1 /*
2 * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
152
153 // no IV, return null
154 // see JCE spec
155 protected byte[] engineGetIV() {
156 return null;
157 }
158
159 // no parameters, return null
160 // see JCE spec
161 protected AlgorithmParameters engineGetParameters() {
162 return null;
163 }
164
165 // see JCE spec
166 protected void engineInit(int opmode, Key key, SecureRandom random)
167 throws InvalidKeyException {
168 implInit(opmode, key);
169 }
170
171 // see JCE spec
172 protected void engineInit(int opmode, Key key,
173 AlgorithmParameterSpec params, SecureRandom random)
174 throws InvalidKeyException, InvalidAlgorithmParameterException {
175 if (params != null) {
176 if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) {
177 throw new InvalidAlgorithmParameterException(
178 "Parameters not supported");
179 }
180 spec = params;
181 this.random = random; // for TLS RSA premaster secret
182 }
183 implInit(opmode, key);
184 }
185
186 // see JCE spec
187 protected void engineInit(int opmode, Key key, AlgorithmParameters params,
188 SecureRandom random)
189 throws InvalidKeyException, InvalidAlgorithmParameterException {
190 if (params != null) {
191 throw new InvalidAlgorithmParameterException(
444 // should not occur
445 throw new InvalidKeyException("wrap() failed", bpe);
446 } finally {
447 // Restore original mode
448 implInit(Cipher.WRAP_MODE, p11Key);
449 }
450 }
451 Session s = null;
452 try {
453 s = token.getOpSession();
454 return token.p11.C_WrapKey(s.id(), new CK_MECHANISM(mechanism),
455 p11Key.keyID, sKey.keyID);
456 } catch (PKCS11Exception e) {
457 throw new InvalidKeyException("wrap() failed", e);
458 } finally {
459 token.releaseSession(s);
460 }
461 }
462
463 // see JCE spec
464 protected Key engineUnwrap(byte[] wrappedKey, String algorithm,
465 int type) throws InvalidKeyException, NoSuchAlgorithmException {
466
467 boolean isTlsRsaPremasterSecret =
468 algorithm.equals("TlsRsaPremasterSecret");
469 Exception failover = null;
470
471 SecureRandom secureRandom = random;
472 if (secureRandom == null && isTlsRsaPremasterSecret) {
473 secureRandom = new SecureRandom();
474 }
475
476 // Should C_Unwrap be preferred for non-TLS RSA premaster secret?
477 if (token.supportsRawSecretKeyImport()) {
478 // XXX implement unwrap using C_Unwrap() for all keys
479 implInit(Cipher.DECRYPT_MODE, p11Key);
480 if (wrappedKey.length > maxInputSize) {
481 throw new InvalidKeyException("Key is too long for unwrapping");
482 }
483
|
1 /*
2 * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
152
153 // no IV, return null
154 // see JCE spec
155 protected byte[] engineGetIV() {
156 return null;
157 }
158
159 // no parameters, return null
160 // see JCE spec
161 protected AlgorithmParameters engineGetParameters() {
162 return null;
163 }
164
165 // see JCE spec
166 protected void engineInit(int opmode, Key key, SecureRandom random)
167 throws InvalidKeyException {
168 implInit(opmode, key);
169 }
170
171 // see JCE spec
172 @SuppressWarnings("deprecation")
173 protected void engineInit(int opmode, Key key,
174 AlgorithmParameterSpec params, SecureRandom random)
175 throws InvalidKeyException, InvalidAlgorithmParameterException {
176 if (params != null) {
177 if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) {
178 throw new InvalidAlgorithmParameterException(
179 "Parameters not supported");
180 }
181 spec = params;
182 this.random = random; // for TLS RSA premaster secret
183 }
184 implInit(opmode, key);
185 }
186
187 // see JCE spec
188 protected void engineInit(int opmode, Key key, AlgorithmParameters params,
189 SecureRandom random)
190 throws InvalidKeyException, InvalidAlgorithmParameterException {
191 if (params != null) {
192 throw new InvalidAlgorithmParameterException(
445 // should not occur
446 throw new InvalidKeyException("wrap() failed", bpe);
447 } finally {
448 // Restore original mode
449 implInit(Cipher.WRAP_MODE, p11Key);
450 }
451 }
452 Session s = null;
453 try {
454 s = token.getOpSession();
455 return token.p11.C_WrapKey(s.id(), new CK_MECHANISM(mechanism),
456 p11Key.keyID, sKey.keyID);
457 } catch (PKCS11Exception e) {
458 throw new InvalidKeyException("wrap() failed", e);
459 } finally {
460 token.releaseSession(s);
461 }
462 }
463
464 // see JCE spec
465 @SuppressWarnings("deprecation")
466 protected Key engineUnwrap(byte[] wrappedKey, String algorithm,
467 int type) throws InvalidKeyException, NoSuchAlgorithmException {
468
469 boolean isTlsRsaPremasterSecret =
470 algorithm.equals("TlsRsaPremasterSecret");
471 Exception failover = null;
472
473 SecureRandom secureRandom = random;
474 if (secureRandom == null && isTlsRsaPremasterSecret) {
475 secureRandom = new SecureRandom();
476 }
477
478 // Should C_Unwrap be preferred for non-TLS RSA premaster secret?
479 if (token.supportsRawSecretKeyImport()) {
480 // XXX implement unwrap using C_Unwrap() for all keys
481 implInit(Cipher.DECRYPT_MODE, p11Key);
482 if (wrappedKey.length > maxInputSize) {
483 throw new InvalidKeyException("Key is too long for unwrapping");
484 }
485
|