1 /* |
1 /* |
2 * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
27 |
27 |
28 import java.security.*; |
28 import java.security.*; |
29 import java.security.spec.AlgorithmParameterSpec; |
29 import java.security.spec.AlgorithmParameterSpec; |
30 |
30 |
31 import javax.crypto.*; |
31 import javax.crypto.*; |
32 import javax.crypto.spec.*; |
|
33 |
|
34 import sun.security.internal.spec.TlsMasterSecretParameterSpec; |
32 import sun.security.internal.spec.TlsMasterSecretParameterSpec; |
35 |
33 |
36 import static sun.security.pkcs11.TemplateManager.*; |
34 import static sun.security.pkcs11.TemplateManager.*; |
37 import sun.security.pkcs11.wrapper.*; |
35 import sun.security.pkcs11.wrapper.*; |
|
36 |
38 import static sun.security.pkcs11.wrapper.PKCS11Constants.*; |
37 import static sun.security.pkcs11.wrapper.PKCS11Constants.*; |
39 |
38 |
40 /** |
39 /** |
41 * KeyGenerator for the SSL/TLS master secret. |
40 * KeyGenerator for the SSL/TLS master secret. |
42 * |
41 * |
89 if (params instanceof TlsMasterSecretParameterSpec == false) { |
90 if (params instanceof TlsMasterSecretParameterSpec == false) { |
90 throw new InvalidAlgorithmParameterException(MSG); |
91 throw new InvalidAlgorithmParameterException(MSG); |
91 } |
92 } |
92 |
93 |
93 TlsMasterSecretParameterSpec spec = (TlsMasterSecretParameterSpec)params; |
94 TlsMasterSecretParameterSpec spec = (TlsMasterSecretParameterSpec)params; |
94 int version = (spec.getMajorVersion() << 8) | spec.getMinorVersion(); |
95 tlsVersion = (spec.getMajorVersion() << 8) | spec.getMinorVersion(); |
95 if ((version == 0x0300 && !supportSSLv3) || (version < 0x0300) || |
96 if ((tlsVersion == 0x0300 && !supportSSLv3) || |
96 (version > 0x0302)) { |
97 (tlsVersion < 0x0300) || (tlsVersion > 0x0303)) { |
97 throw new InvalidAlgorithmParameterException |
98 throw new InvalidAlgorithmParameterException |
98 ("Only" + (supportSSLv3? " SSL 3.0,": "") + |
99 ("Only" + (supportSSLv3? " SSL 3.0,": "") + |
99 " TLS 1.0, and TLS 1.1 are supported (0x" + |
100 " TLS 1.0, TLS 1.1 and TLS 1.2 are supported (" + |
100 Integer.toHexString(version) + ")"); |
101 tlsVersion + ")"); |
101 } |
102 } |
102 |
103 |
103 SecretKey key = spec.getPremasterSecret(); |
104 SecretKey key = spec.getPremasterSecret(); |
104 // algorithm should be either TlsRsaPremasterSecret or TlsPremasterSecret, |
105 // algorithm should be either TlsRsaPremasterSecret or TlsPremasterSecret, |
105 // but we omit the check |
106 // but we omit the check |
107 p11Key = P11SecretKeyFactory.convertKey(token, key, null); |
108 p11Key = P11SecretKeyFactory.convertKey(token, key, null); |
108 } catch (InvalidKeyException e) { |
109 } catch (InvalidKeyException e) { |
109 throw new InvalidAlgorithmParameterException("init() failed", e); |
110 throw new InvalidAlgorithmParameterException("init() failed", e); |
110 } |
111 } |
111 this.spec = spec; |
112 this.spec = spec; |
112 if (p11Key.getAlgorithm().equals("TlsRsaPremasterSecret")) { |
113 final boolean isTlsRsaPremasterSecret = |
113 mechanism = (version == 0x0300) ? CKM_SSL3_MASTER_KEY_DERIVE |
114 p11Key.getAlgorithm().equals("TlsRsaPremasterSecret"); |
114 : CKM_TLS_MASTER_KEY_DERIVE; |
115 if (tlsVersion == 0x0300) { |
|
116 mechanism = isTlsRsaPremasterSecret ? |
|
117 CKM_SSL3_MASTER_KEY_DERIVE : CKM_SSL3_MASTER_KEY_DERIVE_DH; |
|
118 } else if (tlsVersion == 0x0301 || tlsVersion == 0x0302) { |
|
119 mechanism = isTlsRsaPremasterSecret ? |
|
120 CKM_TLS_MASTER_KEY_DERIVE : CKM_TLS_MASTER_KEY_DERIVE_DH; |
|
121 } else if (tlsVersion == 0x0303) { |
|
122 mechanism = isTlsRsaPremasterSecret ? |
|
123 CKM_TLS12_MASTER_KEY_DERIVE : CKM_TLS12_MASTER_KEY_DERIVE_DH; |
|
124 } |
|
125 if (isTlsRsaPremasterSecret) { |
