use of org.xipki.security.pkcs11.DigestOutputStream in project xipki by xipki.
the class P11SM3WithSM2SignatureSpi method engineSign.
@Override
protected byte[] engineSign() throws SignatureException {
byte[] dataToSign;
if (outputStream instanceof ByteArrayOutputStream) {
dataToSign = ((ByteArrayOutputStream) outputStream).toByteArray();
((ByteArrayOutputStream) outputStream).reset();
} else {
dataToSign = ((DigestOutputStream) outputStream).digest();
((DigestOutputStream) outputStream).reset();
try {
outputStream.write(sm2Z, 0, sm2Z.length);
} catch (IOException ex) {
throw new SignatureException(ex.getMessage(), ex);
}
}
try {
byte[] plainSignature = signingKey.sign(mechanism, p11Params, dataToSign);
return SignerUtil.dsaSigPlainToX962(plainSignature);
} catch (XiSecurityException | P11TokenException ex) {
throw new SignatureException(ex.getMessage(), ex);
}
}
use of org.xipki.security.pkcs11.DigestOutputStream in project xipki by xipki.
the class P11SM3WithSM2SignatureSpi method engineInitSign.
@Override
protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
if (!(privateKey instanceof P11PrivateKey)) {
throw new InvalidKeyException("privateKey is not instanceof " + P11PrivateKey.class.getName());
}
this.signingKey = (P11PrivateKey) privateKey;
if (!(signingKey.getPublicKey() instanceof ECPublicKey)) {
throw new InvalidKeyException("only EC key is allowed");
}
ECPublicKey pubKey = (ECPublicKey) signingKey.getPublicKey();
if (!GMUtil.isSm2primev2Curve(pubKey.getParams().getCurve())) {
throw new InvalidKeyException("only EC key of curve sm2primev2 is allowed");
}
String algo = privateKey.getAlgorithm();
if (!("EC".equals(algo) || "ECDSA".equals(algo))) {
throw new InvalidKeyException("privateKey is not an EC private key: " + algo);
}
byte[] userId = (paramSpec == null) ? "1234567812345678".getBytes() : paramSpec.getId();
if (signingKey.supportsMechanism(PKCS11Constants.CKM_VENDOR_SM2)) {
mechanism = PKCS11Constants.CKM_VENDOR_SM2;
outputStream = new DigestOutputStream(HashAlgo.SM3.createDigest());
p11Params = null;
ECPoint w = pubKey.getW();
sm2Z = GMUtil.getSM2Z(userId, GMObjectIdentifiers.sm2p256v1, w.getAffineX(), w.getAffineY());
try {
outputStream.write(sm2Z, 0, sm2Z.length);
} catch (IOException ex) {
throw new InvalidKeyException("could not compute Z of SM2");
}
} else if (signingKey.supportsMechanism(PKCS11Constants.CKM_VENDOR_SM2_SM3)) {
mechanism = PKCS11Constants.CKM_VENDOR_SM2_SM3;
outputStream = new ByteArrayOutputStream();
p11Params = new P11ByteArrayParams(userId);
} else {
throw new InvalidKeyException("privateKey and algorithm does not match");
}
this.signingKey = (P11PrivateKey) privateKey;
}
use of org.xipki.security.pkcs11.DigestOutputStream in project xipki by xipki.
the class P11DSASignatureSpi method engineInitSign.
