/// <summary>
        /// Initializes a new instance of the <see cref="AsymmetricSignatureProvider"/> class used to create and verify signatures.
        /// </summary>
        /// <param name="key">The <see cref="SecurityKey"/> that will be used for signature operations.</param>
        /// <param name="algorithm">The signature algorithm to apply.</param>
        /// <param name="willCreateSignatures">If this <see cref="AsymmetricSignatureProvider"/> is required to create signatures then set this to true.</param>
        /// <para>
        /// Creating signatures requires that the <see cref="SecurityKey"/> has access to a private key.
        /// Verifying signatures (the default), does not require access to the private key.
        /// </para>
        /// <exception cref="ArgumentNullException"><paramref name="key"/>is null.</exception>
        /// <exception cref="ArgumentNullException"><paramref name="algorithm"/>is null or empty.</exception>
        /// <exception cref="InvalidOperationException"><paramref name="willCreateSignatures"/>is true and there is no private key.</exception>
        /// <exception cref="NotSupportedException">If <see cref="SecurityKey"/> and algorithm pair are not supported.</exception>
        /// <exception cref="ArgumentOutOfRangeException">
        /// willCreateSignatures is true and <see cref="SecurityKey"/>.KeySize is less than the size corresponding to the given algorithm in <see cref="AsymmetricSignatureProvider.MinimumAsymmetricKeySizeInBitsForSigningMap"/>.
        /// </exception>
        /// <exception cref="ArgumentOutOfRangeException">
        /// <see cref="SecurityKey"/>.KeySize is less than the size corresponding to the algorithm in <see cref="AsymmetricSignatureProvider.MinimumAsymmetricKeySizeInBitsForVerifyingMap"/>. Note: this is always checked.
        /// </exception>
        /// <exception cref="InvalidOperationException">If the runtime is unable to create a suitable cryptographic provider.</exception>
        public AsymmetricSignatureProvider(SecurityKey key, string algorithm, bool willCreateSignatures)
            : base(key, algorithm)
        {
            _cryptoProviderFactory = key.CryptoProviderFactory;
            _minimumAsymmetricKeySizeInBitsForSigningMap   = new Dictionary <string, int>(DefaultMinimumAsymmetricKeySizeInBitsForSigningMap);
            _minimumAsymmetricKeySizeInBitsForVerifyingMap = new Dictionary <string, int>(DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap);

            var jsonWebKey = key as JsonWebKey;

            if (jsonWebKey != null)
            {
                JsonWebKeyConverter.TryConvertToSecurityKey(jsonWebKey, out SecurityKey _);
            }

            if (willCreateSignatures && FoundPrivateKey(key) == PrivateKeyStatus.DoesNotExist)
            {
                throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(LogMessages.IDX10638, key)));
            }

            if (!_cryptoProviderFactory.IsSupportedAlgorithm(algorithm, key))
            {
                throw LogHelper.LogExceptionMessage(new NotSupportedException(LogHelper.FormatInvariant(LogMessages.IDX10634, (algorithm ?? "null"), key)));
            }

            WillCreateSignatures         = willCreateSignatures;
            _keySizeIsValid              = new Lazy <bool>(ValidKeySize);
            _asymmetricAdapterObjectPool = new DisposableObjectPool <AsymmetricAdapter>(CreateAsymmetricAdapter, _cryptoProviderFactory.SignatureProviderObjectPoolCacheSize);
        }
        /// <summary>
        /// Constructor that creates a deep copy of given <see cref="CryptoProviderFactory"/> object.
        /// </summary>
        /// <param name="other"><see cref="CryptoProviderFactory"/> to copy from.</param>
        public CryptoProviderFactory(CryptoProviderFactory other)
        {
            if (other == null)
            {
                throw LogHelper.LogArgumentNullException(nameof(other));
            }

            CustomCryptoProvider = other.CustomCryptoProvider;
        }
Example #3
0
        public static void ReleaseSymmetricAlgorithm(this CryptoProviderFactory _, SymmetricAlgorithm symmetricAlgorithm)
        {
            if (symmetricAlgorithm == null)
            {
                throw LogHelper.LogArgumentNullException(nameof(symmetricAlgorithm));
            }

            symmetricAlgorithm.Dispose();
        }
Example #4
0
        public static SymmetricAlgorithm CreateSymmetricAlgorithm(this CryptoProviderFactory crypto, string algorithm)
        {
            if (crypto.CustomCryptoProvider != null && crypto.CustomCryptoProvider.IsSupportedAlgorithm(algorithm))
            {
                if (!(crypto?.CustomCryptoProvider.Create(algorithm) is SymmetricAlgorithm symmetric))
                {
                    throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(IDX10647, algorithm, typeof(SymmetricAlgorithm))));
                }

                return(symmetric);
            }
            throw LogHelper.LogExceptionMessage(new NotSupportedException(LogHelper.FormatInvariant(IDX10640, algorithm)));
        }
Example #5
0
        public static SymmetricAlgorithm CreateSymmetricAlgorithm(this CryptoProviderFactory crypto, SecurityKey securityKey, string algorithm)
        {
            if (securityKey == null)
            {
                throw LogHelper.LogArgumentNullException(nameof(securityKey));
            }

            if (!(securityKey is SymmetricSecurityKey symmetricKey))
            {
                throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(InvalidSecurityKey, securityKey.GetType().Name)));
            }

            var symmetric = crypto.CreateSymmetricAlgorithm(algorithm);

            symmetric.Key = symmetricKey.Key;
            return(symmetric);
        }
        /// <summary>
        /// Initializes a new instance of the <see cref="AuthenticatedEncryptionProvider"/> class used for encryption and decryption.
        /// </summary>
        /// <param name="key">The <see cref="SecurityKey"/> that will be used for crypto operations.</param>
        /// <param name="algorithm">The encryption algorithm to apply.</param>
        /// <exception cref="ArgumentNullException">'key' is null.</exception>
        /// <exception cref="ArgumentNullException">'algorithm' is null or whitespace.</exception>
        /// <exception cref="ArgumentOutOfRangeException">key size is not large enough.</exception>
        /// <exception cref="ArgumentException">'algorithm' is not supported.</exception>
        /// <exception cref="ArgumentException">a symmetricSignatureProvider is not created.</exception>
        public AuthenticatedEncryptionProvider(SecurityKey key, string algorithm)
        {
            if (key == null)
            {
                throw LogHelper.LogArgumentNullException(nameof(key));
            }

            if (string.IsNullOrWhiteSpace(algorithm))
            {
                throw LogHelper.LogArgumentNullException(nameof(algorithm));
            }

            _authenticatedkeys = new Lazy <AuthenticatedKeys>(CreateAuthenticatedKeys);
            _hmacAlgorithm     = GetHmacAlgorithm(algorithm);
            Key       = key;
            Algorithm = algorithm;
            _cryptoProviderFactory = key.CryptoProviderFactory;

            _symmetricSignatureProvider = new Lazy <SymmetricSignatureProvider>(CreateSymmetricSignatureProvider);
        }
Example #7
0
        /// <summary>
        /// Initializes a new instance of the <see cref="AsymmetricSignatureProvider"/> class used to create and verify signatures.
        /// </summary>
        /// <param name="key">The <see cref="SecurityKey"/> that will be used for signature operations.</param>
        /// <param name="algorithm">The signature algorithm to apply.</param>
        /// <param name="willCreateSignatures">If this <see cref="AsymmetricSignatureProvider"/> is required to create signatures then set this to true.</param>
        /// <para>
        /// Creating signatures requires that the <see cref="SecurityKey"/> has access to a private key.
        /// Verifying signatures (the default), does not require access to the private key.
        /// </para>
        /// <exception cref="ArgumentNullException"><paramref name="key"/>is null.</exception>
        /// <exception cref="ArgumentNullException"><paramref name="algorithm"/>is null or empty.</exception>
        /// <exception cref="InvalidOperationException"><paramref name="willCreateSignatures"/>is true and there is no private key.</exception>
        /// <exception cref="NotSupportedException">If <see cref="SecurityKey"/> and algorithm pair are not supported.</exception>
        /// <exception cref="ArgumentOutOfRangeException">
        /// willCreateSignatures is true and <see cref="SecurityKey"/>.KeySize is less than the size corresponding to the given algorithm in <see cref="AsymmetricSignatureProvider.MinimumAsymmetricKeySizeInBitsForSigningMap"/>.
        /// </exception>
        /// <exception cref="ArgumentOutOfRangeException">
        /// <see cref="SecurityKey"/>.KeySize is less than the size corresponding to the algorithm in <see cref="AsymmetricSignatureProvider.MinimumAsymmetricKeySizeInBitsForVerifyingMap"/>. Note: this is always checked.
        /// </exception>
        /// <exception cref="InvalidOperationException">If the runtime is unable to create a suitable cryptographic provider.</exception>
        public AsymmetricSignatureProvider(SecurityKey key, string algorithm, bool willCreateSignatures)
            : base(key, algorithm)
        {
            _cryptoProviderFactory = key.CryptoProviderFactory;
            _minimumAsymmetricKeySizeInBitsForSigningMap   = new Dictionary <string, int>(DefaultMinimumAsymmetricKeySizeInBitsForSigningMap);
            _minimumAsymmetricKeySizeInBitsForVerifyingMap = new Dictionary <string, int>(DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap);
            if (willCreateSignatures && FoundPrivateKey(key) == PrivateKeyStatus.DoesNotExist)
            {
                throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(LogMessages.IDX10638, key)));
            }

