Support SECP256r1 and SECP521r1 curves

.gitignore

@@ -11,3 +11,5 @@ obj-x86_64-linux-gnu/
 test/data/tmp/
 vcpkg/
 vcpkg_installed/
+examples/java/.gradle
+examples/java/bin

cdoc/CDoc.h

@@ -19,7 +19,7 @@
 #ifndef __CDOC_H__
 #define __CDOC_H__
 
-#include "Exports.h"
+#include <cdoc/Exports.h>
 
 #include <cstdint>
 #include <string>
@@ -31,20 +31,6 @@ namespace libcdoc {
  */
 using result_t = int64_t;
 
-/**
- * @brief The public key type
- */
-enum class PKType : uint8_t {
-    /**
-     * Elliptic curve
-     */
-    ECC,
-    /**
-     * RSA
-     */
-    RSA
-};
-
 enum {
     /**
      * @brief Operation completed successfully
@@ -154,6 +140,32 @@ CDOC_EXPORT std::string getErrorStr(int64_t code);
  */
 CDOC_EXPORT std::string getVersion();
 
+/**
+ * @brief The public key algorithm
+ */
+enum Algorithm : uint8_t {
+    UNKNOWN_ALGORITHM,
+    /**
+     * Elliptic curve
+     */
+    ECC,
+    /**
+     * RSA
+     */
+    RSA
+};
+
+/**
+ * @brief The EC curve used
+ */
+enum Curve : uint8_t {
+    UNKNOWN_CURVE,
+    SECP_384_R1,
+    SECP_256_R1,
+    SECP_521_R1
+};
+
+
 // Logging interface
 
 /**

cdoc/CDoc1Reader.cpp

@@ -83,12 +83,12 @@ CDoc1Reader::getLockForCert(const std::vector<uint8_t>& cert)
             ll.encrypted_fmk.empty())
             continue;
         switch(cc.getAlgorithm()) {
-        case libcdoc::PKType::RSA:
+        case libcdoc::Algorithm::RSA:
             if (ll.getString(Lock::Params::METHOD) == libcdoc::Crypto::RSA_MTH) {
                 return i;
             }
             break;
-        case libcdoc::PKType::ECC:
+        case libcdoc::Algorithm::ECC:
             if(!ll.getBytes(Lock::Params::KEY_MATERIAL).empty() &&
                 std::find(SUPPORTED_KWAES.cbegin(), SUPPORTED_KWAES.cend(), ll.getString(Lock::Params::METHOD)) != SUPPORTED_KWAES.cend()) {
                 return i;

