Produced by Araxis Merge on 9/25/2018 2:13:24 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\security\pkcs11 | P11KeyGenerator.java | Mon Jan 22 14:46:54 2018 UTC |
2 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\security\pkcs11 | P11KeyGenerator.java | Wed Sep 12 17:53:12 2018 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 2 | 566 |
Changed | 1 | 2 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | /* | |
2 | * Copyrig ht (c) 200 3, 2008, O racle and/ or its aff iliates. A ll rights reserved. | |
3 | * DO NOT ALTER OR R EMOVE COPY RIGHT NOTI CES OR THI S FILE HEA DER. | |
4 | * | |
5 | * This co de is free software; you can r edistribut e it and/o r modify i t | |
6 | * under t he terms o f the GNU General Pu blic Licen se version 2 only, a s | |
7 | * publish ed by the Free Softw are Founda tion. Ora cle design ates this | |
8 | * particu lar file a s subject to the "Cl asspath" e xception a s provided | |
9 | * by Orac le in the LICENSE fi le that ac companied this code. | |
10 | * | |
11 | * This co de is dist ributed in the hope that it wi ll be usef ul, but WI THOUT | |
12 | * ANY WAR RANTY; wit hout even the implie d warranty of MERCHA NTABILITY or | |
13 | * FITNESS FOR A PAR TICULAR PU RPOSE. Se e the GNU General Pu blic Licen se | |
14 | * version 2 for mor e details (a copy is included in the LIC ENSE file that | |
15 | * accompa nied this code). | |
16 | * | |
17 | * You sho uld have r eceived a copy of th e GNU Gene ral Public License v ersion | |
18 | * 2 along with this work; if not, write to the Fr ee Softwar e Foundati on, | |
19 | * Inc., 5 1 Franklin St, Fifth Floor, Bo ston, MA 0 2110-1301 USA. | |
20 | * | |
21 | * Please contact Or acle, 500 Oracle Par kway, Redw ood Shores , CA 94065 USA | |
22 | * or visi t www.orac le.com if you need a dditional informatio n or have any | |
23 | * questio ns. | |
24 | */ | |
25 | ||
26 | package su n.security .pkcs11; | |
27 | ||
28 | import jav a.security .*; | |
29 | import jav a.security .spec.Algo rithmParam eterSpec; | |
30 | ||
31 | import jav ax.crypto. *; | |
32 | ||
33 | import sta tic sun.se curity.pkc s11.Templa teManager. *; | |
34 | import sun .security. pkcs11.wra pper.*; | |
35 | import sta tic sun.se curity.pkc s11.wrappe r.PKCS11Co nstants.*; | |
36 | ||
37 | /** | |
38 | * KeyGene rator impl ementation class. Th is class c urrently s upports | |
39 | * DES, DE Sede, AES, ARCFOUR, and Blowfi sh. | |
40 | * | |
41 | * @author Andreas Sterbenz | |
42 | * @since 1.5 | |
43 | */ | |
44 | final clas s P11KeyGe nerator ex tends KeyG eneratorSp i { | |
45 | ||
46 | // tok en instanc e | |
47 | privat e final To ken token; | |
48 | ||
49 | // alg orithm nam e | |
50 | privat e final St ring algor ithm; | |
51 | ||
52 | // mec hanism id | |
53 | privat e long mec hanism; | |
54 | ||
55 | // raw key size in bits, e .g. 64 for DES. Alwa ys valid. | |
56 | privat e int keyS ize; | |
57 | ||
58 | // bit s of entro py in the key, e.g. 56 for DES . Always v alid. | |
59 | privat e int sign ificantKey Size; | |
