21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.pkcs11;
27
28 import java.util.*;
29
30 import java.security.*;
31 import java.security.spec.AlgorithmParameterSpec;
32
33 import javax.crypto.*;
34 import javax.crypto.spec.*;
35
36 import sun.security.internal.spec.*;
37 import sun.security.internal.interfaces.TlsMasterSecret;
38
39 import static sun.security.pkcs11.TemplateManager.*;
40 import sun.security.pkcs11.wrapper.*;
41 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
42
43 /**
44 * KeyGenerator to calculate the SSL/TLS key material (cipher keys and ivs,
45 * mac keys) from the master secret.
46 *
47 * @author Andreas Sterbenz
48 * @since 1.6
49 */
50 public final class P11TlsKeyMaterialGenerator extends KeyGeneratorSpi {
51
52 private final static String MSG = "TlsKeyMaterialGenerator must be "
53 + "initialized using a TlsKeyMaterialParameterSpec";
54
55 // token instance
56 private final Token token;
57
58 // algorithm name
59 private final String algorithm;
60
61 // mechanism id
62 private long mechanism;
63
64 // parameter spec
65 @SuppressWarnings("deprecation")
66 private TlsKeyMaterialParameterSpec spec;
67
68 // master secret as a P11Key
69 private P11Key p11Key;
70
71 // whether SSLv3 is supported
72 private final boolean supportSSLv3;
73
74 P11TlsKeyMaterialGenerator(Token token, String algorithm, long mechanism)
75 throws PKCS11Exception {
76 super();
77 this.token = token;
78 this.algorithm = algorithm;
79 this.mechanism = mechanism;
80
81 // Given the current lookup order specified in SunPKCS11.java,
82 // if CKM_SSL3_KEY_AND_MAC_DERIVE is not used to construct this object,
83 // it means that this mech is disabled or unsupported.
84 this.supportSSLv3 = (mechanism == CKM_SSL3_KEY_AND_MAC_DERIVE);
85 }
86
87 protected void engineInit(SecureRandom random) {
88 throw new InvalidParameterException(MSG);
89 }
90
91 @SuppressWarnings("deprecation")
92 protected void engineInit(AlgorithmParameterSpec params,
93 SecureRandom random) throws InvalidAlgorithmParameterException {
94 if (params instanceof TlsKeyMaterialParameterSpec == false) {
95 throw new InvalidAlgorithmParameterException(MSG);
96 }
97
98 TlsKeyMaterialParameterSpec spec = (TlsKeyMaterialParameterSpec)params;
99 int version = (spec.getMajorVersion() << 8) | spec.getMinorVersion();
100
101 if ((version == 0x0300 && !supportSSLv3) || (version < 0x0300) ||
102 (version > 0x0302)) {
103 throw new InvalidAlgorithmParameterException
104 ("Only" + (supportSSLv3? " SSL 3.0,": "") +
105 " TLS 1.0, and TLS 1.1 are supported (0x" +
106 Integer.toHexString(version) + ")");
107 }
108 try {
109 p11Key = P11SecretKeyFactory.convertKey
110 (token, spec.getMasterSecret(), "TlsMasterSecret");
111 } catch (InvalidKeyException e) {
112 throw new InvalidAlgorithmParameterException("init() failed", e);
113 }
114 this.spec = spec;
115 this.mechanism = (version == 0x0300)?
