private void initialize() throws PKCS11Exception { if (session == null) { session = token.getOpSession(); } PKCS11 p11 = token.p11; CK_MECHANISM ckMechanism = new CK_MECHANISM(mechanism); switch (mode) { case MODE_ENCRYPT: p11.C_EncryptInit(session.id(), ckMechanism, p11Key.keyID); break; case MODE_DECRYPT: p11.C_DecryptInit(session.id(), ckMechanism, p11Key.keyID); break; case MODE_SIGN: p11.C_SignInit(session.id(), ckMechanism, p11Key.keyID); break; case MODE_VERIFY: p11.C_VerifyRecoverInit(session.id(), ckMechanism, p11Key.keyID); break; default: throw new AssertionError("internal error"); } bufOfs = 0; initialized = true; }
private int implDoFinal(byte[] out, int outOfs, int outLen) throws BadPaddingException, IllegalBlockSizeException { if (bufOfs > maxInputSize) { throw new IllegalBlockSizeException( "Data must not be longer " + "than " + maxInputSize + " bytes"); } try { ensureInitialized(); PKCS11 p11 = token.p11; int n; switch (mode) { case MODE_ENCRYPT: n = p11.C_Encrypt(session.id(), buffer, 0, bufOfs, out, outOfs, outLen); break; case MODE_DECRYPT: n = p11.C_Decrypt(session.id(), buffer, 0, bufOfs, out, outOfs, outLen); break; case MODE_SIGN: byte[] tmpBuffer = new byte[bufOfs]; System.arraycopy(buffer, 0, tmpBuffer, 0, bufOfs); tmpBuffer = p11.C_Sign(session.id(), tmpBuffer); if (tmpBuffer.length > outLen) { throw new BadPaddingException("Output buffer too small"); } System.arraycopy(tmpBuffer, 0, out, outOfs, tmpBuffer.length); n = tmpBuffer.length; break; case MODE_VERIFY: n = p11.C_VerifyRecover(session.id(), buffer, 0, bufOfs, out, outOfs, outLen); break; default: throw new ProviderException("internal error"); } return n; } catch (PKCS11Exception e) { throw (BadPaddingException) new BadPaddingException("doFinal() failed").initCause(e); } finally { initialized = false; session = token.releaseSession(session); } }
private void cancelOperation() { token.ensureValid(); if (initialized == false) { return; } initialized = false; if ((session == null) || (token.explicitCancel == false)) { return; } if (session.hasObjects() == false) { session = token.killSession(session); return; } try { PKCS11 p11 = token.p11; int inLen = maxInputSize; int outLen = buffer.length; switch (mode) { case MODE_ENCRYPT: p11.C_Encrypt(session.id(), buffer, 0, inLen, buffer, 0, outLen); break; case MODE_DECRYPT: p11.C_Decrypt(session.id(), buffer, 0, inLen, buffer, 0, outLen); break; case MODE_SIGN: byte[] tmpBuffer = new byte[maxInputSize]; p11.C_Sign(session.id(), tmpBuffer); break; case MODE_VERIFY: p11.C_VerifyRecover(session.id(), buffer, 0, inLen, buffer, 0, outLen); break; default: throw new ProviderException("internal error"); } } catch (PKCS11Exception e) { // XXX ensure this always works, ignore error } }
// see JCE spec protected byte[] engineWrap(Key key) throws InvalidKeyException, IllegalBlockSizeException { String keyAlg = key.getAlgorithm(); P11Key sKey = null; try { // The conversion may fail, e.g. trying to wrap an AES key on // a token that does not support AES, or when the key size is // not within the range supported by the token. sKey = P11SecretKeyFactory.convertKey(token, key, keyAlg); } catch (InvalidKeyException ike) { byte[] toBeWrappedKey = key.getEncoded(); if (toBeWrappedKey == null) { throw new InvalidKeyException("wrap() failed, no encoding available", ike); } // Directly encrypt the key encoding when key conversion failed implInit(Cipher.ENCRYPT_MODE, p11Key); implUpdate(toBeWrappedKey, 0, toBeWrappedKey.length); try { return doFinal(); } catch (BadPaddingException bpe) { // should not occur throw new InvalidKeyException("wrap() failed", bpe); } finally { // Restore original mode implInit(Cipher.WRAP_MODE, p11Key); } } Session s = null; try { s = token.getOpSession(); return token.p11.C_WrapKey(s.id(), new CK_MECHANISM(mechanism), p11Key.keyID, sKey.keyID); } catch (PKCS11Exception e) { throw new InvalidKeyException("wrap() failed", e); } finally { token.releaseSession(s); } }