JSS 3.1.1

org.mozilla.jss.pkcs11
Class PK11KeyWrapper

java.lang.Object
  |
  +--org.mozilla.jss.pkcs11.PK11KeyWrapper
All Implemented Interfaces:
KeyWrapper

final class PK11KeyWrapper
extends java.lang.Object
implements KeyWrapper


Field Summary
private  KeyWrapAlgorithm algorithm
           
private  byte[] IV
           
private  java.security.spec.AlgorithmParameterSpec parameters
           
private  PrivateKey privKey
           
private  java.security.PublicKey pubKey
           
private  int state
           
private  SymmetricKey symKey
           
private  PK11Token token
           
private static int UNINITIALIZED
           
private static int UNWRAP
           
private static int WRAP
           
 
Constructor Summary
private PK11KeyWrapper()
           
(package private) PK11KeyWrapper(PK11Token token, KeyWrapAlgorithm algorithm)
           
 
Method Summary
private static Algorithm algFromType(PrivateKey.Type type)
           
private static Algorithm algFromType(SymmetricKey.Type type)
           
private  PrivateKey baseUnwrapPrivate(byte[] wrapped, PrivateKey.Type type, java.security.PublicKey publicKey, boolean temporary)
           
private  void checkParams(java.security.spec.AlgorithmParameterSpec params)
           
private  void checkWrappee(PrivateKey privKey)
          Makes sure the key lives on the right token.
private  void checkWrappee(SymmetricKey symKey)
          Makes sure the key lives on the right token.
private  void checkWrapper(PrivateKey key)
          Makes sure the key is on the token and is right for the algorithm.
private  void checkWrapper(java.security.PublicKey key)
          Makes sure the key is right for the algorithm.
private  void checkWrapper(SymmetricKey key)
          Makes sure the key lives on the token and is right for the algorithm.
private static byte[] extractPublicValue(java.security.PublicKey publicKey, PrivateKey.Type type)
          Extracts the "public value" from a public key.
 void initUnwrap()
          For plaintext-wrapped keys.
private  void initUnwrap(java.security.spec.AlgorithmParameterSpec parameters)
          Does the key-independent parts of initializing an unwrap.
 void initUnwrap(PrivateKey unwrappingKey, java.security.spec.AlgorithmParameterSpec parameters)
           
 void initUnwrap(SymmetricKey unwrappingKey, java.security.spec.AlgorithmParameterSpec parameters)
           
 void initWrap()
          For wrapping keys in plaintext.
private  void initWrap(java.security.spec.AlgorithmParameterSpec parameters)
          Does everything that is key-independent for initializing a wrap.
 void initWrap(java.security.PublicKey wrappingKey, java.security.spec.AlgorithmParameterSpec parameters)
           
 void initWrap(SymmetricKey wrappingKey, java.security.spec.AlgorithmParameterSpec parameters)
           
private static PrivateKey nativeUnwrapPrivWithSym(PK11Token token, SymmetricKey unwrappingKey, byte[] wrappedKey, KeyWrapAlgorithm alg, Algorithm type, byte[] publicValue, byte[] IV, boolean temporary)
          Unwrap a private with a symmetric.
private static SymmetricKey nativeUnwrapSymPlaintext(PK11Token token, byte[] wrappedKey, Algorithm type, int usageEnum)
           
private static SymmetricKey nativeUnwrapSymWithPriv(PK11Token token, PrivateKey unwrappingKey, byte[] wrappedKey, KeyWrapAlgorithm alg, Algorithm type, int keyLen, byte[] IV, int usageEnum)
          Unwrap a symmetric with a private.
private static SymmetricKey nativeUnwrapSymWithSym(PK11Token token, SymmetricKey unwrappingKey, byte[] wrappedKey, KeyWrapAlgorithm alg, Algorithm type, int keyLen, byte[] IV, int usageEnum)
          Unwrap a symmetric with a symmetric.
private static byte[] nativeWrapPrivWithSym(PK11Token token, PrivateKey toBeWrapped, SymmetricKey wrappingKey, KeyWrapAlgorithm alg, byte[] IV)
          Wrap a private with a symmetric
private static byte[] nativeWrapSymWithPub(PK11Token token, SymmetricKey toBeWrapped, java.security.PublicKey wrappingKey, KeyWrapAlgorithm alg, byte[] IV)
          Wrap a symmetric with a public
private static byte[] nativeWrapSymWithSym(PK11Token token, SymmetricKey toBeWrapped, SymmetricKey wrappingKey, KeyWrapAlgorithm alg, byte[] IV)
          Wrap a symmetric with a symmetric
private  void reset()
           
 PrivateKey unwrapPrivate(byte[] wrapped, PrivateKey.Type type, java.security.PublicKey publicKey)
          Unwraps a private key, creating a permanent private key object.
 SymmetricKey unwrapSymmetric(byte[] wrapped, SymmetricKey.Type type, SymmetricKey.Usage usage, int keyLen)
           
