symmetric-encryption 0.4.0 → 0.5.0

data/lib/symmetric_encryption/version.rb

@@ -0,0 +1,4 @@
+# encoding: utf-8
+module SymmetricEncryption #:nodoc
+  VERSION = "0.5.0"
+end

data/lib/symmetric_encryption/writer.rb

@@ -0,0 +1,132 @@
+module SymmetricEncryption
+  class Writer
+    # Write to encrypted files and other IO streams
+    #
+    # Features:
+    # * Encryption on the fly whilst writing files.
+    # * Large file support by only buffering small amounts of data in memory
+    # * Underlying buffering to ensure that encrypted data fits
+    #   into the Symmetric Encryption Cipher block size
+    #   Only the last block in the file will be padded if it is less than the block size
+    #
+    # # Example: Encrypt and write data to a file
+    # SymmetricEncryption::Writer.open('test_file') do |file|
+    #   file.write "Hello World\n"
+    #   file.write "Keep this secret"
+    # end
+    #
+    # # Example: Compress, Encrypt and write data to a file
+    # SymmetricEncryption::Writer.open('encrypted_compressed.zip', :compress => true) do |file|
+    #   file.write "Hello World\n"
+    #   file.write "Compress this\n"
+    #   file.write "Keep this safe and secure\n"
+    # end
+    #
+
+
+    # Open a file for writing, or use the supplied IO Stream
+    #
+    # Parameters:
+    #   filename_or_stream:
+    #     The filename to open if a string, otherwise the stream to use
+    #     The file or stream will be closed on completion, use .initialize to
+    #     avoid having the stream closed automatically
+    #
+    #   options:
+    #     :compress [true|false]
+    #          Uses Zlib to compress the data before it is encrypted and
+    #          written to the file
+    #          Default: false
+    #
+    #     :header [true|false]
+    #          Whether to include the magic header that indicates the file
+    #          is encrypted and whether its contents are compressed
+    #
+    #          The header contains:
+    #             Version of the encryption key used to encrypt the file
+    #             Indicator if the data was compressed
+    #          Default: false
+    #
+    #     :version
+    #          Version of the encryption key to use when encrypting
+    #          Default: Current primary key
+    #
+    #     :mode
+    #          See File.open for open modes
+    #          Default: 'w'
+    #
+    # Note: Compression occurs before encryption
+    #
+    def self.open(filename_or_stream, options={}, &block)
+      raise "options must be a hash" unless options.respond_to?(:each_pair)
+      mode = options.fetch(:mode, 'w')
+      compress = options.fetch(:compress, false)
+      ios = filename_or_stream.is_a?(String) ? ::File.open(filename_or_stream, mode) : filename_or_stream
+
+      begin
+        file = self.new(ios, options)
+        file = Zlib::GzipWriter.new(file) if compress
+        block.call(file)
+      ensure
+        file.close if file
+      end
+    end
+
+    # Encrypt data before writing to the supplied stream
+    def initialize(ios,options={})
+      @ios      = ios
+      header    = options.fetch(:header, false)
+      # Compress is only used at this point for setting the flag in the header
+      @compress = options.fetch(:compress, false)
+
+      # Use primary cipher by default, but allow a secondary cipher to be selected for encryption
+      @cipher   = SymmetricEncryption.cipher(options[:version])
+      raise "Cipher with version:#{options[:version]} not found in any of the configured SymmetricEncryption ciphers" unless @cipher
+
+      @stream_cipher = @cipher.send(:openssl_cipher, :encrypt)
+
+      write_header if header
+    end
+
+    # Close the IO Stream
+    # Flushes any unwritten data
+    #
+    # Note: Once an EncryptionWriter has been closed a new instance must be
+    #       created before writing again
+    #
+    # Note: Also closes the passed in io stream or file
+    # Note: This method must be called _before_ the supplied stream is closed
+    #
+    # It is recommended to call Symmetric::EncryptedStream.open
+    # rather than creating an instance of Symmetric::EncryptedStream directly to
+    # ensure that the encrypted stream is closed before the stream itself is closed
+    def close(close_child_stream = true)
+      final = @stream_cipher.final
+      @ios.write(final) if final.length > 0
+      @ios.close if close_child_stream
+    end
+
+    # Write to the IO Stream as encrypted data
+    # Returns the number of bytes written
+    def write(data)
+      partial = @stream_cipher.update(data.to_s)
+      @ios.write(partial) if partial.length > 0
+      data.length
+    end
+
+    private
+
+    # Write the Encryption header if this is the first write
+    def write_header
+      # Include Header and encryption version indicator
+      flags  = @cipher.version || 0 # Same as 0b0000_0000_0000_0000
+
+      # If the data is to be compressed before being encrypted, set the
+      # compressed bit in the version byte
+      flags |= 0b1000_0000_0000_0000 if @compress
+
+      @ios.write "#{MAGIC_HEADER}#{[flags].pack('v')}"
+    end
+
+  end
+end

