public byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header)
{
byte[] numArray = Ensure.Type <byte[]>(key, "AesGcmKeyWrapManagement alg expectes key to be byte[] array.", new object[0]);
Ensure.BitSize(numArray, this.keyLengthBits, string.Format("AesGcmKeyWrapManagement management algorithm expected key of size {0} bits, but was given {1} bits", this.keyLengthBits, (int)numArray.Length * 8), new object[0]);
Ensure.Contains(header, new string[] { "iv" }, "AesGcmKeyWrapManagement algorithm expects 'iv' param in JWT header, but was not found", new object[0]);
Ensure.Contains(header, new string[] { "tag" }, "AesGcmKeyWrapManagement algorithm expects 'tag' param in JWT header, but was not found", new object[0]);
byte[] numArray1 = Base64Url.Decode((string)header["iv"]);
byte[] numArray2 = Base64Url.Decode((string)header["tag"]);
return(AesGcm.Decrypt(numArray, numArray1, null, encryptedCek, numArray2));
}
public byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header)
{
byte[] sharedKey = Ensure.Type <byte[]>(key, "AesGcmKeyWrapManagement alg expectes key to be byte[] array.");
Ensure.BitSize(sharedKey, keyLengthBits, string.Format("AesGcmKeyWrapManagement management algorithm expected key of size {0} bits, but was given {1} bits", keyLengthBits, sharedKey.Length * 8L));
Ensure.Contains(header, new[] { "iv" }, "AesGcmKeyWrapManagement algorithm expects 'iv' param in JWT header, but was not found");
Ensure.Contains(header, new[] { "tag" }, "AesGcmKeyWrapManagement algorithm expects 'tag' param in JWT header, but was not found");
byte[] iv = Base64Url.Decode((string)header["iv"]);
byte[] authTag = Base64Url.Decode((string)header["tag"]);
return(AesGcm.Decrypt(sharedKey, iv, null, encryptedCek, authTag));
}
public byte[] Decrypt(byte[] aad, byte[] cek, byte[] iv, byte[] cipherText, byte[] authTag)
{
Ensure.BitSize(cek, keyLength, string.Format("AES-GCM algorithm expected key of size {0} bits, but was given {1} bits", keyLength, cek.Length * 8L));
try
{
return(AesGcm.Decrypt(cek, iv, aad, cipherText, authTag));
}
catch (CryptographicException e)
{
throw new EncryptionException("Unable to decrypt content or authentication tag do not match.", e);
}
}
public byte[] Decrypt(byte[] aad, byte[] cek, byte[] iv, byte[] cipherText, byte[] authTag)
{
byte[] numArray;
Ensure.BitSize(cek, this.keyLength, string.Format("AES-GCM algorithm expected key of size {0} bits, but was given {1} bits", this.keyLength, (int)cek.Length * 8), new object[0]);
try
{
numArray = AesGcm.Decrypt(cek, iv, aad, cipherText, authTag);
}
catch (CryptographicException cryptographicException)
{
throw new EncryptionException("Unable to decrypt content or authentication tag do not match.", cryptographicException);
}
return(numArray);
}