[77] Improve test suite for RSAEncrypter/Decrypter #81
Conversation
* master: [79] Set deployment target to 10.0 and update project settings (#80)
Tests/RSADecrypterTests.swift
Outdated
| let cipherTextBase64URL = "YkzUN55RBG1igsrL-7ofPPWruTjxNMS3Bl1_a3i-dVKBjiN6kH88j8G3iB3eLWFxbiKZvx0LmkP7J65-frpOgF41SlltjJ62LEZOICm4q21Q4MNqL_Vf7kIjh8DziEJkElEz5W4flhI6YQ-9wW_PQ-coBIPIZiFlw6peKAolz8xcevbUmnqIH6A3hOFLK23J2cWDSWgxHEBIYtZ6whQCJYL4vq5lAFNaEoDaE_cgL6LItY4t-vR1exTJSOlCGAv4uM1Kelk6uitaFk2c0h79u3UpFN_wa02m_PPdgTguRdxwRsCpsQhOKmEakl8LR6NTbIrdB13UoL2tdybltVeUCw" | ||
| let cipherTextWithAliceKeyBase64URL = "RHLdaxC52ve0icBLGh9Xn_jNoV3uJlEuLRer8_7OOqY2QCGdWPb8OiuxxjEep8okfvlrw_eheEll6v8xdjpzP2zopVEBoNZ9J8BDKL1Y-tTi176jlGXBXKJdRitsp14sVHx7x-dW9FjiOHEn_CSm3bM2THAJOEtjjeF6vRvxpGxm1KruTbtZ37VTl-vM-e4STda5dCanRPKFemDPYQvjUAF_wuE-P-UeE0fpxDceuCRN3C-H8LL9TIrSETRV_CzPVf6Ki9zJpaZQAnqZh5ix0KhaHFMawV7TJetcKPbCzEHbxAF5ib16mxKFc5Th3QFS3eRKYxjaEdciXWVMCrGfXQ" | ||
| let cipherTextWithBobKeyBase64URL = "TwSS87gjm4cbFbda5klqW_Io2oCoo2zAxWJaU6L1jAeGEoL6u1Gw7vPdEzGGNvUliqsdBBCe8yQhnft9nqIZ9CD7enfVz6tFWvEJuVZbhy0eZad_LLFBFm8eDEgmlw7n7nAZxeww0WloffMmK6GPUE5SjQSWjCRAYA9xwacbxM8shH6hIwpelwV3f-QJr6M_hoAVkiqZJ2tFfiEciPhVVuqNZxxudMxaNj-bWfSipwh2T11kxYQD3EdVR4MDkyxz2JTUQc20OIf_F4WwQXJlbVNLTs4miDKHmw7Ddd45D2DJs_nH-bMQK8b6iH3nke15arP23rozuagF4SHhenApPw" | ||
| let cipherTextWithAliceKeyEmptyStringBase64URL = "hyOA/tmOclFkj31UPrRb1EnaRMhR5VZg5TrUyfLMtCUlh3grAva0+sSjqt6zSlWK06A6zUieV69aLRbJ0ZactTTqX2CFrhiZ5nUXhzuUya83VKBI0xrGkpQ8u1y2Iqgb+gbWsFJdJ41cSpZXRpc16Hhd3klTp7YydYZQUG//PLM5bn359kqpT8meJdGqTceehVxmdqTpVwukh/uqLOE8CBCrT7D/2t18mzApGpm/Su4bVbZggJ5g9MRPSnwgq1GjKNcMa1PKd+/OWB/rIeDmorT8dLrusGeLbwFCj1HEz4z5izamiBiyPh96G0m4ZhPtVhR4Fo3ARj9C037GroDQ2w==" |
There was a problem hiding this comment.
Is this base64URL? 🤔 I guess the padding(==) and the / isn't 😁
There was a problem hiding this comment.
Nope, you're right. It's not base64url. @gigi-mohemian you can quickly convert it online here or by hand replace all / with _, all + with - and remove the trailing ==.
Or you just remove the URL from the variable name. 😄
There was a problem hiding this comment.
