public static void TestComparisons()
{
AesKey key1 = new AesKey(new byte[] { 5, 6, 7, 8, 2, 4, 55, 77, 34, 65, 89, 12, 45, 87, 54, 255 });
AesKey key2 = new AesKey(new byte[] { 5, 6, 7, 8, 2, 4, 55, 77, 34, 65, 89, 12, 45, 87, 54, 255 });
KeyWrapSalt salt1 = new KeyWrapSalt(AesKey.DefaultKeyLength);
KeyWrapSalt salt2 = new KeyWrapSalt(AesKey.DefaultKeyLength);
AesKeyThumbprint thumbprint1a = new AesKeyThumbprint(key1, salt1, 13);
AesKeyThumbprint thumbprint1a_alias = thumbprint1a;
AesKeyThumbprint thumbprint1b = new AesKeyThumbprint(key1, salt2, 25);
AesKeyThumbprint thumbprint2a = new AesKeyThumbprint(key2, salt2, 25);
AesKeyThumbprint thumbprint2b = new AesKeyThumbprint(key2, salt1, 13);
AesKeyThumbprint nullThumbprint = null;
Assert.That(thumbprint1a == thumbprint1a_alias, "Same instance should of course compare equal.");
Assert.That(nullThumbprint != thumbprint1a, "A null should not compare equal to any other instance.");
Assert.That(thumbprint1a != nullThumbprint, "A null should not compare equal to any other instance.");
Assert.That(thumbprint1a == thumbprint2b, "Same raw key and salt, but different instance, should compare equal.");
Assert.That(thumbprint1b == thumbprint2a, "Same raw key and salt, but different instance, should compare equal.");
Assert.That(thumbprint1a != thumbprint1b, "Same raw key but different salt, should compare inequal.");
Assert.That(thumbprint2a != thumbprint2b, "Same raw key but different salt, should compare inequal.");
object object1a = thumbprint1a;
object object2b = thumbprint2b;
Assert.That(object1a.Equals(nullThumbprint), Is.False, "An instance does not equals null.");
Assert.That(object1a.Equals(object2b), Is.True, "The two instances are equivalent.");
object badTypeObject = key1;
Assert.That(object1a.Equals(badTypeObject), Is.False, "The object being compared to is of the wrong type.");
}
public byte[] UnwrapMasterKey(AesKey keyEncryptingKey, byte fileVersionMajor)
{
byte[] wrappedKeyData = GetKeyData();
KeyWrapSalt salt = Salt;
if (fileVersionMajor <= 1)
{
// Due to a bug in 1.1 and earlier we only used a truncated part of the key and salt :-(
// Compensate for this here. Users should be warned if FileVersionMajor <= 1 .
byte[] badKey = new byte[keyEncryptingKey.Length];
Array.Copy(keyEncryptingKey.GetBytes(), 0, badKey, 0, 4);
keyEncryptingKey = new AesKey(badKey);
byte[] badSalt = new byte[salt.Length];
Array.Copy(salt.GetBytes(), 0, badSalt, 0, 4);
salt = new KeyWrapSalt(badSalt);
}
byte[] unwrappedKeyData;
using (KeyWrap keyWrap = new KeyWrap(keyEncryptingKey, salt, Iterations, KeyWrapMode.AxCrypt))
{
unwrappedKeyData = keyWrap.Unwrap(wrappedKeyData);
}
return(unwrappedKeyData);
}
public static void TestMethodsEtc()
{
KeyWrapSalt salt = null;
Assert.DoesNotThrow(() =>
{
salt = new KeyWrapSalt(16);
Assert.That(salt.Length, Is.EqualTo(16), "The length should be what was asked for.");
Assert.That(salt.GetBytes(), Is.Not.EquivalentTo(new byte[16]), "A random salt is not likely to be all zeros.");
salt = new KeyWrapSalt(24);
Assert.That(salt.Length, Is.EqualTo(24), "The length should be what was asked for.");
Assert.That(salt.GetBytes(), Is.Not.EquivalentTo(new byte[24]), "A random salt is not likely to be all zeros.");
salt = new KeyWrapSalt(32);
Assert.That(salt.Length, Is.EqualTo(32), "The length should be what was asked for.");
Assert.That(salt.GetBytes(), Is.Not.EquivalentTo(new byte[32]), "A random salt is not likely to be all zeros.");
salt = new KeyWrapSalt(new byte[16]);
Assert.That(salt.GetBytes(), Is.EquivalentTo(new byte[16]), "A salt with all zeros was requested.");
salt = new KeyWrapSalt(new byte[24]);
Assert.That(salt.GetBytes(), Is.EquivalentTo(new byte[24]), "A salt with all zeros was requested.");
salt = new KeyWrapSalt(new byte[32]);
Assert.That(salt.GetBytes(), Is.EquivalentTo(new byte[32]), "A salt with all zeros was requested.");
salt = new KeyWrapSalt(new byte[0]);
Assert.That(salt.Length, Is.EqualTo(0), "As a special case, zero length salt is supported - equivalent to no salt.");
}
);
Assert.Throws <ArgumentNullException>(() =>
{
salt = new KeyWrapSalt(null);
});
Assert.Throws <InternalErrorException>(() =>
{
salt = new KeyWrapSalt(0);
});
Assert.Throws <InternalErrorException>(() =>
{
salt = new KeyWrapSalt(-16);
});
Assert.Throws <InternalErrorException>(() =>
{
salt = new KeyWrapSalt(48);
});
Assert.Throws <InternalErrorException>(() =>
{
salt = new KeyWrapSalt(new byte[12]);
});
}
public void RewrapMasterKey(AesKey masterKey, AesKey keyEncryptingKey)
{
KeyWrapSalt salt = new KeyWrapSalt(keyEncryptingKey.Length);
using (KeyWrap keyWrap = new KeyWrap(keyEncryptingKey, salt, Iterations, KeyWrapMode.AxCrypt))
{
byte[] wrappedKeyData = keyWrap.Wrap(masterKey);
Set(wrappedKeyData, salt, Iterations);
}
}
private void Initialize(AesKey keyEncryptingKey)
{
AesKey masterKey = new AesKey();
long iterations = OS.Current.KeyWrapIterations;
KeyWrapSalt salt = new KeyWrapSalt(keyEncryptingKey.Length);
using (KeyWrap keyWrap = new KeyWrap(keyEncryptingKey, salt, iterations, KeyWrapMode.AxCrypt))
{
byte[] wrappedKeyData = keyWrap.Wrap(masterKey);
Set(wrappedKeyData, salt, iterations);
}
}
public static void TestInvalidArguments()
{
AesKey nullKey = null;
KeyWrapSalt nullSalt = null;
Assert.Throws <ArgumentNullException>(() => { if (new AesKeyThumbprint(nullKey, new KeyWrapSalt(16), 10) == null)
{
}
});
Assert.Throws <ArgumentNullException>(() => { if (new AesKeyThumbprint(new AesKey(), nullSalt, 10) == null)
{
}
});
}
public static void TestGetHashCode()
{
AesKey key1 = new AesKey(new byte[] { 5, 6, 7, 8, 2, 4, 55, 77, 34, 65, 89, 12, 45, 87, 54, 255 });
AesKey key2 = new AesKey(new byte[] { 5, 6, 7, 8, 2, 4, 55, 77, 34, 65, 89, 12, 45, 87, 54, 255 });
KeyWrapSalt salt1 = new KeyWrapSalt(AesKey.DefaultKeyLength);
KeyWrapSalt salt2 = new KeyWrapSalt(AesKey.DefaultKeyLength);
AesKeyThumbprint thumbprint1a = new AesKeyThumbprint(key1, salt1, 17);
AesKeyThumbprint thumbprint1b = new AesKeyThumbprint(key1, salt2, 17);
AesKeyThumbprint thumbprint2a = new AesKeyThumbprint(key2, salt2, 17);
Assert.That(thumbprint1a.GetHashCode() != thumbprint1b.GetHashCode(), "The salt is different, so the hash code should be different.");
Assert.That(thumbprint1b.GetHashCode() == thumbprint2a.GetHashCode(), "The keys are equivalent, and the salt the same, so the hash code should be different.");
}
public static void TestAesKeyThumbprintMethods()
{
AesKey key1 = new AesKey(new byte[] { 5, 6, 7, 8, 2, 4, 55, 77, 34, 65, 89, 12, 45, 87, 54, 255 });
AesKey key2 = new AesKey(new byte[] { 5, 6, 7, 8, 2, 4, 55, 77, 34, 65, 89, 12, 45, 87, 54, 255 });
KeyWrapSalt salt1 = new KeyWrapSalt(16);
KeyWrapSalt salt2 = new KeyWrapSalt(salt1.GetBytes());
AesKeyThumbprint thumbprint1 = new AesKeyThumbprint(key1, salt1, 10);
AesKeyThumbprint thumbprint2 = new AesKeyThumbprint(key2, salt2, 10);
Assert.That(thumbprint1 == thumbprint2, "Two thumb prints made from the same key and salt bytes, although different AesKey instances should be equivalent.");
AesKeyThumbprint thumbprint3 = new AesKeyThumbprint(new AesKey(), new KeyWrapSalt(AesKey.DefaultKeyLength), 10);
Assert.That(thumbprint2 != thumbprint3, "Two very different keys and salts should not be equivalent.");
}
public void TestWrapAndUnwrapAxCryptMode()
{
AesKey keyToWrap = new AesKey(new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 });
AesKey keyEncryptingKey = new AesKey(new byte[] { 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 });
KeyWrapSalt salt = new KeyWrapSalt(new byte[] { 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31 });
long iterations = 12345;
byte[] wrapped;
using (KeyWrap keyWrap = new KeyWrap(keyEncryptingKey, salt, iterations, KeyWrapMode.AxCrypt))
{
wrapped = keyWrap.Wrap(keyToWrap);
}
byte[] unwrapped;
using (KeyWrap keyWrap = new KeyWrap(keyEncryptingKey, salt, iterations, KeyWrapMode.AxCrypt))
{
unwrapped = keyWrap.Unwrap(wrapped);
}
Assert.That(unwrapped, Is.EquivalentTo(keyToWrap.GetBytes()), "The unwrapped data should be equal to original.");
}
protected void Set(byte[] wrapped, KeyWrapSalt salt, long iterations)
{
if (wrapped == null)
{
throw new ArgumentNullException("wrapped");
}
if (wrapped.Length != 16 + 8)
{
throw new ArgumentException("wrapped must be 128 bits + 8 bytes.");
}
if (salt == null)
{
throw new ArgumentNullException("salt");
}
if (salt.Length != 16)
{
throw new ArgumentException("salt must have same length as the wrapped key, i.e. 128 bits.");
}
Array.Copy(wrapped, 0, GetDataBlockBytesReference(), 0, wrapped.Length);
Array.Copy(salt.GetBytes(), 0, GetDataBlockBytesReference(), 16 + 8, salt.Length);
byte[] iterationsBytes = iterations.GetLittleEndianBytes();
Array.Copy(iterationsBytes, 0, GetDataBlockBytesReference(), 16 + 8 + 16, sizeof(uint));
}
public static void TestSetBadArguments()
{
KeyWrap1HeaderBlockForTest keyWrap1HeaderBlock = new KeyWrap1HeaderBlockForTest(new AesKey());
KeyWrapSalt okSalt = new KeyWrapSalt(16);
KeyWrapSalt badSalt = new KeyWrapSalt(32);
Assert.Throws <ArgumentNullException>(() =>
{
keyWrap1HeaderBlock.SetValuesDirect(null, okSalt, 100);
});
Assert.Throws <ArgumentException>(() =>
{
keyWrap1HeaderBlock.SetValuesDirect(new byte[0], okSalt, 100);
});
Assert.Throws <ArgumentException>(() =>
{
keyWrap1HeaderBlock.SetValuesDirect(new byte[16], okSalt, 100);
});
Assert.Throws <ArgumentException>(() =>
{
keyWrap1HeaderBlock.SetValuesDirect(new byte[32], okSalt, 100);
});
Assert.Throws <ArgumentNullException>(() =>
{
keyWrap1HeaderBlock.SetValuesDirect(new byte[24], null, 100);
});
Assert.Throws <ArgumentException>(() =>
{
keyWrap1HeaderBlock.SetValuesDirect(new byte[24], badSalt, 100);
});
}
public void SetValuesDirect(byte[] wrapped, KeyWrapSalt salt, long iterations)
{
Set(wrapped, salt, iterations);
}
