/// <summary>
/// Creates an instance of <see cref="AuthenticatedEncryptionProvider"/> for a specific <SecurityKey, Algorithm>.
/// </summary>
/// <param name="key">the <see cref="SecurityKey"/> to use.</param>
/// <param name="algorithm">the algorithm to use.</param>
/// <returns>an instance of <see cref="AuthenticatedEncryptionProvider"/></returns>
/// <exception cref="ArgumentNullException">'key' is null.</exception>
/// <exception cref="ArgumentNullException">'algorithm' is null or empty.</exception>
/// <exception cref="ArgumentException">'key' is not a <see cref="SymmetricSecurityKey"/>.</exception>
/// <exception cref="ArgumentException">'algorithm, key' pair is not supported.</exception>
public virtual AuthenticatedEncryptionProvider CreateAuthenticatedEncryptionProvider(SecurityKey key, string algorithm)
{
if (key == null)
{
throw LogHelper.LogArgumentNullException(nameof(key));
}
if (string.IsNullOrEmpty(algorithm))
{
throw LogHelper.LogArgumentNullException(nameof(algorithm));
}
if (CustomCryptoProvider != null && CustomCryptoProvider.IsSupportedAlgorithm(algorithm, key))
{
var cryptoProvider = CustomCryptoProvider.Create(algorithm, key) as AuthenticatedEncryptionProvider;
if (cryptoProvider == null)
{
throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(LogMessages.IDX10646, algorithm, key, typeof(AuthenticatedEncryptionProvider))));
}
return(cryptoProvider);
}
if (SupportedAlgorithms.IsSupportedAuthenticatedEncryptionAlgorithm(algorithm, key))
{
return(new AuthenticatedEncryptionProvider(key, algorithm));
}
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX10652, algorithm), nameof(algorithm)));
}
/// <summary>
/// Checks if an 'algorithm, key' pair is supported.
/// </summary>
/// <param name="algorithm">the algorithm to check.</param>
/// <param name="key">the <see cref="SecurityKey"/>.</param>
/// <returns>true if 'algorithm, key' pair is supported.</returns>
public virtual bool IsSupportedAlgorithm(string algorithm, SecurityKey key)
{
if (CustomCryptoProvider != null && CustomCryptoProvider.IsSupportedAlgorithm(algorithm, key))
{
return(true);
}
return(SupportedAlgorithms.IsSupportedAlgorithm(algorithm, key));
}
/// <summary>
/// Answers if an algorithm is supported
/// </summary>
/// <param name="algorithm">the name of the cryptographic algorithm</param>
/// <returns></returns>
public virtual bool IsSupportedAlgorithm(string algorithm)
{
if (CustomCryptoProvider != null && CustomCryptoProvider.IsSupportedAlgorithm(algorithm))
{
return(true);
}
return(SupportedAlgorithms.IsSupportedHashAlgorithm(algorithm));
}
private KeyWrapProvider CreateKeyWrapProvider(SecurityKey key, string algorithm, bool willUnwrap)
{
if (key == null)
{
throw LogHelper.LogArgumentNullException(nameof(key));
}
if (string.IsNullOrEmpty(algorithm))
{
throw LogHelper.LogArgumentNullException(nameof(algorithm));
}
if (CustomCryptoProvider != null && CustomCryptoProvider.IsSupportedAlgorithm(algorithm, key, willUnwrap))
{
if (!(CustomCryptoProvider.Create(algorithm, key, willUnwrap) is KeyWrapProvider keyWrapProvider))
{
throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(LogMessages.IDX10646, algorithm, key, typeof(SignatureProvider))));
}
return(keyWrapProvider);
}
if (key is RsaSecurityKey rsaKey && SupportedAlgorithms.IsSupportedRsaAlgorithm(algorithm))
{
return(new RsaKeyWrapProvider(key, algorithm, willUnwrap));
}
if (key is X509SecurityKey x509Key && SupportedAlgorithms.IsSupportedRsaAlgorithm(algorithm))
{
return(new RsaKeyWrapProvider(x509Key, algorithm, willUnwrap));
}
if (key is JsonWebKey jsonWebKey)
{
if (jsonWebKey.Kty == JsonWebAlgorithmsKeyTypes.RSA && SupportedAlgorithms.IsSupportedRsaAlgorithm(algorithm))
{
return(new RsaKeyWrapProvider(jsonWebKey, algorithm, willUnwrap));
}
else if (jsonWebKey.Kty == JsonWebAlgorithmsKeyTypes.Octet && SupportedAlgorithms.IsSupportedSymmetricAlgorithm(algorithm))
{
return(new SymmetricKeyWrapProvider(jsonWebKey, algorithm));
}
}
if (key is SymmetricSecurityKey symmetricKey && SupportedAlgorithms.IsSupportedSymmetricAlgorithm(algorithm))
{
return(new SymmetricKeyWrapProvider(symmetricKey, algorithm));
}
throw LogHelper.LogExceptionMessage(new NotSupportedException(LogHelper.FormatInvariant(LogMessages.IDX10661, algorithm, key)));
}
/// <summary>
/// Checks if an algorithm is supported.
