yasst 0.1.1 → 0.2.0

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    N2Y1N2Y4ZjIwNDY5ZjUzNWNmNDQzOTU0OTIzZDRhN2ViZWFkMTcxYg==
+    MWIyYWE0MWYyMmM2ZTJmMjJlMjMzMDUwNmZjMzA5MDdmMDZhZjdjNw==
   data.tar.gz: !binary |-
-    M2ExMWRhNDA2MDYzZjhmMTk2NTkzMDllZWNjMmRhMjM3NDk5ZTE1MA==
+    NmNkODBiNTMwYmIxYmZiZTMxY2RhOGRmOTFmMTNjODIwMGVkYTZkOA==
 SHA512:
   metadata.gz: !binary |-
-    ZTE2MWQ0NGY1YjBkODUxY2YyYTE5NzA4ZWJmZjllNTcwM2RiYjY5NzU2NmUx
-    MGIxNWNlMjhhZjA3MmMwYWRmN2U2YzIyZWM3MTAxYjI3NzA5MDFmNTEyMWJh
-    NWQ3YzI5YzI3ZTc1ODViMDc5YzllM2UyN2IwYjdjNjZkZDNkMDQ=
+    YWVjNmY5NjVkYjRkNzljZjI0NThjNzU0OWYwOWYwNzA5YzBmNGM2NDIwOTI2
+    ZDQ4MWQ1OWJkZWVjZmU4NjAzNjNiMWEyNDk1NmQ3YjJjMjAxOWU3ZjBhZjg5
+    OWM1YTUxMzY4M2ViMGIwYjg5ZGJmZTQwNTk5NmI2NmE2NGI1ODM=
   data.tar.gz: !binary |-
-    ZDc4NWYzYWMwZWQ0MWZhZjM4ODQ4ZmEyYWQ1NmExOTVlM2FmN2NhMGY2MTI2
-    NWZkMWZiOWFiNjcxMDJlMzU0Zjk3Mzc2OTE4YWZkMWFhNWE0MzcxOTlmY2Qz
-    ODk5YjlkYTZhZGZmNDk0YWYzYzNhNzJjNTA1YTlhZGU1YTc2YzI=
+    ZGUzOGRmMzg5NjgzNDc3N2I5ODA3MzExMjliOWI4ZWFiNzY1N2VkZjM3YTZi
+    Yzc1ZjA0MDNlZmJjMWRkNjViYTljYTA1ZDZlZWIxMDg1ZTk4NjNjZDk5ODgy
+    MGE5M2JkMzZhNGUyNTk4MzAwNmQ0NTMzNGM4ZGUwODY5Y2NkZDk=

data/CHANGELOG.md

@@ -2,7 +2,11 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
-## [Unreleased]
+## [0.2.0] - 2016-03-10
+### Added
+* First implementation of YasstFile encrypt/decrypt actions
+### Changed
+* Update README with gem release instructions
 
 ## [0.1.1] - 2016-02-11
 ### Changed
@@ -15,6 +19,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 ### Added
 * Initial Release
 
-[Unreleased]: https://github.com/rdark/yasst/compare/0.1.1...develop
+[Unreleased]: https://github.com/rdark/yasst/compare/0.2.0...develop
+[0.2.0]: https://github.com/rdark/yasst/compare/0.1.1...0.2.0
 [0.1.1]: https://github.com/rdark/yasst/tree/0.1.0...0.1.1
 [0.1.0]: https://github.com/rdark/yasst/tree/0.1.0

data/README.md

@@ -72,7 +72,29 @@ Additionally, the OpenSSL provider will ensure that there is:
 
 ### YasstFile
 
-    NotImplementedError
+Still under active development, interface may change
+
+#### Set up a Provider
+
+    provider = Yasst::Provider::OpenSSL.new(passphrase: 'a really strong passphrase')
+    
+#### Encrypt a YasstFile
+
+    file = YasstFile.new('/tmp/plain_file.txt')
+    file.provider = provider
+    file.encrypted?
+    => false
+    file.encrypt
+    => "/tmp/plain_file.txt.aes"
+
+#### Decrypt a YasstFile
+
+    file = YasstFile.new('/tmp/plain_file.txt.aes')
+    file.provider = provider
+    file.encrypted?
+    => true
+    file.decrypt
+    => "/tmp/plain_file.txt"
 
