in AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorLib/MaterialProviderFactory.cs [130:269]
private static IKeyring CreateKeyring(MasterKey keyInfo, Key key, CryptoOperation operation) {
if (keyInfo.Type == "aws-kms") {
CreateAwsKmsKeyringInput createKeyringInput = new CreateAwsKmsKeyringInput
{
KmsClient = new AmazonKeyManagementServiceClient(GetRegionForArn(key.Id)),
KmsKeyId = key.Id,
};
return materialProviders.CreateAwsKmsKeyring(createKeyringInput);
}
if (keyInfo.Type == "aws-kms-mrk-aware") {
CreateAwsKmsMrkKeyringInput createKeyringInput = new CreateAwsKmsMrkKeyringInput
{
KmsClient = new AmazonKeyManagementServiceClient(GetRegionForArn(key.Id)),
KmsKeyId = key.Id,
};
return materialProviders.CreateAwsKmsMrkKeyring(createKeyringInput);
}
if (keyInfo.Type == "aws-kms-mrk-aware-discovery" && operation == CryptoOperation.DECRYPT) {
AWS.Cryptography.MaterialProviders.DiscoveryFilter filter = null;
if (keyInfo.AwsKmsDiscoveryFilter != null)
{
filter = new AWS.Cryptography.MaterialProviders.DiscoveryFilter
{
AccountIds = (List<string>)keyInfo.AwsKmsDiscoveryFilter.AccountIds,
Partition = keyInfo.AwsKmsDiscoveryFilter.Partition,
};
}
CreateAwsKmsMrkDiscoveryKeyringInput createKeyringInput = new CreateAwsKmsMrkDiscoveryKeyringInput
{
KmsClient = new AmazonKeyManagementServiceClient(RegionEndpoint.GetBySystemName(keyInfo.DefaultMrkRegion)),
Region = keyInfo.DefaultMrkRegion,
DiscoveryFilter = filter,
};
return materialProviders.CreateAwsKmsMrkDiscoveryKeyring(createKeyringInput);
}
if (keyInfo.Type == "aws-kms-hierarchy") {
// Lazily create a singleton KeyVectors client.
// A KeyVectors manifest is only required if a test vector specifies a hierarchy keyring.
// This specification can only be determined at runtime while reading the test vector manifest.
if (singletonKeyVectors == null) {
string manifestPath;
try
{
manifestPath = Utils.GetEnvironmentVariableOrError("DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH");
}
catch (ArgumentException e)
{
throw new ArgumentException("Hierarchy keyring test vectors must supply a KeyVectors manifest", e);
}
DecryptManifest manifest = Utils.LoadObjectFromPath<DecryptManifest>(manifestPath);
KeyVectorsConfig keyVectorsConfig = new KeyVectorsConfig
{
KeyManifestPath = Utils.ManifestUriToPath(manifest.KeysUri, manifestPath)
};
singletonKeyVectors = new(keyVectorsConfig);
}
// Convert JSON to bytes for KeyVectors input
string jsonString = JsonConvert.SerializeObject(keyInfo);
var stream = new MemoryStream();
var writer = new StreamWriter(stream);
writer.Write(jsonString);
writer.Flush();
stream.Position = 0;
// Create KeyVectors keyring
var getKeyDescriptionInput = new GetKeyDescriptionInput
{
Json = stream
};
var desc = singletonKeyVectors.GetKeyDescription(getKeyDescriptionInput);
var testVectorKeyringInput = new TestVectorKeyringInput
{
KeyDescription = desc.KeyDescription
};
var keyring = singletonKeyVectors.CreateTestVectorKeyring(
testVectorKeyringInput
);
return keyring!;
}
if (keyInfo.Type == "raw" && keyInfo.EncryptionAlgorithm == "aes") {
CreateRawAesKeyringInput createKeyringInput = new CreateRawAesKeyringInput
{
KeyNamespace = keyInfo.ProviderId,
KeyName = key.Id,
WrappingKey = new MemoryStream(Convert.FromBase64String(key.Material)),
WrappingAlg = AesAlgorithmFromBits(key.Bits),
};
return materialProviders.CreateRawAesKeyring(createKeyringInput);
}
if (keyInfo.Type == "raw" && keyInfo.EncryptionAlgorithm == "rsa" && key.Type == "private") {
PaddingScheme padding = RSAPaddingFromStrings(keyInfo.PaddingAlgorithm, keyInfo.PaddingHash);
byte[] privateKey = RSA.ParsePEMString(key.Material);
CreateRawRsaKeyringInput createKeyringInput = new CreateRawRsaKeyringInput
{
KeyNamespace = keyInfo.ProviderId,
KeyName = key.Id,
PaddingScheme = padding,
PrivateKey = new MemoryStream(privateKey)
};
// Extract the public key if we need to encrypt
if (operation == CryptoOperation.ENCRYPT)
{
byte[] publicKey = RSA.GetPublicKeyFromPrivateKeyPemString(key.Material);
createKeyringInput.PublicKey = new MemoryStream(publicKey);
}
return materialProviders.CreateRawRsaKeyring(createKeyringInput);
}
if (keyInfo.Type == "raw" && keyInfo.EncryptionAlgorithm == "rsa" && key.Type == "public") {
PaddingScheme padding = RSAPaddingFromStrings(keyInfo.PaddingAlgorithm, keyInfo.PaddingHash);
byte[] publicKey = RSA.ParsePEMString(key.Material);
CreateRawRsaKeyringInput createKeyringInput = new CreateRawRsaKeyringInput
{
KeyNamespace = keyInfo.ProviderId,
KeyName = key.Id,
PaddingScheme = padding,
PublicKey = new MemoryStream(publicKey)
};
return materialProviders.CreateRawRsaKeyring(createKeyringInput);
}
// string operationStr = operation == CryptoOperation.ENCRYPT
// ? "encryption"
// : "decryption";
throw new Exception($"Unsupported keyring {keyInfo.Type} type for {operation}");
}