Adopted encryption from test project

28655e83 · Klaus Fischer · 870d6063 · 28655e83 · 28655e83 · 28655e83
Commit 28655e83 authored 2 years ago by Klaus Fischer
--- a/Encryption/FitEncryption.cs
+++ b/Encryption/FitEncryption.cs
@@ -2,6 +2,8 @@ using Microsoft.Extensions.Logging;

 namespace FitConnect.Encryption;

+// TODO: Throw useful error on macOS to add environment variable DYLD_LIBRARY_PATH to the path.
+
 public record KeySet(string? PrivateKeyDecryption,
    string? PrivateKeySigning, string? PublicKeyEncryption, string? PublicKeySignatureVerification
 );
@@ -37,27 +39,35 @@ public class FitEncryption {
        PublicKeySignatureVerification = keySet.PublicKeySignatureVerification;
    }

-    public (string cypher, byte[] tag) Decrypt(string cypherText) {
+    public (string plainText, byte[] plainBytes, byte[] tag) Decrypt(string cypherText, string key) =>
+        _encryptor.Decrypt(key, cypherText);
+
+    public (string plainText, byte[] plainBytes, byte[] tag) Decrypt(string cypherText) {
        if (PrivateKeyDecryption == null) {
            throw new InvalidOperationException("PrivateKey is not provided");
        }

-        return _encryptor.Decrypt(PrivateKeyDecryption, cypherText);
+        return Decrypt(cypherText, PrivateKeyDecryption);
    }

+
+    public string Encrypt(string plainText, string key) => _encryptor.Encrypt(key, plainText);
+
    public string Encrypt(string plain) {
-        if (PrivateKeyDecryption == null) {
+        if (PublicKeyEncryption == null) {
            throw new InvalidOperationException("PrivateKey is not provided");
        }

-        return _encryptor.Encrypt( PrivateKeyDecryption, plain);
+        return Encrypt(plain, PublicKeyEncryption);
    }

+    public string Encrypt(byte[] plain, string key) => _encryptor.Encrypt(key, plain);
+
    public string Encrypt(byte[] plain) {
-        if (PrivateKeyDecryption == null) {
+        if (PublicKeyEncryption == null) {
            throw new InvalidOperationException("PrivateKey is not provided");
        }

-        return _encryptor.Encrypt(PrivateKeyDecryption, plain);
+        return Encrypt(plain, PublicKeyEncryption);
    }
 }
--- a/Encryption/IEncryptor.cs
+++ b/Encryption/IEncryptor.cs
@@ -6,7 +6,7 @@ using Base64Url = Jose.Base64Url;
 namespace FitConnect.Encryption;

 public interface IEncryptor {
+    public (string plainText, byte[] plainBytes, byte[] tag) Decrypt(string key, string cipher);
    public string Encrypt(string key, string plain);
-    public (string cypher, byte[] tag) Decrypt(string key, string cipher);
    public string Encrypt(string key, byte[] plain);
 }
\ No newline at end of file
--- a/Encryption/JoseEncryptor.cs
+++ b/Encryption/JoseEncryptor.cs
@@ -3,32 +3,33 @@ using Jose;
 namespace FitConnect.Encryption;

 public class JoseEncryptor : IEncryptor {
-    private string Encrypt(Jwk key, string plain) {
-        return JWE.Encrypt(plain,
-            new JweRecipient[] { new JweRecipient(JweAlgorithm.RSA_OAEP, key) },
-            JweEncryption.A256GCM, compression: JweCompression.DEF);
-    }
+    private const JweEncryption Encryption = JweEncryption.A256GCM;
+    private const JweCompression Compression = JweCompression.DEF;
+    private const JweAlgorithm Algorithm = JweAlgorithm.RSA_OAEP;

-    private (string cypher, byte[] tag) Decrypt(Jwk key, string payload) {
+    private (string plainText, byte[] plainBytes, byte[] tag) Decrypt(Jwk key, string payload) {
        var result = JWE.Decrypt(payload, key);

-        return (result.Plaintext, result.AuthTag);
+        return (result.Plaintext, result.PlaintextBytes, result.AuthTag);
    }

-    public string Encrypt(string key, string plain) {
+
+    public (string plainText, byte[] plainBytes, byte[] tag) Decrypt(string key, string cipher) {
        var jwk = Jwk.FromJson(key, new Jose.JsonMapper());
-        return Encrypt(jwk, plain);
+        return Decrypt(jwk, cipher);
    }

-    public (string cypher, byte[] tag) Decrypt(string key, string cipher) {
+    public string Encrypt(string key, string plain) {
        var jwk = Jwk.FromJson(key, new Jose.JsonMapper());
-        return Decrypt(jwk, cipher);
+        return JWE.Encrypt(plain,
+            new JweRecipient[] { new JweRecipient(Algorithm, jwk) },
+            Encryption, compression: Compression);
    }

    public string Encrypt(string key, byte[] plain) {
        var jwk = Jwk.FromJson(key, new Jose.JsonMapper());
        return JWE.EncryptBytes(plain,
-            new JweRecipient[] { new JweRecipient(JweAlgorithm.RSA_OAEP, key) },
-            JweEncryption.A256GCM, compression: JweCompression.DEF);
+            new JweRecipient[] { new JweRecipient(Algorithm, jwk) },
+            Encryption, compression: Compression);
    }
 }
--- a/EncryptionTests/EncryptionTests.csproj
+++ b/EncryptionTests/EncryptionTests.csproj
@@ -25,7 +25,6 @@
    </ItemGroup>

    <ItemGroup>
-        <Folder Include="assets" />
        <Folder Include="Certificates" />
    </ItemGroup>


