public static void TestComparisons() { AesKey key1 = new AesKey(new byte[] { 5, 6, 7, 8, 2, 4, 55, 77, 34, 65, 89, 12, 45, 87, 54, 255 }); AesKey key2 = new AesKey(new byte[] { 5, 6, 7, 8, 2, 4, 55, 77, 34, 65, 89, 12, 45, 87, 54, 255 }); KeyWrapSalt salt1 = new KeyWrapSalt(AesKey.DefaultKeyLength); KeyWrapSalt salt2 = new KeyWrapSalt(AesKey.DefaultKeyLength); AesKeyThumbprint thumbprint1a = new AesKeyThumbprint(key1, salt1, 13); AesKeyThumbprint thumbprint1a_alias = thumbprint1a; AesKeyThumbprint thumbprint1b = new AesKeyThumbprint(key1, salt2, 25); AesKeyThumbprint thumbprint2a = new AesKeyThumbprint(key2, salt2, 25); AesKeyThumbprint thumbprint2b = new AesKeyThumbprint(key2, salt1, 13); AesKeyThumbprint nullThumbprint = null; Assert.That(thumbprint1a == thumbprint1a_alias, "Same instance should of course compare equal."); Assert.That(nullThumbprint != thumbprint1a, "A null should not compare equal to any other instance."); Assert.That(thumbprint1a != nullThumbprint, "A null should not compare equal to any other instance."); Assert.That(thumbprint1a == thumbprint2b, "Same raw key and salt, but different instance, should compare equal."); Assert.That(thumbprint1b == thumbprint2a, "Same raw key and salt, but different instance, should compare equal."); Assert.That(thumbprint1a != thumbprint1b, "Same raw key but different salt, should compare inequal."); Assert.That(thumbprint2a != thumbprint2b, "Same raw key but different salt, should compare inequal."); object object1a = thumbprint1a; object object2b = thumbprint2b; Assert.That(object1a.Equals(nullThumbprint), Is.False, "An instance does not equals null."); Assert.That(object1a.Equals(object2b), Is.True, "The two instances are equivalent."); object badTypeObject = key1; Assert.That(object1a.Equals(badTypeObject), Is.False, "The object being compared to is of the wrong type."); }
public byte[] UnwrapMasterKey(AesKey keyEncryptingKey, byte fileVersionMajor) { byte[] wrappedKeyData = GetKeyData(); KeyWrapSalt salt = Salt; if (fileVersionMajor <= 1) { // Due to a bug in 1.1 and earlier we only used a truncated part of the key and salt :-( // Compensate for this here. Users should be warned if FileVersionMajor <= 1 . byte[] badKey = new byte[keyEncryptingKey.Length]; Array.Copy(keyEncryptingKey.GetBytes(), 0, badKey, 0, 4); keyEncryptingKey = new AesKey(badKey); byte[] badSalt = new byte[salt.Length]; Array.Copy(salt.GetBytes(), 0, badSalt, 0, 4); salt = new KeyWrapSalt(badSalt); } byte[] unwrappedKeyData; using (KeyWrap keyWrap = new KeyWrap(keyEncryptingKey, salt, Iterations, KeyWrapMode.AxCrypt)) { unwrappedKeyData = keyWrap.Unwrap(wrappedKeyData); } return(unwrappedKeyData); }
public static void TestMethodsEtc() { KeyWrapSalt salt = null; Assert.DoesNotThrow(() => { salt = new KeyWrapSalt(16); Assert.That(salt.Length, Is.EqualTo(16), "The length should be what was asked for."); Assert.That(salt.GetBytes(), Is.Not.EquivalentTo(new byte[16]), "A random salt is not likely to be all zeros."); salt = new KeyWrapSalt(24); Assert.That(salt.Length, Is.EqualTo(24), "The length should be what was asked for."); Assert.That(salt.GetBytes(), Is.Not.EquivalentTo(new byte[24]), "A random salt is not likely to be all zeros."); salt = new KeyWrapSalt(32); Assert.That(salt.Length, Is.EqualTo(32), "The length should be what was asked for."); Assert.That(salt.GetBytes(), Is.Not.EquivalentTo(new byte[32]), "A random salt is not likely to be all zeros."); salt = new KeyWrapSalt(new byte[16]); Assert.That(salt.GetBytes(), Is.EquivalentTo(new byte[16]), "A salt with all zeros was requested."); salt = new KeyWrapSalt(new byte[24]); Assert.That(salt.GetBytes(), Is.EquivalentTo(new byte[24]), "A salt with all zeros was requested."); salt = new KeyWrapSalt(new byte[32]); Assert.That(salt.GetBytes(), Is.EquivalentTo(new byte[32]), "A salt with all zeros was requested."); salt = new KeyWrapSalt(new byte[0]); Assert.That(salt.Length, Is.EqualTo(0), "As a special case, zero length salt is supported - equivalent to no salt."); } ); Assert.Throws <ArgumentNullException>(() => { salt = new KeyWrapSalt(null); }); Assert.Throws <InternalErrorException>(() => { salt = new KeyWrapSalt(0); }); Assert.Throws <InternalErrorException>(() => { salt = new KeyWrapSalt(-16); }); Assert.Throws <InternalErrorException>(() => { salt = new KeyWrapSalt(48); }); Assert.Throws <InternalErrorException>(() => { salt = new KeyWrapSalt(new byte[12]); }); }
public void RewrapMasterKey(AesKey masterKey, AesKey keyEncryptingKey) { KeyWrapSalt salt = new KeyWrapSalt(keyEncryptingKey.Length); using (KeyWrap keyWrap = new KeyWrap(keyEncryptingKey, salt, Iterations, KeyWrapMode.AxCrypt)) { byte[] wrappedKeyData = keyWrap.Wrap(masterKey); Set(wrappedKeyData, salt, Iterations); } }
private void Initialize(AesKey keyEncryptingKey) { AesKey masterKey = new AesKey(); long iterations = OS.Current.KeyWrapIterations; KeyWrapSalt salt = new KeyWrapSalt(keyEncryptingKey.Length); using (KeyWrap keyWrap = new KeyWrap(keyEncryptingKey, salt, iterations, KeyWrapMode.AxCrypt)) { byte[] wrappedKeyData = keyWrap.Wrap(masterKey); Set(wrappedKeyData, salt, iterations); } }
public static void TestInvalidArguments() { AesKey nullKey = null; KeyWrapSalt nullSalt = null; Assert.Throws <ArgumentNullException>(() => { if (new AesKeyThumbprint(nullKey, new KeyWrapSalt(16), 10) == null) { } }); Assert.Throws <ArgumentNullException>(() => { if (new AesKeyThumbprint(new AesKey(), nullSalt, 10) == null) { } }); }
public static void TestGetHashCode() { AesKey key1 = new AesKey(new byte[] { 5, 6, 7, 8, 2, 4, 55, 77, 34, 65, 89, 12, 45, 87, 54, 255 }); AesKey key2 = new AesKey(new byte[] { 5, 6, 7, 8, 2, 4, 55, 77, 34, 65, 89, 12, 45, 87, 54, 255 }); KeyWrapSalt salt1 = new KeyWrapSalt(AesKey.DefaultKeyLength); KeyWrapSalt salt2 = new KeyWrapSalt(AesKey.DefaultKeyLength); AesKeyThumbprint thumbprint1a = new AesKeyThumbprint(key1, salt1, 17); AesKeyThumbprint thumbprint1b = new AesKeyThumbprint(key1, salt2, 17); AesKeyThumbprint thumbprint2a = new AesKeyThumbprint(key2, salt2, 17); Assert.That(thumbprint1a.GetHashCode() != thumbprint1b.GetHashCode(), "The salt is different, so the hash code should be different."); Assert.That(thumbprint1b.GetHashCode() == thumbprint2a.GetHashCode(), "The keys are equivalent, and the salt the same, so the hash code should be different."); }
