JSS 3.2

org.mozilla.jss.pkcs11
Class PK11KeyWrapper

java.lang.Object
  |
  +--org.mozilla.jss.pkcs11.PK11KeyWrapper
All Implemented Interfaces:
KeyWrapper

final class PK11KeyWrapper
extends java.lang.Object
implements KeyWrapper


Field Summary
private  KeyWrapAlgorithm algorithm
           
private  byte[] IV
           
private  java.security.spec.AlgorithmParameterSpec parameters
           
private  PrivateKey privKey
           
private  java.security.PublicKey pubKey
           
private  int state
           
private  SymmetricKey symKey
           
private  PK11Token token
           
private static int UNINITIALIZED
           
private static int UNWRAP
           
private static int WRAP
           
 
Constructor Summary
private PK11KeyWrapper()
           
(package private) PK11KeyWrapper(PK11Token token, KeyWrapAlgorithm algorithm)
           
 
Method Summary
private static Algorithm algFromType(PrivateKey.Type type)
           
private static Algorithm algFromType(SymmetricKey.Type type)
           
private  PrivateKey baseUnwrapPrivate(byte[] wrapped, PrivateKey.Type type, java.security.PublicKey publicKey, boolean temporary)
           
private  void checkParams(java.security.spec.AlgorithmParameterSpec params)
           
private  void checkWrappee(PrivateKey privKey)
          Makes sure the key lives on the right token.
private  void checkWrappee(SymmetricKey symKey)
          Makes sure the key lives on the right token.
private  void checkWrapper(PrivateKey key)
          Makes sure the key is on the token and is right for the algorithm.
private  void checkWrapper(java.security.PublicKey key)
          Makes sure the key is right for the algorithm.
private  void checkWrapper(SymmetricKey key)
          Makes sure the key lives on the token and is right for the algorithm.
private static byte[] extractPublicValue(java.security.PublicKey publicKey, PrivateKey.Type type)
          Extracts the "public value" from a public key.
 void initUnwrap()
          For plaintext-wrapped keys.
private  void initUnwrap(java.security.spec.AlgorithmParameterSpec parameters)
          Does the key-independent parts of initializing an unwrap.
 void initUnwrap(PrivateKey unwrappingKey, java.security.spec.AlgorithmParameterSpec parameters)
           
 void initUnwrap(SymmetricKey unwrappingKey, java.security.spec.AlgorithmParameterSpec parameters)
           
 void initWrap()
          For wrapping keys in plaintext.
private  void initWrap(java.security.spec.AlgorithmParameterSpec parameters)
          Does everything that is key-independent for initializing a wrap.
 void initWrap(java.security.PublicKey wrappingKey, java.security.spec.AlgorithmParameterSpec parameters)
           
 void initWrap(SymmetricKey wrappingKey, java.security.spec.AlgorithmParameterSpec parameters)
           
private static PrivateKey nativeUnwrapPrivWithSym(PK11Token token, SymmetricKey unwrappingKey, byte[] wrappedKey, KeyWrapAlgorithm alg, Algorithm type, byte[] publicValue, byte[] IV, boolean temporary)
          Unwrap a private with a symmetric.
private static SymmetricKey nativeUnwrapSymPlaintext(PK11Token token, byte[] wrappedKey, Algorithm type, int usageEnum)
           
private static SymmetricKey nativeUnwrapSymWithPriv(PK11Token token, PrivateKey unwrappingKey, byte[] wrappedKey, KeyWrapAlgorithm alg, Algorithm type, int keyLen, byte[] IV, int usageEnum)
          Unwrap a symmetric with a private.
private static SymmetricKey nativeUnwrapSymWithSym(PK11Token token, SymmetricKey unwrappingKey, byte[] wrappedKey, KeyWrapAlgorithm alg, Algorithm type, int keyLen, byte[] IV, int usageEnum)
          Unwrap a symmetric with a symmetric.
private static byte[] nativeWrapPrivWithSym(PK11Token token, PrivateKey toBeWrapped, SymmetricKey wrappingKey, KeyWrapAlgorithm alg, byte[] IV)
          Wrap a private with a symmetric
private static byte[] nativeWrapSymWithPub(PK11Token token, SymmetricKey toBeWrapped, java.security.PublicKey wrappingKey, KeyWrapAlgorithm alg, byte[] IV)
          Wrap a symmetric with a public
private static byte[] nativeWrapSymWithSym(PK11Token token, SymmetricKey toBeWrapped, SymmetricKey wrappingKey, KeyWrapAlgorithm alg, byte[] IV)
          Wrap a symmetric with a symmetric
private  void reset()
           
