private static string GetBCryptAlgorithmName(ValidationAlgorithm algorithm)
{
switch (algorithm)
{
case ValidationAlgorithm.HMACSHA256:
return(Constants.BCRYPT_SHA256_ALGORITHM);
case ValidationAlgorithm.HMACSHA512:
return(Constants.BCRYPT_SHA512_ALGORITHM);
default:
throw new ArgumentOutOfRangeException(nameof(algorithm));
}
}
private static Type GetManagedTypeForAlgorithm(ValidationAlgorithm algorithm)
{
switch (algorithm)
{
case ValidationAlgorithm.HMACSHA256:
return(typeof(HMACSHA256));
case ValidationAlgorithm.HMACSHA512:
return(typeof(HMACSHA512));
default:
throw new ArgumentOutOfRangeException(nameof(algorithm));
}
}
public void CreateAuthenticatedEncryptor_RoundTripsData_ManagedImplementation(EncryptionAlgorithm encryptionAlgorithm, ValidationAlgorithm validationAlgorithm)
{
// Parse test input
int keyLengthInBits = Int32.Parse(Regex.Match(encryptionAlgorithm.ToString(), @"^AES_(?<keyLength>\d{3})_CBC$").Groups["keyLength"].Value, CultureInfo.InvariantCulture);
// Arrange
var masterKey = Secret.Random(512 / 8);
var control = new ManagedAuthenticatedEncryptor(
keyDerivationKey: masterKey,
symmetricAlgorithmFactory: () => new AesCryptoServiceProvider(),
symmetricAlgorithmKeySizeInBytes: keyLengthInBits / 8,
validationAlgorithmFactory: () => KeyedHashAlgorithm.Create(validationAlgorithm.ToString()));
var test = CreateDescriptor(encryptionAlgorithm, validationAlgorithm, masterKey).CreateEncryptorInstance();
// Act & assert - data round trips properly from control to test
byte[] plaintext = new byte[] { 1, 2, 3, 4, 5 };
byte[] aad = new byte[] { 2, 4, 6, 8, 0 };
byte[] ciphertext = control.Encrypt(new ArraySegment<byte>(plaintext), new ArraySegment<byte>(aad));
byte[] roundTripPlaintext = test.Decrypt(new ArraySegment<byte>(ciphertext), new ArraySegment<byte>(aad));
Assert.Equal(plaintext, roundTripPlaintext);
}
public void CreateAuthenticatedEncryptor_RoundTripsData_CngCbcImplementation(EncryptionAlgorithm encryptionAlgorithm, ValidationAlgorithm validationAlgorithm)
{
// Parse test input
int keyLengthInBits = Int32.Parse(Regex.Match(encryptionAlgorithm.ToString(), @"^AES_(?<keyLength>\d{3})_CBC$").Groups["keyLength"].Value, CultureInfo.InvariantCulture);
string hashAlgorithm = Regex.Match(validationAlgorithm.ToString(), @"^HMAC(?<hashAlgorithm>.*)$").Groups["hashAlgorithm"].Value;
// Arrange
var masterKey = Secret.Random(512 / 8);
var control = new CbcAuthenticatedEncryptor(
keyDerivationKey: masterKey,
symmetricAlgorithmHandle: CachedAlgorithmHandles.AES_CBC,
symmetricAlgorithmKeySizeInBytes: (uint)(keyLengthInBits / 8),
hmacAlgorithmHandle: BCryptAlgorithmHandle.OpenAlgorithmHandle(hashAlgorithm, hmac: true));
var test = CreateDescriptor(encryptionAlgorithm, validationAlgorithm, masterKey).CreateEncryptorInstance();
// Act & assert - data round trips properly from control to test
byte[] plaintext = new byte[] { 1, 2, 3, 4, 5 };
byte[] aad = new byte[] { 2, 4, 6, 8, 0 };
byte[] ciphertext = control.Encrypt(new ArraySegment<byte>(plaintext), new ArraySegment<byte>(aad));
byte[] roundTripPlaintext = test.Decrypt(new ArraySegment<byte>(ciphertext), new ArraySegment<byte>(aad));
Assert.Equal(plaintext, roundTripPlaintext);
}
public void CreateAuthenticatedEncryptor_RoundTripsData_ManagedImplementation(
EncryptionAlgorithm encryptionAlgorithm,
ValidationAlgorithm validationAlgorithm,
Func <HMAC> validationAlgorithmFactory)
{
// Parse test input
int keyLengthInBits = Int32.Parse(Regex.Match(encryptionAlgorithm.ToString(), @"^AES_(?<keyLength>\d{3})_CBC$").Groups["keyLength"].Value, CultureInfo.InvariantCulture);
// Arrange
var masterKey = Secret.Random(512 / 8);
var control = new ManagedAuthenticatedEncryptor(
keyDerivationKey: masterKey,