115 ckVersion = new CK_VERSION(0, 0); |
126 ckVersion = new CK_VERSION(0, 0); |
116 } else { |
127 } else { |
117 // Note: we use DH for all non-RSA premaster secrets. That includes |
128 // Note: we use DH for all non-RSA premaster secrets. That includes |
118 // Kerberos. That should not be a problem because master secret |
129 // Kerberos. That should not be a problem because master secret |
119 // calculation is always a straightforward application of the |
130 // calculation is always a straightforward application of the |
120 // TLS PRF (or the SSL equivalent). |
131 // TLS PRF (or the SSL equivalent). |
121 // The only thing special about RSA master secret calculation is |
132 // The only thing special about RSA master secret calculation is |
122 // that it extracts the version numbers from the premaster secret. |
133 // that it extracts the version numbers from the premaster secret. |
123 mechanism = (version == 0x0300) ? CKM_SSL3_MASTER_KEY_DERIVE_DH |
|
124 : CKM_TLS_MASTER_KEY_DERIVE_DH; |
|
125 ckVersion = null; |
134 ckVersion = null; |
126 } |
135 } |
127 } |
136 } |
128 |
137 |
129 protected void engineInit(int keysize, SecureRandom random) { |
138 protected void engineInit(int keysize, SecureRandom random) { |
137 } |
146 } |
138 byte[] clientRandom = spec.getClientRandom(); |
147 byte[] clientRandom = spec.getClientRandom(); |
139 byte[] serverRandom = spec.getServerRandom(); |
148 byte[] serverRandom = spec.getServerRandom(); |
140 CK_SSL3_RANDOM_DATA random = |
149 CK_SSL3_RANDOM_DATA random = |
141 new CK_SSL3_RANDOM_DATA(clientRandom, serverRandom); |
150 new CK_SSL3_RANDOM_DATA(clientRandom, serverRandom); |
142 CK_SSL3_MASTER_KEY_DERIVE_PARAMS params = |
151 CK_MECHANISM ckMechanism = null; |
143 new CK_SSL3_MASTER_KEY_DERIVE_PARAMS(random, ckVersion); |
152 if (tlsVersion < 0x0303) { |
144 |
153 CK_SSL3_MASTER_KEY_DERIVE_PARAMS params = |
|
154 new CK_SSL3_MASTER_KEY_DERIVE_PARAMS(random, ckVersion); |
|
155 ckMechanism = new CK_MECHANISM(mechanism, params); |
|
156 } else if (tlsVersion == 0x0303) { |
|
157 CK_TLS12_MASTER_KEY_DERIVE_PARAMS params = |
|
158 new CK_TLS12_MASTER_KEY_DERIVE_PARAMS(random, ckVersion, |
|
159 Functions.getHashMechId(spec.getPRFHashAlg())); |
|
160 ckMechanism = new CK_MECHANISM(mechanism, params); |
|
161 } |
145 Session session = null; |
162 Session session = null; |
146 try { |
163 try { |
147 session = token.getObjSession(); |
164 session = token.getObjSession(); |
148 CK_ATTRIBUTE[] attributes = token.getAttributes(O_GENERATE, |
165 CK_ATTRIBUTE[] attributes = token.getAttributes(O_GENERATE, |
149 CKO_SECRET_KEY, CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]); |
166 CKO_SECRET_KEY, CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]); |
150 long keyID = token.p11.C_DeriveKey(session.id(), |
167 long keyID = token.p11.C_DeriveKey(session.id(), |
151 new CK_MECHANISM(mechanism, params), p11Key.keyID, attributes); |
168 ckMechanism, p11Key.keyID, attributes); |
152 int major, minor; |
169 int major, minor; |
153 if (params.pVersion == null) { |
170 if (ckVersion == null) { |
154 major = -1; |
171 major = -1; |
155 minor = -1; |
172 minor = -1; |
156 } else { |
173 } else { |
157 major = params.pVersion.major; |
174 major = ckVersion.major; |
158 minor = params.pVersion.minor; |
175 minor = ckVersion.minor; |
159 } |
176 } |
160 SecretKey key = P11Key.masterSecretKey(session, keyID, |
177 SecretKey key = P11Key.masterSecretKey(session, keyID, |
161 "TlsMasterSecret", 48 << 3, attributes, major, minor); |
178 "TlsMasterSecret", 48 << 3, attributes, major, minor); |
162 return key; |
179 return key; |
163 } catch (Exception e) { |
180 } catch (Exception e) { |