Produced by Araxis Merge on 9/25/2018 2:13:24 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\security\pkcs11 | P11TlsKeyMaterialGenerator.java | Mon Jan 22 14:46:54 2018 UTC |
2 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\security\pkcs11 | P11TlsKeyMaterialGenerator.java | Wed Sep 12 17:53:19 2018 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 7 | 412 |
Changed | 6 | 12 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | /* | |
2 | * Copyrig ht (c) 200 5, 2013, O racle and/ or its aff iliates. A ll rights reserved. | |
3 | * DO NOT ALTER OR R EMOVE COPY RIGHT NOTI CES OR THI S FILE HEA DER. | |
4 | * | |
5 | * This co de is free software; you can r edistribut e it and/o r modify i t | |
6 | * under t he terms o f the GNU General Pu blic Licen se version 2 only, a s | |
7 | * publish ed by the Free Softw are Founda tion. Ora cle design ates this | |
8 | * particu lar file a s subject to the "Cl asspath" e xception a s provided | |
9 | * by Orac le in the LICENSE fi le that ac companied this code. | |
10 | * | |
11 | * This co de is dist ributed in the hope that it wi ll be usef ul, but WI THOUT | |
12 | * ANY WAR RANTY; wit hout even the implie d warranty of MERCHA NTABILITY or | |
13 | * FITNESS FOR A PAR TICULAR PU RPOSE. Se e the GNU General Pu blic Licen se | |
14 | * version 2 for mor e details (a copy is included in the LIC ENSE file that | |
15 | * accompa nied this code). | |
16 | * | |
17 | * You sho uld have r eceived a copy of th e GNU Gene ral Public License v ersion | |
18 | * 2 along with this work; if not, write to the Fr ee Softwar e Foundati on, | |
19 | * Inc., 5 1 Franklin St, Fifth Floor, Bo ston, MA 0 2110-1301 USA. | |
20 | * | |
21 | * Please contact Or acle, 500 Oracle Par kway, Redw ood Shores , CA 94065 USA | |
22 | * or visi t www.orac le.com if you need a dditional informatio n or have any | |
23 | * questio ns. | |
24 | */ | |
25 | ||
26 | package su n.security .pkcs11; | |
27 | ||
28 | import jav a.util.*; | |
29 | ||
30 | import jav a.security .*; | |
31 | import jav a.security .spec.Algo rithmParam eterSpec; | |
32 | ||
33 | import jav ax.crypto. *; | |
34 | import jav ax.crypto. spec.*; | |
35 | ||
36 | import sun .security. internal.s pec.*; | |
37 | import sun .security. internal.i nterfaces. TlsMasterS ecret; | |
38 | ||
39 | import sta tic sun.se curity.pkc s11.Templa teManager. *; | |
40 | import sun .security. pkcs11.wra pper.*; | |
41 | import sta tic sun.se curity.pkc s11.wrappe r.PKCS11Co nstants.*; | |
42 | ||
43 | /** | |
44 | * KeyGene rator to c alculate t he SSL/TLS key mater ial (ciphe r keys and ivs, | |
45 | * mac key s) from th e master PW . | |
46 | * | |
47 | * @author Andreas Sterbenz | |
48 | * @since 1.6 | |
49 | */ | |
50 | public fin al class P 11TlsKeyMa terialGene rator exte nds KeyGen eratorSpi { | |
51 | ||
52 | privat e final st atic Strin g MSG = "T lsKeyMater ialGenerat or must be " | |
53 | + "initializ ed using a TlsKeyMat erialParam eterSpec"; | |
54 | ||
55 | // tok en instanc e | |
56 | privat e final To ken token; | |
57 | ||
58 | // alg orithm nam e | |
59 | privat e final St ring algor ithm; | |
60 | ||
61 | // mec hanism id | |
62 | privat e long mec hanism; | |
63 | ||
64 | // par ameter spe c | |
65 | privat e TlsKeyMa terialPara meterSpec spec; | |
66 | ||
67 | // master PW as a P11Ke y | |
68 | privat e P11Key p 11Key; | |
69 | ||
70 | // ver sion, e.g. 0x0301 | |
71 | privat e int vers ion; | |
72 | ||
73 | P11Tls KeyMateria lGenerator (Token tok en, String algorithm , long mec hanism) | |
74 | throws P KCS11Excep tion { | |
75 | su per(); | |
76 | th is.token = token; | |
77 | th is.algorit hm = algor ithm; | |
78 | th is.mechani sm = mecha nism; | |
79 | } | |
80 | ||
81 | protec ted void e ngineInit( SecureRand om random) { | |
82 | th row new In validParam eterExcept ion(MSG); | |
83 | } | |
84 | ||
85 | protec ted void e ngineInit( AlgorithmP arameterSp ec params, | |
86 | SecureRa ndom rando m) throws InvalidAlg orithmPara meterExcep tion { | |
87 | if (params i nstanceof TlsKeyMate rialParame terSpec == false) { | |
88 | throw ne w InvalidA lgorithmPa rameterExc eption(MSG ); | |
89 | } | |
90 | th is.spec = (TlsKeyMat erialParam eterSpec)p arams; | |
91 | tr y { | |
92 | p11Key = P11Secret KeyFactory .convertKe y | |
93 | (t oken, spec .getMaster Secret(), "TlsMaster Secret"); | |
94 | } catch (Inv alidKeyExc eption e) { | |
95 | throw ne w InvalidA lgorithmPa rameterExc eption("in it() faile d", e); | |
96 | } | |
97 | ve rsion = (s pec.getMaj orVersion( ) << 8) | spec.getMi norVersion (); | |
98 | if ((version < 0x0300) && (versi on > 0x030 2)) { | |
99 | throw ne w InvalidA lgorithmPa rameterExc eption | |
100 | ("Only SSL 3.0, TLS 1.0, and T LS 1.1 are supported "); | |
101 | } | |
102 | // we assume the token supports both the C KM_SSL3_* and the CK M_TLS_* | |
103 | // mechanism s | |
104 | } | |
105 | ||
106 | protec ted void e ngineInit( int keysiz e, SecureR andom rand om) { | |
107 | th row new In validParam eterExcept ion(MSG); | |
108 | } | |
109 | ||
110 | protec ted Secret Key engine GenerateKe y() { | |
111 | if (spec == null) { | |
112 | throw ne w IllegalS tateExcept ion | |
113 | ("Tl sKeyMateri alGenerato r must be initialize d"); | |
114 | } | |
115 | me chanism = (version = = 0x0300) ? CKM_SSL3 _KEY_AND_M AC_DERIVE | |
116 | : CKM_TLS _KEY_AND_M AC_DERIVE; | |
117 | in t macBits = spec.get MacKeyLeng th() << 3; | |
118 | in t ivBits = spec.getI vLength() << 3; | |
119 | ||
120 | in t expanded KeyBits = spec.getEx pandedCiph erKeyLengt h() << 3; | |
121 | in t keyBits = spec.get CipherKeyL ength() << 3; | |
122 | bo olean isEx portable; | |
123 | if (expanded KeyBits != 0) { | |
124 | isExport able = tru e; | |
125 | } else { | |
126 | isExport able = fal se; | |
127 | expanded KeyBits = keyBits; | |
128 | } | |
129 | ||
130 | CK _SSL3_RAND OM_DATA ra ndom = new CK_SSL3_R ANDOM_DATA | |
131 | (s pec.getCli entRandom( ), spec.ge tServerRan dom()); | |
132 | CK _SSL3_KEY_ MAT_PARAMS params = new CK_SSL 3_KEY_MAT_ PARAMS | |
133 | (m acBits, ke yBits, ivB its, isExp ortable, r andom); | |
134 | ||
135 | St ring ciphe rAlgorithm = spec.ge tCipherAlg orithm(); | |
136 | lo ng keyType = P11Secr etKeyFacto ry.getKeyT ype(cipher Algorithm) ; | |
137 | if (keyType < 0) { | |
138 | if (keyB its != 0) { | |
