1 /* 2 * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.pkcs11; 27 28 import java.security.*; 29 import java.security.spec.AlgorithmParameterSpec; 30 31 import javax.crypto.*; 32 import javax.crypto.spec.*; 33 34 import sun.security.internal.spec.TlsMasterSecretParameterSpec; 35 36 import static sun.security.pkcs11.TemplateManager.*; 37 import sun.security.pkcs11.wrapper.*; 38 import static sun.security.pkcs11.wrapper.PKCS11Constants.*; 39 40 /** 41 * KeyGenerator for the SSL/TLS master secret. 42 * 43 * @author Andreas Sterbenz 44 * @since 1.6 45 */ 46 public final class P11TlsMasterSecretGenerator extends KeyGeneratorSpi { 47 48 private final static String MSG = "TlsMasterSecretGenerator must be " 49 + "initialized using a TlsMasterSecretParameterSpec"; 50 51 // token instance 52 private final Token token; 53 54 // algorithm name 55 private final String algorithm; 56 57 // mechanism id 58 private long mechanism; 59 60 @SuppressWarnings("deprecation") 61 private TlsMasterSecretParameterSpec spec; 62 private P11Key p11Key; 63 64 CK_VERSION ckVersion; 65 66 // whether SSLv3 is supported 67 private final boolean supportSSLv3; 68 69 P11TlsMasterSecretGenerator(Token token, String algorithm, long mechanism) 70 throws PKCS11Exception { 71 super(); 72 this.token = token; 73 this.algorithm = algorithm; 74 this.mechanism = mechanism; 75 76 // Given the current lookup order specified in SunPKCS11.java, if 77 // CKM_SSL3_MASTER_KEY_DERIVE is not used to construct this object, 78 // it means that this mech is disabled or unsupported. 79 supportSSLv3 = (mechanism == CKM_SSL3_MASTER_KEY_DERIVE); 80 } 81 82 protected void engineInit(SecureRandom random) { 83 throw new InvalidParameterException(MSG); 84 } 85 86 @SuppressWarnings("deprecation") 87 protected void engineInit(AlgorithmParameterSpec params, 88 SecureRandom random) throws InvalidAlgorithmParameterException { 89 if (params instanceof TlsMasterSecretParameterSpec == false) { 90 throw new InvalidAlgorithmParameterException(MSG); 91 } 92 93 TlsMasterSecretParameterSpec spec = (TlsMasterSecretParameterSpec)params; 94 int version = (spec.getMajorVersion() << 8) | spec.getMinorVersion(); 95 if ((version == 0x0300 && !supportSSLv3) || (version < 0x0300) || 96 (version > 0x0302)) { 97 throw new InvalidAlgorithmParameterException 98 ("Only" + (supportSSLv3? " SSL 3.0,": "") + 99 " TLS 1.0, and TLS 1.1 are supported (0x" + 100 Integer.toHexString(version) + ")"); 101 } 102 103 SecretKey key = spec.getPremasterSecret(); 104 // algorithm should be either TlsRsaPremasterSecret or TlsPremasterSecret, 105 // but we omit the check 106 try { 107 p11Key = P11SecretKeyFactory.convertKey(token, key, null); 108 } catch (InvalidKeyException e) { 109 throw new InvalidAlgorithmParameterException("init() failed", e); 110 } 111 this.spec = spec; 112 if (p11Key.getAlgorithm().equals("TlsRsaPremasterSecret")) { 113 mechanism = (version == 0x0300) ? CKM_SSL3_MASTER_KEY_DERIVE 114 : CKM_TLS_MASTER_KEY_DERIVE; 115 ckVersion = new CK_VERSION(0, 0); 116 } else { 117 // Note: we use DH for all non-RSA premaster secrets. That includes 118 // Kerberos. That should not be a problem because master secret 119 // calculation is always a straightforward application of the 120 // TLS PRF (or the SSL equivalent). 121 // The only thing special about RSA master secret calculation is 122 // that it extracts the version numbers from the premaster secret. 123 mechanism = (version == 0x0300) ? CKM_SSL3_MASTER_KEY_DERIVE_DH 124 : CKM_TLS_MASTER_KEY_DERIVE_DH; 125 ckVersion = null; 126 } 127 } 128 129 protected void engineInit(int keysize, SecureRandom random) { 130 throw new InvalidParameterException(MSG); 131 } 132 133 protected SecretKey engineGenerateKey() { 134 if (spec == null) { 135 throw new IllegalStateException 136 ("TlsMasterSecretGenerator must be initialized"); 137 } 138 byte[] clientRandom = spec.getClientRandom(); 139 byte[] serverRandom = spec.getServerRandom(); 140 CK_SSL3_RANDOM_DATA random = 141 new CK_SSL3_RANDOM_DATA(clientRandom, serverRandom); 142 CK_SSL3_MASTER_KEY_DERIVE_PARAMS params = 143 new CK_SSL3_MASTER_KEY_DERIVE_PARAMS(random, ckVersion); 144 145 Session session = null; 146 try { 147 session = token.getObjSession(); 148 CK_ATTRIBUTE[] attributes = token.getAttributes(O_GENERATE, 149 CKO_SECRET_KEY, CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]); 150 long keyID = token.p11.C_DeriveKey(session.id(), 151 new CK_MECHANISM(mechanism, params), p11Key.keyID, attributes); 152 int major, minor; 153 if (params.pVersion == null) { 154 major = -1; 155 minor = -1; 156 } else { 157 major = params.pVersion.major; 158 minor = params.pVersion.minor; 159 } 160 SecretKey key = P11Key.masterSecretKey(session, keyID, 161 "TlsMasterSecret", 48 << 3, attributes, major, minor); 162 return key; 163 } catch (Exception e) { 164 throw new ProviderException("Could not generate key", e); 165 } finally { 166 token.releaseSession(session); 167 } 168 } 169 }