Add ExtendedMasterSecret support in SunPKCS11 provider

This commit is for adding the ExtendedMasterSecret support in
SunPKCS11 security provider.

Signed-off-by: Tao Liu <tao.liu@ibm.com>

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsMasterSecretGenerator.java

@@ -23,6 +23,12 @@
  * questions.
  */
 
+/*
+ * ===========================================================================
+ * (c) Copyright IBM Corp. 2024, 2024 All Rights Reserved
+ * ===========================================================================
+ */
+
 package sun.security.pkcs11;
 
 import java.security.*;
@@ -110,6 +116,8 @@ protected void engineInit(AlgorithmParameterSpec params,
  throw new InvalidAlgorithmParameterException("init() failed", e);
  }
  this.spec = spec;
+ byte[] extendedMasterSecretSessionHash =
+ spec.getExtendedMasterSecretSessionHash();
  final boolean isTlsRsaPremasterSecret =
  p11Key.getAlgorithm().equals("TlsRsaPremasterSecret");
  if (tlsVersion == 0x0300) {
@@ -118,6 +126,9 @@ protected void engineInit(AlgorithmParameterSpec params,
  } else if (tlsVersion == 0x0301 || tlsVersion == 0x0302) {
  mechanism = isTlsRsaPremasterSecret ?
  CKM_TLS_MASTER_KEY_DERIVE : CKM_TLS_MASTER_KEY_DERIVE_DH;
+ } else if (extendedMasterSecretSessionHash.length != 0) {
+ mechanism = isTlsRsaPremasterSecret ?
+ CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE : CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH;
  } else if (tlsVersion == 0x0303) {
  mechanism = isTlsRsaPremasterSecret ?
  CKM_TLS12_MASTER_KEY_DERIVE : CKM_TLS12_MASTER_KEY_DERIVE_DH;
@@ -146,13 +157,21 @@ protected SecretKey engineGenerateKey() {
  }
  byte[] clientRandom = spec.getClientRandom();
  byte[] serverRandom = spec.getServerRandom();
+ byte[] extendedMasterSecretSessionHash =
+ spec.getExtendedMasterSecretSessionHash();
  CK_SSL3_RANDOM_DATA random =
  new CK_SSL3_RANDOM_DATA(clientRandom, serverRandom);
  CK_MECHANISM ckMechanism = null;
  if (tlsVersion < 0x0303) {
  CK_SSL3_MASTER_KEY_DERIVE_PARAMS params =
  new CK_SSL3_MASTER_KEY_DERIVE_PARAMS(random, ckVersion);
  ckMechanism = new CK_MECHANISM(mechanism, params);
+ } else if (extendedMasterSecretSessionHash.length != 0) {
+ CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS params =
+ new CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS(
+ Functions.getHashMechId(spec.getPRFHashAlg()),
+ extendedMasterSecretSessionHash, ckVersion);
+ ckMechanism = new CK_MECHANISM(mechanism, params);
  } else if (tlsVersion == 0x0303) {
  CK_TLS12_MASTER_KEY_DERIVE_PARAMS params =
  new CK_TLS12_MASTER_KEY_DERIVE_PARAMS(random, ckVersion,
@@ -163,8 +182,16 @@ protected SecretKey engineGenerateKey() {
  long p11KeyID = p11Key.getKeyID();
  try {
  session = token.getObjSession();
- CK_ATTRIBUTE[] attributes = token.getAttributes(O_GENERATE,
- CKO_SECRET_KEY, CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]);
+ CK_ATTRIBUTE[] attributes;
+ if (extendedMasterSecretSessionHash.length != 0) {
+ attributes = token.getAttributes(O_GENERATE,
+ CKO_SECRET_KEY, CKK_GENERIC_SECRET, new CK_ATTRIBUTE[] {
+ new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),
+ new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_GENERIC_SECRET)});
+ } else {
+ attributes = token.getAttributes(O_GENERATE,
+ CKO_SECRET_KEY, CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]);
+ }
  long keyID = token.p11.C_DeriveKey(session.id(),
  ckMechanism, p11KeyID, attributes);
  int major, minor;

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java

@@ -25,7 +25,7 @@
 
 /*
  * ===========================================================================
- * (c) Copyright IBM Corp. 2022, 2023 All Rights Reserved
+ * (c) Copyright IBM Corp. 2022, 2024 All Rights Reserved
  * ===========================================================================
  */
 
@@ -1125,6 +1125,10 @@ private static void register(Descriptor d) {
  m(CKM_SSL3_MASTER_KEY_DERIVE, CKM_TLS_MASTER_KEY_DERIVE,
  CKM_SSL3_MASTER_KEY_DERIVE_DH,
  CKM_TLS_MASTER_KEY_DERIVE_DH));
+ d(KG, "SunTlsExtendedMasterSecret",
+ "sun.security.pkcs11.P11TlsMasterSecretGenerator",
+ m(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE,
+ CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH));
  d(KG, "SunTls12MasterSecret",
  "sun.security.pkcs11.P11TlsMasterSecretGenerator",
  m(CKM_TLS12_MASTER_KEY_DERIVE, CKM_TLS12_MASTER_KEY_DERIVE_DH));
@@ -1508,7 +1512,8 @@ public Object newInstance0(Object param) throws
  return new P11TlsRsaPremasterSecretGenerator(
  token, algorithm, mechanism);
  } else if (algorithm == "SunTlsMasterSecret"
- || algorithm == "SunTls12MasterSecret") {
+ || algorithm == "SunTls12MasterSecret"
+ || algorithm == "SunTlsExtendedMasterSecret") {
  return new P11TlsMasterSecretGenerator(
  token, algorithm, mechanism);
  } else if (algorithm == "SunTlsKeyMaterial"

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java

@@ -45,6 +45,12 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 
+/*
+ * ===========================================================================
+ * (c) Copyright IBM Corp. 2024, 2024 All Rights Reserved
+ * ===========================================================================
+ */
+
 package sun.security.pkcs11.wrapper;
 
 import java.math.BigInteger;
@@ -119,6 +125,10 @@ public CK_MECHANISM(long mechanism, CK_TLS12_MASTER_KEY_DERIVE_PARAMS params) {
  init(mechanism, params);
  }
 
+ public CK_MECHANISM(long mechanism, CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS params) {
+ init(mechanism, params);
+ }
+
  public CK_MECHANISM(long mechanism, CK_SSL3_KEY_MAT_PARAMS params) {
  init(mechanism, params);
  }

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS.java

@@ -0,0 +1,105 @@
+/*
+ * ===========================================================================
+ * (c) Copyright IBM Corp. 2024, 2024 All Rights Reserved
+ * ===========================================================================
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * IBM designates this particular file as subject to the "Classpath" exception
+ * as provided by IBM in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * ===========================================================================
+ */
+
+package sun.security.pkcs11.wrapper;
+
+/**
+ * This class represents the necessary parameters required by the
+ * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE and
+ * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH mechanisms as defined
+ * in CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS structure.<p>
+ * <B>PKCS#11 structure:</B>
+ * <PRE>
+ * typedef struct CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS {
+ * CK_MECHANISM_TYPE prfHashMechanism;
+ * CK_BYTE_PTR pSessionHash;
+ * CK_ULONG ulSessionHashLen;
+ * CK_VERSION_PTR pVersion;
+ * } CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS;
+ * </PRE>
+ *
+ */
+public class CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS {
+
+ /**
+ * <B>PKCS#11:</B>
+ * <PRE>
+ * CK_MECHANISM_TYPE prfHashMechanism;
+ * </PRE>
+ */
+ public final long prfHashMechanism;
+
+ /**
+ * <B>PKCS#11:</B>
+ * <PRE>
+ * CK_BYTE_PTR pSessionHash;
+ * </PRE>
+ */
+ public final byte[] pSessionHash;
+
+ /**
+ * <B>PKCS#11:</B>
+ * <PRE>
+ * CK_VERSION_PTR pVersion;
+ * </PRE>
+ */
+ public final CK_VERSION pVersion;
+
+ public CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS(
+ long prfHashMechanism, byte[] pSessionHash,
+ CK_VERSION pVersion) {
+ this.prfHashMechanism = prfHashMechanism;
+ this.pSessionHash = pSessionHash;
+ this.pVersion = pVersion;
+ }
+
+ /**
+ * Returns the string representation of
+ * CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS.
+ *
+ * @return the string representation of
+ * CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS
+ */
+ @Override
+ public String toString() {
+ StringBuilder buffer = new StringBuilder();
+
+ buffer.append(Constants.INDENT);
+ buffer.append("prfHashMechanism: ");
+ buffer.append(prfHashMechanism);
+ buffer.append(Constants.NEWLINE);
+
+ buffer.append(Constants.INDENT);
+ buffer.append("pSessionHash: ");
+ buffer.append(Functions.toHexString(pSessionHash));
+ buffer.append(Constants.NEWLINE);
+
+ buffer.append(Constants.INDENT);
+ buffer.append("pVersion: ");
+ buffer.append(pVersion);
+
+ return buffer.toString();
+ }
+
+}

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/Functions.java

@@ -45,6 +45,12 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 
+/*
+ * ===========================================================================
+ * (c) Copyright IBM Corp. 2024, 2024 All Rights Reserved
+ * ===========================================================================
+ */
+
 package sun.security.pkcs11.wrapper;
 
 import java.math.BigInteger;
@@ -1098,6 +1104,10 @@ private static void addMGF(long id, String name) {
  addMech(CKM_VENDOR_DEFINED, "CKM_VENDOR_DEFINED");
 
  addMech(CKM_NSS_TLS_PRF_GENERAL, "CKM_NSS_TLS_PRF_GENERAL");
+ addMech(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE,
+ "CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE");
+ addMech(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH,
+ "CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH");
 
  addMech(PCKM_SECURERANDOM, "SecureRandom");
  addMech(PCKM_KEYSTORE, "KeyStore");

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java

@@ -45,6 +45,12 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 
+/*
+ * ===========================================================================
+ * (c) Copyright IBM Corp. 2024, 2024 All Rights Reserved
+ * ===========================================================================
+ */
+
 package sun.security.pkcs11.wrapper;
 
 /**
@@ -999,6 +1005,10 @@ public interface PKCS11Constants {
 
  // NSS private
  public static final long CKM_NSS_TLS_PRF_GENERAL = 0x80000373L;
+ public static final long CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE
+ /* (CKM_NSS + 25) */ = 0xCE534369L;
+ public static final long CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH
+ /* (CKM_NSS + 26) */ = 0xCE53436AL;
 
  // internal ids for our pseudo mechanisms SecureRandom and KeyStore
  public static final long PCKM_SECURERANDOM = 0x7FFFFF20L;

src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c

@@ -45,6 +45,12 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 
+/*
+ * ===========================================================================
+ * (c) Copyright IBM Corp. 2024, 2024 All Rights Reserved
+ * ===========================================================================
+ */
+
 /*
  * pkcs11wrapper.c
  * 18.05.2001
@@ -608,6 +614,73 @@ jTls12MasterKeyDeriveParamToCKTls12MasterKeyDeriveParamPtr(JNIEnv *env,
  return NULL;
 }
 
+/*
+ * Converts the Java CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS object to a
+ * CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS pointer.
+ *
+ * @param env - used to call JNI functions to get the Java classes and objects
+ * @param jParam - the Java CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS object to convert
+ * @param pLength - length of the allocated memory of the returned pointer
+ * @return pointer to the new CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS structure
+ */
+CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS_PTR
+jTlsExtendedMasterKeyDeriveParamToCKTlsExtendedMasterKeyDeriveParamPtr(JNIEnv *env,
+ jobject jParam, CK_ULONG *pLength)
+{
+ CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS_PTR ckParamPtr = NULL;
+ jclass jTlsExtendedMasterKeyDeriveParamsClass = NULL;
+ jfieldID fieldID = NULL;
+ jlong prfHashMechanism = 0L;
+ jobject pSessionHash = NULL;
+ if (NULL != pLength) {
+ *pLength = 0L;
+ }
+
+ // retrieve java values
+ jTlsExtendedMasterKeyDeriveParamsClass =
+ (*env)->FindClass(env, CLASS_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS);
+ if (NULL == jTlsExtendedMasterKeyDeriveParamsClass) {
+ return NULL;
+ }
+ fieldID = (*env)->GetFieldID(env,
+ jTlsExtendedMasterKeyDeriveParamsClass, "prfHashMechanism", "J");
+ if (NULL == fieldID) {
+ return NULL;
+ }
+ prfHashMechanism = (*env)->GetLongField(env, jParam, fieldID);
+ fieldID = (*env)->GetFieldID(env,
+ jTlsExtendedMasterKeyDeriveParamsClass, "pSessionHash", "[B");
+ if (NULL == fieldID) {
+ return NULL;
+ }
+ pSessionHash = (*env)->GetObjectField(env, jParam, fieldID);
+
+ // allocate memory for CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS pointer
+ ckParamPtr = calloc(1, sizeof(CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS));
+ if (NULL == ckParamPtr) {
+ throwOutOfMemoryError(env, 0);
+ return NULL;
+ }
+
+ // populate using java values
+ jByteArrayToCKByteArray(env, pSessionHash, &(ckParamPtr->pSessionHash),
+ &(ckParamPtr->ulSessionHashLen));
+ if ((*env)->ExceptionCheck(env)) {
+ goto cleanup;
+ }
+
+ ckParamPtr->prfHashMechanism = (CK_MECHANISM_TYPE) prfHashMechanism;
+
+ if (NULL != pLength) {
+ *pLength = sizeof(CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS);
+ }
+ return ckParamPtr;
+cleanup:
+ free(ckParamPtr->pSessionHash);
+ free(ckParamPtr);
+ return NULL;
+}
+
 /*
  * converts the Java CK_TLS_PRF_PARAMS object to a CK_TLS_PRF_PARAMS pointer
  *
@@ -1485,6 +1558,11 @@ CK_VOID_PTR jMechParamToCKMechParamPtrSlow(JNIEnv *env, jobject jParam,
  ckpParamPtr = jTls12MasterKeyDeriveParamToCKTls12MasterKeyDeriveParamPtr(env, jParam,
  ckpLength);
  break;
+ case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE:
+ case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH:
+ ckpParamPtr = jTlsExtendedMasterKeyDeriveParamToCKTlsExtendedMasterKeyDeriveParamPtr(
+ env, jParam, ckpLength);
+ break;
  case CKM_TLS_PRF:
  case CKM_NSS_TLS_PRF_GENERAL:
  ckpParamPtr = jTlsPrfParamsToCKTlsPrfParamPtr(env, jParam,