Exemplo n.º 1
0
        public byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header)
        {
            var privateKey = Ensure.Type <RSACryptoServiceProvider>(key, "RsaKeyManagement alg expects key to be of RSACryptoServiceProvider type.");

            return(useSha256 ? RsaOaep.Decrypt(encryptedCek, RsaKey.New(privateKey.ExportParameters(true)), CngAlgorithm.Sha256)
                             : privateKey.Decrypt(encryptedCek, useRsaOaepPadding));
        }
Exemplo n.º 2
0
        public byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header)
        {
            if (key is CngKey)
            {
                var privateKey = (CngKey)key;

                return(RsaOaep.Decrypt(encryptedCek, privateKey, CngAlgorithm.Sha256));
            }

            if (key is RSACryptoServiceProvider)
            {
                //This is for backward compatibility only with 2.x
                //To be removed in 3.x
                var privateKey = RsaKey.New(((RSACryptoServiceProvider)key).ExportParameters(true));

                return(RsaOaep.Decrypt(encryptedCek, privateKey, CngAlgorithm.Sha256));
            }

            if (key is RSA)
            {
                var privateKey = (RSA)key;

                return(privateKey.Decrypt(encryptedCek, RSAEncryptionPadding.OaepSHA256));
            }

            throw new ArgumentException("RsaKeyManagement algorithm expects key to be of either CngKey or RSA types.");
        }
Exemplo n.º 3
0
        public byte[][] WrapNewKey(int cekSizeBits, object key, IDictionary <string, object> header)
        {
            var cek = Arrays.Random(cekSizeBits);

            if (key is CngKey)
            {
                var publicKey = (CngKey)key;

                return(new[] { cek, RsaOaep.Encrypt(cek, publicKey, CngAlgorithm.Sha256) });
            }

            if (key is RSACryptoServiceProvider)
            {
                //This is for backward compatibility only with 2.x
                //To be removed in 3.x
                var publicKey = RsaKey.New(((RSACryptoServiceProvider)key).ExportParameters(false));

                return(new[] { cek, RsaOaep.Encrypt(cek, publicKey, CngAlgorithm.Sha256) });
            }

            if (key is RSA)
            {
                var publicKey = (RSA)key;

                return(new[] { cek, publicKey.Encrypt(cek, RSAEncryptionPadding.OaepSHA256) });
            }

            throw new ArgumentException("RsaKeyManagement algorithm expects key to be of either CngKey or RSA types.");
        }
Exemplo n.º 4
0
        public byte[] WrapKey(byte[] cek, object key, IDictionary <string, object> header)
        {
#if NET40
            if (key is CngKey cngKey)
            {
                return(RsaOaep.Encrypt(cek, cngKey, CngAlgorithm.Sha256));
            }
            else if (key is RSACryptoServiceProvider rsaKey)
            {
                //This is for backward compatibility only with 2.x
                //To be removed in 3.x
                var publicKey = RsaKey.New(rsaKey.ExportParameters(false));

                return(RsaOaep.Encrypt(cek, publicKey, CngAlgorithm.Sha256));
            }

            throw new ArgumentException("RsaKeyManagement algorithm expects key to be of CngKey or RSACryptoServiceProvider types.");
#elif NET461 || NET472
            if (key is CngKey cngKey)
            {
                return(RsaOaep.Encrypt(cek, cngKey, CngAlgorithm.Sha256));
            }

            else if (key is RSACryptoServiceProvider rsaKey)
            {
                //This is for backward compatibility only with 2.x
                //To be removed in 3.x
                var publicKey = RsaKey.New(rsaKey.ExportParameters(false));

                return(RsaOaep.Encrypt(cek, publicKey, CngAlgorithm.Sha256));
            }
            else if (key is RSA rsa)
            {
                return(rsa.Encrypt(cek, RSAEncryptionPadding.OaepSHA256));
            }
            else if (key is Jwk jwk)
            {
                if (jwk.Kty == Jwk.KeyTypes.RSA)
                {
                    return(jwk.RsaKey().Encrypt(cek, RSAEncryptionPadding.OaepSHA256));
                }
            }

            throw new ArgumentException("RsaKeyManagement algorithm expects key to be of CngKey, RSACryptoServiceProvider, RSA types or Jwk type with kty='rsa'.");
#elif NETSTANDARD
            if (key is RSA rsa)
            {
                return(rsa.Encrypt(cek, RSAEncryptionPadding.OaepSHA256));
            }
            else if (key is Jwk jwk)
            {
                if (jwk.Kty == Jwk.KeyTypes.RSA)
                {
                    return(jwk.RsaKey().Encrypt(cek, RSAEncryptionPadding.OaepSHA256));
                }
            }

            throw new ArgumentException("RsaKeyManagement algorithm expects key to be of RSA types or Jwk type with kty='rsa'.");
#endif
        }
Exemplo n.º 5
0
        public byte[][] WrapNewKey(int cekSizeBits, object key, IDictionary <string, object> header)
        {
            var publicKey = Ensure.Type <RSACryptoServiceProvider>(key, "RsaKeyManagement alg expects key to be of RSACryptoServiceProvider type.");

            var cek = Arrays.Random(cekSizeBits);

            return(useSha256 ? new[] { cek, RsaOaep.Encrypt(cek, RsaKey.New(publicKey.ExportParameters(false)), CngAlgorithm.Sha256) }
                             : new[] { cek, publicKey.Encrypt(cek, useRsaOaepPadding) });
        }
Exemplo n.º 6
0
        public byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header)
        {
            RSACryptoServiceProvider rSACryptoServiceProvider = Ensure.Type <RSACryptoServiceProvider>(key, "RsaKeyManagement alg expects key to be of RSACryptoServiceProvider type.", new object[0]);

            if (!this.useSha256)
            {
                return(rSACryptoServiceProvider.Decrypt(encryptedCek, this.useRsaOaepPadding));
            }
            return(RsaOaep.Decrypt(encryptedCek, RsaKey.New(rSACryptoServiceProvider.ExportParameters(true)), CngAlgorithm.Sha256));
        }
Exemplo n.º 7
0
        public byte[][] WrapNewKey(int cekSizeBits, object key, IDictionary <string, object> header)
        {
            byte[] numArray = Arrays.Random(cekSizeBits);
            RSACryptoServiceProvider rSACryptoServiceProvider = Ensure.Type <RSACryptoServiceProvider>(key, "RsaKeyManagement alg expects key to be of RSACryptoServiceProvider type.", new object[0]);

            if (!this.useSha256)
            {
                return(new byte[][] { numArray, rSACryptoServiceProvider.Encrypt(numArray, this.useRsaOaepPadding) });
            }
            return(new byte[][] { numArray, RsaOaep.Encrypt(numArray, RsaKey.New(rSACryptoServiceProvider.ExportParameters(false)), CngAlgorithm.Sha256) });
        }
Exemplo n.º 8
0
        public bool Verify(byte[] signature, byte[] securedInput, object key)
        {
            var publicKey = Ensure.Type <RSACryptoServiceProvider>(key, "RsaUsingSha with PSS padding alg expects key to be of RSACryptoServiceProvider type.");

            try
            {
                return(RsaPss.Verify(securedInput, signature, RsaKey.New(publicKey.ExportParameters(false)), Hash, saltSize));
            }
            catch (CryptographicException e)
            {
                return(false);
            }
        }
Exemplo n.º 9
0
        public byte[] Sign(byte[] securedInput, object key)
        {
            var privateKey = Ensure.Type <RSACryptoServiceProvider>(key, "RsaUsingSha with PSS padding alg expects key to be of RSACryptoServiceProvider type.");

            try
            {
                return(RsaPss.Sign(securedInput, RsaKey.New(privateKey.ExportParameters(true)), Hash, saltSize));
            }
            catch (CryptographicException e)
            {
                throw new JoseException("Unable to sign content.", e);
            }
        }
Exemplo n.º 10
0
        public byte[] WrapKey(byte[] cek, object key, IDictionary <string, object> header)
        {
        #if NET40
            if (key is CngKey)
            {
                var publicKey = (CngKey)key;

                return(RsaOaep.Encrypt(cek, publicKey, CngAlgorithm.Sha256));
            }

            if (key is RSACryptoServiceProvider)
            {
                //This is for backward compatibility only with 2.x
                //To be removed in 3.x
                var publicKey = RsaKey.New(((RSACryptoServiceProvider)key).ExportParameters(false));

                return(RsaOaep.Encrypt(cek, publicKey, CngAlgorithm.Sha256));
            }

            throw new ArgumentException("RsaKeyManagement algorithm expects key to be of CngKey or RSACryptoServiceProvider types.");
        #elif NET461
            if (key is CngKey)
            {
                var publicKey = (CngKey)key;

                return(RsaOaep.Encrypt(cek, publicKey, CngAlgorithm.Sha256));
            }

            if (key is RSACryptoServiceProvider)
            {
                //This is for backward compatibility only with 2.x
                //To be removed in 3.x
                var publicKey = RsaKey.New(((RSACryptoServiceProvider)key).ExportParameters(false));

                return(RsaOaep.Encrypt(cek, publicKey, CngAlgorithm.Sha256));
            }

            if (key is RSA)
            {
                var publicKey = (RSA)key;

                return(publicKey.Encrypt(cek, RSAEncryptionPadding.OaepSHA256));
            }

            throw new ArgumentException("RsaKeyManagement algorithm expects key to be of either CngKey or RSA types.");
#elif NETSTANDARD
            var publicKey = Ensure.Type <RSA>(key, "RsaKeyManagement algorithm expects key to be of RSA type.");

            return(publicKey.Encrypt(cek, RSAEncryptionPadding.OaepSHA256));
#endif
        }
Exemplo n.º 11
0
        public byte[] Sign(byte[] securedInput, object key)
        {
            byte[] numArray;
            RSACryptoServiceProvider rSACryptoServiceProvider = Ensure.Type <RSACryptoServiceProvider>(key, "RsaUsingSha with PSS padding alg expects key to be of RSACryptoServiceProvider type.", new object[0]);

            try
            {
                numArray = RsaPss.Sign(securedInput, RsaKey.New(rSACryptoServiceProvider.ExportParameters(true)), this.Hash, this.saltSize);
            }
            catch (CryptographicException cryptographicException)
            {
                throw new JoseException("Unable to sign content.", cryptographicException);
            }
            return(numArray);
        }
Exemplo n.º 12
0
        public bool Verify(byte[] signature, byte[] securedInput, object key)
        {
            bool flag;
            RSACryptoServiceProvider rSACryptoServiceProvider = Ensure.Type <RSACryptoServiceProvider>(key, "RsaUsingSha with PSS padding alg expects key to be of RSACryptoServiceProvider type.", new object[0]);

            try
            {
                flag = RsaPss.Verify(securedInput, signature, RsaKey.New(rSACryptoServiceProvider.ExportParameters(false)), this.Hash, this.saltSize);
            }
            catch (CryptographicException cryptographicException)
            {
                flag = false;
            }
            return(flag);
        }
Exemplo n.º 13
0
        public byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header)
        {
#if NET40
            var privateKey = Ensure.Type <RSACryptoServiceProvider>(key, "RsaKeyManagement alg expects key to be of RSACryptoServiceProvider type.");

            return(useSha256 ? RsaOaep.Decrypt(encryptedCek, RsaKey.New(privateKey.ExportParameters(true)), CngAlgorithm.Sha256)
                             : privateKey.Decrypt(encryptedCek, useRsaOaepPadding));
#elif NETSTANDARD1_4
            var privateKey = Ensure.Type <RSA>(key, "RsaKeyManagement alg expects key to be of RSA type.");

            var padding = useSha256         ? RSAEncryptionPadding.OaepSHA256 :
                          useRsaOaepPadding ? RSAEncryptionPadding.OaepSHA1 :
                          RSAEncryptionPadding.Pkcs1;

            return(privateKey.Decrypt(encryptedCek, padding));
#endif
        }
Exemplo n.º 14
0
        public byte[] Sign(byte[] securedInput, object key)
        {
#if NET40
            var privateKey = Ensure.Type <RSACryptoServiceProvider>(key, "RsaUsingSha with PSS padding alg expects key to be of RSACryptoServiceProvider type.");

            try
            {
                return(RsaPss.Sign(securedInput, RsaKey.New(privateKey.ExportParameters(true)), Hash, saltSize));
            }
            catch (CryptographicException e)
            {
                throw new JoseException("Unable to sign content.", e);
            }
#elif NETSTANDARD1_4
            var privateKey = Ensure.Type <RSA>(key, "RsaUsingSha with PSS padding alg expects key to be of RSA type.");
            return(privateKey.SignData(securedInput, HashAlgorithm, RSASignaturePadding.Pss));
#endif
        }
Exemplo n.º 15
0
        public byte[][] WrapNewKey(int cekSizeBits, object key, IDictionary <string, object> header)
        {
            var cek = Arrays.Random(cekSizeBits);

#if NET40
            var publicKey = Ensure.Type <RSACryptoServiceProvider>(key, "RsaKeyManagement alg expects key to be of RSACryptoServiceProvider type.");

            return(useSha256 ? new[] { cek, RsaOaep.Encrypt(cek, RsaKey.New(publicKey.ExportParameters(false)), CngAlgorithm.Sha256) }
                             : new[] { cek, publicKey.Encrypt(cek, useRsaOaepPadding) });
#elif NETSTANDARD1_4
            var publicKey = Ensure.Type <RSA>(key, "RsaKeyManagement alg expects key to be of RSA type.");

            var padding = useSha256         ? RSAEncryptionPadding.OaepSHA256 :
                          useRsaOaepPadding ? RSAEncryptionPadding.OaepSHA1 :
                          RSAEncryptionPadding.Pkcs1;

            return(new[] { cek, publicKey.Encrypt(cek, padding) });
#endif
        }
Exemplo n.º 16
0
        public bool Verify(byte[] signature, byte[] securedInput, object key)
        {
#if NET40
            var publicKey = Ensure.Type <RSACryptoServiceProvider>(key,
                                                                   "RsaUsingSha with PSS padding alg expects key to be of RSACryptoServiceProvider type.");

            try
            {
                return(RsaPss.Verify(securedInput, signature, RsaKey.New(publicKey.ExportParameters(false)), Hash,
                                     saltSize));
            }
            catch (CryptographicException e)
            {
                return(false);
            }
#elif NETSTANDARD1_4
            var publicKey = Ensure.Type <RSA>(key, "RsaUsingSha with PSS padding alg expects key to be of RSA type.");
            return(publicKey.VerifyData(securedInput, signature, HashAlgorithm, RSASignaturePadding.Pss));
#endif
        }
Exemplo n.º 17
0
        public bool Verify(byte[] signature, byte[] securedInput, object key)
        {
            if (key is CngKey)
            {
                var publicKey = (CngKey)key;

                try
                {
                    return(RsaPss.Verify(securedInput, signature, publicKey, Hash, saltSize));
                }
                catch (CryptographicException e)
                {
                    return(false);
                }
            }

            if (key is RSACryptoServiceProvider)
            {
                //This is for backward compatibility only with 2.x
                //To be removed in 3.x
                var publicKey = RsaKey.New(((RSACryptoServiceProvider)key).ExportParameters(false));

                try
                {
                    return(RsaPss.Verify(securedInput, signature, publicKey, Hash, saltSize));
                }
                catch (CryptographicException e)
                {
                    return(false);
                }
            }

            if (key is RSA)
            {
                var publicKey = (RSA)key;

                return(publicKey.VerifyData(securedInput, signature, HashAlgorithm, RSASignaturePadding.Pss));
            }

            throw new ArgumentException("RsaUsingSha with PSS padding alg expects key to be of either CngKey or RSA types.");
        }
Exemplo n.º 18
0
        public byte[] Sign(byte[] securedInput, object key)
        {
            if (key is CngKey)
            {
                var privateKey = (CngKey)key;

                try
                {
                    return(RsaPss.Sign(securedInput, privateKey, Hash, saltSize));
                }
                catch (CryptographicException e)
                {
                    throw new JoseException("Unable to sign content.", e);
                }
            }

            if (key is RSACryptoServiceProvider)
            {
                //This is for backward compatibility only with 2.x
                //To be removed in 3.x
                var privateKey = RsaKey.New(((RSACryptoServiceProvider)key).ExportParameters(true));

                try
                {
                    return(RsaPss.Sign(securedInput, privateKey, Hash, saltSize));
                }
                catch (CryptographicException e)
                {
                    throw new JoseException("Unable to sign content.", e);
                }
            }

            if (key is RSA)
            {
                var privateKey = (RSA)key;
                return(privateKey.SignData(securedInput, HashAlgorithm, RSASignaturePadding.Pss));
            }

            throw new ArgumentException("RsaUsingSha with PSS padding alg expects key to be of either CngKey or RSA types.");
        }
Exemplo n.º 19
0
        public byte[] Sign(byte[] securedInput, object key)
        {
#if NET40
            if (key is CngKey cngKey)
            {
                try
                {
                    return(RsaPss.Sign(securedInput, cngKey, Hash, saltSize));
                }
                catch (CryptographicException e)
                {
                    throw new JoseException("Unable to sign content.", e);
                }
            }
            else if (key is RSACryptoServiceProvider rsaKey)
            {
                //This is for backward compatibility only with 2.x
                //To be removed in 3.x
                var privateKey = RsaKey.New(rsaKey.ExportParameters(true));

                try
                {
                    return(RsaPss.Sign(securedInput, privateKey, Hash, saltSize));
                }
                catch (CryptographicException e)
                {
                    throw new JoseException("Unable to sign content.", e);
                }
            }

            throw new ArgumentException("RsaUsingSha with PSS padding alg expects key to be of CngKey type.");
#elif NET461 || NET472
            if (key is CngKey cngKey)
            {
                try
                {
                    return(RsaPss.Sign(securedInput, cngKey, Hash, saltSize));
                }
                catch (CryptographicException e)
                {
                    throw new JoseException("Unable to sign content.", e);
                }
            }
            else if (key is RSACryptoServiceProvider rsaKey)
            {
                //This is for backward compatibility only with 2.x
                //To be removed in 3.x
                var privateKey = RsaKey.New(rsaKey.ExportParameters(true));

                try
                {
                    return(RsaPss.Sign(securedInput, privateKey, Hash, saltSize));
                }
                catch (CryptographicException e)
                {
                    throw new JoseException("Unable to sign content.", e);
                }
            }
            else if (key is RSA rsa)
            {
                return(rsa.SignData(securedInput, HashAlgorithm, RSASignaturePadding.Pss));
            }
            else if (key is Jwk jwk)
            {
                if (jwk.Kty == Jwk.KeyTypes.RSA)
                {
                    return(jwk.RsaKey().SignData(securedInput, HashAlgorithm, RSASignaturePadding.Pss));
                }
            }

            throw new ArgumentException("RsaUsingSha with PSS padding alg expects key to be of either CngKey or RSA types or Jwk type with kty='RSA'");
#elif NETSTANDARD
            if (key is RSA rsa)
            {
                return(rsa.SignData(securedInput, HashAlgorithm, RSASignaturePadding.Pss));
            }
            else if (key is Jwk jwk)
            {
                if (jwk.Kty == Jwk.KeyTypes.RSA)
                {
                    return(jwk.RsaKey().SignData(securedInput, HashAlgorithm, RSASignaturePadding.Pss));
                }
            }

            throw new ArgumentException("RsaUsingSha with PSS padding alg expects key to be of either RSA type or Jwk type with kty='RSA'");
#endif
        }