private static void AddDecryptMismatchTheoryData( string testId, SymmetricSecurityKey decryptKey, SymmetricSecurityKey encryptkey, string decryptAlgorithm, string encryptAlgorithm, ExpectedException ee, TheoryData <AuthenticatedEncryptionTestParams> theoryData) { var authenticatedData = Guid.NewGuid().ToByteArray(); var plainText = Guid.NewGuid().ToByteArray(); var provider = new AuthenticatedEncryptionProvider(encryptkey, encryptAlgorithm); var results = provider.Encrypt(plainText, authenticatedData); theoryData.Add(new AuthenticatedEncryptionTestParams { AuthenticatedData = authenticatedData, DecryptAlgorithm = decryptAlgorithm, DecryptKey = decryptKey, EE = ee, EncryptionResults = results, Provider = new AuthenticatedEncryptionProvider(decryptKey, decryptAlgorithm), TestId = testId }); }
public void DecryptVirtual() { var provider = new AuthenticatedEncryptionProvider(Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes128CbcHmacSha256); var authenticatedData = Guid.NewGuid().ToByteArray(); var results = provider.Encrypt(Guid.NewGuid().ToByteArray(), authenticatedData); var derivedProvider = new DerivedAuthenticatedEncryptionProvider(Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes128CbcHmacSha256); derivedProvider.Decrypt(results.Ciphertext, authenticatedData, results.IV, results.AuthenticationTag); Assert.True(derivedProvider.DecryptCalled); }
private static void AddDecryptParameterCheckTheoryData(string testId, byte[] authenticatedData, byte[] authenticationTag, byte[] cipherText, byte[] iv, TheoryData <AuthenticatedEncryptionTestParams> theoryData) { var provider = new AuthenticatedEncryptionProvider(Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes128CbcHmacSha256); theoryData.Add(new AuthenticatedEncryptionTestParams { AuthenticatedData = authenticatedData, EE = ExpectedException.ArgumentNullException(), EncryptionResults = new AuthenticatedEncryptionResult(Default.SymmetricEncryptionKey256, cipherText, iv, authenticationTag), Provider = provider, TestId = testId }); }
private static void AddEncryptParameterCheckTheoryData(string testId, byte[] authenticatedData, byte[] plainText, TheoryData <AuthenticatedEncryptionTheoryData> theoryData) { var provider = new AuthenticatedEncryptionProvider(Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes128CbcHmacSha256); theoryData.Add(new AuthenticatedEncryptionTheoryData { AuthenticatedData = authenticatedData, ExpectedException = ExpectedException.ArgumentNullException(), EncryptionResults = new AuthenticatedEncryptionResult(Default.SymmetricEncryptionKey256, new byte[1], new byte[1], new byte[1]), Plaintext = plainText, Provider = provider, TestId = testId }); }
public void AesGcmEncryptionOnWindows() { var context = new CompareContext(); try { var provider = new AuthenticatedEncryptionProvider(Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes256Gcm); } catch (Exception ex) { context.AddDiff($"AuthenticatedEncryptionProvider is not supposed to throw an exception, Exception:{ ex.ToString()}"); } TestUtilities.AssertFailIfErrors(context); }
public void AesGcm_Dispose() { AuthenticatedEncryptionProvider encryptionProvider = new AuthenticatedEncryptionProvider(Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes256Gcm); encryptionProvider.Dispose(); var expectedException = ExpectedException.ObjectDisposedException; try { encryptionProvider.Decrypt(AES_256_GCM.E, AES_256_GCM.A, AES_256_GCM.IV, AES_256_GCM.T); } catch (Exception ex) { expectedException.ProcessException(ex); } }
private static byte[] DecryptToken(CryptoProviderFactory cryptoProviderFactory, SecurityKey key, JwtTokenDecryptionParameters decryptionParameters) { using (AuthenticatedEncryptionProvider decryptionProvider = cryptoProviderFactory.CreateAuthenticatedEncryptionProvider(key, decryptionParameters.Enc)) { if (decryptionProvider == null) { throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(TokenLogMessages.IDX10610, key, LogHelper.MarkAsNonPII(decryptionParameters.Enc)))); } return(decryptionProvider.Decrypt( Base64UrlEncoder.DecodeBytes(decryptionParameters.Ciphertext), Encoding.ASCII.GetBytes(decryptionParameters.EncodedHeader), Base64UrlEncoder.DecodeBytes(decryptionParameters.InitializationVector), Base64UrlEncoder.DecodeBytes(decryptionParameters.AuthenticationTag))); } }
