1 /*
   2  * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any

 109     private static final SecretKey NULL_KEY = new SecretKey() {
 110         public byte[] getEncoded() {
 111             return new byte[0];
 112         }
 113         public String getFormat() {
 114             return "RAW";
 115         }
 116         public String getAlgorithm() {
 117             return "Generic";
 118         }
 119     };
 120 
 121     protected void engineInit(int keysize, SecureRandom random) {
 122         throw new InvalidParameterException(MSG);
 123     }
 124 
 125     protected SecretKey engineGenerateKey() {
 126         if (spec == null) {
 127             throw new IllegalStateException("TlsPrfGenerator must be initialized");
 128         }
 129         byte[] label = P11Util.getBytesUTF8(spec.getLabel());
 130         byte[] seed = spec.getSeed();







































 131 
 132         if (mechanism == CKM_NSS_TLS_PRF_GENERAL) {
 133             Session session = null;
 134             try {
 135                 session = token.getOpSession();
 136                 token.p11.C_SignInit
 137                     (session.id(), new CK_MECHANISM(mechanism), p11Key.keyID);
 138                 token.p11.C_SignUpdate(session.id(), 0, label, 0, label.length);
 139                 token.p11.C_SignUpdate(session.id(), 0, seed, 0, seed.length);
 140                 byte[] out = token.p11.C_SignFinal
 141                                     (session.id(), spec.getOutputLength());
 142                 return new SecretKeySpec(out, "TlsPrf");
 143             } catch (PKCS11Exception e) {
 144                 throw new ProviderException("Could not calculate PRF", e);
 145             } finally {
 146                 token.releaseSession(session);
 147             }
 148         }
 149 
 150         // mechanism == CKM_TLS_PRF

   1 /*
   2  * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any

 109     private static final SecretKey NULL_KEY = new SecretKey() {
 110         public byte[] getEncoded() {
 111             return new byte[0];
 112         }
 113         public String getFormat() {
 114             return "RAW";
 115         }
 116         public String getAlgorithm() {
 117             return "Generic";
 118         }
 119     };
 120 
 121     protected void engineInit(int keysize, SecureRandom random) {
 122         throw new InvalidParameterException(MSG);
 123     }
 124 
 125     protected SecretKey engineGenerateKey() {
 126         if (spec == null) {
 127             throw new IllegalStateException("TlsPrfGenerator must be initialized");
 128         }
 129         
 130         byte[] seed = spec.getSeed();
 131 
 132         // TLS 1.2
 133         if (mechanism == CKM_TLS_MAC) {
 134             SecretKey k = null;
 135             int ulServerOrClient = 0;
 136             if (spec.getLabel().equals("server finished")) {
 137                 ulServerOrClient = 1;
 138             }
 139             if (spec.getLabel().equals("client finished")) {
 140                 ulServerOrClient = 2;
 141             }
 142             
 143             if (ulServerOrClient != 0) {
 144                 // Finished message
 145                 CK_TLS_MAC_PARAMS params = new CK_TLS_MAC_PARAMS(
 146                         SunPKCS11.hashAlgorithmToHashMechanismMap.get(spec.getPRFHashAlg()),
 147                         spec.getOutputLength(), ulServerOrClient);
 148                 Session session = null;
 149                 try {
 150                     session = token.getOpSession();
 151                     token.p11.C_SignInit(session.id(), 
 152                             new CK_MECHANISM(mechanism, params), p11Key.keyID);
 153                     token.p11.C_SignUpdate(session.id(), 0, seed, 0, seed.length);
 154                     byte[] out = token.p11.C_SignFinal
 155                                         (session.id(), spec.getOutputLength());
 156                     k = new SecretKeySpec(out, "TlsPrf");
 157                 } catch (PKCS11Exception e) {
 158                     throw new ProviderException("Could not calculate PRF", e);
 159                 } finally {
 160                     token.releaseSession(session);
 161                 }
 162             } else {
 163                 throw new ProviderException("Only Finished message authentication code"+
 164                                             " generation supported for TLS 1.2.");
 165             }
 166             return k;
 167         }
 168         
 169         byte[] label = P11Util.getBytesUTF8(spec.getLabel());
 170 
 171         if (mechanism == CKM_NSS_TLS_PRF_GENERAL) {
 172             Session session = null;
 173             try {
 174                 session = token.getOpSession();
 175                 token.p11.C_SignInit
 176                     (session.id(), new CK_MECHANISM(mechanism), p11Key.keyID);
 177                 token.p11.C_SignUpdate(session.id(), 0, label, 0, label.length);
 178                 token.p11.C_SignUpdate(session.id(), 0, seed, 0, seed.length);
 179                 byte[] out = token.p11.C_SignFinal
 180                                     (session.id(), spec.getOutputLength());
 181                 return new SecretKeySpec(out, "TlsPrf");
 182             } catch (PKCS11Exception e) {
 183                 throw new ProviderException("Could not calculate PRF", e);
 184             } finally {
 185                 token.releaseSession(session);
 186             }
 187         }
 188 
 189         // mechanism == CKM_TLS_PRF