public override EncryptResult Encrypt(EncryptOptions options, CancellationToken cancellationToken = default) { Argument.AssertNotNull(options, nameof(options)); ThrowIfTimeInvalid(); EncryptionAlgorithm algorithm = options.Algorithm; if (algorithm.GetAesCbcEncryptionAlgorithm() is AesCbc aesCbc) { // Make sure the IV is initialized. options.Initialize(); using ICryptoTransform encryptor = aesCbc.CreateEncryptor(KeyMaterial.K, options.Iv); byte[] plaintext = options.Plaintext; byte[] ciphertext = encryptor.TransformFinalBlock(plaintext, 0, plaintext.Length); return(new EncryptResult { Algorithm = algorithm, KeyId = KeyMaterial.Id, Ciphertext = ciphertext, Iv = options.Iv, }); } else { KeysEventSource.Singleton.AlgorithmNotSupported(nameof(Encrypt), algorithm); return(null); } }
public override EncryptResult Encrypt(EncryptOptions options, CancellationToken cancellationToken) { Argument.AssertNotNull(options, nameof(options)); ThrowIfTimeInvalid(); EncryptionAlgorithm algorithm = options.Algorithm; RSAEncryptionPadding padding = algorithm.GetRsaEncryptionPadding(); if (padding is null) { KeysEventSource.Singleton.AlgorithmNotSupported(nameof(Encrypt), algorithm); return(null); } byte[] ciphertext = Encrypt(options.Plaintext, padding); EncryptResult result = null; if (ciphertext != null) { result = new EncryptResult { Algorithm = algorithm, Ciphertext = ciphertext, KeyId = KeyMaterial.Id, }; } return(result); }
public override EncryptResult Encrypt(EncryptOptions options, CancellationToken cancellationToken = default) { Argument.AssertNotNull(options, nameof(options)); ThrowIfTimeInvalid(); EncryptionAlgorithm algorithm = options.Algorithm; if (algorithm.GetAesCbcEncryptionAlgorithm() is AesCbc aesCbc) { // Make sure the IV is initialized. options.Initialize(); using ICryptoTransform encryptor = aesCbc.CreateEncryptor(KeyMaterial.K, options.Iv); byte[] plaintext = options.Plaintext; byte[] ciphertext = encryptor.TransformFinalBlock(plaintext, 0, plaintext.Length); return(new EncryptResult { Algorithm = algorithm, KeyId = KeyMaterial.Id, Ciphertext = ciphertext, Iv = options.Iv, }); } else if (algorithm.IsAesGcm() && AesGcmProxy.TryCreate(KeyMaterial.K, out AesGcmProxy aesGcm)) { using (aesGcm) { byte[] plaintext = options.Plaintext; byte[] ciphertext = new byte[plaintext.Length]; byte[] tag = new byte[AesGcmProxy.NonceByteSize]; // Generate an nonce only for local AES-GCM; Managed HSM will do it service-side and err if serialized. byte[] iv = Crypto.GenerateIv(AesGcmProxy.NonceByteSize); aesGcm.Encrypt(iv, plaintext, ciphertext, tag, options.AdditionalAuthenticatedData); return(new EncryptResult { Algorithm = algorithm, KeyId = KeyMaterial.Id, Ciphertext = ciphertext, Iv = iv, AuthenticationTag = tag, AdditionalAuthenticatedData = options.AdditionalAuthenticatedData, }); } } else { KeysEventSource.Singleton.AlgorithmNotSupported(nameof(Encrypt), algorithm); return(null); } }
/// <summary> /// Encrypts plaintext. /// </summary> /// <param name="options">An <see cref="EncryptOptions"/> containing the data to encrypt and other options for algorithm-dependent encryption.</param> /// <param name="cancellationToken">A <see cref="CancellationToken"/> to cancel the operation.</param> /// <returns> /// The result of the encrypt operation. The returned <see cref="EncryptResult"/> contains the encrypted data /// along with all other information needed to decrypt it. This information should be stored with the encrypted data. /// </returns> /// <exception cref="ArgumentException">The specified algorithm does not match the key corresponding to the key identifier.</exception> /// <exception cref="ArgumentNullException"><paramref name="options"/> is null.</exception> /// <exception cref="CryptographicException">The local cryptographic provider threw an exception.</exception> /// <exception cref="InvalidOperationException">The key is invalid for the current operation.</exception> /// <exception cref="NotSupportedException">The operation is not supported with the specified key.</exception> public virtual async Task <EncryptResult> EncryptAsync(EncryptOptions options, CancellationToken cancellationToken = default) { Argument.AssertNotNull(options, nameof(options)); EncryptResult result = null; if (_provider.SupportsOperation(KeyOperation.Encrypt)) { result = await _provider.EncryptAsync(options, cancellationToken).ConfigureAwait(false); } return(result ?? throw LocalCryptographyProvider.CreateOperationNotSupported(nameof(KeyOperation.Encrypt))); }
/// <summary> /// Encrypts plaintext. /// </summary> /// <param name="options">An <see cref="EncryptOptions"/> containing the data to encrypt and other options for algorithm-dependent encryption.</param> /// <param name="cancellationToken">A <see cref="CancellationToken"/> to cancel the operation.</param> /// <returns> /// The result of the encrypt operation. The returned <see cref="EncryptResult"/> contains the encrypted data /// along with all other information needed to decrypt it. This information should be stored with the encrypted data. /// </returns> /// <exception cref="ArgumentException">The specified algorithm does not match the key corresponding to the key identifier.</exception> /// <exception cref="ArgumentNullException"><paramref name="options"/> is null.</exception> /// <exception cref="CryptographicException">The local cryptographic provider threw an exception.</exception> /// <exception cref="InvalidOperationException">The key is invalid for the current operation.</exception> /// <exception cref="NotSupportedException">The operation is not supported with the specified key.</exception> public virtual EncryptResult Encrypt(EncryptOptions options, CancellationToken cancellationToken = default) { Argument.AssertNotNull(options, nameof(options)); EncryptResult result = null; if (_provider.SupportsOperation(KeyOperation.Encrypt)) { result = _provider.Encrypt(options, cancellationToken); } return(result ?? throw LocalCryptographyProvider.CreateOperationNotSupported(nameof(KeyOperation.Encrypt))); }
public virtual async Task <Response <EncryptResult> > EncryptAsync(EncryptOptions options, CancellationToken cancellationToken = default) { using DiagnosticScope scope = Pipeline.CreateScope($"{nameof(RemoteCryptographyClient)}.{nameof(Encrypt)}"); scope.AddAttribute("key", _keyId); scope.Start(); try { // Make sure the IV is initialized. // TODO: Remove this call once the service will initialized it: https://github.com/Azure/azure-sdk-for-net/issues/16175 options.Initialize(); return(await Pipeline.SendRequestAsync(RequestMethod.Post, options, () => new EncryptResult { Algorithm = options.Algorithm }, cancellationToken, "/encrypt").ConfigureAwait(false)); } catch (Exception e) { scope.Failed(e); throw; } }
public virtual Task <EncryptResult> EncryptAsync(EncryptOptions options, CancellationToken cancellationToken = default) { EncryptResult result = Encrypt(options, cancellationToken); return(Task.FromResult(result)); }
public virtual EncryptResult Encrypt(EncryptOptions options, CancellationToken cancellationToken = default) { throw CreateOperationNotSupported(nameof(Encrypt)); }
EncryptResult ICryptographyProvider.Encrypt(EncryptOptions options, CancellationToken cancellationToken) { return(Encrypt(options, cancellationToken)); }
async Task <EncryptResult> ICryptographyProvider.EncryptAsync(EncryptOptions options, CancellationToken cancellationToken) { return(await EncryptAsync(options, cancellationToken).ConfigureAwait(false)); }