From f46a79fa63d1108d40bebeac812ccbd5255e6fb7 Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <sebastian.stenzel@gmail.com>
Date: Sat, 2 Jan 2016 14:40:17 +0100
Subject: [PATCH] Added test for AuthenticationFailedException during filename
 decryption

---
 .../engine/AuthenticationFailedException.java   | 17 +++++++++++++++++
 .../crypto/engine/CryptoException.java          |  8 ++------
 .../engine/impl/FifoParallelDataProcessor.java  |  2 +-
 .../crypto/engine/impl/FilenameCryptorImpl.java |  5 ++---
 .../impl/FifoParallelDataProcessorTest.java     |  2 +-
 .../engine/impl/FileContentCryptorTest.java     |  2 +-
 .../engine/impl/FilenameCryptorImplTest.java    | 14 ++++++++++++++
 7 files changed, 38 insertions(+), 12 deletions(-)
 create mode 100644 main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/AuthenticationFailedException.java

diff --git a/main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/AuthenticationFailedException.java b/main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/AuthenticationFailedException.java
new file mode 100644
index 000000000..e2ddaaf4f
--- /dev/null
+++ b/main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/AuthenticationFailedException.java
@@ -0,0 +1,17 @@
+/*******************************************************************************
+ * Copyright (c) 2016 Sebastian Stenzel and others.
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ *
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ *******************************************************************************/
+package org.cryptomator.crypto.engine;
+
+public class AuthenticationFailedException extends CryptoException {
+
+	public AuthenticationFailedException(String message, Throwable cause) {
+		super(message, cause);
+	}
+
+}
diff --git a/main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/CryptoException.java b/main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/CryptoException.java
index a1edd5565..5f8c97c05 100644
--- a/main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/CryptoException.java
+++ b/main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/CryptoException.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2015 Sebastian Stenzel and others.
+ * Copyright (c) 2016 Sebastian Stenzel and others.
  * This file is licensed under the terms of the MIT license.
  * See the LICENSE.txt file for more info.
  *
@@ -8,11 +8,7 @@
  *******************************************************************************/
 package org.cryptomator.crypto.engine;
 
-import java.io.IOException;
-
-public class CryptoException extends IOException {
-
-	private static final long serialVersionUID = -6536997506620449023L;
+abstract class CryptoException extends RuntimeException {
 
 	public CryptoException(String message, Throwable cause) {
 		super(message, cause);
diff --git a/main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/impl/FifoParallelDataProcessor.java b/main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/impl/FifoParallelDataProcessor.java
index c31f36eb6..bec284230 100644
--- a/main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/impl/FifoParallelDataProcessor.java
+++ b/main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/impl/FifoParallelDataProcessor.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2015 Sebastian Stenzel and others.
+ * Copyright (c) 2015, 2016 Sebastian Stenzel and others.
  * This file is licensed under the terms of the MIT license.
  * See the LICENSE.txt file for more info.
  *
diff --git a/main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/impl/FilenameCryptorImpl.java b/main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/impl/FilenameCryptorImpl.java
index fdf573413..693419269 100644
--- a/main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/impl/FilenameCryptorImpl.java
+++ b/main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/impl/FilenameCryptorImpl.java
@@ -8,7 +8,6 @@
  *******************************************************************************/
 package org.cryptomator.crypto.engine.impl;
 
-import java.io.UncheckedIOException;
 import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
@@ -18,7 +17,7 @@ import javax.crypto.SecretKey;
 
 import org.apache.commons.codec.binary.Base32;
 import org.apache.commons.codec.binary.BaseNCodec;
-import org.cryptomator.crypto.engine.CryptoException;
+import org.cryptomator.crypto.engine.AuthenticationFailedException;
 import org.cryptomator.crypto.engine.FilenameCryptor;
 import org.cryptomator.siv.SivMode;
 
