116 public String getAlgorithm() { 117 return "Generic"; 118 } 119 }; 120 121 protected void engineInit(int keysize, SecureRandom random) { 122 throw new InvalidParameterException(MSG); 123 } 124 125 protected SecretKey engineGenerateKey() { 126 if (spec == null) { 127 throw new IllegalStateException("TlsPrfGenerator must be initialized"); 128 } 129 byte[] label = P11Util.getBytesUTF8(spec.getLabel()); 130 byte[] seed = spec.getSeed(); 131 132 if (mechanism == CKM_NSS_TLS_PRF_GENERAL) { 133 Session session = null; 134 try { 135 session = token.getOpSession(); 136 token.p11.C_SignInit 137 (session.id(), new CK_MECHANISM(mechanism), p11Key.keyID); 138 token.p11.C_SignUpdate(session.id(), 0, label, 0, label.length); 139 token.p11.C_SignUpdate(session.id(), 0, seed, 0, seed.length); 140 byte[] out = token.p11.C_SignFinal 141 (session.id(), spec.getOutputLength()); 142 return new SecretKeySpec(out, "TlsPrf"); 143 } catch (PKCS11Exception e) { 144 throw new ProviderException("Could not calculate PRF", e); 145 } finally { 146 token.releaseSession(session); 147 } 148 } 149 150 // mechanism == CKM_TLS_PRF 151 152 byte[] out = new byte[spec.getOutputLength()]; 153 CK_TLS_PRF_PARAMS params = new CK_TLS_PRF_PARAMS(seed, label, out); 154 155 Session session = null; 156 try { 157 session = token.getOpSession(); 158 long keyID = token.p11.C_DeriveKey(session.id(), 159 new CK_MECHANISM(mechanism, params), p11Key.keyID, null); 160 // ignore keyID, returned PRF bytes are in 'out' 161 return new SecretKeySpec(out, "TlsPrf"); 162 } catch (PKCS11Exception e) { 163 throw new ProviderException("Could not calculate PRF", e); 164 } finally { 165 token.releaseSession(session); 166 } 167 } 168 169 } | 116 public String getAlgorithm() { 117 return "Generic"; 118 } 119 }; 120 121 protected void engineInit(int keysize, SecureRandom random) { 122 throw new InvalidParameterException(MSG); 123 } 124 125 protected SecretKey engineGenerateKey() { 126 if (spec == null) { 127 throw new IllegalStateException("TlsPrfGenerator must be initialized"); 128 } 129 byte[] label = P11Util.getBytesUTF8(spec.getLabel()); 130 byte[] seed = spec.getSeed(); 131 132 if (mechanism == CKM_NSS_TLS_PRF_GENERAL) { 133 Session session = null; 134 try { 135 session = token.getOpSession(); 136 byte[] out; 137 p11Key.incNativeKeyRef(); 138 try { 139 token.p11.C_SignInit(session.id(), 140 new CK_MECHANISM(mechanism), p11Key.keyID); 141 token.p11.C_SignUpdate(session.id(), 0, label, 0, 142 label.length); 143 token.p11.C_SignUpdate(session.id(), 0, seed, 0, 144 seed.length); 145 out = token.p11.C_SignFinal 146 (session.id(), spec.getOutputLength()); 147 } finally { 148 p11Key.decNativeKeyRef(); 149 } 150 return new SecretKeySpec(out, "TlsPrf"); 151 } catch (PKCS11Exception e) { 152 throw new ProviderException("Could not calculate PRF", e); 153 } finally { 154 token.releaseSession(session); 155 } 156 } 157 158 // mechanism == CKM_TLS_PRF 159 160 byte[] out = new byte[spec.getOutputLength()]; 161 CK_TLS_PRF_PARAMS params = new CK_TLS_PRF_PARAMS(seed, label, out); 162 163 Session session = null; 164 try { 165 session = token.getOpSession(); 166 p11Key.incNativeKeyRef(); 167 try { 168 token.p11.C_DeriveKey(session.id(), 169 new CK_MECHANISM(mechanism, params), 170 p11Key.keyID, null); 171 } finally { 172 p11Key.decNativeKeyRef(); 173 } 174 // ignore keyID, returned PRF bytes are in 'out' 175 return new SecretKeySpec(out, "TlsPrf"); 176 } catch (PKCS11Exception e) { 177 throw new ProviderException("Could not calculate PRF", e); 178 } finally { 179 token.releaseSession(session); 180 } 181 } 182 183 } |