data/nbproject/private/private.xml

@@ -1,4 +1,17 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project-private xmlns="http://www.netbeans.org/ns/project-private/1">
-    <editor-bookmarks xmlns="http://www.netbeans.org/ns/editor-bookmarks/1"/>
+    <editor-bookmarks xmlns="http://www.netbeans.org/ns/editor-bookmarks/1">
+        <file>
+            <url>lib/symmetric_encryption/encryption.rb</url>
+            <line>60</line>
+        </file>
+        <file>
+            <url>lib/symmetric/encryption.rb</url>
+            <line>62</line>
+        </file>
+        <file>
+            <url>lib/symmetric_encryption/symmetric_encryption.rb</url>
+            <line>60</line>
+        </file>
+    </editor-bookmarks>
 </project-private>

data/test/attr_encrypted_test.rb

@@ -27,12 +27,12 @@ class User < ActiveRecord::Base
   attr_encrypted :bank_account_number
   attr_encrypted :social_security_number
 
-  validates :encrypted_bank_account_number, :symmetric_encrypted => true
-  validates :encrypted_social_security_number, :symmetric_encrypted => true
+  validates :encrypted_bank_account_number, :symmetric_encryption => true
+  validates :encrypted_social_security_number, :symmetric_encryption => true
 end
 
 # Load Symmetric Encryption keys
-Symmetric::Encryption.load!(File.join(File.dirname(__FILE__), 'config', 'symmetric-encryption.yml'), 'test')
+SymmetricEncryption.load!(File.join(File.dirname(__FILE__), 'config', 'symmetric-encryption.yml'), 'test')
 
 # Initialize the database connection
 config_file = File.join(File.dirname(__FILE__), 'config', 'database.yml')
@@ -44,10 +44,10 @@ raise("Environment 'test' not defined in test/config/database.yml") unless cfg
 User.establish_connection(cfg)
 
 #
-# Unit Test for attr_encrypted and validation aspects of Symmetric::Encryption
+# Unit Test for attr_encrypted and validation aspects of SymmetricEncryption
 #
 class AttrEncryptedTest < Test::Unit::TestCase
-  context 'the Symmetric::Encryption Library' do
+  context 'the SymmetricEncryption Library' do
 
     setup do
       @bank_account_number = "1234567890"
@@ -159,8 +159,8 @@ class AttrEncryptedTest < Test::Unit::TestCase
       assert_equal true, @user.valid?
       @user.encrypted_bank_account_number = '123'
       assert_equal false, @user.valid?
-      assert_equal ["must be a value encrypted using Symmetric::Encryption.encrypt"], @user.errors[:encrypted_bank_account_number]
-      @user.encrypted_bank_account_number = Symmetric::Encryption.encrypt('123')
+      assert_equal ["must be a value encrypted using SymmetricEncryption.encrypt"], @user.errors[:encrypted_bank_account_number]
+      @user.encrypted_bank_account_number = SymmetricEncryption.encrypt('123')
       assert_equal true, @user.valid?
       @user.bank_account_number = '123'
       assert_equal true, @user.valid?

data/test/cipher_test.rb

@@ -4,15 +4,15 @@ $LOAD_PATH.unshift File.dirname(__FILE__) + '/../lib'
 require 'rubygems'
 require 'test/unit'
 require 'shoulda'
-require 'symmetric/cipher'
+require 'symmetric_encryption/cipher'
 
-# Unit Test for Symmetric::Cipher
+# Unit Test for SymmetricEncryption::Cipher
 #
 class CipherTest < Test::Unit::TestCase
   context 'standalone' do
 
     should "allow setting the cipher" do
-      cipher = Symmetric::Cipher.new(
+      cipher = SymmetricEncryption::Cipher.new(
         :cipher => 'aes-128-cbc',
         :key => '1234567890ABCDEF1234567890ABCDEF',
         :iv  => '1234567890ABCDEF'
@@ -21,14 +21,14 @@ class CipherTest < Test::Unit::TestCase
     end
 
     should "not require an iv" do
-      cipher = Symmetric::Cipher.new(
+      cipher = SymmetricEncryption::Cipher.new(
         :key => '1234567890ABCDEF1234567890ABCDEF'
       )
-      assert_equal "wjzpl29q+tsxyLBWAQsn5g==\n", cipher.encrypt('Hello World')
+      assert_equal "\302<\351\227oj\372\3331\310\260V\001\v'\346", cipher.encrypt('Hello World')
     end
 
