Merge pull request #767 from taoliult/ems

Add ExtendedMasterSecret support in SunPKCS11 provider
ibmruntimes · Apr 17, 2024 · 1824a6b · 1824a6b
2 parents 3a3e28f + a875c38
commit 1824a6b
Show file tree

Hide file tree

Showing 13 changed files with 330 additions and 6 deletions.
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsMasterSecretGenerator.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsMasterSecretGenerator.java
@@ -23,6 +23,12 @@
  * questions.
  */
 
+/*
+ * ===========================================================================
+ * (c) Copyright IBM Corp. 2024, 2024 All Rights Reserved
+ * ===========================================================================
+ */
+
 package sun.security.pkcs11;
 
 import java.security.*;
@@ -110,6 +116,8 @@ protected void engineInit(AlgorithmParameterSpec params,
             throw new InvalidAlgorithmParameterException("init() failed", e);
         }
         this.spec = spec;
+        byte[] extendedMasterSecretSessionHash =
+                spec.getExtendedMasterSecretSessionHash();
         final boolean isTlsRsaPremasterSecret =
                 p11Key.getAlgorithm().equals("TlsRsaPremasterSecret");
         if (tlsVersion == 0x0300) {
@@ -118,6 +126,9 @@ protected void engineInit(AlgorithmParameterSpec params,
         } else if (tlsVersion == 0x0301 || tlsVersion == 0x0302) {
             mechanism = isTlsRsaPremasterSecret ?
                     CKM_TLS_MASTER_KEY_DERIVE : CKM_TLS_MASTER_KEY_DERIVE_DH;
+        } else if (extendedMasterSecretSessionHash.length != 0) {
+            mechanism = isTlsRsaPremasterSecret ?
+                    CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE : CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH;
         } else if (tlsVersion == 0x0303) {
             mechanism = isTlsRsaPremasterSecret ?
                     CKM_TLS12_MASTER_KEY_DERIVE : CKM_TLS12_MASTER_KEY_DERIVE_DH;
@@ -146,13 +157,21 @@ protected SecretKey engineGenerateKey() {
         }
         byte[] clientRandom = spec.getClientRandom();
         byte[] serverRandom = spec.getServerRandom();
+        byte[] extendedMasterSecretSessionHash =
+                spec.getExtendedMasterSecretSessionHash();
         CK_SSL3_RANDOM_DATA random =
                 new CK_SSL3_RANDOM_DATA(clientRandom, serverRandom);
         CK_MECHANISM ckMechanism = null;
         if (tlsVersion < 0x0303) {
             CK_SSL3_MASTER_KEY_DERIVE_PARAMS params =
                     new CK_SSL3_MASTER_KEY_DERIVE_PARAMS(random, ckVersion);
             ckMechanism = new CK_MECHANISM(mechanism, params);
+        } else if (extendedMasterSecretSessionHash.length != 0) {
+            CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS params =
+                    new CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS(
+                            Functions.getHashMechId(spec.getPRFHashAlg()),
+                            extendedMasterSecretSessionHash, ckVersion);
+            ckMechanism = new CK_MECHANISM(mechanism, params);
         } else if (tlsVersion == 0x0303) {
             CK_TLS12_MASTER_KEY_DERIVE_PARAMS params =
                     new CK_TLS12_MASTER_KEY_DERIVE_PARAMS(random, ckVersion,
@@ -163,8 +182,16 @@ protected SecretKey engineGenerateKey() {
         long p11KeyID = p11Key.getKeyID();
         try {
             session = token.getObjSession();
-            CK_ATTRIBUTE[] attributes = token.getAttributes(O_GENERATE,
-                CKO_SECRET_KEY, CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]);
+            CK_ATTRIBUTE[] attributes;
+            if (extendedMasterSecretSessionHash.length != 0) {
+                attributes = token.getAttributes(O_GENERATE,
+                        CKO_SECRET_KEY, CKK_GENERIC_SECRET, new CK_ATTRIBUTE[] {
+                                new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),
+                                new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_GENERIC_SECRET)});
+            } else {
+                attributes = token.getAttributes(O_GENERATE,
+                        CKO_SECRET_KEY, CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]);
+            }
             long keyID = token.p11.C_DeriveKey(session.id(),
                     ckMechanism, p11KeyID, attributes);
             int major, minor;

diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
@@ -25,7 +25,7 @@
 
 /*
  * ===========================================================================
- * (c) Copyright IBM Corp. 2022, 2023 All Rights Reserved
+ * (c) Copyright IBM Corp. 2022, 2024 All Rights Reserved
  * ===========================================================================
  */
 
