public void ValidateCipherTest()
{
var cipher1 = new CipherStub("cipherStub1");
var cipher2 = new CipherStub("cipherStub2");
var cipher3 = new FernetCipher("Fernet cipher");
using var provider = new CryptoProvider(cipher1);
provider.RegisterCipher(cipher2)
.RegisterCipher(cipher3);
var customEncryptionKey =
new CustomEncryptionKey(1, Encoding.UTF8.GetBytes("Custom Encryption Key 32 symbols"));
provider.ValidateCustomCiphers(new SecretsData(new List <Secret> {
customEncryptionKey
},
customEncryptionKey));
Assert.IsNotNull(provider);
var encryptionSecret = new EncryptionSecret(2, Encoding.UTF8.GetBytes("EncryptionSecret"));
provider.ValidateCustomCiphers(new SecretsData(new List <Secret> {
customEncryptionKey, encryptionSecret
},
encryptionSecret));
Assert.IsNotNull(provider);
}
public void DecryptV1NullTest()
{
var secretKey = new EncryptionSecret(0, Encoding.UTF8.GetBytes("password"));
var cipher = new AesGcmPbkdf10KHexCipher(Encoding.UTF8);
var exception = Assert.Throws <StorageCryptoException>(() => cipher.Decrypt(null, secretKey));
Assert.AreEqual("Encrypted text is incorrect", exception.Message);
}
public void AesGcm10KHexCipherTest()
{
var secretKey = new EncryptionSecret(0, Encoding.UTF8.GetBytes("password"));
var cipher = new AesGcmPbkdf10KHexCipher(Encoding.UTF8);
var decryptedMessage = cipher.Decrypt(CipherMessageV1, secretKey);
Assert.AreEqual("InCountry", decryptedMessage);
Assert.Throws <NotImplementedException>(() => cipher.Encrypt("text"));
}
public void WrongSecretVersionTest()
{
var exception = Assert.Throws <StorageClientException>(() =>
{
var unused = new EncryptionSecret(-1, Guid.NewGuid().ToByteArray());
});
Assert.AreEqual("Version must be >= 0", exception.Message);
}
public void EncryptTest(EncryptionSecret secretType, bool withFilename)
{
#region Arrange
var data = Guid.NewGuid().ToByteArray();
File.WriteAllBytes(this.InputFile, data);
var pwd = Guid.NewGuid().ToString();
var filename = Guid.NewGuid().ToString();
var key = Random.CreateData(512 / 8);
#endregion
#region Act
switch (secretType)
{
case EncryptionSecret.Password:
if (withFilename)
{
SymmetricEncryption.Encrypt(this.InputFile, this.OutputFile, pwd, filename);
}
else
{
SymmetricEncryption.Encrypt(this.InputFile, this.OutputFile, pwd);
}
break;
case EncryptionSecret.Key:
if (withFilename)
{
SymmetricEncryption.Encrypt(this.InputFile, this.OutputFile, key, filename);
}
else
{
SymmetricEncryption.Encrypt(this.InputFile, this.OutputFile, key);
}
break;
default:
throw new ArgumentOutOfRangeException(nameof(secretType), secretType, null);
}
#endregion
#region Assert
Assert.That(data, Is.Not.EquivalentTo(File.ReadAllBytes(this.OutputFile)));
Assert.That(data.Length, Is.LessThan(File.ReadAllBytes(this.OutputFile).Length));
Assert.That(FileOperation.HasFileSignature(this.OutputFile), "HasFileSignature");
#endregion
}
public void AesGcmDecryptNegativeTest()
{
var secret = new EncryptionSecret(1, Encoding.UTF8.GetBytes("password"));
using var cipher = new AesGcmPbkdf10KBase64Cipher(Encoding.UTF8);
const string wrongCipheredText = "Nw5G/Ut36NVnt8+6EHg9iOYWX194";
var exception = Assert.Throws <StorageCryptoException>(() => cipher.Decrypt(wrongCipheredText, secret));
Assert.AreEqual("Encrypted text is incorrect", exception.Message);
Assert.Throws <FormatException>(() => cipher.Decrypt("123", secret));
}
public void GetKeyNegativeTest()
{
var secret = new EncryptionSecret(1, Encoding.UTF8.GetBytes("password"));
var salt = Encoding.UTF8.GetBytes(Guid.NewGuid().ToString());
var exception = Assert.Throws <StorageCryptoException>(() => SecretKeyFactory.GetKey(salt, null, 1000));
Assert.AreEqual("Secret is null", exception.Message);
exception = Assert.Throws <StorageCryptoException>(() => SecretKeyFactory.GetKey(null, secret, -1));
Assert.AreEqual("Unable to generate secret", exception.Message);
Assert.NotNull(exception.InnerException);
}
public void DuplicationSecretsVersionTest()
{
var secret1 = new EncryptionSecret(1, Guid.NewGuid().ToByteArray());
var secret2 = new EncryptionSecret(1, Guid.NewGuid().ToByteArray());
var exception = Assert.Throws <StorageClientException>(() =>
