/** * mask generator function, as described in PKCS1v2. */ private static byte[] maskGeneratorFunction1(final HashAlgoType mgfDigest, final byte[] Z, // CHECKSTYLE:SKIP final int length) { int mgfhLen = mgfDigest.length(); byte[] mask = new byte[length]; int counter = 0; byte[] all = new byte[Z.length + 4]; System.arraycopy(Z, 0, all, 0, Z.length); while (counter < (length / mgfhLen)) { ItoOSP(counter, all, Z.length); byte[] hashBuf = mgfDigest.hash(all); System.arraycopy(hashBuf, 0, mask, counter * mgfhLen, mgfhLen); counter++; } if ((counter * mgfhLen) < length) { ItoOSP(counter, all, Z.length); byte[] hashBuf = mgfDigest.hash(all); int offset = counter * mgfhLen; System.arraycopy(hashBuf, 0, mask, offset, mask.length - offset); } return mask; }
System.arraycopy(salt, 0, mDash, mDash.length - saltLen, saltLen); byte[] hv = contentDigest.hash(mDash); byte[] block = new byte[(emBits + 7) / 8]; block[block.length - saltLen - 1 - hLen - 1] = 0x01;
@Override protected byte[] digestSecretKey0(long mechanism) throws P11TokenException { if (!(signingKey instanceof SecretKey)) { throw new P11TokenException("digestSecretKey could not be applied to non-SecretKey"); } HashAlgoType hashAlgo = HashAlgoType.getInstanceForPkcs11HashMech(mechanism); if (hashAlgo == null) { throw new P11TokenException( "unknown mechanism " + Functions.mechanismCodeToString(mechanism)); } return hashAlgo.hash(((SecretKey) signingKey).getEncoded()); }
private void checkExtensionSubjectKeyIdentifier(final StringBuilder failureMsg, final byte[] extensionValue, final SubjectPublicKeyInfo subjectPublicKeyInfo) { // subjectKeyIdentifier SubjectKeyIdentifier asn1 = SubjectKeyIdentifier.getInstance(extensionValue); byte[] ski = asn1.getKeyIdentifier(); byte[] pkData = subjectPublicKeyInfo.getPublicKeyData().getBytes(); byte[] expectedSki = HashAlgoType.SHA1.hash(pkData); if (!Arrays.equals(expectedSki, ski)) { addViolation(failureMsg, "SKI", hex(ski), hex(expectedSki)); } } // method checkExtensionSubjectKeyIdentifier
throw new XiSecurityException(ex.getMessage(), ex); concurrentSigner.setSha1DigestOfMacKey(HashAlgoType.SHA1.hash(key.getEncoded()));
private byte[] rsaPkcsSign(final byte[] contentToSign, final HashAlgoType hashAlgo) throws P11TokenException { int modulusBitLen = signatureKeyBitLength(); byte[] paddedHash; try { if (hashAlgo == null) { paddedHash = SignerUtil.EMSA_PKCS1_v1_5_encoding(contentToSign, modulusBitLen); } else { byte[] hash = hashAlgo.hash(contentToSign); paddedHash = SignerUtil.EMSA_PKCS1_v1_5_encoding(hash, modulusBitLen, hashAlgo); } } catch (XiSecurityException ex) { throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex); } return rsaX509Sign(paddedHash); }
private byte[] dsaAndEcdsaSign(final byte[] dataToSign, final HashAlgoType hashAlgo) throws P11TokenException { byte[] hash = (hashAlgo == null) ? dataToSign : hashAlgo.hash(dataToSign); ConcurrentBagEntry<Signature> sig0; try { sig0 = dsaSignatures.borrow(5000, TimeUnit.MILLISECONDS); } catch (InterruptedException ex) { throw new P11TokenException( "InterruptedException occurs while retrieving idle signature"); } if (sig0 == null) { throw new P11TokenException("no idle DSA Signature available"); } try { Signature sig = sig0.value(); sig.update(hash); byte[] x962Signature = sig.sign(); return SignerUtil.convertX962DSASigToPlain(x962Signature, signatureKeyBitLength()); } catch (SignatureException ex) { throw new P11TokenException("SignatureException: " + ex.getMessage(), ex); } catch (XiSecurityException ex) { throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex); } finally { dsaSignatures.requite(sig0); } }
byte[] hashValue = (hashAlgo == null) ? contentToSign : hashAlgo.hash(contentToSign); byte[] encodedHashValue; try {