public byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header)
{
byte[] numArray = Ensure.Type <byte[]>(key, "AesGcmKeyWrapManagement alg expectes key to be byte[] array.", new object[0]);
Ensure.BitSize(numArray, this.keyLengthBits, string.Format("AesGcmKeyWrapManagement management algorithm expected key of size {0} bits, but was given {1} bits", this.keyLengthBits, (int)numArray.Length * 8), new object[0]);
Ensure.Contains(header, new string[] { "iv" }, "AesGcmKeyWrapManagement algorithm expects 'iv' param in JWT header, but was not found", new object[0]);
Ensure.Contains(header, new string[] { "tag" }, "AesGcmKeyWrapManagement algorithm expects 'tag' param in JWT header, but was not found", new object[0]);
byte[] numArray1 = Base64Url.Decode((string)header["iv"]);
byte[] numArray2 = Base64Url.Decode((string)header["tag"]);
return(AesGcm.Decrypt(numArray, numArray1, null, encryptedCek, numArray2));
}
public byte[][] WrapNewKey(int cekSizeBits, object key, IDictionary <string, object> header)
{
byte[] numArray = Ensure.Type <byte[]>(key, "AesGcmKeyWrapManagement alg expectes key to be byte[] array.", new object[0]);
Ensure.BitSize(numArray, this.keyLengthBits, string.Format("AesGcmKeyWrapManagement management algorithm expected key of size {0} bits, but was given {1} bits", this.keyLengthBits, (int)numArray.Length * 8), new object[0]);
byte[] numArray1 = Arrays.Random(96);
byte[] numArray2 = Arrays.Random(cekSizeBits);
byte[][] numArray3 = AesGcm.Encrypt(numArray, numArray1, null, numArray2);
header["iv"] = Base64Url.Encode(numArray1);
header["tag"] = Base64Url.Encode(numArray3[1]);
return(new byte[][] { numArray2, numArray3[0] });
}
public byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header)
{
byte[] sharedKey = Ensure.Type <byte[]>(key, "AesGcmKeyWrapManagement alg expectes key to be byte[] array.");
Ensure.BitSize(sharedKey, keyLengthBits, string.Format("AesGcmKeyWrapManagement management algorithm expected key of size {0} bits, but was given {1} bits", keyLengthBits, sharedKey.Length * 8L));
Ensure.Contains(header, new[] { "iv" }, "AesGcmKeyWrapManagement algorithm expects 'iv' param in JWT header, but was not found");
Ensure.Contains(header, new[] { "tag" }, "AesGcmKeyWrapManagement algorithm expects 'tag' param in JWT header, but was not found");
byte[] iv = Base64Url.Decode((string)header["iv"]);
byte[] authTag = Base64Url.Decode((string)header["tag"]);
return(AesGcm.Decrypt(sharedKey, iv, null, encryptedCek, authTag));
}
public byte[] Decrypt(byte[] aad, byte[] cek, byte[] iv, byte[] cipherText, byte[] authTag)
{
Ensure.BitSize(cek, keyLength, string.Format("AES-GCM algorithm expected key of size {0} bits, but was given {1} bits", keyLength, cek.Length * 8L));
try
{
return(AesGcm.Decrypt(cek, iv, aad, cipherText, authTag));
}
catch (CryptographicException e)
{
throw new EncryptionException("Unable to decrypt content or authentication tag do not match.", e);
}
}
public byte[] WrapKey(byte[] cek, object key, IDictionary <string, object> header)
{
byte[] sharedKey = Ensure.Type <byte[]>(key, "AesGcmKeyWrapManagement alg expectes key to be byte[] array.");
