author | jjg |
Mon, 15 Aug 2011 11:48:20 -0700 | |
changeset 10336 | 0bb1999251f8 |
parent 8542 | 62c7b10ce177 |
child 11521 | d7698e6c5f51 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
8542 | 2 |
* Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
package sun.security.pkcs11; |
|
26 |
||
27 |
import java.nio.ByteBuffer; |
|
289 | 28 |
import java.util.Arrays; |
6122
16fa7ed7ff1b
6867345: Turkish regional options cause NPE in sun.security.x509.AlgorithmId.algOID
xuelei
parents:
5506
diff
changeset
|
29 |
import java.util.Locale; |
2 | 30 |
|
31 |
import java.security.*; |
|
32 |
import java.security.spec.*; |
|
33 |
||
34 |
import javax.crypto.*; |
|
35 |
import javax.crypto.spec.*; |
|
36 |
||
37 |
import sun.nio.ch.DirectBuffer; |
|
38 |
import sun.security.pkcs11.wrapper.*; |
|
39 |
import static sun.security.pkcs11.wrapper.PKCS11Constants.*; |
|
40 |
||
41 |
/** |
|
42 |
* Cipher implementation class. This class currently supports |
|
43 |
* DES, DESede, AES, ARCFOUR, and Blowfish. |
|
44 |
* |
|
8542 | 45 |
* This class is designed to support ECB, CBC, CTR with NoPadding |
46 |
* and ECB, CBC with PKCS5Padding. It will use its own padding impl |
|
47 |
* if the native mechanism does not support padding. |
|
2 | 48 |
* |
8542 | 49 |
* Note that PKCS#11 currently only supports ECB, CBC, and CTR. |
50 |
* There are no provisions for other modes such as CFB, OFB, and PCBC. |
|
2 | 51 |
* |
52 |
* @author Andreas Sterbenz |
|
53 |
* @since 1.5 |
|
54 |
*/ |
|
55 |
final class P11Cipher extends CipherSpi { |
|
56 |
||
57 |
// mode constant for ECB mode |
|
58 |
private final static int MODE_ECB = 3; |
|
59 |
// mode constant for CBC mode |
|
60 |
private final static int MODE_CBC = 4; |
|
8542 | 61 |
// mode constant for CTR mode |
62 |
private final static int MODE_CTR = 5; |
|
2 | 63 |
|
64 |
// padding constant for NoPadding |
|
289 | 65 |
private final static int PAD_NONE = 5; |
2 | 66 |
// padding constant for PKCS5Padding |
67 |
private final static int PAD_PKCS5 = 6; |
|
68 |
||
289 | 69 |
private static interface Padding { |
70 |
// ENC: format the specified buffer with padding bytes and return the |
|
71 |
// actual padding length |
|
72 |
int setPaddingBytes(byte[] paddingBuffer, int padLen); |
|
73 |
||
74 |
// DEC: return the length of trailing padding bytes given the specified |
|
75 |
// padded data |
|
296
a26e4ea2ca63
6682411: JCK test failed w/ ArrayIndexOutOfBoundException (-1) when decrypting with no data
valeriep
parents:
289
diff
changeset
|
76 |
int unpad(byte[] paddedData, int len) |
7269
b7fe0ebc290c
6687725: Internal PKCS5Padding impl should throw IllegalBlockSizeException and not BadPaddingException
valeriep
parents:
6122
diff
changeset
|
77 |
throws BadPaddingException, IllegalBlockSizeException; |
289 | 78 |
} |
79 |
||
80 |
private static class PKCS5Padding implements Padding { |
|
81 |
||
82 |
private final int blockSize; |
|
83 |
||
84 |
PKCS5Padding(int blockSize) |
|
85 |
throws NoSuchPaddingException { |
|
86 |
if (blockSize == 0) { |
|
87 |
throw new NoSuchPaddingException |
|
88 |
("PKCS#5 padding not supported with stream ciphers"); |
|
89 |
} |
|
90 |
this.blockSize = blockSize; |
|
91 |
} |
|
92 |
||
93 |
public int setPaddingBytes(byte[] paddingBuffer, int padLen) { |
|
94 |
Arrays.fill(paddingBuffer, 0, padLen, (byte) (padLen & 0x007f)); |
|
95 |
return padLen; |
|
96 |
} |
|
97 |
||
296
a26e4ea2ca63
6682411: JCK test failed w/ ArrayIndexOutOfBoundException (-1) when decrypting with no data
valeriep
parents:
289
diff
changeset
|
98 |
public int unpad(byte[] paddedData, int len) |
7269
b7fe0ebc290c
6687725: Internal PKCS5Padding impl should throw IllegalBlockSizeException and not BadPaddingException
valeriep
parents:
6122
diff
changeset
|
99 |
throws BadPaddingException, IllegalBlockSizeException { |
b7fe0ebc290c
6687725: Internal PKCS5Padding impl should throw IllegalBlockSizeException and not BadPaddingException
valeriep
parents:
6122
diff
changeset
|
100 |
if ((len < 1) || (len % blockSize != 0)) { |
b7fe0ebc290c
6687725: Internal PKCS5Padding impl should throw IllegalBlockSizeException and not BadPaddingException
valeriep
parents:
6122
diff
changeset
|
101 |
throw new IllegalBlockSizeException |
b7fe0ebc290c
6687725: Internal PKCS5Padding impl should throw IllegalBlockSizeException and not BadPaddingException
valeriep
parents:
6122
diff
changeset
|
102 |
("Input length must be multiples of " + blockSize); |
296
a26e4ea2ca63
6682411: JCK test failed w/ ArrayIndexOutOfBoundException (-1) when decrypting with no data
valeriep
parents:
289
diff
changeset
|
103 |
} |
a26e4ea2ca63
6682411: JCK test failed w/ ArrayIndexOutOfBoundException (-1) when decrypting with no data
valeriep
parents:
289
diff
changeset
|
104 |
byte padValue = paddedData[len - 1]; |
289 | 105 |
if (padValue < 1 || padValue > blockSize) { |
106 |
throw new BadPaddingException("Invalid pad value!"); |
|
107 |
} |
|
108 |
// sanity check padding bytes |
|
296
a26e4ea2ca63
6682411: JCK test failed w/ ArrayIndexOutOfBoundException (-1) when decrypting with no data
valeriep
parents:
289
diff
changeset
|
109 |
int padStartIndex = len - padValue; |
289 | 110 |
for (int i = padStartIndex; i < len; i++) { |
111 |
if (paddedData[i] != padValue) { |
|
112 |
throw new BadPaddingException("Invalid pad bytes!"); |
|
113 |
} |
|
114 |
} |
|
115 |
return padValue; |
|
116 |
} |
|
117 |
} |
|
118 |
||
2 | 119 |
// token instance |
120 |
private final Token token; |
|
121 |
||
122 |
// algorithm name |
|
123 |
private final String algorithm; |
|
124 |
||
125 |
// name of the key algorithm, e.g. DES instead of algorithm DES/CBC/... |
|
126 |
private final String keyAlgorithm; |
|
127 |
||
128 |
// mechanism id |
|
129 |
private final long mechanism; |
|
130 |
||
131 |
// associated session, if any |
|
132 |
private Session session; |
|
133 |
||
134 |
// key, if init() was called |
|
135 |
private P11Key p11Key; |
|
136 |
||
137 |
// flag indicating whether an operation is initialized |
|
138 |
private boolean initialized; |
|
139 |
||
140 |
// falg indicating encrypt or decrypt mode |
|
141 |
private boolean encrypt; |
|
142 |
||
143 |
// mode, one of MODE_* above (MODE_ECB for stream ciphers) |
|
144 |
private int blockMode; |
|
145 |
||
146 |
// block size, 0 for stream ciphers |
|
147 |
private final int blockSize; |
|
148 |
||
149 |
// padding type, on of PAD_* above (PAD_NONE for stream ciphers) |
|
150 |
private int paddingType; |
|
151 |
||
289 | 152 |
// when the padding is requested but unsupported by the native mechanism, |
153 |
// we use the following to do padding and necessary data buffering. |
|
154 |
// padding object which generate padding and unpad the decrypted data |
|
155 |
private Padding paddingObj; |
|
156 |
// buffer for holding back the block which contains padding bytes |
|
157 |
private byte[] padBuffer; |
|
158 |
private int padBufferLen; |
|
159 |
||
8542 | 160 |
// original IV, if in MODE_CBC or MODE_CTR |
2 | 161 |
private byte[] iv; |
162 |
||
289 | 163 |
// number of bytes buffered internally by the native mechanism and padBuffer |
164 |
// if we do the padding |
|
165 |
private int bytesBuffered; |
|
2 | 166 |
|
167 |
P11Cipher(Token token, String algorithm, long mechanism) |
|
289 | 168 |
throws PKCS11Exception, NoSuchAlgorithmException { |
2 | 169 |
super(); |
170 |
this.token = token; |
|
171 |
this.algorithm = algorithm; |
|
172 |
this.mechanism = mechanism; |
|
289 | 173 |
|
174 |
String algoParts[] = algorithm.split("/"); |
|
175 |
keyAlgorithm = algoParts[0]; |
|
176 |
||
2 | 177 |
if (keyAlgorithm.equals("AES")) { |
178 |
blockSize = 16; |
|
289 | 179 |
} else if (keyAlgorithm.equals("RC4") || |
180 |
keyAlgorithm.equals("ARCFOUR")) { |
|
2 | 181 |
blockSize = 0; |
182 |
} else { // DES, DESede, Blowfish |
|
183 |
blockSize = 8; |
|
289 | 184 |
} |
185 |
this.blockMode = |
|
186 |
(algoParts.length > 1 ? parseMode(algoParts[1]) : MODE_ECB); |
|
187 |
||
188 |
String defPadding = (blockSize == 0 ? "NoPadding" : "PKCS5Padding"); |
|
189 |
String paddingStr = |
|
190 |
(algoParts.length > 2 ? algoParts[2] : defPadding); |
|
191 |
try { |
|
192 |
engineSetPadding(paddingStr); |
|
193 |
} catch (NoSuchPaddingException nspe) { |
|
194 |
// should not happen |
|
195 |
throw new ProviderException(nspe); |
|
2 | 196 |
} |
197 |
} |
|
198 |
||
199 |
protected void engineSetMode(String mode) throws NoSuchAlgorithmException { |
|
289 | 200 |
// Disallow change of mode for now since currently it's explicitly |
201 |
// defined in transformation strings |
|
202 |
throw new NoSuchAlgorithmException("Unsupported mode " + mode); |
|
203 |
} |
|
204 |
||
205 |
private int parseMode(String mode) throws NoSuchAlgorithmException { |
|
6122
16fa7ed7ff1b
6867345: Turkish regional options cause NPE in sun.security.x509.AlgorithmId.algOID
xuelei
parents:
5506
diff
changeset
|
206 |
mode = mode.toUpperCase(Locale.ENGLISH); |
289 | 207 |
int result; |
2 | 208 |
if (mode.equals("ECB")) { |
289 | 209 |
result = MODE_ECB; |
2 | 210 |
} else if (mode.equals("CBC")) { |
211 |
if (blockSize == 0) { |
|
212 |
throw new NoSuchAlgorithmException |
|
213 |
("CBC mode not supported with stream ciphers"); |
|
214 |
} |
|
289 | 215 |
