File: compatibility_test.rb

package info (click to toggle)
ruby-encryptor 3.0.0-2
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid
  • size: 200 kB
  • sloc: ruby: 450; makefile: 4
file content (122 lines) | stat: -rw-r--r-- 3,869 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
require File.expand_path('../test_helper', __FILE__)

# Test ensures that values stored by previous versions of the gem will
# roundtrip and decrypt correctly in this and future versions. This is important
# for data stored in databases and allows consumers of the gem to upgrade with
# confidence in the future.
#
class CompatibilityTest < Minitest::Test
  ALGORITHM = 'aes-256-cbc'

  def self.base64_encode(value)
    [value].pack('m').strip
  end

  def self.base64_decode(value)
    value.unpack('m').first
  end

  if OpenSSL::Cipher.ciphers.include?(ALGORITHM)
    def test_encrypt_with_iv
      key = Digest::SHA256.hexdigest('my-fixed-key')
      iv = Digest::SHA256.hexdigest('my-fixed-iv')
      result = Encryptor.encrypt(
        algorithm: ALGORITHM,
        value: 'my-fixed-input',
        key: key,
        iv: iv,
        insecure_mode: true
      )
      assert_equal 'nGuyGniksFXnMYj/eCxXKQ==', self.class.base64_encode(result)
    end

    def test_encrypt_without_iv
      key = Digest::SHA256.hexdigest('my-fixed-key')
      result = Encryptor.encrypt(
        algorithm: ALGORITHM,
        value: 'my-fixed-input',
        key: key,
        insecure_mode: true
      )
      assert_equal 'XbwHRMFWqR5M80kgwRcEEg==', self.class.base64_encode(result)
    end

    def test_decrypt_with_iv
      key = Digest::SHA256.hexdigest('my-fixed-key')
      iv = Digest::SHA256.hexdigest('my-fixed-iv')
      result = Encryptor.decrypt(
        algorithm: ALGORITHM,
        value: self.class.base64_decode('nGuyGniksFXnMYj/eCxXKQ=='),
        key: key,
        iv: iv,
        insecure_mode: true
      )
      assert_equal 'my-fixed-input', result
    end

    def test_decrypt_without_iv
      key = Digest::SHA256.hexdigest('my-fixed-key')
      result = Encryptor.decrypt(
        algorithm: ALGORITHM,
        value: self.class.base64_decode('XbwHRMFWqR5M80kgwRcEEg=='),
        key: key,
        insecure_mode: true
      )
      assert_equal 'my-fixed-input', result
    end

    def test_encrypt_with_iv_and_salt
      key = Digest::SHA256.hexdigest('my-fixed-key')
      iv = Digest::SHA256.hexdigest('my-fixed-iv')
      salt = 'my-fixed-salt'
      result = Encryptor.encrypt(
        algorithm: ALGORITHM,
        value: 'my-fixed-input',
        key: key,
        iv: iv,
        salt: salt
      )
      assert_equal 'DENuQSh9b0eW8GN3YLzLGw==', self.class.base64_encode(result)
    end

    def test_decrypt_with_iv_and_salt
      key = Digest::SHA256.hexdigest('my-fixed-key')
      iv = Digest::SHA256.hexdigest('my-fixed-iv')
      salt = 'my-fixed-salt'
      result = Encryptor.decrypt(
        algorithm: ALGORITHM,
        value: self.class.base64_decode('DENuQSh9b0eW8GN3YLzLGw=='),
        key: key,
        iv: iv,
        salt: salt
      )
      assert_equal 'my-fixed-input', result
    end
  end

  def test_ciphertext_encrypted_with_v2_decrypts_with_v2_gcm_iv_option
    result = Encryptor.decrypt(@decoded_options)
    assert_equal @decoded_options[:plaintext], result
  end

  def test_ciphertext_encrypted_with_v2_does_not_decrypt_without_v2_gcm_iv_option
    assert_raises OpenSSL::Cipher::CipherError do
      @decoded_options.delete(:v2_gcm_iv)
      Encryptor.decrypt(@decoded_options)
    end
  end

  def setup
    encoded_v2_options = {
      plaintext: "9H/D+Sm9qMAHHsmWvEu7LGutbEspL6akB1Qb7pLtH0+YOvB9YhZxVuIpugv9\nB8PXrYFnxO+bSvspPgp4KFm4bA==\n",
      value: "JR44j1NhT9WOR9SH1n6xYJMcjcGagbsYtnTtGZIe+BSavKZBR8gOtgAFJSTs\nwqtIhr28O8SC7uQepdEctnclahtNf9Nh1j/Wc76Fxlb81KI=\n",
      key: "AquHbz6lrUKowAns+qRdwnfEupSbViADKuBMTe7DUpQ=\n",
      iv: "YFQ4l87YMy/qQNc10AvmtQ==\n",
      salt: "qy3crVknWZpYEjxr89IHUg==\n",
    }

    @decoded_options = { algorithm: 'aes-256-gcm' , v2_gcm_iv: true }
    encoded_v2_options.each_with_object(@decoded_options) { |(k, v), memo| memo[k] = v.unpack("m").first }
  end
end