// Copyright (c) 2002 Graz University of Technology. All rights reserved. // // Redistribution and use in source and binary forms, with or without modification, // are permitted provided that the following conditions are met: // // 1. Redistributions of source code must retain the above copyright notice, this // list of conditions and the following disclaimer. // // 2. Redistributions in binary form must reproduce the above copyright notice, // this list of conditions and the following disclaimer in the documentation // and/or other materials provided with the distribution. // // 3. The end-user documentation included with the redistribution, if any, must // include the following acknowledgment: // // "This product includes software developed by IAIK of Graz University of // Technology." // // Alternately, this acknowledgment may appear in the software itself, if and // wherever such third-party acknowledgments normally appear. // // 4. The names "Graz University of Technology" and "IAIK of Graz University of // Technology" must not be used to endorse or promote products derived from this // software without prior written permission. // // 5. Products derived from this software may not be called "IAIK PKCS Wrapper", // nor may "IAIK" appear in their name, without prior written permission of // Graz University of Technology. // // THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED // WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED // WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR // PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE LICENSOR BE // LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, // OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, // OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON // ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, // OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY // OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE // POSSIBILITY OF SUCH DAMAGE. package iaik.pkcs.pkcs11.objects; import iaik.pkcs.pkcs11.Session; import iaik.pkcs.pkcs11.TokenException; import iaik.pkcs.pkcs11.wrapper.Constants; import iaik.pkcs.pkcs11.wrapper.PKCS11Constants; import iaik.pkcs.pkcs11.wrapper.PKCS11Exception; import java.util.Hashtable; /** * An object of this class represents a key as defined by PKCS#11 2.11. * A key is of a specific type: RSA, DSA, DH, ECDSA, EC, X9_42_DH, KEA, * GENERIC_SECRET, RC2, RC4, DES, DES2, DES3, CAST, CAST3, CAST5, CAST128, * RC5, IDEA, SKIPJACK, BATON, JUNIPER, CDMF, AES or VENDOR_DEFINED. * If an application needs to use vendor-defined keys, it must set a * VendorDefinedKeyeBuilder using the setVendorDefinedKeyBuilder method. * * @author Karl Scheibelhofer * @version 1.0 * @invariants (keyType_ <> null) * and (id_ <> null) * and (startDate_ <> null) * and (endDate_ <> null) * and (derive_ <> null) * and (local_ <> null) * and (keyGenMechanism_ <> null) */ public class Key extends Storage { /** * This interface defines the available key types as defined by PKCS#11 2.11: * RSA, DSA, DH, ECDSA, KEA, GENERIC_SECRET, RC2, RC4, DES, DES2, DES3, CAST, * CAST3, CAST5, CAST128, RC5, IDEA, SKIPJACK, BATON, JUNIPER, CDMF, AES, * EC, X9_42_DH or VENDOR_DEFINED. * * @author Karl Scheibelhofer * @version 1.0 * @invariants */ public interface KeyType { /** * The identifier for a RSA key. */ static public final Long RSA = new Long(PKCS11Constants.CKK_RSA); /** * The identifier for a DSA key. */ static public final Long DSA = new Long(PKCS11Constants.CKK_DSA); /** * The identifier for a Diffi-Hellman key. */ static public final Long DH = new Long(PKCS11Constants.CKK_DH); /** * The identifier for a ECDSA key. */ static public final Long ECDSA = new Long(PKCS11Constants.CKK_ECDSA); /** * The identifier for a EC key. */ static public final Long EC = new Long(PKCS11Constants.CKK_EC); /** * The identifier for a EC key. */ static public final Long X9_42_DH = new Long(PKCS11Constants.CKK_X9_42_DH); /** * The identifier for a KEA key. */ static public final Long KEA = new Long(PKCS11Constants.CKK_KEA); /** * The identifier for a generic