result = MODE_CBC; |
8542 | 216 |
} else if (mode.equals("CTR")) { |
217 |
result = MODE_CTR; |
|
2 | 218 |
} else { |
219 |
throw new NoSuchAlgorithmException("Unsupported mode " + mode); |
|
220 |
} |
|
289 | 221 |
return result; |
2 | 222 |
} |
223 |
||
224 |
// see JCE spec |
|
225 |
protected void engineSetPadding(String padding) |
|
226 |
throws NoSuchPaddingException { |
|
289 | 227 |
paddingObj = null; |
228 |
padBuffer = null; |
|
6122
16fa7ed7ff1b
6867345: Turkish regional options cause NPE in sun.security.x509.AlgorithmId.algOID
xuelei
parents:
5506
diff
changeset
|
229 |
padding = padding.toUpperCase(Locale.ENGLISH); |
289 | 230 |
if (padding.equals("NOPADDING")) { |
2 | 231 |
paddingType = PAD_NONE; |
289 | 232 |
} else if (padding.equals("PKCS5PADDING")) { |
8542 | 233 |
if (this.blockMode == MODE_CTR) { |
234 |
throw new NoSuchPaddingException |
|
235 |
("PKCS#5 padding not supported with CTR mode"); |
|
236 |
} |
|
289 | 237 |
paddingType = PAD_PKCS5; |
238 |
if (mechanism != CKM_DES_CBC_PAD && mechanism != CKM_DES3_CBC_PAD && |
|
239 |
mechanism != CKM_AES_CBC_PAD) { |
|
240 |
// no native padding support; use our own padding impl |
|
241 |
paddingObj = new PKCS5Padding(blockSize); |
|
242 |
padBuffer = new byte[blockSize]; |
|
2 | 243 |
} |
244 |
} else { |
|
245 |
throw new NoSuchPaddingException("Unsupported padding " + padding); |
|
246 |
} |
|
247 |
} |
|
248 |
||
249 |
// see JCE spec |
|
250 |
protected int engineGetBlockSize() { |
|
251 |
return blockSize; |
|
252 |
} |
|
253 |
||
254 |
// see JCE spec |
|
255 |
protected int engineGetOutputSize(int inputLen) { |
|
256 |
return doFinalLength(inputLen); |
|
257 |
} |
|
258 |
||
259 |
// see JCE spec |
|
260 |
protected byte[] engineGetIV() { |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
8542
diff
changeset
|
261 |
return (iv == null) ? null : iv.clone(); |
2 | 262 |
} |
263 |
||
264 |
// see JCE spec |
|
265 |
protected AlgorithmParameters engineGetParameters() { |
|
266 |
if (iv == null) { |
|
267 |
return null; |
|
268 |
} |
|
269 |
IvParameterSpec ivSpec = new IvParameterSpec(iv); |
|
270 |
try { |
|
289 | 271 |
AlgorithmParameters params = |
272 |
AlgorithmParameters.getInstance(keyAlgorithm, |
|
273 |
P11Util.getSunJceProvider()); |
|
2 | 274 |
params.init(ivSpec); |
275 |
return params; |
|
276 |
} catch (GeneralSecurityException e) { |
|
277 |
// NoSuchAlgorithmException, NoSuchProviderException |
|
278 |
// InvalidParameterSpecException |
|
279 |
throw new ProviderException("Could not encode parameters", e); |
|
280 |
} |
|
281 |
} |
|
282 |
||
283 |
// see JCE spec |
|
284 |
protected void engineInit(int opmode, Key key, SecureRandom random) |
|
285 |
throws InvalidKeyException { |
|
286 |
try { |
|
287 |
implInit(opmode, key, null, random); |
|
288 |
} catch (InvalidAlgorithmParameterException e) { |
|
289 |
throw new InvalidKeyException("init() failed", e); |
|
290 |
} |
|
291 |
} |
|
292 |
||
293 |
// see JCE spec |
|
294 |
protected void engineInit(int opmode, Key key, |
|
295 |
AlgorithmParameterSpec params, SecureRandom random) |
|
296 |
throws InvalidKeyException, InvalidAlgorithmParameterException { |
|
289 | 297 |
byte[] ivValue; |
2 | 298 |
if (params != null) { |
299 |
if (params instanceof IvParameterSpec == false) { |
|
300 |
throw new InvalidAlgorithmParameterException |
|
301 |
("Only IvParameterSpec supported"); |
|
302 |
} |
|
289 | 303 |
IvParameterSpec ivSpec = (IvParameterSpec) params; |
304 |
ivValue = ivSpec.getIV(); |
|
2 | 305 |
} else { |
289 | 306 |
ivValue = null; |
2 | 307 |
} |
289 | 308 |
implInit(opmode, key, ivValue, random); |
2 | 309 |
} |
310 |
||
311 |
// see JCE spec |
|
312 |
protected void engineInit(int opmode, Key key, AlgorithmParameters params, |
|
313 |
SecureRandom random) |
|
314 |
throws InvalidKeyException, InvalidAlgorithmParameterException { |
|
289 | 315 |
byte[] ivValue; |
2 | 316 |
if (params != null) { |
317 |
try { |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
8542
diff
changeset
|
318 |
IvParameterSpec ivSpec = |
2 | 319 |
params.getParameterSpec(IvParameterSpec.class); |
289 | 320 |
ivValue = ivSpec.getIV(); |
2 | 321 |
} catch (InvalidParameterSpecException e) { |
322 |
throw new InvalidAlgorithmParameterException |
|
323 |
("Could not decode IV", e); |
|
324 |
} |
|
325 |
} else { |
|
289 | 326 |
ivValue = null; |
2 | 327 |
} |
289 | 328 |
implInit(opmode, key, ivValue, random); |
2 | 329 |
} |
330 |
||
331 |
// actual init() implementation |
|
332 |
private void implInit(int opmode, Key key, byte[] iv, |
|
333 |
SecureRandom random) |
|
334 |
