public void SecureFile_Stream_LargeContent()
{
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
EnhancedMemoryStream original = new EnhancedMemoryStream();
EnhancedMemoryStream encrypted = new EnhancedMemoryStream();
EnhancedMemoryStream decrypted = new EnhancedMemoryStream();
SecureFile secure = null;
for (int i = 0; i < 128000; i++)
{
original.WriteByte((byte)i);
}
secure = new SecureFile(original, SecureFileMode.Encrypt, publicKey);
original.Position = 0;
secure.EncryptTo(encrypted, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
encrypted.Position = 0;
secure = new SecureFile(encrypted, SecureFileMode.Decrypt, privateKey);
secure.DecryptTo(decrypted);
secure.Close();
secure = null;
original.Position = 0;
encrypted.Position = 0;
CollectionAssert.AreNotEqual(original.ReadBytesToEnd(), encrypted.ReadBytesToEnd());
original.Position = 0;
decrypted.Position = 0;
CollectionAssert.AreEqual(original.ReadBytesToEnd(), decrypted.ReadBytesToEnd());
}
public void AuthServiceMsgs_Msg_AuthMsgAndAck()
{
EnhancedStream es = new EnhancedMemoryStream();
AuthMsg authMsgIn, authMsgOut;
AuthAck authAckIn, authAckOut;
string rsaKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
SymmetricKey saClient, saServer;
string r, a, p;
AuthenticationResult authResult;
authMsgOut = new AuthMsg(AuthMsg.EncryptCredentials(rsaKey, "realm", "account", "password", out saClient));
Msg.Save(es, authMsgOut);
es.Position = 0;
authMsgIn = (AuthMsg)Msg.Load(es);
AuthMsg.DecryptCredentials(rsaKey, authMsgIn.EncryptedCredentials, out r, out a, out p, out saServer);
Assert.AreEqual("realm", r);
Assert.AreEqual("account", a);
Assert.AreEqual("password", p);
authAckOut = new AuthAck(AuthAck.EncryptResult(saServer, new AuthenticationResult(AuthenticationStatus.Authenticated, "Test", TimeSpan.FromMinutes(25))));
es.SetLength(0);
Msg.Save(es, authAckOut);
es.Position = 0;
authAckIn = (AuthAck)Msg.Load(es);
authResult = AuthAck.DecryptResult(saClient, authAckIn.EncryptedResult);
}
public void SecureFile_Stream_Validate()
{
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
EnhancedMemoryStream original = new EnhancedMemoryStream();
EnhancedMemoryStream encrypted = new EnhancedMemoryStream();
SecureFile secure = null;
byte b;
for (int i = 0; i < 100; i++)
{
original.WriteByte((byte)i);
}
secure = new SecureFile(original, SecureFileMode.Encrypt, publicKey);
original.Position = 0;
secure.EncryptTo(encrypted, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
encrypted.Position = 0;
Assert.IsTrue(SecureFile.Validate(encrypted, privateKey));
encrypted.Position = encrypted.Length - 1;
b = (byte)encrypted.ReadByte();
encrypted.Position = encrypted.Length - 1;
encrypted.WriteByte((byte)(~b));
encrypted.Position = 0;
Assert.IsFalse(SecureFile.Validate(encrypted, privateKey));
}
public void SecureData_Asymmetric()
{
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
byte[] plainText;
byte[] cipherText;
plainText = new byte[] { 0, 1, 2, 3 };
cipherText = SecureData.Encrypt(publicKey, plainText, CryptoAlgorithm.AES, 256);
CollectionAssert.AreNotEqual(plainText, cipherText);
CollectionAssert.AreEqual(plainText, SecureData.Decrypt(privateKey, cipherText));
plainText = new byte[] { 0, 1, 2, 3 };
cipherText = SecureData.Encrypt(publicKey, plainText, CryptoAlgorithm.AES, 256, 1000);
Assert.IsTrue(cipherText.Length >= 1000);
plainText = new byte[0];
cipherText = SecureData.Encrypt(publicKey, plainText, CryptoAlgorithm.AES, 256);
CollectionAssert.AreNotEqual(plainText, cipherText);
CollectionAssert.AreEqual(plainText, SecureData.Decrypt(privateKey, cipherText));
plainText = new byte[2000000];
for (int i = 0; i < plainText.Length; i++)
{
plainText[i] = (byte)i;
}
