Search in sources :

Example 1 with P11Params

use of org.xipki.security.pkcs11.P11Params in project xipki by xipki.

the class P11SM3WithSM2SignatureSpi method engineSign.

@Override
protected byte[] engineSign() throws SignatureException {
    byte[] dataToSign;
    if (outputStream instanceof ByteArrayOutputStream) {
        dataToSign = ((ByteArrayOutputStream) outputStream).toByteArray();
        ((ByteArrayOutputStream) outputStream).reset();
    } else {
        dataToSign = ((DigestOutputStream) outputStream).digest();
        ((DigestOutputStream) outputStream).reset();
        try {
            outputStream.write(sm2Z, 0, sm2Z.length);
        } catch (IOException ex) {
            throw new SignatureException(ex.getMessage(), ex);
        }
    }
    try {
        byte[] plainSignature = signingKey.sign(mechanism, p11Params, dataToSign);
        return SignerUtil.dsaSigPlainToX962(plainSignature);
    } catch (XiSecurityException | P11TokenException ex) {
        throw new SignatureException(ex.getMessage(), ex);
    }
}
Also used : XiSecurityException(org.xipki.security.exception.XiSecurityException) DigestOutputStream(org.xipki.security.pkcs11.DigestOutputStream) P11TokenException(org.xipki.security.exception.P11TokenException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) SignatureException(java.security.SignatureException)

Example 2 with P11Params

use of org.xipki.security.pkcs11.P11Params in project xipki by xipki.

the class P11ProxyResponder method processRequest.

