001: package org.bouncycastle.cms.test;
002:
003: import junit.framework.Test;
004: import junit.framework.TestCase;
005: import junit.framework.TestSuite;
006: import org.bouncycastle.asn1.ASN1InputStream;
007: import org.bouncycastle.asn1.ASN1Sequence;
008: import org.bouncycastle.asn1.DERObjectIdentifier;
009: import org.bouncycastle.asn1.DEROctetString;
010: import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
011: import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
012: import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
013: import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
014: import org.bouncycastle.cms.CMSEnvelopedData;
015: import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
016: import org.bouncycastle.cms.CMSException;
017: import org.bouncycastle.cms.CMSProcessableByteArray;
018: import org.bouncycastle.cms.KeyTransRecipientInformation;
019: import org.bouncycastle.cms.PKCS5Scheme2PBEKey;
020: import org.bouncycastle.cms.RecipientInformation;
021: import org.bouncycastle.cms.RecipientInformationStore;
022: import org.bouncycastle.util.encoders.Base64;
023: import org.bouncycastle.util.encoders.Hex;
024:
025: import javax.crypto.SecretKey;
026: import javax.crypto.spec.SecretKeySpec;
027: import java.security.GeneralSecurityException;
028: import java.security.Key;
029: import java.security.KeyFactory;
030: import java.security.KeyPair;
031: import java.security.NoSuchAlgorithmException;
032: import java.security.NoSuchProviderException;
033: import java.security.PrivateKey;
034: import java.security.Security;
035: import java.security.cert.X509Certificate;
036: import java.security.spec.PKCS8EncodedKeySpec;
037: import java.util.Arrays;
038: import java.util.Collection;
039: import java.util.Iterator;
040:
041: public class EnvelopedDataTest extends TestCase {
042: private static String _signDN;
043: private static KeyPair _signKP;
044: private static X509Certificate _signCert;
045:
046: private static String _origDN;
047: private static KeyPair _origKP;
048: private static X509Certificate _origCert;
049:
050: private static String _reciDN;
051: private static KeyPair _reciKP;
052: private static X509Certificate _reciCert;
053:
054: private static KeyPair _origEcKP;
055: private static KeyPair _reciEcKP;
056: private static X509Certificate _reciEcCert;
057:
058: private static boolean _initialised = false;
059:
060: private byte[] oldKEK = Base64
061: .decode("MIAGCSqGSIb3DQEHA6CAMIACAQIxQaI/MD0CAQQwBwQFAQIDBAUwDQYJYIZIAWUDBAEFBQAEI"
062: + "Fi2eHTPM4bQSjP4DUeDzJZLpfemW2gF1SPq7ZPHJi1mMIAGCSqGSIb3DQEHATAUBggqhkiG9w"
063: + "0DBwQImtdGyUdGGt6ggAQYk9X9z01YFBkU7IlS3wmsKpm/zpZClTceAAAAAAAAAAAAAA==");
064:
065: private byte[] ecKeyAgreeMsgAES256 = Base64
066: .decode("MIAGCSqGSIb3DQEHA6CAMIACAQIxgcShgcECAQOgQ6FBMAsGByqGSM49AgEF"
067: + "AAMyAAPdXlSTpub+qqno9hUGkUDl+S3/ABhPziIB5yGU4678tgOgU5CiKG9Z"
068: + "kfnabIJ3nZYwGgYJK4EFEIZIPwACMA0GCWCGSAFlAwQBLQUAMFswWTAtMCgx"
069: + "EzARBgNVBAMTCkFkbWluLU1EU0UxETAPBgNVBAoTCDRCQ1QtMklEAgEBBCi/"
070: + "rJRLbFwEVW6PcLLmojjW9lI/xGD7CfZzXrqXFw8iHaf3hTRau1gYMIAGCSqG"
071: + "SIb3DQEHATAdBglghkgBZQMEASoEEMtCnKKPwccmyrbgeSIlA3qggAQQDLw8"
072: + "pNJR97bPpj6baG99bQQQwhEDsoj5Xg1oOxojHVcYzAAAAAAAAAAAAAA=");
073:
074: private byte[] ecKeyAgreeMsgAES128 = Base64
075: .decode("MIAGCSqGSIb3DQEHA6CAMIACAQIxgbShgbECAQOgQ6FBMAsGByqGSM49AgEF"
076: + "AAMyAAL01JLEgKvKh5rbxI/hOxs/9WEezMIsAbUaZM4l5tn3CzXAN505nr5d"
077: + "LhrcurMK+tAwGgYJK4EFEIZIPwACMA0GCWCGSAFlAwQBBQUAMEswSTAtMCgx"
078: + "EzARBgNVBAMTCkFkbWluLU1EU0UxETAPBgNVBAoTCDRCQ1QtMklEAgEBBBhi"
