turning Sjcl test case into property based one, implemented paste generator facility in Helper

This commit is contained in:
El RIDO 2017-02-26 16:46:10 +01:00
parent aad162895c
commit 6a9f3303dc
No known key found for this signature in database
GPG Key ID: 0F5C940A6BD81F92
2 changed files with 160 additions and 21 deletions

View File

@ -1,6 +1,7 @@
<?php
use PrivateBin\Persistence\ServerSalt;
use Eris\Generator;
error_reporting(E_ALL | E_STRICT);
@ -110,7 +111,7 @@ class Helper
}
/**
* get example paste
* get example paste as JSON
*
* @return array
*/
@ -129,6 +130,68 @@ class Helper
return json_encode($example);
}
/**
* get paste generator
*
* @return array
*/
public static function getPasteGenerator($meta = array(), $withAttachment = false)
{
$generatedMeta = array(
'salt' => ServerSalt::generate(),
'formatter' => Generator\elements('plaintext', 'syntaxhighlighting', 'markdown'),
'postdate' => Generator\int(),
'opendiscussion' => Generator\elements(true, false),
);
$generatedMeta = array_merge($generatedMeta, $meta);
$example = array(
'data' => Generator\associative(array(
'iv' => Generator\vector(16, Generator\byte()),
'v' => 1,
'iter' => Generator\choose(100, 100000),
'ks' => Generator\elements(128, 192, 256),
'ts' => Generator\elements(64, 96, 128),
'mode' => Generator\elements('ccm', 'ocb2', 'gcm'),
'adata' => Generator\string(),
'cipher'=> 'aes',
'salt' => Generator\vector(8, Generator\byte()),
'ct' => Generator\seq(Generator\byte()),
)),
'meta' => Generator\associative($generatedMeta),
);
if ($withAttachment) {
$example['attachment'] = $example['attachmentname'] = $example['data'];
}
return Generator\associative($example);
}
/**
* get paste from generated random array
*
* @return array
*/
public static function getPasteFromGeneratedArray($paste)
{
$paste['data']['iv'] = self::byteArray2Base64($paste['data']['iv']);
$paste['data']['salt'] = self::byteArray2Base64($paste['data']['salt']);
// deflate cipher text to maximize entropy
$paste['data']['ct'] = self::byteArray2Base64($paste['data']['ct'], true);
$paste['data'] = json_encode($paste['data']);
if (array_key_exists('attachment', $paste)) {
$paste['attachment']['iv'] = self::byteArray2Base64($paste['attachment']['iv']);
$paste['attachment']['salt'] = self::byteArray2Base64($paste['attachment']['salt']);
$paste['attachment']['ct'] = self::byteArray2Base64($paste['attachment']['ct'], true);
$paste['attachment'] = json_encode($paste['attachment']);
}
if (array_key_exists('attachmentname', $paste)) {
$paste['attachmentname']['iv'] = self::byteArray2Base64($paste['attachmentname']['iv']);
$paste['attachmentname']['salt'] = self::byteArray2Base64($paste['attachmentname']['salt']);
$paste['attachmentname']['ct'] = self::byteArray2Base64($paste['attachmentname']['ct'], true);
$paste['attachmentname'] = json_encode($paste['attachmentname']);
}
return $paste;
}
/**
* get example paste ID
*
@ -282,6 +345,24 @@ class Helper
}
}
/**
* get example paste ID
*
* @param array $bytes
* @return string
*/
public static function byteArray2Base64($bytes, $deflate = false)
{
$string = implode(
array_map('chr', $bytes)
);
// optional deflate to maximize entropy
if ($deflate) {
$string = gzdeflate($string);
}
return base64_encode($string);
}
/**
* update all templates with the latest SRI hashes for all JS files
*

View File

@ -1,31 +1,89 @@
<?php
use PrivateBin\Sjcl;
use Eris\Generator;
class SjclTest extends PHPUnit_Framework_TestCase
{
use Eris\TestTrait;
public function testSjclValidatorValidatesCorrectly()
{
$paste = Helper::getPasteWithAttachment();
$this->minimumEvaluationRatio(0.01)->forAll(
Helper::getPasteGenerator(array(), true),
Generator\string(),
Generator\string(),
Generator\choose(0,100)
)->then(
function ($pasteArray, $key, $value, $lowInt)
{
$paste = Helper::getPasteFromGeneratedArray($pasteArray);
$this->assertTrue(Sjcl::isValid($paste['data']), 'valid sjcl');
$this->assertTrue(Sjcl::isValid($paste['attachment']), 'valid sjcl');
$this->assertTrue(Sjcl::isValid($paste['attachmentname']), 'valid sjcl');
$this->assertTrue(Sjcl::isValid(Helper::getComment()['data']), 'valid sjcl');
$this->assertTrue(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'valid sjcl');
$this->assertFalse(Sjcl::isValid('{"iv":"$","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid base64 encoding of iv');
$this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"$","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid base64 encoding of salt');
$this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"$"}'), 'invalid base64 encoding of ct');
$this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"bm9kYXRhbm9kYXRhbm9kYXRhbm9kYXRhbm9kYXRhCg=="}'), 'low ct entropy');
$this->assertFalse(Sjcl::isValid('{"iv":"MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'iv to long');
$this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'salt to long');
$this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA","foo":"MTIzNDU2Nzg5MDEyMzQ1Njc4OTA="}'), 'invalid additional key');
$this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":0.9,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'unsupported version');
$this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":100,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'not enough iterations');
$this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":127,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid key size');
$this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":63,"mode":"ccm","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid tag length');
$this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"!#@","adata":"","cipher":"aes","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid mode');
$this->assertFalse(Sjcl::isValid('{"iv":"83Ax/OdUav3SanDW9dcQPg","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"!#@","salt":"Gx1vA2/gQ3U","ct":"j7ImByuE5xCqD2YXm6aSyA"}'), 'invalid cipher');
// common error cases
$this->assertFalse(Sjcl::isValid($value), 'non-json data');
$sjclArray = json_decode($paste['data'], true);
$sjclError = $sjclArray;
$sjclError['iv'] = '$' . $value;
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'invalid base64 encoding of iv');
$sjclError = $sjclArray;
$sjclError['salt'] = '$' . $value;
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'invalid base64 encoding of salt');
$sjclError = $sjclArray;
$sjclError['ct'] = '$' . $value;
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'invalid base64 encoding of ct');
$sjclError = $sjclArray;
$sjclError['ct'] = 'bm9kYXRhbm9kYXRhbm9kYXRhbm9kYXRhbm9kYXRhCg==';
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'low ct entropy');
$sjclError = $sjclArray;
$sjclError['iv'] = 'MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=';
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'iv to long');
$sjclError = $sjclArray;
$sjclError['salt'] = 'MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=';
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'salt to long');
$sjclError = $sjclArray;
$sjclError[$key] = $value;
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'invalid additional key');
if (!in_array($key, array('1', 'ccm', 'ocb2', 'gcm', 'aes'))) {
$sjclError = $sjclArray;
$sjclError['v'] = $key;
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'unsupported version');
$sjclError = $sjclArray;
$sjclError['mode'] = $key;
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'invalid mode');
$sjclError = $sjclArray;
$sjclError['cipher'] = $key;
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'invalid cipher');
}
$sjclError = $sjclArray;
$sjclError['iter'] = $lowInt;
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'not enough iterations');
if (!in_array($lowInt, array(64, 96))) {
$sjclError = $sjclArray;
$sjclError['ks'] = $lowInt;
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'invalid key size');
$sjclError = $sjclArray;
$sjclError['ts'] = $lowInt;
$this->assertFalse(Sjcl::isValid(json_encode($sjclError)), 'invalid authentication strength');
}
// @note adata is not validated, except as part of the total message length
}
);
$this->assertTrue(Sjcl::isValid(Helper::getComment()['data']), 'valid sjcl');
}
}