org.bouncycastle.cms.KEKRecipientInfoGenerator Maven / Gradle / Ivy
package org.bouncycastle.cms;
import java.security.GeneralSecurityException;
import java.security.Provider;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.cms.KEKIdentifier;
import org.bouncycastle.asn1.cms.KEKRecipientInfo;
import org.bouncycastle.asn1.cms.RecipientInfo;
import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
class KEKRecipientInfoGenerator
implements RecipientInfoGenerator
{
// IssuerAndSerialNumber encSid;
// AlgorithmIdentifier keyEncAlg;
// ASN1OctetString subKeyId;
private SecretKey wrapKey;
private KEKIdentifier secKeyId;
// Derived
private AlgorithmIdentifier keyEncAlg;
KEKRecipientInfoGenerator()
{
}
void setWrapKey(SecretKey wrapKey)
{
this.wrapKey = wrapKey;
this.keyEncAlg = determineKeyEncAlg(wrapKey);
}
void setKEKIdentifier(KEKIdentifier kekIdentifier)
{
this.secKeyId = kekIdentifier;
}
public RecipientInfo generate(SecretKey key, SecureRandom random,
Provider prov) throws GeneralSecurityException
{
Cipher keyCipher = CMSEnvelopedHelper.INSTANCE.createAsymmetricCipher(
keyEncAlg.getObjectId().getId(), prov);
// TODO Should we try alternate ways of wrapping?
// (see KeyTransRecipientInfoGenerator.generate)
keyCipher.init(Cipher.WRAP_MODE, wrapKey, random);
ASN1OctetString encKey = new DEROctetString(keyCipher.wrap(key));
return new RecipientInfo(new KEKRecipientInfo(secKeyId, keyEncAlg, encKey));
}
private static AlgorithmIdentifier determineKeyEncAlg(SecretKey key)
{
String algorithm = key.getAlgorithm();
if (algorithm.startsWith("DES"))
{
return new AlgorithmIdentifier(new DERObjectIdentifier(
"1.2.840.113549.1.9.16.3.6"), new DERNull());
}
else if (algorithm.startsWith("RC2"))
{
return new AlgorithmIdentifier(new DERObjectIdentifier(
"1.2.840.113549.1.9.16.3.7"), new DERInteger(58));
}
else if (algorithm.startsWith("AES"))
{
int length = key.getEncoded().length * 8;
DERObjectIdentifier wrapOid;
if (length == 128)
{
wrapOid = NISTObjectIdentifiers.id_aes128_wrap;
}
else if (length == 192)
{
wrapOid = NISTObjectIdentifiers.id_aes192_wrap;
}
else if (length == 256)
{
wrapOid = NISTObjectIdentifiers.id_aes256_wrap;
}
else
{
throw new IllegalArgumentException("illegal keysize in AES");
}
return new AlgorithmIdentifier(wrapOid); // parameters absent
}
else if (algorithm.startsWith("SEED"))
{
// parameters absent
return new AlgorithmIdentifier(
KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap);
}
else if (algorithm.startsWith("Camellia"))
{
int length = key.getEncoded().length * 8;
DERObjectIdentifier wrapOid;
if (length == 128)
{
wrapOid = NTTObjectIdentifiers.id_camellia128_wrap;
}
else if (length == 192)
{
wrapOid = NTTObjectIdentifiers.id_camellia192_wrap;
}
else if (length == 256)
{
wrapOid = NTTObjectIdentifiers.id_camellia256_wrap;
}
else
{
throw new IllegalArgumentException(
"illegal keysize in Camellia");
}
return new AlgorithmIdentifier(wrapOid); // parameters must be
// absent
}
else
{
throw new IllegalArgumentException("unknown algorithm");
}
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy