public byte[] ProcessBlock(byte[] cipherText) { var plainText = new byte[CRYPTO_BLOCK_SIZE]; var decryptedBytes = new List<byte>(); var decryptor = rijndael.CreateDecryptor(); using (var msDecrypt = new MemoryStream(cipherText)) { using (var csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read)) { csDecrypt.ReadFully(plainText); } } for (int j = 0; j < plainText.Length; j++) decryptedBytes.Add((byte)(plainText[j] ^ aesInitializationVector[j % 16])); //32:114, 33:101 for (int j = 0; j < aesInitializationVector.Length; j++) aesInitializationVector[j] = cipherText[j]; return decryptedBytes.ToArray(); }
public static byte[] Decrypt(byte[] encryptedBytes, byte[] aesKey, byte[] iv) { using (SymmetricAlgorithm aes = new AesCryptoServiceProvider()) { aes.KeySize = KeySize; aes.Key = aesKey; aes.IV = iv; using (var decryptor = aes.CreateDecryptor(aes.Key, aes.IV)) using (var ms = MemoryStreamFactory.GetStream(encryptedBytes)) using (var cryptStream = new CryptoStream(ms, decryptor, CryptoStreamMode.Read)) { return cryptStream.ReadFully(); } } }
public static byte[] Decrypt(byte[] encryptedBytes, byte[] cryptKey, byte[] iv) { using (var aes = CreateSymmetricAlgorithm()) using (var decryptor = aes.CreateDecryptor(cryptKey, iv)) using (var ms = MemoryStreamFactory.GetStream(encryptedBytes)) using (var cryptStream = new CryptoStream(ms, decryptor, CryptoStreamMode.Read)) { return cryptStream.ReadFully(); } }
public void PreAuthenticate(IRequest req, IResponse res) { if (req.OperationName != null && IgnoreForOperationTypes.Contains(req.OperationName)) return; var bearerToken = req.GetBearerToken() ?? req.GetCookieValue(Keywords.TokenCookie); if (bearerToken != null) { var parts = bearerToken.Split('.'); if (parts.Length == 3) { if (RequireSecureConnection && !req.IsSecureConnection) throw HttpError.Forbidden(ErrorMessages.JwtRequiresSecureConnection); var header = parts[0]; var payload = parts[1]; var signatureBytes = parts[2].FromBase64UrlSafe(); var headerJson = header.FromBase64UrlSafe().FromUtf8Bytes(); var payloadBytes = payload.FromBase64UrlSafe(); var headerData = headerJson.FromJson<Dictionary<string, string>>(); var bytesToSign = string.Concat(header, ".", payload).ToUtf8Bytes(); var algorithm = headerData["alg"]; //Potential Security Risk for relying on user-specified algorithm: https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ if (RequireHashAlgorithm && algorithm != HashAlgorithm) throw new NotSupportedException("Invalid algoritm '{0}', expected '{1}'".Fmt(algorithm, HashAlgorithm)); if (!VerifyPayload(algorithm, bytesToSign, signatureBytes)) return; var payloadJson = payloadBytes.FromUtf8Bytes(); var jwtPayload = JsonObject.Parse(payloadJson); var session = CreateSessionFromPayload(req, jwtPayload); req.Items[Keywords.Session] = session; } else if (parts.Length == 5) //Encrypted JWE Token { if (RequireSecureConnection && !req.IsSecureConnection) throw HttpError.Forbidden(ErrorMessages.JwtRequiresSecureConnection); if (PrivateKey == null || PublicKey == null) throw new NotSupportedException("PrivateKey is required to DecryptPayload"); var jweHeaderBase64Url = parts[0]; var jweEncKeyBase64Url = parts[1]; var ivBase64Url = parts[2]; var cipherTextBase64Url = parts[3]; var tagBase64Url = parts[4]; var sentTag = tagBase64Url.FromBase64UrlSafe(); var aadBytes = (jweHeaderBase64Url + "." + jweEncKeyBase64Url).ToUtf8Bytes(); var iv = ivBase64Url.FromBase64UrlSafe(); var cipherText = cipherTextBase64Url.FromBase64UrlSafe(); var jweEncKey = jweEncKeyBase64Url.FromBase64UrlSafe(); var cryptAuthKeys256 = RsaUtils.Decrypt(jweEncKey, PrivateKey.Value, UseRsaKeyLength); var authKey = new byte[128 / 8]; var cryptKey = new byte[128 / 8]; Buffer.BlockCopy(cryptAuthKeys256, 0, authKey, 0, authKey.Length); Buffer.BlockCopy(cryptAuthKeys256, authKey.Length, cryptKey, 0, cryptKey.Length); using (var hmac = new HMACSHA256(authKey)) using (var encryptedStream = new MemoryStream()) { using (var writer = new BinaryWriter(encryptedStream)) { writer.Write(aadBytes); writer.Write(iv); writer.Write(cipherText); writer.Flush(); var calcTag = hmac.ComputeHash(encryptedStream.ToArray()); if (!calcTag.EquivalentTo(sentTag)) return; } } JsonObject jwtPayload; var aes = Aes.Create(); aes.KeySize = 128; aes.BlockSize = 128; aes.Mode = CipherMode.CBC; aes.Padding = PaddingMode.PKCS7; using (aes) using (var decryptor = aes.CreateDecryptor(cryptKey, iv)) using (var ms = MemoryStreamFactory.GetStream(cipherText)) using (var cryptStream = new CryptoStream(ms, decryptor, CryptoStreamMode.Read)) { var jwtPayloadBytes = cryptStream.ReadFully(); jwtPayload = JsonObject.Parse(jwtPayloadBytes.FromUtf8Bytes()); } var session = CreateSessionFromPayload(req, jwtPayload); req.Items[Keywords.Session] = session; } } }