Refactored CryptoUtil to make it injectable and more testable

Added checks for vanilla JVM AES 256 issues in tests
This commit is contained in:
Dominik Dzienia 2020-04-06 23:48:25 +02:00
parent a8d76cef4c
commit 9dca938698
6 changed files with 93 additions and 42 deletions

View file

@ -50,6 +50,7 @@ import info.nightscout.androidaps.queue.commands.*
import info.nightscout.androidaps.setupwizard.SWEventListener import info.nightscout.androidaps.setupwizard.SWEventListener
import info.nightscout.androidaps.setupwizard.SWScreen import info.nightscout.androidaps.setupwizard.SWScreen
import info.nightscout.androidaps.setupwizard.elements.* import info.nightscout.androidaps.setupwizard.elements.*
import info.nightscout.androidaps.utils.CryptoUtil
import info.nightscout.androidaps.utils.FabricPrivacy import info.nightscout.androidaps.utils.FabricPrivacy
import info.nightscout.androidaps.utils.resources.ResourceHelper import info.nightscout.androidaps.utils.resources.ResourceHelper
import info.nightscout.androidaps.utils.resources.ResourceHelperImplementation import info.nightscout.androidaps.utils.resources.ResourceHelperImplementation
@ -261,6 +262,7 @@ open class AppModule {
@ContributesAndroidInjector fun graphDataInjector(): GraphData @ContributesAndroidInjector fun graphDataInjector(): GraphData
@ContributesAndroidInjector fun cryptoUtilInjector(): CryptoUtil
@ContributesAndroidInjector fun importExportPrefsInjector(): ImportExportPrefs @ContributesAndroidInjector fun importExportPrefsInjector(): ImportExportPrefs
@ContributesAndroidInjector fun encryptedPrefsFormatInjector(): EncryptedPrefsFormat @ContributesAndroidInjector fun encryptedPrefsFormatInjector(): EncryptedPrefsFormat
@ContributesAndroidInjector fun classicPrefsFormatInjector(): ClassicPrefsFormat @ContributesAndroidInjector fun classicPrefsFormatInjector(): ClassicPrefsFormat

View file

@ -18,6 +18,7 @@ import javax.inject.Singleton
@Singleton @Singleton
class EncryptedPrefsFormat @Inject constructor( class EncryptedPrefsFormat @Inject constructor(
private var resourceHelper: ResourceHelper, private var resourceHelper: ResourceHelper,
private var cryptoUtil: CryptoUtil,
private var storage: Storage private var storage: Storage
) : PrefsFormat { ) : PrefsFormat {
@ -58,14 +59,14 @@ class EncryptedPrefsFormat @Inject constructor(
var encodedContent = "" var encodedContent = ""
if (encrypted) { if (encrypted) {
val salt = CryptoUtil.mineSalt() val salt = cryptoUtil.mineSalt()
val rawContent = content.toString() val rawContent = content.toString()
val contentAttempt = CryptoUtil.encrypt(masterPassword!!, salt, rawContent) val contentAttempt = cryptoUtil.encrypt(masterPassword!!, salt, rawContent)
if (contentAttempt != null) { if (contentAttempt != null) {
encodedContent = contentAttempt encodedContent = contentAttempt
security.put("algorithm", "v1") security.put("algorithm", "v1")
security.put("salt", salt.toHex()) security.put("salt", salt.toHex())
security.put("content_hash", CryptoUtil.sha256(rawContent)) security.put("content_hash", cryptoUtil.sha256(rawContent))
} else { } else {
// fallback when encryption does not work // fallback when encryption does not work
encrypted = false encrypted = false
@ -80,7 +81,7 @@ class EncryptedPrefsFormat @Inject constructor(
container.put("content", if (encrypted) encodedContent else content) container.put("content", if (encrypted) encodedContent else content)
var fileContents = container.toString(2) var fileContents = container.toString(2)
val fileHash = CryptoUtil.hmac256(fileContents, KEY_CONSCIENCE) val fileHash = cryptoUtil.hmac256(fileContents, KEY_CONSCIENCE)
fileContents = fileContents.replace(Regex("(\\\"file_hash\\\"\\s*\\:\\s*\\\")(--to-be-calculated--)(\\\")"), "$1" + fileHash + "$3") fileContents = fileContents.replace(Regex("(\\\"file_hash\\\"\\s*\\:\\s*\\\")(--to-be-calculated--)(\\\")"), "$1" + fileHash + "$3")
