RubyGems - symmetric-encryption - Versions diffs - 3.8.3 → 3.9.0 - Mend

symmetric-encryption 3.8.3 → 3.9.0

Files changed (33) hide show

checksums.yaml +4 -4
data/README.md +2 -2
data/Rakefile +16 -16
data/examples/symmetric-encryption.yml +33 -38
data/lib/rails/generators/symmetric_encryption/config/templates/symmetric-encryption.yml +10 -14
data/lib/rails/generators/symmetric_encryption/heroku_config/templates/symmetric-encryption.yml +28 -25
data/lib/symmetric_encryption.rb +14 -6
data/lib/symmetric_encryption/cipher.rb +151 -130
data/lib/symmetric_encryption/config.rb +0 -1
data/lib/symmetric_encryption/encoder.rb +79 -0
data/lib/symmetric_encryption/extensions/active_record/base.rb +94 -134
data/lib/symmetric_encryption/extensions/mongo_mapper/plugins/encrypted_key.rb +3 -89
data/lib/symmetric_encryption/key_encryption_key.rb +32 -0
data/lib/symmetric_encryption/railtie.rb +3 -3
data/lib/symmetric_encryption/symmetric_encryption.rb +41 -8
data/lib/symmetric_encryption/utils/re_encrypt_config_files.rb +82 -0
data/lib/symmetric_encryption/version.rb +1 -1
data/test/active_record_test.rb +149 -140
data/test/cipher_test.rb +98 -6
data/test/config/{mongoid_v5.yml → mongoid.yml} +0 -0
data/test/config/symmetric-encryption.yml +4 -10
data/test/config/test_new.key +2 -2
data/test/encoder_test.rb +61 -0
data/test/mongoid_test.rb +12 -22
data/test/reader_test.rb +16 -11
data/test/symmetric_encryption_test.rb +23 -3
data/test/test_db.sqlite3 +0 -0
data/test/test_helper.rb +2 -16
data/test/writer_test.rb +1 -5
metadata +11 -12
data/test/config/mongoid_v2.yml +0 -6
data/test/config/mongoid_v3.yml +0 -9
data/test/mongo_mapper_test.rb +0 -599

