Source code

001/*
002 * nimbus-jose-jwt
003 *
004 * Copyright 2012-2021, Connect2id Ltd and contributors.
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
007 * this file except in compliance with the License. You may obtain a copy of the
008 * License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software distributed
013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
015 * specific language governing permissions and limitations under the License.
016 */
017
018package com.nimbusds.jose.crypto;
019
020
021import com.nimbusds.jose.*;
022import com.nimbusds.jose.crypto.impl.*;
023import com.nimbusds.jose.crypto.utils.ECChecks;
024import com.nimbusds.jose.jwk.Curve;
025import com.nimbusds.jose.jwk.ECKey;
026import com.nimbusds.jose.util.Base64URL;
027import com.nimbusds.jose.util.Pair;
028import net.jcip.annotations.ThreadSafe;
029
030import javax.crypto.SecretKey;
031import java.util.*;
032
033
034/**
035 * Elliptic Curve Diffie-Hellman Multi-recipient decrypter of
036 * {@link JWEObjectJSON JWE objects} for curves using EC JWK
037 * keys. Expects a private EC key (with a P-256, P-384 or P-521 curve).
038 *
039 * <p>Public Key Authenticated Encryption for JOSE
040 * <a href="https://datatracker.ietf.org/doc/html/draft-madden-jose-ecdh-1pu-04">ECDH-1PU</a>
041 * for more information.
042 *
043 * <p>This class is thread-safe.
044 *
045 * <p>Supports the following key management algorithms:
046 *
047 * <ul>
048 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#ECDH_ES}
049 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#ECDH_ES_A128KW}
050 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#ECDH_ES_A192KW}
051 *     <li>{@link com.nimbusds.jose.JWEAlgorithm#ECDH_ES_A256KW}
052 * </ul>
053 *
054 * <p>Supports the following elliptic curves:
055 *
056 * <ul>
057 *     <li>{@link com.nimbusds.jose.jwk.Curve#P_256}
058 *     <li>{@link com.nimbusds.jose.jwk.Curve#P_384}
059 *     <li>{@link com.nimbusds.jose.jwk.Curve#P_521}
060 * </ul>
061 *
062 * <p>Supports the following content encryption algorithms:
063 *
064 * <ul>
065 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A128CBC_HS256}
066 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A192CBC_HS384}
067 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A256CBC_HS512}
068 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A128GCM}
069 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A192GCM}
070 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A256GCM}
071 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A128CBC_HS256_DEPRECATED}
072 *     <li>{@link com.nimbusds.jose.EncryptionMethod#A256CBC_HS512_DEPRECATED}
073 *     <li>{@link com.nimbusds.jose.EncryptionMethod#XC20P}
074 * </ul>
075 *
076 * @author Alexander Martynov
077 * @version 2021-08-19
078 */
079@ThreadSafe
080public class ECDHDecrypterMulti extends ECDHCryptoProvider implements JWEDecrypterMulti, CriticalHeaderParamsAware {
081
082
083    /**
084     * The supported EC JWK curves by the ECDH crypto provider class.
085     */
086    public static final Set<Curve> SUPPORTED_ELLIPTIC_CURVES;
087
088
089    static {
090        Set<Curve> curves = new LinkedHashSet<>();
091        curves.add(Curve.P_256);
092        curves.add(Curve.P_384);
093        curves.add(Curve.P_521);
094        SUPPORTED_ELLIPTIC_CURVES = Collections.unmodifiableSet(curves);
095    }
096
097    /**
098     * The critical header policy.
099     */
100    private final CriticalHeaderParamsDeferral critPolicy = new CriticalHeaderParamsDeferral();
101
102    /**
103     * The list of private recipient's keys.
104     */
105    private final List<Pair<UnprotectedHeader, ECKey>>recipients;
106
107    /**
108     * Creates Elliptic Curve Diffie-Hellman Multi-recipient decrypter.
109     *
110     * @param recipients     The list of private recipient's keys.
111     *
112     * @throws JOSEException If the key subtype is not supported.
113     */
114    public ECDHDecrypterMulti(final List<Pair<UnprotectedHeader, ECKey>>recipients)
115            throws JOSEException {
116
117        this(recipients, null);
118    }
119
120    /**
121     * Creates Elliptic Curve Diffie-Hellman Multi-recipient decrypter.
122     *
123     * @param recipients     The list of private recipient's keys.
124     * @param defCritHeaders The names of the critical header parameters
125     *                       that are deferred to the application for
126     *                       processing, empty set or {@code null} if none.
127     *
128     * @throws JOSEException If the key subtype is not supported.
129     */
130    public ECDHDecrypterMulti(final List<Pair<UnprotectedHeader, ECKey>>recipients, final Set<String> defCritHeaders)
131        throws JOSEException {
132
133        super(recipients.get(0).getRight().getCurve());
134
135        this.recipients = recipients;
136        critPolicy.setDeferredCriticalHeaderParams(defCritHeaders);
137    }
138
139    @Override
140    public Set<Curve> supportedEllipticCurves() {
141
142        return SUPPORTED_ELLIPTIC_CURVES;
143    }
144
145
146    @Override
147    public Set<String> getProcessedCriticalHeaderParams() {
148
149        return critPolicy.getProcessedCriticalHeaderParams();
150    }
151
152
153    @Override
154    public Set<String> getDeferredCriticalHeaderParams() {
155
156        return critPolicy.getProcessedCriticalHeaderParams();
157    }
158
159
160    @Override
161    public byte[] decrypt(final JWEHeader header,
162                          final List<JWERecipient> recipients,
163                          final Base64URL iv,
164                          final Base64URL cipherText,
165                          final Base64URL authTag)
166            throws JOSEException {
167
168        critPolicy.ensureHeaderPasses(header);
169
170        // Get ephemeral EC key
171        ECKey ephemeralKey = (ECKey) header.getEphemeralPublicKey();
172
173        if (ephemeralKey == null) {
174            throw new JOSEException("Missing ephemeral public EC key \"epk\" JWE header parameter");
175        }
176
177        List<Pair<UnprotectedHeader, SecretKey>> sharedKeys = new ArrayList<>();
178
179        for (Pair<UnprotectedHeader, ECKey> recipient : this.recipients) {
180            if (!ECChecks.isPointOnCurve(ephemeralKey.toECPublicKey(), recipient.getRight().toECPrivateKey())) {
181                throw new JOSEException("Invalid ephemeral public EC key: Point(s) not on the expected curve");
182            }
183
184            SecretKey Z = ECDH.deriveSharedSecret(
185                    ephemeralKey.toECPublicKey(),
186                    recipient.getRight().toECPrivateKey(),
187                    getJCAContext().getKeyEncryptionProvider()
188            );
189
190            sharedKeys.add(Pair.of(recipient.getLeft(), Z));
191        }
192
193        return decryptMulti(header, sharedKeys, recipients, iv, cipherText, authTag);
194    }
195}