1 /* |
1 /* |
2 * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
514 String P11DHKeyFactory = "sun.security.pkcs11.P11DHKeyFactory"; |
513 String P11DHKeyFactory = "sun.security.pkcs11.P11DHKeyFactory"; |
515 String P11KeyAgreement = "sun.security.pkcs11.P11KeyAgreement"; |
514 String P11KeyAgreement = "sun.security.pkcs11.P11KeyAgreement"; |
516 String P11SecretKeyFactory = "sun.security.pkcs11.P11SecretKeyFactory"; |
515 String P11SecretKeyFactory = "sun.security.pkcs11.P11SecretKeyFactory"; |
517 String P11Cipher = "sun.security.pkcs11.P11Cipher"; |
516 String P11Cipher = "sun.security.pkcs11.P11Cipher"; |
518 String P11RSACipher = "sun.security.pkcs11.P11RSACipher"; |
517 String P11RSACipher = "sun.security.pkcs11.P11RSACipher"; |
|
518 String P11AEADCipher = "sun.security.pkcs11.P11AEADCipher"; |
519 String P11Signature = "sun.security.pkcs11.P11Signature"; |
519 String P11Signature = "sun.security.pkcs11.P11Signature"; |
|
520 String P11PSSSignature = "sun.security.pkcs11.P11PSSSignature"; |
520 |
521 |
521 // XXX register all aliases |
522 // XXX register all aliases |
522 |
523 |
523 d(MD, "MD2", P11Digest, |
524 d(MD, "MD2", P11Digest, |
524 m(CKM_MD2)); |
525 m(CKM_MD2)); |
538 s("2.16.840.1.101.3.4.2.2", "OID.2.16.840.1.101.3.4.2.2"), |
539 s("2.16.840.1.101.3.4.2.2", "OID.2.16.840.1.101.3.4.2.2"), |
539 m(CKM_SHA384)); |
540 m(CKM_SHA384)); |
540 d(MD, "SHA-512", P11Digest, |
541 d(MD, "SHA-512", P11Digest, |
541 s("2.16.840.1.101.3.4.2.3", "OID.2.16.840.1.101.3.4.2.3"), |
542 s("2.16.840.1.101.3.4.2.3", "OID.2.16.840.1.101.3.4.2.3"), |
542 m(CKM_SHA512)); |
543 m(CKM_SHA512)); |
|
544 d(MD, "SHA-512/224", P11Digest, |
|
545 s("2.16.840.1.101.3.4.2.5", "OID.2.16.840.1.101.3.4.2.5"), |
|
546 m(CKM_SHA512_224)); |
|
547 d(MD, "SHA-512/256", P11Digest, |
|
548 s("2.16.840.1.101.3.4.2.6", "OID.2.16.840.1.101.3.4.2.6"), |
|
549 m(CKM_SHA512_256)); |
543 |
550 |
544 d(MAC, "HmacMD5", P11MAC, |
551 d(MAC, "HmacMD5", P11MAC, |
545 m(CKM_MD5_HMAC)); |
552 m(CKM_MD5_HMAC)); |
546 d(MAC, "HmacSHA1", P11MAC, |
553 d(MAC, "HmacSHA1", P11MAC, |
547 s("1.2.840.113549.2.7", "OID.1.2.840.113549.2.7"), |
554 s("1.2.840.113549.2.7", "OID.1.2.840.113549.2.7"), |
556 s("1.2.840.113549.2.10", "OID.1.2.840.113549.2.10"), |
563 s("1.2.840.113549.2.10", "OID.1.2.840.113549.2.10"), |
557 m(CKM_SHA384_HMAC)); |
564 m(CKM_SHA384_HMAC)); |
558 d(MAC, "HmacSHA512", P11MAC, |
565 d(MAC, "HmacSHA512", P11MAC, |
559 s("1.2.840.113549.2.11", "OID.1.2.840.113549.2.11"), |
566 s("1.2.840.113549.2.11", "OID.1.2.840.113549.2.11"), |
560 m(CKM_SHA512_HMAC)); |
567 m(CKM_SHA512_HMAC)); |
|
568 d(MAC, "HmacSHA512/224", P11MAC, |
|
569 s("1.2.840.113549.2.12", "OID.1.2.840.113549.2.12"), |
|
570 m(CKM_SHA512_224_HMAC)); |
|
571 d(MAC, "HmacSHA512/256", P11MAC, |
|
572 s("1.2.840.113549.2.13", "OID.1.2.840.113549.2.13"), |
|
573 m(CKM_SHA512_256_HMAC)); |
|
574 |
561 d(MAC, "SslMacMD5", P11MAC, |
575 d(MAC, "SslMacMD5", P11MAC, |
562 m(CKM_SSL3_MD5_MAC)); |
576 m(CKM_SSL3_MD5_MAC)); |
563 d(MAC, "SslMacSHA1", P11MAC, |
577 d(MAC, "SslMacSHA1", P11MAC, |
564 m(CKM_SSL3_SHA1_MAC)); |
578 m(CKM_SSL3_SHA1_MAC)); |
565 |
579 |
566 d(KPG, "RSA", P11KeyPairGenerator, |
580 d(KPG, "RSA", P11KeyPairGenerator, |
|
581 s("1.2.840.113549.1.1", "OID.1.2.840.113549.1.1"), |
567 m(CKM_RSA_PKCS_KEY_PAIR_GEN)); |
582 m(CKM_RSA_PKCS_KEY_PAIR_GEN)); |
|
583 |
568 d(KPG, "DSA", P11KeyPairGenerator, |
584 d(KPG, "DSA", P11KeyPairGenerator, |
569 s("1.3.14.3.2.12", "1.2.840.10040.4.1", "OID.1.2.840.10040.4.1"), |
585 s("1.3.14.3.2.12", "1.2.840.10040.4.1", "OID.1.2.840.10040.4.1"), |
570 m(CKM_DSA_KEY_PAIR_GEN)); |
586 m(CKM_DSA_KEY_PAIR_GEN)); |
571 d(KPG, "DH", P11KeyPairGenerator, s("DiffieHellman"), |
587 d(KPG, "DH", P11KeyPairGenerator, s("DiffieHellman"), |
572 m(CKM_DH_PKCS_KEY_PAIR_GEN)); |
588 m(CKM_DH_PKCS_KEY_PAIR_GEN)); |
585 m(CKM_BLOWFISH_KEY_GEN)); |
601 m(CKM_BLOWFISH_KEY_GEN)); |
586 |
602 |
587 // register (Secret)KeyFactories if there are any mechanisms |
603 // register (Secret)KeyFactories if there are any mechanisms |
588 // for a particular algorithm that we support |
604 // for a particular algorithm that we support |
589 d(KF, "RSA", P11RSAKeyFactory, |
605 d(KF, "RSA", P11RSAKeyFactory, |
|
606 s("1.2.840.113549.1.1", "OID.1.2.840.113549.1.1"), |
590 m(CKM_RSA_PKCS_KEY_PAIR_GEN, CKM_RSA_PKCS, CKM_RSA_X_509)); |
607 m(CKM_RSA_PKCS_KEY_PAIR_GEN, CKM_RSA_PKCS, CKM_RSA_X_509)); |
591 d(KF, "DSA", P11DSAKeyFactory, |
608 d(KF, "DSA", P11DSAKeyFactory, |
592 s("1.3.14.3.2.12", "1.2.840.10040.4.1", "OID.1.2.840.10040.4.1"), |
609 s("1.3.14.3.2.12", "1.2.840.10040.4.1", "OID.1.2.840.10040.4.1"), |
593 m(CKM_DSA_KEY_PAIR_GEN, CKM_DSA, CKM_DSA_SHA1)); |
610 m(CKM_DSA_KEY_PAIR_GEN, CKM_DSA, CKM_DSA_SHA1)); |
594 d(KF, "DH", P11DHKeyFactory, s("DiffieHellman"), |
611 d(KF, "DH", P11DHKeyFactory, s("DiffieHellman"), |
598 CKM_ECDSA, CKM_ECDSA_SHA1)); |
615 CKM_ECDSA, CKM_ECDSA_SHA1)); |
599 |
616 |
600 // AlgorithmParameters for EC. |
617 // AlgorithmParameters for EC. |
601 // Only needed until we have an EC implementation in the SUN provider. |
618 // Only needed until we have an EC implementation in the SUN provider. |
602 d(AGP, "EC", "sun.security.util.ECParameters", |
619 d(AGP, "EC", "sun.security.util.ECParameters", |
603 s("1.2.840.10045.2.1"), |
620 s("1.2.840.10045.2.1"), |
604 m(CKM_EC_KEY_PAIR_GEN, CKM_ECDH1_DERIVE, |
621 m(CKM_EC_KEY_PAIR_GEN, CKM_ECDH1_DERIVE, |
605 CKM_ECDSA, CKM_ECDSA_SHA1)); |
622 CKM_ECDSA, CKM_ECDSA_SHA1)); |
|
623 |
|
624 |
|
625 d(AGP, "GCM", "sun.security.util.GCMParameters", |
|
626 m(CKM_AES_GCM)); |
606 |
627 |
607 d(KA, "DH", P11KeyAgreement, s("DiffieHellman"), |
628 d(KA, "DH", P11KeyAgreement, s("DiffieHellman"), |
608 m(CKM_DH_PKCS_DERIVE)); |
629 m(CKM_DH_PKCS_DERIVE)); |
609 d(KA, "ECDH", "sun.security.pkcs11.P11ECDHKeyAgreement", |
630 d(KA, "ECDH", "sun.security.pkcs11.P11ECDHKeyAgreement", |
610 m(CKM_ECDH1_DERIVE)); |
631 m(CKM_ECDH1_DERIVE)); |
667 m(CKM_AES_ECB)); |
688 m(CKM_AES_ECB)); |
