1 /*

     2  * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.

     3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

     4  *

     5  * This code is free software; you can redistribute it and/or modify it

     6  * under the terms of the GNU General Public License version 2 only, as

     7  * published by the Free Software Foundation.  Oracle designates this

     8  * particular file as subject to the "Classpath" exception as provided

     9  * by Oracle in the LICENSE file that accompanied this code.

    10  *

    11  * This code is distributed in the hope that it will be useful, but WITHOUT

    12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

    13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

    14  * version 2 for more details (a copy is included in the LICENSE file that

    15  * accompanied this code).

    16  *

    17  * You should have received a copy of the GNU General Public License version

    18  * 2 along with this work; if not, write to the Free Software Foundation,

    19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

    20  *

    21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

    22  * or visit www.oracle.com if you need additional information or have any

    23  * questions.

    24  */

    25 

    26 package sun.security.pkcs11;

    27 

    28 import java.security.*;

    29 import java.security.spec.AlgorithmParameterSpec;

    30 

    31 import javax.crypto.*;

    32 import javax.crypto.spec.*;

    33 

    34 import sun.security.internal.spec.TlsPrfParameterSpec;

    35 

    36 import static sun.security.pkcs11.TemplateManager.*;

    37 import sun.security.pkcs11.wrapper.*;

    38 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;

    39 

    40 /**

    41  * KeyGenerator for the TLS PRF. Note that although the PRF is used in a number

    42  * of places during the handshake, this class is usually only used to calculate

    43  * the Finished messages. The reason is that for those other uses more specific

    44  * PKCS#11 mechanisms have been defined (CKM_SSL3_MASTER_KEY_DERIVE, etc.).

    45  *

    46  * <p>This class supports the CKM_TLS_PRF mechanism from PKCS#11 v2.20 and

    47  * the older NSS private mechanism.

    48  *

    49  * @author  Andreas Sterbenz

    50  * @since   1.6

    51  */

    52 final class P11TlsPrfGenerator extends KeyGeneratorSpi {

    53 

    54     private final static String MSG =

    55             "TlsPrfGenerator must be initialized using a TlsPrfParameterSpec";

    56 

    57     // token instance

    58     private final Token token;

    59 

    60     // algorithm name

    61     private final String algorithm;

    62 

    63     // mechanism id

    64     private final long mechanism;

    65 

    66     @SuppressWarnings("deprecation")

    67     private TlsPrfParameterSpec spec;

    68 

    69     private P11Key p11Key;

    70 

    71     P11TlsPrfGenerator(Token token, String algorithm, long mechanism)

    72             throws PKCS11Exception {

    73         super();

    74         this.token = token;

    75         this.algorithm = algorithm;

    76         this.mechanism = mechanism;

    77     }

    78 

    79     protected void engineInit(SecureRandom random) {

    80         throw new InvalidParameterException(MSG);

    81     }

    82 

    83     @SuppressWarnings("deprecation")

    84     protected void engineInit(AlgorithmParameterSpec params,

    85             SecureRandom random) throws InvalidAlgorithmParameterException {

    86         if (params instanceof TlsPrfParameterSpec == false) {

    87             throw new InvalidAlgorithmParameterException(MSG);

    88         }

    89         this.spec = (TlsPrfParameterSpec)params;

    90         SecretKey key = spec.getSecret();

    91         if (key == null) {

    92             key = NULL_KEY;

    93         }

    94         try {

    95             p11Key = P11SecretKeyFactory.convertKey(token, key, null);

    96         } catch (InvalidKeyException e) {

    97             throw new InvalidAlgorithmParameterException("init() failed", e);

    98         }

    99     }

   100 

   101     // SecretKeySpec does not allow zero length keys, so we define our

   102     // own class.

   103     //

   104     // As an anonymous class cannot make any guarantees about serialization

   105     // compatibility, it is nonsensical for an anonymous class to define a

   106     // serialVersionUID. Suppress warnings relative to missing serialVersionUID

   107     // field in the anonymous subclass of serializable SecretKey.

   108     @SuppressWarnings("serial")

   109     private static final SecretKey NULL_KEY = new SecretKey() {

   110         public byte[] getEncoded() {

   111             return new byte[0];

   112         }

   113         public String getFormat() {

   114             return "RAW";

   115         }

   116         public String getAlgorithm() {

   117             return "Generic";

   118         }

   119     };

   120 

   121     protected void engineInit(int keysize, SecureRandom random) {

   122         throw new InvalidParameterException(MSG);

   123     }

   124 

   125     protected SecretKey engineGenerateKey() {

   126         if (spec == null) {

   127             throw new IllegalStateException("TlsPrfGenerator must be initialized");

   128         }

   129         byte[] label = P11Util.getBytesUTF8(spec.getLabel());

   130         byte[] seed = spec.getSeed();

   131 

   132         if (mechanism == CKM_NSS_TLS_PRF_GENERAL) {

   133             Session session = null;

   134             try {

   135                 session = token.getOpSession();

   136                 token.p11.C_SignInit

   137                     (session.id(), new CK_MECHANISM(mechanism), p11Key.keyID);

   138                 token.p11.C_SignUpdate(session.id(), 0, label, 0, label.length);

   139                 token.p11.C_SignUpdate(session.id(), 0, seed, 0, seed.length);

   140                 byte[] out = token.p11.C_SignFinal

   141                                     (session.id(), spec.getOutputLength());

   142                 return new SecretKeySpec(out, "TlsPrf");

   143             } catch (PKCS11Exception e) {

   144                 throw new ProviderException("Could not calculate PRF", e);

   145             } finally {

   146                 token.releaseSession(session);

   147             }

   148         }

   149 

   150         // mechanism == CKM_TLS_PRF

   151 

   152         byte[] out = new byte[spec.getOutputLength()];

   153         CK_TLS_PRF_PARAMS params = new CK_TLS_PRF_PARAMS(seed, label, out);

   154 

   155         Session session = null;

   156         try {

   157             session = token.getOpSession();

   158             long keyID = token.p11.C_DeriveKey(session.id(),

   159                 new CK_MECHANISM(mechanism, params), p11Key.keyID, null);

   160             // ignore keyID, returned PRF bytes are in 'out'

   161             return new SecretKeySpec(out, "TlsPrf");

   162         } catch (PKCS11Exception e) {

   163             throw new ProviderException("Could not calculate PRF", e);

   164         } finally {

   165             token.releaseSession(session);

   166         }

   167     }

   168 

   169 }