com.entrust.toolkit.security.crypto.ec

Class EcdhKeyAgreement

java.lang.Object

javax.crypto.KeyAgreementSpi

com.entrust.toolkit.security.crypto.ec.EcdhKeyAgreement

Direct Known Subclasses:

EcdhCofactorKeyAgreement, EcdhStandardKeyAgreement

public abstract class EcdhKeyAgreement
extends javax.crypto.KeyAgreementSpi

The super-class of all Elliptic Diffie Hellman (ECDH) key agreement algorithms in Entrust's key agreement algorithm architecture; contains the common functionality used by Entrust's ECDH key agreement algorithms.

A key agreement algorithm allows two (or more) parties to each arrive at the same shared secret value without passing any private or secret information. Key agreement algorithms are typically used in key establishment protocols to allow multiple parties to agree upon a secret key that will be used to secure subsequent communication. Transport Layer Security (TLS) is one common protocol that uses ECDH for this purpose.

The security of the ECDH key agreement algorithm is based on elliptic curve cryptography. Consider two parties, each with an EC private key value d and each with an EC public key value Q = dG, where Q and G denote points on an elliptic curve, and d denotes an integer value. (The public and private key also contains a set of EC domain parameters, of which G is a member; ECDH requires that the public and private keys being used contain the same EC domain parameters). The ECDH key agreement algorithm is used as follows by these two parties to arrive at a shared secret value:

• User 1 sends their public key Q1 = d1G to User 2
• User 2 sends their public key Q2 = d2G to User 1
• User 1 computes the shared secret as ss = d1Q2 = d1(d2G)
• User 2 computes the shared secret as ss = d2Q1 = d2(d1G)

Notice that the two user's have arrived at the same secret value. This process is secure because it is computationally infeasible for another party, without access to either party's private key, to calculate the same shared secret value.

Before an EC key (public or private) is used, the EC domain parameters it contains are first validated; for additional details on the EC domain parameter validation routine, refer to EcParameterFactory. Before the result of a cryptographic operation involving an EC public key is returned, the public key is first validated; for additional details on the EC public key validation routine, refer to EcPublicKey.

This implementation supports curves in F_p (prime curves). For a list of the named curves that are supported, refer to EcParameterFactory. Point compression is not supported.

The following key types are currently supported:

• Standard EC public/private keys (software keys); instances of java.security.interfaces.ECPublicKey or java.security.interfaces.ECPrivateKey.
• Entrust ECDSA public/private keys (software keys); instances of ECDSAPublicKey or ECDSAPrivateKey.
• Entrust confined EC private keys (secure software keys); instances of EcConfinedPrivateKey.

One of the benefits of EC cryptography is that it is able to offer that same amount of security as RSA with much smaller key sizes. The following table compares the security offered by the RSA and EC cryptosystems (information is derived from NIST SP 800-57):

Bits of Security	RSA Key Size (in bits)	EC Key Size (in bits)
80	1024	160-223
112	2048	224-255
128	3072	256-383
192	7680	384-511
256	15360	512+

Another important aspect of EC is that performance scales well as the key size is increased. At current security levels (80-bits), EC does not offer a performance advantage over RSA. However, as requirements for increased keys sizes are introduced, EC does begin to offer performance advantages over RSA. NIST has recommended that by 2010, systems using RSA should migrate from 1024-bit keys to 2048-bits keys. At this security level, the performance advantage of EC begins to become more apparent, especially during key generation and private key operations.

