1
0

CryptTest.php 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Björn Schießle <bjoern@schiessle.org>
  6. * @author Joas Schilling <coding@schilljs.com>
  7. * @author Lukas Reschke <lukas@statuscode.ch>
  8. *
  9. * @license AGPL-3.0
  10. *
  11. * This code is free software: you can redistribute it and/or modify
  12. * it under the terms of the GNU Affero General Public License, version 3,
  13. * as published by the Free Software Foundation.
  14. *
  15. * This program is distributed in the hope that it will be useful,
  16. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18. * GNU Affero General Public License for more details.
  19. *
  20. * You should have received a copy of the GNU Affero General Public License, version 3,
  21. * along with this program. If not, see <http://www.gnu.org/licenses/>
  22. *
  23. */
  24. namespace OCA\Encryption\Tests\Crypto;
  25. use OCA\Encryption\Crypto\Crypt;
  26. use OCP\IL10N;
  27. use Test\TestCase;
  28. class CryptTest extends TestCase {
  29. /** @var \OCP\ILogger|\PHPUnit_Framework_MockObject_MockObject */
  30. private $logger;
  31. /** @var \OCP\IUserSession|\PHPUnit_Framework_MockObject_MockObject */
  32. private $userSession;
  33. /** @var \OCP\IConfig|\PHPUnit_Framework_MockObject_MockObject */
  34. private $config;
  35. /** @var \OCP\IL10N|\PHPUnit_Framework_MockObject_MockObject */
  36. private $l;
  37. /** @var Crypt */
  38. private $crypt;
  39. public function setUp() {
  40. parent::setUp();
  41. $this->logger = $this->getMockBuilder('OCP\ILogger')
  42. ->disableOriginalConstructor()
  43. ->getMock();
  44. $this->logger->expects($this->any())
  45. ->method('warning')
  46. ->willReturn(true);
  47. $this->userSession = $this->getMockBuilder('OCP\IUserSession')
  48. ->disableOriginalConstructor()
  49. ->getMock();
  50. $this->config = $this->getMockBuilder('OCP\IConfig')
  51. ->disableOriginalConstructor()
  52. ->getMock();
  53. $this->l = $this->createMock(IL10N::class);
  54. $this->crypt = new Crypt($this->logger, $this->userSession, $this->config, $this->l);
  55. }
  56. /**
  57. * test getOpenSSLConfig without any additional parameters
  58. */
  59. public function testGetOpenSSLConfigBasic() {
  60. $this->config->expects($this->once())
  61. ->method('getSystemValue')
  62. ->with($this->equalTo('openssl'), $this->equalTo([]))
  63. ->willReturn(array());
  64. $result = self::invokePrivate($this->crypt, 'getOpenSSLConfig');
  65. $this->assertSame(1, count($result));
  66. $this->assertArrayHasKey('private_key_bits', $result);
  67. $this->assertSame(4096, $result['private_key_bits']);
  68. }
  69. /**
  70. * test getOpenSSLConfig with additional parameters defined in config.php
  71. */
  72. public function testGetOpenSSLConfig() {
  73. $this->config->expects($this->once())
  74. ->method('getSystemValue')
  75. ->with($this->equalTo('openssl'), $this->equalTo([]))
  76. ->willReturn(array('foo' => 'bar', 'private_key_bits' => 1028));
  77. $result = self::invokePrivate($this->crypt, 'getOpenSSLConfig');
  78. $this->assertSame(2, count($result));
  79. $this->assertArrayHasKey('private_key_bits', $result);
  80. $this->assertArrayHasKey('foo', $result);
  81. $this->assertSame(1028, $result['private_key_bits']);
  82. $this->assertSame('bar', $result['foo']);
  83. }
  84. /**
  85. * test generateHeader with valid key formats
  86. *
  87. * @dataProvider dataTestGenerateHeader
  88. */
  89. public function testGenerateHeader($keyFormat, $expected) {