--- a/EncryptionTests/FileEncryptionTest.cs
+++ b/EncryptionTests/FileEncryptionTest.cs
 using System.Net;
+using System.Security.Cryptography;
 using Autofac;
 using FitConnect.Encryption;
 using NUnit.Framework;
@@ -12,7 +13,7 @@ public class FileEncryptionTest {

    [SetUp]
    public void Setup() {
-        sourceFile = System.IO.File.ReadAllBytes("./assets/attachment.pdf");
+        sourceFile = RandomNumberGenerator.GetBytes(4096);
        var container = MockContainer.Container.Create();
        var keySet = container.Resolve<KeySet>();
        _encryption = new FitEncryption(keySet, null);

--- a/EncryptionTests/JweTest.cs
+++ b/EncryptionTests/JweTest.cs
+using System;
 using System.Security.Cryptography;
+using System.Text;
 using Autofac;
 using FitConnect;
 using FitConnect.Encryption;
@@ -22,7 +24,7 @@ public class JweTest {
            .CreateLogger<JweTest>();

        _sender = Sender.Create(
-            FitConnectEndpoints.Create(FitConnectEndpoints.EndpointType.Development), 
+            FitConnectEndpoints.Create(FitConnectEndpoints.EndpointType.Development),
            _logger);

        _container = MockContainer.Container.Create();
@@ -45,6 +47,42 @@ public class JweTest {


        // Assert
-        plain.cypher.Should().Be(dummyText);
+        plain.plainText.Should().Be(dummyText);
+    }
+
+    [Test]
+    public void TestJwe_withBytes() {
+        // Arrange
+        var engine = new FitEncryption(_logger) {
+            PublicKeyEncryption = _settings.PublicKeyEncryption,
+            PrivateKeyDecryption = _settings.PrivateKeyDecryption
+        };
+
+        // Act
+        var plainBytes = RandomNumberGenerator.GetBytes(8192);
+        var cypher = engine.Encrypt(plainBytes);
+        var plain = engine.Decrypt(cypher);
+
+
+        // Assert
+        plain.plainBytes.Should().BeEquivalentTo(plainBytes);
+    }
+
+    [Test]
+    public void TestJwe_withBytes2() {
+        // Arrange
+        var engine = new FitEncryption(_logger) {
+            PublicKeyEncryption = _settings.PublicKeyEncryption,
+            PrivateKeyDecryption = _settings.PrivateKeyDecryption
+        };
+
+        // Act
+        var plainBytes = RandomNumberGenerator.GetBytes(512);
+        var cypher = engine.Encrypt(Convert.ToBase64String(plainBytes));
+        var plain = engine.Decrypt(cypher);
+
+
+        // Assert
+        plain.plainText.Should().BeEquivalentTo(Convert.ToBase64String(plainBytes));
    }
 }
--- a/EncryptionTests/SenderEncryptionWithSelfSignedCertificateTest.cs
+++ b/EncryptionTests/SenderEncryptionWithSelfSignedCertificateTest.cs
@@ -58,7 +58,7 @@ public class SenderEncryptionWithSelfSignedCertificateTest {
    [Test]
    [Order(20)]
    public void Decrypt_ResultShouldMatchToEncrypt() {
-        var (result, tag) = _sender.Encryption.Decrypt(cypher!);
+        var (result, _, tag) = _sender.Encryption.Decrypt(cypher!);
        result.Should().Be(ToEncrypt);
    }
 }
--- a/EncryptionTests/SenderEncryptionWithoutCertificateTest.cs
+++ b/EncryptionTests/SenderEncryptionWithoutCertificateTest.cs
@@ -40,7 +40,7 @@ public class SenderEncryptionWithoutCertificateTest {
    [Test]
    [Order(20)]
    public void DecryptData_ShouldMatchToEncrypt() {
-        var (plain, tag) = _sender.Encryption.Decrypt(_cypherText);
+        var (plain,_, tag) = _sender.Encryption.Decrypt(_cypherText);

        plain.Should().Be(ToEncrypt);
    }

--- a/FitConnect/FluentSubscriber.cs
+++ b/FitConnect/FluentSubscriber.cs
@@ -61,12 +61,12 @@ public class FluentSubscriber : Subscriber,
            Authenticate(Owner.ClientId, Owner.ClientSecret);

        var submission = (Submission)SubmissionService.GetSubmission(submissionId);
-        var (metaDataString, metaHash) = Encryption.Decrypt(submission.EncryptedMetadata);
+        var (metaDataString, _, metaHash) = Encryption.Decrypt(submission.EncryptedMetadata);
        submission.Metadata =
            JsonConvert.DeserializeObject<Metadata>(metaDataString);

        if (submission.EncryptedData != null) {
-            var (dataString, dataHash) = Encryption.Decrypt(submission.EncryptedData);
+            var (dataString, _, dataHash) = Encryption.Decrypt(submission.EncryptedData);
            submission.Data =
                JsonConvert.DeserializeObject<Data>(dataString);
        }
@@ -91,10 +91,10 @@ public class FluentSubscriber : Subscriber,
        foreach (var id in Submission!.Attachments.Select(a => a.Id)) {
            var encryptedAttachment = SubmissionService.GetAttachment(Submission.Id, id);

-            var (content, hash) = _encryption.Decrypt(encryptedAttachment);
+            var (_, content, hash) = _encryption.Decrypt(encryptedAttachment);


-            attachments.Add(new Attachment(id, Convert.FromBase64String(content),
+            attachments.Add(new Attachment(id, content,
                Convert.ToBase64String(hash), "dummy.pdf"));
        }