annotate src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_keymgmt.c @ 55037:15ae25f7eefd

8216597: SIGBUS in Java_sun_security_pkcs11_wrapper_PKCS11_getNativeKeyInfo after JDK-6913047 Summary: changed variable declaration type to byte* from long* to fix SIGBUS error Reviewed-by: ascarpino
author valeriep
date Wed, 20 Feb 2019 19:16:45 +0000
parents 5170dc2bcf64
children 895a6a380484
rev   line source
duke@2 1 /*
valeriep@55037 2 * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
duke@2 3 */
duke@2 4
duke@2 5 /* Copyright (c) 2002 Graz University of Technology. All rights reserved.
duke@2 6 *
duke@2 7 * Redistribution and use in source and binary forms, with or without
duke@2 8 * modification, are permitted provided that the following conditions are met:
duke@2 9 *
duke@2 10 * 1. Redistributions of source code must retain the above copyright notice,
duke@2 11 * this list of conditions and the following disclaimer.
duke@2 12 *
duke@2 13 * 2. Redistributions in binary form must reproduce the above copyright notice,
duke@2 14 * this list of conditions and the following disclaimer in the documentation
duke@2 15 * and/or other materials provided with the distribution.
duke@2 16 *
duke@2 17 * 3. The end-user documentation included with the redistribution, if any, must
duke@2 18 * include the following acknowledgment:
duke@2 19 *
duke@2 20 * "This product includes software developed by IAIK of Graz University of
duke@2 21 * Technology."
duke@2 22 *
duke@2 23 * Alternately, this acknowledgment may appear in the software itself, if
duke@2 24 * and wherever such third-party acknowledgments normally appear.
duke@2 25 *
duke@2 26 * 4. The names "Graz University of Technology" and "IAIK of Graz University of
duke@2 27 * Technology" must not be used to endorse or promote products derived from
duke@2 28 * this software without prior written permission.
duke@2 29 *
duke@2 30 * 5. Products derived from this software may not be called
duke@2 31 * "IAIK PKCS Wrapper", nor may "IAIK" appear in their name, without prior
duke@2 32 * written permission of Graz University of Technology.
duke@2 33 *
duke@2 34 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
duke@2 35 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
duke@2 36 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
duke@2 37 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE LICENSOR BE
duke@2 38 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
duke@2 39 * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
duke@2 40 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
duke@2 41 * OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
duke@2 42 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
duke@2 43 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
duke@2 44 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
duke@2 45 * POSSIBILITY OF SUCH DAMAGE.
duke@2 46 */
duke@2 47
duke@2 48 #include "pkcs11wrapper.h"
duke@2 49
duke@2 50 #include <stdio.h>
duke@2 51 #include <stdlib.h>
duke@2 52 #include <string.h>
duke@2 53 #include <assert.h>
duke@2 54
duke@2 55 #include "sun_security_pkcs11_wrapper_PKCS11.h"
duke@2 56
mbalao@54321 57 #ifdef P11_ENABLE_GETNATIVEKEYINFO
mbalao@54321 58
mbalao@54321 59 #define CK_ATTRIBUTES_TEMPLATE_LENGTH (CK_ULONG)61U
mbalao@54321 60
mbalao@54321 61 static CK_ATTRIBUTE ckpAttributesTemplate[CK_ATTRIBUTES_TEMPLATE_LENGTH] = {
mbalao@54321 62 {CKA_CLASS, 0, 0},
mbalao@54321 63 {CKA_TOKEN, 0, 0},
mbalao@54321 64 {CKA_PRIVATE, 0, 0},
mbalao@54321 65 {CKA_LABEL, 0, 0},
mbalao@54321 66 {CKA_APPLICATION, 0, 0},
mbalao@54321 67 {CKA_VALUE, 0, 0},
mbalao@54321 68 {CKA_OBJECT_ID, 0, 0},
mbalao@54321 69 {CKA_CERTIFICATE_TYPE, 0, 0},
mbalao@54321 70 {CKA_ISSUER, 0, 0},
mbalao@54321 71 {CKA_SERIAL_NUMBER, 0, 0},
mbalao@54321 72 {CKA_AC_ISSUER, 0, 0},
mbalao@54321 73 {CKA_OWNER, 0, 0},
mbalao@54321 74 {CKA_ATTR_TYPES, 0, 0},
mbalao@54321 75 {CKA_TRUSTED, 0, 0},
mbalao@54321 76 {CKA_KEY_TYPE, 0, 0},
mbalao@54321 77 {CKA_SUBJECT, 0, 0},
mbalao@54321 78 {CKA_ID, 0, 0},
mbalao@54321 79 {CKA_SENSITIVE, 0, 0},
mbalao@54321 80 {CKA_ENCRYPT, 0, 0},
mbalao@54321 81 {CKA_DECRYPT, 0, 0},
mbalao@54321 82 {CKA_WRAP, 0, 0},
mbalao@54321 83 {CKA_UNWRAP, 0, 0},
mbalao@54321 84 {CKA_SIGN, 0, 0},
mbalao@54321 85 {CKA_SIGN_RECOVER, 0, 0},
mbalao@54321 86 {CKA_VERIFY, 0, 0},
mbalao@54321 87 {CKA_VERIFY_RECOVER, 0, 0},
mbalao@54321 88 {CKA_DERIVE, 0, 0},
mbalao@54321 89 {CKA_START_DATE, 0, 0},
mbalao@54321 90 {CKA_END_DATE, 0, 0},
mbalao@54321 91 {CKA_MODULUS, 0, 0},
mbalao@54321 92 {CKA_MODULUS_BITS, 0, 0},
mbalao@54321 93 {CKA_PUBLIC_EXPONENT, 0, 0},
mbalao@54321 94 {CKA_PRIVATE_EXPONENT, 0, 0},
mbalao@54321 95 {CKA_PRIME_1, 0, 0},
mbalao@54321 96 {CKA_PRIME_2, 0, 0},
mbalao@54321 97 {CKA_EXPONENT_1, 0, 0},
mbalao@54321 98 {CKA_EXPONENT_2, 0, 0},
mbalao@54321 99 {CKA_COEFFICIENT, 0, 0},
mbalao@54321 100 {CKA_PRIME, 0, 0},
mbalao@54321 101 {CKA_SUBPRIME, 0, 0},
mbalao@54321 102 {CKA_BASE, 0, 0},
mbalao@54321 103 {CKA_PRIME_BITS, 0, 0},
mbalao@54321 104 {CKA_SUB_PRIME_BITS, 0, 0},
mbalao@54321 105 {CKA_VALUE_BITS, 0, 0},
mbalao@54321 106 {CKA_VALUE_LEN, 0, 0},
mbalao@54321 107 {CKA_EXTRACTABLE, 0, 0},
mbalao@54321 108 {CKA_LOCAL, 0, 0},
mbalao@54321 109 {CKA_NEVER_EXTRACTABLE, 0, 0},
mbalao@54321 110 {CKA_ALWAYS_SENSITIVE, 0, 0},
mbalao@54321 111 {CKA_KEY_GEN_MECHANISM, 0, 0},
mbalao@54321 112 {CKA_MODIFIABLE, 0, 0},
mbalao@54321 113 {CKA_ECDSA_PARAMS, 0, 0},
mbalao@54321 114 {CKA_EC_PARAMS, 0, 0},
mbalao@54321 115 {CKA_EC_POINT, 0, 0},
mbalao@54321 116 {CKA_SECONDARY_AUTH, 0, 0},
mbalao@54321 117 {CKA_AUTH_PIN_FLAGS, 0, 0},
mbalao@54321 118 {CKA_HW_FEATURE_TYPE, 0, 0},
mbalao@54321 119 {CKA_RESET_ON_INIT, 0, 0},
mbalao@54321 120 {CKA_HAS_RESET, 0, 0},
mbalao@54321 121 {CKA_VENDOR_DEFINED, 0, 0},
mbalao@54321 122 {CKA_NETSCAPE_DB, 0, 0},
mbalao@54321 123 };
mbalao@54321 124
mbalao@54321 125 /*
mbalao@54321 126 * Class: sun_security_pkcs11_wrapper_PKCS11
mbalao@54321 127 * Method: getNativeKeyInfo
mbalao@54321 128 * Signature: (JJJLsun/security/pkcs11/wrapper/CK_MECHANISM;)[B
mbalao@54321 129 * Parametermapping: *PKCS11*
mbalao@54321 130 * @param jlong jSessionHandle CK_SESSION_HANDLE hSession
mbalao@54321 131 * @param jlong jKeyHandle CK_OBJECT_HANDLE hObject
mbalao@54321 132 * @param jlong jWrappingKeyHandle CK_OBJECT_HANDLE hObject
mbalao@54321 133 * @param jobject jWrappingMech CK_MECHANISM_PTR pMechanism
mbalao@54321 134 * @return jbyteArray jNativeKeyInfo -
mbalao@54321 135 */
mbalao@54321 136 JNIEXPORT jbyteArray JNICALL
mbalao@54321 137 Java_sun_security_pkcs11_wrapper_PKCS11_getNativeKeyInfo
mbalao@54321 138 (JNIEnv *env, jobject obj, jlong jSessionHandle, jlong jKeyHandle,
mbalao@54321 139 jlong jWrappingKeyHandle, jobject jWrappingMech)
mbalao@54321 140 {
mbalao@54321 141 jbyteArray returnValue = NULL;
mbalao@54321 142 CK_SESSION_HANDLE ckSessionHandle = jLongToCKULong(jSessionHandle);
mbalao@54321 143 CK_OBJECT_HANDLE ckObjectHandle = jLongToCKULong(jKeyHandle);
mbalao@54321 144 CK_ATTRIBUTE_PTR ckpAttributes = NULL;
mbalao@54321 145 CK_RV rv;
mbalao@54321 146 jbyteArray nativeKeyInfoArray = NULL;
mbalao@54321 147 jbyteArray nativeKeyInfoWrappedKeyArray = NULL;
mbalao@54321 148 jbyte* nativeKeyInfoArrayRaw = NULL;
mbalao@54321 149 jbyte* nativeKeyInfoWrappedKeyArrayRaw = NULL;
mbalao@54321 150 unsigned int sensitiveAttributePosition = (unsigned int)-1;
mbalao@54321 151 unsigned int i = 0U;
mbalao@54321 152 unsigned long totalDataSize = 0UL, attributesCount = 0UL;
mbalao@54321 153 unsigned long totalCkAttributesSize = 0UL, totalNativeKeyInfoArraySize = 0UL;
valeriep@55037 154 jbyte* wrappedKeySizePtr = NULL;
mbalao@54321 155 jbyte* nativeKeyInfoArrayRawCkAttributes = NULL;
mbalao@54321 156 jbyte* nativeKeyInfoArrayRawCkAttributesPtr = NULL;
mbalao@54321 157 jbyte* nativeKeyInfoArrayRawDataPtr = NULL;
mbalao@54321 158 CK_MECHANISM ckMechanism;
mbalao@54321 159 char iv[16] = {0x0};
mbalao@54321 160 CK_ULONG ckWrappedKeyLength = 0U;
valeriep@55037 161 jbyte* wrappedKeySizeWrappedKeyArrayPtr = NULL;
mbalao@54321 162 CK_BYTE_PTR wrappedKeyBufferPtr = NULL;
mbalao@54321 163 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
mbalao@54321 164 CK_OBJECT_CLASS class;
mbalao@54321 165 CK_KEY_TYPE keyType;
mbalao@54321 166 CK_BBOOL sensitive;
mbalao@54321 167 CK_BBOOL netscapeAttributeValueNeeded = CK_FALSE;
mbalao@54321 168 CK_ATTRIBUTE ckNetscapeAttributesTemplate[4];
mbalao@54321 169 ckNetscapeAttributesTemplate[0].type = CKA_CLASS;
mbalao@54321 170 ckNetscapeAttributesTemplate[1].type = CKA_KEY_TYPE;
mbalao@54321 171 ckNetscapeAttributesTemplate[2].type = CKA_SENSITIVE;
mbalao@54321 172 ckNetscapeAttributesTemplate[3].type = CKA_NETSCAPE_DB;
mbalao@54321 173 ckNetscapeAttributesTemplate[0].pValue = &class;
mbalao@54321 174 ckNetscapeAttributesTemplate[1].pValue = &keyType;
mbalao@54321 175 ckNetscapeAttributesTemplate[2].pValue = &sensitive;
mbalao@54321 176 ckNetscapeAttributesTemplate[3].pValue = 0;
mbalao@54321 177 ckNetscapeAttributesTemplate[0].ulValueLen = sizeof(class);
mbalao@54321 178 ckNetscapeAttributesTemplate[1].ulValueLen = sizeof(keyType);
mbalao@54321 179 ckNetscapeAttributesTemplate[2].ulValueLen = sizeof(sensitive);
mbalao@54321 180 ckNetscapeAttributesTemplate[3].ulValueLen = 0;
mbalao@54321 181
mbalao@54321 182 if (ckpFunctions == NULL) { goto cleanup; }
mbalao@54321 183
mbalao@54321 184 // If key is private and of DSA or EC type, NSS may require CKA_NETSCAPE_DB
mbalao@54321 185 // attribute to unwrap it.
