Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

per_attribute_iv is ignoring the iv for -gcm algorithms #203

Closed
trak3r opened this issue Mar 25, 2016 · 5 comments
Closed

per_attribute_iv is ignoring the iv for -gcm algorithms #203

trak3r opened this issue Mar 25, 2016 · 5 comments

Comments

@trak3r
Copy link

trak3r commented Mar 25, 2016

attr_encrypted (2.0.0)

The same data encrypted with per_attribute_iv and different iv should produce different results.

require 'test_helper'

class Customer
  extend AttrEncrypted

  attr_encrypted :email,
    mode:        :per_attribute_iv,
    algorithm:   'aes-256-gcm',
    key:         'MyYBGxPZhjJaPTMtxE8muP9bBNxmRpkc'
end

class CustomerTest < ActiveSupport::TestCase
  test "two matching emails should NOT encrypt into the same string" do
    email = 'thing@thing.com'

    customer1 = Customer.new
    customer1.email = email

    customer2 = Customer.new
    customer2.email = email

    assert_not_nil   customer1.encrypted_email_iv
    assert_not_equal customer1.encrypted_email_iv, customer2.encrypted_email_iv,
      "Two different customers should NOT have received the same IV"

    assert_not_nil   customer1.encrypted_email
    assert_not_equal customer1.encrypted_email,    customer2.encrypted_email,
      "Two matching emails should NOT have encrypted into the same string"
  end
end

Failure:
CustomerTest#test_two_matching_emails_should_NOT_encrypt_into_the_same_string [/Users/.../test/models/customer_test.rb:27]
Minitest::Assertion: Two matching emails should NOT have encrypted into the same string.
Expected "\xC5\x96\xB9]b\xF9\f\xC9\xDD\n\xB8\xF0\x8C\xD0\x00\xB7\x9Eu\x12\xA7\x94+\xEB\x883\xC8\xCC\xCC\x18\xA0A" to not be equal to "\xC5\x96\xB9]b\xF9\f\xC9\xDD\n\xB8\xF0\x8C\xD0\x00\xB7\x9Eu\x12\xA7\x94+\xEB\x883\xC8\xCC\xCC\x18\xA0A".
@trak3r trak3r mentioned this issue Mar 25, 2016
Merged
@trak3r
Copy link
Author

trak3r commented Mar 25, 2016

looks like this bug stems from the Encryptor gem attr-encrypted/encryptor#22

@trak3r trak3r closed this as completed Mar 25, 2016
@trak3r
Copy link
Author

trak3r commented Mar 28, 2016

This was fixed in the Encryptor gem and they did a major version increase (link above). Please update the dependencies and you should probably put a nice big warning on the README explaining what happened.

@trak3r trak3r reopened this Mar 28, 2016
@trak3r trak3r changed the title per_attribute_iv is ignoring the iv per_attribute_iv is ignoring the iv for -gcm algorithms Mar 28, 2016
@saghaulor
Copy link
Contributor

@trak3r Thanks for re-opening this. I'm working on bumping attr_encrypted to v3 but I've hit a speed bump because the bug in Encryptor v2 incorrectly caused a few tests in attr_encrypted to pass. So I'm trying to work fix those issues and as soon as I have everything working again I'll push attr_encrypted v3.

Specifically, the new AR dirty methods aren't working correctly and there were a few failures related to incorrect test setup. Most of it has been resolved but I'm having trouble getting `"#{attribute}_changed?" working.

Thank you for your patience.

@saghaulor saghaulor mentioned this issue Mar 30, 2016
Merged
@saghaulor
Copy link
Contributor

Please use https://github.com/attr-encrypted/attr_encrypted/tree/3.0.0

@trak3r
Copy link
Author

trak3r commented Mar 30, 2016

Thank you for everything.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@trak3r @saghaulor