RubyGems - symmetric-encryption - Versions diffs - 3.9.1 → 4.0.0.beta3 - Mend

symmetric-encryption 3.9.1 → 4.0.0.beta3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (46) hide show

checksums.yaml +4 -4
data/README.md +72 -0
data/bin/symmetric-encryption +5 -0
data/lib/symmetric_encryption/cipher.rb +162 -419
data/lib/symmetric_encryption/cli.rb +343 -0
data/lib/symmetric_encryption/coerce.rb +5 -20
data/lib/symmetric_encryption/config.rb +128 -50
data/lib/symmetric_encryption/extensions/mongo_mapper/plugins/encrypted_key.rb +2 -2
data/lib/symmetric_encryption/generator.rb +3 -2
data/lib/symmetric_encryption/header.rb +260 -0
data/lib/symmetric_encryption/key.rb +106 -0
data/lib/symmetric_encryption/keystore/environment.rb +90 -0
data/lib/symmetric_encryption/keystore/file.rb +102 -0
data/lib/symmetric_encryption/keystore/memory.rb +53 -0
data/lib/symmetric_encryption/keystore.rb +124 -0
data/lib/symmetric_encryption/railtie.rb +5 -7
data/lib/symmetric_encryption/reader.rb +74 -55
data/lib/symmetric_encryption/rsa_key.rb +24 -0
data/lib/symmetric_encryption/symmetric_encryption.rb +64 -102
data/lib/symmetric_encryption/utils/re_encrypt_files.rb +140 -0
data/lib/symmetric_encryption/version.rb +1 -1
data/lib/symmetric_encryption/writer.rb +104 -117
data/lib/symmetric_encryption.rb +9 -4
data/test/active_record_test.rb +61 -40
data/test/cipher_test.rb +179 -236
data/test/config/symmetric-encryption.yml +140 -82
data/test/header_test.rb +218 -0
data/test/key_test.rb +231 -0
data/test/keystore/environment_test.rb +119 -0
data/test/keystore/file_test.rb +125 -0
data/test/keystore_test.rb +59 -0
data/test/mongoid_test.rb +13 -13
data/test/reader_test.rb +52 -53
data/test/symmetric_encryption_test.rb +50 -135
data/test/test_db.sqlite3 +0 -0
data/test/writer_test.rb +52 -31
metadata +26 -14
data/examples/symmetric-encryption.yml +0 -108
data/lib/rails/generators/symmetric_encryption/config/config_generator.rb +0 -22
data/lib/rails/generators/symmetric_encryption/config/templates/symmetric-encryption.yml +0 -50
data/lib/rails/generators/symmetric_encryption/heroku_config/heroku_config_generator.rb +0 -20
data/lib/rails/generators/symmetric_encryption/heroku_config/templates/symmetric-encryption.yml +0 -78
data/lib/rails/generators/symmetric_encryption/new_keys/new_keys_generator.rb +0 -14
data/lib/symmetric_encryption/key_encryption_key.rb +0 -32
data/lib/symmetric_encryption/railties/symmetric_encryption.rake +0 -84
data/lib/symmetric_encryption/utils/re_encrypt_config_files.rb +0 -82

data/test/cipher_test.rb CHANGED Viewed

@@ -1,267 +1,210 @@
 require_relative 'test_helper'
-# Unit Test for SymmetricEncryption::Cipher
-#
+# Tests for SymmetricEncryption::Cipher
 class CipherTest < Minitest::Test
-  describe 'standalone' do
-    it 'allow setting the cipher_name' do
-      cipher = SymmetricEncryption::Cipher.new(
-        cipher_name: 'aes-128-cbc',
-        key:         '1234567890ABCDEF',
-        iv:          '1234567890ABCDEF',
-        encoding:    :none
-      )
-      assert_equal 'aes-128-cbc', cipher.cipher_name
-    end
-    it 'not require an iv' do
-      cipher = SymmetricEncryption::Cipher.new(
-        key:      '1234567890ABCDEF1234567890ABCDEF',
-        encoding: :none
-      )
-      result = "\302<\351\227oj\372\3331\310\260V\001\v'\346"
-      # Note: This test fails on JRuby 1.7 RC1 since it's OpenSSL
-      #       behaves differently when no IV is supplied.
-      #       It instead encrypts to the following value:
-      # result = "0h\x92\x88\xA1\xFE\x8D\xF5\xF3v\x82\xAF(P\x83Y"
-      result.force_encoding('binary') if defined?(Encoding)
-      assert_equal result, cipher.encrypt('Hello World')
-    end
-    it 'throw an exception on bad data' do
-      cipher = SymmetricEncryption::Cipher.new(
-        cipher_name: 'aes-128-cbc',
-        key:         '1234567890ABCDEF',
-        iv:          '1234567890ABCDEF',
-        encoding:    :none
-      )
-      assert_raises OpenSSL::Cipher::CipherError do
-        cipher.decrypt('bad data')
-      end
-    end
-  end
-  [false, true].each do |always_add_header|
-    [:none, :base64, :base64strict, :base16].each do |encoding|
-      describe "encoding: #{encoding} with#{'out' unless always_add_header} header" do
-        before do
-          @social_security_number                            = '987654321'
-          @social_security_number_encrypted                  =
-            case encoding
-            when :base64
-              always_add_header ? "QEVuQwAAyTeLjsHTa8ykoO95K0KQmg==\n" : "yTeLjsHTa8ykoO95K0KQmg==\n"
-            when :base64strict
-              always_add_header ? 'QEVuQwAAyTeLjsHTa8ykoO95K0KQmg==' : 'yTeLjsHTa8ykoO95K0KQmg=='
-            when :base16
-              always_add_header ? '40456e430000c9378b8ec1d36bcca4a0ef792b42909a' : 'c9378b8ec1d36bcca4a0ef792b42909a'
-            when :none
-              bin = always_add_header ? "@EnC\x00\x00\xC97\x8B\x8E\xC1\xD3k\xCC\xA4\xA0\xEFy+B\x90\x9A" : "\xC97\x8B\x8E\xC1\xD3k\xCC\xA4\xA0\xEFy+B\x90\x9A"
-              bin.force_encoding(Encoding.find('binary'))
-            else
-              raise "Add test for encoding: #{encoding}"
-            end
-          @social_security_number_encrypted_with_secondary_1 = "D1UCu38pqJ3jc0GvwJHiow==\n"
-          @non_utf8                                          = "\xc2".force_encoding('binary')
-          @cipher                                            = SymmetricEncryption::Cipher.new(
-            key:               'ABCDEF1234567890',
-            iv:                'ABCDEF1234567890',
-            cipher_name:       'aes-128-cbc',
-            encoding:          encoding,
-            always_add_header: always_add_header
+  ['aes-128-cbc'].each do |cipher_name|
+    #['aes-128-cbc', 'aes-128-gcm'].each do |cipher_name|
+    describe "Cipher: #{cipher_name}" do
+      describe 'standalone' do
+        it 'allows setting the cipher_name' do
+          cipher = SymmetricEncryption::Cipher.new(
+            cipher_name: cipher_name,
+            key:         '1234567890ABCDEF',
+            iv:          '1234567890ABCDEF',
+            encoding:    :none
           )
+          assert_equal cipher_name, cipher.cipher_name
         end
-        it 'encrypt simple string' do
-          assert_equal @social_security_number_encrypted, @cipher.encrypt(@social_security_number)
-        end
-        it 'decrypt string' do
-          assert decrypted = @cipher.decrypt(@social_security_number_encrypted)
-          assert_equal @social_security_number, decrypted
-          assert_equal Encoding.find('utf-8'), decrypted.encoding, decrypted
-        end
-        it 'return BINARY encoding for non-UTF-8 encrypted data' do
-          assert_equal Encoding.find('binary'), @non_utf8.encoding
-          assert_equal true, @non_utf8.valid_encoding?
-          assert encrypted = @cipher.encrypt(@non_utf8)
-          assert decrypted = @cipher.decrypt(encrypted)
-          assert_equal true, decrypted.valid_encoding?
