RubyGems - symmetric-encryption - Versions diffs - 3.9.1 → 4.0.0.beta3 - Mend

symmetric-encryption 3.9.1 → 4.0.0.beta3

Files changed (46) hide show

checksums.yaml +4 -4
data/README.md +72 -0
data/bin/symmetric-encryption +5 -0
data/lib/symmetric_encryption/cipher.rb +162 -419
data/lib/symmetric_encryption/cli.rb +343 -0
data/lib/symmetric_encryption/coerce.rb +5 -20
data/lib/symmetric_encryption/config.rb +128 -50
data/lib/symmetric_encryption/extensions/mongo_mapper/plugins/encrypted_key.rb +2 -2
data/lib/symmetric_encryption/generator.rb +3 -2
data/lib/symmetric_encryption/header.rb +260 -0
data/lib/symmetric_encryption/key.rb +106 -0
data/lib/symmetric_encryption/keystore/environment.rb +90 -0
data/lib/symmetric_encryption/keystore/file.rb +102 -0
data/lib/symmetric_encryption/keystore/memory.rb +53 -0
data/lib/symmetric_encryption/keystore.rb +124 -0
data/lib/symmetric_encryption/railtie.rb +5 -7
data/lib/symmetric_encryption/reader.rb +74 -55
data/lib/symmetric_encryption/rsa_key.rb +24 -0
data/lib/symmetric_encryption/symmetric_encryption.rb +64 -102
data/lib/symmetric_encryption/utils/re_encrypt_files.rb +140 -0
data/lib/symmetric_encryption/version.rb +1 -1
data/lib/symmetric_encryption/writer.rb +104 -117
data/lib/symmetric_encryption.rb +9 -4
data/test/active_record_test.rb +61 -40
data/test/cipher_test.rb +179 -236
data/test/config/symmetric-encryption.yml +140 -82
data/test/header_test.rb +218 -0
data/test/key_test.rb +231 -0
data/test/keystore/environment_test.rb +119 -0
data/test/keystore/file_test.rb +125 -0
data/test/keystore_test.rb +59 -0
data/test/mongoid_test.rb +13 -13
data/test/reader_test.rb +52 -53
data/test/symmetric_encryption_test.rb +50 -135
data/test/test_db.sqlite3 +0 -0
data/test/writer_test.rb +52 -31
metadata +26 -14
data/examples/symmetric-encryption.yml +0 -108
data/lib/rails/generators/symmetric_encryption/config/config_generator.rb +0 -22
data/lib/rails/generators/symmetric_encryption/config/templates/symmetric-encryption.yml +0 -50
data/lib/rails/generators/symmetric_encryption/heroku_config/heroku_config_generator.rb +0 -20
data/lib/rails/generators/symmetric_encryption/heroku_config/templates/symmetric-encryption.yml +0 -78
data/lib/rails/generators/symmetric_encryption/new_keys/new_keys_generator.rb +0 -14
data/lib/symmetric_encryption/key_encryption_key.rb +0 -32
data/lib/symmetric_encryption/railties/symmetric_encryption.rake +0 -84
data/lib/symmetric_encryption/utils/re_encrypt_config_files.rb +0 -82

data/test/cipher_test.rb CHANGED Viewed

@@ -1,267 +1,210 @@
 require_relative 'test_helper'
-# Unit Test for SymmetricEncryption::Cipher
-#
+# Tests for SymmetricEncryption::Cipher
 class CipherTest < Minitest::Test
-  describe 'standalone' do
-    it 'allow setting the cipher_name' do
-      cipher = SymmetricEncryption::Cipher.new(
-        cipher_name: 'aes-128-cbc',
-        key:         '1234567890ABCDEF',
-        iv:          '1234567890ABCDEF',
-        encoding:    :none
-      )
-      assert_equal 'aes-128-cbc', cipher.cipher_name
-    end
-    it 'not require an iv' do
-      cipher = SymmetricEncryption::Cipher.new(
-        key:      '1234567890ABCDEF1234567890ABCDEF',
-        encoding: :none
-      )
-      result = "\302<\351\227oj\372\3331\310\260V\001\v'\346"
-      # Note: This test fails on JRuby 1.7 RC1 since it's OpenSSL
-      #       behaves differently when no IV is supplied.