116 CKM_SSL3_KEY_AND_MAC_DERIVE : CKM_TLS_KEY_AND_MAC_DERIVE;
117 }
118
119 protected void engineInit(int keysize, SecureRandom random) {
120 throw new InvalidParameterException(MSG);
121 }
122
123 @SuppressWarnings("deprecation")
124 protected SecretKey engineGenerateKey() {
125 if (spec == null) {
126 throw new IllegalStateException
127 ("TlsKeyMaterialGenerator must be initialized");
128 }
129 int macBits = spec.getMacKeyLength() << 3;
130 int ivBits = spec.getIvLength() << 3;
131
132 int expandedKeyBits = spec.getExpandedCipherKeyLength() << 3;
133 int keyBits = spec.getCipherKeyLength() << 3;
134 boolean isExportable;
135 if (expandedKeyBits != 0) {
136 isExportable = true;
137 } else {
138 isExportable = false;
139 expandedKeyBits = keyBits;
140 }
141
142 CK_SSL3_RANDOM_DATA random = new CK_SSL3_RANDOM_DATA
143 (spec.getClientRandom(), spec.getServerRandom());
144 CK_SSL3_KEY_MAT_PARAMS params = new CK_SSL3_KEY_MAT_PARAMS
145 (macBits, keyBits, ivBits, isExportable, random);
146
147 String cipherAlgorithm = spec.getCipherAlgorithm();
148 long keyType = P11SecretKeyFactory.getKeyType(cipherAlgorithm);
149 if (keyType < 0) {
150 if (keyBits != 0) {
151 throw new ProviderException
152 ("Unknown algorithm: " + spec.getCipherAlgorithm());
153 } else {
154 // NULL encryption ciphersuites
155 keyType = CKK_GENERIC_SECRET;
156 }
157 }
158
159 Session session = null;
160 try {
161 session = token.getObjSession();
162 CK_ATTRIBUTE[] attributes;
163 if (keyBits != 0) {
164 attributes = new CK_ATTRIBUTE[] {
165 new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),
166 new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType),
167 new CK_ATTRIBUTE(CKA_VALUE_LEN, expandedKeyBits >> 3),
168 };
169 } else {
170 // ciphersuites with NULL ciphers
171 attributes = new CK_ATTRIBUTE[0];
172 }
173 attributes = token.getAttributes
174 (O_GENERATE, CKO_SECRET_KEY, keyType, attributes);
175 // the returned keyID is a dummy, ignore
176 long keyID = token.p11.C_DeriveKey(session.id(),
177 new CK_MECHANISM(mechanism, params), p11Key.keyID, attributes);
178
179 CK_SSL3_KEY_MAT_OUT out = params.pReturnedKeyMaterial;
180 // Note that the MAC keys do not inherit all attributes from the
181 // template, but they do inherit the sensitive/extractable/token
182 // flags, which is all P11Key cares about.
183 SecretKey clientMacKey, serverMacKey;
184
185 // The MAC size may be zero for GCM mode.
186 //
187 // PKCS11 does not support GCM mode as the author made the comment,
188 // so the macBits is unlikely to be zero. It's only a place holder.
189 if (macBits != 0) {
190 clientMacKey = P11Key.secretKey
191 (session, out.hClientMacSecret, "MAC", macBits, attributes);
192 serverMacKey = P11Key.secretKey
193 (session, out.hServerMacSecret, "MAC", macBits, attributes);
194 } else {
195 clientMacKey = null;
196 serverMacKey = null;
197 }
198
199 SecretKey clientCipherKey, serverCipherKey;
|
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.pkcs11;
27
28 import java.util.*;
29
30 import java.security.*;
31 import java.security.spec.AlgorithmParameterSpec;
32
33 import javax.crypto.*;
34 import javax.crypto.spec.*;
35
36 import sun.security.internal.spec.*;
37 import sun.security.internal.interfaces.TlsMasterSecret;
38
39 import static sun.security.pkcs11.TemplateManager.*;
40 import sun.security.pkcs11.wrapper.*;
41 import sun.security.ssl.ProtocolVersion;
42
43 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
44
45 /**
46 * KeyGenerator to calculate the SSL/TLS key material (cipher keys and ivs,
47 * mac keys) from the master secret.
