public void TestEncryptedField()
{
KeyStorage.Shared.ClearKeys();
Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", null);
Environment.SetEnvironmentVariable("MORPHIC_HASH_SALT_PRIMARY", "SALT1:361e665ef378ab06031806469b7879bd");
var keyName = "TEST_KEY";
var keyData = "8C532F0C2CCE7AF471111285340B6353FCB327DF9AB9F0121731F403E3FFDC7C";
Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", $"{keyName}:{keyData}");
Assert.Equal(KeyStorage.HexStringToBytes(keyData), KeyStorage.Shared.GetPrimary().KeyData);
string plainText = "thequickbrownfoxjumpedoverthelazydog";
var encryptedField = AssertProperlyEncrypted(keyName, plainText);
string decryptedText = encryptedField.Decrypt();
Assert.Equal(plainText, decryptedText);
var otherEncryptedField = EncryptedField.FromCombinedString(encryptedField.ToCombinedString());
decryptedText = otherEncryptedField.Decrypt();
Assert.Equal(plainText, decryptedText);
AssertProperlyEncrypted(keyName, "");
}
public void TestKeyLoading()
{
KeyStorage.Shared.ClearKeys();
Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", null);
var oddKeyName = "ODD_NUMBER_LETTERS";
var oddKeyData = "123";
Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", $"{oddKeyName}:{oddKeyData}");
Assert.Throws <KeyStorage.HexStringFormatException>(() => KeyStorage.Shared.GetPrimary());
Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", null);
var badKeyName = "BAD_KEY";
var badKeyData = "ThisIsNotAKey/1234";
Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", $"{badKeyName}:{badKeyData}");
Assert.Throws <KeyStorage.HexStringFormatException>(() => KeyStorage.Shared.GetKey(badKeyName));
Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", null);
Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", $"{badKeyData}");
Assert.Throws <KeyStorage.BadKeyFormat>(() => KeyStorage.Shared.GetKey(badKeyName));
Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", null);
var keyName = "TEST_KEY";
var keyData = "8C532F0C2CCE7AF471111285340B6353FCB327DF9AB9F0121731F403E3FFDC7C";
Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", $"{keyName}:{keyData}");
var rolloverKeyName1 = "SomeKey";
var rolloverKeyData1 = "12FE1D86B4849B34FC1C950E671284BC30DA751E3331C0F36F15F7F51C7922D8";
var rolloverKeyName2 = "SomeKey2";
var rolloverKeyData2 = "05A2D69574BE13264E1BAB68453CBCF99A7A5C88243807613C8184BE38115BB9";
Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_ROLLOVER_1", $"{rolloverKeyName1}:{rolloverKeyData1}");
Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_ROLLOVER_2", $"{rolloverKeyName2}:{rolloverKeyData2}");
Environment.SetEnvironmentVariable("MORPHIC_HASH_SALT_PRIMARY", "SALT1:361e665ef378ab06031806469b7879bd");
// success: make sure we get the primary back
var key = KeyStorage.Shared.GetKey(keyName);
Assert.Equal(KeyStorage.HexStringToBytes(keyData), key.KeyData);
Assert.True(key.IsPrimary);
key = KeyStorage.Shared.GetKey(rolloverKeyName1);
Assert.Equal(KeyStorage.HexStringToBytes(rolloverKeyData1), key.KeyData);
Assert.False(key.IsPrimary);
key = KeyStorage.Shared.GetKey(rolloverKeyName2);
Assert.Equal(KeyStorage.HexStringToBytes(rolloverKeyData2), key.KeyData);
Assert.False(key.IsPrimary);
Assert.Throws <KeyStorage.KeyNotFoundException>(() => KeyStorage.Shared.GetKey("Unknown_key"));
}
public void TestRolloverEncryption()
{
KeyStorage.Shared.ClearKeys();
Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", null);
Environment.SetEnvironmentVariable("MORPHIC_HASH_SALT_PRIMARY", "SALT1:361e665ef378ab06031806469b7879bd");
string plainText = "thequickbrownfoxjumpedoverthelazydog";
string plainText_1 = "thequickbrownfoxjumpedoverthelazydog_1";
string plainText_2 = "thequickbrownfoxjumpedoverthelazydog_2";
var keyName = "TEST_KEY";
var keyData = "8C532F0C2CCE7AF471111285340B6353FCB327DF9AB9F0121731F403E3FFDC7C";
var rolloverKeyName1 = "SomeKey";
var rolloverKeyData1 = "12FE1D86B4849B34FC1C950E671284BC30DA751E3331C0F36F15F7F51C7922D8";
var rolloverKeyName2 = "SomeKey2";
var rolloverKeyData2 = "05A2D69574BE13264E1BAB68453CBCF99A7A5C88243807613C8184BE38115BB9";
// First, let's start encrypting with a future rollover key.
Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", $"{rolloverKeyName2}:{rolloverKeyData2}");
Assert.Equal(KeyStorage.HexStringToBytes(rolloverKeyData2), KeyStorage.Shared.GetPrimary().KeyData);
var encryptedFieldRoll2 = AssertProperlyEncrypted(rolloverKeyName2, plainText_2);
string decryptedText = encryptedFieldRoll2.Decrypt();
Assert.Equal(plainText_2, decryptedText);
// we move the previous key to rollover
KeyStorage.Shared.ClearKeys();
Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", $"{rolloverKeyName1}:{rolloverKeyData1}");
Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_ROLLOVER_1", $"{rolloverKeyName2}:{rolloverKeyData2}");
Assert.Equal(KeyStorage.HexStringToBytes(rolloverKeyData1), KeyStorage.Shared.GetPrimary().KeyData);
Assert.Equal(KeyStorage.HexStringToBytes(rolloverKeyData2), KeyStorage.Shared.GetKey(rolloverKeyName2).KeyData);
var encryptedFieldRoll1 = AssertProperlyEncrypted(rolloverKeyName1, plainText_1);
decryptedText = encryptedFieldRoll1.Decrypt();
Assert.Equal(plainText_1, decryptedText);
// when decrypting, the key used is no longer the primary.
decryptedText = encryptedFieldRoll2.Decrypt();
Assert.Equal(plainText_2, decryptedText);
// now we switch to the 'new' primary key, and other rollovers
KeyStorage.Shared.ClearKeys();
Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_ROLLOVER_1", $"{rolloverKeyName1}:{rolloverKeyData1}");
Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_ROLLOVER_2", $"{rolloverKeyName2}:{rolloverKeyData2}");
Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", $"{keyName}:{keyData}");
Assert.Equal(KeyStorage.HexStringToBytes(keyData), KeyStorage.Shared.GetPrimary().KeyData);
Assert.Equal(KeyStorage.HexStringToBytes(rolloverKeyData1), KeyStorage.Shared.GetKey(rolloverKeyName1).KeyData);
Assert.Equal(KeyStorage.HexStringToBytes(rolloverKeyData2), KeyStorage.Shared.GetKey(rolloverKeyName2).KeyData);
var encryptedField = AssertProperlyEncrypted(keyName, plainText);
decryptedText = encryptedField.Decrypt();
Assert.Equal(plainText, decryptedText);
decryptedText = encryptedFieldRoll1.Decrypt();
Assert.Equal(plainText_1, decryptedText);
decryptedText = encryptedFieldRoll2.Decrypt();
Assert.Equal(plainText_2, decryptedText);
}