public void RequiresPlaintext() { ArgumentNullException ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.Rsa15Parameters(null)); Assert.AreEqual("plaintext", ex.ParamName); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.RsaOaepParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.RsaOaep256Parameters(null)); Assert.AreEqual("plaintext", ex.ParamName); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128GcmParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A128GcmParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A192GcmParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A192GcmParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A256GcmParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A256GcmParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128CbcParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A128CbcParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128CbcParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A192CbcParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128CbcParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A256CbcParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128CbcPadParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A128CbcPadParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128CbcPadParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A192CbcPadParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128CbcPadParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A256CbcPadParameters(Array.Empty <byte>(), null)); }
public async Task AesGcmEncryptDecrypt([EnumValues( nameof(EncryptionAlgorithm.A128Gcm), nameof(EncryptionAlgorithm.A192Gcm), nameof(EncryptionAlgorithm.A256Gcm) )] EncryptionAlgorithm algorithm) { int keySizeInBytes = algorithm.ToString() switch { EncryptionAlgorithm.A128GcmValue => 128 >> 3, EncryptionAlgorithm.A192GcmValue => 192 >> 3, EncryptionAlgorithm.A256GcmValue => 256 >> 3, _ => throw new NotSupportedException($"{algorithm} is not supported"), }; JsonWebKey jwk = KeyUtilities.CreateAesKey(keySizeInBytes, s_aesKeyOps); string keyName = Recording.GenerateId(); KeyVaultKey key = await Client.ImportKeyAsync( new ImportKeyOptions(keyName, jwk)); RegisterForCleanup(key.Name); CryptographyClient remoteClient = GetCryptoClient(key.Id, forceRemote: true); byte[] plaintext = new byte[32]; Recording.Random.NextBytes(plaintext); byte[] iv = new byte[16]; if (algorithm.GetAesCbcEncryptionAlgorithm() is AesCbc) { Recording.Random.NextBytes(iv); } EncryptParameters encryptParams = algorithm.ToString() switch { // TODO: Re-record with random additionalAuthenticatedData once the "aad" issue is fixed with Managed HSM. EncryptionAlgorithm.A128GcmValue => EncryptParameters.A128GcmParameters(plaintext), EncryptionAlgorithm.A192GcmValue => EncryptParameters.A192GcmParameters(plaintext), EncryptionAlgorithm.A256GcmValue => EncryptParameters.A256GcmParameters(plaintext), _ => throw new NotSupportedException($"{algorithm} is not supported"), }; EncryptResult encrypted = await remoteClient.EncryptAsync(encryptParams); Assert.IsNotNull(encrypted.Ciphertext); DecryptParameters decryptParameters = algorithm.ToString() switch { // TODO: Re-record with random additionalAuthenticatedData once the "aad" issue is fixed with Managed HSM. EncryptionAlgorithm.A128GcmValue => DecryptParameters.A128GcmParameters(encrypted.Ciphertext, encrypted.Iv, encrypted.AuthenticationTag), EncryptionAlgorithm.A192GcmValue => DecryptParameters.A192GcmParameters(encrypted.Ciphertext, encrypted.Iv, encrypted.AuthenticationTag), EncryptionAlgorithm.A256GcmValue => DecryptParameters.A256GcmParameters(encrypted.Ciphertext, encrypted.Iv, encrypted.AuthenticationTag), _ => throw new NotSupportedException($"{algorithm} is not supported"), }; DecryptResult decrypted = await remoteClient.DecryptAsync(decryptParameters); Assert.IsNotNull(decrypted.Plaintext); CollectionAssert.AreEqual(plaintext, decrypted.Plaintext); }