60 | ||
61 | // key Type (CKK_ *), needed for Templ ateManager call only . | |
62 | privat e long key Type; | |
63 | ||
64 | // for determini ng if both 112 and 1 68 bits of DESede ke y lengths | |
65 | // are supported . | |
66 | privat e boolean supportBot hKeySizes; | |
67 | ||
68 | /** | |
69 | * Uti lity metho d for chec king if th e specifie d key size is valid | |
70 | * and within th e supporte d range. R eturn the significan t key size | |
71 | * upo n successf ul validat ion. | |
72 | * @pa ram keyGen Mech the P KCS#11 key generatio n mechanis m. | |
73 | * @pa ram keySiz e the to-b e-checked key size f or this me chanism. | |
74 | * @pa ram token token whic h provides this mech anism. | |
75 | * @re turn the s ignificant key size (in bits) correspond ing to the | |
76 | * spe cified key size. | |
77 | * @th rows Inval idParamete rException if the sp ecified ke y size is invalid. | |
78 | * @th rows Provi derExcepti on if this mechanism isn't sup ported by SunPKCS11 | |
79 | * or underlying native im pl. | |
80 | */ | |
81 | static int check KeySize(lo ng keyGenM ech, int k eySize, To ken token) | |
82 | th rows Inval idAlgorith mParameter Exception, ProviderE xception { | |
83 | in t sigKeySi ze; | |
84 | sw itch ((int )keyGenMec h) { | |
85 | case (in t)CKM_DES_ KEY_GEN: | |
86 | if ( (keySize ! = 64) && ( keySize != 56)) { | |
87 | throw new InvalidAlg orithmPara meterExcep tion | |
88 | (" DES key le ngth must be 56 bits "); | |
89 | } | |
90 | sigK eySize = 5 6; | |
91 | brea k; | |
92 | case (in t)CKM_DES2 _KEY_GEN: | |
93 | case (in t)CKM_DES3 _KEY_GEN: | |
94 | if ( (keySize = = 112) || (keySize = = 128)) { | |
95 | sigKeySize = 112; | |
96 | } el se if ((ke ySize == 1 68) || (ke ySize == 1 92)) { | |
97 | sigKeySize = 168; | |
98 | } el se { | |
99 | throw new InvalidAlg orithmPara meterExcep tion | |
100 | (" DESede key length mu st be 112, or 168 bi ts"); | |
101 | } | |
102 | brea k; | |
103 | default: | |
104 | // H andle all variable-k ey-length algorithms here | |
105 | CK_M ECHANISM_I NFO info = null; | |
106 | try { | |
107 | info = tok en.getMech anismInfo( keyGenMech ); | |
108 | } ca tch (PKCS1 1Exception p11e) { | |
109 | // Should never happ en | |
110 | throw new ProviderEx ception | |
111 | (" Cannot ret rieve mech anism info ", p11e); | |
112 | } | |
113 | if ( info == nu ll) { | |
114 | // XXX Una ble to ret rieve the supported key length from | |
115 | // the und erlying na tive impl. Skip the checking f or now. | |
116 | return key Size; | |
117 | } | |
118 | // P KCS#11 def ines these to be in number of bytes exce pt for | |
119 | // R C4 which i s in bits. However, some PKCS# 11 impls s till use | |
120 | // b ytes for a ll mechs, e.g. NSS. We try to detect thi s | |
121 | // i nconsisten cy if the minKeySize seems unr easonably small. | |
122 | int minKeySize = (int)in fo.ulMinKe ySize; | |
123 | int maxKeySize = (int)in fo.ulMaxKe ySize; | |
124 | if ( keyGenMech != CKM_RC 4_KEY_GEN || minKeyS ize < 8) { | |
