iaik.security.ssl
Class SecurityProvider

java.lang.Object
  extended by iaik.security.ssl.SecurityProvider
Direct Known Subclasses:
IaikProvider

public class SecurityProvider
extends java.lang.Object

This interface centralizes all security provider dependend code. If a user of iSaSiLk wants to use another security provider than IAIK (s)he only needs to extend this class. This class also contains the settings for the currently active SecurityProvider.

This class provides default implementations for all methods using the JCA/JCE 1.2 APIs except for some methods like getPrincipal() and getEncodedPrincipal() or ECC specific methods because they cannot be implemented in provider independent way. Therefore, if used with a fully JCA/JCE compliant provider no implementation work needs to be done at all and the provider will be used right away.

Note that if no SecurityProvider has been set explicitly, defaults will be used. If the IAIK JCE is available the IaikProvider will be used automatically, otherwise an instance of this class is used.

Note that there are separate documents about the iSaSiLk SecurityProvider model and the use of iSaSiLk with Smartcards.

See Also:
IaikProvider

Field Summary
static java.lang.String ALG_CIPHER_3DES
          Constant string DESede/CBC/NoPadding.
static java.lang.String ALG_CIPHER_AES
          Constant string AES/CBC/NoPadding.
static java.lang.String ALG_CIPHER_AES_GCM
          Constant string AES/GCM/NoPadding.
static java.lang.String ALG_CIPHER_AES_PKCS5
          Constant string AES/CBC/PKCS5Padding.
static java.lang.String ALG_CIPHER_CAMELLIA
          Constant string Camellia/CBC/NoPadding.
static java.lang.String ALG_CIPHER_CAMELLIA_GCM
          Constant string Camellia/GCM/NoPadding.
static java.lang.String ALG_CIPHER_DES
          Constant string DES/CBC/NoPadding.
static java.lang.String ALG_CIPHER_IDEA
          Constant string IDEA/CBC/NoPadding.
static java.lang.String ALG_CIPHER_RC2
          Constant string RC2/CBC/NoPadding.
static java.lang.String ALG_CIPHER_RC4
          Constant string RC4/ECB/NoPadding.
static java.lang.String ALG_CIPHER_RSA
          Constant string RSA/ECB/PKCS1Padding.
static java.lang.String ALG_CIPHER_RSA_DECRYPT
          Constant string RSA/ECB/PKCS1Padding/Decrypt.
static java.lang.String ALG_CIPHER_RSA_ENCRYPT
          Constant string RSA/ECB/PKCS1Padding/Encrypt.
static java.lang.String ALG_CIPHER_RSA_ENCRYPT_SSL2
          Constant string RSA/ECB/PKCS1PaddingSSL2.
static java.lang.String ALG_CIPHER_RSA_SIGN
          Constant string RSA/ECB/PKCS1Padding/Sign.
static java.lang.String ALG_CIPHER_RSA_VERIFY
          Constant string RSA/ECB/PKCS1Padding/Verify.
static java.lang.String ALG_DIGEST_MD5
          Constant string MD5 ("MD5").
static java.lang.String ALG_DIGEST_SHA
          Constant string SHA ("SHA-1").
static java.lang.String ALG_DIGEST_SHA1
          Constant string SHA ("SHA-1").
static java.lang.String ALG_DIGEST_SHA224
          Constant string SHA224 ("SHA224").
static java.lang.String ALG_DIGEST_SHA256
          Constant string SHA256 ("SHA256").
static java.lang.String ALG_DIGEST_SHA384
          Constant string SHA384 ("SHA384").
static java.lang.String ALG_DIGEST_SHA512
          Constant string SHA512 ("SHA512").
static java.lang.String ALG_HMAC_MD5
          Constant string HmacMD5.
static java.lang.String ALG_HMAC_SHA
          Constant string HmacSHA1.
static java.lang.String ALG_HMAC_SHA256
          Constant string HmacSHA256.
static java.lang.String ALG_HMAC_SHA384
          Constant string HmacSHA384.
static java.lang.String ALG_HMAC_SHA512
          Constant string HmacSHA512.
static java.lang.String ALG_KEYEX_DH
          Constant string DH.
static java.lang.String ALG_KEYEX_DSA
          Constant string DSA.
static java.lang.String ALG_KEYEX_DSA_CLIENT
          Constant string DSAClient.
static java.lang.String ALG_KEYEX_ECDH
          Constant string ECDH.
static java.lang.String ALG_KEYEX_ECDSA
          Constant string ECDSA.
static java.lang.String ALG_KEYEX_ECDSA_CLIENT
          Constant string ECDSAClient.
static java.lang.String ALG_KEYEX_RSA
          Constant string RSA.
static java.lang.String ALG_KEYGEN_AES
          Constant string AES.
static java.lang.String ALG_KEYGEN_HMAC_SHA
          Constant string HmacSHA1.
static java.lang.String ALG_KEYGEN_HMAC_SHA256
          Constant string HmacSHA256.
static java.lang.String ALG_KEYGEN_PBKDF2
          Constant String PBKDF2.
static java.lang.String ALG_KEYPAIR_RSA
          Constant string RSA.
static java.lang.String ALG_SIGNATURE_MD5RSA
          Constant string MD5withRSA.
static java.lang.String ALG_SIGNATURE_RAWDSA
          Constant string RawDSA.
static java.lang.String ALG_SIGNATURE_RAWECDSA
          Constant string RawECDSA.
static java.lang.String ALG_SIGNATURE_SHA1ECDSA
          Constant string SHA1withECDSA.
static java.lang.String ALG_SIGNATURE_SHA1RSA
          Constant string SHA1withRSA.
static java.lang.String ALG_SIGNATURE_SHA224ECDSA
          Constant string SHA224withECDSA.
static java.lang.String ALG_SIGNATURE_SHA224RSA
          Constant string SHA224withRSA.
static java.lang.String ALG_SIGNATURE_SHA256ECDSA
          Constant string SHA256withECDSA.
static java.lang.String ALG_SIGNATURE_SHA256RSA
          Constant string SHA256withRSA.
static java.lang.String ALG_SIGNATURE_SHA384ECDSA
          Constant string SHA384withECDSA.
static java.lang.String ALG_SIGNATURE_SHA384RSA
          Constant string SHA384withRSA.
static java.lang.String ALG_SIGNATURE_SHA512ECDSA
          Constant string SHA512withECDSA.
static java.lang.String ALG_SIGNATURE_SHA512RSA
          Constant string SHA512withRSA.
static java.lang.String ALG_SIGNATURE_SHADSA
          Constant string SHA1withDSA.
static java.lang.String ALG_SIGNATURE_SHAECDSA
          Constant string SHA1withECDSA.
static int CIPHER_DECRYPT
          Constant for a cipher object which is to be initialized for decryption.
static int CIPHER_ENCRYPT
          Constant for a cipher object which is to be initialized for encryption.
static int CIPHER_NONE
          Constant for a cipher object which is not to be initialized.
protected static java.util.Properties configuration_
          The properties object loaded from the configured file.
protected static java.lang.String CONFIGURATION_PROPERTIES
          The name of the properties file that holds the configuration of the SecurityProvider.
static int KEYAGREEMENT_INIT
          Constant for a KeyAgreement object which is to be initialized.
static int KEYAGREEMENT_NONE
          Constant for a KeyAgreement object which is not to be initialized.
protected  java.lang.String providerName
           
static int SIGNATURE_NONE
          Constant for a signature object which is not to be initialized.
static int SIGNATURE_SIGN
          Constant for a signature object which is to be initialized for signing.
static int SIGNATURE_VERIFY
          Constant for a signature object which is to be initialized for verification.
 
Constructor Summary
SecurityProvider()
          Default constructor.
SecurityProvider(java.lang.String providerName)
          Constructor specifying the provider to use.
 
