Search in sources :

Example 1 with DigestOutputStream

use of org.xipki.security.pkcs11.DigestOutputStream in project xipki by xipki.

the class P11SM3WithSM2SignatureSpi method engineSign.

@Override
protected byte[] engineSign() throws SignatureException {
    byte[] dataToSign;
    if (outputStream instanceof ByteArrayOutputStream) {
        dataToSign = ((ByteArrayOutputStream) outputStream).toByteArray();
        ((ByteArrayOutputStream) outputStream).reset();
    } else {
        dataToSign = ((DigestOutputStream) outputStream).digest();
        ((DigestOutputStream) outputStream).reset();
        try {
            outputStream.write(sm2Z, 0, sm2Z.length);
        } catch (IOException ex) {
            throw new SignatureException(ex.getMessage(), ex);
        }
    }
    try {
        byte[] plainSignature = signingKey.sign(mechanism, p11Params, dataToSign);
        return SignerUtil.dsaSigPlainToX962(plainSignature);
    } catch (XiSecurityException | P11TokenException ex) {
        throw new SignatureException(ex.getMessage(), ex);
    }
}
Also used : XiSecurityException(org.xipki.security.exception.XiSecurityException) DigestOutputStream(org.xipki.security.pkcs11.DigestOutputStream) P11TokenException(org.xipki.security.exception.P11TokenException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) SignatureException(java.security.SignatureException)

Example 2 with DigestOutputStream

use of org.xipki.security.pkcs11.DigestOutputStream in project xipki by xipki.

the class P11SM3WithSM2SignatureSpi method engineInitSign.

@Override
protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
    if (!(privateKey instanceof P11PrivateKey)) {
        throw new InvalidKeyException("privateKey is not instanceof " + P11PrivateKey.class.getName());
    }
    this.signingKey = (P11PrivateKey) privateKey;
    if (!(signingKey.getPublicKey() instanceof ECPublicKey)) {
        throw new InvalidKeyException("only EC key is allowed");
    }
    ECPublicKey pubKey = (ECPublicKey) signingKey.getPublicKey();
    if (!GMUtil.isSm2primev2Curve(pubKey.getParams().getCurve())) {
        throw new InvalidKeyException("only EC key of curve sm2primev2 is allowed");
    }
    String algo = privateKey.getAlgorithm();
    if (!("EC".equals(algo) || "ECDSA".equals(algo))) {
        throw new InvalidKeyException("privateKey is not an EC private key: " + algo);
    }
    byte[] userId = (paramSpec == null) ? "1234567812345678".getBytes() : paramSpec.getId();
    if (signingKey.supportsMechanism(PKCS11Constants.CKM_VENDOR_SM2)) {
        mechanism = PKCS11Constants.CKM_VENDOR_SM2;
        outputStream = new DigestOutputStream(HashAlgo.SM3.createDigest());
        p11Params = null;
        ECPoint w = pubKey.getW();
        sm2Z = GMUtil.getSM2Z(userId, GMObjectIdentifiers.sm2p256v1, w.getAffineX(), w.getAffineY());
        try {
            outputStream.write(sm2Z, 0, sm2Z.length);
        } catch (IOException ex) {
            throw new InvalidKeyException("could not compute Z of SM2");
        }
    } else if (signingKey.supportsMechanism(PKCS11Constants.CKM_VENDOR_SM2_SM3)) {
        mechanism = PKCS11Constants.CKM_VENDOR_SM2_SM3;
        outputStream = new ByteArrayOutputStream();
        p11Params = new P11ByteArrayParams(userId);
    } else {
        throw new InvalidKeyException("privateKey and algorithm does not match");
    }
    this.signingKey = (P11PrivateKey) privateKey;
}
Also used : ECPublicKey(java.security.interfaces.ECPublicKey) P11ByteArrayParams(org.xipki.security.pkcs11.P11ByteArrayParams) DigestOutputStream(org.xipki.security.pkcs11.DigestOutputStream) IOException(java.io.IOException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InvalidKeyException(java.security.InvalidKeyException) ECPoint(java.security.spec.ECPoint)

Example 3 with DigestOutputStream

use of org.xipki.security.pkcs11.DigestOutputStream in project xipki by xipki.

the class P11DSASignatureSpi method engineInitSign.

