in java/remoteprovisioning/CborUtil.java [177:196]
public static CBORObject decodeEncryptMessage(
byte[] cborProtectedData, AsymmetricCipherKeyPair eek) throws CborException, CryptoException {
CBORObject encMsg = CBORObject.DecodeFromBytes(cborProtectedData);
checkArray(encMsg, COSE_ENCRYPT_LENGTH, "ProtectedData");
byte[] serializedProtectedHeaders =
encMsg.get(COSE_ENCRYPT_PROTECTED_HEADERS_INDEX).GetByteString();
byte[] aad = buildEncStructure(serializedProtectedHeaders, null /* externalAad */);
CBORObject protectedHeaders = CBORObject.DecodeFromBytes(serializedProtectedHeaders);
CBORObject unprotectedHeaders = encMsg.get(COSE_ENCRYPT_UNPROTECTED_HEADERS_INDEX);
byte[] content = encMsg.get(COSE_ENCRYPT_CIPHERTEXT_INDEX).GetByteString();
CBORObject recipient = getRecipient(encMsg.get(COSE_ENCRYPT_RECIPIENTS_INDEX));
CBORObject unprotectedHeadersRecip = recipient.get(COSE_RECIPIENT_UNPROTECTED_HEADERS_INDEX);
CBORObject ephemeralPublicKeyCbor = unprotectedHeadersRecip.get(HeaderKeys.ECDH_EPK.AsCBOR());
byte[] ephemeralPublicKey = ephemeralPublicKeyCbor.get(KeyKeys.OKP_X.AsCBOR()).GetByteString();
byte[] derivedKey =
CryptoUtil.deriveSharedKeyReceive(
eek, CryptoUtil.byteArrayToX25519PublicKey(ephemeralPublicKey));
byte[] iv = unprotectedHeaders.get(HeaderKeys.IV.AsCBOR()).GetByteString();
return CBORObject.DecodeFromBytes(CryptoUtil.decrypt(content, aad, derivedKey, iv));
}