public static JsonWebEncryptedToken Parse(string token, string privateKey)
{
byte[] claimSet = null;
EncryptedPayload payload = null;
try
{
payload = EncryptedPayload.Parse(token);
byte[] masterKey = null;
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
rsa.FromXmlString(privateKey);
masterKey = rsa.Decrypt(payload.EncryptedMasterKey, true);
}
byte[] additionalAuthenticatedData = payload.ToAdditionalAuthenticatedData();
using (AuthenticatedAesCng aes = new AuthenticatedAesCng())
{
aes.CngMode = CngChainingMode.Gcm;
aes.Key = masterKey;
aes.IV = payload.InitializationVector;
aes.AuthenticatedData = additionalAuthenticatedData;
aes.Tag = payload.Tag;
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, aes.CreateDecryptor(),
CryptoStreamMode.Write))
{
byte[] cipherText = payload.CipherText;
cs.Write(cipherText, 0, cipherText.Length);
cs.FlushFinalBlock();
claimSet = ms.ToArray();
}
}
}
}
catch (Exception ex)
{
throw new SecurityException("Invalid Token", ex);
}
var jwt = JsonConvert.DeserializeObject <JsonWebEncryptedToken>(payload.Header);
jwt.AsymmetricKey = privateKey;
jwt.claims = JsonConvert.DeserializeObject
<Dictionary <string, string> >(Encoding.UTF8.GetString(claimSet));
TimeSpan ts = DateTime.UtcNow - epochStart;
if (jwt.ExpiresOn < Convert.ToUInt64(ts.TotalSeconds))
{
throw new SecurityException("Token has expired");
}
return(jwt);
}
public void AuthenticatedAesCngGcmMultiRoundTripTest()
{
byte[] plaintext = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6 };
byte[] plaintext2 = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6 };
byte[] expectedCiphertext = new byte[]
{
0x54, 0x2d, 0x26, 0x15, 0x9c, 0xb3, 0x6e, 0x21, 0xd2, 0x58, 0xcf, 0x9c, 0x6e, 0xce, 0xfb, 0x5f,
0x8c, 0x2a, 0xb8, 0x22, 0x4d, 0x6d, 0xd0, 0x02, 0x76, 0xd2, 0xab, 0x22, 0xa2, 0xd6, 0xee, 0x5b
};
byte[] expectedTag = new byte[] { 0xc1, 0x34, 0x38, 0x0b, 0xc3, 0x87, 0x7c, 0xf5, 0x2f, 0x3b, 0xa9, 0xfe, 0x3c, 0x69, 0x4b, 0x9f };
byte[] key = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6 };
byte[] iv = new byte[] { 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1 };
using (AuthenticatedAesCng gcm = new AuthenticatedAesCng())
{
gcm.CngMode = CngChainingMode.Gcm;
gcm.Key = key;
gcm.IV = iv;
gcm.Tag = expectedTag;
// Encrypt
byte[] ciphertext = null;
using (MemoryStream ms = new MemoryStream())
using (IAuthenticatedCryptoTransform encryptor = gcm.CreateAuthenticatedEncryptor())
using (CryptoStream cs = new CryptoStream(ms, encryptor, CryptoStreamMode.Write))
{
// Push through two blocks and call final to get the tag.
cs.Write(plaintext, 0, plaintext.Length);
cs.Write(plaintext2, 0, plaintext2.Length);
cs.FlushFinalBlock();
ciphertext = ms.ToArray();
// Check if the ciphertext and tag are what are expected.
Assert.IsTrue(Util.CompareBytes(expectedCiphertext, ciphertext));
Assert.IsTrue(Util.CompareBytes(expectedTag, encryptor.GetTag()));
}
// Decrypt
using (MemoryStream ms = new MemoryStream())
using (ICryptoTransform decryptor = gcm.CreateDecryptor())
using (CryptoStream cs = new CryptoStream(ms, decryptor, CryptoStreamMode.Write))
{
cs.Write(ciphertext, 0, ciphertext.Length / 2);
cs.Write(ciphertext, ciphertext.Length / 2, ciphertext.Length / 2);
cs.FlushFinalBlock();
byte[] decrypted = ms.ToArray();
// Compare the decrypted text to the initial ciphertext.
