diff --git a/4dev/tests/Security/CoreLibsSecurityAsymmetricAnonymousEncryptionTest.php b/4dev/tests/Security/CoreLibsSecurityAsymmetricAnonymousEncryptionTest.php new file mode 100644 index 00000000..d5d6b461 --- /dev/null +++ b/4dev/tests/Security/CoreLibsSecurityAsymmetricAnonymousEncryptionTest.php @@ -0,0 +1,838 @@ +assertTrue( + $crypt->compareKeyPair($key_pair), + 'set key pair not equal to original key pair' + ); + $this->assertTrue( + $crypt->comparePublicKey($public_key), + 'automatic set public key not equal to original public key' + ); + $this->assertEquals( + $key_pair, + $crypt->getKeyPair(), + 'set key pair returned not equal to original key pair' + ); + $this->assertEquals( + $public_key, + $crypt->getPublicKey(), + 'automatic set public key returned not equal to original public key' + ); + } + + /** + * Undocumented function + * + * @covers ::getKeyPair + * @covers ::compareKeyPair + * @covers ::getPublicKey + * @covers ::comparePublicKey + * @testdox Check if init class set key pair and public key matches to created key pair and public key + * + * @return void + */ + public function testKeyPairPublicKeyInitGetCompare(): void + { + $key_pair = CreateKey::createKeyPair(); + $public_key = CreateKey::getPublicKey($key_pair); + $crypt = new AsymmetricAnonymousEncryption($key_pair, $public_key); + $this->assertTrue( + $crypt->compareKeyPair($key_pair), + 'set key pair not equal to original key pair' + ); + $this->assertTrue( + $crypt->comparePublicKey($public_key), + 'set public key not equal to original public key' + ); + $this->assertEquals( + $key_pair, + $crypt->getKeyPair(), + 'set key pair returned not equal to original key pair' + ); + $this->assertEquals( + $public_key, + $crypt->getPublicKey(), + 'set public key returned not equal to original public key' + ); + } + + /** + * Undocumented function + * + * @covers ::getKeyPair + * @covers ::getPublicKey + * @covers ::comparePublicKey + * @testdox Check if init class set public key matches to created public key + * + * @return void + */ + public function testPublicKeyInitGetCompare(): void + { + $key_pair = CreateKey::createKeyPair(); + $public_key = CreateKey::getPublicKey($key_pair); + $crypt = new AsymmetricAnonymousEncryption(public_key:$public_key); + $this->assertTrue( + $crypt->comparePublicKey($public_key), + 'set public key not equal to original public key' + ); + $this->assertEquals( + null, + $crypt->getKeyPair(), + 'unset set key pair returned not equal to original key pair' + ); + $this->assertEquals( + $public_key, + $crypt->getPublicKey(), + 'set public key returned not equal to original public key' + ); + } + + /** + * Undocumented function + * + * @covers ::setKeyPair + * @covers ::getKeyPair + * @covers ::compareKeyPair + * @covers ::getPublicKey + * @covers ::comparePublicKey + * @testdox Check if set key pair after class init matches to created key pair and public key + * + * @return void + */ + public function testKeyPairSetGetCompare(): void + { + $key_pair = CreateKey::createKeyPair(); + $public_key = CreateKey::getPublicKey($key_pair); + $crypt = new AsymmetricAnonymousEncryption(); + $crypt->setKeyPair($key_pair); + $this->assertTrue( + $crypt->compareKeyPair($key_pair), + 'post class init set key pair not equal to original key pair' + ); + $this->assertTrue( + $crypt->comparePublicKey($public_key), + 'post class init automatic set public key not equal to original public key' + ); + $this->assertEquals( + $key_pair, + $crypt->getKeyPair(), + 'post class init set key pair returned not equal to original key pair' + ); + $this->assertEquals( + $public_key, + $crypt->getPublicKey(), + 'post class init automatic set public key returned not equal to original public key' + ); + } + + /** + * Undocumented function + * + * @covers ::setKeyPair + * @covers ::setPublicKey + * @covers ::getKeyPair + * @covers ::compareKeyPair + * @covers ::getPublicKey + * @covers ::comparePublicKey + * @testdox Check if set key pair after class init matches to created key pair and public key + * + * @return void + */ + public function testKeyPairPublicKeySetGetCompare(): void + { + $key_pair = CreateKey::createKeyPair(); + $public_key = CreateKey::getPublicKey($key_pair); + $crypt = new AsymmetricAnonymousEncryption(); + $crypt->setKeyPair($key_pair); + $crypt->setPublicKey($public_key); + $this->assertTrue( + $crypt->compareKeyPair($key_pair), + 'post class init set key pair not equal to original key pair' + ); + $this->assertTrue( + $crypt->comparePublicKey($public_key), + 'post class init set public key not equal to original public key' + ); + $this->assertEquals( + $key_pair, + $crypt->getKeyPair(), + 'post class init set key pair returned not equal to original key pair' + ); + $this->assertEquals( + $public_key, + $crypt->getPublicKey(), + 'post class init set public key returned not equal to original public key' + ); + } + + /** + * Undocumented function + * + * @covers ::setPublicKey + * @covers ::getKeyPair + * @covers ::compareKeyPair + * @covers ::getPublicKey + * @covers ::comparePublicKey + * @testdox Check if set key pair after class init matches to created key pair and public key + * + * @return void + */ + public function testPublicKeySetGetCompare(): void + { + $key_pair = CreateKey::createKeyPair(); + $public_key = CreateKey::getPublicKey($key_pair); + $crypt = new AsymmetricAnonymousEncryption(); + $crypt->setPublicKey($public_key); + $this->assertTrue( + $crypt->comparePublicKey($public_key), + 'post class init set public key not equal to original public key' + ); + $this->assertEquals( + null, + $crypt->getKeyPair(), + 'post class init unset key pair returned not equal to original key pair' + ); + $this->assertEquals( + $public_key, + $crypt->getPublicKey(), + 'post class init set public key returned not equal to original public key' + ); + } + + /** + * Undocumented function + * + * @testdox Check different key pair and public key set + * + * @return void + */ + public function testDifferentSetKeyPairPublicKey() + { + $key_pair = CreateKey::createKeyPair(); + $public_key = CreateKey::getPublicKey($key_pair); + $key_pair_2 = CreateKey::createKeyPair(); + $public_key_2 = CreateKey::getPublicKey($key_pair_2); + $crypt = new AsymmetricAnonymousEncryption($key_pair, $public_key_2); + $this->assertTrue( + $crypt->compareKeyPair($key_pair), + 'key pair set matches key pair created' + ); + $this->assertTrue( + $crypt->comparePublicKey($public_key_2), + 'alternate public key set matches alternate public key created' + ); + $this->assertFalse( + $crypt->comparePublicKey($public_key), + 'alternate public key set does not match key pair public key' + ); + } + + /** + * Undocumented function + * + * @testdox Check if new set privat key does not overwrite set public key + * + * @return void + */ + public function testUpdateKeyPairNotUpdatePublicKey(): void + { + $key_pair = CreateKey::createKeyPair(); + $public_key = CreateKey::getPublicKey($key_pair); + $crypt = new AsymmetricAnonymousEncryption($key_pair); + $this->assertTrue( + $crypt->compareKeyPair($key_pair), + 'set key pair not equal to original key pair' + ); + $this->assertTrue( + $crypt->comparePublicKey($public_key), + 'set public key not equal to original public key' + ); + $key_pair_2 = CreateKey::createKeyPair(); + $public_key_2 = CreateKey::getPublicKey($key_pair_2); + $crypt->setKeyPair($key_pair_2); + $this->assertTrue( + $crypt->compareKeyPair($key_pair_2), + 'new set key pair not equal to original new key pair' + ); + $this->assertTrue( + $crypt->comparePublicKey($public_key), + 'original set public key not equal to original public key' + ); + $this->assertFalse( + $crypt->comparePublicKey($public_key_2), + 'new public key equal to original public key' + ); + } + + // MARK: empty encrytped string + + /** + * Undocumented function + * + * @covers ::decryptKey + * @covers ::decrypt + * @testdox Test empty encrypted string to decrypt + * + * @return void + */ + public function testEmptyDecryptionString(): void + { + $this->expectExceptionMessage('Encrypted string cannot be empty'); + AsymmetricAnonymousEncryption::decryptKey('', CreateKey::generateRandomKey()); + } + + // MARK: encrypt/decrypt + + /** + * Undocumented function + * + * @return array + */ + public function providerEncryptDecryptSuccess(): array + { + return [ + 'valid string' => [ + 'input' => 'I am a secret', + 'expected' => 'I am a secret', + ], + ]; + } + + /** + * test encrypt/decrypt produce correct output + * + * @covers ::generateRandomKey + * @covers ::encrypt + * @covers ::decrypt + * @dataProvider providerEncryptDecryptSuccess + * @testdox encrypt/decrypt $input must be $expected [$_dataName] + * + * @param string $input + * @param string $expected + * @return void + */ + public function testEncryptDecryptSuccess(string $input, string $expected): void + { + $key_pair = CreateKey::createKeyPair(); + $public_key = CreateKey::getPublicKey($key_pair); + // test class + $crypt = new AsymmetricAnonymousEncryption($key_pair); + $encrypted = $crypt->encrypt($input); + $decrypted = $crypt->decrypt($encrypted); + $this->assertEquals( + $expected, + $decrypted, + 'Class call', + ); + $crypt = new AsymmetricAnonymousEncryption($key_pair, $public_key); + $encrypted = $crypt->encrypt($input); + $decrypted = $crypt->decrypt($encrypted); + $this->assertEquals( + $expected, + $decrypted, + 'Class call botjh set', + ); + } + + /** + * test encrypt/decrypt produce correct output + * + * @covers ::generateRandomKey + * @covers ::encrypt + * @covers ::decrypt + * @dataProvider providerEncryptDecryptSuccess + * @testdox encrypt/decrypt indirect $input must be $expected [$_dataName] + * + * @param string $input + * @param string $expected + * @return void + */ + public function testEncryptDecryptSuccessIndirect(string $input, string $expected): void + { + $key_pair = CreateKey::createKeyPair(); + $public_key = CreateKey::getPublicKey($key_pair); + // test indirect + $encrypted = AsymmetricAnonymousEncryption::getInstance(public_key:$public_key)->encrypt($input); + $decrypted = AsymmetricAnonymousEncryption::getInstance($key_pair)->decrypt($encrypted); + $this->assertEquals( + $expected, + $decrypted, + 'Class Instance call', + ); + } + + /** + * test encrypt/decrypt produce correct output + * + * @covers ::generateRandomKey + * @covers ::encrypt + * @covers ::decrypt + * @dataProvider providerEncryptDecryptSuccess + * @testdox encrypt/decrypt indirect with public key $input must be $expected [$_dataName] + * + * @param string $input + * @param string $expected + * @return void + */ + public function testEncryptDecryptSuccessIndirectPublicKey(string $input, string $expected): void + { + $key_pair = CreateKey::createKeyPair(); + $public_key = CreateKey::getPublicKey($key_pair); + // test indirect + $encrypted = AsymmetricAnonymousEncryption::getInstance(public_key:$public_key)->encrypt($input); + $decrypted = AsymmetricAnonymousEncryption::getInstance($key_pair)->decrypt($encrypted); + $this->assertEquals( + $expected, + $decrypted, + 'Class Instance call public key', + ); + } + + /** + * test encrypt/decrypt produce correct output + * + * @covers ::generateRandomKey + * @covers ::encrypt + * @covers ::decrypt + * @dataProvider providerEncryptDecryptSuccess + * @testdox encrypt/decrypt static $input must be $expected [$_dataName] + * + * @param string $input + * @param string $expected + * @return void + */ + public function testEncryptDecryptSuccessStatic(string $input, string $expected): void + { + $key_pair = CreateKey::createKeyPair(); + $public_key = CreateKey::getPublicKey($key_pair); + // test static + $encrypted = AsymmetricAnonymousEncryption::encryptKey($input, $public_key); + $decrypted = AsymmetricAnonymousEncryption::decryptKey($encrypted, $key_pair); + + $this->assertEquals( + $expected, + $decrypted, + 'Static call', + ); + } + + // MARK: invalid decrypt key + + /** + * Undocumented function + * + * @return array + */ + public function providerEncryptFailed(): array + { + return [ + 'wrong decryption key' => [ + 'input' => 'I am a secret', + 'excpetion_message' => 'Invalid key pair' + ], + ]; + } + + /** + * Test decryption with wrong key + * + * @covers ::generateRandomKey + * @covers ::encrypt + * @covers ::decrypt + * @dataProvider providerEncryptFailed + * @testdox decrypt with wrong key $input throws $exception_message [$_dataName] + * + * @param string $input + * @param string $exception_message + * @return void + */ + public function testEncryptFailed(string $input, string $exception_message): void + { + $key_pair = CreateKey::createKeyPair(); + $public_key = CreateKey::getPublicKey($key_pair); + $wrong_key_pair = CreateKey::createKeyPair(); + + // wrong key in class call + $crypt = new AsymmetricAnonymousEncryption(public_key:$public_key); + $encrypted = $crypt->encrypt($input); + $this->expectExceptionMessage($exception_message); + $crypt->setKeyPair($wrong_key_pair); + $crypt->decrypt($encrypted); + } + + /** + * Test decryption with wrong key + * + * @covers ::generateRandomKey + * @covers ::encrypt + * @covers ::decrypt + * @dataProvider providerEncryptFailed + * @testdox decrypt indirect with wrong key $input throws $exception_message [$_dataName] + * + * @param string $input + * @param string $exception_message + * @return void + */ + public function testEncryptFailedIndirect(string $input, string $exception_message): void + { + $key_pair = CreateKey::createKeyPair(); + $public_key = CreateKey::getPublicKey($key_pair); + $wrong_key_pair = CreateKey::createKeyPair(); + + // class instance + $encrypted = AsymmetricAnonymousEncryption::getInstance(public_key:$public_key)->encrypt($input); + $this->expectExceptionMessage($exception_message); + AsymmetricAnonymousEncryption::getInstance($wrong_key_pair)->decrypt($encrypted); + } + + /** + * Test decryption with wrong key + * + * @covers ::generateRandomKey + * @covers ::encrypt + * @covers ::decrypt + * @dataProvider providerEncryptFailed + * @testdox decrypt static with wrong key $input throws $exception_message [$_dataName] + * + * @param string $input + * @param string $exception_message + * @return void + */ + public function testEncryptFailedStatic(string $input, string $exception_message): void + { + $key_pair = CreateKey::createKeyPair(); + $public_key = CreateKey::getPublicKey($key_pair); + $wrong_key_pair = CreateKey::createKeyPair(); + + // class static + $encrypted = AsymmetricAnonymousEncryption::encryptKey($input, $public_key); + $this->expectExceptionMessage($exception_message); + AsymmetricAnonymousEncryption::decryptKey($encrypted, $wrong_key_pair); + } + + // MARK: invalid key pair + + /** + * Undocumented function + * + * @return array + */ + public function providerWrongKeyPair(): array + { + return [ + 'not hex key pair' => [ + 'key_pair' => 'not_a_hex_key_pair', + 'exception_message' => 'Invalid hex key pair' + ], + 'too short hex key pair' => [ + 'key_pair' => '1cabd5cba9e042f12522f4ff2de5c31d233b', + 'excpetion_message' => 'Key pair is not the correct size (must be ' + ], + 'empty key pair' => [ + 'key_pair' => '', + 'excpetion_message' => 'Key pair cannot be empty' + ] + ]; + } + + /** + * test invalid key provided to decrypt or encrypt + * + * @covers ::encrypt + * @covers ::decrypt + * @dataProvider providerWrongKeyPair + * @testdox wrong key pair $key_pair throws $exception_message [$_dataName] + * + * @param string $key_pair + * @param string $exception_message + * @return void + */ + public function testWrongKeyPair(string $key_pair, string $exception_message): void + { + $enc_key_pair = CreateKey::createKeyPair(); + + // class + $this->expectExceptionMessage($exception_message); + $crypt = new AsymmetricAnonymousEncryption($key_pair); + $this->expectExceptionMessage($exception_message); + $crypt->encrypt('test'); + $crypt->setKeyPair($enc_key_pair); + $encrypted = $crypt->encrypt('test'); + $this->expectExceptionMessage($exception_message); + $crypt->setKeyPair($key_pair); + $crypt->decrypt($encrypted); + } + + /** + * test invalid key provided to decrypt or encrypt + * + * @covers ::encrypt + * @covers ::decrypt + * @dataProvider providerWrongKeyPair + * @testdox wrong key pair indirect $key_pair throws $exception_message [$_dataName] + * + * @param string $key_pair + * @param string $exception_message + * @return void + */ + public function testWrongKeyPairIndirect(string $key_pair, string $exception_message): void + { + $enc_key_pair = CreateKey::createKeyPair(); + + // set valid encryption + $encrypted = AsymmetricAnonymousEncryption::getInstance($enc_key_pair)->encrypt('test'); + $this->expectExceptionMessage($exception_message); + AsymmetricAnonymousEncryption::getInstance($key_pair)->decrypt($encrypted); + } + + /** + * test invalid key provided to decrypt or encrypt + * + * @covers ::encrypt + * @covers ::decrypt + * @dataProvider providerWrongKeyPair + * @testdox wrong key pair static $key_pair throws $exception_message [$_dataName] + * + * @param string $key_pair + * @param string $exception_message + * @return void + */ + public function testWrongKeyPairStatic(string $key_pair, string $exception_message): void + { + $enc_key_pair = CreateKey::createKeyPair(); + + // set valid encryption + $encrypted = AsymmetricAnonymousEncryption::encryptKey('test', CreateKey::getPublicKey($enc_key_pair)); + $this->expectExceptionMessage($exception_message); + AsymmetricAnonymousEncryption::decryptKey($encrypted, $key_pair); + } + + // MARK: invalid public key + + /** + * Undocumented function + * + * @return array + */ + public function providerWrongPublicKey(): array + { + return [ + 'not hex public key' => [ + 'public_key' => 'not_a_hex_public_key', + 'exception_message' => 'Invalid hex public key' + ], + 'too short hex public key' => [ + 'public_key' => '1cabd5cba9e042f12522f4ff2de5c31d233b', + 'excpetion_message' => 'Public key is not the correct size (must be ' + ], + 'empty public key' => [ + 'public_key' => '', + 'excpetion_message' => 'Public key cannot be empty' + ] + ]; + } + + /** + * test invalid key provided to decrypt or encrypt + * + * @covers ::encrypt + * @covers ::decrypt + * @dataProvider providerWrongPublicKey + * @testdox wrong public key $public_key throws $exception_message [$_dataName] + * + * @param string $public_key + * @param string $exception_message + * @return void + */ + public function testWrongPublicKey(string $public_key, string $exception_message): void + { + $enc_key_pair = CreateKey::createKeyPair(); + // $enc_public_key = CreateKey::getPublicKey($enc_key_pair); + + // class + $this->expectExceptionMessage($exception_message); + $crypt = new AsymmetricAnonymousEncryption(public_key:$public_key); + $this->expectExceptionMessage($exception_message); + $crypt->decrypt('test'); + $crypt->setKeyPair($enc_key_pair); + $encrypted = $crypt->encrypt('test'); + $this->expectExceptionMessage($exception_message); + $crypt->setPublicKey($public_key); + $crypt->decrypt($encrypted); + } + + /** + * test invalid key provided to decrypt or encrypt + * + * @covers ::encrypt + * @covers ::decrypt + * @dataProvider providerWrongPublicKey + * @testdox wrong public key indirect $key throws $exception_message [$_dataName] + * + * @param string $key + * @param string $exception_message + * @return void + */ + public function testWrongPublicKeyIndirect(string $key, string $exception_message): void + { + $enc_key = CreateKey::createKeyPair(); + + // class instance + $this->expectExceptionMessage($exception_message); + AsymmetricAnonymousEncryption::getInstance(public_key:$key)->encrypt('test'); + // we must encrypt valid thing first so we can fail with the wrong key + $encrypted = AsymmetricAnonymousEncryption::getInstance($enc_key)->encrypt('test'); + // $this->expectExceptionMessage($exception_message); + AsymmetricAnonymousEncryption::getInstance($key)->decrypt($encrypted); + } + + /** + * test invalid key provided to decrypt or encrypt + * + * @covers ::encrypt + * @covers ::decrypt + * @dataProvider providerWrongPublicKey + * @testdox wrong public key static $key throws $exception_message [$_dataName] + * + * @param string $key + * @param string $exception_message + * @return void + */ + public function testWrongPublicKeyStatic(string $key, string $exception_message): void + { + $enc_key = CreateKey::createKeyPair(); + + // class static + $this->expectExceptionMessage($exception_message); + AsymmetricAnonymousEncryption::encryptKey('test', $key); + // we must encrypt valid thing first so we can fail with the wrong key + $encrypted = AsymmetricAnonymousEncryption::encryptKey('test', $enc_key); + $this->expectExceptionMessage($exception_message); + AsymmetricAnonymousEncryption::decryptKey($encrypted, $key); + } + + // MARK: wrong cipher text + + /** + * Undocumented function + * + * @return array + */ + public function providerWrongCiphertext(): array + { + return [ + 'invalid cipher text' => [ + 'input' => 'short', + 'exception_message' => 'base642bin failed: ' + ], + 'cannot decrypt' => [ + // phpcs:disable Generic.Files.LineLength + 'input' => 'Um8tBGiVfFAOg2YoUgA5fTqK1wXPB1S7uxhPNE1lqDxgntkEhYJDOmjXa0DMpBlYHjab6sC4mgzwZSzGCUnXDAgsHckwYwfAzs/r', + // phpcs:enable Generic.Files.LineLength + 'exception_message' => 'Invalid key pair' + ], + 'invalid text' => [ + 'input' => 'U29tZSB0ZXh0IGhlcmU=', + 'exception_message' => 'Invalid key pair' + ] + ]; + } + + /** + * Undocumented function + * + * @covers ::decrypt + * @dataProvider providerWrongCiphertext + * @testdox too short ciphertext $input throws $exception_message [$_dataName] + * + * @param string $input + * @param string $exception_message + * @return void + */ + public function testWrongCiphertext(string $input, string $exception_message): void + { + $key = CreateKey::createKeyPair(); + // class + $crypt = new AsymmetricAnonymousEncryption($key); + $this->expectExceptionMessage($exception_message); + $crypt->decrypt($input); + } + + /** + * Undocumented function + * + * @covers ::decryptKey + * @dataProvider providerWrongCiphertext + * @testdox too short ciphertext indirect $input throws $exception_message [$_dataName] + * + * @param string $input + * @param string $exception_message + * @return void + */ + public function testWrongCiphertextIndirect(string $input, string $exception_message): void + { + $key = CreateKey::createKeyPair(); + + // class instance + $this->expectExceptionMessage($exception_message); + AsymmetricAnonymousEncryption::getInstance($key)->decrypt($input); + + // class static + $this->expectExceptionMessage($exception_message); + AsymmetricAnonymousEncryption::decryptKey($input, $key); + } + + /** + * Undocumented function + * + * @covers ::decryptKey + * @dataProvider providerWrongCiphertext + * @testdox too short ciphertext static $input throws $exception_message [$_dataName] + * + * @param string $input + * @param string $exception_message + * @return void + */ + public function testWrongCiphertextStatic(string $input, string $exception_message): void + { + $key = CreateKey::createKeyPair(); + // class static + $this->expectExceptionMessage($exception_message); + AsymmetricAnonymousEncryption::decryptKey($input, $key); + } +} + +// __END__ diff --git a/4dev/tests/Security/CoreLibsSecuritySymmetricEncryptionTest.php b/4dev/tests/Security/CoreLibsSecuritySymmetricEncryptionTest.php index 64cfd156..1251a6da 100644 --- a/4dev/tests/Security/CoreLibsSecuritySymmetricEncryptionTest.php +++ b/4dev/tests/Security/CoreLibsSecuritySymmetricEncryptionTest.php @@ -159,8 +159,8 @@ final class CoreLibsSecuritySymmetricEncryptionTest extends TestCase * test encrypt/decrypt produce correct output * * @covers ::generateRandomKey - * @covers ::encrypt - * @covers ::decrypt + * @covers ::encryptKey + * @covers ::decryptKey * @dataProvider providerEncryptDecryptSuccess * @testdox encrypt/decrypt static $input must be $expected [$_dataName] * @@ -253,8 +253,8 @@ final class CoreLibsSecuritySymmetricEncryptionTest extends TestCase * Test decryption with wrong key * * @covers ::generateRandomKey - * @covers ::encrypt - * @covers ::decrypt + * @covers ::encryptKey + * @covers ::decryptKey * @dataProvider providerEncryptFailed * @testdox decrypt static with wrong key $input throws $exception_message [$_dataName] * @@ -354,8 +354,8 @@ final class CoreLibsSecuritySymmetricEncryptionTest extends TestCase /** * test invalid