public CngKey DeserializeCngKeyWithPublicKey(string serializedBlob)
{
if (string.IsNullOrWhiteSpace(serializedBlob))
{
throw new ArgumentNullException("serializedBlob");
}
var serializer = new XmlSerializer(typeof(CngKeySerialized));
using (var reader = new StringReader(serializedBlob))
{
var cngKeySerialized = (CngKeySerialized)serializer.Deserialize(reader);
if (cngKeySerialized.X.Length != cngKeySerialized.Y.Length)
{
throw new InvalidOperationException("the size of the different parts is not equal (x, y)");
}
var partLength = cngKeySerialized.X.Length;
if (!MappingSizeAndMagicNumberForPublicKey.ContainsKey(partLength))
{
throw new InvalidOperationException(string.Format("the part length {0} is not valid", partLength));
}
var partSize = BitConverter.GetBytes(partLength);
var magicNumber = MappingSizeAndMagicNumberForPublicKey[partLength];
var magicBytes = BitConverter.GetBytes(magicNumber);
var blob = ByteManipulator.Concat(magicBytes,
partSize,
cngKeySerialized.X,
cngKeySerialized.Y);
return(CngKey.Import(blob, CngKeyBlobFormat.EccPublicBlob));
}
}
private string PerformDecryption(
string toDecrypt,
JweAlg alg,
JsonWebKey jsonWebKey,
Func <byte[][], byte[]> callback)
{
try
{
var toDecryptSplitted = toDecrypt.Split('.');
var serializedProtectedHeader = toDecryptSplitted[0].Base64Decode();
var encryptedContentEncryptionKeyBytes = toDecryptSplitted[1].Base64DecodeBytes();
var ivBytes = toDecryptSplitted[2].Base64DecodeBytes();
var cipherText = toDecryptSplitted[3].Base64DecodeBytes();
var authenticationTag = toDecryptSplitted[4].Base64DecodeBytes();
var contentEncryptionKey = _aesEncryptionHelper.DecryptContentEncryptionKey(
encryptedContentEncryptionKeyBytes,
alg,
jsonWebKey);
var contentEncryptionKeySplitted = GetKeysFromContentEncryptionKey(contentEncryptionKey);
var hmacKey = callback(contentEncryptionKeySplitted);
var aesCbcKey = contentEncryptionKeySplitted[1];
// Encrypt the plain text & create cipher text.
var decrypted = _aesEncryptionHelper.DecryptWithAesAlgorithm(
cipherText,
aesCbcKey,
ivBytes);
// Calculate the additional authenticated data.
var aad = Encoding.UTF8.GetBytes(serializedProtectedHeader);
// Calculate the authentication tag.
var al = ByteManipulator.LongToBytes(aad.Length * 8);
var hmacInput = ByteManipulator.Concat(aad, ivBytes, cipherText, al);
var hmacValue = ComputeHmac(_keySize, hmacKey, hmacInput);
var newAuthenticationTag = ByteManipulator.SplitByteArrayInHalf(hmacValue)[0];
// Check if the authentication tags are equal other raise an exception.
if (!ByteManipulator.ConstantTimeEquals(newAuthenticationTag, authenticationTag))
{
// TODO : raise an exception.
return(string.Empty);
}
return(decrypted);
}
catch (Exception ex)
{
throw new Exception("invalid " + toDecrypt);
}
}
private AesEncryptionResult PerformEncryption(
string toEncrypt,
JweAlg alg,
JweProtectedHeader protectedHeader,
JsonWebKey jsonWebKey,
Func <byte[][], byte[]> callback)
{
// Get the content encryption key
var contentEncryptionKey = _aesEncryptionHelper.GenerateContentEncryptionKey(_keySize);
// Encrypt the content encryption key
var encryptedContentEncryptionKey = _aesEncryptionHelper.EncryptContentEncryptionKey(
contentEncryptionKey,
alg,
jsonWebKey);
var contentEncryptionKeySplitted = GetKeysFromContentEncryptionKey(contentEncryptionKey);
var hmacKey = callback(contentEncryptionKeySplitted);
var aesCbcKey = contentEncryptionKeySplitted[1];
var iv = ByteManipulator.GenerateRandomBytes(_keySize / 2);
// Encrypt the plain text & create cipher text.
var cipherText = _aesEncryptionHelper.EncryptWithAesAlgorithm(
toEncrypt,
aesCbcKey,
iv);
// Calculate the additional authenticated data.
var serializedProtectedHeader = protectedHeader.SerializeWithDataContract();
var aad = Encoding.UTF8.GetBytes(serializedProtectedHeader);
// Calculate the authentication tag.
var al = ByteManipulator.LongToBytes(aad.Length * 8);
var hmacInput = ByteManipulator.Concat(aad, iv, cipherText, al);
var hmacValue = ComputeHmac(_keySize, hmacKey, hmacInput);
var authenticationTag = ByteManipulator.SplitByteArrayInHalf(hmacValue)[0];
return(new AesEncryptionResult
{
Iv = iv,
CipherText = cipherText,
EncryptedContentEncryptionKey = encryptedContentEncryptionKey,
AuthenticationTag = authenticationTag
});
}
