simplify tests and cbc

Author: DeagleGross

src/DataProtection/DataProtection/src/Cng/CbcAuthenticatedEncryptor.cs

@@ -308,7 +308,99 @@ public override int GetEncryptedSize(int plainTextLength, uint preBufferSize, ui
 
     public override bool TryEncrypt(ReadOnlySpan<byte> plainText, ReadOnlySpan<byte> additionalAuthenticatedData, Span<byte> destination, out int bytesWritten)
     {
-        throw new NotImplementedException();
+        bytesWritten = 0;
+
+        try
+        {
+            // This buffer will be used to hold the symmetric encryption and HMAC subkeys
+            // used in the generation of this payload.
+            var cbTempSubkeys = checked(_symmetricAlgorithmSubkeyLengthInBytes + _hmacAlgorithmSubkeyLengthInBytes);
+            byte* pbTempSubkeys = stackalloc byte[checked((int)cbTempSubkeys)];
+
+            try
+            {
+                // Randomly generate the key modifier and IV.
+                var cbKeyModifierAndIV = checked(KEY_MODIFIER_SIZE_IN_BYTES + _symmetricAlgorithmBlockSizeInBytes);
+                byte* pbKeyModifierAndIV = stackalloc byte[checked((int)cbKeyModifierAndIV)];
+                _genRandom.GenRandom(pbKeyModifierAndIV, cbKeyModifierAndIV);
+
+                // Calculate offsets
+                byte* pbKeyModifier = pbKeyModifierAndIV;
+                byte* pbIV = &pbKeyModifierAndIV[KEY_MODIFIER_SIZE_IN_BYTES];
+
+                // Use the KDF to generate a new symmetric encryption and HMAC subkey
+                fixed (byte* pbAdditionalAuthenticatedData = additionalAuthenticatedData)
+                {
+                    _sp800_108_ctr_hmac_provider.DeriveKeyWithContextHeader(
+                        pbLabel: pbAdditionalAuthenticatedData,
+                        cbLabel: (uint)additionalAuthenticatedData.Length,
+                        contextHeader: _contextHeader,
+                        pbContext: pbKeyModifier,
+                        cbContext: KEY_MODIFIER_SIZE_IN_BYTES,
+                        pbDerivedKey: pbTempSubkeys,
+                        cbDerivedKey: cbTempSubkeys);
+                }
+
+                // Calculate offsets
+                byte* pbSymmetricEncryptionSubkey = pbTempSubkeys;
+                byte* pbHmacSubkey = &pbTempSubkeys[_symmetricAlgorithmSubkeyLengthInBytes];
+
+                using (var symmetricKeyHandle = _symmetricAlgorithmHandle.GenerateSymmetricKey(pbSymmetricEncryptionSubkey, _symmetricAlgorithmSubkeyLengthInBytes))
+                {
+                    // Get the padded output size
+                    fixed (byte* pbPlainText = plainText)
+                    {
+                        var cbOutputCiphertext = GetCbcEncryptedOutputSizeWithPadding(symmetricKeyHandle, pbPlainText, (uint)plainText.Length);
+
+                        fixed (byte* pbDestination = destination)
+                        {
+                            // Calculate offsets in destination
+                            byte* pbOutputKeyModifier = pbDestination;
+                            byte* pbOutputIV = &pbOutputKeyModifier[KEY_MODIFIER_SIZE_IN_BYTES];
+                            byte* pbOutputCiphertext = &pbOutputIV[_symmetricAlgorithmBlockSizeInBytes];
+                            byte* pbOutputHmac = &pbOutputCiphertext[cbOutputCiphertext];
+
+                            // Copy key modifier and IV to destination
+                            UnsafeBufferUtil.BlockCopy(from: pbKeyModifierAndIV, to: pbOutputKeyModifier, byteCount: cbKeyModifierAndIV);
+                            bytesWritten += checked((int)cbKeyModifierAndIV);
+
+                            // Perform CBC encryption directly into destination
+                            DoCbcEncrypt(
+                                symmetricKeyHandle: symmetricKeyHandle,
+                                pbIV: pbIV,
+                                pbInput: pbPlainText,
+                                cbInput: (uint)plainText.Length,
+                                pbOutput: pbOutputCiphertext,
+                                cbOutput: cbOutputCiphertext);
+                            bytesWritten += checked((int)cbOutputCiphertext);
+
+                            // Compute the HMAC over the IV and the ciphertext
+                            using (var hashHandle = _hmacAlgorithmHandle.CreateHmac(pbHmacSubkey, _hmacAlgorithmSubkeyLengthInBytes))
+                            {
+                                hashHandle.HashData(
+                                    pbInput: pbOutputIV,
+                                    cbInput: checked(_symmetricAlgorithmBlockSizeInBytes + cbOutputCiphertext),
+                                    pbHashDigest: pbOutputHmac,
+                                    cbHashDigest: _hmacAlgorithmDigestLengthInBytes);
+                            }
+                            bytesWritten += checked((int)_hmacAlgorithmDigestLengthInBytes);
+
+                            return true;
+                        }
+                    }
+                }
+            }
+            finally
+            {
+                // Buffer contains sensitive material; delete it.
+                UnsafeBufferUtil.SecureZeroMemory(pbTempSubkeys, cbTempSubkeys);
+            }
+        }
+        catch (Exception ex) when (ex.RequiresHomogenization())
+        {
+            // Homogenize all exceptions to CryptographicException.
+            throw Error.CryptCommon_GenericError(ex);
+        }
     }
 #endif
 

