/// <summary>
/// Imports the <see cref="CngCbcAuthenticatedEncryptorDescriptor"/> from serialized XML.
/// </summary>
public IAuthenticatedEncryptorDescriptor ImportFromXml(XElement element)
{
if (element == null)
{
throw new ArgumentNullException(nameof(element));
}
// <descriptor>
// <!-- Windows CNG-CBC -->
// <encryption algorithm="..." keyLength="..." [provider="..."] />
// <hash algorithm="..." [provider="..."] />
// <masterKey>...</masterKey>
// </descriptor>
var configuration = new CngCbcAuthenticatedEncryptorConfiguration();
var encryptionElement = element.Element("encryption") !;
configuration.EncryptionAlgorithm = (string)encryptionElement.Attribute("algorithm") !;
configuration.EncryptionAlgorithmKeySize = (int)encryptionElement.Attribute("keyLength") !;
configuration.EncryptionAlgorithmProvider = (string?)encryptionElement.Attribute("provider"); // could be null
var hashElement = element.Element("hash") !;
configuration.HashAlgorithm = (string)hashElement.Attribute("algorithm") !;
configuration.HashAlgorithmProvider = (string?)hashElement.Attribute("provider"); // could be null
Secret masterKey = ((string)element.Element("masterKey")) !.ToSecret();
return(new CngCbcAuthenticatedEncryptorDescriptor(configuration, masterKey));
}
public void CreateNewDescriptor_PropagatesOptions()
{
// Arrange
var configuration = new CngCbcAuthenticatedEncryptorConfiguration();
// Act
var descriptor = (CngCbcAuthenticatedEncryptorDescriptor)configuration.CreateNewDescriptor();
// Assert
Assert.Equal(configuration, descriptor.Configuration);
}
public void CreateNewDescriptor_PropagatesOptions()
{
// Arrange
var configuration = new CngCbcAuthenticatedEncryptorConfiguration(new CngCbcAuthenticatedEncryptionSettings());
// Act
var descriptor = (CngCbcAuthenticatedEncryptorDescriptor)configuration.CreateNewDescriptor();
// Assert
Assert.Equal(configuration.Settings, descriptor.Settings);
}
public void CreateNewDescriptor_CreatesUniqueCorrectlySizedMasterKey()
{
// Arrange
var configuration = new CngCbcAuthenticatedEncryptorConfiguration();
// Act
var masterKey1 = ((CngCbcAuthenticatedEncryptorDescriptor)configuration.CreateNewDescriptor()).MasterKey;
var masterKey2 = ((CngCbcAuthenticatedEncryptorDescriptor)configuration.CreateNewDescriptor()).MasterKey;
// Assert
SecretAssert.NotEqual(masterKey1, masterKey2);
SecretAssert.LengthIs(512 /* bits */, masterKey1);
SecretAssert.LengthIs(512 /* bits */, masterKey2);
}
public void CreateNewDescriptor_CreatesUniqueCorrectlySizedMasterKey()
{
// Arrange
var configuration = new CngCbcAuthenticatedEncryptorConfiguration(new CngCbcAuthenticatedEncryptionSettings());
// Act
var masterKey1 = ((CngCbcAuthenticatedEncryptorDescriptor)configuration.CreateNewDescriptor()).MasterKey;
var masterKey2 = ((CngCbcAuthenticatedEncryptorDescriptor)configuration.CreateNewDescriptor()).MasterKey;
// Assert
SecretAssert.NotEqual(masterKey1, masterKey2);
SecretAssert.LengthIs(512 /* bits */, masterKey1);
SecretAssert.LengthIs(512 /* bits */, masterKey2);
}
public CngCbcAuthenticatedEncryptorDescriptor(CngCbcAuthenticatedEncryptorConfiguration configuration, ISecret masterKey)
{
if (configuration == null)
{
throw new ArgumentNullException(nameof(configuration));
}
if (masterKey == null)
{
throw new ArgumentNullException(nameof(masterKey));
}
Configuration = configuration;
MasterKey = masterKey;
}
public void ResolvePolicy_CngCbcEncryption_WithoutExplicitSettings()
{
IServiceCollection serviceCollection = new ServiceCollection();
RunTestWithRegValues(serviceCollection, new Dictionary<string, object>()
{
["EncryptionType"] = "cng-cbc"
});
var services = serviceCollection.BuildServiceProvider();
var expectedConfiguration = new CngCbcAuthenticatedEncryptorConfiguration(new CngCbcAuthenticatedEncryptionSettings());
var actualConfiguration = (CngCbcAuthenticatedEncryptorConfiguration)services.GetService<IAuthenticatedEncryptorConfiguration>();
Assert.Equal(expectedConfiguration.Settings.EncryptionAlgorithm, actualConfiguration.Settings.EncryptionAlgorithm);
Assert.Equal(expectedConfiguration.Settings.EncryptionAlgorithmKeySize, actualConfiguration.Settings.EncryptionAlgorithmKeySize);
Assert.Equal(expectedConfiguration.Settings.EncryptionAlgorithmProvider, actualConfiguration.Settings.EncryptionAlgorithmProvider);
Assert.Equal(expectedConfiguration.Settings.HashAlgorithm, actualConfiguration.Settings.HashAlgorithm);
Assert.Equal(expectedConfiguration.Settings.HashAlgorithmProvider, actualConfiguration.Settings.HashAlgorithmProvider);
}
