in java/remoteprovisioning/CryptoUtil.java [526:576]
public static X25519PublicKeyParameters getX25519PublicKeyFromCert(CBORObject certObj)
throws CborException, CryptoException {
try {
Sign1Message cert =
(Sign1Message) Message.DecodeFromBytes(certObj.EncodeToBytes(), MessageTag.Sign1);
CBORObject content = CBORObject.DecodeFromBytes(cert.GetContent());
if (content.get(KeyKeys.OKP_Curve.AsCBOR()).getType() != CBORType.Integer) {
throw new CborException(
"Curve field does not have expected type",
CBORType.Integer,
content.get(KeyKeys.OKP_Curve.AsCBOR()).getType(),
CborException.TYPE_MISMATCH);
}
CBORObject keyType = content.get(KeyKeys.KeyType.AsCBOR());
if (keyType.getType() != CBORType.Integer) {
throw new CborException(
"Key type field does not have expected type",
CBORType.Integer,
keyType.getType(),
CborException.TYPE_MISMATCH);
}
if (keyType.AsInt32() != KeyKeys.KeyType_OKP.AsInt32()) {
throw new CborException(
"Key has unexpected key type (kty)",
KeyKeys.KeyType_OKP.AsInt32(),
keyType.AsInt32(),
CborException.INCORRECT_COSE_TYPE);
}
int curve = content.get(KeyKeys.OKP_Curve.AsCBOR()).AsInt32();
CBORObject algorithm = content.get(KeyKeys.Algorithm.AsCBOR());
if (algorithm.getType() != CBORType.Integer) {
throw new CborException(
"Algorithm has unexpected CBOR type",
CBORType.Integer,
algorithm.getType(),
CborException.TYPE_MISMATCH);
}
if (curve != X25519
|| algorithm.AsInt32() != AlgorithmID.ECDH_ES_HKDF_256.AsCBOR().AsInt32()) {
throw new CborException(
"Algorithm does not match the curve",
AlgorithmID.ECDH_ES_HKDF_256.AsCBOR().AsInt32(),
algorithm.AsInt32(),
CborException.INCORRECT_COSE_TYPE);
}
return getX25519PublicKeyFromCert(cert);
} catch (CoseException e) {
throw new CborException(
"Failed to decode certificate", e, CborException.DESERIALIZATION_ERROR);
}
}