/**
 * The request is constructed as follows:
 * <pre>
 * 0 - - - 1 - - - 2 - - - 3 - - - 4 - - - 5 - - - 6 - - - 7 - - - 8
 * |    Version    |        Transaction ID         |   Body ...    |
 * |   ... Length  |     Action    |   Module ID   |   Content...  |
 * |   .Content               | <-- 10 + Length (offset).
 *
 * </pre>
 */
byte[] processRequest(LocalP11CryptServicePool pool, byte[] request) {
    int reqLen = request.length;
    // TransactionID
    byte[] transactionId = new byte[4];
    if (reqLen > 5) {
        System.arraycopy(request, 2, transactionId, 0, 4);
    }
    // Action
    short action = P11ProxyConstants.ACTION_NOPE;
    if (reqLen > 11) {
        action = IoUtil.parseShort(request, 10);
    }
    if (reqLen < 14) {
        LOG.error("response too short");
        return getResp(P11ProxyConstants.VERSION_V1_0, transactionId, action, P11ProxyConstants.RC_BAD_REQUEST);
    }
    // Version
    short version = IoUtil.parseShort(request, 0);
    if (!versions.contains(version)) {
        LOG.error("unsupported version {}", version);
        return getResp(P11ProxyConstants.VERSION_V1_0, transactionId, action, P11ProxyConstants.RC_UNSUPPORTED_VERSION);
    }
    // Length
    int reqBodyLen = IoUtil.parseInt(request, 6);
    if (reqBodyLen + 10 != reqLen) {
        LOG.error("message length unmatch");
        return getResp(version, transactionId, action, P11ProxyConstants.RC_BAD_REQUEST);
    }
    short moduleId = IoUtil.parseShort(request, 12);
    int contentLen = reqLen - 14;
    byte[] content;
    if (contentLen == 0) {
        if (actionsRequireNonNullRequest.contains(action)) {
            LOG.error("content is not present but is required");
            return getResp(version, transactionId, P11ProxyConstants.RC_BAD_REQUEST, action);
        }
        content = null;
    } else {
        if (actionsRequireNullRequest.contains(action)) {
            LOG.error("content is present but is not permitted");
            return getResp(version, transactionId, P11ProxyConstants.RC_BAD_REQUEST, action);
        }
        content = new byte[contentLen];
        System.arraycopy(request, 14, content, 0, contentLen);
    }
    P11CryptService p11CryptService = pool.getP11CryptService(moduleId);
    if (p11CryptService == null) {
        LOG.error("no module {} available", moduleId);
        return getResp(version, transactionId, P11ProxyConstants.RC_UNKNOWN_MODULE, action);
    }
    try {
        switch(action) {
            case P11ProxyConstants.ACTION_ADD_CERT:
                {
                    Asn1EntityIdAndCert asn1 = Asn1EntityIdAndCert.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getEntityId());
                    X509Certificate cert = X509Util.toX509Cert(asn1.getCertificate());
                    slot.addCert(asn1.getEntityId().getObjectId().getObjectId(), cert);
                    return getSuccessResp(version, transactionId, action, (byte[]) null);
                }
            case P11ProxyConstants.ACTION_DIGEST_SECRETKEY:
                {
                    Asn1DigestSecretKeyTemplate template = Asn1DigestSecretKeyTemplate.getInstance(content);
                    long mechanism = template.getMechanism().getMechanism();
                    P11Identity identity = p11CryptService.getIdentity(template.getIdentityId().getEntityId());
                    byte[] hashValue = identity.digestSecretKey(mechanism);
                    ASN1Object obj = new DEROctetString(hashValue);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_GEN_KEYPAIR_DSA:
                {
                    Asn1GenDSAKeypairParams asn1 = Asn1GenDSAKeypairParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    P11ObjectIdentifier keyId = slot.generateDSAKeypair(asn1.getP(), asn1.getQ(), asn1.getG(), asn1.getLabel(), asn1.getControl());
                    ASN1Object obj = new Asn1P11EntityIdentifier(asn1.getSlotId(), keyId);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_GEN_KEYPAIR_EC:
                {
                    Asn1GenECKeypairParams asn1 = Asn1GenECKeypairParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    P11ObjectIdentifier keyId = slot.generateECKeypair(asn1.getCurveId().getId(), asn1.getLabel(), asn1.getControl());
                    ASN1Object obj = new Asn1P11EntityIdentifier(asn1.getSlotId(), keyId);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_GEN_KEYPAIR_RSA:
                {
                    Asn1GenRSAKeypairParams asn1 = Asn1GenRSAKeypairParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    P11ObjectIdentifier keyId = slot.generateRSAKeypair(asn1.getKeysize(), asn1.getPublicExponent(), asn1.getLabel(), asn1.getControl());
                    ASN1Object obj = new Asn1P11EntityIdentifier(asn1.getSlotId(), keyId);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_GEN_KEYPAIR_SM2:
                {
                    Asn1GenSM2KeypairParams asn1 = Asn1GenSM2KeypairParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    P11ObjectIdentifier keyId = slot.generateSM2Keypair(asn1.getLabel(), asn1.getControl());
                    ASN1Object obj = new Asn1P11EntityIdentifier(asn1.getSlotId(), keyId);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_GEN_SECRET_KEY:
                {
                    Asn1GenSecretKeyParams asn1 = Asn1GenSecretKeyParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    P11ObjectIdentifier keyId = slot.generateSecretKey(asn1.getKeyType(), asn1.getKeysize(), asn1.getLabel(), asn1.getControl());
                    ASN1Object obj = new Asn1P11EntityIdentifier(asn1.getSlotId(), keyId);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_GET_CERT:
                {
                    P11EntityIdentifier entityId = Asn1P11EntityIdentifier.getInstance(content).getEntityId();
                    X509Certificate cert = p11CryptService.getIdentity(entityId).getCertificate();
                    return getSuccessResp(version, transactionId, action, cert.getEncoded());
                }
            case P11ProxyConstants.ACTION_GET_CERT_IDS:
            case P11ProxyConstants.ACTION_GET_IDENTITY_IDS:
                {
                    Asn1P11SlotIdentifier slotId = Asn1P11SlotIdentifier.getInstance(content);
                    P11Slot slot = p11CryptService.getModule().getSlot(slotId.getSlotId());
                    Set<P11ObjectIdentifier> objectIds;
                    if (P11ProxyConstants.ACTION_GET_CERT_IDS == action) {
                        objectIds = slot.getCertIdentifiers();
                    } else {
                        objectIds = slot.getIdentityIdentifiers();
                    }
                    ASN1EncodableVector vec = new ASN1EncodableVector();
                    for (P11ObjectIdentifier objectId : objectIds) {
                        vec.add(new Asn1P11ObjectIdentifier(objectId));
                    }
                    ASN1Object obj = new DERSequence(vec);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_GET_MECHANISMS:
                {
                    P11SlotIdentifier slotId = Asn1P11SlotIdentifier.getInstance(content).getSlotId();
                    Set<Long> mechs = p11CryptService.getSlot(slotId).getMechanisms();
                    ASN1EncodableVector vec = new ASN1EncodableVector();
                    for (Long mech : mechs) {
                        vec.add(new ASN1Integer(mech));
                    }
                    ASN1Object obj = new DERSequence(vec);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_GET_PUBLICKEY:
                {
                    P11EntityIdentifier identityId = Asn1P11EntityIdentifier.getInstance(content).getEntityId();
                    PublicKey pubKey = p11CryptService.getIdentity(identityId).getPublicKey();
                    if (pubKey == null) {
                        throw new P11UnknownEntityException(identityId);
                    }
                    ASN1Object obj = KeyUtil.createSubjectPublicKeyInfo(pubKey);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_GET_SERVER_CAPS:
                {
                    boolean readOnly = p11CryptService.getModule().isReadOnly();
                    ASN1Object obj = new Asn1ServerCaps(readOnly, versions);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_GET_SLOT_IDS:
                {
                    List<P11SlotIdentifier> slotIds = p11CryptService.getModule().getSlotIds();
                    ASN1EncodableVector vector = new ASN1EncodableVector();
                    for (P11SlotIdentifier slotId : slotIds) {
                        vector.add(new Asn1P11SlotIdentifier(slotId));
                    }
                    ASN1Object obj = new DERSequence(vector);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_IMPORT_SECRET_KEY:
                {
                    Asn1ImportSecretKeyParams asn1 = Asn1ImportSecretKeyParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    P11ObjectIdentifier keyId = slot.importSecretKey(asn1.getKeyType(), asn1.getKeyValue(), asn1.getLabel(), asn1.getControl());
                    ASN1Object obj = new Asn1P11EntityIdentifier(asn1.getSlotId(), keyId);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_REMOVE_CERTS:
                {
                    Asn1P11EntityIdentifier asn1 = Asn1P11EntityIdentifier.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1);
                    slot.removeCerts(asn1.getObjectId().getObjectId());
                    return getSuccessResp(version, transactionId, action, (byte[]) null);
                }
            case P11ProxyConstants.ACTION_REMOVE_IDENTITY:
                {
                    Asn1P11EntityIdentifier asn1 = Asn1P11EntityIdentifier.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1);
                    slot.removeIdentity(asn1.getObjectId().getObjectId());
                    return getSuccessResp(version, transactionId, action, (byte[]) null);
                }
            case P11ProxyConstants.ACTION_REMOVE_OBJECTS:
                {
                    Asn1RemoveObjectsParams asn1 = Asn1RemoveObjectsParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    int num = slot.removeObjects(asn1.getOjectId(), asn1.getObjectLabel());
                    ASN1Object obj = new ASN1Integer(num);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_SIGN:
                {
                    Asn1SignTemplate signTemplate = Asn1SignTemplate.getInstance(content);
                    long mechanism = signTemplate.getMechanism().getMechanism();
                    Asn1P11Params asn1Params = signTemplate.getMechanism().getParams();
                    P11Params params = null;
                    if (asn1Params != null) {
                        switch(asn1Params.getTagNo()) {
                            case Asn1P11Params.TAG_RSA_PKCS_PSS:
                                params = Asn1RSAPkcsPssParams.getInstance(asn1Params).getPkcsPssParams();
                                break;
                            case Asn1P11Params.TAG_OPAQUE:
                                params = new P11ByteArrayParams(ASN1OctetString.getInstance(asn1Params).getOctets());
                                break;
