Search in sources :

Example 26 with P11TokenException

use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.

the class IaikP11Slot method getMechanism.

private static Mechanism getMechanism(long mechanism, P11Params parameters) throws P11TokenException {
    Mechanism ret = Mechanism.get(mechanism);
    if (parameters == null) {
        return ret;
    }
    Params paramObj;
    if (parameters instanceof P11RSAPkcsPssParams) {
        P11RSAPkcsPssParams param = (P11RSAPkcsPssParams) parameters;
        paramObj = new RSAPkcsPssParams(Mechanism.get(param.getHashAlgorithm()), param.getMaskGenerationFunction(), param.getSaltLength());
    } else if (parameters instanceof P11ByteArrayParams) {
        paramObj = new OpaqueParams(((P11ByteArrayParams) parameters).getBytes());
    } else if (parameters instanceof P11IVParams) {
        paramObj = new IVParams(((P11IVParams) parameters).getIV());
    } else {
        throw new P11TokenException("unknown P11Parameters " + parameters.getClass().getName());
    }
    if (paramObj != null) {
        ret.setParams(paramObj);
    }
    return ret;
}
Also used : OpaqueParams(iaik.pkcs.pkcs11.params.OpaqueParams) P11ByteArrayParams(org.xipki.security.pkcs11.P11ByteArrayParams) P11TokenException(org.xipki.security.exception.P11TokenException) P11RSAPkcsPssParams(org.xipki.security.pkcs11.P11RSAPkcsPssParams) IVParams(iaik.pkcs.pkcs11.params.IVParams) P11ByteArrayParams(org.xipki.security.pkcs11.P11ByteArrayParams) RSAPkcsPssParams(iaik.pkcs.pkcs11.params.RSAPkcsPssParams) P11IVParams(org.xipki.security.pkcs11.P11IVParams) P11Params(org.xipki.security.pkcs11.P11Params) Params(iaik.pkcs.pkcs11.params.Params) OpaqueParams(iaik.pkcs.pkcs11.params.OpaqueParams) P11RSAPkcsPssParams(org.xipki.security.pkcs11.P11RSAPkcsPssParams) Mechanism(iaik.pkcs.pkcs11.Mechanism) P11IVParams(org.xipki.security.pkcs11.P11IVParams) IVParams(iaik.pkcs.pkcs11.params.IVParams) P11IVParams(org.xipki.security.pkcs11.P11IVParams) P11RSAPkcsPssParams(org.xipki.security.pkcs11.P11RSAPkcsPssParams) RSAPkcsPssParams(iaik.pkcs.pkcs11.params.RSAPkcsPssParams)

Example 27 with P11TokenException

use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.

the class IaikP11Slot method generateSecretKey0.

@Override
protected P11Identity generateSecretKey0(long keyType, int keysize, String label, P11NewKeyControl control) throws P11TokenException {
    if (keysize % 8 != 0) {
        throw new IllegalArgumentException("keysize is not multiple of 8: " + keysize);
    }
    long mech;
    if (PKCS11Constants.CKK_AES == keyType) {
        mech = PKCS11Constants.CKM_AES_KEY_GEN;
    } else if (PKCS11Constants.CKK_DES3 == keyType) {
        mech = PKCS11Constants.CKM_DES3_KEY_GEN;
    } else if (PKCS11Constants.CKK_GENERIC_SECRET == keyType) {
        mech = PKCS11Constants.CKM_GENERIC_SECRET_KEY_GEN;
    } else if (PKCS11Constants.CKK_SHA_1_HMAC == keyType || PKCS11Constants.CKK_SHA224_HMAC == keyType || PKCS11Constants.CKK_SHA256_HMAC == keyType || PKCS11Constants.CKK_SHA384_HMAC == keyType || PKCS11Constants.CKK_SHA512_HMAC == keyType || PKCS11Constants.CKK_SHA3_224_HMAC == keyType || PKCS11Constants.CKK_SHA3_256_HMAC == keyType || PKCS11Constants.CKK_SHA3_384_HMAC == keyType || PKCS11Constants.CKK_SHA3_512_HMAC == keyType) {
        mech = PKCS11Constants.CKM_GENERIC_SECRET_KEY_GEN;
    } else {
        throw new IllegalArgumentException("unsupported key type 0x" + Functions.toFullHex((int) keyType));
    }
    assertMechanismSupported(mech);
    ValuedSecretKey template = new ValuedSecretKey(keyType);
    template.getToken().setBooleanValue(true);
    template.getLabel().setCharArrayValue(label.toCharArray());
    template.getSign().setBooleanValue(true);
    template.getSensitive().setBooleanValue(true);
    template.getExtractable().setBooleanValue(control.isExtractable());
    template.getValueLen().setLongValue((long) (keysize / 8));
    Mechanism mechanism = Mechanism.get(mech);
    SecretKey key;
    Session session = borrowWritableSession();
    try {
        if (labelExists(session, label)) {
            throw new IllegalArgumentException("label " + label + " exists, please specify another one");
        }
        byte[] id = generateKeyId(session);
        template.getId().setByteArrayValue(id);
        try {
            key = (SecretKey) session.generateKey(mechanism, template);
        } catch (TokenException ex) {
            throw new P11TokenException("could not generate generic secret key using " + mechanism.getName(), ex);
        }
        P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
        P11EntityIdentifier entityId = new P11EntityIdentifier(slotId, objId);
        return new IaikP11Identity(this, entityId, key);
    } finally {
        returnWritableSession(session);
    }
}
Also used : ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier) Mechanism(iaik.pkcs.pkcs11.Mechanism) Session(iaik.pkcs.pkcs11.Session)