src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Cng/CbcAuthenticatedEncryptorTests.cs

@@ -1,12 +1,14 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Buffers;
 using System.Security.Cryptography;
 using System.Text;
 using Microsoft.AspNetCore.Cryptography.Cng;
 using Microsoft.AspNetCore.Cryptography.SafeHandles;
 using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption;
 using Microsoft.AspNetCore.DataProtection.Test.Shared;
+using Microsoft.AspNetCore.DataProtection.Tests.Internal;
 using Microsoft.AspNetCore.InternalTesting;
 
 namespace Microsoft.AspNetCore.DataProtection.Cng;
@@ -134,13 +136,6 @@ public void Roundtrip_TryEncryptDecrypt_CorrectlyEstimatesDataLength(int symmetr
         ArraySegment<byte> plaintext = new ArraySegment<byte>(Encoding.UTF8.GetBytes("plaintext"));
         ArraySegment<byte> aad = new ArraySegment<byte>(Encoding.UTF8.GetBytes("aad"));
 
-        var expectedSize = encryptor.GetEncryptedSize(plaintext.Count);
-
-        byte[] ciphertext = encryptor.Encrypt(plaintext, aad);
-        Assert.Equal(expectedSize, ciphertext.Length);
-
-        byte[] decipheredtext = encryptor.Decrypt(new ArraySegment<byte>(ciphertext), aad);
-
-        Assert.Equal(plaintext.AsSpan(), decipheredtext.AsSpan());
+        RoundtripEncryptionHelpers.AssertTryEncryptTryDecryptParity(encryptor, plaintext, aad);
     }
 }

src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Internal/RoundtripEncryptionHelpers.cs

