RubyGems - symmetric-encryption - Versions diffs - 3.8.3 → 3.9.0 - Mend

symmetric-encryption 3.8.3 → 3.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (33) hide show

checksums.yaml +4 -4
data/README.md +2 -2
data/Rakefile +16 -16
data/examples/symmetric-encryption.yml +33 -38
data/lib/rails/generators/symmetric_encryption/config/templates/symmetric-encryption.yml +10 -14
data/lib/rails/generators/symmetric_encryption/heroku_config/templates/symmetric-encryption.yml +28 -25
data/lib/symmetric_encryption.rb +14 -6
data/lib/symmetric_encryption/cipher.rb +151 -130
data/lib/symmetric_encryption/config.rb +0 -1
data/lib/symmetric_encryption/encoder.rb +79 -0
data/lib/symmetric_encryption/extensions/active_record/base.rb +94 -134
data/lib/symmetric_encryption/extensions/mongo_mapper/plugins/encrypted_key.rb +3 -89
data/lib/symmetric_encryption/key_encryption_key.rb +32 -0
data/lib/symmetric_encryption/railtie.rb +3 -3
data/lib/symmetric_encryption/symmetric_encryption.rb +41 -8
data/lib/symmetric_encryption/utils/re_encrypt_config_files.rb +82 -0
data/lib/symmetric_encryption/version.rb +1 -1
data/test/active_record_test.rb +149 -140
data/test/cipher_test.rb +98 -6
data/test/config/{mongoid_v5.yml → mongoid.yml} +0 -0
data/test/config/symmetric-encryption.yml +4 -10
data/test/config/test_new.key +2 -2
data/test/encoder_test.rb +61 -0
data/test/mongoid_test.rb +12 -22
data/test/reader_test.rb +16 -11
data/test/symmetric_encryption_test.rb +23 -3
data/test/test_db.sqlite3 +0 -0
data/test/test_helper.rb +2 -16
data/test/writer_test.rb +1 -5
metadata +11 -12
data/test/config/mongoid_v2.yml +0 -6
data/test/config/mongoid_v3.yml +0 -9
data/test/mongo_mapper_test.rb +0 -599

