Пример #1
0
        public void VerifyDecryptFailsWithInvalidParameters()
        {
            // Encrypt a message
            var sb  = new SecretBox();
            var key = new byte[KeyBytes];

            sb.GenerateKey(key);
            var          message    = Encoding.UTF8.GetBytes("You are old Father William, the young man said");
            const int    messageId  = 1;
            const string context    = "test";
            var          ciphertext = new byte[sb.CalculateCiphertextLength(message.Length)];

            sb.Encrypt(ciphertext, message, message.Length, key, context, messageId);

            // Buffer to hold decrypted message
            var decryptedMessage = new byte[message.Length];

            // CiphertextLength is incorrect
            Assert.That(
                () => sb.Decrypt(decryptedMessage, ciphertext, HeaderBytes, key, context, messageId),
                Throws.TypeOf <CryptographicException>().With.Message.EqualTo("MAC check failed"));
            Assert.That(
                sb.TryDecrypt(decryptedMessage, ciphertext, HeaderBytes, key, context, messageId),
                Is.False);

            // MessageId is incorrect
            Assert.That(
                () => sb.Decrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, 2),
                Throws.TypeOf <CryptographicException>().With.Message.EqualTo("MAC check failed"));

            // Verify the decrypted message is not equal to the message, as a failed MAC check should not
            // leak the plaintext
            Assert.That(decryptedMessage, Is.Not.EqualTo(message));

            Assert.That(
                sb.TryDecrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, 2),
                Is.False);
            Assert.That(decryptedMessage, Is.Not.EqualTo(message));

            // Key is invalid
            key[0]++;
            Assert.That(
                () => sb.Decrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, messageId),
                Throws.TypeOf <CryptographicException>().With.Message.EqualTo("MAC check failed"));
            Assert.That(
                sb.TryDecrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, messageId),
                Is.False);
            key[0]--;

            // Ciphertext is invalid
            ciphertext[12]++;
            Assert.That(
                () => sb.Decrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, messageId),
                Throws.TypeOf <CryptographicException>().With.Message.EqualTo("MAC check failed"));
            Assert.That(
                sb.TryDecrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, messageId),
                Is.False);
        }
Пример #2
0
        public void VerifyMessageCanBeEncryptedAndDecrypted()
        {
            var sb = new SecretBox();

            // Generate a key
            var key = new byte[KeyBytes];

            sb.GenerateKey(key);

            // Generate a message to encrypt
            var          message   = Encoding.UTF8.GetBytes("You are old Father William, the young man said");
            const int    messageId = 1;
            const string context   = "test";

            // Buffer to hold the ciphertext
            var ciphertext = new byte[sb.CalculateCiphertextLength(message.Length)];

            // Encrypt
            sb.Encrypt(ciphertext, message, message.Length, key, context, messageId);

            // Buffer to hold decrypted message
            var decryptedMessage = new byte[message.Length];

            // Decrypt
            sb.Decrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, messageId);

            // Verify the decrypted message
            Assert.That(decryptedMessage, Is.EqualTo(message));

            // Decrypt using TryDecrypt
            Array.Clear(decryptedMessage, 0, decryptedMessage.Length);
            var result = sb.TryDecrypt(decryptedMessage, ciphertext, ciphertext.Length, key, context, messageId);

            // Verify the decrypted message
            Assert.That(decryptedMessage, Is.EqualTo(message));
            Assert.That(result, Is.True);
        }