Are the cipher texts are generated by openssl?
I know the original string was a nastly long thing as well, but now that we started touching the tests again, what do you think of staying below 120 characters per line (if possible). With strings its kind of easy to use Swift's multiline string literals:
e.g.:
let cipherText = """
asdf\
jklö
""" 
.gitignore
Outdated
| @@ -101,3 +101,4 @@ fastlane/test_output | |||
|
|
|||
| .idea/ | |||
| sonar-reports/ | |||
| /JOSESwift.xcworkspace/xcshareddata | |||
Tests/RSADecrypterTests.swift
Outdated
| let cipherTextBase64URL = "YkzUN55RBG1igsrL-7ofPPWruTjxNMS3Bl1_a3i-dVKBjiN6kH88j8G3iB3eLWFxbiKZvx0LmkP7J65-frpOgF41SlltjJ62LEZOICm4q21Q4MNqL_Vf7kIjh8DziEJkElEz5W4flhI6YQ-9wW_PQ-coBIPIZiFlw6peKAolz8xcevbUmnqIH6A3hOFLK23J2cWDSWgxHEBIYtZ6whQCJYL4vq5lAFNaEoDaE_cgL6LItY4t-vR1exTJSOlCGAv4uM1Kelk6uitaFk2c0h79u3UpFN_wa02m_PPdgTguRdxwRsCpsQhOKmEakl8LR6NTbIrdB13UoL2tdybltVeUCw" | ||
| let cipherTextWithAliceKeyBase64URL = "RHLdaxC52ve0icBLGh9Xn_jNoV3uJlEuLRer8_7OOqY2QCGdWPb8OiuxxjEep8okfvlrw_eheEll6v8xdjpzP2zopVEBoNZ9J8BDKL1Y-tTi176jlGXBXKJdRitsp14sVHx7x-dW9FjiOHEn_CSm3bM2THAJOEtjjeF6vRvxpGxm1KruTbtZ37VTl-vM-e4STda5dCanRPKFemDPYQvjUAF_wuE-P-UeE0fpxDceuCRN3C-H8LL9TIrSETRV_CzPVf6Ki9zJpaZQAnqZh5ix0KhaHFMawV7TJetcKPbCzEHbxAF5ib16mxKFc5Th3QFS3eRKYxjaEdciXWVMCrGfXQ" | ||
| let cipherTextWithBobKeyBase64URL = "TwSS87gjm4cbFbda5klqW_Io2oCoo2zAxWJaU6L1jAeGEoL6u1Gw7vPdEzGGNvUliqsdBBCe8yQhnft9nqIZ9CD7enfVz6tFWvEJuVZbhy0eZad_LLFBFm8eDEgmlw7n7nAZxeww0WloffMmK6GPUE5SjQSWjCRAYA9xwacbxM8shH6hIwpelwV3f-QJr6M_hoAVkiqZJ2tFfiEciPhVVuqNZxxudMxaNj-bWfSipwh2T11kxYQD3EdVR4MDkyxz2JTUQc20OIf_F4WwQXJlbVNLTs4miDKHmw7Ddd45D2DJs_nH-bMQK8b6iH3nke15arP23rozuagF4SHhenApPw" | ||
| let cipherTextWithAliceKeyEmptyStringBase64URL = "hyOA/tmOclFkj31UPrRb1EnaRMhR5VZg5TrUyfLMtCUlh3grAva0+sSjqt6zSlWK06A6zUieV69aLRbJ0ZactTTqX2CFrhiZ5nUXhzuUya83VKBI0xrGkpQ8u1y2Iqgb+gbWsFJdJ41cSpZXRpc16Hhd3klTp7YydYZQUG//PLM5bn359kqpT8meJdGqTceehVxmdqTpVwukh/uqLOE8CBCrT7D/2t18mzApGpm/Su4bVbZggJ5g9MRPSnwgq1GjKNcMa1PKd+/OWB/rIeDmorT8dLrusGeLbwFCj1HEz4z5izamiBiyPh96G0m4ZhPtVhR4Fo3ARj9C037GroDQ2w==" |
There was a problem hiding this comment.
