iaik.security.ssl
Class IaikEccProvider

java.lang.Object
  extended by iaik.security.ssl.SecurityProvider
      extended by iaik.security.ssl.IaikProvider
          extended by iaik.security.ssl.IaikEccProvider

Deprecated. use IAIK ECCelerateTM

public class IaikEccProvider
extends IaikProvider

This class implements an iSaSiLk SecurityProvider for the old IAIK-ECC cryptographic provider "IAIK_ECC".
Usage of the old IAIK_ECC library is deprecated. You should use the new IAIK ECCelerateTM library instead. An ECC enabling iSaSiLk SecurityProvider (iaik.security.ssl.ECCelerateProvider) is included in the ECCelerate distribution within the iaik_eccelerate_ssl.jar file.

This iSaSiLk SecurityProvider implements some methods that are required for supporting elliptic curve cipher suites according to RFC 4492.

To install this security provider call:

 // register IAIK-ECC provider 
 iaik.security.ecc.provider.ECCProvider.addAsProvider();
 // install security provider
 SecurityProvider.setSecurityProvider(new IaikEccProvider());
 

Version:
File Revision 45
See Also:
SecurityProvider, IaikProvider

Field Summary
static java.lang.String EC_DEFAULT_BINARY
          Deprecated. Default binary curve to be used if arbitrary char2 curves are suggested by the client.
static java.lang.String EC_DEFAULT_PRIME
          Deprecated. Default prime curve to be used if arbitrary prime curves are suggested by the client.
 
Fields inherited from class iaik.security.ssl.SecurityProvider
ALG_CIPHER_3DES, ALG_CIPHER_AES, ALG_CIPHER_AES_GCM, ALG_CIPHER_AES_PKCS5, ALG_CIPHER_CAMELLIA, ALG_CIPHER_CAMELLIA_GCM, ALG_CIPHER_DES, ALG_CIPHER_IDEA, ALG_CIPHER_RC2, ALG_CIPHER_RC4, ALG_CIPHER_RSA, ALG_CIPHER_RSA_DECRYPT, ALG_CIPHER_RSA_ENCRYPT, ALG_CIPHER_RSA_ENCRYPT_SSL2, ALG_CIPHER_RSA_SIGN, ALG_CIPHER_RSA_VERIFY, ALG_DIGEST_MD5, ALG_DIGEST_SHA, ALG_DIGEST_SHA1, ALG_DIGEST_SHA224, ALG_DIGEST_SHA256, ALG_DIGEST_SHA384, ALG_DIGEST_SHA512, ALG_HMAC_MD5, ALG_HMAC_SHA, ALG_HMAC_SHA256, ALG_HMAC_SHA384, ALG_HMAC_SHA512, ALG_KEYEX_DH, ALG_KEYEX_DSA, ALG_KEYEX_DSA_CLIENT, ALG_KEYEX_ECDH, ALG_KEYEX_ECDSA, ALG_KEYEX_ECDSA_CLIENT, ALG_KEYEX_RSA, ALG_KEYGEN_AES, ALG_KEYGEN_HMAC_SHA, ALG_KEYGEN_HMAC_SHA256, ALG_KEYGEN_PBKDF2, ALG_KEYPAIR_RSA, ALG_SIGNATURE_MD5RSA, ALG_SIGNATURE_RAWDSA, ALG_SIGNATURE_RAWECDSA, ALG_SIGNATURE_SHA1ECDSA, ALG_SIGNATURE_SHA1RSA, ALG_SIGNATURE_SHA224ECDSA, ALG_SIGNATURE_SHA224RSA, ALG_SIGNATURE_SHA256ECDSA, ALG_SIGNATURE_SHA256RSA, ALG_SIGNATURE_SHA384ECDSA, ALG_SIGNATURE_SHA384RSA, ALG_SIGNATURE_SHA512ECDSA, ALG_SIGNATURE_SHA512RSA, ALG_SIGNATURE_SHADSA, ALG_SIGNATURE_SHAECDSA, CIPHER_DECRYPT, CIPHER_ENCRYPT, CIPHER_NONE, configuration_, CONFIGURATION_PROPERTIES, KEYAGREEMENT_INIT, KEYAGREEMENT_NONE, providerName, SIGNATURE_NONE, SIGNATURE_SIGN, SIGNATURE_VERIFY
 
Constructor Summary
IaikEccProvider()
          Deprecated. Default constructor.
 
