symmetric-encryption 1.1.1 → 2.0.0

data/test/attr_encrypted_test.rb

@@ -19,6 +19,8 @@ ActiveRecord::Schema.define :version => 0 do
   create_table :users, :force => true do |t|
     t.string :encrypted_bank_account_number
     t.string :encrypted_social_security_number
+    t.string :encrypted_string
+    t.text   :encrypted_long_string
     t.string :name
   end
 end
@@ -26,6 +28,8 @@ end
 class User < ActiveRecord::Base
   attr_encrypted :bank_account_number
   attr_encrypted :social_security_number
+  attr_encrypted :string,      :random_iv => true
+  attr_encrypted :long_string, :random_iv => true, :compress => true
 
   validates :encrypted_bank_account_number, :symmetric_encryption => true
   validates :encrypted_social_security_number, :symmetric_encryption => true
@@ -56,6 +60,9 @@ class AttrEncryptedTest < Test::Unit::TestCase
       @social_security_number = "987654321"
       @social_security_number_encrypted = "S+8X1NRrqdfEIQyFHVPuVA=="
 
+      @string = "A string containing some data to be encrypted with a random initialization vector"
+      @long_string = "A string containing some data to be encrypted with a random initialization vector and compressed since it takes up so much space in plain text form"
+
       @user = User.new(
         # Encrypted Attribute
         :bank_account_number              => @bank_account_number,
@@ -82,6 +89,29 @@ class AttrEncryptedTest < Test::Unit::TestCase
       assert_equal @social_security_number_encrypted, @user.encrypted_social_security_number
     end
 
+    should "support same iv" do
+      @user.social_security_number = @social_security_number
+      assert first_value = @user.social_security_number
+      # Assign the same value
+      @user.social_security_number = @social_security_number
+      assert_equal first_value, @user.social_security_number
+    end
+
+    should "support a random iv" do
+      @user.string = @string
+      assert first_value = @user.encrypted_string
+      # Assign the same value
+      @user.string = @string.dup
+      assert_equal true, first_value != @user.encrypted_string
+    end
+
+    should "support a random iv and compress" do
+      @user.string = @long_string
+      @user.long_string = @long_string
+
+      assert_equal true, (@user.encrypted_long_string.length.to_f / @user.encrypted_string.length) < 0.8
+    end
+
     should "encrypt" do
       user = User.new
       user.bank_account_number = @bank_account_number

data/test/cipher_test.rb

@@ -14,14 +14,14 @@ SymmetricEncryption.load!(File.join(File.dirname(__FILE__), 'config', 'symmetric
 class CipherTest < Test::Unit::TestCase
   context 'standalone' do
 
-    should "allow setting the cipher" do
+    should "allow setting the cipher_name" do
       cipher = SymmetricEncryption::Cipher.new(
-        :cipher   => 'aes-128-cbc',
+        :cipher_name   => 'aes-128-cbc',
         :key      => '1234567890ABCDEF1234567890ABCDEF',
         :iv       => '1234567890ABCDEF',
         :encoding => :none
       )
-      assert_equal 'aes-128-cbc', cipher.cipher
+      assert_equal 'aes-128-cbc', cipher.cipher_name
     end
 
     should "not require an iv" do
@@ -40,7 +40,7 @@ class CipherTest < Test::Unit::TestCase
 
     should "throw an exception on bad data" do
       cipher = SymmetricEncryption::Cipher.new(
-        :cipher   => 'aes-128-cbc',
+        :cipher_name   => 'aes-128-cbc',
         :key      => '1234567890ABCDEF1234567890ABCDEF',
         :iv       => '1234567890ABCDEF',
         :encoding => :none
@@ -70,7 +70,7 @@ class CipherTest < Test::Unit::TestCase
     end
 
     should "default to 'aes-256-cbc'" do
-      assert_equal 'aes-256-cbc', @cipher.cipher
+      assert_equal 'aes-256-cbc', @cipher.cipher_name
     end
 
     should "encrypt simple string" do
@@ -96,17 +96,18 @@ class CipherTest < Test::Unit::TestCase
     context "magic header" do
 