throws InvalidKeyException, InvalidAlgorithmParameterException { |
|
335 |
cancelOperation(); |
|
336 |
switch (opmode) { |
|
289 | 337 |
case Cipher.ENCRYPT_MODE: |
338 |
encrypt = true; |
|
339 |
break; |
|
340 |
case Cipher.DECRYPT_MODE: |
|
341 |
encrypt = false; |
|
342 |
break; |
|
343 |
default: |
|
344 |
throw new InvalidAlgorithmParameterException |
|
345 |
("Unsupported mode: " + opmode); |
|
2 | 346 |
} |
347 |
if (blockMode == MODE_ECB) { // ECB or stream cipher |
|
348 |
if (iv != null) { |
|
349 |
if (blockSize == 0) { |
|
350 |
throw new InvalidAlgorithmParameterException |
|
289 | 351 |
("IV not used with stream ciphers"); |
2 | 352 |
} else { |
353 |
throw new InvalidAlgorithmParameterException |
|
289 | 354 |
("IV not used in ECB mode"); |
2 | 355 |
} |
356 |
} |
|
8542 | 357 |
} else { // MODE_CBC or MODE_CTR |
2 | 358 |
if (iv == null) { |
359 |
if (encrypt == false) { |
|
8542 | 360 |
String exMsg = |
361 |
(blockMode == MODE_CBC ? |
|
362 |
"IV must be specified for decryption in CBC mode" : |
|
363 |
"IV must be specified for decryption in CTR mode"); |
|
364 |
throw new InvalidAlgorithmParameterException(exMsg); |
|
2 | 365 |
} |
366 |
// generate random IV |
|
367 |
if (random == null) { |
|
368 |
random = new SecureRandom(); |
|
369 |
} |
|
370 |
iv = new byte[blockSize]; |
|
371 |
random.nextBytes(iv); |
|
372 |
} else { |
|
373 |
if (iv.length != blockSize) { |
|
374 |
throw new InvalidAlgorithmParameterException |
|
289 | 375 |
("IV length must match block size"); |
2 | 376 |
} |
377 |
} |
|
378 |
} |
|
379 |
this.iv = iv; |
|
380 |
p11Key = P11SecretKeyFactory.convertKey(token, key, keyAlgorithm); |
|
381 |
try { |
|
382 |
initialize(); |
|
383 |
} catch (PKCS11Exception e) { |
|
384 |
throw new InvalidKeyException("Could not initialize cipher", e); |
|
385 |
} |
|
386 |
} |
|
387 |
||
388 |
private void cancelOperation() { |
|
389 |
if (initialized == false) { |
|
390 |
return; |
|
391 |
} |
|
392 |
initialized = false; |
|
393 |
if ((session == null) || (token.explicitCancel == false)) { |
|
394 |
return; |
|
395 |
} |
|
396 |
// cancel operation by finishing it |
|
397 |
int bufLen = doFinalLength(0); |
|
398 |
byte[] buffer = new byte[bufLen]; |
|
399 |
try { |
|
400 |
if (encrypt) { |
|
401 |
token.p11.C_EncryptFinal(session.id(), 0, buffer, 0, bufLen); |
|
402 |
} else { |
|
403 |
token.p11.C_DecryptFinal(session.id(), 0, buffer, 0, bufLen); |
|
404 |
} |
|
405 |
} catch (PKCS11Exception e) { |
|
406 |
throw new ProviderException("Cancel failed", e); |
|
7812
ed539cb9eb27
6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
valeriep
parents:
7269
diff
changeset
|
407 |
} finally { |
ed539cb9eb27
6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
valeriep
parents:
7269
diff
changeset
|
408 |
reset(); |
2 | 409 |
} |
410 |
} |
|
411 |
||
412 |
private void ensureInitialized() throws PKCS11Exception { |
|
413 |
if (initialized == false) { |
|
414 |
initialize(); |
|
415 |
} |
|
416 |
} |
|
417 |
||
418 |
private void initialize() throws PKCS11Exception { |
|
419 |
if (session == null) { |
|
420 |
session = token.getOpSession(); |
|
421 |
} |
|
8542 | 422 |
CK_MECHANISM mechParams = (blockMode == MODE_CTR? |
423 |
new CK_MECHANISM(mechanism, new CK_AES_CTR_PARAMS(iv)) : |
|
424 |
new CK_MECHANISM(mechanism, iv)); |
|
425 |
||
7812
ed539cb9eb27
6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
valeriep
parents:
7269
diff
changeset
|
426 |
try { |
ed539cb9eb27
6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
valeriep
parents:
7269
diff
changeset
|
427 |
if (encrypt) { |
8542 | 428 |
token.p11.C_EncryptInit(session.id(), mechParams, p11Key.keyID); |
7812
ed539cb9eb27
6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
valeriep
parents:
7269
diff
changeset
|
429 |
} else { |
8542 | 430 |
token.p11.C_DecryptInit(session.id(), mechParams, p11Key.keyID); |
7812
ed539cb9eb27
6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
valeriep
parents:
7269
diff
changeset
|
431 |
} |
ed539cb9eb27
6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
valeriep
parents:
7269
diff
changeset
|
432 |
} catch (PKCS11Exception ex) { |
ed539cb9eb27
6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
valeriep
parents:
7269
diff
changeset
|
433 |
// release session when initialization failed |
ed539cb9eb27
6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
valeriep
parents:
7269
diff
changeset
|
434 |
session = token.releaseSession(session); |
ed539cb9eb27
6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
valeriep
parents:
7269
diff
changeset
|
435 |
throw ex; |
2 | 436 |
} |
289 | 437 |
bytesBuffered = 0; |
438 |