  90. $this->config->expects($this->once())
  91. ->method('getSystemValue')
  92. ->with($this->equalTo('cipher'), $this->equalTo('AES-256-CTR'))
  93. ->willReturn('AES-128-CFB');
  94. if ($keyFormat) {
  95. $result = $this->crypt->generateHeader($keyFormat);
  96. } else {
  97. $result = $this->crypt->generateHeader();
  98. }
  99. $this->assertSame($expected, $result);
  100. }
  101. /**
  102. * test generateHeader with invalid key format
  103. *
  104. * @expectedException \InvalidArgumentException
  105. */
  106. public function testGenerateHeaderInvalid() {
  107. $this->crypt->generateHeader('unknown');
  108. }
  109. /**
  110. * @return array
  111. */
  112. public function dataTestGenerateHeader() {
  113. return [
  114. [null, 'HBEGIN:cipher:AES-128-CFB:keyFormat:hash:HEND'],
  115. ['password', 'HBEGIN:cipher:AES-128-CFB:keyFormat:password:HEND'],
  116. ['hash', 'HBEGIN:cipher:AES-128-CFB:keyFormat:hash:HEND']
  117. ];
  118. }
  119. public function testGetCipherWithInvalidCipher() {
  120. $this->config->expects($this->once())
  121. ->method('getSystemValue')
  122. ->with($this->equalTo('cipher'), $this->equalTo('AES-256-CTR'))
  123. ->willReturn('Not-Existing-Cipher');
  124. $this->logger
  125. ->expects($this->once())
  126. ->method('warning')
  127. ->with('Unsupported cipher (Not-Existing-Cipher) defined in config.php supported. Falling back to AES-256-CTR');
  128. $this->assertSame('AES-256-CTR', $this->crypt->getCipher());
  129. }
  130. /**
  131. * @dataProvider dataProviderGetCipher
  132. * @param string $configValue
  133. * @param string $expected
  134. */
  135. public function testGetCipher($configValue, $expected) {
  136. $this->config->expects($this->once())
  137. ->method('getSystemValue')
  138. ->with($this->equalTo('cipher'), $this->equalTo('AES-256-CTR'))
  139. ->willReturn($configValue);
  140. $this->assertSame($expected,
  141. $this->crypt->getCipher()
  142. );
  143. }
  144. /**
  145. * data provider for testGetCipher
  146. *
  147. * @return array
  148. */
  149. public function dataProviderGetCipher() {
  150. return array(
  151. array('AES-128-CFB', 'AES-128-CFB'),
  152. array('AES-256-CFB', 'AES-256-CFB'),
  153. array('AES-128-CTR', 'AES-128-CTR'),
  154. array('AES-256-CTR', 'AES-256-CTR'),
  155. array('unknown', 'AES-256-CTR')
  156. );
  157. }
  158. /**
  159. * test concatIV()
  160. */
  161. public function testConcatIV() {
  162. $result = self::invokePrivate(
  163. $this->crypt,
  164. 'concatIV',
  165. array('content', 'my_iv'));
  166. $this->assertSame('content00iv00my_iv',
  167. $result
  168. );
  169. }
  170. /**
  171. * @dataProvider dataTestSplitMetaData
  172. */
  173. public function testSplitMetaData($data, $expected) {
  174. $result = self::invokePrivate($this->crypt, 'splitMetaData', array($data, 'AES-256-CFB'));
  175. $this->assertTrue(is_array($result));
  176. $this->assertSame(3, count($result));
  177. $this->assertArrayHasKey('encrypted', $result);
  178. $this->assertArrayHasKey('iv', $result);
  179. $this->assertArrayHasKey('signature', $result);
  180. $this->assertSame($expected['encrypted'], $result['encrypted']);
  181. $this->assertSame($expected['iv'], $result['iv']);
  182. $this->assertSame($expected['signature'], $result['signature']);
  183. }
  184. public function dataTestSplitMetaData() {
  185. return [
  186. ['encryptedContent00iv001234567890123456xx',
  187. ['encrypted' => 'encryptedContent', 'iv' => '1234567890123456', 'signature' => false]],
  188. ['encryptedContent00iv00123456789012345600sig00e1992521e437f6915f9173b190a512cfc38a00ac24502db44e0ba10c2bb0cc86xxx',
  189. ['encrypted' => 'encryptedContent', 'iv' => '1234567890123456', 'signature' => 'e1992521e437f6915f9173b190a512cfc38a00ac24502db44e0ba10c2bb0cc86']],
  190. ];
  191. }
  192. /**
  193. * @dataProvider dataTestHasSignature
  194. */
  195. public function testHasSignature($data, $expected) {
  196. $this->assertSame($expected,
  197. $this->invokePrivate($this->crypt, 'hasSignature', array($data, 'AES-256-CFB'))
  198. );
  199. }
  200. public function dataTestHasSignature() {
  201. return [
  202. ['encryptedContent00iv001234567890123456xx', false],
  203. ['encryptedContent00iv00123456789012345600sig00e1992521e437f6915f9173b190a512cfc38a00ac24502db44e0ba10c2bb0cc86xxx', true]
  204. ];
  205. }
  206. /**
  207. * @dataProvider dataTestHasSignatureFail
  208. * @expectedException \OC\HintException
  209. */
  210. public function testHasSignatureFail($cipher) {
  211. $data = 'encryptedContent00iv001234567890123456xx';
  212. $this->invokePrivate($this->crypt, 'hasSignature', array($data, $cipher));
  213. }
  214. public function dataTestHasSignatureFail() {
  215. return [
  216. ['AES-256-CTR'],
  217. ['aes-256-ctr'],
  218. ['AES-128-CTR'],
  219. ['ctr-256-ctr']
  220. ];
  221. }
  222. /**
  223. * test addPadding()
  224. */
  225. public function testAddPadding() {
  226. $result = self::invokePrivate($this->crypt, 'addPadding', array('data'));
  227. $this->assertSame('dataxxx', $result);
  228. }
  229. /**
  230. * test removePadding()
  231. *
  232. * @dataProvider dataProviderRemovePadding
  233. * @param $data
  234. * @param $expected
  235. */
  236. public function testRemovePadding($data, $expected) {
  237. $result = self::invokePrivate($this->crypt, 'removePadding', array($data));
  238. $this->assertSame($expected, $result);
  239. }
  240. /**
  241. * data provider for testRemovePadding
  242. *
  243. * @return array
  244. */
  245. public function dataProviderRemovePadding() {
  246. return array(
  247. array('dataxx', 'data'),
  248. array('data', false)
  249. );
  250. }
  251. /**
  252. * test parseHeader()
  253. */
  254. public function testParseHeader() {
  255. $header= 'HBEGIN:foo:bar:cipher:AES-256-CFB:HEND';
  256. $result = self::invokePrivate($this->crypt, 'parseHeader', array($header));
  257. $this->assertTrue(is_array($result));
  258. $this->assertSame(2, count($result));
  259. $this->assertArrayHasKey('foo', $result);
  260. $this->assertArrayHasKey('cipher', $result);
  261. $this->assertSame('bar', $result['foo']);
  262. $this->assertSame('AES-256-CFB', $result['cipher']);
  263. }
  264. /**
  265. * test encrypt()
  266. *
  267. * @return string
  268. */
  269. public function testEncrypt() {
  270. $decrypted = 'content';
  271. $password = 'password';
  272. $iv = self::invokePrivate($this->crypt, 'generateIv');
  273. $this->assertTrue(is_string($iv));
  274. $this->assertSame(16, strlen($iv));
  275. $result = self::invokePrivate($this->crypt, 'encrypt', array($decrypted, $iv, $password));
  276. $this->assertTrue(is_string($result));
  277. return array(
  278. 'password' => $password,
  279. 'iv' => $iv,
  280. 'encrypted' => $result,
  281. 'decrypted' => $decrypted);
  282. }
  283. /**
  284. * test decrypt()
  285. *
  286. * @depends testEncrypt
  287. */
  288. public function testDecrypt($data) {
  289. $result = self::invokePrivate(
  290. $this->crypt,
  291. 'decrypt',
