Examples with P11RSAPkcsPssParams - org.xipki.security.pkcs11.P11RSAPkcsPssParams

Example 1 with P11RSAPkcsPssParams

use of org.xipki.security.pkcs11.P11RSAPkcsPssParams in project xipki by xipki.

the class ProxyP11Identity method sign0.

@Override
protected byte[] sign0(long mechanism, P11Params parameters, byte[] content) throws P11TokenException {
    Asn1P11EntityIdentifier asn1EntityId = new Asn1P11EntityIdentifier(identityId);
    Asn1P11Params p11Param = null;
    if (parameters != null) {
        if (parameters instanceof P11RSAPkcsPssParams) {
            p11Param = new Asn1P11Params(Asn1P11Params.TAG_RSA_PKCS_PSS, new Asn1RSAPkcsPssParams((P11RSAPkcsPssParams) parameters));
        } else if (parameters instanceof P11ByteArrayParams) {
            byte[] bytes = ((P11ByteArrayParams) parameters).getBytes();
            p11Param = new Asn1P11Params(Asn1P11Params.TAG_OPAQUE, new DEROctetString(bytes));
        } else if (parameters instanceof P11IVParams) {
            p11Param = new Asn1P11Params(Asn1P11Params.TAG_IV, new DEROctetString(((P11IVParams) parameters).getIV()));
        } else {
            throw new IllegalArgumentException("unkown parameter 'parameters'");
        }
    }
    Asn1SignTemplate signTemplate = new Asn1SignTemplate(asn1EntityId, mechanism, p11Param, content);
    byte[] result = ((ProxyP11Slot) slot).getModule().send(P11ProxyConstants.ACTION_SIGN, signTemplate);
    ASN1OctetString octetString;
    try {
        octetString = DEROctetString.getInstance(result);
    } catch (IllegalArgumentException ex) {
        throw new P11TokenException("the returned result is not OCTET STRING");
    }
    return (octetString == null) ? null : octetString.getOctets();
}

Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) Asn1P11EntityIdentifier(org.xipki.p11proxy.msg.Asn1P11EntityIdentifier) Asn1P11Params(org.xipki.p11proxy.msg.Asn1P11Params) P11ByteArrayParams(org.xipki.security.pkcs11.P11ByteArrayParams) Asn1SignTemplate(org.xipki.p11proxy.msg.Asn1SignTemplate) P11TokenException(org.xipki.security.exception.P11TokenException) Asn1RSAPkcsPssParams(org.xipki.p11proxy.msg.Asn1RSAPkcsPssParams) P11RSAPkcsPssParams(org.xipki.security.pkcs11.P11RSAPkcsPssParams) DEROctetString(org.bouncycastle.asn1.DEROctetString) P11IVParams(org.xipki.security.pkcs11.P11IVParams)

Example 2 with P11RSAPkcsPssParams

use of org.xipki.security.pkcs11.P11RSAPkcsPssParams in project xipki by xipki.

the class IaikP11Slot method getMechanism.

private static Mechanism getMechanism(long mechanism, P11Params parameters) throws P11TokenException {
    Mechanism ret = Mechanism.get(mechanism);
    if (parameters == null) {
        return ret;
    }
    Params paramObj;
    if (parameters instanceof P11RSAPkcsPssParams) {
        P11RSAPkcsPssParams param = (P11RSAPkcsPssParams) parameters;
        paramObj = new RSAPkcsPssParams(Mechanism.get(param.getHashAlgorithm()), param.getMaskGenerationFunction(), param.getSaltLength());
    } else if (parameters instanceof P11ByteArrayParams) {
        paramObj = new OpaqueParams(((P11ByteArrayParams) parameters).getBytes());
    } else if (parameters instanceof P11IVParams) {
        paramObj = new IVParams(((P11IVParams) parameters).getIV());
    } else {
        throw new P11TokenException("unknown P11Parameters " + parameters.getClass().getName());
    }
    if (paramObj != null) {
        ret.setParams(paramObj);
    }
    return ret;
}

Also used : OpaqueParams(iaik.pkcs.pkcs11.params.OpaqueParams) P11ByteArrayParams(org.xipki.security.pkcs11.P11ByteArrayParams) P11TokenException(org.xipki.security.exception.P11TokenException) P11RSAPkcsPssParams(org.xipki.security.pkcs11.P11RSAPkcsPssParams) IVParams(iaik.pkcs.pkcs11.params.IVParams) P11ByteArrayParams(org.xipki.security.pkcs11.P11ByteArrayParams) RSAPkcsPssParams(iaik.pkcs.pkcs11.params.RSAPkcsPssParams) P11IVParams(org.xipki.security.pkcs11.P11IVParams) P11Params(org.xipki.security.pkcs11.P11Params) Params(iaik.pkcs.pkcs11.params.Params) OpaqueParams(iaik.pkcs.pkcs11.params.OpaqueParams) P11RSAPkcsPssParams(org.xipki.security.pkcs11.P11RSAPkcsPssParams) Mechanism(iaik.pkcs.pkcs11.Mechanism) P11IVParams(org.xipki.security.pkcs11.P11IVParams) IVParams(iaik.pkcs.pkcs11.params.IVParams) P11IVParams(org.xipki.security.pkcs11.P11IVParams) P11RSAPkcsPssParams(org.xipki.security.pkcs11.P11RSAPkcsPssParams) RSAPkcsPssParams(iaik.pkcs.pkcs11.params.RSAPkcsPssParams)

Example 3 with P11RSAPkcsPssParams

use of org.xipki.security.pkcs11.P11RSAPkcsPssParams in project xipki by xipki.

the class EmulatorP11Identity method rsaPkcsPssSign.

private byte[] rsaPkcsPssSign(P11Params parameters, byte[] contentToSign, HashAlgo hashAlgo) throws P11TokenException {
    if (!(parameters instanceof P11RSAPkcsPssParams)) {
        throw new P11TokenException("the parameters is not of " + P11RSAPkcsPssParams.class.getName());
    }
    P11RSAPkcsPssParams pssParam = (P11RSAPkcsPssParams) parameters;
    HashAlgo contentHash = HashAlgo.getInstanceForPkcs11HashMech(pssParam.getHashAlgorithm());
    if (contentHash == null) {
        throw new P11TokenException("unsupported HashAlgorithm " + pssParam.getHashAlgorithm());
    } else if (hashAlgo != null && contentHash != hashAlgo) {
        throw new P11TokenException("Invalid parameters: invalid hash algorithm");
    }
    HashAlgo mgfHash = HashAlgo.getInstanceForPkcs11MgfMech(pssParam.getMaskGenerationFunction());
    if (mgfHash == null) {
        throw new P11TokenException("unsupported MaskGenerationFunction " + pssParam.getHashAlgorithm());
    }
    byte[] hashValue = (hashAlgo == null) ? contentToSign : hashAlgo.hash(contentToSign);
    byte[] encodedHashValue;
    try {
        encodedHashValue = SignerUtil.EMSA_PSS_ENCODE(contentHash, hashValue, mgfHash, (int) pssParam.getSaltLength(), getSignatureKeyBitLength(), random);
    } catch (XiSecurityException ex) {
        throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex);
    }
    return rsaX509Sign(encodedHashValue);
}

Also used : XiSecurityException(org.xipki.security.exception.XiSecurityException) HashAlgo(org.xipki.security.HashAlgo) P11TokenException(org.xipki.security.exception.P11TokenException) P11RSAPkcsPssParams(org.xipki.security.pkcs11.P11RSAPkcsPssParams)

Aggregations

P11TokenException (org.xipki.security.exception.P11TokenException)3 P11RSAPkcsPssParams (org.xipki.security.pkcs11.P11RSAPkcsPssParams)3 P11ByteArrayParams (org.xipki.security.pkcs11.P11ByteArrayParams)2 P11IVParams (org.xipki.security.pkcs11.P11IVParams)2 Mechanism (iaik.pkcs.pkcs11.Mechanism)1 IVParams (iaik.pkcs.pkcs11.params.IVParams)1 OpaqueParams (iaik.pkcs.pkcs11.params.OpaqueParams)1 Params (iaik.pkcs.pkcs11.params.Params)1 RSAPkcsPssParams (iaik.pkcs.pkcs11.params.RSAPkcsPssParams)1 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)1 DEROctetString (org.bouncycastle.asn1.DEROctetString)1 Asn1P11EntityIdentifier (org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)1 Asn1P11Params (org.xipki.p11proxy.msg.Asn1P11Params)1 Asn1RSAPkcsPssParams (org.xipki.p11proxy.msg.Asn1RSAPkcsPssParams)1 Asn1SignTemplate (org.xipki.p11proxy.msg.Asn1SignTemplate)1 HashAlgo (org.xipki.security.HashAlgo)1 XiSecurityException (org.xipki.security.exception.XiSecurityException)1 P11Params (org.xipki.security.pkcs11.P11Params)1