1 /* |
1 /* |
2 * Copyright (c) 2006, 2007, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2006, 2018, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
118 protected byte[] engineGenerateSecret() throws IllegalStateException { |
118 protected byte[] engineGenerateSecret() throws IllegalStateException { |
119 if ((privateKey == null) || (publicValue == null)) { |
119 if ((privateKey == null) || (publicValue == null)) { |
120 throw new IllegalStateException("Not initialized correctly"); |
120 throw new IllegalStateException("Not initialized correctly"); |
121 } |
121 } |
122 Session session = null; |
122 Session session = null; |
|
123 long privKeyID = privateKey.getKeyID(); |
123 try { |
124 try { |
124 session = token.getOpSession(); |
125 session = token.getOpSession(); |
125 CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { |
126 CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { |
126 new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY), |
127 new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY), |
127 new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_GENERIC_SECRET), |
128 new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_GENERIC_SECRET), |
129 CK_ECDH1_DERIVE_PARAMS ckParams = |
130 CK_ECDH1_DERIVE_PARAMS ckParams = |
130 new CK_ECDH1_DERIVE_PARAMS(CKD_NULL, null, publicValue); |
131 new CK_ECDH1_DERIVE_PARAMS(CKD_NULL, null, publicValue); |
131 attributes = token.getAttributes |
132 attributes = token.getAttributes |
132 (O_GENERATE, CKO_SECRET_KEY, CKK_GENERIC_SECRET, attributes); |
133 (O_GENERATE, CKO_SECRET_KEY, CKK_GENERIC_SECRET, attributes); |
133 long keyID = token.p11.C_DeriveKey(session.id(), |
134 long keyID = token.p11.C_DeriveKey(session.id(), |
134 new CK_MECHANISM(mechanism, ckParams), privateKey.keyID, |
135 new CK_MECHANISM(mechanism, ckParams), privKeyID, |
135 attributes); |
136 attributes); |
136 attributes = new CK_ATTRIBUTE[] { |
137 attributes = new CK_ATTRIBUTE[] { |
137 new CK_ATTRIBUTE(CKA_VALUE) |
138 new CK_ATTRIBUTE(CKA_VALUE) |
138 }; |
139 }; |
139 token.p11.C_GetAttributeValue(session.id(), keyID, attributes); |
140 token.p11.C_GetAttributeValue(session.id(), keyID, attributes); |
140 byte[] secret = attributes[0].getByteArray(); |
141 byte[] secret = attributes[0].getByteArray(); |
141 token.p11.C_DestroyObject(session.id(), keyID); |
142 token.p11.C_DestroyObject(session.id(), keyID); |
142 return secret; |
143 return secret; |
143 } catch (PKCS11Exception e) { |
144 } catch (PKCS11Exception e) { |
144 throw new ProviderException("Could not derive key", e); |
145 throw new ProviderException("Could not derive key", e); |
145 } finally { |
146 } finally { |
|
147 privateKey.releaseKeyID(); |
146 publicValue = null; |
148 publicValue = null; |
147 token.releaseSession(session); |
149 token.releaseSession(session); |
148 } |
150 } |
149 } |
151 } |
150 |
152 |
180 if ((privateKey == null) || (publicValue == null)) { |
182 if ((privateKey == null) || (publicValue == null)) { |
181 throw new IllegalStateException("Not initialized correctly"); |
183 throw new IllegalStateException("Not initialized correctly"); |
182 } |
184 } |
183 long keyType = CKK_GENERIC_SECRET; |
185 long keyType = CKK_GENERIC_SECRET; |
184 Session session = null; |
186 Session session = null; |
|
187 long privKeyID = privateKey.getKeyID(); |
185 try { |
188 try { |
186 session = token.getObjSession(); |
189 session = token.getObjSession(); |
187 CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { |
190 CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { |
188 new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY), |
191 new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY), |
189 new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType), |
192 new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType), |
191 CK_ECDH1_DERIVE_PARAMS ckParams = |
194 CK_ECDH1_DERIVE_PARAMS ckParams = |
192 new CK_ECDH1_DERIVE_PARAMS(CKD_NULL, null, publicValue); |
195 new CK_ECDH1_DERIVE_PARAMS(CKD_NULL, null, publicValue); |
193 attributes = token.getAttributes |
196 attributes = token.getAttributes |
194 (O_GENERATE, CKO_SECRET_KEY, keyType, attributes); |
197 (O_GENERATE, CKO_SECRET_KEY, keyType, attributes); |
195 long keyID = token.p11.C_DeriveKey(session.id(), |
198 long keyID = token.p11.C_DeriveKey(session.id(), |
196 new CK_MECHANISM(mechanism, ckParams), privateKey.keyID, |
199 new CK_MECHANISM(mechanism, ckParams), privKeyID, |
197 attributes); |
200 attributes); |
198 CK_ATTRIBUTE[] lenAttributes = new CK_ATTRIBUTE[] { |
201 CK_ATTRIBUTE[] lenAttributes = new CK_ATTRIBUTE[] { |
199 new CK_ATTRIBUTE(CKA_VALUE_LEN), |
202 new CK_ATTRIBUTE(CKA_VALUE_LEN), |
200 }; |
203 }; |
201 token.p11.C_GetAttributeValue(session.id(), keyID, lenAttributes); |
204 token.p11.C_GetAttributeValue(session.id(), keyID, lenAttributes); |
202 int keyLen = (int)lenAttributes[0].getLong(); |
205 int keyLen = (int)lenAttributes[0].getLong(); |
204 (session, keyID, algorithm, keyLen << 3, attributes); |
207 (session, keyID, algorithm, keyLen << 3, attributes); |
205 return key; |
208 return key; |
206 } catch (PKCS11Exception e) { |
209 } catch (PKCS11Exception e) { |
207 throw new InvalidKeyException("Could not derive key", e); |
210 throw new InvalidKeyException("Could not derive key", e); |
208 } finally { |
211 } finally { |
|
212 privateKey.releaseKeyID(); |
209 publicValue = null; |
213 publicValue = null; |
210 token.releaseSession(session); |
214 token.releaseSession(session); |
211 } |
215 } |
212 } |
216 } |
213 |
217 |