@Override
protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
if (!(privateKey instanceof P11PrivateKey)) {
throw new InvalidKeyException("privateKey is not instanceof " + P11PrivateKey.class.getName());
}
String algo = privateKey.getAlgorithm();
if (!"DSA".equals(algo)) {
throw new InvalidKeyException("privateKey is not a DSA private key: " + algo);
}
this.signingKey = (P11PrivateKey) privateKey;
if (signingKey.supportsMechanism(PKCS11Constants.CKM_DSA)) {
mechanism = PKCS11Constants.CKM_DSA;
if (hashAlgo == null) {
outputStream = new ByteArrayOutputStream();
} else {
outputStream = new DigestOutputStream(hashAlgo.createDigest());
}
} else {
if (hashAlgo == HashAlgo.SHA1 && signingKey.supportsMechanism(PKCS11Constants.CKM_DSA_SHA1)) {
mechanism = PKCS11Constants.CKM_DSA_SHA1;
} else if (hashAlgo == HashAlgo.SHA224 && signingKey.supportsMechanism(PKCS11Constants.CKM_DSA_SHA224)) {
mechanism = PKCS11Constants.CKM_DSA_SHA224;
} else if (hashAlgo == HashAlgo.SHA256 && signingKey.supportsMechanism(PKCS11Constants.CKM_DSA_SHA256)) {
mechanism = PKCS11Constants.CKM_DSA_SHA256;
} else if (hashAlgo == HashAlgo.SHA384 && signingKey.supportsMechanism(PKCS11Constants.CKM_DSA_SHA384)) {
mechanism = PKCS11Constants.CKM_DSA_SHA384;
} else if (hashAlgo == HashAlgo.SHA512 && signingKey.supportsMechanism(PKCS11Constants.CKM_DSA_SHA512)) {
mechanism = PKCS11Constants.CKM_DSA_SHA512;
} else if (hashAlgo == HashAlgo.SHA3_224 && signingKey.supportsMechanism(PKCS11Constants.CKM_DSA_SHA3_224)) {
mechanism = PKCS11Constants.CKM_DSA_SHA3_224;
} else if (hashAlgo == HashAlgo.SHA3_256 && signingKey.supportsMechanism(PKCS11Constants.CKM_DSA_SHA3_256)) {
mechanism = PKCS11Constants.CKM_DSA_SHA3_256;
} else if (hashAlgo == HashAlgo.SHA3_384 && signingKey.supportsMechanism(PKCS11Constants.CKM_DSA_SHA3_384)) {
mechanism = PKCS11Constants.CKM_DSA_SHA3_384;
} else if (hashAlgo == HashAlgo.SHA3_512 && signingKey.supportsMechanism(PKCS11Constants.CKM_DSA_SHA3_512)) {
mechanism = PKCS11Constants.CKM_DSA_SHA3_512;
} else {
throw new InvalidKeyException("privateKey and algorithm does not match");
}
outputStream = new ByteArrayOutputStream();
}
this.signingKey = (P11PrivateKey) privateKey;
}
use of org.xipki.security.pkcs11.DigestOutputStream in project xipki by xipki.
the class P11DSASignatureSpi method engineSign.
@Override
protected byte[] engineSign() throws SignatureException {
byte[] dataToSign;
if (outputStream instanceof ByteArrayOutputStream) {
dataToSign = ((ByteArrayOutputStream) outputStream).toByteArray();
((ByteArrayOutputStream) outputStream).reset();
} else {
dataToSign = ((DigestOutputStream) outputStream).digest();
((DigestOutputStream) outputStream).reset();
}
try {
byte[] plainSignature = signingKey.sign(mechanism, null, dataToSign);
return SignerUtil.dsaSigPlainToX962(plainSignature);
} catch (P11TokenException | XiSecurityException ex) {
throw new SignatureException(ex.getMessage(), ex);
}
}
use of org.xipki.security.pkcs11.DigestOutputStream in project xipki by xipki.
the class AbstractP11ECDSASignatureSpi method engineSign.
@Override
protected byte[] engineSign() throws SignatureException {
byte[] dataToSign;
if (outputStream instanceof ByteArrayOutputStream) {
dataToSign = ((ByteArrayOutputStream) outputStream).toByteArray();
((ByteArrayOutputStream) outputStream).reset();
} else {
dataToSign = ((DigestOutputStream) outputStream).digest();
((DigestOutputStream) outputStream).reset();
}
try {
byte[] plainSignature = signingKey.sign(mechanism, null, dataToSign);
return plain ? plainSignature : SignerUtil.dsaSigPlainToX962(plainSignature);
} catch (XiSecurityException | P11TokenException ex) {
throw new SignatureException(ex.getMessage(), ex);
}
}
Aggregations