2017-07-09 12:06:36 +00:00
|
|
|
# frozen_string_literal: true
|
2017-07-10 13:39:13 +00:00
|
|
|
|
2016-08-06 16:03:25 +00:00
|
|
|
require "abstract_unit"
|
|
|
|
require "openssl"
|
|
|
|
require "active_support/time"
|
|
|
|
require "active_support/json"
|
2017-07-06 15:23:22 +00:00
|
|
|
require_relative "metadata/shared_metadata_tests"
|
2008-11-25 19:27:54 +00:00
|
|
|
|
2011-09-15 19:51:30 +00:00
|
|
|
class MessageEncryptorTest < ActiveSupport::TestCase
|
2011-09-15 17:15:21 +00:00
|
|
|
class JSONSerializer
|
|
|
|
def dump(value)
|
|
|
|
ActiveSupport::JSON.encode(value)
|
|
|
|
end
|
2011-11-09 21:48:56 +00:00
|
|
|
|
2011-09-15 17:15:21 +00:00
|
|
|
def load(value)
|
|
|
|
ActiveSupport::JSON.decode(value)
|
|
|
|
end
|
|
|
|
end
|
2011-11-09 21:48:56 +00:00
|
|
|
|
2008-11-25 19:27:54 +00:00
|
|
|
def setup
|
2016-05-29 18:07:22 +00:00
|
|
|
@secret = SecureRandom.random_bytes(32)
|
2016-08-06 17:38:33 +00:00
|
|
|
@verifier = ActiveSupport::MessageVerifier.new(@secret, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
|
2011-11-09 21:48:56 +00:00
|
|
|
@encryptor = ActiveSupport::MessageEncryptor.new(@secret)
|
2016-08-06 17:38:33 +00:00
|
|
|
@data = { some: "data", now: Time.local(2010) }
|
2008-11-25 19:27:54 +00:00
|
|
|
end
|
2010-08-14 05:13:00 +00:00
|
|
|
|
2008-11-25 19:27:54 +00:00
|
|
|
def test_encrypting_twice_yields_differing_cipher_text
|
2013-01-09 21:32:35 +00:00
|
|
|
first_message = @encryptor.encrypt_and_sign(@data).split("--").first
|
2011-11-09 21:48:56 +00:00
|
|
|
second_message = @encryptor.encrypt_and_sign(@data).split("--").first
|
2013-01-09 21:32:35 +00:00
|
|
|
assert_not_equal first_message, second_message
|
2008-11-25 19:27:54 +00:00
|
|
|
end
|
2010-08-14 05:13:00 +00:00
|
|
|
|
2011-11-09 21:48:56 +00:00
|
|
|
def test_messing_with_either_encrypted_values_causes_failure
|
|
|
|
text, iv = @verifier.verify(@encryptor.encrypt_and_sign(@data)).split("--")
|
2008-11-25 19:27:54 +00:00
|
|
|
assert_not_decrypted([iv, text] * "--")
|
|
|
|
assert_not_decrypted([text, munge(iv)] * "--")
|
|
|
|
assert_not_decrypted([munge(text), iv] * "--")
|
|
|
|
assert_not_decrypted([munge(text), munge(iv)] * "--")
|
|
|
|
end
|
2010-08-14 05:13:00 +00:00
|
|
|
|
2011-11-09 21:48:56 +00:00
|
|
|
def test_messing_with_verified_values_causes_failures
|
|
|
|
text, iv = @encryptor.encrypt_and_sign(@data).split("--")
|
|
|
|
assert_not_verified([iv, text] * "--")
|
|
|
|
assert_not_verified([text, munge(iv)] * "--")
|
|
|
|
assert_not_verified([munge(text), iv] * "--")
|
|
|
|
assert_not_verified([munge(text), munge(iv)] * "--")
|
|
|
|
end
|
|
|
|
|
2008-11-25 19:27:54 +00:00
|
|
|
def test_signed_round_tripping
|
|
|
|
message = @encryptor.encrypt_and_sign(@data)
|
|
|
|
assert_equal @data, @encryptor.decrypt_and_verify(message)
|
|
|
|
end
|
