Add auth enveloped recipients for KEK and KeyAgree

Currently it is possible to use CMSAuthEnvelopedDataParser only with
KeyTrans. This adds support for KEK and KeyAgree. The AEADInputDecryptor
is separated to CMSInputAEADDecryptor as it is the same for all
recipient types. A new test is added to properly test
CMSAuthEnvelopedDataParser usage.

Author: bukka

pkix/src/main/java/org/bouncycastle/cms/CMSInputAEADDecryptor.java

@@ -0,0 +1,78 @@
+package org.bouncycastle.cms;
+
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.cms.jcajce.JceKEKAuthEnvelopedRecipient;
+import org.bouncycastle.jcajce.io.CipherInputStream;
+import org.bouncycastle.operator.InputAEADDecryptor;
+
+import javax.crypto.Cipher;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+public class CMSInputAEADDecryptor
+        implements InputAEADDecryptor
+{
+    final AlgorithmIdentifier contentEncryptionAlgorithm;
+
+    final Cipher dataCipher;
+
+    private InputStream inputStream;
+
+    public CMSInputAEADDecryptor(AlgorithmIdentifier contentEncryptionAlgorithm, Cipher dataCipher)
+    {
+        this.contentEncryptionAlgorithm = contentEncryptionAlgorithm;
+        this.dataCipher = dataCipher;
+    }
+
+    public AlgorithmIdentifier getAlgorithmIdentifier()
+    {
+        return contentEncryptionAlgorithm;
+    }
+
+    public InputStream getInputStream(InputStream dataIn)
+    {
+        inputStream = dataIn;
+        return new CipherInputStream(dataIn, dataCipher);
+    }
+
+    public OutputStream getAADStream()
+    {
+        return new AADStream(dataCipher);
+    }
+
+    public byte[] getMAC()
+    {
+        if (inputStream instanceof InputStreamWithMAC)
+        {
+            return ((InputStreamWithMAC)inputStream).getMAC();
+        }
+        return null;
+    }
+
+    private static class AADStream
+            extends OutputStream
+    {
+        private Cipher cipher;
+        private byte[] oneByte = new byte[1];
+
+        public AADStream(Cipher cipher)
+        {
+            this.cipher = cipher;
+        }
+
+        public void write(byte[] buf, int off, int len)
+                throws IOException
+        {
+            cipher.updateAAD(buf, off, len);
+        }
+
+        public void write(int b)
+                throws IOException
+        {
+            oneByte[0] = (byte)b;
+
+            cipher.updateAAD(oneByte);
+        }
+    }
+}

pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKEKAuthEnvelopedRecipient.java

@@ -0,0 +1,29 @@
+package org.bouncycastle.cms.jcajce;
+
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.cms.CMSException;
+import org.bouncycastle.cms.CMSInputAEADDecryptor;
+import org.bouncycastle.cms.RecipientOperator;
+
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import java.security.Key;
+
+public class JceKEKAuthEnvelopedRecipient
+        extends JceKEKRecipient
+{
+    public JceKEKAuthEnvelopedRecipient(SecretKey recipientKey)
+    {
+        super(recipientKey);
+    }
+
+    public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentEncryptionKey)
+            throws CMSException
+    {
+        Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentEncryptionAlgorithm, encryptedContentEncryptionKey);
+
+        final Cipher dataCipher = contentHelper.createContentCipher(secretKey, contentEncryptionAlgorithm);
+
+        return new RecipientOperator(new CMSInputAEADDecryptor(contentEncryptionAlgorithm, dataCipher));
+    }
+}

pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeAuthEnvelopedRecipient.java

@@ -0,0 +1,31 @@
+package org.bouncycastle.cms.jcajce;
+
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.cms.CMSException;
+import org.bouncycastle.cms.CMSInputAEADDecryptor;
+import org.bouncycastle.cms.RecipientOperator;
+
+import javax.crypto.Cipher;
+import java.security.Key;
+import java.security.PrivateKey;
+
+public class JceKeyAgreeAuthEnvelopedRecipient
+        extends JceKeyAgreeRecipient
+{
+    public JceKeyAgreeAuthEnvelopedRecipient(PrivateKey recipientKey)
+    {
+        super(recipientKey);
+    }
+
+    public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentEncryptionAlgorithm, SubjectPublicKeyInfo senderPublicKey, ASN1OctetString userKeyingMaterial, byte[] encryptedContentKey)
+            throws CMSException
+    {
+        Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentEncryptionAlgorithm, senderPublicKey, userKeyingMaterial, encryptedContentKey);
+
+        final Cipher dataCipher = contentHelper.createContentCipher(secretKey, contentEncryptionAlgorithm);
+
+        return new RecipientOperator(new CMSInputAEADDecryptor(contentEncryptionAlgorithm, dataCipher));
+    }
+}

pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyTransAuthEnvelopedRecipient.java

@@ -1,19 +1,14 @@
 package org.bouncycastle.cms.jcajce;
 
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
 import java.security.Key;
 import java.security.PrivateKey;
 
 import javax.crypto.Cipher;
 
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.InputStreamWithMAC;
+import org.bouncycastle.cms.CMSInputAEADDecryptor;
 import org.bouncycastle.cms.RecipientOperator;
-import org.bouncycastle.jcajce.io.CipherInputStream;
-import org.bouncycastle.operator.InputAEADDecryptor;
 
 public class JceKeyTransAuthEnvelopedRecipient
     extends JceKeyTransRecipient
@@ -30,60 +25,6 @@ public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionA
 
         final Cipher dataCipher = contentHelper.createContentCipher(secretKey, contentEncryptionAlgorithm);
 
-        return new RecipientOperator(new InputAEADDecryptor()
-        {
-            private InputStream inputStream;
-
-            public AlgorithmIdentifier getAlgorithmIdentifier()
-            {
-                return contentEncryptionAlgorithm;
-            }
-
-            public InputStream getInputStream(InputStream dataIn)
-            {
-                inputStream = dataIn;
-                return new CipherInputStream(dataIn, dataCipher);
-            }
-
-            public OutputStream getAADStream()
-            {
-                return new AADStream(dataCipher);
-            }
-
-            public byte[] getMAC()
-            {
-                if (inputStream instanceof InputStreamWithMAC)
-                {
-                    return ((InputStreamWithMAC)inputStream).getMAC();
-                }
-                return null;
-            }
-        });
-    }
-
-    private static class AADStream
-        extends OutputStream
-    {
-        private Cipher cipher;
-        private byte[] oneByte = new byte[1];
-
-        public AADStream(Cipher cipher)
-        {
-            this.cipher = cipher;
-        }
-
-        public void write(byte[] buf, int off, int len)
-            throws IOException
-        {
-            cipher.updateAAD(buf, off, len);
-        }
-
-        public void write(int b)
-            throws IOException
-        {
-            oneByte[0] = (byte)b;
-
-            cipher.updateAAD(oneByte);
-        }
+        return new RecipientOperator(new CMSInputAEADDecryptor(contentEncryptionAlgorithm, dataCipher));
     }
 }

pkix/src/test/java/org/bouncycastle/cms/test/AllTests.java

@@ -28,6 +28,7 @@ public static Test suite()
         suite.addTest(NewAuthenticatedDataStreamTest.suite());
         suite.addTest(NewCompressedDataStreamTest.suite());
         suite.addTest(NewSignedDataStreamTest.suite());
+        suite.addTest(NewAuthEnvelopedDataStreamTest.suite());
         suite.addTest(NewEnvelopedDataStreamTest.suite());
         suite.addTest(AuthEnvelopedDataTest.suite());