-      #       It instead encrypts to the following value:
-      # result = "0h\x92\x88\xA1\xFE\x8D\xF5\xF3v\x82\xAF(P\x83Y"
-      result.force_encoding('binary') if defined?(Encoding)
-      assert_equal result, cipher.encrypt('Hello World')
-    end
-    it 'throw an exception on bad data' do
-      cipher = SymmetricEncryption::Cipher.new(
-        cipher_name: 'aes-128-cbc',
-        key:         '1234567890ABCDEF',
-        iv:          '1234567890ABCDEF',
-        encoding:    :none
-      )
-      assert_raises OpenSSL::Cipher::CipherError do
-        cipher.decrypt('bad data')
-      end
-    end
-  end
-  [false, true].each do |always_add_header|
-    [:none, :base64, :base64strict, :base16].each do |encoding|
-      describe "encoding: #{encoding} with#{'out' unless always_add_header} header" do
-        before do
-          @social_security_number                            = '987654321'
-          @social_security_number_encrypted                  =
-            case encoding
-            when :base64
-              always_add_header ? "QEVuQwAAyTeLjsHTa8ykoO95K0KQmg==\n" : "yTeLjsHTa8ykoO95K0KQmg==\n"
-            when :base64strict
-              always_add_header ? 'QEVuQwAAyTeLjsHTa8ykoO95K0KQmg==' : 'yTeLjsHTa8ykoO95K0KQmg=='
-            when :base16
-              always_add_header ? '40456e430000c9378b8ec1d36bcca4a0ef792b42909a' : 'c9378b8ec1d36bcca4a0ef792b42909a'
-            when :none
-              bin = always_add_header ? "@EnC\x00\x00\xC97\x8B\x8E\xC1\xD3k\xCC\xA4\xA0\xEFy+B\x90\x9A" : "\xC97\x8B\x8E\xC1\xD3k\xCC\xA4\xA0\xEFy+B\x90\x9A"
-              bin.force_encoding(Encoding.find('binary'))
-            else
-              raise "Add test for encoding: #{encoding}"
-            end
-          @social_security_number_encrypted_with_secondary_1 = "D1UCu38pqJ3jc0GvwJHiow==\n"
-          @non_utf8                                          = "\xc2".force_encoding('binary')
-          @cipher                                            = SymmetricEncryption::Cipher.new(
-            key:               'ABCDEF1234567890',
-            iv:                'ABCDEF1234567890',
-            cipher_name:       'aes-128-cbc',
-            encoding:          encoding,
-            always_add_header: always_add_header
+  ['aes-128-cbc'].each do |cipher_name|
+    #['aes-128-cbc', 'aes-128-gcm'].each do |cipher_name|
+    describe "Cipher: #{cipher_name}" do
+      describe 'standalone' do
+        it 'allows setting the cipher_name' do
+          cipher = SymmetricEncryption::Cipher.new(
+            cipher_name: cipher_name,
+            key:         '1234567890ABCDEF',
+            iv:          '1234567890ABCDEF',
+            encoding:    :none
           )
+          assert_equal cipher_name, cipher.cipher_name
         end
-        it 'encrypt simple string' do
-          assert_equal @social_security_number_encrypted, @cipher.encrypt(@social_security_number)
-        end
-        it 'decrypt string' do
-          assert decrypted = @cipher.decrypt(@social_security_number_encrypted)
-          assert_equal @social_security_number, decrypted
-          assert_equal Encoding.find('utf-8'), decrypted.encoding, decrypted
-        end
-        it 'return BINARY encoding for non-UTF-8 encrypted data' do
-          assert_equal Encoding.find('binary'), @non_utf8.encoding
-          assert_equal true, @non_utf8.valid_encoding?
-          assert encrypted = @cipher.encrypt(@non_utf8)
-          assert decrypted = @cipher.decrypt(encrypted)
-          assert_equal true, decrypted.valid_encoding?