                            case Asn1P11Params.TAG_IV:
                                params = new P11IVParams(ASN1OctetString.getInstance(asn1Params).getOctets());
                                break;
                            default:
                                throw new BadAsn1ObjectException("unknown SignTemplate.params: unknown tag " + asn1Params.getTagNo());
                        }
                    }
                    byte[] message = signTemplate.getMessage();
                    P11Identity identity = p11CryptService.getIdentity(signTemplate.getIdentityId().getEntityId());
                    byte[] signature = identity.sign(mechanism, params, message);
                    ASN1Object obj = new DEROctetString(signature);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_UPDATE_CERT:
                {
                    Asn1EntityIdAndCert asn1 = Asn1EntityIdAndCert.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getEntityId());
                    slot.updateCertificate(asn1.getEntityId().getObjectId().getObjectId(), X509Util.toX509Cert(asn1.getCertificate()));
                    return getSuccessResp(version, transactionId, action, (byte[]) null);
                }
            default:
                {
                    LOG.error("unsupported XiPKI action code '{}'", action);
                    return getResp(version, transactionId, action, P11ProxyConstants.RC_UNSUPPORTED_ACTION);
                }
        }
    } catch (BadAsn1ObjectException ex) {
        LogUtil.error(LOG, ex, "could not process decode requested content (tid=" + Hex.encode(transactionId) + ")");
        return getResp(version, transactionId, action, P11ProxyConstants.RC_BAD_REQUEST);
    } catch (P11TokenException ex) {
        LogUtil.error(LOG, ex, buildErrorMsg(action, transactionId));
        short rc;
        if (ex instanceof P11UnknownEntityException) {
            rc = P11ProxyConstants.RC_DUPLICATE_ENTITY;
        } else if (ex instanceof P11DuplicateEntityException) {
            rc = P11ProxyConstants.RC_DUPLICATE_ENTITY;
        } else if (ex instanceof P11UnsupportedMechanismException) {
            rc = P11ProxyConstants.RC_UNSUPPORTED_MECHANISM;
        } else {
            rc = P11ProxyConstants.RC_P11_TOKENERROR;
        }
        return getResp(version, transactionId, action, rc);
    } catch (XiSecurityException | CertificateException | InvalidKeyException ex) {
        LogUtil.error(LOG, ex, buildErrorMsg(action, transactionId));
        return getResp(version, transactionId, action, P11ProxyConstants.RC_INTERNAL_ERROR);
    } catch (Throwable th) {
        LogUtil.error(LOG, th, buildErrorMsg(action, transactionId));
        return getResp(version, transactionId, action, P11ProxyConstants.RC_INTERNAL_ERROR);
    }
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) Asn1ServerCaps(org.xipki.p11proxy.msg.Asn1ServerCaps) P11TokenException(org.xipki.security.exception.P11TokenException) Asn1P11EntityIdentifier(org.xipki.p11proxy.msg.Asn1P11EntityIdentifier) P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier) CertificateException(java.security.cert.CertificateException) Asn1P11Params(org.xipki.p11proxy.msg.Asn1P11Params) P11Params(org.xipki.security.pkcs11.P11Params) Asn1RemoveObjectsParams(org.xipki.p11proxy.msg.Asn1RemoveObjectsParams) DEROctetString(org.bouncycastle.asn1.DEROctetString) P11DuplicateEntityException(org.xipki.security.exception.P11DuplicateEntityException) Asn1GenSecretKeyParams(org.xipki.p11proxy.msg.Asn1GenSecretKeyParams) Asn1P11EntityIdentifier(org.xipki.p11proxy.msg.Asn1P11EntityIdentifier) DERSequence(org.bouncycastle.asn1.DERSequence) XiSecurityException(org.xipki.security.exception.XiSecurityException) P11ByteArrayParams(org.xipki.security.pkcs11.P11ByteArrayParams) P11UnknownEntityException(org.xipki.security.exception.P11UnknownEntityException) Asn1DigestSecretKeyTemplate(org.xipki.p11proxy.msg.Asn1DigestSecretKeyTemplate) Asn1GenDSAKeypairParams(org.xipki.p11proxy.msg.Asn1GenDSAKeypairParams) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) List(java.util.List) Asn1ImportSecretKeyParams(org.xipki.p11proxy.msg.Asn1ImportSecretKeyParams) ASN1Object(org.bouncycastle.asn1.ASN1Object) Asn1P11Params(org.xipki.p11proxy.msg.Asn1P11Params) Asn1P11SlotIdentifier(org.xipki.p11proxy.msg.Asn1P11SlotIdentifier) P11SlotIdentifier(org.xipki.security.pkcs11.P11SlotIdentifier) PublicKey(java.security.PublicKey) Asn1SignTemplate(org.xipki.p11proxy.msg.Asn1SignTemplate) P11Slot(org.xipki.security.pkcs11.P11Slot) Asn1P11ObjectIdentifier(org.xipki.p11proxy.msg.Asn1P11ObjectIdentifier) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) P11Identity(org.xipki.security.pkcs11.P11Identity) InvalidKeyException(java.security.InvalidKeyException) P11CryptService(org.xipki.security.pkcs11.P11CryptService) X509Certificate(java.security.cert.X509Certificate) Asn1GenRSAKeypairParams(org.xipki.p11proxy.msg.Asn1GenRSAKeypairParams) Asn1EntityIdAndCert(org.xipki.p11proxy.msg.Asn1EntityIdAndCert) P11UnsupportedMechanismException(org.xipki.security.exception.P11UnsupportedMechanismException) Asn1GenSM2KeypairParams(org.xipki.p11proxy.msg.Asn1GenSM2KeypairParams) Asn1P11ObjectIdentifier(org.xipki.p11proxy.msg.Asn1P11ObjectIdentifier) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier) Asn1GenECKeypairParams(org.xipki.p11proxy.msg.Asn1GenECKeypairParams) P11IVParams(org.xipki.security.pkcs11.P11IVParams) Asn1P11SlotIdentifier(org.xipki.p11proxy.msg.Asn1P11SlotIdentifier) BadAsn1ObjectException(org.xipki.security.exception.BadAsn1ObjectException)

Example 3 with P11Params

use of org.xipki.security.pkcs11.P11Params in project xipki by xipki.

the class ProxyP11Identity method sign0.

@Override
protected byte[] sign0(long mechanism, P11Params parameters, byte[] content) throws P11TokenException {
    Asn1P11EntityIdentifier asn1EntityId = new Asn1P11EntityIdentifier(identityId);
    Asn1P11Params p11Param = null;
    if (parameters != null) {
        if (parameters instanceof P11RSAPkcsPssParams) {
            p11Param = new Asn1P11Params(Asn1P11Params.TAG_RSA_PKCS_PSS, new Asn1RSAPkcsPssParams((P11RSAPkcsPssParams) parameters));
        } else if (parameters instanceof P11ByteArrayParams) {
            byte[] bytes = ((P11ByteArrayParams) parameters).getBytes();
            p11Param = new Asn1P11Params(Asn1P11Params.TAG_OPAQUE, new DEROctetString(bytes));
        } else if (parameters instanceof P11IVParams) {
            p11Param = new Asn1P11Params(Asn1P11Params.TAG_IV, new DEROctetString(((P11IVParams) parameters).getIV()));
        } else {
            throw new IllegalArgumentException("unkown parameter 'parameters'");
        }
    }
    Asn1SignTemplate signTemplate = new Asn1SignTemplate(asn1EntityId, mechanism, p11Param, content);
    byte[] result = ((ProxyP11Slot) slot).getModule().send(P11ProxyConstants.ACTION_SIGN, signTemplate);
    ASN1OctetString octetString;
    try {
        octetString = DEROctetString.getInstance(result);
    } catch (IllegalArgumentException ex) {
        throw new P11TokenException("the returned result is not OCTET STRING");
    }
    return (octetString == null) ? null : octetString.getOctets();
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) Asn1P11EntityIdentifier(org.xipki.p11proxy.msg.Asn1P11EntityIdentifier) Asn1P11Params(org.xipki.p11proxy.msg.Asn1P11Params) P11ByteArrayParams(org.xipki.security.pkcs11.P11ByteArrayParams) Asn1SignTemplate(org.xipki.p11proxy.msg.Asn1SignTemplate) P11TokenException(org.xipki.security.exception.P11TokenException) Asn1RSAPkcsPssParams(org.xipki.p11proxy.msg.Asn1RSAPkcsPssParams) P11RSAPkcsPssParams(org.xipki.security.pkcs11.P11RSAPkcsPssParams) DEROctetString(org.bouncycastle.asn1.DEROctetString) P11IVParams(org.xipki.security.pkcs11.P11IVParams)

Example 4 with P11Params

use of org.xipki.security.pkcs11.P11Params in project xipki by xipki.

the class P11SM3WithSM2SignatureSpi method engineInitSign.

@Override
protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
    if (!(privateKey instanceof P11PrivateKey)) {
        throw new InvalidKeyException("privateKey is not instanceof " + P11PrivateKey.class.getName());
    }
    this.signingKey = (P11PrivateKey) privateKey;
    if (!(signingKey.getPublicKey() instanceof ECPublicKey)) {
        throw new InvalidKeyException("only EC key is allowed");
    }
    ECPublicKey pubKey = (ECPublicKey) signingKey.getPublicKey();
    if (!GMUtil.isSm2primev2Curve(pubKey.getParams().getCurve())) {
        throw new InvalidKeyException("only EC key of curve sm2primev2 is allowed");
    }
    String algo = privateKey.getAlgorithm();
    if (!("EC".equals(algo) || "ECDSA".equals(algo))) {
        throw new InvalidKeyException("privateKey is not an EC private key: " + algo);
    }
    byte[] userId = (paramSpec == null) ? "1234567812345678".getBytes() : paramSpec.getId();
    if (signingKey.supportsMechanism(PKCS11Constants.CKM_VENDOR_SM2)) {
        mechanism = PKCS11Constants.CKM_VENDOR_SM2;
        outputStream = new DigestOutputStream(HashAlgo.SM3.createDigest());
        p11Params = null;
        ECPoint w = pubKey.getW();
        sm2Z = GMUtil.getSM2Z(userId, GMObjectIdentifiers.sm2p256v1, w.getAffineX(), w.getAffineY());
        try {
            outputStream.write(sm2Z, 0, sm2Z.length);
        } catch (IOException ex) {
            throw new InvalidKeyException("could not compute Z of SM2");
        }
    } else if (signingKey.supportsMechanism(PKCS11Constants.CKM_VENDOR_SM2_SM3)) {
        mechanism = PKCS11Constants.CKM_VENDOR_SM2_SM3;
        outputStream = new ByteArrayOutputStream();
        p11Params = new P11ByteArrayParams(userId);
    } else {
        throw new InvalidKeyException("privateKey and algorithm does not match");
    }
    this.signingKey = (P11PrivateKey) privateKey;
}
Also used : ECPublicKey(java.security.interfaces.ECPublicKey) P11ByteArrayParams(org.xipki.security.pkcs11.P11ByteArrayParams) DigestOutputStream(org.xipki.security.pkcs11.DigestOutputStream) IOException(java.io.IOException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InvalidKeyException(java.security.InvalidKeyException) ECPoint(java.security.spec.ECPoint)

Example 5 with P11Params

use of org.xipki.security.pkcs11.P11Params in project xipki by xipki.

the class IaikP11Slot method getMechanism.

