Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

iaik.cms.ecc
Class IaikEccProvider

java.lang.Object
  extended by iaik.cms.SecurityProvider
      extended by iaik.cms.IaikProvider
          extended by iaik.cms.ecc.IaikEccProvider
Deprecated. for ECC the new IAIK ECCelerate™ toolkit shall be used; see installation guidelines (Install.html) 

public class IaikEccProvider
extends IaikProvider

This class implements a CMS SecurityProvider for the IAIK-ECC cryptographic provider "IAIK_ECC" (IAIK_ECC), version 2.0 or later.

This CMS SecurityProvider implements some methods that are required for supporting Ephemeral-Static ECDH according to RFC 3278.

To install this security provider call: 

 // register IAIK-ECC provider 
 iaik.security.ecc.provider.ECCProvider.addAsProvider();
 // install security provider
 SecurityProvider.setSecurityProvider(new IaikEccProvider());

See Also:
SecurityProvider, IaikProvider

Field Summary
static AlgorithmID ecka_eg_X963KDF_SHA256
          Deprecated. AlgorithmID for ECKA-EG ECC Key Agreement according to BSI TR-03111, BSI TR-03109-1 using ANSI X9.63 KDF with SHA-256.
static AlgorithmID ecka_eg_X963KDF_SHA384
          Deprecated. AlgorithmID for ECKA-EG ECC Key Agreement according to BSI TR-03111, BSI TR-03109-1 using ANSI X9.63 KDF with SHA-384.
static AlgorithmID ecka_eg_X963KDF_SHA512
          Deprecated. AlgorithmID for ECKA-EG ECC Key Agreement according to BSI TR-03111, BSI TR-03109-1 sing ANSI X9.63 KDF with SHA-512.
 
Fields inherited from class iaik.cms.IaikProvider
ALG_SIGNATURE_RAWRSA, ALG_SIGNATURE_RAWRSASSA_PKCS1_V15
 
Fields inherited from class iaik.cms.SecurityProvider
ALG_CIPHER_RSA, ALG_CIPHER_RSA_DECRYPT, ALG_CIPHER_RSA_ENCRYPT, ALG_CIPHER_RSA_SIGN, ALG_CIPHER_RSA_VERIFY, ALG_DIGEST_MD5, ALG_DIGEST_SHA, ALG_HMAC_MD5, ALG_HMAC_SHA, ALG_KEYEX_DH, ALG_KEYEX_ESDH, ALG_KEYEX_SSDH, ALG_SIGNATURE_RAWDSA, ALG_SIGNATURE_RAWECDSA, ALG_SIGNATURE_RAWECDSA_PLAIN, ALG_SIGNATURE_RAWRSAPSS, ALG_SIGNATURE_SHADSA, CIPHER_DECRYPT, CIPHER_ENCRYPT, CIPHER_NONE, CIPHER_UNWRAP, CIPHER_WRAP, COMPRESS, DECOMPRESS, IMPLEMENTATION_NAME_DSA, IMPLEMENTATION_NAME_ECDSA, IMPLEMENTATION_NAME_ECDSA_PLAIN, IMPLEMENTATION_NAME_PBKDF2, IMPLEMENTATION_NAME_PWRI_KEK, IMPLEMENTATION_NAME_RSA, IMPLEMENTATION_NAME_RSA_OAEP, IMPLEMENTATION_NAME_RSA_PSS, provider_, providerName_, random_, SIGNATURE_NONE, SIGNATURE_SIGN, SIGNATURE_VERIFY
 
Constructor Summary
IaikEccProvider()
          Deprecated. Default Constructor.
IaikEccProvider(boolean installProvider)
          Deprecated. Creates an IaikEccProvider.
 
