private void CheckEncryptionResultBytes(byte[] encrypted, byte[] expected, IDictionary <string, string> context = null)
{
byte[] key = DummyDataKeyProvider.ProduceContextualKey(context);
var iv = new byte[EnvelopeCryptoProvider.IVBytes];
var cipherText = new byte[encrypted.Length - EnvelopeCryptoProvider.IVBytes];
Array.Copy(encrypted, iv, EnvelopeCryptoProvider.IVBytes);
Array.Copy(encrypted, EnvelopeCryptoProvider.IVBytes, cipherText, 0, cipherText.Length);
using (var aes = new AesCryptoServiceProvider())
{
aes.KeySize = EnvelopeCryptoProvider.KeyBits;
aes.Key = key;
aes.IV = iv;
aes.Mode = EnvelopeCryptoProvider.Mode;
aes.Padding = EnvelopeCryptoProvider.Padding;
using (var inputStream = new MemoryStream(cipherText))
{
using (ICryptoTransform decryptor = aes.CreateDecryptor())
{
using (var outputStream = new CryptoStream(inputStream, decryptor, CryptoStreamMode.Read))
{
byte[] decrypted = ReadAllBytes(outputStream);
decrypted.Should().Equal(expected);
}
}
}
}
}
public void GenerateKey()
{
// Sanity check that calls are being delegated
var dummyProvider = new DummyDataKeyProvider
{
GeneratedEncryptedKey = Bytes(1, 2, 3),
GeneratedKey = Bytes(4, 5, 6)
};
var provider = new CachingDataKeyProvider(dummyProvider, 10);
byte[] plainKey, encKey;
provider.GenerateKey(128, out plainKey, out encKey);
plainKey.Should().Equal(Bytes(4, 5, 6));
encKey.Should().Equal(Bytes(1, 2, 3));
}
public void SetUp()
{
RealKey = GenerateKey();
DummyDataKeyProvider = new DummyDataKeyProvider
{
GeneratedKey = RealKey,
GeneratedEncryptedKey = Bytes(200, 201, 202)
};
// These contexts will be used to verify that using a different context produces different ciphertext.
Context1 = new Dictionary<string, string> {{"id", "1"}};
Context2 = new Dictionary<string, string> {{"id", "2"}};
// Set up the dummy key provider to return an easily testable encrypted key based on the crypto context.
DummyDataKeyProvider.EncryptedKeyById["1"] = Bytes(1, 1, 1);
DummyDataKeyProvider.EncryptedKeyById["2"] = Bytes(2, 2, 2);
Provider = new EnvelopeCryptoProvider(DummyDataKeyProvider);
}
private void CheckEncryptionResultString(string encryptedString, string expected, IDictionary <string, string> context = null)
{
byte[] key = DummyDataKeyProvider.ProduceContextualKey(context);
var pattern = new Regex(@"^\{\w+-\d+-\w+\}");
Match match = pattern.Match(encryptedString);
match.Should().NotBeNull();
match.Value.Should().Be("{AES-256-CBC}");
string content = encryptedString.Substring(match.Length);
byte[] encrypted = Convert.FromBase64String(content);
var iv = new byte[EnvelopeCryptoProvider.IVBytes];
var cipherText = new byte[encrypted.Length - EnvelopeCryptoProvider.IVBytes];
Array.Copy(encrypted, iv, EnvelopeCryptoProvider.IVBytes);
Array.Copy(encrypted, EnvelopeCryptoProvider.IVBytes, cipherText, 0, cipherText.Length);
using (var aes = new AesCryptoServiceProvider())
{
aes.KeySize = EnvelopeCryptoProvider.KeyBits;
aes.Key = key;
aes.IV = iv;
aes.Mode = EnvelopeCryptoProvider.Mode;
aes.Padding = EnvelopeCryptoProvider.Padding;
using (var inputStream = new MemoryStream(cipherText))
{
using (ICryptoTransform decryptor = aes.CreateDecryptor())
{
using (var outputStream = new CryptoStream(inputStream, decryptor, CryptoStreamMode.Read))
{
byte[] decrypted = ReadAllBytes(outputStream);
Encoding.UTF8.GetString(decrypted).Should().Be(expected);
}
}
}
}
}
public void SetUp()
{
RealKey = GenerateKey();
DummyDataKeyProvider = new DummyDataKeyProvider
{
GeneratedKey = RealKey,
GeneratedEncryptedKey = Bytes(200, 201, 202)
};
// These contexts will be used to verify that using a different context produces different ciphertext.
Context1 = new Dictionary <string, string> {
{ "id", "1" }
};
Context2 = new Dictionary <string, string> {
{ "id", "2" }
};
// Set up the dummy key provider to return an easily testable encrypted key based on the crypto context.
DummyDataKeyProvider.EncryptedKeyById["1"] = Bytes(1, 1, 1);
DummyDataKeyProvider.EncryptedKeyById["2"] = Bytes(2, 2, 2);
Provider = new EnvelopeCryptoProvider(DummyDataKeyProvider);
}
public void GenerateKey()
{
// Sanity check that calls are being delegated
var dummyProvider = new DummyDataKeyProvider
{
GeneratedEncryptedKey = Bytes(1, 2, 3),
GeneratedKey = Bytes(4, 5, 6)
};
var provider = new CachingDataKeyProvider(dummyProvider, 10);
byte[] plainKey, encKey;
provider.GenerateKey(128, out plainKey, out encKey);
plainKey.Should().Equal(Bytes(4, 5, 6));
encKey.Should().Equal(Bytes(1, 2, 3));
}
