--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java Mon Jan 23 11:49:01 2017 -0800
@@ -0,0 +1,325 @@
+/*
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.pkcs11;
+
+import java.util.*;
+import java.nio.ByteBuffer;
+
+import java.security.*;
+
+import javax.crypto.SecretKey;
+
+import sun.nio.ch.DirectBuffer;
+
+import sun.security.util.MessageDigestSpi2;
+
+import sun.security.pkcs11.wrapper.*;
+import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
+
+/**
+ * MessageDigest implementation class. This class currently supports
+ * MD2, MD5, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512.
+ *
+ * Note that many digest operations are on fairly small amounts of data
+ * (less than 100 bytes total). For example, the 2nd hashing in HMAC or
+ * the PRF in TLS. In order to speed those up, we use some buffering to
+ * minimize number of the Java->native transitions.
+ *
+ * @author Andreas Sterbenz
+ * @since 1.5
+ */
+final class P11Digest extends MessageDigestSpi implements Cloneable,
+ MessageDigestSpi2 {
+
+ /* fields initialized, no session acquired */
+ private final static int S_BLANK = 1;
+
+ /* data in buffer, session acquired, but digest not initialized */
+ private final static int S_BUFFERED = 2;
+
+ /* session initialized for digesting */
+ private final static int S_INIT = 3;
+
+ private final static int BUFFER_SIZE = 96;
+
+ // token instance
+ private final Token token;
+
+ // algorithm name
+ private final String algorithm;
+
+ // mechanism id object
+ private final CK_MECHANISM mechanism;
+
+ // length of the digest in bytes
+ private final int digestLength;
+
+ // associated session, if any
+ private Session session;
+
+ // current state, one of S_* above
+ private int state;
+
+ // buffer to reduce number of JNI calls
+ private byte[] buffer;
+
+ // offset into the buffer
+ private int bufOfs;
+
+ P11Digest(Token token, String algorithm, long mechanism) {
+ super();
+ this.token = token;
+ this.algorithm = algorithm;
+ this.mechanism = new CK_MECHANISM(mechanism);
+ switch ((int)mechanism) {
+ case (int)CKM_MD2:
+ case (int)CKM_MD5:
+ digestLength = 16;
+ break;
+ case (int)CKM_SHA_1:
+ digestLength = 20;
+ break;
+ case (int)CKM_SHA224:
+ digestLength = 28;
+ break;
+ case (int)CKM_SHA256:
+ digestLength = 32;
+ break;
+ case (int)CKM_SHA384:
+ digestLength = 48;
+ break;
+ case (int)CKM_SHA512:
+ digestLength = 64;
+ break;
+ default:
+ throw new ProviderException("Unknown mechanism: " + mechanism);
+ }
+ buffer = new byte[BUFFER_SIZE];
+ state = S_BLANK;
+ }
+
+ // see JCA spec
+ protected int engineGetDigestLength() {
+ return digestLength;
+ }
+
+ private void fetchSession() {
+ token.ensureValid();
+ if (state == S_BLANK) {
+ try {
+ session = token.getOpSession();
+ state = S_BUFFERED;
+ } catch (PKCS11Exception e) {
+ throw new ProviderException("No more session available", e);
+ }
+ }
+ }
+
+ // see JCA spec
+ protected void engineReset() {
+ token.ensureValid();
+
+ if (session != null) {
+ if (state == S_INIT && token.explicitCancel == true) {
+ session = token.killSession(session);
+ } else {
+ session = token.releaseSession(session);
+ }
+ }
+ state = S_BLANK;
+ bufOfs = 0;
+ }
+
+ // see JCA spec
+ protected byte[] engineDigest() {
+ try {
+ byte[] digest = new byte[digestLength];
+ int n = engineDigest(digest, 0, digestLength);
+ return digest;
+ } catch (DigestException e) {
+ throw new ProviderException("internal error", e);
+ }
+ }
+
+ // see JCA spec
+ protected int engineDigest(byte[] digest, int ofs, int len)
+ throws DigestException {
+ if (len < digestLength) {
+ throw new DigestException("Length must be at least " +
+ digestLength);
+ }
+
+ fetchSession();
+ try {
+ int n;
+ if (state == S_BUFFERED) {
+ n = token.p11.C_DigestSingle(session.id(), mechanism, buffer, 0,
+ bufOfs, digest, ofs, len);
+ bufOfs = 0;
+ } else {
+ if (bufOfs != 0) {
+ token.p11.C_DigestUpdate(session.id(), 0, buffer, 0,
+ bufOfs);
+ bufOfs = 0;
+ }
+ n = token.p11.C_DigestFinal(session.id(), digest, ofs, len);
+ }
+ if (n != digestLength) {
+ throw new ProviderException("internal digest length error");
+ }
+ return n;
+ } catch (PKCS11Exception e) {
+ throw new ProviderException("digest() failed", e);
+ } finally {
+ engineReset();
+ }
+ }
+
+ // see JCA spec
+ protected void engineUpdate(byte in) {
+ byte[] temp = { in };
+ engineUpdate(temp, 0, 1);
+ }
+
+ // see JCA spec
+ protected void engineUpdate(byte[] in, int ofs, int len) {
+ if (len <= 0) {
+ return;
+ }
+
+ fetchSession();
+ try {
+ if (state == S_BUFFERED) {
+ token.p11.C_DigestInit(session.id(), mechanism);
+ state = S_INIT;
+ }
+ if ((bufOfs != 0) && (bufOfs + len > buffer.length)) {
+ // process the buffered data
+ token.p11.C_DigestUpdate(session.id(), 0, buffer, 0, bufOfs);
+ bufOfs = 0;
+ }
+ if (bufOfs + len > buffer.length) {
+ // process the new data
+ token.p11.C_DigestUpdate(session.id(), 0, in, ofs, len);
+ } else {
+ // buffer the new data
+ System.arraycopy(in, ofs, buffer, bufOfs, len);
+ bufOfs += len;
+ }
+ } catch (PKCS11Exception e) {
+ engineReset();
+ throw new ProviderException("update() failed", e);
+ }
+ }
+
+ // Called by SunJSSE via reflection during the SSL 3.0 handshake if
+ // the master secret is sensitive.
+ // Note: Change to protected after this method is moved from
+ // sun.security.util.MessageSpi2 interface to
+ // java.security.MessageDigestSpi class
+ public void engineUpdate(SecretKey key) throws InvalidKeyException {
+ // SunJSSE calls this method only if the key does not have a RAW
+ // encoding, i.e. if it is sensitive. Therefore, no point in calling
+ // SecretKeyFactory to try to convert it. Just verify it ourselves.
+ if (key instanceof P11Key == false) {
+ throw new InvalidKeyException("Not a P11Key: " + key);
+ }
+ P11Key p11Key = (P11Key)key;
+ if (p11Key.token != token) {
+ throw new InvalidKeyException("Not a P11Key of this provider: " +
+ key);
+ }
+
+ fetchSession();
+ try {
+ if (state == S_BUFFERED) {
+ token.p11.C_DigestInit(session.id(), mechanism);
+ state = S_INIT;
+ }
+
+ if (bufOfs != 0) {
+ token.p11.C_DigestUpdate(session.id(), 0, buffer, 0, bufOfs);
+ bufOfs = 0;
+ }
+ token.p11.C_DigestKey(session.id(), p11Key.keyID);
+ } catch (PKCS11Exception e) {
+ engineReset();
+ throw new ProviderException("update(SecretKey) failed", e);
+ }
+ }
+
+ // see JCA spec
+ protected void engineUpdate(ByteBuffer byteBuffer) {
+ int len = byteBuffer.remaining();
+ if (len <= 0) {
+ return;
+ }
+
+ if (byteBuffer instanceof DirectBuffer == false) {
+ super.engineUpdate(byteBuffer);
+ return;
+ }
+
+ fetchSession();
+ long addr = ((DirectBuffer)byteBuffer).address();
+ int ofs = byteBuffer.position();
+ try {
+ if (state == S_BUFFERED) {
+ token.p11.C_DigestInit(session.id(), mechanism);
+ state = S_INIT;
+ }
+ if (bufOfs != 0) {
+ token.p11.C_DigestUpdate(session.id(), 0, buffer, 0, bufOfs);
+ bufOfs = 0;
+ }
+ token.p11.C_DigestUpdate(session.id(), addr + ofs, null, 0, len);
+ byteBuffer.position(ofs + len);
+ } catch (PKCS11Exception e) {
+ engineReset();
+ throw new ProviderException("update() failed", e);
+ }
+ }
+
+ public Object clone() throws CloneNotSupportedException {
+ P11Digest copy = (P11Digest) super.clone();
+ copy.buffer = buffer.clone();
+ try {
+ if (session != null) {
+ copy.session = copy.token.getOpSession();
+ }
+ if (state == S_INIT) {
+ byte[] stateValues =
+ token.p11.C_GetOperationState(session.id());
+ token.p11.C_SetOperationState(copy.session.id(),
+ stateValues, 0, 0);
+ }
+ } catch (PKCS11Exception e) {
+ throw (CloneNotSupportedException)
+ (new CloneNotSupportedException(algorithm).initCause(e));
+ }
+ return copy;
+ }
+}