Add EncryptOptions, DecryptOptions to model factory (Azure#16178)

* Add EncryptOptions, DecryptOptions to model factory

* Update public APIs

Author: heaths

sdk/keyvault/Azure.Security.KeyVault.Keys/api/Azure.Security.KeyVault.Keys.netstandard2.0.cs

@@ -27,7 +27,9 @@ public CreateRsaKeyOptions(string name, bool hardwareProtected = false) { }
     }
     public static partial class CryptographyModelFactory
     {
+        public static Azure.Security.KeyVault.Keys.Cryptography.DecryptOptions DecryptOptions(Azure.Security.KeyVault.Keys.Cryptography.EncryptionAlgorithm algorithm, byte[] ciphertext, byte[] iv = null, byte[] authenticationTag = null) { throw null; }
         public static Azure.Security.KeyVault.Keys.Cryptography.DecryptResult DecryptResult(string keyId = null, byte[] plaintext = null, Azure.Security.KeyVault.Keys.Cryptography.EncryptionAlgorithm algorithm = default(Azure.Security.KeyVault.Keys.Cryptography.EncryptionAlgorithm)) { throw null; }
+        public static Azure.Security.KeyVault.Keys.Cryptography.EncryptOptions EncryptOptions(Azure.Security.KeyVault.Keys.Cryptography.EncryptionAlgorithm algorithm, byte[] plaintext, byte[] iv = null) { throw null; }
         [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]
         public static Azure.Security.KeyVault.Keys.Cryptography.EncryptResult EncryptResult(string keyId, byte[] ciphertext, Azure.Security.KeyVault.Keys.Cryptography.EncryptionAlgorithm algorithm) { throw null; }
         public static Azure.Security.KeyVault.Keys.Cryptography.EncryptResult EncryptResult(string keyId = null, byte[] ciphertext = null, Azure.Security.KeyVault.Keys.Cryptography.EncryptionAlgorithm algorithm = default(Azure.Security.KeyVault.Keys.Cryptography.EncryptionAlgorithm), byte[] iv = null, byte[] authenticatedTag = null, byte[] additionalAuthenticatedData = null) { throw null; }
@@ -393,7 +395,7 @@ internal EncryptOptions() { }
     public partial class EncryptResult
     {
         internal EncryptResult() { }
-        public byte[] AdditionalAuthenticatedData { get { throw null; } set { } }
+        public byte[] AdditionalAuthenticatedData { get { throw null; } }
         public Azure.Security.KeyVault.Keys.Cryptography.EncryptionAlgorithm Algorithm { get { throw null; } }
         public byte[] AuthenticationTag { get { throw null; } }
         public byte[] Ciphertext { get { throw null; } }

sdk/keyvault/Azure.Security.KeyVault.Keys/src/Cryptography/CryptographyModelFactory.cs

@@ -1,6 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
+using System;
 using System.ComponentModel;
 using Azure.Security.KeyVault.Keys.Cryptography;
 
@@ -12,12 +13,27 @@ namespace Azure.Security.KeyVault.Keys
     public static class CryptographyModelFactory
     {
         /// <summary>
-        /// Initializes a new instance of the <see cref="Cryptography.DecryptResult"/> for mocking purposes.
+        /// Initializes a new instance of the <see cref="Cryptography.DecryptOptions"/> class for mocking purposes.
+        /// </summary>
+        /// <param name="algorithm">Sets the <see cref="DecryptOptions.Algorithm"/> property.</param>
+        /// <param name="ciphertext">Sets the <see cref="DecryptOptions.Ciphertext"/> property.</param>
+        /// <param name="iv">Sets the <see cref="DecryptOptions.Iv"/> property.</param>
+        /// <param name="authenticationTag">Sets the <see cref="DecryptOptions.AuthenticationTag"/> property.</param>
+        /// <returns>A new instance of the <see cref="Cryptography.DecryptOptions"/> class for mocking purposes.</returns>
+        /// <exception cref="ArgumentNullException"><paramref name="ciphertext"/> is null.</exception>
+        public static DecryptOptions DecryptOptions(EncryptionAlgorithm algorithm, byte[] ciphertext, byte[] iv = default, byte[] authenticationTag = default) => new DecryptOptions(algorithm, ciphertext)
+        {
+            Iv = iv,
+            AuthenticationTag = authenticationTag,
+        };
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="Cryptography.DecryptResult"/> class for mocking purposes.
         /// </summary>
         /// <param name="keyId">Sets the <see cref="DecryptResult.KeyId"/> property.</param>
         /// <param name="plaintext">Sets the <see cref="DecryptResult.Plaintext"/> property.</param>
         /// <param name="algorithm">Sets the <see cref="DecryptResult.Algorithm"/> property.</param>
-        /// <returns>A new instance of the <see cref="Cryptography.DecryptResult"/> for mocking purposes.</returns>
+        /// <returns>A new instance of the <see cref="Cryptography.DecryptResult"/> class for mocking purposes.</returns>
         public static DecryptResult DecryptResult(string keyId = default, byte[] plaintext = default, EncryptionAlgorithm algorithm = default) => new DecryptResult
         {
             KeyId = keyId,
@@ -26,25 +42,35 @@ public static class CryptographyModelFactory
         };
 
         /// <summary>
-        /// Initializes a new instance of the <see cref="Cryptography.EncryptResult"/> for mocking purposes.
+        /// Initializes a new instance of the <see cref="Cryptography.EncryptOptions"/> class for mocking purposes.
+        /// </summary>
+        /// <param name="algorithm">Sets the <see cref="EncryptOptions.Algorithm"/> property.</param>
+        /// <param name="plaintext">Sets the <see cref="EncryptOptions.Plaintext"/> property.</param>
+        /// <param name="iv">Sets the <see cref="DecryptOptions.Iv"/> property.</param>
+        /// <returns>A new instance of the <see cref="Cryptography.EncryptOptions"/> class for mocking purposes.</returns>
+        /// <exception cref="ArgumentNullException"><paramref name="plaintext"/> is null.</exception>
+        public static EncryptOptions EncryptOptions(EncryptionAlgorithm algorithm, byte[] plaintext, byte[] iv = default) => new EncryptOptions(algorithm, plaintext, iv, null);
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="Cryptography.EncryptResult"/> class for mocking purposes.
         /// </summary>
         /// <param name="keyId">Sets the <see cref="EncryptResult.KeyId"/> property.</param>
         /// <param name="ciphertext">Sets the <see cref="EncryptResult.Ciphertext"/> property.</param>
         /// <param name="algorithm">Sets the <see cref="EncryptResult.Algorithm"/> property.</param>
-        /// <returns>A new instance of the <see cref="Cryptography.EncryptResult"/> for mocking purposes.</returns>
+        /// <returns>A new instance of the <see cref="Cryptography.EncryptResult"/> class for mocking purposes.</returns>
         [EditorBrowsable(EditorBrowsableState.Never)]
         public static EncryptResult EncryptResult(string keyId, byte[] ciphertext, EncryptionAlgorithm algorithm) => EncryptResult(keyId, ciphertext, algorithm, null);
 
         /// <summary>
-        /// Initializes a new instance of the <see cref="Cryptography.EncryptResult"/> for mocking purposes.
+        /// Initializes a new instance of the <see cref="Cryptography.EncryptResult"/> class for mocking purposes.
         /// </summary>
         /// <param name="keyId">Sets the <see cref="EncryptResult.KeyId"/> property.</param>
         /// <param name="ciphertext">Sets the <see cref="EncryptResult.Ciphertext"/> property.</param>
         /// <param name="algorithm">Sets the <see cref="EncryptResult.Algorithm"/> property.</param>
         /// <param name="iv">Sets the initialization vector for encryption.</param>
         /// <param name="authenticatedTag">Sets the authenticated tag resulting from encryption with a symmetric key using AES.</param>
         /// <param name="additionalAuthenticatedData">Sets additional data that is authenticated during decryption but not encrypted.</param>
-        /// <returns>A new instance of the <see cref="Cryptography.EncryptResult"/> for mocking purposes.</returns>
+        /// <returns>A new instance of the <see cref="Cryptography.EncryptResult"/> class for mocking purposes.</returns>
         public static EncryptResult EncryptResult(string keyId = default, byte[] ciphertext = default, EncryptionAlgorithm algorithm = default, byte[] iv = default, byte[] authenticatedTag = default, byte[] additionalAuthenticatedData = default) => new EncryptResult
         {
             KeyId = keyId,
@@ -56,12 +82,12 @@ public static class CryptographyModelFactory
         };
 
         /// <summary>
-        /// Initializes a new instance of the <see cref="Cryptography.SignResult"/> for mocking purposes.
+        /// Initializes a new instance of the <see cref="Cryptography.SignResult"/> class for mocking purposes.
         /// </summary>
         /// <param name="keyId">Sets the <see cref="SignResult.KeyId"/> property.</param>
         /// <param name="signature">Sets the <see cref="SignResult.Signature"/> property.</param>
         /// <param name="algorithm">Sets the <see cref="SignResult.Algorithm"/> property.</param>
-        /// <returns>A new instance of the <see cref="Cryptography.SignResult"/> for mocking purposes.</returns>
+        /// <returns>A new instance of the <see cref="Cryptography.SignResult"/> class for mocking purposes.</returns>
         public static SignResult SignResult(string keyId = default, byte[] signature = default, SignatureAlgorithm algorithm = default) => new SignResult
         {
             KeyId = keyId,
@@ -70,12 +96,12 @@ public static class CryptographyModelFactory
         };
 
         /// <summary>
-        /// Initializes a new instance of the <see cref="Cryptography.UnwrapResult"/> for mocking purposes.
+        /// Initializes a new instance of the <see cref="Cryptography.UnwrapResult"/> class for mocking purposes.
         /// </summary>
         /// <param name="keyId">Sets the <see cref="UnwrapResult.KeyId"/> property.</param>
         /// <param name="key">Sets the <see cref="UnwrapResult.Key"/> property.</param>
         /// <param name="algorithm">Sets the <see cref="UnwrapResult.Algorithm"/> property.</param>
-        /// <returns>A new instance of the <see cref="Cryptography.UnwrapResult"/> for mocking purposes.</returns>
+        /// <returns>A new instance of the <see cref="Cryptography.UnwrapResult"/> class for mocking purposes.</returns>
         public static UnwrapResult UnwrapResult(string keyId = default, byte[] key = default, KeyWrapAlgorithm algorithm = default) => new UnwrapResult
         {
             KeyId = keyId,
@@ -84,12 +110,12 @@ public static class CryptographyModelFactory
         };
 
         /// <summary>
-        /// Initializes a new instance of the <see cref="Cryptography.VerifyResult"/> for mocking purposes.
+        /// Initializes a new instance of the <see cref="Cryptography.VerifyResult"/> class for mocking purposes.
         /// </summary>
         /// <param name="keyId">Sets the <see cref="VerifyResult.KeyId"/> property.</param>
         /// <param name="isValid">Sets the <see cref="VerifyResult.IsValid"/> property.</param>
         /// <param name="algorithm">Sets the <see cref="VerifyResult.Algorithm"/> property.</param>
-        /// <returns>A new instance of the <see cref="Cryptography.VerifyResult"/> for mocking purposes.</returns>
+        /// <returns>A new instance of the <see cref="Cryptography.VerifyResult"/> class for mocking purposes.</returns>
         public static VerifyResult VerifyResult(string keyId = default, bool isValid = default, SignatureAlgorithm algorithm = default) => new VerifyResult
         {
             KeyId = keyId,
@@ -98,12 +124,12 @@ public static class CryptographyModelFactory
         };
 
         /// <summary>
-        /// Initializes a new instance of the <see cref="Cryptography.WrapResult"/> for mocking purposes.
+        /// Initializes a new instance of the <see cref="Cryptography.WrapResult"/> class for mocking purposes.
         /// </summary>
         /// <param name="keyId">Sets the <see cref="WrapResult.KeyId"/> property.</param>
         /// <param name="key">Sets the <see cref="WrapResult.EncryptedKey"/> property.</param>
         /// <param name="algorithm">Sets the <see cref="WrapResult.Algorithm"/> property.</param>
-        /// <returns>A new instance of the <see cref="Cryptography.WrapResult"/> for mocking purposes.</returns>
+        /// <returns>A new instance of the <see cref="Cryptography.WrapResult"/> class for mocking purposes.</returns>
         public static WrapResult WrapResult(string keyId = default, byte[] key = default, KeyWrapAlgorithm algorithm = default) => new WrapResult
         {
             KeyId = keyId,

sdk/keyvault/Azure.Security.KeyVault.Keys/src/Cryptography/DecryptOptions.cs

@@ -179,12 +179,12 @@ internal DecryptOptions(EncryptionAlgorithm algorithm, byte[] ciphertext, byte[]
         /// <summary>
         /// Gets the initialization vector for decryption.
         /// </summary>
-        public byte[] Iv { get; }
+        public byte[] Iv { get; internal set; }
 
         /// <summary>
         /// Gets the authenticated tag resulting from encryption with a symmetric key using AES.
         /// </summary>
-        public byte[] AuthenticationTag { get; }
+        public byte[] AuthenticationTag { get; internal set; }
 
         /// <summary>
         /// Gets or sets additional data that is authenticated during decryption but not encrypted.

sdk/keyvault/Azure.Security.KeyVault.Keys/src/Cryptography/EncryptResult.cs

@@ -43,7 +43,7 @@ internal EncryptResult()
         /// <summary>
         /// Gets additional data that is authenticated during decryption but not encrypted.
         /// </summary>
-        public byte[] AdditionalAuthenticatedData { get; set; }
+        public byte[] AdditionalAuthenticatedData { get; internal set; }
 
         /// <summary>
         /// Gets the <see cref="EncryptionAlgorithm"/> used for encryption. This must be stored alongside the <see cref="Ciphertext"/> as the same algorithm must be used to decrypt it.

sdk/keyvault/Azure.Security.KeyVault.Keys/tests/CryptographyModelFactoryTests.cs

@@ -0,0 +1,72 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System;
+using Azure.Security.KeyVault.Keys.Cryptography;
+using NUnit.Framework;
+
+namespace Azure.Security.KeyVault.Keys.Tests
+{
+    public class CryptographyModelFactoryTests
+    {
+        [Test]
+        public void DecryptOptionsRequiresCiphertext() =>
+            Assert.AreEqual("ciphertext", Assert.Throws<ArgumentNullException>(() => CryptographyModelFactory.DecryptOptions(EncryptionAlgorithm.A128Cbc, null)).ParamName);
+
+        [Test]
+        public void DecryptOptionsOnlyRequired()
+        {
+            byte[] buffer = new byte[] { 0, 1, 2, 3 };
+            DecryptOptions options = CryptographyModelFactory.DecryptOptions(EncryptionAlgorithm.A128Cbc, buffer, null, null);
+
+            Assert.AreEqual(EncryptionAlgorithm.A128Cbc, options.Algorithm);
+            CollectionAssert.AreEqual(buffer, options.Ciphertext);
+            Assert.IsNull(options.Iv);
+            Assert.IsNull(options.AuthenticationTag);
+            Assert.IsNull(options.AdditionalAuthenticatedData);
+        }
+
+        [Test]
+        public void DecryptOptionsAll()
+        {
+            byte[] buffer = new byte[] { 0, 1, 2, 3 };
+            DecryptOptions options = CryptographyModelFactory.DecryptOptions(EncryptionAlgorithm.A128Cbc, buffer, buffer, buffer);
+            options.AdditionalAuthenticatedData = buffer;
+
+            Assert.AreEqual(EncryptionAlgorithm.A128Cbc, options.Algorithm);
+            CollectionAssert.AreEqual(buffer, options.Ciphertext);
+            CollectionAssert.AreEqual(buffer, options.Iv);
+            CollectionAssert.AreEqual(buffer, options.AuthenticationTag);
+            CollectionAssert.AreEqual(buffer, options.AdditionalAuthenticatedData);
+        }
+
+        [Test]
+        public void EncryptOptionsRequiresPlaintext() =>
+            Assert.AreEqual("plaintext", Assert.Throws<ArgumentNullException>(() => CryptographyModelFactory.EncryptOptions(EncryptionAlgorithm.A128Cbc, null)).ParamName);
+
+        [Test]
+        public void EncryptOptionsOnlyRequired()
+        {
+            byte[] buffer = new byte[] { 0, 1, 2, 3 };
+            EncryptOptions options = CryptographyModelFactory.EncryptOptions(EncryptionAlgorithm.A128Cbc, buffer);
+
+            Assert.AreEqual(EncryptionAlgorithm.A128Cbc, options.Algorithm);
+            CollectionAssert.AreEqual(buffer, options.Plaintext);
+            Assert.IsNull(options.Iv);
+            Assert.IsNull(options.AdditionalAuthenticatedData);
+        }
+
+        [Test]
+        public void EncryptOptionsAll()
+        {
+            byte[] buffer = new byte[] { 0, 1, 2, 3 };
+            EncryptOptions options = CryptographyModelFactory.EncryptOptions(EncryptionAlgorithm.A128Cbc, buffer, buffer);
+            options.AdditionalAuthenticatedData = buffer;
+
+            Assert.AreEqual(EncryptionAlgorithm.A128Cbc, options.Algorithm);
+            CollectionAssert.AreEqual(buffer, options.Plaintext);
+            CollectionAssert.AreEqual(buffer, options.Iv);
+            CollectionAssert.AreEqual(buffer, options.AdditionalAuthenticatedData);
+        }
+    }
+}