data/test/cipher_test.rb CHANGED Viewed

@@ -8,7 +8,7 @@ class CipherTest < Minitest::Test
     it 'allow setting the cipher_name' do
       cipher = SymmetricEncryption::Cipher.new(
         cipher_name: 'aes-128-cbc',
-        key:         '1234567890ABCDEF1234567890ABCDEF',
+        key:         '1234567890ABCDEF',
         iv:          '1234567890ABCDEF',
         encoding:    :none
       )
@@ -32,7 +32,7 @@ class CipherTest < Minitest::Test
     it 'throw an exception on bad data' do
       cipher = SymmetricEncryption::Cipher.new(
         cipher_name: 'aes-128-cbc',
-        key:         '1234567890ABCDEF1234567890ABCDEF',
+        key:         '1234567890ABCDEF',
         iv:          '1234567890ABCDEF',
         encoding:    :none
       )
@@ -44,7 +44,7 @@ class CipherTest < Minitest::Test
   end
   [false, true].each do |always_add_header|
-    SymmetricEncryption::Cipher::ENCODINGS.each do |encoding|
+    [:none, :base64, :base64strict, :base16].each do |encoding|
       describe "encoding: #{encoding} with#{'out' unless always_add_header} header" do
         before do
           @social_security_number                            = '987654321'
@@ -65,7 +65,7 @@ class CipherTest < Minitest::Test
           @social_security_number_encrypted_with_secondary_1 = "D1UCu38pqJ3jc0GvwJHiow==\n"
           @non_utf8                                          = "\xc2".force_encoding('binary')
           @cipher                                            = SymmetricEncryption::Cipher.new(
-            key:               'ABCDEF1234567890ABCDEF1234567890',
+            key:               'ABCDEF1234567890',
             iv:                'ABCDEF1234567890',
             cipher_name:       'aes-128-cbc',
             encoding:          encoding,
@@ -94,7 +94,7 @@ class CipherTest < Minitest::Test
         end
         it 'return nil when encrypting nil' do
-          assert_equal nil, @cipher.encrypt(nil)
+          assert_nil @cipher.encrypt(nil)
         end
         it "return '' when encrypting ''" do
@@ -102,7 +102,7 @@ class CipherTest < Minitest::Test
         end
         it 'return nil when decrypting nil' do
-          assert_equal nil, @cipher.decrypt(nil)
+          assert_nil @cipher.decrypt(nil)
         end
         it "return '' when decrypting ''" do
@@ -172,4 +172,96 @@ class CipherTest < Minitest::Test
     end
   end
+  describe '.generate_random_keys' do
+    describe 'with wrong params' do
+      it 'raises ArgumentError' do
+        error = assert_raises ArgumentError do
+          SymmetricEncryption::Cipher.generate_random_keys(wrong_params: '')
+        end
+        assert_equal "SymmetricEncryption::Cipher Invalid options {:wrong_params=>\"\"}", error.message
+      end
+    end
+    describe 'without keys' do
+      it 'creates new keys' do
+        h = SymmetricEncryption::Cipher.generate_random_keys
+        assert_equal 'aes-256-cbc', h[:cipher_name]
+        assert_equal :base64strict, h[:encoding]
+        assert h.has_key?(:key), h
+        assert h.has_key?(:iv), h
+      end
+    end
+    describe 'with keys' do
+      it 'creates new keys' do
+        h = SymmetricEncryption::Cipher.generate_random_keys(key: '', iv: '')
+        assert_equal 'aes-256-cbc', h[:cipher_name]
+        assert_equal :base64strict, h[:encoding]
+        assert h.has_key?(:key), h
+        assert h.has_key?(:iv), h
+      end
+    end
+    describe 'with encrypted keys' do
+      it 'creates new encrypted keys' do
+        key_encryption_key = SymmetricEncryption::KeyEncryptionKey.generate
+        h                  = SymmetricEncryption::Cipher.generate_random_keys(
+          encrypted_key:   '',
+          encrypted_iv:    '',
+          private_rsa_key: key_encryption_key
+        )
+        assert_equal 'aes-256-cbc', h[:cipher_name]
+        assert_equal :base64strict, h[:encoding]
+        assert h.has_key?(:encrypted_key), h
+        assert h.has_key?(:encrypted_iv), h
+      end
+      it 'exception on missing rsa key' do
+        assert_raises SymmetricEncryption::ConfigError do
+          SymmetricEncryption::Cipher.generate_random_keys(
+            encrypted_key: '',
+            encrypted_iv:  ''
+          )
+        end
+      end
+    end
+    describe 'with files' do
+      before do
+        @key_filename = 'blah.key'
+        @iv_filename  = 'blah.iv'
+      end
+      after do
+        File.delete(@key_filename) if File.exist?(@key_filename)
+        File.delete(@iv_filename) if File.exist?(@iv_filename)
+      end
+      it 'creates new files' do
+        key_encryption_key = SymmetricEncryption::KeyEncryptionKey.generate
+        h                  = SymmetricEncryption::Cipher.generate_random_keys(
+          key_filename:    @key_filename,
+          iv_filename:     @iv_filename,
+          private_rsa_key: key_encryption_key
+        )
+        assert_equal 'aes-256-cbc', h[:cipher_name]
+        assert_equal :base64strict, h[:encoding]
+        assert h.has_key?(:key_filename), h
+        assert h.has_key?(:iv_filename), h
+        assert File.exist?(@key_filename)
+        assert File.exist?(@iv_filename)
+      end
+      it 'exception on missing rsa key' do
+        assert_raises SymmetricEncryption::ConfigError do
+          SymmetricEncryption::Cipher.generate_random_keys(
+            key_filename:    @key_filename,
+            iv_filename:     @iv_filename
+          )
+        end
+      end
+    end
+  end
 end

