syde 0.0.1

data/Gemfile

@@ -0,0 +1,3 @@
+source "http://www.rubygems.org"
+
+gemspec

data/LICENSE.mit

@@ -0,0 +1,21 @@
+(MIT License)
+
+Copyright (c) 2010 Adam Prescott
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,113 @@
+Syde
+====
+
+Syde is a *sy*mmetric *d*ata *e*ncryption library written in Ruby, licensed under the MIT license. It provides a saved encrypted data storage under a single password.
+
+# How do I use this thing?
+
+To install from RubyGems:
+
+    gem install syde
+
+To get the source:
+
+    git clone https://github.com/aprescott/syde.git
+
+To run the tests with the source:
+
+    rake test
+
+To contribute:
+
+* Fork it
+* Make a new feature branch: `git checkout -b some-new-thing master`
+* Pull request
+
+Basic usage
+-----------
+
+    require "syde"
+    
+    vault = Syde::Vault.create("password")
+    vault #=> #<Vault (locked)>
+    vault.unlock!("password")
+    vault #=> #<Vault (unlocked)>
+    vault.contents #=> []
+    vault << "something important"
+    vault.contents #=> ["something important"]
+    vault.lock
+    vault #=> #<Vault (locked)>
+
+### Reopening the vault
+
+When you call Vault.create your vault is saved to disk, in a default location. To reopen the vault using the default location, you can use `Vault.open`. Adding contents to the vault will cause it to be saved automatically, without needing to `Vault#lock`.
+
+### Auto-locking
+
+By default, there is a 5-minute auto-lock timeout period. After 5 minutes has passed since unlocking the vault, the vault will automatically lock itself. It is possible to set the time manually:
+
+    vault.unlock("password", 2 * 60)
+
+will set the timeout period to 2 minutes. Using a non-positive length of time will not unlock the vault. To unlock the vault indefinitely, use `unlock!`.
+
+### Deleting contents of the vault
+
+To delete something in the vault, use `delete`:
+
+    vault << "foo"
+    vault.contents
+    vault.delete("foo")
+    vault.contents
+
+### Modifying contents in-place
+
+    vault.contents #=> ["foo"]
+    string = vault.contents.first #=> "foo"
+    string.replace("bar")
+    vault.contents #=> ["bar"]
+
+Objects in the vault are serialised and then deserialised and as such are not modifiable.
+
+### Available data
+
+To see the data being stored in the vault file, use `data`. When the vault is unlocked, the contents are visible via `data`; otherwise, only the encrypted contents are visible.
+
+### Specifying a different file
+
+By default the file used for vault storage is ~/.syde/storage_file.vault. To change this, when calling `create`, pass a `String` as the second argument, for the filepath to be used.
+
+Some details
+------------
+
+The password you give is used to encrypt, using the OpenSSL standard library, a random 4096-bit secret key generated from /dev/urandom. This secret key is then used for the encryption and decryption of the vault contents. When a vault is created it will by default have its information stored in ~/.syde/storage_file.vault. Vault contents, and the secret 4096-bit key are kept in this file in encrypted form only, and never written to the file as plaintext; when the vault is unlocked the plaintext is available to the running application.
+
+Modifying the contents of the .vault file is not recommended, as it will cause Syde::Vault to be unable to open it.
+
+### Vault contents
+
+The contents of a vault are currently a simple Array, and are serialised with YAML before being encrypted. When the vault is opened and unlocked, the ciphertext is decrypted and then deserialised back to Ruby objects.
+
+### Forgotten passwords
+
+If your password is forgotten it's unlikely that you'll be able to retrieve any of the data stored in encrypted form as plaintext.
+
+Tests
+-----
+
+`rake test` will run the set of unit tests.
+
+Ruby versions
+-------------
+
+Should work without incident on 1.8.7.
+
+TODO/issues
+-----------
+
+Fix encoding problems to get 1.9 support.
+
+The intention is to have future versions support storing data associated to keys, allowing you to use
+
+    vault.add :password => "important"
+
+This can be done with the current design by setting the contents of the vault to be just a hash.

