Merge pull request #1522 from chief-micco/new-interfaces

Adding new async interfaces for future use

Author: aka-bo

csharp/AppEncryption/AppEncryption.Tests/AppEncryption/Envelope/EnvelopeEncryptionBytesImplTest.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Collections.Immutable;
+using System.Threading.Tasks;
 using GoDaddy.Asherah.AppEncryption.Envelope;
 using Microsoft.Extensions.Logging;
 using Moq;
@@ -36,6 +37,20 @@ public void TestDecryptDataRowRecord()
             Assert.Equal(expectedBytes, actualBytes);
         }
 
+        [Fact]
+        public async Task TestDecryptDataRowRecordAsync()
+        {
+            byte[] expectedBytes = { 0, 1 };
+
+            envelopeEncryptionJsonImplMock.Setup(x => x.DecryptDataRowRecord(It.IsAny<JObject>()))
+                .Returns(expectedBytes);
+
+            ImmutableDictionary<string, string> immutableDictionary = new Dictionary<string, string> { { "key", "value" } }.ToImmutableDictionary();
+            byte[] dataRowRecordBytes = new Asherah.AppEncryption.Util.Json(JObject.FromObject(immutableDictionary)).ToUtf8();
+            byte[] actualBytes = await envelopeEncryptionBytesImpl.DecryptDataRowRecordAsync(dataRowRecordBytes);
+            Assert.Equal(expectedBytes, actualBytes);
+        }
+
         [Fact]
         public void TestEncryptPayload()
         {
@@ -49,6 +64,19 @@ public void TestEncryptPayload()
             Assert.Equal(expectedBytes, actualResult);
         }
 
+        [Fact]
+        public async Task TestEncryptPayloadAsync()
+        {
+            ImmutableDictionary<string, string> immutableDictionary = new Dictionary<string, string> { { "key", "value" } }.ToImmutableDictionary();
+            JObject dataRowRecord = JObject.FromObject(immutableDictionary);
+            byte[] expectedBytes = { 123, 34, 107, 101, 121, 34, 58, 34, 118, 97, 108, 117, 101, 34, 125 };
+
+            envelopeEncryptionJsonImplMock.Setup(x => x.EncryptPayload(It.IsAny<byte[]>())).Returns(dataRowRecord);
+
+            byte[] actualResult = await envelopeEncryptionBytesImpl.EncryptPayloadAsync(new byte[] { 0, 1 });
+            Assert.Equal(expectedBytes, actualResult);
+        }
+
         [Fact]
         public void TestDisposeSuccess()
         {

csharp/AppEncryption/AppEncryption.Tests/AppEncryption/Envelope/EnvelopeEncryptionJsonImplTest.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Text;
+using System.Threading.Tasks;
 using GoDaddy.Asherah.AppEncryption.Envelope;
 using GoDaddy.Asherah.AppEncryption.Exceptions;
 using GoDaddy.Asherah.AppEncryption.Kms;
@@ -100,6 +101,33 @@ private void TestDecryptDataRowRecordWithParentKeyMetaShouldSucceed()
             aeadEnvelopeCryptoMock.Verify(x => x.EnvelopeDecrypt(encryptedData, dataRowKey.EncryptedKey, dataRowKey.Created, intermediateCryptoKeyMock.Object));
         }
 
