8029661: Support TLS v1.2 algorithm in SunPKCS11 provider

TLS v1.2 algorithms for key and MAC derivation added to SunPKCS11 crypto provider.

Reviewed-by: valeriep

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,6 +38,7 @@ import sun.security.internal.interfaces.TlsMasterSecret;
 
 import static sun.security.pkcs11.TemplateManager.*;
 import sun.security.pkcs11.wrapper.*;
+
 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
 
 /**
@@ -61,6 +62,8 @@ public final class P11TlsKeyMaterialGenerator extends KeyGeneratorSpi {
     // mechanism id
     private long mechanism;
 
+    private int tlsVersion;
+
     // parameter spec
     @SuppressWarnings("deprecation")
     private TlsKeyMaterialParameterSpec spec;
@@ -96,14 +99,14 @@ public final class P11TlsKeyMaterialGenerator extends KeyGeneratorSpi {
         }
 
         TlsKeyMaterialParameterSpec spec = (TlsKeyMaterialParameterSpec)params;
-        int version = (spec.getMajorVersion() << 8) | spec.getMinorVersion();
+        tlsVersion = (spec.getMajorVersion() << 8) | spec.getMinorVersion();
 
-        if ((version == 0x0300 && !supportSSLv3) || (version < 0x0300) ||
+        if ((tlsVersion == 0x0300 && !supportSSLv3) ||
-            (version > 0x0302)) {
+                (tlsVersion < 0x0300) || (tlsVersion > 0x0303)) {
              throw new InvalidAlgorithmParameterException
                     ("Only" + (supportSSLv3? " SSL 3.0,": "") +
-                     " TLS 1.0, and TLS 1.1 are supported (0x" +
+                     " TLS 1.0, TLS 1.1 and TLS 1.2 are supported (" +
-                     Integer.toHexString(version) + ")");
+                     tlsVersion + ")");
         }
         try {
             p11Key = P11SecretKeyFactory.convertKey
@@ -112,8 +115,11 @@ public final class P11TlsKeyMaterialGenerator extends KeyGeneratorSpi {
             throw new InvalidAlgorithmParameterException("init() failed", e);
         }
         this.spec = spec;
-        this.mechanism = (version == 0x0300)?
+        if (tlsVersion == 0x0300) {
-            CKM_SSL3_KEY_AND_MAC_DERIVE : CKM_TLS_KEY_AND_MAC_DERIVE;
+            mechanism = CKM_SSL3_KEY_AND_MAC_DERIVE;
+        } else if (tlsVersion == 0x0301 || tlsVersion == 0x0302) {
+            mechanism = CKM_TLS_KEY_AND_MAC_DERIVE;
+        }
     }
 
     protected void engineInit(int keysize, SecureRandom random) {
@@ -141,8 +147,18 @@ public final class P11TlsKeyMaterialGenerator extends KeyGeneratorSpi {
 
         CK_SSL3_RANDOM_DATA random = new CK_SSL3_RANDOM_DATA
                             (spec.getClientRandom(), spec.getServerRandom());
-        CK_SSL3_KEY_MAT_PARAMS params = new CK_SSL3_KEY_MAT_PARAMS
+        Object params = null;
-                            (macBits, keyBits, ivBits, isExportable, random);
+        CK_MECHANISM ckMechanism = null;
+        if (tlsVersion < 0x0303) {
+            params = new CK_SSL3_KEY_MAT_PARAMS
+                    (macBits, keyBits, ivBits, isExportable, random);
+            ckMechanism = new CK_MECHANISM(mechanism, (CK_SSL3_KEY_MAT_PARAMS)params);
+        } else if (tlsVersion == 0x0303) {
+            params = new CK_TLS12_KEY_MAT_PARAMS
+                    (macBits, keyBits, ivBits, isExportable, random,
+                    Functions.getHashMechId(spec.getPRFHashAlg()));
+            ckMechanism = new CK_MECHANISM(mechanism, (CK_TLS12_KEY_MAT_PARAMS)params);
+        }
 
         String cipherAlgorithm = spec.getCipherAlgorithm();
         long keyType = P11SecretKeyFactory.getKeyType(cipherAlgorithm);
@@ -173,10 +189,15 @@ public final class P11TlsKeyMaterialGenerator extends KeyGeneratorSpi {
             attributes = token.getAttributes
                 (O_GENERATE, CKO_SECRET_KEY, keyType, attributes);
             // the returned keyID is a dummy, ignore
-            long keyID = token.p11.C_DeriveKey(session.id(),
+            token.p11.C_DeriveKey(session.id(),
-                new CK_MECHANISM(mechanism, params), p11Key.keyID, attributes);
+                ckMechanism, p11Key.keyID, attributes);
 
-            CK_SSL3_KEY_MAT_OUT out = params.pReturnedKeyMaterial;
+            CK_SSL3_KEY_MAT_OUT out = null;
+            if (params instanceof CK_SSL3_KEY_MAT_PARAMS) {
+                out = ((CK_SSL3_KEY_MAT_PARAMS)params).pReturnedKeyMaterial;
+            } else if (params instanceof CK_TLS12_KEY_MAT_PARAMS) {
+                out = ((CK_TLS12_KEY_MAT_PARAMS)params).pReturnedKeyMaterial;
+            }
             // Note that the MAC keys do not inherit all attributes from the
             // template, but they do inherit the sensitive/extractable/token
             // flags, which is all P11Key cares about.

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsMasterSecretGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,12 +29,11 @@ import java.security.*;
 import java.security.spec.AlgorithmParameterSpec;
 
 import javax.crypto.*;
-import javax.crypto.spec.*;
-
 import sun.security.internal.spec.TlsMasterSecretParameterSpec;
 
 import static sun.security.pkcs11.TemplateManager.*;
 import sun.security.pkcs11.wrapper.*;
+
 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
 
 /**
@@ -57,6 +56,8 @@ public final class P11TlsMasterSecretGenerator extends KeyGeneratorSpi {
     // mechanism id
     private long mechanism;
 
+    private int tlsVersion;
+
     @SuppressWarnings("deprecation")
     private TlsMasterSecretParameterSpec spec;
     private P11Key p11Key;
@@ -91,13 +92,13 @@ public final class P11TlsMasterSecretGenerator extends KeyGeneratorSpi {
         }
 
         TlsMasterSecretParameterSpec spec = (TlsMasterSecretParameterSpec)params;
-        int version = (spec.getMajorVersion() << 8) | spec.getMinorVersion();
+        tlsVersion = (spec.getMajorVersion() << 8) | spec.getMinorVersion();
-        if ((version == 0x0300 && !supportSSLv3) || (version < 0x0300) ||
+        if ((tlsVersion == 0x0300 && !supportSSLv3) ||
-            (version > 0x0302)) {
+                (tlsVersion < 0x0300) || (tlsVersion > 0x0303)) {
              throw new InvalidAlgorithmParameterException
                     ("Only" + (supportSSLv3? " SSL 3.0,": "") +
-                     " TLS 1.0, and TLS 1.1 are supported (0x" +
+                     " TLS 1.0, TLS 1.1 and TLS 1.2 are supported (" +
-                     Integer.toHexString(version) + ")");
+                     tlsVersion + ")");
         }
 
         SecretKey key = spec.getPremasterSecret();
@@ -109,9 +110,19 @@ public final class P11TlsMasterSecretGenerator extends KeyGeneratorSpi {
             throw new InvalidAlgorithmParameterException("init() failed", e);
         }
         this.spec = spec;
-        if (p11Key.getAlgorithm().equals("TlsRsaPremasterSecret")) {
+        final boolean isTlsRsaPremasterSecret =
-            mechanism = (version == 0x0300) ? CKM_SSL3_MASTER_KEY_DERIVE
+                p11Key.getAlgorithm().equals("TlsRsaPremasterSecret");
-                                             : CKM_TLS_MASTER_KEY_DERIVE;
+        if (tlsVersion == 0x0300) {
+            mechanism = isTlsRsaPremasterSecret ?
+                    CKM_SSL3_MASTER_KEY_DERIVE : CKM_SSL3_MASTER_KEY_DERIVE_DH;
+        } else if (tlsVersion == 0x0301 || tlsVersion == 0x0302) {
+            mechanism = isTlsRsaPremasterSecret ?
+                    CKM_TLS_MASTER_KEY_DERIVE : CKM_TLS_MASTER_KEY_DERIVE_DH;
+        } else if (tlsVersion == 0x0303) {
+            mechanism = isTlsRsaPremasterSecret ?
+                    CKM_TLS12_MASTER_KEY_DERIVE : CKM_TLS12_MASTER_KEY_DERIVE_DH;
+        }
+        if (isTlsRsaPremasterSecret) {
             ckVersion = new CK_VERSION(0, 0);
         } else {
             // Note: we use DH for all non-RSA premaster secrets. That includes
@@ -120,8 +131,6 @@ public final class P11TlsMasterSecretGenerator extends KeyGeneratorSpi {
             // TLS PRF (or the SSL equivalent).
             // The only thing special about RSA master secret calculation is
             // that it extracts the version numbers from the premaster secret.
-            mechanism = (version == 0x0300) ? CKM_SSL3_MASTER_KEY_DERIVE_DH
-                                             : CKM_TLS_MASTER_KEY_DERIVE_DH;
             ckVersion = null;
         }
     }
@@ -139,23 +148,31 @@ public final class P11TlsMasterSecretGenerator extends KeyGeneratorSpi {
         byte[] serverRandom = spec.getServerRandom();
         CK_SSL3_RANDOM_DATA random =
                 new CK_SSL3_RANDOM_DATA(clientRandom, serverRandom);
-        CK_SSL3_MASTER_KEY_DERIVE_PARAMS params =
+        CK_MECHANISM ckMechanism = null;
-                new CK_SSL3_MASTER_KEY_DERIVE_PARAMS(random, ckVersion);
+        if (tlsVersion < 0x0303) {
-
+            CK_SSL3_MASTER_KEY_DERIVE_PARAMS params =
+                    new CK_SSL3_MASTER_KEY_DERIVE_PARAMS(random, ckVersion);
+            ckMechanism = new CK_MECHANISM(mechanism, params);
+        } else if (tlsVersion == 0x0303) {
+            CK_TLS12_MASTER_KEY_DERIVE_PARAMS params =
+                    new CK_TLS12_MASTER_KEY_DERIVE_PARAMS(random, ckVersion,
+                            Functions.getHashMechId(spec.getPRFHashAlg()));
+            ckMechanism = new CK_MECHANISM(mechanism, params);
+        }
         Session session = null;
         try {
             session = token.getObjSession();
             CK_ATTRIBUTE[] attributes = token.getAttributes(O_GENERATE,
                 CKO_SECRET_KEY, CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]);
             long keyID = token.p11.C_DeriveKey(session.id(),
-                new CK_MECHANISM(mechanism, params), p11Key.keyID, attributes);
+                    ckMechanism, p11Key.keyID, attributes);
             int major, minor;
-            if (params.pVersion == null) {
+            if (ckVersion == null) {
                 major = -1;
                 minor = -1;
             } else {
-                major = params.pVersion.major;
+                major = ckVersion.major;
-                minor = params.pVersion.minor;
+                minor = ckVersion.minor;
             }
             SecretKey key = P11Key.masterSecretKey(session, keyID,
                 "TlsMasterSecret", 48 << 3, attributes, major, minor);

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsPrfGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -126,9 +126,48 @@ final class P11TlsPrfGenerator extends KeyGeneratorSpi {
         if (spec == null) {
             throw new IllegalStateException("TlsPrfGenerator must be initialized");
         }
-        byte[] label = P11Util.getBytesUTF8(spec.getLabel());
+
         byte[] seed = spec.getSeed();
 
+        // TLS 1.2
+        if (mechanism == CKM_TLS_MAC) {
+            SecretKey k = null;
+            int ulServerOrClient = 0;
+            if (spec.getLabel().equals("server finished")) {
+                ulServerOrClient = 1;
+            }
+            if (spec.getLabel().equals("client finished")) {
+                ulServerOrClient = 2;
+            }
+
+            if (ulServerOrClient != 0) {
+                // Finished message
+                CK_TLS_MAC_PARAMS params = new CK_TLS_MAC_PARAMS(
+                        Functions.getHashMechId(spec.getPRFHashAlg()),
+                        spec.getOutputLength(), ulServerOrClient);
+                Session session = null;
+                try {
+                    session = token.getOpSession();
+                    token.p11.C_SignInit(session.id(),
+                            new CK_MECHANISM(mechanism, params), p11Key.keyID);
+                    token.p11.C_SignUpdate(session.id(), 0, seed, 0, seed.length);
+                    byte[] out = token.p11.C_SignFinal
+                                        (session.id(), spec.getOutputLength());
+                    k = new SecretKeySpec(out, "TlsPrf");
+                } catch (PKCS11Exception e) {
+                    throw new ProviderException("Could not calculate PRF", e);
+                } finally {
+                    token.releaseSession(session);
+                }
+            } else {
+                throw new ProviderException("Only Finished message authentication code"+
+                                            " generation supported for TLS 1.2.");
+            }
+            return k;
+        }
+
+        byte[] label = P11Util.getBytesUTF8(spec.getLabel());
+
         if (mechanism == CKM_NSS_TLS_PRF_GENERAL) {
             Session session = null;
             try {

