added build method taking a pre-calculated key as SecretKey and byte[] + test for same - relates to github #2115

minor refactor of Bc class.

Author: dghgit

pkix/src/main/java/org/bouncycastle/cms/bc/BcCMSContentEncryptorBuilder.java

@@ -95,11 +95,11 @@ public OutputEncryptor build()
     /**
      * Build the OutputEncryptor using a pre-generated key.
      *
-     * @param encKey a raw byte encoding of the key to be used for encryption.
-     * @return an OutputEncryptor configured to use encKey.
+     * @param rawEncKey a raw byte encoding of the key to be used for encryption.
+     * @return an OutputEncryptor configured to use rawEncKey.
      * @throws CMSException
      */
-    public OutputEncryptor build(byte[] encKey)
+    public OutputEncryptor build(byte[] rawEncKey)
         throws CMSException
     {
         if (random == null)
@@ -110,10 +110,10 @@ public OutputEncryptor build(byte[] encKey)
         // fixed key size defined
         if (this.keySize > 0)
         {
-            if (((this.keySize + 7) / 8) != encKey.length)
+            if (((this.keySize + 7) / 8) != rawEncKey.length)
             {
-                if ((this.keySize != 56 && encKey.length != 8)
-                    && (this.keySize != 168 && encKey.length != 24))
+                if ((this.keySize != 56 && rawEncKey.length != 8)
+                    && (this.keySize != 168 && rawEncKey.length != 24))
                 {
                     throw new IllegalArgumentException("attempt to create encryptor with the wrong sized key");
                 }
@@ -122,10 +122,10 @@ public OutputEncryptor build(byte[] encKey)
 
         if (helper.isAuthEnveloped(encryptionOID))
         {
-            return new CMSAuthOutputEncryptor(encryptionOID, new KeyParameter(encKey), random);
+            return new CMSAuthOutputEncryptor(encryptionOID, new KeyParameter(rawEncKey), random);
         }
 
-        return new CMSOutputEncryptor(encryptionOID, new KeyParameter(encKey), random);
+        return new CMSOutputEncryptor(encryptionOID, new KeyParameter(rawEncKey), random);
     }
 
     private class CMSOutputEncryptor

pkix/src/main/java/org/bouncycastle/cms/jcajce/JceCMSContentEncryptorBuilder.java

@@ -181,16 +181,63 @@ public JceCMSContentEncryptorBuilder setAlgorithmParameters(AlgorithmParameters
         return this;
     }
 
+    /**
+     * Build the OutputEncryptor with an internally generated key.
+     *
+     * @return an OutputEncryptor configured to use an internal key.
+     * @throws CMSException
+     */
     public OutputEncryptor build()
         throws CMSException
+    {
+        KeyGenerator keyGen = helper.createKeyGenerator(encryptionOID);
+
+        random = CryptoServicesRegistrar.getSecureRandom(random);
+
+        if (keySize < 0)
+        {
+            keyGen.init(random);
+        }
+        else
+        {
+            keyGen.init(keySize, random);
+        }
+
+        return build(keyGen.generateKey());
+    }
+
+    /**
+     * Build the OutputEncryptor using a pre-generated key given as a raw encoding.
+     *
+     * @param rawEncKey a raw byte encoding of the key to be used for encryption.
+     * @return an OutputEncryptor configured to use rawEncKey.
+     * @throws CMSException
+     */
+    public OutputEncryptor build(byte[] rawEncKey)
+        throws CMSException
+    {
+        SecretKey encKey = new SecretKeySpec(rawEncKey, helper.getBaseCipherName(encryptionOID));
+
+        return build(encKey);
+    }
+
+    /**
+     * Build the OutputEncryptor using a pre-generated key.
+     *
+     * @param encKey a pre-generated key to be used for encryption.
+     * @return an OutputEncryptor configured to use encKey.
+     * @throws CMSException
+     */
+    public OutputEncryptor build(SecretKey encKey)
+        throws CMSException
     {
         if (algorithmParameters != null)
         {
             if (helper.isAuthEnveloped(encryptionOID))
             {
-                return new CMSAuthOutputEncryptor(kdfAlgorithm, encryptionOID, keySize, algorithmParameters, random);
+                return new CMSAuthOutputEncryptor(kdfAlgorithm, encryptionOID, encKey, algorithmParameters, random);
             }
-            return new CMSOutputEncryptor(kdfAlgorithm, encryptionOID, keySize, algorithmParameters, random);
+            return new CMSOutputEncryptor(kdfAlgorithm, encryptionOID, encKey, algorithmParameters, random);
         }
         if (algorithmIdentifier != null)
         {
@@ -212,9 +259,9 @@ public OutputEncryptor build()
 
         if (helper.isAuthEnveloped(encryptionOID))
         {
-            return new CMSAuthOutputEncryptor(kdfAlgorithm, encryptionOID, keySize, algorithmParameters, random);
+            return new CMSAuthOutputEncryptor(kdfAlgorithm, encryptionOID, encKey, algorithmParameters, random);
         }
-        return new CMSOutputEncryptor(kdfAlgorithm, encryptionOID, keySize, algorithmParameters, random);
+        return new CMSOutputEncryptor(kdfAlgorithm, encryptionOID, encKey, algorithmParameters, random);
     }
 
     private class CMSOutEncryptor
@@ -252,24 +299,14 @@ private void applyKdf(ASN1ObjectIdentifier kdfAlgorithm, AlgorithmParameters par
             algorithmIdentifier = new AlgorithmIdentifier(kdfAlgorithm, algorithmIdentifier);
         }
 