cipherText = SecureData.Encrypt(publicKey, plainText, CryptoAlgorithm.AES, 256);
CollectionAssert.AreNotEqual(plainText, cipherText);
CollectionAssert.AreEqual(plainText, SecureData.Decrypt(privateKey, cipherText));
}
public void SecureFile_Stream_NoContent()
{
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
EnhancedMemoryStream original = new EnhancedMemoryStream();
EnhancedMemoryStream encrypted = new EnhancedMemoryStream();
EnhancedMemoryStream decrypted = new EnhancedMemoryStream();
SecureFile secure = null;
secure = new SecureFile(original, SecureFileMode.Encrypt, publicKey);
original.Position = 0;
secure.EncryptTo(encrypted, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
original.Position = 0;
encrypted.Position = 0;
Assert.AreNotEqual(original.ReadBytesToEnd(), encrypted.ReadBytesToEnd());
encrypted.Position = 0;
secure = new SecureFile(encrypted, SecureFileMode.Decrypt, privateKey);
secure.DecryptTo(decrypted);
secure.Close();
secure = null;
Assert.AreEqual(0, decrypted.Length);
}
public void AsymmetricCrypto_EncryptedCredentials()
{
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
Credentials credentials;
byte[] encrypted;
credentials = new Credentials("realm", "user", "password");
encrypted = AsymmetricCrypto.EncryptCredentials(credentials, "RSA", publicKey);
credentials = AsymmetricCrypto.DecryptCredentials(encrypted, "RSA", privateKey);
Assert.AreEqual("realm", credentials.Realm);
Assert.AreEqual("user", credentials.Account);
Assert.AreEqual("password", credentials.Password);
// Force a security failure by decrypting with the wrong key
ExtendedAssert.Throws <SecurityException>(
() =>
{
privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
AsymmetricCrypto.DecryptCredentials(encrypted, "RSA", privateKey);
});
// Force a security failure by tampering with the encrypted credentials
ExtendedAssert.Throws <SecurityException>(
() =>
{
encrypted[4] = (byte)~encrypted[4];
AsymmetricCrypto.DecryptCredentials(encrypted, "RSA", privateKey);
});
}
public void AsymmetricCrypto_IsXmlPublicKey()
{
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
Assert.IsFalse(AsymmetricCrypto.IsXmlPublicKey(CryptoAlgorithm.RSA, privateKey));
Assert.IsTrue(AsymmetricCrypto.IsXmlPublicKey(CryptoAlgorithm.RSA, publicKey));
Assert.IsFalse(AsymmetricCrypto.IsXmlPublicKey(CryptoAlgorithm.RSA, "hello"));
}
public void SecureFile_File_Validate()
{
string originalName = Path.GetTempFileName();
string encryptName = Path.GetTempFileName();
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
EnhancedStream original = null;
EnhancedStream encrypted = null;
SecureFile secure = null;
byte b;
try
{
original = new EnhancedFileStream(originalName, FileMode.Create, FileAccess.ReadWrite);
for (int i = 0; i < 100; i++)
{
original.WriteByte((byte)i);
}
original.Close();
original = null;
secure = new SecureFile(originalName, SecureFileMode.Encrypt, publicKey);
secure.EncryptTo(encryptName, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
Assert.IsTrue(SecureFile.Validate(encryptName, privateKey));
encrypted = new EnhancedFileStream(encryptName, FileMode.Open, FileAccess.ReadWrite);
encrypted.Position = encrypted.Length - 1;
b = (byte)encrypted.ReadByte();
encrypted.Position = encrypted.Length - 1;
encrypted.WriteByte((byte)(~b));
encrypted.Close();
Assert.IsFalse(SecureFile.Validate(encryptName, privateKey));
}
finally
{
if (original != null)
{
original.Close();
}
if (encrypted != null)
{
encrypted.Close();
}
System.IO.File.Delete(originalName);
System.IO.File.Delete(encryptName);
}
}
public void AsymmetricCrypto_KeyEquality()
{
string key;
key = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
Assert.IsTrue(AsymmetricCrypto.KeyEquality(CryptoAlgorithm.RSA, key, key));
Assert.IsTrue(AsymmetricCrypto.KeyEquality(CryptoAlgorithm.RSA, key, " \t\r\n" + key + " \t\r\n"));
Assert.IsTrue(AsymmetricCrypto.KeyEquality(CryptoAlgorithm.RSA, key, key.Replace("<Modulus>", " \t<Modulus>\r\n")));
Assert.IsFalse(AsymmetricCrypto.KeyEquality(CryptoAlgorithm.RSA, key, AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024)));
Assert.IsFalse(AsymmetricCrypto.KeyEquality(CryptoAlgorithm.RSA, key, AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, key)));
}
public void AuthServiceMsgs_Msg_GetPublicKeyAck()
{
EnhancedStream es = new EnhancedMemoryStream();
string rsaKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
GetPublicKeyAck msgIn, msgOut;
msgOut = new GetPublicKeyAck(rsaKey, Helper.MachineName, IPAddress.Parse("10.20.30.40"));
Msg.Save(es, msgOut);
es.Position = 0;
msgIn = (GetPublicKeyAck)Msg.Load(es);
Assert.AreEqual(rsaKey, msgIn.PublicKey);
Assert.AreEqual(Helper.MachineName, msgIn.MachineName);
Assert.AreEqual(IPAddress.Parse("10.20.30.40"), msgIn.Address);
}
public void AsymmetricCrypto_ValidateKey()
{
string privateKey;
string publicKey;
privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
Assert.IsTrue(AsymmetricCrypto.IsValidKey(CryptoAlgorithm.RSA, privateKey));
Assert.IsTrue(AsymmetricCrypto.IsValidKey(CryptoAlgorithm.RSA, publicKey));
Assert.IsTrue(AsymmetricCrypto.IsXmlKey(CryptoAlgorithm.RSA, privateKey));
Assert.IsTrue(AsymmetricCrypto.IsXmlKey(CryptoAlgorithm.RSA, publicKey));
Assert.IsFalse(AsymmetricCrypto.IsXmlKey(CryptoAlgorithm.RSA, KeyContainer));
Assert.IsFalse(AsymmetricCrypto.IsValidKey(CryptoAlgorithm.RSA, string.Empty));
Assert.IsFalse(AsymmetricCrypto.IsValidKey(CryptoAlgorithm.RSA, "xxxx > << "));
}
private static int GenKey(string algorithm, string sKeySize)
{
int keySize;
if (!int.TryParse(sKeySize, out keySize) || keySize <= 0)
{
Program.Output("key size must be >= 0");
return(1);
}
switch (algorithm.ToUpper())
{
case CryptoAlgorithm.RC2:
case CryptoAlgorithm.DES:
case CryptoAlgorithm.TripleDES:
case CryptoAlgorithm.AES:
SymmetricKey key = Crypto.GenerateSymmetricKey(algorithm, keySize);
Program.Output("");
Program.Output("SymKey {0}\r\n", key.ToString());
Program.Output("KEY: {0}\r\n", Helper.ToHex(key.Key));
Program.Output("IV: {0}\r\n", Helper.ToHex(key.IV));
return(0);
case CryptoAlgorithm.RSA:
string privateKey;
string publicKey;
privateKey = AsymmetricCrypto.CreatePrivateKey(algorithm, keySize);
publicKey = AsymmetricCrypto.GetPublicKey(algorithm, privateKey);
Program.Output("");
Program.Output("PRIVATE KEY :\r\n\r\n{0}\r\n", privateKey);
Program.Output("PUBLIC KEY:\r\n\r\n{0}\r\n", publicKey);
return(0);
default:
Program.Error("[{0}] is not a supported encryption algorithm.", algorithm);
return(1);
}
}
public void SecureFile_Stream_BadHash()
{
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
EnhancedMemoryStream original = new EnhancedMemoryStream();
EnhancedMemoryStream encrypted = new EnhancedMemoryStream();
EnhancedMemoryStream decrypted = new EnhancedMemoryStream();
SecureFile secure = null;
byte b;
for (int i = 0; i < 100; i++)
{
original.WriteByte((byte)i);
}
secure = new SecureFile(original, SecureFileMode.Encrypt, publicKey);
original.Position = 0;
secure.EncryptTo(encrypted, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
// Munge the last byte of the hash digest and then
// confirm the this is detected
encrypted.Position = encrypted.Length - 1;
b = (byte)encrypted.ReadByte();
encrypted.Position = encrypted.Length - 1;
encrypted.WriteByte((byte)(~b));
encrypted.Position = 0;
secure = new SecureFile(encrypted, SecureFileMode.Decrypt, privateKey);
try
{
secure.DecryptTo(decrypted);
Assert.Fail("Corrupt hash digest not detected.");
}
catch
{
// Expecting an exception
}
}
public void KeyChain_Basic()
{
string privateKey1 = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey1 = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey1);
string privateKey2 = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey2 = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey2);
KeyChain keyChain = new KeyChain();
ExtendedAssert.Throws <CryptographicException>(
() =>
{
keyChain.GetPrivateKey(publicKey1);
});
keyChain.Add(privateKey1);
keyChain.Add(privateKey2);
Assert.AreEqual(privateKey1, keyChain.GetPrivateKey(publicKey1));
Assert.AreEqual(privateKey2, keyChain.GetPrivateKey(publicKey2));
}
public void SecureFile_Stream_Metadata()
{
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
EnhancedMemoryStream original = new EnhancedMemoryStream();
EnhancedMemoryStream encrypted = new EnhancedMemoryStream();
EnhancedMemoryStream decrypted = new EnhancedMemoryStream();
SecureFile secure = null;
DateTime createTime = Helper.UtcNowRounded - TimeSpan.FromMinutes(1);
DateTime writeTime = Helper.UtcNowRounded;
secure = new SecureFile(original, SecureFileMode.Encrypt, publicKey);
secure.Properties["Foo"] = "Bar";
secure.Properties["Hello"] = "World";
secure.FileName = "Test.dat";
secure.FullPath = "c:\\test\\test.dat";
secure.CreateTimeUtc = createTime;
secure.WriteTimeUtc = writeTime;
original.Position = 0;
secure.EncryptTo(encrypted, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
original.Position = 0;
encrypted.Position = 0;
Assert.AreNotEqual(original.ReadBytesToEnd(), encrypted.ReadBytesToEnd());
encrypted.Position = 0;
secure = new SecureFile(encrypted, SecureFileMode.Decrypt, privateKey);
secure.DecryptTo(decrypted);
Assert.AreEqual("Bar", secure.Properties["Foo"]);
Assert.AreEqual("World", secure.Properties["Hello"]);
Assert.AreEqual("Test.dat", secure.FileName);
Assert.AreEqual("c:\\test\\test.dat", secure.FullPath);
Assert.AreEqual(createTime, secure.CreateTimeUtc);
Assert.AreEqual(writeTime, secure.WriteTimeUtc);
secure.Close();
secure = null;
Assert.AreEqual(0, decrypted.Length);
}
public void AsymmetricCrypto_RsaEncryption()
{
string privateKey;
string publicKey;
byte[] plainText = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19 };
byte[] encrypted;
byte[] decrypted;
try
{
privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
encrypted = AsymmetricCrypto.Encrypt(CryptoAlgorithm.RSA, publicKey, plainText);
CollectionAssert.AreNotEqual(encrypted, plainText);
decrypted = AsymmetricCrypto.Decrypt(CryptoAlgorithm.RSA, privateKey, encrypted);
CollectionAssert.AreEqual(plainText, decrypted);
encrypted = AsymmetricCrypto.Encrypt(CryptoAlgorithm.RSA, privateKey, plainText);
Assert.AreNotEqual(encrypted, plainText);
decrypted = AsymmetricCrypto.Decrypt(CryptoAlgorithm.RSA, privateKey, encrypted);
CollectionAssert.AreEqual(plainText, decrypted);
AsymmetricCrypto.SaveKey(CryptoAlgorithm.RSA, KeyContainer, null, privateKey);
encrypted = AsymmetricCrypto.Encrypt(CryptoAlgorithm.RSA, KeyContainer, plainText);
CollectionAssert.AreNotEqual(encrypted, plainText);
decrypted = AsymmetricCrypto.Decrypt(CryptoAlgorithm.RSA, KeyContainer, encrypted);
CollectionAssert.AreEqual(plainText, decrypted);
encrypted = AsymmetricCrypto.Encrypt(CryptoAlgorithm.RSA, KeyContainer, plainText);
CollectionAssert.AreNotEqual(encrypted, plainText);
decrypted = AsymmetricCrypto.Decrypt(CryptoAlgorithm.RSA, KeyContainer, encrypted);
CollectionAssert.AreEqual(plainText, decrypted);
}
finally
{
AsymmetricCrypto.DeleteKey(CryptoAlgorithm.RSA, KeyContainer, null);
}
}
public void SecureData_Symmetric()
{
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
SymmetricKey argsEncrypt;
SymmetricKey argsDecrypt;
