michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: package org.mozilla.gecko.sync.crypto; michael@0: michael@0: import java.io.UnsupportedEncodingException; michael@0: import java.security.InvalidKeyException; michael@0: import java.security.NoSuchAlgorithmException; michael@0: import java.util.Arrays; michael@0: michael@0: import javax.crypto.KeyGenerator; michael@0: import javax.crypto.Mac; michael@0: michael@0: import org.mozilla.apache.commons.codec.binary.Base64; michael@0: import org.mozilla.gecko.sync.Utils; michael@0: michael@0: public class KeyBundle { michael@0: private static final String KEY_ALGORITHM_SPEC = "AES"; michael@0: private static final int KEY_SIZE = 256; michael@0: michael@0: private byte[] encryptionKey; michael@0: private byte[] hmacKey; michael@0: michael@0: // These are the same for every sync key bundle. michael@0: private static final byte[] EMPTY_BYTES = {}; michael@0: private static final byte[] ENCR_INPUT_BYTES = {1}; michael@0: private static final byte[] HMAC_INPUT_BYTES = {2}; michael@0: michael@0: /* michael@0: * Mozilla's use of HKDF for getting keys from the Sync Key string. michael@0: * michael@0: * We do exactly 2 HKDF iterations and make the first iteration the michael@0: * encryption key and the second iteration the HMAC key. michael@0: * michael@0: */ michael@0: public KeyBundle(String username, String base32SyncKey) throws CryptoException { michael@0: if (base32SyncKey == null) { michael@0: throw new IllegalArgumentException("No sync key provided."); michael@0: } michael@0: if (username == null || username.equals("")) { michael@0: throw new IllegalArgumentException("No username provided."); michael@0: } michael@0: // Hash appropriately. michael@0: try { michael@0: username = Utils.usernameFromAccount(username); michael@0: } catch (NoSuchAlgorithmException e) { michael@0: throw new IllegalArgumentException("Invalid username."); michael@0: } catch (UnsupportedEncodingException e) { michael@0: throw new IllegalArgumentException("Invalid username."); michael@0: } michael@0: michael@0: byte[] syncKey = Utils.decodeFriendlyBase32(base32SyncKey); michael@0: byte[] user = username.getBytes(); michael@0: michael@0: Mac hmacHasher; michael@0: try { michael@0: hmacHasher = HKDF.makeHMACHasher(syncKey); michael@0: } catch (NoSuchAlgorithmException e) { michael@0: throw new CryptoException(e); michael@0: } catch (InvalidKeyException e) { michael@0: throw new CryptoException(e); michael@0: } michael@0: assert(hmacHasher != null); // If makeHMACHasher doesn't throw, then hmacHasher is non-null. michael@0: michael@0: byte[] encrBytes = Utils.concatAll(EMPTY_BYTES, HKDF.HMAC_INPUT, user, ENCR_INPUT_BYTES); michael@0: byte[] encrKey = HKDF.digestBytes(encrBytes, hmacHasher); michael@0: byte[] hmacBytes = Utils.concatAll(encrKey, HKDF.HMAC_INPUT, user, HMAC_INPUT_BYTES); michael@0: michael@0: this.hmacKey = HKDF.digestBytes(hmacBytes, hmacHasher); michael@0: this.encryptionKey = encrKey; michael@0: } michael@0: michael@0: public KeyBundle(byte[] encryptionKey, byte[] hmacKey) { michael@0: this.setEncryptionKey(encryptionKey); michael@0: this.setHMACKey(hmacKey); michael@0: } michael@0: michael@0: /** michael@0: * Make a KeyBundle with the specified base64-encoded keys. michael@0: * michael@0: * @return A KeyBundle with the specified keys. michael@0: */ michael@0: public static KeyBundle fromBase64EncodedKeys(String base64EncryptionKey, String base64HmacKey) throws UnsupportedEncodingException { michael@0: return new KeyBundle(Base64.decodeBase64(base64EncryptionKey.getBytes("UTF-8")), michael@0: Base64.decodeBase64(base64HmacKey.getBytes("UTF-8"))); michael@0: } michael@0: michael@0: /** michael@0: * Make a KeyBundle with two random 256 bit keys (encryption and HMAC). michael@0: * michael@0: * @return A KeyBundle with random keys. michael@0: */ michael@0: public static KeyBundle withRandomKeys() throws CryptoException { michael@0: KeyGenerator keygen; michael@0: try { michael@0: keygen = KeyGenerator.getInstance(KEY_ALGORITHM_SPEC); michael@0: } catch (NoSuchAlgorithmException e) { michael@0: throw new CryptoException(e); michael@0: } michael@0: michael@0: keygen.init(KEY_SIZE); michael@0: byte[] encryptionKey = keygen.generateKey().getEncoded(); michael@0: byte[] hmacKey = keygen.generateKey().getEncoded(); michael@0: michael@0: return new KeyBundle(encryptionKey, hmacKey); michael@0: } michael@0: michael@0: public byte[] getEncryptionKey() { michael@0: return encryptionKey; michael@0: } michael@0: michael@0: public void setEncryptionKey(byte[] encryptionKey) { michael@0: this.encryptionKey = encryptionKey; michael@0: } michael@0: michael@0: public byte[] getHMACKey() { michael@0: return hmacKey; michael@0: } michael@0: michael@0: public void setHMACKey(byte[] hmacKey) { michael@0: this.hmacKey = hmacKey; michael@0: } michael@0: michael@0: @Override michael@0: public boolean equals(Object o) { michael@0: if (!(o instanceof KeyBundle)) { michael@0: return false; michael@0: } michael@0: KeyBundle other = (KeyBundle) o; michael@0: return Arrays.equals(other.encryptionKey, this.encryptionKey) && michael@0: Arrays.equals(other.hmacKey, this.hmacKey); michael@0: } michael@0: michael@0: @Override michael@0: public int hashCode() { michael@0: throw new UnsupportedOperationException("No hashCode for KeyBundle."); michael@0: } michael@0: }