diff --git a/Encryption/FitEncryption.cs b/Encryption/FitEncryption.cs
index 130cf8559c46998e3c4c966ddf2728fa9bfc4662..911a519439260807f2907e49a5d4d89298fe0425 100644
--- a/Encryption/FitEncryption.cs
+++ b/Encryption/FitEncryption.cs
@@ -36,8 +36,8 @@ public class FitEncryption {
PublicKeyEncryption = keySet.PublicKeyEncryption;
PublicKeySignatureVerification = keySet.PublicKeySignatureVerification;
}
-
- public string Decrypt(string cypherText) {
+
+ public (string cypher, byte[] tag) Decrypt(string cypherText) {
if (PrivateKeyDecryption == null) {
throw new InvalidOperationException("PrivateKey is not provided");
}
@@ -50,7 +50,7 @@ public class FitEncryption {
throw new InvalidOperationException("PrivateKey is not provided");
}
- return _encryptor.Encrypt(plain, PrivateKeyDecryption);
+ return _encryptor.Encrypt( PrivateKeyDecryption, plain);
}
public string Encrypt(byte[] plain) {
@@ -58,6 +58,6 @@ public class FitEncryption {
throw new InvalidOperationException("PrivateKey is not provided");
}
- return _encryptor.Encrypt( PrivateKeyDecryption, plain);
+ return _encryptor.Encrypt(PrivateKeyDecryption, plain);
}
}
diff --git a/Encryption/IEncryptor.cs b/Encryption/IEncryptor.cs
index 636d2ae0059e09b515faaf7fa55b778bb388f583..113cf5797062e5e1b7705e58860e773f83a813f5 100644
--- a/Encryption/IEncryptor.cs
+++ b/Encryption/IEncryptor.cs
@@ -7,6 +7,6 @@ namespace FitConnect.Encryption;
public interface IEncryptor {
public string Encrypt(string key, string plain);
- public string Decrypt(string key, string cipher);
+ public (string cypher, byte[] tag) Decrypt(string key, string cipher);
public string Encrypt(string key, byte[] plain);
}
\ No newline at end of file
diff --git a/Encryption/JoseEncryptor.cs b/Encryption/JoseEncryptor.cs
index af23355524218a070ed7bb35c56a094722d5d428..5851f8692801d3bc0248283e63c81436ef418178 100644
--- a/Encryption/JoseEncryptor.cs
+++ b/Encryption/JoseEncryptor.cs
@@ -20,9 +20,9 @@ public class JoseEncryptor : IEncryptor {
return Encrypt(jwk, plain);
}
- public string Decrypt(string key, string cipher) {
+ public (string cypher, byte[] tag) Decrypt(string key, string cipher) {
var jwk = Jwk.FromJson(key, new Jose.JsonMapper());
- return Decrypt(jwk, cipher).cypher;
+ return Decrypt(jwk, cipher);
}
public string Encrypt(string key, byte[] plain) {
diff --git a/EncryptionTests/EncryptionTests.csproj b/EncryptionTests/EncryptionTests.csproj
index 0df409b4aafdadd751a1f5732427b0fd879f436f..6d8174f88ccb083092e02463536a9ca06825099f 100644
--- a/EncryptionTests/EncryptionTests.csproj
+++ b/EncryptionTests/EncryptionTests.csproj
@@ -25,6 +25,7 @@
</ItemGroup>
<ItemGroup>
+ <Folder Include="assets" />
<Folder Include="Certificates" />
</ItemGroup>
diff --git a/EncryptionTests/FileEncryptionTest.cs b/EncryptionTests/FileEncryptionTest.cs
index 76c15b9e58ae6ecac577d26e801433a6ae785b79..75660b832e80c4fce014fe32756148911c9753c3 100644
--- a/EncryptionTests/FileEncryptionTest.cs
+++ b/EncryptionTests/FileEncryptionTest.cs
@@ -8,7 +8,7 @@ namespace SenderTest;
public class FileEncryptionTest {
private byte[] sourceFile = null!;
private FitEncryption _encryption;
- private byte[] _encryptedFile;
+ private string _encryptedFile;
[SetUp]
public void Setup() {
diff --git a/EncryptionTests/JweTest.cs b/EncryptionTests/JweTest.cs
index 0d16ac6994f8395dcd0af03d5aa33f432bec5153..2a52b3b9c4ae5daeba8e26698d229def46d5c525 100644
--- a/EncryptionTests/JweTest.cs
+++ b/EncryptionTests/JweTest.cs
@@ -45,6 +45,6 @@ public class JweTest {
// Assert
- plain.Should().Be(dummyText);
+ plain.cypher.Should().Be(dummyText);
}
}
diff --git a/EncryptionTests/SenderEncryptionWithSelfSignedCertificateTest.cs b/EncryptionTests/SenderEncryptionWithSelfSignedCertificateTest.cs
index 19e25d49934a8f41cdce22b7f95413a39f06747f..47f538176a6503b98122f434f8aa2bb89cc6dbfb 100644
--- a/EncryptionTests/SenderEncryptionWithSelfSignedCertificateTest.cs
+++ b/EncryptionTests/SenderEncryptionWithSelfSignedCertificateTest.cs
@@ -13,7 +13,7 @@ namespace SenderTest;
[Ignore("Encryption strategy does not match the one used on server")]
public class SenderEncryptionWithSelfSignedCertificateTest {
private const string ToEncrypt = "This is a test message";
- private static byte[]? cypher;
+ private static string? cypher;
private X509Certificate2 _certificate = null!;
