Package org.mozilla.jss.pkcs11
Class PK11KeyWrapper
java.lang.Object
org.mozilla.jss.pkcs11.PK11KeyWrapper
- All Implemented Interfaces:
KeyWrapper
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate KeyWrapAlgorithmprivate byte[]static final org.slf4j.Loggerprivate AlgorithmParameterSpecprivate PrivateKeyprivate PublicKeyprivate intprivate SymmetricKeyprivate PK11Tokenprivate static final intprivate static final intprivate static final int -
Constructor Summary
ConstructorsModifierConstructorDescriptionprivate(package private)PK11KeyWrapper(PK11Token token, KeyWrapAlgorithm algorithm) -
Method Summary
Modifier and TypeMethodDescriptionprivate static AlgorithmalgFromType(PrivateKey.Type type) private static AlgorithmalgFromType(SymmetricKey.Type type) private PrivateKeybaseUnwrapPrivate(byte[] wrapped, PrivateKey.Type type, PublicKey publicKey, boolean temporary) private AlgorithmParameterSpeccheckParams(AlgorithmParameterSpec params) private voidcheckWrappee(PrivateKey privKey) Makes sure the key lives on the right token.private voidcheckWrappee(SymmetricKey symKey) Makes sure the key lives on the right token.private voidcheckWrapper(PublicKey key) Makes sure the key is right for the algorithm.private voidcheckWrapper(PrivateKey key) Makes sure the key is on the token and is right for the algorithm.private voidcheckWrapper(SymmetricKey key) Makes sure the key lives on the token and is right for the algorithm.private static byte[]extractPublicValue(PublicKey publicKey, PrivateKey.Type type) Extracts the "public value" from a public key.voidFor plaintext-wrapped keys.private voidinitUnwrap(AlgorithmParameterSpec parameters) Does the key-independent parts of initializing an unwrap.voidinitUnwrap(PrivateKey unwrappingKey, AlgorithmParameterSpec parameters) voidinitUnwrap(SymmetricKey unwrappingKey, AlgorithmParameterSpec parameters) voidinitWrap()For wrapping keys in plaintext.voidinitWrap(PublicKey wrappingKey, AlgorithmParameterSpec parameters) private voidinitWrap(AlgorithmParameterSpec parameters) Does everything that is key-independent for initializing a wrap.voidinitWrap(SymmetricKey wrappingKey, AlgorithmParameterSpec parameters) private static PrivateKeynativeUnwrapPrivWithSym(PK11Token token, SymmetricKey unwrappingKey, byte[] wrappedKey, KeyWrapAlgorithm alg, Algorithm type, byte[] publicValue, byte[] IV, boolean temporary) Unwrap a private with a symmetric.private static SymmetricKeynativeUnwrapSymPlaintext(PK11Token token, byte[] wrappedKey, Algorithm type, int usageEnum, boolean temporary) private static SymmetricKeynativeUnwrapSymWithPriv(PK11Token token, PrivateKey unwrappingKey, byte[] wrappedKey, KeyWrapAlgorithm alg, Algorithm type, int keyLen, NativeProxy params, long params_size, int usageEnum) Unwrap a symmetric with a private.private static SymmetricKeynativeUnwrapSymWithSym(PK11Token token, SymmetricKey unwrappingKey, byte[] wrappedKey, KeyWrapAlgorithm alg, Algorithm type, int keyLen, byte[] IV, int usageEnum, boolean temporary) Unwrap a symmetric with a symmetric.private static byte[]nativeWrapPrivWithSym(PK11Token token, PrivateKey toBeWrapped, SymmetricKey wrappingKey, KeyWrapAlgorithm alg, byte[] IV) Wrap a private with a symmetricprivate static byte[]nativeWrapSymWithPub(PK11Token token, SymmetricKey toBeWrapped, PublicKey wrappingKey, KeyWrapAlgorithm alg, NativeProxy params, long params_size) Wrap a symmetric with a publicprivate static byte[]nativeWrapSymWithSym(PK11Token token, SymmetricKey toBeWrapped, SymmetricKey wrappingKey, KeyWrapAlgorithm alg, byte[] IV) Wrap a symmetric with a symmetricprivate voidreset()unwrapPrivate(byte[] wrapped, PrivateKey.Type