-        protected void init(ASN1ObjectIdentifier kdfAlgorithm, ASN1ObjectIdentifier encryptionOID, int keySize, AlgorithmParameters params, SecureRandom random)
+        protected void init(ASN1ObjectIdentifier kdfAlgorithm, ASN1ObjectIdentifier encryptionOID, SecretKey encKey, AlgorithmParameters params, SecureRandom random)
             throws CMSException
         {
-            KeyGenerator keyGen = helper.createKeyGenerator(encryptionOID);
+            this.encKey = encKey;
 
             random = CryptoServicesRegistrar.getSecureRandom(random);
 
-            if (keySize < 0)
-            {
-                keyGen.init(random);
-            }
-            else
-            {
-                keyGen.init(keySize, random);
-            }
-
-            cipher = helper.createCipher(encryptionOID);
-            encKey = keyGen.generateKey();
+            this.cipher = helper.createCipher(encryptionOID);
 
             if (params == null)
             {
@@ -327,10 +364,10 @@ private class CMSOutputEncryptor
         extends CMSOutEncryptor
         implements OutputEncryptor
     {
-        CMSOutputEncryptor(ASN1ObjectIdentifier kdfAlgorithm, ASN1ObjectIdentifier encryptionOID, int keySize, AlgorithmParameters params, SecureRandom random)
+        CMSOutputEncryptor(ASN1ObjectIdentifier kdfAlgorithm, ASN1ObjectIdentifier encryptionOID, SecretKey encKey, AlgorithmParameters params, SecureRandom random)
             throws CMSException
         {
-            init(kdfAlgorithm, encryptionOID, keySize, params, random);
+            init(kdfAlgorithm, encryptionOID, encKey, params, random);
         }
 
         public AlgorithmIdentifier getAlgorithmIdentifier()
@@ -355,10 +392,10 @@ private class CMSAuthOutputEncryptor
     {
         private MacCaptureStream    macOut;
 
-        CMSAuthOutputEncryptor(ASN1ObjectIdentifier kdfAlgorithm, ASN1ObjectIdentifier encryptionOID, int keySize, AlgorithmParameters params, SecureRandom random)
+        CMSAuthOutputEncryptor(ASN1ObjectIdentifier kdfAlgorithm, ASN1ObjectIdentifier encryptionOID, SecretKey encKey, AlgorithmParameters params, SecureRandom random)
             throws CMSException
         {
-            init(kdfAlgorithm, encryptionOID, keySize, params, random);
+            init(kdfAlgorithm, encryptionOID, encKey, params, random);
         }
 
         public AlgorithmIdentifier getAlgorithmIdentifier()

pkix/src/test/java/org/bouncycastle/cms/test/NewEnvelopedDataStreamTest.java

@@ -775,6 +775,49 @@ public void testTwoAESKEK()
         ep.close();
     }
 
+    public void testTwoAESKEKWithPrecomputedContentKey()
+        throws Exception
+    {
+        byte[] data = "WallaWallaWashington".getBytes();
+        SecretKey kek1 = CMSTestUtil.makeAES192Key();
+        SecretKey kek2 = CMSTestUtil.makeAES192Key();
+
+        CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator();
+
+        byte[] kekId1 = new byte[]{1, 2, 3, 4, 5};
+        byte[] kekId2 = new byte[]{5, 4, 3, 2, 1};
+
+        edGen.addRecipientInfoGenerator(new JceKEKRecipientInfoGenerator(kekId1, kek1).setProvider(BC));
+        edGen.addRecipientInfoGenerator(new JceKEKRecipientInfoGenerator(kekId2, kek2).setProvider(BC));
+
+        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+
+        OutputStream out = edGen.open(
+            bOut,
+            new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build(Hex.decode("000102030405060708090a0b0c0d0e0f")));
+        out.write(data);
+
+        out.close();
+
+        CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(bOut.toByteArray());
+
+        RecipientInformationStore recipients = ep.getRecipientInfos();
+
+        assertEquals(ep.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES128_CBC);
+
+        RecipientId recSel = new KEKRecipientId(kekId2);
+
+        RecipientInformation recipient = recipients.get(recSel);
+
+        assertEquals(recipient.getKeyEncryptionAlgOID(), "2.16.840.1.101.3.4.1.25");
+
+        CMSTypedStream recData = recipient.getContentStream(new JceKEKEnvelopedRecipient(kek2).setProvider(BC));
+
+        assertEquals(true, Arrays.equals(data, CMSTestUtil.streamToByteArray(recData.getContentStream())));
+
+        ep.close();
+    }
+
     public void testECKeyAgree()
         throws Exception
     {