data/test/cipher_test.rb CHANGED Viewed

@@ -8,7 +8,7 @@ class CipherTest < Minitest::Test
     it 'allow setting the cipher_name' do
       cipher = SymmetricEncryption::Cipher.new(
         cipher_name: 'aes-128-cbc',
-        key:         '1234567890ABCDEF1234567890ABCDEF',
+        key:         '1234567890ABCDEF',
         iv:          '1234567890ABCDEF',
         encoding:    :none
       )
@@ -32,7 +32,7 @@ class CipherTest < Minitest::Test
     it 'throw an exception on bad data' do
       cipher = SymmetricEncryption::Cipher.new(
         cipher_name: 'aes-128-cbc',
-        key:         '1234567890ABCDEF1234567890ABCDEF',
+        key:         '1234567890ABCDEF',
         iv:          '1234567890ABCDEF',
         encoding:    :none
       )
@@ -44,7 +44,7 @@ class CipherTest < Minitest::Test
   end
   [false, true].each do |always_add_header|
-    SymmetricEncryption::Cipher::ENCODINGS.each do |encoding|
+    [:none, :base64, :base64strict, :base16].each do |encoding|
       describe "encoding: #{encoding} with#{'out' unless always_add_header} header" do
         before do
           @social_security_number                            = '987654321'
@@ -65,7 +65,7 @@ class CipherTest < Minitest::Test
           @social_security_number_encrypted_with_secondary_1 = "D1UCu38pqJ3jc0GvwJHiow==\n"
           @non_utf8                                          = "\xc2".force_encoding('binary')
           @cipher                                            = SymmetricEncryption::Cipher.new(
-            key:               'ABCDEF1234567890ABCDEF1234567890',
+            key:               'ABCDEF1234567890',
             iv:                'ABCDEF1234567890',
             cipher_name:       'aes-128-cbc',
             encoding:          encoding,
@@ -94,7 +94,7 @@ class CipherTest < Minitest::Test
         end
         it 'return nil when encrypting nil' do
-          assert_equal nil, @cipher.encrypt(nil)
+          assert_nil @cipher.encrypt(nil)
         end
         it "return '' when encrypting ''" do
@@ -102,7 +102,7 @@ class CipherTest < Minitest::Test
         end
         it 'return nil when decrypting nil' do
-          assert_equal nil, @cipher.decrypt(nil)
+          assert_nil @cipher.decrypt(nil)
         end
         it "return '' when decrypting ''" do
@@ -172,4 +172,96 @@ class CipherTest < Minitest::Test
     end
   end
+  describe '.generate_random_keys' do
+    describe 'with wrong params' do
+      it 'raises ArgumentError' do
+        error = assert_raises ArgumentError do
+          SymmetricEncryption::Cipher.generate_random_keys(wrong_params: '')
+        end
+        assert_equal "SymmetricEncryption::Cipher Invalid options {:wrong_params=>\"\"}", error.message
+      end
+    end
+    describe 'without keys' do
+      it 'creates new keys' do
+        h = SymmetricEncryption::Cipher.generate_random_keys
+        assert_equal 'aes-256-cbc', h[:cipher_name]
+        assert_equal :base64strict, h[:encoding]
+        assert h.has_key?(:key), h
+        assert h.has_key?(:iv), h
+      end
+    end
+    describe 'with keys' do
+      it 'creates new keys' do
+        h = SymmetricEncryption::Cipher.generate_random_keys(key: '', iv: '')
+        assert_equal 'aes-256-cbc', h[:cipher_name]
+        assert_equal :base64strict, h[:encoding]
+        assert h.has_key?(:key), h
+        assert h.has_key?(:iv), h
+      end
+    end
+    describe 'with encrypted keys' do
+      it 'creates new encrypted keys' do
+        key_encryption_key = SymmetricEncryption::KeyEncryptionKey.generate
+        h                  = SymmetricEncryption::Cipher.generate_random_keys(
+          encrypted_key:   '',
+          encrypted_iv:    '',
+          private_rsa_key: key_encryption_key
+        )
+        assert_equal 'aes-256-cbc', h[:cipher_name]
+        assert_equal :base64strict, h[:encoding]
+        assert h.has_key?(:encrypted_key), h
+        assert h.has_key?(:encrypted_iv), h
+      end
+      it 'exception on missing rsa key' do
+        assert_raises SymmetricEncryption::ConfigError do
+          SymmetricEncryption::Cipher.generate_random_keys(
+            encrypted_key: '',
+            encrypted_iv:  ''
+          )
+        end
+      end
+    end
+    describe 'with files' do
+      before do
+        @key_filename = 'blah.key'
+        @iv_filename  = 'blah.iv'
+      end
+      after do
+        File.delete(@key_filename) if File.exist?(@key_filename)
+        File.delete(@iv_filename) if File.exist?(@iv_filename)
+      end
+      it 'creates new files' do
+        key_encryption_key = SymmetricEncryption::KeyEncryptionKey.generate
+        h                  = SymmetricEncryption::Cipher.generate_random_keys(
+          key_filename:    @key_filename,
+          iv_filename:     @iv_filename,
+          private_rsa_key: key_encryption_key
+        )
+        assert_equal 'aes-256-cbc', h[:cipher_name]
+        assert_equal :base64strict, h[:encoding]
+        assert h.has_key?(:key_filename), h
+        assert h.has_key?(:iv_filename), h
+        assert File.exist?(@key_filename)
+        assert File.exist?(@iv_filename)
+      end
+      it 'exception on missing rsa key' do
+        assert_raises SymmetricEncryption::ConfigError do
+          SymmetricEncryption::Cipher.generate_random_keys(
+            key_filename:    @key_filename,
+            iv_filename:     @iv_filename
+          )
+        end
+      end
+    end
+  end
 end