@ -102,7 +103,7 @@ class EncryptedPrefsFormat @Inject constructor(
val jsonBody = storage.getFileContents(file) val jsonBody = storage.getFileContents(file)
val fileContents = jsonBody.replace(Regex("(?is)(\\\"file_hash\\\"\\s*\\:\\s*\\\")([^\"]*)(\\\")"), "$1--to-be-calculated--$3") val fileContents = jsonBody.replace(Regex("(?is)(\\\"file_hash\\\"\\s*\\:\\s*\\\")([^\"]*)(\\\")"), "$1--to-be-calculated--$3")
val calculatedFileHash = CryptoUtil.hmac256(fileContents, KEY_CONSCIENCE) val calculatedFileHash = cryptoUtil.hmac256(fileContents, KEY_CONSCIENCE)
val container = JSONObject(jsonBody) val container = JSONObject(jsonBody)
if (container.has(PrefsMetadataKey.FILE_FORMAT.key) && container.has("security") && container.has("content") && container.has("metadata")) { if (container.has(PrefsMetadataKey.FILE_FORMAT.key) && container.has("security") && container.has("content") && container.has("metadata")) {
@ -144,11 +145,11 @@ class EncryptedPrefsFormat @Inject constructor(
if (security.has("salt") && security.has("content_hash")) { if (security.has("salt") && security.has("content_hash")) {
val salt = security.getString("salt").hexStringToByteArray() val salt = security.getString("salt").hexStringToByteArray()
val decrypted = CryptoUtil.decrypt(masterPassword!!, salt, container.getString("content")) val decrypted = cryptoUtil.decrypt(masterPassword!!, salt, container.getString("content"))
if (decrypted != null) { if (decrypted != null) {
try { try {
val contentHash = CryptoUtil.sha256(decrypted) val contentHash = cryptoUtil.sha256(decrypted)
if (contentHash == security.getString("content_hash")) { if (contentHash == security.getString("content_hash")) {
contentJsonObj = JSONObject(decrypted) contentJsonObj = JSONObject(decrypted)

View file

@ -1,5 +1,6 @@
package info.nightscout.androidaps.utils package info.nightscout.androidaps.utils
import info.nightscout.androidaps.logging.AAPSLogger
import org.spongycastle.util.encoders.Base64 import org.spongycastle.util.encoders.Base64
import java.nio.ByteBuffer import java.nio.ByteBuffer
import java.security.MessageDigest import java.security.MessageDigest
@ -12,6 +13,8 @@ import javax.crypto.SecretKeyFactory
import javax.crypto.spec.GCMParameterSpec import javax.crypto.spec.GCMParameterSpec
import javax.crypto.spec.PBEKeySpec import javax.crypto.spec.PBEKeySpec
import javax.crypto.spec.SecretKeySpec import javax.crypto.spec.SecretKeySpec
import javax.inject.Inject
import javax.inject.Singleton
private val HEX_CHARS = "0123456789abcdef" private val HEX_CHARS = "0123456789abcdef"
private val HEX_CHARS_ARRAY = "0123456789abcdef".toCharArray() private val HEX_CHARS_ARRAY = "0123456789abcdef".toCharArray()
@ -45,15 +48,21 @@ fun ByteArray.toHex() : String{
return result.toString() return result.toString()
} }
object CryptoUtil { @Singleton
class CryptoUtil @Inject constructor(
val aapsLogger: AAPSLogger
) {
companion object {
private const val IV_LENGTH_BYTE = 12 private const val IV_LENGTH_BYTE = 12
private const val TAG_LENGTH_BIT = 128 private const val TAG_LENGTH_BIT = 128
private const val AES_KEY_SIZE_BIT = 256 private const val AES_KEY_SIZE_BIT = 256
private const val PBKDF2_ITERATIONS = 50000 // check delays it cause on real device private const val PBKDF2_ITERATIONS = 50000 // check delays it cause on real device
private const val SALT_SIZE_BYTE = 32 private const val SALT_SIZE_BYTE = 32
}
private val secureRandom: SecureRandom = SecureRandom() private val secureRandom: SecureRandom = SecureRandom()
var lastException: Exception? = null
fun sha256(source: String): String { fun sha256(source: String): String {
val digest = MessageDigest.getInstance("SHA-256") val digest = MessageDigest.getInstance("SHA-256")
@ -85,6 +94,7 @@ object CryptoUtil {
val iv: ByteArray? val iv: ByteArray?
