001package com.nimbusds.jose.crypto; 002 003 004import javax.crypto.SecretKey; 005 006import com.nimbusds.jose.*; 007import com.nimbusds.jose.util.Base64URL; 008import com.nimbusds.jose.util.StandardCharset; 009import net.jcip.annotations.ThreadSafe; 010 011 012/** 013 * Password-based encrypter of {@link com.nimbusds.jose.JWEObject JWE objects}. 014 * Expects a password. 015 * 016 * <p>See RFC 7518 017 * <a href="https://tools.ietf.org/html/rfc7518#section-4.8">section 4.8</a> 018 * for more information. 019 * 020 * <p>This class is thread-safe. 021 * 022 * <p>Supports the following key management algorithms: 023 * 024 * <ul> 025 * <li>{@link com.nimbusds.jose.JWEAlgorithm#PBES2_HS256_A128KW} 026 * <li>{@link com.nimbusds.jose.JWEAlgorithm#PBES2_HS384_A192KW} 027 * <li>{@link com.nimbusds.jose.JWEAlgorithm#PBES2_HS512_A256KW} 028 * </ul> 029 * 030 * <p>Supports the following content encryption algorithms: 031 * 032 * <ul> 033 * <li>{@link com.nimbusds.jose.EncryptionMethod#A128CBC_HS256} 034 * <li>{@link com.nimbusds.jose.EncryptionMethod#A192CBC_HS384} 035 * <li>{@link com.nimbusds.jose.EncryptionMethod#A256CBC_HS512} 036 * <li>{@link com.nimbusds.jose.EncryptionMethod#A128GCM} 037 * <li>{@link com.nimbusds.jose.EncryptionMethod#A192GCM} 038 * <li>{@link com.nimbusds.jose.EncryptionMethod#A256GCM} 039 * <li>{@link com.nimbusds.jose.EncryptionMethod#A128CBC_HS256_DEPRECATED} 040 * <li>{@link com.nimbusds.jose.EncryptionMethod#A256CBC_HS512_DEPRECATED} 041 * </ul> 042 * 043 * @author Vladimir Dzhuvinov 044 * @version 2016-07-26 045 */ 046@ThreadSafe 047public class PasswordBasedEncrypter extends PasswordBasedCryptoProvider implements JWEEncrypter { 048 049 050 /** 051 * The minimum salt length (8 bytes). 052 */ 053 public static final int MIN_SALT_LENGTH = 8; 054 055 056 /** 057 * The cryptographic salt length, in bytes. 058 */ 059 private final int saltLength; 060 061 062 /** 063 * The minimum recommended iteration count (1000). 064 */ 065 public static final int MIN_RECOMMENDED_ITERATION_COUNT = 1000; 066 067 068 /** 069 * The iteration count. 070 */ 071 private final int iterationCount; 072 073 074 /** 075 * Creates a new password-based encrypter. 076 * 077 * @param password The password bytes. Must not be empty or 078 * {@code null}. 079 * @param saltLength The length of the generated cryptographic 080 * salts, in bytes. Must be at least 8 bytes. 081 * @param iterationCount The pseudo-random function (PRF) iteration 082 * count. Must be at least 1000. 083 */ 084 public PasswordBasedEncrypter(final byte[] password, 085 final int saltLength, 086 final int iterationCount) { 087 088 super(password); 089 090 if (saltLength < MIN_SALT_LENGTH) { 091 throw new IllegalArgumentException("The minimum salt length (p2s) is " + MIN_SALT_LENGTH + " bytes"); 092 } 093 094 this.saltLength = saltLength; 095 096 if (iterationCount < MIN_RECOMMENDED_ITERATION_COUNT) { 097 throw new IllegalArgumentException("The minimum recommended iteration count (p2c) is " + MIN_RECOMMENDED_ITERATION_COUNT); 098 } 099 100 this.iterationCount = iterationCount; 101 } 102 103 104 /** 105 * Creates a new password-based encrypter. 106 * 107 * @param password The password, as a UTF-8 encoded string. Must 108 * not be empty or {@code null}. 109 * @param saltLength The length of the generated cryptographic 110 * salts, in bytes. Must be at least 8 bytes. 111 * @param iterationCount The pseudo-random function (PRF) iteration 112 * count. Must be at least 1000. 113 */ 114 public PasswordBasedEncrypter(final String password, 115 final int saltLength, 116 final int iterationCount) { 117 118 this(password.getBytes(StandardCharset.UTF_8), saltLength, iterationCount); 119 } 120 121 122 @Override 123 public JWECryptoParts encrypt(final JWEHeader header, final byte[] clearText) 124 throws JOSEException { 125 126 final JWEAlgorithm alg = header.getAlgorithm(); 127 final EncryptionMethod enc = header.getEncryptionMethod(); 128 129 final byte[] salt = new byte[saltLength]; 130 getJCAContext().getSecureRandom().nextBytes(salt); 131 final byte[] formattedSalt = PBKDF2.formatSalt(alg, salt); 132 final PRFParams prfParams = PRFParams.resolve(alg, getJCAContext().getMACProvider()); 133 final SecretKey psKey = PBKDF2.deriveKey(getPassword(), formattedSalt, iterationCount, prfParams); 134 135 // We need to work on the header 136 final JWEHeader updatedHeader = new JWEHeader.Builder(header). 137 pbes2Salt(Base64URL.encode(salt)). 138 pbes2Count(iterationCount). 139 build(); 140 141 final SecretKey cek = ContentCryptoProvider.generateCEK(enc, getJCAContext().getSecureRandom()); 142 143 // The second JWE part 144 final Base64URL encryptedKey = Base64URL.encode(AESKW.wrapCEK(cek, psKey, getJCAContext().getKeyEncryptionProvider())); 145 146 return ContentCryptoProvider.encrypt(updatedHeader, clearText, cek, encryptedKey, getJCAContext()); 147 } 148 149 150 /** 151 * Returns the length of the generated cryptographic salts. 152 * 153 * @return The length of the generated cryptographic salts, in bytes. 154 */ 155 public int getSaltLength() { 156 157 return saltLength; 158 } 159 160 161 /** 162 * Returns the pseudo-random function (PRF) iteration count. 163 * 164 * @return The iteration count. 165 */ 166 public int getIterationCount() { 167 168 return iterationCount; 169 } 170}