Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement support for temporary keys #632

Merged
merged 12 commits into from
Aug 27, 2024
Merged

Implement support for temporary keys #632

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
6004a8c
Add initial implementation of temporary keys
petrdvorak Jul 25, 2024
83a530f
Add new version 3.3
petrdvorak Jul 26, 2024
2dee402
Merge branch 'develop' into features/temporary-keys
petrdvorak Jul 26, 2024
e7ab248
Add optional temporary key ID to signature header
petrdvorak Jul 26, 2024
65bbe7a
Fix default constructors
petrdvorak Jul 26, 2024
3c634c4
Move temporary key ID to request body
petrdvorak Aug 5, 2024
a5d9960
Added ECIES V3.3 test vectors generated by iOS SDK
hvge Aug 8, 2024
b3921d8
Empty lines cleanup
hvge Aug 8, 2024
0977bf8
Added encrypt-decrypt tests for ECIES v3.3
hvge Aug 8, 2024
8d91732
Merge pull request #633 from wultra/features/temporary-keys-test-vectors
hvge Aug 9, 2024
88aff8d
Simplify check for temporary key presence in 3.3 protocol
petrdvorak Aug 13, 2024
afa3c6e
Merge branch 'features/temporary-keys' of https://github.com/lime-com…
petrdvorak Aug 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions ...to/src/main/java/io/getlime/security/powerauth/crypto/lib/encryptor/EncryptorFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ public ClientEncryptor getClientEncryptor(EncryptorId encryptorId, EncryptorPara
validateParameters(encryptorId, encryptorParameters);
final ClientEncryptor encryptor;
switch (encryptorParameters.getProtocolVersion()) {
case "3.2", "3.1", "3.0" -> {
case "3.3", "3.2", "3.1", "3.0" -> {
encryptor = new ClientEciesEncryptor(encryptorId, encryptorParameters);
}
default -> {
Expand Down Expand Up @@ -106,7 +106,7 @@ public ServerEncryptor getServerEncryptor(EncryptorId encryptorId, EncryptorPara
validateParameters(encryptorId, encryptorParameters);
final ServerEncryptor encryptor;
switch (encryptorParameters.getProtocolVersion()) {
case "3.2", "3.1", "3.0" -> {
case "3.3", "3.2", "3.1", "3.0" -> {
encryptor = new ServerEciesEncryptor(encryptorId, encryptorParameters);
}
default -> {
Expand Down Expand Up @@ -154,7 +154,7 @@ public RequestResponseValidator getRequestResponseValidator(String protocolVersi
throw new EncryptorException("Missing protocolVersion parameter");
}
switch (protocolVersion) {
case "3.2", "3.1", "3.0" -> {
case "3.3", "3.2", "3.1", "3.0" -> {
return new EciesRequestResponseValidator(protocolVersion);
}
default -> {
Expand Down
4 changes: 3 additions & 1 deletion ...n/java/io/getlime/security/powerauth/crypto/lib/encryptor/ecies/ClientEciesEncryptor.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,8 @@ public ClientEciesEncryptor(EncryptorId encryptorId, EncryptorParameters paramet
encryptorId.scope(),
parameters.getProtocolVersion(),
parameters.getApplicationKey(),
parameters.getActivationIdentifier()
parameters.getActivationIdentifier(),
parameters.getTemporaryKeyId()
);
}

Expand Down Expand Up @@ -156,6 +157,7 @@ public EncryptedRequest encryptRequest(byte[] data) throws EncryptorException {
}

return new EncryptedRequest(
encryptorParameters.getTemporaryKeyId(),
base64Encoder.encodeToString(eciesCryptogram.getEphemeralPublicKey()),
base64Encoder.encodeToString(eciesCryptogram.getEncryptedData()),
base64Encoder.encodeToString(eciesCryptogram.getMac()),
Expand Down
6 changes: 3 additions & 3 deletions .../getlime/security/powerauth/crypto/lib/encryptor/ecies/EciesRequestResponseValidator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ public class EciesRequestResponseValidator implements RequestResponseValidator {
/**
* Protocol versions supported in this validator.
*/
private final static Set<String> supportedVersions = Set.of("3.2", "3.1", "3.0");
private final static Set<String> supportedVersions = Set.of("3.3", "3.2", "3.1", "3.0");

/**
* Indicate that request and response must contain timestamp and nonce. This is valid for protocol V3.2+.
Expand All @@ -53,8 +53,8 @@ public EciesRequestResponseValidator(String protocolVersion) throws EncryptorExc
if (!supportedVersions.contains(protocolVersion)) {
throw new EncryptorException("Unsupported protocol version " + protocolVersion);
}
this.useTimestamp = "3.2".equals(protocolVersion);
this.useNonceForRequest = "3.2".equals(protocolVersion) || "3.1".equals(protocolVersion);
this.useTimestamp = "3.3".equals(protocolVersion) || "3.2".equals(protocolVersion);
petrdvorak marked this conversation as resolved.
Show resolved Hide resolved
this.useNonceForRequest = "3.3".equals(protocolVersion) || "3.2".equals(protocolVersion) || "3.1".equals(protocolVersion);
}

@Override
Expand Down
3 changes: 2 additions & 1 deletion ...n/java/io/getlime/security/powerauth/crypto/lib/encryptor/ecies/ServerEciesEncryptor.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,8 @@ public ServerEciesEncryptor(EncryptorId encryptorId, EncryptorParameters paramet
encryptorId.scope(),
parameters.getProtocolVersion(),
parameters.getApplicationKey(),
parameters.getActivationIdentifier()
parameters.getActivationIdentifier(),
parameters.getTemporaryKeyId()
);
}

