com.entrust.toolkit.security.crypto.ec

Class EcParameterFactory

java.lang.Object

com.entrust.toolkit.security.crypto.ec.EcParameterFactory

public final class EcParameterFactory
extends java.lang.Object

A factory for creating Elliptic Curve (EC) domain parameters in EcParameterSpecWithName representation and converting them to and from various formats and representations.

EC domain parameters can be represented in ASN.1 in 'named', 'specified', or 'implicitCA' format. The 'specified' format contains all the actual EC domain parameter values (i.e. field, curve, base, order, and cofactor). The 'named' format consists of an OBJECT IDENTIFIER that uniquely identifies the EC domain. The 'implicitCA' format contains NULL; this is interpreted to mean a pre-configured set of EC domain parameter values (refer to setConfiguredImplicitCaParams(ECParameterSpec) for additional details. For additional information on the supported EC domain parameter formats, refer to EcParameterFormat.

The following named EC domains are supported:

Supported Named EC Domains
Prime Curves (Fp)
OID	ANSI X9.62 Name	ANSI X9.63 Name	NIST Name	SEC Name	Brainpool Name	Field Size (bits)	Entrust Key Type	Default
1.3.132.0.9	ansix9p160k1	ansip160k1		secp160k1		160	EC-ansix9p160k1	*
1.3.132.0.8	ansix9p160r1	ansip160r1		secp160r1		160	EC-ansix9p160r1
1.3.132.0.30	ansix9p160r2	ansip160r2		secp160r2		160	EC-ansix9p160r2
1.3.36.3.3.2.8.1.1.1					brainpoolP160r1	160	EC-brainpoolP160r1
1.3.36.3.3.2.8.1.1.2					brainpoolP160t1	160	EC-brainpoolP160t1
1.3.132.0.31	ansix9p192k1	ansip192k1		secp192k1		192	EC-ansix9p192k1
1.2.840.10045.3.1.1	ansix9p192r1	ansip192r1	P-192	secp192r1		192	EC-P-192	*
1.3.36.3.3.2.8.1.1.3					brainpoolP192r1	192	EC-brainpoolP192r1
1.3.36.3.3.2.8.1.1.4					brainpoolP192t1	192	EC-brainpoolP192t1
1.3.132.0.32	ansix9p224k1	ansip224k1		secp224k1		224	EC-ansix9p224k1
1.3.132.0.33	ansix9p224r1	ansip224r1	P-224	secp224r1		224	EC-P-224	*
1.3.36.3.3.2.8.1.1.5					brainpoolP224r1	224	EC-brainpoolP224r1
1.3.36.3.3.2.8.1.1.6					brainpoolP224t1	224	EC-brainpoolP224t1
1.3.132.0.10	ansix9p256k1	ansip256k1		secp256k1		256	EC-ansix9p256k1
1.2.840.10045.3.1.7	ansix9p256r1	ansip256r1	P-256	secp256r1		256	EC-P-256	**
1.3.36.3.3.2.8.1.1.7					brainpoolP256r1	256	EC-brainpoolP256r1
1.3.36.3.3.2.8.1.1.8					brainpoolP256t1	256	EC-brainpoolP256t1
1.3.36.3.3.2.8.1.1.9					brainpoolP320r1	320	EC-brainpoolP320r1
1.3.36.3.3.2.8.1.1.10					brainpoolP320t1	320	EC-brainpoolP320t1	*
1.3.132.0.34	ansix9p384r1	ansip384r1	P-384	secp384r1		384	EC-P-384	*
1.3.36.3.3.2.8.1.1.11					brainpoolP384r1	384	EC-brainpoolP384r1
1.3.36.3.3.2.8.1.1.12					brainpoolP384t1	384	EC-brainpoolP384t1
1.3.36.3.3.2.8.1.1.13					brainpoolP512r1	512	EC-brainpoolP512r1
1.3.36.3.3.2.8.1.1.14					brainpoolP512t1	512	EC-brainpoolP512t1	*
1.3.132.0.35	ansix9p521r1	ansip521r1	P-521	secp521r1		521	EC-P-521	*

** - Default domain parameters at this domain size.
* - Overall default domain parameters and default domain parameters at this domain size.

Before a set of EC domain parameters can be used, a check must be performed to ensure they are valid; this is called EC domain parameter validation. All EC-based cryptographic algorithms provided by the Toolkit automatically perform EC domain parameter validation prior to using a set of EC domain parameters in a cryptographic operation. The Toolkit's EC domain parameter validation routine checks whether a set of provided EC domain parameters matches one of the supported named EC domains, all of which are known to be valid. If so, the EC domain parameters are considered valid; otherwise the EC domain parameters are considered invalid and cannot be used. For a list of supported named EC domains, refer to the "Supported Named EC Domains" table provided above.

