public void TestInsufficientData()
{
byte[] buffer = new byte[16];
byte[] hmacKey = new byte[32];
byte[] aesKey = new byte[32];
Assert.ThrowsException <ArgumentException>(() => AesStatic.DecryptWithHmac(buffer, hmacKey, aesKey));
}
public void TestIllegalKeySize()
{
byte[] buffer = new byte[64];
byte[] rightKey = new byte[32];
byte[] wrongKey = new byte[16];
Assert.ThrowsException <ArgumentException>(() => AesStatic.EncryptWithHmac(buffer, wrongKey, rightKey));
Assert.ThrowsException <ArgumentException>(() => AesStatic.EncryptWithHmac(buffer, rightKey, wrongKey));
Assert.ThrowsException <ArgumentException>(() => AesStatic.DecryptWithHmac(buffer, wrongKey, rightKey));
Assert.ThrowsException <ArgumentException>(() => AesStatic.DecryptWithHmac(buffer, rightKey, wrongKey));
}
public void TestNullKeys()
{
byte[] buffer = new byte[64];
byte[] hmacKey = new byte[32];
byte[] aesKey = new byte[32];
Assert.ThrowsException <ArgumentNullException>(() => AesStatic.EncryptWithHmac(buffer, null !, aesKey));
Assert.ThrowsException <ArgumentNullException>(() => AesStatic.EncryptWithHmac(buffer, hmacKey, null !));
Assert.ThrowsException <ArgumentNullException>(() => AesStatic.DecryptWithHmac(buffer, null !, aesKey));
Assert.ThrowsException <ArgumentNullException>(() => AesStatic.DecryptWithHmac(buffer, hmacKey, null !));
}
public void TestEncryptDecrypt(string text)
{
byte[] hmacKey = new byte[32];
byte[] aesKey = new byte[32];
RandomNumberGenerator.Fill(hmacKey);
RandomNumberGenerator.Fill(aesKey);
ReadOnlyMemory <byte> data = Encoding.UTF8.GetBytes(text);
ReadOnlyMemory <byte> ciphertext = AesStatic.EncryptWithHmac(data, hmacKey, aesKey);
ReadOnlyMemory <byte> plaintext = AesStatic.DecryptWithHmac(ciphertext, hmacKey, aesKey);
MemoryAssert.AreEqual(data, plaintext);
}
[DataRow(LoremIpsum, 93)] // tamper later block
public void TestIntegrityCheck(string text, int tamperIndex)
{
byte[] hmacKey = new byte[32];
byte[] aesKey = new byte[32];
RandomNumberGenerator.Fill(hmacKey);
RandomNumberGenerator.Fill(aesKey);
ReadOnlyMemory <byte> data = Encoding.UTF8.GetBytes(text);
Memory <byte> ciphertext = MemoryMarshal.AsMemory(AesStatic.EncryptWithHmac(data, hmacKey, aesKey));
ciphertext.Span[tamperIndex] = (byte)~ciphertext.Span[tamperIndex];
Assert.ThrowsException <CryptographicException>(() => AesStatic.DecryptWithHmac(ciphertext, hmacKey, aesKey));
}
private void btnAesDecrypt_Click(object sender, EventArgs e)
{
byte[] ciphertext = Util.GetBytes(tbAesCipherText.Text);
byte[] key = Util.GetBytes(tbAesKey.Text);
byte[] iv = Util.GetBytes(tbAesIV.Text);
byte[] plaintext = AesStatic.Decrypt(ciphertext, key, iv);
if (EncodingUTF8Rb.Checked)
{
tbAesPlainText.Text = Encoding.UTF8.GetString(plaintext);
}
else
{
tbAesPlainText.Text = Util.ToHexString(plaintext);
}
tbAesCipherText.Text = "";
}
public void TestAesHmac()
{
byte[] hmac = AesStatic.GenerateKey();
byte[] key = AesStatic.GenerateKey();
byte[] iv = AesStatic.GenerateIV();
Random random = new Random();
byte[] plaintext = new byte[69854];
random.NextBytes(plaintext);
PacketBuffer ciphertext = PacketBuffer.CreateDynamic();
AesStatic.EncryptWithHmac(plaintext, ciphertext, false, hmac, key);
ciphertext.Position = 0;
byte[] result = AesStatic.DecryptWithHmac(ciphertext, -1, hmac, key);
CollectionAssert.AreEqual(plaintext, result);
}
internal AesShaStream(Stream stream, byte[] key, CryptoStreamMode mode, CryptographicOperation operation) : base(stream, mode)
{
this.key = key ?? throw new ArgumentNullException(nameof(key));
if (key.Length != 32)
{
throw new ArgumentOutOfRangeException(nameof(key), key.Length, "The AES key must have a length of 256 bit.");
}
if (operation == CryptographicOperation.Encrypt)
{
iv = AesStatic.GenerateIV();
}
else if (operation != CryptographicOperation.Decrypt)
{
throw new NotSupportedException("This stream does not support cryptographic operations other than encrypt and decrypt.");
}
this.operation = operation;
csp = Aes.Create();
sha = SHA256.Create();
}
public void TestAes()
{
byte[] key = AesStatic.GenerateKey();
Assert.IsNotNull(key);
byte[] iv = AesStatic.GenerateIV();
Assert.IsNotNull(iv);
Random random = new Random();
byte[] plaintext = new byte[45674];
random.NextBytes(plaintext);
byte[] ciphertext = AesStatic.Encrypt(plaintext, key, iv);
Assert.IsNotNull(ciphertext);
Assert.AreEqual(ciphertext.Length, Util.GetTotalSize(plaintext.Length, 16));
byte[] decrypted = AesStatic.Decrypt(ciphertext, key, iv);
Assert.IsNotNull(decrypted);
CollectionAssert.AreEqual(plaintext, decrypted);
}
private void Read_v1_2(PacketBuffer buf, byte[] hmacKey, byte[] aesKey)
{
Read_v1_2_Header(buf);
if (Algorithm == ContentAlgorithm.None)
{
Read_v1_2_Core(buf);
}
else if (Algorithm == ContentAlgorithm.Aes256CbcHmacSha256)
{
byte[] plain = AesStatic.DecryptWithHmac(buf, -1, hmacKey, aesKey);
HmacKey = hmacKey; // Assign public properties after successful decryption
AesKey = aesKey;
using (PacketBuffer innerBuf = PacketBuffer.CreateStatic(plain))
Read_v1_2_Core(innerBuf);
Available = true;
}
else
{
encryptedContent = buf.ReadByteArray(buf.Pending);
}
}
private FileMeta(ContentAlgorithm algorithm, byte[] hmacKey, byte[] aesKey, byte[] fileKey)
{
Algorithm = algorithm;
AesKey = aesKey;
HmacKey = hmacKey;
FileKey = fileKey;
if (Algorithm == ContentAlgorithm.Aes256CbcHmacSha256)
{
if (AesKey == null)
{
AesKey = AesStatic.GenerateKey();
}
else if (AesKey.Length != 32)
{
throw new ArgumentOutOfRangeException(nameof(aesKey));
}
if (hmacKey == null)
{
HmacKey = AesStatic.GenerateKey();
}
else if (HmacKey.Length != 32)
{
throw new ArgumentOutOfRangeException(nameof(hmacKey));
}
if (fileKey == null)
{
FileKey = AesStatic.GenerateKey();
}
else if (FileKey.Length != 32)
{
throw new ArgumentOutOfRangeException(nameof(fileKey));
}
FileEncryption = ContentAlgorithm.Aes256Cbc; // The file needs no HMAC as we have an SHA256
}
}
/// <summary>
/// Returns the binary expression of this <see cref="FileMeta"/> like it will be sent over the internet.
/// </summary>
/// <param name="version"></param>
/// <returns></returns>
public byte[] GetBinaryData(ushort version)
{
using (PacketBuffer buf = PacketBuffer.CreateDynamic())
{
if (version == 1)
{
Write_v1_1(buf);
}
else
{
if (Algorithm == ContentAlgorithm.None)
{
Write_v1_2_Header(buf);
Write_v1_2_Core(buf);
}
else if (Algorithm == ContentAlgorithm.Aes256CbcHmacSha256)
{
Write_v1_2_Header(buf); // write header anyway because we always these data
if (Available)
{
using (PacketBuffer ibuf = PacketBuffer.CreateDynamic())
{
Write_v1_2_Core(ibuf);
AesStatic.EncryptWithHmac(ibuf.ToArray(), buf, false, HmacKey, AesKey);
}
}
else
{
buf.WriteByteArray(encryptedContent, false); // write all pre-read encrypted content including hmac, iv, etc.
}
}
}
return(buf.ToArray());
}
}
private void btnAesGenerateIV_Click(object sender, EventArgs e) => tbAesIV.Text = Util.ToHexString(AesStatic.GenerateIV());
