< prev index next >
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11ECDHKeyAgreement.java
Print this page
@@ -128,13 +128,19 @@
};
CK_ECDH1_DERIVE_PARAMS ckParams =
new CK_ECDH1_DERIVE_PARAMS(CKD_NULL, null, publicValue);
attributes = token.getAttributes
(O_GENERATE, CKO_SECRET_KEY, CKK_GENERIC_SECRET, attributes);
- long keyID = token.p11.C_DeriveKey(session.id(),
+ privateKey.incNativeKeyRef();
+ long keyID;
+ try {
+ keyID = token.p11.C_DeriveKey(session.id(),
new CK_MECHANISM(mechanism, ckParams), privateKey.keyID,
attributes);
+ } finally {
+ privateKey.decNativeKeyRef();
+ }
attributes = new CK_ATTRIBUTE[] {
new CK_ATTRIBUTE(CKA_VALUE)
};
token.p11.C_GetAttributeValue(session.id(), keyID, attributes);
byte[] secret = attributes[0].getByteArray();
@@ -190,20 +196,26 @@
};
CK_ECDH1_DERIVE_PARAMS ckParams =
new CK_ECDH1_DERIVE_PARAMS(CKD_NULL, null, publicValue);
attributes = token.getAttributes
(O_GENERATE, CKO_SECRET_KEY, keyType, attributes);
- long keyID = token.p11.C_DeriveKey(session.id(),
+ privateKey.incNativeKeyRef();
+ long keyID;
+ try {
+ keyID = token.p11.C_DeriveKey(session.id(),
new CK_MECHANISM(mechanism, ckParams), privateKey.keyID,
attributes);
+ } finally {
+ privateKey.decNativeKeyRef();
+ }
CK_ATTRIBUTE[] lenAttributes = new CK_ATTRIBUTE[] {
new CK_ATTRIBUTE(CKA_VALUE_LEN),
};
token.p11.C_GetAttributeValue(session.id(), keyID, lenAttributes);
int keyLen = (int)lenAttributes[0].getLong();
SecretKey key = P11Key.secretKey
- (session, keyID, algorithm, keyLen << 3, attributes);
+ (session, keyID, algorithm, keyLen << 3, attributes, true);
return key;
} catch (PKCS11Exception e) {
throw new InvalidKeyException("Could not derive key", e);
} finally {
publicValue = null;
< prev index next >