase', 'my_salt').should == SecureString.cipher_passphrase_keygen('DES', 'some passphrase', 'my_salt')
+        SecureString.cipher_passphrase_keygen('DES', 'some passphrase', 'my_salt').should_not == SecureString.cipher_passphrase_keygen('DES', 'some passphrase', 'another_salt')
+        SecureString.cipher_passphrase_keygen('DES', 'some passphrase', 'my_salt').should_not == SecureString.cipher_passphrase_keygen('DES', 'another passphrase', 'my_salt')
+      end
+      
+      it 'should provide an AES passphrase keygen helper' do
+        SecureString.should respond_to(:aes_passphrase_keygen)
+      end
+      
+      it 'should, for any AES key size, passthrough to the cipher passphrase keygen' do
+        [128,192,256].each do |bits|
+          SecureString.aes_passphrase_keygen(bits, 'passphrase', 'salt').should == SecureString.cipher_passphrase_keygen("aes-#{bits}-cbc", 'passphrase', 'salt')
+          SecureString.aes_passphrase_keygen(bits, 'passphrase', 'salt', 1024).should == SecureString.cipher_passphrase_keygen("aes-#{bits}-cbc", 'passphrase', 'salt', 1024)
+        end
+      end
+      
       it 'should provide an AES keygen helper' do
         SecureString.should respond_to(:aes_keygen)
       end
       
-      it 'should provide generated AES keysas a SecureString class' do
+      it 'should provide generated AES keys as a SecureString class' do
         key, iv = SecureString.aes_keygen
         
         key.should_not be_nil

data/spec/secure_string_spec.rb

@@ -84,8 +84,20 @@ describe "SecureString" do
     end
   end
   
-  it 'should parse hex data with spaces' do
+  it 'should implement to_escaped_hex' do
+    if( RUBY_VERSION >= '1.9.0' )
+      SecureString.instance_methods.should include(:to_escaped_hex)
+    else
+      SecureString.instance_methods.should include('to_escaped_hex')
+    end
     
+    @messages.each do |message|
+      ss = SecureString.new(message[:string])
+      ss.to_escaped_hex.should == ss.data_to_escaped_hex
+    end
+  end
+  
+  it 'should parse hex data with spaces' do
     data = <<-DATA
     a766a602 b65cffe7 73bcf258 26b322b3 d01b1a97 2684ef53 3e3b4b7f 53fe3762
     24c08e47 e959b2bc 3b519880 b9286568 247d110f 70f5c5e2 b4590ca3 f55f52fe
@@ -105,6 +117,18 @@ describe "SecureString" do
     OpenSSL::Digest::SHA.hexdigest(ss).should == "c9f160777d4086fe8095fba58b7e20c228a4006b"
   end
   
+  it 'should parse hex data with escape characters' do
+    # Create the string with escape characters in there.
+    data = '\x48\x65\x6c\x6c\x6f'
+    
+    # Make sure Ruby didn't convert them to the actual string.
+    data.should_not == 'Hello'
+    
+    # Now see if SecureString can convert it as hex data.
+    ss = SecureString.new(data, :type => :hex)
+    ss.should == 'Hello'
+  end
+  
   if( RUBY_VERSION >= '1.9.0' )
     describe 'Encodings' do
     

metadata

@@ -2,7 +2,7 @@
 name: secure_string
 version: !ruby/object:Gem::Version 
   prerelease: 
-  version: 1.3.2
+  version: 1.3.3
 platform: ruby
 authors: 
 - Jeff Reinecke
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-06-16 00:00:00 Z
+date: 2011-07-19 00:00:00 Z
 dependencies: []
 
 description: "    A String subclass to simplify handling of:\n      1. Binary data, including HEX encoding and Bin64 encoding.\n      2. Encryption such as RSA, AES, and digest methods such as SHA and MD5.\n"