byte[] fullPlaintext = new byte[plaintext.Length + plaintext2.Length];
Array.Copy(plaintext, 0, fullPlaintext, 0, plaintext.Length);
Array.Copy(plaintext2, 0, fullPlaintext, plaintext.Length, plaintext2.Length);
Assert.IsTrue(Util.CompareBytes(fullPlaintext, decrypted));
}
}
}
private void RunTestVector(GcmTestVector test)
{
// Encrypt the input
byte[] ciphertext = null;
using (AuthenticatedAesCng gcm = new AuthenticatedAesCng())
{
gcm.CngMode = CngChainingMode.Gcm;
gcm.Key = test.Key;
gcm.IV = test.IVBytes;
gcm.AuthenticatedData = test.AuthenticationData;
using (MemoryStream ms = new MemoryStream())
using (IAuthenticatedCryptoTransform encryptor = gcm.CreateAuthenticatedEncryptor())
using (CryptoStream cs = new CryptoStream(ms, encryptor, CryptoStreamMode.Write))
{
if (test.Plaintext != null)
{
cs.Write(test.Plaintext, 0, test.Plaintext.Length);
}
cs.FlushFinalBlock();
ciphertext = ms.ToArray();
// Verify the produced tag is what we expected it to be
Assert.IsTrue(Util.CompareBytes(test.Tag, encryptor.GetTag()));
}
}
if (test.Ciphertext != null)
{
// Verify the ciphertext is what we expected it to be
Assert.IsTrue(Util.CompareBytes(test.Ciphertext, ciphertext));
// Round trip the data
using (AuthenticatedAesCng gcm = new AuthenticatedAesCng())
{
gcm.CngMode = CngChainingMode.Gcm;
gcm.Key = test.Key;
gcm.IV = test.IVBytes;
gcm.AuthenticatedData = test.AuthenticationData;
gcm.Tag = test.Tag;
using (MemoryStream ms = new MemoryStream())
using (CryptoStream cs = new CryptoStream(ms, gcm.CreateDecryptor(), CryptoStreamMode.Write))
{
cs.Write(test.Ciphertext, 0, test.Ciphertext.Length);
cs.FlushFinalBlock();
byte[] plaintext = ms.ToArray();
Assert.IsTrue(Util.CompareBytes(test.Plaintext, plaintext));
}
}
}
}
public byte[] Decrypt(byte[] EncryptedData, byte[] Tag, byte[] PacketHead, long PacketID)
{
byte[] RetVar;
using (AuthenticatedAesCng aes = new AuthenticatedAesCng())
{
aes.CngMode = CngChainingMode.Gcm;
aes.Key = DecryptionKey;
//------------- Build Nonce -------------
byte[] nonce = new byte[12];
Array.Copy(DecryptNonceHash, nonce, 4);
//Encryption flag probably
Array.Copy(new byte[] { 0x00, 0x01 }, 0, nonce, 4, 2);
//Little Endian Packet ID to be send
//Array.Copy(new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, 0, nonce, 6, 6);
Array.Copy(BitConverter.GetBytes(PacketID).Reverse().ToArray(), 2, nonce, 6, 6);
aes.IV = nonce;
//------------- Build Associated Data -------------
byte[] associatedData = new byte[13]; // { 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, 0xFE, 0xFD, 0x00, 0x18 };
//Encryption flag probably
Array.Copy(new byte[] { 0x00, 0x01 }, associatedData, 2);
//Little Endian Packet ID to be send
Array.Copy(BitConverter.GetBytes(PacketID).Reverse().ToArray(), 2, associatedData, 2, 6);
//Packet header
//Array.Copy(new byte[] { 0x16, 0xFE, 0xFD }, 0, associatedData, 8, 3);
Array.Copy(PacketHead, 0, associatedData, 8, 3);
//data length
short EncryptedDataLen = (short)EncryptedData.Length;
Array.Copy(BitConverter.GetBytes(EncryptedDataLen).Reverse().ToArray(), 0, associatedData, 11, 2);
//Array.Copy(new byte[] { 0x00, 0x18 }, 0, associatedData, 11, 2);
aes.AuthenticatedData = associatedData;