Note: Two sets of EC domain parameters match if they contain all of the same components; refer to isSameDomain(ECParameterSpec, ECParameterSpec) for details on the comparison that is performed.

The ASN.1 structures defined in ASNI X9.62-2005 for EC domain parameters are supported; this includes the following:

 -- Type for identifying elliptic curve domain parameters
 ECDomainParameters ::= CHOICE {
     specified     SpecifiedECDomain, -- Full specification
     named         ECDOMAIN.&id({ANSIX9NamedDomains}), -- Named
     implicitCA    NULL -- Parameters same as issuer CA
 }
 
 -- Identifying elliptic curve domain parameters explicitly with this type
 SpecifiedECDomain ::= SEQUENCE {
     version     SpecifiedECDomainVersion( ecdpVer1 | ecdpVer2 | ecdpVer3 ),
     fieldID     FieldID {{FieldTypes}},
     curve       Curve, 
     base        ECPoint, 
     order       INTEGER, -- Base point G
     cofactor    INTEGER OPTIONAL, -- Order n of the base point
     hash        HashAlgorithm OPTIONAL, -- The integer h = #E(Fq)/n
     ... -- Additional parameters may be added
     }
 
 -- Type used to control version of EC domain parameters
 SpecifiedECDomainVersion ::= INTEGER { ecdpVer1(1), ecdpVer2(2), ecdpVer3(3) }
 
 -- Finite fields have a type (prime or binary) and parameters (size and basis)
 FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field
     fieldType     FIELD-ID.&id({IOSet}),
     parameters    FIELD-ID.&Type({IOSet} @fieldType)
 }
 
 -- Information object class used to constrain fields
 FIELD-ID ::= TYPE-IDENTIFIER -- ISO/IEC 8824-2:1995(E), Annex A
 
 -- Field types are constrained with this information object set
 FieldTypes FIELD-ID ::= {
     { Prime-p IDENTIFIED BY prime-field } |
     { Characteristic-two IDENTIFIED BY characteristic-two-field }, 
     ... -- Additional field types may be added
 }
 
 -- Parameters for prime field
 Prime-p ::= INTEGER -- Finite field F(p), where p is an odd prime
 
 -- OID identifying prime field types
 prime-field OBJECT IDENTIFIER ::= { 1 2 840 10045 1 1 }
 
 -- Parameters from a binary field
 Characteristic-two ::= SEQUENCE {
     m             INTEGER, -- Field size is 2ˆm
     basis         CHARACTERISTIC-TWO.&id({BasisTypes}),
     parameters    CHARACTERISTIC-TWO.&Type({BasisTypes} @basis)
 }
 
 -- The object class for binary field basis types
 CHARACTERISTIC-TWO ::= TYPE-IDENTIFIER
 
 -- Allowable basis types are given the following info object set
 BasisTypes CHARACTERISTIC-TYPE ::= {
     { NULL IDENTIFIED BY gnBasis } |
     { Trinomial IDENTIFIED BY tpBasis } |
     { Pentanomial IDENTIFIED BY ppBasis },
     ... -- Additional basis types may be added
 }
 
 -- OID to identity a Guassian normal basis.
 gnBasis OBJECT IDENTIFIER ::= { 1 2 840 10045 1 2 3 1 }
 
 -- Trinomial basis representation of F2ˆm
 -- Integer k from reduction polynomial xˆm + xˆk + 1
 Trinomial ::= INTEGER
 
 -- OID to identity a trinomial basis.
 tpBasis OBJECT IDENTIFIER ::= { 1 2 840 10045 1 2 3 2 }
 
 -- Pentanomial basis representation of F2ˆm
 -- reduction polynomial integers k1, k2, k3
 -- f(x) = xˆm + xˆk3 + xˆk2 + xˆk1 + 1
 Pentanomial ::= SEQUENCE {
     k1 INTEGER, 
     k2 INTEGER,
     k3 INTEGER,
 }
 
 -- OID to identify a pentanomial basis
 ppBasis OBJECT IDENTIFIER ::= { 1 2 840 10045 1 2 3 3 }
 
 -- Identifying an elliptic curve by its coefficients (and optional seed)
 Curve ::= SEQUENCE {
     a       FieldElement, -- Elliptic curve coefficient a
     b       FieldElement, -- Elliptic curve coefficient b
     seed    BIT STRING OPTIONAL
     -- Shall be present if used in SpecifiedECDomain with version of ecdpVer2 or ecdpVer3
 }
 
 -- Finite field element
 FieldElement ::= OCTET STRING
  
 -- Elliptic curve point
 ECPOINT ::= OCTET STRING
  
 -- Type (parameterized to indicate the hash function with
 -- the OID ecdsa-with-Specified
 HashAlgorithm ::= AlgorithmIdentifier {{ ANSI HashFunctions }}
  