2011-11-09 21:48:56 +00:00
|
|
|
|
2016-07-09 11:03:43 +00:00
|
|
|
def test_backwards_compat_for_64_bytes_key
|
|
|
|
# 64 bit key
|
2016-07-09 22:51:56 +00:00
|
|
|
secret = ["3942b1bf81e622559ed509e3ff274a780784fe9e75b065866bd270438c74da822219de3156473cc27df1fd590e4baf68c95eeb537b6e4d4c5a10f41635b5597e"].pack("H*")
|
2016-07-09 11:03:43 +00:00
|
|
|
# Encryptor with 32 bit key, 64 bit secret for verifier
|
|
|
|
encryptor = ActiveSupport::MessageEncryptor.new(secret[0..31], secret)
|
|
|
|
# Message generated with 64 bit key
|
|
|
|
message = "eHdGeExnZEwvMSt3U3dKaFl1WFo0TjVvYzA0eGpjbm5WSkt5MXlsNzhpZ0ZnbWhBWFlQZTRwaXE1bVJCS2oxMDZhYVp2dVN3V0lNZUlWQ3c2eVhQbnhnVjFmeVVubmhRKzF3WnZyWHVNMDg9LS1HSisyakJVSFlPb05ISzRMaXRzcFdBPT0=--831a1d54a3cda8a0658dc668a03dedcbce13b5ca"
|
2016-07-09 22:51:56 +00:00
|
|
|
assert_equal "data", encryptor.decrypt_and_verify(message)[:some]
|
2016-07-09 11:03:43 +00:00
|
|
|
end
|
|
|
|
|
2011-09-15 12:28:53 +00:00
|
|
|
def test_alternative_serialization_method
|
2013-05-03 22:37:18 +00:00
|
|
|
prev = ActiveSupport.use_standard_json_time_format
|
|
|
|
ActiveSupport.use_standard_json_time_format = true
|
2016-08-06 17:38:33 +00:00
|
|
|
encryptor = ActiveSupport::MessageEncryptor.new(SecureRandom.random_bytes(32), SecureRandom.random_bytes(128), serializer: JSONSerializer.new)
|
2016-08-06 17:44:11 +00:00
|
|
|
message = encryptor.encrypt_and_sign(:foo => 123, "bar" => Time.utc(2010))
|
2013-11-07 15:35:49 +00:00
|
|
|
exp = { "foo" => 123, "bar" => "2010-01-01T00:00:00.000Z" }
|
2013-05-03 22:37:18 +00:00
|
|
|
assert_equal exp, encryptor.decrypt_and_verify(message)
|
|
|
|
ensure
|
|
|
|
ActiveSupport.use_standard_json_time_format = prev
|
2011-09-15 12:28:53 +00:00
|
|
|
end
|
2010-08-14 05:13:00 +00:00
|
|
|
|
2013-05-15 14:11:04 +00:00
|
|
|
def test_message_obeys_strict_encoding
|
|
|
|
bad_encoding_characters = "\n!@#"
|
2016-10-29 03:05:58 +00:00
|
|
|
message, iv = @encryptor.encrypt_and_sign("This is a very \n\nhumble string" + bad_encoding_characters)
|
2013-05-15 14:11:04 +00:00
|
|
|
|
|
|
|
assert_not_decrypted("#{::Base64.encode64 message.to_s}--#{::Base64.encode64 iv.to_s}")
|
|
|
|
assert_not_verified("#{::Base64.encode64 message.to_s}--#{::Base64.encode64 iv.to_s}")
|
|
|
|
|
|
|
|
assert_not_decrypted([iv, message] * bad_encoding_characters)
|
|
|
|
assert_not_verified([iv, message] * bad_encoding_characters)
|
|
|
|
end
|
|
|
|
|
2016-07-18 11:48:58 +00:00
|
|
|
def test_aead_mode_encryption
|
2016-08-06 16:03:25 +00:00
|
|
|
encryptor = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm")
|
2016-07-18 11:48:58 +00:00
|
|
|
message = encryptor.encrypt_and_sign(@data)
|
|
|
|
assert_equal @data, encryptor.decrypt_and_verify(message)
|
|
|
|
end
|
|
|
|
|
2017-05-15 08:45:14 +00:00
|
|
|
def test_aead_mode_with_hmac_cbc_cipher_text
|
|
|
|
encryptor = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm")
|
|
|
|
|
2017-05-15 08:55:46 +00:00
|
|
|
assert_aead_not_decrypted(encryptor, "eHdGeExnZEwvMSt3U3dKaFl1WFo0TjVvYzA0eGpjbm5WSkt5MXlsNzhpZ0ZnbWhBWFlQZTRwaXE1bVJCS2oxMDZhYVp2dVN3V0lNZUlWQ3c2eVhQbnhnVjFmeVVubmhRKzF3WnZyWHVNMDg9LS1HSisyakJVSFlPb05ISzRMaXRzcFdBPT0=--831a1d54a3cda8a0658dc668a03dedcbce13b5ca")
|
2017-05-15 08:45:14 +00:00
|
|
|
end
|
|
|
|
|
2016-07-18 11:48:58 +00:00
|
|
|
def test_messing_with_aead_values_causes_failures
|
2016-08-06 16:03:25 +00:00
|
|
|
encryptor = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm")
|
2016-07-18 11:48:58 +00:00
|
|
|
text, iv, auth_tag = encryptor.encrypt_and_sign(@data).split("--")
|
2017-05-15 08:55:46 +00:00
|
|
|
assert_aead_not_decrypted(encryptor, [iv, text, auth_tag] * "--")
|
|
|
|
assert_aead_not_decrypted(encryptor, [munge(text), iv, auth_tag] * "--")
|
|
|
|
assert_aead_not_decrypted(encryptor, [text, munge(iv), auth_tag] * "--")
|
|
|
|
assert_aead_not_decrypted(encryptor, [text, iv, munge(auth_tag)] * "--")
|
|
|
|
assert_aead_not_decrypted(encryptor, [munge(text), munge(iv), munge(auth_tag)] * "--")
|
|
|
|
assert_aead_not_decrypted(encryptor, [text, iv] * "--")
|
|
|
|
assert_aead_not_decrypted(encryptor, [text, iv, auth_tag[0..-2]] * "--")
|
2016-07-18 11:48:58 +00:00
|
|
|
end
|
|
|
|
|
2017-07-06 15:23:22 +00:00
|
|
|
def test_backwards_compatibility_decrypt_previously_encrypted_messages_without_metadata
|
|
|
|
secret = "\xB7\xF0\xBCW\xB1\x18`\xAB\xF0\x81\x10\xA4$\xF44\xEC\xA1\xDC\xC1\xDDD\xAF\xA9\xB8\x14\xCD\x18\x9A\x99 \x80)"
|
|
|
|
encryptor = ActiveSupport::MessageEncryptor.new(secret, cipher: "aes-256-gcm")
|
|
|
|
encrypted_message = "9cVnFs2O3lL9SPvIJuxBOLS51nDiBMw=--YNI5HAfHEmZ7VDpl--ddFJ6tXA0iH+XGcCgMINYQ=="
|
|
|
|
|
|
|
|
assert_equal "Ruby on Rails", encryptor.decrypt_and_verify(encrypted_message)
|
|
|
|
end
|
2011-11-09 21:48:56 +00:00
|
|
|
|
2017-09-23 21:16:21 +00:00
|
|
|
def test_with_rotated_raw_key
|
|
|
|
old_raw_key = SecureRandom.random_bytes(32)
|
|
|
|
old_encryptor = ActiveSupport::MessageEncryptor.new(old_raw_key, cipher: "aes-256-gcm")
|
|
|
|
old_message = old_encryptor.encrypt_and_sign("message encrypted with old raw key")
|
|
|
|
|
|
|
|
encryptor = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm")
|
|
|
|
encryptor.rotate raw_key: old_raw_key, cipher: "aes-256-gcm"
|
|
|
|
|
|
|
|
assert_equal "message encrypted with old raw key", encryptor.decrypt_and_verify(old_message)
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_with_rotated_secret_and_salt
|
|
|
|
old_secret, old_salt = SecureRandom.random_bytes(32), "old salt"
|
|
|
|
old_raw_key = ActiveSupport::KeyGenerator.new(old_secret, iterations: 1000).generate_key(old_salt, 32)
|
|
|
|
|
|
|
|
old_encryptor = ActiveSupport::MessageEncryptor.new(old_raw_key, cipher: "aes-256-gcm")
