Skip to content

Test encryption and decryption flows #23

New issue
New issue
Open
Open
Test encryption and decryption flows#23
@c0d3sw0t

Description

@c0d3sw0t
c0d3sw0t
opened on Oct 30, 2024

Extracted from documentation: T3-InfoSec/t3-memassist#10

What is the Problem or Limitation?

The encryption and decryption flows are critical components for securing cards and sensitive data within the system. It is essential to ensure that these flows function as expected, enabling the application to safely lock and unlock information. If there are flaws in these processes, it could lead to data breaches, corruption, or loss of user information, compromising the purpose of the memorization assistant.

Describe the Solution You Would Like

The goal is to thoroughly test both the encryption and decryption mechanisms to ensure data integrity and security. The testing will involve several steps:

  1. Encryption Testing:

    • Verify that the encryption process correctly applies the EKA to encrypt cards and the SA0 key.
    • Ensure that encrypted data cannot be accessed or modified without the correct decryption key.
    • Confirm that encryption produces deterministic results (i.e., encrypting the same input multiple times yields consistent ciphertext if required).

  2. Decryption Testing:

    • Ensure that the decryption process correctly retrieves the original data when provided with the correct key.
    • Validate the system’s behavior when incorrect or malformed keys are used, ensuring it fails gracefully without exposing sensitive information.
    • Check that decrypted information matches exactly with the pre-encrypted data (e.g., cards and SA0 key values).

  3. Edge Cases & Error Handling:

    • Test scenarios where:
      • Partial or corrupted data is provided for decryption.
      • Multiple cards are decrypted sequentially or in batches to ensure system scalability.
    • Ensure the system can handle interruptions (e.g., sudden app termination) during encryption/decryption without data loss.

  4. Performance Testing:

    • Measure the time it takes to encrypt and decrypt typical datasets, ensuring the performance is acceptable for users.
    • Ensure there are no memory leaks during repeated encryption and decryption operations.

Additional Considerations

  • Security Practices: Ensure that temporary decrypted data is wiped from memory immediately after use.
  • Logs and Debugging: Implement detailed logging for testing but ensure these logs do not store sensitive data.
  • User Guidance: In the final implementation, provide clear error messages to the user if decryption fails due to incorrect keys or data corruption.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions