demo.cms.ecc

Class EdDHAuthenticatedDataDemo

java.lang.Object

demo.cms.ecc.EdDHAuthenticatedDataDemo

public class EdDHAuthenticatedDataDemo
extends java.lang.Object

Demonstrates the usage of class AuthenticatedDataStream, AuthenticatedData and AuthenticatedDataOutputStream for authenticated data with the CMS content type AuthenticatedData using the Elliptic Curve Diffie-Hellman (ECDH) key agreement algorithm with curve25519 and curve448 according to RFC 5652 and RFC 8418.

Any keys/certificates required for this demo are read from a keystore file "cmsecc.keystore" located in your current working directory. If the keystore file does not exist you can create it by running the SetupCMSEccKeyStore program.

Additionally to iaik_cms.jar you also must have iaik_jce_(full).jar (IAIK-JCE, https://sic.tech/products/core-crypto-toolkits/jca-jce/), and iaik_eccelarate.jar (IAIK-ECCelerate^TM, https://sic.tech/products/core-crypto-toolkits/eccelerate/) in your classpath..

See Also:

AuthenticatedDataStream, AuthenticatedData, AuthenticatedDataOutputStream, RecipientInfo, KeyAgreeRecipientInfo

Constructor Summary

Constructors

Constructor and Description
EdDHAuthenticatedDataDemo() Setup the demo certificate chains.

Method Summary

Modifier and Type	Method and Description
byte[]	createAuthenticatedData(byte[] message, iaik.asn1.structures.AlgorithmID macAlgorithm, int macKeyLength, iaik.asn1.structures.AlgorithmID digestAlgorithm, int mode, iaik.asn1.structures.AlgorithmID keyEA, iaik.asn1.structures.AlgorithmID keyWrapAlg, int kekLength) Creates a CMS AuthenticatedData for the given message message.
byte[]	createAuthenticatedDataOutputStream(byte[] message, iaik.asn1.structures.AlgorithmID macAlgorithm, int macKeyLength, iaik.asn1.structures.AlgorithmID digestAlgorithm, int mode, iaik.asn1.structures.AlgorithmID keyEA, iaik.asn1.structures.AlgorithmID keyWrapAlg, int kekLength) Creates a CMS AuthenticatedData message using the AuthenticatedDataOutputStream class.
byte[]	createAuthenticatedDataStream(byte[] message, iaik.asn1.structures.AlgorithmID macAlgorithm, int macKeyLength, iaik.asn1.structures.AlgorithmID digestAlgorithm, int mode, iaik.asn1.structures.AlgorithmID keyEA, iaik.asn1.structures.AlgorithmID keyWrapAlg, int kekLength) Creates a CMS AuthenticatedDataStream for the given message message.
iaik.cms.RecipientInfo[]	createRecipients(iaik.asn1.structures.AlgorithmID keyEA, iaik.asn1.structures.AlgorithmID keyWrapAlg, int kekLength) Creates the RecipientInfos.
byte[]	getAuthenticatedData(byte[] encoding, byte[] message, java.security.Key key, int recipientInfoIndex) Decrypts the encrypted MAC key for the recipient identified by its index into the recipientInfos field and uses the MAC key to verify the authenticated data.
byte[]	getAuthenticatedData(byte[] encoding, byte[] message, java.security.Key key, iaik.cms.KeyIdentifier recipientID) Decrypts the encrypted content of the given AuthenticatedData object for the recipient identified by recipient identifier.
byte[]	getAuthenticatedData(byte[] encoding, byte[] message, java.security.Key key, iaik.x509.X509Certificate recipientCert) Decrypts the encrypted content of the given AuthenticatedData object for the recipient identified by its recipient certificate.
byte[]	getAuthenticatedDataStream(byte[] encoding, byte[] message, java.security.Key key, int recipientInfoIndex) Decrypts the encrypted MAC key for the recipient identified by its index into the recipientInfos field and uses the MAC key to verify the authenticated data.
byte[]	getAuthenticatedDataStream(byte[] encoding, byte[] message, java.security.Key key, iaik.cms.KeyIdentifier recipientID) Decrypts the encrypted content of the given AuthenticatedData object for the recipient identified by recipient identifier.
byte[]	getAuthenticatedDataStream(byte[] encoding, byte[] message, java.security.Key key, iaik.x509.X509Certificate recipientCert) Decrypts the encrypted content of the given AuthenticatedData object for the recipient identified by its recipient certificate.
static void	main(java.lang.String[] argv) Main method.
void	parseAuthenticatedDataWithRecipientCert(boolean stream, byte[] encodedAuthenticatedData, byte[] message) Parses an AuthenticatedData and decrypts the content for all test recipients using their recipient certificate for identifying the recipient.
void	parseAuthenticatedDataWithRecipientIdentifier(boolean stream, byte[] encodedAuthenticatedData, byte[] message) Parses an AuthenticatedData, decrypts the mac keys for all test recipients using their recipient identifiers for identifying the recipient and verifies the content mac.
void	parseAuthenticatedDataWithRecipientInfoIndex(boolean stream, byte[] encodedAuthenticatedData, byte[] message) Parses an AuthenticatedData and decrypts the content for all test recipients using the index into the recipientInfos field for identifying the recipient.
void	start() Starts the test.
void	start(iaik.asn1.structures.AlgorithmID keyEA, iaik.asn1.structures.AlgorithmID keyWrapAlg, int kekLength) Starts the test for the given content-authenticated encryption algorithm.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

