Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-14 13:55:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add multi-hash ECC to jss (based on the 1.4 JCE).

Browse Source
This commit is contained in:
rrelyea%redhat.com 2006-02-10 22:06:22 +00:00
parent d78b3b1af5
commit 2b4f5e5d00
34 changed files with 1182 additions and 283 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
security/jss/build_java.pl
View File

@ -45,6 +45,7 @@ org.mozilla.jss.pkcs11.PK11KeyPairGenerator
org.mozilla.jss.pkcs11.SigContextProxy
org.mozilla.jss.pkcs11.PK11RSAPublicKey
org.mozilla.jss.pkcs11.PK11DSAPublicKey
org.mozilla.jss.pkcs11.PK11ECPublicKey
org.mozilla.jss.pkcs11.PK11SecureRandom
org.mozilla.jss.provider.java.security.JSSKeyStoreSpi
org.mozilla.jss.SecretDecoderRing.KeyManager

4
security/jss/lib/jss.def
View File

@ -118,6 +118,7 @@ Java_org_mozilla_jss_pkcs11_PK11SymKey_getKeyType;
Java_org_mozilla_jss_pkcs11_PK11SymKey_getOwningToken;
Java_org_mozilla_jss_pkcs11_PK11SymKey_getStrength;
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPair;
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateECKeyPair;
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPair;
Java_org_mozilla_jss_pkcs11_PK11KeyGenerator_generateNormal;
Java_org_mozilla_jss_pkcs11_PK11KeyGenerator_generatePBE;
@ -164,6 +165,8 @@ Java_org_mozilla_jss_pkcs11_PK11DSAPublicKey_getGByteArray;
Java_org_mozilla_jss_pkcs11_PK11DSAPublicKey_getPByteArray;
Java_org_mozilla_jss_pkcs11_PK11DSAPublicKey_getQByteArray;
Java_org_mozilla_jss_pkcs11_PK11DSAPublicKey_getYByteArray;
Java_org_mozilla_jss_pkcs11_PK11ECPublicKey_getCurveByteArray;
Java_org_mozilla_jss_pkcs11_PK11ECPublicKey_getWByteArray;
Java_org_mozilla_jss_pkcs11_PK11SecureRandom_nextBytes;
Java_org_mozilla_jss_pkcs11_PK11SecureRandom_setSeed;
Java_org_mozilla_jss_ssl_SSLServerSocket_clearSessionCache;
@ -247,6 +250,7 @@ Java_org_mozilla_jss_provider_java_security_JSSKeyStoreSpi_engineSetKeyEntryNati
Java_org_mozilla_jss_CryptoManager_initializeAllNative2;
Java_org_mozilla_jss_ssl_SocketBase_getLocalAddressNative;
Java_org_mozilla_jss_pkcs11_PK11PrivKey_getDSAParamsNative;
Java_org_mozilla_jss_pkcs11_PK11PrivKey_getECCurveNative;
Java_org_mozilla_jss_CryptoManager_verifyCertNowNative;
Java_org_mozilla_jss_ssl_SSLServerSocket_setServerCert;
Java_org_mozilla_jss_ssl_SocketBase_setClientCert;

30
security/jss/org/mozilla/jss/JSSProvider.java
View File

@ -100,6 +100,32 @@ public final class JSSProvider extends java.security.Provider {
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA512RSA");
put("Alg.Alias.Signature.SHA512/RSA", "SHA-512/RSA");
put("Alg.Alias.Signature.SHA512withRSA", "SHA-512/RSA");
// ECC
put("Signature.SHA1withEC",
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA1EC");
put("Alg.Alias.Signature.EC", "SHA1withEC");
put("Alg.Alias.Signature.ECC", "SHA1withEC");
put("Alg.Alias.Signature.ECDSA", "SHA1withEC");
put("Alg.Alias.Signature.SHA/EC", "SHA1withEC");
put("Alg.Alias.Signature.SHA1/EC", "SHA1withEC");
put("Alg.Alias.Signature.SHA-1/EC", "SHA1withEC");
put("Alg.Alias.Signature.SHA/ECDSA", "SHA1withEC");
put("Alg.Alias.Signature.SHA1/ECDSA", "SHA1withEC");
put("Signature.SHA256withEC",
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA256EC");
put("Alg.Alias.Signature.SHA256/EC", "SHA256withEC");
put("Alg.Alias.Signature.SHA-256/EC", "SHA256withEC");
put("Signature.SHA384withEC",
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA384EC");
put("Alg.Alias.Signature.SHA384/EC", "SHA384withEC");
put("Alg.Alias.Signature.SHA-384/EC", "SHA384withEC");
put("Signature.SHA512withEC",
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA512EC");
put("Alg.Alias.Signature.SHA512/EC", "SHA512withEC");
put("Alg.Alias.Signature.SHA-512/EC", "SHA384withEC");
/////////////////////////////////////////////////////////////
// Message Digesting
@ -137,6 +163,8 @@ public final class JSSProvider extends java.security.Provider {
"org.mozilla.jss.provider.java.security.JSSKeyPairGeneratorSpi$RSA");
put("KeyPairGenerator.DSA",
"org.mozilla.jss.provider.java.security.JSSKeyPairGeneratorSpi$DSA");
put("KeyPairGenerator.EC",
"org.mozilla.jss.provider.java.security.JSSKeyPairGeneratorSpi$EC");
/////////////////////////////////////////////////////////////
// KeyFactory
@ -145,6 +173,8 @@ public final class JSSProvider extends java.security.Provider {
"org.mozilla.jss.provider.java.security.KeyFactorySpi1_2");
put("KeyFactory.DSA",
"org.mozilla.jss.provider.java.security.KeyFactorySpi1_2");
put("KeyFactory.EC",
"org.mozilla.jss.provider.java.security.KeyFactorySpi1_2");
/////////////////////////////////////////////////////////////
// AlgorithmParameters

8
security/jss/org/mozilla/jss/crypto/Algorithm.c
View File

@ -103,7 +103,13 @@ JSS_AlgInfo JSS_AlgTable[NUM_ALGS] = {
/* 40 */ {SEC_OID_SHA512, SEC_OID_TAG},
/* 41 */ {SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION, SEC_OID_TAG},
/* 42 */ {SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION, SEC_OID_TAG},
/* 43 */ {SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION, SEC_OID_TAG}
/* 43 */ {SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION, SEC_OID_TAG},
/* 44 */ {SEC_OID_ANSIX962_EC_PUBLIC_KEY, SEC_OID_TAG},
/* 45 */ {SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE, SEC_OID_TAG},
/* 46 */ {CKM_EC_KEY_PAIR_GEN, PK11_MECH},
/* 47 */ {SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE, SEC_OID_TAG},
/* 48 */ {SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE, SEC_OID_TAG},
/* 49 */ {SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE, SEC_OID_TAG},
/* REMEMBER TO UPDATE NUM_ALGS!!! */
};

2
security/jss/org/mozilla/jss/crypto/Algorithm.h
View File

@ -56,7 +56,7 @@ typedef struct JSS_AlgInfoStr {
JSS_AlgType type;
} JSS_AlgInfo;
#define NUM_ALGS 44
#define NUM_ALGS 50
extern JSS_AlgInfo JSS_AlgTable[];
extern CK_ULONG JSS_symkeyUsage[];

8
security/jss/org/mozilla/jss/crypto/Algorithm.java
View File

@ -168,6 +168,8 @@ public class Algorithm {
//////////////////////////////////////////////////////////////
static final OBJECT_IDENTIFIER ANSI_X9_ALGORITHM =
new OBJECT_IDENTIFIER( new long[] { 1, 2, 840, 10040, 4 } );
static final OBJECT_IDENTIFIER ANSI_X962_OID =
new OBJECT_IDENTIFIER( new long[] { 1, 2, 840, 10045 } );
// Algorithm indices. These must be kept in sync with the
// algorithm array in Algorithm.c.
@ -224,5 +226,11 @@ public class Algorithm {
protected static final short SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION=41;
protected static final short SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION=42;
protected static final short SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION=43;
protected static final short SEC_OID_ANSIX962_EC_PUBLIC_KEY=44;
protected static final short SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE=45;
protected static final short CKM_EC_KEY_PAIR_GEN=46;
protected static final short SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE=47;
protected static final short SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE=48;
protected static final short SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE=49;
}

2
security/jss/org/mozilla/jss/crypto/CryptoToken.java
View File

@ -148,7 +148,7 @@ public interface CryptoToken {
* on this token.
*
* @param algorithm The algorithm that the keys will be used with (RSA,
* DSA, etc.)
* DSA, EC, etc.)
* @exception java.security.NoSuchAlgorithmException If this token does
* not support the given algorithm.
* @deprecated Use the JCA interface instead ({@link java.security.KeyPairGenerator})

6
security/jss/org/mozilla/jss/crypto/KeyPairAlgorithm.java
View File

@ -93,9 +93,15 @@ public class KeyPairAlgorithm extends Algorithm {
public static final Algorithm
DSAFamily = new Algorithm(SEC_OID_ANSIX9_DSA_SIGNATURE, "DSA");
public static final Algorithm
ECFamily = new Algorithm(SEC_OID_ANSIX962_EC_PUBLIC_KEY, "EC");
public static final KeyPairAlgorithm
RSA = new KeyPairAlgorithm(CKM_RSA_PKCS_KEY_PAIR_GEN, "RSA", RSAFamily);
public static final KeyPairAlgorithm
DSA = new KeyPairAlgorithm(CKM_DSA_KEY_PAIR_GEN, "DSA", DSAFamily);
public static final KeyPairAlgorithm
EC = new KeyPairAlgorithm(CKM_EC_KEY_PAIR_GEN, "EC", ECFamily);
}

8
security/jss/org/mozilla/jss/crypto/PrivateKey.java
View File

@ -50,6 +50,7 @@ public interface PrivateKey extends java.security.PrivateKey
public static final Type RSA = Type.RSA;
public static final Type DSA = Type.DSA;
public static final Type EC = Type.EC;
public static final Type DiffieHellman = Type.DiffieHellman;
/**
@ -112,7 +113,7 @@ public interface PrivateKey extends java.security.PrivateKey
/**
* Returns a string representation of the algorithm, such as
* "RSA" or "DSA".
* "RSA", "DSA", or "EC".
*/
public String toString() {
return name;
@ -134,11 +135,16 @@ public interface PrivateKey extends java.security.PrivateKey
private static int CKK_RSA = 0x0;
private static int CKK_DSA = 0x1;
private static int CKK_DH = 0x2;
private static int CKK_EC = 0x3;
private static int CKK_X9_42_DH = 0x4;
private static int CKK_KEA = 0x5;
public static final Type RSA = new Type(
OBJECT_IDENTIFIER.PKCS1.subBranch(1), "RSA", CKK_RSA );
public static final Type DSA = new Type(
Algorithm.ANSI_X9_ALGORITHM.subBranch(1), "DSA", CKK_DSA);
public static final Type EC = new Type(
Algorithm.ANSI_X962_OID.subBranch(2).subBranch(1), "EC", CKK_EC);
public static final Type DiffieHellman = new Type(
DH_OID, "DiffieHellman", CKK_DH );

39
security/jss/org/mozilla/jss/crypto/SignatureAlgorithm.java
View File

@ -113,12 +113,21 @@ public class SignatureAlgorithm extends Algorithm {
/**********************************************************************
* Raw DSA signing. This algorithm does not do any hashing, it merely
* encrypts its input, which should be a hash.
* operates on its input, which should be a hash.
*/
public static final SignatureAlgorithm
DSASignature = new SignatureAlgorithm(SEC_OID_ANSIX9_DSA_SIGNATURE, "DSA",
null, null, ANSI_X9_ALGORITHM.subBranch(1) );
/**********************************************************************
* Raw EC signing. This algorithm does not do any hashing, it merely
* operates on its input, which should be a hash.
*/
public static final SignatureAlgorithm
ECSignature = new SignatureAlgorithm(SEC_OID_ANSIX962_EC_PUBLIC_KEY,
"EC",
null, null, ANSI_X962_OID.subBranch(2).subBranch(1) );
//////////////////////////////////////////////////////////////////////
public static final SignatureAlgorithm
RSASignatureWithMD2Digest =
@ -147,6 +156,34 @@ public class SignatureAlgorithm extends Algorithm {
"DSASignatureWithSHA1Digest", DSASignature, DigestAlgorithm.SHA1,
ANSI_X9_ALGORITHM.subBranch(3) );
//////////////////////////////////////////////////////////////////////
public static final SignatureAlgorithm
ECSignatureWithSHA1Digest =
new SignatureAlgorithm(SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE,
"ECSignatureWithSHA1Digest", ECSignature, DigestAlgorithm.SHA1,
ANSI_X962_OID.subBranch(4).subBranch(1) );
//////////////////////////////////////////////////////////////////////
public static final SignatureAlgorithm
ECSignatureWithSHA256Digest =
new SignatureAlgorithm(SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE,
"ECSignatureWithSHA256Digest", ECSignature, DigestAlgorithm.SHA256,
ANSI_X962_OID.subBranch(4).subBranch(3).subBranch(2) );
//////////////////////////////////////////////////////////////////////
public static final SignatureAlgorithm
ECSignatureWithSHA384Digest =
new SignatureAlgorithm(SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE,
"ECSignatureWithSHA384Digest", ECSignature, DigestAlgorithm.SHA384,
ANSI_X962_OID.subBranch(4).subBranch(3).subBranch(3) );
//////////////////////////////////////////////////////////////////////
public static final SignatureAlgorithm
ECSignatureWithSHA512Digest =
new SignatureAlgorithm(SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE,
"ECSignatureWithSHA512Digest", ECSignature, DigestAlgorithm.SHA512,
ANSI_X962_OID.subBranch(4).subBranch(3).subBranch(4) );
//////////////////////////////////////////////////////////////////////
public static final SignatureAlgorithm
RSASignatureWithSHA256Digest =

13
security/jss/org/mozilla/jss/pkcs11/KeyType.java
View File

@ -164,6 +164,19 @@ public final class KeyType {
"DSA"
);
//////////////////////////////////////////////////////////////
static public final KeyType
EC = new KeyType(new Algorithm[]
{
SignatureAlgorithm.ECSignature,
SignatureAlgorithm.ECSignatureWithSHA1Digest,
SignatureAlgorithm.ECSignatureWithSHA256Digest,
SignatureAlgorithm.ECSignatureWithSHA384Digest,
SignatureAlgorithm.ECSignatureWithSHA512Digest
},
"EC"
);
//////////////////////////////////////////////////////////////
static public final KeyType
FORTEZZA = new KeyType(new Algorithm[0], "FORTEZZA");

45
security/jss/org/mozilla/jss/pkcs11/PK11ECPrivateKey.java Normal file
View File

@ -0,0 +1,45 @@
package org.mozilla.jss.pkcs11;
import org.mozilla.jss.crypto.PrivateKey;
import org.mozilla.jss.crypto.TokenException;
import org.mozilla.jss.util.Assert;
import java.math.BigInteger;
// requires JAVA 1.5
//import java.security.interfaces.ECPrivateKey;
class PK11ECPrivateKey
// extends PK11PrivKey implements ECPrivateKey
extends PK11PrivKey
{
private PK11ECPrivateKey() { super(null); }
protected PK11ECPrivateKey(byte[] pointer) {
super(pointer);
}
public PrivateKey.Type getType() {
return PrivateKey.Type.EC;
}
/**
* If this fails, we just return null, since no exceptions are allowed.
*/
// requires JAVA 1.5
// public ECParams getParams() {
// try {
// return getECParams();
// } catch(TokenException te) {
// return null;
// }
// }
/**
* Not implemented. NSS doesn't support extracting private key material
* like this.
*/
// requires JAVA 1.5
// public BigInteger getW() {
// return null;
// }
}

72
security/jss/org/mozilla/jss/pkcs11/PK11ECPublicKey.java Normal file
View File

@ -0,0 +1,72 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape Security Services for Java.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
package org.mozilla.jss.pkcs11;
import org.mozilla.jss.util.Assert;
// Requires JAVA 1.5
//import java.security.interfaces.ECPublicKey;
import java.math.BigInteger;
//
// Requires JAVA 1.5
//public final class PK11ECPublicKey extends PK11PubKey implements ECPublicKey {
public final class PK11ECPublicKey extends PK11PubKey {
public PK11ECPublicKey(byte[] pointer) {
super(pointer);
}
//
// Requires JAVA 1.5
// public ECParams getCurve() {
// try {
// return new BigInteger( getCurveByteArray() );
// } catch(NumberFormatException e) {
// Assert.notReached("Unable to decode DSA parameters");
// return null;
// }
// }
//
// public BigInteger getW() {
// try {
// return new BigInteger( getWByteArray() );
// } catch(NumberFormatException e) {
// Assert.notReached("Unable to decode DSA public value");
// return null;
// }
// }
//
// private native byte[] getCurveByteArray();
// private native byte[] getWByteArray();
}