Method Summary
 boolean checkIfOnSameCurve(java.security.PublicKey ecdhServerPublicKey, java.security.PublicKey ecdhClientPublicKey)
          Deprecated. Checks if the given public server and client key are on the same elliptic curve.
 boolean checkKeyECPointFormat(java.security.PublicKey publicKey, SupportedPointFormats supportedPointFormats)
          Deprecated. Checks if the given public key complies with the given SupportedPointFormats extension.
 boolean checkKeyEllipticCurve(java.security.PublicKey publicKey, SupportedEllipticCurves supportedEllipticCurves)
          Deprecated. Checks if the given public key complies with the given SupportedEllipticCurves extension.
 java.security.PublicKey decodeECPublicKey(byte[] ecPoint, java.security.PrivateKey privateKey, SupportedPointFormats supportedPointFormats)
          Deprecated. Decodes the given encoded EC PublicKey according to the Octet-String-to-Point conversion of ANSI X9.62 (1998), section 4.3.7.
 java.security.PublicKey decodeECPublicKey(byte[] ecPoint, SupportedEllipticCurves.NamedCurve curve, SupportedPointFormats supportedPointFormats, SupportedEllipticCurves supportedEllipticCurves)
          Deprecated. Decodes the given encoded EC PublicKey according to the Octet-String-to-Point conversion of ANSI X9.62 (1998), section 4.3.7.
 byte[] encodeECPublicKey(java.security.PublicKey publicKey, SupportedPointFormats supportedPointFormats)
          Deprecated. Encodes the given EC PublicKey according to the Point-To-Octet-String conversion of ANSI X9.62 (1998), section 4.3.6.
 java.security.KeyPair generateECKeyPair(java.security.PublicKey serverKey)
          Deprecated. Generates a key pair with same domain parameters as the given public key for the given key agreement method.
 java.security.KeyPair generateECKeyPair(SupportedEllipticCurves supportedEllipticCurves, SupportedPointFormats supportedPointFormats)
          Deprecated. Generates a EC key pair according to the given list of supported curves.
 SupportedEllipticCurves.NamedCurve getCurve(java.security.PublicKey ecPublicKey)
          Deprecated. Gets the NamedCurve belonging to the given public EC key.
 java.lang.String getCurveName(java.security.PublicKey ecPublicKey)
          Deprecated. Gets the curve name belonging to the given public EC key.
 SupportedPointFormats.ECPointFormat getECPointFormat(java.security.PublicKey ecPublicKey)
          Deprecated. Gets the ECPointFormat (uncompressed, compressed prime, compressed char2) of the given public EC key.
 javax.crypto.KeyAgreement getKeyAgreement(java.lang.String algorithm, int mode, java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random)
          Deprecated. Gets a KeyAgreement object for the given algorithm.
 int getKeyLength(java.security.PrivateKey privKey)
          Deprecated. Calculates the length of the given private key.
 int getKeyLength(java.security.PublicKey pubKey)
          Deprecated. Calculates the length of the given public key.
protected  java.security.Signature getSignature(java.lang.String algorithm, int mode, java.security.Key key, java.security.SecureRandom random)
          Deprecated. Return a Signature implementation for the requested algorithm from the IAIK_ECC provider.
 boolean isBinary(java.security.PublicKey ecPublicKey)
          Deprecated. Checks if the curve of the given EC Public Key is binary or prime.
 boolean isNamedCurveSupported(SupportedEllipticCurves.NamedCurve curve)
          Deprecated. Checks if the given NamedCurve is supported by this SecurityProvider.
 boolean isPointFormatSupported(SupportedPointFormats.ECPointFormat pointFormat)
          Deprecated. Checks if the given ECPointFormat is supported by this SecurityProvider.
 