Method Summary
 byte[] calculateSharedSecret(AlgorithmID keyAgreementAlgorithm, java.security.Key key, java.security.Key otherKey, java.security.spec.AlgorithmParameterSpec paramSpec)
          Deprecated. This method uses the specified KeyAgreement algorithm to calculate a shared secret between the owners of the given private and public key.
 void checkDomainParameters(java.security.PrivateKey myKey, java.security.PublicKey otherKey)
          Deprecated. Checks if the given private and public key agreement keys have the same domain parameters.
 javax.crypto.SecretKey createSharedKeyEncryptionKey(AlgorithmID keyAgreeAlg, java.security.PrivateKey myKey, java.security.PublicKey otherKey, AlgorithmID kea, int kekLength, byte[] ukm, java.lang.String kekName)
          Deprecated. Creates a shared secret key encryption key for the given key agreement algorithm.
static void encodeX963KdfKeyEncryptionAlgorithmParametersAsNull(boolean encodeParameterAsNull)
          Deprecated. Whether to encode the parameters field of the key-encryption algorithm as ASN.1 NULL (if no parameters are present) when creating the ECC-CMS-SharedInfo for the ASN1-X9.63-KDF key derivation function.
 java.security.KeyPair generateKeyAgreementKeyPair(AlgorithmID keyAgreeAlgorithm, java.security.PublicKey otherKey)
          Deprecated. Generates a ECDH key pair with same domain parameters of the given ECDH public key for the ECDH key agreement method.
 ASN1Object getASN1OriginatorPublicKey(java.security.PublicKey originatorPublicKey)
          Deprecated. Gets an ASN.1 representation of the provided originator ECDH public key.
 java.security.spec.AlgorithmParameterSpec getEllipticCurveParameterSpec(java.lang.String curveName)
          Deprecated. Creates an EC AlgorithmParameterSpec for the given curve name.
 javax.crypto.KeyAgreement getKeyAgreement(AlgorithmID keyAgreementAlgorithm, java.security.Key key, java.security.spec.AlgorithmParameterSpec paramSpec)
          Deprecated. This method returns the desired KeyAgreement object.
 int getKeyLength(java.security.PrivateKey privKey)
          Deprecated. Calculates the length of the given private key.
 int getKeyLength(java.security.PublicKey pubKey)
          Deprecated. Calculates the length of the given public key.
 java.security.PublicKey getOriginatorPublicKey(ASN1Object obj)
          Deprecated. Decodes the OriginatorPublicKey from the given ASN1Object.
 java.lang.String getProviderName()
          Deprecated. Gets the name of the underlying cryptographic provider.
 java.security.Signature getSignature(AlgorithmID signatureAlgorithm, int mode, java.security.Key key, java.security.spec.AlgorithmParameterSpec paramSpec)
          Deprecated. This method returns the desired Signature object.
 java.security.Signature getSignature(java.lang.String signatureAlgorithm, int mode, java.security.Key key, java.security.spec.AlgorithmParameterSpec paramSpec)
          Deprecated. This method returns the desired Signature object.
 
Methods inherited from class iaik.cms.IaikProvider
calculateSignatureFromHash, calculateSignatureFromSignedAttributes, decryptKey, deriveKey, generateAEADParamSpec, generateAEADParamSpec, generateKey, getAlgorithmParameterSpec, getPBEKey, getSecureRandom, setAEADMac, setIv, turnOffIAIKProviderVersionCheck, unwrapKey, verifySignatureFromHash, verifySignatureFromSignedAttributes, wrapKey
 
