Path: blob/master/src/java.base/share/classes/javax/crypto/KeyAgreementSpi.java
41152 views
/*1* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package javax.crypto;2627import java.security.*;28import java.security.spec.*;2930/**31* This class defines the <i>Service Provider Interface</i> (<b>SPI</b>)32* for the <code>KeyAgreement</code> class.33* All the abstract methods in this class must be implemented by each34* cryptographic service provider who wishes to supply the implementation35* of a particular key agreement algorithm.36*37* <p> The keys involved in establishing a shared secret are created by one38* of the39* key generators (<code>KeyPairGenerator</code> or40* <code>KeyGenerator</code>), a <code>KeyFactory</code>, or as a result from41* an intermediate phase of the key agreement protocol42* ({@link #engineDoPhase(java.security.Key, boolean) engineDoPhase}).43*44* <p> For each of the correspondents in the key exchange,45* <code>engineDoPhase</code>46* needs to be called. For example, if the key exchange is with one other47* party, <code>engineDoPhase</code> needs to be called once, with the48* <code>lastPhase</code> flag set to <code>true</code>.49* If the key exchange is50* with two other parties, <code>engineDoPhase</code> needs to be called twice,51* the first time setting the <code>lastPhase</code> flag to52* <code>false</code>, and the second time setting it to <code>true</code>.53* There may be any number of parties involved in a key exchange.54*55* @author Jan Luehe56*57* @see KeyGenerator58* @see SecretKey59* @since 1.460*/6162public abstract class KeyAgreementSpi {6364/**65* Constructor for subclasses to call.66*/67public KeyAgreementSpi() {}6869/**70* Initializes this key agreement with the given key and source of71* randomness. The given key is required to contain all the algorithm72* parameters required for this key agreement.73*74* <p> If the key agreement algorithm requires random bytes, it gets them75* from the given source of randomness, <code>random</code>.76* However, if the underlying77* algorithm implementation does not require any random bytes,78* <code>random</code> is ignored.79*80* @param key the party's private information. For example, in the case81* of the Diffie-Hellman key agreement, this would be the party's own82* Diffie-Hellman private key.83* @param random the source of randomness84*85* @exception InvalidKeyException if the given key is86* inappropriate for this key agreement, e.g., is of the wrong type or87* has an incompatible algorithm type.88*/89protected abstract void engineInit(Key key, SecureRandom random)90throws InvalidKeyException;9192/**93* Initializes this key agreement with the given key, set of94* algorithm parameters, and source of randomness.95*96* @param key the party's private information. For example, in the case97* of the Diffie-Hellman key agreement, this would be the party's own98* Diffie-Hellman private key.99* @param params the key agreement parameters100* @param random the source of randomness101*102* @exception InvalidKeyException if the given key is103* inappropriate for this key agreement, e.g., is of the wrong type or104* has an incompatible algorithm type.105* @exception InvalidAlgorithmParameterException if the given parameters106* are inappropriate for this key agreement.107*/108protected abstract void engineInit(Key key, AlgorithmParameterSpec params,109SecureRandom random)110throws InvalidKeyException, InvalidAlgorithmParameterException;111112/**113* Executes the next phase of this key agreement with the given114* key that was received from one of the other parties involved in this key115* agreement.116*117* @param key the key for this phase. For example, in the case of118* Diffie-Hellman between 2 parties, this would be the other party's119* Diffie-Hellman public key.120* @param lastPhase flag which indicates whether or not this is the last121* phase of this key agreement.122*123* @return the (intermediate) key resulting from this phase, or null if124* this phase does not yield a key125*126* @exception InvalidKeyException if the given key is inappropriate for127* this phase.128* @exception IllegalStateException if this key agreement has not been129* initialized.130*/131protected abstract Key engineDoPhase(Key key, boolean lastPhase)132throws InvalidKeyException, IllegalStateException;133134/**135* Generates the shared secret and returns it in a new buffer.136*137* <p>This method resets this {@code KeyAgreementSpi} object to the state138* that it was in after the most recent call to one of the {@code init}139* methods. After a call to {@code generateSecret}, the object can be reused140* for further key agreement operations by calling {@code doPhase} to supply141* new keys, and then calling {@code generateSecret} to produce a new142* secret. In this case, the private information and algorithm parameters143* supplied to {@code init} will be used for multiple key agreement144* operations. The {@code init} method can be called after145* {@code generateSecret} to change the private information used in146* subsequent operations.147*148* @return the new buffer with the shared secret149*150* @exception IllegalStateException if this key agreement has not been151* initialized or if {@code doPhase} has not been called to supply the152* keys for all parties in the agreement153*/154protected abstract byte[] engineGenerateSecret()155throws IllegalStateException;156157/**158* Generates the shared secret, and places it into the buffer159* <code>sharedSecret</code>, beginning at <code>offset</code> inclusive.160*161* <p>If the <code>sharedSecret</code> buffer is too small to hold the162* result, a <code>ShortBufferException</code> is thrown.163* In this case, this call should be repeated with a larger output buffer.164*165* <p>This method resets this {@code KeyAgreementSpi} object to the state166* that it was in after the most recent call to one of the {@code init}167* methods. After a call to {@code generateSecret}, the object can be reused168* for further key agreement operations by calling {@code doPhase} to supply169* new keys, and then calling {@code generateSecret} to produce a new170* secret. In this case, the private information and algorithm parameters171* supplied to {@code init} will be used for multiple key agreement172* operations. The {@code init} method can be called after173* {@code generateSecret} to change the private information used in174* subsequent operations.175*176* @param sharedSecret the buffer for the shared secret177* @param offset the offset in <code>sharedSecret</code> where the178* shared secret will be stored179*180* @return the number of bytes placed into <code>sharedSecret</code>181*182* @exception IllegalStateException if this key agreement has not been183* initialized or if {@code doPhase} has not been called to supply the184* keys for all parties in the agreement185* @exception ShortBufferException if the given output buffer is too small186* to hold the secret187*/188protected abstract int engineGenerateSecret(byte[] sharedSecret,189int offset)190throws IllegalStateException, ShortBufferException;191192/**193* Creates the shared secret and returns it as a secret key object194* of the requested algorithm type.195*196* <p>This method resets this {@code KeyAgreementSpi} object to the state197* that it was in after the most recent call to one of the {@code init}198* methods. After a call to {@code generateSecret}, the object can be reused199* for further key agreement operations by calling {@code doPhase} to supply200* new keys, and then calling {@code generateSecret} to produce a new201* secret. In this case, the private information and algorithm parameters202* supplied to {@code init} will be used for multiple key agreement203* operations. The {@code init} method can be called after204* {@code generateSecret} to change the private information used in205* subsequent operations.206*207* @param algorithm the requested secret key algorithm208*209* @return the shared secret key210*211* @exception IllegalStateException if this key agreement has not been212* initialized or if {@code doPhase} has not been called to supply the213* keys for all parties in the agreement214* @exception NoSuchAlgorithmException if the requested secret key215* algorithm is not available216* @exception InvalidKeyException if the shared secret key material cannot217* be used to generate a secret key of the requested algorithm type (e.g.,218* the key material is too short)219*/220protected abstract SecretKey engineGenerateSecret(String algorithm)221throws IllegalStateException, NoSuchAlgorithmException,222InvalidKeyException;223}224225226