public void ThrowWhenDecryptingLessThanSixtyFiveBytes(byte[] ciphertext)
{
DataEncryptionKey encryptionKey = new ProtectedDataEncryptionKey("EK", keyEncryptionKey, encryptedDataEncryptionKey);
AeadAes256CbcHmac256EncryptionAlgorithm encryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(encryptionKey, EncryptionType.Deterministic);
Assert.Throws <ArgumentException>(() => encryptionAlgorithm.Decrypt(ciphertext));
}
private JToken DecryptAndDeserializeValue(
JToken jToken,
AeadAes256CbcHmac256EncryptionAlgorithm aeadAes256CbcHmac256EncryptionAlgorithm)
{
byte[] cipherTextWithTypeMarker = jToken.ToObject <byte[]>();
if (cipherTextWithTypeMarker == null)
{
return(null);
}
byte[] cipherText = new byte[cipherTextWithTypeMarker.Length - 1];
Buffer.BlockCopy(cipherTextWithTypeMarker, 1, cipherText, 0, cipherTextWithTypeMarker.Length - 1);
byte[] plainText = aeadAes256CbcHmac256EncryptionAlgorithm.Decrypt(cipherText);
if (plainText == null)
{
throw new InvalidOperationException($"{nameof(this.DecryptAndDeserializeValue)} returned null plainText from {nameof(aeadAes256CbcHmac256EncryptionAlgorithm.Decrypt)}. ");
}
return(DeserializeAndAddProperty(
plainText,
(TypeMarker)cipherTextWithTypeMarker[0]));
}
public void ThrowWhenDecryptionAnInvalidAuthenticationTag()
{
byte[] invalidAuthTag = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65 };
DataEncryptionKey encryptionKey = new ProtectedDataEncryptionKey("EK", keyEncryptionKey, encryptedDataEncryptionKey);
AeadAes256CbcHmac256EncryptionAlgorithm encryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(encryptionKey, EncryptionType.Deterministic);
Assert.Throws <CryptographicException>(() => encryptionAlgorithm.Decrypt(invalidAuthTag));
}
public void ReturnNullWhenDecryptingNull()
{
DataEncryptionKey encryptionKey = new ProtectedDataEncryptionKey("EK", keyEncryptionKey, encryptedDataEncryptionKey);
AeadAes256CbcHmac256EncryptionAlgorithm encryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(encryptionKey, EncryptionType.Deterministic);
byte[] plaintext = encryptionAlgorithm.Decrypt(null);
Assert.Null(plaintext);
}
public void EncryptAndDecryptToTheSameValue <T>(T originalPlaintext, Serializer <T> serializer)
{
DataEncryptionKey[] keys =
{
new ProtectedDataEncryptionKey("EK", keyEncryptionKey, encryptedDataEncryptionKey),
new PlaintextDataEncryptionKey("EK", plaintextEncryptionKeyBytes)
};
foreach (DataEncryptionKey encryptionKey in keys)
{
EncryptionType encryptionType = (EncryptionType)random.Next(1, 2);
AeadAes256CbcHmac256EncryptionAlgorithm encryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(encryptionKey, encryptionType);
byte[] serializedPlaintext = serializer.Serialize(originalPlaintext);
byte[] ciphhertext = encryptionAlgorithm.Encrypt(serializedPlaintext);
byte[] decryptedPlaintext = encryptionAlgorithm.Decrypt(ciphhertext);
T actualPlaintext = serializer.Deserialize(decryptedPlaintext);
Assert.Equal(originalPlaintext, actualPlaintext);
}
}