Class PK11KeyPairGenerator

java.lang.Object
org.mozilla.jss.crypto.KeyPairGeneratorSpi
org.mozilla.jss.pkcs11.PK11KeyPairGenerator
public final class PK11KeyPairGenerator extends KeyPairGeneratorSpi
A Key Pair Generator implemented using PKCS #11.
See Also:

  • Field Details

    • logger

      public static org.slf4j.Logger logger

    • opFlags

      private long opFlags

    • opFlagsMask

      private long opFlagsMask

    • DEFAULT_RSA_KEY_SIZE

      private static final int DEFAULT_RSA_KEY_SIZE
      //////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////
      See Also:

    • DEFAULT_RSA_PUBLIC_EXPONENT

      private static final BigInteger DEFAULT_RSA_PUBLIC_EXPONENT

    • p1024

      private static final String p1024
      ///////////////////////////////////////////////////////////////////
      See Also:

    • q1024

      private static final String q1024
      See Also:

    • g1024

      private static final String g1024
      See Also:

    • h1024

      private static final String h1024
      See Also:

    • seed1024

      private static final String seed1024
      See Also:

    • counter1024

      private static final int counter1024
      See Also:

    • PQG1024

      public static final PQGParams PQG1024
      Pre-cooked PQG values for 1024-bit keypairs, along with the seed, counter, and H values needed to verify them.

    • p768

      private static final String p768
      ///////////////////////////////////////////////////////////////////
      See Also:

    • q768

      private static final String q768
      See Also:

    • g768

      private static final String g768
      See Also:

    • seed768

      private static final String seed768
      See Also:

    • counter768

      private static final int counter768
      See Also:

    • h768

      private static final String h768
      See Also:

    • PQG768

      public static final PQGParams PQG768
      Pre-cooked PQG values for 768-bit keypairs, along with the seed, counter, and H values needed to verify them.

    • p512

      private static final String p512
      ///////////////////////////////////////////////////////////////////
      See Also:

    • q512

      private static final String q512
      See Also:

    • g512

      private static final String g512
      See Also:

    • h512

      private static final String h512
      See Also:

    • seed512

      private static final String seed512
      See Also:

    • counter512

      private static final int counter512
      See Also:

    • PQG512

      public static final PQGParams PQG512
      Pre-cooked PQG values for 512-bit keypairs, along with the seed, counter, and H values needed to verify them.

    • defaultsTested

      private static boolean defaultsTested
      ////////////////////////////////////////////////////////////////////

    • token

      private PK11Token token
      //////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////

    • params

      private AlgorithmParameterSpec params

    • algorithm

      private KeyPairAlgorithm algorithm

    • mKeygenOnInternalToken

      private boolean mKeygenOnInternalToken

    • temporaryPairMode

      private boolean temporaryPairMode

    • sensitivePairMode

      private int sensitivePairMode

    • extractablePairMode

      private int extractablePairMode

  • Constructor Details

  • Method Details

    • initialize

      public void initialize(int strength, SecureRandom random) throws InvalidParameterException
      Initializes this KeyPairGenerator with the given key strength.

      For DSA key generation, pre-cooked PQG values will be used be used if the key size is 512, 768, or 1024. Otherwise, an InvalidParameterException will be thrown.

      Specified by:
      initialize in class KeyPairGeneratorSpi
      Parameters:
      strength - The strength (size) of the keys that will be generated.
      random - Ignored
      Throws:
      InvalidParameterException - If the key strength is not supported by the algorithm or this implementation.

    • initialize

      public void initialize(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException
      Initializes this KeyPairGenerator with the given algorithm-specific parameters.
      Specified by:
      initialize in class KeyPairGeneratorSpi
      Parameters:
      params - The algorithm-specific parameters that will govern key pair generation.
      random - Ignored
      Throws:
      InvalidAlgorithmParameterException - If the parameters are inappropriate for the key type or are not supported by this implementation.

    • generateKeyPair

      public KeyPair generateKeyPair() throws TokenException
      Generates a key pair on a token. Uses parameters if they were passed in through a call to initialize, otherwise uses defaults.
      Specified by:
      generateKeyPair in class KeyPairGeneratorSpi
      Returns:
      Throws:
      TokenException

    • keygenOnInternalToken

      public boolean keygenOnInternalToken()
      Specified by:
      keygenOnInternalToken in class KeyPairGeneratorSpi
      Returns:
      true if the keypair generation will be done on the internal token and then moved to this token.