 PrivateKey unwrapPrivate(byte[] wrapped, PrivateKey.Type type, java.security.PublicKey publicKey)
          Unwraps a private key, creating a permanent private key object.
 SymmetricKey unwrapSymmetric(byte[] wrapped, SymmetricKey.Type type, int keyLen)
          Unwraps a key and allows it to be used for all operations.
private  SymmetricKey unwrapSymmetric(byte[] wrapped, SymmetricKey.Type type, int usageEnum, int keyLen)
           
 SymmetricKey unwrapSymmetric(byte[] wrapped, SymmetricKey.Type type, SymmetricKey.Usage usage, int keyLen)
           
 PrivateKey unwrapTemporaryPrivate(byte[] wrapped, PrivateKey.Type type, java.security.PublicKey publicKey)
          Unwraps a private key, creating a temporary private key object.
 byte[] wrap(PrivateKey toBeWrapped)
           
 byte[] wrap(SymmetricKey toBeWrapped)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

token

private PK11Token token

algorithm

private KeyWrapAlgorithm algorithm

state

private int state

parameters

private java.security.spec.AlgorithmParameterSpec parameters

symKey

private SymmetricKey symKey

privKey

private PrivateKey privKey

pubKey

private java.security.PublicKey pubKey

IV

private byte[] IV

UNINITIALIZED

private static final int UNINITIALIZED
See Also:
Constant Field Values

WRAP

private static final int WRAP
See Also:
Constant Field Values

UNWRAP

private static final int UNWRAP
See Also:
Constant Field Values
Constructor Detail

PK11KeyWrapper

private PK11KeyWrapper()

PK11KeyWrapper

PK11KeyWrapper(PK11Token token,
               KeyWrapAlgorithm algorithm)
Method Detail

initWrap

public void initWrap(SymmetricKey wrappingKey,
                     java.security.spec.AlgorithmParameterSpec parameters)
              throws java.security.InvalidKeyException,
                     java.security.InvalidAlgorithmParameterException
Specified by:
initWrap in interface KeyWrapper
java.security.InvalidKeyException
java.security.InvalidAlgorithmParameterException

initWrap

public void initWrap(java.security.PublicKey wrappingKey,
                     java.security.spec.AlgorithmParameterSpec parameters)
              throws java.security.InvalidKeyException,
                     java.security.InvalidAlgorithmParameterException
Specified by:
initWrap in interface KeyWrapper
java.security.InvalidKeyException
java.security.InvalidAlgorithmParameterException

initWrap

public void initWrap()
              throws java.security.InvalidKeyException,
                     java.security.InvalidAlgorithmParameterException
Description copied from interface: KeyWrapper
For wrapping keys in plaintext.

Specified by:
initWrap in interface KeyWrapper
java.security.InvalidKeyException
java.security.InvalidAlgorithmParameterException

initWrap

private void initWrap(java.security.spec.AlgorithmParameterSpec parameters)
               throws java.security.InvalidAlgorithmParameterException
Does everything that is key-independent for initializing a wrap.

java.security.InvalidAlgorithmParameterException

initUnwrap

public void initUnwrap(PrivateKey unwrappingKey,
                       java.security.spec.AlgorithmParameterSpec parameters)
                throws java.security.InvalidKeyException,
                       java.security.InvalidAlgorithmParameterException
Specified by:
initUnwrap in interface KeyWrapper
java.security.InvalidKeyException
java.security.InvalidAlgorithmParameterException

initUnwrap

public void initUnwrap(SymmetricKey unwrappingKey,
                       java.security.spec.AlgorithmParameterSpec parameters)
                throws java.security.InvalidKeyException,
                       java.security.InvalidAlgorithmParameterException
Specified by:
initUnwrap in interface KeyWrapper
java.security.InvalidKeyException
java.security.InvalidAlgorithmParameterException

initUnwrap

public void initUnwrap()
                throws java.security.InvalidKeyException,
                       java.security.InvalidAlgorithmParameterException
Description copied from interface: KeyWrapper
For plaintext-wrapped keys.

