public JToken DecryptResourceData(JToken item) { const string encryptedContentProperty = "encryptedContent"; const string certificateIdProperty = "encryptionCertificateId"; const string symmetricKeyProperty = "dataKey"; const string encryptedPayloadProperty = "data"; const string signatureProperty = "dataSignature"; var encryptedContent = item[encryptedContentProperty]; string certificateId = encryptedContent[certificateIdProperty]?.Value <string>() ?? throw new InvalidOperationException("Encryption key id does not exist in the notification payload"); string encryptedSymmetricKey = encryptedContent[symmetricKeyProperty]?.Value <string>() ?? throw new InvalidOperationException("Symmetric key does not exist in the notification payload"); string encryptedPayload = encryptedContent[encryptedPayloadProperty]?.Value <string>() ?? throw new InvalidOperationException("Encrypted payload ;sdoes not exist in the notification payload"); string hashMac = encryptedContent[signatureProperty]?.Value <string>() ?? throw new InvalidOperationException("Encrypted signature does not exist in the notification payload"); var payloadBytes = Convert.FromBase64String(encryptedPayload); var signatureBytes = Convert.FromBase64String(hashMac); // descrypt the symetric key var symmetricKey = AsymmetricDecryptor.Decrypt(Convert.FromBase64String(encryptedSymmetricKey), certificateId); // verify signature using the symmetric key SymmetricDecryptor.VerifyHMACSignature(payloadBytes, symmetricKey, signatureBytes); // decrypt payload using symmetric key string plainText = SymmetricDecryptor.Decrypt(payloadBytes, symmetricKey); return(JToken.Parse(plainText)); }
public static byte[] SymmetricDecrypt(SymmetricAlgorithm algorithm, byte[] data) { ValidateParameters(algorithm, data); SymmetricDecryptor decryptor = new SymmetricDecryptor(algorithm, data); return(decryptor.GetDecryptedBytes()); }
public static string SymmetricDecrypt(SymmetricAlgorithm algorithm, string data) { ValidateParameters(algorithm, data); SymmetricDecryptor decryptor = new SymmetricDecryptor(algorithm, data); return(decryptor.GetDecryptedString()); }
/// <summary> /// Returns the original string given the encrypted form and provided key /// and iv, and specified symmetric encrpytion algorithm. /// </summary> public static string SymmetricDecrypt <T>(string data, byte[] key, byte[] iv) where T : SymmetricAlgorithm { ValidateParameters(data, key, iv); SymmetricAlgorithm algorithm = Activator.CreateInstance <T>(); SymmetricDecryptor decryptor = new SymmetricDecryptor(algorithm, data, key, iv); return(decryptor.GetDecryptedString()); }
public void DecryptByByteArrayReturnsTheCipherTextParameterWhenItIsNotLongEnoughForTheHeader() { var credential = new Credential( () => new byte[] { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15 }, SymmetricAlgorithm.Aes, 16); var symmetricDecryptor = new SymmetricDecryptor(credential, Encoding.UTF8); var plaintext = new byte[] { 1, 16 }; var decrypted = symmetricDecryptor.Decrypt(plaintext); decrypted.Should().BeSameAs(plaintext); }
public void DecryptByStringReturnsTheCipherTextParameterWhenItIsNotBase64Encoded() { var credential = new Credential( () => new byte[] { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15 }, SymmetricAlgorithm.Aes, 16); var symmetricDecryptor = new SymmetricDecryptor(credential, Encoding.UTF8); var plaintext = "This is not a base-64 encoded string."; var decrypted = symmetricDecryptor.Decrypt(plaintext); decrypted.Should().BeSameAs(plaintext); }
public void CanDecryptByString() { var credential = new Credential( () => new byte[] { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15 }, SymmetricAlgorithm.Aes, 16); var symmetricDecryptor = new SymmetricDecryptor(credential, Encoding.UTF8); var encrypted = "ARAAR0wt0bewMNdNByQ5OuJmKj6AfWMNWYSIrPaLR0h/bBF4fcSjCXwJrxZ1upPDByFp"; var decrypted = symmetricDecryptor.Decrypt(encrypted); decrypted.Should().NotBeNullOrEmpty(); decrypted.Should().NotBe(encrypted); }
public void CanDecryptByString() { var credentialMock = new Mock <ICredential>(); credentialMock.Setup(cm => cm.Algorithm).Returns(SymmetricAlgorithm.Aes); credentialMock.Setup(cm => cm.IVSize).Returns(16); credentialMock.Setup(cm => cm.GetKey()).Returns(new byte[] { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15 }); var symmetricEncryptor = new SymmetricDecryptor(credentialMock.Object, Encoding.UTF8); var unencrypted = "ARAAR0wt0bewMNdNByQ5OuJmKj6AfWMNWYSIrPaLR0h/bBF4fcSjCXwJrxZ1upPDByFp"; var encrypted = symmetricEncryptor.Decrypt(unencrypted); encrypted.Should().NotBeNullOrEmpty(); encrypted.Should().NotBe(unencrypted); }
public static void MismatchedEncodingCausesEncodingDiscrepency() { var credential = new Credential( () => new byte[] { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15 }, SymmetricAlgorithm.Aes, 16); using var symmetricEncryptor = new SymmetricEncryptor(credential, Encoding.UTF8); using var symmetricDecryptor = new SymmetricDecryptor(credential, Encoding.UTF32); var unencrypted = "This is some string. 😂🤣"; var encrypted = symmetricEncryptor.Encrypt(unencrypted); var decrypted = symmetricDecryptor.Decrypt(encrypted); encrypted.Should().NotBe(unencrypted); decrypted.Should().NotBe(encrypted); decrypted.Should().NotBe(unencrypted); }
public static void CanRoundTripByString() { var credential = new Credential( () => new byte[] { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15 }, SymmetricAlgorithm.Aes, 16); using var symmetricEncryptor = new SymmetricEncryptor(credential, Encoding.UTF8); using var symmetricDecryptor = new SymmetricDecryptor(credential, Encoding.UTF8); var unencrypted = "This is some string"; var encrypted = symmetricEncryptor.Encrypt(unencrypted); var decrypted = symmetricDecryptor.Decrypt(encrypted); encrypted.Should().NotBe(unencrypted); decrypted.Should().NotBe(encrypted); decrypted.Should().Be(unencrypted); }
public void CanRoundTripByByteArray() { var credential = new Credential( () => new byte[] { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15 }, SymmetricAlgorithm.Aes, 16); var symmetricEncryptor = new SymmetricEncryptor(credential, Encoding.UTF8); var symmetricDecryptor = new SymmetricDecryptor(credential, Encoding.UTF8); var unencryptedString = "This is some string"; var unencrypted = Encoding.UTF8.GetBytes(unencryptedString); var encrypted = symmetricEncryptor.Encrypt(unencrypted); var decrypted = symmetricDecryptor.Decrypt(encrypted); encrypted.Should().NotEqual(unencrypted); decrypted.Should().NotEqual(encrypted); decrypted.Should().Equal(unencrypted); }
public static void CannotRoundTripByStringWithMismatchedCredentials() { var credential1 = new Credential( () => new byte[] { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15 }, SymmetricAlgorithm.Aes, 16); var credential2 = new Credential( () => new byte[] { 0x15, 0x14, 0x13, 0x12, 0x11, 0x10, 0x9, 0x8, 0x7, 0x6, 0x5, 0x4, 0x3, 0x2, 0x1, 0x0 }, SymmetricAlgorithm.Aes, 16); using var symmetricEncryptor = new SymmetricEncryptor(credential1, Encoding.UTF8); using var symmetricDecryptor = new SymmetricDecryptor(credential2, Encoding.UTF8); var unencrypted = "This is some string"; var encrypted = symmetricEncryptor.Encrypt(unencrypted); var action = () => symmetricDecryptor.Decrypt(encrypted); action.Should().Throw <CryptographicException>(); }
public void DecryptByByteArrayReturnsTheCipherTextParameterWhenTheVersionIsNot1() { var credential = new Credential( () => new byte[] { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15 }, SymmetricAlgorithm.Aes, 16); var symmetricDecryptor = new SymmetricDecryptor(credential, Encoding.UTF8); for (int i = 0; i < 256; i++) { if (i == 1) { continue; } var plaintext = new byte[] { (byte)i, 16, 0, 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 }; var decrypted = symmetricDecryptor.Decrypt(plaintext); decrypted.Should().BeSameAs(plaintext); } }
public static void DecryptByByteArrayReturnsTheCipherTextParameterWhenTheIVSizeIsNot8Or16() { var credential = new Credential( () => new byte[] { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15 }, SymmetricAlgorithm.Aes, 16); using var symmetricDecryptor = new SymmetricDecryptor(credential, Encoding.UTF8); for (int i = 0; i < 256; i++) { for (int j = 0; j < 256; j++) { if ((i == 8 || i == 16) && j == 0) { continue; } var plaintext = new byte[] { 1, (byte)i, (byte)j, 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 }; var decrypted = symmetricDecryptor.Decrypt(plaintext); decrypted.Should().BeSameAs(plaintext); } } }