Пример #1
0
 private void initialize() throws PKCS11Exception {
   if (session == null) {
     session = token.getOpSession();
   }
   PKCS11 p11 = token.p11;
   CK_MECHANISM ckMechanism = new CK_MECHANISM(mechanism);
   switch (mode) {
     case MODE_ENCRYPT:
       p11.C_EncryptInit(session.id(), ckMechanism, p11Key.keyID);
       break;
     case MODE_DECRYPT:
       p11.C_DecryptInit(session.id(), ckMechanism, p11Key.keyID);
       break;
     case MODE_SIGN:
       p11.C_SignInit(session.id(), ckMechanism, p11Key.keyID);
       break;
     case MODE_VERIFY:
       p11.C_VerifyRecoverInit(session.id(), ckMechanism, p11Key.keyID);
       break;
     default:
       throw new AssertionError("internal error");
   }
   bufOfs = 0;
   initialized = true;
 }
Пример #2
0
 private void cancelOperation() {
   token.ensureValid();
   if (initialized == false) {
     return;
   }
   initialized = false;
   if ((session == null) || (token.explicitCancel == false)) {
     return;
   }
   if (session.hasObjects() == false) {
     session = token.killSession(session);
     return;
   }
   try {
     PKCS11 p11 = token.p11;
     int inLen = maxInputSize;
     int outLen = buffer.length;
     switch (mode) {
       case MODE_ENCRYPT:
         p11.C_Encrypt(session.id(), buffer, 0, inLen, buffer, 0, outLen);
         break;
       case MODE_DECRYPT:
         p11.C_Decrypt(session.id(), buffer, 0, inLen, buffer, 0, outLen);
         break;
       case MODE_SIGN:
         byte[] tmpBuffer = new byte[maxInputSize];
         p11.C_Sign(session.id(), tmpBuffer);
         break;
       case MODE_VERIFY:
         p11.C_VerifyRecover(session.id(), buffer, 0, inLen, buffer, 0, outLen);
         break;
       default:
         throw new ProviderException("internal error");
     }
   } catch (PKCS11Exception e) {
     // XXX ensure this always works, ignore error
   }
 }
Пример #3
0
 // see JCE spec
 protected byte[] engineWrap(Key key) throws InvalidKeyException, IllegalBlockSizeException {
   String keyAlg = key.getAlgorithm();
   P11Key sKey = null;
   try {
     // The conversion may fail, e.g. trying to wrap an AES key on
     // a token that does not support AES, or when the key size is
     // not within the range supported by the token.
     sKey = P11SecretKeyFactory.convertKey(token, key, keyAlg);
   } catch (InvalidKeyException ike) {
     byte[] toBeWrappedKey = key.getEncoded();
     if (toBeWrappedKey == null) {
       throw new InvalidKeyException("wrap() failed, no encoding available", ike);
     }
     // Directly encrypt the key encoding when key conversion failed
     implInit(Cipher.ENCRYPT_MODE, p11Key);
     implUpdate(toBeWrappedKey, 0, toBeWrappedKey.length);
     try {
       return doFinal();
     } catch (BadPaddingException bpe) {
       // should not occur
       throw new InvalidKeyException("wrap() failed", bpe);
     } finally {
       // Restore original mode
       implInit(Cipher.WRAP_MODE, p11Key);
     }
   }
   Session s = null;
   try {
     s = token.getOpSession();
     return token.p11.C_WrapKey(s.id(), new CK_MECHANISM(mechanism), p11Key.keyID, sKey.keyID);
   } catch (PKCS11Exception e) {
     throw new InvalidKeyException("wrap() failed", e);
   } finally {
     token.releaseSession(s);
   }
 }
Пример #4
0
 private int implDoFinal(byte[] out, int outOfs, int outLen)
     throws BadPaddingException, IllegalBlockSizeException {
   if (bufOfs > maxInputSize) {
     throw new IllegalBlockSizeException(
         "Data must not be longer " + "than " + maxInputSize + " bytes");
   }
   try {
     ensureInitialized();
     PKCS11 p11 = token.p11;
     int n;
     switch (mode) {
       case MODE_ENCRYPT:
         n = p11.C_Encrypt(session.id(), buffer, 0, bufOfs, out, outOfs, outLen);
         break;
       case MODE_DECRYPT:
         n = p11.C_Decrypt(session.id(), buffer, 0, bufOfs, out, outOfs, outLen);
         break;
       case MODE_SIGN:
         byte[] tmpBuffer = new byte[bufOfs];
         System.arraycopy(buffer, 0, tmpBuffer, 0, bufOfs);
         tmpBuffer = p11.C_Sign(session.id(), tmpBuffer);
         if (tmpBuffer.length > outLen) {
           throw new BadPaddingException("Output buffer too small");
         }
         System.arraycopy(tmpBuffer, 0, out, outOfs, tmpBuffer.length);
         n = tmpBuffer.length;
         break;
       case MODE_VERIFY:
         n = p11.C_VerifyRecover(session.id(), buffer, 0, bufOfs, out, outOfs, outLen);
         break;
       default:
         throw new ProviderException("internal error");
     }
     return n;
   } catch (PKCS11Exception e) {
     throw (BadPaddingException) new BadPaddingException("doFinal() failed").initCause(e);
   } finally {
     initialized = false;
     session = token.releaseSession(session);
   }
 }
Пример #5
0
 private void ensureInitialized() throws PKCS11Exception {
   token.ensureValid();
   if (initialized == false) {
     initialize();
   }
 }