internal virtual EncryptionAlgorithm GetEncryptionAlgorithm(byte[] rawDek, CosmosEncryptionAlgorithm encryptionAlgorithmId) { Debug.Assert(encryptionAlgorithmId == CosmosEncryptionAlgorithm.AE_AES_256_CBC_HMAC_SHA_256_RANDOMIZED, "Unexpected encryption algorithm id"); AeadAes256CbcHmac256EncryptionKey key = new AeadAes256CbcHmac256EncryptionKey(rawDek, AeadAes256CbcHmac256Algorithm.AlgorithmNameConstant); return(new AeadAes256CbcHmac256Algorithm(key, EncryptionType.Randomized, algorithmVersion: 1)); }
/// <summary> /// Initializes a new instance of AeadAes256CbcHmac256Algorithm algorithm with a given key and encryption type /// </summary> /// <param name="encryptionKey"> /// Root encryption key from which three other keys will be derived /// </param> /// <param name="encryptionType">Encryption Type, accepted values are Deterministic and Randomized. /// For Deterministic encryption, a synthetic IV will be genenrated during encryption /// For Randomized encryption, a random IV will be generated during encryption. /// </param> /// <param name="algorithmVersion"> /// Algorithm version /// </param> internal AeadAes256CbcHmac256Algorithm(AeadAes256CbcHmac256EncryptionKey encryptionKey, EncryptionType encryptionType, byte algorithmVersion) { this.dataEncryptionKey = encryptionKey; this.algorithmVersion = algorithmVersion; version[0] = algorithmVersion; Debug.Assert(encryptionKey != null, "Null encryption key detected in AeadAes256CbcHmac256 algorithm"); Debug.Assert(algorithmVersion == 0x01, "Unknown algorithm version passed to AeadAes256CbcHmac256"); // Validate encryption type for this algorithm // This algorithm can only provide randomized or deterministic encryption types. // Right now, we support only randomized encryption for Cosmos DB client side encryption. Debug.Assert(encryptionType == EncryptionType.Randomized, "Invalid Encryption Type detected in AeadAes256CbcHmac256Algorithm"); this.isDeterministic = false; this.cryptoProviderPool = new ConcurrentQueue <AesCryptoServiceProvider>(); }