private static Mechanism getMechanism(long mechanism, P11Params parameters) throws P11TokenException {
    Mechanism ret = Mechanism.get(mechanism);
    if (parameters == null) {
        return ret;
    }
    Params paramObj;
    if (parameters instanceof P11RSAPkcsPssParams) {
        P11RSAPkcsPssParams param = (P11RSAPkcsPssParams) parameters;
        paramObj = new RSAPkcsPssParams(Mechanism.get(param.getHashAlgorithm()), param.getMaskGenerationFunction(), param.getSaltLength());
    } else if (parameters instanceof P11ByteArrayParams) {
        paramObj = new OpaqueParams(((P11ByteArrayParams) parameters).getBytes());
    } else if (parameters instanceof P11IVParams) {
        paramObj = new IVParams(((P11IVParams) parameters).getIV());
    } else {
        throw new P11TokenException("unknown P11Parameters " + parameters.getClass().getName());
    }
    if (paramObj != null) {
        ret.setParams(paramObj);
    }
    return ret;
}
Also used : OpaqueParams(iaik.pkcs.pkcs11.params.OpaqueParams) P11ByteArrayParams(org.xipki.security.pkcs11.P11ByteArrayParams) P11TokenException(org.xipki.security.exception.P11TokenException) P11RSAPkcsPssParams(org.xipki.security.pkcs11.P11RSAPkcsPssParams) IVParams(iaik.pkcs.pkcs11.params.IVParams) P11ByteArrayParams(org.xipki.security.pkcs11.P11ByteArrayParams) RSAPkcsPssParams(iaik.pkcs.pkcs11.params.RSAPkcsPssParams) P11IVParams(org.xipki.security.pkcs11.P11IVParams) P11Params(org.xipki.security.pkcs11.P11Params) Params(iaik.pkcs.pkcs11.params.Params) OpaqueParams(iaik.pkcs.pkcs11.params.OpaqueParams) P11RSAPkcsPssParams(org.xipki.security.pkcs11.P11RSAPkcsPssParams) Mechanism(iaik.pkcs.pkcs11.Mechanism) P11IVParams(org.xipki.security.pkcs11.P11IVParams) IVParams(iaik.pkcs.pkcs11.params.IVParams) P11IVParams(org.xipki.security.pkcs11.P11IVParams) P11RSAPkcsPssParams(org.xipki.security.pkcs11.P11RSAPkcsPssParams) RSAPkcsPssParams(iaik.pkcs.pkcs11.params.RSAPkcsPssParams)

Aggregations

P11TokenException (org.xipki.security.exception.P11TokenException)7 P11ByteArrayParams (org.xipki.security.pkcs11.P11ByteArrayParams)5 XiSecurityException (org.xipki.security.exception.XiSecurityException)4 P11IVParams (org.xipki.security.pkcs11.P11IVParams)4 ByteArrayOutputStream (java.io.ByteArrayOutputStream)2 IOException (java.io.IOException)2 InvalidKeyException (java.security.InvalidKeyException)2 DEROctetString (org.bouncycastle.asn1.DEROctetString)2 Asn1P11EntityIdentifier (org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)2 Asn1P11Params (org.xipki.p11proxy.msg.Asn1P11Params)2 Asn1SignTemplate (org.xipki.p11proxy.msg.Asn1SignTemplate)2 P11RSAPkcsPssParams (org.xipki.security.pkcs11.P11RSAPkcsPssParams)2 Mechanism (iaik.pkcs.pkcs11.Mechanism)1 IVParams (iaik.pkcs.pkcs11.params.IVParams)1 OpaqueParams (iaik.pkcs.pkcs11.params.OpaqueParams)1 Params (iaik.pkcs.pkcs11.params.Params)1 RSAPkcsPssParams (iaik.pkcs.pkcs11.params.RSAPkcsPssParams)1 PublicKey (java.security.PublicKey)1 SignatureException (java.security.SignatureException)1 CertificateException (java.security.cert.CertificateException)1