Nope, you're right. It's not base64url. @gigi-mohemian you can quickly convert it online here or by hand replace all / with _, all + with - and remove the trailing ==.
Or you just remove the URL from the variable name. 😄
Tests/RSADecrypterTests.swift
Outdated
| let cipherTextBase64URL = "YkzUN55RBG1igsrL-7ofPPWruTjxNMS3Bl1_a3i-dVKBjiN6kH88j8G3iB3eLWFxbiKZvx0LmkP7J65-frpOgF41SlltjJ62LEZOICm4q21Q4MNqL_Vf7kIjh8DziEJkElEz5W4flhI6YQ-9wW_PQ-coBIPIZiFlw6peKAolz8xcevbUmnqIH6A3hOFLK23J2cWDSWgxHEBIYtZ6whQCJYL4vq5lAFNaEoDaE_cgL6LItY4t-vR1exTJSOlCGAv4uM1Kelk6uitaFk2c0h79u3UpFN_wa02m_PPdgTguRdxwRsCpsQhOKmEakl8LR6NTbIrdB13UoL2tdybltVeUCw" | ||
| let cipherTextWithAliceKeyBase64URL = "RHLdaxC52ve0icBLGh9Xn_jNoV3uJlEuLRer8_7OOqY2QCGdWPb8OiuxxjEep8okfvlrw_eheEll6v8xdjpzP2zopVEBoNZ9J8BDKL1Y-tTi176jlGXBXKJdRitsp14sVHx7x-dW9FjiOHEn_CSm3bM2THAJOEtjjeF6vRvxpGxm1KruTbtZ37VTl-vM-e4STda5dCanRPKFemDPYQvjUAF_wuE-P-UeE0fpxDceuCRN3C-H8LL9TIrSETRV_CzPVf6Ki9zJpaZQAnqZh5ix0KhaHFMawV7TJetcKPbCzEHbxAF5ib16mxKFc5Th3QFS3eRKYxjaEdciXWVMCrGfXQ" | ||
| let cipherTextWithBobKeyBase64URL = "TwSS87gjm4cbFbda5klqW_Io2oCoo2zAxWJaU6L1jAeGEoL6u1Gw7vPdEzGGNvUliqsdBBCe8yQhnft9nqIZ9CD7enfVz6tFWvEJuVZbhy0eZad_LLFBFm8eDEgmlw7n7nAZxeww0WloffMmK6GPUE5SjQSWjCRAYA9xwacbxM8shH6hIwpelwV3f-QJr6M_hoAVkiqZJ2tFfiEciPhVVuqNZxxudMxaNj-bWfSipwh2T11kxYQD3EdVR4MDkyxz2JTUQc20OIf_F4WwQXJlbVNLTs4miDKHmw7Ddd45D2DJs_nH-bMQK8b6iH3nke15arP23rozuagF4SHhenApPw" | ||
| let cipherTextWithAliceKeyEmptyStringBase64URL = "hyOA/tmOclFkj31UPrRb1EnaRMhR5VZg5TrUyfLMtCUlh3grAva0+sSjqt6zSlWK06A6zUieV69aLRbJ0ZactTTqX2CFrhiZ5nUXhzuUya83VKBI0xrGkpQ8u1y2Iqgb+gbWsFJdJ41cSpZXRpc16Hhd3klTp7YydYZQUG//PLM5bn359kqpT8meJdGqTceehVxmdqTpVwukh/uqLOE8CBCrT7D/2t18mzApGpm/Su4bVbZggJ5g9MRPSnwgq1GjKNcMa1PKd+/OWB/rIeDmorT8dLrusGeLbwFCj1HEz4z5izamiBiyPh96G0m4ZhPtVhR4Fo3ARj9C037GroDQ2w==" |
There was a problem hiding this comment.
Are the cipher texts are generated by openssl?
