private int implDoFinal(byte[] out, int outOfs, int outLen) throws BadPaddingException, IllegalBlockSizeException { if (bufOfs > maxInputSize) { throw new IllegalBlockSizeException( "Data must not be longer " + "than " + maxInputSize + " bytes"); } try { ensureInitialized(); PKCS11 p11 = token.p11; int n; switch (mode) { case MODE_ENCRYPT: n = p11.C_Encrypt(session.id(), buffer, 0, bufOfs, out, outOfs, outLen); break; case MODE_DECRYPT: n = p11.C_Decrypt(session.id(), buffer, 0, bufOfs, out, outOfs, outLen); break; case MODE_SIGN: byte[] tmpBuffer = new byte[bufOfs]; System.arraycopy(buffer, 0, tmpBuffer, 0, bufOfs); tmpBuffer = p11.C_Sign(session.id(), tmpBuffer); if (tmpBuffer.length > outLen) { throw new BadPaddingException("Output buffer too small"); } System.arraycopy(tmpBuffer, 0, out, outOfs, tmpBuffer.length); n = tmpBuffer.length; break; case MODE_VERIFY: n = p11.C_VerifyRecover(session.id(), buffer, 0, bufOfs, out, outOfs, outLen); break; default: throw new ProviderException("internal error"); } return n; } catch (PKCS11Exception e) { throw (BadPaddingException) new BadPaddingException("doFinal() failed").initCause(e); } finally { initialized = false; session = token.releaseSession(session); } }
// see JCE spec protected byte[] engineWrap(Key key) throws InvalidKeyException, IllegalBlockSizeException { String keyAlg = key.getAlgorithm(); P11Key sKey = null; try { // The conversion may fail, e.g. trying to wrap an AES key on // a token that does not support AES, or when the key size is // not within the range supported by the token. sKey = P11SecretKeyFactory.convertKey(token, key, keyAlg); } catch (InvalidKeyException ike) { byte[] toBeWrappedKey = key.getEncoded(); if (toBeWrappedKey == null) { throw new InvalidKeyException("wrap() failed, no encoding available", ike); } // Directly encrypt the key encoding when key conversion failed implInit(Cipher.ENCRYPT_MODE, p11Key); implUpdate(toBeWrappedKey, 0, toBeWrappedKey.length); try { return doFinal(); } catch (BadPaddingException bpe) { // should not occur throw new InvalidKeyException("wrap() failed", bpe); } finally { // Restore original mode implInit(Cipher.WRAP_MODE, p11Key); } } Session s = null; try { s = token.getOpSession(); return token.p11.C_WrapKey(s.id(), new CK_MECHANISM(mechanism), p11Key.keyID, sKey.keyID); } catch (PKCS11Exception e) { throw new InvalidKeyException("wrap() failed", e); } finally { token.releaseSession(s); } }