iaik.pkcs.pkcs11.provider.keyagreements

Class EcDhKeyAgreement

java.lang.Object

javax.crypto.KeyAgreementSpi

iaik.pkcs.pkcs11.provider.keyagreements.PKCS11KeyAgreement

iaik.pkcs.pkcs11.provider.keyagreements.EcDhKeyAgreement

All Implemented Interfaces:

PKCS11EngineClass

Direct Known Subclasses:

EcDhCoFactorKeyAgreement

public class EcDhKeyAgreement
extends PKCS11KeyAgreement

This is a Elliptic-Curve Diffie-Hellman key agreement implementation that uses a PKCS#11 token to perform the actual operation. This implementation must be initialized using a PKCS11KeyAgreementSpec.

Author:

Florian Reimair

Field Summary

Fields

Modifier and Type	Field and Description
protected static java.lang.String	KEY_AGREEEMENT_ALGORITHM_NAME The JCA standard name of this signature algorithm.
protected iaik.pkcs.pkcs11.Mechanism	mechanism_ The current cryptoki mechanism to use.

Fields inherited from class iaik.pkcs.pkcs11.provider.keyagreements.PKCS11KeyAgreement

currentKeyIsSoftwareKey_, initialized_, initKey_, initKeyObject_, keyAgreementSpec_, keyAgreementSpecChanged_, phaseKey_, pkcs11OperationInitialized_, session_, softwareDelegate_, tokenManager_, usedMechanismInfos_, usedMechanisms_

Constructor Summary

Constructors

Constructor and Description
EcDhKeyAgreement() Default constructor.

Method Summary

Modifier and Type	Method and Description
protected void	checkInitKeyObject(iaik.pkcs.pkcs11.objects.Key key) Check the key object used for initialization, if it is acceptable for this agreement implementation.
protected void	checkPhaseKeyObject(iaik.pkcs.pkcs11.objects.Key key) Check the key object used for a phase, if it is acceptable for this agreement implementation.
protected void	engineInit(java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random) Initializes this KeyAgreement with the given key, algorithm parameters, and random seed.
protected java.lang.String	getAlgorithmName() Get the JCA standard name of this signautre algorithm.
protected int	getMaxSecretLength(iaik.pkcs.pkcs11.objects.Key phaseKey) Get the maximum length in bytes of the resulting shared secret key.
protected iaik.pkcs.pkcs11.Mechanism	getMechanism() Get the mechanism that this key agreement uses.
protected iaik.pkcs.pkcs11.Mechanism[]	getUsedMechanisms() Returns an array of Mechanisms that this engine class uses.

Methods inherited from class iaik.pkcs.pkcs11.provider.keyagreements.PKCS11KeyAgreement

engineDoPhase, engineGenerateSecret, engineGenerateSecret, engineGenerateSecret, engineInit, extractValue, finalize, finalizePkcs11Operation, getUsedMechanismFeatures, initializePkcs11Operation, initializeSession, initializeSoftwareDelegate, isSupportedBy, pkcs11DoPhase, pkcs11GenerateSecret, pkcs11GenerateSecret, pkcs11GenerateSecret, pkcs11Init, pkcs11Init

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

KEY_AGREEEMENT_ALGORITHM_NAME

protected static final java.lang.String KEY_AGREEEMENT_ALGORITHM_NAME

The JCA standard name of this signature algorithm.

See Also:

Constant Field Values

mechanism_

protected iaik.pkcs.pkcs11.Mechanism mechanism_

The current cryptoki mechanism to use.

Constructor Detail

EcDhKeyAgreement

public EcDhKeyAgreement()

Default constructor.

Method Detail

getUsedMechanisms

protected iaik.pkcs.pkcs11.Mechanism[] getUsedMechanisms()

Returns an array of Mechanisms that this engine class uses. For each of this mechanisms, the engine must provide at least one MechanismInfo via the getRequiredMechanismFeatures() method.

