public void GetDecryptionKey_CarriedKeyName()
{
using (Aes aes = Aes.Create())
using (Aes innerAes = Aes.Create())
{
innerAes.KeySize = 128;
EncryptedData edata = new EncryptedData();
edata.KeyInfo = new KeyInfo();
edata.KeyInfo.AddClause(new KeyInfoName("aes"));
EncryptedKey ekey = new EncryptedKey();
byte[] encKeyBytes = EncryptedXml.EncryptKey(innerAes.Key, aes);
ekey.CipherData = new CipherData(encKeyBytes);
ekey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
ekey.CarriedKeyName = "aes";
ekey.KeyInfo = new KeyInfo();
ekey.KeyInfo.AddClause(new KeyInfoName("another_aes"));
XmlDocument doc = new XmlDocument();
doc.LoadXml(ekey.GetXml().OuterXml);
EncryptedXml exml = new EncryptedXml(doc);
exml.AddKeyNameMapping("another_aes", aes);
SymmetricAlgorithm decryptedAlg = exml.GetDecryptionKey(edata, EncryptedXml.XmlEncAES256Url);
Assert.Equal(innerAes.Key, decryptedAlg.Key);
}
}
public void DecryptEncryptedKey_KeyInfoEncryptedKey()
{
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
string xml = "<root> <child>sample</child> </root>";
doc.LoadXml(xml);
var random = new SecureRandom();
var keydata = new byte[256 / 8];
random.NextBytes(keydata);
var param = new KeyParameter(keydata);
keydata = new byte[128 / 8];
random.NextBytes(keydata);
var innerParam = new KeyParameter(keydata);
keydata = new byte[192 / 8];
random.NextBytes(keydata);
var outerParam = new KeyParameter(keydata);
EncryptedXml exml = new EncryptedXml(doc);
exml.AddKeyNameMapping("aes", param);
EncryptedKey ekey = new EncryptedKey();
byte[] encKeyBytes = EncryptedXml.EncryptKey(outerParam.GetKey(), param);
ekey.CipherData = new CipherData(encKeyBytes);
ekey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
ekey.Id = "Key_ID";
ekey.KeyInfo = new KeyInfo();
ekey.KeyInfo.AddClause(new KeyInfoName("aes"));
KeyInfo topLevelKeyInfo = new KeyInfo();
topLevelKeyInfo.AddClause(new KeyInfoEncryptedKey(ekey));
EncryptedKey ekeyTopLevel = new EncryptedKey();
byte[] encTopKeyBytes = EncryptedXml.EncryptKey(innerParam.GetKey(), outerParam);
ekeyTopLevel.CipherData = new CipherData(encTopKeyBytes);
ekeyTopLevel.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
ekeyTopLevel.KeyInfo = topLevelKeyInfo;
doc.LoadXml(ekeyTopLevel.GetXml().OuterXml);
byte[] decryptedKey = exml.DecryptEncryptedKey(ekeyTopLevel);
Assert.Equal(innerParam.GetKey(), decryptedKey);
EncryptedData eData = new EncryptedData();
eData.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
eData.KeyInfo = topLevelKeyInfo;
var decryptedAlg = exml.GetDecryptionKey(eData, null);
Assert.Equal(outerParam.GetKey(), ((KeyParameter)decryptedAlg).GetKey());
}
public void GetDecryptionKey_NoEncryptionMethod()
{
EncryptedData edata = new EncryptedData();
edata.KeyInfo = new KeyInfo();
edata.KeyInfo.AddClause(new KeyInfoEncryptedKey(new EncryptedKey()));
EncryptedXml exml = new EncryptedXml();
Assert.Throws <CryptographicException>(() => exml.GetDecryptionKey(edata, null));
