rails--rails/activesupport/lib/active_support/key_generator.rb

# frozen_string_literal: true

require "concurrent/map"
require "openssl"

module ActiveSupport
  # KeyGenerator is a simple wrapper around OpenSSL's implementation of PBKDF2.
  # It can be used to derive a number of keys for various purposes from a given secret.
  # This lets Rails applications have a single secure secret, but avoid reusing that
  # key in multiple incompatible contexts.
  class KeyGenerator
    def initialize(secret, options = {})
      @secret = secret
      # The default iterations are higher than required for our key derivation uses
      # on the off chance someone uses this for password storage
      @iterations = options[:iterations] || 2**16
    end

    # Returns a derived key suitable for use.  The default key_size is chosen
    # to be compatible with the default settings of ActiveSupport::MessageVerifier.
    # i.e. OpenSSL::Digest::SHA1#block_length
    def generate_key(salt, key_size = 64)
      OpenSSL::PKCS5.pbkdf2_hmac_sha1(@secret, salt, @iterations, key_size)
    end
  end

  # CachingKeyGenerator is a wrapper around KeyGenerator which allows users to avoid
  # re-executing the key generation process when it's called using the same salt and
  # key_size.
  class CachingKeyGenerator
    def initialize(key_generator)
      @key_generator = key_generator
      @cache_keys = Concurrent::Map.new
    end

    # Returns a derived key suitable for use.
    def generate_key(*args)
      @cache_keys[args.join] ||= @key_generator.generate_key(*args)
    end
  end
end
Use frozen-string-literal in ActiveSupport 2017-07-09 08:06:36 -04:00			`# frozen_string_literal: true`
[Active Support] `rubocop -a --only Layout/EmptyLineAfterMagicComment` 2017-07-10 09:39:13 -04:00
applies new string literal convention in activesupport/lib The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 11:58:50 -04:00			`require "concurrent/map"`
			`require "openssl"`
Add ActiveSupport::KeyGenerator as a simple wrapper around PBKDF2 This will be used to derive keys from the secret and a salt, in order to allow us to do things like encrypted cookie stores without using the secret for multiple purposes directly. 2012-07-03 20:37:31 -04:00
			`module ActiveSupport`
Add missing punctuation mark in `ActiveSupport` docs [ci skip] It improves readability of docs 2015-10-11 03:33:57 -04:00			`# KeyGenerator is a simple wrapper around OpenSSL's implementation of PBKDF2.`
Add ActiveSupport::KeyGenerator as a simple wrapper around PBKDF2 This will be used to derive keys from the secret and a salt, in order to allow us to do things like encrypted cookie stores without using the secret for multiple purposes directly. 2012-07-03 20:37:31 -04:00			`# It can be used to derive a number of keys for various purposes from a given secret.`
rails -> Rails [ci skip] 2013-05-09 07:57:08 -04:00			`# This lets Rails applications have a single secure secret, but avoid reusing that`
Add ActiveSupport::KeyGenerator as a simple wrapper around PBKDF2 This will be used to derive keys from the secret and a salt, in order to allow us to do things like encrypted cookie stores without using the secret for multiple purposes directly. 2012-07-03 20:37:31 -04:00			`# key in multiple incompatible contexts.`
			`class KeyGenerator`
			`def initialize(secret, options = {})`
			`@secret = secret`
			`# The default iterations are higher than required for our key derivation uses`
			`# on the off chance someone uses this for password storage`
			`@iterations = options[:iterations] \|\| 2**16`
			`end`

			`# Returns a derived key suitable for use. The default key_size is chosen`
Partially revert #25192 KeyGenerator is used in other contexts, and we cannot change its output... even if it does accidentally default to generating excess key material for our primary internal usage. 2016-06-30 11:31:45 -04:00			`# to be compatible with the default settings of ActiveSupport::MessageVerifier.`
			`# i.e. OpenSSL::Digest::SHA1#block_length`
Add more rubocop rules about whitespaces 2016-10-28 23:05:58 -04:00			`def generate_key(salt, key_size = 64)`
Add ActiveSupport::KeyGenerator as a simple wrapper around PBKDF2 This will be used to derive keys from the secret and a salt, in order to allow us to do things like encrypted cookie stores without using the secret for multiple purposes directly. 2012-07-03 20:37:31 -04:00			`OpenSSL::PKCS5.pbkdf2_hmac_sha1(@secret, salt, @iterations, key_size)`
			`end`
			`end`
Sign cookies using key deriver 2012-10-30 23:06:46 -04:00
Add docs for CachingKeyGenerator 2012-11-15 20:06:44 -05:00			`# CachingKeyGenerator is a wrapper around KeyGenerator which allows users to avoid`
			`# re-executing the key generation process when it's called using the same salt and`
Add missing punctuation mark in `ActiveSupport` docs [ci skip] It improves readability of docs 2015-10-11 03:33:57 -04:00			`# key_size.`
Cache generated keys per KeyGenerator instance using salt + key_size 2012-11-01 18:23:21 -04:00			`class CachingKeyGenerator`
			`def initialize(key_generator)`
			`@key_generator = key_generator`
Replaced `ThreadSafe::Map` with successor `Concurrent::Map`. The thread_safe gem is being deprecated and all its code has been merged into the concurrent-ruby gem. The new class, Concurrent::Map, is exactly the same as its predecessor except for fixes to two bugs discovered during the merge. 2015-09-19 09:56:26 -04:00			`@cache_keys = Concurrent::Map.new`
Cache generated keys per KeyGenerator instance using salt + key_size 2012-11-01 18:23:21 -04:00			`end`

Partially revert #25192 KeyGenerator is used in other contexts, and we cannot change its output... even if it does accidentally default to generating excess key material for our primary internal usage. 2016-06-30 11:31:45 -04:00			`# Returns a derived key suitable for use.`
			`def generate_key(*args)`
			`@cache_keys[args.join] \|\|= @key_generator.generate_key(*args)`
Cache generated keys per KeyGenerator instance using salt + key_size 2012-11-01 18:23:21 -04:00			`end`
			`end`
Add ActiveSupport::KeyGenerator as a simple wrapper around PBKDF2 This will be used to derive keys from the secret and a salt, in order to allow us to do things like encrypted cookie stores without using the secret for multiple purposes directly. 2012-07-03 20:37:31 -04:00			`end`