private static void AddDecryptMismatchTheoryData(
string testId,
SymmetricSecurityKey decryptKey,
SymmetricSecurityKey encryptkey,
string decryptAlgorithm,
string encryptAlgorithm,
ExpectedException ee,
TheoryData <AuthenticatedEncryptionTestParams> theoryData)
{
var authenticatedData = Guid.NewGuid().ToByteArray();
var plainText = Guid.NewGuid().ToByteArray();
var provider = new AuthenticatedEncryptionProvider(encryptkey, encryptAlgorithm);
var results = provider.Encrypt(plainText, authenticatedData);
theoryData.Add(new AuthenticatedEncryptionTestParams
{
AuthenticatedData = authenticatedData,
DecryptAlgorithm = decryptAlgorithm,
DecryptKey = decryptKey,
EE = ee,
EncryptionResults = results,
Provider = new AuthenticatedEncryptionProvider(decryptKey, decryptAlgorithm),
TestId = testId
});
}
public void DecryptVirtual()
{
var provider = new AuthenticatedEncryptionProvider(Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes128CbcHmacSha256);
var authenticatedData = Guid.NewGuid().ToByteArray();
var results = provider.Encrypt(Guid.NewGuid().ToByteArray(), authenticatedData);
var derivedProvider = new DerivedAuthenticatedEncryptionProvider(Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes128CbcHmacSha256);
derivedProvider.Decrypt(results.Ciphertext, authenticatedData, results.IV, results.AuthenticationTag);
Assert.True(derivedProvider.DecryptCalled);
}
#pragma warning restore CS3016 // Arrays as attribute arguments is not CLS-compliant
public void EncryptDecrypt(AuthenticatedEncryptionTestParams theoryParams)
{
try
{
// use a different provider for encrypting and decrypting to ensure key creation / privated vars are set correctly
var encryptionProvider = new AuthenticatedEncryptionProvider(theoryParams.EncryptKey, theoryParams.DecryptAlgorithm);
var decryptionProvider = new AuthenticatedEncryptionProvider(theoryParams.DecryptKey, theoryParams.EncryptAlgorithm);
var results = encryptionProvider.Encrypt(theoryParams.Plaintext, theoryParams.AuthenticatedData);
var cleartext = decryptionProvider.Decrypt(results.Ciphertext, theoryParams.AuthenticatedData, results.IV, results.AuthenticationTag);
Assert.True(Utility.AreEqual(theoryParams.Plaintext, cleartext), "theoryParams.PlainText != clearText");
theoryParams.EE.ProcessNoException();
}
catch (Exception ex)
{
theoryParams.EE.ProcessException(ex);
}
}
public void EncryptDecrypt(AuthenticatedEncryptionTheoryData theoryData)
{
var context = TestUtilities.WriteHeader($"{this}.EncryptDecrypt", theoryData);
try
{
// use a different provider for encrypting and decrypting to ensure key creation / privated vars are set correctly
var encryptionProvider = new AuthenticatedEncryptionProvider(theoryData.EncryptKey, theoryData.DecryptAlgorithm);
var decryptionProvider = new AuthenticatedEncryptionProvider(theoryData.DecryptKey, theoryData.EncryptAlgorithm);
var results = encryptionProvider.Encrypt(theoryData.Plaintext, theoryData.AuthenticatedData);
var cleartext = decryptionProvider.Decrypt(results.Ciphertext, theoryData.AuthenticatedData, results.IV, results.AuthenticationTag);
Assert.True(Utility.AreEqual(theoryData.Plaintext, cleartext), "theoryParams.PlainText != clearText");
theoryData.ExpectedException.ProcessNoException(context);
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
TestUtilities.AssertFailIfErrors(context);
}
private static void AddDecryptTamperedTheoryData(string testId, SymmetricSecurityKey key, string algorithm, TheoryData <AuthenticatedEncryptionTestParams> theoryData)
{
var authenticatedData = Guid.NewGuid().ToByteArray();
var plainText = Guid.NewGuid().ToByteArray();
var provider = new AuthenticatedEncryptionProvider(key, algorithm);
var results = provider.Encrypt(plainText, authenticatedData);
theoryData.Add(new AuthenticatedEncryptionTestParams
{
AuthenticatedData = Guid.NewGuid().ToByteArray(),
DecryptAlgorithm = algorithm,
DecryptKey = key,
EE = ExpectedException.SecurityTokenDecryptionFailedException("IDX10650:"),
EncryptAlgorithm = algorithm,
EncryptKey = key,
EncryptionResults = results,
Provider = provider,
TestId = "AddDecryptTheoryData1_" + testId
});
results = provider.Encrypt(plainText, authenticatedData);
TestUtilities.XORBytes(results.IV);
theoryData.Add(new AuthenticatedEncryptionTestParams
{
AuthenticatedData = authenticatedData,
DecryptAlgorithm = algorithm,
DecryptKey = key,
EE = ExpectedException.SecurityTokenDecryptionFailedException("IDX10650:"),
EncryptAlgorithm = algorithm,
EncryptKey = key,
EncryptionResults = results,
Provider = provider,
TestId = "AddDecryptTheoryData2_" + testId
});
results = provider.Encrypt(plainText, authenticatedData);
TestUtilities.XORBytes(results.AuthenticationTag);
theoryData.Add(new AuthenticatedEncryptionTestParams
{
AuthenticatedData = authenticatedData,
DecryptAlgorithm = algorithm,
DecryptKey = key,
EE = ExpectedException.SecurityTokenDecryptionFailedException("IDX10650:"),
EncryptAlgorithm = algorithm,
EncryptKey = key,
EncryptionResults = results,
Provider = provider,
TestId = "AddDecryptTheoryData3_" + testId
});
results = provider.Encrypt(plainText, authenticatedData);
TestUtilities.XORBytes(results.Ciphertext);
theoryData.Add(new AuthenticatedEncryptionTestParams
{
AuthenticatedData = authenticatedData,
DecryptAlgorithm = algorithm,
DecryptKey = key,
EE = ExpectedException.SecurityTokenDecryptionFailedException("IDX10650:"),
EncryptAlgorithm = algorithm,
EncryptKey = key,
EncryptionResults = results,
Provider = provider,
TestId = "AddDecryptTheoryData4_" + testId
});
}