-          assert_equal Encoding.find('binary'), decrypted.encoding, decrypted
-          assert_equal @non_utf8, decrypted
-        end
-        it 'return nil when encrypting nil' do
-          assert_nil @cipher.encrypt(nil)
-        end
-        it "return '' when encrypting ''" do
-          assert_equal '', @cipher.encrypt('')
-        end
-        it 'return nil when decrypting nil' do
-          assert_nil @cipher.decrypt(nil)
+        it 'does not require an iv' do
+          cipher = SymmetricEncryption::Cipher.new(
+            key:               '1234567890ABCDEF',
+            cipher_name:       cipher_name,
+            encoding:          :none,
+            always_add_header: false
+          )
+          assert result = cipher.encrypt('Hello World')
+          assert_equal 'Hello World', cipher.decrypt(result)
         end
-        it "return '' when decrypting ''" do
-          assert_equal '', @cipher.decrypt('')
+        it 'throw an exception on bad data' do
+          cipher = SymmetricEncryption::Cipher.new(
+            cipher_name: cipher_name,
+            key:         '1234567890ABCDEF',
+            iv:          '1234567890ABCDEF',
+            encoding:    :none
+          )
+          assert_raises OpenSSL::Cipher::CipherError do
+            cipher.decrypt('bad data')
+          end
         end
       end
-    end
-  end
-  describe 'with configuration' do
-    before do
-      @cipher                 = SymmetricEncryption::Cipher.new(
-        key:      '1234567890ABCDEF1234567890ABCDEF',
-        iv:       '1234567890ABCDEF',
-        encoding: :none
-      )
-      @social_security_number = '987654321'
-      @social_security_number_encrypted = "A\335*\314\336\250V\340\023%\000S\177\305\372\266"
-      @social_security_number_encrypted.force_encoding('binary') if defined?(Encoding)
-      @sample_data = [
-        {text: '555052345', encrypted: ''}
-      ]
-    end
-    it "default to 'aes-256-cbc'" do
-      assert_equal 'aes-256-cbc', @cipher.cipher_name
-    end
-    describe 'with header' do
-      before do
-        @social_security_number = '987654321'
-      end
+      [false, true].each do |always_add_header|
+        [:none, :base64, :base64strict, :base16].each do |encoding|
+          describe "encoding: #{encoding} with#{'out' unless always_add_header} header" do
+            before do
+              @social_security_number = '987654321'
+              @encrypted_values       = {
+                'aes-128-cbc' => {
+                  base64:       {
+                    header:    "QEVuQwAAyTeLjsHTa8ykoO95K0KQmg==\n",
+                    no_header: "yTeLjsHTa8ykoO95K0KQmg==\n"
+                  },
+                  base64strict: {
+                    header:    'QEVuQwAAyTeLjsHTa8ykoO95K0KQmg==',
+                    no_header: 'yTeLjsHTa8ykoO95K0KQmg=='
+                  },
+                  base16:       {
+                    header:    '40456e430000c9378b8ec1d36bcca4a0ef792b42909a',
+                    no_header: 'c9378b8ec1d36bcca4a0ef792b42909a'
+                  },
+                  none:         {
+                    header:    "@EnC\x00\x00\xC97\x8B\x8E\xC1\xD3k\xCC\xA4\xA0\xEFy+B\x90\x9A",
+                    no_header: "\xC97\x8B\x8E\xC1\xD3k\xCC\xA4\xA0\xEFy+B\x90\x9A"
+                  },
+                },
+                # 'aes-128-gcm' => {
+                #   base64:       {
+                #     header:    "QEVuQwAAOcqz9UDbd1Sn\n",
+                #     no_header: "Ocqz9UDbd1Sn\n"
+                #   },
+                #   base64strict: {
+                #     header:    'QEVuQwAAOcqz9UDbd1Sn',
+                #     no_header: 'Ocqz9UDbd1Sn'
+                #   },
+                #   base16:       {
+                #     header:    '40456e43000039cab3f540db7754a7',
+                #     no_header: '39cab3f540db7754a7'
+                #   },
+                #   none:         {
+                #     header:    "@EnC\x00\x009\xCA\xB3\xF5@\xDBwT\xA7",
+                #     no_header: "9\xCA\xB3\xF5@\xDBwT\xA7"
+                #   },
+                # }
+              }
+              @non_utf8 = "\xc2".force_encoding('binary')
+              @cipher   = SymmetricEncryption::Cipher.new(
+                key:               'ABCDEF1234567890',
+                iv:                'ABCDEF1234567890',
+                cipher_name:       cipher_name,
+                encoding:          encoding,
+                always_add_header: always_add_header
+              )
+              h         = @encrypted_values[cipher_name][encoding] if @encrypted_values[cipher_name]
+              skip "Add @encrypted_values for cipher_name: #{cipher_name} and encoding: #{encoding}, value: #{@cipher.encrypt(@social_security_number).inspect}" unless h