data/lib/syde/crypto.rb

@@ -0,0 +1,38 @@
+module Syde
+class Vault
+	module Crypto
+		def self.random_bytes(length)
+			File.open("/dev/urandom") { |f| f.read(length) }
+		end
+	
+		def self.new_iv
+			cipher.random_iv
+		end
+	
+		def self.aes(mode, key, iv, text)
+			c = cipher.send(mode)
+			c.key = digest(key)
+			c.iv = iv
+			c.update(text) << c.final
+		end
+		
+		def self.encrypt(key, iv, plaintext)
+			aes(:encrypt, key, iv, plaintext)
+		end
+		
+		def self.decrypt(key, iv, ciphertext)
+			aes(:decrypt, key, iv, ciphertext)
+		end
+	
+		def self.digest(input)
+			OpenSSL::Digest::SHA256.digest(input)
+		end
+		
+		private
+		
+		def self.cipher
+			OpenSSL::Cipher::Cipher.new("aes-256-cbc")
+		end
+	end
+end
+end

data/lib/syde/errors.rb

@@ -0,0 +1,7 @@
+module Syde
+	module Errors
+		class PasswordIncorrectError < StandardError; end
+		class MissingPasswordError < StandardError; end
+		class AccessError < StandardError; end
+	end
+end

data/lib/syde/storage.rb

@@ -0,0 +1,37 @@
+module Syde
+class Vault
+	module Storage
+		DefaultStorageFile = File.expand_path("~/.syde/storage_file.vault")
+		FileUtils.touch(DefaultStorageFile) unless File.exist?(DefaultStorageFile)
+		
+		def self.valid_format?(data)
+		  data.is_a?(Hash) &&
+			data.keys.include?(:encrypted) &&
+			data.keys.include?(:plaintext) &&
+			data[:plaintext].keys.include?(:iv) &&
+			data[:plaintext].keys.include?(:secret_key_hash) &&
+			data[:encrypted].keys.include?(:secret_key) &&
+			data[:encrypted].keys.include?(:contents) &&
+			data[:encrypted][:contents].is_a?(String)
+		end
+		
+		def self.read(content)
+			file { |f| f.read }
+		end
+		
+		def self.write(content, file = nil)
+		  if file
+		    File.open(file, "w") do |f|
+		      f << content
+		    end
+	    else
+	      file("w") { |f| f << content }
+      end
+		end
+		
+		def self.file(mode = "r", &block)
+			File.open(DefaultStorageFile, mode, &block)
+		end
+	end
+end
+end

