Exemple #1
0
  public void testKEKDESede() throws Exception {
    tryKekAlgorithm(
        CMSTestUtil.makeDesede192Key(), new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.3.6"));

    DEROctetString iv = new DEROctetString(Hex.decode("0001020304050607"));
    tryKekAlgorithm(
        CMSTestUtil.makeDesede192Key(),
        new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.3.6"),
        iv.getEncoded());
  }
Exemple #2
0
  private void init() throws Exception {
    if (!_initialised) {
      _initialised = true;

      _origDN = "O=Bouncy Castle, C=AU";
      _origKP = CMSTestUtil.makeKeyPair();
      _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _origKP, _origDN);

      _signDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU";
      _signKP = CMSTestUtil.makeKeyPair();
      _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _origKP, _origDN);
    }
  }
Exemple #3
0
  private static void init() throws Exception {
    if (!_initialised) {
      _initialised = true;
      Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

      _signDN = "O=Bouncy Castle, C=AU";
      _signKP = CMSTestUtil.makeKeyPair();
      _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _signKP, _signDN);

      _origDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU";
      _origKP = CMSTestUtil.makeKeyPair();
      _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _signKP, _signDN);

      _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU";
      _reciKP = CMSTestUtil.makeKeyPair();
      _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN);

      _origEcKP = CMSTestUtil.makeEcDsaKeyPair();
      _reciEcKP = CMSTestUtil.makeEcDsaKeyPair();
      _reciEcCert = CMSTestUtil.makeCertificate(_reciEcKP, _reciDN, _signKP, _signDN);
    }
  }
Exemple #4
0
  public void testCMSAlgorithmProtection() throws Exception {
    byte[] data = "Eric H. Echidna".getBytes();

    CMSAuthenticatedDataGenerator adGen = new CMSAuthenticatedDataGenerator();
    DigestCalculatorProvider calcProvider =
        new JcaDigestCalculatorProviderBuilder().setProvider(BC).build();

    byte[] kekId = new byte[] {1, 2, 3, 4, 5};
    SecretKey kek = CMSTestUtil.makeDesede192Key();

    adGen.addRecipientInfoGenerator(new JceKEKRecipientInfoGenerator(kekId, kek).setProvider(BC));

    CMSAuthenticatedData ad =
        adGen.generate(
            new CMSProcessableByteArray(data),
            new JceCMSMacCalculatorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build(),
            calcProvider.get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)));

    checkData(data, kek, ad);

    ContentInfo adInfo = ad.toASN1Structure();
    AuthenticatedData iAd =
        AuthenticatedData.getInstance(adInfo.getContent().toASN1Primitive().getEncoded());

    try {
      new CMSAuthenticatedData(
          new ContentInfo(
              CMSObjectIdentifiers.authenticatedData,
              new AuthenticatedData(
                  iAd.getOriginatorInfo(),
                  iAd.getRecipientInfos(),
                  iAd.getMacAlgorithm(),
                  new AlgorithmIdentifier(TeleTrusTObjectIdentifiers.ripemd160, DERNull.INSTANCE),
                  iAd.getEncapsulatedContentInfo(),
                  iAd.getAuthAttrs(),
                  iAd.getMac(),
                  iAd.getUnauthAttrs())),
          calcProvider);
    } catch (CMSException e) {
      Assert.assertEquals(
          e.getMessage(), "CMS Algorithm Identifier Protection check failed for digestAlgorithm");
    }

    AlgorithmIdentifier newDigAlgId =
        new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE);
    Assert.assertFalse(iAd.getDigestAlgorithm().equals(newDigAlgId));
    checkData(
        data,
        kek,
        new CMSAuthenticatedData(
            new ContentInfo(
                CMSObjectIdentifiers.authenticatedData,
                new AuthenticatedData(
                    iAd.getOriginatorInfo(),
                    iAd.getRecipientInfos(),
                    iAd.getMacAlgorithm(),
                    newDigAlgId,
                    iAd.getEncapsulatedContentInfo(),
                    iAd.getAuthAttrs(),
                    iAd.getMac(),
                    iAd.getUnauthAttrs())),
            calcProvider));

    try {
      new CMSAuthenticatedData(
          new ContentInfo(
              CMSObjectIdentifiers.authenticatedData,
              new AuthenticatedData(
                  iAd.getOriginatorInfo(),
                  iAd.getRecipientInfos(),
                  new AlgorithmIdentifier(CMSAlgorithm.AES192_CBC),
                  iAd.getDigestAlgorithm(),
                  iAd.getEncapsulatedContentInfo(),
                  iAd.getAuthAttrs(),
                  iAd.getMac(),
                  iAd.getUnauthAttrs())),
          calcProvider);
    } catch (CMSException e) {
      Assert.assertEquals(
          e.getMessage(), "CMS Algorithm Identifier Protection check failed for macAlgorithm");
    }

    try {
      AlgorithmIdentifier newMacAlgId = new AlgorithmIdentifier(CMSAlgorithm.DES_EDE3_CBC);
      Assert.assertFalse(iAd.getMacAlgorithm().equals(newMacAlgId));
      new CMSAuthenticatedData(
          new ContentInfo(
              CMSObjectIdentifiers.authenticatedData,
              new AuthenticatedData(
                  iAd.getOriginatorInfo(),
                  iAd.getRecipientInfos(),
                  newMacAlgId,
                  iAd.getDigestAlgorithm(),
                  iAd.getEncapsulatedContentInfo(),
                  iAd.getAuthAttrs(),
                  iAd.getMac(),
                  iAd.getUnauthAttrs())),
          calcProvider);
    } catch (CMSException e) {
      Assert.assertEquals(
          e.getMessage(), "CMS Algorithm Identifier Protection check failed for macAlgorithm");
    }
  }
Exemple #5
0
 public void testKEKDESedeWithDigest() throws Exception {
   tryKekAlgorithmWithDigest(
       CMSTestUtil.makeDesede192Key(), new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.3.6"));
 }