Produced by Araxis Merge on 9/25/2018 2:13:24 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\security\pkcs11 | P11SecretKeyFactory.java | Mon Jan 22 14:46:54 2018 UTC |
2 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\security\pkcs11 | P11SecretKeyFactory.java | Wed Sep 12 17:53:17 2018 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 5 | 708 |
Changed | 4 | 8 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | /* | |
2 | * Copyrig ht (c) 200 3, 2011, O racle and/ or its aff iliates. A ll rights reserved. | |
3 | * DO NOT ALTER OR R EMOVE COPY RIGHT NOTI CES OR THI S FILE HEA DER. | |
4 | * | |
5 | * This co de is free software; you can r edistribut e it and/o r modify i t | |
6 | * under t he terms o f the GNU General Pu blic Licen se version 2 only, a s | |
7 | * publish ed by the Free Softw are Founda tion. Ora cle design ates this | |
8 | * particu lar file a s subject to the "Cl asspath" e xception a s provided | |
9 | * by Orac le in the LICENSE fi le that ac companied this code. | |
10 | * | |
11 | * This co de is dist ributed in the hope that it wi ll be usef ul, but WI THOUT | |
12 | * ANY WAR RANTY; wit hout even the implie d warranty of MERCHA NTABILITY or | |
13 | * FITNESS FOR A PAR TICULAR PU RPOSE. Se e the GNU General Pu blic Licen se | |
14 | * version 2 for mor e details (a copy is included in the LIC ENSE file that | |
15 | * accompa nied this code). | |
16 | * | |
17 | * You sho uld have r eceived a copy of th e GNU Gene ral Public License v ersion | |
18 | * 2 along with this work; if not, write to the Fr ee Softwar e Foundati on, | |
19 | * Inc., 5 1 Franklin St, Fifth Floor, Bo ston, MA 0 2110-1301 USA. | |
20 | * | |
21 | * Please contact Or acle, 500 Oracle Par kway, Redw ood Shores , CA 94065 USA | |
22 | * or visi t www.orac le.com if you need a dditional informatio n or have any | |
23 | * questio ns. | |
24 | */ | |
25 | ||
26 | package su n.security .pkcs11; | |
27 | ||
28 | import jav a.util.*; | |
29 | ||
30 | import jav a.security .*; | |
31 | import jav a.security .spec.*; | |
32 | ||
33 | import jav ax.crypto. *; | |
34 | import jav ax.crypto. spec.*; | |
35 | ||
36 | import sta tic sun.se curity.pkc s11.Templa teManager. *; | |
37 | import sun .security. pkcs11.wra pper.*; | |
38 | import sta tic sun.se curity.pkc s11.wrappe r.PKCS11Co nstants.*; | |
39 | ||
40 | /** | |
41 | * SecretK eyFactory implementa tion class . This cla ss current ly support s | |
42 | * DES, DE Sede, AES, ARCFOUR, and Blowfi sh. | |
43 | * | |
44 | * @author Andreas Sterbenz | |
45 | * @since 1.5 | |
46 | */ | |
47 | final clas s P11Secre tKeyFactor y extends SecretKeyF actorySpi { | |
48 | ||
49 | // tok en instanc e | |
50 | privat e final To ken token; | |
51 | ||
52 | // alg orithm nam e | |
53 | privat e final St ring algor ithm; | |
54 | ||
55 | P11Sec retKeyFact ory(Token token, Str ing algori thm) { | |
56 | su per(); | |