data/lib/syde/vault.rb

@@ -0,0 +1,214 @@
+module Syde
+class Vault
+	include Errors
+	
+	attr_accessor	:plaintext_secret_key
+	attr_reader		:file
+
+	def self.open(file = Storage::DefaultStorageFile)
+	  file = File.expand_path(file)
+	  FileUtils.touch(file) unless File.exist?(file)
+	  
+		Vault.new(YAML.load_file(file) || "", file)
+	end
+	
+	def self.create(password, file = Storage::DefaultStorageFile)
+	  file = File.expand_path(file)
+	  
+		raise "#{file} contains content -- refusing to override." if File.exist?(file) && File.size(file) > 0
+		
+		FileUtils.touch(file) unless File.exist?(file)
+		
+		h = {}
+		[:plaintext, :encrypted].each { |e| h[e] = {} }
+		
+		h[:plaintext][:iv] = Crypto.new_iv
+		new_secret_key = Vault.new_secret_key(password, h[:plaintext][:iv])
+		encrypted_key = new_secret_key[:encrypted_key]
+		hash = new_secret_key[:plaintext_key_hash]
+		plaintext_key = new_secret_key[:plaintext_key]
+		
+		h[:encrypted][:secret_key] = encrypted_key
+		h[:plaintext][:secret_key_hash] = hash
+		
+		h[:encrypted][:contents] = Crypto.encrypt(plaintext_key, h[:plaintext][:iv], YAML.dump([]))
+		h[:plaintext][:contents] = []
+				
+		File.open(file, "w") do |f|
+			f << YAML.dump(h)
+		end
+		
+		Vault.new(h, file)
+	end
+	
+	def initialize(data, file)
+		@data = data
+		@file = file.freeze
+				
+		raise ArgumentError, "unable to find any stored data." if @data.empty?
+		raise ArgumentError, "data is not valid." unless Storage.valid_format?(@data)
+	end
+	
+	def data
+    if locked?
+      public_data
+    else
+      internal_data
+    end
+	end
+	
+	def public_data
+	  public_data = YAML.load(YAML.dump(internal_data))
+	  public_data[:plaintext].delete(:contents)
+	  public_data
+	end
+	
+	private
+	
+	def internal_data
+	  @data
+	end
+	
+	public
+		
+	def iv
+		internal_data[:plaintext][:iv]
+	end
+	
+	def secret_key_hash
+		internal_data[:plaintext][:secret_key_hash]
+	end
+	
+	def decrypt_secret_key(password)
+		Crypto.aes(:decrypt, password, iv, internal_data[:encrypted][:secret_key])
+	end
+	
+	def lock
+	  internal_data[:encrypted][:contents] = Crypto.encrypt(@plaintext_secret_key, iv, YAML.dump(internal_data[:plaintext][:contents]))
+	  internal_data[:plaintext][:contents] = nil
+		@plaintext_secret_key = nil
+	end
+	
+	def unlock!(password = nil)
+  	raise MissingPasswordError, "no password given." unless password
+
+  	plaintext_secret_key = decrypt_secret_key(password)
+  	if Crypto.digest(plaintext_secret_key) != secret_key_hash
+  		raise PasswordIncorrectError
+  	else
+  		@plaintext_secret_key = plaintext_secret_key
+  		internal_data[:encrypted][:contents] ||= Crypto.encrypt(@plaintext_secret_key, iv, YAML.dump([]))
+  		internal_data[:plaintext][:contents] = YAML.load(Crypto.decrypt(@plaintext_secret_key, iv, internal_data[:encrypted][:contents]))
+  	end
+	end
+	
+	def unlock(password = nil, timeout = 5 * 60)
+	  return false unless timeout > 0
+	  unlock!(password)
+    start_locking_timer(timeout)
+		true
+	end
+	
+	def start_locking_timer(seconds)
+	  Thread.new do
+	    sleep seconds
+	    self.lock
+	  end
+	end
+	
+	def locked?
+		if plaintext_secret_key
+			false
+		else
+			true
+		end
+	end
+	
+	def plaintext_contents
+	  raise AccessError, "vault is locked; unable to access vault contents." if locked?
+	  
+    YAML.load(YAML.dump(internal_contents))
+	end
+	
+	private
+	
+	def internal_contents
+	  internal_data[:plaintext][:contents]
+	end
+	
+	public
+	
+	def contents
+    if locked?
+      public_contents
+    else
+      plaintext_contents
+    end
+  end
+
+	def public_contents
+	  raise AccessError, "vault is locked; unable to access vault contents." if locked?
+	  
+	  public_data[:plaintext][:contents]
+	end
+	
+	private
+	
+	def update_contents(new_content)
+    internal_data[:encrypted][:contents] = Crypto.encrypt(@plaintext_secret_key, iv, YAML.dump(internal_contents))
+
+    Storage.write(YAML.dump(public_data), file)
+    
+    plaintext_contents
+	end
+	
+	public
+	
+	def contents=(new_content)
+	  raise AccessError, "vault is locked; unable to modify vault contents." if locked?
+	  
+	  internal_contents.replace(new_content)
+	  
+	  update_contents(new_content)
+	end
+	
+	def add(*contents)
+	  raise AccessError, "vault is locked; unable to add content to vault." if locked?
+	  
+	  contents.each do |content|
+	    internal_contents << content
+	  end
+
+    update_contents(internal_contents)
+	end
+	alias_method :<<, :add
+	
+	def remove(*contents)
+	  raise AccessError, "vault is locked; unable to remove content from vault." if locked?
+	  
+	  contents.each do |content|
+	    internal_contents.delete(content)
+	  end
+	  
+	  update_contents(internal_contents)
+	end
+	
+	def status
+		locked? ? "locked" : "unlocked"
+	end
+	
+	def inspect
+		%Q{#<Vault (#{status})>}
+	end
+		
+	def self.new_secret_key(password, iv)
+		plaintext = Crypto.digest(Crypto.random_bytes(4096))
+		new_key = Crypto.aes(:encrypt, password, iv, plaintext)
+		#? plaintext = nil
+		#? GC.start
+		{ :encrypted_key => new_key,
+		  :plaintext_key_hash => Crypto.digest(plaintext),
+		  :plaintext_key => plaintext	}
+	end
+end
+end

