org.bouncycastle.jcajce.spec.KTSParameterSpec Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of bc-fips Show documentation
The FIPS 140-3 Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms certified to FIPS 140-3 level 1. This jar contains JCE provider and low-level API for the BC-FJA version 2.0.0, FIPS Certificate #4743. Please see certificate for certified platform details.
There is a newer version: 2.0.0
Show newest version
package org.bouncycastle.jcajce.spec;

import java.security.spec.AlgorithmParameterSpec;

import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.crypto.fips.FipsKDF;
import org.bouncycastle.util.Arrays;

/**
 * Parameter spec for doing KTS based wrapping via the Cipher API.
 */
public class KTSParameterSpec
    implements AlgorithmParameterSpec
{
    public static final FipsKDF.AgreementKDFParametersBuilder KDF2 = FipsKDF.X963;
    public static final FipsKDF.AgreementKDFParametersBuilder KDF3 = FipsKDF.CONCATENATION;

    private final String wrappingKeyAlgorithm;
    private final int keySizeInBits;
    private final AlgorithmParameterSpec parameterSpec;
    private final AlgorithmIdentifier kdfAlgorithm;
    private byte[] otherInfo;

    /**
     * Builder class for creating a KTSParameterSpec.
     */
    public static final class Builder
    {
        private final String algorithmName;
        private final int keySizeInBits;

        private AlgorithmParameterSpec parameterSpec;
        private AlgorithmIdentifier kdfAlgorithm;
        private byte[] otherInfo;

        /**
         * Basic builder.
         *
         * @param algorithmName the algorithm name for the secret key we use for wrapping.
         * @param keySizeInBits the size of the wrapping key we want to produce in bits.
         */
        public Builder(String algorithmName, int keySizeInBits)
        {
            this(algorithmName, keySizeInBits, null);
        }

        /**
         * Basic builder.
         *
         * @param algorithmName the algorithm name for the secret key we use for wrapping.
         * @param keySizeInBits the size of the wrapping key we want to produce in bits.
         * @param otherInfo     the otherInfo/IV encoding to be applied to the KDF.
         */
        public Builder(String algorithmName, int keySizeInBits, byte[] otherInfo)
        {
            this.algorithmName = algorithmName;
            this.keySizeInBits = keySizeInBits;
            this.kdfAlgorithm = KTSKeySpec.createAlgId(KDF3.withPRF(FipsKDF.AgreementKDFPRF.SHA256));
            this.otherInfo = KTSKeySpec.copyOtherInfo(otherInfo);
        }

        /**
         * Set the algorithm parameter spec to be used with the wrapper.
         *
         * @param parameterSpec the algorithm parameter spec to be used in wrapping/unwrapping.
         * @return the current Builder instance.
         */
        public Builder withParameterSpec(AlgorithmParameterSpec parameterSpec)
        {
            this.parameterSpec = parameterSpec;

            return this;
        }

        /**
         * Set the KDF algorithm and digest algorithm for wrap key generation.
         *
         * @param kdfSource    the KDF algorithm to apply.
         * @return the current Builder instance.
         */
        public Builder withKdfAlgorithm(FipsKDF.AgreementKDFParametersBuilder kdfSource)
        {
            this.kdfAlgorithm = KTSKeySpec.createAlgId(kdfSource);

            return this;
        }

        /**
         * Set the KDF algorithm and digest algorithm for wrap key generation.
         *
         * @param kdfAlgorithm the KDF algorithm to apply.
         * @return the current Builder instance.
         */
        public Builder withKdfAlgorithm(AlgorithmIdentifier kdfAlgorithm)
        {
            this.kdfAlgorithm = kdfAlgorithm;

            return this;
        }

        /**
         * Build the new parameter spec.
         *
         * @return a new parameter spec configured according to the builder state.
         */
        public KTSParameterSpec build()
        {
            return new KTSParameterSpec(algorithmName, keySizeInBits, parameterSpec, kdfAlgorithm, otherInfo);
        }
    }

    private KTSParameterSpec(
        String wrappingKeyAlgorithm, int keySizeInBits,
        AlgorithmParameterSpec parameterSpec, AlgorithmIdentifier kdfAlgorithm, byte[] otherInfo)
    {
        this.wrappingKeyAlgorithm = wrappingKeyAlgorithm;
        this.keySizeInBits = keySizeInBits;
        this.parameterSpec = parameterSpec;
        this.kdfAlgorithm = kdfAlgorithm;
        this.otherInfo = otherInfo;
    }

    /**
     * Return the name of the algorithm for the wrapping key this key spec should use.
     *
     * @return the key algorithm.
     */
    public String getKeyAlgorithmName()
    {
        return wrappingKeyAlgorithm;
    }

    /**
     * Return the size of the key (in bits) for the wrapping key this key spec should use.
     *
     * @return length in bits of the key to be calculated.
     */
    public int getKeySize()
    {
        return keySizeInBits;
    }

    /**
     * Return the algorithm parameter spec to be applied with the private key when the encapsulation is decrypted.
     *
     * @return the algorithm parameter spec to be used with the private key.
     */
    public AlgorithmParameterSpec getParameterSpec()
    {
        return parameterSpec;
    }

    /**
     * Return the AlgorithmIdentifier for the KDF to do key derivation after extracting the secret.
     *
     * @return the AlgorithmIdentifier for the SecretKeyFactory's KDF.
     */
    public AlgorithmIdentifier getKdfAlgorithm()
    {
        return kdfAlgorithm;
    }

    /**
     * Return the otherInfo data for initialising the KDF.
     *
     * @return the otherInfo data.
     */
    public byte[] getOtherInfo()
    {
        return Arrays.clone(otherInfo);
    }
}