data/test/config/{mongoid_v5.yml → mongoid.yml} RENAMED Viewed

File without changes

data/test/config/symmetric-encryption.yml CHANGED Viewed

@@ -3,8 +3,8 @@
 #
 ---
 test:
-  # Test RSA Key, DO NOT use this RSA key, generate a new one using
-  #    openssl genrsa 2048
+  # Test Key encryption key, DO NOT use this key, generate a new one using
+  #    SymmetricEncryption::KeyEncryptionKey.generate
   # Or use the rails generator to create a new config file as described in the readme
   private_rsa_key: |
     -----BEGIN RSA PRIVATE KEY-----
@@ -37,10 +37,6 @@ test:
   ciphers:
     # Current / Newest Symmetric Encryption Key
-    #
-    # To manually generate new keys once this file has been generated:
-    #   require 'symmetric_encryption'
-    #   SymmetricEncryption.generate_symmetric_key_files('this_file_name.yml', 'production')
     -
       key_filename:      test/config/test_new.key
       iv_filename:       test/config/test_new.iv
@@ -52,9 +48,7 @@ test:
     # Prior Symmetric Encryption Key specified in environment variable
     -
-      # Base64 encoded and RSA encrypted, encryption key
-      # encrypted_key can be used for retrieving the encrypted key from a source
-      # other than a local file.
+      # Encryption Key
       #
       # Example:
       #  # An environment variable:
@@ -63,7 +57,7 @@ test:
       # NOTE: Do not put the encrypted key directly in this file. It is only here
       #       for testing purposes
       encrypted_key:     <%= 'xFAsZ73PThktyo76PoNQGYnjCJUAd4+Yaz71bO5FajshXsbjkfZjjvbK9hxzWLr+C7X67hcrTypVHB1Rw0De8lRDqexlc87sTx1wtlz70lOvTBXt9Lv4sbJNLxacuqk545LIJpgK02Dq7FGzACV3jb3Yk+QQngiscETYM6PyiuFpReFB0qFOgCSLeBJsXAdNdqkEZggl8PL+lGDueDGeKUng+Ic/AFWPhJGYkk3xV++AGwUFXdDQeuHllxmV9WlzriHnDwzbfugkfGaRjWn808VXrv9Jgf2yRy++gOYUvRnjZ1ltOgXUEEmBVF2Uvhu+zs6C/D4cb1mkR7911M5naA==' %>
-      # For testing purposes only, the above RSA encrypted key is just:
+      # For testing purposes only, the above key is just:
       #   key:               ABCDEF1234567890
       iv:                1234567890ABCDEF
       cipher_name:       aes-128-cbc

data/test/config/test_new.key CHANGED Viewed

@@ -1,2 +1,2 @@
-e@	���D/�t4��k��"z��Qmg
-m��r��Ն��۪�ӃqE-�}��]��=���8�WzVܮ+�R�nt���R2����.��Iu�l
+��|A|1M[g�	�C���	8w���D$K/�o
+-�VLӠ�~$���d����+�<����э|�zORbA�*b�Έ�'L_nj�� ˎ�|��껰������P�t�q<���a�|�lo���&ݯI

data/test/encoder_test.rb ADDED Viewed

@@ -0,0 +1,61 @@
+# encoding: utf-8
+require_relative 'test_helper'
+# Unit Test for SymmetricEncryption
+#
+class EncoderTest < Minitest::Test
+  describe SymmetricEncryption::Encoder do
+    [:none, :base64, :base64strict, :base16].each do |encoding|
+      describe "encoding: #{encoding}" do
+        before do
+          @data         = '987654321'
+          @data_encoded =
+            case encoding
+            when :base64
+              "OTg3NjU0MzIx\n"
+            when :base64strict
+              'OTg3NjU0MzIx'
+            when :base16
+              '393837363534333231'
+            when :none
+              @data
+            end
+          @encoder      = SymmetricEncryption::Encoder[encoding]
+          @non_utf8     = "\xc2".force_encoding('binary')
+        end
+        it 'correctly encodes' do
+          assert_equal @data_encoded, @encoder.encode(@data)
+          assert_equal Encoding.find('UTF-8'), @data_encoded.encoding
+        end
+        it 'return BINARY encoding for non-UTF-8 data' do
+          assert_equal Encoding.find('binary'), @non_utf8.encoding
+          assert @non_utf8.valid_encoding?
+          assert encoded = @encoder.encode(@non_utf8)
+          assert decoded = @encoder.decode(encoded)
+          assert decoded.valid_encoding?
+          assert_equal Encoding.find('binary'), decoded.encoding, decoded
+          assert_equal @non_utf8, decoded
+        end
+        it 'return nil when encoding nil' do
+          assert_nil @encoder.encode(nil)
+        end
+        it "return '' when encoding ''" do
+          assert_equal '', @encoder.encode('')
+        end
+        it 'return nil when decoding nil' do
+          assert_nil @encoder.decode(nil)
+        end
+        it "return '' when decoding ''" do
+          assert_equal '', @encoder.decode('')
+        end
+      end
+    end
+  end
+end

