14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.pkcs11;
27
28 import java.io.IOException;
29 import java.math.BigInteger;
30 import java.nio.ByteBuffer;
31
32 import java.security.*;
33 import java.security.interfaces.*;
34 import sun.nio.ch.DirectBuffer;
35
36 import sun.security.util.*;
37 import sun.security.x509.AlgorithmId;
38
39 import sun.security.rsa.RSASignature;
40 import sun.security.rsa.RSAPadding;
41
42 import sun.security.pkcs11.wrapper.*;
43 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
44 import sun.security.util.KeyUtil;
45
46 /**
47 * Signature implementation class. This class currently supports the
48 * following algorithms:
49 *
50 * . DSA
51 * . NONEwithDSA (RawDSA)
52 * . SHA1withDSA
53 * . NONEwithDSAinP1363Format (RawDSAinP1363Format)
417 } else if (algorithm.equals("SHA1withRSA")) {
418 encodedLength = 35;
419 } else if (algorithm.equals("SHA224withRSA")) {
420 encodedLength = 47;
421 } else if (algorithm.equals("SHA256withRSA")) {
422 encodedLength = 51;
423 } else if (algorithm.equals("SHA384withRSA")) {
424 encodedLength = 67;
425 } else if (algorithm.equals("SHA512withRSA")) {
426 encodedLength = 83;
427 } else {
428 throw new ProviderException("Unknown signature algo: " + algorithm);
429 }
430 if (encodedLength > maxDataSize) {
431 throw new InvalidKeyException
432 ("Key is too short for this signature algorithm");
433 }
434 }
435
436 // see JCA spec
437 protected void engineInitVerify(PublicKey publicKey)
438 throws InvalidKeyException {
439 if (publicKey == null) {
440 throw new InvalidKeyException("Key must not be null");
441 }
442 // Need to check key length whenever a new key is set
443 if (publicKey != p11Key) {
444 checkKeySize(keyAlgorithm, publicKey);
445 }
446 cancelOperation();
447 mode = M_VERIFY;
448 p11Key = P11KeyFactory.convertKey(token, publicKey, keyAlgorithm);
449 initialize();
450 }
451
452 // see JCA spec
453 protected void engineInitSign(PrivateKey privateKey)
454 throws InvalidKeyException {
455 if (privateKey == null) {
456 throw new InvalidKeyException("Key must not be null");
457 }
458 // Need to check RSA key length whenever a new key is set
459 if (privateKey != p11Key) {
460 checkKeySize(keyAlgorithm, privateKey);
461 }
462 cancelOperation();
463 mode = M_SIGN;
464 p11Key = P11KeyFactory.convertKey(token, privateKey, keyAlgorithm);
465 initialize();
466 }
467
468 // see JCA spec
469 protected void engineUpdate(byte b) throws SignatureException {
470 ensureInitialized();
471 switch (type) {
472 case T_UPDATE:
473 buffer[0] = b;
474 engineUpdate(buffer, 0, 1);
475 break;
476 case T_DIGEST:
477 md.update(b);
478 bytesProcessed++;
479 break;
480 case T_RAW:
481 if (bytesProcessed >= buffer.length) {
482 bytesProcessed = buffer.length + 1;
483 return;
484 }
485 buffer[bytesProcessed++] = b;
486 break;
487 default:
488 throw new ProviderException("Internal error");
489 }
490 }
491
492 // see JCA spec
493 protected void engineUpdate(byte[] b, int ofs, int len)
494 throws SignatureException {
495 ensureInitialized();
496 if (len == 0) {
497 return;
498 }
499 switch (type) {
500 case T_UPDATE:
501 try {
502 if (mode == M_SIGN) {
503 token.p11.C_SignUpdate(session.id(), 0, b, ofs, len);
504 } else {
505 token.p11.C_VerifyUpdate(session.id(), 0, b, ofs, len);
506 }
507 bytesProcessed += len;
508 } catch (PKCS11Exception e) {
509 throw new ProviderException(e);
510 }
511 break;
512 case T_DIGEST:
513 md.update(b, ofs, len);
514 bytesProcessed += len;
515 break;
516 case T_RAW:
517 if (bytesProcessed + len > buffer.length) {
518 bytesProcessed = buffer.length + 1;
519 return;
520 }
521 System.arraycopy(b, ofs, buffer, bytesProcessed, len);
522 bytesProcessed += len;
523 break;
524 default:
525 throw new ProviderException("Internal error");
526 }
527 }
