#1 The nonce isn’t being initialized properly - tests & refactoring

alan-null · alan-null · commit 1bccf8a01c1d · 2025-03-16T18:58:52.000+01:00
diff --git a/Crypto.AES/Private/Get-RandomNonce.ps1 b/Crypto.AES/Private/Get-RandomNonce.ps1
@@ -0,0 +1,24 @@
+function Get-RandomNonce {
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory = $true)]
+        [ValidateRange(1, [int]::MaxValue)]
+        [int]$Length
+    )
+
+    begin {
+        Write-Verbose "Cmdlet Get-RandomNonce - Begin"
+    }
+
+    process {
+        Write-Verbose "Cmdlet Get-RandomNonce - Generating a nonce of length $Length"
+
+        $nonce = [byte[]]::new($Length)
+        [System.Security.Cryptography.RandomNumberGenerator]::Fill($nonce)
+        Write-Output $nonce -NoEnumerate
+    }
+
+    end {
+        Write-Verbose "Cmdlet Get-RandomNonce - End"
+    }
+}
diff --git a/Crypto.AES/Public/Protect-Data.ps1 b/Crypto.AES/Public/Protect-Data.ps1
@@ -24,8 +24,7 @@ function Protect-Data {
     process {
         Write-Verbose "Cmdlet Protect-Data - Process"
         if (!$Nonce) {
-            $Nonce = [byte[]]::new(12)
-            [System.Security.Cryptography.RandomNumberGenerator]::Fill($Nonce)
+            $Nonce = Get-RandomNonce -Length 12
         }
         $cipherOutput = [byte[]]::new($Data.Length)
         $tag = [byte[]]::new(16)
diff --git a/Tests/Crypto.AES.Tests.ps1 b/Tests/Crypto.AES.Tests.ps1
@@ -58,10 +58,14 @@ Describe 'Crypto.AES.Tests' {
     }
 
     Context "Protect-Data - signature" {
-        $Key = [byte[]]::new(32)
+            $Key = [byte[]]::new(32)
         $nonce = [byte[]]::new(12)
+            $nonce[0] = 104 # random value to test with mock
         $data = $encoding.GetBytes("Test")
 
+            Mock -CommandName Get-RandomNonce -ModuleName Crypto.AES -MockWith {
+                Write-Output $nonce -NoEnumerate
+            }
 
         It "optional nonce" {
             $r_explicit = Protect-Data -Key $Key -Data $data -Nonce $nonce