data/test/mongoid_test.rb CHANGED Viewed

@@ -4,27 +4,17 @@ begin
   require_relative '../lib/symmetric_encryption/extensions/mongoid/encrypted'
   ENV['RACK_ENV'] = 'test'
-  Mongoid.logger = SemanticLogger[Mongoid]
-  filename       =
-    case Mongoid::VERSION.to_i
-    when 3, 4
-      'test/config/mongoid_v3.yml'
-    when 1, 2
-      'test/config/mongoid_v2.yml'
-    else
-      'test/config/mongoid_v5.yml'
-    end
-  Mongoid.load!(filename)
+  Mongoid.load!('test/config/mongoid.yml')
   #@formatter:off
   class MongoidUser
     include Mongoid::Document
     field :name,                             type: String
-    field :encrypted_bank_account_number,    type: String,  encrypted: true
-    field :encrypted_social_security_number, type: String,  encrypted: true
-    field :encrypted_string,                 type: String,  encrypted: {random_iv: true}
-    field :encrypted_long_string,            type: String,  encrypted: {random_iv: true, compress: true}
+    field :encrypted_bank_account_number,    type: String, encrypted: true
+    field :encrypted_social_security_number, type: String, encrypted: true
+    field :encrypted_string,                 type: String, encrypted: {random_iv: true}
+    field :encrypted_long_string,            type: String, encrypted: {random_iv: true, compress: true}
     field :encrypted_integer_value,          type: String, encrypted: {type: :integer}
     field :aiv,                              type: String, encrypted: {type: :integer, decrypt_as: :aliased_integer_value}
@@ -194,14 +184,14 @@ begin
       it "all paths it lead to the same result, check uninitialized" do
         user = MongoidUser.new
-        assert_equal nil, user.social_security_number
+        assert_nil user.social_security_number
         assert_equal @bank_account_number, (user.social_security_number = @bank_account_number)
         assert_equal @bank_account_number, user.social_security_number
         assert_equal @bank_account_number_encrypted, user.encrypted_social_security_number
-        assert_equal nil, (user.social_security_number = nil)
-        assert_equal nil, user.social_security_number
-        assert_equal nil, user.encrypted_social_security_number
+        assert_nil (user.social_security_number = nil)
+        assert_nil user.social_security_number
+        assert_nil user.encrypted_social_security_number
       end
       it 'allow unencrypted values to be passed to the constructor' do
@@ -385,14 +375,14 @@ begin
         describe 'time values' do
           it 'return correct data type' do
-            assert_equal @time_value, @user_clone.time_value
+            assert_equal @time_value, @user_clone.time_value.dup
             assert @user.clone.time_value.kind_of?(Time)
           end
           it 'coerce data type before save' do
             now = Time.now
             u   = MongoidUser.new(time_value: now)
-            assert_equal now, u.time_value
+            assert_equal now, u.time_value.dup
             assert u.time_value.kind_of?(Time)
           end
@@ -411,7 +401,7 @@ begin
             @user_clone.save!
             @user.reload
-            assert_equal new_time_value, @user.time_value
+            assert_equal new_time_value, @user.time_value.dup
           end
         end

