8029661: Support TLS v1.2 algorithm in SunPKCS11 provider

Summary: TLS v1.2 algorithms for key and MAC derivation added to SunPKCS11 crypto provider. 8210912 fix is included as part of this changeset.
Reviewed-by: valeriep

src/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java

 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -95,9 +95,9 @@ public final class P11TlsKeyMaterialGenerator extends KeyGeneratorSpi {
             throw new InvalidAlgorithmParameterException("init() failed", e);
         }
         version = (spec.getMajorVersion() << 8) | spec.getMinorVersion();
-        if ((version < 0x0300) && (version > 0x0302)) {
-            throw new InvalidAlgorithmParameterException
-                    ("Only SSL 3.0, TLS 1.0, and TLS 1.1 are supported");
+        if ((version < 0x0300) && (version > 0x0303)) {
+            throw new InvalidAlgorithmParameterException("Only SSL 3.0," +
+                    " TLS 1.0, TLS 1.1, and TLS 1.2 are supported");
         }
         // we assume the token supports both the CKM_SSL3_* and the CKM_TLS_*
         // mechanisms
@@ -112,8 +112,11 @@ public final class P11TlsKeyMaterialGenerator extends KeyGeneratorSpi {
             throw new IllegalStateException
                 ("TlsKeyMaterialGenerator must be initialized");
         }
-        mechanism = (version == 0x0300) ? CKM_SSL3_KEY_AND_MAC_DERIVE
-                                         : CKM_TLS_KEY_AND_MAC_DERIVE;
+        if (version == 0x0300) {
+            mechanism = CKM_SSL3_KEY_AND_MAC_DERIVE;
+        } else if (version == 0x0301 || version == 0x0302) {
+            mechanism = CKM_TLS_KEY_AND_MAC_DERIVE;
+        }
         int macBits = spec.getMacKeyLength() << 3;
         int ivBits = spec.getIvLength() << 3;
 
@@ -129,8 +132,18 @@ public final class P11TlsKeyMaterialGenerator extends KeyGeneratorSpi {
 
         CK_SSL3_RANDOM_DATA random = new CK_SSL3_RANDOM_DATA
                             (spec.getClientRandom(), spec.getServerRandom());
-        CK_SSL3_KEY_MAT_PARAMS params = new CK_SSL3_KEY_MAT_PARAMS
-                            (macBits, keyBits, ivBits, isExportable, random);
+        Object params = null;
+        CK_MECHANISM ckMechanism = null;
+        if (version < 0x0303) {
+            params = new CK_SSL3_KEY_MAT_PARAMS
+                    (macBits, keyBits, ivBits, isExportable, random);
+            ckMechanism = new CK_MECHANISM(mechanism, (CK_SSL3_KEY_MAT_PARAMS)params);
+        } else if (version == 0x0303) {
+            params = new CK_TLS12_KEY_MAT_PARAMS
+                    (macBits, keyBits, ivBits, isExportable, random,
+                            Functions.getHashMechId(spec.getPRFHashAlg()));
+            ckMechanism = new CK_MECHANISM(mechanism, (CK_TLS12_KEY_MAT_PARAMS)params);
+        }
 
         String cipherAlgorithm = spec.getCipherAlgorithm();
         long keyType = P11SecretKeyFactory.getKeyType(cipherAlgorithm);
@@ -162,9 +175,14 @@ public final class P11TlsKeyMaterialGenerator extends KeyGeneratorSpi {
                 (O_GENERATE, CKO_SECRET_KEY, keyType, attributes);
             // the returned keyID is a dummy, ignore
             long keyID = token.p11.C_DeriveKey(session.id(),
-                new CK_MECHANISM(mechanism, params), p11Key.keyID, attributes);
+                    ckMechanism, p11Key.keyID, attributes);
 
-            CK_SSL3_KEY_MAT_OUT out = params.pReturnedKeyMaterial;
+            CK_SSL3_KEY_MAT_OUT out = null;
+            if (params instanceof CK_SSL3_KEY_MAT_PARAMS) {
+                out = ((CK_SSL3_KEY_MAT_PARAMS)params).pReturnedKeyMaterial;
+            } else if (params instanceof CK_TLS12_KEY_MAT_PARAMS) {
+                out = ((CK_TLS12_KEY_MAT_PARAMS)params).pReturnedKeyMaterial;
+            }
             // Note that the MAC keys do not inherit all attributes from the
             // template, but they do inherit the sensitive/extractable/token
             // flags, which is all P11Key cares about.

src/share/classes/sun/security/pkcs11/P11TlsMasterSecretGenerator.java

 /*
- * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -89,9 +89,9 @@ public final class P11TlsMasterSecretGenerator extends KeyGeneratorSpi {
             throw new InvalidAlgorithmParameterException("init() failed", e);
         }
         version = (spec.getMajorVersion() << 8) | spec.getMinorVersion();
-        if ((version < 0x0300) || (version > 0x0302)) {
-            throw new InvalidAlgorithmParameterException
-                ("Only SSL 3.0, TLS 1.0, and TLS 1.1 supported");
+        if ((version < 0x0300) && (version > 0x0303)) {
+            throw new InvalidAlgorithmParameterException("Only SSL 3.0," +
+                    " TLS 1.0, TLS 1.1, and TLS 1.2 are supported");
         }
         // We assume the token supports the required mechanism. If it does not,
         // generateKey() will fail and the failover should take care of us.
@@ -106,10 +106,20 @@ public final class P11TlsMasterSecretGenerator extends KeyGeneratorSpi {
             throw new IllegalStateException
                 ("TlsMasterSecretGenerator must be initialized");
         }
+        final boolean isTlsRsaPremasterSecret =
+                p11Key.getAlgorithm().equals("TlsRsaPremasterSecret");
+        if (version == 0x0300) {
+            mechanism = isTlsRsaPremasterSecret ?
+                    CKM_SSL3_MASTER_KEY_DERIVE : CKM_SSL3_MASTER_KEY_DERIVE_DH;
+        } else if (version == 0x0301 || version == 0x0302) {
+            mechanism = isTlsRsaPremasterSecret ?
+                    CKM_TLS_MASTER_KEY_DERIVE : CKM_TLS_MASTER_KEY_DERIVE_DH;
+        } else if (version == 0x0303) {
+            mechanism = isTlsRsaPremasterSecret ?
+                    CKM_TLS12_MASTER_KEY_DERIVE : CKM_TLS12_MASTER_KEY_DERIVE_DH;
+        }
         CK_VERSION ckVersion;
-        if (p11Key.getAlgorithm().equals("TlsRsaPremasterSecret")) {
-            mechanism = (version == 0x0300) ? CKM_SSL3_MASTER_KEY_DERIVE
-                                             : CKM_TLS_MASTER_KEY_DERIVE;
+        if (isTlsRsaPremasterSecret) {
             ckVersion = new CK_VERSION(0, 0);
         } else {
             // Note: we use DH for all non-RSA premaster secrets. That includes
@@ -118,16 +128,23 @@ public final class P11TlsMasterSecretGenerator extends KeyGeneratorSpi {
             // TLS PRF (or the SSL equivalent).
             // The only thing special about RSA master secret calculation is
             // that it extracts the version numbers from the premaster secret.
-            mechanism = (version == 0x0300) ? CKM_SSL3_MASTER_KEY_DERIVE_DH
-                                             : CKM_TLS_MASTER_KEY_DERIVE_DH;
             ckVersion = null;
         }
         byte[] clientRandom = spec.getClientRandom();
         byte[] serverRandom = spec.getServerRandom();
         CK_SSL3_RANDOM_DATA random =
                 new CK_SSL3_RANDOM_DATA(clientRandom, serverRandom);
-        CK_SSL3_MASTER_KEY_DERIVE_PARAMS params =
-                new CK_SSL3_MASTER_KEY_DERIVE_PARAMS(random, ckVersion);
+        CK_MECHANISM ckMechanism = null;
+        if (version < 0x0303) {
+            CK_SSL3_MASTER_KEY_DERIVE_PARAMS params =
+                    new CK_SSL3_MASTER_KEY_DERIVE_PARAMS(random, ckVersion);
+            ckMechanism = new CK_MECHANISM(mechanism, params);
+        } else if (version == 0x0303) {
+            CK_TLS12_MASTER_KEY_DERIVE_PARAMS params =
+                    new CK_TLS12_MASTER_KEY_DERIVE_PARAMS(random, ckVersion,
+                            Functions.getHashMechId(spec.getPRFHashAlg()));
+            ckMechanism = new CK_MECHANISM(mechanism, params);
+        }
 
