2362N/A * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * KeyGenerator implementation class. This class currently supports 0N/A * DES, DESede, AES, ARCFOUR, and Blowfish. 0N/A * @author Andreas Sterbenz 0N/A // raw key size in bits, e.g. 64 for DES. Always valid. 0N/A // bits of entropy in the key, e.g. 56 for DES. Always valid. 0N/A // keyType (CKK_*), needed for TemplateManager call only. 0N/A // for determining if both 112 and 168 bits of DESede key lengths 150N/A * Utility method for checking if the specified key size is valid 150N/A * and within the supported range. Return the significant key size 150N/A * upon successful validation. 150N/A * @param keyGenMech the PKCS#11 key generation mechanism. 150N/A * @param keySize the to-be-checked key size for this mechanism. 150N/A * @param token token which provides this mechanism. 150N/A * @return the significant key size (in bits) corresponding to the 150N/A * @throws InvalidParameterException if the specified key size is invalid. 150N/A * @throws ProviderException if this mechanism isn't supported by SunPKCS11 150N/A * or underlying native impl. 150N/A (
"DES key length must be 56 bits");
150N/A (
"DESede key length must be 112, or 168 bits");
150N/A // Handle all variable-key-length algorithms here 150N/A // XXX Unable to retrieve the supported key length from 150N/A // the underlying native impl. Skip the checking for now. 150N/A // PKCS#11 defines these to be in number of bytes except for 150N/A // RC4 which is in bits. However, some PKCS#11 impls still use 150N/A // bytes for all mechs, e.g. NSS. We try to detect this 150N/A // inconsistency if the minKeySize seems unreasonably small. 150N/A // Explicitly disallow keys shorter than 40-bits for security 0N/A if CKM_DES2_KEY_GEN is used to construct this object, it 0N/A means that CKM_DES3_KEY_GEN is disabled or unsupported. 0N/A // set default keysize and also initialize keyType 0N/A (
"AlgorithmParameterSpec not supported");
150N/A // Adjust keyType to reflect the mechanism change 150N/A "-bit DESede is supported");
0N/A // fixed length, do not specify CKA_VALUE_LEN