/hg/icedtea8-forest/jdk: 2 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Mon Nov 12 04:48:59 UTC 2018
changeset 550251c29c1b in /hg/icedtea8-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea8-forest/jdk?cmd=changeset;node=550251c29c1b
author: andrew
date: Mon Oct 22 06:31:35 2018 +0100
PR3639, CVE-2018-16435: lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile
From https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8
changeset 301e37235636 in /hg/icedtea8-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea8-forest/jdk?cmd=changeset;node=301e37235636
author: mbalao
date: Wed Oct 31 17:04:47 2018 -0300
8029661, PR3642, RH1477159: Support TLS v1.2 algorithm in SunPKCS11 provider
Summary: TLS v1.2 algorithms for key and MAC derivation added to SunPKCS11 crypto provider. 8210912 fix is included as part of this changeset.
Reviewed-by: valeriep
diffstat:
src/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java | 38 +-
src/share/classes/sun/security/pkcs11/P11TlsMasterSecretGenerator.java | 42 +-
src/share/classes/sun/security/pkcs11/P11TlsPrfGenerator.java | 42 +-
src/share/classes/sun/security/pkcs11/P11TlsRsaPremasterSecretGenerator.java | 9 +-
src/share/classes/sun/security/pkcs11/SunPKCS11.java | 39 +-
src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java | 14 +-
src/share/classes/sun/security/pkcs11/wrapper/CK_TLS12_KEY_MAT_PARAMS.java | 151 +++
src/share/classes/sun/security/pkcs11/wrapper/CK_TLS12_MASTER_KEY_DERIVE_PARAMS.java | 65 +
src/share/classes/sun/security/pkcs11/wrapper/CK_TLS_MAC_PARAMS.java | 64 +
src/share/classes/sun/security/pkcs11/wrapper/Functions.java | 24 +-
src/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java | 10 +-
src/share/native/sun/java2d/cmm/lcms/cmscgats.c | 16 +-
src/share/native/sun/security/pkcs11/wrapper/p11_convert.c | 421 +++++++--
src/share/native/sun/security/pkcs11/wrapper/p11_keymgmt.c | 296 ++++--
src/share/native/sun/security/pkcs11/wrapper/pkcs11t.h | 36 +
src/share/native/sun/security/pkcs11/wrapper/pkcs11wrapper.h | 13 +-
test/sun/security/pkcs11/fips/TestTLS12.java | 449 ++++++++++
test/sun/security/pkcs11/fips/cert8.db | Bin
test/sun/security/pkcs11/fips/key3.db | Bin
test/sun/security/pkcs11/fips/keystore | Bin
20 files changed, 1463 insertions(+), 266 deletions(-)
diffs (truncated from 2294 to 500 lines):
diff -r 668833495424 -r 301e37235636 src/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java
--- a/src/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java Tue Nov 06 22:53:46 2018 +0000
+++ b/src/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java Wed Oct 31 17:04:47 2018 -0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -95,9 +95,9 @@
throw new InvalidAlgorithmParameterException("init() failed", e);
}
version = (spec.getMajorVersion() << 8) | spec.getMinorVersion();
- if ((version < 0x0300) && (version > 0x0302)) {
- throw new InvalidAlgorithmParameterException
- ("Only SSL 3.0, TLS 1.0, and TLS 1.1 are supported");
+ if ((version < 0x0300) && (version > 0x0303)) {
+ throw new InvalidAlgorithmParameterException("Only SSL 3.0," +
+ " TLS 1.0, TLS 1.1, and TLS 1.2 are supported");
}
// we assume the token supports both the CKM_SSL3_* and the CKM_TLS_*
// mechanisms
@@ -112,8 +112,11 @@
throw new IllegalStateException
