20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.pkcs11;
27
28 import java.math.BigInteger;
29
30 import java.security.*;
31 import java.security.spec.*;
32
33 import javax.crypto.*;
34 import javax.crypto.interfaces.*;
35 import javax.crypto.spec.*;
36
37 import static sun.security.pkcs11.TemplateManager.*;
38 import sun.security.pkcs11.wrapper.*;
39 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
40
41 /**
42 * KeyAgreement implementation class. This class currently supports
43 * DH.
44 *
45 * @author Andreas Sterbenz
46 * @since 1.5
47 */
48 final class P11KeyAgreement extends KeyAgreementSpi {
49
50 // token instance
51 private final Token token;
52
53 // algorithm name
54 private final String algorithm;
55
56 // mechanism id
57 private final long mechanism;
58
59 // private key, if initialized
117 if (multiPartyAgreement == null) {
118 try {
119 multiPartyAgreement = KeyAgreement.getInstance
120 ("DH", P11Util.getSunJceProvider());
121 multiPartyAgreement.init(privateKey);
122 } catch (NoSuchAlgorithmException e) {
123 throw new InvalidKeyException
124 ("Could not initialize multi party agreement", e);
125 }
126 }
127 return multiPartyAgreement.doPhase(key, lastPhase);
128 }
129 if ((key instanceof PublicKey == false)
130 || (key.getAlgorithm().equals(algorithm) == false)) {
131 throw new InvalidKeyException
132 ("Key must be a PublicKey with algorithm DH");
133 }
134 BigInteger p, g, y;
135 if (key instanceof DHPublicKey) {
136 DHPublicKey dhKey = (DHPublicKey)key;
137 y = dhKey.getY();
138 DHParameterSpec params = dhKey.getParams();
139 p = params.getP();
140 g = params.getG();
141 } else {
142 // normally, DH PublicKeys will always implement DHPublicKey
143 // just in case not, attempt conversion
144 P11DHKeyFactory kf = new P11DHKeyFactory(token, "DH");
145 try {
146 DHPublicKeySpec spec = (DHPublicKeySpec)kf.engineGetKeySpec
147 (key, DHPublicKeySpec.class);
148 y = spec.getY();
149 p = spec.getP();
150 g = spec.getG();
151 } catch (InvalidKeySpecException e) {
152 throw new InvalidKeyException("Could not obtain key values", e);
153 }
154 }
155 // if parameters of private key are accessible, verify that
156 // they match parameters of public key
157 // XXX p and g should always be readable, even if the key is sensitive
158 if (privateKey instanceof DHPrivateKey) {
159 DHPrivateKey dhKey = (DHPrivateKey)privateKey;
160 DHParameterSpec params = dhKey.getParams();
161 if ((p.equals(params.getP()) == false)
162 || (g.equals(params.getG()) == false)) {
163 throw new InvalidKeyException
164 ("PublicKey DH parameters must match PrivateKey DH parameters");
165 }
166 }
167 publicValue = y;
|
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.pkcs11;
27
28 import java.math.BigInteger;
29
30 import java.security.*;
31 import java.security.spec.*;
32
33 import javax.crypto.*;
34 import javax.crypto.interfaces.*;
35 import javax.crypto.spec.*;
36
37 import static sun.security.pkcs11.TemplateManager.*;
38 import sun.security.pkcs11.wrapper.*;
39 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
40 import sun.security.util.KeyUtil;
41
42 /**
43 * KeyAgreement implementation class. This class currently supports
44 * DH.
45 *
46 * @author Andreas Sterbenz
47 * @since 1.5
48 */
49 final class P11KeyAgreement extends KeyAgreementSpi {
50
51 // token instance
52 private final Token token;
53
54 // algorithm name
55 private final String algorithm;
56
57 // mechanism id
58 private final long mechanism;
59
60 // private key, if initialized
118 if (multiPartyAgreement == null) {
119 try {
120 multiPartyAgreement = KeyAgreement.getInstance
121 ("DH", P11Util.getSunJceProvider());
122 multiPartyAgreement.init(privateKey);
123 } catch (NoSuchAlgorithmException e) {
124 throw new InvalidKeyException
125 ("Could not initialize multi party agreement", e);
126 }
127 }
128 return multiPartyAgreement.doPhase(key, lastPhase);
129 }
130 if ((key instanceof PublicKey == false)
131 || (key.getAlgorithm().equals(algorithm) == false)) {
132 throw new InvalidKeyException
133 ("Key must be a PublicKey with algorithm DH");
134 }
135 BigInteger p, g, y;
136 if (key instanceof DHPublicKey) {
137 DHPublicKey dhKey = (DHPublicKey)key;
138
139 // validate the Diffie-Hellman public key
140 KeyUtil.validate(dhKey);
141
142 y = dhKey.getY();
143 DHParameterSpec params = dhKey.getParams();
144 p = params.getP();
145 g = params.getG();
146 } else {
147 // normally, DH PublicKeys will always implement DHPublicKey
148 // just in case not, attempt conversion
149 P11DHKeyFactory kf = new P11DHKeyFactory(token, "DH");
150 try {
151 DHPublicKeySpec spec = (DHPublicKeySpec)kf.engineGetKeySpec
152 (key, DHPublicKeySpec.class);
153
154 // validate the Diffie-Hellman public key
155 KeyUtil.validate(spec);
156
157 y = spec.getY();
158 p = spec.getP();
159 g = spec.getG();
160 } catch (InvalidKeySpecException e) {
161 throw new InvalidKeyException("Could not obtain key values", e);
162 }
163 }
164 // if parameters of private key are accessible, verify that
165 // they match parameters of public key
166 // XXX p and g should always be readable, even if the key is sensitive
167 if (privateKey instanceof DHPrivateKey) {
168 DHPrivateKey dhKey = (DHPrivateKey)privateKey;
169 DHParameterSpec params = dhKey.getParams();
170 if ((p.equals(params.getP()) == false)
171 || (g.equals(params.getG()) == false)) {
172 throw new InvalidKeyException
173 ("PublicKey DH parameters must match PrivateKey DH parameters");
174 }
175 }
176 publicValue = y;
|