public void DecryptOutOfOrder() { NetMQMessage plain1 = new NetMQMessage(); plain1.Append("1"); NetMQMessage plain2 = new NetMQMessage(); plain2.Append("2"); NetMQMessage cipher1 = m_clientSecureChannel.EncryptApplicationMessage(plain1); NetMQMessage cipher2 = m_clientSecureChannel.EncryptApplicationMessage(plain2); int offset; List <NetMQMessage> sslMessages; bool result = m_serverSecureChannel.ResolveRecordLayer(cipher1.First.Buffer, out offset, out sslMessages); Assert.AreEqual(sslMessages.Count, 1); cipher1 = sslMessages[0]; result = m_serverSecureChannel.ResolveRecordLayer(cipher2.First.Buffer, out offset, out sslMessages); Assert.AreEqual(sslMessages.Count, 1); cipher2 = sslMessages[0]; NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_serverSecureChannel.DecryptApplicationMessage(cipher2)); Assert.AreEqual(NetMQSecurityErrorCode.MACNotMatched, exception.ErrorCode); exception = Assert.Throws <NetMQSecurityException>(() => m_serverSecureChannel.DecryptApplicationMessage(cipher1)); Assert.AreEqual(NetMQSecurityErrorCode.MACNotMatched, exception.ErrorCode); }
public void ReplayAttach() { NetMQMessage plainMessage = new NetMQMessage(); NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage); // make a copy of the message because the method alter the current message NetMQMessage cipherMessageCopy = new NetMQMessage(cipherMessage); int offset; List <NetMQMessage> sslMessages; bool result = m_clientSecureChannel.ResolveRecordLayer(cipherMessage.First.Buffer, out offset, out sslMessages); Assert.AreEqual(sslMessages.Count, 1); cipherMessage = sslMessages[0]; m_clientSecureChannel.DecryptApplicationMessage(cipherMessage); cipherMessage = new NetMQMessage(cipherMessageCopy); result = m_clientSecureChannel.ResolveRecordLayer(cipherMessage.First.Buffer, out offset, out sslMessages); Assert.AreEqual(sslMessages.Count, 1); cipherMessage = sslMessages[0]; NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessage)); Assert.AreEqual(NetMQSecurityErrorCode.MACNotMatched, exception.ErrorCode); }
public void DecryptingOldMessage() { NetMQMessage plainMessage = new NetMQMessage(); NetMQMessage cipherMessageCopy = m_serverSecureChannel.EncryptApplicationMessage(plainMessage); NetMQMessage cipherMessage = new NetMQMessage(cipherMessageCopy); // copy of the first message, we are actually never try to decrypt the first message // (to make sure the exception is because of the old message and not because the message was decrypted twice). // the window size is 1024, we to decrypt 1024 messages before trying to decrypt the old message bool changeCipherSepc = m_serverSecureChannel.ChangeSuiteChangeArrived; int offset; List <NetMQMessage> sslMessages; for (int i = 0; i < 1025; i++) { m_clientSecureChannel.ResolveRecordLayer(cipherMessage.First.Buffer, out offset, out sslMessages); Assert.AreEqual(sslMessages.Count, 1); cipherMessage = sslMessages[0]; m_clientSecureChannel.DecryptApplicationMessage(cipherMessage); cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage); } cipherMessage = cipherMessageCopy; bool result = m_clientSecureChannel.ResolveRecordLayer(cipherMessage.First.Buffer, out offset, out sslMessages); Assert.AreEqual(sslMessages.Count, 1); cipherMessage = sslMessages[0]; NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessage)); Assert.AreEqual(NetMQSecurityErrorCode.MACNotMatched, exception.ErrorCode); }
public void ChangeEncryptedFrameLength() { NetMQMessage plainMessage = new NetMQMessage(); plainMessage.Append("Hello"); NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage); int offset; List <NetMQMessage> sslMessages; bool result = m_clientSecureChannel.ResolveRecordLayer(cipherMessage.First.Buffer, out offset, out sslMessages); Assert.AreEqual(sslMessages.Count, 1); cipherMessage = sslMessages[0]; cipherMessage.RemoveFrame(cipherMessage.Last); // appending new frame with length different then block size cipherMessage.Append("ChangeEncryptedFrame"); NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessage)); Assert.AreEqual(NetMQSecurityErrorCode.EncryptedFrameInvalidLength, exception.ErrorCode); }
public void ChangeThePadding() { NetMQMessage plainMessage = new NetMQMessage(); plainMessage.Append("Hello"); NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage); cipherMessage.Last.Buffer[15]++; NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessage)); Assert.AreEqual(NetMQSecurityErrorCode.MACNotMatched, exception.ErrorCode); }
public void ReplayAttach() { NetMQMessage plainMessage = new NetMQMessage(); NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage); // make a copy of the message because the method alter the current message NetMQMessage cipherMessageCopy = new NetMQMessage(cipherMessage); m_clientSecureChannel.DecryptApplicationMessage(cipherMessage); NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessageCopy)); Assert.AreEqual(NetMQSecurityErrorCode.ReplayAttack, exception.ErrorCode); }
public void WrongFramesCount() { NetMQMessage plainMessage = new NetMQMessage(); plainMessage.Append("Hello"); NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage); // remove the first frame cipherMessage.RemoveFrame(cipherMessage.Last); NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessage)); Assert.AreEqual(NetMQSecurityErrorCode.EncryptedFramesMissing, exception.ErrorCode); }
public void WrongProtocolVersion() { NetMQMessage plainMessage = new NetMQMessage(); plainMessage.Append("Hello"); NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage); // changing the protocol version cipherMessage[0].Buffer[0] = 99; NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessage)); Assert.AreEqual(exception.ErrorCode, NetMQSecurityErrorCode.InvalidProtocolVersion); }
public void ChangeEncryptedFrameLength() { NetMQMessage plainMessage = new NetMQMessage(); plainMessage.Append("Hello"); NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage); cipherMessage.RemoveFrame(cipherMessage.Last); // appending new frame with length different then block size cipherMessage.Append("Hello"); NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessage)); Assert.AreEqual(NetMQSecurityErrorCode.EncryptedFrameInvalidLength, exception.ErrorCode); }
public void ReorderFrames() { NetMQMessage plainMessage = new NetMQMessage(); plainMessage.Append("Hello"); plainMessage.Append("World"); NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage); int offset; List <NetMQMessage> sslMessages; bool result = m_clientSecureChannel.ResolveRecordLayer(cipherMessage.First.Buffer, out offset, out sslMessages); Assert.AreEqual(sslMessages.Count, 1); cipherMessage = sslMessages[0]; NetMQMessage temp = new NetMQMessage(cipherMessage.FrameCount); while (cipherMessage.FrameCount > 4) { temp.Append(cipherMessage.Pop()); } NetMQFrame oneBeforeLastLengthFrame = cipherMessage.Pop(); NetMQFrame oneBeforeLastFrame = cipherMessage.Pop(); NetMQFrame lastLengthFrame = cipherMessage.Pop(); NetMQFrame lastFrame = cipherMessage.Pop(); temp.Append(lastLengthFrame); temp.Append(lastFrame); temp.Append(oneBeforeLastLengthFrame); temp.Append(oneBeforeLastFrame); cipherMessage = temp; NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessage)); Assert.AreEqual(NetMQSecurityErrorCode.MACNotMatched, exception.ErrorCode); }
public void DecryptingOldMessage() { NetMQMessage plainMessage = new NetMQMessage(); NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage); // copy of the first message, we are actually never try to decrypt the first message // (to make sure the exception is because of the old message and not because the message was decrypted twice). NetMQMessage cipherMessageCopy = new NetMQMessage(cipherMessage); // the window size is 1024, we to decrypt 1024 messages before trying to decrypt the old message for (int i = 0; i < 1025; i++) { plainMessage = new NetMQMessage(); cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage); m_clientSecureChannel.DecryptApplicationMessage(cipherMessage); } NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessageCopy)); Assert.AreEqual(NetMQSecurityErrorCode.ReplayAttack, exception.ErrorCode); }
public void ChangeThePadding() { NetMQMessage plainMessage = new NetMQMessage(); plainMessage.Append("Hello"); NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage); int offset; List <NetMQMessage> sslMessages; bool result = m_clientSecureChannel.ResolveRecordLayer(cipherMessage.First.Buffer, out offset, out sslMessages); Assert.AreEqual(sslMessages.Count, 1); cipherMessage = sslMessages[0]; cipherMessage.Last.Buffer[15]++; NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessage)); Assert.AreEqual(NetMQSecurityErrorCode.MACNotMatched, exception.ErrorCode); }
public void WrongProtocolVersion() { NetMQMessage plainMessage = new NetMQMessage(); plainMessage.Append("Hello"); NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage); int offset; List <NetMQMessage> sslMessages; bool result = m_clientSecureChannel.ResolveRecordLayer(cipherMessage.First.Buffer, out offset, out sslMessages); Assert.AreEqual(sslMessages.Count, 1); cipherMessage = sslMessages[0]; // changing the protocol version cipherMessage[1].Buffer[0] = 99; NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessage)); Assert.AreEqual(exception.ErrorCode, NetMQSecurityErrorCode.InvalidProtocolVersion); }
public void ReorderFrames() { NetMQMessage plainMessage = new NetMQMessage(); plainMessage.Append("Hello"); plainMessage.Append("World"); NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage); NetMQFrame lastFrame = cipherMessage.Last; cipherMessage.RemoveFrame(lastFrame); NetMQFrame oneBeforeLastFrame = cipherMessage.Last; cipherMessage.RemoveFrame(oneBeforeLastFrame); cipherMessage.Append(lastFrame); cipherMessage.Append(oneBeforeLastFrame); NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessage)); Assert.AreEqual(NetMQSecurityErrorCode.MACNotMatched, exception.ErrorCode); }
public void WrongFramesCount() { NetMQMessage plainMessage = new NetMQMessage(); plainMessage.Append("Hello"); NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage); int offset; List <NetMQMessage> sslMessages; bool result = m_clientSecureChannel.ResolveRecordLayer(cipherMessage.First.Buffer, out offset, out sslMessages); Assert.AreEqual(sslMessages.Count, 1); cipherMessage = sslMessages[0]; // remove the first frame cipherMessage.RemoveFrame(cipherMessage.Last); cipherMessage.RemoveFrame(cipherMessage.Last); cipherMessage.RemoveFrame(cipherMessage.Last); NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessage)); Assert.AreEqual(NetMQSecurityErrorCode.InvalidFramesCount, exception.ErrorCode); }