internal static void TestTampering(ITest test, IAeadCipher cipher, ICipherParameters parameters)
{
byte[] plaintext = new byte[1000];
for (int i = 0; i < plaintext.Length; i++)
{
plaintext[i] = (byte)i;
}
cipher.Init(true, parameters);
byte[] ciphertext = new byte[cipher.GetOutputSize(plaintext.Length)];
int len = cipher.ProcessBytes(plaintext, 0, plaintext.Length, ciphertext, 0);
cipher.DoFinal(ciphertext, len);
int macLength = cipher.GetMac().Length;
// Test tampering with a single byte
cipher.Init(false, parameters);
byte[] tampered = new byte[ciphertext.Length];
byte[] output = new byte[plaintext.Length];
Array.Copy(ciphertext, 0, tampered, 0, tampered.Length);
tampered[0] += 1;
cipher.ProcessBytes(tampered, 0, tampered.Length, output, 0);
try
{
cipher.DoFinal(output, 0);
throw new TestFailedException(
new SimpleTestResult(false, test + " : tampering of ciphertext not detected."));
}
catch (InvalidCipherTextException e)
{
// Expected
}
// Test truncation of ciphertext to < tag length
cipher.Init(false, parameters);
byte[] truncated = new byte[macLength - 1];
Array.Copy(ciphertext, 0, truncated, 0, truncated.Length);
cipher.ProcessBytes(truncated, 0, truncated.Length, output, 0);
try
{
cipher.DoFinal(output, 0);
Fail(test, "tampering of ciphertext not detected.");
}
catch (InvalidCipherTextException e)
{
// Expected
}
}
/**
* process an array of bytes, producing output if necessary.
*
* @param in the input byte array.
* @param inOff the offset at which the input data starts.
* @param len the number of bytes to be copied out of the input array.
* @param out the space for any output that might be produced.
* @param outOff the offset from which the output will be copied.
* @return the number of output bytes copied to out.
* @exception DataLengthException if there isn't enough space in out.
* @exception InvalidOperationException if the cipher isn't initialised.
*/
public override int ProcessBytes(
byte[] input,
int inOff,
int length,
byte[] output,
int outOff)
{
return(cipher.ProcessBytes(input, inOff, length, output, outOff));
}
private int CipherUpdate(ReadOnlySpan <byte> i, Span <byte> o)
{
byte[] t = new byte[o.Length];
byte[] n = new byte[nonce.Length];
nonce.CopyTo(n, 0);
aead.Init(enc, new AeadParameters(new KeyParameter(sessionKey), tagLen * 8, n));
int r = aead.ProcessBytes(i.ToArray(), 0, i.Length, t, 0);
r += aead.DoFinal(t, r);
t.CopyTo(o);
return(r);
}