57 | th is.token = token; | |
58 | th is.algorit hm = algor ithm; | |
59 | } | |
60 | ||
61 | privat e static f inal Map<S tring,Long > keyTypes ; | |
62 | ||
63 | static { | |
64 | ke yTypes = n ew HashMap <String,Lo ng>(); | |
65 | ad dKeyType(" RC4", CKK_RC4); | |
66 | ad dKeyType(" ARCFOUR", CKK_RC4); | |
67 | ad dKeyType(" DES", CKK_DES); | |
68 | ad dKeyType(" DESede", CKK_DES3) ; | |
69 | ad dKeyType(" AES", CKK_AES); | |
70 | ad dKeyType(" Blowfish", CKK_BLOWF ISH); | |
71 | ||
72 | // we don't implement RC2 or IDE A, but we want to be able to g enerate | |
73 | // keys for those SSL/ TLS cipher suites. | |
74 | ad dKeyType(" RC2", CKK_RC2); | |
75 | ad dKeyType(" IDEA", CKK_IDEA) ; | |
76 | ||
77 | ad dKeyType(" TlsPremast erSecret", PCKK_T LSPREMASTE R); | |
78 | ad dKeyType(" TlsRsaPrem asterSecre t", PCKK_T LSRSAPREMA STER); | |
79 | ad dKeyType(" TlsMasterS ecret", PCKK_T LSMASTER); | |
80 | ad dKeyType(" Generic", CKK_GE NERIC_SECR ET); | |
81 | } | |
82 | ||
83 | privat e static v oid addKey Type(Strin g name, lo ng id) { | |
84 | Lo ng l = Lon g.valueOf( id); | |
85 | ke yTypes.put (name, l); | |
86 | ke yTypes.put (name.toUp perCase(Lo cale.ENGLI SH), l); | |
87 | } | |
88 | ||
89 | static long getK eyType(Str ing algori thm) { | |
90 | Lo ng l = key Types.get( algorithm) ; | |
91 | if (l == nul l) { | |
92 | algorith m = algori thm.toUppe rCase(Loca le.ENGLISH ); | |
93 | l = keyT ypes.get(a lgorithm); | |
94 | if (l == null) { | |
95 | if ( algorithm. startsWith ("HMAC")) { | |
96 | return PCK K_HMAC; | |
97 | } el se if (alg orithm.sta rtsWith("S SLMAC")) { | |
98 | return PCK K_SSLMAC; | |
99 | } | |
100 | } | |
101 | } | |
102 | re turn (l != null) ? l .longValue () : -1; | |
103 | } | |
104 | ||
105 | /** | |
106 | * Con vert an ar bitrary ke y of algor ithm into a P11Key o f provider . | |
107 | * Use d in engin eTranslate Key(), P11 Cipher.ini t(), and P 11Mac.init (). | |
108 | */ | |
109 | static P11Key co nvertKey(T oken token , Key key, String al go) | |
110 | throws I nvalidKeyE xception { | |
111 | re turn conve rtKey(toke n, key, al go, null); | |
112 | } | |
113 | ||
114 | /** | |
115 | * Con vert an ar bitrary ke y of algor ithm w/ cu stom attri butes into a | |
116 | * P11 Key of pro vider. | |
117 | * Use d in P11Ke yStore.sto reSkey. | |
118 | */ | |
119 | static P11Key co nvertKey(T oken token , Key key, String al go, | |
120 | CK_ATTRI BUTE[] ext raAttrs) | |
121 | throws I nvalidKeyE xception { | |
122 | to ken.ensure Valid(); | |
123 | if (key == n ull) { | |
124 | throw ne w InvalidK eyExceptio n("Key mus t not be n ull"); | |
125 | } | |
126 | if (key inst anceof Sec retKey == false) { | |
127 | throw ne w InvalidK eyExceptio n("Key mus t be a Sec retKey"); | |
128 | } | |
129 | lo ng algoTyp e; | |
130 | if (algo == null) { | |
131 | algo = k ey.getAlgo rithm(); | |
132 | algoType = getKeyT ype(algo); | |
133 | } else { | |
