Exemplo n.º 1
0
        public IAuthenticatedEncryptorConfiguration FromXml([NotNull] XElement element)
        {
            // <cbcEncryptor reader="{TYPE}">
            //   <encryption algorithm="{STRING}" provider="{STRING}" keyLength="{INT}" />
            //   <validation algorithm="{STRING}" provider="{STRING}" />
            //   <secret>...</secret>
            // </cbcEncryptor>

            CryptoUtil.Assert(element.Name == CngCbcAuthenticatedEncryptorConfiguration.CbcEncryptorElementName,
                              @"TODO: Bad element.");

            var options = new CngCbcAuthenticatedEncryptorConfigurationOptions();

            // read <encryption> element
            var encryptionElement = element.Element(CngCbcAuthenticatedEncryptorConfiguration.EncryptionElementName);

            options.EncryptionAlgorithm         = (string)encryptionElement.Attribute("algorithm");
            options.EncryptionAlgorithmProvider = (string)encryptionElement.Attribute("provider");
            options.EncryptionAlgorithmKeySize  = (int)encryptionElement.Attribute("keyLength");

            // read <validation> element
            var validationElement = element.Element(CngCbcAuthenticatedEncryptorConfiguration.ValidationElementName);

            options.HashAlgorithm         = (string)validationElement.Attribute("algorithm");
            options.HashAlgorithmProvider = (string)validationElement.Attribute("provider");

            // read the child of the <secret> element, then decrypt it
            var encryptedSecretElement         = element.Element(CngCbcAuthenticatedEncryptorConfiguration.SecretElementName).Elements().Single();
            var secretElementDecryptorTypeName = (string)encryptedSecretElement.Attribute("decryptor");
            var secretElementDecryptorType     = Type.GetType(secretElementDecryptorTypeName, throwOnError: true);
            var secretElementDecryptor         = (IXmlDecryptor)_typeActivator.CreateInstance(_serviceProvider, secretElementDecryptorType);
            var decryptedSecretElement         = secretElementDecryptor.Decrypt(encryptedSecretElement);

            CryptoUtil.Assert(decryptedSecretElement.Name == CngCbcAuthenticatedEncryptorConfiguration.SecretElementName,
                              @"TODO: Bad element.");

            byte[] decryptedSecretBytes = Convert.FromBase64String((string)decryptedSecretElement);
            try
            {
                var protectedMemoryBlob = new ProtectedMemoryBlob(decryptedSecretBytes);
                return(new CngCbcAuthenticatedEncryptorConfiguration(options, protectedMemoryBlob));
            }
            finally
            {
                Array.Clear(decryptedSecretBytes, 0, decryptedSecretBytes.Length);
            }
        }
 public CngCbcAuthenticatedEncryptorConfigurationFactory([NotNull] IOptions <CngCbcAuthenticatedEncryptorConfigurationOptions> optionsAccessor)
 {
     _options = optionsAccessor.Options.Clone();
 }
Exemplo n.º 3
0
 public CngCbcAuthenticatedEncryptorConfiguration(CngCbcAuthenticatedEncryptorConfigurationOptions options, ISecret secret)
 {
     _options = options;
     _secret  = secret;
 }