         Session session = null;
         try {
@@ -135,9 +152,8 @@ public final class P11TlsMasterSecretGenerator extends KeyGeneratorSpi {
             CK_ATTRIBUTE[] attributes = token.getAttributes(O_GENERATE,
                 CKO_SECRET_KEY, CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]);
             long keyID = token.p11.C_DeriveKey(session.id(),
-                new CK_MECHANISM(mechanism, params), p11Key.keyID, attributes);
+                    ckMechanism, p11Key.keyID, attributes);
             int major, minor;
-            ckVersion = params.pVersion;
             if (ckVersion == null) {
                 major = -1;
                 minor = -1;

src/share/classes/sun/security/pkcs11/P11TlsPrfGenerator.java

 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -124,9 +124,47 @@ final class P11TlsPrfGenerator extends KeyGeneratorSpi {
         if (spec == null) {
             throw new IllegalStateException("TlsPrfGenerator must be initialized");
         }
-        byte[] label = P11Util.getBytesUTF8(spec.getLabel());
         byte[] seed = spec.getSeed();
 
+        // TLS 1.2
+        if (mechanism == CKM_TLS_MAC) {
+            SecretKey k = null;
+            int ulServerOrClient = 0;
+            if (spec.getLabel().equals("server finished")) {
+                ulServerOrClient = 1;
+            }
+            if (spec.getLabel().equals("client finished")) {
+                ulServerOrClient = 2;
+            }
+
+            if (ulServerOrClient != 0) {
+                // Finished message
+                CK_TLS_MAC_PARAMS params = new CK_TLS_MAC_PARAMS(
+                        Functions.getHashMechId(spec.getPRFHashAlg()),
+                        spec.getOutputLength(), ulServerOrClient);
+                Session session = null;
+                try {
+                    session = token.getOpSession();
+                    token.p11.C_SignInit(session.id(),
+                            new CK_MECHANISM(mechanism, params), p11Key.keyID);
+                    token.p11.C_SignUpdate(session.id(), 0, seed, 0, seed.length);
+                    byte[] out = token.p11.C_SignFinal
+                            (session.id(), spec.getOutputLength());
+                    k = new SecretKeySpec(out, "TlsPrf");
+                } catch (PKCS11Exception e) {
+                    throw new ProviderException("Could not calculate PRF", e);
+                } finally {
+                    token.releaseSession(session);
+                }
+            } else {
+                throw new ProviderException("Only Finished message authentication code"+
+                        " generation supported for TLS 1.2.");
+            }
+            return k;
+        }
+
+        byte[] label = P11Util.getBytesUTF8(spec.getLabel());
+
         if (mechanism == CKM_NSS_TLS_PRF_GENERAL) {
             Session session = null;
             try {

src/share/classes/sun/security/pkcs11/P11TlsRsaPremasterSecretGenerator.java

 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -57,6 +57,8 @@ final class P11TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi {
     // mechanism id
     private long mechanism;
 
+    private int version;
+
     private TlsRsaPremasterSecretParameterSpec spec;
 
     P11TlsRsaPremasterSecretGenerator(Token token, String algorithm, long mechanism)
@@ -77,6 +79,11 @@ final class P11TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi {
             throw new InvalidAlgorithmParameterException(MSG);
         }
         this.spec = (TlsRsaPremasterSecretParameterSpec)params;
+        version = (spec.getMajorVersion() << 8) | spec.getMinorVersion();
+        if ((version < 0x0300) && (version > 0x0303)) {
+            throw new InvalidAlgorithmParameterException
+                ("Only SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2 are supported");
+        }
     }
 
     protected void engineInit(int keysize, SecureRandom random) {

src/share/classes/sun/security/pkcs11/SunPKCS11.java

 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -720,38 +720,28 @@ public final class SunPKCS11 extends AuthProvider {
                 s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"),
                 m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
 
-        /*
-         * TLS 1.2 uses a different hash algorithm than 1.0/1.1 for the
-         * PRF calculations.  As of 2010, there is no PKCS11-level
-         * support for TLS 1.2 PRF calculations, and no known OS's have
-         * an internal variant we could use.  Therefore for TLS 1.2, we
-         * are updating JSSE to request different provider algorithms
-         * (e.g. "SunTls12Prf"), and currently only SunJCE has these
-         * TLS 1.2 algorithms.
-         *
-         * If we reused the names such as "SunTlsPrf", the PKCS11
-         * providers would need be updated to fail correctly when
-         * presented with the wrong version number (via
-         * Provider.Service.supportsParameters()), and we would also
-         * need to add the appropriate supportsParamters() checks into
-         * KeyGenerators (not currently there).
-         *
-         * In the future, if PKCS11 support is added, we will restructure
-         * this.
-         */
         d(KG, "SunTlsRsaPremasterSecret",
                     "sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator",
+                    s("SunTls12RsaPremasterSecret"),
                 m(CKM_SSL3_PRE_MASTER_KEY_GEN, CKM_TLS_PRE_MASTER_KEY_GEN));
         d(KG, "SunTlsMasterSecret",
                     "sun.security.pkcs11.P11TlsMasterSecretGenerator",
                 m(CKM_SSL3_MASTER_KEY_DERIVE, CKM_TLS_MASTER_KEY_DERIVE,
                     CKM_SSL3_MASTER_KEY_DERIVE_DH,
                     CKM_TLS_MASTER_KEY_DERIVE_DH));
+        d(KG, "SunTls12MasterSecret",
+                "sun.security.pkcs11.P11TlsMasterSecretGenerator",
+            m(CKM_TLS12_MASTER_KEY_DERIVE, CKM_TLS12_MASTER_KEY_DERIVE_DH));
         d(KG, "SunTlsKeyMaterial",
                     "sun.security.pkcs11.P11TlsKeyMaterialGenerator",
                 m(CKM_SSL3_KEY_AND_MAC_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE));
+        d(KG, "SunTls12KeyMaterial",
+                "sun.security.pkcs11.P11TlsKeyMaterialGenerator",
+            m(CKM_TLS12_KEY_AND_MAC_DERIVE));
         d(KG, "SunTlsPrf", "sun.security.pkcs11.P11TlsPrfGenerator",
                 m(CKM_TLS_PRF, CKM_NSS_TLS_PRF_GENERAL));
+        d(KG, "SunTls12Prf", "sun.security.pkcs11.P11TlsPrfGenerator",
+                m(CKM_TLS_MAC));
     }
 
     // background thread that periodically checks for token insertion
@@ -1016,13 +1006,16 @@ public final class SunPKCS11 extends AuthProvider {
                 if (algorithm == "SunTlsRsaPremasterSecret") {
                     return new P11TlsRsaPremasterSecretGenerator(
                         token, algorithm, mechanism);
-                } else if (algorithm == "SunTlsMasterSecret") {
+                } else if (algorithm == "SunTlsMasterSecret"
+                        || algorithm == "SunTls12MasterSecret") {
                     return new P11TlsMasterSecretGenerator(
                         token, algorithm, mechanism);
-                } else if (algorithm == "SunTlsKeyMaterial") {
+                } else if (algorithm == "SunTlsKeyMaterial"
+                        || algorithm == "SunTls12KeyMaterial") {
                     return new P11TlsKeyMaterialGenerator(
                         token, algorithm, mechanism);
-                } else if (algorithm == "SunTlsPrf") {
+                } else if (algorithm == "SunTlsPrf"
+                        || algorithm == "SunTls12Prf") {
                     return new P11TlsPrfGenerator(token, algorithm, mechanism);
                 } else {
                     return new P11KeyGenerator(token, algorithm, mechanism);

src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java

 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 
 /* Copyright  (c) 2002 Graz University of Technology. All rights reserved.
@@ -112,14 +112,26 @@ public class CK_MECHANISM {
         init(mechanism, params);
     }
 
+    public CK_MECHANISM(long mechanism, CK_TLS12_MASTER_KEY_DERIVE_PARAMS params) {
+        init(mechanism, params);
+    }
+
     public CK_MECHANISM(long mechanism, CK_SSL3_KEY_MAT_PARAMS params) {
         init(mechanism, params);
     }
 
+    public CK_MECHANISM(long mechanism, CK_TLS12_KEY_MAT_PARAMS params) {
+        init(mechanism, params);
+    }
+
     public CK_MECHANISM(long mechanism, CK_TLS_PRF_PARAMS params) {
         init(mechanism, params);
     }
 
