WebSVN – Moodle – Diff – /lib/tests/encryption_test.php

  * @package core
  * @copyright 2020 The Open University
  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  * @covers  \core\encryption
  */
-class encryption_test extends advanced_testcase {
+final class encryption_test extends advanced_testcase {
-    /**
-     * Clear junk created by tests.
-     */
-    protected function tearDown(): void {
-        global $CFG;
-        $keyfile = encryption::get_key_file(encryption::METHOD_OPENSSL);
-        if (file_exists($keyfile)) {
-            chmod($keyfile, 0700);
-        }
-        $keyfile = encryption::get_key_file(encryption::METHOD_SODIUM);
-        if (file_exists($keyfile)) {
-            chmod($keyfile, 0700);
-        }
-        remove_dir($CFG->dataroot . '/secret');
-        unset($CFG->nokeygeneration);
-    }
     protected function setUp(): void {
-        $this->tearDown();
         parent::setUp();
         require_once(__DIR__ . '/fixtures/testable_encryption.php');
+    }
     /**
-     * Many of the tests work with both encryption methods.
+     * Return a list of supported encryption methods
+     *
      * @return array[] Array of method options for test
      */
-    public function encryption_method_provider(): array {
+    public static function encryption_method_provider(): array {
         return [
             'Sodium' => [encryption::METHOD_SODIUM],
         $this->expectExceptionMessage('Key already exists');
         encryption::create_key($method);
+    }
-    /**
-     * Test that we can create keys for legacy {@see encryption::METHOD_OPENSSL} content
-     */
-    public function test_create_key_openssl(): void {
-        encryption::create_key(encryption::METHOD_OPENSSL);
-        $key = testable_encryption::get_key(encryption::METHOD_OPENSSL);
-        $this->assertEquals(32, strlen($key));
-        $this->expectExceptionMessage('Key already exists');
-        encryption::create_key(encryption::METHOD_OPENSSL);
-    }
     /**
      * Tests encryption and decryption with empty strings.
      */
     public function test_encrypt_and_decrypt_empty(): void {
         $this->assertEquals('', encryption::encrypt(''));
         $this->expectExceptionMessage('Key not found');
         encryption::encrypt('frogs', $method);
+    }
-    /**
-     * Test that attempting to encrypt with legacy {@see encryption::METHOD_OPENSSL} method falls back to Sodium
-     */
-    public function test_encrypt_openssl(): void {
-        $encrypted = encryption::encrypt('Frogs', encryption::METHOD_OPENSSL);
-        $this->assertStringStartsWith(encryption::METHOD_SODIUM . ':', $encrypted);
-        $this->assertDebuggingCalledCount(1, ['Encryption using legacy OpenSSL is deprecated, reverting to Sodium']);
-    }
     /**
      * Tests decryption when the data has a different encryption method
      */
     public function test_decrypt_wrongmethod(): void {
         $this->expectExceptionMessage('Data does not match a supported encryption method');
+     *
      * @dataProvider encryption_method_provider
      * @param string $method Encryption method
      */
     public function test_decrypt_tooshort(string $method): void {
-        $this->expectExceptionMessage('Insufficient data');
         switch ($method) {
-            case encryption::METHOD_OPENSSL:
-                // It needs min 49 bytes (16 bytes IV + 32 bytes HMAC + 1 byte data).
-                $justtooshort = '0123456789abcdef0123456789abcdef0123456789abcdef';
-                break;
             case encryption::METHOD_SODIUM:
                 // Sodium needs 25 bytes at least as far as our code is concerned (24 bytes IV + 1
                 // byte data); it splits out any authentication hashes itself.
                 $justtooshort = '0123456789abcdef01234567';
                 break;
+        }
         $this->expectExceptionMessage('Insufficient data');
         encryption::decrypt($method . ':' .base64_encode($justtooshort));
+    }
         encryption::decrypt($method . ':' . base64_encode(
                 '0123456789abcdef0123456789abcdef0123456789abcdef0'));
+    }
-    /**
-     * Test that we can decrypt legacy {@see encryption::METHOD_OPENSSL} content
-     */
-    public function test_decrypt_openssl(): void {
-        $key = testable_encryption::get_key(encryption::METHOD_OPENSSL);
-        // Construct encrypted string using openssl method/cipher.
-        $iv = random_bytes(openssl_cipher_iv_length(encryption::OPENSSL_CIPHER));
-        $encrypted = @openssl_encrypt('Frogs', encryption::OPENSSL_CIPHER, $key, OPENSSL_RAW_DATA, $iv);
-        $hmac = hash_hmac('sha256', $iv . $encrypted, $key, true);
-        $decrypted = encryption::decrypt(encryption::METHOD_OPENSSL . ':' . base64_encode($iv . $encrypted . $hmac));
-        $this->assertEquals('Frogs', $decrypted);
-        $this->assertDebuggingCalledCount(1, ['Decryption using legacy OpenSSL is deprecated, please upgrade to Sodium']);
-    }
     /**
      * Test automatic generation of keys when needed.
+     *
      * @dataProvider encryption_method_provider
      * @param string $method Encryption method
         switch ($method) {
             case encryption::METHOD_SODIUM:
                 $this->expectExceptionMessageMatches('/(should|must) be SODIUM_CRYPTO_SECRETBOX_KEYBYTES bytes/');
-                break;
-            case encryption::METHOD_OPENSSL:
-                $this->expectExceptionMessage('Invalid key');
                 break;
+        }
         encryption::encrypt('frogs', $method);
+    }
     /**
      * Checks that modified data causes failures.
+     *
      * @dataProvider encryption_method_provider
      * @param string $method Encryption method
-     */
-    public function test_modified_data(string $method): void {
+     */
     public function test_modified_data(string $method): void {
         $encrypted = encryption::encrypt('frogs', $method);
         $mainbit = base64_decode(substr($encrypted, strlen($method) + 1));
         $mainbit = substr($mainbit, 0, 16) . 'X' . substr($mainbit, 16);

Proyectos de Subversion Moodle

(root)/lib/tests/encryption_test.php – Rev 1 → 1441