 ## Installation
 
@@ -92,9 +114,22 @@ Or install it yourself as:
 
 ## Development
 
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+After checking out the repo, run `bin/setup` to install dependencies. Then, run
+`rake` to run the tests. You can also run `bin/console` for an interactive
+prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`.
+
+To release a new version, use [git flow][git_flow] (e.g `git flow release start
+0.1.2`) to create a release branch.  Once on the release branch, update
+`lib/yasst/version.rb` with the version number, and update `CHANGELOG.md` with
+the changes. Once committed, push the changes (and sign them) using `git flow
+release finish -sp $version` (where `$version`) is the new version.
+[Travis][travis_yasst] will create a new rubygem release on receiving a new
+tag.
 
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+[travis_yasst]: https://travis-ci.org/rdark/yasst
+[git_flow]: http://nvie.com/posts/a-successful-git-branching-model/
 
 ## Contributing
 

data/TODO.md

@@ -2,7 +2,7 @@
 
 ## General Functionality
 
-* YasstFile Implementation
+* secure file delete/scrubbing
 * support for larger-than-memory files
 * support for authenticated cipher modes
 * support for OpenPGP crypto provider

data/lib/yasst/error.rb

@@ -11,6 +11,7 @@ module Yasst
     class InvalidCryptoProfile < self; end
     class InvalidCryptoAlgorithm < self; end
     class InvalidPassPhrase < self; end
+    class InvalidFileDestination < self; end
     class AlreadyEncrypted < self; end
     class AlreadyDecrypted < self; end
   end

data/lib/yasst/profiles/openssl.rb

@@ -30,6 +30,13 @@ module Yasst
           (self.pbkdf2_iterations = args[:pbkdf2_iterations])
       end
 
+      ##
+      # files matching this are deemed to be already encrypted by default
+      # TODO: auto file extension based on the algorithm in use
+      def file_extension
+        'aes'
+      end
+
       # setter method for algorithm
       def algorithm=(alg)
         valgs = Yasst::Primatives::OpenSSL::Metadata.list_ciphers

data/lib/yasst/version.rb

@@ -1,3 +1,3 @@
 module Yasst
-  VERSION = '0.1.1'.freeze
+  VERSION = '0.2.0'.freeze
 end

