1 /* 2 * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.pkcs11; 27 28 import java.security.*; 29 import java.security.spec.AlgorithmParameterSpec; 30 31 import javax.crypto.*; 32 import javax.crypto.spec.*; 33 34 import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec; 35 36 import static sun.security.pkcs11.TemplateManager.*; 37 import sun.security.pkcs11.wrapper.*; 38 import static sun.security.pkcs11.wrapper.PKCS11Constants.*; 39 40 /** 41 * KeyGenerator for the SSL/TLS RSA premaster secret. 42 * 43 * @author Andreas Sterbenz 44 * @since 1.6 45 */ 46 final class P11TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi { 47 48 private final static String MSG = "TlsRsaPremasterSecretGenerator must be " 49 + "initialized using a TlsRsaPremasterSecretParameterSpec"; 50 51 // token instance 52 private final Token token; 53 54 // algorithm name 55 private final String algorithm; 56 57 // mechanism id 58 private long mechanism; 59 60 private TlsRsaPremasterSecretParameterSpec spec; 61 62 P11TlsRsaPremasterSecretGenerator(Token token, String algorithm, long mechanism) 63 throws PKCS11Exception { 64 super(); 65 this.token = token; 66 this.algorithm = algorithm; 67 this.mechanism = mechanism; 68 } 69 70 protected void engineInit(SecureRandom random) { 71 throw new InvalidParameterException(MSG); 72 } 73 74 protected void engineInit(AlgorithmParameterSpec params, 75 SecureRandom random) throws InvalidAlgorithmParameterException { 76 if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) { 77 throw new InvalidAlgorithmParameterException(MSG); 78 } 79 this.spec = (TlsRsaPremasterSecretParameterSpec)params; 80 } 81 82 protected void engineInit(int keysize, SecureRandom random) { 83 throw new InvalidParameterException(MSG); 84 } 85 86 // Only can be used in client side to generate TLS RSA premaster secret. 87 protected SecretKey engineGenerateKey() { 88 if (spec == null) { 89 throw new IllegalStateException 90 ("TlsRsaPremasterSecretGenerator must be initialized"); 91 } 92 93 CK_VERSION version = new CK_VERSION( 94 spec.getMajorVersion(), spec.getMinorVersion()); 95 Session session = null; 96 try { 97 session = token.getObjSession(); 98 CK_ATTRIBUTE[] attributes = token.getAttributes( 99 O_GENERATE, CKO_SECRET_KEY, 100 CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]); 101 long keyID = token.p11.C_GenerateKey(session.id(), 102 new CK_MECHANISM(mechanism, version), attributes); 103 SecretKey key = P11Key.secretKey(session, 104 keyID, "TlsRsaPremasterSecret", 48 << 3, attributes); 105 return key; 106 } catch (PKCS11Exception e) { 107 throw new ProviderException( 108 "Could not generate premaster secret", e); 109 } finally { 110 token.releaseSession(session); 111 } 112 } 113 114 }