}
public void GetDecryptionKey_KeyInfoName()
{
using (Aes aes = Aes.Create())
{
EncryptedData edata = new EncryptedData();
edata.KeyInfo = new KeyInfo();
edata.KeyInfo.AddClause(new KeyInfoName("aes"));
EncryptedXml exml = new EncryptedXml();
exml.AddKeyNameMapping("aes", aes);
SymmetricAlgorithm decryptedAlg = exml.GetDecryptionKey(edata, null);
Assert.Equal(aes.Key, decryptedAlg.Key);
}
}
public void DecryptEncryptedKey_KeyInfoEncryptedKey()
{
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
string xml = "<root> <child>sample</child> </root>";
doc.LoadXml(xml);
using (Aes aes = Aes.Create())
using (Aes outerAes = Aes.Create())
using (Aes innerAes = Aes.Create())
{
outerAes.KeySize = 192;
innerAes.KeySize = 128;
EncryptedXml exml = new EncryptedXml(doc);
exml.AddKeyNameMapping("aes", aes);
EncryptedKey ekey = new EncryptedKey();
byte[] encKeyBytes = EncryptedXml.EncryptKey(outerAes.Key, aes);
ekey.CipherData = new CipherData(encKeyBytes);
ekey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
ekey.Id = "Key_ID";
ekey.KeyInfo = new KeyInfo();
ekey.KeyInfo.AddClause(new KeyInfoName("aes"));
KeyInfo topLevelKeyInfo = new KeyInfo();
topLevelKeyInfo.AddClause(new KeyInfoEncryptedKey(ekey));
EncryptedKey ekeyTopLevel = new EncryptedKey();
byte[] encTopKeyBytes = EncryptedXml.EncryptKey(innerAes.Key, outerAes);
ekeyTopLevel.CipherData = new CipherData(encTopKeyBytes);
ekeyTopLevel.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
ekeyTopLevel.KeyInfo = topLevelKeyInfo;
doc.LoadXml(ekeyTopLevel.GetXml().OuterXml);
byte[] decryptedKey = exml.DecryptEncryptedKey(ekeyTopLevel);
Assert.Equal(innerAes.Key, decryptedKey);
EncryptedData eData = new EncryptedData();
eData.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
eData.KeyInfo = topLevelKeyInfo;
SymmetricAlgorithm decryptedAlg = exml.GetDecryptionKey(eData, null);
Assert.Equal(outerAes.Key, decryptedAlg.Key);
}
}
private static XmlDocument DecryptEncryptedData(InternalEncryptionKey internalKey, XmlElement sessionElement)
{
XmlElement secretsElement = sessionElement.FirstChild as XmlElement;
if (secretsElement == null || secretsElement.Name != "EncryptedData")
{
throw new FormatException($"There must be an element named {nameof(EncryptedData)} here.");
}
SymmetricAlgorithm masterKey = GetAndDeriveMasterKey(internalKey.DecryptPassphrase(), sessionElement);
// Decrypt the node, creating a named session key to use the embedded session key.
EncryptedXml encryptedXml = new EncryptedXml();
encryptedXml.AddKeyNameMapping(KEYNAME, masterKey);
EncryptedData encryptedData = new EncryptedData();
encryptedData.LoadXml(secretsElement);
SymmetricAlgorithm decryptionKey;
try
{
decryptionKey = encryptedXml.GetDecryptionKey(encryptedData, null);
}
catch (CryptographicException)
{
// This ok - we're not guaranteed that we actually provided the correct key.
return(null);
}
// It seems mono doesn't throw, but returns a null key instead.