mbalao@54321 186 rv = (*ckpFunctions->C_GetAttributeValue)(ckSessionHandle, ckObjectHandle,
mbalao@54321 187 ckNetscapeAttributesTemplate,
mbalao@54321 188 sizeof(ckNetscapeAttributesTemplate)/sizeof(CK_ATTRIBUTE));
mbalao@54321 189
mbalao@54321 190 if (rv == CKR_OK && class == CKO_PRIVATE_KEY &&
mbalao@54321 191 (keyType == CKK_EC || keyType == CKK_DSA) &&
mbalao@54321 192 sensitive == CK_TRUE &&
mbalao@54321 193 ckNetscapeAttributesTemplate[3].ulValueLen == CK_UNAVAILABLE_INFORMATION) {
mbalao@54321 194 // We cannot set the attribute through C_SetAttributeValue here
mbalao@54321 195 // because it might be read-only. However, we can add it to
mbalao@54321 196 // the extracted buffer.
mbalao@54321 197 netscapeAttributeValueNeeded = CK_TRUE;
mbalao@54321 198 TRACE0("DEBUG: override CKA_NETSCAPE_DB attr value to TRUE\n");
mbalao@54321 199 }
mbalao@54321 200
mbalao@54321 201 ckpAttributes = (CK_ATTRIBUTE_PTR)malloc(
mbalao@54321 202 CK_ATTRIBUTES_TEMPLATE_LENGTH * sizeof(CK_ATTRIBUTE));
mbalao@54321 203 if (ckpAttributes == NULL) {
mbalao@54321 204 throwOutOfMemoryError(env, 0);
mbalao@54321 205 goto cleanup;
mbalao@54321 206 }
mbalao@54321 207 memcpy(ckpAttributes, ckpAttributesTemplate,
mbalao@54321 208 CK_ATTRIBUTES_TEMPLATE_LENGTH * sizeof(CK_ATTRIBUTE));
mbalao@54321 209
mbalao@54321 210 // Get sizes for value buffers
mbalao@54321 211 // NOTE: may return an error code but length values are filled anyways
mbalao@54321 212 (*ckpFunctions->C_GetAttributeValue)(ckSessionHandle, ckObjectHandle,
mbalao@54321 213 ckpAttributes, CK_ATTRIBUTES_TEMPLATE_LENGTH);
mbalao@54321 214
mbalao@54321 215 for (i = 0; i < CK_ATTRIBUTES_TEMPLATE_LENGTH; i++) {
mbalao@54321 216 if ((ckpAttributes+i)->ulValueLen != CK_UNAVAILABLE_INFORMATION) {
mbalao@54321 217 totalDataSize += (ckpAttributes+i)->ulValueLen;
mbalao@54321 218 if ((ckpAttributes+i)->type == CKA_SENSITIVE) {
mbalao@54321 219 sensitiveAttributePosition = attributesCount;
mbalao@54321 220 TRACE0("DEBUG: GetNativeKeyInfo key is sensitive");
mbalao@54321 221 }
mbalao@54321 222 attributesCount++;
mbalao@54321 223 }
mbalao@54321 224 }
mbalao@54321 225
mbalao@54321 226 if (netscapeAttributeValueNeeded) {
mbalao@54321 227 attributesCount++;
mbalao@54321 228 }
mbalao@54321 229
mbalao@54321 230 // Allocate a single buffer to hold valid attributes and attribute's values
mbalao@54321 231 // Buffer structure: [ attributes-size, [ ... attributes ... ],
mbalao@54321 232 // values-size, [ ... values ... ], wrapped-key-size,
mbalao@54321 233 // [ ... wrapped-key ... ] ]
mbalao@54321 234 // * sizes are expressed in bytes and data type is unsigned long
mbalao@54321 235 totalCkAttributesSize = attributesCount * sizeof(CK_ATTRIBUTE);
mbalao@54321 236 TRACE1("DEBUG: GetNativeKeyInfo attributesCount = %lu\n", attributesCount);
valeriep@55037 237 TRACE1("DEBUG: GetNativeKeyInfo sizeof CK_ATTRIBUTE = %zu\n", sizeof(CK_ATTRIBUTE));
mbalao@54321 238 TRACE1("DEBUG: GetNativeKeyInfo totalCkAttributesSize = %lu\n", totalCkAttributesSize);
mbalao@54321 239 TRACE1("DEBUG: GetNativeKeyInfo totalDataSize = %lu\n", totalDataSize);
mbalao@54321 240
mbalao@54321 241 totalNativeKeyInfoArraySize =
mbalao@54321 242 totalCkAttributesSize + sizeof(unsigned long) * 3 + totalDataSize;
mbalao@54321 243
mbalao@54321 244 TRACE1("DEBUG: GetNativeKeyInfo totalNativeKeyInfoArraySize = %lu\n", totalNativeKeyInfoArraySize);
mbalao@54321 245
mbalao@54321 246 nativeKeyInfoArray = (*env)->NewByteArray(env, totalNativeKeyInfoArraySize);
mbalao@54321 247 if (nativeKeyInfoArray == NULL) {
mbalao@54321 248 goto cleanup;
mbalao@54321 249 }
mbalao@54321 250
mbalao@54321 251 nativeKeyInfoArrayRaw = (*env)->GetByteArrayElements(env, nativeKeyInfoArray,
mbalao@54321 252 NULL);
mbalao@54321 253 if (nativeKeyInfoArrayRaw == NULL) {
mbalao@54321 254 goto cleanup;
mbalao@54321 255 }
mbalao@54321 256
valeriep@55037 257 wrappedKeySizePtr = nativeKeyInfoArrayRaw +
valeriep@55037 258 sizeof(unsigned long)*2 + totalCkAttributesSize + totalDataSize;
mbalao@54321 259 memcpy(nativeKeyInfoArrayRaw, &totalCkAttributesSize, sizeof(unsigned long));
mbalao@54321 260
mbalao@54321 261 memcpy(nativeKeyInfoArrayRaw + sizeof(unsigned long) + totalCkAttributesSize,
mbalao@54321 262 &totalDataSize, sizeof(unsigned long));
mbalao@54321 263
mbalao@54321 264 memset(wrappedKeySizePtr, 0, sizeof(unsigned long));
mbalao@54321 265
mbalao@54321 266 nativeKeyInfoArrayRawCkAttributes = nativeKeyInfoArrayRaw +
mbalao@54321 267 sizeof(unsigned long);
mbalao@54321 268 nativeKeyInfoArrayRawCkAttributesPtr = nativeKeyInfoArrayRawCkAttributes;
mbalao@54321 269 nativeKeyInfoArrayRawDataPtr = nativeKeyInfoArrayRaw +
mbalao@54321 270 totalCkAttributesSize + sizeof(unsigned long) * 2;
mbalao@54321 271
mbalao@54321 272 for (i = 0; i < CK_ATTRIBUTES_TEMPLATE_LENGTH; i++) {
mbalao@54321 273 if ((ckpAttributes+i)->ulValueLen != CK_UNAVAILABLE_INFORMATION) {
mbalao@54321 274 (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).type =
mbalao@54321 275 (ckpAttributes+i)->type;
mbalao@54321 276 (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).ulValueLen =
mbalao@54321 277 (ckpAttributes+i)->ulValueLen;
mbalao@54321 278 if ((ckpAttributes+i)->ulValueLen != 0) {
mbalao@54321 279 (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).pValue =
mbalao@54321 280 nativeKeyInfoArrayRawDataPtr;
mbalao@54321 281 } else {
mbalao@54321 282 (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).pValue = 0;
mbalao@54321 283 }
mbalao@54321 284 nativeKeyInfoArrayRawDataPtr +=
mbalao@54321 285 (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).ulValueLen;
mbalao@54321 286 nativeKeyInfoArrayRawCkAttributesPtr += sizeof(CK_ATTRIBUTE);
mbalao@54321 287 }
mbalao@54321 288 }
mbalao@54321 289
mbalao@54321 290 TRACE0("DEBUG: GetNativeKeyInfo finished prepping nativeKeyInfoArray\n");
mbalao@54321 291
mbalao@54321 292 // Get attribute's values
mbalao@54321 293 rv = (*ckpFunctions->C_GetAttributeValue)(ckSessionHandle, ckObjectHandle,
mbalao@54321 294 (CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributes,
mbalao@54321 295 attributesCount);
mbalao@54321 296 if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) {
mbalao@54321 297 goto cleanup;
mbalao@54321 298 }
mbalao@54321 299
mbalao@54321 300 TRACE0("DEBUG: GetNativeKeyInfo 1st C_GetAttributeValue call passed\n");
mbalao@54321 301
mbalao@54321 302 if (netscapeAttributeValueNeeded) {
mbalao@54321 303 (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).type = CKA_NETSCAPE_DB;
mbalao@54321 304 // Value is not needed, public key is not used
mbalao@54321 305 }
mbalao@54321 306
mbalao@54321 307 if ((sensitiveAttributePosition != (unsigned int)-1) &&
mbalao@54321 308 *(CK_BBOOL*)(((CK_ATTRIBUTE_PTR)(((CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributes)
mbalao@54321 309 +sensitiveAttributePosition))->pValue) == CK_TRUE) {
mbalao@54321 310 // Key is sensitive. Need to extract it wrapped.
mbalao@54321 311 if (jWrappingKeyHandle != -1) {
mbalao@54321 312
mbalao@54321 313 jMechanismToCKMechanism(env, jWrappingMech, &ckMechanism);
mbalao@54321 314 rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, &ckMechanism,
mbalao@54321 315 jLongToCKULong(jWrappingKeyHandle), ckObjectHandle,
mbalao@54321 316 NULL_PTR, &ckWrappedKeyLength);
mbalao@54321 317 if (ckWrappedKeyLength != 0) {
mbalao@54321 318 // Allocate space for getting the wrapped key
mbalao@54321 319 nativeKeyInfoWrappedKeyArray = (*env)->NewByteArray(env,
mbalao@54321 320 totalNativeKeyInfoArraySize + ckWrappedKeyLength);
mbalao@54321 321 if (nativeKeyInfoWrappedKeyArray == NULL) {
mbalao@54321 322 goto cleanup;
mbalao@54321 323 }
mbalao@54321 324 nativeKeyInfoWrappedKeyArrayRaw =
mbalao@54321 325 (*env)->GetByteArrayElements(env,
mbalao@54321 326 nativeKeyInfoWrappedKeyArray, NULL);
mbalao@54321 327 if (nativeKeyInfoWrappedKeyArrayRaw == NULL) {
mbalao@54321 328 goto cleanup;
mbalao@54321 329 }
mbalao@54321 330 memcpy(nativeKeyInfoWrappedKeyArrayRaw, nativeKeyInfoArrayRaw,
mbalao@54321 331 totalNativeKeyInfoArraySize);
mbalao@54321 332 wrappedKeySizeWrappedKeyArrayPtr =
valeriep@55037 333 nativeKeyInfoWrappedKeyArrayRaw +
mbalao@54321 334 sizeof(unsigned long)*2 + totalCkAttributesSize +
valeriep@55037 335 totalDataSize;
mbalao@54321 336 memcpy(wrappedKeySizeWrappedKeyArrayPtr, &ckWrappedKeyLength, sizeof(unsigned long));
mbalao@54321 337 TRACE1("DEBUG: GetNativeKeyInfo 1st C_WrapKey wrappedKeyLength = %lu\n", ckWrappedKeyLength);
mbalao@54321 338
mbalao@54321 339 wrappedKeyBufferPtr =
valeriep@55037 340 (CK_BYTE_PTR) (wrappedKeySizeWrappedKeyArrayPtr +
valeriep@55037 341 sizeof(unsigned long));
mbalao@54321 342 rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, &ckMechanism,
mbalao@54321 343 jLongToCKULong(jWrappingKeyHandle),ckObjectHandle,
mbalao@54321 344 wrappedKeyBufferPtr, &ckWrappedKeyLength);
mbalao@54321 345 if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) {
mbalao@54321 346 goto cleanup;
mbalao@54321 347 }
mbalao@54321 348 memcpy(wrappedKeySizeWrappedKeyArrayPtr, &ckWrappedKeyLength, sizeof(unsigned long));
mbalao@54321 349 TRACE1("DEBUG: GetNativeKeyInfo 2nd C_WrapKey wrappedKeyLength = %lu\n", ckWrappedKeyLength);
mbalao@54321 350 } else {
mbalao@54321 351 goto cleanup;
mbalao@54321 352 }
mbalao@54321 353 } else {
mbalao@54321 354 goto cleanup;
mbalao@54321 355 }
mbalao@54321 356 returnValue = nativeKeyInfoWrappedKeyArray;
mbalao@54321 357 } else {
mbalao@54321 358 returnValue = nativeKeyInfoArray;
mbalao@54321 359 }
mbalao@54321 360
mbalao@54321 361 cleanup:
mbalao@54321 362 if (ckpAttributes != NULL) {
mbalao@54321 363 free(ckpAttributes);
mbalao@54321 364 }
mbalao@54321 365
mbalao@54321 366 if (nativeKeyInfoArrayRaw != NULL) {
mbalao@54321 367 (*env)->ReleaseByteArrayElements(env, nativeKeyInfoArray,
mbalao@54321 368 nativeKeyInfoArrayRaw, 0);
mbalao@54321 369 }
mbalao@54321 370
mbalao@54321 371 if (nativeKeyInfoWrappedKeyArrayRaw != NULL) {
mbalao@54321 372 (*env)->ReleaseByteArrayElements(env, nativeKeyInfoWrappedKeyArray,
mbalao@54321 373 nativeKeyInfoWrappedKeyArrayRaw, 0);
mbalao@54321 374 }
mbalao@54321 375
mbalao@54321 376 if (nativeKeyInfoArray != NULL && returnValue != nativeKeyInfoArray) {
mbalao@54321 377 (*env)->DeleteLocalRef(env, nativeKeyInfoArray);
mbalao@54321 378 }
mbalao@54321 379
mbalao@54321 380 if (nativeKeyInfoWrappedKeyArray != NULL
mbalao@54321 381 && returnValue != nativeKeyInfoWrappedKeyArray) {
mbalao@54321 382 (*env)->DeleteLocalRef(env, nativeKeyInfoWrappedKeyArray);
mbalao@54321 383 }
mbalao@54321 384
mbalao@54321 385 return returnValue;
mbalao@54321 386 }
mbalao@54321 387 #endif
mbalao@54321 388
mbalao@54321 389 #ifdef P11_ENABLE_CREATENATIVEKEY
mbalao@54321 390 /*
mbalao@54321 391 * Class: sun_security_pkcs11_wrapper_PKCS11
mbalao@54321 392 * Method: createNativeKey
mbalao@54321 393 * Signature: (J[BJLsun/security/pkcs11/wrapper/CK_MECHANISM;)J
mbalao@54321 394 * Parametermapping: *PKCS11*
mbalao@54321 395 * @param jlong jSessionHandle CK_SESSION_HANDLE hSession
mbalao@54321 396 * @param jbyteArray jNativeKeyInfo -
mbalao@54321 397 * @param jlong jWrappingKeyHandle CK_OBJECT_HANDLE hObject
mbalao@54321 398 * @param jobject jWrappingMech CK_MECHANISM_PTR pMechanism
mbalao@54321 399 * @return jlong jKeyHandle CK_OBJECT_HANDLE hObject
mbalao@54321 400 */
mbalao@54321 401 JNIEXPORT jlong JNICALL
mbalao@54321 402 Java_sun_security_pkcs11_wrapper_PKCS11_createNativeKey
mbalao@54321 403 (JNIEnv *env, jobject obj, jlong jSessionHandle, jbyteArray jNativeKeyInfo,
mbalao@54321 404 jlong jWrappingKeyHandle, jobject jWrappingMech)
mbalao@54321 405 {
mbalao@54321 406 CK_OBJECT_HANDLE ckObjectHandle;
mbalao@54321 407 CK_RV rv;
mbalao@54321 408 CK_SESSION_HANDLE ckSessionHandle = jLongToCKULong(jSessionHandle);
mbalao@54321 409 jbyte* nativeKeyInfoArrayRaw = NULL;
mbalao@54321 410 jlong jObjectHandle = 0L;
mbalao@54321 411 unsigned long totalCkAttributesSize = 0UL;
mbalao@54321 412 unsigned long nativeKeyInfoCkAttributesCount = 0UL;
mbalao@54321 413 jbyte* nativeKeyInfoArrayRawCkAttributes = NULL;
mbalao@54321 414 jbyte* nativeKeyInfoArrayRawCkAttributesPtr = NULL;
mbalao@54321 415 jbyte* nativeKeyInfoArrayRawDataPtr = NULL;
mbalao@54321 416 unsigned long totalDataSize = 0UL;
valeriep@55037 417 jbyte* wrappedKeySizePtr = NULL;
mbalao@54321 418 unsigned int i = 0U;
mbalao@54321 419 CK_MECHANISM ckMechanism;
mbalao@54321 420 char iv[16] = {0x0};
mbalao@54321 421 CK_ULONG ckWrappedKeyLength = 0UL;
mbalao@54321 422 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
mbalao@54321 423
mbalao@54321 424 if (ckpFunctions == NULL) { goto cleanup; }
mbalao@54321 425
mbalao@54321 426 nativeKeyInfoArrayRaw =
mbalao@54321 427 (*env)->GetByteArrayElements(env, jNativeKeyInfo, NULL);
mbalao@54321 428 if (nativeKeyInfoArrayRaw == NULL) {
mbalao@54321 429 goto cleanup;
mbalao@54321 430 }
mbalao@54321 431
mbalao@54321 432 memcpy(&totalCkAttributesSize, nativeKeyInfoArrayRaw, sizeof(unsigned long));
mbalao@54321 433 TRACE1("DEBUG: createNativeKey totalCkAttributesSize = %lu\n", totalCkAttributesSize);
mbalao@54321 434 nativeKeyInfoCkAttributesCount = totalCkAttributesSize/sizeof(CK_ATTRIBUTE);
mbalao@54321 435 TRACE1("DEBUG: createNativeKey nativeKeyInfoCkAttributesCount = %lu\n", nativeKeyInfoCkAttributesCount);
mbalao@54321 436
mbalao@54321 437 nativeKeyInfoArrayRawCkAttributes = nativeKeyInfoArrayRaw +
mbalao@54321 438 sizeof(unsigned long);
mbalao@54321 439 nativeKeyInfoArrayRawCkAttributesPtr = nativeKeyInfoArrayRawCkAttributes;
mbalao@54321 440 nativeKeyInfoArrayRawDataPtr = nativeKeyInfoArrayRaw +
mbalao@54321 441 totalCkAttributesSize + sizeof(unsigned long) * 2;
mbalao@54321 442 memcpy(&totalDataSize, (nativeKeyInfoArrayRaw + totalCkAttributesSize + sizeof(unsigned long)),
mbalao@54321 443 sizeof(unsigned long));
mbalao@54321 444 TRACE1("DEBUG: createNativeKey totalDataSize = %lu\n", totalDataSize);
mbalao@54321 445
valeriep@55037 446 wrappedKeySizePtr = nativeKeyInfoArrayRaw +
valeriep@55037 447 sizeof(unsigned long)*2 + totalCkAttributesSize + totalDataSize;
mbalao@54321 448
mbalao@54321 449 memcpy(&ckWrappedKeyLength, wrappedKeySizePtr, sizeof(unsigned long));
mbalao@54321 450 TRACE1("DEBUG: createNativeKey wrappedKeyLength = %lu\n", ckWrappedKeyLength);
mbalao@54321 451
mbalao@54321 452 for (i = 0; i < nativeKeyInfoCkAttributesCount; i++) {
mbalao@54321 453 if ((*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).ulValueLen
mbalao@54321 454 > 0) {
mbalao@54321 455 (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).pValue =
mbalao@54321 456 nativeKeyInfoArrayRawDataPtr;
mbalao@54321 457 }
mbalao@54321 458 nativeKeyInfoArrayRawDataPtr +=
mbalao@54321 459 (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).ulValueLen;
mbalao@54321 460 nativeKeyInfoArrayRawCkAttributesPtr += sizeof(CK_ATTRIBUTE);
mbalao@54321 461 }
mbalao@54321 462
mbalao@54321 463 if (ckWrappedKeyLength == 0) {
mbalao@54321 464 // Not a wrapped key
mbalao@54321 465 rv = (*ckpFunctions->C_CreateObject)(ckSessionHandle,
mbalao@54321 466 (CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributes,
mbalao@54321 467 jLongToCKULong(nativeKeyInfoCkAttributesCount), &ckObjectHandle);
mbalao@54321 468 } else {
mbalao@54321 469 // Wrapped key
mbalao@54321 470 jMechanismToCKMechanism(env, jWrappingMech, &ckMechanism);
mbalao@54321 471 rv = (*ckpFunctions->C_UnwrapKey)(ckSessionHandle, &ckMechanism,
mbalao@54321 472 jLongToCKULong(jWrappingKeyHandle),
valeriep@55037 473 (CK_BYTE_PTR)(wrappedKeySizePtr + sizeof(unsigned long)),
valeriep@55037 474 ckWrappedKeyLength,
mbalao@54321 475 (CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributes,
mbalao@54321 476 jLongToCKULong(nativeKeyInfoCkAttributesCount),
mbalao@54321 477 &ckObjectHandle);
mbalao@54321 478 }
mbalao@54321 479 if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) {
mbalao@54321 480 goto cleanup;
mbalao@54321 481 }
mbalao@54321 482
mbalao@54321 483 jObjectHandle = ckULongToJLong(ckObjectHandle);
mbalao@54321 484
mbalao@54321 485 cleanup:
mbalao@54321 486
mbalao@54321 487 if (nativeKeyInfoArrayRaw != NULL) {
mbalao@54321 488 (*env)->ReleaseByteArrayElements(env, jNativeKeyInfo,
mbalao@54321 489 nativeKeyInfoArrayRaw, JNI_ABORT);
mbalao@54321 490 }
mbalao@54321 491
mbalao@54321 492 return jObjectHandle;
mbalao@54321 493 }
mbalao@54321 494 #endif
mbalao@54321 495
duke@2 496 #ifdef P11_ENABLE_C_GENERATEKEY
duke@2 497 /*
duke@2 498 * Class: sun_security_pkcs11_wrapper_PKCS11
duke@2 499 * Method: C_GenerateKey
duke@2 500 * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;)J
duke@2 501 * Parametermapping: *PKCS11*
duke@2 502 * @param jlong jSessionHandle CK_SESSION_HANDLE hSession
duke@2 503 * @param jobject jMechanism CK_MECHANISM_PTR pMechanism
duke@2 504 * @param jobjectArray jTemplate CK_ATTRIBUTE_PTR pTemplate
duke@2 505 * CK_ULONG ulCount
duke@2 506 * @return jlong jKeyHandle CK_OBJECT_HANDLE_PTR phKey
duke@2 507 */
duke@2 508 JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GenerateKey
duke@2 509 (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jobjectArray jTemplate)
duke@2 510 {
duke@2 511 CK_SESSION_HANDLE ckSessionHandle;
duke@2 512 CK_MECHANISM ckMechanism;
duke@2 513 CK_ATTRIBUTE_PTR ckpAttributes = NULL_PTR;
duke@2 514 CK_ULONG ckAttributesLength;
valeriep@3321 515 CK_OBJECT_HANDLE ckKeyHandle = 0;
valeriep@2180 516 jlong jKeyHandle = 0L;
duke@2 517 CK_RV rv;
duke@2 518
duke@2 519 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
duke@2 520 if (ckpFunctions == NULL) { return 0L; }
duke@2 521
duke@2 522 ckSessionHandle = jLongToCKULong(jSessionHandle);
duke@2 523 jMechanismToCKMechanism(env, jMechanism, &ckMechanism);
valeriep@2180 524 if ((*env)->ExceptionCheck(env)) { return 0L ; }
valeriep@2180 525
duke@2 526 jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength);
valeriep@2180 527 if ((*env)->ExceptionCheck(env)) {
valeriep@2180 528 if (ckMechanism.pParameter != NULL_PTR) {
valeriep@2180 529 free(ckMechanism.pParameter);
valeriep@2180 530 }
valeriep@2180 531 return 0L;
valeriep@2180 532 }
duke@2 533
duke@2 534 rv = (*ckpFunctions->C_GenerateKey)(ckSessionHandle, &ckMechanism, ckpAttributes, ckAttributesLength, &ckKeyHandle);
duke@2 535
valeriep@2180 536 if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) {
valeriep@2180 537 jKeyHandle = ckULongToJLong(ckKeyHandle);
duke@2 538
valeriep@2180 539 /* cheack, if we must give a initialization vector back to Java */
valeriep@2180 540 switch (ckMechanism.mechanism) {
duke@2 541 case CKM_PBE_MD2_DES_CBC:
duke@2 542 case CKM_PBE_MD5_DES_CBC:
duke@2 543 case CKM_PBE_MD5_CAST_CBC:
duke@2 544 case CKM_PBE_MD5_CAST3_CBC:
duke@2 545 case CKM_PBE_MD5_CAST128_CBC:
duke@2 546 /* case CKM_PBE_MD5_CAST5_CBC: the same as CKM_PBE_MD5_CAST128_CBC */
duke@2 547 case CKM_PBE_SHA1_CAST128_CBC:
duke@2 548 /* case CKM_PBE_SHA1_CAST5_CBC: the same as CKM_PBE_SHA1_CAST128_CBC */
duke@2 549 /* we must copy back the initialization vector to the jMechanism object */
duke@2 550 copyBackPBEInitializationVector(env, &ckMechanism, jMechanism);
duke@2 551 break;
valeriep@2180 552 }
duke@2 553 }
duke@2 554
valeriep@2180 555 if (ckMechanism.pParameter != NULL_PTR) {
duke@2 556 free(ckMechanism.pParameter);
duke@2 557 }
valeriep@2180 558 freeCKAttributeArray(ckpAttributes, ckAttributesLength);
duke@2 559
duke@2 560 return jKeyHandle ;
duke@2 561 }
duke@2 562 #endif
duke@2 563
duke@2 564 #ifdef P11_ENABLE_C_GENERATEKEYPAIR
duke@2 565 /*
duke@2 566 * Class: sun_security_pkcs11_wrapper_PKCS11
duke@2 567 * Method: C_GenerateKeyPair
duke@2 568 * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;)[J
duke@2 569 * Parametermapping: *PKCS11*
duke@2 570 * @param jlong jSessionHandle CK_SESSION_HANDLE hSession
duke@2 571 * @param jobject jMechanism CK_MECHANISM_PTR pMechanism
duke@2 572 * @param jobjectArray jPublicKeyTemplate CK_ATTRIBUTE_PTR pPublicKeyTemplate
duke@2 573 * CK_ULONG ulPublicKeyAttributeCount
duke@2 574 * @param jobjectArray jPrivateKeyTemplate CK_ATTRIBUTE_PTR pPrivateKeyTemplate
duke@2 575 * CK_ULONG ulPrivateKeyAttributeCount
duke@2 576 * @return jlongArray jKeyHandles CK_OBJECT_HANDLE_PTR phPublicKey
duke@2 577 * CK_OBJECT_HANDLE_PTR phPublicKey
duke@2 578 */
duke@2 579 JNIEXPORT jlongArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GenerateKeyPair
duke@2 580 (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism,
duke@2 581 jobjectArray jPublicKeyTemplate, jobjectArray jPrivateKeyTemplate)
duke@2 582 {
duke@2 583 CK_SESSION_HANDLE ckSessionHandle;
duke@2 584 CK_MECHANISM ckMechanism;
duke@2 585 CK_ATTRIBUTE_PTR ckpPublicKeyAttributes = NULL_PTR;
duke@2 586 CK_ATTRIBUTE_PTR ckpPrivateKeyAttributes = NULL_PTR;
duke@2 587 CK_ULONG ckPublicKeyAttributesLength;
duke@2 588 CK_ULONG ckPrivateKeyAttributesLength;
duke@2 589 CK_OBJECT_HANDLE_PTR ckpPublicKeyHandle; /* pointer to Public Key */
duke@2 590 CK_OBJECT_HANDLE_PTR ckpPrivateKeyHandle; /* pointer to Private Key */
duke@2 591 CK_OBJECT_HANDLE_PTR ckpKeyHandles; /* pointer to array with Public and Private Key */
valeriep@3321 592 jlongArray jKeyHandles = NULL;
duke@2 593 CK_RV rv;
asmotrak@39142 594 int attempts;
asmotrak@39142 595 const int MAX_ATTEMPTS = 3;
duke@2 596
duke@2 597 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
duke@2 598 if (ckpFunctions == NULL) { return NULL; }
duke@2 599
duke@2 600 ckSessionHandle = jLongToCKULong(jSessionHandle);
duke@2 601 jMechanismToCKMechanism(env, jMechanism, &ckMechanism);
valeriep@2180 602 if ((*env)->ExceptionCheck(env)) { return NULL; }
valeriep@2180 603
duke@2 604 ckpKeyHandles = (CK_OBJECT_HANDLE_PTR) malloc(2 * sizeof(CK_OBJECT_HANDLE));
valeriep@2180 605 if (ckpKeyHandles == NULL) {
valeriep@2180 606 if (ckMechanism.pParameter != NULL_PTR) {
valeriep@2180 607 free(ckMechanism.pParameter);
valeriep@2180 608 }
chegar@10798 609 throwOutOfMemoryError(env, 0);
valeriep@2180 610 return NULL;
valeriep@2180 611 }
duke@2 612 ckpPublicKeyHandle = ckpKeyHandles; /* first element of array is Public Key */
duke@2 613 ckpPrivateKeyHandle = (ckpKeyHandles + 1); /* second element of array is Private Key */
duke@2 614
valeriep@2180 615 jAttributeArrayToCKAttributeArray(env, jPublicKeyTemplate, &ckpPublicKeyAttributes, &ckPublicKeyAttributesLength);
valeriep@2180 616 if ((*env)->ExceptionCheck(env)) {
valeriep@2180 617 if (ckMechanism.pParameter != NULL_PTR) {
valeriep@2180 618 free(ckMechanism.pParameter);
valeriep@2180 619 }
valeriep@2180 620 free(ckpKeyHandles);
valeriep@2180 621 return NULL;
valeriep@2180 622 }
valeriep@2180 623
valeriep@2180 624 jAttributeArrayToCKAttributeArray(env, jPrivateKeyTemplate, &ckpPrivateKeyAttributes, &ckPrivateKeyAttributesLength);
valeriep@2180 625 if ((*env)->ExceptionCheck(env)) {
valeriep@2180 626 if (ckMechanism.pParameter != NULL_PTR) {
valeriep@2180 627 free(ckMechanism.pParameter);
valeriep@2180 628 }
valeriep@2180 629 free(ckpKeyHandles);
valeriep@2180 630 freeCKAttributeArray(ckpPublicKeyAttributes, ckPublicKeyAttributesLength);
valeriep@2180 631 return NULL;
valeriep@2180 632 }
valeriep@2180 633
asmotrak@39142 634 /*
asmotrak@39142 635 * Workaround for NSS bug 1012786:
asmotrak@39142 636 *
asmotrak@39142 637 * Key generation may fail with CKR_FUNCTION_FAILED error
asmotrak@39142 638 * if there is insufficient entropy to generate a random key.
