• Home
• com.github.unbound-tech
• unbound-java-provider
• 2.0.2007.46455
• source code
• PKCS11MacOper.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.unbound.client.pkcs11.PKCS11MacOper Maven / Gradle / Ivy

package com.unbound.client.pkcs11;

import com.dyadicsec.cryptoki.*;
import com.unbound.client.MacOper;
import com.unbound.client.ObjectType;

import java.security.ProviderException;

public final class PKCS11MacOper extends MacOper
{
  CK_MECHANISM mechanism = null;
  private int getKeyHandle() { return ((PKCS11Object)keyObject).handle; }
  private CK_SESSION_HANDLE getSessionHandle() { return ((PKCS11Session)session).getHandle(); }
  private void markOperationStarted() { ((PKCS11Session)session).setOperationInProgress(true); }
  private void markOperationFinished() { ((PKCS11Session)session).setOperationInProgress(false); }

  @Override
  public void reset()
  {
    mechanism = null;
    super.reset();
  }

  private void checkMechanism()
  {
    if (mechanism!=null) return;

    try
    {
      Object parameter = null;
      ObjectType objectType = ((PKCS11Object)keyObject).objectType;
      int mech = mode.getPkcs11(objectType, hashType);

      switch (mech)
      {
        case CK.CKM_SHA_1_HMAC:
        case CK.CKM_SHA256_HMAC:
        case CK.CKM_SHA384_HMAC:
        case CK.CKM_SHA512_HMAC:
        case CK.CKM_SHA1_KEY_DERIVATION:
        case CK.CKM_SHA256_KEY_DERIVATION:
        case CK.CKM_SHA384_KEY_DERIVATION:
        case CK.CKM_SHA512_KEY_DERIVATION:
          break;

        case CK.CKM_AES_CCM:
          {
            CK_CCM_PARAMS params = new CK_CCM_PARAMS();
            params.ulMACLen = tagLen;
            params.ulDataLen = dataLen;
            params.pNonce = iv;
            params.pAAD = auth;
            parameter = params;
          }
          break;

        case CK.CKM_AES_GCM:
          {
            CK_GCM_PARAMS params = new CK_GCM_PARAMS();
            params.ulTagBits = tagLen*8;
            params.pAAD = auth;
            params.pIv = iv;
            parameter = params;
          }
          break;

        case CK.DYCKM_DES3_X919_MAC:
          parameter = iv;
          break;

        default:
          throw new ProviderException("Unsupported MAC mechanism");
      }
      mechanism = new CK_MECHANISM(mech, parameter);

      Library.C_SignInit(getSessionHandle(), mechanism, getKeyHandle());
      markOperationStarted();
    }
    catch (CKR_Exception e) { throw new ProviderException(e); }
  }

  @Override
  protected void hwUpdateMac(byte[] in)
  {
    try
    {
      checkMechanism();
      Library.C_SignUpdate(getSessionHandle(), in);
    }
    catch (CKR_Exception e) { throw new ProviderException(e); }
  }

  @Override
  protected byte[] hwFinalMac(byte[] in)
  {
    if (mechanism==null) return hwMac(in);

    try
    {
      checkMechanism();
      if (in!=null && in.length!=0) hwUpdateMac(in);
      byte[] out = Library.C_SignFinal(getSessionHandle());
      markOperationFinished();
      return out;
    }
    catch (CKR_Exception e) { throw new ProviderException(e); }
  }

  @Override
  protected byte[] hwMac(byte[] in)
  {
    try
    {
      checkMechanism();
      byte[] out = Library.C_Sign(getSessionHandle(), in);
      markOperationFinished();
      return out;
    }
    catch (CKR_Exception e) { throw new ProviderException(e); }
  }

}