public void VerifyLibhydrogenEncryptedMessageCanBeDecrypted()
{
var sb = new SecretBox();
// Generate a key
var key = new byte[SecretBox.KeyBytes];
sb.GenerateKey(key);
// Generate a message to encrypt
var message = Encoding.UTF8.GetBytes("You are old Father William, the young man said");
const int messageId = 1;
const string context = "test";
// Buffer to hold the ciphertext
var ciphertext = new byte[sb.CalculateCiphertextLength(message.Length)];
// Encrypt using libhydrogen
var result = hydro_secretbox_encrypt(
ciphertext, message, message.Length, messageId, context, key);
// Verify that some ciphertext was generated
Assert.That(ciphertext, Is.Not.All.Zero);
Assert.That(result, Is.EqualTo(0));
// Decrypt using SecretBox
var decryptedMessage = new byte[message.Length];
sb.Decrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, messageId);
// Verify the decrypt was successful
Assert.That(decryptedMessage, Is.EqualTo(message));
}
public void CalculateCipherTextLength()
{
const int messageLength = 10;
const int expectedLength = messageLength + HeaderBytes;
var sb = new SecretBox();
Assert.That(sb.CalculateCiphertextLength(messageLength), Is.EqualTo(expectedLength));
}
public void VerifyDecryptFailsWithInvalidParameters()
{
// Encrypt a message
var sb = new SecretBox();
var key = new byte[KeyBytes];
sb.GenerateKey(key);
var message = Encoding.UTF8.GetBytes("You are old Father William, the young man said");
const int messageId = 1;
const string context = "test";
var ciphertext = new byte[sb.CalculateCiphertextLength(message.Length)];
sb.Encrypt(ciphertext, message, message.Length, key, context, messageId);
// Buffer to hold decrypted message
var decryptedMessage = new byte[message.Length];
// CiphertextLength is incorrect
Assert.That(
() => sb.Decrypt(decryptedMessage, ciphertext, HeaderBytes, key, context, messageId),
Throws.TypeOf <CryptographicException>().With.Message.EqualTo("MAC check failed"));
Assert.That(
sb.TryDecrypt(decryptedMessage, ciphertext, HeaderBytes, key, context, messageId),
Is.False);
// MessageId is incorrect
Assert.That(
() => sb.Decrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, 2),
Throws.TypeOf <CryptographicException>().With.Message.EqualTo("MAC check failed"));
// Verify the decrypted message is not equal to the message, as a failed MAC check should not
// leak the plaintext
Assert.That(decryptedMessage, Is.Not.EqualTo(message));
Assert.That(
sb.TryDecrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, 2),
Is.False);
Assert.That(decryptedMessage, Is.Not.EqualTo(message));
// Key is invalid
key[0]++;
Assert.That(
() => sb.Decrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, messageId),
Throws.TypeOf <CryptographicException>().With.Message.EqualTo("MAC check failed"));
Assert.That(
sb.TryDecrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, messageId),
Is.False);
key[0]--;
// Ciphertext is invalid
ciphertext[12]++;
Assert.That(
() => sb.Decrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, messageId),
Throws.TypeOf <CryptographicException>().With.Message.EqualTo("MAC check failed"));
Assert.That(
sb.TryDecrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, messageId),
Is.False);
}
public void CalculateCipherTextLength_LessThanZero()
{
var sb = new SecretBox();
Assert.That(
() => sb.CalculateCiphertextLength(-3),
Throws.ArgumentException.With.Message.EqualTo(
"messageLength must be greater than 0"));
}
public void Encrypt_ValidateContextLength_TooLong()
{
var sb = new SecretBox();
var key = new byte[KeyBytes];
const int mlen = 12;
var m = new byte[mlen];
var c = new byte[sb.CalculateCiphertextLength(mlen)];
var ctx = "you are old father william";
Assert.That(
() => sb.Encrypt(c, m, mlen, key, ctx),
Throws.ArgumentException.With.Message.EqualTo(
$"'context' must be at most {ContextBytes} characters"));
}
public void Encrypt_ValidateKeyLength(int keyLength)
{
var sb = new SecretBox();
var key = new byte[keyLength];
const int mlen = 12;
var m = new byte[mlen];
var c = new byte[sb.CalculateCiphertextLength(mlen)];
var ctx = "test";
Assert.That(
() => sb.Encrypt(c, m, mlen, key, ctx),
Throws.ArgumentException.With.Message.EqualTo(
$"'key' length must be {KeyBytes} bytes"));
}
public void Encrypt_ValidateMessageLength_TooLong()
{
var sb = new SecretBox();
var key = new byte[KeyBytes];
const int mlen = 44;
const int mlenActual = 12;
var m = new byte[mlenActual];
var c = new byte[sb.CalculateCiphertextLength(mlenActual)];
var ctx = "test";
Assert.That(
() => sb.Encrypt(c, m, mlen, key, ctx),
Throws.ArgumentException.With.Message.EqualTo(
$"'messageLength' must be at most the length of 'message'"));
}
public void VerifyMessageCanBeEncryptedAndDecrypted()
{
var sb = new SecretBox();
// Generate a key
var key = new byte[KeyBytes];
sb.GenerateKey(key);
// Generate a message to encrypt
var message = Encoding.UTF8.GetBytes("You are old Father William, the young man said");
const int messageId = 1;
const string context = "test";
// Buffer to hold the ciphertext
var ciphertext = new byte[sb.CalculateCiphertextLength(message.Length)];
// Encrypt
sb.Encrypt(ciphertext, message, message.Length, key, context, messageId);
// Buffer to hold decrypted message
var decryptedMessage = new byte[message.Length];
// Decrypt
sb.Decrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, messageId);
// Verify the decrypted message
Assert.That(decryptedMessage, Is.EqualTo(message));
// Decrypt using TryDecrypt
Array.Clear(decryptedMessage, 0, decryptedMessage.Length);
var result = sb.TryDecrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, messageId);
// Verify the decrypted message
Assert.That(decryptedMessage, Is.EqualTo(message));
Assert.That(result, Is.True);
}