iaik.pkcs.pkcs11.parameters.SSL3KeyMaterialOutParameters Maven / Gradle / Ivy
// Copyright (c) 2002 Graz University of Technology. All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice,
// this list of conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice,
// this list of conditions and the following disclaimer in the documentation
// and/or other materials provided with the distribution.
//
// 3. The end-user documentation included with the redistribution, if any, must
// include the following acknowledgment:
//
// "This product includes software developed by IAIK of Graz University of
// Technology."
//
// Alternately, this acknowledgment may appear in the software itself, if and
// wherever such third-party acknowledgments normally appear.
//
// 4. The names "Graz University of Technology" and "IAIK of Graz University of
// Technology" must not be used to endorse or promote products derived from
// this software without prior written permission.
//
// 5. Products derived from this software may not be called "IAIK PKCS Wrapper",
// nor may "IAIK" appear in their name, without prior written permission of
// Graz University of Technology.
//
// THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
// WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
// PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE LICENSOR BE
// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
// OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
// OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
// ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
// POSSIBILITY OF SUCH DAMAGE.
package iaik.pkcs.pkcs11.parameters;
import iaik.pkcs.pkcs11.Session;
import iaik.pkcs.pkcs11.TokenException;
import iaik.pkcs.pkcs11.TokenRuntimeException;
import iaik.pkcs.pkcs11.Util;
import iaik.pkcs.pkcs11.objects.SecretKey;
import iaik.pkcs.pkcs11.wrapper.Constants;
import iaik.pkcs.pkcs11.wrapper.Functions;
import sun.security.pkcs11.wrapper.CK_SSL3_KEY_MAT_OUT;
/**
* Objects of this class encapsulates key material output for the mechanism
* Mechanism.SSL3_KEY_AND_MAC_DERIVE.
*
* @author Karl Scheibelhofer
* @version 1.0
* @invariants
*/
@SuppressWarnings("restriction")
public class SSL3KeyMaterialOutParameters implements Parameters {
/**
* The resulting Client MAC Secret key.
*/
protected SecretKey clientMacSecret_;
/**
* The resulting Server MAC Secret key.
*/
protected SecretKey serverMacSecret_;
/**
* The resulting Client Secret key.
*/
protected SecretKey clientKey_;
/**
* The resulting Server Secret key.
*/
protected SecretKey serverKey_;
/**
* The initialization vector (IV) created for the client (if any).
*/
protected byte[] clientIV_;
/**
* The initialization vector (IV) created for the server (if any).
*/
protected byte[] serverIV_;
/**
* Create a new SSL3KeyMaterialOutParameters object. It does not take any
* parameters, because they user does not need to set any of them. The token
* sets all of them, after a call to DeriveKey using the mechanism
* Mechanism.SSL3_KEY_AND_MAC_DERIVE. After the call to deriveKey, the
* members of this object will hold the generated keys and IVs.
*
* @param clientIV
* The buffer for the client initialization vector.
* @param serverIV
* The buffer for the server initialization vector.
* @preconditions (clientIV <> null)
* and (serverIV <> null)
* @postconditions
*/
public SSL3KeyMaterialOutParameters(byte[] clientIV, byte[] serverIV) {
clientIV_ = Util.requireNonNull("clientIV", clientIV);
serverIV_ = Util.requireNonNull("serverIV", serverIV);
}
/**
* Create a (deep) clone of this object.
*
* @return A clone of this object.
* @preconditions
* @postconditions (result <> null)
* and (result instanceof SSL3KeyMaterialOutParameters)
* and (result.equals(this))
*/
@Override
public java.lang.Object clone() {
SSL3KeyMaterialOutParameters clone;
try {
clone = (SSL3KeyMaterialOutParameters) super.clone();
clone.clientMacSecret_ = (SecretKey) this.clientMacSecret_.clone();
clone.serverMacSecret_ = (SecretKey) this.serverMacSecret_.clone();
clone.clientKey_ = (SecretKey) this.clientKey_.clone();
clone.serverKey_ = (SecretKey) this.serverKey_.clone();
clone.clientIV_ = (byte[]) this.clientIV_.clone();
clone.serverIV_ = (byte[]) this.serverIV_.clone();
} catch (CloneNotSupportedException ex) {
// this must not happen, because this class is cloneable
throw new TokenRuntimeException(
"An unexpected clone exception occurred.", ex);
}
return clone;
}
/**
* Get this parameters object as an object of the CK_SSL3_KEY_MAT_OUT
* class.
*
* @return This object as a CK_SSL3_KEY_MAT_OUT object.
* @preconditions
* @postconditions (result <> null)
*/
@Override
public Object getPKCS11ParamsObject() {
CK_SSL3_KEY_MAT_OUT params = new CK_SSL3_KEY_MAT_OUT();
params.hClientMacSecret = (clientMacSecret_ != null)
? clientMacSecret_.getObjectHandle() : 0L;
params.hServerMacSecret = (serverMacSecret_ != null)
? serverMacSecret_.getObjectHandle() : 0L;
params.hClientKey = (clientKey_ != null)
? clientKey_.getObjectHandle() : 0L;
params.hServerKey = (serverKey_ != null)
? serverKey_.getObjectHandle() : 0L;
params.pIVClient = clientIV_;
params.pIVServer = serverIV_;
return params;
}
/**
* This method takes the key handles from the given input structure, which
* will be the result after a call to DeriveKey, and creates the SecretKey
* objects for this object. It also reads the IVs.
*
* @param input
* The structure that holds the necessary key handles and IVs.
* @param session
* The session to use for reading attributes. This session must
* have the appropriate rights; i.e. it must be a user-session, if
* it is a private object.
* @exception TokenException
* If reading the secret key object attributes fails.
* @preconditions (input <> null)
* and (session <> null)
* @postconditions
*/
public void setPKCS11ParamsObject(CK_SSL3_KEY_MAT_OUT input,
Session session)
throws TokenException {
clientMacSecret_ = (SecretKey)
iaik.pkcs.pkcs11.objects.Object.getInstance(session,
input.hClientMacSecret);
serverMacSecret_ = (SecretKey)
iaik.pkcs.pkcs11.objects.Object.getInstance(session,
input.hServerMacSecret);
clientKey_ = (SecretKey)
iaik.pkcs.pkcs11.objects.Object.getInstance(session,
input.hClientKey);
serverKey_ = (SecretKey)
iaik.pkcs.pkcs11.objects.Object.getInstance(session,
input.hServerKey);
clientIV_ = input.pIVClient;
serverIV_ = input.pIVServer;
}
/**
* Get the resulting client MAC secret key.
*
* @return The resulting client MAC secret key.
* @preconditions
* @postconditions (result == null)
*/
public SecretKey getClientMacSecret() {
return clientMacSecret_;
}
/**
* Get the resulting server MAC secret key.
*
* @return The resulting server MAC secret key.
* @preconditions
* @postconditions (result == null)
*/
public SecretKey getServerMacSecret() {
return serverMacSecret_;
}
/**
* Get the resulting client secret key.
*
* @return The resulting client secret key.
* @preconditions
* @postconditions (result == null)
*/
public SecretKey getClientSecret() {
return clientKey_;
}
/**
* Get the resulting server secret key.
*
* @return The resulting server secret key.
* @preconditions
* @postconditions (result == null)
*/
public SecretKey getServerSecret() {
return serverKey_;
}
/**
* Get the resulting client initialization vector.
*
* @return The resulting client initialization vector.
* @preconditions
* @postconditions
*/
public byte[] getClientIV() {
return clientIV_;
}
/**
* Get the resulting server initialization vector.
*
* @return The resulting server initialization vector.
* @preconditions
* @postconditions
*/
public byte[] getServerIV() {
return serverIV_;
}
/**
* Returns the string representation of this object. Do not parse data from
* this string, it is for debugging only.
*
* @return A string representation of this object.
*/
@Override
public String toString() {
StringBuilder buffer = new StringBuilder();
final String prefix = Constants.NEWLINE + Constants.NEWLINE_INDENT;
buffer.append(Constants.INDENT);
buffer.append("Client MAC Secret key: ");
buffer.append(Constants.NEWLINE);
buffer.append(clientMacSecret_);
buffer.append(prefix);
buffer.append("Server MAC Secret key: ");
buffer.append(Constants.NEWLINE);
buffer.append(serverMacSecret_);
buffer.append(prefix);
buffer.append("Client Secret key: ");
buffer.append(Constants.NEWLINE);
buffer.append(clientKey_);
buffer.append(prefix);
buffer.append("Server Secret key: ");
buffer.append(Constants.NEWLINE);
buffer.append(serverKey_);
buffer.append(prefix);
buffer.append("Client Initializatin Vector (hex): ");
buffer.append(Functions.toHexString(clientIV_));
buffer.append(Constants.NEWLINE_INDENT);
buffer.append("Server Initializatin Vector (hex): ");
buffer.append(Functions.toHexString(serverIV_));
return buffer.toString();
}
/**
* Compares all member variables of this object with the other object.
* Returns only true, if all are equal in both objects.
*
* @param otherObject
* The other object to compare to.
* @return True, if other is an instance of this class and all member
* variables of both objects are equal. False, otherwise.
* @preconditions
* @postconditions
*/
@Override
public boolean equals(java.lang.Object otherObject) {
if (this == otherObject) {
return true;
}
if (!(otherObject instanceof SSL3KeyMaterialOutParameters)) {
return false;
}
SSL3KeyMaterialOutParameters other
= (SSL3KeyMaterialOutParameters) otherObject;
return Util.objEquals(this.clientMacSecret_, other.clientMacSecret_)
&& Util.objEquals(this.serverMacSecret_, other.serverMacSecret_)
&& Util.objEquals(this.clientKey_, other.clientKey_)
&& Util.objEquals(this.serverKey_, other.serverKey_)
&& Functions.equals(this.clientIV_, other.clientIV_)
&& Functions.equals(this.serverIV_, other.serverIV_);
}
/**
* The overriding of this method should ensure that the objects of this
* class work correctly in a hashtable.
*
* @return The hash code of this object.
* @preconditions
* @postconditions
*/
@Override
public int hashCode() {
return ((clientMacSecret_ != null) ? clientMacSecret_.hashCode() : 0)
^ ((serverMacSecret_ != null) ? serverMacSecret_.hashCode() : 0)
^ ((clientKey_ != null) ? clientKey_.hashCode() : 0)
^ ((serverKey_ != null) ? serverKey_.hashCode() : 0);
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy