public void RNGCngNegativeTest()
{
using (RNGCng rng = new RNGCng())
{
rng.GetBytes(null);
}
}
public void PBKDF2ZeroLengthTest()
{
// Test with zero-length salt/password
RNGCng rng = new RNGCng();
byte[] password;
byte[] salt;
// Test with zero-length salt
password = new byte[10];
rng.GetBytes(password);
salt = new byte[0];
foreach (string hash in hashes)
{
byte[] derivedKey = BCryptPBKDF2.ComputeHash(hash, password, salt, ITERATION_COUNT);
ValidateDerivedKey(derivedKey, hash);
}
// Test with zero-length password
salt = new byte[16];
rng.GetBytes(salt);
password = new byte[0];
foreach (string hash in hashes)
{
byte[] derivedKey = BCryptPBKDF2.ComputeHash(hash, password, salt, ITERATION_COUNT);
ValidateDerivedKey(derivedKey, hash);
}
}
public void RNGCngPropertiesTest()
{
using (RNGCng rng = new RNGCng())
{
Assert.AreEqual(CngProvider2.MicrosoftPrimitiveAlgorithmProvider, rng.Provider);
}
}
public void TripleDESCngPaddingRoundTripTests()
{
int blockSize = 0;
using (TripleDESCng tdes = new TripleDESCng())
{
blockSize = tdes.BlockSize / 8;
}
using (RNGCng rng = new RNGCng())
{
byte[] zeroByte = new byte[0];
byte[] oneByte = new byte[1];
rng.GetBytes(oneByte);
byte[] blockMinusOne = new byte[blockSize - 1];
rng.GetBytes(blockMinusOne);
byte[] block = new byte[blockSize];
rng.GetBytes(block);
byte[] blockPlusOne = new byte[blockSize + 1];
rng.GetBytes(blockPlusOne);
foreach (var paddingMode in new PaddingMode[] { PaddingMode.ANSIX923, PaddingMode.ISO10126, PaddingMode.PKCS7 })
{
Assert.IsTrue(RoundTripHelper(zeroByte, typeof(TripleDESCng), typeof(TripleDESCng), (tdes) => { tdes.Padding = paddingMode; }), paddingMode.ToString() + " - zeroByte");
Assert.IsTrue(RoundTripHelper(oneByte, typeof(TripleDESCng), typeof(TripleDESCng), (tdes) => { tdes.Padding = paddingMode; }), paddingMode.ToString() + " - oneByte");
Assert.IsTrue(RoundTripHelper(blockMinusOne, typeof(TripleDESCng), typeof(TripleDESCng), (tdes) => { tdes.Padding = paddingMode; }), paddingMode.ToString() + " - blockMinusOne");
Assert.IsTrue(RoundTripHelper(block, typeof(TripleDESCng), typeof(TripleDESCng), (tdes) => { tdes.Padding = paddingMode; }), paddingMode.ToString() + " - block");
Assert.IsTrue(RoundTripHelper(blockPlusOne, typeof(TripleDESCng), typeof(TripleDESCng), (tdes) => { tdes.Padding = paddingMode; }), paddingMode.ToString() + " - blockPlusOne");
}
}
}
public void TripleDESCngModeRoundTripTests()
{
int blockSize = 0;
using (TripleDESCng tdes = new TripleDESCng())
{
blockSize = tdes.BlockSize / 8;
}
using (RNGCng rng = new RNGCng())
{
for (int i = 1; i <= 10; ++i)
{
byte[] data = new byte[i * blockSize];
rng.GetBytes(data);
foreach (var cipherMode in new CipherMode[] { CipherMode.CBC, CipherMode.ECB, CipherMode.CFB })
{
Assert.IsTrue(RoundTripHelper(data, typeof(TripleDESCng), typeof(TripleDESCng), (tdes) => { tdes.Mode = cipherMode; }), i.ToString() + " blocks - " + cipherMode.ToString());
}
foreach (var chainingMode in new CngChainingMode[] { CngChainingMode.Cbc, CngChainingMode.Ecb, CngChainingMode.Cfb })
{
Assert.IsTrue(RoundTripHelper(data, typeof(TripleDESCng), typeof(TripleDESCng), (tdes) => { (tdes as ICngSymmetricAlgorithm).CngMode = chainingMode; }), i.ToString() + " blocks - " + chainingMode.ToString());
}
}
}
}
public void RNGCngNonZeroNegativeTest()
{
using (RNGCng rng = new RNGCng())
{
byte[] randomBytes = new byte[128];
rng.GetNonZeroBytes(randomBytes);
}
}
public void RNGCngZeroTest()
{
using (RNGCng rng = new RNGCng())
{
byte[] randomBytes = new byte[128];
rng.GetBytes(randomBytes);
Assert.IsTrue(true);
}
}
public void RNGCngLargeTest()
{
using (RNGCng rng = new RNGCng())
{
byte[] randomBytes = new byte[10485760]; // 10 MB
rng.GetBytes(randomBytes);
Assert.IsTrue(AreRandomBytes(randomBytes));
}
}
public void RNGCngPositiveTest()
{
using (RNGCng rng = new RNGCng())
{
byte[] randomBytes = new byte[128];
rng.GetBytes(randomBytes);
Assert.IsTrue(AreRandomBytes(randomBytes));
}
}
/// <summary>
/// Utility method to help write AesCng round-trip tests
/// </summary>
private static bool RoundTripHelper(int bytes)
{
using (RNGCng rng = new RNGCng())
{
byte[] data = new byte[bytes];
rng.GetBytes(data);
return(RoundTripHelper(data));
}
}
public void TripleDESCngInteropTests()
{
using (RNGCng rng = new RNGCng())
{
byte[] data = new byte[1001];
rng.GetBytes(data);
Assert.IsTrue(RoundTripHelper(data, typeof(TripleDESCng), typeof(TripleDESCryptoServiceProvider), (tdes) => { }), "CNG/CSP interop failed");
Assert.IsTrue(RoundTripHelper(data, typeof(TripleDESCryptoServiceProvider), typeof(TripleDESCng), (tdes) => { }), "CSP/CNG interop failed");
}
}
public void RSACngSignaturePssRoundTripTest()
{
using (RSACng rsa = new RSACng())
using (RNGCng rng = new RNGCng())
{
rsa.SignaturePaddingMode = AsymmetricPaddingMode.Pss;
byte[] data = new byte[2000];
rng.GetBytes(data);
byte[] signature = rsa.SignData(data);
Assert.IsTrue(rsa.VerifyData(data, signature));
}
}
public void PBKDF2SmallInputTest()
{
// Test with a large password and large salt
RNGCng rng = new RNGCng();
byte[] password = new byte[1];
byte[] salt = new byte[1];
rng.GetBytes(salt);
rng.GetBytes(password);
foreach (string hash in hashes)
{
byte[] derivedKey = BCryptPBKDF2.ComputeHash(hash, password, salt, ITERATION_COUNT);
ValidateDerivedKey(derivedKey, hash);
}
}
public void PBKDF2OneIterationTest()
{
// Test with one iteration
RNGCng rng = new RNGCng();
byte[] password = new byte[12];
byte[] salt = new byte[16];
rng.GetBytes(salt);
rng.GetBytes(password);
foreach (string hash in hashes)
{
byte[] derivedKey = BCryptPBKDF2.ComputeHash(hash, password, salt, 1);
ValidateDerivedKey(derivedKey, hash);
}
}
public void RSACngXmlRoundTripTest()
{
using (RSACng rsa = new RSACng())
using (RSACng rsaRT = new RSACng())
using (RNGCng rng = new RNGCng())
{
string keyXml = rsa.ToXmlString(false); // The default KSP does not support importing full RSA key blobs
rsaRT.FromXmlString(keyXml);
rsa.SignaturePaddingMode = AsymmetricPaddingMode.Pkcs1;
rsaRT.SignaturePaddingMode = AsymmetricPaddingMode.Pkcs1;
byte[] data = new byte[2000];
rng.GetBytes(data);
byte[] signature = rsa.SignData(data);
Assert.IsTrue(rsaRT.VerifyData(data, signature));
}
}
public void HMACSHA384CngTest()
{
using (RNGCng rng = new RNGCng())
{
byte[] key = new byte[128];
rng.GetBytes(key);
using (HMACSHA384 bclHmac = new HMACSHA384(key))
using (HMACSHA384Cng cngHmac = new HMACSHA384Cng(key))
{
for (int i = 0; i < 10; ++i)
{
byte[] data = new byte[2048];
rng.GetBytes(data);
byte[] bcl = bclHmac.ComputeHash(data);
byte[] cng = cngHmac.ComputeHash(data);
Assert.IsTrue(Util.CompareBytes(bcl, cng));
}
}
}
}
public void AuthenticatedAesCngChainingTest()
{
byte[] plaintext = new byte[20 * 1024];
byte[] iv = new byte[12];
byte[] authenticatedData = new byte[1024];
using (RNGCng rng = new RNGCng())
{
rng.GetBytes(plaintext);
rng.GetBytes(iv);
rng.GetBytes(authenticatedData);
}
foreach (CngChainingMode chainingMode in new CngChainingMode[] { CngChainingMode.Ccm, CngChainingMode.Gcm })
{
using (AuthenticatedAesCng aes = new AuthenticatedAesCng())
{
aes.AuthenticatedData = authenticatedData;
aes.CngMode = chainingMode;
aes.IV = iv;
// Encrypt the whole block of data at once
byte[] wholeCiphertext = null;
byte[] wholeTag = null;
using (IAuthenticatedCryptoTransform encryptor = aes.CreateAuthenticatedEncryptor())
{
wholeCiphertext = encryptor.TransformFinalBlock(plaintext, 0, plaintext.Length);
wholeTag = encryptor.GetTag();
}
// Encrypt it in chunks
byte[] blockCiphertext = null;
byte[] blockTag = null;
using (MemoryStream ms = new MemoryStream())
using (IAuthenticatedCryptoTransform encryptor = aes.CreateAuthenticatedEncryptor())
using (CryptoStream cs = new CryptoStream(ms, encryptor, CryptoStreamMode.Write))
{
int chunkSize = 128;
for (int offset = 0; offset < plaintext.Length; offset += chunkSize)
{
cs.Write(plaintext, offset, chunkSize);
}
cs.FlushFinalBlock();
blockCiphertext = ms.ToArray();
blockTag = encryptor.GetTag();
}
// Make sure we got the same results in both cases
Assert.IsTrue(Util.CompareBytes(wholeCiphertext, blockCiphertext));
Assert.IsTrue(Util.CompareBytes(wholeTag, blockTag));
aes.Tag = wholeTag;
// Decrypt the whole block of data at once
using (ICryptoTransform decryptor = aes.CreateDecryptor())
{
byte[] wholePlaintext = decryptor.TransformFinalBlock(wholeCiphertext, 0, wholeCiphertext.Length);
Assert.IsTrue(Util.CompareBytes(plaintext, wholePlaintext));
}
// Decrypt the data in chunks
using (MemoryStream ms = new MemoryStream())
using (ICryptoTransform decryptor = aes.CreateDecryptor())
using (CryptoStream cs = new CryptoStream(ms, decryptor, CryptoStreamMode.Write))
{
int chunkSize = 128;
for (int offset = 0; offset < blockCiphertext.Length; offset += chunkSize)
{
cs.Write(blockCiphertext, offset, chunkSize);
}
cs.FlushFinalBlock();
byte[] blockPlaintext = ms.ToArray();
Assert.IsTrue(Util.CompareBytes(plaintext, blockPlaintext));
}
}
}
}