668 d(CIP, "AES/ECB/PKCS5Padding", P11Cipher, s("AES"), |
689 d(CIP, "AES/ECB/PKCS5Padding", P11Cipher, s("AES"), |
669 m(CKM_AES_ECB)); |
690 m(CKM_AES_ECB)); |
670 d(CIP, "AES/CTR/NoPadding", P11Cipher, |
691 d(CIP, "AES/CTR/NoPadding", P11Cipher, |
671 m(CKM_AES_CTR)); |
692 m(CKM_AES_CTR)); |
|
693 |
|
694 d(CIP, "AES/GCM/NoPadding", P11AEADCipher, |
|
695 m(CKM_AES_GCM)); |
|
696 d(CIP, "AES_128/GCM/NoPadding", P11AEADCipher, |
|
697 s("2.16.840.1.101.3.4.1.6", "OID.2.16.840.1.101.3.4.1.6"), |
|
698 m(CKM_AES_GCM)); |
|
699 d(CIP, "AES_192/GCM/NoPadding", P11AEADCipher, |
|
700 s("2.16.840.1.101.3.4.1.26", "OID.2.16.840.1.101.3.4.1.26"), |
|
701 m(CKM_AES_GCM)); |
|
702 d(CIP, "AES_256/GCM/NoPadding", P11AEADCipher, |
|
703 s("2.16.840.1.101.3.4.1.46", "OID.2.16.840.1.101.3.4.1.46"), |
|
704 m(CKM_AES_GCM)); |
|
705 |
672 d(CIP, "Blowfish/CBC/NoPadding", P11Cipher, |
706 d(CIP, "Blowfish/CBC/NoPadding", P11Cipher, |
673 m(CKM_BLOWFISH_CBC)); |
707 m(CKM_BLOWFISH_CBC)); |
674 d(CIP, "Blowfish/CBC/PKCS5Padding", P11Cipher, |
708 d(CIP, "Blowfish/CBC/PKCS5Padding", P11Cipher, |
675 m(CKM_BLOWFISH_CBC)); |
709 m(CKM_BLOWFISH_CBC)); |
676 |
710 |
677 // XXX RSA_X_509, RSA_OAEP not yet supported |
|
678 d(CIP, "RSA/ECB/PKCS1Padding", P11RSACipher, s("RSA"), |
711 d(CIP, "RSA/ECB/PKCS1Padding", P11RSACipher, s("RSA"), |
679 m(CKM_RSA_PKCS)); |
712 m(CKM_RSA_PKCS)); |
680 d(CIP, "RSA/ECB/NoPadding", P11RSACipher, |
713 d(CIP, "RSA/ECB/NoPadding", P11RSACipher, |
681 m(CKM_RSA_X_509)); |
714 m(CKM_RSA_X_509)); |
682 |
715 |
684 m(CKM_DSA)); |
717 m(CKM_DSA)); |
685 d(SIG, "DSA", P11Signature, |
718 d(SIG, "DSA", P11Signature, |
686 s("SHA1withDSA", "1.3.14.3.2.13", "1.3.14.3.2.27", |
719 s("SHA1withDSA", "1.3.14.3.2.13", "1.3.14.3.2.27", |
687 "1.2.840.10040.4.3", "OID.1.2.840.10040.4.3"), |
720 "1.2.840.10040.4.3", "OID.1.2.840.10040.4.3"), |
688 m(CKM_DSA_SHA1, CKM_DSA)); |
721 m(CKM_DSA_SHA1, CKM_DSA)); |
|
722 d(SIG, "SHA224withDSA", P11Signature, |
|
723 s("2.16.840.1.101.3.4.3.1", "OID.2.16.840.1.101.3.4.3.1"), |
|
724 m(CKM_DSA_SHA224)); |
|
725 d(SIG, "SHA256withDSA", P11Signature, |
|
726 s("2.16.840.1.101.3.4.3.2", "OID.2.16.840.1.101.3.4.3.2"), |
|
727 m(CKM_DSA_SHA256)); |
|
728 d(SIG, "SHA384withDSA", P11Signature, |
|
729 s("2.16.840.1.101.3.4.3.3", "OID.2.16.840.1.101.3.4.3.3"), |
|
730 m(CKM_DSA_SHA384)); |
|
731 d(SIG, "SHA512withDSA", P11Signature, |
|
732 s("2.16.840.1.101.3.4.3.4", "OID.2.16.840.1.101.3.4.3.4"), |
|
733 m(CKM_DSA_SHA512)); |
689 d(SIG, "RawDSAinP1363Format", P11Signature, |
734 d(SIG, "RawDSAinP1363Format", P11Signature, |
690 s("NONEwithDSAinP1363Format"), |
735 s("NONEwithDSAinP1363Format"), |
691 m(CKM_DSA)); |
736 m(CKM_DSA)); |
692 d(SIG, "DSAinP1363Format", P11Signature, |
737 d(SIG, "DSAinP1363Format", P11Signature, |
693 s("SHA1withDSAinP1363Format"), |
738 s("SHA1withDSAinP1363Format"), |
694 m(CKM_DSA_SHA1, CKM_DSA)); |
739 m(CKM_DSA_SHA1, CKM_DSA)); |
|
740 |
695 d(SIG, "NONEwithECDSA", P11Signature, |
741 d(SIG, "NONEwithECDSA", P11Signature, |