aes.Tag = Tag;
using (MemoryStream ms = new MemoryStream())
using (var decryptor = aes.CreateDecryptor())
using (CryptoStream cs = new CryptoStream(ms, decryptor, CryptoStreamMode.Write))
{
cs.Write(EncryptedData, 0, EncryptedData.Length);
cs.FlushFinalBlock();
RetVar = ms.ToArray();
}
}
return(RetVar);
}
public static byte[] Decrypt(byte[] record, byte[] key)
{
if (key.Length != KEY_SIZE)
{
throw new ArgumentOutOfRangeException(nameof(key), "Invalid key size.");
}
//check version
if (record[0] != VERSION)
{
var offset = 1;
var nonce = new byte[NONCE_SIZE];
Buffer.BlockCopy(record, 1, nonce, 0, NONCE_SIZE);
offset += NONCE_SIZE;
var tag = new byte[TAG_SIZE];
Buffer.BlockCopy(record, offset, tag, 0, TAG_SIZE);
offset += TAG_SIZE;
var cipherText = new byte[record.Length - HEADER_LENGTH];
Buffer.BlockCopy(record, offset, cipherText, 0, record.Length - HEADER_LENGTH);
using (var aes = new AuthenticatedAesCng())
{
aes.CngMode = CngChainingMode.Gcm;
aes.KeySize = KEY_SIZE * 8; //bytes to bits
aes.Key = key;
aes.IV = nonce;
aes.Tag = tag;
using (var ms = new MemoryStream())
using (var encryptor = aes.CreateDecryptor())
using (var cs = new CryptoStream(ms, encryptor, CryptoStreamMode.Write))
{
cs.Write(cipherText, 0, cipherText.Length);
cs.FlushFinalBlock();
return(ms.ToArray());
}
}
}
else
{
//unsupported data versions
throw new CryptographicException("Unsupported encrypted format.");
}
}
public static byte[] Decrypt(byte[] record, byte[] key)
{
if (key.Length != KEY_SIZE)
{
throw new ArgumentOutOfRangeException("key", "Invalid key size.");
}
//check version
if (record[0] != VERSION)
{
var offset = 1;
var nonce = new byte[NONCE_SIZE];
Buffer.BlockCopy(record, 1, nonce, 0, NONCE_SIZE);
offset += NONCE_SIZE;
var tag = new byte[TAG_SIZE];
Buffer.BlockCopy(record, offset, tag, 0, TAG_SIZE);
offset += TAG_SIZE;
var cipherText = new byte[record.Length - HEADER_LENGTH];
Buffer.BlockCopy(record, offset, cipherText, 0, record.Length - HEADER_LENGTH);
using (var aes = new AuthenticatedAesCng())
{
aes.CngMode = CngChainingMode.Gcm;
aes.KeySize = KEY_SIZE * 8; //bytes to bits
aes.Key = key;
aes.IV = nonce;
aes.Tag = tag;
using (var ms = new MemoryStream())
using (var encryptor = aes.CreateDecryptor())
using (var cs = new CryptoStream(ms, encryptor, CryptoStreamMode.Write))
{
cs.Write(cipherText, 0, cipherText.Length);
cs.FlushFinalBlock();
return ms.ToArray();
}
}
}
else
{
//unsupported data versions
throw new CryptographicException("Unsupported encrypted format.");
}
}
public static string DecryptString(string str)
{
if (String.IsNullOrEmpty(str))
{
throw new ArgumentNullException("decryption string invalid");
}
using (AuthenticatedAesCng aes = new AuthenticatedAesCng())
{
byte[] encrypted = Convert.FromBase64String(str); // Convert string to bytes.
aes.Key = GetEncryptionKey(); // Retrieve Key.
aes.IV = GetIV(encrypted); // Parse IV from encrypted text.
aes.Tag = GetTag(encrypted); // Parse Tag from encrypted text.
encrypted = RemoveTagAndIV(encrypted); // Remove Tag and IV for proper decryption.
aes.CngMode = CngChainingMode.Gcm; // Set Cryptographic Mode.
aes.AuthenticatedData = GetAdditionalAuthenticationData(); // Set Authentication Data.