private ILogger<SenderEncryptionWithSelfSignedCertificateTest> _logger = null!;
private Sender _sender = null!;
@@ -52,16 +52,13 @@ public class SenderEncryptionWithSelfSignedCertificateTest {
public void CryptWithOutPublicKeyImport() {
cypher = _sender.Encryption.Encrypt(Encoding.UTF8.GetBytes(ToEncrypt));
- _logger.LogInformation("Cypher: {}", Convert.ToBase64String(cypher));
+ _logger.LogInformation("Cypher: {}", cypher);
}
[Test]
[Order(20)]
public void Decrypt_ResultShouldMatchToEncrypt() {
- var result = _sender.Encryption.Decrypt(cypher!);
- Encoding.UTF8.GetString(result).Should().Be(ToEncrypt);
+ var (result, tag) = _sender.Encryption.Decrypt(cypher!);
+ result.Should().Be(ToEncrypt);
}
-
-
-
}
diff --git a/EncryptionTests/SenderEncryptionWithoutCertificateTest.cs b/EncryptionTests/SenderEncryptionWithoutCertificateTest.cs
index 2ae2dd76b1e1ef42790a48a21e29fb7a2718deec..a77c902ffd35b534c8e5f02fe535badcd7e12f65 100644
--- a/EncryptionTests/SenderEncryptionWithoutCertificateTest.cs
+++ b/EncryptionTests/SenderEncryptionWithoutCertificateTest.cs
@@ -33,19 +33,15 @@ public class SenderEncryptionWithoutCertificateTest {
[Order(10)]
public void EncryptData_ShouldNotThrowAnyException() {
var cypher = _sender.Encryption.Encrypt(Encoding.UTF8.GetBytes(ToEncrypt));
-
- _cypherText = Convert.ToBase64String(cypher);
- _logger.LogInformation("Cypher: {}", _cypherText);
+ _logger.LogInformation("Cypher: {}", cypher);
}
[Test]
[Order(20)]
public void DecryptData_ShouldMatchToEncrypt() {
- var cypher = Convert.FromBase64String(_cypherText);
- var plain = _sender.Encryption.Decrypt(cypher);
+ var (plain, tag) = _sender.Encryption.Decrypt(_cypherText);
- Encoding.UTF8.GetString(plain).Should().Be(ToEncrypt);
+ plain.Should().Be(ToEncrypt);
}
-
}
diff --git a/FitConnect/FluentSubscriber.cs b/FitConnect/FluentSubscriber.cs
index 60bf3342f2f67d171cbc27fb538cd20ce2413929..86785e23937863d88bd51b2699fe0474f3f83485 100644
--- a/FitConnect/FluentSubscriber.cs
+++ b/FitConnect/FluentSubscriber.cs
@@ -61,15 +61,16 @@ public class FluentSubscriber : Subscriber,
Authenticate(Owner.ClientId, Owner.ClientSecret);
var submission = (Submission)SubmissionService.GetSubmission(submissionId);
- var metaDataString = Encryption.Decrypt(submission.EncryptedMetadata);
- if (metaDataString != null)
- submission.Metadata =
- JsonConvert.DeserializeObject<Metadata>(metaDataString);
+ var (metaDataString, metaHash) = Encryption.Decrypt(submission.EncryptedMetadata);
+ submission.Metadata =
+ JsonConvert.DeserializeObject<Metadata>(metaDataString);
- var dataString = Encryption.Decrypt(submission.EncryptedData);
- if (dataString != null)
+ if (submission.EncryptedData != null) {
+ var (dataString, dataHash) = Encryption.Decrypt(submission.EncryptedData);
submission.Data =
JsonConvert.DeserializeObject<Data>(dataString);
+ }
+
Submission = submission;
return this;
}
@@ -90,13 +91,11 @@ public class FluentSubscriber : Subscriber,
foreach (var id in Submission!.Attachments.Select(a => a.Id)) {
var encryptedAttachment = SubmissionService.GetAttachment(Submission.Id, id);
- var content = _encryption.Decrypt(Convert.FromBase64String(encryptedAttachment));
+ var (content, hash) = _encryption.Decrypt(encryptedAttachment);
- // TODO where do I get the hash from the server to verify the attachment?
- var hash = MD5.Create(HashAlgorithmName.SHA512.ToString())?.ComputeHash(content) ??
- Array.Empty<byte>();
- attachments.Add(new Attachment(id, content, Convert.ToBase64String(hash), "dummy.pdf"));
+ attachments.Add(new Attachment(id, Convert.FromBase64String(content),
+ Convert.ToBase64String(hash), "dummy.pdf"));
}
Submission.Attachments = attachments;
diff --git a/FitConnect/Models/Submission.cs b/FitConnect/Models/Submission.cs
index 57b9642839bf72ba8a96db30a629f1a3469fd95b..59fc2ff95d746798eab27e0355731a82723bcb81 100644
--- a/FitConnect/Models/Submission.cs
+++ b/FitConnect/Models/Submission.cs
@@ -32,8 +32,8 @@ public class Submission {
public Callback? Callback { get; set; }
public Metadata? Metadata { get; set; }
public Data? Data { get; set; }
- public string EncryptedMetadata { get; set; }
- public string EncryptedData { get; set; }
+ public string? EncryptedMetadata { get; set; }
+ public string? EncryptedData { get; set; }
public bool IsSubmissionReadyToAdd(out string? error) {
var innerError = "";