public void CryptoStream_should_show_unencrypted_length_properly(int expectedSizeInBytes)
{
var data = new byte[expectedSizeInBytes];
new Random().NextBytes(data);
const string encryptionKey = "Byax1jveejqio9Urcdjw8431iQYKkPg6Ig4OxHdxSAU=";
var encryptionKeyBytes = Convert.FromBase64String(encryptionKey);
var encryptionSettings = new EncryptionSettings(encryptionKeyBytes, typeof(RijndaelManaged), true, 128);
var filename = Guid.NewGuid() + ".txt";
try
{
using (var stream = new FileStream(filename, FileMode.CreateNew))
using (var cryptoStream = new SeekableCryptoStream(encryptionSettings, encryptionKey, stream))
{
cryptoStream.Write(data, 0, data.Length);
cryptoStream.Flush();
}
using (var stream = new FileStream(filename, FileMode.Open))
using (var cryptoStream = new SeekableCryptoStream(encryptionSettings, encryptionKey, stream))
{
Assert.Equal(data.Length, cryptoStream.Length);
}
}
finally
{
File.Delete(filename);
}
}
public BlockReaderWriter(EncryptionSettings encryptionSettings, string key, Stream stream, int defaultBlockSize)
{
if (encryptionSettings == null)
throw new ArgumentNullException("encryptionSettings");
if (key == null)
throw new ArgumentNullException("key");
if (stream == null)
throw new ArgumentNullException("stream");
if (!stream.CanRead)
throw new ArgumentException("The Underlying stream for a BlockReaderWriter must always be either read-only or read-write. Write only streams are not supported.");
if (!stream.CanSeek)
throw new ArgumentException("The Underlying stream for a BlockReaderWriter must be seekable.");
isReadonly = !stream.CanWrite;
this.settings = encryptionSettings;
this.key = key;
this.stream = stream;
this.header = ReadOrWriteEmptyHeader(defaultBlockSize);
this.footer = ReadOrWriteFooter();
totalUnencryptedSize = 0;
}
public override void Initialize(DocumentDatabase database)
{
settings = EncryptionSettingsManager.GetEncryptionSettingsForDatabase(database);
EncryptionSettingsManager.VerifyEncryptionKey(database, settings);
}
public SeekableCryptoStream(EncryptionSettings encryptionSettings, string key, Stream stream)
{
if (!stream.CanRead)
throw new ArgumentException("The Underlying stream for a SeekableCryptoStream must always be either read-only or read-write. Write only streams are not supported.");
if (!stream.CanSeek)
throw new ArgumentException("The Underlying stream for a SeekableCryptoStream must be seekable.");
isReadonly = !stream.CanWrite;
underlyingStream = new BlockReaderWriter(encryptionSettings, key, stream, Constants.DefaultIndexFileBlockSize);
currentBlockSize = underlyingStream.Header.DecryptedBlockSize;
}
/// <summary>
/// Uses an encrypted document to verify that the encryption key is correct and decodes it to the right value.
/// </summary>
public static void VerifyEncryptionKey(RavenFileSystem fileSystem, EncryptionSettings settings)
{
RavenJObject config = null;
try
{
fileSystem.Storage.Batch(accessor =>
{
try
{
config = accessor.GetConfig(Constants.InResourceKeyVerificationDocumentName);
}
catch (FileNotFoundException)
{
}
});
}
catch (CryptographicException e)
{
throw new ConfigurationErrorsException("The file system is encrypted with a different key and/or algorithm than the ones "
+ "currently in the configuration file.", e);
}
if (config != null)
{
if (!RavenJTokenEqualityComparer.Default.Equals(config, Constants.InResourceKeyVerificationDocumentContents))
throw new ConfigurationErrorsException("The file system is encrypted with a different key and/or algorithm than the ones is currently configured");
}
else
{
// This is the first time the file system is loaded.
if (EncryptedFileExist(fileSystem))
throw new InvalidOperationException("The file system already has existing files, you cannot start using encryption now.");
var clonedDoc = (RavenJObject)Constants.InResourceKeyVerificationDocumentContents.CreateSnapshot();
fileSystem.Storage.Batch(accessor => accessor.SetConfig(Constants.InResourceKeyVerificationDocumentName, clonedDoc));
}
}
/// <summary>
/// Uses an encrypted document to verify that the encryption key is correct and decodes it to the right value.