using (MemoryStream memoryStream = new MemoryStream())
using (ICryptoTransform decryptor = aes.CreateDecryptor())
using (CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Write))
{
// Decrypt through stream.
cryptoStream.Write(encrypted, 0, encrypted.Length);
// If the authentication tag does not validate, this call will throw a CryptographicException.
try
{
cryptoStream.FlushFinalBlock();
}
catch (CryptographicException cryptoException)
{
}
catch (NotSupportedException notSupportedException)
{
}
// Remove from stream and convert to string.
byte[] decrypted = memoryStream.ToArray();
return(Encoding.UTF8.GetString(decrypted));
}
}
}
public byte[] Decrypt(byte[] key, byte[] encryptedText)
{
using (var authAesCng = new AuthenticatedAesCng())
{
authAesCng.CngMode = CngChainingMode.Gcm;
authAesCng.Key = key;
authAesCng.IV = GetIV(encryptedText);
authAesCng.Tag = GetTag(encryptedText);
var cipherText = GetCipherText(encryptedText);
using (var stream = new MemoryStream())
using (var encryptor = authAesCng.CreateDecryptor())
using (var cryptoStream = new CryptoStream(stream, encryptor, CryptoStreamMode.Write))
{
cryptoStream.Write(cipherText, 0, cipherText.Length);
cryptoStream.FlushFinalBlock();
return stream.ToArray();
}
}
}
public void AuthenticatedAesCngChainingTest()
{
byte[] plaintext = new byte[20 * 1024];
byte[] iv = new byte[12];
byte[] authenticatedData = new byte[1024];
using (RNGCng rng = new RNGCng())
{
rng.GetBytes(plaintext);
rng.GetBytes(iv);
rng.GetBytes(authenticatedData);
}
foreach (CngChainingMode chainingMode in new CngChainingMode[] { CngChainingMode.Ccm, CngChainingMode.Gcm })
{
using (AuthenticatedAesCng aes = new AuthenticatedAesCng())
{
aes.AuthenticatedData = authenticatedData;
aes.CngMode = chainingMode;
aes.IV = iv;
// Encrypt the whole block of data at once
byte[] wholeCiphertext = null;
byte[] wholeTag = null;
using (IAuthenticatedCryptoTransform encryptor = aes.CreateAuthenticatedEncryptor())
{
wholeCiphertext = encryptor.TransformFinalBlock(plaintext, 0, plaintext.Length);
wholeTag = encryptor.GetTag();
}
// Encrypt it in chunks
byte[] blockCiphertext = null;
byte[] blockTag = null;
using (MemoryStream ms = new MemoryStream())
using (IAuthenticatedCryptoTransform encryptor = aes.CreateAuthenticatedEncryptor())
using (CryptoStream cs = new CryptoStream(ms, encryptor, CryptoStreamMode.Write))
{
int chunkSize = 128;
for (int offset = 0; offset < plaintext.Length; offset += chunkSize)
{
cs.Write(plaintext, offset, chunkSize);
}
cs.FlushFinalBlock();
blockCiphertext = ms.ToArray();
blockTag = encryptor.GetTag();
}
// Make sure we got the same results in both cases
Assert.IsTrue(Util.CompareBytes(wholeCiphertext, blockCiphertext));
Assert.IsTrue(Util.CompareBytes(wholeTag, blockTag));
aes.Tag = wholeTag;
// Decrypt the whole block of data at once
using (ICryptoTransform decryptor = aes.CreateDecryptor())
{
byte[] wholePlaintext = decryptor.TransformFinalBlock(wholeCiphertext, 0, wholeCiphertext.Length);
Assert.IsTrue(Util.CompareBytes(plaintext, wholePlaintext));
}
// Decrypt the data in chunks
using (MemoryStream ms = new MemoryStream())
using (ICryptoTransform decryptor = aes.CreateDecryptor())
using (CryptoStream cs = new CryptoStream(ms, decryptor, CryptoStreamMode.Write))
{
int chunkSize = 128;
for (int offset = 0; offset < blockCiphertext.Length; offset += chunkSize)
{
cs.Write(blockCiphertext, offset, chunkSize);
}
cs.FlushFinalBlock();
byte[] blockPlaintext = ms.ToArray();
Assert.IsTrue(Util.CompareBytes(plaintext, blockPlaintext));
}
}
}
}
/// <summary>
/// Perform a round trip test given input and the expected output
/// </summary>
private void AuthenticatedAesCngRoundTripTest(RoundTripTestData testData)
{
using (AuthenticatedAesCng aes = new AuthenticatedAesCng())
{
aes.CngMode = testData.ChainingMode;
if (testData.Key != null)
{
aes.Key = testData.Key;
}
if (testData.IV != null)
{
aes.IV = testData.IV;
}
if (testData.AuthenticationData != null)
{
aes.AuthenticatedData = testData.AuthenticationData;
}
if (testData.ExpectedTag != null)
{
aes.Tag = testData.ExpectedTag;
}
// Encrypt
byte[] ciphertext = null;
byte[] tag = null;
using (MemoryStream ms = new MemoryStream())
using (IAuthenticatedCryptoTransform encryptor = aes.CreateAuthenticatedEncryptor())
using (CryptoStream cs = new CryptoStream(ms, encryptor, CryptoStreamMode.Write))
{
cs.Write(testData.Plaintext, 0, testData.Plaintext.Length);
cs.FlushFinalBlock();
tag = encryptor.GetTag();
ciphertext = ms.ToArray();
// Check if the ciphertext and tag are what are expected.
if (testData.ExpectedCiphertext != null)
{
Assert.IsTrue(Util.CompareBytes(testData.ExpectedCiphertext, ciphertext));
}
if (testData.ExpectedTag != null)
{
Assert.IsTrue(Util.CompareBytes(testData.ExpectedTag, tag));
}
}
if (testData.ExpectedTag == null)
{
aes.Tag = tag;
}
// Decrypt
using (MemoryStream ms = new MemoryStream())
using (ICryptoTransform decryptor = aes.CreateDecryptor())
using (CryptoStream cs = new CryptoStream(ms, decryptor, CryptoStreamMode.Write))
{
cs.Write(ciphertext, 0, ciphertext.Length);
cs.FlushFinalBlock();
// Compare the decrypted text to the initial ciphertext.
byte[] decrypted = ms.ToArray();
Assert.IsTrue(Util.CompareBytes(testData.Plaintext, decrypted));
}
}
}
public byte[] Decrypt(byte[] cipherBytes, int AddtnlAuthDataLength)
{
if (cipherBytes == null)
return null;
byte[] tag = new byte[TagBitSize / 8];
try
{
using (AuthenticatedAesCng aes = new AuthenticatedAesCng())
{
using (var cipherReader = new BinaryReader(new MemoryStream(cipherBytes)))
{
aes.CngMode = CngChainingMode.Gcm;
aes.Key = aesKey;
//Read Additional Authenticated Data (AddtnlAuthData)
aes.AuthenticatedData = cipherReader.ReadBytes(AddtnlAuthDataLength);
aes.IV = cipherReader.ReadBytes(IVBitSize / 8);
// Tag lives at the end and it small, array copy it over
Array.Copy(cipherBytes, cipherBytes.Length - (TagBitSize / 8), tag, 0, (TagBitSize / 8));
aes.Tag = tag;
}
using (var ms = new MemoryStream())
using (var cs = new CryptoStream(ms, aes.CreateDecryptor(), CryptoStreamMode.Write))
{
int startOffset = AddtnlAuthDataLength + (IVBitSize / 8);
var length = cipherBytes.Length - AddtnlAuthDataLength - (IVBitSize / 8) - (TagBitSize / 8);
cs.Write(cipherBytes, startOffset, length);
// If the authentication tag does not match, we'll fail here with a
// CryptographicException, and the ciphertext will not be decrypted.
cs.FlushFinalBlock();
return ms.ToArray();
}
}
}
catch (Exception ex)
{
//Logger.Exception(ex);
if (ex is ArgumentException ||
ex is CryptographicException ||
ex is OverflowException)
{
return null; // this is null here
}
else
{
throw;
}
}
}
private byte[] DecryptBuffer(byte[] encryptedInput, byte[] nonce, byte[] gcmtag, int keyinfo)
{
byte[] result;
using (var authenticatedAesCng = new AuthenticatedAesCng())
{
authenticatedAesCng.CngMode = CngChainingMode.Gcm;
if (keyinfo == 1)
{
authenticatedAesCng.Key = this._key;
}
else if (keyinfo == 2)
{
authenticatedAesCng.Key = this._altKey;
}
authenticatedAesCng.IV = nonce;
authenticatedAesCng.Tag = gcmtag;
using (MemoryStream memoryStream = new MemoryStream())
{
using (CryptoStream cryptoStream = new CryptoStream(memoryStream, authenticatedAesCng.CreateDecryptor(), CryptoStreamMode.Write))
{
cryptoStream.Write(encryptedInput, 0, encryptedInput.Length);
cryptoStream.FlushFinalBlock();
result = memoryStream.ToArray();
}
}
}
return(result);
}
public static Some<Tuple<string, long>> DecryptFile(string dstDir, string filename, byte[] key)
{
if (!File.Exists(filename)) return ErrorValues[ErrorType.FileNoExist];
using (var inputFile = File.OpenRead(filename))
{
var outerBuffer = new byte[TagStartPos];
if (inputFile.Read(outerBuffer, 0, outerBuffer.Length) != outerBuffer.Length)
{
return ErrorValues[ErrorType.NotAnEncryptedFile];
}
if (!outerBuffer.Take(OuterMagicHeader.Count).SequenceEqual(OuterMagicHeader))
{
return ErrorValues[ErrorType.MagicBytesMismatch];
}
var tagLength = BitConverter.ToInt32(outerBuffer, OuterMagicHeader.Count);
var ivLength = BitConverter.ToInt32(outerBuffer, OuterMagicHeader.Count + sizeof(Int32));
using (var aes = new AuthenticatedAesCng())
{
outerBuffer = new byte[tagLength + ivLength];
if (inputFile.Read(outerBuffer, 0, outerBuffer.Length) != outerBuffer.Length)
{
return ErrorValues[ErrorType.NotAnEncryptedFile];
}
aes.CngMode = CngChainingMode.Gcm;
aes.Key = key;
aes.Tag = outerBuffer.Take(tagLength).ToArray();
aes.IV = outerBuffer.Skip(tagLength).Take(ivLength).ToArray();
using (var dec = aes.CreateDecryptor())
using (var cryptoStream = new CryptoStream(inputFile, dec, CryptoStreamMode.Read))
{
var buf = new byte[MagicHeader.Count + sizeof(Int32)];
if (cryptoStream.Read(buf, 0, buf.Length) != buf.Length)
{
return ErrorValues[ErrorType.CorruptFile];
}
if (!buf.Take(MagicHeader.Count).SequenceEqual(MagicHeader))
{
return ErrorValues[ErrorType.MagicBytesMismatch];
}
var nameLength = BitConverter.ToInt32(buf, MagicHeader.Count);
buf = new byte[nameLength];
if (cryptoStream.Read(buf, 0, buf.Length) != buf.Length)
{
return ErrorValues[ErrorType.CorruptFile];
}
var fileName = Encoding.UTF8.GetString(buf, 0, buf.Length);
var outputFileName = Path.Combine(dstDir, fileName);
var outputDir = Path.GetDirectoryName(outputFileName);
if (string.IsNullOrWhiteSpace(outputDir)) return ErrorValues[ErrorType.OutDirMissing];
Directory.CreateDirectory(outputDir);
try
{
using (var outputFile = File.OpenWrite(outputFileName))
{
cryptoStream.CopyTo(outputFile);
}
}
catch (CryptographicException)
{
File.Delete(outputFileName);
return ErrorValues[ErrorType.FailedChecksum];
}
return new Some<Tuple<string, long>>(Tuple.Create(outputFileName, new FileInfo(outputFileName).Length));
}
}
}
}
public static JWE Parse(string token, string privateKey)
{
byte[] claimSet = null;
EncryptedPayload payload = null;
try
{
payload = EncryptedPayload.Parse(token);
byte[] masterKey = null;
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
rsa.FromXmlString(privateKey);
masterKey = rsa.Decrypt(payload.EncryptedMasterKey, true);
}
byte[] additionalAuthenticatedData = payload.ToAdditionalAuthenticatedData();
using (AuthenticatedAesCng aes = new AuthenticatedAesCng())
{
aes.CngMode = CngChainingMode.Gcm;
aes.Key = masterKey;
aes.IV = payload.InitializationVector;
aes.AuthenticatedData = additionalAuthenticatedData;
aes.Tag = payload.Tag;
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, aes.CreateDecryptor(),CryptoStreamMode.Write))
{
byte[] cipherText = payload.CipherText;
cs.Write(cipherText, 0, cipherText.Length);
cs.FlushFinalBlock();
claimSet = ms.ToArray();
}
}
}
}
catch (Exception ex)
{
throw new SecurityException("Invalid Token", ex);
}
var jwt = JsonConvert.DeserializeObject<JWE>(payload.Header);
jwt.AsymmetricKey = privateKey;
jwt.claims = JsonConvert.DeserializeObject<Dictionary<string, string>>(Encoding.UTF8.GetString(claimSet));
TimeSpan ts = DateTime.UtcNow - epochStart;
if (jwt.ExpiresOn < Convert.ToUInt64(ts.TotalSeconds))
throw new SecurityException("Token has expired");
return jwt;
}
public static Some <Tuple <string, long> > DecryptFile(string dstDir, string filename, byte[] key)
{
if (!File.Exists(filename))
{
return(ErrorValues[ErrorType.FileNoExist]);
}
using (var inputFile = File.OpenRead(filename))
{
var outerBuffer = new byte[TagStartPos];
if (inputFile.Read(outerBuffer, 0, outerBuffer.Length) != outerBuffer.Length)
{
return(ErrorValues[ErrorType.NotAnEncryptedFile]);
}
if (!outerBuffer.Take(OuterMagicHeader.Count).SequenceEqual(OuterMagicHeader))
{
return(ErrorValues[ErrorType.MagicBytesMismatch]);
}
var tagLength = BitConverter.ToInt32(outerBuffer, OuterMagicHeader.Count);
var ivLength = BitConverter.ToInt32(outerBuffer, OuterMagicHeader.Count + sizeof(Int32));
using (var aes = new AuthenticatedAesCng())
{
outerBuffer = new byte[tagLength + ivLength];
if (inputFile.Read(outerBuffer, 0, outerBuffer.Length) != outerBuffer.Length)
{
return(ErrorValues[ErrorType.NotAnEncryptedFile]);
}
aes.CngMode = CngChainingMode.Gcm;
aes.Key = key;
aes.Tag = outerBuffer.Take(tagLength).ToArray();
aes.IV = outerBuffer.Skip(tagLength).Take(ivLength).ToArray();
using (var dec = aes.CreateDecryptor())
using (var cryptoStream = new CryptoStream(inputFile, dec, CryptoStreamMode.Read))
{
var buf = new byte[MagicHeader.Count + sizeof(Int32)];
if (cryptoStream.Read(buf, 0, buf.Length) != buf.Length)
{
return(ErrorValues[ErrorType.CorruptFile]);
}
if (!buf.Take(MagicHeader.Count).SequenceEqual(MagicHeader))
{
return(ErrorValues[ErrorType.MagicBytesMismatch]);
}
var nameLength = BitConverter.ToInt32(buf, MagicHeader.Count);
buf = new byte[nameLength];
if (cryptoStream.Read(buf, 0, buf.Length) != buf.Length)
{
return(ErrorValues[ErrorType.CorruptFile]);
}
var fileName = Encoding.UTF8.GetString(buf, 0, buf.Length);
var outputFileName = Path.Combine(dstDir, fileName);
var outputDir = Path.GetDirectoryName(outputFileName);
if (string.IsNullOrWhiteSpace(outputDir))
{
return(ErrorValues[ErrorType.OutDirMissing]);
}
Directory.CreateDirectory(outputDir);
try
{
using (var outputFile = File.OpenWrite(outputFileName))
{
cryptoStream.CopyTo(outputFile);
}
}
catch (CryptographicException)
{
File.Delete(outputFileName);
return(ErrorValues[ErrorType.FailedChecksum]);
}
return(new Some <Tuple <string, long> >(Tuple.Create(outputFileName, new FileInfo(outputFileName).Length)));
}
}
}
}