public override WrapResult WrapKey(KeyWrapAlgorithm algorithm, byte[] key, CancellationToken cancellationToken) { Argument.AssertNotNull(key, nameof(key)); ThrowIfTimeInvalid(); int algorithmKeySizeBytes = algorithm.GetKeySizeInBytes(); if (algorithmKeySizeBytes == 0) { KeysEventSource.Singleton.AlgorithmNotSupported(nameof(WrapKey), algorithm); return(null); } int keySizeBytes = GetKeySizeInBytes(); if (keySizeBytes < algorithmKeySizeBytes) { throw new ArgumentException($"Key wrap algorithm {algorithm} key size {algorithmKeySizeBytes} is greater than the underlying key size {keySizeBytes}"); } byte[] sizedKey = (keySizeBytes == algorithmKeySizeBytes) ? KeyMaterial.K : KeyMaterial.K.Take(algorithmKeySizeBytes); using ICryptoTransform encryptor = AesKw.CreateEncryptor(sizedKey); byte[] encryptedKey = encryptor.TransformFinalBlock(key, 0, key.Length); return(new WrapResult { Algorithm = algorithm, EncryptedKey = encryptedKey, KeyId = KeyMaterial.Id, }); }
public UnwrapResult UnwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CancellationToken cancellationToken) { Argument.AssertNotNull(encryptedKey, nameof(encryptedKey)); int algorithmKeySizeBytes = algorithm.GetKeySizeInBytes(); if (algorithmKeySizeBytes == 0) { // TODO: Log that we don't support the algorithm locally. return(null); } int keySizeBytes = GetKeySizeInBytes(); if (keySizeBytes < algorithmKeySizeBytes) { throw new ArgumentException($"Key wrap algorithm {algorithm} key size {algorithmKeySizeBytes} is greater than the underlying key size {keySizeBytes}"); } byte[] sizedKey = (keySizeBytes == algorithmKeySizeBytes) ? _jwk.K : _jwk.K.Take(algorithmKeySizeBytes); using ICryptoTransform decryptor = AesKw.CreateDecryptor(sizedKey); byte[] key = decryptor.TransformFinalBlock(encryptedKey, 0, encryptedKey.Length); return(new UnwrapResult { Algorithm = algorithm, Key = key, KeyId = _jwk.Id, }); }
public override UnwrapResult UnwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CancellationToken cancellationToken) { Argument.AssertNotNull(encryptedKey, nameof(encryptedKey)); AesKw keyWrapAlgorithm = algorithm.GetAesKeyWrapAlgorithm(); if (keyWrapAlgorithm == null) { KeysEventSource.Singleton.AlgorithmNotSupported(nameof(UnwrapKey), algorithm); return(null); } int keySizeBytes = GetKeySizeInBytes(); if (keySizeBytes < keyWrapAlgorithm.KeySizeInBytes) { throw new ArgumentException($"Key wrap algorithm {algorithm} key size {keyWrapAlgorithm.KeySizeInBytes} is greater than the underlying key size {keySizeBytes}"); } using ICryptoTransform decryptor = keyWrapAlgorithm.CreateDecryptor(KeyMaterial.K); byte[] key = decryptor.TransformFinalBlock(encryptedKey, 0, encryptedKey.Length); return(new UnwrapResult { Algorithm = algorithm, Key = key, KeyId = KeyMaterial.Id, }); }
internal AesKwDecryptor(byte[] keyBytes, byte[] iv) { // Create the AES provider _aes = AesKw.Create(keyBytes); // Set the AES IV to Zeroes var aesIv = new byte[_aes.BlockSize >> 3]; aesIv.Zero(); _aes.IV = aesIv; // Remember the real IV _iv = iv.Clone() as byte[]; }