Odyssey
sharedHcuCommonTest.php
1 <?php
2 
3 use PHPUnit\Framework\TestCase;
4 
5 require_once 'hcuCommon.i';
6 
7 /**
8  *
9  * Tests for common OpenSSL based encryption functions, their
10  * generalizability to different cipher modes and related utility
11  * functions in hcuCommon.i
12  */
13 class SharedLibraryHcuCommonTest extends TestCase {
14 
15  function setUp() {
16  $this->Cu = "SCRUBCU";
17  // this will just be used as an initialization string that is being used
18  // by hmac_hash with sha256 algorithm to generate the 256bit key
19  $this->key_suffix = sha1($this->Cu.":testhcucommonkey");
20  }
21 
22  /**
23  * Test default key generation function for openssl
24  * encryption
25  */
26  function test_openssl_key_generation() {
27  // test that the key derived encryption key (256 bits
28  // 32 bytes) should be exactly the same all the time for
29  // a same deriving key
30  $enc_key_1 = getOpenSSLKey($this->key_suffix);
31  $enc_key_2 = getOpenSSLKey($this->key_suffix);
32  $this->assertEquals(strlen($enc_key_1), 32);
33  $this->assertEquals(strlen($enc_key_2), 32);
34  $this->assertTrue($enc_key_1 == $enc_key_2);
35 
36  // also test with some random seed
37  $seed = openssl_random_pseudo_bytes(8);
38  $enc_key_3 = getOpenSSLKey($seed);
39  $enc_key_4 = getOpenSSLKey($seed);
40  $this->assertEquals(strlen($enc_key_3), 32);
41  $this->assertEquals(strlen($enc_key_4), 32);
42  $this->assertTrue($enc_key_3 == $enc_key_4);
43  }
44 
45  /**
46  * Test for invalid bit size input
47  *
48  * @expectedException Exception
49  * @expectedExceptionCode 3
50  * @expectedExceptionMessageRegExp /Invalid key size.?\s*\w+/
51  */
52  function test_openssl_key_generation_invalid_size() {
53  $seed = openssl_random_pseudo_bytes(8);
54  getOpenSSLKey($seed, $bit_size='invalid');
55  }
56 
57  /**
58  * Test encryption authentication hash generation function
59  */
60  function test_openssl_auth_hash_correct_algo() {
61  $message = "test data for authentication hash";
62  $auth_hash_algo = "sha256";
63 
64  foreach(array(true, false) as $auth_hash_binary) {
65  // test the hash generation
66  $hash_1 = getEncryptionAuthHash($message,
67  $this->key_suffix,
68  $auth_hash_algo,
69  $auth_hash_binary);
70  $hash_2 = getEncryptionAuthHash($message,
71  $this->key_suffix,
72  $auth_hash_algo,
73  $auth_hash_binary);
74  $this->assertTrue($hash_1 == $hash_2);
75 
76  // also test with some random seed
77  $seed = openssl_random_pseudo_bytes(8);
78  $hash_3 = getEncryptionAuthHash($message,
79  $seed,
80  $auth_hash_algo,
81  $auth_hash_binary);
82  $hash_4 = getEncryptionAuthHash($message,
83  $seed,
84  $auth_hash_algo,
85  $auth_hash_binary);
86  $this->assertTrue($hash_3 == $hash_4);
87 
88  }
89 
90  }
91 
92  /**
93  * Test Case:
94  * This tests an aes-256-cbc encrypted text with openssl!
95  * Test with default optional arguments. Authentication hashing algorithm
96  * is sha1 and the generated hash is raw binary.
97  */
98  function test_openssl_aes_256_cbc_sha1_raw_default() {
99  $original_message = "This is an aes-256-cbc encrypted text with openssl! Test with default optional arguments. Authentication hashing algorithm is sha1 and the generated hash is raw binary.";
100 
101  $mthd = "aes-256-cbc";
102  $auth_algo = "sha1";
103  // binary authentication hash
104  $auth_hash_bin = true;
105 
106  // test with passing the default optional parameters
107  $ciphertext = hcuOpenSSLEncrypt($original_message,
108  $this->key_suffix,
109  $method=$mthd,
110  $auth_hash_algo=$auth_algo,
111  $auth_hash_binary=$auth_hash_bin);
112  $decrypted_message = hcuOpenSSLDecrypt($ciphertext["message"],
113  $ciphertext["hash"],
114  $this->key_suffix,
115  $method=$mthd,
116  $auth_hash_algo=$auth_algo,
117  $auth_hash_binary=$auth_hash_bin);
118  $this->assertEquals($original_message, $decrypted_message);
119 
120  // test without passing default parameters
121  $ciphertext_from_default_call =hcuOpenSSLEncrypt($decrypted_message,
122  $this->key_suffix);
123  $decrypted_message_from_default_call = hcuOpenSSLDecrypt(
124  $ciphertext_from_default_call["message"],
125  $ciphertext_from_default_call["hash"],
126  $this->key_suffix );
127  $this->assertEquals($decrypted_message, $decrypted_message_from_default_call);
128  $this->assertEquals($decrypted_message_from_default_call, $original_message);
129  }
130 
131  /**
132  * Test Case:
133  * This tests aes-256-cbc encrypted text with openssl!