data/test/config/{mongoid_v5.yml → mongoid.yml} RENAMED Viewed

File without changes

data/test/config/symmetric-encryption.yml CHANGED Viewed

@@ -3,8 +3,8 @@
 #
 ---
 test:
-  # Test RSA Key, DO NOT use this RSA key, generate a new one using
-  #    openssl genrsa 2048
+  # Test Key encryption key, DO NOT use this key, generate a new one using
+  #    SymmetricEncryption::KeyEncryptionKey.generate
   # Or use the rails generator to create a new config file as described in the readme
   private_rsa_key: |
     -----BEGIN RSA PRIVATE KEY-----
@@ -37,10 +37,6 @@ test:
   ciphers:
     # Current / Newest Symmetric Encryption Key
-    #
-    # To manually generate new keys once this file has been generated:
-    #   require 'symmetric_encryption'
-    #   SymmetricEncryption.generate_symmetric_key_files('this_file_name.yml', 'production')
     -
       key_filename:      test/config/test_new.key
       iv_filename:       test/config/test_new.iv
@@ -52,9 +48,7 @@ test:
     # Prior Symmetric Encryption Key specified in environment variable
     -
-      # Base64 encoded and RSA encrypted, encryption key
-      # encrypted_key can be used for retrieving the encrypted key from a source
-      # other than a local file.
+      # Encryption Key
       #
       # Example:
       #  # An environment variable:
@@ -63,7 +57,7 @@ test:
       # NOTE: Do not put the encrypted key directly in this file. It is only here
       #       for testing purposes
       encrypted_key:     <%= 'xFAsZ73PThktyo76PoNQGYnjCJUAd4+Yaz71bO5FajshXsbjkfZjjvbK9hxzWLr+C7X67hcrTypVHB1Rw0De8lRDqexlc87sTx1wtlz70lOvTBXt9Lv4sbJNLxacuqk545LIJpgK02Dq7FGzACV3jb3Yk+QQngiscETYM6PyiuFpReFB0qFOgCSLeBJsXAdNdqkEZggl8PL+lGDueDGeKUng+Ic/AFWPhJGYkk3xV++AGwUFXdDQeuHllxmV9WlzriHnDwzbfugkfGaRjWn808VXrv9Jgf2yRy++gOYUvRnjZ1ltOgXUEEmBVF2Uvhu+zs6C/D4cb1mkR7911M5naA==' %>
-      # For testing purposes only, the above RSA encrypted key is just:
+      # For testing purposes only, the above key is just:
       #   key:               ABCDEF1234567890
       iv:                1234567890ABCDEF
       cipher_name:       aes-128-cbc

data/test/config/test_new.key CHANGED Viewed

@@ -1,2 +1,2 @@
-e@	���D/�t4��k��"z��Qmg
-m��r��Ն��۪�ӃqE-�}��]��=���8�WzVܮ+�R�nt���R2����.��Iu�l
+��|A|1M[g�	�C���	8w���D$K/�o
+-�VLӠ�~$���d����+�<����э|�zORbA�*b�Έ�'L_nj�� ˎ�|��껰������P�t�q<���a�|�lo���&ݯI

data/test/encoder_test.rb ADDED Viewed

@@ -0,0 +1,61 @@
+# encoding: utf-8
+require_relative 'test_helper'
+# Unit Test for SymmetricEncryption
+#
+class EncoderTest < Minitest::Test
+  describe SymmetricEncryption::Encoder do
+    [:none, :base64, :base64strict, :base16].each do |encoding|
+      describe "encoding: #{encoding}" do
+        before do
+          @data         = '987654321'
+          @data_encoded =
+            case encoding
+            when :base64
+              "OTg3NjU0MzIx\n"
+            when :base64strict
+              'OTg3NjU0MzIx'
+            when :base16
+              '393837363534333231'
+            when :none
+              @data
+            end
+          @encoder      = SymmetricEncryption::Encoder[encoding]
+          @non_utf8     = "\xc2".force_encoding('binary')
+        end
+        it 'correctly encodes' do
+          assert_equal @data_encoded, @encoder.encode(@data)
+          assert_equal Encoding.find('UTF-8'), @data_encoded.encoding
+        end
+        it 'return BINARY encoding for non-UTF-8 data' do
+          assert_equal Encoding.find('binary'), @non_utf8.encoding
+          assert @non_utf8.valid_encoding?
+          assert encoded = @encoder.encode(@non_utf8)
+          assert decoded = @encoder.decode(encoded)
+          assert decoded.valid_encoding?
+          assert_equal Encoding.find('binary'), decoded.encoding, decoded
+          assert_equal @non_utf8, decoded
+        end
+        it 'return nil when encoding nil' do
+          assert_nil @encoder.encode(nil)
+        end
+        it "return '' when encoding ''" do
+          assert_equal '', @encoder.encode('')
+        end
+        it 'return nil when decoding nil' do
+          assert_nil @encoder.decode(nil)
+        end
+        it "return '' when decoding ''" do
+          assert_equal '', @encoder.decode('')
+        end
+      end
+    end
+  end
+end