Methods inherited from class iaik.cms.SecurityProvider
calculateMac, compress, convertCipherMode, decryptKey, encryptKey, generateGCMParamSpec, generateKey, getAlgorithmParameters, getAlgorithmParameters, getAlgorithmParameters, getAuthCipherEngine, getAuthCipherEngine, getByteArrayAuthCipherEngine, getByteArrayAuthCipherEngine, getByteArrayCipherEngine, getByteArrayCipherEngine, getCipher, getCipher, getCipher, getCipher, getHash, getInputStreamAuthCipherEngine, getInputStreamAuthCipherEngine, getInputStreamCipherEngine, getInputStreamCipherEngine, getInputStreamCompressEngine, getInputStreamHashEngine, getInputStreamMacEngine, getKeyAlgorithmID, getKeyFactory, getKeyGenerator, getKeyGenerator, getKeyGenerator, getKeyLength, getKeyPairGenerator, getKeyStore, getMac, getMac, getMaskGenerationAlgorithm, getMessageDigest, getMessageDigest, getMicAlgs, getOutputStreamCompressEngine, getOutputStreamHashEngine, getOutputStreamMacEngine, getSecretKeyFactory, getSecretKeyFactory, getSecurityProvider, getSignature, getSignature, getSignatureParameters, setSecureRandom, setSecurityProvider, setSignatureParameters, validateDHPublicKey, validateKeyAgreementKey
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ecka_eg_X963KDF_SHA256

public static final AlgorithmID ecka_eg_X963KDF_SHA256
Deprecated. 
AlgorithmID for ECKA-EG ECC Key Agreement according to BSI TR-03111, BSI TR-03109-1 using ANSI X9.63 KDF with SHA-256.

ecka_eg_X963KDF_SHA384

public static final AlgorithmID ecka_eg_X963KDF_SHA384
Deprecated. 
AlgorithmID for ECKA-EG ECC Key Agreement according to BSI TR-03111, BSI TR-03109-1 using ANSI X9.63 KDF with SHA-384.

ecka_eg_X963KDF_SHA512

public static final AlgorithmID ecka_eg_X963KDF_SHA512
Deprecated. 
AlgorithmID for ECKA-EG ECC Key Agreement according to BSI TR-03111, BSI TR-03109-1 sing ANSI X9.63 KDF with SHA-512.

Constructor Detail

IaikEccProvider

public IaikEccProvider()
Deprecated. 
Default Constructor. Tries to install the IAIK and IAIK-ECC providers within the JCA framework.

IaikEccProvider

public IaikEccProvider(boolean installProvider)
Deprecated. 
Creates an IaikEccProvider.

Parameters:
installProvider - whether to install the IAIK and IAIK-ECC providers within the JCA framework or to use them without installing them within the JCA framework
Method Detail

encodeX963KdfKeyEncryptionAlgorithmParametersAsNull

public static final void encodeX963KdfKeyEncryptionAlgorithmParametersAsNull(boolean encodeParameterAsNull)
Deprecated. 
Whether to encode the parameters field of the key-encryption algorithm as ASN.1 NULL (if no parameters are present) when creating the ECC-CMS-SharedInfo for the ASN1-X9.63-KDF key derivation function.

RFC 3278 has required to encode missing parameters as NULL: 

 ECC-CMS-SharedInfo ::= SEQUENCE {
   keyInfo AlgorithmIdentifier,
   entityUInfo [0] EXPLICIT OCTET STRING OPTIONAL,
   suppPubInfo [2] EXPLICIT OCTET STRING   }
 
 where keyInfo is the key encryption algorithm with NULL parameters...
However, the successor of RFC 3278, RFC 5753 has changed this requirement to make the encoding of absent parameters dependent of the key-encryption algorithm in use: 
 ECC-CMS-SharedInfo ::= SEQUENCE {
    keyInfo         AlgorithmIdentifier,
    entityUInfo [0] EXPLICIT OCTET STRING OPTIONAL,
    suppPubInfo [2] EXPLICIT OCTET STRING  }

 The fields of ECC-CMS-SharedInfo are as follows:

 keyInfo contains the object identifier of the key-encryption
 algorithm (used to wrap the CEK) and associated parameters.  In
 this specification, 3DES wrap has NULL parameters while the AES
 wraps have absent parameters.
If required to be compatible with RFC 3278 this method can be called to enforce to encode missing parameters of the key-encryption algorithm as NULL when creating the ECC-CMS-SharedInfo for the ASN1-X9.63-KDF key derivation function.

