symmetric-encryption 3.0.3 → 3.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e9372dc10ff0f61fac4ce5b15b1166c12e0623e1
-  data.tar.gz: b5953a44d66dff085cd6417622bad5e0ca7cdeb5
+  metadata.gz: 5b55176807bf8e48cedee2a8f6d40a12c7119200
+  data.tar.gz: f8e5b0547683314ff7c1212989ba81a4cad1439c
 SHA512:
-  metadata.gz: 1bb09ce303a73a7031f4c8b6f8561ed3fd60239cdd75d7ad8251bdcb4708273d21207f2ae007fb1898ecc00e6b8fefbf6a7b318577105eee009da2825e2aee43
-  data.tar.gz: 1e579b442711e49ac774efcd53cf453a862e6917e1469053fe52fc310cf114059ee5c121a60d0e3243016fcb8b2234fffa4f63e987c4e4cc7646fc8dbf88e230
+  metadata.gz: dae35d6143650d7a3ea7b3d181a70456088d9a26341bb2c7d83b4aab6f7969b271965c24d0dda7fe906cb26702a7dbdd964c93cecf1df9310dd6d0239acad2e8
+  data.tar.gz: 19e4120aa1a617601c41002326256743ef8ea707001e14f7d3f324e2e8675ec1067bc45c4561f43e9daf7a25ef005e408d5aff4dee0daa1100aab513495ad2f2

data/README.md

@@ -96,7 +96,8 @@ randomly generated IV is used and included in every encrypted string.
 The Symmetric Encryption streaming interface SymmetricEncryption::Writer avoids this
 problem by using a random IV and key in every file/stream by default.
 The random IV and key are stored in the header of the output stream so that it
-is available when reading back the encrypted file/stream.
+is available when reading back the encrypted file/stream. The key is placed
+in a header on the file in encrypted form using the current global key/cipher.
 
 The ActiveRecord attr_encrypted method supports the :random_iv => true option.
 Similarly for Mongoid the :random_iv => true option can be added.
@@ -136,6 +137,11 @@ option will result in different encrypted output every time it is encrypted.
 * Set :random_iv => true for all ActiveRecord attributes and Mongoid fields
   which are not used in indexes and will not be used as part of a query.
 
+## Binary Data
+
+On decryption an attempt is made to encode the data as UTF-8, if it fails it
+will be returned as BINARY encoded.
+
 ## Examples
 
 ### Encryption Example
@@ -340,6 +346,11 @@ The file header also contains a random key and iv used to encrypt the files cont
 The key and iv is encrypted with the global encryption key being used by the symmetric
 encryption installation.
 
+## Dependencies
+
+- Ruby 1.9.3 (or above) Or, JRuby 1.7.3 (or above)
+- Optional: To log to MongoDB, Mongo Ruby Driver 1.5.2 or above
+
 ## Installation
 
 ### Add to an existing Rails project

data/lib/symmetric_encryption/cipher.rb

@@ -19,7 +19,6 @@ module SymmetricEncryption
     # Defines the Header Structure returned when parsing the header
     HeaderStruct = Struct.new(
       :compressed,          # [true|false] Whether the data is compressed, if supplied in the header
-      :binary,              # [true|false] Whether the data is binary, if supplied in the header
       :iv,                  # [String] IV used to encrypt the data, if supplied in the header
       :key,                 # [String] Key used to encrypt the data, if supplied in the header
       :cipher_name,         # [String] Name of the cipher used, if supplied in the header
@@ -100,7 +99,7 @@ module SymmetricEncryption
       parms.each_pair {|k,v| warn "SymmetricEncryption::Cipher Ignoring unknown option #{k.inspect} = #{v.inspect}"}
     end
 
-    # Encrypt and then encode a binary or UTF-8 string
+    # Encrypt and then encode a string
     #
     # Returns data encrypted and then encoded according to the encoding setting
     #         of this cipher
@@ -154,14 +153,7 @@ module SymmetricEncryption
     #   encrypted_string [String]
     #     Binary encrypted string to decrypt
     #
-    #   header [HeaderStruct]
-    #     Optional header for the supplied encrypted_string
-    #
-    #   binary [true|false]
-    #     If no header is supplied then determines whether the string returned
-    #     is binary or UTF8
-    #
-    # Reads the 'magic' header if present for key, iv, cipher_name and compression
+    # Reads the header if present for key, iv, cipher_name and compression
     #
     # encrypted_string must be in raw binary form when calling this method
     #
@@ -173,7 +165,14 @@ module SymmetricEncryption
       return unless decoded
 
       return decoded if decoded.empty?
-      binary_decrypt(decoded).force_encoding(SymmetricEncryption::UTF8_ENCODING)
+      decrypted = binary_decrypt(decoded)
+      if defined?(Encoding)
+        # Try to force result to UTF-8 encoding, but if it is not valid, force it back to Binary
+        unless decrypted.force_encoding(SymmetricEncryption::UTF8_ENCODING).valid_encoding?
+          decrypted.force_encoding(SymmetricEncryption::BINARY_ENCODING)
+        end
+      end
+      decrypted
     end
 
     # Returns UTF8 encoded string after encoding the supplied Binary string
@@ -283,7 +282,6 @@ module SymmetricEncryption
       include_iv    = (flags & 0b0100_0000_0000_0000) != 0
       include_key   = (flags & 0b0010_0000_0000_0000) != 0
       include_cipher= (flags & 0b0001_0000_0000_0000) != 0
-      binary        = (flags & 0b0000_1000_0000_0000) != 0
       # Version of the key to use to decrypt the key if present,
       # otherwise to decrypt the data following the header
       version       = flags & 0b0000_0000_1111_1111
@@ -297,14 +295,14 @@ module SymmetricEncryption
       end
       if include_key
         len = buffer.slice!(0..1).unpack('v').first
-        key = decryption_cipher.binary_decrypt(buffer.slice!(0..len-1), header=false, binary=true)
+        key = decryption_cipher.binary_decrypt(buffer.slice!(0..len-1), header=false)
       end
       if include_cipher
         len    = buffer.slice!(0..1).unpack('v').first
         cipher_name = buffer.slice!(0..len-1)
       end
 
-      HeaderStruct.new(compressed, binary, iv, key, cipher_name, version, decryption_cipher)
+      HeaderStruct.new(compressed, iv, key, cipher_name, version, decryption_cipher)
     end
 
     # Returns a magic header for this cipher instance that can be placed at
@@ -328,11 +326,7 @@ module SymmetricEncryption
     #     Includes the cipher_name used. For example 'aes-256-cbc'
     #     The cipher_name string to to put in the header
     #     Default: nil : Exclude cipher_name name from header
-    #
-    #   binary
-    #     Whether the data being encrypted is binary.
-    #     When the header is read, it sets the encoding of the string returned to Binary
-    def self.build_header(version, compressed=false, iv=nil, key=nil, cipher_name=nil, binary=false)
+    def self.build_header(version, compressed=false, iv=nil, key=nil, cipher_name=nil)
       # Ruby V2 named parameters would be perfect here
 
       # Version number of supplied encryption key, or use the global cipher version if none was supplied
@@ -344,7 +338,6 @@ module SymmetricEncryption
       flags |= 0b0100_0000_0000_0000 if iv
       flags |= 0b0010_0000_0000_0000 if key
       flags |= 0b0001_0000_0000_0000 if cipher_name
-      flags |= 0b0000_1000_0000_0000 if binary
       header = "#{MAGIC_HEADER}#{[flags].pack('v')}".force_encoding(SymmetricEncryption::BINARY_ENCODING)
       if iv
         header << [iv.length].pack('v')
@@ -391,8 +384,7 @@ module SymmetricEncryption
         iv = random_iv ? openssl_cipher.random_iv : @iv
         openssl_cipher.iv = iv if iv
         # Set the binary indicator on the header if string is Binary Encoded
-        binary = (string.encoding == SymmetricEncryption::BINARY_ENCODING)
-        self.class.build_header(version, compress, random_iv ? iv : nil, nil, nil, binary) +
+        self.class.build_header(version, compress, random_iv ? iv : nil, nil, nil) +
           openssl_cipher.update(compress ? Zlib::Deflate.deflate(string) : string)
       else
         openssl_cipher.iv = @iv if @iv
@@ -405,6 +397,7 @@ module SymmetricEncryption
     # See #decrypt to decrypt encoded strings
     #
     # Returns a Binary decrypted string without decoding the string first
+    # The returned string has BINARY encoding
     #
     # Decryption of supplied string
     #   Returns the decrypted string
@@ -418,10 +411,6 @@ module SymmetricEncryption
     #   header [HeaderStruct]
     #     Optional header for the supplied encrypted_string
     #
-    #   binary [true|false]
-    #     If no header is supplied then determines whether the string returned
-    #     is binary or UTF8
-    #
     # Reads the 'magic' header if present for key, iv, cipher_name and compression
     #
     # encrypted_string must be in raw binary form when calling this method
@@ -433,16 +422,15 @@ module SymmetricEncryption
     # Note:
     #   When a string is encrypted and the header is used, its decrypted form
     #   is automatically set to the same UTF-8 or Binary encoding
-    def binary_decrypt(encrypted_string, header=nil, binary=false)
+    def binary_decrypt(encrypted_string, header=nil)
       return if encrypted_string.nil?
       str = encrypted_string.to_s
       str.force_encoding(SymmetricEncryption::BINARY_ENCODING) if str.respond_to?(:force_encoding)
       return str if str.empty?
 
