com.unbound.client.pkcs11.PKCS11ECPrivateKey Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of unbound-java-provider Show documentation
Show all versions of unbound-java-provider Show documentation
This is a collection of JAVA libraries that implement Unbound cryptographic classes for JAVA provider, PKCS11 wrapper, cryptoki, and advapi
package com.unbound.client.pkcs11;
import com.dyadicsec.cryptoki.*;
import com.unbound.client.ECPrivateKeyObject;
import com.unbound.client.ObjectType;
import com.unbound.common.Converter;
import com.unbound.common.crypto.EC;
import com.unbound.kmip.KMIP;
import com.unbound.kmip.attribute.BoolAttribute;
import com.unbound.provider.KeyParameters;
import java.security.ProviderException;
import java.security.interfaces.ECPrivateKey;
import java.security.spec.ECPoint;
import java.util.ArrayList;
public final class PKCS11ECPrivateKey extends PKCS11Object implements ECPrivateKeyObject
{
private EC.Curve curve = null;
private ECPoint point = null;
PKCS11ECPrivateKey(PKCS11Session session, int handle)
{
super(ObjectType.ECPrv, handle);
read(session);
}
@Override
public EC.Curve getCurve()
{
return curve;
}
@Override
public ECPoint getPoint() { return point; }
@Override
protected void getReadTemplate(ArrayList t)
{
super.getReadTemplate(t);
t.add(new CK_ATTRIBUTE(CK.CKA_EC_PARAMS));
t.add(new CK_ATTRIBUTE(CK.CKA_EC_POINT));
}
@Override
protected int acceptReadTempate(CK_ATTRIBUTE[] attrs) throws CKR_Exception
{
int index = super.acceptReadTempate(attrs);
curve = EC.getCurveByOid((byte[])attrs[index+0].pValue);
if (curve==null) throw new ProviderException("Unknown curve");
point = curve.fromDer((byte[])attrs[index+1].pValue);
return index+2;
}
static ArrayList getNewTemplate(String name, KeyParameters kp)
{
if (name==null && kp!=null) name = kp.getName();
ArrayList t = new ArrayList();
try
{
t.add(new CK_ATTRIBUTE(CK.CKA_TOKEN, kp==null || kp.isToken()));
t.add(new CK_ATTRIBUTE(CK.CKA_CLASS, CK.CKO_PRIVATE_KEY));
t.add(new CK_ATTRIBUTE(CK.CKA_KEY_TYPE, CK.CKK_EC));
if (name!=null) t.add(new CK_ATTRIBUTE(CK.CKA_ID, strToId(name)));
if (kp!=null)
{
boolean ecdsaExp = kp.isSetSign();
boolean ecdsa = kp.isAllowSign();
boolean ecdhExp = kp.isSetDerive();
boolean ecdh = kp.isAllowDerive();
boolean isEcdh = ecdhExp && ecdh && (!ecdsaExp || !ecdsa);
if (isEcdh)
{
t.add(new CK_ATTRIBUTE(CK.CKA_SIGN, false));
t.add(new CK_ATTRIBUTE(CK.CKA_DERIVE, true));
t.add(new CK_ATTRIBUTE(CK.CKA_DECRYPT, kp.isAllowDecrypt()));
}
else
{
t.add(new CK_ATTRIBUTE(CK.CKA_SIGN, true));
t.add(new CK_ATTRIBUTE(CK.CKA_DERIVE, false));
}
makeExportLevel(t, kp);
}
}
catch (CKR_Exception e)
{
throw new ProviderException(e);
}
return t;
}
static PKCS11ECPrivateKey importKey(PKCS11Session session, String name, ECPrivateKey keyValue, KeyParameters kp)
{
try
{
ArrayList t = getNewTemplate(name, kp);
EC.Curve curve = EC.getCurve(keyValue.getParams());
t.add(new CK_ATTRIBUTE(CK.CKA_EC_PARAMS, curve.oid));
t.add(new CK_ATTRIBUTE(CK.CKA_VALUE, Converter.bigNumToBin(keyValue.getS(), curve.size)));
int keyHandle = Library.C_CreateObject(session.getHandle(), getAttrs(t));
return new PKCS11ECPrivateKey(session, keyHandle);
}
catch (CKR_Exception e) { throw new ProviderException(e); }
}
static PKCS11ECPrivateKey generate(PKCS11Session session, String name, EC.Curve curve, KeyParameters kp)
{
try
{
ArrayList t = getNewTemplate(name, kp);
CK_ATTRIBUTE[] tPub =
{
new CK_ATTRIBUTE(CK.CKA_TOKEN, false),
new CK_ATTRIBUTE(CK.CKA_CLASS, CK.CKO_PUBLIC_KEY),
new CK_ATTRIBUTE(CK.CKA_KEY_TYPE, CK.CKK_EC),
new CK_ATTRIBUTE(CK.CKA_EC_PARAMS, curve.oid),
};
int[] keyHandles = Library.C_GenerateKeyPair(session.getHandle(), new CK_MECHANISM(CK.CKM_EC_KEY_PAIR_GEN), tPub, getAttrs(t));
Library.C_DestroyObject(session.getHandle(), keyHandles[0]);
return new PKCS11ECPrivateKey(session, keyHandles[1]);
}
catch (CKR_Exception e) { throw new ProviderException(e); }
}
}