Method Summary
protected  int aeadDecrypt(javax.crypto.Cipher cipher, javax.crypto.SecretKey key, byte[] in, int inOff, int inLen, byte[] out, int outOff, byte[] aad, byte[] nonce, int macSize)
          Uses the given cipher to AEAD decrypt the given encrypted data with the given key.
protected  int aeadEncrypt(javax.crypto.Cipher cipher, javax.crypto.SecretKey key, byte[] in, int inOff, int inLen, byte[] out, int outOff, byte[] aad, byte[] nonce, int macSize, java.security.SecureRandom random)
          Uses the given cipher to AEAD encrypt the given data with the given key.
protected  byte[] calculateRawSignature(java.lang.String algorithmName, byte[] dataToBeSigned, java.security.PrivateKey key, java.security.SecureRandom random)
          Calculate the raw signature.
 byte[] calculateTrustedAuthorityIdentifier(int type, java.security.cert.X509Certificate certificate)
          Calculates a TrustedAuthority identifier of the given type from the given certificate.
protected  boolean checkCreatedRSAServerKeyExchangeSignature()
          Asks whether to check an RSA-CRT key ServerKeyExchange signature immediately after signature creation.
 boolean checkExtendedKeyUsage(java.security.cert.X509Certificate cert, boolean clientAuth)
          Checks if the ExtendedKeyUsage of the given client/server certificate enables the certificate for client/server authentication.
 boolean checkIfOnSameCurve(java.security.PublicKey ecdhServerPublicKey, java.security.PublicKey ecdhClientPublicKey)
          Checks if the given public server and client key are on the same elliptic curve.
 boolean checkKeyECPointFormat(java.security.PublicKey publicKey, SupportedPointFormats supportedPointFormats)
          Checks if the given public key complies with the given SupportedPointFormats extension.
 boolean checkKeyEllipticCurve(java.security.PublicKey publicKey, SupportedEllipticCurves supportedEllipticCurves)
          Checks if the given public key complies with the given SupportedEllipticCurves extension.
 void checkKeyLength(java.security.Key key)
          Checks the length (size) of the given key.
 void continueIfPeerDoesNotSupportSecureRenegotiation(SSLTransport transport, boolean renegotiation)
          Asks whether to continue if the peer does not support secure renegotiation.
 byte[] createCertStatusRequest(int statusType)
          Creates a status request to be sent within a status_request extension.
 byte[] createPkiPath(java.security.cert.X509Certificate[] certificates)
          Creates a DER encoded PKI path from the given (client) certificate chain.
 byte[] createSharedECDHSecret(java.security.PrivateKey privateKey, java.security.PublicKey publicKey)
          Creates a ECDH shared secret based on the given private and public ECDH keys.
 java.security.PublicKey decodeECPublicKey(byte[] ecPoint, java.security.PrivateKey privateKey, SupportedPointFormats supportedPointFormats)
          Decodes the given encoded EC PublicKey according to the Octet-String-to-Point conversion of ANSI X9.62 (1998), section 4.3.7.
 java.security.PublicKey decodeECPublicKey(byte[] ecPoint, SupportedEllipticCurves.NamedCurve curve, SupportedPointFormats supportedPointFormats, SupportedEllipticCurves supportedEllipticCurves)
          Decodes the given encoded EC PublicKey according to the Octet-String-to-Point conversion of ANSI X9.62 (1998), section 4.3.7.
 java.lang.String decodeURL(byte[] encodedCertificateURL)
          Decodes an encoded client certificate url.
 javax.crypto.SecretKey deriveKey(java.lang.String algorithm, char[] password, byte[] salt, int iterationCount, int keyLen, java.lang.String keyName, java.security.SecureRandom random)
          Uses the specified key derivation function to derive a key from the given password.
 byte[] encodeECPublicKey(java.security.PublicKey publicKey, SupportedPointFormats supportedPointFormats)
          Encodes the given EC PublicKey according to the Point-To-Octet-String conversion of ANSI X9.62 (1998), section 4.3.6.
 byte[] encodeURL(java.lang.String certificateURL)
          Encodes the given client certificate url.
 java.security.KeyPair generateECKeyPair(java.security.PublicKey serverKey)
          Generates a key pair with same domain parameters as the given public key for the given key agreement method.
 java.security.KeyPair generateECKeyPair(SupportedEllipticCurves supportedEllipticCurves, SupportedPointFormats supportedPointFormats)
          Generates a EC key pair according to the given list of supported curves.
 byte[] generateExtendedMasterSecret(byte[] preMasterSecret, byte[] handshakeHash, int version, java.lang.String prfDigestAlg)
          Creates an extended the master secret according to RFC 7627.
 byte[] generateMasterSecret(byte[] preMasterSecret, byte[] clientHelloRandom, byte[] serverHelloRandom, int version)
          Deprecated. use method generateMasterSecret(byte[], byte[], byte[], int, String)
 byte[] generateMasterSecret(byte[] preMasterSecret, byte[] clientHelloRandom, byte[] serverHelloRandom, int version, java.lang.String prfDigestAlg)
          Creates the master secret from the pre master secret.
 java.security.AlgorithmParameterGenerator getAlgorithmParameterGenerator(java.lang.String algorithm)
          Returns an AlgorithmParameterGenerator for the requested algorithm.
protected  javax.crypto.Cipher getCipher(java.lang.String algorithm, int mode, java.security.Key key, java.security.spec.AlgorithmParameterSpec param, java.security.SecureRandom random)
          This method returns the desired Cipher object.
 SupportedEllipticCurves.NamedCurve getCurve(java.security.PublicKey ecPublicKey)
          Gets the NamedCurve belonging to the given public EC key.
 java.lang.String getCurveName(java.security.PublicKey ecPublicKey)
          Gets the curve name belonging to the given public EC key.
 SupportedEllipticCurves.NamedCurve getDefaultCurve(boolean binary)
          Gets the preferred default curve to be used by the server if no SupportedEllipticCurves extension has been sent by the client.
protected  javax.crypto.interfaces.DHPrivateKey getDHPrivateKey(java.math.BigInteger x, java.math.BigInteger p, java.math.BigInteger g)
          This method returns a DHPrivateKey created from the values: x, p and g.
protected  javax.crypto.interfaces.DHPublicKey getDHPublicKey(java.math.BigInteger y, java.math.BigInteger p, java.math.BigInteger g)
          This method returns a DHPublicKey created from the values: y, p and g.
 SupportedPointFormats.ECPointFormat getECPointFormat(java.security.PublicKey ecPublicKey)
          Gets the ECPointFormat (uncompressed, compressed prime, compressed char2) of the given public EC key.
protected  byte[] getEncodedPrincipal(java.security.Principal principal)
          This method returns a DER encoded Name (Principal).
 javax.crypto.KeyAgreement getKeyAgreement(java.lang.String algorithm, int mode, java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random)
          Gets a KeyAgreement object for the given algorithm.
protected  javax.crypto.KeyGenerator getKeyGenerator(java.lang.String algorithm)
          Returns a KeyGenerator for the requested algorithm.
 int getKeyLength(java.security.Key key)
          Calculates the length of the given key.
 int getKeyLength(java.security.PrivateKey privKey)
          Calculates the length of the given private key.
 int getKeyLength(java.security.PublicKey pubKey)
          Calculates the length of the given public key.
protected  java.security.KeyPairGenerator getKeyPairGenerator(java.lang.String algorithm)
          Returns a KeyPairGenerator for the requested algorithm.
protected  javax.crypto.Mac getMac(java.lang.String algorithm, java.security.Key key)
          This method returns the desired HMAC object.
protected  java.security.MessageDigest getMessageDigest(java.lang.String algorithm)
          This method returns the desired MessageDigest object.
protected  java.security.Principal getPrincipal(byte[] array)
          This method returns a Principal created from a DER encoded byte array.
protected  java.security.interfaces.RSAPublicKey getRSAPublicKey(java.math.BigInteger modulus, java.math.BigInteger publicExponent)
          This method returns a RSAPublicKey created from the values: modulus and publicExponent.
protected  java.security.SecureRandom getSecureRandom()
          Returns a new instance of a SecureRandom number generator.
static SecurityProvider getSecurityProvider()
          Returns the active SecurityProvider.
protected  java.security.Signature getSignature(java.lang.String algorithm, int mode, java.security.Key key, java.security.SecureRandom random)
          This method returns the desired Signature object.
 ServerName getTLSServerName(int nameType, byte[] encodedServerName)
          Creates a ServerName from the given (UTF-8) encoded server name.
 ServerName getTLSServerName(int nameType, java.lang.String name)
          Creates a ServerName from the given server name string.
 ServerName[] getTLSServerName(int nameType, java.security.cert.X509Certificate serverCert)
          Gets the TLS server name(s) from the given certificate.
protected  java.lang.String[] getTLSServerName(java.security.cert.X509Certificate serverCert)
          Returns the TLS server name(s) from the certificate.
protected  java.security.cert.X509Certificate getX509Certificate(byte[] array)
          This method returns a X509Certificate created from a DER encoded byte array.
 java.security.cert.X509Certificate getX509Certificate(java.io.InputStream is)
          This method parses a DER encoded X509Certificate from an input stream.
 java.security.cert.X509Certificate[] getX509Certificates(byte[] pkiPath)
          This method creates a X.509 certificate array from a DER encoded PKI path as used by the TLS extension client_certificate_ URL (RFC 4366).
 boolean isBinary(java.security.PublicKey ecPublicKey)
          Checks if the curve of the given EC Public Key is binary or prime.
protected  boolean isImplemented(java.lang.String algorithm)
          Check if the specified algorithm is implemented by this provider.
protected  boolean isImplemented(java.lang.String algorithm, CipherSuite suite)
          Check if the specified algorithm required by the given cipher suite is implemented by this provider.
protected  boolean isImplementedSignatureAlgorithm(java.lang.String algorithm)
          Check if the specified signature algorithm is implemented by this provider.
 boolean isNamedCurveSupported(SupportedEllipticCurves.NamedCurve curve)
          Checks if the given NamedCurve is supported by this SecurityProvider.
 boolean isPointFormatSupported(SupportedPointFormats.ECPointFormat pointFormat)
          Checks if the given ECPointFormat is supported by this SecurityProvider.
 java.security.KeyStore loadKeyStore(java.lang.String keyStoreFile, char[] keyStorePassword, java.lang.String keyStoreType, java.lang.String keyStoreProvider)
          Loads a KeyStore from the given file protected with the given password.
static void setSecurityProvider(SecurityProvider provider)
          Sets the global SecurityProvider.
protected  void validateDHPublicKey(java.math.BigInteger y, java.math.BigInteger p, java.math.BigInteger g)
          Validates the given DHPublicKey.
protected  boolean verifyRawSignature(java.lang.String algorithmName, byte[] dataToBeSigned, byte[] signature, java.security.PublicKey key)
          Verify the provided signature.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

CONFIGURATION_PROPERTIES

protected static final java.lang.String CONFIGURATION_PROPERTIES
The name of the properties file that holds the configuration of the SecurityProvider. This holds the class name of the implementation class of this SecurityProvider interface. If this file does not exist the default (IaikProvider) is used.

See Also:
Constant Field Values

configuration_

protected static java.util.Properties configuration_
The properties object loaded from the configured file.


providerName

protected java.lang.String providerName

SIGNATURE_NONE

public static final int SIGNATURE_NONE
Constant for a signature object which is not to be initialized.

See Also:
Constant Field Values

SIGNATURE_SIGN

public static final int SIGNATURE_SIGN
Constant for a signature object which is to be initialized for signing.

See Also:
Constant Field Values

SIGNATURE_VERIFY

public static final int SIGNATURE_VERIFY
Constant for a signature object which is to be initialized for verification.

See Also:
Constant Field Values

CIPHER_NONE

public static final int CIPHER_NONE
Constant for a cipher object which is not to be initialized.

See Also:
Constant Field Values

CIPHER_ENCRYPT

public static final int CIPHER_ENCRYPT
Constant for a cipher object which is to be initialized for encryption.

See Also:
Constant Field Values

CIPHER_DECRYPT

public static final int CIPHER_DECRYPT
Constant for a cipher object which is to be initialized for decryption.

See Also:
Constant Field Values

KEYAGREEMENT_NONE

public static final int KEYAGREEMENT_NONE
Constant for a KeyAgreement object which is not to be initialized.

See Also:
Constant Field Values

KEYAGREEMENT_INIT

public static final int KEYAGREEMENT_INIT
Constant for a KeyAgreement object which is to be initialized.

See Also:
Constant Field Values

ALG_DIGEST_MD5

public static final java.lang.String ALG_DIGEST_MD5
Constant string MD5 ("MD5"). Used by the library with getMessageDigest().

See Also:
Constant Field Values

ALG_DIGEST_SHA

public static final java.lang.String ALG_DIGEST_SHA
Constant string SHA ("SHA-1"). Same as ALG_DIGEST_SHA1. Used by the library with getMessageDigest().

See Also:
Constant Field Values

ALG_DIGEST_SHA1

public static final java.lang.String ALG_DIGEST_SHA1
Constant string SHA ("SHA-1"). Same as ALG_DIGEST_SHA. Used by the library with getMessageDigest().

See Also:
Constant Field Values

ALG_DIGEST_SHA224

public static final java.lang.String ALG_DIGEST_SHA224
Constant string SHA224 ("SHA224"). Used by the library with getMessageDigest().

See Also:
Constant Field Values

ALG_DIGEST_SHA256

public static final java.lang.String ALG_DIGEST_SHA256
Constant string SHA256 ("SHA256"). Used by the library with getMessageDigest().

See Also:
Constant Field Values

ALG_DIGEST_SHA384

public static final java.lang.String ALG_DIGEST_SHA384
Constant string SHA384 ("SHA384"). Used by the library with getMessageDigest().

See Also:
Constant Field Values

ALG_DIGEST_SHA512

public static final java.lang.String ALG_DIGEST_SHA512
Constant string SHA512 ("SHA512"). Used by the library with getMessageDigest().

See Also:
Constant Field Values

ALG_HMAC_MD5

public static final java.lang.String ALG_HMAC_MD5
Constant string HmacMD5. Used by the library with getMac().

See Also:
Constant Field Values

ALG_HMAC_SHA

public static final java.lang.String ALG_HMAC_SHA
Constant string HmacSHA1. Used by the library with getMac().

See Also:
Constant Field Values

ALG_HMAC_SHA256

public static final java.lang.String ALG_HMAC_SHA256
Constant string HmacSHA256. Used by the library with getMac().

See Also:
Constant Field Values

ALG_HMAC_SHA384

public static final java.lang.String ALG_HMAC_SHA384
Constant string HmacSHA384. Used by the library with getMac().

See Also:
Constant Field Values

ALG_HMAC_SHA512

public static final java.lang.String ALG_HMAC_SHA512
Constant string HmacSHA512. Used by the library with getMac().

See Also:
Constant Field Values

ALG_SIGNATURE_SHADSA

public static final java.lang.String ALG_SIGNATURE_SHADSA
Constant string SHA1withDSA. Used by the library with getSignature().

See Also:
Constant Field Values

ALG_SIGNATURE_RAWDSA

public static final java.lang.String ALG_SIGNATURE_RAWDSA
Constant string RawDSA. Used by the library with getSignature().

See Also:
Constant Field Values

ALG_SIGNATURE_SHAECDSA

public static final java.lang.String ALG_SIGNATURE_SHAECDSA
Constant string SHA1withECDSA. Used by the library with getSignature().

See Also:
Constant Field Values

ALG_SIGNATURE_SHA1ECDSA

public static final java.lang.String ALG_SIGNATURE_SHA1ECDSA
Constant string SHA1withECDSA. Used by the library with getSignature(). Same as #ALG_SIGNATURE_SHAECDSA

See Also:
Constant Field Values

ALG_SIGNATURE_SHA224ECDSA

public static final java.lang.String ALG_SIGNATURE_SHA224ECDSA
Constant string SHA224withECDSA. Used by the library with getSignature().

See Also:
Constant Field Values

ALG_SIGNATURE_SHA256ECDSA

public static final java.lang.String ALG_SIGNATURE_SHA256ECDSA
Constant string SHA256withECDSA. Used by the library with getSignature().

See Also:
Constant Field Values

ALG_SIGNATURE_SHA384ECDSA

public static final java.lang.String ALG_SIGNATURE_SHA384ECDSA
Constant string SHA384withECDSA. Used by the library with getSignature().

See Also:
Constant Field Values

ALG_SIGNATURE_SHA512ECDSA

public static final java.lang.String ALG_SIGNATURE_SHA512ECDSA
Constant string SHA512withECDSA. Used by the library with getSignature().

See Also:
Constant Field Values

ALG_SIGNATURE_RAWECDSA

public static final java.lang.String ALG_SIGNATURE_RAWECDSA
Constant string RawECDSA. Used by the library with getSignature().

See Also:
Constant Field Values

ALG_SIGNATURE_MD5RSA

public static final java.lang.String ALG_SIGNATURE_MD5RSA
Constant string MD5withRSA. Used by the library with getSignature().

See Also:
Constant Field Values

ALG_SIGNATURE_SHA1RSA

public static final java.lang.String ALG_SIGNATURE_SHA1RSA
Constant string SHA1withRSA. Used by the library with getSignature().

See Also:
Constant Field Values

ALG_SIGNATURE_SHA224RSA

public static final java.lang.String ALG_SIGNATURE_SHA224RSA
Constant string SHA224withRSA. Used by the library with getSignature().

See Also:
Constant Field Values

ALG_SIGNATURE_SHA256RSA

public static final java.lang.String ALG_SIGNATURE_SHA256RSA
Constant string SHA256withRSA. Used by the library with getSignature().

See Also:
Constant Field Values

ALG_SIGNATURE_SHA384RSA

public static final java.lang.String ALG_SIGNATURE_SHA384RSA
Constant string SHA384withRSA. Used by the library with getSignature().

See Also:
Constant Field Values

ALG_SIGNATURE_SHA512RSA

public static final java.lang.String ALG_SIGNATURE_SHA512RSA
Constant string SHA512withRSA. Used by the library with getSignature().

See Also:
Constant Field Values

ALG_CIPHER_RC4

public static final java.lang.String ALG_CIPHER_RC4
Constant string RC4/ECB/NoPadding. Used by the library with getCipher().

See Also:
Constant Field Values

ALG_CIPHER_RC2

public static final java.lang.String ALG_CIPHER_RC2
Constant string RC2/CBC/NoPadding. Used by the library with getCipher().

See Also:
Constant Field Values

ALG_CIPHER_DES

public static final java.lang.String ALG_CIPHER_DES
Constant string DES/CBC/NoPadding. Used by the library with getCipher().

See Also:
Constant Field Values

ALG_CIPHER_3DES

public static final java.lang.String ALG_CIPHER_3DES
Constant string DESede/CBC/NoPadding. Used by the library with getCipher().

See Also:
Constant Field Values

ALG_CIPHER_IDEA

public static final java.lang.String ALG_CIPHER_IDEA
Constant string IDEA/CBC/NoPadding. Used by the library with getCipher().

See Also:
Constant Field Values

ALG_CIPHER_AES

public static final java.lang.String ALG_CIPHER_AES
Constant string AES/CBC/NoPadding. Used by the library with getCipher().

See Also:
Constant Field Values

ALG_CIPHER_AES_PKCS5

public static final java.lang.String ALG_CIPHER_AES_PKCS5
Constant string AES/CBC/PKCS5Padding. Used by the library with getCipher().

See Also:
Constant Field Values

ALG_CIPHER_AES_GCM

public static final java.lang.String ALG_CIPHER_AES_GCM
Constant string AES/GCM/NoPadding. Used by the library with getCipher().

See Also:
Constant Field Values

ALG_CIPHER_CAMELLIA

public static final java.lang.String ALG_CIPHER_CAMELLIA
Constant string Camellia/CBC/NoPadding. Used by the library with getCipher().

See Also:
Constant Field Values

ALG_CIPHER_CAMELLIA_GCM

public static final java.lang.String ALG_CIPHER_CAMELLIA_GCM
Constant string Camellia/GCM/NoPadding. Used by the library with getCipher().

See Also:
Constant Field Values

ALG_KEYPAIR_RSA

public static final java.lang.String ALG_KEYPAIR_RSA
Constant string RSA. Used by the library with getKeyPairGenerator().

See Also:
Constant Field Values

ALG_KEYEX_RSA

public static final java.lang.String ALG_KEYEX_RSA
Constant string RSA. Used by the library with isImplemented().

See Also:
Constant Field Values

ALG_KEYEX_DSA

public static final java.lang.String ALG_KEYEX_DSA
Constant string DSA. Used by the library with isImplemented().

See Also:
Constant Field Values

ALG_KEYEX_DSA_CLIENT

public static final java.lang.String ALG_KEYEX_DSA_CLIENT
Constant string DSAClient. Used by the library with isImplemented().

See Also:
Constant Field Values

ALG_KEYEX_DH

public static final java.lang.String ALG_KEYEX_DH
Constant string DH. Used by the library with isImplemented().

See Also:
Constant Field Values

ALG_KEYEX_ECDSA

public static final java.lang.String ALG_KEYEX_ECDSA
Constant string ECDSA. Used by the library with isImplemented().

See Also:
Constant Field Values

ALG_KEYEX_ECDSA_CLIENT

public static final java.lang.String ALG_KEYEX_ECDSA_CLIENT
Constant string ECDSAClient. Used by the library with isImplemented().

See Also:
Constant Field Values

ALG_KEYEX_ECDH

public static final java.lang.String ALG_KEYEX_ECDH
Constant string ECDH. Used by the library with isImplemented().

See Also:
Constant Field Values

ALG_CIPHER_RSA

public static final java.lang.String ALG_CIPHER_RSA
Constant string RSA/ECB/PKCS1Padding. This string is NOT used with getCipher(), but it is the prefix of all RSA algorithm identifier strings (see below). The different identifiers were chosen to simplify using a particular RSA implementation just one of these operations. For example, to implement RSA client authentication on a smartcard one will only care about signature creation operations and will want to leave all other operations to the standard implementation. This can easily be done by checking for the String ALG_CIPHER_RSA_SIGN only.

If you write your own security provider that does nothing like this you will typically use code like:

 if( algorithm.startsWith(ALG_CIPHER_RSA) ) {
   algorithm = ALG_CIPHER_RSA;
 }
 return Cipher.getInstance(algorithm, "MyProvider");
 

See Also:
Constant Field Values

ALG_CIPHER_RSA_SIGN

public static final java.lang.String ALG_CIPHER_RSA_SIGN
Constant string RSA/ECB/PKCS1Padding/Sign. Used by the library with getCipher() to indicate an RSA signature creation operation (private key encryption).

See Also:
Constant Field Values

ALG_CIPHER_RSA_VERIFY

public static final java.lang.String ALG_CIPHER_RSA_VERIFY
Constant string RSA/ECB/PKCS1Padding/Verify. Used by the library with getCipher() to indicate an RSA signature verification operation (public key decryption).

See Also:
Constant Field Values

ALG_CIPHER_RSA_ENCRYPT

public static final java.lang.String ALG_CIPHER_RSA_ENCRYPT
Constant string RSA/ECB/PKCS1Padding/Encrypt. Used by the library with getCipher() to indicate an RSA data encryption operation (public key encryption).

See Also:
Constant Field Values

ALG_CIPHER_RSA_DECRYPT

public static final java.lang.String ALG_CIPHER_RSA_DECRYPT
Constant string RSA/ECB/PKCS1Padding/Decrypt. Used by the library with getCipher() to indicate an RSA data decryption operation (private key decryption).

See Also:
Constant Field Values

ALG_CIPHER_RSA_ENCRYPT_SSL2

public static final java.lang.String ALG_CIPHER_RSA_ENCRYPT_SSL2
Constant string RSA/ECB/PKCS1PaddingSSL2. Used by the library with getCipher() in SSLv2 mode to detect version rollback attacks (see RFC2246 section E.2). If this padding variant is not supported by a particular provider it should treat it the same as ALG_CIPHER_RSA_ENCRYPT.

See Also:
Constant Field Values

ALG_KEYGEN_PBKDF2

public static final java.lang.String ALG_KEYGEN_PBKDF2
Constant String PBKDF2. Only used for deriving a key from a password for pbe protected storing the contents of the DefaultPSKManager by using the PKCS#5 key derivation function "PBKDF2". Note that storing the DefaultPSKManager is only an optional feature and is NOT required for the normal SSL/TLS protocol working, even if PSK cipher suites are used.

See Also:
Constant Field Values

ALG_KEYGEN_AES

public static final java.lang.String ALG_KEYGEN_AES
Constant string AES. Used by the library with getKeyGenerator() to generate keys for an AES Cipher engine.

See Also:
Constant Field Values

ALG_KEYGEN_HMAC_SHA

public static final java.lang.String ALG_KEYGEN_HMAC_SHA
Constant string HmacSHA1. Used by the library with getKeyGenerator() to generate keys for an HmacSHA1 Mac engine.

See Also:
Constant Field Values

ALG_KEYGEN_HMAC_SHA256

public static final java.lang.String ALG_KEYGEN_HMAC_SHA256
Constant string HmacSHA256. Used by the library with getKeyGenerator() to generate keys for an HmacSHA256 Mac engine.

See Also:
Constant Field Values
Constructor Detail

SecurityProvider

public SecurityProvider()
Default constructor.


SecurityProvider

public SecurityProvider(java.lang.String providerName)
Constructor specifying the provider to use. If this constructor is used only the specified provider is searched, no implementations from other providers are used.

Method Detail

getSecurityProvider

public static SecurityProvider getSecurityProvider()
Returns the active SecurityProvider. If no provider has been set explicitly using setSecurityProvider() and the properties file iaik/security/ssl/SecurityProvider.properties is available, this method tries to instanciate there SecurityProvider implementation configured there. If this file is no available, it tries to instanciate the IaikPovider. If the above mentioned attemps fail, it retunrs an instance of this class.

NOTE that the SecurityProvider setting is global for all SSLContexts.

Returns:
the installed SecurityProvider

setSecurityProvider

public static void setSecurityProvider(SecurityProvider provider)
Sets the global SecurityProvider.

NOTE that the SecurityProvider setting is global for all SSLContexts.

Parameters:
provider - the SecurityProvider which shall be used

isImplemented

protected boolean isImplemented(java.lang.String algorithm)
Check if the specified algorithm is implemented by this provider. The algorithm argument is the ALG_CIPHER_xxx string for symmetric algorithms or ALG_KEYEX_xxx for asymmetric algorithms. The default implementation performs the check by calling the respective get method and checking for exceptions.

It should normally not be necessary to override this method. Note that the library uses a caching mechanism to make sure this method is only called once per algorithm and SecurityProvider.

Parameters:
algorithm - the algorithm to be checked

isImplemented

protected boolean isImplemented(java.lang.String algorithm,
                                CipherSuite suite)
Check if the specified algorithm required by the given cipher suite is implemented by this provider. The algorithm argument is the ALG_CIPHER_xxx string for symmetric algorithms or ALG_KEYEX_xxx for asymmetric algorithms. The default implementation performs the check by calling the respective get method and checking for exceptions. For Cipher engine this method also tries to init the engine by using a key with a length required for the given CipherSuite (this check will drop all CipherSuites that need key sizes which are not allowed due to to key size restrictions of the installed JCE framework configuration).

It should normally not be necessary to override this method. Note that the library uses a caching mechanism to make sure this method is only called once per algorithm and SecurityProvider.

Parameters:
algorithm - the algorithm to be checked
suite - the CipherSuite that uses the given algorithm

isImplementedSignatureAlgorithm

protected boolean isImplementedSignatureAlgorithm(java.lang.String algorithm)
Check if the specified signature algorithm is implemented by this provider.

It should normally not be necessary to override this method. Note that the library uses a caching mechanism to make sure this method is only called once per algorithm and SecurityProvider.

Parameters:
algorithm - the signature algorithm to be checked

getDHPublicKey

protected javax.crypto.interfaces.DHPublicKey getDHPublicKey(java.math.BigInteger y,
                                                             java.math.BigInteger p,
                                                             java.math.BigInteger g)
                                                      throws java.lang.Exception
This method returns a DHPublicKey created from the values: y, p and g. This method only must be implemented if one wants to use Diffie-Hellman cipher suites.

Parameters:
y - the public value y
p - the prime modulus p
g - the base generator g
Returns:
the new created DHPublicKey
Throws:
java.lang.Exception

validateDHPublicKey

protected void validateDHPublicKey(java.math.BigInteger y,
                                   java.math.BigInteger p,
                                   java.math.BigInteger g)
                            throws java.security.InvalidKeyException
Validates the given DHPublicKey. This method checks if the public key value is within the interval [2,p-1] (see RFC 2631) and the generator is in the interval [2,p-2].

Parameters:
y - the public value y
p - the prime modulus p
g - the base generator g, maybe null if we are on the server side and have to validate the client public value only received in the ClientKeyExchange message
Throws:
java.security.InvalidKeyException - if the DH key is supposed to be a weak key

getDHPrivateKey

protected javax.crypto.interfaces.DHPrivateKey getDHPrivateKey(java.math.BigInteger x,
                                                               java.math.BigInteger p,
                                                               java.math.BigInteger g)
                                                        throws java.lang.Exception
This method returns a DHPrivateKey created from the values: x, p and g. This method only must be implemented if one wants to use Diffie-Hellman cipher suites.

Parameters:
x - the private value x
p - the prime modulus p
g - the base generator g
Returns:
the new created DHPrivateKey
Throws:
java.lang.Exception

getRSAPublicKey

protected java.security.interfaces.RSAPublicKey getRSAPublicKey(java.math.BigInteger modulus,
                                                                java.math.BigInteger publicExponent)
                                                         throws java.lang.Exception
This method returns a RSAPublicKey created from the values: modulus and publicExponent. This method only must be implemented if one wants to use exportable RSA cipher suites.

Parameters:
modulus - the modulus
publicExponent - the public exponent
Returns:
the new created RSAPublicKey
Throws:
java.lang.Exception

getX509Certificate

protected java.security.cert.X509Certificate getX509Certificate(byte[] array)
                                                         throws java.lang.Exception
This method returns a X509Certificate created from a DER encoded byte array.

Parameters:
array - a X509Certificate as DER encoded byte array
Returns:
the created X509Certificate
Throws:
java.lang.Exception

getX509Certificate

public java.security.cert.X509Certificate getX509Certificate(java.io.InputStream is)
                                                      throws java.lang.Exception
This method parses a DER encoded X509Certificate from an input stream.

Parameters:
is - the stream from which to read the certifictae
Returns:
the created X509Certificate
Throws:
java.lang.Exception

getX509Certificates

public java.security.cert.X509Certificate[] getX509Certificates(byte[] pkiPath)
                                                         throws java.lang.Exception
This method creates a X.509 certificate array from a DER encoded PKI path as used by the TLS extension client_certificate_ URL (RFC 4366). A PKI path is defined as ASN.1 sequence of certificates:
 PkiPath ::= SEQUENCE OF Certificate
 
Note that the certificates in a PKI path are ordered in a way that the client certificate is located at index [n-1]. However TLS expects certificates in reverse order (client certificate at index 0). For that reason this method may have to reverse the order of the certificates parsed from the PKI path.

AttentionThis method uses a CertificateFactory for parsing the PKI path. For that reason this method only will return a reasonable result if the CertficateFactory is able to parse a PKI path.

Parameters:
pkiPath - the DER encoded PKI path holding a SEQUENCE of certificates
Returns:
an array holding the certificates parsed from the PKI path; the array has to be ordered according subject-issuer relationship and has to contain the client certificate at index 0
Throws:
java.lang.Exception - if the certificates cannot be parsed from the PKI path

createPkiPath

public byte[] createPkiPath(java.security.cert.X509Certificate[] certificates)
                     throws java.lang.Exception
Creates a DER encoded PKI path from the given (client) certificate chain.
A PKI path is defined as ASN.1 sequence of certificates:
 PkiPath ::= SEQUENCE OF Certificate
 
Note that the certificates in a PKI path are ordered in a way that the client certificate is located at index (n-1). However, TLS uses certificates in reverse order (client certificate at index 0). Thus, before creating the pki path, this method first may have to order the certificates in a way that the client certificate is located at index [n-1].

Attention! This method returns null in any case since PKI path encoding cannot be implemented in a provider independent way.

Parameters:
certificates - the (client) certificate chain from which to create the pki path
Returns:
the DER encoded pki path containing the client certificate at index [n-1]; this implementation returns null in any case
Throws:
java.lang.Exception - if the PKI path cannot be created

checkExtendedKeyUsage

public boolean checkExtendedKeyUsage(java.security.cert.X509Certificate cert,
                                     boolean clientAuth)
                              throws java.security.cert.CertificateException
Checks if the ExtendedKeyUsage of the given client/server certificate enables the certificate for client/server authentication.
This method returns true in any case because the general JCA X509Certificate class does not support ExtendedKeyUsage checks. The IaikProvider implements this method for the IAIK-JCE crypto provider. You may override this method if you want to use another JCA provider.