val encrypted: ByteArray? val encrypted: ByteArray?
return try { return try {
lastException = null
iv = ByteArray(IV_LENGTH_BYTE) iv = ByteArray(IV_LENGTH_BYTE)
secureRandom.nextBytes(iv) secureRandom.nextBytes(iv)
val cipherEnc: Cipher = Cipher.getInstance("AES/GCM/NoPadding") val cipherEnc: Cipher = Cipher.getInstance("AES/GCM/NoPadding")
@ -96,6 +106,8 @@ object CryptoUtil {
byteBuffer.put(encrypted) byteBuffer.put(encrypted)
String(Base64.encode(byteBuffer.array())) String(Base64.encode(byteBuffer.array()))
} catch (e: Exception) { } catch (e: Exception) {
lastException = e
aapsLogger.error("Encryption failed due to technical exception: ${e}")
null null
} }
} }
@ -104,6 +116,7 @@ object CryptoUtil {
val iv: ByteArray? val iv: ByteArray?
val encrypted: ByteArray? val encrypted: ByteArray?
return try { return try {
lastException = null
val byteBuffer = ByteBuffer.wrap(Base64.decode(encryptedData)) val byteBuffer = ByteBuffer.wrap(Base64.decode(encryptedData))
val ivLength = byteBuffer.get().toInt() val ivLength = byteBuffer.get().toInt()
iv = ByteArray(ivLength) iv = ByteArray(ivLength)
@ -115,6 +128,8 @@ object CryptoUtil {
val dec = cipherDec.doFinal(encrypted) val dec = cipherDec.doFinal(encrypted)
String(dec) String(dec)
} catch (e: Exception) { } catch (e: Exception) {
lastException = e
aapsLogger.error("Decryption failed due to technical exception: ${e}")
null null
} }
} }

View file

@ -19,7 +19,10 @@ import javax.inject.Singleton
val AUTOFILL_HINT_NEW_PASSWORD = "newPassword" val AUTOFILL_HINT_NEW_PASSWORD = "newPassword"
@Singleton @Singleton
class PasswordCheck @Inject constructor(val sp: SP) { class PasswordCheck @Inject constructor(
val sp: SP,
val cryptoUtil: CryptoUtil
) {
@SuppressLint("InflateParams") @SuppressLint("InflateParams")
fun queryPassword(context: Context, @StringRes labelId: Int, @StringRes preference: Int, ok: ( (String) -> Unit)?, cancel: (()->Unit)? = null, fail: (()->Unit)? = null) { fun queryPassword(context: Context, @StringRes labelId: Int, @StringRes preference: Int, ok: ( (String) -> Unit)?, cancel: (()->Unit)? = null, fail: (()->Unit)? = null) {
@ -45,7 +48,7 @@ class PasswordCheck @Inject constructor(val sp: SP) {
.setCustomTitle(AlertDialogHelper.buildCustomTitle(context, context.getString(labelId), R.drawable.ic_header_key)) .setCustomTitle(AlertDialogHelper.buildCustomTitle(context, context.getString(labelId), R.drawable.ic_header_key))
.setPositiveButton(context.getString(R.string.ok)) { _, _ -> .setPositiveButton(context.getString(R.string.ok)) { _, _ ->
val enteredPassword = userInput.text.toString() val enteredPassword = userInput.text.toString()
if (CryptoUtil.checkPassword(enteredPassword, password)) ok?.invoke(enteredPassword) if (cryptoUtil.checkPassword(enteredPassword, password)) ok?.invoke(enteredPassword)
else { else {
