1 /* |
1 /* |
2 * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
449 } |
449 } |
450 |
450 |
451 // see JCE spec |
451 // see JCE spec |
452 protected Key engineUnwrap(byte[] wrappedKey, String algorithm, |
452 protected Key engineUnwrap(byte[] wrappedKey, String algorithm, |
453 int type) throws InvalidKeyException, NoSuchAlgorithmException { |
453 int type) throws InvalidKeyException, NoSuchAlgorithmException { |
454 if (algorithm.equals("TlsRsaPremasterSecret")) { |
454 |
455 // the instance variable "session" has been initialized for |
|
456 // decrypt mode, so use a local variable instead. |
|
457 Session s = null; |
|
458 try { |
|
459 s = token.getObjSession(); |
|
460 long keyType = CKK_GENERIC_SECRET; |
|
461 CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { |
|
462 new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY), |
|
463 new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType), |
|
464 }; |
|
465 attributes = token.getAttributes |
|
466 (O_IMPORT, CKO_SECRET_KEY, keyType, attributes); |
|
467 long keyID = token.p11.C_UnwrapKey(s.id(), |
|
468 new CK_MECHANISM(mechanism), p11Key.keyID, wrappedKey, |
|
469 attributes); |
|
470 return P11Key.secretKey(s, keyID, algorithm, 48 << 3, |
|
471 attributes); |
|
472 } catch (PKCS11Exception e) { |
|
473 throw new InvalidKeyException("unwrap() failed", e); |
|
474 } finally { |
|
475 token.releaseSession(s); |
|
476 } |
|
477 } |
|
478 // XXX implement unwrap using C_Unwrap() for all keys |
455 // XXX implement unwrap using C_Unwrap() for all keys |
479 implInit(Cipher.DECRYPT_MODE, p11Key); |
456 implInit(Cipher.DECRYPT_MODE, p11Key); |
480 if (wrappedKey.length > maxInputSize) { |
457 if (wrappedKey.length > maxInputSize) { |
481 throw new InvalidKeyException("Key is too long for unwrapping"); |
458 throw new InvalidKeyException("Key is too long for unwrapping"); |
482 } |
459 } |