asmotrak@39142 639 *
asmotrak@39142 640 * PKCS11 spec says the following about CKR_FUNCTION_FAILED error
asmotrak@39142 641 * (see section 11.1.1):
asmotrak@39142 642 *
asmotrak@39142 643 * ... In any event, although the function call failed, the situation
asmotrak@39142 644 * is not necessarily totally hopeless, as it is likely to be
asmotrak@39142 645 * when CKR_GENERAL_ERROR is returned. Depending on what the root cause of
asmotrak@39142 646 * the error actually was, it is possible that an attempt
asmotrak@39142 647 * to make the exact same function call again would succeed.
asmotrak@39142 648 *
asmotrak@39142 649 * Call C_GenerateKeyPair() several times if CKR_FUNCTION_FAILED occurs.
asmotrak@39142 650 */
asmotrak@39142 651 for (attempts = 0; attempts < MAX_ATTEMPTS; attempts++) {
asmotrak@39142 652 rv = (*ckpFunctions->C_GenerateKeyPair)(ckSessionHandle, &ckMechanism,
asmotrak@39142 653 ckpPublicKeyAttributes, ckPublicKeyAttributesLength,
asmotrak@39142 654 ckpPrivateKeyAttributes, ckPrivateKeyAttributesLength,
asmotrak@39142 655 ckpPublicKeyHandle, ckpPrivateKeyHandle);
asmotrak@39142 656 if (rv == CKR_FUNCTION_FAILED) {
asmotrak@39142 657 printDebug("C_1GenerateKeyPair(): C_GenerateKeyPair() failed \
asmotrak@39142 658 with CKR_FUNCTION_FAILED error, try again\n");
asmotrak@39142 659 } else {
asmotrak@39142 660 break;
asmotrak@39142 661 }
asmotrak@39142 662 }
duke@2 663
valeriep@2180 664 if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) {
valeriep@2180 665 jKeyHandles = ckULongArrayToJLongArray(env, ckpKeyHandles, 2);
duke@2 666 }
duke@2 667
duke@2 668 if(ckMechanism.pParameter != NULL_PTR) {
duke@2 669 free(ckMechanism.pParameter);
duke@2 670 }
duke@2 671 free(ckpKeyHandles);
valeriep@2180 672 freeCKAttributeArray(ckpPublicKeyAttributes, ckPublicKeyAttributesLength);
valeriep@2180 673 freeCKAttributeArray(ckpPrivateKeyAttributes, ckPrivateKeyAttributesLength);
duke@2 674
duke@2 675 return jKeyHandles ;
duke@2 676 }
duke@2 677 #endif
duke@2 678
duke@2 679 #ifdef P11_ENABLE_C_WRAPKEY
duke@2 680 /*
duke@2 681 * Class: sun_security_pkcs11_wrapper_PKCS11
duke@2 682 * Method: C_WrapKey
duke@2 683 * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;JJ)[B
duke@2 684 * Parametermapping: *PKCS11*
duke@2 685 * @param jlong jSessionHandle CK_SESSION_HANDLE hSession
duke@2 686 * @param jobject jMechanism CK_MECHANISM_PTR pMechanism
duke@2 687 * @param jlong jWrappingKeyHandle CK_OBJECT_HANDLE hWrappingKey
duke@2 688 * @param jlong jKeyHandle CK_OBJECT_HANDLE hKey
duke@2 689 * @return jbyteArray jWrappedKey CK_BYTE_PTR pWrappedKey
duke@2 690 * CK_ULONG_PTR pulWrappedKeyLen
duke@2 691 */
duke@2 692 JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1WrapKey
duke@2 693 (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jWrappingKeyHandle, jlong jKeyHandle)
duke@2 694 {
duke@2 695 CK_SESSION_HANDLE ckSessionHandle;
duke@2 696 CK_MECHANISM ckMechanism;
duke@2 697 CK_OBJECT_HANDLE ckWrappingKeyHandle;
duke@2 698 CK_OBJECT_HANDLE ckKeyHandle;
valeriep@2180 699 jbyteArray jWrappedKey = NULL;
duke@2 700 CK_RV rv;
duke@2 701 CK_BYTE BUF[MAX_STACK_BUFFER_LEN];
duke@2 702 CK_BYTE_PTR ckpWrappedKey = BUF;
duke@2 703 CK_ULONG ckWrappedKeyLength = MAX_STACK_BUFFER_LEN;
duke@2 704
duke@2 705 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
duke@2 706 if (ckpFunctions == NULL) { return NULL; }
duke@2 707
duke@2 708 ckSessionHandle = jLongToCKULong(jSessionHandle);
duke@2 709 jMechanismToCKMechanism(env, jMechanism, &ckMechanism);
valeriep@2180 710 if ((*env)->ExceptionCheck(env)) { return NULL; }
valeriep@2180 711
duke@2 712 ckWrappingKeyHandle = jLongToCKULong(jWrappingKeyHandle);
duke@2 713 ckKeyHandle = jLongToCKULong(jKeyHandle);
duke@2 714
duke@2 715 rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, &ckMechanism, ckWrappingKeyHandle, ckKeyHandle, ckpWrappedKey, &ckWrappedKeyLength);
duke@2 716 if (rv == CKR_BUFFER_TOO_SMALL) {
duke@2 717 ckpWrappedKey = (CK_BYTE_PTR) malloc(ckWrappedKeyLength);
valeriep@2180 718 if (ckpWrappedKey == NULL) {
valeriep@2180 719 if (ckMechanism.pParameter != NULL_PTR) {
valeriep@2180 720 free(ckMechanism.pParameter);
valeriep@2180 721 }
chegar@10798 722 throwOutOfMemoryError(env, 0);
valeriep@2180 723 return NULL;
valeriep@2180 724 }
valeriep@2180 725
duke@2 726 rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, &ckMechanism, ckWrappingKeyHandle, ckKeyHandle, ckpWrappedKey, &ckWrappedKeyLength);
duke@2 727 }
duke@2 728 if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) {
duke@2 729 jWrappedKey = ckByteArrayToJByteArray(env, ckpWrappedKey, ckWrappedKeyLength);
duke@2 730 }
duke@2 731
valeriep@2180 732 if (ckpWrappedKey != BUF) { free(ckpWrappedKey); }
valeriep@2180 733 if (ckMechanism.pParameter != NULL_PTR) {
valeriep@2180 734 free(ckMechanism.pParameter);
duke@2 735 }
duke@2 736 return jWrappedKey ;
duke@2 737 }
duke@2 738 #endif
duke@2 739
duke@2 740 #ifdef P11_ENABLE_C_UNWRAPKEY
duke@2 741 /*
duke@2 742 * Class: sun_security_pkcs11_wrapper_PKCS11
duke@2 743 * Method: C_UnwrapKey
duke@2 744 * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;J[B[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;)J
duke@2 745 * Parametermapping: *PKCS11*
duke@2 746 * @param jlong jSessionHandle CK_SESSION_HANDLE hSession
duke@2 747 * @param jobject jMechanism CK_MECHANISM_PTR pMechanism
duke@2 748 * @param jlong jUnwrappingKeyHandle CK_OBJECT_HANDLE hUnwrappingKey
duke@2 749 * @param jbyteArray jWrappedKey CK_BYTE_PTR pWrappedKey
duke@2 750 * CK_ULONG_PTR pulWrappedKeyLen
duke@2 751 * @param jobjectArray jTemplate CK_ATTRIBUTE_PTR pTemplate
duke@2 752 * CK_ULONG ulCount
duke@2 753 * @return jlong jKeyHandle CK_OBJECT_HANDLE_PTR phKey
duke@2 754 */
duke@2 755 JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1UnwrapKey
duke@2 756 (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jUnwrappingKeyHandle,
duke@2 757 jbyteArray jWrappedKey, jobjectArray jTemplate)
duke@2 758 {
duke@2 759 CK_SESSION_HANDLE ckSessionHandle;
duke@2 760 CK_MECHANISM ckMechanism;
duke@2 761 CK_OBJECT_HANDLE ckUnwrappingKeyHandle;
duke@2 762 CK_BYTE_PTR ckpWrappedKey = NULL_PTR;
duke@2 763 CK_ULONG ckWrappedKeyLength;
duke@2 764 CK_ATTRIBUTE_PTR ckpAttributes = NULL_PTR;
duke@2 765 CK_ULONG ckAttributesLength;
valeriep@3321 766 CK_OBJECT_HANDLE ckKeyHandle = 0;
valeriep@2180 767 jlong jKeyHandle = 0L;
duke@2 768 CK_RV rv;
duke@2 769
duke@2 770 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
duke@2 771 if (ckpFunctions == NULL) { return 0L; }
duke@2 772
duke@2 773 ckSessionHandle = jLongToCKULong(jSessionHandle);
duke@2 774 jMechanismToCKMechanism(env, jMechanism, &ckMechanism);
valeriep@2180 775 if ((*env)->ExceptionCheck(env)) { return 0L; }
valeriep@2180 776
duke@2 777 ckUnwrappingKeyHandle = jLongToCKULong(jUnwrappingKeyHandle);
duke@2 778 jByteArrayToCKByteArray(env, jWrappedKey, &ckpWrappedKey, &ckWrappedKeyLength);
valeriep@2180 779 if ((*env)->ExceptionCheck(env)) {
valeriep@2180 780 if (ckMechanism.pParameter != NULL_PTR) {
valeriep@2180 781 free(ckMechanism.pParameter);
valeriep@2180 782 }
valeriep@2180 783 return 0L;
valeriep@2180 784 }
valeriep@2180 785
duke@2 786 jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength);
valeriep@2180 787 if ((*env)->ExceptionCheck(env)) {
valeriep@2180 788 if (ckMechanism.pParameter != NULL_PTR) {
valeriep@2180 789 free(ckMechanism.pParameter);
valeriep@2180 790 }
valeriep@2180 791 free(ckpWrappedKey);
valeriep@2180 792 return 0L;
valeriep@2180 793 }
valeriep@2180 794
duke@2 795
duke@2 796 rv = (*ckpFunctions->C_UnwrapKey)(ckSessionHandle, &ckMechanism, ckUnwrappingKeyHandle,
duke@2 797 ckpWrappedKey, ckWrappedKeyLength,
duke@2 798 ckpAttributes, ckAttributesLength, &ckKeyHandle);
duke@2 799
valeriep@2180 800 if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) {
valeriep@2180 801 jKeyHandle = ckLongToJLong(ckKeyHandle);
duke@2 802
duke@2 803 #if 0
valeriep@2180 804 /* cheack, if we must give a initialization vector back to Java */
valeriep@2180 805 if (ckMechanism.mechanism == CKM_KEY_WRAP_SET_OAEP) {
valeriep@2180 806 /* we must copy back the unwrapped key info to the jMechanism object */
valeriep@2180 807 copyBackSetUnwrappedKey(env, &ckMechanism, jMechanism);
valeriep@2180 808 }
valeriep@2180 809 #endif
duke@2 810 }
duke@2 811
valeriep@2180 812 if (ckMechanism.pParameter != NULL_PTR) {
duke@2 813 free(ckMechanism.pParameter);
duke@2 814 }
valeriep@2180 815 freeCKAttributeArray(ckpAttributes, ckAttributesLength);
valeriep@2180 816 free(ckpWrappedKey);
duke@2 817
duke@2 818 return jKeyHandle ;
duke@2 819 }
duke@2 820 #endif
duke@2 821
duke@2 822 #ifdef P11_ENABLE_C_DERIVEKEY
duke@2 823
mbalao@52586 824 static void freeMasterKeyDeriveParams(CK_SSL3_RANDOM_DATA *RandomInfo, CK_VERSION_PTR pVersion) {
mbalao@52586 825 if (RandomInfo->pClientRandom != NULL) {
mbalao@52586 826 free(RandomInfo->pClientRandom);
mbalao@52586 827 }
mbalao@52586 828 if (RandomInfo->pServerRandom != NULL) {
mbalao@52586 829 free(RandomInfo->pServerRandom);
mbalao@52586 830 }
mbalao@52586 831 if (pVersion != NULL) {
mbalao@52586 832 free(pVersion);
mbalao@52586 833 }
mbalao@52586 834 }
mbalao@52586 835
mbalao@52586 836 void ssl3FreeMasterKeyDeriveParams(CK_MECHANISM_PTR ckMechanism) {
duke@2 837 CK_SSL3_MASTER_KEY_DERIVE_PARAMS *params = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *) ckMechanism->pParameter;
duke@2 838 if (params == NULL) {
duke@2 839 return;
duke@2 840 }
mbalao@52586 841 freeMasterKeyDeriveParams(&(params->RandomInfo), params->pVersion);
mbalao@52586 842 }
duke@2 843
mbalao@52586 844 void tls12FreeMasterKeyDeriveParams(CK_MECHANISM_PTR ckMechanism) {
mbalao@52586 845 CK_TLS12_MASTER_KEY_DERIVE_PARAMS *params =
mbalao@52586 846 (CK_TLS12_MASTER_KEY_DERIVE_PARAMS *)ckMechanism->pParameter;
mbalao@52586 847 if (params == NULL) {
mbalao@52586 848 return;
duke@2 849 }
mbalao@52586 850 freeMasterKeyDeriveParams(&(params->RandomInfo), params->pVersion);
duke@2 851 }
duke@2 852
duke@2 853 void freeEcdh1DeriveParams(CK_MECHANISM_PTR ckMechanism) {
mbalao@52586 854 CK_ECDH1_DERIVE_PARAMS *params =
mbalao@52586 855 (CK_ECDH1_DERIVE_PARAMS *)ckMechanism->pParameter;
duke@2 856 if (params == NULL) {
duke@2 857 return;
duke@2 858 }
duke@2 859
duke@2 860 if (params->pSharedData != NULL) {
duke@2 861 free(params->pSharedData);
duke@2 862 }
duke@2 863 if (params->pPublicData != NULL) {
duke@2 864 free(params->pPublicData);
duke@2 865 }
duke@2 866 }
duke@2 867
duke@2 868 /*
duke@2 869 * Copy back the PRF output to Java.
duke@2 870 */
duke@2 871 void copyBackTLSPrfParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism)
duke@2 872 {
valeriep@2180 873 jclass jMechanismClass, jTLSPrfParamsClass;
duke@2 874 CK_TLS_PRF_PARAMS *ckTLSPrfParams;
duke@2 875 jobject jTLSPrfParams;
duke@2 876 jfieldID fieldID;
duke@2 877 CK_MECHANISM_TYPE ckMechanismType;
duke@2 878 jlong jMechanismType;
duke@2 879 CK_BYTE_PTR output;
duke@2 880 jobject jOutput;
duke@2 881 jint jLength;
duke@2 882 jbyte* jBytes;
duke@2 883 int i;
duke@2 884
duke@2 885 /* get mechanism */
valeriep@2180 886 jMechanismClass = (*env)->FindClass(env, CLASS_MECHANISM);
valeriep@2180 887 if (jMechanismClass == NULL) { return; }
duke@2 888 fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J");
valeriep@2180 889 if (fieldID == NULL) { return; }
duke@2 890 jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID);
duke@2 891 ckMechanismType = jLongToCKULong(jMechanismType);
duke@2 892 if (ckMechanismType != ckMechanism->mechanism) {
duke@2 893 /* we do not have maching types, this should not occur */
duke@2 894 return;
duke@2 895 }
duke@2 896
duke@2 897 /* get the native CK_TLS_PRF_PARAMS */
duke@2 898 ckTLSPrfParams = (CK_TLS_PRF_PARAMS *) ckMechanism->pParameter;
duke@2 899 if (ckTLSPrfParams != NULL_PTR) {
duke@2 900 /* get the Java CK_TLS_PRF_PARAMS object (pParameter) */
duke@2 901 fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;");
valeriep@2180 902 if (fieldID == NULL) { return; }
duke@2 903 jTLSPrfParams = (*env)->GetObjectField(env, jMechanism, fieldID);
duke@2 904
duke@2 905 /* copy back the client IV */
valeriep@2180 906 jTLSPrfParamsClass = (*env)->FindClass(env, CLASS_TLS_PRF_PARAMS);
valeriep@2180 907 if (jTLSPrfParamsClass == NULL) { return; }
duke@2 908 fieldID = (*env)->GetFieldID(env, jTLSPrfParamsClass, "pOutput", "[B");
valeriep@2180 909 if (fieldID == NULL) { return; }
duke@2 910 jOutput = (*env)->GetObjectField(env, jTLSPrfParams, fieldID);
duke@2 911 output = ckTLSPrfParams->pOutput;
duke@2 912
duke@2 913 // Note: we assume that the token returned exactly as many bytes as we
duke@2 914 // requested. Anything else would not make sense.