/// </summary>
/// <param name="key">The <see cref="SecurityKey"/> that will be used for crypto operations.</param>
/// <param name="algorithm">The KeyWrap algorithm to apply.</param>
/// <returns>true if the algorithm is supported; otherwise, false.</returns>
protected virtual bool IsSupportedAlgorithm(SecurityKey key, string algorithm)
{
if (key == null)
{
return(false);
}
if (string.IsNullOrEmpty(algorithm))
{
return(false);
}
if (key.KeySize < 2048)
{
return(false);
}
return(SupportedAlgorithms.IsSupportedKeyWrapAlgorithm(algorithm, key));
}
/// <summary>
/// Initializes a new instance of the <see cref="AuthenticatedEncryptionProvider"/> class used for encryption and decryption.
/// </summary>
/// <param name="key">The <see cref="SecurityKey"/> that will be used for crypto operations.</param>
/// <param name="algorithm">The encryption algorithm to apply.</param>
/// <exception cref="ArgumentNullException">'key' is null.</exception>
/// <exception cref="ArgumentNullException">'algorithm' is null or whitespace.</exception>
/// <exception cref="ArgumentOutOfRangeException">key size is not large enough.</exception>
/// <exception cref="ArgumentException">'algorithm' is not supported.</exception>
/// <exception cref="ArgumentException">a symmetricSignatureProvider is not created.</exception>
public AuthenticatedEncryptionProvider(SecurityKey key, string algorithm)
{
if (key == null)
{
throw LogHelper.LogArgumentNullException(nameof(key));
}
if (string.IsNullOrWhiteSpace(algorithm))
{
throw LogHelper.LogArgumentNullException(nameof(algorithm));
}
Key = key;
Algorithm = algorithm;
_cryptoProviderFactory = key.CryptoProviderFactory;
if (SupportedAlgorithms.IsSupportedEncryptionAlgorithm(algorithm, key))
{
if (SupportedAlgorithms.IsAesGcm(algorithm))
{
#if NETSTANDARD2_0
if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
throw LogHelper.LogExceptionMessage(new PlatformNotSupportedException(LogHelper.FormatInvariant(LogMessages.IDX10713, LogHelper.MarkAsNonPII(algorithm))));
}
#endif
InitializeUsingAesGcm();
}
else
{
InitializeUsingAesCbc();
}
}
else
{
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX10668, LogHelper.MarkAsNonPII(_className), LogHelper.MarkAsNonPII(algorithm), key)));
}
}
/// <summary>
/// Checks if an algorithm is supported.
/// </summary>
/// <param name="key">The <see cref="SecurityKey"/> that will be used for crypto operations.</param>
/// <param name="algorithm">The KeyWrap algorithm to apply.</param>
/// <returns>true if the algorithm is supported; otherwise, false.</returns>
protected virtual bool IsSupportedAlgorithm(SecurityKey key, string algorithm)
{
return(SupportedAlgorithms.IsSupportedRsaKeyWrap(algorithm, key));
}
/// <summary>
/// Checks if an 'key, algorithm' pair is supported
/// </summary>
/// <param name="key">the <see cref="SecurityKey"/></param>
/// <param name="algorithm">the algorithm to check.</param>
/// <returns>true if 'key, algorithm' pair is supported.</returns>
protected virtual bool IsSupportedAlgorithm(SecurityKey key, string algorithm)
{
return(SupportedAlgorithms.IsSupportedAuthenticatedEncryptionAlgorithm(algorithm, key));
}
