Odyssey
Public Member Functions | List of all members
HcuCuTrustedParmEncryptionTest Class Reference
Inheritance diagram for HcuCuTrustedParmEncryptionTest:

Public Member Functions

 setUp ()
 
 test_parmecrypt_mcrypt_to_openssl_transition_with_ecb ()
 
 test_current_standard_openssl_encryption_mode ()
 
 test_parm_with_current_default_encryption_mode ()
 
 test_current_openssl_encryption_mode_agnostic_nature_parm ()
 
 tearDown ()
 

Detailed Description

Test parmencrypt and parmdecrypt encryption functionalities and their migration from MCRYPT to OPENSSL.

Definition at line 113 of file sharedHcuCuTrustedDetailTest.php.

Member Function Documentation

◆ test_current_openssl_encryption_mode_agnostic_nature_parm()

HcuCuTrustedParmEncryptionTest::test_current_openssl_encryption_mode_agnostic_nature_parm ( )

Test parm encryption with several popular aes 256bits key size based aes encryption modes with openssl. Our openssl encryption implementation is expected to work properly for the listed encryption modes at the least.

Definition at line 226 of file sharedHcuCuTrustedDetailTest.php.

226  {
227  // supported encryption modes
228  $openssl_aes_256_modes = array("aes-256-ctr",
229  "aes-256-ofb",
230  "aes-256-cfb",
231  "aes-256-cfb1",
232  "aes-256-cfb8",
233  "aes-256-ofb",
234  "aes-256-xts",
235  "aes-256-ecb");
236  $previous_decrypted_data = "";
237  foreach($openssl_aes_256_modes as $aes_cipher_mode) {
238  $openssl_ciphertext = "";
239  $obtained_decrypted_text = "";
240 
241  // encrypt with openssl with $aes_cipher_mode mode
242  $openssl_ciphertext = parmencrypt($this->trusted_data,
243  $this->key_suffix,
244  $cipher_method=$aes_cipher_mode);
245 
246  // creates different ciphertext and different base64_encoded output
247  // for each of the mode of operation, but they should decrypt the original
248  // text just fine.
249  $obtained_decrypted_text = parmdecrypt($openssl_ciphertext,
250  $this->key_suffix,
251  $cipher_method=$aes_cipher_mode);
252 
253  $this->assertEquals($obtained_decrypted_text, $this->trusted_data);
254  // also assert the decrypted value from the previous mode
255  if ($previous_decrypted_data != "") {
256  $this->assertEquals($previous_decrypted_data, $obtained_decrypted_text);
257  }
258  // update previous with the current decrypt
259  $previous_decrypted_dat = $obtained_decrypted_text;
260 
261  }
262 
263  }

◆ test_current_standard_openssl_encryption_mode()

HcuCuTrustedParmEncryptionTest::test_current_standard_openssl_encryption_mode ( )

Verify that the current standard is maintained eg. we are upgrading from mcrypt ecb to aes-256-cbc on March, 2019. Current standard for parm encryption is therefore aes-256-cbc.

Definition at line 199 of file sharedHcuCuTrustedDetailTest.php.

199  {
200  $this->assertEquals($this->hcu_standard_encryption_mode_for_parm, PARMENCDEC_CIPHER_MODE);
201  $this->assertEquals($this->hcu_standard_auth_hash_algo, PARMENCDEC_AUTH_HASH_ALGO);
202  }

◆ test_parm_with_current_default_encryption_mode()

HcuCuTrustedParmEncryptionTest::test_parm_with_current_default_encryption_mode ( )

Test parmencrypt and parmdecrypt with default arguments

Definition at line 207 of file sharedHcuCuTrustedDetailTest.php.

207  {
208  // Note that the default encryption mode being used by the following functions
209  // is determined by PARMENCDEC_CIPHER_MODE constant in cutrusted.i script.
210  $openssl_ciphertext = parmencrypt($this->trusted_data,
211  $this->key_suffix);
212 
213  $obtained_decrypted_text = parmdecrypt($openssl_ciphertext,
214  $this->key_suffix);
215 
216  $this->assertEquals($obtained_decrypted_text, $this->trusted_data);
217  }

◆ test_parmecrypt_mcrypt_to_openssl_transition_with_ecb()

HcuCuTrustedParmEncryptionTest::test_parmecrypt_mcrypt_to_openssl_transition_with_ecb ( )

We still use ECB mode of operations mainly due to vendor/interfaces requirements and specifications. Wherever possible, these must be upgraded based on the latest crypto standards and guidelines.

Definition at line 150 of file sharedHcuCuTrustedDetailTest.php.

150  {
151  // if the previous mcrypt based function also exists, test it
152  if(function_exists("parmencrypt_mcrypt")) {
153  // With [mcrypt-MCRYPT_RIJNDAEL_128 + MCRYPT_MODE_ECB] ECB mode,
154  // output ciphertext is always the same for a given data when run
155  // with the same secret key
156  // ENCRYPTION
157  $obtained_ciphertext_mcrypt = parmencrypt_mcrypt($this->trusted_data,
158  $this->key_suffix);
159 
160  $this->assertEquals($obtained_ciphertext_mcrypt,
161  $this->expected_trusted_data_mcrypt_ecb_cipher_base64);
162 
163  //DECRYPTION
164  $obtained_decrypted_data_mcrypt = parmdecrypt($obtained_ciphertext_mcrypt,
165  $this->key_suffix,
166  $cipher_method="aes-256-ecb");
167 
168  $this->assertEquals($obtained_decrypted_data_mcrypt,
169  $this->trusted_data);
170  }
171 
172  // test openssl aes-256-ecb based encrypted base64 output
173  // [openssl] with ECB mode, output ciphertext is always the same for a given
174  // data when run with the same secret key
175  // ENCRYPTION
176  $obtained_ciphertext_openssl = parmencrypt($this->trusted_data,
177  $this->key_suffix,
178  $cipher_method="aes-256-ecb");
179  $this->assertEquals($obtained_ciphertext_openssl,
180  $this->expected_trusted_data_openssl_ecb_cipher_base64);
181 
182  // DECRYPTION
183  $obtained_decrypted_data_openssl = parmdecrypt($obtained_ciphertext_openssl,
184  $this->key_suffix,
185  $cipher_method="aes-256-ecb");
186  $this->assertEquals($obtained_decrypted_data_openssl, $this->trusted_data);
187 
188  // also verify that the decrypted data using the both methods were same
189  if(function_exists("paramencrypt_mcrypt")) {
190  $this->assertEquals($obtained_decrypted_data_openssl, $obtained_decrypted_data_mcrypt);
191  }
192  }
The documentation for this class was generated from the following file:
Generated by   doxygen 1.8.15