1 /* |
1 /* |
2 * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
124 |
124 |
125 protected SecretKey engineGenerateKey() { |
125 protected SecretKey engineGenerateKey() { |
126 if (spec == null) { |
126 if (spec == null) { |
127 throw new IllegalStateException("TlsPrfGenerator must be initialized"); |
127 throw new IllegalStateException("TlsPrfGenerator must be initialized"); |
128 } |
128 } |
|
129 |
|
130 byte[] seed = spec.getSeed(); |
|
131 |
|
132 // TLS 1.2 |
|
133 if (mechanism == CKM_TLS_MAC) { |
|
134 SecretKey k = null; |
|
135 int ulServerOrClient = 0; |
|
136 if (spec.getLabel().equals("server finished")) { |
|
137 ulServerOrClient = 1; |
|
138 } |
|
139 if (spec.getLabel().equals("client finished")) { |
|
140 ulServerOrClient = 2; |
|
141 } |
|
142 |
|
143 if (ulServerOrClient != 0) { |
|
144 // Finished message |
|
145 CK_TLS_MAC_PARAMS params = new CK_TLS_MAC_PARAMS( |
|
146 Functions.getHashMechId(spec.getPRFHashAlg()), |
|
147 spec.getOutputLength(), ulServerOrClient); |
|
148 Session session = null; |
|
149 try { |
|
150 session = token.getOpSession(); |
|
151 token.p11.C_SignInit(session.id(), |
|
152 new CK_MECHANISM(mechanism, params), p11Key.keyID); |
|
153 token.p11.C_SignUpdate(session.id(), 0, seed, 0, seed.length); |
|
154 byte[] out = token.p11.C_SignFinal |
|
155 (session.id(), spec.getOutputLength()); |
|
156 k = new SecretKeySpec(out, "TlsPrf"); |
|
157 } catch (PKCS11Exception e) { |
|
158 throw new ProviderException("Could not calculate PRF", e); |
|
159 } finally { |
|
160 token.releaseSession(session); |
|
161 } |
|
162 } else { |
|
163 throw new ProviderException("Only Finished message authentication code"+ |
|
164 " generation supported for TLS 1.2."); |
|
165 } |
|
166 return k; |
|
167 } |
|
168 |
129 byte[] label = P11Util.getBytesUTF8(spec.getLabel()); |
169 byte[] label = P11Util.getBytesUTF8(spec.getLabel()); |
130 byte[] seed = spec.getSeed(); |
|
131 |
170 |
132 if (mechanism == CKM_NSS_TLS_PRF_GENERAL) { |
171 if (mechanism == CKM_NSS_TLS_PRF_GENERAL) { |
133 Session session = null; |
172 Session session = null; |
134 try { |
173 try { |
135 session = token.getOpSession(); |
174 session = token.getOpSession(); |