private void ivParamTest(
            int count,
            CcmBlockCipher ccm,
            byte[]                  k,
            byte[]                  n)
        {
            byte[] p = Encoding.ASCII.GetBytes("hello world!!");

            ccm.Init(true, new ParametersWithIV(new KeyParameter(k), n));

            byte[] enc = new byte[p.Length + 8];

            int len = ccm.ProcessBytes(p, 0, p.Length, enc, 0);

            len += ccm.DoFinal(enc, len);

            ccm.Init(false, new ParametersWithIV(new KeyParameter(k), n));

            byte[] tmp = new byte[enc.Length];

            len = ccm.ProcessBytes(enc, 0, enc.Length, tmp, 0);

            len += ccm.DoFinal(tmp, len);

            byte[] dec = new byte[len];

            Array.Copy(tmp, 0, dec, 0, len);

            if (!AreEqual(p, dec))
            {
                Fail("decrypted stream fails to match in test " + count);
            }
        }
Beispiel #2
0
        private void checkVectors(
            int count,
            CcmBlockCipher ccm,
            byte[] k,
            int macSize,
            byte[] n,
            byte[] a,
            byte[] p,
            byte[] t,
            byte[] c)
        {
            ccm.Init(true, new AeadParameters(new KeyParameter(k), macSize, n, a));

            byte[] enc = new byte[c.Length];

            int len = ccm.ProcessBytes(p, 0, p.Length, enc, 0);

            len += ccm.DoFinal(enc, len);

//			ccm.Init(true, new CcmParameters(new KeyParameter(k), macSize, n, a));
//
//			byte[] enc = ccm.ProcessPacket(p, 0, p.Length);

            if (!AreEqual(c, enc))
            {
                Fail("encrypted stream fails to match in test " + count);
            }

//			ccm.Init(false, new CcmParameters(new KeyParameter(k), macSize, n, a));
//
//			byte[] dec = ccm.ProcessPacket(enc, 0, enc.Length);

            ccm.Init(false, new AeadParameters(new KeyParameter(k), macSize, n, a));

            byte[] tmp = new byte[enc.Length];

            len = ccm.ProcessBytes(enc, 0, enc.Length, tmp, 0);

            len += ccm.DoFinal(tmp, len);

            byte[] dec = new byte[len];

            Array.Copy(tmp, 0, dec, 0, len);

            if (!AreEqual(p, dec))
            {
                Fail("decrypted stream fails to match in test " + count);
            }

            if (!AreEqual(t, ccm.GetMac()))
            {
                Fail("MAC fails to match in test " + count);
            }
        }
Beispiel #3
0
        public string Decrypt(string json, string password)
        {
            var jsonObj = JsonConvert.DeserializeObject <SjclJson>(json);
            var v       = jsonObj.V;
            var adata   = Convert.FromBase64String(jsonObj.AData);
            var iv      = Convert.FromBase64String(jsonObj.IV);
            var salt    = Convert.FromBase64String(jsonObj.Salt);
            var ks      = jsonObj.KS;
            var ts      = jsonObj.TS;
            var iter    = jsonObj.Iter;
            var ct      = Convert.FromBase64String(jsonObj.CT);
            // var cipher = json.Cipher;
            // var mode = json.Mode;
            var key = GenKeyBytes(password, salt, ks, iter);

            var nonSecretPayload = new byte[] { };

            var cipher     = new CcmBlockCipher(new AesFastEngine());
            var parameters = new CcmParameters(
                new KeyParameter(key), ts, iv.Take(13).ToArray(), nonSecretPayload);

            cipher.Init(false, parameters);

            var plainText = new byte[cipher.GetOutputSize(ct.Length)];
            var len       = cipher.ProcessBytes(ct, 0, ct.Length, plainText, 0);

            cipher.DoFinal(plainText, len);
            return(Encoding.UTF8.GetString(plainText));
        }
        public static string Decrypt(string password, string data)
        {
            SJCLBlob ctdata = JsonConvert.DeserializeObject <SJCLBlob>(data);

            if (ctdata.Cipher != "aes" || ctdata.Mode != "ccm")
            {
                throw new InvalidOperationException("Unsupported cipher or mode.");
            }
            byte[] cipherText           = DecodeBase64(ctdata.CipherText);
            var    derivedMacParameters = DeriveKey(password, ctdata);

            var l = FindIVLen(cipherText.Length);

            byte[] iv = new byte[l];
            Array.Copy((Array)DecodeBase64(ctdata.IV), (Array)iv, (int)l);

            var ccmparams = new CcmParameters(derivedMacParameters, ctdata.TagSize, iv, DecodeBase64(ctdata.AuthData));
            var ccmMode   = new CcmBlockCipher(new AesFastEngine());

            ccmMode.Init(false, ccmparams);
            var plainBytes = new byte[ccmMode.GetOutputSize(cipherText.Length)];
            var res        = ccmMode.ProcessBytes(cipherText, 0, cipherText.Length, plainBytes, 0);

            ccmMode.DoFinal(plainBytes, res);
            return(Encoding.UTF8.GetString(plainBytes));
        }
Beispiel #5
0
            internal override void Evaluate(EngineProvider provider)
            {
                byte[] K = Hex.Decode("404142434445464748494a4b4c4d4e4f");
                byte[] N = Hex.Decode("10111213141516");
                byte[] A = Hex.Decode("0001020304050607");
                byte[] P = Hex.Decode("20212223");
                byte[] C = Hex.Decode("7162015b4dac255d");
                byte[] T = Hex.Decode("6084341b");

                CcmBlockCipher encCipher = new CcmBlockCipher(provider.CreateEngine(EngineUsage.GENERAL));
                CcmBlockCipher decCipher = new CcmBlockCipher(provider.CreateEngine(EngineUsage.GENERAL));
                int            macSize   = T.Length * 8;

                KeyParameter keyParam = new KeyParameter(K);

                encCipher.Init(true, new AeadParameters(keyParam, macSize, N, A));

                byte[] enc = new byte[C.Length];

                int len = encCipher.ProcessBytes(P, 0, P.Length, enc, 0);

                encCipher.DoFinal(enc, len);

                if (!Arrays.AreEqual(FipsKats.Values[FipsKats.Vec.AesCcmEnc], enc))
                {
                    Fail("encrypted stream fails to match in self test");
                }

                if (!Arrays.AreEqual(FipsKats.Values[FipsKats.Vec.AesCcmEncTag], encCipher.GetMac()))
                {
                    Fail("MAC fails to match in self test encrypt");
                }

                decCipher.Init(false, new AeadParameters(keyParam, macSize, N, A));

                byte[] tmp = new byte[enc.Length];

                len = decCipher.ProcessBytes(enc, 0, enc.Length, tmp, 0);

                len += decCipher.DoFinal(tmp, len);

                byte[] dec = new byte[len];

                Array.Copy(tmp, 0, dec, 0, len);

                if (!Arrays.AreEqual(FipsKats.Values[FipsKats.Vec.AesCcmDec], dec))
                {
                    Fail("decrypted stream fails to match in self test");
                }

                if (!Arrays.AreEqual(FipsKats.Values[FipsKats.Vec.AesCcmDecTag], decCipher.GetMac()))
                {
                    Fail("MAC fails to match in self test");
                }
            }
Beispiel #6
0
        public JObject Decrypt(string key, JObject json)
        {
            try
            {
                byte[] iv         = Base64.Decode(json.GetValue("iv").ToString());
                byte[] cipherText = Base64.Decode(json.GetValue("ct").ToString());
                byte[] adataBytes = DecodeAdataBytes(json.GetValue("adata").ToString());
                byte[] nonce      = ComputeNonce(iv, cipherText);

                if (json.GetValue("mode").ToString() != "ccm")
                {
                    throw new ApplicationException("Can only decrypt ccm mode encrypted data.");
                }

                KeyParameter keyParam = CreateKey(
                    key,
                    Base64.Decode(json.GetValue("salt").ToString()),
                    json.GetValue("iter").ToObject <int>(),
                    json.GetValue("ks").ToObject <int>());

                var ccm = new AeadParameters(
                    keyParam,
                    MacSize(json.GetValue("ts").ToObject <int>()),
                    nonce,
                    adataBytes);

                var aes = new CcmBlockCipher(new AesFastEngine());
                aes.Init(false, ccm);

                var plainBytes = new byte[aes.GetOutputSize(cipherText.Length)];

                int res = aes.ProcessBytes(
                    cipherText,
                    0,
                    cipherText.Length,
                    plainBytes,
                    0);

                aes.DoFinal(plainBytes, res);
                var text = Encoding.UTF8.GetString(plainBytes);
                return(JObject.Parse(text));
            }
            catch (InvalidCipherTextException)
            {
                throw;
            }
            catch (Exception e)
            {
                throw new ApplicationException("Json decryption failed.", e);
            }
        }
Beispiel #7
0
        private static MemoryStream Encrypt(Stream source, string fileName, out string seed_encoded, out string ident)
        {
            // Randomly generate a new seed for upload
            byte[] seed = new byte[16];

            using (RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider())
            {
                rngCsp.GetBytes(seed);
            }

            seed_encoded = UrlBase64Encode(seed);

            // Derive the parameters (key, IV, ident) from the seed
            byte[] key, iv;
            DeriveParams(seed, out key, out iv, out ident);

            // Create a new String->String map for JSON blob, and define filename and metadata
            Dictionary <string, string> metadataMap = new Dictionary <string, string>();

            metadataMap["mime"] = Helpers.IsTextFile(fileName) ? "text/plain" : Helpers.GetMimeType(fileName);
            metadataMap["name"] = fileName;

            // Encode the metadata with UTF-16 and a double-null-byte terminator, and append data
            // Unfortunately, the CCM cipher mode can't stream the encryption, and so we have to GetBytes() on the source.
            // We do limit the source to 50MB however
            byte[] data = Encoding.BigEndianUnicode.GetBytes(JsonConvert.SerializeObject(metadataMap)).Concat(new byte[] { 0, 0 }).Concat(source.GetBytes()).ToArray();

            // Calculate the length of the CCM IV and copy it over
            long ccmIVLen = FindIVLen(data.Length);

            byte[] ccmIV = new byte[ccmIVLen];
            Array.Copy(iv, ccmIV, ccmIVLen);

            // Set up the encryption parameters
            KeyParameter   keyParam  = new KeyParameter(key);
            CcmParameters  ccmParams = new CcmParameters(keyParam, MacSize, ccmIV, new byte[0]);
            CcmBlockCipher ccmMode   = new CcmBlockCipher(new AesFastEngine());

            ccmMode.Init(true, ccmParams);

            // Perform the encryption
            byte[] encBytes = new byte[ccmMode.GetOutputSize(data.Length)];
            int    res      = ccmMode.ProcessBytes(data, 0, data.Length, encBytes, 0);

            ccmMode.DoFinal(encBytes, res);

            return(new MemoryStream(encBytes));
        }
Beispiel #8
0
        public JObject Encrypt(string key, JObject blob, string adata)
        {
            var result = new JObject();
            var random = new SecureRandom();

            var iv   = new byte[32];
            var salt = new byte[8];

            random.NextBytes(salt);
            random.NextBytes(iv);

            try
            {
                byte[] plainBytes = Encoding.UTF8.GetBytes(blob.ToString());
                byte[] adataBytes = Encoding.UTF8.GetBytes(adata);
                byte[] nonce      = ComputeNonce(iv, plainBytes);

                KeyParameter keyParam = CreateKey(key, salt, _iter, _ks);
                var          ccm      = new AeadParameters(keyParam, MacSize(_ts), nonce, adataBytes);

                var aes = new CcmBlockCipher(new AesFastEngine());
                aes.Init(true, ccm);

                var enc = new byte[aes.GetOutputSize(plainBytes.Length)];

                int res = aes.ProcessBytes(plainBytes, 0, plainBytes.Length, enc, 0);

                aes.DoFinal(enc, res);

                result.Add("ct", Base64.ToBase64String(enc));
                result.Add("iv", Base64.ToBase64String(iv));
                result.Add("salt", Base64.ToBase64String(salt));
                result.Add("adata", EncodeAdata(adata));
                result.Add("mode", Mode);
                result.Add("ks", _ks);
                result.Add("iter", _iter);
                result.Add("ts", _ts);

                return(result);
            }
            catch (Exception e)
            {
                throw new ApplicationException("Json encryption failed.", e);
            }
        }
Beispiel #9
0
        public string Encrypt(string plainText, string password)
        {
            var v    = 1;
            var iter = 10000;
            var ks   = 256;
            var ts   = 64;
            // var mode = "ccm";
            // var cipher = "aes";

            var plainTextBytes = Encoding.UTF8.GetBytes(plainText);
            var adata          = new byte[0];
            var iv             = new byte[16];
            var salt           = new byte[8];

            _random.GetBytes(iv);
            _random.GetBytes(salt);
            var key = GenKeyBytes(password, salt, ks, iter);

            var nonSecretPayload = new byte[] { };

            var cipher     = new CcmBlockCipher(new AesFastEngine());
            var parameters = new CcmParameters(
                new KeyParameter(key), ts, iv.Take(13).ToArray(), nonSecretPayload);

            cipher.Init(true, parameters);

            var cipherText = new byte[cipher.GetOutputSize(plainTextBytes.Length)];
            var len        = cipher.ProcessBytes(plainTextBytes, 0, plainTextBytes.Length, cipherText, 0);

            cipher.DoFinal(cipherText, len);
            return(JsonConvert.SerializeObject(new SjclJson
            {
                IV = Convert.ToBase64String(iv),
                V = v,
                Iter = iter,
                KS = ks,
                TS = ts,
                Mode = "ccm",
                Cipher = "aes",
                AData = Convert.ToBase64String(adata),
                Salt = Convert.ToBase64String(salt),
                CT = Convert.ToBase64String(cipherText),
            }));
        }
        public static string Encrypt(string password, string data)
        {
            RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider();

            byte[] salt = new byte[8];
            rngCsp.GetBytes(salt);
            byte[] iv = new byte[16];
            rngCsp.GetBytes(iv);

            SJCLBlob ctdata = new SJCLBlob()
            {
                Mode       = "ccm",
                Cipher     = "aes",
                AuthData   = "",
                Iterations = 2000,
                KeySize    = 256,
                TagSize    = 64,
                Salt       = Convert.ToBase64String(salt),
                IV         = Convert.ToBase64String(iv),
                V          = 1
            };
            var key = DeriveKey(password, ctdata);

            byte[] rawdata = Encoding.UTF8.GetBytes(data);
            var    l       = FindIVLen(rawdata.Length);

            byte[] civ = new byte[l];
            Array.Copy((Array)iv, (Array)civ, (int)l);

            var ccmparams = new CcmParameters(key, ctdata.TagSize, civ, DecodeBase64(ctdata.AuthData));
            var ccmMode   = new CcmBlockCipher(new AesFastEngine());

            ccmMode.Init(true, ccmparams);
            var encBytes = new byte[ccmMode.GetOutputSize(rawdata.Length)];
            var res      = ccmMode.ProcessBytes(rawdata, 0, rawdata.Length, encBytes, 0);

            ccmMode.DoFinal(encBytes, res);
            ctdata.CipherText = Convert.ToBase64String(encBytes);

            return(JsonConvert.SerializeObject(ctdata));
        }
Beispiel #11
0
        private void AES_CCM(byte[] k)
        {
            CcmBlockCipher cipher = new CcmBlockCipher(new AesEngine());
            KeyParameter   contentKey;
            int            cbitTag = 64;

            //  The requirements from JWA
            //  IV is 96 bits
            //  Authentication tag is 128 bits
            //  key sizes are 128, 192 and 256 bits

            _iv = new byte[96 / 8];
            s_PRNG.NextBytes(_iv);

            contentKey = new KeyParameter(k);

            //  Build the object to be hashed

            byte[] a = new byte[0];
            if (ProtectedMap != null)
            {
                a = Encoding.UTF8.GetBytes(ProtectedMap.ToString());
            }

            AeadParameters parameters = new AeadParameters(contentKey, 128, _iv, a);

            cipher.Init(true, parameters);

            byte[] c   = new byte[cipher.GetOutputSize(payload.Length)];
            int    len = cipher.ProcessBytes(payload, 0, payload.Length, c, 0);

            cipher.DoFinal(c, len);

            Array.Resize(ref c, c.Length - (128 / 8) + (cbitTag / 8));
            _RgbEncrypted = c;
        }
        public string Encrypt(string data)
        {
            SecureRandom random = new SecureRandom();

            // Generate 256-bits AES key
            byte[] aesKey = new byte[32];
            random.NextBytes(aesKey);

            // Generate Initialization Vector
            byte[] IV = new byte[12];
            random.NextBytes(IV);

            // Apply RSA/None/PKCS1Padding encryption to the AES key
            byte[] encyptedAESKey = rsaCipher.DoFinal(aesKey);

            // Apply AES/CCM/NoPadding encryption to the data
            byte[] cipherText = System.Text.Encoding.UTF8.GetBytes(data);

            var ccmParameters = new CcmParameters(new KeyParameter(aesKey), 64, IV, new byte[] { });

            aesCipher = new CcmBlockCipher(new AesFastEngine());
            aesCipher.Init(true, ccmParameters);

            var encrypted = new byte[aesCipher.GetOutputSize(cipherText.Length)];
            var res       = aesCipher.ProcessBytes(cipherText, 0, cipherText.Length, encrypted, 0);

            aesCipher.DoFinal(encrypted, res);

            // Merge 'IV' and 'encrypted' to 'result'
            byte[] result = new byte[IV.Length + encrypted.Length];
            System.Buffer.BlockCopy(IV, 0, result, 0, IV.Length);
            System.Buffer.BlockCopy(encrypted, 0, result, IV.Length, encrypted.Length);

            // Return encrypted data
            return(Prefix + Version + Separator + System.Convert.ToBase64String(encyptedAESKey) + Separator + System.Convert.ToBase64String(result));
        }
        public override void PerformTest()
        {
            CcmBlockCipher ccm = new CcmBlockCipher(new AesEngine());

            checkVectors(0, ccm, K1, 32, N1, A1, P1, T1, C1);
            checkVectors(1, ccm, K2, 48, N2, A2, P2, T2, C2);
            checkVectors(2, ccm, K3, 64, N3, A3, P3, T3, C3);

            ivParamTest(0, ccm, K1, N1);

            //
            // 4 has a reduced associated text which needs to be replicated
            //
            byte[] a4 = new byte[65536];             // 524288 / 8

            for (int i = 0; i < a4.Length; i += A4.Length)
            {
                Array.Copy(A4, 0, a4, i, A4.Length);
            }

            checkVectors(3, ccm, K4, 112, N4, a4, P4, T4, C4);

            //
            // long data test
            //
            checkVectors(4, ccm, K4, 112, N4, A4, A4, T5, C5);

            // decryption with output specified, non-zero offset.
            ccm.Init(false, new AeadParameters(new KeyParameter(K2), 48, N2, A2));

            byte[] inBuf  = new byte[C2.Length + 10];
            byte[] outBuf = new byte[ccm.GetOutputSize(C2.Length) + 10];

            Array.Copy(C2, 0, inBuf, 10, C2.Length);

            int len = ccm.ProcessPacket(inBuf, 10, C2.Length, outBuf, 10);

            byte[] output = ccm.ProcessPacket(C2, 0, C2.Length);

            if (len != output.Length || !isEqual(output, outBuf, 10))
            {
                Fail("decryption output incorrect");
            }

            // encryption with output specified, non-zero offset.
            ccm.Init(true, new AeadParameters(new KeyParameter(K2), 48, N2, A2));

            int inLen = len;

            inBuf  = outBuf;
            outBuf = new byte[ccm.GetOutputSize(inLen) + 10];

            len    = ccm.ProcessPacket(inBuf, 10, inLen, outBuf, 10);
            output = ccm.ProcessPacket(inBuf, 10, inLen);

            if (len != output.Length || !isEqual(output, outBuf, 10))
            {
                Fail("encryption output incorrect");
            }

            //
            // exception tests
            //

            try
            {
                ccm.Init(false, new AeadParameters(new KeyParameter(K1), 32, N2, A2));

                ccm.ProcessPacket(C2, 0, C2.Length);

                Fail("invalid cipher text not picked up");
            }
            catch (InvalidCipherTextException)
            {
                // expected
            }

            try
            {
                ccm = new CcmBlockCipher(new DesEngine());

                Fail("incorrect block size not picked up");
            }
            catch (ArgumentException)
            {
                // expected
            }

            try
            {
                ccm.Init(false, new KeyParameter(K1));

                Fail("illegal argument not picked up");
            }
            catch (ArgumentException)
            {
                // expected
            }
        }
        private void checkVectors(
            int count,
            CcmBlockCipher ccm,
            string additionalDataType,
            byte[] k,
            int macSize,
            byte[] n,
            byte[] a,
            byte[] sa,
            byte[] p,
            byte[] t,
            byte[] c)
        {
            KeyParameter keyParam = (k == null) ? null : new KeyParameter(k);

            ccm.Init(true, new AeadParameters(keyParam, macSize, n, a));

            byte[] enc = new byte[c.Length];

            if (sa != null)
            {
                ccm.ProcessAadBytes(sa, 0, sa.Length);
            }

            int len = ccm.ProcessBytes(p, 0, p.Length, enc, 0);

            len += ccm.DoFinal(enc, len);

//			ccm.Init(true, new AeadParameters(new KeyParameter(k), macSize, n, a));
//
//			byte[] enc = ccm.ProcessPacket(p, 0, p.Length);

            if (!AreEqual(c, enc))
            {
                Fail("encrypted stream fails to match in test " + count + " with " + additionalDataType);
            }

//			ccm.Init(false, new AeadParameters(new KeyParameter(k), macSize, n, a));
//
//			byte[] dec = ccm.ProcessPacket(enc, 0, enc.Length);

            ccm.Init(false, new AeadParameters(new KeyParameter(k), macSize, n, a));

            byte[] tmp = new byte[enc.Length];

            if (sa != null)
            {
                ccm.ProcessAadBytes(sa, 0, sa.Length);
            }

            len = ccm.ProcessBytes(enc, 0, enc.Length, tmp, 0);

            len += ccm.DoFinal(tmp, len);

            byte[] dec = new byte[len];

            Array.Copy(tmp, 0, dec, 0, len);

            if (!AreEqual(p, dec))
            {
                Fail("decrypted stream fails to match in test " + count + " with " + additionalDataType,
                     Hex.ToHexString(p), Hex.ToHexString(dec));
            }

            if (!AreEqual(t, ccm.GetMac()))
            {
                Fail("MAC fails to match in test " + count + " with " + additionalDataType);
            }
        }
Beispiel #15
0
        public override void PerformTest()
        {
            CcmBlockCipher ccm = new CcmBlockCipher(new AesEngine());

            checkVectors(0, ccm, K1, 32, N1, A1, P1, T1, C1);
            checkVectors(1, ccm, K2, 48, N2, A2, P2, T2, C2);
            checkVectors(2, ccm, K3, 64, N3, A3, P3, T3, C3);

            ivParamTest(0, ccm, K1, N1);

            //
            // 4 has a reduced associated text which needs to be replicated
            //
            byte[] a4 = new byte[65536];             // 524288 / 8

            for (int i = 0; i < a4.Length; i += A4.Length)
            {
                Array.Copy(A4, 0, a4, i, A4.Length);
            }

            checkVectors(3, ccm, K4, 112, N4, a4, P4, T4, C4);

            //
            // long data test
            //
            checkVectors(4, ccm, K4, 112, N4, A4, A4, T5, C5);

            //
            // exception tests
            //

            try
            {
                ccm.Init(false, new AeadParameters(new KeyParameter(K1), 32, N2, A2));

                ccm.ProcessPacket(C2, 0, C2.Length);

                Fail("invalid cipher text not picked up");
            }
            catch (InvalidCipherTextException)
            {
                // expected
            }

            try
            {
                ccm = new CcmBlockCipher(new DesEngine());

                Fail("incorrect block size not picked up");
            }
            catch (ArgumentException)
            {
                // expected
            }

            try
            {
                ccm.Init(false, new KeyParameter(K1));

                Fail("illegal argument not picked up");
            }
            catch (ArgumentException)
            {
                // expected
            }
        }
Beispiel #16
0
        private void AES_CCM_Decrypt(CBORObject alg, byte[] K)
        {
            CcmBlockCipher cipher = new CcmBlockCipher(new AesEngine());
            KeyParameter   ContentKey;
            int            cbitTag;
            int            cbIV;
            int            cbitKey;

            //  Figure out what the correct internal parameters to use are

            Debug.Assert(alg.Type == CBORType.Integer);
            switch ((AlgorithmValuesInt)alg.AsInt32())
            {
            case AlgorithmValuesInt.AES_CCM_16_64_128:
            case AlgorithmValuesInt.AES_CCM_64_64_128:
                cbitKey = 128;
                cbitTag = 64;
                break;

            case AlgorithmValuesInt.AES_CCM_16_128_128:
            case AlgorithmValuesInt.AES_CCM_64_128_128:
                cbitKey = 128;
                cbitTag = 128;
                break;

            case AlgorithmValuesInt.AES_CCM_16_64_256:
            case AlgorithmValuesInt.AES_CCM_64_64_256:
                cbitKey = 256;
                cbitTag = 64;
                break;

            case AlgorithmValuesInt.AES_CCM_16_128_256:
            case AlgorithmValuesInt.AES_CCM_64_128_256:
                cbitKey = 256;
                cbitTag = 128;
                break;

            default:
                throw new CoseException("Unsupported algorithm: " + alg);
            }

            switch ((AlgorithmValuesInt)alg.AsInt32())
            {
            case AlgorithmValuesInt.AES_CCM_16_64_128:
            case AlgorithmValuesInt.AES_CCM_16_64_256:
            case AlgorithmValuesInt.AES_CCM_16_128_128:
            case AlgorithmValuesInt.AES_CCM_16_128_256:
                cbIV = 15 - 2;
                break;

            case AlgorithmValuesInt.AES_CCM_64_64_128:
            case AlgorithmValuesInt.AES_CCM_64_64_256:
            case AlgorithmValuesInt.AES_CCM_64_128_256:
            case AlgorithmValuesInt.AES_CCM_64_128_128:
                cbIV = 15 - 8;
                break;

            default:
                throw new CoseException("Unsupported algorithm: " + alg);
            }

            //  The requirements from JWA

            byte[]     IV   = new byte[cbIV];
            CBORObject cbor = FindAttribute(HeaderKeys.IV);

            if (cbor != null)
            {
                if (cbor.Type != CBORType.ByteString)
                {
                    throw new CoseException("IV is incorrectly formed.");
                }
                if (cbor.GetByteString().Length > IV.Length)
                {
                    throw new CoseException("IV is too long.");
                }
                Array.Copy(cbor.GetByteString(), 0, IV, 0, IV.Length);
            }
            else
            {
                s_PRNG.NextBytes(IV);
                AddAttribute(HeaderKeys.IV, CBORObject.FromObject(IV), UNPROTECTED);
            }

            if (K == null)
            {
                throw new CoseException("Internal error");
            }
            if (K.Length != cbitKey / 8)
            {
                throw new CoseException("Incorrect key length");
            }

            ContentKey = new KeyParameter(K);

            //  Build the object to be hashed

            AeadParameters parameters = new AeadParameters(ContentKey, cbitTag, IV, getAADBytes());

            cipher.Init(false, parameters);
            byte[] C   = new byte[cipher.GetOutputSize(RgbEncrypted.Length)];
            int    len = cipher.ProcessBytes(RgbEncrypted, 0, RgbEncrypted.Length, C, 0);

            len += cipher.DoFinal(C, len);

            rgbContent = C;
        }