public void RequiresPlaintext() { ArgumentNullException ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.Rsa15Parameters(null)); Assert.AreEqual("plaintext", ex.ParamName); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.RsaOaepParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.RsaOaep256Parameters(null)); Assert.AreEqual("plaintext", ex.ParamName); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128GcmParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A128GcmParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A192GcmParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A192GcmParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A256GcmParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A256GcmParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128CbcParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A128CbcParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128CbcParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A192CbcParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128CbcParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A256CbcParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128CbcPadParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A128CbcPadParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128CbcPadParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A192CbcPadParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128CbcPadParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A256CbcPadParameters(Array.Empty <byte>(), null)); }
public async Task EncryptLocalDecryptOnManagedHsm([EnumValues( nameof(EncryptionAlgorithm.A128Cbc), nameof(EncryptionAlgorithm.A192Cbc), nameof(EncryptionAlgorithm.A256Cbc), nameof(EncryptionAlgorithm.A128CbcPad), nameof(EncryptionAlgorithm.A192CbcPad), nameof(EncryptionAlgorithm.A256CbcPad))] EncryptionAlgorithm algorithm) { int keySizeInBytes = algorithm.GetAesCbcEncryptionAlgorithm().KeySizeInBytes; JsonWebKey jwk = KeyUtilities.CreateAesKey(keySizeInBytes, s_aesKeyOps); string keyName = Recording.GenerateId(); KeyVaultKey key = await Client.ImportKeyAsync( new ImportKeyOptions(keyName, jwk)); RegisterForCleanup(key.Name); CryptographyClient remoteClient = GetCryptoClient(key.Id, forceRemote: true); CryptographyClient localClient = GetLocalCryptoClient(jwk); byte[] plaintext = new byte[32]; Recording.Random.NextBytes(plaintext); byte[] iv = new byte[16]; if (algorithm.GetAesCbcEncryptionAlgorithm() is AesCbc) { Recording.Random.NextBytes(iv); } EncryptParameters encryptParams = algorithm.ToString() switch { EncryptionAlgorithm.A128CbcValue => EncryptParameters.A128CbcParameters(plaintext, iv), EncryptionAlgorithm.A192CbcValue => EncryptParameters.A192CbcParameters(plaintext, iv), EncryptionAlgorithm.A256CbcValue => EncryptParameters.A256CbcParameters(plaintext, iv), EncryptionAlgorithm.A128CbcPadValue => EncryptParameters.A128CbcPadParameters(plaintext, iv), EncryptionAlgorithm.A192CbcPadValue => EncryptParameters.A192CbcPadParameters(plaintext, iv), EncryptionAlgorithm.A256CbcPadValue => EncryptParameters.A256CbcPadParameters(plaintext, iv), _ => throw new NotSupportedException($"{algorithm} is not supported"), }; EncryptResult encrypted = await localClient.EncryptAsync(encryptParams); Assert.IsNotNull(encrypted.Ciphertext); DecryptParameters decryptParameters = algorithm.ToString() switch { EncryptionAlgorithm.A128CbcValue => DecryptParameters.A128CbcParameters(encrypted.Ciphertext, encrypted.Iv), EncryptionAlgorithm.A192CbcValue => DecryptParameters.A192CbcParameters(encrypted.Ciphertext, encrypted.Iv), EncryptionAlgorithm.A256CbcValue => DecryptParameters.A256CbcParameters(encrypted.Ciphertext, encrypted.Iv), EncryptionAlgorithm.A128CbcPadValue => DecryptParameters.A128CbcPadParameters(encrypted.Ciphertext, encrypted.Iv), EncryptionAlgorithm.A192CbcPadValue => DecryptParameters.A192CbcPadParameters(encrypted.Ciphertext, encrypted.Iv), EncryptionAlgorithm.A256CbcPadValue => DecryptParameters.A256CbcPadParameters(encrypted.Ciphertext, encrypted.Iv), _ => throw new NotSupportedException($"{algorithm} is not supported"), }; DecryptResult decrypted = await remoteClient.DecryptAsync(decryptParameters); Assert.IsNotNull(decrypted.Plaintext); CollectionAssert.AreEqual(plaintext, decrypted.Plaintext); }