|
36 | 36 | */ |
37 | 37 | @Internal |
38 | 38 | public class HpkeImpl implements HpkeSpi { |
39 | | - private final HpkeSuite hpkeSuite; |
40 | | - |
41 | | - private NativeRef.EVP_HPKE_CTX ctx; |
42 | | - private byte[] encapsulated = null; |
43 | | - |
44 | | - public HpkeImpl(HpkeSuite hpkeSuite) { |
45 | | - this.hpkeSuite = hpkeSuite; |
46 | | - } |
47 | | - |
48 | | - @Override |
49 | | - public void engineInitSender(PublicKey recipientKey, byte[] info, PrivateKey senderKey, |
50 | | - byte[] psk, byte[] psk_id) throws InvalidKeyException { |
51 | | - checkNotInitialised(); |
52 | | - checkArgumentsForBaseModeOnly(senderKey, psk, psk_id); |
53 | | - if (recipientKey == null) { |
54 | | - throw new InvalidKeyException("null recipient key"); |
55 | | - } else if (!(recipientKey instanceof OpenSSLX25519PublicKey)) { |
56 | | - throw new InvalidKeyException("Unsupported recipient key class: " + recipientKey.getClass()); |
57 | | - } |
58 | | - final byte[] recipientKeyBytes = ((OpenSSLX25519PublicKey) recipientKey).getU(); |
59 | | - |
60 | | - final Object[] result = NativeCrypto.EVP_HPKE_CTX_setup_base_mode_sender( |
61 | | - hpkeSuite, recipientKeyBytes, info); |
62 | | - ctx = (NativeRef.EVP_HPKE_CTX) result[0]; |
63 | | - encapsulated = (byte[]) result[1]; |
64 | | - } |
65 | | - |
66 | | - @Override |
67 | | - public void engineInitSenderForTesting(PublicKey recipientKey, byte[] info, |
68 | | - PrivateKey senderKey, byte[] psk, byte[] psk_id, byte[] sKe) throws InvalidKeyException { |
69 | | - checkNotInitialised(); |
70 | | - Objects.requireNonNull(sKe); |
71 | | - checkArgumentsForBaseModeOnly(senderKey, psk, psk_id); |
72 | | - if (recipientKey == null) { |
73 | | - throw new InvalidKeyException("null recipient key"); |
74 | | - } else if (!(recipientKey instanceof OpenSSLX25519PublicKey)) { |
75 | | - throw new InvalidKeyException("Unsupported recipient key class: " + recipientKey.getClass()); |
76 | | - } |
77 | | - final byte[] recipientKeyBytes = ((OpenSSLX25519PublicKey) recipientKey).getU(); |
78 | | - |
79 | | - final Object[] result = NativeCrypto.EVP_HPKE_CTX_setup_base_mode_sender_with_seed_for_testing( |
80 | | - hpkeSuite, recipientKeyBytes, info, sKe); |
81 | | - ctx = (NativeRef.EVP_HPKE_CTX) result[0]; |
82 | | - encapsulated = (byte[]) result[1]; |
83 | | - } |
84 | | - |
85 | | - @Override |
86 | | - public void engineInitRecipient(byte[] encapsulated, PrivateKey recipientKey, |
87 | | - byte[] info, PublicKey senderKey, byte[] psk, byte[] psk_id) throws InvalidKeyException { |
88 | | - checkNotInitialised(); |
89 | | - checkArgumentsForBaseModeOnly(senderKey, psk, psk_id); |
90 | | - Preconditions.checkNotNull(encapsulated, "null encapsulated data"); |
91 | | - if (encapsulated.length != hpkeSuite.getKem().getEncapsulatedLength()) { |
92 | | - throw new InvalidKeyException("Invalid encapsulated length: " + encapsulated.length); |
93 | | - } |
94 | | - |
95 | | - if (recipientKey == null) { |
96 | | - throw new InvalidKeyException("null recipient key"); |
97 | | - } else if (!(recipientKey instanceof OpenSSLX25519PrivateKey)) { |
98 | | - throw new InvalidKeyException("Unsupported recipient key class: " + recipientKey.getClass()); |
99 | | - } |
100 | | - final byte[] recipientKeyBytes = ((OpenSSLX25519PrivateKey) recipientKey).getU(); |
101 | | - |
102 | | - ctx = (NativeRef.EVP_HPKE_CTX) NativeCrypto.EVP_HPKE_CTX_setup_base_mode_recipient( |
103 | | - hpkeSuite, recipientKeyBytes, encapsulated, info); |
104 | | - } |
105 | | - |