if (decryptionKey == null)
{
return(null);
}
byte[] plainTextXml = encryptedXml.DecryptData(encryptedData, decryptionKey);
string plain = encryptedXml.Encoding.GetString(plainTextXml);
XmlDocument decryptedSecretsDocument = new XmlDocument();
decryptedSecretsDocument.LoadXml(plain);
return(decryptedSecretsDocument);
}
public void GetDecryptionKey_CarriedKeyName()
{
var random = new SecureRandom();
var ivdata = new byte[128 / 8];
var keydata = new byte[256 / 8];
random.NextBytes(ivdata);
random.NextBytes(keydata);
var param = new ParametersWithIV(new KeyParameter(keydata), ivdata);
keydata = new byte[128 / 8];
random.NextBytes(ivdata);
random.NextBytes(keydata);
var innerParam = new ParametersWithIV(new KeyParameter(keydata), ivdata);
EncryptedData edata = new EncryptedData();
edata.KeyInfo = new KeyInfo();
edata.KeyInfo.AddClause(new KeyInfoName("aes"));
EncryptedKey ekey = new EncryptedKey();
byte[] encKeyBytes = EncryptedXml.EncryptKey(((KeyParameter)innerParam.Parameters).GetKey(), (KeyParameter)param.Parameters);
ekey.CipherData = new CipherData(encKeyBytes);
ekey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
ekey.CarriedKeyName = "aes";
ekey.KeyInfo = new KeyInfo();
ekey.KeyInfo.AddClause(new KeyInfoName("another_aes"));
XmlDocument doc = new XmlDocument();
doc.LoadXml(ekey.GetXml().OuterXml);
EncryptedXml exml = new EncryptedXml(doc);
exml.AddKeyNameMapping("another_aes", param);
var decryptedAlg = exml.GetDecryptionKey(edata, EncryptedXml.XmlEncAES256Url);
Assert.IsType <KeyParameter>(decryptedAlg);
Assert.Equal(((KeyParameter)innerParam.Parameters).GetKey(), ((KeyParameter)decryptedAlg).GetKey());
}
public void ReplaceData2NonDocumentElementTest()
{
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.LoadXml(InputXml);
using (Rijndael aes = new RijndaelManaged())
{
aes.GenerateKey();
aes.GenerateIV();
// Encrypt the XML document
EncryptedXml encryptedXml = new EncryptedXml(doc);
encryptedXml.AddKeyNameMapping("key", aes);
XmlElement secretElement = doc.GetElementsByTagName("child")[0] as XmlElement;
EncryptedData encrypted = encryptedXml.Encrypt(secretElement, "key");
EncryptedXml.ReplaceElement(secretElement, encrypted, false);
// Decrypt it back
XmlElement encryptedElement = doc.GetElementsByTagName("EncryptedData", EncryptedXml.XmlEncNamespaceUrl)[0] as XmlElement;
EncryptedData encryptedData = new EncryptedData();
encryptedData.LoadXml(encryptedElement);
EncryptedXml decryptXml = new EncryptedXml(doc);
decryptXml.AddKeyNameMapping("key", aes);
byte[] decryptedData = decryptXml.DecryptData(encryptedData,
decryptXml.GetDecryptionKey(encryptedData, null));
decryptXml.ReplaceData2(encryptedElement, decryptedData);
}
// Now that we've encrypted and decrypted the data, ensure that we have both the XML
// declaration, and the root node in place.
Assert.IsTrue(doc.FirstChild.NodeType == XmlNodeType.XmlDeclaration);
Assert.AreEqual("root", doc.FirstChild.NextSibling.Name);
Assert.AreEqual(InputXml, doc.OuterXml);
}
public void GetDecryptionKey_KeyInfoName()
{
var random = new SecureRandom();
var ivdata = new byte[128 / 8];
var keydata = new byte[256 / 8];
random.NextBytes(ivdata);
random.NextBytes(keydata);
var param = new ParametersWithIV(new KeyParameter(keydata), ivdata);
EncryptedData edata = new EncryptedData();
edata.KeyInfo = new KeyInfo();
edata.KeyInfo.AddClause(new KeyInfoName("aes"));
EncryptedXml exml = new EncryptedXml();
exml.AddKeyNameMapping("aes", param);
var decryptedAlg = exml.GetDecryptionKey(edata, null);
Assert.IsType <ParametersWithIV>(decryptedAlg);
Assert.Equal(((KeyParameter)param.Parameters).GetKey(), ((KeyParameter)((ParametersWithIV)decryptedAlg).Parameters).GetKey());
}
public void GetDecryptionKey_StringNull()
{
EncryptedXml ex = new EncryptedXml();
Assert.IsNull(ex.GetDecryptionKey(new EncryptedData(), null));
}
public void GetDecryptionKey_EncryptedDataNull()
{
EncryptedXml ex = new EncryptedXml();
ex.GetDecryptionKey(null, EncryptedXml.XmlEncAES128Url);
}
public void GetDecryptionKey_EncryptedDataNull()
{
EncryptedXml ex = new EncryptedXml();
Assert.Throws <ArgumentNullException>(() => ex.GetDecryptionKey(null, EncryptedXml.XmlEncAES128Url));
}
