turning Sjcl test case into property based one, implemented paste generator facility in Helper
This commit is contained in:
El RIDO
parent
aad162895c
commit
6a9f3303dc
2 changed files with 160 additions and 21 deletions
|
|
@ -1,6 +1,7 @@
|
|||
<?php
|
||||
|
||||
use PrivateBin\Persistence\ServerSalt;
|
||||
use Eris\Generator;
|
||||
|
||||
error_reporting(E_ALL | E_STRICT);
|
||||
|
||||
|
|
@ -110,7 +111,7 @@ class Helper
|
|||
}
|
||||
|
||||
/**
|
||||
* get example paste
|
||||
* get example paste as JSON
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
|
|
@ -129,6 +130,68 @@ class Helper
|
|||
return json_encode($example);
|
||||
}
|
||||
|
||||
/**
|
||||
* get paste generator
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public static function getPasteGenerator($meta = array(), $withAttachment = false)
|
||||
{
|
||||
$generatedMeta = array(
|
||||
'salt' => ServerSalt::generate(),
|
||||
'formatter' => Generator\elements('plaintext', 'syntaxhighlighting', 'markdown'),
|
||||
'postdate' => Generator\int(),
|
||||
'opendiscussion' => Generator\elements(true, false),
|
||||
);
|
||||
$generatedMeta = array_merge($generatedMeta, $meta);
|
||||
$example = array(
|
||||
'data' => Generator\associative(array(
|
||||
'iv' => Generator\vector(16, Generator\byte()),
|
||||
'v' => 1,
|
||||
'iter' => Generator\choose(100, 100000),
|
||||
'ks' => Generator\elements(128, 192, 256),
|
||||
'ts' => Generator\elements(64, 96, 128),
|
||||
'mode' => Generator\elements('ccm', 'ocb2', 'gcm'),
|
||||
'adata' => Generator\string(),
|
||||
'cipher'=> 'aes',
|
||||
'salt' => Generator\vector(8, Generator\byte()),
|
||||
'ct' => Generator\seq(Generator\byte()),
|
||||
)),
|
||||
'meta' => Generator\associative($generatedMeta),
|
||||
);
|
||||
if ($withAttachment) {
|
||||
$example['attachment'] = $example['attachmentname'] = $example['data'];
|
||||
}
|
||||
return Generator\associative($example);
|
||||
}
|
||||
|
||||
/**
|
||||
* get paste from generated random array
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public static function getPasteFromGeneratedArray($paste)
|
||||
{
|
||||
$paste['data']['iv'] = self::byteArray2Base64($paste['data']['iv']);
|
||||
$paste['data']['salt'] = self::byteArray2Base64($paste['data']['salt']);
|
||||
// deflate cipher text to maximize entropy
|
||||
$paste['data']['ct'] = self::byteArray2Base64($paste['data']['ct'], true);
|
||||
$paste['data'] = json_encode($paste['data']);
|
||||
if (array_key_exists('attachment', $paste)) {
|
||||
$paste['attachment']['iv'] = self::byteArray2Base64($paste['attachment']['iv']);
|
||||
$paste['attachment']['salt'] = self::byteArray2Base64($paste['attachment']['salt']);
|
||||
$paste['attachment']['ct'] = self::byteArray2Base64($paste['attachment']['ct'], true);
|
||||
$paste['attachment'] = json_encode($paste['attachment']);
|
||||
}
|
||||
if (array_key_exists('attachmentname', $paste)) {
|
||||
$paste['attachmentname']['iv'] = self::byteArray2Base64($paste['attachmentname']['iv']);
|
||||
$paste['attachmentname']['salt'] = self::byteArray2Base64($paste['attachmentname']['salt']);
|
||||
$paste['attachmentname']['ct'] = self::byteArray2Base64($paste['attachmentname']['ct'], true);
|
||||
$paste['attachmentname'] = json_encode($paste['attachmentname']);
|
||||
}
|
||||
return $paste;
|
||||
}
|
||||
|
||||
/**
|
||||
* get example paste ID
|
||||
*
|
||||
|
|
@ -282,6 +345,24 @@ class Helper
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* get example paste ID
|
||||
*
|
||||
* @param array $bytes
|
||||
* @return string
|
||||
*/
|
||||
public static function byteArray2Base64($bytes, $deflate = false)
|
||||
{
|
||||
$string = implode(
|
||||
array_map('chr', $bytes)
|
||||
);
|
||||
// optional deflate to maximize entropy
|
||||
if ($deflate) {
|
||||
$string = gzdeflate($string);
|
||||
}
|
||||
return base64_encode($string);
|
||||
}
|
||||
|
||||
/**
|
||||
* update all templates with the latest SRI hashes for all JS files
|
||||
*
|
||||
|
|
|
|||
|
|
@ -1,31 +1,89 @@
|
|||
<?php
|
||||
|
||||
use PrivateBin\Sjcl;
|
||||
use Eris\Generator;
|
||||
|
||||
class SjclTest extends PHPUnit_Framework_TestCase
|
||||
{
|
||||
use Eris\TestTrait;
|
||||
|
||||
public function testSjclValidatorValidatesCorrectly()
|
||||
{
|
||||
$paste = Helper::getPasteWithAttachment();
|
||||
$this->assertTrue(Sjcl::isValid($paste['data']), 'valid sjcl');
|
||||
$this->assertTrue(Sjcl::isValid($paste['attachment']), 'valid sjcl');
|
||||
$this->assertTrue(Sjcl::isValid($paste['attachmentname']), 'valid sjcl');
|
||||
$this->assertTrue(Sjcl::isValid(Helper::getComment()['data']), 'valid sjcl');
|
||||
$this->minimumEvaluationRatio(0.01)->forAll(
|
||||
Helper::getPasteGenerator(array(), true),
|
||||
Generator\string(),
|
||||
Generator\string(),
|
||||
Generator\choose(0,100)
|
||||
)->then(
|
||||
function ($pasteArray, $key, $value, $lowInt)
|
||||
{
|
||||
