113 publicValue = P11ECKeyFactory.getEncodedPublicValue(ecKey); 114 return null; 115 } 116 117 // see JCE spec 118 protected byte[] engineGenerateSecret() throws IllegalStateException { 119 if ((privateKey == null) || (publicValue == null)) { 120 throw new IllegalStateException("Not initialized correctly"); 121 } 122 Session session = null; 123 try { 124 session = token.getOpSession(); 125 CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { 126 new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY), 127 new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_GENERIC_SECRET), 128 }; 129 CK_ECDH1_DERIVE_PARAMS ckParams = 130 new CK_ECDH1_DERIVE_PARAMS(CKD_NULL, null, publicValue); 131 attributes = token.getAttributes 132 (O_GENERATE, CKO_SECRET_KEY, CKK_GENERIC_SECRET, attributes); 133 long keyID = token.p11.C_DeriveKey(session.id(), 134 new CK_MECHANISM(mechanism, ckParams), privateKey.keyID, 135 attributes); 136 attributes = new CK_ATTRIBUTE[] { 137 new CK_ATTRIBUTE(CKA_VALUE) 138 }; 139 token.p11.C_GetAttributeValue(session.id(), keyID, attributes); 140 byte[] secret = attributes[0].getByteArray(); 141 token.p11.C_DestroyObject(session.id(), keyID); 142 return secret; 143 } catch (PKCS11Exception e) { 144 throw new ProviderException("Could not derive key", e); 145 } finally { 146 publicValue = null; 147 token.releaseSession(session); 148 } 149 } 150 151 // see JCE spec 152 protected int engineGenerateSecret(byte[] sharedSecret, int 153 offset) throws IllegalStateException, ShortBufferException { 154 if (offset + secretLen > sharedSecret.length) { 155 throw new ShortBufferException("Need " + secretLen 175 } 176 177 private SecretKey nativeGenerateSecret(String algorithm) 178 throws IllegalStateException, NoSuchAlgorithmException, 179 InvalidKeyException { 180 if ((privateKey == null) || (publicValue == null)) { 181 throw new IllegalStateException("Not initialized correctly"); 182 } 183 long keyType = CKK_GENERIC_SECRET; 184 Session session = null; 185 try { 186 session = token.getObjSession(); 187 CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { 188 new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY), 189 new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType), 190 }; 191 CK_ECDH1_DERIVE_PARAMS ckParams = 192 new CK_ECDH1_DERIVE_PARAMS(CKD_NULL, null, publicValue); 193 attributes = token.getAttributes 194 (O_GENERATE, CKO_SECRET_KEY, keyType, attributes); 195 long keyID = token.p11.C_DeriveKey(session.id(), 196 new CK_MECHANISM(mechanism, ckParams), privateKey.keyID, 197 attributes); 198 CK_ATTRIBUTE[] lenAttributes = new CK_ATTRIBUTE[] { 199 new CK_ATTRIBUTE(CKA_VALUE_LEN), 200 }; 201 token.p11.C_GetAttributeValue(session.id(), keyID, lenAttributes); 202 int keyLen = (int)lenAttributes[0].getLong(); 203 SecretKey key = P11Key.secretKey 204 (session, keyID, algorithm, keyLen << 3, attributes); 205 return key; 206 } catch (PKCS11Exception e) { 207 throw new InvalidKeyException("Could not derive key", e); 208 } finally { 209 publicValue = null; 210 token.releaseSession(session); 211 } 212 } 213 214 } | 113 publicValue = P11ECKeyFactory.getEncodedPublicValue(ecKey); 114 return null; 115 } 116 117 // see JCE spec 118 protected byte[] engineGenerateSecret() throws IllegalStateException { 119 if ((privateKey == null) || (publicValue == null)) { 120 throw new IllegalStateException("Not initialized correctly"); 121 } 122 Session session = null; 123 try { 124 session = token.getOpSession(); 125 CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { 126 new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY), 127 new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_GENERIC_SECRET), 128 }; 129 CK_ECDH1_DERIVE_PARAMS ckParams = 130 new CK_ECDH1_DERIVE_PARAMS(CKD_NULL, null, publicValue); 131 attributes = token.getAttributes 132 (O_GENERATE, CKO_SECRET_KEY, CKK_GENERIC_SECRET, attributes); 133 privateKey.incNativeKeyRef(); 134 long keyID; 135 try { 136 keyID = token.p11.C_DeriveKey(session.id(), 137 new CK_MECHANISM(mechanism, ckParams), 138 privateKey.keyID, attributes); 139 } finally { 140 privateKey.decNativeKeyRef(); 141 } 142 attributes = new CK_ATTRIBUTE[] { 143 new CK_ATTRIBUTE(CKA_VALUE) 144 }; 145 token.p11.C_GetAttributeValue(session.id(), keyID, attributes); 146 byte[] secret = attributes[0].getByteArray(); 147 token.p11.C_DestroyObject(session.id(), keyID); 148 return secret; 149 } catch (PKCS11Exception e) { 150 throw new ProviderException("Could not derive key", e); 151 } finally { 152 publicValue = null; 153 token.releaseSession(session); 154 } 155 } 156 157 // see JCE spec 158 protected int engineGenerateSecret(byte[] sharedSecret, int 159 offset) throws IllegalStateException, ShortBufferException { 160 if (offset + secretLen > sharedSecret.length) { 161 throw new ShortBufferException("Need " + secretLen 181 } 182 183 private SecretKey nativeGenerateSecret(String algorithm) 184 throws IllegalStateException, NoSuchAlgorithmException, 185 InvalidKeyException { 186 if ((privateKey == null) || (publicValue == null)) { 187 throw new IllegalStateException("Not initialized correctly"); 188 } 189 long keyType = CKK_GENERIC_SECRET; 190 Session session = null; 191 try { 192 session = token.getObjSession(); 193 CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { 194 new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY), 195 new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType), 196 }; 197 CK_ECDH1_DERIVE_PARAMS ckParams = 198 new CK_ECDH1_DERIVE_PARAMS(CKD_NULL, null, publicValue); 199 attributes = token.getAttributes 200 (O_GENERATE, CKO_SECRET_KEY, keyType, attributes); 201 privateKey.incNativeKeyRef(); 202 long keyID; 203 try { 204 keyID = token.p11.C_DeriveKey(session.id(), 205 new CK_MECHANISM(mechanism, ckParams), 206 privateKey.keyID, attributes); 207 } finally { 208 privateKey.decNativeKeyRef(); 209 } 210 CK_ATTRIBUTE[] lenAttributes = new CK_ATTRIBUTE[] { 211 new CK_ATTRIBUTE(CKA_VALUE_LEN), 212 }; 213 token.p11.C_GetAttributeValue(session.id(), keyID, lenAttributes); 214 int keyLen = (int)lenAttributes[0].getLong(); 215 SecretKey key = P11Key.secretKey(session, keyID, algorithm, 216 keyLen << 3, attributes, true); 217 return key; 218 } catch (PKCS11Exception e) { 219 throw new InvalidKeyException("Could not derive key", e); 220 } finally { 221 publicValue = null; 222 token.releaseSession(session); 223 } 224 } 225 226 } |