public void RequiresPlaintext() { ArgumentNullException ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.Rsa15Parameters(null)); Assert.AreEqual("plaintext", ex.ParamName); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.RsaOaepParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.RsaOaep256Parameters(null)); Assert.AreEqual("plaintext", ex.ParamName); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128GcmParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A128GcmParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A192GcmParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A192GcmParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A256GcmParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A256GcmParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128CbcParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A128CbcParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128CbcParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A192CbcParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128CbcParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A256CbcParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128CbcPadParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A128CbcPadParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128CbcPadParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A192CbcPadParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128CbcPadParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A256CbcPadParameters(Array.Empty <byte>(), null)); }
public void EncryptAfterValidDate() { using Aes aes = Aes.Create(); KeyVaultKey key = new KeyVaultKey("test") { Key = new JsonWebKey(aes), Properties = { ExpiresOn = DateTimeOffset.Now.AddDays(-1), }, }; AesCryptographyProvider provider = new AesCryptographyProvider(key.Key, key.Properties, false); byte[] iv = { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30, 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 }; EncryptParameters options = EncryptParameters.A128CbcParameters(Encoding.UTF8.GetBytes("Single block msg"), iv); InvalidOperationException ex = Assert.Throws <InvalidOperationException>(() => provider.Encrypt(options, default)); Assert.AreEqual($"The key \"test\" is not valid after {key.Properties.ExpiresOn.Value:r}.", ex.Message); }
public async Task EncryptLocalDecryptOnManagedHsm([EnumValues( nameof(EncryptionAlgorithm.A128Cbc), nameof(EncryptionAlgorithm.A192Cbc), nameof(EncryptionAlgorithm.A256Cbc), nameof(EncryptionAlgorithm.A128CbcPad), nameof(EncryptionAlgorithm.A192CbcPad), nameof(EncryptionAlgorithm.A256CbcPad))] EncryptionAlgorithm algorithm) { int keySizeInBytes = algorithm.GetAesCbcEncryptionAlgorithm().KeySizeInBytes; JsonWebKey jwk = KeyUtilities.CreateAesKey(keySizeInBytes, s_aesKeyOps); string keyName = Recording.GenerateId(); KeyVaultKey key = await Client.ImportKeyAsync( new ImportKeyOptions(keyName, jwk)); RegisterForCleanup(key.Name); CryptographyClient remoteClient = GetCryptoClient(key.Id, forceRemote: true); CryptographyClient localClient = GetLocalCryptoClient(jwk); byte[] plaintext = new byte[32]; Recording.Random.NextBytes(plaintext); byte[] iv = new byte[16]; if (algorithm.GetAesCbcEncryptionAlgorithm() is AesCbc) { Recording.Random.NextBytes(iv); } EncryptParameters encryptParams = algorithm.ToString() switch { EncryptionAlgorithm.A128CbcValue => EncryptParameters.A128CbcParameters(plaintext, iv), EncryptionAlgorithm.A192CbcValue => EncryptParameters.A192CbcParameters(plaintext, iv), EncryptionAlgorithm.A256CbcValue => EncryptParameters.A256CbcParameters(plaintext, iv), EncryptionAlgorithm.A128CbcPadValue => EncryptParameters.A128CbcPadParameters(plaintext, iv), EncryptionAlgorithm.A192CbcPadValue => EncryptParameters.A192CbcPadParameters(plaintext, iv), EncryptionAlgorithm.A256CbcPadValue => EncryptParameters.A256CbcPadParameters(plaintext, iv), _ => throw new NotSupportedException($"{algorithm} is not supported"), }; EncryptResult encrypted = await localClient.EncryptAsync(encryptParams); Assert.IsNotNull(encrypted.Ciphertext); DecryptParameters decryptParameters = algorithm.ToString() switch { EncryptionAlgorithm.A128CbcValue => DecryptParameters.A128CbcParameters(encrypted.Ciphertext, encrypted.Iv), EncryptionAlgorithm.A192CbcValue => DecryptParameters.A192CbcParameters(encrypted.Ciphertext, encrypted.Iv), EncryptionAlgorithm.A256CbcValue => DecryptParameters.A256CbcParameters(encrypted.Ciphertext, encrypted.Iv), EncryptionAlgorithm.A128CbcPadValue => DecryptParameters.A128CbcPadParameters(encrypted.Ciphertext, encrypted.Iv), EncryptionAlgorithm.A192CbcPadValue => DecryptParameters.A192CbcPadParameters(encrypted.Ciphertext, encrypted.Iv), EncryptionAlgorithm.A256CbcPadValue => DecryptParameters.A256CbcPadParameters(encrypted.Ciphertext, encrypted.Iv), _ => throw new NotSupportedException($"{algorithm} is not supported"), }; DecryptResult decrypted = await remoteClient.DecryptAsync(decryptParameters); Assert.IsNotNull(decrypted.Plaintext); CollectionAssert.AreEqual(plaintext, decrypted.Plaintext); }