symmetric-encryption 3.6.0 → 3.7.0

data/lib/symmetric_encryption/cipher.rb

@@ -85,18 +85,18 @@ module SymmetricEncryption
     #     Recommended: true
     #
     def initialize(params={})
-      parms              = params.dup
-      @key               = parms.delete(:key)
-      @iv                = parms.delete(:iv)
-      @cipher_name       = parms.delete(:cipher_name) || parms.delete(:cipher) || 'aes-256-cbc'
-      @version           = parms.delete(:version)
-      @always_add_header = parms.delete(:always_add_header) || false
-      @encoding          = (parms.delete(:encoding) || :base64).to_sym
-
-      raise "Missing mandatory parameter :key" unless @key
-      raise "Invalid Encoding: #{@encoding}" unless ENCODINGS.include?(@encoding)
-      raise "Cipher version has a valid rage of 0 to 255. #{@version} is too high, or negative" if (@version.to_i > 255) || (@version.to_i < 0)
-      parms.each_pair {|k,v| warn "SymmetricEncryption::Cipher Ignoring unknown option #{k.inspect} = #{v.inspect}"}
+      params             = params.dup
+      @key               = params.delete(:key)
+      @iv                = params.delete(:iv)
+      @cipher_name       = params.delete(:cipher_name) || params.delete(:cipher) || 'aes-256-cbc'
+      @version           = params.delete(:version)
+      @always_add_header = params.delete(:always_add_header) || false
+      @encoding          = (params.delete(:encoding) || :base64).to_sym
+
+      raise(ArgumentError, "Missing mandatory parameter :key") unless @key
+      raise(ArgumentError, "Invalid Encoding: #{@encoding}") unless ENCODINGS.include?(@encoding)
+      raise(ArgumentError, "Cipher version has a valid range of 0 to 255. #{@version} is too high, or negative") if (@version.to_i > 255) || (@version.to_i < 0)
+      raise(ArgumentError, "SymmetricEncryption::Cipher Invalid options #{params.inspect}") if params.size > 0
     end
 
     # Encrypt and then encode a string
@@ -286,7 +286,7 @@ module SymmetricEncryption
       # otherwise to decrypt the data following the header
       version       = flags & 0b0000_0000_1111_1111
       decryption_cipher = SymmetricEncryption.cipher(version)
-      raise "Cipher with version:#{version.inspect} not found in any of the configured SymmetricEncryption ciphers" unless decryption_cipher
+      raise(SymmetricEncryption::CipherError, "Cipher with version:#{version.inspect} not found in any of the configured SymmetricEncryption ciphers") unless decryption_cipher
       iv, key, cipher_name   = nil
 
       if include_iv

data/lib/symmetric_encryption/exception.rb

@@ -0,0 +1,15 @@
+module SymmetricEncryption
+
+  # Exceptions created by SymmetricEncryption
+  class Error < StandardError
+  end
+
+  # Exceptions when working with Ciphers
+  class CipherError < Error
+  end
+
+  # Exceptions when trying to use the keys before they have been configured
+  class ConfigError < Error
+  end
+
+end

data/lib/symmetric_encryption/extensions/mongo_mapper/plugins/encrypted_key.rb

@@ -112,7 +112,7 @@ module MongoMapper
           encrypted_key_name = options.delete(:encrypt_as) || "encrypted_#{key_name}"
           options[:type]     = COERCION_MAP[type] unless [:yaml, :json].include?(options[:type])
 
-          raise "Invalid type: #{type.inspect}. Valid types: #{COERCION_MAP.keys.join(',')}" unless options[:type]
+          raise(ArgumentError, "Invalid type: #{type.inspect}. Valid types: #{COERCION_MAP.keys.join(',')}") unless options[:type]
 