134  * Authentication hashing algorithm is sha1 and the generated
135  * hash are lowercase hexits
136  */
137  function test_openssl_aes_256_cbc_sha1_hexits_hash() {
138  $original_message = "This is an aes-256-cbc encrypted text with openssl! Authentication hashing algorithm is sha1 and the generated hash are lowercase hexits.";
139 
140  $mthd = "aes-256-cbc";
141  $auth_algo = "sha1";
142  // hexits authentication hash
143  $auth_hash_bin = false;
144 
145  $ciphertext = hcuOpenSSLEncrypt($original_message,
146  $this->key_suffix,
147  $method=$mthd,
148  $auth_hash_algo=$auth_algo,
149  $auth_hash_binary=$auth_hash_bin);
150 
151  $decrypted_message = hcuOpenSSLDecrypt($ciphertext["message"],
152  $ciphertext["hash"],
153  $this->key_suffix,
154  $method=$mthd,
155  $auth_hash_algo=$auth_algo,
156  $auth_hash_binary=$auth_hash_bin);
157 
158  $this->assertEquals($original_message, $decrypted_message);
159  }
160 
161  /**
162  * Test Case:
163  * This tests an aes-256-cbc encrypted text with openssl!
164  * Authentication hashing algorithm is sha256 and the
165  * generated hash is tested for both raw binary and hexits.
166  */
167  function test_openssl_aes_256_cbc_sha256() {
168  $original_message = "This is an aes-256-cbc encrypted text with openssl! Authentication hashing algorithm is sha256 and the generated hash is tested for both raw binary and hexits.";
169 
170  $mthd = "aes-256-cbc";
171  $auth_algo = "sha256";
172 
173  foreach(array(true,false) as $auth_hash_bin) {
174  $ciphertext = array("message" => "", "hash" => "");
175  $ciphertext = hcuOpenSSLEncrypt($original_message,
176  $this->key_suffix,
177  $method=$mthd,
178  $auth_hash_algo=$auth_algo,
179  $auth_hash_binary=$auth_hash_bin);
180 
181  $decrypted_message = hcuOpenSSLDecrypt($ciphertext["message"],
182  $ciphertext["hash"],
183  $this->key_suffix,
184  $method=$mthd,
185  $auth_hash_algo=$auth_algo,
186  $auth_hash_binary=$auth_hash_bin);
187 
188  $this->assertEquals($original_message, $decrypted_message);
189  }
190  }
191 
192  /**
193  * Test Case:
194  * This tests an aes-256-ecb encrypted text with openssl! Authentication
195  * hashing algorithm is sha256 and the generated hash are raw binary.
196  * Initialization vector (IV) is also a part of the ciphertext. However,
197  * ECB does not use IV (i.e. iv size is zero) and is ignored.
198  * Therefore the main openssl based encrypt and decrypt functions
199  * should be agnoistic of the iv size (or choice of cipher mode) as well.
200  */
201  function test_openssl_aes_256_ecb_sha256() {
202  $original_message = "This is an aes-256-ecb encrypted text with openssl! Authentication hashing algorithm is sha256 and the generated hash are raw binary. Initialization vector (IV) is also a part of the ciphertext. However, ECB does not use IV (i.e. iv size is zero). Therefore the main openssl based encrypt and decrypt functions should be agnoistic of the iv size (or choice of cipher mode) as well.";
203 
204  $mthd = "aes-256-ecb";
205  $auth_algo = "sha256";
206 
207  foreach(array(true,false) as $auth_hash_bin) {
208  $ciphertext = array("message" => "", "hash" => "");
209  $ciphertext = hcuOpenSSLEncrypt($original_message,
210  $this->key_suffix,
211  $method=$mthd,
212  $auth_hash_algo=$auth_algo,
213  $auth_hash_binary=$auth_hash_bin);
214 
215  $decrypted_message = hcuOpenSSLDecrypt($ciphertext["message"],
216  $ciphertext["hash"],
217  $this->key_suffix,
218  $method=$mthd,
219  $auth_hash_algo=$auth_algo,
220  $auth_hash_binary=$auth_hash_bin);
221 
222  $this->assertEquals($original_message, $decrypted_message);
223  }
224  }
225 
226  /**
227  * Test Case:
228  * This tests des-ede3-cbc encrypted text with openssl!