125 | minKeySize = (int)in fo.ulMinKe ySize << 3 ; | |
126 | maxKeySize = (int)in fo.ulMaxKe ySize << 3 ; | |
127 | } | |
128 | // E xplicitly disallow k eys shorte r than 40- bits for s ecurity | |
129 | if ( minKeySize < 40) min KeySize = 40; | |
130 | if ( keySize < minKeySize || keySiz e > maxKey Size) { | |
131 | throw new InvalidAlg orithmPara meterExcep tion | |
132 | (" Key length must be b etween " + minKeySiz e + | |
133 | " and " + ma xKeySize + " bits"); | |
134 | } | |
135 | if ( keyGenMech == CKM_AE S_KEY_GEN) { | |
136 | if ((keySi ze != 128) && (keySi ze != 192) && | |
137 | (keySi ze != 256) ) { | |
138 | throw new Invali dAlgorithm ParameterE xception | |
139 | ("AES ke y length m ust be " + minKeySiz e + | |
140 | (maxKeyS ize >= 192 ? ", 192": "") + | |
141 | (maxKeyS ize >= 256 ? ", or 25 6":"") + " bits"); | |
142 | } | |
143 | } | |
144 | sigK eySize = k eySize; | |
145 | } | |
146 | re turn sigKe ySize; | |
147 | } | |
148 | ||
149 | P11Key Generator( Token toke n, String algorithm, long mech anism) | |
150 | throws P KCS11Excep tion { | |
151 | su per(); | |
152 | th is.token = token; | |
153 | th is.algorit hm = algor ithm; | |
154 | th is.mechani sm = mecha nism; | |
155 | ||
156 | if (this.mec hanism == CKM_DES3_K EY_GEN) { | |
157 | /* Given the curre nt lookup order spec ified in S unPKCS11.j ava, | |
158 | if CK M_DES2_KEY _GEN is us ed to cons truct this object, i t | |
159 | means that CKM_ DES3_KEY_G EN is disa bled or un supported. | |
160 | */ | |
161 | supportB othKeySize s = | |
162 | (tok en.provide r.config.i sEnabled(C KM_DES2_KE Y_GEN) && | |
163 | (to ken.getMec hanismInfo (CKM_DES2_ KEY_GEN) ! = null)); | |
164 | } | |
165 | se tDefaultKe ySize(); | |
166 | } | |
167 | ||
168 | // set default k eysize and also init ialize key Type | |
169 | privat e void set DefaultKey Size() { | |
170 | sw itch ((int )mechanism ) { | |
171 | ca se (int)CK M_DES_KEY_ GEN: | |
172 | keySize = 64; | |
173 | keyType = CKK_DES; | |
174 | break; | |
175 | ca se (int)CK M_DES2_KEY _GEN: | |
176 | keySize = 128; | |
177 | keyType = CKK_DES2 ; | |
178 | break; | |
179 | ca se (int)CK M_DES3_KEY _GEN: | |
180 | keySize = 192; | |
181 | keyType = CKK_DES3 ; | |
182 | break; | |
183 | ca se (int)CK M_AES_KEY_ GEN: | |
184 | keySize = 128; | |
185 | keyType = CKK_AES; | |
186 | break; | |
187 | ca se (int)CK M_RC4_KEY_ GEN: | |
188 | keySize = 128; | |
189 | keyType = CKK_RC4; | |
190 | break; | |
191 | ca se (int)CK M_BLOWFISH _KEY_GEN: | |
192 | keySize = 128; | |
193 | keyType = CKK_BLOW FISH; | |
194 | break; | |
195 | de fault: | |
196 | throw ne w Provider Exception( "Unknown m echanism " + mechani sm); | |
197 | } | |
198 | tr y { | |
199 | signific antKeySize = checkKe ySize(mech anism, key Size, toke n); | |
200 | } catch (Inv alidAlgori thmParamet erExceptio n iape) { | |
201 | throw ne w Provider Exception( "Unsupport ed default key size" , iape); | |
202 | } | |
203 | } | |
204 | ||
205 | // see JCE spec | |
206 | protec ted void e ngineInit( SecureRand om random) { | |