public static void TestAesKeyThumbprintMethods() { AesKey key1 = new AesKey(new byte[] { 5, 6, 7, 8, 2, 4, 55, 77, 34, 65, 89, 12, 45, 87, 54, 255 }); AesKey key2 = new AesKey(new byte[] { 5, 6, 7, 8, 2, 4, 55, 77, 34, 65, 89, 12, 45, 87, 54, 255 }); KeyWrapSalt salt1 = new KeyWrapSalt(16); KeyWrapSalt salt2 = new KeyWrapSalt(salt1.GetBytes()); AesKeyThumbprint thumbprint1 = new AesKeyThumbprint(key1, salt1, 10); AesKeyThumbprint thumbprint2 = new AesKeyThumbprint(key2, salt2, 10); Assert.That(thumbprint1 == thumbprint2, "Two thumb prints made from the same key and salt bytes, although different AesKey instances should be equivalent."); AesKeyThumbprint thumbprint3 = new AesKeyThumbprint(new AesKey(), new KeyWrapSalt(AesKey.DefaultKeyLength), 10); Assert.That(thumbprint2 != thumbprint3, "Two very different keys and salts should not be equivalent."); }
public void TestWrapAndUnwrapAxCryptMode() { AesKey keyToWrap = new AesKey(new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }); AesKey keyEncryptingKey = new AesKey(new byte[] { 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 }); KeyWrapSalt salt = new KeyWrapSalt(new byte[] { 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31 }); long iterations = 12345; byte[] wrapped; using (KeyWrap keyWrap = new KeyWrap(keyEncryptingKey, salt, iterations, KeyWrapMode.AxCrypt)) { wrapped = keyWrap.Wrap(keyToWrap); } byte[] unwrapped; using (KeyWrap keyWrap = new KeyWrap(keyEncryptingKey, salt, iterations, KeyWrapMode.AxCrypt)) { unwrapped = keyWrap.Unwrap(wrapped); } Assert.That(unwrapped, Is.EquivalentTo(keyToWrap.GetBytes()), "The unwrapped data should be equal to original."); }
protected void Set(byte[] wrapped, KeyWrapSalt salt, long iterations) { if (wrapped == null) { throw new ArgumentNullException("wrapped"); } if (wrapped.Length != 16 + 8) { throw new ArgumentException("wrapped must be 128 bits + 8 bytes."); } if (salt == null) { throw new ArgumentNullException("salt"); } if (salt.Length != 16) { throw new ArgumentException("salt must have same length as the wrapped key, i.e. 128 bits."); } Array.Copy(wrapped, 0, GetDataBlockBytesReference(), 0, wrapped.Length); Array.Copy(salt.GetBytes(), 0, GetDataBlockBytesReference(), 16 + 8, salt.Length); byte[] iterationsBytes = iterations.GetLittleEndianBytes(); Array.Copy(iterationsBytes, 0, GetDataBlockBytesReference(), 16 + 8 + 16, sizeof(uint)); }
public static void TestSetBadArguments() { KeyWrap1HeaderBlockForTest keyWrap1HeaderBlock = new KeyWrap1HeaderBlockForTest(new AesKey()); KeyWrapSalt okSalt = new KeyWrapSalt(16); KeyWrapSalt badSalt = new KeyWrapSalt(32); Assert.Throws <ArgumentNullException>(() => { keyWrap1HeaderBlock.SetValuesDirect(null, okSalt, 100); }); Assert.Throws <ArgumentException>(() => { keyWrap1HeaderBlock.SetValuesDirect(new byte[0], okSalt, 100); }); Assert.Throws <ArgumentException>(() => { keyWrap1HeaderBlock.SetValuesDirect(new byte[16], okSalt, 100); }); Assert.Throws <ArgumentException>(() => { keyWrap1HeaderBlock.SetValuesDirect(new byte[32], okSalt, 100); }); Assert.Throws <ArgumentNullException>(() => { keyWrap1HeaderBlock.SetValuesDirect(new byte[24], null, 100); }); Assert.Throws <ArgumentException>(() => { keyWrap1HeaderBlock.SetValuesDirect(new byte[24], badSalt, 100); }); }
public void SetValuesDirect(byte[] wrapped, KeyWrapSalt salt, long iterations) { Set(wrapped, salt, iterations); }