229  * Authentication hashing algorithm is sha256 and the generated
230  * hash are tested for both raw and hexits
231  */
232  function test_openssl_des_ede3_cbc_sha256() {
233  $original_message = "This is a des-ede3-cbc encrypted text with openssl! Authentication hashing algorithm is sha256 and the generated hash are tested for both raw and hexits.";
234 
235  $mthd = "des-ede3-cbc"; // ecb
236  $auth_algo = "sha256";
237 
238  foreach(array(false, true) as $auth_hash_bin){
239  $ciphertext = array("message" => "", "hash" => "");
240  $ciphertext = hcuOpenSSLEncrypt($original_message,
241  $this->key_suffix,
242  $method=$mthd,
243  $auth_hash_algo=$auth_algo,
244  $auth_hash_binary=$auth_hash_bin);
245 
246  $decrypted_message = hcuOpenSSLDecrypt($ciphertext["message"],
247  $ciphertext["hash"],
248  $this->key_suffix,
249  $method=$mthd,
250  $auth_hash_algo=$auth_algo,
251  $auth_hash_binary=$auth_hash_bin);
252 
253  $this->assertEquals($original_message, $decrypted_message);
254  }
255  }
256 
257  /**
258  * Test Case:
259  * This tests des-ede3 [ecb] encrypted text with openssl!
260  * Authentication hashing algorithm is sha256 and the generated
261  * hash are tested for both raw and hexits.
262  */
263  function test_openssl_des_ede3_ecb_sha256() {
264  $original_message = "This is des-ede3 [ecb] encrypted text with openssl! Authentication hashing algorithm is sha256 and the generated hash are tested for both raw and hexits.";
265 
266  $mthd = "des-ede3"; // ecb
267  $auth_algo = "sha256";
268 
269  foreach(array(false, true) as $auth_hash_bin){
270  $ciphertext = array("message" => "", "hash" => "");
271  $ciphertext = hcuOpenSSLEncrypt($original_message,
272  $this->key_suffix,
273  $method=$mthd,
274  $auth_hash_algo=$auth_algo,
275  $auth_hash_binary=$auth_hash_bin);
276 
277  $decrypted_message = hcuOpenSSLDecrypt($ciphertext["message"],
278  $ciphertext["hash"],
279  $this->key_suffix,
280  $method=$mthd,
281  $auth_hash_algo=$auth_algo,
282  $auth_hash_binary=$auth_hash_bin);
283 
284  $this->assertEquals($original_message, $decrypted_message);
285  }
286  }
287 
288  /**
289  * This tests cast5-ecb encrypted text with openssl!
290  * Authentication hashing algorithm is sha256 and the generated
291  * hash are tested for both raw and hexits.
292  */
293  function test_openssl_cast5_ecb_sha256() {
294  $original_message = "This is cast5-ecb encrypted text with openssl! Authentication hashing algorithm is sha256 and the generated hash are tested for both raw and hexits.";
295 
296  $mthd = "cast5-ecb"; // ecb
297  $auth_algo = "sha256";
298 
299  foreach(array(false, true) as $auth_hash_bin){
300  $ciphertext = array("message" => "", "hash" => "");
301  $ciphertext = hcuOpenSSLEncrypt($original_message,
302  $this->key_suffix,
303  $method=$mthd,
304  $auth_hash_algo=$auth_algo,
305  $auth_hash_binary=$auth_hash_bin);
306 
307  $decrypted_message = hcuOpenSSLDecrypt($ciphertext["message"],
308  $ciphertext["hash"],
309  $this->key_suffix,
310  $method=$mthd,
311  $auth_hash_algo=$auth_algo,
312  $auth_hash_binary=$auth_hash_bin);
313  $this->assertEquals($original_message, $decrypted_message);
314  }
315  }
316 
317  /**
318  * Test Case:
319  * This is an aes-256-cbc encrypted text with openssl!
320  * Authentication hashing algorithm is sha256 and the generated
321  * hash is lowercase hexits.
322  * Tests the corrupted authentication hash of the encrypted text.
323  *
324  * @expectedException Exception
325  * @expectedExceptionCode 2
326  * @expectedExceptionMessage Hash doesn't match!