duke@2 915 if (jOutput != NULL) {
duke@2 916 jLength = (*env)->GetArrayLength(env, jOutput);
duke@2 917 jBytes = (*env)->GetByteArrayElements(env, jOutput, NULL);
valeriep@2180 918 if (jBytes == NULL) { return; }
valeriep@2180 919
duke@2 920 /* copy the bytes to the Java buffer */
duke@2 921 for (i=0; i < jLength; i++) {
duke@2 922 jBytes[i] = ckByteToJByte(output[i]);
duke@2 923 }
duke@2 924 /* copy back the Java buffer to the object */
duke@2 925 (*env)->ReleaseByteArrayElements(env, jOutput, jBytes, 0);
duke@2 926 }
duke@2 927
duke@2 928 // free malloc'd data
valeriep@2180 929 free(ckTLSPrfParams->pSeed);
valeriep@2180 930 free(ckTLSPrfParams->pLabel);
valeriep@2180 931 free(ckTLSPrfParams->pulOutputLen);
valeriep@2180 932 free(ckTLSPrfParams->pOutput);
duke@2 933 }
duke@2 934 }
duke@2 935
duke@2 936 /*
duke@2 937 * Class: sun_security_pkcs11_wrapper_PKCS11
duke@2 938 * Method: C_DeriveKey
duke@2 939 * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;J[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;)J
duke@2 940 * Parametermapping: *PKCS11*
duke@2 941 * @param jlong jSessionHandle CK_SESSION_HANDLE hSession
duke@2 942 * @param jobject jMechanism CK_MECHANISM_PTR pMechanism
duke@2 943 * @param jlong jBaseKeyHandle CK_OBJECT_HANDLE hBaseKey
duke@2 944 * @param jobjectArray jTemplate CK_ATTRIBUTE_PTR pTemplate
duke@2 945 * CK_ULONG ulCount
duke@2 946 * @return jlong jKeyHandle CK_OBJECT_HANDLE_PTR phKey
duke@2 947 */
duke@2 948 JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DeriveKey
duke@2 949 (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jBaseKeyHandle, jobjectArray jTemplate)
duke@2 950 {
duke@2 951 CK_SESSION_HANDLE ckSessionHandle;
duke@2 952 CK_MECHANISM ckMechanism;
duke@2 953 CK_OBJECT_HANDLE ckBaseKeyHandle;
duke@2 954 CK_ATTRIBUTE_PTR ckpAttributes = NULL_PTR;
duke@2 955 CK_ULONG ckAttributesLength;
duke@2 956 CK_OBJECT_HANDLE ckKeyHandle = 0;
valeriep@3321 957 jlong jKeyHandle = 0L;
duke@2 958 CK_RV rv;
duke@2 959 CK_OBJECT_HANDLE_PTR phKey = &ckKeyHandle;
duke@2 960
duke@2 961 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
duke@2 962 if (ckpFunctions == NULL) { return 0L; }
duke@2 963
duke@2 964 ckSessionHandle = jLongToCKULong(jSessionHandle);
duke@2 965 jMechanismToCKMechanism(env, jMechanism, &ckMechanism);
valeriep@2180 966 if ((*env)->ExceptionCheck(env)) { return 0L; }
valeriep@2180 967
duke@2 968 ckBaseKeyHandle = jLongToCKULong(jBaseKeyHandle);
duke@2 969 jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength);
valeriep@2180 970 if ((*env)->ExceptionCheck(env)) {
valeriep@2180 971 if (ckMechanism.pParameter != NULL_PTR) {
valeriep@2180 972 free(ckMechanism.pParameter);
valeriep@2180 973 }
valeriep@2180 974 return 0L;
valeriep@2180 975 }
duke@2 976
duke@2 977 switch (ckMechanism.mechanism) {
duke@2 978 case CKM_SSL3_KEY_AND_MAC_DERIVE:
duke@2 979 case CKM_TLS_KEY_AND_MAC_DERIVE:
mbalao@52586 980 case CKM_TLS12_KEY_AND_MAC_DERIVE:
duke@2 981 case CKM_TLS_PRF:
duke@2 982 // these mechanism do not return a key handle via phKey
duke@2 983 // set to NULL in case pedantic implementations check for it
duke@2 984 phKey = NULL;
duke@2 985 break;
duke@2 986 default:
duke@2 987 // empty
duke@2 988 break;
duke@2 989 }
duke@2 990
duke@2 991 rv = (*ckpFunctions->C_DeriveKey)(ckSessionHandle, &ckMechanism, ckBaseKeyHandle,
duke@2 992 ckpAttributes, ckAttributesLength, phKey);
duke@2 993
duke@2 994 jKeyHandle = ckLongToJLong(ckKeyHandle);
valeriep@2180 995
valeriep@2180 996 freeCKAttributeArray(ckpAttributes, ckAttributesLength);
duke@2 997
duke@2 998 switch (ckMechanism.mechanism) {
duke@2 999 case CKM_SSL3_MASTER_KEY_DERIVE:
duke@2 1000 case CKM_TLS_MASTER_KEY_DERIVE:
duke@2 1001 /* we must copy back the client version */
mbalao@52586 1002 ssl3CopyBackClientVersion(env, &ckMechanism, jMechanism);
mbalao@52586 1003 ssl3FreeMasterKeyDeriveParams(&ckMechanism);
mbalao@52586 1004 break;
mbalao@52586 1005 case CKM_TLS12_MASTER_KEY_DERIVE:
mbalao@52586 1006 tls12CopyBackClientVersion(env, &ckMechanism, jMechanism);
mbalao@52586 1007 tls12FreeMasterKeyDeriveParams(&ckMechanism);
duke@2 1008 break;
duke@2 1009 case CKM_SSL3_MASTER_KEY_DERIVE_DH:
duke@2 1010 case CKM_TLS_MASTER_KEY_DERIVE_DH:
mbalao@52586 1011 ssl3FreeMasterKeyDeriveParams(&ckMechanism);
mbalao@52586 1012 break;
mbalao@52586 1013 case CKM_TLS12_MASTER_KEY_DERIVE_DH:
mbalao@52586 1014 tls12FreeMasterKeyDeriveParams(&ckMechanism);
duke@2 1015 break;
duke@2 1016 case CKM_SSL3_KEY_AND_MAC_DERIVE:
duke@2 1017 case CKM_TLS_KEY_AND_MAC_DERIVE:
duke@2 1018 /* we must copy back the unwrapped key info to the jMechanism object */
mbalao@52586 1019 ssl3CopyBackKeyMatParams(env, &ckMechanism, jMechanism);
mbalao@52586 1020 break;
mbalao@52586 1021 case CKM_TLS12_KEY_AND_MAC_DERIVE:
mbalao@52586 1022 /* we must copy back the unwrapped key info to the jMechanism object */
mbalao@52586 1023 tls12CopyBackKeyMatParams(env, &ckMechanism, jMechanism);
duke@2 1024 break;
duke@2 1025 case CKM_TLS_PRF:
duke@2 1026 copyBackTLSPrfParams(env, &ckMechanism, jMechanism);
duke@2 1027 break;
duke@2 1028 case CKM_ECDH1_DERIVE:
duke@2 1029 freeEcdh1DeriveParams(&ckMechanism);
duke@2 1030 break;
duke@2 1031 default:
duke@2 1032 // empty
duke@2 1033 break;
duke@2 1034 }
duke@2 1035
valeriep@2180 1036 if (ckMechanism.pParameter != NULL_PTR) {
duke@2 1037 free(ckMechanism.pParameter);
duke@2 1038 }
valeriep@2180 1039 if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return 0L ; }
duke@2 1040
duke@2 1041 return jKeyHandle ;
duke@2 1042 }
duke@2 1043
mbalao@52586 1044 static void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism,
mbalao@52586 1045 CK_VERSION *ckVersion, const char *class_master_key_derive_params)
duke@2 1046 {
mbalao@52586 1047 jclass jMasterKeyDeriveParamsClass, jMechanismClass, jVersionClass;
mbalao@52586 1048 jobject jMasterKeyDeriveParams;
mbalao@52586 1049 jfieldID fieldID;
mbalao@52586 1050 CK_MECHANISM_TYPE ckMechanismType;
mbalao@52586 1051 jlong jMechanismType;
mbalao@52586 1052 jobject jVersion;
duke@2 1053
mbalao@52586 1054 /* get mechanism */
mbalao@52586 1055 jMechanismClass = (*env)->FindClass(env, CLASS_MECHANISM);
mbalao@52586 1056 if (jMechanismClass == NULL) { return; }
mbalao@52586 1057 fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J");
mbalao@52586 1058 if (fieldID == NULL) { return; }
mbalao@52586 1059 jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID);
mbalao@52586 1060 ckMechanismType = jLongToCKULong(jMechanismType);
mbalao@52586 1061 if (ckMechanismType != ckMechanism->mechanism) {
mbalao@52586 1062 /* we do not have maching types, this should not occur */
mbalao@52586 1063 return;
mbalao@52586 1064 }
duke@2 1065
duke@2 1066 if (ckVersion != NULL_PTR) {
duke@2 1067 /* get the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS (pParameter) */
duke@2 1068 fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;");
valeriep@2180 1069 if (fieldID == NULL) { return; }
valeriep@2180 1070
mbalao@52586 1071 jMasterKeyDeriveParams = (*env)->GetObjectField(env, jMechanism, fieldID);
duke@2 1072
duke@2 1073 /* get the Java CK_VERSION */
mbalao@52586 1074 jMasterKeyDeriveParamsClass = (*env)->FindClass(env, class_master_key_derive_params);
mbalao@52586 1075 if (jMasterKeyDeriveParamsClass == NULL) { return; }
mbalao@52586 1076 fieldID = (*env)->GetFieldID(env, jMasterKeyDeriveParamsClass,
mbalao@52586 1077 "pVersion", "L"CLASS_VERSION";");
valeriep@2180 1078 if (fieldID == NULL) { return; }
mbalao@52586 1079 jVersion = (*env)->GetObjectField(env, jMasterKeyDeriveParams, fieldID);
duke@2 1080
duke@2 1081 /* now copy back the version from the native structure to the Java structure */
duke@2 1082
duke@2 1083 /* copy back the major version */
valeriep@2180 1084 jVersionClass = (*env)->FindClass(env, CLASS_VERSION);
valeriep@2180 1085 if (jVersionClass == NULL) { return; }
duke@2 1086 fieldID = (*env)->GetFieldID(env, jVersionClass, "major", "B");
valeriep@2180 1087 if (fieldID == NULL) { return; }
duke@2 1088 (*env)->SetByteField(env, jVersion, fieldID, ckByteToJByte(ckVersion->major));
duke@2 1089
duke@2 1090 /* copy back the minor version */
duke@2 1091 fieldID = (*env)->GetFieldID(env, jVersionClass, "minor", "B");
valeriep@2180 1092 if (fieldID == NULL) { return; }
duke@2 1093 (*env)->SetByteField(env, jVersion, fieldID, ckByteToJByte(ckVersion->minor));
duke@2 1094 }
duke@2 1095 }
duke@2 1096
mbalao@52586 1097 /*
mbalao@52586 1098 * Copy back the client version information from the native
mbalao@52586 1099 * structure to the Java object. This is only used for
mbalao@52586 1100 * CKM_SSL3_MASTER_KEY_DERIVE and CKM_TLS_MASTER_KEY_DERIVE
mbalao@52586 1101 * mechanisms when used for deriving a key.
mbalao@52586 1102 *
mbalao@52586 1103 */
mbalao@52586 1104 void ssl3CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism,
mbalao@52586 1105 jobject jMechanism)
mbalao@52586 1106 {
mbalao@52586 1107 CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ckSSL3MasterKeyDeriveParams;
mbalao@52586 1108 ckSSL3MasterKeyDeriveParams =
mbalao@52586 1109 (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *)ckMechanism->pParameter;
mbalao@52586 1110 if (ckSSL3MasterKeyDeriveParams != NULL_PTR) {
mbalao@52586 1111 copyBackClientVersion(env, ckMechanism, jMechanism,
mbalao@52586 1112 ckSSL3MasterKeyDeriveParams->pVersion,
mbalao@52586 1113 CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS);
mbalao@52586 1114 }
mbalao@52586 1115 }
duke@2 1116
duke@2 1117 /*
mbalao@52586 1118 * Copy back the client version information from the native
mbalao@52586 1119 * structure to the Java object. This is only used for
mbalao@52586 1120 * CKM_TLS12_MASTER_KEY_DERIVE mechanism when used for deriving a key.
