Improved PEK list decryption exception handling

Documentation/CHANGELOG.md

@@ -11,6 +11,7 @@ All notable changes to this project will be documented in this file. The format
 - A more explanatory exception is now thrown when opening databases that originate from different OS versions.
 - A more explanatory exception is now thrown when the *Universal C Runtime* is missing from Windows.
 - A more explanatory exception is now thrown when the assemblies are blocked.
+- PEK list decryption exceptions now contain troubleshooting data.
 - Minor improvement in C++ build speed.
 
 ## [3.2.1] - 2019-01-04

Src/DSInternals.DataStore/Cryptography/DataStoreSecretDecryptor.cs

@@ -70,10 +70,22 @@ namespace DSInternals.DataStore
 
         public DataStoreSecretDecryptor(byte[] encryptedPEKListBlob, byte[] bootKey)
         {
-            // Decrypt and set version
-            byte[] decryptedPekList = this.DecryptPekList(encryptedPEKListBlob, bootKey);
-            // Parse the inner structure
-            this.ParsePekList(decryptedPekList);
+            try
+            {
+                // Decrypt and set version
+                byte[] decryptedPekList = this.DecryptPekList(encryptedPEKListBlob, bootKey);
+
+                // Parse the inner structure
+                this.ParsePekList(decryptedPekList);
+            }
+            catch(Exception originalException)
+            {
+                // TODO: Extract as resource
+                var newException = new FormatException("Could not decrypt or parse the PEK list.", originalException);
+                newException.Data.Add(nameof(encryptedPEKListBlob), encryptedPEKListBlob.ToHex());
+                newException.Data.Add(nameof(bootKey), bootKey.ToHex());
+                throw newException;
+            }
         }
 
         public DataStoreSecretDecryptor(byte[] cleartextPEKListBlob, PekListVersion version)