지돌이의 블로그 입니다!

Test Code:

import sun.security.pkcs11.SunPKCS11;
import sun.security.pkcs11.wrapper.PKCS11;
import sun.security.pkcs11.wrapper.PKCS11Exception;

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.security.auth.login.FailedLoginException;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.UnrecoverableKeyException;

public class TestMain {
    public static void main(String[] args) throws Exception {
        TestMain app = new TestMain();
        app.run();
    }

    private boolean checkFailedLoginException(Throwable e){
        if(e instanceof FailedLoginException) {
            return true;
        }
        if(e.getCause() != null) {
            return checkFailedLoginException(e.getCause());
        }
        return false;
    }

    String dumpbin(byte[] input) {
        StringBuilder sb = new StringBuilder();
        for(byte a : input) {
            sb.append(String.format("%02x ", a & 0xff));
        }
        return sb.toString();
    }

    void run() throws Exception {
        SunPKCS11 p11Provider = new SunPKCS11("G:\\java-etoken-0.cfg");
        KeyStore keyStore = KeyStore.getInstance("PKCS11", p11Provider);
        try {
            keyStore.load(null, "P@ssw0rd".toCharArray());
        }catch (IOException loadException){
            if(checkFailedLoginException(loadException)) {
                System.err.println("LOGIN FAILED");
                return ;
            }else{
                throw loadException;
            }
        }

        Key key = keyStore.getKey("test-aes-1", null);
        System.out.println("key => " + key.getAlgorithm() + " / " + key.getFormat() + " / " + key);

        for(int i=0; i<4; i++) {
            long begin = System.nanoTime();
            Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding", p11Provider);
            cipher.init(Cipher.ENCRYPT_MODE, key);
            System.out.println("IV => " + dumpbin(cipher.getIV()));
            byte[] out = cipher.doFinal("0123456789abcdef0123456789abcdef".getBytes());
            System.out.println("IV => " + dumpbin(cipher.getIV()));
            long end = System.nanoTime();
            long diff = end - begin;
            System.out.println("DIFF = " + (((double) diff) / 1000000));
            System.out.println("dumpbin => " + out.length + " / " + dumpbin(out));
        }
    }
}

결과

key => AES / null / SunPKCS11-eToken AES secret key, 0 bits (id 236257286, token object, not sensitive, unextractable)
IV => 5f 89 21 65 63 56 05 2f 30 74 16 bd ed c3 53 48 
IV => 5f 89 21 65 63 56 05 2f 30 74 16 bd ed c3 53 48 
DIFF = 4196.6191
dumpbin => 32 / db e4 66 14 9f ff e8 23 8e 82 f4 0b f7 21 8a 70 f3 ef 6d a0 90 14 48 2d 7f 8b 91 9c a7 21 3f 95 
IV => 0e a3 14 ff 4c 80 94 5f 7a f0 dd b4 37 cf bc b5 
IV => 0e a3 14 ff 4c 80 94 5f 7a f0 dd b4 37 cf bc b5 
DIFF = 3.1933
dumpbin => 32 / c4 23 3c 93 8d f7 b4 8a 66 fb 8c 82 b5 27 b3 54 b4 df 8f 32 39 dc 5e 3a 93 db a4 55 5e 39 d4 f1 
IV => 40 49 64 32 f9 bd d4 43 65 eb 44 bc 9f 5d b9 c2 
IV => 40 49 64 32 f9 bd d4 43 65 eb 44 bc 9f 5d b9 c2 
DIFF = 2.836
dumpbin => 32 / ac 9c e5 68 da a4 f7 bd 4f d4 40 40 d0 c7 c0 20 90 b6 49 fb 9b 87 ac 80 3a 28 b6 75 38 8e 71 5f 
IV => c9 65 8c f3 06 80 80 5d 86 ff 85 55 44 9c 68 d6 
IV => c9 65 8c f3 06 80 80 5d 86 ff 85 55 44 9c 68 d6 
DIFF = 2.9097
dumpbin => 32 / 60 0d 1f b3 b7 db 85 1e e2 f9 99 3d 0d b2 5b 74 a5 dc 51 ba 6f fd a8 2b 9f 7f 77 75 62 7a 26 cd 

첫번째는 초기화(?) 때문에 4초란 오랜 시간이 걸리고..

동일한 Session에서는 이후 4ms 이하의 시간이 걸리는 듯 한다.

참고로 AES 256bit의 Key이다.

전에 SafeNet 5110으로 Key pair generate 테스트 할 때 시간이 오래 걸렸었는데 초기화 시간이 포함된 시간이었다.

Comment +0