See Release Notes
Long Term Support Release
Differences Between: [Versions 310 and 401] [Versions 39 and 401]
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 namespace core_backup; 18 19 use backup; 20 use base_element_struct_exception; 21 use encrypted_final_element; 22 23 defined('MOODLE_INTERNAL') || die(); 24 25 global $CFG; 26 require_once($CFG->dirroot . '/backup/util/includes/backup_includes.php'); 27 require_once($CFG->dirroot . '/backup/util/includes/restore_includes.php'); 28 require_once($CFG->dirroot . '/backup/moodle2/backup_custom_fields.php'); 29 30 /** 31 * Tests for the handling of encrypted contents in backup and restore. 32 * 33 * @package core_backup 34 * @copyright 2016 onwards Eloy Lafuente (stronk7) {@link http://stronk7.com} 35 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 36 */ 37 class backup_encrypted_content_test extends \advanced_testcase { 38 39 public function setUp(): void { 40 if (!function_exists('openssl_encrypt')) { 41 $this->markTestSkipped('OpenSSL extension is not loaded.'); 42 43 } else if (!function_exists('hash_hmac')) { 44 $this->markTestSkipped('Hash extension is not loaded.'); 45 46 } else if (!in_array(backup::CIPHER, openssl_get_cipher_methods())) { 47 $this->markTestSkipped('Expected cipher not available: ' . backup::CIPHER); 48 } 49 } 50 51 public function test_encrypted_final_element() { 52 53 $this->resetAfterTest(true); 54 55 // Some basic verifications. 56 $efe = new encrypted_final_element('test', array('encrypted')); 57 $this->assertInstanceOf('encrypted_final_element', $efe); 58 $this->assertSame('test', $efe->get_name()); 59 $atts = $efe->get_attributes(); 60 $this->assertCount(1, $atts); 61 $att = reset($atts); 62 $this->assertInstanceOf('backup_attribute', $att); 63 $this->assertSame('encrypted', $att->get_name()); 64 65 // Using a manually defined (incorrect length) key. 66 $efe = new encrypted_final_element('test', array('encrypted')); 67 $key = 'this_in_not_correct_32_byte_key'; 68 try { 69 set_config('backup_encryptkey', base64_encode($key), 'backup'); 70 $efe->set_value('tiny_secret'); 71 $this->fail('Expecting base_element_struct_exception exception, none happened'); 72 } catch (\Exception $e) { 73 $this->assertInstanceOf('base_element_struct_exception', $e); 74 $this->assertEquals('encrypted_final_element incorrect key length', $e->errorcode); 75 76 } 77 78 // Using a manually defined (correct length) key. 79 $efe = new encrypted_final_element('test', array('testattr', 'encrypted')); 80 $key = hash('md5', 'Moodle rocks and this is not secure key, who cares, it is a test'); 81 set_config('backup_encryptkey', base64_encode($key), 'backup'); 82 $this->assertEmpty($efe->get_value()); 83 $secret = 'This is a secret message that nobody else will be able to read but me 💩 '; 84 $efe->set_value($secret); 85 $atts = $efe->get_attributes(); 86 $this->assertCount(2, $atts); 87 $this->assertArrayHasKey('encrypted', $atts); // We added it explicitly. 88 $this->assertTrue($atts['encrypted']->is_set()); 89 $this->assertSame('true', $atts['encrypted']->get_value()); 90 $this->assertNotEmpty($efe->get_value()); 91 $this->assertTrue($efe->is_set()); 92 // Get the crypted content and decrypt it manually. 93 $ctext = $efe->get_value(); 94 $hmaclen = 32; // SHA256 is 32 bytes. 95 $ivlen = openssl_cipher_iv_length(backup::CIPHER); 96 list($hmac, $iv, $text) = array_values(unpack("a{$hmaclen}hmac/a{$ivlen}iv/a*text", base64_decode($ctext))); 97 $this->assertSame(hash_hmac('sha256', $iv . $text, $key, true), $hmac); 98 $this->assertSame($secret, openssl_decrypt($text, backup::CIPHER, $key, OPENSSL_RAW_DATA, $iv)); 99 100 // Using the default site-generated key. 101 $efe = new encrypted_final_element('test', array('testattr')); 102 $this->assertEmpty($efe->get_value()); 103 $secret = 'This is a secret message that nobody else will be able to read but me 💩 '; 104 $efe->set_value($secret); 105 $atts = $efe->get_attributes(); 106 $this->assertCount(2, $atts); 107 $this->assertArrayHasKey('encrypted', $atts); // Was added automatcally, we did not specify it. 108 $this->assertTrue($atts['encrypted']->is_set()); 109 $this->assertSame('true', $atts['encrypted']->get_value()); 110 $this->assertNotEmpty($efe->get_value()); 111 $this->assertTrue($efe->is_set()); 112 // Get the crypted content and decrypt it manually. 113 $ctext = $efe->get_value(); 114 $hmaclen = 32; // SHA256 is 32 bytes. 115 $ivlen = openssl_cipher_iv_length(backup::CIPHER); 116 list($hmac, $iv, $text) = array_values(unpack("a{$hmaclen}hmac/a{$ivlen}iv/a*text", base64_decode($ctext))); 117 $key = base64_decode(get_config('backup', 'backup_encryptkey')); 118 $this->assertSame(hash_hmac('sha256', $iv . $text, $key, true), $hmac); 119 $this->assertSame($secret, openssl_decrypt($text, backup::CIPHER, $key, OPENSSL_RAW_DATA, $iv)); 120 } 121 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body