116 public String getAlgorithm() {
117 return "Generic";
118 }
119 };
120
121 protected void engineInit(int keysize, SecureRandom random) {
122 throw new InvalidParameterException(MSG);
123 }
124
125 protected SecretKey engineGenerateKey() {
126 if (spec == null) {
127 throw new IllegalStateException("TlsPrfGenerator must be initialized");
128 }
129 byte[] label = P11Util.getBytesUTF8(spec.getLabel());
130 byte[] seed = spec.getSeed();
131
132 if (mechanism == CKM_NSS_TLS_PRF_GENERAL) {
133 Session session = null;
134 try {
135 session = token.getOpSession();
136 token.p11.C_SignInit
137 (session.id(), new CK_MECHANISM(mechanism), p11Key.keyID);
138 token.p11.C_SignUpdate(session.id(), 0, label, 0, label.length);
139 token.p11.C_SignUpdate(session.id(), 0, seed, 0, seed.length);
140 byte[] out = token.p11.C_SignFinal
141 (session.id(), spec.getOutputLength());
142 return new SecretKeySpec(out, "TlsPrf");
143 } catch (PKCS11Exception e) {
144 throw new ProviderException("Could not calculate PRF", e);
145 } finally {
146 token.releaseSession(session);
147 }
148 }
149
150 // mechanism == CKM_TLS_PRF
151
152 byte[] out = new byte[spec.getOutputLength()];
153 CK_TLS_PRF_PARAMS params = new CK_TLS_PRF_PARAMS(seed, label, out);
154
155 Session session = null;
156 try {
157 session = token.getOpSession();
158 long keyID = token.p11.C_DeriveKey(session.id(),
159 new CK_MECHANISM(mechanism, params), p11Key.keyID, null);
160 // ignore keyID, returned PRF bytes are in 'out'
161 return new SecretKeySpec(out, "TlsPrf");
162 } catch (PKCS11Exception e) {
163 throw new ProviderException("Could not calculate PRF", e);
164 } finally {
165 token.releaseSession(session);
166 }
167 }
168
169 }
|
116 public String getAlgorithm() {
117 return "Generic";
118 }
119 };
120
121 protected void engineInit(int keysize, SecureRandom random) {
122 throw new InvalidParameterException(MSG);
123 }
124
125 protected SecretKey engineGenerateKey() {
126 if (spec == null) {
127 throw new IllegalStateException("TlsPrfGenerator must be initialized");
128 }
129 byte[] label = P11Util.getBytesUTF8(spec.getLabel());
130 byte[] seed = spec.getSeed();
131
132 if (mechanism == CKM_NSS_TLS_PRF_GENERAL) {
133 Session session = null;
134 try {
135 session = token.getOpSession();
136 byte[] out;
137 p11Key.incNativeKeyRef();
138 try {
139 token.p11.C_SignInit
140 (session.id(), new CK_MECHANISM(mechanism), p11Key.keyID);
141 token.p11.C_SignUpdate(session.id(), 0, label, 0, label.length);
142 token.p11.C_SignUpdate(session.id(), 0, seed, 0, seed.length);
143 out = token.p11.C_SignFinal
144 (session.id(), spec.getOutputLength());
145 } finally {
146 p11Key.decNativeKeyRef();
147 }
148 return new SecretKeySpec(out, "TlsPrf");
149 } catch (PKCS11Exception e) {
150 throw new ProviderException("Could not calculate PRF", e);
151 } finally {
152 token.releaseSession(session);
153 }
154 }
155
156 // mechanism == CKM_TLS_PRF
157
158 byte[] out = new byte[spec.getOutputLength()];
159 CK_TLS_PRF_PARAMS params = new CK_TLS_PRF_PARAMS(seed, label, out);
160
161 Session session = null;
162 try {
163 session = token.getOpSession();
164 p11Key.incNativeKeyRef();
165 try {
166 token.p11.C_DeriveKey(session.id(),
167 new CK_MECHANISM(mechanism, params), p11Key.keyID, null);
168 } finally {
169 p11Key.decNativeKeyRef();
170 }
171 // ignore keyID, returned PRF bytes are in 'out'
172 return new SecretKeySpec(out, "TlsPrf");
173 } catch (PKCS11Exception e) {
174 throw new ProviderException("Could not calculate PRF", e);
175 } finally {
176 token.releaseSession(session);
177 }
178 }
179
180 }
|