1 /*
   2  * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.pkcs11;
  27 
  28 import java.util.*;
  29 import java.nio.ByteBuffer;
  30 
  31 import java.security.*;
  32 
  33 import javax.crypto.SecretKey;
  34 
  35 import sun.nio.ch.DirectBuffer;
  36 


  37 import sun.security.pkcs11.wrapper.*;
  38 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
  39 
  40 /**
  41  * MessageDigest implementation class. This class currently supports
  42  * MD2, MD5, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512.
  43  *
  44  * Note that many digest operations are on fairly small amounts of data
  45  * (less than 100 bytes total). For example, the 2nd hashing in HMAC or
  46  * the PRF in TLS. In order to speed those up, we use some buffering to
  47  * minimize number of the Java->native transitions.
  48  *
  49  * @author  Andreas Sterbenz
  50  * @since   1.5
  51  */
  52 final class P11Digest extends MessageDigestSpi implements Cloneable {

  53 
  54     /* fields initialized, no session acquired */
  55     private final static int S_BLANK    = 1;
  56 
  57     /* data in buffer, session acquired, but digest not initialized */
  58     private final static int S_BUFFERED = 2;
  59 
  60     /* session initialized for digesting */
  61     private final static int S_INIT     = 3;
  62 
  63     private final static int BUFFER_SIZE = 96;
  64 
  65     // token instance
  66     private final Token token;
  67 
  68     // algorithm name
  69     private final String algorithm;
  70 
  71     // mechanism id object
  72     private final CK_MECHANISM mechanism;

 216             if ((bufOfs != 0) && (bufOfs + len > buffer.length)) {
 217                 // process the buffered data
 218                 token.p11.C_DigestUpdate(session.id(), 0, buffer, 0, bufOfs);
 219                 bufOfs = 0;
 220             }
 221             if (bufOfs + len > buffer.length) {
 222                 // process the new data
 223                 token.p11.C_DigestUpdate(session.id(), 0, in, ofs, len);
 224              } else {
 225                 // buffer the new data
 226                 System.arraycopy(in, ofs, buffer, bufOfs, len);
 227                 bufOfs += len;
 228             }
 229         } catch (PKCS11Exception e) {
 230             engineReset();
 231             throw new ProviderException("update() failed", e);
 232         }
 233     }
 234 
 235     // Called by SunJSSE via reflection during the SSL 3.0 handshake if
 236     // the master secret is sensitive. We may want to consider making this
 237     // method public in a future release.
 238     protected void implUpdate(SecretKey key) throws InvalidKeyException {
 239 

 240         // SunJSSE calls this method only if the key does not have a RAW
 241         // encoding, i.e. if it is sensitive. Therefore, no point in calling
 242         // SecretKeyFactory to try to convert it. Just verify it ourselves.
 243         if (key instanceof P11Key == false) {
 244             throw new InvalidKeyException("Not a P11Key: " + key);
 245         }
 246         P11Key p11Key = (P11Key)key;
 247         if (p11Key.token != token) {
 248             throw new InvalidKeyException("Not a P11Key of this provider: " +
 249                     key);
 250         }
 251 
 252         fetchSession();
 253         try {
 254             if (state == S_BUFFERED) {
 255                 token.p11.C_DigestInit(session.id(), mechanism);
 256                 state = S_INIT;
 257             }
 258 
 259             if (bufOfs != 0) {

   1 /*
   2  * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.pkcs11;
  27 
  28 import java.util.*;
  29 import java.nio.ByteBuffer;
  30 
  31 import java.security.*;
  32 
  33 import javax.crypto.SecretKey;
  34 
  35 import sun.nio.ch.DirectBuffer;
  36 
  37 import sun.security.util.MessageDigestSpi2;
  38 
  39 import sun.security.pkcs11.wrapper.*;
  40 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
  41 
  42 /**
  43  * MessageDigest implementation class. This class currently supports
  44  * MD2, MD5, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512.
  45  *
  46  * Note that many digest operations are on fairly small amounts of data
  47  * (less than 100 bytes total). For example, the 2nd hashing in HMAC or
  48  * the PRF in TLS. In order to speed those up, we use some buffering to
  49  * minimize number of the Java->native transitions.
  50  *
  51  * @author  Andreas Sterbenz
  52  * @since   1.5
  53  */
  54 final class P11Digest extends MessageDigestSpi implements Cloneable,
  55     MessageDigestSpi2 {
  56 
  57     /* fields initialized, no session acquired */
  58     private final static int S_BLANK    = 1;
  59 
  60     /* data in buffer, session acquired, but digest not initialized */
  61     private final static int S_BUFFERED = 2;
  62 
  63     /* session initialized for digesting */
  64     private final static int S_INIT     = 3;
  65 
  66     private final static int BUFFER_SIZE = 96;
  67 
  68     // token instance
  69     private final Token token;
  70 
  71     // algorithm name
  72     private final String algorithm;
  73 
  74     // mechanism id object
  75     private final CK_MECHANISM mechanism;

 219             if ((bufOfs != 0) && (bufOfs + len > buffer.length)) {
 220                 // process the buffered data
 221                 token.p11.C_DigestUpdate(session.id(), 0, buffer, 0, bufOfs);
 222                 bufOfs = 0;
 223             }
 224             if (bufOfs + len > buffer.length) {
 225                 // process the new data
 226                 token.p11.C_DigestUpdate(session.id(), 0, in, ofs, len);
 227              } else {
 228                 // buffer the new data
 229                 System.arraycopy(in, ofs, buffer, bufOfs, len);
 230                 bufOfs += len;
 231             }
 232         } catch (PKCS11Exception e) {
 233             engineReset();
 234             throw new ProviderException("update() failed", e);
 235         }
 236     }
 237 
 238     // Called by SunJSSE via reflection during the SSL 3.0 handshake if
 239     // the master secret is sensitive.
 240     // Note: Change to protected after this method is moved from
 241     // sun.security.util.MessageSpi2 interface to
 242     // java.security.MessageDigestSpi class
 243     public void engineUpdate(SecretKey key) throws InvalidKeyException {
 244         // SunJSSE calls this method only if the key does not have a RAW
 245         // encoding, i.e. if it is sensitive. Therefore, no point in calling
 246         // SecretKeyFactory to try to convert it. Just verify it ourselves.
 247         if (key instanceof P11Key == false) {
 248             throw new InvalidKeyException("Not a P11Key: " + key);
 249         }
 250         P11Key p11Key = (P11Key)key;
 251         if (p11Key.token != token) {
 252             throw new InvalidKeyException("Not a P11Key of this provider: " +
 253                     key);
 254         }
 255 
 256         fetchSession();
 257         try {
 258             if (state == S_BUFFERED) {
 259                 token.p11.C_DigestInit(session.id(), mechanism);
 260                 state = S_INIT;
 261             }
 262 
 263             if (bufOfs != 0) {