private byte[] AES_KeyWrap(byte[] key)
{
AesWrapEngine foo = new AesWrapEngine();
KeyParameter parameters = new KeyParameter(key);
foo.Init(false, parameters);
_payload = foo.Unwrap(_rgbEncrypted, 0, _rgbEncrypted.Length);
return(_payload);
}
public static byte[] UnwrapKey(byte[] kek, byte[] iv, byte[] unwrapped_key)
{
IWrapper wrapper = new AesWrapEngine();
ICipherParameters kp = new KeyParameter(kek);
ICipherParameters kpwiv = new ParametersWithIV(kp, iv);
wrapper.Init(false, kpwiv);
byte[] pText = wrapper.Unwrap(unwrapped_key, 0, unwrapped_key.Length);
return(pText);
}
// Unwraps a wrapped key using a key encrypting key (KEK) and Initialization Vector (IV)
private byte[] UnwrapKey()
{
// Create Bouncy Castle AES Wrap Engine
IWrapper wrapper = new AesWrapEngine();
// Initialize engine with the KEK and IV
wrapper.Init(false, new ParametersWithIV(new KeyParameter(KeyEncryptingKey), KeyInitializationVector));
// Unwrap the wrapped key
byte[] unwrapped = wrapper.Unwrap(WrappedKey, 0, WrappedKey.Length);
return(unwrapped);
}
/// <summary>
/// Initializes the wrapper.
/// </summary>
/// <returns></returns>
private AesWrapEngine InitializeWrapper()
{
var digest = DigestUtilities.GetDigest(_publicKey.HashAlgorithm.ToString());
this.UpdateDigestWithKDFParameters(digest);
var hash = DigestUtilities.DoFinal(digest);
var size = _publicKey.SymmetricKeyAlgorithm == SymmetricKeyAlgorithmTag.Aes256
? 32 : _publicKey.SymmetricKeyAlgorithm == SymmetricKeyAlgorithmTag.Aes192
? 24 : _publicKey.SymmetricKeyAlgorithm == SymmetricKeyAlgorithmTag.Aes128
? 16 : 0;
var wrap = new AesWrapEngine();
wrap.Init(_forEncryption, new KeyParameter(hash, 0, size));
return(wrap);
}
private ITestResult wrapTest(
int id,
byte[] kek,
byte[] inBytes,
byte[] outBytes)
{
IWrapper wrapper = new AesWrapEngine();
wrapper.Init(true, new KeyParameter(kek));
try
{
byte[] cText = wrapper.Wrap(inBytes, 0, inBytes.Length);
if (!Arrays.AreEqual(cText, outBytes))
{
return(new SimpleTestResult(false, Name + ": failed wrap test " + id
+ " expected " + Hex.ToHexString(outBytes)
+ " got " + Hex.ToHexString(cText)));
}
}
catch (Exception e)
{
return(new SimpleTestResult(false, Name + ": failed wrap test exception " + e));
}
wrapper.Init(false, new KeyParameter(kek));
try
{
byte[] pText = wrapper.Unwrap(outBytes, 0, outBytes.Length);
if (!Arrays.AreEqual(pText, inBytes))
{
return(new SimpleTestResult(false, Name + ": failed unwrap test " + id
+ " expected " + Hex.ToHexString(inBytes)
+ " got " + Hex.ToHexString(pText)));
}
}
catch (Exception e)
{
return(new SimpleTestResult(false, Name + ": failed unwrap test exception.", e));
}
return(new SimpleTestResult(true, Name + ": Okay"));
}
private byte[] AES_KeyUnwrap(JWK keyObject, int keySize, byte[] rgbKey = null)
{
if (keyObject != null)
{
if (keyObject.AsString("kty") != "oct")
{
return(null);
}
rgbKey = keyObject.AsBytes("k");
}
if (rgbKey != null && rgbKey.Length != keySize / 8)
{
throw new JoseException("Key is not the correct size");
}
AesWrapEngine foo = new AesWrapEngine();
KeyParameter parameters = new KeyParameter(rgbKey);
foo.Init(false, parameters);
_payload = foo.Unwrap(_rgbEncrypted, 0, _rgbEncrypted.Length);
return(_payload);
}
private void AES_KeyWrap(int keySize, byte[] rgbKey = null)
{
if (rgbKey == null)
{
if (_mKey.AsString("kty") != "oct")
{
throw new JoseException("Key is not correct type");
}
rgbKey = _mKey.AsBytes("k");
}
if (rgbKey.Length != keySize / 8)
{
throw new JoseException("Key is not the correct size");
}
AesWrapEngine foo = new AesWrapEngine();
KeyParameter parameters = new KeyParameter(rgbKey);
foo.Init(true, parameters);
_rgbEncrypted = foo.Wrap(_payload, 0, _payload.Length);
}
public ITestResult Perform()
{
byte[] kek1 = Hex.Decode("000102030405060708090a0b0c0d0e0f");
byte[] in1 = Hex.Decode("00112233445566778899aabbccddeeff");
byte[] out1 = Hex.Decode("1fa68b0a8112b447aef34bd8fb5a7b829d3e862371d2cfe5");
ITestResult result = wrapTest(1, kek1, in1, out1);
if (!result.IsSuccessful())
{
return(result);
}
byte[] kek2 = Hex.Decode("000102030405060708090a0b0c0d0e0f1011121314151617");
byte[] in2 = Hex.Decode("00112233445566778899aabbccddeeff");
byte[] out2 = Hex.Decode("96778b25ae6ca435f92b5b97c050aed2468ab8a17ad84e5d");
result = wrapTest(2, kek2, in2, out2);
if (!result.IsSuccessful())
{
return(result);
}
byte[] kek3 = Hex.Decode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f");
byte[] in3 = Hex.Decode("00112233445566778899aabbccddeeff");
byte[] out3 = Hex.Decode("64e8c3f9ce0f5ba263e9777905818a2a93c8191e7d6e8ae7");
result = wrapTest(3, kek3, in3, out3);
if (!result.IsSuccessful())
{
return(result);
}
byte[] kek4 = Hex.Decode("000102030405060708090a0b0c0d0e0f1011121314151617");
byte[] in4 = Hex.Decode("00112233445566778899aabbccddeeff0001020304050607");
byte[] out4 = Hex.Decode("031d33264e15d33268f24ec260743edce1c6c7ddee725a936ba814915c6762d2");
result = wrapTest(4, kek4, in4, out4);
if (!result.IsSuccessful())
{
return(result);
}
byte[] kek5 = Hex.Decode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f");
byte[] in5 = Hex.Decode("00112233445566778899aabbccddeeff0001020304050607");
byte[] out5 = Hex.Decode("a8f9bc1612c68b3ff6e6f4fbe30e71e4769c8b80a32cb8958cd5d17d6b254da1");
result = wrapTest(5, kek5, in5, out5);
if (!result.IsSuccessful())
{
return(result);
}
byte[] kek6 = Hex.Decode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f");
byte[] in6 = Hex.Decode("00112233445566778899aabbccddeeff000102030405060708090a0b0c0d0e0f");
byte[] out6 = Hex.Decode("28c9f404c4b810f4cbccb35cfb87f8263f5786e2d80ed326cbc7f0e71a99f43bfb988b9b7a02dd21");
result = wrapTest(6, kek6, in6, out6);
if (!result.IsSuccessful())
{
return(result);
}
IWrapper wrapper = new AesWrapEngine();
KeyParameter key = new KeyParameter(new byte[16]);
byte[] buf = new byte[16];
try
{
wrapper.Init(true, key);
wrapper.Unwrap(buf, 0, buf.Length);
return(new SimpleTestResult(false, Name + ": failed unwrap state test."));
}
catch (InvalidOperationException)
{
// expected
}
catch (InvalidCipherTextException e)
{
return(new SimpleTestResult(false, Name + ": unexpected exception: " + e, e));
}
try
{
wrapper.Init(false, key);
wrapper.Wrap(buf, 0, buf.Length);
return(new SimpleTestResult(false, Name + ": failed unwrap state test."));
}
catch (InvalidOperationException)
{
// expected
}
//
// short test
//
try
{
wrapper.Init(false, key);
wrapper.Unwrap(buf, 0, buf.Length / 2);
return(new SimpleTestResult(false, Name + ": failed unwrap short test."));
}
catch (InvalidCipherTextException)
{
// expected
}
try
{
wrapper.Init(true, key);
wrapper.Wrap(buf, 0, 15);
return(new SimpleTestResult(false, Name + ": failed wrap length test."));
}
catch (DataLengthException)
{
// expected
}
return(new SimpleTestResult(true, Name + ": Okay"));
}
public static IWrapper GetWrapper(string algorithm)
{
string text = Platform.ToUpperInvariant(algorithm);
string text2 = (string)WrapperUtilities.algorithms[text];
if (text2 == null)
{
text2 = text;
}
try
{
switch ((WrapperUtilities.WrapAlgorithm)Enums.GetEnumValue(typeof(WrapperUtilities.WrapAlgorithm), text2))
{
case WrapperUtilities.WrapAlgorithm.AESWRAP:
{
IWrapper result = new AesWrapEngine();
return(result);
}
case WrapperUtilities.WrapAlgorithm.CAMELLIAWRAP:
{
IWrapper result = new CamelliaWrapEngine();
return(result);
}
case WrapperUtilities.WrapAlgorithm.DESEDEWRAP:
{
IWrapper result = new DesEdeWrapEngine();
return(result);
}
case WrapperUtilities.WrapAlgorithm.RC2WRAP:
{
IWrapper result = new RC2WrapEngine();
return(result);
}
case WrapperUtilities.WrapAlgorithm.SEEDWRAP:
{
IWrapper result = new SeedWrapEngine();
return(result);
}
case WrapperUtilities.WrapAlgorithm.DESEDERFC3211WRAP:
{
IWrapper result = new Rfc3211WrapEngine(new DesEdeEngine());
return(result);
}
case WrapperUtilities.WrapAlgorithm.AESRFC3211WRAP:
{
IWrapper result = new Rfc3211WrapEngine(new AesFastEngine());
return(result);
}
case WrapperUtilities.WrapAlgorithm.CAMELLIARFC3211WRAP:
{
IWrapper result = new Rfc3211WrapEngine(new CamelliaEngine());
return(result);
}
}
}
catch (ArgumentException)
{
}
IBufferedCipher cipher = CipherUtilities.GetCipher(algorithm);
if (cipher != null)
{
return(new WrapperUtilities.BufferedCipherWrapper(cipher));
}
throw new SecurityUtilityException("Wrapper " + algorithm + " not recognised.");
}