528
529 // see JCA spec
530 protected void engineUpdate(ByteBuffer byteBuffer) {
531 ensureInitialized();
532 int len = byteBuffer.remaining();
533 if (len <= 0) {
534 return;
535 }
536 switch (type) {
537 case T_UPDATE:
538 if (byteBuffer instanceof DirectBuffer == false) {
539 // cannot do better than default impl
540 super.engineUpdate(byteBuffer);
541 return;
542 }
543 long addr = ((DirectBuffer)byteBuffer).address();
544 int ofs = byteBuffer.position();
545 try {
546 if (mode == M_SIGN) {
547 token.p11.C_SignUpdate
548 (session.id(), addr + ofs, null, 0, len);
549 } else {
557 }
558 break;
559 case T_DIGEST:
560 md.update(byteBuffer);
561 bytesProcessed += len;
562 break;
563 case T_RAW:
564 if (bytesProcessed + len > buffer.length) {
565 bytesProcessed = buffer.length + 1;
566 return;
567 }
568 byteBuffer.get(buffer, bytesProcessed, len);
569 bytesProcessed += len;
570 break;
571 default:
572 throw new ProviderException("Internal error");
573 }
574 }
575
576 // see JCA spec
577 protected byte[] engineSign() throws SignatureException {
578 ensureInitialized();
579 try {
580 byte[] signature;
581 if (type == T_UPDATE) {
582 int len = keyAlgorithm.equals("DSA") ? 40 : 0;
583 signature = token.p11.C_SignFinal(session.id(), len);
584 } else {
585 byte[] digest;
586 if (type == T_DIGEST) {
587 digest = md.digest();
588 } else { // T_RAW
589 if (mechanism == CKM_DSA) {
590 if (bytesProcessed != buffer.length) {
591 throw new SignatureException
592 ("Data for RawDSA must be exactly 20 bytes long");
593 }
594 digest = buffer;
595 } else { // CKM_ECDSA
596 if (bytesProcessed > buffer.length) {
616 return signature;
617 } else {
618 if (p1363Format) {
619 return signature;
620 } else {
621 return dsaToASN1(signature);
622 }
623 }
624 } catch (PKCS11Exception pe) {
625 throw new ProviderException(pe);
626 } catch (SignatureException | ProviderException e) {
627 cancelOperation();
628 throw e;
629 } finally {
630 initialized = false;
631 session = token.releaseSession(session);
632 }
633 }
634
635 // see JCA spec
636 protected boolean engineVerify(byte[] signature) throws SignatureException {
637 ensureInitialized();
638 try {
639 if (!p1363Format) {
640 if (keyAlgorithm.equals("DSA")) {
641 signature = asn1ToDSA(signature);
642 } else if (keyAlgorithm.equals("EC")) {
643 signature = asn1ToECDSA(signature);
644 }
645 }
646 if (type == T_UPDATE) {
647 token.p11.C_VerifyFinal(session.id(), signature);
648 } else {
649 byte[] digest;
650 if (type == T_DIGEST) {
651 digest = md.digest();
652 } else { // T_RAW
653 if (mechanism == CKM_DSA) {
654 if (bytesProcessed != buffer.length) {
655 throw new SignatureException
807 int n = b.length;
808 if (n == len) {
809 return b;
810 }
811 if ((n == len + 1) && (b[0] == 0)) {
812 byte[] t = new byte[len];
813 System.arraycopy(b, 1, t, 0, len);
814 return t;
815 }
816 if (n > len) {
817 return null;
818 }
819 // must be smaller
820 byte[] t = new byte[len];
821 System.arraycopy(b, 0, t, (len - n), n);
822 return t;
823 }
824
825 // see JCA spec
826 @SuppressWarnings("deprecation")
827 protected void engineSetParameter(String param, Object value)
828 throws InvalidParameterException {
829 throw new UnsupportedOperationException("setParameter() not supported");
830 }
831
832 // see JCA spec
833 @SuppressWarnings("deprecation")
834 protected Object engineGetParameter(String param)
835 throws InvalidParameterException {
836 throw new UnsupportedOperationException("getParameter() not supported");
837 }
838 }
|
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.pkcs11;
27
28 import java.io.IOException;
29 import java.math.BigInteger;
30 import java.nio.ByteBuffer;
31
32 import java.security.*;
33 import java.security.interfaces.*;
34 import java.security.spec.AlgorithmParameterSpec;