     should "throw an exception on bad data" do
-      cipher = Symmetric::Cipher.new(
+      cipher = SymmetricEncryption::Cipher.new(
         :cipher => 'aes-128-cbc',
         :key => '1234567890ABCDEF1234567890ABCDEF',
         :iv  => '1234567890ABCDEF'
@@ -42,12 +42,12 @@ class CipherTest < Test::Unit::TestCase
 
   context 'with configuration' do
     setup do
-      @cipher = Symmetric::Cipher.new(
+      @cipher = SymmetricEncryption::Cipher.new(
         :key => '1234567890ABCDEF1234567890ABCDEF',
         :iv  => '1234567890ABCDEF'
       )
       @social_security_number = "987654321"
-      @social_security_number_encrypted = "Qd0qzN6oVuATJQBTf8X6tg==\n"
+      @social_security_number_encrypted = "A\335*\314\336\250V\340\023%\000S\177\305\372\266"
       @sample_data = [
         { :text => '555052345', :encrypted => ''}
       ]
@@ -65,10 +65,5 @@ class CipherTest < Test::Unit::TestCase
       assert_equal @social_security_number, @cipher.decrypt(@social_security_number_encrypted)
     end
 
-    should "determine if string is encrypted" do
-      assert_equal true, @cipher.encrypted?(@social_security_number_encrypted)
-      assert_equal false, @cipher.encrypted?(@social_security_number)
-    end
-
   end
 end

data/test/field_encrypted_test.rb

@@ -30,13 +30,13 @@ class MongoidUser
 end
 
 # Load Symmetric Encryption keys
-Symmetric::Encryption.load!(File.join(File.dirname(__FILE__), 'config', 'symmetric-encryption.yml'), 'test')
+SymmetricEncryption.load!(File.join(File.dirname(__FILE__), 'config', 'symmetric-encryption.yml'), 'test')
 
 #
-# Unit Tests for field encrypted and validation aspects of Symmetric::Encryption
+# Unit Tests for field encrypted and validation aspects of SymmetricEncryption
 #
 class FieldEncryptedTest < Test::Unit::TestCase
-  context 'the Symmetric::Encryption Library' do
+  context 'the SymmetricEncryption Library' do
     setup do
       @bank_account_number = "1234567890"
       @bank_account_number_encrypted = "L94ArJeFlJrZp6SYsvoOGA==\n"

data/test/reader_test.rb

@@ -0,0 +1,76 @@
+# Allow examples to be run in-place without requiring a gem install
+$LOAD_PATH.unshift File.dirname(__FILE__) + '/../lib'
+
+require 'rubygems'
+require 'test/unit'
+require 'shoulda'
+require 'symmetric-encryption'
+
+# Load Symmetric Encryption keys
+SymmetricEncryption.load!(File.join(File.dirname(__FILE__), 'config', 'symmetric-encryption.yml'), 'test')
+
+# Unit Test for SymmetricEncrypted::ReaderStream
+#
+class ReaderTest < Test::Unit::TestCase
+  context 'Reader' do
+    setup do
+      @data = [
+        "Hello World\n",
+        "Keep this secret\n",
+        "And keep going even further and further..."
+      ]
+      @data_str = @data.inject('') {|sum,str| sum << str}
+      @data_len = @data_str.length
+      @data_encrypted = SymmetricEncryption.cipher.encrypt(@data_str)
+      @filename = '._test'
+    end
+
+    should "decrypt from string stream as a single read" do
+      stream = StringIO.new(@data_encrypted)
+      decrypted = SymmetricEncryption::Reader.open(stream) {|file| file.read}
+      assert_equal @data_str, decrypted
+    end
+
+    should "decrypt from string stream as a single read, after a partial read" do
+      stream = StringIO.new(@data_encrypted)
+      decrypted = SymmetricEncryption::Reader.open(stream) do |file|
+        file.read(10)
+        file.read
+      end
+      assert_equal @data_str[10..-1], decrypted
+    end
+
+    should "decrypt lines from string stream" do
+      stream = StringIO.new(@data_encrypted)
+      i = 0
+      decrypted = SymmetricEncryption::Reader.open(stream) do |file|
+        file.each_line do |line|
+          assert_equal @data[i], line
+          i += 1
+        end
+      end
+    end
+
+    should "decrypt fixed lengths from string stream" do
+      stream = StringIO.new(@data_encrypted)
+      i = 0
+      SymmetricEncryption::Reader.open(stream) do |file|
+        index = 0
+        [0,10,5,5000].each do |size|
+          buf = file.read(size)
+          if size == 0
+            assert_equal '', buf
+          else
+            assert_equal @data_str[index..index+size-1], buf
+          end
+          index += size
+        end
+      end
+    end
+
+    should "decrypt from file" do
+
+    end
+  end
+
+end

