public void ThrowWhenDecryptingLessThanSixtyFiveBytes(byte[] ciphertext) { DataEncryptionKey encryptionKey = new ProtectedDataEncryptionKey("EK", keyEncryptionKey, encryptedDataEncryptionKey); AeadAes256CbcHmac256EncryptionAlgorithm encryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(encryptionKey, EncryptionType.Deterministic); Assert.Throws <ArgumentException>(() => encryptionAlgorithm.Decrypt(ciphertext)); }
public void ThrowWhenDecryptionAnInvalidAuthenticationTag() { byte[] invalidAuthTag = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65 }; DataEncryptionKey encryptionKey = new ProtectedDataEncryptionKey("EK", keyEncryptionKey, encryptedDataEncryptionKey); AeadAes256CbcHmac256EncryptionAlgorithm encryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(encryptionKey, EncryptionType.Deterministic); Assert.Throws <CryptographicException>(() => encryptionAlgorithm.Decrypt(invalidAuthTag)); }
/// <summary> /// Initializes a new instance of MdeEncryptionAlgorithm. /// Uses <see cref="AeadAes256CbcHmac256EncryptionAlgorithm"/> which implements authenticated encryption algorithm with associated data as described /// <see href="http://tools.ietf.org/html/draft-mcgrew-aead-aes-cbc-hmac-sha2-05">here</see> . /// More specifically this implements AEAD_AES_256_CBC_HMAC_SHA256 algorithm. /// </summary> /// <param name="dataEncryptionKey"> Data Encryption Key </param> /// <param name="encryptionType"> Encryption type </param> public MdeEncryptionAlgorithm( Data.Encryption.Cryptography.DataEncryptionKey dataEncryptionKey, Data.Encryption.Cryptography.EncryptionType encryptionType) { this.mdeAeadAes256CbcHmac256EncryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate( dataEncryptionKey, encryptionType); }
public void ReturnNullWhenDecryptingNull() { DataEncryptionKey encryptionKey = new ProtectedDataEncryptionKey("EK", keyEncryptionKey, encryptedDataEncryptionKey); AeadAes256CbcHmac256EncryptionAlgorithm encryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(encryptionKey, EncryptionType.Deterministic); byte[] plaintext = encryptionAlgorithm.Decrypt(null); Assert.Null(plaintext); }
/// <summary> /// Initializes a new instance of MdeEncryptionAlgorithm. /// Uses <see cref="AeadAes256CbcHmac256EncryptionAlgorithm"/> which implements authenticated encryption algorithm with associated data as described /// <see href="http://tools.ietf.org/html/draft-mcgrew-aead-aes-cbc-hmac-sha2-05">here</see> . /// More specifically this implements AEAD_AES_256_CBC_HMAC_SHA256 algorithm. /// </summary> /// <param name="dekProperties"> Data Encryption Key properties</param> /// <param name="encryptionType"> Encryption type </param> /// <param name="encryptionKeyStoreProvider"> EncryptionKeyStoreProvider for wrapping and unwrapping </param> public MdeEncryptionAlgorithm( DataEncryptionKeyProperties dekProperties, Data.Encryption.Cryptography.EncryptionType encryptionType, EncryptionKeyStoreProvider encryptionKeyStoreProvider, TimeSpan?cacheTimeToLive) { if (dekProperties == null) { throw new ArgumentNullException(nameof(dekProperties)); } if (encryptionKeyStoreProvider == null) { throw new ArgumentNullException(nameof(encryptionKeyStoreProvider)); } KeyEncryptionKey keyEncryptionKey = KeyEncryptionKey.GetOrCreate( dekProperties.EncryptionKeyWrapMetadata.Name, dekProperties.EncryptionKeyWrapMetadata.Value, encryptionKeyStoreProvider); ProtectedDataEncryptionKey protectedDataEncryptionKey; if (cacheTimeToLive.HasValue) { // no caching if (cacheTimeToLive.Value == TimeSpan.Zero) { protectedDataEncryptionKey = new ProtectedDataEncryptionKey( dekProperties.Id, keyEncryptionKey, dekProperties.WrappedDataEncryptionKey); } else { protectedDataEncryptionKey = ProtectedDataEncryptionKey.GetOrCreate( dekProperties.Id, keyEncryptionKey, dekProperties.WrappedDataEncryptionKey); protectedDataEncryptionKey.TimeToLive = cacheTimeToLive.Value; } } else { protectedDataEncryptionKey = ProtectedDataEncryptionKey.GetOrCreate( dekProperties.Id, keyEncryptionKey, dekProperties.WrappedDataEncryptionKey); } this.mdeAeadAes256CbcHmac256EncryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate( protectedDataEncryptionKey, encryptionType); }
internal static IEnumerable <byte[]> Encrypt(this IEnumerable source, EncryptionSettings settings) { DataProtector encryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(settings.DataEncryptionKey, settings.EncryptionType); ISerializer serializer = settings.GetSerializer(); foreach (var item in source) { byte[] serializedData = serializer.Serialize(item); yield return(encryptionAlgorithm.Encrypt(serializedData)); } }