data/lib/syde/vault.rb~

@@ -0,0 +1,214 @@
+module Syde
+class Vault
+	include Errors
+	
+	attr_accessor	:plaintext_secret_key
+	attr_reader		:file
+
+	def self.open(file = Storage::DefaultStorageFile)
+	  file = File.expand_path(file)
+	  FileUtils.touch(file) unless File.exist?(file)
+	  
+		Vault.new(YAML.load_file(file) || "", file)
+	end
+	
+	def self.create(password, file = Storage::DefaultStorageFile)
+	  file = File.expand_path(file)
+	  
+		raise "#{file} contains content -- refusing to override." if File.exist?(file) && File.size(file) > 0
+		
+		FileUtils.touch(file) unless File.exist?(file)
+		
+		h = {}
+		[:plaintext, :encrypted].each { |e| h[e] = {} }
+		
+		h[:plaintext][:iv] = Crypto.new_iv
+		new_secret_key = Vault.new_secret_key(password, h[:plaintext][:iv])
+		encrypted_key = new_secret_key[:encrypted_key]
+		hash = new_secret_key[:plaintext_key_hash]
+		plaintext_key = new_secret_key[:plaintext_key]
+		
+		h[:encrypted][:secret_key] = encrypted_key
+		h[:plaintext][:secret_key_hash] = hash
+		
+		h[:encrypted][:contents] = Crypto.encrypt(plaintext_key, h[:plaintext][:iv], YAML.dump([]))
+		h[:plaintext][:contents] = []
+				
+		File.open(file, "w") do |f|
+			f << YAML.dump(h)
+		end
+		
+		Vault.new(h, file)
+	end
+	
+	def initialize(data, file)
+		@data = data
+		@file = file.freeze
+				
+		raise ArgumentError, "unable to find any stored data." if @data.empty?
+		raise ArgumentError, "data is not valid." unless Storage.valid_format?(@data)
+	end
+	
+	def data
+    if locked?
+      public_data
+    else
+      internal_data
+    end
+	end
+	
+	def public_data
+	  public_data = YAML.load(YAML.dump(internal_data))
+	  public_data[:plaintext].delete(:contents)
+	  public_data
+	end
+	
+	private
+	
+	def internal_data
+	  @data
+	end
+	
+	public
+		
+	def iv
+		internal_data[:plaintext][:iv]
+	end
+	
+	def secret_key_hash
+		internal_data[:plaintext][:secret_key_hash]
+	end
+	
+	def decrypt_secret_key(password)
+		Crypto.aes(:decrypt, password, iv, internal_data[:encrypted][:secret_key])
+	end
+	
+	def lock
+	  internal_data[:encrypted][:contents] = Crypto.encrypt(@plaintext_secret_key, iv, YAML.dump(internal_data[:plaintext][:contents]))
+	  internal_data[:plaintext][:contents] = nil
+		@plaintext_secret_key = nil
+	end
+	
+	def unlock!(password = nil)
+  	raise MissingPasswordError, "no password given." unless password
+
+  	plaintext_secret_key = decrypt_secret_key(password)
+  	if Crypto.digest(plaintext_secret_key) != secret_key_hash
+  		raise PasswordIncorrectError
+  	else
+  		@plaintext_secret_key = plaintext_secret_key
+  		internal_data[:encrypted][:contents] ||= Crypto.encrypt(@plaintext_secret_key, iv, YAML.dump([]))
+  		internal_data[:plaintext][:contents] = YAML.load(Crypto.decrypt(@plaintext_secret_key, iv, internal_data[:encrypted][:contents]))
+  	end
+	end
+	
+	def unlock(password = nil, timeout = 5 * 60)
+	  return false unless timeout > 0
+	  unlock!(password)
+    start_locking_timer(timeout)
+		true
+	end
+	
+	def start_locking_timer(seconds)
+	  Thread.new do
+	    sleep seconds
+	    self.lock
+	  end
+	end
+	
+	def locked?
+		if plaintext_secret_key
+			false
+		else
+			true
+		end
+	end
+	
+	def plaintext_contents
+	  raise AccessError, "vault is locked; unable to access vault contents." if locked?
+	  
+    YAML.load(YAML.dump(internal_contents))
+	end
+	
+	private
+	
+	def internal_contents
+	  internal_data[:plaintext][:contents]
+	end
+	
+	public
+	
+	def contents
+    if locked?
+      public_contents
+    else
+      plaintext_contents
+    end
+  end
+
+	def public_contents
+	  raise AccessError, "vault is locked; unable to access vault contents." if locked?
+	  
+	  public_data[:plaintext][:contents]
+	end
+	
+	private
+	
+	def update_contents(new_content)
+    internal_data[:encrypted][:contents] = Crypto.encrypt(@plaintext_secret_key, iv, YAML.dump(internal_contents))
+
+    Storage.write(YAML.dump(public_data), file)
+    
+    plaintext_contents
+	end
+	
+	public
+	
+	def contents=(new_content)
+	  raise AccessError, "vault is locked; unable to modify vault contents." if locked?
+	  
+	  internal_contents.replace(new_content)
+	  
+	  update_contents(new_content)
+	end
+	
+	def add(*contents)
+	  raise AccessError, "vault is locked; unable to add content to vault." if locked?
+	  
+	  contents.each do |content|
+	    internal_contents << content
+	  end
+
+    update_contents(internal_contents)
+	end
+	alias_method :<<, :add
+	
+	def remove(*contents)
+	  raise AccessError, "vault is locked; unable to remove content from vault." if locked?
+	  
+	  contents.each do |content|
+	    internal_contents.delete(content)
+	  end
+	  
+	  update_contents(internal_contents)
+	end
+	
+	def status
+		locked? ? "locked" : "unlocked"
+	end
+	
+	def inspect
+		%Q{#<Vault (#{status})>}
+	end
+		
+	def self.new_secret_key(password, iv)
+		plaintext = Crypto.digest(Crypto.random_bytes(4096))
+		new_key = Crypto.aes(:encrypt, password, iv, plaintext)
+		#? plaintext = nil
+		#? GC.start
+		{ :encrypted_key => new_key,
+		  :plaintext_key_hash => Crypto.digest(plaintext),
+		  :plaintext_key => plaintext	}
+	end
+end
+end

data/lib/syde.rb

@@ -0,0 +1,23 @@
+require "openssl"
+require "yaml"
+require "fileutils"
+
+# http://snippets.dzone.com/posts/show/576
+# http://snippets.dzone.com/posts/show/4975
+
+FileUtils.mkdir(File.expand_path("~/.syde")) unless File.exist?(File.expand_path("~/.syde"))
+
+module Syde
+	SYDE_VERSION_MAJOR = "0"
+	SYDE_VERSION_MINOR = "0"
+	SYDE_VERSION_TINY  = "1"
+	
+	SYDE_VERSION = [SYDE_VERSION_MAJOR, SYDE_VERSION_MINOR, SYDE_VERSION_TINY].join(".")
+	
+	SYDE_VERSION_DATE	= nil
+end
+
+require "syde/crypto"
+require "syde/errors"
+require "syde/storage"
+require "syde/vault"

data/lib/syde.rb~

@@ -0,0 +1,23 @@
+require "openssl"
+require "yaml"
+require "fileutils"
+
+# http://snippets.dzone.com/posts/show/576
+# http://snippets.dzone.com/posts/show/4975
+
+FileUtils.mkdir(File.expand_path("~/.syde")) unless File.exist?(File.expand_path("~/.syde"))
+
+module Syde
+	SYDE_VERSION_MAJOR = "0"
+	SYDE_VERSION_MINOR = "0"
+	SYDE_VERSION_TINY  = "1"
+	
+	SYDE_VERSION = [SYDE_VERSION_MAJOR, SYDE_VERSION_MINOR, SYDE_VERSION_TINY].join(".")
+	
+	SYDE_VERSION_DATE	= nil
+end
+
+require "syde/crypto"
+require "syde/errors"
+require "syde/storage"
+require "syde/vault"

data/rakefile

@@ -0,0 +1,7 @@
+require "rake"
+
+task :test do
+  system("ruby -I lib -I test test/_test.rb")
+end
+
+task :default => :test

data/syde.gemspec

@@ -0,0 +1,16 @@
+Gem::Specification.new do |s|
+  s.name         = "syde"
+  s.version      = "0.0.1"
+  s.authors      = ["Adam Prescott"]
+  s.email        = ["adam@aprescott.com"]
+  s.homepage     = "https://github.com/aprescott/syde"
+  s.summary      = "Symmetric data encryption library."
+  s.description  = "Syde is a symmetric data encryption library written in Ruby, licensed under the MIT license. It provides a saved encrypted data storage under a single password."
+  s.files        = Dir["{lib/**/*,test/**/*}"] + %w[LICENSE.mit Gemfile rakefile README.md syde.gemspec .gemtest]
+  s.require_path = "lib"
+  s.test_files   = Dir["test/*"]
+  s.has_rdoc     = false
+  s.add_development_dependency "rake"
+  s.required_ruby_version = "~> 1.8.7"
+  s.requirements << "Ruby 1.8.7, does not work with 1.9 (yet) due to encodings"
+end