Parameters:
cert - the certificate to be checked
clientAuth - true if the certificate shall be used for client authentication, false if it shall be used for server authentication
Returns:
true in any case because the general JCA X509Certificate class does not support ExtendedKeyUsage checks
Throws:
java.security.cert.CertificateException - if an error occurs when parsing the ExtendedKeyUsage extension

loadKeyStore

public java.security.KeyStore loadKeyStore(java.lang.String keyStoreFile,
                                           char[] keyStorePassword,
                                           java.lang.String keyStoreType,
                                           java.lang.String keyStoreProvider)
                                    throws java.lang.Exception
Loads a KeyStore from the given file protected with the given password.

Parameters:
keyStoreFile - the name of the KeyStore file
keyStorePassword - the KeyStore password
keyStoreType - the KeyStore type
keyStoreProvider - the KeyStore provider
Returns:
the KeyStore just loaded
Throws:
java.lang.Exception - if an error occurs when loading the KeyStore

getPrincipal

protected java.security.Principal getPrincipal(byte[] array)
                                        throws java.lang.Exception
This method returns a Principal created from a DER encoded byte array. A Principal represents an ASN.1 Distinguished Name (DN) as used as subject of issuer of an X.509 certificate. This method is the opposite of getEncodedPrincipal).

Parameters:
array - a Distinguished Name (Principal) as DER encoded byte array
Returns:
the created Name (Principal)
Throws:
java.lang.Exception

getEncodedPrincipal

protected byte[] getEncodedPrincipal(java.security.Principal principal)
This method returns a DER encoded Name (Principal). A Principal represents an ASN.1 Distinguished Name (DN) as used as subject of issuer of an X.509 certificate. This method is the opposite of getPrincipal).

Parameters:
principal - the Distinguished Name (Principal) to encode
Returns:
the Name (Principal) as DER encoded byte array

getMessageDigest

protected java.security.MessageDigest getMessageDigest(java.lang.String algorithm)
                                                throws java.lang.Exception
This method returns the desired MessageDigest object. iSaSiLk makes use of the following algorithms:

Parameters:
algorithm - the name of the algorithm
Throws:
java.lang.Exception

getMac

protected javax.crypto.Mac getMac(java.lang.String algorithm,
                                  java.security.Key key)
                           throws java.lang.Exception
This method returns the desired HMAC object. These are required for TLS. If your provider is never to be used with TLS you can return null here (not recommended though). iSaSiLk makes use of the following algorithms:

Parameters:
algorithm - the name of the algorithm
Throws:
java.lang.Exception

getSignature

protected java.security.Signature getSignature(java.lang.String algorithm,
                                               int mode,
                                               java.security.Key key,
                                               java.security.SecureRandom random)
                                        throws java.lang.Exception
This method returns the desired Signature object. iSaSiLk makes use of the following algorithms: If the mode parameter is SIGNATURE_SIGN or SIGNATURE_VERIFY the signature object is to be initialized with the provided key in the respective mode.

Throws:
java.lang.Exception

getCipher

protected javax.crypto.Cipher getCipher(java.lang.String algorithm,
                                        int mode,
                                        java.security.Key key,
                                        java.security.spec.AlgorithmParameterSpec param,
                                        java.security.SecureRandom random)
                                 throws java.lang.Exception
This method returns the desired Cipher object. iSaSiLk makes use of the following algorithms:

The symmetric ciphers shall explain themselves.

RSA/ECB/PKCS1Padding means RSA en/decryption with padding as defined in PKCS#1 1.5 where the padding block type is automatically selected based on the type of key used (block type 1 for signature operations, block type 2 for encryption operations). This cipher will be always used the same way (other methods need not to be implemented!):

 Cipher rsa = provider.getCipher("RSA/ECB/PKCS1Padding/...", ...);
 crypted = rsa.doFinal(plain);
 
If the mode parameter is CIPHER_ENCRYPT or CIPHER_DECRYPT the cipher object is to be initialized with the provided key in the respective mode.

Throws:
java.lang.Exception

aeadEncrypt

protected int aeadEncrypt(javax.crypto.Cipher cipher,
                          javax.crypto.SecretKey key,
                          byte[] in,
                          int inOff,
                          int inLen,
                          byte[] out,
                          int outOff,
                          byte[] aad,
                          byte[] nonce,
                          int macSize,
                          java.security.SecureRandom random)
                   throws java.lang.Exception
Uses the given cipher to AEAD encrypt the given data with the given key.

AEAD (authenticated encryption with additional data) cipher suites have been introduced by TLS 1.2 (RFC 5246). They do not require a separate mac calculation because data integrity is already ensured during AEAD encryption.
AEAD is specified in RFC 5116, AES Galois Counter Mode (GCM) Cipher Suites for TLS are specified in RFC 5288, and Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM) are specified in RFC 5289.

The AEAD (write) Cipher object for this method has been created by a previous call to method getCipher and is used throughout the entire TLS session with some specific peer. However, with any call of this method the Cipher has to be initialized anew with the given key. This has to be done inside the method because the AEAD parameters built from given additional authentication data, nonce and mac size may depend on the JCA provider that is used for encryption. After initializing the Cipher the required update and/or doFinal calls have to be made to encrypt inLen data bytes from the in array and write the encrypted data to the out array, starting at offset outOff. The output data shall consist of the encrypted data and (followed by) the authentication tag: encrypted data || mac.

The default implementation of this method throws an exception since a provider independent AEAD API (parameter classes) was not available before Java 7.

Parameters:
cipher - the AEAD (GCM) Cipher object to be used for encryption
key - the cipher key to be used for intializing the Cipher
inOff - the offset indicating the start of the message data in the in byte array
inLen - the number of bytes to encrypt
out - the array to which to write the encrypted message
outOff - the offset indicating the start position in the out byte array
aad - the additional authentication data (not (!) cloned)
nonce - the nonce (not (!) cloned)
macSize - the size of the mac (authentication tag)
random - the SecureRandom that may be used when random numbers are required
Returns:
the number of bytes that are written to the out byte array
Throws:
java.lang.Exception - if an error occurs during encryption

aeadDecrypt

protected int aeadDecrypt(javax.crypto.Cipher cipher,
                          javax.crypto.SecretKey key,
                          byte[] in,
                          int inOff,
                          int inLen,
                          byte[] out,
                          int outOff,
                          byte[] aad,
                          byte[] nonce,
                          int macSize)
                   throws java.lang.Exception
Uses the given cipher to AEAD decrypt the given encrypted data with the given key.

AEAD (authenticated encryption with additional data) cipher suites have been introduced by TLS 1.2 (RFC 5246). They do not require a separate mac calculation because data integrity is already ensured during AEAD encryption.
AEAD is specified in RFC 5116, AES Galois Counter Mode (GCM) Cipher Suites for TLS are specified in RFC 5288, and Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM) are specified in RFC 5289.

The AEAD (read) Cipher object for this method has been created by a previous call to method getCipher and is used throughout the entire TLS session with some specific peer. However, with any call of this method the Cipher has to be initialized anew with the given key. This has to be done inside the method because the AEAD parameters built from given additional authentication data, nonce and mac size may depend on the JCA provider that is used for decryption. After initializing the Cipher the required update and/or doFinal calls have to be made to decrypt inLen data bytes from the in array and write the decrypted data to the out array, starting at offset outOff. The input data contains the encrypted data and the authentication tag: encrypted data || mac. For that reason an implementation of this method may first parse the authentication tag from the in array (if, e.g., required as parameter for Cipher initialization) or may pass the whole in data as it is to the Cipher update, doFinal calls (and let the Cipher take care from getting the authentication tag), depending on the specific JCA provider implementation.

The default implementation of this method throws an exception since a provider independent AEAD API (parameter classes) was not available before Java 7.

Parameters:
cipher - the AEAD (GCM) Cipher object to be used for encryption
key - the cipher key to be used for intializing the Cipher
inOff - the offset indicating the start of the message data in the in byte array
inLen - the number of bytes to encrypt
out - the array to which to write the encrypted message
outOff - the offset indicating the start position in the out byte array
aad - the additional authentication data (not (!) cloned)
nonce - the nonce (not (!) cloned)
macSize - the size of the mac (authentication tag)
Returns:
the number of bytes that are written to the out byte array
Throws:
java.lang.Exception - if an error occurs during encryption

calculateRawSignature

protected byte[] calculateRawSignature(java.lang.String algorithmName,
                                       byte[] dataToBeSigned,
                                       java.security.PrivateKey key,
                                       java.security.SecureRandom random)
                                throws java.lang.Exception
Calculate the raw signature. The provided data to be signed is the data provided to the underlying encryption scheme; e.g. RSA. Here, the data to be signed is the concatenation of the MD5 and Sha-1 hashes. The library uses this method for all RSA signatures; i.e. authentication of the server and the client. The default For example, an extension of this class may override this method to do client authentication using a smart card.

Parameters:
algorithmName - The algorithm name; e.g. ALG_CIPHER_RSA_SIGN.
dataToBeSigned - This is the data input for the underlying crypto algorithm; e.g. the digest info object or the concatenation of the MD5 and Sha-1 hashes.
key - The signature key.
random - The random source to use, if random data is required.
Returns:
The signature value.
Throws:
java.lang.Exception - If calculating the signature value fails.

verifyRawSignature

protected boolean verifyRawSignature(java.lang.String algorithmName,
                                     byte[] dataToBeSigned,
                                     byte[] signature,
                                     java.security.PublicKey key)
                              throws java.lang.Exception
Verify the provided signature. The provided data to be signed is the data provided to the underlying encryption scheme; e.g. RSA. Here, the data to be signed is the concatenation of the MD5 and Sha-1 hashes. The library uses this method for all RSA signatures; i.e. authentication of the server and the client. For example, an extension of this class may override this method to do client authentication using a smart card or HSM.

Parameters:
algorithmName - The algorithm name; e.g. ALG_CIPHER_RSA_VERIFY.
dataToBeSigned - This is the data input for the underlying crypto algorithm; e.g. the digest info object or the concatenation of the MD5 and Sha-1 hashes.
signature - The signature value to verify.
key - The verification key.
Returns:
True, if the signature value was verified, false otherwise.
Throws:
java.lang.Exception - If verifying the signature value fails.

getKeyPairGenerator

protected java.security.KeyPairGenerator getKeyPairGenerator(java.lang.String algorithm)
                                                      throws java.lang.Exception
Returns a KeyPairGenerator for the requested algorithm.

This method is only called to generate temporary RSA keys of 512 or 1024 bit if those are required for an export cipher and you have not set any in the SSLServerContext.

