bc-java icon indicating copy to clipboard operation
bc-java copied to clipboard
verified publisher icon bcgit

Decryption of CMSEnvelopedData object with ECKA-EG algorithm

Open kinimoas opened this issue 5 years ago • 0 comments

We are trying to decrypt an CMSEnvelopedData object. The object was encrypted with an ECKA-EG algorithm (0.4.0.127.0.7.1.1.5.1.1.3). When we try to decrypt the data by using BC we get an "checksum failed" error.

Exception in thread "main" org.bouncycastle.cms.CMSException: key invalid in message.
	at org.bouncycastle.cms.jcajce.JceKeyAgreeRecipient.extractSecretKey(JceKeyAgreeRecipient.java:262)
	at org.bouncycastle.cms.jcajce.JceKeyAgreeEnvelopedRecipient.getRecipientOperator(JceKeyAgreeEnvelopedRecipient.java:28)
	at org.bouncycastle.cms.KeyAgreeRecipientInformation.getRecipientOperator(KeyAgreeRecipientInformation.java:130)
	at org.bouncycastle.cms.RecipientInformation.getContentStream(RecipientInformation.java:169)
	at org.bouncycastle.cms.RecipientInformation.getContent(RecipientInformation.java:150)
Caused by: java.security.InvalidKeyException: checksum failed
	at org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher.engineUnwrap(BaseWrapCipher.java:500)
	at java.base/javax.crypto.Cipher.unwrap(Cipher.java:2587)
	at org.bouncycastle.cms.jcajce.JceKeyAgreeRecipient.unwrapSessionKey(JceKeyAgreeRecipient.java:207)
	at org.bouncycastle.cms.jcajce.JceKeyAgreeRecipient.extractSecretKey(JceKeyAgreeRecipient.java:241)
	... 5 more

We think that the cause could be related to the class org.bouncycastle.cms.jcajce.JceKeyAgreeRecipient. In the class the method calculateAgreedWrapKey is used to get the SecretKey. In this method the keyEncAlg is used to identify what kind of algorithm should be used in the next steps. In our case that algorithm is an ecka-eg algorithm. The CMSUtils class is used to identify if the given algorirhm is a EC algorithm.

 if (CMSUtils.isEC(keyEncAlg.getAlgorithm()))
            {
                if (userKeyingMaterial != null)
                {
                    byte[] ukmKeyingMaterial = kmGen.generateKDFMaterial(wrapAlg, keySizeProvider.getKeySize(wrapAlg), userKeyingMaterial.getOctets());

                    userKeyingMaterialSpec = new UserKeyingMaterialSpec(ukmKeyingMaterial);
                }
                else
                {
                    byte[] ukmKeyingMaterial = kmGen.generateKDFMaterial(wrapAlg, keySizeProvider.getKeySize(wrapAlg), null);

                    userKeyingMaterialSpec = new UserKeyingMaterialSpec(ukmKeyingMaterial);
                }
            }

We did not find any further reference to the keyEncAlg object in the code used for EC cryptography. We suspect that ECKA-DH is used as a standard to extract content for cms-objects based on EC.

Is this correct? Does BC always uses the ECKA-DH algorithm for cms-containers based on EC cryptography?

If an implementation is missing for the ECKA-EG algorithm, how would this be best included?

kinimoas avatar Sep 30 '20 12:09 kinimoas