Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/mobile
 Path: blob/master/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11ECDHKeyAgreement.java
41154 views
1
/*

2
 * Copyright (c) 2006, 2018, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.  Oracle designates this

8
 * particular file as subject to the "Classpath" exception as provided

9
 * by Oracle in the LICENSE file that accompanied this code.

10
 *

11
 * This code is distributed in the hope that it will be useful, but WITHOUT

12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

14
 * version 2 for more details (a copy is included in the LICENSE file that

15
 * accompanied this code).

16
 *

17
 * You should have received a copy of the GNU General Public License version

18
 * 2 along with this work; if not, write to the Free Software Foundation,

19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

20
 *

21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

22
 * or visit www.oracle.com if you need additional information or have any

23
 * questions.

24
 */

25


26
package sun.security.pkcs11;

27


28
import java.security.*;

29
import java.security.interfaces.ECPublicKey;

30
import java.security.spec.AlgorithmParameterSpec;

31


32
import javax.crypto.*;

33


34
import static sun.security.pkcs11.TemplateManager.*;

35
import sun.security.pkcs11.wrapper.*;

36
import static sun.security.pkcs11.wrapper.PKCS11Constants.*;

37


38
/**

39
 * KeyAgreement implementation for ECDH.

40
 *

41
 * @author  Andreas Sterbenz

42
 * @since   1.6

43
 */

44
final class P11ECDHKeyAgreement extends KeyAgreementSpi {

45


46
    // token instance

47
    private final Token token;

48


49
    // algorithm name

50
    private final String algorithm;

51


52
    // mechanism id

53
    private final long mechanism;

54


55
    // private key, if initialized

56
    private P11Key privateKey;

57


58
    // encoded public point, non-null between doPhase() and generateSecret() only

59
    private byte[] publicValue;

60


61
    // length of the secret to be derived

62
    private int secretLen;

63


64
    P11ECDHKeyAgreement(Token token, String algorithm, long mechanism) {

65
        super();

66
        this.token = token;

67
        this.algorithm = algorithm;

68
        this.mechanism = mechanism;

69
    }

70


71
    // see JCE spec

72
    protected void engineInit(Key key, SecureRandom random)

73
            throws InvalidKeyException {

74
        if (key instanceof PrivateKey == false) {

75
            throw new InvalidKeyException

76
                        ("Key must be instance of PrivateKey");

77
        }

78
        privateKey = P11KeyFactory.convertKey(token, key, "EC");

79
        publicValue = null;

80
    }

81


82
    // see JCE spec

83
    protected void engineInit(Key key, AlgorithmParameterSpec params,

84
            SecureRandom random) throws InvalidKeyException,

85
            InvalidAlgorithmParameterException {

86
        if (params != null) {

87
            throw new InvalidAlgorithmParameterException

88
                        ("Parameters not supported");

89
        }

90
        engineInit(key, random);

91
    }

92


93
    // see JCE spec

94
    protected Key engineDoPhase(Key key, boolean lastPhase)

95
            throws InvalidKeyException, IllegalStateException {

96
        if (privateKey == null) {

97
            throw new IllegalStateException("Not initialized");

98
        }

99
        if (publicValue != null) {

100
            throw new IllegalStateException("Phase already executed");

101
        }

102
        if (lastPhase == false) {

103
            throw new IllegalStateException

104
                ("Only two party agreement supported, lastPhase must be true");

105
        }

106
        if (key instanceof ECPublicKey == false) {

107
            throw new InvalidKeyException

108
                ("Key must be a PublicKey with algorithm EC");

109
        }

110
        ECPublicKey ecKey = (ECPublicKey)key;

111
        int keyLenBits = ecKey.getParams().getCurve().getField().getFieldSize();

112
        secretLen = (keyLenBits + 7) >> 3;

113
        publicValue = P11ECKeyFactory.getEncodedPublicValue(ecKey);

114
        return null;

115
    }

116


117
    // see JCE spec

118
    protected byte[] engineGenerateSecret() throws IllegalStateException {

119
        if ((privateKey == null) || (publicValue == null)) {

120
            throw new IllegalStateException("Not initialized correctly");

121
        }

122
        Session session = null;

123
        long privKeyID = privateKey.getKeyID();