+    public CK_MECHANISM(long mechanism, CK_TLS_MAC_PARAMS params) {
+        init(mechanism, params);
+    }
+
     public CK_MECHANISM(long mechanism, CK_ECDH1_DERIVE_PARAMS params) {
         init(mechanism, params);
     }

src/share/classes/sun/security/pkcs11/wrapper/CK_TLS12_KEY_MAT_PARAMS.java

+/*
+ * Copyright (c) 2018, Red Hat, Inc. and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.pkcs11.wrapper;
+
+/**
+ * CK_TLS12_KEY_MAT_PARAMS from PKCS#11 v2.40.
+ */
+public class CK_TLS12_KEY_MAT_PARAMS {
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_ULONG ulMacSizeInBits;
+     * </PRE>
+     */
+    public long ulMacSizeInBits;
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_ULONG ulKeySizeInBits;
+     * </PRE>
+     */
+    public long ulKeySizeInBits;
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_ULONG ulIVSizeInBits;
+     * </PRE>
+     */
+    public long ulIVSizeInBits;
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_BBOOL bIsExport;
+     * </PRE>
+     */
+    public boolean bIsExport;
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_SSL3_RANDOM_DATA RandomInfo;
+     * </PRE>
+     */
+    public CK_SSL3_RANDOM_DATA RandomInfo;
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
+     * </PRE>
+     */
+    public CK_SSL3_KEY_MAT_OUT pReturnedKeyMaterial;
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_MECHANISM_TYPE prfHashMechanism;
+     * </PRE>
+     */
+    public long prfHashMechanism;
+
+    public CK_TLS12_KEY_MAT_PARAMS(
+            int macSize, int keySize, int ivSize, boolean export,
+            CK_SSL3_RANDOM_DATA random, long prfHashMechanism) {
+        ulMacSizeInBits = macSize;
+        ulKeySizeInBits = keySize;
+        ulIVSizeInBits = ivSize;
+        bIsExport = export;
+        RandomInfo = random;
+        pReturnedKeyMaterial = new CK_SSL3_KEY_MAT_OUT();
+        if (ivSize != 0) {
+            int n = ivSize >> 3;
+            pReturnedKeyMaterial.pIVClient = new byte[n];
+            pReturnedKeyMaterial.pIVServer = new byte[n];
+        }
+        this.prfHashMechanism = prfHashMechanism;
+    }
+
+    /**
+     * Returns the string representation of CK_TLS12_KEY_MAT_PARAMS.
+     *
+     * @return the string representation of CK_TLS12_KEY_MAT_PARAMS
+     */
+    public String toString() {
+        StringBuilder buffer = new StringBuilder();
+
+        buffer.append(Constants.INDENT);
+        buffer.append("ulMacSizeInBits: ");
+        buffer.append(ulMacSizeInBits);
+        buffer.append(Constants.NEWLINE);
+
+        buffer.append(Constants.INDENT);
+        buffer.append("ulKeySizeInBits: ");
+        buffer.append(ulKeySizeInBits);
+        buffer.append(Constants.NEWLINE);
+
+        buffer.append(Constants.INDENT);
+        buffer.append("ulIVSizeInBits: ");
+        buffer.append(ulIVSizeInBits);
+        buffer.append(Constants.NEWLINE);
+
+        buffer.append(Constants.INDENT);
+        buffer.append("bIsExport: ");
+        buffer.append(bIsExport);
+        buffer.append(Constants.NEWLINE);
+
+        buffer.append(Constants.INDENT);
+        buffer.append("RandomInfo: ");
+        buffer.append(RandomInfo);
+        buffer.append(Constants.NEWLINE);
+
+        buffer.append(Constants.INDENT);
+        buffer.append("pReturnedKeyMaterial: ");
+        buffer.append(pReturnedKeyMaterial);
+        buffer.append(Constants.NEWLINE);
+
+        buffer.append(Constants.INDENT);
+        buffer.append("prfHashMechanism: ");
+        buffer.append(prfHashMechanism);
+
+        return buffer.toString();
+    }
+
+}

src/share/classes/sun/security/pkcs11/wrapper/CK_TLS12_MASTER_KEY_DERIVE_PARAMS.java

+/*
+ * Copyright (c) 2018, Red Hat, Inc. and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.pkcs11.wrapper;
+
+/**
+ * CK_TLS12_MASTER_KEY_DERIVE_PARAMS from PKCS#11 v2.40.
+ */
+public class CK_TLS12_MASTER_KEY_DERIVE_PARAMS {
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_SSL3_RANDOM_DATA RandomInfo;
+     * </PRE>
+     */
+    public CK_SSL3_RANDOM_DATA RandomInfo;
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_VERSION_PTR pVersion;
+     * </PRE>
+     */
+    public CK_VERSION pVersion;
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_MECHANISM_TYPE prfHashMechanism;
+     * </PRE>
+     */
+    public long prfHashMechanism;
+
+    public CK_TLS12_MASTER_KEY_DERIVE_PARAMS(
+            CK_SSL3_RANDOM_DATA random, CK_VERSION version,
+            long prfHashMechanism) {
+        RandomInfo = random;
+        pVersion = version;
+        this.prfHashMechanism = prfHashMechanism;
+    }
+
+}

src/share/classes/sun/security/pkcs11/wrapper/CK_TLS_MAC_PARAMS.java

+/*
+ * Copyright (c) 2018, Red Hat, Inc. and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.pkcs11.wrapper;
+
+/**
+ * CK_TLS_MAC_PARAMS from PKCS#11 v2.40.
+ */
+public class CK_TLS_MAC_PARAMS {
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_MECHANISM_TYPE prfMechanism;
+     * </PRE>
+     */
+    public long prfMechanism;
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_ULONG ulMacLength;
+     * </PRE>
+     */
+    public long ulMacLength;
+
+    /**
+     * <B>PKCS#11:</B>
+     * <PRE>
+     *   CK_ULONG ulServerOrClient;
+     * </PRE>
+     */
+    public long ulServerOrClient;
+
+    public CK_TLS_MAC_PARAMS(long prfMechanism,
+            long ulMacLength, long ulServerOrClient) {
+        this.prfMechanism = prfMechanism;
+        this.ulMacLength = ulMacLength;
+        this.ulServerOrClient = ulServerOrClient;
+    }
+
+}

src/share/classes/sun/security/pkcs11/wrapper/Functions.java

 /*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 
 /* Copyright  (c) 2002 Graz University of Technology. All rights reserved.
@@ -73,6 +73,9 @@ public class Functions {
     private static final Map<String,Integer> mechIds =
         new HashMap<String,Integer>();
 
+    private static final Map<String, Long> hashMechIds =
+            new HashMap<String, Long>();
+
     // key types (CKK_*)
     private static final Map<Integer,String> keyNames =
         new HashMap<Integer,String>();
@@ -94,7 +97,6 @@ public class Functions {
     private static final Map<String,Integer> objectClassIds =
         new HashMap<String,Integer>();
 
-
     /**
      * For converting numbers to their hex presentation.
      */
@@ -444,6 +446,10 @@ public class Functions {
         return getId(objectClassIds, name);
     }
 
+    public static long getHashMechId(String name) {
+        return hashMechIds.get(name);
+    }
+
     /**
      * Check the given arrays for equalitiy. This method considers both arrays as
      * equal, if both are <code>null</code> or both have the same length and
@@ -589,6 +595,10 @@ public class Functions {
         addMapping(objectClassNames, objectClassIds, id, name);
     }
 
+    private static void addHashMech(long id, String name) {
+        hashMechIds.put(name, id);
+    }
+
     static {
         addMech(CKM_RSA_PKCS_KEY_PAIR_GEN,      "CKM_RSA_PKCS_KEY_PAIR_GEN");
         addMech(CKM_RSA_PKCS,                   "CKM_RSA_PKCS");
@@ -719,6 +729,10 @@ public class Functions {
         addMech(CKM_TLS_PRF,                    "CKM_TLS_PRF");
         addMech(CKM_SSL3_MD5_MAC,               "CKM_SSL3_MD5_MAC");
         addMech(CKM_SSL3_SHA1_MAC,              "CKM_SSL3_SHA1_MAC");
+        addMech(CKM_TLS12_MASTER_KEY_DERIVE,    "CKM_TLS12_MASTER_KEY_DERIVE");
+        addMech(CKM_TLS12_KEY_AND_MAC_DERIVE,   "CKM_TLS12_KEY_AND_MAC_DERIVE");
+        addMech(CKM_TLS12_MASTER_KEY_DERIVE_DH, "CKM_TLS12_MASTER_KEY_DERIVE_DH");
+        addMech(CKM_TLS_MAC,                    "CKM_TLS_MAC");
         addMech(CKM_MD5_KEY_DERIVATION,         "CKM_MD5_KEY_DERIVATION");
         addMech(CKM_MD2_KEY_DERIVATION,         "CKM_MD2_KEY_DERIVATION");
         addMech(CKM_SHA1_KEY_DERIVATION,        "CKM_SHA1_KEY_DERIVATION");
@@ -794,6 +808,12 @@ public class Functions {
         addMech(PCKM_SECURERANDOM,              "SecureRandom");
         addMech(PCKM_KEYSTORE,                  "KeyStore");
 