207 | to ken.ensure Valid(); | |
208 | se tDefaultKe ySize(); | |
209 | } | |
210 | ||
211 | // see JCE spec | |
212 | protec ted void e ngineInit( AlgorithmP arameterSp ec params, | |
213 | SecureRa ndom rando m) throws InvalidAlg orithmPara meterExcep tion { | |
214 | th row new In validAlgor ithmParame terExcepti on | |
215 | ("Al gorithmPar ameterSpec not suppo rted"); | |
216 | } | |
217 | ||
218 | // see JCE spec | |
219 | protec ted void e ngineInit( int keySiz e, SecureR andom rand om) { | |
220 | to ken.ensure Valid(); | |
221 | in t newSigni ficantKeyS ize; | |
222 | tr y { | |
223 | newSigni ficantKeyS ize = chec kKeySize(m echanism, keySize, t oken); | |
224 | } catch (Inv alidAlgori thmParamet erExceptio n iape) { | |
225 | throw (I nvalidPara meterExcep tion) | |
226 | (new Inval idParamete rException ().initCau se(iape)); | |
227 | } | |
228 | if ((mechani sm == CKM_ DES2_KEY_G EN) || | |
229 | (mechani sm == CKM_ DES3_KEY_G EN)) { | |
230 | long new Mechanism = (newSign ificantKey Size == 11 2 ? | |
231 | CKM_ DES2_KEY_G EN : CKM_D ES3_KEY_GE N); | |
232 | if (mech anism != n ewMechanis m) { | |
233 | if ( supportBot hKeySizes) { | |
234 | mechanism = newMecha nism; | |
235 | // Adjust keyType to reflect t he mechani sm change | |
236 | keyType = (mechanism == CKM_DE S2_KEY_GEN ? | |
237 | CKK_DE S2 : CKK_D ES3); | |
238 | } el se { | |
239 | throw new InvalidPar ameterExce ption | |
240 | (" Only " + s ignificant KeySize + | |
241 | " -bit DESed e is suppo rted"); | |
242 | } | |
243 | } | |
244 | } | |
245 | th is.keySize = keySize ; | |
246 | th is.signifi cantKeySiz e = newSig nificantKe ySize; | |
247 | } | |
248 | ||
249 | // see JCE spec | |
250 | protec ted Secret Key engine GenerateKe y() { | |
251 | Se ssion sess ion = null ; | |
252 | tr y { | |
253 | session = token.ge tObjSessio n(); | |
254 | CK_ATTRI BUTE[] att ributes; | |
255 | switch ( (int)keyTy pe) { | |
256 | case (in t)CKK_DES: | |
257 | case (in t)CKK_DES2 : | |
258 | case (in t)CKK_DES3 : | |
259 | // f ixed lengt h, do not specify CK A_VALUE_LE N | |
260 | attr ibutes = n ew CK_ATTR IBUTE[] { | |
261 | new CK_ATT RIBUTE(CKA _CLASS, CK O_SECRET_K EY), | |
262 | }; | |
263 | brea k; | |
264 | default: | |
265 | attr ibutes = n ew CK_ATTR IBUTE[] { | |
266 | new CK_ATT RIBUTE(CKA _CLASS, CK O_SECRET_K EY), | |
267 | new CK_ATT RIBUTE(CKA _VALUE_LEN , keySize >> 3), | |
268 | }; | |
269 | brea k; | |
270 | } | |
271 | attribut es = token .getAttrib utes | |
272 | (O_G ENERATE, C KO_SECRET_ KEY, keyTy pe, attrib utes); | |
273 | long key ID = token .p11.C_Gen erateKey | |
274 | (ses sion.id(), new CK_ME CHANISM(me chanism), attributes ); | |
275 | return P11 Key. PW Key | |
276 | (ses sion, keyI D, algorit hm, signif icantKeySi ze, attrib utes); | |
277 | } catch (PKC S11Excepti on e) { | |
278 | throw ne w Provider Exception( "Could not generate key", e); | |
279 | } finally { | |
280 | token.re leaseSessi on(session ); | |
281 | } | |
282 | } | |
283 | ||
284 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.