public class LunaKeyAgreementDh
extends javax.crypto.KeyAgreementSpi
Modifier and Type | Field and Description |
---|---|
protected java.security.KeyFactory |
kf |
protected LunaKey |
privateKey |
Constructor and Description |
---|
LunaKeyAgreementDh() |
Modifier and Type | Method and Description |
---|---|
protected void |
checkPublicKey(java.security.Key key,
boolean lastPhase)
Checks the parameters to engineDoPhase().
|
protected java.security.Key |
engineDoPhase(java.security.Key key,
boolean lastPhase)
Executes the next phase of this key agreement with the given key that was received from the
other party involved in this key agreement.
|
protected byte[] |
engineGenerateSecret()
Generates the shared secret and returns it in a new buffer.
|
protected int |
engineGenerateSecret(byte[] sharedSecret,
int offset)
Generates the shared secret, and places it into the buffer
sharedSecret , beginning at
offset inclusive. |
protected javax.crypto.SecretKey |
engineGenerateSecret(java.lang.String algorithm)
Creates the shared secret and returns it as a secret key object of the requested algorithm type.
|
protected void |
engineInit(java.security.Key key,
java.security.spec.AlgorithmParameterSpec inAlgParamSpec,
java.security.SecureRandom random)
Initializes this key agreement.
|
protected void |
engineInit(java.security.Key key,
java.security.SecureRandom random)
Initializes this key agreement.
|
protected int |
getDerivedKeyLength(long algId)
Returns the derived key length in bytes for a key of the given algorithm.
|
protected int |
getMaxSharedSecretLength()
The maximum size of the generated key will be equal to the size of the prime, in bits.
|
protected LunaKey privateKey
protected final java.security.KeyFactory kf
protected void engineInit(java.security.Key key, java.security.SecureRandom random) throws java.security.InvalidKeyException
engineInit
in class javax.crypto.KeyAgreementSpi
key
- The party's private information, typically the local party's private key. If the private key does not
already exist on the HSM it is injected into the HSM as a session objectrandom
- Unused. The Luna HSM has its own source of randomnessjava.security.InvalidKeyException
- If the given key is not a DHPrivateKeyprotected void engineInit(java.security.Key key, java.security.spec.AlgorithmParameterSpec inAlgParamSpec, java.security.SecureRandom random) throws java.security.InvalidKeyException, java.security.InvalidAlgorithmParameterException
key
- The party's private information, typically the local party's private key. If the
private key does not already exist on the HSM it is injected into the HSM as a session
objectinAlgParamSpec
- a DH key agreement parameter specrandom
- Unused. The Luna HSM has its own source of randomnessjava.security.InvalidKeyException
- If the given key is not a DHPrivateKeyjava.security.InvalidAlgorithmParameterException
- If the parameter spec isn't a LunaDHKeyAgreementParameterSpec.protected java.security.Key engineDoPhase(java.security.Key key, boolean lastPhase) throws java.security.InvalidKeyException, java.lang.IllegalStateException
The Luna provider only supports two-party key exchanges, so this method can only be called once
per exchange, with lastPhase
set to true
engineDoPhase
in class javax.crypto.KeyAgreementSpi
key
- The other party's public keylastPhase
- Must be set to truejava.lang.IllegalStateException
- If this key agreement has not been initialized, or if lastPhase
is falsejava.security.InvalidKeyException
- If the given key is not a DHPublicKey, or if it is not in the same slot as the
private key that the agreement was initialized withprotected javax.crypto.SecretKey engineGenerateSecret(java.lang.String algorithm) throws java.lang.IllegalStateException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException
This method resets this KeyAgreement
object, so that it can be reused for further key agreements.
Unless this key agreement is reinitialized with one of the init
methods, the same private information
will be used for subsequent key agreements. However, doPhase
will have to be called after every call
to generateSecret
in order to re-initialize the public information.
engineGenerateSecret
in class javax.crypto.KeyAgreementSpi
algorithm
- The requested secret key algorithmjava.lang.IllegalStateException
- If this key agreement has not been completed yetjava.security.NoSuchAlgorithmException
- If the requested secret key algorithm is not availablejava.security.InvalidKeyException
- If the key material is too short to generate the requested secret keyprotected int getMaxSharedSecretLength()
protected void checkPublicKey(java.security.Key key, boolean lastPhase) throws java.security.InvalidKeyException, java.lang.IllegalStateException
key
- The other party's public keylastPhase
- Must be set to truejava.lang.IllegalStateException
- If this key agreement has not been initialized, or if lastPhase
is falsejava.security.InvalidKeyException
- If the pubic key's slot doesn't match the private key's slotprotected byte[] engineGenerateSecret() throws java.lang.IllegalStateException
LunaSlotManager.
setExtractableKeys(true)
has been set. If LunaSlotManager
is set to create non-extractable
keys, the shared secret will remain on the HSM. In this case an encoded version of the key handle is returned.
This method resets this KeyAgreement
object, so that it can be reused for further key agreements.
Unless this key agreement is reinitialized with one of the init
methods, the same private information
will be used for subsequent key agreements. However, doPhase
will have to be called after every call
to generateSecret
in order to re-initialize the public information.
engineGenerateSecret
in class javax.crypto.KeyAgreementSpi
java.lang.IllegalStateException
protected int engineGenerateSecret(byte[] sharedSecret, int offset) throws java.lang.IllegalStateException, javax.crypto.ShortBufferException
sharedSecret
, beginning at
offset
inclusive.
If the sharedSecret
buffer is too small to hold the result, a ShortBufferException
is
thrown. In this case, the key agreement is not reset and the call can be repeated with a larger output buffer.
Successful completion of this method resets this KeyAgreement
object, so that it can be reused for
further key agreements. Unless this key agreement is reinitialized with one of the init
methods, the
same private information will be used for subsequent key agreements. However, doPhase
will have to be
called after every call to generateSecret
in order to re-initialize the public information.
engineGenerateSecret
in class javax.crypto.KeyAgreementSpi
sharedSecret
- The buffer for the shared secretoffset
- The offset in sharedSecret
where the shared secret will be storedsharedSecret
java.lang.IllegalStateException
- If this key agreement has not been completed yetjavax.crypto.ShortBufferException
- If the given output buffer is too small to hold the secretprotected int getDerivedKeyLength(long algId) throws java.security.NoSuchAlgorithmException
algId
- Algorithm of the secret keyjava.security.NoSuchAlgorithmException
- If the algorithm id is not recognizedCopyright 2014-2018 SafeNet. All rights reserved.