public void CacheEncryptionKeyCorrectlyWhenCallingGetOrCreate()
{
byte[] plaintextKey1 = { 26, 60, 114, 103, 139, 37, 229, 66, 170, 179, 244, 229, 233, 102, 44, 186, 234, 9, 5, 211, 216, 143, 103, 144, 252, 254, 96, 111, 233, 1, 149, 240 };
byte[] plaintextKey2 = { 26, 60, 114, 103, 139, 37, 229, 66, 170, 179, 244, 229, 233, 102, 44, 186, 234, 9, 5, 211, 216, 143, 103, 144, 252, 254, 96, 111, 233, 1, 149, 240 };
byte[] plaintextKey3 = { 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 };
DataEncryptionKey encryptionkey1 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey1);
DataEncryptionKey encryptionkey2 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey1);
Assert.Same(encryptionkey1, encryptionkey2);
DataEncryptionKey encryptionkey3 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey1);
DataEncryptionKey encryptionkey4 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey2);
Assert.Same(encryptionkey3, encryptionkey4);
DataEncryptionKey encryptionkey5 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey1);
DataEncryptionKey encryptionkey6 = PlaintextDataEncryptionKey.GetOrCreate("Not_EK", plaintextKey1);
Assert.NotSame(encryptionkey5, encryptionkey6);
DataEncryptionKey encryptionkey7 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey1);
DataEncryptionKey encryptionkey8 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey3);
Assert.NotSame(encryptionkey7, encryptionkey8);
}
public void PerformEqualityCorrectly()
{
DataEncryptionKey encryptionKey1 = new PlaintextDataEncryptionKey("CEK", plaintextEncryptionKeyBytes);
DataEncryptionKey encryptionKey2 = new PlaintextDataEncryptionKey("CEK", plaintextEncryptionKeyBytes);
Assert.Equal(encryptionKey1, encryptionKey2);
}
public void PerformHashCodeCorrectly()
{
DataEncryptionKey encryptionKey1 = new PlaintextDataEncryptionKey("CEK", plaintextEncryptionKeyBytes);
DataEncryptionKey encryptionKey2 = new PlaintextDataEncryptionKey("CEK", plaintextEncryptionKeyBytes);
Assert.Equal(encryptionKey1.GetHashCode(), encryptionKey2.GetHashCode());
}
internal static void Demo()
{
// Create some simple data elements
string plaintextString = "MyString";
long plaintextNumber = 4815162342;
Console.WriteLine("**** Original Values ****");
Console.WriteLine($"String: {plaintextString}");
Console.WriteLine($"Number: {plaintextNumber}");
// Generate a new plaintext encryption key
PlaintextDataEncryptionKey encryptionKey = new PlaintextDataEncryptionKey("MyKey");
var ciphertextString = plaintextString.Encrypt(encryptionKey).ToBase64String();
var ciphertextNumber = plaintextNumber.Encrypt(encryptionKey).ToBase64String();
Console.WriteLine("\n**** Encrypted Values ****");
Console.WriteLine($"String: {ciphertextString}");
Console.WriteLine($"Number: {ciphertextNumber}");
string decryptedString = ciphertextString.FromBase64String().Decrypt <string>(encryptionKey);
long decryptedNumber = ciphertextNumber.FromBase64String().Decrypt <long>(encryptionKey);
Console.WriteLine("\n**** Decrypted Values ****");
Console.WriteLine($"String: {decryptedString}");
Console.WriteLine($"Number: {decryptedNumber}");
Console.Clear();
}
/// <summary>
/// For providing support to Encrypt/Decrypt items using Legacy DEK with MDE based algorithm.
/// UnWrap using Legacy Key Provider and Init MDE Encryption Algorithm with Unwrapped Key.
/// </summary>
/// <param name="dekProperties"> DEK Properties </param>
/// <param name="cancellationToken"> Cancellation Token </param>
/// <returns> Data Encryption Key </returns>
internal async Task <DataEncryptionKey> FetchUnWrappedMdeSupportedLegacyDekAsync(
DataEncryptionKeyProperties dekProperties,
CancellationToken cancellationToken)
{
if (this.DekProvider.EncryptionKeyWrapProvider == null)
{
throw new InvalidOperationException($"For use of '{CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized}' algorithm based DEK, " +
"Encryptor or CosmosDataEncryptionKeyProvider needs to be initialized with EncryptionKeyWrapProvider.");
}
EncryptionKeyUnwrapResult unwrapResult;
try
{
// unwrap with original wrap provider
unwrapResult = await this.DekProvider.EncryptionKeyWrapProvider.UnwrapKeyAsync(
dekProperties.WrappedDataEncryptionKey,
dekProperties.EncryptionKeyWrapMetadata,
cancellationToken);
}
catch (Exception exception)
{
throw EncryptionExceptionFactory.EncryptionKeyNotFoundException(
$"Failed to unwrap Data Encryption Key with id: '{dekProperties.Id}'.",
exception);
}
// Init PlainDataEncryptionKey and then Init MDE Algorithm using PlaintextDataEncryptionKey.
// PlaintextDataEncryptionKey derives DataEncryptionkey to Init a Raw Root Key received via Legacy WrapProvider Unwrap result.
PlaintextDataEncryptionKey plaintextDataEncryptionKey = new PlaintextDataEncryptionKey(
dekProperties.EncryptionKeyWrapMetadata.GetName(dekProperties.EncryptionKeyWrapMetadata),
unwrapResult.DataEncryptionKey);
return(new MdeEncryptionAlgorithm(
plaintextDataEncryptionKey,
Data.Encryption.Cryptography.EncryptionType.Randomized));
}
