private void RSA_1_5_KeyWrap()
{
IAsymmetricBlockCipher cipher = new Pkcs1Encoding(new RsaEngine());
RsaKeyParameters pubParameters = new RsaKeyParameters(false, _mKey.AsBigInteger("n"), _mKey.AsBigInteger("e"));
cipher.Init(true, new ParametersWithRandom(pubParameters, Message.s_PRNG));
byte[] outBytes = cipher.ProcessBlock(_payload, 0, _payload.Length);
_rgbEncrypted = outBytes;
}
private byte[] ECDH_GenerateSecret(JWK key, EncryptMessage msg)
{
JWK epk;
if ((key.AsString("kty") != "EC") && (key.AsString("kty") != "OKP"))
{
throw new JoseException("Not an EC or OKP Key");
}
if (_mSenderKey != null)
{
epk = _mSenderKey;
}
else
{
CBORObject epkT = FindAttr("epk", msg);
if (epkT == null)
{
throw new JoseException("No Ephemeral key");
}
epk = new JWK(epkT);
}
if (epk.AsString("crv") != key.AsString("crv"))
{
throw new JoseException("not a match of curves");
}
if (key.AsString("kty") == "EC")
{
// Get the curve
X9ECParameters p = NistNamedCurves.GetByName(key.AsString("crv"));
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
Org.BouncyCastle.Math.EC.ECPoint pubPoint = p.Curve.CreatePoint(epk.AsBigInteger("x"), epk.AsBigInteger("y"));
ECPublicKeyParameters pub = new ECPublicKeyParameters(pubPoint, parameters);
ECPrivateKeyParameters priv = new ECPrivateKeyParameters(key.AsBigInteger("d"), parameters);
IBasicAgreement e1 = new ECDHBasicAgreement();
e1.Init(priv);
BigInteger k1 = e1.CalculateAgreement(pub);
return(k1.ToByteArrayUnsigned());
}
else
{
switch (epk.AsString("crv"))
{
case "X25519": {
X25519PublicKeyParameters pub =
new X25519PublicKeyParameters(epk.AsBytes("x"), 0);
X25519PrivateKeyParameters priv =
new X25519PrivateKeyParameters(key.AsBytes("d"), 0);
X25519Agreement agree = new X25519Agreement();
agree.Init(priv);
byte[] secret = new byte[32];
agree.CalculateAgreement(pub, secret, 0);
return(secret);
}
default:
throw new JoseException("Unsupported curve");
}
}
}
public byte[] Decrypt(int cbitKey, EncryptMessage msg)
{
JWK key = _mKey;
if (key == null)
{
throw new JoseException("No key specified.");
}
string alg;
alg = FindAttr("alg", msg).AsString();
switch (alg)
{
case "dir":
if (key.AsString("kty") != "oct")
{
return(null);
}
return(key.AsBytes("k"));
case "ECDH-ES": {
if ((key.AsString("kty") != "EC") && (key.AsString("kty") != "OKP"))
{
return(null);
}
byte[] secret = Ecdh(key, msg);
byte[] kwKey = Kdf(secret, msg, cbitKey, FindAttr("enc", msg).AsString());
return(kwKey);
}
case "A128KW":
case "A192KW":
case "A256KW":
if (key.AsString("kty") != "oct")
{
return(null);
}
return(AES_KeyWrap(key.AsBytes("k")));
case "A128GCMKW":
case "A192GCMKW":
case "A256GCMKW":
if (key.AsString("kty") != "oct")
{
return(null);
}
return(AESGCM_KeyWrap(key.AsBytes("k"), msg));
case "PBES2-HS256+A128KW":
case "PBES2-HS384+A192KW":
case "PBES2-HS512+A256KW": {
if (key.AsString("kty") != "oct")
{
return(null);
}
byte[] saltInput = Message.base64urldecode(FindAttr("p2s", msg).AsString());
byte[] algBytes = Encoding.UTF8.GetBytes(alg);
byte[] salt = new byte[alg.Length + 1 + saltInput.Length];
Array.Copy(algBytes, salt, algBytes.Length);
Array.Copy(saltInput, 0, salt, algBytes.Length + 1, saltInput.Length);
int iterCount = FindAttr("p2c", msg).AsInt32();
byte[] rgbSecret = PBKDF2(key.AsBytes("k"), salt, iterCount, 256 / 8, new Sha512Digest());
return(AES_KeyWrap(rgbSecret));
}
case "RSA-OAEP-256":
case "RSA-OAEP": {
IAsymmetricBlockCipher cipher = new OaepEncoding(new RsaEngine(), alg == "RSA-OAEP" ? (IDigest) new Sha1Digest() : new Sha256Digest());
RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(key.AsBigInteger("n"), key.AsBigInteger("e"), key.AsBigInteger("d"), key.AsBigInteger("p"), key.AsBigInteger("q"),
key.AsBigInteger("dp"), key.AsBigInteger("dq"), key.AsBigInteger("qi"));
cipher.Init(false, prv);
byte[] outBytes = cipher.ProcessBlock(_rgbEncrypted, 0, _rgbEncrypted.Length);
return(outBytes);
}
case "ECDH-ES+A128KW": {
if ((key.AsString("kty") != "EC") && (key.AsString("kty") != "OKP"))
{
return(null);
}
byte[] secret = Ecdh(key, msg);
byte[] kwKey = Kdf(secret, msg, 128, FindAttr("alg", msg).AsString());
return(AES_KeyWrap(kwKey));
}
case "ECDH-ES+A192KW": {
if (key.AsString("kty") != "EC")
{
return(null);
}
byte[] secret = Ecdh(key, msg);
byte[] kwKey = Kdf(secret, msg, 192, FindAttr("alg", msg).AsString());