Ensure.BitSize(sharedKey, keyLengthBits, string.Format("AesGcmKeyWrapManagement management algorithm expected key of size {0} bits, but was given {1} bits", keyLengthBits, sharedKey.Length * 8L));
byte[] iv = Arrays.Random(96);
byte[][] cipherAndTag = AesGcm.Encrypt(sharedKey, iv, null, cek);
header["iv"] = Base64Url.Encode(iv);
header["tag"] = Base64Url.Encode(cipherAndTag[1]);
return(cipherAndTag[0]);
}
public byte[] Decrypt(byte[] aad, byte[] cek, byte[] iv, byte[] cipherText, byte[] authTag)
{
byte[] numArray;
Ensure.BitSize(cek, this.keyLength, string.Format("AES-GCM algorithm expected key of size {0} bits, but was given {1} bits", this.keyLength, (int)cek.Length * 8), new object[0]);
try
{
numArray = AesGcm.Decrypt(cek, iv, aad, cipherText, authTag);
}
catch (CryptographicException cryptographicException)
{
throw new EncryptionException("Unable to decrypt content or authentication tag do not match.", cryptographicException);
}
return(numArray);
}
private static IntPtr ImportKey(IntPtr hAlg, byte[] key, out IntPtr hKey)
{
int num = BitConverter.ToInt32(AesGcm.GetProperty(hAlg, BCrypt.BCRYPT_OBJECT_LENGTH), 0);
IntPtr intPtr = Marshal.AllocHGlobal(num);
byte[] numArray = Arrays.Concat(new byte[][] { BCrypt.BCRYPT_KEY_DATA_BLOB_MAGIC, BitConverter.GetBytes(1), BitConverter.GetBytes((int)key.Length), key });
uint num1 = BCrypt.BCryptImportKey(hAlg, IntPtr.Zero, BCrypt.BCRYPT_KEY_DATA_BLOB, out hKey, intPtr, num, numArray, (int)numArray.Length, 0);
if (num1 != 0)
{
throw new CryptographicException(string.Format("BCrypt.BCryptImportKey() failed with status code:{0}", num1));
}
return(intPtr);
}
public byte[][] Encrypt(byte[] aad, byte[] plainText, byte[] cek)
{
byte[][] numArray;
Ensure.BitSize(cek, this.keyLength, string.Format("AES-GCM algorithm expected key of size {0} bits, but was given {1} bits", this.keyLength, (int)cek.Length * 8), new object[0]);
byte[] numArray1 = Arrays.Random(96);
try
{
byte[][] numArray2 = AesGcm.Encrypt(cek, numArray1, aad, plainText);
numArray = new byte[][] { numArray1, numArray2[0], numArray2[1] };
}
catch (CryptographicException cryptographicException)
{
throw new EncryptionException("Unable to encrypt content.", cryptographicException);
}
return(numArray);
}
public byte[][] Encrypt(byte[] aad, byte[] plainText, byte[] cek)
{
Ensure.BitSize(cek, keyLength, string.Format("AES-GCM algorithm expected key of size {0} bits, but was given {1} bits", keyLength, cek.Length * 8L));
byte[] iv = Arrays.Random(96);
try
{
byte[][] cipherAndTag = AesGcm.Encrypt(cek, iv, aad, plainText);
return(new[] { iv, cipherAndTag[0], cipherAndTag[1] });
}
catch (CryptographicException e)
{
throw new EncryptionException("Unable to encrypt content.", e);
}
}
public static byte[] Decrypt(byte[] key, byte[] iv, byte[] aad, byte[] cipherText, byte[] authTag)
{
IntPtr intPtr;
byte[] numArray;
IntPtr intPtr1 = AesGcm.OpenAlgorithmProvider(BCrypt.BCRYPT_AES_ALGORITHM, BCrypt.MS_PRIMITIVE_PROVIDER, BCrypt.BCRYPT_CHAIN_MODE_GCM);
IntPtr intPtr2 = AesGcm.ImportKey(intPtr1, key, out intPtr);
BCrypt.BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO bCRYPTAUTHENTICATEDCIPHERMODEINFO = new BCrypt.BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO(iv, aad, authTag);
BCrypt.BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO bCRYPTAUTHENTICATEDCIPHERMODEINFO1 = bCRYPTAUTHENTICATEDCIPHERMODEINFO;
try
{
byte[] numArray1 = new byte[AesGcm.MaxAuthTagSize(intPtr1)];
int num = 0;
uint num1 = BCrypt.BCryptDecrypt(intPtr, cipherText, (int)cipherText.Length, ref bCRYPTAUTHENTICATEDCIPHERMODEINFO, numArray1, (int)numArray1.Length, null, 0, ref num, 0);
if (num1 != 0)
{
throw new CryptographicException(string.Format("BCrypt.BCryptDecrypt() (get size) failed with status code: {0}", num1));
}
numArray = new byte[num];
num1 = BCrypt.BCryptDecrypt(intPtr, cipherText, (int)cipherText.Length, ref bCRYPTAUTHENTICATEDCIPHERMODEINFO, numArray1, (int)numArray1.Length, numArray, (int)numArray.Length, ref num, 0);
if (num1 == BCrypt.STATUS_AUTH_TAG_MISMATCH)
{
throw new CryptographicException("BCrypt.BCryptDecrypt(): authentication tag mismatch");
}
if (num1 != 0)
{
throw new CryptographicException(string.Format("BCrypt.BCryptDecrypt() failed with status code:{0}", num1));
}
}
finally
{
((IDisposable)bCRYPTAUTHENTICATEDCIPHERMODEINFO1).Dispose();
}
BCrypt.BCryptDestroyKey(intPtr);
Marshal.FreeHGlobal(intPtr2);
BCrypt.BCryptCloseAlgorithmProvider(intPtr1, 0);
return(numArray);
}
public static byte[][] Encrypt(byte[] key, byte[] iv, byte[] aad, byte[] plainText)
{
IntPtr intPtr;
byte[] numArray;
IntPtr intPtr1 = AesGcm.OpenAlgorithmProvider(BCrypt.BCRYPT_AES_ALGORITHM, BCrypt.MS_PRIMITIVE_PROVIDER, BCrypt.BCRYPT_CHAIN_MODE_GCM);
IntPtr intPtr2 = AesGcm.ImportKey(intPtr1, key, out intPtr);
byte[] numArray1 = new byte[AesGcm.MaxAuthTagSize(intPtr1)];
BCrypt.BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO bCRYPTAUTHENTICATEDCIPHERMODEINFO = new BCrypt.BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO(iv, aad, numArray1);
BCrypt.BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO bCRYPTAUTHENTICATEDCIPHERMODEINFO1 = bCRYPTAUTHENTICATEDCIPHERMODEINFO;
try
{
byte[] numArray2 = new byte[(int)numArray1.Length];
int num = 0;
uint num1 = BCrypt.BCryptEncrypt(intPtr, plainText, (int)plainText.Length, ref bCRYPTAUTHENTICATEDCIPHERMODEINFO, numArray2, (int)numArray2.Length, null, 0, ref num, 0);
if (num1 != 0)
{
throw new CryptographicException(string.Format("BCrypt.BCryptEncrypt() (get size) failed with status code:{0}", num1));
}
numArray = new byte[num];
num1 = BCrypt.BCryptEncrypt(intPtr, plainText, (int)plainText.Length, ref bCRYPTAUTHENTICATEDCIPHERMODEINFO, numArray2, (int)numArray2.Length, numArray, (int)numArray.Length, ref num, 0);
if (num1 != 0)
{
throw new CryptographicException(string.Format("BCrypt.BCryptEncrypt() failed with status code:{0}", num1));
}
Marshal.Copy(bCRYPTAUTHENTICATEDCIPHERMODEINFO.pbTag, numArray1, 0, bCRYPTAUTHENTICATEDCIPHERMODEINFO.cbTag);
}
finally
{
((IDisposable)bCRYPTAUTHENTICATEDCIPHERMODEINFO1).Dispose();
}
BCrypt.BCryptDestroyKey(intPtr);
Marshal.FreeHGlobal(intPtr2);
BCrypt.BCryptCloseAlgorithmProvider(intPtr1, 0);
return(new byte[][] { numArray, numArray1 });
}
private static int MaxAuthTagSize(IntPtr hAlg)
{
byte[] property = AesGcm.GetProperty(hAlg, BCrypt.BCRYPT_AUTH_TAG_LENGTH);
return(BitConverter.ToInt32(new byte[] { property[4], property[5], property[6], property[7] }, 0));
}