+              @social_security_number_encrypted = h[always_add_header ? :header : :no_header]
+              @social_security_number_encrypted.force_encoding(Encoding.find('binary')) if encoding == :none
+            end
-      it 'build and parse header' do
-        assert random_key_pair = SymmetricEncryption::Cipher.random_key_pair('aes-128-cbc')
-        assert binary_header = SymmetricEncryption::Cipher.build_header(SymmetricEncryption.cipher.version, true, random_key_pair[:iv], random_key_pair[:key], random_key_pair[:cipher_name])
-        header = SymmetricEncryption::Cipher.parse_header!(binary_header)
-        assert_equal true, header.compressed
-        assert random_cipher = SymmetricEncryption::Cipher.new(random_key_pair)
-        assert_equal random_cipher.cipher_name, header.cipher_name, 'Ciphers differ'
-        assert_equal random_cipher.send(:key), header.key, 'Keys differ'
-        assert_equal random_cipher.send(:iv), header.iv, 'IVs differ'
+            it 'encrypt simple string' do
+              assert encrypted = @cipher.encrypt(@social_security_number)
+              assert_equal @social_security_number_encrypted, encrypted
+            end
-        string = 'Hello World'
-        cipher = SymmetricEncryption::Cipher.new(key: header.key, iv: header.iv, cipher_name: header.cipher_name)
-        # Test Encryption
-        assert_equal random_cipher.encrypt(string, false, false), cipher.encrypt(string, false, false), 'Encrypted values differ'
-      end
+            it 'decrypt string' do
+              assert decrypted = @cipher.decrypt(@social_security_number_encrypted)
+              assert_equal @social_security_number, decrypted
+              assert_equal Encoding.find('utf-8'), decrypted.encoding, decrypted
+            end
-      it 'encrypt and then decrypt without a header' do
-        assert encrypted = @cipher.binary_encrypt(@social_security_number, false, false, false)
-        assert_equal @social_security_number, @cipher.decrypt(encrypted)
-      end
+            it 'encrypt and decrypt string' do
+              assert encrypted = @cipher.encrypt(@social_security_number)
+              assert_equal @social_security_number_encrypted, encrypted
+              assert decrypted = @cipher.decrypt(encrypted)
+              assert_equal @social_security_number, decrypted
+              assert_equal Encoding.find('utf-8'), decrypted.encoding, decrypted
+            end
-      it 'encrypt and then decrypt using random iv' do
-        assert encrypted = @cipher.encrypt(@social_security_number, true)
-        assert_equal @social_security_number, @cipher.decrypt(encrypted)
-      end
+            it 'return BINARY encoding for non-UTF-8 encrypted data' do
+              assert_equal Encoding.find('binary'), @non_utf8.encoding
+              assert_equal true, @non_utf8.valid_encoding?
+              assert encrypted = @cipher.encrypt(@non_utf8)
+              assert decrypted = @cipher.decrypt(encrypted)
+              assert_equal true, decrypted.valid_encoding?
+              assert_equal Encoding.find('binary'), decrypted.encoding, decrypted
+              assert_equal @non_utf8, decrypted
+            end
-      it 'encrypt and then decrypt using random iv with compression' do
-        assert encrypted = @cipher.encrypt(@social_security_number, true, true)
-        assert_equal @social_security_number, @cipher.decrypt(encrypted)
-      end
+            it 'return nil when encrypting nil' do
+              assert_nil @cipher.encrypt(nil)
+            end
-    end
+            it "return '' when encrypting ''" do
+              assert_equal '', @cipher.encrypt('')
+            end
-  end
+            it 'return nil when decrypting nil' do
+              assert_nil @cipher.decrypt(nil)
+            end
-  describe '.generate_random_keys' do
-    describe 'with wrong params' do
-      it 'raises ArgumentError' do
-        error = assert_raises ArgumentError do
-          SymmetricEncryption::Cipher.generate_random_keys(wrong_params: '')
+            it "return '' when decrypting ''" do
+              assert_equal '', @cipher.decrypt('')
+            end
+          end
         end
-        assert_equal "SymmetricEncryption::Cipher Invalid options {:wrong_params=>\"\"}", error.message
-      end
-    end
-    describe 'without keys' do
-      it 'creates new keys' do
-        h = SymmetricEncryption::Cipher.generate_random_keys
-        assert_equal 'aes-256-cbc', h[:cipher_name]
-        assert_equal :base64strict, h[:encoding]
-        assert h.has_key?(:key), h
-        assert h.has_key?(:iv), h
       end
-    end
-    describe 'with keys' do
-      it 'creates new keys' do
-        h = SymmetricEncryption::Cipher.generate_random_keys(key: '', iv: '')
-        assert_equal 'aes-256-cbc', h[:cipher_name]