secret key. */ static public final Long GENERIC_SECRET = new Long(PKCS11Constants.CKK_GENERIC_SECRET); /** * The identifier for a RC2 key. */ static public final Long RC2 = new Long(PKCS11Constants.CKK_RC2); /** * The identifier for a RC4 key. */ static public final Long RC4 = new Long(PKCS11Constants.CKK_RC4); /** * The identifier for a DES key. */ static public final Long DES = new Long(PKCS11Constants.CKK_DES); /** * The identifier for a double-length DES key. */ static public final Long DES2 = new Long(PKCS11Constants.CKK_DES2); /** * The identifier for a trible-length DES key (Trible-DES). */ static public final Long DES3 = new Long(PKCS11Constants.CKK_DES3); /** * The identifier for a CAST key. */ static public final Long CAST = new Long(PKCS11Constants.CKK_CAST); /** * The identifier for a CAST3 key. */ static public final Long CAST3 = new Long(PKCS11Constants.CKK_CAST3); /** * The identifier for a CAST5 key; CAST5 is the same as CAST128. */ static public final Long CAST5 = new Long(PKCS11Constants.CKK_CAST5); /** * The identifier for a CAST128 key. */ static public final Long CAST128 = new Long(PKCS11Constants.CKK_CAST128); /** * The identifier for a RC5 key. */ static public final Long RC5 = new Long(PKCS11Constants.CKK_RC5); /** * The identifier for a IDEA key. */ static public final Long IDEA = new Long(PKCS11Constants.CKK_IDEA); /** * The identifier for a SKIPJACK key. */ static public final Long SKIPJACK = new Long(PKCS11Constants.CKK_SKIPJACK); /** * The identifier for a BATON key. */ static public final Long BATON = new Long(PKCS11Constants.CKK_BATON); /** * The identifier for a JUNIPER key. */ static public final Long JUNIPER = new Long(PKCS11Constants.CKK_JUNIPER); /** * The identifier for a CDMF key. */ static public final Long CDMF = new Long(PKCS11Constants.CKK_CDMF); /** * The identifier for a AES key. */ static public final Long AES = new Long(PKCS11Constants.CKK_AES); /** * The identifier for a Blowfish key. */ static public final Long BLOWFISH = new Long(PKCS11Constants.CKK_BLOWFISH); /** * The identifier for a Twofish key. */ static public final Long TWOFISH = new Long(PKCS11Constants.CKK_TWOFISH); /** * The identifier for a VENDOR_DEFINED key. Any Long object with a * value bigger than this one is also a valid vendor-defined key * type identifier. */ static public final Long VENDOR_DEFINED = new Long(PKCS11Constants.CKK_VENDOR_DEFINED); } /** * If an application uses vendor defined keys, it must implement this * interface and install such an object handler using * setVendorDefinedKeyBuilder. * * @author Karl Scheibelhofer * @version 1.0 * @invariants */ public interface VendorDefinedKeyBuilder { /** * This method should instanciate an Object of this class or of any * sub-class. It can use the given handles and PKCS#11 module to retrieve * attributes of the PKCS#11 object from the token. * * @param session The session to use for reading attributes. * This session must have the appropriate rights; i.e. * it must be a user-session, if it is a private object. * @param objectHandle The object handle as given from the PKCS#111 module. * @return The object representing the PKCS#11 object. * The returned object can be casted to the * according sub-class. * @exception PKCS11Exception If getting the attributes failed. * @preconditions (session <> null) * @postconditions (result <> null) */ public Object build(Session session, long objectHandle) throws PKCS11Exception; } /** * The currently set vendor defined key builder, or null. */ protected static VendorDefinedKeyBuilder vendorKeyBuilder_; /** * A table holding string representations for all known key types. Table key * is the key type as Long object. */ protected static Hashtable keyTypeNames_; /** * The type of this key. Its value is one of KeyType, or one that has a * bigger value than VENDOR_DEFINED. */ protected KeyTypeAttribute keyType_; /** * The identifier (ID) of this key. */ protected ByteArrayAttribute id_; /** * The start date of this key's validity. */ protected DateAttribute startDate_; /** * The end date of this key's validity. */ protected