8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
TLS v1.2 algorithms for key and MAC derivation added to SunPKCS11 crypto provider. Reviewed-by: valeriep
This commit is contained in:
parent
52ba129b0a
commit
aafb2b0474
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -38,6 +38,7 @@ import sun.security.internal.interfaces.TlsMasterSecret;
|
|||||||
|
|
||||||
import static sun.security.pkcs11.TemplateManager.*;
|
import static sun.security.pkcs11.TemplateManager.*;
|
||||||
import sun.security.pkcs11.wrapper.*;
|
import sun.security.pkcs11.wrapper.*;
|
||||||
|
|
||||||
import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
|
import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -61,6 +62,8 @@ public final class P11TlsKeyMaterialGenerator extends KeyGeneratorSpi {
|
|||||||
// mechanism id
|
// mechanism id
|
||||||
private long mechanism;
|
private long mechanism;
|
||||||
|
|
||||||
|
private int tlsVersion;
|
||||||
|
|
||||||
// parameter spec
|
// parameter spec
|
||||||
@SuppressWarnings("deprecation")
|
@SuppressWarnings("deprecation")
|
||||||
private TlsKeyMaterialParameterSpec spec;
|
private TlsKeyMaterialParameterSpec spec;
|
||||||
@ -96,14 +99,14 @@ public final class P11TlsKeyMaterialGenerator extends KeyGeneratorSpi {
|
|||||||
}
|
}
|
||||||
|
|
||||||
TlsKeyMaterialParameterSpec spec = (TlsKeyMaterialParameterSpec)params;
|
TlsKeyMaterialParameterSpec spec = (TlsKeyMaterialParameterSpec)params;
|
||||||
int version = (spec.getMajorVersion() << 8) | spec.getMinorVersion();
|
tlsVersion = (spec.getMajorVersion() << 8) | spec.getMinorVersion();
|
||||||
|
|
||||||
if ((version == 0x0300 && !supportSSLv3) || (version < 0x0300) ||
|
if ((tlsVersion == 0x0300 && !supportSSLv3) ||
|
||||||
(version > 0x0302)) {
|
(tlsVersion < 0x0300) || (tlsVersion > 0x0303)) {
|
||||||
throw new InvalidAlgorithmParameterException
|
throw new InvalidAlgorithmParameterException
|
||||||
("Only" + (supportSSLv3? " SSL 3.0,": "") +
|
("Only" + (supportSSLv3? " SSL 3.0,": "") +
|
||||||
" TLS 1.0, and TLS 1.1 are supported (0x" +
|
" TLS 1.0, TLS 1.1 and TLS 1.2 are supported (" +
|
||||||
Integer.toHexString(version) + ")");
|
tlsVersion + ")");
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
p11Key = P11SecretKeyFactory.convertKey
|
p11Key = P11SecretKeyFactory.convertKey
|
||||||
@ -112,8 +115,11 @@ public final class P11TlsKeyMaterialGenerator extends KeyGeneratorSpi {
|
|||||||
throw new InvalidAlgorithmParameterException("init() failed", e);
|
throw new InvalidAlgorithmParameterException("init() failed", e);
|
||||||
}
|
}
|
||||||
this.spec = spec;
|
this.spec = spec;
|
||||||
this.mechanism = (version == 0x0300)?
|
if (tlsVersion == 0x0300) {
|
||||||
CKM_SSL3_KEY_AND_MAC_DERIVE : CKM_TLS_KEY_AND_MAC_DERIVE;
|
mechanism = CKM_SSL3_KEY_AND_MAC_DERIVE;
|
||||||
|
} else if (tlsVersion == 0x0301 || tlsVersion == 0x0302) {
|
||||||
|
mechanism = CKM_TLS_KEY_AND_MAC_DERIVE;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void engineInit(int keysize, SecureRandom random) {
|
protected void engineInit(int keysize, SecureRandom random) {
|
||||||
@ -141,8 +147,18 @@ public final class P11TlsKeyMaterialGenerator extends KeyGeneratorSpi {
|
|||||||
|
|
||||||
CK_SSL3_RANDOM_DATA random = new CK_SSL3_RANDOM_DATA
|
CK_SSL3_RANDOM_DATA random = new CK_SSL3_RANDOM_DATA
|
||||||
(spec.getClientRandom(), spec.getServerRandom());
|
(spec.getClientRandom(), spec.getServerRandom());
|
||||||
CK_SSL3_KEY_MAT_PARAMS params = new CK_SSL3_KEY_MAT_PARAMS
|
Object params = null;
|
||||||
|
CK_MECHANISM ckMechanism = null;
|
||||||
|
if (tlsVersion < 0x0303) {
|
||||||
|
params = new CK_SSL3_KEY_MAT_PARAMS
|
||||||
(macBits, keyBits, ivBits, isExportable, random);
|
(macBits, keyBits, ivBits, isExportable, random);
|
||||||
|
ckMechanism = new CK_MECHANISM(mechanism, (CK_SSL3_KEY_MAT_PARAMS)params);
|
||||||
|
} else if (tlsVersion == 0x0303) {
|
||||||
|
params = new CK_TLS12_KEY_MAT_PARAMS
|
||||||
|
(macBits, keyBits, ivBits, isExportable, random,
|
||||||
|
Functions.getHashMechId(spec.getPRFHashAlg()));
|
||||||
|
ckMechanism = new CK_MECHANISM(mechanism, (CK_TLS12_KEY_MAT_PARAMS)params);
|
||||||
|
}
|
||||||
|
|
||||||
String cipherAlgorithm = spec.getCipherAlgorithm();
|
String cipherAlgorithm = spec.getCipherAlgorithm();
|
||||||
long keyType = P11SecretKeyFactory.getKeyType(cipherAlgorithm);
|
long keyType = P11SecretKeyFactory.getKeyType(cipherAlgorithm);
|
||||||
@ -173,10 +189,15 @@ public final class P11TlsKeyMaterialGenerator extends KeyGeneratorSpi {
|
|||||||
attributes = token.getAttributes
|
attributes = token.getAttributes
|
||||||
(O_GENERATE, CKO_SECRET_KEY, keyType, attributes);
|
(O_GENERATE, CKO_SECRET_KEY, keyType, attributes);
|
||||||
// the returned keyID is a dummy, ignore
|
// the returned keyID is a dummy, ignore
|
||||||
long keyID = token.p11.C_DeriveKey(session.id(),
|
token.p11.C_DeriveKey(session.id(),
|
||||||
new CK_MECHANISM(mechanism, params), p11Key.keyID, attributes);
|
ckMechanism, p11Key.keyID, attributes);
|
||||||
|
|
||||||
CK_SSL3_KEY_MAT_OUT out = params.pReturnedKeyMaterial;
|
CK_SSL3_KEY_MAT_OUT out = null;
|
||||||
|
if (params instanceof CK_SSL3_KEY_MAT_PARAMS) {
|
||||||
|
out = ((CK_SSL3_KEY_MAT_PARAMS)params).pReturnedKeyMaterial;
|
||||||
|
} else if (params instanceof CK_TLS12_KEY_MAT_PARAMS) {
|
||||||
|
out = ((CK_TLS12_KEY_MAT_PARAMS)params).pReturnedKeyMaterial;
|
||||||
|
}
|
||||||
// Note that the MAC keys do not inherit all attributes from the
|
// Note that the MAC keys do not inherit all attributes from the
|
||||||
// template, but they do inherit the sensitive/extractable/token
|
// template, but they do inherit the sensitive/extractable/token
|
||||||
// flags, which is all P11Key cares about.
|
// flags, which is all P11Key cares about.
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -29,12 +29,11 @@ import java.security.*;
|
|||||||
import java.security.spec.AlgorithmParameterSpec;
|
import java.security.spec.AlgorithmParameterSpec;
|
||||||
|
|
||||||
import javax.crypto.*;
|
import javax.crypto.*;
|
||||||
import javax.crypto.spec.*;
|
|
||||||
|
|
||||||
import sun.security.internal.spec.TlsMasterSecretParameterSpec;
|
import sun.security.internal.spec.TlsMasterSecretParameterSpec;
|
||||||
|
|
||||||
import static sun.security.pkcs11.TemplateManager.*;
|
import static sun.security.pkcs11.TemplateManager.*;
|
||||||
import sun.security.pkcs11.wrapper.*;
|
import sun.security.pkcs11.wrapper.*;
|
||||||
|
|
||||||
import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
|
import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -57,6 +56,8 @@ public final class P11TlsMasterSecretGenerator extends KeyGeneratorSpi {
|
|||||||
// mechanism id
|
// mechanism id
|
||||||
private long mechanism;
|
private long mechanism;
|
||||||
|
|
||||||
|
private int tlsVersion;
|
||||||
|
|
||||||
@SuppressWarnings("deprecation")
|
@SuppressWarnings("deprecation")
|
||||||
private TlsMasterSecretParameterSpec spec;
|
private TlsMasterSecretParameterSpec spec;
|
||||||
private P11Key p11Key;
|
private P11Key p11Key;
|
||||||
@ -91,13 +92,13 @@ public final class P11TlsMasterSecretGenerator extends KeyGeneratorSpi {
|
|||||||
}
|
}
|
||||||
|
|
||||||
TlsMasterSecretParameterSpec spec = (TlsMasterSecretParameterSpec)params;
|
TlsMasterSecretParameterSpec spec = (TlsMasterSecretParameterSpec)params;
|
||||||
int version = (spec.getMajorVersion() << 8) | spec.getMinorVersion();
|
tlsVersion = (spec.getMajorVersion() << 8) | spec.getMinorVersion();
|
||||||
if ((version == 0x0300 && !supportSSLv3) || (version < 0x0300) ||
|
if ((tlsVersion == 0x0300 && !supportSSLv3) ||
|
||||||
(version > 0x0302)) {
|
(tlsVersion < 0x0300) || (tlsVersion > 0x0303)) {
|
||||||
throw new InvalidAlgorithmParameterException
|
throw new InvalidAlgorithmParameterException
|
||||||
("Only" + (supportSSLv3? " SSL 3.0,": "") +
|
("Only" + (supportSSLv3? " SSL 3.0,": "") +
|
||||||
" TLS 1.0, and TLS 1.1 are supported (0x" +
|
" TLS 1.0, TLS 1.1 and TLS 1.2 are supported (" +
|
||||||
Integer.toHexString(version) + ")");
|
tlsVersion + ")");
|
||||||
}
|
}
|
||||||
|
|
||||||
SecretKey key = spec.getPremasterSecret();
|
SecretKey key = spec.getPremasterSecret();
|
||||||
@ -109,9 +110,19 @@ public final class P11TlsMasterSecretGenerator extends KeyGeneratorSpi {
|
|||||||
throw new InvalidAlgorithmParameterException("init() failed", e);
|
throw new InvalidAlgorithmParameterException("init() failed", e);
|
||||||
}
|
}
|
||||||
this.spec = spec;
|
this.spec = spec;
|
||||||
if (p11Key.getAlgorithm().equals("TlsRsaPremasterSecret")) {
|
final boolean isTlsRsaPremasterSecret =
|
||||||
mechanism = (version == 0x0300) ? CKM_SSL3_MASTER_KEY_DERIVE
|
p11Key.getAlgorithm().equals("TlsRsaPremasterSecret");
|
||||||
: CKM_TLS_MASTER_KEY_DERIVE;
|
if (tlsVersion == 0x0300) {
|
||||||
|
mechanism = isTlsRsaPremasterSecret ?
|
||||||
|
CKM_SSL3_MASTER_KEY_DERIVE : CKM_SSL3_MASTER_KEY_DERIVE_DH;
|
||||||
|
} else if (tlsVersion == 0x0301 || tlsVersion == 0x0302) {
|
||||||
|
mechanism = isTlsRsaPremasterSecret ?
|
||||||
|
CKM_TLS_MASTER_KEY_DERIVE : CKM_TLS_MASTER_KEY_DERIVE_DH;
|
||||||
|
} else if (tlsVersion == 0x0303) {
|
||||||
|
mechanism = isTlsRsaPremasterSecret ?
|
||||||
|
CKM_TLS12_MASTER_KEY_DERIVE : CKM_TLS12_MASTER_KEY_DERIVE_DH;
|
||||||
|
}
|
||||||
|
if (isTlsRsaPremasterSecret) {
|
||||||
ckVersion = new CK_VERSION(0, 0);
|
ckVersion = new CK_VERSION(0, 0);
|
||||||
} else {
|
} else {
|
||||||
// Note: we use DH for all non-RSA premaster secrets. That includes
|
// Note: we use DH for all non-RSA premaster secrets. That includes
|
||||||
@ -120,8 +131,6 @@ public final class P11TlsMasterSecretGenerator extends KeyGeneratorSpi {
|
|||||||
// TLS PRF (or the SSL equivalent).
|
// TLS PRF (or the SSL equivalent).
|
||||||
// The only thing special about RSA master secret calculation is
|
// The only thing special about RSA master secret calculation is
|
||||||
// that it extracts the version numbers from the premaster secret.
|
// that it extracts the version numbers from the premaster secret.
|
||||||
mechanism = (version == 0x0300) ? CKM_SSL3_MASTER_KEY_DERIVE_DH
|
|
||||||
: CKM_TLS_MASTER_KEY_DERIVE_DH;
|
|
||||||
ckVersion = null;
|
ckVersion = null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -139,23 +148,31 @@ public final class P11TlsMasterSecretGenerator extends KeyGeneratorSpi {
|
|||||||
byte[] serverRandom = spec.getServerRandom();
|
byte[] serverRandom = spec.getServerRandom();
|
||||||
CK_SSL3_RANDOM_DATA random =
|
CK_SSL3_RANDOM_DATA random =
|
||||||
new CK_SSL3_RANDOM_DATA(clientRandom, serverRandom);
|
new CK_SSL3_RANDOM_DATA(clientRandom, serverRandom);
|
||||||
|
CK_MECHANISM ckMechanism = null;
|
||||||
|
if (tlsVersion < 0x0303) {
|
||||||
CK_SSL3_MASTER_KEY_DERIVE_PARAMS params =
|
CK_SSL3_MASTER_KEY_DERIVE_PARAMS params =
|
||||||
new CK_SSL3_MASTER_KEY_DERIVE_PARAMS(random, ckVersion);
|
new CK_SSL3_MASTER_KEY_DERIVE_PARAMS(random, ckVersion);
|
||||||
|
ckMechanism = new CK_MECHANISM(mechanism, params);
|
||||||
|
} else if (tlsVersion == 0x0303) {
|
||||||
|
CK_TLS12_MASTER_KEY_DERIVE_PARAMS params =
|
||||||
|
new CK_TLS12_MASTER_KEY_DERIVE_PARAMS(random, ckVersion,
|
||||||
|
Functions.getHashMechId(spec.getPRFHashAlg()));
|
||||||
|
ckMechanism = new CK_MECHANISM(mechanism, params);
|
||||||
|
}
|
||||||
Session session = null;
|
Session session = null;
|
||||||
try {
|
try {
|
||||||
session = token.getObjSession();
|
session = token.getObjSession();
|
||||||
CK_ATTRIBUTE[] attributes = token.getAttributes(O_GENERATE,
|
CK_ATTRIBUTE[] attributes = token.getAttributes(O_GENERATE,
|
||||||
CKO_SECRET_KEY, CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]);
|
CKO_SECRET_KEY, CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]);
|
||||||
long keyID = token.p11.C_DeriveKey(session.id(),
|
long keyID = token.p11.C_DeriveKey(session.id(),
|
||||||
new CK_MECHANISM(mechanism, params), p11Key.keyID, attributes);
|
ckMechanism, p11Key.keyID, attributes);
|
||||||
int major, minor;
|
int major, minor;
|
||||||
if (params.pVersion == null) {
|
if (ckVersion == null) {
|
||||||
major = -1;
|
major = -1;
|
||||||
minor = -1;
|
minor = -1;
|
||||||
} else {
|
} else {
|
||||||
major = params.pVersion.major;
|
major = ckVersion.major;
|
||||||
minor = params.pVersion.minor;
|
minor = ckVersion.minor;
|
||||||
}
|
}
|
||||||
SecretKey key = P11Key.masterSecretKey(session, keyID,
|
SecretKey key = P11Key.masterSecretKey(session, keyID,
|
||||||
"TlsMasterSecret", 48 << 3, attributes, major, minor);
|
"TlsMasterSecret", 48 << 3, attributes, major, minor);
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -126,9 +126,48 @@ final class P11TlsPrfGenerator extends KeyGeneratorSpi {
|
|||||||
if (spec == null) {
|
if (spec == null) {
|
||||||
throw new IllegalStateException("TlsPrfGenerator must be initialized");
|
throw new IllegalStateException("TlsPrfGenerator must be initialized");
|
||||||
}
|
}
|
||||||
byte[] label = P11Util.getBytesUTF8(spec.getLabel());
|
|
||||||
byte[] seed = spec.getSeed();
|
byte[] seed = spec.getSeed();
|
||||||
|
|
||||||
|
// TLS 1.2
|
||||||
|
if (mechanism == CKM_TLS_MAC) {
|
||||||
|
SecretKey k = null;
|
||||||
|
int ulServerOrClient = 0;
|
||||||
|
if (spec.getLabel().equals("server finished")) {
|
||||||
|
ulServerOrClient = 1;
|
||||||
|
}
|
||||||
|
if (spec.getLabel().equals("client finished")) {
|
||||||
|
ulServerOrClient = 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (ulServerOrClient != 0) {
|
||||||
|
// Finished message
|
||||||
|
CK_TLS_MAC_PARAMS params = new CK_TLS_MAC_PARAMS(
|
||||||
|
Functions.getHashMechId(spec.getPRFHashAlg()),
|
||||||
|
spec.getOutputLength(), ulServerOrClient);
|
||||||
|
Session session = null;
|
||||||
|
try {
|
||||||
|
session = token.getOpSession();
|
||||||
|
token.p11.C_SignInit(session.id(),
|
||||||
|
new CK_MECHANISM(mechanism, params), p11Key.keyID);
|
||||||
|
token.p11.C_SignUpdate(session.id(), 0, seed, 0, seed.length);
|
||||||
|
byte[] out = token.p11.C_SignFinal
|
||||||
|
(session.id(), spec.getOutputLength());
|
||||||
|
k = new SecretKeySpec(out, "TlsPrf");
|
||||||
|
} catch (PKCS11Exception e) {
|
||||||
|
throw new ProviderException("Could not calculate PRF", e);
|
||||||
|
} finally {
|
||||||
|
token.releaseSession(session);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
throw new ProviderException("Only Finished message authentication code"+
|
||||||
|
" generation supported for TLS 1.2.");
|
||||||
|
}
|
||||||
|
return k;
|
||||||
|
}
|
||||||
|
|
||||||
|
byte[] label = P11Util.getBytesUTF8(spec.getLabel());
|
||||||
|
|
||||||
if (mechanism == CKM_NSS_TLS_PRF_GENERAL) {
|
if (mechanism == CKM_NSS_TLS_PRF_GENERAL) {
|
||||||
Session session = null;
|
Session session = null;
|
||||||
try {
|
try {
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -89,15 +89,14 @@ final class P11TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi {
|
|||||||
|
|
||||||
TlsRsaPremasterSecretParameterSpec spec =
|
TlsRsaPremasterSecretParameterSpec spec =
|
||||||
(TlsRsaPremasterSecretParameterSpec) params;
|
(TlsRsaPremasterSecretParameterSpec) params;
|
||||||
|
int tlsVersion = (spec.getMajorVersion() << 8) | spec.getMinorVersion();
|
||||||
|
|
||||||
int version = (spec.getMajorVersion() << 8) | spec.getMinorVersion();
|
if ((tlsVersion == 0x0300 && !supportSSLv3) ||
|
||||||
|
(tlsVersion < 0x0300) || (tlsVersion > 0x0303)) {
|
||||||
if ((version == 0x0300 && !supportSSLv3) || (version < 0x0300) ||
|
|
||||||
(version > 0x0302)) {
|
|
||||||
throw new InvalidAlgorithmParameterException
|
throw new InvalidAlgorithmParameterException
|
||||||
("Only" + (supportSSLv3? " SSL 3.0,": "") +
|
("Only" + (supportSSLv3? " SSL 3.0,": "") +
|
||||||
" TLS 1.0, and TLS 1.1 are supported (0x" +
|
" TLS 1.0, TLS 1.1 and TLS 1.2 are supported (" +
|
||||||
Integer.toHexString(version) + ")");
|
tlsVersion + ")");
|
||||||
}
|
}
|
||||||
this.spec = spec;
|
this.spec = spec;
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -744,38 +744,28 @@ public final class SunPKCS11 extends AuthProvider {
|
|||||||
s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"),
|
s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"),
|
||||||
m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
|
m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
|
||||||
|
|
||||||
/*
|
|
||||||
* TLS 1.2 uses a different hash algorithm than 1.0/1.1 for the
|
|
||||||
* PRF calculations. As of 2010, there is no PKCS11-level
|
|
||||||
* support for TLS 1.2 PRF calculations, and no known OS's have
|
|
||||||
* an internal variant we could use. Therefore for TLS 1.2, we
|
|
||||||
* are updating JSSE to request different provider algorithms
|
|
||||||
* (e.g. "SunTls12Prf"), and currently only SunJCE has these
|
|
||||||
* TLS 1.2 algorithms.