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsRsaPremasterSecretGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -89,15 +89,14 @@ final class P11TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi {
 
         TlsRsaPremasterSecretParameterSpec spec =
             (TlsRsaPremasterSecretParameterSpec) params;
+        int tlsVersion = (spec.getMajorVersion() << 8) | spec.getMinorVersion();
 
-        int version = (spec.getMajorVersion() << 8) | spec.getMinorVersion();
+        if ((tlsVersion == 0x0300 && !supportSSLv3) ||
-
+                (tlsVersion < 0x0300) || (tlsVersion > 0x0303)) {
-        if ((version == 0x0300 && !supportSSLv3) || (version < 0x0300) ||
-            (version > 0x0302)) {
              throw new InvalidAlgorithmParameterException
                     ("Only" + (supportSSLv3? " SSL 3.0,": "") +
-                     " TLS 1.0, and TLS 1.1 are supported (0x" +
+                     " TLS 1.0, TLS 1.1 and TLS 1.2 are supported (" +
-                     Integer.toHexString(version) + ")");
+                     tlsVersion + ")");
         }
         this.spec = spec;
     }

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -744,38 +744,28 @@ public final class SunPKCS11 extends AuthProvider {
                 s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"),
                 m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
 
-        /*
-         * TLS 1.2 uses a different hash algorithm than 1.0/1.1 for the
-         * PRF calculations.  As of 2010, there is no PKCS11-level
-         * support for TLS 1.2 PRF calculations, and no known OS's have
-         * an internal variant we could use.  Therefore for TLS 1.2, we
-         * are updating JSSE to request different provider algorithms
-         * (e.g. "SunTls12Prf"), and currently only SunJCE has these
-         * TLS 1.2 algorithms.
-         *
-         * If we reused the names such as "SunTlsPrf", the PKCS11
-         * providers would need be updated to fail correctly when
-         * presented with the wrong version number (via
-         * Provider.Service.supportsParameters()), and we would also
-         * need to add the appropriate supportsParamters() checks into
-         * KeyGenerators (not currently there).
-         *
-         * In the future, if PKCS11 support is added, we will restructure
-         * this.
-         */
         d(KG, "SunTlsRsaPremasterSecret",
                     "sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator",
+                    s("SunTls12RsaPremasterSecret"),
                 m(CKM_SSL3_PRE_MASTER_KEY_GEN, CKM_TLS_PRE_MASTER_KEY_GEN));
         d(KG, "SunTlsMasterSecret",
                     "sun.security.pkcs11.P11TlsMasterSecretGenerator",
                 m(CKM_SSL3_MASTER_KEY_DERIVE, CKM_TLS_MASTER_KEY_DERIVE,
                     CKM_SSL3_MASTER_KEY_DERIVE_DH,
                     CKM_TLS_MASTER_KEY_DERIVE_DH));
+        d(KG, "SunTls12MasterSecret",
+                "sun.security.pkcs11.P11TlsMasterSecretGenerator",
+            m(CKM_TLS12_MASTER_KEY_DERIVE, CKM_TLS12_MASTER_KEY_DERIVE_DH));
         d(KG, "SunTlsKeyMaterial",
                     "sun.security.pkcs11.P11TlsKeyMaterialGenerator",
                 m(CKM_SSL3_KEY_AND_MAC_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE));
+        d(KG, "SunTls12KeyMaterial",
+                "sun.security.pkcs11.P11TlsKeyMaterialGenerator",
+            m(CKM_TLS12_KEY_AND_MAC_DERIVE));
         d(KG, "SunTlsPrf", "sun.security.pkcs11.P11TlsPrfGenerator",
                 m(CKM_TLS_PRF, CKM_NSS_TLS_PRF_GENERAL));
+        d(KG, "SunTls12Prf", "sun.security.pkcs11.P11TlsPrfGenerator",
+                m(CKM_TLS_MAC));
     }
 
     // background thread that periodically checks for token insertion
@@ -1042,13 +1032,16 @@ public final class SunPKCS11 extends AuthProvider {
                 if (algorithm == "SunTlsRsaPremasterSecret") {
                     return new P11TlsRsaPremasterSecretGenerator(
                         token, algorithm, mechanism);
-                } else if (algorithm == "SunTlsMasterSecret") {
+                } else if (algorithm == "SunTlsMasterSecret"
+                        || algorithm == "SunTls12MasterSecret") {
                     return new P11TlsMasterSecretGenerator(
                         token, algorithm, mechanism);
-                } else if (algorithm == "SunTlsKeyMaterial") {
+                } else if (algorithm == "SunTlsKeyMaterial"
+                        || algorithm == "SunTls12KeyMaterial") {
                     return new P11TlsKeyMaterialGenerator(
                         token, algorithm, mechanism);
-                } else if (algorithm == "SunTlsPrf") {
+                } else if (algorithm == "SunTlsPrf"
+                        || algorithm == "SunTls12Prf") {
                     return new P11TlsPrfGenerator(token, algorithm, mechanism);
                 } else {
                     return new P11KeyGenerator(token, algorithm, mechanism);

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 
 /* Copyright  (c) 2002 Graz University of Technology. All rights reserved.
@@ -112,14 +112,26 @@ public class CK_MECHANISM {
         init(mechanism, params);
     }
 
+    public CK_MECHANISM(long mechanism, CK_TLS12_MASTER_KEY_DERIVE_PARAMS params) {
+        init(mechanism, params);
+    }
+
     public CK_MECHANISM(long mechanism, CK_SSL3_KEY_MAT_PARAMS params) {
         init(mechanism, params);
     }
 
+    public CK_MECHANISM(long mechanism, CK_TLS12_KEY_MAT_PARAMS params) {
+        init(mechanism, params);
+    }
+
     public CK_MECHANISM(long mechanism, CK_TLS_PRF_PARAMS params) {
         init(mechanism, params);
     }
 
+    public CK_MECHANISM(long mechanism, CK_TLS_MAC_PARAMS params) {
+        init(mechanism, params);
+    }
+
     public CK_MECHANISM(long mechanism, CK_ECDH1_DERIVE_PARAMS params) {
         init(mechanism, params);
     }

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_TLS12_KEY_MAT_PARAMS.java

@@ -0,0 +1,150 @@
+/*
+ * Copyright (c) 2018, Red Hat, Inc. and/or its affiliates.
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.pkcs11.wrapper;
+
+/**
+ * CK_TLS12_KEY_MAT_PARAMS from PKCS#11 v2.40.
+ */
+public class CK_TLS12_KEY_MAT_PARAMS {
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_ULONG ulMacSizeInBits;
+     * </PRE>
+     */
+    public long ulMacSizeInBits;
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_ULONG ulKeySizeInBits;
+     * </PRE>
+     */
+    public long ulKeySizeInBits;
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_ULONG ulIVSizeInBits;
+     * </PRE>
+     */
+    public long ulIVSizeInBits;
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_BBOOL bIsExport;
+     * </PRE>
+     */
+    public boolean bIsExport;
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_SSL3_RANDOM_DATA RandomInfo;
+     * </PRE>
+     */
+    public CK_SSL3_RANDOM_DATA RandomInfo;
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
+     * </PRE>
+     */
+    public CK_SSL3_KEY_MAT_OUT pReturnedKeyMaterial;
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_MECHANISM_TYPE prfHashMechanism;
+     * </PRE>
+     */
+    public long prfHashMechanism;
+
+    public CK_TLS12_KEY_MAT_PARAMS(
+            int macSize, int keySize, int ivSize, boolean export,
+            CK_SSL3_RANDOM_DATA random, long prfHashMechanism) {
+        ulMacSizeInBits = macSize;
+        ulKeySizeInBits = keySize;
+        ulIVSizeInBits = ivSize;
+        bIsExport = export;
+        RandomInfo = random;
+        pReturnedKeyMaterial = new CK_SSL3_KEY_MAT_OUT();
+        if (ivSize != 0) {
+            int n = ivSize >> 3;
+            pReturnedKeyMaterial.pIVClient = new byte[n];
+            pReturnedKeyMaterial.pIVServer = new byte[n];
+        }
+        this.prfHashMechanism = prfHashMechanism;
+    }
+
+    /**
+     * Returns the string representation of CK_TLS12_KEY_MAT_PARAMS.
+     *
+     * @return the string representation of CK_TLS12_KEY_MAT_PARAMS
+     */
+    public String toString() {
+        StringBuilder buffer = new StringBuilder();
+
+        buffer.append(Constants.INDENT);
+        buffer.append("ulMacSizeInBits: ");
+        buffer.append(ulMacSizeInBits);
+        buffer.append(Constants.NEWLINE);
+
+        buffer.append(Constants.INDENT);
+        buffer.append("ulKeySizeInBits: ");
+        buffer.append(ulKeySizeInBits);
+        buffer.append(Constants.NEWLINE);
+
+        buffer.append(Constants.INDENT);
+        buffer.append("ulIVSizeInBits: ");
+        buffer.append(ulIVSizeInBits);
+        buffer.append(Constants.NEWLINE);
+
+        buffer.append(Constants.INDENT);
+        buffer.append("bIsExport: ");
+        buffer.append(bIsExport);
+        buffer.append(Constants.NEWLINE);
+
+        buffer.append(Constants.INDENT);
+        buffer.append("RandomInfo: ");
+        buffer.append(RandomInfo);
+        buffer.append(Constants.NEWLINE);
+
+        buffer.append(Constants.INDENT);
+        buffer.append("pReturnedKeyMaterial: ");
+        buffer.append(pReturnedKeyMaterial);
+        buffer.append(Constants.NEWLINE);
+
+        buffer.append(Constants.INDENT);
+        buffer.append("prfHashMechanism: ");
+        buffer.append(prfHashMechanism);
+
+        return buffer.toString();
+    }
+
+}

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_TLS12_MASTER_KEY_DERIVE_PARAMS.java

@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 2018, Red Hat, Inc. and/or its affiliates.
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.pkcs11.wrapper;
+
+/**
+ * CK_TLS12_MASTER_KEY_DERIVE_PARAMS from PKCS#11 v2.40.
+ */
+public class CK_TLS12_MASTER_KEY_DERIVE_PARAMS {
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_SSL3_RANDOM_DATA RandomInfo;
+     * </PRE>
+     */
+    public CK_SSL3_RANDOM_DATA RandomInfo;
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_VERSION_PTR pVersion;
+     * </PRE>
+     */
+    public CK_VERSION pVersion;
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_MECHANISM_TYPE prfHashMechanism;
+     * </PRE>
+     */
+    public long prfHashMechanism;
+
+    public CK_TLS12_MASTER_KEY_DERIVE_PARAMS(
+            CK_SSL3_RANDOM_DATA random, CK_VERSION version,
+            long prfHashMechanism) {
+        RandomInfo = random;
+        pVersion = version;
+        this.prfHashMechanism = prfHashMechanism;
+    }
+
+}

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_TLS_MAC_PARAMS.java

@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2018, Red Hat, Inc. and/or its affiliates.
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.pkcs11.wrapper;
+
+/**
+ * CK_TLS_MAC_PARAMS from PKCS#11 v2.40.
+ */
+public class CK_TLS_MAC_PARAMS {
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_MECHANISM_TYPE prfMechanism;
+     * </PRE>
+     */
+    public long prfMechanism;
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_ULONG ulMacLength;
+     * </PRE>
+     */
+    public long ulMacLength;
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_ULONG ulServerOrClient;
+     * </PRE>
+     */
+    public long ulServerOrClient;
+
+    public CK_TLS_MAC_PARAMS(long prfMechanism,
+            long ulMacLength, long ulServerOrClient) {
+        this.prfMechanism = prfMechanism;
+        this.ulMacLength = ulMacLength;
+        this.ulServerOrClient = ulServerOrClient;
+    }
+
+}

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/Functions.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 
 /* Copyright  (c) 2002 Graz University of Technology. All rights reserved.
@@ -73,6 +73,9 @@ public class Functions {
     private static final Map<String,Integer> mechIds =
         new HashMap<String,Integer>();
 
+    private static final Map<String, Long> hashMechIds =
+            new HashMap<String, Long>();
+
     // key types (CKK_*)
     private static final Map<Integer,String> keyNames =
         new HashMap<Integer,String>();
@@ -94,7 +97,6 @@ public class Functions {
     private static final Map<String,Integer> objectClassIds =
         new HashMap<String,Integer>();
 
-
     /**
      * For converting numbers to their hex presentation.
      */
@@ -444,6 +446,10 @@ public class Functions {
         return getId(objectClassIds, name);
     }
 
+    public static long getHashMechId(String name) {
+        return hashMechIds.get(name);
+    }
+
     /**
      * Check the given arrays for equalitiy. This method considers both arrays as
      * equal, if both are <code>null</code> or both have the same length and
@@ -589,6 +595,10 @@ public class Functions {
         addMapping(objectClassNames, objectClassIds, id, name);
     }
 
+    private static void addHashMech(long id, String name) {
+        hashMechIds.put(name, id);
+    }
+
     static {
         addMech(CKM_RSA_PKCS_KEY_PAIR_GEN,      "CKM_RSA_PKCS_KEY_PAIR_GEN");
         addMech(CKM_RSA_PKCS,                   "CKM_RSA_PKCS");
@@ -719,6 +729,10 @@ public class Functions {
         addMech(CKM_TLS_PRF,                    "CKM_TLS_PRF");
         addMech(CKM_SSL3_MD5_MAC,               "CKM_SSL3_MD5_MAC");
         addMech(CKM_SSL3_SHA1_MAC,              "CKM_SSL3_SHA1_MAC");
+        addMech(CKM_TLS12_MASTER_KEY_DERIVE,    "CKM_TLS12_MASTER_KEY_DERIVE");
+        addMech(CKM_TLS12_KEY_AND_MAC_DERIVE,   "CKM_TLS12_KEY_AND_MAC_DERIVE");
+        addMech(CKM_TLS12_MASTER_KEY_DERIVE_DH, "CKM_TLS12_MASTER_KEY_DERIVE_DH");
+        addMech(CKM_TLS_MAC,                    "CKM_TLS_MAC");
         addMech(CKM_MD5_KEY_DERIVATION,         "CKM_MD5_KEY_DERIVATION");
         addMech(CKM_MD2_KEY_DERIVATION,         "CKM_MD2_KEY_DERIVATION");
         addMech(CKM_SHA1_KEY_DERIVATION,        "CKM_SHA1_KEY_DERIVATION");
@@ -794,6 +808,12 @@ public class Functions {
         addMech(PCKM_SECURERANDOM,              "SecureRandom");
         addMech(PCKM_KEYSTORE,                  "KeyStore");
 
+        addHashMech(CKM_SHA_1, "SHA-1");
+        addHashMech(CKM_SHA224, "SHA-224");
+        addHashMech(CKM_SHA256, "SHA-256");
+        addHashMech(CKM_SHA384, "SHA-384");
+        addHashMech(CKM_SHA512, "SHA-512");
+
         addKeyType(CKK_RSA,                     "CKK_RSA");
         addKeyType(CKK_DSA,                     "CKK_DSA");
         addKeyType(CKK_DH,                      "CKK_DH");

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 
 /* Copyright  (c) 2002 Graz University of Technology. All rights reserved.
@@ -625,6 +625,14 @@ public interface PKCS11Constants {
     public static final long  CKM_PKCS5_PBKD2                = 0x000003B0L;
 
     public static final long  CKM_PBA_SHA1_WITH_SHA1_HMAC    = 0x000003C0L;
+
+    /* CKM_TLS12_MASTER_KEY_DERIVE, CKM_TLS12_KEY_AND_MAC_DERIVE,
+     * CKM_TLS12_MASTER_KEY_DERIVE_DH and CKM_TLS_MAC are new for v2.40 */
+    public static final long  CKM_TLS12_MASTER_KEY_DERIVE    = 0x000003E0L;
+    public static final long  CKM_TLS12_KEY_AND_MAC_DERIVE   = 0x000003E1L;
+    public static final long  CKM_TLS12_MASTER_KEY_DERIVE_DH = 0x000003E2L;
+    public static final long  CKM_TLS_MAC                    = 0x000003E4L;
+
     public static final long  CKM_KEY_WRAP_LYNKS             = 0x00000400L;
     public static final long  CKM_KEY_WRAP_SET_OAEP          = 0x00000401L;
 

src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 
 /* Copyright  (c) 2002 Graz University of Technology. All rights reserved.
@@ -457,67 +457,110 @@ CK_ATTRIBUTE jAttributeToCKAttribute(JNIEnv *env, jobject jAttribute)
     return ckAttribute ;
 }
 
-/*
+void masterKeyDeriveParamToCKMasterKeyDeriveParam(JNIEnv *env, jobject jParam,
- * converts the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS object to a
+        jclass masterKeyDeriveParamClass,
- * CK_SSL3_MASTER_KEY_DERIVE_PARAMS structure
+        CK_VERSION_PTR* cKMasterKeyDeriveParamVersion,
- *
+        CK_SSL3_RANDOM_DATA* cKMasterKeyDeriveParamRandomInfo) {
- * @param env - used to call JNI funktions to get the Java classes and objects
- * @param jParam - the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS object to convert
- * @return - the new CK_SSL3_MASTER_KEY_DERIVE_PARAMS structure
- */
-CK_SSL3_MASTER_KEY_DERIVE_PARAMS jSsl3MasterKeyDeriveParamToCKSsl3MasterKeyDeriveParam(JNIEnv *env, jobject jParam)
-{
-    // XXX don't return structs
-    // XXX prefetch class and field ids
-    jclass jSsl3MasterKeyDeriveParamsClass;
-    CK_SSL3_MASTER_KEY_DERIVE_PARAMS ckParam;
     jfieldID fieldID;
     jclass jSsl3RandomDataClass;
     jobject jRandomInfo, jRIClientRandom, jRIServerRandom, jVersion;
-    memset(&ckParam, 0, sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS));
 
     /* get RandomInfo */
-    jSsl3MasterKeyDeriveParamsClass = (*env)->FindClass(env, CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS);
+    fieldID = (*env)->GetFieldID(env, masterKeyDeriveParamClass, "RandomInfo",
-    if (jSsl3MasterKeyDeriveParamsClass == NULL) { return ckParam; }
+            "Lsun/security/pkcs11/wrapper/CK_SSL3_RANDOM_DATA;");
-    fieldID = (*env)->GetFieldID(env, jSsl3MasterKeyDeriveParamsClass, "RandomInfo", "Lsun/security/pkcs11/wrapper/CK_SSL3_RANDOM_DATA;");
+    if (fieldID == NULL) { return; }
-    if (fieldID == NULL) { return ckParam; }
     jRandomInfo = (*env)->GetObjectField(env, jParam, fieldID);
 
     /* get pClientRandom and ulClientRandomLength out of RandomInfo */
     jSsl3RandomDataClass = (*env)->FindClass(env, CLASS_SSL3_RANDOM_DATA);
-    if (jSsl3RandomDataClass == NULL) { return ckParam; }
+    if (jSsl3RandomDataClass == NULL) { return; }
     fieldID = (*env)->GetFieldID(env, jSsl3RandomDataClass, "pClientRandom", "[B");
-    if (fieldID == NULL) { return ckParam; }
+    if (fieldID == NULL) { return; }
     jRIClientRandom = (*env)->GetObjectField(env, jRandomInfo, fieldID);
 
     /* get pServerRandom and ulServerRandomLength out of RandomInfo */
     fieldID = (*env)->GetFieldID(env, jSsl3RandomDataClass, "pServerRandom", "[B");
-    if (fieldID == NULL) { return ckParam; }
+    if (fieldID == NULL) { return; }
     jRIServerRandom = (*env)->GetObjectField(env, jRandomInfo, fieldID);
 
     /* get pVersion */
-    fieldID = (*env)->GetFieldID(env, jSsl3MasterKeyDeriveParamsClass, "pVersion",  "Lsun/security/pkcs11/wrapper/CK_VERSION;");
+    fieldID = (*env)->GetFieldID(env, masterKeyDeriveParamClass, "pVersion",
-    if (fieldID == NULL) { return ckParam; }
+            "Lsun/security/pkcs11/wrapper/CK_VERSION;");
+    if (fieldID == NULL) { return; }
     jVersion = (*env)->GetObjectField(env, jParam, fieldID);
 
     /* populate java values */
-    ckParam.pVersion = jVersionToCKVersionPtr(env, jVersion);
+    *cKMasterKeyDeriveParamVersion = jVersionToCKVersionPtr(env, jVersion);
-    if ((*env)->ExceptionCheck(env)) { return ckParam; }
+    if ((*env)->ExceptionCheck(env)) { return; }
-    jByteArrayToCKByteArray(env, jRIClientRandom, &(ckParam.RandomInfo.pClientRandom), &(ckParam.RandomInfo.ulClientRandomLen));
+    jByteArrayToCKByteArray(env, jRIClientRandom,
+            &(cKMasterKeyDeriveParamRandomInfo->pClientRandom),
+            &(cKMasterKeyDeriveParamRandomInfo->ulClientRandomLen));
     if ((*env)->ExceptionCheck(env)) {
-        free(ckParam.pVersion);
+        free(*cKMasterKeyDeriveParamVersion);
-        return ckParam;
+        return;
     }
-    jByteArrayToCKByteArray(env, jRIServerRandom, &(ckParam.RandomInfo.pServerRandom), &(ckParam.RandomInfo.ulServerRandomLen));
+    jByteArrayToCKByteArray(env, jRIServerRandom,
+            &(cKMasterKeyDeriveParamRandomInfo->pServerRandom),
+            &(cKMasterKeyDeriveParamRandomInfo->ulServerRandomLen));
     if ((*env)->ExceptionCheck(env)) {
-        free(ckParam.pVersion);
+        free(*cKMasterKeyDeriveParamVersion);
-        free(ckParam.RandomInfo.pClientRandom);
+        free(cKMasterKeyDeriveParamRandomInfo->pClientRandom);
-        return ckParam;
+        return;
     }
-
-    return ckParam ;
 }
 
+/*
+ * converts the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS object to a
+ * CK_SSL3_MASTER_KEY_DERIVE_PARAMS structure
+ *
+ * @param env - used to call JNI functions to get the Java classes and objects
+ * @param jParam - the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS object to convert
+ * @return - the new CK_SSL3_MASTER_KEY_DERIVE_PARAMS structure
+ */
+CK_SSL3_MASTER_KEY_DERIVE_PARAMS
+jSsl3MasterKeyDeriveParamToCKSsl3MasterKeyDeriveParam(JNIEnv *env,
+        jobject jParam)
+{
+    CK_SSL3_MASTER_KEY_DERIVE_PARAMS ckParam;
+    memset(&ckParam, 0, sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS));
+    jclass jSsl3MasterKeyDeriveParamsClass =
+            (*env)->FindClass(env, CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS);
+    if (jSsl3MasterKeyDeriveParamsClass == NULL) { return ckParam; }
+    masterKeyDeriveParamToCKMasterKeyDeriveParam(env, jParam,
+            jSsl3MasterKeyDeriveParamsClass,
+            &ckParam.pVersion, &ckParam.RandomInfo);
+    return ckParam;
+}
+
+/*
+ * converts the Java CK_TLS12_MASTER_KEY_DERIVE_PARAMS object to a
+ * CK_TLS12_MASTER_KEY_DERIVE_PARAMS structure
+ *
+ * @param env - used to call JNI functions to get the Java classes and objects
+ * @param jParam - the Java CK_TLS12_MASTER_KEY_DERIVE_PARAMS object to convert
+ * @return - the new CK_TLS12_MASTER_KEY_DERIVE_PARAMS structure
+ */
+CK_TLS12_MASTER_KEY_DERIVE_PARAMS
+jTls12MasterKeyDeriveParamToCKTls12MasterKeyDeriveParam(JNIEnv *env,
+        jobject jParam)
+{
+    CK_TLS12_MASTER_KEY_DERIVE_PARAMS ckParam;
+    memset(&ckParam, 0, sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS));
+    jclass jTls12MasterKeyDeriveParamsClass =
+            (*env)->FindClass(env, CLASS_TLS12_MASTER_KEY_DERIVE_PARAMS);
+    if (jTls12MasterKeyDeriveParamsClass == NULL) { return ckParam; }
+    masterKeyDeriveParamToCKMasterKeyDeriveParam(env, jParam,
+            jTls12MasterKeyDeriveParamsClass, &ckParam.pVersion,
+            &ckParam.RandomInfo);
+    jfieldID fieldID = (*env)->GetFieldID(env,
+            jTls12MasterKeyDeriveParamsClass, "prfHashMechanism", "J");
+    if (fieldID != NULL) {
+        jlong prfHashMechanism =
+                (*env)->GetLongField(env, jParam, fieldID);
+        ckParam.prfHashMechanism = (CK_MECHANISM_TYPE)prfHashMechanism;
+    }
+    return ckParam;
+}
 
 /*
  * converts the Java CK_TLS_PRF_PARAMS object to a CK_TLS_PRF_PARAMS structure
@@ -576,126 +619,217 @@ CK_TLS_PRF_PARAMS jTlsPrfParamsToCKTlsPrfParam(JNIEnv *env, jobject jParam)
 }
 
 /*
- * converts the Java CK_SSL3_KEY_MAT_PARAMS object to a CK_SSL3_KEY_MAT_PARAMS structure
+ * converts the Java CK_TLS_MAC_PARAMS object to a CK_TLS_MAC_PARAMS structure
- *
- * @param env - used to call JNI funktions to get the Java classes and objects
- * @param jParam - the Java CK_SSL3_KEY_MAT_PARAMS object to convert
- * @return - the new CK_SSL3_KEY_MAT_PARAMS structure
  */
-CK_SSL3_KEY_MAT_PARAMS jSsl3KeyMatParamToCKSsl3KeyMatParam(JNIEnv *env, jobject jParam)
+CK_TLS_MAC_PARAMS jTlsMacParamsToCKTlsMacParam(JNIEnv *env, jobject jParam)
 {
-    // XXX don't return structs
+    jclass jTlsMacParamsClass;
-    // XXX prefetch class and field ids
+    CK_TLS_MAC_PARAMS ckParam;
-    jclass jSsl3KeyMatParamsClass, jSsl3RandomDataClass, jSsl3KeyMatOutClass;
+    jfieldID fieldID;
-    CK_SSL3_KEY_MAT_PARAMS ckParam;
+    jlong jPrfMechanism, jUlMacLength, jUlServerOrClient;
+    memset(&ckParam, 0, sizeof(CK_TLS_MAC_PARAMS));
+
+    jTlsMacParamsClass = (*env)->FindClass(env, CLASS_TLS_MAC_PARAMS);
+    if (jTlsMacParamsClass == NULL) { return ckParam; }
+
+    /* get prfMechanism */
+    fieldID = (*env)->GetFieldID(env, jTlsMacParamsClass, "prfMechanism", "J");
+    if (fieldID == NULL) { return ckParam; }
+    jPrfMechanism = (*env)->GetLongField(env, jParam, fieldID);
+
+    /* get ulMacLength */
+    fieldID = (*env)->GetFieldID(env, jTlsMacParamsClass, "ulMacLength", "J");
+    if (fieldID == NULL) { return ckParam; }
+    jUlMacLength = (*env)->GetLongField(env, jParam, fieldID);
+
+    /* get ulServerOrClient */
+    fieldID = (*env)->GetFieldID(env, jTlsMacParamsClass, "ulServerOrClient", "J");
+    if (fieldID == NULL) { return ckParam; }
+    jUlServerOrClient = (*env)->GetLongField(env, jParam, fieldID);
+
+    /* populate java values */
+    ckParam.prfMechanism = jLongToCKULong(jPrfMechanism);
+    ckParam.ulMacLength = jLongToCKULong(jUlMacLength);
+    ckParam.ulServerOrClient = jLongToCKULong(jUlServerOrClient);
+
+    return ckParam;
+}
+
+void keyMatParamToCKKeyMatParam(JNIEnv *env, jobject jParam,
+        jclass jKeyMatParamClass,
+        CK_ULONG* cKKeyMatParamUlMacSizeInBits,
+        CK_ULONG* cKKeyMatParamUlKeySizeInBits,
+        CK_ULONG* cKKeyMatParamUlIVSizeInBits,
+        CK_BBOOL* cKKeyMatParamBIsExport,
+        CK_SSL3_RANDOM_DATA* cKKeyMatParamRandomInfo,
+        CK_SSL3_KEY_MAT_OUT_PTR* cKKeyMatParamPReturnedKeyMaterial)
+{
+    jclass jSsl3RandomDataClass, jSsl3KeyMatOutClass;
     jfieldID fieldID;
     jlong jMacSizeInBits, jKeySizeInBits, jIVSizeInBits;
     jboolean jIsExport;
     jobject jRandomInfo, jRIClientRandom, jRIServerRandom;
     jobject jReturnedKeyMaterial, jRMIvClient, jRMIvServer;
     CK_ULONG ckTemp;
-    memset(&ckParam, 0, sizeof(CK_SSL3_KEY_MAT_PARAMS));
 
     /* get ulMacSizeInBits */
-    jSsl3KeyMatParamsClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_PARAMS);
+    fieldID = (*env)->GetFieldID(env, jKeyMatParamClass, "ulMacSizeInBits", "J");
-    if (jSsl3KeyMatParamsClass == NULL) { return ckParam; }
+    if (fieldID == NULL) { return; }
-    fieldID = (*env)->GetFieldID(env, jSsl3KeyMatParamsClass, "ulMacSizeInBits", "J");
-    if (fieldID == NULL) { return ckParam; }
     jMacSizeInBits = (*env)->GetLongField(env, jParam, fieldID);
 
     /* get ulKeySizeInBits */
-    fieldID = (*env)->GetFieldID(env, jSsl3KeyMatParamsClass, "ulKeySizeInBits", "J");
+    fieldID = (*env)->GetFieldID(env, jKeyMatParamClass, "ulKeySizeInBits", "J");
-    if (fieldID == NULL) { return ckParam; }
+    if (fieldID == NULL) { return; }
     jKeySizeInBits = (*env)->GetLongField(env, jParam, fieldID);
 
     /* get ulIVSizeInBits */
-    fieldID = (*env)->GetFieldID(env, jSsl3KeyMatParamsClass, "ulIVSizeInBits", "J");
+    fieldID = (*env)->GetFieldID(env, jKeyMatParamClass, "ulIVSizeInBits", "J");
-    if (fieldID == NULL) { return ckParam; }
+    if (fieldID == NULL) { return; }
     jIVSizeInBits = (*env)->GetLongField(env, jParam, fieldID);
 
     /* get bIsExport */
-    fieldID = (*env)->GetFieldID(env, jSsl3KeyMatParamsClass, "bIsExport", "Z");
+    fieldID = (*env)->GetFieldID(env, jKeyMatParamClass, "bIsExport", "Z");
-    if (fieldID == NULL) { return ckParam; }
+    if (fieldID == NULL) { return; }
     jIsExport = (*env)->GetBooleanField(env, jParam, fieldID);
 
     /* get RandomInfo */
     jSsl3RandomDataClass = (*env)->FindClass(env, CLASS_SSL3_RANDOM_DATA);
-    if (jSsl3RandomDataClass == NULL) { return ckParam; }
+    if (jSsl3RandomDataClass == NULL) { return; }
-    fieldID = (*env)->GetFieldID(env, jSsl3KeyMatParamsClass, "RandomInfo",  "Lsun/security/pkcs11/wrapper/CK_SSL3_RANDOM_DATA;");
+    fieldID = (*env)->GetFieldID(env, jKeyMatParamClass, "RandomInfo",
-    if (fieldID == NULL) { return ckParam; }
+            "Lsun/security/pkcs11/wrapper/CK_SSL3_RANDOM_DATA;");
+    if (fieldID == NULL) { return; }
     jRandomInfo = (*env)->GetObjectField(env, jParam, fieldID);
 
     /* get pClientRandom and ulClientRandomLength out of RandomInfo */
     fieldID = (*env)->GetFieldID(env, jSsl3RandomDataClass, "pClientRandom", "[B");
-    if (fieldID == NULL) { return ckParam; }
+    if (fieldID == NULL) { return; }
     jRIClientRandom = (*env)->GetObjectField(env, jRandomInfo, fieldID);
 
     /* get pServerRandom and ulServerRandomLength out of RandomInfo */
     fieldID = (*env)->GetFieldID(env, jSsl3RandomDataClass, "pServerRandom", "[B");
-    if (fieldID == NULL) { return ckParam; }
+    if (fieldID == NULL) { return; }
     jRIServerRandom = (*env)->GetObjectField(env, jRandomInfo, fieldID);
 
     /* get pReturnedKeyMaterial */
     jSsl3KeyMatOutClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_OUT);
-    if (jSsl3KeyMatOutClass == NULL) { return ckParam; }
+    if (jSsl3KeyMatOutClass == NULL) { return; }
-    fieldID = (*env)->GetFieldID(env, jSsl3KeyMatParamsClass, "pReturnedKeyMaterial",  "Lsun/security/pkcs11/wrapper/CK_SSL3_KEY_MAT_OUT;");
+    fieldID = (*env)->GetFieldID(env, jKeyMatParamClass, "pReturnedKeyMaterial",
-    if (fieldID == NULL) { return ckParam; }
+            "Lsun/security/pkcs11/wrapper/CK_SSL3_KEY_MAT_OUT;");
+    if (fieldID == NULL) { return; }
     jReturnedKeyMaterial = (*env)->GetObjectField(env, jParam, fieldID);
 
     /* get pIVClient out of pReturnedKeyMaterial */
     fieldID = (*env)->GetFieldID(env, jSsl3KeyMatOutClass, "pIVClient", "[B");
-    if (fieldID == NULL) { return ckParam; }
+    if (fieldID == NULL) { return; }
     jRMIvClient = (*env)->GetObjectField(env, jReturnedKeyMaterial, fieldID);
 
     /* get pIVServer out of pReturnedKeyMaterial */
     fieldID = (*env)->GetFieldID(env, jSsl3KeyMatOutClass, "pIVServer", "[B");
-    if (fieldID == NULL) { return ckParam; }
+    if (fieldID == NULL) { return; }
     jRMIvServer = (*env)->GetObjectField(env, jReturnedKeyMaterial, fieldID);
 
     /* populate java values */
-    ckParam.ulMacSizeInBits = jLongToCKULong(jMacSizeInBits);
+    *cKKeyMatParamUlMacSizeInBits = jLongToCKULong(jMacSizeInBits);
-    ckParam.ulKeySizeInBits = jLongToCKULong(jKeySizeInBits);
+    *cKKeyMatParamUlKeySizeInBits = jLongToCKULong(jKeySizeInBits);
-    ckParam.ulIVSizeInBits = jLongToCKULong(jIVSizeInBits);
+    *cKKeyMatParamUlIVSizeInBits = jLongToCKULong(jIVSizeInBits);
-    ckParam.bIsExport = jBooleanToCKBBool(jIsExport);
+    *cKKeyMatParamBIsExport = jBooleanToCKBBool(jIsExport);
-    jByteArrayToCKByteArray(env, jRIClientRandom, &(ckParam.RandomInfo.pClientRandom), &(ckParam.RandomInfo.ulClientRandomLen));
+    jByteArrayToCKByteArray(env, jRIClientRandom,
-    if ((*env)->ExceptionCheck(env)) { return ckParam; }
+            &(cKKeyMatParamRandomInfo->pClientRandom),
-    jByteArrayToCKByteArray(env, jRIServerRandom, &(ckParam.RandomInfo.pServerRandom), &(ckParam.RandomInfo.ulServerRandomLen));
+            &(cKKeyMatParamRandomInfo->ulClientRandomLen));
+    if ((*env)->ExceptionCheck(env)) { return; }
+    jByteArrayToCKByteArray(env, jRIServerRandom,
+            &(cKKeyMatParamRandomInfo->pServerRandom),
+            &(cKKeyMatParamRandomInfo->ulServerRandomLen));
     if ((*env)->ExceptionCheck(env)) {
-        free(ckParam.RandomInfo.pClientRandom);
+        free(cKKeyMatParamRandomInfo->pClientRandom);
-        return ckParam;
+        return;
     }
     /* allocate memory for pRetrunedKeyMaterial */
-    ckParam.pReturnedKeyMaterial = (CK_SSL3_KEY_MAT_OUT_PTR) malloc(sizeof(CK_SSL3_KEY_MAT_OUT));
+    *cKKeyMatParamPReturnedKeyMaterial =
-    if (ckParam.pReturnedKeyMaterial == NULL) {
+            (CK_SSL3_KEY_MAT_OUT_PTR)malloc(sizeof(CK_SSL3_KEY_MAT_OUT));
-        free(ckParam.RandomInfo.pClientRandom);
+    if (*cKKeyMatParamPReturnedKeyMaterial == NULL) {
-        free(ckParam.RandomInfo.pServerRandom);
+        free(cKKeyMatParamRandomInfo->pClientRandom);
+        free(cKKeyMatParamRandomInfo->pServerRandom);
         throwOutOfMemoryError(env, 0);
-        return ckParam;
+        return;
     }
 
     // the handles are output params only, no need to fetch them from Java
-    ckParam.pReturnedKeyMaterial->hClientMacSecret = 0;
+    (*cKKeyMatParamPReturnedKeyMaterial)->hClientMacSecret = 0;
-    ckParam.pReturnedKeyMaterial->hServerMacSecret = 0;
+    (*cKKeyMatParamPReturnedKeyMaterial)->hServerMacSecret = 0;
-    ckParam.pReturnedKeyMaterial->hClientKey = 0;
+    (*cKKeyMatParamPReturnedKeyMaterial)->hClientKey = 0;
-    ckParam.pReturnedKeyMaterial->hServerKey = 0;
+    (*cKKeyMatParamPReturnedKeyMaterial)->hServerKey = 0;
 
-    jByteArrayToCKByteArray(env, jRMIvClient, &(ckParam.pReturnedKeyMaterial->pIVClient), &ckTemp);
+    jByteArrayToCKByteArray(env, jRMIvClient,
+            &((*cKKeyMatParamPReturnedKeyMaterial)->pIVClient), &ckTemp);
     if ((*env)->ExceptionCheck(env)) {
-        free(ckParam.RandomInfo.pClientRandom);
+        free(cKKeyMatParamRandomInfo->pClientRandom);
-        free(ckParam.RandomInfo.pServerRandom);
+        free(cKKeyMatParamRandomInfo->pServerRandom);
-        free(ckParam.pReturnedKeyMaterial);
+        free((*cKKeyMatParamPReturnedKeyMaterial));
-        return ckParam;
+        return;
     }
-    jByteArrayToCKByteArray(env, jRMIvServer, &(ckParam.pReturnedKeyMaterial->pIVServer), &ckTemp);
+    jByteArrayToCKByteArray(env, jRMIvServer,
+            &((*cKKeyMatParamPReturnedKeyMaterial)->pIVServer), &ckTemp);
     if ((*env)->ExceptionCheck(env)) {
-        free(ckParam.RandomInfo.pClientRandom);
+        free(cKKeyMatParamRandomInfo->pClientRandom);
-        free(ckParam.RandomInfo.pServerRandom);
+        free(cKKeyMatParamRandomInfo->pServerRandom);
-        free(ckParam.pReturnedKeyMaterial->pIVClient);
+        free((*cKKeyMatParamPReturnedKeyMaterial)->pIVClient);
-        free(ckParam.pReturnedKeyMaterial);
+        free((*cKKeyMatParamPReturnedKeyMaterial));
-        return ckParam;
+        return;
     }
 
-    return ckParam ;
+    return;
+}
+/*
+ * converts the Java CK_SSL3_KEY_MAT_PARAMS object to a
+ * CK_SSL3_KEY_MAT_PARAMS structure
+ *
+ * @param env - used to call JNI funktions to get the Java classes and objects
+ * @param jParam - the Java CK_SSL3_KEY_MAT_PARAMS object to convert
+ * @return - the new CK_SSL3_KEY_MAT_PARAMS structure
+ */
+CK_SSL3_KEY_MAT_PARAMS
+jSsl3KeyMatParamToCKSsl3KeyMatParam(JNIEnv *env, jobject jParam)
+{
+    CK_SSL3_KEY_MAT_PARAMS ckParam;
+    memset(&ckParam, 0, sizeof(CK_SSL3_KEY_MAT_PARAMS));
+    jclass jSsl3KeyMatParamsClass = (*env)->FindClass(env,
+            CLASS_SSL3_KEY_MAT_PARAMS);
+    if (jSsl3KeyMatParamsClass == NULL) { return ckParam; }
+    keyMatParamToCKKeyMatParam(env, jParam, jSsl3KeyMatParamsClass,
+            &ckParam.ulMacSizeInBits, &ckParam.ulKeySizeInBits,
+            &ckParam.ulIVSizeInBits, &ckParam.bIsExport,
+            &ckParam.RandomInfo, &ckParam.pReturnedKeyMaterial);
+    return ckParam;
+}
+
+/*
+ * converts the Java CK_TLS12_KEY_MAT_PARAMS object to a
+ * CK_TLS12_KEY_MAT_PARAMS structure
+ *
+ * @param env - used to call JNI functions to get the Java classes and objects
+ * @param jParam - the Java CK_TLS12_KEY_MAT_PARAMS object to convert
+ * @return - the new CK_TLS12_KEY_MAT_PARAMS structure
+ */
+CK_TLS12_KEY_MAT_PARAMS jTls12KeyMatParamToCKTls12KeyMatParam(JNIEnv *env,
+        jobject jParam)
+{
+    CK_TLS12_KEY_MAT_PARAMS ckParam;
+    memset(&ckParam, 0, sizeof(CK_TLS12_KEY_MAT_PARAMS));
+    jclass jTls12KeyMatParamsClass = (*env)->FindClass(env,
+            CLASS_TLS12_KEY_MAT_PARAMS);
+    if (jTls12KeyMatParamsClass == NULL) { return ckParam; }
+    keyMatParamToCKKeyMatParam(env, jParam, jTls12KeyMatParamsClass,
+            &ckParam.ulMacSizeInBits, &ckParam.ulKeySizeInBits,
+            &ckParam.ulIVSizeInBits, &ckParam.bIsExport,
+            &ckParam.RandomInfo, &ckParam.pReturnedKeyMaterial);
+    jfieldID fieldID = (*env)->GetFieldID(env, jTls12KeyMatParamsClass,
+            "prfHashMechanism", "J");
+    if (fieldID != NULL) {
+        jlong prfHashMechanism = (*env)->GetLongField(env, jParam, fieldID);
+        ckParam.prfHashMechanism = (CK_MECHANISM_TYPE)prfHashMechanism;
+    }
+    return ckParam;
 }
 
 /*
@@ -980,8 +1114,11 @@ void jMechanismParameterToCKMechanismParameter(JNIEnv *env, jobject jParam, CK_V
 void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam, CK_VOID_PTR *ckpParamPtr, CK_ULONG *ckpLength)
 {
     /* get all Java mechanism parameter classes */
-    jclass jVersionClass, jSsl3MasterKeyDeriveParamsClass, jSsl3KeyMatParamsClass;
+    jclass jVersionClass, jSsl3MasterKeyDeriveParamsClass;
-    jclass jTlsPrfParamsClass, jAesCtrParamsClass, jRsaPkcsOaepParamsClass;
+    jclass jTls12MasterKeyDeriveParamsClass, jSsl3KeyMatParamsClass;
+    jclass jTls12KeyMatParamsClass;
+    jclass jTlsPrfParamsClass, jTlsMacParamsClass, jAesCtrParamsClass;
+    jclass jRsaPkcsOaepParamsClass;
     jclass jPbeParamsClass, jPkcs5Pbkd2ParamsClass, jRsaPkcsPssParamsClass;
     jclass jEcdh1DeriveParamsClass, jEcdh2DeriveParamsClass;
     jclass jX942Dh1DeriveParamsClass, jX942Dh2DeriveParamsClass;
@@ -1061,6 +1198,62 @@ void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam,
         return;
     }
 
+    jTls12KeyMatParamsClass = (*env)->FindClass(env, CLASS_TLS12_KEY_MAT_PARAMS);
+    if (jTls12KeyMatParamsClass == NULL) { return; }
+    if ((*env)->IsInstanceOf(env, jParam, jTls12KeyMatParamsClass)) {
+        /*
+         * CK_TLS12_KEY_MAT_PARAMS
+         */
+        CK_TLS12_KEY_MAT_PARAMS_PTR ckpParam;
+
+        ckpParam = (CK_TLS12_KEY_MAT_PARAMS_PTR) malloc(sizeof(CK_TLS12_KEY_MAT_PARAMS));
+        if (ckpParam == NULL) {
+            throwOutOfMemoryError(env, 0);
+            return;
+        }
+
+        /* convert jParameter to CKParameter */
+        *ckpParam = jTls12KeyMatParamToCKTls12KeyMatParam(env, jParam);
+        if ((*env)->ExceptionCheck(env)) {
+            free(ckpParam);
+            return;
+        }
+
+        /* get length and pointer of parameter */
+        *ckpLength = sizeof(CK_TLS12_KEY_MAT_PARAMS);
+        *ckpParamPtr = ckpParam;
+        return;
+    }
+
+    jTls12MasterKeyDeriveParamsClass =
+            (*env)->FindClass(env, CLASS_TLS12_MASTER_KEY_DERIVE_PARAMS);
+    if (jTls12MasterKeyDeriveParamsClass == NULL) { return; }
+    if ((*env)->IsInstanceOf(env, jParam, jTls12MasterKeyDeriveParamsClass)) {
+        /*
+         * CK_TLS12_MASTER_KEY_DERIVE_PARAMS
+         */
+        CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR ckpParam;
+
+        ckpParam = (CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR)malloc(
+                sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS));
+        if (ckpParam == NULL) {
+            throwOutOfMemoryError(env, 0);
+            return;
+        }
+
+        /* convert jParameter to CKParameter */
+        *ckpParam = jTls12MasterKeyDeriveParamToCKTls12MasterKeyDeriveParam(env, jParam);
+        if ((*env)->ExceptionCheck(env)) {
+            free(ckpParam);
+            return;
+        }
+
+        /* get length and pointer of parameter */
+        *ckpLength = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS);
+        *ckpParamPtr = ckpParam;
+        return;
+    }
+
     jTlsPrfParamsClass = (*env)->FindClass(env, CLASS_TLS_PRF_PARAMS);
     if (jTlsPrfParamsClass == NULL) { return; }
     if ((*env)->IsInstanceOf(env, jParam, jTlsPrfParamsClass)) {
@@ -1088,6 +1281,30 @@ void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam,
         return;
     }
 
+    jTlsMacParamsClass = (*env)->FindClass(env, CLASS_TLS_MAC_PARAMS);
+    if (jTlsMacParamsClass == NULL) { return; }
+    if ((*env)->IsInstanceOf(env, jParam, jTlsMacParamsClass)) {
+        CK_TLS_MAC_PARAMS_PTR ckpParam;
+
+        ckpParam = (CK_TLS_MAC_PARAMS_PTR) malloc(sizeof(CK_TLS_MAC_PARAMS));
+        if (ckpParam == NULL) {
+            throwOutOfMemoryError(env, 0);
+            return;
+        }
+
+        /* convert jParameter to CKParameter */
+        *ckpParam = jTlsMacParamsToCKTlsMacParam(env, jParam);
+        if ((*env)->ExceptionCheck(env)) {
+            free(ckpParam);
+            return;
+        }
+
+        /* get length and pointer of parameter */
+        *ckpLength = sizeof(CK_TLS_MAC_PARAMS);
+        *ckpParamPtr = ckpParam;
+        return;
+    }
+
     jAesCtrParamsClass = (*env)->FindClass(env, CLASS_AES_CTR_PARAMS);
     if (jAesCtrParamsClass == NULL) { return; }
     if ((*env)->IsInstanceOf(env, jParam, jAesCtrParamsClass)) {

src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_keymgmt.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 
 /* Copyright  (c) 2002 Graz University of Technology. All rights reserved.
@@ -382,25 +382,38 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1UnwrapKey
 
 #ifdef P11_ENABLE_C_DERIVEKEY
 
-void freeMasterKeyDeriveParams(CK_MECHANISM_PTR ckMechanism) {
+static void freeMasterKeyDeriveParams(CK_SSL3_RANDOM_DATA *RandomInfo, CK_VERSION_PTR pVersion) {
+    if (RandomInfo->pClientRandom != NULL) {
+        free(RandomInfo->pClientRandom);
+    }
+    if (RandomInfo->pServerRandom != NULL) {
+        free(RandomInfo->pServerRandom);
+    }
+    if (pVersion != NULL) {
+        free(pVersion);
+    }
+}
+
+void ssl3FreeMasterKeyDeriveParams(CK_MECHANISM_PTR ckMechanism) {
     CK_SSL3_MASTER_KEY_DERIVE_PARAMS *params = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *) ckMechanism->pParameter;
     if (params == NULL) {
         return;
     }
+    freeMasterKeyDeriveParams(&(params->RandomInfo), params->pVersion);
+}
 
-    if (params->RandomInfo.pClientRandom != NULL) {
+void tls12FreeMasterKeyDeriveParams(CK_MECHANISM_PTR ckMechanism) {
-        free(params->RandomInfo.pClientRandom);
+    CK_TLS12_MASTER_KEY_DERIVE_PARAMS *params =
-    }
+            (CK_TLS12_MASTER_KEY_DERIVE_PARAMS *)ckMechanism->pParameter;
-    if (params->RandomInfo.pServerRandom != NULL) {
+    if (params == NULL) {
-        free(params->RandomInfo.pServerRandom);
+        return;
-    }
-    if (params->pVersion != NULL) {
-        free(params->pVersion);
     }
+    freeMasterKeyDeriveParams(&(params->RandomInfo), params->pVersion);
 }
 
 void freeEcdh1DeriveParams(CK_MECHANISM_PTR ckMechanism) {
-    CK_ECDH1_DERIVE_PARAMS *params = (CK_ECDH1_DERIVE_PARAMS *) ckMechanism->pParameter;
+    CK_ECDH1_DERIVE_PARAMS *params =
+            (CK_ECDH1_DERIVE_PARAMS *)ckMechanism->pParameter;
     if (params == NULL) {
         return;
     }
@@ -525,6 +538,7 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DeriveKey
     switch (ckMechanism.mechanism) {
     case CKM_SSL3_KEY_AND_MAC_DERIVE:
     case CKM_TLS_KEY_AND_MAC_DERIVE:
+    case CKM_TLS12_KEY_AND_MAC_DERIVE:
     case CKM_TLS_PRF:
         // these mechanism do not return a key handle via phKey
         // set to NULL in case pedantic implementations check for it
@@ -546,17 +560,28 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DeriveKey
     case CKM_SSL3_MASTER_KEY_DERIVE:
     case CKM_TLS_MASTER_KEY_DERIVE:
         /* we must copy back the client version */
-        copyBackClientVersion(env, &ckMechanism, jMechanism);
+        ssl3CopyBackClientVersion(env, &ckMechanism, jMechanism);
-        freeMasterKeyDeriveParams(&ckMechanism);
+        ssl3FreeMasterKeyDeriveParams(&ckMechanism);
+        break;
+    case CKM_TLS12_MASTER_KEY_DERIVE:
+        tls12CopyBackClientVersion(env, &ckMechanism, jMechanism);
+        tls12FreeMasterKeyDeriveParams(&ckMechanism);
         break;
     case CKM_SSL3_MASTER_KEY_DERIVE_DH:
     case CKM_TLS_MASTER_KEY_DERIVE_DH:
-        freeMasterKeyDeriveParams(&ckMechanism);
+        ssl3FreeMasterKeyDeriveParams(&ckMechanism);
+        break;
+    case CKM_TLS12_MASTER_KEY_DERIVE_DH:
+        tls12FreeMasterKeyDeriveParams(&ckMechanism);
         break;
     case CKM_SSL3_KEY_AND_MAC_DERIVE:
     case CKM_TLS_KEY_AND_MAC_DERIVE:
         /* we must copy back the unwrapped key info to the jMechanism object */
-        copyBackSSLKeyMatParams(env, &ckMechanism, jMechanism);
+        ssl3CopyBackKeyMatParams(env, &ckMechanism, jMechanism);
+        break;
+    case CKM_TLS12_KEY_AND_MAC_DERIVE:
+        /* we must copy back the unwrapped key info to the jMechanism object */
+        tls12CopyBackKeyMatParams(env, &ckMechanism, jMechanism);
         break;
     case CKM_TLS_PRF:
         copyBackTLSPrfParams(env, &ckMechanism, jMechanism);
@@ -577,53 +602,42 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DeriveKey
     return jKeyHandle ;
 }
 
-/*
+static void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism,
- * Copy back the client version information from the native
+        CK_VERSION *ckVersion, const char *class_master_key_derive_params)
- * structure to the Java object. This is only used for the
- * CKM_SSL3_MASTER_KEY_DERIVE mechanism when used for deriving a key.
- *
- */
-void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism)
 {
-  jclass jMechanismClass, jSSL3MasterKeyDeriveParamsClass, jVersionClass;
+    jclass jMasterKeyDeriveParamsClass, jMechanismClass, jVersionClass;
-  CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ckSSL3MasterKeyDeriveParams;
+    jobject jMasterKeyDeriveParams;
-  CK_VERSION *ckVersion;
+    jfieldID fieldID;
-  jfieldID fieldID;
+    CK_MECHANISM_TYPE ckMechanismType;
-  CK_MECHANISM_TYPE ckMechanismType;
+    jlong jMechanismType;
-  jlong jMechanismType;
+    jobject jVersion;
-  jobject jSSL3MasterKeyDeriveParams;
-  jobject jVersion;
 
-  /* get mechanism */
+    /* get mechanism */
-  jMechanismClass = (*env)->FindClass(env, CLASS_MECHANISM);
+    jMechanismClass = (*env)->FindClass(env, CLASS_MECHANISM);
-  if (jMechanismClass == NULL) { return; }
+    if (jMechanismClass == NULL) { return; }
-  fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J");
+    fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J");
-  if (fieldID == NULL) { return; }
+    if (fieldID == NULL) { return; }
-  jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID);
+    jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID);
-  ckMechanismType = jLongToCKULong(jMechanismType);
+    ckMechanismType = jLongToCKULong(jMechanismType);
-  if (ckMechanismType != ckMechanism->mechanism) {
+    if (ckMechanismType != ckMechanism->mechanism) {
-    /* we do not have maching types, this should not occur */
+        /* we do not have maching types, this should not occur */
-    return;
+        return;
-  }
+    }
 
-  /* get the native CK_SSL3_MASTER_KEY_DERIVE_PARAMS */
-  ckSSL3MasterKeyDeriveParams = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *) ckMechanism->pParameter;
-  if (ckSSL3MasterKeyDeriveParams != NULL_PTR) {
-    /* get the native CK_VERSION */
-    ckVersion = ckSSL3MasterKeyDeriveParams->pVersion;
     if (ckVersion != NULL_PTR) {
       /* get the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS (pParameter) */
       fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;");
       if (fieldID == NULL) { return; }
 
-      jSSL3MasterKeyDeriveParams = (*env)->GetObjectField(env, jMechanism, fieldID);
+      jMasterKeyDeriveParams = (*env)->GetObjectField(env, jMechanism, fieldID);
 
       /* get the Java CK_VERSION */
-      jSSL3MasterKeyDeriveParamsClass = (*env)->FindClass(env, CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS);
+      jMasterKeyDeriveParamsClass = (*env)->FindClass(env, class_master_key_derive_params);
-      if (jSSL3MasterKeyDeriveParamsClass == NULL) { return; }
+      if (jMasterKeyDeriveParamsClass == NULL) { return; }
-      fieldID = (*env)->GetFieldID(env, jSSL3MasterKeyDeriveParamsClass, "pVersion", "L"CLASS_VERSION";");
+      fieldID = (*env)->GetFieldID(env, jMasterKeyDeriveParamsClass,
+              "pVersion", "L"CLASS_VERSION";");
       if (fieldID == NULL) { return; }
-      jVersion = (*env)->GetObjectField(env, jSSL3MasterKeyDeriveParams, fieldID);
+      jVersion = (*env)->GetObjectField(env, jMasterKeyDeriveParams, fieldID);
 
       /* now copy back the version from the native structure to the Java structure */
 
@@ -639,92 +653,126 @@ void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMech
       if (fieldID == NULL) { return; }
       (*env)->SetByteField(env, jVersion, fieldID, ckByteToJByte(ckVersion->minor));
     }
-  }
 }
 
-
 /*
- * Copy back the derived keys and initialization vectors from the native
+ * Copy back the client version information from the native
- * structure to the Java object. This is only used for the
+ * structure to the Java object. This is only used for
- * CKM_SSL3_KEY_AND_MAC_DERIVE mechanism when used for deriving a key.
+ * CKM_SSL3_MASTER_KEY_DERIVE and CKM_TLS_MASTER_KEY_DERIVE
+ * mechanisms when used for deriving a key.
  *
  */
-void copyBackSSLKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism)
+void ssl3CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism,
+        jobject jMechanism)
 {
-  jclass jMechanismClass, jSSL3KeyMatParamsClass, jSSL3KeyMatOutClass;
+    CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ckSSL3MasterKeyDeriveParams;
-  CK_SSL3_KEY_MAT_PARAMS *ckSSL3KeyMatParam;
+    ckSSL3MasterKeyDeriveParams =
-  CK_SSL3_KEY_MAT_OUT *ckSSL3KeyMatOut;
+            (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *)ckMechanism->pParameter;
-  jfieldID fieldID;
+    if (ckSSL3MasterKeyDeriveParams != NULL_PTR) {
-  CK_MECHANISM_TYPE ckMechanismType;
+        copyBackClientVersion(env, ckMechanism, jMechanism,
-  jlong jMechanismType;
+                ckSSL3MasterKeyDeriveParams->pVersion,
-  CK_BYTE_PTR iv;
+                CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS);
-  jobject jSSL3KeyMatParam;
+    }
-  jobject jSSL3KeyMatOut;
+}
-  jobject jIV;
-  jint jLength;
-  jbyte* jBytes;
-  int i;
 
-  /* get mechanism */
+/*
-  jMechanismClass= (*env)->FindClass(env, CLASS_MECHANISM);
+ * Copy back the client version information from the native
-  if (jMechanismClass == NULL) { return; }
+ * structure to the Java object. This is only used for
-  fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J");
+ * CKM_TLS12_MASTER_KEY_DERIVE mechanism when used for deriving a key.
-  if (fieldID == NULL) { return; }
+ *
-  jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID);
+ */
-  ckMechanismType = jLongToCKULong(jMechanismType);
+void tls12CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism,
-  if (ckMechanismType != ckMechanism->mechanism) {
+        jobject jMechanism)
-    /* we do not have maching types, this should not occur */
+{
-    return;
+    CK_TLS12_MASTER_KEY_DERIVE_PARAMS *ckTLS12MasterKeyDeriveParams;
-  }
+    ckTLS12MasterKeyDeriveParams =
+            (CK_TLS12_MASTER_KEY_DERIVE_PARAMS *)ckMechanism->pParameter;
+    if (ckTLS12MasterKeyDeriveParams != NULL_PTR) {
+        copyBackClientVersion(env, ckMechanism, jMechanism,
+                ckTLS12MasterKeyDeriveParams->pVersion,
+                CLASS_TLS12_MASTER_KEY_DERIVE_PARAMS);
+    }
+}
+
+static void copyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism,
+        jobject jMechanism, CK_SSL3_RANDOM_DATA *RandomInfo,
+        CK_SSL3_KEY_MAT_OUT_PTR ckSSL3KeyMatOut, const char *class_key_mat_params)
+{
+    jclass jMechanismClass, jKeyMatParamsClass, jSSL3KeyMatOutClass;
+    jfieldID fieldID;
+    CK_MECHANISM_TYPE ckMechanismType;
+    jlong jMechanismType;
+    CK_BYTE_PTR iv;
+    jobject jKeyMatParam;
+    jobject jSSL3KeyMatOut;
+    jobject jIV;
+    jint jLength;
+    jbyte* jBytes;
+    int i;
+
+    /* get mechanism */
+    jMechanismClass= (*env)->FindClass(env, CLASS_MECHANISM);
+    if (jMechanismClass == NULL) { return; }
+    fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J");
+    if (fieldID == NULL) { return; }
+    jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID);
+    ckMechanismType = jLongToCKULong(jMechanismType);
+    if (ckMechanismType != ckMechanism->mechanism) {
+        /* we do not have maching types, this should not occur */
+        return;
+    }
 
-  /* get the native CK_SSL3_KEY_MAT_PARAMS */
-  ckSSL3KeyMatParam = (CK_SSL3_KEY_MAT_PARAMS *) ckMechanism->pParameter;
-  if (ckSSL3KeyMatParam != NULL_PTR) {
     // free malloc'd data
-    if (ckSSL3KeyMatParam->RandomInfo.pClientRandom != NULL) {
+    if (RandomInfo->pClientRandom != NULL) {
-        free(ckSSL3KeyMatParam->RandomInfo.pClientRandom);
+        free(RandomInfo->pClientRandom);
     }
-    if (ckSSL3KeyMatParam->RandomInfo.pServerRandom != NULL) {
+    if (RandomInfo->pServerRandom != NULL) {
-        free(ckSSL3KeyMatParam->RandomInfo.pServerRandom);
+        free(RandomInfo->pServerRandom);
     }
 
-    /* get the native CK_SSL3_KEY_MAT_OUT */
-    ckSSL3KeyMatOut = ckSSL3KeyMatParam->pReturnedKeyMaterial;
     if (ckSSL3KeyMatOut != NULL_PTR) {
-      /* get the Java CK_SSL3_KEY_MAT_PARAMS (pParameter) */
+      /* get the Java params object (pParameter) */
-      fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;");
+      fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter",
+              "Ljava/lang/Object;");
       if (fieldID == NULL) { return; }
-      jSSL3KeyMatParam = (*env)->GetObjectField(env, jMechanism, fieldID);
+      jKeyMatParam = (*env)->GetObjectField(env, jMechanism, fieldID);
 
       /* get the Java CK_SSL3_KEY_MAT_OUT */
-      jSSL3KeyMatParamsClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_PARAMS);
+      jKeyMatParamsClass = (*env)->FindClass(env, class_key_mat_params);
-      if (jSSL3KeyMatParamsClass == NULL) { return; }
+      if (jKeyMatParamsClass == NULL) { return; }
-      fieldID = (*env)->GetFieldID(env, jSSL3KeyMatParamsClass, "pReturnedKeyMaterial", "L"CLASS_SSL3_KEY_MAT_OUT";");
+      fieldID = (*env)->GetFieldID(env, jKeyMatParamsClass,
+              "pReturnedKeyMaterial", "L"CLASS_SSL3_KEY_MAT_OUT";");
       if (fieldID == NULL) { return; }
-      jSSL3KeyMatOut = (*env)->GetObjectField(env, jSSL3KeyMatParam, fieldID);
+      jSSL3KeyMatOut = (*env)->GetObjectField(env, jKeyMatParam, fieldID);
 
       /* now copy back all the key handles and the initialization vectors */
       /* copy back client MAC secret handle */
       jSSL3KeyMatOutClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_OUT);
       if (jSSL3KeyMatOutClass == NULL) { return; }
-      fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hClientMacSecret", "J");
+      fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass,
+              "hClientMacSecret", "J");
       if (fieldID == NULL) { return; }
-      (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hClientMacSecret));
+      (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID,
+              ckULongToJLong(ckSSL3KeyMatOut->hClientMacSecret));
 
       /* copy back server MAC secret handle */
-      fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hServerMacSecret", "J");
+      fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass,
+              "hServerMacSecret", "J");
       if (fieldID == NULL) { return; }
-      (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hServerMacSecret));
+      (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID,
+              ckULongToJLong(ckSSL3KeyMatOut->hServerMacSecret));
 
       /* copy back client secret key handle */
       fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hClientKey", "J");
       if (fieldID == NULL) { return; }
-      (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hClientKey));
+      (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID,
+              ckULongToJLong(ckSSL3KeyMatOut->hClientKey));
 
       /* copy back server secret key handle */
       fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hServerKey", "J");
       if (fieldID == NULL) { return; }
-      (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hServerKey));
+      (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID,
+              ckULongToJLong(ckSSL3KeyMatOut->hServerKey));
 
       /* copy back the client IV */
       fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "pIVClient", "[B");
@@ -767,7 +815,45 @@ void copyBackSSLKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMe
       free(ckSSL3KeyMatOut->pIVServer);
       free(ckSSL3KeyMatOut);
     }
-  }
+}
+
+/*
+ * Copy back the derived keys and initialization vectors from the native
+ * structure to the Java object. This is only used for
+ * CKM_SSL3_KEY_AND_MAC_DERIVE and CKM_TLS_KEY_AND_MAC_DERIVE mechanisms
+ * when used for deriving a key.
+ *
+ */
+void ssl3CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism,
+        jobject jMechanism)
+{
+    CK_SSL3_KEY_MAT_PARAMS *ckSSL3KeyMatParam;
+    ckSSL3KeyMatParam = (CK_SSL3_KEY_MAT_PARAMS *)ckMechanism->pParameter;
+    if (ckSSL3KeyMatParam != NULL_PTR) {
+        copyBackKeyMatParams(env, ckMechanism, jMechanism,
+                &(ckSSL3KeyMatParam->RandomInfo),
+                ckSSL3KeyMatParam->pReturnedKeyMaterial,
+                CLASS_SSL3_KEY_MAT_PARAMS);
+    }
+}
+
+/*
+ * Copy back the derived keys and initialization vectors from the native
+ * structure to the Java object. This is only used for
+ * CKM_TLS12_KEY_AND_MAC_DERIVE mechanism when used for deriving a key.
+ *
+ */
+void tls12CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism,
+        jobject jMechanism)
+{
+    CK_TLS12_KEY_MAT_PARAMS *ckTLS12KeyMatParam;
+    ckTLS12KeyMatParam = (CK_TLS12_KEY_MAT_PARAMS *) ckMechanism->pParameter;
+    if (ckTLS12KeyMatParam != NULL_PTR) {
+        copyBackKeyMatParams(env, ckMechanism, jMechanism,
+                &(ckTLS12KeyMatParam->RandomInfo),
+                ckTLS12KeyMatParam->pReturnedKeyMaterial,
+                CLASS_TLS12_KEY_MAT_PARAMS);
+    }
 }
 
 #endif

src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11t.h

@@ -807,6 +807,12 @@ typedef CK_ULONG          CK_MECHANISM_TYPE;
 #define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE  0x000003D4
 #define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE  0x000003D5
 
+/* new for v2.40 */
+#define CKM_TLS12_MASTER_KEY_DERIVE         0x000003E0
+#define CKM_TLS12_KEY_AND_MAC_DERIVE        0x000003E1
+#define CKM_TLS12_MASTER_KEY_DERIVE_DH      0x000003E2
+#define CKM_TLS_MAC                         0x000003E4
+
 #define CKM_KEY_WRAP_LYNKS             0x00000400
 #define CKM_KEY_WRAP_SET_OAEP          0x00000401
 
@@ -1682,4 +1688,34 @@ typedef struct CK_PKCS5_PBKD2_PARAMS {
 
 typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR;
 
+/* new for v2.40 */
+
+typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS {
+  CK_SSL3_RANDOM_DATA       RandomInfo;
+  CK_VERSION_PTR            pVersion;
+  CK_MECHANISM_TYPE         prfHashMechanism;
+} CK_TLS12_MASTER_KEY_DERIVE_PARAMS;
+
+typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR;
+
+typedef struct CK_TLS12_KEY_MAT_PARAMS {
+  CK_ULONG ulMacSizeInBits;
+  CK_ULONG ulKeySizeInBits;
+  CK_ULONG ulIVSizeInBits;
+  CK_BBOOL bIsExport;
+  CK_SSL3_RANDOM_DATA RandomInfo;
+  CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
+  CK_MECHANISM_TYPE prfHashMechanism;
+} CK_TLS12_KEY_MAT_PARAMS;
+
+typedef CK_TLS12_KEY_MAT_PARAMS CK_PTR CK_TLS12_KEY_MAT_PARAMS_PTR;
+
+typedef struct CK_TLS_MAC_PARAMS {
+  CK_MECHANISM_TYPE prfMechanism;
+  CK_ULONG ulMacLength;
+  CK_ULONG ulServerOrClient;
+} CK_TLS_MAC_PARAMS;
+
+typedef CK_TLS_MAC_PARAMS CK_PTR CK_TLS_MAC_PARAMS_PTR;
+
 #endif

src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11wrapper.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 
 /* Copyright  (c) 2002 Graz University of Technology. All rights reserved.
@@ -276,10 +276,13 @@ void printDebug(const char *format, ...);
 #define CLASS_SSL3_RANDOM_DATA "sun/security/pkcs11/wrapper/CK_SSL3_RANDOM_DATA"
 // CLASS_SSL3_RANDOM_DATA is used by CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS
 #define CLASS_SSL3_KEY_MAT_OUT "sun/security/pkcs11/wrapper/CK_SSL3_KEY_MAT_OUT"
-// CLASS_SSL3_KEY_MAT_OUT is used by CLASS_SSL3_KEY_MAT_PARAMS
+// CLASS_SSL3_KEY_MAT_OUT is used by CLASS_SSL3_KEY_MAT_PARAMS and CK_TLS12_KEY_MAT_PARAMS
 #define CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS "sun/security/pkcs11/wrapper/CK_SSL3_MASTER_KEY_DERIVE_PARAMS"
+#define CLASS_TLS12_MASTER_KEY_DERIVE_PARAMS "sun/security/pkcs11/wrapper/CK_TLS12_MASTER_KEY_DERIVE_PARAMS"
 #define CLASS_SSL3_KEY_MAT_PARAMS "sun/security/pkcs11/wrapper/CK_SSL3_KEY_MAT_PARAMS"
+#define CLASS_TLS12_KEY_MAT_PARAMS "sun/security/pkcs11/wrapper/CK_TLS12_KEY_MAT_PARAMS"
 #define CLASS_TLS_PRF_PARAMS "sun/security/pkcs11/wrapper/CK_TLS_PRF_PARAMS"
+#define CLASS_TLS_MAC_PARAMS "sun/security/pkcs11/wrapper/CK_TLS_MAC_PARAMS"
 #define CLASS_AES_CTR_PARAMS "sun/security/pkcs11/wrapper/CK_AES_CTR_PARAMS"
 
 /* function to convert a PKCS#11 return value other than CK_OK into a Java Exception
@@ -369,9 +372,11 @@ CK_PKCS5_PBKD2_PARAMS jPkcs5Pbkd2ParamToCKPkcs5Pbkd2Param(JNIEnv *env, jobject j
 CK_KEY_WRAP_SET_OAEP_PARAMS jKeyWrapSetOaepParamToCKKeyWrapSetOaepParam(JNIEnv *env, jobject jParam);
 void copyBackSetUnwrappedKey(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism);
 CK_SSL3_MASTER_KEY_DERIVE_PARAMS jSsl3MasterKeyDeriveParamToCKSsl3MasterKeyDeriveParam(JNIEnv *env, jobject jParam);
-void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism);
+void ssl3CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism);
+void tls12CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism);
 CK_SSL3_KEY_MAT_PARAMS jSsl3KeyMatParamToCKSsl3KeyMatParam(JNIEnv *env, jobject jParam);
-void copyBackSSLKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism);
+void ssl3CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism);
+void tls12CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism);
 CK_KEY_DERIVATION_STRING_DATA jKeyDerivationStringDataToCKKeyDerivationStringData(JNIEnv *env, jobject jParam);
 CK_RSA_PKCS_PSS_PARAMS jRsaPkcsPssParamToCKRsaPkcsPssParam(JNIEnv *env, jobject jParam);
 CK_ECDH1_DERIVE_PARAMS jEcdh1DeriveParamToCKEcdh1DeriveParam(JNIEnv *env, jobject jParam);

test/jdk/sun/security/pkcs11/fips/TestTLS12.java

@@ -0,0 +1,454 @@
+/*
+ * Copyright (c) 2018, Red Hat, Inc. and/or its affiliates.
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8029661
+ * @summary Test TLS 1.2
+ * @modules java.base/sun.security.internal.spec
+ *          java.base/sun.security.util
+ *          java.base/com.sun.net.ssl.internal.ssl
+ *          java.base/com.sun.crypto.provider
+ * @library /test/lib ..
+ * @run main/othervm/timeout=120 TestTLS12
+ */
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.nio.ByteBuffer;
+
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.Security;
+
+import java.util.Arrays;
+
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.SSLEngineResult.HandshakeStatus;
+import javax.net.ssl.SSLParameters;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.TrustManagerFactory;
+
+import sun.security.internal.spec.TlsMasterSecretParameterSpec;
+import sun.security.internal.spec.TlsPrfParameterSpec;
+import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
+
+public final class TestTLS12 extends SecmodTest {
+
+    private static final boolean enableDebug = true;
+
+    private static Provider sunPKCS11NSSProvider;
+    private static Provider sunJCEProvider;
+    private static com.sun.net.ssl.internal.ssl.Provider jsseProvider;
+    private static KeyStore ks;
+    private static KeyStore ts;
+    private static char[] passphrase = "JAHshj131@@".toCharArray();
+    private static RSAPrivateKey privateKey;
+    private static RSAPublicKey publicKey;
+
+    public static void main(String[] args) throws Exception {
+        try {
+            initialize();
+        } catch (Exception e) {
+            System.out.println("Test skipped: failure during" +
+                    " initialization");
+            return;
+        }
+
+        if (shouldRun()) {
+            // Test against JCE
+            testTlsAuthenticationCodeGeneration();
+
+            // Self-integrity test (complete TLS 1.2 communication)
+            new testTLS12SunPKCS11Communication().run();
+
+            System.out.println("Test PASS - OK");
+        } else {
+            System.out.println("Test skipped: TLS 1.2 mechanisms" +
+                    " not supported by current SunPKCS11 back-end");
+        }
+    }
+
+    private static boolean shouldRun() {
+        if (sunPKCS11NSSProvider == null) {
+            return false;
+        }
+        try {
+            KeyGenerator.getInstance("SunTls12MasterSecret",
+                    sunPKCS11NSSProvider);
+            KeyGenerator.getInstance(
+                    "SunTls12RsaPremasterSecret", sunPKCS11NSSProvider);
+            KeyGenerator.getInstance("SunTls12Prf", sunPKCS11NSSProvider);
+        } catch (NoSuchAlgorithmException e) {
+            return false;
+        }
+        return true;
+    }
+
+    private static void testTlsAuthenticationCodeGeneration()
+            throws Exception {
+        // Generate RSA Pre-Master Secret in SunPKCS11 provider
+        SecretKey rsaPreMasterSecret = null;
+        @SuppressWarnings("deprecation")
+        TlsRsaPremasterSecretParameterSpec rsaPreMasterSecretSpec =
+                new TlsRsaPremasterSecretParameterSpec(0x0303, 0x0303);
+        {
+            KeyGenerator rsaPreMasterSecretKG = KeyGenerator.getInstance(
+                    "SunTls12RsaPremasterSecret", sunPKCS11NSSProvider);
+            rsaPreMasterSecretKG.init(rsaPreMasterSecretSpec, null);
+            rsaPreMasterSecret = rsaPreMasterSecretKG.generateKey();
+        }
+
+        // Get RSA Pre-Master Secret in plain (from SunPKCS11 provider)
+        byte[] rsaPlainPreMasterSecret = null;
+        {
+            Cipher rsaPreMasterSecretWrapperCipher =
+                    Cipher.getInstance("RSA/ECB/PKCS1Padding",
+                            sunPKCS11NSSProvider);
+            rsaPreMasterSecretWrapperCipher.init(Cipher.WRAP_MODE, publicKey,
+                    new SecureRandom());
+            byte[] rsaEncryptedPreMasterSecret =
+                    rsaPreMasterSecretWrapperCipher.wrap(rsaPreMasterSecret);
+            Cipher rsaPreMasterSecretUnwrapperCipher =
+                    Cipher.getInstance("RSA/ECB/PKCS1Padding", sunJCEProvider);
+            rsaPreMasterSecretUnwrapperCipher.init(Cipher.UNWRAP_MODE,
+                    privateKey, rsaPreMasterSecretSpec);
+            rsaPlainPreMasterSecret = rsaPreMasterSecretUnwrapperCipher.unwrap(
+                    rsaEncryptedPreMasterSecret, "TlsRsaPremasterSecret",
+                    Cipher.SECRET_KEY).getEncoded();
+
+            if (enableDebug) {
+                System.out.println("rsaPlainPreMasterSecret:");
+                for (byte b : rsaPlainPreMasterSecret) {
+                    System.out.printf("%02X, ", b);
+                }
+                System.out.println("");
+            }
+        }
+
+        // Generate Master Secret
+        SecretKey sunPKCS11MasterSecret = null;
+        SecretKey jceMasterSecret = null;
+        {
+            KeyGenerator sunPKCS11MasterSecretGenerator =
+                    KeyGenerator.getInstance("SunTls12MasterSecret",
+                            sunPKCS11NSSProvider);
+            KeyGenerator jceMasterSecretGenerator = KeyGenerator.getInstance(
+                    "SunTls12MasterSecret", sunJCEProvider);
+            @SuppressWarnings("deprecation")
+            TlsMasterSecretParameterSpec sunPKCS11MasterSecretSpec =
+                    new TlsMasterSecretParameterSpec(rsaPreMasterSecret, 3, 3,
+                            new byte[32], new byte[32], "SHA-256", 32, 64);
+            @SuppressWarnings("deprecation")
+            TlsMasterSecretParameterSpec jceMasterSecretSpec =
+                    new TlsMasterSecretParameterSpec(
+                            new SecretKeySpec(rsaPlainPreMasterSecret,
+                                    "Generic"), 3, 3, new byte[32],
+                            new byte[32], "SHA-256", 32, 64);
+            sunPKCS11MasterSecretGenerator.init(sunPKCS11MasterSecretSpec,
+                    null);
+            jceMasterSecretGenerator.init(jceMasterSecretSpec, null);
+            sunPKCS11MasterSecret =
+                    sunPKCS11MasterSecretGenerator.generateKey();
+            jceMasterSecret = jceMasterSecretGenerator.generateKey();
+            if (enableDebug) {
+                System.out.println("Master Secret (SunJCE):");
+                if (jceMasterSecret != null) {
+                    for (byte b : jceMasterSecret.getEncoded()) {
+                        System.out.printf("%02X, ", b);
+                    }
+                    System.out.println("");
+                }
+            }
+        }
+
+        // Generate authentication codes
+        byte[] sunPKCS11AuthenticationCode = null;
+        byte[] jceAuthenticationCode = null;
+        {
+            // Generate SunPKCS11 authentication code
+            {
+                @SuppressWarnings("deprecation")
+                TlsPrfParameterSpec sunPKCS11AuthenticationCodeSpec =
+                        new TlsPrfParameterSpec(sunPKCS11MasterSecret,
+                                "client finished", "a".getBytes(), 12,
+                                "SHA-256", 32, 64);
+                KeyGenerator sunPKCS11AuthCodeGenerator =
+                        KeyGenerator.getInstance("SunTls12Prf",
+                                sunPKCS11NSSProvider);
+                sunPKCS11AuthCodeGenerator.init(
+                        sunPKCS11AuthenticationCodeSpec);
+                sunPKCS11AuthenticationCode =
+                        sunPKCS11AuthCodeGenerator.generateKey().getEncoded();
+            }
+
+            // Generate SunJCE authentication code
+            {
+                @SuppressWarnings("deprecation")
+                TlsPrfParameterSpec jceAuthenticationCodeSpec =
+                        new TlsPrfParameterSpec(jceMasterSecret,
+                                "client finished", "a".getBytes(), 12,
+                                "SHA-256", 32, 64);
+                KeyGenerator jceAuthCodeGenerator =
+                        KeyGenerator.getInstance("SunTls12Prf",
+                                sunJCEProvider);
+                jceAuthCodeGenerator.init(jceAuthenticationCodeSpec);
+                jceAuthenticationCode =
+                        jceAuthCodeGenerator.generateKey().getEncoded();
+            }
+
+            if (enableDebug) {
+                System.out.println("SunPKCS11 Authentication Code: ");
+                for (byte b : sunPKCS11AuthenticationCode) {
+                    System.out.printf("%02X, ", b);
+                }
+                System.out.println("");
+                System.out.println("SunJCE Authentication Code: ");
+                for (byte b : jceAuthenticationCode) {
+                    System.out.printf("%02X, ", b);
+                }
+                System.out.println("");
+            }
+        }
+
+        if (sunPKCS11AuthenticationCode == null ||
+                jceAuthenticationCode == null ||
+                sunPKCS11AuthenticationCode.length == 0 ||
+                jceAuthenticationCode.length == 0 ||
+                !Arrays.equals(sunPKCS11AuthenticationCode,
+                        jceAuthenticationCode)) {
+            throw new Exception("Authentication codes from JCE" +
+                        " and SunPKCS11 differ.");
+        }
+    }
+
+    private static class testTLS12SunPKCS11Communication {
+        public static void run() throws Exception {
+            SSLEngine[][] enginesToTest = getSSLEnginesToTest();
+
+            for (SSLEngine[] engineToTest : enginesToTest) {
+
+                SSLEngine clientSSLEngine = engineToTest[0];
+                SSLEngine serverSSLEngine = engineToTest[1];
+
+                // SSLEngine code based on RedhandshakeFinished.java
+
+                boolean dataDone = false;
+
+                ByteBuffer clientOut = null;
+                ByteBuffer clientIn = null;
+                ByteBuffer serverOut = null;
+                ByteBuffer serverIn = null;
+                ByteBuffer cTOs;
+                ByteBuffer sTOc;
+
+                SSLSession session = clientSSLEngine.getSession();
+                int appBufferMax = session.getApplicationBufferSize();
+                int netBufferMax = session.getPacketBufferSize();
+
+                clientIn = ByteBuffer.allocate(appBufferMax + 50);
+                serverIn = ByteBuffer.allocate(appBufferMax + 50);
+
+                cTOs = ByteBuffer.allocateDirect(netBufferMax);
+                sTOc = ByteBuffer.allocateDirect(netBufferMax);
+
+                clientOut = ByteBuffer.wrap(
+                        "Hi Server, I'm Client".getBytes());
+                serverOut = ByteBuffer.wrap(
+                        "Hello Client, I'm Server".getBytes());
+
+                SSLEngineResult clientResult;
+                SSLEngineResult serverResult;
+
+                while (!dataDone) {
+                    clientResult = clientSSLEngine.wrap(clientOut, cTOs);
+                    runDelegatedTasks(clientResult, clientSSLEngine);
+                    serverResult = serverSSLEngine.wrap(serverOut, sTOc);
+                    runDelegatedTasks(serverResult, serverSSLEngine);
+                    cTOs.flip();
+                    sTOc.flip();
+
+                    if (enableDebug) {
+                        System.out.println("Client -> Network");
+                        printTlsNetworkPacket("", cTOs);
+                        System.out.println("");
+                        System.out.println("Server -> Network");
+                        printTlsNetworkPacket("", sTOc);
+                        System.out.println("");
+                    }
+
+                    clientResult = clientSSLEngine.unwrap(sTOc, clientIn);
+                    runDelegatedTasks(clientResult, clientSSLEngine);
+                    serverResult = serverSSLEngine.unwrap(cTOs, serverIn);
+                    runDelegatedTasks(serverResult, serverSSLEngine);
+
+                    cTOs.compact();
+                    sTOc.compact();
+
+                    if (!dataDone &&
+                            (clientOut.limit() == serverIn.position()) &&
+                            (serverOut.limit() == clientIn.position())) {
+                        checkTransfer(serverOut, clientIn);
+                        checkTransfer(clientOut, serverIn);
+                        dataDone = true;
+                    }
+                }
+            }
+        }
+
+        static void printTlsNetworkPacket(String prefix, ByteBuffer bb) {
+            ByteBuffer slice = bb.slice();
+            byte[] buffer = new byte[slice.remaining()];
+            slice.get(buffer);
+            for (int i = 0; i < buffer.length; i++) {
+                System.out.printf("%02X, ", (byte)(buffer[i] & (byte)0xFF));
+                if (i % 8 == 0 && i % 16 != 0) {
+                    System.out.print(" ");
+                }
+                if (i % 16 == 0) {
+                    System.out.println("");
+                }
+            }
+            System.out.flush();
+        }
+
+        private static void checkTransfer(ByteBuffer a, ByteBuffer b)
+                throws Exception {
+            a.flip();
+            b.flip();
+            if (!a.equals(b)) {
+                throw new Exception("Data didn't transfer cleanly");
+            }
+            a.position(a.limit());
+            b.position(b.limit());
+            a.limit(a.capacity());
+            b.limit(b.capacity());
+        }
+
+        private static void runDelegatedTasks(SSLEngineResult result,
+                SSLEngine engine) throws Exception {
+
+            if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
+                Runnable runnable;
+                while ((runnable = engine.getDelegatedTask()) != null) {
+                    runnable.run();
+                }
+                HandshakeStatus hsStatus = engine.getHandshakeStatus();
+                if (hsStatus == HandshakeStatus.NEED_TASK) {
+                    throw new Exception(
+                        "handshake shouldn't need additional tasks");
+                }
+            }
+        }
+
+        private static SSLEngine[][] getSSLEnginesToTest() throws Exception {
+            SSLEngine[][] enginesToTest = new SSLEngine[2][2];
+            String[][] preferredSuites = new String[][]{ new String[] {
+                    "TLS_RSA_WITH_AES_128_CBC_SHA256"
+            },  new String[] {
+                    "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"
+            }};
+            for (int i = 0; i < enginesToTest.length; i++) {
+                enginesToTest[i][0] = createSSLEngine(true);
+                enginesToTest[i][1] = createSSLEngine(false);
+                enginesToTest[i][0].setEnabledCipherSuites(preferredSuites[i]);
+                enginesToTest[i][1].setEnabledCipherSuites(preferredSuites[i]);
+            }
+            return enginesToTest;
+        }
+
+        static private SSLEngine createSSLEngine(boolean client)
+                throws Exception {
+            SSLEngine ssle;
+            KeyManagerFactory kmf = KeyManagerFactory.getInstance("PKIX",
+                    jsseProvider);
+            kmf.init(ks, passphrase);
+
+            TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX",
+                    jsseProvider);
+            tmf.init(ts);
+
+            SSLContext sslCtx = SSLContext.getInstance("TLSv1.2",
+                    jsseProvider);
+            sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+            ssle = sslCtx.createSSLEngine("localhost", 443);
+            ssle.setUseClientMode(client);
+            SSLParameters sslParameters = ssle.getSSLParameters();
+            ssle.setSSLParameters(sslParameters);
+
+            return ssle;
+        }
+    }
+
+    private static void initialize() throws Exception {
+        if (initSecmod() == false) {
+            return;
+        }
+        String configName = BASE + SEP + "fips.cfg";
+        sunPKCS11NSSProvider = getSunPKCS11(configName);
+        System.out.println("SunPKCS11 provider: " + sunPKCS11NSSProvider);
+        Security.addProvider(sunPKCS11NSSProvider);
+
+        sunJCEProvider = new com.sun.crypto.provider.SunJCE();
+        Security.addProvider(sunJCEProvider);
+
+        Security.removeProvider("SunJSSE");
+        jsseProvider =new com.sun.net.ssl.internal.ssl.Provider(
+                sunPKCS11NSSProvider);
+        Security.addProvider(jsseProvider);
+        System.out.println(jsseProvider.getInfo());
+
+        ks = KeyStore.getInstance("PKCS11", sunPKCS11NSSProvider);
+        ks.load(null, "test12".toCharArray());
+        ts = ks;
+
+        KeyStore ksPlain = readTestKeyStore();
+        privateKey = (RSAPrivateKey)ksPlain.getKey("rh_rsa_sha256",
+                passphrase);
+        publicKey = (RSAPublicKey)ksPlain.getCertificate(
+                "rh_rsa_sha256").getPublicKey();
+    }
+
+    private static KeyStore readTestKeyStore() throws Exception {
+        File file = new File(System.getProperty("test.src", "."), "keystore");
+        InputStream in = new FileInputStream(file);
+        KeyStore ks = KeyStore.getInstance("JKS");
+        ks.load(in, "passphrase".toCharArray());
+        in.close();
+        return ks;
+    }
+}