158 new CK_TLS12_MASTER_KEY_DERIVE_PARAMS(random, ckVersion, |
158 new CK_TLS12_MASTER_KEY_DERIVE_PARAMS(random, ckVersion, |
159 Functions.getHashMechId(spec.getPRFHashAlg())); |
159 Functions.getHashMechId(spec.getPRFHashAlg())); |
160 ckMechanism = new CK_MECHANISM(mechanism, params); |
160 ckMechanism = new CK_MECHANISM(mechanism, params); |
161 } |
161 } |
162 Session session = null; |
162 Session session = null; |
|
163 long p11KeyID = p11Key.getKeyID(); |
163 try { |
164 try { |
164 session = token.getObjSession(); |
165 session = token.getObjSession(); |
165 CK_ATTRIBUTE[] attributes = token.getAttributes(O_GENERATE, |
166 CK_ATTRIBUTE[] attributes = token.getAttributes(O_GENERATE, |
166 CKO_SECRET_KEY, CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]); |
167 CKO_SECRET_KEY, CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]); |
167 long keyID = token.p11.C_DeriveKey(session.id(), |
168 long keyID = token.p11.C_DeriveKey(session.id(), |
168 ckMechanism, p11Key.keyID, attributes); |
169 ckMechanism, p11KeyID, attributes); |
169 int major, minor; |
170 int major, minor; |
170 if (ckVersion == null) { |
171 if (ckVersion == null) { |
171 major = -1; |
172 major = -1; |
172 minor = -1; |
173 minor = -1; |
173 } else { |
174 } else { |
174 major = ckVersion.major; |
175 major = ckVersion.major; |
175 minor = ckVersion.minor; |
176 minor = ckVersion.minor; |
176 } |
177 } |
177 SecretKey key = P11Key.masterSecretKey(session, keyID, |
178 return P11Key.masterSecretKey(session, keyID, |
178 "TlsMasterSecret", 48 << 3, attributes, major, minor); |
179 "TlsMasterSecret", 48 << 3, attributes, major, minor); |
179 return key; |
|
180 } catch (Exception e) { |
180 } catch (Exception e) { |
181 throw new ProviderException("Could not generate key", e); |
181 throw new ProviderException("Could not generate key", e); |
182 } finally { |
182 } finally { |
|
183 p11Key.releaseKeyID(); |
183 token.releaseSession(session); |
184 token.releaseSession(session); |
184 } |
185 } |
185 } |
186 } |
186 } |
187 } |