1 /*
2 * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
109 private static final SecretKey NULL_KEY = new SecretKey() {
110 public byte[] getEncoded() {
111 return new byte[0];
112 }
113 public String getFormat() {
114 return "RAW";
115 }
116 public String getAlgorithm() {
117 return "Generic";
118 }
119 };
120
121 protected void engineInit(int keysize, SecureRandom random) {
122 throw new InvalidParameterException(MSG);
123 }
124
125 protected SecretKey engineGenerateKey() {
126 if (spec == null) {
127 throw new IllegalStateException("TlsPrfGenerator must be initialized");
128 }
129 byte[] label = P11Util.getBytesUTF8(spec.getLabel());
130 byte[] seed = spec.getSeed();
131
132 if (mechanism == CKM_NSS_TLS_PRF_GENERAL) {
133 Session session = null;
134 try {
135 session = token.getOpSession();
136 token.p11.C_SignInit
137 (session.id(), new CK_MECHANISM(mechanism), p11Key.keyID);
138 token.p11.C_SignUpdate(session.id(), 0, label, 0, label.length);
139 token.p11.C_SignUpdate(session.id(), 0, seed, 0, seed.length);
140 byte[] out = token.p11.C_SignFinal
141 (session.id(), spec.getOutputLength());
142 return new SecretKeySpec(out, "TlsPrf");
143 } catch (PKCS11Exception e) {
144 throw new ProviderException("Could not calculate PRF", e);
145 } finally {
146 token.releaseSession(session);
147 }
148 }
149
150 // mechanism == CKM_TLS_PRF
|
1 /*
2 * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
109 private static final SecretKey NULL_KEY = new SecretKey() {
110 public byte[] getEncoded() {
111 return new byte[0];
112 }
113 public String getFormat() {
114 return "RAW";
115 }
116 public String getAlgorithm() {
117 return "Generic";
118 }
119 };
120
121 protected void engineInit(int keysize, SecureRandom random) {
122 throw new InvalidParameterException(MSG);
123 }
124
125 protected SecretKey engineGenerateKey() {
126 if (spec == null) {
127 throw new IllegalStateException("TlsPrfGenerator must be initialized");
128 }
129
130 byte[] seed = spec.getSeed();
131
132 // TLS 1.2
133 if (mechanism == CKM_TLS_MAC) {
134 SecretKey k = null;
135 int ulServerOrClient = 0;
136 if (spec.getLabel().equals("server finished")) {
137 ulServerOrClient = 1;
138 }
139 if (spec.getLabel().equals("client finished")) {
140 ulServerOrClient = 2;
141 }
142
143 if (ulServerOrClient != 0) {
144 // Finished message
145 CK_TLS_MAC_PARAMS params = new CK_TLS_MAC_PARAMS(
146 SunPKCS11.hashAlgorithmToHashMechanismMap.get(spec.getPRFHashAlg()),
147 spec.getOutputLength(), ulServerOrClient);
148 Session session = null;
149 try {
150 session = token.getOpSession();
151 token.p11.C_SignInit(session.id(),
152 new CK_MECHANISM(mechanism, params), p11Key.keyID);
153 token.p11.C_SignUpdate(session.id(), 0, seed, 0, seed.length);
154 byte[] out = token.p11.C_SignFinal
155 (session.id(), spec.getOutputLength());
156 k = new SecretKeySpec(out, "TlsPrf");
157 } catch (PKCS11Exception e) {
158 throw new ProviderException("Could not calculate PRF", e);
159 } finally {
160 token.releaseSession(session);
161 }
162 } else {
163 throw new ProviderException("Only Finished message authentication code"+
164 " generation supported for TLS 1.2.");
165 }
166 return k;
167 }
168
169 byte[] label = P11Util.getBytesUTF8(spec.getLabel());
170
171 if (mechanism == CKM_NSS_TLS_PRF_GENERAL) {
172 Session session = null;
173 try {
174 session = token.getOpSession();
175 token.p11.C_SignInit
176 (session.id(), new CK_MECHANISM(mechanism), p11Key.keyID);
177 token.p11.C_SignUpdate(session.id(), 0, label, 0, label.length);
178 token.p11.C_SignUpdate(session.id(), 0, seed, 0, seed.length);
179 byte[] out = token.p11.C_SignFinal
180 (session.id(), spec.getOutputLength());
181 return new SecretKeySpec(out, "TlsPrf");
182 } catch (PKCS11Exception e) {
183 throw new ProviderException("Could not calculate PRF", e);
184 } finally {
185 token.releaseSession(session);
186 }
187 }
188
189 // mechanism == CKM_TLS_PRF
|