Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 3.9.x will end* 10 May 2021 (12 months).
  • Bug fixes for security issues in 3.9.x will end* 8 May 2023 (36 months).
  • PHP version: minimum PHP 7.2.0 Note: minimum PHP version has increased since Moodle 3.8. PHP 7.3.x and 7.4.x are supported too.

Differences Between: [Versions 39 and 310] [Versions 39 and 311] [Versions 39 and 400] [Versions 39 and 401] [Versions 39 and 402] [Versions 39 and 403]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Tests for the handling of encrypted contents in backup and restore.
  19   *
  20   * @package core_backup
  21   * @copyright 2016 onwards Eloy Lafuente (stronk7) {@link http://stronk7.com}
  22   * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23   */
  24  
  25  defined('MOODLE_INTERNAL') || die();
  26  
  27  global $CFG;
  28  require_once($CFG->dirroot . '/backup/util/includes/backup_includes.php');
  29  require_once($CFG->dirroot . '/backup/util/includes/restore_includes.php');
  30  require_once($CFG->dirroot . '/backup/moodle2/backup_custom_fields.php');
  31  
  32  class core_backup_encrypted_content_testscase extends advanced_testcase {
  33  
  34      public function setUp() {
  35          if (!function_exists('openssl_encrypt')) {
  36              $this->markTestSkipped('OpenSSL extension is not loaded.');
  37  
  38          } else if (!function_exists('hash_hmac')) {
  39              $this->markTestSkipped('Hash extension is not loaded.');
  40  
  41          } else if (!in_array(backup::CIPHER, openssl_get_cipher_methods())) {
  42              $this->markTestSkipped('Expected cipher not available: ' . backup::CIPHER);
  43          }
  44      }
  45  
  46      public function test_encrypted_final_element() {
  47  
  48          $this->resetAfterTest(true);
  49  
  50          // Some basic verifications.
  51          $efe = new encrypted_final_element('test', array('encrypted'));
  52          $this->assertInstanceOf('encrypted_final_element', $efe);
  53          $this->assertSame('test', $efe->get_name());
  54          $atts = $efe->get_attributes();
  55          $this->assertCount(1, $atts);
  56          $att = reset($atts);
  57          $this->assertInstanceOf('backup_attribute', $att);
  58          $this->assertSame('encrypted', $att->get_name());
  59  
  60          // Using a manually defined (incorrect length) key.
  61          $efe = new encrypted_final_element('test', array('encrypted'));
  62          $key = 'this_in_not_correct_32_byte_key';
  63          try {
  64              set_config('backup_encryptkey', base64_encode($key), 'backup');
  65              $efe->set_value('tiny_secret');
  66              $this->fail('Expecting base_element_struct_exception exception, none happened');
  67          } catch (exception $e) {
  68              $this->assertInstanceOf('base_element_struct_exception', $e);
  69              $this->assertEquals('encrypted_final_element incorrect key length', $e->errorcode);
  70  
  71          }
  72  
  73          // Using a manually defined (correct length) key.
  74          $efe = new encrypted_final_element('test', array('testattr', 'encrypted'));
  75          $key = hash('md5', 'Moodle rocks and this is not secure key, who cares, it is a test');
  76          set_config('backup_encryptkey', base64_encode($key), 'backup');
  77          $this->assertEmpty($efe->get_value());
  78          $secret = 'This is a secret message that nobody else will be able to read but me 💩 ';
  79          $efe->set_value($secret);
  80          $atts = $efe->get_attributes();
  81          $this->assertCount(2, $atts);
  82          $this->assertArrayHasKey('encrypted', $atts); // We added it explicitly.
  83          $this->assertTrue($atts['encrypted']->is_set());
  84          $this->assertSame('true', $atts['encrypted']->get_value());
  85          $this->assertNotEmpty($efe->get_value());
  86          $this->assertTrue($efe->is_set());
  87          // Get the crypted content and decrypt it manually.
  88          $ctext = $efe->get_value();
  89          $hmaclen = 32; // SHA256 is 32 bytes.
  90          $ivlen = openssl_cipher_iv_length(backup::CIPHER);
  91          list($hmac, $iv, $text) = array_values(unpack("a{$hmaclen}hmac/a{$ivlen}iv/a*text", base64_decode($ctext)));
  92          $this->assertSame(hash_hmac('sha256', $iv . $text, $key, true), $hmac);
  93          $this->assertSame($secret, openssl_decrypt($text, backup::CIPHER, $key, OPENSSL_RAW_DATA, $iv));
  94  
  95          // Using the default site-generated key.
  96          $efe = new encrypted_final_element('test', array('testattr'));
  97          $this->assertEmpty($efe->get_value());
  98          $secret = 'This is a secret message that nobody else will be able to read but me 💩 ';
  99          $efe->set_value($secret);
 100          $atts = $efe->get_attributes();
 101          $this->assertCount(2, $atts);
 102          $this->assertArrayHasKey('encrypted', $atts); // Was added automatcally, we did not specify it.
 103          $this->assertTrue($atts['encrypted']->is_set());
 104          $this->assertSame('true', $atts['encrypted']->get_value());
 105          $this->assertNotEmpty($efe->get_value());
 106          $this->assertTrue($efe->is_set());
 107          // Get the crypted content and decrypt it manually.
 108          $ctext = $efe->get_value();
 109          $hmaclen = 32; // SHA256 is 32 bytes.
 110          $ivlen = openssl_cipher_iv_length(backup::CIPHER);
 111          list($hmac, $iv, $text) = array_values(unpack("a{$hmaclen}hmac/a{$ivlen}iv/a*text", base64_decode($ctext)));
 112          $key = base64_decode(get_config('backup', 'backup_encryptkey'));
 113          $this->assertSame(hash_hmac('sha256', $iv . $text, $key, true), $hmac);
 114          $this->assertSame($secret, openssl_decrypt($text, backup::CIPHER, $key, OPENSSL_RAW_DATA, $iv));
 115      }
 116  }