lib/jwa/algorithms/key_management/ecdh_es.rb
# This implementation is protected by the attack described at:
# http://blogs.adobe.com/security/2017/03/critical-vulnerability-uncovered-in-json-encryption.html
#
# The Ruby wrapper around OpenSSL raises an OpenSSL::PKey::EC::Point error if an attempt is made to
# initialize a public key with coordinates that do not reside on the wanted curve.
module JWA
module Algorithms
module KeyManagement
class EcdhEs
def initialize(ephemeral_key, enc_algorithm, apu, apv)
@ephemeral_key = ephemeral_key
@key_length = enc_algorithm.key_length * 8
algorithm_id = length_encode(enc_algorithm.enc_name)
apu = length_encode(apu)
apv = length_encode(apv)
supp_pub_info = [@key_length].pack('N')
supp_priv_info = ''
@info = algorithm_id + apu + apv + supp_pub_info + supp_priv_info
end
# This is technically not an encryption, but to keep the same interface
# with other classes, let's name it this way.
def encrypt(public_key)
z = @ephemeral_key.dh_compute_key(public_key)
concat_kdf = Support::ConcatKDF.new(Digest::SHA256.new)
concat_kdf.run(z, @info, @key_length)
end
def decrypt(public_key)
encrypt(public_key)
end
private
def length_encode(s)
[s.length].pack('N') + s
end
end
end
end
end