1 /* 2 * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.pkcs11; 27 28 import java.security.*; 29 import java.security.spec.AlgorithmParameterSpec; 30 31 import javax.crypto.*; 32 import javax.crypto.spec.*; 33 34 import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec; 35 36 import static sun.security.pkcs11.TemplateManager.*; 37 import sun.security.pkcs11.wrapper.*; 38 import static sun.security.pkcs11.wrapper.PKCS11Constants.*; 39 40 /** 41 * KeyGenerator for the SSL/TLS RSA premaster secret. 42 * 43 * @author Andreas Sterbenz 44 * @since 1.6 45 */ 46 final class P11TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi { 47 48 private final static String MSG = "TlsRsaPremasterSecretGenerator must be " 49 + "initialized using a TlsRsaPremasterSecretParameterSpec"; 50 51 // token instance 52 private final Token token; 53 54 // algorithm name 55 private final String algorithm; 56 57 // mechanism id 58 private long mechanism; 59 60 @SuppressWarnings("deprecation") 61 private TlsRsaPremasterSecretParameterSpec spec; 62 63 // whether SSLv3 is supported 64 private final boolean supportSSLv3; 65 66 P11TlsRsaPremasterSecretGenerator(Token token, String algorithm, long mechanism) 67 throws PKCS11Exception { 68 super(); 69 this.token = token; 70 this.algorithm = algorithm; 71 this.mechanism = mechanism; 72 73 // Given the current lookup order specified in SunPKCS11.java, 74 // if CKM_SSL3_PRE_MASTER_KEY_GEN is not used to construct this object, 75 // it means that this mech is disabled or unsupported. 76 this.supportSSLv3 = (mechanism == CKM_SSL3_PRE_MASTER_KEY_GEN); 77 } 78 79 protected void engineInit(SecureRandom random) { 80 throw new InvalidParameterException(MSG); 81 } 82 83 @SuppressWarnings("deprecation") 84 protected void engineInit(AlgorithmParameterSpec params, 85 SecureRandom random) throws InvalidAlgorithmParameterException { 86 if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) { 87 throw new InvalidAlgorithmParameterException(MSG); 88 } 89 90 TlsRsaPremasterSecretParameterSpec spec = 91 (TlsRsaPremasterSecretParameterSpec) params; 92 93 int version = (spec.getMajorVersion() << 8) | spec.getMinorVersion(); 94 95 if ((version == 0x0300 && !supportSSLv3) || (version < 0x0300) || 96 (version > 0x0302)) { 97 throw new InvalidAlgorithmParameterException 98 ("Only" + (supportSSLv3? " SSL 3.0,": "") + 99 " TLS 1.0, and TLS 1.1 are supported (0x" + 100 Integer.toHexString(version) + ")"); 101 } 102 this.spec = spec; 103 } 104 105 protected void engineInit(int keysize, SecureRandom random) { 106 throw new InvalidParameterException(MSG); 107 } 108 109 // Only can be used in client side to generate TLS RSA premaster secret. 110 protected SecretKey engineGenerateKey() { 111 if (spec == null) { 112 throw new IllegalStateException 113 ("TlsRsaPremasterSecretGenerator must be initialized"); 114 } 115 116 CK_VERSION version = new CK_VERSION( 117 spec.getMajorVersion(), spec.getMinorVersion()); 118 Session session = null; 119 try { 120 session = token.getObjSession(); 121 CK_ATTRIBUTE[] attributes = token.getAttributes( 122 O_GENERATE, CKO_SECRET_KEY, 123 CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]); 124 long keyID = token.p11.C_GenerateKey(session.id(), 125 new CK_MECHANISM(mechanism, version), attributes); 126 SecretKey key = P11Key.secretKey(session, 127 keyID, "TlsRsaPremasterSecret", 48 << 3, attributes); 128 return key; 129 } catch (PKCS11Exception e) { 130 throw new ProviderException( 131 "Could not generate premaster secret", e); 132 } finally { 133 token.releaseSession(session); 134 } 135 } 136 137 }