@Override
protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
    if (!(privateKey instanceof P11PrivateKey)) {
        throw new InvalidKeyException("privateKey is not instanceof " + P11PrivateKey.class.getName());
    }
    String algo = privateKey.getAlgorithm();
    if (!"DSA".equals(algo)) {
        throw new InvalidKeyException("privateKey is not a DSA private key: " + algo);
    }
    this.signingKey = (P11PrivateKey) privateKey;
    if (signingKey.supportsMechanism(PKCS11Constants.CKM_DSA)) {
        mechanism = PKCS11Constants.CKM_DSA;
        if (hashAlgo == null) {
            outputStream = new ByteArrayOutputStream();
        } else {
            outputStream = new DigestOutputStream(hashAlgo.createDigest());
        }
    } else {
        if (hashAlgo == HashAlgo.SHA1 && signingKey.supportsMechanism(PKCS11Constants.CKM_DSA_SHA1)) {
            mechanism = PKCS11Constants.CKM_DSA_SHA1;
        } else if (hashAlgo == HashAlgo.SHA224 && signingKey.supportsMechanism(PKCS11Constants.CKM_DSA_SHA224)) {
            mechanism = PKCS11Constants.CKM_DSA_SHA224;
        } else if (hashAlgo == HashAlgo.SHA256 && signingKey.supportsMechanism(PKCS11Constants.CKM_DSA_SHA256)) {
            mechanism = PKCS11Constants.CKM_DSA_SHA256;
        } else if (hashAlgo == HashAlgo.SHA384 && signingKey.supportsMechanism(PKCS11Constants.CKM_DSA_SHA384)) {
            mechanism = PKCS11Constants.CKM_DSA_SHA384;
        } else if (hashAlgo == HashAlgo.SHA512 && signingKey.supportsMechanism(PKCS11Constants.CKM_DSA_SHA512)) {
            mechanism = PKCS11Constants.CKM_DSA_SHA512;
        } else if (hashAlgo == HashAlgo.SHA3_224 && signingKey.supportsMechanism(PKCS11Constants.CKM_DSA_SHA3_224)) {
            mechanism = PKCS11Constants.CKM_DSA_SHA3_224;
        } else if (hashAlgo == HashAlgo.SHA3_256 && signingKey.supportsMechanism(PKCS11Constants.CKM_DSA_SHA3_256)) {
            mechanism = PKCS11Constants.CKM_DSA_SHA3_256;
        } else if (hashAlgo == HashAlgo.SHA3_384 && signingKey.supportsMechanism(PKCS11Constants.CKM_DSA_SHA3_384)) {
            mechanism = PKCS11Constants.CKM_DSA_SHA3_384;
        } else if (hashAlgo == HashAlgo.SHA3_512 && signingKey.supportsMechanism(PKCS11Constants.CKM_DSA_SHA3_512)) {
            mechanism = PKCS11Constants.CKM_DSA_SHA3_512;
        } else {
            throw new InvalidKeyException("privateKey and algorithm does not match");
        }
        outputStream = new ByteArrayOutputStream();
    }
    this.signingKey = (P11PrivateKey) privateKey;
}
Also used : DigestOutputStream(org.xipki.security.pkcs11.DigestOutputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InvalidKeyException(java.security.InvalidKeyException)

Example 4 with DigestOutputStream

use of org.xipki.security.pkcs11.DigestOutputStream in project xipki by xipki.

the class P11DSASignatureSpi method engineSign.

@Override
protected byte[] engineSign() throws SignatureException {
    byte[] dataToSign;
    if (outputStream instanceof ByteArrayOutputStream) {
        dataToSign = ((ByteArrayOutputStream) outputStream).toByteArray();
        ((ByteArrayOutputStream) outputStream).reset();
    } else {
        dataToSign = ((DigestOutputStream) outputStream).digest();
        ((DigestOutputStream) outputStream).reset();
    }
    try {
        byte[] plainSignature = signingKey.sign(mechanism, null, dataToSign);
        return SignerUtil.dsaSigPlainToX962(plainSignature);
    } catch (P11TokenException | XiSecurityException ex) {
        throw new SignatureException(ex.getMessage(), ex);
    }
}
Also used : XiSecurityException(org.xipki.security.exception.XiSecurityException) DigestOutputStream(org.xipki.security.pkcs11.DigestOutputStream) P11TokenException(org.xipki.security.exception.P11TokenException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) SignatureException(java.security.SignatureException)

Example 5 with DigestOutputStream

use of org.xipki.security.pkcs11.DigestOutputStream in project xipki by xipki.

the class AbstractP11ECDSASignatureSpi method engineSign.

@Override
protected byte[] engineSign() throws SignatureException {
    byte[] dataToSign;
    if (outputStream instanceof ByteArrayOutputStream) {
        dataToSign = ((ByteArrayOutputStream) outputStream).toByteArray();
        ((ByteArrayOutputStream) outputStream).reset();
    } else {
        dataToSign = ((DigestOutputStream) outputStream).digest();
        ((DigestOutputStream) outputStream).reset();
    }
    try {
        byte[] plainSignature = signingKey.sign(mechanism, null, dataToSign);
        return plain ? plainSignature : SignerUtil.dsaSigPlainToX962(plainSignature);
    } catch (XiSecurityException | P11TokenException ex) {
        throw new SignatureException(ex.getMessage(), ex);
    }
}
Also used : XiSecurityException(org.xipki.security.exception.XiSecurityException) DigestOutputStream(org.xipki.security.pkcs11.DigestOutputStream) P11TokenException(org.xipki.security.exception.P11TokenException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) SignatureException(java.security.SignatureException)

Aggregations

ByteArrayOutputStream (java.io.ByteArrayOutputStream)6 DigestOutputStream (org.xipki.security.pkcs11.DigestOutputStream)6 InvalidKeyException (java.security.InvalidKeyException)3 SignatureException (java.security.SignatureException)3 P11TokenException (org.xipki.security.exception.P11TokenException)3 XiSecurityException (org.xipki.security.exception.XiSecurityException)3 IOException (java.io.IOException)2 ECPublicKey (java.security.interfaces.ECPublicKey)1 ECPoint (java.security.spec.ECPoint)1 P11ByteArrayParams (org.xipki.security.pkcs11.P11ByteArrayParams)1