From 642aa8b19897fbed4374a7db269beee3c7197c7f Mon Sep 17 00:00:00 2001 From: Zach Margolis Date: Fri, 27 Nov 2020 09:47:36 -0800 Subject: [PATCH] Move encrypt method onto EncryptionHelper so we can use it downstream --- source/aws-ruby-sdk/encryption_helper.rb | 13 ++++++++++++ .../spec/proof_document_mock_spec.rb | 20 ++++++++++--------- spec/lib/encryption_helper_spec.rb | 2 +- spec/support/encryption.rb | 17 +++------------- 4 files changed, 28 insertions(+), 24 deletions(-) diff --git a/source/aws-ruby-sdk/encryption_helper.rb b/source/aws-ruby-sdk/encryption_helper.rb index 97e6e93..ee8b1ac 100644 --- a/source/aws-ruby-sdk/encryption_helper.rb +++ b/source/aws-ruby-sdk/encryption_helper.rb @@ -12,5 +12,18 @@ def decrypt(data:, iv:, key:) cipher.update(data[0..-17]) + cipher.final end + + def encrypt(data:, iv:, key:) + cipher = OpenSSL::Cipher.new('aes-256-gcm') + cipher.encrypt + cipher.iv = iv + cipher.key = key + cipher.auth_data = '' + + encrypted = cipher.update(data) + cipher.final + tag = cipher.auth_tag # produces 16 bytes tag by default + + encrypted + tag + end end end diff --git a/source/proof_document_mock/spec/proof_document_mock_spec.rb b/source/proof_document_mock/spec/proof_document_mock_spec.rb index 2248db3..e0f5098 100644 --- a/source/proof_document_mock/spec/proof_document_mock_spec.rb +++ b/source/proof_document_mock/spec/proof_document_mock_spec.rb @@ -195,15 +195,17 @@ let(:selfie_image_url) { 'http://example.com/bar3' } before do - stub_request(:get, front_image_url).to_return( - body: encrypt(data: applicant_pii.to_json, key: encryption_key, iv: front_image_iv), - ) - stub_request(:get, back_image_url).to_return( - body: encrypt(data: applicant_pii.to_json, key: encryption_key, iv: back_image_iv), - ) - stub_request(:get, selfie_image_url).to_return( - body: encrypt(data: applicant_pii.to_json, key: encryption_key, iv: selfie_image_iv), - ) + encryption_helper = IdentityIdpFunctions::EncryptionHelper.new + + stub_request(:get, front_image_url).to_return(body: encryption_helper.encrypt( + data: applicant_pii.to_json, key: encryption_key, iv: front_image_iv, + )) + stub_request(:get, back_image_url).to_return(body: encryption_helper.encrypt( + data: applicant_pii.to_json, key: encryption_key, iv: back_image_iv, + )) + stub_request(:get, selfie_image_url).to_return(body: encryption_helper.encrypt( + data: applicant_pii.to_json, key: encryption_key, iv: selfie_image_iv, + )) end it 'still downloads and decrypts the content' do diff --git a/spec/lib/encryption_helper_spec.rb b/spec/lib/encryption_helper_spec.rb index a689ef2..3e6a8df 100644 --- a/spec/lib/encryption_helper_spec.rb +++ b/spec/lib/encryption_helper_spec.rb @@ -10,7 +10,7 @@ let(:plaintext) { 'the quick brown fox jumps over the lazy dog' } it 'decrypts data' do - encrypted = encrypt(data: plaintext, iv: iv, key: key) + encrypted = encryption_helper.encrypt(data: plaintext, iv: iv, key: key) expect(encryption_helper.decrypt(data: encrypted, iv: iv, key: key)).to eq(plaintext) end diff --git a/spec/support/encryption.rb b/spec/support/encryption.rb index 442fbfa..7c4b011 100644 --- a/spec/support/encryption.rb +++ b/spec/support/encryption.rb @@ -2,7 +2,9 @@ def encrypt_and_stub_s3(body:, url:, iv:, key:) prefix = URI(url).path.gsub(%r{^/}, '') @responses ||= {} - @responses[prefix] = encrypt(data: body, iv: iv, key: key) + @responses[prefix] = IdentityIdpFunctions::EncryptionHelper.new.encrypt( + data: body, iv: iv, key: key, + ) Aws.config[:s3] = { stub_responses: { @@ -12,16 +14,3 @@ def encrypt_and_stub_s3(body:, url:, iv:, key:) }, } end - -def encrypt(data:, iv:, key:) - cipher = OpenSSL::Cipher.new('aes-256-gcm') - cipher.encrypt - cipher.iv = iv - cipher.key = key - cipher.auth_data = '' - - encrypted = cipher.update(data) + cipher.final - tag = cipher.auth_tag # produces 16 bytes tag by default - - encrypted + tag -end