FIPS 140-2:

This class is part of the Toolkit's FIPS 140-2 cryptographic module and contains APIs that are considered part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; refer to the API documentation for further details

Since:

8.0

See Also:

SP 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography

Method Summary

Methods

Modifier and Type	Method and Description
protected java.security.Key	engineDoPhase(java.security.Key key, boolean lastPhase) Executes the next phase of this key agreement with the given key that was received from one of the other parties involved in this key agreement.
protected byte[]	engineGenerateSecret() Generates the shared secret and returns it in a new buffer.
protected int	engineGenerateSecret(byte[] sharedSecret, int offset) Generates the shared secret, and places it into the buffer sharedSecret, beginning at offset inclusive.
protected javax.crypto.SecretKey	engineGenerateSecret(java.lang.String algorithm) Creates the shared secret and returns it as a secret key object of the requested algorithm type.
protected void	engineInit(java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random) Initializes this key agreement with the given key, set of algorithm parameters, and source of randomness.
protected void	engineInit(java.security.Key key, java.security.SecureRandom random) Initializes this key agreement with the given key and source of randomness.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

engineInit

protected final void engineInit(java.security.Key key,
              java.security.SecureRandom random)
                         throws java.security.InvalidKeyException

Initializes this key agreement with the given key and source of randomness. The given key is required to contain all the algorithm parameters required for this key agreement.

If the key agreement algorithm requires random bytes, it gets them from the given source of randomness, random. However, if the underlying algorithm implementation does not require any random bytes, random is ignored.

FIPS 140-2:

FIPS Service: Initialization

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call, parameters)
• data input interface (parameters)
• status output interface (exceptions)

Specified by:

engineInit in class javax.crypto.KeyAgreementSpi

Parameters:

key - [FIPS 140-2 data input] [FIPS 140-2 CSP] the party's private information. For example, in the case of the Diffie-Hellman key agreement, this would be the party's own Diffie-Hellman private key.

random - [FIPS 140-2 control input] the source of randomness

Throws:

java.security.InvalidKeyException - [FIPS 140-2 status output] if the given key is inappropriate for this key agreement, e.g., is of the wrong type or has an incompatible algorithm type.

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

engineInit

protected final void engineInit(java.security.Key key,
              java.security.spec.AlgorithmParameterSpec params,
              java.security.SecureRandom random)
                         throws java.security.InvalidAlgorithmParameterException,
                                java.security.InvalidKeyException

Initializes this key agreement with the given key, set of algorithm parameters, and source of randomness.

FIPS 140-2:

FIPS Service: Initialization

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call, parameters)
• data input interface (parameters)
• status output interface (exceptions)

Specified by:

engineInit in class javax.crypto.KeyAgreementSpi

Parameters:

key - [FIPS 140-2 data input] [FIPS 140-2 CSP] the party's private information. For example, in the case of the Diffie-Hellman key agreement, this would be the party's own Diffie-Hellman private key.

params - [FIPS 140-2 data input] the key agreement parameters

random - [FIPS 140-2 control input] the source of randomness

Throws:

java.security.InvalidKeyException - [FIPS 140-2 status output] if the given key is inappropriate for this key agreement, e.g., is of the wrong type or has an incompatible algorithm type.

java.security.InvalidAlgorithmParameterException - [FIPS 140-2 status output] if the given parameters are inappropriate for this key agreement.

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

engineDoPhase

protected final java.security.Key engineDoPhase(java.security.Key key,
                              boolean lastPhase)
                                         throws java.lang.IllegalStateException,
                                                java.security.InvalidKeyException

Executes the next phase of this key agreement with the given key that was received from one of the other parties involved in this key agreement.

FIPS 140-2:

FIPS Service: Key Agreement (scheme/primitive)

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call, parameters)
• data input interface (parameters)
• data output interface (return value)
• status output interface (exceptions)

Specified by:

engineDoPhase in class javax.crypto.KeyAgreementSpi

Parameters:

key - [FIPS 140-2 data input] [FIPS 140-2 CSP] the key for this phase. For example, in the case of Diffie-Hellman between 2 parties, this would be the other party's Diffie-Hellman public key.

lastPhase - [FIPS 140-2 control input] flag which indicates whether or not this is the last phase of this key agreement.

