public void Encrypt_Decrypt_Tampering_Fails() { // Arrange Secret kdk = new Secret(new byte[512 / 8]); CbcAuthenticatedEncryptor encryptor = new CbcAuthenticatedEncryptor(kdk, symmetricAlgorithmHandle: CachedAlgorithmHandles.AES_CBC, symmetricAlgorithmKeySizeInBytes: 256 / 8, hmacAlgorithmHandle: CachedAlgorithmHandles.HMAC_SHA256); ArraySegment <byte> plaintext = new ArraySegment <byte>(Encoding.UTF8.GetBytes("plaintext")); ArraySegment <byte> aad = new ArraySegment <byte>(Encoding.UTF8.GetBytes("aad")); byte[] validCiphertext = encryptor.Encrypt(plaintext, aad); // Act & assert - 1 // Ciphertext is too short to be a valid payload byte[] invalidCiphertext_tooShort = new byte[10]; Assert.Throws <CryptographicException>(() => { encryptor.Decrypt(new ArraySegment <byte>(invalidCiphertext_tooShort), aad); }); // Act & assert - 2 // Ciphertext has been manipulated byte[] invalidCiphertext_manipulated = (byte[])validCiphertext.Clone(); invalidCiphertext_manipulated[0] ^= 0x01; Assert.Throws <CryptographicException>(() => { encryptor.Decrypt(new ArraySegment <byte>(invalidCiphertext_manipulated), aad); }); // Act & assert - 3 // Ciphertext is too long byte[] invalidCiphertext_tooLong = validCiphertext.Concat(new byte[] { 0 }).ToArray(); Assert.Throws <CryptographicException>(() => { encryptor.Decrypt(new ArraySegment <byte>(invalidCiphertext_tooLong), aad); }); // Act & assert - 4 // AAD is incorrect Assert.Throws <CryptographicException>(() => { encryptor.Decrypt(new ArraySegment <byte>(validCiphertext), new ArraySegment <byte>(Encoding.UTF8.GetBytes("different aad"))); }); }
public void Encrypt_Decrypt_Tampering_Fails() { // Arrange Secret kdk = new Secret(new byte[512 / 8]); CbcAuthenticatedEncryptor encryptor = new CbcAuthenticatedEncryptor(kdk, symmetricAlgorithmHandle: CachedAlgorithmHandles.AES_CBC, symmetricAlgorithmKeySizeInBytes: 256 / 8, hmacAlgorithmHandle: CachedAlgorithmHandles.HMAC_SHA256); ArraySegment<byte> plaintext = new ArraySegment<byte>(Encoding.UTF8.GetBytes("plaintext")); ArraySegment<byte> aad = new ArraySegment<byte>(Encoding.UTF8.GetBytes("aad")); byte[] validCiphertext = encryptor.Encrypt(plaintext, aad); // Act & assert - 1 // Ciphertext is too short to be a valid payload byte[] invalidCiphertext_tooShort = new byte[10]; Assert.Throws<CryptographicException>(() => { encryptor.Decrypt(new ArraySegment<byte>(invalidCiphertext_tooShort), aad); }); // Act & assert - 2 // Ciphertext has been manipulated byte[] invalidCiphertext_manipulated = (byte[])validCiphertext.Clone(); invalidCiphertext_manipulated[0] ^= 0x01; Assert.Throws<CryptographicException>(() => { encryptor.Decrypt(new ArraySegment<byte>(invalidCiphertext_manipulated), aad); }); // Act & assert - 3 // Ciphertext is too long byte[] invalidCiphertext_tooLong = validCiphertext.Concat(new byte[] { 0 }).ToArray(); Assert.Throws<CryptographicException>(() => { encryptor.Decrypt(new ArraySegment<byte>(invalidCiphertext_tooLong), aad); }); // Act & assert - 4 // AAD is incorrect Assert.Throws<CryptographicException>(() => { encryptor.Decrypt(new ArraySegment<byte>(validCiphertext), new ArraySegment<byte>(Encoding.UTF8.GetBytes("different aad"))); }); }
public void Encrypt_Decrypt_RoundTrips() { // Arrange Secret kdk = new Secret(new byte[512 / 8]); CbcAuthenticatedEncryptor encryptor = new CbcAuthenticatedEncryptor(kdk, symmetricAlgorithmHandle: CachedAlgorithmHandles.AES_CBC, symmetricAlgorithmKeySizeInBytes: 256 / 8, hmacAlgorithmHandle: CachedAlgorithmHandles.HMAC_SHA256); ArraySegment <byte> plaintext = new ArraySegment <byte>(Encoding.UTF8.GetBytes("plaintext")); ArraySegment <byte> aad = new ArraySegment <byte>(Encoding.UTF8.GetBytes("aad")); // Act byte[] ciphertext = encryptor.Encrypt(plaintext, aad); byte[] decipheredtext = encryptor.Decrypt(new ArraySegment <byte>(ciphertext), aad); // Assert Assert.Equal(plaintext, decipheredtext); }
public void Encrypt_Decrypt_RoundTrips() { // Arrange Secret kdk = new Secret(new byte[512 / 8]); CbcAuthenticatedEncryptor encryptor = new CbcAuthenticatedEncryptor(kdk, symmetricAlgorithmHandle: CachedAlgorithmHandles.AES_CBC, symmetricAlgorithmKeySizeInBytes: 256 / 8, hmacAlgorithmHandle: CachedAlgorithmHandles.HMAC_SHA256); ArraySegment<byte> plaintext = new ArraySegment<byte>(Encoding.UTF8.GetBytes("plaintext")); ArraySegment<byte> aad = new ArraySegment<byte>(Encoding.UTF8.GetBytes("aad")); // Act byte[] ciphertext = encryptor.Encrypt(plaintext, aad); byte[] decipheredtext = encryptor.Decrypt(new ArraySegment<byte>(ciphertext), aad); // Assert Assert.Equal(plaintext, decipheredtext); }