< prev index next >
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java
Print this page
*** 261,295 ****
if (algorithm.endsWith("inP1363Format")) {
this.p1363Format = true;
}
}
! private void ensureInitialized() {
! token.ensureValid();
! if (initialized == false) {
! initialize();
! }
! }
!
! private void cancelOperation() {
! token.ensureValid();
! if (initialized == false) {
return;
}
initialized = false;
! if ((session == null) || (token.explicitCancel == false)) {
return;
}
if (session.hasObjects() == false) {
session = token.killSession(session);
return;
! }
! try {
// "cancel" operation by finishing it
// XXX make sure all this always works correctly
- if (mode == M_SIGN) {
try {
if (type == T_UPDATE) {
token.p11.C_SignFinal(session.id(), 0);
} else {
byte[] digest;
if (type == T_DIGEST) {
--- 261,299 ----
if (algorithm.endsWith("inP1363Format")) {
this.p1363Format = true;
}
}
! // reset the states to the pre-initialized values
! private void reset(boolean doCancel) {
! if (!initialized) {
return;
}
initialized = false;
! try {
! if (session == null) {
return;
}
+ if (doCancel && token.explicitCancel) {
+ cancelOperation();
+ }
+ } finally {
+ p11Key.decNativeKeyRef();
+ session = token.releaseSession(session);
+ }
+ }
+
+ private void cancelOperation() {
+ token.ensureValid();
if (session.hasObjects() == false) {
session = token.killSession(session);
return;
! } else {
// "cancel" operation by finishing it
// XXX make sure all this always works correctly
try {
+ if (mode == M_SIGN) {
if (type == T_UPDATE) {
token.p11.C_SignFinal(session.id(), 0);
} else {
byte[] digest;
if (type == T_DIGEST) {
*** 297,311 ****
} else { // T_RAW
digest = buffer;
}
token.p11.C_Sign(session.id(), digest);
}
- } catch (PKCS11Exception e) {
- throw new ProviderException("cancel failed", e);
- }
} else { // M_VERIFY
- try {
byte[] signature;
if (keyAlgorithm.equals("DSA")) {
signature = new byte[40];
} else {
signature = new byte[(p11Key.length() + 7) >> 3];
--- 301,311 ----
*** 319,340 ****
} else { // T_RAW
digest = buffer;
}
token.p11.C_Verify(session.id(), digest, signature);
}
- } catch (PKCS11Exception e) {
- // will fail since the signature is incorrect
- // XXX check error code
}
}
- } finally {
- session = token.releaseSession(session);
}
}
// assumes current state is initialized == false
! private void initialize() {
try {
if (session == null) {
session = token.getOpSession();
}
if (mode == M_SIGN) {
--- 319,347 ----
} else { // T_RAW
digest = buffer;
}
token.p11.C_Verify(session.id(), digest, signature);
}
}
+ } catch (PKCS11Exception e) {
+ throw new ProviderException("cancel failed", e);
}
}
}
// assumes current state is initialized == false
! private void ensureInitialized() {
! if (initialized) {
! return;
! }
! if (p11Key == null) {
! throw new ProviderException(
! "Operation cannot be performed without calling engineInit first");
! }
! try {
! token.ensureValid();
! p11Key.incNativeKeyRef();
try {
if (session == null) {
session = token.getOpSession();
}
if (mode == M_SIGN) {
*** 342,362 ****
new CK_MECHANISM(mechanism), p11Key.keyID);
} else {
token.p11.C_VerifyInit(session.id(),
new CK_MECHANISM(mechanism), p11Key.keyID);
}
! initialized = true;
! } catch (PKCS11Exception e) {
! // release session when initialization failed
session = token.releaseSession(session);
! throw new ProviderException("Initialization failed", e);
}
! if (bytesProcessed != 0) {
! bytesProcessed = 0;
! if (md != null) {
md.reset();
}
}
}
private void checkKeySize(String keyAlgo, Key key)
throws InvalidKeyException {
--- 349,370 ----
new CK_MECHANISM(mechanism), p11Key.keyID);
} else {
token.p11.C_VerifyInit(session.id(),
new CK_MECHANISM(mechanism), p11Key.keyID);
}
! } catch (Throwable t) {
! p11Key.decNativeKeyRef();
session = token.releaseSession(session);
! throw t;
}
! initialized = true;
! if (bytesProcessed != 0 && md != null) {
md.reset();
}
+ bytesProcessed = 0;
+ } catch (PKCS11Exception e) {
+ throw new ProviderException("Initialization failed", e);
}
}
private void checkKeySize(String keyAlgo, Key key)
throws InvalidKeyException {
*** 449,462 ****
}
// Need to check key length whenever a new key is set
if (publicKey != p11Key) {
checkKeySize(keyAlgorithm, publicKey);
}
! cancelOperation();
mode = M_VERIFY;
p11Key = P11KeyFactory.convertKey(token, publicKey, keyAlgorithm);
! initialize();
}
// see JCA spec
@Override
protected void engineInitSign(PrivateKey privateKey)
--- 457,470 ----
}
// Need to check key length whenever a new key is set
if (publicKey != p11Key) {
checkKeySize(keyAlgorithm, publicKey);
}
! reset(true);
mode = M_VERIFY;
p11Key = P11KeyFactory.convertKey(token, publicKey, keyAlgorithm);
! ensureInitialized();
}
// see JCA spec
@Override
protected void engineInitSign(PrivateKey privateKey)
*** 466,479 ****
}
// Need to check RSA key length whenever a new key is set
if (privateKey != p11Key) {
checkKeySize(keyAlgorithm, privateKey);
}
! cancelOperation();
mode = M_SIGN;
p11Key = P11KeyFactory.convertKey(token, privateKey, keyAlgorithm);
! initialize();
}
// see JCA spec
@Override
protected void engineUpdate(byte b) throws SignatureException {
--- 474,487 ----
}
// Need to check RSA key length whenever a new key is set
if (privateKey != p11Key) {
checkKeySize(keyAlgorithm, privateKey);
}
! reset(true);
mode = M_SIGN;
p11Key = P11KeyFactory.convertKey(token, privateKey, keyAlgorithm);
! ensureInitialized();
}
// see JCA spec
@Override
protected void engineUpdate(byte b) throws SignatureException {
*** 515,526 ****
} else {
token.p11.C_VerifyUpdate(session.id(), 0, b, ofs, len);
}
bytesProcessed += len;
} catch (PKCS11Exception e) {
! initialized = false;
! session = token.releaseSession(session);
throw new ProviderException(e);
}
break;
case T_DIGEST:
md.update(b, ofs, len);
--- 523,533 ----
} else {
token.p11.C_VerifyUpdate(session.id(), 0, b, ofs, len);
}
bytesProcessed += len;
} catch (PKCS11Exception e) {
! reset(true);
throw new ProviderException(e);
}
break;
case T_DIGEST:
md.update(b, ofs, len);
*** 639,653 ****
}
}
} catch (PKCS11Exception pe) {
throw new ProviderException(pe);
} catch (SignatureException | ProviderException e) {
! cancelOperation();
throw e;
} finally {
! initialized = false;
! session = token.releaseSession(session);
}
}
// see JCA spec
@Override
--- 646,659 ----
}
}
} catch (PKCS11Exception pe) {
throw new ProviderException(pe);
} catch (SignatureException | ProviderException e) {
! reset(true);
throw e;
} finally {
! reset(false);
}
}
// see JCA spec
@Override
*** 708,722 ****
if (errorCode == CKR_DATA_LEN_RANGE) {
return false;
}
throw new ProviderException(pe);
} catch (SignatureException | ProviderException e) {
! cancelOperation();
throw e;
} finally {
! initialized = false;
! session = token.releaseSession(session);
}
}
private byte[] pkcs1Pad(byte[] data) {
try {
--- 714,727 ----
if (errorCode == CKR_DATA_LEN_RANGE) {
return false;
}
throw new ProviderException(pe);
} catch (SignatureException | ProviderException e) {
! reset(true);
throw e;
} finally {
! reset(false);
}
}
private byte[] pkcs1Pad(byte[] data) {
try {
< prev index next >