Package com.nimbusds.jose.crypto

Source Code of com.nimbusds.jose.crypto.CompositeKey

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
package com.nimbusds.jose.crypto;


import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

import net.jcip.annotations.Immutable;

import com.nimbusds.jose.JOSEException;


/**
* Composite key used in AES/CBC/PKCS5Padding/HMAC-SHA2 encryption. This class
* is immutable.
*
* <p>See draft-ietf-jose-json-web-algorithms-26, section 5.2.
*
* <p>See draft-mcgrew-aead-aes-cbc-hmac-sha2-01
*
* @author Vladimir Dzhuvinov
* @version $version$ (2013-11-25)
*/
@Immutable
final class CompositeKey {


  /**
   * The input key.
   */
  private final SecretKey inputKey;


  /**
   * The extracted MAC key.
   */
  private final SecretKey macKey;


  /**
   * The extracted AES key.
   */
  private final SecretKey encKey;


  /**
   * The expected truncated MAC output length.
   */
  private final int truncatedMacLength;


  /**
   * Creates a new composite key from the specified secret key.
   *
   * @param inputKey The input key. Must be 256, 384 or 512 bits long.
   *                 Must not be {@code null}.
   *
   * @throws JOSEException If the input key length is not supported.
   */
  public CompositeKey(final SecretKey inputKey)
    throws JOSEException {

    this.inputKey = inputKey;

    byte[] secretKeyBytes = inputKey.getEncoded();

    if (secretKeyBytes.length == 32) {

      // AES_128_CBC_HMAC_SHA_256
      // 256 bit key -> 128 bit MAC key + 128 bit AES key
      macKey = new SecretKeySpec(secretKeyBytes, 0, 16, "HMACSHA256");
      encKey = new SecretKeySpec(secretKeyBytes, 16, 16, "AES");
      truncatedMacLength = 16;

    } else if (secretKeyBytes.length == 48) {

      // AES_192_CBC_HMAC_SHA_384
      // 384 bit key -> 129 bit MAC key + 192 bit AES key
      macKey = new SecretKeySpec(secretKeyBytes, 0, 24, "HMACSHA384");
      encKey = new SecretKeySpec(secretKeyBytes, 24, 24, "AES");
      truncatedMacLength = 24;


    } else if (secretKeyBytes.length == 64) {

      // AES_256_CBC_HMAC_SHA_512
      // 512 bit key -> 256 bit MAC key + 256 bit AES key
      macKey = new SecretKeySpec(secretKeyBytes, 0, 32, "HMACSHA512");
      encKey = new SecretKeySpec(secretKeyBytes, 32, 32, "AES");
      truncatedMacLength = 32;

    } else {

      throw new JOSEException("Unsupported AES/CBC/PKCS5Padding/HMAC-SHA2 key length, must be 256, 384 or 512 bits");
    }
  }


  /**
   * Gets the input key.
   *
   * @return The input key.
   */
  public SecretKey getInputKey() {

    return inputKey;
  }


  /**
   * Gets the extracted MAC key.
   *
   * @return The extracted MAC key.
   */
  public SecretKey getMACKey() {

    return macKey;
  }


  /**
   * Gets the expected truncated MAC length.
   *
   * @return The expected truncated MAC length, in bytes.
   */
  public int getTruncatedMACByteLength() {

    return truncatedMacLength;
  }


  /**
   * Gets the extracted encryption key.
   *
   * @return The extracted encryption key.
   */
  public SecretKey getAESKey() {

    return encKey;
  }
}
TOP

Related Classes of com.nimbusds.jose.crypto.CompositeKey

  • javax.crypto.spec.SecretKeySpec
  • com.nimbusds.jose.JOSEException
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.