use password hash instead of the plain password to encrypt the private key

author: Bjoern Schiessle <schiessle@owncloud.com> 2015-08-07 14:04:17 +0200
committer: Bjoern Schiessle <schiessle@owncloud.com> 2015-08-07 15:21:08 +0200
commit: 62bc0e5264af50be48dbcbb720b7bd16e8d88df5 (patch)
tree: ad0c95913483a7ed2d866066af4ed3d5c00bab6c /apps/encryption/tests
parent: 43888bb9bf46928acfe79084377b96133609ef6c (diff)
download: nextcloud-server-62bc0e5264af50be48dbcbb720b7bd16e8d88df5.tar.gz
nextcloud-server-62bc0e5264af50be48dbcbb720b7bd16e8d88df5.zip
5 files changed, 110 insertions, 9 deletions
diff --git a/apps/encryption/tests/controller/SettingsControllerTest.php b/apps/encryption/tests/controller/SettingsControllerTest.php
index ed8135b9c4d..d985c7d7d25 100644
--- a/apps/encryption/tests/controller/SettingsControllerTest.php
+++ b/apps/encryption/tests/controller/SettingsControllerTest.php
@@ -188,7 +188,7 @@ class SettingsControllerTest extends TestCase {
 
 		$this->cryptMock
 			->expects($this->once())
-			->method('symmetricEncryptFileContent')
+			->method('encryptPrivateKey')
 			->willReturn('encryptedKey');
 
 		$this->cryptMock
diff --git a/apps/encryption/tests/hooks/UserHooksTest.php b/apps/encryption/tests/hooks/UserHooksTest.php
index 921c924d015..aa16a4d8703 100644
--- a/apps/encryption/tests/hooks/UserHooksTest.php
+++ b/apps/encryption/tests/hooks/UserHooksTest.php
@@ -114,7 +114,7 @@ class UserHooksTest extends TestCase {
 			->willReturnOnConsecutiveCalls(true, false);
 
 		$this->cryptMock->expects($this->exactly(4))
-			->method('symmetricEncryptFileContent')
+			->method('encryptPrivateKey')
 			->willReturn(true);
 
 		$this->cryptMock->expects($this->any())
diff --git a/apps/encryption/tests/lib/KeyManagerTest.php b/apps/encryption/tests/lib/KeyManagerTest.php
index 0bac5e0341b..71b00cf254a 100644
--- a/apps/encryption/tests/lib/KeyManagerTest.php
+++ b/apps/encryption/tests/lib/KeyManagerTest.php
@@ -260,7 +260,7 @@ class KeyManagerTest extends TestCase {
 			->method('setSystemUserKey')
 			->willReturn(true);
 		$this->cryptMock->expects($this->any())
-			->method('symmetricEncryptFileContent')
+			->method('encryptPrivateKey')
 			->with($this->equalTo('privateKey'), $this->equalTo('pass'))
 			->willReturn('decryptedPrivateKey');
 
diff --git a/apps/encryption/tests/lib/RecoveryTest.php b/apps/encryption/tests/lib/RecoveryTest.php
index 8d5d31af0b8..c0624a36be9 100644
--- a/apps/encryption/tests/lib/RecoveryTest.php
+++ b/apps/encryption/tests/lib/RecoveryTest.php
@@ -96,7 +96,7 @@ class RecoveryTest extends TestCase {
 			->method('decryptPrivateKey');
 
 		$this->cryptMock->expects($this->once())
-			->method('symmetricEncryptFileContent')
+			->method('encryptPrivateKey')
 			->willReturn(true);
 
 		$this->assertTrue($this->instance->changeRecoveryKeyPassword('password',
diff --git a/apps/encryption/tests/lib/crypto/cryptTest.php b/apps/encryption/tests/lib/crypto/cryptTest.php
index 14ed1513e1e..3c7767a8908 100644
--- a/apps/encryption/tests/lib/crypto/cryptTest.php
+++ b/apps/encryption/tests/lib/crypto/cryptTest.php
@@ -98,18 +98,41 @@ class cryptTest extends TestCase {
 
 
 	/**
-	 * test generateHeader
+	 * test generateHeader with valid key formats
+	 *
+	 * @dataProvider dataTestGenerateHeader
 	 */
-	public function testGenerateHeader() {
+	public function testGenerateHeader($keyFormat, $expected) {
 
 		$this->config->expects($this->once())
 			->method('getSystemValue')
 			->with($this->equalTo('cipher'), $this->equalTo('AES-256-CFB'))
 			->willReturn('AES-128-CFB');
 
