public virtual void TestKeyMaterial() { byte[] key1 = new byte[] { 1, 2, 3, 4 }; KeyProvider.KeyVersion obj = new KeyProvider.KeyVersion("key1", "key1@1", key1); Assert.Equal("key1@1", obj.GetVersionName()); Assert.AssertArrayEquals(new byte[] { 1, 2, 3, 4 }, obj.GetMaterial()); }
public virtual void TestGenerateEncryptedKey() { // Generate a new EEK and check it KeyProviderCryptoExtension.EncryptedKeyVersion ek1 = kpExt.GenerateEncryptedKey(encryptionKey .GetName()); Assert.Equal("Version name of EEK should be EEK", KeyProviderCryptoExtension .Eek, ek1.GetEncryptedKeyVersion().GetVersionName()); Assert.Equal("Name of EEK should be encryption key name", EncryptionKeyName , ek1.GetEncryptionKeyName()); NUnit.Framework.Assert.IsNotNull("Expected encrypted key material", ek1.GetEncryptedKeyVersion ().GetMaterial()); Assert.Equal("Length of encryption key material and EEK material should " + "be the same", encryptionKey.GetMaterial().Length, ek1.GetEncryptedKeyVersion ().GetMaterial().Length); // Decrypt EEK into an EK and check it KeyProvider.KeyVersion k1 = kpExt.DecryptEncryptedKey(ek1); Assert.Equal(KeyProviderCryptoExtension.Ek, k1.GetVersionName( )); Assert.Equal(encryptionKey.GetMaterial().Length, k1.GetMaterial ().Length); if (Arrays.Equals(k1.GetMaterial(), encryptionKey.GetMaterial())) { NUnit.Framework.Assert.Fail("Encrypted key material should not equal encryption key material" ); } if (Arrays.Equals(ek1.GetEncryptedKeyVersion().GetMaterial(), encryptionKey.GetMaterial ())) { NUnit.Framework.Assert.Fail("Encrypted key material should not equal decrypted key material" ); } // Decrypt it again and it should be the same KeyProvider.KeyVersion k1a = kpExt.DecryptEncryptedKey(ek1); Assert.AssertArrayEquals(k1.GetMaterial(), k1a.GetMaterial()); // Generate another EEK and make sure it's different from the first KeyProviderCryptoExtension.EncryptedKeyVersion ek2 = kpExt.GenerateEncryptedKey(encryptionKey .GetName()); KeyProvider.KeyVersion k2 = kpExt.DecryptEncryptedKey(ek2); if (Arrays.Equals(k1.GetMaterial(), k2.GetMaterial())) { NUnit.Framework.Assert.Fail("Generated EEKs should have different material!"); } if (Arrays.Equals(ek1.GetEncryptedKeyIv(), ek2.GetEncryptedKeyIv())) { NUnit.Framework.Assert.Fail("Generated EEKs should have different IVs!"); } }
/// <exception cref="System.IO.IOException"/> /// <exception cref="GeneralSecurityException"/> public virtual KeyProviderCryptoExtension.EncryptedKeyVersion GenerateEncryptedKey (string encryptionKeyName) { // Fetch the encryption key KeyProvider.KeyVersion encryptionKey = keyProvider.GetCurrentKey(encryptionKeyName ); Preconditions.CheckNotNull(encryptionKey, "No KeyVersion exists for key '%s' ", encryptionKeyName ); // Generate random bytes for new key and IV CryptoCodec cc = CryptoCodec.GetInstance(keyProvider.GetConf()); byte[] newKey = new byte[encryptionKey.GetMaterial().Length]; cc.GenerateSecureRandom(newKey); byte[] iv = new byte[cc.GetCipherSuite().GetAlgorithmBlockSize()]; cc.GenerateSecureRandom(iv); // Encryption key IV is derived from new key's IV byte[] encryptionIV = KeyProviderCryptoExtension.EncryptedKeyVersion.DeriveIV(iv); Encryptor encryptor = cc.CreateEncryptor(); encryptor.Init(encryptionKey.GetMaterial(), encryptionIV); int keyLen = newKey.Length; ByteBuffer bbIn = ByteBuffer.AllocateDirect(keyLen); ByteBuffer bbOut = ByteBuffer.AllocateDirect(keyLen); bbIn.Put(newKey); bbIn.Flip(); encryptor.Encrypt(bbIn, bbOut); bbOut.Flip(); byte[] encryptedKey = new byte[keyLen]; bbOut.Get(encryptedKey); return(new KeyProviderCryptoExtension.EncryptedKeyVersion(encryptionKeyName, encryptionKey .GetVersionName(), iv, new KeyProvider.KeyVersion(encryptionKey.GetName(), Eek, encryptedKey))); }