|
|
||||||
*
|
|
||||||
* If we reused the names such as "SunTlsPrf", the PKCS11
|
|
||||||
* providers would need be updated to fail correctly when
|
|
||||||
* presented with the wrong version number (via
|
|
||||||
* Provider.Service.supportsParameters()), and we would also
|
|
||||||
* need to add the appropriate supportsParamters() checks into
|
|
||||||
* KeyGenerators (not currently there).
|
|
||||||
*
|
|
||||||
* In the future, if PKCS11 support is added, we will restructure
|
|
||||||
* this.
|
|
||||||
*/
|
|
||||||
d(KG, "SunTlsRsaPremasterSecret",
|
d(KG, "SunTlsRsaPremasterSecret",
|
||||||
"sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator",
|
"sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator",
|
||||||
|
s("SunTls12RsaPremasterSecret"),
|
||||||
m(CKM_SSL3_PRE_MASTER_KEY_GEN, CKM_TLS_PRE_MASTER_KEY_GEN));
|
m(CKM_SSL3_PRE_MASTER_KEY_GEN, CKM_TLS_PRE_MASTER_KEY_GEN));
|
||||||
d(KG, "SunTlsMasterSecret",
|
d(KG, "SunTlsMasterSecret",
|
||||||
"sun.security.pkcs11.P11TlsMasterSecretGenerator",
|
"sun.security.pkcs11.P11TlsMasterSecretGenerator",
|
||||||
m(CKM_SSL3_MASTER_KEY_DERIVE, CKM_TLS_MASTER_KEY_DERIVE,
|
m(CKM_SSL3_MASTER_KEY_DERIVE, CKM_TLS_MASTER_KEY_DERIVE,
|
||||||
CKM_SSL3_MASTER_KEY_DERIVE_DH,
|
CKM_SSL3_MASTER_KEY_DERIVE_DH,
|
||||||
CKM_TLS_MASTER_KEY_DERIVE_DH));
|
CKM_TLS_MASTER_KEY_DERIVE_DH));
|
||||||
|
d(KG, "SunTls12MasterSecret",
|
||||||
|
"sun.security.pkcs11.P11TlsMasterSecretGenerator",
|
||||||
|
m(CKM_TLS12_MASTER_KEY_DERIVE, CKM_TLS12_MASTER_KEY_DERIVE_DH));
|
||||||
d(KG, "SunTlsKeyMaterial",
|
d(KG, "SunTlsKeyMaterial",
|
||||||
"sun.security.pkcs11.P11TlsKeyMaterialGenerator",
|
"sun.security.pkcs11.P11TlsKeyMaterialGenerator",
|
||||||
m(CKM_SSL3_KEY_AND_MAC_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE));
|
m(CKM_SSL3_KEY_AND_MAC_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE));
|
||||||
|
d(KG, "SunTls12KeyMaterial",
|
||||||
|
"sun.security.pkcs11.P11TlsKeyMaterialGenerator",
|
||||||
|
m(CKM_TLS12_KEY_AND_MAC_DERIVE));
|
||||||
d(KG, "SunTlsPrf", "sun.security.pkcs11.P11TlsPrfGenerator",
|
d(KG, "SunTlsPrf", "sun.security.pkcs11.P11TlsPrfGenerator",
|
||||||
m(CKM_TLS_PRF, CKM_NSS_TLS_PRF_GENERAL));
|
m(CKM_TLS_PRF, CKM_NSS_TLS_PRF_GENERAL));
|
||||||
|
d(KG, "SunTls12Prf", "sun.security.pkcs11.P11TlsPrfGenerator",
|
||||||
|
m(CKM_TLS_MAC));
|
||||||
}
|
}
|
||||||
|
|
||||||
// background thread that periodically checks for token insertion
|
// background thread that periodically checks for token insertion
|
||||||
@ -1042,13 +1032,16 @@ public final class SunPKCS11 extends AuthProvider {
|
|||||||
if (algorithm == "SunTlsRsaPremasterSecret") {
|
if (algorithm == "SunTlsRsaPremasterSecret") {
|
||||||
return new P11TlsRsaPremasterSecretGenerator(
|
return new P11TlsRsaPremasterSecretGenerator(
|
||||||
token, algorithm, mechanism);
|
token, algorithm, mechanism);
|
||||||
} else if (algorithm == "SunTlsMasterSecret") {
|
} else if (algorithm == "SunTlsMasterSecret"
|
||||||
|
|| algorithm == "SunTls12MasterSecret") {
|
||||||
return new P11TlsMasterSecretGenerator(
|
return new P11TlsMasterSecretGenerator(
|
||||||
token, algorithm, mechanism);
|
token, algorithm, mechanism);
|
||||||
} else if (algorithm == "SunTlsKeyMaterial") {
|
} else if (algorithm == "SunTlsKeyMaterial"
|
||||||
|
|| algorithm == "SunTls12KeyMaterial") {
|
||||||
return new P11TlsKeyMaterialGenerator(
|
return new P11TlsKeyMaterialGenerator(
|
||||||
token, algorithm, mechanism);
|
token, algorithm, mechanism);
|
||||||
} else if (algorithm == "SunTlsPrf") {
|
} else if (algorithm == "SunTlsPrf"
|
||||||
|
|| algorithm == "SunTls12Prf") {
|
||||||
return new P11TlsPrfGenerator(token, algorithm, mechanism);
|
return new P11TlsPrfGenerator(token, algorithm, mechanism);
|
||||||
} else {
|
} else {
|
||||||
return new P11KeyGenerator(token, algorithm, mechanism);
|
return new P11KeyGenerator(token, algorithm, mechanism);
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* Copyright (c) 2002 Graz University of Technology. All rights reserved.
|
/* Copyright (c) 2002 Graz University of Technology. All rights reserved.
|
||||||
@ -112,14 +112,26 @@ public class CK_MECHANISM {
|
|||||||
init(mechanism, params);
|
init(mechanism, params);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public CK_MECHANISM(long mechanism, CK_TLS12_MASTER_KEY_DERIVE_PARAMS params) {
|
||||||
|
init(mechanism, params);
|
||||||
|
}
|
||||||
|
|
||||||
public CK_MECHANISM(long mechanism, CK_SSL3_KEY_MAT_PARAMS params) {
|
public CK_MECHANISM(long mechanism, CK_SSL3_KEY_MAT_PARAMS params) {
|
||||||
init(mechanism, params);
|
init(mechanism, params);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public CK_MECHANISM(long mechanism, CK_TLS12_KEY_MAT_PARAMS params) {
|
||||||
|
init(mechanism, params);
|
||||||
|
}
|
||||||
|
|
||||||
public CK_MECHANISM(long mechanism, CK_TLS_PRF_PARAMS params) {
|
public CK_MECHANISM(long mechanism, CK_TLS_PRF_PARAMS params) {
|
||||||
init(mechanism, params);
|
init(mechanism, params);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public CK_MECHANISM(long mechanism, CK_TLS_MAC_PARAMS params) {
|
||||||
|
init(mechanism, params);
|
||||||
|
}
|
||||||
|
|
||||||
public CK_MECHANISM(long mechanism, CK_ECDH1_DERIVE_PARAMS params) {
|
public CK_MECHANISM(long mechanism, CK_ECDH1_DERIVE_PARAMS params) {
|
||||||
init(mechanism, params);
|
init(mechanism, params);
|
||||||
}
|
}
|
||||||
|
@ -0,0 +1,150 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2018, Red Hat, Inc. and/or its affiliates.
|
||||||
|
*
|
||||||
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
|
*
|
||||||
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU General Public License version 2 only, as
|
||||||
|
* published by the Free Software Foundation.
|
||||||
|
*
|
||||||
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||||
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||||
|
* version 2 for more details (a copy is included in the LICENSE file that
|
||||||
|
* accompanied this code).
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License version
|
||||||
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||||
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
*
|
||||||
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||||
|
* or visit www.oracle.com if you need additional information or have any
|
||||||
|
* questions.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package sun.security.pkcs11.wrapper;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* CK_TLS12_KEY_MAT_PARAMS from PKCS#11 v2.40.
|
||||||
|
*/
|
||||||
|
public class CK_TLS12_KEY_MAT_PARAMS {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* <B>PKCS#11:</B>
|
||||||
|
* <PRE>
|
||||||
|
* CK_ULONG ulMacSizeInBits;
|
||||||
|
* </PRE>
|
||||||
|
*/
|
||||||
|
public long ulMacSizeInBits;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* <B>PKCS#11:</B>
|
||||||
|
* <PRE>
|
||||||
|
* CK_ULONG ulKeySizeInBits;
|
||||||
|
* </PRE>
|
||||||
|
*/
|
||||||
|
public long ulKeySizeInBits;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* <B>PKCS#11:</B>
|
||||||
|
* <PRE>
|
||||||
|
* CK_ULONG ulIVSizeInBits;
|
||||||
|
* </PRE>
|
||||||
|
*/
|
||||||
|
public long ulIVSizeInBits;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* <B>PKCS#11:</B>
|
||||||
|
* <PRE>
|
||||||
|
* CK_BBOOL bIsExport;
|
||||||
|
* </PRE>
|
||||||
|
*/
|
||||||
|
public boolean bIsExport;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* <B>PKCS#11:</B>
|
||||||
|
* <PRE>
|
||||||
|
* CK_SSL3_RANDOM_DATA RandomInfo;
|
||||||
|
* </PRE>
|
||||||
|
*/
|
||||||
|
public CK_SSL3_RANDOM_DATA RandomInfo;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* <B>PKCS#11:</B>
|
||||||
|
* <PRE>
|
||||||
|
* CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
|
||||||
|
* </PRE>
|
||||||
|
*/
|
||||||
|
public CK_SSL3_KEY_MAT_OUT pReturnedKeyMaterial;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* <B>PKCS#11:</B>
|
||||||
|
* <PRE>
|
||||||
|
* CK_MECHANISM_TYPE prfHashMechanism;
|
||||||
|
* </PRE>
|
||||||
|
*/
|
||||||
|
public long prfHashMechanism;
|
||||||
|
|
||||||
|
public CK_TLS12_KEY_MAT_PARAMS(
|
||||||
|
int macSize, int keySize, int ivSize, boolean export,
|
||||||
|
CK_SSL3_RANDOM_DATA random, long prfHashMechanism) {
|
||||||
|
ulMacSizeInBits = macSize;
|
||||||
|
ulKeySizeInBits = keySize;
|
||||||
|
ulIVSizeInBits = ivSize;
|
||||||
|
bIsExport = export;
|
||||||
|
RandomInfo = random;
|
||||||
|
pReturnedKeyMaterial = new CK_SSL3_KEY_MAT_OUT();
|
||||||
|
if (ivSize != 0) {
|
||||||
|
int n = ivSize >> 3;
|
||||||
|
pReturnedKeyMaterial.pIVClient = new byte[n];
|
||||||
|
pReturnedKeyMaterial.pIVServer = new byte[n];
|
||||||
|
}
|
||||||
|
this.prfHashMechanism = prfHashMechanism;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the string representation of CK_TLS12_KEY_MAT_PARAMS.
|
||||||
|
*
|
||||||
|
* @return the string representation of CK_TLS12_KEY_MAT_PARAMS
|
||||||
|
*/
|
||||||
|
public String toString() {
|
||||||
|
StringBuilder buffer = new StringBuilder();
|
||||||
|
|
||||||
|
buffer.append(Constants.INDENT);
|
||||||
|
buffer.append("ulMacSizeInBits: ");
|
||||||
|
buffer.append(ulMacSizeInBits);
|
||||||
|
buffer.append(Constants.NEWLINE);
|
||||||
|
|
||||||
|
buffer.append(Constants.INDENT);
|
||||||
|
buffer.append("ulKeySizeInBits: ");
|
||||||
|
buffer.append(ulKeySizeInBits);
|
||||||
|
buffer.append(Constants.NEWLINE);
|
||||||
|
|
||||||
|
buffer.append(Constants.INDENT);
|
||||||
|
buffer.append("ulIVSizeInBits: ");
|
||||||
|
buffer.append(ulIVSizeInBits);
|
||||||
|
buffer.append(Constants.NEWLINE);
|
||||||
|
|
||||||
|
buffer.append(Constants.INDENT);
|
||||||
|
buffer.append("bIsExport: ");
|
||||||
|
buffer.append(bIsExport);
|
||||||
|
buffer.append(Constants.NEWLINE);
|
||||||
|
|
||||||
|
buffer.append(Constants.INDENT);
|
||||||
|
buffer.append("RandomInfo: ");
|
||||||
|
buffer.append(RandomInfo);
|
||||||
|
buffer.append(Constants.NEWLINE);
|
||||||
|
|
||||||
|
buffer.append(Constants.INDENT);
|
||||||
|
buffer.append("pReturnedKeyMaterial: ");
|
||||||
|
buffer.append(pReturnedKeyMaterial);
|
||||||
|
buffer.append(Constants.NEWLINE);
|
||||||
|
|
||||||
|
buffer.append(Constants.INDENT);
|
||||||
|
buffer.append("prfHashMechanism: ");
|
||||||
|
buffer.append(prfHashMechanism);
|
||||||
|
|
||||||
|
return buffer.toString();
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,64 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2018, Red Hat, Inc. and/or its affiliates.
|
||||||
|
*
|
||||||
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
|
*
|
||||||
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU General Public License version 2 only, as
|
||||||
|
* published by the Free Software Foundation.
|
||||||
|
*
|
||||||
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||||
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||||
|
* version 2 for more details (a copy is included in the LICENSE file that
|
||||||
|
* accompanied this code).