Overrides:

getUsedMechanisms in class PKCS11KeyAgreement

Returns:

An array that includes all used pkcs#11 mechanisms. The token must support at least one of these mechanisms. The dimension is equal to the first array dimension of getUsedMechanismFeatures(). May be empty, but must not be null.

Postconditions:

(result <> null) and (result.length == getUsedMechanismFeatures().length)

getAlgorithmName

protected java.lang.String getAlgorithmName()

Get the JCA standard name of this signautre algorithm.

Specified by:

getAlgorithmName in class PKCS11KeyAgreement

Returns:

The JCA standard name of this signautre algorithm.

Postconditions:

(result <> null)

engineInit

protected void engineInit(java.security.Key key,
                          java.security.spec.AlgorithmParameterSpec params,
                          java.security.SecureRandom random)
                   throws java.security.InvalidKeyException,
                          java.security.InvalidAlgorithmParameterException

Description copied from class: PKCS11KeyAgreement

Initializes this KeyAgreement with the given key, algorithm parameters, and random seed. The given key constitutes the private key of some entity being involved in this key agreement procedure. Each entity being involved in a key agreement process has to create a KeyAgreement object and subsequently initialize it with the entity's private key for bringing in the private information which will be accessed when required during any phase of the key agreement process. Any key material later supplied to any of the doFinal methods will represent public key material of another participated entity or key material resulting from some previously performed phase (if there are more than two entities involved in the key agreement). This implementation delegates this call to the software provider, if the key is a software key. If the key is a key of this provider, it delegates the call to the corresponding pkcs11 method with prefix pkcs11 instead of engine.

Overrides:

engineInit in class PKCS11KeyAgreement

Parameters:

key - the private key information of the entity involved in the key agreement

params - The algorithm parameters used for this key agreement algorithm. It must be a PKCS11KeyAgreementSpec for this implementation.

random - The random seed. This implementation ignores this parameter.

Throws:

java.security.InvalidKeyException - if the given key cannot be used for this key agreement

java.security.InvalidAlgorithmParameterException - if the given parameters do not match to this key agreement algorithm

checkInitKeyObject

protected void checkInitKeyObject(iaik.pkcs.pkcs11.objects.Key key)
                           throws java.security.InvalidKeyException

Check the key object used for initialization, if it is acceptable for this agreement implementation. Throw an exception, if not.

Specified by:

checkInitKeyObject in class PKCS11KeyAgreement

Parameters:

key - The initialization key object to check.

Throws:

java.security.InvalidKeyException - If this implementation cannot work with this type of key object.

Preconditions:

(key <> null)

checkPhaseKeyObject

protected void checkPhaseKeyObject(iaik.pkcs.pkcs11.objects.Key key)
                            throws java.security.InvalidKeyException

Check the key object used for a phase, if it is acceptable for this agreement implementation. Throw an exception, if not.

Specified by:

checkPhaseKeyObject in class PKCS11KeyAgreement

Parameters:

key - The phase key object to check.

Throws:

java.security.InvalidKeyException - If this implementation cannot work with this type of key object.

Preconditions:

(key <> null)

getMaxSecretLength

protected int getMaxSecretLength(iaik.pkcs.pkcs11.objects.Key phaseKey)

Get the maximum length in bytes of the resulting shared secret key. Since this depends on the algorithm, it is abstract and has to be implemented by concrete classes.

The provided phase key may help the implementatin in determining the maximum length; e.g. for Diffie-Hellman in getting the length of the prime P.

Specified by:

getMaxSecretLength in class PKCS11KeyAgreement

Parameters:

phaseKey - The (last) phase key which has been passed to PKCS11KeyAgreement.engineDoPhase(java.security.Key, boolean).

Returns:

The maximum shared secret length in bytes.

Postconditions:

(result > 0)

Preconditions:

(phaseKey <> null)

getMechanism

protected iaik.pkcs.pkcs11.Mechanism getMechanism()

Get the mechanism that this key agreement uses. This must already include any required parameters.

Specified by:

getMechanism in class PKCS11KeyAgreement

Returns:

The mechanism that this key generator uses.

Postconditions:

(result <> null)