-		$this->assertSame('HBEGIN:cipher:AES-128-CFB:HEND',
-			$this->crypt->generateHeader()
-		);
+		if ($keyFormat) {
+			$result = $this->crypt->generateHeader($keyFormat);
+		} else {
+			$result = $this->crypt->generateHeader();
+		}
+
+		$this->assertSame($expected, $result);
+	}
+
+	/**
+	 * test generateHeader with invalid key format
+	 *
+	 * @expectedException \InvalidArgumentException
+	 */
+	public function testGenerateHeaderInvalid() {
+		$this->crypt->generateHeader('unknown');
+	}
+
+	public function dataTestGenerateHeader() {
+		return [
+			[null, 'HBEGIN:cipher:AES-128-CFB:keyFormat:hash:HEND'],
+			['password', 'HBEGIN:cipher:AES-128-CFB:keyFormat:password:HEND'],
+			['hash', 'HBEGIN:cipher:AES-128-CFB:keyFormat:hash:HEND']
+		];
 	}
 
 	/**
@@ -262,4 +285,82 @@ class cryptTest extends TestCase {
 
 	}
 
+	/**
+	 * test return values of valid ciphers
+	 *
+	 * @dataProvider dataTestGetKeySize
+	 */
+	public function testGetKeySize($cipher, $expected) {
+		$result = $this->invokePrivate($this->crypt, 'getKeySize', [$cipher]);
+		$this->assertSame($expected, $result);
+	}
+
+	/**
+	 * test exception if cipher is unknown
+	 *
+	 * @expectedException \InvalidArgumentException
+	 */
+	public function testGetKeySizeFailure() {
+		$this->invokePrivate($this->crypt, 'getKeySize', ['foo']);
+	}
+
+	public function dataTestGetKeySize() {
+		return [
+			['AES-256-CFB', 32],
+			['AES-128-CFB', 16],
+		];
+	}
+
+	/**
+	 * @dataProvider dataTestDecryptPrivateKey
+	 */
+	public function testDecryptPrivateKey($header, $privateKey, $expectedCipher, $isValidKey, $expected) {
+		/** @var \OCA\Encryption\Crypto\Crypt | \PHPUnit_Framework_MockObject_MockObject $crypt */
+		$crypt = $this->getMockBuilder('OCA\Encryption\Crypto\Crypt')
+			->setConstructorArgs(
+				[
+					$this->logger,
+					$this->userSession,
+					$this->config
+				]
+			)
+			->setMethods(
+				[
+					'parseHeader',
+					'generatePasswordHash',
+					'symmetricDecryptFileContent',
+					'isValidPrivateKey'
+				]
+			)
+			->getMock();
+
+		$crypt->expects($this->once())->method('parseHeader')->willReturn($header);
+		if (isset($header['keyFormat']) && $header['keyFormat'] === 'hash') {
+			$crypt->expects($this->once())->method('generatePasswordHash')->willReturn('hash');
+			$password = 'hash';
+		} else {
+			$crypt->expects($this->never())->method('generatePasswordHash');
+			$password = 'password';
+		}
+
+		$crypt->expects($this->once())->method('symmetricDecryptFileContent')
+			->with('privateKey', $password, $expectedCipher)->willReturn('key');
+		$crypt->expects($this->once())->method('isValidPrivateKey')->willReturn($isValidKey);
+
+		$result = $crypt->decryptPrivateKey($privateKey, 'password');
+
+		$this->assertSame($expected, $result);
+	}
+
+	public function dataTestDecryptPrivateKey() {
+		return [
+			[['cipher' => 'AES-128-CFB', 'keyFormat' => 'password'], 'HBEGIN:HENDprivateKey', 'AES-128-CFB', true, 'key'],
+			[['cipher' => 'AES-256-CFB', 'keyFormat' => 'password'], 'HBEGIN:HENDprivateKey', 'AES-256-CFB', true, 'key'],
+			[['cipher' => 'AES-256-CFB', 'keyFormat' => 'password'], 'HBEGIN:HENDprivateKey', 'AES-256-CFB', false, false],
+			[['cipher' => 'AES-256-CFB', 'keyFormat' => 'hash'], 'HBEGIN:HENDprivateKey', 'AES-256-CFB', true, 'key'],
+			[['cipher' => 'AES-256-CFB'], 'HBEGIN:HENDprivateKey', 'AES-256-CFB', true, 'key'],
+			[[], 'privateKey', 'AES-128-CFB', true, 'key'],
+		];
+	}
+
 }
author	Bjoern Schiessle <schiessle@owncloud.com>	2015-08-07 14:04:17 +0200
committer	Bjoern Schiessle <schiessle@owncloud.com>	2015-08-07 15:21:08 +0200
commit	62bc0e5264af50be48dbcbb720b7bd16e8d88df5 (patch)
tree	ad0c95913483a7ed2d866066af4ed3d5c00bab6c /apps/encryption/tests
parent	43888bb9bf46928acfe79084377b96133609ef6c (diff)
download	nextcloud-server-62bc0e5264af50be48dbcbb720b7bd16e8d88df5.tar.gz nextcloud-server-62bc0e5264af50be48dbcbb720b7bd16e8d88df5.zip