("TlsKeyMaterialGenerator must be initialized");
}
- mechanism = (version == 0x0300) ? CKM_SSL3_KEY_AND_MAC_DERIVE
- : CKM_TLS_KEY_AND_MAC_DERIVE;
+ if (version == 0x0300) {
+ mechanism = CKM_SSL3_KEY_AND_MAC_DERIVE;
+ } else if (version == 0x0301 || version == 0x0302) {
+ mechanism = CKM_TLS_KEY_AND_MAC_DERIVE;
+ }
int macBits = spec.getMacKeyLength() << 3;
int ivBits = spec.getIvLength() << 3;
@@ -129,8 +132,18 @@
CK_SSL3_RANDOM_DATA random = new CK_SSL3_RANDOM_DATA
(spec.getClientRandom(), spec.getServerRandom());
- CK_SSL3_KEY_MAT_PARAMS params = new CK_SSL3_KEY_MAT_PARAMS
- (macBits, keyBits, ivBits, isExportable, random);
+ Object params = null;
+ CK_MECHANISM ckMechanism = null;
+ if (version < 0x0303) {
+ params = new CK_SSL3_KEY_MAT_PARAMS
+ (macBits, keyBits, ivBits, isExportable, random);
+ ckMechanism = new CK_MECHANISM(mechanism, (CK_SSL3_KEY_MAT_PARAMS)params);
+ } else if (version == 0x0303) {
+ params = new CK_TLS12_KEY_MAT_PARAMS
+ (macBits, keyBits, ivBits, isExportable, random,
+ Functions.getHashMechId(spec.getPRFHashAlg()));
+ ckMechanism = new CK_MECHANISM(mechanism, (CK_TLS12_KEY_MAT_PARAMS)params);
+ }
String cipherAlgorithm = spec.getCipherAlgorithm();
long keyType = P11SecretKeyFactory.getKeyType(cipherAlgorithm);
@@ -162,9 +175,14 @@
(O_GENERATE, CKO_SECRET_KEY, keyType, attributes);
// the returned keyID is a dummy, ignore
long keyID = token.p11.C_DeriveKey(session.id(),
- new CK_MECHANISM(mechanism, params), p11Key.keyID, attributes);
+ ckMechanism, p11Key.keyID, attributes);
- CK_SSL3_KEY_MAT_OUT out = params.pReturnedKeyMaterial;
+ CK_SSL3_KEY_MAT_OUT out = null;
+ if (params instanceof CK_SSL3_KEY_MAT_PARAMS) {
+ out = ((CK_SSL3_KEY_MAT_PARAMS)params).pReturnedKeyMaterial;
+ } else if (params instanceof CK_TLS12_KEY_MAT_PARAMS) {
+ out = ((CK_TLS12_KEY_MAT_PARAMS)params).pReturnedKeyMaterial;
+ }
// Note that the MAC keys do not inherit all attributes from the
// template, but they do inherit the sensitive/extractable/token
// flags, which is all P11Key cares about.
diff -r 668833495424 -r 301e37235636 src/share/classes/sun/security/pkcs11/P11TlsMasterSecretGenerator.java
--- a/src/share/classes/sun/security/pkcs11/P11TlsMasterSecretGenerator.java Tue Nov 06 22:53:46 2018 +0000
+++ b/src/share/classes/sun/security/pkcs11/P11TlsMasterSecretGenerator.java Wed Oct 31 17:04:47 2018 -0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -89,9 +89,9 @@
throw new InvalidAlgorithmParameterException("init() failed", e);
}
version = (spec.getMajorVersion() << 8) | spec.getMinorVersion();
- if ((version < 0x0300) || (version > 0x0302)) {
- throw new InvalidAlgorithmParameterException
- ("Only SSL 3.0, TLS 1.0, and TLS 1.1 supported");
+ if ((version < 0x0300) && (version > 0x0303)) {
+ throw new InvalidAlgorithmParameterException("Only SSL 3.0," +
+ " TLS 1.0, TLS 1.1, and TLS 1.2 are supported");
}
// We assume the token supports the required mechanism. If it does not,
// generateKey() will fail and the failover should take care of us.
@@ -106,10 +106,20 @@
throw new IllegalStateException
("TlsMasterSecretGenerator must be initialized");
}
+ final boolean isTlsRsaPremasterSecret =
+ p11Key.getAlgorithm().equals("TlsRsaPremasterSecret");
+ if (version == 0x0300) {
+ mechanism = isTlsRsaPremasterSecret ?
