vidibus-secure 4.1.0 → 5.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4d886f3398f7020f815d6e221eb3565ab20a7f4fb06dc5c871e6377081cfa76b
-  data.tar.gz: 4c9b3d29d34cb6842501f77621bd237474a026f90ce79947b713d7173b2648df
+  metadata.gz: c9d380d702322a988f059216a27b6d95c586731ec993df538c825f6f54f926af
+  data.tar.gz: 728f0e8648e796193600aa80e1c273139fa2bb7cae94c7d6f218d826a4e9b37c
 SHA512:
-  metadata.gz: ef9c37941a53fc3a7c6cabfe1fa8e2d815742f4b1ae0584f1ca2c136e3b6da40c443d89a77691ca6d1e61dd06639123c66f189c702d2198e1e41b6c4fe3635ea
-  data.tar.gz: 98c0c152ccb1ccb413a1edd8329b02a1d346d49baf32b9d523b8f1501493f8fe75d43e7a2d50266300fcbbae749a60de919b40f8e391386d7afb7ee6e68813db
+  metadata.gz: 86f4aca57de013a1382e0daddf68fe1b1d98de481c26dc0f980ee5785a6054f0acebf67b6d9d2850c2553960b223246952c0b9a36dacfa168b39241b77e7f965
+  data.tar.gz: 72e92dc9831b38151ed908888e790845a49a056176ec281cc31f5ac596625b248351e10a193a4fe9aa47efb9e9f9ef5d1aaee058ae6bb3c0f531fb2f7b011615

data/README.md

@@ -14,15 +14,59 @@ If you want to use Vidibus::Secure::Mongoid on your models, you should generate
 
 ## Usage
 
-```
+```ruby
 class MyModel
   include Mongoid::Document
   include Vidibus::Secure::Mongoid
 
   attr_encrypted :my_secret
+end
+```
+
+Defining `attr_encrypted :my_secret` creates a setter and a getter for `my_secret`. You can use it like a normal attribute, but the value is stored encrypted with AES-256-GCM.
+
+
+## Encryption key
+
+The Mongoid integration looks up the encryption key on every read and write. The lookup order is:
+
+1. `Vidibus::Secure.key_resolver` — a callable (lambda or proc) returning the key.
+2. `ENV["VIDIBUS_SECURE_KEY"]` — fallback for simple deployments.
+
+If neither is set, `Vidibus::Secure::KeyError` is raised.
+
+The key passed in IS the AES key (32 bytes). Anything shorter or longer is reduced to 32 bytes via `SHA256(key)`.
+
+
+## Per-request key resolution
+
+For multi-tenant apps that need a different key per request (e.g. master DB vs. tenant DB), set a resolver early in the request lifecycle:
+
+```ruby
+# config/initializers/vidibus_secure.rb
+Vidibus::Secure.key_resolver = -> { Current.tenant&.encryption_key }
 ```
 
-Defining `attr_encrypted :my_secret` will create setter and getter for `my_secret`. You can use it like normal. But it will be stored encrypted.
+The resolver is consulted on every encrypted read/write, so swapping `Current.tenant` mid-request swaps the key. Direct callers of `Vidibus::Secure.encrypt(data, key)` still pass the key explicitly — the resolver only affects the Mongoid integration.
+
+
+## Storage format and migration
+
+New writes use AES-256-GCM with the layout `[0x02][12B IV][16B tag][ciphertext]` (then base64- or hex-encoded). Existing v4 (CBC) ciphertexts continue to decrypt transparently. To migrate stored values to the new format, iterate your records and reassign each encrypted attribute:
+
+```ruby
+MyModel.each do |m|
+  m.update(my_secret: m.my_secret)
+end
+```
+
+Tampered ciphertexts raise `Vidibus::Secure::DecryptError` rather than returning garbage — that's the GCM auth-tag win.
+
+A v4 ciphertext whose first byte happens to be `0x01` or `0x02` (≈0.78% of legacy blobs) will be misrouted by the version-byte dispatch and raise `DecryptError`. If you hit that during migration, force the legacy path:
+
+```ruby
+Vidibus::Secure.legacy_decrypt(blob, key)
+```
 
 
 ## Copyright

data/lib/vidibus/secure/mongoid.rb

@@ -2,33 +2,36 @@ module Vidibus
   module Secure
     module Mongoid
       extend ActiveSupport::Concern
+
       module ClassMethods
 
-        # Sets encrypted attributes.
+        # Defines encrypted attributes. The encryption key is
+        # resolved on every read and write via
+        # Vidibus::Secure.current_key, so callers can swap keys
+        # per request (e.g. tenant-scoped DB context).
         def attr_encrypted(*args)
-          key = ENV["VIDIBUS_SECURE_KEY"]
-          options = args.extract_options!
-          for field in args
-
-            # Define Mongoid field
-            encrypted_field = "#{field}_encrypted"
-            self.send(:field, encrypted_field, type: BSON::Binary)
+          args.extract_options!
+          args.each do |attr|
+            encrypted_field = "#{attr}_encrypted"
+            field encrypted_field, type: BSON::Binary
 
-            # Define setter
-            class_eval <<-EOV
-              def #{field}=(value)
-                self.#{encrypted_field} = value ?
-                  Vidibus::Secure.encrypt(value, "#{key}") :
-                  nil
+            define_method("#{attr}=") do |value|
+              if value.nil?
+                self[encrypted_field] = nil
+              else
+                blob = Vidibus::Secure.encrypt(
+                  value, Vidibus::Secure.current_key
+                )
+                self[encrypted_field] = BSON::Binary.new(blob)
               end
-            EOV
+            end
 
-            # Define getter
-            class_eval <<-EOV
-              def #{field}
-                Vidibus::Secure.decrypt(#{encrypted_field}.data, "#{key}") if #{encrypted_field}
-              end
-            EOV
+            define_method(attr) do
+              raw = self[encrypted_field]
+              return nil unless raw
+              data = raw.respond_to?(:data) ? raw.data : raw
+              Vidibus::Secure.decrypt(data, Vidibus::Secure.current_key)
+            end
           end
         end
       end

data/lib/vidibus/secure/version.rb

@@ -1,5 +1,5 @@
 module Vidibus
   module Secure
-    VERSION = '4.1.0'
+    VERSION = '5.0.0'
   end
 end

data/lib/vidibus/secure.rb

@@ -1,69 +1,116 @@
 module Vidibus
   module Secure
 
+    GCM_VERSION = 0x02
+    CBC_VERSION = 0x01
+    GCM_IV_LEN = 12
+    GCM_TAG_LEN = 16
+
     class Error < StandardError; end
     class KeyError < Error; end
     class InputError < Error; end
+    class DecryptError < Error; end
 
     class << self
 
+      attr_accessor :key_resolver
+
+      # Returns the key to use for Mongoid attr_encrypted.
+      # Resolver wins over ENV; raises if neither is set.
+      def current_key
+        resolved = key_resolver&.call
+        return resolved if resolved
+        return ENV['VIDIBUS_SECURE_KEY'] if ENV['VIDIBUS_SECURE_KEY']
+        raise KeyError,
+          'No encryption key — set Vidibus::Secure.key_resolver ' \
+          'or ENV["VIDIBUS_SECURE_KEY"]'
+      end
+
       # Define default settings for random, sign, and crypt.
       def settings
         @settings ||= {
-          :random => { :length => 50, :encoding => :base64 },
-          :sign => { :algorithm => "SHA256", :encoding => :hex },
-          :crypt => { :algorithm => "AES-256-CBC", :encoding => :base64 }
+          random: { length: 50, encoding: :base64 },
+          sign:   { algorithm: 'SHA256', encoding: :hex },
+          crypt:  { algorithm: 'AES-256-GCM', encoding: :base64 }
         }
       end
 
       # Returns a truly random string.
-      # Now it is not much more than an interface for Ruby's SecureRandom,
-      # but that might change over time.
-      #
-      # Options:
-      #   :length     Length of string to generate
-      #   :encoding   Encoding of string; hex or base64
-      #
-      # Keep in mind that a hexadecimal string is less secure
-      # than a base64 encoded string with the same length!
-      #
       def random(options = {})
         options = settings[:random].merge(options)
         length = options[:length]
-        SecureRandom.send(options[:encoding], length)[0,length]
+        SecureRandom.send(options[:encoding], length)[0, length]
       end
 
       # Returns signature of given data with given key.
       def sign(data, key, options = {})
-        raise KeyError.new("Please provide a secret key to sign data with.") unless key
+        unless key
+          raise KeyError.new(
+            'Please provide a secret key to sign data with.'
+          )
+        end
         options = settings[:sign].merge(options)
         digest = OpenSSL::Digest.new(options[:algorithm])
         signature = OpenSSL::HMAC.digest(digest, key, data)
         encode(signature, options)
       end
 
-      # Encrypts given data with given key.
+      # Encrypts given data with given key (AES-256-GCM).
       def encrypt(data, key, options = {})
-        raise KeyError.new("Please provide a secret key to encrypt data with.") unless key
-        options = settings[:crypt].merge(options)
-        unless data.is_a?(String)
-          data = JSON.generate(data)
+        unless key
+          raise KeyError.new(
+            'Please provide a secret key to encrypt data with.'
+          )
         end
-        encrypted_data = crypt(:encrypt, data, key, options)
-        encode(encrypted_data, options)
+        options = settings[:crypt].merge(options)
+        data = JSON.generate(data) unless data.is_a?(String)
+        blob = gcm_encrypt(data, derive_key(key))
+        encode(blob, options)
       end
 
-      # Decrypts given data with given key.
+      # Decrypts given data with given key. Dispatches on the
+      # version byte (0x02 GCM, 0x01 legacy CBC) and falls back
+      # to bare CBC (v4 layout) when no version byte is present.
       def decrypt(data, key, options = {})
-        raise KeyError.new("Please provide a secret key to decrypt data with.") unless key
+        unless key
+          raise KeyError.new(
+            'Please provide a secret key to decrypt data with.'
+          )
+        end
+        return data if data.nil? || data == ''
         options = settings[:crypt].merge(options)
-        decoded_data = decode(data, options)
-        decrypted_data = crypt(:decrypt, decoded_data, key, options)
-        return data unless decrypted_data
+        raw = decode(data, options)
+        plaintext = dispatch_decrypt(raw, key)
+        return data unless plaintext
         begin
-          JSON.parse(decrypted_data)
+          JSON.parse(plaintext)
         rescue JSON::ParserError
-          decrypted_data
+          plaintext
+        end
+      end
+
+      # Decrypts a v4 (CBC) ciphertext, forcing the legacy
+      # path. Use this only for the rare case where a v4 blob's
+      # first byte happens to be 0x01 or 0x02 and would
+      # otherwise be misrouted. The blob may carry a 0x01
+      # version byte preamble or be bare base64/hex.
+      def legacy_decrypt(data, key, options = {})
+        unless key
+          raise KeyError.new(
+            'Please provide a secret key to decrypt data with.'
+          )
+        end
+        return data if data.nil? || data == ''
+        options = settings[:crypt].merge(options)
+        raw = decode(data, options)
+        return nil unless raw && raw != ''
+        ct = raw.getbyte(0) == CBC_VERSION ?
+          raw.byteslice(1, raw.bytesize - 1) : raw
+        plaintext = cbc_decrypt(ct, key)
+        begin
+          JSON.parse(plaintext)
+        rescue JSON::ParserError
+          plaintext
         end
       end
 
@@ -71,30 +118,40 @@ module Vidibus
       def sign_request(verb, path, params, key, signature_param = nil)
         default_signature_param = :sign
         params_given = !!params
-        raise InputError.new("Given params is not a Hash.") if params_given and !params.is_a?(Hash)
+        if params_given && !params.is_a?(Hash)
+          raise InputError.new('Given params is not a Hash.')
+        end
         params = {} unless params_given
-        signature_param ||= (params_given and params.keys.first.is_a?(String)) ? default_signature_param.to_s : default_signature_param
+        signature_param ||=
+          if params_given && params.keys.first.is_a?(String)
+            default_signature_param.to_s
+          else
+            default_signature_param
+          end
 
         uri = URI.parse(path)
         path_params = Rack::Utils.parse_nested_query(uri.query)
         uri.query = nil
 
         _verb = verb.to_s.downcase
-        _params = (params.merge(path_params)).except(signature_param.to_s, signature_param.to_s.to_sym)
+        _params = params.merge(path_params).
+          except(signature_param.to_s, signature_param.to_s.to_sym)
 
         signature_string = [
           _verb,
-          uri.to_s.gsub(/\/+$/, ""),
-          _params.any? ? params_identifier(_params) : ""
-        ].join("|")
+          uri.to_s.gsub(/\/+$/, ''),
+          _params.any? ? params_identifier(_params) : ''
+        ].join('|')
 
         signature = sign(signature_string, key)
 
-        if %w[post put].include?(_verb) or (params_given and path_params.empty?)
+        if %w[post put].include?(_verb) ||
+            (params_given && path_params.empty?)
           params[signature_param] = signature
         else
-          unless path.gsub!(/(#{signature_param}=)[^&]+/, "\\1#{signature}")
-            glue = path.match(/\?/) ? "&" : "?"
+          unless path.gsub!(/(#{signature_param}=)[^&]+/,
+                            "\\1#{signature}")
+            glue = path.match(/\?/) ? '&' : '?'
             path << "#{glue}#{signature_param}=#{signature}"
           end
         end
@@ -107,36 +164,84 @@ module Vidibus
         _path = path.dup
         _params = params.dup
         sign_request(verb, _path, _params, key, signature_param)
-        return (path == _path and params == _params)
+        path == _path && params == _params
       end
 
       protected
 
-      def crypt(cipher_method, data, key, options = {})
-        return unless data && data != ''
-        cipher = OpenSSL::Cipher.new(options[:algorithm])
-        digest = OpenSSL::Digest::SHA512.new(key).digest
-        cipher.send(cipher_method)
-        cipher.pkcs5_keyivgen(digest)
-        result = cipher.update(data)
-        result << cipher.final
+      # Ensure the AES key is exactly 32 bytes. SHA256-derive
+      # otherwise (per 5.0 — no more pkcs5_keyivgen for GCM).
+      def derive_key(key)
+        return key if key.is_a?(String) && key.bytesize == 32
+        OpenSSL::Digest::SHA256.new(key.to_s).digest
+      end
+
+      def gcm_encrypt(plaintext, key)
+        cipher = OpenSSL::Cipher.new('AES-256-GCM')
+        cipher.encrypt
+        cipher.key = key
+        iv = cipher.random_iv # 12 bytes by default for GCM
+        ct = cipher.update(plaintext) + cipher.final
+        tag = cipher.auth_tag(GCM_TAG_LEN)
+        ([GCM_VERSION].pack('C') + iv + tag + ct).b
+      end
+
+      def gcm_decrypt(raw, key)
+        body = raw.byteslice(1, raw.bytesize - 1) || ''
+        if body.bytesize < GCM_IV_LEN + GCM_TAG_LEN
+          raise DecryptError, 'GCM payload too short'
+        end
+        iv  = body.byteslice(0, GCM_IV_LEN)
+        tag = body.byteslice(GCM_IV_LEN, GCM_TAG_LEN)
+        ct  = body.byteslice(GCM_IV_LEN + GCM_TAG_LEN,
+                             body.bytesize - GCM_IV_LEN - GCM_TAG_LEN)
+        cipher = OpenSSL::Cipher.new('AES-256-GCM')
+        cipher.decrypt
+        cipher.key = key
+        cipher.iv = iv
+        cipher.auth_tag = tag
+        cipher.update(ct.to_s) + cipher.final
+      rescue OpenSSL::Cipher::CipherError => e
+        raise DecryptError, "GCM decryption failed: #{e.message}"
+      end
+
+      def cbc_decrypt(ct, key)
+        cipher = OpenSSL::Cipher.new('AES-256-CBC')
+        cipher.decrypt
+        cipher.pkcs5_keyivgen(OpenSSL::Digest::SHA512.new(key).digest)
+        cipher.update(ct) + cipher.final
+      rescue OpenSSL::Cipher::CipherError => e
+        raise DecryptError, "CBC decryption failed: #{e.message}"
+      end
+
+      def dispatch_decrypt(raw, key)
+        return nil unless raw && raw != ''
+        case raw.getbyte(0)
+        when GCM_VERSION
+          gcm_decrypt(raw, derive_key(key))
+        when CBC_VERSION
+          cbc_decrypt(raw.byteslice(1, raw.bytesize - 1), key)
+        else
+          # bare CBC (v4 layout, no version byte)
+          cbc_decrypt(raw, key)
+        end
       end
 
       def encode(data, options = {})
         return unless data
         if options[:encoding] == :hex
-          data.unpack("H*").join
+          data.unpack('H*').join
         elsif options[:encoding] == :base64
-          [data].pack("m*")
+          [data].pack('m*')
         end
       end
 
       def decode(data, options = {})
         return unless data
         if options[:encoding] == :hex
-          [data].pack("H*")
+          [data].pack('H*')
         elsif options[:encoding] == :base64
-          data.unpack("m*").join
+          data.unpack('m*').join
         end
       end
 
@@ -149,12 +254,12 @@ module Vidibus
       def params_identifier(params, level = 1)
         array = []
         for key, value in params
-          if value.is_a?(Array) or value.is_a?(Hash)
+          if value.is_a?(Array) || value.is_a?(Hash)
             value = params_identifier(value, level + 1)
           end
           array << "#{level}:#{key}:#{value}"
         end
-        array.sort.join("|")
+        array.sort.join('|')
       end
     end
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: vidibus-secure
 version: !ruby/object:Gem::Version
-  version: 4.1.0
+  version: 5.0.0
 platform: ruby
 authors:
 - Andre Pankratz