+        addHashMech(CKM_SHA_1, "SHA-1");
+        addHashMech(CKM_SHA224, "SHA-224");
+        addHashMech(CKM_SHA256, "SHA-256");
+        addHashMech(CKM_SHA384, "SHA-384");
+        addHashMech(CKM_SHA512, "SHA-512");
+
         addKeyType(CKK_RSA,                     "CKK_RSA");
         addKeyType(CKK_DSA,                     "CKK_DSA");
         addKeyType(CKK_DH,                      "CKK_DH");

src/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java

 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 
 /* Copyright  (c) 2002 Graz University of Technology. All rights reserved.
@@ -625,6 +625,14 @@ public interface PKCS11Constants {
     public static final long  CKM_PKCS5_PBKD2                = 0x000003B0L;
 
     public static final long  CKM_PBA_SHA1_WITH_SHA1_HMAC    = 0x000003C0L;
+
+    /* CKM_TLS12_MASTER_KEY_DERIVE, CKM_TLS12_KEY_AND_MAC_DERIVE,
+     * CKM_TLS12_MASTER_KEY_DERIVE_DH and CKM_TLS_MAC are new for v2.40 */
+    public static final long  CKM_TLS12_MASTER_KEY_DERIVE    = 0x000003E0L;
+    public static final long  CKM_TLS12_KEY_AND_MAC_DERIVE   = 0x000003E1L;
+    public static final long  CKM_TLS12_MASTER_KEY_DERIVE_DH = 0x000003E2L;
+    public static final long  CKM_TLS_MAC                    = 0x000003E4L;
+
     public static final long  CKM_KEY_WRAP_LYNKS             = 0x00000400L;
     public static final long  CKM_KEY_WRAP_SET_OAEP          = 0x00000401L;
 

src/share/native/sun/security/pkcs11/wrapper/p11_keymgmt.c

 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 
 /* Copyright  (c) 2002 Graz University of Technology. All rights reserved.
@@ -355,25 +355,38 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1UnwrapKey
 
 #ifdef P11_ENABLE_C_DERIVEKEY
 
-void freeMasterKeyDeriveParams(CK_MECHANISM_PTR ckMechanism) {
+static void freeMasterKeyDeriveParams(CK_SSL3_RANDOM_DATA *RandomInfo, CK_VERSION_PTR pVersion) {
+    if (RandomInfo->pClientRandom != NULL) {
+        free(RandomInfo->pClientRandom);
+    }
+    if (RandomInfo->pServerRandom != NULL) {
+        free(RandomInfo->pServerRandom);
+    }
+    if (pVersion != NULL) {
+        free(pVersion);
+    }
+}
+
+void ssl3FreeMasterKeyDeriveParams(CK_MECHANISM_PTR ckMechanism) {
     CK_SSL3_MASTER_KEY_DERIVE_PARAMS *params = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *) ckMechanism->pParameter;
     if (params == NULL) {
         return;
     }
+    freeMasterKeyDeriveParams(&(params->RandomInfo), params->pVersion);
+}
 
-    if (params->RandomInfo.pClientRandom != NULL) {
-        free(params->RandomInfo.pClientRandom);
-    }
-    if (params->RandomInfo.pServerRandom != NULL) {
-        free(params->RandomInfo.pServerRandom);
-    }
-    if (params->pVersion != NULL) {
-        free(params->pVersion);
+void tls12FreeMasterKeyDeriveParams(CK_MECHANISM_PTR ckMechanism) {
+    CK_TLS12_MASTER_KEY_DERIVE_PARAMS *params =
+            (CK_TLS12_MASTER_KEY_DERIVE_PARAMS *)ckMechanism->pParameter;
+    if (params == NULL) {
+        return;
     }
+    freeMasterKeyDeriveParams(&(params->RandomInfo), params->pVersion);
 }
 
 void freeEcdh1DeriveParams(CK_MECHANISM_PTR ckMechanism) {
-    CK_ECDH1_DERIVE_PARAMS *params = (CK_ECDH1_DERIVE_PARAMS *) ckMechanism->pParameter;
+    CK_ECDH1_DERIVE_PARAMS *params =
+            (CK_ECDH1_DERIVE_PARAMS *)ckMechanism->pParameter;
     if (params == NULL) {
         return;
     }
@@ -498,6 +511,7 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DeriveKey
     switch (ckMechanism.mechanism) {
     case CKM_SSL3_KEY_AND_MAC_DERIVE:
     case CKM_TLS_KEY_AND_MAC_DERIVE:
+    case CKM_TLS12_KEY_AND_MAC_DERIVE:
     case CKM_TLS_PRF:
         // these mechanism do not return a key handle via phKey
         // set to NULL in case pedantic implementations check for it
@@ -519,17 +533,28 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DeriveKey
     case CKM_SSL3_MASTER_KEY_DERIVE:
     case CKM_TLS_MASTER_KEY_DERIVE:
         /* we must copy back the client version */
-        copyBackClientVersion(env, &ckMechanism, jMechanism);
-        freeMasterKeyDeriveParams(&ckMechanism);
+        ssl3CopyBackClientVersion(env, &ckMechanism, jMechanism);
+        ssl3FreeMasterKeyDeriveParams(&ckMechanism);
+        break;
+    case CKM_TLS12_MASTER_KEY_DERIVE:
+        tls12CopyBackClientVersion(env, &ckMechanism, jMechanism);
+        tls12FreeMasterKeyDeriveParams(&ckMechanism);
         break;
     case CKM_SSL3_MASTER_KEY_DERIVE_DH:
     case CKM_TLS_MASTER_KEY_DERIVE_DH:
-        freeMasterKeyDeriveParams(&ckMechanism);
+        ssl3FreeMasterKeyDeriveParams(&ckMechanism);
+        break;
+    case CKM_TLS12_MASTER_KEY_DERIVE_DH:
+        tls12FreeMasterKeyDeriveParams(&ckMechanism);
         break;
     case CKM_SSL3_KEY_AND_MAC_DERIVE:
     case CKM_TLS_KEY_AND_MAC_DERIVE:
         /* we must copy back the unwrapped key info to the jMechanism object */
-        copyBackSSLKeyMatParams(env, &ckMechanism, jMechanism);
+        ssl3CopyBackKeyMatParams(env, &ckMechanism, jMechanism);
+        break;
+    case CKM_TLS12_KEY_AND_MAC_DERIVE:
+        /* we must copy back the unwrapped key info to the jMechanism object */
+        tls12CopyBackKeyMatParams(env, &ckMechanism, jMechanism);
         break;
     case CKM_TLS_PRF:
         copyBackTLSPrfParams(env, &ckMechanism, jMechanism);
@@ -550,53 +575,42 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DeriveKey
     return jKeyHandle ;
 }
 
-/*
- * Copy back the client version information from the native
- * structure to the Java object. This is only used for the
- * CKM_SSL3_MASTER_KEY_DERIVE mechanism when used for deriving a key.
- *
- */
-void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism)
+static void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism,
+        CK_VERSION *ckVersion, const char *class_master_key_derive_params)
 {
-  jclass jMechanismClass, jSSL3MasterKeyDeriveParamsClass, jVersionClass;
-  CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ckSSL3MasterKeyDeriveParams;
-  CK_VERSION *ckVersion;
-  jfieldID fieldID;
-  CK_MECHANISM_TYPE ckMechanismType;
-  jlong jMechanismType;
-  jobject jSSL3MasterKeyDeriveParams;
-  jobject jVersion;
-
-  /* get mechanism */
-  jMechanismClass = (*env)->FindClass(env, CLASS_MECHANISM);
-  if (jMechanismClass == NULL) { return; }
-  fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J");
-  if (fieldID == NULL) { return; }
-  jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID);
-  ckMechanismType = jLongToCKULong(jMechanismType);
-  if (ckMechanismType != ckMechanism->mechanism) {
-    /* we do not have maching types, this should not occur */
-    return;
-  }
-
-  /* get the native CK_SSL3_MASTER_KEY_DERIVE_PARAMS */
-  ckSSL3MasterKeyDeriveParams = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *) ckMechanism->pParameter;
-  if (ckSSL3MasterKeyDeriveParams != NULL_PTR) {
-    /* get the native CK_VERSION */
-    ckVersion = ckSSL3MasterKeyDeriveParams->pVersion;
+    jclass jMasterKeyDeriveParamsClass, jMechanismClass, jVersionClass;
+    jobject jMasterKeyDeriveParams;
+    jfieldID fieldID;
+    CK_MECHANISM_TYPE ckMechanismType;
+    jlong jMechanismType;
+    jobject jVersion;
+
+    /* get mechanism */
+    jMechanismClass = (*env)->FindClass(env, CLASS_MECHANISM);
+    if (jMechanismClass == NULL) { return; }
+    fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J");
+    if (fieldID == NULL) { return; }
+    jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID);
+    ckMechanismType = jLongToCKULong(jMechanismType);
+    if (ckMechanismType != ckMechanism->mechanism) {
+        /* we do not have maching types, this should not occur */
+        return;
+    }
+
     if (ckVersion != NULL_PTR) {
       /* get the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS (pParameter) */
       fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;");
       if (fieldID == NULL) { return; }
 