+ CKM_SSL3_MASTER_KEY_DERIVE : CKM_SSL3_MASTER_KEY_DERIVE_DH;
+ } else if (version == 0x0301 || version == 0x0302) {
+ mechanism = isTlsRsaPremasterSecret ?
+ CKM_TLS_MASTER_KEY_DERIVE : CKM_TLS_MASTER_KEY_DERIVE_DH;
+ } else if (version == 0x0303) {
+ mechanism = isTlsRsaPremasterSecret ?
+ CKM_TLS12_MASTER_KEY_DERIVE : CKM_TLS12_MASTER_KEY_DERIVE_DH;
+ }
CK_VERSION ckVersion;
- if (p11Key.getAlgorithm().equals("TlsRsaPremasterSecret")) {
- mechanism = (version == 0x0300) ? CKM_SSL3_MASTER_KEY_DERIVE
- : CKM_TLS_MASTER_KEY_DERIVE;
+ if (isTlsRsaPremasterSecret) {
ckVersion = new CK_VERSION(0, 0);
} else {
// Note: we use DH for all non-RSA premaster secrets. That includes
@@ -118,16 +128,23 @@
// TLS PRF (or the SSL equivalent).
// The only thing special about RSA master secret calculation is
// that it extracts the version numbers from the premaster secret.
- mechanism = (version == 0x0300) ? CKM_SSL3_MASTER_KEY_DERIVE_DH
- : CKM_TLS_MASTER_KEY_DERIVE_DH;
ckVersion = null;
}
byte[] clientRandom = spec.getClientRandom();
byte[] serverRandom = spec.getServerRandom();
CK_SSL3_RANDOM_DATA random =
new CK_SSL3_RANDOM_DATA(clientRandom, serverRandom);
- CK_SSL3_MASTER_KEY_DERIVE_PARAMS params =
- new CK_SSL3_MASTER_KEY_DERIVE_PARAMS(random, ckVersion);
+ CK_MECHANISM ckMechanism = null;
+ if (version < 0x0303) {
+ CK_SSL3_MASTER_KEY_DERIVE_PARAMS params =
+ new CK_SSL3_MASTER_KEY_DERIVE_PARAMS(random, ckVersion);
+ ckMechanism = new CK_MECHANISM(mechanism, params);
+ } else if (version == 0x0303) {
+ CK_TLS12_MASTER_KEY_DERIVE_PARAMS params =
+ new CK_TLS12_MASTER_KEY_DERIVE_PARAMS(random, ckVersion,
+ Functions.getHashMechId(spec.getPRFHashAlg()));
+ ckMechanism = new CK_MECHANISM(mechanism, params);
+ }
Session session = null;
try {
@@ -135,9 +152,8 @@
CK_ATTRIBUTE[] attributes = token.getAttributes(O_GENERATE,
CKO_SECRET_KEY, CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]);
long keyID = token.p11.C_DeriveKey(session.id(),
- new CK_MECHANISM(mechanism, params), p11Key.keyID, attributes);
+ ckMechanism, p11Key.keyID, attributes);
int major, minor;
- ckVersion = params.pVersion;
if (ckVersion == null) {
major = -1;
minor = -1;
diff -r 668833495424 -r 301e37235636 src/share/classes/sun/security/pkcs11/P11TlsPrfGenerator.java
--- a/src/share/classes/sun/security/pkcs11/P11TlsPrfGenerator.java Tue Nov 06 22:53:46 2018 +0000
+++ b/src/share/classes/sun/security/pkcs11/P11TlsPrfGenerator.java Wed Oct 31 17:04:47 2018 -0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -124,8 +124,46 @@
if (spec == null) {
throw new IllegalStateException("TlsPrfGenerator must be initialized");
}
+ byte[] seed = spec.getSeed();
+
+ // TLS 1.2
+ if (mechanism == CKM_TLS_MAC) {
+ SecretKey k = null;
+ int ulServerOrClient = 0;
+ if (spec.getLabel().equals("server finished")) {
+ ulServerOrClient = 1;
+ }
+ if (spec.getLabel().equals("client finished")) {
+ ulServerOrClient = 2;
+ }
+
+ if (ulServerOrClient != 0) {
+ // Finished message
+ CK_TLS_MAC_PARAMS params = new CK_TLS_MAC_PARAMS(
+ Functions.getHashMechId(spec.getPRFHashAlg()),
+ spec.getOutputLength(), ulServerOrClient);
+ Session session = null;
+ try {
+ session = token.getOpSession();
+ token.p11.C_SignInit(session.id(),
+ new CK_MECHANISM(mechanism, params), p11Key.keyID);
+ token.p11.C_SignUpdate(session.id(), 0, seed, 0, seed.length);
+ byte[] out = token.p11.C_SignFinal
+ (session.id(), spec.getOutputLength());
+ k = new SecretKeySpec(out, "TlsPrf");
+ } catch (PKCS11Exception e) {
+ throw new ProviderException("Could not calculate PRF", e);
+ } finally {
+ token.releaseSession(session);
+ }
+ } else {
+ throw new ProviderException("Only Finished message authentication code"+
+ " generation supported for TLS 1.2.");
+ }
+ return k;
+ }
+
byte[] label = P11Util.getBytesUTF8(spec.getLabel());
- byte[] seed = spec.getSeed();
if (mechanism == CKM_NSS_TLS_PRF_GENERAL) {
Session session = null;
diff -r 668833495424 -r 301e37235636 src/share/classes/sun/security/pkcs11/P11TlsRsaPremasterSecretGenerator.java
--- a/src/share/classes/sun/security/pkcs11/P11TlsRsaPremasterSecretGenerator.java Tue Nov 06 22:53:46 2018 +0000
+++ b/src/share/classes/sun/security/pkcs11/P11TlsRsaPremasterSecretGenerator.java Wed Oct 31 17:04:47 2018 -0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -57,6 +57,8 @@
// mechanism id
private long mechanism;
+ private int version;
+
private TlsRsaPremasterSecretParameterSpec spec;
P11TlsRsaPremasterSecretGenerator(Token token, String algorithm, long mechanism)
@@ -77,6 +79,11 @@
throw new InvalidAlgorithmParameterException(MSG);
}
this.spec = (TlsRsaPremasterSecretParameterSpec)params;
+ version = (spec.getMajorVersion() << 8) | spec.getMinorVersion();
+ if ((version < 0x0300) && (version > 0x0303)) {
+ throw new InvalidAlgorithmParameterException
+ ("Only SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2 are supported");
+ }
}
protected void engineInit(int keysize, SecureRandom random) {
diff -r 668833495424 -r 301e37235636 src/share/classes/sun/security/pkcs11/SunPKCS11.java
--- a/src/share/classes/sun/security/pkcs11/SunPKCS11.java Tue Nov 06 22:53:46 2018 +0000
+++ b/src/share/classes/sun/security/pkcs11/SunPKCS11.java Wed Oct 31 17:04:47 2018 -0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -741,38 +741,28 @@
d(SIG, "SHA512withRSAandMGF1", P11Signature,
m(CKM_SHA512_RSA_PKCS_PSS));
- /*
- * TLS 1.2 uses a different hash algorithm than 1.0/1.1 for the
- * PRF calculations. As of 2010, there is no PKCS11-level
- * support for TLS 1.2 PRF calculations, and no known OS's have
- * an internal variant we could use. Therefore for TLS 1.2, we
- * are updating JSSE to request different provider algorithms
- * (e.g. "SunTls12Prf"), and currently only SunJCE has these
- * TLS 1.2 algorithms.
- *
- * If we reused the names such as "SunTlsPrf", the PKCS11
- * providers would need be updated to fail correctly when
- * presented with the wrong version number (via
- * Provider.Service.supportsParameters()), and we would also
- * need to add the appropriate supportsParamters() checks into
- * KeyGenerators (not currently there).