@@ -0,0 +1,56 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.Buffers;
+using System.Collections.Generic;
+using System.Text;
+using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption;
+
+namespace Microsoft.AspNetCore.DataProtection.Tests.Internal;
+
+internal static class RoundtripEncryptionHelpers
+{
+    /// <summary>
+    /// <see cref="IAuthenticatedEncryptor.TryEncrypt"/> and <see cref="IAuthenticatedEncryptor.TryDecrypt"/> APIs should do the same steps
+    /// as <see cref="IAuthenticatedEncryptor.Encrypt"/> and <see cref="IAuthenticatedEncryptor.Decrypt"/> APIs.
+    /// <br/>
+    /// Method ensures that the two APIs are equivalent in terms of their behavior by performing a roundtrip encrypt-decrypt test.
+    /// </summary>
+    public static void AssertTryEncryptTryDecryptParity(IAuthenticatedEncryptor encryptor, ReadOnlySpan<byte> plaintext, ReadOnlySpan<byte> aad)
+        => AssertTryEncryptTryDecryptParity(encryptor, plaintext, aad);
+
+    /// <summary>
+    /// <see cref="IAuthenticatedEncryptor.TryEncrypt"/> and <see cref="IAuthenticatedEncryptor.TryDecrypt"/> APIs should do the same steps
+    /// as <see cref="IAuthenticatedEncryptor.Encrypt"/> and <see cref="IAuthenticatedEncryptor.Decrypt"/> APIs.
+    /// <br/>
+    /// Method ensures that the two APIs are equivalent in terms of their behavior by performing a roundtrip encrypt-decrypt test.
+    /// </summary>
+    public static void AssertTryEncryptTryDecryptParity(IAuthenticatedEncryptor encryptor, ArraySegment<byte> plaintext, ArraySegment<byte> aad)
+    {
+        // assert "allocatey" Encrypt/Decrypt APIs roundtrip correctly
+        byte[] ciphertext = encryptor.Encrypt(plaintext, aad);
+        byte[] decipheredtext = encryptor.Decrypt(new ArraySegment<byte>(ciphertext), aad);
+        Assert.Equal(plaintext.AsSpan(), decipheredtext.AsSpan());
+
+        // assert calculated size is correct
+        var expectedSize = encryptor.GetEncryptedSize(plaintext.Count);
+        Assert.Equal(expectedSize, ciphertext.Length);
+
+        // perform TryEncrypt and Decrypt roundtrip - ensures cross operation compatibility
+        var cipherTextPooled = ArrayPool<byte>.Shared.Rent(expectedSize);
+        try
+        {
+            var tryEncryptResult = encryptor.TryEncrypt(plaintext, aad, cipherTextPooled, out var bytesWritten);
+            Assert.Equal(expectedSize, bytesWritten);
+            Assert.True(tryEncryptResult);
+
+            var decipheredTryEncrypt = encryptor.Decrypt(new ArraySegment<byte>(cipherTextPooled, 0, expectedSize), aad);
+            Assert.Equal(plaintext.AsSpan(), decipheredTryEncrypt.AsSpan());
+        }
+        finally
+        {
+            ArrayPool<byte>.Shared.Return(cipherTextPooled);
+        }
+    }
+}

src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Managed/ManagedAuthenticatedEncryptorTests.cs

@@ -5,6 +5,7 @@
 using System.Security.Cryptography;
 using System.Text;
 using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption;
+using Microsoft.AspNetCore.DataProtection.Tests.Internal;
 
 namespace Microsoft.AspNetCore.DataProtection.Managed;
 
@@ -132,23 +133,6 @@ public void Roundtrip_TryEncryptDecrypt_CorrectlyEstimatesDataLength(int symmetr
         ArraySegment<byte> plaintext = new ArraySegment<byte>(Encoding.UTF8.GetBytes("plaintext"));
         ArraySegment<byte> aad = new ArraySegment<byte>(Encoding.UTF8.GetBytes("aad"));
 
-        var expectedSize = encryptor.GetEncryptedSize(plaintext.Count);
-        var cipherTextPooled = ArrayPool<byte>.Shared.Rent(expectedSize);
-        var tryEncryptResult = encryptor.TryEncrypt(plaintext, aad, cipherTextPooled, out var bytesWritten);
-        Assert.Equal(expectedSize, bytesWritten);
-        Assert.True(tryEncryptResult);
-
-        byte[] ciphertext = encryptor.Encrypt(plaintext, aad);
-
-        // validate length of the cipherText is the same as pre-calculated size
-        // and TryEncrypt produces the same result as Encrypt API
-        Assert.Equal(expectedSize, ciphertext.Length);
-
-        byte[] decipheredtext = encryptor.Decrypt(new ArraySegment<byte>(ciphertext), aad);
-        var decipheredTextFromTryEncrypt = encryptor.Decrypt(new ArraySegment<byte>(cipherTextPooled, 0, expectedSize), aad);
-        Assert.Equal(plaintext.AsSpan(), decipheredtext.AsSpan());
-        Assert.Equal(plaintext.AsSpan(), decipheredTextFromTryEncrypt.AsSpan());
-
-        ArrayPool<byte>.Shared.Return(cipherTextPooled);
+        RoundtripEncryptionHelpers.AssertTryEncryptTryDecryptParity(encryptor, plaintext, aad);
     }
 }