public void VerifyDecryptFailsWithInvalidParameters()
{
// Encrypt a message
var sb = new SecretBox();
var key = new byte[KeyBytes];
sb.GenerateKey(key);
var message = Encoding.UTF8.GetBytes("You are old Father William, the young man said");
const int messageId = 1;
const string context = "test";
var ciphertext = new byte[sb.CalculateCiphertextLength(message.Length)];
sb.Encrypt(ciphertext, message, message.Length, key, context, messageId);
// Buffer to hold decrypted message
var decryptedMessage = new byte[message.Length];
// CiphertextLength is incorrect
Assert.That(
() => sb.Decrypt(decryptedMessage, ciphertext, HeaderBytes, key, context, messageId),
Throws.TypeOf <CryptographicException>().With.Message.EqualTo("MAC check failed"));
Assert.That(
sb.TryDecrypt(decryptedMessage, ciphertext, HeaderBytes, key, context, messageId),
Is.False);
// MessageId is incorrect
Assert.That(
() => sb.Decrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, 2),
Throws.TypeOf <CryptographicException>().With.Message.EqualTo("MAC check failed"));
// Verify the decrypted message is not equal to the message, as a failed MAC check should not
// leak the plaintext
Assert.That(decryptedMessage, Is.Not.EqualTo(message));
Assert.That(
sb.TryDecrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, 2),
Is.False);
Assert.That(decryptedMessage, Is.Not.EqualTo(message));
// Key is invalid
key[0]++;
Assert.That(
() => sb.Decrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, messageId),
Throws.TypeOf <CryptographicException>().With.Message.EqualTo("MAC check failed"));
Assert.That(
sb.TryDecrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, messageId),
Is.False);
key[0]--;
// Ciphertext is invalid
ciphertext[12]++;
Assert.That(
() => sb.Decrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, messageId),
Throws.TypeOf <CryptographicException>().With.Message.EqualTo("MAC check failed"));
Assert.That(
sb.TryDecrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, messageId),
Is.False);
}
public void VerifyMessageCanBeEncryptedAndDecrypted()
{
var sb = new SecretBox();
// Generate a key
var key = new byte[KeyBytes];
sb.GenerateKey(key);
// Generate a message to encrypt
var message = Encoding.UTF8.GetBytes("You are old Father William, the young man said");
const int messageId = 1;
const string context = "test";
// Buffer to hold the ciphertext
var ciphertext = new byte[sb.CalculateCiphertextLength(message.Length)];
// Encrypt
sb.Encrypt(ciphertext, message, message.Length, key, context, messageId);
// Buffer to hold decrypted message
var decryptedMessage = new byte[message.Length];
// Decrypt
sb.Decrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, messageId);
// Verify the decrypted message
Assert.That(decryptedMessage, Is.EqualTo(message));
// Decrypt using TryDecrypt
Array.Clear(decryptedMessage, 0, decryptedMessage.Length);
var result = sb.TryDecrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, messageId);
// Verify the decrypted message
Assert.That(decryptedMessage, Is.EqualTo(message));
Assert.That(result, Is.True);
}