byte[] asymPlain;
byte[] asymCipher;
byte[] symPlain;
byte[] symCipher;
asymPlain = new byte[] { 0, 1, 2, 3 };
asymCipher = SecureData.Encrypt(publicKey, asymPlain, CryptoAlgorithm.AES, 256, 1000, out argsEncrypt);
CollectionAssert.AreEqual(asymPlain, SecureData.Decrypt(privateKey, asymCipher, out argsDecrypt));
symPlain = new byte[] { 10, 20, 30, 40 };
symCipher = SecureData.Encrypt(argsEncrypt, symPlain, 100);
Assert.IsTrue(symCipher.Length >= 100);
CollectionAssert.AreEqual(symPlain, SecureData.Decrypt(argsDecrypt, symCipher));
}
public void KeyChain_Encrypt()
{
string privateKey1 = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey1 = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey1);
string privateKey2 = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey2 = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey2);
KeyChain keyChain = new KeyChain();
SymmetricKey key = Crypto.GenerateSymmetricKey();
byte[] encrypted;
keyChain.Add(privateKey1);
keyChain.Add(privateKey2);
encrypted = keyChain.Encrypt(key);
keyChain = new KeyChain(key, encrypted);
Assert.AreEqual(2, keyChain.Count);
Assert.AreEqual(privateKey1, keyChain.GetPrivateKey(publicKey1));
Assert.AreEqual(privateKey2, keyChain.GetPrivateKey(publicKey2));
}
public void SecureFile_Stream_GetPublicKey()
{
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
EnhancedMemoryStream original = new EnhancedMemoryStream();
EnhancedMemoryStream encrypted = new EnhancedMemoryStream();
SecureFile secure = null;
for (int i = 0; i < 100; i++)
{
original.WriteByte((byte)i);
}
// Verify that the public key is saved when requested (the default)
secure = new SecureFile(original, SecureFileMode.Encrypt, publicKey);
Assert.IsTrue(secure.SavePublicKey);
Assert.AreEqual(publicKey, secure.PublicKey);
original.Position = 0;
secure.EncryptTo(encrypted, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
encrypted.Position = 0;
Assert.AreEqual(publicKey, SecureFile.GetPublicKey(encrypted));
// Verify that the public key is not saved if SavePublicKey=false
encrypted.SetLength(0);
secure = new SecureFile(original, SecureFileMode.Encrypt, publicKey);
secure.SavePublicKey = false;
original.Position = 0;
secure.EncryptTo(encrypted, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
encrypted.Position = 0;
Assert.IsNull(SecureFile.GetPublicKey(encrypted));
}
public void AuthServiceMsgs_Msg_SourceCredentials()
{
EnhancedStream es = new EnhancedMemoryStream();
Guid sourceID = Helper.NewGuid();
string rsaKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
SourceCredentialsMsg msgIn, msgOut;
string r, a, p;
msgOut = new SourceCredentialsMsg(sourceID, SourceCredentialsMsg.EncryptCredentials(rsaKey, "realm", "account", "password"), TimeSpan.FromMinutes(2));
Msg.Save(es, msgOut);
es.Position = 0;
msgIn = (SourceCredentialsMsg)Msg.Load(es);
Assert.AreEqual(sourceID, msgIn.SourceID);
Assert.AreEqual(TimeSpan.FromMinutes(2), msgIn.TTL);
SourceCredentialsMsg.DecryptCredentials(rsaKey, msgIn.EncryptedCredentials, out r, out a, out p);
Assert.AreEqual("realm", r);
Assert.AreEqual("account", a);
Assert.AreEqual("password", p);
}
public void AsymmetricCrypto_RsaKeys()
{
string privateKey;
string publicKey;
try
{
privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
Assert.IsNotNull(privateKey);
publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
Assert.IsNotNull(publicKey);
Assert.IsTrue(privateKey.Length > publicKey.Length);
AsymmetricCrypto.SaveKey(CryptoAlgorithm.RSA, KeyContainer, null, privateKey);
Assert.AreEqual(privateKey, AsymmetricCrypto.LoadPrivateKey(CryptoAlgorithm.RSA, KeyContainer, null));
Assert.AreEqual(publicKey, AsymmetricCrypto.LoadPublicKey(CryptoAlgorithm.RSA, KeyContainer, null));
}
finally
{
AsymmetricCrypto.DeleteKey(CryptoAlgorithm.RSA, KeyContainer, null);
}
AsymmetricCrypto.DeleteKey(CryptoAlgorithm.RSA, KeyContainer, null);
}
public void SecureFile_File_BadHash()
{
string originalName = Path.GetTempFileName();
string encryptName = Path.GetTempFileName();
string decryptName = Path.GetTempFileName();
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
EnhancedStream original = null;
EnhancedStream encrypted = null;
SecureFile secure = null;
byte b;
try
{
original = new EnhancedFileStream(originalName, FileMode.Create, FileAccess.ReadWrite);
for (int i = 0; i < 100; i++)
{
original.WriteByte((byte)i);
}
original.Close();
original = null;
secure = new SecureFile(originalName, SecureFileMode.Encrypt, publicKey);
secure.EncryptTo(encryptName, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
// Munge the last byte of the hash digest and then confirm
// that the bad hash is detected.
encrypted = new EnhancedFileStream(encryptName, FileMode.Open, FileAccess.ReadWrite);
encrypted.Position = encrypted.Length - 1;
b = (byte)encrypted.ReadByte();
encrypted.Position = encrypted.Length - 1;
encrypted.WriteByte((byte)(~b));
encrypted.Close();
encrypted = null;
ExtendedAssert.Throws <CryptographicException>(
() =>
{
secure = new SecureFile(encryptName, SecureFileMode.Decrypt, privateKey);
secure.DecryptTo(decryptName);
});
}
finally
{
if (original != null)
{
original.Close();
}
if (encrypted != null)
{
encrypted.Close();
}
try { System.IO.File.Delete(originalName); } catch { }
try { System.IO.File.Delete(encryptName); } catch { }
try { System.IO.File.Delete(decryptName); } catch { }
}
}
public void SecureFile_File_Metadata()
{
string originalName = Path.GetTempFileName();
string encryptName = Path.GetTempFileName();
string decryptName = Path.GetTempFileName();
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
EnhancedStream original = null;
EnhancedStream encrypted = null;
EnhancedStream decrypted = null;
SecureFile secure = null;
DateTime createTime = Helper.UtcNowRounded - TimeSpan.FromMinutes(1);
DateTime writeTime = Helper.UtcNowRounded;
try
{
original = new EnhancedFileStream(originalName, FileMode.Create, FileAccess.ReadWrite);
for (int i = 0; i < 100; i++)
{
original.WriteByte((byte)i);
}
original.Close();
original = null;
Directory.SetCreationTimeUtc(originalName, createTime);
Directory.SetLastWriteTimeUtc(originalName, writeTime);
secure = new SecureFile(originalName, SecureFileMode.Encrypt, publicKey);
secure.Properties["Foo"] = "Bar";
secure.Properties["Hello"] = "World";
secure.EncryptTo(encryptName, CryptoAlgorithm.AES, 256);
Assert.AreEqual(Path.GetFileName(originalName), secure.FileName);
Assert.AreEqual(createTime, secure.CreateTimeUtc);
Assert.AreEqual(writeTime, secure.WriteTimeUtc);
secure.Close();
secure = null;
secure = new SecureFile(encryptName, SecureFileMode.Decrypt, privateKey);
Assert.AreEqual("Bar", secure.Properties["Foo"]);
Assert.AreEqual("World", secure.Properties["Hello"]);
Assert.AreEqual(Path.GetFileName(originalName), secure.FileName);
Assert.AreEqual(createTime, secure.CreateTimeUtc);
Assert.AreEqual(writeTime, secure.WriteTimeUtc);
secure.DecryptTo(decryptName);
secure.Close();
secure = null;
Assert.AreEqual(createTime, Directory.GetCreationTimeUtc(decryptName));
Assert.AreEqual(writeTime, Directory.GetLastWriteTimeUtc(decryptName));
original = new EnhancedFileStream(originalName, FileMode.Open, FileAccess.Read);
encrypted = new EnhancedFileStream(encryptName, FileMode.Open, FileAccess.Read);
decrypted = new EnhancedFileStream(decryptName, FileMode.Open, FileAccess.Read);
original.Position = 0;
encrypted.Position = 0;
Assert.AreNotEqual(original.ReadBytesToEnd(), encrypted.ReadBytesToEnd());