$paste = Helper::getPasteFromGeneratedArray($pasteArray);
|
||||
$this->assertTrue(Sjcl::isValid($paste['data']), 'valid sjcl');
|
||||
$this->assertTrue(Sjcl::isValid($paste['attachment']), 'valid sjcl');
|
||||
$this->assertTrue(Sjcl::isValid($paste['attachmentname']), 'valid sjcl');
|
||||
|
||||
$this->assertTrue(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'valid sjcl');
|
||||
$this->assertFalse(Sjcl::isValid('{"iv":"$","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid base64 encoding of iv');
|
||||
$this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"$","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid base64 encoding of salt');
|
||||
$this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"$"}'), 'invalid base64 encoding of ct');
|
||||
$this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"bm9kYXRhbm9kYXRhbm9kYXRhbm9kYXRhbm9kYXRhCg=="}'), 'low ct entropy');
|
||||
$this->assertFalse(Sjcl::isValid('{"iv":"MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'iv to long');
|
||||
$this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'salt to long');
|
||||
$this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA","foo":"MTIzNDU2Nzg5MDEyMzQ1Njc4OTA="}'), 'invalid additional key');
|
||||
$this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":0.9,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'unsupported version');
|
||||
$this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":100,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'not enough iterations');
|
||||
$this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":127,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid key size');
|
||||
$this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":63,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid tag length');
|
||||
$this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"!#@","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid mode');
|
||||
$this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"!#@","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid cipher');
|
||||
// @note adata is not validated, except as part of the total message length
|
||||
// common error cases
|
||||
$this->assertFalse(Sjcl::isValid($value), 'non-json data');
|
||||
|
||||
$sjclArray = json_decode($paste['data'], true);
|
||||
$sjclError = $sjclArray;
|
||||
$sjclError['iv'] = '$' . $value;
|
||||
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'invalid base64 encoding of iv');
|
||||
|
||||
$sjclError = $sjclArray;
|
||||
$sjclError['salt'] = '$' . $value;
|
||||
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'invalid base64 encoding of salt');
|
||||
|
||||
$sjclError = $sjclArray;
|
||||
$sjclError['ct'] = '$' . $value;
|
||||
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'invalid base64 encoding of ct');
|
||||
|
||||
$sjclError = $sjclArray;
|
||||
$sjclError['ct'] = 'bm9kYXRhbm9kYXRhbm9kYXRhbm9kYXRhbm9kYXRhCg==';
|
||||
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'low ct entropy');
|
||||
|
||||
$sjclError = $sjclArray;
|
||||
$sjclError['iv'] = 'MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=';
|
||||
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'iv to long');
|
||||
|
||||
$sjclError = $sjclArray;
|
||||
$sjclError['salt'] = 'MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=';
|
||||
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'salt to long');
|
||||
|
||||
$sjclError = $sjclArray;
|
||||
$sjclError[$key] = $value;
|
||||
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'invalid additional key');
|
||||
|
||||
if (!in_array($key, array('1', 'ccm', 'ocb2', 'gcm', 'aes'))) {
|
||||
$sjclError = $sjclArray;
|
||||
$sjclError['v'] = $key;
|
||||
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'unsupported version');
|
||||
|
||||
$sjclError = $sjclArray;
|
||||
$sjclError['mode'] = $key;
|
||||
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'invalid mode');
|
||||
|
||||
$sjclError = $sjclArray;
|
||||
$sjclError['cipher'] = $key;
|
||||
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'invalid cipher');
|
||||
}
|
||||
|
||||
$sjclError = $sjclArray;
|
||||
$sjclError['iter'] = $lowInt;
|
||||
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'not enough iterations');
|
||||
|
||||
if (!in_array($lowInt, array(64, 96))) {
|
||||
$sjclError = $sjclArray;
|
||||
$sjclError['ks'] = $lowInt;
|
||||
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'invalid key size');
|
||||
|
||||
$sjclError = $sjclArray;
|
||||
$sjclError['ts'] = $lowInt;
|
||||
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'invalid authentication strength');
|
||||
}
|
||||
// @note adata is not validated, except as part of the total message length
|
||||
}
|
||||
);
|
||||
$this->assertTrue(Sjcl::isValid(Helper::getComment()['data']), 'valid sjcl');
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue