Search in sources :

Example 6 with SecretKey

use of iaik.pkcs.pkcs11.objects.SecretKey in project xipki by xipki.

the class IaikP11Slot method generateSecretKey0.

@Override
protected P11Identity generateSecretKey0(long keyType, int keysize, String label, P11NewKeyControl control) throws P11TokenException {
    if (keysize % 8 != 0) {
        throw new IllegalArgumentException("keysize is not multiple of 8: " + keysize);
    }
    long mech;
    if (PKCS11Constants.CKK_AES == keyType) {
        mech = PKCS11Constants.CKM_AES_KEY_GEN;
    } else if (PKCS11Constants.CKK_DES3 == keyType) {
        mech = PKCS11Constants.CKM_DES3_KEY_GEN;
    } else if (PKCS11Constants.CKK_GENERIC_SECRET == keyType) {
        mech = PKCS11Constants.CKM_GENERIC_SECRET_KEY_GEN;
    } else if (PKCS11Constants.CKK_SHA_1_HMAC == keyType || PKCS11Constants.CKK_SHA224_HMAC == keyType || PKCS11Constants.CKK_SHA256_HMAC == keyType || PKCS11Constants.CKK_SHA384_HMAC == keyType || PKCS11Constants.CKK_SHA512_HMAC == keyType || PKCS11Constants.CKK_SHA3_224_HMAC == keyType || PKCS11Constants.CKK_SHA3_256_HMAC == keyType || PKCS11Constants.CKK_SHA3_384_HMAC == keyType || PKCS11Constants.CKK_SHA3_512_HMAC == keyType) {
        mech = PKCS11Constants.CKM_GENERIC_SECRET_KEY_GEN;
    } else {
        throw new IllegalArgumentException("unsupported key type 0x" + Functions.toFullHex((int) keyType));
    }
    assertMechanismSupported(mech);
    ValuedSecretKey template = new ValuedSecretKey(keyType);
    template.getToken().setBooleanValue(true);
    template.getLabel().setCharArrayValue(label.toCharArray());
    template.getSign().setBooleanValue(true);
    template.getSensitive().setBooleanValue(true);
    template.getExtractable().setBooleanValue(control.isExtractable());
    template.getValueLen().setLongValue((long) (keysize / 8));
    Mechanism mechanism = Mechanism.get(mech);
    SecretKey key;
    Session session = borrowWritableSession();
    try {
        if (labelExists(session, label)) {
            throw new IllegalArgumentException("label " + label + " exists, please specify another one");
        }
        byte[] id = generateKeyId(session);
        template.getId().setByteArrayValue(id);
        try {
            key = (SecretKey) session.generateKey(mechanism, template);
        } catch (TokenException ex) {
            throw new P11TokenException("could not generate generic secret key using " + mechanism.getName(), ex);
        }
        P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
        P11EntityIdentifier entityId = new P11EntityIdentifier(slotId, objId);
        return new IaikP11Identity(this, entityId, key);
    } finally {
        returnWritableSession(session);
    }
}
Also used : ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier) Mechanism(iaik.pkcs.pkcs11.Mechanism) Session(iaik.pkcs.pkcs11.Session)

Aggregations

SecretKey (iaik.pkcs.pkcs11.objects.SecretKey)6 ValuedSecretKey (iaik.pkcs.pkcs11.objects.ValuedSecretKey)6 Session (iaik.pkcs.pkcs11.Session)5 TokenException (iaik.pkcs.pkcs11.TokenException)5 P11TokenException (org.xipki.security.exception.P11TokenException)5 DSAPrivateKey (iaik.pkcs.pkcs11.objects.DSAPrivateKey)3 ECPrivateKey (iaik.pkcs.pkcs11.objects.ECPrivateKey)3 PrivateKey (iaik.pkcs.pkcs11.objects.PrivateKey)3 RSAPrivateKey (iaik.pkcs.pkcs11.objects.RSAPrivateKey)3 SM2PrivateKey (iaik.pkcs.pkcs11.objects.SM2PrivateKey)3 P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)3 Mechanism (iaik.pkcs.pkcs11.Mechanism)2 DSAPublicKey (iaik.pkcs.pkcs11.objects.DSAPublicKey)2 ECPublicKey (iaik.pkcs.pkcs11.objects.ECPublicKey)2 PublicKey (iaik.pkcs.pkcs11.objects.PublicKey)2 RSAPublicKey (iaik.pkcs.pkcs11.objects.RSAPublicKey)2 SM2PublicKey (iaik.pkcs.pkcs11.objects.SM2PublicKey)2 X509PublicKeyCertificate (iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate)2 DEROctetString (org.bouncycastle.asn1.DEROctetString)2 P11EntityIdentifier (org.xipki.security.pkcs11.P11EntityIdentifier)2