-          assert_equal Encoding.find('binary'), decrypted.encoding, decrypted
-          assert_equal @non_utf8, decrypted
-        end
-        it 'return nil when encrypting nil' do
-          assert_nil @cipher.encrypt(nil)
-        end
-        it "return '' when encrypting ''" do
-          assert_equal '', @cipher.encrypt('')
-        end
-        it 'return nil when decrypting nil' do
-          assert_nil @cipher.decrypt(nil)
+        it 'does not require an iv' do
+          cipher = SymmetricEncryption::Cipher.new(
+            key:               '1234567890ABCDEF',
+            cipher_name:       cipher_name,
+            encoding:          :none,
+            always_add_header: false
+          )
+          assert result = cipher.encrypt('Hello World')
+          assert_equal 'Hello World', cipher.decrypt(result)
         end
-        it "return '' when decrypting ''" do
-          assert_equal '', @cipher.decrypt('')
+        it 'throw an exception on bad data' do
+          cipher = SymmetricEncryption::Cipher.new(
+            cipher_name: cipher_name,
+            key:         '1234567890ABCDEF',
+            iv:          '1234567890ABCDEF',
+            encoding:    :none
+          )
+          assert_raises OpenSSL::Cipher::CipherError do
+            cipher.decrypt('bad data')
+          end
         end
       end
-    end
-  end
-  describe 'with configuration' do
-    before do
-      @cipher                 = SymmetricEncryption::Cipher.new(
-        key:      '1234567890ABCDEF1234567890ABCDEF',
-        iv:       '1234567890ABCDEF',
-        encoding: :none
-      )
-      @social_security_number = '987654321'
-      @social_security_number_encrypted = "A\335*\314\336\250V\340\023%\000S\177\305\372\266"
-      @social_security_number_encrypted.force_encoding('binary') if defined?(Encoding)
-      @sample_data = [
-        {text: '555052345', encrypted: ''}
-      ]
-    end
-    it "default to 'aes-256-cbc'" do
-      assert_equal 'aes-256-cbc', @cipher.cipher_name
-    end
-    describe 'with header' do
-      before do
-        @social_security_number = '987654321'
-      end
+      [false, true].each do |always_add_header|
+        [:none, :base64, :base64strict, :base16].each do |encoding|
+          describe "encoding: #{encoding} with#{'out' unless always_add_header} header" do
+            before do
+              @social_security_number = '987654321'
+              @encrypted_values       = {
+                'aes-128-cbc' => {
+                  base64:       {
+                    header:    "QEVuQwAAyTeLjsHTa8ykoO95K0KQmg==\n",
+                    no_header: "yTeLjsHTa8ykoO95K0KQmg==\n"
+                  },
+                  base64strict: {
+                    header:    'QEVuQwAAyTeLjsHTa8ykoO95K0KQmg==',
+                    no_header: 'yTeLjsHTa8ykoO95K0KQmg=='
+                  },
+                  base16:       {
+                    header:    '40456e430000c9378b8ec1d36bcca4a0ef792b42909a',
+                    no_header: 'c9378b8ec1d36bcca4a0ef792b42909a'
+                  },
+                  none:         {
+                    header:    "@EnC\x00\x00\xC97\x8B\x8E\xC1\xD3k\xCC\xA4\xA0\xEFy+B\x90\x9A",
+                    no_header: "\xC97\x8B\x8E\xC1\xD3k\xCC\xA4\xA0\xEFy+B\x90\x9A"
+                  },
+                },
+                # 'aes-128-gcm' => {
+                #   base64:       {
+                #     header:    "QEVuQwAAOcqz9UDbd1Sn\n",
+                #     no_header: "Ocqz9UDbd1Sn\n"
+                #   },
+                #   base64strict: {
+                #     header:    'QEVuQwAAOcqz9UDbd1Sn',
+                #     no_header: 'Ocqz9UDbd1Sn'
+                #   },
+                #   base16:       {
+                #     header:    '40456e43000039cab3f540db7754a7',
+                #     no_header: '39cab3f540db7754a7'
+                #   },
+                #   none:         {
+                #     header:    "@EnC\x00\x009\xCA\xB3\xF5@\xDBwT\xA7",
+                #     no_header: "9\xCA\xB3\xF5@\xDBwT\xA7"
+                #   },
+                # }
+              }
+              @non_utf8 = "\xc2".force_encoding('binary')
+              @cipher   = SymmetricEncryption::Cipher.new(
+                key:               'ABCDEF1234567890',
+                iv:                'ABCDEF1234567890',
+                cipher_name:       cipher_name,
+                encoding:          encoding,
+                always_add_header: always_add_header
+              )
+              h         = @encrypted_values[cipher_name][encoding] if @encrypted_values[cipher_name]
+              skip "Add @encrypted_values for cipher_name: #{cipher_name} and encoding: #{encoding}, value: #{@cipher.encrypt(@social_security_number).inspect}" unless h