           SymmetricEncryption::Generator.generate_decrypted_accessors(self, key_name, encrypted_key_name, options)
 

data/lib/symmetric_encryption/extensions/mongoid/encrypted.rb

@@ -99,7 +99,7 @@ Mongoid::Fields.option :encrypted do |model, field, options|
     end
 
     if decrypted_field_name.nil?
-      raise "SymmetricEncryption for Mongoid. Encryption enabled for field #{encrypted_field_name}. It must either start with 'encrypted_' or the option :decrypt_as must be supplied"
+      raise(ArgumentError, "SymmetricEncryption for Mongoid. Encryption enabled for field #{encrypted_field_name}. It must either start with 'encrypted_' or the option :decrypt_as must be supplied")
     end
 
     SymmetricEncryption::Generator.generate_decrypted_accessors(model, decrypted_field_name, encrypted_field_name, options)

data/lib/symmetric_encryption/generator.rb

@@ -3,21 +3,13 @@ module SymmetricEncryption
     # Common internal method for generating accessors for decrypted accessors
     # Primarily used by extensions
     def self.generate_decrypted_accessors(model, decrypted_name, encrypted_name, options)
+      options   = options.dup
+      random_iv = options.delete(:random_iv) || false
+      compress  = options.delete(:compress) || false
+      type      = options.delete(:type) || :string
 
-      random_iv      = options.delete(:random_iv) || false
-      compress       = options.delete(:compress) || false
-      type           = options.delete(:type) || :string
-
-      # For backward compatibility
-      if options.delete(:marshal) == true
-        warn("The :marshal option has been deprecated in favor of :type. For example: attr_encrypted name, type: :yaml")
-        raise "Marshal is depreacted and cannot be used in conjunction with :type, just use :type. For #{params.inspect}" if type != :string
-        type = :yaml
-      end
-
-      options.each {|option| warn "Ignoring unknown option #{option.inspect} supplied when encrypting #{decrypted_name} with #{params.inspect}"}
-
-      raise "Invalid type: #{type.inspect}. Valid types: #{SymmetricEncryption::COERCION_TYPES.inspect}" unless SymmetricEncryption::COERCION_TYPES.include?(type)
+      raise(ArgumentError, "SymmetricEncryption Invalid options #{options.inspect} when encrypting '#{decrypted_name}'") if options.size > 0
+      raise(ArgumentError, "Invalid type: #{type.inspect}. Valid types: #{SymmetricEncryption::COERCION_TYPES.inspect}") unless SymmetricEncryption::COERCION_TYPES.include?(type)
 
       if model.const_defined?(:EncryptedAttributes, _search_ancestors = false)
         mod = model.const_get(:EncryptedAttributes)
@@ -28,25 +20,25 @@ module SymmetricEncryption
 
       # Generate getter and setter methods
       mod.module_eval(<<-EOS, __FILE__, __LINE__ + 1)
-      # Set the un-encrypted field
-      # Also updates the encrypted field with the encrypted value
-      # Freeze the decrypted field value so that it is not modified directly
-      def #{decrypted_name}=(value)
-        v = SymmetricEncryption::coerce(value, :#{type})
-        self.#{encrypted_name} = @stored_#{encrypted_name} = ::SymmetricEncryption.encrypt(v,#{random_iv},#{compress},:#{type})
-        @#{decrypted_name} = v.freeze
-      end
+        # Set the un-encrypted field
+        # Also updates the encrypted field with the encrypted value
+        # Freeze the decrypted field value so that it is not modified directly
+        def #{decrypted_name}=(value)
+          v = SymmetricEncryption::coerce(value, :#{type})
+          self.#{encrypted_name} = @stored_#{encrypted_name} = ::SymmetricEncryption.encrypt(v,#{random_iv},#{compress},:#{type})
+          @#{decrypted_name} = v.freeze
+        end
 
