/// <summary>
/// Initializes a new instance of AeadAes256CbcHmac256Algorithm algorithm with a given key and encryption type
/// </summary>
/// <param name="encryptionKey">
/// Root encryption key from which three other keys will be derived
/// </param>
/// <param name="encryptionType">Encryption Type, accepted values are Deterministic and Randomized.
/// For Deterministic encryption, a synthetic IV will be genenrated during encryption
/// For Randomized encryption, a random IV will be generated during encryption.
/// </param>
/// <param name="algorithmVersion">
/// Algorithm version
/// </param>
internal AeadAes256CbcHmac256Algorithm(AeadAes256CbcHmac256EncryptionKey encryptionKey, EncryptionType encryptionType, byte algorithmVersion)
{
this.dataEncryptionKey = encryptionKey;
this.algorithmVersion = algorithmVersion;
version[0] = algorithmVersion;
Debug.Assert(encryptionKey != null, "Null encryption key detected in AeadAes256CbcHmac256 algorithm");
Debug.Assert(algorithmVersion == 0x01, "Unknown algorithm version passed to AeadAes256CbcHmac256");
// Validate encryption type for this algorithm
// This algorithm can only provide randomized or deterministic encryption types.
// Right now, we support only randomized encryption for Cosmos DB client side encryption.
Debug.Assert(encryptionType == EncryptionType.Randomized, "Invalid Encryption Type detected in AeadAes256CbcHmac256Algorithm");
this.isDeterministic = false;
this.cryptoProviderPool = new ConcurrentQueue <AesCryptoServiceProvider>();
}
/// <summary>
/// Creates a new instance of data encryption key given the raw key bytes
/// suitable for use with the provided encryption algorithm.
/// </summary>
/// <param name="rawKey">Raw key bytes.</param>
/// <param name="encryptionAlgorithm">Encryption algorithm the returned key is intended to be used with.</param>
/// <returns>New instance of data encryption key.</returns>
public static DataEncryptionKey Create(
byte[] rawKey,
string encryptionAlgorithm)
{
if (rawKey == null)
{
throw new ArgumentNullException(nameof(rawKey));
}
if (!string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized))
{
throw new ArgumentException($"Encryption algorithm not supported: {encryptionAlgorithm}. Supported Algorithm is '{CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized}'", nameof(encryptionAlgorithm));
}
AeadAes256CbcHmac256EncryptionKey aeKey = new AeadAes256CbcHmac256EncryptionKey(rawKey, AeadAes256CbcHmac256Algorithm.AlgorithmNameConstant);
return(new AeadAes256CbcHmac256Algorithm(aeKey, EncryptionType.Randomized, algorithmVersion: 1));
}