 -- Information object class used for algorithm identifiers.
 -- Note: Original X9.62-1998 was TYPE-IDENTIFIER
 -- New version here agrees with X9.63-2001
 ALGORITHM ::= CLASS {
     &id      OBJECT IDENTIFIER UNIQUE,
     &Type    OPTIONAL
 }
 WITH SYNTAX { OID &id [PARAMS & Type] }
  
 -- Information object st of Approved hash functions
 ANSIX9HashFunctions ALGORITHM ::= {
     { OID sha-1 } |
     { OID sha-1 PARAMS NULL } |
     { OID id-SHA224 } |
     { OID id-SHA224 PARAMS NULL} |
     { OID id-SHA256 } |
     { OID id-SHA256 PARAMS NULL} |
     { OID id-SHA384 } |
     { OID id-SHA384 PARAMS NULL} |
     { OID id-SHA512 } |
     { OID id-SHA512 PARAMS NULL},
     ... -- Additional hash functions may be added
 }
 
 -- OID for SHA1
 sha-1 OBJECT IDENTIFIER ::= { 1 3 14 3 2 26 }
 
 -- OID for SHA224
 id-SHA224 OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 4 2 4 }
 
 -- OID for SHA256
 id-SHA256 OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 4 2 1 }
 
 -- OID for SHA384
 id-SHA384 OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 4 2 2 }
 
 -- OID for SHA512
 id-SHA512 OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 4 2 3 }
 
 -- The object class and syntax for naming elliptic curve domain parameters.
 ECDOMAIN ::= CLASS {
     &id OBJECT IDENTIFIER UNIQUE
 }
 WITH SYNTAX { ID &id }
 
 -- Information object set for named elliptic curve domain parameter
 ANSIX9NamedDomains ECDOMAIN ::= {
     { ID ansix9t163k1 } |
     { ID ansix9t163r2 } |
     { ID ansix9t233k1 } |
     { ID ansix9t233r1 } |
     { ID ansix9t283k1 } |
     { ID ansix9t283r1 } |
     { ID ansix9t409k1 } |
     { ID ansix9t409r1 } |
     { ID ansix9t571k1 } |
     { ID ansix9t571r1 } |
     { ID ansix9p192k1 } |
     { ID ansix9p192r1 } |
     { ID ansix9p224k1 } |
     { ID ansix9p224r1 } |
     { ID ansix9p256k1 } |
     { ID ansix9p256r1 } |
     { ID ansix9p384r1 } |
     { ID ansix9p512r1 },
     ... -- Additional named EC domain parameters may be added.
 }
 
 -- Named EC domain parameters in X9.62
 ansix9t163k1 OBJECT IDENTIFIER ::= { 1 3 132 0 1 }
 ansix9t163r1 OBJECT IDENTIFIER ::= { 1 3 132 0 2 }
 ansix9t163r2 OBJECT IDENTIFIER ::= { 1 3 132 0 15 }
 ansix9t193r1 OBJECT IDENTIFIER ::= { 1 3 132 0 24 }
 ansix9t193r2 OBJECT IDENTIFIER ::= { 1 3 132 0 25 }
 ansix9t233k1 OBJECT IDENTIFIER ::= { 1 3 132 0 26 }
 ansix9t233r1 OBJECT IDENTIFIER ::= { 1 3 132 0 27 }
 ansix9t239k1 OBJECT IDENTIFIER ::= { 1 3 132 0 3 }
 ansix9t283k1 OBJECT IDENTIFIER ::= { 1 3 132 0 16 }
 ansix9t283r1 OBJECT IDENTIFIER ::= { 1 3 132 0 17 }
 ansix9t409k1 OBJECT IDENTIFIER ::= { 1 3 132 0 36 }
 ansix9t409r1 OBJECT IDENTIFIER ::= { 1 3 132 0 37 }
 ansix9t571k1 OBJECT IDENTIFIER ::= { 1 3 132 0 38 }
 ansix9t571r1 OBJECT IDENTIFIER ::= { 1 3 132 0 39 }
 ansix9p160k1 OBJECT IDENTIFIER ::= { 1 3 132 0 9 }
 ansix9p160r1 OBJECT IDENTIFIER ::= { 1 3 132 0 8 }
 ansix9p160r2 OBJECT IDENTIFIER ::= { 1 3 132 0 30 }
 ansix9p192k1 OBJECT IDENTIFIER ::= { 1 3 132 0 31 }
 ansix9p192r1 OBJECT IDENTIFIER ::= { 1 2 840 10045 3 1 1 }
 ansix9p224k1 OBJECT IDENTIFIER ::= { 1 3 132 0 32 }
 ansix9p224r1 OBJECT IDENTIFIER ::= { 1 3 132 0 33 }
 ansix9p256k1 OBJECT IDENTIFIER ::= { 1 3 132 0 10 }
 ansix9p256r1 OBJECT IDENTIFIER ::= { 1 2 840 10045 3 1 7 }
 ansix9p384r1 OBJECT IDENTIFIER ::= { 1 3 132 0 34 }
 ansix9p521r1 OBJECT IDENTIFIER ::= { 1 3 132 0 35 }
 

Since:

7.2 SP1

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	EcParameterFactory.SupportedEcDomain Identifies all supported named EC domains.

