Search in sources :

Example 1 with KeyAgreeRecipientIdentifier

use of com.github.zhenwei.pkix.util.asn1.cms.KeyAgreeRecipientIdentifier in project LinLong-Java by zhenwei1108.

the class JceKeyAgreeRecipientInfoGenerator method addRecipient.

/**
 * Add a recipient identified by the passed in subjectKeyID and the for the passed in public key.
 *
 * @param subjectKeyID identifier actual recipient will use to match the private key.
 * @param publicKey    the public key for encrypting the secret key.
 * @return the current instance.
 * @throws CertificateEncodingException
 */
public JceKeyAgreeRecipientInfoGenerator addRecipient(byte[] subjectKeyID, PublicKey publicKey) throws CertificateEncodingException {
    recipientIDs.add(new KeyAgreeRecipientIdentifier(new RecipientKeyIdentifier(subjectKeyID)));
    recipientKeys.add(publicKey);
    return this;
}
Also used : RecipientKeyIdentifier(com.github.zhenwei.pkix.util.asn1.cms.RecipientKeyIdentifier) KeyAgreeRecipientIdentifier(com.github.zhenwei.pkix.util.asn1.cms.KeyAgreeRecipientIdentifier)

Example 2 with KeyAgreeRecipientIdentifier

use of com.github.zhenwei.pkix.util.asn1.cms.KeyAgreeRecipientIdentifier in project LinLong-Java by zhenwei1108.

the class JceKeyAgreeRecipientInfoGenerator method addRecipient.

/**
 * Add a recipient based on the passed in certificate's public key and its issuer and serial
 * number.
 *
 * @param recipientCert recipient's certificate
 * @return the current instance.
 * @throws CertificateEncodingException if the necessary data cannot be extracted from the
 *                                      certificate.
 */
public JceKeyAgreeRecipientInfoGenerator addRecipient(X509Certificate recipientCert) throws CertificateEncodingException {
    recipientIDs.add(new KeyAgreeRecipientIdentifier(CMSUtils.getIssuerAndSerialNumber(recipientCert)));
    recipientKeys.add(recipientCert.getPublicKey());
    return this;
}
Also used : KeyAgreeRecipientIdentifier(com.github.zhenwei.pkix.util.asn1.cms.KeyAgreeRecipientIdentifier)

Example 3 with KeyAgreeRecipientIdentifier

use of com.github.zhenwei.pkix.util.asn1.cms.KeyAgreeRecipientIdentifier in project LinLong-Java by zhenwei1108.

the class JceKeyAgreeRecipientInfoGenerator method generateRecipientEncryptedKeys.

public ASN1Sequence generateRecipientEncryptedKeys(AlgorithmIdentifier keyAgreeAlgorithm, AlgorithmIdentifier keyEncryptionAlgorithm, GenericKey contentEncryptionKey) throws CMSException {
    if (recipientIDs.isEmpty()) {
        throw new CMSException("No recipients associated with generator - use addRecipient()");
    }
    init(keyAgreeAlgorithm.getAlgorithm());
    PrivateKey senderPrivateKey = this.senderPrivateKey;
    ASN1ObjectIdentifier keyAgreementOID = keyAgreeAlgorithm.getAlgorithm();
    ASN1EncodableVector recipientEncryptedKeys = new ASN1EncodableVector();
    for (int i = 0; i != recipientIDs.size(); i++) {
        PublicKey recipientPublicKey = (PublicKey) recipientKeys.get(i);
        KeyAgreeRecipientIdentifier karId = (KeyAgreeRecipientIdentifier) recipientIDs.get(i);
        try {
            AlgorithmParameterSpec agreementParamSpec;
            ASN1ObjectIdentifier keyEncAlg = keyEncryptionAlgorithm.getAlgorithm();
            if (CMSUtils.isMQV(keyAgreementOID)) {
                agreementParamSpec = new MQVParameterSpec(ephemeralKP, recipientPublicKey, userKeyingMaterial);
            } else if (CMSUtils.isEC(keyAgreementOID)) {
                byte[] ukmKeyingMaterial = ecc_cms_Generator.generateKDFMaterial(keyEncryptionAlgorithm, keySizeProvider.getKeySize(keyEncAlg), userKeyingMaterial);
                agreementParamSpec = new UserKeyingMaterialSpec(ukmKeyingMaterial);
            } else if (CMSUtils.isRFC2631(keyAgreementOID)) {
                if (userKeyingMaterial != null) {
                    agreementParamSpec = new UserKeyingMaterialSpec(userKeyingMaterial);
                } else {
                    if (keyAgreementOID.equals(PKCSObjectIdentifiers.id_alg_SSDH)) {
                        throw new CMSException("User keying material must be set for static keys.");
                    }
                    agreementParamSpec = null;
                }
            } else if (CMSUtils.isGOST(keyAgreementOID)) {
                if (userKeyingMaterial != null) {
                    agreementParamSpec = new UserKeyingMaterialSpec(userKeyingMaterial);
                } else {
                    throw new CMSException("User keying material must be set for static keys.");
                }
            } else {
                throw new CMSException("Unknown key agreement algorithm: " + keyAgreementOID);
            }
            // Use key agreement to choose a wrap key for this recipient
            KeyAgreement keyAgreement = helper.createKeyAgreement(keyAgreementOID);
            keyAgreement.init(senderPrivateKey, agreementParamSpec, random);
            keyAgreement.doPhase(recipientPublicKey, true);
            SecretKey keyEncryptionKey = keyAgreement.generateSecret(keyEncAlg.getId());
            // Wrap the content encryption key with the agreement key
            Cipher keyEncryptionCipher = helper.createCipher(keyEncAlg);
            ASN1OctetString encryptedKey;
            if (keyEncAlg.equals(CryptoProObjectIdentifiers.id_Gost28147_89_None_KeyWrap) || keyEncAlg.equals(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap)) {
                keyEncryptionCipher.init(Cipher.WRAP_MODE, keyEncryptionKey, new GOST28147WrapParameterSpec(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_A_ParamSet, userKeyingMaterial));
                byte[] encKeyBytes = keyEncryptionCipher.wrap(helper.getJceKey(contentEncryptionKey));
                Gost2814789EncryptedKey encKey = new Gost2814789EncryptedKey(Arrays.copyOfRange(encKeyBytes, 0, encKeyBytes.length - 4), Arrays.copyOfRange(encKeyBytes, encKeyBytes.length - 4, encKeyBytes.length));
                encryptedKey = new DEROctetString(encKey.getEncoded(ASN1Encoding.DER));
            } else {
                keyEncryptionCipher.init(Cipher.WRAP_MODE, keyEncryptionKey, random);
                byte[] encryptedKeyBytes = keyEncryptionCipher.wrap(helper.getJceKey(contentEncryptionKey));
                encryptedKey = new DEROctetString(encryptedKeyBytes);
            }
            recipientEncryptedKeys.add(new RecipientEncryptedKey(karId, encryptedKey));
        } catch (GeneralSecurityException e) {
            throw new CMSException("cannot perform agreement step: " + e.getMessage(), e);
        } catch (IOException e) {
            throw new CMSException("unable to encode wrapped key: " + e.getMessage(), e);
        }
    }
    return new DERSequence(recipientEncryptedKeys);
}
Also used : ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString) PrivateKey(java.security.PrivateKey) OriginatorPublicKey(com.github.zhenwei.pkix.util.asn1.cms.OriginatorPublicKey) PublicKey(java.security.PublicKey) GOST28147WrapParameterSpec(com.github.zhenwei.provider.jcajce.spec.GOST28147WrapParameterSpec) RecipientEncryptedKey(com.github.zhenwei.pkix.util.asn1.cms.RecipientEncryptedKey) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) UserKeyingMaterialSpec(com.github.zhenwei.provider.jcajce.spec.UserKeyingMaterialSpec) DEROctetString(com.github.zhenwei.core.asn1.DEROctetString) Gost2814789EncryptedKey(com.github.zhenwei.core.asn1.cryptopro.Gost2814789EncryptedKey) SecretKey(javax.crypto.SecretKey) DERSequence(com.github.zhenwei.core.asn1.DERSequence) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) Cipher(javax.crypto.Cipher) KeyAgreement(javax.crypto.KeyAgreement) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) MQVParameterSpec(com.github.zhenwei.provider.jcajce.spec.MQVParameterSpec) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) CMSException(com.github.zhenwei.pkix.cms.CMSException) KeyAgreeRecipientIdentifier(com.github.zhenwei.pkix.util.asn1.cms.KeyAgreeRecipientIdentifier)

Example 4 with KeyAgreeRecipientIdentifier

use of com.github.zhenwei.pkix.util.asn1.cms.KeyAgreeRecipientIdentifier in project LinLong-Java by zhenwei1108.

the class KeyAgreeRecipientInformation method readRecipientInfo.

static void readRecipientInfo(List infos, KeyAgreeRecipientInfo info, AlgorithmIdentifier messageAlgorithm, CMSSecureReadable secureReadable, AuthAttributesProvider additionalData) {
    ASN1Sequence s = info.getRecipientEncryptedKeys();
    for (int i = 0; i < s.size(); ++i) {
        RecipientEncryptedKey id = RecipientEncryptedKey.getInstance(s.getObjectAt(i));
        RecipientId rid;
        KeyAgreeRecipientIdentifier karid = id.getIdentifier();
        IssuerAndSerialNumber iAndSN = karid.getIssuerAndSerialNumber();
        if (iAndSN != null) {
            rid = new KeyAgreeRecipientId(iAndSN.getName(), iAndSN.getSerialNumber().getValue());
        } else {
            RecipientKeyIdentifier rKeyID = karid.getRKeyID();
            // Note: 'date' and 'other' fields of RecipientKeyIdentifier appear to be only informational
            rid = new KeyAgreeRecipientId(rKeyID.getSubjectKeyIdentifier().getOctets());
        }
        infos.add(new KeyAgreeRecipientInformation(info, rid, id.getEncryptedKey(), messageAlgorithm, secureReadable, additionalData));
    }
}
Also used : IssuerAndSerialNumber(com.github.zhenwei.pkix.util.asn1.cms.IssuerAndSerialNumber) ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence) RecipientEncryptedKey(com.github.zhenwei.pkix.util.asn1.cms.RecipientEncryptedKey) RecipientKeyIdentifier(com.github.zhenwei.pkix.util.asn1.cms.RecipientKeyIdentifier) KeyAgreeRecipientIdentifier(com.github.zhenwei.pkix.util.asn1.cms.KeyAgreeRecipientIdentifier)

Aggregations

KeyAgreeRecipientIdentifier (com.github.zhenwei.pkix.util.asn1.cms.KeyAgreeRecipientIdentifier)4 RecipientEncryptedKey (com.github.zhenwei.pkix.util.asn1.cms.RecipientEncryptedKey)2 RecipientKeyIdentifier (com.github.zhenwei.pkix.util.asn1.cms.RecipientKeyIdentifier)2 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)1 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)1 ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)1 ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)1 DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)1 DERSequence (com.github.zhenwei.core.asn1.DERSequence)1 Gost2814789EncryptedKey (com.github.zhenwei.core.asn1.cryptopro.Gost2814789EncryptedKey)1 CMSException (com.github.zhenwei.pkix.cms.CMSException)1 IssuerAndSerialNumber (com.github.zhenwei.pkix.util.asn1.cms.IssuerAndSerialNumber)1 OriginatorPublicKey (com.github.zhenwei.pkix.util.asn1.cms.OriginatorPublicKey)1 GOST28147WrapParameterSpec (com.github.zhenwei.provider.jcajce.spec.GOST28147WrapParameterSpec)1 MQVParameterSpec (com.github.zhenwei.provider.jcajce.spec.MQVParameterSpec)1 UserKeyingMaterialSpec (com.github.zhenwei.provider.jcajce.spec.UserKeyingMaterialSpec)1 IOException (java.io.IOException)1 GeneralSecurityException (java.security.GeneralSecurityException)1 PrivateKey (java.security.PrivateKey)1 PublicKey (java.security.PublicKey)1