using System.Security.Cryptography; using System.Text; using ScadaLink.Commons.Types.Transport; using ScadaLink.Transport.Encryption; namespace ScadaLink.Transport.Tests.Encryption; public sealed class BundleSecretEncryptorTests { // Commons-015 sets the documented PBKDF2 floor to 100_000 (OWASP minimum); // the production value is 600_000. Using the floor keeps the test fast while // remaining a valid EncryptionMetadata.Iterations. private const int TestIterations = EncryptionMetadata.MinPbkdf2Iterations; [Fact] public void Encrypt_then_Decrypt_roundtrips_arbitrary_bytes() { var sut = new BundleSecretEncryptor(); var plaintext = Encoding.UTF8.GetBytes("the quick brown fox jumps over the lazy dog"); var (ciphertext, metadata) = sut.Encrypt(plaintext, "correct-horse-battery-staple", TestIterations); var recovered = sut.Decrypt(ciphertext, metadata, "correct-horse-battery-staple"); Assert.Equal(plaintext, recovered); } [Fact] public void Decrypt_with_wrong_passphrase_throws_CryptographicException() { var sut = new BundleSecretEncryptor(); var plaintext = Encoding.UTF8.GetBytes("secret payload"); var (ciphertext, metadata) = sut.Encrypt(plaintext, "right-pass", TestIterations); Assert.ThrowsAny(() => sut.Decrypt(ciphertext, metadata, "wrong-pass")); } [Fact] public void Decrypt_with_tampered_ciphertext_throws_CryptographicException() { var sut = new BundleSecretEncryptor(); var plaintext = Encoding.UTF8.GetBytes("secret payload"); var (ciphertext, metadata) = sut.Encrypt(plaintext, "pass", TestIterations); ciphertext[0] ^= 0xFF; // Flip every bit in the first ciphertext byte. Assert.ThrowsAny(() => sut.Decrypt(ciphertext, metadata, "pass")); } [Fact] public void Encrypt_produces_distinct_ciphertext_for_same_input_due_to_random_iv() { var sut = new BundleSecretEncryptor(); var plaintext = Encoding.UTF8.GetBytes("same input"); var (ct1, meta1) = sut.Encrypt(plaintext, "pass", TestIterations); var (ct2, meta2) = sut.Encrypt(plaintext, "pass", TestIterations); Assert.NotEqual(ct1, ct2); Assert.NotEqual(meta1.IvB64, meta2.IvB64); Assert.NotEqual(meta1.SaltB64, meta2.SaltB64); } [Fact] public void Decrypt_with_mismatched_AAD_throws_CryptographicException() { // T-005: AES-GCM AAD binds extra context (e.g. manifest non-derivative fields) // into the auth tag. Decrypting with different AAD yields a tag mismatch even // when the passphrase and ciphertext are correct. var sut = new BundleSecretEncryptor(); var plaintext = Encoding.UTF8.GetBytes("secret payload"); var aadOnEncrypt = Encoding.UTF8.GetBytes("manifest-canonical-hash-A"); var aadOnDecrypt = Encoding.UTF8.GetBytes("manifest-canonical-hash-B"); var (ciphertext, metadata) = sut.Encrypt(plaintext, "pass", TestIterations, aadOnEncrypt); Assert.ThrowsAny( () => sut.Decrypt(ciphertext, metadata, "pass", aadOnDecrypt)); } [Fact] public void Decrypt_with_matching_AAD_recovers_plaintext() { // T-005: round-trip with non-empty AAD must succeed when both sides match. var sut = new BundleSecretEncryptor(); var plaintext = Encoding.UTF8.GetBytes("secret payload"); var aad = Encoding.UTF8.GetBytes("manifest-canonical-hash"); var (ciphertext, metadata) = sut.Encrypt(plaintext, "pass", TestIterations, aad); var recovered = sut.Decrypt(ciphertext, metadata, "pass", aad); Assert.Equal(plaintext, recovered); } [Fact] public void Encrypt_emits_metadata_matching_decryption_inputs() { var sut = new BundleSecretEncryptor(); var plaintext = Encoding.UTF8.GetBytes("payload"); var (ciphertext, metadata) = sut.Encrypt(plaintext, "pass", TestIterations); Assert.Equal("AES-256-GCM", metadata.Algorithm); Assert.Equal("PBKDF2-SHA256", metadata.Kdf); Assert.Equal(TestIterations, metadata.Iterations); // Salt is 16 bytes (24 chars b64 incl padding), Iv is 12 bytes (16 chars b64 incl padding). Assert.Equal(16, Convert.FromBase64String(metadata.SaltB64).Length); Assert.Equal(12, Convert.FromBase64String(metadata.IvB64).Length); var recovered = sut.Decrypt(ciphertext, metadata, "pass"); Assert.Equal(plaintext, recovered); } }