EdDHAuthenticatedDataDemo

public EdDHAuthenticatedDataDemo()
                          throws java.io.IOException

Setup the demo certificate chains. Keys and certificates are retrieved from the demo KeyStore ("cms.keystore") file which has to be located in your current working directory and may be created by running SetupCMSKeyStore.

Throws:

java.io.IOException - if an file read error occurs

Method Detail

createAuthenticatedDataStream

public byte[] createAuthenticatedDataStream(byte[] message,
                                            iaik.asn1.structures.AlgorithmID macAlgorithm,
                                            int macKeyLength,
                                            iaik.asn1.structures.AlgorithmID digestAlgorithm,
                                            int mode,
                                            iaik.asn1.structures.AlgorithmID keyEA,
                                            iaik.asn1.structures.AlgorithmID keyWrapAlg,
                                            int kekLength)
                                     throws iaik.cms.CMSException,
                                            java.io.IOException

Creates a CMS AuthenticatedDataStream for the given message message.

Parameters:

message - the message to be authenticated, as byte representation

macAlgorithm - the mac algorithm to be used

macKeyLength - the length of the temporary MAC key to be generated

digestAlgorithm - the digest algorithm to be used to calculate a digest from the content if authenticated attributes should be included

mode - whether to include the content into the AuthenticatedData (implicit) or to not include it (explicit)

keyEA - the key encryption (key agreement) algorithm used for creating a shared key encryption key for encrypting the secret mac key with it

keyWrapAlg - the key wrap algorithm to be used for wrapping (encrypting) the mac key

kekLength - the length of the key encryption key to be created for encrypting the content encryption key with it

Returns:

the BER encoding of the AuthenticatedData object just created

Throws:

iaik.cms.CMSException - if the AuthenticatedData object cannot be created

java.io.IOException - if an I/O error occurs

createAuthenticatedDataOutputStream

public byte[] createAuthenticatedDataOutputStream(byte[] message,
                                                  iaik.asn1.structures.AlgorithmID macAlgorithm,
                                                  int macKeyLength,
                                                  iaik.asn1.structures.AlgorithmID digestAlgorithm,
                                                  int mode,
                                                  iaik.asn1.structures.AlgorithmID keyEA,
                                                  iaik.asn1.structures.AlgorithmID keyWrapAlg,
                                                  int kekLength)
                                           throws iaik.cms.CMSException,
                                                  java.io.IOException

Creates a CMS AuthenticatedData message using the AuthenticatedDataOutputStream class.

Parameters:

message - the message to be authenticated, as byte representation

macAlgorithm - the mac algorithm to be used

macKeyLength - the length of the temporary MAC key to be generated

digestAlgorithm - the digest algorithm to be used to calculate a digest from the content if authenticated attributes should be included

mode - whether to include the content into the AuthenticatedData (implicit) or to not include it (explicit)

keyEA - the key encryption (key agreement) algorithm used for creating a shared key encryption key for encrypting the secret mac key with it

keyWrapAlg - the key wrap algorithm to be used for wrapping (encrypting) the mac key

kekLength - the length of the key encryption key to be created for encrypting the content encryption key with it

Returns:

the BER encoding of the AuthenticatedData object just created

Throws:

iaik.cms.CMSException - if the AuthenticatedData object cannot be created

java.io.IOException - if an I/O error occurs

getAuthenticatedDataStream

public byte[] getAuthenticatedDataStream(byte[] encoding,
                                         byte[] message,
                                         java.security.Key key,
                                         int recipientInfoIndex)
                                  throws iaik.cms.CMSException,
                                         java.io.IOException

Decrypts the encrypted MAC key for the recipient identified by its index into the recipientInfos field and uses the MAC key to verify the authenticated data.

This way of decrypting the MAC key and verifying the content requires to know at what index of the recipientInfos field the RecipientInfo for the particular recipient in mind can be found. For RecipientInfos of type KeyAgreeRecipientInfo some processing overhead may take place because a KeyAgreeRecipientInfo may contain encrypted mac keys for more than only one recipient; since the recipientInfoIndex only specifies the RecipientInfo but not the encrypted mac key -- if there are more than only one -- repeated decryption runs may be required as long as the decryption process completes successfully.

Parameters:

encoding - the AuthenticatedData object as BER encoded byte array

message - the content message, if transmitted by other means (explicit mode)

key - the key to decrypt the mac key

recipientInfoIndex - the index of the right RecipientInfo to which the given key belongs

Returns:

the verified message, as byte array

Throws:

iaik.cms.CMSException - if the authenticated data cannot be verified

java.io.IOException - if a stream read/write error occurs

getAuthenticatedDataStream

public byte[] getAuthenticatedDataStream(byte[] encoding,
                                         byte[] message,
                                         java.security.Key key,
                                         iaik.cms.KeyIdentifier recipientID)
                                  throws iaik.cms.CMSException,
                                         java.io.IOException

Decrypts the encrypted content of the given AuthenticatedData object for the recipient identified by recipient identifier.

This way of decrypting the content may be used for any type of RecipientInfo (KeyTransRecipientInfo, KeyAgreeRecipientInfo, KEKRecipientInfo). The recipient in mind is identified by its recipient identifier.

Parameters:

encoding - the DER encoeded AuthenticatedData object#

message - the content message, if transmitted by other means (explicit mode)

key - the key to decrypt the message

recipientID - the recipient identifier uniquely identifying the key of the recipient

Returns:

the recovered message, as byte array

Throws:

iaik.cms.CMSException - if the message cannot be recovered

java.io.IOException - if an I/O error occurs

getAuthenticatedDataStream

public byte[] getAuthenticatedDataStream(byte[] encoding,
                                         byte[] message,
                                         java.security.Key key,
                                         iaik.x509.X509Certificate recipientCert)
                                  throws iaik.cms.CMSException,
                                         java.io.IOException

Decrypts the encrypted content of the given AuthenticatedData object for the recipient identified by its recipient certificate.

Parameters:

encoding - the AuthenticatedData object as DER encoded byte array

message - the content message, if transmitted by other means (explicit mode)

key - the key to decrypt the message

recipientCert - the certificate of the recipient having a RecipientInfo of type KeyTransRecipientInfo or KeyAgreeRecipientInfo

Returns:

the recovered message, as byte array

Throws:

iaik.cms.CMSException - if the message cannot be recovered

java.io.IOException - if a stream read/write error occurs

createAuthenticatedData

public byte[] createAuthenticatedData(byte[] message,
                                      iaik.asn1.structures.AlgorithmID macAlgorithm,
                                      int macKeyLength,
                                      iaik.asn1.structures.AlgorithmID digestAlgorithm,
                                      int mode,
                                      iaik.asn1.structures.AlgorithmID keyEA,
                                      iaik.asn1.structures.AlgorithmID keyWrapAlg,
                                      int kekLength)
                               throws iaik.cms.CMSException

Creates a CMS AuthenticatedData for the given message message.

Parameters:

message - the message to be authenticated, as byte representation

macAlgorithm - the mac algorithm to be used

macKeyLength - the length of the temporary MAC key to be generated

digestAlgorithm - the digest algorithm to be used to calculate a digest from the content if authenticated attributes should be included

mode - whether to include the content into the AuthenticatedData (implicit) or to not include it (explicit)

keyEA - the key encryption (key agreement) algorithm used for creating a shared key encryption key for encrypting the secret mac key with it

keyWrapAlg - the key wrap algorithm to be used for wrapping (encrypting) the mac key

kekLength - the length of the key encryption key to be created for encrypting the content encryption key with it

Returns:

the BER encoding of the AuthenticatedData object just created

Throws:

iaik.cms.CMSException - if the AuthenticatedData object cannot be created

getAuthenticatedData

public byte[] getAuthenticatedData(byte[] encoding,
                                   byte[] message,
                                   java.security.Key key,
                                   int recipientInfoIndex)
                            throws iaik.cms.CMSException,
                                   java.io.IOException

Decrypts the encrypted MAC key for the recipient identified by its index into the recipientInfos field and uses the MAC key to verify the authenticated data.

This way of decrypting the MAC key and verifying the content requires to know at what index of the recipientInfos field the RecipientInfo for the particular recipient in mind can be found. For RecipientInfos of type KeyAgreeRecipientInfo some processing overhead may take place because a KeyAgreeRecipientInfo may contain encrypted mac keys for more than only one recipient; since the recipientInfoIndex only specifies the RecipientInfo but not the encrypted mac key -- if there are more than only one -- repeated decryption runs may be required as long as the decryption process completes successfully.

Parameters:

encoding - the AuthenticatedData object as BER encoded byte array

message - the content message, if transmitted by other means (explicit mode)

key - the key to decrypt the mac key

recipientInfoIndex - the index of the right RecipientInfo to which the given key belongs

Returns:

the verified message, as byte array

Throws:

iaik.cms.CMSException - if the authenticated data cannot be verified

java.io.IOException - if a IO read/write error occurs

getAuthenticatedData

public byte[] getAuthenticatedData(byte[] encoding,
                                   byte[] message,
                                   java.security.Key key,
                                   iaik.cms.KeyIdentifier recipientID)
                            throws iaik.cms.CMSException,
                                   java.io.IOException

Decrypts the encrypted content of the given AuthenticatedData object for the recipient identified by recipient identifier.

This way of decrypting the content may be used for any type of RecipientInfo (KeyTransRecipientInfo, KeyAgreeRecipientInfo, KEKRecipientInfo). The recipient in mind is identified by its recipient identifier.

Parameters:

encoding - the DER encoeded AuthenticatedData object#

message - the content message, if transmitted by other means (explicit mode)

key - the key to decrypt the message

recipientID - the recipient identifier uniquely identifying the key of the recipient

Returns:

the recovered message, as byte array

Throws:

iaik.cms.CMSException - if the message cannot be recovered

java.io.IOException - if an I/O error occurs

getAuthenticatedData

public byte[] getAuthenticatedData(byte[] encoding,
                                   byte[] message,
                                   java.security.Key key,
                                   iaik.x509.X509Certificate recipientCert)
                            throws iaik.cms.CMSException,
                                   java.io.IOException

Decrypts the encrypted content of the given AuthenticatedData object for the recipient identified by its recipient certificate.

Parameters:

encoding - the DER encoded AuthenticatedData ASN.1 object

message - the content message, if transmitted by other means (explicit mode)

key - the key to decrypt the message

recipientCert - the certificate of the recipient having a RecipientInfo of type KeyTransRecipientInfo or KeyAgreeRecipientInfo

Returns:

the recovered message, as byte array

Throws:

iaik.cms.CMSException - if the message cannot be recovered

java.io.IOException

createRecipients

public iaik.cms.RecipientInfo[] createRecipients(iaik.asn1.structures.AlgorithmID keyEA,
                                                 iaik.asn1.structures.AlgorithmID keyWrapAlg,
                                                 int kekLength)
                                          throws iaik.cms.CMSException

Creates the RecipientInfos.

Parameters:

keyEA - the key encryption (key agreement) algorithm used for creating a shared key encryption key for encrypting the secret content encryption key with it

keyWrapAlg - the key wrap algorithm to be used for wrapping (encrypting) the content encryption key

kekLength - the length of the key encryption key to be created for encrypting the content encryption key with it

Returns:

the RecipientInfos created, two KeyAgreeRecipientInfos

Throws:

iaik.cms.CMSException - if an error occurs when creating the recipient infos

parseAuthenticatedDataWithRecipientInfoIndex

public void parseAuthenticatedDataWithRecipientInfoIndex(boolean stream,
                                                         byte[] encodedAuthenticatedData,
                                                         byte[] message)
                                                  throws java.lang.Exception

Parses an AuthenticatedData and decrypts the content for all test recipients using the index into the recipientInfos field for identifying the recipient.

Parameters:

stream - whether to use AuthenticatedDataStream or AuthenticatedData

encodedAuthenticatedData - the encoded AuthenticatedData object

message - the content message, if transmitted by other means (explicit mode)

Throws:

java.lang.Exception - if some error occurs during mac key decryption / mac verification

parseAuthenticatedDataWithRecipientIdentifier

public void parseAuthenticatedDataWithRecipientIdentifier(boolean stream,
                                                          byte[] encodedAuthenticatedData,
                                                          byte[] message)
                                                   throws java.lang.Exception

Parses an AuthenticatedData, decrypts the mac keys for all test recipients using their recipient identifiers for identifying the recipient and verifies the content mac.

Parameters:

stream - whether to use AuthenticatedDataStream or AuthenticatedData

encodedAuthenticatedData - the encoded AuthenticatedData object

message - the content message, if transmitted by other means (explicit mode)

Throws:

java.lang.Exception - if some error occurs during mac key decryption / mac verification

parseAuthenticatedDataWithRecipientCert

public void parseAuthenticatedDataWithRecipientCert(boolean stream,
                                                    byte[] encodedAuthenticatedData,
                                                    byte[] message)
                                             throws java.lang.Exception

Parses an AuthenticatedData and decrypts the content for all test recipients using their recipient certificate for identifying the recipient.

Parameters:

stream - whether to use AuthenticatedDataStream or AuthenticatedDatas

encodedAuthenticatedData - the encoded AuthenticatedData object

Throws:

java.lang.Exception - if some error occurs during decoding/decryption

start

public void start()

Starts the test.

start

public void start(iaik.asn1.structures.AlgorithmID keyEA,
                  iaik.asn1.structures.AlgorithmID keyWrapAlg,
                  int kekLength)

Starts the test for the given content-authenticated encryption algorithm.

Parameters:

keyEA - the key encryption (key agreement) algorithm used for creating a shared key encryption key for encrypting the secret content encryption key with it

keyWrapAlg - the key wrap algorithm to be used for wrapping (encrypting) the content encryption key

kekLength - the length of the key encryption key to be created for encrypting the content encryption key with it

main

public static void main(java.lang.String[] argv)
                 throws java.lang.Exception

Main method.

Throws:

java.io.IOException - if an I/O error occurs when reading required keys and certificates from files

java.lang.Exception