, and * Robin Appelman * This file is licensed under the Affero General Public License version 3 or * later. * See the COPYING-README file. */ require_once realpath(dirname(__FILE__) . '/../3rdparty/Crypt_Blowfish/Blowfish.php'); require_once realpath(dirname(__FILE__) . '/../../../lib/base.php'); require_once realpath(dirname(__FILE__) . '/../lib/crypt.php'); require_once realpath(dirname(__FILE__) . '/../lib/keymanager.php'); require_once realpath(dirname(__FILE__) . '/../lib/proxy.php'); require_once realpath(dirname(__FILE__) . '/../lib/stream.php'); require_once realpath(dirname(__FILE__) . '/../lib/util.php'); require_once realpath(dirname(__FILE__) . '/../lib/helper.php'); require_once realpath(dirname(__FILE__) . '/../appinfo/app.php'); require_once realpath(dirname(__FILE__) . '/util.php'); use OCA\Encryption; /** * Class Test_Encryption_Crypt */ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { const TEST_ENCRYPTION_CRYPT_USER1 = "test-crypt-user1"; public $userId; public $pass; public $stateFilesTrashbin; public $dataLong; public $dataUrl; public $dataShort; /** * @var OC_FilesystemView */ public $view; public $legacyEncryptedData; public $genPrivateKey; public $genPublicKey; public static function setUpBeforeClass() { // reset backend \OC_User::clearBackends(); \OC_User::useBackend('database'); // Filesystem related hooks \OCA\Encryption\Helper::registerFilesystemHooks(); // Filesystem related hooks \OCA\Encryption\Helper::registerUserHooks(); // clear and register hooks \OC_FileProxy::clearProxies(); \OC_FileProxy::register(new OCA\Encryption\Proxy()); // create test user \Test_Encryption_Util::loginHelper(\Test_Encryption_Crypt::TEST_ENCRYPTION_CRYPT_USER1, true); } function setUp() { // set user id \OC_User::setUserId(\Test_Encryption_Crypt::TEST_ENCRYPTION_CRYPT_USER1); $this->userId = \Test_Encryption_Crypt::TEST_ENCRYPTION_CRYPT_USER1; $this->pass = \Test_Encryption_Crypt::TEST_ENCRYPTION_CRYPT_USER1; // set content for encrypting / decrypting in tests $this->dataLong = file_get_contents(realpath(dirname(__FILE__) . '/../lib/crypt.php')); $this->dataShort = 'hats'; $this->dataUrl = realpath(dirname(__FILE__) . '/../lib/crypt.php'); $this->legacyData = realpath(dirname(__FILE__) . '/legacy-text.txt'); $this->legacyEncryptedData = realpath(dirname(__FILE__) . '/legacy-encrypted-text.txt'); $this->legacyEncryptedDataKey = realpath(dirname(__FILE__) . '/encryption.key'); $this->randomKey = Encryption\Crypt::generateKey(); $keypair = Encryption\Crypt::createKeypair(); $this->genPublicKey = $keypair['publicKey']; $this->genPrivateKey = $keypair['privateKey']; $this->view = new \OC_FilesystemView('/'); // remember files_trashbin state $this->stateFilesTrashbin = OC_App::isEnabled('files_trashbin'); // we don't want to tests with app files_trashbin enabled \OC_App::disable('files_trashbin'); } function tearDown() { // reset app files_trashbin if ($this->stateFilesTrashbin) { OC_App::enable('files_trashbin'); } else { OC_App::disable('files_trashbin'); } } public static function tearDownAfterClass() { // cleanup test user \OC_User::deleteUser(\Test_Encryption_Crypt::TEST_ENCRYPTION_CRYPT_USER1); } function testGenerateKey() { # TODO: use more accurate (larger) string length for test confirmation $key = Encryption\Crypt::generateKey(); $this->assertTrue(strlen($key) > 16); } /** * @return String */ function testGenerateIv() { $iv = Encryption\Crypt::generateIv(); $this->assertEquals(16, strlen($iv)); return $iv; } /** * @depends testGenerateIv */ function testConcatIv($iv) { $catFile = Encryption\Crypt::concatIv($this->dataLong, $iv); // Fetch encryption metadata from end of file $meta = substr($catFile, -22); $identifier = substr($meta, 0, 6); // Fetch IV from end of file $foundIv = substr($meta, 6); $this->assertEquals('00iv00', $identifier); $this->assertEquals($iv, $foundIv); // Remove IV and IV identifier text to expose encrypted content $data = substr($catFile, 0, -22); $this->assertEquals($this->dataLong, $data); return array( 'iv' => $iv , 'catfile' => $catFile ); } /** * @depends testConcatIv */ function testSplitIv($testConcatIv) { // Split catfile into components $splitCatfile = Encryption\Crypt::splitIv($testConcatIv['catfile']); // Check that original IV and split IV match $this->assertEquals($testConcatIv['iv'], $splitCatfile['iv']); // Check that original data and split data match $this->assertEquals($this->dataLong, $splitCatfile['encrypted']); } /** * @return string padded */ function testAddPadding() { $padded = Encryption\Crypt::addPadding($this->dataLong); $padding = substr($padded, -2); $this->assertEquals('xx', $padding); return $padded; } /** * @depends testAddPadding */ function testRemovePadding($padded) { $noPadding = Encryption\Crypt::RemovePadding($padded); $this->assertEquals($this->dataLong, $noPadding); } function testEncrypt() { $random = openssl_random_pseudo_bytes(13); $iv = substr(base64_encode($random), 0, -4); // i.e. E5IG033j+mRNKrht $crypted = Encryption\Crypt::encrypt($this->dataUrl, $iv, 'hat'); $this->assertNotEquals($this->dataUrl, $crypted); } function testDecrypt() { $random = openssl_random_pseudo_bytes(13); $iv = substr(base64_encode($random), 0, -4); // i.e. E5IG033j+mRNKrht $crypted = Encryption\Crypt::encrypt($this->dataUrl, $iv, 'hat'); $decrypt = Encryption\Crypt::decrypt($crypted, $iv, 'hat'); $this->assertEquals($this->dataUrl, $decrypt); } function testSymmetricEncryptFileContent() { # TODO: search in keyfile for actual content as IV will ensure this test always passes $crypted = Encryption\Crypt::symmetricEncryptFileContent($this->dataShort, 'hat'); $this->assertNotEquals($this->dataShort, $crypted); $decrypt = Encryption\Crypt::symmetricDecryptFileContent($crypted, 'hat'); $this->assertEquals($this->dataShort, $decrypt); } function testSymmetricStreamEncryptShortFileContent() { $filename = 'tmp-' . time() . '.test'; $cryptedFile = file_put_contents('crypt://' . $filename, $this->dataShort); // Test that data was successfully written $this->assertTrue(is_int($cryptedFile)); // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; // Get file contents without using any wrapper to get it's actual contents on disk $retreivedCryptedFile = $this->view->file_get_contents($this->userId . '/files/' . $filename); // Re-enable proxy - our work is done \OC_FileProxy::$enabled = $proxyStatus; // Check that the file was encrypted before being written to disk $this->assertNotEquals($this->dataShort, $retreivedCryptedFile); // Get the encrypted keyfile $encKeyfile = Encryption\Keymanager::getFileKey($this->view, $this->userId, $filename); // Attempt to fetch the user's shareKey $shareKey = Encryption\Keymanager::getShareKey($this->view, $this->userId, $filename); // get session $session = new Encryption\Session($this->view); // get private key $privateKey = $session->getPrivateKey($this->userId); // Decrypt keyfile with shareKey $plainKeyfile = Encryption\Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey); // Manually decrypt $manualDecrypt = Encryption\Crypt::symmetricDecryptFileContent($retreivedCryptedFile, $plainKeyfile); // Check that decrypted data matches $this->assertEquals($this->dataShort, $manualDecrypt); // Teardown $this->view->unlink($this->userId . '/files/' . $filename); Encryption\Keymanager::deleteFileKey($this->view, $this->userId, $filename); } /** * @brief Test that data that is written by the crypto stream wrapper * @note Encrypted data is manually prepared and decrypted here to avoid dependency on success of stream_read * @note If this test fails with truncate content, check that enough array slices are being rejoined to form $e, as the crypt.php file may have gotten longer and broken the manual * reassembly of its data */ function testSymmetricStreamEncryptLongFileContent() { // Generate a a random filename $filename = 'tmp-' . time() . '.test'; // Save long data as encrypted file using stream wrapper $cryptedFile = file_put_contents('crypt://' . $filename, $this->dataLong . $this->dataLong); // Test that data was successfully written $this->assertTrue(is_int($cryptedFile)); // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; // Get file contents without using any wrapper to get it's actual contents on disk $retreivedCryptedFile = $this->view->file_get_contents($this->userId . '/files/' . $filename); // Re-enable proxy - our work is done \OC_FileProxy::$enabled = $proxyStatus; // Check that the file was encrypted before being written to disk $this->assertNotEquals($this->dataLong . $this->dataLong, $retreivedCryptedFile); // Manuallly split saved file into separate IVs and encrypted chunks $r = preg_split('/(00iv00.