Source code

001/*
002 * nimbus-jose-jwt
003 *
004 * Copyright 2012-2016, Connect2id Ltd.
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
007 * this file except in compliance with the License. You may obtain a copy of the
008 * License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software distributed
013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
015 * specific language governing permissions and limitations under the License.
016 */
017
018package com.nimbusds.jose.crypto;
019
020
021import java.security.*;
022import java.security.interfaces.ECPrivateKey;
023import java.security.interfaces.ECPublicKey;
024import java.security.spec.ECParameterSpec;
025
026import javax.crypto.SecretKey;
027
028import net.jcip.annotations.ThreadSafe;
029
030import com.nimbusds.jose.*;
031import com.nimbusds.jose.jwk.ECKey;
032import com.nimbusds.jose.util.Base64URL;
033
034
035/**
036 * Elliptic Curve Diffie-Hellman encrypter of
037 * {@link com.nimbusds.jose.JWEObject JWE objects}. Expects a public EC key
038 * (with a P-256, P-384 or P-521 curve).
039 *
040 * <p>See RFC 7518
041 * <a href="https://tools.ietf.org/html/rfc7518#section-4.6">section 4.6</a>
042 * for more information.
043 *
044 * <p>This class is thread-safe.
045 *
046 * <p>Supports the following key management algorithms:
047 *
048 * <ul>
049 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#ECDH_ES}
050 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#ECDH_ES_A128KW}
051 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#ECDH_ES_A192KW}
052 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#ECDH_ES_A256KW}
053 * </ul>
054 *
055 * <p>Supports the following elliptic curves:
056 *
057 * <ul>
058 *     <li>{@link com.nimbusds.jose.jwk.ECKey.Curve#P_256}
059 *     <li>{@link com.nimbusds.jose.jwk.ECKey.Curve#P_384}
060 *     <li>{@link com.nimbusds.jose.jwk.ECKey.Curve#P_521}
061 * </ul>
062 *
063 * <p>Supports the following content encryption algorithms:
064 *
065 * <ul>
066 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A128CBC_HS256}
067 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A192CBC_HS384}
068 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A256CBC_HS512}
069 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A128GCM}
070 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A192GCM}
071 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A256GCM}
072 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A128CBC_HS256_DEPRECATED}
073 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A256CBC_HS512_DEPRECATED}
074 * </ul>
075 *
076 * @author Vladimir Dzhuvinov
077 * @version 2015-06-08
078 */
079@ThreadSafe
080public class ECDHEncrypter extends ECDHCryptoProvider implements JWEEncrypter {
081
082
083        /**
084         * The public EC key.
085         */
086        private final ECPublicKey publicKey;
087
088
089        /**
090         * Creates a new Elliptic Curve Diffie-Hellman encrypter.
091         *
092         * @param publicKey The public EC key. Must not be {@code null}.
093         *
094         * @throws JOSEException If the elliptic curve is not supported.
095         */
096        public ECDHEncrypter(final ECPublicKey publicKey)
097                throws JOSEException {
098
099                super(ECKey.Curve.forECParameterSpec(publicKey.getParams()));
100
101                this.publicKey = publicKey;
102        }
103
104
105        /**
106         * Creates a new Elliptic Curve Diffie-Hellman encrypter.
107         *
108         * @param ecJWK The EC JSON Web Key (JWK). Must not be {@code null}.
109         *
110         * @throws JOSEException If the elliptic curve is not supported.
111         */
112        public ECDHEncrypter(final ECKey ecJWK)
113                throws JOSEException {
114
115                super(ecJWK.getCurve());
116
117                publicKey = ecJWK.toECPublicKey();
118        }
119
120
121        /**
122         * Returns the public EC key.
123         *
124         * @return The public EC key.
125         */
126        public ECPublicKey getPublicKey() {
127
128                return publicKey;
129        }
130
131
132        @Override
133        public JWECryptoParts encrypt(final JWEHeader header, final byte[] clearText)
134                throws JOSEException {
135
136                final JWEAlgorithm alg = header.getAlgorithm();
137                final ECDH.AlgorithmMode algMode = ECDH.resolveAlgorithmMode(alg);
138                final EncryptionMethod enc = header.getEncryptionMethod();
139
140                // Generate ephemeral EC key pair on the same curve as the consumer's public key
141                KeyPair ephemeralKeyPair = generateEphemeralKeyPair(publicKey.getParams());
142                ECPublicKey ephemeralPublicKey = (ECPublicKey)ephemeralKeyPair.getPublic();
143                ECPrivateKey ephemeralPrivateKey = (ECPrivateKey)ephemeralKeyPair.getPrivate();
144
145                // Derive 'Z'
146                SecretKey Z = ECDH.deriveSharedSecret(
147                        publicKey,
148                        ephemeralPrivateKey,
149                        getJCAContext().getKeyEncryptionProvider());
150
151                // Derive shared key via concat KDF
152                getConcatKDF().getJCAContext().setProvider(getJCAContext().getMACProvider()); // update before concat
153                SecretKey sharedKey = ECDH.deriveSharedKey(header, Z, getConcatKDF());
154
155                final SecretKey cek;
156                final Base64URL encryptedKey; // The CEK encrypted (second JWE part)
157
158                if (algMode.equals(ECDH.AlgorithmMode.DIRECT)) {
159                        cek = sharedKey;
160                        encryptedKey = null;
161                } else if (algMode.equals(ECDH.AlgorithmMode.KW)) {
162                        cek = ContentCryptoProvider.generateCEK(enc, getJCAContext().getSecureRandom());
163                        encryptedKey = Base64URL.encode(AESKW.wrapCEK(cek, sharedKey, getJCAContext().getKeyEncryptionProvider()));
164                } else {
165                        throw new JOSEException("Unexpected JWE ECDH algorithm mode: " + algMode);
166                }
167
168                // Add the ephemeral public EC key to the header
169                JWEHeader updatedHeader = new JWEHeader.Builder(header).
170                        ephemeralPublicKey(new ECKey.Builder(getCurve(), ephemeralPublicKey).build()).
171                        build();
172
173                return ContentCryptoProvider.encrypt(updatedHeader, clearText, cek, encryptedKey, getJCAContext());
174        }
175
176
177        /**
178         * Generates a new ephemeral EC key pair with the specified curve.
179         *
180         * @param ecParameterSpec The EC key spec. Must not be {@code null}.
181         *
182         * @return The EC key pair.
183         *
184         * @throws JOSEException If the EC key pair couldn't be generated.
185         */
186        private KeyPair generateEphemeralKeyPair(final ECParameterSpec ecParameterSpec)
187                throws JOSEException {
188
189                Provider keProvider = getJCAContext().getKeyEncryptionProvider();
190
191                try {
192                        KeyPairGenerator generator;
193
194                        if (keProvider != null) {
195                                generator = KeyPairGenerator.getInstance("EC", keProvider);
196                        } else {
197                                generator = KeyPairGenerator.getInstance("EC");
198                        }
199
200                        generator.initialize(ecParameterSpec);
201                        return generator.generateKeyPair();
202                } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException e) {
203                        throw new JOSEException("Couldn't generate ephemeral EC key pair: " + e.getMessage(), e);
204                }
205        }
206}