padBufferLen = 0; |
|
2 | 439 |
initialized = true; |
440 |
} |
|
441 |
||
442 |
// if update(inLen) is called, how big does the output buffer have to be? |
|
443 |
private int updateLength(int inLen) { |
|
444 |
if (inLen <= 0) { |
|
445 |
return 0; |
|
446 |
} |
|
289 | 447 |
|
448 |
int result = inLen + bytesBuffered; |
|
449 |
if (blockSize != 0) { |
|
450 |
// minus the number of bytes in the last incomplete block. |
|
451 |
result -= (result & (blockSize - 1)); |
|
2 | 452 |
} |
289 | 453 |
return result; |
2 | 454 |
} |
455 |
||
456 |
// if doFinal(inLen) is called, how big does the output buffer have to be? |
|
457 |
private int doFinalLength(int inLen) { |
|
458 |
if (inLen < 0) { |
|
459 |
return 0; |
|
460 |
} |
|
289 | 461 |
|
462 |
int result = inLen + bytesBuffered; |
|
463 |
if (blockSize != 0 && encrypt && paddingType != PAD_NONE) { |
|
464 |
// add the number of bytes to make the last block complete. |
|
465 |
result += (blockSize - (result & (blockSize - 1))); |
|
466 |
} |
|
467 |
return result; |
|
2 | 468 |
} |
469 |
||
7812
ed539cb9eb27
6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
valeriep
parents:
7269
diff
changeset
|
470 |
// reset the states to the pre-initialized values |
ed539cb9eb27
6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
valeriep
parents:
7269
diff
changeset
|
471 |
private void reset() { |
ed539cb9eb27
6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
valeriep
parents:
7269
diff
changeset
|
472 |
initialized = false; |
ed539cb9eb27
6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
valeriep
parents:
7269
diff
changeset
|
473 |
bytesBuffered = 0; |
ed539cb9eb27
6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
valeriep
parents:
7269
diff
changeset
|
474 |
padBufferLen = 0; |
ed539cb9eb27
6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
valeriep
parents:
7269
diff
changeset
|
475 |
if (session != null) { |
ed539cb9eb27
6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
valeriep
parents:
7269
diff
changeset
|
476 |
session = token.releaseSession(session); |
ed539cb9eb27
6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
valeriep
parents:
7269
diff
changeset
|
477 |
} |
ed539cb9eb27
6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
valeriep
parents:
7269
diff
changeset
|
478 |
} |
ed539cb9eb27
6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
valeriep
parents:
7269
diff
changeset
|
479 |
|
2 | 480 |
// see JCE spec |
481 |
protected byte[] engineUpdate(byte[] in, int inOfs, int inLen) { |
|
482 |
try { |
|
483 |
byte[] out = new byte[updateLength(inLen)]; |
|
484 |
int n = engineUpdate(in, inOfs, inLen, out, 0); |
|
485 |
return P11Util.convert(out, 0, n); |
|
486 |
} catch (ShortBufferException e) { |
|
289 | 487 |
// convert since the output length is calculated by updateLength() |
2 | 488 |
throw new ProviderException(e); |
489 |
} |
|
490 |
} |
|
491 |
||
492 |
// see JCE spec |
|
493 |
protected int engineUpdate(byte[] in, int inOfs, int inLen, byte[] out, |
|
494 |
int outOfs) throws ShortBufferException { |
|
495 |
int outLen = out.length - outOfs; |
|
496 |
return implUpdate(in, inOfs, inLen, out, outOfs, outLen); |
|
497 |
} |
|
498 |
||
499 |
// see JCE spec |
|
289 | 500 |
@Override |
2 | 501 |
protected int engineUpdate(ByteBuffer inBuffer, ByteBuffer outBuffer) |
502 |
throws ShortBufferException { |
|
503 |
return implUpdate(inBuffer, outBuffer); |
|
504 |
} |
|
505 |
||
506 |
// see JCE spec |
|
507 |
protected byte[] engineDoFinal(byte[] in, int inOfs, int inLen) |
|
508 |
throws IllegalBlockSizeException, BadPaddingException { |
|
509 |
try { |
|
510 |
byte[] out = new byte[doFinalLength(inLen)]; |
|
511 |
int n = engineDoFinal(in, inOfs, inLen, out, 0); |
|
512 |
return P11Util.convert(out, 0, n); |
|
513 |
} catch (ShortBufferException e) { |
|
289 | 514 |
// convert since the output length is calculated by doFinalLength() |
2 | 515 |
throw new ProviderException(e); |
516 |
} |
|
517 |
} |
|
518 |
||
519 |
// see JCE spec |
|
520 |
protected int engineDoFinal(byte[] in, int inOfs, int inLen, byte[] out, |
|
289 | 521 |
int outOfs) throws ShortBufferException, IllegalBlockSizeException, |
522 |
BadPaddingException { |
|
2 | 523 |
int n = 0; |
524 |
if ((inLen != 0) && (in != null)) { |
|
525 |
n = engineUpdate(in, inOfs, inLen, out, outOfs); |
|
526 |
outOfs += n; |
|
527 |
} |
|
528 |
n += implDoFinal(out, outOfs, out.length - outOfs); |
|
529 |
return n; |
|
530 |
} |
|
531 |
||
532 |
// see JCE spec |
|
289 | 533 |
@Override |
2 | 534 |
protected int engineDoFinal(ByteBuffer inBuffer, ByteBuffer outBuffer) |
289 | 535 |