key provided to decrypt or encrypt * - * @covers ::encrypt - * @covers ::decrypt + * @covers ::encryptKey + * @covers ::decryptKey * @dataProvider providerWrongKey * @testdox wrong key static $key throws $exception_message [$_dataName] * @@ -424,7 +424,7 @@ final class CoreLibsSecuritySymmetricEncryptionTest extends TestCase /** * Undocumented function * - * @covers ::decrypt + * @covers ::decryptKey * @dataProvider providerWrongCiphertext * @testdox too short ciphertext indirect $input throws $exception_message [$_dataName] * @@ -448,7 +448,7 @@ final class CoreLibsSecuritySymmetricEncryptionTest extends TestCase /** * Undocumented function * - * @covers ::decrypt + * @covers ::decryptKey * @dataProvider providerWrongCiphertext * @testdox too short ciphertext static $input throws $exception_message [$_dataName] * diff --git a/www/admin/class_test.encryption.php b/www/admin/class_test.encryption.php index eb366ee1..e1823554 100644 --- a/www/admin/class_test.encryption.php +++ b/www/admin/class_test.encryption.php @@ -18,6 +18,7 @@ require 'config.php'; $LOG_FILE_ID = 'classTest-encryption'; ob_end_flush(); +use CoreLibs\Security\AsymmetricAnonymousEncryption; use CoreLibs\Security\SymmetricEncryption; use CoreLibs\Security\CreateKey; @@ -36,6 +37,8 @@ print ""; print '
Class Test Master
'; print '

' . $PAGE_NAME . '

'; +print "

Symmetric Encryption

"; + $key = CreateKey::generateRandomKey(); print "Secret Key: " . $key . "
"; @@ -105,6 +108,49 @@ try { // $encrypted = $se->encrypt($string); // $decrypted = $se->decrypt($encrypted); +echo "
"; +print "

Asymmetric Encryption

"; + +$key_pair = CreateKey::createKeyPair(); +$public_key = CreateKey::getPublicKey($key_pair); + +$string = "I am some asymmetric secret"; +print "Message: " . $string . "
"; +$encrypted = sodium_crypto_box_seal($string, CreateKey::hex2bin($public_key)); +$message = sodium_bin2base64($encrypted, SODIUM_BASE64_VARIANT_ORIGINAL); +print "Encrypted PL: " . $message . "
"; +$result = sodium_base642bin($message, SODIUM_BASE64_VARIANT_ORIGINAL); +$decrypted = sodium_crypto_box_seal_open($result, CreateKey::hex2bin($key_pair)); +print "Decrypted PL: " . $decrypted . "
"; + +$encrypted = AsymmetricAnonymousEncryption::encryptKey($string, $public_key); +print "Encrypted ST: " . $encrypted . "
"; +$decrypted = AsymmetricAnonymousEncryption::decryptKey($encrypted, $key_pair); +print "Decrypted ST: " . $decrypted . "
"; + +$aa_crypt = new AsymmetricAnonymousEncryption($key_pair, $public_key); +$encrypted = $aa_crypt->encrypt($string); +print "Encrypted: " . $encrypted . "
"; +$decrypted = $aa_crypt->decrypt($encrypted); +print "Decrypted: " . $decrypted . "
"; + +print "Base64 encode: " . base64_encode('Some text here') . "
"; + +/// this has to fail +$crypt = new AsymmetricAnonymousEncryption(); +$crypt->setPublicKey(CreateKey::getPublicKey(CreateKey::createKeyPair())); +print "Public Key: " . $crypt->getPublicKey() . "
"; +try { + $crypt->setPublicKey(CreateKey::createKeyPair()); +} catch (RangeException $e) { + print "Invalid range: 
$e
"; +} +try { + $crypt->setKeyPair(CreateKey::getPublicKey(CreateKey::createKeyPair())); +} catch (RangeException $e) { + print "Invalid range: 
$e
"; +} + print ""; // __END__ diff --git a/www/lib/CoreLibs/Security/AsymmetricEncryption.php b/www/lib/CoreLibs/Security/AsymmetricEncryption.php index 6d3f3749..47c357d7 100644 --- a/www/lib/CoreLibs/Security/AsymmetricEncryption.php +++ b/www/lib/CoreLibs/Security/AsymmetricEncryption.php @@ -70,7 +70,8 @@ class AsymmetricAnonymousEncryption // new if no instsance or key is different if ( empty(self::$instance) || - self::$instance->key_pair != $key_pair + self::$instance->key_pair != $key_pair || + self::$instance->public_key != $public_key ) { self::$instance = new self($key_pair, $public_key); } @@ -100,7 +101,7 @@ class AsymmetricAnonymousEncryption $zero ^ $this->key_pair ); unset($zero); - unset($this->key_pair); + unset($this->key_pair); /** @phan-suppress-current-line PhanTypeObjectUnsetDeclaredProperty */ } /* ************************************************************************ @@ -112,6 +113,9 @@ class AsymmetricAnonymousEncryption * * @param ?string $key_pair * @return string + * @throws \UnexpectedValueException key pair empty + * @throws \UnexpectedValueException invalid hex key pair + * @throws \UnexpectedValueException key pair not correct size */ private function createKeyPair( #[\SensitiveParameter] @@ -141,6 +145,9 @@ class AsymmetricAnonymousEncryption * * @param ?string $public_key * @return string + * @throws \UnexpectedValueException public key empty + * @throws \UnexpectedValueException invalid hex key + * @throws \UnexpectedValueException invalid key length */ private function createPublicKey(?string $public_key): string { @@ -169,6 +176,8 @@ class AsymmetricAnonymousEncryption * @param string $message * @param ?string $public_key * @return string + * @throws \UnexpectedValueException create encryption failed + * @throws \UnexpectedValueException convert to base64 failed */ private function asymmetricEncryption( #[\SensitiveParameter] @@ -199,6 +208,10 @@ class AsymmetricAnonymousEncryption * @param string $message * @param ?string $key_pair * @return string + * @throws \UnexpectedValueException message string empty + * @throws \UnexpectedValueException base64 decoding failed + * @throws \UnexpectedValueException decryption failed + * @throws \UnexpectedValueException could not decrypt message */ private function asymmetricDecryption( #[\SensitiveParameter] @@ -207,7 +220,7 @@ class AsymmetricAnonymousEncryption ?string $key_pair ): string { if (empty($message)) { - throw new \UnexpectedValueException('Message string cannot be empty'); + throw new \UnexpectedValueException('Encrypted string cannot be empty'); } $key_pair = $this->createKeyPair($key_pair); try { @@ -224,14 +237,14 @@ class AsymmetricAnonymousEncryption } catch (SodiumException $e) { sodium_memzero($message); sodium_memzero($key_pair); + sodium_memzero($result); throw new \UnexpectedValueException("Decrypting message failed: " . $e->getMessage()); } - if (!is_string($plaintext)) { - sodium_memzero($key_pair); - throw new \UnexpectedValueException('Could not decrypt message'); - } - sodium_memzero($result); sodium_memzero($key_pair); + sodium_memzero($result); + if (!is_string($plaintext)) { + throw new \UnexpectedValueException('Invalid key pair'); + } return $plaintext; } @@ -244,6 +257,7 @@ class AsymmetricAnonymousEncryption * * @param string $key_pair Key pair in hex * @return void + * @throws \UnexpectedValueException key pair empty */ public function setKeyPair( #[\SensitiveParameter] @@ -252,8 +266,17 @@ class AsymmetricAnonymousEncryption if (empty($key_pair)) { throw new \UnexpectedValueException('Key pair cannot be empty'); } + // check if valid; + $this->createKeyPair($key_pair); + // set new key pair $this->key_pair = $key_pair; sodium_memzero($key_pair); + // set public key if not set + if (empty($this->public_key)) { + $this->public_key = CreateKey::getPublicKey($this->key_pair); + // check if valid + $this->createPublicKey($this->public_key); + } } /** @@ -286,12 +309,15 @@ class AsymmetricAnonymousEncryption * * @param string $public_key Public Key in hex * @return void + * @throws \UnexpectedValueException public key empty */ public function setPublicKey(string $public_key) { if (empty($public_key)) { throw new \UnexpectedValueException('Public key cannot be empty'); } + // check if valid + $this->createPublicKey($public_key); $this->public_key = $public_key; sodium_memzero($public_key); } diff --git a/www/lib/CoreLibs/Security/SymmetricEncryption.php b/www/lib/CoreLibs/Security/SymmetricEncryption.php index f22e9116..91d8c2cb 100644 --- a/www/lib/CoreLibs/Security/SymmetricEncryption.php +++ b/www/lib/CoreLibs/Security/SymmetricEncryption.php @@ -85,7 +85,7 @@ class SymmetricEncryption $zero ^ $this->key ); unset($zero); - unset($this->key); + unset($this->key); /** @phan-suppress-current-line PhanTypeObjectUnsetDeclaredProperty */ } /* ************************************************************************