type, PublicKey publicKey) Unwraps a private key, creating a permanent private key object.unwrapSymmetric(byte[] wrapped, SymmetricKey.Type type, int keyLen) Unwraps a key and allows it to be used for all operations.private SymmetricKeyunwrapSymmetric(byte[] wrapped, SymmetricKey.Type type, int usageEnum, int keyLen) unwrapSymmetric(byte[] wrapped, SymmetricKey.Type type, SymmetricKey.Usage usage, int keyLen) unwrapSymmetricPerm(byte[] wrapped, SymmetricKey.Type type, int keyLen) Unwraps a key and allows it to be used for all operations.private SymmetricKeyunwrapSymmetricPerm(byte[] wrapped, SymmetricKey.Type type, int usageEnum, int keyLen) unwrapSymmetricPerm(byte[] wrapped, SymmetricKey.Type type, SymmetricKey.Usage usage, int keyLen) unwrapTemporaryPrivate(byte[] wrapped, PrivateKey.Type type, PublicKey publicKey) Unwraps a private key, creating a temporary private key object.byte[]wrap(PrivateKey toBeWrapped) byte[]wrap(SymmetricKey toBeWrapped)
-
Field Details
-
token
-
algorithm
-
state
private int state -
parameters
-
symKey
-
privKey
-
pubKey
-
IV
private byte[] IV -
UNINITIALIZED
private static final int UNINITIALIZED- See Also:
-
WRAP
private static final int WRAP- See Also:
-
UNWRAP
private static final int UNWRAP- See Also:
-
logger
public static final org.slf4j.Logger logger
-
-
Constructor Details
-
PK11KeyWrapper
private PK11KeyWrapper() -
PK11KeyWrapper
PK11KeyWrapper(PK11Token token, KeyWrapAlgorithm algorithm)
-
-
Method Details
-
initWrap
public void initWrap(SymmetricKey wrappingKey, AlgorithmParameterSpec parameters) throws InvalidKeyException, InvalidAlgorithmParameterException - Specified by:
initWrapin interfaceKeyWrapper- Throws:
InvalidKeyExceptionInvalidAlgorithmParameterException
-
initWrap
public void initWrap(PublicKey wrappingKey, AlgorithmParameterSpec parameters) throws InvalidKeyException, InvalidAlgorithmParameterException - Specified by:
initWrapin interfaceKeyWrapper- Throws:
InvalidKeyExceptionInvalidAlgorithmParameterException
-
initWrap
Description copied from interface:KeyWrapperFor wrapping keys in plaintext.- Specified by:
initWrapin interfaceKeyWrapper- Throws:
InvalidKeyExceptionInvalidAlgorithmParameterException
-
initWrap
Does everything that is key-independent for initializing a wrap. -
initUnwrap
public void initUnwrap(PrivateKey unwrappingKey, AlgorithmParameterSpec parameters) throws InvalidKeyException, InvalidAlgorithmParameterException - Specified by:
initUnwrapin interfaceKeyWrapper- Throws:
InvalidKeyExceptionInvalidAlgorithmParameterException
-
initUnwrap
public void initUnwrap(SymmetricKey unwrappingKey, AlgorithmParameterSpec parameters) throws InvalidKeyException, InvalidAlgorithmParameterException - Specified by:
initUnwrapin interfaceKeyWrapper- Throws:
InvalidKeyExceptionInvalidAlgorithmParameterException
-
initUnwrap
Description copied from interface:KeyWrapperFor plaintext-wrapped keys.- Specified by:
initUnwrapin interfaceKeyWrapper- Throws:
InvalidKeyExceptionInvalidAlgorithmParameterException
-
initUnwrap
private void initUnwrap(AlgorithmParameterSpec parameters) throws InvalidAlgorithmParameterException Does the key-independent parts of initializing an unwrap. -
checkWrapper
Makes sure the key is right for the algorithm.- Throws:
InvalidKeyException
-
checkWrapper
Makes sure the key lives on the token and is right for the algorithm.- Throws:
InvalidKeyException
-
checkWrapper
Makes sure the key is on the token and is right for the algorithm.- Throws:
InvalidKeyException
-
checkParams
private AlgorithmParameterSpec checkParams(AlgorithmParameterSpec params) throws InvalidAlgorithmParameterException -
wrap
public byte[] wrap(PrivateKey toBeWrapped) throws InvalidKeyException, IllegalStateException, TokenException - Specified by:
wrapin interfaceKeyWrapper- Throws:
InvalidKeyExceptionIllegalStateExceptionTokenException
-
wrap
public byte[] wrap(SymmetricKey toBeWrapped) throws InvalidKeyException, IllegalStateException, TokenException - Specified by:
wrapin interfaceKeyWrapper- Throws:
InvalidKeyExceptionIllegalStateExceptionTokenException
-
checkWrappee
Makes sure the key lives on the right token.- Throws:
InvalidKeyException
-
checkWrappee
Makes sure the key lives on the right token.- Throws:
InvalidKeyException
-
nativeWrapSymWithSym
private static byte[] nativeWrapSymWithSym(PK11Token token, SymmetricKey toBeWrapped, SymmetricKey wrappingKey, KeyWrapAlgorithm alg, byte[] IV) throws TokenException Wrap a symmetric with a symmetric- Throws:
TokenException
-
nativeWrapSymWithPub
private static byte[] nativeWrapSymWithPub(PK11Token token, SymmetricKey toBeWrapped, PublicKey wrappingKey, KeyWrapAlgorithm alg, NativeProxy params, long params_size) throws TokenException Wrap a symmetric with a public- Throws:
TokenException
-
nativeWrapPrivWithSym
private static byte[] nativeWrapPrivWithSym(PK11Token token, PrivateKey toBeWrapped, SymmetricKey wrappingKey, KeyWrapAlgorithm alg, byte[] IV) throws TokenException Wrap a private with a symmetric- Throws:
TokenException
-
unwrapPrivate
public PrivateKey unwrapPrivate(byte[] wrapped, PrivateKey.Type type, PublicKey publicKey) throws TokenException, InvalidKeyException, IllegalStateException Unwraps a private key, creating a permanent private key object. A permanent private key object resides on a token until it is explicitly deleted from the token.- Specified by:
unwrapPrivatein interfaceKeyWrapperpublicKey- Used to calculate the key identifier that must be stored with the private key. Must be aRSAPublicKeyor aDSAPublicKey.- Throws:
InvalidKeyException- If the type of the public key does not match the type of the private key to be unwrapped.TokenExceptionIllegalStateException
-
unwrapTemporaryPrivate
public PrivateKey unwrapTemporaryPrivate(byte[] wrapped, PrivateKey.Type type, PublicKey publicKey) throws TokenException, InvalidKeyException, IllegalStateException Unwraps a private key, creating a temporary private key object. A temporary private key is one that does not permanently reside on a token. As soon as it is garbage-collected, it is gone forever.- Specified by:
unwrapTemporaryPrivatein interfaceKeyWrapperpublicKey- Used to calculate the key identifier that must be stored with the private key. Must be aRSAPublicKeyor aDSAPublicKey.- Throws:
InvalidKeyException- If the type of the public key does not match the type of the private key to be unwrapped.TokenExceptionIllegalStateException
-
baseUnwrapPrivate
private PrivateKey baseUnwrapPrivate(byte[] wrapped, PrivateKey.Type type, PublicKey publicKey, boolean temporary) throws TokenException, InvalidKeyException, IllegalStateException -
extractPublicValue
private static byte[] extractPublicValue(PublicKey publicKey, PrivateKey.Type type) throws InvalidKeyException Extracts the "public value" from a public key. The public value is used to construct the key identifier (CKA_ID). Also, the internal token stores the EC DSA and EC public value along with the private key.- Throws:
InvalidKeyException
-
unwrapSymmetric
public SymmetricKey unwrapSymmetric(byte[] wrapped, SymmetricKey.Type type, SymmetricKey.Usage usage, int keyLen) throws TokenException, IllegalStateException, InvalidAlgorithmParameterException - Specified by:
