Exemple #1
0
        /// <summary>
        /// Creates an instance of <see cref="AuthenticatedEncryptionProvider"/> for a specific &lt;SecurityKey, Algorithm>.
        /// </summary>
        /// <param name="key">the <see cref="SecurityKey"/> to use.</param>
        /// <param name="algorithm">the algorithm to use.</param>
        /// <returns>an instance of <see cref="AuthenticatedEncryptionProvider"/></returns>
        /// <exception cref="ArgumentNullException">'key' is null.</exception>
        /// <exception cref="ArgumentNullException">'algorithm' is null or empty.</exception>
        /// <exception cref="ArgumentException">'key' is not a <see cref="SymmetricSecurityKey"/>.</exception>
        /// <exception cref="ArgumentException">'algorithm, key' pair is not supported.</exception>
        public virtual AuthenticatedEncryptionProvider CreateAuthenticatedEncryptionProvider(SecurityKey key, string algorithm)
        {
            if (key == null)
            {
                throw LogHelper.LogArgumentNullException(nameof(key));
            }

            if (string.IsNullOrEmpty(algorithm))
            {
                throw LogHelper.LogArgumentNullException(nameof(algorithm));
            }

            if (CustomCryptoProvider != null && CustomCryptoProvider.IsSupportedAlgorithm(algorithm, key))
            {
                var cryptoProvider = CustomCryptoProvider.Create(algorithm, key) as AuthenticatedEncryptionProvider;
                if (cryptoProvider == null)
                {
                    throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(LogMessages.IDX10646, algorithm, key, typeof(AuthenticatedEncryptionProvider))));
                }

                return(cryptoProvider);
            }

            if (SupportedAlgorithms.IsSupportedAuthenticatedEncryptionAlgorithm(algorithm, key))
            {
                return(new AuthenticatedEncryptionProvider(key, algorithm));
            }

            throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX10652, algorithm), nameof(algorithm)));
        }
Exemple #2
0
        /// <summary>
        /// Checks if an 'algorithm, key' pair is supported.
        /// </summary>
        /// <param name="algorithm">the algorithm to check.</param>
        /// <param name="key">the <see cref="SecurityKey"/>.</param>
        /// <returns>true if 'algorithm, key' pair is supported.</returns>
        public virtual bool IsSupportedAlgorithm(string algorithm, SecurityKey key)
        {
            if (CustomCryptoProvider != null && CustomCryptoProvider.IsSupportedAlgorithm(algorithm, key))
            {
                return(true);
            }

            return(SupportedAlgorithms.IsSupportedAlgorithm(algorithm, key));
        }
Exemple #3
0
        /// <summary>
        /// Answers if an algorithm is supported
        /// </summary>
        /// <param name="algorithm">the name of the cryptographic algorithm</param>
        /// <returns></returns>
        public virtual bool IsSupportedAlgorithm(string algorithm)
        {
            if (CustomCryptoProvider != null && CustomCryptoProvider.IsSupportedAlgorithm(algorithm))
            {
                return(true);
            }

            return(SupportedAlgorithms.IsSupportedHashAlgorithm(algorithm));
        }
Exemple #4
0
        private KeyWrapProvider CreateKeyWrapProvider(SecurityKey key, string algorithm, bool willUnwrap)
        {
            if (key == null)
            {
                throw LogHelper.LogArgumentNullException(nameof(key));
            }

            if (string.IsNullOrEmpty(algorithm))
            {
                throw LogHelper.LogArgumentNullException(nameof(algorithm));
            }

            if (CustomCryptoProvider != null && CustomCryptoProvider.IsSupportedAlgorithm(algorithm, key, willUnwrap))
            {
                if (!(CustomCryptoProvider.Create(algorithm, key, willUnwrap) is KeyWrapProvider keyWrapProvider))
                {
                    throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(LogMessages.IDX10646, algorithm, key, typeof(SignatureProvider))));
                }

                return(keyWrapProvider);
            }

            if (key is RsaSecurityKey rsaKey && SupportedAlgorithms.IsSupportedRsaAlgorithm(algorithm))
            {
                return(new RsaKeyWrapProvider(key, algorithm, willUnwrap));
            }

            if (key is X509SecurityKey x509Key && SupportedAlgorithms.IsSupportedRsaAlgorithm(algorithm))
            {
                return(new RsaKeyWrapProvider(x509Key, algorithm, willUnwrap));
            }

