113 publicValue = P11ECKeyFactory.getEncodedPublicValue(ecKey);
114 return null;
115 }
116
117 // see JCE spec
118 protected byte[] engineGenerateSecret() throws IllegalStateException {
119 if ((privateKey == null) || (publicValue == null)) {
120 throw new IllegalStateException("Not initialized correctly");
121 }
122 Session session = null;
123 try {
124 session = token.getOpSession();
125 CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
126 new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),
127 new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_GENERIC_SECRET),
128 };
129 CK_ECDH1_DERIVE_PARAMS ckParams =
130 new CK_ECDH1_DERIVE_PARAMS(CKD_NULL, null, publicValue);
131 attributes = token.getAttributes
132 (O_GENERATE, CKO_SECRET_KEY, CKK_GENERIC_SECRET, attributes);
133 long keyID = token.p11.C_DeriveKey(session.id(),
134 new CK_MECHANISM(mechanism, ckParams), privateKey.keyID,
135 attributes);
136 attributes = new CK_ATTRIBUTE[] {
137 new CK_ATTRIBUTE(CKA_VALUE)
138 };
139 token.p11.C_GetAttributeValue(session.id(), keyID, attributes);
140 byte[] secret = attributes[0].getByteArray();
141 token.p11.C_DestroyObject(session.id(), keyID);
142 return secret;
143 } catch (PKCS11Exception e) {
144 throw new ProviderException("Could not derive key", e);
145 } finally {
146 publicValue = null;
147 token.releaseSession(session);
148 }
149 }
150
151 // see JCE spec
152 protected int engineGenerateSecret(byte[] sharedSecret, int
153 offset) throws IllegalStateException, ShortBufferException {
154 if (offset + secretLen > sharedSecret.length) {
155 throw new ShortBufferException("Need " + secretLen
175 }
176
177 private SecretKey nativeGenerateSecret(String algorithm)
178 throws IllegalStateException, NoSuchAlgorithmException,
179 InvalidKeyException {
180 if ((privateKey == null) || (publicValue == null)) {
181 throw new IllegalStateException("Not initialized correctly");
182 }
183 long keyType = CKK_GENERIC_SECRET;
184 Session session = null;
185 try {
186 session = token.getObjSession();
187 CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
188 new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),
189 new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType),
190 };
191 CK_ECDH1_DERIVE_PARAMS ckParams =
192 new CK_ECDH1_DERIVE_PARAMS(CKD_NULL, null, publicValue);
193 attributes = token.getAttributes
194 (O_GENERATE, CKO_SECRET_KEY, keyType, attributes);
195 long keyID = token.p11.C_DeriveKey(session.id(),
196 new CK_MECHANISM(mechanism, ckParams), privateKey.keyID,
197 attributes);
198 CK_ATTRIBUTE[] lenAttributes = new CK_ATTRIBUTE[] {
199 new CK_ATTRIBUTE(CKA_VALUE_LEN),
200 };
201 token.p11.C_GetAttributeValue(session.id(), keyID, lenAttributes);
202 int keyLen = (int)lenAttributes[0].getLong();
203 SecretKey key = P11Key.secretKey
204 (session, keyID, algorithm, keyLen << 3, attributes);
205 return key;
206 } catch (PKCS11Exception e) {
207 throw new InvalidKeyException("Could not derive key", e);
208 } finally {
209 publicValue = null;
210 token.releaseSession(session);
211 }
212 }
213
214 }
|
113 publicValue = P11ECKeyFactory.getEncodedPublicValue(ecKey);
114 return null;
115 }
116
117 // see JCE spec
118 protected byte[] engineGenerateSecret() throws IllegalStateException {
119 if ((privateKey == null) || (publicValue == null)) {
120 throw new IllegalStateException("Not initialized correctly");
121 }
122 Session session = null;
123 try {
124 session = token.getOpSession();
125 CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
126 new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),
127 new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_GENERIC_SECRET),
128 };
129 CK_ECDH1_DERIVE_PARAMS ckParams =
130 new CK_ECDH1_DERIVE_PARAMS(CKD_NULL, null, publicValue);
131 attributes = token.getAttributes
132 (O_GENERATE, CKO_SECRET_KEY, CKK_GENERIC_SECRET, attributes);
133 privateKey.incNativeKeyRef();
134 long keyID;
135 try {
136 keyID = token.p11.C_DeriveKey(session.id(),
137 new CK_MECHANISM(mechanism, ckParams), privateKey.keyID,
138 attributes);
139 } finally {
140 privateKey.decNativeKeyRef();
141 }
142 attributes = new CK_ATTRIBUTE[] {
143 new CK_ATTRIBUTE(CKA_VALUE)
144 };
145 token.p11.C_GetAttributeValue(session.id(), keyID, attributes);
146 byte[] secret = attributes[0].getByteArray();
147 token.p11.C_DestroyObject(session.id(), keyID);
148 return secret;
149 } catch (PKCS11Exception e) {
150 throw new ProviderException("Could not derive key", e);
151 } finally {
152 publicValue = null;
153 token.releaseSession(session);
154 }
155 }
156
157 // see JCE spec
158 protected int engineGenerateSecret(byte[] sharedSecret, int
159 offset) throws IllegalStateException, ShortBufferException {
160 if (offset + secretLen > sharedSecret.length) {
161 throw new ShortBufferException("Need " + secretLen
181 }
182
183 private SecretKey nativeGenerateSecret(String algorithm)
184 throws IllegalStateException, NoSuchAlgorithmException,
185 InvalidKeyException {
186 if ((privateKey == null) || (publicValue == null)) {
187 throw new IllegalStateException("Not initialized correctly");
188 }
189 long keyType = CKK_GENERIC_SECRET;
190 Session session = null;
191 try {
192 session = token.getObjSession();
193 CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
194 new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),
195 new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType),
196 };
197 CK_ECDH1_DERIVE_PARAMS ckParams =
198 new CK_ECDH1_DERIVE_PARAMS(CKD_NULL, null, publicValue);
199 attributes = token.getAttributes
200 (O_GENERATE, CKO_SECRET_KEY, keyType, attributes);
201 privateKey.incNativeKeyRef();
202 long keyID;
203 try {
204 keyID = token.p11.C_DeriveKey(session.id(),
205 new CK_MECHANISM(mechanism, ckParams), privateKey.keyID,
206 attributes);
207 } finally {
208 privateKey.decNativeKeyRef();
209 }
210 CK_ATTRIBUTE[] lenAttributes = new CK_ATTRIBUTE[] {
211 new CK_ATTRIBUTE(CKA_VALUE_LEN),
212 };
213 token.p11.C_GetAttributeValue(session.id(), keyID, lenAttributes);
214 int keyLen = (int)lenAttributes[0].getLong();
215 SecretKey key = P11Key.secretKey
216 (session, keyID, algorithm, keyLen << 3, attributes, true);
217 return key;
218 } catch (PKCS11Exception e) {
219 throw new InvalidKeyException("Could not derive key", e);
220 } finally {
221 publicValue = null;
222 token.releaseSession(session);
223 }
224 }
225
226 }
|