-      # Returns the decrypted value for the encrypted field
-      # The decrypted value is cached and is only decrypted if the encrypted value has changed
-      # If this method is not called, then the encrypted value is never decrypted
-      def #{decrypted_name}
-        if @stored_#{encrypted_name} != self.#{encrypted_name}
-          @#{decrypted_name} = ::SymmetricEncryption.decrypt(self.#{encrypted_name},version=nil,:#{type}).freeze
-          @stored_#{encrypted_name} = self.#{encrypted_name}
+        # Returns the decrypted value for the encrypted field
+        # The decrypted value is cached and is only decrypted if the encrypted value has changed
+        # If this method is not called, then the encrypted value is never decrypted
+        def #{decrypted_name}
+          if @stored_#{encrypted_name} != self.#{encrypted_name}
+            @#{decrypted_name} = ::SymmetricEncryption.decrypt(self.#{encrypted_name},version=nil,:#{type}).freeze
+            @stored_#{encrypted_name} = self.#{encrypted_name}
+          end
+          @#{decrypted_name}
         end
-        @#{decrypted_name}
-      end
 
       EOS
     end

data/lib/symmetric_encryption/railties/symmetric_encryption.rake

@@ -11,7 +11,7 @@ namespace :symmetric_encryption do
     begin
       require 'highline'
     rescue LoadError
-      raise "Please install gem highline before using the command line task to encrypt an entered string.\n   gem install \"highline\""
+      raise(SymmetricEncryption::ConfigError, "Please install gem highline before using the command line task to encrypt an entered string.\n   gem install \"highline\"")
     end
     password1 = nil
     password2 = 0

data/lib/symmetric_encryption/reader.rb

@@ -77,7 +77,7 @@ module SymmetricEncryption
     #   csv.close if csv
     # end
     def self.open(filename_or_stream, options={}, &block)
-      raise "options must be a hash" unless options.respond_to?(:each_pair)
+      raise(ArgumentError, 'options must be a hash') unless options.respond_to?(:each_pair)
       mode     = options.fetch(:mode, 'rb')
       compress = options.fetch(:compress, false)
       ios      = filename_or_stream.is_a?(String) ? ::File.open(filename_or_stream, mode) : filename_or_stream
@@ -115,7 +115,7 @@ module SymmetricEncryption
       @version        = options[:version]
       @header_present = false
 
-      raise "Buffer size cannot be smaller than 128" unless @buffer_size >= 128
+      raise(ArgumentError, 'Buffer size cannot be smaller than 128') unless @buffer_size >= 128
 
       read_header
     end
@@ -180,12 +180,14 @@ module SymmetricEncryption
       data = nil
       if length
         return '' if length == 0
-        return nil if @ios.eof? && (@read_buffer.length == 0)
+        return nil if eof?
         # Read length bytes
         while (@read_buffer.length < length) && !@ios.eof?
           read_block
         end
-        if @read_buffer.length > length
+        if @read_buffer.length == 0
+          data = nil
+        elsif @read_buffer.length > length
           data = @read_buffer.slice!(0..length-1)
         else
           data = @read_buffer
@@ -301,7 +303,7 @@ module SymmetricEncryption
         rewind
         offset = size + amount
       else
-        raise "unknown whence:#{whence} supplied to seek()"
+        raise(ArgumentError, "unknown whence:#{whence} supplied to seek()")
       end
       read(offset) if offset > 0
       0

data/lib/symmetric_encryption/symmetric_encryption.rb

@@ -38,7 +38,7 @@ module SymmetricEncryption
   #     cipher: 'aes-128-cbc'
   #   )
   def self.cipher=(cipher)
-    raise "Cipher must be similar to SymmetricEncryption::Ciphers" unless cipher.nil? || (cipher.respond_to?(:encrypt) && cipher.respond_to?(:decrypt))
+    raise(ArgumentError, 'Cipher must respond to :encrypt and :decrypt') unless cipher.nil? || (cipher.respond_to?(:encrypt) && cipher.respond_to?(:decrypt))
     @@cipher = cipher
   end
 
