public class LunaKeyAgreementEcDh
extends javax.crypto.KeyAgreementSpi
Modifier and Type | Field and Description |
---|---|
protected java.security.KeyFactory |
kf |
protected LunaKey |
privateKey |
Modifier | Constructor and Description |
---|---|
|
LunaKeyAgreementEcDh() |
protected |
LunaKeyAgreementEcDh(long kdf,
boolean cof) |
Modifier and Type | Method and Description |
---|---|
protected void |
checkPublicKey(java.security.Key key,
boolean lastPhase)
Checks the parameters to engineDoPhase().
|
protected java.security.Key |
engineDoPhase(java.security.Key key,
boolean lastPhase)
Executes the next phase of this key agreement with the given key that was received from the other party involved in
this key agreement.
|
protected byte[] |
engineGenerateSecret()
Wrapper function around engineGenerateSecretWantBytes.
|
protected int |
engineGenerateSecret(byte[] sharedSecret,
int offset)
Generates the shared secret, and places it into the buffer
sharedSecret , beginning at
offset inclusive. |
protected javax.crypto.SecretKey |
engineGenerateSecret(java.lang.String algorithm)
Wrapper function around engineGenerateSecretWantBytes.
|
protected javax.crypto.SecretKey |
engineGenerateSecretWantBytes(java.lang.String algorithm,
boolean wantBytes)
Creates the shared secret and returns it as a secret key object of the requested algorithm type.
|
protected void |
engineInit(java.security.Key key,
java.security.spec.AlgorithmParameterSpec params,
java.security.SecureRandom random)
Initializes this key agreement.
|
protected void |
engineInit(java.security.Key key,
java.security.SecureRandom random)
Initializes this key agreement.
|
protected int |
getDerivedKeyLength(long algId)
Returns the derived key length in bytes for a key of the given algorithm.
|
protected int |
getMaxSharedSecretLength()
The key size is the maximum size of key that this curve can generate, in bits.
|
byte[] |
getParameterSpec()
Gets the additional information as a byte[].
|
protected LunaKey privateKey
protected final java.security.KeyFactory kf
public LunaKeyAgreementEcDh()
protected LunaKeyAgreementEcDh(long kdf, boolean cof)
public byte[] getParameterSpec()
protected void engineInit(java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random) throws java.security.InvalidKeyException
key
- The party's private information, typically the local party's private key. If the
private key does not already exist on the HSM it is injected into the HSM as a session
objectparams
- Any additional information required for the key agreement.random
- Unused. The Luna HSM has its own source of randomnessjava.security.InvalidKeyException
- If the given key is not an ECPrivateKeyprotected void engineInit(java.security.Key key, java.security.SecureRandom random) throws java.security.InvalidKeyException
engineInit
in class javax.crypto.KeyAgreementSpi
key
- The party's private information, typically the local party's private key. If the
private key does not already exist on the HSM it is injected into the HSM as a session
objectrandom
- Unused. The Luna HSM has its own source of randomnessjava.security.InvalidKeyException
- If the given key is not an ECPrivateKeyprotected java.security.Key engineDoPhase(java.security.Key key, boolean lastPhase) throws java.security.InvalidKeyException, java.lang.IllegalStateException
The Luna provider only supports two-party key exchanges, so this method can only be called once per exchange, with
lastPhase
set to true
engineDoPhase
in class javax.crypto.KeyAgreementSpi
key
- The other party's public keylastPhase
- Must be set to truejava.lang.IllegalStateException
- If this key agreement has not been initialized, or if lastPhase
is falsejava.security.InvalidKeyException
- If the given key is not an ECPublicKey, or if it is not in the same slot as the private key that the
agreement was initialized withprotected javax.crypto.SecretKey engineGenerateSecretWantBytes(java.lang.String algorithm, boolean wantBytes) throws java.lang.IllegalStateException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException
This method resets this KeyAgreement
object, so that it can be reused for further key agreements.
Unless this key agreement is reinitialized with one of the init
methods, the same private information
will be used for subsequent key agreements. However, doPhase
will have to be called after every call
to generateSecret
in order to re-initialize the public information.
algorithm
- The requested secret key algorithmwantBytes
- A hint that the caller just wants the key bytesjava.lang.IllegalStateException
- If this key agreement has not been completed yetjava.security.NoSuchAlgorithmException
- If the requested secret key algorithm is not availablejava.security.InvalidKeyException
- If the key material is too short to generate the requested secret keyprotected int getMaxSharedSecretLength()
protected byte[] engineGenerateSecret() throws java.lang.IllegalStateException
java.lang.IllegalStateException
protected javax.crypto.SecretKey engineGenerateSecret(java.lang.String algorithm) throws java.lang.IllegalStateException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException
engineGenerateSecret
in class javax.crypto.KeyAgreementSpi
java.lang.IllegalStateException
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
protected void checkPublicKey(java.security.Key key, boolean lastPhase) throws java.security.InvalidKeyException, java.lang.IllegalStateException
key
- The other party's public keylastPhase
- Must be set to truejava.lang.IllegalStateException
- If this key agreement has not been initialized, or if lastPhase
is falsejava.security.InvalidKeyException
- If the pubic key's slot doesn't match the private key's slotprotected int engineGenerateSecret(byte[] sharedSecret, int offset) throws java.lang.IllegalStateException, javax.crypto.ShortBufferException
sharedSecret
, beginning at
offset
inclusive.
If the sharedSecret
buffer is too small to hold the result, a ShortBufferException
is
thrown. In this case, the key agreement is not reset and the call can be repeated with a larger output buffer.
Successful completion of this method resets this KeyAgreement
object, so that it can be reused for
further key agreements. Unless this key agreement is reinitialized with one of the init
methods, the
same private information will be used for subsequent key agreements. However, doPhase
will have to be
called after every call to generateSecret
in order to re-initialize the public information.
engineGenerateSecret
in class javax.crypto.KeyAgreementSpi
sharedSecret
- The buffer for the shared secretoffset
- The offset in sharedSecret
where the shared secret will be storedsharedSecret
java.lang.IllegalStateException
- If this key agreement has not been completed yetjavax.crypto.ShortBufferException
- If the given output buffer is too small to hold the secretprotected int getDerivedKeyLength(long algId) throws java.security.NoSuchAlgorithmException
algId
- Algorithm of the secret keyjava.security.NoSuchAlgorithmException
- If the algorithm id is not recognizedCopyright 2014-2018 SafeNet. All rights reserved.