symmetricAlgorithmFactory: () => Aes.Create(),
symmetricAlgorithmKeySizeInBytes: keyLengthInBits / 8,
validationAlgorithmFactory: validationAlgorithmFactory);
var test = CreateEncryptorInstanceFromDescriptor(CreateDescriptor(encryptionAlgorithm, validationAlgorithm, masterKey));
// Act & assert - data round trips properly from control to test
byte[] plaintext = new byte[] { 1, 2, 3, 4, 5 };
byte[] aad = new byte[] { 2, 4, 6, 8, 0 };
byte[] ciphertext = control.Encrypt(new ArraySegment <byte>(plaintext), new ArraySegment <byte>(aad));
byte[] roundTripPlaintext = test.Decrypt(new ArraySegment <byte>(ciphertext), new ArraySegment <byte>(aad));
Assert.Equal(plaintext, roundTripPlaintext);
}
public void CreateAuthenticatedEncryptor_RoundTripsData_CngCbcImplementation(EncryptionAlgorithm encryptionAlgorithm, ValidationAlgorithm validationAlgorithm)
{
// Parse test input
int keyLengthInBits = Int32.Parse(Regex.Match(encryptionAlgorithm.ToString(), @"^AES_(?<keyLength>\d{3})_CBC$").Groups["keyLength"].Value, CultureInfo.InvariantCulture);
string hashAlgorithm = Regex.Match(validationAlgorithm.ToString(), @"^HMAC(?<hashAlgorithm>.*)$").Groups["hashAlgorithm"].Value;
// Arrange
var masterKey = Secret.Random(512 / 8);
var control = new CbcAuthenticatedEncryptor(
keyDerivationKey: masterKey,
symmetricAlgorithmHandle: CachedAlgorithmHandles.AES_CBC,
symmetricAlgorithmKeySizeInBytes: (uint)(keyLengthInBits / 8),
hmacAlgorithmHandle: BCryptAlgorithmHandle.OpenAlgorithmHandle(hashAlgorithm, hmac: true));
var test = CreateEncryptorInstanceFromDescriptor(CreateDescriptor(encryptionAlgorithm, validationAlgorithm, masterKey));
// Act & assert - data round trips properly from control to test
byte[] plaintext = new byte[] { 1, 2, 3, 4, 5 };
byte[] aad = new byte[] { 2, 4, 6, 8, 0 };
byte[] ciphertext = control.Encrypt(new ArraySegment <byte>(plaintext), new ArraySegment <byte>(aad));
byte[] roundTripPlaintext = test.Decrypt(new ArraySegment <byte>(ciphertext), new ArraySegment <byte>(aad));
Assert.Equal(plaintext, roundTripPlaintext);
}
private static AuthenticatedEncryptorDescriptor CreateDescriptor(EncryptionAlgorithm encryptionAlgorithm, ValidationAlgorithm validationAlgorithm, ISecret masterKey)
{
return(new AuthenticatedEncryptorDescriptor(new AuthenticatedEncryptorConfiguration()
{
EncryptionAlgorithm = encryptionAlgorithm,
ValidationAlgorithm = validationAlgorithm
}, masterKey));
}
private static AuthenticatedEncryptorDescriptor CreateDescriptor(EncryptionAlgorithm encryptionAlgorithm, ValidationAlgorithm validationAlgorithm, ISecret masterKey)
{
return new AuthenticatedEncryptorDescriptor(new AuthenticatedEncryptionOptions()
{
EncryptionAlgorithm = encryptionAlgorithm,
ValidationAlgorithm = validationAlgorithm
}, masterKey);
}
private static Type GetManagedTypeForAlgorithm(ValidationAlgorithm algorithm)
{
switch (algorithm)
{
case ValidationAlgorithm.HMACSHA256:
return typeof(HMACSHA256);
case ValidationAlgorithm.HMACSHA512:
return typeof(HMACSHA512);
default:
throw new ArgumentOutOfRangeException(nameof(algorithm));
}
}
private static string GetBCryptAlgorithmName(ValidationAlgorithm algorithm)
{
switch (algorithm)
{
case ValidationAlgorithm.HMACSHA256:
return Constants.BCRYPT_SHA256_ALGORITHM;
case ValidationAlgorithm.HMACSHA512:
return Constants.BCRYPT_SHA512_ALGORITHM;
default:
throw new ArgumentOutOfRangeException(nameof(algorithm));
}
}
public DefaultCryptoAlgorithmFactory(ValidationAlgorithm hashAlgorithm)
{
_hashAlgorithm = hashAlgorithm;
}
public Decryptor(string encryptionKey, string validationKey, ValidationAlgorithm algorithm)
{
_masterKeyProvider = new DefaultMasterKeyProvider(encryptionKey, validationKey);
_cryptoAlgorithmFactory = new DefaultCryptoAlgorithmFactory(algorithm);
}