Method Summary

Modifier and Type	Method and Description
static EcParameterSpecWithName	getConfiguredImplicitCaParams() Provides access to the globally configured 'implicitCA' EC domain parameter values.
static ObjectID	getDomainName(java.security.spec.ECParameterSpec params) Determines the name of the EC domain defined by the provided set of EC domain parameters.
static java.security.spec.EllipticCurve	getEllipticCurveInstance(java.security.spec.ECField field, java.math.BigInteger a, java.math.BigInteger b) Instantiates an EllipticCurve with the specified elliptic curve field and the coefficients a and b; supports curves with zero coefficients.
static java.security.spec.EllipticCurve	getEllipticCurveInstance(java.security.spec.ECField field, java.math.BigInteger a, java.math.BigInteger b, byte[] seed) Instantiates an EllipticCurve with the specified elliptic curve field, the coefficients a and b, and the seed used for curve generation; supports curves with zero coefficients.
static byte[]	getEncoded(java.security.spec.ECParameterSpec params) Converts EC domain parameters in ECParameterSpec representation to DER encoded ASN.1 format.
static byte[]	getEncoded(java.security.spec.ECParameterSpec params, boolean forceSpecified) Converts EC domain parameters in ECParameterSpec representation to DER encoded ASN.1 format.
static java.lang.String	getEntrustKeyType(java.security.spec.ECParameterSpec params) Determines the Entrust key type for the provided set of EC domain parameters.
static EcParameterSpecWithName	getImplicitCaInstance(java.security.spec.ECParameterSpec params) Converts a set of EC domain parameters to 'implicitCA' format.
static EcParameterSpecWithName	getInstance() Returns the default EC domain parameters.
static EcParameterSpecWithName	getInstance(ASN1Object params) Returns EC domain parameters by decoding them from ASN.1 format.
static EcParameterSpecWithName	getInstance(ASN1Object params, java.security.spec.ECParameterSpec configuredImplicitCaParams) Returns EC domain parameters by decoding them from ASN.1 format (allows locally configured 'implicitCA' EC domain parameter values to be provided).
static EcParameterSpecWithName	getInstance(byte[] params) Returns EC domain parameters by decoding them from DER encoded format.
static EcParameterSpecWithName	getInstance(byte[] params, java.security.spec.ECParameterSpec configuredImplicitCaParams) Returns EC domain parameters by decoding them from DER encoded format (allows locally configured 'implicitCA' EC domain parameter values to be provided).
static EcParameterSpecWithName	getInstance(java.security.spec.ECParameterSpec params, EcParameterFormat format) Converts a set of EC domain parameters to the requested format.
static EcParameterSpecWithName	getInstance(int domainBitLength) Returns the default EC domain parameters for an EC domain that has the indicated field size in bits (aka: key size or key strength).
static EcParameterSpecWithName	getInstance(java.lang.String domainAlias) Returns EC domain parameters for a named EC domain.
static EcParameterSpecWithName	getNamedInstance(java.security.spec.ECParameterSpec params) Converts a set of EC domain parameters to 'named' format.
static EcParameterSpecWithName	getSpecifiedInstance(java.security.spec.ECParameterSpec params) Converts a set of EC domain parameters to 'specified' format.
static boolean	isSameDomain(java.security.spec.ECParameterSpec params1, java.security.spec.ECParameterSpec params2) Determines whether or not two sets of EC domain parameters (in Sun JCA format) define the same EC domain.
static void	setConfiguredImplicitCaParams(java.security.spec.ECParameterSpec configuredImplicitCaParams) Sets the globally configured 'implicitCA' EC domain parameter values.
static ASN1Object	toASN1Object(java.security.spec.ECParameterSpec params) Converts EC domain parameters in ECParameterSpec representation to ASN.1 format.
static ASN1Object	toASN1Object(java.security.spec.ECParameterSpec params, boolean forceSpecified) Converts EC domain parameters in ECParameterSpec representation to ASN.1 format.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getInstance

public static EcParameterSpecWithName getInstance()

Returns the default EC domain parameters.

The default EC domain parameters define the NIST prime curve 'P-256' (OID: '1.2.840.10045.3.1.7'). It offers 128-bits of security (which is equivalent to the security offered by a 3072-bit RSA key).

