/// <summary> /// Creates an instance of <see cref="AuthenticatedEncryptionProvider"/> for a specific <SecurityKey, Algorithm>. /// </summary> /// <param name="key">the <see cref="SecurityKey"/> to use.</param> /// <param name="algorithm">the algorithm to use.</param> /// <returns>an instance of <see cref="AuthenticatedEncryptionProvider"/></returns> /// <exception cref="ArgumentNullException">'key' is null.</exception> /// <exception cref="ArgumentNullException">'algorithm' is null or empty.</exception> /// <exception cref="ArgumentException">'key' is not a <see cref="SymmetricSecurityKey"/>.</exception> /// <exception cref="ArgumentException">'algorithm, key' pair is not supported.</exception> public virtual AuthenticatedEncryptionProvider CreateAuthenticatedEncryptionProvider(SecurityKey key, string algorithm) { if (key == null) { throw LogHelper.LogArgumentNullException(nameof(key)); } if (string.IsNullOrEmpty(algorithm)) { throw LogHelper.LogArgumentNullException(nameof(algorithm)); } if (CustomCryptoProvider != null && CustomCryptoProvider.IsSupportedAlgorithm(algorithm, key)) { var cryptoProvider = CustomCryptoProvider.Create(algorithm, key) as AuthenticatedEncryptionProvider; if (cryptoProvider == null) { throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(LogMessages.IDX10646, algorithm, key, typeof(AuthenticatedEncryptionProvider)))); } return(cryptoProvider); } if (SupportedAlgorithms.IsSupportedAuthenticatedEncryptionAlgorithm(algorithm, key)) { return(new AuthenticatedEncryptionProvider(key, algorithm)); } throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX10652, algorithm), nameof(algorithm))); }
/// <summary> /// Checks if an 'algorithm, key' pair is supported. /// </summary> /// <param name="algorithm">the algorithm to check.</param> /// <param name="key">the <see cref="SecurityKey"/>.</param> /// <returns>true if 'algorithm, key' pair is supported.</returns> public virtual bool IsSupportedAlgorithm(string algorithm, SecurityKey key) { if (CustomCryptoProvider != null && CustomCryptoProvider.IsSupportedAlgorithm(algorithm, key)) { return(true); } return(SupportedAlgorithms.IsSupportedAlgorithm(algorithm, key)); }
/// <summary> /// Answers if an algorithm is supported /// </summary> /// <param name="algorithm">the name of the cryptographic algorithm</param> /// <returns></returns> public virtual bool IsSupportedAlgorithm(string algorithm) { if (CustomCryptoProvider != null && CustomCryptoProvider.IsSupportedAlgorithm(algorithm)) { return(true); } return(SupportedAlgorithms.IsSupportedHashAlgorithm(algorithm)); }
private KeyWrapProvider CreateKeyWrapProvider(SecurityKey key, string algorithm, bool willUnwrap) { if (key == null) { throw LogHelper.LogArgumentNullException(nameof(key)); } if (string.IsNullOrEmpty(algorithm)) { throw LogHelper.LogArgumentNullException(nameof(algorithm)); } if (CustomCryptoProvider != null && CustomCryptoProvider.IsSupportedAlgorithm(algorithm, key, willUnwrap)) { if (!(CustomCryptoProvider.Create(algorithm, key, willUnwrap) is KeyWrapProvider keyWrapProvider)) { throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(LogMessages.IDX10646, algorithm, key, typeof(SignatureProvider)))); } return(keyWrapProvider); } if (key is RsaSecurityKey rsaKey && SupportedAlgorithms.IsSupportedRsaAlgorithm(algorithm)) { return(new RsaKeyWrapProvider(key, algorithm, willUnwrap)); } if (key is X509SecurityKey x509Key && SupportedAlgorithms.IsSupportedRsaAlgorithm(algorithm)) { return(new RsaKeyWrapProvider(x509Key, algorithm, willUnwrap)); } if (key is JsonWebKey jsonWebKey) { if (jsonWebKey.Kty == JsonWebAlgorithmsKeyTypes.RSA && SupportedAlgorithms.IsSupportedRsaAlgorithm(algorithm)) { return(new RsaKeyWrapProvider(jsonWebKey, algorithm, willUnwrap)); } else if (jsonWebKey.Kty == JsonWebAlgorithmsKeyTypes.Octet && SupportedAlgorithms.IsSupportedSymmetricAlgorithm(algorithm)) { return(new SymmetricKeyWrapProvider(jsonWebKey, algorithm)); } } if (key is SymmetricSecurityKey symmetricKey && SupportedAlgorithms.IsSupportedSymmetricAlgorithm(algorithm)) { return(new SymmetricKeyWrapProvider(symmetricKey, algorithm)); } throw LogHelper.LogExceptionMessage(new NotSupportedException(LogHelper.FormatInvariant(LogMessages.IDX10661, algorithm, key))); }