throws ShortBufferException, IllegalBlockSizeException, |
536 |
BadPaddingException { |
|
2 | 537 |
int n = engineUpdate(inBuffer, outBuffer); |
538 |
n += implDoFinal(outBuffer); |
|
539 |
return n; |
|
540 |
} |
|
541 |
||
542 |
private int implUpdate(byte[] in, int inOfs, int inLen, |
|
543 |
byte[] out, int outOfs, int outLen) throws ShortBufferException { |
|
544 |
if (outLen < updateLength(inLen)) { |
|
545 |
throw new ShortBufferException(); |
|
546 |
} |
|
547 |
try { |
|
548 |
ensureInitialized(); |
|
289 | 549 |
int k = 0; |
2 | 550 |
if (encrypt) { |
289 | 551 |
k = token.p11.C_EncryptUpdate(session.id(), 0, in, inOfs, inLen, |
552 |
0, out, outOfs, outLen); |
|
2 | 553 |
} else { |
289 | 554 |
int newPadBufferLen = 0; |
555 |
if (paddingObj != null) { |
|
556 |
if (padBufferLen != 0) { |
|
557 |
// NSS throws up when called with data not in multiple |
|
558 |
// of blocks. Try to work around this by holding the |
|
559 |
// extra data in padBuffer. |
|
560 |
if (padBufferLen != padBuffer.length) { |
|
561 |
int bufCapacity = padBuffer.length - padBufferLen; |
|
562 |
if (inLen > bufCapacity) { |
|
563 |
bufferInputBytes(in, inOfs, bufCapacity); |
|
564 |
inOfs += bufCapacity; |
|
565 |
inLen -= bufCapacity; |
|
566 |
} else { |
|
567 |
bufferInputBytes(in, inOfs, inLen); |
|
568 |
return 0; |
|
569 |
} |
|
570 |
} |
|
571 |
k = token.p11.C_DecryptUpdate(session.id(), |
|
572 |
0, padBuffer, 0, padBufferLen, |
|
573 |
0, out, outOfs, outLen); |
|
574 |
padBufferLen = 0; |
|
575 |
} |
|
576 |
newPadBufferLen = inLen & (blockSize - 1); |
|
577 |
if (newPadBufferLen == 0) { |
|
578 |
newPadBufferLen = padBuffer.length; |
|
579 |
} |
|
580 |
inLen -= newPadBufferLen; |
|
581 |
} |
|
582 |
if (inLen > 0) { |
|
583 |
k += token.p11.C_DecryptUpdate(session.id(), 0, in, inOfs, |
|
584 |
inLen, 0, out, (outOfs + k), (outLen - k)); |
|
585 |
} |
|
586 |
// update 'padBuffer' if using our own padding impl. |
|
587 |
if (paddingObj != null) { |
|
588 |
bufferInputBytes(in, inOfs + inLen, newPadBufferLen); |
|
589 |
} |
|
2 | 590 |
} |
289 | 591 |
bytesBuffered += (inLen - k); |
2 | 592 |
return k; |
593 |
} catch (PKCS11Exception e) { |
|
289 | 594 |
if (e.getErrorCode() == CKR_BUFFER_TOO_SMALL) { |
595 |
throw (ShortBufferException) |
|
596 |
(new ShortBufferException().initCause(e)); |
|
597 |
} |
|
7812
ed539cb9eb27
6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
valeriep
parents:
7269
diff
changeset
|
598 |
reset(); |
2 | 599 |
throw new ProviderException("update() failed", e); |
600 |
} |
|
601 |
} |
|
602 |
||
603 |
private int implUpdate(ByteBuffer inBuffer, ByteBuffer outBuffer) |
|
604 |
throws ShortBufferException { |
|
605 |
int inLen = inBuffer.remaining(); |
|
606 |
if (inLen <= 0) { |
|
607 |
return 0; |
|
608 |
} |
|
609 |
||
610 |
int outLen = outBuffer.remaining(); |
|
611 |
if (outLen < updateLength(inLen)) { |
|
612 |
throw new ShortBufferException(); |
|
613 |
} |
|
289 | 614 |
int origPos = inBuffer.position(); |
2 | 615 |
try { |
616 |
ensureInitialized(); |
|
617 |
||
618 |
long inAddr = 0; |
|
289 | 619 |
int inOfs = 0; |
2 | 620 |
byte[] inArray = null; |
289 | 621 |
|
2 | 622 |
if (inBuffer instanceof DirectBuffer) { |
289 | 623 |
inAddr = ((DirectBuffer) inBuffer).address(); |
624 |
inOfs = origPos; |
|
625 |
} else if (inBuffer.hasArray()) { |
|
626 |
inArray = inBuffer.array(); |
|
627 |
inOfs = (origPos + inBuffer.arrayOffset()); |
|
2 | 628 |
} |
629 |
||
630 |
long outAddr = 0; |
|
289 | 631 |
int outOfs = 0; |
2 | 632 |
byte[] outArray = null; |
633 |
if (outBuffer instanceof DirectBuffer) { |
|
289 | 634 |
outAddr = ((DirectBuffer) outBuffer).address(); |
635 |
outOfs = outBuffer.position(); |
|
2 | 636 |
} else { |
637 |
if (outBuffer.hasArray()) { |
|
638 |
outArray = outBuffer.array(); |
|
289 | 639 |
outOfs = (outBuffer.position() + outBuffer.arrayOffset()); |
2 | 640 |
} else { |
641 |
outArray = new byte[outLen]; |
|
642 |
} |
|
643 |
} |
|
644 |
||
289 | 645 |
int k = 0; |
2 | 646 |
if (encrypt) { |
289 | 647 |
if (inAddr == 0 && inArray == null) { |
648 |
inArray = new byte[inLen]; |
|
649 |
inBuffer.get(inArray); |
|
650 |
} else { |
|
651 |
inBuffer.position(origPos + inLen); |
|
652 |
} |
|
653 |
k = token.p11.C_EncryptUpdate(session.id(), |
|
654 |
inAddr, inArray, inOfs, inLen, |
|
655 |
outAddr, outArray, outOfs, outLen); |
|
2 | 656 |
} else { |
289 | 657 |
int newPadBufferLen = 0; |
658 |
if (paddingObj != null) { |
|
659 |
if (padBufferLen != 0) { |
|
660 |
// NSS throws up when called with data not in multiple |
|
661 |
// of blocks. Try to work around this by holding the |