- *
- * In the future, if PKCS11 support is added, we will restructure
- * this.
- */
d(KG, "SunTlsRsaPremasterSecret",
"sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator",
+ s("SunTls12RsaPremasterSecret"),
m(CKM_SSL3_PRE_MASTER_KEY_GEN, CKM_TLS_PRE_MASTER_KEY_GEN));
d(KG, "SunTlsMasterSecret",
"sun.security.pkcs11.P11TlsMasterSecretGenerator",
m(CKM_SSL3_MASTER_KEY_DERIVE, CKM_TLS_MASTER_KEY_DERIVE,
CKM_SSL3_MASTER_KEY_DERIVE_DH,
CKM_TLS_MASTER_KEY_DERIVE_DH));
+ d(KG, "SunTls12MasterSecret",
+ "sun.security.pkcs11.P11TlsMasterSecretGenerator",
+ m(CKM_TLS12_MASTER_KEY_DERIVE, CKM_TLS12_MASTER_KEY_DERIVE_DH));
d(KG, "SunTlsKeyMaterial",
"sun.security.pkcs11.P11TlsKeyMaterialGenerator",
m(CKM_SSL3_KEY_AND_MAC_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE));
+ d(KG, "SunTls12KeyMaterial",
+ "sun.security.pkcs11.P11TlsKeyMaterialGenerator",
+ m(CKM_TLS12_KEY_AND_MAC_DERIVE));
d(KG, "SunTlsPrf", "sun.security.pkcs11.P11TlsPrfGenerator",
m(CKM_TLS_PRF, CKM_NSS_TLS_PRF_GENERAL));
+ d(KG, "SunTls12Prf", "sun.security.pkcs11.P11TlsPrfGenerator",
+ m(CKM_TLS_MAC));
}
// background thread that periodically checks for token insertion
@@ -1037,13 +1027,16 @@
if (algorithm == "SunTlsRsaPremasterSecret") {
return new P11TlsRsaPremasterSecretGenerator(
token, algorithm, mechanism);
- } else if (algorithm == "SunTlsMasterSecret") {
+ } else if (algorithm == "SunTlsMasterSecret"
+ || algorithm == "SunTls12MasterSecret") {
return new P11TlsMasterSecretGenerator(
token, algorithm, mechanism);
- } else if (algorithm == "SunTlsKeyMaterial") {
+ } else if (algorithm == "SunTlsKeyMaterial"
+ || algorithm == "SunTls12KeyMaterial") {
return new P11TlsKeyMaterialGenerator(
token, algorithm, mechanism);
- } else if (algorithm == "SunTlsPrf") {
+ } else if (algorithm == "SunTlsPrf"
+ || algorithm == "SunTls12Prf") {
return new P11TlsPrfGenerator(token, algorithm, mechanism);
} else {
return new P11KeyGenerator(token, algorithm, mechanism);
diff -r 668833495424 -r 301e37235636 src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java
--- a/src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java Tue Nov 06 22:53:46 2018 +0000
+++ b/src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java Wed Oct 31 17:04:47 2018 -0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
*/
/* Copyright (c) 2002 Graz University of Technology. All rights reserved.
@@ -116,14 +116,26 @@
init(mechanism, params);
}
+ public CK_MECHANISM(long mechanism, CK_TLS12_MASTER_KEY_DERIVE_PARAMS params) {
+ init(mechanism, params);
+ }
+
public CK_MECHANISM(long mechanism, CK_SSL3_KEY_MAT_PARAMS params) {
init(mechanism, params);
}
+ public CK_MECHANISM(long mechanism, CK_TLS12_KEY_MAT_PARAMS params) {
+ init(mechanism, params);
+ }
+
public CK_MECHANISM(long mechanism, CK_TLS_PRF_PARAMS params) {
init(mechanism, params);
}
+ public CK_MECHANISM(long mechanism, CK_TLS_MAC_PARAMS params) {
+ init(mechanism, params);
+ }
+
public CK_MECHANISM(long mechanism, CK_ECDH1_DERIVE_PARAMS params) {
init(mechanism, params);
}
diff -r 668833495424 -r 301e37235636 src/share/classes/sun/security/pkcs11/wrapper/CK_TLS12_KEY_MAT_PARAMS.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/sun/security/pkcs11/wrapper/CK_TLS12_KEY_MAT_PARAMS.java Wed Oct 31 17:04:47 2018 -0300
@@ -0,0 +1,151 @@
+/*
+ * Copyright (c) 2018, Red Hat, Inc. and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.pkcs11.wrapper;
+
+/**
+ * CK_TLS12_KEY_MAT_PARAMS from PKCS#11 v2.40.
