public byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header)
 {
     byte[] numArray = Ensure.Type <byte[]>(key, "AesGcmKeyWrapManagement alg expectes key to be byte[] array.", new object[0]);
     Ensure.BitSize(numArray, this.keyLengthBits, string.Format("AesGcmKeyWrapManagement management algorithm expected key of size {0} bits, but was given {1} bits", this.keyLengthBits, (int)numArray.Length * 8), new object[0]);
     Ensure.Contains(header, new string[] { "iv" }, "AesGcmKeyWrapManagement algorithm expects 'iv' param in JWT header, but was not found", new object[0]);
     Ensure.Contains(header, new string[] { "tag" }, "AesGcmKeyWrapManagement algorithm expects 'tag' param in JWT header, but was not found", new object[0]);
     byte[] numArray1 = Base64Url.Decode((string)header["iv"]);
     byte[] numArray2 = Base64Url.Decode((string)header["tag"]);
     return(AesGcm.Decrypt(numArray, numArray1, null, encryptedCek, numArray2));
 }
 public byte[][] WrapNewKey(int cekSizeBits, object key, IDictionary <string, object> header)
 {
     byte[] numArray = Ensure.Type <byte[]>(key, "AesGcmKeyWrapManagement alg expectes key to be byte[] array.", new object[0]);
     Ensure.BitSize(numArray, this.keyLengthBits, string.Format("AesGcmKeyWrapManagement management algorithm expected key of size {0} bits, but was given {1} bits", this.keyLengthBits, (int)numArray.Length * 8), new object[0]);
     byte[]   numArray1 = Arrays.Random(96);
     byte[]   numArray2 = Arrays.Random(cekSizeBits);
     byte[][] numArray3 = AesGcm.Encrypt(numArray, numArray1, null, numArray2);
     header["iv"]  = Base64Url.Encode(numArray1);
     header["tag"] = Base64Url.Encode(numArray3[1]);
     return(new byte[][] { numArray2, numArray3[0] });
 }
Пример #3
0
        public byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header)
        {
            byte[] sharedKey = Ensure.Type <byte[]>(key, "AesGcmKeyWrapManagement alg expectes key to be byte[] array.");
            Ensure.BitSize(sharedKey, keyLengthBits, string.Format("AesGcmKeyWrapManagement management algorithm expected key of size {0} bits, but was given {1} bits", keyLengthBits, sharedKey.Length * 8L));

            Ensure.Contains(header, new[] { "iv" }, "AesGcmKeyWrapManagement algorithm expects 'iv' param in JWT header, but was not found");
            Ensure.Contains(header, new[] { "tag" }, "AesGcmKeyWrapManagement algorithm expects 'tag' param in JWT header, but was not found");

            byte[] iv      = Base64Url.Decode((string)header["iv"]);
            byte[] authTag = Base64Url.Decode((string)header["tag"]);

            return(AesGcm.Decrypt(sharedKey, iv, null, encryptedCek, authTag));
        }
Пример #4
0
        public byte[] Decrypt(byte[] aad, byte[] cek, byte[] iv, byte[] cipherText, byte[] authTag)
        {
            Ensure.BitSize(cek, keyLength, string.Format("AES-GCM algorithm expected key of size {0} bits, but was given {1} bits", keyLength, cek.Length * 8L));

            try
            {
                return(AesGcm.Decrypt(cek, iv, aad, cipherText, authTag));
            }
            catch (CryptographicException e)
            {
                throw new EncryptionException("Unable to decrypt content or authentication tag do not match.", e);
            }
        }
        public byte[] WrapKey(byte[] cek, object key, IDictionary <string, object> header)
        {
            byte[] sharedKey = Ensure.Type <byte[]>(key, "AesGcmKeyWrapManagement alg expectes key to be byte[] array.");
            Ensure.BitSize(sharedKey, keyLengthBits, string.Format("AesGcmKeyWrapManagement management algorithm expected key of size {0} bits, but was given {1} bits", keyLengthBits, sharedKey.Length * 8L));

            byte[] iv = Arrays.Random(96);

            byte[][] cipherAndTag = AesGcm.Encrypt(sharedKey, iv, null, cek);

            header["iv"]  = Base64Url.Encode(iv);
            header["tag"] = Base64Url.Encode(cipherAndTag[1]);

            return(cipherAndTag[0]);
        }
Пример #6
0
 public byte[] Decrypt(byte[] aad, byte[] cek, byte[] iv, byte[] cipherText, byte[] authTag)
 {
     byte[] numArray;
     Ensure.BitSize(cek, this.keyLength, string.Format("AES-GCM algorithm expected key of size {0} bits, but was given {1} bits", this.keyLength, (int)cek.Length * 8), new object[0]);
     try
     {
         numArray = AesGcm.Decrypt(cek, iv, aad, cipherText, authTag);
     }
     catch (CryptographicException cryptographicException)
     {
         throw new EncryptionException("Unable to decrypt content or authentication tag do not match.", cryptographicException);
     }
     return(numArray);
 }
Пример #7
0
        private static IntPtr ImportKey(IntPtr hAlg, byte[] key, out IntPtr hKey)
        {
            int    num    = BitConverter.ToInt32(AesGcm.GetProperty(hAlg, BCrypt.BCRYPT_OBJECT_LENGTH), 0);
            IntPtr intPtr = Marshal.AllocHGlobal(num);

            byte[] numArray = Arrays.Concat(new byte[][] { BCrypt.BCRYPT_KEY_DATA_BLOB_MAGIC, BitConverter.GetBytes(1), BitConverter.GetBytes((int)key.Length), key });
            uint   num1     = BCrypt.BCryptImportKey(hAlg, IntPtr.Zero, BCrypt.BCRYPT_KEY_DATA_BLOB, out hKey, intPtr, num, numArray, (int)numArray.Length, 0);

            if (num1 != 0)
            {
                throw new CryptographicException(string.Format("BCrypt.BCryptImportKey() failed with status code:{0}", num1));
            }
            return(intPtr);
        }
Пример #8
0
 public byte[][] Encrypt(byte[] aad, byte[] plainText, byte[] cek)
 {
     byte[][] numArray;
     Ensure.BitSize(cek, this.keyLength, string.Format("AES-GCM algorithm expected key of size {0} bits, but was given {1} bits", this.keyLength, (int)cek.Length * 8), new object[0]);
     byte[] numArray1 = Arrays.Random(96);
     try
     {
         byte[][] numArray2 = AesGcm.Encrypt(cek, numArray1, aad, plainText);
         numArray = new byte[][] { numArray1, numArray2[0], numArray2[1] };
     }
     catch (CryptographicException cryptographicException)
     {
         throw new EncryptionException("Unable to encrypt content.", cryptographicException);
     }
     return(numArray);
 }
Пример #9
0
        public byte[][] Encrypt(byte[] aad, byte[] plainText, byte[] cek)
        {
            Ensure.BitSize(cek, keyLength, string.Format("AES-GCM algorithm expected key of size {0} bits, but was given {1} bits", keyLength, cek.Length * 8L));

            byte[] iv = Arrays.Random(96);

            try
            {
                byte[][] cipherAndTag = AesGcm.Encrypt(cek, iv, aad, plainText);

                return(new[] { iv, cipherAndTag[0], cipherAndTag[1] });
            }
            catch (CryptographicException e)
            {
                throw new EncryptionException("Unable to encrypt content.", e);
            }
        }
Пример #10
0
        public static byte[] Decrypt(byte[] key, byte[] iv, byte[] aad, byte[] cipherText, byte[] authTag)
        {
            IntPtr intPtr;

            byte[] numArray;
            IntPtr intPtr1 = AesGcm.OpenAlgorithmProvider(BCrypt.BCRYPT_AES_ALGORITHM, BCrypt.MS_PRIMITIVE_PROVIDER, BCrypt.BCRYPT_CHAIN_MODE_GCM);
            IntPtr intPtr2 = AesGcm.ImportKey(intPtr1, key, out intPtr);

            BCrypt.BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO bCRYPTAUTHENTICATEDCIPHERMODEINFO  = new BCrypt.BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO(iv, aad, authTag);
            BCrypt.BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO bCRYPTAUTHENTICATEDCIPHERMODEINFO1 = bCRYPTAUTHENTICATEDCIPHERMODEINFO;
            try
            {
                byte[] numArray1 = new byte[AesGcm.MaxAuthTagSize(intPtr1)];
                int    num       = 0;
                uint   num1      = BCrypt.BCryptDecrypt(intPtr, cipherText, (int)cipherText.Length, ref bCRYPTAUTHENTICATEDCIPHERMODEINFO, numArray1, (int)numArray1.Length, null, 0, ref num, 0);
                if (num1 != 0)
                {
                    throw new CryptographicException(string.Format("BCrypt.BCryptDecrypt() (get size) failed with status code: {0}", num1));
                }
                numArray = new byte[num];
                num1     = BCrypt.BCryptDecrypt(intPtr, cipherText, (int)cipherText.Length, ref bCRYPTAUTHENTICATEDCIPHERMODEINFO, numArray1, (int)numArray1.Length, numArray, (int)numArray.Length, ref num, 0);
                if (num1 == BCrypt.STATUS_AUTH_TAG_MISMATCH)
                {
                    throw new CryptographicException("BCrypt.BCryptDecrypt(): authentication tag mismatch");
                }
                if (num1 != 0)
                {
                    throw new CryptographicException(string.Format("BCrypt.BCryptDecrypt() failed with status code:{0}", num1));
                }
            }
            finally
            {
                ((IDisposable)bCRYPTAUTHENTICATEDCIPHERMODEINFO1).Dispose();
            }
            BCrypt.BCryptDestroyKey(intPtr);
            Marshal.FreeHGlobal(intPtr2);
            BCrypt.BCryptCloseAlgorithmProvider(intPtr1, 0);
            return(numArray);
        }
Пример #11
0
        public static byte[][] Encrypt(byte[] key, byte[] iv, byte[] aad, byte[] plainText)
        {
            IntPtr intPtr;

            byte[] numArray;
            IntPtr intPtr1 = AesGcm.OpenAlgorithmProvider(BCrypt.BCRYPT_AES_ALGORITHM, BCrypt.MS_PRIMITIVE_PROVIDER, BCrypt.BCRYPT_CHAIN_MODE_GCM);
            IntPtr intPtr2 = AesGcm.ImportKey(intPtr1, key, out intPtr);

            byte[] numArray1 = new byte[AesGcm.MaxAuthTagSize(intPtr1)];
            BCrypt.BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO bCRYPTAUTHENTICATEDCIPHERMODEINFO  = new BCrypt.BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO(iv, aad, numArray1);
            BCrypt.BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO bCRYPTAUTHENTICATEDCIPHERMODEINFO1 = bCRYPTAUTHENTICATEDCIPHERMODEINFO;
            try
            {
                byte[] numArray2 = new byte[(int)numArray1.Length];
                int    num       = 0;
                uint   num1      = BCrypt.BCryptEncrypt(intPtr, plainText, (int)plainText.Length, ref bCRYPTAUTHENTICATEDCIPHERMODEINFO, numArray2, (int)numArray2.Length, null, 0, ref num, 0);
                if (num1 != 0)
                {
                    throw new CryptographicException(string.Format("BCrypt.BCryptEncrypt() (get size) failed with status code:{0}", num1));
                }
                numArray = new byte[num];
                num1     = BCrypt.BCryptEncrypt(intPtr, plainText, (int)plainText.Length, ref bCRYPTAUTHENTICATEDCIPHERMODEINFO, numArray2, (int)numArray2.Length, numArray, (int)numArray.Length, ref num, 0);
                if (num1 != 0)
                {
                    throw new CryptographicException(string.Format("BCrypt.BCryptEncrypt() failed with status code:{0}", num1));
                }
                Marshal.Copy(bCRYPTAUTHENTICATEDCIPHERMODEINFO.pbTag, numArray1, 0, bCRYPTAUTHENTICATEDCIPHERMODEINFO.cbTag);
            }
            finally
            {
                ((IDisposable)bCRYPTAUTHENTICATEDCIPHERMODEINFO1).Dispose();
            }
            BCrypt.BCryptDestroyKey(intPtr);
            Marshal.FreeHGlobal(intPtr2);
            BCrypt.BCryptCloseAlgorithmProvider(intPtr1, 0);
            return(new byte[][] { numArray, numArray1 });
        }
Пример #12
0
 private static int MaxAuthTagSize(IntPtr hAlg)
 {
     byte[] property = AesGcm.GetProperty(hAlg, BCrypt.BCRYPT_AUTH_TAG_LENGTH);
     return(BitConverter.ToInt32(new byte[] { property[4], property[5], property[6], property[7] }, 0));
 }