            if (key is JsonWebKey jsonWebKey)
            {
                if (jsonWebKey.Kty == JsonWebAlgorithmsKeyTypes.RSA && SupportedAlgorithms.IsSupportedRsaAlgorithm(algorithm))
                {
                    return(new RsaKeyWrapProvider(jsonWebKey, algorithm, willUnwrap));
                }
                else if (jsonWebKey.Kty == JsonWebAlgorithmsKeyTypes.Octet && SupportedAlgorithms.IsSupportedSymmetricAlgorithm(algorithm))
                {
                    return(new SymmetricKeyWrapProvider(jsonWebKey, algorithm));
                }
            }

            if (key is SymmetricSecurityKey symmetricKey && SupportedAlgorithms.IsSupportedSymmetricAlgorithm(algorithm))
            {
                return(new SymmetricKeyWrapProvider(symmetricKey, algorithm));
            }

            throw LogHelper.LogExceptionMessage(new NotSupportedException(LogHelper.FormatInvariant(LogMessages.IDX10661, algorithm, key)));
        }
Exemple #5
0
        /// <summary>
        /// Checks if an algorithm is supported.
        /// </summary>
        /// <param name="key">The <see cref="SecurityKey"/> that will be used for crypto operations.</param>
        /// <param name="algorithm">The KeyWrap algorithm to apply.</param>
        /// <returns>true if the algorithm is supported; otherwise, false.</returns>
        protected virtual bool IsSupportedAlgorithm(SecurityKey key, string algorithm)
        {
            if (key == null)
            {
                return(false);
            }

            if (string.IsNullOrEmpty(algorithm))
            {
                return(false);
            }

            if (key.KeySize < 2048)
            {
                return(false);
            }

            return(SupportedAlgorithms.IsSupportedKeyWrapAlgorithm(algorithm, key));
        }
        /// <summary>
        /// Initializes a new instance of the <see cref="AuthenticatedEncryptionProvider"/> class used for encryption and decryption.
        /// </summary>
        /// <param name="key">The <see cref="SecurityKey"/> that will be used for crypto operations.</param>
        /// <param name="algorithm">The encryption algorithm to apply.</param>
        /// <exception cref="ArgumentNullException">'key' is null.</exception>
        /// <exception cref="ArgumentNullException">'algorithm' is null or whitespace.</exception>
        /// <exception cref="ArgumentOutOfRangeException">key size is not large enough.</exception>
        /// <exception cref="ArgumentException">'algorithm' is not supported.</exception>
        /// <exception cref="ArgumentException">a symmetricSignatureProvider is not created.</exception>
        public AuthenticatedEncryptionProvider(SecurityKey key, string algorithm)
        {
            if (key == null)
            {
                throw LogHelper.LogArgumentNullException(nameof(key));
            }

            if (string.IsNullOrWhiteSpace(algorithm))
            {
                throw LogHelper.LogArgumentNullException(nameof(algorithm));
            }

            Key       = key;
            Algorithm = algorithm;
            _cryptoProviderFactory = key.CryptoProviderFactory;
            if (SupportedAlgorithms.IsSupportedEncryptionAlgorithm(algorithm, key))
            {
                if (SupportedAlgorithms.IsAesGcm(algorithm))
                {
#if NETSTANDARD2_0
                    if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
                    {
                        throw LogHelper.LogExceptionMessage(new PlatformNotSupportedException(LogHelper.FormatInvariant(LogMessages.IDX10713, LogHelper.MarkAsNonPII(algorithm))));
                    }
#endif
                    InitializeUsingAesGcm();
                }
                else
                {
                    InitializeUsingAesCbc();
                }
            }
            else
            {
                throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX10668, LogHelper.MarkAsNonPII(_className), LogHelper.MarkAsNonPII(algorithm), key)));
            }
        }
Exemple #7
0
 /// <summary>
 /// Checks if an algorithm is supported.
 /// </summary>
 /// <param name="key">The <see cref="SecurityKey"/> that will be used for crypto operations.</param>
 /// <param name="algorithm">The KeyWrap algorithm to apply.</param>
 /// <returns>true if the algorithm is supported; otherwise, false.</returns>
 protected virtual bool IsSupportedAlgorithm(SecurityKey key, string algorithm)
 {
     return(SupportedAlgorithms.IsSupportedRsaKeyWrap(algorithm, key));
 }
 /// <summary>
 /// Checks if an 'key, algorithm' pair is supported
 /// </summary>
 /// <param name="key">the <see cref="SecurityKey"/></param>
 /// <param name="algorithm">the algorithm to check.</param>
 /// <returns>true if 'key, algorithm' pair is supported.</returns>
 protected virtual bool IsSupportedAlgorithm(SecurityKey key, string algorithm)
 {
     return(SupportedAlgorithms.IsSupportedAuthenticatedEncryptionAlgorithm(algorithm, key));
 }