package org.bouncycastle.jcajce.spec;
import java.security.spec.AlgorithmParameterSpec;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.util.Arrays;
/**
* Parameter spec for doing KTS based wrapping via the Cipher API.
*/
public class KTSParameterSpec
implements AlgorithmParameterSpec
{
private final String wrappingKeyAlgorithm;
private final int keySizeInBits;
private final AlgorithmParameterSpec parameterSpec;
private final AlgorithmIdentifier kdfAlgorithm;
private byte[] otherInfo;
/**
* Builder class for creating a KTSParameterSpec.
*/
public static final class Builder
{
private final String algorithmName;
private final int keySizeInBits;
private AlgorithmParameterSpec parameterSpec;
private AlgorithmIdentifier kdfAlgorithm;
private byte[] otherInfo;
/**
* Basic builder.
*
* @param algorithmName the algorithm name for the secret key we use for wrapping.
* @param keySizeInBits the size of the wrapping key we want to produce in bits.
*/
public Builder(String algorithmName, int keySizeInBits)
{
this(algorithmName, keySizeInBits, null);
}
/**
* Basic builder.
*
* @param algorithmName the algorithm name for the secret key we use for wrapping.
* @param keySizeInBits the size of the wrapping key we want to produce in bits.
* @param otherInfo the otherInfo/IV encoding to be applied to the KDF.
*/
public Builder(String algorithmName, int keySizeInBits, byte[] otherInfo)
{
this.algorithmName = algorithmName;
this.keySizeInBits = keySizeInBits;
this.kdfAlgorithm = new AlgorithmIdentifier(X9ObjectIdentifiers.id_kdf_kdf3, new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256));
this.otherInfo = (otherInfo == null) ? new byte[0] : Arrays.clone(otherInfo);
}
/**
* Set the algorithm parameter spec to be used with the wrapper.
*
* @param parameterSpec the algorithm parameter spec to be used in wrapping/unwrapping.
* @return the current Builder instance.
*/
public Builder withParameterSpec(AlgorithmParameterSpec parameterSpec)
{
this.parameterSpec = parameterSpec;
return this;
}
/**
* Set the KDF algorithm and digest algorithm for wrap key generation.
*
* @param kdfAlgorithm the KDF algorithm to apply.
* @return the current Builder instance.
*/
public Builder withKdfAlgorithm(AlgorithmIdentifier kdfAlgorithm)
{
this.kdfAlgorithm = kdfAlgorithm;
return this;
}
/**
* Build the new parameter spec.
*
* @return a new parameter spec configured according to the builder state.
*/
public KTSParameterSpec build()
{
return new KTSParameterSpec(algorithmName, keySizeInBits, parameterSpec, kdfAlgorithm, otherInfo);
}
}
private KTSParameterSpec(
String wrappingKeyAlgorithm, int keySizeInBits,
AlgorithmParameterSpec parameterSpec, AlgorithmIdentifier kdfAlgorithm, byte[] otherInfo)
{
this.wrappingKeyAlgorithm = wrappingKeyAlgorithm;
this.keySizeInBits = keySizeInBits;
this.parameterSpec = parameterSpec;
this.kdfAlgorithm = kdfAlgorithm;
this.otherInfo = otherInfo;
}
/**
* Return the name of the algorithm for the wrapping key this key spec should use.
*
* @return the key algorithm.
*/
public String getKeyAlgorithmName()
{
return wrappingKeyAlgorithm;
}
/**
* Return the size of the key (in bits) for the wrapping key this key spec should use.
*
* @return length in bits of the key to be calculated.
*/
public int getKeySize()
{
return keySizeInBits;
}
/**
* Return the algorithm parameter spec to be applied with the private key when the encapsulation is decrypted.
*
* @return the algorithm parameter spec to be used with the private key.
*/
public AlgorithmParameterSpec getParameterSpec()
{
return parameterSpec;
}
/**
* Return the AlgorithmIdentifier for the KDF to do key derivation after extracting the secret.
*
* @return the AlgorithmIdentifier for the SecretKeyFactory's KDF.
*/
public AlgorithmIdentifier getKdfAlgorithm()
{
return kdfAlgorithm;
}
/**
* Return the otherInfo data for initialising the KDF.
*
* @return the otherInfo data.
*/
public byte[] getOtherInfo()
{
return Arrays.clone(otherInfo);
}
}