Package org.mozilla.jss.pkcs11
Class PK11KeyWrapper
java.lang.Object
org.mozilla.jss.pkcs11.PK11KeyWrapper
- All Implemented Interfaces:
KeyWrapper
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate KeyWrapAlgorithm
private byte[]
static final org.slf4j.Logger
private AlgorithmParameterSpec
private PrivateKey
private PublicKey
private int
private SymmetricKey
private PK11Token
private static final int
private static final int
private static final int
-
Constructor Summary
ConstructorsModifierConstructorDescriptionprivate
(package private)
PK11KeyWrapper
(PK11Token token, KeyWrapAlgorithm algorithm) -
Method Summary
Modifier and TypeMethodDescriptionprivate static Algorithm
algFromType
(PrivateKey.Type type) private static Algorithm
algFromType
(SymmetricKey.Type type) private PrivateKey
baseUnwrapPrivate
(byte[] wrapped, PrivateKey.Type type, PublicKey publicKey, boolean temporary) private AlgorithmParameterSpec
checkParams
(AlgorithmParameterSpec params) private void
checkWrappee
(PrivateKey privKey) Makes sure the key lives on the right token.private void
checkWrappee
(SymmetricKey symKey) Makes sure the key lives on the right token.private void
checkWrapper
(PublicKey key) Makes sure the key is right for the algorithm.private void
checkWrapper
(PrivateKey key) Makes sure the key is on the token and is right for the algorithm.private void
checkWrapper
(SymmetricKey key) Makes sure the key lives on the token and is right for the algorithm.private static byte[]
extractPublicValue
(PublicKey publicKey, PrivateKey.Type type) Extracts the "public value" from a public key.void
For plaintext-wrapped keys.private void
initUnwrap
(AlgorithmParameterSpec parameters) Does the key-independent parts of initializing an unwrap.void
initUnwrap
(PrivateKey unwrappingKey, AlgorithmParameterSpec parameters) void
initUnwrap
(SymmetricKey unwrappingKey, AlgorithmParameterSpec parameters) void
initWrap()
For wrapping keys in plaintext.void
initWrap
(PublicKey wrappingKey, AlgorithmParameterSpec parameters) private void
initWrap
(AlgorithmParameterSpec parameters) Does everything that is key-independent for initializing a wrap.void
initWrap
(SymmetricKey wrappingKey, AlgorithmParameterSpec parameters) private static PrivateKey
nativeUnwrapPrivWithSym
(PK11Token token, SymmetricKey unwrappingKey, byte[] wrappedKey, KeyWrapAlgorithm alg, Algorithm type, byte[] publicValue, byte[] IV, boolean temporary) Unwrap a private with a symmetric.private static SymmetricKey
nativeUnwrapSymPlaintext
(PK11Token token, byte[] wrappedKey, Algorithm type, int usageEnum, boolean temporary) private static SymmetricKey
nativeUnwrapSymWithPriv
(PK11Token token, PrivateKey unwrappingKey, byte[] wrappedKey, KeyWrapAlgorithm alg, Algorithm type, int keyLen, NativeProxy params, long params_size, int usageEnum) Unwrap a symmetric with a private.private static SymmetricKey
nativeUnwrapSymWithSym
(PK11Token token, SymmetricKey unwrappingKey, byte[] wrappedKey, KeyWrapAlgorithm alg, Algorithm type, int keyLen, byte[] IV, int usageEnum, boolean temporary) Unwrap a symmetric with a symmetric.private static byte[]
nativeWrapPrivWithSym
(PK11Token token, PrivateKey toBeWrapped, SymmetricKey wrappingKey, KeyWrapAlgorithm alg, byte[] IV) Wrap a private with a symmetricprivate static byte[]
nativeWrapSymWithPub
(PK11Token token, SymmetricKey toBeWrapped, PublicKey wrappingKey, KeyWrapAlgorithm alg, NativeProxy params, long params_size) Wrap a symmetric with a publicprivate static byte[]
nativeWrapSymWithSym
(PK11Token token, SymmetricKey toBeWrapped, SymmetricKey wrappingKey, KeyWrapAlgorithm alg, byte[] IV) Wrap a symmetric with a symmetricprivate void
reset()
unwrapPrivate
