1 package org.bouncycastle.cms.test; 2 3 import java.io.ByteArrayInputStream; 4 import java.io.IOException; 5 import java.io.InputStreamReader; 6 import java.math.BigInteger; 7 import java.security.AlgorithmParameters; 8 import java.security.GeneralSecurityException; 9 import java.security.Key; 10 import java.security.KeyFactory; 11 import java.security.KeyPair; 12 import java.security.NoSuchAlgorithmException; 13 import java.security.NoSuchProviderException; 14 import java.security.PrivateKey; 15 import java.security.SecureRandom; 16 import java.security.Security; 17 import java.security.cert.CertificateEncodingException; 18 import java.security.cert.CertificateFactory; 19 import java.security.cert.X509Certificate; 20 import java.security.interfaces.ECPrivateKey; 21 import java.security.spec.MGF1ParameterSpec; 22 import java.security.spec.PKCS8EncodedKeySpec; 23 import java.util.Arrays; 24 import java.util.Collection; 25 import java.util.Hashtable; 26 import java.util.Iterator; 27 28 import javax.crypto.SecretKey; 29 import javax.crypto.spec.OAEPParameterSpec; 30 import javax.crypto.spec.PSource; 31 import javax.crypto.spec.SecretKeySpec; 32 33 import junit.framework.Assert; 34 import junit.framework.Test; 35 import junit.framework.TestCase; 36 import junit.framework.TestSuite; 37 import org.bouncycastle.asn1.ASN1InputStream; 38 import org.bouncycastle.asn1.ASN1ObjectIdentifier; 39 import org.bouncycastle.asn1.ASN1OctetString; 40 import org.bouncycastle.asn1.ASN1Sequence; 41 import org.bouncycastle.asn1.DERNull; 42 import org.bouncycastle.asn1.DEROctetString; 43 import org.bouncycastle.asn1.DERSet; 44 import org.bouncycastle.asn1.DERUTF8String; 45 import org.bouncycastle.asn1.cms.Attribute; 46 import org.bouncycastle.asn1.cms.AttributeTable; 47 import org.bouncycastle.asn1.cms.CCMParameters; 48 import org.bouncycastle.asn1.cms.ContentInfo; 49 import org.bouncycastle.asn1.cms.EncryptedContentInfo; 50 import org.bouncycastle.asn1.cms.EnvelopedData; 51 import org.bouncycastle.asn1.cms.GCMParameters; 52 import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; 53 import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers; 54 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; 55 import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers; 56 import org.bouncycastle.asn1.pkcs.PBKDF2Params; 57 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; 58 import org.bouncycastle.asn1.pkcs.RC2CBCParameter; 59 import org.bouncycastle.asn1.rosstandart.RosstandartObjectIdentifiers; 60 import org.bouncycastle.asn1.x500.X500Name; 61 import org.bouncycastle.asn1.x509.AlgorithmIdentifier; 62 import org.bouncycastle.asn1.x509.Extension; 63 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; 64 import org.bouncycastle.cert.X509CertificateHolder; 65 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; 66 import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder; 67 import org.bouncycastle.cms.CMSAlgorithm; 68 import org.bouncycastle.cms.CMSEnvelopedData; 69 import org.bouncycastle.cms.CMSEnvelopedDataGenerator; 70 import org.bouncycastle.cms.CMSException; 71 import org.bouncycastle.cms.CMSProcessableByteArray; 72 import org.bouncycastle.cms.CMSTypedData; 73 import org.bouncycastle.cms.CMSTypedStream; 74 import org.bouncycastle.cms.KeyAgreeRecipientInformation; 75 import org.bouncycastle.cms.KeyTransRecipientInformation; 76 import org.bouncycastle.cms.OriginatorInfoGenerator; 77 import org.bouncycastle.cms.OriginatorInformation; 78 import org.bouncycastle.cms.PasswordRecipient; 79 import org.bouncycastle.cms.PasswordRecipientInformation; 80 import org.bouncycastle.cms.RecipientId; 81 import org.bouncycastle.cms.RecipientInformation; 82 import org.bouncycastle.cms.RecipientInformationStore; 83 import org.bouncycastle.cms.SimpleAttributeTableGenerator; 84 import org.bouncycastle.cms.bc.BcCMSContentEncryptorBuilder; 85 import org.bouncycastle.cms.bc.BcPasswordEnvelopedRecipient; 86 import org.bouncycastle.cms.bc.BcPasswordRecipientInfoGenerator; 87 import org.bouncycastle.cms.bc.BcRSAKeyTransRecipientInfoGenerator; 88 import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder; 89 import org.bouncycastle.cms.jcajce.JceKEKEnvelopedRecipient; 90 import org.bouncycastle.cms.jcajce.JceKEKRecipientInfoGenerator; 91 import org.bouncycastle.cms.jcajce.JceKeyAgreeEnvelopedRecipient; 92 import org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientId; 93 import org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientInfoGenerator; 94 import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient; 95 import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId; 96 import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator; 97 import org.bouncycastle.cms.jcajce.JcePasswordEnvelopedRecipient; 98 import org.bouncycastle.cms.jcajce.JcePasswordRecipientInfoGenerator; 99 import org.bouncycastle.jce.ECGOST3410NamedCurveTable; 100 import org.bouncycastle.jce.provider.BouncyCastleProvider; 101 import org.bouncycastle.openssl.PEMKeyPair; 102 import org.bouncycastle.openssl.PEMParser; 103 import org.bouncycastle.operator.OutputEncryptor; 104 import org.bouncycastle.operator.jcajce.JcaAlgorithmParametersConverter; 105 import org.bouncycastle.util.Strings; 106 import org.bouncycastle.util.encoders.Base64; 107 import org.bouncycastle.util.encoders.Hex; 108 import org.bouncycastle.util.io.Streams; 109 110 public class NewEnvelopedDataTest 111 extends TestCase 112 { 113 private static final String BC = BouncyCastleProvider.PROVIDER_NAME; 114 115 private static String _signDN; 116 private static KeyPair _signKP; 117 private static X509Certificate _signCert; 118 119 private static String _origDN; 120 private static KeyPair _origKP; 121 private static X509Certificate _origCert; 122 123 private static String _reciDN; 124 private static String _reciDN2; 125 private static KeyPair _reciKP; 126 private static KeyPair _reciOaepKP; 127 private static X509Certificate _reciCert; 128 private static X509Certificate _reciCertOaep; 129 130 private static KeyPair _origEcKP; 131 private static KeyPair _reciEcKP; 132 private static X509Certificate _reciEcCert; 133 private static KeyPair _reciEcKP2; 134 private static X509Certificate _reciEcCert2; 135 private static KeyPair _reciKemsKP; 136 private static X509Certificate _reciKemsCert; 137 138 private static KeyPair _origDhKP; 139 private static KeyPair _reciDhKP; 140 private static X509Certificate _reciDhCert; 141 142 private static boolean _initialised = false; 143 144 private byte[] oldKEK = Base64.decode( 145 "MIAGCSqGSIb3DQEHA6CAMIACAQIxQaI/MD0CAQQwBwQFAQIDBAUwDQYJYIZIAWUDBAEFBQAEI" 146 + "Fi2eHTPM4bQSjP4DUeDzJZLpfemW2gF1SPq7ZPHJi1mMIAGCSqGSIb3DQEHATAUBggqhkiG9w" 147 + "0DBwQImtdGyUdGGt6ggAQYk9X9z01YFBkU7IlS3wmsKpm/zpZClTceAAAAAAAAAAAAAA=="); 148 149 private byte[] ecKeyAgreeMsgAES256 = Base64.decode( 150 "MIAGCSqGSIb3DQEHA6CAMIACAQIxgcShgcECAQOgQ6FBMAsGByqGSM49AgEF" 151 + "AAMyAAPdXlSTpub+qqno9hUGkUDl+S3/ABhPziIB5yGU4678tgOgU5CiKG9Z" 152 + "kfnabIJ3nZYwGgYJK4EFEIZIPwACMA0GCWCGSAFlAwQBLQUAMFswWTAtMCgx" 153 + "EzARBgNVBAMTCkFkbWluLU1EU0UxETAPBgNVBAoTCDRCQ1QtMklEAgEBBCi/" 154 + "rJRLbFwEVW6PcLLmojjW9lI/xGD7CfZzXrqXFw8iHaf3hTRau1gYMIAGCSqG" 155 + "SIb3DQEHATAdBglghkgBZQMEASoEEMtCnKKPwccmyrbgeSIlA3qggAQQDLw8" 156 + "pNJR97bPpj6baG99bQQQwhEDsoj5Xg1oOxojHVcYzAAAAAAAAAAAAAA="); 157 158 private byte[] ecKeyAgreeMsgAES128 = Base64.decode( 159 "MIAGCSqGSIb3DQEHA6CAMIACAQIxgbShgbECAQOgQ6FBMAsGByqGSM49AgEF" 160 + "AAMyAAL01JLEgKvKh5rbxI/hOxs/9WEezMIsAbUaZM4l5tn3CzXAN505nr5d" 161 + "LhrcurMK+tAwGgYJK4EFEIZIPwACMA0GCWCGSAFlAwQBBQUAMEswSTAtMCgx" 162 + "EzARBgNVBAMTCkFkbWluLU1EU0UxETAPBgNVBAoTCDRCQ1QtMklEAgEBBBhi" 163 + "FLjc5g6aqDT3f8LomljOwl1WTrplUT8wgAYJKoZIhvcNAQcBMB0GCWCGSAFl" 164 + "AwQBAgQQzXjms16Y69S/rB0EbHqRMaCABBAFmc/QdVW6LTKdEy97kaZzBBBa" 165 + "fQuviUS03NycpojELx0bAAAAAAAAAAAAAA=="); 166 167 private byte[] ecKeyAgreeMsgDESEDE = Base64.decode( 168 "MIAGCSqGSIb3DQEHA6CAMIACAQIxgcahgcMCAQOgQ6FBMAsGByqGSM49AgEF" 169 + "AAMyAALIici6Nx1WN5f0ThH2A8ht9ovm0thpC5JK54t73E1RDzCifePaoQo0" 170 + "xd6sUqoyGaYwHAYJK4EFEIZIPwACMA8GCyqGSIb3DQEJEAMGBQAwWzBZMC0w" 171 + "KDETMBEGA1UEAxMKQWRtaW4tTURTRTERMA8GA1UEChMINEJDVC0ySUQCAQEE" 172 + "KJuqZQ1NB1vXrKPOnb4TCpYOsdm6GscWdwAAZlm2EHMp444j0s55J9wwgAYJ" 173 + "KoZIhvcNAQcBMBQGCCqGSIb3DQMHBAjwnsDMsafCrKCABBjyPvqFOVMKxxut" 174 + "VfTx4fQlNGJN8S2ATRgECMcTQ/dsmeViAAAAAAAAAAAAAA=="); 175 176 private byte[] ecMQVKeyAgreeMsgAES128 = Base64.decode( 177 "MIAGCSqGSIb3DQEHA6CAMIACAQIxgf2hgfoCAQOgQ6FBMAsGByqGSM49AgEF" 178 + "AAMyAAPDKU+0H58tsjpoYmYCInMr/FayvCCkupebgsnpaGEB7qS9vzcNVUj6" 179 + "mrnmiC2grpmhRwRFMEMwQTALBgcqhkjOPQIBBQADMgACZpD13z9c7DzRWx6S" 180 + "0xdbq3S+EJ7vWO+YcHVjTD8NcQDcZcWASW899l1PkL936zsuMBoGCSuBBRCG" 181 + "SD8AEDANBglghkgBZQMEAQUFADBLMEkwLTAoMRMwEQYDVQQDEwpBZG1pbi1N" 182 + "RFNFMREwDwYDVQQKEwg0QkNULTJJRAIBAQQYFq58L71nyMK/70w3nc6zkkRy" 183 + "RL7DHmpZMIAGCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEDzRUpreBsZXWHBe" 184 + "onxOtSmggAQQ7csAZXwT1lHUqoazoy8bhAQQq+9Zjj8iGdOWgyebbfj67QAA" 185 + "AAAAAAAAAAA="); 186 187 188 private byte[] ecKeyAgreeKey = Base64.decode( 189 "MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDC8vp7xVTbKSgYVU5Wc" 190 + "hGkWbzaj+yUFETIWP1Dt7+WSpq3ikSPdl7PpHPqnPVZfoIWhZANiAgSYHTgxf+Dd" 191 + "Tt84dUvuSKkFy3RhjxJmjwIscK6zbEUzKhcPQG2GHzXhWK5x1kov0I74XpGhVkya" 192 + "ElH5K6SaOXiXAzcyNGggTOk4+ZFnz5Xl0pBje3zKxPhYu0SnCw7Pcqw="); 193 194 private byte[] bobPrivRsaEncrypt = Base64.decode( 195 "MIIChQIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKnhZ5g/OdVf" 196 + "8qCTQV6meYmFyDVdmpFb+x0B2hlwJhcPvaUi0DWFbXqYZhRBXM+3twg7CcmR" 197 + "uBlpN235ZR572akzJKN/O7uvRgGGNjQyywcDWVL8hYsxBLjMGAgUSOZPHPtd" 198 + "YMTgXB9T039T2GkB8QX4enDRvoPGXzjPHCyqaqfrAgMBAAECgYBnzUhMmg2P" 199 + "mMIbZf8ig5xt8KYGHbztpwOIlPIcaw+LNd4Ogngwy+e6alatd8brUXlweQqg" 200 + "9P5F4Kmy9Bnah5jWMIR05PxZbMHGd9ypkdB8MKCixQheIXFD/A0HPfD6bRSe" 201 + "TmPwF1h5HEuYHD09sBvf+iU7o8AsmAX2EAnYh9sDGQJBANDDIsbeopkYdo+N" 202 + "vKZ11mY/1I1FUox29XLE6/BGmvE+XKpVC5va3Wtt+Pw7PAhDk7Vb/s7q/WiE" 203 + "I2Kv8zHCueUCQQDQUfweIrdb7bWOAcjXq/JY1PeClPNTqBlFy2bKKBlf4hAr" 204 + "84/sajB0+E0R9KfEILVHIdxJAfkKICnwJAiEYH2PAkA0umTJSChXdNdVUN5q" 205 + "SO8bKlocSHseIVnDYDubl6nA7xhmqU5iUjiEzuUJiEiUacUgFJlaV/4jbOSn" 206 + "I3vQgLeFAkEAni+zN5r7CwZdV+EJBqRd2ZCWBgVfJAZAcpw6iIWchw+dYhKI" 207 + "FmioNRobQ+g4wJhprwMKSDIETukPj3d9NDAlBwJAVxhn1grStavCunrnVNqc" 208 + "BU+B1O8BiR4yPWnLMcRSyFRVJQA7HCp8JlDV6abXd8vPFfXuC9WN7rOvTKF8" 209 + "Y0ZB9qANMAsGA1UdDzEEAwIAEA=="); 210 211 private byte[] rfc4134ex5_1 = Base64.decode( 212 "MIIBHgYJKoZIhvcNAQcDoIIBDzCCAQsCAQAxgcAwgb0CAQAwJjASMRAwDgYD" 213 + "VQQDEwdDYXJsUlNBAhBGNGvHgABWvBHTbi7NXXHQMA0GCSqGSIb3DQEBAQUA" 214 + "BIGAC3EN5nGIiJi2lsGPcP2iJ97a4e8kbKQz36zg6Z2i0yx6zYC4mZ7mX7FB" 215 + "s3IWg+f6KgCLx3M1eCbWx8+MDFbbpXadCDgO8/nUkUNYeNxJtuzubGgzoyEd" 216 + "8Ch4H/dd9gdzTd+taTEgS0ipdSJuNnkVY4/M652jKKHRLFf02hosdR8wQwYJ" 217 + "KoZIhvcNAQcBMBQGCCqGSIb3DQMHBAgtaMXpRwZRNYAgDsiSf8Z9P43LrY4O" 218 + "xUk660cu1lXeCSFOSOpOJ7FuVyU="); 219 220 private byte[] rfc4134ex5_2 = Base64.decode( 221 "MIIBZQYJKoZIhvcNAQcDoIIBVjCCAVICAQIxggEAMIG9AgEAMCYwEjEQMA4G" 222 + "A1UEAxMHQ2FybFJTQQIQRjRrx4AAVrwR024uzV1x0DANBgkqhkiG9w0BAQEF" 223 + "AASBgJQmQojGi7Z4IP+CVypBmNFoCDoEp87khtgyff2N4SmqD3RxPx+8hbLQ" 224 + "t9i3YcMwcap+aiOkyqjMalT03VUC0XBOGv+HYI3HBZm/aFzxoq+YOXAWs5xl" 225 + "GerZwTOc9j6AYlK4qXvnztR5SQ8TBjlzytm4V7zg+TGrnGVNQBNw47Ewoj4C" 226 + "AQQwDQQLTWFpbExpc3RSQzIwEAYLKoZIhvcNAQkQAwcCAToEGHcUr5MSJ/g9" 227 + "HnJVHsQ6X56VcwYb+OfojTBJBgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgIC" 228 + "AKAECJwE0hkuKlWhgCBeKNXhojuej3org9Lt7n+wWxOhnky5V50vSpoYRfRR" 229 + "yw=="); 230 231 private byte[] tooShort3DES = Base64.decode( 232 "MIAGCSqGSIb3DQEHA6CAMIACAQAxgcQwgcECAQAwKjAlMRYwFAYDVQQKDA1C" + 233 "b3VuY3kgQ2FzdGxlMQswCQYDVQQGEwJBVQIBCjANBgkqhkiG9w0BAQEFAASB" + 234 "gJIM2QN0o6iv8Ux018pVCJ8js+ROV4t6+KoMwLJ4DzRKLU8XCAb9BS+crP+F" + 235 "ghNTxTpTX8TaxPrO4wV0USgVHu2SvFnxNaWZjBDVIyZI2HR4QkSTqFMhsUB2" + 236 "6CuZIWBZkhqQ6ruDfvn9UuBWVnfsBD4iryZ1idr713sDeVo5TyvTMIAGCSqG" + 237 "SIb3DQEHATAUBggqhkiG9w0DBwQIQq9e4+WB3CqggAQIwU4cOlmkWUcAAAAA" + 238 "AAAAAAAA"); 239 240 private byte[] tooShort3DESKey = Base64.decode( 241 "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAODZDCj0nQdV" + 242 "f0GGeFsPjjvPx1Vem0V6IkJ4SzazGKfddk0pX58ZDCnG+S+OPiXmPDqValiu" + 243 "9FtNy2/r9rrf/6qtcVQJkfSJv9E5Y7HgI98L/Y9lKxZWsfRqu/SlYO5zx0Dc" + 244 "2rzDvvZRtrtaq0uuHXWJlbWda2L9S65sv/Le/zvjAgMBAAECgYEAnn+iGMTG" + 245 "ZMMaH6Cg+t/uTa9cPougPMuplt2hd3+sY7izihUeONK5RkHiqmlE2gaAcnOd" + 246 "McKysiIWxGC73mPEnsOObPkaFlneVb5CtjTaTMdptuLNEQkwvtKhuW2HnMra" + 247 "4afEgFZdll3FyRpvW/CDooe4Bppjd4aGn/Sr/o9nOzECQQD4QKLwZssuclji" + 248 "nD/8gU1CqGMMnGNogTMpHm1269HUOE7r1y3MuapUqSWsVhpuEQ8P/Tko0haJ" + 249 "jeZn2eWTbZu/AkEA591snui8FMeGvkRgvyMFNvXZWDEjsh+N74XEL1lykTgZ" + 250 "FQJ+cmThnrdM/8yj1dKkdASYrk5kFJ4PVE6CzDI43QJAFS22eNncJZc9u/9m" + 251 "eg0x4SjqYk4JMQYsripZXlbZ7Mfs+7O8xYVlYZmYjC5ATPmJlmyc7r2VjKCd" + 252 "cmilbEFikwJBAMh7yf8BaBdjitubzjeW9VxXaa37F01eQWD5PfBfHFP6uJ1V" + 253 "AbayCfAtuHN6I7OwJih3DPmyqJC3NrQECs67IjUCQAb4TfVE/2G1s66SGnb4" + 254 "no34BspoV/i4f0uLhJap84bTHcF/ZRSXCmQOCRGdSvQkXHeNPI5Lus6lOHuU" + 255 "vUDbQC8="); 256 257 // from RFC 4490 258 259 private byte[] gost3410_RecipCert = Base64.decode( 260 "MIIB0DCCAX8CECv1xh7CEb0Xx9zUYma0LiEwCAYGKoUDAgIDMG0xHzAdBgNVBAMM" + 261 "Fkdvc3RSMzQxMC0yMDAxIGV4YW1wbGUxEjAQBgNVBAoMCUNyeXB0b1BybzELMAkG" + 262 "A1UEBhMCUlUxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQxMC0yMDAxQGV4YW1wbGUu" + 263 "Y29tMB4XDTA1MDgxNjE0MTgyMFoXDTE1MDgxNjE0MTgyMFowbTEfMB0GA1UEAwwW" + 264 "R29zdFIzNDEwLTIwMDEgZXhhbXBsZTESMBAGA1UECgwJQ3J5cHRvUHJvMQswCQYD" + 265 "VQQGEwJSVTEpMCcGCSqGSIb3DQEJARYaR29zdFIzNDEwLTIwMDFAZXhhbXBsZS5j" + 266 "b20wYzAcBgYqhQMCAhMwEgYHKoUDAgIkAAYHKoUDAgIeAQNDAARAhJVodWACGkB1" + 267 "CM0TjDGJLP3lBQN6Q1z0bSsP508yfleP68wWuZWIA9CafIWuD+SN6qa7flbHy7Df" + 268 "D2a8yuoaYDAIBgYqhQMCAgMDQQA8L8kJRLcnqeyn1en7U23Sw6pkfEQu3u0xFkVP" + 269 "vFQ/3cHeF26NG+xxtZPz3TaTVXdoiYkXYiD02rEx1bUcM97i"); 270 271 private byte[] gost3410_2001_KeyTrans = Base64.decode( 272 "MIIBpwYJKoZIhvcNAQcDoIIBmDCCAZQCAQAxggFTMIIBTwIBADCBgTBtMR8wHQYD" + 273 "VQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQKDAlDcnlwdG9Qcm8x" + 274 "CzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0UjM0MTAtMjAwMUBleGFt" + 275 "cGxlLmNvbQIQK/XGHsIRvRfH3NRiZrQuITAcBgYqhQMCAhMwEgYHKoUDAgIkAAYH" + 276 "KoUDAgIeAQSBpzCBpDAoBCBqL6ghBpVon5/kR6qey2EVK35BYLxdjfv1PSgbGJr5" + 277 "dQQENm2Yt6B4BgcqhQMCAh8BoGMwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwIC" + 278 "HgEDQwAEQE0rLzOQ5tyj3VUqzd/g7/sx93N+Tv+/eImKK8PNMZQESw5gSJYf28dd" + 279 "Em/askCKd7W96vLsNMsjn5uL3Z4SwPYECJeV4ywrrSsMMDgGCSqGSIb3DQEHATAd" + 280 "BgYqhQMCAhUwEwQIvBCLHwv/NCkGByqFAwICHwGADKqOch3uT7Mu4w+hNw=="); 281 282 private byte[] gost3410_2001_KeyAgree = Base64.decode( 283 "MIIBpAYJKoZIhvcNAQcDoIIBlTCCAZECAQIxggFQoYIBTAIBA6BloWMwHAYGKoUD" + 284 "AgITMBIGByqFAwICJAAGByqFAwICHgEDQwAEQLNVOfRngZcrpcTZhB8n+4HtCDLm" + 285 "mtTyAHi4/4Nk6tIdsHg8ff4DwfQG5DvMFrnF9vYZNxwXuKCqx9GhlLOlNiChCgQI" + 286 "L/D20YZLMoowHgYGKoUDAgJgMBQGByqFAwICDQAwCQYHKoUDAgIfATCBszCBsDCB" + 287 "gTBtMR8wHQYDVQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQKDAlD" + 288 "cnlwdG9Qcm8xCzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0UjM0MTAt" + 289 "MjAwMUBleGFtcGxlLmNvbQIQK/XGHsIRvRfH3NRiZrQuIQQqMCgEIBajHOfOTukN" + 290 "8ex0aQRoHsefOu24Ox8dSn75pdnLGdXoBAST/YZ+MDgGCSqGSIb3DQEHATAdBgYq" + 291 "hQMCAhUwEwQItzXhegc1oh0GByqFAwICHwGADDmxivS/qeJlJbZVyQ=="); 292 293 public byte[] gost2001_Rand_Cert = Base64.decode( 294 "MIIELDCCA9ugAwIBAgIENqPHFzAIBgYqhQMCAgMwgckxCzAJBgNVBAYTAlJVMSAwHgYDVQQIDBfQoS7Qn9C40YLQtdGA0LHR" + 295 "g9GA0LPRijEfMB0GA1UECgwW0KHQvtCy0YDQtdC80LXQvdC90LjQujEfMB0GA1UECwwW0KDRg9C60L7QstC+0LTRgdGC0LLQ" + 296 "vjEZMBcGA1UEDAwQ0KDQtdC00LDQutGC0L7RgDE7MDkGA1UEAwwy0J/Rg9GI0LrQuNC9INCQ0LvQtdC60YHQsNC90LTRgCDQ" + 297 "odC10YDQs9C10LXQstC40YcwHhcNMTcwNzE1MTQwMDAwWhcNMzcwNzE1MTQwMDAwWjCByTELMAkGA1UEBhMCUlUxIDAeBgNV" + 298 "BAgMF9ChLtCf0LjRgtC10YDQsdGD0YDQs9GKMR8wHQYDVQQKDBbQodC+0LLRgNC10LzQtdC90L3QuNC6MR8wHQYDVQQLDBbQ" + 299 "oNGD0LrQvtCy0L7QtNGB0YLQstC+MRkwFwYDVQQMDBDQoNC10LTQsNC60YLQvtGAMTswOQYDVQQDDDLQn9GD0YjQutC40L0g" + 300 "0JDQu9C10LrRgdCw0L3QtNGAINCh0LXRgNCz0LXQtdCy0LjRhzBjMBwGBiqFAwICEzASBgcqhQMCAiQABgcqhQMCAh4BA0MA" + 301 "BEC0WD4VzaInvp+WfjF+XIdZeWMrNSJVxUM6d/acwVMPwetEBtr1U82Cgf2U5eoz6eHxaLsAVG+qbiiMwV/4GKsao4IBpTCC" + 302 "AaEwDgYDVR0PAQH/BAQDAgH+MGMGA1UdJQRcMFoGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggr" + 303 "BgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHBggrBgEFBQcDCAYIKwYBBQUHAwkwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E" + 304 "FgQUqcUQmyYjxhQ9t5JX327oLxMjtkcwgfkGA1UdIwSB8TCB7oAUqcUQmyYjxhQ9t5JX327oLxMjtkehgc+kgcwwgckxCzAJ" + 305 "BgNVBAYTAlJVMSAwHgYDVQQIDBfQoS7Qn9C40YLQtdGA0LHRg9GA0LPRijEfMB0GA1UECgwW0KHQvtCy0YDQtdC80LXQvdC9" + 306 "0LjQujEfMB0GA1UECwwW0KDRg9C60L7QstC+0LTRgdGC0LLQvjEZMBcGA1UEDAwQ0KDQtdC00LDQutGC0L7RgDE7MDkGA1UE" + 307 "Awwy0J/Rg9GI0LrQuNC9INCQ0LvQtdC60YHQsNC90LTRgCDQodC10YDQs9C10LXQstC40YeCBDajxxcwCAYGKoUDAgIDA0EA" + 308 "2rrXsssEqxuRPtVRa+vlrgoXUa9WV+24uZ1LzsiMehSOv/pUo7kJZwoA5VCedJw0C8dce6Uc6lDJkNzpHN40hA==" 309 ); 310 311 public byte[] gost2001_Rand_Key = Base64.decode( 312 "MEUCAQAwHAYGKoUDAgJiMBIGByqFAwICJAAGByqFAwICHgEEIgQgDWFcH/5KjwIwXrMdyO5CBnJdoOVtKp7WMb4EIljc+K4=" 313 ); 314 315 public byte[] gost2001_Rand_Msg = Base64.decode( 316 "MIIB+AYJKoZIhvcNAQcDoIIB6TCCAeUCAQAxggGkMIIBoAIBADCB0jCByTELMAkGA1UEBhMCUlUxIDAeBgNVBAgMF9ChLtCf" + 317 "0LjRgtC10YDQsdGD0YDQs9GKMR8wHQYDVQQKDBbQodC+0LLRgNC10LzQtdC90L3QuNC6MR8wHQYDVQQLDBbQoNGD0LrQvtCy" + 318 "0L7QtNGB0YLQstC+MRkwFwYDVQQMDBDQoNC10LTQsNC60YLQvtGAMTswOQYDVQQDDDLQn9GD0YjQutC40L0g0JDQu9C10LrR" + 319 "gdCw0L3QtNGAINCh0LXRgNCz0LXQtdCy0LjRhwIENqPHFzAcBgYqhQMCAhMwEgYHKoUDAgIkAAYHKoUDAgIeAQSBpzCBpDAo" + 320 "BCCbkNQAmR9ny2u5W8MvFHs8iO91uA2iCy+2nccpwOQ0agQE9BJtXaB4BgcqhQMCAh8BoGMwHAYGKoUDAgITMBIGByqFAwIC" + 321 "JAAGByqFAwICHgEDQwAEQOeSFV7jo7EvygKSgHH79eel7sgWu0yW4swAK81Pw8jHMazuL6SpTUqUWNPW1jf4aFFHQAQmrxWV" + 322 "maCQn7gSJl8ECFgM3TO2P26NMDgGCSqGSIb3DQEHATAdBgYqhQMCAhUwEwQIC4ytWGecO5AGByqFAwICHwGADIzrpurLkuk0" + 323 "xGGidg==" 324 ); 325 326 public byte[] gost2001_Rand_Sender_Cert = Base64.decode( 327 "MIIERTCCA/SgAwIBAgIEUu7tIDAIBgYqhQMCAgMwgdExCzAJBgNVBAYTAlJVMSAwHgYDVQQIDBfQoS7Qn9C40YLQtdGA0LHR" + 328 "g9GA0LPRijEfMB0GA1UECgwW0KHQvtCy0YDQtdC80LXQvdC90LjQujEoMCYGA1UECwwf0JTQtdC50YHRgtCy0YPRjtGJ0LjQ" + 329 "tSDQu9C40YbQsDEtMCsGA1UEDAwk0KTQuNC70L7RgdC+0LIg0Lgg0L/Rg9Cx0LvQuNGG0LjRgdGCMSYwJAYDVQQDDB3QldCy" + 330 "0LPQtdC90ZbQuSDQntC90aPQs9C40L3RijAeFw0xNzA3MTYxNDAwMDBaFw0zNzA3MTYxNDAwMDBaMIHRMQswCQYDVQQGEwJS" + 331 "VTEgMB4GA1UECAwX0KEu0J/QuNGC0LXRgNCx0YPRgNCz0YoxHzAdBgNVBAoMFtCh0L7QstGA0LXQvNC10L3QvdC40LoxKDAm" + 332 "BgNVBAsMH9CU0LXQudGB0YLQstGD0Y7RidC40LUg0LvQuNGG0LAxLTArBgNVBAwMJNCk0LjQu9C+0YHQvtCyINC4INC/0YPQ" + 333 "sdC70LjRhtC40YHRgjEmMCQGA1UEAwwd0JXQstCz0LXQvdGW0Lkg0J7QvdGj0LPQuNC90YowYzAcBgYqhQMCAhMwEgYHKoUD" + 334 "AgIkAAYHKoUDAgIeAQNDAARAM++vMY04j9Bvcn71wM9atNkRo4lCixrOR82HncQbwnyBS6R0BqRmL+Q32TzEYpslzRkQnj/z" + 335 "yORa31QVSRghQaOCAa4wggGqMA4GA1UdDwEB/wQEAwIB/jBjBgNVHSUEXDBaBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUF" + 336 "BwMDBggrBgEFBQcDBAYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEFBQcDBwYIKwYBBQUHAwgGCCsGAQUFBwMJMA8GA1UdEwEB" + 337 "/wQFMAMBAf8wHQYDVR0OBBYEFCLkv9o8dmaV1StuS8QFO64FJXXXMIIBAQYDVR0jBIH5MIH2gBQi5L/aPHZmldUrbkvEBTuu" + 338 "BSV116GB16SB1DCB0TELMAkGA1UEBhMCUlUxIDAeBgNVBAgMF9ChLtCf0LjRgtC10YDQsdGD0YDQs9GKMR8wHQYDVQQKDBbQ" + 339 "odC+0LLRgNC10LzQtdC90L3QuNC6MSgwJgYDVQQLDB/QlNC10LnRgdGC0LLRg9GO0YnQuNC1INC70LjRhtCwMS0wKwYDVQQM" + 340 "DCTQpNC40LvQvtGB0L7QsiDQuCDQv9GD0LHQu9C40YbQuNGB0YIxJjAkBgNVBAMMHdCV0LLQs9C10L3RltC5INCe0L3Ro9Cz" + 341 "0LjQvdGKggRS7u0gMAgGBiqFAwICAwNBAIMLOOeDFPnrGkC/QG/pvLRZhEeiVkGVgy/h5WJancJDouHzedhI+mJqBFEYRoIy" + 342 "4KP5Q93Bf1NClXwIfnTOxWo=" 343 ); 344 345 public byte[] gost2001_Rand_Sender_Key = Base64.decode( 346 "MEUCAQAwHAYGKoUDAgJiMBIGByqFAwICJAAGByqFAwICHgEEIgQgGmpna37puqaRGBZjUAX5UfWaL67C9rvxCpOIexI0KUM=" 347 ); 348 349 public byte[] gost2001_Rand_Reci_Cert = Base64.decode( 350 "MIIELDCCA9ugAwIBAgIERMAcpzAIBgYqhQMCAgMwgckxCzAJBgNVBAYTAlJVMSAwHgYDVQQIDBfQoS7Qn9C40YLQtdGA0LHR" + 351 "g9GA0LPRijEfMB0GA1UECgwW0KHQvtCy0YDQtdC80LXQvdC90LjQujEfMB0GA1UECwwW0KDRg9C60L7QstC+0LTRgdGC0LLQ" + 352 "vjEZMBcGA1UEDAwQ0KDQtdC00LDQutGC0L7RgDE7MDkGA1UEAwwy0J/Rg9GI0LrQuNC9INCQ0LvQtdC60YHQsNC90LTRgCDQ" + 353 "odC10YDQs9C10LXQstC40YcwHhcNMTcwNzE2MTQwMDAwWhcNMzcwNzE2MTQwMDAwWjCByTELMAkGA1UEBhMCUlUxIDAeBgNV" + 354 "BAgMF9ChLtCf0LjRgtC10YDQsdGD0YDQs9GKMR8wHQYDVQQKDBbQodC+0LLRgNC10LzQtdC90L3QuNC6MR8wHQYDVQQLDBbQ" + 355 "oNGD0LrQvtCy0L7QtNGB0YLQstC+MRkwFwYDVQQMDBDQoNC10LTQsNC60YLQvtGAMTswOQYDVQQDDDLQn9GD0YjQutC40L0g" + 356 "0JDQu9C10LrRgdCw0L3QtNGAINCh0LXRgNCz0LXQtdCy0LjRhzBjMBwGBiqFAwICEzASBgcqhQMCAiQABgcqhQMCAh4BA0MA" + 357 "BEA6Dzd7VQJA7712CfHiH4L0TVcaH+iLJ6vHkfdgAvS+8mGt/L2H9qQP7O41SgDKQqtfrr+tHDig7/ft5Bl1TFNoo4IBpTCC" + 358 "AaEwDgYDVR0PAQH/BAQDAgH+MGMGA1UdJQRcMFoGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggr" + 359 "BgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHBggrBgEFBQcDCAYIKwYBBQUHAwkwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E" + 360 "FgQU8ZLn4r4PajaqWCwLYW6XauO3XsgwgfkGA1UdIwSB8TCB7oAU8ZLn4r4PajaqWCwLYW6XauO3Xsihgc+kgcwwgckxCzAJ" + 361 "BgNVBAYTAlJVMSAwHgYDVQQIDBfQoS7Qn9C40YLQtdGA0LHRg9GA0LPRijEfMB0GA1UECgwW0KHQvtCy0YDQtdC80LXQvdC9" + 362 "0LjQujEfMB0GA1UECwwW0KDRg9C60L7QstC+0LTRgdGC0LLQvjEZMBcGA1UEDAwQ0KDQtdC00LDQutGC0L7RgDE7MDkGA1UE" + 363 "Awwy0J/Rg9GI0LrQuNC9INCQ0LvQtdC60YHQsNC90LTRgCDQodC10YDQs9C10LXQstC40YeCBETAHKcwCAYGKoUDAgIDA0EA" + 364 "Ul4Y7XAhFUEoTUwdue+wbyxk86SpIFwC6NuVjTSIF3F9ACxfz2N6iwHaRv6GTVRIAEjj5G/rhdxRivvC8hU4QQ==" 365 ); 366 367 public byte[] gost2001_Rand_Reci_Key = Base64.decode( 368 "MEUCAQAwHAYGKoUDAgJiMBIGByqFAwICJAAGByqFAwICHgEEIgQg5oDAn/BdWX4RSfHeqZyHAo/CNAy+2a0Jq3Z922cYeSQ=" 369 ); 370 371 public byte[] gost2001_Rand_Gen_Msg = Base64.decode( 372 "MIICAQYJKoZIhvcNAQcDoIIB8jCCAe4CAQAxggGtoYIBqQIBA6BloWMwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwICHgED" + 373 "QwAEQDPvrzGNOI/Qb3J+9cDPWrTZEaOJQosazkfNh53EG8J8gUukdAakZi/kN9k8xGKbJc0ZEJ4/88jkWt9UFUkYIUGhCgQI" + 374 "SQHkq1IzGZ8wKAYGKoUDAgJgMB4GByqFAwICDQEwEwYHKoUDAgIfAQQISQHkq1IzGZ8wggEFMIIBATCB0jCByTELMAkGA1UE" + 375 "BhMCUlUxIDAeBgNVBAgMF9ChLtCf0LjRgtC10YDQsdGD0YDQs9GKMR8wHQYDVQQKDBbQodC+0LLRgNC10LzQtdC90L3QuNC6" + 376 "MR8wHQYDVQQLDBbQoNGD0LrQvtCy0L7QtNGB0YLQstC+MRkwFwYDVQQMDBDQoNC10LTQsNC60YLQvtGAMTswOQYDVQQDDDLQ" + 377 "n9GD0YjQutC40L0g0JDQu9C10LrRgdCw0L3QtNGAINCh0LXRgNCz0LXQtdCy0LjRhwIERMAcpwQqMCgEIA4jC8qro8xNnn+R" + 378 "JTNYpV8dSdw82e/pnqnyo21o+qZkBAT9DaUDMDgGCSqGSIb3DQEHATAdBgYqhQMCAhUwEwQIziBZysW+ewMGByqFAwICHwGA" + 379 "DFKaSCs2xd4ef/khFQ==" 380 ); 381 382 public byte[] gost2012_Sender_Cert = Base64.decode( 383 "MIIETDCCA/mgAwIBAgIEB/tRdzAKBggqhQMHAQEDAjCB0TELMAkGA1UEBhMCUlUxIDAeBgNVBAgMF9ChLtCf0LjRgtC10YDQ" + 384 "sdGD0YDQs9GKMR8wHQYDVQQKDBbQodC+0LLRgNC10LzQtdC90L3QuNC6MSgwJgYDVQQLDB/QlNC10LnRgdGC0LLRg9GO0YnQ" + 385 "uNC1INC70LjRhtCwMS0wKwYDVQQMDCTQpNC40LvQvtGB0L7QsiDQuCDQv9GD0LHQu9C40YbQuNGB0YIxJjAkBgNVBAMMHdCV" + 386 "0LLQs9C10L3RltC5INCe0L3Ro9Cz0LjQvdGKMB4XDTE3MDcxNTE0MDAwMFoXDTM3MDcxNTE0MDAwMFowgdExCzAJBgNVBAYT" + 387 "AlJVMSAwHgYDVQQIDBfQoS7Qn9C40YLQtdGA0LHRg9GA0LPRijEfMB0GA1UECgwW0KHQvtCy0YDQtdC80LXQvdC90LjQujEo" + 388 "MCYGA1UECwwf0JTQtdC50YHRgtCy0YPRjtGJ0LjQtSDQu9C40YbQsDEtMCsGA1UEDAwk0KTQuNC70L7RgdC+0LIg0Lgg0L/R" + 389 "g9Cx0LvQuNGG0LjRgdGCMSYwJAYDVQQDDB3QldCy0LPQtdC90ZbQuSDQntC90aPQs9C40L3RijBmMB8GCCqFAwcBAQEBMBMG" + 390 "ByqFAwICJAAGCCqFAwcBAQICA0MABEAl9XE868NRYm3CQXCPO+BJlVi7kxORfoyRaHyWyKBFf4TYV4eEUF/WjAf3fAqsndp6" + 391 "v1DNqa3KS1R1yqn1Ug4do4IBrjCCAaowDgYDVR0PAQH/BAQDAgH+MGMGA1UdJQRcMFoGCCsGAQUFBwMBBggrBgEFBQcDAgYI" + 392 "KwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHBggrBgEFBQcDCAYIKwYBBQUHAwkwDwYD" + 393 "VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUzhoR/a0hWGOpy6GPEm7LBCJ3dLYwggEBBgNVHSMEgfkwgfaAFM4aEf2tIVhjqcuh" + 394 "jxJuywQid3S2oYHXpIHUMIHRMQswCQYDVQQGEwJSVTEgMB4GA1UECAwX0KEu0J/QuNGC0LXRgNCx0YPRgNCz0YoxHzAdBgNV" + 395 "BAoMFtCh0L7QstGA0LXQvNC10L3QvdC40LoxKDAmBgNVBAsMH9CU0LXQudGB0YLQstGD0Y7RidC40LUg0LvQuNGG0LAxLTAr" + 396 "BgNVBAwMJNCk0LjQu9C+0YHQvtCyINC4INC/0YPQsdC70LjRhtC40YHRgjEmMCQGA1UEAwwd0JXQstCz0LXQvdGW0Lkg0J7Q" + 397 "vdGj0LPQuNC90YqCBAf7UXcwCgYIKoUDBwEBAwIDQQDcFDvbdfUu1087tslF70OeZgLW5QHRtPLUaldE9x1Geu2veJos9fZ7" + 398 "nqISVcd1wrf6FfADt3Tw2pQuG8mVCNUi" 399 ); 400 401 public byte[] gost2012_Sender_Key = Base64.decode( 402 "MEgCAQAwHwYIKoUDBwEBBgEwEwYHKoUDAgIkAAYIKoUDBwEBAgIEIgQgYARzlWBWAJLs64jQbYW4UEXqFN/ChtWCSHqRgivT" + 403 "8Ds=" 404 ); 405 406 public byte[] gost2012_Reci_Cert = Base64.decode( 407 "MIIEMzCCA+CgAwIBAgIEe7X7RjAKBggqhQMHAQEDAjCByTELMAkGA1UEBhMCUlUxIDAeBgNVBAgMF9ChLtCf0LjRgtC10YDQ" + 408 "sdGD0YDQs9GKMR8wHQYDVQQKDBbQodC+0LLRgNC10LzQtdC90L3QuNC6MR8wHQYDVQQLDBbQoNGD0LrQvtCy0L7QtNGB0YLQ" + 409 "stC+MRkwFwYDVQQMDBDQoNC10LTQsNC60YLQvtGAMTswOQYDVQQDDDLQn9GD0YjQutC40L0g0JDQu9C10LrRgdCw0L3QtNGA" + 410 "INCh0LXRgNCz0LXQtdCy0LjRhzAeFw0xNzA3MTUxNDAwMDBaFw0zNzA3MTUxNDAwMDBaMIHJMQswCQYDVQQGEwJSVTEgMB4G" + 411 "A1UECAwX0KEu0J/QuNGC0LXRgNCx0YPRgNCz0YoxHzAdBgNVBAoMFtCh0L7QstGA0LXQvNC10L3QvdC40LoxHzAdBgNVBAsM" + 412 "FtCg0YPQutC+0LLQvtC00YHRgtCy0L4xGTAXBgNVBAwMENCg0LXQtNCw0LrRgtC+0YAxOzA5BgNVBAMMMtCf0YPRiNC60LjQ" + 413 "vSDQkNC70LXQutGB0LDQvdC00YAg0KHQtdGA0LPQtdC10LLQuNGHMGYwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEB" + 414 "AgIDQwAEQGQ4aJ3On0XqEt62PUfquYCAx0690AzlyE9IO8r5zkNKldvK4THC1IgBHkRzKiewquMm0YuYh76NI01uNjThOjyj" + 415 "ggGlMIIBoTAOBgNVHQ8BAf8EBAMCAf4wYwYDVR0lBFwwWgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYIKwYBBQUH" + 416 "AwQGCCsGAQUFBwMFBggrBgEFBQcDBgYIKwYBBQUHAwcGCCsGAQUFBwMIBggrBgEFBQcDCTAPBgNVHRMBAf8EBTADAQH/MB0G" + 417 "A1UdDgQWBBROPw+FggywJjV9aLLSKz2Cr0BD9zCB+QYDVR0jBIHxMIHugBROPw+FggywJjV9aLLSKz2Cr0BD96GBz6SBzDCB" + 418 "yTELMAkGA1UEBhMCUlUxIDAeBgNVBAgMF9ChLtCf0LjRgtC10YDQsdGD0YDQs9GKMR8wHQYDVQQKDBbQodC+0LLRgNC10LzQ" + 419 "tdC90L3QuNC6MR8wHQYDVQQLDBbQoNGD0LrQvtCy0L7QtNGB0YLQstC+MRkwFwYDVQQMDBDQoNC10LTQsNC60YLQvtGAMTsw" + 420 "OQYDVQQDDDLQn9GD0YjQutC40L0g0JDQu9C10LrRgdCw0L3QtNGAINCh0LXRgNCz0LXQtdCy0LjRh4IEe7X7RjAKBggqhQMH" + 421 "AQEDAgNBAJR6UhzmUlRzlbiCU8IjhrR15c2uFtcHqHaUfiO8XJ2bnOiwxADZbnqlN3Foul6QrTXa5Vu1UbA2hFobJeuDniQ=" 422 ); 423 424 public byte[] gost2012_Reci_Key = Base64.decode( 425 "MEgCAQAwHwYIKoUDBwEBBgEwEwYHKoUDAgIkAAYIKoUDBwEBAgIEIgQgbtgmrFxhZLQm9H1Gx0+BAVTP6ZVLu20KcmKNzdIh" + 426 "rKc=" 427 ); 428 429 public byte[] gost2012_Reci_Msg = Base64.decode( 430 "MIICBgYJKoZIhvcNAQcDoIIB9zCCAfMCAQAxggGyoYIBrgIBA6BooWYwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEB" + 431 "AgIDQwAEQCX1cTzrw1FibcJBcI874EmVWLuTE5F+jJFofJbIoEV/hNhXh4RQX9aMB/d8Cqyd2nq/UM2prcpLVHXKqfVSDh2h" + 432 "CgQIDIhh5975RYMwKgYIKoUDBwEBBgEwHgYHKoUDAgINATATBgcqhQMCAh8BBAgMiGHn3vlFgzCCAQUwggEBMIHSMIHJMQsw" + 433 "CQYDVQQGEwJSVTEgMB4GA1UECAwX0KEu0J/QuNGC0LXRgNCx0YPRgNCz0YoxHzAdBgNVBAoMFtCh0L7QstGA0LXQvNC10L3Q" + 434 "vdC40LoxHzAdBgNVBAsMFtCg0YPQutC+0LLQvtC00YHRgtCy0L4xGTAXBgNVBAwMENCg0LXQtNCw0LrRgtC+0YAxOzA5BgNV" + 435 "BAMMMtCf0YPRiNC60LjQvSDQkNC70LXQutGB0LDQvdC00YAg0KHQtdGA0LPQtdC10LLQuNGHAgR7tftGBCowKAQgLMyx3zUe" + 436 "56F7eAKUAezilo3fxp6M/E+YkVVUDgFadfcEBHMmXJMwOAYJKoZIhvcNAQcBMB0GBiqFAwICFTATBAhJHfyezbxrUQYHKoUD" + 437 "AgIfAYAMLLM89stnSyrWGWSW" 438 ); 439 440 public byte[] gost2012_512_Sender_Cert = Base64.decode( 441 "MIIE0jCCBD6gAwIBAgIEMBwU/jAKBggqhQMHAQEDAzCB0TELMAkGA1UEBhMCUlUxIDAeBgNVBAgMF9ChLtCf0LjRgtC10YDQ" + 442 "sdGD0YDQs9GKMR8wHQYDVQQKDBbQodC+0LLRgNC10LzQtdC90L3QuNC6MSgwJgYDVQQLDB/QlNC10LnRgdGC0LLRg9GO0YnQ" + 443 "uNC1INC70LjRhtCwMS0wKwYDVQQMDCTQpNC40LvQvtGB0L7QsiDQuCDQv9GD0LHQu9C40YbQuNGB0YIxJjAkBgNVBAMMHdCV" + 444 "0LLQs9C10L3RltC5INCe0L3Ro9Cz0LjQvdGKMB4XDTE3MDcxNTE0MDAwMFoXDTM3MDcxNTE0MDAwMFowgdExCzAJBgNVBAYT" + 445 "AlJVMSAwHgYDVQQIDBfQoS7Qn9C40YLQtdGA0LHRg9GA0LPRijEfMB0GA1UECgwW0KHQvtCy0YDQtdC80LXQvdC90LjQujEo" + 446 "MCYGA1UECwwf0JTQtdC50YHRgtCy0YPRjtGJ0LjQtSDQu9C40YbQsDEtMCsGA1UEDAwk0KTQuNC70L7RgdC+0LIg0Lgg0L/R" + 447 "g9Cx0LvQuNGG0LjRgdGCMSYwJAYDVQQDDB3QldCy0LPQtdC90ZbQuSDQntC90aPQs9C40L3RijCBqjAhBggqhQMHAQEBAjAV" + 448 "BgkqhQMHAQIBAgEGCCqFAwcBAQIDA4GEAASBgLnNMC1uA9NjhZMyIotCn+4H+iqcTv5paCYmRIuIvWZO7OvUv3u9aWK5Lb0w" + 449 "CH2Imbg/ffZV84xSwbNST83w4IFh8u1mAnf302+uuqt62pBU3VtPOPt3RYRwEABSDuTlBP2VocXa2iP53HM09fxhS/AJ14eR" + 450 "K2oJ4cNpASXDH1mSo4IBrjCCAaowDgYDVR0PAQH/BAQDAgH+MGMGA1UdJQRcMFoGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYB" + 451 "BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHBggrBgEFBQcDCAYIKwYBBQUHAwkwDwYDVR0T" + 452 "AQH/BAUwAwEB/zAdBgNVHQ4EFgQUEImfPZM/dIJULOrK4d/vMchap9kwggEBBgNVHSMEgfkwgfaAFBCJnz2TP3SCVCzqyuHf" + 453 "7zHIWqfZoYHXpIHUMIHRMQswCQYDVQQGEwJSVTEgMB4GA1UECAwX0KEu0J/QuNGC0LXRgNCx0YPRgNCz0YoxHzAdBgNVBAoM" + 454 "FtCh0L7QstGA0LXQvNC10L3QvdC40LoxKDAmBgNVBAsMH9CU0LXQudGB0YLQstGD0Y7RidC40LUg0LvQuNGG0LAxLTArBgNV" + 455 "BAwMJNCk0LjQu9C+0YHQvtCyINC4INC/0YPQsdC70LjRhtC40YHRgjEmMCQGA1UEAwwd0JXQstCz0LXQvdGW0Lkg0J7QvdGj" + 456 "0LPQuNC90YqCBDAcFP4wCgYIKoUDBwEBAwMDgYEAKZRx05mBwO7VIzj1FFJcHlfbHuLF+XZbFZaVfWc32R+KLxBJ0t1RuQ34" + 457 "KtjQhu8/oU2rR/pKcmyHRw3nxJy+DExdj7sWJ01uWH6vBa+nsXS8OzSIg+wb9hlrFy0wZSkQjyNMtSiNg+On1yzFeI2fxuAY" + 458 "OtIKHdqht+V+6M0g8BA=" 459 ); 460 461 public byte[] gost2012_512_Sender_Key = Base64.decode( 462 "MGoCAQAwIQYIKoUDBwEBBgIwFQYJKoUDBwECAQIBBggqhQMHAQECAwRCBEDYpenYz4GDc/sIGl34Cv1T4xtWDlt7FB28ghXT" + 463 "n4MXm43IvLwW3YclZbRz7V9W5lR0XoftGJ9q3ICv/IN2F+Dr" 464 ); 465 466 public byte[] gost2012_512_Reci_Cert = Base64.decode( 467 "MIIEuTCCBCWgAwIBAgIECpLweDAKBggqhQMHAQEDAzCByTELMAkGA1UEBhMCUlUxIDAeBgNVBAgMF9ChLtCf0LjRgtC10YDQ" + 468 "sdGD0YDQs9GKMR8wHQYDVQQKDBbQodC+0LLRgNC10LzQtdC90L3QuNC6MR8wHQYDVQQLDBbQoNGD0LrQvtCy0L7QtNGB0YLQ" + 469 "stC+MRkwFwYDVQQMDBDQoNC10LTQsNC60YLQvtGAMTswOQYDVQQDDDLQn9GD0YjQutC40L0g0JDQu9C10LrRgdCw0L3QtNGA" + 470 "INCh0LXRgNCz0LXQtdCy0LjRhzAeFw0xNzA3MTUxNDAwMDBaFw0zNzA3MTUxNDAwMDBaMIHJMQswCQYDVQQGEwJSVTEgMB4G" + 471 "A1UECAwX0KEu0J/QuNGC0LXRgNCx0YPRgNCz0YoxHzAdBgNVBAoMFtCh0L7QstGA0LXQvNC10L3QvdC40LoxHzAdBgNVBAsM" + 472 "FtCg0YPQutC+0LLQvtC00YHRgtCy0L4xGTAXBgNVBAwMENCg0LXQtNCw0LrRgtC+0YAxOzA5BgNVBAMMMtCf0YPRiNC60LjQ" + 473 "vSDQkNC70LXQutGB0LDQvdC00YAg0KHQtdGA0LPQtdC10LLQuNGHMIGqMCEGCCqFAwcBAQECMBUGCSqFAwcBAgECAQYIKoUD" + 474 "BwEBAgMDgYQABIGAnZAIQhH/2nmSIZWfn+K3ftHGWbx1vrh/IeA43Q/z7h9jVPcVV3Csju92lgL5cnXyBAV90CVGw0/bCu1N" + 475 "CYUpC0EVx5OmTd54fqicmFgZLqEnX6sbCXvpgCdvXhyYl+h7PTGHcuwGsMXZlIKVQLq6quVKh/UI/IfGK5CcPkX0PVCjggGl" + 476 "MIIBoTAOBgNVHQ8BAf8EBAMCAf4wYwYDVR0lBFwwWgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYIKwYBBQUHAwQG" + 477 "CCsGAQUFBwMFBggrBgEFBQcDBgYIKwYBBQUHAwcGCCsGAQUFBwMIBggrBgEFBQcDCTAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud" + 478 "DgQWBBRvBhSgd/YSnT1ldXAE2V92ksV6WzCB+QYDVR0jBIHxMIHugBRvBhSgd/YSnT1ldXAE2V92ksV6W6GBz6SBzDCByTEL" + 479 "MAkGA1UEBhMCUlUxIDAeBgNVBAgMF9ChLtCf0LjRgtC10YDQsdGD0YDQs9GKMR8wHQYDVQQKDBbQodC+0LLRgNC10LzQtdC9" + 480 "0L3QuNC6MR8wHQYDVQQLDBbQoNGD0LrQvtCy0L7QtNGB0YLQstC+MRkwFwYDVQQMDBDQoNC10LTQsNC60YLQvtGAMTswOQYD" + 481 "VQQDDDLQn9GD0YjQutC40L0g0JDQu9C10LrRgdCw0L3QtNGAINCh0LXRgNCz0LXQtdCy0LjRh4IECpLweDAKBggqhQMHAQED" + 482 "AwOBgQDilJAjXm+OK+mkfOk2ij3qKj00+gyFzJbxtk8wKEG7QmvlOPQvywke1pmCh8b1Z48OFOdmfKnTLE/D4AI/MQECUb1h" + 483 "ChUfgfrSw0LY205tqxp6aqDtc2iPI7XHQAKE+jD819zubjCBzVDOiyRXatiRsEtfXPTBvqQdisM4rSw+OQ==" 484 485 ); 486 487 public byte[] gost2012_512_Reci_Key = Base64.decode( 488 "MGoCAQAwIQYIKoUDBwEBBgIwFQYJKoUDBwECAQIBBggqhQMHAQECAwRCBEDbd6/MUJS1QjpkwGUCg8OtxzuxiU2qm2VDBDDN" + 489 "ZQ8/GtO12OiysmJHAXS9fpO1TRuyySw0r5r4x2g0NCWtVdQf" 490 ); 491 492 public byte[] gost2012_512_Reci_Msg = Base64.decode( 493 "MIICTAYJKoZIhvcNAQcDoIICPTCCAjkCAQAxggH4oYIB9AIBA6CBraGBqjAhBggqhQMHAQEBAjAVBgkqhQMHAQIBAgEGCCqF" + 494 "AwcBAQIDA4GEAASBgLnNMC1uA9NjhZMyIotCn+4H+iqcTv5paCYmRIuIvWZO7OvUv3u9aWK5Lb0wCH2Imbg/ffZV84xSwbNS" + 495 "T83w4IFh8u1mAnf302+uuqt62pBU3VtPOPt3RYRwEABSDuTlBP2VocXa2iP53HM09fxhS/AJ14eRK2oJ4cNpASXDH1mSoQoE" + 496 "CGGh2agBkurNMCoGCCqFAwcBAQYCMB4GByqFAwICDQEwEwYHKoUDAgIfAQQIYaHZqAGS6s0wggEFMIIBATCB0jCByTELMAkG" + 497 "A1UEBhMCUlUxIDAeBgNVBAgMF9ChLtCf0LjRgtC10YDQsdGD0YDQs9GKMR8wHQYDVQQKDBbQodC+0LLRgNC10LzQtdC90L3Q" + 498 "uNC6MR8wHQYDVQQLDBbQoNGD0LrQvtCy0L7QtNGB0YLQstC+MRkwFwYDVQQMDBDQoNC10LTQsNC60YLQvtGAMTswOQYDVQQD" + 499 "DDLQn9GD0YjQutC40L0g0JDQu9C10LrRgdCw0L3QtNGAINCh0LXRgNCz0LXQtdCy0LjRhwIECpLweAQqMCgEIBEN53tKgcd9" + 500 "VW9uczUiwSM0pS/a7/vKIvTIqnIR0E5pBAQ+WRdXMDgGCSqGSIb3DQEHATAdBgYqhQMCAhUwEwQIbDvPAW4Wm0UGByqFAwIC" + 501 "HwGADFMeOJyH3t7YSNgxsA==" 502 ); 503 504 public byte[] gost2012_KeyTrans_Reci_Cert = Base64.decode( 505 "MIIEMzCCA+CgAwIBAgIEBSqgszAKBggqhQMHAQEDAjCByTELMAkGA1UEBhMCUlUxIDAeBgNVBAgMF9ChLtCf0LjRgtC10YDQ" + 506 "sdGD0YDQs9GKMR8wHQYDVQQKDBbQodC+0LLRgNC10LzQtdC90L3QuNC6MR8wHQYDVQQLDBbQoNGD0LrQvtCy0L7QtNGB0YLQ" + 507 "stC+MRkwFwYDVQQMDBDQoNC10LTQsNC60YLQvtGAMTswOQYDVQQDDDLQn9GD0YjQutC40L0g0JDQu9C10LrRgdCw0L3QtNGA" + 508 "INCh0LXRgNCz0LXQtdCy0LjRhzAeFw0xNzA3MTYxNDAwMDBaFw0zNzA3MTYxNDAwMDBaMIHJMQswCQYDVQQGEwJSVTEgMB4G" + 509 "A1UECAwX0KEu0J/QuNGC0LXRgNCx0YPRgNCz0YoxHzAdBgNVBAoMFtCh0L7QstGA0LXQvNC10L3QvdC40LoxHzAdBgNVBAsM" + 510 "FtCg0YPQutC+0LLQvtC00YHRgtCy0L4xGTAXBgNVBAwMENCg0LXQtNCw0LrRgtC+0YAxOzA5BgNVBAMMMtCf0YPRiNC60LjQ" + 511 "vSDQkNC70LXQutGB0LDQvdC00YAg0KHQtdGA0LPQtdC10LLQuNGHMGYwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEB" + 512 "AgIDQwAEQEG5/wUY0LkiqETYAZY6o5mrjwWQNBYbSIKghYgKzLgSv1RCuTEFXRIJQcMG0V80auKVZNty9kcvn9P0IcJpGfGj" + 513 "ggGlMIIBoTAOBgNVHQ8BAf8EBAMCAf4wYwYDVR0lBFwwWgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYIKwYBBQUH" + 514 "AwQGCCsGAQUFBwMFBggrBgEFBQcDBgYIKwYBBQUHAwcGCCsGAQUFBwMIBggrBgEFBQcDCTAPBgNVHRMBAf8EBTADAQH/MB0G" + 515 "A1UdDgQWBBQJwiUIQOJNbB0Fzh6ucd3uRE9QzDCB+QYDVR0jBIHxMIHugBQJwiUIQOJNbB0Fzh6ucd3uRE9QzKGBz6SBzDCB" + 516 "yTELMAkGA1UEBhMCUlUxIDAeBgNVBAgMF9ChLtCf0LjRgtC10YDQsdGD0YDQs9GKMR8wHQYDVQQKDBbQodC+0LLRgNC10LzQ" + 517 "tdC90L3QuNC6MR8wHQYDVQQLDBbQoNGD0LrQvtCy0L7QtNGB0YLQstC+MRkwFwYDVQQMDBDQoNC10LTQsNC60YLQvtGAMTsw" + 518 "OQYDVQQDDDLQn9GD0YjQutC40L0g0JDQu9C10LrRgdCw0L3QtNGAINCh0LXRgNCz0LXQtdCy0LjRh4IEBSqgszAKBggqhQMH" + 519 "AQEDAgNBAKLmdCiVR9MWeoC+MNudXGny3l2uDBBttvhTli0gDEaQLnBFyvD+cfSLgsheoz8vwhyqD/6W3ATBMRiGjqNJjQE="); 520 521 public byte[] gost2012_KeyTrans_Reci_Key = Base64.decode( 522 "MEgCAQAwHwYIKoUDBwEBBgEwEwYHKoUDAgIkAAYIKoUDBwEBAgIEIgQgy+dPu0sLqJ/Fokomiu69lRA48HaPNkP7kmzDHOxP" + 523 "QFc=" 524 ); 525 526 public byte[] gost2012_KeyTrans_Msg = Base64.decode( 527 "MIIB/gYJKoZIhvcNAQcDoIIB7zCCAesCAQAxggGqMIIBpgIBADCB0jCByTELMAkGA1UEBhMCUlUxIDAeBgNVBAgMF9ChLtCf" + 528 "0LjRgtC10YDQsdGD0YDQs9GKMR8wHQYDVQQKDBbQodC+0LLRgNC10LzQtdC90L3QuNC6MR8wHQYDVQQLDBbQoNGD0LrQvtCy" + 529 "0L7QtNGB0YLQstC+MRkwFwYDVQQMDBDQoNC10LTQsNC60YLQvtGAMTswOQYDVQQDDDLQn9GD0YjQutC40L0g0JDQu9C10LrR" + 530 "gdCw0L3QtNGAINCh0LXRgNCz0LXQtdCy0LjRhwIEBSqgszAfBggqhQMHAQEBATATBgcqhQMCAiQABggqhQMHAQECAgSBqjCB" + 531 "pzAoBCBnHA+9wEUh7KIkYlboGbtxRfrTL1oPGU3Tzaw8/khaWgQE+N56jaB7BgcqhQMCAh8BoGYwHwYIKoUDBwEBAQEwEwYH" + 532 "KoUDAgIkAAYIKoUDBwEBAgIDQwAEQMbb4wVWm1EWIIXKDseCNE6JHmS+4fNh2uB+10Isg7g8/1Wvdh66IFir6fyp8NRwwMkU" + 533 "QM0dmAfcpN6M2RSj83wECMCTi+FRlTafMDgGCSqGSIb3DQEHATAdBgYqhQMCAhUwEwQIzZlyAleTrCEGByqFAwICHwGADIO7" + 534 "l43OVnBpGM+FjQ==" 535 ); 536 537 public byte[] github539_GostEnvData = Base64.decode( 538 "MIIBxQYJKoZIhvcNAQcDoIIBtjCCAbICAQAxggF8MIIBeAIBADCBojCBlDELMAkG\n" + 539 "A1UEBhMCUlUxFjAUBgNVBAgMDVN2ZXJkbG92c2theWExFTATBgNVBAcMDEVrYXRl\n" + 540 "cmluYnVyZzETMBEGA1UECgwKUm9zdGVsZWNvbTEMMAoGA1UECwwDUklUMQwwCgYD\n" + 541 "VQQDDANNTlAxJTAjBgkqhkiG9w0BCQEWFmdsdWtpaGtoLWFhQHVyYWwucnQucnUC\n" + 542 "CQDihx/vS7OqVzAfBggqhQMHAQEBATATBgcqhQMCAiMBBggqhQMHAQECAgSBrDCB\n" + 543 "qTAoBCCOzeVj2u7vVt05/1UjBxt51k06wrIhalqaFWacp5+8ywQEZwbtgaB9Bgkq\n" + 544 "hQMHAQIFAQGgZjAfBggqhQMHAQEBATATBgcqhQMCAiMBBggqhQMHAQECAgNDAARA\n" + 545 "qOyKoz/eS3Pyd1JadxSNEpereq4be7gRJVy8Qfg80CfchQf+gj5+loND0fm3vtiQ\n" + 546 "dHdylZWk3UInvTB3/QdHkQQIHQro/keNHKMwLQYJKoZIhvcNAQcBMB0GBiqFAwIC\n" + 547 "FTATBAgr82ldAd52+QYHKoUDAgIfAYABQA=="); 548 549 public byte[] github539_PrivKey = Base64.decode( 550 "MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEIgQg2Zw10hDxo6SHNVvUpfyXJesDZaEdoAidtV760MFrZBg=" 551 ); 552 NewEnvelopedDataTest()553 public NewEnvelopedDataTest() 554 { 555 } 556 setUp()557 public void setUp() 558 throws Exception 559 { 560 init(); 561 } 562 init()563 private static void init() 564 throws Exception 565 { 566 if (!_initialised) 567 { 568 _initialised = true; 569 Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); 570 571 _signDN = "O=Bouncy Castle, C=AU"; 572 _signKP = CMSTestUtil.makeKeyPair(); 573 _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _signKP, _signDN); 574 575 _origDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU"; 576 _origKP = CMSTestUtil.makeKeyPair(); 577 _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _signKP, _signDN); 578 579 _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU"; 580 _reciDN2 = "CN=Fred, OU=Sales, O=Bouncy Castle, C=AU"; 581 _reciKP = CMSTestUtil.makeKeyPair(); 582 _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN); 583 _reciCertOaep = CMSTestUtil.makeOaepCertificate(_reciKP, _reciDN, _signKP, _signDN); 584 585 _origEcKP = CMSTestUtil.makeEcDsaKeyPair(); 586 _reciEcKP = CMSTestUtil.makeEcDsaKeyPair(); 587 _reciEcCert = CMSTestUtil.makeCertificate(_reciEcKP, _reciDN, _signKP, _signDN); 588 _reciEcKP2 = CMSTestUtil.makeEcDsaKeyPair(); 589 _reciEcCert2 = CMSTestUtil.makeCertificate(_reciEcKP2, _reciDN2, _signKP, _signDN); 590 591 _origDhKP = CMSTestUtil.makeDhKeyPair(); 592 _reciDhKP = CMSTestUtil.makeDhKeyPair(); 593 _reciDhCert = CMSTestUtil.makeCertificate(_reciDhKP, _reciDN, _signKP, _signDN); 594 595 _reciKemsKP = CMSTestUtil.makeKeyPair(); 596 _reciKemsCert = CMSTestUtil.makeCertificate(_reciKemsKP, _reciDN, _signKP, _signDN, new AlgorithmIdentifier(PKCSObjectIdentifiers.id_rsa_KEM)); 597 } 598 } 599 main( String args[])600 public static void main( 601 String args[]) 602 throws Exception 603 { 604 junit.textui.TestRunner.run(NewEnvelopedDataTest.suite()); 605 } 606 suite()607 public static Test suite() 608 throws Exception 609 { 610 init(); 611 612 return new CMSTestSetup(new TestSuite(NewEnvelopedDataTest.class)); 613 } 614 testUnprotectedAttributes()615 public void testUnprotectedAttributes() 616 throws Exception 617 { 618 byte[] data = "WallaWallaWashington".getBytes(); 619 620 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 621 622 edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC)); 623 624 Hashtable attrs = new Hashtable(); 625 626 attrs.put(PKCSObjectIdentifiers.id_aa_contentHint, new Attribute(PKCSObjectIdentifiers.id_aa_contentHint, new DERSet(new DERUTF8String("Hint")))); 627 attrs.put(PKCSObjectIdentifiers.id_aa_receiptRequest, new Attribute(PKCSObjectIdentifiers.id_aa_receiptRequest, new DERSet(new DERUTF8String("Request")))); 628 629 AttributeTable attrTable = new AttributeTable(attrs); 630 631 edGen.setUnprotectedAttributeGenerator(new SimpleAttributeTableGenerator(attrTable)); 632 633 CMSEnvelopedData ed = edGen.generate( 634 new CMSProcessableByteArray(data), 635 new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build()); 636 637 RecipientInformationStore recipients = ed.getRecipientInfos(); 638 639 assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC); 640 641 attrTable = ed.getUnprotectedAttributes(); 642 643 assertEquals(attrs.size(), 2); 644 645 assertEquals(new DERUTF8String("Hint"), attrTable.get(PKCSObjectIdentifiers.id_aa_contentHint).getAttrValues().getObjectAt(0)); 646 assertEquals(new DERUTF8String("Request"), attrTable.get(PKCSObjectIdentifiers.id_aa_receiptRequest).getAttrValues().getObjectAt(0)); 647 648 Collection c = recipients.getRecipients(); 649 650 assertEquals(1, c.size()); 651 652 Iterator it = c.iterator(); 653 654 while (it.hasNext()) 655 { 656 RecipientInformation recipient = (RecipientInformation)it.next(); 657 658 assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId()); 659 660 byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC)); 661 662 assertEquals(true, Arrays.equals(data, recData)); 663 } 664 } 665 testContentType()666 public void testContentType() 667 throws Exception 668 { 669 byte[] data = "WallaWallaWashington".getBytes(); 670 671 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 672 673 edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC)); 674 675 CMSEnvelopedData ed = edGen.generate( 676 new CMSProcessableByteArray(PKCSObjectIdentifiers.safeContentsBag, data), 677 new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build()); 678 679 RecipientInformationStore recipients = ed.getRecipientInfos(); 680 681 assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC); 682 683 Collection c = recipients.getRecipients(); 684 685 assertEquals(1, c.size()); 686 687 Iterator it = c.iterator(); 688 689 while (it.hasNext()) 690 { 691 RecipientInformation recipient = (RecipientInformation)it.next(); 692 693 assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId()); 694 695 CMSTypedStream contentStream = recipient.getContentStream(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC)); 696 697 assertEquals(PKCSObjectIdentifiers.safeContentsBag, contentStream.getContentType()); 698 assertEquals(true, Arrays.equals(data, Streams.readAll(contentStream.getContentStream()))); 699 } 700 } 701 702 // TODO: add KEMS to provider. 703 // public void testRsaKEMS() 704 // throws Exception 705 // { 706 // byte[] data = "WallaWallaWashington".getBytes(); 707 // 708 // CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 709 // 710 // edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciKemsCert).setProvider(BC)); 711 // 712 // CMSEnvelopedData ed = edGen.generate( 713 // new CMSProcessableByteArray(data), 714 // new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build()); 715 // 716 // RecipientInformationStore recipients = ed.getRecipientInfos(); 717 // 718 // 719 // assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC); 720 // 721 // Collection c = recipients.getRecipients(); 722 // 723 // assertEquals(2, c.size()); 724 // 725 // Iterator it = c.iterator(); 726 // 727 // while (it.hasNext()) 728 // { 729 // RecipientInformation recipient = (RecipientInformation)it.next(); 730 // 731 // assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId()); 732 // 733 // byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC)); 734 // 735 // assertEquals(true, Arrays.equals(data, recData)); 736 // } 737 // 738 // RecipientId id = new JceKeyTransRecipientId(_reciCert); 739 // 740 // Collection collection = recipients.getRecipients(id); 741 // if (collection.size() != 2) 742 // { 743 // fail("recipients not matched using general recipient ID."); 744 // } 745 // assertTrue(collection.iterator().next() instanceof RecipientInformation); 746 // } 747 testKeyTrans()748 public void testKeyTrans() 749 throws Exception 750 { 751 byte[] data = "WallaWallaWashington".getBytes(); 752 753 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 754 755 edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC)); 756 edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(ASN1OctetString.getInstance(ASN1OctetString.getInstance(_reciCert.getExtensionValue(Extension.subjectKeyIdentifier.getId())).getOctets()).getOctets(), _reciCert.getPublicKey()).setProvider(BC)); 757 758 CMSEnvelopedData ed = edGen.generate( 759 new CMSProcessableByteArray(data), 760 new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build()); 761 762 RecipientInformationStore recipients = ed.getRecipientInfos(); 763 764 765 assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC); 766 767 Collection c = recipients.getRecipients(); 768 769 assertEquals(2, c.size()); 770 771 Iterator it = c.iterator(); 772 773 while (it.hasNext()) 774 { 775 RecipientInformation recipient = (RecipientInformation)it.next(); 776 777 assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId()); 778 779 byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC)); 780 781 assertEquals(true, Arrays.equals(data, recData)); 782 } 783 784 RecipientId id = new JceKeyTransRecipientId(_reciCert); 785 786 Collection collection = recipients.getRecipients(id); 787 if (collection.size() != 2) 788 { 789 fail("recipients not matched using general recipient ID."); 790 } 791 assertTrue(collection.iterator().next() instanceof RecipientInformation); 792 } 793 testKeyTransOAEPDefault()794 public void testKeyTransOAEPDefault() 795 throws Exception 796 { 797 byte[] data = "WallaWallaWashington".getBytes(); 798 799 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 800 JcaAlgorithmParametersConverter paramsConverter = new JcaAlgorithmParametersConverter(); 801 802 edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert, paramsConverter.getAlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP, OAEPParameterSpec.DEFAULT)).setProvider(BC)); 803 edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(ASN1OctetString.getInstance(ASN1OctetString.getInstance(_reciCert.getExtensionValue(Extension.subjectKeyIdentifier.getId())).getOctets()).getOctets(), paramsConverter.getAlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP, OAEPParameterSpec.DEFAULT), _reciCert.getPublicKey()).setProvider(BC)); 804 805 CMSEnvelopedData ed = edGen.generate( 806 new CMSProcessableByteArray(data), 807 new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build()); 808 809 RecipientInformationStore recipients = ed.getRecipientInfos(); 810 811 812 assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC); 813 814 Collection c = recipients.getRecipients(); 815 816 assertEquals(2, c.size()); 817 818 Iterator it = c.iterator(); 819 820 while (it.hasNext()) 821 { 822 RecipientInformation recipient = (RecipientInformation)it.next(); 823 824 assertEquals(PKCSObjectIdentifiers.id_RSAES_OAEP, recipient.getKeyEncryptionAlgorithm().getAlgorithm()); 825 826 byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC)); 827 828 assertEquals(true, Arrays.equals(data, recData)); 829 } 830 831 RecipientId id = new JceKeyTransRecipientId(_reciCert); 832 833 Collection collection = recipients.getRecipients(id); 834 if (collection.size() != 2) 835 { 836 fail("recipients not matched using general recipient ID."); 837 } 838 assertTrue(collection.iterator().next() instanceof RecipientInformation); 839 } 840 testKeyTransOAEPSHA1()841 public void testKeyTransOAEPSHA1() 842 throws Exception 843 { 844 doTestKeyTransOAEPDefaultNamed("SHA-1"); 845 } 846 testKeyTransOAEPSHA224()847 public void testKeyTransOAEPSHA224() 848 throws Exception 849 { 850 doTestKeyTransOAEPDefaultNamed("SHA-224"); 851 } 852 testKeyTransOAEPSHA256()853 public void testKeyTransOAEPSHA256() 854 throws Exception 855 { 856 doTestKeyTransOAEPDefaultNamed("SHA-256"); 857 } 858 testKeyTransOAEPSHA1AndSHA256()859 public void testKeyTransOAEPSHA1AndSHA256() 860 throws Exception 861 { 862 doTestKeyTransOAEPDefaultNamed("SHA-1", "SHA-256"); 863 } 864 doTestKeyTransOAEPDefaultNamed(String digest)865 private void doTestKeyTransOAEPDefaultNamed(String digest) 866 throws Exception 867 { 868 doTestKeyTransOAEPDefaultNamed(digest, digest); 869 } 870 doTestKeyTransOAEPDefaultNamed(String digest, String mgfDigest)871 private void doTestKeyTransOAEPDefaultNamed(String digest, String mgfDigest) 872 throws Exception 873 { 874 byte[] data = "WallaWallaWashington".getBytes(); 875 876 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 877 JcaAlgorithmParametersConverter paramsConverter = new JcaAlgorithmParametersConverter(); 878 879 OAEPParameterSpec oaepSpec = new OAEPParameterSpec(digest, "MGF1", new MGF1ParameterSpec(mgfDigest), new PSource.PSpecified(new byte[]{1, 2, 3, 4, 5})); 880 AlgorithmIdentifier oaepAlgId = paramsConverter.getAlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP, oaepSpec); 881 882 edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert, oaepAlgId).setProvider(BC)); 883 edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(ASN1OctetString.getInstance(ASN1OctetString.getInstance(_reciCert.getExtensionValue(Extension.subjectKeyIdentifier.getId())).getOctets()).getOctets(), oaepAlgId, _reciCert.getPublicKey()).setProvider(BC)); 884 885 CMSEnvelopedData ed = edGen.generate( 886 new CMSProcessableByteArray(data), 887 new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build()); 888 889 RecipientInformationStore recipients = ed.getRecipientInfos(); 890 891 892 assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC); 893 894 Collection c = recipients.getRecipients(); 895 896 assertEquals(2, c.size()); 897 898 Iterator it = c.iterator(); 899 900 while (it.hasNext()) 901 { 902 RecipientInformation recipient = (RecipientInformation)it.next(); 903 904 assertEquals(PKCSObjectIdentifiers.id_RSAES_OAEP, recipient.getKeyEncryptionAlgorithm().getAlgorithm()); 905 906 byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC)); 907 908 assertEquals(true, Arrays.equals(data, recData)); 909 } 910 911 RecipientId id = new JceKeyTransRecipientId(_reciCert); 912 913 Collection collection = recipients.getRecipients(id); 914 if (collection.size() != 2) 915 { 916 fail("recipients