< prev index next >
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
Print this page
*** 83,92 ****
--- 83,95 ----
private volatile Token token;
private TokenPoller poller;
+ static final Map<String, Long> hashAlgorithmToHashMechanismMap =
+ new HashMap<String, Long>();
+
Token getToken() {
return token;
}
public SunPKCS11() {
*** 453,462 ****
--- 456,469 ----
private static int[] m(long m1, long m2, long m3, long m4) {
return new int[] {(int)m1, (int)m2, (int)m3, (int)m4};
}
+ private static int[] m(long m1, long m2, long m3, long m4, long m5) {
+ return new int[] {(int)m1, (int)m2, (int)m3, (int)m4, (int)m5};
+ }
+
private static void d(String type, String algorithm, String className,
int[] m) {
register(new Descriptor(type, algorithm, className, null, m));
}
*** 516,525 ****
--- 523,538 ----
String P11SecretKeyFactory = "sun.security.pkcs11.P11SecretKeyFactory";
String P11Cipher = "sun.security.pkcs11.P11Cipher";
String P11RSACipher = "sun.security.pkcs11.P11RSACipher";
String P11Signature = "sun.security.pkcs11.P11Signature";
+ hashAlgorithmToHashMechanismMap.put("SHA-1", CKM_SHA_1);
+ hashAlgorithmToHashMechanismMap.put("SHA-224", CKM_SHA224);
+ hashAlgorithmToHashMechanismMap.put("SHA-256", CKM_SHA256);
+ hashAlgorithmToHashMechanismMap.put("SHA-386", CKM_SHA384);
+ hashAlgorithmToHashMechanismMap.put("SHA-512", CKM_SHA512);
+
// XXX register all aliases
d(MD, "MD2", P11Digest,
m(CKM_MD2));
d(MD, "MD5", P11Digest,
*** 742,783 ****
m(CKM_SHA384_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
d(SIG, "SHA512withRSA", P11Signature,
s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"),
m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
- /*
- * TLS 1.2 uses a different hash algorithm than 1.0/1.1 for the
- * PRF calculations. As of 2010, there is no PKCS11-level
- * support for TLS 1.2 PRF calculations, and no known OS's have
- * an internal variant we could use. Therefore for TLS 1.2, we
- * are updating JSSE to request different provider algorithms
- * (e.g. "SunTls12Prf"), and currently only SunJCE has these
- * TLS 1.2 algorithms.
- *
- * If we reused the names such as "SunTlsPrf", the PKCS11
- * providers would need be updated to fail correctly when
- * presented with the wrong version number (via
- * Provider.Service.supportsParameters()), and we would also
- * need to add the appropriate supportsParamters() checks into
- * KeyGenerators (not currently there).
- *
- * In the future, if PKCS11 support is added, we will restructure
- * this.
- */
d(KG, "SunTlsRsaPremasterSecret",
"sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator",
m(CKM_SSL3_PRE_MASTER_KEY_GEN, CKM_TLS_PRE_MASTER_KEY_GEN));
d(KG, "SunTlsMasterSecret",
"sun.security.pkcs11.P11TlsMasterSecretGenerator",
m(CKM_SSL3_MASTER_KEY_DERIVE, CKM_TLS_MASTER_KEY_DERIVE,
CKM_SSL3_MASTER_KEY_DERIVE_DH,
CKM_TLS_MASTER_KEY_DERIVE_DH));
d(KG, "SunTlsKeyMaterial",
"sun.security.pkcs11.P11TlsKeyMaterialGenerator",
m(CKM_SSL3_KEY_AND_MAC_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE));
d(KG, "SunTlsPrf", "sun.security.pkcs11.P11TlsPrfGenerator",
m(CKM_TLS_PRF, CKM_NSS_TLS_PRF_GENERAL));
}
// background thread that periodically checks for token insertion
// if no token is present. We need to do that in a separate thread because
// the insertion check may block for quite a long time on some tokens.
--- 755,783 ----
m(CKM_SHA384_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
d(SIG, "SHA512withRSA", P11Signature,
s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"),
m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
d(KG, "SunTlsRsaPremasterSecret",
"sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator",
+ s("SunTls12RsaPremasterSecret"),
m(CKM_SSL3_PRE_MASTER_KEY_GEN, CKM_TLS_PRE_MASTER_KEY_GEN));
d(KG, "SunTlsMasterSecret",
"sun.security.pkcs11.P11TlsMasterSecretGenerator",
+ s("SunTls12MasterSecret"),
m(CKM_SSL3_MASTER_KEY_DERIVE, CKM_TLS_MASTER_KEY_DERIVE,
+ CKM_TLS12_MASTER_KEY_DERIVE,
CKM_SSL3_MASTER_KEY_DERIVE_DH,
CKM_TLS_MASTER_KEY_DERIVE_DH));
d(KG, "SunTlsKeyMaterial",
"sun.security.pkcs11.P11TlsKeyMaterialGenerator",
+ s("SunTls12KeyMaterial"),
m(CKM_SSL3_KEY_AND_MAC_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE));
d(KG, "SunTlsPrf", "sun.security.pkcs11.P11TlsPrfGenerator",
m(CKM_TLS_PRF, CKM_NSS_TLS_PRF_GENERAL));
+ d(KG, "SunTls12Prf", "sun.security.pkcs11.P11TlsPrfGenerator",
+ m(CKM_TLS_MAC));
}
// background thread that periodically checks for token insertion
// if no token is present. We need to do that in a separate thread because
// the insertion check may block for quite a long time on some tokens.
*** 1046,1056 ****
return new P11TlsMasterSecretGenerator(
token, algorithm, mechanism);
} else if (algorithm == "SunTlsKeyMaterial") {
return new P11TlsKeyMaterialGenerator(
token, algorithm, mechanism);
! } else if (algorithm == "SunTlsPrf") {
return new P11TlsPrfGenerator(token, algorithm, mechanism);
} else {
return new P11KeyGenerator(token, algorithm, mechanism);
}
} else if (type == SR) {
--- 1046,1056 ----
return new P11TlsMasterSecretGenerator(
token, algorithm, mechanism);
} else if (algorithm == "SunTlsKeyMaterial") {
return new P11TlsKeyMaterialGenerator(
token, algorithm, mechanism);
! } else if (algorithm == "SunTlsPrf" || algorithm == "SunTls12Prf") {
return new P11TlsPrfGenerator(token, algorithm, mechanism);
} else {
return new P11KeyGenerator(token, algorithm, mechanism);
}
} else if (type == SR) {
< prev index next >