+        [Fact]
+        private async Task TestDecryptDataRowRecordAsyncWithParentKeyMetaShouldSucceed()
+        {
+            KeyMeta intermediateKeyMeta = new KeyMeta(partition.IntermediateKeyId, ikDateTime);
+            EnvelopeKeyRecord dataRowKey = new EnvelopeKeyRecord(drkDateTime, intermediateKeyMeta, new byte[] { 0, 1, 2, 3 });
+            byte[] encryptedData = { 4, 5, 6, 7 };
+
+            JObject dataRowRecord = JObject.FromObject(new Dictionary<string, object>
+            {
+                { "Key", dataRowKey.ToJson() },
+                { "Data", Convert.ToBase64String(encryptedData) },
+            });
+
+            envelopeEncryptionJsonImplSpy.Setup(x => x.WithIntermediateKeyForRead(intermediateKeyMeta, It.IsAny<Func<CryptoKey, byte[]>>()))
+                .Returns<KeyMeta, Func<CryptoKey, byte[]>>((keyMeta, functionWithIntermediateKey) => functionWithIntermediateKey(intermediateCryptoKeyMock.Object));
+
+            byte[] expectedDecryptedPayload = { 11, 12, 13, 14 };
+            aeadEnvelopeCryptoMock
+                .Setup(x => x.EnvelopeDecrypt(
+                    encryptedData, dataRowKey.EncryptedKey, dataRowKey.Created, intermediateCryptoKeyMock.Object))
+                .Returns(expectedDecryptedPayload);
+
+            byte[] actualDecryptedPayload = await envelopeEncryptionJsonImplSpy.Object.DecryptDataRowRecordAsync(dataRowRecord);
+            Assert.Equal(expectedDecryptedPayload, actualDecryptedPayload);
+            aeadEnvelopeCryptoMock.Verify(x => x.EnvelopeDecrypt(encryptedData, dataRowKey.EncryptedKey, dataRowKey.Created, intermediateCryptoKeyMock.Object));
+        }
+
         [Fact]
         private void TestDecryptDataRowRecordWithInvalidParentKeyMetaShouldFail()
         {
@@ -138,22 +166,22 @@ private void TestEncryptPayload()
             intermediateCryptoKeyMock.Setup(x => x.GetCreated()).Returns(ikDateTime);
 
             envelopeEncryptionJsonImplSpy
-                .Setup(x => x.WithIntermediateKeyForWrite(It.IsAny<Func<CryptoKey, EnvelopeEncryptResult>>()))
-                .Returns<Func<CryptoKey, EnvelopeEncryptResult>>(functionWithIntermediateKey =>
+                .Setup(x => x.WithIntermediateKeyForWrite(It.IsAny<Func<CryptoKey, EnvelopeEncryptResult<KeyMeta>>>()))
+                .Returns<Func<CryptoKey, EnvelopeEncryptResult<KeyMeta>>>(functionWithIntermediateKey =>
                     functionWithIntermediateKey(intermediateCryptoKeyMock.Object));
 
             byte[] decryptedPayload = Encoding.Unicode.GetBytes("somepayload");
             KeyMeta intermediateKeyMeta = new KeyMeta(partition.IntermediateKeyId, ikDateTime);
             byte[] encryptedPayload = { 0, 1, 2, 3 };
             byte[] encryptedKey = { 4, 5, 6, 7 };
-            EnvelopeEncryptResult envelopeEncryptResult = new EnvelopeEncryptResult
+            EnvelopeEncryptResult<KeyMeta> envelopeEncryptResult = new EnvelopeEncryptResult<KeyMeta>
             {
                 CipherText = encryptedPayload,
                 EncryptedKey = encryptedKey,
                 UserState = intermediateKeyMeta,
             };
             aeadEnvelopeCryptoMock
-                .Setup(x => x.EnvelopeEncrypt(decryptedPayload, intermediateCryptoKeyMock.Object, intermediateKeyMeta))
+                .Setup(x => x.EnvelopeEncrypt<KeyMeta>(decryptedPayload, intermediateCryptoKeyMock.Object, intermediateKeyMeta))
                 .Returns(envelopeEncryptResult);
 
             EnvelopeKeyRecord expectedDataRowKey = new EnvelopeKeyRecord(drkDateTime, intermediateKeyMeta, encryptedKey);
@@ -175,6 +203,49 @@ private void TestEncryptPayload()
                 actualDataRowRecord.GetValue("Key").ToObject<JObject>().GetValue("ParentKeyMeta").ToObject<JObject>()));
         }
 
