iaik.pkcs.pkcs11.provider.ciphers

Class EciesCipher

java.lang.Object

javax.crypto.CipherSpi

iaik.pkcs.pkcs11.provider.ciphers.PKCS11Cipher

iaik.pkcs.pkcs11.provider.ciphers.EciesCipher

All Implemented Interfaces:

PKCS11EngineClass

public class EciesCipher
extends PKCS11Cipher

Field Summary

Fields

Modifier and Type	Field and Description
protected int	blockSize_
protected java.io.ByteArrayOutputStream	buffer_ The buffer to collect all input, because RSA encryption/decryption mechanisms only support single-part operations.
protected static java.lang.String	CIPHER_NAME The JCE name of this cipher.
protected static iaik.pkcs.pkcs11.Mechanism	DEFAULT_MECHANISM The defualt mechanism for this cipher.
protected static java.lang.String	DEFAULT_MODE The defualt mode of operation for this cipher.
protected static java.lang.String	DEFAULT_PADDING The defualt padding scheme for this cipher.
protected static int	PKCS11_OPERATION_ENCRYPT_DECRYPT Indicates that this cipher should use the normal PKCS#11 encryption and decryption.
protected static int	PKCS11_OPERATION_SIGN_VERIFY Indicates that this cipher should use the PKCS#11 sign opertion for private key encryption.
protected int	pkcs11Operation_ The currently active PKCS11 operation sign/verify or encrypt/decrypt.
protected static java.lang.String	PKCS5_PADDING

Fields inherited from class iaik.pkcs.pkcs11.provider.ciphers.PKCS11Cipher

currentKeyIsSoftwareKey_, DUMMY_DATA, initialized_, key_, keyObject_, mechanism_, mode_, modeChanged_, operationMode_, padding_, paddingChanged_, parameters_, parameterSpecs_, pkcs11OperationInitialized_, session_, softwareDelegate_, tokenManager_, unwrapTemplate_, updateUsed_, usedMechanismInfos_, usedMechanisms_

Constructor Summary

Constructors

Constructor and Description
EciesCipher() Default constructor.

Method Summary

Modifier and Type	Method and Description
protected void	checkKeyObject(iaik.pkcs.pkcs11.objects.Key keyObject) Check the given key object, if it is acceptable for this cipher.
protected int	engineGetKeySize(java.security.Key key) If initialized with a PKCS#11 key, this method returns -1 by default.
protected java.lang.String	getAlgorithmName() Get the JCE name of this cipher algorithm.
protected iaik.pkcs.pkcs11.Mechanism	getDefaultMechanism() Get the default mechanism of this cipher.
protected java.lang.String	getDefaultMode() Get the default mode of operation of this cipher.
protected java.lang.String	getDefaultPadding() Get the default padding scheme of this cipher.
protected iaik.pkcs.pkcs11.Mechanism	getMechanism() Get the current mechanism of this cipher object.
protected iaik.pkcs.pkcs11.Mechanism	getMechanismForModeAndPadding() This method returns a mechanism object that corresponds to the currently set mode and padding.
protected iaik.pkcs.pkcs11.MechanismInfo[][]	getUsedMechanismFeatures() Returns an two-dimensional array of MechanismInfos that this engine class uses.
protected iaik.pkcs.pkcs11.Mechanism[]	getUsedMechanisms() Returns an array of Mechanisms that this engine class uses.
protected void	initializePkcs11Operation() The internal session initialization method, if all necessary member variables are set.
protected boolean	isModeSupported(java.lang.String mode) Check, if the given mode of operation is supported by this cipher.
protected boolean	isPaddingSupported(java.lang.String padding) Check, if the given padding scheme is supported by this cipher.
protected byte[]	pkcs11DoFinal(byte[] input, int inputOffset, int inputLength) Update the currently running cipher operation with the given data and finish the current operation.
protected int	pkcs11GetBlockSize() Get the block size of this cipher algorithm.
protected void	pkcs11Init(int operationMode, java.security.Key key, java.security.spec.AlgorithmParameterSpec parameterSpecs, java.security.SecureRandom randomSource) Initialize this cipher for an operation.
protected byte[]	pkcs11Update(byte[] data, int offset, int length) Update the currently running cipher operation with the given data.

Methods inherited from class iaik.pkcs.pkcs11.provider.ciphers.PKCS11Cipher

engineDoFinal, engineDoFinal, engineGetBlockSize, engineGetIV, engineGetOutputSize, engineGetParameters, engineInit, engineInit, engineInit, engineSetMode, engineSetPadding, engineUnwrap, engineUpdate, engineUpdate, engineUpdateAAD, engineWrap, finalize, finalizePkcs11Operation, getFullAlgorithmName, initialize, initializeSession, initializeSoftwareDelegate, isSupportedBy, pkcs11DoFinal, pkcs11GetIV, pkcs11GetKeySize, pkcs11GetOutputSize, pkcs11GetParameters, pkcs11Init, pkcs11Init, pkcs11Unwrap, pkcs11Update, pkcs11Wrap, updateAAD, updateAAD, updateAAD

Methods inherited from class javax.crypto.CipherSpi

engineDoFinal, engineUpdate, engineUpdateAAD

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CIPHER_NAME

protected static final java.lang.String CIPHER_NAME

The JCE name of this cipher.

See Also:

Constant Field Values

DEFAULT_MODE

protected static final java.lang.String DEFAULT_MODE

The defualt mode of operation for this cipher.

See Also:

Constant Field Values

DEFAULT_PADDING

protected static final java.lang.String DEFAULT_PADDING

The defualt padding scheme for this cipher.

See Also:

Constant Field Values

PKCS5_PADDING

protected static final java.lang.String PKCS5_PADDING

See Also:

Constant Field Values

DEFAULT_MECHANISM

protected static final iaik.pkcs.pkcs11.Mechanism DEFAULT_MECHANISM

The defualt mechanism for this cipher.

PKCS11_OPERATION_SIGN_VERIFY

protected static final int PKCS11_OPERATION_SIGN_VERIFY

Indicates that this cipher should use the PKCS#11 sign opertion for private key encryption.

See Also:

Constant Field Values

PKCS11_OPERATION_ENCRYPT_DECRYPT

protected static final int PKCS11_OPERATION_ENCRYPT_DECRYPT

Indicates that this cipher should use the normal PKCS#11 encryption and decryption.

See Also:

Constant Field Values

pkcs11Operation_

protected int pkcs11Operation_

The currently active PKCS11 operation sign/verify or encrypt/decrypt. Can be PKCS11_OPERATION_SIGN_VERIFY or PKCS11_OPERATION_ENCRYPT_DECRYPT.

buffer_

protected java.io.ByteArrayOutputStream buffer_

The buffer to collect all input, because RSA encryption/decryption mechanisms only support single-part operations.

blockSize_

protected int blockSize_

Constructor Detail

EciesCipher

public EciesCipher()

Default constructor.

Method Detail

getUsedMechanisms

protected iaik.pkcs.pkcs11.Mechanism[] getUsedMechanisms()

Returns an array of Mechanisms that this engine class uses. For each of this mechanisms, the engine must provide at least one MechanismInfo via the getRequiredMechanismFeatures() method.

Overrides:

getUsedMechanisms in class PKCS11Cipher

Returns:

An array that includes all used pkcs#11 mechanisms. The token must support at least one of these mechanisms. The dimension is equal to the first array dimension of getUsedMechanismFeatures(). May be empty, but must not be null.

Postconditions:

(result < > null) and (result.length == getUsedMechanismFeatures().length)

getUsedMechanismFeatures

protected iaik.pkcs.pkcs11.MechanismInfo[][] getUsedMechanismFeatures()

Returns an two-dimensional array of MechanismInfos that this engine class uses. For each mechanism used by this engine, the engine must provide at least one MechanismInfo. The first dimension (index) of the returned array corresponds to the used mechanism as returned by getUsedMechanisms(). The array at this index is the list of used feature combinations used by this engine. The current token must at least support one mechanism and one of the feature combinations (expressed as a MechanismInfo) of the same machanism.

Overrides:

getUsedMechanismFeatures in class PKCS11Cipher

Returns:

An two-dimensional array that includes MechanismInfo objects. The first dimension is equal to the array dimension of getUsedMechanisms(). The token must at least supprot one of these features.

Postconditions:

(result < > null) and (result.length > 0) and (result.length == getUsedMechanisms().length)

engineGetKeySize

protected int engineGetKeySize(java.security.Key key)
                        throws java.security.InvalidKeyException

If initialized with a PKCS#11 key, this method returns -1 by default. If the key is a key of this provider, it delegates the call to the corresponding pkcs11 method with prefix pkcs11 instead of engine. This implementation tries to determine the key length by getting the modulus.

Overrides:

engineGetKeySize in class PKCS11Cipher

Parameters:

key - The key to check.

Returns:

-1 if the key is a PKCS#11 key, the length of the modulus if the key is a software key.

Throws:

java.security.InvalidKeyException - If the key is invalid for this cipher.

Preconditions:

(key < > null)

checkKeyObject

protected void checkKeyObject(iaik.pkcs.pkcs11.objects.Key keyObject)
                       throws java.security.InvalidKeyException

Check the given key object, if it is acceptable for this cipher. Throw an exception, if not.

Specified by:

checkKeyObject in class PKCS11Cipher

Parameters:

keyObject - The key object to check.

Throws:

java.security.InvalidKeyException - If this cipher cannot work with this type of key object.

Preconditions:

(key < > null)

pkcs11Init

protected void pkcs11Init(int operationMode,
                          java.security.Key key,
                          java.security.spec.AlgorithmParameterSpec parameterSpecs,
                          java.security.SecureRandom randomSource)
                   throws java.security.InvalidAlgorithmParameterException,
                          java.security.InvalidKeyException

Initialize this cipher for an operation.

Overrides:

pkcs11Init in class PKCS11Cipher

Parameters:

operationMode - The operation to initialize; Cipher.ENCRYPT_MODE, Cipher.DECRYPT_MODE, Cipher.UNWRAP_MODE or Cipher.WRAP_MODE.

key - The key to use for the operation.

parameterSpecs - The parameter specs to use. Some cipher do not support parameter specs, they require null.

randomSource - Optional random source to use.

Throws:

java.security.InvalidAlgorithmParameterException - If the parameter specs are invalid.

java.security.InvalidKeyException - If the key is invalid for this operation.

Preconditions:

(( operationMode = = Cipher.ENCRYPT_MODE) or (operationMode == Cipher.DECRYPT_MODE) or (operationMode == Cipher.UNWRAP_MODE) or (operationMode == Cipher.WRAP_MODE)) and (key <> null)

initializePkcs11Operation

protected void initializePkcs11Operation()
                                  throws java.security.InvalidAlgorithmParameterException,
                                         java.security.InvalidKeyException

The internal session initialization method, if all necessary member variables are set. This is a special implementation for RSA, because we try to use the sign operation instead of encrypt if used with a private key. This makes this implementation useful for cards that only support signing but no encryption.

Overrides:

initializePkcs11Operation in class PKCS11Cipher

Throws:

java.security.InvalidAlgorithmParameterException - If the parameter specs are invalid.

java.security.InvalidKeyException - If the key is invalid for this operation.

isModeSupported

protected boolean isModeSupported(java.lang.String mode)

Description copied from class: PKCS11Cipher

Check, if the given mode of operation is supported by this cipher.

Specified by:

isModeSupported in class PKCS11Cipher

Parameters:

mode - The mode to check.

Returns:

True, if the mode is supported, false otherwise.

isPaddingSupported

protected boolean isPaddingSupported(java.lang.String padding)

Description copied from class: PKCS11Cipher

Check, if the given padding scheme is supported by this cipher.

Specified by:

isPaddingSupported in class PKCS11Cipher

Parameters:

padding - The padding scheme to check.

Returns:

True, if the padding scheme is supported, false otherwise.

pkcs11Update

protected byte[] pkcs11Update(byte[] data,
                              int offset,
                              int length)

Update the currently running cipher operation with the given data.

Overrides:

pkcs11Update in class PKCS11Cipher

Parameters:

data - The byte array that holds the data.

offset - The offset in the byte array that indicates the first data byte to read.

length - The number of bytes to read starting from offset.

Returns:

The current intermediate result, if any. May be null.

Preconditions:

(data < > null) and ((offset + length) <= data.length)

pkcs11DoFinal

protected byte[] pkcs11DoFinal(byte[] input,
                               int inputOffset,
                               int inputLength)
                        throws javax.crypto.BadPaddingException,
                               javax.crypto.IllegalBlockSizeException

Update the currently running cipher operation with the given data and finish the current operation. This may include padding before processing the last data block or unpadding after the processing of the last block.

Overrides:

pkcs11DoFinal in class PKCS11Cipher

Parameters:

input - The byte array that holds the input data.

inputOffset - The offset in the input byte array that indicates the first input data byte to read.

inputLength - The number of bytes to read starting from offset.

Returns:

The final operation result; i.e. cipher text or plain text.

Throws:

javax.crypto.BadPaddingException - If the padding of the decrypted data is bad or if the padding of the input data failed.

javax.crypto.IllegalBlockSizeException - If the input data size does not match the required block size.

Postconditions:

(result < > null)

Preconditions:

(input < > null) implies ((inputOffset + inputLength) <= input.length)

getAlgorithmName

protected java.lang.String getAlgorithmName()

Get the JCE name of this cipher algorithm.

Specified by:

getAlgorithmName in class PKCS11Cipher

Returns:

The JCE name of this cipher algorithm; e.g. RSA.

pkcs11GetBlockSize

protected int pkcs11GetBlockSize()

Get the block size of this cipher algorithm. This is the same as the current key size, but in bytes.

Overrides:

pkcs11GetBlockSize in class PKCS11Cipher

Returns:

The block size in bytes or -1, if unknown.

getDefaultMechanism

protected iaik.pkcs.pkcs11.Mechanism getDefaultMechanism()

Get the default mechanism of this cipher. This must work with the default mode of operation and padding

Specified by:

getDefaultMechanism in class PKCS11Cipher

Returns:

The default mechanism; e.g. Mechanism.RSA_PKCS.

Postconditions:

(result < > null)

getDefaultMode

protected java.lang.String getDefaultMode()

Get the default mode of operation of this cipher.

Returns:

The default mode of operation of this cipher; e.g. "ECB".

Postconditions:

(result < > null)

getDefaultPadding

protected java.lang.String getDefaultPadding()

Get the default padding scheme of this cipher.

Returns:

The default padding scheme of this cipher; e.g. "pkcs1padding"

Postconditions:

(result < > null)

getMechanism

protected iaik.pkcs.pkcs11.Mechanism getMechanism()

Get the current mechanism of this cipher object. This may change with the mode of operation and padding. This mechanism must also include any required parameter objects.

Specified by:

getMechanism in class PKCS11Cipher

Returns:

The mechanism this object uses for encryption and decrpytion. If the currently set combination of mode and padding is unsupported, this method returns null.

getMechanismForModeAndPadding

protected iaik.pkcs.pkcs11.Mechanism getMechanismForModeAndPadding()
                                                            throws java.security.NoSuchAlgorithmException

This method returns a mechanism object that corresponds to the currently set mode and padding.

Returns:

The mechanism that corresponds to the current mode and padding.

Throws:

java.security.NoSuchAlgorithmException - If the current combination of mode and padding is unsupported.

Postconditions:

(result < > null)