Set default cipher to aes-256-gcm (#36)

marcqualie · web-flow · commit aec75b59a910 · 2020-12-04T23:36:07.000Z
diff --git a/lib/diffcrypt/encryptor.rb b/lib/diffcrypt/encryptor.rb
@@ -12,7 +12,7 @@
 
 module Diffcrypt
   class Encryptor
-    DEFAULT_CIPHER = 'aes-128-gcm'
+    DEFAULT_CIPHER = 'aes-256-gcm'
 
     def self.generate_key(cipher = DEFAULT_CIPHER)
       SecureRandom.hex(ActiveSupport::MessageEncryptor.key_len(cipher))
diff --git a/test/diffcrypt/encryptor_test.rb b/test/diffcrypt/encryptor_test.rb
@@ -11,7 +11,13 @@ class Diffcrypt::EncryptorTest < Minitest::Test
   def test_it_includes_client_info_at_root
     content = "---\nkey: value"
     expected_pattern = /---\nclient: diffcrypt-#{Diffcrypt::VERSION}\ncipher: #{Diffcrypt::Encryptor::DEFAULT_CIPHER}\ndata:\n  key: #{ENCRYPTED_VALUE_PATTERN}\n/
-    assert_match expected_pattern, Diffcrypt::Encryptor.new(TEST_KEY).encrypt(content)
+    assert_match expected_pattern, Diffcrypt::Encryptor.new(TEST_KEY_256).encrypt(content)
+  end
+
+  def test_it_includes_cipher_when_not_default
+    content = "---\nkey: value"
+    expected_pattern = /---\nclient: diffcrypt-#{Diffcrypt::VERSION}\ncipher: aes-128-gcm\ndata:\n  key: #{ENCRYPTED_VALUE_PATTERN}\n/
+    assert_match expected_pattern, Diffcrypt::Encryptor.new(TEST_KEY_128, cipher: 'aes-128-gcm').encrypt(content)
   end
 
   def test_it_decrypts_root_values
@@ -24,7 +30,7 @@ def test_it_decrypts_root_values
       secret_key_base: secret_key_base_test
     CONTENT
 
-    assert_equal Diffcrypt::Encryptor.new(TEST_KEY).decrypt(encrypted_content), expected
+    assert_equal Diffcrypt::Encryptor.new(TEST_KEY_128, cipher: 'aes-128-gcm').decrypt(encrypted_content), expected
   end
 
   def test_it_encrypts_root_values
@@ -34,7 +40,7 @@ def test_it_encrypts_root_values
     CONTENT
     expected_pattern = /---\nsecret_key_base: #{ENCRYPTED_VALUE_PATTERN}\n/
 
-    assert_match expected_pattern, Diffcrypt::Encryptor.new(TEST_KEY).encrypt_data(content).to_yaml
+    assert_match expected_pattern, Diffcrypt::Encryptor.new(TEST_KEY_128, cipher: 'aes-128-gcm').encrypt_data(content).to_yaml
   end
 
   def test_it_decrypts_nested_structures
@@ -51,7 +57,7 @@ def test_it_decrypts_nested_structures
         access_key_id: AKIAXXX
     CONTENT
 
-    assert_equal Diffcrypt::Encryptor.new(TEST_KEY).decrypt(encrypted_content), expected
+    assert_equal Diffcrypt::Encryptor.new(TEST_KEY_128, cipher: 'aes-128-gcm').decrypt(encrypted_content), expected
   end
 
   def test_it_encrypts_nested_structures
@@ -63,7 +69,7 @@ def test_it_encrypts_nested_structures
     CONTENT
     expected_pattern = /---\nsecret_key_base: #{ENCRYPTED_VALUE_PATTERN}\naws:\n  access_key_id: #{ENCRYPTED_VALUE_PATTERN}\n/
 
-    assert_match expected_pattern, Diffcrypt::Encryptor.new(TEST_KEY).encrypt_data(content).to_yaml
+    assert_match expected_pattern, Diffcrypt::Encryptor.new(TEST_KEY_128, cipher: 'aes-128-gcm').encrypt_data(content).to_yaml
   end
 
   # Verifies that a change to one key does not cause the encrypted values for other keys to be recomputed
@@ -73,14 +79,14 @@ def test_it_only_updates_changed_values
     updated_content = "---\nsecret_key_base_1: secret_key_base_test\naws:\n  secret_access_key: secret_access_key_2"
     expected_pattern = /---\nsecret_key_base_1: 88Ry6HESUoXBr6QUFXmni9zzfCIYt9qGNFvIWFcN--4xoecI5mqbNRBibI--62qPJbkzzh5h8lhFEFOSaQ==\naws:\n  secret_access_key: #{ENCRYPTED_VALUE_PATTERN}\n/
 
-    assert_match expected_pattern, Diffcrypt::Encryptor.new(TEST_KEY).encrypt_data(updated_content, original_encrypted_content).to_yaml
+    assert_match expected_pattern, Diffcrypt::Encryptor.new(TEST_KEY_128, cipher: 'aes-128-gcm').encrypt_data(updated_content, original_encrypted_content).to_yaml
   end
 
   def test_it_assumes_changed_when_no_original_value
     original_encrypted_content = "---\ndata:\n  secret_key_base_1: 88Ry6HESUoXBr6QUFXmni9zzfCIYt9qGNFvIWFcN--4xoecI5mqbNRBibI--62qPJbkzzh5h8lhFEFOSaQ==\n"
     updated_content = "---\nsecret_key_base_1: secret_key_base_test\naws:\n  access_key_id: new_value\n"
     expected_pattern = /---\nsecret_key_base_1: 88Ry6HESUoXBr6QUFXmni9zzfCIYt9qGNFvIWFcN--4xoecI5mqbNRBibI--62qPJbkzzh5h8lhFEFOSaQ==\naws:\n  access_key_id: #{ENCRYPTED_VALUE_PATTERN}\n/
 
-    assert_match expected_pattern, Diffcrypt::Encryptor.new(TEST_KEY).encrypt_data(updated_content, original_encrypted_content).to_yaml
+    assert_match expected_pattern, Diffcrypt::Encryptor.new(TEST_KEY_128, cipher: 'aes-128-gcm').encrypt_data(updated_content, original_encrypted_content).to_yaml
   end
 end
diff --git a/test/test_helper.rb b/test/test_helper.rb
@@ -21,6 +21,7 @@
 #
 # @example Generate an expected value for tests
 #   Diffcrypt::Encryptor.new('99e1f86b9e61f24c56ff4108dd415091').encrypt_string('some value here')
-TEST_KEY = ::File.read("#{__dir__}/fixtures/aes-128-gcm.key").strip
+TEST_KEY_128 = ::File.read("#{__dir__}/fixtures/aes-128-gcm.key").strip
+TEST_KEY_256 = ::File.read("#{__dir__}/fixtures/aes-256-gcm.key").strip
 
 require 'minitest/autorun'

Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,7 @@`
`21`	`21`	`#`
`22`	`22`	`# @example Generate an expected value for tests`
`23`	`23`	`# Diffcrypt::Encryptor.new('99e1f86b9e61f24c56ff4108dd415091').encrypt_string('some value here')`
`24`		`-TEST_KEY = ::File.read("#{__dir__}/fixtures/aes-128-gcm.key").strip`
	`24`	`+TEST_KEY_128 = ::File.read("#{__dir__}/fixtures/aes-128-gcm.key").strip`
	`25`	`+TEST_KEY_256 = ::File.read("#{__dir__}/fixtures/aes-256-gcm.key").strip`
`25`	`26`
`26`	`27`	`require 'minitest/autorun'`