@@ -1027,6 +1027,10 @@ private static void register(Descriptor d) {
                 m(CKM_SSL3_MASTER_KEY_DERIVE, CKM_TLS_MASTER_KEY_DERIVE,
                     CKM_SSL3_MASTER_KEY_DERIVE_DH,
                     CKM_TLS_MASTER_KEY_DERIVE_DH));
+        d(KG, "SunTlsExtendedMasterSecret",
+                    "sun.security.pkcs11.P11TlsMasterSecretGenerator",
+                m(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE,
+                    CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH));
         d(KG, "SunTls12MasterSecret",
                 "sun.security.pkcs11.P11TlsMasterSecretGenerator",
             m(CKM_TLS12_MASTER_KEY_DERIVE, CKM_TLS12_MASTER_KEY_DERIVE_DH));
@@ -1407,7 +1411,8 @@ public Object newInstance0(Object param) throws
                     return new P11TlsRsaPremasterSecretGenerator(
                         token, algorithm, mechanism);
                 } else if (algorithm == "SunTlsMasterSecret"
-                        || algorithm == "SunTls12MasterSecret") {
+                        || algorithm == "SunTls12MasterSecret"
+                        || algorithm == "SunTlsExtendedMasterSecret") {
                     return new P11TlsMasterSecretGenerator(
                         token, algorithm, mechanism);
                 } else if (algorithm == "SunTlsKeyMaterial"

diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java
@@ -45,6 +45,12 @@
  *  POSSIBILITY  OF SUCH DAMAGE.
  */
 
+/*
+ * ===========================================================================
+ * (c) Copyright IBM Corp. 2024, 2024 All Rights Reserved
+ * ===========================================================================
+ */
+
 package sun.security.pkcs11.wrapper;
 
 import java.math.BigInteger;
@@ -119,6 +125,10 @@ public CK_MECHANISM(long mechanism, CK_TLS12_MASTER_KEY_DERIVE_PARAMS params) {
         init(mechanism, params);
     }
 
+    public CK_MECHANISM(long mechanism, CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS params) {
+        init(mechanism, params);
+    }
+
     public CK_MECHANISM(long mechanism, CK_SSL3_KEY_MAT_PARAMS params) {
         init(mechanism, params);
     }

diff --git a/...are/classes/sun/security/pkcs11/wrapper/CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS.java b/...are/classes/sun/security/pkcs11/wrapper/CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS.java
@@ -0,0 +1,105 @@
+/*
+ * ===========================================================================
+ * (c) Copyright IBM Corp. 2024, 2024 All Rights Reserved
+ * ===========================================================================
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * IBM designates this particular file as subject to the "Classpath" exception
+ * as provided by IBM in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * ===========================================================================
+ */
+
+package sun.security.pkcs11.wrapper;
+
+/**
+ * This class represents the necessary parameters required by the
+ * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE and
+ * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH mechanisms as defined
+ * in CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS structure.<p>
+ * <B>PKCS#11 structure:</B>
+ * <PRE>
+ * typedef struct CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS {
+ *     CK_MECHANISM_TYPE prfHashMechanism;
+ *     CK_BYTE_PTR pSessionHash;
+ *     CK_ULONG ulSessionHashLen;
+ *     CK_VERSION_PTR pVersion;
+ * } CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS;
+ * </PRE>
+ *
+ */
+public class CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS {
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_MECHANISM_TYPE prfHashMechanism;
+     * </PRE>
+     */
+    public final long prfHashMechanism;
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_BYTE_PTR pSessionHash;
+     * </PRE>
+     */
+    public final byte[] pSessionHash;
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_VERSION_PTR pVersion;
+     * </PRE>
+     */
+    public final CK_VERSION pVersion;
+
+    public CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS(
+            long prfHashMechanism, byte[] pSessionHash,
+            CK_VERSION pVersion) {
+        this.prfHashMechanism = prfHashMechanism;
+        this.pSessionHash = pSessionHash;
+        this.pVersion = pVersion;
+    }
+
+    /**
+     * Returns the string representation of
+     * CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS.
+     *
+     * @return the string representation of
+     * CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS
+     */
+    @Override
+    public String toString() {
+        StringBuilder buffer = new StringBuilder();
+
+        buffer.append(Constants.INDENT);
+        buffer.append("prfHashMechanism: ");
+        buffer.append(prfHashMechanism);
+        buffer.append(Constants.NEWLINE);
+
+        buffer.append(Constants.INDENT);
+        buffer.append("pSessionHash: ");
+        buffer.append(Functions.toHexString(pSessionHash));
+        buffer.append(Constants.NEWLINE);
+
+        buffer.append(Constants.INDENT);
+        buffer.append("pVersion: ");
+        buffer.append(pVersion);
+
+        return buffer.toString();
+    }
+
+}
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/Functions.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/Functions.java
@@ -45,6 +45,12 @@
  *  POSSIBILITY  OF SUCH DAMAGE.
  */
 
+/*
+ * ===========================================================================
+ * (c) Copyright IBM Corp. 2024, 2024 All Rights Reserved
+ * ===========================================================================
+ */
+
 package sun.security.pkcs11.wrapper;
 
 import java.math.BigInteger;
@@ -1098,6 +1104,10 @@ private static void addMGF(long id, String name) {
         addMech(CKM_VENDOR_DEFINED,             "CKM_VENDOR_DEFINED");
 
         addMech(CKM_NSS_TLS_PRF_GENERAL,        "CKM_NSS_TLS_PRF_GENERAL");
+        addMech(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE,
+                                    "CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE");
+        addMech(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH,
+                                    "CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH");
 
         addMech(PCKM_SECURERANDOM,              "SecureRandom");
         addMech(PCKM_KEYSTORE,                  "KeyStore");

diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java
@@ -45,6 +45,12 @@
  *  POSSIBILITY  OF SUCH DAMAGE.
  */
 