696 m(CKM_ECDSA)); |
742 m(CKM_ECDSA)); |
697 d(SIG, "SHA1withECDSA", P11Signature, |
743 d(SIG, "SHA1withECDSA", P11Signature, |
698 s("ECDSA", "1.2.840.10045.4.1", "OID.1.2.840.10045.4.1"), |
744 s("ECDSA", "1.2.840.10045.4.1", "OID.1.2.840.10045.4.1"), |
699 m(CKM_ECDSA_SHA1, CKM_ECDSA)); |
745 m(CKM_ECDSA_SHA1, CKM_ECDSA)); |
741 s("1.2.840.113549.1.1.12", "OID.1.2.840.113549.1.1.12"), |
787 s("1.2.840.113549.1.1.12", "OID.1.2.840.113549.1.1.12"), |
742 m(CKM_SHA384_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); |
788 m(CKM_SHA384_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); |
743 d(SIG, "SHA512withRSA", P11Signature, |
789 d(SIG, "SHA512withRSA", P11Signature, |
744 s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"), |
790 s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"), |
745 m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); |
791 m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); |
|
792 d(SIG, "RSASSA-PSS", P11PSSSignature, |
|
793 s("1.2.840.113549.1.1.10", "OID.1.2.840.113549.1.1.10"), |
|
794 m(CKM_RSA_PKCS_PSS)); |
|
795 d(SIG, "SHA1withRSASSA-PSS", P11PSSSignature, |
|
796 m(CKM_SHA1_RSA_PKCS_PSS)); |
|
797 d(SIG, "SHA224withRSASSA-PSS", P11PSSSignature, |
|
798 m(CKM_SHA224_RSA_PKCS_PSS)); |
|
799 d(SIG, "SHA256withRSASSA-PSS", P11PSSSignature, |
|
800 m(CKM_SHA256_RSA_PKCS_PSS)); |
|
801 d(SIG, "SHA384withRSASSA-PSS", P11PSSSignature, |
|
802 m(CKM_SHA384_RSA_PKCS_PSS)); |
|
803 d(SIG, "SHA512withRSASSA-PSS", P11PSSSignature, |
|
804 m(CKM_SHA512_RSA_PKCS_PSS)); |
746 |
805 |
747 d(KG, "SunTlsRsaPremasterSecret", |
806 d(KG, "SunTlsRsaPremasterSecret", |
748 "sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator", |
807 "sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator", |
749 s("SunTls12RsaPremasterSecret"), |
808 s("SunTls12RsaPremasterSecret"), |
750 m(CKM_SSL3_PRE_MASTER_KEY_GEN, CKM_TLS_PRE_MASTER_KEY_GEN)); |
809 m(CKM_SSL3_PRE_MASTER_KEY_GEN, CKM_TLS_PRE_MASTER_KEY_GEN)); |
851 } |
910 } |
852 }); |
911 }); |
853 createPoller(); |
912 createPoller(); |
854 } |
913 } |
855 |
914 |
|
915 private static boolean isLegacy(CK_MECHANISM_INFO mechInfo) |
|
916 throws PKCS11Exception { |
|
917 // assume full support if no mech info available |
|
918 // For vendor-specific mechanisms, often no mech info is provided |
|
919 boolean partialSupport = false; |
|
920 |
|
921 if (mechInfo != null) { |
|
922 if ((mechInfo.flags & CKF_DECRYPT) != 0) { |
|
923 // non-legacy cipher mechs should support encryption |
|
924 partialSupport |= ((mechInfo.flags & CKF_ENCRYPT) == 0); |
|
925 } |
|
926 if ((mechInfo.flags & CKF_VERIFY) != 0) { |
|
927 // non-legacy signature mechs should support signing |
|
928 partialSupport |= ((mechInfo.flags & CKF_SIGN) == 0); |
|
929 } |
|
930 } |
|
931 return partialSupport; |
|
932 } |
|
933 |
856 // test if a token is present and initialize this provider for it if so. |
934 // test if a token is present and initialize this provider for it if so. |
857 // does nothing if no token is found |
