| | | 1 | | // Copyright (c) Microsoft Corporation. All rights reserved. |
| | | 2 | | // Licensed under the MIT License. |
| | | 3 | | |
| | | 4 | | using System; |
| | | 5 | | using System.IO; |
| | | 6 | | using System.Security.Cryptography; |
| | | 7 | | using System.Threading; |
| | | 8 | | using System.Threading.Tasks; |
| | | 9 | | using Azure.Core.Cryptography; |
| | | 10 | | using Azure.Storage.Cryptography.Models; |
| | | 11 | | |
| | | 12 | | namespace Azure.Storage.Cryptography |
| | | 13 | | { |
| | | 14 | | internal class ClientSideDecryptor |
| | | 15 | | { |
| | | 16 | | /// <summary> |
| | | 17 | | /// Clients that can upload data have a key encryption key stored on them. Checking if |
| | | 18 | | /// a cached key exists and matches a given <see cref="EncryptionData"/> saves a call |
| | | 19 | | /// to the external key resolver implementation when available. |
| | | 20 | | /// </summary> |
| | | 21 | | private readonly IKeyEncryptionKey _potentialCachedIKeyEncryptionKey; |
| | | 22 | | |
| | | 23 | | /// <summary> |
| | | 24 | | /// Resolver to fetch the key encryption key. |
| | | 25 | | /// </summary> |
| | | 26 | | private readonly IKeyEncryptionKeyResolver _keyResolver; |
| | | 27 | | |
| | 0 | 28 | | public ClientSideDecryptor(ClientSideEncryptionOptions options) |
| | | 29 | | { |
| | 0 | 30 | | _potentialCachedIKeyEncryptionKey = options.KeyEncryptionKey; |
| | 0 | 31 | | _keyResolver = options.KeyResolver; |
| | 0 | 32 | | } |
| | | 33 | | |
| | | 34 | | /// <summary> |
| | | 35 | | /// Decrypts the given stream if decryption information is provided. |
| | | 36 | | /// Does not shave off unwanted start/end bytes, but will shave off padding. |
| | | 37 | | /// </summary> |
| | | 38 | | /// <param name="ciphertext">Stream to decrypt.</param> |
| | | 39 | | /// <param name="encryptionData"> |
| | | 40 | | /// Encryption metadata and wrapped content encryption key. |
| | | 41 | | /// </param> |
| | | 42 | | /// <param name="ivInStream"> |
| | | 43 | | /// Whether to use the first block of the stream for the IV instead of the value in |
| | | 44 | | /// <paramref name="encryptionData"/>. Generally for partial blob downloads where the |
| | | 45 | | /// previous block of the ciphertext is the IV for the next. |
| | | 46 | | /// </param> |
| | | 47 | | /// <param name="noPadding"> |
| | | 48 | | /// Whether to ignore padding. Generally for partial blob downloads where the end of |
| | | 49 | | /// the blob (where the padding occurs) was not downloaded. |
| | | 50 | | /// </param> |
| | | 51 | | /// <param name="async">Whether to perform this function asynchronously.</param> |
| | | 52 | | /// <param name="cancellationToken"></param> |
| | | 53 | | /// <returns> |
| | | 54 | | /// Decrypted plaintext. |
| | | 55 | | /// </returns> |
| | | 56 | | /// <exception cref="Exception"> |
| | | 57 | | /// Exceptions thrown based on implementations of <see cref="IKeyEncryptionKey"/> and |
| | | 58 | | /// <see cref="IKeyEncryptionKeyResolver"/>. |
| | | 59 | | /// </exception> |
| | | 60 | | public async Task<Stream> DecryptInternal( |
| | | 61 | | Stream ciphertext, |
| | | 62 | | EncryptionData encryptionData, |
| | | 63 | | bool ivInStream, |
| | | 64 | | bool noPadding, |
| | | 65 | | bool async, |
| | | 66 | | CancellationToken cancellationToken) |
| | | 67 | | { |
| | 0 | 68 | | switch (encryptionData.EncryptionAgent.EncryptionVersion) |
| | | 69 | | { |
| | | 70 | | case ClientSideEncryptionVersion.V1_0: |
| | 0 | 71 | | return await DecryptInternalV1_0( |
| | 0 | 72 | | ciphertext, |
| | 0 | 73 | | encryptionData, |
| | 0 | 74 | | ivInStream, |
| | 0 | 75 | | noPadding, |
| | 0 | 76 | | async, |
| | 0 | 77 | | cancellationToken).ConfigureAwait(false); |
| | | 78 | | default: |
| | 0 | 79 | | throw Errors.ClientSideEncryption.BadEncryptionAgent(encryptionData.EncryptionAgent.EncryptionVersio |
| | | 80 | | } |
| | 0 | 81 | | } |
| | | 82 | | |
| | | 83 | | /// <summary> |
| | | 84 | | /// Decrypts the given stream if decryption information is provided. |
| | | 85 | | /// Does not shave off unwanted start/end bytes, but will shave off padding. |
| | | 86 | | /// </summary> |
| | | 87 | | /// <param name="ciphertext">Stream to decrypt.</param> |
| | | 88 | | /// <param name="encryptionData"> |
| | | 89 | | /// Encryption metadata and wrapped content encryption key. |
| | | 90 | | /// </param> |
| | | 91 | | /// <param name="ivInStream"> |
| | | 92 | | /// Whether to use the first block of the stream for the IV instead of the value in |
| | | 93 | | /// <paramref name="encryptionData"/>. Generally for partial blob downloads where the |
| | | 94 | | /// previous block of the ciphertext is the IV for the next. |
| | | 95 | | /// </param> |
| | | 96 | | /// <param name="noPadding"> |
| | | 97 | | /// Whether to ignore padding. Generally for partial blob downloads where the end of |
| | | 98 | | /// the blob (where the padding occurs) was not downloaded. |
| | | 99 | | /// </param> |
| | | 100 | | /// <param name="async">Whether to perform this function asynchronously.</param> |
| | | 101 | | /// <param name="cancellationToken"></param> |
| | | 102 | | /// <returns> |
| | | 103 | | /// Decrypted plaintext. |
| | | 104 | | /// </returns> |
| | | 105 | | /// <exception cref="Exception"> |
| | | 106 | | /// Exceptions thrown based on implementations of <see cref="IKeyEncryptionKey"/> and |
| | | 107 | | /// <see cref="IKeyEncryptionKeyResolver"/>. |
| | | 108 | | /// </exception> |
| | | 109 | | private async Task<Stream> DecryptInternalV1_0( |
| | | 110 | | Stream ciphertext, |
| | | 111 | | EncryptionData encryptionData, |
| | | 112 | | bool ivInStream, |
| | | 113 | | bool noPadding, |
| | | 114 | | bool async, |
| | | 115 | | CancellationToken cancellationToken) |
| | | 116 | | { |
| | 0 | 117 | | var contentEncryptionKey = await GetContentEncryptionKeyAsync( |
| | 0 | 118 | | encryptionData, |
| | 0 | 119 | | async, |
| | 0 | 120 | | cancellationToken).ConfigureAwait(false); |
| | | 121 | | |
| | | 122 | | Stream plaintext; |
| | | 123 | | //int read = 0; |
| | 0 | 124 | | if (encryptionData != default) |
| | | 125 | | { |
| | | 126 | | byte[] IV; |
| | 0 | 127 | | if (!ivInStream) |
| | | 128 | | { |
| | 0 | 129 | | IV = encryptionData.ContentEncryptionIV; |
| | | 130 | | } |
| | | 131 | | else |
| | | 132 | | { |
| | 0 | 133 | | IV = new byte[Constants.ClientSideEncryption.EncryptionBlockSize]; |
| | 0 | 134 | | if (async) |
| | | 135 | | { |
| | 0 | 136 | | await ciphertext.ReadAsync(IV, 0, IV.Length, cancellationToken).ConfigureAwait(false); |
| | | 137 | | } |
| | | 138 | | else |
| | | 139 | | { |
| | 0 | 140 | | ciphertext.Read(IV, 0, IV.Length); |
| | | 141 | | } |
| | | 142 | | //read = IV.Length; |
| | | 143 | | } |
| | | 144 | | |
| | 0 | 145 | | plaintext = WrapStream( |
| | 0 | 146 | | ciphertext, |
| | 0 | 147 | | contentEncryptionKey.ToArray(), |
| | 0 | 148 | | encryptionData, |
| | 0 | 149 | | IV, |
| | 0 | 150 | | noPadding); |
| | 0 | 151 | | } |
| | | 152 | | else |
| | | 153 | | { |
| | 0 | 154 | | plaintext = ciphertext; |
| | | 155 | | } |
| | | 156 | | |
| | 0 | 157 | | return plaintext; |
| | 0 | 158 | | } |
| | | 159 | | |
| | | 160 | | #pragma warning disable CS1587 // XML comment is not placed on a valid language element |
| | | 161 | | /// <summary> |
| | | 162 | | /// Returns the content encryption key for blob. First tries to get the key encryption key from KeyResolver, |
| | | 163 | | /// then falls back to IKey stored on this EncryptionPolicy. Unwraps the content encryption key with the |
| | | 164 | | /// correct key wrapper. |
| | | 165 | | /// </summary> |
| | | 166 | | /// <param name="encryptionData">The encryption data.</param> |
| | | 167 | | /// <param name="async">Whether to perform asynchronously.</param> |
| | | 168 | | /// <param name="cancellationToken"></param> |
| | | 169 | | /// <returns> |
| | | 170 | | /// Encryption key as a byte array. |
| | | 171 | | /// </returns> |
| | | 172 | | /// <exception cref="Exception"> |
| | | 173 | | /// Exceptions thrown based on implementations of <see cref="IKeyEncryptionKey"/> and |
| | | 174 | | /// <see cref="IKeyEncryptionKeyResolver"/>. |
| | | 175 | | /// </exception> |
| | | 176 | | private async Task<Memory<byte>> GetContentEncryptionKeyAsync( |
| | | 177 | | #pragma warning restore CS1587 // XML comment is not placed on a valid language element |
| | | 178 | | EncryptionData encryptionData, |
| | | 179 | | bool async, |
| | | 180 | | CancellationToken cancellationToken) |
| | | 181 | | { |
| | 0 | 182 | | IKeyEncryptionKey key = default; |
| | | 183 | | |
| | | 184 | | // If we already have a local key and it is the correct one, use that. |
| | 0 | 185 | | if (encryptionData.WrappedContentKey.KeyId == _potentialCachedIKeyEncryptionKey?.KeyId) |
| | | 186 | | { |
| | 0 | 187 | | key = _potentialCachedIKeyEncryptionKey; |
| | | 188 | | } |
| | | 189 | | // Otherwise, use the resolver. |
| | 0 | 190 | | else if (_keyResolver != null) |
| | | 191 | | { |
| | 0 | 192 | | key = async |
| | 0 | 193 | | ? await _keyResolver.ResolveAsync(encryptionData.WrappedContentKey.KeyId, cancellationToken).Configu |
| | 0 | 194 | | : _keyResolver.Resolve(encryptionData.WrappedContentKey.KeyId, cancellationToken); |
| | | 195 | | } |
| | | 196 | | |
| | | 197 | | // We throw for every other reason that decryption couldn't happen. Throw a reasonable |
| | | 198 | | // exception here instead of nullref. |
| | 0 | 199 | | if (key == default) |
| | | 200 | | { |
| | 0 | 201 | | throw Errors.ClientSideEncryption.KeyNotFound(encryptionData.WrappedContentKey.KeyId); |
| | | 202 | | } |
| | | 203 | | |
| | 0 | 204 | | return async |
| | 0 | 205 | | ? await key.UnwrapKeyAsync( |
| | 0 | 206 | | encryptionData.WrappedContentKey.Algorithm, |
| | 0 | 207 | | encryptionData.WrappedContentKey.EncryptedKey, |
| | 0 | 208 | | cancellationToken).ConfigureAwait(false) |
| | 0 | 209 | | : key.UnwrapKey( |
| | 0 | 210 | | encryptionData.WrappedContentKey.Algorithm, |
| | 0 | 211 | | encryptionData.WrappedContentKey.EncryptedKey, |
| | 0 | 212 | | cancellationToken); |
| | 0 | 213 | | } |
| | | 214 | | |
| | | 215 | | |
| | | 216 | | /// <summary> |
| | | 217 | | /// Wraps a stream of ciphertext to stream plaintext. |
| | | 218 | | /// </summary> |
| | | 219 | | /// <param name="contentStream"></param> |
| | | 220 | | /// <param name="contentEncryptionKey"></param> |
| | | 221 | | /// <param name="encryptionData"></param> |
| | | 222 | | /// <param name="iv"></param> |
| | | 223 | | /// <param name="noPadding"></param> |
| | | 224 | | /// <returns></returns> |
| | | 225 | | private static Stream WrapStream( |
| | | 226 | | Stream contentStream, |
| | | 227 | | byte[] contentEncryptionKey, |
| | | 228 | | EncryptionData encryptionData, |
| | | 229 | | byte[] iv, |
| | | 230 | | bool noPadding) |
| | | 231 | | { |
| | 0 | 232 | | if (encryptionData.EncryptionAgent.EncryptionAlgorithm == ClientSideEncryptionAlgorithm.AesCbc256) |
| | | 233 | | { |
| | 0 | 234 | | using (AesCryptoServiceProvider aesProvider = new AesCryptoServiceProvider()) |
| | | 235 | | { |
| | 0 | 236 | | aesProvider.IV = iv ?? encryptionData.ContentEncryptionIV; |
| | 0 | 237 | | aesProvider.Key = contentEncryptionKey; |
| | | 238 | | |
| | 0 | 239 | | if (noPadding) |
| | | 240 | | { |
| | 0 | 241 | | aesProvider.Padding = PaddingMode.None; |
| | | 242 | | } |
| | | 243 | | |
| | 0 | 244 | | return new CryptoStream(contentStream, aesProvider.CreateDecryptor(), CryptoStreamMode.Read); |
| | | 245 | | } |
| | | 246 | | } |
| | | 247 | | |
| | 0 | 248 | | throw Errors.ClientSideEncryption.BadEncryptionAlgorithm(encryptionData.EncryptionAgent.EncryptionAlgorithm. |
| | 0 | 249 | | } |
| | | 250 | | } |
| | | 251 | | } |