I know the original string was a nastly long thing as well, but now that we started touching the tests again, what do you think of staying below 120 characters per line (if possible). With strings its kind of easy to use Swift's multiline string literals:
e.g.:
let cipherText = """
asdf\
jklö
"""
Tests/RSADecrypterTests.swift
Outdated
|
|
||
| XCTAssertEqual(plainText, message.data(using: .utf8)) | ||
| } | ||
|
|
||
| func testDecryptingAliceSecretWithBobKey() { |
|
Thanks for the review guys! Will update the PR 🔜 |
|
@carol-mohemian @daniel-mohemian I addressed the issues mentioned. Please have a look again 👍 |
Tests/RSADecrypterTests.swift
Outdated
| -H8LL9TIrSETRV_CzPVf6Ki9zJpaZQAnqZh5ix0KhaHFMawV7TJetcKPbCzEHbxAF5ib16mxKFc5Th3QFS3eRKYxjaEdciXWVMCrGfXQ | ||
| """ | ||
|
|
||
| let cipherTextWithBobKeyBase64 = """ |
There was a problem hiding this comment.
Hmm, now this is a little confusing, why is cipherTextWithBobKeyBase64 and cipherTextWithAliceKeyBase64base64URL andcipherTextWithAliceKeyEmptyStringBase64` "only" base64?
There was a problem hiding this comment.
Ah damn, you're right. I'll clean this up asap.
There was a problem hiding this comment.
It's base64 encoded now.
printf "The true sign of intelligence is not knowledge but imagination." | openssl rsautl -encrypt -pubin -inkey alice.pub.pem -out >(base64)
|
@gigi-mohemian Any updates on this? 😉 |
|
Sorry this took so long @daniel-mohemian @carol-mohemian ⏳ The tests for RSA encryption/decryption should be fine now, I re-created the cipher texts using Alice's and Bob's keys from scratch using I'd like to do additional tests for AES and for the signer/verifier, but I think it's best to do it in another PR. Please have another look and let me know what you think 😘 |
|
Nice stuff @gigi-mohemian 😍 One small thing: We encountered that the plainText/cipherTextTooLong/short stuff is a little tricky. Could you maybe add another test which has not 0 and 300 but more like 255, 256, 257 length? Does this make sense? |
There was a problem hiding this comment.
Nice stiff @gigi-mohemian!
I agree with @carol-mohemian, some edge case tests for the RSA plaintext length and ciphertext length would be awesome.
For RSA1_5 , the plaintext length should satisfy mLen <= k - 11 where mLen is the plaintext length in bytes, and k is the modulus length in bytes. For 2048 bit keys, k is 256.
The ciphertext length should satisfy C == k.
Please double check those values in the linked RFC, though. 😄
* master: [87] Implement direct encryption and symmetric JWKs (#92) # Conflicts: # .gitignore # Tests/JWERSATests.swift
|
I agree as well! 😄 Double-checked the RFC and updated the tests. Added the following: Encryption:
Decryption:
|
| XCTAssertThrowsError(try decrypter.decrypt(testMessage)) { (error: Error) in | ||
| // Should throw "decryption failed", but | ||
| // should _not_ throw cipherTextLenghtNotSatisfied | ||
| XCTAssertNotEqual(error as? RSAError, RSAError.cipherTextLenghtNotSatisfied) |
There was a problem hiding this comment.
This test will fail as soon as #96 is done 🤔
|
|
||
| let decrypter = RSADecrypter(algorithm: .RSA1_5, privateKey: privateKeyAlice2048!) | ||
| XCTAssertThrowsError(try decrypter.decrypt(testMessage)) { (error: Error) in | ||
| XCTAssertEqual(error as? RSAError, RSAError.cipherTextLenghtNotSatisfied) |
There was a problem hiding this comment.
Same #96 (just to give a heads up)
ghost
mentioned this pull request
ghost
mentioned this pull request
Resolves part of issue #77 by extending the RSA encrypter/decrypter test suite.
The test keypair is extended into a set of two keypairs, one for
Aliceand one forBob. Additional tests are added to test encryption and decryption of payloads with these keys. Some tests are added for specific error cases, i.e. trying to decrypt with the wrong key.Looking forward to your comments! 💻 👀