1 /* 2 * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.pkcs11; 27 28 import java.security.*; 29 import java.security.spec.AlgorithmParameterSpec; 30 31 import javax.crypto.*; 32 import javax.crypto.spec.*; 33 34 import sun.security.internal.spec.TlsMasterSecretParameterSpec; 35 36 import static sun.security.pkcs11.TemplateManager.*; 37 import sun.security.pkcs11.wrapper.*; 38 import static sun.security.pkcs11.wrapper.PKCS11Constants.*; 39 40 /** 41 * KeyGenerator for the SSL/TLS master secret. 42 * 43 * @author Andreas Sterbenz 44 * @since 1.6 45 */ 46 public final class P11TlsMasterSecretGenerator extends KeyGeneratorSpi { 47 48 private final static String MSG = "TlsMasterSecretGenerator must be " 49 + "initialized using a TlsMasterSecretParameterSpec"; 50 51 // token instance 52 private final Token token; 53 54 // algorithm name 55 private final String algorithm; 56 57 // mechanism id 58 private long mechanism; 59 60 @SuppressWarnings("deprecation") 61 private TlsMasterSecretParameterSpec spec; 62 private P11Key p11Key; 63 64 int version; 65 66 P11TlsMasterSecretGenerator(Token token, String algorithm, long mechanism) 67 throws PKCS11Exception { 68 super(); 69 this.token = token; 70 this.algorithm = algorithm; 71 this.mechanism = mechanism; 72 } 73 74 protected void engineInit(SecureRandom random) { 75 throw new InvalidParameterException(MSG); 76 } 77 78 @SuppressWarnings("deprecation") 79 protected void engineInit(AlgorithmParameterSpec params, 80 SecureRandom random) throws InvalidAlgorithmParameterException { 81 if (params instanceof TlsMasterSecretParameterSpec == false) { 82 throw new InvalidAlgorithmParameterException(MSG); 83 } 84 this.spec = (TlsMasterSecretParameterSpec)params; 85 SecretKey key = spec.getPremasterSecret(); 86 // algorithm should be either TlsRsaPremasterSecret or TlsPremasterSecret, 87 // but we omit the check 88 try { 89 p11Key = P11SecretKeyFactory.convertKey(token, key, null); 90 } catch (InvalidKeyException e) { 91 throw new InvalidAlgorithmParameterException("init() failed", e); 92 } 93 version = (spec.getMajorVersion() << 8) | spec.getMinorVersion(); 94 if ((version < 0x0300) || (version > 0x0302)) { 95 throw new InvalidAlgorithmParameterException 96 ("Only SSL 3.0, TLS 1.0, and TLS 1.1 supported"); 97 } 98 // We assume the token supports the required mechanism. If it does not, 99 // generateKey() will fail and the failover should take care of us. 100 } 101 102 protected void engineInit(int keysize, SecureRandom random) { 103 throw new InvalidParameterException(MSG); 104 } 105 106 protected SecretKey engineGenerateKey() { 107 if (spec == null) { 108 throw new IllegalStateException 109 ("TlsMasterSecretGenerator must be initialized"); 110 } 111 CK_VERSION ckVersion; 112 if (p11Key.getAlgorithm().equals("TlsRsaPremasterSecret")) { 113 mechanism = (version == 0x0300) ? CKM_SSL3_MASTER_KEY_DERIVE 114 : CKM_TLS_MASTER_KEY_DERIVE; 115 ckVersion = new CK_VERSION(0, 0); 116 } else { 117 // Note: we use DH for all non-RSA premaster secrets. That includes 118 // Kerberos. That should not be a problem because master secret 119 // calculation is always a straightforward application of the 120 // TLS PRF (or the SSL equivalent). 121 // The only thing special about RSA master secret calculation is 122 // that it extracts the version numbers from the premaster secret. 123 mechanism = (version == 0x0300) ? CKM_SSL3_MASTER_KEY_DERIVE_DH 124 : CKM_TLS_MASTER_KEY_DERIVE_DH; 125 ckVersion = null; 126 } 127 byte[] clientRandom = spec.getClientRandom(); 128 byte[] serverRandom = spec.getServerRandom(); 129 CK_SSL3_RANDOM_DATA random = 130 new CK_SSL3_RANDOM_DATA(clientRandom, serverRandom); 131 CK_SSL3_MASTER_KEY_DERIVE_PARAMS params = 132 new CK_SSL3_MASTER_KEY_DERIVE_PARAMS(random, ckVersion); 133 134 Session session = null; 135 try { 136 session = token.getObjSession(); 137 CK_ATTRIBUTE[] attributes = token.getAttributes(O_GENERATE, 138 CKO_SECRET_KEY, CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]); 139 long keyID = token.p11.C_DeriveKey(session.id(), 140 new CK_MECHANISM(mechanism, params), p11Key.keyID, attributes); 141 int major, minor; 142 ckVersion = params.pVersion; 143 if (ckVersion == null) { 144 major = -1; 145 minor = -1; 146 } else { 147 major = ckVersion.major; 148 minor = ckVersion.minor; 149 } 150 SecretKey key = P11Key.masterSecretKey(session, keyID, 151 "TlsMasterSecret", 48 << 3, attributes, major, minor); 152 return key; 153 } catch (Exception e) { 154 throw new ProviderException("Could not generate key", e); 155 } finally { 156 token.releaseSession(session); 157 } 158 } 159 160 }