+        [Fact]
+        private async Task TestEncryptPayloadAsync()
+        {
+            intermediateCryptoKeyMock.Setup(x => x.GetCreated()).Returns(ikDateTime);
+
+            envelopeEncryptionJsonImplSpy
+                .Setup(x => x.WithIntermediateKeyForWrite(It.IsAny<Func<CryptoKey, EnvelopeEncryptResult<KeyMeta>>>()))
+                .Returns<Func<CryptoKey, EnvelopeEncryptResult<KeyMeta>>>(functionWithIntermediateKey =>
+                    functionWithIntermediateKey(intermediateCryptoKeyMock.Object));
+
+            byte[] decryptedPayload = Encoding.Unicode.GetBytes("somepayload");
+            KeyMeta intermediateKeyMeta = new KeyMeta(partition.IntermediateKeyId, ikDateTime);
+            byte[] encryptedPayload = { 0, 1, 2, 3 };
+            byte[] encryptedKey = { 4, 5, 6, 7 };
+            EnvelopeEncryptResult<KeyMeta> envelopeEncryptResult = new EnvelopeEncryptResult<KeyMeta>
+            {
+                CipherText = encryptedPayload,
+                EncryptedKey = encryptedKey,
+                UserState = intermediateKeyMeta,
+            };
+            aeadEnvelopeCryptoMock
+                .Setup(x => x.EnvelopeEncrypt<KeyMeta>(decryptedPayload, intermediateCryptoKeyMock.Object, intermediateKeyMeta))
+                .Returns(envelopeEncryptResult);
+
+            EnvelopeKeyRecord expectedDataRowKey = new EnvelopeKeyRecord(drkDateTime, intermediateKeyMeta, encryptedKey);
+            JObject expectedDataRowRecord = JObject.FromObject(new Dictionary<string, object>
+            {
+                { "Key", expectedDataRowKey.ToJson() },
+                { "Data", Convert.ToBase64String(encryptedPayload) },
+            });
+
+            JObject actualDataRowRecord = await envelopeEncryptionJsonImplSpy.Object.EncryptPayloadAsync(decryptedPayload);
+
+            // Asserting individual fields as work-around to hard-coding DateTimeOffset.UtcNow usage
+            Assert.Equal(expectedDataRowRecord.GetValue("Data").ToObject<string>(), actualDataRowRecord.GetValue("Data").ToObject<string>());
+            Assert.Equal(
+                expectedDataRowRecord.GetValue("Key").ToObject<JObject>().GetValue("Key").ToString(),
+                actualDataRowRecord.GetValue("Key").ToObject<JObject>().GetValue("Key").ToString());
+            Assert.True(JToken.DeepEquals(
+                expectedDataRowRecord.GetValue("Key").ToObject<JObject>().GetValue("ParentKeyMeta").ToObject<JObject>(),
+                actualDataRowRecord.GetValue("Key").ToObject<JObject>().GetValue("ParentKeyMeta").ToObject<JObject>()));
+        }
+
         [Fact]
         private void TestDisposeSuccess()
         {

csharp/AppEncryption/AppEncryption.Tests/AppEncryption/Kms/AwsKeyManagementServiceImplTest.cs

@@ -125,6 +125,45 @@ public void TestDecryptKeySuccessful()
             Assert.Equal(cryptoKeyMock.Object, actualCryptoKey);
         }
 
+        [Fact]
+        public async Task TestDecryptKeyAsyncSuccessful()
+        {
+            byte[] encryptedKey = { 0, 1 };
+            byte[] kmsKeyEncryptionKey = { 2, 3 };
+
+            JObject kmsKeyEnvelopeTest = JObject.FromObject(new Dictionary<string, object>
+            {
+                { EncryptedKey, Convert.ToBase64String(encryptedKey) },
+                {
+                    KmsKeksKey, new List<Dictionary<string, object>>
+                    {
+                        new Dictionary<string, object>
+                        {
+                            { RegionKey, UsWest1 },
+                            { ArnKey, ArnUsWest1 },
+                            { EncryptedKek, Convert.ToBase64String(kmsKeyEncryptionKey) },
+                        },
+                    }
+                },
+            });
+
+            DateTimeOffset now = DateTimeOffset.UtcNow;
+            bool revoked = false;
+            awsKeyManagementServiceImplSpy
+                .Setup(x => x.DecryptKmsEncryptedKey(
+                    amazonKeyManagementServiceClientMock.Object,
+                    encryptedKey,
+                    now,
+                    kmsKeyEncryptionKey,
+                    revoked))
+                .Returns(cryptoKeyMock.Object);
+
+            CryptoKey actualCryptoKey = await awsKeyManagementServiceImplSpy.Object.DecryptKeyAsync(
+                    new Asherah.AppEncryption.Util.Json(kmsKeyEnvelopeTest).ToUtf8(), now, revoked);
+            Assert.Equal(cryptoKeyMock.Object, actualCryptoKey);
+        }
+
+
         [Fact]
         public void TestDecryptKeyWithMissingRegionInPayloadShouldSkipAndSucceed()
         {
@@ -516,6 +555,83 @@ public void TestEncryptKeySuccessful()
             }
         }
 
+        [Fact]
+        public async Task TestEncryptKeyAsyncSuccessful()
+        {
+            byte[] encryptedKey = { 3, 4 };
+            byte[] dataKeyPlainText = { 1, 2 };
+            byte[] dataKeyCipherText = { 5, 6 };
+            byte[] encryptKeyCipherText = { 7, 8 };
+
+            JObject encryptKeyAndBuildResultJson = JObject.FromObject(new Dictionary<string, object>
+            {
+                { RegionKey, UsEast1 },
+                { ArnKey, ArnUsEast1 },
+                { EncryptedKek, Convert.ToBase64String(encryptKeyCipherText) },
+            });
+
+            JObject kmsKeyEnvelope = JObject.FromObject(new Dictionary<string, object>
+            {
+                { EncryptedKey, Convert.ToBase64String(encryptedKey) },
+                {
+                    KmsKeksKey, new List<object>
+                    {
+                        new Dictionary<string, object>
+                        {
+                            { RegionKey, UsWest1 },
+                            { ArnKey, ArnUsWest1 },
+                            { EncryptedKek, Convert.ToBase64String(dataKeyCipherText) },
+                        },
+                        encryptKeyAndBuildResultJson,
+                    }
+                },
+            });
+            GenerateDataKeyResponse generateDataKeyResult = new GenerateDataKeyResponse
+            {
+                Plaintext = new MemoryStream(dataKeyPlainText, 0, dataKeyPlainText.Length, true, true),
+                CiphertextBlob = new MemoryStream(dataKeyCipherText, 0, dataKeyCipherText.Length, true, true),
+            };
+
+            Mock<CryptoKey> generatedDataKeyCryptoKey = new Mock<CryptoKey>();
+            string keyId = ArnUsWest1;
+
+            string outKeyId = keyId;
+            awsKeyManagementServiceImplSpy
+                .Setup(x => x.GenerateDataKey(
+                    It.IsAny<OrderedDictionary>(),
+                    out outKeyId))
+                .Returns(generateDataKeyResult);
+            cryptoMock.Setup(x => x.GenerateKeyFromBytes(generateDataKeyResult.Plaintext.ToArray()))
+                .Returns(generatedDataKeyCryptoKey.Object);
+            cryptoMock.Setup(x => x.EncryptKey(cryptoKeyMock.Object, generatedDataKeyCryptoKey.Object))
+                .Returns(encryptedKey);
+            awsKeyManagementServiceImplSpy.Setup(x =>
+                    x.EncryptKeyAndBuildResult(
+                        It.IsAny<IAmazonKeyManagementService>(),
+                        UsEast1,
+                        ArnUsEast1,
+                        dataKeyPlainText))
+                .Returns(Option<JObject>.Some(encryptKeyAndBuildResultJson));
+
+            byte[] encryptedResult = await awsKeyManagementServiceImplSpy.Object.EncryptKeyAsync(cryptoKeyMock.Object);
+            JObject kmsKeyEnvelopeResult = new Asherah.AppEncryption.Util.Json(encryptedResult).ToJObject();
+
+            Assert.Equal(new byte[] { 0, 0 }, dataKeyPlainText);
+
+            // This is a workaround for https://github.com/JamesNK/Newtonsoft.Json/issues/1437
+            // If DeepEquals fails due to mismatching array order, compare the elements individually
+            if (!JToken.DeepEquals(kmsKeyEnvelope, kmsKeyEnvelopeResult))
+            {
+                JArray kmsKeyEnvelopeKmsKeks = JArray.FromObject(kmsKeyEnvelope[KmsKeksKey]
+                    .OrderBy(k => k[RegionKey]));
+                JArray kmsKeyEnvelopeResultKmsKeks = JArray.FromObject(kmsKeyEnvelopeResult[KmsKeksKey]
+                    .OrderBy(k => k[RegionKey]));
+
+                Assert.True(JToken.DeepEquals(kmsKeyEnvelope[EncryptedKey], kmsKeyEnvelopeResult[EncryptedKey]));
+                Assert.True(JToken.DeepEquals(kmsKeyEnvelopeKmsKeks, kmsKeyEnvelopeResultKmsKeks));
+            }
+        }
+
         [Fact]
         public void TestEncryptKeyShouldThrowExceptionAndWipeBytes()
         {

csharp/AppEncryption/AppEncryption.Tests/Crypto/Envelope/AeadEnvelopeCryptoTest.cs

