added support for independent provider key wrapping after agreement step

dghgit · dghgit · commit f4ba48a0fab3 · 2024-07-04T18:01:11.000+10:00
diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipientInfoGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipientInfoGenerator.java
@@ -57,6 +57,8 @@ public class JceKeyAgreeRecipientInfoGenerator
     private PrivateKey senderPrivateKey;
 
     private EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceExtHelper());
+    private EnvelopedDataHelper wrappingHelper = null;
+
     private SecureRandom random;
     private KeyPair ephemeralKP;
     private byte[] userKeyingMaterial;
@@ -90,6 +92,20 @@ public JceKeyAgreeRecipientInfoGenerator setProvider(String providerName)
         return this;
     }
 
+    public JceKeyAgreeRecipientInfoGenerator setKeyWrappingProvider(Provider provider)
+    {
+        this.wrappingHelper = new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider));
+
+        return this;
+    }
+
+    public JceKeyAgreeRecipientInfoGenerator setKeyWrappingProvider(String providerName)
+    {
+        this.wrappingHelper = new EnvelopedDataHelper(new NamedJcaJceExtHelper(providerName));
+
+        return this;
+    }
+
     public JceKeyAgreeRecipientInfoGenerator setSecureRandom(SecureRandom random)
     {
         this.random = random;
@@ -203,16 +219,18 @@ else if (CMSUtils.isGOST(keyAgreementOID))
 
                 SecretKey keyEncryptionKey = keyAgreement.generateSecret(keyEncAlg.getId());
 
+                EnvelopedDataHelper keyWrapHelper = (wrappingHelper != null) ? wrappingHelper : helper;
+
                 // Wrap the content encryption key with the agreement key
-                Cipher keyEncryptionCipher = helper.createCipher(keyEncAlg);
+                Cipher keyEncryptionCipher = keyWrapHelper.createCipher(keyEncAlg);
                 ASN1OctetString encryptedKey;
 
                 if (keyEncAlg.equals(CryptoProObjectIdentifiers.id_Gost28147_89_None_KeyWrap)
                     || keyEncAlg.equals(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap))
                 {
                     keyEncryptionCipher.init(Cipher.WRAP_MODE, keyEncryptionKey, new GOST28147WrapParameterSpec(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_A_ParamSet, userKeyingMaterial));
 
-                    byte[] encKeyBytes = keyEncryptionCipher.wrap(helper.getJceKey(contentEncryptionKey));
+                    byte[] encKeyBytes = keyEncryptionCipher.wrap(keyWrapHelper.getJceKey(contentEncryptionKey));
 
                     Gost2814789EncryptedKey encKey = new Gost2814789EncryptedKey(
                         Arrays.copyOfRange(encKeyBytes, 0, encKeyBytes.length - 4),
@@ -224,7 +242,7 @@ else if (CMSUtils.isGOST(keyAgreementOID))
                 {
                     keyEncryptionCipher.init(Cipher.WRAP_MODE, keyEncryptionKey, random);
 
-                    byte[] encryptedKeyBytes = keyEncryptionCipher.wrap(helper.getJceKey(contentEncryptionKey));
+                    byte[] encryptedKeyBytes = keyEncryptionCipher.wrap(keyWrapHelper.getJceKey(contentEncryptionKey));
 
                     encryptedKey = new DEROctetString(encryptedKeyBytes);
                 }
