Initial import of the CBDDC codebase with docs and tests. Add a .NET-focused gitignore to keep generated artifacts out of source control.

tests/ZB.MOM.WW.CBDDC.Network.Tests/CryptoHelperTests.cs

@@ -0,0 +1,50 @@
+using System.Security.Cryptography;
+using ZB.MOM.WW.CBDDC.Network.Security;
+using Xunit;
+
+namespace ZB.MOM.WW.CBDDC.Network.Tests;
+
+public class CryptoHelperTests
+{
+    /// <summary>
+    /// Verifies that encrypted data can be decrypted back to the original payload.
+    /// </summary>
+    [Fact]
+    public void EncryptDecrypt_ShouldPreserveData()
+    {
+        // Arrange
+        var key = new byte[32]; // 256 bits
+        RandomNumberGenerator.Fill(key);
+
+        var original = new byte[] { 1, 2, 3, 4, 5, 255, 0, 10 };
+
+        // Act
+        var (ciphertext, iv, tag) = CryptoHelper.Encrypt(original, key);
+        var decrypted = CryptoHelper.Decrypt(ciphertext, iv, tag, key);
+
+        // Assert
+        decrypted.ShouldBe(original);
+    }
+
+    /// <summary>
+    /// Verifies that decryption fails when ciphertext is tampered with.
+    /// </summary>
+    [Fact]
+    public void Decrypt_ShouldFail_IfTampered()
+    {
+        // Arrange
+        var key = new byte[32];
+        RandomNumberGenerator.Fill(key);
+        var original = new byte[] { 1, 2, 3 };
+        var (ciphertext, iv, tag) = CryptoHelper.Encrypt(original, key);
+
+        // Tamper ciphertext
+        ciphertext[0] ^= 0xFF;
+
+        // Act
+        Action act = () => CryptoHelper.Decrypt(ciphertext, iv, tag, key);
+
+        // Assert
+        Should.Throw<CryptographicException>(act);
+    }
+}