--- a/jdk/src/jdk.crypto.token/share/classes/sun/security/pkcs11/P11Mac.java Tue Jan 24 11:37:32 2017 +0300
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,269 +0,0 @@
-/*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.pkcs11;
-
-import java.util.*;
-import java.nio.ByteBuffer;
-
-import java.security.*;
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.MacSpi;
-
-import sun.nio.ch.DirectBuffer;
-
-import sun.security.pkcs11.wrapper.*;
-import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
-
-/**
- * MAC implementation class. This class currently supports HMAC using
- * MD5, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 and the SSL3 MAC
- * using MD5 and SHA-1.
- *
- * Note that unlike other classes (e.g. Signature), this does not
- * composite various operations if the token only supports part of the
- * required functionality. The MAC implementations in SunJCE already
- * do exactly that by implementing an MAC on top of MessageDigests. We
- * could not do any better than they.
- *
- * @author Andreas Sterbenz
- * @since 1.5
- */
-final class P11Mac extends MacSpi {
-
- /* unitialized, all fields except session have arbitrary values */
- private final static int S_UNINIT = 1;
-
- /* session initialized, no data processed yet */
- private final static int S_RESET = 2;
-
- /* session initialized, data processed */
- private final static int S_UPDATE = 3;
-
- /* transitional state after doFinal() before we go to S_UNINIT */
- private final static int S_DOFINAL = 4;
-
- // token instance
- private final Token token;
-
- // algorithm name
- private final String algorithm;
-
- // mechanism id
- private final long mechanism;
-
- // mechanism object
- private final CK_MECHANISM ckMechanism;
-
- // length of the MAC in bytes
- private final int macLength;
-
- // key instance used, if operation active
- private P11Key p11Key;
-
- // associated session, if any
- private Session session;
-
- // state, one of S_* above
- private int state;
-
- // one byte buffer for the update(byte) method, initialized on demand
- private byte[] oneByte;
-
- P11Mac(Token token, String algorithm, long mechanism)
- throws PKCS11Exception {
- super();
- this.token = token;
- this.algorithm = algorithm;
- this.mechanism = mechanism;
- Long params = null;
- switch ((int)mechanism) {
- case (int)CKM_MD5_HMAC:
- macLength = 16;
- break;
- case (int)CKM_SHA_1_HMAC:
- macLength = 20;
- break;
- case (int)CKM_SHA224_HMAC:
- macLength = 28;
- break;
- case (int)CKM_SHA256_HMAC:
- macLength = 32;
- break;
- case (int)CKM_SHA384_HMAC:
- macLength = 48;
- break;
- case (int)CKM_SHA512_HMAC:
- macLength = 64;
- break;
- case (int)CKM_SSL3_MD5_MAC:
- macLength = 16;
- params = Long.valueOf(16);
- break;
- case (int)CKM_SSL3_SHA1_MAC:
- macLength = 20;
- params = Long.valueOf(20);
- break;
- default:
- throw new ProviderException("Unknown mechanism: " + mechanism);
- }
- ckMechanism = new CK_MECHANISM(mechanism, params);
- state = S_UNINIT;
- initialize();
- }
-
- private void ensureInitialized() throws PKCS11Exception {
- token.ensureValid();
- if (state == S_UNINIT) {
- initialize();
- }
- }
-
- private void cancelOperation() {
- token.ensureValid();
- if (state == S_UNINIT) {
- return;
- }
- state = S_UNINIT;
- if ((session == null) || (token.explicitCancel == false)) {
- return;
- }
- try {
- token.p11.C_SignFinal(session.id(), 0);
- } catch (PKCS11Exception e) {
- throw new ProviderException("Cancel failed", e);
- }
- }
-
- private void initialize() throws PKCS11Exception {
- if (state == S_RESET) {
- return;
- }
- if (session == null) {
- session = token.getOpSession();
- }
- if (p11Key != null) {
- token.p11.C_SignInit
- (session.id(), ckMechanism, p11Key.keyID);
- state = S_RESET;
- } else {
- state = S_UNINIT;
- }
- }
-
- // see JCE spec
- protected int engineGetMacLength() {
- return macLength;
- }
-
- // see JCE spec
- protected void engineReset() {
- // the framework insists on calling reset() after doFinal(),
- // but we prefer to take care of reinitialization ourselves
- if (state == S_DOFINAL) {
- state = S_UNINIT;
- return;
- }
- cancelOperation();
- try {
- initialize();
- } catch (PKCS11Exception e) {
- throw new ProviderException("reset() failed, ", e);
- }
- }
-
- // see JCE spec
- protected void engineInit(Key key, AlgorithmParameterSpec params)
- throws InvalidKeyException, InvalidAlgorithmParameterException {
- if (params != null) {
- throw new InvalidAlgorithmParameterException
- ("Parameters not supported");
- }
- cancelOperation();
- p11Key = P11SecretKeyFactory.convertKey(token, key, algorithm);
- try {
- initialize();
- } catch (PKCS11Exception e) {
- throw new InvalidKeyException("init() failed", e);
- }
- }
-
- // see JCE spec
- protected byte[] engineDoFinal() {
- try {
- ensureInitialized();
- byte[] mac = token.p11.C_SignFinal(session.id(), 0);
- state = S_DOFINAL;
- return mac;
- } catch (PKCS11Exception e) {
- throw new ProviderException("doFinal() failed", e);
- } finally {
- session = token.releaseSession(session);
- }
- }
-
- // see JCE spec
- protected void engineUpdate(byte input) {
- if (oneByte == null) {
- oneByte = new byte[1];
- }
- oneByte[0] = input;
- engineUpdate(oneByte, 0, 1);
- }
-
- // see JCE spec
- protected void engineUpdate(byte[] b, int ofs, int len) {
- try {
- ensureInitialized();
- token.p11.C_SignUpdate(session.id(), 0, b, ofs, len);
- state = S_UPDATE;
- } catch (PKCS11Exception e) {
- throw new ProviderException("update() failed", e);
- }
- }
-
- // see JCE spec
- protected void engineUpdate(ByteBuffer byteBuffer) {
- try {
- ensureInitialized();
- int len = byteBuffer.remaining();
- if (len <= 0) {
- return;
- }
- if (byteBuffer instanceof DirectBuffer == false) {
- super.engineUpdate(byteBuffer);
- return;
- }
- long addr = ((DirectBuffer)byteBuffer).address();
- int ofs = byteBuffer.position();
- token.p11.C_SignUpdate(session.id(), addr + ofs, null, 0, len);
- byteBuffer.position(ofs + len);
- state = S_UPDATE;
- } catch (PKCS11Exception e) {
- throw new ProviderException("update() failed", e);
- }
- }
-}