Specified by:
initUnwrap in interface KeyWrapper
java.security.InvalidKeyException
java.security.InvalidAlgorithmParameterException

initUnwrap

private void initUnwrap(java.security.spec.AlgorithmParameterSpec parameters)
                 throws java.security.InvalidAlgorithmParameterException
Does the key-independent parts of initializing an unwrap.

java.security.InvalidAlgorithmParameterException

checkWrapper

private void checkWrapper(java.security.PublicKey key)
                   throws java.security.InvalidKeyException
Makes sure the key is right for the algorithm.

java.security.InvalidKeyException

checkWrapper

private void checkWrapper(SymmetricKey key)
                   throws java.security.InvalidKeyException
Makes sure the key lives on the token and is right for the algorithm.

java.security.InvalidKeyException

checkWrapper

private void checkWrapper(PrivateKey key)
                   throws java.security.InvalidKeyException
Makes sure the key is on the token and is right for the algorithm.

java.security.InvalidKeyException

checkParams

private void checkParams(java.security.spec.AlgorithmParameterSpec params)
                  throws java.security.InvalidAlgorithmParameterException
java.security.InvalidAlgorithmParameterException

wrap

public byte[] wrap(PrivateKey toBeWrapped)
            throws java.security.InvalidKeyException,
                   java.lang.IllegalStateException,
                   TokenException
Specified by:
wrap in interface KeyWrapper
java.security.InvalidKeyException
java.lang.IllegalStateException
TokenException

wrap

public byte[] wrap(SymmetricKey toBeWrapped)
            throws java.security.InvalidKeyException,
                   java.lang.IllegalStateException,
                   TokenException
Specified by:
wrap in interface KeyWrapper
java.security.InvalidKeyException
java.lang.IllegalStateException
TokenException

checkWrappee

private void checkWrappee(SymmetricKey symKey)
                   throws java.security.InvalidKeyException
Makes sure the key lives on the right token.

java.security.InvalidKeyException

checkWrappee

private void checkWrappee(PrivateKey privKey)
                   throws java.security.InvalidKeyException
Makes sure the key lives on the right token.

java.security.InvalidKeyException

nativeWrapSymWithSym

private static byte[] nativeWrapSymWithSym(PK11Token token,
                                           SymmetricKey toBeWrapped,
                                           SymmetricKey wrappingKey,
                                           KeyWrapAlgorithm alg,
                                           byte[] IV)
                                    throws TokenException
Wrap a symmetric with a symmetric

TokenException

nativeWrapSymWithPub

private static byte[] nativeWrapSymWithPub(PK11Token token,
                                           SymmetricKey toBeWrapped,
                                           java.security.PublicKey wrappingKey,
                                           KeyWrapAlgorithm alg,
                                           byte[] IV)
                                    throws TokenException
Wrap a symmetric with a public

TokenException

nativeWrapPrivWithSym

private static byte[] nativeWrapPrivWithSym(PK11Token token,
                                            PrivateKey toBeWrapped,
                                            SymmetricKey wrappingKey,
                                            KeyWrapAlgorithm alg,
                                            byte[] IV)
                                     throws TokenException
Wrap a private with a symmetric

TokenException

unwrapPrivate

public PrivateKey unwrapPrivate(byte[] wrapped,
                                PrivateKey.Type type,
                                java.security.PublicKey publicKey)
                         throws TokenException,
                                java.security.InvalidKeyException,
                                java.lang.IllegalStateException
Unwraps a private key, creating a permanent private key object. A permanent private key object resides on a token until it is explicitly deleted from the token.

Specified by:
unwrapPrivate in interface KeyWrapper
Parameters:
publicKey - Used to calculate the key identifier that must be stored with the private key. Must be a RSAPublicKey or a DSAPublicKey.
Throws:
java.security.InvalidKeyException - If the type of the public key does not match the type of the private key to be unwrapped.
TokenException
java.lang.IllegalStateException

unwrapTemporaryPrivate

public PrivateKey unwrapTemporaryPrivate(byte[] wrapped,
                                         PrivateKey.Type type,
                                         java.security.PublicKey publicKey)
                                  throws TokenException,
                                         java.security.InvalidKeyException,
                                         java.lang.IllegalStateException
Unwraps a private key, creating a temporary private key object. A temporary private key is one that does not permanently reside on a token. As soon as it is garbage-collected, it is gone forever.

Specified by:
unwrapTemporaryPrivate in interface KeyWrapper
Parameters:
publicKey - Used to calculate the key identifier that must be stored with the private key. Must be a RSAPublicKey or a DSAPublicKey.
Throws:
java.security.InvalidKeyException - If the type of the public key does not match the type of the private key to be unwrapped.
TokenException
java.lang.IllegalStateException

baseUnwrapPrivate

private PrivateKey baseUnwrapPrivate(byte[] wrapped,
                                     PrivateKey.Type type,
                                     java.security.PublicKey publicKey,
                                     boolean temporary)
                              throws TokenException,
                                     java.security.InvalidKeyException,
                                     java.lang.IllegalStateException
TokenException
java.security.InvalidKeyException
java.lang.IllegalStateException

extractPublicValue

private static byte[] extractPublicValue(java.security.PublicKey publicKey,
                                         PrivateKey.Type type)
                                  throws java.security.InvalidKeyException
Extracts the "public value" from a public key. The public value is used to construct the key identifier (CKA_ID). Also, the internal token stores the DSA public value along with the private key.

java.security.InvalidKeyException

unwrapSymmetric

public SymmetricKey unwrapSymmetric(byte[] wrapped,
                                    SymmetricKey.Type type,
                                    SymmetricKey.Usage usage,
                                    int keyLen)
                             throws TokenException,
                                    java.lang.IllegalStateException,
                                    java.security.InvalidAlgorithmParameterException
Specified by:
unwrapSymmetric in interface KeyWrapper
Parameters:
keyLen - The expected length of the key in bytes. This is only used for variable-length keys (RC4) and non-padding algorithms. Otherwise, it can be set to anything(like 0).
usage - The operation the key will be used for after it is unwrapped. You have to specify this so that the key can be properly marked with the operation it supports. Some PKCS #11 tokens require that a key be marked for an operation before it can perform that operation.
TokenException
java.lang.IllegalStateException
java.security.InvalidAlgorithmParameterException

unwrapSymmetric

public SymmetricKey unwrapSymmetric(byte[] wrapped,
                                    SymmetricKey.Type type,
                                    int keyLen)
                             throws TokenException,
                                    java.lang.IllegalStateException,
                                    java.security.InvalidAlgorithmParameterException
Description copied from interface: KeyWrapper
Unwraps a key and allows it to be used for all operations.

Specified by:
unwrapSymmetric in interface KeyWrapper
Parameters:
keyLen - The expected length of the key in bytes. This is only used for variable-length keys (RC4) and non-padding algorithms. Otherwise, it can be set to anything(like 0).
TokenException
java.lang.IllegalStateException
java.security.InvalidAlgorithmParameterException

unwrapSymmetric

private SymmetricKey unwrapSymmetric(byte[] wrapped,
                                     SymmetricKey.Type type,
                                     int usageEnum,
                                     int keyLen)
                              throws TokenException,
                                     java.lang.IllegalStateException,
                                     java.security.InvalidAlgorithmParameterException
TokenException
java.lang.IllegalStateException
java.security.InvalidAlgorithmParameterException

algFromType

private static Algorithm algFromType(PrivateKey.Type type)

algFromType

private static Algorithm algFromType(SymmetricKey.Type type)

nativeUnwrapPrivWithSym

private static PrivateKey nativeUnwrapPrivWithSym(PK11Token token,
                                                  SymmetricKey unwrappingKey,
                                                  byte[] wrappedKey,
                                                  KeyWrapAlgorithm alg,
                                                  Algorithm type,
                                                  byte[] publicValue,
                                                  byte[] IV,
                                                  boolean temporary)
                                           throws TokenException
Unwrap a private with a symmetric.

TokenException

nativeUnwrapSymWithSym

private static SymmetricKey nativeUnwrapSymWithSym(PK11Token token,
                                                   SymmetricKey unwrappingKey,
                                                   byte[] wrappedKey,
                                                   KeyWrapAlgorithm alg,
                                                   Algorithm type,
                                                   int keyLen,
                                                   byte[] IV,
                                                   int usageEnum)
                                            throws TokenException
Unwrap a symmetric with a symmetric.

TokenException

nativeUnwrapSymWithPriv

private static SymmetricKey nativeUnwrapSymWithPriv(PK11Token token,
                                                    PrivateKey unwrappingKey,
                                                    byte[] wrappedKey,
                                                    KeyWrapAlgorithm alg,
                                                    Algorithm type,
                                                    int keyLen,
                                                    byte[] IV,
                                                    int usageEnum)
                                             throws TokenException
Unwrap a symmetric with a private.

TokenException

nativeUnwrapSymPlaintext

private static SymmetricKey nativeUnwrapSymPlaintext(PK11Token token,
                                                     byte[] wrappedKey,
                                                     Algorithm type,
                                                     int usageEnum)

reset

private void reset()

JSS 3.2