From 16b702c464ab72f2d72a29560aa5ac8213d9e1e9 Mon Sep 17 00:00:00 2001 From: Darrick Joo Date: Wed, 15 Oct 2025 10:44:00 +0200 Subject: [PATCH 1/2] Fix test --- .../src/RSATest.Codeunit.al | 38 +++++++++++++++++-- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/src/System Application/Test/Cryptography Management/src/RSATest.Codeunit.al b/src/System Application/Test/Cryptography Management/src/RSATest.Codeunit.al index 3878668c68..2fd1ab6f3b 100644 --- a/src/System Application/Test/Cryptography Management/src/RSATest.Codeunit.al +++ b/src/System Application/Test/Cryptography Management/src/RSATest.Codeunit.al @@ -222,14 +222,19 @@ codeunit 132617 "RSA Test" EncryptingOutStream: OutStream; EncryptedInStream: InStream; EncryptedOutStream: OutStream; + DecryptedInStream: InStream; DecryptedOutStream: OutStream; + PlainText: Text; + DecryptedText: Text; + DecryptionFailed: Boolean; begin // [SCENARIO] Decrypt text encrypted with use of PKCS#1 padding, using OAEP padding. + // [SCENARIO] Due to random padding, decryption may occasionally not throw but returns garbage data. Initialize(); // [GIVEN] With RSA pair of keys, plain text and encryption stream EncryptingTempBlob.CreateOutStream(EncryptingOutStream); - SaveRandomTextToOutStream(EncryptingOutStream); + PlainText := SaveRandomTextToOutStream(EncryptingOutStream); EncryptingTempBlob.CreateInStream(EncryptingInStream); EncryptedTempBlob.CreateOutStream(EncryptedOutStream); RSA.Encrypt(PrivateKeyXmlStringSecret, EncryptingInStream, false, EncryptedOutStream); @@ -237,7 +242,14 @@ codeunit 132617 "RSA Test" // [WHEN] Decrypt encrypted text stream using OAEP Padding DecryptingTempBlob.CreateOutStream(DecryptedOutStream); - asserterror RSA.Decrypt(PrivateKeyXmlStringSecret, EncryptedInStream, true, DecryptedOutStream); + DecryptionFailed := not TryDecrypt(RSA, PrivateKeyXmlStringSecret, EncryptedInStream, true, DecryptedOutStream); + + // [THEN] Either decryption fails with an exception, or the decrypted text is garbage (not equal to plaintext) + if not DecryptionFailed then begin + DecryptingTempBlob.CreateInStream(DecryptedInStream); + DecryptedText := Base64Convert.FromBase64(Base64Convert.ToBase64(DecryptedInStream)); + LibraryAssert.AreNotEqual(PlainText, DecryptedText, 'Decryption with wrong padding should fail or return garbage data.'); + end; end; [Test] @@ -251,14 +263,19 @@ codeunit 132617 "RSA Test" EncryptingOutStream: OutStream; EncryptedInStream: InStream; EncryptedOutStream: OutStream; + DecryptedInStream: InStream; DecryptedOutStream: OutStream; + PlainText: Text; + DecryptedText: Text; + DecryptionFailed: Boolean; begin // [SCENARIO] Decrypt text encrypted with use of OAEP padding, using PKCS#1 padding. + // [SCENARIO] Due to random padding, decryption may occasionally not throw but returns garbage data. Initialize(); // [GIVEN] With RSA pair of keys, plain text, padding and encryption stream EncryptingTempBlob.CreateOutStream(EncryptingOutStream); - SaveRandomTextToOutStream(EncryptingOutStream); + PlainText := SaveRandomTextToOutStream(EncryptingOutStream); EncryptingTempBlob.CreateInStream(EncryptingInStream); EncryptedTempBlob.CreateOutStream(EncryptedOutStream); RSA.Encrypt(PrivateKeyXmlStringSecret, EncryptingInStream, true, EncryptedOutStream); @@ -266,7 +283,20 @@ codeunit 132617 "RSA Test" // [WHEN] Decrypt encrypted text stream using PKCS#1 padding. DecryptingTempBlob.CreateOutStream(DecryptedOutStream); - asserterror RSA.Decrypt(PrivateKeyXmlStringSecret, EncryptedInStream, false, DecryptedOutStream); + DecryptionFailed := not TryDecrypt(RSA, PrivateKeyXmlStringSecret, EncryptedInStream, false, DecryptedOutStream); + + // [THEN] Either decryption fails with an exception, or the decrypted text is garbage (not equal to plaintext) + if not DecryptionFailed then begin + DecryptingTempBlob.CreateInStream(DecryptedInStream); + DecryptedText := Base64Convert.FromBase64(Base64Convert.ToBase64(DecryptedInStream)); + LibraryAssert.AreNotEqual(PlainText, DecryptedText, 'Decryption with wrong padding should fail or return garbage data.'); + end; + end; + + [TryFunction] + local procedure TryDecrypt(RSA: Codeunit RSA; XmlString: SecretText; EncryptedInStream: InStream; OaepPadding: Boolean; DecryptedOutStream: OutStream) + begin + RSA.Decrypt(XmlString, EncryptedInStream, OaepPadding, DecryptedOutStream); end; local procedure SaveRandomTextToOutStream(OutStream: OutStream) PlainText: Text From 06c2e7bc0da83ce84ff5412715fe5dec922f46f1 Mon Sep 17 00:00:00 2001 From: Darrick Joo Date: Tue, 9 Dec 2025 11:17:04 +0100 Subject: [PATCH 2/2] Fix comments --- .../src/RSATest.Codeunit.al | 24 ++++++++++++------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/src/System Application/Test/Cryptography Management/src/RSATest.Codeunit.al b/src/System Application/Test/Cryptography Management/src/RSATest.Codeunit.al index 151a07ab10..49f660a2b5 100644 --- a/src/System Application/Test/Cryptography Management/src/RSATest.Codeunit.al +++ b/src/System Application/Test/Cryptography Management/src/RSATest.Codeunit.al @@ -242,14 +242,15 @@ codeunit 132617 "RSA Test" // [WHEN] Decrypt encrypted text stream using OAEP Padding DecryptingTempBlob.CreateOutStream(DecryptedOutStream); - DecryptionFailed := not TryDecrypt(RSA, PrivateKeyXmlStringSecret, EncryptedInStream, true, DecryptedOutStream); + DecryptionFailed := not TryDecryptWithOaepPadding(RSA, PrivateKeyXmlStringSecret, EncryptedInStream, DecryptedOutStream); // [THEN] Either decryption fails with an exception, or the decrypted text is garbage (not equal to plaintext) if not DecryptionFailed then begin DecryptingTempBlob.CreateInStream(DecryptedInStream); DecryptedText := Base64Convert.FromBase64(Base64Convert.ToBase64(DecryptedInStream)); - LibraryAssert.AreNotEqual(PlainText, DecryptedText, 'Decryption with wrong padding should fail or return garbage data.'); - end; + LibraryAssert.AreNotEqual(PlainText, DecryptedText, 'Decryption failed with garbage data.'); + end else + LibraryAssert.IsTrue(DecryptionFailed, 'Decryption failed with wrong padding.'); end; [Test] @@ -283,20 +284,27 @@ codeunit 132617 "RSA Test" // [WHEN] Decrypt encrypted text stream using PKCS#1 padding. DecryptingTempBlob.CreateOutStream(DecryptedOutStream); - DecryptionFailed := not TryDecrypt(RSA, PrivateKeyXmlStringSecret, EncryptedInStream, false, DecryptedOutStream); + DecryptionFailed := not TryDecrypt(RSA, PrivateKeyXmlStringSecret, EncryptedInStream, DecryptedOutStream); // [THEN] Either decryption fails with an exception, or the decrypted text is garbage (not equal to plaintext) if not DecryptionFailed then begin DecryptingTempBlob.CreateInStream(DecryptedInStream); DecryptedText := Base64Convert.FromBase64(Base64Convert.ToBase64(DecryptedInStream)); - LibraryAssert.AreNotEqual(PlainText, DecryptedText, 'Decryption with wrong padding should fail or return garbage data.'); - end; + LibraryAssert.AreNotEqual(PlainText, DecryptedText, 'Decryption failed with garbage data.'); + end else + LibraryAssert.IsTrue(DecryptionFailed, 'Decryption failed with wrong padding.'); end; [TryFunction] - local procedure TryDecrypt(RSA: Codeunit RSA; XmlString: SecretText; EncryptedInStream: InStream; OaepPadding: Boolean; DecryptedOutStream: OutStream) + local procedure TryDecryptWithOaepPadding(RSA: Codeunit RSA; XmlString: SecretText; EncryptedInStream: InStream; DecryptedOutStream: OutStream) begin - RSA.Decrypt(XmlString, EncryptedInStream, OaepPadding, DecryptedOutStream); + RSA.Decrypt(XmlString, EncryptedInStream, true, DecryptedOutStream); + end; + + [TryFunction] + local procedure TryDecrypt(RSA: Codeunit RSA; XmlString: SecretText; EncryptedInStream: InStream; DecryptedOutStream: OutStream) + begin + RSA.Decrypt(XmlString, EncryptedInStream, false, DecryptedOutStream); end; local procedure SaveRandomTextToOutStream(OutStream: OutStream) PlainText: Text