Note: The EC domain parameters are returned in 'named' format.

Returns:

default EC domain parameters

getInstance

public static EcParameterSpecWithName getInstance(int domainBitLength)
                                           throws UnsupportedECDomainException

Returns the default EC domain parameters for an EC domain that has the indicated field size in bits (aka: key size or key strength).

Refer to the class documentation of EcParameterFactory for a table containing the supported named EC domains and defaults at each field size. For field sizes not in this table, a default named EC domain has not been defined. If an attempt is made to get EC domain parameters for an EC domain with a field size not listed in the table above, an UnsupportedECDomainException will result.

Note: The EC domain parameters are returned in 'named' format.

Parameters:

domainBitLength - the requested field size (in bits)

Returns:

default EC domain parameters for the requested field size

Throws:

UnsupportedECDomainException - if there does not exist a supported named EC domain with the requested field size

getInstance

public static EcParameterSpecWithName getInstance(java.lang.String domainAlias)
                                           throws UnsupportedECDomainException

Returns EC domain parameters for a named EC domain.

Only certain named EC domains are recognized and supported; refer to the class documentation of EcParameterFactory for a table containing the supported named EC domains. If an attempt is made to get EC domain parameters for a named EC domain that is not supported, an UnsupportedECDomainException will result.

In addition to accepting supported domain names, this API also accepts Entrust EC key types. There are two different formats of Entrust EC key types that are supported:

EC-<domainName>

In this case, the <domainName> component is extracted and used to identity the domain.

ECDSA-<domainSize>

In this case, an integer is extracted from the <domainSize> component and the default domain at this field size is returned (legacy format; supported for interoperability)

Note: The EC domain parameters are returned in 'named' format.

Parameters:

domainAlias - an alias for the EC domain (recognized EC domain name or Entrust EC key type)

Returns:

EC domain parameters for the requested named EC domain

Throws:

UnsupportedECDomainException - if there does not exist a supported named EC domain with the indicated domain alias

getSpecifiedInstance

public static EcParameterSpecWithName getSpecifiedInstance(java.security.spec.ECParameterSpec params)

Converts a set of EC domain parameters to 'specified' format.

This ensures that a subsequent encode operation on these EC domain parameters will use the 'specified' format; refer to EcParameterFormat.specified for details on 'specified' format.

Note: The EC domain parameters are returned in 'specified' format.
Note: The domain name will not be set in the returned EC domain parameters (the domain name will be null).

Parameters:

params - EC domain parameters

Returns:

EC domain parameters in 'specified' format

getNamedInstance

public static EcParameterSpecWithName getNamedInstance(java.security.spec.ECParameterSpec params)
                                                throws UnsupportedECDomainException

Converts a set of EC domain parameters to 'named' format.

This ensures that a subsequent encode operation on these EC domain parameters will use the 'named' format; refer to EcParameterFormat.named for details on 'named' format.

This API accepts an ECParameterSpec, compares the domain parameter values it contains against the set of supported 'named' EC domains, and if the domain parameter values provided match one of the supported 'named' EC domains, returns an EcParameterSpecWithName object that defines the EC domain in 'named' format. If the domain parameter values do not match one of the supported 'named' EC domains, an UnsupportedECDomainException is thrown.

Note: The EC domain parameters are returned in 'named' format. Note: The domain name will be set in the returned EC domain parameters (the domain name will be non-null).

Parameters:

params - EC domain parameters

Returns:

EC domain parameters in 'named' format

Throws:

UnsupportedECDomainException - if the provided EC domain parameter values do not match one of the supported 'named' EC domains

getImplicitCaInstance

public static EcParameterSpecWithName getImplicitCaInstance(java.security.spec.ECParameterSpec params)

Converts a set of EC domain parameters to 'implicitCA' format.

This ensures that a subsequent encode operation on these EC domain parameters will use the 'implicitCA' format; refer to EcParameterFormat.implicitCA for details on 'implicitCA' format.

Note: The EC domain parameters are returned in 'implicitCA' format.
Note: The domain name will not be set in the returned EC domain parameters (the domain name will be null).

Parameters:

params - EC domain parameters

Returns:

EC domain parameters in 'implicitCA' format

getInstance

public static EcParameterSpecWithName getInstance(java.security.spec.ECParameterSpec params,
                                                  EcParameterFormat format)
                                           throws UnsupportedECDomainException,
                                                  java.lang.IllegalArgumentException

Converts a set of EC domain parameters to the requested format.

This ensures that a subsequent encode operation on these EC domain parameters will use the requested format; the following formats are supported:

• EcParameterFormat.specified
• EcParameterFormat.named
• EcParameterFormat.implicitCA

Note: The domain name will only be set in the returned EC domain parameters when the 'named' format is requested.