cdoc/CDoc2Reader.cpp

@@ -504,44 +504,56 @@ CDoc2Reader::Private::buildLock(Lock& lock, const cdoc20::header::RecipientRecor
     switch(recipient.capsule_type())
     {
     case Capsule::recipients_ECCPublicKeyCapsule:
-        if(const auto *key = recipient.capsule_as_recipients_ECCPublicKeyCapsule()) {
-            if(key->curve() == EllipticCurve::secp384r1) {
-                lock.type = Lock::Type::PUBLIC_KEY;
-                lock.pk_type = PKType::ECC;
-                lock.setBytes(Lock::Params::RCPT_KEY, toUint8Vector(key->recipient_public_key()));
-                lock.setBytes(Lock::Params::KEY_MATERIAL, toUint8Vector(key->sender_public_key()));
-                LOG_DBG("Load PK: {}", toHex(lock.getBytes(Lock::Params::RCPT_KEY)));
+        if(const auto *capsule = recipient.capsule_as_recipients_ECCPublicKeyCapsule()) {
+            lock.type = Lock::Type::PUBLIC_KEY;
+            lock.pk_type = Algorithm::ECC;
+            if(capsule->curve() == EllipticCurve::secp384r1) {
+                lock.ec_type = Curve::SECP_384_R1;
+            } else if (capsule->curve() == EllipticCurve::secp256r1) {
+                lock.ec_type = Curve::SECP_256_R1;
+            } else if (capsule->curve() == EllipticCurve::secp521r1) {
+                lock.ec_type = Curve::SECP_521_R1;
             } else {
-                LOG_ERROR("Unsupported ECC curve: skipping");
+                LOG_WARN("Unknown ECC curve: {}", (int) capsule->curve());
+                lock.ec_type = Curve::UNKNOWN_CURVE;
             }
+            lock.setBytes(Lock::Params::RCPT_KEY, toUint8Vector(capsule->recipient_public_key()));
+            lock.setBytes(Lock::Params::KEY_MATERIAL, toUint8Vector(capsule->sender_public_key()));
+            LOG_DBG("Load PK: {}", toHex(lock.getBytes(Lock::Params::RCPT_KEY)));
         }
         return;
     case Capsule::recipients_RSAPublicKeyCapsule:
         if(const auto *key = recipient.capsule_as_recipients_RSAPublicKeyCapsule())
         {
             lock.type = Lock::Type::PUBLIC_KEY;
-            lock.pk_type = PKType::RSA;
+            lock.pk_type = Algorithm::RSA;
             lock.setBytes(Lock::Params::RCPT_KEY, toUint8Vector(key->recipient_public_key()));
             lock.setBytes(Lock::Params::KEY_MATERIAL, toUint8Vector(key->encrypted_kek()));
         }
         return;
     case Capsule::recipients_KeyServerCapsule:
-        if (const KeyServerCapsule *server = recipient.capsule_as_recipients_KeyServerCapsule()) {
-            KeyDetailsUnion details = server->recipient_key_details_type();
+        if (const KeyServerCapsule *capsule = recipient.capsule_as_recipients_KeyServerCapsule()) {
+            KeyDetailsUnion details = capsule->recipient_key_details_type();
             switch (details) {
             case KeyDetailsUnion::EccKeyDetails:
-                if(const EccKeyDetails *eccDetails = server->recipient_key_details_as_EccKeyDetails()) {
-                    if(eccDetails->curve() != EllipticCurve::secp384r1) {
-                        LOG_ERROR("Unsupported elliptic curve key type");
-                        return;
-                    }
-                    lock.pk_type = PKType::ECC;
+                if(const EccKeyDetails *eccDetails = capsule->recipient_key_details_as_EccKeyDetails()) {
+                    lock.pk_type = Algorithm::ECC;
                     lock.setBytes(Lock::Params::RCPT_KEY, toUint8Vector(eccDetails->recipient_public_key()));
+                    if(eccDetails->curve() == EllipticCurve::secp384r1) {
+                        lock.ec_type = Curve::SECP_384_R1;
+                    } else if (eccDetails->curve() == EllipticCurve::secp256r1) {
+                        lock.ec_type = Curve::SECP_256_R1;
+                    } else if (eccDetails->curve() == EllipticCurve::secp521r1) {
+                        lock.ec_type = Curve::SECP_521_R1;
+                    } else {
+                        LOG_WARN("Unknown ECC curve: {}", (int) eccDetails->curve());
+                        lock.ec_type = Curve::UNKNOWN_CURVE;
+                    }
                 }
                 break;
             case KeyDetailsUnion::RsaKeyDetails:
-                if(const RsaKeyDetails *rsaDetails = server->recipient_key_details_as_RsaKeyDetails()) {
-                    lock.pk_type = PKType::RSA;
+                if(const RsaKeyDetails *rsaDetails = capsule->recipient_key_details_as_RsaKeyDetails()) {
+                    lock.pk_type = Algorithm::RSA;
                     lock.setBytes(Lock::Params::RCPT_KEY, toUint8Vector(rsaDetails->recipient_public_key()));
                 }
                 break;
@@ -550,8 +562,8 @@ CDoc2Reader::Private::buildLock(Lock& lock, const cdoc20::header::RecipientRecor
                 return;
             }
             lock.type = Lock::Type::SERVER;
-            lock.setString(Lock::Params::KEYSERVER_ID, server->keyserver_id()->str());
-            lock.setString(Lock::Params::TRANSACTION_ID, server->transaction_id()->str());
+            lock.setString(Lock::Params::KEYSERVER_ID, capsule->keyserver_id()->str());
+            lock.setString(Lock::Params::TRANSACTION_ID, capsule->transaction_id()->str());
         }
         return;
     case Capsule::recipients_SymmetricKeyCapsule:

cdoc/CDoc2Writer.cpp

@@ -93,6 +93,18 @@ CDoc2Writer::writeHeader(const std::vector<libcdoc::Recipient> &recipients)
     return OK;
 }
 
+struct ECData {
+    int ossl_nid;
+    cdoc20::recipients::EllipticCurve fb_type;
+    const char *api_id;
+};
+
+static std::map<Curve,ECData> ecdata = {
+    {Curve::SECP_384_R1, {NID_secp384r1, cdoc20::recipients::EllipticCurve::secp384r1, "ecc_secp384r1"}},
+    {Curve::SECP_256_R1, {NID_X9_62_prime256v1, cdoc20::recipients::EllipticCurve::secp256r1, "ecc_secp256r1"}},
+    {Curve::SECP_521_R1, {NID_secp521r1, cdoc20::recipients::EllipticCurve::secp521r1, "ecc_secp521r1"}}
+};
+
 static flatbuffers::Offset<cdoc20::header::RecipientRecord>
 createRSACapsule(flatbuffers::FlatBufferBuilder& builder, const libcdoc::Recipient& rcpt, const std::vector<uint8_t>& encrypted_kek, const std::vector<uint8_t>& xor_key)
 {
@@ -130,7 +142,7 @@ static flatbuffers::Offset<cdoc20::header::RecipientRecord>
 createECCCapsule(flatbuffers::FlatBufferBuilder& builder, const libcdoc::Recipient& rcpt, const std::vector<uint8_t>& eph_public_key, const std::vector<uint8_t>& xor_key)
 {
     auto capsule = cdoc20::recipients::CreateECCPublicKeyCapsule(builder,
-                                                                 cdoc20::recipients::EllipticCurve::secp384r1,
+                                                                 ecdata[rcpt.ec_type].fb_type,
                                                                  builder.CreateVector(rcpt.rcpt_key),
                                                                  builder.CreateVector(eph_public_key));
     return cdoc20::header::CreateRecipientRecord(builder,
@@ -145,7 +157,7 @@ static flatbuffers::Offset<cdoc20::header::RecipientRecord>
 createECCServerCapsule(flatbuffers::FlatBufferBuilder& builder, const libcdoc::Recipient& rcpt, const std::string& transaction_id, uint64_t expiry_time, const std::vector<uint8_t>& xor_key)
 {
     auto eccKeyServer = cdoc20::recipients::CreateEccKeyDetails(builder,
-                                                                cdoc20::recipients::EllipticCurve::secp384r1,
+                                                                ecdata[rcpt.ec_type].fb_type,
                                                                 builder.CreateVector(rcpt.rcpt_key));
     auto capsule = cdoc20::recipients::CreateKeyServerCapsule(builder,
                                                               cdoc20::recipients::KeyDetailsUnion::EccKeyDetails,
@@ -211,7 +223,7 @@ CDoc2Writer::buildHeader(std::vector<uint8_t>& header, const std::vector<libcdoc
                 if (send_url.empty())
                     FAIL("Missing keyserver URL for ID " + rcpt.server_id, libcdoc::CONFIGURATION_ERROR);
             }
-            if(rcpt.pk_type == libcdoc::PKType::RSA) {
+            if(rcpt.pk_type == libcdoc::Algorithm::RSA) {
                 crypto->random(kek, libcdoc::CDoc2::KEY_LEN);
                 if (auto err = libcdoc::Crypto::xor_data(xor_key, fmk, kek); err != libcdoc::OK)
                     FAIL("Internal error", err);
@@ -238,9 +250,13 @@ CDoc2Writer::buildHeader(std::vector<uint8_t>& header, const std::vector<libcdoc
                     fb_rcpts.push_back(createRSACapsule(builder, rcpt, key_material, xor_key));
                 }
             } else {
-                auto publicKey = libcdoc::Crypto::fromECPublicKeyDer(rcpt.rcpt_key, NID_secp384r1);
-                if(!publicKey)
+                if (!ecdata.contains(rcpt.ec_type)) {
+                    FAIL("Invalid EC Curve", libcdoc::CRYPTO_ERROR);
+                }
+                auto publicKey = libcdoc::Crypto::fromECPublicKeyDer(rcpt.rcpt_key, ecdata[rcpt.ec_type].ossl_nid);
+                if(!publicKey) {
                     FAIL("Invalid ECC key", libcdoc::CRYPTO_ERROR);
+                }
                 auto ephKey = libcdoc::Crypto::genECKey(publicKey.get());
                 std::vector<uint8_t> sharedSecret = libcdoc::Crypto::deriveSharedSecret(ephKey.get(), publicKey.get());
                 key_material = libcdoc::Crypto::toPublicKeyDer(ephKey.get());
@@ -260,10 +276,9 @@ CDoc2Writer::buildHeader(std::vector<uint8_t>& header, const std::vector<libcdoc
                 LOG_TRACE_KEY("xor: {}", xor_key);
                 if(rcpt.isKeyServer()) {
                     libcdoc::NetworkBackend::CapsuleInfo cinfo;
-                    auto result = network->sendKey(cinfo, send_url, rcpt.rcpt_key, key_material, "ecc_secp384r1", rcpt.expiry_ts);
+                    auto result = network->sendKey(cinfo, send_url, rcpt.rcpt_key, key_material, ecdata[rcpt.ec_type].api_id, rcpt.expiry_ts);
                     if (result < 0)
                         FAIL(network->getLastErrorStr(result), result);
-
                     LOG_DBG("Keyserver Id: {}", rcpt.server_id);
                     LOG_DBG("Transaction Id: {}", cinfo.transaction_id);