       should "create and parse magic header" do
-        random_cipher = SymmetricEncryption::Cipher.random_cipher
-        header = random_cipher.magic_header(compressed=true, include_iv=true, include_key=true, include_cipher=true)
-        cipher, compressed = SymmetricEncryption::Cipher.parse_magic_header!(header)
+        random_cipher = SymmetricEncryption::Cipher.new(SymmetricEncryption::Cipher.random_key_pair)
+        header = SymmetricEncryption::Cipher.magic_header(1, compressed=true, random_cipher.send(:iv), random_cipher.send(:key), random_cipher.cipher_name)
+        compressed, iv, key, cipher_name, decryption_cipher = SymmetricEncryption::Cipher.parse_magic_header!(header)
         assert_equal true, compressed
-        assert_equal random_cipher.cipher, cipher.cipher, "Ciphers differ"
-        assert_equal random_cipher.send(:key), cipher.send(:key), "Keys differ"
-        assert_equal random_cipher.send(:iv), cipher.send(:iv), "IVs differ"
+        assert_equal random_cipher.cipher_name, cipher_name, "Ciphers differ"
+        assert_equal random_cipher.send(:key), key, "Keys differ"
+        assert_equal random_cipher.send(:iv), iv, "IVs differ"
 
-        string = "Hellow World"
+        string = "Hello World"
+        cipher = SymmetricEncryption::Cipher.new(:key => key, :iv => iv, :cipher_name => cipher_name)
         # Test Encryption
-        assert_equal random_cipher.encrypt(string, false), cipher.encrypt(string, false), "Encrypted values differ"
+        assert_equal random_cipher.encrypt(string, false, false), cipher.encrypt(string, false, false), "Encrypted values differ"
       end
     end
 

data/test/config/symmetric-encryption.yml

@@ -38,7 +38,7 @@ test:
     # Current / Newest Symmetric Encryption Key
     - key_filename: /Users/rmorrison/Sandbox/symmetric-encryption/test/config/test_new.key
       iv_filename:  /Users/rmorrison/Sandbox/symmetric-encryption/test/config/test_new.iv
-      cipher:       aes-128-cbc
+      cipher_name:  aes-128-cbc
       # Base64 encode encrypted data without newlines
       encoding:     base64strict
       version:      1
@@ -46,7 +46,7 @@ test:
     # Previous Symmetric Encryption Key
     - key_filename: /Users/rmorrison/Sandbox/symmetric-encryption/test/config/test_secondary_1.key
       iv_filename:  /Users/rmorrison/Sandbox/symmetric-encryption/test/config/test_secondary_1.iv
-      cipher:       aes-128-cbc
+      cipher_name:  aes-128-cbc
       # Base64 encode encrypted data without newlines
       encoding:     base64
       version:      0

data/test/field_encrypted_test.rb

@@ -22,6 +22,8 @@ class MongoidUser
   field :name,                             :type => String
   field :encrypted_bank_account_number,    :type => String,  :encrypted => true
   field :encrypted_social_security_number, :type => String,  :encrypted => true
+  field :encrypted_string,                 :type => String,  :encrypted => true, :random_iv => true
+  field :encrypted_long_string,            :type => String,  :encrypted => true, :random_iv => true, :compress => true
 #  field :encrypted_integer,                :type => Integer, :encrypted => true
 #  field :encrypted_float,                  :type => Float,   :encrypted => true
 #  field :encrypted_date,                   :type => Date,    :encrypted => true
@@ -55,6 +57,9 @@ class FieldEncryptedTest < Test::Unit::TestCase
       @date = Date.parse('20120320')
       @date_encrypted = "WTkSPHo5ApSSHBJMxxWt2A=="
 
+      @string = "A string containing some data to be encrypted with a random initialization vector"
+      @long_string = "A string containing some data to be encrypted with a random initialization vector and compressed since it takes up so much space in plain text form"
+
       # #TODO Intercept passing in attributes to create etc.
       @user = MongoidUser.new(
         :encrypted_bank_account_number    => @bank_account_number_encrypted,
@@ -84,6 +89,29 @@ class FieldEncryptedTest < Test::Unit::TestCase
       assert_equal @social_security_number_encrypted, @user.encrypted_social_security_number
     end
 
+    should "support same iv" do
+      @user.social_security_number = @social_security_number
+      assert first_value = @user.social_security_number
+      # Assign the same value
+      @user.social_security_number = @social_security_number
+      assert_equal first_value, @user.social_security_number
+    end
+
+    should "support a random iv" do
+      @user.string = @string
+      assert first_value = @user.encrypted_string
+      # Assign the same value
+      @user.string = @string.dup
+      assert_equal true, first_value != @user.encrypted_string
+    end
+
+    should "support a random iv and compress" do
+      @user.string = @long_string
+      @user.long_string = @long_string
+
+      assert_equal true, (@user.encrypted_long_string.length.to_f / @user.encrypted_string.length) < 0.8
+    end
+
     should "encrypt" do
       user = MongoidUser.new
       user.bank_account_number = @bank_account_number

data/test/reader_test.rb

@@ -22,56 +22,90 @@ class ReaderTest < Test::Unit::TestCase
       ]
       @data_str = @data.inject('') {|sum,str| sum << str}
       @data_len = @data_str.length
-      @data_encrypted = SymmetricEncryption.cipher.encrypt(@data_str, false)
+      @data_encrypted_without_header = SymmetricEncryption.cipher.binary_encrypt(@data_str)
+
+      @data_encrypted_with_header = SymmetricEncryption::Cipher.magic_header(
+        SymmetricEncryption.cipher.version,
+        compress = false,
+        SymmetricEncryption.cipher.send(:iv),
+        SymmetricEncryption.cipher.send(:key),
+        SymmetricEncryption.cipher.cipher_name)
+      @data_encrypted_with_header << SymmetricEncryption.cipher.binary_encrypt(@data_str)
+
+      # Verify regular decrypt can decrypt this string
+      SymmetricEncryption.cipher.binary_decrypt(@data_encrypted_without_header)
+      SymmetricEncryption.cipher.binary_decrypt(@data_encrypted_with_header)
     end
 
-    should "decrypt from string stream as a single read" do
-      stream = StringIO.new(@data_encrypted)
-      decrypted = SymmetricEncryption::Reader.open(stream) {|file| file.read}
-      assert_equal @data_str, decrypted
-    end
+    [true, false].each do |header|
+      context header do
+        setup do
+          @data_encrypted = header ? @data_encrypted_with_header : @data_encrypted_without_header
+        end
 
-    should "decrypt from string stream as a single read, after a partial read" do
-      stream = StringIO.new(@data_encrypted)
-      decrypted = SymmetricEncryption::Reader.open(stream) do |file|
-        file.read(10)
-        file.read
-      end
-      assert_equal @data_str[10..-1], decrypted
-    end
+        should "decrypt from string stream as a single read" do
+          stream = StringIO.new(@data_encrypted)
+          decrypted = SymmetricEncryption::Reader.open(stream) {|file| file.read}
+          assert_equal @data_str, decrypted
+        end
 
-    should "decrypt lines from string stream" do
-      stream = StringIO.new(@data_encrypted)
-      i = 0
-      decrypted = SymmetricEncryption::Reader.open(stream) do |file|
-        file.each_line do |line|
-          assert_equal @data[i], line
-          i += 1
+        should "decrypt from string stream as a single read, after a partial read" do
+          stream = StringIO.new(@data_encrypted)
+          decrypted = SymmetricEncryption::Reader.open(stream) do |file|
+            file.read(10)
+            file.read
+          end
+          assert_equal @data_str[10..-1], decrypted
         end
-      end
-    end
 
-    should "decrypt fixed lengths from string stream" do
-      stream = StringIO.new(@data_encrypted)
-      i = 0
-      SymmetricEncryption::Reader.open(stream) do |file|
-        index = 0
-        [0,10,5,5000].each do |size|
-          buf = file.read(size)
-          if size == 0
-            assert_equal '', buf
-          else
-            assert_equal @data_str[index..index+size-1], buf
+        should "decrypt lines from string stream" do
+          stream = StringIO.new(@data_encrypted)
+          i = 0
+          decrypted = SymmetricEncryption::Reader.open(stream) do |file|
+            file.each_line do |line|
+              assert_equal @data[i], line
+              i += 1
+            end
+          end
+        end
+
+        should "decrypt fixed lengths from string stream" do
+          stream = StringIO.new(@data_encrypted)
+          i = 0
+          SymmetricEncryption::Reader.open(stream) do |file|
+            index = 0
+            [0,10,5,5000].each do |size|
+              buf = file.read(size)
+              if size == 0
+                assert_equal '', buf
+              else
+                assert_equal @data_str[index..index+size-1], buf
+              end
+              index += size
+            end
           end
-          index += size
         end
       end
     end
 
     context "reading from file" do
-      # With and without header
-      [{:header => false, :version => 1}, {:header => false, :random_key => false, :version => 1},  {:compress => false}, {:compress => true}, {:random_key => false}].each_with_index do |options, i|
-        context "with#{'out' unless options[:header]} header #{i}" do
+      [
+        # No Header
+        {:header => false, :random_key => false, :random_iv => false},
+        # Default Header with random key and iv
+        {},
+        # Header with no compression ( default anyway )
+        {:compress => false},
+        # Compress and use Random key, iv
+        {:compress => true},
+        # Header but not random key or iv
+        {:random_key => false},
+        # Random iv only
+        {:random_key => false, :random_iv => true},
+        # Random iv only with compression
+        {:random_iv => true, :compress => true},
+      ].each do |options|
+        context "with options: #{options.inspect}" do
           setup do
             @filename = '._test'
             # Create encrypted file

