public void Encrypt_Decrypt_Tampering_Fails()
{
// Arrange
Secret kdk = new Secret(new byte[512 / 8]);
CbcAuthenticatedEncryptor encryptor = new CbcAuthenticatedEncryptor(kdk,
symmetricAlgorithmHandle: CachedAlgorithmHandles.AES_CBC,
symmetricAlgorithmKeySizeInBytes: 256 / 8,
hmacAlgorithmHandle: CachedAlgorithmHandles.HMAC_SHA256);
ArraySegment <byte> plaintext = new ArraySegment <byte>(Encoding.UTF8.GetBytes("plaintext"));
ArraySegment <byte> aad = new ArraySegment <byte>(Encoding.UTF8.GetBytes("aad"));
byte[] validCiphertext = encryptor.Encrypt(plaintext, aad);
// Act & assert - 1
// Ciphertext is too short to be a valid payload
byte[] invalidCiphertext_tooShort = new byte[10];
Assert.Throws <CryptographicException>(() =>
{
encryptor.Decrypt(new ArraySegment <byte>(invalidCiphertext_tooShort), aad);
});
// Act & assert - 2
// Ciphertext has been manipulated
byte[] invalidCiphertext_manipulated = (byte[])validCiphertext.Clone();
invalidCiphertext_manipulated[0] ^= 0x01;
Assert.Throws <CryptographicException>(() =>
{
encryptor.Decrypt(new ArraySegment <byte>(invalidCiphertext_manipulated), aad);
});
// Act & assert - 3
// Ciphertext is too long
byte[] invalidCiphertext_tooLong = validCiphertext.Concat(new byte[] { 0 }).ToArray();
Assert.Throws <CryptographicException>(() =>
{
encryptor.Decrypt(new ArraySegment <byte>(invalidCiphertext_tooLong), aad);
});
// Act & assert - 4
// AAD is incorrect
Assert.Throws <CryptographicException>(() =>
{
encryptor.Decrypt(new ArraySegment <byte>(validCiphertext), new ArraySegment <byte>(Encoding.UTF8.GetBytes("different aad")));
});
}
public void Encrypt_Decrypt_Tampering_Fails()
{
// Arrange
Secret kdk = new Secret(new byte[512 / 8]);
CbcAuthenticatedEncryptor encryptor = new CbcAuthenticatedEncryptor(kdk,
symmetricAlgorithmHandle: CachedAlgorithmHandles.AES_CBC,
symmetricAlgorithmKeySizeInBytes: 256 / 8,
hmacAlgorithmHandle: CachedAlgorithmHandles.HMAC_SHA256);
ArraySegment<byte> plaintext = new ArraySegment<byte>(Encoding.UTF8.GetBytes("plaintext"));
ArraySegment<byte> aad = new ArraySegment<byte>(Encoding.UTF8.GetBytes("aad"));
byte[] validCiphertext = encryptor.Encrypt(plaintext, aad);
// Act & assert - 1
// Ciphertext is too short to be a valid payload
byte[] invalidCiphertext_tooShort = new byte[10];
Assert.Throws<CryptographicException>(() =>
{
encryptor.Decrypt(new ArraySegment<byte>(invalidCiphertext_tooShort), aad);
});
// Act & assert - 2
// Ciphertext has been manipulated
byte[] invalidCiphertext_manipulated = (byte[])validCiphertext.Clone();
invalidCiphertext_manipulated[0] ^= 0x01;
Assert.Throws<CryptographicException>(() =>
{
encryptor.Decrypt(new ArraySegment<byte>(invalidCiphertext_manipulated), aad);
});
// Act & assert - 3
// Ciphertext is too long
byte[] invalidCiphertext_tooLong = validCiphertext.Concat(new byte[] { 0 }).ToArray();
Assert.Throws<CryptographicException>(() =>
{
encryptor.Decrypt(new ArraySegment<byte>(invalidCiphertext_tooLong), aad);
});
// Act & assert - 4
// AAD is incorrect
Assert.Throws<CryptographicException>(() =>
{
encryptor.Decrypt(new ArraySegment<byte>(validCiphertext), new ArraySegment<byte>(Encoding.UTF8.GetBytes("different aad")));
});
}
public void Encrypt_Decrypt_RoundTrips()
{
// Arrange
Secret kdk = new Secret(new byte[512 / 8]);
CbcAuthenticatedEncryptor encryptor = new CbcAuthenticatedEncryptor(kdk,
symmetricAlgorithmHandle: CachedAlgorithmHandles.AES_CBC,
symmetricAlgorithmKeySizeInBytes: 256 / 8,
hmacAlgorithmHandle: CachedAlgorithmHandles.HMAC_SHA256);
ArraySegment <byte> plaintext = new ArraySegment <byte>(Encoding.UTF8.GetBytes("plaintext"));
ArraySegment <byte> aad = new ArraySegment <byte>(Encoding.UTF8.GetBytes("aad"));
// Act
byte[] ciphertext = encryptor.Encrypt(plaintext, aad);
byte[] decipheredtext = encryptor.Decrypt(new ArraySegment <byte>(ciphertext), aad);
// Assert
Assert.Equal(plaintext, decipheredtext);
}
public void Encrypt_Decrypt_RoundTrips()
{
// Arrange
Secret kdk = new Secret(new byte[512 / 8]);
CbcAuthenticatedEncryptor encryptor = new CbcAuthenticatedEncryptor(kdk,
symmetricAlgorithmHandle: CachedAlgorithmHandles.AES_CBC,
symmetricAlgorithmKeySizeInBytes: 256 / 8,
hmacAlgorithmHandle: CachedAlgorithmHandles.HMAC_SHA256);
ArraySegment<byte> plaintext = new ArraySegment<byte>(Encoding.UTF8.GetBytes("plaintext"));
ArraySegment<byte> aad = new ArraySegment<byte>(Encoding.UTF8.GetBytes("aad"));
// Act
byte[] ciphertext = encryptor.Encrypt(plaintext, aad);
byte[] decipheredtext = encryptor.Decrypt(new ArraySegment<byte>(ciphertext), aad);
// Assert
Assert.Equal(plaintext, decipheredtext);
}
