/** * mask generator function, as described in PKCS1v2. */ // CHECKSTYLE:SKIP private static byte[] maskGeneratorFunction1(HashAlgo mgfDigest, byte[] Z, int length) { int mgfhLen = mgfDigest.getLength(); byte[] mask = new byte[length]; int counter = 0; byte[] all = new byte[Z.length + 4]; System.arraycopy(Z, 0, all, 0, Z.length); while (counter < (length / mgfhLen)) { ItoOSP(counter, all, Z.length); byte[] hashBuf = mgfDigest.hash(all); System.arraycopy(hashBuf, 0, mask, counter * mgfhLen, mgfhLen); counter++; } if ((counter * mgfhLen) < length) { ItoOSP(counter, all, Z.length); byte[] hashBuf = mgfDigest.hash(all); int offset = counter * mgfhLen; System.arraycopy(hashBuf, 0, mask, offset, mask.length - offset); } return mask; }
public static byte[] EMSA_PSS_ENCODE(HashAlgo contentDigest, byte[] hashValue, HashAlgo mgfDigest, int saltLen, int modulusBitLength, SecureRandom random) throws XiSecurityException { final int hLen = contentDigest.getLength(); final byte[] salt = new byte[saltLen]; final byte[] mDash = new byte[8 + saltLen + hLen]; final byte trailer = (byte)0xBC; if (hashValue.length != hLen) { throw new XiSecurityException("hashValue.length is incorrect: " + hashValue.length + " != " + hLen); } int emBits = modulusBitLength - 1; if (emBits < (8 * hLen + 8 * saltLen + 9)) { throw new IllegalArgumentException("key too small for specified hash and salt lengths"); } System.arraycopy(hashValue, 0, mDash, mDash.length - hLen - saltLen, hLen); random.nextBytes(salt); System.arraycopy(salt, 0, mDash, mDash.length - saltLen, saltLen); byte[] hv = contentDigest.hash(mDash); byte[] block = new byte[(emBits + 7) / 8]; block[block.length - saltLen - 1 - hLen - 1] = 0x01; System.arraycopy(salt, 0, block, block.length - saltLen - hLen - 1, saltLen); byte[] dbMask = maskGeneratorFunction1(mgfDigest, hv, block.length - hLen - 1); for (int i = 0; i != dbMask.length; i++) { block[i] ^= dbMask[i]; } block[0] &= (0xff >> ((block.length * 8) - emBits)); System.arraycopy(hv, 0, block, block.length - hLen - 1, hLen); block[block.length - 1] = trailer; return block; }
@Override protected byte[] digestSecretKey0(long mechanism) throws P11TokenException { if (!(signingKey instanceof SecretKey)) { throw new P11TokenException("digestSecretKey could not be applied to non-SecretKey"); } HashAlgo hashAlgo = getHashAlgoForPkcs11HashMech(mechanism); if (hashAlgo == null) { throw new P11TokenException( "unknown mechanism " + Functions.mechanismCodeToString(mechanism)); } return hashAlgo.hash(((SecretKey) signingKey).getEncoded()); }
MyEntry(BigInteger certReqId, long waitForConfirmTill, CertificateInfo certInfo) { this.certReqId = Args.notNull(certReqId, "certReqId"); this.certInfo = Args.notNull(certInfo, "certInfo"); this.waitForConfirmTill = waitForConfirmTill; this.certHash = HashAlgo.SHA1.hash(certInfo.getCert().getEncodedCert()); }
private byte[] rsaPkcsSign(byte[] contentToSign, HashAlgo hashAlgo) throws P11TokenException { int modulusBitLen = getSignatureKeyBitLength(); byte[] paddedHash; try { if (hashAlgo == null) { paddedHash = SignerUtil.EMSA_PKCS1_v1_5_encoding(contentToSign, modulusBitLen); } else { byte[] hash = hashAlgo.hash(contentToSign); paddedHash = SignerUtil.EMSA_PKCS1_v1_5_encoding(hash, modulusBitLen, hashAlgo); } } catch (XiSecurityException ex) { throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex); } return rsaX509Sign(paddedHash); }
throw new XiSecurityException(ex.getMessage(), ex); concurrentSigner.setSha1DigestOfMacKey(HashAlgo.SHA1.hash(key.getEncoded()));
public void setDbEntry(MgmtEntry.Requestor dbEntry, PasswordResolver passwordResolver) { this.dbEntry = Args.notNull(dbEntry, "dbEntry"); String type = dbEntry.getType(); String conf = dbEntry.getConf(); dbEntry.setFaulty(true); if (MgmtEntry.Requestor.TYPE_CERT.equalsIgnoreCase(type)) { try { X509Certificate x509Cert = X509Util.parseCert(conf.getBytes()); dbEntry.setFaulty(false); this.cert = new CertWithDbId(x509Cert); } catch (CertificateException ex) { LogUtil.error(LOG, ex, "error while parsing certificate of requestor" + dbEntry.getIdent()); } } else if (MgmtEntry.Requestor.TYPE_PBM.equalsIgnoreCase(type)) { try { this.keyId = HashAlgo.SHA1.hash(dbEntry.getIdent().getName().getBytes("UTF-8")); this.password = passwordResolver.resolvePassword(conf); dbEntry.setFaulty(false); } catch (PasswordResolverException | UnsupportedEncodingException ex) { LogUtil.error(LOG, ex, "error while resolve password of requestor" + dbEntry.getIdent()); } } }
private byte[] dsaAndEcdsaSign(byte[] dataToSign, HashAlgo hashAlgo) throws P11TokenException { byte[] hash = (hashAlgo == null) ? dataToSign : hashAlgo.hash(dataToSign); ConcurrentBagEntry<Signature> sig0; try { sig0 = dsaSignatures.borrow(5000, TimeUnit.MILLISECONDS); } catch (InterruptedException ex) { throw new P11TokenException("InterruptedException occurs while retrieving idle signature"); } if (sig0 == null) { throw new P11TokenException("no idle DSA Signature available"); } try { Signature sig = sig0.value(); sig.update(hash); byte[] x962Signature = sig.sign(); return SignerUtil.dsaSigX962ToPlain(x962Signature, getSignatureKeyBitLength()); } catch (SignatureException ex) { throw new P11TokenException("SignatureException: " + ex.getMessage(), ex); } catch (XiSecurityException ex) { throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex); } finally { dsaSignatures.requite(sig0); } }
byte[] spkiSha1 = HashAlgo.SHA1.hash( cert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes()); if (Arrays.equals(respIdByKey, spkiSha1)) {
byte[] spkiSha1 = HashAlgo.SHA1.hash( cert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes()); if (Arrays.equals(respIdByKey, spkiSha1)) {
if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) { byte[] encodedSpki = publicKeyInfo.getPublicKeyData().getBytes(); byte[] skiValue = HashAlgo.SHA1.hash(encodedSpki); SubjectKeyIdentifier value = new SubjectKeyIdentifier(skiValue); addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
private byte[] rsaPkcsPssSign(P11Params parameters, byte[] contentToSign, HashAlgo hashAlgo) throws P11TokenException { if (!(parameters instanceof P11Params.P11RSAPkcsPssParams)) { throw new P11TokenException("the parameters is not of " + P11Params.P11RSAPkcsPssParams.class.getName()); } P11Params.P11RSAPkcsPssParams pssParam = (P11Params.P11RSAPkcsPssParams) parameters; HashAlgo contentHash = getHashAlgoForPkcs11HashMech(pssParam.getHashAlgorithm()); if (contentHash == null) { throw new P11TokenException("unsupported HashAlgorithm " + pssParam.getHashAlgorithm()); } else if (hashAlgo != null && contentHash != hashAlgo) { throw new P11TokenException("Invalid parameters: invalid hash algorithm"); } HashAlgo mgfHash = getHashAlgoForPkcs11MgfMech( pssParam.getMaskGenerationFunction()); if (mgfHash == null) { throw new P11TokenException( "unsupported MaskGenerationFunction " + pssParam.getHashAlgorithm()); } byte[] hashValue = (hashAlgo == null) ? contentToSign : hashAlgo.hash(contentToSign); byte[] encodedHashValue; try { encodedHashValue = SignerUtil.EMSA_PSS_ENCODE(contentHash, hashValue, mgfHash, (int) pssParam.getSaltLength(), getSignatureKeyBitLength(), random); } catch (XiSecurityException ex) { throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex); } return rsaX509Sign(encodedHashValue); }