public void ComputeMacWhenKeyLengthIsLessThan32Fails()
{
// Arrange, Act & Assert
Action act = () => Poly1305.ComputeMac(new byte[Poly1305.MAC_KEY_SIZE_IN_BYTES - 1], new byte[0]);
act.Should().Throw <CryptographicException>();
}
public void Poly1305TestVector4()
{
// Tests against the test vector 4 in Appendix A.3 of RFC 7539.
// https://tools.ietf.org/html/rfc7539#appendix-A.3
// Arrange
var key = CryptoBytes.FromHexString("1c9240a5eb55d38af333888604f6b5f0"
+ "473917c1402b80099dca5cbc207075c0");
var dat = CryptoBytes.FromHexString("2754776173206272696c6c69672c2061"
+ "6e642074686520736c6974687920746f"
+ "7665730a446964206779726520616e64"
+ "2067696d626c6520696e207468652077"
+ "6162653a0a416c6c206d696d73792077"
+ "6572652074686520626f726f676f7665"
+ "732c0a416e6420746865206d6f6d6520"
+ "7261746873206f757467726162652e");
// Act
var mac = new byte[Poly1305.MAC_TAG_SIZE_IN_BYTES];
Poly1305.ComputeMac(key, dat, mac);
// Assert
mac.Should().Equal(CryptoBytes.FromHexString("4541669a7eaaee61e708dc7cbcc5eb62"));
}
/// <summary>
/// Encrypts the <paramref name="plaintext"> into the <paramref name="ciphertext"> destination buffer and computes an authentication tag into a separate buffer with <see cref="Poly1305"/> authentication based on an <paramref name="associatedData"> and a <paramref name="nonce">.
/// </summary>
/// <param name="nonce">The nonce associated with this message, which should be a unique value for every operation with the same key.</param>
/// <param name="plaintext">The content to encrypt.</param>
/// <param name="ciphertext">The byte span to receive the encrypted contents.</param>
/// <param name="tag">The byte span to receive the generated authentication tag.</param>
/// <param name="associatedData">Extra data associated with this message, which must also be provided during decryption.</param>
/// <exception cref="CryptographicException">plaintext or nonce</exception>
public void Encrypt(ReadOnlySpan <byte> nonce, ReadOnlySpan <byte> plaintext, Span <byte> ciphertext, Span <byte> tag, ReadOnlySpan <byte> associatedData = default)
{
//if (plaintext.Length > int.MaxValue - _snuffle.NonceSizeInBytes() - Poly1305.MAC_TAG_SIZE_IN_BYTES)
// throw new ArgumentException($"The {nameof(plaintext)} is too long.");
_snuffle.Encrypt(plaintext, nonce, ciphertext);
Poly1305.ComputeMac(GetMacKey(nonce), GetMacDataRfc8439(associatedData, ciphertext), tag);
}
public virtual byte[] Encrypt(ReadOnlySpan <byte> nonce, ReadOnlySpan <byte> plaintext, ReadOnlySpan <byte> associatedData = default)
{
//if (plaintext.Length > int.MaxValue - _snuffle.NonceSizeInBytes() - Poly1305.MAC_TAG_SIZE_IN_BYTES)
// throw new ArgumentException($"The {nameof(plaintext)} is too long.");
var ciphertext = _snuffle.Encrypt(plaintext, nonce);
var tag = Poly1305.ComputeMac(GetMacKey(nonce), GetMacDataRfc8439(associatedData, ciphertext));
return(CryptoBytes.Combine(ciphertext, tag));
}
/// <summary>
/// Encrypts the <paramref name="plaintext"/> into the <paramref name="ciphertext"/> destination buffer and computes an authentication tag into a separate buffer with <see cref="Poly1305"/> authentication based on an <paramref name="associatedData"/> and a <paramref name="nonce"/>.