-      jSSL3MasterKeyDeriveParams = (*env)->GetObjectField(env, jMechanism, fieldID);
+      jMasterKeyDeriveParams = (*env)->GetObjectField(env, jMechanism, fieldID);
 
       /* get the Java CK_VERSION */
-      jSSL3MasterKeyDeriveParamsClass = (*env)->FindClass(env, CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS);
-      if (jSSL3MasterKeyDeriveParamsClass == NULL) { return; }
-      fieldID = (*env)->GetFieldID(env, jSSL3MasterKeyDeriveParamsClass, "pVersion", "L"CLASS_VERSION";");
+      jMasterKeyDeriveParamsClass = (*env)->FindClass(env, class_master_key_derive_params);
+      if (jMasterKeyDeriveParamsClass == NULL) { return; }
+      fieldID = (*env)->GetFieldID(env, jMasterKeyDeriveParamsClass,
+              "pVersion", "L"CLASS_VERSION";");
       if (fieldID == NULL) { return; }
-      jVersion = (*env)->GetObjectField(env, jSSL3MasterKeyDeriveParams, fieldID);
+      jVersion = (*env)->GetObjectField(env, jMasterKeyDeriveParams, fieldID);
 
       /* now copy back the version from the native structure to the Java structure */
 
@@ -612,92 +626,126 @@ void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMech
       if (fieldID == NULL) { return; }
       (*env)->SetByteField(env, jVersion, fieldID, ckByteToJByte(ckVersion->minor));
     }
-  }
 }
 
+/*
+ * Copy back the client version information from the native
+ * structure to the Java object. This is only used for
+ * CKM_SSL3_MASTER_KEY_DERIVE and CKM_TLS_MASTER_KEY_DERIVE
+ * mechanisms when used for deriving a key.
+ *
+ */
+void ssl3CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism,
+        jobject jMechanism)
+{
+    CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ckSSL3MasterKeyDeriveParams;
+    ckSSL3MasterKeyDeriveParams =
+            (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *)ckMechanism->pParameter;
+    if (ckSSL3MasterKeyDeriveParams != NULL_PTR) {
+        copyBackClientVersion(env, ckMechanism, jMechanism,
+                ckSSL3MasterKeyDeriveParams->pVersion,
+                CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS);
+    }
+}
 
 /*
- * Copy back the derived keys and initialization vectors from the native
- * structure to the Java object. This is only used for the
- * CKM_SSL3_KEY_AND_MAC_DERIVE mechanism when used for deriving a key.
+ * Copy back the client version information from the native
+ * structure to the Java object. This is only used for
+ * CKM_TLS12_MASTER_KEY_DERIVE mechanism when used for deriving a key.
  *
  */
-void copyBackSSLKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism)
+void tls12CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism,
+        jobject jMechanism)
+{
+    CK_TLS12_MASTER_KEY_DERIVE_PARAMS *ckTLS12MasterKeyDeriveParams;
+    ckTLS12MasterKeyDeriveParams =
+            (CK_TLS12_MASTER_KEY_DERIVE_PARAMS *)ckMechanism->pParameter;
+    if (ckTLS12MasterKeyDeriveParams != NULL_PTR) {
+        copyBackClientVersion(env, ckMechanism, jMechanism,
+                ckTLS12MasterKeyDeriveParams->pVersion,
+                CLASS_TLS12_MASTER_KEY_DERIVE_PARAMS);
+    }
+}
+
+static void copyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism,
+        jobject jMechanism, CK_SSL3_RANDOM_DATA *RandomInfo,
+        CK_SSL3_KEY_MAT_OUT_PTR ckSSL3KeyMatOut, const char *class_key_mat_params)
 {
-  jclass jMechanismClass, jSSL3KeyMatParamsClass, jSSL3KeyMatOutClass;
-  CK_SSL3_KEY_MAT_PARAMS *ckSSL3KeyMatParam;
-  CK_SSL3_KEY_MAT_OUT *ckSSL3KeyMatOut;
-  jfieldID fieldID;
-  CK_MECHANISM_TYPE ckMechanismType;
-  jlong jMechanismType;
-  CK_BYTE_PTR iv;
-  jobject jSSL3KeyMatParam;
-  jobject jSSL3KeyMatOut;
-  jobject jIV;
-  jint jLength;
-  jbyte* jBytes;
-  int i;
-
-  /* get mechanism */
-  jMechanismClass= (*env)->FindClass(env, CLASS_MECHANISM);
-  if (jMechanismClass == NULL) { return; }
-  fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J");
-  if (fieldID == NULL) { return; }
-  jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID);
-  ckMechanismType = jLongToCKULong(jMechanismType);
-  if (ckMechanismType != ckMechanism->mechanism) {
-    /* we do not have maching types, this should not occur */
-    return;
-  }
-
-  /* get the native CK_SSL3_KEY_MAT_PARAMS */
-  ckSSL3KeyMatParam = (CK_SSL3_KEY_MAT_PARAMS *) ckMechanism->pParameter;
-  if (ckSSL3KeyMatParam != NULL_PTR) {
+    jclass jMechanismClass, jKeyMatParamsClass, jSSL3KeyMatOutClass;
+    jfieldID fieldID;
+    CK_MECHANISM_TYPE ckMechanismType;
+    jlong jMechanismType;
+    CK_BYTE_PTR iv;
+    jobject jKeyMatParam;
+    jobject jSSL3KeyMatOut;
+    jobject jIV;
+    jint jLength;
+    jbyte* jBytes;
+    int i;
+
+    /* get mechanism */
+    jMechanismClass= (*env)->FindClass(env, CLASS_MECHANISM);
+    if (jMechanismClass == NULL) { return; }
+    fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J");
+    if (fieldID == NULL) { return; }
+    jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID);
+    ckMechanismType = jLongToCKULong(jMechanismType);
+    if (ckMechanismType != ckMechanism->mechanism) {
+        /* we do not have maching types, this should not occur */
+        return;
+    }
+
     // free malloc'd data
-    if (ckSSL3KeyMatParam->RandomInfo.pClientRandom != NULL) {
-        free(ckSSL3KeyMatParam->RandomInfo.pClientRandom);
+    if (RandomInfo->pClientRandom != NULL) {
+        free(RandomInfo->pClientRandom);
     }
-    if (ckSSL3KeyMatParam->RandomInfo.pServerRandom != NULL) {
-        free(ckSSL3KeyMatParam->RandomInfo.pServerRandom);
+    if (RandomInfo->pServerRandom != NULL) {
+        free(RandomInfo->pServerRandom);
     }
 
-    /* get the native CK_SSL3_KEY_MAT_OUT */
-    ckSSL3KeyMatOut = ckSSL3KeyMatParam->pReturnedKeyMaterial;
     if (ckSSL3KeyMatOut != NULL_PTR) {
-      /* get the Java CK_SSL3_KEY_MAT_PARAMS (pParameter) */
-      fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;");
+      /* get the Java params object (pParameter) */
+      fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter",
+              "Ljava/lang/Object;");
       if (fieldID == NULL) { return; }
-      jSSL3KeyMatParam = (*env)->GetObjectField(env, jMechanism, fieldID);
+      jKeyMatParam = (*env)->GetObjectField(env, jMechanism, fieldID);
 
       /* get the Java CK_SSL3_KEY_MAT_OUT */
-      jSSL3KeyMatParamsClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_PARAMS);
-      if (jSSL3KeyMatParamsClass == NULL) { return; }
-      fieldID = (*env)->GetFieldID(env, jSSL3KeyMatParamsClass, "pReturnedKeyMaterial", "L"CLASS_SSL3_KEY_MAT_OUT";");
+      jKeyMatParamsClass = (*env)->FindClass(env, class_key_mat_params);
+      if (jKeyMatParamsClass == NULL) { return; }
+      fieldID = (*env)->GetFieldID(env, jKeyMatParamsClass,
+              "pReturnedKeyMaterial", "L"CLASS_SSL3_KEY_MAT_OUT";");
       if (fieldID == NULL) { return; }
-      jSSL3KeyMatOut = (*env)->GetObjectField(env, jSSL3KeyMatParam, fieldID);
+      jSSL3KeyMatOut = (*env)->GetObjectField(env, jKeyMatParam, fieldID);
 