data/test/reader_test.rb CHANGED Viewed

@@ -140,14 +140,14 @@ class ReaderTest < Minitest::Test
             File.delete(@filename) if File.exist?(@filename) && !@filename.end_with?('empty.csv')
           end
-          it ".empty?" do
+          it '.empty?' do
             assert_equal (@data_size==0), SymmetricEncryption::Reader.empty?(@filename)
             assert_raises Errno::ENOENT do
               SymmetricEncryption::Reader.empty?('missing_file')
             end
           end
-          it ".header_present?" do
+          it '.header_present?' do
             assert_equal @header, SymmetricEncryption::Reader.header_present?(@filename)
             assert_raises Errno::ENOENT do
               SymmetricEncryption::Reader.header_present?('missing_file')
@@ -160,7 +160,7 @@ class ReaderTest < Minitest::Test
             file.close
           end
-          it "#read()" do
+          it '#read' do
             data   = nil
             eof    = nil
             result = SymmetricEncryption::Reader.open(@filename) do |file|
@@ -172,17 +172,22 @@ class ReaderTest < Minitest::Test
             assert_equal @data_str, result
           end
-          it "#read(size)" do
+          it '#read(size)' do
             file = SymmetricEncryption::Reader.open(@filename)
             eof  = file.eof?
             data = file.read(4096)
             file.close
             assert_equal @eof, eof
-            assert_equal (@data_size > 0 ? @data_str : nil), data
+            if @data_size > 0
+              assert_equal @data_str, data
+            else
+              assert_nil data
+            end
           end
-          it "#each_line" do
+          it '#each_line' do
             SymmetricEncryption::Reader.open(@filename) do |file|
               i = 0
               file.each_line do |line|
@@ -192,7 +197,7 @@ class ReaderTest < Minitest::Test
             end
           end
-          it "#rewind" do
+          it '#rewind' do
             decrypted = SymmetricEncryption::Reader.open(@filename) do |file|
               file.read
               file.rewind
@@ -201,7 +206,7 @@ class ReaderTest < Minitest::Test
             assert_equal @data_str, decrypted
           end
-          it "#gets(nil,size)" do
+          it '#gets(nil,size)' do
             file = SymmetricEncryption::Reader.open(@filename)
             eof  = file.eof?
             data = file.gets(nil, 4096)
@@ -216,12 +221,12 @@ class ReaderTest < Minitest::Test
               if defined?(JRuby) && options[:compress] && (usecase == :empty)
                 assert_equal '', data
               else
-                assert_equal nil, data
+                assert_nil data
               end
             end
           end
-          it "#gets(delim)" do
+          it '#gets(delim)' do
             SymmetricEncryption::Reader.open(@filename) do |file|
               i = 0
               while line = file.gets("\n")
@@ -232,7 +237,7 @@ class ReaderTest < Minitest::Test
             end
           end
-          it "#gets(delim,size)" do
+          it '#gets(delim,size)' do
             SymmetricEncryption::Reader.open(@filename) do |file|
               i = 0
               while file.gets("\n", 128)

data/test/symmetric_encryption_test.rb CHANGED Viewed

@@ -41,7 +41,7 @@ class SymmetricEncryptionTest < Minitest::Test
       end
     end
-    SymmetricEncryption::Cipher::ENCODINGS.each do |encoding|
+    [:none, :base64, :base64strict, :base16].each do |encoding|
       describe "encoding: #{encoding}" do
         before do
           @social_security_number                            = '987654321'
@@ -89,7 +89,7 @@ class SymmetricEncryptionTest < Minitest::Test
         end
         it 'return nil when encrypting nil' do
-          assert_equal nil, SymmetricEncryption.encrypt(nil)
+          assert_nil SymmetricEncryption.encrypt(nil)
         end
         it "return '' when encrypting ''" do
@@ -97,7 +97,7 @@ class SymmetricEncryptionTest < Minitest::Test
         end
         it 'return nil when decrypting nil' do
-          assert_equal nil, SymmetricEncryption.decrypt(nil)
+          assert_nil SymmetricEncryption.decrypt(nil)
         end
         it "return '' when decrypting ''" do
@@ -293,6 +293,26 @@ class SymmetricEncryptionTest < Minitest::Test
       end
     end
+    describe '.generate_symmetric_key_files' do
+      let(:params) { {private_rsa_key: 'rsa_key', key: 'key', iv: 'iv'} }
+      let(:file_path) { File.join(File.dirname(__FILE__), 'config', 'symmetric-encryption.yml') }
+      let(:cipher_config) { {encrypted_key: 'encrypted_key', encrypted_iv: 'encrypted_iv'} }
+      let(:config) do
+        {
+          private_rsa_key: 'rsa_key',
+          ciphers:         [{version: 1, always_add_header: true, key: 'key', iv: 'iv'}]
+        }
+      end
+      it 'removes unused config keys before generate the random keys' do
+        SymmetricEncryption::Config.stub(:read_config, config) do
+          SymmetricEncryption::Cipher.stub(:generate_random_keys, cipher_config) do
+            SymmetricEncryption.generate_symmetric_key_files(file_path, 'test')
+          end
+        end
+      end
+    end
   end
 end