Merge pull request #12 from Eastrall/feature/fixIV

Dynamic IV per field

Author: Eastrall

.travis.yml

@@ -1,6 +1,6 @@
 language: csharp
 mono: none
-dotnet: 3.0.100
+dotnet: 3.1.403
 
 env:
   global:
@@ -18,8 +18,8 @@ jobs:
     name: ".NET Core 3 (Mac: OS X)"
 
 script:
-  - dotnet build ./src/$PROJECT_NAME/$PROJECT_NAME.csproj -c Release -f netstandard2.1
-  - dotnet test ./test/$PROJECT_NAME.Test/$PROJECT_NAME.Test.csproj -c Release -f netcoreapp3.0 /p:CollectCoverage=true /p:CoverletOutputFormat=opencover /p:Exclude="[xunit*]*"
+  - dotnet build ./src/$PROJECT_NAME/$PROJECT_NAME.csproj -c Release
+  - dotnet test ./test/$PROJECT_NAME.Test/$PROJECT_NAME.Test.csproj -c Release /p:CollectCoverage=true /p:CoverletOutputFormat=opencover /p:Exclude="[xunit*]*"
 
 after_script:
   - bash <(curl -s https://codecov.io/bash) 

src/EntityFrameworkCore.DataEncryption/EntityFrameworkCore.DataEncryption.csproj

@@ -1,10 +1,10 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>netstandard2.0;netstandard2.1</TargetFrameworks>
+    <TargetFrameworks>netstandard2.0</TargetFrameworks>
     <AssemblyName>EntityFrameworkCore.DataEncryption</AssemblyName>
     <RootNamespace>Microsoft.EntityFrameworkCore.DataEncryption</RootNamespace>
-    <Version>1.1.0</Version>
+    <Version>2.0.0</Version>
     <Authors>Filipe GOMES PEIXOTO</Authors>
     <PackageId>EntityFrameworkCore.DataEncryption</PackageId>
     <PackageProjectUrl>https://github.com/Eastrall/EntityFrameworkCore.DataEncryption</PackageProjectUrl>
@@ -13,17 +13,17 @@
     <PackageRequireLicenseAcceptance>true</PackageRequireLicenseAcceptance>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>entity-framework-core, extensions, dotnet-core, dotnet, encryption, fluent-api</PackageTags>
-    <LangVersion>7.3</LangVersion>
+    <LangVersion>8.0</LangVersion>
     <PackageIcon>icon.png</PackageIcon>
-    <Copyright>Filipe GOMES PEIXOTO © 2019</Copyright>
+    <Copyright>Filipe GOMES PEIXOTO © 2019 - 2020</Copyright>
     <Description>A plugin for Microsoft.EntityFrameworkCore to add support of encrypted fields using built-in or custom encryption providers.</Description>
     <PackageLicenseFile>LICENSE</PackageLicenseFile>
-    <PackageReleaseNotes>- Add support for Entity Framework Core 3</PackageReleaseNotes>
+    <PackageReleaseNotes>- Remove initializationVector parameter from `AesProvider` constructor.
+- Apply unique IV for each row.</PackageReleaseNotes>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="2.1.0" Condition="'$(TargetFramework)' == 'netstandard2.0'" />
-    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="3.0.0" Condition="'$(TargetFramework)' == 'netstandard2.1'" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="3.1.0" />
   </ItemGroup>
 
   <ItemGroup>

src/EntityFrameworkCore.DataEncryption/ModelBuilderExtensions.cs

@@ -1,6 +1,6 @@
-using System;
-using Microsoft.EntityFrameworkCore.DataEncryption.Internal;
+using Microsoft.EntityFrameworkCore.DataEncryption.Internal;
 using Microsoft.EntityFrameworkCore.Metadata;
+using System;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
 
@@ -19,7 +19,9 @@ public static class ModelBuilderExtensions
         public static void UseEncryption(this ModelBuilder modelBuilder, IEncryptionProvider encryptionProvider)
         {
             if (encryptionProvider == null)
-                return;
+            {
+                throw new ArgumentNullException(nameof(encryptionProvider), "Cannot initialize encryption with a null provider.");
+            }
 
             var encryptionConverter = new EncryptionConverter(encryptionProvider);
 
@@ -31,7 +33,9 @@ public static void UseEncryption(this ModelBuilder modelBuilder, IEncryptionProv
                     {
                         object[] attributes = property.PropertyInfo.GetCustomAttributes(typeof(EncryptedAttribute), false);
                         if (attributes.Any())
+                        {
                             property.SetValueConverter(encryptionConverter);
+                        }
                     }
                 }
             }

src/EntityFrameworkCore.DataEncryption/Providers/AesKeyInfo.cs

@@ -24,29 +24,29 @@ namespace Microsoft.EntityFrameworkCore.DataEncryption.Providers
         /// <param name="iv">AES initialization vector.</param>
         internal AesKeyInfo(byte[] key, byte[] iv)
         {
-            this.Key = key;
-            this.IV = iv;
+            Key = key;
+            IV = iv;
         }
 
         /// <summary>
         /// Determines whether the current <see cref="AesKeyInfo"/> is equal to another <see cref="AesKeyInfo"/>.
         /// </summary>
         /// <param name="other"></param>
         /// <returns></returns>
-        public bool Equals(AesKeyInfo other) => (this.Key, this.IV) == (other.Key, other.IV);
+        public bool Equals(AesKeyInfo other) => (Key, IV) == (other.Key, other.IV);
 
         /// <summary>
         /// Determines whether the current object is equal to another object of the same type.
         /// </summary>
         /// <param name="obj"></param>
         /// <returns></returns>
-        public override bool Equals(object obj) => (obj is AesKeyInfo keyInfo) && this.Equals(keyInfo);
+        public override bool Equals(object obj) => (obj is AesKeyInfo keyInfo) && Equals(keyInfo);
 
         /// <summary>
         /// Calculates the hash code for the current <see cref="AesKeyInfo"/> instance.
         /// </summary>
         /// <returns></returns>
-        public override int GetHashCode() => (this.Key, this.IV).GetHashCode();
+        public override int GetHashCode() => (Key, IV).GetHashCode();
 
         /// <summary>
         /// Determines whether the current <see cref="AesKeyInfo"/> is equal to another <see cref="AesKeyInfo"/>.

src/EntityFrameworkCore.DataEncryption/Providers/AesProvider.cs

@@ -11,24 +11,36 @@ namespace Microsoft.EntityFrameworkCore.DataEncryption.Providers
     public class AesProvider : IEncryptionProvider
     {
         private const int AesBlockSize = 128;
+        private const int InitializationVectorSize = 16;
+
         private readonly byte[] _key;
-        private readonly byte[] _initializationVector;
         private readonly CipherMode _mode;
         private readonly PaddingMode _padding;
 
+        /// <summary>
+        /// Creates a new <see cref="AesProvider"/> instance used to perform symetric encryption and decryption on strings.
+        /// </summary>
+        /// <param name="key">AES key used for the symetric encryption.</param>
+        /// <param name="mode">Mode for operation used in the symetric encryption.</param>
+        /// <param name="padding">Padding mode used in the symetric encryption.</param>
+        public AesProvider(byte[] key, CipherMode mode = CipherMode.CBC, PaddingMode padding = PaddingMode.PKCS7)
+        {
+            _key = key;
+            _mode = mode;
+            _padding = padding;
+        }
+
         /// <summary>
         /// Creates a new <see cref="AesProvider"/> instance used to perform symetric encryption and decryption on strings.
         /// </summary>
         /// <param name="key">AES key used for the symetric encryption.</param>
         /// <param name="initializationVector">AES Initialization Vector used for the symetric encryption.</param>
         /// <param name="mode">Mode for operation used in the symetric encryption.</param>
         /// <param name="padding">Padding mode used in the symetric encryption.</param>
+        [Obsolete("This constructor has been deprecated and will be removed in future versions. Please use the AesProvider(byte[], CipherMode, PaddingMode) constructor instead.")]
         public AesProvider(byte[] key, byte[] initializationVector, CipherMode mode = CipherMode.CBC, PaddingMode padding = PaddingMode.PKCS7)
+            : this(key, mode, padding)
         {
-            this._key = key;
-            this._initializationVector = initializationVector;
-            this._mode = mode;
-            this._padding = padding;
         }
 
         /// <summary>
@@ -41,14 +53,25 @@ public string Encrypt(string dataToEncrypt)
             byte[] input = Encoding.UTF8.GetBytes(dataToEncrypt);
             byte[] encrypted = null;
 
-            using (var aes = this.CreateNewAesEncryptor())
+            using (AesCryptoServiceProvider cryptoServiceProvider = CreateCryptographyProvider())
             {
-                using (var memoryStream = new MemoryStream())
+                cryptoServiceProvider.GenerateIV();
+
+                byte[] initializationVector = cryptoServiceProvider.IV;
+
+                using (ICryptoTransform encryptor = cryptoServiceProvider.CreateEncryptor(_key, initializationVector))
                 {
-                    using (var crypto = new CryptoStream(memoryStream, aes.CreateEncryptor(), CryptoStreamMode.Write))
-                        crypto.Write(input, 0, input.Length);
+                    using (var memoryStream = new MemoryStream())
+                    {
+                        using (var cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))
+                        {
+                            memoryStream.Write(initializationVector, 0, initializationVector.Length);
+                            cryptoStream.Write(input, 0, input.Length);
+                            cryptoStream.FlushFinalBlock();
+                        }
 
-                    encrypted = memoryStream.ToArray();
+                        encrypted = memoryStream.ToArray();
+                    }
                 }
             }
 
@@ -63,33 +86,36 @@ public string Encrypt(string dataToEncrypt)
         public string Decrypt(string dataToDecrypt)
         {
             byte[] input = Convert.FromBase64String(dataToDecrypt);
+
             string decrypted = string.Empty;
 
-            using (var aes = this.CreateNewAesEncryptor())
+            using (var memoryStream = new MemoryStream(input))
             {
-                using (var memoryStream = new MemoryStream(input))
-                using (var crypto = new CryptoStream(memoryStream, aes.CreateDecryptor(), CryptoStreamMode.Read))
-                using (var sr = new StreamReader(crypto))
-                    decrypted = sr.ReadToEnd().Trim('\0');
+                var initializationVector = new byte[InitializationVectorSize];
+
+                memoryStream.Read(initializationVector, 0, initializationVector.Length);
+
+                using AesCryptoServiceProvider cryptoServiceProvider = CreateCryptographyProvider();
+                using ICryptoTransform cryptoTransform = cryptoServiceProvider.CreateDecryptor(_key, initializationVector);
+                using var crypto = new CryptoStream(memoryStream, cryptoTransform, CryptoStreamMode.Read);
+                using var reader = new StreamReader(crypto);
+
+                decrypted = reader.ReadToEnd().Trim('\0');
             }
 
             return decrypted;
         }
 
-        /// <summary>
-        /// Creates a new <see cref="Aes"/> instance with the current configuration.
-        /// </summary>
-        /// <returns></returns>
-        private Aes CreateNewAesEncryptor()
+        private AesCryptoServiceProvider CreateCryptographyProvider()
         {
-            var aes = Aes.Create();
-
-            aes.Mode = this._mode;
-            aes.Padding = this._padding;
-            aes.Key = this._key;
-            aes.IV = this._initializationVector;
-
-            return aes;
+            return new AesCryptoServiceProvider
+            {
+                BlockSize = AesBlockSize,
+                Mode = _mode,
+                Padding = _padding,
+                Key = _key,
+                KeySize = _key.Length * 8
+            };
         }
 
         /// <summary>

test/EntityFrameworkCore.DataEncryption.Test/Context/AuthorEntity.cs

@@ -25,10 +25,10 @@ public sealed class AuthorEntity
 
         public AuthorEntity(string firstName, string lastName, int age)
         {
-            this.FirstName = firstName;
-            this.LastName = lastName;
-            this.Age = age;
-            this.Books = new List<BookEntity>();
+            FirstName = firstName;
+            LastName = lastName;
+            Age = age;
+            Books = new List<BookEntity>();
         }
     }
 }

test/EntityFrameworkCore.DataEncryption.Test/Context/BookEntity.cs

@@ -24,8 +24,8 @@ public sealed class BookEntity
 
         public BookEntity(string name, int numberOfPages)
         {
-            this.Name = name;
-            this.NumberOfPages = numberOfPages;
+            Name = name;
+            NumberOfPages = numberOfPages;
         }
     }
 }

test/EntityFrameworkCore.DataEncryption.Test/Context/DatabaseContext.cs

@@ -15,9 +15,11 @@ public DatabaseContext(DbContextOptions options)
         public DatabaseContext(DbContextOptions options, IEncryptionProvider encryptionProvider = null)
             : base(options)
         {
-            this._encryptionProvider = encryptionProvider;
+            _encryptionProvider = encryptionProvider;
         }
         protected override void OnModelCreating(ModelBuilder modelBuilder)
-            => modelBuilder.UseEncryption(this._encryptionProvider);
+        {
+            modelBuilder.UseEncryption(_encryptionProvider);
+        }
     }
 }

test/EntityFrameworkCore.DataEncryption.Test/Context/DatabaseContextFactory.cs

@@ -17,11 +17,8 @@ public sealed class DatabaseContextFactory : IDisposable
         /// </summary>
         public DatabaseContextFactory()
         {
-            this._connection = new SqliteConnection(DatabaseConnectionString);
-            this._connection.Open();
-
-            using (var dbContext = new DatabaseContext(this.CreateOptions<DatabaseContext>()))
-                dbContext.Database.EnsureCreated();
+            _connection = new SqliteConnection(DatabaseConnectionString);
+            _connection.Open();
         }
 
         /// <summary>
@@ -32,10 +29,11 @@ public DatabaseContextFactory()
         /// <returns></returns>
         public TContext CreateContext<TContext>(IEncryptionProvider provider = null) where TContext : DbContext
         {
-            if (provider == null)
-                return Activator.CreateInstance(typeof(TContext), this.CreateOptions<TContext>()) as TContext;
+            var context = Activator.CreateInstance(typeof(TContext), CreateOptions<TContext>(), provider) as TContext;
+
+            context.Database.EnsureCreated();
 
-            return Activator.CreateInstance(typeof(TContext), this.CreateOptions<TContext>(), provider) as TContext;
+            return context;
         }
 
         /// <summary>
@@ -51,9 +49,9 @@ private DbContextOptions<TContext> CreateOptions<TContext>() where TContext : Db
         /// </summary>
         public void Dispose()
         {
-            if (this._connection != null)
+            if (_connection != null)
             {
-                this._connection.Dispose();
+                _connection.Dispose();
             }
         }
     }

test/EntityFrameworkCore.DataEncryption.Test/EntityFrameworkCore.DataEncryption.Test.csproj

@@ -1,29 +1,22 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>netcoreapp2.2;netcoreapp3.0</TargetFrameworks>
-
+    <TargetFramework>netcoreapp3.0</TargetFramework>
     <IsPackable>false</IsPackable>
-
     <AssemblyName>Microsoft.EntityFrameworkCore.Encryption.Test</AssemblyName>
-
     <RootNamespace>Microsoft.EntityFrameworkCore.Encryption.Test</RootNamespace>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="coverlet.msbuild" Version="2.7.0">
+    <PackageReference Include="coverlet.msbuild" Version="2.9.0">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
     </PackageReference>
-    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="3.0.0" Condition="'$(TargetFramework)' == 'netcoreapp3.0'" />
-    <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="3.0.0" Condition="'$(TargetFramework)' == 'netcoreapp3.0'" />
-    <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="3.0.0" Condition="'$(TargetFramework)' == 'netcoreapp3.0'" />
-    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="2.1.0" Condition="'$(TargetFramework)' == 'netcoreapp2.2'" />
-    <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="2.1.0" Condition="'$(TargetFramework)' == 'netcoreapp2.2'" />
-    <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="2.1.0" Condition="'$(TargetFramework)' == 'netcoreapp2.2'" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.3.0" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="3.1.0" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="3.1.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.7.1" />
     <PackageReference Include="xunit" Version="2.4.1" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.4.1">
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.4.3">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
     </PackageReference>