, and * Robin Appelman * This file is licensed under the Affero General Public License version 3 or * later. * See the COPYING-README file. */ require_once realpath( dirname( __FILE__ ) . '/../3rdparty/Crypt_Blowfish/Blowfish.php' ); require_once realpath( dirname( __FILE__ ) . '/../../../lib/base.php' ); require_once realpath( dirname( __FILE__ ) . '/../lib/crypt.php' ); require_once realpath( dirname( __FILE__ ) . '/../lib/keymanager.php' ); require_once realpath( dirname( __FILE__ ) . '/../lib/proxy.php' ); require_once realpath( dirname( __FILE__ ) . '/../lib/stream.php' ); require_once realpath( dirname( __FILE__ ) . '/../lib/util.php' ); require_once realpath( dirname( __FILE__ ) . '/../lib/helper.php' ); require_once realpath( dirname( __FILE__ ) . '/../appinfo/app.php' ); use OCA\Encryption; /** * Class Test_Encryption_Crypt */ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { public $userId; public $pass; public $stateFilesTrashbin; public $dataLong; public $dataUrl; public $dataShort; /** * @var OC_FilesystemView */ public $view; public $legacyEncryptedData; public $genPrivateKey; public $genPublicKey; public static function setUpBeforeClass() { // reset backend \OC_User::clearBackends(); \OC_User::useBackend( 'database' ); // Filesystem related hooks \OCA\Encryption\Helper::registerFilesystemHooks(); // Filesystem related hooks \OCA\Encryption\Helper::registerUserHooks(); // clear and register hooks \OC_FileProxy::clearProxies(); \OC_FileProxy::register( new OCA\Encryption\Proxy() ); // setup filesystem \OC_Util::tearDownFS(); \OC_User::setUserId( '' ); \OC\Files\Filesystem::tearDown(); \OC_Util::setupFS( 'admin' ); \OC_User::setUserId( 'admin' ); // login admin $params['uid'] = 'admin'; $params['password'] = 'admin'; OCA\Encryption\Hooks::login( $params ); } function setUp() { // set content for encrypting / decrypting in tests $this->dataLong = file_get_contents( realpath( dirname( __FILE__ ) . '/../lib/crypt.php' ) ); $this->dataShort = 'hats'; $this->dataUrl = realpath( dirname( __FILE__ ) . '/../lib/crypt.php' ); $this->legacyData = realpath( dirname( __FILE__ ) . '/legacy-text.txt' ); $this->legacyEncryptedData = realpath( dirname( __FILE__ ) . '/legacy-encrypted-text.txt' ); $this->legacyEncryptedDataKey = realpath( dirname( __FILE__ ) . '/encryption.key' ); $this->randomKey = Encryption\Crypt::generateKey(); $keypair = Encryption\Crypt::createKeypair(); $this->genPublicKey = $keypair['publicKey']; $this->genPrivateKey = $keypair['privateKey']; $this->view = new \OC_FilesystemView( '/' ); \OC_User::setUserId( 'admin' ); $this->userId = 'admin'; $this->pass = 'admin'; $userHome = \OC_User::getHome( $this->userId ); $this->dataDir = str_replace( '/' . $this->userId, '', $userHome ); // remember files_trashbin state $this->stateFilesTrashbin = OC_App::isEnabled( 'files_trashbin' ); // we don't want to tests with app files_trashbin enabled \OC_App::disable( 'files_trashbin' ); } function tearDown() { // reset app files_trashbin if ( $this->stateFilesTrashbin ) { OC_App::enable( 'files_trashbin' ); } else { OC_App::disable( 'files_trashbin' ); } } public static function tearDownAfterClass() { } function testGenerateKey() { # TODO: use more accurate (larger) string length for test confirmation $key = Encryption\Crypt::generateKey(); $this->assertTrue( strlen( $key ) > 16 ); } /** * @return String */ function testGenerateIv() { $iv = Encryption\Crypt::generateIv(); $this->assertEquals( 16, strlen( $iv ) ); return $iv; } /** * @depends testGenerateIv */ function