public void TestEncryptedField() { KeyStorage.Shared.ClearKeys(); Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", null); Environment.SetEnvironmentVariable("MORPHIC_HASH_SALT_PRIMARY", "SALT1:361e665ef378ab06031806469b7879bd"); var keyName = "TEST_KEY"; var keyData = "8C532F0C2CCE7AF471111285340B6353FCB327DF9AB9F0121731F403E3FFDC7C"; Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", $"{keyName}:{keyData}"); Assert.Equal(KeyStorage.HexStringToBytes(keyData), KeyStorage.Shared.GetPrimary().KeyData); string plainText = "thequickbrownfoxjumpedoverthelazydog"; var encryptedField = AssertProperlyEncrypted(keyName, plainText); string decryptedText = encryptedField.Decrypt(); Assert.Equal(plainText, decryptedText); var otherEncryptedField = EncryptedField.FromCombinedString(encryptedField.ToCombinedString()); decryptedText = otherEncryptedField.Decrypt(); Assert.Equal(plainText, decryptedText); AssertProperlyEncrypted(keyName, ""); }
public void TestKeyLoading() { KeyStorage.Shared.ClearKeys(); Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", null); var oddKeyName = "ODD_NUMBER_LETTERS"; var oddKeyData = "123"; Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", $"{oddKeyName}:{oddKeyData}"); Assert.Throws <KeyStorage.HexStringFormatException>(() => KeyStorage.Shared.GetPrimary()); Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", null); var badKeyName = "BAD_KEY"; var badKeyData = "ThisIsNotAKey/1234"; Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", $"{badKeyName}:{badKeyData}"); Assert.Throws <KeyStorage.HexStringFormatException>(() => KeyStorage.Shared.GetKey(badKeyName)); Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", null); Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", $"{badKeyData}"); Assert.Throws <KeyStorage.BadKeyFormat>(() => KeyStorage.Shared.GetKey(badKeyName)); Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", null); var keyName = "TEST_KEY"; var keyData = "8C532F0C2CCE7AF471111285340B6353FCB327DF9AB9F0121731F403E3FFDC7C"; Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", $"{keyName}:{keyData}"); var rolloverKeyName1 = "SomeKey"; var rolloverKeyData1 = "12FE1D86B4849B34FC1C950E671284BC30DA751E3331C0F36F15F7F51C7922D8"; var rolloverKeyName2 = "SomeKey2"; var rolloverKeyData2 = "05A2D69574BE13264E1BAB68453CBCF99A7A5C88243807613C8184BE38115BB9"; Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_ROLLOVER_1", $"{rolloverKeyName1}:{rolloverKeyData1}"); Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_ROLLOVER_2", $"{rolloverKeyName2}:{rolloverKeyData2}"); Environment.SetEnvironmentVariable("MORPHIC_HASH_SALT_PRIMARY", "SALT1:361e665ef378ab06031806469b7879bd"); // success: make sure we get the primary back var key = KeyStorage.Shared.GetKey(keyName); Assert.Equal(KeyStorage.HexStringToBytes(keyData), key.KeyData); Assert.True(key.IsPrimary); key = KeyStorage.Shared.GetKey(rolloverKeyName1); Assert.Equal(KeyStorage.HexStringToBytes(rolloverKeyData1), key.KeyData); Assert.False(key.IsPrimary); key = KeyStorage.Shared.GetKey(rolloverKeyName2); Assert.Equal(KeyStorage.HexStringToBytes(rolloverKeyData2), key.KeyData); Assert.False(key.IsPrimary); Assert.Throws <KeyStorage.KeyNotFoundException>(() => KeyStorage.Shared.GetKey("Unknown_key")); }
public void TestRolloverEncryption() { KeyStorage.Shared.ClearKeys(); Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", null); Environment.SetEnvironmentVariable("MORPHIC_HASH_SALT_PRIMARY", "SALT1:361e665ef378ab06031806469b7879bd"); string plainText = "thequickbrownfoxjumpedoverthelazydog"; string plainText_1 = "thequickbrownfoxjumpedoverthelazydog_1"; string plainText_2 = "thequickbrownfoxjumpedoverthelazydog_2"; var keyName = "TEST_KEY"; var keyData = "8C532F0C2CCE7AF471111285340B6353FCB327DF9AB9F0121731F403E3FFDC7C"; var rolloverKeyName1 = "SomeKey"; var rolloverKeyData1 = "12FE1D86B4849B34FC1C950E671284BC30DA751E3331C0F36F15F7F51C7922D8"; var rolloverKeyName2 = "SomeKey2"; var rolloverKeyData2 = "05A2D69574BE13264E1BAB68453CBCF99A7A5C88243807613C8184BE38115BB9"; // First, let's start encrypting with a future rollover key. Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", $"{rolloverKeyName2}:{rolloverKeyData2}"); Assert.Equal(KeyStorage.HexStringToBytes(rolloverKeyData2), KeyStorage.Shared.GetPrimary().KeyData); var encryptedFieldRoll2 = AssertProperlyEncrypted(rolloverKeyName2, plainText_2); string decryptedText = encryptedFieldRoll2.Decrypt(); Assert.Equal(plainText_2, decryptedText); // we move the previous key to rollover KeyStorage.Shared.ClearKeys(); Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", $"{rolloverKeyName1}:{rolloverKeyData1}"); Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_ROLLOVER_1", $"{rolloverKeyName2}:{rolloverKeyData2}"); Assert.Equal(KeyStorage.HexStringToBytes(rolloverKeyData1), KeyStorage.Shared.GetPrimary().KeyData); Assert.Equal(KeyStorage.HexStringToBytes(rolloverKeyData2), KeyStorage.Shared.GetKey(rolloverKeyName2).KeyData); var encryptedFieldRoll1 = AssertProperlyEncrypted(rolloverKeyName1, plainText_1); decryptedText = encryptedFieldRoll1.Decrypt(); Assert.Equal(plainText_1, decryptedText); // when decrypting, the key used is no longer the primary. decryptedText = encryptedFieldRoll2.Decrypt(); Assert.Equal(plainText_2, decryptedText); // now we switch to the 'new' primary key, and other rollovers KeyStorage.Shared.ClearKeys(); Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_ROLLOVER_1", $"{rolloverKeyName1}:{rolloverKeyData1}"); Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_ROLLOVER_2", $"{rolloverKeyName2}:{rolloverKeyData2}"); Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", $"{keyName}:{keyData}"); Assert.Equal(KeyStorage.HexStringToBytes(keyData), KeyStorage.Shared.GetPrimary().KeyData); Assert.Equal(KeyStorage.HexStringToBytes(rolloverKeyData1), KeyStorage.Shared.GetKey(rolloverKeyName1).KeyData); Assert.Equal(KeyStorage.HexStringToBytes(rolloverKeyData2), KeyStorage.Shared.GetKey(rolloverKeyName2).KeyData); var encryptedField = AssertProperlyEncrypted(keyName, plainText); decryptedText = encryptedField.Decrypt(); Assert.Equal(plainText, decryptedText); decryptedText = encryptedFieldRoll1.Decrypt(); Assert.Equal(plainText_1, decryptedText); decryptedText = encryptedFieldRoll2.Decrypt(); Assert.Equal(plainText_2, decryptedText); }