public void Wrap_Rfc7518_Appendix_C()
{
var kwp = new EcdhKeyWrapper(_bobKey, EncryptionAlgorithm.Aes128Gcm, KeyManagementAlgorithm.EcdhEs);
var header = new JwtObject();
header.Add(new JwtProperty(HeaderParameters.ApuUtf8, Base64Url.Encode("Alice")));
header.Add(new JwtProperty(HeaderParameters.ApvUtf8, Base64Url.Encode("Bob")));
var cek = kwp.WrapKey(_aliceKey, header, null);
var expected = new byte[] { 86, 170, 141, 234, 248, 35, 109, 32, 92, 34, 40, 205, 113, 167, 16, 26 };
Assert.Equal(expected, cek.AsSpan().ToArray());
}
/// <inheritsdoc />
public override Jwk WrapKey(Jwk?staticKey, JwtObject header, Span <byte> destination)
{
if (_disposed)
{
ThrowHelper.ThrowObjectDisposedException(GetType());
}
var cek = CreateSymmetricKey(EncryptionAlgorithm, staticKey);
Span <byte> nonce = stackalloc byte[IVSize];
Span <byte> tag = stackalloc byte[TagSize];
using (var aesGcm = new AesGcm(Key.AsSpan()))
{
aesGcm.Encrypt(nonce, cek.AsSpan(), destination, tag);
header.Add(new JwtProperty(HeaderParameters.IVUtf8, Base64Url.Encode(nonce)));
header.Add(new JwtProperty(HeaderParameters.TagUtf8, Base64Url.Encode(tag)));
}
return(cek);
}
public void Unwrap2()
{
var kwp = new EcdhKeyWrapper(_bobKey, EncryptionAlgorithm.Aes128CbcHmacSha256, KeyManagementAlgorithm.EcdhEsAes128KW);
byte[] wrappedKey = new byte[kwp.GetKeyWrapSize()];
var header = new JwtObject();
header.Add(new JwtProperty(HeaderParameters.ApuUtf8, Base64Url.Encode("Alice")));
header.Add(new JwtProperty(HeaderParameters.ApvUtf8, Base64Url.Encode("Bob")));
var cek = kwp.WrapKey(_aliceKey, header, wrappedKey);
var kuwp = new EcdhKeyUnwrapper(_bobKey, EncryptionAlgorithm.Aes128CbcHmacSha256, KeyManagementAlgorithm.EcdhEsAes128KW);
var apu = Encoding.UTF8.GetString(Base64Url.Encode("Alice"));;
var apv = Encoding.UTF8.GetString(Base64Url.Encode("Bob"));
var epk = ((JwtObject)header[HeaderParameters.EpkUtf8].Value).ToString();
var jwtHeader = JwtHeader.FromJson($"{{\"apu\":\"{apu}\",\"apv\":\"{apv}\",\"epk\":{epk}}}");
byte[] unwrappedKey = new byte[kuwp.GetKeyUnwrapSize(wrappedKey.Length)];
var unwrapped = kuwp.TryUnwrapKey(wrappedKey, unwrappedKey, jwtHeader, out int bytesWritten);
Assert.True(unwrapped);
}
public static JwtObject ToJwtObject(JObject json)
{
var jwtObject = new JwtObject();
foreach (var property in json.Properties())
{
JwtProperty jwtProperty;
switch (property.Value.Type)
{
case JTokenType.Object:
jwtProperty = new JwtProperty(property.Name, ToJwtObject(property.Value.Value <JObject>()));
break;
case JTokenType.Array:
jwtProperty = new JwtProperty(property.Name, ToJwtArray(property.Value.Value <JArray>()));
break;
case JTokenType.Integer:
jwtProperty = new JwtProperty(property.Name, property.Value.Value <long>());
break;
case JTokenType.Float:
jwtProperty = new JwtProperty(property.Name, property.Value.Value <double>());
break;
case JTokenType.String:
jwtProperty = new JwtProperty(property.Name, property.Value.Value <string>());
break;
case JTokenType.Boolean:
jwtProperty = new JwtProperty(property.Name, property.Value.Value <bool>());
break;
case JTokenType.Null:
jwtProperty = new JwtProperty(property.Name);
break;
default:
throw new NotSupportedException();
}
jwtObject.Add(jwtProperty);
}
return(jwtObject);
}
internal static JwtHeader ReadJwtHeaderSlow(ref Utf8JsonReader reader)
{
var current = new JwtObject(3);
var header = new JwtHeader(current);
while (reader.Read())
{
if (!(reader.TokenType is JsonTokenType.PropertyName))
{
break;
}
if (reader.ValueTextEquals(HeaderParameters.AlgUtf8) && reader.Read())
{
if (!(reader.TokenType is JsonTokenType.String))
{
break;
}
var alg = reader.HasValueSequence ? reader.ValueSequence.ToArray() : reader.ValueSpan;
if (SignatureAlgorithm.TryParse(alg, out var signatureAlgorithm))
{
header.SignatureAlgorithm = signatureAlgorithm;
}
else if (KeyManagementAlgorithm.TryParse(alg, out var keyManagementAlgorithm))
{
header.KeyManagementAlgorithm = keyManagementAlgorithm;
}
else if (SignatureAlgorithm.TryParseSlow(ref reader, out signatureAlgorithm))
{
header.SignatureAlgorithm = signatureAlgorithm;
}
else if (KeyManagementAlgorithm.TryParseSlow(ref reader, out keyManagementAlgorithm))
{
header.KeyManagementAlgorithm = keyManagementAlgorithm;
}
else
{
// TODO : Fix when the Utf8JsonReader will allow
// to read an unescaped string without allocating a string
current.Add(new JwtProperty(WellKnownProperty.Alg, Encoding.UTF8.GetBytes(reader.GetString())));
}
}
else if (reader.ValueTextEquals(HeaderParameters.EncUtf8) && reader.Read())
{
if (!(reader.TokenType is JsonTokenType.String))
{
break;
}
var enc = reader.HasValueSequence ? reader.ValueSequence.ToArray() : reader.ValueSpan;
if (EncryptionAlgorithm.TryParse(enc, out var encryptionAlgorithm))
{
header.EncryptionAlgorithm = encryptionAlgorithm;
}
else if (EncryptionAlgorithm.TryParseSlow(ref reader, out encryptionAlgorithm))
{
header.EncryptionAlgorithm = encryptionAlgorithm;
}
else
{
// TODO : Fix when the Utf8JsonReader will allow
// to read an unescaped string without allocating a string
current.Add(new JwtProperty(WellKnownProperty.Enc, Encoding.UTF8.GetBytes(reader.GetString())));
}
}
else if (reader.ValueTextEquals(HeaderParameters.CtyUtf8) && reader.Read())
{
if (!(reader.TokenType is JsonTokenType.String))
{
break;
}
current.Add(new JwtProperty(WellKnownProperty.Cty, Encoding.UTF8.GetBytes(reader.GetString())));
}
else if (reader.ValueTextEquals(HeaderParameters.TypUtf8) && reader.Read())
{
if (!(reader.TokenType is JsonTokenType.String))
{
break;
}
current.Add(new JwtProperty(WellKnownProperty.Typ, Encoding.UTF8.GetBytes(reader.GetString())));
}
else if (reader.ValueTextEquals(HeaderParameters.KidUtf8) && reader.Read())
{
if (!(reader.TokenType is JsonTokenType.String))
{
break;
}
current.Add(new JwtProperty(WellKnownProperty.Kid, reader.GetString()));
}
else if (reader.ValueTextEquals(HeaderParameters.ZipUtf8) && reader.Read())
{
if (!(reader.TokenType is JsonTokenType.String))
{
break;
}
var zip = reader.HasValueSequence ? reader.ValueSequence.ToArray() : reader.ValueSpan;
if (CompressionAlgorithm.TryParse(zip, out var compressionAlgorithm))
{
current.Add(new JwtProperty(compressionAlgorithm));
}
else if (CompressionAlgorithm.TryParseSlow(ref reader, out compressionAlgorithm))
{
current.Add(new JwtProperty(compressionAlgorithm));
}
else
{
// TODO : Fix when the Utf8JsonReader will allow
// to read an unescaped string without allocating a string
current.Add(new JwtProperty(WellKnownProperty.Zip, Encoding.UTF8.GetBytes(reader.GetString())));
}
}
else
{
var name = reader.GetString();
reader.Read();
switch (reader.TokenType)
{
case JsonTokenType.StartObject:
current.Add(name, JsonParser.ReadJsonObject(ref reader));
break;
case JsonTokenType.StartArray:
current.Add(name, JsonParser.ReadJsonArray(ref reader));
break;
case JsonTokenType.String:
current.Add(name, reader.GetString());
break;
case JsonTokenType.True:
current.Add(name, true);
break;
case JsonTokenType.False:
current.Add(name, false);
break;
case JsonTokenType.Null:
current.Add(name);
break;
case JsonTokenType.Number:
if (reader.TryGetInt64(out long longValue))
{
current.Add(name, longValue);
}
else
{
if (reader.TryGetDouble(out double doubleValue))
{
current.Add(name, doubleValue);
}
else
{
throw new FormatException($"NotSupportedNumberValue {Encoding.UTF8.GetBytes(name)}");
}
}
break;
default:
throw new FormatException("MalformedJson");
}
}
}
if (!(reader.TokenType is JsonTokenType.EndObject))
{
throw new FormatException("MalformedJson");
}
return(header);
}
