public void ClientDecryptionFailsWhenRecordModified()
        {
            using (Aes128GcmRecordProtection recordProtection = new Aes128GcmRecordProtection(this.masterSecret, this.serverRandom, this.clientRandom))
            {
                byte[] messageAsBytes = Encoding.UTF8.GetBytes(TestMessage);

                Record originalRecord = new Record();
                originalRecord.ContentType    = ContentType.ApplicationData;
                originalRecord.Epoch          = 1;
                originalRecord.SequenceNumber = 124;
                originalRecord.Length         = (ushort)recordProtection.GetEncryptedSize(messageAsBytes.Length);

                ByteSpan encrypted = new byte[originalRecord.Length];
                recordProtection.EncryptClientPlaintext(encrypted, messageAsBytes, ref originalRecord);

                ByteSpan plaintext = new byte[recordProtection.GetDecryptedSize(encrypted.Length)];

                Record record = originalRecord;
                record.ContentType = ContentType.Handshake;
                bool couldDecrypt = recordProtection.DecryptCiphertextFromClient(plaintext, encrypted, ref record);
                Assert.IsFalse(couldDecrypt);

                record = originalRecord;
                record.Epoch++;
                couldDecrypt = recordProtection.DecryptCiphertextFromClient(plaintext, encrypted, ref record);
                Assert.IsFalse(couldDecrypt);

                record = originalRecord;
                record.SequenceNumber++;
                couldDecrypt = recordProtection.DecryptCiphertextFromClient(plaintext, encrypted, ref record);
                Assert.IsFalse(couldDecrypt);
            }
        }
        public void ClientCanEncryptAndDecryptData()
        {
            using (Aes128GcmRecordProtection recordProtection = new Aes128GcmRecordProtection(this.masterSecret, this.serverRandom, this.clientRandom))
            {
                byte[] messageAsBytes = Encoding.UTF8.GetBytes(TestMessage);

                Record record = new Record();
                record.ContentType    = ContentType.ApplicationData;
                record.Epoch          = 1;
                record.SequenceNumber = 124;
                record.Length         = (ushort)recordProtection.GetEncryptedSize(messageAsBytes.Length);

                ByteSpan encrypted = new byte[record.Length];
                recordProtection.EncryptClientPlaintext(encrypted, messageAsBytes, ref record);

                ByteSpan plaintext    = new byte[recordProtection.GetDecryptedSize(encrypted.Length)];
                bool     couldDecrypt = recordProtection.DecryptCiphertextFromClient(plaintext, encrypted, ref record);
                Assert.IsTrue(couldDecrypt);
                Assert.AreEqual(messageAsBytes.Length, plaintext.Length);
                Assert.AreEqual(TestMessage, Encoding.UTF8.GetString(plaintext.GetUnderlyingArray(), plaintext.Offset, plaintext.Length));
            }
        }