@@ -85,10 +85,10 @@ private void TestEnvelopeEncrypt()
             aeadEnvelopeCryptoMock.Setup(x => x.EncryptKey(keyMock.Object, keyEncryptionKey.Object))
                 .Returns(expectedEncryptedKey);
             aeadEnvelopeCryptoMock.Setup(x => x.GenerateKey()).Returns(keyMock.Object);
-            aeadEnvelopeCryptoMock.Setup(x => x.EnvelopeEncrypt(expectedPlainText, keyEncryptionKey.Object, null))
+            aeadEnvelopeCryptoMock.Setup(x => x.EnvelopeEncrypt<object>(expectedPlainText, keyEncryptionKey.Object, null))
                 .CallBase();
 
-            EnvelopeEncryptResult result = aeadEnvelopeCryptoMock.Object.EnvelopeEncrypt(expectedPlainText, keyEncryptionKey.Object, null);
+            EnvelopeEncryptResult<object> result = aeadEnvelopeCryptoMock.Object.EnvelopeEncrypt<object>(expectedPlainText, keyEncryptionKey.Object, null);
             Assert.Equal(expectedCipherText, result.CipherText);
             Assert.Equal(expectedEncryptedKey, result.EncryptedKey);
             Assert.Null(result.UserState);
@@ -99,11 +99,11 @@ private void TestEnvelopeEncrypt()
         private void TestEnvelopeEncryptWithTwoParams()
         {
             byte[] encryptedKey = { 0, 1, 2, 3, 4, 5, 6, 7, 8 };
-            aeadEnvelopeCryptoMock.Setup(x => x.EnvelopeEncrypt(
+            aeadEnvelopeCryptoMock.Setup(x => x.EnvelopeEncrypt<object>(
                 encryptedKey, keyEncryptionKey.Object)).CallBase();
 
-            aeadEnvelopeCryptoMock.Object.EnvelopeEncrypt(encryptedKey, keyEncryptionKey.Object);
-            aeadEnvelopeCryptoMock.Verify(x => x.EnvelopeEncrypt(encryptedKey, keyEncryptionKey.Object, null));
+            aeadEnvelopeCryptoMock.Object.EnvelopeEncrypt<object>(encryptedKey, keyEncryptionKey.Object);
+            aeadEnvelopeCryptoMock.Verify(x => x.EnvelopeEncrypt<object>(encryptedKey, keyEncryptionKey.Object, null));
         }
 
         [Fact]

csharp/AppEncryption/AppEncryption.Tests/GlobalSuppressions.cs

@@ -7,3 +7,4 @@
 
 [assembly: SuppressMessage("Design", "CA2201:Do not raise reserved exception types", Justification = "Test methods may use SystemException for testing purposes", Scope = "module")]
 [assembly: SuppressMessage("Design", "CA1816:Call GC.SuppressFinalize correctly", Justification = "Test classes do not need to call GC.SuppressFinalize.")]
+[assembly: SuppressMessage("Naming", "CA1707:Identifiers should not contain underscores", Justification = "Test method names commonly use underscores for readability", Scope = "module")]

csharp/AppEncryption/AppEncryption/Envelope/EnvelopeEncryptionBytesImpl.cs

@@ -1,5 +1,6 @@
 using System;
 using System.Runtime.CompilerServices;
+using System.Threading.Tasks;
 using GoDaddy.Asherah.AppEncryption.Util;
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json.Linq;
@@ -69,5 +70,17 @@ public virtual byte[] EncryptPayload(byte[] payload)
             Json drrJson = new Json(envelopeEncryptionJson.EncryptPayload(payload));
             return drrJson.ToUtf8();
         }
+
+        /// <inheritdoc/>
+        public virtual async Task<byte[]> DecryptDataRowRecordAsync(byte[] dataRowRecord)
+        {
+            return await Task.FromResult(DecryptDataRowRecord(dataRowRecord));
+        }
+
+        /// <inheritdoc/>
+        public virtual async Task<byte[]> EncryptPayloadAsync(byte[] payload)
+        {
+            return await Task.FromResult(EncryptPayload(payload));
+        }
     }
 }