testConcatIv( $iv ) { $catFile = Encryption\Crypt::concatIv( $this->dataLong, $iv ); // Fetch encryption metadata from end of file $meta = substr( $catFile, -22 ); $identifier = substr( $meta, 0, 6 ); // Fetch IV from end of file $foundIv = substr( $meta, 6 ); $this->assertEquals( '00iv00', $identifier ); $this->assertEquals( $iv, $foundIv ); // Remove IV and IV identifier text to expose encrypted content $data = substr( $catFile, 0, -22 ); $this->assertEquals( $this->dataLong, $data ); return array( 'iv' => $iv , 'catfile' => $catFile ); } /** * @depends testConcatIv */ function testSplitIv( $testConcatIv ) { // Split catfile into components $splitCatfile = Encryption\Crypt::splitIv( $testConcatIv['catfile'] ); // Check that original IV and split IV match $this->assertEquals( $testConcatIv['iv'], $splitCatfile['iv'] ); // Check that original data and split data match $this->assertEquals( $this->dataLong, $splitCatfile['encrypted'] ); } /** * @return string padded */ function testAddPadding() { $padded = Encryption\Crypt::addPadding( $this->dataLong ); $padding = substr( $padded, -2 ); $this->assertEquals( 'xx', $padding ); return $padded; } /** * @depends testAddPadding */ function testRemovePadding( $padded ) { $noPadding = Encryption\Crypt::RemovePadding( $padded ); $this->assertEquals( $this->dataLong, $noPadding ); } function testEncrypt() { $random = openssl_random_pseudo_bytes( 13 ); $iv = substr( base64_encode( $random ), 0, -4 ); // i.e. E5IG033j+mRNKrht $crypted = Encryption\Crypt::encrypt( $this->dataUrl, $iv, 'hat' ); $this->assertNotEquals( $this->dataUrl, $crypted ); } function testDecrypt() { $random = openssl_random_pseudo_bytes( 13 ); $iv = substr( base64_encode( $random ), 0, -4 ); // i.e. E5IG033j+mRNKrht $crypted = Encryption\Crypt::encrypt( $this->dataUrl, $iv, 'hat' ); $decrypt = Encryption\Crypt::decrypt( $crypted, $iv, 'hat' ); $this->assertEquals( $this->dataUrl, $decrypt ); } function testSymmetricEncryptFileContent() { # TODO: search in keyfile for actual content as IV will ensure this test always passes $crypted = Encryption\Crypt::symmetricEncryptFileContent( $this->dataShort, 'hat' ); $this->assertNotEquals( $this->dataShort, $crypted ); $decrypt = Encryption\Crypt::symmetricDecryptFileContent( $crypted, 'hat' ); $this->assertEquals( $this->dataShort, $decrypt ); } function testSymmetricStreamEncryptShortFileContent() { $filename = 'tmp-' . time() . '.test'; $cryptedFile = file_put_contents( 'crypt://' . $filename, $this->dataShort ); // Test that data was successfully written $this->assertTrue( is_int( $cryptedFile ) ); // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; // Get file contents without using any wrapper to get it's actual contents on disk $retreivedCryptedFile = $this->view->file_get_contents( $this->userId . '/files/' . $filename ); // Re-enable proxy - our work is done \OC_FileProxy::$enabled = $proxyStatus; // Check that the file was encrypted before being written to disk $this->assertNotEquals( $this->dataShort, $retreivedCryptedFile ); // Get the encrypted keyfile $encKeyfile = Encryption\Keymanager::getFileKey( $this->view, $this->userId, $filename ); // Attempt to fetch the user's shareKey $shareKey = Encryption\Keymanager::getShareKey( $this->view, $this->userId, $filename ); // get session $session = new Encryption\Session( $this->view ); // get private key $privateKey = $session->getPrivateKey( $this->userId ); // Decrypt keyfile with shareKey $plainKeyfile = Encryption\Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey ); // Manually decrypt $manualDecrypt = Encryption\Crypt::symmetricDecryptFileContent( $retreivedCryptedFile, $plainKeyfile ); // Check that decrypted data matches $this->assertEquals( $this->dataShort, $manualDecrypt ); // Teardown $this->view->unlink( $this->userId . '/files/' . $filename ); Encryption\Keymanager::deleteFileKey( $this->view, $this->userId, $filename ); } /** * @brief Test that data that is written by the crypto stream wrapper * @note Encrypted data is manually prepared and decrypted here to avoid dependency on success of stream_read * @note If this test fails with truncate content, check that enough array slices are being rejoined to form $e, as the crypt.php file may have gotten longer and broken the manual * reassembly of its data */ function testSymmetricStreamEncryptLongFileContent() { // Generate a a random filename $filename = 'tmp-' . time() . '.test'; // Save long data as encrypted file using stream wrapper $cryptedFile = file_put_contents( 'crypt://' . $filename, $this->dataLong . $this->dataLong ); // Test that data was successfully written $this->assertTrue( is_int( $cryptedFile ) ); // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; // Get file contents without using any wrapper to get it's actual contents on disk $retreivedCryptedFile = $this->view->file_get_contents( $this->userId . '/files/' . $filename ); // Re-enable proxy - our work is done \OC_FileProxy::$enabled = $proxyStatus; // Check that the file was encrypted before being written to disk $this->assertNotEquals( $this->dataLong . $this->dataLong, $retreivedCryptedFile ); // Manuallly split saved file into separate IVs and encrypted chunks $r = preg_split( '/(00iv00.{16,18})/', $retreivedCryptedFile, NULL, PREG_SPLIT_DELIM_CAPTURE ); //print_r($r); // Join IVs and their respective data chunks $e = array( $r[0] . $r[1], $r[2] . $r[3], $r[4] . $r[5], $r[6] . $r[7], $r[8] . $r[9], $r[10] . $r[11] ); //.$r[11], $r[12].$r[13], $r[14] ); //print_r($e); // Get the encrypted keyfile $encKeyfile = Encryption\Keymanager::getFileKey( $this->view, $this->userId, $filename ); // Attempt to fetch the user's shareKey $shareKey = Encryption\Keymanager::getShareKey( $this->view, $this->userId, $filename ); // get session $session = new Encryption\Session( $this->view ); // get private key $privateKey = $session->getPrivateKey( $this->userId ); // Decrypt keyfile with shareKey $plainKeyfile = Encryption\Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey ); // Set var for reassembling decrypted content $decrypt = ''; // Manually decrypt chunk foreach ( $e as $chunk ) { $chunkDecrypt = Encryption\Crypt::symmetricDecryptFileContent( $chunk, $plainKeyfile ); // Assemble decrypted chunks $decrypt .= $chunkDecrypt; } $this->assertEquals( $this->dataLong . $this->dataLong, $decrypt ); // Teardown $this->view->unlink( $this->userId . '/files/' . $filename ); Encryption\Keymanager::deleteFileKey( $this->view, $this->userId, $filename ); } /** * @brief Test that data that is read by the crypto stream wrapper */ function testSymmetricStreamDecryptShortFileContent() { $filename = 'tmp-' . time(); // Save long data as encrypted file using stream wrapper $cryptedFile = file_put_contents( 'crypt://' . $filename, $this->dataShort ); // Test that data was successfully written $this->assertTrue( is_int( $cryptedFile ) ); // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; $this->assertTrue( Encryption\Crypt::isEncryptedMeta( $filename ) ); \OC_FileProxy::$enabled = $proxyStatus; // Get file