327  */
328  function test_corrputed_hash_auth_openssl_aes_256_cbc_sha256() {
329  $original_message = "This is an aes-256-cbc encrypted text with openssl! Authentication hashing algorithm is sha256 and the generated hash is lowercase hexits.";
330 
331  $mthd = "aes-256-cbc";
332  $auth_algo = "sha256";
333  $auth_hash_bin = false;
334 
335  // ENCRYPTION
336  $ciphertext = hcuOpenSSLEncrypt($original_message,
337  $this->key_suffix,
338  $method=$mthd,
339  $auth_hash_algo=$auth_algo,
340  $auth_hash_binary=$auth_hash_bin);
341 
342  // Hash corrpution
343  $received_hash = $ciphertext["hash"];
344  $corrupted_str = "corrupt_text";
345  $hash_length = strlen($received_hash);
346  $corrupt_str_len = strlen($corrupted_str);
347  $corrputed_hash = substr_replace($received_hash,
348  $corrupted_str,
349  $hash_length - $corrupt_str_len,
350  $corrupt_str_len);
351 
352  // Detect corrputed has durint DECRYPTION
353  $decrypted_message = hcuOpenSSLDecrypt($ciphertext["message"],
354  $corrputed_hash,
355  $this->key_suffix,
356  $method=$mthd,
357  $auth_hash_algo=$auth_algo,
358  $auth_hash_binary=$auth_hash_bin);
359  }
360 
361 
362  /**
363  * Test Case:
364  * Tests for catching exception on providing invalid hash algorithm
365  * for encrytpion authentication.
366  *
367  * @expectedException Exception
368  * @expectedExceptionCode 2
369  * @expectedExceptionMessageRegExp /Invalid hash algorithm:?\s*\w+/
370  */
371  function test_invalid_hash_algo_openssl_aes_256_cbc() {
372  $original_message = "This is an aes-256-cbc encrypted text with openssl! Authentication hashing algorithm is sha256 and the generated hash is raw binary.";
373 
374  $mthd = "aes-256-cbc";
375  $auth_algo = "invalid_hash_algo";
376  $auth_hash_bin = true;
377  // test encryption with invalid authentication algorithm
378  $ciphertext = hcuOpenSSLEncrypt($original_message,
379  $this->key_suffix,
380  $method=$mthd,
381  $auth_hash_algo=$auth_algo,
382  $auth_hash_binary=$auth_hash_bin);
383  }
384 
385  /**
386  * Test Case:
387  * Tests openssl encryption api with several popular aes 256bits key size
388  * based aes encryption modes. Our openssl encryption implementation is
389  * expected to work properly for the listed encryption modes at the least.
390  *
391  */
392  function test_openssl_encryption_mode_agnostic_nature() {
393  // supported encryption modes
394  $openssl_aes_256_modes = array("aes-256-ctr",
395  "aes-256-ofb",
396  "aes-256-cfb",
397  "aes-256-cfb1",
398  "aes-256-cfb8",
399  "aes-256-ofb",
400  "aes-256-xts",
401  "aes-256-ecb");
402  $auth_algo = "sha256";
403  $auth_hash_bin = true;
404 
405  $previous_decrypted_data = "";
406  foreach($openssl_aes_256_modes as $aes_cipher_mode) {
407  $openssl_ciphertext = array("message" => "", "hash" => "");
408  $obtained_decrypted_text = "";
409 
410  // ENCRYPTION
411  $openssl_ciphertext = hcuOpenSSLEncrypt($this->trusted_data,
412  $this->key_suffix,
413  $method=$aes_cipher_mode,
414  $auth_hash_algo=$auth_algo,
415  $auth_hash_binary=$auth_hash_bin);
416 
417 
418  // DECRYPTION
419  // creates different ciphertext and different base64_encoded output
420  // for each of the mode of operation, but they should decrypt the original
421  // text just fine.
422  $obtained_decrypted_text = hcuOpenSSLDecrypt($openssl_ciphertext["message"],
423  $openssl_ciphertext["hash"],
424  $this->key_suffix,
425  $method=$aes_cipher_mode,
426  $auth_hash_algo=$auth_algo,
427  $auth_hash_binary=$auth_hash_bin);
428 
429  $this->assertEquals($obtained_decrypted_text, $this->trusted_data);
430  // also assert the decrypted value from the previous mode
431  if ($previous_decrypted_data != "") {
432  $this->assertEquals($previous_decrypted_data, $obtained_decrypted_text);
433  }
434  // update previous with the current decrypt
435  $previous_decrypted_dat = $obtained_decrypted_text;
436  }
437  }
438 
439  function tearDown(){
440 
441  }
442 }
443 
444 
445 ?>
Generated by   doxygen 1.8.15