Exemple #1
0
        public void Encrypt_Decrypt_Tampering_Fails()
        {
            // Arrange
            Secret kdk = new Secret(new byte[512 / 8]);
            ManagedAuthenticatedEncryptor encryptor = new ManagedAuthenticatedEncryptor(kdk,
                                                                                        symmetricAlgorithmFactory: Aes.Create,
                                                                                        symmetricAlgorithmKeySizeInBytes: 256 / 8,
                                                                                        validationAlgorithmFactory: () => new HMACSHA256());
            ArraySegment <byte> plaintext = new ArraySegment <byte>(Encoding.UTF8.GetBytes("plaintext"));
            ArraySegment <byte> aad       = new ArraySegment <byte>(Encoding.UTF8.GetBytes("aad"));

            byte[] validCiphertext = encryptor.Encrypt(plaintext, aad);

            // Act & assert - 1
            // Ciphertext is too short to be a valid payload
            byte[] invalidCiphertext_tooShort = new byte[10];
            Assert.Throws <CryptographicException>(() =>
            {
                encryptor.Decrypt(new ArraySegment <byte>(invalidCiphertext_tooShort), aad);
            });

            // Act & assert - 2
            // Ciphertext has been manipulated
            byte[] invalidCiphertext_manipulated = (byte[])validCiphertext.Clone();
            invalidCiphertext_manipulated[0] ^= 0x01;
            Assert.Throws <CryptographicException>(() =>
            {
                encryptor.Decrypt(new ArraySegment <byte>(invalidCiphertext_manipulated), aad);
            });

            // Act & assert - 3
            // Ciphertext is too long
            byte[] invalidCiphertext_tooLong = validCiphertext.Concat(new byte[] { 0 }).ToArray();
            Assert.Throws <CryptographicException>(() =>
            {
                encryptor.Decrypt(new ArraySegment <byte>(invalidCiphertext_tooLong), aad);
            });

            // Act & assert - 4
            // AAD is incorrect
            Assert.Throws <CryptographicException>(() =>
            {
                encryptor.Decrypt(new ArraySegment <byte>(validCiphertext), new ArraySegment <byte>(Encoding.UTF8.GetBytes("different aad")));
            });
        }
        public void Encrypt_Decrypt_Tampering_Fails()
        {
            // Arrange
            Secret kdk = new Secret(new byte[512 / 8]);
            ManagedAuthenticatedEncryptor encryptor = new ManagedAuthenticatedEncryptor(kdk,
                symmetricAlgorithmFactory: Aes.Create,
                symmetricAlgorithmKeySizeInBytes: 256 / 8,
                validationAlgorithmFactory: () => new HMACSHA256());
            ArraySegment<byte> plaintext = new ArraySegment<byte>(Encoding.UTF8.GetBytes("plaintext"));
            ArraySegment<byte> aad = new ArraySegment<byte>(Encoding.UTF8.GetBytes("aad"));
            byte[] validCiphertext = encryptor.Encrypt(plaintext, aad);

            // Act & assert - 1
            // Ciphertext is too short to be a valid payload
            byte[] invalidCiphertext_tooShort = new byte[10];
            Assert.Throws<CryptographicException>(() =>
            {
                encryptor.Decrypt(new ArraySegment<byte>(invalidCiphertext_tooShort), aad);
            });

            // Act & assert - 2
            // Ciphertext has been manipulated
            byte[] invalidCiphertext_manipulated = (byte[])validCiphertext.Clone();
            invalidCiphertext_manipulated[0] ^= 0x01;
            Assert.Throws<CryptographicException>(() =>
            {
                encryptor.Decrypt(new ArraySegment<byte>(invalidCiphertext_manipulated), aad);
            });

            // Act & assert - 3
            // Ciphertext is too long
            byte[] invalidCiphertext_tooLong = validCiphertext.Concat(new byte[] { 0 }).ToArray();
            Assert.Throws<CryptographicException>(() =>
            {
                encryptor.Decrypt(new ArraySegment<byte>(invalidCiphertext_tooLong), aad);
            });

            // Act & assert - 4
            // AAD is incorrect
            Assert.Throws<CryptographicException>(() =>
            {
                encryptor.Decrypt(new ArraySegment<byte>(validCiphertext), new ArraySegment<byte>(Encoding.UTF8.GetBytes("different aad")));
            });
        }
        public void Encrypt_Decrypt_RoundTrips()
        {
            // Arrange
            Secret kdk = new Secret(new byte[512 / 8]);
            ManagedAuthenticatedEncryptor encryptor = new ManagedAuthenticatedEncryptor(kdk,
                symmetricAlgorithmFactory: Aes.Create,
                symmetricAlgorithmKeySizeInBytes: 256 / 8,
                validationAlgorithmFactory: () => new HMACSHA256());
            ArraySegment<byte> plaintext = new ArraySegment<byte>(Encoding.UTF8.GetBytes("plaintext"));
            ArraySegment<byte> aad = new ArraySegment<byte>(Encoding.UTF8.GetBytes("aad"));

            // Act
            byte[] ciphertext = encryptor.Encrypt(plaintext, aad);
            byte[] decipheredtext = encryptor.Decrypt(new ArraySegment<byte>(ciphertext), aad);

            // Assert
            Assert.Equal(plaintext, decipheredtext);
        }
Exemple #4
0
        public void Encrypt_Decrypt_RoundTrips()
        {
            // Arrange
            Secret kdk = new Secret(new byte[512 / 8]);
            ManagedAuthenticatedEncryptor encryptor = new ManagedAuthenticatedEncryptor(kdk,
                                                                                        symmetricAlgorithmFactory: Aes.Create,
                                                                                        symmetricAlgorithmKeySizeInBytes: 256 / 8,
                                                                                        validationAlgorithmFactory: () => new HMACSHA256());
            ArraySegment <byte> plaintext = new ArraySegment <byte>(Encoding.UTF8.GetBytes("plaintext"));
            ArraySegment <byte> aad       = new ArraySegment <byte>(Encoding.UTF8.GetBytes("aad"));

            // Act
            byte[] ciphertext     = encryptor.Encrypt(plaintext, aad);
            byte[] decipheredtext = encryptor.Decrypt(new ArraySegment <byte>(ciphertext), aad);

            // Assert
            Assert.Equal(plaintext, decipheredtext);
        }