Returns:

[FIPS 140-2 data output] [FIPS 140-2 CSP] the (intermediate) key resulting from this phase, or null if this phase does not yield a key

Throws:

java.security.InvalidKeyException - [FIPS 140-2 status output] if the given key is inappropriate for this phase.

java.lang.IllegalStateException - [FIPS 140-2 status output] if this key agreement has not been initialized.

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

engineGenerateSecret

protected final javax.crypto.SecretKey engineGenerateSecret(java.lang.String algorithm)
                                                     throws java.security.InvalidKeyException,
                                                            java.security.NoSuchAlgorithmException,
                                                            java.lang.IllegalStateException

Creates the shared secret and returns it as a secret key object of the requested algorithm type.

This method resets this KeyAgreementSpi object, so that it can be reused for further key agreements. Unless this key agreement is reinitialized with one of the engineInit methods, the same private information and algorithm parameters will be used for subsequent key agreements.

FIPS 140-2:

FIPS Service: Key Agreement (scheme/primitive)

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call, parameters)
• data output interface (return value)
• status output interface (exceptions)

Specified by:

engineGenerateSecret in class javax.crypto.KeyAgreementSpi

Parameters:

algorithm - [FIPS 140-2 control input] the requested secret key algorithm

Returns:

[FIPS 140-2 data output] [FIPS 140-2 CSP] the shared secret key

Throws:

java.lang.IllegalStateException - [FIPS 140-2 status output] if this key agreement has not been completed yet

java.security.NoSuchAlgorithmException - [FIPS 140-2 status output] if the requested secret key algorithm is not available

java.security.InvalidKeyException - [FIPS 140-2 status output] if the shared secret key material cannot be used to generate a secret key of the requested algorithm type (e.g., the key material is too short)

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

engineGenerateSecret

protected final int engineGenerateSecret(byte[] sharedSecret,
                       int offset)
                                  throws javax.crypto.ShortBufferException,
                                         java.lang.IllegalStateException

Generates the shared secret, and places it into the buffer sharedSecret, beginning at offset inclusive.

If the sharedSecret buffer is too small to hold the result, a ShortBufferException is thrown. In this case, this call should be repeated with a larger output buffer.

This method resets this KeyAgreementSpi object, so that it can be reused for further key agreements. Unless this key agreement is reinitialized with one of the engineInit methods, the same private information and algorithm parameters will be used for subsequent key agreements.

FIPS 140-2:

FIPS Service: Key Agreement (scheme/primitive)

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• data input interface (parameters)
• data output interface (parameters, return value)
• status output interface (exceptions)

Specified by:

engineGenerateSecret in class javax.crypto.KeyAgreementSpi

Parameters:

sharedSecret - [FIPS 140-2 data output] [FIPS 140-2 CSP] the buffer for the shared secret

offset - [FIPS 140-2 data input] the offset in sharedSecret where the shared secret will be stored

Returns:

[FIPS 140-2 data output] the number of bytes placed into sharedSecret

Throws:

java.lang.IllegalStateException - [FIPS 140-2 status output] if this key agreement has not been completed yet

javax.crypto.ShortBufferException - [FIPS 140-2 status output] if the given output buffer is too small to hold the secret

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

engineGenerateSecret

protected final byte[] engineGenerateSecret()
                                     throws java.lang.IllegalStateException

Generates the shared secret and returns it in a new buffer.

This method resets this KeyAgreementSpi object, so that it can be reused for further key agreements. Unless this key agreement is reinitialized with one of the engineInit methods, the same private information and algorithm parameters will be used for subsequent key agreements.

FIPS 140-2:

FIPS Service: Key Agreement (scheme/primitive)

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• data output interface (return value)
• status output interface (exceptions)

Specified by:

engineGenerateSecret in class javax.crypto.KeyAgreementSpi

Returns:

[FIPS 140-2 data output] [FIPS 140-2 CSP] the new buffer with the shared secret

Throws:

java.lang.IllegalStateException - [FIPS 140-2 status output] if this key agreement has not been completed yet

Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations