/// <summary> /// Initializes a new instance of the <see cref="AsymmetricSignatureProvider"/> class used to create and verify signatures. /// </summary> /// <param name="key">The <see cref="SecurityKey"/> that will be used for signature operations.</param> /// <param name="algorithm">The signature algorithm to apply.</param> /// <param name="willCreateSignatures">If this <see cref="AsymmetricSignatureProvider"/> is required to create signatures then set this to true.</param> /// <para> /// Creating signatures requires that the <see cref="SecurityKey"/> has access to a private key. /// Verifying signatures (the default), does not require access to the private key. /// </para> /// <exception cref="ArgumentNullException"><paramref name="key"/>is null.</exception> /// <exception cref="ArgumentNullException"><paramref name="algorithm"/>is null or empty.</exception> /// <exception cref="InvalidOperationException"><paramref name="willCreateSignatures"/>is true and there is no private key.</exception> /// <exception cref="NotSupportedException">If <see cref="SecurityKey"/> and algorithm pair are not supported.</exception> /// <exception cref="ArgumentOutOfRangeException"> /// willCreateSignatures is true and <see cref="SecurityKey"/>.KeySize is less than the size corresponding to the given algorithm in <see cref="AsymmetricSignatureProvider.MinimumAsymmetricKeySizeInBitsForSigningMap"/>. /// </exception> /// <exception cref="ArgumentOutOfRangeException"> /// <see cref="SecurityKey"/>.KeySize is less than the size corresponding to the algorithm in <see cref="AsymmetricSignatureProvider.MinimumAsymmetricKeySizeInBitsForVerifyingMap"/>. Note: this is always checked. /// </exception> /// <exception cref="InvalidOperationException">If the runtime is unable to create a suitable cryptographic provider.</exception> public AsymmetricSignatureProvider(SecurityKey key, string algorithm, bool willCreateSignatures) : base(key, algorithm) { _cryptoProviderFactory = key.CryptoProviderFactory; _minimumAsymmetricKeySizeInBitsForSigningMap = new Dictionary <string, int>(DefaultMinimumAsymmetricKeySizeInBitsForSigningMap); _minimumAsymmetricKeySizeInBitsForVerifyingMap = new Dictionary <string, int>(DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap); var jsonWebKey = key as JsonWebKey; if (jsonWebKey != null) { JsonWebKeyConverter.TryConvertToSecurityKey(jsonWebKey, out SecurityKey _); } if (willCreateSignatures && FoundPrivateKey(key) == PrivateKeyStatus.DoesNotExist) { throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(LogMessages.IDX10638, key))); } if (!_cryptoProviderFactory.IsSupportedAlgorithm(algorithm, key)) { throw LogHelper.LogExceptionMessage(new NotSupportedException(LogHelper.FormatInvariant(LogMessages.IDX10634, (algorithm ?? "null"), key))); } WillCreateSignatures = willCreateSignatures; _keySizeIsValid = new Lazy <bool>(ValidKeySize); _asymmetricAdapterObjectPool = new DisposableObjectPool <AsymmetricAdapter>(CreateAsymmetricAdapter, _cryptoProviderFactory.SignatureProviderObjectPoolCacheSize); }
/// <summary> /// Constructor that creates a deep copy of given <see cref="CryptoProviderFactory"/> object. /// </summary> /// <param name="other"><see cref="CryptoProviderFactory"/> to copy from.</param> public CryptoProviderFactory(CryptoProviderFactory other) { if (other == null) { throw LogHelper.LogArgumentNullException(nameof(other)); } CustomCryptoProvider = other.CustomCryptoProvider; }
public static void ReleaseSymmetricAlgorithm(this CryptoProviderFactory _, SymmetricAlgorithm symmetricAlgorithm) { if (symmetricAlgorithm == null) { throw LogHelper.LogArgumentNullException(nameof(symmetricAlgorithm)); } symmetricAlgorithm.Dispose(); }
