public static void DecryptWithSpanWithCiphertextTooSmall(AeadAlgorithm a)
{
using (var k = new Key(a))
{
Assert.False(a.Decrypt(k, new Nonce(0, a.NonceSize), ReadOnlySpan <byte> .Empty, new byte[a.TagSize - 1], Span <byte> .Empty));
}
}
public static void DecryptWithNonceTooSmall(AeadAlgorithm a)
{
using (var k = new Key(a))
{
Assert.False(a.Decrypt(k, new Nonce(0, a.NonceSize - 1), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty, out var pt));
}
}
public static void EncryptEmptyWithSpanTooLarge(AeadAlgorithm a)
{
using (var k = new Key(a))
{
Assert.Throws <ArgumentException>("ciphertext", () => a.Encrypt(k, new Nonce(0, a.NonceSize), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty, new byte[a.TagSize + 1]));
}
}
public static void EncryptWithWrongKey(AeadAlgorithm a)
{
using (var k = new Key(SignatureAlgorithm.Ed25519))
{
Assert.Throws <ArgumentException>("key", () => a.Encrypt(k, default(Nonce), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty));
}
}
public static void EncryptWithNonceTooSmall(AeadAlgorithm a)
{
using (var k = new Key(a))
{
Assert.Throws <ArgumentException>("nonce", () => a.Encrypt(k, new Nonce(0, a.NonceSize - 1), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty));
}
}
public static void DecryptWithSpanWithDisposedKey(AeadAlgorithm a)
{
var k = new Key(a);
k.Dispose();
Assert.Throws <ObjectDisposedException>(() => a.Decrypt(k, new Nonce(0, a.NonceSize), ReadOnlySpan <byte> .Empty, new byte[a.TagSize], Span <byte> .Empty));
}
public static void EncryptEmptySuccess(AeadAlgorithm a)
{
using (var k = new Key(a))
{
var b = a.Encrypt(k, new Nonce(0, a.NonceSize), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty);
Assert.NotNull(b);
Assert.Equal(a.TagSize, b.Length);
}
}
public static void DecryptWithSpanTooLarge(AeadAlgorithm a)
{
using (var k = new Key(a))
{
var ct = a.Encrypt(k, new Nonce(0, a.NonceSize), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty);
Assert.NotNull(ct);
Assert.Equal(a.TagSize, ct.Length);
Assert.Throws <ArgumentException>("plaintext", () => a.Decrypt(k, new Nonce(0, a.NonceSize), ReadOnlySpan <byte> .Empty, ct, new byte[1]));
}
}
public Rfc7905(
Role role,
AeadAlgorithm algorithm,
Key clientWriteKey,
ReadOnlySpan <byte> clientWriteIV,
Key serverWriteKey,
ReadOnlySpan <byte> serverWriteIV)
{
Debug.Assert(algorithm.NonceSize == 12);
Debug.Assert(clientWriteIV.Length == 12);
Debug.Assert(serverWriteIV.Length == 12);
_algorithm = algorithm;
switch (role)
{
// if this is the server side, use serverWriteKey and
// serverWriteIV for sending, and clientWriteKey and
// clientWriteIV for receiving
case Role.Server:
_sendKey = serverWriteKey;
_sendIV = new Nonce(fixedField: serverWriteIV,
counterFieldSize: 0);
_sendSequenceNumber = new Nonce(fixedFieldSize: 4,
counterFieldSize: 8);
_receiveKey = clientWriteKey;
_receiveIV = new Nonce(fixedField: clientWriteIV,
counterFieldSize: 0);
_receiveSequenceNumber = new Nonce(fixedFieldSize: 4,
counterFieldSize: 8);
break;
// if this is the client side, use clientWriteKey and
// clientWriteIV for sending, and serverWriteKey and
// serverWriteIV for receiving
case Role.Client:
_sendKey = clientWriteKey;
_sendIV = new Nonce(fixedField: clientWriteIV,
counterFieldSize: 0);
_sendSequenceNumber = new Nonce(fixedFieldSize: 4,
counterFieldSize: 8);
_receiveKey = serverWriteKey;
_receiveIV = new Nonce(fixedField: serverWriteIV,
counterFieldSize: 0);
_receiveSequenceNumber = new Nonce(fixedFieldSize: 4,
counterFieldSize: 8);
break;
default:
throw new ArgumentOutOfRangeException(nameof(role));
}
}
public static void DecryptWithSpanWithNonceTooLarge(AeadAlgorithm a)
{
if (a.NonceSize == Nonce.MaxSize)
{
return;
}
using (var k = new Key(a))
{
Assert.False(a.Decrypt(k, new Nonce(0, a.NonceSize + 1), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty, Span <byte> .Empty));
}
}
public static void EncryptWithNonceTooLarge(AeadAlgorithm a)
{
if (a.NonceSize == Nonce.MaxSize)
{
return;
}
using (var k = new Key(a))
{
Assert.Throws <ArgumentException>("nonce", () => a.Encrypt(k, new Nonce(0, a.NonceSize + 1), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty));
}
}
public static void DecryptWithCiphertextOverlapping(AeadAlgorithm a)
{
using (var k = new Key(a))
{
var n = new Nonce(Utilities.RandomBytes.Slice(0, a.NonceSize), 0);
var ad = Utilities.RandomBytes.Slice(0, 100).ToArray();
var b = Utilities.RandomBytes.Slice(200, 200).ToArray();
Assert.Throws <ArgumentException>("plaintext", () => a.Decrypt(k, n, ad, b.AsSpan(10, 100 + a.TagSize), b.AsSpan(60, 100)));
Assert.Throws <ArgumentException>("plaintext", () => a.Decrypt(k, n, ad, b.AsSpan(60, 100 + a.TagSize), b.AsSpan(10, 100)));
}
}
private string EncryptSensitiveData(string data, byte[] keyBytes, byte[] nonce)
{
AeadAlgorithm aeadAlgorithm = AeadAlgorithm.Aes256Gcm;
using Key key = Key.Import(AeadAlgorithm.Aes256Gcm, keyBytes, _keyBlobFormat);
byte[] dataBytes = Encoding.UTF8.GetBytes(data);
byte[] encrypted =
aeadAlgorithm.Encrypt(key, nonce, null, Encoding.UTF8.GetBytes(data));
return(encrypted.ByteArrayToHexString());
}
public static void DecryptEmptySuccess(AeadAlgorithm a)
{
using (var k = new Key(a))
{
var ct = a.Encrypt(k, new Nonce(0, a.NonceSize), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty);
Assert.NotNull(ct);
Assert.Equal(a.TagSize, ct.Length);
Assert.True(a.Decrypt(k, new Nonce(0, a.NonceSize), ReadOnlySpan <byte> .Empty, ct, out var pt));
Assert.NotNull(pt);
Assert.Empty(pt);
}
}
public PasswordBasedEncryptionScheme(
PasswordBasedKeyDerivationAlgorithm keyDerivationAlgorithm,
AeadAlgorithm encryptionAlgorithm)
{
if (keyDerivationAlgorithm == null)
{
throw new ArgumentNullException(nameof(keyDerivationAlgorithm));
}
if (encryptionAlgorithm == null)
{
throw new ArgumentNullException(nameof(encryptionAlgorithm));
}
_keyDerivationAlgorithm = keyDerivationAlgorithm;
_encryptionAlgorithm = encryptionAlgorithm;
}
public static void DecryptWithSpanOutOfPlace(AeadAlgorithm a)
{
using (var k = new Key(a))
{
var n = new Nonce(Utilities.RandomBytes.Slice(0, a.NonceSize), 0);
var ad = Utilities.RandomBytes.Slice(0, 100);
var expected = Utilities.RandomBytes.Slice(0, L).ToArray();
var actual = new byte[L];
var ciphertext = a.Encrypt(k, n, ad, expected);
Assert.True(a.Decrypt(k, n, ad, ciphertext, actual));
Assert.Equal(expected, actual);
}
}
public static void DecryptWithAdOverlapping(AeadAlgorithm a)
{
using (var k = new Key(a))
{
var n = new Nonce(Utilities.RandomBytes.Slice(0, a.NonceSize), 0);
var b = Utilities.RandomBytes.Slice(0, L);
var expected = b.ToArray();
var actual = Utilities.RandomBytes.Slice(200, L).ToArray();
var ciphertext = a.Encrypt(k, n, actual.AsSpan(10, 100), expected);
Assert.True(a.Decrypt(k, n, actual.AsSpan(10, 100), ciphertext, actual));
Assert.Equal(expected, actual);
