Produced by Araxis Merge on 9/25/2018 2:13:24 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\security\pkcs11 | P11TlsMasterSecretGenerator.java | Mon Jan 22 14:46:54 2018 UTC |
2 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\security\pkcs11 | P11TlsMasterSecretGenerator.java | Wed Sep 12 17:53:19 2018 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 4 | 306 |
Changed | 3 | 10 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | /* | |
2 | * Copyrig ht (c) 200 5, 2007, O racle and/ or its aff iliates. A ll rights reserved. | |
3 | * DO NOT ALTER OR R EMOVE COPY RIGHT NOTI CES OR THI S FILE HEA DER. | |
4 | * | |
5 | * This co de is free software; you can r edistribut e it and/o r modify i t | |
6 | * under t he terms o f the GNU General Pu blic Licen se version 2 only, a s | |
7 | * publish ed by the Free Softw are Founda tion. Ora cle design ates this | |
8 | * particu lar file a s subject to the "Cl asspath" e xception a s provided | |
9 | * by Orac le in the LICENSE fi le that ac companied this code. | |
10 | * | |
11 | * This co de is dist ributed in the hope that it wi ll be usef ul, but WI THOUT | |
12 | * ANY WAR RANTY; wit hout even the implie d warranty of MERCHA NTABILITY or | |
13 | * FITNESS FOR A PAR TICULAR PU RPOSE. Se e the GNU General Pu blic Licen se | |
14 | * version 2 for mor e details (a copy is included in the LIC ENSE file that | |
15 | * accompa nied this code). | |
16 | * | |
17 | * You sho uld have r eceived a copy of th e GNU Gene ral Public License v ersion | |
18 | * 2 along with this work; if not, write to the Fr ee Softwar e Foundati on, | |
19 | * Inc., 5 1 Franklin St, Fifth Floor, Bo ston, MA 0 2110-1301 USA. | |
20 | * | |
21 | * Please contact Or acle, 500 Oracle Par kway, Redw ood Shores , CA 94065 USA | |
22 | * or visi t www.orac le.com if you need a dditional informatio n or have any | |
23 | * questio ns. | |
24 | */ | |
25 | ||
26 | package su n.security .pkcs11; | |
27 | ||
28 | import jav a.security .*; | |
29 | import jav a.security .spec.Algo rithmParam eterSpec; | |
30 | ||
31 | import jav ax.crypto. *; | |
32 | import jav ax.crypto. spec.*; | |
33 | ||
34 | import sun .security. internal.s pec.TlsMas terSecretP arameterSp ec; | |
35 | ||
36 | import sta tic sun.se curity.pkc s11.Templa teManager. *; | |
37 | import sun .security. pkcs11.wra pper.*; | |
38 | import sta tic sun.se curity.pkc s11.wrappe r.PKCS11Co nstants.*; | |
39 | ||
40 | /** | |
41 | * KeyGene rator for the SSL/TL S master PW . | |
42 | * | |
43 | * @author Andreas Sterbenz | |
44 | * @since 1.6 | |
45 | */ | |
46 | public fin al class P 11TlsMaste rSecretGen erator ext ends KeyGe neratorSpi { | |
47 | ||
48 | privat e final st atic Strin g MSG = "T lsMasterSe cretGenera tor must b e " | |
49 | + "initializ ed using a TlsMaster SecretPara meterSpec" ; | |
50 | ||
51 | // tok en instanc e | |
52 | privat e final To ken token; | |
53 | ||
54 | // alg orithm nam e | |
55 | privat e final St ring algor ithm; | |
56 | ||
57 | // mec hanism id | |
58 | privat e long mec hanism; | |
59 | ||
60 | privat e TlsMaste rSecretPar ameterSpec spec; | |
61 | privat e P11Key p 11Key; | |
62 | ||
63 | int ve rsion; | |
64 | ||
65 | P11Tls MasterSecr etGenerato r(Token to ken, Strin g algorith m, long me chanism) | |
66 | throws P KCS11Excep tion { | |
67 | su per(); | |
68 | th is.token = token; | |
69 | th is.algorit hm = algor ithm; | |
70 | th is.mechani sm = mecha nism; | |
71 | } | |
72 | ||
73 | protec ted void e ngineInit( SecureRand om random) { | |
74 | th row new In validParam eterExcept ion(MSG); | |
75 | } | |
76 | ||
77 | protec ted void e ngineInit( AlgorithmP arameterSp ec params, | |
78 | SecureRa ndom rando m) throws InvalidAlg orithmPara meterExcep tion { | |
