Beispiel #1
0
        public override EncryptResult Encrypt(EncryptOptions options, CancellationToken cancellationToken = default)
        {
            Argument.AssertNotNull(options, nameof(options));

            ThrowIfTimeInvalid();

            EncryptionAlgorithm algorithm = options.Algorithm;

            if (algorithm.GetAesCbcEncryptionAlgorithm() is AesCbc aesCbc)
            {
                // Make sure the IV is initialized.
                options.Initialize();

                using ICryptoTransform encryptor = aesCbc.CreateEncryptor(KeyMaterial.K, options.Iv);

                byte[] plaintext  = options.Plaintext;
                byte[] ciphertext = encryptor.TransformFinalBlock(plaintext, 0, plaintext.Length);

                return(new EncryptResult
                {
                    Algorithm = algorithm,
                    KeyId = KeyMaterial.Id,
                    Ciphertext = ciphertext,
                    Iv = options.Iv,
                });
            }
            else
            {
                KeysEventSource.Singleton.AlgorithmNotSupported(nameof(Encrypt), algorithm);
                return(null);
            }
        }
        public override EncryptResult Encrypt(EncryptOptions options, CancellationToken cancellationToken)
        {
            Argument.AssertNotNull(options, nameof(options));

            ThrowIfTimeInvalid();

            EncryptionAlgorithm  algorithm = options.Algorithm;
            RSAEncryptionPadding padding   = algorithm.GetRsaEncryptionPadding();

            if (padding is null)
            {
                KeysEventSource.Singleton.AlgorithmNotSupported(nameof(Encrypt), algorithm);
                return(null);
            }

            byte[]        ciphertext = Encrypt(options.Plaintext, padding);
            EncryptResult result     = null;

            if (ciphertext != null)
            {
                result = new EncryptResult
                {
                    Algorithm  = algorithm,
                    Ciphertext = ciphertext,
                    KeyId      = KeyMaterial.Id,
                };
            }

            return(result);
        }
Beispiel #3
0
        public override EncryptResult Encrypt(EncryptOptions options, CancellationToken cancellationToken = default)
        {
            Argument.AssertNotNull(options, nameof(options));

            ThrowIfTimeInvalid();

            EncryptionAlgorithm algorithm = options.Algorithm;

            if (algorithm.GetAesCbcEncryptionAlgorithm() is AesCbc aesCbc)
            {
                // Make sure the IV is initialized.
                options.Initialize();

                using ICryptoTransform encryptor = aesCbc.CreateEncryptor(KeyMaterial.K, options.Iv);

                byte[] plaintext  = options.Plaintext;
                byte[] ciphertext = encryptor.TransformFinalBlock(plaintext, 0, plaintext.Length);

                return(new EncryptResult
                {
                    Algorithm = algorithm,
                    KeyId = KeyMaterial.Id,
                    Ciphertext = ciphertext,
                    Iv = options.Iv,
                });
            }
            else if (algorithm.IsAesGcm() && AesGcmProxy.TryCreate(KeyMaterial.K, out AesGcmProxy aesGcm))
            {
                using (aesGcm)
                {
                    byte[] plaintext  = options.Plaintext;
                    byte[] ciphertext = new byte[plaintext.Length];
                    byte[] tag        = new byte[AesGcmProxy.NonceByteSize];

                    // Generate an nonce only for local AES-GCM; Managed HSM will do it service-side and err if serialized.
                    byte[] iv = Crypto.GenerateIv(AesGcmProxy.NonceByteSize);

                    aesGcm.Encrypt(iv, plaintext, ciphertext, tag, options.AdditionalAuthenticatedData);

                    return(new EncryptResult
                    {
                        Algorithm = algorithm,
                        KeyId = KeyMaterial.Id,
                        Ciphertext = ciphertext,
                        Iv = iv,
                        AuthenticationTag = tag,
                        AdditionalAuthenticatedData = options.AdditionalAuthenticatedData,
                    });
                }
            }
            else
            {
                KeysEventSource.Singleton.AlgorithmNotSupported(nameof(Encrypt), algorithm);
                return(null);
            }
        }
Beispiel #4
0
        /// <summary>
        /// Encrypts plaintext.
        /// </summary>
        /// <param name="options">An <see cref="EncryptOptions"/> containing the data to encrypt and other options for algorithm-dependent encryption.</param>
        /// <param name="cancellationToken">A <see cref="CancellationToken"/> to cancel the operation.</param>
        /// <returns>
        /// The result of the encrypt operation. The returned <see cref="EncryptResult"/> contains the encrypted data
        /// along with all other information needed to decrypt it. This information should be stored with the encrypted data.
        /// </returns>
        /// <exception cref="ArgumentException">The specified algorithm does not match the key corresponding to the key identifier.</exception>
        /// <exception cref="ArgumentNullException"><paramref name="options"/> is null.</exception>
        /// <exception cref="CryptographicException">The local cryptographic provider threw an exception.</exception>
        /// <exception cref="InvalidOperationException">The key is invalid for the current operation.</exception>
        /// <exception cref="NotSupportedException">The operation is not supported with the specified key.</exception>
        public virtual async Task <EncryptResult> EncryptAsync(EncryptOptions options, CancellationToken cancellationToken = default)
        {
            Argument.AssertNotNull(options, nameof(options));

            EncryptResult result = null;

            if (_provider.SupportsOperation(KeyOperation.Encrypt))
            {
                result = await _provider.EncryptAsync(options, cancellationToken).ConfigureAwait(false);
            }

            return(result ?? throw LocalCryptographyProvider.CreateOperationNotSupported(nameof(KeyOperation.Encrypt)));
        }
Beispiel #5
0
        /// <summary>
        /// Encrypts plaintext.
        /// </summary>
        /// <param name="options">An <see cref="EncryptOptions"/> containing the data to encrypt and other options for algorithm-dependent encryption.</param>
        /// <param name="cancellationToken">A <see cref="CancellationToken"/> to cancel the operation.</param>
        /// <returns>
        /// The result of the encrypt operation. The returned <see cref="EncryptResult"/> contains the encrypted data
        /// along with all other information needed to decrypt it. This information should be stored with the encrypted data.
        /// </returns>
        /// <exception cref="ArgumentException">The specified algorithm does not match the key corresponding to the key identifier.</exception>
        /// <exception cref="ArgumentNullException"><paramref name="options"/> is null.</exception>
        /// <exception cref="CryptographicException">The local cryptographic provider threw an exception.</exception>
        /// <exception cref="InvalidOperationException">The key is invalid for the current operation.</exception>
        /// <exception cref="NotSupportedException">The operation is not supported with the specified key.</exception>
        public virtual EncryptResult Encrypt(EncryptOptions options, CancellationToken cancellationToken = default)
        {
            Argument.AssertNotNull(options, nameof(options));

            EncryptResult result = null;

            if (_provider.SupportsOperation(KeyOperation.Encrypt))
            {
                result = _provider.Encrypt(options, cancellationToken);
            }

            return(result ?? throw LocalCryptographyProvider.CreateOperationNotSupported(nameof(KeyOperation.Encrypt)));
        }
Beispiel #6
0
        public virtual async Task <Response <EncryptResult> > EncryptAsync(EncryptOptions options, CancellationToken cancellationToken = default)
        {
            using DiagnosticScope scope = Pipeline.CreateScope($"{nameof(RemoteCryptographyClient)}.{nameof(Encrypt)}");
            scope.AddAttribute("key", _keyId);
            scope.Start();

            try
            {
                // Make sure the IV is initialized.
                // TODO: Remove this call once the service will initialized it: https://github.com/Azure/azure-sdk-for-net/issues/16175
                options.Initialize();

                return(await Pipeline.SendRequestAsync(RequestMethod.Post, options, () => new EncryptResult { Algorithm = options.Algorithm }, cancellationToken, "/encrypt").ConfigureAwait(false));
            }
            catch (Exception e)
            {
                scope.Failed(e);
                throw;
            }
        }
        public virtual Task <EncryptResult> EncryptAsync(EncryptOptions options, CancellationToken cancellationToken = default)
        {
            EncryptResult result = Encrypt(options, cancellationToken);

            return(Task.FromResult(result));
        }
 public virtual EncryptResult Encrypt(EncryptOptions options, CancellationToken cancellationToken = default)
 {
     throw CreateOperationNotSupported(nameof(Encrypt));
 }
Beispiel #9
0
 EncryptResult ICryptographyProvider.Encrypt(EncryptOptions options, CancellationToken cancellationToken)
 {
     return(Encrypt(options, cancellationToken));
 }
Beispiel #10
0
 async Task <EncryptResult> ICryptographyProvider.EncryptAsync(EncryptOptions options, CancellationToken cancellationToken)
 {
     return(await EncryptAsync(options, cancellationToken).ConfigureAwait(false));
 }