|
|
|
|
old_message = old_encryptor.encrypt_and_sign("message encrypted with old secret and salt")
|
|
|
|
|
|
|
|
encryptor = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm")
|
|
|
|
encryptor.rotate secret: old_secret, salt: old_salt, cipher: "aes-256-gcm"
|
|
|
|
|
|
|
|
assert_equal "message encrypted with old secret and salt", encryptor.decrypt_and_verify(old_message)
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_with_rotated_key_generator
|
|
|
|
old_key_gen, old_salt = ActiveSupport::KeyGenerator.new(SecureRandom.random_bytes(32), iterations: 256), "old salt"
|
|
|
|
|
|
|
|
old_raw_key = old_key_gen.generate_key(old_salt, 32)
|
|
|
|
old_encryptor = ActiveSupport::MessageEncryptor.new(old_raw_key, cipher: "aes-256-gcm")
|
|
|
|
old_message = old_encryptor.encrypt_and_sign("message encrypted with old key generator and salt")
|
|
|
|
|
|
|
|
encryptor = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm")
|
|
|
|
encryptor.rotate key_generator: old_key_gen, salt: old_salt, cipher: "aes-256-gcm"
|
|
|
|
|
|
|
|
assert_equal "message encrypted with old key generator and salt", encryptor.decrypt_and_verify(old_message)
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_with_rotated_aes_cbc_encryptor_with_raw_keys
|
|
|
|
old_raw_key, old_raw_signed_key = SecureRandom.random_bytes(32), SecureRandom.random_bytes(16)
|
|
|
|
|
|
|
|
old_encryptor = ActiveSupport::MessageEncryptor.new(old_raw_key, old_raw_signed_key, cipher: "aes-256-cbc", digest: "SHA1")
|
|
|
|
old_message = old_encryptor.encrypt_and_sign("message encrypted with old raw keys")
|
|
|
|
|
|
|
|
encryptor = ActiveSupport::MessageEncryptor.new(@secret)
|
|
|
|
encryptor.rotate raw_key: old_raw_key, raw_signed_key: old_raw_signed_key, cipher: "aes-256-cbc", digest: "SHA1"
|
|
|
|
|
|
|
|
assert_equal "message encrypted with old raw keys", encryptor.decrypt_and_verify(old_message)
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_with_rotated_aes_cbc_encryptor_with_secret_and_salts
|
|
|
|
old_secret, old_salt, old_signed_salt = SecureRandom.random_bytes(32), "old salt", "old signed salt"
|
|
|
|
|
|
|
|
old_key_gen = ActiveSupport::KeyGenerator.new(old_secret, iterations: 1000)
|
|
|
|
old_raw_key = old_key_gen.generate_key(old_salt, 32)
|
|
|
|
old_raw_signed_key = old_key_gen.generate_key(old_signed_salt)
|
|
|
|
|
|
|
|
old_encryptor = ActiveSupport::MessageEncryptor.new(old_raw_key, old_raw_signed_key, cipher: "aes-256-cbc", digest: "SHA1")
|
|
|
|
old_message = old_encryptor.encrypt_and_sign("message encrypted with old secret and salts")
|
|
|
|
|
|
|
|
encryptor = ActiveSupport::MessageEncryptor.new(@secret)
|
|
|
|
encryptor.rotate secret: old_secret, salt: old_salt, signed_salt: old_signed_salt, cipher: "aes-256-cbc", digest: "SHA1"
|
|
|
|
