com.unbound.provider.UBECDHKeyAgreement Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of unbound-java-provider Show documentation
Show all versions of unbound-java-provider Show documentation
This is a collection of JAVA libraries that implement Unbound cryptographic classes for JAVA provider, PKCS11 wrapper, cryptoki, and advapi
package com.unbound.provider;
import com.unbound.client.Client;
import com.unbound.client.DeriveMode;
import com.unbound.client.DeriveOper;
import com.unbound.client.ECPrivateKeyObject;
import com.unbound.common.crypto.EC;
import javax.crypto.KeyAgreementSpi;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.SecretKeySpec;
import java.security.*;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
public final class UBECDHKeyAgreement extends KeyAgreementSpi
{
final DeriveOper oper = Client.getInstance().newDeriveOperation();
private EC.Curve getCurve()
{
return ((ECPrivateKeyObject)oper.keyObject).getCurve();
}
@Override
protected void engineInit(Key key, SecureRandom secureRandom) throws InvalidKeyException
{
if (!(key instanceof UBECPrivateKey)) throw new InvalidKeyException("Key must be instance of UBECPrivateKey");
oper.keyObject = ((UBECPrivateKey)key).object;
}
@Override
protected void engineInit(Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException
{
if (algorithmParameterSpec != null) throw new InvalidAlgorithmParameterException("Parameters not supported");
engineInit(key, null);
}
@Override
protected Key engineDoPhase(Key key, boolean lastPhase) throws InvalidKeyException, IllegalStateException
{
if (oper.keyObject == null) throw new IllegalStateException("Not initialized");
if (!lastPhase) throw new IllegalStateException("Only two party agreement supported, lastPhase must be true");
if (oper.ecdhPubKey != null) throw new IllegalStateException("Phase already executed");
if (!(key instanceof ECPublicKey))
throw new InvalidKeyException("Key must be a ECPublicKey");
ECPublicKey pubKey = (ECPublicKey) key;
EC.Curve curve = getCurve();
if (!pubKey.getParams().equals(curve.spec))
{
throw new InvalidKeyException("EC curve doesn't match");
}
oper.ecdhPubKey = pubKey.getW();
return null;
}
@Override
protected byte[] engineGenerateSecret() throws IllegalStateException
{
if ((oper.keyObject == null) || (oper.ecdhPubKey == null)) throw new IllegalStateException("Not initialized correctly");
oper.mode = DeriveMode.ECDH;
return oper.derive();
}
@Override
protected int engineGenerateSecret(byte[] out, int outOffset) throws IllegalStateException, ShortBufferException
{
if ((oper.keyObject == null) || (oper.ecdhPubKey == null)) throw new IllegalStateException("Not initialized correctly");
EC.Curve curve = getCurve();
int secretLen = curve.size;
if (outOffset + secretLen > out.length)
throw new ShortBufferException("Need " + secretLen + " bytes, only " + (out.length - outOffset) + " available");
byte[] secret = engineGenerateSecret();
System.arraycopy(secret, 0, out, outOffset, secret.length);
return secret.length;
}
@Override
protected SecretKey engineGenerateSecret(String algorithm) throws IllegalStateException, NoSuchAlgorithmException, InvalidKeyException
{
if (algorithm == null) throw new NoSuchAlgorithmException("Algorithm must not be null");
if (!(algorithm.equals("TlsPremasterSecret")))
throw new NoSuchAlgorithmException("Only supported for algorithm TlsPremasterSecret");
return new SecretKeySpec(engineGenerateSecret(), "TlsPremasterSecret");
}
}