  292. array($data['encrypted'], $data['iv'], $data['password']));
  293. $this->assertSame($data['decrypted'], $result);
  294. }
  295. /**
  296. * test return values of valid ciphers
  297. *
  298. * @dataProvider dataTestGetKeySize
  299. */
  300. public function testGetKeySize($cipher, $expected) {
  301. $result = $this->invokePrivate($this->crypt, 'getKeySize', [$cipher]);
  302. $this->assertSame($expected, $result);
  303. }
  304. /**
  305. * test exception if cipher is unknown
  306. *
  307. * @expectedException \InvalidArgumentException
  308. */
  309. public function testGetKeySizeFailure() {
  310. $this->invokePrivate($this->crypt, 'getKeySize', ['foo']);
  311. }
  312. /**
  313. * @return array
  314. */
  315. public function dataTestGetKeySize() {
  316. return [
  317. ['AES-256-CFB', 32],
  318. ['AES-128-CFB', 16],
  319. ['AES-256-CTR', 32],
  320. ['AES-128-CTR', 16],
  321. ];
  322. }
  323. /**
  324. * @dataProvider dataTestDecryptPrivateKey
  325. */
  326. public function testDecryptPrivateKey($header, $privateKey, $expectedCipher, $isValidKey, $expected) {
  327. /** @var \OCA\Encryption\Crypto\Crypt | \PHPUnit_Framework_MockObject_MockObject $crypt */
  328. $crypt = $this->getMockBuilder('OCA\Encryption\Crypto\Crypt')
  329. ->setConstructorArgs(
  330. [
  331. $this->logger,
  332. $this->userSession,
  333. $this->config,
  334. $this->l
  335. ]
  336. )
  337. ->setMethods(
  338. [
  339. 'parseHeader',
  340. 'generatePasswordHash',
  341. 'symmetricDecryptFileContent',
  342. 'isValidPrivateKey'
  343. ]
  344. )
  345. ->getMock();
  346. $crypt->expects($this->once())->method('parseHeader')->willReturn($header);
  347. if (isset($header['keyFormat']) && $header['keyFormat'] === 'hash') {
  348. $crypt->expects($this->once())->method('generatePasswordHash')->willReturn('hash');
  349. $password = 'hash';
  350. } else {
  351. $crypt->expects($this->never())->method('generatePasswordHash');
  352. $password = 'password';
  353. }
  354. $crypt->expects($this->once())->method('symmetricDecryptFileContent')
  355. ->with('privateKey', $password, $expectedCipher)->willReturn('key');
  356. $crypt->expects($this->once())->method('isValidPrivateKey')->willReturn($isValidKey);
  357. $result = $crypt->decryptPrivateKey($privateKey, 'password');
  358. $this->assertSame($expected, $result);
  359. }
  360. /**
  361. * @return array
  362. */
  363. public function dataTestDecryptPrivateKey() {
  364. return [
  365. [['cipher' => 'AES-128-CFB', 'keyFormat' => 'password'], 'HBEGIN:HENDprivateKey', 'AES-128-CFB', true, 'key'],
  366. [['cipher' => 'AES-256-CFB', 'keyFormat' => 'password'], 'HBEGIN:HENDprivateKey', 'AES-256-CFB', true, 'key'],
  367. [['cipher' => 'AES-256-CFB', 'keyFormat' => 'password'], 'HBEGIN:HENDprivateKey', 'AES-256-CFB', false, false],
  368. [['cipher' => 'AES-256-CFB', 'keyFormat' => 'hash'], 'HBEGIN:HENDprivateKey', 'AES-256-CFB', true, 'key'],
  369. [['cipher' => 'AES-256-CFB'], 'HBEGIN:HENDprivateKey', 'AES-256-CFB', true, 'key'],
  370. [[], 'privateKey', 'AES-128-CFB', true, 'key'],
  371. ];
  372. }
  373. public function testIsValidPrivateKey() {
  374. $res = openssl_pkey_new();
  375. openssl_pkey_export($res, $privateKey);
  376. // valid private key
  377. $this->assertTrue(
  378. $this->invokePrivate($this->crypt, 'isValidPrivateKey', [$privateKey])
  379. );
  380. // invalid private key
  381. $this->assertFalse(
  382. $this->invokePrivate($this->crypt, 'isValidPrivateKey', ['foo'])
  383. );
  384. }
  385. }