public static void DecryptWithCiphertextOverlapping(AeadAlgorithm a)
{
using (var k = new Key(a))
{
var n = new Nonce(Utilities.RandomBytes.Slice(0, a.NonceSize), 0);
var ad = Utilities.RandomBytes.Slice(0, 100).ToArray();
var b = Utilities.RandomBytes.Slice(200, 200).ToArray();
Assert.Throws <ArgumentException>("plaintext", () => a.Decrypt(k, n, ad, b.AsSpan(10, 100 + a.TagSize), b.AsSpan(60, 100)));
Assert.Throws <ArgumentException>("plaintext", () => a.Decrypt(k, n, ad, b.AsSpan(60, 100 + a.TagSize), b.AsSpan(10, 100)));
}
}
public static void DecryptWithSpanWithWrongKey(AeadAlgorithm a)
{
using (var k = new Key(SignatureAlgorithm.Ed25519))
{
Assert.Throws <ArgumentException>("key", () => a.Decrypt(k, default(Nonce), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty, Span <byte> .Empty));
}
}
public static void DecryptWithSpanWithCiphertextTooSmall(AeadAlgorithm a)
{
using (var k = new Key(a))
{
Assert.False(a.Decrypt(k, new Nonce(0, a.NonceSize), ReadOnlySpan <byte> .Empty, new byte[a.TagSize - 1], Span <byte> .Empty));
}
}
public static void DecryptWithNonceTooSmall(AeadAlgorithm a)
{
using (var k = new Key(a))
{
Assert.False(a.Decrypt(k, new Nonce(0, a.NonceSize - 1), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty, out var pt));
}
}
public static void DecryptWithSpanWithDisposedKey(AeadAlgorithm a)
{
var k = new Key(a);
k.Dispose();
Assert.Throws <ObjectDisposedException>(() => a.Decrypt(k, new Nonce(0, a.NonceSize), ReadOnlySpan <byte> .Empty, new byte[a.TagSize], Span <byte> .Empty));
}
public bool DecryptAfterReceive(
ReadOnlySpan <byte> associatedData,
ReadOnlySpan <byte> ciphertext,
Span <byte> plaintext)
{
// decrypt the ciphertext with the receive nonce
if (!_algorithm.Decrypt(
_receiveKey,
_receiveNonce,
associatedData,
ciphertext,
plaintext))
{
// abort the connection if decryption fails
_sendKey.Dispose();
_receiveKey.Dispose();
return(false);
}
// increment the counter field of the receive nonce
if (!Nonce.TryIncrement(ref _receiveNonce))
{
// abort the connection when the counter field of the
// receive nonce reaches the maximum value
_sendKey.Dispose();
_receiveKey.Dispose();
}
return(true);
}
public static void DecryptWithSpanInPlace(AeadAlgorithm a)
{
using (var k = new Key(a))
{
var n = new Nonce(Utilities.RandomBytes.Slice(0, a.NonceSize), 0);
var ad = Utilities.RandomBytes.Slice(0, 100);
var actual = new byte[L + a.TagSize];
var expected = new byte[L + a.TagSize];
a.Encrypt(k, n, ad, Utilities.RandomBytes.Slice(0, L), actual);
a.Encrypt(k, n, ad, Utilities.RandomBytes.Slice(0, L), expected);
Assert.True(a.Decrypt(k, n, ad, actual, expected.AsSpan(0, L)));
Assert.True(a.Decrypt(k, n, ad, actual, actual.AsSpan(0, L)));
Assert.Equal(expected, actual);
}
}
private static void Tests()
{
Console.WriteLine("Performing tests...");
foreach (var i in Enumerable.Range(0, 10000))
{
var key = Key.Create(KeyAgreementAlgorithm.X25519,
new KeyCreationParameters {
ExportPolicy = KeyExportPolicies.AllowPlaintextExport
});
var key2 = Key.Create(KeyAgreementAlgorithm.X25519,
new KeyCreationParameters {
ExportPolicy = KeyExportPolicies.AllowPlaintextExport
});
var test1 = Convert.ToBase64String(SharedKey(key.Export(Pub), key2.Export(Priv))
.Export(KeyBlobFormat.NSecSymmetricKey)) ==
Convert.ToBase64String(SharedKey(key2.Export(Pub), key.Export(Priv))
.Export(KeyBlobFormat.NSecSymmetricKey));
var encdata = Aead.Encrypt(SharedKey(key.Export(Pub), key2.Export(Priv)), new Nonce(0, 12),
ReadOnlySpan <byte> .Empty, Encoding.UTF8.GetBytes("test2"));
var encdata2 = Aead.Encrypt(SharedKey(key2.Export(Pub), key.Export(Priv)), new Nonce(0, 12),
ReadOnlySpan <byte> .Empty, Encoding.UTF8.GetBytes("test2"));
var test2 = Convert.ToBase64String(encdata) == Convert.ToBase64String(encdata2);
var dec = Aead.Decrypt(SharedKey(key.Export(Pub), key2.Export(Priv)), new Nonce(0, 12),
ReadOnlySpan <byte> .Empty, encdata, out var decdata);
var dec2 = Aead.Decrypt(SharedKey(key2.Export(Pub), key.Export(Priv)), new Nonce(0, 12),
ReadOnlySpan <byte> .Empty, encdata, out var decdata2);
var test3 = dec && dec2;
