Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Default Message Encryptor Cipher to AES-256-GCM From AES-256-CBC #29263

Merged
merged 1 commit into from Jun 11, 2017
Merged
Changes from all commits
Commits
File filter...
Filter file types
Jump to…
Jump to file or symbol
Failed to load files and symbols.
+30 −5
Diff settings

Always

Just for now

@@ -630,7 +630,7 @@ def initialize(parent_jar)
secret = key_generator.generate_key(request.encrypted_cookie_salt || "")[0, ActiveSupport::MessageEncryptor.key_len]
sign_secret = key_generator.generate_key(request.encrypted_signed_cookie_salt || "")

@legacy_encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, digest: digest, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
@legacy_encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, cipher: "aes-256-cbc", digest: digest, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
end

def decrypt_and_verify_legacy_encrypted_message(name, signed_message)
@@ -19,7 +19,17 @@ module ActiveSupport
# encrypted_data = crypt.encrypt_and_sign('my secret data') # => "NlFBTTMwOUV5UlA1QlNEN2xkY2d6eThYWWh..."
# crypt.decrypt_and_verify(encrypted_data) # => "my secret data"
class MessageEncryptor
DEFAULT_CIPHER = "aes-256-cbc"
class << self
attr_accessor :use_authenticated_message_encryption #:nodoc:

def default_cipher #:nodoc:
if use_authenticated_message_encryption
"aes-256-gcm"
else
"aes-256-cbc"
end
end
end

module NullSerializer #:nodoc:
def self.load(value)
@@ -45,7 +55,7 @@ class InvalidMessage < StandardError; end
OpenSSLCipherError = OpenSSL::Cipher::CipherError

# Initialize a new MessageEncryptor. +secret+ must be at least as long as
# the cipher key size. For the default 'aes-256-cbc' cipher, this is 256
# the cipher key size. For the default 'aes-256-gcm' cipher, this is 256
# bits. If you are using a user-entered secret, you can generate a suitable
# key by using <tt>ActiveSupport::KeyGenerator</tt> or a similar key
# derivation function.
@@ -66,7 +76,7 @@ def initialize(secret, *signature_key_or_options)
sign_secret = signature_key_or_options.first
@secret = secret
@sign_secret = sign_secret
@cipher = options[:cipher] || DEFAULT_CIPHER
@cipher = options[:cipher] || self.class.default_cipher
@digest = options[:digest] || "SHA1" unless aead_mode?
@verifier = resolve_verifier
@serializer = options[:serializer] || Marshal
@@ -85,7 +95,7 @@ def decrypt_and_verify(value)
end

# Given a cipher, returns the key length of the cipher to help generate the key of desired size
def self.key_len(cipher = DEFAULT_CIPHER)
def self.key_len(cipher = default_cipher)
OpenSSL::Cipher.new(cipher).key_len
end

@@ -7,6 +7,13 @@ class Railtie < Rails::Railtie # :nodoc:

config.eager_load_namespaces << ActiveSupport

initializer "active_support.set_authenticated_message_encryption" do |app|
if app.config.active_support.respond_to?(:use_authenticated_message_encryption)
ActiveSupport::MessageEncryptor.use_authenticated_message_encryption =
app.config.active_support.use_authenticated_message_encryption
end
end

initializer "active_support.reset_all_current_attributes_instances" do |app|
app.reloader.before_class_unload { ActiveSupport::CurrentAttributes.clear_all }
app.executor.to_run { ActiveSupport::CurrentAttributes.reset_all }
@@ -92,6 +92,10 @@ def load_defaults(target_version)
action_dispatch.use_authenticated_cookie_encryption = true
end

if respond_to?(:active_support)
active_support.use_authenticated_message_encryption = true
end

else
raise "Unknown version #{target_version.to_s.inspect}"
end
@@ -13,3 +13,7 @@
# Use AES 256 GCM authenticated encryption for encrypted cookies.
# Existing cookies will be converted on read then written with the new scheme.
# Rails.application.config.action_dispatch.use_authenticated_cookie_encryption = true

This comment has been minimized.

Copy link
@kaspth

kaspth Jun 6, 2017

Member

Ideally, we should be able to remove this config and use the below one to infer it. But that's for another time.

cc @mikeycgto


# Use AES-256-GCM authenticated encryption as default cipher for encrypting messages
# instead of AES-256-CBC, when use_authenticated_message_encryption is set to true.
# Rails.application.config.active_support.use_authenticated_message_encryption = true
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.