DateAttribute endDate_; /** * True, if other keys can be derived from this key. */ protected BooleanAttribute derive_; /** * True, if this key was created (generated or copied from a different key) on * the token. */ protected BooleanAttribute local_; /** * The mechanism used to generate the key material. */ protected MechanismAttribute keyGenMechanism_; /** * The list of mechanism that can be used with this key. */ protected MechanismArrayAttribute allowedMechanisms_; /** * The default constructor. An application use this constructor to instanciate * a key that serves as a template. It may also be useful for working with * vendor-defined keys. * * @preconditions * @postconditions */ public Key() { super(); } /** * Called by sub-classes to create an instance of a PKCS#11 key. * * @param session The session to use for reading attributes. * This session must have the appropriate rights; i.e. * it must be a user-session, if it is a private object. * @param objectHandle The object handle as given from the PKCS#111 module. * @exception TokenException If getting the attributes failed. * @preconditions (session <> null) * @postconditions */ protected Key(Session session, long objectHandle) throws TokenException { super(session, objectHandle); } /** * Set a vendor-defined key builder that should be called to create an * instance of an vendor-defined PKCS#11 key; i.e. an instance of a * vendor defined sub-class of this class. * * @param builder The vendor-defined key builder. Null to clear any * previously installed vendor-defined builder. * @preconditions * @postconditions */ public static void setVendorDefinedKeyBuilder(VendorDefinedKeyBuilder builder) { vendorKeyBuilder_ = builder; } /** * Get the currently set vendor-defined key builder. * * @return The currently set vendor-defined key builder or null if * none is set. * @preconditions * @postconditions */ public static VendorDefinedKeyBuilder getVendorDefinedKeyBuilder() { return vendorKeyBuilder_; } /** * Get the given key type as string. * * @param keyType The key type to get as string. * @return A string denoting the key type; e.g. "RSA". * @preconditions (keyType <> null) * @postconditions (result <> null) */ public static String getKeyTypeName(Long keyType) { String keyTypeName; if (keyType == null) { throw new NullPointerException("Argument \"keyType\" must not be null."); } if ((keyType.longValue() & PKCS11Constants.CKK_VENDOR_DEFINED) != 0L) { keyTypeName = "Vendor Defined"; } else { if (keyTypeNames_ == null) { // setup key type names table Hashtable keyTypeNames = new Hashtable(24); keyTypeNames.put(KeyType.RSA, "RSA"); keyTypeNames.put(KeyType.DSA, "DSA"); keyTypeNames.put(KeyType.DH, "DH"); keyTypeNames.put(KeyType.ECDSA, "ECDSA"); keyTypeNames.put(KeyType.EC, "EC"); keyTypeNames.put(KeyType.X9_42_DH, "X9_42_DH"); keyTypeNames.put(KeyType.KEA, "KEA"); keyTypeNames.put(KeyType.GENERIC_SECRET, "GENERIC_SECRET"); keyTypeNames.put(KeyType.RC2, "RC2"); keyTypeNames.put(KeyType.RC4, "RC4"); keyTypeNames.put(KeyType.DES, "DES"); keyTypeNames.put(KeyType.DES2, "DES2"); keyTypeNames.put(KeyType.DES3, "DES3"); keyTypeNames.put(KeyType.CAST, "CAST"); keyTypeNames.put(KeyType.CAST3, "CAST3"); keyTypeNames.put(KeyType.CAST5, "CAST5"); keyTypeNames.put(KeyType.CAST128, "CAST128"); keyTypeNames.put(KeyType.RC5, "RC5"); keyTypeNames.put(KeyType.IDEA, "IDEA"); keyTypeNames.put(KeyType.SKIPJACK, "SKIPJACK"); keyTypeNames.put(KeyType.BATON, "BATON"); keyTypeNames.put(KeyType.JUNIPER, "JUNIPER"); keyTypeNames.put(KeyType.CDMF, "CDMF"); keyTypeNames.put(KeyType.AES, "AES"); keyTypeNames.put(KeyType.BLOWFISH, "BLOWFISH"); keyTypeNames.put(KeyType.TWOFISH, "TWOFISH"); keyTypeNames_ = keyTypeNames; } keyTypeName = (String) keyTypeNames_.get(keyType); if (keyTypeName == null) { keyTypeName = ""; } } return keyTypeName; } /** * Put all attributes of the given object into the attributes table of this * object. This method is only static to be able to access invoke the * implementation of this method for each class separately (see use in * clone()). * * @param object The object to handle. * @preconditions (object <> null) * @postconditions */ protected static void putAttributesInTable(Key object) { if (object == null) { throw new NullPointerException("Argument \"object\" must not be null."); } object.attributeTable_.put(Attribute.KEY_TYPE, object.keyType_); object.attributeTable_.put(Attribute.ID, object.id_); object.attributeTable_.put(Attribute.START_DATE, object.startDate_); object.attributeTable_.put(Attribute.END_DATE, object.endDate_); object.attributeTable_.put(Attribute.DERIVE, object.derive_); object.attributeTable_.put(Attribute.LOCAL, object.local_); object.attributeTable_.put(Attribute.KEY_GEN_MECHANISM, object.keyGenMechanism_); object.attributeTable_.put(Attribute.ALLOWED_MECHANISMS, object.allowedMechanisms_); } /** * Allocates the attribute objects for this class and adds them to the * attribute table. * * @preconditions * @postconditions */ protected void allocateAttributes() { super.allocateAttributes(); keyType_ = new KeyTypeAttribute(); id_ = new ByteArrayAttribute(Attribute.ID); startDate_ = new DateAttribute(Attribute.START_DATE); endDate_ = new DateAttribute(Attribute.END_DATE); derive_ = new BooleanAttribute(Attribute.DERIVE); local_ = new BooleanAttribute(Attribute.LOCAL); keyGenMechanism_ = new MechanismAttribute(Attribute.KEY_GEN_MECHANISM); allowedMechanisms_ = new MechanismArrayAttribute(Attribute.ALLOWED_MECHANISMS); putAttributesInTable(this); } /** * Create a (deep) clone of this object. * * @return A clone of this object. * @preconditions * @postconditions (result <> null) * and (result instanceof Key) * and (result.equals(this)) */ public java.lang.Object clone() { Key clone = (Key) super.clone(); clone.keyType_ = (KeyTypeAttribute) this.keyType_.clone(); clone.id_ = (ByteArrayAttribute) this.id_.clone(); clone.startDate_ = (DateAttribute) this.startDate_.clone(); clone.endDate_ = (DateAttribute) this.endDate_.clone(); clone.derive_ = (BooleanAttribute) this.derive_.clone(); clone.local_ = (BooleanAttribute) this.local_.clone(); clone.keyGenMechanism_ = (MechanismAttribute) this.keyGenMechanism_.clone(); clone.allowedMechanisms_ = (MechanismArrayAttribute) this.allowedMechanisms_.clone(); putAttributesInTable(clone); // put all cloned attributes into the new table return clone; } /** * Compares all member variables of this object with the other object. * Returns only true, if all are equal in both objects. * * @param otherObject The other object to compare to. * @return True, if other is an instance of this class and all member * variables of both objects are equal. False, otherwise. * @preconditions * @postconditions */ public boolean equals(java.lang.Object otherObject) { boolean equal = false; if (otherObject instanceof Key) { Key other = (Key) otherObject; equal = (this == other) || (super.equals(other) && this.keyType_.equals(other.keyType_) && this.id_.equals(other.id_) && this.startDate_.equals(other.startDate_) && this.endDate_.equals(other.endDate_) && this.derive_.equals(other.derive_) && this.local_.equals(other.local_) && this.keyGenMechanism_.equals(other.keyGenMechanism_) && this.allowedMechanisms_ .equals(other.allowedMechanisms_)); } return equal; } /** * Gets the key type attribute of the PKCS#11 key. Its value must * be one of those defined in the KeyType interface or one with an * value bigger than KeyType.VENDOR_DEFINED. * * @return The key type identifier. * @preconditions * @postconditions (result <> null) */ public LongAttribute getKeyType() { return keyType_; } /** * Gets the ID attribute of this key. * * @return The key identifier attribute. * @preconditions * @postconditions (result <> null) */ public ByteArrayAttribute getId() { return id_; } /** * Gets the start date attribute of the validity of this key. * * @return The start date of validity. * @preconditions * @postconditions (result <> null) */ public DateAttribute getStartDate() { return startDate_; } /** * Gets the end date attribute of the validity of this key. * * @return The end date of validity. * @preconditions * @postconditions (result <> null) */ public DateAttribute getEndDate() { return