return(AES_KeyWrap(kwKey));
}
case "ECDH-ES+A256KW": {
if (key.AsString("kty") != "EC")
{
return(null);
}
byte[] secret = Ecdh(key, msg);
byte[] kwKey = Kdf(secret, msg, 256, FindAttr("alg", msg).AsString());
return(AES_KeyWrap(kwKey));
}
case "RSA1_5": {
if (key.AsString("kty") != "RSA")
{
return(null);
}
IAsymmetricBlockCipher cipher = new Pkcs1Encoding(new RsaEngine());
RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(key.AsBigInteger("n"), key.AsBigInteger("e"), key.AsBigInteger("d"), key.AsBigInteger("p"), key.AsBigInteger("q"),
key.AsBigInteger("dp"), key.AsBigInteger("dq"), key.AsBigInteger("qi"));
cipher.Init(false, prv);
return(cipher.ProcessBlock(_rgbEncrypted, 0, _rgbEncrypted.Length));
}
}
return(null);
}
public bool Verify(SignMessage msg)
{
string alg = FindAttribute("alg").AsString();
JWK key = keyToSign;
IDigest digest;
IDigest digest2;
switch (alg)
{
case "RS256":
case "ES256":
case "PS256":
case "HS256":
digest = new Sha256Digest();
digest2 = new Sha256Digest();
break;
case "RS384":
case "ES384":
case "PS384":
case "HS384":
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
case "RS512":
case "ES512":
case "PS512":
case "HS512":
digest = new Sha512Digest();
digest2 = new Sha512Digest();
break;
case "EdDSA":
digest = null;
digest2 = null;
break;
default:
throw new JoseException("Unknown signature algorithm");
}
//
byte[] toBeSigned;
string str = "";
string body = Encoding.UTF8.GetString(msg.payloadB64);
if (ProtectedMap.ContainsKey("b64") && ProtectedMap["b64"].AsBoolean() == false)
{
str += protectedB64 + "." + body;
}
else
{
str += protectedB64 + "." + body;
}
toBeSigned = Encoding.UTF8.GetBytes(str);
switch (alg)
{
case "RS256":
case "RS384":
case "RS512": {
if (key.AsString("kty") != "RSA")
{
throw new JoseException("Wrong Key");
}
RsaDigestSigner signer = new RsaDigestSigner(digest);
RsaKeyParameters pub = new RsaKeyParameters(false, key.AsBigInteger("n"), key.AsBigInteger("e"));
signer.Init(false, pub);
signer.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
if (!signer.VerifySignature(signature))
{
throw new JoseException("Message failed to verify");
}
}
break;
case "PS256":
case "PS384":
case "PS512": {
PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest2.GetDigestSize());
RsaKeyParameters pub = new RsaKeyParameters(false, key.AsBigInteger("n"), key.AsBigInteger("e"));
signer.Init(false, pub);
signer.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
if (!signer.VerifySignature(signature))
{
throw new JoseException("Message failed to verify");
}
}
break;
case "ES256":
case "ES384":
case "ES512": {
digest.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
byte[] o1 = new byte[digest.GetDigestSize()];
digest.DoFinal(o1, 0);
if (key.AsString("kty") != "EC")
{
throw new JoseException("Wrong Key Type");
}
ICipherParameters pubKey = keyToSign.AsPublicKey();
ECDsaSigner ecdsa = new ECDsaSigner();
ecdsa.Init(false, pubKey);
BigInteger r = new BigInteger(1, signature, 0, signature.Length / 2);
BigInteger s = new BigInteger(1, signature, signature.Length / 2, signature.Length / 2);
if (!ecdsa.VerifySignature(o1, r, s))
{
throw new JoseException("Signature did not validate");
}
}
break;
case "HS256":
case "HS384":
case "HS512": {
HMac hmac = new HMac(digest);
KeyParameter K = new KeyParameter(Message.base64urldecode(key.AsString("k")));
hmac.Init(K);
hmac.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
byte[] resBuf = new byte[hmac.GetMacSize()];
hmac.DoFinal(resBuf, 0);
bool fVerify = true;
for (int i = 0; i < resBuf.Length; i++)
{
if (resBuf[i] != signature[i])
{
fVerify = false;
}
}
if (!fVerify)
{
throw new JoseException("Signature did not validate");
}
}
break;
case "EdDSA": {
ISigner eddsa;
if (key.AsString("kty") != "OKP")
{
throw new JoseException("Wrong Key Type");
}
switch (key.AsString("crv"))
{
case "Ed25519": {
Ed25519PublicKeyParameters privKey =
new Ed25519PublicKeyParameters(key.AsBytes("X"), 0);
eddsa = new Ed25519Signer();
eddsa.Init(false, privKey);
eddsa.BlockUpdate(toBeSigned, 0, toBeSigned.Length);
if (!eddsa.VerifySignature(signature))
{
throw new JoseException("Signature did not validate");
}
break;
}
default:
throw new JoseException("Unknown algorithm");
}
break;
}
default:
throw new JoseException("Unknown algorithm");
}
return(true);
}
