Example 6 with P11Params
use of org.xipki.security.pkcs11.P11Params in project xipki by xipki.
the class EmulatorP11Identity method aesGmac.
// TODO: check the correctness
private byte[] aesGmac(P11Params params, byte[] contentToSign) throws P11TokenException {
if (params == null) {
throw new P11TokenException("iv must not be null");
}
byte[] iv;
if (params instanceof P11IVParams) {
iv = ((P11IVParams) params).getIV();
} else {
throw new P11TokenException("params must be instanceof P11IVParams");
}
GMac gmac = new GMac(new GCMBlockCipher(new AESEngine()));
ParametersWithIV paramsWithIv = new ParametersWithIV(new KeyParameter(signingKey.getEncoded()), iv);
gmac.init(paramsWithIv);
gmac.update(contentToSign, 0, contentToSign.length);
byte[] signature = new byte[gmac.getMacSize()];
gmac.doFinal(signature, 0);
return signature;
}
Also used :
ParametersWithIV(org.bouncycastle.crypto.params.ParametersWithIV)
AESEngine(org.bouncycastle.crypto.engines.AESEngine)
P11TokenException(org.xipki.security.exception.P11TokenException)
KeyParameter(org.bouncycastle.crypto.params.KeyParameter)
GMac(org.bouncycastle.crypto.macs.GMac)
GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher)
P11IVParams(org.xipki.security.pkcs11.P11IVParams)
Example 7 with P11Params
use of org.xipki.security.pkcs11.P11Params in project xipki by xipki.
the class EmulatorP11Identity method rsaPkcsPssSign.
private byte[] rsaPkcsPssSign(P11Params parameters, byte[] contentToSign, HashAlgo hashAlgo) throws P11TokenException {
if (!(parameters instanceof P11RSAPkcsPssParams)) {
throw new P11TokenException("the parameters is not of " + P11RSAPkcsPssParams.class.getName());
}
P11RSAPkcsPssParams pssParam = (P11RSAPkcsPssParams) parameters;
HashAlgo contentHash = HashAlgo.getInstanceForPkcs11HashMech(pssParam.getHashAlgorithm());
if (contentHash == null) {
throw new P11TokenException("unsupported HashAlgorithm " + pssParam.getHashAlgorithm());
} else if (hashAlgo != null && contentHash != hashAlgo) {
throw new P11TokenException("Invalid parameters: invalid hash algorithm");
}
HashAlgo mgfHash = HashAlgo.getInstanceForPkcs11MgfMech(pssParam.getMaskGenerationFunction());
if (mgfHash == null) {
throw new P11TokenException("unsupported MaskGenerationFunction " + pssParam.getHashAlgorithm());
}
byte[] hashValue = (hashAlgo == null) ? contentToSign : hashAlgo.hash(contentToSign);
byte[] encodedHashValue;
try {
encodedHashValue = SignerUtil.EMSA_PSS_ENCODE(contentHash, hashValue, mgfHash, (int) pssParam.getSaltLength(), getSignatureKeyBitLength(), random);
} catch (XiSecurityException ex) {
throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex);
}
return rsaX509Sign(encodedHashValue);
}
Also used :
XiSecurityException(org.xipki.security.exception.XiSecurityException)
HashAlgo(org.xipki.security.HashAlgo)
P11TokenException(org.xipki.security.exception.P11TokenException)
P11RSAPkcsPssParams(org.xipki.security.pkcs11.P11RSAPkcsPssParams)
Example 8 with P11Params
use of org.xipki.security.pkcs11.P11Params in project xipki by xipki.
the class EmulatorP11Identity method sm2Sign.
private byte[] sm2Sign(P11Params params, byte[] dataToSign, HashAlgo hash) throws P11TokenException {
if (params == null) {
throw new P11TokenException("userId must not be null");
}
byte[] userId;
if (params instanceof P11ByteArrayParams) {
userId = ((P11ByteArrayParams) params).getBytes();
} else {
throw new P11TokenException("params must be instanceof P11ByteArrayParams");
}
ConcurrentBagEntry<SM2Signer> sig0;
try {
sig0 = sm2Signers.borrow(5000, TimeUnit.MILLISECONDS);
} catch (InterruptedException ex) {
throw new P11TokenException("InterruptedException occurs while retrieving idle signature");
}
if (sig0 == null) {
throw new P11TokenException("no idle SM2 Signer available");
}
try {
SM2Signer sig = sig0.value();
byte[] x962Signature = sig.generateSignatureForMessage(userId, dataToSign);
return SignerUtil.dsaSigX962ToPlain(x962Signature, getSignatureKeyBitLength());
} catch (CryptoException ex) {
throw new P11TokenException("CryptoException: " + ex.getMessage(), ex);
} catch (XiSecurityException ex) {
throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex);
} finally {
sm2Signers.requite(sig0);
}
}
Also used :
XiSecurityException(org.xipki.security.exception.XiSecurityException)
P11ByteArrayParams(org.xipki.security.pkcs11.P11ByteArrayParams)
P11TokenException(org.xipki.security.exception.P11TokenException)
CryptoException(org.bouncycastle.crypto.CryptoException)
Aggregations
P11TokenException (org.xipki.security.exception.P11TokenException)7
P11ByteArrayParams (org.xipki.security.pkcs11.P11ByteArrayParams)5
XiSecurityException (org.xipki.security.exception.XiSecurityException)4
P11IVParams (org.xipki.security.pkcs11.P11IVParams)4
ByteArrayOutputStream (java.io.ByteArrayOutputStream)2
IOException (java.io.IOException)2
InvalidKeyException (java.security.InvalidKeyException)2
DEROctetString (org.bouncycastle.asn1.DEROctetString)2
Asn1P11EntityIdentifier (org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)2
Asn1P11Params (org.xipki.p11proxy.msg.Asn1P11Params)2
Asn1SignTemplate (org.xipki.p11proxy.msg.Asn1SignTemplate)2
P11RSAPkcsPssParams (org.xipki.security.pkcs11.P11RSAPkcsPssParams)2
Mechanism (iaik.pkcs.pkcs11.Mechanism)1
IVParams (iaik.pkcs.pkcs11.params.IVParams)1
OpaqueParams (iaik.pkcs.pkcs11.params.OpaqueParams)1
Params (iaik.pkcs.pkcs11.params.Params)1
RSAPkcsPssParams (iaik.pkcs.pkcs11.params.RSAPkcsPssParams)1
PublicKey (java.security.PublicKey)1
SignatureException (java.security.SignatureException)1
CertificateException (java.security.cert.CertificateException)1
