/// <summary>
        /// Imports the <see cref="CngCbcAuthenticatedEncryptorDescriptor"/> from serialized XML.
        /// </summary>
        public IAuthenticatedEncryptorDescriptor ImportFromXml(XElement element)
        {
            if (element == null)
            {
                throw new ArgumentNullException(nameof(element));
            }

            // <descriptor>
            //   <!-- Windows CNG-GCM -->
            //   <encryption algorithm="..." keyLength="..." [provider="..."] />
            //   <masterKey>...</masterKey>
            // </descriptor>

            var configuration = new CngGcmAuthenticatedEncryptorConfiguration();

            var encryptionElement = element.Element("encryption") !;

            configuration.EncryptionAlgorithm         = (string)encryptionElement.Attribute("algorithm") !;
            configuration.EncryptionAlgorithmKeySize  = (int)encryptionElement.Attribute("keyLength") !;
            configuration.EncryptionAlgorithmProvider = (string?)encryptionElement.Attribute("provider"); // could be null

            Secret masterKey = ((string)element.Element("masterKey") !).ToSecret();

            return(new CngGcmAuthenticatedEncryptorDescriptor(configuration, masterKey));
        }
        public void CreateNewDescriptor_PropagatesOptions()
        {
            // Arrange
            var configuration = new CngGcmAuthenticatedEncryptorConfiguration();

            // Act
            var descriptor = (CngGcmAuthenticatedEncryptorDescriptor)configuration.CreateNewDescriptor();

            // Assert
            Assert.Equal(configuration, descriptor.Configuration);
        }
        public void CreateNewDescriptor_PropagatesOptions()
        {
            // Arrange
            var configuration = new CngGcmAuthenticatedEncryptorConfiguration(new CngGcmAuthenticatedEncryptionSettings());

            // Act
            var descriptor = (CngGcmAuthenticatedEncryptorDescriptor)configuration.CreateNewDescriptor();

            // Assert
            Assert.Equal(configuration.Settings, descriptor.Settings);
        }
        public void CreateNewDescriptor_CreatesUniqueCorrectlySizedMasterKey()
        {
            // Arrange
            var configuration = new CngGcmAuthenticatedEncryptorConfiguration();

            // Act
            var masterKey1 = ((CngGcmAuthenticatedEncryptorDescriptor)configuration.CreateNewDescriptor()).MasterKey;
            var masterKey2 = ((CngGcmAuthenticatedEncryptorDescriptor)configuration.CreateNewDescriptor()).MasterKey;

            // Assert
            SecretAssert.NotEqual(masterKey1, masterKey2);
            SecretAssert.LengthIs(512 /* bits */, masterKey1);
            SecretAssert.LengthIs(512 /* bits */, masterKey2);
        }
        public void CreateNewDescriptor_CreatesUniqueCorrectlySizedMasterKey()
        {
            // Arrange
            var configuration = new CngGcmAuthenticatedEncryptorConfiguration(new CngGcmAuthenticatedEncryptionSettings());

            // Act
            var masterKey1 = ((CngGcmAuthenticatedEncryptorDescriptor)configuration.CreateNewDescriptor()).MasterKey;
            var masterKey2 = ((CngGcmAuthenticatedEncryptorDescriptor)configuration.CreateNewDescriptor()).MasterKey;

            // Assert
            SecretAssert.NotEqual(masterKey1, masterKey2);
            SecretAssert.LengthIs(512 /* bits */, masterKey1);
            SecretAssert.LengthIs(512 /* bits */, masterKey2);
        }
        /// <summary>
        /// Initializes a new instance of <see cref="CngGcmAuthenticatedEncryptorDescriptor"/>.
        /// </summary>
        /// <param name="configuration">The <see cref="CngCbcAuthenticatedEncryptorConfiguration"/>.</param>
        /// <param name="masterKey">The master key.</param>
        public CngGcmAuthenticatedEncryptorDescriptor(CngGcmAuthenticatedEncryptorConfiguration configuration, ISecret masterKey)
        {
            if (configuration == null)
            {
                throw new ArgumentNullException(nameof(configuration));
            }

            if (masterKey == null)
            {
                throw new ArgumentNullException(nameof(masterKey));
            }

            Configuration = configuration;
            MasterKey     = masterKey;
        }
        public void ResolvePolicy_CngGcmEncryption_WithExplicitSettings()
        {
            IServiceCollection serviceCollection = new ServiceCollection();
            RunTestWithRegValues(serviceCollection, new Dictionary<string, object>()
            {
                ["EncryptionType"] = "cng-gcm",
                ["EncryptionAlgorithm"] = "enc-alg",
                ["EncryptionAlgorithmKeySize"] = 2048,
                ["EncryptionAlgorithmProvider"] = "my-enc-alg-provider"
            });

            var services = serviceCollection.BuildServiceProvider();
            var expectedConfiguration = new CngGcmAuthenticatedEncryptorConfiguration(new CngGcmAuthenticatedEncryptionSettings()
            {
                EncryptionAlgorithm = "enc-alg",
                EncryptionAlgorithmKeySize = 2048,
                EncryptionAlgorithmProvider = "my-enc-alg-provider"
            });
            var actualConfiguration = (CngGcmAuthenticatedEncryptorConfiguration)services.GetService<IAuthenticatedEncryptorConfiguration>();

            Assert.Equal(expectedConfiguration.Settings.EncryptionAlgorithm, actualConfiguration.Settings.EncryptionAlgorithm);
            Assert.Equal(expectedConfiguration.Settings.EncryptionAlgorithmKeySize, actualConfiguration.Settings.EncryptionAlgorithmKeySize);
            Assert.Equal(expectedConfiguration.Settings.EncryptionAlgorithmProvider, actualConfiguration.Settings.EncryptionAlgorithmProvider);
        }