public void ServerDecryptionFailsWhenRecordModified() { using (Aes128GcmRecordProtection recordProtection = new Aes128GcmRecordProtection(this.masterSecret, this.serverRandom, this.clientRandom)) { byte[] messageAsBytes = Encoding.UTF8.GetBytes(TestMessage); Record originalRecord = new Record(); originalRecord.ContentType = ContentType.ApplicationData; originalRecord.Epoch = 1; originalRecord.SequenceNumber = 124; originalRecord.Length = (ushort)recordProtection.GetEncryptedSize(messageAsBytes.Length); ByteSpan encrypted = new byte[originalRecord.Length]; recordProtection.EncryptServerPlaintext(encrypted, messageAsBytes, ref originalRecord); ByteSpan plaintext = new byte[recordProtection.GetDecryptedSize(encrypted.Length)]; Record record = originalRecord; record.ContentType = ContentType.Handshake; bool couldDecrypt = recordProtection.DecryptCiphertextFromServer(plaintext, encrypted, ref record); Assert.IsFalse(couldDecrypt); record = originalRecord; record.Epoch++; couldDecrypt = recordProtection.DecryptCiphertextFromServer(plaintext, encrypted, ref record); Assert.IsFalse(couldDecrypt); record = originalRecord; record.SequenceNumber++; couldDecrypt = recordProtection.DecryptCiphertextFromServer(plaintext, encrypted, ref record); Assert.IsFalse(couldDecrypt); } }
public void ClientCanEncryptAndDecryptData() { using (Aes128GcmRecordProtection recordProtection = new Aes128GcmRecordProtection(this.masterSecret, this.serverRandom, this.clientRandom)) { byte[] messageAsBytes = Encoding.UTF8.GetBytes(TestMessage); Record record = new Record(); record.ContentType = ContentType.ApplicationData; record.Epoch = 1; record.SequenceNumber = 124; record.Length = (ushort)recordProtection.GetEncryptedSize(messageAsBytes.Length); ByteSpan encrypted = new byte[record.Length]; recordProtection.EncryptClientPlaintext(encrypted, messageAsBytes, ref record); ByteSpan plaintext = new byte[recordProtection.GetDecryptedSize(encrypted.Length)]; bool couldDecrypt = recordProtection.DecryptCiphertextFromClient(plaintext, encrypted, ref record); Assert.IsTrue(couldDecrypt); Assert.AreEqual(messageAsBytes.Length, plaintext.Length); Assert.AreEqual(TestMessage, Encoding.UTF8.GetString(plaintext.GetUnderlyingArray(), plaintext.Offset, plaintext.Length)); } }