public static SymmetricAlgorithm CreateSymmetricAlgorithm(this CryptoProviderFactory crypto, string algorithm) { if (crypto.CustomCryptoProvider != null && crypto.CustomCryptoProvider.IsSupportedAlgorithm(algorithm)) { if (!(crypto?.CustomCryptoProvider.Create(algorithm) is SymmetricAlgorithm symmetric)) { throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(IDX10647, algorithm, typeof(SymmetricAlgorithm)))); } return(symmetric); } throw LogHelper.LogExceptionMessage(new NotSupportedException(LogHelper.FormatInvariant(IDX10640, algorithm))); }
public static SymmetricAlgorithm CreateSymmetricAlgorithm(this CryptoProviderFactory crypto, SecurityKey securityKey, string algorithm) { if (securityKey == null) { throw LogHelper.LogArgumentNullException(nameof(securityKey)); } if (!(securityKey is SymmetricSecurityKey symmetricKey)) { throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(InvalidSecurityKey, securityKey.GetType().Name))); } var symmetric = crypto.CreateSymmetricAlgorithm(algorithm); symmetric.Key = symmetricKey.Key; return(symmetric); }
/// <summary> /// Initializes a new instance of the <see cref="AuthenticatedEncryptionProvider"/> class used for encryption and decryption. /// </summary> /// <param name="key">The <see cref="SecurityKey"/> that will be used for crypto operations.</param> /// <param name="algorithm">The encryption algorithm to apply.</param> /// <exception cref="ArgumentNullException">'key' is null.</exception> /// <exception cref="ArgumentNullException">'algorithm' is null or whitespace.</exception> /// <exception cref="ArgumentOutOfRangeException">key size is not large enough.</exception> /// <exception cref="ArgumentException">'algorithm' is not supported.</exception> /// <exception cref="ArgumentException">a symmetricSignatureProvider is not created.</exception> public AuthenticatedEncryptionProvider(SecurityKey key, string algorithm) { if (key == null) { throw LogHelper.LogArgumentNullException(nameof(key)); } if (string.IsNullOrWhiteSpace(algorithm)) { throw LogHelper.LogArgumentNullException(nameof(algorithm)); } _authenticatedkeys = new Lazy <AuthenticatedKeys>(CreateAuthenticatedKeys); _hmacAlgorithm = GetHmacAlgorithm(algorithm); Key = key; Algorithm = algorithm; _cryptoProviderFactory = key.CryptoProviderFactory; _symmetricSignatureProvider = new Lazy <SymmetricSignatureProvider>(CreateSymmetricSignatureProvider); }
/// <summary> /// Initializes a new instance of the <see cref="AsymmetricSignatureProvider"/> class used to create and verify signatures. /// </summary> /// <param name="key">The <see cref="SecurityKey"/> that will be used for signature operations.</param> /// <param name="algorithm">The signature algorithm to apply.</param> /// <param name="willCreateSignatures">If this <see cref="AsymmetricSignatureProvider"/> is required to create signatures then set this to true.</param> /// <para> /// Creating signatures requires that the <see cref="SecurityKey"/> has access to a private key. /// Verifying signatures (the default), does not require access to the private key. /// </para> /// <exception cref="ArgumentNullException"><paramref name="key"/>is null.</exception> /// <exception cref="ArgumentNullException"><paramref name="algorithm"/>is null or empty.</exception> /// <exception cref="InvalidOperationException"><paramref name="willCreateSignatures"/>is true and there is no private key.</exception> /// <exception cref="NotSupportedException">If <see cref="SecurityKey"/> and algorithm pair are not supported.</exception> /// <exception cref="ArgumentOutOfRangeException"> /// willCreateSignatures is true and <see cref="SecurityKey"/>.KeySize is less than the size corresponding to the given algorithm in <see cref="AsymmetricSignatureProvider.MinimumAsymmetricKeySizeInBitsForSigningMap"/>. /// </exception> /// <exception cref="ArgumentOutOfRangeException"> /// <see cref="SecurityKey"/>.KeySize is less than the size corresponding to the algorithm in <see cref="AsymmetricSignatureProvider.MinimumAsymmetricKeySizeInBitsForVerifyingMap"/>. Note: this is always checked. /// </exception> /// <exception cref="InvalidOperationException">If the runtime is unable to create a suitable cryptographic provider.</exception> public AsymmetricSignatureProvider(SecurityKey key, string algorithm, bool willCreateSignatures) : base(key, algorithm) { _cryptoProviderFactory = key.CryptoProviderFactory; _minimumAsymmetricKeySizeInBitsForSigningMap = new Dictionary <string, int>(DefaultMinimumAsymmetricKeySizeInBitsForSigningMap); _minimumAsymmetricKeySizeInBitsForVerifyingMap = new Dictionary <string, int>(DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap); if (willCreateSignatures && FoundPrivateKey(key) == PrivateKeyStatus.DoesNotExist) { throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(LogMessages.IDX10638, key))); } if (!_cryptoProviderFactory.IsSupportedAlgorithm(algorithm, key)) { throw LogHelper.LogExceptionMessage(new NotSupportedException(LogHelper.FormatInvariant(LogMessages.IDX10634, (algorithm ?? "null"), key))); } ValidateAsymmetricSecurityKeySize(key, algorithm, willCreateSignatures); _asymmetricAdapter = ResolveAsymmetricAdapter(key, algorithm, willCreateSignatures); WillCreateSignatures = willCreateSignatures; }
/// <summary> /// Initializes a new instance of the <see cref="AuthenticatedEncryptionProvider"/> class used for encryption and decryption. /// </summary> /// <param name="key">The <see cref="SecurityKey"/> that will be used for crypto operations.</param> /// <param name="algorithm">The encryption algorithm to apply.</param> /// <exception cref="ArgumentNullException">'key' is null.</exception> /// <exception cref="ArgumentNullException">'algorithm' is null or whitespace.</exception> /// <exception cref="ArgumentOutOfRangeException">key size is not large enough.</exception> /// <exception cref="ArgumentException">'algorithm' is not supported.</exception> /// <exception cref="ArgumentException">a symmetricSignatureProvider is not created.</exception> public AuthenticatedEncryptionProvider(SecurityKey key, string algorithm) { if (key == null) { throw LogHelper.LogArgumentNullException(nameof(key)); } if (string.IsNullOrWhiteSpace(algorithm)) { throw LogHelper.LogArgumentNullException(nameof(algorithm)); } Key = key; Algorithm = algorithm; _cryptoProviderFactory = key.CryptoProviderFactory; if (SupportedAlgorithms.IsSupportedEncryptionAlgorithm(algorithm, key)) { if (SupportedAlgorithms.IsAesGcm(algorithm)) { #if NETSTANDARD2_0 if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { throw LogHelper.LogExceptionMessage(new PlatformNotSupportedException(LogHelper.FormatInvariant(LogMessages.IDX10713, LogHelper.MarkAsNonPII(algorithm)))); } #endif InitializeUsingAesGcm(); } else { InitializeUsingAesCbc(); } } else { throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX10668, LogHelper.MarkAsNonPII(_className), LogHelper.MarkAsNonPII(algorithm), key))); } }
/// <summary> /// Static constructor that initializes the default <see cref="CryptoProviderFactory"/>. /// </summary> static CryptoProviderFactory() { Default = new CryptoProviderFactory(); }
internal AsymmetricSignatureProvider(SecurityKey key, string algorithm, CryptoProviderFactory cryptoProviderFactory) : this(key, algorithm) { _cryptoProviderFactory = cryptoProviderFactory; }
internal AsymmetricSignatureProvider(SecurityKey key, string algorithm, bool willCreateSignatures, CryptoProviderFactory cryptoProviderFactory) : this(key, algorithm, willCreateSignatures) { _cryptoProviderFactory = cryptoProviderFactory; }
/// <summary> /// Default constructor /// </summary> public SecurityKey() { _cryptoProviderFactory = CryptoProviderFactory.Default; SetInternalId(); }
internal SecurityKey(SecurityKey key) { _cryptoProviderFactory = key._cryptoProviderFactory; KeyId = key.KeyId; SetInternalId(); }