Throws:
java.lang.Exception

getKeyGenerator

protected javax.crypto.KeyGenerator getKeyGenerator(java.lang.String algorithm)
                                             throws java.lang.Exception
Returns a KeyGenerator for the requested algorithm.

This method is only called by an iSaSiLk server to generate session ticket encryption and mac keys if they have not been explicitly specified for a SessionTicket extension (or have to be renewed within a certain time interval).

Parameters:
algorithm - the key algorithm
Returns:
the KeyGenerator for the requested algorithm
Throws:
java.lang.Exception - if the KeyGenerator instance cannot be created

getAlgorithmParameterGenerator

public java.security.AlgorithmParameterGenerator getAlgorithmParameterGenerator(java.lang.String algorithm)
                                                                         throws java.lang.Exception
Returns an AlgorithmParameterGenerator for the requested algorithm.

This method is only called to generate temporary domestic DH parameters if DH parameter scheduling is enabled.

Parameters:
algorithm - the parameter algorithm
Returns:
the AlgorithmParameterGenerator for the requested algorithm
Throws:
java.lang.Exception - if the AlgorithmParameterGenerator instance cannot be created

getSecureRandom

protected java.security.SecureRandom getSecureRandom()
Returns a new instance of a SecureRandom number generator. This can be the original java.security.SecureRandom or a better generator if available (as when using IAIK JCE).


generateMasterSecret

public byte[] generateMasterSecret(byte[] preMasterSecret,
                                   byte[] clientHelloRandom,
                                   byte[] serverHelloRandom,
                                   int version)
                            throws java.lang.Exception
Deprecated. use method generateMasterSecret(byte[], byte[], byte[], int, String)

Creates the master secret from the pre master secret. This method is called for TLS/SSL versions <= TLS 1.2.

Parameters:
preMasterSecret - the premaster secret
clientHelloRandom - the random from the client hello
serverHelloRandom - the random from the server hello
version - the active protocol version
Throws:
SSLException - if the master secret cannot be generated
java.lang.Exception

generateMasterSecret

public byte[] generateMasterSecret(byte[] preMasterSecret,
                                   byte[] clientHelloRandom,
                                   byte[] serverHelloRandom,
                                   int version,
                                   java.lang.String prfDigestAlg)
                            throws java.lang.Exception
Creates the master secret from the pre master secret.

Parameters:
preMasterSecret - the premaster secret
clientHelloRandom - the random from the client hello
serverHelloRandom - the random from the server hello
version - the active protocol version
prfDigestAlg - the digest algorithm (default: "SHA256") used for TLS 1.2 PRF algorithm
Throws:
SSLException - if the master secret cannot be generated
java.lang.Exception

generateExtendedMasterSecret

public byte[] generateExtendedMasterSecret(byte[] preMasterSecret,
                                           byte[] handshakeHash,
                                           int version,
                                           java.lang.String prfDigestAlg)
                                    throws java.lang.Exception
Creates an extended the master secret according to RFC 7627.

Parameters:
preMasterSecret - the premaster secret
handshakeHash - the hash of the handshake messages up to ClientKeyExchange (inclusive)
version - the active protocol version
prfDigestAlg - the digest algorithm (default: "SHA256") used for TLS 1.2 PRF algorithm
Throws:
SSLException - if the master secret cannot be generated
java.lang.Exception

getTLSServerName

protected java.lang.String[] getTLSServerName(java.security.cert.X509Certificate serverCert)
Returns the TLS server name(s) from the certificate. This method is used by the default ChainVerifier to check if the server name matches the name in the certificate. The default implementation tries to parse the server name from the commonName attribute (cn) -- if included -- of the subjectDN of the certificate, but does not look at the SubjectAltName extension.

Parameters:
serverCert - the cert from which to get the server name(s)
Returns:
null since this operation cannot be supported by the general SecurityProvider implementation

getTLSServerName

public ServerName[] getTLSServerName(int nameType,
                                     java.security.cert.X509Certificate serverCert)
Gets the TLS server name(s) from the given certificate. In contrast to method getTLSServerName(X509Certificate) which returns the server name(s) as String(s), this method return(s) the server name(s) as instances of class ServerName.
The ServerName structure has been introduced by RFC 4366 (TLS Extensions). It maybe sent within a Server Name Indication extension from the client to the server to help the server to select a certificate in accordance with the server name(s) received from the client (see RFC 4366):
   struct {
       NameType name_type;
       select (name_type) {
           case host_name: HostName;
       } name;
   } ServerName;
 
   enum {
       host_name(0), (255)
   } NameType;
 
   opaque HostName<1..2^16-1>;
   
   struct {
       ServerName server_name_list<1..2^16-1>
   } ServerNameList;
 
Each ServerName in the list consists of a type and a name. Currently only one type HostName is defined by RFC 4366. It represents the UTF-8 encoded DNS host name of the server. Other name types may be added in the future.
The iSaSiLk default ServerName implementation generally does not interpret the name type and expects that a name is encoded according to the UTF-8 syntax. If you want to support (or especially interpret) other name types, or if you want to implement full IDNA naming comparison, you may write your own ServerName class and override the corresponding getTLSServerName SecurityProvider methods to use your ServerName implementation.

This method tries to build TLS ServerNames from name information that may be included in a X.509 certificate. It is used by iSaSiLk for mapping server credentials to server names.

Parameters:
nameType - the type of the server name (currently only HostName) is specified
serverCert - the certificate of the server
Returns:
the server name(s) contained in the server certificate; an empty array indicates that no server name was found in the certificate; null signals to the ChainVerifier that this operation is not supported.

getTLSServerName

public ServerName getTLSServerName(int nameType,
                                   byte[] encodedServerName)
Creates a ServerName from the given (UTF-8) encoded server name.
The ServerName structure has been introduced by RFC 4366 (TLS Extensions). It maybe sent within a Server Name Indication extension from the client to the server to help the server to select a certificate in accordance with the server name(s) received from the client (see RFC 4366):
   struct {
       NameType name_type;
       select (name_type) {
           case host_name: HostName;
       } name;
   } ServerName;
 
   enum {
       host_name(0), (255)
   } NameType;
 
   opaque HostName<1..2^16-1>;
   
   struct {
       ServerName server_name_list<1..2^16-1>
   } ServerNameList;
 
Each ServerName in the list consists of a type and a name. Currently only one type HostName) is defined by RFC 4366. It represents the UTF-8 encoded DNS host name of the server. Other name types may be added in the future.
The iSaSiLk default ServerName implementation generally does not interpret the name type and expects that a name is encoded according to the UTF-8 syntax. If you want to support (or especially interpret) other name types and/or encoding formats, or if you want to implement full IDNA naming comparison, you may write your own ServerName class and override the corresponding getTLSServerName SecurityProvider methods to use your ServerName implementation.

The encodedServerName provided to this method does not represent the full TLS encoded server name struct (including name type and name), rather it represents the encoded name component (without the name type) only. Thus for the HostName type, encodedServerName is the UTF-8 encoded server name.

Parameters:
nameType - the type of the server name (currently only HostName) is specified
encodedServerName - the UTF-8 encoded server name
Returns:
the (decoded) ServerName object

getTLSServerName

public ServerName getTLSServerName(int nameType,
                                   java.lang.String name)
                            throws java.lang.Exception
Creates a ServerName from the given server name string.
The ServerName structure has been introduced by RFC 4366 (TLS Extensions). It maybe sent within a Server Name Indication extension from the client to the server to help the server to select a certificate in accordance with the server name(s) received from the client (see RFC 4366):
   struct {
       NameType name_type;
       select (name_type) {
           case host_name: HostName;
       } name;
   } ServerName;
 
   enum {
       host_name(0), (255)
   } NameType;
 
   opaque HostName<1..2^16-1>;
   
   struct {
       ServerName server_name_list<1..2^16-1>
   } ServerNameList;
 
Each ServerName in the list consists of a type and a name. Currently only one type HostName) is defined by RFC 4366. It represents the UTF-8 encoded DNS host name of the server. Other name types may be added in the future.
The iSaSiLk default ServerName implementation supports the HostName type. If you want to support (or especially interpret) other name types and/or encoding formats, or if you want to implement full IDNA naming comparison, you may write your own ServerName class and override the corresponding getTLSServerName SecurityProvider methods to use your ServerName implementation.

Parameters:
nameType - the type of the server name (currently only HostName) is specified
name - the server name as String
Returns:
the ServerName object created from the String name
Throws:
java.lang.Exception - if an error occurs when creating the ServerName

calculateTrustedAuthorityIdentifier

public byte[] calculateTrustedAuthorityIdentifier(int type,
                                                  java.security.cert.X509Certificate certificate)
                                           throws java.lang.Exception
Calculates a TrustedAuthority identifier of the given type from the given certificate.

The identifier type has to be one of the following (see RFC 4366):

  1. pre_agreed: does not provide any identification information about the CA root key
  2. key_sha1_hash: the CA root key is identified by a SHA-1 hash of the public key. For DSA and ECDSA keys the hash is calculated from the subjectPublicKey field, for RSA keys the hash is calculated from the big-endian byte representation of the modulus (without leading 0-bytes) (see RFC 4366).
  3. x509_name: the CA root key is identified by the DER encoded distinguished name of the CA
  4. cert_sha1_hash: the CA root key is identified by the SHA-1 hash of the DER encoded CA certificate

This general SecurityProvider implementation can calculate identifiers of type pre_agreed (for which an empty byte array is returned) and cert_sha1_hash. A key_sha1_hash identifier can only be calculated for a RSA certificate (since ASN.1 parsing routines are required for other key types). An x509_name cannot be calculated because method getEncodedPrincipal cannot be supported by a general SecurityProvider implementation.

Parameters:
type - the identifier type; PRE_AGREED (0), KEY_SHA1_HASH (1), KEY_X509_NAME (2), or CERT_SHA1_HASH (3)
certificate - the certificate from which to calculate the identifier
Returns:
the identifier, or null if the identifier type is key_sha1_hash and the given certificate is not a RSA certificate or the identifier type is x509_name (which cannot be handled by a general SecurityProvider)
Throws:
java.lang.IllegalArgumentException - if identifierType is invalid (not PRE_AGREED (0), KEY_SHA1_HASH (1), KEY_X509_NAME (2), or CERT_SHA1_HASH (3)), or the given certificate is null
java.lang.Exception - if an error occurs while calculating the identifier

createCertStatusRequest

public byte[] createCertStatusRequest(int statusType)
                               throws java.lang.Exception
Creates a status request to be sent within a status_request extension.
This method is called if the application does not specify a status request when creating a CertificateStatusRequest extension. This may be suitable when, for instance, using ocsp status requests and let iSaSiLk calculate a fresh Nonce extension anytime a status request is sent.

The byte array returned by this method must contain the TLS encoded request field of the CertificateStatusRequest structure (see RFC 4366):

  struct {
    CertificateStatusType status_type;
        select (status_type) {
            case ocsp: OCSPStatusRequest;
        } request;
    } CertificateStatusRequest;

    enum { ocsp(1), (255) } CertificateStatusType;

    struct {
        ResponderID responder_id_list<0..2^16-1>;
        Extensions  request_extensions;
    } OCSPStatusRequest;

    opaque ResponderID<1..2^16-1>;
    opaque Extensions<0..2^16-1>;
 

Currently only one status type, ocsp is specified (see RFC 4366). Since OCSP cannot be handled in a global, provider independent way, this method returns null in any case indicating that creation of status requests is not supported by this general SecurityProvider implementation. You may use the IAIK-JCE based IaikProvider implementation (enabled by default) which supports OCSP cert status request management.

Parameters:
statusType - the status type
Returns:
the TLS encoded status request or null if this certificate status request creation os not supported by the SecurityProvider implementation
Throws:
java.lang.Exception - if an error occurs when creating the status request

encodeURL

public byte[] encodeURL(java.lang.String certificateURL)
                 throws java.lang.Exception
Encodes the given client certificate url. A client certificate url may be sent to the server to indicate from where the server may download the client certificate(s). Client certificate url usage maybe negotiated by means of the client_certificate_url extension. This method simply UTF-8 encodes the given url string.

Parameters:
certificateURL - the client certificate url to be enoded
Returns:
the encoded client certificate url
Throws:
java.lang.Exception - if an exception occurs while encoding the url

decodeURL

public java.lang.String decodeURL(byte[] encodedCertificateURL)
                           throws java.lang.Exception
Decodes an encoded client certificate url. A client certificate url may be sent by the client to indicate the server from where it may download the client certificate(s). Client certificate url usage maybe negotiated by means of the client_certificate_url extension. This method simply UTF-8 decodes the given encoded url.

Parameters:
encodedCertificateURL - the encoded client certificate url to be deoded
Returns:
the client certificate url as String
Throws:
java.lang.Exception - if an exception occurs while encoding the url

deriveKey

public javax.crypto.SecretKey deriveKey(java.lang.String algorithm,
                                        char[] password,
                                        byte[] salt,
                                        int iterationCount,
                                        int keyLen,
                                        java.lang.String keyName,
                                        java.security.SecureRandom random)
                                 throws java.lang.Exception
Uses the specified key derivation function to derive a key from the given password. This method only is used by the DefaultPSKManager to derive a key from a password for pbe protected storing the contents of the psk manager. The default implementation of this method returns null. The IaikProvider implements this method for the IAIK-JCE crypto provider. You may override this method if you want to use your self-designed SecurityProvider. However, note that this method is NOT required for the normal SSL/TLS protocol working, even if PSK cipher suites are used. It is only required if you are using the DefaultPSKManager and want to pbe protected store/ read the contents of the manager.

Parameters:
algorithm - the name of key derivation function to be used (e.g. "PBKDF2")
password - the password to be used
salt - the salt value for the key derivation function
iterationCount - the iteration count value for the key derivation function
keyLen - the length of the key to be derived from the password
keyName - the (algorithm) name of the derived key
random - SecureRandom for providing random numbers if required by the key derivation function in use
Returns:
the derived key; null by this default implementation
Throws:
if - an error occurs when generating the key
java.lang.Exception

getKeyLength

public int getKeyLength(java.security.PublicKey pubKey)
Calculates the length of the given public key.

Parameters:
pubKey - the public key for which to calculate the length
Returns:
the length (in bits) of the public key
Throws:
java.lang.IllegalArgumentException - if the public key algorithm is not supported

getKeyLength

public int getKeyLength(java.security.PrivateKey privKey)
Calculates the length of the given private key.

Parameters:
privKey - the public key for which to calculate the length
Returns:
the length (in bits) of the private key
Throws:
java.lang.IllegalArgumentException - if the private key algorithm is not supported

getKeyLength

public int getKeyLength(java.security.Key key)
Calculates the length of the given key.

Parameters:
key - the key for which to calculate the length
Returns:
the length (in bits) of the key
Throws:
java.lang.IllegalArgumentException - if the key type is not supported

checkKeyLength

public void checkKeyLength(java.security.Key key)
                    throws java.lang.Exception
Checks the length (size) of the given key.

The key is rejected if its size does not match the defined constraints for the for the key algorithm.
The check is independent from the usage of the key (signing, encryption, certificate key,...).
By the default the key is checked if being smaller than the defined minimum size:

An application may override this method to disable the key size check or enforce other key size values.

Currently only asymmetric keys are checked of having a proper size; symmetric keys are not checked because they use can be controlled by cipher suite en/disabling. Also local (private or public) keys are not checked, they may be controlled by other means. Thus iSaSiLk calls this method to check the key size of peer public keys when
- parsing the peer certificate chain (for any certificate of the chain) on client or server side
- parsing a server RSA/DH(E)/ECDH(E) key exchange message on the client side

Parameters:
key - the key to be checked
Throws:
java.lang.Exception

checkCreatedRSAServerKeyExchangeSignature

protected boolean checkCreatedRSAServerKeyExchangeSignature()
Asks whether to check an RSA-CRT key ServerKeyExchange signature immediately after signature creation.
Verification of the RSA signature maybe appropriate as countermeasure against against RSA CRT key leaks (Florian Weimer sept 2015: "Factoring RSA Keys With TLS Perfect Forward Secrecy"). This method returns false in any case since it cannot know if the underlying JCA provider already verifies the RSA signature when created with a CRT key. If you are sure that the underlying JCA provider does not already verify the signature you may override this method to return true

Returns:
false to not verify the RSA server key exchange signature after its creation (believing that the underlying JCA provider already verifies the signature)

continueIfPeerDoesNotSupportSecureRenegotiation

public void continueIfPeerDoesNotSupportSecureRenegotiation(SSLTransport transport,
                                                            boolean renegotiation)
                                                     throws SSLException
Asks whether to continue if the peer does not support secure renegotiation.

This method is called by the library during an (initial or renegotiation) handshake to check if legacy renegotiation is allowed or not when the peer does not support secure renegotiation according to RFC 5746.
By default this method will check the SSLContext configuration and throw an SSLException if legacy renegotiation is not allowed. This means that at the client side an intial handshake with a server that does not send the RenegotiationInfo extension will be aborted immediately with a fatal handshake failure alert. On the server side an initial handshake will also be aborted immediately if the client does not send the RenegotiationInfo extension or SCSV cipher suite value. However, if the server has been configured to use no_renegotiation warnings the initial handshake will be continued and later, if the client tries to renegotiate, this method is called again and (if again) throwing an SSLException a no_renegotiation warning is sent to the client indicating that (legacy) renegotiation is not allowed.

You may override this method if you do not want to use the default behaviour/configuration or, for instance, want to decide on case-by-case basis whether to continue or not. For instance, a client application may pop-up a warning dialag to inform the user that the server did not send the RenegotiationInfo extension (may be only appropriate for expierenced users), or, may maintain a white list with server names for which legacy renegotiation is allowed, e.g.:

 String serverName = transport.getRemotePeerName();
 if ((serverName != null) && (legacyRenegotiationSites_.get(serverName) != null)) {
   transport.debug("Server " + serverName + " did not send RenegotiationInfo extension. Continue anyway.");
 } else {
   throw new SSLException("Server did not send RenegotiationInfo extension.");
 } 
 

Parameters:
transport - the SSLTransport to maybe used for getting information about the remote peer
renegotiation - whether this method is called during an initial or during a renegotiation handshake
Throws:
SSLException - has to be thrown if legacy renegotiation with a peer that does not support secure renegotiation shall not be allowed

encodeECPublicKey

public byte[] encodeECPublicKey(java.security.PublicKey publicKey,
                                SupportedPointFormats supportedPointFormats)
                         throws java.lang.Exception
Encodes the given EC PublicKey according to the Point-To-Octet-String conversion of ANSI X9.62 (1998), section 4.3.6.

The default implementation of this method throws an Exception indicating that encoding of EC public keys is not supported JDK- and provider independently. Use the IAIK ECCelerateTM elliptic curve library with its iaik.security.ssl.ECCelerateProvider if you want to support ECC cipher suites.

Parameters:
publicKey - the public EC key to be encoded
supportedPointFormats - the supported point formats of the peer; or null if the peer did not send a SupportedPointFormats extension (in this case the uncompressed format has to be used)
Returns:
the encoded EC key
Throws:
java.lang.Exception - if an error occurs when encoding the key

decodeECPublicKey

public java.security.PublicKey decodeECPublicKey(byte[] ecPoint,
                                                 SupportedEllipticCurves.NamedCurve curve,
                                                 SupportedPointFormats supportedPointFormats,
                                                 SupportedEllipticCurves supportedEllipticCurves)
                                          throws java.lang.Exception
Decodes the given encoded EC PublicKey according to the Octet-String-to-Point conversion of ANSI X9.62 (1998), section 4.3.7.

This method is called on the client side to decode the public server key contained in an ECDH ServerKeyExchange message received from the server.

The default implementation of this method throws an Exception indicating that decoding of EC public keys is not supported JDK- and provider independently. Use the IAIK ECCelerateTM elliptic curve library with its iaik.security.ssl.ECCelerateProvider if you want to support ECC cipher suites.

Parameters:
ecPoint - the (client) public key ECPoint, encoded according to ANSI X9.62 (1998), section 4.3.6
curve - the curve of the key
supportedPointFormats - the supported point formats sent to the server within the SupportedPointFormats extension; if not null check if the received key corresponds with the supported point formats
supportedEllipticCurves - the supported elliptic curves sent to the server within the SupportedEllipticCurves extension; if not null check if the received curve corresponds with the supported curve list
Returns:
the decoded public EC key
Throws:
java.lang.Exception - if an error occurs when decoding the key

decodeECPublicKey

public java.security.PublicKey decodeECPublicKey(byte[] ecPoint,
                                                 java.security.PrivateKey privateKey,
                                                 SupportedPointFormats supportedPointFormats)
                                          throws java.lang.Exception
Decodes the given encoded EC PublicKey according to the Octet-String-to-Point conversion of ANSI X9.62 (1998), section 4.3.7.

This method is called on the server side to decode the public client key contained in an ECDH ClientKeyExchange message received from the client.

The default implementation of this method throws an Exception indicating that decoding of EC public keys is not supported JDK- and provider independently. Use the IAIK ECCelerateTM elliptic curve library with its iaik.security.ssl.ECCelerateProvider if you want to support ECC cipher suites.

Parameters:
ecPoint - the (client) public key ECPoint, encoded according to ANSI X9.62 (1998), section 4.3.6
privateKey - the private (server) key containing the required domain parameters
supportedPointFormats - the SupportedPointFormats extension sent to the client; if not null check if the received key corresponds with the supported point formats
Returns:
the decoded public EC key
Throws:
java.lang.Exception - if an error occurs when decoding the key

getCurve

public SupportedEllipticCurves.NamedCurve getCurve(java.security.PublicKey ecPublicKey)
Gets the NamedCurve belonging to the given public EC key.

The default implementation of this method returns null since curve retrievel is not supported JDK- and provider independently. Use the IAIK ECCelerateTM elliptic curve library with its iaik.security.ssl.ECCelerateProvider if you want to support ECC cipher suites.

Parameters:
ecPublicKey - the public EC key for which to get the NamedCurve
Returns:
the NamedCurve of the public EC key; null by default since not supported JDK- and provider independently

getCurveName

public java.lang.String getCurveName(java.security.PublicKey ecPublicKey)
Gets the curve name belonging to the given public EC key.

The default implementation of this method returns null since curve retrievel is not supported JDK- and provider independently. Use the IAIK ECCelerateTM elliptic curve library with its iaik.security.ssl.ECCelerateProvider if you want to support ECC cipher suites.

Parameters:
ecPublicKey - the public EC key for which to get the NamedCurve
Returns:
the curve name of the public EC key; null by default since not supported JDK- and provider independently

getECPointFormat

public SupportedPointFormats.ECPointFormat getECPointFormat(java.security.PublicKey ecPublicKey)
Gets the ECPointFormat (uncompressed, compressed prime, compressed char2) of the given public EC key.

The default implementation of this method returns null since EC point format checking is not supported JDK- and provider independently. Use the IAIK ECCelerateTM elliptic curve library with its iaik.security.ssl.ECCelerateProvider if you want to support ECC cipher suites.

Parameters:
ecPublicKey - the public EC key for which to get the EC point format
Returns:
the ECPointFormat of the public EC key; null by default since not supported JDK- and provider independently

generateECKeyPair

public java.security.KeyPair generateECKeyPair(SupportedEllipticCurves supportedEllipticCurves,
                                               SupportedPointFormats supportedPointFormats)
                                        throws java.lang.Exception
Generates a EC key pair according to the given list of supported curves.

The default implementation of this method throws an Exception indicating that EC key pair generation is not supported JDK- and provider independently. Use the IAIK ECCelerateTM elliptic curve library with its iaik.security.ssl.ECCelerateProvider if you want to support ECC cipher suites.

Parameters:
supportedEllipticCurves - the supported elliptic curves, maybe null if the client has not sent a SupportedEllipticCurves extension
supportedPointFormats - the supported point formats; if not null maybe used to check if the peer may prefer a char2 curve (if no SupportedEllipticCurves extension has been sent)
Returns:
the new EC KeyPair
Throws:
java.lang.Exception - if an error occurs when generating the EC KeyPair

generateECKeyPair

public java.security.KeyPair generateECKeyPair(java.security.PublicKey serverKey)
                                        throws java.lang.Exception
Generates a key pair with same domain parameters as the given public key for the given key agreement method.

The default implementation of this method throws an Exception indicating that EC key pair generation is not supported JDK- and provider independently. Use the IAIK ECCelerateTM elliptic curve library with its iaik.security.ssl.ECCelerateProvider if you want to support ECC cipher suites.

Parameters:
serverKey - the public key of the server
Returns:
the client key pair with domain parameters matching to those of the supplied server key
Throws:
java.lang.Exception - if an error occurs when creating the key pair

createSharedECDHSecret

public byte[] createSharedECDHSecret(java.security.PrivateKey privateKey,
                                     java.security.PublicKey publicKey)
                              throws java.lang.Exception
Creates a ECDH shared secret based on the given private and public ECDH keys.

Parameters:
privateKey - the private key of the local party (client / server)
publicKey - the public key of the other party (server / client)
Returns:
the shared secret
Throws:
if - an error occurs when calculating the shared secret
java.lang.Exception

getKeyAgreement

public javax.crypto.KeyAgreement getKeyAgreement(java.lang.String algorithm,
                                                 int mode,
                                                 java.security.Key key,
                                                 java.security.spec.AlgorithmParameterSpec params,
                                                 java.security.SecureRandom random)
                                          throws java.lang.Exception
Gets a KeyAgreement object for the given algorithm. iSaSiLk uses a KeyAgreement engine for ECDH based cipher suites.

If the mode parameter is KEYAGREEMENT_INIT the KeyAgreement object is to be initialized with the provided key, parameters (if not null) and random number generator (if not null).

Parameters:
algorithm - the name of the KeyAgreement algorithm (e.g. "ECDH")
mode - the mode deciding whether to initialize (KEYAGREEMENT_INIT) the KeyAgreement or not (KEYAGREEMENT_NONE)
key - the key with which to -- if requested -- init the KeyAgreement object (if not null)
params - the parameters with which to (-- if requested -- init the KeyAgreement object (if not null)
random - the random generator with which to -- if requested -- init the KeyAgreement object (if not null)
Returns:
the KeyAgreement instance
Throws:
java.lang.Exception - if no KeyAgreement instance for the required algorithm is available or initialization of the KeyAgreement object fails

isBinary

public boolean isBinary(java.security.PublicKey ecPublicKey)
                 throws java.lang.Exception
Checks if the curve of the given EC Public Key is binary or prime. The default implementation of this method throws an Exception in any case since it is not possible to determine the underlying field JDK- and provider independently. Use the IAIK ECCelerateTM elliptic curve library with its iaik.security.ssl.ECCelerateProvider if you want to support ECC cipher suites.

Parameters:
ecPublicKey - the EC public key
Throws:
java.lang.Exception - if the key does not represent an EC key or it cannot be determined if the underlying field is prime or binary

checkIfOnSameCurve

public boolean checkIfOnSameCurve(java.security.PublicKey ecdhServerPublicKey,
                                  java.security.PublicKey ecdhClientPublicKey)
Checks if the given public server and client key are on the same elliptic curve. Required for client authentication schemes ECDSA_fixed_ECDH and RSA_fixed_ECDH.

The default implementation of this method returns false in any case since it is not possible to check the curve JDK- and provider independently. Use the IAIK ECCelerateTM elliptic curve library with its iaik.security.ssl.ECCelerateProvider if you want to support ECC cipher suites.

Parameters:
ecdhServerPublicKey - the ECDH public key of the server
ecdhClientPublicKey - the ECDH public key of the client
Returns:
true if the two keys are on the same curve, false if not. By default this method returns true in any case since ECC curve check is not supported JDK- and provider independently.

isPointFormatSupported

public boolean isPointFormatSupported(SupportedPointFormats.ECPointFormat pointFormat)
Checks if the given ECPointFormat is supported by this SecurityProvider.

Parameters:
pointFormat - the ECPointFormat to be checked
Returns:
true if the given ECPointFormat is supported, false if it is not supported. By default this method returns false in any case since EC point format check is not supported JDK- and provider independently.

isNamedCurveSupported

public boolean isNamedCurveSupported(SupportedEllipticCurves.NamedCurve curve)
Checks if the given NamedCurve is supported by this SecurityProvider.

Parameters:
curve - the NamedCurve to be checked
Returns:
true if the given NamedCurve is supported, false if it is not supported. By default this method returns false in any case since EC curve check is not supported JDK- and provider independently.

checkKeyEllipticCurve

public boolean checkKeyEllipticCurve(java.security.PublicKey publicKey,
                                     SupportedEllipticCurves supportedEllipticCurves)
Checks if the given public key complies with the given SupportedEllipticCurves extension.
This method is used to check if the server uses an EC key that complies with the curves contained in the SupportedEllipticCurves extension that has been sent to the server.
By default this method returns false (since EC curve check is not supported JDK- and provider independently), except when the client did not sent a SupportedEllipticCurves extension (in this case true is returned by default since any EC key is accepted).

Parameters:
publicKey - the public key used by the server
supportedEllipticCurves - the SupportedEllipticCurves extension sent by the client; maybe null if the client has not sent a SupportedEllipticCurves extension
Returns:
true if the public key complies with the SupportedEllipticCurves extension, false if it is does not comply with it. By default this method returns false (since EC curve check is not supported JDK- and provider independently), except when the client did not sent a SupportedEllipticCurves extension (in this case true is returned by default since any EC key is accepted).

checkKeyECPointFormat

public boolean checkKeyECPointFormat(java.security.PublicKey publicKey,
                                     SupportedPointFormats supportedPointFormats)
Checks if the given public key complies with the given SupportedPointFormats extension.
This method is used to check if the peer uses an EC key that complies with the point formats contained in the SupportedPointFormats extension that has been sent to the peer within the Hello message.
By default this method returns false (since EC point format check is not supported JDK- and provider independently).

Parameters:
publicKey - the public key used by the server
supportedPointFormats - the SupportedPointFormats extension sent within the Hello message; maybe null if no SupportedPointFormats extension has been sent to the peer (in this case the uncompressed format has to be used!)
Returns:
true if the public key complies with the SupportedPointFormats extension, false if it is does not comply with it. By default this method returns false (since EC point format is not supported JDK- and provider independently)

getDefaultCurve

public SupportedEllipticCurves.NamedCurve getDefaultCurve(boolean binary)
Gets the preferred default curve to be used by the server if no SupportedEllipticCurves extension has been sent by the client.

Parameters:
binary - whether to get the preferred default binary or prime curve
Returns:
the preferred default curve, SECT283K1 (if binary), SECP256R1 (if binary),

This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note).

iSaSiLk 5.104, (c) 2002 IAIK, (c) 2003 - 2015 SIC