internal static void TestTampering(ITest test, IAeadCipher cipher, ICipherParameters parameters)
        {
            byte[] plaintext = new byte[1000];
            for (int i = 0; i < plaintext.Length; i++)
            {
                plaintext[i] = (byte)i;
            }
            cipher.Init(true, parameters);

            byte[] ciphertext = new byte[cipher.GetOutputSize(plaintext.Length)];
            int    len        = cipher.ProcessBytes(plaintext, 0, plaintext.Length, ciphertext, 0);

            cipher.DoFinal(ciphertext, len);

            int macLength = cipher.GetMac().Length;

            // Test tampering with a single byte
            cipher.Init(false, parameters);
            byte[] tampered = new byte[ciphertext.Length];
            byte[] output   = new byte[plaintext.Length];
            Array.Copy(ciphertext, 0, tampered, 0, tampered.Length);
            tampered[0] += 1;

            cipher.ProcessBytes(tampered, 0, tampered.Length, output, 0);
            try
            {
                cipher.DoFinal(output, 0);
                throw new TestFailedException(
                          new SimpleTestResult(false, test + " : tampering of ciphertext not detected."));
            }
            catch (InvalidCipherTextException e)
            {
                // Expected
            }

            // Test truncation of ciphertext to < tag length
            cipher.Init(false, parameters);
            byte[] truncated = new byte[macLength - 1];
            Array.Copy(ciphertext, 0, truncated, 0, truncated.Length);

            cipher.ProcessBytes(truncated, 0, truncated.Length, output, 0);
            try
            {
                cipher.DoFinal(output, 0);
                Fail(test, "tampering of ciphertext not detected.");
            }
            catch (InvalidCipherTextException e)
            {
                // Expected
            }
        }
示例#2
0
        private int CipherUpdate(ReadOnlySpan <byte> i, Span <byte> o)
        {
            byte[] t = new byte[o.Length];
            byte[] n = new byte[nonce.Length];
            nonce.CopyTo(n, 0);
            aead.Init(enc, new AeadParameters(new KeyParameter(sessionKey), tagLen * 8, n));

            int r = aead.ProcessBytes(i.ToArray(), 0, i.Length, t, 0);

            r += aead.DoFinal(t, r);
            t.CopyTo(o);
            return(r);
        }
 /**
  * Process the last block in the buffer.
  *
  * @param out the array the block currently being held is copied into.
  * @param outOff the offset at which the copying starts.
  * @return the number of output bytes copied to out.
  * @exception DataLengthException if there is insufficient space in out for
  * the output, or the input is not block size aligned and should be.
  * @exception InvalidOperationException if the underlying cipher is not
  * initialised.
  * @exception InvalidCipherTextException if padding is expected and not found.
  * @exception DataLengthException if the input is not block size
  * aligned.
  */
 public override int DoFinal(
     byte[] output,
     int outOff)
 {
     return(cipher.DoFinal(output, outOff));
 }