       /* now copy back all the key handles and the initialization vectors */
       /* copy back client MAC secret handle */
       jSSL3KeyMatOutClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_OUT);
       if (jSSL3KeyMatOutClass == NULL) { return; }
-      fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hClientMacSecret", "J");
+      fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass,
+              "hClientMacSecret", "J");
       if (fieldID == NULL) { return; }
-      (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hClientMacSecret));
+      (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID,
+              ckULongToJLong(ckSSL3KeyMatOut->hClientMacSecret));
 
       /* copy back server MAC secret handle */
-      fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hServerMacSecret", "J");
+      fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass,
+              "hServerMacSecret", "J");
       if (fieldID == NULL) { return; }
-      (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hServerMacSecret));
+      (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID,
+              ckULongToJLong(ckSSL3KeyMatOut->hServerMacSecret));
 
       /* copy back client secret key handle */
       fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hClientKey", "J");
       if (fieldID == NULL) { return; }
-      (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hClientKey));
+      (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID,
+              ckULongToJLong(ckSSL3KeyMatOut->hClientKey));
 
       /* copy back server secret key handle */
       fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hServerKey", "J");
       if (fieldID == NULL) { return; }
-      (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hServerKey));
+      (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID,
+              ckULongToJLong(ckSSL3KeyMatOut->hServerKey));
 
       /* copy back the client IV */
       fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "pIVClient", "[B");
@@ -740,7 +788,45 @@ void copyBackSSLKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMe
       free(ckSSL3KeyMatOut->pIVServer);
       free(ckSSL3KeyMatOut);
     }
-  }
+}
+
+/*
+ * Copy back the derived keys and initialization vectors from the native
+ * structure to the Java object. This is only used for
+ * CKM_SSL3_KEY_AND_MAC_DERIVE and CKM_TLS_KEY_AND_MAC_DERIVE mechanisms
+ * when used for deriving a key.
+ *
+ */
+void ssl3CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism,
+        jobject jMechanism)
+{
+    CK_SSL3_KEY_MAT_PARAMS *ckSSL3KeyMatParam;
+    ckSSL3KeyMatParam = (CK_SSL3_KEY_MAT_PARAMS *)ckMechanism->pParameter;
+    if (ckSSL3KeyMatParam != NULL_PTR) {
+        copyBackKeyMatParams(env, ckMechanism, jMechanism,
+                &(ckSSL3KeyMatParam->RandomInfo),
+                ckSSL3KeyMatParam->pReturnedKeyMaterial,
+                CLASS_SSL3_KEY_MAT_PARAMS);
+    }
+}
+
+/*
+ * Copy back the derived keys and initialization vectors from the native
+ * structure to the Java object. This is only used for
+ * CKM_TLS12_KEY_AND_MAC_DERIVE mechanism when used for deriving a key.
+ *
+ */
+void tls12CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism,
+        jobject jMechanism)
+{
+    CK_TLS12_KEY_MAT_PARAMS *ckTLS12KeyMatParam;
+    ckTLS12KeyMatParam = (CK_TLS12_KEY_MAT_PARAMS *) ckMechanism->pParameter;
+    if (ckTLS12KeyMatParam != NULL_PTR) {
+        copyBackKeyMatParams(env, ckMechanism, jMechanism,
+                &(ckTLS12KeyMatParam->RandomInfo),
+                ckTLS12KeyMatParam->pReturnedKeyMaterial,
+                CLASS_TLS12_KEY_MAT_PARAMS);
+    }
 }
 
 #endif

src/share/native/sun/security/pkcs11/wrapper/pkcs11t.h

@@ -807,6 +807,12 @@ typedef CK_ULONG          CK_MECHANISM_TYPE;
 #define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE  0x000003D4
 #define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE  0x000003D5
 
+/* new for v2.40 */
+#define CKM_TLS12_MASTER_KEY_DERIVE         0x000003E0
+#define CKM_TLS12_KEY_AND_MAC_DERIVE        0x000003E1
+#define CKM_TLS12_MASTER_KEY_DERIVE_DH      0x000003E2
+#define CKM_TLS_MAC                         0x000003E4
+
 #define CKM_KEY_WRAP_LYNKS             0x00000400
 #define CKM_KEY_WRAP_SET_OAEP          0x00000401
 
@@ -1682,4 +1688,34 @@ typedef struct CK_PKCS5_PBKD2_PARAMS {
 
 typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR;
 
+/* new for v2.40 */
+
+typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS {
+  CK_SSL3_RANDOM_DATA       RandomInfo;
+  CK_VERSION_PTR            pVersion;
+  CK_MECHANISM_TYPE         prfHashMechanism;
+} CK_TLS12_MASTER_KEY_DERIVE_PARAMS;
+
+typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR;
+
+typedef struct CK_TLS12_KEY_MAT_PARAMS {
+  CK_ULONG ulMacSizeInBits;
+  CK_ULONG ulKeySizeInBits;
+  CK_ULONG ulIVSizeInBits;
+  CK_BBOOL bIsExport;
+  CK_SSL3_RANDOM_DATA RandomInfo;
+  CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
+  CK_MECHANISM_TYPE prfHashMechanism;
+} CK_TLS12_KEY_MAT_PARAMS;
+
+typedef CK_TLS12_KEY_MAT_PARAMS CK_PTR CK_TLS12_KEY_MAT_PARAMS_PTR;
+
+typedef struct CK_TLS_MAC_PARAMS {
+  CK_MECHANISM_TYPE prfMechanism;
+  CK_ULONG ulMacLength;
+  CK_ULONG ulServerOrClient;
+} CK_TLS_MAC_PARAMS;
+
+typedef CK_TLS_MAC_PARAMS CK_PTR CK_TLS_MAC_PARAMS_PTR;
+
 #endif

src/share/native/sun/security/pkcs11/wrapper/pkcs11wrapper.h

 /*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
  */
 
 /* Copyright  (c) 2002 Graz University of Technology. All rights reserved.
@@ -268,10 +268,13 @@
 #define CLASS_SSL3_RANDOM_DATA "sun/security/pkcs11/wrapper/CK_SSL3_RANDOM_DATA"
 // CLASS_SSL3_RANDOM_DATA is used by CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS
 #define CLASS_SSL3_KEY_MAT_OUT "sun/security/pkcs11/wrapper/CK_SSL3_KEY_MAT_OUT"
-// CLASS_SSL3_KEY_MAT_OUT is used by CLASS_SSL3_KEY_MAT_PARAMS
+// CLASS_SSL3_KEY_MAT_OUT is used by CLASS_SSL3_KEY_MAT_PARAMS and CK_TLS12_KEY_MAT_PARAMS
 #define CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS "sun/security/pkcs11/wrapper/CK_SSL3_MASTER_KEY_DERIVE_PARAMS"
+#define CLASS_TLS12_MASTER_KEY_DERIVE_PARAMS "sun/security/pkcs11/wrapper/CK_TLS12_MASTER_KEY_DERIVE_PARAMS"
 #define CLASS_SSL3_KEY_MAT_PARAMS "sun/security/pkcs11/wrapper/CK_SSL3_KEY_MAT_PARAMS"
+#define CLASS_TLS12_KEY_MAT_PARAMS "sun/security/pkcs11/wrapper/CK_TLS12_KEY_MAT_PARAMS"
 #define CLASS_TLS_PRF_PARAMS "sun/security/pkcs11/wrapper/CK_TLS_PRF_PARAMS"
+#define CLASS_TLS_MAC_PARAMS "sun/security/pkcs11/wrapper/CK_TLS_MAC_PARAMS"
 #define CLASS_AES_CTR_PARAMS "sun/security/pkcs11/wrapper/CK_AES_CTR_PARAMS"
 
 /* function to convert a PKCS#11 return value other than CK_OK into a Java Exception
@@ -361,9 +364,11 @@ CK_PKCS5_PBKD2_PARAMS jPkcs5Pbkd2ParamToCKPkcs5Pbkd2Param(JNIEnv *env, jobject j
 CK_KEY_WRAP_SET_OAEP_PARAMS jKeyWrapSetOaepParamToCKKeyWrapSetOaepParam(JNIEnv *env, jobject jParam);
 void copyBackSetUnwrappedKey(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism);
 CK_SSL3_MASTER_KEY_DERIVE_PARAMS jSsl3MasterKeyDeriveParamToCKSsl3MasterKeyDeriveParam(JNIEnv *env, jobject jParam);
-void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism);
+void ssl3CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism);
+void tls12CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism);
 CK_SSL3_KEY_MAT_PARAMS jSsl3KeyMatParamToCKSsl3KeyMatParam(JNIEnv *env, jobject jParam);
-void copyBackSSLKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism);
+void ssl3CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism);
+void tls12CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism);
 CK_KEY_DERIVATION_STRING_DATA jKeyDerivationStringDataToCKKeyDerivationStringData(JNIEnv *env, jobject jParam);
 CK_RSA_PKCS_PSS_PARAMS jRsaPkcsPssParamToCKRsaPkcsPssParam(JNIEnv *env, jobject jParam);
 CK_ECDH1_DERIVE_PARAMS jEcdh1DeriveParamToCKEcdh1DeriveParam(JNIEnv *env, jobject jParam);