/// <summary> /// Checks if an algorithm is supported. /// </summary> /// <param name="key">The <see cref="SecurityKey"/> that will be used for crypto operations.</param> /// <param name="algorithm">The KeyWrap algorithm to apply.</param> /// <returns>true if the algorithm is supported; otherwise, false.</returns> protected virtual bool IsSupportedAlgorithm(SecurityKey key, string algorithm) { if (key == null) { return(false); } if (string.IsNullOrEmpty(algorithm)) { return(false); } if (key.KeySize < 2048) { return(false); } return(SupportedAlgorithms.IsSupportedKeyWrapAlgorithm(algorithm, key)); }
/// <summary> /// Initializes a new instance of the <see cref="AuthenticatedEncryptionProvider"/> class used for encryption and decryption. /// </summary> /// <param name="key">The <see cref="SecurityKey"/> that will be used for crypto operations.</param> /// <param name="algorithm">The encryption algorithm to apply.</param> /// <exception cref="ArgumentNullException">'key' is null.</exception> /// <exception cref="ArgumentNullException">'algorithm' is null or whitespace.</exception> /// <exception cref="ArgumentOutOfRangeException">key size is not large enough.</exception> /// <exception cref="ArgumentException">'algorithm' is not supported.</exception> /// <exception cref="ArgumentException">a symmetricSignatureProvider is not created.</exception> public AuthenticatedEncryptionProvider(SecurityKey key, string algorithm) { if (key == null) { throw LogHelper.LogArgumentNullException(nameof(key)); } if (string.IsNullOrWhiteSpace(algorithm)) { throw LogHelper.LogArgumentNullException(nameof(algorithm)); } Key = key; Algorithm = algorithm; _cryptoProviderFactory = key.CryptoProviderFactory; if (SupportedAlgorithms.IsSupportedEncryptionAlgorithm(algorithm, key)) { if (SupportedAlgorithms.IsAesGcm(algorithm)) { #if NETSTANDARD2_0 if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { throw LogHelper.LogExceptionMessage(new PlatformNotSupportedException(LogHelper.FormatInvariant(LogMessages.IDX10713, LogHelper.MarkAsNonPII(algorithm)))); } #endif InitializeUsingAesGcm(); } else { InitializeUsingAesCbc(); } } else { throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX10668, LogHelper.MarkAsNonPII(_className), LogHelper.MarkAsNonPII(algorithm), key))); } }
/// <summary> /// Checks if an algorithm is supported. /// </summary> /// <param name="key">The <see cref="SecurityKey"/> that will be used for crypto operations.</param> /// <param name="algorithm">The KeyWrap algorithm to apply.</param> /// <returns>true if the algorithm is supported; otherwise, false.</returns> protected virtual bool IsSupportedAlgorithm(SecurityKey key, string algorithm) { return(SupportedAlgorithms.IsSupportedRsaKeyWrap(algorithm, key)); }
/// <summary> /// Checks if an 'key, algorithm' pair is supported /// </summary> /// <param name="key">the <see cref="SecurityKey"/></param> /// <param name="algorithm">the algorithm to check.</param> /// <returns>true if 'key, algorithm' pair is supported.</returns> protected virtual bool IsSupportedAlgorithm(SecurityKey key, string algorithm) { return(SupportedAlgorithms.IsSupportedAuthenticatedEncryptionAlgorithm(algorithm, key)); }