/// </summary>
public static void VerifyEncryptionKey(DocumentDatabase database, EncryptionSettings settings)
{
JsonDocument doc;
try
{
doc = database.Documents.Get(Constants.InResourceKeyVerificationDocumentName, null);
}
catch (Exception e)
{
if (e is CryptographicException)
{
throw new ConfigurationErrorsException("The database is encrypted with a different key and/or algorithm than the ones "
+ "currently in the configuration file.", e);
}
if (settings.Codec.UsingSha1)
throw;
log.Debug("Couldn't decrypt the database using MD5. Trying with SHA1.");
settings.Codec.UseSha1();
VerifyEncryptionKey(database, settings);
return;
}
if (doc != null)
{
if (!RavenJTokenEqualityComparer.Default.Equals(doc.DataAsJson, Constants.InResourceKeyVerificationDocumentContents))
throw new ConfigurationErrorsException("The database is encrypted with a different key and/or algorithm than the ones "
+ "currently in the configuration file.");
}
else
{
// This is the first time the database is loaded.
if (EncryptedDocumentsExist(database))
throw new InvalidOperationException("The database already has existing documents, you cannot start using encryption now.");
var clonedDoc = (RavenJObject)Constants.InResourceKeyVerificationDocumentContents.CreateSnapshot();
database.Documents.Put(Constants.InResourceKeyVerificationDocumentName, null, clonedDoc, new RavenJObject(), null);
}
}
/// <summary>
/// Uses an encrypted document to verify that the encryption key is correct and decodes it to the right value.
/// </summary>
public static void VerifyEncryptionKey(DocumentDatabase database, EncryptionSettings settings)
{
JsonDocument doc;
try
{
doc = database.Documents.Get(Constants.InDatabaseKeyVerificationDocumentName, null);
}
catch (CryptographicException e)
{
throw new ConfigurationErrorsException("The database is encrypted with a different key and/or algorithm than the ones "
+ "currently in the configuration file.", e);
}
if (doc != null)
{
var ravenJTokenEqualityComparer = new RavenJTokenEqualityComparer();
if (!ravenJTokenEqualityComparer.Equals(doc.DataAsJson,Constants.InDatabaseKeyVerificationDocumentContents))
throw new ConfigurationErrorsException("The database is encrypted with a different key and/or algorithm than the ones "
+ "currently in the configuration file.");
}
else
{
// This is the first time the database is loaded.
if (EncryptedDocumentsExist(database))
throw new InvalidOperationException("The database already has existing documents, you cannot start using encryption now.");
var clonedDoc = (RavenJObject)Constants.InDatabaseKeyVerificationDocumentContents.CreateSnapshot();
database.Documents.Put(Constants.InDatabaseKeyVerificationDocumentName, null, clonedDoc, new RavenJObject(), null);
}
}
public override void Initialize()
{
settings = EncryptionSettingsManager.GetEncryptionSettingsForDatabase(Database);
}
public override void Initialize()
{
settings = EncryptionSettingsManager.GetEncryptionSettingsForResource(FileSystem);
}
public override void Initialize(DocumentDatabase database)
{
settings = EncryptionSettingsManager.GetEncryptionSettingsForResource(database);
}
public Codec(EncryptionSettings settings)
{
this.EncryptionSettings = settings;
}
public Codec(EncryptionSettings settings)
{
encryptionSettings = settings;
UsingSha1 = false;
}
public void SetSettings(EncryptionSettings newSettings)
{
settings = newSettings;
}
