public void RequiresPlaintext() { ArgumentNullException ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.Rsa15Parameters(null)); Assert.AreEqual("plaintext", ex.ParamName); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.RsaOaepParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.RsaOaep256Parameters(null)); Assert.AreEqual("plaintext", ex.ParamName); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128GcmParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A128GcmParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A192GcmParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A192GcmParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A256GcmParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A256GcmParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128CbcParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A128CbcParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128CbcParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A192CbcParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128CbcParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A256CbcParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128CbcPadParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A128CbcPadParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128CbcPadParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A192CbcPadParameters(Array.Empty <byte>(), null)); ex = Assert.Throws <ArgumentNullException>(() => EncryptParameters.A128CbcPadParameters(null)); Assert.AreEqual("plaintext", ex.ParamName); Assert.DoesNotThrow(() => EncryptParameters.A256CbcPadParameters(Array.Empty <byte>(), null)); }
public void OctEncryptDecryptSync() { TestEnvironment.AssertManagedHsm(); string managedHsmUrl = TestEnvironment.ManagedHsmUrl; #region Snippet:OctKeysSample4CreateKey var managedHsmClient = new KeyClient(new Uri(managedHsmUrl), new DefaultAzureCredential()); var octKeyOptions = new CreateOctKeyOptions($"CloudOctKey-{Guid.NewGuid()}") { KeySize = 256, }; KeyVaultKey cloudOctKey = managedHsmClient.CreateOctKey(octKeyOptions); #endregion #region Snippet:OctKeySample4Encrypt var cryptoClient = new CryptographyClient(cloudOctKey.Id, new DefaultAzureCredential()); byte[] plaintext = Encoding.UTF8.GetBytes("A single block of plaintext"); byte[] aad = Encoding.UTF8.GetBytes("additional authenticated data"); EncryptParameters encryptParams = EncryptParameters.A256GcmParameters(plaintext, aad); EncryptResult encryptResult = cryptoClient.Encrypt(encryptParams); #endregion #region Snippet:OctKeySample4Decrypt DecryptParameters decryptParams = DecryptParameters.A256GcmParameters( encryptResult.Ciphertext, encryptResult.Iv, encryptResult.AuthenticationTag, encryptResult.AdditionalAuthenticatedData); DecryptResult decryptResult = cryptoClient.Decrypt(decryptParams); #endregion Assert.AreEqual(plaintext, decryptResult.Plaintext); // Delete and purge the key. DeleteKeyOperation operation = managedHsmClient.StartDeleteKey(octKeyOptions.Name); // You only need to wait for completion if you want to purge or recover the key. while (!operation.HasCompleted) { Thread.Sleep(2000); operation.UpdateStatus(); } managedHsmClient.PurgeDeletedKey(operation.Value.Name); }
public async Task OctEncryptDecryptAsync() { TestEnvironment.AssertManagedHsm(); string managedHsmUrl = TestEnvironment.ManagedHsmUrl; var managedHsmClient = new KeyClient(new Uri(managedHsmUrl), new DefaultAzureCredential()); var octKeyOptions = new CreateOctKeyOptions($"CloudOctKey-{Guid.NewGuid()}") { KeySize = 256, }; KeyVaultKey cloudOctKey = await managedHsmClient.CreateOctKeyAsync(octKeyOptions); var cryptoClient = new CryptographyClient(cloudOctKey.Id, new DefaultAzureCredential()); byte[] plaintext = Encoding.UTF8.GetBytes("A single block of plaintext"); byte[] aad = Encoding.UTF8.GetBytes("additional authenticated data"); EncryptParameters encryptParams = EncryptParameters.A256GcmParameters(plaintext, aad); EncryptResult encryptResult = await cryptoClient.EncryptAsync(encryptParams); DecryptParameters decryptParams = DecryptParameters.A256GcmParameters( encryptResult.Ciphertext, encryptResult.Iv, encryptResult.AuthenticationTag, encryptResult.AdditionalAuthenticatedData); DecryptResult decryptResult = await cryptoClient.DecryptAsync(decryptParams); Assert.AreEqual(plaintext, decryptResult.Plaintext); // Delete and purge the key. DeleteKeyOperation operation = await managedHsmClient.StartDeleteKeyAsync(octKeyOptions.Name); // You only need to wait for completion if you want to purge or recover the key. await operation.WaitForCompletionAsync(); managedHsmClient.PurgeDeletedKey(operation.Value.Name); }
public async Task AesGcmEncryptDecrypt([EnumValues( nameof(EncryptionAlgorithm.A128Gcm), nameof(EncryptionAlgorithm.A192Gcm), nameof(EncryptionAlgorithm.A256Gcm) )] EncryptionAlgorithm algorithm) { int keySizeInBytes = algorithm.ToString() switch { EncryptionAlgorithm.A128GcmValue => 128 >> 3, EncryptionAlgorithm.A192GcmValue => 192 >> 3, EncryptionAlgorithm.A256GcmValue => 256 >> 3, _ => throw new NotSupportedException($"{algorithm} is not supported"), }; JsonWebKey jwk = KeyUtilities.CreateAesKey(keySizeInBytes, s_aesKeyOps); string keyName = Recording.GenerateId(); KeyVaultKey key = await Client.ImportKeyAsync( new ImportKeyOptions(keyName, jwk)); RegisterForCleanup(key.Name); CryptographyClient remoteClient = GetCryptoClient(key.Id, forceRemote: true); byte[] plaintext = new byte[32]; Recording.Random.NextBytes(plaintext); byte[] iv = new byte[16]; if (algorithm.GetAesCbcEncryptionAlgorithm() is AesCbc) { Recording.Random.NextBytes(iv); } EncryptParameters encryptParams = algorithm.ToString() switch { // TODO: Re-record with random additionalAuthenticatedData once the "aad" issue is fixed with Managed HSM. EncryptionAlgorithm.A128GcmValue => EncryptParameters.A128GcmParameters(plaintext), EncryptionAlgorithm.A192GcmValue => EncryptParameters.A192GcmParameters(plaintext), EncryptionAlgorithm.A256GcmValue => EncryptParameters.A256GcmParameters(plaintext), _ => throw new NotSupportedException($"{algorithm} is not supported"), }; EncryptResult encrypted = await remoteClient.EncryptAsync(encryptParams); Assert.IsNotNull(encrypted.Ciphertext); DecryptParameters decryptParameters = algorithm.ToString() switch { // TODO: Re-record with random additionalAuthenticatedData once the "aad" issue is fixed with Managed HSM. EncryptionAlgorithm.A128GcmValue => DecryptParameters.A128GcmParameters(encrypted.Ciphertext, encrypted.Iv, encrypted.AuthenticationTag), EncryptionAlgorithm.A192GcmValue => DecryptParameters.A192GcmParameters(encrypted.Ciphertext, encrypted.Iv, encrypted.AuthenticationTag), EncryptionAlgorithm.A256GcmValue => DecryptParameters.A256GcmParameters(encrypted.Ciphertext, encrypted.Iv, encrypted.AuthenticationTag), _ => throw new NotSupportedException($"{algorithm} is not supported"), }; DecryptResult decrypted = await remoteClient.DecryptAsync(decryptParameters); Assert.IsNotNull(decrypted.Plaintext); CollectionAssert.AreEqual(plaintext, decrypted.Plaintext); }