public void ShouldEncryptWithPlainTextSuccessfullyNewEngine()
{
var key = new BitString("FEFFE992 8665731C 6D6A8F94 67308308");
var iv = new BitString("CAFEBABE FACEDBAD DECAF888");
var aad = new BitString(0);
var plainText = new BitString("D9313225 F88406E5 A55909C5 AFF5269A 86A7A953 1534F7DA 2E4C303D 8A318A72 1C3C0C95 95680953 2FCF0E24 49A6B525 B16AEDF5 AA0DE657 BA637B39 1AAFD255");
var gcmEncryptParam = new AeadModeBlockCipherParameters(
BlockCipherDirections.Encrypt,
iv,
key,
plainText,
aad,
128
);
var results = _subject.ProcessPayload(gcmEncryptParam);
Assert.IsTrue(results.Success);
var gcmDecryptParam = new AeadModeBlockCipherParameters(
BlockCipherDirections.Decrypt,
iv,
key,
results.Result,
aad,
results.Tag
);
var dResults = _subject.ProcessPayload(gcmDecryptParam);
Assert.IsTrue(dResults.Success);
Assert.AreEqual(plainText, dResults.Result);
Assert.AreEqual(new BitString("4D5C2AF3 27CD64A6 2CF35ABD 2BA6FAB4"), results.Tag);
}
public void ShouldEncryptAndDecryptWithValidatedTag()
{
var testData = GetTestData();
// Perform encryption operation and assert
var encryptParam = new AeadModeBlockCipherParameters(
BlockCipherDirections.Encrypt,
testData.Nonce,
testData.Key,
testData.Payload,
testData.AssocData,
128
);
var encryptionResult = _newSubject.ProcessPayload(encryptParam);
Assert.IsTrue(encryptionResult.Success, $"{nameof(encryptionResult.Success)} Encrypt");
Assert.AreEqual(testData.CipherText, encryptionResult.Result, nameof(testData.CipherText));
// Validate the decryption operation / tag
var decryptParam = new AeadModeBlockCipherParameters(
BlockCipherDirections.Decrypt,
testData.Nonce,
testData.Key,
encryptionResult.Result,
testData.AssocData,
128
);
var decryptionResult = _newSubject.ProcessPayload(decryptParam);
Assert.IsTrue(decryptionResult.Success, $"{nameof(decryptionResult.Success)} Decrypt");
Assert.AreEqual(testData.Payload, decryptionResult.Result);
}
public void ShouldEncryptSuccessfullyNewEngine()
{
var key = new BitString("FEFFE992 8665731C 6D6A8F94 67308308");
var iv = new BitString("CAFEBABE FACEDBAD DECAF888");
var aad = new BitString(0);
var plainText = new BitString(0);
var gcmEncryptParam = new AeadModeBlockCipherParameters(
BlockCipherDirections.Encrypt,
iv,
key,
plainText,
aad,
128
);
var results = _subject.ProcessPayload(gcmEncryptParam);
Assert.IsTrue(results.Success);
var gcmDecryptParam = new AeadModeBlockCipherParameters(
BlockCipherDirections.Decrypt,
iv,
key,
results.Result,
aad,
results.Tag
);
var dResults = _subject.ProcessPayload(gcmDecryptParam);
Assert.IsTrue(dResults.Success);
Assert.AreEqual(new BitString("3247184B 3C4F69A4 4DBCD228 87BBB418"), results.Tag);
}
public void ShouldEncryptAndDecryptSuccessfullyNewEngine(
string testLabel,
string keyString,
string ivString,
string aadString,
string plainTextString,
string cipherTextString,
string tagString,
int tagLength
)
{
BitString key = new BitString(keyString);
BitString iv = new BitString(ivString);
BitString aad = new BitString(aadString);
BitString plainText = new BitString(plainTextString);
BitString cipherText = new BitString(cipherTextString);
BitString tag = new BitString(tagString);
var param = new AeadModeBlockCipherParameters(BlockCipherDirections.Encrypt, iv, key, plainText, aad, tagLength);
var encryptResult = _subject.ProcessPayload(param);
Assert.IsTrue(encryptResult.Success, "Encrypt");
Assert.AreEqual(tag.ToHex(), encryptResult.Tag.ToHex(), nameof(encryptResult.Tag));
var param2 = new AeadModeBlockCipherParameters(BlockCipherDirections.Decrypt, iv, key, encryptResult.Result, aad, tag);
var decryptResult = _subject.ProcessPayload(param2);
Assert.IsTrue(decryptResult.Success, "Decrypt");
Assert.AreEqual(plainText.ToHex(), decryptResult.Result.ToHex(), nameof(plainText));
}
public void ShouldFailDueToInvalidTag(int indexToChange)
{
var testData = GetTestData();
// Perform encryption operation and assert
var encryptParam = new AeadModeBlockCipherParameters(
BlockCipherDirections.Encrypt,
testData.Nonce,
testData.Key,
testData.Payload,
testData.AssocData,
128
);
var encryptionResult = _newSubject.ProcessPayload(encryptParam);
Assert.IsTrue(encryptionResult.Success, $"{nameof(encryptionResult.Success)} Encrypt");
Assert.AreEqual(testData.CipherText, encryptionResult.Result, nameof(testData.CipherText));
// Change a byte value to invalidate the decryption
var encryptionResultBytes = encryptionResult.Result.ToBytes();
if (encryptionResultBytes.Length >= indexToChange)
{
if (encryptionResultBytes[indexToChange] == 255)
{
encryptionResultBytes[indexToChange]--;
}
else
{
encryptionResultBytes[indexToChange]++;
}
}
var newCipherText = new BitString(encryptionResultBytes);
// Validate the decryption operation / tag
var decryptParam = new AeadModeBlockCipherParameters(
BlockCipherDirections.Decrypt,
testData.Nonce,
testData.Key,
newCipherText,
testData.AssocData,
128
);
var decryptionResult = _newSubject.ProcessPayload(decryptParam);
Assert.IsFalse(decryptionResult.Success, $"{nameof(decryptionResult.Success)} Decrypt");
Assert.AreEqual(CcmBlockCipher.INVALID_TAG_MESSAGE, decryptionResult.ErrorMessage);
}
public void ShouldEncryptCorrectly(string plaintextHex, string aadHex, string keyHex, string nonceHex, string expectedHex)
{
var plaintext = new BitString(plaintextHex);
var aad = new BitString(aadHex);
var key = new BitString(keyHex);
var nonce = new BitString(nonceHex);
var expectedResult = new BitString(expectedHex);
var param = new AeadModeBlockCipherParameters(BlockCipherDirections.Encrypt, nonce, key, plaintext,
aad, 0);
var result = _subject.ProcessPayload(param);
Assert.AreEqual(expectedResult.ToHex(), result.Result.ToHex(), "Result");
}
public void ShouldReportErrorOnInvalidDecryptionTagNewEngine(
string testLabel,
string keyString,
string ivString,
string aadString,
string plainTextString,
string cipherTextString,
string tagString,
int tagLength
)
{
BitString key = new BitString(keyString);
BitString iv = new BitString(ivString);
BitString aad = new BitString(aadString);
BitString plainText = new BitString(plainTextString);
BitString cipherText = new BitString(cipherTextString);
BitString tag = new BitString(tagString);
var gcmEncryptParam = new AeadModeBlockCipherParameters(
BlockCipherDirections.Encrypt,
iv,
key,
plainText,
aad,
tag.BitLength
);
var encryptResult = _subject.ProcessPayload(gcmEncryptParam);
Assert.That(encryptResult.Success, nameof(_subject.ProcessPayload));
Assert.That(tag.Equals(encryptResult.Tag), nameof(encryptResult.Tag));
var xoredTag = encryptResult.Tag.XOR(GetBitStringOfLengthWithAll1s(encryptResult.Tag.BitLength));
var gcmDecryptParam = new AeadModeBlockCipherParameters(
BlockCipherDirections.Decrypt,
iv,
key,
encryptResult.Result,
aad,
xoredTag
);
var decryptResult = _subject.ProcessPayload(gcmDecryptParam);
Assert.IsFalse(decryptResult.Success, nameof(_subject.ProcessPayload));
Assert.AreEqual("Tags do not match", decryptResult.ErrorMessage, nameof(decryptResult.ErrorMessage));
}
public void ShouldGetDifferingPlainTextAfterDecryptionWithModifiedCipherTextNewEngine(
string testLabel,
string keyString,
string ivString,
string aadString,
string plainTextString,
string cipherTextString,
string tagString,
int tagLength
)
{
BitString key = new BitString(keyString);
BitString iv = new BitString(ivString);
BitString aad = new BitString(aadString);
BitString plainText = new BitString(plainTextString);
BitString cipherText = new BitString(cipherTextString);
BitString tag = new BitString(tagString);
var gcmEncryptParam = new AeadModeBlockCipherParameters(
BlockCipherDirections.Encrypt,
iv,
key,
plainText,
aad,
tag.BitLength
);
var encryptResult = _subject.ProcessPayload(gcmEncryptParam);
Assert.That(encryptResult.Success, nameof(_subject.ProcessPayload));
Assert.That(tag.Equals(encryptResult.Tag), nameof(encryptResult.Tag));
var xoredTag = encryptResult.Tag.XOR(GetBitStringOfLengthWithAll1s(encryptResult.Tag.BitLength));
var gcmDecryptParam = new AeadModeBlockCipherParameters(
BlockCipherDirections.Decrypt,
iv,
key,
encryptResult.Result,
aad,
xoredTag
);
var decryptResult = _subject.ProcessPayload(gcmDecryptParam);
Assert.AreNotEqual(plainText, decryptResult.Result, nameof(plainText));
}
public void ShouldDecryptCorrectly(string cipherTextHex, string aadHex, string keyHex, string nonceHex, string expectedPlaintextHex, bool expectedResult)
{
var cipherText = new BitString(cipherTextHex);
var aad = new BitString(aadHex);
var key = new BitString(keyHex);
var nonce = new BitString(nonceHex);
var expectedPlaintext = new BitString(expectedPlaintextHex);
var param = new AeadModeBlockCipherParameters(BlockCipherDirections.Decrypt, nonce, key, cipherText, aad, new BitString(0));
var result = _subject.ProcessPayload(param);
Assert.AreEqual(expectedResult, result.Success);
if (expectedResult)
{
Assert.AreEqual(expectedPlaintext, result.Result);
}
}
public void ShouldEncryptDecrypt(int ptLen, int aadLen, int keyLen)
{
var rand = new Random800_90();
var plaintext = rand.GetRandomBitString(ptLen);
var aad = rand.GetRandomBitString(aadLen);
var key = rand.GetRandomBitString(keyLen);
var iv = rand.GetRandomBitString(96);
var param = new AeadModeBlockCipherParameters(BlockCipherDirections.Encrypt, iv, key, plaintext, aad, 0);
var result = _subject.ProcessPayload(param);
Assert.IsTrue(result.Success);
var param2 = new AeadModeBlockCipherParameters(BlockCipherDirections.Decrypt, iv, key, result.Result, aad, new BitString(0));
var result2 = _subject.ProcessPayload(param2);
Assert.IsTrue(result.Success);
}
public void NewEngineTests(
string nonceStr,
string keyStr,
string aadStr,
string payloadStr,
string ctStr,
int tagLength
)
{
var nonce = new BitString(nonceStr);
var key = new BitString(keyStr);
var aad = new BitString(aadStr);
var payload = new BitString(payloadStr);
var expectedCt = new BitString(ctStr);
// Perform encryption operation and assert
var encryptParam = new AeadModeBlockCipherParameters(
BlockCipherDirections.Encrypt,
nonce,
key,
payload,
aad,
tagLength
);
var encryptionResult = _newSubject.ProcessPayload(encryptParam);
Assert.IsTrue(encryptionResult.Success, $"{nameof(encryptionResult.Success)} Encrypt");
Assert.AreEqual(expectedCt, encryptionResult.Result, nameof(expectedCt));
// Validate the decryption operation / tag
var decryptParam = new AeadModeBlockCipherParameters(
BlockCipherDirections.Decrypt,
nonce,
key,
encryptionResult.Result,
aad,
tagLength
);
var decryptionResult = _newSubject.ProcessPayload(decryptParam);
Assert.IsTrue(decryptionResult.Success, $"{nameof(decryptionResult.Success)} Decrypt");
Assert.AreEqual(payload, decryptionResult.Result);
}
protected override BitString Mac(BitString macData)
{
var param = new AeadModeBlockCipherParameters(
BlockCipherDirections.Encrypt,
_keyConfirmationParameters.CcmNonce,
_keyConfirmationParameters.DerivedKeyingMaterial,
new BitString(0),
macData,
_keyConfirmationParameters.MacLength
);
var result = _ccm.ProcessPayload(param);
if (!result.Success)
{
throw new Exception(result.ErrorMessage);
}
return(result.Result);
}
public void AESGCM_XPNNewEngine()
{
BitString aad = new BitString("56d1dc66b2ae1c5c972aa1c22025c74b");
BitString plainText = new BitString("f15e9ceb86dd8309767c3f675eb5503c");
BitString key = new BitString("b9eac5c6 50daeab9 c15aec8d 362cfd1f ccef9d20 fe3c0e54 fd321554 8d203f0d");
BitString iv = new BitString("04527842 a98b3336 2a09067c");
BitString salt = new BitString("12345678 87654388 44888844");
BitString newIV;
newIV = iv.XOR(salt);
var param = new AeadModeBlockCipherParameters(BlockCipherDirections.Encrypt, newIV, key, plainText, aad, 128);
var encryptResult = _subject.ProcessPayload(param);
Assert.IsTrue(encryptResult.Success);
Assert.AreEqual(encryptResult.Tag, new BitString("e47971b2 c83ed28a d66fb896 2478d01f"), nameof(encryptResult.Tag));
var param2 = new AeadModeBlockCipherParameters(BlockCipherDirections.Decrypt, newIV, key, encryptResult.Result, aad, encryptResult.Tag);
var decryptResult = _subject.ProcessPayload(param2);
Assert.IsTrue(decryptResult.Success);
}
public void ShouldEncryptNon96BitIvsCorrectlyNewEngine(
string testLabel,
BitString key,
BitString iv,
BitString pt,
BitString aad,
BitString expectedCt,
BitString expectedTag
)
{
var gcmParam = new AeadModeBlockCipherParameters(
BlockCipherDirections.Encrypt,
iv,
key,
pt,
aad,
expectedTag.BitLength
);
var result = _subject.ProcessPayload(gcmParam);
Assert.AreEqual(result.Result.ToHex(), expectedCt.ToHex(), nameof(expectedCt));
Assert.AreEqual(result.Tag.ToHex(), expectedTag.ToHex(), nameof(expectedTag));
}