-      decrypted_string = if header || self.class.has_header?(str)
+      if header || self.class.has_header?(str)
         str = str.dup
         header ||= self.class.parse_header!(str)
-        binary = header.binary
 
         openssl_cipher = ::OpenSSL::Cipher.new(header.cipher_name || self.cipher_name)
         openssl_cipher.decrypt
@@ -460,19 +448,11 @@ module SymmetricEncryption
         result = openssl_cipher.update(str)
         result << openssl_cipher.final
       end
-
-      # Support Ruby 1.9 and above Encoding
-      if defined?(Encoding)
-        # Sets the encoding of the result string to UTF8 or BINARY based on the binary header
-        binary ? decrypted_string.force_encoding(SymmetricEncryption::BINARY_ENCODING) : decrypted_string.force_encoding(SymmetricEncryption::UTF8_ENCODING)
-      else
-        decrypted_string
-      end
     end
 
     # Returns [String] object represented as a string, filtering out the key
     def inspect
-      "#<#{self.class}:0x#{self.__id__.to_s(16)} @key=\"[FILTERED]\" @iv=#{iv.inspect} @cipher_name=#{cipher_name.inspect}, @version=#{version.inspect}, @encoding=#{encoding.inspect}"
+      "#<#{self.class}:0x#{self.__id__.to_s(16)} @key=\"[FILTERED]\" @iv=#{iv.inspect} @cipher_name=#{cipher_name.inspect}, @version=#{version.inspect}, @encoding=#{encoding.inspect}, @always_add_header=#{always_add_header.inspect}"
     end
 
     private

data/lib/symmetric_encryption/symmetric_encryption.rb

@@ -90,13 +90,21 @@ module SymmetricEncryption
     return unless decoded
     return decoded if decoded.empty?
 
-    if header = Cipher.parse_header!(decoded)
+    decrypted = if header = Cipher.parse_header!(decoded)
       header.decryption_cipher.binary_decrypt(decoded, header)
     else
       # Use cipher_selector if present to decide which cipher to use
       c = @@select_cipher.nil? ? cipher(version) : @@select_cipher.call(str, decoded)
       c.binary_decrypt(decoded)
     end
+
+    if defined?(Encoding)
+      # Try to force result to UTF-8 encoding, but if it is not valid, force it back to Binary
+      unless decrypted.force_encoding(SymmetricEncryption::UTF8_ENCODING).valid_encoding?
+        decrypted.force_encoding(SymmetricEncryption::BINARY_ENCODING)
+      end
+    end
+    decrypted
   end
 