}
}
public static void DecryptFailClearsPlaintext(AeadAlgorithm a)
{
using (var k = new Key(a))
{
var pt = new byte[16];
for (var i = 0; i < pt.Length; i++)
{
pt[i] = 0xD6;
}
var ct = new byte[pt.Length + a.TagSize];
Assert.False(a.Decrypt(k, new Nonce(0, a.NonceSize), ReadOnlySpan <byte> .Empty, ct, pt));
Assert.Equal(new byte[pt.Length], pt);
}
}
public static void EncryptWithAdOverlapping(AeadAlgorithm a)
{
using (var k = new Key(a))
{
var n = new Nonce(Utilities.RandomBytes.Slice(0, a.NonceSize), 0);
var b = Utilities.RandomBytes.Slice(0, L);
var expected = new byte[b.Length + a.TagSize];
var actual = new byte[b.Length + a.TagSize];
Utilities.RandomBytes.Slice(200, actual.Length).CopyTo(actual);
a.Encrypt(k, n, actual, b, expected);
a.Encrypt(k, n, actual, b, actual);
Assert.Equal(expected, actual);
}
}
public static void EncryptWithSpanInPlace(AeadAlgorithm a)
{
using (var k = new Key(a))
{
var n = new Nonce(Utilities.RandomBytes.Slice(0, a.NonceSize), 0);
var ad = Utilities.RandomBytes.Slice(0, 100);
var expected = new byte[L + a.TagSize];
var actual = new byte[L + a.TagSize];
Utilities.RandomBytes.Slice(0, L).CopyTo(actual);
a.Encrypt(k, n, ad, actual.AsSpan(0, L), expected);
a.Encrypt(k, n, ad, actual.AsSpan(0, L), actual);
Assert.Equal(expected, actual);
}
}
public static void CreateKey(AeadAlgorithm a)
{
using (var k = new Key(a, new KeyCreationParameters {
ExportPolicy = KeyExportPolicies.AllowPlaintextArchiving
}))
{
Assert.Same(a, k.Algorithm);
Assert.Null(k.PublicKey);
Assert.Equal(a.KeySize, k.Size);
var actual = k.Export(KeyBlobFormat.RawSymmetricKey);
var unexpected = new byte[actual.Length];
Utilities.Fill(unexpected, actual[0]);
Assert.NotEqual(unexpected, actual);
}
}
public Rfc5288(
Role role,
AeadAlgorithm algorithm,
Key clientWriteKey,
ReadOnlySpan <byte> clientWriteIV,
Key serverWriteKey,
ReadOnlySpan <byte> serverWriteIV)
{
Debug.Assert(algorithm.NonceSize == 12);
Debug.Assert(clientWriteIV.Length == 4);
Debug.Assert(serverWriteIV.Length == 4);
_algorithm = algorithm;
switch (role)
{
// if this is the server side, use serverWriteKey and
// serverWriteIV for sending, and clientWriteKey and
// clientWriteIV for receiving
case Role.Server:
_sendKey = serverWriteKey;
_sendNonce = new Nonce(fixedField: serverWriteIV,
counterFieldSize: 8);
_receiveKey = clientWriteKey;
_receiveNonce = new Nonce(fixedField: clientWriteIV,
counterFieldSize: 8);
break;
// if this is the client side, use clientWriteKey and
// clientWriteIV for sending, and serverWriteKey and
// serverWriteIV for receiving
case Role.Client:
_sendKey = clientWriteKey;
_sendNonce = new Nonce(fixedField: clientWriteIV,
counterFieldSize: 8);
_receiveKey = serverWriteKey;
_receiveNonce = new Nonce(fixedField: serverWriteIV,
counterFieldSize: 8);
break;
}
}
public static void DecryptWithNullKey(AeadAlgorithm a)
{
Assert.Throws <ArgumentNullException>("key", () => a.Decrypt(null !, default(Nonce), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty, out var pt));
}
public static void EncryptWithSpanWithNullKey(AeadAlgorithm a)
{
Assert.Throws <ArgumentNullException>("key", () => a.Encrypt(null, default(Nonce), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty, Span <byte> .Empty));
}
public static void Properties(AeadAlgorithm a)
{
Assert.True(a.KeySize > 0);
Assert.InRange(a.NonceSize, 0, Nonce.MaxSize);
Assert.InRange(a.TagSize, 0, 255);
}
