public override Jwk WrapKey(Jwk?staticKey, JwtObject header, Span <byte> destination) { if (staticKey != null) { ThrowHelper.ThrowArgumentException_StaticKeyNotSupported(); } ReadOnlySpan <byte> bytes = Key.AsSpan(); return(SymmetricJwk.FromSpan(bytes, false)); }
/// <inheritsdoc /> public override Jwk WrapKey(Jwk?staticKey, JwtObject header, Span <byte> destination) { if (_disposed) { ThrowHelper.ThrowObjectDisposedException(GetType()); } var cek = CreateSymmetricKey(EncryptionAlgorithm, staticKey); Span <byte> nonce = stackalloc byte[IVSize]; Span <byte> tag = stackalloc byte[TagSize]; using (var aesGcm = new AesGcm(Key.AsSpan())) { aesGcm.Encrypt(nonce, cek.AsSpan(), destination, tag); header.Add(new JwtProperty(HeaderParameters.IVUtf8, Base64Url.Encode(nonce))); header.Add(new JwtProperty(HeaderParameters.TagUtf8, Base64Url.Encode(tag))); } return(cek); }
/// <inheritsdoc /> public override bool TryUnwrapKey(ReadOnlySpan <byte> keyBytes, Span <byte> destination, JwtHeader header, out int bytesWritten) { if (_disposed) { ThrowHelper.ThrowObjectDisposedException(GetType()); } var encodedIV = header.IV; var encodedTag = header.Tag; if (encodedIV is null) { ThrowHelper.ThrowJwtDescriptorException_HeaderIsRequired(HeaderParameters.IVUtf8); } if (encodedTag is null) { ThrowHelper.ThrowJwtDescriptorException_HeaderIsRequired(HeaderParameters.TagUtf8); } Span <byte> nonce = stackalloc byte[Base64Url.GetArraySizeRequiredToDecode(encodedIV.Length)]; Span <byte> tag = stackalloc byte[Base64Url.GetArraySizeRequiredToDecode(encodedTag.Length)]; try { Base64Url.Decode(encodedIV, nonce); Base64Url.Decode(encodedTag, tag); using var aesGcm = new AesGcm(Key.AsSpan()); aesGcm.Decrypt(nonce, keyBytes, tag, destination); bytesWritten = destination.Length; return(true); } catch (CryptographicException) { return(ThrowHelper.TryWriteError(out bytesWritten)); } }