235
security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c
View File

@ -120,37 +120,19 @@ finish:
int PK11_NumberObjectsFor(PK11SlotInfo*, CK_ATTRIBUTE*, int);
/**********************************************************************
* PK11KeyPairGenerator.generateRSAKeyPair
/*
* make a common key gen function for both this file and PK11Token.c
*/
JNIEXPORT jobject JNICALL
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPair
(JNIEnv *env, jobject this, jobject token, jint keySize, jlong publicExponent,
jboolean temporary, jint sensitive, jint extractable)
SECStatus
JSS_PK11_generateKeyPair(JNIEnv *env, CK_MECHANISM_TYPE mechanism,
PK11SlotInfo *slot, SECKEYPublicKey **pubk, SECKEYPrivateKey **privk,
void *params, PRBool temporary, jint sensitive, jint extractable)
{
PK11SlotInfo* slot;
PK11RSAGenParams params;
SECKEYPrivateKey *privk=NULL;
SECKEYPublicKey *pubk=NULL;
jobject keyPair=NULL;
PK11AttrFlags attrFlags = 0;
*privk=NULL;
*pubk=NULL;
PR_ASSERT(env!=NULL && this!=NULL && token!=NULL);
/**************************************************
* get the slot pointer
*************************************************/
if( JSS_PK11_getTokenSlotPtr(env, token, &slot) != PR_SUCCESS) {
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
goto finish;
}
PR_ASSERT(slot != NULL);
/**************************************************
* setup parameters
*************************************************/
params.keySizeInBits = keySize;
params.pe = publicExponent;
PR_ASSERT(env!=NULL && slot!=NULL);
/**************************************************
* login to the token if necessary
@ -191,13 +173,13 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPair
} else {
attrFlags |= (PK11_ATTR_INSENSITIVE | PK11_ATTR_PUBLIC);
}
privk = PK11_GenerateKeyPairWithFlags(slot,
CKM_RSA_PKCS_KEY_PAIR_GEN,
&params, /* params is not a ptr */
&pubk,
*privk = PK11_GenerateKeyPairWithFlags(slot,
mechanism,
params,
pubk,
attrFlags,
NULL /* default PW callback */ );
if( privk == NULL ) {
if( *privk == NULL ) {
int errLength;
char *errBuf;
char *msgBuf;
@ -220,6 +202,51 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPair
PR_Free(msgBuf);
goto finish;
}
return SECSuccess;
finish:
if(*privk!=NULL) {
SECKEY_DestroyPrivateKey(*privk);
*privk = NULL;
}
if(*pubk!=NULL) {
SECKEY_DestroyPublicKey(*pubk);
*pubk = NULL;
}
return SECFailure;
}
/**********************************************************************
* Local generic helper
*/
static jobject
PK11KeyPairGenerator(JNIEnv *env, jobject this, jobject token,
CK_MECHANISM_TYPE mechanism, void *params,
jboolean temporary, jint sensitive, jint extractable)
{
PK11SlotInfo* slot;
SECKEYPrivateKey *privk=NULL;
SECKEYPublicKey *pubk=NULL;
jobject keyPair=NULL;
SECStatus rv;
PR_ASSERT(env!=NULL && this!=NULL && token!=NULL);
/**************************************************
* get the slot pointer
*************************************************/
if( JSS_PK11_getTokenSlotPtr(env, token, &slot) != PR_SUCCESS) {
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
goto finish;
}
PR_ASSERT(slot != NULL);
rv = JSS_PK11_generateKeyPair(env, mechanism, slot, &pubk, &privk,
params, temporary, sensitive, extractable);
if (rv != SECSuccess) {
goto finish;
}
/**************************************************
* wrap in a Java KeyPair object
@ -240,6 +267,28 @@ finish:
return keyPair;
}
/**********************************************************************
* PK11KeyPairGenerator.generateRSAKeyPair
*/
JNIEXPORT jobject JNICALL
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPair
(JNIEnv *env, jobject this, jobject token, jint keySize, jlong publicExponent,
jboolean temporary, jint sensitive, jint extractable)
{
PK11RSAGenParams params;
PR_ASSERT(env!=NULL && this!=NULL && token!=NULL);
/**************************************************
* setup parameters
*************************************************/
params.keySizeInBits = keySize;
params.pe = publicExponent;
return PK11KeyPairGenerator(env, this, token, CKM_RSA_PKCS_KEY_PAIR_GEN,
&params, temporary, sensitive, extractable);
}
#define ZERO_SECITEM(item) {(item).len=0; (item).data=NULL;}
/**********************************************************************
@ -252,13 +301,9 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPair
(JNIEnv *env, jobject this, jobject token, jbyteArray P, jbyteArray Q,
jbyteArray G, jboolean temporary, jint sensitive, jint extractable)
{
PK11SlotInfo *slot;
SECKEYPrivateKey *privk=NULL;
SECKEYPublicKey *pubk=NULL;
SECItem p, q, g;
PQGParams *params=NULL;
jobject keyPair=NULL;
PK11AttrFlags attrFlags = 0;
PR_ASSERT(env!=NULL && this!=NULL && token!=NULL && P!=NULL && Q!=NULL
&& G!=NULL);
@ -268,15 +313,6 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPair
ZERO_SECITEM(q);
ZERO_SECITEM(g);
/**************************************************
* Get the slot pointer
*************************************************/
if( JSS_PK11_getTokenSlotPtr(env, token, &slot) != PR_SUCCESS) {
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
goto finish;
}
/**************************************************
* Setup the parameters
*************************************************/
@ -292,66 +328,8 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPair
JSS_throw(env, OUT_OF_MEMORY_ERROR);
goto finish;
}
/**************************************************
* login to the token if necessary
*************************************************/
if( PK11_Authenticate(slot, PR_TRUE /*loadcerts*/, NULL /* default pwcb*/)
!= SECSuccess)
{
JSS_throwMsg(env, TOKEN_EXCEPTION, "unable to login to token");
goto finish;
}
/**************************************************
* generate the key pair on the token
*************************************************/
if( temporary ) {
attrFlags |= PK11_ATTR_SESSION;
} else {
attrFlags |= PK11_ATTR_TOKEN;
}
if( extractable == 1 ) {
attrFlags |= PK11_ATTR_EXTRACTABLE;
} else if( extractable == 0 ) {
attrFlags |= PK11_ATTR_UNEXTRACTABLE;
}
/*
* The default of sensitive is set this way to be backward
* compatible.
*/
if( sensitive == -1 ) {
sensitive = !temporary; /* workaround bug 129563 */
}
/*
* The PRIVATE/PUBLIC attributes are set this way to be backward
* compatible with the original PK11_GenerateKeyPair call.
*/
if( sensitive ) {
attrFlags |= (PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE);
} else {
attrFlags |= (PK11_ATTR_INSENSITIVE | PK11_ATTR_PUBLIC);
}
privk = PK11_GenerateKeyPairWithFlags(slot,
CKM_DSA_KEY_PAIR_GEN,
params, /* params is a ptr */
&pubk,
attrFlags,
NULL /* default PW callback */);
if( privk == NULL ) {
JSS_throwMsg(env, TOKEN_EXCEPTION,
"Keypair Generation failed on PKCS #11 token");
goto finish;
}
/**************************************************
* wrap in a Java KeyPair object
*************************************************/
keyPair = keysToKeyPair(env, &privk, &pubk);
if(keyPair == NULL) {
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
goto finish;
}
keyPair = PK11KeyPairGenerator(env, this, token, CKM_DSA_KEY_PAIR_GEN,
params, temporary, sensitive, extractable);
finish:
SECITEM_FreeItem(&p, PR_FALSE);
@ -360,3 +338,50 @@ finish:
PK11_PQG_DestroyParams(params);
return keyPair;
}
void
DumpItem(SECItem *item)
{
unsigned char *data = item->data;
int i;
for (i=0; i < item->len; i++) {
printf(" %02x",data[i]);
}
printf(" : 0x%08x %d\n", data, item->len);
}
/**********************************************************************
*
* PK11KeyPairGenerator.generateECKeyPair
*
*/
JNIEXPORT jobject JNICALL
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateECKeyPair
(JNIEnv *env, jobject this, jobject token, jbyteArray Curve,
jboolean temporary, jint sensitive, jint extractable)
{
SECItem curve;
jobject keyPair=NULL;
PR_ASSERT(env!=NULL && this!=NULL && token!=NULL && Curve!=NULL );
/* zero these so we can free them indiscriminately later */
ZERO_SECITEM(curve);
/**************************************************
* Setup the parameters
*************************************************/
if( JSS_ByteArrayToOctetString(env, Curve, &curve))
{
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
goto finish;
}
keyPair = PK11KeyPairGenerator(env, this, token, CKM_EC_KEY_PAIR_GEN,
&curve, temporary, sensitive, extractable);
finish:
SECITEM_FreeItem(&curve, PR_FALSE);
return keyPair;
}

