symmetric-encryption 2.2.0 → 3.0.0

data/test/reader_test.rb

@@ -22,19 +22,24 @@ class ReaderTest < Test::Unit::TestCase
       ]
       @data_str = @data.inject('') {|sum,str| sum << str}
       @data_len = @data_str.length
-      @data_encrypted_without_header = SymmetricEncryption.cipher.binary_encrypt(@data_str)
+      # Use Cipher 0 since it does not always include a header
+      @cipher = SymmetricEncryption.cipher(0)
+      @data_encrypted_without_header = @cipher.binary_encrypt(@data_str)
 
-      @data_encrypted_with_header = SymmetricEncryption::Cipher.magic_header(
-        SymmetricEncryption.cipher.version,
+      @data_encrypted_with_header = SymmetricEncryption::Cipher.build_header(
+        @cipher.version,
         compress = false,
-        SymmetricEncryption.cipher.send(:iv),
-        SymmetricEncryption.cipher.send(:key),
-        SymmetricEncryption.cipher.cipher_name)
-      @data_encrypted_with_header << SymmetricEncryption.cipher.binary_encrypt(@data_str)
+        @cipher.send(:iv),
+        @cipher.send(:key),
+        @cipher.cipher_name,
+        binary=false,
+      )
+      @data_encrypted_with_header << @cipher.binary_encrypt(@data_str)
 
       # Verify regular decrypt can decrypt this string
-      SymmetricEncryption.cipher.binary_decrypt(@data_encrypted_without_header)
-      SymmetricEncryption.cipher.binary_decrypt(@data_encrypted_with_header)
+      @cipher.binary_decrypt(@data_encrypted_without_header)
+      @cipher.binary_decrypt(@data_encrypted_with_header)
+      assert @data_encrypted_without_header != @data_encrypted_with_header
     end
 
     [true, false].each do |header|
@@ -45,13 +50,15 @@ class ReaderTest < Test::Unit::TestCase
 
         should "#read()" do
           stream = StringIO.new(@data_encrypted)
-          decrypted = SymmetricEncryption::Reader.open(stream) {|file| file.read}
+          # Version 0 supplied if the file/stream does not have a header
+          decrypted = SymmetricEncryption::Reader.open(stream, version: 0) {|file| file.read}
           assert_equal @data_str, decrypted
         end
 
         should "#read(size) followed by #read()" do
           stream = StringIO.new(@data_encrypted)
-          decrypted = SymmetricEncryption::Reader.open(stream) do |file|
+          # Version 0 supplied if the file/stream does not have a header
+          decrypted = SymmetricEncryption::Reader.open(stream, version: 0) do |file|
             file.read(10)
             file.read
           end
@@ -61,7 +68,8 @@ class ReaderTest < Test::Unit::TestCase
         should "#each_line" do
           stream = StringIO.new(@data_encrypted)
           i = 0
-          decrypted = SymmetricEncryption::Reader.open(stream) do |file|
+          # Version 0 supplied if the file/stream does not have a header
+          decrypted = SymmetricEncryption::Reader.open(stream, version: 0) do |file|
             file.each_line do |line|
               assert_equal @data[i], line
               i += 1
@@ -72,7 +80,8 @@ class ReaderTest < Test::Unit::TestCase
         should "#read(size)" do
           stream = StringIO.new(@data_encrypted)
           i = 0
-          SymmetricEncryption::Reader.open(stream) do |file|
+          # Version 0 supplied if the file/stream does not have a header
+          decrypted = SymmetricEncryption::Reader.open(stream, version: 0) do |file|
             index = 0
             [0,10,5,5000].each do |size|
               buf = file.read(size)
@@ -305,7 +314,7 @@ class ReaderTest < Test::Unit::TestCase
       should "decrypt from file in a single read with different version" do
         # Should fail since file was encrypted using version 0 key
         assert_raise OpenSSL::Cipher::CipherError do
-          SymmetricEncryption::Reader.open(@filename, :version => 1) {|file| file.read}
+          SymmetricEncryption::Reader.open(@filename, :version => 2) {|file| file.read}
         end
       end
     end

data/test/symmetric_encryption_test.rb

@@ -16,38 +16,37 @@ class SymmetricEncryptionTest < Test::Unit::TestCase
 
     context 'configuration' do
       setup do
-        @config = SymmetricEncryption.send(:read_config, File.join(File.dirname(__FILE__), 'config', 'symmetric-encryption.yml'), 'test')
-        assert @cipher_v1 = @config[:ciphers][0]
-        assert @cipher_v0 = @config[:ciphers][1]
+        @ciphers = SymmetricEncryption.send(:read_config, File.join(File.dirname(__FILE__), 'config', 'symmetric-encryption.yml'), 'test')
+        @cipher_v2, @cipher_v1, @cipher_v0 = @ciphers
       end
 
       should "match config file for first cipher" do
         cipher = SymmetricEncryption.cipher
-        assert_equal @cipher_v1[:cipher_name], cipher.cipher_name
-        assert_equal @cipher_v1[:version], cipher.version
+        assert @cipher_v2.send(:key)
+        assert @cipher_v2.send(:iv)
+        assert @cipher_v2.version
+        assert_equal @cipher_v2.cipher_name, cipher.cipher_name
+        assert_equal @cipher_v2.version, cipher.version
         assert_equal false, SymmetricEncryption.secondary_ciphers.include?(cipher)
       end
 
       should "match config file for v1 cipher" do
-        cipher = SymmetricEncryption.cipher(1)
-        assert @cipher_v1[:cipher_name]
-        assert @cipher_v1[:version]
-        assert_equal @cipher_v1[:cipher_name], cipher.cipher_name
-        assert_equal @cipher_v1[:version], cipher.version
+        cipher = SymmetricEncryption.cipher(2)
+        assert @cipher_v2.cipher_name
+        assert @cipher_v2.version
+        assert_equal @cipher_v2.cipher_name, cipher.cipher_name
+        assert_equal @cipher_v2.version, cipher.version
         assert_equal false, SymmetricEncryption.secondary_ciphers.include?(cipher)
       end
 
       should "match config file for v0 cipher" do
         cipher = SymmetricEncryption.cipher(0)
-        assert @cipher_v0[:cipher_name]
-        assert @cipher_v0[:version]
-        assert_equal @cipher_v0[:cipher_name], cipher.cipher_name
-        assert_equal @cipher_v0[:version], cipher.version
+        assert @cipher_v0.cipher_name
+        assert @cipher_v0.version
+        assert_equal @cipher_v0.cipher_name, cipher.cipher_name
+        assert_equal @cipher_v0.version, cipher.version
         assert_equal true, SymmetricEncryption.secondary_ciphers.include?(cipher)
       end
-
-      should 'read ciphers from config file' do
-      end
     end
 
     SymmetricEncryption::Cipher::ENCODINGS.each do |encoding|
@@ -57,13 +56,13 @@ class SymmetricEncryptionTest < Test::Unit::TestCase
           @social_security_number_encrypted =
             case encoding
           when :base64
-            "S+8X1NRrqdfEIQyFHVPuVA==\n"
+            "QEVuQwIAS+8X1NRrqdfEIQyFHVPuVA==\n"
           when :base64strict
-            "S+8X1NRrqdfEIQyFHVPuVA=="
+            "QEVuQwIAS+8X1NRrqdfEIQyFHVPuVA=="
           when :base16
-            "4bef17d4d46ba9d7c4210c851d53ee54"
+            "40456e4302004bef17d4d46ba9d7c4210c851d53ee54"
           when :none
-            "K\xEF\x17\xD4\xD4k\xA9\xD7\xC4!\f\x85\x1DS\xEET".force_encoding(Encoding.find("binary"))
+            "@EnC\x02\x00K\xEF\x17\xD4\xD4k\xA9\xD7\xC4!\f\x85\x1DS\xEET".force_encoding(Encoding.find("binary"))
           else
             raise "Add test for encoding: #{encoding}"
           end
@@ -88,28 +87,61 @@ class SymmetricEncryptionTest < Test::Unit::TestCase
           assert_equal true, SymmetricEncryption.encrypted?(@social_security_number_encrypted)
           assert_equal false, SymmetricEncryption.encrypted?(@social_security_number)
         end
+      end
+
+      context "using select_cipher" do
+        setup do
+          @social_security_number = "987654321"
+          # Encrypt data without a header and encode with base64 which has a trailing '\n'
+          @encrypted_0_ssn = SymmetricEncryption.cipher(0).encode(SymmetricEncryption.cipher(0).binary_encrypt(@social_security_number,false,false,false))
 