data/test/_test.rb

@@ -0,0 +1,8 @@
+require "test/unit"
+
+TEST_STORAGE_FILE = File.expand_path(File.join("", *%w[tmp test_vault]))
+
+require "syde"
+require "test_vault"
+require "test_storage"
+require "test_crypto"

data/test/test_crypto.rb

@@ -0,0 +1,30 @@
+class TC_Syde_Crypto < Test::Unit::TestCase  
+  def setup
+    FileUtils.rm(TEST_STORAGE_FILE)
+    @vault = Syde::Vault.create("test_password", TEST_STORAGE_FILE)
+  end
+  
+  def tear_down
+    FileUtils.rm(TEST_STORAGE_FILE)
+  end
+  
+  def iv
+    @vault.iv
+  end
+  
+  def encrypt(key, plaintext)
+    Syde::Vault::Crypto.encrypt(key, iv, plaintext)
+  end
+  
+  def decrypt(key, ciphertext)
+    Syde::Vault::Crypto.decrypt(key, iv, ciphertext)
+  end
+  
+  def test_invertible
+    assert_equal "test_plaintext", decrypt("test_key", encrypt("test_key", "test_plaintext"))
+  end
+  
+  def test_secret_key_length
+    Syde::Vault::Crypto.random_bytes(1024).size == 1024
+  end
+end

data/test/test_storage.rb

@@ -0,0 +1,90 @@
+class TC_Syde_Storage < Test::Unit::TestCase
+  TEST_DATA = { :plaintext => { :iv => "test iv", :secret_key_hash => "test secret key hash" },
+                :encrypted => { :secret_key => "test secret key",
+                                :contents => "" } }
+    
+  def setup
+    FileUtils.rm(TEST_STORAGE_FILE) if File.exist?(TEST_STORAGE_FILE)
+    @vault = Syde::Vault.create("test_password", TEST_STORAGE_FILE)
+  end
+  
+  def valid_format?(d)
+    Syde::Vault::Storage.valid_format?(d)
+  end
+  
+  def test_valid_format
+    assert valid_format?(TEST_DATA), "data intended to be in correct format was found invalid"
+  end
+  
+  def test_internal_valid_format
+    @vault.unlock!("test_password")
+    assert valid_format?(@vault.data), "internal inconsistency"
+  end
+  
+  def test_data_copy
+    Marshal.load(Marshal.dump(TEST_DATA))
+  end  
+  
+  def test_invalid_format
+    invalid_formats = {
+      [] => "annot be an array",
+      nil => "cannot be nil",
+      {} => "contains nothing",
+    }
+    
+    invalid_formats.each do |d, result|
+      assert !valid_format?(d), result
+    end
+  end
+  
+  def test_missing_plaintext
+    d = test_data_copy
+    d.delete(:plaintext)
+    assert !valid_format?(d), "data is incorrect format: :plaintext key is missing"
+  end
+  
+	def test_missing_encrypted
+		d = test_data_copy
+		d.delete(:encrypted)
+		assert !valid_format?(d), "data is incorrect format: :encrypted key is missing"
+	end
+	def test_missing_encrypted_contents
+		d = test_data_copy
+		d[:encrypted].delete(:contents)
+		assert !valid_format?(d), "data is incorrect format: missing encrypted :contents"
+	end
+	def test_encrypted_contents_is_string
+		d = test_data_copy
+		d[:encrypted][:contents] = {}
+		assert !valid_format?(d), "data is incorrect format: encrypted contents must be a string"
+
+		d = test_data_copy
+		d[:encrypted][:contents] = []
+		assert !valid_format?(d) => "data is incorrect format: encrypted contents must be a string"
+	end
+	def test_missing_encrypted_secret_key
+		d = test_data_copy
+		d[:encrypted].delete(:secret_key)
+		assert !valid_format?(d), "data is incorrect format: missing encrypted :secret_key"
+	end
+	def test_missing_plaintext_iv
+		d = test_data_copy
+		d[:plaintext].delete(:iv)
+		assert !valid_format?(d), "data is incorrect format: missing plaintext :iv"
+	end
+	def test_missing_secret_key_hash
+		d = test_data_copy
+		d[:plaintext].delete(:secret_key_hash)
+		assert !valid_format?(d), "data is incorrect format: missing secret key hash"
+	end
+    
+  def test_open_storage_file
+    assert Syde::Vault.open(TEST_STORAGE_FILE)
+  end
+  
+  def test_empty_data_failure
+    assert_raise ArgumentError do
+      Syde::Vault.new("")
+    end
+  end
+end

data/test/test_vault.rb

@@ -0,0 +1,68 @@
+class TC_Syde_Vault < Test::Unit::TestCase  
+  def setup
+    FileUtils.rm(TEST_STORAGE_FILE) if File.exist?(TEST_STORAGE_FILE)
+    @vault = Syde::Vault.create("test_password", TEST_STORAGE_FILE)
+  end
+  
+  def tear_down
+    FileUtils.rm(TEST_STORAGE_FILE) if File.exist?(TEST_STORAGE_FILE)
+  end
+  
+  def test_initial_contents_empty
+    @vault.unlock!("test_password")
+    assert @vault.contents.empty?
+  end
+  
+  def test_vault_add
+    @vault.unlock!("test_password")
+    assert @vault.add("1")
+    assert @vault.contents == ["1"]
+  end
+  
+  def test_vault_multiple_add
+    @vault.unlock!("test_password")
+    assert @vault.add("1", 3, /regex/)
+    @vault.contents.each do |e|
+      assert [/regex/, 3, "1"].include?(e)
+    end
+  end
+  
+  def test_begins_locked
+    assert @vault.locked?
+  end
+  
+  def test_non_override_of_storage_file
+    File.open(TEST_STORAGE_FILE, "w") do |f|
+      f.write "test"
+    end
+    assert_raise RuntimeError do
+      Syde::Vault.create("test_password", TEST_STORAGE_FILE)
+    end
+  end
+  
+  def test_unlock_incorrect_password
+    assert_raise OpenSSL::Cipher::CipherError, Syde::Errors::PasswordIncorrectError do
+      @vault.unlock!("incorrect_password")
+    end
+    assert @vault.locked?
+  end
+  
+  def test_unlock_correct_password
+    @vault.unlock!("test_password")
+    assert !@vault.locked?
+  end
+  
+  def test_auto_locks
+    assert @vault.locked?
+    @vault.unlock("test_password", 1)
+    assert !@vault.locked?
+    sleep 2
+    assert @vault.locked?
+  end
+  
+  def test_instant_lock
+    assert @vault.locked?
+    @vault.unlock("test_password", 0)
+    assert @vault.locked?
+  end
+end

metadata

@@ -0,0 +1,86 @@
+--- !ruby/object:Gem::Specification 
+name: syde
+version: !ruby/object:Gem::Version 
+  prerelease: 
+  version: 0.0.1
+platform: ruby
+authors: 
+- Adam Prescott
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-05-17 00:00:00 +01:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rake
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  version_requirements: *id001
+description: Syde is a symmetric data encryption library written in Ruby, licensed under the MIT license. It provides a saved encrypted data storage under a single password.
+email: 
+- adam@aprescott.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- lib/syde.rb
+- lib/syde.rb~
+- lib/syde/vault.rb
+- lib/syde/vault.rb~
+- lib/syde/errors.rb
+- lib/syde/storage.rb
+- lib/syde/crypto.rb
+- test/test_storage.rb
+- test/test_vault.rb
+- test/_test.rb
+- test/test_crypto.rb
+- LICENSE.mit
+- Gemfile
+- rakefile
+- README.md
+- syde.gemspec
+- .gemtest
+has_rdoc: true
+homepage: https://github.com/aprescott/syde
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ~>
+    - !ruby/object:Gem::Version 
+      version: 1.8.7
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+requirements: 
+- Ruby 1.8.7, does not work with 1.9 (yet) due to encodings
+rubyforge_project: 
+rubygems_version: 1.6.2
+signing_key: 
+specification_version: 3
+summary: Symmetric data encryption library.
+test_files: 
+- test/test_storage.rb
+- test/test_vault.rb
+- test/_test.rb
+- test/test_crypto.rb