unwrapSymmetricin interfaceKeyWrapperusage- The operation the key will be used for after it is unwrapped. You have to specify this so that the key can be properly marked with the operation it supports. Some PKCS #11 tokens require that a key be marked for an operation before it can perform that operation.keyLen- The expected length of the key in bytes. This is only used for variable-length keys (RC4) and non-padding algorithms. Otherwise, it can be set to anything(like 0).- Throws:
TokenExceptionIllegalStateExceptionInvalidAlgorithmParameterException
-
unwrapSymmetric
public SymmetricKey unwrapSymmetric(byte[] wrapped, SymmetricKey.Type type, int keyLen) throws TokenException, IllegalStateException, InvalidAlgorithmParameterException Description copied from interface:KeyWrapperUnwraps a key and allows it to be used for all operations.- Specified by:
unwrapSymmetricin interfaceKeyWrapperkeyLen- The expected length of the key in bytes. This is only used for variable-length keys (RC4) and non-padding algorithms. Otherwise, it can be set to anything(like 0).- Throws:
TokenExceptionIllegalStateExceptionInvalidAlgorithmParameterException
-
unwrapSymmetricPerm
public SymmetricKey unwrapSymmetricPerm(byte[] wrapped, SymmetricKey.Type type, SymmetricKey.Usage usage, int keyLen) throws TokenException, IllegalStateException, InvalidAlgorithmParameterException - Specified by:
unwrapSymmetricPermin interfaceKeyWrapper- Throws:
TokenExceptionIllegalStateExceptionInvalidAlgorithmParameterException
-
unwrapSymmetricPerm
public SymmetricKey unwrapSymmetricPerm(byte[] wrapped, SymmetricKey.Type type, int keyLen) throws TokenException, IllegalStateException, InvalidAlgorithmParameterException Description copied from interface:KeyWrapperUnwraps a key and allows it to be used for all operations.- Specified by:
unwrapSymmetricPermin interfaceKeyWrapperkeyLen- The expected length of the key in bytes. This is only used for variable-length keys (RC4) and non-padding algorithms. Otherwise, it can be set to anything(like 0).- Throws:
TokenExceptionIllegalStateExceptionInvalidAlgorithmParameterException
-
unwrapSymmetricPerm
private SymmetricKey unwrapSymmetricPerm(byte[] wrapped, SymmetricKey.Type type, int usageEnum, int keyLen) throws TokenException, IllegalStateException, InvalidAlgorithmParameterException -
unwrapSymmetric
private SymmetricKey unwrapSymmetric(byte[] wrapped, SymmetricKey.Type type, int usageEnum, int keyLen) throws TokenException, IllegalStateException, InvalidAlgorithmParameterException -
algFromType
-
algFromType
-
nativeUnwrapPrivWithSym
private static PrivateKey nativeUnwrapPrivWithSym(PK11Token token, SymmetricKey unwrappingKey, byte[] wrappedKey, KeyWrapAlgorithm alg, Algorithm type, byte[] publicValue, byte[] IV, boolean temporary) throws TokenException Unwrap a private with a symmetric.- Throws:
TokenException
-
nativeUnwrapSymWithSym
private static SymmetricKey nativeUnwrapSymWithSym(PK11Token token, SymmetricKey unwrappingKey, byte[] wrappedKey, KeyWrapAlgorithm alg, Algorithm type, int keyLen, byte[] IV, int usageEnum, boolean temporary) throws TokenException Unwrap a symmetric with a symmetric.- Throws:
TokenException
-
nativeUnwrapSymWithPriv
private static SymmetricKey nativeUnwrapSymWithPriv(PK11Token token, PrivateKey unwrappingKey, byte[] wrappedKey, KeyWrapAlgorithm alg, Algorithm type, int keyLen, NativeProxy params, long params_size, int usageEnum) throws TokenException Unwrap a symmetric with a private.- Throws:
TokenException
-
nativeUnwrapSymPlaintext
private static SymmetricKey nativeUnwrapSymPlaintext(PK11Token token, byte[] wrappedKey, Algorithm type, int usageEnum, boolean temporary) -
reset
private void reset()
-