public static void EncryptWithPlaintextOverlapping(AeadAlgorithm a) { using (var k = new Key(a)) { var n = new Nonce(Utilities.RandomBytes.Slice(0, a.NonceSize), 0); var ad = Utilities.RandomBytes.Slice(0, 100).ToArray(); var b = Utilities.RandomBytes.Slice(200, 200).ToArray(); Assert.Throws <ArgumentException>("ciphertext", () => a.Encrypt(k, n, ad, b.AsSpan(10, 100), b.AsSpan(60, 100 + a.TagSize))); Assert.Throws <ArgumentException>("ciphertext", () => a.Encrypt(k, n, ad, b.AsSpan(60, 100), b.AsSpan(10, 100 + a.TagSize))); } }
public static void EncryptWithNonceTooSmall(AeadAlgorithm a) { using (var k = new Key(a)) { Assert.Throws <ArgumentException>("nonce", () => a.Encrypt(k, new Nonce(0, a.NonceSize - 1), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty)); } }
public static void EncryptWithWrongKey(AeadAlgorithm a) { using (var k = new Key(SignatureAlgorithm.Ed25519)) { Assert.Throws <ArgumentException>("key", () => a.Encrypt(k, default(Nonce), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty)); } }
public static void EncryptWithDisposedKey(AeadAlgorithm a) { var k = new Key(a); k.Dispose(); Assert.Throws <ObjectDisposedException>(() => a.Encrypt(k, new Nonce(0, a.NonceSize), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty)); }
public static void EncryptEmptyWithSpanTooLarge(AeadAlgorithm a) { using (var k = new Key(a)) { Assert.Throws <ArgumentException>("ciphertext", () => a.Encrypt(k, new Nonce(0, a.NonceSize), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty, new byte[a.TagSize + 1])); } }
public static void EncryptWithSpanInPlace(AeadAlgorithm a) { using (var k = new Key(a)) { var n = new Nonce(Utilities.RandomBytes.Slice(0, a.NonceSize), 0); var ad = Utilities.RandomBytes.Slice(0, 100); var expected = new byte[L + a.TagSize]; var actual = new byte[L + a.TagSize]; Utilities.RandomBytes.Slice(0, L).CopyTo(actual); a.Encrypt(k, n, ad, actual.AsSpan(0, L), expected); a.Encrypt(k, n, ad, actual.AsSpan(0, L), actual); Assert.Equal(expected, actual); } }
public static void EncryptWithAdOverlapping(AeadAlgorithm a) { using (var k = new Key(a)) { var n = new Nonce(Utilities.RandomBytes.Slice(0, a.NonceSize), 0); var b = Utilities.RandomBytes.Slice(0, L); var expected = new byte[b.Length + a.TagSize]; var actual = new byte[b.Length + a.TagSize]; Utilities.RandomBytes.Slice(200, actual.Length).CopyTo(actual); a.Encrypt(k, n, actual, b, expected); a.Encrypt(k, n, actual, b, actual); Assert.Equal(expected, actual); } }
private static void EncryptBeforeSend(ReadOnlySpan <byte> associatedData, Nonce sendNonce, ReadOnlySpan <byte> plaintext, Span <byte> ciphertext) { _algorithm.Encrypt(_sendKey, sendNonce, associatedData, plaintext, ciphertext); if (!Nonce.TryIncrement(ref _sendSequenceNumber)) { _sendKey.Dispose(); } }
private static void Tests() { Console.WriteLine("Performing tests..."); foreach (var i in Enumerable.Range(0, 10000)) { var key = Key.Create(KeyAgreementAlgorithm.X25519, new KeyCreationParameters { ExportPolicy = KeyExportPolicies.AllowPlaintextExport }); var key2 = Key.Create(KeyAgreementAlgorithm.X25519, new KeyCreationParameters { ExportPolicy = KeyExportPolicies.AllowPlaintextExport }); var test1 = Convert.ToBase64String(SharedKey(key.Export(Pub), key2.Export(Priv)) .Export(KeyBlobFormat.NSecSymmetricKey)) == Convert.ToBase64String(SharedKey(key2.Export(Pub), key.Export(Priv)) .Export(KeyBlobFormat.NSecSymmetricKey)); var encdata = Aead.Encrypt(SharedKey(key.Export(Pub), key2.Export(Priv)), new Nonce(0, 12), ReadOnlySpan <byte> .Empty, Encoding.UTF8.GetBytes("test2")); var encdata2 = Aead.Encrypt(SharedKey(key2.Export(Pub), key.Export(Priv)), new Nonce(0, 12), ReadOnlySpan <byte> .Empty, Encoding.UTF8.GetBytes("test2")); var test2 = Convert.ToBase64String(encdata) == Convert.ToBase64String(encdata2); var dec = Aead.Decrypt(SharedKey(key.Export(Pub), key2.Export(Priv)), new Nonce(0, 12), ReadOnlySpan <byte> .Empty, encdata, out var decdata); var dec2 = Aead.Decrypt(SharedKey(key2.Export(Pub), key.Export(Priv)), new Nonce(0, 12), ReadOnlySpan <byte> .Empty, encdata, out var decdata2); var test3 = dec && dec2; var test4 = Convert.ToBase64String(decdata ?? throw new InvalidOperationException()) == Convert.ToBase64String(decdata2 ?? throw new InvalidOperationException()); if (test1 && test2 && test3 && test4) { if (i % 100 == 0) { Console.WriteLine($"Passed {i}"); } } else { Console.WriteLine( $"Failed a test at {i} out of 10000. Test 1 (Key agreement): {test1} \r\nTest 2 (Encrypting with same key): {test2}\r\nTest 3 (Testing if decryption passes): {test3}\r\nTest 4(Testing if decrypted data is identical: {test4}"); return; } } }