+ */
+public class CK_TLS12_KEY_MAT_PARAMS {
+
+ /**
+ * <B>PKCS#11:</B>
+ * <PRE>
+ * CK_ULONG ulMacSizeInBits;
+ * </PRE>
+ */
+ public long ulMacSizeInBits;
+
+ /**
+ * <B>PKCS#11:</B>
+ * <PRE>
+ * CK_ULONG ulKeySizeInBits;
+ * </PRE>
+ */
+ public long ulKeySizeInBits;
+
+ /**
+ * <B>PKCS#11:</B>
+ * <PRE>
+ * CK_ULONG ulIVSizeInBits;
+ * </PRE>
+ */
+ public long ulIVSizeInBits;
+
+ /**
+ * <B>PKCS#11:</B>
+ * <PRE>
+ * CK_BBOOL bIsExport;
+ * </PRE>
+ */
+ public boolean bIsExport;
+
+ /**
+ * <B>PKCS#11:</B>
+ * <PRE>
+ * CK_SSL3_RANDOM_DATA RandomInfo;
+ * </PRE>
+ */
+ public CK_SSL3_RANDOM_DATA RandomInfo;
+
+ /**
+ * <B>PKCS#11:</B>
+ * <PRE>
+ * CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
+ * </PRE>
+ */
+ public CK_SSL3_KEY_MAT_OUT pReturnedKeyMaterial;
+
+ /**
+ * <B>PKCS#11:</B>
+ * <PRE>
+ * CK_MECHANISM_TYPE prfHashMechanism;
+ * </PRE>
+ */
+ public long prfHashMechanism;
+
+ public CK_TLS12_KEY_MAT_PARAMS(
+ int macSize, int keySize, int ivSize, boolean export,
+ CK_SSL3_RANDOM_DATA random, long prfHashMechanism) {
+ ulMacSizeInBits = macSize;
+ ulKeySizeInBits = keySize;
+ ulIVSizeInBits = ivSize;
+ bIsExport = export;
+ RandomInfo = random;
+ pReturnedKeyMaterial = new CK_SSL3_KEY_MAT_OUT();
+ if (ivSize != 0) {
+ int n = ivSize >> 3;
+ pReturnedKeyMaterial.pIVClient = new byte[n];
+ pReturnedKeyMaterial.pIVServer = new byte[n];
+ }
+ this.prfHashMechanism = prfHashMechanism;
+ }
+
+ /**
+ * Returns the string representation of CK_TLS12_KEY_MAT_PARAMS.
+ *
+ * @return the string representation of CK_TLS12_KEY_MAT_PARAMS
+ */
+ public String toString() {
+ StringBuilder buffer = new StringBuilder();
+
+ buffer.append(Constants.INDENT);
+ buffer.append("ulMacSizeInBits: ");
+ buffer.append(ulMacSizeInBits);
+ buffer.append(Constants.NEWLINE);
+
+ buffer.append(Constants.INDENT);
+ buffer.append("ulKeySizeInBits: ");
+ buffer.append(ulKeySizeInBits);
+ buffer.append(Constants.NEWLINE);
+
+ buffer.append(Constants.INDENT);
+ buffer.append("ulIVSizeInBits: ");
+ buffer.append(ulIVSizeInBits);
+ buffer.append(Constants.NEWLINE);
+
+ buffer.append(Constants.INDENT);
+ buffer.append("bIsExport: ");
+ buffer.append(bIsExport);
More information about the distro-pkg-dev
mailing list