feat: ecdh

src/cmd_encrypt.rs

@@ -2,7 +2,11 @@ use std::fs;
 use std::path::PathBuf;
 
 use clap::Args;
+use p256::{PublicKey, EncodedPoint};
+use p256::ecdh::EphemeralSecret;
+use p256::elliptic_curve::sec1::{FromEncodedPoint, ToEncodedPoint};
 use rand::random;
+use rand::rngs::OsRng;
 use rsa::Pkcs1v15Encrypt;
 use rust_util::{debugging, failure, opt_result, simple_error, success, XResult};
 
@@ -73,6 +77,40 @@ fn encrypt_envelops(key: &[u8], envelops: &[&TinyEncryptConfigEnvelop]) -> XResu
 }
 
 fn encrypt_envelop_ecdh(key: &[u8], envelop: &TinyEncryptConfigEnvelop) -> XResult<TinyEncryptEnvelop> {
+    let public_key_point_hex = &envelop.public_part;
+    let public_key_point_bytes = opt_result!(hex::decode(public_key_point_hex), "Parse public key point hex failed: {}");
+    let encoded_point = opt_result!(EncodedPoint::from_bytes(&public_key_point_bytes), "Parse public key point failed: {}");
+    let public_key = PublicKey::from_encoded_point(&encoded_point).unwrap();
+
+    let esk = EphemeralSecret::random(&mut OsRng);
+    let epk = esk.public_key();
+    let epk_bytes = EphemeralKeyBytes::from_public_key(&epk);
+    let public_key_encoded_point = public_key.to_encoded_point(false);
+    let shared_secret = esk.diffie_hellman(&public_key);
+
+    // PORT Java Implementation
+    //    public static WrapKey encryptEcdhP256(String kid, PublicKey publicKey, byte[] data) {
+    //         AssertUtil.isTrue(publicKey instanceof ECPublicKey, "Public key must be EC public key");
+    //         if (data == null || data.length == 0) {
+    //             return null;
+    //         }
+    //         final Tuple2<PublicKey, byte[]> ecdh = ECUtil.ecdh(ECUtil.CURVE_SECP256R1, publicKey);
+    //         final byte[] ePublicKeyBytes = ecdh.getVal1().getEncoded();
+    //         final byte[] key = KdfUtil.simpleKdf256(ecdh.getVal2());
+    //
+    //         final byte[] nonce = RandomTool.secureRandom().nextbytes(AESCryptTool.GCM_NONCE_LENGTH);
+    //         final byte[] encryptedData = AESCryptTool.gcmEncrypt(key, nonce).from(Bytes.from(data)).toBytes().bytes();
+    //         final WrapKey wrapKey = new WrapKey();
+    //         final WrapKeyHeader wrapKeyHeader = new WrapKeyHeader();
+    //         wrapKeyHeader.setKid(kid);
+    //         wrapKeyHeader.setEnc(ENC_AES256_GCM_P256);
+    //         wrapKeyHeader.setePubKey(Base64s.uriCompatible().encode(ePublicKeyBytes));
+    //         wrapKey.setHeader(wrapKeyHeader);
+    //         wrapKey.setNonce(nonce);
+    //         wrapKey.setEncrytpedData(encryptedData);
+    //         return wrapKey;
+    //     }
+
     Ok(TinyEncryptEnvelop {
         r#type: envelop.r#type,
         kid: envelop.kid.clone(),
@@ -98,4 +136,19 @@ fn make_key256_and_nonce() -> (Vec<u8>, Vec<u8>) {
     let key: [u8; 32] = random();
     let nonce: [u8; 12] = random();
     (key.into(), nonce.into())
-}
+}
+
+#[derive(Debug)]
+pub struct EphemeralKeyBytes(EncodedPoint);
+
+impl EphemeralKeyBytes {
+    fn from_public_key(epk: &PublicKey) -> Self {
+        EphemeralKeyBytes(epk.to_encoded_point(true))
+    }
+
+    fn decompress(&self) -> EncodedPoint {
+        // EphemeralKeyBytes is a valid compressed encoding by construction.
+        let p = PublicKey::from_encoded_point(&self.0).unwrap();
+        p.to_encoded_point(false)
+    }
+}