test/sun/security/pkcs11/fips/TestTLS12.java

+/*
+ * Copyright (c) 2018, Red Hat, Inc. and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8029661
+ * @summary Test TLS 1.2
+ * @library ..
+ * @run main/othervm/timeout=120 TestTLS12
+ */
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.nio.ByteBuffer;
+
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.Security;
+
+import java.util.Arrays;
+
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.SSLEngineResult.HandshakeStatus;
+import javax.net.ssl.SSLParameters;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.TrustManagerFactory;
+
+import sun.security.internal.spec.TlsMasterSecretParameterSpec;
+import sun.security.internal.spec.TlsPrfParameterSpec;
+import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
+
+public final class TestTLS12 extends SecmodTest {
+
+    private static final boolean enableDebug = true;
+
+    private static Provider sunPKCS11NSSProvider;
+    private static Provider sunJCEProvider;
+    private static com.sun.net.ssl.internal.ssl.Provider jsseProvider;
+    private static KeyStore ks;
+    private static KeyStore ts;
+    private static char[] passphrase = "JAHshj131@@".toCharArray();
+    private static RSAPrivateKey privateKey;
+    private static RSAPublicKey publicKey;
+
+    public static void main(String[] args) throws Exception {
+        try {
+            initialize();
+        } catch (Exception e) {
+            System.out.println("Test skipped: failure during" +
+                    " initialization");
+            return;
+        }
+
+        if (shouldRun()) {
+            // Test against JCE
+            testTlsAuthenticationCodeGeneration();
+
+            // Self-integrity test (complete TLS 1.2 communication)
+            new testTLS12SunPKCS11Communication().run();
+
+            System.out.println("Test PASS - OK");
+        } else {
+            System.out.println("Test skipped: TLS 1.2 mechanisms" +
+                    " not supported by current SunPKCS11 back-end");
+        }
+    }
+
+    private static boolean shouldRun() {
+        if (sunPKCS11NSSProvider == null) {
+            return false;
+        }
+        try {
+            KeyGenerator.getInstance("SunTls12MasterSecret",
+                    sunPKCS11NSSProvider);
+            KeyGenerator.getInstance(
+                    "SunTls12RsaPremasterSecret", sunPKCS11NSSProvider);
+            KeyGenerator.getInstance("SunTls12Prf", sunPKCS11NSSProvider);
+        } catch (NoSuchAlgorithmException e) {
+            return false;
+        }
+        return true;
+    }
+
+    private static void testTlsAuthenticationCodeGeneration()
+            throws Exception {
+        // Generate RSA Pre-Master Secret in SunPKCS11 provider
+        SecretKey rsaPreMasterSecret = null;
+        @SuppressWarnings("deprecation")
+        TlsRsaPremasterSecretParameterSpec rsaPreMasterSecretSpec =
+                new TlsRsaPremasterSecretParameterSpec(0x0303, 0x0303);
+        {
+            KeyGenerator rsaPreMasterSecretKG = KeyGenerator.getInstance(
+                    "SunTls12RsaPremasterSecret", sunPKCS11NSSProvider);
+            rsaPreMasterSecretKG.init(rsaPreMasterSecretSpec, null);
+            rsaPreMasterSecret = rsaPreMasterSecretKG.generateKey();
+        }
+
+        // Get RSA Pre-Master Secret in plain (from SunPKCS11 provider)
+        byte[] rsaPlainPreMasterSecret = null;
+        {
+            Cipher rsaPreMasterSecretWrapperCipher =
+                    Cipher.getInstance("RSA/ECB/PKCS1Padding",
+                            sunPKCS11NSSProvider);
+            rsaPreMasterSecretWrapperCipher.init(Cipher.WRAP_MODE, publicKey,
+                    new SecureRandom());
+            byte[] rsaEncryptedPreMasterSecret =
+                    rsaPreMasterSecretWrapperCipher.wrap(rsaPreMasterSecret);
+            Cipher rsaPreMasterSecretUnwrapperCipher =
+                    Cipher.getInstance("RSA/ECB/PKCS1Padding", sunJCEProvider);
+            rsaPreMasterSecretUnwrapperCipher.init(Cipher.UNWRAP_MODE,
+                    privateKey, rsaPreMasterSecretSpec);
+            rsaPlainPreMasterSecret = rsaPreMasterSecretUnwrapperCipher.unwrap(
+                    rsaEncryptedPreMasterSecret, "TlsRsaPremasterSecret",
+                    Cipher.SECRET_KEY).getEncoded();
+
+            if (enableDebug) {
+                System.out.println("rsaPlainPreMasterSecret:");
+                for (byte b : rsaPlainPreMasterSecret) {
+                    System.out.printf("%02X, ", b);
+                }
+                System.out.println("");
+            }
+        }
+
+        // Generate Master Secret
+        SecretKey sunPKCS11MasterSecret = null;
+        SecretKey jceMasterSecret = null;
+        {
+            KeyGenerator sunPKCS11MasterSecretGenerator =
+                    KeyGenerator.getInstance("SunTls12MasterSecret",
+                            sunPKCS11NSSProvider);
+            KeyGenerator jceMasterSecretGenerator = KeyGenerator.getInstance(
+                    "SunTls12MasterSecret", sunJCEProvider);
+            @SuppressWarnings("deprecation")
+            TlsMasterSecretParameterSpec sunPKCS11MasterSecretSpec =
+                    new TlsMasterSecretParameterSpec(rsaPreMasterSecret, 3, 3,
+                            new byte[32], new byte[32], "SHA-256", 32, 64);
+            @SuppressWarnings("deprecation")
+            TlsMasterSecretParameterSpec jceMasterSecretSpec =
+                    new TlsMasterSecretParameterSpec(
+                            new SecretKeySpec(rsaPlainPreMasterSecret,
+                                    "Generic"), 3, 3, new byte[32],
+                            new byte[32], "SHA-256", 32, 64);
+            sunPKCS11MasterSecretGenerator.init(sunPKCS11MasterSecretSpec,
+                    null);
+            jceMasterSecretGenerator.init(jceMasterSecretSpec, null);
+            sunPKCS11MasterSecret =
+                    sunPKCS11MasterSecretGenerator.generateKey();
+            jceMasterSecret = jceMasterSecretGenerator.generateKey();
+            if (enableDebug) {
+                System.out.println("Master Secret (SunJCE):");
+                if (jceMasterSecret != null) {
+                    for (byte b : jceMasterSecret.getEncoded()) {
+                        System.out.printf("%02X, ", b);
+                    }
+                    System.out.println("");
+                }
+            }
+        }
+
+        // Generate authentication codes
+        byte[] sunPKCS11AuthenticationCode = null;
+        byte[] jceAuthenticationCode = null;
+        {
+            // Generate SunPKCS11 authentication code
+            {
+                @SuppressWarnings("deprecation")
+                TlsPrfParameterSpec sunPKCS11AuthenticationCodeSpec =
+                        new TlsPrfParameterSpec(sunPKCS11MasterSecret,
+                                "client finished", "a".getBytes(), 12,
+                                "SHA-256", 32, 64);
+                KeyGenerator sunPKCS11AuthCodeGenerator =
+                        KeyGenerator.getInstance("SunTls12Prf",
+                                sunPKCS11NSSProvider);
+                sunPKCS11AuthCodeGenerator.init(
+                        sunPKCS11AuthenticationCodeSpec);
+                sunPKCS11AuthenticationCode =
+                        sunPKCS11AuthCodeGenerator.generateKey().getEncoded();
+            }
+
+            // Generate SunJCE authentication code
+            {
+                @SuppressWarnings("deprecation")
+                TlsPrfParameterSpec jceAuthenticationCodeSpec =
+                        new TlsPrfParameterSpec(jceMasterSecret,
+                                "client finished", "a".getBytes(), 12,
+                                "SHA-256", 32, 64);
+                KeyGenerator jceAuthCodeGenerator =
+                        KeyGenerator.getInstance("SunTls12Prf",
+                                sunJCEProvider);
+                jceAuthCodeGenerator.init(jceAuthenticationCodeSpec);
+                jceAuthenticationCode =
+                        jceAuthCodeGenerator.generateKey().getEncoded();
+            }
+
+            if (enableDebug) {
+                System.out.println("SunPKCS11 Authentication Code: ");
+                for (byte b : sunPKCS11AuthenticationCode) {
+                    System.out.printf("%02X, ", b);
+                }
+                System.out.println("");
+                System.out.println("SunJCE Authentication Code: ");
+                for (byte b : jceAuthenticationCode) {
+                    System.out.printf("%02X, ", b);
+                }
+                System.out.println("");
+            }
+        }
+
+        if (sunPKCS11AuthenticationCode == null ||
+                jceAuthenticationCode == null ||
+                sunPKCS11AuthenticationCode.length == 0 ||
+                jceAuthenticationCode.length == 0 ||
+                !Arrays.equals(sunPKCS11AuthenticationCode,
+                        jceAuthenticationCode)) {
+            throw new Exception("Authentication codes from JCE" +
+                        " and SunPKCS11 differ.");
+        }
+    }
+
+    private static class testTLS12SunPKCS11Communication {
+        public static void run() throws Exception {
+            SSLEngine[][] enginesToTest = getSSLEnginesToTest();
+
+            for (SSLEngine[] engineToTest : enginesToTest) {
+
+                SSLEngine clientSSLEngine = engineToTest[0];
+                SSLEngine serverSSLEngine = engineToTest[1];
+
+                // SSLEngine code based on RedhandshakeFinished.java
+
+                boolean dataDone = false;
+
+                ByteBuffer clientOut = null;
+                ByteBuffer clientIn = null;
+                ByteBuffer serverOut = null;
+                ByteBuffer serverIn = null;
+                ByteBuffer cTOs;
+                ByteBuffer sTOc;
+
+                SSLSession session = clientSSLEngine.getSession();
+                int appBufferMax = session.getApplicationBufferSize();
+                int netBufferMax = session.getPacketBufferSize();
+
+                clientIn = ByteBuffer.allocate(appBufferMax + 50);
+                serverIn = ByteBuffer.allocate(appBufferMax + 50);
+
+                cTOs = ByteBuffer.allocateDirect(netBufferMax);
+                sTOc = ByteBuffer.allocateDirect(netBufferMax);
+
+                clientOut = ByteBuffer.wrap(
+                        "Hi Server, I'm Client".getBytes());
+                serverOut = ByteBuffer.wrap(
+                        "Hello Client, I'm Server".getBytes());
+
+                SSLEngineResult clientResult;
+                SSLEngineResult serverResult;
+
+                while (!dataDone) {
+                    clientResult = clientSSLEngine.wrap(clientOut, cTOs);
+                    runDelegatedTasks(clientResult, clientSSLEngine);
+                    serverResult = serverSSLEngine.wrap(serverOut, sTOc);
+                    runDelegatedTasks(serverResult, serverSSLEngine);
+                    cTOs.flip();
+                    sTOc.flip();
+
+                    if (enableDebug) {
+                        System.out.println("Client -> Network");
+                        printTlsNetworkPacket("", cTOs);
+                        System.out.println("");
+                        System.out.println("Server -> Network");
+                        printTlsNetworkPacket("", sTOc);
+                        System.out.println("");
+                    }
+
+                    clientResult = clientSSLEngine.unwrap(sTOc, clientIn);
+                    runDelegatedTasks(clientResult, clientSSLEngine);
+                    serverResult = serverSSLEngine.unwrap(cTOs, serverIn);
+                    runDelegatedTasks(serverResult, serverSSLEngine);
+
+                    cTOs.compact();
+                    sTOc.compact();
+
+                    if (!dataDone &&
+                            (clientOut.limit() == serverIn.position()) &&
+                            (serverOut.limit() == clientIn.position())) {
+                        checkTransfer(serverOut, clientIn);
+                        checkTransfer(clientOut, serverIn);
+                        dataDone = true;
+                    }
+                }
+            }
+        }
+
+        static void printTlsNetworkPacket(String prefix, ByteBuffer bb) {
+            ByteBuffer slice = bb.slice();
+            byte[] buffer = new byte[slice.remaining()];
+            slice.get(buffer);
+            for (int i = 0; i < buffer.length; i++) {
+                System.out.printf("%02X, ", (byte)(buffer[i] & (byte)0xFF));
+                if (i % 8 == 0 && i % 16 != 0) {
+                    System.out.print(" ");
+                }
+                if (i % 16 == 0) {
+                    System.out.println("");
+                }
+            }
+            System.out.flush();
+        }
+
+        private static void checkTransfer(ByteBuffer a, ByteBuffer b)
+                throws Exception {
+            a.flip();
+            b.flip();
+            if (!a.equals(b)) {
+                throw new Exception("Data didn't transfer cleanly");
+            }
+            a.position(a.limit());
+            b.position(b.limit());
+            a.limit(a.capacity());
+            b.limit(b.capacity());
+        }
+
+        private static void runDelegatedTasks(SSLEngineResult result,
+                SSLEngine engine) throws Exception {
+
+            if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
+                Runnable runnable;
+                while ((runnable = engine.getDelegatedTask()) != null) {
+                    runnable.run();
+                }
+                HandshakeStatus hsStatus = engine.getHandshakeStatus();
+                if (hsStatus == HandshakeStatus.NEED_TASK) {
+                    throw new Exception(
+                        "handshake shouldn't need additional tasks");
+                }
+            }
+        }
+
+        private static SSLEngine[][] getSSLEnginesToTest() throws Exception {
+            SSLEngine[][] enginesToTest = new SSLEngine[2][2];
+            String[][] preferredSuites = new String[][]{ new String[] {
+                    "TLS_RSA_WITH_AES_128_CBC_SHA256"
+            },  new String[] {
+                    "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"
+            }};
+            for (int i = 0; i < enginesToTest.length; i++) {
+                enginesToTest[i][0] = createSSLEngine(true);
+                enginesToTest[i][1] = createSSLEngine(false);
+                enginesToTest[i][0].setEnabledCipherSuites(preferredSuites[i]);
+                enginesToTest[i][1].setEnabledCipherSuites(preferredSuites[i]);
+            }
+            return enginesToTest;
+        }
+
+        static private SSLEngine createSSLEngine(boolean client)
+                throws Exception {
+            SSLEngine ssle;
+            KeyManagerFactory kmf = KeyManagerFactory.getInstance("PKIX",
+                    jsseProvider);
+            kmf.init(ks, passphrase);
+
+            TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX",
+                    jsseProvider);
+            tmf.init(ts);
+
+            SSLContext sslCtx = SSLContext.getInstance("TLSv1.2",
+                    jsseProvider);
+            sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+            ssle = sslCtx.createSSLEngine("localhost", 443);
+            ssle.setUseClientMode(client);
+            SSLParameters sslParameters = ssle.getSSLParameters();
+            ssle.setSSLParameters(sslParameters);
+
+            return ssle;
+        }
+    }
+
+    private static void initialize() throws Exception {
+        if (initSecmod() == false) {
+            return;
+        }
+        String configName = BASE + SEP + "fips.cfg";
+        sunPKCS11NSSProvider = getSunPKCS11(configName);
+        System.out.println("SunPKCS11 provider: " + sunPKCS11NSSProvider);
+        Security.addProvider(sunPKCS11NSSProvider);
+
+        sunJCEProvider = new com.sun.crypto.provider.SunJCE();
+        Security.addProvider(sunJCEProvider);
+
+        Security.removeProvider("SunJSSE");
+        jsseProvider =new com.sun.net.ssl.internal.ssl.Provider(
+                sunPKCS11NSSProvider);
+        Security.addProvider(jsseProvider);
+        System.out.println(jsseProvider.getInfo());
+
+        ks = KeyStore.getInstance("PKCS11", sunPKCS11NSSProvider);
+        ks.load(null, "test12".toCharArray());
+        ts = ks;
+
+        KeyStore ksPlain = readTestKeyStore();
+        privateKey = (RSAPrivateKey)ksPlain.getKey("rh_rsa_sha256",
+                passphrase);
+        publicKey = (RSAPublicKey)ksPlain.getCertificate(
+                "rh_rsa_sha256").getPublicKey();
+    }
+
+    private static KeyStore readTestKeyStore() throws Exception {
+        File file = new File(System.getProperty("test.src", "."), "keystore");
+        InputStream in = new FileInputStream(file);
+        KeyStore ks = KeyStore.getInstance("JKS");
+        ks.load(in, "passphrase".toCharArray());
+        in.close();
+        return ks;
+    }
+}
\ No newline at end of file