Home | History | Annotate | Download | only in crypto
      1 /*
      2  * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
      3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
      4  *
      5  * This code is free software; you can redistribute it and/or modify it
      6  * under the terms of the GNU General Public License version 2 only, as
      7  * published by the Free Software Foundation.  Oracle designates this
      8  * particular file as subject to the "Classpath" exception as provided
      9  * by Oracle in the LICENSE file that accompanied this code.
     10  *
     11  * This code is distributed in the hope that it will be useful, but WITHOUT
     12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
     13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
     14  * version 2 for more details (a copy is included in the LICENSE file that
     15  * accompanied this code).
     16  *
     17  * You should have received a copy of the GNU General Public License version
     18  * 2 along with this work; if not, write to the Free Software Foundation,
     19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
     20  *
     21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
     22  * or visit www.oracle.com if you need additional information or have any
     23  * questions.
     24  */
     25 
     26 package javax.crypto;
     27 
     28 import java.security.*;
     29 import java.security.spec.*;
     30 
     31 /**
     32  * This class defines the <i>Service Provider Interface</i> (<b>SPI</b>)
     33  * for the <code>KeyAgreement</code> class.
     34  * All the abstract methods in this class must be implemented by each
     35  * cryptographic service provider who wishes to supply the implementation
     36  * of a particular key agreement algorithm.
     37  *
     38  * <p> The keys involved in establishing a shared secret are created by one
     39  * of the
     40  * key generators (<code>KeyPairGenerator</code> or
     41  * <code>KeyGenerator</code>), a <code>KeyFactory</code>, or as a result from
     42  * an intermediate phase of the key agreement protocol
     43  * ({@link #engineDoPhase(java.security.Key, boolean) engineDoPhase}).
     44  *
     45  * <p> For each of the correspondents in the key exchange,
     46  * <code>engineDoPhase</code>
     47  * needs to be called. For example, if the key exchange is with one other
     48  * party, <code>engineDoPhase</code> needs to be called once, with the
     49  * <code>lastPhase</code> flag set to <code>true</code>.
     50  * If the key exchange is
     51  * with two other parties, <code>engineDoPhase</code> needs to be called twice,
     52  * the first time setting the <code>lastPhase</code> flag to
     53  * <code>false</code>, and the second time setting it to <code>true</code>.
     54  * There may be any number of parties involved in a key exchange.
     55  *
     56  * @author Jan Luehe
     57  *
     58  * @see KeyGenerator
     59  * @see SecretKey
     60  * @since 1.4
     61  */
     62 
     63 public abstract class KeyAgreementSpi {
     64 
     65     /**
     66      * Initializes this key agreement with the given key and source of
     67      * randomness. The given key is required to contain all the algorithm
     68      * parameters required for this key agreement.
     69      *
     70      * <p> If the key agreement algorithm requires random bytes, it gets them
     71      * from the given source of randomness, <code>random</code>.
     72      * However, if the underlying
     73      * algorithm implementation does not require any random bytes,
     74      * <code>random</code> is ignored.
     75      *
     76      * @param key the party's private information. For example, in the case
     77      * of the Diffie-Hellman key agreement, this would be the party's own
     78      * Diffie-Hellman private key.
     79      * @param random the source of randomness
     80      *
     81      * @exception InvalidKeyException if the given key is
     82      * inappropriate for this key agreement, e.g., is of the wrong type or
     83      * has an incompatible algorithm type.
     84      */
     85     protected abstract void engineInit(Key key, SecureRandom random)
     86         throws InvalidKeyException;
     87 
     88     /**
     89      * Initializes this key agreement with the given key, set of
     90      * algorithm parameters, and source of randomness.
     91      *
     92      * @param key the party's private information. For example, in the case
     93      * of the Diffie-Hellman key agreement, this would be the party's own
     94      * Diffie-Hellman private key.
     95      * @param params the key agreement parameters
     96      * @param random the source of randomness
     97      *
     98      * @exception InvalidKeyException if the given key is
     99      * inappropriate for this key agreement, e.g., is of the wrong type or
    100      * has an incompatible algorithm type.
    101      * @exception InvalidAlgorithmParameterException if the given parameters
    102      * are inappropriate for this key agreement.