@@ -47,7 +47,7 @@ module SymmetricEncryption
   #   Returns the primary cipher if no match was found and version == 0
   #   Returns nil if no match was found and version != 0
   def self.cipher(version = nil)
-    raise "Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data" unless @@cipher
+    raise(SymmetricEncryption::ConfigError, 'Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data') unless @@cipher
     return @@cipher if version.nil? || (@@cipher.version == version)
     secondary_ciphers.find {|c| c.version == version} || (@@cipher if version == 0)
   end
@@ -59,9 +59,9 @@ module SymmetricEncryption
 
   # Set the Secondary Symmetric Ciphers Array to be used
   def self.secondary_ciphers=(secondary_ciphers)
-    raise "secondary_ciphers must be a collection" unless secondary_ciphers.respond_to? :each
+    raise(ArgumentError, "secondary_ciphers must be a collection") unless secondary_ciphers.respond_to? :each
     secondary_ciphers.each do |cipher|
-      raise "secondary_ciphers can only consist of SymmetricEncryption::Ciphers" unless cipher.respond_to?(:encrypt) && cipher.respond_to?(:decrypt)
+      raise(ArgumentError, "secondary_ciphers can only consist of SymmetricEncryption::Ciphers") unless cipher.respond_to?(:encrypt) && cipher.respond_to?(:decrypt)
     end
     @@secondary_ciphers = secondary_ciphers
   end
@@ -106,7 +106,7 @@ module SymmetricEncryption
   #       the incorrect key. Clearly the data returned is garbage, but it still
   #       successfully returns a string of data
   def self.decrypt(encrypted_and_encoded_string, version=nil, type=:string)
-    raise "Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data" unless @@cipher
+    raise(SymmetricEncryption::ConfigError, 'Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data') unless @@cipher
     return encrypted_and_encoded_string if encrypted_and_encoded_string.nil? || (encrypted_and_encoded_string == '')
 
     str = encrypted_and_encoded_string.to_s
@@ -176,7 +176,7 @@ module SymmetricEncryption
   #       the coercible gem is available in the path.
   #     Default: :string
   def self.encrypt(str, random_iv=false, compress=false, type=:string)
-    raise "Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data" unless @@cipher
+    raise(SymmetricEncryption::ConfigError, 'Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data') unless @@cipher
 
     # Encrypt and then encode the supplied string
     @@cipher.encrypt(coerce_to_string(str, type), random_iv, compress)
@@ -194,10 +194,10 @@ module SymmetricEncryption
   # WARNING: It is possible to decrypt data using the wrong key, so the value
   #          returned should not be relied upon
   def self.try_decrypt(str)
-    raise "Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data" unless @@cipher
+    raise(SymmetricEncryption::ConfigError, 'Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data') unless @@cipher
     begin
       decrypt(str)
-    rescue OpenSSL::Cipher::CipherError
+    rescue OpenSSL::Cipher::CipherError, SymmetricEncryption::CipherError
       nil
     end
   end
@@ -210,7 +210,7 @@ module SymmetricEncryption
   #          symmetric encryption header. In some cases data decrypted using the
   #          wrong key will decrypt and return garbage
   def self.encrypted?(encrypted_data)
-    raise "Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data" unless @@cipher
+    raise(SymmetricEncryption::ConfigError, 'Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data') unless @@cipher
 
     # For now have to decrypt it fully
     result = try_decrypt(encrypted_data)
@@ -276,7 +276,7 @@ module SymmetricEncryption
 
     # RSA key to decrypt key files
     private_rsa_key = config.delete('private_rsa_key')
-    raise "The configuration file must contain a 'private_rsa_key' parameter to generate symmetric keys" unless private_rsa_key
+    raise(SymmetricEncryption::ConfigError, "The configuration file must contain a 'private_rsa_key' parameter to generate symmetric keys") unless private_rsa_key
     rsa_key = OpenSSL::PKey::RSA.new(private_rsa_key)
 
     # Check if config file contains 1 or multiple ciphers
@@ -411,7 +411,7 @@ module SymmetricEncryption
 
     # Load Encrypted Symmetric keys
     if key_filename = config.delete(:key_filename)
-      raise "Missing mandatory config parameter :private_rsa_key when :key_filename is supplied" unless rsa
+      raise(SymmetricEncryption::ConfigError, "Missing mandatory config parameter :private_rsa_key when :key_filename is supplied") unless rsa
       encrypted_key = begin
         File.open(key_filename, 'rb'){|f| f.read}
       rescue Errno::ENOENT
@@ -423,7 +423,7 @@ module SymmetricEncryption
     end
 
     if iv_filename = config.delete(:iv_filename)
-      raise "Missing mandatory config parameter :private_rsa_key when :iv_filename is supplied" unless rsa
+      raise(SymmetricEncryption::ConfigError, "Missing mandatory config parameter :private_rsa_key when :iv_filename is supplied") unless rsa
       encrypted_iv = begin
         File.open(iv_filename, 'rb'){|f| f.read} if iv_filename
       rescue Errno::ENOENT
@@ -435,7 +435,7 @@ module SymmetricEncryption
     end
 
     if encrypted_key = config.delete(:encrypted_key)
-      raise "Missing mandatory config parameter :private_rsa_key when :encrypted_key is supplied" unless rsa
+      raise(SymmetricEncryption::ConfigError, "Missing mandatory config parameter :private_rsa_key when :encrypted_key is supplied") unless rsa
       # Decode value first using encoding specified
       encrypted_key = ::Base64.decode64(encrypted_key)
       if !encrypted_key || encrypted_key.empty?
@@ -447,7 +447,7 @@ module SymmetricEncryption
     end
 
     if encrypted_iv = config.delete(:encrypted_iv)
-      raise "Missing mandatory config parameter :private_rsa_key when :encrypted_iv is supplied" unless rsa
+      raise(SymmetricEncryption::ConfigError, "Missing mandatory config parameter :private_rsa_key when :encrypted_iv is supplied") unless rsa
       # Decode value first using encoding specified
       encrypted_iv = ::Base64.decode64(encrypted_iv)
       if !encrypted_key || encrypted_key.empty?

data/lib/symmetric_encryption/version.rb

@@ -1,3 +1,3 @@
 module SymmetricEncryption #:nodoc
-  VERSION = "3.6.0"
+  VERSION = "3.7.0"
 end

data/lib/symmetric_encryption/writer.rb

@@ -99,7 +99,7 @@ module SymmetricEncryption
     #    csv.close if csv
     #  end
     def self.open(filename_or_stream, options={}, &block)
-      raise "options must be a hash" unless options.respond_to?(:each_pair)
+      raise(ArgumentError, 'options must be a hash') unless options.respond_to?(:each_pair)
       mode = options.fetch(:mode, 'wb')
       compress = options.fetch(:compress, false)
       ios = filename_or_stream.is_a?(String) ? ::File.open(filename_or_stream, mode) : filename_or_stream
@@ -119,19 +119,19 @@ module SymmetricEncryption
       header      = options.fetch(:header, true)
       random_key  = options.fetch(:random_key, true)
       random_iv   = options.fetch(:random_iv, random_key)
-      raise "When :random_key is true, :random_iv must also be true" if random_key && !random_iv
+      raise(ArgumentError, 'When :random_key is true, :random_iv must also be true') if random_key && !random_iv
       # Compress is only used at this point for setting the flag in the header
       compress    = options.fetch(:compress, false)
       version     = options[:version]
       cipher_name = options[:cipher_name]
-      raise "Cannot supply a :cipher_name unless both :random_key and :random_iv are true" if cipher_name && !random_key && !random_iv
+      raise(ArgumentError, 'Cannot supply a :cipher_name unless both :random_key and :random_iv are true') if cipher_name && !random_key && !random_iv
 
       # Force header if compressed or using random iv, key
       header = true if compress || random_key || random_iv
 
       # Cipher to encrypt the random_key, or the entire file
       cipher = SymmetricEncryption.cipher(version)
-      raise "Cipher with version:#{version} not found in any of the configured SymmetricEncryption ciphers" unless cipher
+      raise(SymmetricEncryption::CipherError, "Cipher with version:#{version} not found in any of the configured SymmetricEncryption ciphers") unless cipher
 
       @stream_cipher = ::OpenSSL::Cipher.new(cipher_name || cipher.cipher_name)
       @stream_cipher.encrypt

data/lib/symmetric_encryption.rb

@@ -6,6 +6,7 @@ require 'coercible'
 require 'symmetric_encryption/version'
 require 'symmetric_encryption/cipher'
 require 'symmetric_encryption/symmetric_encryption'
+require 'symmetric_encryption/exception'
 
 module SymmetricEncryption
   autoload :Reader,    'symmetric_encryption/reader'

data/test/active_record_test.rb

@@ -1,8 +1,8 @@
-require File.dirname(__FILE__) + '/test_helper'
+require_relative 'test_helper'
 
 ActiveRecord::Base.logger = SemanticLogger[ActiveRecord]
 ActiveRecord::Base.configurations = YAML::load(ERB.new(IO.read('test/config/database.yml')).result)
-ActiveRecord::Base.establish_connection('test')
+ActiveRecord::Base.establish_connection(:test)
 
 ActiveRecord::Schema.define version: 0 do
   create_table :users, force: true do |t|
@@ -13,6 +13,7 @@ ActiveRecord::Schema.define version: 0 do
     t.text   :encrypted_data_yaml
     t.text   :encrypted_data_json
     t.string :name
+    t.string :encrypted_unsupported_option
 
     t.string :encrypted_integer_value
     t.string :encrypted_float_value
@@ -67,7 +68,7 @@ User.establish_connection(cfg)
 #
 # Unit Test for attr_encrypted extensions in ActiveRecord
 #
-class ActiveRecordTest < Test::Unit::TestCase
+class ActiveRecordTest < Minitest::Test
   context 'ActiveRecord' do
     INTEGER_VALUE  = 12
     FLOAT_VALUE    = 88.12345
@@ -163,13 +164,15 @@ class ActiveRecordTest < Test::Unit::TestCase
     end
 
     should 'allow lookups using unencrypted or encrypted column name' do
-      @user.save!
+      if ActiveRecord::VERSION::STRING.to_f < 4.1
+        @user.save!
 
-      inq = User.find_by_bank_account_number(@bank_account_number)
-      assert_equal @bank_account_number, inq.bank_account_number
-      assert_equal @bank_account_number_encrypted, inq.encrypted_bank_account_number
+        inq = User.find_by_bank_account_number(@bank_account_number)
+        assert_equal @bank_account_number, inq.bank_account_number
+        assert_equal @bank_account_number_encrypted, inq.encrypted_bank_account_number
 
-      @user.delete
+        @user.delete
+      end
     end
 
     should 'all paths should lead to the same result' do
@@ -471,4 +474,4 @@ class ActiveRecordTest < Test::Unit::TestCase
       end
     end
   end
-end
+end

data/test/cipher_test.rb

@@ -1,8 +1,8 @@
-require File.dirname(__FILE__) + '/test_helper'
+require_relative 'test_helper'
 
 # Unit Test for SymmetricEncryption::Cipher
 #
-class CipherTest < Test::Unit::TestCase
+class CipherTest < Minitest::Test
   context 'standalone' do
 
     should "allow setting the cipher_name" do
@@ -36,7 +36,7 @@ class CipherTest < Test::Unit::TestCase
         iv:          '1234567890ABCDEF',
         encoding:    :none
       )
-      assert_raise OpenSSL::Cipher::CipherError do
+      assert_raises OpenSSL::Cipher::CipherError do
         cipher.decrypt('bad data')
       end
     end