134 | algoType = getKeyT ype(algo); | |
135 | long key AlgorithmT ype = getK eyType(key .getAlgori thm()); | |
136 | if (algo Type != ke yAlgorithm Type) { | |
137 | if ( (algoType == PCKK_HM AC) || (al goType == PCKK_SSLMA C)) { | |
138 | // ignore key algori thm for MA Cs | |
139 | } el se { | |
140 | throw new InvalidKey Exception | |
141 | (" Key algori thm must b e " + algo ); | |
142 | } | |
143 | } | |
144 | } | |
145 | if (key inst anceof P11 Key) { | |
146 | P11Key p 11Key = (P 11Key)key; | |
147 | if (p11K ey.token = = token) { | |
148 | if ( extraAttrs != null) { | |
149 | Session se ssion = nu ll; | |
150 | try { | |
151 | sessio n = token. getObjSess ion(); | |
152 | long n ewKeyID = token.p11. C_CopyObje ct(session .id(), | |
153 | p11Key.k eyID, extr aAttrs); | |
154 | p11Key = ( P11Key) (P 11Key. PW Key(sessio n, | |
155 | newKeyID , p11Key.a lgorithm, p11Key.key Length, | |
156 | extraAtt rs)); | |
157 | } catch (P KCS11Excep tion p11e) { | |
158 | throw new Invali dKeyExcept ion | |
159 | ("Cannot duplicate the PKCS1 1 key", p1 1e); | |
160 | } finally { | |
161 | token. releaseSes sion(sessi on); | |
162 | } | |
163 | } | |
164 | retu rn p11Key; | |
165 | } | |
166 | } | |
167 | P11Key p11 Key = toke n. PW Cache.get( key); | |
168 | if (p11Key ! = null) { | |
169 | return p 11Key; | |
170 | } | |
171 | if ("RAW".eq ualsIgnore Case(key.g etFormat() ) == false ) { | |
172 | throw ne w InvalidK eyExceptio n("Encoded format mu st be RAW" ); | |
173 | } | |
174 | by te[] encod ed = key.g etEncoded( ); | |
175 | p1 1Key = cre ateKey(tok en, encode d, algo, a lgoType, e xtraAttrs) ; | |
176 | token. PW Cache.put( key, p11Ke y); | |
177 | re turn p11Ke y; | |
178 | } | |
179 | ||
180 | static void fixD ESParity(b yte[] key, int offse t) { | |
181 | fo r (int i = 0; i < 8; i++) { | |
182 | int b = key[offset ] & 0xfe; | |
183 | b |= (In teger.bitC ount(b) & 1) ^ 1; | |
184 | key[offs et++] = (b yte)b; | |
185 | } | |
186 | } | |
187 | ||
188 | privat e static P 11Key crea teKey(Toke n token, b yte[] enco ded, | |
189 | String a lgorithm, long keyTy pe, CK_ATT RIBUTE[] e xtraAttrs) | |
190 | throws I nvalidKeyE xception { | |
191 | in t n = enco ded.length << 3; | |
192 | in t keyLengt h = n; | |
193 | tr y { | |
194 | switch ( (int)keyTy pe) { | |
195 | case (int)CKK_ DES: | |
196 | keyLength = | |
197 | P11Key Generator. checkKeySi ze(CKM_DES _KEY_GEN, n, token); | |
198 | fixDESPari ty(encoded , 0); | |
199 | break; | |
200 | case (int)CKK_ DES3: | |
201 | keyLength = | |
202 | P11Key Generator. checkKeySi ze(CKM_DES 3_KEY_GEN, n, token) ; | |
203 | fixDESPari ty(encoded , 0); | |
204 | fixDESPari ty(encoded , 8); | |
205 | if (keyLen gth == 112 ) { | |
206 | keyTyp e = CKK_DE S2; | |
207 | } else { | |
208 | keyTyp e = CKK_DE S3; | |
209 | fixDES Parity(enc oded, 16); | |
210 | } | |
211 | break; | |
212 | case (int)CKK_ AES: | |
213 | keyLength = | |