Expand Down
1 change: 1 addition & 0 deletions .../main/java/io/getlime/security/powerauth/crypto/lib/encryptor/model/EncryptedRequest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
@Data
@AllArgsConstructor
public class EncryptedRequest {
private String temporaryKeyId;
private String ephemeralPublicKey;
private String encryptedData;
private String mac;
Expand Down
1 change: 1 addition & 0 deletions ...in/java/io/getlime/security/powerauth/crypto/lib/encryptor/model/EncryptorParameters.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,4 +33,5 @@ public class EncryptorParameters {
private String protocolVersion;
private String applicationKey;
private String activationIdentifier;
private String temporaryKeyId;
}
81 changes: 54 additions & 27 deletions ...h-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/util/EciesUtils.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,27 +62,50 @@ public static long generateTimestamp() {
* @param protocolVersion Protocol version.
* @param applicationKey Application key.
* @param activationId Activation ID.
* @param temporaryKeyId Temporary key ID.
* @return Derived associated data.
* @throws EciesException In case that activation ID is required but is missing.
*/
public static byte[] deriveAssociatedData(EncryptorScope scope, String protocolVersion, String applicationKey, String activationId) throws EciesException {
public static byte[] deriveAssociatedData(EncryptorScope scope, String protocolVersion, String applicationKey, String activationId, String temporaryKeyId) throws EciesException {
if (protocolVersion == null) {
throw new EciesException("Protocol version is missing");
}
if ("3.2".equals(protocolVersion)) {
if (applicationKey == null) {
throw new EciesException("Application key is missing");
switch (protocolVersion) {
case "3.2": {
if (applicationKey == null) {
throw new EciesException("Application key is missing");
}
if (scope == EncryptorScope.ACTIVATION_SCOPE) {
if (activationId == null) {
throw new EciesException("Activation ID is missing in ACTIVATION_SCOPE");
}
return ByteUtils.concatStrings(protocolVersion, applicationKey, activationId);
} else {
return ByteUtils.concatStrings(protocolVersion, applicationKey);
}
}
if (scope == EncryptorScope.ACTIVATION_SCOPE) {
if (activationId == null) {
throw new EciesException("Activation ID is missing in ACTIVATION_SCOPE");
case "3.3": {
if (applicationKey == null) {
throw new EciesException("Application key is missing");
}
if (scope == EncryptorScope.ACTIVATION_SCOPE) {
if (activationId == null) {
throw new EciesException("Activation ID is missing in ACTIVATION_SCOPE");
}
if (temporaryKeyId == null) {
throw new EciesException("Missing temporary key identifier");
}
petrdvorak marked this conversation as resolved.
Show resolved Hide resolved
return ByteUtils.concatStrings(protocolVersion, applicationKey, activationId, temporaryKeyId);
} else {
if (temporaryKeyId == null) {
throw new EciesException("Missing temporary key identifier");
}
return ByteUtils.concatStrings(protocolVersion, applicationKey, temporaryKeyId);
}
return ByteUtils.concatStrings(protocolVersion, applicationKey, activationId);
} else {
return ByteUtils.concatStrings(protocolVersion, applicationKey);
}
} else {
return null;
default: {
return null;
}
}
}

Expand Down Expand Up @@ -130,24 +153,28 @@ public static byte[] deriveSharedInfo2(String protocolVersion, byte[] sharedInfo
if (sharedInfo2Base == null) {
throw new EciesException("Missing sharedInfo2Base parameter");
}
if ("3.2".equals(protocolVersion)) {
if (nonce == null) {
throw new EciesException("Missing nonce parameter");
}
if (timestamp == null) {
throw new EciesException("Missing timestamp parameter");
switch (protocolVersion) {
case "3.3", "3.2": {
if (nonce == null) {
throw new EciesException("Missing nonce parameter");
}
if (timestamp == null) {
throw new EciesException("Missing timestamp parameter");
}
if (associatedData == null) {
throw new EciesException("Missing associatedData parameter");
}
return ByteUtils.concatWithSizes(
sharedInfo2Base,
nonce,
ByteBuffer.allocate(Long.BYTES).putLong(timestamp).array(),
ephemeralPublicKey,
associatedData);
}
if (associatedData == null) {
throw new EciesException("Missing associatedData parameter");
default: {
return sharedInfo2Base;
}
return ByteUtils.concatWithSizes(
sharedInfo2Base,
nonce,
ByteBuffer.allocate(Long.BYTES).putLong(timestamp).array(),
ephemeralPublicKey,
associatedData);
}
return sharedInfo2Base;
}

}
2 changes: 1 addition & 1 deletion ...h-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/util/TokenUtils.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ public byte[] computeTokenDigest(byte[] nonce, byte[] timestamp, String version,
final byte[] amp = "&".getBytes(StandardCharsets.UTF_8);
final byte[] data;
switch (version) {
case "3.2" -> data = ByteUtils.concat(nonce, amp, timestamp, amp, version.getBytes(StandardCharsets.UTF_8));
case "3.3", "3.2" -> data = ByteUtils.concat(nonce, amp, timestamp, amp, version.getBytes(StandardCharsets.UTF_8));
case "3.0", "3.1" -> data = ByteUtils.concat(nonce, amp, timestamp);
default -> throw new GenericCryptoException("Unsupported version value was specified: " + version);
}
Expand Down
Loading