Source code

001/*
002 * nimbus-jose-jwt
003 *
004 * Copyright 2012-2016, Connect2id Ltd.
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
007 * this file except in compliance with the License. You may obtain a copy of the
008 * License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software distributed
013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
015 * specific language governing permissions and limitations under the License.
016 */
017
018package com.nimbusds.jose.crypto;
019
020
021import java.security.interfaces.ECPrivateKey;
022import java.security.interfaces.ECPublicKey;
023import java.util.Collections;
024import java.util.LinkedHashSet;
025import java.util.Set;
026import javax.crypto.SecretKey;
027
028import com.nimbusds.jose.*;
029import com.nimbusds.jose.crypto.utils.ECChecks;
030import com.nimbusds.jose.jwk.Curve;
031import com.nimbusds.jose.jwk.ECKey;
032import com.nimbusds.jose.util.Base64URL;
033
034
035/**
036 * Elliptic Curve Diffie-Hellman decrypter of
037 * {@link com.nimbusds.jose.JWEObject JWE objects} for curves using EC JWK keys.
038 * Expects a private EC key (with a P-256, P-384 or P-521 curve).
039 *
040 * <p>See RFC 7518
041 * <a href="https://tools.ietf.org/html/rfc7518#section-4.6">section 4.6</a>
042 * for more information.
043 *
044 * <p>For Curve25519/X25519, see {@link X25519Decrypter} instead.
045 *
046 * <p>This class is thread-safe.
047 *
048 * <p>Supports the following key management algorithms:
049 *
050 * <ul>
051 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#ECDH_ES}
052 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#ECDH_ES_A128KW}
053 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#ECDH_ES_A192KW}
054 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#ECDH_ES_A256KW}
055 * </ul>
056 *
057 * <p>Supports the following elliptic curves:
058 *
059 * <ul>
060 *     <li>{@link com.nimbusds.jose.jwk.Curve#P_256}
061 *     <li>{@link com.nimbusds.jose.jwk.Curve#P_384}
062 *     <li>{@link com.nimbusds.jose.jwk.Curve#P_521}
063 * </ul>
064 *
065 * <p>Supports the following content encryption algorithms:
066 *
067 * <ul>
068 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A128CBC_HS256}
069 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A192CBC_HS384}
070 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A256CBC_HS512}
071 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A128GCM}
072 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A192GCM}
073 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A256GCM}
074 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A128CBC_HS256_DEPRECATED}
075 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A256CBC_HS512_DEPRECATED}
076 * </ul>
077 *
078 * @author Vladimir Dzhuvinov
079 * @version 2017-04-13
080 */
081public class ECDHDecrypter extends ECDHCryptoProvider implements JWEDecrypter, CriticalHeaderParamsAware {
082
083
084        /**
085         * The supported EC JWK curves by the ECDH crypto provider class.
086         */
087        public static final Set<Curve> SUPPORTED_ELLIPTIC_CURVES;
088
089
090        static {
091                Set<Curve> curves = new LinkedHashSet<>();
092                curves.add(Curve.P_256);
093                curves.add(Curve.P_384);
094                curves.add(Curve.P_521);
095                SUPPORTED_ELLIPTIC_CURVES = Collections.unmodifiableSet(curves);
096        }
097
098
099        /**
100         * The private EC key.
101         */
102        private final ECPrivateKey privateKey;
103
104
105        /**
106         * The critical header policy.
107         */
108        private final CriticalHeaderParamsDeferral critPolicy = new CriticalHeaderParamsDeferral();
109
110
111        /**
112         * Creates a new Elliptic Curve Diffie-Hellman decrypter.
113         *
114         * @param privateKey The private EC key. Must not be {@code null}.
115         *
116         * @throws JOSEException If the elliptic curve is not supported.
117         */
118        public ECDHDecrypter(final ECPrivateKey privateKey)
119                throws JOSEException {
120
121                this(privateKey, null);
122        }
123
124
125        /**
126         * Creates a new Elliptic Curve Diffie-Hellman decrypter.
127         *
128         * @param ecJWK The EC JSON Web Key (JWK). Must contain a private
129         *              part. Must not be {@code null}.
130         *
131         * @throws JOSEException If the elliptic curve is not supported.
132         */
133        public ECDHDecrypter(final ECKey ecJWK)
134                throws JOSEException {
135
136                super(ecJWK.getCurve());
137
138                if (! ecJWK.isPrivate()) {
139                        throw new JOSEException("The EC JWK doesn't contain a private part");
140                }
141
142                this.privateKey = ecJWK.toECPrivateKey();
143        }
144
145
146        /**
147         * Creates a new Elliptic Curve Diffie-Hellman decrypter.
148         *
149         * @param privateKey     The private EC key. Must not be {@code null}.
150         * @param defCritHeaders The names of the critical header parameters
151         *                       that are deferred to the application for
152         *                       processing, empty set or {@code null} if none.
153         *
154         * @throws JOSEException If the elliptic curve is not supported.
155         */
156        public ECDHDecrypter(final ECPrivateKey privateKey, final Set<String> defCritHeaders)
157                throws JOSEException {
158
159                super(Curve.forECParameterSpec(privateKey.getParams()));
160
161                critPolicy.setDeferredCriticalHeaderParams(defCritHeaders);
162
163                this.privateKey = privateKey;
164        }
165
166
167        /**
168         * Returns the private EC key.
169         *
170         * @return The private EC key.
171         */
172        public ECPrivateKey getPrivateKey() {
173
174                return privateKey;
175        }
176
177
178        @Override
179        public Set<Curve> supportedEllipticCurves() {
180
181                return SUPPORTED_ELLIPTIC_CURVES;
182        }
183
184
185        @Override
186        public Set<String> getProcessedCriticalHeaderParams() {
187
188                return critPolicy.getProcessedCriticalHeaderParams();
189        }
190
191
192        @Override
193        public Set<String> getDeferredCriticalHeaderParams() {
194
195                return critPolicy.getProcessedCriticalHeaderParams();
196        }
197
198
199        @Override
200        public byte[] decrypt(final JWEHeader header,
201                              final Base64URL encryptedKey,
202                              final Base64URL iv,
203                              final Base64URL cipherText,
204                              final Base64URL authTag)
205                throws JOSEException {
206
207                critPolicy.ensureHeaderPasses(header);
208
209                // Get ephemeral EC key
210                ECKey ephemeralKey = (ECKey) header.getEphemeralPublicKey();
211
212                if (ephemeralKey == null) {
213                        throw new JOSEException("Missing ephemeral public EC key \"epk\" JWE header parameter");
214                }
215
216                ECPublicKey ephemeralPublicKey = ephemeralKey.toECPublicKey();
217                
218                // Curve check
219                if (! ECChecks.isPointOnCurve(ephemeralPublicKey, getPrivateKey())) {
220                        throw new JOSEException("Invalid ephemeral public EC key: Point(s) not on the expected curve");
221                }
222
223                // Derive 'Z'
224                SecretKey Z = ECDH.deriveSharedSecret(
225                        ephemeralPublicKey,
226                        privateKey,
227                        getJCAContext().getKeyEncryptionProvider());
228
229                return decryptWithZ(header, Z, encryptedKey, iv, cipherText, authTag);
230        }
231}