1 /* 2 * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.pkcs11; 27 28 import java.security.*; 29 import java.security.spec.AlgorithmParameterSpec; 30 31 import javax.crypto.*; 32 import javax.crypto.spec.*; 33 34 import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec; 35 36 import static sun.security.pkcs11.TemplateManager.*; 37 import sun.security.pkcs11.wrapper.*; 38 import static sun.security.pkcs11.wrapper.PKCS11Constants.*; 39 40 /** 41 * KeyGenerator for the SSL/TLS RSA premaster secret. 42 * 43 * @author Andreas Sterbenz 44 * @since 1.6 45 */ 46 final class P11TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi { 47 48 private final static String MSG = "TlsRsaPremasterSecretGenerator must be " 49 + "initialized using a TlsRsaPremasterSecretParameterSpec"; 50 51 // token instance 52 private final Token token; 53 54 // algorithm name 55 private final String algorithm; 56 57 // mechanism id 58 private long mechanism; 59 60 @SuppressWarnings("deprecation") 61 private TlsRsaPremasterSecretParameterSpec spec; 62 63 // whether SSLv3 is supported 64 private final boolean supportSSLv3; 65 66 P11TlsRsaPremasterSecretGenerator(Token token, String algorithm, long mechanism) 67 throws PKCS11Exception { 68 super(); 69 this.token = token; 70 this.algorithm = algorithm; 71 this.mechanism = mechanism; 72 73 // Given the current lookup order specified in SunPKCS11.java, 74 // if CKM_SSL3_PRE_MASTER_KEY_GEN is not used to construct this object, 75 // it means that this mech is disabled or unsupported. 76 this.supportSSLv3 = (mechanism == CKM_SSL3_PRE_MASTER_KEY_GEN); 77 } 78 79 protected void engineInit(SecureRandom random) { 80 throw new InvalidParameterException(MSG); 81 } 82 83 @SuppressWarnings("deprecation") 84 protected void engineInit(AlgorithmParameterSpec params, 85 SecureRandom random) throws InvalidAlgorithmParameterException { 86 if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) { 87 throw new InvalidAlgorithmParameterException(MSG); 88 } 89 90 TlsRsaPremasterSecretParameterSpec spec = 91 (TlsRsaPremasterSecretParameterSpec) params; 92 93 int version = (spec.getMajorVersion() << 8) | spec.getMinorVersion(); 94 95 if ((version == 0x0300 && !supportSSLv3) || (version < 0x0300) || 96 (version > 0x0302)) { 97 throw new InvalidAlgorithmParameterException 98 ("Only" + (supportSSLv3? " SSL 3.0,": "") + 99 " TLS 1.0, and TLS 1.1 are supported (0x" + 100 Integer.toHexString(version) + ")"); 101 } 102 this.spec = spec; 103 } 104 105 protected void engineInit(int keysize, SecureRandom random) { 106 throw new InvalidParameterException(MSG); 107 } 108 109 // Only can be used in client side to generate TLS RSA premaster secret. 110 protected SecretKey engineGenerateKey() { 111 if (spec == null) { 112 throw new IllegalStateException 113 ("TlsRsaPremasterSecretGenerator must be initialized"); 114 } 115 116 CK_VERSION version = new CK_VERSION( 117 spec.getMajorVersion(), spec.getMinorVersion()); 118 Session session = null; 119 try { 120 session = token.getObjSession(); 121 CK_ATTRIBUTE[] attributes = token.getAttributes( 122 O_GENERATE, CKO_SECRET_KEY, 123 CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]); 124 long keyID = token.p11.C_GenerateKey(session.id(), 125 new CK_MECHANISM(mechanism, version), attributes); 126 SecretKey key = P11Key.secretKey(session, 127 keyID, "TlsRsaPremasterSecret", 48 << 3, attributes); 128 return key; 129 } catch (PKCS11Exception e) { 130 throw new ProviderException( 131 "Could not generate premaster secret", e); 132 } finally { 133 token.releaseSession(session); 134 } 135 } 136 137 } | 1 /* 2 * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.pkcs11; 27 28 import java.security.*; 29 import java.security.spec.AlgorithmParameterSpec; 30 31 import javax.crypto.*; 32 import javax.crypto.spec.