+              @social_security_number_encrypted = h[always_add_header ? :header : :no_header]
+              @social_security_number_encrypted.force_encoding(Encoding.find('binary')) if encoding == :none
+            end
-      it 'build and parse header' do
-        assert random_key_pair = SymmetricEncryption::Cipher.random_key_pair('aes-128-cbc')
-        assert binary_header = SymmetricEncryption::Cipher.build_header(SymmetricEncryption.cipher.version, true, random_key_pair[:iv], random_key_pair[:key], random_key_pair[:cipher_name])
-        header = SymmetricEncryption::Cipher.parse_header!(binary_header)
-        assert_equal true, header.compressed
-        assert random_cipher = SymmetricEncryption::Cipher.new(random_key_pair)
-        assert_equal random_cipher.cipher_name, header.cipher_name, 'Ciphers differ'
-        assert_equal random_cipher.send(:key), header.key, 'Keys differ'
-        assert_equal random_cipher.send(:iv), header.iv, 'IVs differ'
+            it 'encrypt simple string' do
+              assert encrypted = @cipher.encrypt(@social_security_number)
+              assert_equal @social_security_number_encrypted, encrypted
+            end
-        string = 'Hello World'
-        cipher = SymmetricEncryption::Cipher.new(key: header.key, iv: header.iv, cipher_name: header.cipher_name)
-        # Test Encryption
-        assert_equal random_cipher.encrypt(string, false, false), cipher.encrypt(string, false, false), 'Encrypted values differ'
-      end
+            it 'decrypt string' do
+              assert decrypted = @cipher.decrypt(@social_security_number_encrypted)
+              assert_equal @social_security_number, decrypted
+              assert_equal Encoding.find('utf-8'), decrypted.encoding, decrypted
+            end
-      it 'encrypt and then decrypt without a header' do
-        assert encrypted = @cipher.binary_encrypt(@social_security_number, false, false, false)
-        assert_equal @social_security_number, @cipher.decrypt(encrypted)
-      end
+            it 'encrypt and decrypt string' do
+              assert encrypted = @cipher.encrypt(@social_security_number)
+              assert_equal @social_security_number_encrypted, encrypted
+              assert decrypted = @cipher.decrypt(encrypted)
+              assert_equal @social_security_number, decrypted
+              assert_equal Encoding.find('utf-8'), decrypted.encoding, decrypted
+            end
-      it 'encrypt and then decrypt using random iv' do
-        assert encrypted = @cipher.encrypt(@social_security_number, true)
-        assert_equal @social_security_number, @cipher.decrypt(encrypted)
-      end
+            it 'return BINARY encoding for non-UTF-8 encrypted data' do
+              assert_equal Encoding.find('binary'), @non_utf8.encoding
+              assert_equal true, @non_utf8.valid_encoding?
+              assert encrypted = @cipher.encrypt(@non_utf8)
+              assert decrypted = @cipher.decrypt(encrypted)
+              assert_equal true, decrypted.valid_encoding?
+              assert_equal Encoding.find('binary'), decrypted.encoding, decrypted
+              assert_equal @non_utf8, decrypted
+            end
-      it 'encrypt and then decrypt using random iv with compression' do
-        assert encrypted = @cipher.encrypt(@social_security_number, true, true)
-        assert_equal @social_security_number, @cipher.decrypt(encrypted)
-      end
+            it 'return nil when encrypting nil' do
+              assert_nil @cipher.encrypt(nil)
+            end
-    end
+            it "return '' when encrypting ''" do
+              assert_equal '', @cipher.encrypt('')
+            end
-  end
+            it 'return nil when decrypting nil' do
+              assert_nil @cipher.decrypt(nil)
+            end
-  describe '.generate_random_keys' do
-    describe 'with wrong params' do
-      it 'raises ArgumentError' do
-        error = assert_raises ArgumentError do
-          SymmetricEncryption::Cipher.generate_random_keys(wrong_params: '')
+            it "return '' when decrypting ''" do
+              assert_equal '', @cipher.decrypt('')
+            end
+          end
         end
-        assert_equal "SymmetricEncryption::Cipher Invalid options {:wrong_params=>\"\"}", error.message
-      end
-    end
-    describe 'without keys' do
-      it 'creates new keys' do
-        h = SymmetricEncryption::Cipher.generate_random_keys
-        assert_equal 'aes-256-cbc', h[:cipher_name]
-        assert_equal :base64strict, h[:encoding]
-        assert h.has_key?(:key), h
-        assert h.has_key?(:iv), h
       end
-    end
-    describe 'with keys' do
-      it 'creates new keys' do
-        h = SymmetricEncryption::Cipher.generate_random_keys(key: '', iv: '')
-        assert_equal 'aes-256-cbc', h[:cipher_name]
-        assert_equal :base64strict, h[:encoding]
-        assert h.has_key?(:key), h
-        assert h.has_key?(:iv), h
-      end
-    end
-    describe 'with encrypted keys' do
-      it 'creates new encrypted keys' do
-        key_encryption_key = SymmetricEncryption::KeyEncryptionKey.generate
-        h                  = SymmetricEncryption::Cipher.generate_random_keys(
-          encrypted_key:   '',
-          encrypted_iv:    '',
-          private_rsa_key: key_encryption_key
-        )
-        assert_equal 'aes-256-cbc', h[:cipher_name]
-        assert_equal :base64strict, h[:encoding]
-        assert h.has_key?(:encrypted_key), h
-        assert h.has_key?(:encrypted_iv), h
-      end
-      it 'exception on missing rsa key' do
-        assert_raises SymmetricEncryption::ConfigError do
-          SymmetricEncryption::Cipher.generate_random_keys(
-            encrypted_key: '',
-            encrypted_iv:  ''
+      describe 'with configuration' do
+        before do
+          @cipher                 = SymmetricEncryption::Cipher.new(
+            key:         '1234567890ABCDEF',
+            iv:          '1234567890ABCDEF',
+            cipher_name: 'aes-128-cbc',
+            encoding:    :none
           )
-        end
-      end
-    end
-    describe 'with files' do
-      before do
-        @key_filename = 'blah.key'
-        @iv_filename  = 'blah.iv'
-      end
+          @social_security_number = '987654321'
-      after do
-        File.delete(@key_filename) if File.exist?(@key_filename)
-        File.delete(@iv_filename) if File.exist?(@iv_filename)
-      end
+          @social_security_number_encrypted = "A\335*\314\336\250V\340\023%\000S\177\305\372\266"
+          @social_security_number_encrypted.force_encoding('binary')
-      it 'creates new files' do
-        key_encryption_key = SymmetricEncryption::KeyEncryptionKey.generate
-        h                  = SymmetricEncryption::Cipher.generate_random_keys(
-          key_filename:    @key_filename,
-          iv_filename:     @iv_filename,
-          private_rsa_key: key_encryption_key
-        )
-        assert_equal 'aes-256-cbc', h[:cipher_name]
-        assert_equal :base64strict, h[:encoding]
-        assert h.has_key?(:key_filename), h
-        assert h.has_key?(:iv_filename), h
-        assert File.exist?(@key_filename)
-        assert File.exist?(@iv_filename)
-      end
+          @sample_data = [
+            {text: '555052345', encrypted: ''}
+          ]
+        end
-      it 'exception on missing rsa key' do
-        assert_raises SymmetricEncryption::ConfigError do
-          SymmetricEncryption::Cipher.generate_random_keys(
-            key_filename:    @key_filename,
-            iv_filename:     @iv_filename
-          )
+        describe 'with header' do
+          before do
+            @social_security_number = '987654321'
+          end
+          it 'build and parse header' do
+            key = SymmetricEncryption::Key.new(cipher_name: 'aes-128-cbc')
+            assert binary_header = SymmetricEncryption::Cipher.build_header(SymmetricEncryption.cipher.version, true, key.iv, key.key, key.cipher_name)
+            header = SymmetricEncryption::Header.new
+            header.parse(binary_header)
+            assert_equal true, header.compressed?
+            assert random_cipher = SymmetricEncryption::Cipher.new(iv: key.iv, key: key.key, cipher_name: key.cipher_name)
+            assert_equal random_cipher.cipher_name, header.cipher_name, 'Ciphers differ'
+            assert_equal random_cipher.send(:key), header.key, 'Keys differ'
+            assert_equal random_cipher.send(:iv), header.iv, 'IVs differ'
+            string = 'Hello World'
+            cipher = SymmetricEncryption::Cipher.new(key: header.key, iv: header.iv, cipher_name: header.cipher_name)
+            # Test Encryption
+            assert_equal random_cipher.encrypt(string), cipher.encrypt(string), 'Encrypted values differ'
+          end
+          it 'encrypt and then decrypt without a header' do
+            assert encrypted = @cipher.binary_encrypt(@social_security_number, header: false)
+            assert_equal @social_security_number, @cipher.decrypt(encrypted)
+          end
+          it 'encrypt and then decrypt using random iv' do
+            assert encrypted = @cipher.encrypt(@social_security_number, random_iv: true)
+            assert_equal @social_security_number, @cipher.decrypt(encrypted)
+          end
+          it 'encrypt and then decrypt using random iv with compression' do
+            assert encrypted = @cipher.encrypt(@social_security_number, random_iv: true, compress: true)
+            assert_equal @social_security_number, @cipher.decrypt(encrypted)
+          end
         end
       end
     end
   end
 end