From ffa6b330477193dd5f438980bd2736555aa738e6 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Tue, 22 Jul 2014 17:22:15 +0200 Subject: [PATCH] add unit test for aes256/aes128 --- apps/files_encryption/tests/crypt.php | 160 +++++++++++++++++++++ apps/files_encryption/tests/keymanager.php | 32 +++++ 2 files changed, 192 insertions(+) diff --git a/apps/files_encryption/tests/crypt.php b/apps/files_encryption/tests/crypt.php index d1ff6eec7dc..5eb9580e3b4 100755 --- a/apps/files_encryption/tests/crypt.php +++ b/apps/files_encryption/tests/crypt.php @@ -96,6 +96,7 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { } $this->assertTrue(\OC_FileProxy::$enabled); + \OCP\Config::deleteSystemValue('cipher'); } public static function tearDownAfterClass() { @@ -153,6 +154,24 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { } + /** + * @medium + */ + function testSymmetricEncryptFileContentAes128() { + + # TODO: search in keyfile for actual content as IV will ensure this test always passes + + $crypted = Encryption\Crypt::symmetricEncryptFileContent($this->dataShort, 'hat', 'AES-128-CFB'); + + $this->assertNotEquals($this->dataShort, $crypted); + + + $decrypt = Encryption\Crypt::symmetricDecryptFileContent($crypted, 'hat', 'AES-128-CFB'); + + $this->assertEquals($this->dataShort, $decrypt); + + } + /** * @medium */ @@ -190,6 +209,47 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { Encryption\Keymanager::deleteFileKey($this->view, $filename); } + /** + * @medium + */ + function testSymmetricStreamEncryptShortFileContentAes128() { + + $filename = 'tmp-' . uniqid() . '.test'; + + \OCP\Config::setSystemValue('cipher', 'AES-128-CFB'); + + $cryptedFile = file_put_contents('crypt:///' . $this->userId . '/files/'. $filename, $this->dataShort); + + // Test that data was successfully written + $this->assertTrue(is_int($cryptedFile)); + + \OCP\Config::deleteSystemValue('cipher'); + + // Disable encryption proxy to prevent recursive calls + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; + + // Get file contents without using any wrapper to get it's actual contents on disk + $retreivedCryptedFile = $this->view->file_get_contents($this->userId . '/files/' . $filename); + + // Re-enable proxy - our work is done + \OC_FileProxy::$enabled = $proxyStatus; + + // Check that the file was encrypted before being written to disk + $this->assertNotEquals($this->dataShort, $retreivedCryptedFile); + + // Get file contents with the encryption wrapper + $decrypted = file_get_contents('crypt:///' . $this->userId . '/files/'. $filename); + + // Check that decrypted data matches + $this->assertEquals($this->dataShort, $decrypted); + + // Teardown + $this->view->unlink($this->userId . '/files/' . $filename); + + Encryption\Keymanager::deleteFileKey($this->view, $filename); + } + /** * @medium * Test that data that is written by the crypto stream wrapper @@ -234,6 +294,106 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { } + /** + * @medium + * Test that data that is written by the crypto stream wrapper with AES 128 + * @note Encrypted data is manually prepared and decrypted here to avoid dependency on success of stream_read + * @note If this test fails with truncate content, check that enough array slices are being rejoined to form $e, as the crypt.php file may have gotten longer and broken the manual + * reassembly of its data + */ + function testSymmetricStreamEncryptLongFileContentAes128() { + + // Generate a a random filename + $filename = 'tmp-' . uniqid() . '.test'; + + \OCP\Config::setSystemValue('cipher', 'AES-128-CFB'); + + // Save long data as encrypted file using stream wrapper + $cryptedFile = file_put_contents('crypt:///' . $this->userId . '/files/' . $filename, $this->dataLong . $this->dataLong); + + // Test that data was successfully written + $this->assertTrue(is_int($cryptedFile)); + + // Disable encryption proxy to prevent recursive calls + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; + + \OCP\Config::deleteSystemValue('cipher'); + + // Get file contents without using any wrapper to get it's actual contents on disk + $retreivedCryptedFile = $this->view->file_get_contents($this->userId . '/files/' . $filename); + + // Re-enable proxy - our work is done + \OC_FileProxy::$enabled = $proxyStatus; + + + // Check that the file was encrypted before being written to disk + $this->assertNotEquals($this->dataLong . $this->dataLong, $retreivedCryptedFile); + + $decrypted = file_get_contents('crypt:///' . $this->userId . '/files/'. $filename); + + $this->assertEquals($this->dataLong . $this->dataLong, $decrypted); + + // Teardown + + $this->view->unlink($this->userId . '/files/' . $filename); + + Encryption\Keymanager::deleteFileKey($this->view, $filename); + + } + + /** + * @medium + * Test that data that is written by the crypto stream wrapper with AES 128 + * @note Encrypted data is manually prepared and decrypted here to avoid dependency on success of stream_read + * @note If this test fails with truncate content, check that enough array slices are being rejoined to form $e, as the crypt.php file may have gotten longer and broken the manual + * reassembly of its data + */ + function testStreamDecryptLongFileContentWithoutHeader() { + + // Generate a a random filename + $filename = 'tmp-' . uniqid() . '.test'; + + \OCP\Config::setSystemValue('cipher', 'AES-128-CFB'); + + // Save long data as encrypted file using stream wrapper + $cryptedFile = file_put_contents('crypt:///' . $this->userId . '/files/' . $filename, $this->dataLong . $this->dataLong); + + \OCP\Config::deleteSystemValue('cipher'); + + // Test that data was successfully written + $this->assertTrue(is_int($cryptedFile)); + + // Disable encryption proxy to prevent recursive calls + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; + + // Get file contents without using any wrapper to get it's actual contents on disk + $retreivedCryptedFile = $this->view->file_get_contents($this->userId . '/files/' . $filename); + + // Check that the file was encrypted before being written to disk + $this->assertNotEquals($this->dataLong . $this->dataLong, $retreivedCryptedFile); + + // remove the header to check if we can also decrypt old files without a header, + // this files should fall back to AES-128 + $cryptedWithoutHeader = substr($retreivedCryptedFile, Encryption\Crypt::BLOCKSIZE); + $this->view->file_put_contents($this->userId . '/files/' . $filename, $cryptedWithoutHeader); + + // Re-enable proxy - our work is done + \OC_FileProxy::$enabled = $proxyStatus; + + $decrypted = file_get_contents('crypt:///' . $this->userId . '/files/'. $filename); + + $this->assertEquals($this->dataLong . $this->dataLong, $decrypted); + + // Teardown + + $this->view->unlink($this->userId . '/files/' . $filename); + + Encryption\Keymanager::deleteFileKey($this->view, $filename); + + } + /** * @medium */ diff --git a/apps/files_encryption/tests/keymanager.php b/apps/files_encryption/tests/keymanager.php index b5537837051..f90832280a2 100644 --- a/apps/files_encryption/tests/keymanager.php +++ b/apps/files_encryption/tests/keymanager.php @@ -174,6 +174,38 @@ class Test_Encryption_Keymanager extends \PHPUnit_Framework_TestCase { \OC_FileProxy::$enabled = $proxyStatus; } + /** + * @medium + */ + function testSetPrivateKey() { + + $key = "dummy key"; + + Encryption\Keymanager::setPrivateKey($key, 'dummyUser'); + + $this->assertTrue($this->view->file_exists('/dummyUser/files_encryption/dummyUser.private.key')); + + //clean up + $this->view->deleteAll('/dummyUser'); + } + + /** + * @medium + */ + function testSetPrivateSystemKey() { + + $key = "dummy key"; + $keyName = "myDummyKey.private.key"; + + Encryption\Keymanager::setPrivateSystemKey($key, $keyName); + + $this->assertTrue($this->view->file_exists('/owncloud_private_key/' . $keyName)); + + // clean up + $this->view->unlink('/owncloud_private_key/' . $keyName); + } + + /** * @medium */ -- 2.39.5