214 | P11Key Generator. checkKeySi ze(CKM_AES _KEY_GEN, n, token); | |
215 | break; | |
216 | case (int)CKK_ RC4: | |
217 | keyLength = | |
218 | P11Key Generator. checkKeySi ze(CKM_RC4 _KEY_GEN, n, token); | |
219 | break; | |
220 | case (int)CKK_ BLOWFISH: | |
221 | keyLength = | |
222 | P11Key Generator. checkKeySi ze(CKM_BLO WFISH_KEY_ GEN, n, | |
223 | token) ; | |
224 | break; | |
225 | case (int)CKK_ GENERIC_SE CRET: | |
226 | case (int)PCKK _TLSPREMAS TER: | |
227 | case (int)PCKK _TLSRSAPRE MASTER: | |
228 | case (int)PCKK _TLSMASTER : | |
229 | keyType = CKK_GENERI C_SECRET; | |
230 | break; | |
231 | case (int)PCKK _SSLMAC: | |
232 | case (int)PCKK _HMAC: | |
233 | if (n == 0 ) { | |
234 | throw new Invali dKeyExcept ion | |
235 | ("MAC ke ys must no t be empty "); | |
236 | } | |
237 | keyType = CKK_GENERI C_SECRET; | |
238 | break; | |
239 | defa ult: | |
240 | throw new InvalidKey Exception( "Unknown a lgorithm " + | |
241 | al gorithm); | |
242 | } | |
243 | } catch (Inv alidAlgori thmParamet erExceptio n iape) { | |
244 | throw ne w InvalidK eyExceptio n("Invalid key for " + algorit hm, | |
245 | iape); | |
246 | } catch (Pro viderExcep tion pe) { | |
247 | throw ne w InvalidK eyExceptio n("Could n ot create key", pe); | |
248 | } | |
249 | Se ssion sess ion = null ; | |
250 | tr y { | |
251 | CK_ATTRI BUTE[] att ributes; | |
252 | if (extr aAttrs != null) { | |
253 | attr ibutes = n ew CK_ATTR IBUTE[3 + extraAttrs .length]; | |
254 | Syst em.arrayco py(extraAt trs, 0, at tributes, 3, | |
255 | extraA ttrs.lengt h); | |
256 | } else { | |
257 | attr ibutes = n ew CK_ATTR IBUTE[3]; | |
258 | } | |
259 | attribut es[0] = ne w CK_ATTRI BUTE(CKA_C LASS, CKO_ SECRET_KEY ); | |
260 | attribut es[1] = ne w CK_ATTRI BUTE(CKA_K EY_TYPE, k eyType); | |
261 | attribut es[2] = ne w CK_ATTRI BUTE(CKA_V ALUE, enco ded); | |
262 | attribut es = token .getAttrib utes | |
263 | (O_I MPORT, CKO _SECRET_KE Y, keyType , attribut es); | |
264 | session = token.ge tObjSessio n(); | |
265 | long key ID = token .p11.C_Cre ateObject( session.id (), attrib utes); | |
266 | P11Key p11 Key = (P11 Key)P11Key . PW Key | |
267 | (ses sion, keyI D, algorit hm, keyLen gth, attri butes); | |
268 | return p 11Key; | |
269 | } catch (PKC S11Excepti on e) { | |
270 | throw ne w InvalidK eyExceptio n("Could n ot create key", e); | |
271 | } finally { | |
272 | token.re leaseSessi on(session ); | |
273 | } | |
274 | } | |
275 | ||
276 | // see JCE spec | |
277 | protec ted Secret Key engine GenerateSe cret(KeySp ec keySpec ) | |
278 | throws I nvalidKeyS pecExcepti on { | |
279 | to ken.ensure Valid(); | |
280 | if (keySpec == null) { | |
281 | throw ne w InvalidK eySpecExce ption("Key Spec must not be nul l"); | |
282 | } | |
283 | if (keySpec instanceof SecretKey Spec) { | |
284 | try { | |
285 | Key key = conv ertKey(tok en, (Secre tKey)keySp ec, algori thm); | |
286 | retu rn (Secret Key)key; | |
