public void DecryptOutOfOrder()
{
NetMQMessage plain1 = new NetMQMessage();
plain1.Append("1");
NetMQMessage plain2 = new NetMQMessage();
plain2.Append("2");
NetMQMessage cipher1 = m_clientSecureChannel.EncryptApplicationMessage(plain1);
NetMQMessage cipher2 = m_clientSecureChannel.EncryptApplicationMessage(plain2);
int offset;
List <NetMQMessage> sslMessages;
bool result = m_serverSecureChannel.ResolveRecordLayer(cipher1.First.Buffer, out offset, out sslMessages);
Assert.AreEqual(sslMessages.Count, 1);
cipher1 = sslMessages[0];
result = m_serverSecureChannel.ResolveRecordLayer(cipher2.First.Buffer, out offset, out sslMessages);
Assert.AreEqual(sslMessages.Count, 1);
cipher2 = sslMessages[0];
NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_serverSecureChannel.DecryptApplicationMessage(cipher2));
Assert.AreEqual(NetMQSecurityErrorCode.MACNotMatched, exception.ErrorCode);
exception = Assert.Throws <NetMQSecurityException>(() => m_serverSecureChannel.DecryptApplicationMessage(cipher1));
Assert.AreEqual(NetMQSecurityErrorCode.MACNotMatched, exception.ErrorCode);
}
public void ReplayAttach()
{
NetMQMessage plainMessage = new NetMQMessage();
NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage);
// make a copy of the message because the method alter the current message
NetMQMessage cipherMessageCopy = new NetMQMessage(cipherMessage);
int offset;
List <NetMQMessage> sslMessages;
bool result = m_clientSecureChannel.ResolveRecordLayer(cipherMessage.First.Buffer, out offset, out sslMessages);
Assert.AreEqual(sslMessages.Count, 1);
cipherMessage = sslMessages[0];
m_clientSecureChannel.DecryptApplicationMessage(cipherMessage);
cipherMessage = new NetMQMessage(cipherMessageCopy);
result = m_clientSecureChannel.ResolveRecordLayer(cipherMessage.First.Buffer, out offset, out sslMessages);
Assert.AreEqual(sslMessages.Count, 1);
cipherMessage = sslMessages[0];
NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessage));
Assert.AreEqual(NetMQSecurityErrorCode.MACNotMatched, exception.ErrorCode);
}
public void DecryptingOldMessage()
{
NetMQMessage plainMessage = new NetMQMessage();
NetMQMessage cipherMessageCopy = m_serverSecureChannel.EncryptApplicationMessage(plainMessage);
NetMQMessage cipherMessage = new NetMQMessage(cipherMessageCopy);
// copy of the first message, we are actually never try to decrypt the first message
// (to make sure the exception is because of the old message and not because the message was decrypted twice).
// the window size is 1024, we to decrypt 1024 messages before trying to decrypt the old message
bool changeCipherSepc = m_serverSecureChannel.ChangeSuiteChangeArrived;
int offset;
List <NetMQMessage> sslMessages;
for (int i = 0; i < 1025; i++)
{
m_clientSecureChannel.ResolveRecordLayer(cipherMessage.First.Buffer, out offset, out sslMessages);
Assert.AreEqual(sslMessages.Count, 1);
cipherMessage = sslMessages[0];
m_clientSecureChannel.DecryptApplicationMessage(cipherMessage);
cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage);
}
cipherMessage = cipherMessageCopy;
bool result = m_clientSecureChannel.ResolveRecordLayer(cipherMessage.First.Buffer, out offset, out sslMessages);
Assert.AreEqual(sslMessages.Count, 1);
cipherMessage = sslMessages[0];
NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessage));
Assert.AreEqual(NetMQSecurityErrorCode.MACNotMatched, exception.ErrorCode);
}
public void ChangeEncryptedFrameLength()
{
NetMQMessage plainMessage = new NetMQMessage();
plainMessage.Append("Hello");
NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage);
int offset;
List <NetMQMessage> sslMessages;
bool result = m_clientSecureChannel.ResolveRecordLayer(cipherMessage.First.Buffer, out offset, out sslMessages);
Assert.AreEqual(sslMessages.Count, 1);
cipherMessage = sslMessages[0];
cipherMessage.RemoveFrame(cipherMessage.Last);
// appending new frame with length different then block size
cipherMessage.Append("ChangeEncryptedFrame");
NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessage));
Assert.AreEqual(NetMQSecurityErrorCode.EncryptedFrameInvalidLength, exception.ErrorCode);
}
public void ChangeThePadding()
{
NetMQMessage plainMessage = new NetMQMessage();
plainMessage.Append("Hello");
NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage);
cipherMessage.Last.Buffer[15]++;
NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessage));
Assert.AreEqual(NetMQSecurityErrorCode.MACNotMatched, exception.ErrorCode);
}
public void ReplayAttach()
{
NetMQMessage plainMessage = new NetMQMessage();
NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage);
// make a copy of the message because the method alter the current message
NetMQMessage cipherMessageCopy = new NetMQMessage(cipherMessage);
m_clientSecureChannel.DecryptApplicationMessage(cipherMessage);
NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessageCopy));
Assert.AreEqual(NetMQSecurityErrorCode.ReplayAttack, exception.ErrorCode);
}
public void WrongFramesCount()
{
NetMQMessage plainMessage = new NetMQMessage();
plainMessage.Append("Hello");
NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage);
// remove the first frame
cipherMessage.RemoveFrame(cipherMessage.Last);
NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessage));
Assert.AreEqual(NetMQSecurityErrorCode.EncryptedFramesMissing, exception.ErrorCode);
}
public void WrongProtocolVersion()