+/*
+ * ===========================================================================
+ * (c) Copyright IBM Corp. 2024, 2024 All Rights Reserved
+ * ===========================================================================
+ */
+
 package sun.security.pkcs11.wrapper;
 
 /**
@@ -999,6 +1005,10 @@ public interface PKCS11Constants {
 
     // NSS private
     public static final long  CKM_NSS_TLS_PRF_GENERAL        = 0x80000373L;
+    public static final long  CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE
+                                        /* (CKM_NSS + 25) */ = 0xCE534369L;
+    public static final long  CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH
+                                        /* (CKM_NSS + 26) */ = 0xCE53436AL;
 
     // internal ids for our pseudo mechanisms SecureRandom and KeyStore
     public static final long  PCKM_SECURERANDOM              = 0x7FFFFF20L;

diff --git a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c
@@ -45,6 +45,12 @@
  *  POSSIBILITY  OF SUCH DAMAGE.
  */
 
+/*
+ * ===========================================================================
+ * (c) Copyright IBM Corp. 2024, 2024 All Rights Reserved
+ * ===========================================================================
+ */
+
 /*
  * pkcs11wrapper.c
  * 18.05.2001
@@ -608,6 +614,73 @@ jTls12MasterKeyDeriveParamToCKTls12MasterKeyDeriveParamPtr(JNIEnv *env,
     return NULL;
 }
 
+/*
+ * Converts the Java CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS object to a
+ * CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS pointer.
+ *
+ * @param env - used to call JNI functions to get the Java classes and objects
+ * @param jParam - the Java CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS object to convert
+ * @param pLength - length of the allocated memory of the returned pointer
+ * @return pointer to the new CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS structure
+ */
+CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS_PTR
+jTlsExtendedMasterKeyDeriveParamToCKTlsExtendedMasterKeyDeriveParamPtr(JNIEnv *env,
+        jobject jParam, CK_ULONG *pLength)
+{
+    CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS_PTR ckParamPtr = NULL;
+    jclass jTlsExtendedMasterKeyDeriveParamsClass = NULL;
+    jfieldID fieldID = NULL;
+    jlong prfHashMechanism = 0L;
+    jobject pSessionHash = NULL;
+    if (NULL != pLength) {
+        *pLength = 0L;
+    }
+
+    // retrieve java values
+    jTlsExtendedMasterKeyDeriveParamsClass =
+            (*env)->FindClass(env, CLASS_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS);
+    if (NULL == jTlsExtendedMasterKeyDeriveParamsClass) {
+        return NULL;
+    }
+    fieldID = (*env)->GetFieldID(env,
+            jTlsExtendedMasterKeyDeriveParamsClass, "prfHashMechanism", "J");
+    if (NULL == fieldID) {
+        return NULL;
+    }
+    prfHashMechanism = (*env)->GetLongField(env, jParam, fieldID);
+    fieldID = (*env)->GetFieldID(env,
+            jTlsExtendedMasterKeyDeriveParamsClass, "pSessionHash", "[B");
+    if (NULL == fieldID) {
+        return NULL;
+    }
+    pSessionHash = (*env)->GetObjectField(env, jParam, fieldID);
+
+    // allocate memory for CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS pointer
+    ckParamPtr = calloc(1, sizeof(CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS));
+    if (NULL == ckParamPtr) {
+        throwOutOfMemoryError(env, 0);
+        return NULL;
+    }
+
+    // populate using java values
+    jByteArrayToCKByteArray(env, pSessionHash, &(ckParamPtr->pSessionHash),
+            &(ckParamPtr->ulSessionHashLen));
+    if ((*env)->ExceptionCheck(env)) {
+        goto cleanup;
+    }
+
+    ckParamPtr->prfHashMechanism = (CK_MECHANISM_TYPE) prfHashMechanism;
+
+    if (NULL != pLength) {
+        *pLength = sizeof(CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS);
+    }
+    return ckParamPtr;
+cleanup:
+    free(ckParamPtr->pSessionHash);
+    free(ckParamPtr);
+    return NULL;
+}
+
 /*
  * converts the Java CK_TLS_PRF_PARAMS object to a CK_TLS_PRF_PARAMS pointer
  *
@@ -1485,6 +1558,11 @@ CK_VOID_PTR jMechParamToCKMechParamPtrSlow(JNIEnv *env, jobject jParam,
             ckpParamPtr = jTls12MasterKeyDeriveParamToCKTls12MasterKeyDeriveParamPtr(env, jParam,
                     ckpLength);
             break;
+        case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE:
+        case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH:
+            ckpParamPtr = jTlsExtendedMasterKeyDeriveParamToCKTlsExtendedMasterKeyDeriveParamPtr(
+                    env, jParam, ckpLength);
+            break;
         case CKM_TLS_PRF:
         case CKM_NSS_TLS_PRF_GENERAL:
             ckpParamPtr = jTlsPrfParamsToCKTlsPrfParamPtr(env, jParam,