/// <summary> /// Initializes a new instance of the <see cref="AuthenticatedEncryptionProvider"/> class used for encryption and decryption. /// <param name="key">The <see cref="SecurityKey"/> that will be used for crypto operations.</param> /// <param name="algorithm">The encryption algorithm to apply.</param> /// <exception cref="ArgumentNullException">'key' is null.</exception> /// <exception cref="ArgumentNullException">'algorithm' is null or whitespace.</exception> /// <exception cref="ArgumentOutOfRangeException">key size is not large enough.</exception> /// <exception cref="ArgumentException">'algorithm' is not supported.</exception> /// <exception cref="ArgumentException">a symmetricSignatureProvider is not created.</exception> /// </summary> public AuthenticatedEncryptionProvider(SecurityKey key, string algorithm) { if (key == null) { throw LogHelper.LogArgumentNullException(nameof(key)); } if (string.IsNullOrWhiteSpace(algorithm)) { throw LogHelper.LogArgumentNullException(nameof(algorithm)); } if (!IsSupportedAlgorithm(key, algorithm)) { throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX10668, GetType(), algorithm, key))); } ValidateKeySize(key, algorithm); _authenticatedkeys = GetAlgorithmParameters(key, algorithm); _hmacAlgorithm = GetHmacAlgorithm(algorithm); _symmetricSignatureProvider = key.CryptoProviderFactory.CreateForSigning(_authenticatedkeys.HmacKey, _hmacAlgorithm) as SymmetricSignatureProvider; if (_symmetricSignatureProvider == null) { throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX10649, Algorithm))); } Key = key; Algorithm = algorithm; }
/// <summary> /// Initializes a new instance of the <see cref="AuthenticatedEncryptionProvider"/> class used for encryption and decryption. /// <param name="key">The <see cref="SecurityKey"/> that will be used for crypto operations.</param> /// <param name="algorithm">The encryption algorithm to apply.</param> /// <exception cref="ArgumentNullException">'key' is null.</exception> /// <exception cref="ArgumentNullException">'algorithm' is null or whitespace.</exception> /// <exception cref="ArgumentOutOfRangeException">key size is not large enough.</exception> /// <exception cref="ArgumentException">'algorithm' is not supported.</exception> /// <exception cref="ArgumentException">a symmetricSignatureProvider is not created.</exception> /// </summary> public AuthenticatedEncryptionProvider(SecurityKey key, string algorithm) { if (key == null) { throw LogHelper.LogArgumentNullException(nameof(key)); } if (string.IsNullOrWhiteSpace(algorithm)) { throw LogHelper.LogArgumentNullException(nameof(algorithm)); } if (!IsSupportedAlgorithm(key, algorithm)) { throw LogHelper.LogExceptionMessage(new ArgumentException(String.Format(CultureInfo.InvariantCulture, LogMessages.IDX10668, GetType(), algorithm, key))); } ValidateKeySize(key, algorithm); _authenticatedkeys = GetAlgorithmParameters(key, algorithm); _hashAlgorithm = GetHashAlgorithm(algorithm); // TODO - should we defer and use CreateForSigning for encrypt, CreateForVerifying for decrypt? _symmetricSignatureProvider = key.CryptoProviderFactory.CreateForSigning(_authenticatedkeys.HmacKey, _hashAlgorithm) as SymmetricSignatureProvider; if (_symmetricSignatureProvider == null) { throw LogHelper.LogExceptionMessage(new ArgumentException(string.Format(CultureInfo.InvariantCulture, LogMessages.IDX10649, Algorithm))); } Key = key; Algorithm = algorithm; }
private SignatureProvider CreateSignatureProvider(SecurityKey key, string algorithm, bool willCreateSignatures) { if (key == null) { throw LogHelper.LogArgumentNullException(nameof(key)); } if (string.IsNullOrEmpty(algorithm)) { throw LogHelper.LogArgumentNullException(nameof(algorithm)); } SignatureProvider signatureProvider = null; if (CustomCryptoProvider != null && CustomCryptoProvider.IsSupportedAlgorithm(algorithm, key, willCreateSignatures)) { signatureProvider = CustomCryptoProvider.Create(algorithm, key, willCreateSignatures) as SignatureProvider; if (signatureProvider == null) { throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(LogMessages.IDX10646, algorithm, key, typeof(SignatureProvider)))); } return(signatureProvider); } // types are checked in order of expected occurrence string typeofSignatureProvider = null; bool createAsymmetric = true; if (key is AsymmetricSecurityKey asymmetricSecurityKey) { typeofSignatureProvider = typeof(AsymmetricSignatureProvider).ToString(); } else if (key is JsonWebKey jsonWebKey) { if (jsonWebKey.Kty != null) { if (jsonWebKey.Kty == JsonWebAlgorithmsKeyTypes.RSA || jsonWebKey.Kty == JsonWebAlgorithmsKeyTypes.EllipticCurve) { typeofSignatureProvider = typeof(AsymmetricSignatureProvider).ToString(); } if (jsonWebKey.Kty == JsonWebAlgorithmsKeyTypes.Octet) { typeofSignatureProvider = typeof(SymmetricSignatureProvider).ToString(); createAsymmetric = false; } } } else if (key is SymmetricSecurityKey symmetricSecurityKey) { typeofSignatureProvider = typeof(SymmetricSignatureProvider).ToString(); createAsymmetric = false; } if (typeofSignatureProvider == null) { throw LogHelper.LogExceptionMessage(new NotSupportedException(LogHelper.FormatInvariant(LogMessages.IDX10621, typeof(SymmetricSignatureProvider), typeof(SecurityKey), typeof(AsymmetricSecurityKey), typeof(SymmetricSecurityKey), key.GetType()))); } if (!IsSupportedAlgorithm(algorithm, key)) { throw LogHelper.LogExceptionMessage(new NotSupportedException(LogHelper.FormatInvariant(LogMessages.IDX10634, algorithm, key))); } if (CacheSignatureProviders) { if (CryptoProviderCache.TryGetSignatureProvider(key, algorithm, typeofSignatureProvider, willCreateSignatures, out signatureProvider)) { return(signatureProvider); } lock (_cacheLock) { if (CryptoProviderCache.TryGetSignatureProvider(key, algorithm, typeofSignatureProvider, willCreateSignatures, out signatureProvider)) { return(signatureProvider); } if (createAsymmetric) { signatureProvider = new AsymmetricSignatureProvider(key, algorithm, willCreateSignatures, this); } else { signatureProvider = new SymmetricSignatureProvider(key, algorithm, willCreateSignatures); } CryptoProviderCache.TryAdd(signatureProvider); } } else if (createAsymmetric) { signatureProvider = new AsymmetricSignatureProvider(key, algorithm, willCreateSignatures); } else { signatureProvider = new SymmetricSignatureProvider(key, algorithm, willCreateSignatures); } return(signatureProvider); }