public override UnwrapResult UnwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CancellationToken cancellationToken) { Argument.AssertNotNull(encryptedKey, nameof(encryptedKey)); int algorithmKeySizeBytes = algorithm.GetKeySizeInBytes(); if (algorithmKeySizeBytes == 0) { KeysEventSource.Singleton.AlgorithmNotSupported(nameof(UnwrapKey), algorithm); return(null); } int keySizeBytes = GetKeySizeInBytes(); if (keySizeBytes < algorithmKeySizeBytes) { throw new ArgumentException($"Key wrap algorithm {algorithm} key size {algorithmKeySizeBytes} is greater than the underlying key size {keySizeBytes}"); } byte[] sizedKey = (keySizeBytes == algorithmKeySizeBytes) ? KeyMaterial.K : KeyMaterial.K.Take(algorithmKeySizeBytes); using ICryptoTransform decryptor = AesKw.CreateDecryptor(sizedKey); byte[] key = decryptor.TransformFinalBlock(encryptedKey, 0, encryptedKey.Length); return(new UnwrapResult { Algorithm = algorithm, Key = key, KeyId = KeyMaterial.Id, }); }
public UnwrapResult UnwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CancellationToken cancellationToken) { Argument.AssertNotNull(encryptedKey, nameof(encryptedKey)); int algorithmKeySizeBytes = algorithm.GetKeySizeInBytes(); if (algorithmKeySizeBytes == 0) { // TODO: Log that we don't support the algorithm locally. return(null); } int keySizeBytes = GetKeySizeInBytes(); if (keySizeBytes < algorithmKeySizeBytes) { throw new ArgumentException($"Key wrap algorithm {algorithm} key size {algorithmKeySizeBytes} is greater than the underlying key size {keySizeBytes}"); } byte[] sizedKey = (keySizeBytes == algorithmKeySizeBytes) ? _jwk.K : _jwk.K.Take(algorithmKeySizeBytes); using ICryptoTransform decryptor = AesKw.CreateDecryptor(sizedKey); byte[] key = decryptor.TransformFinalBlock(encryptedKey, 0, encryptedKey.Length); return(new UnwrapResult { Algorithm = algorithm, Key = key, KeyId = _jwk.Id, }); }