endDate_; } /** * Check, if other keys can be derived from this key. * * @return Its value is true, if other keys can be derived from this key. * @preconditions * @postconditions (result <> null) */ public BooleanAttribute getDerive() { return derive_; } /** * Check, if this key is a local key; i.e. was generated on the token or * created via copy from a different key on the token. * * @return Its value is true, if the key was created on the token. * @preconditions * @postconditions (result <> null) */ public BooleanAttribute getLocal() { return local_; } /** * Get the mechanism used to generate the key material for this key. * * @return The mechanism attribute used to generate the key material for this * key. * @preconditions * @postconditions (result <> null) */ public MechanismAttribute getKeyGenMechanism() { return keyGenMechanism_; } /** * Get the list of mechanisms that are allowed to use with this key. This * attribute can only be used with PKCS#11 modules supporting * cryptoki version 2.20 or higher. * * @return The list of mechanisms that are allowed to use with this key. * @preconditions * @postconditions (result <> null) */ public MechanismArrayAttribute getAllowedMechanisms() { return allowedMechanisms_; } /** * The overriding of this method should ensure that the objects of this class * work correctly in a hashtable. * * @return The hash code of this object. * @preconditions * @postconditions */ public int hashCode() { return keyType_.hashCode() ^ id_.hashCode(); } /** * Read the values of the attributes of this object from the token. * * @param session The session handle to use for reading attributes. * This session must have the appropriate rights; i.e. * it must be a user-session, if it is a private object. * @exception TokenException If getting the attributes failed. * @preconditions (session <> null) * @postconditions */ public void readAttributes(Session session) throws TokenException { super.readAttributes(session); // Object.getAttributeValue(session, objectHandle_, id_); // Object.getAttributeValue(session, objectHandle_, startDate_); // Object.getAttributeValue(session, objectHandle_, endDate_); // Object.getAttributeValue(session, objectHandle_, derive_); // Object.getAttributeValue(session, objectHandle_, local_); // Object.getAttributeValue(session, objectHandle_, keyGenMechanism_); Object.getAttributeValues(session, objectHandle_, new Attribute[] { id_, startDate_, endDate_, derive_, local_, keyGenMechanism_ }); Object.getAttributeValue(session, objectHandle_, allowedMechanisms_); } /** * This method returns a string representation of the current object. The * output is only for debugging purposes and should not be used for other * purposes. * * @return A string presentation of this object for debugging output. * @preconditions * @postconditions (result <> null) */ public String toString() { StringBuffer buffer = new StringBuffer(256); buffer.append(super.toString()); buffer.append(Constants.NEWLINE); buffer.append(Constants.INDENT); buffer.append("Key Type: "); if (keyType_ != null) { buffer.append(keyType_.toString()); } else { buffer.append(""); } buffer.append(Constants.NEWLINE); buffer.append(Constants.INDENT); buffer.append("ID: "); buffer.append(id_.toString()); buffer.append(Constants.NEWLINE); buffer.append(Constants.INDENT); buffer.append("Start Date: "); buffer.append(startDate_.toString()); buffer.append(Constants.NEWLINE); buffer.append(Constants.INDENT); buffer.append("End Date: "); buffer.append(endDate_.toString()); buffer.append(Constants.NEWLINE); buffer.append(Constants.INDENT); buffer.append("Derive: "); buffer.append(derive_.toString()); buffer.append(Constants.NEWLINE); buffer.append(Constants.INDENT); buffer.append("Local: "); buffer.append(local_.toString()); buffer.append(Constants.NEWLINE); buffer.append(Constants.INDENT); buffer.append("Key Generation Mechanism: "); buffer.append(keyGenMechanism_.toString()); buffer.append(Constants.NEWLINE); buffer.append(Constants.INDENT); buffer.append("Allowed Mechanisms: "); buffer.append(allowedMechanisms_.toString()); return buffer.toString(); } }