Methods inherited from class iaik.security.ssl.IaikProvider
aeadDecrypt, aeadEncrypt, calculateTrustedAuthorityIdentifier, checkCreatedRSAServerKeyExchangeSignature, checkExtendedKeyUsage, createCertStatusRequest, createPkiPath, deriveKey, getCipher, getDHPrivateKey, getDHPublicKey, getEncodedPrincipal, getMessageDigest, getPrincipal, getRSAPublicKey, getSecureRandom, getTLSServerName, getTLSServerName, getX509Certificate, getX509Certificate, getX509Certificates, loadKeyStore
 
Methods inherited from class iaik.security.ssl.SecurityProvider
calculateRawSignature, checkKeyLength, continueIfPeerDoesNotSupportSecureRenegotiation, createSharedECDHSecret, decodeURL, encodeURL, generateExtendedMasterSecret, generateMasterSecret, generateMasterSecret, getAlgorithmParameterGenerator, getDefaultCurve, getKeyGenerator, getKeyLength, getKeyPairGenerator, getMac, getSecurityProvider, getTLSServerName, getTLSServerName, isImplemented, isImplemented, isImplementedSignatureAlgorithm, setSecurityProvider, validateDHPublicKey, verifyRawSignature
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

EC_DEFAULT_PRIME

public static final java.lang.String EC_DEFAULT_PRIME
Deprecated. 
Default prime curve to be used if arbitrary prime curves are suggested by the client.

See Also:
Constant Field Values

EC_DEFAULT_BINARY

public static final java.lang.String EC_DEFAULT_BINARY
Deprecated. 
Default binary curve to be used if arbitrary char2 curves are suggested by the client.

See Also:
Constant Field Values
Constructor Detail

IaikEccProvider

public IaikEccProvider()
Deprecated. 
Default constructor.

Method Detail

getSignature

protected java.security.Signature getSignature(java.lang.String algorithm,
                                               int mode,
                                               java.security.Key key,
                                               java.security.SecureRandom random)
                                        throws java.lang.Exception
Deprecated. 
Return a Signature implementation for the requested algorithm from the IAIK_ECC provider.

Overrides:
getSignature in class IaikProvider
Parameters:
algorithm - the name of the signature algorithm
mode - the mode deciding whether to initialize the Signature engine for signing (SIGNATURE_SIGN), for verification (SIGNATURE_VERIFY) or whether to do not initialize the engine at all (SIGNATURE_NONE)
key - the key with which to -- if requested -- init the Signature object (if not null)
random - the random generator with which to -- if requested -- init the Signature object (if not null) (ignored because of JDK 1.1 compatibility; an application may override this method to use signature.initSign(privateKey, random);)
Throws:
java.lang.Exception

getKeyAgreement

public javax.crypto.KeyAgreement getKeyAgreement(java.lang.String algorithm,
                                                 int mode,
                                                 java.security.Key key,
                                                 java.security.spec.AlgorithmParameterSpec params,
                                                 java.security.SecureRandom random)
                                          throws java.lang.Exception
Deprecated. 
Gets a KeyAgreement object for the given algorithm. iSaSiLk uses a KeyAgreement engine for ECDH based cipher suites.

If the mode parameter is KEYAGREEMENT_INIT the KeyAgreement object is to be initialized with the provided key, parameters (if not null) and random number generator (if not null).

Overrides:
getKeyAgreement in class SecurityProvider
Parameters:
algorithm - the name of the KeyAgreement algorithm (e.g. "ECDH")
mode - the mode deciding whether to initialize (KEYAGREEMENT_INIT) the KeyAgreement or not (KEYAGREEMENT_NONE)
key - the key with which to -- if requested -- init the KeyAgreement object (if not null)
params - the parameters with which to (-- if requested -- init the KeyAgreement object (if not null)
random - the random generator with which to -- if requested -- init the KeyAgreement object (if not null)
Returns:
the KeyAgreement instance
Throws:
java.lang.Exception - if no KeyAgreement instance for the required algorithm is available or initialization of the KeyAgreement object fails

getKeyLength

public int getKeyLength(java.security.PublicKey pubKey)
Deprecated. 
Calculates the length of the given public key.

Overrides:
getKeyLength in class SecurityProvider
Parameters:
pubKey - the public key for which to calculate the length
Returns:
the length (in bits) of the public key
Throws:
java.lang.IllegalArgumentException - if the public key algorithm is not supported

getKeyLength

public int getKeyLength(java.security.PrivateKey privKey)
Deprecated. 
Calculates the length of the given private key.

Overrides:
getKeyLength in class SecurityProvider
Parameters:
privKey - the public key for which to calculate the length
Returns:
the length (in bits) of the private key
Throws:
java.lang.IllegalArgumentException - if the private key algorithm is not supported

encodeECPublicKey

public byte[] encodeECPublicKey(java.security.PublicKey publicKey,
                                SupportedPointFormats supportedPointFormats)
                         throws java.lang.Exception
Deprecated. 
Encodes the given EC PublicKey according to the Point-To-Octet-String conversion of ANSI X9.62 (1998), section 4.3.6.

Overrides:
encodeECPublicKey in class SecurityProvider
Parameters:
publicKey - the public EC key to be encoded
supportedPointFormats - the supported point formats of the peer; or null if the peer did not send a SupportedPointFormats extension (in this case the uncompressed format has to be used)
Returns:
the encoded EC key
Throws:
java.lang.Exception - if an error occurs when encoding the key

decodeECPublicKey

public java.security.PublicKey decodeECPublicKey(byte[] ecPoint,
                                                 SupportedEllipticCurves.NamedCurve curve,
                                                 SupportedPointFormats supportedPointFormats,
                                                 SupportedEllipticCurves supportedEllipticCurves)
                                          throws java.lang.Exception
Deprecated. 
Decodes the given encoded EC PublicKey according to the Octet-String-to-Point conversion of ANSI X9.62 (1998), section 4.3.7.

This method is called on the client side to decode the public server key contained in an ECDH ServerKeyExchange message received from the server.

Overrides:
decodeECPublicKey in class SecurityProvider
Parameters:
ecPoint - the (client) public key ECPoint, encoded according to ANSI X9.62 (1998), section 4.3.6
curve - the curve of the key
supportedPointFormats - the supported point formats sent to the server within the SupportedPointFormats extension; if not null check if the received key corresponds with the supported point formats
supportedEllipticCurves - the supported elliptic curves sent to the server within the SupportedEllipticCurves extension; if not null check if the received curve corresponds with the supported curve list
Returns:
the decoded public EC key
Throws:
java.lang.Exception - if an error occurs when decoding the key

decodeECPublicKey

public java.security.PublicKey decodeECPublicKey(byte[] ecPoint,
                                                 java.security.PrivateKey privateKey,
                                                 SupportedPointFormats supportedPointFormats)
                                          throws java.lang.Exception
Deprecated. 
Decodes the given encoded EC PublicKey according to the Octet-String-to-Point conversion of ANSI X9.62 (1998), section 4.3.7.

This method is called on the server side to decode the public client key contained in an ECDH ClientKeyExchange message received from the client.

Overrides:
decodeECPublicKey in class SecurityProvider
Parameters:
ecPoint - the (client) public key ECPoint, encoded according to ANSI X9.62 (1998), section 4.3.6
privateKey - the private (server) key containing the required domain parameters
supportedPointFormats - the SupportedPointFormats extension sent to the client; if not null check if the received key corresponds with the supported point formats
Returns:
the decoded public EC key
Throws:
java.lang.Exception - if an error occurs when decoding the key

generateECKeyPair

public java.security.KeyPair generateECKeyPair(java.security.PublicKey serverKey)
                                        throws java.lang.Exception
Deprecated. 
Generates a key pair with same domain parameters as the given public key for the given key agreement method.

This method is called by the library for creating the client key pair if ECDH or ECDHE ephemeral key exchange is used without fixed client authentication.

Overrides:
generateECKeyPair in class SecurityProvider
Parameters:
serverKey - the public key of the server
Returns:
the client key pair with domain parameters matching to those of the supplied server key;
Throws:
java.lang.Exception - if an error occurs when creating the key pair

generateECKeyPair

public java.security.KeyPair generateECKeyPair(SupportedEllipticCurves supportedEllipticCurves,
                                               SupportedPointFormats supportedPointFormats)
                                        throws java.lang.Exception
Deprecated. 
Generates a EC key pair according to the given list of supported curves.

Overrides:
generateECKeyPair in class SecurityProvider
Parameters:
supportedEllipticCurves - the supported elliptic curves, maybe null if the client has not sent a SupportedEllipticCurves extension
supportedPointFormats - the supported point formats; if not null maybe used to check if the peer may prefer a char2 curve (if no SupportedEllipticCurves extension has been sent)
Returns:
the new EC KeyPair
Throws:
java.lang.Exception - if an error occurs when generating the EC KeyPair

getCurve

public SupportedEllipticCurves.NamedCurve getCurve(java.security.PublicKey ecPublicKey)
Deprecated. 
Gets the NamedCurve belonging to the given public EC key.

Overrides:
getCurve in class SecurityProvider
Parameters:
ecPublicKey - the public EC key to be encoded
Returns:
the NamedCurve of the public EC key or null if the curve of the key is not supported

getCurveName

public java.lang.String getCurveName(java.security.PublicKey ecPublicKey)
Deprecated. 
Gets the curve name belonging to the given public EC key.

Overrides:
getCurveName in class SecurityProvider
Parameters:
ecPublicKey - the public EC key for which to get the NamedCurve
Returns:
the curve name of the public EC key or null if the curve of the key is not supported

getECPointFormat

public SupportedPointFormats.ECPointFormat getECPointFormat(java.security.PublicKey ecPublicKey)
Deprecated. 
Gets the ECPointFormat (uncompressed, compressed prime, compressed char2) of the given public EC key.

Overrides:
getECPointFormat in class SecurityProvider
Parameters:
ecPublicKey - the public EC key for which to get the EC point format
Returns:
the ECPointFormat of the public EC key or null if the point format cannot be checked

isBinary

public boolean isBinary(java.security.PublicKey ecPublicKey)
                 throws java.lang.Exception
Deprecated. 
Checks if the curve of the given EC Public Key is binary or prime.

Overrides:
isBinary in class SecurityProvider
Parameters:
ecPublicKey - the EC public key
Throws:
java.lang.Exception - if the key does not represent an EC key or it cannot be determined if the underlying field is prime or binary

checkIfOnSameCurve

public boolean checkIfOnSameCurve(java.security.PublicKey ecdhServerPublicKey,
                                  java.security.PublicKey ecdhClientPublicKey)
Deprecated. 
Checks if the given public server and client key are on the same elliptic curve. Required for client authentication schemes ECDSA_fixed_ECDH and RSA_fixed_ECDH.

Overrides:
checkIfOnSameCurve in class SecurityProvider
Parameters:
ecdhServerPublicKey - the ECDH public key of the server
ecdhClientPublicKey - the ECDH public key of the client
Returns:
true if the two keys are on the same curve, false if not

isPointFormatSupported

public boolean isPointFormatSupported(SupportedPointFormats.ECPointFormat pointFormat)
Deprecated. 
Checks if the given ECPointFormat is supported by this SecurityProvider.

Overrides:
isPointFormatSupported in class SecurityProvider
Parameters:
pointFormat - the ECPointFormat to be checked
Returns:
true if the given ECPointFormat is supported, false if it is not supported.

isNamedCurveSupported

public boolean isNamedCurveSupported(SupportedEllipticCurves.NamedCurve curve)
Deprecated. 
Checks if the given NamedCurve is supported by this SecurityProvider.

Overrides:
isNamedCurveSupported in class SecurityProvider
Parameters:
curve - the NamedCurve to be checked
Returns:
true if the given NamedCurve is supported, false if it is not supported.

checkKeyEllipticCurve

public boolean checkKeyEllipticCurve(java.security.PublicKey publicKey,
                                     SupportedEllipticCurves supportedEllipticCurves)
Deprecated. 
Checks if the given public key complies with the given SupportedEllipticCurves extension.
This method is used to check if the server uses an EC key that complies with the curves contained in the SupportedEllipticCurves extension that has been sent to the server.

Overrides:
checkKeyEllipticCurve in class SecurityProvider
Parameters:
publicKey - the public key used by the server
supportedEllipticCurves - the SupportedEllipticCurves extension sent by the client; maybe null if the client has not sent a SupportedEllipticCurves extension
Returns:
true if the public key complies with the SupportedEllipticCurves extension, false if it is does not comply with it.

checkKeyECPointFormat

public boolean checkKeyECPointFormat(java.security.PublicKey publicKey,
                                     SupportedPointFormats supportedPointFormats)
Deprecated. 
Checks if the given public key complies with the given SupportedPointFormats extension.
This method is used to check if the peer uses an EC key that complies with the point formats contained in the SupportedPointFormats extension that has been sent to the peer within the Hello message.
By default this method returns false (since EC point format check is not supported JDK- and provider independently).

Overrides:
checkKeyECPointFormat in class SecurityProvider
Parameters:
publicKey - the public key used by the server
supportedPointFormats - the SupportedPointFormats extension sent within the Hello message; maybe null if no SupportedPointFormats extension has been sent to the peer (in this case the uncompressed format has to be used!)
Returns:
true if the public key complies with the SupportedPointFormats extension, false if it is does not comply with it. By default this method returns false (since EC point format is not supported JDK- and provider independently)

This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note).

iSaSiLk 5.104, (c) 2002 IAIK, (c) 2003 - 2015 SIC