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License version
|
||||||
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||||
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
*
|
||||||
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||||
|
* or visit www.oracle.com if you need additional information or have any
|
||||||
|
* questions.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package sun.security.pkcs11.wrapper;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* CK_TLS12_MASTER_KEY_DERIVE_PARAMS from PKCS#11 v2.40.
|
||||||
|
*/
|
||||||
|
public class CK_TLS12_MASTER_KEY_DERIVE_PARAMS {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* <B>PKCS#11:</B>
|
||||||
|
* <PRE>
|
||||||
|
* CK_SSL3_RANDOM_DATA RandomInfo;
|
||||||
|
* </PRE>
|
||||||
|
*/
|
||||||
|
public CK_SSL3_RANDOM_DATA RandomInfo;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* <B>PKCS#11:</B>
|
||||||
|
* <PRE>
|
||||||
|
* CK_VERSION_PTR pVersion;
|
||||||
|
* </PRE>
|
||||||
|
*/
|
||||||
|
public CK_VERSION pVersion;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* <B>PKCS#11:</B>
|
||||||
|
* <PRE>
|
||||||
|
* CK_MECHANISM_TYPE prfHashMechanism;
|
||||||
|
* </PRE>
|
||||||
|
*/
|
||||||
|
public long prfHashMechanism;
|
||||||
|
|
||||||
|
public CK_TLS12_MASTER_KEY_DERIVE_PARAMS(
|
||||||
|
CK_SSL3_RANDOM_DATA random, CK_VERSION version,
|
||||||
|
long prfHashMechanism) {
|
||||||
|
RandomInfo = random;
|
||||||
|
pVersion = version;
|
||||||
|
this.prfHashMechanism = prfHashMechanism;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,63 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2018, Red Hat, Inc. and/or its affiliates.
|
||||||
|
*
|
||||||
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
|
*
|
||||||
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU General Public License version 2 only, as
|
||||||
|
* published by the Free Software Foundation.
|
||||||
|
*
|
||||||
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||||
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||||
|
* version 2 for more details (a copy is included in the LICENSE file that
|
||||||
|
* accompanied this code).
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License version
|
||||||
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||||
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
*
|
||||||
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||||
|
* or visit www.oracle.com if you need additional information or have any
|
||||||
|
* questions.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package sun.security.pkcs11.wrapper;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* CK_TLS_MAC_PARAMS from PKCS#11 v2.40.
|
||||||
|
*/
|
||||||
|
public class CK_TLS_MAC_PARAMS {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* <B>PKCS#11:</B>
|
||||||
|
* <PRE>
|
||||||
|
* CK_MECHANISM_TYPE prfMechanism;
|
||||||
|
* </PRE>
|
||||||
|
*/
|
||||||
|
public long prfMechanism;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* <B>PKCS#11:</B>
|
||||||
|
* <PRE>
|
||||||
|
* CK_ULONG ulMacLength;
|
||||||
|
* </PRE>
|
||||||
|
*/
|
||||||
|
public long ulMacLength;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* <B>PKCS#11:</B>
|
||||||
|
* <PRE>
|
||||||
|
* CK_ULONG ulServerOrClient;
|
||||||
|
* </PRE>
|
||||||
|
*/
|
||||||
|
public long ulServerOrClient;
|
||||||
|
|
||||||
|
public CK_TLS_MAC_PARAMS(long prfMechanism,
|
||||||
|
long ulMacLength, long ulServerOrClient) {
|
||||||
|
this.prfMechanism = prfMechanism;
|
||||||
|
this.ulMacLength = ulMacLength;
|
||||||
|
this.ulServerOrClient = ulServerOrClient;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* Copyright (c) 2002 Graz University of Technology. All rights reserved.
|
/* Copyright (c) 2002 Graz University of Technology. All rights reserved.
|
||||||
@ -73,6 +73,9 @@ public class Functions {
|
|||||||
private static final Map<String,Integer> mechIds =
|
private static final Map<String,Integer> mechIds =
|
||||||
new HashMap<String,Integer>();
|
new HashMap<String,Integer>();
|
||||||
|
|
||||||
|
private static final Map<String, Long> hashMechIds =
|
||||||
|
new HashMap<String, Long>();
|
||||||
|
|
||||||
// key types (CKK_*)
|
// key types (CKK_*)
|
||||||
private static final Map<Integer,String> keyNames =
|
private static final Map<Integer,String> keyNames =
|
||||||
new HashMap<Integer,String>();
|
new HashMap<Integer,String>();
|
||||||
@ -94,7 +97,6 @@ public class Functions {
|
|||||||
private static final Map<String,Integer> objectClassIds =
|
private static final Map<String,Integer> objectClassIds =
|
||||||
new HashMap<String,Integer>();
|
new HashMap<String,Integer>();
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* For converting numbers to their hex presentation.
|
* For converting numbers to their hex presentation.
|
||||||
*/
|
*/
|
||||||
@ -444,6 +446,10 @@ public class Functions {
|
|||||||
return getId(objectClassIds, name);
|
return getId(objectClassIds, name);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static long getHashMechId(String name) {
|
||||||
|
return hashMechIds.get(name);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check the given arrays for equalitiy. This method considers both arrays as
|
* Check the given arrays for equalitiy. This method considers both arrays as
|
||||||
* equal, if both are <code>null</code> or both have the same length and
|
* equal, if both are <code>null</code> or both have the same length and
|
||||||
@ -589,6 +595,10 @@ public class Functions {
|
|||||||
addMapping(objectClassNames, objectClassIds, id, name);
|
addMapping(objectClassNames, objectClassIds, id, name);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static void addHashMech(long id, String name) {
|
||||||
|
hashMechIds.put(name, id);
|
||||||
|
}
|
||||||
|
|
||||||
static {
|
static {
|
||||||
addMech(CKM_RSA_PKCS_KEY_PAIR_GEN, "CKM_RSA_PKCS_KEY_PAIR_GEN");
|
addMech(CKM_RSA_PKCS_KEY_PAIR_GEN, "CKM_RSA_PKCS_KEY_PAIR_GEN");
|
||||||
addMech(CKM_RSA_PKCS, "CKM_RSA_PKCS");
|
addMech(CKM_RSA_PKCS, "CKM_RSA_PKCS");
|
||||||
@ -719,6 +729,10 @@ public class Functions {
|
|||||||
addMech(CKM_TLS_PRF, "CKM_TLS_PRF");
|
addMech(CKM_TLS_PRF, "CKM_TLS_PRF");
|
||||||
addMech(CKM_SSL3_MD5_MAC, "CKM_SSL3_MD5_MAC");
|
addMech(CKM_SSL3_MD5_MAC, "CKM_SSL3_MD5_MAC");
|
||||||
addMech(CKM_SSL3_SHA1_MAC, "CKM_SSL3_SHA1_MAC");
|
addMech(CKM_SSL3_SHA1_MAC, "CKM_SSL3_SHA1_MAC");
|
||||||
|
addMech(CKM_TLS12_MASTER_KEY_DERIVE, "CKM_TLS12_MASTER_KEY_DERIVE");
|
||||||
|
addMech(CKM_TLS12_KEY_AND_MAC_DERIVE, "CKM_TLS12_KEY_AND_MAC_DERIVE");
|
||||||
|
addMech(CKM_TLS12_MASTER_KEY_DERIVE_DH, "CKM_TLS12_MASTER_KEY_DERIVE_DH");
|
||||||
|
addMech(CKM_TLS_MAC, "CKM_TLS_MAC");
|
||||||
addMech(CKM_MD5_KEY_DERIVATION, "CKM_MD5_KEY_DERIVATION");
|
addMech(CKM_MD5_KEY_DERIVATION, "CKM_MD5_KEY_DERIVATION");
|
||||||
addMech(CKM_MD2_KEY_DERIVATION, "CKM_MD2_KEY_DERIVATION");
|
addMech(CKM_MD2_KEY_DERIVATION, "CKM_MD2_KEY_DERIVATION");
|
||||||
addMech(CKM_SHA1_KEY_DERIVATION, "CKM_SHA1_KEY_DERIVATION");
|
addMech(CKM_SHA1_KEY_DERIVATION, "CKM_SHA1_KEY_DERIVATION");
|
||||||
@ -794,6 +808,12 @@ public class Functions {
|
|||||||
addMech(PCKM_SECURERANDOM, "SecureRandom");
|
addMech(PCKM_SECURERANDOM, "SecureRandom");
|
||||||
addMech(PCKM_KEYSTORE, "KeyStore");
|
addMech(PCKM_KEYSTORE, "KeyStore");
|
||||||
|
|
||||||
|
addHashMech(CKM_SHA_1, "SHA-1");
|
||||||
|
addHashMech(CKM_SHA224, "SHA-224");
|
||||||
|
addHashMech(CKM_SHA256, "SHA-256");
|
||||||
|
addHashMech(CKM_SHA384, "SHA-384");
|
||||||
|
addHashMech(CKM_SHA512, "SHA-512");
|
||||||
|
|
||||||
addKeyType(CKK_RSA, "CKK_RSA");
|
addKeyType(CKK_RSA, "CKK_RSA");
|
||||||
addKeyType(CKK_DSA, "CKK_DSA");
|
addKeyType(CKK_DSA, "CKK_DSA");
|
||||||
addKeyType(CKK_DH, "CKK_DH");
|
addKeyType(CKK_DH, "CKK_DH");
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* Copyright (c) 2002 Graz University of Technology. All rights reserved.
|
/* Copyright (c) 2002 Graz University of Technology. All rights reserved.
|
||||||
@ -625,6 +625,14 @@ public interface PKCS11Constants {
|
|||||||
public static final long CKM_PKCS5_PBKD2 = 0x000003B0L;
|
public static final long CKM_PKCS5_PBKD2 = 0x000003B0L;
|
||||||
|
|
||||||
public static final long CKM_PBA_SHA1_WITH_SHA1_HMAC = 0x000003C0L;
|
public static final long CKM_PBA_SHA1_WITH_SHA1_HMAC = 0x000003C0L;
|
||||||
|
|
||||||
|
/* CKM_TLS12_MASTER_KEY_DERIVE, CKM_TLS12_KEY_AND_MAC_DERIVE,
|
||||||
|
* CKM_TLS12_MASTER_KEY_DERIVE_DH and CKM_TLS_MAC are new for v2.40 */
|
||||||
|
public static final long CKM_TLS12_MASTER_KEY_DERIVE = 0x000003E0L;
|
||||||
|
public static final long CKM_TLS12_KEY_AND_MAC_DERIVE = 0x000003E1L;
|
||||||
|
public static final long CKM_TLS12_MASTER_KEY_DERIVE_DH = 0x000003E2L;
|
||||||
|
public static final long CKM_TLS_MAC = 0x000003E4L;
|
||||||
|
|
||||||
public static final long CKM_KEY_WRAP_LYNKS = 0x00000400L;
|
public static final long CKM_KEY_WRAP_LYNKS = 0x00000400L;
|
||||||
public static final long CKM_KEY_WRAP_SET_OAEP = 0x00000401L;
|
public static final long CKM_KEY_WRAP_SET_OAEP = 0x00000401L;
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* Copyright (c) 2002 Graz University of Technology. All rights reserved.
|
/* Copyright (c) 2002 Graz University of Technology. All rights reserved.
|
||||||
@ -457,68 +457,111 @@ CK_ATTRIBUTE jAttributeToCKAttribute(JNIEnv *env, jobject jAttribute)
|
|||||||
return ckAttribute ;
|
return ckAttribute ;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
void masterKeyDeriveParamToCKMasterKeyDeriveParam(JNIEnv *env, jobject jParam,
|
||||||
* converts the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS object to a
|
jclass masterKeyDeriveParamClass,
|
||||||
* CK_SSL3_MASTER_KEY_DERIVE_PARAMS structure
|
CK_VERSION_PTR* cKMasterKeyDeriveParamVersion,
|
||||||
*
|
CK_SSL3_RANDOM_DATA* cKMasterKeyDeriveParamRandomInfo) {
|
||||||
* @param env - used to call JNI funktions to get the Java classes and objects
|
|
||||||
* @param jParam - the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS object to convert
|
|
||||||
* @return - the new CK_SSL3_MASTER_KEY_DERIVE_PARAMS structure
|
|
||||||
*/
|
|
||||||
CK_SSL3_MASTER_KEY_DERIVE_PARAMS jSsl3MasterKeyDeriveParamToCKSsl3MasterKeyDeriveParam(JNIEnv *env, jobject jParam)
|
|
||||||
{
|
|
||||||
// XXX don't return structs
|
|
||||||
// XXX prefetch class and field ids
|
|
||||||
jclass jSsl3MasterKeyDeriveParamsClass;
|
|
||||||
CK_SSL3_MASTER_KEY_DERIVE_PARAMS ckParam;
|
|
||||||
jfieldID fieldID;
|
jfieldID fieldID;
|
||||||
jclass jSsl3RandomDataClass;
|
jclass jSsl3RandomDataClass;
|
||||||
jobject jRandomInfo, jRIClientRandom, jRIServerRandom, jVersion;
|
jobject jRandomInfo, jRIClientRandom, jRIServerRandom, jVersion;
|
||||||
memset(&ckParam, 0, sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS));
|
|
||||||
|
|
||||||
/* get RandomInfo */
|
/* get RandomInfo */
|
||||||
jSsl3MasterKeyDeriveParamsClass = (*env)->FindClass(env, CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS);
|
fieldID = (*env)->GetFieldID(env, masterKeyDeriveParamClass, "RandomInfo",
|
||||||
if (jSsl3MasterKeyDeriveParamsClass == NULL) { return ckParam; }
|
"Lsun/security/pkcs11/wrapper/CK_SSL3_RANDOM_DATA;");
|
||||||
fieldID = (*env)->GetFieldID(env, jSsl3MasterKeyDeriveParamsClass, "RandomInfo", "Lsun/security/pkcs11/wrapper/CK_SSL3_RANDOM_DATA;");
|
if (fieldID == NULL) { return; }
|
||||||
if (fieldID == NULL) { return ckParam; }
|
|
||||||
jRandomInfo = (*env)->GetObjectField(env, jParam, fieldID);
|
jRandomInfo = (*env)->GetObjectField(env, jParam, fieldID);
|
||||||
|
|
||||||
/* get pClientRandom and ulClientRandomLength out of RandomInfo */
|
/* get pClientRandom and ulClientRandomLength out of RandomInfo */
|
||||||
jSsl3RandomDataClass = (*env)->FindClass(env, CLASS_SSL3_RANDOM_DATA);
|
jSsl3RandomDataClass = (*env)->FindClass(env, CLASS_SSL3_RANDOM_DATA);
|
||||||
if (jSsl3RandomDataClass == NULL) { return ckParam; }
|
if (jSsl3RandomDataClass == NULL) { return; }
|
||||||
fieldID = (*env)->GetFieldID(env, jSsl3RandomDataClass, "pClientRandom", "[B");
|
fieldID = (*env)->GetFieldID(env, jSsl3RandomDataClass, "pClientRandom", "[B");
|
||||||
if (fieldID == NULL) { return ckParam; }
|
if (fieldID == NULL) { return; }
|
||||||
jRIClientRandom = (*env)->GetObjectField(env, jRandomInfo, fieldID);
|
jRIClientRandom = (*env)->GetObjectField(env, jRandomInfo, fieldID);
|
||||||
|
|
||||||
/* get pServerRandom and ulServerRandomLength out of RandomInfo */
|
/* get pServerRandom and ulServerRandomLength out of RandomInfo */
|
||||||
fieldID = (*env)->GetFieldID(env, jSsl3RandomDataClass, "pServerRandom", "[B");
|
fieldID = (*env)->GetFieldID(env, jSsl3RandomDataClass, "pServerRandom", "[B");
|
||||||
if (fieldID == NULL) { return ckParam; }
|
if (fieldID == NULL) { return; }
|
||||||
jRIServerRandom = (*env)->GetObjectField(env, jRandomInfo, fieldID);
|
jRIServerRandom = (*env)->GetObjectField(env, jRandomInfo, fieldID);
|
||||||
|
|
||||||
/* get pVersion */
|
/* get pVersion */
|
||||||
fieldID = (*env)->GetFieldID(env, jSsl3MasterKeyDeriveParamsClass, "pVersion", "Lsun/security/pkcs11/wrapper/CK_VERSION;");
|
fieldID = (*env)->GetFieldID(env, masterKeyDeriveParamClass, "pVersion",
|
||||||
if (fieldID == NULL) { return ckParam; }
|
"Lsun/security/pkcs11/wrapper/CK_VERSION;");
|
||||||
|
if (fieldID == NULL) { return; }
|
||||||
jVersion = (*env)->GetObjectField(env, jParam, fieldID);
|
jVersion = (*env)->GetObjectField(env, jParam, fieldID);
|
||||||
|
|
||||||
/* populate java values */
|
/* populate java values */
|
||||||
ckParam.pVersion = jVersionToCKVersionPtr(env, jVersion);
|
*cKMasterKeyDeriveParamVersion = jVersionToCKVersionPtr(env, jVersion);
|
||||||
if ((*env)->ExceptionCheck(env)) { return ckParam; }
|
if ((*env)->ExceptionCheck(env)) { return; }
|
||||||
jByteArrayToCKByteArray(env, jRIClientRandom, &(ckParam.RandomInfo.pClientRandom), &(ckParam.RandomInfo.ulClientRandomLen));
|
jByteArrayToCKByteArray(env, jRIClientRandom,
|
||||||
|
&(cKMasterKeyDeriveParamRandomInfo->pClientRandom),
|
||||||
|
&(cKMasterKeyDeriveParamRandomInfo->ulClientRandomLen));
|
||||||
if ((*env)->ExceptionCheck(env)) {
|
if ((*env)->ExceptionCheck(env)) {
|
||||||
free(ckParam.pVersion);
|
free(*cKMasterKeyDeriveParamVersion);
|
||||||
return ckParam;
|
return;
|
||||||
}
|
}
|
||||||
jByteArrayToCKByteArray(env, jRIServerRandom, &(ckParam.RandomInfo.pServerRandom), &(ckParam.RandomInfo.ulServerRandomLen));
|
jByteArrayToCKByteArray(env, jRIServerRandom,
|
||||||
|
&(cKMasterKeyDeriveParamRandomInfo->pServerRandom),
|
||||||
|
&(cKMasterKeyDeriveParamRandomInfo->ulServerRandomLen));
|
||||||
if ((*env)->ExceptionCheck(env)) {
|
if ((*env)->ExceptionCheck(env)) {
|
||||||
free(ckParam.pVersion);
|
free(*cKMasterKeyDeriveParamVersion);
|
||||||
free(ckParam.RandomInfo.pClientRandom);
|
free(cKMasterKeyDeriveParamRandomInfo->pClientRandom);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* converts the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS object to a
|
||||||
|
* CK_SSL3_MASTER_KEY_DERIVE_PARAMS structure
|
||||||
|
*
|
||||||
|
* @param env - used to call JNI functions to get the Java classes and objects
|
||||||
|
* @param jParam - the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS object to convert
|
||||||
|
* @return - the new CK_SSL3_MASTER_KEY_DERIVE_PARAMS structure
|
||||||
|
*/
|
||||||
|
CK_SSL3_MASTER_KEY_DERIVE_PARAMS
|
||||||
|
jSsl3MasterKeyDeriveParamToCKSsl3MasterKeyDeriveParam(JNIEnv *env,
|
||||||
|
jobject jParam)
|
||||||
|
{
|
||||||
|
CK_SSL3_MASTER_KEY_DERIVE_PARAMS ckParam;
|
||||||
|
memset(&ckParam, 0, sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS));
|
||||||
|
jclass jSsl3MasterKeyDeriveParamsClass =
|
||||||
|
(*env)->FindClass(env, CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS);
|
||||||
|
if (jSsl3MasterKeyDeriveParamsClass == NULL) { return ckParam; }
|
||||||
|
masterKeyDeriveParamToCKMasterKeyDeriveParam(env, jParam,
|
||||||
|
jSsl3MasterKeyDeriveParamsClass,
|
||||||
|
&ckParam.pVersion, &ckParam.RandomInfo);
|
||||||
return ckParam;
|
return ckParam;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* converts the Java CK_TLS12_MASTER_KEY_DERIVE_PARAMS object to a
|
||||||
|
* CK_TLS12_MASTER_KEY_DERIVE_PARAMS structure
|
||||||
|
*
|
||||||
|
* @param env - used to call JNI functions to get the Java classes and objects
|
||||||
|
* @param jParam - the Java CK_TLS12_MASTER_KEY_DERIVE_PARAMS object to convert
|
||||||
|
* @return - the new CK_TLS12_MASTER_KEY_DERIVE_PARAMS structure
|
||||||
|
*/
|
||||||
|
CK_TLS12_MASTER_KEY_DERIVE_PARAMS
|
||||||
|
jTls12MasterKeyDeriveParamToCKTls12MasterKeyDeriveParam(JNIEnv *env,
|
||||||
|
jobject jParam)
|
||||||
|
{
|
||||||
|
CK_TLS12_MASTER_KEY_DERIVE_PARAMS ckParam;
|
||||||
|
memset(&ckParam, 0, sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS));
|
||||||
|
jclass jTls12MasterKeyDeriveParamsClass =
|
||||||
|
(*env)->FindClass(env, CLASS_TLS12_MASTER_KEY_DERIVE_PARAMS);
|
||||||
|
if (jTls12MasterKeyDeriveParamsClass == NULL) { return ckParam; }
|
||||||
|
masterKeyDeriveParamToCKMasterKeyDeriveParam(env, jParam,
|
||||||
|
jTls12MasterKeyDeriveParamsClass, &ckParam.pVersion,
|
||||||
|
&ckParam.RandomInfo);
|
||||||
|
jfieldID fieldID = (*env)->GetFieldID(env,
|
||||||
|
jTls12MasterKeyDeriveParamsClass, "prfHashMechanism", "J");
|
||||||
|
if (fieldID != NULL) {
|
||||||
|
jlong prfHashMechanism =
|
||||||
|
(*env)->GetLongField(env, jParam, fieldID);
|
||||||
|
ckParam.prfHashMechanism = (CK_MECHANISM_TYPE)prfHashMechanism;
|
||||||
|
}
|
||||||
return ckParam;
|
return ckParam;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* converts the Java CK_TLS_PRF_PARAMS object to a CK_TLS_PRF_PARAMS structure
|
* converts the Java CK_TLS_PRF_PARAMS object to a CK_TLS_PRF_PARAMS structure
|
||||||
*/
|
*/
|
||||||
@ -576,125 +619,216 @@ CK_TLS_PRF_PARAMS jTlsPrfParamsToCKTlsPrfParam(JNIEnv *env, jobject jParam)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* converts the Java CK_SSL3_KEY_MAT_PARAMS object to a CK_SSL3_KEY_MAT_PARAMS structure
|
* converts the Java CK_TLS_MAC_PARAMS object to a CK_TLS_MAC_PARAMS structure
|
||||||
*
|
|
||||||
* @param env - used to call JNI funktions to get the Java classes and objects
|
|
||||||
* @param jParam - the Java CK_SSL3_KEY_MAT_PARAMS object to convert
|
|
||||||
* @return - the new CK_SSL3_KEY_MAT_PARAMS structure
|
|
||||||
*/
|
*/
|
||||||
CK_SSL3_KEY_MAT_PARAMS jSsl3KeyMatParamToCKSsl3KeyMatParam(JNIEnv *env, jobject jParam)
|
CK_TLS_MAC_PARAMS jTlsMacParamsToCKTlsMacParam(JNIEnv *env, jobject jParam)
|
||||||
{
|
{
|
||||||
// XXX don't return structs
|
jclass jTlsMacParamsClass;
|
||||||
// XXX prefetch class and field ids
|
CK_TLS_MAC_PARAMS ckParam;
|
||||||
jclass jSsl3KeyMatParamsClass, jSsl3RandomDataClass, jSsl3KeyMatOutClass;
|
jfieldID fieldID;
|
||||||
CK_SSL3_KEY_MAT_PARAMS ckParam;
|
jlong jPrfMechanism, jUlMacLength, jUlServerOrClient;
|
||||||
|
memset(&ckParam, 0, sizeof(CK_TLS_MAC_PARAMS));
|
||||||
|
|
||||||
|
jTlsMacParamsClass = (*env)->FindClass(env, CLASS_TLS_MAC_PARAMS);
|
||||||
|
if (jTlsMacParamsClass == NULL) { return ckParam; }
|
||||||
|
|
||||||
|
/* get prfMechanism */
|
||||||
|
fieldID = (*env)->GetFieldID(env, jTlsMacParamsClass, "prfMechanism", "J");
|
||||||
|
if (fieldID == NULL) { return ckParam; }
|
||||||
|
jPrfMechanism = (*env)->GetLongField(env, jParam, fieldID);
|
||||||
|
|
||||||
|
/* get ulMacLength */
|
||||||
|
fieldID = (*env)->GetFieldID(env, jTlsMacParamsClass, "ulMacLength", "J");
|
||||||
|
if (fieldID == NULL) { return ckParam; }
|
||||||
|
jUlMacLength = (*env)->GetLongField(env, jParam, fieldID);
|
||||||
|
|
||||||
|
/* get ulServerOrClient */
|
||||||
|
fieldID = (*env)->GetFieldID(env, jTlsMacParamsClass, "ulServerOrClient", "J");
|
||||||
|
if (fieldID == NULL) { return ckParam; }
|
||||||
|
jUlServerOrClient = (*env)->GetLongField(env, jParam, fieldID);
|
||||||
|
|
||||||
|
/* populate java values */
|
||||||
|
ckParam.prfMechanism = jLongToCKULong(jPrfMechanism);
|
||||||
|
ckParam.ulMacLength = jLongToCKULong(jUlMacLength);
|
||||||
|
ckParam.ulServerOrClient = jLongToCKULong(jUlServerOrClient);
|
||||||
|
|
||||||
|
return ckParam;
|
||||||
|
}
|
||||||
|
|
||||||
|
void keyMatParamToCKKeyMatParam(JNIEnv *env, jobject jParam,
|
||||||
|
jclass jKeyMatParamClass,
|
||||||
|
CK_ULONG* cKKeyMatParamUlMacSizeInBits,
|
||||||
|
CK_ULONG* cKKeyMatParamUlKeySizeInBits,
|
||||||
|
CK_ULONG* cKKeyMatParamUlIVSizeInBits,
|
||||||
|
CK_BBOOL* cKKeyMatParamBIsExport,
|
||||||
|
CK_SSL3_RANDOM_DATA* cKKeyMatParamRandomInfo,
|
||||||
|
CK_SSL3_KEY_MAT_OUT_PTR* cKKeyMatParamPReturnedKeyMaterial)
|
||||||
|
{
|
||||||
|
jclass jSsl3RandomDataClass, jSsl3KeyMatOutClass;
|
||||||
jfieldID fieldID;
|
jfieldID fieldID;
|
||||||
jlong jMacSizeInBits, jKeySizeInBits, jIVSizeInBits;
|
jlong jMacSizeInBits, jKeySizeInBits, jIVSizeInBits;
|
||||||
jboolean jIsExport;
|
jboolean jIsExport;
|
||||||
jobject jRandomInfo, jRIClientRandom, jRIServerRandom;
|
jobject jRandomInfo, jRIClientRandom, jRIServerRandom;
|
||||||
jobject jReturnedKeyMaterial, jRMIvClient, jRMIvServer;
|
jobject jReturnedKeyMaterial, jRMIvClient, jRMIvServer;
|
||||||
CK_ULONG ckTemp;
|
CK_ULONG ckTemp;
|
||||||
memset(&ckParam, 0, sizeof(CK_SSL3_KEY_MAT_PARAMS));
|
|
||||||
|
|
||||||
/* get ulMacSizeInBits */
|
/* get ulMacSizeInBits */
|
||||||
jSsl3KeyMatParamsClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_PARAMS);
|
fieldID = (*env)->GetFieldID(env, jKeyMatParamClass, "ulMacSizeInBits", "J");
|
||||||
if (jSsl3KeyMatParamsClass == NULL) { return ckParam; }
|
if (fieldID == NULL) { return; }
|
||||||
fieldID = (*env)->GetFieldID(env, jSsl3KeyMatParamsClass, "ulMacSizeInBits", "J");
|
|
||||||
if (fieldID == NULL) { return ckParam; }
|
|
||||||
jMacSizeInBits = (*env)->GetLongField(env, jParam, fieldID);
|
jMacSizeInBits = (*env)->GetLongField(env, jParam, fieldID);
|
||||||
|
|
||||||
/* get ulKeySizeInBits */
|
/* get ulKeySizeInBits */
|
||||||
fieldID = (*env)->GetFieldID(env, jSsl3KeyMatParamsClass, "ulKeySizeInBits", "J");
|
fieldID = (*env)->GetFieldID(env, jKeyMatParamClass, "ulKeySizeInBits", "J");
|
||||||
if (fieldID == NULL) { return ckParam; }
|
if (fieldID == NULL) { return; }
|
||||||
jKeySizeInBits = (*env)->GetLongField(env, jParam, fieldID);
|
jKeySizeInBits = (*env)->GetLongField(env, jParam, fieldID);
|
||||||
|
|
||||||
/* get ulIVSizeInBits */
|
/* get ulIVSizeInBits */
|
||||||
fieldID = (*env)->GetFieldID(env, jSsl3KeyMatParamsClass, "ulIVSizeInBits", "J");
|
fieldID = (*env)->GetFieldID(env, jKeyMatParamClass, "ulIVSizeInBits", "J");
|
||||||
if (fieldID == NULL) { return ckParam; }
|
if (fieldID == NULL) { return; }
|
||||||
jIVSizeInBits = (*env)->GetLongField(env, jParam, fieldID);
|
jIVSizeInBits = (*env)->GetLongField(env, jParam, fieldID);
|
||||||
|
|
||||||
/* get bIsExport */
|
/* get bIsExport */
|
||||||
fieldID = (*env)->GetFieldID(env, jSsl3KeyMatParamsClass, "bIsExport", "Z");
|
fieldID = (*env)->GetFieldID(env, jKeyMatParamClass, "bIsExport", "Z");
|
||||||
if (fieldID == NULL) { return ckParam; }
|
if (fieldID == NULL) { return; }
|
||||||
jIsExport = (*env)->GetBooleanField(env, jParam, fieldID);
|
jIsExport = (*env)->GetBooleanField(env, jParam, fieldID);
|
||||||
|
|
||||||
/* get RandomInfo */
|
/* get RandomInfo */
|
||||||
jSsl3RandomDataClass = (*env)->FindClass(env, CLASS_SSL3_RANDOM_DATA);
|
jSsl3RandomDataClass = (*env)->FindClass(env, CLASS_SSL3_RANDOM_DATA);
|
||||||
if (jSsl3RandomDataClass == NULL) { return ckParam; }
|
if (jSsl3RandomDataClass == NULL) { return; }
|
||||||
fieldID = (*env)->GetFieldID(env, jSsl3KeyMatParamsClass, "RandomInfo", "Lsun/security/pkcs11/wrapper/CK_SSL3_RANDOM_DATA;");
|
fieldID = (*env)->GetFieldID(env, jKeyMatParamClass, "RandomInfo",
|
||||||
if (fieldID == NULL) { return ckParam; }
|
"Lsun/security/pkcs11/wrapper/CK_SSL3_RANDOM_DATA;");
|
||||||
|
if (fieldID == NULL) { return; }
|
||||||
jRandomInfo = (*env)->GetObjectField(env, jParam, fieldID);
|
jRandomInfo = (*env)->GetObjectField(env, jParam, fieldID);
|
||||||
|
|
||||||
/* get pClientRandom and ulClientRandomLength out of RandomInfo */
|
/* get pClientRandom and ulClientRandomLength out of RandomInfo */
|
||||||
fieldID = (*env)->GetFieldID(env, jSsl3RandomDataClass, "pClientRandom", "[B");
|
fieldID = (*env)->GetFieldID(env, jSsl3RandomDataClass, "pClientRandom", "[B");
|
||||||
if (fieldID == NULL) { return ckParam; }
|
if (fieldID == NULL) { return; }
|
||||||
jRIClientRandom = (*env)->GetObjectField(env, jRandomInfo, fieldID);
|
jRIClientRandom = (*env)->GetObjectField(env, jRandomInfo, fieldID);
|
||||||
|
|
||||||
/* get pServerRandom and ulServerRandomLength out of RandomInfo */
|
/* get pServerRandom and ulServerRandomLength out of RandomInfo */
|
||||||
fieldID = (*env)->GetFieldID(env, jSsl3RandomDataClass, "pServerRandom", "[B");
|
fieldID = (*env)->GetFieldID(env, jSsl3RandomDataClass, "pServerRandom", "[B");
|
||||||
if (fieldID == NULL) { return ckParam; }
|
if (fieldID == NULL) { return; }
|
||||||
jRIServerRandom = (*env)->GetObjectField(env, jRandomInfo, fieldID);
|
jRIServerRandom = (*env)->GetObjectField(env, jRandomInfo, fieldID);
|
||||||
|
|
||||||
/* get pReturnedKeyMaterial */
|
/* get pReturnedKeyMaterial */
|
||||||
jSsl3KeyMatOutClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_OUT);
|
jSsl3KeyMatOutClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_OUT);
|
||||||
if (jSsl3KeyMatOutClass == NULL) { return ckParam; }
|
if (jSsl3KeyMatOutClass == NULL) { return; }
|
||||||
fieldID = (*env)->GetFieldID(env, jSsl3KeyMatParamsClass, "pReturnedKeyMaterial", "Lsun/security/pkcs11/wrapper/CK_SSL3_KEY_MAT_OUT;");
|
fieldID = (*env)->GetFieldID(env, jKeyMatParamClass, "pReturnedKeyMaterial",
|
||||||
if (fieldID == NULL) { return ckParam; }
|
"Lsun/security/pkcs11/wrapper/CK_SSL3_KEY_MAT_OUT;");
|
||||||
|
if (fieldID == NULL) { return; }
|
||||||
jReturnedKeyMaterial = (*env)->GetObjectField(env, jParam, fieldID);
|
jReturnedKeyMaterial = (*env)->GetObjectField(env, jParam, fieldID);
|
||||||
|
|
||||||
/* get pIVClient out of pReturnedKeyMaterial */
|
/* get pIVClient out of pReturnedKeyMaterial */
|
||||||
fieldID = (*env)->GetFieldID(env, jSsl3KeyMatOutClass, "pIVClient", "[B");
|
fieldID = (*env)->GetFieldID(env, jSsl3KeyMatOutClass, "pIVClient", "[B");