/// </summary>
/// <param name="nonce">The nonce associated with this message, which should be a unique value for every operation with the same key.</param>
/// <param name="plaintext">The content to encrypt.</param>
/// <param name="ciphertext">The byte span to receive the encrypted contents.</param>
/// <param name="tag">The byte span to receive the generated authentication tag.</param>
/// <param name="associatedData">Extra data associated with this message, which must also be provided during decryption.</param>
/// <exception cref="CryptographicException">plaintext or nonce</exception>
public void Encrypt(ReadOnlySpan <byte> nonce, ReadOnlySpan <byte> plaintext, Span <byte> ciphertext, Span <byte> tag, ReadOnlySpan <byte> associatedData = default)
{
//if (plaintext.Length > int.MaxValue - _snuffle.NonceSizeInBytes() - Poly1305.MAC_TAG_SIZE_IN_BYTES)
// throw new ArgumentException($"The {nameof(plaintext)} is too long.");
_snuffle.Encrypt(plaintext, nonce, ciphertext);
var aadPaddedLen = GetPaddedLength(associatedData, Poly1305.MAC_TAG_SIZE_IN_BYTES);
var ciphertextPaddedLen = GetPaddedLength(ciphertext, Poly1305.MAC_TAG_SIZE_IN_BYTES);
var macData = new Span <byte>(new byte[aadPaddedLen + ciphertextPaddedLen + Poly1305.MAC_TAG_SIZE_IN_BYTES]);
PrepareMacDataRfc8439(macData, associatedData, aadPaddedLen, ciphertext, ciphertextPaddedLen);
Poly1305.ComputeMac(GetMacKey(nonce), macData, tag);
}
public void ComputeMacTest()
{
// Tests against the test vectors in Section 2.5.2 of RFC 7539.
// https://tools.ietf.org/html/rfc7539#section-2.5.2
// Arrange
var key = CryptoBytes.FromHexString("85d6be7857556d337f4452fe42d506a8"
+ "0103808afb0db2fd4abff6af4149f51b");
var dat = Encoding.UTF8.GetBytes("Cryptographic Forum Research Group");
// Act
var mac = Poly1305.ComputeMac(key, dat);
// Assert
Assert.AreEqual(CryptoBytes.FromHexString("a8061dc1305136c6c22b8baf0c0127a9"), mac);
}
public void Poly1305TestVector9()
{
// Tests against the test vector 9 in Appendix A.3 of RFC 7539.
// https://tools.ietf.org/html/rfc7539#appendix-A.3
// Arrange
var key = CryptoBytes.FromHexString("02000000000000000000000000000000"
+ "00000000000000000000000000000000");
var dat = CryptoBytes.FromHexString("fdffffffffffffffffffffffffffffff");
// Act
var mac = Poly1305.ComputeMac(key, dat);
// Assert
Assert.AreEqual(CryptoBytes.FromHexString("faffffffffffffffffffffffffffffff"), mac);
}
public void Poly1305TestVector3()
{
// Tests against the test vector 3 in Appendix A.3 of RFC 7539.
// https://tools.ietf.org/html/rfc7539#appendix-A.3
// Arrange
var key = CryptoBytes.FromHexString("36e5f6b5c5e06070f0efca96227a863e"
+ "00000000000000000000000000000000");
var dat = Encoding.UTF8.GetBytes("Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made within the context of an IETF activity is considered an \"IETF Contribution\". Such statements include oral statements in IETF sessions, as well as written and electronic communications made at any time or place, which are addressed to");
// Act
var mac = Poly1305.ComputeMac(key, dat);
// Assert
Assert.AreEqual(CryptoBytes.FromHexString("f3477e7cd95417af89a6b8794c310cf0"), mac);
}
public void Poly1305TestVector11()
{
// Tests against the test vector 11 in Appendix A.3 of RFC 7539.