Parameters:

params - EC domain parameters

format - requested EC domain parameter format

Returns:

EC domain parameters in the requested format

Throws:

UnsupportedECDomainException - if the 'named' format is requested and the provided EC domain parameter values do not match one of the supported 'named' EC domains

java.lang.IllegalArgumentException - if the EC domain parameters or the parameter format are not provided (missing)

Since:

8.0

getDomainName

public static ObjectID getDomainName(java.security.spec.ECParameterSpec params)
                              throws UnsupportedECDomainException

Determines the name of the EC domain defined by the provided set of EC domain parameters.

Parameters:

params - EC domain parameters

Returns:

the name of the EC domain

Throws:

UnsupportedECDomainException - if the provided EC domain parameter values do not match one of the supported 'named' EC domains

Since:

8.0

getInstance

public static EcParameterSpecWithName getInstance(ASN1Object params)
                                           throws CodingException

Returns EC domain parameters by decoding them from ASN.1 format.

All three EC domain parameter formats are supported ('specified', 'named', and 'implicitCA'. For 'named' EC domain parameters, only certain named EC domains are recognized and supported; refer to the class documentation of EcParameterFactory for a list of supported named EC domains and ASN.1 syntax. For 'implicitCA' EC domain parameters, a pre-configured set of EC domain parameter values is used; refer to setConfiguredImplicitCaParams(ECParameterSpec) for details.

Note: The EC domain parameters are returned in the format from which they were decoded.

Parameters:

params - the EC domain parameters in ASN.1 format

Returns:

EC domain parameters

Throws:

CodingException - if the ASN.1 object passed in does not represent a set of EC domain parameters in ASN.1 format

getInstance

public static EcParameterSpecWithName getInstance(ASN1Object params,
                                                  java.security.spec.ECParameterSpec configuredImplicitCaParams)
                                           throws CodingException

Returns EC domain parameters by decoding them from ASN.1 format (allows locally configured 'implicitCA' EC domain parameter values to be provided).

All three EC domain parameter formats are supported ('specified', 'named', and 'implicitCA'. For 'named' EC domain parameters, only certain named EC domains are recognized and supported; refer to the class documentation of EcParameterFactory for a list of supported named EC domains and ASN.1 syntax. For 'implicitCA' EC domain parameters, a pre-configured set of EC domain parameter values is used; refer to setConfiguredImplicitCaParams(ECParameterSpec) for details.

Note: The EC domain parameters are returned in the format from which they were decoded.

Parameters:

params - the EC domain parameters in ASN.1 format

configuredImplicitCaParams - locally configured 'implicitCA' EC domain parameter values (OPTIONAL)

Returns:

EC domain parameters

Throws:

CodingException - if the ASN.1 object passed in does not represent a set of EC domain parameters in ASN.1 format

Since:

8.0

getInstance

public static EcParameterSpecWithName getInstance(byte[] params)
                                           throws CodingException

Returns EC domain parameters by decoding them from DER encoded format.

All three EC domain parameter formats are supported ('specified', 'named', and 'implicitCA'. For 'named' EC domain parameters, only certain named EC domains are recognized and supported; refer to the class documentation of EcParameterFactory for a list of supported named EC domains and ASN.1 syntax. For 'implicitCA' EC domain parameters, a pre-configured set of EC domain parameter values is used; refer to setConfiguredImplicitCaParams(ECParameterSpec) for details.

Note: The EC domain parameters are returned in the format from which they were decoded.

Parameters:

params - the EC domain parameters in DER encoded format

Returns:

EC domain parameters

Throws:

CodingException - if the byte array passed in does not represent a set of EC domain parameters in DER encoded format

getInstance

public static EcParameterSpecWithName getInstance(byte[] params,
                                                  java.security.spec.ECParameterSpec configuredImplicitCaParams)
                                           throws CodingException

Returns EC domain parameters by decoding them from DER encoded format (allows locally configured 'implicitCA' EC domain parameter values to be provided).

All three EC domain parameter formats are supported ('specified', 'named', and 'implicitCA'. For 'named' EC domain parameters, only certain named EC domains are recognized and supported; refer to the class documentation of EcParameterFactory for a list of supported named EC domains and ASN.1 syntax. For 'implicitCA' EC domain parameters, a pre-configured set of EC domain parameter values is used; refer to setConfiguredImplicitCaParams(ECParameterSpec) for details.

Note: The EC domain parameters are returned in the format from which they were decoded.

Parameters:

params - the EC domain parameters in DER encoded format

configuredImplicitCaParams - locally configured 'implicitCA' EC domain parameter values (OPTIONAL)

Returns:

EC domain parameters

Throws:

CodingException - if the byte array passed in does not represent a set of EC domain parameters in DER encoded format

Since:

8.0

getConfiguredImplicitCaParams

public static EcParameterSpecWithName getConfiguredImplicitCaParams()

Provides access to the globally configured 'implicitCA' EC domain parameter values.

