public byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header) { var sharedPassphrase = Ensure.Type <string>(key, "Pbse2HmacShaKeyManagementWithAesKeyWrap management algorithm expectes key to be string."); byte[] sharedKey = Encoding.UTF8.GetBytes(sharedPassphrase); Ensure.Contains(header, new[] { "p2c" }, "Pbse2HmacShaKeyManagementWithAesKeyWrap algorithm expects 'p2c' param in JWT header, but was not found"); Ensure.Contains(header, new[] { "p2s" }, "Pbse2HmacShaKeyManagementWithAesKeyWrap algorithm expects 'p2s' param in JWT header, but was not found"); byte[] algId = Encoding.UTF8.GetBytes((string)header["alg"]); int iterationCount = (int)header["p2c"]; byte[] saltInput = Compact.Base64UrlDecode((string)header["p2s"]); byte[] salt = Arrays.Concat(algId, Arrays.Zero, saltInput); byte[] kek; using (var prf = PRF) { kek = PBKDF2.DeriveKey(sharedKey, salt, iterationCount, keyLengthBits, prf); } return(aesKW.Unwrap(encryptedCek, kek, cekSizeBits, header)); }
public byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header) { byte[] sharedKey = Ensure.Type <byte[]>(key, "AesGcmKeyWrapManagement alg expectes key to be byte[] array."); Ensure.BitSize(sharedKey, keyLengthBits, string.Format("AesGcmKeyWrapManagement management algorithm expected key of size {0} bits, but was given {1} bits", keyLengthBits, sharedKey.Length * 8)); Ensure.Contains(header, new[] { "iv" }, "AesGcmKeyWrapManagement algorithm expects 'iv' param in JWT header, but was not found"); Ensure.Contains(header, new[] { "tag" }, "AesGcmKeyWrapManagement algorithm expects 'tag' param in JWT header, but was not found"); byte[] iv = Compact.Base64UrlDecode((string)header["iv"]); byte[] authTag = Compact.Base64UrlDecode((string)header["tag"]); return(AesGcm.Decrypt(sharedKey, iv, null, encryptedCek, authTag)); }
public virtual byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header) { var privateKey = Ensure.Type <CngKey>(key, "EcdhKeyManagement alg expects key to be of CngKey type."); Ensure.Contains(header, new[] { "epk" }, "EcdhKeyManagement algorithm expects 'epk' key param in JWT header, but was not found"); Ensure.Contains(header, new[] { algIdHeader }, "EcdhKeyManagement algorithm expects 'enc' header to be present in JWT header, but was not found"); var epk = (IDictionary <string, object>)header["epk"]; Ensure.Contains(epk, new[] { "x", "y", "crv" }, "EcdhKeyManagement algorithm expects 'epk' key to contain 'x','y' and 'crv' fields."); var x = Compact.Base64UrlDecode((string)epk["x"]); var y = Compact.Base64UrlDecode((string)epk["y"]); var externalPublicKey = EccKey.New(x, y, usage: CngKeyUsages.KeyAgreement); return(DeriveKey(header, cekSizeBits, externalPublicKey, privateKey)); }