// https://tools.ietf.org/html/rfc7539#appendix-A.3
// Arrange
var key = CryptoBytes.FromHexString("01000000000000000400000000000000"
+ "00000000000000000000000000000000");
var dat = CryptoBytes.FromHexString("e33594d7505e43b90000000000000000"
+ "3394d7505e4379cd0100000000000000"
+ "00000000000000000000000000000000");
// Act
var mac = Poly1305.ComputeMac(key, dat);
// Assert
Assert.AreEqual(CryptoBytes.FromHexString("13000000000000000000000000000000"), mac);
}
public void Poly1305TestVector9()
{
// Tests against the test vector 9 in Appendix A.3 of RFC 7539.
// https://tools.ietf.org/html/rfc7539#appendix-A.3
// Arrange
var key = CryptoBytes.FromHexString("02000000000000000000000000000000"
+ "00000000000000000000000000000000");
var dat = CryptoBytes.FromHexString("fdffffffffffffffffffffffffffffff");
// Act
var mac = new byte[Poly1305.MAC_TAG_SIZE_IN_BYTES];
Poly1305.ComputeMac(key, dat, mac);
// Assert
mac.Should().Equal(CryptoBytes.FromHexString("faffffffffffffffffffffffffffffff"));
}
public void RandomMacTest()
{
var rnd = new Random();
for (var i = 0; i < 1000; i++)
{
// Arrange
var data = new byte[rnd.Next(300)];
rnd.NextBytes(data);
var key = new byte[Poly1305.MAC_KEY_SIZE_IN_BYTES];
rnd.NextBytes(key);
// Act
var mac = Poly1305.ComputeMac(key, data);
// Assert
Assert.DoesNotThrow(() => Poly1305.VerifyMac(key, data, mac));
}
}
public virtual byte[] Encrypt(ReadOnlySpan <byte> nonce, ReadOnlySpan <byte> plaintext, ReadOnlySpan <byte> associatedData = default)
{
//if (plaintext.Length > int.MaxValue - _snuffle.NonceSizeInBytes() - Poly1305.MAC_TAG_SIZE_IN_BYTES)
// throw new ArgumentException($"The {nameof(plaintext)} is too long.");
var ciphertext = _snuffle.Encrypt(plaintext, nonce);
using (var macKey = GetMacKey(nonce))
using (var macData = GetMacDataRfc8439(associatedData, ciphertext))
{
var tag = Poly1305.ComputeMac(macKey.Span, macData.Span);
macKey.Span.Clear();
macData.Span.Clear();
// Array.Resize(ref ciphertext, ciphertext.Length + Poly1305.MAC_TAG_SIZE_IN_BYTES);
// Array.Copy(tag, 0, ciphertext, ciphertext.Length - Poly1305.MAC_TAG_SIZE_IN_BYTES, tag.Length);
// return ciphertext;
// return ciphertext.Concat(tag).ToArray(); // could be inefficient
return(CryptoBytes.Combine(ciphertext, tag));
}
}
public void RandomMacOldMethodSignatureTest()
{
var rnd = new Random();
for (var i = 0; i < 1000; i++)
{
// Arrange
var key = new byte[Poly1305.MAC_KEY_SIZE_IN_BYTES];
RandomNumberGenerator.Fill(key);
var data = new byte[rnd.Next(300)];
rnd.NextBytes(data);
// Act
var mac = Poly1305.ComputeMac(key, data);
// Assert
Action act = () => Poly1305.VerifyMac(key, data, mac);
act.Should().NotThrow();
}
}
public void ComputeMacWhenKeyLengthIsGreaterThan32Fails()
{
// Arrange, Act & Assert
Assert.Throws <CryptographicException>(() => Poly1305.ComputeMac(new byte[Poly1305.MAC_KEY_SIZE_IN_BYTES + 1], new byte[0]));
}
public void Compute()
{
var mac = new byte[Poly1305.MAC_TAG_SIZE_IN_BYTES];
Poly1305.ComputeMac(key.Span, data.Span, mac);
}
public byte[] Compute() => Poly1305.ComputeMac(key, data);