Returns:

the globally configured 'implicitCA' EC domain parameter values

Since:

8.0

See Also:

setConfiguredImplicitCaParams(ECParameterSpec)

setConfiguredImplicitCaParams

public static void setConfiguredImplicitCaParams(java.security.spec.ECParameterSpec configuredImplicitCaParams)

Sets the globally configured 'implicitCA' EC domain parameter values.

During decoding of EC domain parameters, when the 'implicitCA' format is encountered, this must be interpreted to mean a specific set of EC domain parameter values. There are multiple ways of indicating the set of EC domain parameter values for 'implicitCA'; this API provides one way of doing so.

The following logic is used during a decode operation when 'implicitCA' domain parameters are encountered to determine the actual EC domain parameter values that should be used:

1. If locally configured 'implictCA' EC domain parameter values have been provided, these values are used. In this case the 'implicitCA' EC domain parameters are provided by the caller to the decode operation; see getInstance(ASN1Object, ECParameterSpec).
2. If globally configured 'implictCA' EC domain parameter values have been set programmatically, these values are used. In this case the 'implicitCA' EC domain parameters are configured prior to the decode operation using this API.
3. If valid globally configured 'implictCA' named EC domain has been set through Java system properties, domain parameter values for this EC domain are used. In this case the 'implictCA' EC domain parameters are configured by setting the com.entrust.toolkit.security.crypto.ec.EcParameterFactory.configuredImplicitCaParamsDomainName Java system property to a valid EC domain name.
4. Otherwise the default set of 'implicitCA' EC domain parameters values are used; these parameters represent the P-256 EC domain.

Parameters:

configuredImplicitCaParams - the globally configured 'implicitCA' EC domain parameter values

Since:

8.0

getEllipticCurveInstance

public static java.security.spec.EllipticCurve getEllipticCurveInstance(java.security.spec.ECField field,
                                                                        java.math.BigInteger a,
                                                                        java.math.BigInteger b)

Instantiates an EllipticCurve with the specified elliptic curve field and the coefficients a and b; supports curves with zero coefficients.

This API works around the 'zero coefficient bug' in the EllipticCurve class by using the InternalEllipticCurve class instead to instantiate a curve that has a zero coefficient under JREs that contain the bug. For JREs that do not contain the bug, or curves that do not have a zero coefficient, EllipticCurve is still used.

Refer to InternalEllipticCurve for additional details on the 'zero coefficient bug'.

Parameters:

field - the finite field that this elliptic curve is over.

a - the first coefficient of this elliptic curve.

b - the second coefficient of this elliptic curve.

Returns:

the requested EllipticCurve instance.

Throws:

java.lang.NullPointerException - if field, a, or b is null.

java.lang.IllegalArgumentException - if a or b is not null and not in field.

getEllipticCurveInstance

public static java.security.spec.EllipticCurve getEllipticCurveInstance(java.security.spec.ECField field,
                                                                        java.math.BigInteger a,
                                                                        java.math.BigInteger b,
                                                                        byte[] seed)

Instantiates an EllipticCurve with the specified elliptic curve field, the coefficients a and b, and the seed used for curve generation; supports curves with zero coefficients.

This API works around the 'zero coefficient bug' in the EllipticCurve class by using the InternalEllipticCurve class instead to instantiate a curve that has a zero coefficient under JREs that contain the bug. For JREs that do not contain the bug, or curves that do not have a zero coefficient, EllipticCurve is still used.

Refer to InternalEllipticCurve for additional details on the 'zero coefficient bug'.

Parameters:

field - the finite field that this elliptic curve is over.

a - the first coefficient of this elliptic curve.

b - the second coefficient of this elliptic curve.

seed - the bytes used during curve generation for later validation. Contents of this array are copied to protect against subsequent modification.

Returns:

the requested EllipticCurve instance.

Throws:

java.lang.NullPointerException - if field, a, or b is null.

java.lang.IllegalArgumentException - if a or b is not null and not in field.

toASN1Object

public static ASN1Object toASN1Object(java.security.spec.ECParameterSpec params)

Converts EC domain parameters in ECParameterSpec representation to ASN.1 format.

EC domain parameters can be represented in ASN.1 format as in 'specified', 'named' or 'implicitCA' format. If the ECParameterSpec instance contains a format, then the format indicated is used (Note: EcParameterSpecWithName is an instance of ECParameterSpec that contains a format). Otherwise the 'specified' format is used.

Refer to the class documentation of EcParameterFactory for details on the ASN.1 format of EC domain parameters.

