Example #1
0
 // reset the states to the pre-initialized values
 private void reset() {
   initialized = false;
   bytesBuffered = 0;
   padBufferLen = 0;
   if (session != null) {
     session = token.releaseSession(session);
   }
 }
Example #2
0
 private int implDoFinal(byte[] out, int outOfs, int outLen)
     throws BadPaddingException, IllegalBlockSizeException {
   if (bufOfs > maxInputSize) {
     throw new IllegalBlockSizeException(
         "Data must not be longer " + "than " + maxInputSize + " bytes");
   }
   try {
     ensureInitialized();
     PKCS11 p11 = token.p11;
     int n;
     switch (mode) {
       case MODE_ENCRYPT:
         n = p11.C_Encrypt(session.id(), buffer, 0, bufOfs, out, outOfs, outLen);
         break;
       case MODE_DECRYPT:
         n = p11.C_Decrypt(session.id(), buffer, 0, bufOfs, out, outOfs, outLen);
         break;
       case MODE_SIGN:
         byte[] tmpBuffer = new byte[bufOfs];
         System.arraycopy(buffer, 0, tmpBuffer, 0, bufOfs);
         tmpBuffer = p11.C_Sign(session.id(), tmpBuffer);
         if (tmpBuffer.length > outLen) {
           throw new BadPaddingException("Output buffer too small");
         }
         System.arraycopy(tmpBuffer, 0, out, outOfs, tmpBuffer.length);
         n = tmpBuffer.length;
         break;
       case MODE_VERIFY:
         n = p11.C_VerifyRecover(session.id(), buffer, 0, bufOfs, out, outOfs, outLen);
         break;
       default:
         throw new ProviderException("internal error");
     }
     return n;
   } catch (PKCS11Exception e) {
     throw (BadPaddingException) new BadPaddingException("doFinal() failed").initCause(e);
   } finally {
     initialized = false;
     session = token.releaseSession(session);
   }
 }
Example #3
0
  private void initialize() throws PKCS11Exception {
    if (session == null) {
      session = token.getOpSession();
    }
    CK_MECHANISM mechParams =
        (blockMode == MODE_CTR
            ? new CK_MECHANISM(mechanism, new CK_AES_CTR_PARAMS(iv))
            : new CK_MECHANISM(mechanism, iv));

    try {
      if (encrypt) {
        token.p11.C_EncryptInit(session.id(), mechParams, p11Key.keyID);
      } else {
        token.p11.C_DecryptInit(session.id(), mechParams, p11Key.keyID);
      }
    } catch (PKCS11Exception ex) {
      // release session when initialization failed
      session = token.releaseSession(session);
      throw ex;
    }
    bytesBuffered = 0;
    padBufferLen = 0;
    initialized = true;
  }
Example #4
0
 // see JCE spec
 protected byte[] engineWrap(Key key) throws InvalidKeyException, IllegalBlockSizeException {
   String keyAlg = key.getAlgorithm();
   P11Key sKey = null;
   try {
     // The conversion may fail, e.g. trying to wrap an AES key on
     // a token that does not support AES, or when the key size is
     // not within the range supported by the token.
     sKey = P11SecretKeyFactory.convertKey(token, key, keyAlg);
   } catch (InvalidKeyException ike) {
     byte[] toBeWrappedKey = key.getEncoded();
     if (toBeWrappedKey == null) {
       throw new InvalidKeyException("wrap() failed, no encoding available", ike);
     }
     // Directly encrypt the key encoding when key conversion failed
     implInit(Cipher.ENCRYPT_MODE, p11Key);
     implUpdate(toBeWrappedKey, 0, toBeWrappedKey.length);
     try {
       return doFinal();
     } catch (BadPaddingException bpe) {
       // should not occur
       throw new InvalidKeyException("wrap() failed", bpe);
     } finally {
       // Restore original mode
       implInit(Cipher.WRAP_MODE, p11Key);
     }
   }
   Session s = null;
   try {
     s = token.getOpSession();
     return token.p11.C_WrapKey(s.id(), new CK_MECHANISM(mechanism), p11Key.keyID, sKey.keyID);
   } catch (PKCS11Exception e) {
     throw new InvalidKeyException("wrap() failed", e);
   } finally {
     token.releaseSession(s);
   }
 }