Example 28 with P11TokenException

use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.

the class EmulatorP11Identity method sm2Sign.

private byte[] sm2Sign(P11Params params, byte[] dataToSign, HashAlgo hash) throws P11TokenException {
    if (params == null) {
        throw new P11TokenException("userId must not be null");
    }
    byte[] userId;
    if (params instanceof P11ByteArrayParams) {
        userId = ((P11ByteArrayParams) params).getBytes();
    } else {
        throw new P11TokenException("params must be instanceof P11ByteArrayParams");
    }
    ConcurrentBagEntry<SM2Signer> sig0;
    try {
        sig0 = sm2Signers.borrow(5000, TimeUnit.MILLISECONDS);
    } catch (InterruptedException ex) {
        throw new P11TokenException("InterruptedException occurs while retrieving idle signature");
    }
    if (sig0 == null) {
        throw new P11TokenException("no idle SM2 Signer available");
    }
    try {
        SM2Signer sig = sig0.value();
        byte[] x962Signature = sig.generateSignatureForMessage(userId, dataToSign);
        return SignerUtil.dsaSigX962ToPlain(x962Signature, getSignatureKeyBitLength());
    } catch (CryptoException ex) {
        throw new P11TokenException("CryptoException: " + ex.getMessage(), ex);
    } catch (XiSecurityException ex) {
        throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex);
    } finally {
        sm2Signers.requite(sig0);
    }
}
Also used : XiSecurityException(org.xipki.security.exception.XiSecurityException) P11ByteArrayParams(org.xipki.security.pkcs11.P11ByteArrayParams) P11TokenException(org.xipki.security.exception.P11TokenException) CryptoException(org.bouncycastle.crypto.CryptoException)

Example 29 with P11TokenException

use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.

the class SignerFactoryRegisterImpl method newPkcs11Signer.

