Allow MessageEncryptor to take advantage of authenticated encryption modes

AEAD modes like `aes-256-gcm` provide both confidentiality and data authenticity, eliminating the need to use MessageVerifier to check if the encrypted data has been tampered with.

Signed-off-by: Jeremy Daer <jeremydaer@gmail.com>

1 files changed, 18 insertions, 0 deletions

diff --git a/activesupport/test/message_encryptor_test.rb b/activesupport/test/message_encryptor_test.rb
index a1ff4c1d3e..5dfa187f36 100644
--- a/activesupport/test/message_encryptor_test.rb
+++ b/activesupport/test/message_encryptor_test.rb
@@ -70,6 +70,24 @@ class MessageEncryptorTest < ActiveSupport::TestCase
     assert_not_verified([iv,  message] * bad_encoding_characters)
   end
 
+  def test_aead_mode_encryption
+    encryptor = ActiveSupport::MessageEncryptor.new(@secret, cipher: 'aes-256-gcm')
+    message = encryptor.encrypt_and_sign(@data)
+    assert_equal @data, encryptor.decrypt_and_verify(message)
+  end
+
+  def test_messing_with_aead_values_causes_failures
+    encryptor = ActiveSupport::MessageEncryptor.new(@secret, cipher: 'aes-256-gcm')
+    text, iv, auth_tag = encryptor.encrypt_and_sign(@data).split("--")
+    assert_not_decrypted([iv, text, auth_tag] * "--")
+    assert_not_decrypted([munge(text), iv, auth_tag] * "--")
+    assert_not_decrypted([text, munge(iv), auth_tag] * "--")
+    assert_not_decrypted([text, iv, munge(auth_tag)] * "--")
+    assert_not_decrypted([munge(text), munge(iv), munge(auth_tag)] * "--")
+    assert_not_decrypted([text, iv] * "--")
+    assert_not_decrypted([text, iv, auth_tag[0..-2]] * "--")
+  end
+
   private
 
   def assert_not_decrypted(value)