35 import sun.nio.ch.DirectBuffer;
36
37 import sun.security.util.*;
38 import sun.security.x509.AlgorithmId;
39
40 import sun.security.rsa.RSASignature;
41 import sun.security.rsa.RSAPadding;
42
43 import sun.security.pkcs11.wrapper.*;
44 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
45 import sun.security.util.KeyUtil;
46
47 /**
48 * Signature implementation class. This class currently supports the
49 * following algorithms:
50 *
51 * . DSA
52 * . NONEwithDSA (RawDSA)
53 * . SHA1withDSA
54 * . NONEwithDSAinP1363Format (RawDSAinP1363Format)
418 } else if (algorithm.equals("SHA1withRSA")) {
419 encodedLength = 35;
420 } else if (algorithm.equals("SHA224withRSA")) {
421 encodedLength = 47;
422 } else if (algorithm.equals("SHA256withRSA")) {
423 encodedLength = 51;
424 } else if (algorithm.equals("SHA384withRSA")) {
425 encodedLength = 67;
426 } else if (algorithm.equals("SHA512withRSA")) {
427 encodedLength = 83;
428 } else {
429 throw new ProviderException("Unknown signature algo: " + algorithm);
430 }
431 if (encodedLength > maxDataSize) {
432 throw new InvalidKeyException
433 ("Key is too short for this signature algorithm");
434 }
435 }
436
437 // see JCA spec
438 @Override
439 protected void engineInitVerify(PublicKey publicKey)
440 throws InvalidKeyException {
441 if (publicKey == null) {
442 throw new InvalidKeyException("Key must not be null");
443 }
444 // Need to check key length whenever a new key is set
445 if (publicKey != p11Key) {
446 checkKeySize(keyAlgorithm, publicKey);
447 }
448 cancelOperation();
449 mode = M_VERIFY;
450 p11Key = P11KeyFactory.convertKey(token, publicKey, keyAlgorithm);
451 initialize();
452 }
453
454 // see JCA spec
455 @Override
456 protected void engineInitSign(PrivateKey privateKey)
457 throws InvalidKeyException {
458 if (privateKey == null) {
459 throw new InvalidKeyException("Key must not be null");
460 }
461 // Need to check RSA key length whenever a new key is set
462 if (privateKey != p11Key) {
463 checkKeySize(keyAlgorithm, privateKey);
464 }
465 cancelOperation();
466 mode = M_SIGN;
467 p11Key = P11KeyFactory.convertKey(token, privateKey, keyAlgorithm);
468 initialize();
469 }
470
471 // see JCA spec
472 @Override
473 protected void engineUpdate(byte b) throws SignatureException {
474 ensureInitialized();
475 switch (type) {
476 case T_UPDATE:
477 buffer[0] = b;
478 engineUpdate(buffer, 0, 1);
479 break;
480 case T_DIGEST:
481 md.update(b);
482 bytesProcessed++;
483 break;
484 case T_RAW:
485 if (bytesProcessed >= buffer.length) {
486 bytesProcessed = buffer.length + 1;
487 return;
488 }
489 buffer[bytesProcessed++] = b;
490 break;
491 default:
492 throw new ProviderException("Internal error");
493 }
494 }
495
496 // see JCA spec
497 @Override
498 protected void engineUpdate(byte[] b, int ofs, int len)
499 throws SignatureException {
500 ensureInitialized();
501 if (len == 0) {
502 return;
503 }
504 switch (type) {
505 case T_UPDATE:
506 try {
507 if (mode == M_SIGN) {
508 token.p11.C_SignUpdate(session.id(), 0, b, ofs, len);
509 } else {
510 token.p11.C_VerifyUpdate(session.id(), 0, b, ofs, len);
511 }
512 bytesProcessed += len;
513 } catch (PKCS11Exception e) {
514 throw new ProviderException(e);
515 }
516 break;
517 case T_DIGEST:
518 md.update(b, ofs, len);
519 bytesProcessed += len;
520 break;
521 case T_RAW:
522 if (bytesProcessed + len > buffer.length) {
523 bytesProcessed = buffer.length + 1;
524 return;
525 }
526 System.arraycopy(b, ofs, buffer, bytesProcessed, len);
527 bytesProcessed += len;
528 break;
529 default:
530 throw new ProviderException("Internal error");
531 }
532 }
533
534 // see JCA spec
535 @Override
536 protected void engineUpdate(ByteBuffer byteBuffer) {
537 ensureInitialized();
538 int len = byteBuffer.remaining();
539 if (len <= 0) {