   # AES Symmetric Encryption of supplied string

data/lib/symmetric_encryption/version.rb

@@ -1,4 +1,3 @@
-# encoding: utf-8
 module SymmetricEncryption #:nodoc
-  VERSION = "3.0.3"
+  VERSION = "3.1.0"
 end

data/test/cipher_test.rb

@@ -52,12 +52,81 @@ class CipherTest < Test::Unit::TestCase
 
   end
 
+  [false, true].each do |always_add_header|
+    SymmetricEncryption::Cipher::ENCODINGS.each do |encoding|
+      context "encoding: #{encoding} with#{'out' unless always_add_header} header" do
+        setup do
+          @social_security_number = "987654321"
+          @social_security_number_encrypted =
+            case encoding
+          when :base64
+            always_add_header ? "QEVuQwAAyTeLjsHTa8ykoO95K0KQmg==\n" : "yTeLjsHTa8ykoO95K0KQmg==\n"
+          when :base64strict
+            always_add_header ? "QEVuQwAAyTeLjsHTa8ykoO95K0KQmg==" : "yTeLjsHTa8ykoO95K0KQmg=="
+          when :base16
+            always_add_header ? "40456e430000c9378b8ec1d36bcca4a0ef792b42909a" : "c9378b8ec1d36bcca4a0ef792b42909a"
+          when :none
+            bin = always_add_header ? "@EnC\x00\x00\xC97\x8B\x8E\xC1\xD3k\xCC\xA4\xA0\xEFy+B\x90\x9A" : "\xC97\x8B\x8E\xC1\xD3k\xCC\xA4\xA0\xEFy+B\x90\x9A"
+            bin.force_encoding(Encoding.find("binary"))
+          else
+            raise "Add test for encoding: #{encoding}"
+          end
+          @social_security_number_encrypted_with_secondary_1 = "D1UCu38pqJ3jc0GvwJHiow==\n"
+          @non_utf8 = "\xc2".force_encoding('binary')
+          @cipher = SymmetricEncryption::Cipher.new(
+            key:               'ABCDEF1234567890ABCDEF1234567890',
+            iv:                'ABCDEF1234567890',
+            cipher_name:       'aes-128-cbc',
+            encoding:          encoding,
+            always_add_header: always_add_header
+          )
+        end
+
+        should "encrypt simple string" do
+          assert_equal @social_security_number_encrypted, @cipher.encrypt(@social_security_number)
+        end
+
+        should "decrypt string" do
+          assert decrypted = @cipher.decrypt(@social_security_number_encrypted)
+          assert_equal @social_security_number, decrypted
+          assert_equal Encoding.find('utf-8'), decrypted.encoding, decrypted
+        end
+
+        should 'return BINARY encoding for non-UTF-8 encrypted data' do
+          assert_equal Encoding.find('binary'), @non_utf8.encoding
+          assert_equal true, @non_utf8.valid_encoding?
+          assert encrypted = @cipher.encrypt(@non_utf8)
+          assert decrypted = @cipher.decrypt(encrypted)
+          assert_equal true, decrypted.valid_encoding?
+          assert_equal Encoding.find('binary'), decrypted.encoding, decrypted
+          assert_equal @non_utf8, decrypted
+        end
+
+        should "return nil when encrypting nil" do
+          assert_equal nil, @cipher.encrypt(nil)
+        end
+
+        should "return '' when encrypting ''" do
+          assert_equal '', @cipher.encrypt('')
+        end
+
+        should "return nil when decrypting nil" do
+          assert_equal nil, @cipher.decrypt(nil)
+        end
+
+        should "return '' when decrypting ''" do
+          assert_equal '', @cipher.decrypt('')
+        end
+      end
+    end
+  end
+
   context 'with configuration' do
     setup do
       @cipher = SymmetricEncryption::Cipher.new(
-        :key      => '1234567890ABCDEF1234567890ABCDEF',
-        :iv       => '1234567890ABCDEF',
-        :encoding => :none
+        :key               => '1234567890ABCDEF1234567890ABCDEF',
+        :iv                => '1234567890ABCDEF',
+        :encoding          => :none
       )
       @social_security_number = "987654321"
 
@@ -73,42 +142,6 @@ class CipherTest < Test::Unit::TestCase
       assert_equal 'aes-256-cbc', @cipher.cipher_name
     end
 
-    should "encrypt simple string" do
-      assert_equal @social_security_number_encrypted, @cipher.encrypt(@social_security_number)
-    end
-
-    should "return nil when encrypting nil" do
-      assert_equal nil, @cipher.encrypt(nil)
-    end
-
-    should "return '' when encrypting ''" do
-      assert_equal '', @cipher.encrypt('')
-    end
-
-    should "return nil when decrypting nil" do
-      assert_equal nil, @cipher.decrypt(nil)
-    end
-
-    should "return '' when decrypting ''" do
-      assert_equal '', @cipher.decrypt('')
-    end
-
-    should "decrypt string" do
-      assert_equal @social_security_number, @cipher.decrypt(@social_security_number_encrypted)
-    end
-
-    if defined?(Encoding)
-      context "on Ruby 1.9" do
-        should "encode encrypted data as binary" do
-          assert_equal Encoding.find('binary'), @cipher.encrypt(@social_security_number).encoding
-        end
-
-        should "decode encrypted data as utf-8" do
-          assert_equal Encoding.find('utf-8'), @cipher.decrypt(@cipher.encrypt(@social_security_number)).encoding
-        end
-      end
-    end
-
     context "with header" do
       setup do
         @social_security_number = "987654321"
@@ -116,7 +149,7 @@ class CipherTest < Test::Unit::TestCase
 
       should "build and parse header" do
         assert random_key_pair = SymmetricEncryption::Cipher.random_key_pair('aes-128-cbc')
-        assert binary_header = SymmetricEncryption::Cipher.build_header(SymmetricEncryption.cipher.version, compressed=true, random_key_pair[:iv], random_key_pair[:key], random_key_pair[:cipher_name], binary=true)
+        assert binary_header = SymmetricEncryption::Cipher.build_header(SymmetricEncryption.cipher.version, compressed=true, random_key_pair[:iv], random_key_pair[:key], random_key_pair[:cipher_name])
         header = SymmetricEncryption::Cipher.parse_header!(binary_header)
         assert_equal true, header.compressed
         assert random_cipher = SymmetricEncryption::Cipher.new(random_key_pair)

data/test/reader_test.rb

@@ -31,8 +31,7 @@ class ReaderTest < Test::Unit::TestCase
         compress = false,
         @cipher.send(:iv),
         @cipher.send(:key),
-        @cipher.cipher_name,
-        binary=false,
+        @cipher.cipher_name
       )
       @data_encrypted_with_header << @cipher.binary_encrypt(@data_str)
 

data/test/symmetric_encryption_test.rb

@@ -67,6 +67,7 @@ class SymmetricEncryptionTest < Test::Unit::TestCase
             raise "Add test for encoding: #{encoding}"
           end
           @social_security_number_encrypted_with_secondary_1 = "D1UCu38pqJ3jc0GvwJHiow==\n"
+          @non_utf8 = "\xc2".force_encoding('binary')
           @encoding = SymmetricEncryption.cipher.encoding
           SymmetricEncryption.cipher.encoding = encoding
         end
@@ -80,7 +81,19 @@ class SymmetricEncryptionTest < Test::Unit::TestCase
         end
 
         should "decrypt string" do
-          assert_equal @social_security_number, SymmetricEncryption.decrypt(@social_security_number_encrypted)
+          assert decrypted = SymmetricEncryption.decrypt(@social_security_number_encrypted)
+          assert_equal @social_security_number, decrypted
+          assert_equal Encoding.find('utf-8'), decrypted.encoding, decrypted
+        end
+
+        should 'return BINARY encoding for non-UTF-8 encrypted data' do
+          assert_equal Encoding.find('binary'), @non_utf8.encoding
+          assert_equal true, @non_utf8.valid_encoding?
+          assert encrypted = SymmetricEncryption.encrypt(@non_utf8)
+          assert decrypted = SymmetricEncryption.decrypt(encrypted)
+          assert_equal true, decrypted.valid_encoding?
+          assert_equal Encoding.find('binary'), decrypted.encoding, decrypted
+          assert_equal @non_utf8, decrypted
         end
 
         should "return nil when encrypting nil" do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: symmetric-encryption
 version: !ruby/object:Gem::Version
-  version: 3.0.3
+  version: 3.1.0
 platform: ruby
 authors:
 - Reid Morrison
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-09-20 00:00:00.000000000 Z
+date: 2013-09-25 00:00:00.000000000 Z
 dependencies: []
 description: SymmetricEncryption supports encrypting ActiveRecord data, Mongoid data,
   passwords in configuration files, encrypting and decrypting of large files through