data/test/symmetric_encryption_test.rb

@@ -0,0 +1,53 @@
+# Allow examples to be run in-place without requiring a gem install
+$LOAD_PATH.unshift File.dirname(__FILE__) + '/../lib'
+
+require 'rubygems'
+require 'test/unit'
+require 'shoulda'
+require 'symmetric-encryption'
+
+# Load Symmetric Encryption keys
+SymmetricEncryption.load!(File.join(File.dirname(__FILE__), 'config', 'symmetric-encryption.yml'), 'test')
+
+# Unit Test for SymmetricEncryption
+#
+class SymmetricEncryptionTest < Test::Unit::TestCase
+  context 'initialized' do
+
+    context 'SymmetricEncryption configuration' do
+      setup do
+        @config = SymmetricEncryption.send(:read_config, File.join(File.dirname(__FILE__), 'config', 'symmetric-encryption.yml'), 'test')
+      end
+
+      should "match config file" do
+        assert_equal @config[:ciphers][0][:cipher], SymmetricEncryption.cipher.cipher
+      end
+    end
+
+    context 'SymmetricEncryption tests' do
+      setup do
+        @social_security_number = "987654321"
+        @social_security_number_encrypted = "S+8X1NRrqdfEIQyFHVPuVA==\n"
+        @social_security_number_encrypted_with_secondary_1 = "D1UCu38pqJ3jc0GvwJHiow==\n"
+      end
+
+      should "encrypt simple string" do
+        assert_equal @social_security_number_encrypted, SymmetricEncryption.encrypt(@social_security_number)
+      end
+
+      should "decrypt string" do
+        assert_equal @social_security_number, SymmetricEncryption.decrypt(@social_security_number_encrypted)
+      end
+
+      should "determine if string is encrypted" do
+        assert_equal true, SymmetricEncryption.encrypted?(@social_security_number_encrypted)
+        assert_equal false, SymmetricEncryption.encrypted?(@social_security_number)
+      end
+
+      should "decrypt with secondary key when first one fails" do
+        assert_equal @social_security_number, SymmetricEncryption.decrypt(@social_security_number_encrypted)
+      end
+    end
+  end
+
+end

data/test/writer_test.rb

@@ -0,0 +1,56 @@
+# Allow examples to be run in-place without requiring a gem install
+$LOAD_PATH.unshift File.dirname(__FILE__) + '/../lib'
+
+require 'rubygems'
+require 'test/unit'
+require 'shoulda'
+require 'symmetric-encryption'
+
+# Load Symmetric Encryption keys
+SymmetricEncryption.load!(File.join(File.dirname(__FILE__), 'config', 'symmetric-encryption.yml'), 'test')
+
+# Unit Test for Symmetric::EncryptedStream
+#
+class EncryptionWriterTest < Test::Unit::TestCase
+  context 'EncryptionWriter' do
+    setup do
+      @data = [
+        "Hello World\n",
+        "Keep this secret\n",
+        "And keep going even further and further..."
+      ]
+      @data_str = @data.inject('') {|sum,str| sum << str}
+      @data_len = @data_str.length
+      @data_encrypted = SymmetricEncryption.cipher.encrypt(@data_str)
+      @filename = '._test'
+    end
+
+    should "encrypt to string stream" do
+      stream = StringIO.new
+      file = SymmetricEncryption::Writer.new(stream)
+      written_len = @data.inject(0) {|sum,str| sum + file.write(str)}
+      file.close
+
+      assert_equal @data_len, written_len
+      assert_equal @data_encrypted, stream.string
+    end
+
+    should "encrypt to string stream using .open" do
+      written_len = 0
+      stream = StringIO.new
+      SymmetricEncryption::Writer.open(stream) do |file|
+        written_len = @data.inject(0) {|sum,str| sum + file.write(str)}
+      end
+      assert_equal @data_len, written_len
+    end
+
+    should "encrypt to file using .open" do
+      written_len = nil
+      SymmetricEncryption::Writer.open(@filename) do |file|
+        written_len = @data.inject(0) {|sum,str| sum + file.write(str)}
+      end
+      assert_equal @data_len, written_len
+      assert_equal @data_encrypted, File.read(@filename)
+    end
+  end
+end