48 *
49 * @author Andreas Sterbenz
50 * @since 1.6
51 */
52 public final class P11TlsKeyMaterialGenerator extends KeyGeneratorSpi {
53
54 private final static String MSG = "TlsKeyMaterialGenerator must be "
55 + "initialized using a TlsKeyMaterialParameterSpec";
56
57 // token instance
58 private final Token token;
59
60 // algorithm name
61 private final String algorithm;
62
63 // mechanism id
64 private long mechanism;
65
66 private ProtocolVersion tlsVersion;
67
68 // parameter spec
69 @SuppressWarnings("deprecation")
70 private TlsKeyMaterialParameterSpec spec;
71
72 // master secret as a P11Key
73 private P11Key p11Key;
74
75 // whether SSLv3 is supported
76 private final boolean supportSSLv3;
77
78 P11TlsKeyMaterialGenerator(Token token, String algorithm, long mechanism)
79 throws PKCS11Exception {
80 super();
81 this.token = token;
82 this.algorithm = algorithm;
83 this.mechanism = mechanism;
84
85 // Given the current lookup order specified in SunPKCS11.java,
86 // if CKM_SSL3_KEY_AND_MAC_DERIVE is not used to construct this object,
87 // it means that this mech is disabled or unsupported.
88 this.supportSSLv3 = (mechanism == CKM_SSL3_KEY_AND_MAC_DERIVE);
89 }
90
91 protected void engineInit(SecureRandom random) {
92 throw new InvalidParameterException(MSG);
93 }
94
95 @SuppressWarnings("deprecation")
96 protected void engineInit(AlgorithmParameterSpec params,
97 SecureRandom random) throws InvalidAlgorithmParameterException {
98 if (params instanceof TlsKeyMaterialParameterSpec == false) {
99 throw new InvalidAlgorithmParameterException(MSG);
100 }
101
102 TlsKeyMaterialParameterSpec spec = (TlsKeyMaterialParameterSpec)params;
103 tlsVersion = ProtocolVersion.valueOf(spec.getMajorVersion(), spec.getMinorVersion());
104
105 if ((tlsVersion.compareTo(ProtocolVersion.SSL30) == 0 && !supportSSLv3) ||
106 (tlsVersion.compareTo(ProtocolVersion.SSL30) < 0) ||
107 (tlsVersion.compareTo(ProtocolVersion.TLS12) > 0)) {
108 throw new InvalidAlgorithmParameterException
109 ("Only" + (supportSSLv3? " SSL 3.0,": "") +
110 " TLS 1.0, TLS 1.1 and TLS 1.2 are supported (" +
111 tlsVersion + ")");
112 }
113 try {
114 p11Key = P11SecretKeyFactory.convertKey
115 (token, spec.getMasterSecret(), "TlsMasterSecret");
116 } catch (InvalidKeyException e) {
117 throw new InvalidAlgorithmParameterException("init() failed", e);
118 }
119 this.spec = spec;
120 if (tlsVersion.compareTo(ProtocolVersion.SSL30) == 0) {
121 mechanism = CKM_SSL3_KEY_AND_MAC_DERIVE;
122 } else if (tlsVersion.compareTo(ProtocolVersion.TLS10) == 0 ||
123 tlsVersion.compareTo(ProtocolVersion.TLS11) == 0) {
124 mechanism = CKM_TLS_KEY_AND_MAC_DERIVE;
125 } else if (tlsVersion.compareTo(ProtocolVersion.TLS12) == 0) {
126 mechanism = CKM_TLS12_KEY_AND_MAC_DERIVE;
127 }
128 }
129
130 protected void engineInit(int keysize, SecureRandom random) {
131 throw new InvalidParameterException(MSG);
132 }
133
134 @SuppressWarnings("deprecation")
135 protected SecretKey engineGenerateKey() {
136 if (spec == null) {
137 throw new IllegalStateException
138 ("TlsKeyMaterialGenerator must be initialized");
139 }
140 int macBits = spec.getMacKeyLength() << 3;
