1 /* 2 * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.pkcs11; 27 28 import java.util.*; 29 import java.nio.ByteBuffer; 30 31 import java.security.*; 32 33 import javax.crypto.SecretKey; 34 35 import sun.nio.ch.DirectBuffer; 36 37 import sun.security.pkcs11.wrapper.*; 38 import static sun.security.pkcs11.wrapper.PKCS11Constants.*; 39 40 /** 41 * MessageDigest implementation class. This class currently supports 42 * MD2, MD5, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. 43 * 44 * Note that many digest operations are on fairly small amounts of data 45 * (less than 100 bytes total). For example, the 2nd hashing in HMAC or 46 * the PRF in TLS. In order to speed those up, we use some buffering to 47 * minimize number of the Java->native transitions. 48 * 49 * @author Andreas Sterbenz 50 * @since 1.5 51 */ 52 final class P11Digest extends MessageDigestSpi implements Cloneable { 53 54 /* fields initialized, no session acquired */ 55 private final static int S_BLANK = 1; 56 57 /* data in buffer, session acquired, but digest not initialized */ 58 private final static int S_BUFFERED = 2; 59 60 /* session initialized for digesting */ 61 private final static int S_INIT = 3; 62 63 private final static int BUFFER_SIZE = 96; 64 65 // token instance 66 private final Token token; 67 68 // algorithm name 69 private final String algorithm; 70 71 // mechanism id object 72 private final CK_MECHANISM mechanism; 216 if ((bufOfs != 0) && (bufOfs + len > buffer.length)) { 217 // process the buffered data 218 token.p11.C_DigestUpdate(session.id(), 0, buffer, 0, bufOfs); 219 bufOfs = 0; 220 } 221 if (bufOfs + len > buffer.length) { 222 // process the new data 223 token.p11.C_DigestUpdate(session.id(), 0, in, ofs, len); 224 } else { 225 // buffer the new data 226 System.arraycopy(in, ofs, buffer, bufOfs, len); 227 bufOfs += len; 228 } 229 } catch (PKCS11Exception e) { 230 engineReset(); 231 throw new ProviderException("update() failed", e); 232 } 233 } 234 235 // Called by SunJSSE via reflection during the SSL 3.0 handshake if 236 // the master secret is sensitive. We may want to consider making this 237 // method public in a future release. 238 protected void implUpdate(SecretKey key) throws InvalidKeyException { 239 240 // SunJSSE calls this method only if the key does not have a RAW 241 // encoding, i.e. if it is sensitive. Therefore, no point in calling 242 // SecretKeyFactory to try to convert it. Just verify it ourselves. 243 if (key instanceof P11Key == false) { 244 throw new InvalidKeyException("Not a P11Key: " + key); 245 } 246 P11Key p11Key = (P11Key)key; 247 if (p11Key.token != token) { 248 throw new InvalidKeyException("Not a P11Key of this provider: " + 249 key); 250 } 251 252 fetchSession(); 253 try { 254 if (state == S_BUFFERED) { 255 token.p11.C_DigestInit(session.id(), mechanism); 256 state = S_INIT; 257 } 258 259 if (bufOfs != 0) { | 1 /* 2 * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.pkcs11; 27 28 import java.util.*; 29 import java.nio.ByteBuffer; 30 31 import java.security.*; 32 33 import javax.crypto.SecretKey; 34 35 import sun.nio.ch.DirectBuffer; 36 37 import sun.security.util.MessageDigestSpi2; 38 39 import sun.security.pkcs11.wrapper.*; 40 import static sun.security.pkcs11.wrapper.PKCS11Constants.*; 41 42 /** 43 * MessageDigest implementation class. This class currently supports 44 * MD2, MD5, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. 45 * 46 * Note that many digest operations are on fairly small amounts of data 47 * (less than 100 bytes total). For example, the 2nd hashing in HMAC or 48 * the PRF in TLS. In order to speed those up, we use some buffering to 49 * minimize number of the Java->native transitions. 50 * 51 * @author Andreas Sterbenz 52 * @since 1.5 53 */ 54 final class P11Digest extends MessageDigestSpi implements Cloneable, 55 MessageDigestSpi2 { 56 57 /* fields initialized, no session acquired */ 58 private final static int S_BLANK = 1; 59 60 /* data in buffer, session acquired, but digest not initialized */ 61 private final static int S_BUFFERED = 2; 62 63 /* session initialized for digesting */ 64 private final static int S_INIT = 3; 65 66 private final static int BUFFER_SIZE = 96; 67 68 // token instance 69 private final Token token; 70 71 // algorithm name 72 private final String algorithm; 73 74 // mechanism id object 75 private final CK_MECHANISM mechanism; 219 if ((bufOfs != 0) && (bufOfs + len > buffer.length)) { 220 // process the buffered data 221 token.p11.C_DigestUpdate(session.id(), 0, buffer, 0, bufOfs); 222 bufOfs = 0; 223 } 224 if (bufOfs + len > buffer.length) { 225 // process the new data 226 token.p11.C_DigestUpdate(session.id(), 0, in, ofs, len); 227 } else { 228 // buffer the new data 229 System.arraycopy(in, ofs, buffer, bufOfs, len); 230 bufOfs += len; 231 } 232 } catch (PKCS11Exception e) { 233 engineReset(); 234 throw new ProviderException("update() failed", e); 235 } 236 } 237 238 // Called by SunJSSE via reflection during the SSL 3.0 handshake if 239 // the master secret is sensitive. 240 // Note: Change to protected after this method is moved from 241 // sun.security.util.MessageSpi2 interface to 242 // java.security.MessageDigestSpi class 243 public void engineUpdate(SecretKey key) throws InvalidKeyException { 244 // SunJSSE calls this method only if the key does not have a RAW 245 // encoding, i.e. if it is sensitive. Therefore, no point in calling 246 // SecretKeyFactory to try to convert it. Just verify it ourselves. 247 if (key instanceof P11Key == false) { 248 throw new InvalidKeyException("Not a P11Key: " + key); 249 } 250 P11Key p11Key = (P11Key)key; 251 if (p11Key.token != token) { 252 throw new InvalidKeyException("Not a P11Key of this provider: " + 253 key); 254 } 255 256 fetchSession(); 257 try { 258 if (state == S_BUFFERED) { 259 token.p11.C_DigestInit(session.id(), mechanism); 260 state = S_INIT; 261 } 262 263 if (bufOfs != 0) { |