/// <summary> /// This function uses the asymmetric key specified by the key path /// and encrypts CEK with RSA encryption algorithm. /// Key format is (version + keyPathLength + ciphertextLength + ciphertext + keyPath + signature) /// </summary> /// <param name="masterKeyPath">Complete path of an asymmetric key in AKV</param> /// <param name="encryptionAlgorithm">Asymmetric Key Encryption Algorithm</param> /// <param name="columnEncryptionKey">Plain text column encryption key</param> /// <returns>Encrypted column encryption key</returns> public byte[] EncryptColumnEncryptionKey(string masterKeyPath, string encryptionAlgorithm, byte[] columnEncryptionKey) { ValidateNotNullOrWhitespace(masterKeyPath, nameof(masterKeyPath)); ValidateMasterKeyPathFormat(masterKeyPath); ValidateMasterKeyIsTrusted(masterKeyPath, TrustedEndPoints); ValidateNotNullOrWhitespace(encryptionAlgorithm, nameof(encryptionAlgorithm)); ValidateEncryptionAlgorithmIsRsaOaep(encryptionAlgorithm); ValidateNotNull(columnEncryptionKey, nameof(columnEncryptionKey)); ValidateNotEmpty(columnEncryptionKey, nameof(columnEncryptionKey)); KeyCryptographer.AddKey(masterKeyPath); KeyWrapAlgorithm keyWrapAlgorithm = KeyWrapAlgorithm.RsaOaep; byte[] versionByte = new byte[] { version }; byte[] masterKeyPathBytes = Encoding.Unicode.GetBytes(masterKeyPath.ToLowerInvariant()); byte[] keyPathLength = BitConverter.GetBytes((short)masterKeyPathBytes.Length); byte[] cipherText = KeyCryptographer.WrapKey(keyWrapAlgorithm, columnEncryptionKey, masterKeyPath); byte[] cipherTextLength = BitConverter.GetBytes((short)cipherText.Length); byte[] message = versionByte.Concat(keyPathLength).Concat(cipherTextLength).Concat(masterKeyPathBytes).Concat(cipherText).ToArray(); byte[] signature = KeyCryptographer.SignData(message, masterKeyPath); return(message.Concat(signature).ToArray()); }
public void WrapKey_BadMultiplePT1() { byte[] pt = new byte[23]; KeyWrapAlgorithm.WrapKey(ValidKEK, pt); }
private PSKeyOperationResult UnwrapKey(CryptographyClient cryptographyClient, KeyWrapAlgorithm keyWrapAlgorithm, byte[] wrapKey) { return(new PSKeyOperationResult(cryptographyClient.UnwrapKey(keyWrapAlgorithm, wrapKey))); }
public UnwrapResult UnwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CancellationToken cancellationToken = default) => throw new CryptographicException(CRYPT_E_NO_PROVIDER);
internal byte[] UnwrapKey(KeyWrapAlgorithm keyWrapAlgorithm, byte[] encryptedKey, string keyIdentifierUri) { CryptographyClient cryptographyClient = GetCryptographyClient(keyIdentifierUri); return(cryptographyClient.UnwrapKey(keyWrapAlgorithm, encryptedKey).Key); }
/// <summary> /// Initializes a new instance of the <see cref="Cryptography.UnwrapResult"/> for mocking purposes. /// </summary> /// <param name="keyId">Sets the <see cref="UnwrapResult.KeyId"/> property.</param> /// <param name="key">Sets the <see cref="UnwrapResult.Key"/> property.</param> /// <param name="algorithm">Sets the <see cref="UnwrapResult.Algorithm"/> property.</param> /// <returns>A new instance of the <see cref="Cryptography.UnwrapResult"/> for mocking purposes.</returns> public static UnwrapResult UnwrapResult(string keyId = default, byte[] key = default, KeyWrapAlgorithm algorithm = default) => new UnwrapResult { KeyId = keyId, Key = key, Algorithm = algorithm, };
public void KeyUnwrap_InvalidKekLength_ThrowsArgumentOutOfRangeException(int kekLength) { Assert.ThrowsException <ArgumentOutOfRangeException>( () => _ = KeyWrapAlgorithm.UnwrapKey(new byte[kekLength], new byte[16])); }