Parameters:
encodeParameterAsNull - whether to encode absent key encryption algorithm parameters as NULL when creating the ECC-CMS-SharedInfo for the ASN1-X9.63-KDF key derivation function (default: false).

getProviderName

public java.lang.String getProviderName()
Deprecated. 
Gets the name of the underlying cryptographic provider.

Overrides:
getProviderName in class SecurityProvider
Returns:
the name of the underlying IAIK-ECC provider

getSignature

public java.security.Signature getSignature(AlgorithmID signatureAlgorithm,
                                            int mode,
                                            java.security.Key key,
                                            java.security.spec.AlgorithmParameterSpec paramSpec)
                                     throws java.security.InvalidKeyException,
                                            java.security.NoSuchAlgorithmException
Deprecated. 
This method returns the desired Signature object. If the mode parameter is SIGNATURE_SIGN or SIGNATURE_VERIFY the signature object is to be initialized with the provided key in the respective mode. If algorithm parameters are specified they are set for the Signature engine.

Overrides:
getSignature in class SecurityProvider
Parameters:
signatureAlgorithm - the AlgorithmID of the Signature algorithm
mode - the mode indicating if the engine has to be initialized
key - the key for initializing the Signature engine
paramSpec - any parameters to be set for the Signature engine, if not null
Returns:
the (if requested initialized) Signature engine
Throws:
java.security.InvalidKeyException - if the key is not valid
java.security.NoSuchAlgorithmException - if no Signature engine is available for the requested algorithm

getSignature

public java.security.Signature getSignature(java.lang.String signatureAlgorithm,
                                            int mode,
                                            java.security.Key key,
                                            java.security.spec.AlgorithmParameterSpec paramSpec)
                                     throws java.security.InvalidKeyException,
                                            java.security.NoSuchAlgorithmException
Deprecated. 
This method returns the desired Signature object. If the mode parameter is SIGNATURE_SIGN or SIGNATURE_VERIFY the signature object is to be initialized with the provided key in the respective mode. If algorithm parameters are specified they are set for the Signature engine.

Overrides:
getSignature in class SecurityProvider
Parameters:
signatureAlgorithm - the name of the Signature algorithm
mode - the mode indicating if the engine has to be initialized
key - the key for initializing the Signature engine
paramSpec - any parameters to be set for the Signature engine, if not null
Returns:
the (if requested initialized) Signature engine
Throws:
java.security.InvalidKeyException - if the key is not valid
java.security.NoSuchAlgorithmException - if no Signature engine is available for the requested algorithm

getKeyLength

public int getKeyLength(java.security.PublicKey pubKey)
Deprecated. 
Calculates the length of the given public key.

Overrides:
getKeyLength in class SecurityProvider
Parameters:
pubKey - the public key for which to calculate the length
Returns:
the length (in bits) of the public key
Throws:
java.lang.IllegalArgumentException - if the public key algorithm is not supported

getKeyLength

public int getKeyLength(java.security.PrivateKey privKey)
Deprecated. 
Calculates the length of the given private key.

Overrides:
getKeyLength in class SecurityProvider
Parameters:
privKey - the public key for which to calculate the length
Returns:
the length (in bits) of the private key
Throws:
java.lang.IllegalArgumentException - if the private key algorithm is not supported

generateKeyAgreementKeyPair

public java.security.KeyPair generateKeyAgreementKeyPair(AlgorithmID keyAgreeAlgorithm,
                                                         java.security.PublicKey otherKey)
                                                  throws java.security.NoSuchAlgorithmException,
                                                         java.security.InvalidKeyException,
                                                         java.security.InvalidAlgorithmParameterException
Deprecated. 
Generates a ECDH key pair with same domain parameters of the given ECDH public key for the ECDH key agreement method.

This method is called by the library for creating the originator key pair if the OriginatorPublicKey alternative is used for representing the public key of the originator within a KeyAgreeRecipientInfo. The public key supplied to this method is the one of the recipient and the key pair returned by this method must have domain parameters matching to those of the given recipient public key. According RFC 3278 the OriginatorPublicKey has to be used for representing the public key of the originator if ECDH is used as key agreement algorithm.

Overrides:
generateKeyAgreementKeyPair in class IaikProvider
Parameters:
keyAgreeAlgorithm - the key agreement algorithm to be used
otherKey - the public key of the other party
Returns:
the originator key pair with domain parameters matching to those of the supplied key of the other party
Throws:
java.security.NoSuchAlgorithmException - if the requested algorithm is not available
java.security.InvalidKeyException - if the key is not appropriate for the key agreement algorithm
java.security.InvalidAlgorithmParameterException - if the parameters are invalid

getASN1OriginatorPublicKey

public ASN1Object getASN1OriginatorPublicKey(java.security.PublicKey originatorPublicKey)
                                      throws CMSException
Deprecated. 
Gets an ASN.1 representation of the provided originator ECDH public key.

Ephemeral-Static ECDH according to RFC 3278 requires that the originatorKey algorithm field of a KeyAgreeRecipientInfo must contain the id-ecPublicKey oid with NULL parameters, and the originatorKey publicKey field must contain the DER encoding of the sending agent's public key (ECPoint) value.

If the supplied key is an ECDH key this method returns an ASN.1 representation of the ECDH originator public key. Otherwise it simply calls super.getASN1OriginatorPublicKey.

Overrides:
getASN1OriginatorPublicKey in class IaikProvider
Parameters:
originatorPublicKey - the originator public key from which to get an ASN.1 representation
Returns:
the ASN.1 representation of the originator public key
Throws:
CMSException - if the key cannot be ASN.1 represented

getOriginatorPublicKey

public java.security.PublicKey getOriginatorPublicKey(ASN1Object obj)
                                               throws CMSException
Deprecated. 
Decodes the OriginatorPublicKey from the given ASN1Object.

Ephemeral-Static ECDH according to RFC 3278 requires that the originatorKey algorithm field of a KeyAgreeRecipientInfo must contain the id-ecPublicKey oid with NULL parameters, and the originatorKey publicKey field must contain the DER encoding of the sending agent's public key (ECPoint) value.

If the supplied ASN1Object represents an ECDH key this method returns an internal ECPublicKey only containing the public key value (ECPoint) but no parameters, otherwise this method calls super.getOriginatorPublicKey.

Overrides:
getOriginatorPublicKey in class SecurityProvider
Parameters:
obj - the OriginatorPublicKey as ASN1Object
Returns:
the originator public key
Throws:
CMSException - if the ASN1Object cannot be decoded or is invalid structured

checkDomainParameters

public void checkDomainParameters(java.security.PrivateKey myKey,
                                  java.security.PublicKey otherKey)
                           throws java.security.InvalidParameterException
Deprecated. 
Checks if the given private and public key agreement keys have the same domain parameters.

If the supplied keys are ECDH keys the parameters are checked. Otherwise super.checkDomainParameters is called.

Overrides:
checkDomainParameters in class IaikProvider
Parameters:
myKey - the private key of the first party
otherKey - the public key of the other party
Throws:
InvalidParameterEyception - if the domain parameters do not match
java.security.InvalidParameterException

getKeyAgreement

public javax.crypto.KeyAgreement getKeyAgreement(AlgorithmID keyAgreementAlgorithm,
                                                 java.security.Key key,
                                                 java.security.spec.AlgorithmParameterSpec paramSpec)
                                          throws java.security.InvalidKeyException,
                                                 java.security.InvalidAlgorithmParameterException,
                                                 java.security.NoSuchAlgorithmException
Deprecated. 
This method returns the desired KeyAgreement object.

