1 /*
2 * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.pkcs11;
27
28 import java.security.*;
29 import java.security.spec.AlgorithmParameterSpec;
30
31 import javax.crypto.*;
32 import javax.crypto.spec.*;
33
34 import sun.security.internal.spec.TlsPrfParameterSpec;
35
36 import static sun.security.pkcs11.TemplateManager.*;
37 import sun.security.pkcs11.wrapper.*;
38 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
39
40 /**
41 * KeyGenerator for the TLS PRF. Note that although the PRF is used in a number
42 * of places during the handshake, this class is usually only used to calculate
43 * the Finished messages. The reason is that for those other uses more specific
44 * PKCS#11 mechanisms have been defined (CKM_SSL3_MASTER_KEY_DERIVE, etc.).
45 *
46 * <p>This class supports the CKM_TLS_PRF mechanism from PKCS#11 v2.20 and
47 * the older NSS private mechanism.
48 *
49 * @author Andreas Sterbenz
50 * @since 1.6
51 */
52 final class P11TlsPrfGenerator extends KeyGeneratorSpi {
53
54 private final static String MSG =
55 "TlsPrfGenerator must be initialized using a TlsPrfParameterSpec";
56
57 // token instance
58 private final Token token;
59
60 // algorithm name
61 private final String algorithm;
62
63 // mechanism id
64 private final long mechanism;
65
66 @SuppressWarnings("deprecation")
67 private TlsPrfParameterSpec spec;
68
69 private P11Key p11Key;
70
71 P11TlsPrfGenerator(Token token, String algorithm, long mechanism)
72 throws PKCS11Exception {
73 super();
74 this.token = token;
75 this.algorithm = algorithm;
76 this.mechanism = mechanism;
77 }
78
79 protected void engineInit(SecureRandom random) {
80 throw new InvalidParameterException(MSG);
81 }
82
83 @SuppressWarnings("deprecation")
84 protected void engineInit(AlgorithmParameterSpec params,
85 SecureRandom random) throws InvalidAlgorithmParameterException {
86 if (params instanceof TlsPrfParameterSpec == false) {
87 throw new InvalidAlgorithmParameterException(MSG);
88 }
89 this.spec = (TlsPrfParameterSpec)params;
90 SecretKey key = spec.getSecret();
91 if (key == null) {
92 key = NULL_KEY;
93 }
94 try {
95 p11Key = P11SecretKeyFactory.convertKey(token, key, null);
96 } catch (InvalidKeyException e) {
97 throw new InvalidAlgorithmParameterException("init() failed", e);
98 }
99 }
100
101 // SecretKeySpec does not allow zero length keys, so we define our
102 // own class.
103 //
104 // As an anonymous class cannot make any guarantees about serialization
105 // compatibility, it is nonsensical for an anonymous class to define a
106 // serialVersionUID. Suppress warnings relative to missing serialVersionUID
107 // field in the anonymous subclass of serializable SecretKey.
108 @SuppressWarnings("serial")
109 private static final SecretKey NULL_KEY = new SecretKey() {
110 public byte[] getEncoded() {
111 return new byte[0];
112 }
113 public String getFormat() {
114 return "RAW";
115 }
116 public String getAlgorithm() {
117 return "Generic";
118 }
119 };
120
121 protected void engineInit(int keysize, SecureRandom random) {
122 throw new InvalidParameterException(MSG);
123 }
124
125 protected SecretKey engineGenerateKey() {
126 if (spec == null) {
127 throw new IllegalStateException("TlsPrfGenerator must be initialized");
128 }
129 byte[] label = P11Util.getBytesUTF8(spec.getLabel());
130 byte[] seed = spec.getSeed();
131
132 if (mechanism == CKM_NSS_TLS_PRF_GENERAL) {
133 Session session = null;
134 try {
135 session = token.getOpSession();
136 token.p11.C_SignInit
137 (session.id(), new CK_MECHANISM(mechanism), p11Key.keyID);
138 token.p11.C_SignUpdate(session.id(), 0, label, 0, label.length);
139 token.p11.C_SignUpdate(session.id(), 0, seed, 0, seed.length);
140 byte[] out = token.p11.C_SignFinal
141 (session.id(), spec.getOutputLength());
142 return new SecretKeySpec(out, "TlsPrf");
143 } catch (PKCS11Exception e) {
144 throw new ProviderException("Could not calculate PRF", e);
145 } finally {
146 token.releaseSession(session);
147 }
148 }
149
150 // mechanism == CKM_TLS_PRF
151
152 byte[] out = new byte[spec.getOutputLength()];
153 CK_TLS_PRF_PARAMS params = new CK_TLS_PRF_PARAMS(seed, label, out);
154
155 Session session = null;
156 try {
157 session = token.getOpSession();
158 long keyID = token.p11.C_DeriveKey(session.id(),
159 new CK_MECHANISM(mechanism, params), p11Key.keyID, null);
160 // ignore keyID, returned PRF bytes are in 'out'
161 return new SecretKeySpec(out, "TlsPrf");
162 } catch (PKCS11Exception e) {
163 throw new ProviderException("Could not calculate PRF", e);
164 } finally {
165 token.releaseSession(session);
166 }
167 }
168
169 }