#pragma warning restore CS3016 // Arrays as attribute arguments is not CLS-compliant public void EncryptDecrypt(AuthenticatedEncryptionTestParams theoryParams) { try { // use a different provider for encrypting and decrypting to ensure key creation / privated vars are set correctly var encryptionProvider = new AuthenticatedEncryptionProvider(theoryParams.EncryptKey, theoryParams.DecryptAlgorithm); var decryptionProvider = new AuthenticatedEncryptionProvider(theoryParams.DecryptKey, theoryParams.EncryptAlgorithm); var results = encryptionProvider.Encrypt(theoryParams.Plaintext, theoryParams.AuthenticatedData); var cleartext = decryptionProvider.Decrypt(results.Ciphertext, theoryParams.AuthenticatedData, results.IV, results.AuthenticationTag); Assert.True(Utility.AreEqual(theoryParams.Plaintext, cleartext), "theoryParams.PlainText != clearText"); theoryParams.EE.ProcessNoException(); } catch (Exception ex) { theoryParams.EE.ProcessException(ex); } }
#pragma warning restore CS3016 // Arrays as attribute arguments is not CLS-compliant public void Constructors(string testId, SymmetricSecurityKey key, string algorithm, ExpectedException ee) { try { var context = Guid.NewGuid().ToString(); var provider = new AuthenticatedEncryptionProvider(key, algorithm) { Context = context }; ee.ProcessNoException(); Assert.Equal(provider.Algorithm, algorithm); Assert.Equal(provider.Context, context); Assert.True(ReferenceEquals(provider.Key, key)); } catch (Exception ex) { ee.ProcessException(ex); } }
public void EncryptDecrypt(AuthenticatedEncryptionTheoryData theoryData) { var context = TestUtilities.WriteHeader($"{this}.EncryptDecrypt", theoryData); try { // use a different provider for encrypting and decrypting to ensure key creation / privated vars are set correctly var encryptionProvider = new AuthenticatedEncryptionProvider(theoryData.EncryptKey, theoryData.DecryptAlgorithm); var decryptionProvider = new AuthenticatedEncryptionProvider(theoryData.DecryptKey, theoryData.EncryptAlgorithm); var results = encryptionProvider.Encrypt(theoryData.Plaintext, theoryData.AuthenticatedData); var cleartext = decryptionProvider.Decrypt(results.Ciphertext, theoryData.AuthenticatedData, results.IV, results.AuthenticationTag); Assert.True(Utility.AreEqual(theoryData.Plaintext, cleartext), "theoryParams.PlainText != clearText"); theoryData.ExpectedException.ProcessNoException(context); } catch (Exception ex) { theoryData.ExpectedException.ProcessException(ex, context); } TestUtilities.AssertFailIfErrors(context); }
private static void AddDecryptTamperedTheoryData(string testId, SymmetricSecurityKey key, string algorithm, TheoryData <AuthenticatedEncryptionTestParams> theoryData) { var authenticatedData = Guid.NewGuid().ToByteArray(); var plainText = Guid.NewGuid().ToByteArray(); var provider = new AuthenticatedEncryptionProvider(key, algorithm); var results = provider.Encrypt(plainText, authenticatedData); theoryData.Add(new AuthenticatedEncryptionTestParams { AuthenticatedData = Guid.NewGuid().ToByteArray(), DecryptAlgorithm = algorithm, DecryptKey = key, EE = ExpectedException.SecurityTokenDecryptionFailedException("IDX10650:"), EncryptAlgorithm = algorithm, EncryptKey = key, EncryptionResults = results, Provider = provider, TestId = "AddDecryptTheoryData1_" + testId }); results = provider.Encrypt(plainText, authenticatedData); TestUtilities.XORBytes(results.IV); theoryData.Add(new AuthenticatedEncryptionTestParams { AuthenticatedData = authenticatedData, DecryptAlgorithm = algorithm, DecryptKey = key, EE = ExpectedException.SecurityTokenDecryptionFailedException("IDX10650:"), EncryptAlgorithm = algorithm, EncryptKey = key, EncryptionResults = results, Provider = provider, TestId = "AddDecryptTheoryData2_" + testId }); results = provider.Encrypt(plainText, authenticatedData); TestUtilities.XORBytes(results.AuthenticationTag); theoryData.Add(new AuthenticatedEncryptionTestParams { AuthenticatedData = authenticatedData, DecryptAlgorithm = algorithm, DecryptKey = key, EE = ExpectedException.SecurityTokenDecryptionFailedException("IDX10650:"), EncryptAlgorithm = algorithm, EncryptKey = key, EncryptionResults = results, Provider = provider, TestId = "AddDecryptTheoryData3_" + testId }); results = provider.Encrypt(plainText, authenticatedData); TestUtilities.XORBytes(results.Ciphertext); theoryData.Add(new AuthenticatedEncryptionTestParams { AuthenticatedData = authenticatedData, DecryptAlgorithm = algorithm, DecryptKey = key, EE = ExpectedException.SecurityTokenDecryptionFailedException("IDX10650:"), EncryptAlgorithm = algorithm, EncryptKey = key, EncryptionResults = results, Provider = provider, TestId = "AddDecryptTheoryData4_" + testId }); }