|
||||||
if (fieldID == NULL) { return ckParam; }
|
if (fieldID == NULL) { return; }
|
||||||
jRMIvClient = (*env)->GetObjectField(env, jReturnedKeyMaterial, fieldID);
|
jRMIvClient = (*env)->GetObjectField(env, jReturnedKeyMaterial, fieldID);
|
||||||
|
|
||||||
/* get pIVServer out of pReturnedKeyMaterial */
|
/* get pIVServer out of pReturnedKeyMaterial */
|
||||||
fieldID = (*env)->GetFieldID(env, jSsl3KeyMatOutClass, "pIVServer", "[B");
|
fieldID = (*env)->GetFieldID(env, jSsl3KeyMatOutClass, "pIVServer", "[B");
|
||||||
if (fieldID == NULL) { return ckParam; }
|
if (fieldID == NULL) { return; }
|
||||||
jRMIvServer = (*env)->GetObjectField(env, jReturnedKeyMaterial, fieldID);
|
jRMIvServer = (*env)->GetObjectField(env, jReturnedKeyMaterial, fieldID);
|
||||||
|
|
||||||
/* populate java values */
|
/* populate java values */
|
||||||
ckParam.ulMacSizeInBits = jLongToCKULong(jMacSizeInBits);
|
*cKKeyMatParamUlMacSizeInBits = jLongToCKULong(jMacSizeInBits);
|
||||||
ckParam.ulKeySizeInBits = jLongToCKULong(jKeySizeInBits);
|
*cKKeyMatParamUlKeySizeInBits = jLongToCKULong(jKeySizeInBits);
|
||||||
ckParam.ulIVSizeInBits = jLongToCKULong(jIVSizeInBits);
|
*cKKeyMatParamUlIVSizeInBits = jLongToCKULong(jIVSizeInBits);
|
||||||
ckParam.bIsExport = jBooleanToCKBBool(jIsExport);
|
*cKKeyMatParamBIsExport = jBooleanToCKBBool(jIsExport);
|
||||||
jByteArrayToCKByteArray(env, jRIClientRandom, &(ckParam.RandomInfo.pClientRandom), &(ckParam.RandomInfo.ulClientRandomLen));
|
jByteArrayToCKByteArray(env, jRIClientRandom,
|
||||||
if ((*env)->ExceptionCheck(env)) { return ckParam; }
|
&(cKKeyMatParamRandomInfo->pClientRandom),
|
||||||
jByteArrayToCKByteArray(env, jRIServerRandom, &(ckParam.RandomInfo.pServerRandom), &(ckParam.RandomInfo.ulServerRandomLen));
|
&(cKKeyMatParamRandomInfo->ulClientRandomLen));
|
||||||
|
if ((*env)->ExceptionCheck(env)) { return; }
|
||||||
|
jByteArrayToCKByteArray(env, jRIServerRandom,
|
||||||
|
&(cKKeyMatParamRandomInfo->pServerRandom),
|
||||||
|
&(cKKeyMatParamRandomInfo->ulServerRandomLen));
|
||||||
if ((*env)->ExceptionCheck(env)) {
|
if ((*env)->ExceptionCheck(env)) {
|
||||||
free(ckParam.RandomInfo.pClientRandom);
|
free(cKKeyMatParamRandomInfo->pClientRandom);
|
||||||
return ckParam;
|
return;
|
||||||
}
|
}
|
||||||
/* allocate memory for pRetrunedKeyMaterial */
|
/* allocate memory for pRetrunedKeyMaterial */
|
||||||
ckParam.pReturnedKeyMaterial = (CK_SSL3_KEY_MAT_OUT_PTR) malloc(sizeof(CK_SSL3_KEY_MAT_OUT));
|
*cKKeyMatParamPReturnedKeyMaterial =
|
||||||
if (ckParam.pReturnedKeyMaterial == NULL) {
|
(CK_SSL3_KEY_MAT_OUT_PTR)malloc(sizeof(CK_SSL3_KEY_MAT_OUT));
|
||||||
free(ckParam.RandomInfo.pClientRandom);
|
if (*cKKeyMatParamPReturnedKeyMaterial == NULL) {
|
||||||
free(ckParam.RandomInfo.pServerRandom);
|
free(cKKeyMatParamRandomInfo->pClientRandom);
|
||||||
|
free(cKKeyMatParamRandomInfo->pServerRandom);
|
||||||
throwOutOfMemoryError(env, 0);
|
throwOutOfMemoryError(env, 0);
|
||||||
return ckParam;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// the handles are output params only, no need to fetch them from Java
|
// the handles are output params only, no need to fetch them from Java
|
||||||
ckParam.pReturnedKeyMaterial->hClientMacSecret = 0;
|
(*cKKeyMatParamPReturnedKeyMaterial)->hClientMacSecret = 0;
|
||||||
ckParam.pReturnedKeyMaterial->hServerMacSecret = 0;
|
(*cKKeyMatParamPReturnedKeyMaterial)->hServerMacSecret = 0;
|
||||||
ckParam.pReturnedKeyMaterial->hClientKey = 0;
|
(*cKKeyMatParamPReturnedKeyMaterial)->hClientKey = 0;
|
||||||
ckParam.pReturnedKeyMaterial->hServerKey = 0;
|
(*cKKeyMatParamPReturnedKeyMaterial)->hServerKey = 0;
|
||||||
|
|
||||||
jByteArrayToCKByteArray(env, jRMIvClient, &(ckParam.pReturnedKeyMaterial->pIVClient), &ckTemp);
|
jByteArrayToCKByteArray(env, jRMIvClient,
|
||||||
|
&((*cKKeyMatParamPReturnedKeyMaterial)->pIVClient), &ckTemp);
|
||||||
if ((*env)->ExceptionCheck(env)) {
|
if ((*env)->ExceptionCheck(env)) {
|
||||||
free(ckParam.RandomInfo.pClientRandom);
|
free(cKKeyMatParamRandomInfo->pClientRandom);
|
||||||
free(ckParam.RandomInfo.pServerRandom);
|
free(cKKeyMatParamRandomInfo->pServerRandom);
|
||||||
free(ckParam.pReturnedKeyMaterial);
|
free((*cKKeyMatParamPReturnedKeyMaterial));
|
||||||
return ckParam;
|
return;
|
||||||
}
|
}
|
||||||
jByteArrayToCKByteArray(env, jRMIvServer, &(ckParam.pReturnedKeyMaterial->pIVServer), &ckTemp);
|
jByteArrayToCKByteArray(env, jRMIvServer,
|
||||||
|
&((*cKKeyMatParamPReturnedKeyMaterial)->pIVServer), &ckTemp);
|
||||||
if ((*env)->ExceptionCheck(env)) {
|
if ((*env)->ExceptionCheck(env)) {
|
||||||
free(ckParam.RandomInfo.pClientRandom);
|
free(cKKeyMatParamRandomInfo->pClientRandom);
|
||||||
free(ckParam.RandomInfo.pServerRandom);
|
free(cKKeyMatParamRandomInfo->pServerRandom);
|
||||||
free(ckParam.pReturnedKeyMaterial->pIVClient);
|
free((*cKKeyMatParamPReturnedKeyMaterial)->pIVClient);
|
||||||
free(ckParam.pReturnedKeyMaterial);
|
free((*cKKeyMatParamPReturnedKeyMaterial));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
/*
|
||||||
|
* converts the Java CK_SSL3_KEY_MAT_PARAMS object to a
|
||||||
|
* CK_SSL3_KEY_MAT_PARAMS structure
|
||||||
|
*
|
||||||
|
* @param env - used to call JNI funktions to get the Java classes and objects
|
||||||
|
* @param jParam - the Java CK_SSL3_KEY_MAT_PARAMS object to convert
|
||||||
|
* @return - the new CK_SSL3_KEY_MAT_PARAMS structure
|
||||||
|
*/
|
||||||
|
CK_SSL3_KEY_MAT_PARAMS
|
||||||
|
jSsl3KeyMatParamToCKSsl3KeyMatParam(JNIEnv *env, jobject jParam)
|
||||||
|
{
|
||||||
|
CK_SSL3_KEY_MAT_PARAMS ckParam;
|
||||||
|
memset(&ckParam, 0, sizeof(CK_SSL3_KEY_MAT_PARAMS));
|
||||||
|
jclass jSsl3KeyMatParamsClass = (*env)->FindClass(env,
|
||||||
|
CLASS_SSL3_KEY_MAT_PARAMS);
|
||||||
|
if (jSsl3KeyMatParamsClass == NULL) { return ckParam; }
|
||||||
|
keyMatParamToCKKeyMatParam(env, jParam, jSsl3KeyMatParamsClass,
|
||||||
|
&ckParam.ulMacSizeInBits, &ckParam.ulKeySizeInBits,
|
||||||
|
&ckParam.ulIVSizeInBits, &ckParam.bIsExport,
|
||||||
|
&ckParam.RandomInfo, &ckParam.pReturnedKeyMaterial);
|
||||||
return ckParam;
|
return ckParam;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* converts the Java CK_TLS12_KEY_MAT_PARAMS object to a
|
||||||
|
* CK_TLS12_KEY_MAT_PARAMS structure
|
||||||
|
*
|
||||||
|
* @param env - used to call JNI functions to get the Java classes and objects
|
||||||
|
* @param jParam - the Java CK_TLS12_KEY_MAT_PARAMS object to convert
|
||||||
|
* @return - the new CK_TLS12_KEY_MAT_PARAMS structure
|
||||||
|
*/
|
||||||
|
CK_TLS12_KEY_MAT_PARAMS jTls12KeyMatParamToCKTls12KeyMatParam(JNIEnv *env,
|
||||||
|
jobject jParam)
|
||||||
|
{
|
||||||
|
CK_TLS12_KEY_MAT_PARAMS ckParam;
|
||||||
|
memset(&ckParam, 0, sizeof(CK_TLS12_KEY_MAT_PARAMS));
|
||||||
|
jclass jTls12KeyMatParamsClass = (*env)->FindClass(env,
|
||||||
|
CLASS_TLS12_KEY_MAT_PARAMS);
|
||||||
|
if (jTls12KeyMatParamsClass == NULL) { return ckParam; }
|
||||||
|
keyMatParamToCKKeyMatParam(env, jParam, jTls12KeyMatParamsClass,
|
||||||
|
&ckParam.ulMacSizeInBits, &ckParam.ulKeySizeInBits,
|
||||||
|
&ckParam.ulIVSizeInBits, &ckParam.bIsExport,
|
||||||
|
&ckParam.RandomInfo, &ckParam.pReturnedKeyMaterial);
|
||||||
|
jfieldID fieldID = (*env)->GetFieldID(env, jTls12KeyMatParamsClass,
|
||||||
|
"prfHashMechanism", "J");
|
||||||
|
if (fieldID != NULL) {
|
||||||
|
jlong prfHashMechanism = (*env)->GetLongField(env, jParam, fieldID);
|
||||||
|
ckParam.prfHashMechanism = (CK_MECHANISM_TYPE)prfHashMechanism;
|
||||||
|
}
|
||||||
return ckParam;
|
return ckParam;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -980,8 +1114,11 @@ void jMechanismParameterToCKMechanismParameter(JNIEnv *env, jobject jParam, CK_V
|
|||||||
void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam, CK_VOID_PTR *ckpParamPtr, CK_ULONG *ckpLength)
|
void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam, CK_VOID_PTR *ckpParamPtr, CK_ULONG *ckpLength)
|
||||||
{
|
{
|
||||||
/* get all Java mechanism parameter classes */
|
/* get all Java mechanism parameter classes */
|
||||||
jclass jVersionClass, jSsl3MasterKeyDeriveParamsClass, jSsl3KeyMatParamsClass;
|
jclass jVersionClass, jSsl3MasterKeyDeriveParamsClass;
|
||||||
jclass jTlsPrfParamsClass, jAesCtrParamsClass, jRsaPkcsOaepParamsClass;
|
jclass jTls12MasterKeyDeriveParamsClass, jSsl3KeyMatParamsClass;
|
||||||
|
jclass jTls12KeyMatParamsClass;
|
||||||
|
jclass jTlsPrfParamsClass, jTlsMacParamsClass, jAesCtrParamsClass;
|
||||||
|
jclass jRsaPkcsOaepParamsClass;
|
||||||
jclass jPbeParamsClass, jPkcs5Pbkd2ParamsClass, jRsaPkcsPssParamsClass;
|
jclass jPbeParamsClass, jPkcs5Pbkd2ParamsClass, jRsaPkcsPssParamsClass;
|
||||||
jclass jEcdh1DeriveParamsClass, jEcdh2DeriveParamsClass;
|
jclass jEcdh1DeriveParamsClass, jEcdh2DeriveParamsClass;
|
||||||
jclass jX942Dh1DeriveParamsClass, jX942Dh2DeriveParamsClass;
|
jclass jX942Dh1DeriveParamsClass, jX942Dh2DeriveParamsClass;
|
||||||
@ -1061,6 +1198,62 @@ void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam,
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
jTls12KeyMatParamsClass = (*env)->FindClass(env, CLASS_TLS12_KEY_MAT_PARAMS);
|
||||||
|
if (jTls12KeyMatParamsClass == NULL) { return; }
|
||||||
|
if ((*env)->IsInstanceOf(env, jParam, jTls12KeyMatParamsClass)) {
|
||||||
|
/*
|
||||||
|
* CK_TLS12_KEY_MAT_PARAMS
|
||||||
|
*/
|
||||||
|
CK_TLS12_KEY_MAT_PARAMS_PTR ckpParam;
|
||||||
|
|
||||||
|
ckpParam = (CK_TLS12_KEY_MAT_PARAMS_PTR) malloc(sizeof(CK_TLS12_KEY_MAT_PARAMS));
|
||||||
|
if (ckpParam == NULL) {
|
||||||
|
throwOutOfMemoryError(env, 0);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* convert jParameter to CKParameter */
|
||||||
|
*ckpParam = jTls12KeyMatParamToCKTls12KeyMatParam(env, jParam);
|
||||||
|
if ((*env)->ExceptionCheck(env)) {
|
||||||
|
free(ckpParam);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* get length and pointer of parameter */
|
||||||
|
*ckpLength = sizeof(CK_TLS12_KEY_MAT_PARAMS);
|
||||||
|
*ckpParamPtr = ckpParam;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
jTls12MasterKeyDeriveParamsClass =
|
||||||
|
(*env)->FindClass(env, CLASS_TLS12_MASTER_KEY_DERIVE_PARAMS);
|
||||||
|
if (jTls12MasterKeyDeriveParamsClass == NULL) { return; }
|
||||||
|
if ((*env)->IsInstanceOf(env, jParam, jTls12MasterKeyDeriveParamsClass)) {
|
||||||
|
/*
|
||||||
|
* CK_TLS12_MASTER_KEY_DERIVE_PARAMS
|
||||||
|
*/
|
||||||
|
CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR ckpParam;
|
||||||
|
|
||||||
|
ckpParam = (CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR)malloc(
|
||||||
|
sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS));
|
||||||
|
if (ckpParam == NULL) {
|
||||||
|
throwOutOfMemoryError(env, 0);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* convert jParameter to CKParameter */
|
||||||
|
*ckpParam = jTls12MasterKeyDeriveParamToCKTls12MasterKeyDeriveParam(env, jParam);
|
||||||
|
if ((*env)->ExceptionCheck(env)) {
|
||||||
|
free(ckpParam);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* get length and pointer of parameter */
|
||||||
|
*ckpLength = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS);
|
||||||
|
*ckpParamPtr = ckpParam;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
jTlsPrfParamsClass = (*env)->FindClass(env, CLASS_TLS_PRF_PARAMS);
|
jTlsPrfParamsClass = (*env)->FindClass(env, CLASS_TLS_PRF_PARAMS);
|
||||||
if (jTlsPrfParamsClass == NULL) { return; }
|
if (jTlsPrfParamsClass == NULL) { return; }
|
||||||
if ((*env)->IsInstanceOf(env, jParam, jTlsPrfParamsClass)) {
|
if ((*env)->IsInstanceOf(env, jParam, jTlsPrfParamsClass)) {
|
||||||
@ -1088,6 +1281,30 @@ void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam,
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
jTlsMacParamsClass = (*env)->FindClass(env, CLASS_TLS_MAC_PARAMS);
|
||||||
|
if (jTlsMacParamsClass == NULL) { return; }
|
||||||
|
if ((*env)->IsInstanceOf(env, jParam, jTlsMacParamsClass)) {
|
||||||
|
CK_TLS_MAC_PARAMS_PTR ckpParam;
|
||||||
|
|
||||||
|
ckpParam = (CK_TLS_MAC_PARAMS_PTR) malloc(sizeof(CK_TLS_MAC_PARAMS));
|
||||||
|
if (ckpParam == NULL) {
|
||||||
|
throwOutOfMemoryError(env, 0);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* convert jParameter to CKParameter */
|
||||||
|
*ckpParam = jTlsMacParamsToCKTlsMacParam(env, jParam);
|
||||||
|
if ((*env)->ExceptionCheck(env)) {
|
||||||
|
free(ckpParam);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* get length and pointer of parameter */
|
||||||
|
*ckpLength = sizeof(CK_TLS_MAC_PARAMS);
|
||||||
|
*ckpParamPtr = ckpParam;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
jAesCtrParamsClass = (*env)->FindClass(env, CLASS_AES_CTR_PARAMS);
|
jAesCtrParamsClass = (*env)->FindClass(env, CLASS_AES_CTR_PARAMS);
|
||||||
if (jAesCtrParamsClass == NULL) { return; }
|
if (jAesCtrParamsClass == NULL) { return; }
|
||||||
if ((*env)->IsInstanceOf(env, jParam, jAesCtrParamsClass)) {
|
if ((*env)->IsInstanceOf(env, jParam, jAesCtrParamsClass)) {
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* Copyright (c) 2002 Graz University of Technology. All rights reserved.
|
/* Copyright (c) 2002 Graz University of Technology. All rights reserved.
|
||||||
@ -382,25 +382,38 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1UnwrapKey
|
|||||||
|
|
||||||
#ifdef P11_ENABLE_C_DERIVEKEY
|
#ifdef P11_ENABLE_C_DERIVEKEY
|
||||||
|
|
||||||
void freeMasterKeyDeriveParams(CK_MECHANISM_PTR ckMechanism) {
|
static void freeMasterKeyDeriveParams(CK_SSL3_RANDOM_DATA *RandomInfo, CK_VERSION_PTR pVersion) {
|
||||||
|
if (RandomInfo->pClientRandom != NULL) {
|
||||||
|
free(RandomInfo->pClientRandom);
|
||||||
|
}
|
||||||
|
if (RandomInfo->pServerRandom != NULL) {
|
||||||
|
free(RandomInfo->pServerRandom);
|
||||||
|
}
|
||||||
|
if (pVersion != NULL) {
|
||||||
|
free(pVersion);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void ssl3FreeMasterKeyDeriveParams(CK_MECHANISM_PTR ckMechanism) {
|
||||||
CK_SSL3_MASTER_KEY_DERIVE_PARAMS *params = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *) ckMechanism->pParameter;
|
CK_SSL3_MASTER_KEY_DERIVE_PARAMS *params = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *) ckMechanism->pParameter;
|
||||||
if (params == NULL) {
|
if (params == NULL) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
freeMasterKeyDeriveParams(&(params->RandomInfo), params->pVersion);
|
||||||
|
}
|
||||||
|
|
||||||
if (params->RandomInfo.pClientRandom != NULL) {
|
void tls12FreeMasterKeyDeriveParams(CK_MECHANISM_PTR ckMechanism) {
|
||||||
free(params->RandomInfo.pClientRandom);
|
CK_TLS12_MASTER_KEY_DERIVE_PARAMS *params =
|
||||||
}
|
(CK_TLS12_MASTER_KEY_DERIVE_PARAMS *)ckMechanism->pParameter;
|
||||||
if (params->RandomInfo.pServerRandom != NULL) {
|
if (params == NULL) {
|
||||||
free(params->RandomInfo.pServerRandom);
|
return;
|
||||||
}
|
|
||||||
if (params->pVersion != NULL) {
|
|
||||||
free(params->pVersion);
|
|
||||||
}
|
}
|
||||||
|
freeMasterKeyDeriveParams(&(params->RandomInfo), params->pVersion);
|
||||||
}
|
}
|
||||||
|
|
||||||
void freeEcdh1DeriveParams(CK_MECHANISM_PTR ckMechanism) {
|
void freeEcdh1DeriveParams(CK_MECHANISM_PTR ckMechanism) {
|
||||||
CK_ECDH1_DERIVE_PARAMS *params = (CK_ECDH1_DERIVE_PARAMS *) ckMechanism->pParameter;
|
CK_ECDH1_DERIVE_PARAMS *params =
|
||||||
|
(CK_ECDH1_DERIVE_PARAMS *)ckMechanism->pParameter;
|
||||||
if (params == NULL) {
|
if (params == NULL) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -525,6 +538,7 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DeriveKey
|
|||||||
switch (ckMechanism.mechanism) {
|
switch (ckMechanism.mechanism) {
|
||||||
case CKM_SSL3_KEY_AND_MAC_DERIVE:
|
case CKM_SSL3_KEY_AND_MAC_DERIVE:
|
||||||
case CKM_TLS_KEY_AND_MAC_DERIVE:
|
case CKM_TLS_KEY_AND_MAC_DERIVE:
|
||||||
|
case CKM_TLS12_KEY_AND_MAC_DERIVE:
|
||||||
case CKM_TLS_PRF:
|
case CKM_TLS_PRF:
|
||||||
// these mechanism do not return a key handle via phKey
|
// these mechanism do not return a key handle via phKey
|
||||||
// set to NULL in case pedantic implementations check for it
|
// set to NULL in case pedantic implementations check for it
|
||||||
@ -546,17 +560,28 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DeriveKey
|
|||||||
case CKM_SSL3_MASTER_KEY_DERIVE:
|
case CKM_SSL3_MASTER_KEY_DERIVE:
|
||||||
case CKM_TLS_MASTER_KEY_DERIVE:
|
case CKM_TLS_MASTER_KEY_DERIVE:
|
||||||
/* we must copy back the client version */
|
/* we must copy back the client version */
|
||||||
copyBackClientVersion(env, &ckMechanism, jMechanism);
|
ssl3CopyBackClientVersion(env, &ckMechanism, jMechanism);
|
||||||
freeMasterKeyDeriveParams(&ckMechanism);
|
ssl3FreeMasterKeyDeriveParams(&ckMechanism);
|
||||||
|
break;
|
||||||
|
case CKM_TLS12_MASTER_KEY_DERIVE:
|
||||||
|
tls12CopyBackClientVersion(env, &ckMechanism, jMechanism);
|
||||||
|
tls12FreeMasterKeyDeriveParams(&ckMechanism);
|
||||||
break;
|
break;
|
||||||
case CKM_SSL3_MASTER_KEY_DERIVE_DH:
|
case CKM_SSL3_MASTER_KEY_DERIVE_DH:
|
||||||
case CKM_TLS_MASTER_KEY_DERIVE_DH:
|
case CKM_TLS_MASTER_KEY_DERIVE_DH:
|
||||||
freeMasterKeyDeriveParams(&ckMechanism);
|
ssl3FreeMasterKeyDeriveParams(&ckMechanism);
|
||||||
|
break;
|
||||||
|
case CKM_TLS12_MASTER_KEY_DERIVE_DH:
|
||||||
|
tls12FreeMasterKeyDeriveParams(&ckMechanism);
|
||||||
break;
|
break;
|
||||||
case CKM_SSL3_KEY_AND_MAC_DERIVE:
|
case CKM_SSL3_KEY_AND_MAC_DERIVE:
|
||||||
case CKM_TLS_KEY_AND_MAC_DERIVE:
|
case CKM_TLS_KEY_AND_MAC_DERIVE:
|
||||||
/* we must copy back the unwrapped key info to the jMechanism object */
|
/* we must copy back the unwrapped key info to the jMechanism object */
|
||||||
copyBackSSLKeyMatParams(env, &ckMechanism, jMechanism);
|
ssl3CopyBackKeyMatParams(env, &ckMechanism, jMechanism);
|
||||||
|
break;
|
||||||
|
case CKM_TLS12_KEY_AND_MAC_DERIVE:
|
||||||
|
/* we must copy back the unwrapped key info to the jMechanism object */
|
||||||
|
tls12CopyBackKeyMatParams(env, &ckMechanism, jMechanism);
|
||||||
break;
|
break;
|
||||||
case CKM_TLS_PRF:
|
case CKM_TLS_PRF:
|
||||||
copyBackTLSPrfParams(env, &ckMechanism, jMechanism);
|
copyBackTLSPrfParams(env, &ckMechanism, jMechanism);
|
||||||
@ -577,21 +602,14 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DeriveKey
|
|||||||
return jKeyHandle ;
|
return jKeyHandle ;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
static void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism,
|
||||||
* Copy back the client version information from the native
|
CK_VERSION *ckVersion, const char *class_master_key_derive_params)
|
||||||
* structure to the Java object. This is only used for the
|
|
||||||
* CKM_SSL3_MASTER_KEY_DERIVE mechanism when used for deriving a key.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism)
|
|
||||||
{
|
{
|
||||||
jclass jMechanismClass, jSSL3MasterKeyDeriveParamsClass, jVersionClass;
|
jclass jMasterKeyDeriveParamsClass, jMechanismClass, jVersionClass;
|
||||||
CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ckSSL3MasterKeyDeriveParams;
|
jobject jMasterKeyDeriveParams;
|
||||||
CK_VERSION *ckVersion;
|
|
||||||
jfieldID fieldID;
|
jfieldID fieldID;
|
||||||
CK_MECHANISM_TYPE ckMechanismType;
|
CK_MECHANISM_TYPE ckMechanismType;
|
||||||
jlong jMechanismType;
|
jlong jMechanismType;
|
||||||
jobject jSSL3MasterKeyDeriveParams;
|
|
||||||
jobject jVersion;
|
jobject jVersion;
|
||||||
|
|
||||||
/* get mechanism */
|
/* get mechanism */
|
||||||
@ -606,24 +624,20 @@ void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMech
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* get the native CK_SSL3_MASTER_KEY_DERIVE_PARAMS */
|
|
||||||
ckSSL3MasterKeyDeriveParams = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *) ckMechanism->pParameter;
|
|
||||||
if (ckSSL3MasterKeyDeriveParams != NULL_PTR) {
|
|
||||||
/* get the native CK_VERSION */
|
|
||||||
ckVersion = ckSSL3MasterKeyDeriveParams->pVersion;
|
|
||||||
if (ckVersion != NULL_PTR) {
|
if (ckVersion != NULL_PTR) {
|
||||||
/* get the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS (pParameter) */
|
/* get the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS (pParameter) */
|
||||||
fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;");
|
fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;");
|
||||||
if (fieldID == NULL) { return; }
|
if (fieldID == NULL) { return; }
|
||||||
|
|
||||||
jSSL3MasterKeyDeriveParams = (*env)->GetObjectField(env, jMechanism, fieldID);
|
jMasterKeyDeriveParams = (*env)->GetObjectField(env, jMechanism, fieldID);
|
||||||
|
|
||||||
/* get the Java CK_VERSION */
|
/* get the Java CK_VERSION */
|
||||||
jSSL3MasterKeyDeriveParamsClass = (*env)->FindClass(env, CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS);
|
jMasterKeyDeriveParamsClass = (*env)->FindClass(env, class_master_key_derive_params);
|
||||||
if (jSSL3MasterKeyDeriveParamsClass == NULL) { return; }
|
if (jMasterKeyDeriveParamsClass == NULL) { return; }
|
||||||
fieldID = (*env)->GetFieldID(env, jSSL3MasterKeyDeriveParamsClass, "pVersion", "L"CLASS_VERSION";");
|
fieldID = (*env)->GetFieldID(env, jMasterKeyDeriveParamsClass,
|
||||||
|
"pVersion", "L"CLASS_VERSION";");
|
||||||
if (fieldID == NULL) { return; }
|
if (fieldID == NULL) { return; }
|
||||||
jVersion = (*env)->GetObjectField(env, jSSL3MasterKeyDeriveParams, fieldID);
|
jVersion = (*env)->GetObjectField(env, jMasterKeyDeriveParams, fieldID);
|
||||||
|
|
||||||
/* now copy back the version from the native structure to the Java structure */
|
/* now copy back the version from the native structure to the Java structure */
|
||||||
|
|
||||||
@ -640,25 +654,56 @@ void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMech
|
|||||||
(*env)->SetByteField(env, jVersion, fieldID, ckByteToJByte(ckVersion->minor));
|
(*env)->SetByteField(env, jVersion, fieldID, ckByteToJByte(ckVersion->minor));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copy back the derived keys and initialization vectors from the native
|
* Copy back the client version information from the native
|
||||||
* structure to the Java object. This is only used for the
|
* structure to the Java object. This is only used for
|
||||||
* CKM_SSL3_KEY_AND_MAC_DERIVE mechanism when used for deriving a key.
|
* CKM_SSL3_MASTER_KEY_DERIVE and CKM_TLS_MASTER_KEY_DERIVE
|
||||||
|
* mechanisms when used for deriving a key.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
void copyBackSSLKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism)
|
void ssl3CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism,
|
||||||
|
jobject jMechanism)
|
||||||
{
|
{
|
||||||
jclass jMechanismClass, jSSL3KeyMatParamsClass, jSSL3KeyMatOutClass;
|
CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ckSSL3MasterKeyDeriveParams;
|
||||||
CK_SSL3_KEY_MAT_PARAMS *ckSSL3KeyMatParam;
|
ckSSL3MasterKeyDeriveParams =
|
||||||
CK_SSL3_KEY_MAT_OUT *ckSSL3KeyMatOut;
|
(CK_SSL3_MASTER_KEY_DERIVE_PARAMS *)ckMechanism->pParameter;
|
||||||
|
if (ckSSL3MasterKeyDeriveParams != NULL_PTR) {
|
||||||
|
copyBackClientVersion(env, ckMechanism, jMechanism,
|
||||||
|
ckSSL3MasterKeyDeriveParams->pVersion,
|
||||||
|
CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Copy back the client version information from the native
|
||||||
|
* structure to the Java object. This is only used for
|
||||||
|
* CKM_TLS12_MASTER_KEY_DERIVE mechanism when used for deriving a key.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
void tls12CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism,
|
||||||
|
jobject jMechanism)
|
||||||
|
{
|
||||||
|
CK_TLS12_MASTER_KEY_DERIVE_PARAMS *ckTLS12MasterKeyDeriveParams;
|
||||||
|
ckTLS12MasterKeyDeriveParams =
|
||||||
|
(CK_TLS12_MASTER_KEY_DERIVE_PARAMS *)ckMechanism->pParameter;
|
||||||
|
if (ckTLS12MasterKeyDeriveParams != NULL_PTR) {
|
||||||
|
copyBackClientVersion(env, ckMechanism, jMechanism,
|
||||||
|
ckTLS12MasterKeyDeriveParams->pVersion,
|
||||||
|
CLASS_TLS12_MASTER_KEY_DERIVE_PARAMS);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
static void copyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism,
|
||||||
|
jobject jMechanism, CK_SSL3_RANDOM_DATA *RandomInfo,
|
||||||
|
CK_SSL3_KEY_MAT_OUT_PTR ckSSL3KeyMatOut, const char *class_key_mat_params)
|
||||||
|
{
|
||||||
|
jclass jMechanismClass, jKeyMatParamsClass, jSSL3KeyMatOutClass;
|
||||||
jfieldID fieldID;
|
jfieldID fieldID;
|
||||||
CK_MECHANISM_TYPE ckMechanismType;
|
CK_MECHANISM_TYPE ckMechanismType;
|
||||||
jlong jMechanismType;
|
jlong jMechanismType;
|
||||||
CK_BYTE_PTR iv;
|
CK_BYTE_PTR iv;
|
||||||
jobject jSSL3KeyMatParam;
|
jobject jKeyMatParam;
|
||||||
jobject jSSL3KeyMatOut;
|
jobject jSSL3KeyMatOut;
|
||||||
jobject jIV;
|
jobject jIV;
|
||||||
jint jLength;
|
jint jLength;
|
||||||
@ -677,54 +722,57 @@ void copyBackSSLKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMe
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* get the native CK_SSL3_KEY_MAT_PARAMS */
|
|
||||||
ckSSL3KeyMatParam = (CK_SSL3_KEY_MAT_PARAMS *) ckMechanism->pParameter;
|
|
||||||
if (ckSSL3KeyMatParam != NULL_PTR) {
|
|
||||||
// free malloc'd data
|
// free malloc'd data
|
||||||
if (ckSSL3KeyMatParam->RandomInfo.pClientRandom != NULL) {
|
if (RandomInfo->pClientRandom != NULL) {
|
||||||
free(ckSSL3KeyMatParam->RandomInfo.pClientRandom);
|
free(RandomInfo->pClientRandom);
|
||||||
}
|
}
|
||||||
if (ckSSL3KeyMatParam->RandomInfo.pServerRandom != NULL) {
|
if (RandomInfo->pServerRandom != NULL) {
|
||||||
free(ckSSL3KeyMatParam->RandomInfo.pServerRandom);
|
free(RandomInfo->pServerRandom);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* get the native CK_SSL3_KEY_MAT_OUT */
|
|
||||||
ckSSL3KeyMatOut = ckSSL3KeyMatParam->pReturnedKeyMaterial;
|
|
||||||
if (ckSSL3KeyMatOut != NULL_PTR) {
|
if (ckSSL3KeyMatOut != NULL_PTR) {
|
||||||
/* get the Java CK_SSL3_KEY_MAT_PARAMS (pParameter) */
|
/* get the Java params object (pParameter) */
|
||||||
fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;");
|
fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter",
|
||||||
|
"Ljava/lang/Object;");
|
||||||
if (fieldID == NULL) { return; }
|
if (fieldID == NULL) { return; }
|
||||||
jSSL3KeyMatParam = (*env)->GetObjectField(env, jMechanism, fieldID);
|
jKeyMatParam = (*env)->GetObjectField(env, jMechanism, fieldID);
|
||||||
|
|
||||||
/* get the Java CK_SSL3_KEY_MAT_OUT */
|
/* get the Java CK_SSL3_KEY_MAT_OUT */
|
||||||
jSSL3KeyMatParamsClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_PARAMS);
