EncryptedConfigValue.Net/EncryptedConfigValue.Test/AlgorithmTest.cs at 469cfc2cfa6dd42f0640093a7ca9c5a9ff559414 · Hau-Hau/EncryptedConfigValue.Net · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
using EncryptedConfigValue.Crypto.Algorithm;
using Shouldly;
using System.Collections.Generic;
using Xunit;

namespace EncryptedConfigValueTest
{
    public class AlgorithmTest
    {
        private const string plaintext = "Some top secret plaintext for testing things";

        [Theory]
        [MemberData(nameof(Data))]
        internal void WeGenerateRandomKeys(Algorithm algorithm)
        {
            var keyPair1 = algorithm.NewKeyPair();
            var keyPair2 = algorithm.NewKeyPair();
            keyPair1.ShouldNotBe(keyPair2);
            keyPair1.ShouldNotBeSameAs(keyPair2);
        }

        [Theory]
        [MemberData(nameof(Data))]
        internal void WeCanEncryptAndDecrypt(Algorithm algorithm)
        {
            var keyPair = algorithm.NewKeyPair();
            var encryptedValue = algorithm.NewEncrypter().Encrypt(keyPair.EncryptionKey, plaintext);
            var decryptionKey = keyPair.DecryptionKey;
            var decrypted = encryptedValue.Decrypt(decryptionKey);
            decrypted.ShouldBe(plaintext);
        }

        [Theory]
        [MemberData(nameof(Data))]
        internal void TheSameStringEncryptsToDifferentCiphertexts(Algorithm algorithm)
        {
            var keyPair = algorithm.NewKeyPair();
            var encrypted1 = algorithm.NewEncrypter().Encrypt(keyPair.EncryptionKey, plaintext);
            var encrypted2 = algorithm.NewEncrypter().Encrypt(keyPair.EncryptionKey, plaintext);

            // we don't want to leak that certain values are the same
            encrypted1.ShouldNotBe(encrypted2);
            encrypted1.ShouldNotBeSameAs(encrypted2);
            // paranoia, let's say the equals method is badly behaved
            encrypted1.GetHashCode().ShouldNotBe(encrypted2.GetHashCode());

            // we should naturally decrypt back to the same thing - the plaintext
            var decryptionKey = keyPair.DecryptionKey;
            var decryptedString1 = encrypted1.Decrypt(decryptionKey);
            var decryptedString2 = encrypted2.Decrypt(decryptionKey);

            decryptedString1.ShouldBe(plaintext);
            decryptedString2.ShouldBe(plaintext);
        }

        public static IEnumerable<object[]> Data() => new[]
        {
            new object[] { Algorithm.AES },
            new object[] { Algorithm.RSA },
        };
    }
}