|
662 |
// extra data in padBuffer. |
|
663 |
if (padBufferLen != padBuffer.length) { |
|
664 |
int bufCapacity = padBuffer.length - padBufferLen; |
|
665 |
if (inLen > bufCapacity) { |
|
666 |
bufferInputBytes(inBuffer, bufCapacity); |
|
667 |
inOfs += bufCapacity; |
|
668 |
inLen -= bufCapacity; |
|
669 |
} else { |
|
670 |
bufferInputBytes(inBuffer, inLen); |
|
671 |
return 0; |
|
672 |
} |
|
673 |
} |
|
674 |
k = token.p11.C_DecryptUpdate(session.id(), 0, |
|
675 |
padBuffer, 0, padBufferLen, outAddr, outArray, |
|
676 |
outOfs, outLen); |
|
677 |
padBufferLen = 0; |
|
678 |
} |
|
679 |
newPadBufferLen = inLen & (blockSize - 1); |
|
680 |
if (newPadBufferLen == 0) { |
|
681 |
newPadBufferLen = padBuffer.length; |
|
682 |
} |
|
683 |
inLen -= newPadBufferLen; |
|
684 |
} |
|
685 |
if (inLen > 0) { |
|
686 |
if (inAddr == 0 && inArray == null) { |
|
687 |
inArray = new byte[inLen]; |
|
688 |
inBuffer.get(inArray); |
|
689 |
} else { |
|
690 |
inBuffer.position(inBuffer.position() + inLen); |
|
691 |
} |
|
692 |
k += token.p11.C_DecryptUpdate(session.id(), inAddr, |
|
693 |
inArray, inOfs, inLen, outAddr, outArray, |
|
694 |
(outOfs + k), (outLen - k)); |
|
695 |
} |
|
696 |
// update 'padBuffer' if using our own padding impl. |
|
697 |
if (paddingObj != null && newPadBufferLen != 0) { |
|
698 |
bufferInputBytes(inBuffer, newPadBufferLen); |
|
699 |
} |
|
2 | 700 |
} |
289 | 701 |
bytesBuffered += (inLen - k); |
2 | 702 |
if (!(outBuffer instanceof DirectBuffer) && |
289 | 703 |
!outBuffer.hasArray()) { |
2 | 704 |
outBuffer.put(outArray, outOfs, k); |
705 |
} else { |
|
706 |
outBuffer.position(outBuffer.position() + k); |
|
707 |
} |
|
708 |
return k; |
|
709 |
} catch (PKCS11Exception e) { |
|
289 | 710 |
// Reset input buffer to its original position for |
711 |
inBuffer.position(origPos); |
|
712 |
if (e.getErrorCode() == CKR_BUFFER_TOO_SMALL) { |
|
713 |
throw (ShortBufferException) |
|
714 |
(new ShortBufferException().initCause(e)); |
|
2 | 715 |
} |
7812
ed539cb9eb27
6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
valeriep
parents:
7269
diff
changeset
|
716 |
reset(); |
2 | 717 |
throw new ProviderException("update() failed", e); |
718 |
} |
|
719 |
} |
|
720 |
||
721 |
private int implDoFinal(byte[] out, int outOfs, int outLen) |
|
289 | 722 |
throws ShortBufferException, IllegalBlockSizeException, |
723 |
BadPaddingException { |
|
724 |
int requiredOutLen = doFinalLength(0); |
|
725 |
if (outLen < requiredOutLen) { |
|
2 | 726 |
throw new ShortBufferException(); |
727 |
} |
|
728 |
try { |
|
729 |
ensureInitialized(); |
|
289 | 730 |
int k = 0; |
2 | 731 |
if (encrypt) { |
289 | 732 |
if (paddingObj != null) { |
733 |
int actualPadLen = paddingObj.setPaddingBytes(padBuffer, |
|
734 |
requiredOutLen - bytesBuffered); |
|
735 |
k = token.p11.C_EncryptUpdate(session.id(), |
|
736 |
0, padBuffer, 0, actualPadLen, |
|
737 |
0, out, outOfs, outLen); |
|
738 |
} |
|
739 |
k += token.p11.C_EncryptFinal(session.id(), |
|
740 |
0, out, (outOfs + k), (outLen - k)); |
|
2 | 741 |
} else { |
289 | 742 |
if (paddingObj != null) { |
743 |
if (padBufferLen != 0) { |
|
744 |
k = token.p11.C_DecryptUpdate(session.id(), 0, |
|
745 |
padBuffer, 0, padBufferLen, 0, padBuffer, 0, |
|
746 |
padBuffer.length); |
|
747 |
} |
|
748 |
k += token.p11.C_DecryptFinal(session.id(), 0, padBuffer, k, |
|
749 |
padBuffer.length - k); |
|
296
a26e4ea2ca63
6682411: JCK test failed w/ ArrayIndexOutOfBoundException (-1) when decrypting with no data
valeriep
parents:
289
diff
changeset
|
750 |
int actualPadLen = paddingObj.unpad(padBuffer, k); |
289 | 751 |
k -= actualPadLen; |
752 |
System.arraycopy(padBuffer, 0, out, outOfs, k); |
|
753 |
} else { |
|
754 |
k = token.p11.C_DecryptFinal(session.id(), 0, out, outOfs, |
|
755 |
outLen); |
|
756 |
} |
|
2 | 757 |
} |
289 | 758 |
return k; |
2 | 759 |
} catch (PKCS11Exception e) { |
760 |
handleException(e); |
|
761 |
throw new ProviderException("doFinal() failed", e); |
|
762 |
} finally { |
|
7812
ed539cb9eb27
6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
valeriep
parents:
7269
diff
changeset
|
763 |
reset(); |
2 | 764 |
} |
765 |
} |
|
766 |
||
767 |
private int implDoFinal(ByteBuffer outBuffer) |
|
289 | 768 |
throws ShortBufferException, IllegalBlockSizeException, |
769 |
BadPaddingException { |
|
2 | 770 |
int outLen = outBuffer.remaining(); |
289 | 771 |
int requiredOutLen = doFinalLength(0); |
772 |
if (outLen < requiredOutLen) { |
|
2 | 773 |
throw new ShortBufferException(); |
774 |
} |
|
775 |
||
776 |
try { |
|
777 |
ensureInitialized(); |
|
778 |
||
779 |
long outAddr = 0; |
|
780 |
byte[] outArray = null; |
|
289 | 781 |
int outOfs = 0; |
2 | 782 |
if (outBuffer instanceof DirectBuffer) { |
289 | 783 |
outAddr = ((DirectBuffer) outBuffer).address(); |
784 |
outOfs = outBuffer.position(); |
|
2 | 785 |
} else { |
786 |
if (outBuffer.hasArray()) { |
|
787 |
outArray = outBuffer.array(); |
|
289 | 788 |
outOfs = outBuffer.position() + outBuffer.arrayOffset(); |
2 | 789 |
} else { |
790 |
outArray = new byte[outLen]; |
|
791 |
} |
|
792 |
} |
|
793 |
||
289 | 794 |
int k = 0; |
795 |
||
2 | 796 |
if (encrypt) { |
289 | 797 |
if (paddingObj != null) { |
798 |
int actualPadLen = paddingObj.setPaddingBytes(padBuffer, |
|
799 |
requiredOutLen - bytesBuffered); |
|
800 |
k = token.p11.C_EncryptUpdate(session.id(), |
|
801 |
0, padBuffer, 0, actualPadLen, |
|
802 |
outAddr, outArray, outOfs, outLen); |
|
803 |
} |
|
804 |
k += token.p11.C_EncryptFinal(session.id(), |
|
805 |
outAddr, outArray, (outOfs + k), (outLen - k)); |
|
2 | 806 |
} else { |
289 | 807 |
if (paddingObj != null) { |
808 |
if (padBufferLen != 0) { |
|
809 |
k = token.p11.C_DecryptUpdate(session.id(), |
|
810 |
0, padBuffer, 0, padBufferLen, |
|
811 |
0, padBuffer, 0, padBuffer.length); |
|
812 |
padBufferLen = 0; |
|
813 |
} |
|
814 |
k += token.p11.C_DecryptFinal(session.id(), |
|
815 |
0, padBuffer, k, padBuffer.length - k); |
|
296
a26e4ea2ca63
6682411: JCK test failed w/ ArrayIndexOutOfBoundException (-1) when decrypting with no data
valeriep
parents:
289
diff
changeset
|
816 |
int actualPadLen = paddingObj.unpad(padBuffer, k); |
289 | 817 |
k -= actualPadLen; |
818 |
outArray = padBuffer; |
|
819 |
outOfs = 0; |
|
820 |
} else { |
|
821 |
k = token.p11.C_DecryptFinal(session.id(), |
|
822 |
outAddr, outArray, outOfs, outLen); |
|
823 |
} |
|
2 | 824 |
} |
289 | 825 |
if ((!encrypt && paddingObj != null) || |
826 |
(!(outBuffer instanceof DirectBuffer) && |
|
827 |
!outBuffer.hasArray())) { |
|
2 | 828 |
outBuffer.put(outArray, outOfs, k); |
829 |
} else { |
|
830 |
outBuffer.position(outBuffer.position() + k); |
|
831 |
} |
|
832 |
return k; |
|
833 |
} catch (PKCS11Exception e) { |
|
834 |
handleException(e); |
|
835 |
throw new ProviderException("doFinal() failed", e); |
|
836 |
} finally { |
|
7812
ed539cb9eb27
6924489: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED
valeriep
parents:
7269
diff
changeset
|
837 |
reset(); |
2 | 838 |
} |
839 |
} |
|
840 |
||
841 |
private void handleException(PKCS11Exception e) |
|
289 | 842 |
throws ShortBufferException, IllegalBlockSizeException { |
2 | 843 |
long errorCode = e.getErrorCode(); |
289 | 844 |
if (errorCode == CKR_BUFFER_TOO_SMALL) { |
845 |
throw (ShortBufferException) |
|
846 |
(new ShortBufferException().initCause(e)); |
|
297
bec12c857972
6682417: JCK test failed w/ ProviderException when decrypted data is not multiple of blocks
valeriep
parents:
296
diff
changeset
|
847 |
} else if (errorCode == CKR_DATA_LEN_RANGE || |
bec12c857972
6682417: JCK test failed w/ ProviderException when decrypted data is not multiple of blocks
valeriep
parents:
296
diff
changeset
|
848 |
errorCode == CKR_ENCRYPTED_DATA_LEN_RANGE) { |
289 | 849 |
throw (IllegalBlockSizeException) |
850 |
(new IllegalBlockSizeException(e.toString()).initCause(e)); |
|
2 | 851 |
} |
852 |
} |
|
853 |
||
854 |
// see JCE spec |
|
855 |
protected byte[] engineWrap(Key key) throws IllegalBlockSizeException, |
|
856 |
InvalidKeyException { |
|
857 |
// XXX key wrapping |
|
858 |
throw new UnsupportedOperationException("engineWrap()"); |
|
859 |
} |
|
860 |
||
861 |
// see JCE spec |
|
862 |
protected Key engineUnwrap(byte[] wrappedKey, String wrappedKeyAlgorithm, |
|
863 |
int wrappedKeyType) |
|
864 |
throws InvalidKeyException, NoSuchAlgorithmException { |
|
865 |
// XXX key unwrapping |
|
866 |
throw new UnsupportedOperationException("engineUnwrap()"); |
|
867 |
} |
|
868 |
||
869 |
// see JCE spec |
|
289 | 870 |
@Override |
2 | 871 |
protected int engineGetKeySize(Key key) throws InvalidKeyException { |
872 |
int n = P11SecretKeyFactory.convertKey |
|
289 | 873 |
(token, key, keyAlgorithm).keyLength(); |
2 | 874 |
return n; |
875 |
} |
|
876 |
||
289 | 877 |
private final void bufferInputBytes(byte[] in, int inOfs, int len) { |
878 |
System.arraycopy(in, inOfs, padBuffer, padBufferLen, len); |
|
879 |
padBufferLen += len; |
|
880 |
bytesBuffered += len; |
|
881 |
} |
|
882 |
||
883 |
private final void bufferInputBytes(ByteBuffer inBuffer, int len) { |
|
884 |
inBuffer.get(padBuffer, padBufferLen, len); |
|
885 |
padBufferLen += len; |
|
886 |
bytesBuffered += len; |
|
887 |
} |
|
2 | 888 |
} |