-        should "decrypt with secondary key when first one fails" do
-          assert_equal @social_security_number, SymmetricEncryption.decrypt(@social_security_number_encrypted_with_secondary_1)
+          SymmetricEncryption.select_cipher do |encoded_str, decoded_str|
+            # Use cipher version 0 if the encoded string ends with "\n" otherwise
+            # use the current default cipher
+            encoded_str.end_with?("\n") ? SymmetricEncryption.cipher(0) : SymmetricEncryption.cipher
+          end
+        end
+
+        teardown do
+          # Clear out select_cipher
+          SymmetricEncryption.select_cipher
+        end
+
+        should "decrypt string without a header using an old cipher" do
+          assert_equal @social_security_number, SymmetricEncryption.decrypt(@encrypted_0_ssn)
+        end
+      end
+
+      context "without select_cipher" do
+        setup do
+          @social_security_number = "987654321"
+          # Encrypt data without a header and encode with base64 which has a trailing '\n'
+          assert @encrypted_0_ssn = SymmetricEncryption.cipher(0).encode(SymmetricEncryption.cipher(0).binary_encrypt(@social_security_number,false,false,false))
+        end
+
+        should "decrypt string without a header using an old cipher" do
+          assert_raises OpenSSL::Cipher::CipherError do
+            SymmetricEncryption.decrypt(@encrypted_0_ssn)
+          end
         end
       end
     end
 
     context "random iv" do
       setup do
-          @social_security_number = "987654321"
+        @social_security_number = "987654321"
       end
 
       should "encrypt and then decrypt using random iv" do
         # Encrypt with random iv
-        assert encrypted = SymmetricEncryption.encrypt(@social_security_number, true)
+        assert encrypted = SymmetricEncryption.encrypt(@social_security_number, random_iv=true)
         assert_equal true, SymmetricEncryption.encrypted?(encrypted)
         assert_equal @social_security_number, SymmetricEncryption.decrypt(encrypted)
       end
 
       should "encrypt and then decrypt using random iv with compression" do
         # Encrypt with random iv and compress
-        assert encrypted = SymmetricEncryption.encrypt(@social_security_number, true, true)
+        assert encrypted = SymmetricEncryption.encrypt(@social_security_number, random_iv=true, compress=true)
         assert_equal true, SymmetricEncryption.encrypted?(encrypted)
         assert_equal @social_security_number, SymmetricEncryption.decrypt(encrypted)
       end

data/test/writer_test.rb

@@ -22,7 +22,11 @@ class WriterTest < Test::Unit::TestCase
       ]
       @data_str = @data.inject('') {|sum,str| sum << str}
       @data_len = @data_str.length
+      cipher = SymmetricEncryption.cipher
+      before = cipher.always_add_header
+      cipher.always_add_header = false
       @data_encrypted = SymmetricEncryption.cipher.binary_encrypt(@data_str, false, false)
+      cipher.always_add_header = before
       @filename = '._test'
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: symmetric-encryption
 version: !ruby/object:Gem::Version
-  version: 2.2.0
+  version: 3.0.0
 platform: ruby
 authors:
 - Reid Morrison
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-07-16 00:00:00.000000000 Z
+date: 2013-09-19 00:00:00.000000000 Z
 dependencies: []
 description: SymmetricEncryption supports encrypting ActiveRecord data, Mongoid data,
   passwords in configuration files, encrypting and decrypting of large files through
@@ -19,17 +19,10 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- Gemfile
-- Gemfile.lock
-- LICENSE.txt
-- README.md
-- Rakefile
-- examples/symmetric-encryption.yml
 - lib/rails/generators/symmetric_encryption/config/config_generator.rb
 - lib/rails/generators/symmetric_encryption/config/templates/symmetric-encryption.yml
 - lib/rails/generators/symmetric_encryption/new_keys/new_keys_generator.rb
 - lib/symmetric-encryption.rb
-- lib/symmetric_encryption.rb
 - lib/symmetric_encryption/cipher.rb
 - lib/symmetric_encryption/extensions/active_record/base.rb
 - lib/symmetric_encryption/mongoid.rb
@@ -40,12 +33,11 @@ files:
 - lib/symmetric_encryption/symmetric_encryption.rb
 - lib/symmetric_encryption/version.rb
 - lib/symmetric_encryption/writer.rb
-- nbproject/private/config.properties
-- nbproject/private/private.properties
-- nbproject/private/private.xml
-- nbproject/private/rake-d.txt
-- nbproject/project.properties
-- nbproject/project.xml
+- lib/symmetric_encryption.rb
+- examples/symmetric-encryption.yml
+- LICENSE.txt
+- Rakefile
+- README.md
 - test/attr_encrypted_test.rb
 - test/cipher_test.rb
 - test/config/database.yml
@@ -86,4 +78,20 @@ rubygems_version: 2.0.3
 signing_key: 
 specification_version: 4
 summary: Symmetric Encryption for Ruby, and Ruby on Rails
-test_files: []
+test_files:
+- test/attr_encrypted_test.rb
+- test/cipher_test.rb
+- test/config/database.yml
+- test/config/empty.csv
+- test/config/mongoid_v2.yml
+- test/config/mongoid_v3.yml
+- test/config/symmetric-encryption.yml
+- test/config/test_new.iv
+- test/config/test_new.key
+- test/config/test_secondary_1.iv
+- test/config/test_secondary_1.key
+- test/field_encrypted_test.rb
+- test/reader_test.rb
+- test/symmetric_encryption_test.rb
+- test/test_db.sqlite3
+- test/writer_test.rb

data/Gemfile

@@ -1,19 +0,0 @@
-source 'https://rubygems.org'
-
-group :test do
-  gem 'rake'
-  gem 'shoulda'
-
-  gem 'activerecord'
-  gem 'sqlite3', :platform => :ruby
-
-  platforms :jruby do
-    gem 'jdbc-sqlite3'
-    gem 'activerecord-jdbcsqlite3-adapter'
-  end
-
-  # Use Mongo as the database with Mongoid as the Object Document Mapper
-  # Edge has support for Rails 4
-  gem 'mongoid', git: 'https://github.com/mongoid/mongoid.git'
-  gem 'awesome_print'
-end

data/Gemfile.lock

@@ -1,61 +0,0 @@
-GIT
-  remote: https://github.com/mongoid/mongoid.git
-  revision: cb541fa1fd7cf9ab0a725c757490d0ac435a79f7
-  specs:
-    mongoid (4.0.0)
-      activemodel (~> 4.0.0)
-      moped (~> 1.5)
-      origin (~> 1.0)
-      tzinfo (~> 0.3.22)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    activemodel (4.0.0)
-      activesupport (= 4.0.0)
-      builder (~> 3.1.0)
-    activerecord (4.0.0)
-      activemodel (= 4.0.0)
-      activerecord-deprecated_finders (~> 1.0.2)
-      activesupport (= 4.0.0)
-      arel (~> 4.0.0)
-    activerecord-deprecated_finders (1.0.3)
-    activesupport (4.0.0)
-      i18n (~> 0.6, >= 0.6.4)
-      minitest (~> 4.2)
-      multi_json (~> 1.3)
-      thread_safe (~> 0.1)
-      tzinfo (~> 0.3.37)
-    arel (4.0.0)
-    atomic (1.1.10)
-    awesome_print (1.1.0)
-    builder (3.1.4)
-    i18n (0.6.4)
-    minitest (4.7.5)
-    moped (1.5.0)
-    multi_json (1.7.7)
-    origin (1.1.0)
-    rake (10.1.0)
-    shoulda (3.5.0)
-      shoulda-context (~> 1.0, >= 1.0.1)
-      shoulda-matchers (>= 1.4.1, < 3.0)
-    shoulda-context (1.1.4)
-    shoulda-matchers (2.2.0)
-      activesupport (>= 3.0.0)
-    sqlite3 (1.3.7)
-    thread_safe (0.1.0)
-      atomic
-    tzinfo (0.3.37)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  activerecord
-  activerecord-jdbcsqlite3-adapter
-  awesome_print
-  jdbc-sqlite3
-  mongoid!
-  rake
-  shoulda
-  sqlite3

data/nbproject/private/private.properties

@@ -1 +0,0 @@
-platform.active=Ruby_2

data/nbproject/private/private.xml

@@ -1,4 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project-private xmlns="http://www.netbeans.org/ns/project-private/1">
-    <editor-bookmarks xmlns="http://www.netbeans.org/ns/editor-bookmarks/2" lastBookmarkId="0"/>
-</project-private>

data/nbproject/private/rake-d.txt

@@ -1,4 +0,0 @@
-clean=Remove any temporary products.
-clobber=Remove any generated file.
-gem=Build gem
-test=Run Test Suite

data/nbproject/project.properties

@@ -1,9 +0,0 @@
-file.reference.symmetry-lib=lib
-file.reference.symmetry-test=test
-javac.classpath=
-main.file=
-platform.active=JRuby
-source.encoding=UTF-8
-src.examples.dir=examples
-src.lib.dir=lib
-test.test.dir=test

data/nbproject/project.xml

@@ -1,16 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://www.netbeans.org/ns/project/1">
-    <type>org.netbeans.modules.ruby.rubyproject</type>
-    <configuration>
-        <data xmlns="http://www.netbeans.org/ns/ruby-project/1">
-            <name>symmetric-encryption</name>
-            <source-roots>
-                <root id="src.lib.dir" name="Source Files"/>
-                <root id="src.examples.dir" name="Examples"/>
-            </source-roots>
-            <test-roots>
-                <root id="test.test.dir" name="Test Files"/>
-            </test-roots>
-        </data>
-    </configuration>
-</project>