data/test/mongoid_test.rb CHANGED Viewed

@@ -4,27 +4,17 @@ begin
   require_relative '../lib/symmetric_encryption/extensions/mongoid/encrypted'
   ENV['RACK_ENV'] = 'test'
-  Mongoid.logger = SemanticLogger[Mongoid]
-  filename       =
-    case Mongoid::VERSION.to_i
-    when 3, 4
-      'test/config/mongoid_v3.yml'
-    when 1, 2
-      'test/config/mongoid_v2.yml'
-    else
-      'test/config/mongoid_v5.yml'
-    end
-  Mongoid.load!(filename)
+  Mongoid.load!('test/config/mongoid.yml')
   #@formatter:off
   class MongoidUser
     include Mongoid::Document
     field :name,                             type: String
-    field :encrypted_bank_account_number,    type: String,  encrypted: true
-    field :encrypted_social_security_number, type: String,  encrypted: true
-    field :encrypted_string,                 type: String,  encrypted: {random_iv: true}
-    field :encrypted_long_string,            type: String,  encrypted: {random_iv: true, compress: true}
+    field :encrypted_bank_account_number,    type: String, encrypted: true
+    field :encrypted_social_security_number, type: String, encrypted: true
+    field :encrypted_string,                 type: String, encrypted: {random_iv: true}
+    field :encrypted_long_string,            type: String, encrypted: {random_iv: true, compress: true}
     field :encrypted_integer_value,          type: String, encrypted: {type: :integer}
     field :aiv,                              type: String, encrypted: {type: :integer, decrypt_as: :aliased_integer_value}
@@ -194,14 +184,14 @@ begin
       it "all paths it lead to the same result, check uninitialized" do
         user = MongoidUser.new
-        assert_equal nil, user.social_security_number
+        assert_nil user.social_security_number
         assert_equal @bank_account_number, (user.social_security_number = @bank_account_number)
         assert_equal @bank_account_number, user.social_security_number
         assert_equal @bank_account_number_encrypted, user.encrypted_social_security_number
-        assert_equal nil, (user.social_security_number = nil)
-        assert_equal nil, user.social_security_number
-        assert_equal nil, user.encrypted_social_security_number
+        assert_nil (user.social_security_number = nil)
+        assert_nil user.social_security_number
+        assert_nil user.encrypted_social_security_number
       end
       it 'allow unencrypted values to be passed to the constructor' do
@@ -385,14 +375,14 @@ begin
         describe 'time values' do
           it 'return correct data type' do
-            assert_equal @time_value, @user_clone.time_value
+            assert_equal @time_value, @user_clone.time_value.dup
             assert @user.clone.time_value.kind_of?(Time)
           end
           it 'coerce data type before save' do
             now = Time.now
             u   = MongoidUser.new(time_value: now)
-            assert_equal now, u.time_value
+            assert_equal now, u.time_value.dup
             assert u.time_value.kind_of?(Time)
           end
@@ -411,7 +401,7 @@ begin
             @user_clone.save!
             @user.reload
-            assert_equal new_time_value, @user.time_value
+            assert_equal new_time_value, @user.time_value.dup
           end
         end

