private static void AddDecryptMismatchTheoryData(
string testId,
SymmetricSecurityKey decryptKey,
SymmetricSecurityKey encryptkey,
string decryptAlgorithm,
string encryptAlgorithm,
ExpectedException ee,
TheoryData <AuthenticatedEncryptionTestParams> theoryData)
{
var authenticatedData = Guid.NewGuid().ToByteArray();
var plainText = Guid.NewGuid().ToByteArray();
var provider = new AuthenticatedEncryptionProvider(encryptkey, encryptAlgorithm);
var results = provider.Encrypt(plainText, authenticatedData);
theoryData.Add(new AuthenticatedEncryptionTestParams
{
AuthenticatedData = authenticatedData,
DecryptAlgorithm = decryptAlgorithm,
DecryptKey = decryptKey,
EE = ee,
EncryptionResults = results,
Provider = new AuthenticatedEncryptionProvider(decryptKey, decryptAlgorithm),
TestId = testId
});
}
public void DecryptVirtual()
{
var provider = new AuthenticatedEncryptionProvider(Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes128CbcHmacSha256);
var authenticatedData = Guid.NewGuid().ToByteArray();
var results = provider.Encrypt(Guid.NewGuid().ToByteArray(), authenticatedData);
var derivedProvider = new DerivedAuthenticatedEncryptionProvider(Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes128CbcHmacSha256);
derivedProvider.Decrypt(results.Ciphertext, authenticatedData, results.IV, results.AuthenticationTag);
Assert.True(derivedProvider.DecryptCalled);
}
private static void AddDecryptParameterCheckTheoryData(string testId, byte[] authenticatedData, byte[] authenticationTag, byte[] cipherText, byte[] iv, TheoryData <AuthenticatedEncryptionTestParams> theoryData)
{
var provider = new AuthenticatedEncryptionProvider(Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes128CbcHmacSha256);
theoryData.Add(new AuthenticatedEncryptionTestParams
{
AuthenticatedData = authenticatedData,
EE = ExpectedException.ArgumentNullException(),
EncryptionResults = new AuthenticatedEncryptionResult(Default.SymmetricEncryptionKey256, cipherText, iv, authenticationTag),
Provider = provider,
TestId = testId
});
}
private static void AddEncryptParameterCheckTheoryData(string testId, byte[] authenticatedData, byte[] plainText, TheoryData <AuthenticatedEncryptionTheoryData> theoryData)
{
var provider = new AuthenticatedEncryptionProvider(Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes128CbcHmacSha256);
theoryData.Add(new AuthenticatedEncryptionTheoryData
{
AuthenticatedData = authenticatedData,
ExpectedException = ExpectedException.ArgumentNullException(),
EncryptionResults = new AuthenticatedEncryptionResult(Default.SymmetricEncryptionKey256, new byte[1], new byte[1], new byte[1]),
Plaintext = plainText,
Provider = provider,
TestId = testId
});
}
public void AesGcmEncryptionOnWindows()
{
var context = new CompareContext();
try
{
var provider = new AuthenticatedEncryptionProvider(Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes256Gcm);
}
catch (Exception ex)
{
context.AddDiff($"AuthenticatedEncryptionProvider is not supposed to throw an exception, Exception:{ ex.ToString()}");
}
TestUtilities.AssertFailIfErrors(context);
}
public void AesGcm_Dispose()
{
AuthenticatedEncryptionProvider encryptionProvider = new AuthenticatedEncryptionProvider(Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes256Gcm);
encryptionProvider.Dispose();
var expectedException = ExpectedException.ObjectDisposedException;
try
{
encryptionProvider.Decrypt(AES_256_GCM.E, AES_256_GCM.A, AES_256_GCM.IV, AES_256_GCM.T);
}
catch (Exception ex)
{
expectedException.ProcessException(ex);
}
}
private static byte[] DecryptToken(CryptoProviderFactory cryptoProviderFactory, SecurityKey key, JwtTokenDecryptionParameters decryptionParameters)
{
using (AuthenticatedEncryptionProvider decryptionProvider = cryptoProviderFactory.CreateAuthenticatedEncryptionProvider(key, decryptionParameters.Enc))
{
if (decryptionProvider == null)
{
throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(TokenLogMessages.IDX10610, key, LogHelper.MarkAsNonPII(decryptionParameters.Enc))));
}
return(decryptionProvider.Decrypt(
Base64UrlEncoder.DecodeBytes(decryptionParameters.Ciphertext),
Encoding.ASCII.GetBytes(decryptionParameters.EncodedHeader),
Base64UrlEncoder.DecodeBytes(decryptionParameters.InitializationVector),
Base64UrlEncoder.DecodeBytes(decryptionParameters.AuthenticationTag)));
}
}
#pragma warning restore CS3016 // Arrays as attribute arguments is not CLS-compliant
public void EncryptDecrypt(AuthenticatedEncryptionTestParams theoryParams)
{
try
{
// use a different provider for encrypting and decrypting to ensure key creation / privated vars are set correctly
var encryptionProvider = new AuthenticatedEncryptionProvider(theoryParams.EncryptKey, theoryParams.DecryptAlgorithm);
var decryptionProvider = new AuthenticatedEncryptionProvider(theoryParams.DecryptKey, theoryParams.EncryptAlgorithm);
var results = encryptionProvider.Encrypt(theoryParams.Plaintext, theoryParams.AuthenticatedData);
var cleartext = decryptionProvider.Decrypt(results.Ciphertext, theoryParams.AuthenticatedData, results.IV, results.AuthenticationTag);
Assert.True(Utility.AreEqual(theoryParams.Plaintext, cleartext), "theoryParams.PlainText != clearText");
theoryParams.EE.ProcessNoException();
}
catch (Exception ex)
{
theoryParams.EE.ProcessException(ex);
}
}
#pragma warning restore CS3016 // Arrays as attribute arguments is not CLS-compliant
public void Constructors(string testId, SymmetricSecurityKey key, string algorithm, ExpectedException ee)
{
try
{
var context = Guid.NewGuid().ToString();
var provider = new AuthenticatedEncryptionProvider(key, algorithm)
{
Context = context
};
ee.ProcessNoException();
Assert.Equal(provider.Algorithm, algorithm);
Assert.Equal(provider.Context, context);
Assert.True(ReferenceEquals(provider.Key, key));
}
catch (Exception ex)
{
ee.ProcessException(ex);
}
}
public void EncryptDecrypt(AuthenticatedEncryptionTheoryData theoryData)
{
var context = TestUtilities.WriteHeader($"{this}.EncryptDecrypt", theoryData);
try
{
// use a different provider for encrypting and decrypting to ensure key creation / privated vars are set correctly
var encryptionProvider = new AuthenticatedEncryptionProvider(theoryData.EncryptKey, theoryData.DecryptAlgorithm);
var decryptionProvider = new AuthenticatedEncryptionProvider(theoryData.DecryptKey, theoryData.EncryptAlgorithm);
var results = encryptionProvider.Encrypt(theoryData.Plaintext, theoryData.AuthenticatedData);
var cleartext = decryptionProvider.Decrypt(results.Ciphertext, theoryData.AuthenticatedData, results.IV, results.AuthenticationTag);
Assert.True(Utility.AreEqual(theoryData.Plaintext, cleartext), "theoryParams.PlainText != clearText");
theoryData.ExpectedException.ProcessNoException(context);
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
TestUtilities.AssertFailIfErrors(context);
}
private static void AddDecryptTamperedTheoryData(string testId, SymmetricSecurityKey key, string algorithm, TheoryData <AuthenticatedEncryptionTestParams> theoryData)
{
var authenticatedData = Guid.NewGuid().ToByteArray();
var plainText = Guid.NewGuid().ToByteArray();
var provider = new AuthenticatedEncryptionProvider(key, algorithm);
var results = provider.Encrypt(plainText, authenticatedData);
theoryData.Add(new AuthenticatedEncryptionTestParams
{
AuthenticatedData = Guid.NewGuid().ToByteArray(),
DecryptAlgorithm = algorithm,
DecryptKey = key,
EE = ExpectedException.SecurityTokenDecryptionFailedException("IDX10650:"),
EncryptAlgorithm = algorithm,
EncryptKey = key,
EncryptionResults = results,
Provider = provider,
TestId = "AddDecryptTheoryData1_" + testId
});
results = provider.Encrypt(plainText, authenticatedData);
TestUtilities.XORBytes(results.IV);
theoryData.Add(new AuthenticatedEncryptionTestParams
{
AuthenticatedData = authenticatedData,
DecryptAlgorithm = algorithm,
DecryptKey = key,
EE = ExpectedException.SecurityTokenDecryptionFailedException("IDX10650:"),
EncryptAlgorithm = algorithm,
EncryptKey = key,
EncryptionResults = results,
Provider = provider,
TestId = "AddDecryptTheoryData2_" + testId
});
results = provider.Encrypt(plainText, authenticatedData);
TestUtilities.XORBytes(results.AuthenticationTag);
theoryData.Add(new AuthenticatedEncryptionTestParams
{
AuthenticatedData = authenticatedData,
DecryptAlgorithm = algorithm,
DecryptKey = key,
EE = ExpectedException.SecurityTokenDecryptionFailedException("IDX10650:"),
EncryptAlgorithm = algorithm,
EncryptKey = key,
EncryptionResults = results,
Provider = provider,
TestId = "AddDecryptTheoryData3_" + testId
});
results = provider.Encrypt(plainText, authenticatedData);
TestUtilities.XORBytes(results.Ciphertext);
theoryData.Add(new AuthenticatedEncryptionTestParams
{
AuthenticatedData = authenticatedData,
DecryptAlgorithm = algorithm,
DecryptKey = key,
EE = ExpectedException.SecurityTokenDecryptionFailedException("IDX10650:"),
EncryptAlgorithm = algorithm,
EncryptKey = key,
EncryptionResults = results,
Provider = provider,
TestId = "AddDecryptTheoryData4_" + testId
});
}
