Skip to content

Commit

Permalink
Fix incorrect ephemeral public key handling in regard to SharedInfo2
Browse files Browse the repository at this point in the history
  • Loading branch information
@romanstrobl
romanstrobl committed Jun 27, 2023
1 parent 2cbb55d commit 14b8da1
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 18 deletions.
28 changes: 14 additions & 14 deletions .../src/main/java/io/getlime/security/powerauth/crypto/lib/encryptor/ecies/EciesFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
*/
package io.getlime.security.powerauth.crypto.lib.encryptor.ecies;

import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.exception.EciesException;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesParameters;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesScope;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesSharedInfo1;
Expand All @@ -24,7 +25,6 @@
import io.getlime.security.powerauth.crypto.lib.util.ByteUtils;
import io.getlime.security.powerauth.crypto.lib.util.HMACHashUtilities;
import io.getlime.security.powerauth.crypto.lib.util.Hash;
import io.getlime.security.powerauth.crypto.lib.util.KeyConvertor;

import java.nio.ByteBuffer;
import java.security.interfaces.ECPrivateKey;
Expand All @@ -38,7 +38,6 @@
public class EciesFactory {

private final HMACHashUtilities hmacHashUtilities = new HMACHashUtilities();
private final KeyConvertor keyConvertor = new KeyConvertor();

/**
* Get ECIES encryptor instance for application scope.
Expand All @@ -50,9 +49,10 @@ public class EciesFactory {
* @return Initialized ECIES encryptor.
* @throws GenericCryptoException In case encryptor could not be initialized.
* @throws CryptoProviderException In case cryptography provider is incorrectly initialized.
* @throws EciesException In case envelope key could not be derived.
*/
public EciesEncryptor getEciesEncryptorForApplication(final ECPublicKey publicKey, final byte[] applicationSecret, final EciesSharedInfo1 sharedInfo1,
final EciesParameters eciesParameters) throws GenericCryptoException, CryptoProviderException {
final EciesParameters eciesParameters) throws GenericCryptoException, CryptoProviderException, EciesException {
byte[] sharedInfo1Value = sharedInfo1 == null ? EciesSharedInfo1.APPLICATION_SCOPE_GENERIC.value() : sharedInfo1.value();
return getEciesEncryptor(EciesScope.APPLICATION_SCOPE, publicKey, applicationSecret, null, sharedInfo1Value, eciesParameters);
}
Expand All @@ -68,9 +68,10 @@ public EciesEncryptor getEciesEncryptorForApplication(final ECPublicKey publicKe
* @return Initialized ECIES encryptor.
* @throws GenericCryptoException In case encryptor could not be initialized.
* @throws CryptoProviderException In case cryptography provider is incorrectly initialized.
* @throws EciesException In case envelope key could not be derived.
*/
public EciesEncryptor getEciesEncryptorForActivation(final ECPublicKey publicKey, final byte[] applicationSecret, final byte[] transportKey,
final EciesSharedInfo1 sharedInfo1, final EciesParameters eciesParameters) throws GenericCryptoException, CryptoProviderException {
final EciesSharedInfo1 sharedInfo1, final EciesParameters eciesParameters) throws GenericCryptoException, CryptoProviderException, EciesException {
byte[] sharedInfo1Value = sharedInfo1 == null ? EciesSharedInfo1.ACTIVATION_SCOPE_GENERIC.value() : sharedInfo1.value();
return getEciesEncryptor(EciesScope.ACTIVATION_SCOPE, publicKey, applicationSecret, transportKey, sharedInfo1Value, eciesParameters);
}
Expand All @@ -94,15 +95,14 @@ public EciesEncryptor getEciesEncryptor(final EciesEnvelopeKey envelopeKey, fina
* @param applicationSecret Application secret.
* @param transportKey Transport key.
* @param eciesParameters ECIES parameters for protocol V3.2+.
* @param ephemeralPublicKey Ephemeral public key.
* @return Initialized ECIES encryptor.
* @throws GenericCryptoException In case encryptor could not be initialized.
* @throws CryptoProviderException In case cryptography provider is incorrectly initialized.
*/
public EciesEncryptor getEciesEncryptor(final EciesScope eciesScope, final EciesEnvelopeKey envelopeKey,
final byte[] applicationSecret, final byte[] transportKey,
final EciesParameters eciesParameters, final byte[] ephemeralPublicKey) throws GenericCryptoException, CryptoProviderException {
final byte[] sharedInfo2 = generateSharedInfo2(eciesScope, applicationSecret, transportKey, eciesParameters, ephemeralPublicKey);
final EciesParameters eciesParameters) throws GenericCryptoException, CryptoProviderException {
final byte[] sharedInfo2 = generateSharedInfo2(eciesScope, applicationSecret, transportKey, eciesParameters, envelopeKey.getEphemeralKeyPublic());
return new EciesEncryptor(envelopeKey, sharedInfo2);
}