ToastUtils.errorToast(context, context.getString(R.string.wrongpassword)) ToastUtils.errorToast(context, context.getString(R.string.wrongpassword))
fail?.invoke() fail?.invoke()
@ -80,7 +83,7 @@ class PasswordCheck @Inject constructor(val sp: SP) {
.setPositiveButton(context.getString(R.string.ok)) { _, _ -> .setPositiveButton(context.getString(R.string.ok)) { _, _ ->
val enteredPassword = userInput.text.toString() val enteredPassword = userInput.text.toString()
if (enteredPassword.isNotEmpty()) { if (enteredPassword.isNotEmpty()) {
sp.putString(preference, CryptoUtil.hashPassword(enteredPassword)) sp.putString(preference, cryptoUtil.hashPassword(enteredPassword))
ToastUtils.okToast(context, context.getString(R.string.password_set)) ToastUtils.okToast(context, context.getString(R.string.password_set))
ok?.invoke(enteredPassword) ok?.invoke(enteredPassword)
} else { } else {

View file

@ -5,10 +5,11 @@ import info.nightscout.androidaps.TestBase
import info.nightscout.androidaps.plugins.general.maintenance.formats.* import info.nightscout.androidaps.plugins.general.maintenance.formats.*
import info.nightscout.androidaps.testing.mockers.AAPSMocker import info.nightscout.androidaps.testing.mockers.AAPSMocker
import info.nightscout.androidaps.testing.utils.SingleStringStorage import info.nightscout.androidaps.testing.utils.SingleStringStorage
import info.nightscout.androidaps.utils.CryptoUtil
import info.nightscout.androidaps.utils.assumeAES256isSupported
import info.nightscout.androidaps.utils.resources.ResourceHelper import info.nightscout.androidaps.utils.resources.ResourceHelper
import info.nightscout.androidaps.utils.sharedPreferences.SP import info.nightscout.androidaps.utils.sharedPreferences.SP
import org.hamcrest.CoreMatchers import org.hamcrest.CoreMatchers
import org.json.JSONException
import org.junit.Assert import org.junit.Assert
import org.junit.Before import org.junit.Before
import org.junit.Test import org.junit.Test
@ -30,6 +31,8 @@ class EncryptedPrefsFormatTest : TestBase() {
@Mock lateinit var resourceHelper: ResourceHelper @Mock lateinit var resourceHelper: ResourceHelper
@Mock lateinit var sp: SP @Mock lateinit var sp: SP
var cryptoUtil: CryptoUtil = CryptoUtil(aapsLogger)
@Before @Before
fun mock() { fun mock() {
AAPSMocker.prepareMock() AAPSMocker.prepareMock()
@ -52,9 +55,11 @@ class EncryptedPrefsFormatTest : TestBase() {
"}" "}"
val storage = SingleStringStorage(frozenPrefs) val storage = SingleStringStorage(frozenPrefs)
val encryptedFormat = EncryptedPrefsFormat(resourceHelper, storage) val encryptedFormat = EncryptedPrefsFormat(resourceHelper, cryptoUtil, storage)
val prefs = encryptedFormat.loadPreferences(AAPSMocker.getMockedFile(), "sikret") val prefs = encryptedFormat.loadPreferences(AAPSMocker.getMockedFile(), "sikret")
assumeAES256isSupported(cryptoUtil)
Assert.assertThat(prefs.values.size, CoreMatchers.`is`(2)) Assert.assertThat(prefs.values.size, CoreMatchers.`is`(2))