935 // does nothing if no token is found |
858 // called from constructor and by poller |
936 // called from constructor and by poller |
859 private void initToken(CK_SLOT_INFO slotInfo) throws PKCS11Exception { |
937 private void initToken(CK_SLOT_INFO slotInfo) throws PKCS11Exception { |
860 if (slotInfo == null) { |
938 if (slotInfo == null) { |
884 // could be mapped to CKM_DES_CBC_PAD or CKM_DES_CBC. Prefer |
962 // could be mapped to CKM_DES_CBC_PAD or CKM_DES_CBC. Prefer |
885 // the earliest entry. When asked for "DES/CBC/PKCS5Padding", we |
963 // the earliest entry. When asked for "DES/CBC/PKCS5Padding", we |
886 // return a CKM_DES_CBC_PAD. |
964 // return a CKM_DES_CBC_PAD. |
887 final Map<Descriptor,Integer> supportedAlgs = |
965 final Map<Descriptor,Integer> supportedAlgs = |
888 new HashMap<Descriptor,Integer>(); |
966 new HashMap<Descriptor,Integer>(); |
|
967 |
889 for (int i = 0; i < supportedMechanisms.length; i++) { |
968 for (int i = 0; i < supportedMechanisms.length; i++) { |
890 long longMech = supportedMechanisms[i]; |
969 long longMech = supportedMechanisms[i]; |
891 boolean isEnabled = config.isEnabled(longMech); |
970 CK_MECHANISM_INFO mechInfo = token.getMechanismInfo(longMech); |
892 if (showInfo) { |
971 if (showInfo) { |
893 CK_MECHANISM_INFO mechInfo = |
|
894 p11.C_GetMechanismInfo(slotID, longMech); |
|
895 System.out.println("Mechanism " + |
972 System.out.println("Mechanism " + |
896 Functions.getMechanismName(longMech) + ":"); |
973 Functions.getMechanismName(longMech) + ":"); |
897 if (isEnabled == false) { |
974 System.out.println(mechInfo == null? |
|
975 (Constants.INDENT + "info n/a") : |
|
976 mechInfo); |
|
977 } |
|
978 if (!config.isEnabled(longMech)) { |
|
979 if (showInfo) { |
898 System.out.println("DISABLED in configuration"); |
980 System.out.println("DISABLED in configuration"); |
899 } |
981 } |
900 System.out.println(mechInfo); |
|
901 } |
|
902 if (isEnabled == false) { |
|
903 continue; |
982 continue; |
904 } |
983 } |
|
984 if (isLegacy(mechInfo)) { |
|
985 if (showInfo) { |
|
986 System.out.println("DISABLED due to legacy"); |
|
987 } |
|
988 continue; |
|
989 } |
|
990 |
905 // we do not know of mechs with the upper 32 bits set |
991 // we do not know of mechs with the upper 32 bits set |
906 if (longMech >>> 32 != 0) { |
992 if (longMech >>> 32 != 0) { |
|
993 if (showInfo) { |
|
994 System.out.println("DISABLED due to unknown mech value"); |
|
995 } |
907 continue; |
996 continue; |
908 } |
997 } |
909 int mech = (int)longMech; |
998 int mech = (int)longMech; |
910 Integer integerMech = Integer.valueOf(mech); |
999 Integer integerMech = Integer.valueOf(mech); |
911 List<Descriptor> ds = descriptors.get(integerMech); |
1000 List<Descriptor> ds = descriptors.get(integerMech); |
1006 if (type == MD) { |
1095 if (type == MD) { |
1007 return new P11Digest(token, algorithm, mechanism); |
1096 return new P11Digest(token, algorithm, mechanism); |
1008 } else if (type == CIP) { |
1097 } else if (type == CIP) { |