{
NetMQMessage plainMessage = new NetMQMessage();
plainMessage.Append("Hello");
NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage);
// changing the protocol version
cipherMessage[0].Buffer[0] = 99;
NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessage));
Assert.AreEqual(exception.ErrorCode, NetMQSecurityErrorCode.InvalidProtocolVersion);
}
public void ChangeEncryptedFrameLength()
{
NetMQMessage plainMessage = new NetMQMessage();
plainMessage.Append("Hello");
NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage);
cipherMessage.RemoveFrame(cipherMessage.Last);
// appending new frame with length different then block size
cipherMessage.Append("Hello");
NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessage));
Assert.AreEqual(NetMQSecurityErrorCode.EncryptedFrameInvalidLength, exception.ErrorCode);
}
public void ReorderFrames()
{
NetMQMessage plainMessage = new NetMQMessage();
plainMessage.Append("Hello");
plainMessage.Append("World");
NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage);
int offset;
List <NetMQMessage> sslMessages;
bool result = m_clientSecureChannel.ResolveRecordLayer(cipherMessage.First.Buffer, out offset, out sslMessages);
Assert.AreEqual(sslMessages.Count, 1);
cipherMessage = sslMessages[0];
NetMQMessage temp = new NetMQMessage(cipherMessage.FrameCount);
while (cipherMessage.FrameCount > 4)
{
temp.Append(cipherMessage.Pop());
}
NetMQFrame oneBeforeLastLengthFrame = cipherMessage.Pop();
NetMQFrame oneBeforeLastFrame = cipherMessage.Pop();
NetMQFrame lastLengthFrame = cipherMessage.Pop();
NetMQFrame lastFrame = cipherMessage.Pop();
temp.Append(lastLengthFrame);
temp.Append(lastFrame);
temp.Append(oneBeforeLastLengthFrame);
temp.Append(oneBeforeLastFrame);
cipherMessage = temp;
NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessage));
Assert.AreEqual(NetMQSecurityErrorCode.MACNotMatched, exception.ErrorCode);
}
public void DecryptingOldMessage()
{
NetMQMessage plainMessage = new NetMQMessage();
NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage);
// copy of the first message, we are actually never try to decrypt the first message
// (to make sure the exception is because of the old message and not because the message was decrypted twice).
NetMQMessage cipherMessageCopy = new NetMQMessage(cipherMessage);
// the window size is 1024, we to decrypt 1024 messages before trying to decrypt the old message
for (int i = 0; i < 1025; i++)
{
plainMessage = new NetMQMessage();
cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage);
m_clientSecureChannel.DecryptApplicationMessage(cipherMessage);
}
NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessageCopy));
Assert.AreEqual(NetMQSecurityErrorCode.ReplayAttack, exception.ErrorCode);
}
public void ChangeThePadding()
{
NetMQMessage plainMessage = new NetMQMessage();
plainMessage.Append("Hello");
NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage);
int offset;
List <NetMQMessage> sslMessages;
bool result = m_clientSecureChannel.ResolveRecordLayer(cipherMessage.First.Buffer, out offset, out sslMessages);
Assert.AreEqual(sslMessages.Count, 1);
cipherMessage = sslMessages[0];
cipherMessage.Last.Buffer[15]++;
NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessage));
Assert.AreEqual(NetMQSecurityErrorCode.MACNotMatched, exception.ErrorCode);
}
public void WrongProtocolVersion()
{
NetMQMessage plainMessage = new NetMQMessage();
plainMessage.Append("Hello");
NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage);
int offset;
List <NetMQMessage> sslMessages;
bool result = m_clientSecureChannel.ResolveRecordLayer(cipherMessage.First.Buffer, out offset, out sslMessages);
Assert.AreEqual(sslMessages.Count, 1);
cipherMessage = sslMessages[0];
// changing the protocol version
cipherMessage[1].Buffer[0] = 99;
NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessage));
Assert.AreEqual(exception.ErrorCode, NetMQSecurityErrorCode.InvalidProtocolVersion);
}
public void ReorderFrames()
{
NetMQMessage plainMessage = new NetMQMessage();
plainMessage.Append("Hello");
plainMessage.Append("World");
NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage);
NetMQFrame lastFrame = cipherMessage.Last;
cipherMessage.RemoveFrame(lastFrame);
NetMQFrame oneBeforeLastFrame = cipherMessage.Last;
cipherMessage.RemoveFrame(oneBeforeLastFrame);
cipherMessage.Append(lastFrame);
cipherMessage.Append(oneBeforeLastFrame);
NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessage));
Assert.AreEqual(NetMQSecurityErrorCode.MACNotMatched, exception.ErrorCode);
}
public void WrongFramesCount()
{
NetMQMessage plainMessage = new NetMQMessage();
plainMessage.Append("Hello");
NetMQMessage cipherMessage = m_serverSecureChannel.EncryptApplicationMessage(plainMessage);
int offset;
List <NetMQMessage> sslMessages;
bool result = m_clientSecureChannel.ResolveRecordLayer(cipherMessage.First.Buffer, out offset, out sslMessages);
Assert.AreEqual(sslMessages.Count, 1);
cipherMessage = sslMessages[0];
// remove the first frame
cipherMessage.RemoveFrame(cipherMessage.Last);
cipherMessage.RemoveFrame(cipherMessage.Last);
cipherMessage.RemoveFrame(cipherMessage.Last);
NetMQSecurityException exception = Assert.Throws <NetMQSecurityException>(() => m_clientSecureChannel.DecryptApplicationMessage(cipherMessage));
Assert.AreEqual(NetMQSecurityErrorCode.InvalidFramesCount, exception.ErrorCode);
}