079: + "FLjc5g6aqDT3f8LomljOwl1WTrplUT8wgAYJKoZIhvcNAQcBMB0GCWCGSAFl"
080: + "AwQBAgQQzXjms16Y69S/rB0EbHqRMaCABBAFmc/QdVW6LTKdEy97kaZzBBBa"
081: + "fQuviUS03NycpojELx0bAAAAAAAAAAAAAA==");
082:
083: private byte[] ecKeyAgreeMsgDESEDE = Base64
084: .decode("MIAGCSqGSIb3DQEHA6CAMIACAQIxgcahgcMCAQOgQ6FBMAsGByqGSM49AgEF"
085: + "AAMyAALIici6Nx1WN5f0ThH2A8ht9ovm0thpC5JK54t73E1RDzCifePaoQo0"
086: + "xd6sUqoyGaYwHAYJK4EFEIZIPwACMA8GCyqGSIb3DQEJEAMGBQAwWzBZMC0w"
087: + "KDETMBEGA1UEAxMKQWRtaW4tTURTRTERMA8GA1UEChMINEJDVC0ySUQCAQEE"
088: + "KJuqZQ1NB1vXrKPOnb4TCpYOsdm6GscWdwAAZlm2EHMp444j0s55J9wwgAYJ"
089: + "KoZIhvcNAQcBMBQGCCqGSIb3DQMHBAjwnsDMsafCrKCABBjyPvqFOVMKxxut"
090: + "VfTx4fQlNGJN8S2ATRgECMcTQ/dsmeViAAAAAAAAAAAAAA==");
091:
092: private byte[] ecMQVKeyAgreeMsgAES128 = Base64
093: .decode("MIAGCSqGSIb3DQEHA6CAMIACAQIxgf2hgfoCAQOgQ6FBMAsGByqGSM49AgEF"
094: + "AAMyAAPDKU+0H58tsjpoYmYCInMr/FayvCCkupebgsnpaGEB7qS9vzcNVUj6"
095: + "mrnmiC2grpmhRwRFMEMwQTALBgcqhkjOPQIBBQADMgACZpD13z9c7DzRWx6S"
096: + "0xdbq3S+EJ7vWO+YcHVjTD8NcQDcZcWASW899l1PkL936zsuMBoGCSuBBRCG"
097: + "SD8AEDANBglghkgBZQMEAQUFADBLMEkwLTAoMRMwEQYDVQQDEwpBZG1pbi1N"
098: + "RFNFMREwDwYDVQQKEwg0QkNULTJJRAIBAQQYFq58L71nyMK/70w3nc6zkkRy"
099: + "RL7DHmpZMIAGCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEDzRUpreBsZXWHBe"
100: + "onxOtSmggAQQ7csAZXwT1lHUqoazoy8bhAQQq+9Zjj8iGdOWgyebbfj67QAA"
101: + "AAAAAAAAAAA=");
102:
103: private byte[] ecKeyAgreeKey = Base64
104: .decode("MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDC8vp7xVTbKSgYVU5Wc"
105: + "hGkWbzaj+yUFETIWP1Dt7+WSpq3ikSPdl7PpHPqnPVZfoIWhZANiAgSYHTgxf+Dd"
106: + "Tt84dUvuSKkFy3RhjxJmjwIscK6zbEUzKhcPQG2GHzXhWK5x1kov0I74XpGhVkya"
107: + "ElH5K6SaOXiXAzcyNGggTOk4+ZFnz5Xl0pBje3zKxPhYu0SnCw7Pcqw=");
108:
109: private byte[] bobPrivRsaEncrypt = Base64
110: .decode("MIIChQIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKnhZ5g/OdVf"
111: + "8qCTQV6meYmFyDVdmpFb+x0B2hlwJhcPvaUi0DWFbXqYZhRBXM+3twg7CcmR"
112: + "uBlpN235ZR572akzJKN/O7uvRgGGNjQyywcDWVL8hYsxBLjMGAgUSOZPHPtd"
113: + "YMTgXB9T039T2GkB8QX4enDRvoPGXzjPHCyqaqfrAgMBAAECgYBnzUhMmg2P"
114: + "mMIbZf8ig5xt8KYGHbztpwOIlPIcaw+LNd4Ogngwy+e6alatd8brUXlweQqg"
115: + "9P5F4Kmy9Bnah5jWMIR05PxZbMHGd9ypkdB8MKCixQheIXFD/A0HPfD6bRSe"
116: + "TmPwF1h5HEuYHD09sBvf+iU7o8AsmAX2EAnYh9sDGQJBANDDIsbeopkYdo+N"
117: + "vKZ11mY/1I1FUox29XLE6/BGmvE+XKpVC5va3Wtt+Pw7PAhDk7Vb/s7q/WiE"
118: + "I2Kv8zHCueUCQQDQUfweIrdb7bWOAcjXq/JY1PeClPNTqBlFy2bKKBlf4hAr"
119: + "84/sajB0+E0R9KfEILVHIdxJAfkKICnwJAiEYH2PAkA0umTJSChXdNdVUN5q"
120: + "SO8bKlocSHseIVnDYDubl6nA7xhmqU5iUjiEzuUJiEiUacUgFJlaV/4jbOSn"
121: + "I3vQgLeFAkEAni+zN5r7CwZdV+EJBqRd2ZCWBgVfJAZAcpw6iIWchw+dYhKI"
122: + "FmioNRobQ+g4wJhprwMKSDIETukPj3d9NDAlBwJAVxhn1grStavCunrnVNqc"
123: + "BU+B1O8BiR4yPWnLMcRSyFRVJQA7HCp8JlDV6abXd8vPFfXuC9WN7rOvTKF8"
124: + "Y0ZB9qANMAsGA1UdDzEEAwIAEA==");
125:
126: private byte[] rfc4134ex5_1 = Base64
127: .decode("MIIBHgYJKoZIhvcNAQcDoIIBDzCCAQsCAQAxgcAwgb0CAQAwJjASMRAwDgYD"
128: + "VQQDEwdDYXJsUlNBAhBGNGvHgABWvBHTbi7NXXHQMA0GCSqGSIb3DQEBAQUA"
129: + "BIGAC3EN5nGIiJi2lsGPcP2iJ97a4e8kbKQz36zg6Z2i0yx6zYC4mZ7mX7FB"
130: + "s3IWg+f6KgCLx3M1eCbWx8+MDFbbpXadCDgO8/nUkUNYeNxJtuzubGgzoyEd"
131: + "8Ch4H/dd9gdzTd+taTEgS0ipdSJuNnkVY4/M652jKKHRLFf02hosdR8wQwYJ"
132: + "KoZIhvcNAQcBMBQGCCqGSIb3DQMHBAgtaMXpRwZRNYAgDsiSf8Z9P43LrY4O"
133: + "xUk660cu1lXeCSFOSOpOJ7FuVyU=");
134:
135: private byte[] rfc4134ex5_2 = Base64
136: .decode("MIIBZQYJKoZIhvcNAQcDoIIBVjCCAVICAQIxggEAMIG9AgEAMCYwEjEQMA4G"
137: + "A1UEAxMHQ2FybFJTQQIQRjRrx4AAVrwR024uzV1x0DANBgkqhkiG9w0BAQEF"
138: + "AASBgJQmQojGi7Z4IP+CVypBmNFoCDoEp87khtgyff2N4SmqD3RxPx+8hbLQ"
139: + "t9i3YcMwcap+aiOkyqjMalT03VUC0XBOGv+HYI3HBZm/aFzxoq+YOXAWs5xl"
140: + "GerZwTOc9j6AYlK4qXvnztR5SQ8TBjlzytm4V7zg+TGrnGVNQBNw47Ewoj4C"
141: + "AQQwDQQLTWFpbExpc3RSQzIwEAYLKoZIhvcNAQkQAwcCAToEGHcUr5MSJ/g9"
142: + "HnJVHsQ6X56VcwYb+OfojTBJBgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgIC"
143: + "AKAECJwE0hkuKlWhgCBeKNXhojuej3org9Lt7n+wWxOhnky5V50vSpoYRfRR"
144: + "yw==");
145:
146: public EnvelopedDataTest() {
147: }
148:
149: private static void init() throws Exception {
150: if (!_initialised) {
151: _initialised = true;
152:
153: _signDN = "O=Bouncy Castle, C=AU";
154: _signKP = CMSTestUtil.makeKeyPair();
155: _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN,
156: _signKP, _signDN);
157:
158: _origDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU";
159: _origKP = CMSTestUtil.makeKeyPair();
160: _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN,
161: _signKP, _signDN);
162:
163: _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU";
164: _reciKP = CMSTestUtil.makeKeyPair();
165: _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN,
166: _signKP, _signDN);
167:
168: _origEcKP = CMSTestUtil.makeEcDsaKeyPair();
169: _reciEcKP = CMSTestUtil.makeEcDsaKeyPair();
170: _reciEcCert = CMSTestUtil.makeCertificate(_reciEcKP,
171: _reciDN, _signKP, _signDN);
172: }
173: }
174:
175: public static void main(String args[]) throws Exception {
176: junit.textui.TestRunner.run(EnvelopedDataTest.suite());
177: }
178:
179: public static Test suite() throws Exception {
180: init();
181:
182: return new CMSTestSetup(new TestSuite(EnvelopedDataTest.class));
183: }
184:
185: public void testKeyTrans() throws Exception {
186: byte[] data = "WallaWallaWashington".getBytes();
187:
188: CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
189:
190: edGen.addKeyTransRecipient(_reciCert);
191:
192: CMSEnvelopedData ed = edGen.generate(
193: new CMSProcessableByteArray(data),
194: CMSEnvelopedDataGenerator.DES_EDE3_CBC, "BC");
195:
196: RecipientInformationStore recipients = ed.getRecipientInfos();
197:
198: assertEquals(ed.getEncryptionAlgOID(),
199: CMSEnvelopedDataGenerator.DES_EDE3_CBC);
200:
201: Collection c = recipients.getRecipients();
202:
203: assertEquals(1, c.size());
204:
205: Iterator it = c.iterator();
206:
207: while (it.hasNext()) {
208: RecipientInformation recipient = (RecipientInformation) it
209: .next();
210:
211: assertEquals(recipient.getKeyEncryptionAlgOID(),
212: PKCSObjectIdentifiers.rsaEncryption.getId());
213:
214: byte[] recData = recipient.getContent(_reciKP.getPrivate(),
215: "BC");
216:
217: assertEquals(true, Arrays.equals(data, recData));
218: }
219: }
220:
221: public void testKeyTransCAST5SunJCE() throws Exception {
222: if (Security.getProvider("SunJCE") == null) {
223: return;
224: }
225:
226: String version = System.getProperty("java.version");
227: if (version.startsWith("1.4") || version.startsWith("1.3")) {
228: return;
229: }
230:
231: byte[] data = "WallaWallaWashington".getBytes();
232:
233: CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
234:
235: edGen.addKeyTransRecipient(_reciCert);
236:
237: CMSEnvelopedData ed = edGen.generate(
238: new CMSProcessableByteArray(data),
239: CMSEnvelopedDataGenerator.CAST5_CBC, "SunJCE");
240: RecipientInformationStore recipients = ed.getRecipientInfos();
241:
242: assertEquals(ed.getEncryptionAlgOID(),
243: CMSEnvelopedDataGenerator.CAST5_CBC);
244:
245: Collection c = recipients.getRecipients();
246:
247: assertEquals(1, c.size());
248:
249: Iterator it = c.iterator();
250:
251: while (it.hasNext()) {