1009 if (algorithm.startsWith("RSA")) { |
1098 if (algorithm.startsWith("RSA")) { |
1010 return new P11RSACipher(token, algorithm, mechanism); |
1099 return new P11RSACipher(token, algorithm, mechanism); |
|
1100 } else if (algorithm.endsWith("GCM/NoPadding")) { |
|
1101 return new P11AEADCipher(token, algorithm, mechanism); |
1011 } else { |
1102 } else { |
1012 return new P11Cipher(token, algorithm, mechanism); |
1103 return new P11Cipher(token, algorithm, mechanism); |
1013 } |
1104 } |
1014 } else if (type == SIG) { |
1105 } else if (type == SIG) { |
1015 return new P11Signature(token, algorithm, mechanism); |
1106 if (algorithm.indexOf("RSASSA-PSS") != -1) { |
|
1107 return new P11PSSSignature(token, algorithm, mechanism); |
|
1108 } else { |
|
1109 return new P11Signature(token, algorithm, mechanism); |
|
1110 } |
1016 } else if (type == MAC) { |
1111 } else if (type == MAC) { |
1017 return new P11Mac(token, algorithm, mechanism); |
1112 return new P11Mac(token, algorithm, mechanism); |
1018 } else if (type == KPG) { |
1113 } else if (type == KPG) { |
1019 return new P11KeyPairGenerator(token, algorithm, mechanism); |
1114 return new P11KeyPairGenerator(token, algorithm, mechanism); |
1020 } else if (type == KA) { |
1115 } else if (type == KA) { |
1049 } else if (type == SR) { |
1144 } else if (type == SR) { |
1050 return token.getRandom(); |
1145 return token.getRandom(); |
1051 } else if (type == KS) { |
1146 } else if (type == KS) { |
1052 return token.getKeyStore(); |
1147 return token.getKeyStore(); |
1053 } else if (type == AGP) { |
1148 } else if (type == AGP) { |
1054 return new sun.security.util.ECParameters(); |
1149 if (algorithm == "EC") { |
|
1150 return new sun.security.util.ECParameters(); |
|
1151 } else if (algorithm == "GCM") { |
|
1152 return new sun.security.util.GCMParameters(); |
|
1153 } else { |
|
1154 throw new NoSuchAlgorithmException("Unsupported algorithm: " |
|
1155 + algorithm); |
|
1156 } |
1055 } else { |
1157 } else { |
1056 throw new NoSuchAlgorithmException("Unknown type: " + type); |
1158 throw new NoSuchAlgorithmException("Unknown type: " + type); |
1057 } |
1159 } |
1058 } |
1160 } |
1059 |
1161 |
1068 String type = getType(); |
1170 String type = getType(); |
1069 Key key = (Key)param; |
1171 Key key = (Key)param; |
1070 String keyAlgorithm = key.getAlgorithm(); |
1172 String keyAlgorithm = key.getAlgorithm(); |
1071 // RSA signatures and cipher |
1173 // RSA signatures and cipher |
1072 if (((type == CIP) && algorithm.startsWith("RSA")) |
1174 if (((type == CIP) && algorithm.startsWith("RSA")) |
1073 || (type == SIG) && algorithm.endsWith("RSA")) { |
1175 || (type == SIG) && (algorithm.indexOf("RSA") != -1)) { |
1074 if (keyAlgorithm.equals("RSA") == false) { |
1176 if (keyAlgorithm.equals("RSA") == false) { |
1075 return false; |
1177 return false; |
1076 } |
1178 } |
1077 return isLocalKey(key) |
1179 return isLocalKey(key) |
1078 || (key instanceof RSAPrivateKey) |
1180 || (key instanceof RSAPrivateKey) |