Parameters:

params - EC domain parameters

Returns:

the domain parameters in ASN.1 format

toASN1Object

public static ASN1Object toASN1Object(java.security.spec.ECParameterSpec params,
                                      boolean forceSpecified)

Converts EC domain parameters in ECParameterSpec representation to ASN.1 format.

EC domain parameters can be represented in ASN.1 in 'specified', 'named' or 'implicitCA' format. If the forceSpecified parameter is true, then regardless of the current EC domain parameter format, the EC domain parameters are encoded in 'specified' format. Otherwise, if the ECParameterSpec instance contains a format, then the format indicated is used (Note: EcParameterSpecWithName is an instance of ECParameterSpec that contains a format). Otherwise the 'specified' format is used.

Refer to refer to getInstance(ASN1Object) for details on the ASN.1 format of EC domain parameters.

Parameters:

params - EC domain parameters

forceSpecified - allows the caller to force the EC domain parameters to be encoded in 'specified' ASN.1 format regardless of their current format

Returns:

the domain parameters in ASN.1 format

getEncoded

public static byte[] getEncoded(java.security.spec.ECParameterSpec params)

Converts EC domain parameters in ECParameterSpec representation to DER encoded ASN.1 format.

EC domain parameters can be represented in ASN.1 format as in 'specified', 'named' or 'implicitCA' format. If the ECParameterSpec instance contains a format, then the format indicated is used (Note: EcParameterSpecWithName is an instance of ECParameterSpec that contains a format). Otherwise the 'specified' format is used.

Refer to the class documentation of EcParameterFactory for details on the ASN.1 format of EC domain parameters.

Parameters:

params - EC domain parameters

Returns:

the domain parameters in DER encoded ASN.1 format

getEncoded

public static byte[] getEncoded(java.security.spec.ECParameterSpec params,
                                boolean forceSpecified)

Converts EC domain parameters in ECParameterSpec representation to DER encoded ASN.1 format.

EC domain parameters can be represented in ASN.1 format as in 'specified', 'named' or 'implicitCA' format. If the forceSpecified parameter is true, then regardless of the current EC domain parameter format, the EC domain parameters are encoded in 'specified' format. Otherwise, if the ECParameterSpec instance contains a format, then the format indicated is used (Note: EcParameterSpecWithName is an instance of ECParameterSpec that contains a format). Otherwise the 'specified' format is used.

Refer to refer to getInstance(ASN1Object) for details on the ASN.1 format of EC domain parameters.

Parameters:

params - EC domain parameters

forceSpecified - allows the caller to force the EC domain parameters to be encoded in 'specified' ASN.1 format regardless of their current format

Returns:

the domain parameters in DER encoded ASN.1 format

isSameDomain

public static boolean isSameDomain(java.security.spec.ECParameterSpec params1,
                                   java.security.spec.ECParameterSpec params2)

Determines whether or not two sets of EC domain parameters (in Sun JCA format) define the same EC domain.

Two sets of EC domain parameters define the same EC domain if all the components they contain match. Only the specified domain components are used in the comparison (specifically: curve, generator, order, and cofactor); for EC domain parameters that also contain additional components (i.e. EcParameterSpecWithName can also contain a domain name, version indicator, and hash algorithm identifier), the additional components are NOT used in the comparison. Additionally, the seed component of the elliptic curve is also NOT used in the comparison.

Note:

The seed is an optional component of an EllipticCurve object. When present, it contains bytes that were used during the generation of the curve which can later be used to validate that the curve was generated in a certain manner (i.e. verifiably random). Thus, two EllipticCurve instances can contain different seed values and still represent the same curve (this would simply indicate that they were generated using different procedures).

Parameters:

params1 - a set of EC domain parameters in Sun JCA format

params2 - a second set of EC domain parameters in Sun JCA format

Returns:

true if the two sets of EC domain parameters define the same EC domain; false otherwise

Since:

8.0

getEntrustKeyType

public static java.lang.String getEntrustKeyType(java.security.spec.ECParameterSpec params)

Determines the Entrust key type for the provided set of EC domain parameters.

The Entrust key type for an EC key is of the form 'EC-<domainName>'; refer to the class documentation of EcParameterFactory for a list of the supported named EC domains and the Entrust key type associated with each. All other EC domains are considered unknown EC domains; the Entrust key type for these EC domains is constructed as follows:

'EC-unknown<domain type><domain size>'

where

<domain type>: P (prime), T (binary) <empty> (unknown)
<domain size>: integer representing the domain size in bits

For example, for an unknown prime (Fp) EC domain of 1024 bits, the Entrust key type would be 'EC-unknownP1024'. Similarly, for an unknown binary (F2m) EC domain of 763 bits, the Entrust key type would be 'EC-unknownT763'.

Parameters:

params - EC domain parameters

Returns:

the Entrust key type that corresponds to the EC domain parameters

Since:

8.0