private void CheckEncryptionResultBytes(byte[] encrypted, byte[] expected, IDictionary <string, string> context = null) { byte[] key = DummyDataKeyProvider.ProduceContextualKey(context); var iv = new byte[EnvelopeCryptoProvider.IVBytes]; var cipherText = new byte[encrypted.Length - EnvelopeCryptoProvider.IVBytes]; Array.Copy(encrypted, iv, EnvelopeCryptoProvider.IVBytes); Array.Copy(encrypted, EnvelopeCryptoProvider.IVBytes, cipherText, 0, cipherText.Length); using (var aes = new AesCryptoServiceProvider()) { aes.KeySize = EnvelopeCryptoProvider.KeyBits; aes.Key = key; aes.IV = iv; aes.Mode = EnvelopeCryptoProvider.Mode; aes.Padding = EnvelopeCryptoProvider.Padding; using (var inputStream = new MemoryStream(cipherText)) { using (ICryptoTransform decryptor = aes.CreateDecryptor()) { using (var outputStream = new CryptoStream(inputStream, decryptor, CryptoStreamMode.Read)) { byte[] decrypted = ReadAllBytes(outputStream); decrypted.Should().Equal(expected); } } } } }
public void GenerateKey() { // Sanity check that calls are being delegated var dummyProvider = new DummyDataKeyProvider { GeneratedEncryptedKey = Bytes(1, 2, 3), GeneratedKey = Bytes(4, 5, 6) }; var provider = new CachingDataKeyProvider(dummyProvider, 10); byte[] plainKey, encKey; provider.GenerateKey(128, out plainKey, out encKey); plainKey.Should().Equal(Bytes(4, 5, 6)); encKey.Should().Equal(Bytes(1, 2, 3)); }
public void SetUp() { RealKey = GenerateKey(); DummyDataKeyProvider = new DummyDataKeyProvider { GeneratedKey = RealKey, GeneratedEncryptedKey = Bytes(200, 201, 202) }; // These contexts will be used to verify that using a different context produces different ciphertext. Context1 = new Dictionary<string, string> {{"id", "1"}}; Context2 = new Dictionary<string, string> {{"id", "2"}}; // Set up the dummy key provider to return an easily testable encrypted key based on the crypto context. DummyDataKeyProvider.EncryptedKeyById["1"] = Bytes(1, 1, 1); DummyDataKeyProvider.EncryptedKeyById["2"] = Bytes(2, 2, 2); Provider = new EnvelopeCryptoProvider(DummyDataKeyProvider); }
private void CheckEncryptionResultString(string encryptedString, string expected, IDictionary <string, string> context = null) { byte[] key = DummyDataKeyProvider.ProduceContextualKey(context); var pattern = new Regex(@"^\{\w+-\d+-\w+\}"); Match match = pattern.Match(encryptedString); match.Should().NotBeNull(); match.Value.Should().Be("{AES-256-CBC}"); string content = encryptedString.Substring(match.Length); byte[] encrypted = Convert.FromBase64String(content); var iv = new byte[EnvelopeCryptoProvider.IVBytes]; var cipherText = new byte[encrypted.Length - EnvelopeCryptoProvider.IVBytes]; Array.Copy(encrypted, iv, EnvelopeCryptoProvider.IVBytes); Array.Copy(encrypted, EnvelopeCryptoProvider.IVBytes, cipherText, 0, cipherText.Length); using (var aes = new AesCryptoServiceProvider()) { aes.KeySize = EnvelopeCryptoProvider.KeyBits; aes.Key = key; aes.IV = iv; aes.Mode = EnvelopeCryptoProvider.Mode; aes.Padding = EnvelopeCryptoProvider.Padding; using (var inputStream = new MemoryStream(cipherText)) { using (ICryptoTransform decryptor = aes.CreateDecryptor()) { using (var outputStream = new CryptoStream(inputStream, decryptor, CryptoStreamMode.Read)) { byte[] decrypted = ReadAllBytes(outputStream); Encoding.UTF8.GetString(decrypted).Should().Be(expected); } } } } }
public void SetUp() { RealKey = GenerateKey(); DummyDataKeyProvider = new DummyDataKeyProvider { GeneratedKey = RealKey, GeneratedEncryptedKey = Bytes(200, 201, 202) }; // These contexts will be used to verify that using a different context produces different ciphertext. Context1 = new Dictionary <string, string> { { "id", "1" } }; Context2 = new Dictionary <string, string> { { "id", "2" } }; // Set up the dummy key provider to return an easily testable encrypted key based on the crypto context. DummyDataKeyProvider.EncryptedKeyById["1"] = Bytes(1, 1, 1); DummyDataKeyProvider.EncryptedKeyById["2"] = Bytes(2, 2, 2); Provider = new EnvelopeCryptoProvider(DummyDataKeyProvider); }