|
|
|
|
assert_equal "message encrypted with old secret and salts", encryptor.decrypt_and_verify(old_message)
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_with_rotating_multiple_encryptors
|
|
|
|
older_raw_key, older_raw_signed_key = SecureRandom.random_bytes(32), SecureRandom.random_bytes(16)
|
|
|
|
old_raw_key, old_raw_signed_key = SecureRandom.random_bytes(32), SecureRandom.random_bytes(16)
|
|
|
|
|
|
|
|
older_encryptor = ActiveSupport::MessageEncryptor.new(older_raw_key, older_raw_signed_key, cipher: "aes-256-cbc", digest: "SHA1")
|
|
|
|
older_message = older_encryptor.encrypt_and_sign("message encrypted with older raw key")
|
|
|
|
|
|
|
|
old_encryptor = ActiveSupport::MessageEncryptor.new(old_raw_key, old_raw_signed_key, cipher: "aes-256-cbc", digest: "SHA1")
|
|
|
|
old_message = old_encryptor.encrypt_and_sign("message encrypted with old raw key")
|
|
|
|
|
|
|
|
encryptor = ActiveSupport::MessageEncryptor.new(@secret)
|
|
|
|
encryptor.rotate raw_key: old_raw_key, raw_signed_key: old_raw_signed_key, cipher: "aes-256-cbc", digest: "SHA1"
|
|
|
|
encryptor.rotate raw_key: older_raw_key, raw_signed_key: older_raw_signed_key, cipher: "aes-256-cbc", digest: "SHA1"
|
|
|
|
|
|
|
|
assert_equal "encrypted message", encryptor.decrypt_and_verify(encryptor.encrypt_and_sign("encrypted message"))
|
|
|
|
assert_equal "message encrypted with old raw key", encryptor.decrypt_and_verify(old_message)
|
|
|
|
assert_equal "message encrypted with older raw key", encryptor.decrypt_and_verify(older_message)
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_on_rotation_instance_callback_is_called_and_returns_modified_messages
|
|
|
|
callback_ran, message = nil, nil
|
|
|
|
|
|
|
|
older_raw_key, older_raw_signed_key = SecureRandom.random_bytes(32), SecureRandom.random_bytes(16)
|
|
|
|
old_raw_key, old_raw_signed_key = SecureRandom.random_bytes(32), SecureRandom.random_bytes(16)
|
|
|
|
|
|
|
|
older_encryptor = ActiveSupport::MessageEncryptor.new(older_raw_key, older_raw_signed_key, cipher: "aes-256-cbc", digest: "SHA1")
|
|
|
|
older_message = older_encryptor.encrypt_and_sign(encoded: "message")
|
|
|
|
|
|
|
|
encryptor = ActiveSupport::MessageEncryptor.new(@secret)
|
|
|
|
encryptor.rotate raw_key: old_raw_key, raw_signed_key: old_raw_signed_key, cipher: "aes-256-cbc", digest: "SHA1"
|
|
|
|
encryptor.rotate raw_key: older_raw_key, raw_signed_key: older_raw_signed_key, cipher: "aes-256-cbc", digest: "SHA1"
|
|
|
|
|
|
|
|
message = encryptor.decrypt_and_verify(older_message, on_rotation: proc { callback_ran = true })
|
|
|
|
|
|
|
|
assert callback_ran, "callback was ran"
|
|
|
|
assert_equal({ encoded: "message" }, message)
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_with_rotated_metadata
|
|
|
|
old_secret, old_salt = SecureRandom.random_bytes(32), "old salt"
|
|
|
|
old_raw_key = ActiveSupport::KeyGenerator.new(old_secret, iterations: 1000).generate_key(old_salt, 32)
|
|
|
|
|
|
|
|
old_encryptor = ActiveSupport::MessageEncryptor.new(old_raw_key, cipher: "aes-256-gcm")
|
|
|
|
old_message = old_encryptor.encrypt_and_sign(
|
|
|
|
"message encrypted with old secret, salt, and metadata", purpose: "rotation")
|
|
|
|
|
|
|
|
encryptor = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm")
|
|
|
|
encryptor.rotate secret: old_secret, salt: old_salt, cipher: "aes-256-gcm"
|
|
|
|
|
|
|
|
assert_equal "message encrypted with old secret, salt, and metadata",
|
|
|
|
encryptor.decrypt_and_verify(old_message, purpose: "rotation")
|
|
|
|
end
|
|
|
|
|
2017-07-06 15:23:22 +00:00
|
|
|
private
|
2017-05-15 08:55:46 +00:00
|
|
|
def assert_aead_not_decrypted(encryptor, value)
|
|
|
|
assert_raise(ActiveSupport::MessageEncryptor::InvalidMessage) do
|
|
|
|
encryptor.decrypt_and_verify(value)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-08-06 17:55:02 +00:00
|
|
|
def assert_not_decrypted(value)
|
|
|
|
assert_raise(ActiveSupport::MessageEncryptor::InvalidMessage) do
|
|
|
|
@encryptor.decrypt_and_verify(@verifier.generate(value))
|
|
|
|
end
|
2008-11-25 19:27:54 +00:00
|
|
|
end
|
2010-08-14 05:13:00 +00:00
|
|
|
|
2016-08-06 17:55:02 +00:00
|
|
|
def assert_not_verified(value)
|
|
|
|
assert_raise(ActiveSupport::MessageVerifier::InvalidSignature) do
|
|
|
|
@encryptor.decrypt_and_verify(value)
|
|
|
|
end
|
2008-11-25 19:27:54 +00:00
|
|
|
end
|
2010-05-01 12:40:02 +00:00
|
|
|
|
2016-08-06 17:55:02 +00:00
|
|
|
def munge(base64_string)
|
|
|
|
bits = ::Base64.strict_decode64(base64_string)
|
|
|
|
bits.reverse!
|
|
|
|
::Base64.strict_encode64(bits)
|
|
|
|
end
|
2010-05-01 12:40:02 +00:00
|
|
|
end
|
2017-07-06 15:23:22 +00:00
|
|
|
|
|
|
|
class MessageEncryptorMetadataTest < ActiveSupport::TestCase
|
|
|
|
include SharedMessageMetadataTests
|
|
|
|
|
|
|
|
setup do
|
|
|
|
@secret = SecureRandom.random_bytes(32)
|
|
|
|
@encryptor = ActiveSupport::MessageEncryptor.new(@secret, encryptor_options)
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
def generate(message, **options)
|
|
|
|
@encryptor.encrypt_and_sign(message, options)
|
|
|
|
end
|
|
|
|
|
|
|
|
def parse(data, **options)
|
|
|
|
@encryptor.decrypt_and_verify(data, options)
|
|
|
|
end
|
|
|
|
|
|
|
|
def encryptor_options; end
|
|
|
|
end
|
|
|
|
|
|
|
|
class MessageEncryptorMetadataMarshalTest < MessageEncryptorMetadataTest
|
|
|
|
private
|
|
|
|
def encryptor_options
|
|
|
|
{ serializer: Marshal }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
class MessageEncryptorMetadataJSONTest < MessageEncryptorMetadataTest
|
|
|
|
private
|
|
|
|
def encryptor_options
|
|
|
|
{ serializer: MessageEncryptorTest::JSONSerializer.new }
|
|
|
|
end
|
|
|
|
end
|