data/lib/yasst/yasst_file.rb

@@ -1,7 +1,170 @@
 ##
 # Decorator pattern for File
+#
+# TODO: initialise with a provider?
+# * file encrypt state should be detected when passed through YasstFile.new -
+#   but need to add a provider to it for detection at init time
+# * possible use of destructive/non-destructive methods for optionally writing
+#   files
+# * check file open modes for destructive actions (e.g NOCREAT or something)
+# * use a module/mixin for functional stuff
+# * method for shredding files
+# * verify support for blocks
+# * helper methods and have a block that you can throw to open?
+#   (encrypt_and_shred, open_and_decrypt, read?)
 class YasstFile < File
-  def initialize(*_args)
-    raise NotImplementedError
+  attr_writer :encrypted
+
+  # if a provider does not provide a file_extension method then this is the
+  # default file extension that will be used
+  DEFAULT_ENC_FILE_EXT = 'enc'.freeze
+  CRYPTO_METHODS = [:in_memory].freeze
+
+  ##
+  # Encrypt self using a Yasst::Provider
+  # Returns a string with the path name of the encrypted file
+  def encrypt(method = :in_memory)
+    raise Yasst::Error::AlreadyEncrypted,
+          'File is already encrypted' if encrypted?
+    raise Yasst::Error::InvalidFileDestination,
+          'encrypt_to is not set' if encrypt_to.nil?
+    encrypt_using(method)
+    encrypt_to
+  end
+
+  ##
+  # Decrypt self using a Yasst::Provider
+  # Returns a string with the path name of the decrypted file
+  def decrypt(method = :in_memory)
+    raise Yasst::Error::AlreadyDecrypted,
+          'File is not encrypted' unless encrypted?
+    raise Yasst::Error::InvalidFileDestination,
+          'decrypt_to is not set' if decrypt_to.nil?
+    decrypt_using(method)
+    decrypt_to
+  end
+
+  def encrypted?
+    @encrypted ||= false
+  end
+
+  def encrypt_to
+    @encrypt_to ||= default_encrypt_to
+  end
+
+  def decrypt_to
+    @decrypt_to ||= default_decrypt_to
+  end
+
+  ##
+  # Where to write the encrypted version of the file to
+  def encrypt_to=(e_path)
+    raise Yasst::Error::InvalidFileDestination,
+          'cannot overwrite self' if e_path == path
+    @encrypt_to = e_path
+  end
+
+  ##
+  # Where to decrypt the file to
+  def decrypt_to=(d_path)
+    raise Yasst::Error::InvalidFileDestination,
+          'cannot overwrite self' if d_path == path
+    @decrypt_to = d_path
+  end
+
+  ##
+  # Setter method for provider. Also sets @encrypted where the filename matches
+  # the extension for the provider, unless it has previously been set
+  def provider=(provider)
+    @provider = provider
+    @encrypted.nil? && (matches_provider_extension? && @encrypted = true)
+  end
+
+  ##
+  # If a file matches the provider profiles file extension, it is deemed to be
+  # encrypted by default
+  # Where a provider does not support the file_extension method, the default
+  # extension is used to match against.
+  def matches_provider_extension?
+    ext = DEFAULT_ENC_FILE_EXT
+    (@provider.profile.respond_to? 'file_extension') &&
+      ext = @provider.profile.file_extension
+    path =~ /#{ext}$/
+  end
+
+  private
+
+  ##
+  # The default destination that the encrypted file will be written.
+  # This is the same as the path (i.e the parent directory of the file), if the
+  # file already has a matching extension, otherwise it is the path with the
+  # extension postfixed
+  def default_encrypt_to
+    return nil if encrypted?
+    return "#{path}.#{DEFAULT_ENC_FILE_EXT}" unless
+      @provider.profile.respond_to? 'file_extension'
+    return path if path =~ /#{@provider.profile.file_extension}$/
+    "#{path}.#{@provider.profile.file_extension}"
+  end
+
+  ##
+  # The default destination that the decrypted file will be written.
+  # This is the same as the path (i.e the parent directory of the file), if the
+  # file already has a matching extension, otherwise it is the path with
+  # encryption provider extension removed
+  def default_decrypt_to
+    return nil unless encrypted?
+    prov_ext = DEFAULT_ENC_FILE_EXT
+    (@provider.profile.respond_to? 'file_extension') &&
+      prov_ext = @provider.profile.file_extension
+    path.sub(/\.#{prov_ext}$/, '')
+  end
+
+  ##
+  # execute an encrypt method
+  def encrypt_using(method)
+    raise NotImplementedError unless
+      CRYPTO_METHODS.include? method
+    method == :in_memory && encrypt_in_memory
+  end
+
+  ##
+  # execute a decrypt method
+  def decrypt_using(method)
+    raise NotImplementedError unless
+      CRYPTO_METHODS.include? method
+    method == :in_memory && decrypt_in_memory
+  end
+
+  ##
+  # Implementation of encrypt that reads a whole file into memory as a
+  # YasstString, encrypts it and then writes out to the chosen destination
+  # ensures that self.close is called on completion (or failure)
+  def encrypt_in_memory
+    ystr = YasstString.new(read)
+    ystr.encrypt(@provider)
+    begin
+      open(encrypt_to, 'w') do |f|
+        f << ystr
+      end
+    ensure
+      close
+    end
+  end
+
+  ##
+  # Implementation of decrypt that reads a whole file into memory as a
+  # YasstString, decrypts it and then writes out to the chosen destination
+  # ensures that self.close is called on completion (or failure)
+  def decrypt_in_memory
+    ystr = YasstString.new(read, true)
+    ystr.decrypt(@provider)
+    begin
+      open(decrypt_to, 'w') do |f|
+        f << ystr
+      end
+    ensure
+      close
+    end
   end
 end

data/lib/yasst/yasst_string.rb

@@ -14,7 +14,7 @@ class YasstString < String
   # Encrypt self using a Yasst::Provider
   def encrypt(provider)
     raise Yasst::Error::AlreadyEncrypted,
-          'File is already encrypted' if encrypted?
+          'String is already encrypted' if encrypted?
     @encrypted = true
     replace(provider.encrypt(to_s))
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: yasst
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Richard Clark
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-02-11 00:00:00.000000000 Z
+date: 2016-03-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler