public void Unwrap2()
{
var kwp = new EcdhKeyWrapper(_bobKey, EncryptionAlgorithm.A128CbcHS256, KeyManagementAlgorithm.EcdhEsA128KW);
byte[] wrappedKey = new byte[kwp.GetKeyWrapSize()];
var header = new JwtHeader
{
{ JwtHeaderParameterNames.Apu, Utf8.GetString(Base64Url.Encode("Alice")) },
{ JwtHeaderParameterNames.Apv, Utf8.GetString(Base64Url.Encode("Bob")) }
};
kwp.WrapKey(_aliceKey, header, wrappedKey);
var kuwp = new EcdhKeyUnwrapper(_bobKey, EncryptionAlgorithm.A128CbcHS256, KeyManagementAlgorithm.EcdhEsA128KW);
var apu = Encoding.UTF8.GetString(Base64Url.Encode("Alice"));;
var apv = Encoding.UTF8.GetString(Base64Url.Encode("Bob"));
header.TryGetValue(JwtHeaderParameterNames.Epk, out var epkElement);
var epk = (Jwk)epkElement.Value;
var parsed = JwtHeaderDocument.TryParseHeader(Encoding.UTF8.GetBytes($"{{\"apu\":\"{apu}\",\"apv\":\"{apv}\",\"epk\":{epk}}}"), null, TokenValidationPolicy.NoValidation, out var jwtHeader, out var error);
Assert.True(parsed);
byte[] unwrappedKey = new byte[kuwp.GetKeyUnwrapSize(wrappedKey.Length)];
var unwrapped = kuwp.TryUnwrapKey(wrappedKey, unwrappedKey, jwtHeader, out int bytesWritten);
Assert.True(unwrapped);
}
private Jwk TryWrapKey_Success(ECJwk keyToWrap, EncryptionAlgorithm enc, KeyManagementAlgorithm alg)
{
var keyEncryptionKey = ECJwk.GeneratePrivateKey(EllipticalCurve.P256);
var wrapper = new EcdhKeyWrapper(keyEncryptionKey, enc, alg);
var cek = WrapKey(wrapper, keyToWrap, out var header);
Assert.Equal(1, header.Count);
Assert.True(header.ContainsKey("epk"));
return(cek);
}
public void Wrap_Rfc7518_Appendix_C()
{
var kwp = new EcdhKeyWrapper(_bobKey, EncryptionAlgorithm.Aes128Gcm, KeyManagementAlgorithm.EcdhEs);
var header = new JwtObject();
header.Add(new JwtProperty(HeaderParameters.ApuUtf8, Base64Url.Encode("Alice")));
header.Add(new JwtProperty(HeaderParameters.ApvUtf8, Base64Url.Encode("Bob")));
var cek = kwp.WrapKey(_aliceKey, header, null);
var expected = new byte[] { 86, 170, 141, 234, 248, 35, 109, 32, 92, 34, 40, 205, 113, 167, 16, 26 };
Assert.Equal(expected, cek.AsSpan().ToArray());
}
public void WrapKey_Failure()
{
var keyEncryptionKey = ECJwk.GenerateKey(EllipticalCurve.P256, true);
var wrapper = new EcdhKeyWrapper(keyEncryptionKey, EncryptionAlgorithm.Aes256CbcHmacSha512, KeyManagementAlgorithm.EcdhEs);
var destination = new byte[0];
var header = new JwtObject();
Jwk cek = null;
Assert.Throws <ArgumentNullException>(() => wrapper.WrapKey(null, null, destination));
wrapper.Dispose();
Assert.Throws <ObjectDisposedException>(() => wrapper.WrapKey(null, header, destination));
Assert.Equal(0, header.Count);
Assert.Null(cek);
}
public void Wrap_Rfc7518_Appendix_C()
{
var kwp = new EcdhKeyWrapper(_bobKey, EncryptionAlgorithm.A128Gcm, KeyManagementAlgorithm.EcdhEs);
var header = new JwtHeader
{
{ JwtHeaderParameterNames.Apu, Utf8.GetString(Base64Url.Encode("Alice")) },
{ JwtHeaderParameterNames.Apv, Utf8.GetString(Base64Url.Encode("Bob")) }
};
Span <byte> wrappedKey = stackalloc byte[kwp.GetKeyWrapSize()];
var cek = kwp.WrapKey(_aliceKey, header, wrappedKey);
var expected = new byte[] { 86, 170, 141, 234, 248, 35, 109, 32, 92, 34, 40, 205, 113, 167, 16, 26 };
Assert.Equal(expected, cek.AsSpan().ToArray());
}
public void Unwrap2()
{
var kwp = new EcdhKeyWrapper(_bobKey, EncryptionAlgorithm.Aes128CbcHmacSha256, KeyManagementAlgorithm.EcdhEsAes128KW);
byte[] wrappedKey = new byte[kwp.GetKeyWrapSize()];
var header = new JwtObject();
header.Add(new JwtProperty(HeaderParameters.ApuUtf8, Base64Url.Encode("Alice")));
header.Add(new JwtProperty(HeaderParameters.ApvUtf8, Base64Url.Encode("Bob")));
var cek = kwp.WrapKey(_aliceKey, header, wrappedKey);
var kuwp = new EcdhKeyUnwrapper(_bobKey, EncryptionAlgorithm.Aes128CbcHmacSha256, KeyManagementAlgorithm.EcdhEsAes128KW);
var apu = Encoding.UTF8.GetString(Base64Url.Encode("Alice"));;
var apv = Encoding.UTF8.GetString(Base64Url.Encode("Bob"));
var epk = ((JwtObject)header[HeaderParameters.EpkUtf8].Value).ToString();
var jwtHeader = JwtHeader.FromJson($"{{\"apu\":\"{apu}\",\"apv\":\"{apv}\",\"epk\":{epk}}}");
byte[] unwrappedKey = new byte[kuwp.GetKeyUnwrapSize(wrappedKey.Length)];
var unwrapped = kuwp.TryUnwrapKey(wrappedKey, unwrappedKey, jwtHeader, out int bytesWritten);
Assert.True(unwrapped);
}
