1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
require File.expand_path('../test_helper', __FILE__)
# Test ensures that values stored by previous versions of the gem will
# roundtrip and decrypt correctly in this and future versions. This is important
# for data stored in databases and allows consumers of the gem to upgrade with
# confidence in the future.
#
class CompatibilityTest < Minitest::Test
ALGORITHM = 'aes-256-cbc'
def self.base64_encode(value)
[value].pack('m').strip
end
def self.base64_decode(value)
value.unpack('m').first
end
if OpenSSL::Cipher.ciphers.include?(ALGORITHM)
def test_encrypt_with_iv
key = Digest::SHA256.hexdigest('my-fixed-key')
iv = Digest::SHA256.hexdigest('my-fixed-iv')
result = Encryptor.encrypt(
algorithm: ALGORITHM,
value: 'my-fixed-input',
key: key,
iv: iv,
insecure_mode: true
)
assert_equal 'nGuyGniksFXnMYj/eCxXKQ==', self.class.base64_encode(result)
end
def test_encrypt_without_iv
key = Digest::SHA256.hexdigest('my-fixed-key')
result = Encryptor.encrypt(
algorithm: ALGORITHM,
value: 'my-fixed-input',
key: key,
insecure_mode: true
)
assert_equal 'XbwHRMFWqR5M80kgwRcEEg==', self.class.base64_encode(result)
end
def test_decrypt_with_iv
key = Digest::SHA256.hexdigest('my-fixed-key')
iv = Digest::SHA256.hexdigest('my-fixed-iv')
result = Encryptor.decrypt(
algorithm: ALGORITHM,
value: self.class.base64_decode('nGuyGniksFXnMYj/eCxXKQ=='),
key: key,
iv: iv,
insecure_mode: true
)
assert_equal 'my-fixed-input', result
end
def test_decrypt_without_iv
key = Digest::SHA256.hexdigest('my-fixed-key')
result = Encryptor.decrypt(
algorithm: ALGORITHM,
value: self.class.base64_decode('XbwHRMFWqR5M80kgwRcEEg=='),
key: key,
insecure_mode: true
)
assert_equal 'my-fixed-input', result
end
def test_encrypt_with_iv_and_salt
key = Digest::SHA256.hexdigest('my-fixed-key')
iv = Digest::SHA256.hexdigest('my-fixed-iv')
salt = 'my-fixed-salt'
result = Encryptor.encrypt(
algorithm: ALGORITHM,
value: 'my-fixed-input',
key: key,
iv: iv,
salt: salt
)
assert_equal 'DENuQSh9b0eW8GN3YLzLGw==', self.class.base64_encode(result)
end
def test_decrypt_with_iv_and_salt
key = Digest::SHA256.hexdigest('my-fixed-key')
iv = Digest::SHA256.hexdigest('my-fixed-iv')
salt = 'my-fixed-salt'
result = Encryptor.decrypt(
algorithm: ALGORITHM,
value: self.class.base64_decode('DENuQSh9b0eW8GN3YLzLGw=='),
key: key,
iv: iv,
salt: salt
)
assert_equal 'my-fixed-input', result
end
end
def test_ciphertext_encrypted_with_v2_decrypts_with_v2_gcm_iv_option
result = Encryptor.decrypt(@decoded_options)
assert_equal @decoded_options[:plaintext], result
end
def test_ciphertext_encrypted_with_v2_does_not_decrypt_without_v2_gcm_iv_option
assert_raises OpenSSL::Cipher::CipherError do
@decoded_options.delete(:v2_gcm_iv)
Encryptor.decrypt(@decoded_options)
end
end
def setup
encoded_v2_options = {
plaintext: "9H/D+Sm9qMAHHsmWvEu7LGutbEspL6akB1Qb7pLtH0+YOvB9YhZxVuIpugv9\nB8PXrYFnxO+bSvspPgp4KFm4bA==\n",
value: "JR44j1NhT9WOR9SH1n6xYJMcjcGagbsYtnTtGZIe+BSavKZBR8gOtgAFJSTs\nwqtIhr28O8SC7uQepdEctnclahtNf9Nh1j/Wc76Fxlb81KI=\n",
key: "AquHbz6lrUKowAns+qRdwnfEupSbViADKuBMTe7DUpQ=\n",
iv: "YFQ4l87YMy/qQNc10AvmtQ==\n",
salt: "qy3crVknWZpYEjxr89IHUg==\n",
}
@decoded_options = { algorithm: 'aes-256-gcm' , v2_gcm_iv: true }
encoded_v2_options.each_with_object(@decoded_options) { |(k, v), memo| memo[k] = v.unpack("m").first }
end
end
|