139 | thro w new Prov iderExcept ion | |
140 | (" Unknown al gorithm: " + spec.ge tCipherAlg orithm()); | |
141 | } else { | |
142 | // N ULL encryp tion ciphe rsuites | |
143 | keyT ype = CKK_ GENERIC_SE CRET; | |
144 | } | |
145 | } | |
146 | ||
147 | Se ssion sess ion = null ; | |
148 | tr y { | |
149 | session = token.ge tObjSessio n(); | |
150 | CK_ATTRI BUTE[] att ributes; | |
151 | if (keyB its != 0) { | |
152 | attr ibutes = n ew CK_ATTR IBUTE[] { | |
153 | new CK_ATT RIBUTE(CKA _CLASS, CK O_SECRET_K EY), | |
154 | new CK_ATT RIBUTE(CKA _KEY_TYPE, keyType), | |
155 | new CK_ATT RIBUTE(CKA _VALUE_LEN , expanded KeyBits >> 3), | |
156 | }; | |
157 | } else { | |
158 | // c iphersuite s with NUL L ciphers | |
159 | attr ibutes = n ew CK_ATTR IBUTE[0]; | |
160 | } | |
161 | attribut es = token .getAttrib utes | |
162 | (O_G ENERATE, C KO_SECRET_ KEY, keyTy pe, attrib utes); | |
163 | // the r eturned ke yID is a d ummy, igno re | |
164 | long key ID = token .p11.C_Der iveKey(ses sion.id(), | |
165 | new CK_MECHANI SM(mechani sm, params ), p11Key. keyID, att ributes); | |
166 | ||
167 | CK_SSL3_ KEY_MAT_OU T out = pa rams.pRetu rnedKeyMat erial; | |
168 | // Note that the M AC keys do not inher it all att ributes fr om the | |
169 | // templ ate, but t hey do inh erit the s ensitive/e xtractable /token | |
170 | // flags , which is all P11Ke y cares ab out. | |
171 | SecretKe y clientMa cKey, serv erMacKey; | |
172 | ||
173 | // The M AC size ma y be zero for GCM mo de. | |
174 | // | |
175 | // PKCS1 1 does not support G CM mode as the autho r made the comment, | |
176 | // so th e macBits is unlikel y to be ze ro. It's o nly a plac e holder. | |
177 | if (macB its != 0) { | |
178 | clientMacK ey = P11Ke y. PW Key | |
179 | (session, out.hClien tMacSecret , "MAC", m acBits, at tributes); | |
180 | serverMacK ey = P11Ke y. PW Key | |
181 | (session, out.hServe rMacSecret , "MAC", m acBits, at tributes); | |
182 | } else { | |
183 | clie ntMacKey = null; | |
184 | serv erMacKey = null; | |
185 | } | |
186 | ||
187 | SecretKe y clientCi pherKey, s erverCiphe rKey; | |
188 | if (keyB its != 0) { | |
189 | clientCiph erKey = P1 1Key. PW Key(sessio n, out.hCl ientKey, | |
190 | cipher Algorithm, expandedK eyBits, at tributes); | |
191 | serverCiph erKey = P1 1Key. PW Key(sessio n, out.hSe rverKey, | |
192 | cipher Algorithm, expandedK eyBits, at tributes); | |
193 | } else { | |
194 | clie ntCipherKe y = null; | |
195 | serv erCipherKe y = null; | |
196 | } | |
197 | IvParame terSpec cl ientIv = ( out.pIVCli ent == nul l) | |
198 | ? nu ll : new I vParameter Spec(out.p IVClient); | |
199 | IvParame terSpec se rverIv = ( out.pIVSer ver == nul l) | |
200 | ? nu ll : new I vParameter Spec(out.p IVServer); | |
201 | ||
202 | return n ew TlsKeyM aterialSpe c(clientMa cKey, serv erMacKey, | |
203 | clientCiph erKey, cli entIv, ser verCipherK ey, server Iv); | |
204 | ||
205 | } catch (Exc eption e) { | |
206 | throw ne w Provider Exception( "Could not generate key", e); | |
207 | } finally { | |
208 | token.re leaseSessi on(session ); | |
209 | } | |
210 | } | |
211 | ||
212 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.