141 int ivBits = spec.getIvLength() << 3;
142
143 int expandedKeyBits = spec.getExpandedCipherKeyLength() << 3;
144 int keyBits = spec.getCipherKeyLength() << 3;
145 boolean isExportable;
146 if (expandedKeyBits != 0) {
147 isExportable = true;
148 } else {
149 isExportable = false;
150 expandedKeyBits = keyBits;
151 }
152
153 CK_SSL3_RANDOM_DATA random = new CK_SSL3_RANDOM_DATA
154 (spec.getClientRandom(), spec.getServerRandom());
155 Object params = null;
156 CK_MECHANISM ckMechanism = null;
157 if (tlsVersion.compareTo(ProtocolVersion.TLS12) < 0) {
158 params = new CK_SSL3_KEY_MAT_PARAMS
159 (macBits, keyBits, ivBits, isExportable, random);
160 ckMechanism = new CK_MECHANISM(mechanism, (CK_SSL3_KEY_MAT_PARAMS)params);
161 } else if (tlsVersion.compareTo(ProtocolVersion.TLS12) == 0) {
162 params = new CK_TLS12_KEY_MAT_PARAMS
163 (macBits, keyBits, ivBits, isExportable, random,
164 SunPKCS11.hashAlgorithmToHashMechanismMap.get(spec.getPRFHashAlg()));
165 ckMechanism = new CK_MECHANISM(mechanism, (CK_TLS12_KEY_MAT_PARAMS)params);
166 }
167
168 String cipherAlgorithm = spec.getCipherAlgorithm();
169 long keyType = P11SecretKeyFactory.getKeyType(cipherAlgorithm);
170 if (keyType < 0) {
171 if (keyBits != 0) {
172 throw new ProviderException
173 ("Unknown algorithm: " + spec.getCipherAlgorithm());
174 } else {
175 // NULL encryption ciphersuites
176 keyType = CKK_GENERIC_SECRET;
177 }
178 }
179
180 Session session = null;
181 try {
182 session = token.getObjSession();
183 CK_ATTRIBUTE[] attributes;
184 if (keyBits != 0) {
185 attributes = new CK_ATTRIBUTE[] {
186 new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),
187 new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType),
188 new CK_ATTRIBUTE(CKA_VALUE_LEN, expandedKeyBits >> 3),
189 };
190 } else {
191 // ciphersuites with NULL ciphers
192 attributes = new CK_ATTRIBUTE[0];
193 }
194 attributes = token.getAttributes
195 (O_GENERATE, CKO_SECRET_KEY, keyType, attributes);
196 // the returned keyID is a dummy, ignore
197 token.p11.C_DeriveKey(session.id(),
198 ckMechanism, p11Key.keyID, attributes);
199
200
201 CK_SSL3_KEY_MAT_OUT out = null;
202 if (params instanceof CK_SSL3_KEY_MAT_PARAMS) {
203 out = ((CK_SSL3_KEY_MAT_PARAMS)params).pReturnedKeyMaterial;
204 } else if (params instanceof CK_TLS12_KEY_MAT_PARAMS) {
205 out = ((CK_TLS12_KEY_MAT_PARAMS)params).pReturnedKeyMaterial;
206 }
207 // Note that the MAC keys do not inherit all attributes from the
208 // template, but they do inherit the sensitive/extractable/token
209 // flags, which is all P11Key cares about.
210 SecretKey clientMacKey, serverMacKey;
211
212 // The MAC size may be zero for GCM mode.
213 //
214 // PKCS11 does not support GCM mode as the author made the comment,
215 // so the macBits is unlikely to be zero. It's only a place holder.
216 if (macBits != 0) {
217 clientMacKey = P11Key.secretKey
218 (session, out.hClientMacSecret, "MAC", macBits, attributes);
219 serverMacKey = P11Key.secretKey
220 (session, out.hServerMacSecret, "MAC", macBits, attributes);
221 } else {
222 clientMacKey = null;
223 serverMacKey = null;
224 }
225
226 SecretKey clientCipherKey, serverCipherKey;
|