540 return;
541 }
542 switch (type) {
543 case T_UPDATE:
544 if (byteBuffer instanceof DirectBuffer == false) {
545 // cannot do better than default impl
546 super.engineUpdate(byteBuffer);
547 return;
548 }
549 long addr = ((DirectBuffer)byteBuffer).address();
550 int ofs = byteBuffer.position();
551 try {
552 if (mode == M_SIGN) {
553 token.p11.C_SignUpdate
554 (session.id(), addr + ofs, null, 0, len);
555 } else {
563 }
564 break;
565 case T_DIGEST:
566 md.update(byteBuffer);
567 bytesProcessed += len;
568 break;
569 case T_RAW:
570 if (bytesProcessed + len > buffer.length) {
571 bytesProcessed = buffer.length + 1;
572 return;
573 }
574 byteBuffer.get(buffer, bytesProcessed, len);
575 bytesProcessed += len;
576 break;
577 default:
578 throw new ProviderException("Internal error");
579 }
580 }
581
582 // see JCA spec
583 @Override
584 protected byte[] engineSign() throws SignatureException {
585 ensureInitialized();
586 try {
587 byte[] signature;
588 if (type == T_UPDATE) {
589 int len = keyAlgorithm.equals("DSA") ? 40 : 0;
590 signature = token.p11.C_SignFinal(session.id(), len);
591 } else {
592 byte[] digest;
593 if (type == T_DIGEST) {
594 digest = md.digest();
595 } else { // T_RAW
596 if (mechanism == CKM_DSA) {
597 if (bytesProcessed != buffer.length) {
598 throw new SignatureException
599 ("Data for RawDSA must be exactly 20 bytes long");
600 }
601 digest = buffer;
602 } else { // CKM_ECDSA
603 if (bytesProcessed > buffer.length) {
623 return signature;
624 } else {
625 if (p1363Format) {
626 return signature;
627 } else {
628 return dsaToASN1(signature);
629 }
630 }
631 } catch (PKCS11Exception pe) {
632 throw new ProviderException(pe);
633 } catch (SignatureException | ProviderException e) {
634 cancelOperation();
635 throw e;
636 } finally {
637 initialized = false;
638 session = token.releaseSession(session);
639 }
640 }
641
642 // see JCA spec
643 @Override
644 protected boolean engineVerify(byte[] signature) throws SignatureException {
645 ensureInitialized();
646 try {
647 if (!p1363Format) {
648 if (keyAlgorithm.equals("DSA")) {
649 signature = asn1ToDSA(signature);
650 } else if (keyAlgorithm.equals("EC")) {
651 signature = asn1ToECDSA(signature);
652 }
653 }
654 if (type == T_UPDATE) {
655 token.p11.C_VerifyFinal(session.id(), signature);
656 } else {
657 byte[] digest;
658 if (type == T_DIGEST) {
659 digest = md.digest();
660 } else { // T_RAW
661 if (mechanism == CKM_DSA) {
662 if (bytesProcessed != buffer.length) {
663 throw new SignatureException
815 int n = b.length;
816 if (n == len) {
817 return b;
818 }
819 if ((n == len + 1) && (b[0] == 0)) {
820 byte[] t = new byte[len];
821 System.arraycopy(b, 1, t, 0, len);
822 return t;
823 }
824 if (n > len) {
825 return null;
826 }
827 // must be smaller
828 byte[] t = new byte[len];
829 System.arraycopy(b, 0, t, (len - n), n);
830 return t;
831 }
832
833 // see JCA spec
834 @SuppressWarnings("deprecation")
835 @Override
836 protected void engineSetParameter(String param, Object value)
837 throws InvalidParameterException {
838 throw new UnsupportedOperationException("setParameter() not supported");
839 }
840
841 // see JCA spec
842 @Override
843 protected void engineSetParameter(AlgorithmParameterSpec params)
844 throws InvalidAlgorithmParameterException {
845 if (params != null) {
846 throw new InvalidAlgorithmParameterException("No parameter accepted");
847 }
848 }
849
850 // see JCA spec
851 @SuppressWarnings("deprecation")
852 @Override
853 protected Object engineGetParameter(String param)
854 throws InvalidParameterException {
855 throw new UnsupportedOperationException("getParameter() not supported");
856 }
857
858 // see JCA spec
859 @Override
860 protected AlgorithmParameters engineGetParameters() {
861 return null;
862 }
863 }
|