Assert.assertThat(prefs.values["key1"], CoreMatchers.`is`("A")) Assert.assertThat(prefs.values["key1"], CoreMatchers.`is`("A"))
Assert.assertThat(prefs.values["keyB"], CoreMatchers.`is`("2")) Assert.assertThat(prefs.values["keyB"], CoreMatchers.`is`("2"))
@ -67,7 +72,7 @@ class EncryptedPrefsFormatTest : TestBase() {
@Test @Test
fun preferenceSavingTest() { fun preferenceSavingTest() {
val storage = SingleStringStorage("") val storage = SingleStringStorage("")
val encryptedFormat = EncryptedPrefsFormat(resourceHelper, storage) val encryptedFormat = EncryptedPrefsFormat(resourceHelper, cryptoUtil, storage)
val prefs = Prefs( val prefs = Prefs(
mapOf( mapOf(
"key1" to "A", "key1" to "A",
@ -84,7 +89,7 @@ class EncryptedPrefsFormatTest : TestBase() {
@Test @Test
fun importExportStabilityTest() { fun importExportStabilityTest() {
val storage = SingleStringStorage("") val storage = SingleStringStorage("")
val encryptedFormat = EncryptedPrefsFormat(resourceHelper, storage) val encryptedFormat = EncryptedPrefsFormat(resourceHelper, cryptoUtil, storage)
val prefsIn = Prefs( val prefsIn = Prefs(
mapOf( mapOf(
"testpref1" to "--1--", "testpref1" to "--1--",
@ -97,6 +102,8 @@ class EncryptedPrefsFormatTest : TestBase() {
encryptedFormat.savePreferences(AAPSMocker.getMockedFile(), prefsIn, "tajemnica") encryptedFormat.savePreferences(AAPSMocker.getMockedFile(), prefsIn, "tajemnica")
val prefsOut = encryptedFormat.loadPreferences(AAPSMocker.getMockedFile(), "tajemnica") val prefsOut = encryptedFormat.loadPreferences(AAPSMocker.getMockedFile(), "tajemnica")
assumeAES256isSupported(cryptoUtil)
Assert.assertThat(prefsOut.values.size, CoreMatchers.`is`(2)) Assert.assertThat(prefsOut.values.size, CoreMatchers.`is`(2))
Assert.assertThat(prefsOut.values["testpref1"], CoreMatchers.`is`("--1--")) Assert.assertThat(prefsOut.values["testpref1"], CoreMatchers.`is`("--1--"))
Assert.assertThat(prefsOut.values["testpref2"], CoreMatchers.`is`("another")) Assert.assertThat(prefsOut.values["testpref2"], CoreMatchers.`is`("another"))
@ -121,7 +128,7 @@ class EncryptedPrefsFormatTest : TestBase() {
"}" "}"
val storage = SingleStringStorage(frozenPrefs) val storage = SingleStringStorage(frozenPrefs)
val encryptedFormat = EncryptedPrefsFormat(resourceHelper, storage) val encryptedFormat = EncryptedPrefsFormat(resourceHelper, cryptoUtil, storage)
val prefs = encryptedFormat.loadPreferences(AAPSMocker.getMockedFile(), "it-is-NOT-right-secret") val prefs = encryptedFormat.loadPreferences(AAPSMocker.getMockedFile(), "it-is-NOT-right-secret")
Assert.assertThat(prefs.values.size, CoreMatchers.`is`(0)) Assert.assertThat(prefs.values.size, CoreMatchers.`is`(0))
@ -148,9 +155,11 @@ class EncryptedPrefsFormatTest : TestBase() {
"}" "}"
val storage = SingleStringStorage(frozenPrefs) val storage = SingleStringStorage(frozenPrefs)
val encryptedFormat = EncryptedPrefsFormat(resourceHelper, storage) val encryptedFormat = EncryptedPrefsFormat(resourceHelper, cryptoUtil, storage)
val prefs = encryptedFormat.loadPreferences(AAPSMocker.getMockedFile(), "sikret") val prefs = encryptedFormat.loadPreferences(AAPSMocker.getMockedFile(), "sikret")
assumeAES256isSupported(cryptoUtil)
// contents were not tampered and we can decrypt them // contents were not tampered and we can decrypt them
Assert.assertThat(prefs.values.size, CoreMatchers.`is`(2)) Assert.assertThat(prefs.values.size, CoreMatchers.`is`(2))
@ -173,7 +182,7 @@ class EncryptedPrefsFormatTest : TestBase() {
"}" "}"
val storage = SingleStringStorage(frozenPrefs) val storage = SingleStringStorage(frozenPrefs)
val encryptedFormat = EncryptedPrefsFormat(resourceHelper, storage) val encryptedFormat = EncryptedPrefsFormat(resourceHelper, cryptoUtil, storage)
val prefs = encryptedFormat.loadPreferences(AAPSMocker.getMockedFile(), "sikret") val prefs = encryptedFormat.loadPreferences(AAPSMocker.getMockedFile(), "sikret")
Assert.assertThat(prefs.values.size, CoreMatchers.`is`(0)) Assert.assertThat(prefs.values.size, CoreMatchers.`is`(0))
@ -188,7 +197,7 @@ class EncryptedPrefsFormatTest : TestBase() {
"}" "}"
val storage = SingleStringStorage(frozenPrefs) val storage = SingleStringStorage(frozenPrefs)
val encryptedFormat = EncryptedPrefsFormat(resourceHelper, storage) val encryptedFormat = EncryptedPrefsFormat(resourceHelper, cryptoUtil, storage)
val prefs = encryptedFormat.loadPreferences(AAPSMocker.getMockedFile(), "sikret") val prefs = encryptedFormat.loadPreferences(AAPSMocker.getMockedFile(), "sikret")
Assert.assertThat(prefs.values.size, CoreMatchers.`is`(0)) Assert.assertThat(prefs.values.size, CoreMatchers.`is`(0))
@ -200,7 +209,7 @@ class EncryptedPrefsFormatTest : TestBase() {
val frozenPrefs = "whatever man, i duno care" val frozenPrefs = "whatever man, i duno care"
val storage = SingleStringStorage(frozenPrefs) val storage = SingleStringStorage(frozenPrefs)
val encryptedFormat = EncryptedPrefsFormat(resourceHelper, storage) val encryptedFormat = EncryptedPrefsFormat(resourceHelper, cryptoUtil, storage)
encryptedFormat.loadPreferences(AAPSMocker.getMockedFile(), "sikret") encryptedFormat.loadPreferences(AAPSMocker.getMockedFile(), "sikret")
} }
@ -219,7 +228,7 @@ class EncryptedPrefsFormatTest : TestBase() {
"}" "}"
val storage = SingleStringStorage(frozenPrefs) val storage = SingleStringStorage(frozenPrefs)
val encryptedFormat = EncryptedPrefsFormat(resourceHelper, storage) val encryptedFormat = EncryptedPrefsFormat(resourceHelper, cryptoUtil, storage)
encryptedFormat.loadPreferences(AAPSMocker.getMockedFile(), "sikret") encryptedFormat.loadPreferences(AAPSMocker.getMockedFile(), "sikret")
} }

View file

@ -1,16 +1,31 @@
package info.nightscout.androidaps.utils package info.nightscout.androidaps.utils
import info.nightscout.androidaps.TestBase import info.nightscout.androidaps.TestBase
import org.hamcrest.CoreMatchers.containsString
import org.hamcrest.CoreMatchers.not
import org.junit.Assert import org.junit.Assert
import org.junit.Assume.assumeThat
import org.junit.Test import org.junit.Test
import org.junit.runner.RunWith import org.junit.runner.RunWith
import org.powermock.core.classloader.annotations.PowerMockIgnore import org.powermock.core.classloader.annotations.PowerMockIgnore
import org.powermock.modules.junit4.PowerMockRunner import org.powermock.modules.junit4.PowerMockRunner
// https://stackoverflow.com/questions/52344522/joseexception-couldnt-create-aes-gcm-nopadding-cipher-illegal-key-size
// https://stackoverflow.com/questions/47708951/can-aes-256-work-on-android-devices-with-api-level-26
// Java prior to Oracle Java 8u161 does not have policy for 256 bit AES - but Android support it
// when test is run in Vanilla JVM without policy - Invalid key size exception is thrown
fun assumeAES256isSupported(cryptoUtil: CryptoUtil) {
cryptoUtil.lastException?.message?.let { exceptionMessage ->
assumeThat("Upgrade your testing environment Java (OpenJDK or Java 8u161) and JAVA_HOME - AES 256 is supported by Android so this exception should not happen!", exceptionMessage, not(containsString("key size")))
}
}
@PowerMockIgnore("javax.crypto.*") @PowerMockIgnore("javax.crypto.*")
@RunWith(PowerMockRunner::class) @RunWith(PowerMockRunner::class)
class CryptoUtilTest: TestBase() { class CryptoUtilTest: TestBase() {
var cryptoUtil: CryptoUtil = CryptoUtil(aapsLogger)
@Test @Test
fun testFixedSaltCrypto() { fun testFixedSaltCrypto() {
val salt = byteArrayOf( val salt = byteArrayOf(
@ -19,30 +34,36 @@ class CryptoUtilTest: TestBase() {
val password = "thisIsFixedPassword" val password = "thisIsFixedPassword"
val payload = "FIXED-PAYLOAD" val payload = "FIXED-PAYLOAD"
val encrypted = CryptoUtil.encrypt(password, salt, payload)
val encrypted = cryptoUtil.encrypt(password, salt, payload)
assumeAES256isSupported(cryptoUtil)
Assert.assertNotNull(encrypted) Assert.assertNotNull(encrypted)
val decrypted = CryptoUtil.decrypt(password, salt, encrypted!!)
val decrypted = cryptoUtil.decrypt(password, salt, encrypted!!)
assumeAES256isSupported(cryptoUtil)
Assert.assertEquals(decrypted, payload) Assert.assertEquals(decrypted, payload)
} }
@Test @Test
fun testStandardCrypto() { fun testStandardCrypto() {
val salt = CryptoUtil.mineSalt() val salt = cryptoUtil.mineSalt()
val password = "topSikret" val password = "topSikret"
val payload = "{what:payloadYouWantToProtect}" val payload = "{what:payloadYouWantToProtect}"
val encrypted = CryptoUtil.encrypt(password, salt, payload)
val encrypted = cryptoUtil.encrypt(password, salt, payload)
assumeAES256isSupported(cryptoUtil)
Assert.assertNotNull(encrypted) Assert.assertNotNull(encrypted)
val decrypted = CryptoUtil.decrypt(password, salt, encrypted!!)
val decrypted = cryptoUtil.decrypt(password, salt, encrypted!!)
assumeAES256isSupported(cryptoUtil)
Assert.assertEquals(decrypted, payload) Assert.assertEquals(decrypted, payload)
} }
@Test @Test
fun testHashVector() { fun testHashVector() {
val payload = "{what:payloadYouWantToProtect}" val payload = "{what:payloadYouWantToProtect}"
val hash = CryptoUtil.sha256(payload) val hash = cryptoUtil.sha256(payload)
Assert.assertEquals(hash, "a1aafe3ed6cc127e6d102ddbc40a205147230e9cfd178daf108c83543bbdcd13") Assert.assertEquals(hash, "a1aafe3ed6cc127e6d102ddbc40a205147230e9cfd178daf108c83543bbdcd13")
} }
@ -51,25 +72,25 @@ class CryptoUtilTest: TestBase() {
val payload = "{what:payloadYouWantToProtect}" val payload = "{what:payloadYouWantToProtect}"
val password = "topSikret" val password = "topSikret"
val expectedHmac = "ea2213953d0f2e55047cae2d23fb4f0de1b805d55e6271efa70d6b85fb692bea" // generated using other HMAC tool val expectedHmac = "ea2213953d0f2e55047cae2d23fb4f0de1b805d55e6271efa70d6b85fb692bea" // generated using other HMAC tool
val hash = CryptoUtil.hmac256(payload, password) val hash = cryptoUtil.hmac256(payload, password)
Assert.assertEquals(hash, expectedHmac) Assert.assertEquals(hash, expectedHmac)
} }
@Test @Test
fun testPlainPasswordCheck() { fun testPlainPasswordCheck() {
Assert.assertTrue(CryptoUtil.checkPassword("same", "same")) Assert.assertTrue(cryptoUtil.checkPassword("same", "same"))
Assert.assertFalse(CryptoUtil.checkPassword("same", "other")) Assert.assertFalse(cryptoUtil.checkPassword("same", "other"))
} }
@Test @Test
fun testHashedPasswordCheck() { fun testHashedPasswordCheck() {
Assert.assertTrue(CryptoUtil.checkPassword("givenSecret", CryptoUtil.hashPassword("givenSecret"))) Assert.assertTrue(cryptoUtil.checkPassword("givenSecret", cryptoUtil.hashPassword("givenSecret")))
Assert.assertFalse(CryptoUtil.checkPassword("givenSecret", CryptoUtil.hashPassword("otherSecret"))) Assert.assertFalse(cryptoUtil.checkPassword("givenSecret", cryptoUtil.hashPassword("otherSecret")))
Assert.assertTrue(CryptoUtil.checkPassword("givenHashToCheck", "hmac:7fe5f9c7b4b97c5d32d5cfad9d07473543a9938dc07af48a46dbbb49f4f68c12:a0c7cee14312bbe31b51359a67f0d2dfdf46813f319180269796f1f617a64be1")) Assert.assertTrue(cryptoUtil.checkPassword("givenHashToCheck", "hmac:7fe5f9c7b4b97c5d32d5cfad9d07473543a9938dc07af48a46dbbb49f4f68c12:a0c7cee14312bbe31b51359a67f0d2dfdf46813f319180269796f1f617a64be1"))
Assert.assertFalse(CryptoUtil.checkPassword("givenMashToCheck", "hmac:7fe5f9c7b4b97c5d32d5cfad9d07473543a9938dc07af48a46dbbb49f4f68c12:a0c7cee14312bbe31b51359a67f0d2dfdf46813f319180269796f1f617a64be1")) Assert.assertFalse(cryptoUtil.checkPassword("givenMashToCheck", "hmac:7fe5f9c7b4b97c5d32d5cfad9d07473543a9938dc07af48a46dbbb49f4f68c12:a0c7cee14312bbe31b51359a67f0d2dfdf46813f319180269796f1f617a64be1"))
Assert.assertFalse(CryptoUtil.checkPassword("givenHashToCheck", "hmac:0fe5f9c7b4b97c5d32d5cfad9d07473543a9938dc07af48a46dbbb49f4f68c12:a0c7cee14312bbe31b51359a67f0d2dfdf46813f319180269796f1f617a64be1")) Assert.assertFalse(cryptoUtil.checkPassword("givenHashToCheck", "hmac:0fe5f9c7b4b97c5d32d5cfad9d07473543a9938dc07af48a46dbbb49f4f68c12:a0c7cee14312bbe31b51359a67f0d2dfdf46813f319180269796f1f617a64be1"))
Assert.assertFalse(CryptoUtil.checkPassword("givenHashToCheck", "hmac:7fe5f9c7b4b97c5d32d5cfad9d07473543a9938dc07af48a46dbbb49f4f68c12:b0c7cee14312bbe31b51359a67f0d2dfdf46813f319180269796f1f617a64be1")) Assert.assertFalse(cryptoUtil.checkPassword("givenHashToCheck", "hmac:7fe5f9c7b4b97c5d32d5cfad9d07473543a9938dc07af48a46dbbb49f4f68c12:b0c7cee14312bbe31b51359a67f0d2dfdf46813f319180269796f1f617a64be1"))
} }
} }