287 | } catch (InvalidKe yException e) { | |
288 | thro w new Inva lidKeySpec Exception( e); | |
289 | } | |
290 | } else if (a lgorithm.e qualsIgnor eCase("DES ")) { | |
291 | if (keyS pec instan ceof DESKe ySpec) { | |
292 | byte [] keyByte s = ((DESK eySpec)key Spec).getK ey(); | |
293 | keyS pec = new SecretKeyS pec(keyByt es, "DES") ; | |
294 | retu rn engineG enerateSec ret(keySpe c); | |
295 | } | |
296 | } else if (a lgorithm.e qualsIgnor eCase("DES ede")) { | |
297 | if (keyS pec instan ceof DESed eKeySpec) { | |
298 | byte [] keyByte s = ((DESe deKeySpec) keySpec).g etKey(); | |
299 | keyS pec = new SecretKeyS pec(keyByt es, "DESed e"); | |
300 | retu rn engineG enerateSec ret(keySpe c); | |
301 | } | |
302 | } | |
303 | th row new In validKeySp ecExceptio n | |
304 | ("Un supported spec: " + keySpec.ge tClass().g etName()); | |
305 | } | |
306 | ||
307 | privat e byte[] g etKeyBytes (SecretKey key) thro ws Invalid KeySpecExc eption { | |
308 | tr y { | |
309 | key = en gineTransl ateKey(key ); | |
310 | if ("RAW ".equalsIg noreCase(k ey.getForm at()) == f alse) { | |
311 | thro w new Inva lidKeySpec Exception | |
312 | ("Could no t obtain k ey bytes") ; | |
313 | } | |
314 | byte[] k = key.get Encoded(); | |
315 | return k ; | |
316 | } catch (Inv alidKeyExc eption e) { | |
317 | throw ne w InvalidK eySpecExce ption(e); | |
318 | } | |
319 | } | |
320 | ||
321 | // see JCE spec | |
322 | protec ted KeySpe c engineGe tKeySpec(S ecretKey k ey, Class< ?> keySpec ) | |
323 | throws I nvalidKeyS pecExcepti on { | |
324 | to ken.ensure Valid(); | |
325 | if ((key == null) || ( keySpec == null)) { | |
326 | throw ne w InvalidK eySpecExce ption | |
327 | ("ke y and keyS pec must n ot be null "); | |
328 | } | |
329 | if (SecretKe ySpec.clas s.isAssign ableFrom(k eySpec)) { | |
330 | return n ew SecretK eySpec(get KeyBytes(k ey), algor ithm); | |
331 | } else if (a lgorithm.e qualsIgnor eCase("DES ")) { | |
332 | try { | |
333 | if ( DESKeySpec .class.isA ssignableF rom(keySpe c)) { | |
334 | return new DESKeySpe c(getKeyBy tes(key)); | |
335 | } | |
336 | } catch (InvalidKe yException e) { | |
337 | thro w new Inva lidKeySpec Exception( e); | |
338 | } | |
339 | } else if (a lgorithm.e qualsIgnor eCase("DES ede")) { | |
340 | try { | |
341 | if ( DESedeKeyS pec.class. isAssignab leFrom(key Spec)) { | |
342 | return new DESedeKey Spec(getKe yBytes(key )); | |
343 | } | |
344 | } catch (InvalidKe yException e) { | |
345 | thro w new Inva lidKeySpec Exception( e); | |
346 | } | |
347 | } | |
348 | th row new In validKeySp ecExceptio n | |
349 | ("Un supported spec: " + keySpec.ge tName()); | |
350 | } | |
351 | ||
352 | // see JCE spec | |
353 | protec ted Secret Key engine TranslateK ey(SecretK ey key) | |
354 | throws I nvalidKeyE xception { | |
355 | re turn (Secr etKey)conv ertKey(tok en, key, a lgorithm); | |
356 | } | |
357 | ||
358 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.