Expand All @@ -120,10 +120,10 @@ public EciesEncryptor getEciesEncryptor(final EciesScope eciesScope, final Ecies
*/
private EciesEncryptor getEciesEncryptor(final EciesScope eciesScope, final ECPublicKey publicKey, final byte[] applicationSecret,
final byte[] transportKey, final byte[] sharedInfo1,
final EciesParameters eciesParameters) throws GenericCryptoException, CryptoProviderException {
final byte[] publicKeyBytes = keyConvertor.convertPublicKeyToBytes(publicKey);
final byte[] sharedInfo2 = generateSharedInfo2(eciesScope, applicationSecret, transportKey, eciesParameters, publicKeyBytes);
return new EciesEncryptor(publicKey, sharedInfo1, sharedInfo2);
final EciesParameters eciesParameters) throws GenericCryptoException, CryptoProviderException, EciesException {
final EciesEnvelopeKey envelopeKey = EciesEnvelopeKey.fromPublicKey(publicKey, sharedInfo1);
final byte[] sharedInfo2 = generateSharedInfo2(eciesScope, applicationSecret, transportKey, eciesParameters, envelopeKey.getEphemeralKeyPublic());
return new EciesEncryptor(envelopeKey, sharedInfo2);
}

/**
Expand All @@ -137,12 +137,12 @@ private EciesEncryptor getEciesEncryptor(final EciesScope eciesScope, final ECPu
* @return Initialized ECIES decryptor.
* @throws GenericCryptoException In case decryptor could not be initialized.
* @throws CryptoProviderException In case cryptography provider is incorrectly initialized.
* @throws EciesException In case envelop key could not be derived.
*/
public EciesDecryptor getEciesDecryptorForApplication(final ECPrivateKey privateKey, final byte[] applicationSecret, final EciesSharedInfo1 sharedInfo1,
final EciesParameters eciesParameters, final byte[] ephemeralPublicKey) throws GenericCryptoException, CryptoProviderException {
final EciesParameters eciesParameters, final byte[] ephemeralPublicKey) throws GenericCryptoException, CryptoProviderException, EciesException {
byte[] sharedInfo1Value = sharedInfo1 == null ? EciesSharedInfo1.APPLICATION_SCOPE_GENERIC.value() : sharedInfo1.value();
return getEciesDecryptor(EciesScope.APPLICATION_SCOPE, privateKey, applicationSecret, null, sharedInfo1Value, eciesParameters, ephemeralPublicKey);
}
return getEciesDecryptor(EciesScope.APPLICATION_SCOPE, privateKey, applicationSecret, null, sharedInfo1Value, eciesParameters, ephemeralPublicKey); }

/**
* Get ECIES decryptor instance for activation scope.
Expand Down
8 changes: 4 additions & 4 deletions ...pto/src/test/java/io/getlime/security/powerauth/crypto/encryption/EciesEncryptorTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ public void testEncryptDecrypt() throws Exception {
System.out.println();

final EciesDecryptor decryptorRequest = eciesFactory.getEciesDecryptorForApplication(privateKey, applicationSecret, EciesSharedInfo1.APPLICATION_SCOPE_GENERIC,
eciesParametersRequest, publicKeyBytes);
eciesParametersRequest, cryptogram.getEphemeralPublicKey());
final byte[] originalBytesRequest = decryptorRequest.decrypt(payloadRequest);

assertArrayEquals(request, originalBytesRequest);
Expand All @@ -133,7 +133,7 @@ public void testEncryptDecrypt() throws Exception {
.timestamp(timestampResponse)
.build();
final EciesEncryptor encryptorResponse = eciesFactory.getEciesEncryptor(EciesScope.APPLICATION_SCOPE,
decryptorRequest.getEnvelopeKey(), applicationSecret, null, eciesParametersResponse, publicKeyBytes);
decryptorRequest.getEnvelopeKey(), applicationSecret, null, eciesParametersResponse);

final EciesPayload payloadResponse = encryptorResponse.encrypt(response, eciesParametersResponse);
System.out.println("# RESPONSE");
Expand All @@ -147,7 +147,7 @@ public void testEncryptDecrypt() throws Exception {
System.out.println();

final EciesDecryptor decryptorResponse = eciesFactory.getEciesDecryptor(EciesScope.APPLICATION_SCOPE,
encryptorRequest.getEnvelopeKey(), applicationSecret, null, eciesParametersResponse, publicKeyBytes);
encryptorRequest.getEnvelopeKey(), applicationSecret, null, eciesParametersResponse, cryptogram.getEphemeralPublicKey());
final byte[] originalBytesResponse = decryptorResponse.decrypt(payloadResponse);

assertArrayEquals(response, originalBytesResponse);
Expand Down Expand Up @@ -231,7 +231,7 @@ public void testInvalidMacReject() throws Exception {
.timestamp(timestampResponse)
.build();
final EciesEncryptor encryptorResponse = eciesFactory.getEciesEncryptor(EciesScope.APPLICATION_SCOPE,
decryptorRequest.getEnvelopeKey(), applicationSecret, null, eciesParametersResponse, publicKeyBytes);
decryptorRequest.getEnvelopeKey(), applicationSecret, null, eciesParametersResponse);

final EciesPayload payloadResponse = encryptorResponse.encrypt(response, eciesParametersResponse);
System.out.println("# RESPONSE");
Expand Down

0 comments on commit 14b8da1

Please sign in to comment.