318
security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java
View File

@ -38,12 +38,14 @@ package org.mozilla.jss.pkcs11;
import org.mozilla.jss.crypto.*;
import org.mozilla.jss.util.*;
import org.mozilla.jss.asn1.*;
import java.math.BigInteger;
import java.security.*;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.DSAParameterSpec;
/**
* A Key Pair Generator implemented using PKCS #11.
*
@ -63,8 +65,9 @@ public final class PK11KeyPairGenerator
* Constructor for PK11KeyPairGenerator.
* @param token The PKCS #11 token that the keypair will be generated on.
* @param algorithm The type of key that will be generated. Currently,
* <code>KeyPairAlgorithm.RSA</code> and
* <code>KeyPairAlgorithm.DSA</code> are supported.
* <code>KeyPairAlgorithm.RSA</code> ,
* <code>KeyPairAlgorithm.DSA</code> and
* <code>KeyPairAlgorithm.EC</code> are supported.
*/
public PK11KeyPairGenerator(PK11Token token, KeyPairAlgorithm algorithm)
throws NoSuchAlgorithmException, TokenException
@ -115,8 +118,7 @@ public final class PK11KeyPairGenerator
if(algorithm == KeyPairAlgorithm.RSA) {
params =
new RSAParameterSpec(strength, DEFAULT_RSA_PUBLIC_EXPONENT);
} else {
Assert._assert( algorithm == KeyPairAlgorithm.DSA );
} else if(algorithm == KeyPairAlgorithm.DSA) {
if(strength==512) {
params = PQG512;
} else if(strength==768) {
@ -128,6 +130,9 @@ public final class PK11KeyPairGenerator
"In order to use pre-cooked PQG values, key strength must"+
"be 512, 768, or 1024.");
}
} else {
Assert._assert( algorithm == KeyPairAlgorithm.EC );
params = getCurve(strength);
}
}
@ -161,12 +166,22 @@ public final class PK11KeyPairGenerator
throw new InvalidAlgorithmParameterException(
"RSA Public Exponent must fit in 31 or fewer bits.");
}
} else {
Assert._assert( algorithm == KeyPairAlgorithm.DSA);
} else if ( algorithm == KeyPairAlgorithm.DSA ){
if(! (params instanceof DSAParameterSpec) ) {
throw new InvalidAlgorithmParameterException();
}
}
} else {
Assert._assert( algorithm == KeyPairAlgorithm.EC);
// requires JAVA 1.5
// if(! (params instanceof ECParameterSpec) ) {
// throw new InvalidAlgorithmParameterException();
//}
// requires JAVA 1.5
if(! (params instanceof PK11ParameterSpec) ) {
throw new InvalidAlgorithmParameterException();
}
} // future add support for X509EncodedSpec
this.params = params;
}
@ -196,8 +211,7 @@ public final class PK11KeyPairGenerator
sensitivePairMode,
extractablePairMode);
}
} else {
Assert._assert( algorithm == KeyPairAlgorithm.DSA );
} else if(algorithm == KeyPairAlgorithm.DSA ) {
if(params==null) {
params = PQG1024;
}
@ -210,7 +224,22 @@ public final class PK11KeyPairGenerator
temporaryPairMode,
sensitivePairMode,
extractablePairMode);
}
} else {
Assert._assert( algorithm == KeyPairAlgorithm.EC );
// requires JAVA 1.5 for ECParameters.
//
//AlgorithmParameters ecParams =
// AlgorithmParameters.getInstance("ECParameters");
// ecParams.init(params);
PK11ParameterSpec ecParams = (PK11ParameterSpec) params;
return generateECKeyPair(
token,
ecParams.getEncoded(), /* curve */
temporaryPairMode,
sensitivePairMode,
extractablePairMode);
}
}
/**
@ -245,6 +274,15 @@ public final class PK11KeyPairGenerator
boolean temporary, int sensitive, int extractable)
throws TokenException;
/**
* Generates a EC key pair with the given a curve.
* Curves are stored as DER Encoded Parameters.
*/
private native KeyPair
generateECKeyPair(PK11Token token, byte[] Curve,
boolean temporary, int sensitive, int extractable)
throws TokenException;
///////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////
// Defaults
@ -359,6 +397,266 @@ public final class PK11KeyPairGenerator
extractablePairMode = extractable ? 1 : 0;
}
//
// requires JAVA 1.5
//
//private AlgorithmParameterSpec getCurve(int strength) {
//}
private static final OBJECT_IDENTIFIER ANSI_X962_PRIME_CURVE =
new OBJECT_IDENTIFIER( new long[] { 1, 2, 840, 10045, 3, 1 } );
private static final OBJECT_IDENTIFIER ANSI_X962_BINARY_CURVE =
new OBJECT_IDENTIFIER( new long[] { 1, 2, 840, 10045, 3, 0 } );
private static final OBJECT_IDENTIFIER SECG_EC_CURVE =
new OBJECT_IDENTIFIER( new long[] { 1, 3, 132, 0 } );
// ANSI Prime curves
static final OBJECT_IDENTIFIER CURVE_ANSI_P192V1
= ANSI_X962_PRIME_CURVE.subBranch(1);
static final OBJECT_IDENTIFIER CURVE_ANSI_P192V2
= ANSI_X962_PRIME_CURVE.subBranch(2);
static final OBJECT_IDENTIFIER CURVE_ANSI_P192V3
= ANSI_X962_PRIME_CURVE.subBranch(3);
static final OBJECT_IDENTIFIER CURVE_ANSI_P239V1
= ANSI_X962_PRIME_CURVE.subBranch(4);
static final OBJECT_IDENTIFIER CURVE_ANSI_P239V2
= ANSI_X962_PRIME_CURVE.subBranch(5);
static final OBJECT_IDENTIFIER CURVE_ANSI_P239V3
= ANSI_X962_PRIME_CURVE.subBranch(6);
static final OBJECT_IDENTIFIER CURVE_ANSI_P256V1
= ANSI_X962_PRIME_CURVE.subBranch(7);
// ANSI Binary curves
static final OBJECT_IDENTIFIER CURVE_ANSI_PNB163V1
=ANSI_X962_BINARY_CURVE.subBranch(1);
static final OBJECT_IDENTIFIER CURVE_ANSI_PNB163V2
=ANSI_X962_BINARY_CURVE.subBranch(2);
static final OBJECT_IDENTIFIER CURVE_ANSI_PNB163V3
=ANSI_X962_BINARY_CURVE.subBranch(3);
static final OBJECT_IDENTIFIER CURVE_ANSI_PNB176V1
=ANSI_X962_BINARY_CURVE.subBranch(4);
static final OBJECT_IDENTIFIER CURVE_ANSI_TNB191V1
=ANSI_X962_BINARY_CURVE.subBranch(5);
static final OBJECT_IDENTIFIER CURVE_ANSI_TNB191V2
=ANSI_X962_BINARY_CURVE.subBranch(6);
static final OBJECT_IDENTIFIER CURVE_ANSI_TNB191V3
=ANSI_X962_BINARY_CURVE.subBranch(7);
static final OBJECT_IDENTIFIER CURVE_ANSI_ONB191V4
=ANSI_X962_BINARY_CURVE.subBranch(8);
static final OBJECT_IDENTIFIER CURVE_ANSI_ONB191V5
=ANSI_X962_BINARY_CURVE.subBranch(9);
static final OBJECT_IDENTIFIER CURVE_ANSI_PNB208W1
=ANSI_X962_BINARY_CURVE.subBranch(10);
static final OBJECT_IDENTIFIER CURVE_ANSI_TNB239V1
=ANSI_X962_BINARY_CURVE.subBranch(11);
static final OBJECT_IDENTIFIER CURVE_ANSI_TNB239V2
=ANSI_X962_BINARY_CURVE.subBranch(12);
static final OBJECT_IDENTIFIER CURVE_ANSI_TNB239V3
=ANSI_X962_BINARY_CURVE.subBranch(13);
static final OBJECT_IDENTIFIER CURVE_ANSI_ONB239V4
=ANSI_X962_BINARY_CURVE.subBranch(14);
static final OBJECT_IDENTIFIER CURVE_ANSI_ONB239V5
=ANSI_X962_BINARY_CURVE.subBranch(15);
static final OBJECT_IDENTIFIER CURVE_ANSI_PNB272W1
=ANSI_X962_BINARY_CURVE.subBranch(16);
static final OBJECT_IDENTIFIER CURVE_ANSI_PNB304W1
=ANSI_X962_BINARY_CURVE.subBranch(17);
static final OBJECT_IDENTIFIER CURVE_ANSI_TNB359V1
=ANSI_X962_BINARY_CURVE.subBranch(18);
static final OBJECT_IDENTIFIER CURVE_ANSI_PNB368W1
=ANSI_X962_BINARY_CURVE.subBranch(19);
static final OBJECT_IDENTIFIER CURVE_ANSI_TNB431R1
=ANSI_X962_BINARY_CURVE.subBranch(20);
// SEG Prime curves
static final OBJECT_IDENTIFIER CURVE_SECG_P112R1
= SECG_EC_CURVE.subBranch(6);
static final OBJECT_IDENTIFIER CURVE_SECG_P112R2
= SECG_EC_CURVE.subBranch(7);
static final OBJECT_IDENTIFIER CURVE_SECG_P128R1
= SECG_EC_CURVE.subBranch(28);
static final OBJECT_IDENTIFIER CURVE_SECG_P128R2
= SECG_EC_CURVE.subBranch(29);
static final OBJECT_IDENTIFIER CURVE_SECG_P160K1
= SECG_EC_CURVE.subBranch(9);
static final OBJECT_IDENTIFIER CURVE_SECG_P160R1
= SECG_EC_CURVE.subBranch(8);
static final OBJECT_IDENTIFIER CURVE_SECG_P160R2
= SECG_EC_CURVE.subBranch(30);
static final OBJECT_IDENTIFIER CURVE_SECG_P192K1
= SECG_EC_CURVE.subBranch(31);
static final OBJECT_IDENTIFIER CURVE_SECG_P224K1
= SECG_EC_CURVE.subBranch(32);
static final OBJECT_IDENTIFIER CURVE_SECG_P224R1
= SECG_EC_CURVE.subBranch(33);
static final OBJECT_IDENTIFIER CURVE_SECG_P256K1
= SECG_EC_CURVE.subBranch(10);
static final OBJECT_IDENTIFIER CURVE_SECG_P384R1
= SECG_EC_CURVE.subBranch(34);
static final OBJECT_IDENTIFIER CURVE_SECG_P521R1
= SECG_EC_CURVE.subBranch(35);
// SEG Binary curves
static final OBJECT_IDENTIFIER CURVE_SECG_T113R1
= SECG_EC_CURVE.subBranch(4);
static final OBJECT_IDENTIFIER CURVE_SECG_T113R2
= SECG_EC_CURVE.subBranch(5);
static final OBJECT_IDENTIFIER CURVE_SECG_T131R1
= SECG_EC_CURVE.subBranch(22);
static final OBJECT_IDENTIFIER CURVE_SECG_T131R2
= SECG_EC_CURVE.subBranch(23);
static final OBJECT_IDENTIFIER CURVE_SECG_T163K1
= SECG_EC_CURVE.subBranch(1);
static final OBJECT_IDENTIFIER CURVE_SECG_T163R1
= SECG_EC_CURVE.subBranch(2);
static final OBJECT_IDENTIFIER CURVE_SECG_T163R2
= SECG_EC_CURVE.subBranch(15);
static final OBJECT_IDENTIFIER CURVE_SECG_T193R1