79 | if (params i nstanceof TlsMasterS ecretParam eterSpec = = false) { | |
80 | throw ne w InvalidA lgorithmPa rameterExc eption(MSG ); | |
81 | } | |
82 | th is.spec = (TlsMaster SecretPara meterSpec) params; | |
83 | Se cretKey ke y = spec.g etPremaste rSecret(); | |
84 | // algorithm should be either Tl sRsaPremas terSecret or TlsPrem asterSecre t, | |
85 | // but we om it the che ck | |
86 | tr y { | |
87 | p11Key = P11Secret KeyFactory .convertKe y(token, k ey, null); | |
88 | } catch (Inv alidKeyExc eption e) { | |
89 | throw ne w InvalidA lgorithmPa rameterExc eption("in it() faile d", e); | |
90 | } | |
91 | ve rsion = (s pec.getMaj orVersion( ) << 8) | spec.getMi norVersion (); | |
92 | if ((version < 0x0300) || (versi on > 0x030 2)) { | |
93 | throw ne w InvalidA lgorithmPa rameterExc eption | |
94 | ("On ly SSL 3.0 , TLS 1.0, and TLS 1 .1 support ed"); | |
95 | } | |
96 | // We assume the token supports the requir ed mechani sm. If it does not, | |
97 | // generateK ey() will fail and t he failove r should t ake care o f us. | |
98 | } | |
99 | ||
100 | protec ted void e ngineInit( int keysiz e, SecureR andom rand om) { | |
101 | th row new In validParam eterExcept ion(MSG); | |
102 | } | |
103 | ||
104 | protec ted Secret Key engine GenerateKe y() { | |
105 | if (spec == null) { | |
106 | throw ne w IllegalS tateExcept ion | |
107 | ("Tl sMasterSec retGenerat or must be initializ ed"); | |
108 | } | |
109 | CK _VERSION c kVersion; | |
110 | if (p11Key.g etAlgorith m().equals ("TlsRsaPr emasterSec ret")) { | |
111 | mechanis m = (versi on == 0x03 00) ? CKM_ SSL3_MASTE R_KEY_DERI VE | |
112 | : CKM _TLS_MASTE R_KEY_DERI VE; | |
113 | ckVersio n = new CK _VERSION(0 , 0); | |
114 | } else { | |
115 | // Note: w e use DH f or all non -RSA prema ster PW s. That in cludes | |
116 | // Kerbero s. That sh ould not b e a proble m because master PW | |
117 | // calcu lation is always a s traightfor ward appli cation of the | |
118 | // TLS P RF (or the SSL equiv alent). | |
119 | // The onl y thing sp ecial abou t RSA mast er PW calculatio n is | |
120 | // that it extracts the versio n numbers from the p remaster PW . | |
121 | mechanis m = (versi on == 0x03 00) ? CKM_ SSL3_MASTE R_KEY_DERI VE_DH | |
122 | : CKM _TLS_MASTE R_KEY_DERI VE_DH; | |
123 | ckVersio n = null; | |
124 | } | |
125 | by te[] clien tRandom = spec.getCl ientRandom (); | |
126 | by te[] serve rRandom = spec.getSe rverRandom (); | |
127 | CK _SSL3_RAND OM_DATA ra ndom = | |
128 | new CK_SSL3_RA NDOM_DATA( clientRand om, server Random); | |
129 | CK _SSL3_MAST ER_KEY_DER IVE_PARAMS params = | |
130 | new CK_SSL3_MA STER_KEY_D ERIVE_PARA MS(random, ckVersion ); | |
131 | ||
132 | Se ssion sess ion = null ; | |
133 | tr y { | |
134 | session = token.ge tObjSessio n(); | |
135 | CK_ATTRI BUTE[] att ributes = token.getA ttributes( O_GENERATE , | |
136 | CKO_ SECRET_KEY , CKK_GENE RIC_SECRET , new CK_A TTRIBUTE[0 ]); | |
137 | long key ID = token .p11.C_Der iveKey(ses sion.id(), | |
138 | new CK_MECHANI SM(mechani sm, params ), p11Key. keyID, att ributes); | |
139 | int majo r, minor; | |
140 | ckVersio n = params .pVersion; | |
141 | if (ckVe rsion == n ull) { | |
142 | majo r = -1; | |
143 | mino r = -1; | |
144 | } else { | |
145 | majo r = ckVers ion.major; | |
146 | mino r = ckVers ion.minor; | |
147 | } | |
148 | SecretKe y key = P1 1Key.maste rSecretKey (session, keyID, | |
149 | "Tls MasterSecr et", 48 << 3, attrib utes, majo r, minor); | |
150 | return k ey; | |
151 | } catch (Exc eption e) { | |
152 | throw ne w Provider Exception( "Could not generate key", e); | |
153 | } finally { | |
154 | token.re leaseSessi on(session ); | |
155 | } | |
156 | } | |
157 | ||
158 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.