public void EncryptToSameCiphertextWhenDeterministicEncryptionTypeSelected(DataEncryptionKey encryptionKey) { EncryptionType encryptionType = EncryptionType.Deterministic; byte[] serializedPlaintext = new byte[] { 1, 2, 3, 4, 5 }; AeadAes256CbcHmac256EncryptionAlgorithm encryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(encryptionKey, encryptionType); byte[] ciphertext1 = encryptionAlgorithm.Encrypt(serializedPlaintext); byte[] ciphertext2 = encryptionAlgorithm.Encrypt(serializedPlaintext); byte[] ciphertext3 = encryptionAlgorithm.Encrypt(serializedPlaintext); Assert.Equal(ciphertext1, ciphertext2); Assert.Equal(ciphertext2, ciphertext3); Assert.Equal(ciphertext1, ciphertext3); }
public void EncryptToDifferentCiphertextWhenRandomizedEncryptionTypeSelected(DataEncryptionKey encryptionKey) { EncryptionType encryptionType = EncryptionType.Randomized; byte[] serializedPlaintext = new byte[] { 1, 2, 3, 4, 5 }; AeadAes256CbcHmac256EncryptionAlgorithm encryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(encryptionKey, encryptionType); byte[] ciphertext1 = encryptionAlgorithm.Encrypt(serializedPlaintext); byte[] ciphertext2 = encryptionAlgorithm.Encrypt(serializedPlaintext); byte[] ciphertext3 = encryptionAlgorithm.Encrypt(serializedPlaintext); Assert.NotEqual(ciphertext1, ciphertext2); Assert.NotEqual(ciphertext2, ciphertext3); Assert.NotEqual(ciphertext1, ciphertext3); }
internal static EncryptionSettings Create( EncryptionSettings settingsForKey, EncryptionType encryptionType) { return(new EncryptionSettings() { ClientEncryptionKeyId = settingsForKey.ClientEncryptionKeyId, DataEncryptionKey = settingsForKey.DataEncryptionKey, EncryptionType = encryptionType, EncryptionSettingTimeToLive = settingsForKey.EncryptionSettingTimeToLive, AeadAes256CbcHmac256EncryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate( settingsForKey.DataEncryptionKey, encryptionType), }); }
internal static IList Decrypt(this IEnumerable source, EncryptionSettings settings) { DataProtector encryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(settings.DataEncryptionKey, settings.EncryptionType); ISerializer serializer = settings.GetSerializer(); Type type = serializer.GetType().BaseType.GetGenericArguments()[0]; IList list = (IList)Activator.CreateInstance(typeof(List <>).MakeGenericType(type)); foreach (var item in source) { byte[] plaintextData = encryptionAlgorithm.Decrypt((byte[])item); list.Add(serializer.Deserialize(plaintextData)); } return(list); }
public void CacheEncryptionAlgorithmsCorrectlyWhenCallingGetOrCreate() { DataEncryptionKey key1 = new ProtectedDataEncryptionKey("EK", keyEncryptionKey, encryptedDataEncryptionKey); DataEncryptionKey key2 = new ProtectedDataEncryptionKey("EK", keyEncryptionKey, encryptedDataEncryptionKey); DataEncryptionKey key3 = new ProtectedDataEncryptionKey("Not_EK", keyEncryptionKey, encryptedDataEncryptionKey); AeadAes256CbcHmac256EncryptionAlgorithm algorithm1 = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(key1, EncryptionType.Deterministic); AeadAes256CbcHmac256EncryptionAlgorithm algorithm2 = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(key2, EncryptionType.Deterministic); Assert.Same(algorithm1, algorithm2); AeadAes256CbcHmac256EncryptionAlgorithm algorithm3 = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(key1, EncryptionType.Deterministic); AeadAes256CbcHmac256EncryptionAlgorithm algorithm4 = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(key2, EncryptionType.Randomized); Assert.NotSame(algorithm3, algorithm4); AeadAes256CbcHmac256EncryptionAlgorithm algorithm5 = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(key1, EncryptionType.Randomized); AeadAes256CbcHmac256EncryptionAlgorithm algorithm6 = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(key3, EncryptionType.Randomized); Assert.NotSame(algorithm5, algorithm6); }
public void EncryptAndDecryptToTheSameValue <T>(T originalPlaintext, Serializer <T> serializer) { DataEncryptionKey[] keys = { new ProtectedDataEncryptionKey("EK", keyEncryptionKey, encryptedDataEncryptionKey), new PlaintextDataEncryptionKey("EK", plaintextEncryptionKeyBytes) }; foreach (DataEncryptionKey encryptionKey in keys) { EncryptionType encryptionType = (EncryptionType)random.Next(1, 2); AeadAes256CbcHmac256EncryptionAlgorithm encryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(encryptionKey, encryptionType); byte[] serializedPlaintext = serializer.Serialize(originalPlaintext); byte[] ciphhertext = encryptionAlgorithm.Encrypt(serializedPlaintext); byte[] decryptedPlaintext = encryptionAlgorithm.Decrypt(ciphhertext); T actualPlaintext = serializer.Deserialize(decryptedPlaintext); Assert.Equal(originalPlaintext, actualPlaintext); } }