 PrivateKey unwrapTemporaryPrivate(byte[] wrapped, PrivateKey.Type type, java.security.PublicKey publicKey)
          Unwraps a private key, creating a temporary private key object.
 byte[] wrap(PrivateKey toBeWrapped)
           
 byte[] wrap(SymmetricKey toBeWrapped)
           
 
Methods inherited from class java.lang.Object
, clone, equals, finalize, getClass, hashCode, notify, notifyAll, registerNatives, toString, wait, wait, wait
 

Field Detail

token

private PK11Token token

algorithm

private KeyWrapAlgorithm algorithm

state

private int state

parameters

private java.security.spec.AlgorithmParameterSpec parameters

symKey

private SymmetricKey symKey

privKey

private PrivateKey privKey

pubKey

private java.security.PublicKey pubKey

IV

private byte[] IV

UNINITIALIZED

private static final int UNINITIALIZED

WRAP

private static final int WRAP

UNWRAP

private static final int UNWRAP
Constructor Detail

PK11KeyWrapper

private PK11KeyWrapper()

PK11KeyWrapper

PK11KeyWrapper(PK11Token token,
               KeyWrapAlgorithm algorithm)
Method Detail

initWrap

public void initWrap(SymmetricKey wrappingKey,
                     java.security.spec.AlgorithmParameterSpec parameters)
              throws java.security.InvalidKeyException,
                     java.security.InvalidAlgorithmParameterException
Specified by:
initWrap in interface KeyWrapper

initWrap

public void initWrap(java.security.PublicKey wrappingKey,
                     java.security.spec.AlgorithmParameterSpec parameters)
              throws java.security.InvalidKeyException,
                     java.security.InvalidAlgorithmParameterException
Specified by:
initWrap in interface KeyWrapper

initWrap

public void initWrap()
              throws java.security.InvalidKeyException,
                     java.security.InvalidAlgorithmParameterException
Description copied from interface: KeyWrapper
For wrapping keys in plaintext.
Specified by:
initWrap in interface KeyWrapper

initWrap

private void initWrap(java.security.spec.AlgorithmParameterSpec parameters)
               throws java.security.InvalidAlgorithmParameterException
Does everything that is key-independent for initializing a wrap.

initUnwrap

public void initUnwrap(PrivateKey unwrappingKey,
                       java.security.spec.AlgorithmParameterSpec parameters)
                throws java.security.InvalidKeyException,
                       java.security.InvalidAlgorithmParameterException
Specified by:
initUnwrap in interface KeyWrapper

initUnwrap

public void initUnwrap(SymmetricKey unwrappingKey,
                       java.security.spec.AlgorithmParameterSpec parameters)
                throws java.security.InvalidKeyException,
                       java.security.InvalidAlgorithmParameterException
Specified by:
initUnwrap in interface KeyWrapper

initUnwrap

public void initUnwrap()
                throws java.security.InvalidKeyException,
                       java.security.InvalidAlgorithmParameterException
Description copied from interface: KeyWrapper
For plaintext-wrapped keys.
Specified by:
initUnwrap in interface KeyWrapper

initUnwrap

private void initUnwrap(java.security.spec.AlgorithmParameterSpec parameters)
                 throws java.security.InvalidAlgorithmParameterException
Does the key-independent parts of initializing an unwrap.

checkWrapper

private void checkWrapper(java.security.PublicKey key)
                   throws java.security.InvalidKeyException
Makes sure the key is right for the algorithm.

checkWrapper

private void checkWrapper(SymmetricKey key)
                   throws java.security.InvalidKeyException
Makes sure the key lives on the token and is right for the algorithm.

checkWrapper

private void checkWrapper(PrivateKey key)
                   throws java.security.InvalidKeyException
Makes sure the key is on the token and is right for the algorithm.

checkParams

private void checkParams(java.security.spec.AlgorithmParameterSpec params)
                  throws java.security.InvalidAlgorithmParameterException

wrap

public byte[] wrap(PrivateKey toBeWrapped)
            throws java.security.InvalidKeyException,
                   java.lang.IllegalStateException,
                   TokenException
Specified by:
wrap in interface KeyWrapper

wrap

public byte[] wrap(SymmetricKey toBeWrapped)
            throws java.security.InvalidKeyException,
                   java.lang.IllegalStateException,
                   TokenException
Specified by:
wrap in interface KeyWrapper

checkWrappee

private void checkWrappee(SymmetricKey symKey)
                   throws java.security.InvalidKeyException
Makes sure the key lives on the right token.

checkWrappee

private void checkWrappee(PrivateKey privKey)
                   throws java.security.InvalidKeyException
Makes sure the key lives on the right token.

nativeWrapSymWithSym

private static byte[] nativeWrapSymWithSym(PK11Token token,
                                           SymmetricKey toBeWrapped,
                                           SymmetricKey wrappingKey,
                                           KeyWrapAlgorithm alg,
                                           byte[] IV)
                                    throws TokenException
Wrap a symmetric with a symmetric

nativeWrapSymWithPub

private static byte[] nativeWrapSymWithPub(PK11Token token,
                                           SymmetricKey toBeWrapped,
                                           java.security.PublicKey wrappingKey,
                                           KeyWrapAlgorithm alg,
                                           byte[] IV)
                                    throws TokenException
Wrap a symmetric with a public

nativeWrapPrivWithSym

private static byte[] nativeWrapPrivWithSym(PK11Token token,
                                            PrivateKey toBeWrapped,
                                            SymmetricKey wrappingKey,
                                            KeyWrapAlgorithm alg,
                                            byte[] IV)
                                     throws TokenException
Wrap a private with a symmetric

unwrapPrivate

public PrivateKey unwrapPrivate(byte[] wrapped,
                                PrivateKey.Type type,
                                java.security.PublicKey publicKey)
                         throws TokenException,
                                java.security.InvalidKeyException,
                                java.lang.IllegalStateException
Unwraps a private key, creating a permanent private key object. A permanent private key object resides on a token until it is explicitly deleted from the token.
Specified by:
unwrapPrivate in interface KeyWrapper
Following copied from interface: org.mozilla.jss.crypto.KeyWrapper
Throws:
java.security.InvalidKeyException - If the type of the public key does not match the type of the private key to be unwrapped.

unwrapTemporaryPrivate

public PrivateKey unwrapTemporaryPrivate(byte[] wrapped,
                                         PrivateKey.Type type,
                                         java.security.PublicKey publicKey)
                                  throws TokenException,
                                         java.security.InvalidKeyException,
                                         java.lang.IllegalStateException
Unwraps a private key, creating a temporary private key object. A temporary private key is one that does not permanently reside on a token. As soon as it is garbage-collected, it is gone forever.
Specified by:
unwrapTemporaryPrivate in interface KeyWrapper
Following copied from interface: org.mozilla.jss.crypto.KeyWrapper
Throws:
java.security.InvalidKeyException - If the type of the public key does not match the type of the private key to be unwrapped.

baseUnwrapPrivate

private PrivateKey baseUnwrapPrivate(byte[] wrapped,
                                     PrivateKey.Type type,
                                     java.security.PublicKey publicKey,
                                     boolean temporary)
                              throws TokenException,
                                     java.security.InvalidKeyException,
                                     java.lang.IllegalStateException

extractPublicValue

private static byte[] extractPublicValue(java.security.PublicKey publicKey,
                                         PrivateKey.Type type)
                                  throws java.security.InvalidKeyException
Extracts the "public value" from a public key. The public value is used to construct the key identifier (CKA_ID). Also, the internal token stores the DSA public value along with the private key.

unwrapSymmetric

public SymmetricKey unwrapSymmetric(byte[] wrapped,
                                    SymmetricKey.Type type,
                                    SymmetricKey.Usage usage,
                                    int keyLen)
                             throws TokenException,
                                    java.lang.IllegalStateException,
                                    java.security.InvalidAlgorithmParameterException
Specified by:
unwrapSymmetric in interface KeyWrapper
Following copied from interface: org.mozilla.jss.crypto.KeyWrapper
Parameters:
keyLength - The expected length of the key in bytes. This is only used for variable-length keys (RC4) and non-padding algorithms. Otherwise, it can be set to anything(like 0).
usage - The operation the key will be used for after it is unwrapped. You have to specify this so that the key can be properly marked with the operation it supports. Some PKCS #11 tokens require that a key be marked for an operation before it can perform that operation.

algFromType

private static Algorithm algFromType(PrivateKey.Type type)

algFromType

private static Algorithm algFromType(SymmetricKey.Type type)

nativeUnwrapPrivWithSym

private static PrivateKey nativeUnwrapPrivWithSym(PK11Token token,
                                                  SymmetricKey unwrappingKey,
                                                  byte[] wrappedKey,
                                                  KeyWrapAlgorithm alg,
                                                  Algorithm type,
                                                  byte[] publicValue,
                                                  byte[] IV,
                                                  boolean temporary)
                                           throws TokenException
Unwrap a private with a symmetric.

nativeUnwrapSymWithSym

private static SymmetricKey nativeUnwrapSymWithSym(PK11Token token,
                                                   SymmetricKey unwrappingKey,
                                                   byte[] wrappedKey,
                                                   KeyWrapAlgorithm alg,
                                                   Algorithm type,
                                                   int keyLen,
                                                   byte[] IV,
                                                   int usageEnum)
                                            throws TokenException
Unwrap a symmetric with a symmetric.

nativeUnwrapSymWithPriv

private static SymmetricKey nativeUnwrapSymWithPriv(PK11Token token,
                                                    PrivateKey unwrappingKey,
                                                    byte[] wrappedKey,
                                                    KeyWrapAlgorithm alg,
                                                    Algorithm type,
                                                    int keyLen,
                                                    byte[] IV,
                                                    int usageEnum)
                                             throws TokenException
Unwrap a symmetric with a private.

nativeUnwrapSymPlaintext

private static SymmetricKey nativeUnwrapSymPlaintext(PK11Token token,
                                                     byte[] wrappedKey,
                                                     Algorithm type,
                                                     int usageEnum)

reset

private void reset()

JSS 3.1.1