< prev index next >

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11ECDHKeyAgreement.java

Print this page

        

@@ -128,13 +128,19 @@
             };
             CK_ECDH1_DERIVE_PARAMS ckParams =
                     new CK_ECDH1_DERIVE_PARAMS(CKD_NULL, null, publicValue);
             attributes = token.getAttributes
                 (O_GENERATE, CKO_SECRET_KEY, CKK_GENERIC_SECRET, attributes);
-            long keyID = token.p11.C_DeriveKey(session.id(),
+            privateKey.incNativeKeyRef();
+            long keyID;
+            try {
+                keyID = token.p11.C_DeriveKey(session.id(),
                 new CK_MECHANISM(mechanism, ckParams), privateKey.keyID,
                 attributes);
+            } finally {
+                privateKey.decNativeKeyRef();
+            }
             attributes = new CK_ATTRIBUTE[] {
                 new CK_ATTRIBUTE(CKA_VALUE)
             };
             token.p11.C_GetAttributeValue(session.id(), keyID, attributes);
             byte[] secret = attributes[0].getByteArray();

@@ -190,20 +196,26 @@
             };
             CK_ECDH1_DERIVE_PARAMS ckParams =
                     new CK_ECDH1_DERIVE_PARAMS(CKD_NULL, null, publicValue);
             attributes = token.getAttributes
                 (O_GENERATE, CKO_SECRET_KEY, keyType, attributes);
-            long keyID = token.p11.C_DeriveKey(session.id(),
+            privateKey.incNativeKeyRef();
+            long keyID;
+            try {
+                keyID = token.p11.C_DeriveKey(session.id(),
                 new CK_MECHANISM(mechanism, ckParams), privateKey.keyID,
                 attributes);
+            } finally {
+                privateKey.decNativeKeyRef();
+            }
             CK_ATTRIBUTE[] lenAttributes = new CK_ATTRIBUTE[] {
                 new CK_ATTRIBUTE(CKA_VALUE_LEN),
             };
             token.p11.C_GetAttributeValue(session.id(), keyID, lenAttributes);
             int keyLen = (int)lenAttributes[0].getLong();
             SecretKey key = P11Key.secretKey
-                        (session, keyID, algorithm, keyLen << 3, attributes);
+                        (session, keyID, algorithm, keyLen << 3, attributes, true);
             return key;
         } catch (PKCS11Exception e) {
             throw new InvalidKeyException("Could not derive key", e);
         } finally {
             publicValue = null;
< prev index next >