            if (!_cryptoProviderFactory.IsSupportedAlgorithm(algorithm, key))
            {
                throw LogHelper.LogExceptionMessage(new NotSupportedException(LogHelper.FormatInvariant(LogMessages.IDX10634, (algorithm ?? "null"), key)));
            }

            ValidateAsymmetricSecurityKeySize(key, algorithm, willCreateSignatures);
            _asymmetricAdapter   = ResolveAsymmetricAdapter(key, algorithm, willCreateSignatures);
            WillCreateSignatures = willCreateSignatures;
        }
        /// <summary>
        /// Initializes a new instance of the <see cref="AuthenticatedEncryptionProvider"/> class used for encryption and decryption.
        /// </summary>
        /// <param name="key">The <see cref="SecurityKey"/> that will be used for crypto operations.</param>
        /// <param name="algorithm">The encryption algorithm to apply.</param>
        /// <exception cref="ArgumentNullException">'key' is null.</exception>
        /// <exception cref="ArgumentNullException">'algorithm' is null or whitespace.</exception>
        /// <exception cref="ArgumentOutOfRangeException">key size is not large enough.</exception>
        /// <exception cref="ArgumentException">'algorithm' is not supported.</exception>
        /// <exception cref="ArgumentException">a symmetricSignatureProvider is not created.</exception>
        public AuthenticatedEncryptionProvider(SecurityKey key, string algorithm)
        {
            if (key == null)
            {
                throw LogHelper.LogArgumentNullException(nameof(key));
            }

            if (string.IsNullOrWhiteSpace(algorithm))
            {
                throw LogHelper.LogArgumentNullException(nameof(algorithm));
            }

            Key       = key;
            Algorithm = algorithm;
            _cryptoProviderFactory = key.CryptoProviderFactory;
            if (SupportedAlgorithms.IsSupportedEncryptionAlgorithm(algorithm, key))
            {
                if (SupportedAlgorithms.IsAesGcm(algorithm))
                {
#if NETSTANDARD2_0
                    if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
                    {
                        throw LogHelper.LogExceptionMessage(new PlatformNotSupportedException(LogHelper.FormatInvariant(LogMessages.IDX10713, LogHelper.MarkAsNonPII(algorithm))));
                    }
#endif
                    InitializeUsingAesGcm();
                }
                else
                {
                    InitializeUsingAesCbc();
                }
            }
            else
            {
                throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX10668, LogHelper.MarkAsNonPII(_className), LogHelper.MarkAsNonPII(algorithm), key)));
            }
        }
 /// <summary>
 /// Static constructor that initializes the default <see cref="CryptoProviderFactory"/>.
 /// </summary>
 static CryptoProviderFactory()
 {
     Default = new CryptoProviderFactory();
 }
 internal AsymmetricSignatureProvider(SecurityKey key, string algorithm, CryptoProviderFactory cryptoProviderFactory)
     : this(key, algorithm)
 {
     _cryptoProviderFactory = cryptoProviderFactory;
 }
 internal AsymmetricSignatureProvider(SecurityKey key, string algorithm, bool willCreateSignatures, CryptoProviderFactory cryptoProviderFactory)
     : this(key, algorithm, willCreateSignatures)
 {
     _cryptoProviderFactory = cryptoProviderFactory;
 }
 /// <summary>
 /// Default constructor
 /// </summary>
 public SecurityKey()
 {
     _cryptoProviderFactory = CryptoProviderFactory.Default;
     SetInternalId();
 }
 internal SecurityKey(SecurityKey key)
 {
     _cryptoProviderFactory = key._cryptoProviderFactory;
     KeyId = key.KeyId;
     SetInternalId();
 }