From: Kevin Ottens <kevin.ottens@nextcloud.com>
Date: Mon, 10 Aug 2020 09:01:49 +0000 (+0200)
Subject: Add unit tests for the encryption helpers
X-Git-Tag: archive/raspbian/3.16.7-1_deb13u1+rpi1~1^2~12^2~22^2~242^2~4
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=26b88131cccde14ae29ccc03f97deecb3963ec20;p=nextcloud-desktop.git

Add unit tests for the encryption helpers

Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
---

diff --git a/src/libsync/clientsideencryption.h b/src/libsync/clientsideencryption.h
index d2779c2e5..cbfc2a6c0 100644
--- a/src/libsync/clientsideencryption.h
+++ b/src/libsync/clientsideencryption.h
@@ -29,20 +29,20 @@ namespace EncryptionHelper {
     QByteArray generateRandomFilename();
     QByteArray generateRandom(int size);
     QByteArray generatePassword(const QString &wordlist, const QByteArray& salt);
-    QByteArray encryptPrivateKey(
+    OWNCLOUDSYNC_EXPORT QByteArray encryptPrivateKey(
             const QByteArray& key,
             const QByteArray& privateKey,
             const QByteArray &salt
     );
-    QByteArray decryptPrivateKey(
+    OWNCLOUDSYNC_EXPORT QByteArray decryptPrivateKey(
             const QByteArray& key,
             const QByteArray& data
     );
-    QByteArray encryptStringSymmetric(
+    OWNCLOUDSYNC_EXPORT QByteArray encryptStringSymmetric(
             const QByteArray& key,
             const QByteArray& data
     );
-    QByteArray decryptStringSymmetric(
+    OWNCLOUDSYNC_EXPORT QByteArray decryptStringSymmetric(
             const QByteArray& key,
             const QByteArray& data
     );
diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
index 8a7a79049..40a22090c 100644
--- a/test/CMakeLists.txt
+++ b/test/CMakeLists.txt
@@ -40,6 +40,7 @@ nextcloud_add_test(ConcatUrl "")
 nextcloud_add_test(XmlParse "")
 nextcloud_add_test(ChecksumValidator "")
 
+nextcloud_add_test(ClientSideEncryption "")
 nextcloud_add_test(ExcludedFiles "")
 
 nextcloud_add_test(FileSystem "")
diff --git a/test/testclientsideencryption.cpp b/test/testclientsideencryption.cpp
new file mode 100644
index 000000000..495f62ecc
--- /dev/null
+++ b/test/testclientsideencryption.cpp
@@ -0,0 +1,100 @@
+/*
+   This software is in the public domain, furnished "as is", without technical
+   support, and with no warranty, express or implied, as to its usefulness for
+   any purpose.
+*/
+
+#include <QtTest>
+
+#include "clientsideencryption.h"
+
+using namespace OCC;
+
+class TestClientSideEncryption : public QObject
+{
+    Q_OBJECT
+
+private slots:
+    void shouldEncryptPrivateKeys()
+    {
+        // GIVEN
+        const auto encryptionKey = QByteArrayLiteral("foo");
+        const auto privateKey = QByteArrayLiteral("bar");
+        const auto originalSalt = QByteArrayLiteral("baz");
+
+        // WHEN
+        const auto cipher = EncryptionHelper::encryptPrivateKey(encryptionKey, privateKey, originalSalt);
+
+        // THEN
+        const auto parts = cipher.split('|');
+        QCOMPARE(parts.size(), 3);
+
+        const auto encryptedKey = QByteArray::fromBase64(parts[0]);
+        const auto iv = QByteArray::fromBase64(parts[1]);
+        const auto salt = QByteArray::fromBase64(parts[2]);
+
+        // We're not here to check the merits of the encryption but at least make sure it's been
+        // somewhat ciphered
+        QVERIFY(!encryptedKey.isEmpty());
+        QVERIFY(encryptedKey != privateKey);
+
+        QVERIFY(!iv.isEmpty());
+        QCOMPARE(salt, originalSalt);
+    }
+
+    void shouldDecryptPrivateKeys()
+    {
+        // GIVEN
+        const auto encryptionKey = QByteArrayLiteral("foo");
+        const auto originalPrivateKey = QByteArrayLiteral("bar");
+        const auto originalSalt = QByteArrayLiteral("baz");
+        const auto cipher = EncryptionHelper::encryptPrivateKey(encryptionKey, originalPrivateKey, originalSalt);
+
+        // WHEN (note the salt is not passed, so had to extract by hand)
+        const auto privateKey = EncryptionHelper::decryptPrivateKey(encryptionKey, cipher.left(cipher.lastIndexOf('|')));
+
+        // THEN
+        QCOMPARE(privateKey, originalPrivateKey);
+    }
+
+    void shouldSymmetricEncryptStrings()
+    {
+        // GIVEN
+        const auto encryptionKey = QByteArrayLiteral("foo");
+        const auto data = QByteArrayLiteral("bar");
+
+        // WHEN
+        const auto cipher = EncryptionHelper::encryptStringSymmetric(encryptionKey, data);
+
+        // THEN
+        const auto parts = cipher.split('|');
+        QCOMPARE(parts.size(), 2);
+
+        const auto encryptedData = QByteArray::fromBase64(parts[0]);
+        const auto iv = QByteArray::fromBase64(parts[1]);
+
+        // We're not here to check the merits of the encryption but at least make sure it's been
+        // somewhat ciphered
+        QVERIFY(!encryptedData.isEmpty());
+        QVERIFY(encryptedData != data);
+
+        QVERIFY(!iv.isEmpty());
+    }
+
+    void shouldSymmetricDecryptStrings()
+    {
+        // GIVEN
+        const auto encryptionKey = QByteArrayLiteral("foo");
+        const auto originalData = QByteArrayLiteral("bar");
+        const auto cipher = EncryptionHelper::encryptStringSymmetric(encryptionKey, originalData);
+
+        // WHEN (not it is still in base64 when returned)
+        const auto data = QByteArray::fromBase64(EncryptionHelper::decryptStringSymmetric(encryptionKey, cipher));
+
+        // THEN
+        QCOMPARE(data, originalData);
+    }
+};
+
+QTEST_APPLESS_MAIN(TestClientSideEncryption)
+#include "testclientsideencryption.moc"