*; 33 34 import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec; 35 36 import static sun.security.pkcs11.TemplateManager.*; 37 import sun.security.pkcs11.wrapper.*; 38 import static sun.security.pkcs11.wrapper.PKCS11Constants.*; 39 import sun.security.ssl.ProtocolVersion; 40 41 /** 42 * KeyGenerator for the SSL/TLS RSA premaster secret. 43 * 44 * @author Andreas Sterbenz 45 * @since 1.6 46 */ 47 final class P11TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi { 48 49 private final static String MSG = "TlsRsaPremasterSecretGenerator must be " 50 + "initialized using a TlsRsaPremasterSecretParameterSpec"; 51 52 // token instance 53 private final Token token; 54 55 // algorithm name 56 private final String algorithm; 57 58 // mechanism id 59 private long mechanism; 60 61 private ProtocolVersion tlsVersion; 62 63 @SuppressWarnings("deprecation") 64 private TlsRsaPremasterSecretParameterSpec spec; 65 66 // whether SSLv3 is supported 67 private final boolean supportSSLv3; 68 69 P11TlsRsaPremasterSecretGenerator(Token token, String algorithm, long mechanism) 70 throws PKCS11Exception { 71 super(); 72 this.token = token; 73 this.algorithm = algorithm; 74 this.mechanism = mechanism; 75 76 // Given the current lookup order specified in SunPKCS11.java, 77 // if CKM_SSL3_PRE_MASTER_KEY_GEN is not used to construct this object, 78 // it means that this mech is disabled or unsupported. 79 this.supportSSLv3 = (mechanism == CKM_SSL3_PRE_MASTER_KEY_GEN); 80 } 81 82 protected void engineInit(SecureRandom random) { 83 throw new InvalidParameterException(MSG); 84 } 85 86 @SuppressWarnings("deprecation") 87 protected void engineInit(AlgorithmParameterSpec params, 88 SecureRandom random) throws InvalidAlgorithmParameterException { 89 if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) { 90 throw new InvalidAlgorithmParameterException(MSG); 91 } 92 93 TlsRsaPremasterSecretParameterSpec spec = 94 (TlsRsaPremasterSecretParameterSpec) params; 95 tlsVersion = ProtocolVersion.valueOf(spec.getMajorVersion(), spec.getMinorVersion()); 96 97 if ((tlsVersion.compareTo(ProtocolVersion.SSL30) == 0 && !supportSSLv3) || 98 (tlsVersion.compareTo(ProtocolVersion.SSL30) < 0) || 99 (tlsVersion.compareTo(ProtocolVersion.TLS12) > 0)) { 100 throw new InvalidAlgorithmParameterException 101 ("Only" + (supportSSLv3? " SSL 3.0,": "") + 102 " TLS 1.0, TLS 1.1 and TLS 1.2 are supported (" + 103 tlsVersion + ")"); 104 } 105 this.spec = spec; 106 } 107 108 protected void engineInit(int keysize, SecureRandom random) { 109 throw new InvalidParameterException(MSG); 110 } 111 112 // Only can be used in client side to generate TLS RSA premaster secret. 113 protected SecretKey engineGenerateKey() { 114 if (spec == null) { 115 throw new IllegalStateException 116 ("TlsRsaPremasterSecretGenerator must be initialized"); 117 } 118 119 CK_VERSION version = new CK_VERSION( 120 spec.getMajorVersion(), spec.getMinorVersion()); 121 Session session = null; 122 try { 123 session = token.getObjSession(); 124 CK_ATTRIBUTE[] attributes = token.getAttributes( 125 O_GENERATE, CKO_SECRET_KEY, 126 CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]); 127 long keyID = token.p11.C_GenerateKey(session.id(), 128 new CK_MECHANISM(mechanism, version), attributes); 129 String keyAlgorithm = null; 130 if (tlsVersion.compareTo(ProtocolVersion.TLS12) < 0) { 131 keyAlgorithm = "TlsRsaPremasterSecret"; 132 } else if (tlsVersion.compareTo(ProtocolVersion.TLS12) == 0) { 133 keyAlgorithm = "SunTls12RsaPremasterSecret"; 134 } 135 SecretKey key = P11Key.secretKey(session, 136 keyID, keyAlgorithm, 48 << 3, attributes); 137 return key; 138 } catch (PKCS11Exception e) { 139 throw new ProviderException( 140 "Could not generate premaster secret", e); 141 } finally { 142 token.releaseSession(session); 143 } 144 } 145 146 } |