    103      */
    104     protected abstract void engineInit(Key key, AlgorithmParameterSpec params,
    105                                        SecureRandom random)
    106         throws InvalidKeyException, InvalidAlgorithmParameterException;
    107 
    108     /**
    109      * Executes the next phase of this key agreement with the given
    110      * key that was received from one of the other parties involved in this key
    111      * agreement.
    112      *
    113      * @param key the key for this phase. For example, in the case of
    114      * Diffie-Hellman between 2 parties, this would be the other party's
    115      * Diffie-Hellman public key.
    116      * @param lastPhase flag which indicates whether or not this is the last
    117      * phase of this key agreement.
    118      *
    119      * @return the (intermediate) key resulting from this phase, or null if
    120      * this phase does not yield a key
    121      *
    122      * @exception InvalidKeyException if the given key is inappropriate for
    123      * this phase.
    124      * @exception IllegalStateException if this key agreement has not been
    125      * initialized.
    126      */
    127     protected abstract Key engineDoPhase(Key key, boolean lastPhase)
    128         throws InvalidKeyException, IllegalStateException;
    129 
    130     /**
    131      * Generates the shared secret and returns it in a new buffer.
    132      *
    133      * <p>This method resets this <code>KeyAgreementSpi</code> object,
    134      * so that it
    135      * can be reused for further key agreements. Unless this key agreement is
    136      * reinitialized with one of the <code>engineInit</code> methods, the same
    137      * private information and algorithm parameters will be used for
    138      * subsequent key agreements.
    139      *
    140      * @return the new buffer with the shared secret
    141      *
    142      * @exception IllegalStateException if this key agreement has not been
    143      * completed yet
    144      */
    145     protected abstract byte[] engineGenerateSecret()
    146         throws IllegalStateException;
    147 
    148     /**
    149      * Generates the shared secret, and places it into the buffer
    150      * <code>sharedSecret</code>, beginning at <code>offset</code> inclusive.
    151      *
    152      * <p>If the <code>sharedSecret</code> buffer is too small to hold the
    153      * result, a <code>ShortBufferException</code> is thrown.
    154      * In this case, this call should be repeated with a larger output buffer.
    155      *
    156      * <p>This method resets this <code>KeyAgreementSpi</code> object,
    157      * so that it
    158      * can be reused for further key agreements. Unless this key agreement is
    159      * reinitialized with one of the <code>engineInit</code> methods, the same
    160      * private information and algorithm parameters will be used for
    161      * subsequent key agreements.
    162      *
    163      * @param sharedSecret the buffer for the shared secret
    164      * @param offset the offset in <code>sharedSecret</code> where the
    165      * shared secret will be stored
    166      *
    167      * @return the number of bytes placed into <code>sharedSecret</code>
    168      *
    169      * @exception IllegalStateException if this key agreement has not been
    170      * completed yet
    171      * @exception ShortBufferException if the given output buffer is too small
    172      * to hold the secret
    173      */
    174     protected abstract int engineGenerateSecret(byte[] sharedSecret,
    175                                                 int offset)
    176         throws IllegalStateException, ShortBufferException;
    177 
    178     /**
    179      * Creates the shared secret and returns it as a secret key object
    180      * of the requested algorithm type.
    181      *
    182      * <p>This method resets this <code>KeyAgreementSpi</code> object,
    183      * so that it
    184      * can be reused for further key agreements. Unless this key agreement is
    185      * reinitialized with one of the <code>engineInit</code> methods, the same
    186      * private information and algorithm parameters will be used for
    187      * subsequent key agreements.
    188      *
    189      * @param algorithm the requested secret key algorithm
    190      *
    191      * @return the shared secret key
    192      *
    193      * @exception IllegalStateException if this key agreement has not been
    194      * completed yet
    195      * @exception NoSuchAlgorithmException if the requested secret key
    196      * algorithm is not available
    197      * @exception InvalidKeyException if the shared secret key material cannot
    198      * be used to generate a secret key of the requested algorithm type (e.g.,
    199      * the key material is too short)
    200      */
    201     protected abstract SecretKey engineGenerateSecret(String algorithm)
    202         throws IllegalStateException, NoSuchAlgorithmException,
    203             InvalidKeyException;
    204 }
    205