1 /* |
1 /* |
2 * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
166 |
166 |
167 CK_SSL3_KEY_MAT_OUT out = params.pReturnedKeyMaterial; |
167 CK_SSL3_KEY_MAT_OUT out = params.pReturnedKeyMaterial; |
168 // Note that the MAC keys do not inherit all attributes from the |
168 // Note that the MAC keys do not inherit all attributes from the |
169 // template, but they do inherit the sensitive/extractable/token |
169 // template, but they do inherit the sensitive/extractable/token |
170 // flags, which is all P11Key cares about. |
170 // flags, which is all P11Key cares about. |
171 SecretKey clientMacKey, serverMacKey; |
171 SecretKey clientMacKey = P11Key.secretKey |
172 |
|
173 // The MAC size may be zero for GCM mode. |
|
174 // |
|
175 // PKCS11 does not support GCM mode as the author made the comment, |
|
176 // so the macBits is unlikely to be zero. It's only a place holder. |
|
177 if (macBits != 0) { |
|
178 clientMacKey = P11Key.secretKey |
|
179 (session, out.hClientMacSecret, "MAC", macBits, attributes); |
172 (session, out.hClientMacSecret, "MAC", macBits, attributes); |
180 serverMacKey = P11Key.secretKey |
173 SecretKey serverMacKey = P11Key.secretKey |
181 (session, out.hServerMacSecret, "MAC", macBits, attributes); |
174 (session, out.hServerMacSecret, "MAC", macBits, attributes); |
182 } else { |
|
183 clientMacKey = null; |
|
184 serverMacKey = null; |
|
185 } |
|
186 |
|
187 SecretKey clientCipherKey, serverCipherKey; |
175 SecretKey clientCipherKey, serverCipherKey; |
188 if (keyBits != 0) { |
176 if (keyBits != 0) { |
189 clientCipherKey = P11Key.secretKey(session, out.hClientKey, |
177 clientCipherKey = P11Key.secretKey(session, out.hClientKey, |
190 cipherAlgorithm, expandedKeyBits, attributes); |
178 cipherAlgorithm, expandedKeyBits, attributes); |
191 serverCipherKey = P11Key.secretKey(session, out.hServerKey, |
179 serverCipherKey = P11Key.secretKey(session, out.hServerKey, |