public void WrapKey_ShortKEK2() { byte[] kek = new byte[15]; KeyWrapAlgorithm.WrapKey(kek, new byte[16]); }
public void KeyUnwrap_NullKEK() { KeyWrapAlgorithm.UnwrapKey(null, new byte[16]); }
public void WrapKey_LongKEK1() { byte[] kek = new byte[33]; KeyWrapAlgorithm.WrapKey(kek, new byte[16]); }
public void Constructor_NullKEK() { KeyWrapAlgorithm kwa = new KeyWrapAlgorithm(null); }
public void WrapKey_BadMultiplePT() { Assert.ThrowsException <ArgumentException>( () => _ = KeyWrapAlgorithm.WrapKey(ValidKEK, new byte[23])); }
public void WrapKey_ShortPT() { Assert.ThrowsException <ArgumentOutOfRangeException>( () => _ = KeyWrapAlgorithm.WrapKey(ValidKEK, new byte[8])); }
public void WrapKey_NullPT() { Assert.ThrowsException <ArgumentNullException>( () => _ = KeyWrapAlgorithm.WrapKey(ValidKEK, null)); }
public void WrapKey_NullKEK() { KeyWrapAlgorithm.WrapKey(null, new byte[16]); }
public void KeyUnwrap_EmptyKEK() { byte[] kek = new byte[0]; KeyWrapAlgorithm.UnwrapKey(kek, new byte[16]); }
public void WrapKey_EmptyKEK() { byte[] kek = new byte[0]; KeyWrapAlgorithm.WrapKey(kek, new byte[16]); }
public void KeyUnwrap_ShortKEK1() { byte[] kek = new byte[8]; KeyWrapAlgorithm.UnwrapKey(kek, new byte[16]); }
public void WrapKey_BadSizedKEK1() { byte[] kek = new byte[20]; KeyWrapAlgorithm.WrapKey(kek, new byte[16]); }
public void KeyUnwrap_LongKEK2() { byte[] kek = new byte[40]; KeyWrapAlgorithm.UnwrapKey(kek, new byte[16]); }
public void WrapKey_NullKEK() { Assert.ThrowsException <ArgumentNullException>( () => _ = KeyWrapAlgorithm.WrapKey(null, new byte[16])); }
public void Constructor_EmptyKEK() { byte[] kek = new byte[0]; KeyWrapAlgorithm kwa = new KeyWrapAlgorithm(kek); }
/// <summary> /// Initializes a new instance of the <see cref="Cryptography.WrapResult"/> for mocking purposes. /// </summary> /// <param name="keyId">Sets the <see cref="WrapResult.KeyId"/> property.</param> /// <param name="key">Sets the <see cref="WrapResult.EncryptedKey"/> property.</param> /// <param name="algorithm">Sets the <see cref="WrapResult.Algorithm"/> property.</param> /// <returns>A new instance of the <see cref="Cryptography.WrapResult"/> for mocking purposes.</returns> public static WrapResult WrapResult(string keyId = default, byte[] key = default, KeyWrapAlgorithm algorithm = default) => new WrapResult { KeyId = keyId, EncryptedKey = key, Algorithm = algorithm, };
public void Constructor_ShortKEK2() { byte[] kek = new byte[15]; KeyWrapAlgorithm kwa = new KeyWrapAlgorithm(kek); }
public byte[] WrapKey(KeyWrapAlgorithm keyWrapAlgorithm, byte[] key, string keyIdentifierUri) { CryptographyClient cryptographyClient = GetCryptographyClient(keyIdentifierUri); return(cryptographyClient.WrapKey(keyWrapAlgorithm, key).EncryptedKey); }
public void Constructor_BadSizedKEK1() { byte[] kek = new byte[20]; KeyWrapAlgorithm kwa = new KeyWrapAlgorithm(kek); }
public Task <WrapResult> WrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, CancellationToken cancellationToken = default) => throw new CryptographicException(CRYPT_E_NO_PROVIDER);
public void Constructor_LongKEK2() { byte[] kek = new byte[40]; KeyWrapAlgorithm kwa = new KeyWrapAlgorithm(kek); }
private PSKeyOperationResult WrapKey(CryptographyClient cryptographyClient, KeyWrapAlgorithm keyEncryptAlgorithm, byte[] value) { return(new PSKeyOperationResult(cryptographyClient.WrapKey(keyEncryptAlgorithm, value))); }
public void WrapKey_ShortPT1() { byte[] pt = new byte[8]; KeyWrapAlgorithm.WrapKey(ValidKEK, pt); }