decrypted contents $decrypt = file_get_contents( 'crypt://' . $filename ); $this->assertEquals( $this->dataShort, $decrypt ); // tear down $this->view->unlink( $this->userId . '/files/' . $filename ); } function testSymmetricStreamDecryptLongFileContent() { $filename = 'tmp-' . time(); // Save long data as encrypted file using stream wrapper $cryptedFile = file_put_contents( 'crypt://' . $filename, $this->dataLong ); // Test that data was successfully written $this->assertTrue( is_int( $cryptedFile ) ); // Get file decrypted contents $decrypt = file_get_contents( 'crypt://' . $filename ); $this->assertEquals( $this->dataLong, $decrypt ); // tear down $this->view->unlink( $this->userId . '/files/' . $filename ); } function testSymmetricEncryptFileContentKeyfile() { # TODO: search in keyfile for actual content as IV will ensure this test always passes $crypted = Encryption\Crypt::symmetricEncryptFileContentKeyfile( $this->dataUrl ); $this->assertNotEquals( $this->dataUrl, $crypted['encrypted'] ); $decrypt = Encryption\Crypt::symmetricDecryptFileContent( $crypted['encrypted'], $crypted['key'] ); $this->assertEquals( $this->dataUrl, $decrypt ); } function testIsEncryptedContent() { $this->assertFalse( Encryption\Crypt::isCatfileContent( $this->dataUrl ) ); $this->assertFalse( Encryption\Crypt::isCatfileContent( $this->legacyEncryptedData ) ); $keyfileContent = Encryption\Crypt::symmetricEncryptFileContent( $this->dataUrl, 'hat' ); $this->assertTrue( Encryption\Crypt::isCatfileContent( $keyfileContent ) ); } function testMultiKeyEncrypt() { # TODO: search in keyfile for actual content as IV will ensure this test always passes $pair1 = Encryption\Crypt::createKeypair(); $this->assertEquals( 2, count( $pair1 ) ); $this->assertTrue( strlen( $pair1['publicKey'] ) > 1 ); $this->assertTrue( strlen( $pair1['privateKey'] ) > 1 ); $crypted = Encryption\Crypt::multiKeyEncrypt( $this->dataShort, array( $pair1['publicKey'] ) ); $this->assertNotEquals( $this->dataShort, $crypted['data'] ); $decrypt = Encryption\Crypt::multiKeyDecrypt( $crypted['data'], $crypted['keys'][0], $pair1['privateKey'] ); $this->assertEquals( $this->dataShort, $decrypt ); } function testKeyEncrypt() { // Generate keypair $pair1 = Encryption\Crypt::createKeypair(); // Encrypt data $crypted = Encryption\Crypt::keyEncrypt( $this->dataUrl, $pair1['publicKey'] ); $this->assertNotEquals( $this->dataUrl, $crypted ); // Decrypt data $decrypt = Encryption\Crypt::keyDecrypt( $crypted, $pair1['privateKey'] ); $this->assertEquals( $this->dataUrl, $decrypt ); } /** * @brief test encryption using legacy blowfish method */ function testLegacyEncryptShort() { $crypted = Encryption\Crypt::legacyEncrypt( $this->dataShort, $this->pass ); $this->assertNotEquals( $this->dataShort, $crypted ); # TODO: search inencrypted text for actual content to ensure it # genuine transformation return $crypted; } /** * @brief test decryption using legacy blowfish method * @depends testLegacyEncryptShort */ function testLegacyDecryptShort( $crypted ) { $decrypted = Encryption\Crypt::legacyDecrypt( $crypted, $this->pass ); $this->assertEquals( $this->dataShort, $decrypted ); } /** * @brief test encryption using legacy blowfish method */ function testLegacyEncryptLong() { $crypted = Encryption\Crypt::legacyEncrypt( $this->dataLong, $this->pass ); $this->assertNotEquals( $this->dataLong, $crypted ); # TODO: search inencrypted text for actual content to ensure it # genuine transformation return $crypted; } /** * @brief test decryption using legacy blowfish method * @depends testLegacyEncryptLong */ function testLegacyDecryptLong( $crypted ) { $decrypted = Encryption\Crypt::legacyDecrypt( $crypted, $this->pass ); $this->assertEquals( $this->dataLong, $decrypted ); $this->assertFalse( Encryption\Crypt::getBlowfish( '' ) ); } /** * @brief test generation of legacy encryption key * @depends testLegacyDecryptShort */ function testLegacyCreateKey() { // Create encrypted key $encKey = Encryption\Crypt::legacyCreateKey( $this->pass ); // Decrypt key $key = Encryption\Crypt::legacyDecrypt( $encKey, $this->pass ); $this->assertTrue( is_numeric( $key ) ); // Check that key is correct length $this->assertEquals( 20, strlen( $key ) ); } /** * @brief test decryption using legacy blowfish method * @depends testLegacyEncryptLong */ function testLegacyKeyRecryptKeyfileEncrypt( $crypted ) { $recrypted = Encryption\Crypt::LegacyKeyRecryptKeyfile( $crypted, $this->pass, array( $this->genPublicKey ), $this->pass, '' ); $this->assertNotEquals( $this->dataLong, $recrypted['data'] ); return $recrypted; # TODO: search inencrypted text for actual content to ensure it # genuine transformation } function testRenameFile() { $filename = 'tmp-' . time(); // Save long data as encrypted file using stream wrapper $cryptedFile = file_put_contents( 'crypt://' . $filename, $this->dataLong ); // Test that data was successfully written $this->assertTrue( is_int( $cryptedFile ) ); // Get file decrypted contents $decrypt = file_get_contents( 'crypt://' . $filename ); $this->assertEquals( $this->dataLong, $decrypt ); $newFilename = 'tmp-new-' . time(); $view = new \OC\Files\View( '/' . $this->userId . '/files' ); $view->rename( $filename, $newFilename ); // Get file decrypted contents $newDecrypt = file_get_contents( 'crypt://' . $newFilename ); $this->assertEquals( $this->dataLong, $newDecrypt ); // tear down $view->unlink( $newFilename ); } function testMoveFileIntoFolder() { $filename = 'tmp-' . time(); // Save long data as encrypted file using stream wrapper $cryptedFile = file_put_contents( 'crypt://' . $filename, $this->dataLong ); // Test that data was successfully written $this->assertTrue( is_int( $cryptedFile ) ); // Get file decrypted contents $decrypt = file_get_contents( 'crypt://' . $filename ); $this->assertEquals( $this->dataLong, $decrypt ); $newFolder = '/newfolder' . time(); $newFilename = 'tmp-new-' . time(); $view = new \OC\Files\View( '/' . $this->userId . '/files' ); $view->mkdir( $newFolder ); $view->rename( $filename, $newFolder . '/' . $newFilename ); // Get file decrypted contents $newDecrypt = file_get_contents( 'crypt://' . $newFolder . '/' . $newFilename ); $this->assertEquals( $this->dataLong, $newDecrypt ); // tear down $view->unlink( $newFolder ); } function testMoveFolder() { $view = new \OC\Files\View( '/' . $this->userId . '/files' ); $filename = '/tmp-' . time(); $folder = '/folder' . time(); $view->mkdir( $folder ); // Save long data as encrypted file using stream wrapper $cryptedFile = file_put_contents( 'crypt://' . $folder . $filename, $this->dataLong ); // Test that data was successfully written $this->assertTrue( is_int( $cryptedFile ) ); // Get file decrypted contents $decrypt = file_get_contents( 'crypt://' . $folder . $filename ); $this->assertEquals( $this->dataLong, $decrypt ); $newFolder = '/newfolder/subfolder' . time(); $view->mkdir( '/newfolder' ); $view->rename( $folder, $newFolder ); // Get file decrypted contents $newDecrypt = file_get_contents( 'crypt://' . $newFolder . $filename ); $this->assertEquals( $this->dataLong, $newDecrypt ); // tear down $view->unlink( $newFolder ); $view->unlink( '/newfolder' ); } function testChangePassphrase() { $filename = 'tmp-' . time(); // Save long data as encrypted file using stream wrapper $cryptedFile = file_put_contents( 'crypt://' . $filename, $this->dataLong ); // Test that data was successfully written $this->assertTrue( is_int( $cryptedFile ) ); // Get file decrypted contents $decrypt = file_get_contents( 'crypt://' . $filename ); $this->assertEquals( $this->dataLong, $decrypt ); // change password \OC_User::setPassword( $this->userId, 'test', null ); // relogin $params['uid'] = $this->userId; $params['password'] = 'test'; OCA\Encryption\Hooks::login( $params ); // Get file decrypted contents $newDecrypt = file_get_contents( 'crypt://' . $filename ); $this->assertEquals( $this->dataLong, $newDecrypt ); // tear down // change password back \OC_User::setPassword( $this->userId, $this->pass ); $view = new \OC\Files\View( '/' . $this->userId . '/files' ); $view->unlink( $filename ); } function testViewFilePutAndGetContents() { $filename = '/tmp-' . time(); $view = new \OC\Files\View( '/' . $this->userId . '/files' ); // Save short data as encrypted file using stream wrapper $cryptedFile = $view->file_put_contents( $filename, $this->dataShort ); // Test that data was successfully written $this->assertTrue( is_int( $cryptedFile ) ); // Get file decrypted contents $decrypt = $view->file_get_contents( $filename ); $this->assertEquals( $this->dataShort, $decrypt ); // Save long data as encrypted file using stream wrapper $cryptedFileLong = $view->file_put_contents( $filename, $this->dataLong ); // Test that data was successfully written $this->assertTrue( is_int( $cryptedFileLong ) ); // Get file decrypted contents $decryptLong = $view->file_get_contents( $filename ); $this->assertEquals( $this->dataLong, $decryptLong ); // tear down $view->unlink( $filename ); } function testTouchExistingFile() { $filename = '/tmp-' . time(); $view = new \OC\Files\View( '/' . $this->userId . '/files' ); // Save short data as encrypted file using stream wrapper $cryptedFile = $view->file_put_contents( $filename, $this->dataShort ); // Test that data was successfully written $this->assertTrue( is_int( $cryptedFile ) ); $view->touch( $filename ); // Get file decrypted contents $decrypt = $view->file_get_contents( $filename ); $this->assertEquals( $this->dataShort, $decrypt ); // tear down $view->unlink( $filename ); } function testTouchFile() { $filename = '/tmp-' . time(); $view = new \OC\Files\View( '/' . $this->userId . '/files' ); $view->touch( $filename ); // Save short data as encrypted file using stream wrapper $cryptedFile = $view->file_put_contents( $filename, $this->dataShort ); // Test that data was successfully written $this->assertTrue( is_int( $cryptedFile ) ); // Get file decrypted contents $decrypt = $view->file_get_contents( $filename ); $this->assertEquals( $this->dataShort, $decrypt ); // tear down $view->unlink( $filename ); } function testFopenFile() { $filename = '/tmp-' . time(); $view = new \OC\Files\View( '/' . $this->userId . '/files' ); // Save short data as encrypted file using stream wrapper $cryptedFile = $view->file_put_contents( $filename, $this->dataShort ); // Test that data was successfully written $this->assertTrue( is_int( $cryptedFile ) ); $handle = $view->fopen( $filename, 'r' ); // Get file decrypted contents $decrypt = fgets( $handle ); $this->assertEquals( $this->dataShort, $decrypt ); // tear down $view->unlink( $filename ); } }