var test4 = Convert.ToBase64String(decdata ?? throw new InvalidOperationException()) ==
Convert.ToBase64String(decdata2 ?? throw new InvalidOperationException());
if (test1 && test2 && test3 && test4)
{
if (i % 100 == 0)
{
Console.WriteLine($"Passed {i}");
}
}
else
{
Console.WriteLine(
$"Failed a test at {i} out of 10000. Test 1 (Key agreement): {test1} \r\nTest 2 (Encrypting with same key): {test2}\r\nTest 3 (Testing if decryption passes): {test3}\r\nTest 4(Testing if decrypted data is identical: {test4}");
return;
}
}
}
public static void DecryptWithSpanTooLarge(AeadAlgorithm a)
{
using (var k = new Key(a))
{
var ct = a.Encrypt(k, new Nonce(0, a.NonceSize), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty);
Assert.NotNull(ct);
Assert.Equal(a.TagSize, ct.Length);
Assert.Throws <ArgumentException>("plaintext", () => a.Decrypt(k, new Nonce(0, a.NonceSize), ReadOnlySpan <byte> .Empty, ct, new byte[1]));
}
}
public static void DecryptWithSpanWithNonceTooLarge(AeadAlgorithm a)
{
if (a.NonceSize == Nonce.MaxSize)
{
return;
}
using (var k = new Key(a))
{
Assert.False(a.Decrypt(k, new Nonce(0, a.NonceSize + 1), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty, Span <byte> .Empty));
}
}
public static void DecryptEmptySuccess(AeadAlgorithm a)
{
using (var k = new Key(a))
{
var ct = a.Encrypt(k, new Nonce(0, a.NonceSize), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty);
Assert.NotNull(ct);
Assert.Equal(a.TagSize, ct.Length);
Assert.True(a.Decrypt(k, new Nonce(0, a.NonceSize), ReadOnlySpan <byte> .Empty, ct, out var pt));
Assert.NotNull(pt);
Assert.Empty(pt);
}
}
private string DecryptSensitiveData(string encryptedData, byte[] keyBytes, byte[] nonce)
{
AeadAlgorithm aeadAlgorithm = AeadAlgorithm.Aes256Gcm;
using Key key = Key.Import(AeadAlgorithm.Aes256Gcm, keyBytes, _keyBlobFormat);
byte[] dataBytes = encryptedData.HexStringToByteArray();
byte[] decrypted =
aeadAlgorithm.Decrypt(key, nonce, null, Encoding.UTF8.GetBytes(encryptedData));
return(decrypted.ByteArrayToHexString());
}
private static bool DecryptAfterReceive(Nonce receiveNonce, ReadOnlySpan <byte> ciphertext, Span <byte> plaintext)
{
if (!_algorithm.Decrypt(_sendKey, receiveNonce, _associatedData, ciphertext, plaintext))
{
_sendKey.Dispose();
return(false);
}
if (!Nonce.TryIncrement(ref _receiveSequenceNumber))
{
_sendKey.Dispose();
return(false);
}
return(true);
}
public static void DecryptWithSpanOutOfPlace(AeadAlgorithm a)
{
using (var k = new Key(a))
{
var n = new Nonce(Utilities.RandomBytes.Slice(0, a.NonceSize), 0);
var ad = Utilities.RandomBytes.Slice(0, 100);
var expected = Utilities.RandomBytes.Slice(0, L).ToArray();
var actual = new byte[L];
var ciphertext = a.Encrypt(k, n, ad, expected);
Assert.True(a.Decrypt(k, n, ad, ciphertext, actual));
Assert.Equal(expected, actual);
}
}
public static void DecryptFailClearsPlaintext(AeadAlgorithm a)
{
using (var k = new Key(a))
{
var pt = new byte[16];
for (var i = 0; i < pt.Length; i++)
{
pt[i] = 0xD6;
}
var ct = new byte[pt.Length + a.TagSize];
Assert.False(a.Decrypt(k, new Nonce(0, a.NonceSize), ReadOnlySpan <byte> .Empty, ct, pt));
Assert.Equal(new byte[pt.Length], pt);
}
}
public static void DecryptWithAdOverlapping(AeadAlgorithm a)
{
using (var k = new Key(a))
{
var n = new Nonce(Utilities.RandomBytes.Slice(0, a.NonceSize), 0);
var b = Utilities.RandomBytes.Slice(0, L);
var expected = b.ToArray();
var actual = Utilities.RandomBytes.Slice(200, L).ToArray();
var ciphertext = a.Encrypt(k, n, actual.AsSpan(10, 100), expected);
Assert.True(a.Decrypt(k, n, actual.AsSpan(10, 100), ciphertext, actual));
Assert.Equal(expected, actual);
}
}
public string Decrypt(byte[] cipherText, EncryptorKey encryptorKey)
{
aeadAlgorithm.Decrypt(encryptorKey.Key, encryptorKey.Nonce, null, cipherText, out byte[] byteText);
return(Encoding.UTF8.GetString(byteText));
}
public static void DecryptWithSpanWithNullKey(AeadAlgorithm a)
{
Assert.Throws <ArgumentNullException>("key", () => a.Decrypt(null, default(Nonce), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty, Span <byte> .Empty));
}