original.Position = 0;
decrypted.Position = 0;
CollectionAssert.AreEqual(original.ReadBytesToEnd(), decrypted.ReadBytesToEnd());
}
finally
{
if (original != null)
{
original.Close();
}
if (encrypted != null)
{
encrypted.Close();
}
if (decrypted != null)
{
decrypted.Close();
}
System.IO.File.Delete(originalName);
System.IO.File.Delete(encryptName);
System.IO.File.Delete(decryptName);
}
}
public void SecureFile_File_GetPublicKey()
{
string originalName = Path.GetTempFileName();
string encryptName = Path.GetTempFileName();
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
EnhancedStream original = null;
EnhancedStream encrypted = null;
SecureFile secure = null;
try
{
original = new EnhancedFileStream(originalName, FileMode.Create, FileAccess.ReadWrite);
for (int i = 0; i < 100; i++)
{
original.WriteByte((byte)i);
}
original.Close();
original = null;
// Verify that the public key is saved if requested
secure = new SecureFile(originalName, SecureFileMode.Encrypt, publicKey);
Assert.IsTrue(secure.SavePublicKey);
Assert.AreEqual(publicKey, secure.PublicKey);
secure.EncryptTo(encryptName, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
Assert.AreEqual(publicKey, SecureFile.GetPublicKey(encryptName));
// Verify that the public key is not saved, if SavePublicKey=false
System.IO.File.Delete(encryptName);
secure = new SecureFile(originalName, SecureFileMode.Encrypt, publicKey);
secure.SavePublicKey = false;
secure.EncryptTo(encryptName, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
Assert.IsNull(SecureFile.GetPublicKey(encryptName));
}
finally
{
if (original != null)
{
original.Close();
}
if (encrypted != null)
{
encrypted.Close();
}
System.IO.File.Delete(originalName);
System.IO.File.Delete(encryptName);
}
}
public void SecureFile_File_KeyChain()
{
string encryptName = Path.GetTempFileName();
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
EnhancedMemoryStream original = new EnhancedMemoryStream();
SecureFile secure = null;
try
{
for (int i = 0; i < 100; i++)
{
original.WriteByte((byte)i);
}
// Verify that SecureFile can find the correct private key in the key chain.
secure = new SecureFile(original, SecureFileMode.Encrypt, publicKey);
Assert.IsTrue(secure.SavePublicKey);
Assert.AreEqual(publicKey, secure.PublicKey);
original.Position = 0;
secure.EncryptTo(encryptName, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
var keyChain = new KeyChain();
var decrypted = new EnhancedMemoryStream();
keyChain.Add(privateKey);
secure = new SecureFile(encryptName, keyChain);
secure.DecryptTo(decrypted);
secure.Close();
secure = null;
CollectionAssert.AreEqual(original.ToArray(), decrypted.ToArray());
// Verify that SecureFile throws a CryptographicException if the
// key is not present in the chain.
keyChain.Clear();
try
{
secure = new SecureFile(encryptName, keyChain);
secure.DecryptTo(decrypted);
Assert.Fail("Expecting a CryptographicException");
}
catch (CryptographicException)
{
// Expecting this
}
finally
{
if (secure != null)
{
secure.Close();
secure = null;
}
}
// Verify that SecureFile throws a CryptographicException if the
// public key was not saved to the file.
keyChain.Add(privateKey);
secure = new SecureFile(original, SecureFileMode.Encrypt, publicKey);
secure.SavePublicKey = false;
original.Position = 0;
secure.EncryptTo(encryptName, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
try
{
secure = new SecureFile(encryptName, keyChain);
secure.DecryptTo(decrypted);
Assert.Fail("Expecting a CryptographicException");
}
catch (CryptographicException)
{
// Expecting this
}
finally
{
if (secure != null)
{
secure.Close();
secure = null;
}
}
}
finally
{
System.IO.File.Delete(encryptName);
}
}