124
        try {

125
            session = token.getOpSession();

126
            CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {

127
                new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),

128
                new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_GENERIC_SECRET),

129
            };

130
            CK_ECDH1_DERIVE_PARAMS ckParams =

131
                    new CK_ECDH1_DERIVE_PARAMS(CKD_NULL, null, publicValue);

132
            attributes = token.getAttributes

133
                (O_GENERATE, CKO_SECRET_KEY, CKK_GENERIC_SECRET, attributes);

134
            long keyID = token.p11.C_DeriveKey(session.id(),

135
                    new CK_MECHANISM(mechanism, ckParams), privKeyID,

136
                    attributes);

137
            attributes = new CK_ATTRIBUTE[] {

138
                new CK_ATTRIBUTE(CKA_VALUE)

139
            };

140
            token.p11.C_GetAttributeValue(session.id(), keyID, attributes);

141
            byte[] secret = attributes[0].getByteArray();

142
            token.p11.C_DestroyObject(session.id(), keyID);

143
            return secret;

144
        } catch (PKCS11Exception e) {

145
            throw new ProviderException("Could not derive key", e);

146
        } finally {

147
            privateKey.releaseKeyID();

148
            publicValue = null;

149
            token.releaseSession(session);

150
        }

151
    }

152


153
    // see JCE spec

154
    protected int engineGenerateSecret(byte[] sharedSecret, int

155
            offset) throws IllegalStateException, ShortBufferException {

156
        if (offset + secretLen > sharedSecret.length) {

157
            throw new ShortBufferException("Need " + secretLen

158
                + " bytes, only " + (sharedSecret.length - offset) + " available");

159
        }

160
        byte[] secret = engineGenerateSecret();

161
        System.arraycopy(secret, 0, sharedSecret, offset, secret.length);

162
        return secret.length;

163
    }

164


165
    // see JCE spec

166
    protected SecretKey engineGenerateSecret(String algorithm)

167
            throws IllegalStateException, NoSuchAlgorithmException,

168
            InvalidKeyException {

169
        if (algorithm == null) {

170
            throw new NoSuchAlgorithmException("Algorithm must not be null");

171
        }

172
        if (algorithm.equals("TlsPremasterSecret") == false) {

173
            throw new NoSuchAlgorithmException

174
                ("Only supported for algorithm TlsPremasterSecret");

175
        }

176
        return nativeGenerateSecret(algorithm);

177
    }

178


179
    private SecretKey nativeGenerateSecret(String algorithm)

180
            throws IllegalStateException, NoSuchAlgorithmException,

181
            InvalidKeyException {

182
        if ((privateKey == null) || (publicValue == null)) {

183
            throw new IllegalStateException("Not initialized correctly");

184
        }

185
        long keyType = CKK_GENERIC_SECRET;

186
        Session session = null;

187
        long privKeyID = privateKey.getKeyID();

188
        try {

189
            session = token.getObjSession();

190
            CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {

191
                new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),

192
                new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType),

193
            };

194
            CK_ECDH1_DERIVE_PARAMS ckParams =

195
                    new CK_ECDH1_DERIVE_PARAMS(CKD_NULL, null, publicValue);

196
            attributes = token.getAttributes

197
                (O_GENERATE, CKO_SECRET_KEY, keyType, attributes);

198
            long keyID = token.p11.C_DeriveKey(session.id(),

199
                    new CK_MECHANISM(mechanism, ckParams), privKeyID,

200
                    attributes);

201
            CK_ATTRIBUTE[] lenAttributes = new CK_ATTRIBUTE[] {

202
                new CK_ATTRIBUTE(CKA_VALUE_LEN),

203
            };

204
            token.p11.C_GetAttributeValue(session.id(), keyID, lenAttributes);

205
            int keyLen = (int)lenAttributes[0].getLong();

206
            SecretKey key = P11Key.secretKey

207
                        (session, keyID, algorithm, keyLen << 3, attributes);

208
            return key;

209
        } catch (PKCS11Exception e) {

210
            throw new InvalidKeyException("Could not derive key", e);

211
        } finally {

212
            privateKey.releaseKeyID();

213
            publicValue = null;

214
            token.releaseSession(session);

215
        }

216
    }

217


218
}

219


220