116 public String getAlgorithm() { 117 return "Generic"; 118 } 119 }; 120 121 protected void engineInit(int keysize, SecureRandom random) { 122 throw new InvalidParameterException(MSG); 123 } 124 125 protected SecretKey engineGenerateKey() { 126 if (spec == null) { 127 throw new IllegalStateException("TlsPrfGenerator must be initialized"); 128 } 129 byte[] label = P11Util.getBytesUTF8(spec.getLabel()); 130 byte[] seed = spec.getSeed(); 131 132 if (mechanism == CKM_NSS_TLS_PRF_GENERAL) { 133 Session session = null; 134 try { 135 session = token.getOpSession(); 136 token.p11.C_SignInit 137 (session.id(), new CK_MECHANISM(mechanism), p11Key.keyID); 138 token.p11.C_SignUpdate(session.id(), 0, label, 0, label.length); 139 token.p11.C_SignUpdate(session.id(), 0, seed, 0, seed.length); 140 byte[] out = token.p11.C_SignFinal 141 (session.id(), spec.getOutputLength()); 142 return new SecretKeySpec(out, "TlsPrf"); 143 } catch (PKCS11Exception e) { 144 throw new ProviderException("Could not calculate PRF", e); 145 } finally { 146 token.releaseSession(session); 147 } 148 } 149 150 // mechanism == CKM_TLS_PRF 151 152 byte[] out = new byte[spec.getOutputLength()]; 153 CK_TLS_PRF_PARAMS params = new CK_TLS_PRF_PARAMS(seed, label, out); 154 155 Session session = null; 156 try { 157 session = token.getOpSession(); 158 long keyID = token.p11.C_DeriveKey(session.id(), 159 new CK_MECHANISM(mechanism, params), p11Key.keyID, null); 160 // ignore keyID, returned PRF bytes are in 'out' 161 return new SecretKeySpec(out, "TlsPrf"); 162 } catch (PKCS11Exception e) { 163 throw new ProviderException("Could not calculate PRF", e); 164 } finally { 165 token.releaseSession(session); 166 } 167 } 168 169 } | 116 public String getAlgorithm() { 117 return "Generic"; 118 } 119 }; 120 121 protected void engineInit(int keysize, SecureRandom random) { 122 throw new InvalidParameterException(MSG); 123 } 124 125 protected SecretKey engineGenerateKey() { 126 if (spec == null) { 127 throw new IllegalStateException("TlsPrfGenerator must be initialized"); 128 } 129 byte[] label = P11Util.getBytesUTF8(spec.getLabel()); 130 byte[] seed = spec.getSeed(); 131 132 if (mechanism == CKM_NSS_TLS_PRF_GENERAL) { 133 Session session = null; 134 try { 135 session = token.getOpSession(); 136 byte[] out; 137 p11Key.incNativeKeyRef(); 138 try { 139 token.p11.C_SignInit 140 (session.id(), new CK_MECHANISM(mechanism), p11Key.keyID); 141 token.p11.C_SignUpdate(session.id(), 0, label, 0, label.length); 142 token.p11.C_SignUpdate(session.id(), 0, seed, 0, seed.length); 143 out = token.p11.C_SignFinal 144 (session.id(), spec.getOutputLength()); 145 } finally { 146 p11Key.decNativeKeyRef(); 147 } 148 return new SecretKeySpec(out, "TlsPrf"); 149 } catch (PKCS11Exception e) { 150 throw new ProviderException("Could not calculate PRF", e); 151 } finally { 152 token.releaseSession(session); 153 } 154 } 155 156 // mechanism == CKM_TLS_PRF 157 158 byte[] out = new byte[spec.getOutputLength()]; 159 CK_TLS_PRF_PARAMS params = new CK_TLS_PRF_PARAMS(seed, label, out); 160 161 Session session = null; 162 try { 163 session = token.getOpSession(); 164 p11Key.incNativeKeyRef(); 165 try { 166 token.p11.C_DeriveKey(session.id(), 167 new CK_MECHANISM(mechanism, params), p11Key.keyID, null); 168 } finally { 169 p11Key.decNativeKeyRef(); 170 } 171 // ignore keyID, returned PRF bytes are in 'out' 172 return new SecretKeySpec(out, "TlsPrf"); 173 } catch (PKCS11Exception e) { 174 throw new ProviderException("Could not calculate PRF", e); 175 } finally { 176 token.releaseSession(session); 177 } 178 } 179 180 } |