[CHEF-3392] JSON serialize encrypted data bags, use random IV

* Use JSON instead of YAML to serialize encrypted data bag values before encrypting. * Use a random IV for each encrypted value for resilience against some types of crypto attacks. Fixes CHEF-3480.
author: danielsdeleo <dan@opscode.com> 2012-11-14 16:06:32 -0800
committer: danielsdeleo <dan@opscode.com> 2012-11-14 16:11:06 -0800
commit: 3af82bf027f1252209469ee8218cfc947a31e5ca (patch)
tree: 65d2e07c9cf26536a424b9f71e3dd4537cd40c43 /spec/unit/knife/data_bag_create_spec.rb
parent: 1b2fba939425b0a158ec341ed76f977d1aef8489 (diff)
download: chef-3af82bf027f1252209469ee8218cfc947a31e5ca.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/spec/unit/knife/data_bag_create_spec.rb b/spec/unit/knife/data_bag_create_spec.rb
index 7d9433984f..0ac9b6f033 100644
--- a/spec/unit/knife/data_bag_create_spec.rb
+++ b/spec/unit/knife/data_bag_create_spec.rb
@@ -75,6 +75,11 @@ describe Chef::Knife::DataBagCreate do
       @knife.should_receive(:create_object).and_yield(@plain_data)
       data_bag_item = Chef::DataBagItem.from_hash(@enc_data)
       data_bag_item.data_bag("sudoing_admins")
+
+      # Random IV is used each time the data bag item is encrypted, so values
+      # will not be equal if we re-encrypt.
+      Chef::EncryptedDataBagItem.should_receive(:encrypt_data_bag_item).and_return(@enc_data)
+
       @rest.should_receive(:post_rest).with("data", {'name' => 'sudoing_admins'}).ordered
       @rest.should_receive(:post_rest).with("data/sudoing_admins", data_bag_item).ordered
author	danielsdeleo <dan@opscode.com>	2012-11-14 16:06:32 -0800
committer	danielsdeleo <dan@opscode.com>	2012-11-14 16:11:06 -0800
commit	3af82bf027f1252209469ee8218cfc947a31e5ca (patch)
tree	65d2e07c9cf26536a424b9f71e3dd4537cd40c43 /spec/unit/knife/data_bag_create_spec.rb
parent	1b2fba939425b0a158ec341ed76f977d1aef8489 (diff)
download	chef-3af82bf027f1252209469ee8218cfc947a31e5ca.tar.gz