private ConcurrentContentSigner newPkcs11Signer(SecurityFactory securityFactory, String type, SignerConf conf, X509Certificate[] certificateChain) throws ObjectCreationException {
    if (p11CryptServiceFactory == null) {
        throw new ObjectCreationException("p11CryptServiceFactory is not set");
    }
    String str = conf.getConfValue("parallelism");
    int parallelism = securityFactory.getDefaultSignerParallelism();
    if (str != null) {
        try {
            parallelism = Integer.parseInt(str);
        } catch (NumberFormatException ex) {
            throw new ObjectCreationException("invalid parallelism " + str);
        }
        if (parallelism < 1) {
            throw new ObjectCreationException("invalid parallelism " + str);
        }
    }
    String moduleName = conf.getConfValue("module");
    str = conf.getConfValue("slot");
    Integer slotIndex = (str == null) ? null : Integer.parseInt(str);
    str = conf.getConfValue("slot-id");
    Long slotId = (str == null) ? null : Long.parseLong(str);
    if ((slotIndex == null && slotId == null) || (slotIndex != null && slotId != null)) {
        throw new ObjectCreationException("exactly one of slot (index) and slot-id must be specified");
    }
    String keyLabel = conf.getConfValue("key-label");
    str = conf.getConfValue("key-id");
    byte[] keyId = null;
    if (str != null) {
        keyId = Hex.decode(str);
    }
    if ((keyId == null && keyLabel == null) || (keyId != null && keyLabel != null)) {
        throw new ObjectCreationException("exactly one of key-id and key-label must be specified");
    }
    P11CryptService p11Service;
    P11Slot slot;
    try {
        p11Service = p11CryptServiceFactory.getP11CryptService(moduleName);
        P11Module module = p11Service.getModule();
        P11SlotIdentifier p11SlotId;
        if (slotId != null) {
            p11SlotId = module.getSlotIdForId(slotId);
        } else if (slotIndex != null) {
            p11SlotId = module.getSlotIdForIndex(slotIndex);
        } else {
            throw new RuntimeException("should not reach here");
        }
        slot = module.getSlot(p11SlotId);
    } catch (P11TokenException | XiSecurityException ex) {
        throw new ObjectCreationException(ex.getMessage(), ex);
    }
    P11ObjectIdentifier p11ObjId = (keyId != null) ? slot.getObjectIdForId(keyId) : slot.getObjectIdForLabel(keyLabel);
    if (p11ObjId == null) {
        String str2 = (keyId != null) ? "id " + Hex.encode(keyId) : "label " + keyLabel;
        throw new ObjectCreationException("cound not find identity with " + str2);
    }
    P11EntityIdentifier entityId = new P11EntityIdentifier(slot.getSlotId(), p11ObjId);
    try {
        AlgorithmIdentifier macAlgId = null;
        String algoName = conf.getConfValue("algo");
        if (algoName != null) {
            try {
                macAlgId = AlgorithmUtil.getMacAlgId(algoName);
            } catch (NoSuchAlgorithmException ex) {
            // do nothing
            }
        }
        if (macAlgId != null) {
            P11MacContentSignerBuilder signerBuilder = new P11MacContentSignerBuilder(p11Service, entityId);
            return signerBuilder.createSigner(macAlgId, parallelism);
        } else {
            AlgorithmIdentifier signatureAlgId;
            if (conf.getHashAlgo() == null) {
                signatureAlgId = AlgorithmUtil.getSigAlgId(null, conf);
            } else {
                PublicKey pubKey = slot.getIdentity(p11ObjId).getPublicKey();
                signatureAlgId = AlgorithmUtil.getSigAlgId(pubKey, conf);
            }
            P11ContentSignerBuilder signerBuilder = new P11ContentSignerBuilder(p11Service, securityFactory, entityId, certificateChain);
            return signerBuilder.createSigner(signatureAlgId, parallelism);
        }
    } catch (P11TokenException | NoSuchAlgorithmException | XiSecurityException ex) {
        throw new ObjectCreationException(ex.getMessage(), ex);
    }
}
Also used : P11MacContentSignerBuilder(org.xipki.security.pkcs11.P11MacContentSignerBuilder) P11Module(org.xipki.security.pkcs11.P11Module) P11SlotIdentifier(org.xipki.security.pkcs11.P11SlotIdentifier) PublicKey(java.security.PublicKey) P11Slot(org.xipki.security.pkcs11.P11Slot) P11TokenException(org.xipki.security.exception.P11TokenException) P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) P11ContentSignerBuilder(org.xipki.security.pkcs11.P11ContentSignerBuilder) P11CryptService(org.xipki.security.pkcs11.P11CryptService) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) XiSecurityException(org.xipki.security.exception.XiSecurityException) ObjectCreationException(org.xipki.common.ObjectCreationException) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)

Example 30 with P11TokenException

use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.

the class P11DSASignatureSpi method engineSign.

@Override
protected byte[] engineSign() throws SignatureException {
    byte[] dataToSign;
    if (outputStream instanceof ByteArrayOutputStream) {
        dataToSign = ((ByteArrayOutputStream) outputStream).toByteArray();
        ((ByteArrayOutputStream) outputStream).reset();
    } else {
        dataToSign = ((DigestOutputStream) outputStream).digest();
        ((DigestOutputStream) outputStream).reset();
    }
    try {
        byte[] plainSignature = signingKey.sign(mechanism, null, dataToSign);
        return SignerUtil.dsaSigPlainToX962(plainSignature);
    } catch (P11TokenException | XiSecurityException ex) {
        throw new SignatureException(ex.getMessage(), ex);
    }
}
Also used : XiSecurityException(org.xipki.security.exception.XiSecurityException) DigestOutputStream(org.xipki.security.pkcs11.DigestOutputStream) P11TokenException(org.xipki.security.exception.P11TokenException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) SignatureException(java.security.SignatureException)

Aggregations

P11TokenException (org.xipki.security.exception.P11TokenException)15 P11EntityIdentifier (org.xipki.security.pkcs11.P11EntityIdentifier)11 P11TokenException (org.xipki.security.pkcs11.P11TokenException)11 P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)9 XiSecurityException (org.xipki.security.exception.XiSecurityException)8 P11CryptService (org.xipki.security.pkcs11.P11CryptService)7 P11Module (org.xipki.security.pkcs11.P11Module)6 P11SlotIdentifier (org.xipki.security.pkcs11.P11SlotIdentifier)6 TokenException (iaik.pkcs.pkcs11.TokenException)4 PublicKey (java.security.PublicKey)4 DEROctetString (org.bouncycastle.asn1.DEROctetString)4 Asn1P11EntityIdentifier (org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)4 P11Params (org.xipki.security.pkcs11.P11Params)4 P11Slot (org.xipki.security.pkcs11.P11Slot)4 Mechanism (iaik.pkcs.pkcs11.Mechanism)3 Session (iaik.pkcs.pkcs11.Session)3 PKCS11Exception (iaik.pkcs.pkcs11.wrapper.PKCS11Exception)3 IOException (java.io.IOException)3 HashSet (java.util.HashSet)3 BadAsn1ObjectException (org.xipki.security.exception.BadAsn1ObjectException)3