106 | | - private void checkArgumentsForBaseModeOnly(Key senderKey, byte[] psk, byte[] psk_id) { |
107 | | - if (senderKey != null) { |
108 | | - throw new UnsupportedOperationException("Asymmetric authentication not supported"); |
109 | | - } |
110 | | - // PSK args can only be null if the application passed them in. |
111 | | - Objects.requireNonNull(psk); |
112 | | - Objects.requireNonNull(psk_id); |
113 | | - if (psk.length > 0 || psk_id.length > 0) { |
114 | | - throw new UnsupportedOperationException("PSK authentication not supported"); |
115 | | - } |
116 | | - } |
117 | | - |
118 | | - @Override |
119 | | - public byte[] engineSeal(byte[] plaintext, byte[] aad) { |
120 | | - checkIsSender(); |
121 | | - Preconditions.checkNotNull(plaintext, "null plaintext"); |
122 | | - return NativeCrypto.EVP_HPKE_CTX_seal(ctx, plaintext, aad); |
123 | | - } |
124 | | - |
125 | | - @Override |
126 | | - public byte[] engineExport(int length, byte[] exporterContext) { |
127 | | - checkInitialised(); |
128 | | - long maxLength = hpkeSuite.getKdf().maxExportLength(); |
129 | | - if (length < 0 || length > maxLength) { |
130 | | - throw new IllegalArgumentException("Export length must be between 0 and " |
131 | | - + maxLength + ", but was " + length); |
132 | | - } |
133 | | - return NativeCrypto.EVP_HPKE_CTX_export(ctx, exporterContext, length); |
134 | | - } |
135 | | - |
136 | | - @Override |
137 | | - public byte[] engineOpen(byte[] ciphertext, byte[] aad) throws GeneralSecurityException { |
138 | | - checkIsRecipient(); |
139 | | - Preconditions.checkNotNull(ciphertext, "null ciphertext"); |
140 | | - try { |
141 | | - return NativeCrypto.EVP_HPKE_CTX_open(ctx, ciphertext, aad); |
142 | | - } catch (BadPaddingException e) { |
143 | | - throw new HpkeDecryptException(e.getMessage()); |
144 | | - } |
145 | | - } |
146 | | - |
147 | | - private void checkInitialised() { |
148 | | - if (ctx == null) { |
149 | | - throw new IllegalStateException("Not initialised"); |
150 | | - } |
151 | | - } |
152 | | - |
153 | | - private void checkNotInitialised() { |
154 | | - if (ctx != null) { |
155 | | - throw new IllegalStateException("Already initialised"); |
156 | | - } |
157 | | - } |
158 | | - |
159 | | - private void checkIsSender() { |
160 | | - checkInitialised(); |
161 | | - if (encapsulated == null) { |
162 | | - throw new IllegalStateException("Internal error"); |
163 | | - } |
164 | | - } |
165 | | - |
166 | | - private void checkIsRecipient() { |
167 | | - checkInitialised(); |
168 | | - if (encapsulated != null) { |
169 | | - throw new IllegalStateException("Internal error"); |
170 | | - } |
171 | | - } |
172 | | - |
173 | | - @Override |
174 | | - public byte[] getEncapsulated() { |
175 | | - checkIsSender(); |
176 | | - return encapsulated; |
177 | | - } |
| 39 | + private final HpkeSuite hpkeSuite; |
178 | 40 |
|
179 | | - public static class X25519_AES_128 extends HpkeImpl { |
180 | | - public X25519_AES_128() { |
181 | | - super(new HpkeSuite(KEM_DHKEM_X25519_HKDF_SHA256, KDF_HKDF_SHA256, AEAD_AES_128_GCM)); |
| 41 | + private NativeRef.EVP_HPKE_CTX ctx; |
| 42 | + private byte[] encapsulated = null; |
| 43 | + |
| 44 | + public HpkeImpl(HpkeSuite hpkeSuite) { |
| 45 | + this.hpkeSuite = hpkeSuite; |
| 46 | + } |
| 47 | + |
| 48 | + @Override |
| 49 | + public void engineInitSender(PublicKey recipientKey, byte[] info, PrivateKey senderKey, |
| 50 | + byte[] psk, byte[] psk_id) throws InvalidKeyException { |
| 51 | + checkNotInitialised(); |
| 52 | + checkArgumentsForBaseModeOnly(senderKey, psk, psk_id); |
| 53 | + if (recipientKey == null) { |
| 54 | + throw new InvalidKeyException("null recipient key"); |
| 55 | + } else if (!(recipientKey instanceof OpenSSLX25519PublicKey)) { |
| 56 | + throw new InvalidKeyException( |
| 57 | + "Unsupported recipient key class: " + recipientKey.getClass()); |
| 58 | + } |
| 59 | + final byte[] recipientKeyBytes = ((OpenSSLX25519PublicKey) recipientKey).getU(); |
| 60 | + |
| 61 | + final Object[] result = NativeCrypto.EVP_HPKE_CTX_setup_base_mode_sender( |
| 62 | + hpkeSuite, recipientKeyBytes, info); |
| 63 | + ctx = (NativeRef.EVP_HPKE_CTX) result[0]; |
| 64 | + encapsulated = (byte[]) result[1]; |
| 65 | + } |
| 66 | + |
| 67 | + @Override |
| 68 | + public void engineInitSenderForTesting(PublicKey recipientKey, byte[] info, |
| 69 | + PrivateKey senderKey, byte[] psk, byte[] psk_id, byte[] sKe) |
| 70 | + throws InvalidKeyException { |
| 71 | + checkNotInitialised(); |
| 72 | + Objects.requireNonNull(sKe); |
| 73 | + checkArgumentsForBaseModeOnly(senderKey, psk, psk_id); |
| 74 | + if (recipientKey == null) { |
| 75 | + throw new InvalidKeyException("null recipient key"); |
| 76 | + } else if (!(recipientKey instanceof OpenSSLX25519PublicKey)) { |
| 77 | + throw new InvalidKeyException( |
| 78 | + "Unsupported recipient key class: " + recipientKey.getClass()); |
| 79 | + } |
| 80 | + final byte[] recipientKeyBytes = ((OpenSSLX25519PublicKey) recipientKey).getU(); |
| 81 | + |
| 82 | + final Object[] result = |
| 83 | + NativeCrypto.EVP_HPKE_CTX_setup_base_mode_sender_with_seed_for_testing( |
| 84 | + hpkeSuite, recipientKeyBytes, info, sKe); |
| 85 | + ctx = (NativeRef.EVP_HPKE_CTX) result[0]; |
| 86 | + encapsulated = (byte[]) result[1]; |
| 87 | + } |
| 88 | + |
| 89 | + @Override |
| 90 | + public void engineInitRecipient(byte[] encapsulated, PrivateKey recipientKey, byte[] info, |
| 91 | + PublicKey senderKey, byte[] psk, byte[] psk_id) throws InvalidKeyException { |
| 92 | + checkNotInitialised(); |
| 93 | + checkArgumentsForBaseModeOnly(senderKey, psk, psk_id); |
| 94 | + Preconditions.checkNotNull(encapsulated, "null encapsulated data"); |
| 95 | + if (encapsulated.length != hpkeSuite.getKem().getEncapsulatedLength()) { |
| 96 | + throw new InvalidKeyException("Invalid encapsulated length: " + encapsulated.length); |
| 97 | + } |
| 98 | + |
| 99 | + if (recipientKey == null) { |
| 100 | + throw new InvalidKeyException("null recipient key"); |
| 101 | + } else if (!(recipientKey instanceof OpenSSLX25519PrivateKey)) { |
| 102 | + throw new InvalidKeyException( |
| 103 | + "Unsupported recipient key class: " + recipientKey.getClass()); |
| 104 | + } |
| 105 | + final byte[] recipientKeyBytes = ((OpenSSLX25519PrivateKey) recipientKey).getU(); |
| 106 | + |
| 107 | + ctx = (NativeRef.EVP_HPKE_CTX) NativeCrypto.EVP_HPKE_CTX_setup_base_mode_recipient( |
| 108 | + hpkeSuite, recipientKeyBytes, encapsulated, info); |
| 109 | + } |
| 110 | + |
| 111 | + private void checkArgumentsForBaseModeOnly(Key senderKey, byte[] psk, byte[] psk_id) { |
| 112 | + if (senderKey != null) { |
| 113 | + throw new UnsupportedOperationException("Asymmetric authentication not supported"); |
| 114 | + } |
| 115 | + // PSK args can only be null if the application passed them in. |
| 116 | + Objects.requireNonNull(psk); |
| 117 | + Objects.requireNonNull(psk_id); |
| 118 | + if (psk.length > 0 || psk_id.length > 0) { |
| 119 | + throw new UnsupportedOperationException("PSK authentication not supported"); |
| 120 | + } |
| 121 | + } |
| 122 | + |
| 123 | + @Override |
| 124 | + public byte[] engineSeal(byte[] plaintext, byte[] aad) { |
| 125 | + checkIsSender(); |
| 126 | + Preconditions.checkNotNull(plaintext, "null plaintext"); |
| 127 | + return NativeCrypto.EVP_HPKE_CTX_seal(ctx, plaintext, aad); |
| 128 | + } |
| 129 | + |
| 130 | + @Override |
| 131 | + public byte[] engineExport(int length, byte[] exporterContext) { |
| 132 | + checkInitialised(); |
| 133 | + long maxLength = hpkeSuite.getKdf().maxExportLength(); |
| 134 | + if (length < 0 || length > maxLength) { |
| 135 | + throw new IllegalArgumentException( |
| 136 | + "Export length must be between 0 and " + maxLength + ", but was " + length); |
| 137 | + } |
| 138 | + return NativeCrypto.EVP_HPKE_CTX_export(ctx, exporterContext, length); |
| 139 | + } |
| 140 | + |
| 141 | + @Override |
| 142 | + public byte[] engineOpen(byte[] ciphertext, byte[] aad) throws GeneralSecurityException { |
| 143 | + checkIsRecipient(); |
| 144 | + Preconditions.checkNotNull(ciphertext, "null ciphertext"); |
| 145 | + try { |
| 146 | + return NativeCrypto.EVP_HPKE_CTX_open(ctx, ciphertext, aad); |
| 147 | + } catch (BadPaddingException e) { |
| 148 | + throw new HpkeDecryptException(e.getMessage()); |
| 149 | + } |
| 150 | + } |
| 151 | + |
| 152 | + private void checkInitialised() { |
| 153 | + if (ctx == null) { |
| 154 | + throw new IllegalStateException("Not initialised"); |
| 155 | + } |
| 156 | + } |
| 157 | + |
| 158 | + private void checkNotInitialised() { |
| 159 | + if (ctx != null) { |
| 160 | + throw new IllegalStateException("Already initialised"); |
| 161 | + } |
| 162 | + } |
| 163 | + |
| 164 | + private void checkIsSender() { |
| 165 | + checkInitialised(); |
| 166 | + if (encapsulated == null) { |
| 167 | + throw new IllegalStateException("Internal error"); |
| 168 | + } |
| 169 | + } |
| 170 | + |
| 171 | + private void checkIsRecipient() { |
| 172 | + checkInitialised(); |
| 173 | + if (encapsulated != null) { |
| 174 | + throw new IllegalStateException("Internal error"); |
| 175 | + } |
| 176 | + } |
| 177 | + |
| 178 | + @Override |
| 179 | + public byte[] getEncapsulated() { |
| 180 | + checkIsSender(); |
| 181 | + return encapsulated; |
| 182 | + } |
| 183 | + |
| 184 | + public static class X25519_AES_128 extends HpkeImpl { |
| 185 | + public X25519_AES_128() { |
| 186 | + super(new HpkeSuite(KEM_DHKEM_X25519_HKDF_SHA256, KDF_HKDF_SHA256, AEAD_AES_128_GCM)); |
| 187 | + } |
182 | 188 | } |
183 | | - } |
184 | 189 |
|
185 | | - public static class X25519_AES_256 extends HpkeImpl { |
186 | | - public X25519_AES_256() { |
187 | | - super(new HpkeSuite(KEM_DHKEM_X25519_HKDF_SHA256, KDF_HKDF_SHA256, AEAD_AES_256_GCM)); |
| 190 | + public static class X25519_AES_256 extends HpkeImpl { |
| 191 | + public X25519_AES_256() { |
| 192 | + super(new HpkeSuite(KEM_DHKEM_X25519_HKDF_SHA256, KDF_HKDF_SHA256, AEAD_AES_256_GCM)); |
| 193 | + } |
188 | 194 | } |
189 | | - } |
190 | 195 |
|
191 | | - public static class X25519_CHACHA20 extends HpkeImpl { |
192 | | - public X25519_CHACHA20() { |
193 | | - super(new HpkeSuite(KEM_DHKEM_X25519_HKDF_SHA256, KDF_HKDF_SHA256, AEAD_CHACHA20POLY1305)); |
| 196 | + public static class X25519_CHACHA20 extends HpkeImpl { |
| 197 | + public X25519_CHACHA20() { |
| 198 | + super(new HpkeSuite( |
| 199 | + KEM_DHKEM_X25519_HKDF_SHA256, KDF_HKDF_SHA256, AEAD_CHACHA20POLY1305)); |
| 200 | + } |
194 | 201 | } |
195 | | - } |
196 | 202 | } |
0 commit comments