not matched using general recipient ID."); 917 } 918 assertTrue(collection.iterator().next() instanceof RecipientInformation); 919 } 920 testKeyTransOAEPInCert()921 public void testKeyTransOAEPInCert() 922 throws Exception 923 { 924 byte[] data = "WallaWallaWashington".getBytes(); 925 926 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 927 928 edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCertOaep).setProvider(BC)); 929 edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(ASN1OctetString.getInstance(ASN1OctetString.getInstance(_reciCertOaep.getExtensionValue(Extension.subjectKeyIdentifier.getId())).getOctets()).getOctets(), _reciCertOaep.getPublicKey()).setProvider(BC)); 930 931 CMSEnvelopedData ed = edGen.generate( 932 new CMSProcessableByteArray(data), 933 new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build()); 934 935 RecipientInformationStore recipients = ed.getRecipientInfos(); 936 937 938 assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC); 939 940 Collection c = recipients.getRecipients(); 941 942 assertEquals(2, c.size()); 943 944 Iterator it = c.iterator(); 945 946 while (it.hasNext()) 947 { 948 RecipientInformation recipient = (RecipientInformation)it.next(); 949 950 assertEquals(PKCSObjectIdentifiers.id_RSAES_OAEP, recipient.getKeyEncryptionAlgorithm().getAlgorithm()); 951 952 byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC)); 953 954 assertEquals(true, Arrays.equals(data, recData)); 955 } 956 957 RecipientId id = new JceKeyTransRecipientId(_reciCertOaep); 958 959 Collection collection = recipients.getRecipients(id); 960 if (collection.size() != 2) 961 { 962 fail("recipients not matched using general recipient ID."); 963 } 964 assertTrue(collection.iterator().next() instanceof RecipientInformation); 965 } 966 testKeyTransWithAlgMapping()967 public void testKeyTransWithAlgMapping() 968 throws Exception 969 { 970 byte[] data = "WallaWallaWashington".getBytes(); 971 972 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 973 974 edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setAlgorithmMapping(PKCSObjectIdentifiers.rsaEncryption, "RSA/2/PKCS1Padding").setProvider(BC)); 975 976 OutputEncryptor encryptor = new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build(); 977 CMSEnvelopedData ed = edGen.generate( 978 new CMSProcessableByteArray(data), 979 encryptor); 980 981 RecipientInformationStore recipients = ed.getRecipientInfos(); 982 983 assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC); 984 985 Collection c = recipients.getRecipients(); 986 987 assertEquals(1, c.size()); 988 989 Iterator it = c.iterator(); 990 991 while (it.hasNext()) 992 { 993 RecipientInformation recipient = (RecipientInformation)it.next(); 994 995 assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId()); 996 997 byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setAlgorithmMapping(PKCSObjectIdentifiers.rsaEncryption, "RSA/2/PKCS1Padding").setProvider(BC)); 998 999 assertEquals(true, Arrays.equals(data, recData)); 1000 } 1001 1002 RecipientId id = new JceKeyTransRecipientId(_reciCert); 1003 1004 Collection collection = recipients.getRecipients(id); 1005 if (collection.size() != 1) 1006 { 1007 fail("recipients not matched using general recipient ID."); 1008 } 1009 assertTrue(collection.iterator().next() instanceof RecipientInformation); 1010 1011 ed = edGen.generate( 1012 new CMSProcessableByteArray(data), 1013 new JceCMSContentEncryptorBuilder(encryptor.getAlgorithmIdentifier()).setProvider(BC).build()); 1014 1015 recipients = ed.getRecipientInfos(); 1016 1017 assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC); 1018 1019 c = recipients.getRecipients(); 1020 1021 assertEquals(1, c.size()); 1022 assertEquals(encryptor.getAlgorithmIdentifier(), ed.getContentEncryptionAlgorithm()); 1023 1024 it = c.iterator(); 1025 1026 while (it.hasNext()) 1027 { 1028 RecipientInformation recipient = (RecipientInformation)it.next(); 1029 1030 assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId()); 1031 1032 byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setAlgorithmMapping(PKCSObjectIdentifiers.rsaEncryption, "RSA/2/PKCS1Padding").setProvider(BC)); 1033 1034 assertEquals(true, Arrays.equals(data, recData)); 1035 } 1036 } 1037 testOriginatorInfoGeneration()1038 public void testOriginatorInfoGeneration() 1039 throws Exception 1040 { 1041 byte[] data = "WallaWallaWashington".getBytes(); 1042 1043 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 1044 1045 X509CertificateHolder origCert = new X509CertificateHolder(_origCert.getEncoded()); 1046 1047 edGen.setOriginatorInfo(new OriginatorInfoGenerator(origCert).generate()); 1048 1049 edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC)); 1050 edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(ASN1OctetString.getInstance(ASN1OctetString.getInstance(_reciCert.getExtensionValue(Extension.subjectKeyIdentifier.getId())).getOctets()).getOctets(), _reciCert.getPublicKey()).setProvider(BC)); 1051 1052 CMSEnvelopedData ed = edGen.generate( 1053 new CMSProcessableByteArray(data), 1054 new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build()); 1055 1056 RecipientInformationStore recipients = ed.getRecipientInfos(); 1057 1058 1059 assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC); 1060 1061 assertTrue(ed.getOriginatorInfo().getCertificates().getMatches(null).contains(origCert)); 1062 1063 Collection c = recipients.getRecipients(); 1064 1065 assertEquals(2, c.size()); 1066 1067 Iterator it = c.iterator(); 1068 1069 while (it.hasNext()) 1070 { 1071 RecipientInformation recipient = (RecipientInformation)it.next(); 1072 1073 assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId()); 1074 1075 byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC)); 1076 1077 assertEquals(true, Arrays.equals(data, recData)); 1078 } 1079 1080 RecipientId id = new JceKeyTransRecipientId(_reciCert); 1081 1082 Collection collection = recipients.getRecipients(id); 1083 if (collection.size() != 2) 1084 { 1085 fail("recipients not matched using general recipient ID."); 1086 } 1087 assertTrue(collection.iterator().next() instanceof RecipientInformation); 1088 } 1089 testKeyTransRC2bit40()1090 public void testKeyTransRC2bit40() 1091 throws Exception 1092 { 1093 byte[] data = "WallaWallaBouncyCastle".getBytes(); 1094 1095 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 1096 1097 edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC)); 1098 1099 CMSEnvelopedData ed = edGen.generate( 1100 new CMSProcessableByteArray(data), 1101 new JceCMSContentEncryptorBuilder(CMSAlgorithm.RC2_CBC, 40).setProvider(BC).build()); 1102 1103 RecipientInformationStore recipients = ed.getRecipientInfos(); 1104 1105 assertEquals(ed.getContentEncryptionAlgorithm().getAlgorithm(), CMSAlgorithm.RC2_CBC); 1106 1107 RC2CBCParameter rc2P = RC2CBCParameter.getInstance(ed.getContentEncryptionAlgorithm().getParameters()); 1108 assertEquals(160, rc2P.getRC2ParameterVersion().intValue()); 1109 1110 Collection c = recipients.getRecipients(); 1111 1112 assertEquals(1, c.size()); 1113 1114 Iterator it = c.iterator(); 1115 1116 while (it.hasNext()) 1117 { 1118 RecipientInformation recipient = (RecipientInformation)it.next(); 1119 1120 byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC)); 1121 1122 assertEquals(true, Arrays.equals(data, recData)); 1123 } 1124 } 1125 testKeyTransRC4()1126 public void testKeyTransRC4() 1127 throws Exception 1128 { 1129 byte[] data = "WallaWallaBouncyCastle".getBytes(); 1130 1131 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 1132 1133 edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC)); 1134 1135 CMSEnvelopedData ed = edGen.generate( 1136 new CMSProcessableByteArray(data), 1137 new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier("1.2.840.113549.3.4")).setProvider(BC).build()); 1138 1139 RecipientInformationStore recipients = ed.getRecipientInfos(); 1140 1141 assertEquals(ed.getEncryptionAlgOID(), "1.2.840.113549.3.4"); 1142 1143 Collection c = recipients.getRecipients(); 1144 1145 assertEquals(1, c.size()); 1146 1147 Iterator it = c.iterator(); 1148 1149 while (it.hasNext()) 1150 { 1151 RecipientInformation recipient = (RecipientInformation)it.next(); 1152 1153 byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC)); 1154 1155 assertEquals(true, Arrays.equals(data, recData)); 1156 } 1157 } 1158 testKeyTrans128RC4()1159 public void testKeyTrans128RC4() 1160 throws Exception 1161 { 1162 byte[] data = "WallaWallaBouncyCastle".getBytes(); 1163 1164 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 1165 1166 edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC)); 1167 1168 CMSEnvelopedData ed = edGen.generate( 1169 new CMSProcessableByteArray(data), 1170 new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier("1.2.840.113549.3.4"), 128).setProvider(BC).build()); 1171 1172 RecipientInformationStore recipients = ed.getRecipientInfos(); 1173 1174 assertEquals(ed.getEncryptionAlgOID(), "1.2.840.113549.3.4"); 1175 1176 Collection c = recipients.getRecipients(); 1177 Iterator it = c.iterator(); 1178 1179 if (it.hasNext()) 1180 { 1181 RecipientInformation recipient = (RecipientInformation)it.next(); 1182 1183 byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC)); 1184 1185 assertEquals(true, Arrays.equals(data, recData)); 1186 } 1187 else 1188 { 1189 fail("no recipient found"); 1190 } 1191 } 1192 testKeyTransLight128RC4()1193 public void testKeyTransLight128RC4() 1194 throws Exception 1195 { 1196 byte[] data = "WallaWallaBouncyCastle".getBytes(); 1197 1198 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 1199 1200 edGen.addRecipientInfoGenerator(new BcRSAKeyTransRecipientInfoGenerator(new JcaX509CertificateHolder(_reciCert))); 1201 1202 CMSEnvelopedData ed = edGen.generate( 1203 new CMSProcessableByteArray(data), 1204 new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier("1.2.840.113549.3.4"), 128).setProvider(BC).build()); 1205 1206 RecipientInformationStore recipients = ed.getRecipientInfos(); 1207 1208 assertEquals(ed.getEncryptionAlgOID(), "1.2.840.113549.3.4"); 1209 1210 Collection c = recipients.getRecipients(); 1211 Iterator it = c.iterator(); 1212 1213 if (it.hasNext()) 1214 { 1215 RecipientInformation recipient = (RecipientInformation)it.next(); 1216 1217 byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC)); 1218 1219 assertEquals(true, Arrays.equals(data, recData)); 1220 } 1221 else 1222 { 1223 fail("no recipient found"); 1224 } 1225 } 1226 testKeyTransODES()1227 public void testKeyTransODES() 1228 throws Exception 1229 { 1230 byte[] data = "WallaWallaBouncyCastle".getBytes(); 1231 1232 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 1233 1234 edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC)); 1235 1236 CMSEnvelopedData ed = edGen.generate( 1237 new CMSProcessableByteArray(data), 1238 new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier("1.3.14.3.2.7")).setProvider(BC).build()); 1239 1240 RecipientInformationStore recipients = ed.getRecipientInfos(); 1241 1242 assertEquals(ed.getEncryptionAlgOID(), "1.3.14.3.2.7"); 1243 1244 Collection c = recipients.getRecipients(); 1245 Iterator it = c.iterator(); 1246 1247 if (it.hasNext()) 1248 { 1249 RecipientInformation recipient = (RecipientInformation)it.next(); 1250 1251 byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC)); 1252 1253 assertEquals(true, Arrays.equals(data, recData)); 1254 } 1255 else 1256 { 1257 fail("no recipient found"); 1258 } 1259 } 1260 testKeyTransSmallAES()1261 public void testKeyTransSmallAES() 1262 throws Exception 1263 { 1264 byte[] data = new byte[]{0, 1, 2, 3}; 1265 1266 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 1267 1268 edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC)); 1269 1270 CMSEnvelopedData ed = edGen.generate( 1271 new CMSProcessableByteArray(data), 1272 new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build()); 1273 1274 RecipientInformationStore recipients = ed.getRecipientInfos(); 1275 1276 assertEquals(ed.getEncryptionAlgOID(), 1277 CMSEnvelopedDataGenerator.AES128_CBC); 1278 1279 Collection c = recipients.getRecipients(); 1280 Iterator it = c.iterator(); 1281 1282 if (it.hasNext()) 1283 { 1284 RecipientInformation recipient = (RecipientInformation)it.next(); 1285 1286 byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC)); 1287 assertEquals(true, Arrays.equals(data, recData)); 1288 } 1289 else 1290 { 1291 fail("no recipient found"); 1292 } 1293 } 1294 testKeyTransDESEDE3Short()1295 public void testKeyTransDESEDE3Short() 1296 throws Exception 1297 { 1298 byte[] data = new byte[]{0, 1, 2, 3}; 1299 KeyFactory kf = KeyFactory.getInstance("RSA", BC); 1300 PrivateKey kPriv = kf.generatePrivate(new PKCS8EncodedKeySpec(tooShort3DESKey)); 1301 1302 CMSEnvelopedData ed = new CMSEnvelopedData(tooShort3DES); 1303 1304 RecipientInformationStore recipients = ed.getRecipientInfos(); 1305 1306 assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC); 1307 1308 Collection c = recipients.getRecipients(); 1309 Iterator it = c.iterator(); 1310 1311 if (it.hasNext()) 1312 { 1313 RecipientInformation recipient = (RecipientInformation)it.next(); 1314 try 1315 { 1316 byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(kPriv).setKeySizeValidation(true).setProvider(BC)); 1317 fail("invalid 3DES-EDE key not picked up"); 1318 } 1319 catch (CMSException e) 1320 { 1321 assertEquals("Expected key size for algorithm OID not found in recipient.", e.getMessage()); 1322 } 1323 1324 byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(kPriv).setKeySizeValidation(false).setProvider(BC)); 1325 assertEquals(true, Arrays.equals(data, recData)); 1326 } 1327 else 1328 { 1329 fail("no recipient found"); 1330 } 1331 } 1332 testKeyTransDESEDE3Light()1333 public void testKeyTransDESEDE3Light() 1334 throws Exception 1335 { 1336 byte[] data = new byte[]{0, 1, 2, 3}; 1337 1338 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 1339 1340 edGen.addRecipientInfoGenerator(new BcRSAKeyTransRecipientInfoGenerator(new JcaX509CertificateHolder(_reciCert))); 1341 1342 CMSEnvelopedData ed = edGen.generate( 1343 new CMSProcessableByteArray(data), 1344 new BcCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC, 192).build()); 1345 1346 RecipientInformationStore recipients = ed.getRecipientInfos(); 1347 1348 assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC); 1349 1350 Collection c = recipients.getRecipients(); 1351 Iterator it = c.iterator(); 1352 1353 if (it.hasNext()) 1354 { 1355 RecipientInformation recipient = (RecipientInformation)it.next(); 1356 1357 byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setKeySizeValidation(true).setProvider(BC)); 1358 assertEquals(true, Arrays.equals(data, recData)); 1359 } 1360 else 1361 { 1362 fail("no recipient found"); 1363 } 1364 } 1365 testKeyTransDES()1366 public void testKeyTransDES() 1367 throws Exception 1368 { 1369 tryKeyTrans(CMSAlgorithm.DES_CBC, CMSAlgorithm.DES_CBC, 8, DEROctetString.class); 1370 } 1371 testKeyTransCAST5()1372 public void testKeyTransCAST5() 1373 throws Exception 1374 { 1375 tryKeyTrans(CMSAlgorithm.CAST5_CBC, CMSAlgorithm.CAST5_CBC, 16, ASN1Sequence.class); 1376 } 1377 testKeyTransAES128()1378 public void testKeyTransAES128() 1379 throws Exception 1380 { 1381 tryKeyTrans(CMSAlgorithm.AES128_CBC, NISTObjectIdentifiers.id_aes128_CBC, 16, DEROctetString.class); 1382 } 1383 testKeyTransAES192()1384 public void testKeyTransAES192() 1385 throws Exception 1386 { 1387 tryKeyTrans(CMSAlgorithm.AES192_CBC, NISTObjectIdentifiers.id_aes192_CBC, 24, DEROctetString.class); 1388 } 1389 testKeyTransAES256()1390 public void testKeyTransAES256() 1391 throws Exception 1392 { 1393 tryKeyTrans(CMSAlgorithm.AES256_CBC, NISTObjectIdentifiers.id_aes256_CBC, 32, DEROctetString.class); 1394 } 1395 testKeyTransSEED()1396 public void testKeyTransSEED() 1397 throws Exception 1398 { 1399 tryKeyTrans(CMSAlgorithm.SEED_CBC, KISAObjectIdentifiers.id_seedCBC, 16, DEROctetString.class); 1400 } 1401 testKeyTransCamellia128()1402 public void testKeyTransCamellia128() 1403 throws Exception 1404 { 1405 tryKeyTrans(CMSAlgorithm.CAMELLIA128_CBC, NTTObjectIdentifiers.id_camellia128_cbc, 16, DEROctetString.class); 1406 } 1407 testKeyTransCamellia192()1408 public void testKeyTransCamellia192() 1409 throws Exception 1410 { 1411 tryKeyTrans(CMSAlgorithm.CAMELLIA192_CBC, NTTObjectIdentifiers.id_camellia192_cbc, 24, DEROctetString.class); 1412 } 1413 testKeyTransCamellia256()1414 public void testKeyTransCamellia256() 1415 throws Exception 1416 { 1417 tryKeyTrans(CMSAlgorithm.CAMELLIA256_CBC, NTTObjectIdentifiers.id_camellia256_cbc, 32, DEROctetString.class); 1418 } 1419 tryKeyTrans(ASN1ObjectIdentifier generatorOID, ASN1ObjectIdentifier checkOID, int keySize, Class asn1Params)1420 private void tryKeyTrans(ASN1ObjectIdentifier generatorOID, ASN1ObjectIdentifier checkOID, int keySize, Class asn1Params) 1421 throws Exception 1422 { 1423 byte[] data = "WallaWallaWashington".getBytes(); 1424 1425 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 1426 1427 edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC)); 1428 1429 OutputEncryptor encryptor = new JceCMSContentEncryptorBuilder(generatorOID).setProvider(BC).build(); 1430 CMSEnvelopedData ed = edGen.generate( 1431 new CMSProcessableByteArray(data), 1432 encryptor); 1433 1434 RecipientInformationStore recipients = ed.getRecipientInfos(); 1435 1436 assertEquals(checkOID.getId(), ed.getEncryptionAlgOID()); 1437 assertEquals(keySize, ((byte[])encryptor.getKey().getRepresentation()).length); 1438 1439 if (asn1Params != null) 1440 { 1441 ASN1InputStream aIn = new ASN1InputStream(ed.getEncryptionAlgParams()); 1442 1443 assertTrue(asn1Params.isAssignableFrom(aIn.readObject().getClass())); 1444 } 1445 1446 Collection c = recipients.getRecipients(); 1447 1448 assertEquals(1, c.size()); 1449 1450 Iterator it = c.iterator(); 1451 1452 if (!it.hasNext()) 1453 { 1454 fail("no recipients found"); 1455 } 1456 1457 while (it.hasNext()) 1458 { 1459 RecipientInformation recipient = (RecipientInformation)it.next(); 1460 1461 assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId()); 1462 1463 byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setKeySizeValidation(true).setProvider(BC)); 1464 1465 assertEquals(true, Arrays.equals(data, recData)); 1466 } 1467 } 1468 testErroneousKEK()1469 public void testErroneousKEK() 1470 throws Exception 1471 { 1472 byte[] data = "WallaWallaWashington".getBytes(); 1473 SecretKey kek = new SecretKeySpec(new byte[]{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}, "AES"); 1474 1475 CMSEnvelopedData ed = new CMSEnvelopedData(oldKEK); 1476 1477 RecipientInformationStore recipients = ed.getRecipientInfos(); 1478 1479 assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC); 1480 1481 Collection c = recipients.getRecipients(); 1482 Iterator it = c.iterator(); 1483 1484 if (it.hasNext()) 1485 { 1486 RecipientInformation recipient = (RecipientInformation)it.next(); 1487 1488 assertEquals(recipient.getKeyEncryptionAlgOID(), NISTObjectIdentifiers.id_aes128_wrap.getId()); 1489 1490 byte[] recData = recipient.getContent(new JceKEKEnvelopedRecipient(kek).setProvider(BC)); 1491 1492 assertEquals(true, Arrays.equals(data, recData)); 1493 } 1494 else 1495 { 1496 fail("no recipient found"); 1497 } 1498 } 1499 testDESKEK()1500 public void testDESKEK() 1501 throws Exception 1502 { 1503 tryKekAlgorithm(CMSTestUtil.makeDesede192Key(), new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.3.6")); 1504 } 1505 testRC2128KEK()1506 public void testRC2128KEK() 1507 throws Exception 1508 { 1509 tryKekAlgorithm(CMSTestUtil.makeRC2128Key(), new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.3.7")); 1510 } 1511 testAES128KEK()1512 public void testAES128KEK() 1513 throws Exception 1514 { 1515 tryKekAlgorithm(CMSTestUtil.makeAESKey(128), NISTObjectIdentifiers.id_aes128_wrap); 1516 1517 tryKekAlgorithmAEAD(CMSTestUtil.makeAESKey(128), NISTObjectIdentifiers.id_aes128_wrap, CMSAlgorithm.AES128_GCM, NISTObjectIdentifiers.id_aes128_GCM); 1518 tryKekAlgorithmAEAD(CMSTestUtil.makeAESKey(128), NISTObjectIdentifiers.id_aes128_wrap, CMSAlgorithm.AES192_GCM, NISTObjectIdentifiers.id_aes192_GCM); 1519 tryKekAlgorithmAEAD(CMSTestUtil.makeAESKey(128), NISTObjectIdentifiers.id_aes128_wrap, CMSAlgorithm.AES256_GCM, NISTObjectIdentifiers.id_aes256_GCM); 1520 1521 byte[] nonce = Hex.decode("0102030405060708090a0b0c"); 1522 tryKekAlgorithmAEAD(CMSTestUtil.makeAESKey(128), NISTObjectIdentifiers.id_aes128_wrap, CMSAlgorithm.AES128_GCM, NISTObjectIdentifiers.id_aes128_GCM, new GCMParameters(nonce, 11).getEncoded()); 1523 1524 tryKekAlgorithmAEAD(CMSTestUtil.makeAESKey(128), NISTObjectIdentifiers.id_aes128_wrap, CMSAlgorithm.AES128_CCM, NISTObjectIdentifiers.id_aes128_CCM); 1525 tryKekAlgorithmAEAD(CMSTestUtil.makeAESKey(128), NISTObjectIdentifiers.id_aes128_wrap, CMSAlgorithm.AES192_CCM, NISTObjectIdentifiers.id_aes192_CCM); 1526 tryKekAlgorithmAEAD(CMSTestUtil.makeAESKey(128), NISTObjectIdentifiers.id_aes128_wrap, CMSAlgorithm.AES256_CCM, NISTObjectIdentifiers.id_aes256_CCM); 1527 1528 tryKekAlgorithmAEAD(CMSTestUtil.makeAESKey(128), NISTObjectIdentifiers.id_aes128_wrap, CMSAlgorithm.AES128_CCM, NISTObjectIdentifiers.id_aes128_CCM, new CCMParameters(nonce, 14).getEncoded()); 1529 } 1530 testAES192KEK()1531 public void testAES192KEK() 1532 throws Exception 1533 { 1534 tryKekAlgorithm(CMSTestUtil.makeAESKey(192), NISTObjectIdentifiers.id_aes192_wrap); 1535 } 1536 testAES256KEK()1537 public void testAES256KEK() 1538 throws Exception 1539 { 1540 tryKekAlgorithm(CMSTestUtil.makeAESKey(256), NISTObjectIdentifiers.id_aes256_wrap); 1541 } 1542 testSEED128KEK()1543 public void testSEED128KEK() 1544 throws Exception 1545 { 1546 tryKekAlgorithm(CMSTestUtil.makeSEEDKey(), KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap); 1547 } 1548 testCamellia128KEK()1549 public void testCamellia128KEK() 1550 throws Exception 1551 { 1552 tryKekAlgorithm(CMSTestUtil.makeCamelliaKey(128), NTTObjectIdentifiers.id_camellia128_wrap); 1553 } 1554 testCamellia192KEK()1555 public void testCamellia192KEK() 1556 throws Exception 1557 { 1558 tryKekAlgorithm(CMSTestUtil.makeCamelliaKey(192), NTTObjectIdentifiers.id_camellia192_wrap); 1559 } 1560 testCamellia256KEK()1561 public void testCamellia256KEK() 1562 throws Exception 1563 { 1564 tryKekAlgorithm(CMSTestUtil.makeCamelliaKey(256), NTTObjectIdentifiers.id_camellia256_wrap); 1565 } 1566 tryKekAlgorithm(SecretKey kek, ASN1ObjectIdentifier algOid)1567 private void tryKekAlgorithm(SecretKey kek, ASN1ObjectIdentifier algOid) 1568 throws NoSuchAlgorithmException, NoSuchProviderException, CMSException 1569 { 1570 byte[] data = "WallaWallaWashington".getBytes(); 1571 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 1572 1573 byte[] kekId = new byte[]{1, 2, 3, 4, 5}; 1574 1575 edGen.addRecipientInfoGenerator(new JceKEKRecipientInfoGenerator(kekId, kek).setProvider(BC)); 1576 1577 CMSEnvelopedData ed = edGen.generate( 1578 new CMSProcessableByteArray(data), 1579 new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build()); 1580 1581 RecipientInformationStore recipients = ed.getRecipientInfos(); 1582 1583 Collection c = recipients.getRecipients(); 1584 Iterator it = c.iterator(); 1585 1586 assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC); 1587 1588 if (it.hasNext()) 1589 { 1590 RecipientInformation recipient = (RecipientInformation)it.next(); 1591 1592 assertEquals(algOid.getId(), recipient.getKeyEncryptionAlgOID()); 1593 1594 byte[] recData = recipient.getContent(new JceKEKEnvelopedRecipient(kek).setKeySizeValidation(true).setProvider(BC)); 1595 1596 assertTrue(Arrays.equals(data, recData)); 1597 } 1598 else 1599 { 1600 fail("no recipient found"); 1601 } 1602 } 1603 tryKekAlgorithmAEAD(SecretKey kek, ASN1ObjectIdentifier algOid, ASN1ObjectIdentifier aeadAlgorithm, ASN1ObjectIdentifier baseOID)1604 private void tryKekAlgorithmAEAD(SecretKey kek, ASN1ObjectIdentifier algOid, ASN1ObjectIdentifier aeadAlgorithm, ASN1ObjectIdentifier baseOID) 1605 throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, IOException 1606 { 1607 byte[] data = "WallaWallaWashington".getBytes(); 1608 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 1609 1610 byte[] kekId = new byte[]{1, 2, 3, 4, 5}; 1611 1612 edGen.addRecipientInfoGenerator(new JceKEKRecipientInfoGenerator(kekId, kek).setProvider(BC)); 1613 1614 CMSEnvelopedData ed = edGen.generate( 1615 new CMSProcessableByteArray(data), 1616 new JceCMSContentEncryptorBuilder(aeadAlgorithm).setProvider(BC).build()); 1617 1618 RecipientInformationStore recipients = ed.getRecipientInfos(); 1619 1620 Collection c = recipients.getRecipients(); 1621 Iterator it = c.iterator(); 1622 1623 assertEquals(ed.getContentEncryptionAlgorithm().getAlgorithm(), baseOID); 1624 1625 if (it.hasNext()) 1626 { 1627 RecipientInformation recipient = (RecipientInformation)it.next(); 1628 1629 assertEquals(algOid.getId(), recipient.getKeyEncryptionAlgOID()); 1630 1631 byte[] recData = recipient.getContent(new JceKEKEnvelopedRecipient(kek).setKeySizeValidation(true).setProvider(BC)); 1632 1633 assertTrue(Arrays.equals(data, recData)); 1634 } 1635 else 1636 { 1637 fail("no recipient found"); 1638 } 1639 1640 checkAlteredMAC(kek, algOid, ed.getEncoded()); 1641 } 1642 tryKekAlgorithmAEAD(SecretKey kek, ASN1ObjectIdentifier algOid, ASN1ObjectIdentifier aeadAlgorithm, ASN1ObjectIdentifier baseOID, byte[] encodedParameters)1643 private void tryKekAlgorithmAEAD(SecretKey kek, ASN1ObjectIdentifier algOid, ASN1ObjectIdentifier aeadAlgorithm, ASN1ObjectIdentifier baseOID, byte[] encodedParameters) 1644 throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, IOException 1645 { 1646 byte[] data = "WallaWallaWashington".getBytes(); 1647 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 1648 1649 byte[] kekId = new byte[]{1, 2, 3, 4, 5}; 1650 1651 edGen.addRecipientInfoGenerator(new JceKEKRecipientInfoGenerator(kekId, kek).setProvider(BC)); 1652 1653 AlgorithmParameters algParams = AlgorithmParameters.getInstance(aeadAlgorithm.getId(), BC); 1654 1655 algParams.init(encodedParameters); 1656 1657 CMSEnvelopedData ed = edGen.generate( 1658 new CMSProcessableByteArray(data), 1659 new JceCMSContentEncryptorBuilder(aeadAlgorithm).setProvider(BC).setAlgorithmParameters(algParams).build()); 1660 1661 RecipientInformationStore recipients = ed.getRecipientInfos(); 1662 1663 Collection c = recipients.getRecipients(); 1664 Iterator it = c.iterator(); 1665 1666 assertEquals(ed.getContentEncryptionAlgorithm().getAlgorithm(), baseOID); 1667 assertEquals(ed.getContentEncryptionAlgorithm().getParameters(), ASN1Sequence.getInstance(encodedParameters)); 1668 1669 if (it.hasNext()) 1670 { 1671 RecipientInformation recipient = (RecipientInformation)it.next(); 1672 1673 assertEquals(algOid.getId(), recipient.getKeyEncryptionAlgOID()); 1674 1675 byte[] recData = recipient.getContent(new JceKEKEnvelopedRecipient(kek).setKeySizeValidation(true).setProvider(BC)); 1676 1677 assertTrue(Arrays.equals(data, recData)); 1678 } 1679 else 1680 { 1681 fail("no recipient found"); 1682 } 1683 1684 checkAlteredMAC(kek, algOid, ed.getEncoded()); 1685 } 1686 checkAlteredMAC(SecretKey kek, ASN1ObjectIdentifier algOid, byte[] edData)1687 private void checkAlteredMAC(SecretKey kek, ASN1ObjectIdentifier algOid, byte[] edData) 1688 throws CMSException, IOException 1689 { 1690 CMSEnvelopedData ed; 1691 RecipientInformationStore recipients; 1692 Collection c; 1693 Iterator it; 1694 1695 // Locate the MAC within 'edData' and modify it to trigger failed authentication 1696 { 1697 ContentInfo eContentInfo = ContentInfo.getInstance(edData); 1698 EnvelopedData envD = EnvelopedData.getInstance(eContentInfo.getContent()); 1699 EncryptedContentInfo eInfo = envD.getEncryptedContentInfo(); 1700 1701 int macPos = indexOf(edData, eInfo.getEncryptedContent().getOctets()); 1702 if (macPos < 0) 1703 { 1704 fail("MAC not locatable"); 1705 } 1706 edData[macPos + 10] ^= 0xFF; 1707 } 1708 1709 ed = new CMSEnvelopedData(edData); 1710 1711 recipients = ed.getRecipientInfos(); 1712 1713 c = recipients.getRecipients(); 1714 it = c.iterator(); 1715 1716 if (it.hasNext()) 1717 { 1718 RecipientInformation recipient = (RecipientInformation)it.next(); 1719 1720 assertEquals(algOid.getId(), recipient.getKeyEncryptionAlgOID()); 1721 1722 try 1723 { 1724 byte[] recData = recipient.getContent(new JceKEKEnvelopedRecipient(kek).setKeySizeValidation(true).setProvider(BC)); 1725 1726 fail("MAC error not detected"); 1727 } 1728 catch (CMSException e) 1729 { 1730 // expected 1731 } 1732 } 1733 else 1734 { 1735 fail("no recipient found"); 1736 } 1737 } 1738 testECKeyAgree()1739 public void testECKeyAgree() 1740 throws Exception 1741 { 1742 byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65"); 1743 1744 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 1745 1746 edGen.addRecipientInfoGenerator(new JceKeyAgreeRecipientInfoGenerator(CMSAlgorithm.ECDH_SHA1KDF, 1747 _origEcKP.getPrivate(), _origEcKP.getPublic(), 1748 CMSAlgorithm.AES128_WRAP).addRecipient(_reciEcCert).setProvider(BC)); 1749 1750 CMSEnvelopedData ed = edGen.generate( 1751 new CMSProcessableByteArray(data), 1752 new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build()); 1753 1754 assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES128_CBC); 1755 1756 RecipientInformationStore recipients = ed.getRecipientInfos(); 1757 1758 confirmDataReceived(recipients, data, _reciEcCert, _reciEcKP.getPrivate(), BC); 1759 confirmNumberRecipients(recipients, 1); 1760 1761 KeyAgreeRecipientInformation recInfo = (KeyAgreeRecipientInformation)recipients.getRecipients().iterator().next(); 1762 1763 assertTrue(recInfo.getOriginator().getOriginatorKey() != null); 1764 1765 assertEquals(X9ObjectIdentifiers.prime239v1, recInfo.getOriginator().getOriginatorKey().getAlgorithm().getParameters()); 1766 } 1767 testFaultyAgreementRecipient()1768 public void testFaultyAgreementRecipient() 1769 throws Exception 1770 { 1771 ASN1ObjectIdentifier algorithm = CMSAlgorithm.ECDH_SHA1KDF; 1772 byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65"); 1773 1774 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 1775 1776 edGen.addRecipientInfoGenerator(new JceKeyAgreeRecipientInfoGenerator(algorithm, 1777 _origEcKP.getPrivate(), _origEcKP.getPublic(), 1778 CMSAlgorithm.AES128_WRAP).setProvider(BC)); 1779 1780 try 1781 { 1782 edGen.generate( 1783 new CMSProcessableByteArray(data), 1784 new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build()); 1785 } 1786 catch (CMSException e) 1787 { 1788 assertEquals(e.getMessage(), "No recipients associated with generator - use addRecipient()"); 1789 } 1790 } 1791 testKeyWrapAlgorithmIdentifiers()1792 public void testKeyWrapAlgorithmIdentifiers() 1793 throws Exception 1794 { 1795 byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65"); 1796 1797 doVerifyKeyWrap(data, CMSAlgorithm.DES_EDE3_WRAP, false); 1798 doVerifyKeyWrap(data, CMSAlgorithm.AES128_WRAP, true); 1799 doVerifyKeyWrap(data, CMSAlgorithm.AES192_WRAP, true); 1800 doVerifyKeyWrap(data, CMSAlgorithm.AES256_WRAP, true); 1801 doVerifyKeyWrap(data, CMSAlgorithm.CAMELLIA128_WRAP, true); 1802 doVerifyKeyWrap(data, CMSAlgorithm.CAMELLIA192_WRAP, true); 1803 doVerifyKeyWrap(data, CMSAlgorithm.CAMELLIA256_WRAP, true); 1804 doVerifyKeyWrap(data, CMSAlgorithm.SEED_WRAP, true); 1805 } 1806 doVerifyKeyWrap(byte[] data, ASN1ObjectIdentifier wrapAlgorithm, boolean paramsAbsent)1807 private void doVerifyKeyWrap(byte[] data, ASN1ObjectIdentifier wrapAlgorithm, boolean paramsAbsent) 1808 throws CertificateEncodingException, CMSException, NoSuchProviderException, IOException 1809 { 1810 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 1811 1812 edGen.addRecipientInfoGenerator(new JceKeyAgreeRecipientInfoGenerator(CMSAlgorithm.ECDH_SHA256KDF, 1813 _origEcKP.getPrivate(), _origEcKP.getPublic(), 1814 wrapAlgorithm).addRecipient(_reciEcCert).setProvider(BC)); 1815 1816 // DESEDE wrap should only be used with DES/TripleDES keys. 1817 ASN1ObjectIdentifier encAlg = wrapAlgorithm.equals(CMSAlgorithm.DES_EDE3_WRAP) ? CMSAlgorithm.DES_EDE3_CBC : CMSAlgorithm.AES128_CBC; 1818 CMSEnvelopedData ed = edGen.generate( 1819 new CMSProcessableByteArray(data), 1820 new JceCMSContentEncryptorBuilder(encAlg).setProvider(BC).build()); 1821 1822 assertEquals(ed.getEncryptionAlgOID(), encAlg.getId()); 1823 1824 RecipientInformationStore recipients = ed.getRecipientInfos(); 1825 1826 KeyAgreeRecipientInformation recipientInformation = (KeyAgreeRecipientInformation)recipients.get(new JceKeyAgreeRecipientId(_reciEcCert)); 1827 AlgorithmIdentifier keyWrapAlg = AlgorithmIdentifier.getInstance(recipientInformation.getKeyEncryptionAlgorithm().getParameters()); 1828 1829 assertEquals(wrapAlgorithm, keyWrapAlg.getAlgorithm()); 1830 if (paramsAbsent) 1831 { 1832 assertNull(keyWrapAlg.getParameters()); 1833 } 1834 else 1835 { 1836 assertNotNull(keyWrapAlg.getParameters()); 1837 } 1838 1839 assertEquals(ed.getEncryptionAlgOID(), encAlg.getId()); 1840 1841 confirmDataReceived(recipients, data, _reciEcCert, _reciEcKP.getPrivate(), BC); 1842 confirmNumberRecipients(recipients, 1); 1843 } 1844 testEphemeralStaticDHAgreement()1845 public void testEphemeralStaticDHAgreement() 1846 throws Exception 1847 { 1848 byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65"); 1849 1850 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 1851 1852 edGen.addRecipientInfoGenerator(new JceKeyAgreeRecipientInfoGenerator(PKCSObjectIdentifiers.id_alg_ESDH, 1853 _origDhKP.getPrivate(), _origDhKP.getPublic(), 1854 CMSAlgorithm.AES128_WRAP).addRecipient(_reciDhCert).setProvider(BC)); 1855 1856 CMSEnvelopedData ed = edGen.generate( 1857 new CMSProcessableByteArray(data), 1858 new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build()); 1859 1860 assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES128_CBC); 1861 1862 RecipientInformationStore recipients = ed.getRecipientInfos(); 1863 1864 confirmDataReceived(recipients, data, _reciDhCert, _reciDhKP.getPrivate(), BC); 1865 confirmNumberRecipients(recipients, 1); 1866 } 1867 testStaticStaticDHAgreement()1868 public void testStaticStaticDHAgreement() 1869 throws Exception 1870 { 1871 byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65"); 1872 1873 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 1874 1875 edGen.addRecipientInfoGenerator(new JceKeyAgreeRecipientInfoGenerator(PKCSObjectIdentifiers.id_alg_SSDH, 1876 _origDhKP.getPrivate(), _origDhKP.getPublic(), 1877 CMSAlgorithm.AES128_WRAP) 1878 .setUserKeyingMaterial(data) 1879 .addRecipient(_reciDhCert) 1880 .setProvider(BC)); 1881 1882 CMSEnvelopedData ed = edGen.generate( 1883 new CMSProcessableByteArray(data), 1884 new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build()); 1885 1886 assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES128_CBC); 1887 1888 RecipientInformationStore recipients = ed.getRecipientInfos(); 1889 1890 confirmDataReceived(recipients, data, _reciDhCert, _reciDhKP.getPrivate(), BC); 1891 confirmNumberRecipients(recipients, 1); 1892 1893 try 1894 { 1895 edGen = new CMSEnvelopedDataGenerator(); 1896 1897 edGen.addRecipientInfoGenerator(new JceKeyAgreeRecipientInfoGenerator(PKCSObjectIdentifiers.id_alg_SSDH, 1898 _origDhKP.getPrivate(), _origDhKP.getPublic(), 1899 CMSAlgorithm.AES128_WRAP).addRecipient(_reciDhCert).setProvider(BC)); 1900 1901 edGen.generate( 1902 new CMSProcessableByteArray(data), 1903 new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build()); 1904 fail("no UKM uncaught"); 1905 } 1906 catch (CMSException e) 1907 { 1908 Assert.assertEquals("User keying material must be set for static keys.", e.getMessage()); 1909 } 1910 } 1911 testKDFAgreements()1912 public void testKDFAgreements() 1913 throws Exception 1914 { 1915 byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65"); 1916 1917 doTryAgreement(data, CMSAlgorithm.ECDH_SHA1KDF); 1918 doTryAgreement(data, CMSAlgorithm.ECDH_SHA224KDF); 1919 doTryAgreement(data, CMSAlgorithm.ECDH_SHA256KDF); 1920 doTryAgreement(data, CMSAlgorithm.ECDH_SHA384KDF); 1921 doTryAgreement(data, CMSAlgorithm.ECDH_SHA512KDF); 1922 1923 doTryAgreement(data, CMSAlgorithm.ECCDH_SHA1KDF); 1924 doTryAgreement(data, CMSAlgorithm.ECCDH_SHA224KDF); 1925 doTryAgreement(data, CMSAlgorithm.ECCDH_SHA256KDF); 1926 doTryAgreement(data, CMSAlgorithm.ECCDH_SHA384KDF); 1927 doTryAgreement(data, CMSAlgorithm.ECCDH_SHA512KDF); 1928 1929 doTryAgreement(data, CMSAlgorithm.ECMQV_SHA1KDF); 1930 doTryAgreement(data, CMSAlgorithm.ECMQV_SHA224KDF); 1931 doTryAgreement(data, CMSAlgorithm.ECMQV_SHA256KDF); 1932 doTryAgreement(data, CMSAlgorithm.ECMQV_SHA384KDF); 1933 doTryAgreement(data, CMSAlgorithm.ECMQV_SHA512KDF); 1934 } 1935 doTryAgreement(byte[] data, ASN1ObjectIdentifier algorithm)1936 private void doTryAgreement(byte[] data, ASN1ObjectIdentifier algorithm) 1937 throws CertificateEncodingException, CMSException, NoSuchProviderException, IOException 1938 { 1939 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 1940 1941 edGen.addRecipientInfoGenerator(new JceKeyAgreeRecipientInfoGenerator(algorithm, 1942 _origEcKP.getPrivate(), _origEcKP.getPublic(), 1943 CMSAlgorithm.AES128_WRAP).addRecipient(_reciEcCert).setProvider(BC)); 1944 1945 CMSEnvelopedData ed = edGen.generate( 1946 new CMSProcessableByteArray(data), 1947 new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build()); 1948 1949 assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES128_CBC); 1950 1951 RecipientInformationStore recipients = ed.getRecipientInfos(); 1952 1953 confirmDataReceived(recipients, data, _reciEcCert, _reciEcKP.getPrivate(), BC); 1954 confirmNumberRecipients(recipients, 1); 1955 } 1956 testECMQVKeyAgreeMultiple()1957 public void testECMQVKeyAgreeMultiple() 1958 throws Exception 1959 { 1960 byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65"); 1961 1962 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 1963 1964 JceKeyAgreeRecipientInfoGenerator recipientGenerator = new JceKeyAgreeRecipientInfoGenerator(CMSAlgorithm.ECMQV_SHA1KDF, 1965 _origEcKP.getPrivate(), _origEcKP.getPublic(), CMSAlgorithm.AES128_WRAP).setProvider(BC); 1966 1967 recipientGenerator.addRecipient(_reciEcCert); 1968 recipientGenerator.addRecipient(_reciEcCert2); 1969 1970 edGen.addRecipientInfoGenerator(recipientGenerator); 1971 1972 CMSEnvelopedData ed = edGen.generate( 1973 new CMSProcessableByteArray(data), 1974 new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build()); 1975 1976 assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES128_CBC); 1977 1978 RecipientInformationStore recipients = ed.getRecipientInfos(); 1979 1980 confirmDataReceived(recipients, data, _reciEcCert, _reciEcKP.getPrivate(), BC); 1981 confirmDataReceived(recipients, data, _reciEcCert2, _reciEcKP2.getPrivate(), BC); 1982 confirmNumberRecipients(recipients, 2); 1983 } 1984 confirmDataReceived(RecipientInformationStore recipients, byte[] expectedData, X509Certificate reciCert, PrivateKey reciPrivKey, String provider)1985 private static void confirmDataReceived(RecipientInformationStore recipients, 1986 byte[] expectedData, X509Certificate reciCert, PrivateKey reciPrivKey, String provider) 1987 throws CMSException, NoSuchProviderException, CertificateEncodingException, IOException 1988 { 1989 RecipientId rid = new JceKeyAgreeRecipientId(reciCert); 1990 1991 RecipientInformation recipient = recipients.get(rid); 1992 assertNotNull(recipient); 1993 1994 byte[] actualData = recipient.getContent(new JceKeyAgreeEnvelopedRecipient(reciPrivKey).setProvider(provider)); 1995 assertEquals(true, Arrays.equals(expectedData, actualData)); 1996 } 1997 confirmNumberRecipients(RecipientInformationStore recipients, int count)1998 private static void confirmNumberRecipients(RecipientInformationStore recipients, int count) 1999 { 2000 assertEquals(count, recipients.getRecipients().size()); 2001 } 2002 testECKeyAgreeVectors()2003 public void testECKeyAgreeVectors() 2004 throws Exception 2005 { 2006 PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(ecKeyAgreeKey); 2007 KeyFactory fact = KeyFactory.getInstance("ECDH", BC); 2008 PrivateKey privKey = fact.generatePrivate(privSpec); 2009 2010 verifyECKeyAgreeVectors(privKey, "2.16.840.1.101.3.4.1.42", ecKeyAgreeMsgAES256); 2011 verifyECKeyAgreeVectors(privKey, "2.16.840.1.101.3.4.1.2", ecKeyAgreeMsgAES128); 2012 verifyECKeyAgreeVectors(privKey, "1.2.840.113549.3.7", ecKeyAgreeMsgDESEDE); 2013 } 2014 testECMQVKeyAgreeVectors()2015 public void testECMQVKeyAgreeVectors() 2016 throws Exception 2017 { 2018 PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(ecKeyAgreeKey); 2019 KeyFactory fact = KeyFactory.getInstance("ECDH", BC); 2020 PrivateKey privKey = fact.generatePrivate(privSpec); 2021 2022 verifyECMQVKeyAgreeVectors(privKey, "2.16.840.1.101.3.4.1.2", ecMQVKeyAgreeMsgAES128); 2023 } 2024 testPasswordAES256()2025 public void testPasswordAES256() 2026 throws Exception 2027 { 2028 passwordTest(CMSEnvelopedDataGenerator.AES256_CBC); 2029 passwordUTF8Test(CMSEnvelopedDataGenerator.AES256_CBC); 2030 } 2031 testPasswordDESEDE()2032 public void testPasswordDESEDE() 2033 throws Exception 2034 { 2035 passwordTest(CMSEnvelopedDataGenerator.DES_EDE3_CBC); 2036 passwordUTF8Test(CMSEnvelopedDataGenerator.DES_EDE3_CBC); 2037 } 2038 testPasswordAES256WithPRF()2039 public void testPasswordAES256WithPRF() 2040 throws Exception 2041 { 2042 passwordUTF8Test(CMSEnvelopedDataGenerator.AES256_CBC, PasswordRecipient.PRF.HMacSHA1); 2043 passwordUTF8Test(CMSEnvelopedDataGenerator.AES256_CBC, PasswordRecipient.PRF.HMacSHA224); 2044 passwordUTF8Test(CMSEnvelopedDataGenerator.AES256_CBC, PasswordRecipient.PRF.HMacSHA256); 2045 passwordUTF8Test(CMSEnvelopedDataGenerator.AES256_CBC, PasswordRecipient.PRF.HMacSHA384); 2046 passwordUTF8Test(CMSEnvelopedDataGenerator.AES256_CBC, PasswordRecipient.PRF.HMacSHA512); 2047 } 2048 testNoSaltOrIterationCount()2049 public void testNoSaltOrIterationCount() 2050 throws Exception 2051 { 2052 byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65"); 2053 2054 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 2055 2056 edGen.addRecipientInfoGenerator(new JcePasswordRecipientInfoGenerator(CMSAlgorithm.AES256_CBC, "abc\u5639\u563b".toCharArray()).setProvider(BC).setPRF(PasswordRecipient.PRF.HMacSHA1)); 2057 2058 CMSEnvelopedData ed = edGen.generate( 2059 new CMSProcessableByteArray(data), 2060 new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build()); 2061 2062 RecipientInformationStore recipients = ed.getRecipientInfos(); 2063 2064 assertEquals(ed.getEncryptionAlgOID(), 2065 CMSEnvelopedDataGenerator.AES128_CBC); 2066 2067 Collection c = recipients.getRecipients(); 2068 Iterator it = c.iterator(); 2069 2070 if (it.hasNext()) 2071 { 2072 PasswordRecipientInformation recipient = (PasswordRecipientInformation)it.next(); 2073 2074 assertEquals(AlgorithmIdentifier.getInstance(recipient.getKeyEncryptionAlgorithm().getParameters()).getAlgorithm(), CMSAlgorithm.AES256_CBC); 2075 assertEquals(PBKDF2Params.getInstance(recipient.getKeyDerivationAlgorithm().getParameters()).getPrf(), PasswordRecipient.PRF.HMacSHA1.getAlgorithmID()); 2076 2077 byte[] recData = recipient.getContent(new JcePasswordEnvelopedRecipient("abc\u5639\u563b".toCharArray()).setProvider(BC)); 2078 assertEquals(true, Arrays.equals(data, recData)); 2079 2080 // try lightweight recipient 2081 recData = recipient.getContent(new BcPasswordEnvelopedRecipient("abc\u5639\u563b".toCharArray())); 2082 assertEquals(true, Arrays.equals(data, recData)); 2083 } 2084 else 2085 { 2086 fail("no recipient found"); 2087 } 2088 } 2089 testRFC4134ex5_1()2090 public void testRFC4134ex5_1() 2091 throws Exception 2092 { 2093 byte[] data = Hex.decode("5468697320697320736f6d652073616d706c6520636f6e74656e742e"); 2094 2095 KeyFactory kFact = KeyFactory.getInstance("RSA", BC); 2096 Key key = kFact.generatePrivate(new PKCS8EncodedKeySpec(bobPrivRsaEncrypt)); 2097 2098 CMSEnvelopedData ed = new CMSEnvelopedData(rfc4134ex5_1); 2099 2100 RecipientInformationStore recipients = ed.getRecipientInfos(); 2101 2102 assertEquals("1.2.840.113549.3.7", ed.getEncryptionAlgOID()); 2103 2104 Collection c = recipients.getRecipients(); 2105 Iterator it = c.iterator(); 2106 2107 if (it.hasNext()) 2108 { 2109 RecipientInformation recipient = (RecipientInformation)it.next(); 2110 2111 byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient((PrivateKey)key).setProvider(BC)); 2112 2113 assertEquals(true, Arrays.equals(data, recData)); 2114 } 2115 else 2116 { 2117 fail("no recipient found"); 2118 } 2119 } 2120 testRFC4134ex5_2()2121 public void testRFC4134ex5_2() 2122 throws Exception 2123 { 2124 byte[] data = Hex.decode("5468697320697320736f6d652073616d706c6520636f6e74656e742e"); 2125 2126 KeyFactory kFact = KeyFactory.getInstance("RSA", BC); 2127 PrivateKey key = kFact.generatePrivate(new PKCS8EncodedKeySpec(bobPrivRsaEncrypt)); 2128 2129 CMSEnvelopedData ed = new CMSEnvelopedData(rfc4134ex5_2); 2130 2131 RecipientInformationStore recipients = ed.getRecipientInfos(); 2132 2133 assertEquals("1.2.840.113549.3.2", ed.getEncryptionAlgOID()); 2134 2135 Collection c = recipients.getRecipients(); 2136 Iterator it = c.iterator(); 2137 2138 if (it.hasNext()) 2139 { 2140 while (it.hasNext()) 2141 { 2142 RecipientInformation recipient = (RecipientInformation)it.next(); 2143 byte[] recData; 2144 2145 if (recipient instanceof KeyTransRecipientInformation) 2146 { 2147 recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(key).setProvider(BC)); 2148 2149 assertEquals(true, Arrays.equals(data, recData)); 2150 } 2151 } 2152 } 2153 else 2154 { 2155 fail("no recipient found"); 2156 } 2157 } 2158 testOriginatorInfo()2159 public void testOriginatorInfo() 2160 throws Exception 2161 { 2162 CMSEnvelopedData env = new CMSEnvelopedData(CMSSampleMessages.originatorMessage); 2163 2164 RecipientInformationStore recipients = env.getRecipientInfos(); 2165 2166 OriginatorInformation origInfo = env.getOriginatorInfo(); 2167 2168 assertEquals(new X500Name("C=US,O=U.S. Government,OU=HSPD12Lab,OU=Agents,CN=user1"), ((X509CertificateHolder)origInfo.getCertificates().getMatches(null).iterator().next()).getSubject()); 2169 assertEquals(CMSEnvelopedDataGenerator.DES_EDE3_CBC, env.getEncryptionAlgOID()); 2170 } 2171 testOpenSSLVectors()2172 public void testOpenSSLVectors() 2173 throws Exception 2174 { 2175 byte[] expected = Strings.toByteArray("abcdefghijklmnopqrstuvwxyz0123456789\r\n"); 2176 2177 PEMParser pemParser = new PEMParser(new InputStreamReader(getClass().getResourceAsStream("ecdh/ecc.key"))); 2178 2179 pemParser.readObject(); // skip the curve definition 2180 2181 PEMKeyPair kp = (PEMKeyPair)pemParser.readObject(); 2182 2183 KeyFactory keyFactory = KeyFactory.getInstance("EC", "BC"); 2184 2185 ECPrivateKey ecKey = (ECPrivateKey)keyFactory.generatePrivate(new PKCS8EncodedKeySpec(kp.getPrivateKeyInfo().getEncoded())); 2186 2187 pemParser = new PEMParser(new InputStreamReader(getClass().getResourceAsStream("ecdh/ecc.crt"))); 2188 2189 X509Certificate x509Certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate((X509CertificateHolder)pemParser.readObject()); 2190 2191 processInput(ecKey, expected, "ecdh/encSess1.asc", new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_CMS3DESwrap, DERNull.INSTANCE)); 2192 processInput(ecKey, expected, "ecdh/encSess2.asc", new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_CMS3DESwrap, DERNull.INSTANCE)); 2193 processInput(ecKey, expected, "ecdh/encSess3.asc", new AlgorithmIdentifier(CMSAlgorithm.AES128_WRAP, DERNull.INSTANCE)); 2194 processInput(ecKey, expected, "ecdh/encSess4.asc", new AlgorithmIdentifier(CMSAlgorithm.AES128_WRAP, DERNull.INSTANCE)); 2195 processInput(ecKey, expected, "ecdh/encSess5.asc", new AlgorithmIdentifier(CMSAlgorithm.AES192_WRAP, DERNull.INSTANCE)); 2196 processInput(ecKey, expected, "ecdh/encSess6.asc", new AlgorithmIdentifier(CMSAlgorithm.AES192_WRAP, DERNull.INSTANCE)); 2197 processInput(ecKey, expected, "ecdh/encSess7.asc", new AlgorithmIdentifier(CMSAlgorithm.AES256_WRAP, DERNull.INSTANCE)); 2198 processInput(ecKey, expected, "ecdh/encSess8.asc", new AlgorithmIdentifier(CMSAlgorithm.AES256_WRAP, DERNull.INSTANCE)); 2199 2200 processInput(ecKey, expected, "ecdh/encSessA.asc", new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_CMS3DESwrap, DERNull.INSTANCE)); 2201 processInput(ecKey, expected, "ecdh/encSessB.asc", new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_CMS3DESwrap, DERNull.INSTANCE)); 2202 processInput(ecKey, expected, "ecdh/encSessC.asc", new AlgorithmIdentifier(CMSAlgorithm.AES128_WRAP)); 2203 processInput(ecKey, expected, "ecdh/encSessD.asc", new AlgorithmIdentifier(CMSAlgorithm.AES128_WRAP)); 2204 processInput(ecKey, expected, "ecdh/encSessE.asc", new AlgorithmIdentifier(CMSAlgorithm.AES192_WRAP)); 2205 processInput(ecKey, expected, "ecdh/encSessF.asc", new AlgorithmIdentifier(CMSAlgorithm.AES192_WRAP)); 2206 