data/test/symmetric_encryption_test.rb

@@ -23,25 +23,25 @@ class SymmetricEncryptionTest < Test::Unit::TestCase
 
       should "match config file for first cipher" do
         cipher = SymmetricEncryption.cipher
-        assert_equal @cipher_v1[:cipher], cipher.cipher
+        assert_equal @cipher_v1[:cipher_name], cipher.cipher_name
         assert_equal @cipher_v1[:version], cipher.version
         assert_equal false, SymmetricEncryption.secondary_ciphers.include?(cipher)
       end
 
       should "match config file for v1 cipher" do
         cipher = SymmetricEncryption.cipher(1)
-        assert @cipher_v1[:cipher]
+        assert @cipher_v1[:cipher_name]
         assert @cipher_v1[:version]
-        assert_equal @cipher_v1[:cipher], cipher.cipher
+        assert_equal @cipher_v1[:cipher_name], cipher.cipher_name
         assert_equal @cipher_v1[:version], cipher.version
         assert_equal false, SymmetricEncryption.secondary_ciphers.include?(cipher)
       end
 
       should "match config file for v0 cipher" do
         cipher = SymmetricEncryption.cipher(0)
-        assert @cipher_v0[:cipher]
+        assert @cipher_v0[:cipher_name]
         assert @cipher_v0[:version]
-        assert_equal @cipher_v0[:cipher], cipher.cipher
+        assert_equal @cipher_v0[:cipher_name], cipher.cipher_name
         assert_equal @cipher_v0[:version], cipher.version
         assert_equal true, SymmetricEncryption.secondary_ciphers.include?(cipher)
       end
@@ -95,6 +95,26 @@ class SymmetricEncryptionTest < Test::Unit::TestCase
       end
     end
 
+    context "random iv" do
+      setup do
+          @social_security_number = "987654321"
+      end
+
+      should "encrypt and then decrypt using random iv" do
+        # Encrypt with random iv
+        assert encrypted = SymmetricEncryption.encrypt(@social_security_number, true)
+        assert_equal true, SymmetricEncryption.encrypted?(encrypted)
+        assert_equal @social_security_number, SymmetricEncryption.decrypt(encrypted)
+      end
+
+      should "encrypt and then decrypt using random iv" do
+        # Encrypt with random iv and compress
+        assert encrypted = SymmetricEncryption.encrypt(@social_security_number, true, true)
+        assert_equal true, SymmetricEncryption.encrypted?(encrypted)
+        assert_equal @social_security_number, SymmetricEncryption.decrypt(encrypted)
+      end
+    end
+
   end
 
 end

data/test/writer_test.rb

@@ -22,7 +22,7 @@ class WriterTest < Test::Unit::TestCase
       ]
       @data_str = @data.inject('') {|sum,str| sum << str}
       @data_len = @data_str.length
-      @data_encrypted = SymmetricEncryption.cipher.encrypt(@data_str, false)
+      @data_encrypted = SymmetricEncryption.cipher.binary_encrypt(@data_str, false, false)
       @filename = '._test'
     end
 
@@ -32,7 +32,7 @@ class WriterTest < Test::Unit::TestCase
 
     should "encrypt to string stream" do
       stream = StringIO.new
-      file = SymmetricEncryption::Writer.new(stream, :header => false, :random_key => false)
+      file = SymmetricEncryption::Writer.new(stream, :header => false, :random_key => false, :random_iv => false)
       written_len = @data.inject(0) {|sum,str| sum + file.write(str)}
       file.close
 
@@ -53,7 +53,7 @@ class WriterTest < Test::Unit::TestCase
 
     should "encrypt to file using .open" do
       written_len = nil
-      SymmetricEncryption::Writer.open(@filename, :header => false, :random_key => false) do |file|
+      SymmetricEncryption::Writer.open(@filename, :header => false, :random_key => false, :random_iv => false) do |file|
         written_len = @data.inject(0) {|sum,str| sum + file.write(str)}
       end
       assert_equal @data_len, written_len

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: symmetric-encryption
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 2.0.0
 platform: ruby
 authors:
 - Reid Morrison
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-04-11 00:00:00.000000000 Z
+date: 2013-04-16 00:00:00.000000000 Z
 dependencies: []
 description: SymmetricEncryption supports encrypting ActiveRecord data, Mongoid data,
   passwords in configuration files, encrypting and decrypting of large files through