diff --git a/4dev/tests/Security/CoreLibsSecuritySymmetricEncryptionTest.php b/4dev/tests/Security/CoreLibsSecuritySymmetricEncryptionTest.php index a9e4311e..64cfd156 100644 --- a/4dev/tests/Security/CoreLibsSecuritySymmetricEncryptionTest.php +++ b/4dev/tests/Security/CoreLibsSecuritySymmetricEncryptionTest.php @@ -15,6 +15,8 @@ use CoreLibs\Security\SymmetricEncryption; */ final class CoreLibsSecuritySymmetricEncryptionTest extends TestCase { + // MARK: key set compare + /** * Undocumented function * @@ -65,6 +67,25 @@ final class CoreLibsSecuritySymmetricEncryptionTest extends TestCase ); } + // MARK: empty encrypted string + + /** + * Undocumented function + * + * @covers ::decryptKey + * @covers ::decrypt + * @testdox Test empty encrypted string to decrypt + * + * @return void + */ + public function testEmptyDecryptionString(): void + { + $this->expectExceptionMessage('Encrypted string cannot be empty'); + SymmetricEncryption::decryptKey('', CreateKey::generateRandomKey()); + } + + // MARK: encrypt/decrypt compare + /** * Undocumented function * @@ -161,6 +182,8 @@ final class CoreLibsSecuritySymmetricEncryptionTest extends TestCase ); } + // MARK: invalid key + /** * Undocumented function * @@ -250,6 +273,8 @@ final class CoreLibsSecuritySymmetricEncryptionTest extends TestCase SymmetricEncryption::decryptKey($encrypted, $wrong_key); } + // MARK: wrong key + /** * Undocumented function * @@ -290,9 +315,7 @@ final class CoreLibsSecuritySymmetricEncryptionTest extends TestCase $enc_key = CreateKey::generateRandomKey(); // class - if (empty($key)) { - $this->expectExceptionMessage($exception_message); - } + $this->expectExceptionMessage($exception_message); $crypt = new SymmetricEncryption($key); $this->expectExceptionMessage($exception_message); $crypt->encrypt('test'); @@ -353,6 +376,8 @@ final class CoreLibsSecuritySymmetricEncryptionTest extends TestCase SymmetricEncryption::decryptKey($encrypted, $key); } + // MARK: wrong input + /** * Undocumented function * @@ -438,21 +463,6 @@ final class CoreLibsSecuritySymmetricEncryptionTest extends TestCase $this->expectExceptionMessage($exception_message); SymmetricEncryption::decryptKey($input, $key); } - - /** - * Undocumented function - * - * @covers ::decryptKey - * @covers ::decrypt - * @testdox Test empty encrypted string to decrypt - * - * @return void - */ - public function testEmptyDecryptionString(): void - { - $this->expectExceptionMessage('Encrypted string cannot be empty'); - SymmetricEncryption::decryptKey('', CreateKey::generateRandomKey()); - } } // __END__ diff --git a/www/lib/CoreLibs/Security/SymmetricEncryption.php b/www/lib/CoreLibs/Security/SymmetricEncryption.php index d1dcff3f..f22e9116 100644 --- a/www/lib/CoreLibs/Security/SymmetricEncryption.php +++ b/www/lib/CoreLibs/Security/SymmetricEncryption.php @@ -97,6 +97,9 @@ class SymmetricEncryption * * @param ?string $key The key from which the binary key will be created * @return string Binary key string + * @throws \UnexpectedValueException empty key + * @throws \UnexpectedValueException invalid hex key + * @throws \RangeException invalid length */ private function createKey( #[\SensitiveParameter] @@ -125,9 +128,9 @@ class SymmetricEncryption * @param string $encrypted Text to decrypt * @param ?string $key Mandatory encryption key, will throw exception if empty * @return string Plain text - * @throws \RangeException - * @throws \UnexpectedValueException - * @throws \UnexpectedValueException + * @throws \UnexpectedValueException key cannot be empty + * @throws \UnexpectedValueException decipher message failed + * @throws \UnexpectedValueException invalid key */ private function decryptData( #[\SensitiveParameter] @@ -169,8 +172,7 @@ class SymmetricEncryption * @param string $message Message to encrypt * @param ?string $key Mandatory encryption key, will throw exception if empty * @return string Ciphered text - * @throws \Exception - * @throws \RangeException + * @throws \UnexpectedValueException create message failed */ private function encryptData( #[\SensitiveParameter] @@ -208,6 +210,7 @@ class SymmetricEncryption * * @param string $key * @return void + * @throws \UnexpectedValueException key cannot be empty */ public function setKey( #[\SensitiveParameter] @@ -216,6 +219,9 @@ class SymmetricEncryption if (empty($key)) { throw new \UnexpectedValueException('Key cannot be empty'); } + // check that this is a valid key + $this->createKey($key); + // set key $this->key = $key; sodium_memzero($key); } @@ -250,10 +256,6 @@ class SymmetricEncryption * @param string $encrypted Message encrypted with safeEncrypt() * @param string $key Encryption key (as hex string) * @return string - * @throws \Exception - * @throws \RangeException - * @throws \UnexpectedValueException - * @throws \UnexpectedValueException */ public static function decryptKey( #[\SensitiveParameter] @@ -269,9 +271,6 @@ class SymmetricEncryption * * @param string $encrypted Message encrypted with safeEncrypt() * @return string - * @throws \RangeException - * @throws \UnexpectedValueException - * @throws \UnexpectedValueException */ public function decrypt( #[\SensitiveParameter] @@ -287,8 +286,6 @@ class SymmetricEncryption * @param string $message Message to encrypt * @param string $key Encryption key (as hex string) * @return string - * @throws \Exception - * @throws \RangeException */ public static function encryptKey( #[\SensitiveParameter] @@ -304,8 +301,6 @@ class SymmetricEncryption * * @param string $message Message to encrypt * @return string - * @throws \Exception - * @throws \RangeException */ public function encrypt( #[\SensitiveParameter]