/// <summary>
        /// Imports the <see cref="CngCbcAuthenticatedEncryptorDescriptor"/> from serialized XML.
        /// </summary>
        public IAuthenticatedEncryptorDescriptor ImportFromXml(XElement element)
        {
            if (element == null)
            {
                throw new ArgumentNullException(nameof(element));
            }

            // <descriptor>
            //   <!-- Windows CNG-CBC -->
            //   <encryption algorithm="..." keyLength="..." [provider="..."] />
            //   <hash algorithm="..." [provider="..."] />
            //   <masterKey>...</masterKey>
            // </descriptor>

            var options = new CngCbcAuthenticatedEncryptionOptions();

            var encryptionElement = element.Element("encryption");

            options.EncryptionAlgorithm         = (string)encryptionElement.Attribute("algorithm");
            options.EncryptionAlgorithmKeySize  = (int)encryptionElement.Attribute("keyLength");
            options.EncryptionAlgorithmProvider = (string)encryptionElement.Attribute("provider"); // could be null

            var hashElement = element.Element("hash");

            options.HashAlgorithm         = (string)hashElement.Attribute("algorithm");
            options.HashAlgorithmProvider = (string)hashElement.Attribute("provider"); // could be null

            Secret masterKey = ((string)element.Element("masterKey")).ToSecret();

            return(new CngCbcAuthenticatedEncryptorDescriptor(options, masterKey, _services));
        }
        /// <summary>
        /// Imports the <see cref="CngCbcAuthenticatedEncryptorDescriptor"/> from serialized XML.
        /// </summary>
        public IAuthenticatedEncryptorDescriptor ImportFromXml(XElement element)
        {
            if (element == null)
            {
                throw new ArgumentNullException(nameof(element));
            }

            // <descriptor>
            //   <!-- Windows CNG-CBC -->
            //   <encryption algorithm="..." keyLength="..." [provider="..."] />
            //   <hash algorithm="..." [provider="..."] />
            //   <masterKey>...</masterKey>
            // </descriptor>

            var options = new CngCbcAuthenticatedEncryptionOptions();

            var encryptionElement = element.Element("encryption");
            options.EncryptionAlgorithm = (string)encryptionElement.Attribute("algorithm");
            options.EncryptionAlgorithmKeySize = (int)encryptionElement.Attribute("keyLength");
            options.EncryptionAlgorithmProvider = (string)encryptionElement.Attribute("provider"); // could be null

            var hashElement = element.Element("hash");
            options.HashAlgorithm = (string)hashElement.Attribute("algorithm");
            options.HashAlgorithmProvider = (string)hashElement.Attribute("provider"); // could be null

            Secret masterKey = ((string)element.Element("masterKey")).ToSecret();

            return new CngCbcAuthenticatedEncryptorDescriptor(options, masterKey, _services);
        }
        public DataProtectionConfiguration UseCustomCryptographicAlgorithms(CngCbcAuthenticatedEncryptionOptions options)
        {
            if (options == null)
            {
                throw new ArgumentNullException(nameof(options));
            }

            return(UseCryptographicAlgorithmsCore(options));
        }
Example #4
0
        public CngCbcAuthenticatedEncryptorConfiguration(CngCbcAuthenticatedEncryptionOptions options, IServiceProvider services)
        {
            if (options == null)
            {
                throw new ArgumentNullException(nameof(options));
            }

            Options   = options;
            _services = services;
        }
        public CngCbcAuthenticatedEncryptorConfiguration(CngCbcAuthenticatedEncryptionOptions options, IServiceProvider services)
        {
            if (options == null)
            {
                throw new ArgumentNullException(nameof(options));
            }

            Options = options;
            _services = services;
        }
        public CngCbcAuthenticatedEncryptorDescriptor(CngCbcAuthenticatedEncryptionOptions options, ISecret masterKey, IServiceProvider services)
        {
            if (options == null)
            {
                throw new ArgumentNullException(nameof(options));
            }

            if (masterKey == null)
            {
                throw new ArgumentNullException(nameof(masterKey));
            }

            Options = options;
            MasterKey = masterKey;
            _log = services.GetLogger<CngCbcAuthenticatedEncryptorDescriptor>();
        }
        public CngCbcAuthenticatedEncryptorDescriptor(CngCbcAuthenticatedEncryptionOptions options, ISecret masterKey, IServiceProvider services)
        {
            if (options == null)
            {
                throw new ArgumentNullException(nameof(options));
            }

            if (masterKey == null)
            {
                throw new ArgumentNullException(nameof(masterKey));
            }

            Options   = options;
            MasterKey = masterKey;
            _log      = services.GetLogger <CngCbcAuthenticatedEncryptorDescriptor>();
        }
        private IEnumerable <ServiceDescriptor> ResolvePolicyCore()
        {
            // Read the encryption options type: CNG-CBC, CNG-GCM, Managed
            IInternalAuthenticatedEncryptionOptions options = null;
            string encryptionType = (string)_policyRegKey.GetValue("EncryptionType");

            if (String.Equals(encryptionType, "CNG-CBC", StringComparison.OrdinalIgnoreCase))
            {
                options = new CngCbcAuthenticatedEncryptionOptions();
            }
            else if (String.Equals(encryptionType, "CNG-GCM", StringComparison.OrdinalIgnoreCase))
            {
                options = new CngGcmAuthenticatedEncryptionOptions();
            }
            else if (String.Equals(encryptionType, "Managed", StringComparison.OrdinalIgnoreCase))
            {
                options = new ManagedAuthenticatedEncryptionOptions();
            }
            else if (!String.IsNullOrEmpty(encryptionType))
            {
                throw CryptoUtil.Fail("Unrecognized EncryptionType: " + encryptionType);
            }
            if (options != null)
            {
                PopulateOptions(options, _policyRegKey);
                yield return(DataProtectionServiceDescriptors.IAuthenticatedEncryptorConfiguration_FromOptions(options));
            }

            // Read ancillary data

            int?defaultKeyLifetime = (int?)_policyRegKey.GetValue("DefaultKeyLifetime");

            if (defaultKeyLifetime.HasValue)
            {
                yield return(DataProtectionServiceDescriptors.ConfigureOptions_DefaultKeyLifetime(defaultKeyLifetime.Value));
            }

            var keyEscrowSinks = ReadKeyEscrowSinks(_policyRegKey);

            foreach (var keyEscrowSink in keyEscrowSinks)
            {
                yield return(DataProtectionServiceDescriptors.IKeyEscrowSink_FromTypeName(keyEscrowSink));
            }
        }
 public CngCbcAuthenticatedEncryptorDescriptor(CngCbcAuthenticatedEncryptionOptions options, ISecret masterKey)
     : this(options, masterKey, services: null)
 {
 }
Example #10
0
 public CngCbcAuthenticatedEncryptorConfiguration(CngCbcAuthenticatedEncryptionOptions options)
     : this(options, services : null)
 {
 }
 public CngCbcAuthenticatedEncryptorDescriptor(CngCbcAuthenticatedEncryptionOptions options, ISecret masterKey)
     : this(options, masterKey, services : null)
 {
 }
 public CngCbcAuthenticatedEncryptorConfiguration(CngCbcAuthenticatedEncryptionOptions options)
     : this(options, services: null)
 {
 }