Ejemplo n.º 1
0
 public string Decrypt(
     string toDecrypt,
     JweAlg alg,
     JsonWebKey jsonWebKey)
 {
     return(PerformDecryption(toDecrypt, alg, jsonWebKey, bytes => bytes[0]));
 }
 public string Decrypt(
     string toDecrypt,
     JweAlg alg,
     JsonWebKey jsonWebKey)
 {
     return(string.Empty);
 }
Ejemplo n.º 3
0
 public AesEncryptionResult Encrypt(
     string toEncrypt,
     JweAlg alg,
     JweProtectedHeader protectedHeader,
     JsonWebKey jsonWebKey)
 {
     return(PerformEncryption(toEncrypt, alg, protectedHeader, jsonWebKey, bytes => bytes[0]));
 }
 public string DecryptWithSymmetricPassword(
     string toDecrypt,
     JweAlg alg,
     JsonWebKey jsonWebKey,
     string password)
 {
     return(string.Empty);
 }
 public AesEncryptionResult Encrypt(
     string toEncrypt,
     JweAlg alg,
     JweProtectedHeader protectedHeader,
     JsonWebKey jsonWebKey)
 {
     return(null);
 }
 public AesEncryptionResult EncryptWithSymmetricPassword(
     string toEncrypt,
     JweAlg alg,
     JweProtectedHeader protectedHeader,
     JsonWebKey jsonWebKey,
     string password)
 {
     return(null);
 }
Ejemplo n.º 7
0
        public byte[] DecryptContentEncryptionKey(
            byte[] encryptedContentEncryptionKey,
            JweAlg alg,
            JsonWebKey jsonWebKey)
        {
            var algorithm = _mappingJweAlgToAlgorithms[alg];

            return(algorithm.Decrypt(
                       encryptedContentEncryptionKey,
                       jsonWebKey));
        }
Ejemplo n.º 8
0
        private string PerformDecryption(
            string toDecrypt,
            JweAlg alg,
            JsonWebKey jsonWebKey,
            Func <byte[][], byte[]> callback)
        {
            try
            {
                var toDecryptSplitted                  = toDecrypt.Split('.');
                var serializedProtectedHeader          = toDecryptSplitted[0].Base64Decode();
                var encryptedContentEncryptionKeyBytes = toDecryptSplitted[1].Base64DecodeBytes();
                var ivBytes           = toDecryptSplitted[2].Base64DecodeBytes();
                var cipherText        = toDecryptSplitted[3].Base64DecodeBytes();
                var authenticationTag = toDecryptSplitted[4].Base64DecodeBytes();

                var contentEncryptionKey = _aesEncryptionHelper.DecryptContentEncryptionKey(
                    encryptedContentEncryptionKeyBytes,
                    alg,
                    jsonWebKey);
                var contentEncryptionKeySplitted = GetKeysFromContentEncryptionKey(contentEncryptionKey);

                var hmacKey   = callback(contentEncryptionKeySplitted);
                var aesCbcKey = contentEncryptionKeySplitted[1];

                // Encrypt the plain text & create cipher text.
                var decrypted = _aesEncryptionHelper.DecryptWithAesAlgorithm(
                    cipherText,
                    aesCbcKey,
                    ivBytes);

                // Calculate the additional authenticated data.
                var aad = Encoding.UTF8.GetBytes(serializedProtectedHeader);

                // Calculate the authentication tag.
                var al                   = ByteManipulator.LongToBytes(aad.Length * 8);
                var hmacInput            = ByteManipulator.Concat(aad, ivBytes, cipherText, al);
                var hmacValue            = ComputeHmac(_keySize, hmacKey, hmacInput);
                var newAuthenticationTag = ByteManipulator.SplitByteArrayInHalf(hmacValue)[0];

                // Check if the authentication tags are equal other raise an exception.
                if (!ByteManipulator.ConstantTimeEquals(newAuthenticationTag, authenticationTag))
                {
                    // TODO : raise an exception.
                    return(string.Empty);
                }

                return(decrypted);
            }
            catch (Exception ex)
            {
                throw new Exception("invalid " + toDecrypt);
            }
        }
Ejemplo n.º 9
0
 public string GenerateJwe(
     string entry,
     JweAlg alg,
     JweEnc enc,
     JsonWebKey jsonWebKey)
 {
     return(PerformeJweGeneration(entry, alg, enc, jsonWebKey, (encryption, jweProtectedHeader) => encryption.Encrypt(entry,
                                                                                                                      alg,
                                                                                                                      jweProtectedHeader,
                                                                                                                      jsonWebKey)
                                  ));
 }
Ejemplo n.º 10
0
        public string DecryptWithSymmetricPassword(
            string toDecrypt,
            JweAlg alg,
            JsonWebKey jsonWebKey,
            string password)
        {
            var callback = new Func <byte[][], byte[]>(bytes =>
            {
                var result = Encoding.UTF8.GetBytes(password);
                return(result);
            });

            return(PerformDecryption(toDecrypt, alg, jsonWebKey, callback));
        }
Ejemplo n.º 11
0
 public string GenerateJweByUsingSymmetricPassword(
     string entry,
     JweAlg alg,
     JweEnc enc,
     JsonWebKey jsonWebKey,
     string password)
 {
     return(PerformeJweGeneration(entry, alg, enc, jsonWebKey, (encryption, jweProtectedHeader) => encryption.EncryptWithSymmetricPassword(entry,
                                                                                                                                           alg,
                                                                                                                                           jweProtectedHeader,
                                                                                                                                           jsonWebKey,
                                                                                                                                           password)
                                  ));
 }
Ejemplo n.º 12
0
        public AesEncryptionResult EncryptWithSymmetricPassword(
            string toEncrypt,
            JweAlg alg,
            JweProtectedHeader protectedHeader,
            JsonWebKey jsonWebKey,
            string password)
        {
            var callback = new Func <byte[][], byte[]>(bytes =>
            {
                var result = Encoding.UTF8.GetBytes(password);
                return(result);
            });

            return(PerformEncryption(toEncrypt, alg, protectedHeader, jsonWebKey, callback));
        }
Ejemplo n.º 13
0
        private AesEncryptionResult PerformEncryption(
            string toEncrypt,
            JweAlg alg,
            JweProtectedHeader protectedHeader,
            JsonWebKey jsonWebKey,
            Func <byte[][], byte[]> callback)
        {
            // Get the content encryption key
            var contentEncryptionKey = _aesEncryptionHelper.GenerateContentEncryptionKey(_keySize);

            // Encrypt the content encryption key
            var encryptedContentEncryptionKey = _aesEncryptionHelper.EncryptContentEncryptionKey(
                contentEncryptionKey,
                alg,
                jsonWebKey);

            var contentEncryptionKeySplitted = GetKeysFromContentEncryptionKey(contentEncryptionKey);

            var hmacKey   = callback(contentEncryptionKeySplitted);
            var aesCbcKey = contentEncryptionKeySplitted[1];

            var iv = ByteManipulator.GenerateRandomBytes(_keySize / 2);

            // Encrypt the plain text & create cipher text.
            var cipherText = _aesEncryptionHelper.EncryptWithAesAlgorithm(
                toEncrypt,
                aesCbcKey,
                iv);

            // Calculate the additional authenticated data.
            var serializedProtectedHeader = protectedHeader.SerializeWithDataContract();
            var aad = Encoding.UTF8.GetBytes(serializedProtectedHeader);

            // Calculate the authentication tag.
            var al                = ByteManipulator.LongToBytes(aad.Length * 8);
            var hmacInput         = ByteManipulator.Concat(aad, iv, cipherText, al);
            var hmacValue         = ComputeHmac(_keySize, hmacKey, hmacInput);
            var authenticationTag = ByteManipulator.SplitByteArrayInHalf(hmacValue)[0];

            return(new AesEncryptionResult
            {
                Iv = iv,
                CipherText = cipherText,
                EncryptedContentEncryptionKey = encryptedContentEncryptionKey,
                AuthenticationTag = authenticationTag
            });
        }
Ejemplo n.º 14
0
        public async Task <string> EncryptAsync(string jwe, JweAlg jweAlg, JweEnc jweEnc)
        {
            var jsonWebKey = await GetJsonWebKey(
                jweAlg.ToAllAlg(),
                KeyOperations.Encrypt,
                Use.Enc);

            if (jsonWebKey == null)
            {
                return(jwe);
            }

            return(_jweGenerator.GenerateJwe(
                       jwe,
                       jweAlg,
                       jweEnc,
                       jsonWebKey));
        }
Ejemplo n.º 15
0
        private string PerformeJweGeneration(
            string entry,
            JweAlg alg,
            JweEnc enc,
            JsonWebKey jsonWebKey,
            Func <IEncryption, JweProtectedHeader, AesEncryptionResult> callback)
        {
            var algo = Constants.MappingNameToJweAlgEnum
                       .SingleOrDefault(k => k.Value == alg);
            var encryption = Constants.MappingNameToJweEncEnum
                             .SingleOrDefault(k => k.Value == enc);

            if (jsonWebKey == null ||
                algo.IsDefault() ||
                encryption.IsDefault())
            {
                return(entry);
            }

            // Construct the JWE protected header
            var jweProtectedHeader = new JweProtectedHeader
            {
                Alg = algo.Key,
                Enc = encryption.Key,
                Kid = jsonWebKey.Kid
            };

            var algorithm        = _jweHelper.GetEncryptor(enc);
            var encryptionResult = callback(
                algorithm,
                jweProtectedHeader);

            var base64EncodedjweProtectedHeaderSerialized = jweProtectedHeader.SerializeWithDataContract().Base64Encode();
            var base64EncodedJweEncryptedKey = encryptionResult.EncryptedContentEncryptionKey.Base64EncodeBytes();
            var base64EncodedIv                = encryptionResult.Iv.Base64EncodeBytes();
            var base64EncodedCipherText        = encryptionResult.CipherText.Base64EncodeBytes();
            var base64EncodedAuthenticationTag = encryptionResult.AuthenticationTag.Base64EncodeBytes();

            return(base64EncodedjweProtectedHeaderSerialized + "." +
                   base64EncodedJweEncryptedKey + "." +
                   base64EncodedIv + "." +
                   base64EncodedCipherText + "." +
                   base64EncodedAuthenticationTag);
        }
Ejemplo n.º 16
0
        public static AllAlg ToAllAlg(this JweAlg alg)
        {
            var name = Enum.GetName(typeof(JweAlg), alg);

            return((AllAlg)Enum.Parse(typeof(AllAlg), name));
        }