public static void EncryptEmptySuccess(AeadAlgorithm a) { using (var k = new Key(a)) { var b = a.Encrypt(k, new Nonce(0, a.NonceSize), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty); Assert.NotNull(b); Assert.Equal(a.TagSize, b.Length); } }
public static void DecryptWithSpanTooLarge(AeadAlgorithm a) { using (var k = new Key(a)) { var ct = a.Encrypt(k, new Nonce(0, a.NonceSize), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty); Assert.NotNull(ct); Assert.Equal(a.TagSize, ct.Length); Assert.Throws <ArgumentException>("plaintext", () => a.Decrypt(k, new Nonce(0, a.NonceSize), ReadOnlySpan <byte> .Empty, ct, new byte[1])); } }
public static void EncryptWithNonceTooLarge(AeadAlgorithm a) { if (a.NonceSize == Nonce.MaxSize) { return; } using (var k = new Key(a)) { Assert.Throws <ArgumentException>("nonce", () => a.Encrypt(k, new Nonce(0, a.NonceSize + 1), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty)); } }
private string EncryptSensitiveData(string data, byte[] keyBytes, byte[] nonce) { AeadAlgorithm aeadAlgorithm = AeadAlgorithm.Aes256Gcm; using Key key = Key.Import(AeadAlgorithm.Aes256Gcm, keyBytes, _keyBlobFormat); byte[] dataBytes = Encoding.UTF8.GetBytes(data); byte[] encrypted = aeadAlgorithm.Encrypt(key, nonce, null, Encoding.UTF8.GetBytes(data)); return(encrypted.ByteArrayToHexString()); }
public static void DecryptEmptySuccess(AeadAlgorithm a) { using (var k = new Key(a)) { var ct = a.Encrypt(k, new Nonce(0, a.NonceSize), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty); Assert.NotNull(ct); Assert.Equal(a.TagSize, ct.Length); Assert.True(a.Decrypt(k, new Nonce(0, a.NonceSize), ReadOnlySpan <byte> .Empty, ct, out var pt)); Assert.NotNull(pt); Assert.Empty(pt); } }
public byte[] EncryptDataByAes256Gcm(string data, EncryptorKey encryptorKey) { //return new byte[]{}; return(aeadAlgorithm.Encrypt(encryptorKey.Key, encryptorKey.Nonce, null, Encoding.UTF8.GetBytes(data))); // increment the counter field of the send nonce //if (!Nonce.TryIncrement(ref Nonce)) //{ // // abort the connection when the counter field of the // // send nonce reaches the maximum value // simmetricKey.Dispose(); // serverKey.Dispose(); //} }
public static void DecryptWithSpanOutOfPlace(AeadAlgorithm a) { using (var k = new Key(a)) { var n = new Nonce(Utilities.RandomBytes.Slice(0, a.NonceSize), 0); var ad = Utilities.RandomBytes.Slice(0, 100); var expected = Utilities.RandomBytes.Slice(0, L).ToArray(); var actual = new byte[L]; var ciphertext = a.Encrypt(k, n, ad, expected); Assert.True(a.Decrypt(k, n, ad, ciphertext, actual)); Assert.Equal(expected, actual); } }
public static void DecryptWithAdOverlapping(AeadAlgorithm a) { using (var k = new Key(a)) { var n = new Nonce(Utilities.RandomBytes.Slice(0, a.NonceSize), 0); var b = Utilities.RandomBytes.Slice(0, L); var expected = b.ToArray(); var actual = Utilities.RandomBytes.Slice(200, L).ToArray(); var ciphertext = a.Encrypt(k, n, actual.AsSpan(10, 100), expected); Assert.True(a.Decrypt(k, n, actual.AsSpan(10, 100), ciphertext, actual)); Assert.Equal(expected, actual); } }
public void EncryptBeforeSend( ReadOnlySpan <byte> associatedData, ReadOnlySpan <byte> plaintext, Span <byte> ciphertext) { // encrypt the plaintext with the send nonce _algorithm.Encrypt( _sendKey, _sendNonce, associatedData, plaintext, ciphertext); // increment the counter field of the send nonce if (!Nonce.TryIncrement(ref _sendNonce)) { // abort the connection when the counter field of the // send nonce reaches the maximum value _sendKey.Dispose(); _receiveKey.Dispose(); } }
public void EncryptBeforeSend( ReadOnlySpan <byte> associatedData, ReadOnlySpan <byte> plaintext, Span <byte> ciphertext) { // encrypt the plaintext with the send sequence number XORed // with the send IV as the nonce _algorithm.Encrypt( _sendKey, _sendSequenceNumber ^ _sendIV, associatedData, plaintext, ciphertext); // increment the send sequence number if (!Nonce.TryIncrement(ref _sendSequenceNumber)) { // abort the connection when the send sequence number // reaches the maximum value _sendKey.Dispose(); _receiveKey.Dispose(); } }
public static void EncryptWithSpanWithNullKey(AeadAlgorithm a) { Assert.Throws <ArgumentNullException>("key", () => a.Encrypt(null, default(Nonce), ReadOnlySpan <byte> .Empty, ReadOnlySpan <byte> .Empty, Span <byte> .Empty)); }