Merge pull request #102 from paragonie/test-aad

Add unit tests explicitly convering confused deputy attacks
paragonie · May 10, 2024 · d3cfc61 · d3cfc61
2 parents 1081aeb + 3b9c8bd
commit d3cfc61
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 0 deletions.
diff --git a/tests/EncryptedMultiRowsTest.php b/tests/EncryptedMultiRowsTest.php
@@ -284,6 +284,37 @@ public function engineProvider()
         ];
     }
 
+    /**
+     * @dataProvider engineProvider
+     */
+    public function testFieldsAreNotSwappable(CipherSweet $engine): void
+    {
+        $eR = new EncryptedMultiRows($engine);
+        $eR
+            ->addOptionalTextField('foo', 'field1')
+            ->addOptionalTextField('foo', 'field2');
+
+        $plain = ['foo' => ['field1' => 'example', 'field2' => 'message']];
+        $encrypted = $eR->encryptManyRows($plain);
+        $swapped = [];
+        [$swapped['foo']['field1'], $swapped['foo']['field2']] = [$encrypted['foo']['field2'], $encrypted['foo']['field1']];
+        // Sanity check: Did we actually swap them?
+        $this->assertSame($swapped['foo']['field2'], $encrypted['foo']['field1']);
+        $this->assertSame($swapped['foo']['field1'], $encrypted['foo']['field2']);
+
+        // Is decryption successful still?
+        $decrypted = $eR->decryptManyRows($encrypted);
+        $this->assertSame($plain['foo']['field1'], $decrypted['foo']['field1']);
+        $this->assertSame($plain['foo']['field2'], $decrypted['foo']['field2']);
+
+        // Okay, let's decryptRow() on the swapped values. This must throw.
+        try {
+            $eR->decryptManyRows($swapped);
+            $this->fail('Expected decryptRow() to fail.');
+        } catch (CipherSweetException|SodiumException) {
+        }
+    }
+
     /**
      * @dataProvider engineProvider
      */

diff --git a/tests/EncryptedRowTest.php b/tests/EncryptedRowTest.php
@@ -519,6 +519,37 @@ public function testJsonField(CipherSweet $engine)
         $this->assertSame($plaintext, $eR->decryptRow($some));
     }
 
+    /**
+     * @dataProvider engineProvider
+     */
+    public function testFieldsAreNotSwappable(CipherSweet $engine): void
+    {
+        $eR = new EncryptedRow($engine, 'foo');
+        $eR
+            ->addOptionalTextField('field1')
+            ->addOptionalTextField('field2');
+
+        $plain = ['field1' => 'example', 'field2' => 'message'];
+        $encrypted = $eR->encryptRow($plain);
+        $swapped = [];
+        [$swapped['field1'], $swapped['field2']] = [$encrypted['field2'], $encrypted['field1']];
+        // Sanity check: Did we actually swap them?
+        $this->assertSame($swapped['field2'], $encrypted['field1']);
+        $this->assertSame($swapped['field1'], $encrypted['field2']);
+
+        // Is decryption successful still?
+        $decrypted = $eR->decryptRow($encrypted);
+        $this->assertSame($plain['field1'], $decrypted['field1']);
+        $this->assertSame($plain['field2'], $decrypted['field2']);
+
+        // Okay, let's decryptRow() on the swapped values. This must throw.
+        try {
+            $eR->decryptRow($swapped);
+            $this->fail('Expected decryptRow() to fail.');
+        } catch (CipherSweetException|SodiumException) {
+        }
+    }
+
     /**
      * @dataProvider engineProvider
      */