Skip to content

Commit

Permalink
fix/dcc-enrypted-data
Browse files Browse the repository at this point in the history
  • Loading branch information
@f11h
f11h authored Jun 15, 2021
2 parents eaa73d5 + b83ba18 commit 9a806eb
Show file tree
Hide file tree
Showing 6 changed files with 34 additions and 22 deletions.
6 changes: 3 additions & 3 deletions src/main/java/eu/europa/ec/dgc/generation/DgcCryptedPublisher.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ public DgcData createDgc(DgcInitData dgcInitData, String dgcPayloadJson, PublicK
dgcData.setDccData(edgcCoseUnsigned);

try {
encryptData(dgcData, edgcCoseUnsigned, publicKey);
encryptData(dgcData, dgcInitData.isEncryptCose() ? edgcCoseUnsigned : edgcCbor, publicKey);
} catch (NoSuchAlgorithmException | NoSuchPaddingException
| InvalidKeyException | InvalidAlgorithmParameterException
| IllegalBlockSizeException | BadPaddingException e) {
Expand All @@ -59,7 +59,7 @@ public DgcData createDgc(DgcInitData dgcInitData, String dgcPayloadJson, PublicK
return dgcData;
}

private void encryptData(DgcData dgcData, byte[] edgcCoseUnsigned, PublicKey publicKey) throws
private void encryptData(DgcData dgcData, byte[] edgcCbor, PublicKey publicKey) throws
NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException,
InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
KeyGenerator keyGen = KeyGenerator.getInstance("AES");
Expand All @@ -71,7 +71,7 @@ private void encryptData(DgcData dgcData, byte[] edgcCoseUnsigned, PublicKey pub
IvParameterSpec ivspec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance(DATA_CIPHER);
cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivspec);
byte[] edgcDataEncrpyted = cipher.doFinal(edgcCoseUnsigned);
byte[] edgcDataEncrpyted = cipher.doFinal(edgcCbor);

dgcData.setDataEncrypted(edgcDataEncrpyted);

Expand Down
23 changes: 4 additions & 19 deletions src/main/java/eu/europa/ec/dgc/generation/DgcGenerator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,32 +92,17 @@ public byte[] dgcSetCoseSignature(byte[] coseData, byte[] signature) {
/**
* Set signature and unprotected header from partialDcc into unsigned cose dcc.
*
* @param coseData unsigned cose dcc
* @param cwtData cwt paylaod data (cbor)
* @param partialDcc cose with signature and unprotected header
* @return signed cose dcc
*/
public byte[] dgcSetCosePartial(byte[] coseData, byte[] partialDcc) {
public byte[] dgcSetCosePartial(byte[] cwtData, byte[] partialDcc) {
CBORObject partialCose = CBORObject.DecodeFromBytes(partialDcc);
if (partialCose.getType() != CBORType.Array || partialCose.getValues().size() < 3) {
throw new IllegalArgumentException("partial dcc is not cbor array");
}
CBORObject cborObject = CBORObject.DecodeFromBytes(coseData);
if (cborObject.getType() == CBORType.Array && cborObject.getValues().size() == 4) {
// set signature
cborObject.set(3, partialCose.get(3));
} else {
throw new IllegalArgumentException("seems not to be cose");
}
// copy unprotected header
CBORObject unprotectedHeader = partialCose.get(1);
if (unprotectedHeader.getType() != CBORType.Map) {
throw new IllegalArgumentException("unprotected header in partial dcc is not cbor map");
}
for (CBORObject key : unprotectedHeader.getKeys()) {
CBORObject value = unprotectedHeader.get(key);
cborObject.get(1).set(key, value);
}
return cborObject.EncodeToBytes();
partialCose.set(2,CBORObject.FromObject(cwtData));
return partialCose.EncodeToBytes();
}

/**
Expand Down
7 changes: 7 additions & 0 deletions src/main/java/eu/europa/ec/dgc/generation/DgcSigner.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,13 @@ public byte[] signHash(byte[] hashBytes, PrivateKey privateKey) {
*/
public byte[] signPartialDcc(byte[] hashBytes, PrivateKey privateKey, byte[] keyId) {
CBORObject protectedHeader = CBORObject.NewMap();
int algId;
if (privateKey instanceof RSAPrivateCrtKey) {
algId = -37;
} else {
algId = -7;
}
protectedHeader.set(CBORObject.FromObject(1), CBORObject.FromObject(algId));
byte[] protectedHeaderBytes = protectedHeader.EncodeToBytes();

CBORObject coseObject = CBORObject.NewArray();
Expand Down
6 changes: 6 additions & 0 deletions src/main/java/eu/europa/ec/dgc/generation/dto/DgcData.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,14 @@
public class DgcData {

private byte[] dek;
/**
* encrypted dcc cwt (cbor payload) data (cose array item 2).
*/
private byte[] dataEncrypted;
private byte[] hash;
/**
* unsigned dcc COSE data.
*/
private byte[] dccData;

public byte[] getDek() {
Expand Down
13 changes: 13 additions & 0 deletions src/main/java/eu/europa/ec/dgc/generation/dto/DgcInitData.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,11 @@ public class DgcInitData {
private long expriation;
private int algId;
private byte[] keyId;
/**
* if true the whole cose unsigned data are encrypted.
* if false only the cwt cbor data are encrypted
*/
private boolean encryptCose = false;

public String getIssuerCode() {
return issuerCode;
Expand Down Expand Up @@ -47,4 +52,12 @@ public byte[] getKeyId() {
public void setKeyId(byte[] keyId) {
this.keyId = keyId;
}

public boolean isEncryptCose() {
return encryptCose;
}

public void setEncryptCose(boolean encryptCose) {
this.encryptCose = encryptCose;
}
}
1 change: 1 addition & 0 deletions src/test/java/eu/europa/ec/dgc/generation/DgcCryptedPublisherTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ void getEncodedDGCData() throws Exception {
dgcInitData.setIssuerCode(countryCode);
dgcInitData.setKeyId(keyId);
dgcInitData.setAlgId(-7);
dgcInitData.setEncryptCose(true);
DgcData dgcData = dgcCryptedPublisher.createDgc(dgcInitData, edgcJson, keyPair.getPublic());

// Base64-kodierte und mit dem RSA Public Key verschlüsselter DEK. Der DEK selbst muss 32 Bytes haben (für AES-256).
Expand Down

0 comments on commit 9a806eb

Please sign in to comment.