data/test/reader_test.rb CHANGED Viewed

@@ -140,14 +140,14 @@ class ReaderTest < Minitest::Test
             File.delete(@filename) if File.exist?(@filename) && !@filename.end_with?('empty.csv')
           end
-          it ".empty?" do
+          it '.empty?' do
             assert_equal (@data_size==0), SymmetricEncryption::Reader.empty?(@filename)
             assert_raises Errno::ENOENT do
               SymmetricEncryption::Reader.empty?('missing_file')
             end
           end
-          it ".header_present?" do
+          it '.header_present?' do
             assert_equal @header, SymmetricEncryption::Reader.header_present?(@filename)
             assert_raises Errno::ENOENT do
               SymmetricEncryption::Reader.header_present?('missing_file')
@@ -160,7 +160,7 @@ class ReaderTest < Minitest::Test
             file.close
           end
-          it "#read()" do
+          it '#read' do
             data   = nil
             eof    = nil
             result = SymmetricEncryption::Reader.open(@filename) do |file|
@@ -172,17 +172,22 @@ class ReaderTest < Minitest::Test
             assert_equal @data_str, result
           end
-          it "#read(size)" do
+          it '#read(size)' do
             file = SymmetricEncryption::Reader.open(@filename)
             eof  = file.eof?
             data = file.read(4096)
             file.close
             assert_equal @eof, eof
-            assert_equal (@data_size > 0 ? @data_str : nil), data
+            if @data_size > 0
+              assert_equal @data_str, data
+            else
+              assert_nil data
+            end
           end
-          it "#each_line" do
+          it '#each_line' do
             SymmetricEncryption::Reader.open(@filename) do |file|
               i = 0
               file.each_line do |line|
@@ -192,7 +197,7 @@ class ReaderTest < Minitest::Test
             end
           end
-          it "#rewind" do
+          it '#rewind' do
             decrypted = SymmetricEncryption::Reader.open(@filename) do |file|
               file.read
               file.rewind
@@ -201,7 +206,7 @@ class ReaderTest < Minitest::Test
             assert_equal @data_str, decrypted
           end
-          it "#gets(nil,size)" do
+          it '#gets(nil,size)' do
             file = SymmetricEncryption::Reader.open(@filename)
             eof  = file.eof?
             data = file.gets(nil, 4096)
@@ -216,12 +221,12 @@ class ReaderTest < Minitest::Test
               if defined?(JRuby) && options[:compress] && (usecase == :empty)
                 assert_equal '', data
               else
-                assert_equal nil, data
+                assert_nil data
               end
             end
           end
-          it "#gets(delim)" do
+          it '#gets(delim)' do
             SymmetricEncryption::Reader.open(@filename) do |file|
               i = 0
               while line = file.gets("\n")
@@ -232,7 +237,7 @@ class ReaderTest < Minitest::Test
             end
           end
-          it "#gets(delim,size)" do
+          it '#gets(delim,size)' do
             SymmetricEncryption::Reader.open(@filename) do |file|
               i = 0
               while file.gets("\n", 128)

data/test/symmetric_encryption_test.rb CHANGED Viewed

@@ -41,7 +41,7 @@ class SymmetricEncryptionTest < Minitest::Test
       end
     end
-    SymmetricEncryption::Cipher::ENCODINGS.each do |encoding|
+    [:none, :base64, :base64strict, :base16].each do |encoding|
       describe "encoding: #{encoding}" do
         before do
           @social_security_number                            = '987654321'
@@ -89,7 +89,7 @@ class SymmetricEncryptionTest < Minitest::Test
         end
         it 'return nil when encrypting nil' do
-          assert_equal nil, SymmetricEncryption.encrypt(nil)
+          assert_nil SymmetricEncryption.encrypt(nil)
         end
         it "return '' when encrypting ''" do
@@ -97,7 +97,7 @@ class SymmetricEncryptionTest < Minitest::Test
         end
         it 'return nil when decrypting nil' do
-          assert_equal nil, SymmetricEncryption.decrypt(nil)
+          assert_nil SymmetricEncryption.decrypt(nil)
         end
         it "return '' when decrypting ''" do
@@ -293,6 +293,26 @@ class SymmetricEncryptionTest < Minitest::Test
       end
     end
+    describe '.generate_symmetric_key_files' do
+      let(:params) { {private_rsa_key: 'rsa_key', key: 'key', iv: 'iv'} }
+      let(:file_path) { File.join(File.dirname(__FILE__), 'config', 'symmetric-encryption.yml') }
+      let(:cipher_config) { {encrypted_key: 'encrypted_key', encrypted_iv: 'encrypted_iv'} }
+      let(:config) do
+        {
+          private_rsa_key: 'rsa_key',
+          ciphers:         [{version: 1, always_add_header: true, key: 'key', iv: 'iv'}]
+        }
+      end
+      it 'removes unused config keys before generate the random keys' do
+        SymmetricEncryption::Config.stub(:read_config, config) do
+          SymmetricEncryption::Cipher.stub(:generate_random_keys, cipher_config) do
+            SymmetricEncryption.generate_symmetric_key_files(file_path, 'test')
+          end
+        end
+      end
+    end
   end
 end