processInput(ecKey, expected, "ecdh/encSessG.asc", new AlgorithmIdentifier(CMSAlgorithm.AES256_WRAP)); 2207 processInput(ecKey, expected, "ecdh/encSessH.asc", new AlgorithmIdentifier(CMSAlgorithm.AES256_WRAP)); 2208 } 2209 testGost3410_2012_KeyTransGen()2210 public void testGost3410_2012_KeyTransGen() 2211 throws Exception 2212 { 2213 byte[] data = Strings.toByteArray("hello world!"); 2214 2215 2216 CMSEnvelopedDataGenerator cmsEnvelopedDataGenerator = new CMSEnvelopedDataGenerator(); 2217 2218 2219 X509Certificate cert = (X509Certificate)CertificateFactory 2220 .getInstance("X.509", "BC") 2221 .generateCertificate(new ByteArrayInputStream(gost2012_512_Reci_Cert)); 2222 JceKeyTransRecipientInfoGenerator jceKey = new JceKeyTransRecipientInfoGenerator(cert).setProvider("BC"); 2223 cmsEnvelopedDataGenerator.addRecipientInfoGenerator(jceKey); 2224 CMSTypedData msg = new CMSProcessableByteArray(data); 2225 OutputEncryptor encryptor = new JceCMSContentEncryptorBuilder(CMSAlgorithm.GOST28147_GCFB).setProvider("BC").build(); 2226 CMSEnvelopedData cmsEnvelopedData = cmsEnvelopedDataGenerator.generate(msg, encryptor); 2227 2228 byte[] encryptedData = cmsEnvelopedData.getEncoded(); 2229 2230 CMSEnvelopedData ed = new CMSEnvelopedData(encryptedData); 2231 KeyFactory keyFact = KeyFactory.getInstance("ECGOST3410-2012", "BC"); 2232 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(gost2012_512_Reci_Key)); 2233 2234 RecipientInformationStore recipients = ed.getRecipientInfos(); 2235 2236 assertEquals(ed.getEncryptionAlgOID(), CryptoProObjectIdentifiers.gostR28147_gcfb.getId()); 2237 2238 Collection c = recipients.getRecipients(); 2239 2240 Iterator it = c.iterator(); 2241 2242 while (it.hasNext()) 2243 { 2244 RecipientInformation recipient = (RecipientInformation)it.next(); 2245 2246 assertEquals(recipient.getKeyEncryptionAlgOID(), RosstandartObjectIdentifiers.id_tc26_gost_3410_12_512.getId()); 2247 2248 byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(privKey).setProvider(BC)); 2249 2250 assertTrue(Arrays.equals(data, recData)); 2251 } 2252 2253 } 2254 testGost3410_2001_KeyTrans()2255 public void testGost3410_2001_KeyTrans() 2256 throws Exception 2257 { 2258 KeyFactory keyFact = KeyFactory.getInstance("ECGOST3410", BC); 2259 2260 PrivateKey privKey = keyFact.generatePrivate(new org.bouncycastle.jce.spec.ECPrivateKeySpec( 2261 new BigInteger("0B293BE050D0082BDAE785631A6BAB68F35B42786D6DDA56AFAF169891040F77", 16), 2262 ECGOST3410NamedCurveTable.getParameterSpec("GostR3410-2001-CryptoPro-XchA"))); 2263 2264 CMSEnvelopedData ed = new CMSEnvelopedData(gost3410_2001_KeyTrans); 2265 2266 RecipientInformationStore recipients = ed.getRecipientInfos(); 2267 2268 assertEquals(ed.getEncryptionAlgOID(), CryptoProObjectIdentifiers.gostR28147_gcfb.getId()); 2269 2270 Collection c = recipients.getRecipients(); 2271 2272 assertEquals(1, c.size()); 2273 2274 Iterator it = c.iterator(); 2275 2276 while (it.hasNext()) 2277 { 2278 RecipientInformation recipient = (RecipientInformation)it.next(); 2279 2280 assertEquals(recipient.getKeyEncryptionAlgOID(), CryptoProObjectIdentifiers.gostR3410_2001.getId()); 2281 2282 byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(privKey).setProvider(BC)); 2283 2284 assertEquals("sample text\n", Strings.fromByteArray(recData)); 2285 } 2286 2287 CertificateFactory certFact = CertificateFactory.getInstance("X.509", BC); 2288 2289 RecipientId id = new JceKeyTransRecipientId((X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(gost3410_RecipCert))); 2290 2291 Collection<RecipientInformation> collection = recipients.getRecipients(id); 2292 if (collection.size() != 1) 2293 { 2294 fail("recipients not matched using general recipient ID."); 2295 } 2296 assertTrue(collection.iterator().next() instanceof RecipientInformation); 2297 } 2298 testGithub539_Gost3410_2012_KeyTrans()2299 public void testGithub539_Gost3410_2012_KeyTrans() 2300 throws Exception 2301 { 2302 KeyFactory keyFact = KeyFactory.getInstance("ECGOST3410-2012", BC); 2303 2304 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(github539_PrivKey)); 2305 2306 CMSEnvelopedData ed = new CMSEnvelopedData(github539_GostEnvData); 2307 2308 RecipientInformationStore recipients = ed.getRecipientInfos(); 2309 2310 assertEquals(ed.getEncryptionAlgOID(), CryptoProObjectIdentifiers.gostR28147_gcfb.getId()); 2311 2312 Collection c = recipients.getRecipients(); 2313 2314 assertEquals(1, c.size()); 2315 2316 Iterator it = c.iterator(); 2317 2318 while (it.hasNext()) 2319 { 2320 RecipientInformation recipient = (RecipientInformation)it.next(); 2321 2322 assertEquals(recipient.getKeyEncryptionAlgOID(), RosstandartObjectIdentifiers.id_tc26_gost_3410_12_256.getId()); 2323 2324 byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(privKey).setProvider(BC)); 2325 2326 assertEquals(".", Strings.fromByteArray(recData)); 2327 } 2328 } 2329 testGost3410_2012_KeyTrans()2330 public void testGost3410_2012_KeyTrans() 2331 throws Exception 2332 { 2333 KeyFactory keyFact = KeyFactory.getInstance("ECGOST3410-2012", BC); 2334 2335 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(gost2012_KeyTrans_Reci_Key)); 2336 2337 CMSEnvelopedData ed = new CMSEnvelopedData(gost2012_KeyTrans_Msg); 2338 2339 RecipientInformationStore recipients = ed.getRecipientInfos(); 2340 2341 assertEquals(ed.getEncryptionAlgOID(), CryptoProObjectIdentifiers.gostR28147_gcfb.getId()); 2342 2343 Collection c = recipients.getRecipients(); 2344 2345 assertEquals(1, c.size()); 2346 2347 Iterator it = c.iterator(); 2348 2349 while (it.hasNext()) 2350 { 2351 RecipientInformation recipient = (RecipientInformation)it.next(); 2352 2353 assertEquals(recipient.getKeyEncryptionAlgOID(), RosstandartObjectIdentifiers.id_tc26_gost_3410_12_256.getId()); 2354 2355 byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(privKey).setProvider(BC)); 2356 2357 assertEquals("Hello World!", Strings.fromByteArray(recData)); 2358 } 2359 2360 CertificateFactory certFact = CertificateFactory.getInstance("X.509", BC); 2361 2362 RecipientId id = new JceKeyTransRecipientId((X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(gost2012_KeyTrans_Reci_Cert))); 2363 2364 Collection collection = recipients.getRecipients(id); 2365 if (collection.size() != 1) 2366 { 2367 fail("recipients not matched using general recipient ID."); 2368 } 2369 assertTrue(collection.iterator().next() instanceof RecipientInformation); 2370 } 2371 testGost3410_2001_KeyAgree()2372 public void testGost3410_2001_KeyAgree() 2373 throws Exception 2374 { 2375 KeyFactory keyFact = KeyFactory.getInstance("ECGOST3410", BC); 2376 2377 PrivateKey privKey = keyFact.generatePrivate(new org.bouncycastle.jce.spec.ECPrivateKeySpec( 2378 new BigInteger("0B293BE050D0082BDAE785631A6BAB68F35B42786D6DDA56AFAF169891040F77", 16), 2379 ECGOST3410NamedCurveTable.getParameterSpec("GostR3410-2001-CryptoPro-XchA"))); 2380 2381 CMSEnvelopedData ed = new CMSEnvelopedData(gost3410_2001_KeyAgree); 2382 2383 RecipientInformationStore recipients = ed.getRecipientInfos(); 2384 2385 assertEquals(ed.getEncryptionAlgOID(), CryptoProObjectIdentifiers.gostR28147_gcfb.getId()); 2386 2387 Collection c = recipients.getRecipients(); 2388 2389 assertEquals(1, c.size()); 2390 2391 Iterator it = c.iterator(); 2392 2393 while (it.hasNext()) 2394 { 2395 RecipientInformation recipient = (RecipientInformation)it.next(); 2396 2397 assertEquals(recipient.getKeyEncryptionAlgOID(), CryptoProObjectIdentifiers.gostR3410_2001_CryptoPro_ESDH.getId()); 2398 2399 byte[] recData = recipient.getContent(new JceKeyAgreeEnvelopedRecipient(privKey).setProvider(BC)); 2400 2401 assertEquals("sample text\n", Strings.fromByteArray(recData)); 2402 } 2403 2404 CertificateFactory certFact = CertificateFactory.getInstance("X.509", BC); 2405 2406 RecipientId id = new JceKeyAgreeRecipientId((X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(gost3410_RecipCert))); 2407 2408 Collection collection = recipients.getRecipients(id); 2409 if (collection.size() != 1) 2410 { 2411 fail("recipients not matched using general recipient ID."); 2412 } 2413 assertTrue(collection.iterator().next() instanceof RecipientInformation); 2414 } 2415 testGost3410_2001_KeyTransRand()2416 public void testGost3410_2001_KeyTransRand() 2417 throws Exception 2418 { 2419 KeyFactory keyFact = KeyFactory.getInstance("ECGOST3410", BC); 2420 2421 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(gost2001_Rand_Key)); 2422 2423 CMSEnvelopedData ed = new CMSEnvelopedData(gost2001_Rand_Msg); 2424 2425 RecipientInformationStore recipients = ed.getRecipientInfos(); 2426 2427 assertEquals(ed.getEncryptionAlgOID(), CryptoProObjectIdentifiers.gostR28147_gcfb.getId()); 2428 2429 Collection c = recipients.getRecipients(); 2430 2431 assertEquals(1, c.size()); 2432 2433 Iterator it = c.iterator(); 2434 2435 while (it.hasNext()) 2436 { 2437 RecipientInformation recipient = (RecipientInformation)it.next(); 2438 2439 assertEquals(recipient.getKeyEncryptionAlgOID(), CryptoProObjectIdentifiers.gostR3410_2001.getId()); 2440 2441 byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(privKey).setProvider(BC)); 2442 2443 assertEquals("Hello world!", Strings.fromByteArray(recData)); 2444 } 2445 2446 CertificateFactory certFact = CertificateFactory.getInstance("X.509", BC); 2447 2448 RecipientId id = new JceKeyTransRecipientId((X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(gost2001_Rand_Cert))); 2449 2450 Collection collection = recipients.getRecipients(id); 2451 if (collection.size() != 1) 2452 { 2453 fail("recipients not matched using general recipient ID."); 2454 } 2455 assertTrue(collection.iterator().next() instanceof RecipientInformation); 2456 } 2457 testGost3410_2001_KeyAgreeRand()2458 public void testGost3410_2001_KeyAgreeRand() 2459 throws Exception 2460 { 2461 KeyFactory keyFact = KeyFactory.getInstance("ECGOST3410", BC); 2462 2463 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(gost2001_Rand_Reci_Key)); 2464 2465 CMSEnvelopedData ed = new CMSEnvelopedData(gost2001_Rand_Gen_Msg); 2466 2467 RecipientInformationStore recipients = ed.getRecipientInfos(); 2468 2469 assertEquals(ed.getEncryptionAlgOID(), CryptoProObjectIdentifiers.gostR28147_gcfb.getId()); 2470 2471 Collection c = recipients.getRecipients(); 2472 2473 assertEquals(1, c.size()); 2474 2475 Iterator it = c.iterator(); 2476 2477 while (it.hasNext()) 2478 { 2479 RecipientInformation recipient = (RecipientInformation)it.next(); 2480 2481 assertEquals(recipient.getKeyEncryptionAlgOID(), CryptoProObjectIdentifiers.gostR3410_2001_CryptoPro_ESDH.getId()); 2482 2483 byte[] recData = recipient.getContent(new JceKeyAgreeEnvelopedRecipient(privKey).setProvider(BC)); 2484 2485 assertEquals("Hello World!", Strings.fromByteArray(recData)); 2486 } 2487 2488 CertificateFactory certFact = CertificateFactory.getInstance("X.509", BC); 2489 2490 RecipientId id = new JceKeyAgreeRecipientId((X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(gost2001_Rand_Reci_Cert))); 2491 2492 Collection collection = recipients.getRecipients(id); 2493 if (collection.size() != 1) 2494 { 2495 fail("recipients not matched using general recipient ID."); 2496 } 2497 assertTrue(collection.iterator().next() instanceof RecipientInformation); 2498 } 2499 testGost3410_2012_KeyAgree()2500 public void testGost3410_2012_KeyAgree() 2501 throws Exception 2502 { 2503 KeyFactory keyFact = KeyFactory.getInstance("ECGOST3410-2012", BC); 2504 2505 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(gost2012_Reci_Key)); 2506 2507 CMSEnvelopedData ed = new CMSEnvelopedData(gost2012_Reci_Msg); 2508 2509 RecipientInformationStore recipients = ed.getRecipientInfos(); 2510 2511 assertEquals(ed.getEncryptionAlgOID(), CryptoProObjectIdentifiers.gostR28147_gcfb.getId()); 2512 2513 Collection c = recipients.getRecipients(); 2514 2515 assertEquals(1, c.size()); 2516 2517 Iterator it = c.iterator(); 2518 2519 while (it.hasNext()) 2520 { 2521 RecipientInformation recipient = (RecipientInformation)it.next(); 2522 2523 assertEquals(recipient.getKeyEncryptionAlgOID(), RosstandartObjectIdentifiers.id_tc26_agreement_gost_3410_12_256.getId()); 2524 2525 byte[] recData = recipient.getContent(new JceKeyAgreeEnvelopedRecipient(privKey).setProvider(BC)); 2526 2527 assertEquals("Hello World!", Strings.fromByteArray(recData)); 2528 } 2529 2530 CertificateFactory certFact = CertificateFactory.getInstance("X.509", BC); 2531 2532 RecipientId id = new JceKeyAgreeRecipientId((X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(gost2012_Reci_Cert))); 2533 2534 Collection collection = recipients.getRecipients(id); 2535 if (collection.size() != 1) 2536 { 2537 fail("recipients not matched using general recipient ID."); 2538 } 2539 assertTrue(collection.iterator().next() instanceof RecipientInformation); 2540 } 2541 /* 2542 TODO: Something odd is going on with this one 2543 public void testGost3410_2012_512_KeyAgree() 2544 throws Exception 2545 { 2546 KeyFactory keyFact = KeyFactory.getInstance("ECGOST3410-2012", BC); 2547 2548 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(gost2012_512_Reci_Key)); 2549 2550 CMSEnvelopedData ed = new CMSEnvelopedData(gost2012_512_Reci_Msg); 2551 2552 RecipientInformationStore recipients = ed.getRecipientInfos(); 2553 2554 assertEquals(ed.getEncryptionAlgOID(), CryptoProObjectIdentifiers.gostR28147_gcfb.getId()); 2555 2556 Collection c = recipients.getRecipients(); 2557 2558 assertEquals(1, c.size()); 2559 2560 Iterator it = c.iterator(); 2561 2562 while (it.hasNext()) 2563 { 2564 RecipientInformation recipient = (RecipientInformation)it.next(); 2565 2566 assertEquals(recipient.getKeyEncryptionAlgOID(), RosstandartObjectIdentifiers.id_tc26_agreement_gost_3410_12_512.getId()); 2567 2568 byte[] recData = recipient.getContent(new JceKeyAgreeEnvelopedRecipient(privKey).setProvider(BC)); 2569 2570 assertEquals("Hello World!", Strings.fromByteArray(recData)); 2571 } 2572 2573 CertificateFactory certFact = CertificateFactory.getInstance("X.509", BC); 2574 2575 RecipientId id = new JceKeyAgreeRecipientId((X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(gost2012_512_Reci_Cert))); 2576 2577 Collection collection = recipients.getRecipients(id); 2578 if (collection.size() != 1) 2579 { 2580 fail("recipients not matched using general recipient ID."); 2581 } 2582 assertTrue(collection.iterator().next() instanceof RecipientInformation); 2583 } 2584 */ 2585 testGost3410_2001_KeyAgree_Creation()2586 public void testGost3410_2001_KeyAgree_Creation() 2587 throws Exception 2588 { 2589 SecureRandom random = new SecureRandom(); 2590 CertificateFactory certFact = CertificateFactory.getInstance("X.509", BC); 2591 2592 X509Certificate senderCert = (X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(gost2001_Rand_Sender_Cert)); 2593 X509Certificate reciCert = (X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(gost2001_Rand_Reci_Cert)); 2594 2595 byte[] data = Strings.toByteArray("Hello World! Hello World!"); 2596 KeyFactory keyFact = KeyFactory.getInstance("ECGOST3410", BC); 2597 2598 PrivateKey senderKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(gost2001_Rand_Sender_Key)); 2599 PrivateKey reciKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(gost2001_Rand_Reci_Key)); 2600 2601 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 2602 2603 JceKeyAgreeRecipientInfoGenerator recipientGenerator = new JceKeyAgreeRecipientInfoGenerator(CMSAlgorithm.ECDHGOST3410_2012_256, 2604 senderKey, senderCert.getPublicKey(), CMSAlgorithm.GOST28147_CRYPTOPRO_WRAP).setProvider(BC); 2605 2606 byte[] ukm = new byte[8]; 2607 random.nextBytes(ukm); 2608 2609 recipientGenerator.addRecipient(reciCert); 2610 recipientGenerator.setUserKeyingMaterial(ukm); 2611 2612 edGen.addRecipientInfoGenerator(recipientGenerator); 2613 2614 CMSEnvelopedData ed = edGen.generate( 2615 new CMSProcessableByteArray(data), 2616 new JceCMSContentEncryptorBuilder(CMSAlgorithm.GOST28147_GCFB).setProvider(BC).build()); 2617 2618 RecipientInformationStore recipients = ed.getRecipientInfos(); 2619 2620 assertEquals(ed.getEncryptionAlgOID(), CryptoProObjectIdentifiers.gostR28147_gcfb.getId()); 2621 2622 Collection c = recipients.getRecipients(); 2623 2624 assertEquals(1, c.size()); 2625 2626 Iterator it = c.iterator(); 2627 2628 while (it.hasNext()) 2629 { 2630 RecipientInformation recipient = (RecipientInformation)it.next(); 2631 2632 assertEquals(recipient.getKeyEncryptionAlgOID(), RosstandartObjectIdentifiers.id_tc26_agreement_gost_3410_12_256.getId()); 2633 2634 byte[] recData = recipient.getContent(new JceKeyAgreeEnvelopedRecipient(reciKey).setProvider(BC)); 2635 2636 assertEquals("Hello World! Hello World!", Strings.fromByteArray(recData)); 2637 } 2638 2639 RecipientId id = new JceKeyAgreeRecipientId(reciCert); 2640 2641 Collection collection = recipients.getRecipients(id); 2642 if (collection.size() != 1) 2643 { 2644 fail("recipients not matched using general recipient ID."); 2645 } 2646 assertTrue(collection.iterator().next() instanceof RecipientInformation); 2647 } 2648 testGost3410_2012_256_KeyAgree_Creation()2649 public void testGost3410_2012_256_KeyAgree_Creation() 2650 throws Exception 2651 { 2652 SecureRandom random = new SecureRandom(); 2653 CertificateFactory certFact = CertificateFactory.getInstance("X.509", BC); 2654 2655 X509Certificate senderCert = (X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(gost2012_Sender_Cert)); 2656 X509Certificate reciCert = (X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(gost2012_Reci_Cert)); 2657 2658 byte[] data = Strings.toByteArray("Hello World!"); 2659 KeyFactory keyFact = KeyFactory.getInstance("ECGOST3410-2012", BC); 2660 2661 PrivateKey senderKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(gost2012_Sender_Key)); 2662 PrivateKey reciKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(gost2012_Reci_Key)); 2663 2664 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 2665 2666 JceKeyAgreeRecipientInfoGenerator recipientGenerator = new JceKeyAgreeRecipientInfoGenerator(CMSAlgorithm.ECDHGOST3410_2012_256, 2667 senderKey, senderCert.getPublicKey(), CMSAlgorithm.GOST28147_CRYPTOPRO_WRAP).setProvider(BC); 2668 2669 byte[] ukm = new byte[8]; 2670 random.nextBytes(ukm); 2671 2672 recipientGenerator.addRecipient(reciCert); 2673 recipientGenerator.setUserKeyingMaterial(ukm); 2674 2675 edGen.addRecipientInfoGenerator(recipientGenerator); 2676 2677 CMSEnvelopedData ed = edGen.generate( 2678 new CMSProcessableByteArray(data), 2679 new JceCMSContentEncryptorBuilder(CMSAlgorithm.GOST28147_GCFB).setProvider(BC).build()); 2680 2681 RecipientInformationStore recipients = ed.getRecipientInfos(); 2682 2683 assertEquals(ed.getEncryptionAlgOID(), CryptoProObjectIdentifiers.gostR28147_gcfb.getId()); 2684 2685 Collection c = recipients.getRecipients(); 2686 2687 assertEquals(1, c.size()); 2688 2689 Iterator it = c.iterator(); 2690 2691 while (it.hasNext()) 2692 { 2693 RecipientInformation recipient = (RecipientInformation)it.next(); 2694 2695 assertEquals(recipient.getKeyEncryptionAlgOID(), RosstandartObjectIdentifiers.id_tc26_agreement_gost_3410_12_256.getId()); 2696 2697 byte[] recData = recipient.getContent(new JceKeyAgreeEnvelopedRecipient(reciKey).setProvider(BC)); 2698 2699 assertEquals("Hello World!", Strings.fromByteArray(recData)); 2700 } 2701 2702 RecipientId id = new JceKeyAgreeRecipientId(reciCert); 2703 2704 Collection collection = recipients.getRecipients(id); 2705 if (collection.size() != 1) 2706 { 2707 fail("recipients not matched using general recipient ID."); 2708 } 2709 assertTrue(collection.iterator().next() instanceof RecipientInformation); 2710 } 2711 testGost3410_2012_512_KeyAgree_Creation()2712 public void testGost3410_2012_512_KeyAgree_Creation() 2713 throws Exception 2714 { 2715 SecureRandom random = new SecureRandom(); 2716 CertificateFactory certFact = CertificateFactory.getInstance("X.509", BC); 2717 2718 X509Certificate senderCert = (X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(gost2012_512_Sender_Cert)); 2719 X509Certificate reciCert = (X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(gost2012_512_Reci_Cert)); 2720 2721 byte[] data = Strings.toByteArray("Hello World!"); 2722 KeyFactory keyFact = KeyFactory.getInstance("ECGOST3410-2012", BC); 2723 2724 PrivateKey senderKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(gost2012_512_Sender_Key)); 2725 PrivateKey reciKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(gost2012_512_Reci_Key)); 2726 2727 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 2728 2729 JceKeyAgreeRecipientInfoGenerator recipientGenerator = new JceKeyAgreeRecipientInfoGenerator(CMSAlgorithm.ECDHGOST3410_2012_512, 2730 senderKey, senderCert.getPublicKey(), CMSAlgorithm.GOST28147_CRYPTOPRO_WRAP).setProvider(BC); 2731 2732 byte[] ukm = new byte[8]; 2733 random.nextBytes(ukm); 2734 2735 recipientGenerator.addRecipient(reciCert); 2736 recipientGenerator.setUserKeyingMaterial(ukm); 2737 2738 edGen.addRecipientInfoGenerator(recipientGenerator); 2739 2740 CMSEnvelopedData ed = edGen.generate( 2741 new CMSProcessableByteArray(data), 2742 new JceCMSContentEncryptorBuilder(CMSAlgorithm.GOST28147_GCFB).setProvider(BC).build()); 2743 2744 RecipientInformationStore recipients = ed.getRecipientInfos(); 2745 2746 assertEquals(ed.getEncryptionAlgOID(), CryptoProObjectIdentifiers.gostR28147_gcfb.getId()); 2747 2748 Collection c = recipients.getRecipients(); 2749 2750 assertEquals(1, c.size()); 2751 2752 Iterator it = c.iterator(); 2753 2754 while (it.hasNext()) 2755 { 2756 RecipientInformation recipient = (RecipientInformation)it.next(); 2757 2758 assertEquals(recipient.getKeyEncryptionAlgOID(), RosstandartObjectIdentifiers.id_tc26_agreement_gost_3410_12_512.getId()); 2759 2760 byte[] recData = recipient.getContent(new JceKeyAgreeEnvelopedRecipient(reciKey).setProvider(BC)); 2761 2762 assertEquals("Hello World!", Strings.fromByteArray(recData)); 2763 } 2764 2765 RecipientId id = new JceKeyAgreeRecipientId(reciCert); 2766 2767 Collection collection = recipients.getRecipients(id); 2768 if (collection.size() != 1) 2769 { 2770 fail("recipients not matched using general recipient ID."); 2771 } 2772 assertTrue(collection.iterator().next() instanceof RecipientInformation); 2773 } 2774 indexOf(byte[] data, byte[] subData)2775 private int indexOf(byte[] data, byte[] subData) 2776 { 2777 byte subData0 = subData[0]; 2778 for (int i = 0; i <= data.length - subData.length; ++i) 2779 { 2780 if (data[i] != subData0) 2781 { 2782 continue; 2783 } 2784 2785 int matchPos = i; 2786 for (int j = 1; j < subData.length; ++j) 2787 { 2788 if (data[i + j] != subData[j]) 2789 { 2790 matchPos = -1; 2791 break; 2792 } 2793 } 2794 2795 if (matchPos >= 0) 2796 { 2797 return matchPos; 2798 } 2799 } 2800 return -1; 2801 } 2802 processInput(ECPrivateKey ecKey, byte[] expected, String input, AlgorithmIdentifier wrapAlg)2803 private void processInput(ECPrivateKey ecKey, byte[] expected, String input, AlgorithmIdentifier wrapAlg) 2804 throws CMSException, IOException 2805 { 2806 PEMParser pemParser; 2807 pemParser = new PEMParser(new InputStreamReader(getClass().getResourceAsStream(input))); 2808 2809 CMSEnvelopedData envData = new CMSEnvelopedData((ContentInfo)pemParser.readObject()); 2810 2811 KeyAgreeRecipientInformation recip = (KeyAgreeRecipientInformation)envData.getRecipientInfos().getRecipients().iterator().next(); 2812 2813 TestCase.assertEquals(wrapAlg, AlgorithmIdentifier.getInstance(recip.getKeyEncryptionAlgorithm().getParameters())); 2814 2815 byte[] decrypted = recip.getContent(new JceKeyAgreeEnvelopedRecipient(ecKey).setProvider("BC")); 2816 2817 TestCase.assertTrue(Arrays.equals(expected, decrypted)); 2818 } 2819 passwordTest(String algorithm)2820 private void passwordTest(String algorithm) 2821 throws Exception 2822 { 2823 byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65"); 2824 2825 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 2826 2827 edGen.addRecipientInfoGenerator(new JcePasswordRecipientInfoGenerator(new ASN1ObjectIdentifier(algorithm), "password".toCharArray()).setProvider(BC).setPasswordConversionScheme(PasswordRecipient.PKCS5_SCHEME2).setSaltAndIterationCount(new byte[20], 5)); 2828 2829 CMSEnvelopedData ed = edGen.generate( 2830 new CMSProcessableByteArray(data), 2831 new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build()); 2832 2833 RecipientInformationStore recipients = ed.getRecipientInfos(); 2834 2835 assertEquals(ed.getEncryptionAlgOID(), 2836 CMSEnvelopedDataGenerator.AES128_CBC); 2837 2838 Collection c = recipients.getRecipients(); 2839 Iterator it = c.iterator(); 2840 2841 if (it.hasNext()) 2842 { 2843 PasswordRecipientInformation recipient = (PasswordRecipientInformation)it.next(); 2844 2845 byte[] recData = recipient.getContent(new JcePasswordEnvelopedRecipient("password".toCharArray()).setPasswordConversionScheme(PasswordRecipient.PKCS5_SCHEME2).setProvider(BC)); 2846 2847 assertEquals(true, Arrays.equals(data, recData)); 2848 } 2849 else 2850 { 2851 fail("no recipient found"); 2852 } 2853 2854 // 2855 // try algorithm parameters constructor 2856 // 2857 it = c.iterator(); 2858 2859 RecipientInformation recipient = (RecipientInformation)it.next(); 2860 2861 byte[] recData = recipient.getContent(new JcePasswordEnvelopedRecipient("password".toCharArray()).setPasswordConversionScheme(PasswordRecipient.PKCS5_SCHEME2).setProvider(BC)); 2862 assertEquals(true, Arrays.equals(data, recData)); 2863 } 2864 passwordUTF8Test(String algorithm)2865 private void passwordUTF8Test(String algorithm) 2866 throws Exception 2867 { 2868 byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65"); 2869 2870 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 2871 2872 edGen.addRecipientInfoGenerator(new JcePasswordRecipientInfoGenerator(new ASN1ObjectIdentifier(algorithm), "abc\u5639\u563b".toCharArray()).setProvider(BC).setSaltAndIterationCount(new byte[20], 5)); 2873 2874 CMSEnvelopedData ed = edGen.generate( 2875 new CMSProcessableByteArray(data), 2876 new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build()); 2877 2878 RecipientInformationStore recipients = ed.getRecipientInfos(); 2879 2880 assertEquals(ed.getEncryptionAlgOID(), 2881 CMSEnvelopedDataGenerator.AES128_CBC); 2882 2883 Collection c = recipients.getRecipients(); 2884 Iterator it = c.iterator(); 2885 2886 if (it.hasNext()) 2887 { 2888 RecipientInformation recipient = (RecipientInformation)it.next(); 2889 2890 byte[] recData = recipient.getContent(new JcePasswordEnvelopedRecipient("abc\u5639\u563b".toCharArray()).setProvider(BC)); 2891 assertEquals(true, Arrays.equals(data, recData)); 2892 } 2893 else 2894 { 2895 fail("no recipient found"); 2896 } 2897 2898 // 2899 // try algorithm parameters constructor 2900 // 2901 it = c.iterator(); 2902 2903 RecipientInformation recipient = (RecipientInformation)it.next(); 2904 2905 byte[] recData = recipient.getContent(new JcePasswordEnvelopedRecipient("abc\u5639\u563b".toCharArray()).setProvider(BC)); 2906 assertEquals(true, Arrays.equals(data, recData)); 2907 } 2908 passwordUTF8Test(String algorithm, PasswordRecipient.PRF prf)2909 private void passwordUTF8Test(String algorithm, PasswordRecipient.PRF prf) 2910 throws Exception 2911 { 2912 byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65"); 2913 2914 CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); 2915 2916 edGen.addRecipientInfoGenerator(new JcePasswordRecipientInfoGenerator(new ASN1ObjectIdentifier(algorithm), "abc\u5639\u563b".toCharArray()).setProvider(BC).setPRF(prf).setSaltAndIterationCount(new byte[20], 5)); 2917 2918 CMSEnvelopedData ed = edGen.generate( 2919 new CMSProcessableByteArray(data), 2920 new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build()); 2921 2922 RecipientInformationStore recipients = ed.getRecipientInfos(); 2923 2924 assertEquals(ed.getEncryptionAlgOID(), 2925 CMSEnvelopedDataGenerator.AES128_CBC); 2926 2927 Collection c = recipients.getRecipients(); 2928 Iterator it = c.iterator(); 2929 2930 if (it.hasNext()) 2931 { 2932 PasswordRecipientInformation recipient = (PasswordRecipientInformation)it.next(); 2933 2934 assertEquals(AlgorithmIdentifier.getInstance(recipient.getKeyEncryptionAlgorithm().getParameters()).getAlgorithm().getId(), algorithm); 2935 assertEquals(PBKDF2Params.getInstance(recipient.getKeyDerivationAlgorithm().getParameters()).getPrf(), prf.getAlgorithmID()); 2936 2937 byte[] recData = recipient.getContent(new JcePasswordEnvelopedRecipient("abc\u5639\u563b".toCharArray()).setProvider(BC)); 2938 assertEquals(true, Arrays.equals(data, recData)); 2939 2940 // try lightweight recipient 2941 recData = recipient.getContent(new BcPasswordEnvelopedRecipient("abc\u5639\u563b".toCharArray())); 2942 assertEquals(true, Arrays.equals(data, recData)); 2943 } 2944 else 2945 { 2946 fail("no recipient found"); 2947 } 2948 2949 // 2950 // try algorithm parameters constructor 2951 // 2952 it = c.iterator(); 2953 2954 RecipientInformation recipient = (RecipientInformation)it.next(); 2955 2956 byte[] recData = recipient.getContent(new JcePasswordEnvelopedRecipient("abc\u5639\u563b".toCharArray()).setProvider(BC)); 2957 assertEquals(true, Arrays.equals(data, recData)); 2958 2959 // try lightweight generator. 2960 edGen = new CMSEnvelopedDataGenerator(); 2961 2962 edGen.addRecipientInfoGenerator(new BcPasswordRecipientInfoGenerator(new ASN1ObjectIdentifier(algorithm), "abc\u5639\u563b".toCharArray()).setPRF(prf).setSaltAndIterationCount(new byte[20], 5)); 2963 2964 ed = edGen.generate( 2965 new CMSProcessableByteArray(data), 2966 new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build()); 2967 2968 recipients = ed.getRecipientInfos(); 2969 2970 assertEquals(ed.getEncryptionAlgOID(), 2971 CMSEnvelopedDataGenerator.AES128_CBC); 2972 2973 c = recipients.getRecipients(); 2974 it = c.iterator(); 2975 2976 if (it.hasNext()) 2977 { 2978 PasswordRecipientInformation recipient1 = (PasswordRecipientInformation)it.next(); 2979 2980 assertEquals(AlgorithmIdentifier.getInstance(recipient1.getKeyEncryptionAlgorithm().getParameters()).getAlgorithm().getId(), algorithm); 2981 assertEquals(PBKDF2Params.getInstance(recipient1.getKeyDerivationAlgorithm().getParameters()).getPrf(), prf.getAlgorithmID()); 2982 2983 recData = recipient1.getContent(new JcePasswordEnvelopedRecipient("abc\u5639\u563b".toCharArray()).setProvider(BC)); 2984 assertEquals(true, Arrays.equals(data, recData)); 2985 2986 // try lightweight recipient 2987 recData = recipient1.getContent(new BcPasswordEnvelopedRecipient("abc\u5639\u563b".toCharArray())); 2988 assertEquals(true, Arrays.equals(data, recData)); 2989 } 2990 else 2991 { 2992 fail("no recipient found"); 2993 } 2994 } 2995 verifyECKeyAgreeVectors(PrivateKey privKey, String wrapAlg, byte[] message)2996 private void verifyECKeyAgreeVectors(PrivateKey privKey, String wrapAlg, byte[] message) 2997 throws CMSException, GeneralSecurityException 2998 { 2999 byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65"); 3000 3001 CMSEnvelopedData ed = new CMSEnvelopedData(message); 3002 3003 RecipientInformationStore recipients = ed.getRecipientInfos(); 3004 3005 Collection c = recipients.getRecipients(); 3006 Iterator it = c.iterator(); 3007 3008 assertEquals(wrapAlg, ed.getEncryptionAlgOID()); 3009 3010 if (it.hasNext()) 3011 { 3012 RecipientInformation recipient = (RecipientInformation)it.next(); 3013 3014 assertEquals("1.3.133.16.840.63.0.2", recipient.getKeyEncryptionAlgOID()); 3015 3016 byte[] recData = recipient.getContent(new JceKeyAgreeEnvelopedRecipient(privKey).setProvider(BC)); 3017 3018 assertTrue(Arrays.equals(data, recData)); 3019 } 3020 else 3021 { 3022 fail("no recipient found"); 3023 } 3024 } 3025 verifyECMQVKeyAgreeVectors(PrivateKey privKey, String wrapAlg, byte[] message)3026 private void verifyECMQVKeyAgreeVectors(PrivateKey privKey, String wrapAlg, byte[] message) 3027 throws CMSException, GeneralSecurityException 3028 { 3029 byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65"); 3030 3031 CMSEnvelopedData ed = new CMSEnvelopedData(message); 3032 3033 RecipientInformationStore recipients = ed.getRecipientInfos(); 3034 3035 Collection c = recipients.getRecipients(); 3036 Iterator it = c.iterator(); 3037 3038 assertEquals(wrapAlg, ed.getEncryptionAlgOID()); 3039 3040 if (it.hasNext()) 3041 { 3042 RecipientInformation recipient = (RecipientInformation)it.next(); 3043 3044 assertEquals("1.3.133.16.840.63.0.16", recipient.getKeyEncryptionAlgOID()); 3045 3046 byte[] recData = recipient.getContent(new JceKeyAgreeEnvelopedRecipient(privKey).setProvider(BC)); 3047 3048 assertTrue(Arrays.equals(data, recData)); 3049 } 3050 else 3051 { 3052 fail("no recipient found"); 3053 } 3054 } 3055 }