4589N/A * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * Signature implementation class. This class currently supports the 0N/A * following algorithms: 0N/A * . NONEwithDSA (RawDSA) 0N/A * Note that the underlying PKCS#11 token may support complete signature 0N/A * algorithm (e.g. CKM_DSA_SHA1, CKM_MD5_RSA_PKCS), or it may just 0N/A * implement the signature algorithm without hashing (e.g. CKM_DSA, CKM_PKCS), 0N/A * or it may only implement the raw public key operation (CKM_RSA_X_509). 0N/A * This class uses what is available and adds whatever extra processing 0N/A * @author Andreas Sterbenz 0N/A // name of the key algorithm, currently either RSA or DSA 2234N/A // digest algorithm OID, if we encode RSA signature ourselves 0N/A // type, one of T_* below 0N/A // key instance used, if init*() was called 0N/A // message digest, if we do the digesting ourselves 0N/A // associated session, if any 0N/A // flag indicating whether an operation is initialized 0N/A // buffer, for update(byte) or DSA 0N/A // total number of bytes processed in current operation 0N/A // constant for signing mode 0N/A // constant for verification mode 0N/A // constant for type digesting, we do the hashing ourselves 0N/A // constant for type update, token does everything 0N/A // constant for type raw, used with RawDSA and NONEwithECDSA only 0N/A // XXX PKCS#11 v2.20 says "should not be longer than 1024 bits", 0N/A // but this is a little arbitrary 0N/A // "cancel" operation by finishing it 0N/A // XXX make sure all this always works correctly 0N/A }
else {
// M_VERIFY 0N/A // will fail since the signature is incorrect 0N/A // XXX check error code 0N/A // assumes current state is initialized == false 2234N/A (
"Key is too short for this signature algorithm");
2234N/A // Need to check RSA key length whenever a new key is set 2234N/A // Need to check RSA key length whenever a new key is set 0N/A // cannot do better than default impl 0N/A (
"Data for RawDSA must be exactly 20 bytes long");
0N/A }
else {
// CKM_ECDSA 0N/A (
"Data for RawDSA must be exactly 20 bytes long");
0N/A // return false rather than throwing an exception 0N/A // XXX we should not release the session if we abort above 0N/A // before calling C_Verify 0N/A// private static byte[] decodeSignature(byte[] signature) throws IOException { 0N/A// return RSASignature.decodeSignature(digestOID, signature); 0N/A // For DSA and ECDSA signatures, PKCS#11 represents them as a simple 0N/A // byte array that contains the concatenation of r and s. 0N/A // For DSA, r and s are always exactly 20 bytes long. 0N/A // For ECDSA, r and s are of variable length, but we know that each 0N/A // occupies half of the array. 0N/A // trim leading zeroes 0N/A // r and s each occupy half the array 0N/A byte[]
res =
new byte[k <<
1];
0N/A if ((n ==
len +
1) && (b[
0] ==
0)) {