added implementation of the direct method for doing POP on a KEM key using challenge/response based on RFC 9810 EnvelopedData.

Author: dghgit

core/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java

@@ -48,6 +48,14 @@ public void add(ASN1Encodable element)
         this.elementCount = minCapacity;
     }
 
+    public void addOptional(ASN1Encodable element)
+    {
+        if (element != null)
+        {
+            this.add(element);
+        }
+    }
+
     public void addAll(ASN1Encodable[] others)
     {
         if (null == others)

pkix/src/main/java/org/bouncycastle/cert/cmp/CMPChallengeFailedException.java

@@ -0,0 +1,10 @@
+package org.bouncycastle.cert.cmp;
+
+public class CMPChallengeFailedException
+    extends CMPException
+{
+    public CMPChallengeFailedException(String msg)
+    {
+        super(msg);
+    }
+}

pkix/src/main/java/org/bouncycastle/cert/cmp/ChallengeContent.java

@@ -0,0 +1,72 @@
+package org.bouncycastle.cert.cmp;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.util.Collection;
+
+import org.bouncycastle.asn1.cmp.Challenge;
+import org.bouncycastle.asn1.cmp.PKIHeader;
+import org.bouncycastle.asn1.cms.ContentInfo;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.cms.CMSEnvelopedData;
+import org.bouncycastle.cms.CMSException;
+import org.bouncycastle.cms.Recipient;
+import org.bouncycastle.cms.RecipientInformation;
+import org.bouncycastle.operator.DigestCalculator;
+import org.bouncycastle.util.Arrays;
+
+public class ChallengeContent
+{
+    private final Challenge challenge;
+    private final DigestCalculator owfCalc;
+    
+    ChallengeContent(Challenge challenge, DigestCalculator owfCalc)
+    {
+        this.challenge = challenge;
+        this.owfCalc = owfCalc;
+    }
+
+    public byte[] extractChallenge(PKIHeader sourceMessageHdr, Recipient recipient)
+        throws CMPException
+    {
+          // TODO: add check for recipientName
+        try
+        {
+            CMSEnvelopedData cmsEnvelopedData = new CMSEnvelopedData(new ContentInfo(PKCSObjectIdentifiers.envelopedData, challenge.getEncryptedRand()));
+
+            Collection c = cmsEnvelopedData.getRecipientInfos().getRecipients();
+
+            RecipientInformation recInfo = (RecipientInformation)c.iterator().next();
+
+            byte[] recData = recInfo.getContent(recipient);
+
+            Challenge.Rand rand = Challenge.Rand.getInstance(recData);
+
+            if (!Arrays.constantTimeAreEqual(rand.getSender().getEncoded(), sourceMessageHdr.getSender().getEncoded()))
+            {
+                throw new CMPChallengeFailedException("incorrect sender found");
+            }
+
+            OutputStream digOut = owfCalc.getOutputStream();
+
+            digOut.write(rand.getInt().getEncoded());
+
+            digOut.close();
+
+            if (!Arrays.constantTimeAreEqual(challenge.getWitness(), owfCalc.getDigest()))
+            {
+                throw new CMPChallengeFailedException("corrupted challenge found");
+            }
+
+            return rand.getInt().getValue().toByteArray();
+        }
+        catch (CMSException e)
+        {
+            throw new CMPException(e.getMessage(), e);
+        }
+        catch (IOException e)
+        {
+            throw new CMPException(e.getMessage(), e);
+        }
+    }
+}

pkix/src/main/java/org/bouncycastle/cert/cmp/POPODecryptionKeyChallengeContent.java

@@ -0,0 +1,67 @@
+package org.bouncycastle.cert.cmp;
+
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.cmp.Challenge;
+import org.bouncycastle.asn1.cmp.PKIBody;
+import org.bouncycastle.asn1.cmp.POPODecKeyChallContent;
+import org.bouncycastle.operator.DigestCalculator;
+import org.bouncycastle.operator.DigestCalculatorProvider;
+import org.bouncycastle.operator.OperatorCreationException;
+
+/**
+ * POPODecKeyChallContent ::= SEQUENCE OF Challenge
+ * -- One Challenge per encryption key certification request (in the
+ * -- same order as these requests appear in CertReqMessages).
+ */
+public class POPODecryptionKeyChallengeContent
+{
+    private final ASN1Sequence content;
+    private final DigestCalculatorProvider owfCalcProvider;
+
+    POPODecryptionKeyChallengeContent(POPODecKeyChallContent challenges, DigestCalculatorProvider owfCalcProvider)
+    {
+        this.content = ASN1Sequence.getInstance(challenges.toASN1Primitive());
+        this.owfCalcProvider = owfCalcProvider;
+    }
+
+    public ChallengeContent[] toChallengeArray()
+        throws CMPException
+    {
+        ChallengeContent[] result = new ChallengeContent[content.size()];
+        DigestCalculator owfCalc = null;
+
+        for (int i = 0; i != result.length; i++)
+        {
+            Challenge c = Challenge.getInstance(content.getObjectAt(i));
+            if (c.getOwf() != null)
+            {
+                try
+                {
+                    owfCalc = owfCalcProvider.get(c.getOwf());
+                }
+                catch (OperatorCreationException e)
+                {
+                    throw new CMPException(e.getMessage(), e);
+                }
+            }
+            result[i] = new ChallengeContent(Challenge.getInstance(content.getObjectAt(i)), owfCalc);
+        }
+
+        return result;
+    }
+
+    public static POPODecryptionKeyChallengeContent fromPKIBody(PKIBody pkiBody, DigestCalculatorProvider owfProvider)
+    {
+        if (pkiBody.getType() != PKIBody.TYPE_POPO_CHALL)
+        {
+            throw new IllegalArgumentException("content of PKIBody wrong type: " + pkiBody.getType());
+        }
+
+        return new POPODecryptionKeyChallengeContent(POPODecKeyChallContent.getInstance(pkiBody.getContent()), owfProvider);
+    }
+
+    public POPODecKeyChallContent toASN1Structure()
+    {
+        return POPODecKeyChallContent.getInstance(content);
+    }
+}

pkix/src/main/java/org/bouncycastle/cert/cmp/POPODecryptionKeyChallengeContentBuilder.java

@@ -0,0 +1,101 @@
+package org.bouncycastle.cert.cmp;
+
+import java.io.IOException;
+import java.io.OutputStream;
+
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.cmp.Challenge;
+import org.bouncycastle.asn1.cmp.POPODecKeyChallContent;
+import org.bouncycastle.asn1.cms.EnvelopedData;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.bouncycastle.cms.CMSEnvelopedData;
+import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
+import org.bouncycastle.cms.CMSProcessableByteArray;
+import org.bouncycastle.cms.RecipientInfoGenerator;
+import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
+import org.bouncycastle.operator.DigestCalculator;
+import org.bouncycastle.operator.DigestCalculatorProvider;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.bouncycastle.util.Arrays;
+
+/**
+ * POPODecKeyChallContent ::= SEQUENCE OF Challenge
+ * -- One Challenge per encryption key certification request (in the
+ * -- same order as these requests appear in CertReqMessages).
+ */
+public class POPODecryptionKeyChallengeContentBuilder
+{
+    private final DigestCalculator owfCalculator;
+    private final ASN1ObjectIdentifier challengeEncAlg;
+    private ASN1EncodableVector challenges = new ASN1EncodableVector();
+
+    public POPODecryptionKeyChallengeContentBuilder(DigestCalculator owfCalculator, ASN1ObjectIdentifier challengeEncAlg)
+    {
+        this.owfCalculator = owfCalculator;
+        this.challengeEncAlg = challengeEncAlg;
+    }
+
+    public POPODecryptionKeyChallengeContentBuilder addChallenge(RecipientInfoGenerator recipientInfGenerator, GeneralName recipient, byte[] A)
+        throws CMPException
+    {
+        byte[] integer = Arrays.clone(A);
+
+        try
+        {
+            OutputStream dOut = owfCalculator.getOutputStream();
+
+            dOut.write(new ASN1Integer(integer).getEncoded());
+
+            dOut.close();
+        }
+        catch (IOException e)
+        {
+            throw new CMPException("unable to calculate witness", e);
+        }
+
+        CMSEnvelopedData encryptedChallenge;
+        try
+        {
+            CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
+
+            edGen.addRecipientInfoGenerator(recipientInfGenerator);
+
+            encryptedChallenge = edGen.generate(
+                new CMSProcessableByteArray(new Challenge.Rand(A, recipient).getEncoded()),
+                new JceCMSContentEncryptorBuilder(challengeEncAlg).setProvider("BC").build());
+        }
+        catch (Exception e)
+        {
+            throw new CMPException("unable to encrypt challenge", e);
+        }
+
+        EnvelopedData encryptedRand = EnvelopedData.getInstance(encryptedChallenge.toASN1Structure().getContent());
+
+        if (this.challenges.size() == 0)
+        {
+            this.challenges.add(new Challenge(owfCalculator.getAlgorithmIdentifier(), owfCalculator.getDigest(), encryptedRand));
+        }
+        else
+        {
+            this.challenges.add(new Challenge(owfCalculator.getDigest(), encryptedRand));
+        }
+        return this;
+    }
+
+    public POPODecryptionKeyChallengeContent build()
+    {
+        return new POPODecryptionKeyChallengeContent(POPODecKeyChallContent.getInstance(new DERSequence(challenges)), new DigestCalculatorProvider()
+        {
+            @Override
+            public DigestCalculator get(AlgorithmIdentifier digestAlgorithmIdentifier)
+                throws OperatorCreationException
+            {
+                return owfCalculator;
+            }
+        });
+    }
+}

pkix/src/main/java/org/bouncycastle/cert/cmp/POPODecryptionKeyResponseContent.java

@@ -0,0 +1,43 @@
+package org.bouncycastle.cert.cmp;
+
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.cmp.PKIBody;
+import org.bouncycastle.asn1.cmp.POPODecKeyRespContent;
+
+public class POPODecryptionKeyResponseContent
+{
+    private final POPODecKeyRespContent respContent;
+
+    POPODecryptionKeyResponseContent(POPODecKeyRespContent respContent)
+    {
+        this.respContent = respContent;
+    }
+
+    public byte[][] getResponses()
+    {
+        ASN1Integer[] resps = respContent.toASN1IntegerArray();
+        byte[][] rv = new byte[resps.length][];
+
+        for (int i = 0; i != resps.length; i++)
+        {
+            rv[i] = resps[i].getValue().toByteArray();
+        }
+
+        return rv;
+    }
+
+    public static POPODecryptionKeyResponseContent fromPKIBody(PKIBody pkiBody)
+    {
+        if (pkiBody.getType() != PKIBody.TYPE_POPO_REP)
+        {
+            throw new IllegalArgumentException("content of PKIBody wrong type: " + pkiBody.getType());
+        }
+
+        return new POPODecryptionKeyResponseContent(POPODecKeyRespContent.getInstance(pkiBody.getContent()));
+    }
+
+    public POPODecKeyRespContent toASN1Structure()
+    {
+        return respContent;
+    }
+}

pkix/src/main/java/org/bouncycastle/cert/cmp/POPODecryptionKeyResponseContentBuilder.java

@@ -0,0 +1,25 @@
+package org.bouncycastle.cert.cmp;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.cmp.POPODecKeyRespContent;
+
+public class POPODecryptionKeyResponseContentBuilder
+{
+    private ASN1EncodableVector v = new ASN1EncodableVector();
+
+    public POPODecryptionKeyResponseContentBuilder addChallengeResponse(byte[] response)
+    {
+          v.add(new ASN1Integer(new BigInteger(response)));
+
+          return this;
+    }
+
+    public POPODecryptionKeyResponseContent build()
+    {
+        return new POPODecryptionKeyResponseContent(POPODecKeyRespContent.getInstance(new DERSequence(v)));
+    }
+}

pkix/src/main/java/org/bouncycastle/cert/cmp/ProtectedPKIMessageBuilder.java

@@ -212,6 +212,20 @@ public ProtectedPKIMessageBuilder setBody(int bodyType, CertificateConfirmationC
         return this;
     }
 
+    public ProtectedPKIMessageBuilder setBody(POPODecryptionKeyChallengeContent popoDecKeyChallContent)
+    {
+        this.body = new PKIBody(PKIBody.TYPE_POPO_CHALL, popoDecKeyChallContent.toASN1Structure());
+
+        return this;
+    }
+
+    public ProtectedPKIMessageBuilder setBody(POPODecryptionKeyResponseContent popoDecKeyRespContent)
+    {
+        this.body = new PKIBody(PKIBody.TYPE_POPO_REP, popoDecKeyRespContent.toASN1Structure());
+
+        return this;
+    }
+
     /**
      * Add an "extra certificate" to the message.
      *