spec/symmetric_spec.rb in slosilo-1.1.0 vs spec/symmetric_spec.rb in slosilo-2.0.0

- old
+ new

@@ -1,37 +1,59 @@ require 'spec_helper' describe Slosilo::Symmetric do # TODO transform it to class methods only? let(:plaintext) { "quick brown fox jumped over the lazy dog" } + let(:auth_data) { "some record id" } let(:key) { "^\xBAIv\xDB1\x0Fi\x04\x11\xFD\x14\xA7\xCD\xDFf\x93\xFE\x93}\v\x01\x11\x98\x14\xE0;\xC1\xE2 v\xA5".force_encoding("ASCII-8BIT") } - let(:iv) { "\xA1\xFA#z\x16\x80R\xCC|\x0Fyc\xB7j\x17\xED".force_encoding("ASCII-8BIT") } - let(:ciphertext) { "\xA1\xFA#z\x16\x80R\xCC|\x0Fyc\xB7j\x17\xED\x15\xC9r\xC9\xEE\xB9\xBC5\xB7\ni\x0F\f\xC8X\x80 h\a\xF4\xA6\xE3\x15\x9D\xF1-\xE5\bs\xF6\x02Z\x0F\xCD|S\x1A\xAA\x9At\xEFT\x17\xA5lT\x8C\xF3".force_encoding("ASCII-8BIT") } + let(:iv) { "\xD9\xABn\x01b\xFA\xBD\xC2\xE5\xEA\x01\xAC".force_encoding("ASCII-8BIT") } + let(:ciphertext) { "G^W1\x9C\xD4\xCC\x87\xD3\xFF\x86[\x0E3\xC0\xC8^\xD9\xABn\x01b\xFA\xBD\xC2\xE5\xEA\x01\xAC\x9E\xB9:\xF7\xD4ebeq\xDC \xC0sG\xA4\xAE,\xB8A|\x97\xBC\xFD\x85\xE1\xB93\x95>\xBD\n\x05\xFB\x15\x1F\x06#3M9".force_encoding('ASCII-8BIT') } + describe '#encrypt' do - it "encrypts with AES-256-CBC" do + it "encrypts with AES-256-GCM" do allow(subject).to receive_messages random_iv: iv - expect(subject.encrypt(plaintext, key: key)).to eq(ciphertext) + expect(subject.encrypt(plaintext, key: key, aad: auth_data)).to eq(ciphertext) end end describe '#decrypt' do - it "decrypts with AES-256-CBC" do - expect(subject.decrypt(ciphertext, key: key)).to eq(plaintext) + it "decrypts with AES-256-GCM" do + expect(subject.decrypt(ciphertext, key: key, aad: auth_data)).to eq(plaintext) end - - context "when ciphertext happens to end in a zero" do - let(:ciphertext) { "\x7F\xD6\xEAb\xE56\a\xD3\xC5\xF2J\n\x8C\x8Fg\xB7-\\\x8A\fh\x18\xC8\x91\xB9 \x97\xC9\x12\xE6\xA6\xAE\xB1I\x1E\x80\xAB\xD8\xDC\xBD\xB6\xCD\x9A\xA3MH\xA8\xB0\xC7\xDA\x87\xA7c\xD75,\xD2A\xB8\x9E\xE3o\x04\x00" } - let(:key) { "4pSuk1rAQyuHA5uUYaj0X0BsiPCFb9Nc8J03XA6V5/Y" } - it "works correctly" do - expect(subject.decrypt(ciphertext, key: key)).to eq("R6KNTQ4aUivojbaqhgAqj1I4PaF8h/5/YcENy4uNbfk=") + + + context "when the ciphertext has been messed with" do + let(:ciphertext) { "pwnd!" } # maybe we should do something more realistic like add some padding? + it "raises an exception" do + expect{ subject.decrypt(ciphertext, key: key, aad: auth_data)}.to raise_exception end + context "by adding a trailing 0" do + let(:new_ciphertext){ ciphertext + '\0' } + it "raises an exception" do + expect{ subject.decrypt(new_ciphertext, key: key, aad: auth_data) }.to raise_exception + end + end end - context "when the iv ends in space" do - let(:ciphertext) { "\xC0\xDA#\xE9\xE1\xFD\xEDJ\xADs4P\xA9\xD6\x92 \xF7\xF8_M\xF6\x16\xC2i$\x8BT^\b\xA1\xB2L&\xE9\x80\x02[]6i\x9B\xD3\xC3\xED\xA9\xD1\x94\xE8\x15\xFD\xDA\xFEUj\xC5upH*\xBF\x82\x15le" } - let(:key) { "4pSuk1rAQyuHA5uUYaj0X0BsiPCFb9Nc8J03XA6V5/Y" } - it "works correctly" do - expect(subject.decrypt(ciphertext, key: key)).to eq("zGptmL3vd4obi1vqSiWHt/Ias2k+6qDtuq9vdow8jNA=") + context "when no auth_data is given" do + let(:auth_data){""} + let(:ciphertext){ "Gm\xDAT\xE8I\x9F\xB7\xDC\xBB\x84\xD3Q#\x1F\xF4\x8C\aV\x93\x8F_\xC7\xBC87\xC9U\xF1\xAF\x8A\xD62\x1C5H\x86\x17\x19=B~Y*\xBC\x9D\eJeTx\x1F\x02l\t\t\xD3e\xA4\x11\x13y*\x95\x9F\xCD\xC4@\x9C"} + + it "decrypts the message" do + expect(subject.decrypt(ciphertext, key: key, aad: auth_data)).to eq(plaintext) + end + + context "and the ciphertext has been messed with" do + it "raises an exception" do + expect{ subject.decrypt(ciphertext + "\0\0\0", key: key, aad: auth_data)}.to raise_exception + end + end + end + + context "when the auth data doesn't match" do + let(:auth_data){ "asdf" } + it "raises an exception" do + expect{ subject.decrypt(ciphertext, key: key, aad: auth_data)}.to raise_exception end end end describe '#random_iv' do