/// <summary>
/// Performs AES decryption in GCM chaning mode over cipher text
/// </summary>
/// <param name="key">aes key</param>
/// <param name="iv">initialization vector</param>
/// <param name="aad">additional authn data</param>
/// <param name="plainText">plain text message to be encrypted</param>
/// <returns>decrypted plain text messages</returns>
/// <exception cref="CryptographicException">if decryption failed by any reason</exception>
public static byte[] Decrypt(byte[] key, byte[] iv, byte[] aad, byte[] cipherText, byte[] authTag)
{
using var gcm = new System.Security.Cryptography.AesGcm(key);
var plaintext = new byte[cipherText.Length];
gcm.Decrypt(nonce: iv, ciphertext: cipherText, tag: authTag, plaintext: plaintext, associatedData: aad);
return(plaintext);
}
/// <summary>
/// Performs AES encryption in GCM chaining mode over plain text
/// </summary>
/// <param name="key">aes key</param>
/// <param name="iv">initialization vector</param>
/// <param name="aad">additional authn data</param>
/// <param name="plainText">plain text message to be encrypted</param>
/// <returns>2 byte[] arrays: [0]=cipher text, [1]=authentication tag</returns>
/// /// <exception cref="CryptographicException">if encryption failed by any reason</exception>
public static byte[][] Encrypt(byte[] key, byte[] iv, byte[] aad, byte[] plainText)
{
using var gcm = new System.Security.Cryptography.AesGcm(key);
var ciphertext = new byte[plainText.Length];
var tag = new byte[System.Security.Cryptography.AesGcm.TagByteSizes.MaxSize];
gcm.Encrypt(nonce: iv, plaintext: plainText, ciphertext: ciphertext, tag: tag, associatedData: aad);
return(new byte[][] { ciphertext, tag });
}
Decrypt(byte[] key, byte[] infoCipher)
{
if (key == null || key.Length != 32)
{
throw new ArgumentException("AesGcm key must be 32 bytes long.");
}
// Authentication tag.
byte[] tag = new byte[16];
// IV.
byte[] nonce = new byte[12];
int cipher_text_len;
byte[] cipher_text;
try
{
// Length of the cipher_text of interest inside the AES-GCM payload.
cipher_text_len = infoCipher.Length - tag.Length - nonce.Length;
cipher_text = new byte[cipher_text_len];
// Extract each entity of AES-GCM payload.
Buffer.BlockCopy(infoCipher, infoCipher.Length - tag.Length, tag, 0, tag.Length);
Buffer.BlockCopy(infoCipher, 0, nonce, 0, nonce.Length);
Buffer.BlockCopy(infoCipher, nonce.Length, cipher_text, 0, cipher_text_len);
}
catch (Exception e)
{
Debug.WriteLine(e.Message);
return(null);
}
//Debug.WriteLine(
// $"tag({Convert.ToBase64String(tag)}), "
// + $"nonce({Convert.ToBase64String(nonce)}), "
// + $"cipher({Convert.ToBase64String(cipher_text)})"
//);
byte[] plain_text = new byte[cipher_text_len];
using (var c = new SysCrypto.AesGcm(key))
{
try
{
c.Decrypt(nonce, cipher_text, tag, plain_text, null);
return(plain_text);
}
catch (Exception e)
{
Debug.WriteLine(e.Message);
return(null);
}
}
}
internal static AesGcmAuthenticated Encrypt(byte[] secretKeyBytes, byte[] nonce, byte[] plaintext, byte[] aad)
{
#if NETSTANDARD2_1
byte[] ciphertext = new byte[plaintext.Length];
byte[] authTag = new byte[System.Security.Cryptography.AesGcm.TagByteSizes.MaxSize];
using (var aes = new System.Security.Cryptography.AesGcm(secretKeyBytes))
{
aes.Encrypt(nonce, plaintext, ciphertext, authTag, aad);
}
return(new AesGcmAuthenticated(ciphertext, authTag));
#else
throw new EncryptionException("AES/GCM/NoPadding is unsupported on .NET Standard < 2.1");
#endif
}
internal static byte[] Decrypt(byte[] secretKeyBytes, JweObject jweObject)
{
#if NETSTANDARD2_1
byte[] plaintext;
using (var aes = new System.Security.Cryptography.AesGcm(secretKeyBytes))
{
byte[] nonce = Base64Utils.URLDecode(jweObject.Iv);
byte[] aad = Encoding.ASCII.GetBytes(jweObject.RawHeader);
byte[] authTag = Base64Utils.URLDecode(jweObject.AuthTag);
byte[] ciphertext = Base64Utils.URLDecode(jweObject.CipherText);
plaintext = new byte[ciphertext.Length];
aes.Decrypt(nonce, ciphertext, authTag, plaintext, aad);
}
return(plaintext);
#else
throw new EncryptionException("AES/GCM/NoPadding is unsupported on .NET Standard < 2.1");
#endif
}
public AesGcmWrapper(byte[] key)
{
_aesGcm = new Crypto.AesGcm(key);
}
Encrypt(byte[] key, byte[] plainText, byte[] nonce = null)
{
if (plainText == null)
{
throw new ArgumentException("AesGcm plaintext must not be null.");
}
if (key == null || key.Length != 32)
{
throw new ArgumentException("AesGcm key must be 32 bytes long.");
}
// Authentication tag.
byte[] tag = new byte[16];
// IV.
byte[] _nonce = new byte[12];
if (nonce == null)
{
Rng.GetBytes(_nonce);
}
else
{
if (nonce.Length != 12)
{
throw new ArgumentException("AesGcm must be 12 bytes long.");
}
_nonce = nonce;
}
byte[] cipherText = new byte[plainText.Length];
using (var c = new SysCrypto.AesGcm(key))
{
try
{
c.Encrypt(_nonce, plainText, cipherText, tag, null);
}
catch (Exception e)
{
Debug.WriteLine(e.Message);
return(null);
}
}
byte[] infoCipher = new byte[_nonce.Length + cipherText.Length + tag.Length];
Buffer.BlockCopy(
_nonce, 0,
infoCipher, 0,
_nonce.Length
);
Buffer.BlockCopy(
cipherText, 0,
infoCipher, _nonce.Length,
cipherText.Length
);
Buffer.BlockCopy(
tag, 0,
infoCipher, _nonce.Length + cipherText.Length,
tag.Length
);
return(infoCipher);
}