|
jKeyMatParamsClass = (*env)->FindClass(env, class_key_mat_params);
|
||||||
if (jSSL3KeyMatParamsClass == NULL) { return; }
|
if (jKeyMatParamsClass == NULL) { return; }
|
||||||
fieldID = (*env)->GetFieldID(env, jSSL3KeyMatParamsClass, "pReturnedKeyMaterial", "L"CLASS_SSL3_KEY_MAT_OUT";");
|
fieldID = (*env)->GetFieldID(env, jKeyMatParamsClass,
|
||||||
|
"pReturnedKeyMaterial", "L"CLASS_SSL3_KEY_MAT_OUT";");
|
||||||
if (fieldID == NULL) { return; }
|
if (fieldID == NULL) { return; }
|
||||||
jSSL3KeyMatOut = (*env)->GetObjectField(env, jSSL3KeyMatParam, fieldID);
|
jSSL3KeyMatOut = (*env)->GetObjectField(env, jKeyMatParam, fieldID);
|
||||||
|
|
||||||
/* now copy back all the key handles and the initialization vectors */
|
/* now copy back all the key handles and the initialization vectors */
|
||||||
/* copy back client MAC secret handle */
|
/* copy back client MAC secret handle */
|
||||||
jSSL3KeyMatOutClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_OUT);
|
jSSL3KeyMatOutClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_OUT);
|
||||||
if (jSSL3KeyMatOutClass == NULL) { return; }
|
if (jSSL3KeyMatOutClass == NULL) { return; }
|
||||||
fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hClientMacSecret", "J");
|
fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass,
|
||||||
|
"hClientMacSecret", "J");
|
||||||
if (fieldID == NULL) { return; }
|
if (fieldID == NULL) { return; }
|
||||||
(*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hClientMacSecret));
|
(*env)->SetLongField(env, jSSL3KeyMatOut, fieldID,
|
||||||
|
ckULongToJLong(ckSSL3KeyMatOut->hClientMacSecret));
|
||||||
|
|
||||||
/* copy back server MAC secret handle */
|
/* copy back server MAC secret handle */
|
||||||
fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hServerMacSecret", "J");
|
fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass,
|
||||||
|
"hServerMacSecret", "J");
|
||||||
if (fieldID == NULL) { return; }
|
if (fieldID == NULL) { return; }
|
||||||
(*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hServerMacSecret));
|
(*env)->SetLongField(env, jSSL3KeyMatOut, fieldID,
|
||||||
|
ckULongToJLong(ckSSL3KeyMatOut->hServerMacSecret));
|
||||||
|
|
||||||
/* copy back client secret key handle */
|
/* copy back client secret key handle */
|
||||||
fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hClientKey", "J");
|
fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hClientKey", "J");
|
||||||
if (fieldID == NULL) { return; }
|
if (fieldID == NULL) { return; }
|
||||||
(*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hClientKey));
|
(*env)->SetLongField(env, jSSL3KeyMatOut, fieldID,
|
||||||
|
ckULongToJLong(ckSSL3KeyMatOut->hClientKey));
|
||||||
|
|
||||||
/* copy back server secret key handle */
|
/* copy back server secret key handle */
|
||||||
fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hServerKey", "J");
|
fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hServerKey", "J");
|
||||||
if (fieldID == NULL) { return; }
|
if (fieldID == NULL) { return; }
|
||||||
(*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hServerKey));
|
(*env)->SetLongField(env, jSSL3KeyMatOut, fieldID,
|
||||||
|
ckULongToJLong(ckSSL3KeyMatOut->hServerKey));
|
||||||
|
|
||||||
/* copy back the client IV */
|
/* copy back the client IV */
|
||||||
fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "pIVClient", "[B");
|
fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "pIVClient", "[B");
|
||||||
@ -768,6 +816,44 @@ void copyBackSSLKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMe
|
|||||||
free(ckSSL3KeyMatOut);
|
free(ckSSL3KeyMatOut);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Copy back the derived keys and initialization vectors from the native
|
||||||
|
* structure to the Java object. This is only used for
|
||||||
|
* CKM_SSL3_KEY_AND_MAC_DERIVE and CKM_TLS_KEY_AND_MAC_DERIVE mechanisms
|
||||||
|
* when used for deriving a key.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
void ssl3CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism,
|
||||||
|
jobject jMechanism)
|
||||||
|
{
|
||||||
|
CK_SSL3_KEY_MAT_PARAMS *ckSSL3KeyMatParam;
|
||||||
|
ckSSL3KeyMatParam = (CK_SSL3_KEY_MAT_PARAMS *)ckMechanism->pParameter;
|
||||||
|
if (ckSSL3KeyMatParam != NULL_PTR) {
|
||||||
|
copyBackKeyMatParams(env, ckMechanism, jMechanism,
|
||||||
|
&(ckSSL3KeyMatParam->RandomInfo),
|
||||||
|
ckSSL3KeyMatParam->pReturnedKeyMaterial,
|
||||||
|
CLASS_SSL3_KEY_MAT_PARAMS);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Copy back the derived keys and initialization vectors from the native
|
||||||
|
* structure to the Java object. This is only used for
|
||||||
|
* CKM_TLS12_KEY_AND_MAC_DERIVE mechanism when used for deriving a key.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
void tls12CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism,
|
||||||
|
jobject jMechanism)
|
||||||
|
{
|
||||||
|
CK_TLS12_KEY_MAT_PARAMS *ckTLS12KeyMatParam;
|
||||||
|
ckTLS12KeyMatParam = (CK_TLS12_KEY_MAT_PARAMS *) ckMechanism->pParameter;
|
||||||
|
if (ckTLS12KeyMatParam != NULL_PTR) {
|
||||||
|
copyBackKeyMatParams(env, ckMechanism, jMechanism,
|
||||||
|
&(ckTLS12KeyMatParam->RandomInfo),
|
||||||
|
ckTLS12KeyMatParam->pReturnedKeyMaterial,
|
||||||
|
CLASS_TLS12_KEY_MAT_PARAMS);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
@ -807,6 +807,12 @@ typedef CK_ULONG CK_MECHANISM_TYPE;
|
|||||||
#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4
|
#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4
|
||||||
#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5
|
#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5
|
||||||
|
|
||||||
|
/* new for v2.40 */
|
||||||
|
#define CKM_TLS12_MASTER_KEY_DERIVE 0x000003E0
|
||||||
|
#define CKM_TLS12_KEY_AND_MAC_DERIVE 0x000003E1
|
||||||
|
#define CKM_TLS12_MASTER_KEY_DERIVE_DH 0x000003E2
|
||||||
|
#define CKM_TLS_MAC 0x000003E4
|
||||||
|
|
||||||
#define CKM_KEY_WRAP_LYNKS 0x00000400
|
#define CKM_KEY_WRAP_LYNKS 0x00000400
|
||||||
#define CKM_KEY_WRAP_SET_OAEP 0x00000401
|
#define CKM_KEY_WRAP_SET_OAEP 0x00000401
|
||||||
|
|
||||||
@ -1682,4 +1688,34 @@ typedef struct CK_PKCS5_PBKD2_PARAMS {
|
|||||||
|
|
||||||
typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR;
|
typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR;
|
||||||
|
|
||||||
|
/* new for v2.40 */
|
||||||
|
|
||||||
|
typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS {
|
||||||
|
CK_SSL3_RANDOM_DATA RandomInfo;
|
||||||
|
CK_VERSION_PTR pVersion;
|
||||||
|
CK_MECHANISM_TYPE prfHashMechanism;
|
||||||
|
} CK_TLS12_MASTER_KEY_DERIVE_PARAMS;
|
||||||
|
|
||||||
|
typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR;
|
||||||
|
|
||||||
|
typedef struct CK_TLS12_KEY_MAT_PARAMS {
|
||||||
|
CK_ULONG ulMacSizeInBits;
|
||||||
|
CK_ULONG ulKeySizeInBits;
|
||||||
|
CK_ULONG ulIVSizeInBits;
|
||||||
|
CK_BBOOL bIsExport;
|
||||||
|
CK_SSL3_RANDOM_DATA RandomInfo;
|
||||||
|
CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
|
||||||
|
CK_MECHANISM_TYPE prfHashMechanism;
|
||||||
|
} CK_TLS12_KEY_MAT_PARAMS;
|
||||||
|
|
||||||
|
typedef CK_TLS12_KEY_MAT_PARAMS CK_PTR CK_TLS12_KEY_MAT_PARAMS_PTR;
|
||||||
|
|
||||||
|
typedef struct CK_TLS_MAC_PARAMS {
|
||||||
|
CK_MECHANISM_TYPE prfMechanism;
|
||||||
|
CK_ULONG ulMacLength;
|
||||||
|
CK_ULONG ulServerOrClient;
|
||||||
|
} CK_TLS_MAC_PARAMS;
|
||||||
|
|
||||||
|
typedef CK_TLS_MAC_PARAMS CK_PTR CK_TLS_MAC_PARAMS_PTR;
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* Copyright (c) 2002 Graz University of Technology. All rights reserved.
|
/* Copyright (c) 2002 Graz University of Technology. All rights reserved.
|
||||||
@ -276,10 +276,13 @@ void printDebug(const char *format, ...);
|
|||||||
#define CLASS_SSL3_RANDOM_DATA "sun/security/pkcs11/wrapper/CK_SSL3_RANDOM_DATA"
|
#define CLASS_SSL3_RANDOM_DATA "sun/security/pkcs11/wrapper/CK_SSL3_RANDOM_DATA"
|
||||||
// CLASS_SSL3_RANDOM_DATA is used by CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS
|
// CLASS_SSL3_RANDOM_DATA is used by CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS
|
||||||
#define CLASS_SSL3_KEY_MAT_OUT "sun/security/pkcs11/wrapper/CK_SSL3_KEY_MAT_OUT"
|
#define CLASS_SSL3_KEY_MAT_OUT "sun/security/pkcs11/wrapper/CK_SSL3_KEY_MAT_OUT"
|
||||||
// CLASS_SSL3_KEY_MAT_OUT is used by CLASS_SSL3_KEY_MAT_PARAMS
|
// CLASS_SSL3_KEY_MAT_OUT is used by CLASS_SSL3_KEY_MAT_PARAMS and CK_TLS12_KEY_MAT_PARAMS
|
||||||
#define CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS "sun/security/pkcs11/wrapper/CK_SSL3_MASTER_KEY_DERIVE_PARAMS"
|
#define CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS "sun/security/pkcs11/wrapper/CK_SSL3_MASTER_KEY_DERIVE_PARAMS"
|
||||||
|
#define CLASS_TLS12_MASTER_KEY_DERIVE_PARAMS "sun/security/pkcs11/wrapper/CK_TLS12_MASTER_KEY_DERIVE_PARAMS"
|
||||||
#define CLASS_SSL3_KEY_MAT_PARAMS "sun/security/pkcs11/wrapper/CK_SSL3_KEY_MAT_PARAMS"
|
#define CLASS_SSL3_KEY_MAT_PARAMS "sun/security/pkcs11/wrapper/CK_SSL3_KEY_MAT_PARAMS"
|
||||||
|
#define CLASS_TLS12_KEY_MAT_PARAMS "sun/security/pkcs11/wrapper/CK_TLS12_KEY_MAT_PARAMS"
|
||||||
#define CLASS_TLS_PRF_PARAMS "sun/security/pkcs11/wrapper/CK_TLS_PRF_PARAMS"
|
#define CLASS_TLS_PRF_PARAMS "sun/security/pkcs11/wrapper/CK_TLS_PRF_PARAMS"
|
||||||
|
#define CLASS_TLS_MAC_PARAMS "sun/security/pkcs11/wrapper/CK_TLS_MAC_PARAMS"
|
||||||
#define CLASS_AES_CTR_PARAMS "sun/security/pkcs11/wrapper/CK_AES_CTR_PARAMS"
|
#define CLASS_AES_CTR_PARAMS "sun/security/pkcs11/wrapper/CK_AES_CTR_PARAMS"
|
||||||
|
|
||||||
/* function to convert a PKCS#11 return value other than CK_OK into a Java Exception
|
/* function to convert a PKCS#11 return value other than CK_OK into a Java Exception
|
||||||
@ -369,9 +372,11 @@ CK_PKCS5_PBKD2_PARAMS jPkcs5Pbkd2ParamToCKPkcs5Pbkd2Param(JNIEnv *env, jobject j
|
|||||||
CK_KEY_WRAP_SET_OAEP_PARAMS jKeyWrapSetOaepParamToCKKeyWrapSetOaepParam(JNIEnv *env, jobject jParam);
|
CK_KEY_WRAP_SET_OAEP_PARAMS jKeyWrapSetOaepParamToCKKeyWrapSetOaepParam(JNIEnv *env, jobject jParam);
|
||||||
void copyBackSetUnwrappedKey(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism);
|
void copyBackSetUnwrappedKey(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism);
|
||||||
CK_SSL3_MASTER_KEY_DERIVE_PARAMS jSsl3MasterKeyDeriveParamToCKSsl3MasterKeyDeriveParam(JNIEnv *env, jobject jParam);
|
CK_SSL3_MASTER_KEY_DERIVE_PARAMS jSsl3MasterKeyDeriveParamToCKSsl3MasterKeyDeriveParam(JNIEnv *env, jobject jParam);
|
||||||
void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism);
|
void ssl3CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism);
|
||||||
|
void tls12CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism);
|
||||||
CK_SSL3_KEY_MAT_PARAMS jSsl3KeyMatParamToCKSsl3KeyMatParam(JNIEnv *env, jobject jParam);
|
CK_SSL3_KEY_MAT_PARAMS jSsl3KeyMatParamToCKSsl3KeyMatParam(JNIEnv *env, jobject jParam);
|
||||||
void copyBackSSLKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism);
|
void ssl3CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism);
|
||||||
|
void tls12CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism);
|
||||||
CK_KEY_DERIVATION_STRING_DATA jKeyDerivationStringDataToCKKeyDerivationStringData(JNIEnv *env, jobject jParam);
|
CK_KEY_DERIVATION_STRING_DATA jKeyDerivationStringDataToCKKeyDerivationStringData(JNIEnv *env, jobject jParam);
|
||||||
CK_RSA_PKCS_PSS_PARAMS jRsaPkcsPssParamToCKRsaPkcsPssParam(JNIEnv *env, jobject jParam);
|
CK_RSA_PKCS_PSS_PARAMS jRsaPkcsPssParamToCKRsaPkcsPssParam(JNIEnv *env, jobject jParam);
|
||||||
CK_ECDH1_DERIVE_PARAMS jEcdh1DeriveParamToCKEcdh1DeriveParam(JNIEnv *env, jobject jParam);
|
CK_ECDH1_DERIVE_PARAMS jEcdh1DeriveParamToCKEcdh1DeriveParam(JNIEnv *env, jobject jParam);
|
||||||
|
454
test/jdk/sun/security/pkcs11/fips/TestTLS12.java
Normal file
454
test/jdk/sun/security/pkcs11/fips/TestTLS12.java
Normal file
@ -0,0 +1,454 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2018, Red Hat, Inc. and/or its affiliates.
|
||||||
|
*
|
||||||
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
|
*
|
||||||
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU General Public License version 2 only, as
|
||||||
|
* published by the Free Software Foundation.
|
||||||
|
*
|
||||||
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||||
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||||
|
* version 2 for more details (a copy is included in the LICENSE file that
|
||||||
|
* accompanied this code).
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License version
|
||||||
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||||
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
*
|
||||||
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||||
|
* or visit www.oracle.com if you need additional information or have any
|
||||||
|
* questions.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @test
|
||||||
|
* @bug 8029661
|
||||||
|
* @summary Test TLS 1.2
|
||||||
|
* @modules java.base/sun.security.internal.spec
|
||||||
|
* java.base/sun.security.util
|
||||||
|
* java.base/com.sun.net.ssl.internal.ssl
|
||||||
|
* java.base/com.sun.crypto.provider
|
||||||
|
* @library /test/lib ..
