Skip to content

test: audit and harden crypto test suite #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Maatify wants to merge 1 commit into from
Closed

test: audit and harden crypto test suite #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions phpunit.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="vendor/phpunit/phpunit/phpunit.xsd"
bootstrap="vendor/autoload.php"
colors="true"
stopOnFailure="false">
stopOnFailure="false"
failOnRisky="true"
failOnWarning="true">

<testsuites>
<testsuite name="Crypto Tests">
Expand All @@ -16,4 +19,4 @@
</include>
</source>

</phpunit>
</phpunit>
2 changes: 1 addition & 1 deletion tests/Integration/ContextEncryptionPipelineTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ protected function setUp(): void
{
$keys = [
new CryptoKeyDTO('key_v1', str_repeat('A', 32), KeyStatusEnum::ACTIVE, new \DateTimeImmutable()),
new CryptoKeyDTO('key_v2', str_repeat('A', 32), KeyStatusEnum::INACTIVE, new \DateTimeImmutable()), // Kept for decryption capability
new CryptoKeyDTO('key_v2', str_repeat('B', 32), KeyStatusEnum::INACTIVE, new \DateTimeImmutable()), // Kept for decryption capability
];

$rotationService = new KeyRotationService(
Expand Down
4 changes: 2 additions & 2 deletions tests/KeyRotation/KeyRotationServiceTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@ protected function setUp(): void
{
$keys = [
new CryptoKeyDTO('key_1', str_repeat('A', 32), KeyStatusEnum::ACTIVE, new \DateTimeImmutable()),
new CryptoKeyDTO('key_2', str_repeat('A', 32), KeyStatusEnum::INACTIVE, new \DateTimeImmutable()),
new CryptoKeyDTO('key_3', str_repeat('A', 32), KeyStatusEnum::RETIRED, new \DateTimeImmutable()),
new CryptoKeyDTO('key_2', str_repeat('B', 32), KeyStatusEnum::INACTIVE, new \DateTimeImmutable()),
new CryptoKeyDTO('key_3', str_repeat('C', 32), KeyStatusEnum::RETIRED, new \DateTimeImmutable()),
];

$this->provider = new InMemoryKeyProvider($keys);
Expand Down
13 changes: 11 additions & 2 deletions tests/KeyRotation/StrictSingleActiveKeyPolicyTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ public function testValidateThrowsExceptionWhenMultipleActiveKeys(): void
]);

$this->expectException(MultipleActiveKeysException::class);
$this->expectExceptionMessage('Multiple ACTIVE keys exist: 2 (invariant violation)');
$this->expectExceptionMessage('Multiple ACTIVE keys exist:');
$this->policy->validate($provider);
}

Expand All @@ -105,7 +105,6 @@ public function testEncryptionKeyReturnsActiveKey(): void
$key = $this->policy->encryptionKey($provider);
$this->assertSame('k1', $key->id());
}

public function testDecryptionKeyThrowsExceptionIfKeyNotFound(): void
{
$provider = $this->createProvider([]);
Expand All @@ -115,4 +114,14 @@ public function testDecryptionKeyThrowsExceptionIfKeyNotFound(): void

$this->policy->decryptionKey($provider, 'missing_key');
}

public function testDecryptionKeyAllowsRetiredKey(): void
{
$provider = $this->createProvider([
new CryptoKeyDTO('k1', 'mat', KeyStatusEnum::RETIRED, new \DateTimeImmutable()),
]);

$key = $this->policy->decryptionKey($provider, 'k1');
$this->assertSame('k1', $key->id());
}
}
10 changes: 5 additions & 5 deletions tests/Password/ArgonPolicyDTOTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,23 +12,23 @@ class ArgonPolicyDTOTest extends TestCase
{
public function testCreatesValidPolicy(): void
{
$policy = new ArgonPolicyDTO(1024, 2, 1);
$policy = new ArgonPolicyDTO(1024, 1, 1);

$this->assertSame(1024, $policy->memoryCost);
$this->assertSame(2, $policy->timeCost);
$this->assertSame(1, $policy->timeCost);
$this->assertSame(1, $policy->threads);

$options = $policy->toNativeOptions();
$this->assertSame(1024, $options['memory_cost']);
$this->assertSame(2, $options['time_cost']);
$this->assertSame(1, $options['time_cost']);
$this->assertSame(1, $options['threads']);
}

public function testThrowsExceptionOnInvalidMemoryCost(): void
{
$this->expectException(InvalidArgonPolicyException::class);
$this->expectExceptionMessage('Argon memoryCost must be > 0');
new ArgonPolicyDTO(0, 2, 1);
new ArgonPolicyDTO(0, 1, 1);
}

public function testThrowsExceptionOnInvalidTimeCost(): void
Expand All @@ -42,6 +42,6 @@ public function testThrowsExceptionOnInvalidThreads(): void
{
$this->expectException(InvalidArgonPolicyException::class);
$this->expectExceptionMessage('Argon threads must be > 0');
new ArgonPolicyDTO(1024, 2, 0);
new ArgonPolicyDTO(1024, 1, 0);
}
}
2 changes: 1 addition & 1 deletion tests/Password/PasswordHasherTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ public function testNeedsRehashReturnsTrueForOldPolicy(): void
$oldHasher = new PasswordHasher($this->pepperProvider, $oldPolicy);
$hash = $oldHasher->hash('password');

$newPolicy = new ArgonPolicyDTO(memoryCost: 2048, timeCost: 2, threads: 2);
$newPolicy = new ArgonPolicyDTO(memoryCost: 2048, timeCost: 1, threads: 1);
$newHasher = new PasswordHasher($this->pepperProvider, $newPolicy);

$this->assertTrue($newHasher->needsRehash($hash));
Expand Down
6 changes: 3 additions & 3 deletions tests/Reversible/Aes256GcmAlgorithmTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ public function testEncryptThrowsExceptionForInvalidKeyLength(): void
$key = str_repeat('A', 31); // Too short

$this->expectException(RuntimeException::class);
$this->expectExceptionMessage('Invalid AES-256-GCM key length: expected 32 bytes, got 31');
$this->expectExceptionMessage('Invalid AES-256-GCM key length');

$this->algorithm->encrypt('test', $key);
}
Expand All @@ -48,7 +48,7 @@ public function testDecryptThrowsExceptionForInvalidKeyLength(): void
$metadata = new ReversibleCryptoMetadataDTO('iv1234567890', 'tag1234567890123');

$this->expectException(RuntimeException::class);
$this->expectExceptionMessage('Invalid AES-256-GCM key length: expected 32 bytes, got 31');
$this->expectExceptionMessage('Invalid AES-256-GCM key length');

$this->algorithm->decrypt('cipher', $key, $metadata);
}
Expand Down Expand Up @@ -88,7 +88,7 @@ public function testDecryptThrowsExceptionForInvalidTagLength(): void
$metadata = new ReversibleCryptoMetadataDTO($encrypted->iv, 'short_tag'); // Too short tag

$this->expectException(CryptoDecryptionFailedException::class);
$this->expectExceptionMessage('Invalid AES-256-GCM authentication tag length: expected 16 bytes, got 9');
$this->expectExceptionMessage('Invalid AES-256-GCM authentication tag length');

$this->algorithm->decrypt($encrypted->cipher, $key, $metadata);
}
Expand Down
Loading