    • generateRSAKeyPair

      private KeyPair generateRSAKeyPair(PK11Token token, int keySize, long publicExponent, boolean temporary, int sensitive, int extractable) throws TokenException
      Generates an RSA key pair with the given size and public exponent.
      Throws:
      TokenException

    • generateRSAKeyPairWithOpFlags

      private KeyPair generateRSAKeyPairWithOpFlags(PK11Token token, int keySize, long publicExponent, boolean temporary, int sensitive, int extractable, int op_flags, int op_flags_mask) throws TokenException
      Generates an RSA key pair with the given size and public exponent. Adds the ability to specify a set of flags and masks to control how NSS generates the key pair.
      Throws:
      TokenException

    • generateDSAKeyPair

      private KeyPair generateDSAKeyPair(PK11Token token, byte[] P, byte[] Q, byte[] G, boolean temporary, int sensitive, int extractable) throws TokenException
      Generates a DSA key pair with the given P, Q, and G values. P, Q, and G are stored as big-endian twos-complement octet strings.
      Throws:
      TokenException

    • generateDSAKeyPairWithOpFlags

      private KeyPair generateDSAKeyPairWithOpFlags(PK11Token token, byte[] P, byte[] Q, byte[] G, boolean temporary, int sensitive, int extractable, int op_flags, int op_flags_mask) throws TokenException
      Generates a DSA key pair with the given P, Q, and G values. P, Q, and G are stored as big-endian twos-complement octet strings. Adds the ability to specify a set of flags and masks to control how NSS generates the key pair.
      Throws:
      TokenException

    • generateMLDSAKeyPair

      private KeyPair generateMLDSAKeyPair(PK11Token token, int size, boolean temporary, int sensitive, int extractable) throws TokenException
      Generates a ML-DSA key pair with the given security level. Security level as defined by NIST can be the value 44, 65 or 87.
      Throws:
      TokenException

    • generateMLDSAKeyPairWithOpFlags

      private KeyPair generateMLDSAKeyPairWithOpFlags(PK11Token token, int size, boolean temporary, int sensitive, int extractable, int op_flags, int op_flags_mask) throws TokenException
      Generates a ML-DSA key pair with the given security level. Security level as defined by NIST can be the value 44, 65 or 87. Adds the ability to specify a set of flags and masks to control how NSS generates the key pair.
      Throws:
      TokenException

    • generateECKeyPair

      private KeyPair generateECKeyPair(PK11Token token, byte[] Curve, boolean temporary, int sensitive, int extractable) throws TokenException
      Generates a EC key pair with the given a curve. Curves are stored as DER Encoded Parameters.
      Throws:
      TokenException

    • generateECKeyPairWithOpFlags

      private KeyPair generateECKeyPairWithOpFlags(PK11Token token, byte[] Curve, boolean temporary, int sensitive, int extractable, int op_flags, int op_flags_mask) throws TokenException
      Generates a EC key pair with the given a curve. Curves are stored as DER Encoded Parameters. Adds the ability to specify a set of flags and masks to control how NSS generates the key pair.
      Throws:
      TokenException

    • testDefaults

      private static void testDefaults()

    • temporaryPairs

      public void temporaryPairs(boolean temp)
      Specified by:
      temporaryPairs in class KeyPairGeneratorSpi

    • sensitivePairs

      public void sensitivePairs(boolean sensitive)
      Specified by:
      sensitivePairs in class KeyPairGeneratorSpi

    • extractablePairs

      public void extractablePairs(boolean extractable)
      Specified by:
      extractablePairs in class KeyPairGeneratorSpi

    • setKeyPairUsages

      public void setKeyPairUsages(KeyPairGeneratorSpi.Usage[] usages, KeyPairGeneratorSpi.Usage[] usages_mask)
      Sets the requested key usages desired for the generated key pair. This allows the caller to suggest how NSS generates the key pair.
      Specified by:
      setKeyPairUsages in class KeyPairGeneratorSpi
      Parameters:
      usages - List of desired key usages.
      usages_mask - Corresponding mask for the key usages. if a usages is desired, make sure it is in the mask as well.

    • getCurveCodeByName

      public int getCurveCodeByName(String curveName) throws InvalidParameterException
      Specified by:
      getCurveCodeByName in class KeyPairGeneratorSpi
      Throws:
      InvalidParameterException

    • getECCurve

      private AlgorithmParameterSpec getECCurve(int curvecode) throws InvalidParameterException
      Throws:
      InvalidParameterException

    • getCurve

      private AlgorithmParameterSpec getCurve(int strength) throws InvalidParameterException
      Throws:
      InvalidParameterException