Module ibm.crypto.hdwrcca
Package com.ibm.crypto.hdwrCCA.provider

Class ECDHKeyAgreement

java.lang.Object
javax.crypto.KeyAgreementSpi
com.ibm.crypto.hdwrCCA.provider.ECDHKeyAgreement
public final class ECDHKeyAgreement extends KeyAgreementSpi
This class is a concrete implementation of the Service Provider Interface (SPI) for key agreement using the Elliptic Curve Diffie-Hellman key agreement algorithm.

  • Constructor Summary

    Constructors
    Constructor
    Description
    ECDHKeyAgreement()
    Constructor

  • Method Summary

    Modifier and Type
    Method
    Description
    protected Key
    engineDoPhase(Key key, boolean lastPhase)
    Executes the next phase of this Elliptic Curve Diffie-Hellman key agreement with the given key that was received from one of the other parties involved in this key agreement.
    protected byte[]
    engineGenerateSecret()
    Generates the shared secret and returns it in a new buffer.
    protected int
    engineGenerateSecret(byte[] sharedSecret, int offset)
    Generates the shared secret, and places it into the buffer sharedSecret, beginning at offset.
    protected SecretKey
    engineGenerateSecret(String algorithm)
    Creates and derives the shared secret and returns it as a secret key object of the requested algorithm type.
    protected void
    engineInit(Key key, SecureRandom random)
    Initializes this Elliptic Curve Diffie-Hellman key agreement with the given key and source of randomness.
    protected void
    engineInit(Key key, AlgorithmParameterSpec params, SecureRandom random)
    Initializes this Elliptic Curve Diffie-Hellman key agreement with the given key, set of algorithm parameters, and source of randomness.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • ECDHKeyAgreement

      public ECDHKeyAgreement()
      Constructor

  • Method Details

    • engineInit

      protected void engineInit(Key key, AlgorithmParameterSpec params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException
      Initializes this Elliptic Curve Diffie-Hellman key agreement with the given key, set of algorithm parameters, and source of randomness.
      Specified by:
      engineInit in class KeyAgreementSpi
      Parameters:
      key - the party's private information, this would be the party's own Elliptic Curve private key
      params - the algorithm parameters for the Elliptic Curve Diffie-Hellman key agreement operation
      random - the source of randomness, this is ignored
      Throws:
      InvalidKeyException - if the given key is inappropriate for this key agreement
      InvalidAlgorithmParameterException - if the given parameters are inappropriate for this key agreement

    • engineInit

      protected void engineInit(Key key, SecureRandom random) throws InvalidKeyException
      Initializes this Elliptic Curve Diffie-Hellman key agreement with the given key and source of randomness. The given key is required to contain all the algorithm parameters required for this key agreement.
      Specified by:
      engineInit in class KeyAgreementSpi
      Parameters:
      key - the party's private information, this would be the party's own Elliptic Curve private key
      random - the source of randomness, this is ignored
      Throws:
      InvalidKeyException - if the given key is inappropriate for this key agreement

    • engineDoPhase

      protected Key engineDoPhase(Key key, boolean lastPhase) throws InvalidKeyException, IllegalStateException
      Executes the next phase of this Elliptic Curve Diffie-Hellman key agreement with the given key that was received from one of the other parties involved in this key agreement.
      Specified by:
      engineDoPhase in class KeyAgreementSpi
      Parameters:
      key - the other party's Elliptic Curve public key in a two party key agreement
      lastPhase - flag which indicates whether or not this is the last phase of this key agreement. This must be true for a two party key agreement
      Returns:
      the null value, because this phase does not yield a key
      Throws:
      InvalidKeyException - if the given key is inappropriate for this phase
      IllegalStateException - if this key agreement has not been initialized

    • engineGenerateSecret

      protected byte[] engineGenerateSecret() throws IllegalStateException
      Generates the shared secret and returns it in a new buffer. This method resets this key agreement object, so that it can be reused for further key agreements. Unless this key agreement is re-initialized, the same private information and algorithm parameters will be used for subsequent key agreements.
      Specified by:
      engineGenerateSecret in class KeyAgreementSpi
      Returns:
      the new buffer with the shared secret
      Throws:
      IllegalStateException - if this key agreement has not been completed yet

    • engineGenerateSecret

      protected int engineGenerateSecret(byte[] sharedSecret, int offset) throws IllegalStateException, ShortBufferException
      Generates the shared secret, and places it into the buffer sharedSecret, beginning at offset.

      If the sharedSecret buffer is too small to hold the result, a ShortBufferException will be thrown. In this case, this call should be repeated with a larger output buffer. This method resets this key agreement object, so that it can be reused for further key agreements. Unless this key agreement is re-initialized, the same private information and algorithm parameters will be used for subsequent key agreements.

      Specified by:
      engineGenerateSecret in class KeyAgreementSpi
      Parameters:
      sharedSecret - the buffer for the shared secret
      offset - the offset in sharedSecret where the shared secret will be stored
      Returns:
      the number of bytes placed into sharedSecret
      Throws:
      IllegalStateException - if this key agreement has not been completed yet
      NullPointerException - if the supplied shared secret buffer is null
      IndexOutOfBoundsException - if the offset value is not appropriate for the shared secret buffer
      ShortBufferException - if the given output buffer is too small to hold the secret

    • engineGenerateSecret

      protected SecretKey engineGenerateSecret(String algorithm) throws IllegalStateException, NoSuchAlgorithmException, InvalidKeyException
      Creates and derives the shared secret and returns it as a secret key object of the requested algorithm type.

      Supported key algorithms are DES, Triple-DES, AES, and TlsPremasterSecret. Secret keys are derived as SymmetricKeyConstants.KeyType.SECURE_INTERNAL_TOKEN keys by default, with the exception of TlsPremasterSecret, which bypasses key derivation and is returned only as a clear shared secret.

      Triple length Triple-DES keys are not supported for key derivation.

      This method resets this key agreement object, so that it can be reused for further key agreements. Unless this key agreement is re-initialized, the same private information and algorithm parameters will be used for subsequent key agreements.

      Specified by:
      engineGenerateSecret in class KeyAgreementSpi
      Parameters:
      algorithm - the requested secret key algorithm
      Returns:
      the shared secret key
      Throws:
      NullPointerException - if the supplied algorithm is null
      IllegalStateException - if this key agreement has not been completed yet
      NoSuchAlgorithmException - if the requested secret key algorithm is not available
      InvalidKeyException - if the shared secret key material cannot be used to generate a secret key of the requested algorithm type or if the NoCvKEK option has been requested but the requested algorithm is not DESede, 3DES, or TripleDES.