-        assert_equal :base64strict, h[:encoding]
-        assert h.has_key?(:key), h
-        assert h.has_key?(:iv), h
-      end
-    end
-    describe 'with encrypted keys' do
-      it 'creates new encrypted keys' do
-        key_encryption_key = SymmetricEncryption::KeyEncryptionKey.generate
-        h                  = SymmetricEncryption::Cipher.generate_random_keys(
-          encrypted_key:   '',
-          encrypted_iv:    '',
-          private_rsa_key: key_encryption_key
-        )
-        assert_equal 'aes-256-cbc', h[:cipher_name]
-        assert_equal :base64strict, h[:encoding]
-        assert h.has_key?(:encrypted_key), h
-        assert h.has_key?(:encrypted_iv), h
-      end
-      it 'exception on missing rsa key' do
-        assert_raises SymmetricEncryption::ConfigError do
-          SymmetricEncryption::Cipher.generate_random_keys(
-            encrypted_key: '',
-            encrypted_iv:  ''
+      describe 'with configuration' do
+        before do
+          @cipher                 = SymmetricEncryption::Cipher.new(
+            key:         '1234567890ABCDEF',
+            iv:          '1234567890ABCDEF',
+            cipher_name: 'aes-128-cbc',
+            encoding:    :none
           )
-        end
-      end
-    end
-    describe 'with files' do
-      before do
-        @key_filename = 'blah.key'
-        @iv_filename  = 'blah.iv'
-      end
+          @social_security_number = '987654321'
-      after do
-        File.delete(@key_filename) if File.exist?(@key_filename)
-        File.delete(@iv_filename) if File.exist?(@iv_filename)
-      end
+          @social_security_number_encrypted = "A\335*\314\336\250V\340\023%\000S\177\305\372\266"
+          @social_security_number_encrypted.force_encoding('binary')
-      it 'creates new files' do
-        key_encryption_key = SymmetricEncryption::KeyEncryptionKey.generate
-        h                  = SymmetricEncryption::Cipher.generate_random_keys(
-          key_filename:    @key_filename,
-          iv_filename:     @iv_filename,
-          private_rsa_key: key_encryption_key
-        )
-        assert_equal 'aes-256-cbc', h[:cipher_name]
-        assert_equal :base64strict, h[:encoding]
-        assert h.has_key?(:key_filename), h
-        assert h.has_key?(:iv_filename), h
-        assert File.exist?(@key_filename)
-        assert File.exist?(@iv_filename)
-      end
+          @sample_data = [
+            {text: '555052345', encrypted: ''}
+          ]
+        end
-      it 'exception on missing rsa key' do
-        assert_raises SymmetricEncryption::ConfigError do
-          SymmetricEncryption::Cipher.generate_random_keys(
-            key_filename:    @key_filename,
-            iv_filename:     @iv_filename
-          )
+        describe 'with header' do
+          before do
+            @social_security_number = '987654321'
+          end
+          it 'build and parse header' do
+            key = SymmetricEncryption::Key.new(cipher_name: 'aes-128-cbc')
+            assert binary_header = SymmetricEncryption::Cipher.build_header(SymmetricEncryption.cipher.version, true, key.iv, key.key, key.cipher_name)
+            header = SymmetricEncryption::Header.new
+            header.parse(binary_header)
+            assert_equal true, header.compressed?
+            assert random_cipher = SymmetricEncryption::Cipher.new(iv: key.iv, key: key.key, cipher_name: key.cipher_name)
+            assert_equal random_cipher.cipher_name, header.cipher_name, 'Ciphers differ'
+            assert_equal random_cipher.send(:key), header.key, 'Keys differ'
+            assert_equal random_cipher.send(:iv), header.iv, 'IVs differ'
+            string = 'Hello World'
+            cipher = SymmetricEncryption::Cipher.new(key: header.key, iv: header.iv, cipher_name: header.cipher_name)
+            # Test Encryption
+            assert_equal random_cipher.encrypt(string), cipher.encrypt(string), 'Encrypted values differ'
+          end
+          it 'encrypt and then decrypt without a header' do
+            assert encrypted = @cipher.binary_encrypt(@social_security_number, header: false)
+            assert_equal @social_security_number, @cipher.decrypt(encrypted)
+          end
+          it 'encrypt and then decrypt using random iv' do
+            assert encrypted = @cipher.encrypt(@social_security_number, random_iv: true)
+            assert_equal @social_security_number, @cipher.decrypt(encrypted)
+          end
+          it 'encrypt and then decrypt using random iv with compression' do
+            assert encrypted = @cipher.encrypt(@social_security_number, random_iv: true, compress: true)
+            assert_equal @social_security_number, @cipher.decrypt(encrypted)
+          end
         end
       end
     end
   end
 end