252: RecipientInformation recipient = (RecipientInformation) it
253: .next();
254:
255: assertEquals(recipient.getKeyEncryptionAlgOID(),
256: PKCSObjectIdentifiers.rsaEncryption.getId());
257:
258: byte[] recData = recipient.getContent(_reciKP.getPrivate(),
259: "SunJCE");
260:
261: assertEquals(true, Arrays.equals(data, recData));
262: }
263: }
264:
265: public void testKeyTransRC4() throws Exception {
266: byte[] data = "WallaWallaBouncyCastle".getBytes();
267:
268: CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
269:
270: edGen.addKeyTransRecipient(_reciCert);
271:
272: CMSEnvelopedData ed = edGen.generate(
273: new CMSProcessableByteArray(data),
274: "1.2.840.113549.3.4", "BC");
275:
276: RecipientInformationStore recipients = ed.getRecipientInfos();
277:
278: assertEquals(ed.getEncryptionAlgOID(), "1.2.840.113549.3.4");
279:
280: Collection c = recipients.getRecipients();
281:
282: assertEquals(1, c.size());
283:
284: Iterator it = c.iterator();
285:
286: while (it.hasNext()) {
287: RecipientInformation recipient = (RecipientInformation) it
288: .next();
289:
290: byte[] recData = recipient.getContent(_reciKP.getPrivate(),
291: "BC");
292:
293: assertEquals(true, Arrays.equals(data, recData));
294: }
295: }
296:
297: public void testKeyTrans128RC4() throws Exception {
298: byte[] data = "WallaWallaBouncyCastle".getBytes();
299:
300: CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
301:
302: edGen.addKeyTransRecipient(_reciCert);
303:
304: CMSEnvelopedData ed = edGen.generate(
305: new CMSProcessableByteArray(data),
306: "1.2.840.113549.3.4", 128, "BC");
307:
308: RecipientInformationStore recipients = ed.getRecipientInfos();
309:
310: assertEquals(ed.getEncryptionAlgOID(), "1.2.840.113549.3.4");
311:
312: Collection c = recipients.getRecipients();
313: Iterator it = c.iterator();
314:
315: if (it.hasNext()) {
316: RecipientInformation recipient = (RecipientInformation) it
317: .next();
318:
319: byte[] recData = recipient.getContent(_reciKP.getPrivate(),
320: "BC");
321:
322: assertEquals(true, Arrays.equals(data, recData));
323: } else {
324: fail("no recipient found");
325: }
326: }
327:
328: public void testKeyTransODES() throws Exception {
329: byte[] data = "WallaWallaBouncyCastle".getBytes();
330:
331: CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
332:
333: edGen.addKeyTransRecipient(_reciCert);
334:
335: CMSEnvelopedData ed = edGen
336: .generate(new CMSProcessableByteArray(data),
337: "1.3.14.3.2.7", "BC");
338:
339: RecipientInformationStore recipients = ed.getRecipientInfos();
340:
341: assertEquals(ed.getEncryptionAlgOID(), "1.3.14.3.2.7");
342:
343: Collection c = recipients.getRecipients();
344: Iterator it = c.iterator();
345:
346: if (it.hasNext()) {
347: RecipientInformation recipient = (RecipientInformation) it
348: .next();
349:
350: byte[] recData = recipient.getContent(_reciKP.getPrivate(),
351: "BC");
352:
353: assertEquals(true, Arrays.equals(data, recData));
354: } else {
355: fail("no recipient found");
356: }
357: }
358:
359: public void testKeyTransSmallAES() throws Exception {
360: byte[] data = new byte[] { 0, 1, 2, 3 };
361:
362: CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
363:
364: edGen.addKeyTransRecipient(_reciCert);
365:
366: CMSEnvelopedData ed = edGen.generate(
367: new CMSProcessableByteArray(data),
368: CMSEnvelopedDataGenerator.AES128_CBC, "BC");
369:
370: RecipientInformationStore recipients = ed.getRecipientInfos();
371:
372: assertEquals(ed.getEncryptionAlgOID(),
373: CMSEnvelopedDataGenerator.AES128_CBC);
374:
375: Collection c = recipients.getRecipients();
376: Iterator it = c.iterator();
377:
378: if (it.hasNext()) {
379: RecipientInformation recipient = (RecipientInformation) it
380: .next();
381:
382: byte[] recData = recipient.getContent(_reciKP.getPrivate(),
383: "BC");
384: assertEquals(true, Arrays.equals(data, recData));
385: } else {
386: fail("no recipient found");
387: }
388: }
389:
390: public void testKeyTransCAST5() throws Exception {
391: tryKeyTrans(CMSEnvelopedDataGenerator.CAST5_CBC,
392: new DERObjectIdentifier(
393: CMSEnvelopedDataGenerator.CAST5_CBC),
394: ASN1Sequence.class);
395: }
396:
397: public void testKeyTransAES128() throws Exception {
398: tryKeyTrans(CMSEnvelopedDataGenerator.AES128_CBC,
399: NISTObjectIdentifiers.id_aes128_CBC,
400: DEROctetString.class);
401: }
402:
403: public void testKeyTransAES192() throws Exception {
404: tryKeyTrans(CMSEnvelopedDataGenerator.AES192_CBC,
405: NISTObjectIdentifiers.id_aes192_CBC,
406: DEROctetString.class);
407: }
408:
409: public void testKeyTransAES256() throws Exception {
410: tryKeyTrans(CMSEnvelopedDataGenerator.AES256_CBC,
411: NISTObjectIdentifiers.id_aes256_CBC,
412: DEROctetString.class);
413: }
414:
415: public void testKeyTransSEED() throws Exception {
416: tryKeyTrans(CMSEnvelopedDataGenerator.SEED_CBC,
417: KISAObjectIdentifiers.id_seedCBC, DEROctetString.class);
418: }
419:
420: public void testKeyTransCamellia128() throws Exception {
421: tryKeyTrans(CMSEnvelopedDataGenerator.CAMELLIA128_CBC,
422: NTTObjectIdentifiers.id_camellia128_cbc,
423: DEROctetString.class);
424: }
425:
426: public void testKeyTransCamellia192() throws Exception {
427: tryKeyTrans(CMSEnvelopedDataGenerator.CAMELLIA192_CBC,
428: NTTObjectIdentifiers.id_camellia192_cbc,
429: DEROctetString.class);
430: }
431:
432: public void testKeyTransCamellia256() throws Exception {
433: tryKeyTrans(CMSEnvelopedDataGenerator.CAMELLIA256_CBC,
434: NTTObjectIdentifiers.id_camellia256_cbc,
435: DEROctetString.class);
436: }
437:
438: private void tryKeyTrans(String generatorOID,
439: DERObjectIdentifier checkOID, Class asn1Params)
440: throws Exception {
441: byte[] data = "WallaWallaWashington".getBytes();
442:
443: CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
444:
445: edGen.addKeyTransRecipient(_reciCert);
446:
447: CMSEnvelopedData ed = edGen.generate(
448: new CMSProcessableByteArray(data), generatorOID, "BC");
449:
450: RecipientInformationStore recipients = ed.getRecipientInfos();
451:
452: assertEquals(checkOID.getId(), ed.getEncryptionAlgOID());
453:
454: if (asn1Params != null) {
455: ASN1InputStream aIn = new ASN1InputStream(ed
456: .getEncryptionAlgParams());
457:
458: assertTrue(asn1Params.isAssignableFrom(aIn.readObject()
459: .getClass()));
460: }
461:
462: Collection c = recipients.getRecipients();
463:
464: assertEquals(1, c.size());
465:
466: Iterator it = c.iterator();
467:
468: if (!it.hasNext()) {
469: fail("no recipients found");
470: }
471:
472: while (it.hasNext()) {
473: RecipientInformation recipient = (RecipientInformation) it
474: .next();
475:
476: assertEquals(recipient.getKeyEncryptionAlgOID(),
477: PKCSObjectIdentifiers.rsaEncryption.getId());
478:
479: byte[] recData = recipient.getContent(_reciKP.getPrivate(),
480: "BC");
481:
482: assertEquals(true, Arrays.equals(data, recData));
483: }
484: }
485:
486: public void testErrorneousKEK() throws Exception {
487: byte[] data = "WallaWallaWashington".getBytes();
488: SecretKey kek = new SecretKeySpec(new byte[] { 1, 2, 3, 4, 5,
489: 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 }, "AES");
490:
491: CMSEnvelopedData ed = new CMSEnvelopedData(oldKEK);
492:
493: RecipientInformationStore recipients = ed.getRecipientInfos();
494:
495: assertEquals(ed.getEncryptionAlgOID(),
496: CMSEnvelopedDataGenerator.DES_EDE3_CBC);
497:
498: Collection c = recipients.getRecipients();
499: Iterator it = c.iterator();
500:
501: if (it.hasNext()) {
502: RecipientInformation recipient = (RecipientInformation) it
503: .next();
504:
505: assertEquals(recipient.getKeyEncryptionAlgOID(),
506: NISTObjectIdentifiers.id_aes128_wrap.getId());
507:
508: byte[] recData = recipient.getContent(kek, "BC");
509:
510: assertEquals(true, Arrays.equals(data, recData));
511: } else {
512: fail("no recipient found");
513: }
514: }
515:
516: public void testDESKEK() throws Exception {
517: tryKekAlgorithm(CMSTestUtil.makeDesede192Key(),
518: new DERObjectIdentifier("1.2.840.113549.1.9.16.3.6"));
519: }
520:
521: public void testRC2128KEK() throws Exception {
522: tryKekAlgorithm(CMSTestUtil.makeRC2128Key(),
523: new DERObjectIdentifier("1.2.840.113549.1.9.16.3.7"));
524: }
525:
526: public void testAES128KEK() throws Exception {
527: tryKekAlgorithm(CMSTestUtil.makeAESKey(128),
528: NISTObjectIdentifiers.id_aes128_wrap);
529: }
530:
531: public void testAES192KEK() throws Exception {
532: tryKekAlgorithm(CMSTestUtil.makeAESKey(192),
533: NISTObjectIdentifiers.id_aes192_wrap);
534: }
535:
536: public void testAES256KEK() throws Exception {
537: tryKekAlgorithm(CMSTestUtil.makeAESKey(256),
538: NISTObjectIdentifiers.id_aes256_wrap);
539: }
540:
541: public void testSEED128KEK() throws Exception {
542: tryKekAlgorithm(CMSTestUtil.makeSEEDKey(),
543: KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap);
544: }
545:
546: public void testCamellia128KEK() throws Exception {
547: tryKekAlgorithm(CMSTestUtil.makeCamelliaKey(128),
548: NTTObjectIdentifiers.id_camellia128_wrap);
549: }
550:
551: public void testCamellia192KEK() throws Exception {
552: tryKekAlgorithm(CMSTestUtil.makeCamelliaKey(192),
553: NTTObjectIdentifiers.id_camellia192_wrap);
554: }
555:
556: public void testCamellia256KEK() throws Exception {
557: tryKekAlgorithm(CMSTestUtil.makeCamelliaKey(256),
558: NTTObjectIdentifiers.id_camellia256_wrap);
559: }
560:
561: private void tryKekAlgorithm(SecretKey kek,
562: DERObjectIdentifier algOid)
563: throws NoSuchAlgorithmException, NoSuchProviderException,
564: CMSException {
565: byte[] data = "WallaWallaWashington".getBytes();
566: CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
567:
568: byte[] kekId = new byte[] { 1, 2, 3, 4, 5 };
569:
570: edGen.addKEKRecipient(kek, kekId);
571:
572: CMSEnvelopedData ed = edGen.generate(
573: new CMSProcessableByteArray(data),
574: CMSEnvelopedDataGenerator.DES_EDE3_CBC, "BC");
575:
576: RecipientInformationStore recipients = ed.getRecipientInfos();
577:
578: Collection c = recipients.getRecipients();
579: Iterator it = c.iterator();
580:
581: assertEquals(ed.getEncryptionAlgOID(),
582: CMSEnvelopedDataGenerator.DES_EDE3_CBC);
583:
584: if (it.hasNext()) {
585: RecipientInformation recipient = (RecipientInformation) it
586: .next();
587:
588: assertEquals(algOid.getId(), recipient
589: .getKeyEncryptionAlgOID());
590:
591: byte[] recData = recipient.getContent(kek, "BC");
592:
593: assertTrue(Arrays.equals(data, recData));
594: } else {
595: fail("no recipient found");
596: }
597: }
598:
599: public void testECKeyAgree() throws Exception {
600: byte[] data = Hex
601: .decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
602:
603: CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
604:
605: edGen.addKeyAgreementRecipient(
606: CMSEnvelopedDataGenerator.ECDH_SHA1KDF, _origEcKP
607: .getPrivate(), _origEcKP.getPublic(),
608: _reciEcCert, CMSEnvelopedDataGenerator.AES128_WRAP,
609: "BC");
610:
611: CMSEnvelopedData ed = edGen.generate(
612: new CMSProcessableByteArray(data),
613: CMSEnvelopedDataGenerator.AES128_CBC, "BC");
614:
615: RecipientInformationStore recipients = ed.getRecipientInfos();
616:
617: assertEquals(ed.getEncryptionAlgOID(),
618: CMSEnvelopedDataGenerator.AES128_CBC);
619:
620: Collection c = recipients.getRecipients();
621: Iterator it = c.iterator();
622:
623: if (it.hasNext()) {
624: RecipientInformation recipient = (RecipientInformation) it
625: .next();
626:
627: byte[] recData = recipient.getContent(_reciEcKP
628: .getPrivate(), "BC");
629: assertEquals(true, Arrays.equals(data, recData));
630: } else {
631: fail("no recipient found");
632: }
633: }
634:
635: public void testECKeyAgreeVectors() throws Exception {
636: PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(
637: ecKeyAgreeKey);
638: KeyFactory fact = KeyFactory.getInstance("ECDH", "BC");
639: PrivateKey privKey = fact.generatePrivate(privSpec);
640:
641: verifyECKeyAgreeVectors(privKey, "2.16.840.1.101.3.4.1.42",
642: ecKeyAgreeMsgAES256);
643: verifyECKeyAgreeVectors(privKey, "2.16.840.1.101.3.4.1.2",
644: ecKeyAgreeMsgAES128);
645: verifyECKeyAgreeVectors(privKey, "1.2.840.113549.3.7",
646: ecKeyAgreeMsgDESEDE);
647: }
648:
649: /*
650: public void testECMQVKeyAgreeVectors()
651: throws Exception
652: {
653: PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(ecKeyAgreeKey);
654: KeyFactory fact = KeyFactory.getInstance("ECDH", "BC");
655: PrivateKey privKey = fact.generatePrivate(privSpec);
656:
657: verifyECMQVKeyAgreeVectors(privKey, "2.16.840.1.101.3.4.1.2", ecMQVKeyAgreeMsgAES128);
658: }
659: */
660: public void testPasswordAES256() throws Exception {
661: passwordTest(CMSEnvelopedDataGenerator.AES256_CBC);
662: }
663:
664: public void testPasswordDESEDE() throws Exception {
665: passwordTest(CMSEnvelopedDataGenerator.DES_EDE3_CBC);
666: }
667:
668: public void testRFC4134ex5_1() throws Exception {
669: byte[] data = Hex
670: .decode("5468697320697320736f6d652073616d706c6520636f6e74656e742e");
671:
672: KeyFactory kFact = KeyFactory.getInstance("RSA", "BC");
673: Key key = kFact.generatePrivate(new PKCS8EncodedKeySpec(
674: bobPrivRsaEncrypt));
675:
676: CMSEnvelopedData ed = new CMSEnvelopedData(rfc4134ex5_1);
677:
678: RecipientInformationStore recipients = ed.getRecipientInfos();
679:
680: assertEquals("1.2.840.113549.3.7", ed.getEncryptionAlgOID());
681:
682: Collection c = recipients.getRecipients();
683: Iterator it = c.iterator();
684:
685: if (it.hasNext()) {
686: RecipientInformation recipient = (RecipientInformation) it
687: .next();
688:
689: byte[] recData = recipient.getContent(key, "BC");
690:
691: assertEquals(true, Arrays.equals(data, recData));
692: } else {
693: fail("no recipient found");
694: }
695: }
696:
697: public void testRFC4134ex5_2() throws Exception {
698: byte[] data = Hex
699: .decode("5468697320697320736f6d652073616d706c6520636f6e74656e742e");
700:
701: KeyFactory kFact = KeyFactory.getInstance("RSA", "BC");
702: Key key = kFact.generatePrivate(new PKCS8EncodedKeySpec(
703: bobPrivRsaEncrypt));
704:
705: CMSEnvelopedData ed = new CMSEnvelopedData(rfc4134ex5_2);
706:
707: RecipientInformationStore recipients = ed.getRecipientInfos();
708:
709: assertEquals("1.2.840.113549.3.2", ed.getEncryptionAlgOID());
710:
711: Collection c = recipients.getRecipients();
712: Iterator it = c.iterator();
713:
714: if (it.hasNext()) {
715: while (it.hasNext()) {
716: RecipientInformation recipient = (RecipientInformation) it
717: .next();
718: byte[] recData;
719:
720: if (recipient instanceof KeyTransRecipientInformation) {
721: recData = recipient.getContent(key, "BC");
722:
723: assertEquals(true, Arrays.equals(data, recData));
724: }
725: }
726: } else {
727: fail("no recipient found");
728: }
729: }
730:
731: public void testOriginatorInfo() throws Exception {
732: CMSEnvelopedData env = new CMSEnvelopedData(
733: CMSSampleMessages.originatorMessage);
734:
735: RecipientInformationStore recipients = env.getRecipientInfos();
736:
737: assertEquals(CMSEnvelopedDataGenerator.DES_EDE3_CBC, env
738: .getEncryptionAlgOID());
739:
740: }
741:
742: private void passwordTest(String algorithm) throws Exception {
743: byte[] data = Hex
744: .decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
745:
746: CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
747:
748: edGen.addPasswordRecipient(new PKCS5Scheme2PBEKey("password"
749: .toCharArray(), new byte[20], 5), algorithm);
750:
751: CMSEnvelopedData ed = edGen.generate(
752: new CMSProcessableByteArray(data),
753: CMSEnvelopedDataGenerator.AES128_CBC, "BC");
754:
755: RecipientInformationStore recipients = ed.getRecipientInfos();
756:
757: assertEquals(ed.getEncryptionAlgOID(),
758: CMSEnvelopedDataGenerator.AES128_CBC);
759:
760: Collection c = recipients.getRecipients();
761: Iterator it = c.iterator();
762:
763: if (it.hasNext()) {
764: RecipientInformation recipient = (RecipientInformation) it
765: .next();
766:
767: byte[] recData = recipient.getContent(
768: new PKCS5Scheme2PBEKey("password".toCharArray(),
769: new byte[20], 5), "BC");
770: assertEquals(true, Arrays.equals(data, recData));
771: } else {
772: fail("no recipient found");
773: }
774: }
775:
776: private void verifyECKeyAgreeVectors(PrivateKey privKey,
777: String wrapAlg, byte[] message) throws CMSException,
778: GeneralSecurityException {
779: byte[] data = Hex
780: .decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
781:
782: CMSEnvelopedData ed = new CMSEnvelopedData(message);
783:
784: RecipientInformationStore recipients = ed.getRecipientInfos();
785:
786: Collection c = recipients.getRecipients();
787: Iterator it = c.iterator();
788:
789: assertEquals(wrapAlg, ed.getEncryptionAlgOID());
790:
791: if (it.hasNext()) {
792: RecipientInformation recipient = (RecipientInformation) it
793: .next();
794:
795: assertEquals("1.3.133.16.840.63.0.2", recipient
796: .getKeyEncryptionAlgOID());
797:
798: byte[] recData = recipient.getContent(privKey, "BC");
799:
800: assertTrue(Arrays.equals(data, recData));
801: } else {
802: fail("no recipient found");
803: }
804: }
805:
806: private void verifyECMQVKeyAgreeVectors(PrivateKey privKey,
807: String wrapAlg, byte[] message) throws CMSException,
808: GeneralSecurityException {
809: byte[] data = Hex
810: .decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
811:
812: CMSEnvelopedData ed = new CMSEnvelopedData(message);
813:
814: RecipientInformationStore recipients = ed.getRecipientInfos();
815:
816: Collection c = recipients.getRecipients();
817: Iterator it = c.iterator();
818:
819: assertEquals(wrapAlg, ed.getEncryptionAlgOID());
820:
821: if (it.hasNext()) {
822: RecipientInformation recipient = (RecipientInformation) it
823: .next();
824:
825: assertEquals("1.3.133.16.840.63.0.16", recipient
826: .getKeyEncryptionAlgOID());
827:
828: byte[] recData = recipient.getContent(privKey, "BC");
829:
830: assertTrue(Arrays.equals(data, recData));
831: } else {
832: fail("no recipient found");
833: }
834: }
835: }
|