From 86e494e61199dff54cd579c66b8e3dd4888a0ceb Mon Sep 17 00:00:00 2001 From: dbuechel Date: Fri, 15 Feb 2019 15:21:26 +0100 Subject: [PATCH] SEBWIN-296: Discovered and fixed epic bug in SubStream & PasswordEncryption by implementing unit tests for the latter. --- .../Cryptography/PasswordEncryptionTests.cs | 53 +++++++++++++++++++ ...ExamBrowser.Configuration.UnitTests.csproj | 1 + .../Cryptography/PasswordEncryption.cs | 2 +- .../Properties/AssemblyInfo.cs | 2 + SafeExamBrowser.Configuration/SubStream.cs | 2 +- 5 files changed, 58 insertions(+), 2 deletions(-) create mode 100644 SafeExamBrowser.Configuration.UnitTests/Cryptography/PasswordEncryptionTests.cs diff --git a/SafeExamBrowser.Configuration.UnitTests/Cryptography/PasswordEncryptionTests.cs b/SafeExamBrowser.Configuration.UnitTests/Cryptography/PasswordEncryptionTests.cs new file mode 100644 index 00000000..5c402178 --- /dev/null +++ b/SafeExamBrowser.Configuration.UnitTests/Cryptography/PasswordEncryptionTests.cs @@ -0,0 +1,53 @@ +/* + * Copyright (c) 2019 ETH Zürich, Educational Development and Technology (LET) + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +using System.IO; +using System.Text; +using Microsoft.VisualStudio.TestTools.UnitTesting; +using Moq; +using SafeExamBrowser.Configuration.Cryptography; +using SafeExamBrowser.Contracts.Configuration; +using SafeExamBrowser.Contracts.Logging; + +namespace SafeExamBrowser.Configuration.UnitTests.Cryptography +{ + [TestClass] + public class PasswordEncryptionTests + { + private Mock logger; + private PasswordEncryption sut; + + [TestInitialize] + public void Initialize() + { + logger = new Mock(); + sut = new PasswordEncryption(logger.Object); + } + + [TestMethod] + public void MustPerformCorrectly() + { + var password = "test1234"; + var message = Encoding.UTF8.GetBytes("A super secret message!"); + var saveStatus = sut.Encrypt(new MemoryStream(message), password, out var encrypted); + var loadStatus = sut.Decrypt(encrypted, password, out var decrypted); + var original = new MemoryStream(message); + + decrypted.Seek(0, SeekOrigin.Begin); + original.Seek(0, SeekOrigin.Begin); + + while (original.Position < original.Length) + { + Assert.AreEqual(original.ReadByte(), decrypted.ReadByte()); + } + + Assert.AreEqual(SaveStatus.Success, saveStatus); + Assert.AreEqual(LoadStatus.Success, loadStatus); + } + } +} diff --git a/SafeExamBrowser.Configuration.UnitTests/SafeExamBrowser.Configuration.UnitTests.csproj b/SafeExamBrowser.Configuration.UnitTests/SafeExamBrowser.Configuration.UnitTests.csproj index 38af6872..6d7f4ce7 100644 --- a/SafeExamBrowser.Configuration.UnitTests/SafeExamBrowser.Configuration.UnitTests.csproj +++ b/SafeExamBrowser.Configuration.UnitTests/SafeExamBrowser.Configuration.UnitTests.csproj @@ -85,6 +85,7 @@ + diff --git a/SafeExamBrowser.Configuration/Cryptography/PasswordEncryption.cs b/SafeExamBrowser.Configuration/Cryptography/PasswordEncryption.cs index fbdc1c2a..f05082bf 100644 --- a/SafeExamBrowser.Configuration/Cryptography/PasswordEncryption.cs +++ b/SafeExamBrowser.Configuration/Cryptography/PasswordEncryption.cs @@ -127,7 +127,7 @@ namespace SafeExamBrowser.Configuration.Cryptography var hashStream = new SubStream(data, 0, data.Length - originalHmac.Length); var computedHmac = algorithm.ComputeHash(hashStream); - data.Seek(originalHmac.Length, SeekOrigin.End); + data.Seek(-originalHmac.Length, SeekOrigin.End); data.Read(originalHmac, 0, originalHmac.Length); return (originalHmac, computedHmac); diff --git a/SafeExamBrowser.Configuration/Properties/AssemblyInfo.cs b/SafeExamBrowser.Configuration/Properties/AssemblyInfo.cs index 2075433b..3c509876 100644 --- a/SafeExamBrowser.Configuration/Properties/AssemblyInfo.cs +++ b/SafeExamBrowser.Configuration/Properties/AssemblyInfo.cs @@ -1,4 +1,5 @@ using System.Reflection; +using System.Runtime.CompilerServices; using System.Runtime.InteropServices; // General Information about an assembly is controlled through the following @@ -14,6 +15,7 @@ using System.Runtime.InteropServices; // to COM components. If you need to access a type in this assembly from // COM, set the ComVisible attribute to true on that type. [assembly: ComVisible(false)] +[assembly: InternalsVisibleTo("SafeExamBrowser.Configuration.UnitTests")] // The following GUID is for the ID of the typelib if this project is exposed to COM [assembly: Guid("c388c4dd-a159-457d-af92-89f7ad185109")] diff --git a/SafeExamBrowser.Configuration/SubStream.cs b/SafeExamBrowser.Configuration/SubStream.cs index ee67b3a8..3cdda622 100644 --- a/SafeExamBrowser.Configuration/SubStream.cs +++ b/SafeExamBrowser.Configuration/SubStream.cs @@ -119,7 +119,7 @@ namespace SafeExamBrowser.Configuration Position += offset; break; case SeekOrigin.End: - Position = length - offset; + Position = length + offset; break; default: throw new NotImplementedException($"Seeking from position '{origin}' is not implemented!");