(byte[] wrapped, PrivateKey.Type type, PublicKey publicKey) Unwraps a private key, creating a permanent private key object.unwrapSymmetric
(byte[] wrapped, SymmetricKey.Type type, int keyLen) Unwraps a key and allows it to be used for all operations.private SymmetricKey
unwrapSymmetric
(byte[] wrapped, SymmetricKey.Type type, int usageEnum, int keyLen) unwrapSymmetric
(byte[] wrapped, SymmetricKey.Type type, SymmetricKey.Usage usage, int keyLen) unwrapSymmetricPerm
(byte[] wrapped, SymmetricKey.Type type, int keyLen) Unwraps a key and allows it to be used for all operations.private SymmetricKey
unwrapSymmetricPerm
(byte[] wrapped, SymmetricKey.Type type, int usageEnum, int keyLen) unwrapSymmetricPerm
(byte[] wrapped, SymmetricKey.Type type, SymmetricKey.Usage usage, int keyLen) unwrapTemporaryPrivate
(byte[] wrapped, PrivateKey.Type type, PublicKey publicKey) Unwraps a private key, creating a temporary private key object.byte[]
wrap
(PrivateKey toBeWrapped) byte[]
wrap
(SymmetricKey toBeWrapped)
-
Field Details
-
token
-
algorithm
-
state
private int state -
parameters
-
symKey
-
privKey
-
pubKey
-
IV
private byte[] IV -
UNINITIALIZED
private static final int UNINITIALIZED- See Also:
-
WRAP
private static final int WRAP- See Also:
-
UNWRAP
private static final int UNWRAP- See Also:
-
logger
public static final org.slf4j.Logger logger
-
-
Constructor Details
-
PK11KeyWrapper
private PK11KeyWrapper() -
PK11KeyWrapper
PK11KeyWrapper(PK11Token token, KeyWrapAlgorithm algorithm)
-
-
Method Details
-
initWrap
public void initWrap(SymmetricKey wrappingKey, AlgorithmParameterSpec parameters) throws InvalidKeyException, InvalidAlgorithmParameterException - Specified by:
initWrap
in interfaceKeyWrapper
- Throws:
InvalidKeyException
InvalidAlgorithmParameterException
-
initWrap
public void initWrap(PublicKey wrappingKey, AlgorithmParameterSpec parameters) throws InvalidKeyException, InvalidAlgorithmParameterException - Specified by:
initWrap
in interfaceKeyWrapper
- Throws:
InvalidKeyException
InvalidAlgorithmParameterException
-
initWrap
Description copied from interface:KeyWrapper
For wrapping keys in plaintext.- Specified by:
initWrap
in interfaceKeyWrapper
- Throws:
InvalidKeyException
InvalidAlgorithmParameterException
-
initWrap
Does everything that is key-independent for initializing a wrap. -
initUnwrap
public void initUnwrap(PrivateKey unwrappingKey, AlgorithmParameterSpec parameters) throws InvalidKeyException, InvalidAlgorithmParameterException - Specified by:
initUnwrap
in interfaceKeyWrapper
- Throws:
InvalidKeyException
InvalidAlgorithmParameterException
-
initUnwrap
public void initUnwrap(SymmetricKey unwrappingKey, AlgorithmParameterSpec parameters) throws InvalidKeyException, InvalidAlgorithmParameterException - Specified by:
initUnwrap
in interfaceKeyWrapper
- Throws:
InvalidKeyException
InvalidAlgorithmParameterException
-
initUnwrap
Description copied from interface:KeyWrapper
For plaintext-wrapped keys.- Specified by:
initUnwrap
in interfaceKeyWrapper
- Throws:
InvalidKeyException
InvalidAlgorithmParameterException
-
initUnwrap
private void initUnwrap(AlgorithmParameterSpec parameters) throws InvalidAlgorithmParameterException Does the key-independent parts of initializing an unwrap. -
checkWrapper
Makes sure the key is right for the algorithm.- Throws:
InvalidKeyException
-
checkWrapper
Makes sure the key lives on the token and is right for the algorithm.- Throws:
InvalidKeyException
-
checkWrapper
Makes sure the key is on the token and is right for the algorithm.- Throws:
InvalidKeyException
-
checkParams
private AlgorithmParameterSpec checkParams(AlgorithmParameterSpec params) throws InvalidAlgorithmParameterException -
wrap
public byte[] wrap(PrivateKey toBeWrapped) throws InvalidKeyException, IllegalStateException, TokenException - Specified by:
wrap
in interfaceKeyWrapper
- Throws:
InvalidKeyException
IllegalStateException
TokenException
-
wrap
public byte[] wrap(SymmetricKey toBeWrapped) throws InvalidKeyException, IllegalStateException, TokenException - Specified by:
wrap
in interfaceKeyWrapper
- Throws:
InvalidKeyException
IllegalStateException
TokenException
-
checkWrappee
Makes sure the key lives on the right token.- Throws:
InvalidKeyException
-
checkWrappee
Makes sure the key lives on the right token.- Throws:
InvalidKeyException
-
nativeWrapSymWithSym
private static byte[] nativeWrapSymWithSym(PK11Token token, SymmetricKey toBeWrapped, SymmetricKey wrappingKey, KeyWrapAlgorithm alg, byte[] IV) throws TokenException Wrap a symmetric with a symmetric- Throws:
TokenException
-
nativeWrapSymWithPub
private static byte[] nativeWrapSymWithPub(PK11Token token, SymmetricKey toBeWrapped, PublicKey wrappingKey, KeyWrapAlgorithm alg, NativeProxy params, long params_size) throws TokenException Wrap a symmetric with a public- Throws:
TokenException
-
nativeWrapPrivWithSym
private static byte[] nativeWrapPrivWithSym(PK11Token token, PrivateKey toBeWrapped, SymmetricKey wrappingKey, KeyWrapAlgorithm alg, byte[] IV) throws TokenException Wrap a private with a symmetric- Throws:
TokenException
-
unwrapPrivate
public PrivateKey unwrapPrivate(byte[] wrapped, PrivateKey.Type type, PublicKey publicKey) throws TokenException, InvalidKeyException, IllegalStateException Unwraps a private key, creating a permanent private key object. A permanent private key object resides on a token until it is explicitly deleted from the token.- Specified by:
unwrapPrivate
in interfaceKeyWrapper
- Parameters:
publicKey
- Used to calculate the key identifier that must be stored with the private key. Must be aRSAPublicKey
or aDSAPublicKey
.- Throws:
InvalidKeyException
- If the type of the public key does not match the type of the private key to be unwrapped.TokenException
IllegalStateException
-
unwrapTemporaryPrivate
public PrivateKey unwrapTemporaryPrivate(byte[] wrapped, PrivateKey.Type type, PublicKey publicKey) throws TokenException, InvalidKeyException, IllegalStateException Unwraps a private key, creating a temporary private key object. A temporary private key is one that does not permanently reside on a token. As soon as it is garbage-collected, it is gone forever.- Specified by:
unwrapTemporaryPrivate
in interfaceKeyWrapper
- Parameters:
publicKey
- Used to calculate the key identifier that must be stored with the private key. Must be aRSAPublicKey
or aDSAPublicKey
.- Throws:
InvalidKeyException
- If the type of the public key does not match the type of the private key to be unwrapped.TokenException
IllegalStateException
-
baseUnwrapPrivate
private PrivateKey baseUnwrapPrivate(byte[] wrapped, PrivateKey.Type type, PublicKey publicKey, boolean temporary) throws TokenException, InvalidKeyException, IllegalStateException -
extractPublicValue
private static byte[] extractPublicValue(PublicKey publicKey, PrivateKey.Type type) throws InvalidKeyException Extracts the "public value" from a public key. The public value is used to construct the key identifier (CKA_ID). Also, the internal token stores the EC DSA and EC public value along with the private key.- Throws:
InvalidKeyException
-
unwrapSymmetric
public SymmetricKey unwrapSymmetric(byte[] wrapped, SymmetricKey.Type type, SymmetricKey.Usage usage, int keyLen) throws TokenException, IllegalStateException, InvalidAlgorithmParameterException - Specified by:
unwrapSymmetric
in interfaceKeyWrapper
- Parameters:
usage
- The operation the key will be used for after it is unwrapped. You have to specify this so that the key can be properly marked with the operation it supports. Some PKCS #11 tokens require that a key be marked for an operation before it can perform that operation.keyLen
- The expected length of the key in bytes. This is only used for variable-length keys (RC4) and non-padding algorithms. Otherwise, it can be set to anything(like 0).- Throws:
TokenException
IllegalStateException
InvalidAlgorithmParameterException
-
unwrapSymmetric
public SymmetricKey unwrapSymmetric(byte[] wrapped, SymmetricKey.Type type, int keyLen) throws TokenException, IllegalStateException, InvalidAlgorithmParameterException Description copied from interface:KeyWrapper
Unwraps a key and allows it to be used for all operations.- Specified by:
unwrapSymmetric
in interfaceKeyWrapper
- Parameters:
keyLen
- The expected length of the key in bytes. This is only used for variable-length keys (RC4) and non-padding algorithms. Otherwise, it can be set to anything(like 0).- Throws:
TokenException
IllegalStateException
InvalidAlgorithmParameterException
-
unwrapSymmetricPerm
public SymmetricKey unwrapSymmetricPerm(byte[] wrapped, SymmetricKey.Type type, SymmetricKey.Usage usage, int keyLen) throws TokenException, IllegalStateException, InvalidAlgorithmParameterException - Specified by:
unwrapSymmetricPerm
in interfaceKeyWrapper
- Throws:
TokenException
IllegalStateException
InvalidAlgorithmParameterException
-
unwrapSymmetricPerm
public SymmetricKey unwrapSymmetricPerm(byte[] wrapped, SymmetricKey.Type type, int keyLen) throws TokenException, IllegalStateException, InvalidAlgorithmParameterException Description copied from interface:KeyWrapper
Unwraps a key and allows it to be used for all operations.- Specified by:
unwrapSymmetricPerm
in interfaceKeyWrapper
- Parameters:
keyLen
- The expected length of the key in bytes. This is only used for variable-length keys (RC4) and non-padding algorithms. Otherwise, it can be set to anything(like 0).- Throws:
TokenException
IllegalStateException
InvalidAlgorithmParameterException
-
unwrapSymmetricPerm
private SymmetricKey unwrapSymmetricPerm(byte[] wrapped, SymmetricKey.Type type, int usageEnum, int keyLen) throws TokenException, IllegalStateException, InvalidAlgorithmParameterException -
unwrapSymmetric
private SymmetricKey unwrapSymmetric(byte[] wrapped, SymmetricKey.Type type, int usageEnum, int keyLen) throws TokenException, IllegalStateException, InvalidAlgorithmParameterException -
algFromType
-
algFromType
-
nativeUnwrapPrivWithSym
private static PrivateKey nativeUnwrapPrivWithSym(PK11Token token, SymmetricKey unwrappingKey, byte[] wrappedKey, KeyWrapAlgorithm alg, Algorithm type, byte[] publicValue, byte[] IV, boolean temporary) throws TokenException Unwrap a private with a symmetric.- Throws:
TokenException
-
nativeUnwrapSymWithSym
private static SymmetricKey nativeUnwrapSymWithSym(PK11Token token, SymmetricKey unwrappingKey, byte[] wrappedKey, KeyWrapAlgorithm alg, Algorithm type, int keyLen, byte[] IV, int usageEnum, boolean temporary) throws TokenException Unwrap a symmetric with a symmetric.- Throws:
TokenException
-
nativeUnwrapSymWithPriv
private static SymmetricKey nativeUnwrapSymWithPriv(PK11Token token, PrivateKey unwrappingKey, byte[] wrappedKey, KeyWrapAlgorithm alg, Algorithm type, int keyLen, NativeProxy params, long params_size, int usageEnum) throws TokenException Unwrap a symmetric with a private.- Throws:
TokenException
-
nativeUnwrapSymPlaintext
private static SymmetricKey nativeUnwrapSymPlaintext(PK11Token token, byte[] wrappedKey, Algorithm type, int usageEnum, boolean temporary) -
reset
private void reset()
-