Symmetric encryption key set tests

2024-12-17 18:23:10 +09:00
parent cc067cc202
commit 185d044a0b
2 changed files with 39 additions and 34 deletions
--- a/4dev/tests/Security/CoreLibsSecuritySymmetricEncryptionTest.php
+++ b/4dev/tests/Security/CoreLibsSecuritySymmetricEncryptionTest.php
@@ -15,6 +15,8 @@ use CoreLibs\Security\SymmetricEncryption;
 */
 final class CoreLibsSecuritySymmetricEncryptionTest extends TestCase
 {
+	// MARK: key set compare
+
 	/**
 	 * Undocumented function
 	 *
@@ -65,6 +67,25 @@ final class CoreLibsSecuritySymmetricEncryptionTest extends TestCase
 		);
 	}

+	// MARK: empty encrypted string
+
+	/**
+	 * Undocumented function
+	 *
+	 * @covers ::decryptKey
+	 * @covers ::decrypt
+	 * @testdox Test empty encrypted string to decrypt
+	 *
+	 * @return void
+	 */
+	public function testEmptyDecryptionString(): void
+	{
+		$this->expectExceptionMessage('Encrypted string cannot be empty');
+		SymmetricEncryption::decryptKey('', CreateKey::generateRandomKey());
+	}
+
+	// MARK: encrypt/decrypt compare
+
 	/**
 	 * Undocumented function
 	 *
@@ -161,6 +182,8 @@ final class CoreLibsSecuritySymmetricEncryptionTest extends TestCase
 		);
 	}

+	// MARK: invalid key
+
 	/**
 	 * Undocumented function
 	 *
@@ -250,6 +273,8 @@ final class CoreLibsSecuritySymmetricEncryptionTest extends TestCase
 		SymmetricEncryption::decryptKey($encrypted, $wrong_key);
 	}

+	// MARK: wrong key
+
 	/**
 	 * Undocumented function
 	 *
@@ -290,9 +315,7 @@ final class CoreLibsSecuritySymmetricEncryptionTest extends TestCase
 		$enc_key = CreateKey::generateRandomKey();

 		// class
-		if (empty($key)) {
-			$this->expectExceptionMessage($exception_message);
-		}
+		$this->expectExceptionMessage($exception_message);
 		$crypt = new SymmetricEncryption($key);
 		$this->expectExceptionMessage($exception_message);
 		$crypt->encrypt('test');
@@ -353,6 +376,8 @@ final class CoreLibsSecuritySymmetricEncryptionTest extends TestCase
 		SymmetricEncryption::decryptKey($encrypted, $key);
 	}

+	// MARK: wrong input
+
 	/**
 	 * Undocumented function
 	 *
@@ -438,21 +463,6 @@ final class CoreLibsSecuritySymmetricEncryptionTest extends TestCase
 		$this->expectExceptionMessage($exception_message);
 		SymmetricEncryption::decryptKey($input, $key);
 	}
-
-	/**
-	 * Undocumented function
-	 *
-	 * @covers ::decryptKey
-	 * @covers ::decrypt
-	 * @testdox Test empty encrypted string to decrypt
-	 *
-	 * @return void
-	 */
-	public function testEmptyDecryptionString(): void
-	{
-		$this->expectExceptionMessage('Encrypted string cannot be empty');
-		SymmetricEncryption::decryptKey('', CreateKey::generateRandomKey());
-	}
 }

 // __END__
--- a/www/lib/CoreLibs/Security/SymmetricEncryption.php
+++ b/www/lib/CoreLibs/Security/SymmetricEncryption.php
@@ -97,6 +97,9 @@ class SymmetricEncryption
 	 *
 	 * @param  ?string $key The key from which the binary key will be created
 	 * @return string       Binary key string
+	 * @throws \UnexpectedValueException empty key
+	 * @throws \UnexpectedValueException invalid hex key
+	 * @throws \RangeException invalid length
 	 */
 	private function createKey(
 		#[\SensitiveParameter]
@@ -125,9 +128,9 @@ class SymmetricEncryption
 	 * @param  string  $encrypted Text to decrypt
 	 * @param  ?string $key       Mandatory encryption key, will throw exception if empty
 	 * @return string             Plain text
-	 * @throws \RangeException
-	 * @throws \UnexpectedValueException
-	 * @throws \UnexpectedValueException
+	 * @throws \UnexpectedValueException key cannot be empty
+	 * @throws \UnexpectedValueException decipher message failed
+	 * @throws \UnexpectedValueException invalid key
 	 */
 	private function decryptData(
 		#[\SensitiveParameter]
@@ -169,8 +172,7 @@ class SymmetricEncryption
 	 * @param  string  $message Message to encrypt
 	 * @param  ?string $key     Mandatory encryption key, will throw exception if empty
 	 * @return string           Ciphered text
-	 * @throws \Exception
-	 * @throws \RangeException
+	 * @throws \UnexpectedValueException create message failed
 	 */
 	private function encryptData(
 		#[\SensitiveParameter]
@@ -208,6 +210,7 @@ class SymmetricEncryption
 	 *
 	 * @param  string $key
 	 * @return void
+	 * @throws \UnexpectedValueException key cannot be empty
 	 */
 	public function setKey(
 		#[\SensitiveParameter]
@@ -216,6 +219,9 @@ class SymmetricEncryption
 		if (empty($key)) {
 			throw new \UnexpectedValueException('Key cannot be empty');
 		}
+		// check that this is a valid key
+		$this->createKey($key);
+		// set key
 		$this->key = $key;
 		sodium_memzero($key);
 	}
@@ -250,10 +256,6 @@ class SymmetricEncryption
 	 * @param  string $encrypted Message encrypted with safeEncrypt()
 	 * @param  string $key       Encryption key (as hex string)
 	 * @return string
-	 * @throws \Exception
-	 * @throws \RangeException
-	 * @throws \UnexpectedValueException
-	 * @throws \UnexpectedValueException
 	 */
 	public static function decryptKey(
 		#[\SensitiveParameter]
@@ -269,9 +271,6 @@ class SymmetricEncryption
 	 *
 	 * @param  string $encrypted Message encrypted with safeEncrypt()
 	 * @return string
-	 * @throws \RangeException
-	 * @throws \UnexpectedValueException
-	 * @throws \UnexpectedValueException
 	 */
 	public function decrypt(
 		#[\SensitiveParameter]
@@ -287,8 +286,6 @@ class SymmetricEncryption
 	 * @param  string $message Message to encrypt
 	 * @param  string $key     Encryption key (as hex string)
 	 * @return string
-	 * @throws \Exception
-	 * @throws \RangeException
 	 */
 	public static function encryptKey(
 		#[\SensitiveParameter]
@@ -304,8 +301,6 @@ class SymmetricEncryption
 	 *
 	 * @param  string $message Message to encrypt
 	 * @return string
-	 * @throws \Exception
-	 * @throws \RangeException
 	 */
 	public function encrypt(
 		#[\SensitiveParameter]