Пример #1
0
        public CngKey DeserializeCngKeyWithPublicKey(string serializedBlob)
        {
            if (string.IsNullOrWhiteSpace(serializedBlob))
            {
                throw new ArgumentNullException("serializedBlob");
            }


            var serializer = new XmlSerializer(typeof(CngKeySerialized));

            using (var reader = new StringReader(serializedBlob))
            {
                var cngKeySerialized = (CngKeySerialized)serializer.Deserialize(reader);
                if (cngKeySerialized.X.Length != cngKeySerialized.Y.Length)
                {
                    throw new InvalidOperationException("the size of the different parts is not equal (x, y)");
                }

                var partLength = cngKeySerialized.X.Length;
                if (!MappingSizeAndMagicNumberForPublicKey.ContainsKey(partLength))
                {
                    throw new InvalidOperationException(string.Format("the part length {0} is not valid", partLength));
                }

                var partSize    = BitConverter.GetBytes(partLength);
                var magicNumber = MappingSizeAndMagicNumberForPublicKey[partLength];
                var magicBytes  = BitConverter.GetBytes(magicNumber);
                var blob        = ByteManipulator.Concat(magicBytes,
                                                         partSize,
                                                         cngKeySerialized.X,
                                                         cngKeySerialized.Y);

                return(CngKey.Import(blob, CngKeyBlobFormat.EccPublicBlob));
            }
        }
Пример #2
0
        private string PerformDecryption(
            string toDecrypt,
            JweAlg alg,
            JsonWebKey jsonWebKey,
            Func <byte[][], byte[]> callback)
        {
            try
            {
                var toDecryptSplitted                  = toDecrypt.Split('.');
                var serializedProtectedHeader          = toDecryptSplitted[0].Base64Decode();
                var encryptedContentEncryptionKeyBytes = toDecryptSplitted[1].Base64DecodeBytes();
                var ivBytes           = toDecryptSplitted[2].Base64DecodeBytes();
                var cipherText        = toDecryptSplitted[3].Base64DecodeBytes();
                var authenticationTag = toDecryptSplitted[4].Base64DecodeBytes();

                var contentEncryptionKey = _aesEncryptionHelper.DecryptContentEncryptionKey(
                    encryptedContentEncryptionKeyBytes,
                    alg,
                    jsonWebKey);
                var contentEncryptionKeySplitted = GetKeysFromContentEncryptionKey(contentEncryptionKey);

                var hmacKey   = callback(contentEncryptionKeySplitted);
                var aesCbcKey = contentEncryptionKeySplitted[1];

                // Encrypt the plain text & create cipher text.
                var decrypted = _aesEncryptionHelper.DecryptWithAesAlgorithm(
                    cipherText,
                    aesCbcKey,
                    ivBytes);

                // Calculate the additional authenticated data.
                var aad = Encoding.UTF8.GetBytes(serializedProtectedHeader);

                // Calculate the authentication tag.
                var al                   = ByteManipulator.LongToBytes(aad.Length * 8);
                var hmacInput            = ByteManipulator.Concat(aad, ivBytes, cipherText, al);
                var hmacValue            = ComputeHmac(_keySize, hmacKey, hmacInput);
                var newAuthenticationTag = ByteManipulator.SplitByteArrayInHalf(hmacValue)[0];

                // Check if the authentication tags are equal other raise an exception.
                if (!ByteManipulator.ConstantTimeEquals(newAuthenticationTag, authenticationTag))
                {
                    // TODO : raise an exception.
                    return(string.Empty);
                }

                return(decrypted);
            }
            catch (Exception ex)
            {
                throw new Exception("invalid " + toDecrypt);
            }
        }
Пример #3
0
        private AesEncryptionResult PerformEncryption(
            string toEncrypt,
            JweAlg alg,
            JweProtectedHeader protectedHeader,
            JsonWebKey jsonWebKey,
            Func <byte[][], byte[]> callback)
        {
            // Get the content encryption key
            var contentEncryptionKey = _aesEncryptionHelper.GenerateContentEncryptionKey(_keySize);

            // Encrypt the content encryption key
            var encryptedContentEncryptionKey = _aesEncryptionHelper.EncryptContentEncryptionKey(
                contentEncryptionKey,
                alg,
                jsonWebKey);

            var contentEncryptionKeySplitted = GetKeysFromContentEncryptionKey(contentEncryptionKey);

            var hmacKey   = callback(contentEncryptionKeySplitted);
            var aesCbcKey = contentEncryptionKeySplitted[1];

            var iv = ByteManipulator.GenerateRandomBytes(_keySize / 2);

            // Encrypt the plain text & create cipher text.
            var cipherText = _aesEncryptionHelper.EncryptWithAesAlgorithm(
                toEncrypt,
                aesCbcKey,
                iv);

            // Calculate the additional authenticated data.
            var serializedProtectedHeader = protectedHeader.SerializeWithDataContract();
            var aad = Encoding.UTF8.GetBytes(serializedProtectedHeader);

            // Calculate the authentication tag.
            var al                = ByteManipulator.LongToBytes(aad.Length * 8);
            var hmacInput         = ByteManipulator.Concat(aad, iv, cipherText, al);
            var hmacValue         = ComputeHmac(_keySize, hmacKey, hmacInput);
            var authenticationTag = ByteManipulator.SplitByteArrayInHalf(hmacValue)[0];

            return(new AesEncryptionResult
            {
                Iv = iv,
                CipherText = cipherText,
                EncryptedContentEncryptionKey = encryptedContentEncryptionKey,
                AuthenticationTag = authenticationTag
            });
        }