Overrides:
getKeyAgreement in class SecurityProvider
Parameters:
keyAgreementAlgorithm - the algorithmID of the key agreement algorithm requested
key - the (private) key for initializing the KeyAgreement
paramSpec - any parameters used for intializing the key agreement
Returns:
the initialized KeyAgreement engine
Throws:
java.security.InvalidKeyException - if the key is not valid
java.security.InvalidAlgorithmParameterException - if the parameters are not valid
java.security.NoSuchAlgorithmException - if no KeyAgreement engine is available for the requested algorithm

calculateSharedSecret

public byte[] calculateSharedSecret(AlgorithmID keyAgreementAlgorithm,
                                    java.security.Key key,
                                    java.security.Key otherKey,
                                    java.security.spec.AlgorithmParameterSpec paramSpec)
                             throws java.security.InvalidKeyException,
                                    java.security.InvalidAlgorithmParameterException,
                                    java.security.NoSuchAlgorithmException
Deprecated. 
This method uses the specified KeyAgreement algorithm to calculate a shared secret between the owners of the given private and public key.

Overrides:
calculateSharedSecret in class SecurityProvider
Parameters:
keyAgreementAlgorithm - the algorithmID of the key agreement algorithm requested
key - the (private) key for initializing the KeyAgreement
otherKey - the (public) key from the other party
paramSpec - any parameters used for initializing the key agreement
Returns:
the shared secret
Throws:
java.security.InvalidKeyException - if the key is not valid
java.security.InvalidAlgorithmParameterException - if the parameters are not valid
java.security.NoSuchAlgorithmException - if no KeyAgreement engine is available for the requested algorithm

createSharedKeyEncryptionKey

public javax.crypto.SecretKey createSharedKeyEncryptionKey(AlgorithmID keyAgreeAlg,
                                                           java.security.PrivateKey myKey,
                                                           java.security.PublicKey otherKey,
                                                           AlgorithmID kea,
                                                           int kekLength,
                                                           byte[] ukm,
                                                           java.lang.String kekName)
                                                    throws java.security.NoSuchAlgorithmException,
                                                           java.security.InvalidKeyException,
                                                           java.security.InvalidAlgorithmParameterException
Deprecated. 
Creates a shared secret key encryption key for the given key agreement algorithm.

Creating a shared key encryption key is required when a key agreement algorithm is used as key management protocol for the recipient of an EnvelopedData or AuthenticatedData object. The shared key encryption key will be used by an KeyAgreeRecipientInfo to encrypt the secret content encryption key or Mac key.

This method only works for Ephemeral-Static ECDH according to RFC 3278. If another key agreement method is requested, this method simply calls super.createSharedKeyEncryptionKey.

Overrides:
createSharedKeyEncryptionKey in class IaikProvider
Parameters:
keyAgreeAlg - the key agreement algorithm
myKey - the private key agreement key of the one party
otherKey - the public key agreement key of the other party
kea - the key ancryption algorithm (may be required for kek generation)
kekLength - the length of the shared key encryption key to be generated
ukm - any user keying material that may be required for kek generation
kekName - the name of the key encryption algorithm
Returns:
the shared key encryption key generated
Throws:
java.security.NoSuchAlgorithmException - if the requested algorithm is not available
java.security.InvalidKeyException - if there is a key related problem
java.security.InvalidAlgorithmParameterException - if the parameters are invalid

getEllipticCurveParameterSpec

public java.security.spec.AlgorithmParameterSpec getEllipticCurveParameterSpec(java.lang.String curveName)
                                                                        throws java.security.spec.InvalidParameterSpecException
Deprecated. 
Creates an EC AlgorithmParameterSpec for the given curve name.

Overrides:
getEllipticCurveParameterSpec in class SecurityProvider
Parameters:
curveName - the name of the curve
Returns:
the AlgorithmParameterSpec
Throws:
java.security.InvalidAlgorithmParameterException - if no AlgorithmParameterSpec for the given curve name is available or cannot be created
java.security.spec.InvalidParameterSpecException - if no AlgorithmParameterSpec for the given curve name is available or cannot be created
Overview  Package   Class  Tree  Deprecated  Index  Help 
This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note).
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
IAIK-CMS 6.0, (c) 2002 IAIK, (c) 2003, 2023 SIC