< prev index next >

src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java

Print this page


   1 /*
   2  * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any


  45  * mac keys) from the master secret.
  46  *
  47  * @author  Andreas Sterbenz
  48  * @since   1.6
  49  */
  50 public final class P11TlsKeyMaterialGenerator extends KeyGeneratorSpi {
  51 
  52     private final static String MSG = "TlsKeyMaterialGenerator must be "
  53         + "initialized using a TlsKeyMaterialParameterSpec";
  54 
  55     // token instance
  56     private final Token token;
  57 
  58     // algorithm name
  59     private final String algorithm;
  60 
  61     // mechanism id
  62     private long mechanism;
  63 
  64     // parameter spec

  65     private TlsKeyMaterialParameterSpec spec;
  66 
  67     // master secret as a P11Key
  68     private P11Key p11Key;
  69 
  70     // version, e.g. 0x0301
  71     private int version;
  72 
  73     P11TlsKeyMaterialGenerator(Token token, String algorithm, long mechanism)
  74             throws PKCS11Exception {
  75         super();
  76         this.token = token;
  77         this.algorithm = algorithm;
  78         this.mechanism = mechanism;
  79     }
  80 
  81     protected void engineInit(SecureRandom random) {
  82         throw new InvalidParameterException(MSG);
  83     }
  84 

  85     protected void engineInit(AlgorithmParameterSpec params,
  86             SecureRandom random) throws InvalidAlgorithmParameterException {
  87         if (params instanceof TlsKeyMaterialParameterSpec == false) {
  88             throw new InvalidAlgorithmParameterException(MSG);
  89         }
  90         this.spec = (TlsKeyMaterialParameterSpec)params;
  91         try {
  92             p11Key = P11SecretKeyFactory.convertKey
  93                             (token, spec.getMasterSecret(), "TlsMasterSecret");
  94         } catch (InvalidKeyException e) {
  95             throw new InvalidAlgorithmParameterException("init() failed", e);
  96         }
  97         version = (spec.getMajorVersion() << 8) | spec.getMinorVersion();
  98         if ((version < 0x0300) && (version > 0x0302)) {
  99             throw new InvalidAlgorithmParameterException
 100                     ("Only SSL 3.0, TLS 1.0, and TLS 1.1 are supported");
 101         }
 102         // we assume the token supports both the CKM_SSL3_* and the CKM_TLS_*
 103         // mechanisms
 104     }
 105 
 106     protected void engineInit(int keysize, SecureRandom random) {
 107         throw new InvalidParameterException(MSG);
 108     }
 109 

 110     protected SecretKey engineGenerateKey() {
 111         if (spec == null) {
 112             throw new IllegalStateException
 113                 ("TlsKeyMaterialGenerator must be initialized");
 114         }
 115         mechanism = (version == 0x0300) ? CKM_SSL3_KEY_AND_MAC_DERIVE
 116                                          : CKM_TLS_KEY_AND_MAC_DERIVE;
 117         int macBits = spec.getMacKeyLength() << 3;
 118         int ivBits = spec.getIvLength() << 3;
 119 
 120         int expandedKeyBits = spec.getExpandedCipherKeyLength() << 3;
 121         int keyBits = spec.getCipherKeyLength() << 3;
 122         boolean isExportable;
 123         if (expandedKeyBits != 0) {
 124             isExportable = true;
 125         } else {
 126             isExportable = false;
 127             expandedKeyBits = keyBits;
 128         }
 129 


   1 /*
   2  * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any


  45  * mac keys) from the master secret.
  46  *
  47  * @author  Andreas Sterbenz
  48  * @since   1.6
  49  */
  50 public final class P11TlsKeyMaterialGenerator extends KeyGeneratorSpi {
  51 
  52     private final static String MSG = "TlsKeyMaterialGenerator must be "
  53         + "initialized using a TlsKeyMaterialParameterSpec";
  54 
  55     // token instance
  56     private final Token token;
  57 
  58     // algorithm name
  59     private final String algorithm;
  60 
  61     // mechanism id
  62     private long mechanism;
  63 
  64     // parameter spec
  65     @SuppressWarnings("deprecation")
  66     private TlsKeyMaterialParameterSpec spec;
  67 
  68     // master secret as a P11Key
  69     private P11Key p11Key;
  70 
  71     // version, e.g. 0x0301
  72     private int version;
  73 
  74     P11TlsKeyMaterialGenerator(Token token, String algorithm, long mechanism)
  75             throws PKCS11Exception {
  76         super();
  77         this.token = token;
  78         this.algorithm = algorithm;
  79         this.mechanism = mechanism;
  80     }
  81 
  82     protected void engineInit(SecureRandom random) {
  83         throw new InvalidParameterException(MSG);
  84     }
  85 
  86     @SuppressWarnings("deprecation")
  87     protected void engineInit(AlgorithmParameterSpec params,
  88             SecureRandom random) throws InvalidAlgorithmParameterException {
  89         if (params instanceof TlsKeyMaterialParameterSpec == false) {
  90             throw new InvalidAlgorithmParameterException(MSG);
  91         }
  92         this.spec = (TlsKeyMaterialParameterSpec)params;
  93         try {
  94             p11Key = P11SecretKeyFactory.convertKey
  95                             (token, spec.getMasterSecret(), "TlsMasterSecret");
  96         } catch (InvalidKeyException e) {
  97             throw new InvalidAlgorithmParameterException("init() failed", e);
  98         }
  99         version = (spec.getMajorVersion() << 8) | spec.getMinorVersion();
 100         if ((version < 0x0300) && (version > 0x0302)) {
 101             throw new InvalidAlgorithmParameterException
 102                     ("Only SSL 3.0, TLS 1.0, and TLS 1.1 are supported");
 103         }
 104         // we assume the token supports both the CKM_SSL3_* and the CKM_TLS_*
 105         // mechanisms
 106     }
 107 
 108     protected void engineInit(int keysize, SecureRandom random) {
 109         throw new InvalidParameterException(MSG);
 110     }
 111 
 112     @SuppressWarnings("deprecation")
 113     protected SecretKey engineGenerateKey() {
 114         if (spec == null) {
 115             throw new IllegalStateException
 116                 ("TlsKeyMaterialGenerator must be initialized");
 117         }
 118         mechanism = (version == 0x0300) ? CKM_SSL3_KEY_AND_MAC_DERIVE
 119                                          : CKM_TLS_KEY_AND_MAC_DERIVE;
 120         int macBits = spec.getMacKeyLength() << 3;
 121         int ivBits = spec.getIvLength() << 3;
 122 
 123         int expandedKeyBits = spec.getExpandedCipherKeyLength() << 3;
 124         int keyBits = spec.getCipherKeyLength() << 3;
 125         boolean isExportable;
 126         if (expandedKeyBits != 0) {
 127             isExportable = true;
 128         } else {
 129             isExportable = false;
 130             expandedKeyBits = keyBits;
 131         }
 132 


< prev index next >