|
||||||
|
* @run main/othervm/timeout=120 TestTLS12
|
||||||
|
*/
|
||||||
|
|
||||||
|
import java.io.File;
|
||||||
|
import java.io.FileInputStream;
|
||||||
|
import java.io.InputStream;
|
||||||
|
import java.nio.ByteBuffer;
|
||||||
|
|
||||||
|
import java.security.interfaces.RSAPrivateKey;
|
||||||
|
import java.security.interfaces.RSAPublicKey;
|
||||||
|
import java.security.KeyStore;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
import java.security.Provider;
|
||||||
|
import java.security.SecureRandom;
|
||||||
|
import java.security.Security;
|
||||||
|
|
||||||
|
import java.util.Arrays;
|
||||||
|
|
||||||
|
import javax.crypto.Cipher;
|
||||||
|
import javax.crypto.KeyGenerator;
|
||||||
|
import javax.crypto.SecretKey;
|
||||||
|
import javax.crypto.spec.SecretKeySpec;
|
||||||
|
|
||||||
|
import javax.net.ssl.KeyManagerFactory;
|
||||||
|
import javax.net.ssl.SSLContext;
|
||||||
|
import javax.net.ssl.SSLEngine;
|
||||||
|
import javax.net.ssl.SSLEngineResult;
|
||||||
|
import javax.net.ssl.SSLEngineResult.HandshakeStatus;
|
||||||
|
import javax.net.ssl.SSLParameters;
|
||||||
|
import javax.net.ssl.SSLSession;
|
||||||
|
import javax.net.ssl.TrustManagerFactory;
|
||||||
|
|
||||||
|
import sun.security.internal.spec.TlsMasterSecretParameterSpec;
|
||||||
|
import sun.security.internal.spec.TlsPrfParameterSpec;
|
||||||
|
import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
|
||||||
|
|
||||||
|
public final class TestTLS12 extends SecmodTest {
|
||||||
|
|
||||||
|
private static final boolean enableDebug = true;
|
||||||
|
|
||||||
|
private static Provider sunPKCS11NSSProvider;
|
||||||
|
private static Provider sunJCEProvider;
|
||||||
|
private static com.sun.net.ssl.internal.ssl.Provider jsseProvider;
|
||||||
|
private static KeyStore ks;
|
||||||
|
private static KeyStore ts;
|
||||||
|
private static char[] passphrase = "JAHshj131@@".toCharArray();
|
||||||
|
private static RSAPrivateKey privateKey;
|
||||||
|
private static RSAPublicKey publicKey;
|
||||||
|
|
||||||
|
public static void main(String[] args) throws Exception {
|
||||||
|
try {
|
||||||
|
initialize();
|
||||||
|
} catch (Exception e) {
|
||||||
|
System.out.println("Test skipped: failure during" +
|
||||||
|
" initialization");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (shouldRun()) {
|
||||||
|
// Test against JCE
|
||||||
|
testTlsAuthenticationCodeGeneration();
|
||||||
|
|
||||||
|
// Self-integrity test (complete TLS 1.2 communication)
|
||||||
|
new testTLS12SunPKCS11Communication().run();
|
||||||
|
|
||||||
|
System.out.println("Test PASS - OK");
|
||||||
|
} else {
|
||||||
|
System.out.println("Test skipped: TLS 1.2 mechanisms" +
|
||||||
|
" not supported by current SunPKCS11 back-end");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private static boolean shouldRun() {
|
||||||
|
if (sunPKCS11NSSProvider == null) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
try {
|
||||||
|
KeyGenerator.getInstance("SunTls12MasterSecret",
|
||||||
|
sunPKCS11NSSProvider);
|
||||||
|
KeyGenerator.getInstance(
|
||||||
|
"SunTls12RsaPremasterSecret", sunPKCS11NSSProvider);
|
||||||
|
KeyGenerator.getInstance("SunTls12Prf", sunPKCS11NSSProvider);
|
||||||
|
} catch (NoSuchAlgorithmException e) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
private static void testTlsAuthenticationCodeGeneration()
|
||||||
|
throws Exception {
|
||||||
|
// Generate RSA Pre-Master Secret in SunPKCS11 provider
|
||||||
|
SecretKey rsaPreMasterSecret = null;
|
||||||
|
@SuppressWarnings("deprecation")
|
||||||
|
TlsRsaPremasterSecretParameterSpec rsaPreMasterSecretSpec =
|
||||||
|
new TlsRsaPremasterSecretParameterSpec(0x0303, 0x0303);
|
||||||
|
{
|
||||||
|
KeyGenerator rsaPreMasterSecretKG = KeyGenerator.getInstance(
|
||||||
|
"SunTls12RsaPremasterSecret", sunPKCS11NSSProvider);
|
||||||
|
rsaPreMasterSecretKG.init(rsaPreMasterSecretSpec, null);
|
||||||
|
rsaPreMasterSecret = rsaPreMasterSecretKG.generateKey();
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get RSA Pre-Master Secret in plain (from SunPKCS11 provider)
|
||||||
|
byte[] rsaPlainPreMasterSecret = null;
|
||||||
|
{
|
||||||
|
Cipher rsaPreMasterSecretWrapperCipher =
|
||||||
|
Cipher.getInstance("RSA/ECB/PKCS1Padding",
|
||||||
|
sunPKCS11NSSProvider);
|
||||||
|
rsaPreMasterSecretWrapperCipher.init(Cipher.WRAP_MODE, publicKey,
|
||||||
|
new SecureRandom());
|
||||||
|
byte[] rsaEncryptedPreMasterSecret =
|
||||||
|
rsaPreMasterSecretWrapperCipher.wrap(rsaPreMasterSecret);
|
||||||
|
Cipher rsaPreMasterSecretUnwrapperCipher =
|
||||||
|
Cipher.getInstance("RSA/ECB/PKCS1Padding", sunJCEProvider);
|
||||||
|
rsaPreMasterSecretUnwrapperCipher.init(Cipher.UNWRAP_MODE,
|
||||||
|
privateKey, rsaPreMasterSecretSpec);
|
||||||
|
rsaPlainPreMasterSecret = rsaPreMasterSecretUnwrapperCipher.unwrap(
|
||||||
|
rsaEncryptedPreMasterSecret, "TlsRsaPremasterSecret",
|
||||||
|
Cipher.SECRET_KEY).getEncoded();
|
||||||
|
|
||||||
|
if (enableDebug) {
|
||||||
|
System.out.println("rsaPlainPreMasterSecret:");
|
||||||
|
for (byte b : rsaPlainPreMasterSecret) {
|
||||||
|
System.out.printf("%02X, ", b);
|
||||||
|
}
|
||||||
|
System.out.println("");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Generate Master Secret
|
||||||
|
SecretKey sunPKCS11MasterSecret = null;
|
||||||
|
SecretKey jceMasterSecret = null;
|
||||||
|
{
|
||||||
|
KeyGenerator sunPKCS11MasterSecretGenerator =
|
||||||
|
KeyGenerator.getInstance("SunTls12MasterSecret",
|
||||||
|
sunPKCS11NSSProvider);
|
||||||
|
KeyGenerator jceMasterSecretGenerator = KeyGenerator.getInstance(
|
||||||
|
"SunTls12MasterSecret", sunJCEProvider);
|
||||||
|
@SuppressWarnings("deprecation")
|
||||||
|
TlsMasterSecretParameterSpec sunPKCS11MasterSecretSpec =
|
||||||
|
new TlsMasterSecretParameterSpec(rsaPreMasterSecret, 3, 3,
|
||||||
|
new byte[32], new byte[32], "SHA-256", 32, 64);
|
||||||
|
@SuppressWarnings("deprecation")
|
||||||
|
TlsMasterSecretParameterSpec jceMasterSecretSpec =
|
||||||
|
new TlsMasterSecretParameterSpec(
|
||||||
|
new SecretKeySpec(rsaPlainPreMasterSecret,
|
||||||
|
"Generic"), 3, 3, new byte[32],
|
||||||
|
new byte[32], "SHA-256", 32, 64);
|
||||||
|
sunPKCS11MasterSecretGenerator.init(sunPKCS11MasterSecretSpec,
|
||||||
|
null);
|
||||||
|
jceMasterSecretGenerator.init(jceMasterSecretSpec, null);
|
||||||
|
sunPKCS11MasterSecret =
|
||||||
|
sunPKCS11MasterSecretGenerator.generateKey();
|
||||||
|
jceMasterSecret = jceMasterSecretGenerator.generateKey();
|
||||||
|
if (enableDebug) {
|
||||||
|
System.out.println("Master Secret (SunJCE):");
|
||||||
|
if (jceMasterSecret != null) {
|
||||||
|
for (byte b : jceMasterSecret.getEncoded()) {
|
||||||
|
System.out.printf("%02X, ", b);
|
||||||
|
}
|
||||||
|
System.out.println("");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Generate authentication codes
|
||||||
|
byte[] sunPKCS11AuthenticationCode = null;
|
||||||
|
byte[] jceAuthenticationCode = null;
|
||||||
|
{
|
||||||
|
// Generate SunPKCS11 authentication code
|
||||||
|
{
|
||||||
|
@SuppressWarnings("deprecation")
|
||||||
|
TlsPrfParameterSpec sunPKCS11AuthenticationCodeSpec =
|
||||||
|
new TlsPrfParameterSpec(sunPKCS11MasterSecret,
|
||||||
|
"client finished", "a".getBytes(), 12,
|
||||||
|
"SHA-256", 32, 64);
|
||||||
|
KeyGenerator sunPKCS11AuthCodeGenerator =
|
||||||
|
KeyGenerator.getInstance("SunTls12Prf",
|
||||||
|
sunPKCS11NSSProvider);
|
||||||
|
sunPKCS11AuthCodeGenerator.init(
|
||||||
|
sunPKCS11AuthenticationCodeSpec);
|
||||||
|
sunPKCS11AuthenticationCode =
|
||||||
|
sunPKCS11AuthCodeGenerator.generateKey().getEncoded();
|
||||||
|
}
|
||||||
|
|
||||||
|
// Generate SunJCE authentication code
|
||||||
|
{
|
||||||
|
@SuppressWarnings("deprecation")
|
||||||
|
TlsPrfParameterSpec jceAuthenticationCodeSpec =
|
||||||
|
new TlsPrfParameterSpec(jceMasterSecret,
|
||||||
|
"client finished", "a".getBytes(), 12,
|
||||||
|
"SHA-256", 32, 64);
|
||||||
|
KeyGenerator jceAuthCodeGenerator =
|
||||||
|
KeyGenerator.getInstance("SunTls12Prf",
|
||||||
|
sunJCEProvider);
|
||||||
|
jceAuthCodeGenerator.init(jceAuthenticationCodeSpec);
|
||||||
|
jceAuthenticationCode =
|
||||||
|
jceAuthCodeGenerator.generateKey().getEncoded();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (enableDebug) {
|
||||||
|
System.out.println("SunPKCS11 Authentication Code: ");
|
||||||
|
for (byte b : sunPKCS11AuthenticationCode) {
|
||||||
|
System.out.printf("%02X, ", b);
|
||||||
|
}
|
||||||
|
System.out.println("");
|
||||||
|
System.out.println("SunJCE Authentication Code: ");
|
||||||
|
for (byte b : jceAuthenticationCode) {
|
||||||
|
System.out.printf("%02X, ", b);
|
||||||
|
}
|
||||||
|
System.out.println("");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (sunPKCS11AuthenticationCode == null ||
|
||||||
|
jceAuthenticationCode == null ||
|
||||||
|
sunPKCS11AuthenticationCode.length == 0 ||
|
||||||
|
jceAuthenticationCode.length == 0 ||
|
||||||
|
!Arrays.equals(sunPKCS11AuthenticationCode,
|
||||||
|
jceAuthenticationCode)) {
|
||||||
|
throw new Exception("Authentication codes from JCE" +
|
||||||
|
" and SunPKCS11 differ.");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private static class testTLS12SunPKCS11Communication {
|
||||||
|
public static void run() throws Exception {
|
||||||
|
SSLEngine[][] enginesToTest = getSSLEnginesToTest();
|
||||||
|
|
||||||
|
for (SSLEngine[] engineToTest : enginesToTest) {
|
||||||
|
|
||||||
|
SSLEngine clientSSLEngine = engineToTest[0];
|
||||||
|
SSLEngine serverSSLEngine = engineToTest[1];
|
||||||
|
|
||||||
|
// SSLEngine code based on RedhandshakeFinished.java
|
||||||
|
|
||||||
|
boolean dataDone = false;
|
||||||
|
|
||||||
|
ByteBuffer clientOut = null;
|
||||||
|
ByteBuffer clientIn = null;
|
||||||
|
ByteBuffer serverOut = null;
|
||||||
|
ByteBuffer serverIn = null;
|
||||||
|
ByteBuffer cTOs;
|
||||||
|
ByteBuffer sTOc;
|
||||||
|
|
||||||
|
SSLSession session = clientSSLEngine.getSession();
|
||||||
|
int appBufferMax = session.getApplicationBufferSize();
|
||||||
|
int netBufferMax = session.getPacketBufferSize();
|
||||||
|
|
||||||
|
clientIn = ByteBuffer.allocate(appBufferMax + 50);
|
||||||
|
serverIn = ByteBuffer.allocate(appBufferMax + 50);
|
||||||
|
|
||||||
|
cTOs = ByteBuffer.allocateDirect(netBufferMax);
|
||||||
|
sTOc = ByteBuffer.allocateDirect(netBufferMax);
|
||||||
|
|
||||||
|
clientOut = ByteBuffer.wrap(
|
||||||
|
"Hi Server, I'm Client".getBytes());
|
||||||
|
serverOut = ByteBuffer.wrap(
|
||||||
|
"Hello Client, I'm Server".getBytes());
|
||||||
|
|
||||||
|
SSLEngineResult clientResult;
|
||||||
|
SSLEngineResult serverResult;
|
||||||
|
|
||||||
|
while (!dataDone) {
|
||||||
|
clientResult = clientSSLEngine.wrap(clientOut, cTOs);
|
||||||
|
runDelegatedTasks(clientResult, clientSSLEngine);
|
||||||
|
serverResult = serverSSLEngine.wrap(serverOut, sTOc);
|
||||||
|
runDelegatedTasks(serverResult, serverSSLEngine);
|
||||||
|
cTOs.flip();
|
||||||
|
sTOc.flip();
|
||||||
|
|
||||||
|
if (enableDebug) {
|
||||||
|
System.out.println("Client -> Network");
|
||||||
|
printTlsNetworkPacket("", cTOs);
|
||||||
|
System.out.println("");
|
||||||
|
System.out.println("Server -> Network");
|
||||||
|
printTlsNetworkPacket("", sTOc);
|
||||||
|
System.out.println("");
|
||||||
|
}
|
||||||
|
|
||||||
|
clientResult = clientSSLEngine.unwrap(sTOc, clientIn);
|
||||||
|
runDelegatedTasks(clientResult, clientSSLEngine);
|
||||||
|
serverResult = serverSSLEngine.unwrap(cTOs, serverIn);
|
||||||
|
runDelegatedTasks(serverResult, serverSSLEngine);
|
||||||
|
|
||||||
|
cTOs.compact();
|
||||||
|
sTOc.compact();
|
||||||
|
|
||||||
|
if (!dataDone &&
|
||||||
|
(clientOut.limit() == serverIn.position()) &&
|
||||||
|
(serverOut.limit() == clientIn.position())) {
|
||||||
|
checkTransfer(serverOut, clientIn);
|
||||||
|
checkTransfer(clientOut, serverIn);
|
||||||
|
dataDone = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
static void printTlsNetworkPacket(String prefix, ByteBuffer bb) {
|
||||||
|
ByteBuffer slice = bb.slice();
|
||||||
|
byte[] buffer = new byte[slice.remaining()];
|
||||||
|
slice.get(buffer);
|
||||||
|
for (int i = 0; i < buffer.length; i++) {
|
||||||
|
System.out.printf("%02X, ", (byte)(buffer[i] & (byte)0xFF));
|
||||||
|
if (i % 8 == 0 && i % 16 != 0) {
|
||||||
|
System.out.print(" ");
|
||||||
|
}
|
||||||
|
if (i % 16 == 0) {
|
||||||
|
System.out.println("");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
System.out.flush();
|
||||||
|
}
|
||||||
|
|
||||||
|
private static void checkTransfer(ByteBuffer a, ByteBuffer b)
|
||||||
|
throws Exception {
|
||||||
|
a.flip();
|
||||||
|
b.flip();
|
||||||
|
if (!a.equals(b)) {
|
||||||
|
throw new Exception("Data didn't transfer cleanly");
|
||||||
|
}
|
||||||
|
a.position(a.limit());
|
||||||
|
b.position(b.limit());
|
||||||
|
a.limit(a.capacity());
|
||||||
|
b.limit(b.capacity());
|
||||||
|
}
|
||||||
|
|
||||||
|
private static void runDelegatedTasks(SSLEngineResult result,
|
||||||
|
SSLEngine engine) throws Exception {
|
||||||
|
|
||||||
|
if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
|
||||||
|
Runnable runnable;
|
||||||
|
while ((runnable = engine.getDelegatedTask()) != null) {
|
||||||
|
runnable.run();
|
||||||
|
}
|
||||||
|
HandshakeStatus hsStatus = engine.getHandshakeStatus();
|
||||||
|
if (hsStatus == HandshakeStatus.NEED_TASK) {
|
||||||
|
throw new Exception(
|
||||||
|
"handshake shouldn't need additional tasks");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private static SSLEngine[][] getSSLEnginesToTest() throws Exception {
|
||||||
|
SSLEngine[][] enginesToTest = new SSLEngine[2][2];
|
||||||
|
String[][] preferredSuites = new String[][]{ new String[] {
|
||||||
|
"TLS_RSA_WITH_AES_128_CBC_SHA256"
|
||||||
|
}, new String[] {
|
||||||
|
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"
|
||||||
|
}};
|
||||||
|
for (int i = 0; i < enginesToTest.length; i++) {
|
||||||
|
enginesToTest[i][0] = createSSLEngine(true);
|
||||||
|
enginesToTest[i][1] = createSSLEngine(false);
|
||||||
|
enginesToTest[i][0].setEnabledCipherSuites(preferredSuites[i]);
|
||||||
|
enginesToTest[i][1].setEnabledCipherSuites(preferredSuites[i]);
|
||||||
|
}
|
||||||
|
return enginesToTest;
|
||||||
|
}
|
||||||
|
|
||||||
|
static private SSLEngine createSSLEngine(boolean client)
|
||||||
|
throws Exception {
|
||||||
|
SSLEngine ssle;
|
||||||
|
KeyManagerFactory kmf = KeyManagerFactory.getInstance("PKIX",
|
||||||
|
jsseProvider);
|
||||||
|
kmf.init(ks, passphrase);
|
||||||
|
|
||||||
|
TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX",
|
||||||
|
jsseProvider);
|
||||||
|
tmf.init(ts);
|
||||||
|
|
||||||
|
SSLContext sslCtx = SSLContext.getInstance("TLSv1.2",
|
||||||
|
jsseProvider);
|
||||||
|
sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
|
||||||
|
ssle = sslCtx.createSSLEngine("localhost", 443);
|
||||||
|
ssle.setUseClientMode(client);
|
||||||
|
SSLParameters sslParameters = ssle.getSSLParameters();
|
||||||
|
ssle.setSSLParameters(sslParameters);
|
||||||
|
|
||||||
|
return ssle;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private static void initialize() throws Exception {
|
||||||
|
if (initSecmod() == false) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
String configName = BASE + SEP + "fips.cfg";
|
||||||
|
sunPKCS11NSSProvider = getSunPKCS11(configName);
|
||||||
|
System.out.println("SunPKCS11 provider: " + sunPKCS11NSSProvider);
|
||||||
|
Security.addProvider(sunPKCS11NSSProvider);
|
||||||
|
|
||||||
|
sunJCEProvider = new com.sun.crypto.provider.SunJCE();
|
||||||
|
Security.addProvider(sunJCEProvider);
|
||||||
|
|
||||||
|
Security.removeProvider("SunJSSE");
|
||||||
|
jsseProvider =new com.sun.net.ssl.internal.ssl.Provider(
|
||||||
|
sunPKCS11NSSProvider);
|
||||||
|
Security.addProvider(jsseProvider);
|
||||||
|
System.out.println(jsseProvider.getInfo());
|
||||||
|
|
||||||
|
ks = KeyStore.getInstance("PKCS11", sunPKCS11NSSProvider);
|
||||||
|
ks.load(null, "test12".toCharArray());
|
||||||
|
ts = ks;
|
||||||
|
|
||||||
|
KeyStore ksPlain = readTestKeyStore();
|
||||||
|
privateKey = (RSAPrivateKey)ksPlain.getKey("rh_rsa_sha256",
|
||||||
|
passphrase);
|
||||||
|
publicKey = (RSAPublicKey)ksPlain.getCertificate(
|
||||||
|
"rh_rsa_sha256").getPublicKey();
|
||||||
|
}
|
||||||
|
|
||||||
|
private static KeyStore readTestKeyStore() throws Exception {
|
||||||
|
File file = new File(System.getProperty("test.src", "."), "keystore");
|
||||||
|
InputStream in = new FileInputStream(file);
|
||||||
|
KeyStore ks = KeyStore.getInstance("JKS");
|
||||||
|
ks.load(in, "passphrase".toCharArray());
|
||||||
|
in.close();
|
||||||
|
return ks;
|
||||||
|
}
|
||||||
|
}
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue
Block a user