= SECG_EC_CURVE.subBranch(24);
static final OBJECT_IDENTIFIER CURVE_SECG_T193R2
= SECG_EC_CURVE.subBranch(25);
static final OBJECT_IDENTIFIER CURVE_SECG_T233K1
= SECG_EC_CURVE.subBranch(26);
static final OBJECT_IDENTIFIER CURVE_SECG_T233R1
= SECG_EC_CURVE.subBranch(27);
static final OBJECT_IDENTIFIER CURVE_SECG_T239K1
= SECG_EC_CURVE.subBranch(3);
static final OBJECT_IDENTIFIER CURVE_SECG_T283K1
= SECG_EC_CURVE.subBranch(16);
static final OBJECT_IDENTIFIER CURVE_SECG_T283R1
= SECG_EC_CURVE.subBranch(17);
static final OBJECT_IDENTIFIER CURVE_SECG_T409K1
= SECG_EC_CURVE.subBranch(36);
static final OBJECT_IDENTIFIER CURVE_SECG_T409R1
= SECG_EC_CURVE.subBranch(37);
static final OBJECT_IDENTIFIER CURVE_SECG_T571K1
= SECG_EC_CURVE.subBranch(38);
static final OBJECT_IDENTIFIER CURVE_SECG_T571R1
= SECG_EC_CURVE.subBranch(39);
private AlgorithmParameterSpec getCurve(int strength)
throws InvalidParameterException
{
OBJECT_IDENTIFIER oid;
switch (strength) {
case 112:
oid = CURVE_SECG_P112R1; // == WTLS-6
// Can't get to curve SECG P-112R2
// Can't get to curve WTLS-8 (No oid for WTLS-8)
break;
case 113:
oid = CURVE_SECG_T113R1; // == WTLS-4
// Can't get to curve SECG T-113R2
// Can't get to curve WTLS-1 (No oid for WTLS-1)
break;
case 128:
oid = CURVE_SECG_P128R1;
// Can't get to curve SECG P-128R2
break;
case 131:
oid = CURVE_SECG_T131R1;
// Can't get to curve SECG T-131R2
break;
case 160:
oid = CURVE_SECG_P160R1; // == WTLS-7 (TLS-16)
// Can't get to curve SECG P-160K1 (TLS-15)
// Can't get to curve SECG P-160R2 (TLS-17)
// Can't get to curve WTLS-9 (No oid for WTLS-9)
break;
case 163:
oid = CURVE_SECG_T163K1; // == NIST K-163 == WTLS-3 (TLS-1)
// Can't get to curve ANSI C2-PNB163V1 == WTLS-5
// Can't get to curve ANSI C2-PNB163V2
// Can't get to curve ANSI C2-PNB163V3
// Can't get to curve SECG T-163R1 (TLS-2)
// Can't get to curve SECG T-163R2 == NIST B-163 (TLS-3)
break;
case 176:
oid = CURVE_ANSI_PNB176V1;
break;
case 191:
oid = CURVE_ANSI_TNB191V1;
// Can't get to curve ANSI C2-TNB191V2
// Can't get to curve ANSI C2-TNB191V3
// Can't get to curve ANSI C2-ONB191V4
// Can't get to curve ANSI C2-ONB191V5
break;
case 192:
oid = CURVE_ANSI_P192V1; // == NIST P-192 == SECG P-192R1 (TLS-19)
// Can't get to curve ANSI P-192V2
// Can't get to curve ANSI P-192V3
// Can't get to curve SECG P-192K1 (TLS-18)
break;
case 193:
oid = CURVE_SECG_T193R1; // (TLS-4)
// Can't get to curve SECG T-193R2 // (TLS-5)
break;
case 208:
oid = CURVE_ANSI_PNB208W1;
break;
case 224:
oid = CURVE_SECG_P224R1; // == NIST P-224 == WTLS-12 (TLS-21)
// Can't get to curve SECG P-224K1 (TLS-20)
break;
case 233:
oid = CURVE_SECG_T233R1; // == NIST B-233 == WTLS-11 (TLS-7)
// Can't get to curve SECG T-233K1 == NIST K-233 == WTLS-10 (TLS-6)
break;
case 239:
oid = CURVE_SECG_T239K1; // (TLS8)
// Can't get to curve ANSI P-239V1
// Can't get to curve ANSI P-239V2
// Can't get to curve ANSI P-239V3
// Can't get to curve ANSI C2-TNB239V1
// Can't get to curve ANSI C2-TNB239V2
// Can't get to curve ANSI C2-TNB239V3
// Can't get to curve ANSI C2-ONB239V4
// Can't get to curve ANSI C2-ONB239V5
break;
case 256:
oid = CURVE_ANSI_P256V1; // == NIST P-256 == SECG P-256R1 (TLS-23)
// Can't get to curve SECG P-256K1 (TLS-22)
break;
case 272:
oid = CURVE_ANSI_PNB272W1;
break;
case 283:
oid = CURVE_SECG_T283R1; // == NIST B-283 (TLS-10)
// Can't get to curve SECG T-283K1 == NIST K-283 (TLS-9)
break;
case 304:
oid = CURVE_ANSI_PNB304W1;
break;
case 359:
oid = CURVE_ANSI_TNB359V1;
break;
case 368:
oid = CURVE_ANSI_PNB368W1;
break;
case 384:
oid = CURVE_SECG_P384R1; // == NIST P-384 (TLS-24)
break;
case 409:
oid = CURVE_SECG_T409R1; // == NIST B-409 (TLS-12)
// Can't get to curve SECG T-409K1 == NIST K-409 (TLS-11)
break;
case 431:
oid = CURVE_ANSI_TNB431R1;
break;
case 521:
oid = CURVE_SECG_P521R1; // == NIST P-521 (TLS-25)
break;
case 571:
oid = CURVE_SECG_T571R1; // == NIST B-571 (TLS-14)
// Can't get to curve SECG T-571K1 == NIST K-571 (TLS-13)
break;
default:
throw new InvalidParameterException();
}
return new PK11ParameterSpec(ASN1Util.encode(oid));
}
///////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////

