Source code

001/*
002 * nimbus-jose-jwt
003 *
004 * Copyright 2012-2016, Connect2id Ltd.
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
007 * this file except in compliance with the License. You may obtain a copy of the
008 * License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software distributed
013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
015 * specific language governing permissions and limitations under the License.
016 */
017
018package com.nimbusds.jose.crypto;
019
020
021import java.security.*;
022import java.util.Collections;
023import java.util.Set;
024import javax.crypto.SecretKey;
025
026import com.google.crypto.tink.subtle.X25519;
027import com.nimbusds.jose.*;
028import com.nimbusds.jose.jwk.Curve;
029import com.nimbusds.jose.jwk.OctetKeyPair;
030import com.nimbusds.jose.util.Base64URL;
031import net.jcip.annotations.ThreadSafe;
032
033
034/**
035 * Curve25519 Elliptic Curve Diffie-Hellman encrypter of
036 * {@link com.nimbusds.jose.JWEObject JWE objects}.
037 * Expects a public {@link OctetKeyPair} key with {@code "crv"} X25519.
038 *
039 * <p>See <a href="https://tools.ietf.org/html/rfc8037">RFC 8037</a>
040 * for more information.
041 *
042 * <p>See also {@link ECDHEncrypter} for ECDH on other curves.
043 *
044 * <p>This class is thread-safe.
045 *
046 * <p>Supports the following key management algorithms:
047 *
048 * <ul>
049 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#ECDH_ES}
050 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#ECDH_ES_A128KW}
051 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#ECDH_ES_A192KW}
052 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#ECDH_ES_A256KW}
053 * </ul>
054 *
055 * <p>Supports the following elliptic curve:
056 *
057 * <ul>
058 *     <li>{@link com.nimbusds.jose.jwk.Curve#X25519} (Curve25519)
059 * </ul>
060 *
061 * <p>Supports the following content encryption algorithms:
062 *
063 * <ul>
064 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A128CBC_HS256}
065 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A192CBC_HS384}
066 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A256CBC_HS512}
067 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A128GCM}
068 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A192GCM}
069 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A256GCM}
070 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A128CBC_HS256_DEPRECATED}
071 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A256CBC_HS512_DEPRECATED}
072 * </ul>
073 *
074 * @author Tim McLean
075 * @version 2018-07-12
076 */
077@ThreadSafe
078public class X25519Encrypter extends ECDHCryptoProvider implements JWEEncrypter {
079
080
081        /**
082         * The public key.
083         */
084        private final OctetKeyPair publicKey;
085
086
087        /**
088         * Creates a new Curve25519 Elliptic Curve Diffie-Hellman encrypter.
089         *
090         * @param publicKey The public key. Must not be {@code null}.
091         *
092         * @throws JOSEException If the key subtype is not supported.
093         */
094        public X25519Encrypter(final OctetKeyPair publicKey)
095                throws JOSEException {
096
097                super(publicKey.getCurve());
098
099                if (! Curve.X25519.equals(publicKey.getCurve())) {
100                        throw new JOSEException("X25519Encrypter only supports OctetKeyPairs with crv=X25519");
101                }
102
103                if (publicKey.isPrivate()) {
104                        throw new JOSEException("X25519Encrypter requires a public key, use OctetKeyPair.toPublicJWK()");
105                }
106
107                this.publicKey = publicKey;
108        }
109
110
111        @Override
112        public Set<Curve> supportedEllipticCurves() {
113
114                return Collections.singleton(Curve.X25519);
115        }
116
117
118        /**
119         * Returns the public key.
120         *
121         * @return The public key.
122         */
123        public OctetKeyPair getPublicKey() {
124
125                return publicKey;
126        }
127
128
129        @Override
130        public JWECryptoParts encrypt(final JWEHeader header, final byte[] clearText)
131                throws JOSEException {
132
133                // Generate ephemeral X25519 key pair
134                final byte[] ephemeralPrivateKeyBytes = X25519.generatePrivateKey();
135                final byte[] ephemeralPublicKeyBytes;
136                try {
137                        ephemeralPublicKeyBytes = X25519.publicFromPrivate(ephemeralPrivateKeyBytes);
138
139                } catch (InvalidKeyException e) {
140                        // Should never happen since we just generated this private key
141                        throw new JOSEException(e.getMessage(), e);
142                }
143
144                final OctetKeyPair ephemeralPrivateKey =
145                        new OctetKeyPair.Builder(getCurve(), Base64URL.encode(ephemeralPublicKeyBytes)).
146                        d(Base64URL.encode(ephemeralPrivateKeyBytes)).
147                        build();
148                final OctetKeyPair ephemeralPublicKey = ephemeralPrivateKey.toPublicJWK();
149
150                // Add the ephemeral public EC key to the header
151                JWEHeader updatedHeader = new JWEHeader.Builder(header).
152                        ephemeralPublicKey(ephemeralPublicKey).
153                        build();
154
155                // Derive 'Z'
156                SecretKey Z = ECDH.deriveSharedSecret(publicKey, ephemeralPrivateKey);
157
158                return encryptWithZ(updatedHeader, Z, clearText);
159        }
160}