@@ -58,7 +57,7 @@ class FilenameCryptorImpl implements FilenameCryptor {
 			final byte[] cleartextBytes = AES_SIV.decrypt(encryptionKey, macKey, encryptedBytes);
 			return new String(cleartextBytes, StandardCharsets.UTF_8);
 		} catch (AEADBadTagException e) {
-			throw new UncheckedIOException(new CryptoException("Authentication failed.", e));
+			throw new AuthenticationFailedException("Authentication failed.", e);
 		}
 	}
 
diff --git a/main/filesystem-crypto/src/test/java/org/cryptomator/crypto/engine/impl/FifoParallelDataProcessorTest.java b/main/filesystem-crypto/src/test/java/org/cryptomator/crypto/engine/impl/FifoParallelDataProcessorTest.java
index 652fe479a..0314ef7ae 100644
--- a/main/filesystem-crypto/src/test/java/org/cryptomator/crypto/engine/impl/FifoParallelDataProcessorTest.java
+++ b/main/filesystem-crypto/src/test/java/org/cryptomator/crypto/engine/impl/FifoParallelDataProcessorTest.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2015 Sebastian Stenzel and others.
+ * Copyright (c) 2015, 2016 Sebastian Stenzel and others.
  * This file is licensed under the terms of the MIT license.
  * See the LICENSE.txt file for more info.
  *
diff --git a/main/filesystem-crypto/src/test/java/org/cryptomator/crypto/engine/impl/FileContentCryptorTest.java b/main/filesystem-crypto/src/test/java/org/cryptomator/crypto/engine/impl/FileContentCryptorTest.java
index a0bca22c1..ce815dffd 100644
--- a/main/filesystem-crypto/src/test/java/org/cryptomator/crypto/engine/impl/FileContentCryptorTest.java
+++ b/main/filesystem-crypto/src/test/java/org/cryptomator/crypto/engine/impl/FileContentCryptorTest.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2015 Sebastian Stenzel and others.
+ * Copyright (c) 2015, 2016 Sebastian Stenzel and others.
  * This file is licensed under the terms of the MIT license.
  * See the LICENSE.txt file for more info.
  *
diff --git a/main/filesystem-crypto/src/test/java/org/cryptomator/crypto/engine/impl/FilenameCryptorImplTest.java b/main/filesystem-crypto/src/test/java/org/cryptomator/crypto/engine/impl/FilenameCryptorImplTest.java
index f0ef516f7..b069da2c8 100644
--- a/main/filesystem-crypto/src/test/java/org/cryptomator/crypto/engine/impl/FilenameCryptorImplTest.java
+++ b/main/filesystem-crypto/src/test/java/org/cryptomator/crypto/engine/impl/FilenameCryptorImplTest.java
@@ -9,11 +9,13 @@
 package org.cryptomator.crypto.engine.impl;
 
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
 import java.util.UUID;
 
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
 
+import org.cryptomator.crypto.engine.AuthenticationFailedException;
 import org.cryptomator.crypto.engine.FilenameCryptor;
 import org.junit.Assert;
 import org.junit.Test;
@@ -62,4 +64,16 @@ public class FilenameCryptorImplTest {
 		}
 	}
 
+	@Test(expected = AuthenticationFailedException.class)
+	public void testDecryptionOfManipulatedFilename() {
+		final byte[] keyBytes = new byte[32];
+		final SecretKey encryptionKey = new SecretKeySpec(keyBytes, "AES");
+		final SecretKey macKey = new SecretKeySpec(keyBytes, "AES");
+		final FilenameCryptor filenameCryptor = new FilenameCryptorImpl(encryptionKey, macKey);
+
+		final byte[] encrypted = filenameCryptor.encryptFilename("test").getBytes(StandardCharsets.UTF_8);
+		encrypted[0] ^= (byte) 0x01; // change 1 bit in first byte
+		filenameCryptor.decryptFilename(new String(encrypted, StandardCharsets.UTF_8));
+	}
+
 }