duke@2 1121 *
duke@2 1122 */
mbalao@52586 1123 void tls12CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism,
mbalao@52586 1124 jobject jMechanism)
duke@2 1125 {
mbalao@52586 1126 CK_TLS12_MASTER_KEY_DERIVE_PARAMS *ckTLS12MasterKeyDeriveParams;
mbalao@52586 1127 ckTLS12MasterKeyDeriveParams =
mbalao@52586 1128 (CK_TLS12_MASTER_KEY_DERIVE_PARAMS *)ckMechanism->pParameter;
mbalao@52586 1129 if (ckTLS12MasterKeyDeriveParams != NULL_PTR) {
mbalao@52586 1130 copyBackClientVersion(env, ckMechanism, jMechanism,
mbalao@52586 1131 ckTLS12MasterKeyDeriveParams->pVersion,
mbalao@52586 1132 CLASS_TLS12_MASTER_KEY_DERIVE_PARAMS);
mbalao@52586 1133 }
mbalao@52586 1134 }
duke@2 1135
mbalao@52586 1136 static void copyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism,
mbalao@52586 1137 jobject jMechanism, CK_SSL3_RANDOM_DATA *RandomInfo,
mbalao@52586 1138 CK_SSL3_KEY_MAT_OUT_PTR ckSSL3KeyMatOut, const char *class_key_mat_params)
mbalao@52586 1139 {
mbalao@52586 1140 jclass jMechanismClass, jKeyMatParamsClass, jSSL3KeyMatOutClass;
mbalao@52586 1141 jfieldID fieldID;
mbalao@52586 1142 CK_MECHANISM_TYPE ckMechanismType;
mbalao@52586 1143 jlong jMechanismType;
mbalao@52586 1144 CK_BYTE_PTR iv;
mbalao@52586 1145 jobject jKeyMatParam;
mbalao@52586 1146 jobject jSSL3KeyMatOut;
mbalao@52586 1147 jobject jIV;
mbalao@52586 1148 jint jLength;
mbalao@52586 1149 jbyte* jBytes;
mbalao@52586 1150 int i;
duke@2 1151
mbalao@52586 1152 /* get mechanism */
mbalao@52586 1153 jMechanismClass= (*env)->FindClass(env, CLASS_MECHANISM);
mbalao@52586 1154 if (jMechanismClass == NULL) { return; }
mbalao@52586 1155 fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J");
mbalao@52586 1156 if (fieldID == NULL) { return; }
mbalao@52586 1157 jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID);
mbalao@52586 1158 ckMechanismType = jLongToCKULong(jMechanismType);
mbalao@52586 1159 if (ckMechanismType != ckMechanism->mechanism) {
mbalao@52586 1160 /* we do not have maching types, this should not occur */
mbalao@52586 1161 return;
duke@2 1162 }
duke@2 1163
mbalao@52586 1164 // free malloc'd data
mbalao@52586 1165 if (RandomInfo->pClientRandom != NULL) {
mbalao@52586 1166 free(RandomInfo->pClientRandom);
mbalao@52586 1167 }
mbalao@52586 1168 if (RandomInfo->pServerRandom != NULL) {
mbalao@52586 1169 free(RandomInfo->pServerRandom);
mbalao@52586 1170 }
mbalao@52586 1171
duke@2 1172 if (ckSSL3KeyMatOut != NULL_PTR) {
mbalao@52586 1173 /* get the Java params object (pParameter) */
mbalao@52586 1174 fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter",
mbalao@52586 1175 "Ljava/lang/Object;");
valeriep@2180 1176 if (fieldID == NULL) { return; }
mbalao@52586 1177 jKeyMatParam = (*env)->GetObjectField(env, jMechanism, fieldID);
duke@2 1178
duke@2 1179 /* get the Java CK_SSL3_KEY_MAT_OUT */
mbalao@52586 1180 jKeyMatParamsClass = (*env)->FindClass(env, class_key_mat_params);
mbalao@52586 1181 if (jKeyMatParamsClass == NULL) { return; }
mbalao@52586 1182 fieldID = (*env)->GetFieldID(env, jKeyMatParamsClass,
mbalao@52586 1183 "pReturnedKeyMaterial", "L"CLASS_SSL3_KEY_MAT_OUT";");
valeriep@2180 1184 if (fieldID == NULL) { return; }
mbalao@52586 1185 jSSL3KeyMatOut = (*env)->GetObjectField(env, jKeyMatParam, fieldID);
duke@2 1186
duke@2 1187 /* now copy back all the key handles and the initialization vectors */
duke@2 1188 /* copy back client MAC secret handle */
valeriep@2180 1189 jSSL3KeyMatOutClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_OUT);
valeriep@2180 1190 if (jSSL3KeyMatOutClass == NULL) { return; }
mbalao@52586 1191 fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass,
mbalao@52586 1192 "hClientMacSecret", "J");
valeriep@2180 1193 if (fieldID == NULL) { return; }
mbalao@52586 1194 (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID,
mbalao@52586 1195 ckULongToJLong(ckSSL3KeyMatOut->hClientMacSecret));
duke@2 1196
duke@2 1197 /* copy back server MAC secret handle */
mbalao@52586 1198 fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass,
mbalao@52586 1199 "hServerMacSecret", "J");
valeriep@2180 1200 if (fieldID == NULL) { return; }
mbalao@52586 1201 (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID,
mbalao@52586 1202 ckULongToJLong(ckSSL3KeyMatOut->hServerMacSecret));
duke@2 1203
duke@2 1204 /* copy back client secret key handle */
duke@2 1205 fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hClientKey", "J");
valeriep@2180 1206 if (fieldID == NULL) { return; }
mbalao@52586 1207 (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID,
mbalao@52586 1208 ckULongToJLong(ckSSL3KeyMatOut->hClientKey));
duke@2 1209
duke@2 1210 /* copy back server secret key handle */
duke@2 1211 fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hServerKey", "J");
valeriep@2180 1212 if (fieldID == NULL) { return; }
mbalao@52586 1213 (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID,
mbalao@52586 1214 ckULongToJLong(ckSSL3KeyMatOut->hServerKey));
duke@2 1215
duke@2 1216 /* copy back the client IV */
duke@2 1217 fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "pIVClient", "[B");
valeriep@2180 1218 if (fieldID == NULL) { return; }
duke@2 1219 jIV = (*env)->GetObjectField(env, jSSL3KeyMatOut, fieldID);
duke@2 1220 iv = ckSSL3KeyMatOut->pIVClient;
duke@2 1221
duke@2 1222 if (jIV != NULL) {
duke@2 1223 jLength = (*env)->GetArrayLength(env, jIV);
duke@2 1224 jBytes = (*env)->GetByteArrayElements(env, jIV, NULL);
valeriep@2180 1225 if (jBytes == NULL) { return; }
duke@2 1226 /* copy the bytes to the Java buffer */
duke@2 1227 for (i=0; i < jLength; i++) {
duke@2 1228 jBytes[i] = ckByteToJByte(iv[i]);
duke@2 1229 }
duke@2 1230 /* copy back the Java buffer to the object */
duke@2 1231 (*env)->ReleaseByteArrayElements(env, jIV, jBytes, 0);
duke@2 1232 }
valeriep@2180 1233 // free malloc'd data
valeriep@2180 1234 free(ckSSL3KeyMatOut->pIVClient);
duke@2 1235
duke@2 1236 /* copy back the server IV */
duke@2 1237 fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "pIVServer", "[B");
valeriep@2180 1238 if (fieldID == NULL) { return; }
duke@2 1239 jIV = (*env)->GetObjectField(env, jSSL3KeyMatOut, fieldID);
duke@2 1240 iv = ckSSL3KeyMatOut->pIVServer;
duke@2 1241
duke@2 1242 if (jIV != NULL) {
duke@2 1243 jLength = (*env)->GetArrayLength(env, jIV);
duke@2 1244 jBytes = (*env)->GetByteArrayElements(env, jIV, NULL);
valeriep@2180 1245 if (jBytes == NULL) { return; }
duke@2 1246 /* copy the bytes to the Java buffer */
duke@2 1247 for (i=0; i < jLength; i++) {
duke@2 1248 jBytes[i] = ckByteToJByte(iv[i]);
duke@2 1249 }
duke@2 1250 /* copy back the Java buffer to the object */
duke@2 1251 (*env)->ReleaseByteArrayElements(env, jIV, jBytes, 0);
duke@2 1252 }
duke@2 1253 // free malloc'd data
valeriep@2180 1254 free(ckSSL3KeyMatOut->pIVServer);
duke@2 1255 free(ckSSL3KeyMatOut);
duke@2 1256 }
mbalao@52586 1257 }
mbalao@52586 1258
mbalao@52586 1259 /*
mbalao@52586 1260 * Copy back the derived keys and initialization vectors from the native
mbalao@52586 1261 * structure to the Java object. This is only used for
mbalao@52586 1262 * CKM_SSL3_KEY_AND_MAC_DERIVE and CKM_TLS_KEY_AND_MAC_DERIVE mechanisms
mbalao@52586 1263 * when used for deriving a key.
mbalao@52586 1264 *
mbalao@52586 1265 */
mbalao@52586 1266 void ssl3CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism,
mbalao@52586 1267 jobject jMechanism)
mbalao@52586 1268 {
mbalao@52586 1269 CK_SSL3_KEY_MAT_PARAMS *ckSSL3KeyMatParam;
mbalao@52586 1270 ckSSL3KeyMatParam = (CK_SSL3_KEY_MAT_PARAMS *)ckMechanism->pParameter;
mbalao@52586 1271 if (ckSSL3KeyMatParam != NULL_PTR) {
mbalao@52586 1272 copyBackKeyMatParams(env, ckMechanism, jMechanism,
mbalao@52586 1273 &(ckSSL3KeyMatParam->RandomInfo),
mbalao@52586 1274 ckSSL3KeyMatParam->pReturnedKeyMaterial,
mbalao@52586 1275 CLASS_SSL3_KEY_MAT_PARAMS);
mbalao@52586 1276 }
mbalao@52586 1277 }
mbalao@52586 1278
mbalao@52586 1279 /*
mbalao@52586 1280 * Copy back the derived keys and initialization vectors from the native
mbalao@52586 1281 * structure to the Java object. This is only used for
mbalao@52586 1282 * CKM_TLS12_KEY_AND_MAC_DERIVE mechanism when used for deriving a key.
mbalao@52586 1283 *
mbalao@52586 1284 */
mbalao@52586 1285 void tls12CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism,
mbalao@52586 1286 jobject jMechanism)
mbalao@52586 1287 {
mbalao@52586 1288 CK_TLS12_KEY_MAT_PARAMS *ckTLS12KeyMatParam;
mbalao@52586 1289 ckTLS12KeyMatParam = (CK_TLS12_KEY_MAT_PARAMS *) ckMechanism->pParameter;
mbalao@52586 1290 if (ckTLS12KeyMatParam != NULL_PTR) {
mbalao@52586 1291 copyBackKeyMatParams(env, ckMechanism, jMechanism,
mbalao@52586 1292 &(ckTLS12KeyMatParam->RandomInfo),
mbalao@52586 1293 ckTLS12KeyMatParam->pReturnedKeyMaterial,
mbalao@52586 1294 CLASS_TLS12_KEY_MAT_PARAMS);
mbalao@52586 1295 }
duke@2 1296 }
duke@2 1297
duke@2 1298 #endif