Exemple #1
0
        /// <summary>
        /// Performs AES decryption in GCM chaning mode over cipher text
        /// </summary>
        /// <param name="key">aes key</param>
        /// <param name="iv">initialization vector</param>
        /// <param name="aad">additional authn data</param>
        /// <param name="plainText">plain text message to be encrypted</param>
        /// <returns>decrypted plain text messages</returns>
        /// <exception cref="CryptographicException">if decryption failed by any reason</exception>
        public static byte[] Decrypt(byte[] key, byte[] iv, byte[] aad, byte[] cipherText, byte[] authTag)
        {
            using var gcm = new System.Security.Cryptography.AesGcm(key);

            var plaintext = new byte[cipherText.Length];

            gcm.Decrypt(nonce: iv, ciphertext: cipherText, tag: authTag, plaintext: plaintext, associatedData: aad);

            return(plaintext);
        }
Exemple #2
0
    Decrypt(byte[] key, byte[] infoCipher)
    {
        if (key == null || key.Length != 32)
        {
            throw new ArgumentException("AesGcm key must be 32 bytes long.");
        }

        // Authentication tag.
        byte[] tag = new byte[16];

        // IV.
        byte[] nonce = new byte[12];

        int cipher_text_len;

        byte[] cipher_text;
        try
        {
            // Length of the cipher_text of interest inside the AES-GCM payload.
            cipher_text_len = infoCipher.Length - tag.Length - nonce.Length;
            cipher_text     = new byte[cipher_text_len];

            // Extract each entity of AES-GCM payload.
            Buffer.BlockCopy(infoCipher, infoCipher.Length - tag.Length, tag, 0, tag.Length);
            Buffer.BlockCopy(infoCipher, 0, nonce, 0, nonce.Length);
            Buffer.BlockCopy(infoCipher, nonce.Length, cipher_text, 0, cipher_text_len);
        }
        catch (Exception e)
        {
            Debug.WriteLine(e.Message);
            return(null);
        }

        //Debug.WriteLine(
        //    $"tag({Convert.ToBase64String(tag)}), "
        //    + $"nonce({Convert.ToBase64String(nonce)}), "
        //    + $"cipher({Convert.ToBase64String(cipher_text)})"
        //);

        byte[] plain_text = new byte[cipher_text_len];
        using (var c = new SysCrypto.AesGcm(key))
        {
            try
            {
                c.Decrypt(nonce, cipher_text, tag, plain_text, null);
                return(plain_text);
            }
            catch (Exception e)
            {
                Debug.WriteLine(e.Message);
                return(null);
            }
        }
    }
Exemple #3
0
        internal static byte[] Decrypt(byte[] secretKeyBytes, JweObject jweObject)
        {
#if NETSTANDARD2_1
            byte[] plaintext;
            using (var aes = new System.Security.Cryptography.AesGcm(secretKeyBytes))
            {
                byte[] nonce      = Base64Utils.URLDecode(jweObject.Iv);
                byte[] aad        = Encoding.ASCII.GetBytes(jweObject.RawHeader);
                byte[] authTag    = Base64Utils.URLDecode(jweObject.AuthTag);
                byte[] ciphertext = Base64Utils.URLDecode(jweObject.CipherText);
                plaintext = new byte[ciphertext.Length];

                aes.Decrypt(nonce, ciphertext, authTag, plaintext, aad);
            }
            return(plaintext);
#else
            throw new EncryptionException("AES/GCM/NoPadding is unsupported on .NET Standard < 2.1");
#endif
        }
Exemple #4
0
 public void Decrypt(ReadOnlySpan <byte> nonce, ReadOnlySpan <byte> ciphertext, ReadOnlySpan <byte> tag, Span <byte> plaintext)
 {
     _aesGcm.Decrypt(nonce, ciphertext, tag, plaintext);
 }