public void ValidateCipherTest() { var cipher1 = new CipherStub("cipherStub1"); var cipher2 = new CipherStub("cipherStub2"); var cipher3 = new FernetCipher("Fernet cipher"); using var provider = new CryptoProvider(cipher1); provider.RegisterCipher(cipher2) .RegisterCipher(cipher3); var customEncryptionKey = new CustomEncryptionKey(1, Encoding.UTF8.GetBytes("Custom Encryption Key 32 symbols")); provider.ValidateCustomCiphers(new SecretsData(new List <Secret> { customEncryptionKey }, customEncryptionKey)); Assert.IsNotNull(provider); var encryptionSecret = new EncryptionSecret(2, Encoding.UTF8.GetBytes("EncryptionSecret")); provider.ValidateCustomCiphers(new SecretsData(new List <Secret> { customEncryptionKey, encryptionSecret }, encryptionSecret)); Assert.IsNotNull(provider); }
public void DecryptV1NullTest() { var secretKey = new EncryptionSecret(0, Encoding.UTF8.GetBytes("password")); var cipher = new AesGcmPbkdf10KHexCipher(Encoding.UTF8); var exception = Assert.Throws <StorageCryptoException>(() => cipher.Decrypt(null, secretKey)); Assert.AreEqual("Encrypted text is incorrect", exception.Message); }
public void AesGcm10KHexCipherTest() { var secretKey = new EncryptionSecret(0, Encoding.UTF8.GetBytes("password")); var cipher = new AesGcmPbkdf10KHexCipher(Encoding.UTF8); var decryptedMessage = cipher.Decrypt(CipherMessageV1, secretKey); Assert.AreEqual("InCountry", decryptedMessage); Assert.Throws <NotImplementedException>(() => cipher.Encrypt("text")); }
public void WrongSecretVersionTest() { var exception = Assert.Throws <StorageClientException>(() => { var unused = new EncryptionSecret(-1, Guid.NewGuid().ToByteArray()); }); Assert.AreEqual("Version must be >= 0", exception.Message); }
public void EncryptTest(EncryptionSecret secretType, bool withFilename) { #region Arrange var data = Guid.NewGuid().ToByteArray(); File.WriteAllBytes(this.InputFile, data); var pwd = Guid.NewGuid().ToString(); var filename = Guid.NewGuid().ToString(); var key = Random.CreateData(512 / 8); #endregion #region Act switch (secretType) { case EncryptionSecret.Password: if (withFilename) { SymmetricEncryption.Encrypt(this.InputFile, this.OutputFile, pwd, filename); } else { SymmetricEncryption.Encrypt(this.InputFile, this.OutputFile, pwd); } break; case EncryptionSecret.Key: if (withFilename) { SymmetricEncryption.Encrypt(this.InputFile, this.OutputFile, key, filename); } else { SymmetricEncryption.Encrypt(this.InputFile, this.OutputFile, key); } break; default: throw new ArgumentOutOfRangeException(nameof(secretType), secretType, null); } #endregion #region Assert Assert.That(data, Is.Not.EquivalentTo(File.ReadAllBytes(this.OutputFile))); Assert.That(data.Length, Is.LessThan(File.ReadAllBytes(this.OutputFile).Length)); Assert.That(FileOperation.HasFileSignature(this.OutputFile), "HasFileSignature"); #endregion }
public void AesGcmDecryptNegativeTest() { var secret = new EncryptionSecret(1, Encoding.UTF8.GetBytes("password")); using var cipher = new AesGcmPbkdf10KBase64Cipher(Encoding.UTF8); const string wrongCipheredText = "Nw5G/Ut36NVnt8+6EHg9iOYWX194"; var exception = Assert.Throws <StorageCryptoException>(() => cipher.Decrypt(wrongCipheredText, secret)); Assert.AreEqual("Encrypted text is incorrect", exception.Message); Assert.Throws <FormatException>(() => cipher.Decrypt("123", secret)); }
public void GetKeyNegativeTest() { var secret = new EncryptionSecret(1, Encoding.UTF8.GetBytes("password")); var salt = Encoding.UTF8.GetBytes(Guid.NewGuid().ToString()); var exception = Assert.Throws <StorageCryptoException>(() => SecretKeyFactory.GetKey(salt, null, 1000)); Assert.AreEqual("Secret is null", exception.Message); exception = Assert.Throws <StorageCryptoException>(() => SecretKeyFactory.GetKey(null, secret, -1)); Assert.AreEqual("Unable to generate secret", exception.Message); Assert.NotNull(exception.InnerException); }
public void DuplicationSecretsVersionTest() { var secret1 = new EncryptionSecret(1, Guid.NewGuid().ToByteArray()); var secret2 = new EncryptionSecret(1, Guid.NewGuid().ToByteArray()); var exception = Assert.Throws <StorageClientException>(() => { var unused = new SecretsData(new List <Secret> { secret1, secret2 }, secret2); }); Assert.AreEqual("SecretKey versions must be unique. Got duplicates for: 1", exception.Message); }
public void ToStringTest() { var secret1 = new EncryptionSecret(1, Guid.NewGuid().ToByteArray()); var secret2 = new EncryptionSecret(2, Guid.NewGuid().ToByteArray()); var secretsData = new SecretsData(new List <Secret> { secret1, secret2 }, secret1); const string expected = "SecretsData\\{Secrets=\\[" + "EncryptionSecret\\{SecretBytes=HASH\\[(-)?(\\d)+\\], Version=1\\}," + "EncryptionSecret\\{SecretBytes=HASH\\[(-)?(\\d)+\\], Version=2\\}\\], " + "CurrentSecret=EncryptionSecret\\{SecretBytes=HASH\\[(-)?(\\d)+\\], Version=1\\}\\}"; Assert.IsTrue(Regex.IsMatch(secretsData.ToString(), expected)); }
public void WrongSecretTest() { var exception = Assert.Throws <StorageClientException>(() => { var unused = new EncryptionSecret(1, null); }); Assert.AreEqual("Secret can't be null", exception.Message); exception = Assert.Throws <StorageClientException>(() => { var unused = new EncryptionSecret(1, Array.Empty <byte>()); }); Assert.AreEqual("Secret can't be null", exception.Message); }
public void GetSecretTest() { var secret1 = new EncryptionSecret(1, Guid.NewGuid().ToByteArray()); var secret2 = new EncryptionSecret(2, Guid.NewGuid().ToByteArray()); var secretsData = new SecretsData(new List <Secret> { secret1, secret2 }, secret1); var secretOne = secretsData.GetSecret(1); var secretTwo = secretsData.GetSecret(2); var defaultSecret = secretsData.GetSecret(null); Assert.AreEqual(secret1, secretOne); Assert.AreEqual(secret2, secretTwo); Assert.AreEqual(secret1, defaultSecret); }
public void SecretsToStringTest() { var encryptionSecret = new EncryptionSecret(1, Guid.NewGuid().ToByteArray()); Assert.IsTrue(Regex.IsMatch(encryptionSecret.ToString(), "EncryptionSecret\\{SecretBytes\\=HASH\\[(-)?(\\d)+\\], Version=1\\}")); var customEncryptionKey = new CustomEncryptionKey(1, Guid.NewGuid().ToByteArray()); Assert.IsTrue(Regex.IsMatch(customEncryptionKey.ToString(), "CustomEncryptionKey\\{SecretBytes\\=HASH\\[(-)?(\\d)+\\], Version=1\\}")); var encryptionKey = new EncryptionKey(1, Encoding.UTF8.GetBytes("123456789012345678901234567890Ab")); Assert.IsTrue(Regex.IsMatch(encryptionKey.ToString(), "EncryptionKey\\{SecretBytes\\=HASH\\[(-)?(\\d)+\\], Version=1\\}")); }
public void AesGcmBase64CipherNegativeTest() { var wrongKey = new EncryptionSecret(1, Encoding.UTF8.GetBytes(Guid.NewGuid().ToString())); using var cipher = new AesGcmPbkdf10KBase64Cipher(Encoding.UTF8); var exception = Assert.Throws <StorageCryptoException>(() => cipher.Decrypt(CipherMessageV2, wrongKey)); Assert.AreEqual("Invalid cipher for decryption", exception.Message); exception = Assert.Throws <StorageCryptoException>(() => cipher.Decrypt(CipherMessageV2)); Assert.AreEqual("No secret provided", exception.Message); exception = Assert.Throws <StorageCryptoException>(() => cipher.Decrypt(null, wrongKey)); Assert.AreEqual("Encrypted text is incorrect", exception.Message); }
public void DefaultCurrentCipherTest() { const int secretVersion = 7; var secret = new EncryptionSecret(secretVersion, Encoding.UTF8.GetBytes("password")); using var cipher = new AesGcmPbkdf10KBase64Cipher(Encoding.UTF8); using var cryptoProvider = new CryptoProvider(); var text = Guid.NewGuid().ToString(); var encryptResult = cryptoProvider.Encrypt(text, new SecretsData(new List <Secret> { secret }, secret)); Assert.NotNull(encryptResult); Assert.AreEqual(secretVersion, encryptResult.KeyVersion); var decrypted = cipher.Decrypt(encryptResult.Data.Substring(2), secret); Assert.AreEqual(text, decrypted); }
public void WrongCurrentSecretTest() { var secret1 = new EncryptionSecret(1, Guid.NewGuid().ToByteArray()); var secret2 = new EncryptionSecret(2, Guid.NewGuid().ToByteArray()); var exception = Assert.Throws <StorageClientException>(() => { var unused = new SecretsData(new List <Secret> { secret1 }, null); }); Assert.AreEqual("There is no SecretKey version that matches current version ", exception.Message); exception = Assert.Throws <StorageClientException>(() => { var unused = new SecretsData(new List <Secret> { secret1 }, secret2); }); Assert.AreEqual("There is no SecretKey version that matches current version 2", exception.Message); }
public void EncryptAndDecrypt_Filepath_Test(EncryptionSecret secretType, bool withFilename) { #region Arrange var data = Random.CreateData(128 / 8); File.WriteAllBytes(this.InputFile, data); var pwd = Guid.NewGuid().ToString(); var filename = Guid.NewGuid().ToString(); var key = Random.CreateData(512 / 8); #endregion #region Act switch (secretType) { case EncryptionSecret.Password: if (withFilename) { SymmetricEncryption.Encrypt(this.InputFile, this.OutputFile, pwd, filename); } else { SymmetricEncryption.Encrypt(this.InputFile, this.OutputFile, pwd); } break; case EncryptionSecret.Key: if (withFilename) { SymmetricEncryption.Encrypt(this.InputFile, this.OutputFile, key, filename); } else { SymmetricEncryption.Encrypt(this.InputFile, this.OutputFile, key); } break; default: throw new ArgumentOutOfRangeException(nameof(secretType), secretType, null); } byte[] dataContent; using (var stream = File.OpenRead(this.OutputFile)) { RawFileAccessor.SeekToMainData(stream); var ms = new MemoryStream(); stream.CopyTo(ms); dataContent = ms.ToArray(); } Console.Out.WriteLine("Encrypted Content: " + Convert.ToBase64String(dataContent)); DecryptInfo info; using (var input = File.OpenRead(this.OutputFile)) using (var output = File.Create(this.ResultFile)) { switch (secretType) { case EncryptionSecret.Password: info = SymmetricEncryption.Decrypt(input, output, pwd); break; case EncryptionSecret.Key: info = SymmetricEncryption.Decrypt(input, output, key); break; default: throw new ArgumentOutOfRangeException(nameof(secretType), secretType, null); } } #endregion #region Assert if (withFilename) { Assert.That(info?.FileName, Is.EqualTo(filename), "Filename is correct decrypted."); } else { Assert.That(info.FileName, Is.Null, "Filename should be Null."); } Assert.That(data, Is.Not.EquivalentTo(File.ReadAllBytes(this.OutputFile))); Assert.That(data.Length, Is.LessThan(File.ReadAllBytes(this.OutputFile).Length)); Assert.That(FileOperation.HasFileSignature(this.OutputFile), "HasFileSignature"); Assert.That(File.ReadAllBytes(this.ResultFile), Is.EquivalentTo(data), "Plaindata is equal after decryption"); #endregion }
public void EncryptAndDecrypt_MemoryStream_Test(EncryptionSecret secretType, bool withFilename) { #region Arrange var data = Guid.NewGuid().ToByteArray(); File.WriteAllBytes(this.InputFile, data); var pwd = Guid.NewGuid().ToString(); var filename = Guid.NewGuid().ToString(); var key = Random.CreateData(512 / 8); #endregion #region Act var outputEncrypted = new MemoryStream(); using (var input = new MemoryStream(File.ReadAllBytes(this.InputFile))) { switch (secretType) { case EncryptionSecret.Password: if (withFilename) { SymmetricEncryption.Encrypt(input, outputEncrypted, pwd, filename); } else { SymmetricEncryption.Encrypt(input, outputEncrypted, pwd); } break; case EncryptionSecret.Key: if (withFilename) { SymmetricEncryption.Encrypt(input, outputEncrypted, key, filename); } else { SymmetricEncryption.Encrypt(input, outputEncrypted, key); } break; default: throw new ArgumentOutOfRangeException(nameof(secretType), secretType, null); } } var outputPlain = new MemoryStream(); DecryptInfo info; using (var input = new MemoryStream(outputEncrypted.ToArray())) { switch (secretType) { case EncryptionSecret.Password: info = SymmetricEncryption.Decrypt(input, outputPlain, pwd); break; case EncryptionSecret.Key: info = SymmetricEncryption.Decrypt(input, outputPlain, key); break; default: throw new ArgumentOutOfRangeException(nameof(secretType), secretType, null); } } #endregion #region Assert if (withFilename) { Assert.That(info?.FileName, Is.EqualTo(filename), "Filename is correct decrypted."); } else { Assert.That(info.FileName, Is.Null, "Filename is Null."); } Assert.That(data, Is.Not.EquivalentTo(outputEncrypted.ToArray())); Assert.That(data.Length, Is.LessThan(outputEncrypted.ToArray().Length)); Assert.That(data, Is.EquivalentTo(outputPlain.ToArray())); #endregion }