{16,18})/', $retreivedCryptedFile, NULL, PREG_SPLIT_DELIM_CAPTURE); //print_r($r); // Join IVs and their respective data chunks $e = array( $r[0] . $r[1], $r[2] . $r[3], $r[4] . $r[5], $r[6] . $r[7], $r[8] . $r[9], $r[10] . $r[11] ); //.$r[11], $r[12].$r[13], $r[14] ); //print_r($e); // Get the encrypted keyfile $encKeyfile = Encryption\Keymanager::getFileKey($this->view, $this->userId, $filename); // Attempt to fetch the user's shareKey $shareKey = Encryption\Keymanager::getShareKey($this->view, $this->userId, $filename); // get session $session = new Encryption\Session($this->view); // get private key $privateKey = $session->getPrivateKey($this->userId); // Decrypt keyfile with shareKey $plainKeyfile = Encryption\Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey); // Set var for reassembling decrypted content $decrypt = ''; // Manually decrypt chunk foreach ($e as $chunk) { $chunkDecrypt = Encryption\Crypt::symmetricDecryptFileContent($chunk, $plainKeyfile); // Assemble decrypted chunks $decrypt .= $chunkDecrypt; } $this->assertEquals($this->dataLong . $this->dataLong, $decrypt); // Teardown $this->view->unlink($this->userId . '/files/' . $filename); Encryption\Keymanager::deleteFileKey($this->view, $this->userId, $filename); } /** * @brief Test that data that is read by the crypto stream wrapper */ function testSymmetricStreamDecryptShortFileContent() { $filename = 'tmp-' . time(); // Save long data as encrypted file using stream wrapper $cryptedFile = file_put_contents('crypt://' . $filename, $this->dataShort); // Test that data was successfully written $this->assertTrue(is_int($cryptedFile)); // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; $this->assertTrue(Encryption\Crypt::isEncryptedMeta($filename)); \OC_FileProxy::$enabled = $proxyStatus; // Get file decrypted contents $decrypt = file_get_contents('crypt://' . $filename); $this->assertEquals($this->dataShort, $decrypt); // tear down $this->view->unlink($this->userId . '/files/' . $filename); } function testSymmetricStreamDecryptLongFileContent() { $filename = 'tmp-' . time(); // Save long data as encrypted file using stream wrapper $cryptedFile = file_put_contents('crypt://' . $filename, $this->dataLong); // Test that data was successfully written $this->assertTrue(is_int($cryptedFile)); // Get file decrypted contents $decrypt = file_get_contents('crypt://' . $filename); $this->assertEquals($this->dataLong, $decrypt); // tear down $this->view->unlink($this->userId . '/files/' . $filename); } function testSymmetricEncryptFileContentKeyfile() { # TODO: search in keyfile for actual content as IV will ensure this test always passes $crypted = Encryption\Crypt::symmetricEncryptFileContentKeyfile($this->dataUrl); $this->assertNotEquals($this->dataUrl, $crypted['encrypted']); $decrypt = Encryption\Crypt::symmetricDecryptFileContent($crypted['encrypted'], $crypted['key']); $this->assertEquals($this->dataUrl, $decrypt); } function testIsEncryptedContent() { $this->assertFalse(Encryption\Crypt::isCatfileContent($this->dataUrl)); $this->assertFalse(Encryption\Crypt::isCatfileContent($this->legacyEncryptedData)); $keyfileContent = Encryption\Crypt::symmetricEncryptFileContent($this->dataUrl, 'hat'); $this->assertTrue(Encryption\Crypt::isCatfileContent($keyfileContent)); } function testMultiKeyEncrypt() { # TODO: search in keyfile for actual content as IV will ensure this test always passes $pair1 = Encryption\Crypt::createKeypair(); $this->assertEquals(2, count($pair1)); $this->assertTrue(strlen($pair1['publicKey']) > 1); $this->assertTrue(strlen($pair1['privateKey']) > 1); $crypted = Encryption\Crypt::multiKeyEncrypt($this->dataShort, array($pair1['publicKey'])); $this->assertNotEquals($this->dataShort, $crypted['data']); $decrypt = Encryption\Crypt::multiKeyDecrypt($crypted['data'], $crypted['keys'][0], $pair1['privateKey']); $this->assertEquals($this->dataShort, $decrypt); } function testKeyEncrypt() { // Generate keypair $pair1 = Encryption\Crypt::createKeypair(); // Encrypt data $crypted = Encryption\Crypt::keyEncrypt($this->dataUrl, $pair1['publicKey']); $this->assertNotEquals($this->dataUrl, $crypted); // Decrypt data $decrypt = Encryption\Crypt::keyDecrypt($crypted, $pair1['privateKey']); $this->assertEquals($this->dataUrl, $decrypt); } /** * @brief test encryption using legacy blowfish method */ function testLegacyEncryptShort() { $crypted = Encryption\Crypt::legacyEncrypt($this->dataShort, $this->pass); $this->assertNotEquals($this->dataShort, $crypted); # TODO: search inencrypted text for actual content to ensure it # genuine transformation return $crypted; } /** * @brief test decryption using legacy blowfish method * @depends testLegacyEncryptShort */ function testLegacyDecryptShort($crypted) { $decrypted = Encryption\Crypt::legacyDecrypt($crypted, $this->pass); $this->assertEquals($this->dataShort, $decrypted); } /** * @brief test encryption using legacy blowfish method */ function testLegacyEncryptLong() { $crypted = Encryption\Crypt::legacyEncrypt($this->dataLong, $this->pass); $this->assertNotEquals($this->dataLong, $crypted); # TODO: search inencrypted text for actual content to ensure it # genuine transformation return $crypted; } /** * @brief test decryption using legacy blowfish method * @depends testLegacyEncryptLong */ function testLegacyDecryptLong($crypted) { $decrypted = Encryption\Crypt::legacyDecrypt($crypted, $this->pass); $this->assertEquals($this->dataLong, $decrypted); $this->assertFalse(Encryption\Crypt::getBlowfish('')); } /** * @brief test generation of legacy encryption key * @depends testLegacyDecryptShort */ function testLegacyCreateKey() { // Create encrypted key $encKey = Encryption\Crypt::legacyCreateKey($this->pass); // Decrypt key $key = Encryption\Crypt::legacyDecrypt($encKey, $this->pass); $this->assertTrue(is_numeric($key)); // Check that key is correct length $this->assertEquals(20, strlen($key)); } /** * @brief test decryption using legacy blowfish method * @depends testLegacyEncryptLong */ function testLegacyKeyRecryptKeyfileEncrypt($crypted) { $recrypted = Encryption\Crypt::LegacyKeyRecryptKeyfile($crypted, $this->pass, array($this->genPublicKey)); $this->assertNotEquals($this->dataLong, $recrypted['data']); return $recrypted; # TODO: search inencrypted text for actual content to ensure it # genuine transformation } function testRenameFile() { $filename = 'tmp-' . time(); // Save long data as encrypted file using stream wrapper $cryptedFile = file_put_contents('crypt://' . $filename, $this->dataLong); // Test that data was successfully written $this->assertTrue(is_int($cryptedFile)); // Get file decrypted contents $decrypt = file_get_contents('crypt://' . $filename); $this->assertEquals($this->dataLong, $decrypt); $newFilename = 'tmp-new-' . time(); $view = new \OC\Files\View('/' . $this->userId . '/files'); $view->rename($filename, $newFilename); // Get file decrypted contents $newDecrypt = file_get_contents('crypt://' . $newFilename); $this->assertEquals($this->dataLong, $newDecrypt); // tear down $view->unlink($newFilename); } function testMoveFileIntoFolder() { $filename = 'tmp-' . time(); // Save long data as encrypted file using stream wrapper $cryptedFile = file_put_contents('crypt://' . $filename, $this->dataLong); // Test that data was successfully written $this->assertTrue(is_int($cryptedFile)); // Get file decrypted contents $decrypt = file_get_contents('crypt://' . $filename); $this->assertEquals($this->dataLong, $decrypt); $newFolder = '/newfolder' . time(); $newFilename = 'tmp-new-' . time(); $view = new \OC\Files\View('/' . $this->userId . '/files'); $view->mkdir($newFolder); $view->rename($filename, $newFolder . '/' . $newFilename); // Get file decrypted contents $newDecrypt = file_get_contents('crypt://' . $newFolder . '/' . $newFilename); $this->assertEquals($this->dataLong, $newDecrypt); // tear down $view->unlink($newFolder); } function testMoveFolder() { $view = new \OC\Files\View('/' . $this->userId . '/files'); $filename = '/tmp-' . time(); $folder = '/folder' . time(); $view->mkdir($folder); // Save long data as encrypted file using stream wrapper $cryptedFile = file_put_contents('crypt://' . $folder . $filename, $this->dataLong); // Test that data was successfully written $this->assertTrue(is_int($cryptedFile)); // Get file decrypted contents $decrypt = file_get_contents('crypt://' . $folder . $filename); $this->assertEquals($this->dataLong, $decrypt); $newFolder = '/newfolder/subfolder' . time(); $view->mkdir('/newfolder'); $view->rename($folder, $newFolder); // Get file decrypted contents $newDecrypt = file_get_contents('crypt://' . $newFolder . $filename); $this->assertEquals($this->dataLong, $newDecrypt); // tear down $view->unlink($newFolder); $view->unlink('/newfolder'); } function testChangePassphrase() { $filename = 'tmp-' . time(); // Save long data as encrypted file using stream wrapper $cryptedFile = file_put_contents('crypt://' . $filename, $this->dataLong); // Test that data was successfully written $this->assertTrue(is_int($cryptedFile)); // Get file decrypted contents $decrypt = file_get_contents('crypt://' . $filename); $this->assertEquals($this->dataLong, $decrypt); // change password \OC_User::setPassword($this->userId, 'test', null); // relogin $params['uid'] = $this->userId; $params['password'] = 'test'; OCA\Encryption\Hooks::login($params); // Get file decrypted contents $newDecrypt = file_get_contents('crypt://' . $filename); $this->assertEquals($this->dataLong, $newDecrypt); // tear down // change password back \OC_User::setPassword($this->userId, $this->pass); $view = new \OC\Files\View('/' . $this->userId . '/files'); $view->unlink($filename); } function testViewFilePutAndGetContents() { $filename = '/tmp-' . time(); $view = new \OC\Files\View('/' . $this->userId . '/files'); // Save short data as encrypted file using stream wrapper $cryptedFile = $view->file_put_contents($filename, $this->dataShort); // Test that data was successfully written $this->assertTrue(is_int($cryptedFile)); // Get file decrypted contents $decrypt = $view->file_get_contents($filename); $this->assertEquals($this->dataShort, $decrypt); // Save long data as encrypted file using stream wrapper $cryptedFileLong = $view->file_put_contents($filename, $this->dataLong); // Test that data was successfully written $this->assertTrue(is_int($cryptedFileLong)); // Get file decrypted contents $decryptLong = $view->file_get_contents($filename); $this->assertEquals($this->dataLong, $decryptLong); // tear down $view->unlink($filename); } function testTouchExistingFile() { $filename = '/tmp-' . time(); $view = new \OC\Files\View('/' . $this->userId . '/files'); // Save short data as encrypted file using stream wrapper $cryptedFile = $view->file_put_contents($filename, $this->dataShort); // Test that data was successfully written $this->assertTrue(is_int($cryptedFile)); $view->touch($filename); // Get file decrypted contents $decrypt = $view->file_get_contents($filename); $this->assertEquals($this->dataShort, $decrypt); // tear down $view->unlink($filename); } function testTouchFile() { $filename = '/tmp-' . time(); $view = new \OC\Files\View('/' . $this->userId . '/files'); $view->touch($filename); // Save short data as encrypted file using stream wrapper $cryptedFile = $view->file_put_contents($filename, $this->dataShort); // Test that data was successfully written $this->assertTrue(is_int($cryptedFile)); // Get file decrypted contents $decrypt = $view->file_get_contents($filename); $this->assertEquals($this->dataShort, $decrypt); // tear down $view->unlink($filename); } function testFopenFile() { $filename = '/tmp-' . time(); $view = new \OC\Files\View('/' . $this->userId . '/files'); // Save short data as encrypted file using stream wrapper $cryptedFile = $view->file_put_contents($filename, $this->dataShort); // Test that data was successfully written $this->assertTrue(is_int($cryptedFile)); $handle = $view->fopen($filename, 'r'); // Get file decrypted contents $decrypt = fgets($handle); $this->assertEquals($this->dataShort, $decrypt); // tear down $view->unlink($filename); } }