{
var unused = new SecretsData(new List <Secret> {
secret1, secret2
}, secret2);
});
Assert.AreEqual("SecretKey versions must be unique. Got duplicates for: 1", exception.Message);
}
public void ToStringTest()
{
var secret1 = new EncryptionSecret(1, Guid.NewGuid().ToByteArray());
var secret2 = new EncryptionSecret(2, Guid.NewGuid().ToByteArray());
var secretsData = new SecretsData(new List <Secret> {
secret1, secret2
}, secret1);
const string expected = "SecretsData\\{Secrets=\\[" +
"EncryptionSecret\\{SecretBytes=HASH\\[(-)?(\\d)+\\], Version=1\\}," +
"EncryptionSecret\\{SecretBytes=HASH\\[(-)?(\\d)+\\], Version=2\\}\\], " +
"CurrentSecret=EncryptionSecret\\{SecretBytes=HASH\\[(-)?(\\d)+\\], Version=1\\}\\}";
Assert.IsTrue(Regex.IsMatch(secretsData.ToString(), expected));
}
public void WrongSecretTest()
{
var exception = Assert.Throws <StorageClientException>(() =>
{
var unused = new EncryptionSecret(1, null);
});
Assert.AreEqual("Secret can't be null", exception.Message);
exception = Assert.Throws <StorageClientException>(() =>
{
var unused = new EncryptionSecret(1, Array.Empty <byte>());
});
Assert.AreEqual("Secret can't be null", exception.Message);
}
public void GetSecretTest()
{
var secret1 = new EncryptionSecret(1, Guid.NewGuid().ToByteArray());
var secret2 = new EncryptionSecret(2, Guid.NewGuid().ToByteArray());
var secretsData = new SecretsData(new List <Secret> {
secret1, secret2
}, secret1);
var secretOne = secretsData.GetSecret(1);
var secretTwo = secretsData.GetSecret(2);
var defaultSecret = secretsData.GetSecret(null);
Assert.AreEqual(secret1, secretOne);
Assert.AreEqual(secret2, secretTwo);
Assert.AreEqual(secret1, defaultSecret);
}
public void SecretsToStringTest()
{
var encryptionSecret = new EncryptionSecret(1, Guid.NewGuid().ToByteArray());
Assert.IsTrue(Regex.IsMatch(encryptionSecret.ToString(),
"EncryptionSecret\\{SecretBytes\\=HASH\\[(-)?(\\d)+\\], Version=1\\}"));
var customEncryptionKey = new CustomEncryptionKey(1, Guid.NewGuid().ToByteArray());
Assert.IsTrue(Regex.IsMatch(customEncryptionKey.ToString(),
"CustomEncryptionKey\\{SecretBytes\\=HASH\\[(-)?(\\d)+\\], Version=1\\}"));
var encryptionKey = new EncryptionKey(1, Encoding.UTF8.GetBytes("123456789012345678901234567890Ab"));
Assert.IsTrue(Regex.IsMatch(encryptionKey.ToString(),
"EncryptionKey\\{SecretBytes\\=HASH\\[(-)?(\\d)+\\], Version=1\\}"));
}
public void AesGcmBase64CipherNegativeTest()
{
var wrongKey = new EncryptionSecret(1, Encoding.UTF8.GetBytes(Guid.NewGuid().ToString()));
using var cipher = new AesGcmPbkdf10KBase64Cipher(Encoding.UTF8);
var exception =
Assert.Throws <StorageCryptoException>(() => cipher.Decrypt(CipherMessageV2, wrongKey));
Assert.AreEqual("Invalid cipher for decryption", exception.Message);
exception = Assert.Throws <StorageCryptoException>(() => cipher.Decrypt(CipherMessageV2));
Assert.AreEqual("No secret provided", exception.Message);
exception = Assert.Throws <StorageCryptoException>(() => cipher.Decrypt(null, wrongKey));
Assert.AreEqual("Encrypted text is incorrect", exception.Message);
}
public void DefaultCurrentCipherTest()
{
const int secretVersion = 7;
var secret = new EncryptionSecret(secretVersion, Encoding.UTF8.GetBytes("password"));
using var cipher = new AesGcmPbkdf10KBase64Cipher(Encoding.UTF8);
using var cryptoProvider = new CryptoProvider();
var text = Guid.NewGuid().ToString();
var encryptResult =
cryptoProvider.Encrypt(text, new SecretsData(new List <Secret> {
secret
}, secret));
Assert.NotNull(encryptResult);
Assert.AreEqual(secretVersion, encryptResult.KeyVersion);
var decrypted = cipher.Decrypt(encryptResult.Data.Substring(2), secret);
Assert.AreEqual(text, decrypted);
}
public void WrongCurrentSecretTest()
{
var secret1 = new EncryptionSecret(1, Guid.NewGuid().ToByteArray());
var secret2 = new EncryptionSecret(2, Guid.NewGuid().ToByteArray());
var exception = Assert.Throws <StorageClientException>(() =>
{
var unused = new SecretsData(new List <Secret> {
secret1
}, null);
});
Assert.AreEqual("There is no SecretKey version that matches current version ", exception.Message);
exception = Assert.Throws <StorageClientException>(() =>
{
var unused = new SecretsData(new List <Secret> {
secret1
}, secret2);
});
Assert.AreEqual("There is no SecretKey version that matches current version 2", exception.Message);
}
public void EncryptAndDecrypt_Filepath_Test(EncryptionSecret secretType, bool withFilename)
{
#region Arrange
var data = Random.CreateData(128 / 8);
File.WriteAllBytes(this.InputFile, data);
var pwd = Guid.NewGuid().ToString();
var filename = Guid.NewGuid().ToString();
var key = Random.CreateData(512 / 8);
#endregion
#region Act
switch (secretType)
{
case EncryptionSecret.Password:
if (withFilename)
{
SymmetricEncryption.Encrypt(this.InputFile, this.OutputFile, pwd, filename);
}
else
{
SymmetricEncryption.Encrypt(this.InputFile, this.OutputFile, pwd);
}
break;
case EncryptionSecret.Key:
if (withFilename)
{
SymmetricEncryption.Encrypt(this.InputFile, this.OutputFile, key, filename);
}
else
{
SymmetricEncryption.Encrypt(this.InputFile, this.OutputFile, key);
}
break;
default:
throw new ArgumentOutOfRangeException(nameof(secretType), secretType, null);
}
byte[] dataContent;
using (var stream = File.OpenRead(this.OutputFile))
{
RawFileAccessor.SeekToMainData(stream);
var ms = new MemoryStream();
stream.CopyTo(ms);
dataContent = ms.ToArray();
}
Console.Out.WriteLine("Encrypted Content: " + Convert.ToBase64String(dataContent));
DecryptInfo info;
using (var input = File.OpenRead(this.OutputFile))
using (var output = File.Create(this.ResultFile))
{
switch (secretType)
{
case EncryptionSecret.Password:
info = SymmetricEncryption.Decrypt(input, output, pwd);
break;
case EncryptionSecret.Key:
info = SymmetricEncryption.Decrypt(input, output, key);
break;
default:
throw new ArgumentOutOfRangeException(nameof(secretType), secretType, null);
}
}
#endregion
#region Assert
if (withFilename)
{
Assert.That(info?.FileName, Is.EqualTo(filename), "Filename is correct decrypted.");
}
else
{
Assert.That(info.FileName, Is.Null, "Filename should be Null.");
}
Assert.That(data, Is.Not.EquivalentTo(File.ReadAllBytes(this.OutputFile)));
Assert.That(data.Length, Is.LessThan(File.ReadAllBytes(this.OutputFile).Length));
Assert.That(FileOperation.HasFileSignature(this.OutputFile), "HasFileSignature");
Assert.That(File.ReadAllBytes(this.ResultFile), Is.EquivalentTo(data), "Plaindata is equal after decryption");
#endregion
}
public void EncryptAndDecrypt_MemoryStream_Test(EncryptionSecret secretType, bool withFilename)
{
#region Arrange
var data = Guid.NewGuid().ToByteArray();
File.WriteAllBytes(this.InputFile, data);
var pwd = Guid.NewGuid().ToString();
var filename = Guid.NewGuid().ToString();
var key = Random.CreateData(512 / 8);
#endregion
#region Act
var outputEncrypted = new MemoryStream();
using (var input = new MemoryStream(File.ReadAllBytes(this.InputFile)))
{
switch (secretType)
{
case EncryptionSecret.Password:
if (withFilename)
{
SymmetricEncryption.Encrypt(input, outputEncrypted, pwd, filename);
}
else
{
SymmetricEncryption.Encrypt(input, outputEncrypted, pwd);
}
break;
case EncryptionSecret.Key:
if (withFilename)
{
SymmetricEncryption.Encrypt(input, outputEncrypted, key, filename);
}
else
{
SymmetricEncryption.Encrypt(input, outputEncrypted, key);
}
break;
default:
throw new ArgumentOutOfRangeException(nameof(secretType), secretType, null);
}
}
var outputPlain = new MemoryStream();
DecryptInfo info;
using (var input = new MemoryStream(outputEncrypted.ToArray()))
{
switch (secretType)
{
case EncryptionSecret.Password:
info = SymmetricEncryption.Decrypt(input, outputPlain, pwd);
break;
case EncryptionSecret.Key:
info = SymmetricEncryption.Decrypt(input, outputPlain, key);
break;
default:
throw new ArgumentOutOfRangeException(nameof(secretType), secretType, null);
}
}
#endregion
#region Assert
if (withFilename)
{
Assert.That(info?.FileName, Is.EqualTo(filename), "Filename is correct decrypted.");
}
else
{
Assert.That(info.FileName, Is.Null, "Filename is Null.");
}
Assert.That(data, Is.Not.EquivalentTo(outputEncrypted.ToArray()));
Assert.That(data.Length, Is.LessThan(outputEncrypted.ToArray().Length));
Assert.That(data, Is.EquivalentTo(outputPlain.ToArray()));
#endregion
}