23
security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.c
View File

@ -393,18 +393,35 @@ Java_org_mozilla_jss_pkcs11_PK11KeyWrapper_nativeUnwrapPrivWithSym
keyType = PK11_GetKeyType(keyTypeMech, 0);
/* figure out which operations to enable for this key */
if( keyType == CKK_RSA ) {
switch (keyType) {
case CKK_RSA:
attribs[0] = CKA_SIGN;
attribs[1] = CKA_DECRYPT;
attribs[2] = CKA_SIGN_RECOVER;
attribs[3] = CKA_UNWRAP;
numAttribs = 4;
} else if(keyType == CKK_DSA) {
break;
case CKK_DSA:
attribs[0] = CKA_SIGN;
numAttribs = 1;
} else {
break;
case CKK_KEA:
case CKK_DH:
case CKK_X9_42_DH:
attribs[0] = CKA_DERIVE;
numAttribs = 1;
break;
case CKK_EC:
attribs[0] = CKA_SIGN;
attribs[1] = CKA_DERIVE;
numAttribs = 2;
break;
default:
/* unknown key type */
PR_ASSERT(PR_FALSE);
attribs[0] = CKA_SIGN;
numAttribs = 1;
break;
}
/* perform the unwrap */

18
security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.java
View File

@ -45,6 +45,8 @@ import org.mozilla.jss.util.Assert;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.interfaces.DSAPublicKey;
//requires JAVA 1.5
//import java.security.interfaces.ECPublicKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.RC2ParameterSpec;
@ -168,6 +170,8 @@ final class PK11KeyWrapper implements KeyWrapper {
try {
KeyType type = KeyType.getKeyTypeFromAlgorithm(algorithm);
if( (type == KeyType.RSA && !(key instanceof RSAPublicKey)) ||
// requires JAVA 1.5
// (type == KeyType.EC && !(key instanceof ECPublicKey)) ||
(type == KeyType.DSA && !(key instanceof DSAPublicKey)) ) {
throw new InvalidKeyException("Key is not the right type for "+
"this algorithm");
@ -433,12 +437,14 @@ final class PK11KeyWrapper implements KeyWrapper {
/**
* Extracts the "public value" from a public key. The public value is
* used to construct the key identifier (CKA_ID). Also, the internal token
* stores the DSA public value along with the private key.
* stores the EC DSA and EC public value along with the private key.
*/
private static byte[]
extractPublicValue(PublicKey publicKey, PrivateKey.Type type)
throws InvalidKeyException
{
/* this code should call a generic function wich returns the
* proper public value. */
if( publicKey == null ) {
throw new InvalidKeyException("publicKey is null");
}
@ -517,12 +523,14 @@ final class PK11KeyWrapper implements KeyWrapper {
private static Algorithm
algFromType(PrivateKey.Type type) {
if(type == PrivateKey.RSA) {
if (type == PrivateKey.RSA) {
return KeyPairAlgorithm.RSAFamily;
} else {
Assert._assert(type == PrivateKey.DSA);
} else if (type == PrivateKey.DSA) {
return KeyPairAlgorithm.DSAFamily;
}
} else {
Assert._assert( type == PrivateKey.EC);
return KeyPairAlgorithm.ECFamily;
}
}
private static Algorithm

50
security/jss/org/mozilla/jss/pkcs11/PK11ParameterSpec.java Normal file
View File

@ -0,0 +1,50 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape Security Services for Java.
*
* The Initial Developer of the Original Code is Red Hat, Inc.
* Portions created by Red Hat are
* Copyright (C) 2005,2006 Red Hat, Inc. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
package org.mozilla.jss.pkcs11;
import java.security.spec.AlgorithmParameterSpec;
public final class PK11ParameterSpec implements AlgorithmParameterSpec
{
public PK11ParameterSpec(byte [] derBlob)
{
blob = derBlob;
}
public byte [] getEncoded()
{
return blob;
}
private byte [] blob;
}

35
security/jss/org/mozilla/jss/pkcs11/PK11PrivKey.c
View File

@ -76,6 +76,9 @@ JSS_PK11_wrapPrivKey(JNIEnv *env, SECKEYPrivateKey **privk)
case dsaKey:
className = "org/mozilla/jss/pkcs11/PK11DSAPrivateKey";
break;
case ecKey:
className = "org/mozilla/jss/pkcs11/PK11ECPrivateKey";
break;
default:
className = "org/mozilla/jss/pkcs11/PK11PrivKey";
break;
@ -120,6 +123,8 @@ Java_org_mozilla_jss_pkcs11_PK11PrivKey_verifyKeyIsOnToken
SECKEYPrivateKey *key = NULL;
PK11SlotInfo *slot = NULL;
PK11SlotInfo *keySlot = NULL;
PK11SlotInfo *dbSlot = NULL;
PK11SlotInfo *cryptoSlot = NULL;
if( JSS_PK11_getPrivKeyPtr(env, this, &key) != PR_SUCCESS) {
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
@ -132,9 +137,11 @@ Java_org_mozilla_jss_pkcs11_PK11PrivKey_verifyKeyIsOnToken
}
keySlot = PK11_GetSlotFromPrivateKey(key);
if(keySlot == PK11_GetInternalKeySlot()) {
dbSlot = PK11_GetInternalKeySlot();
if(keySlot == dbSlot) {
cryptoSlot = PK11_GetInternalSlot();
/* hack for internal module */
if(slot != keySlot && slot != PK11_GetInternalSlot()) {
if(slot != keySlot && slot != cryptoSlot) {
JSS_throwMsg(env, NO_SUCH_ITEM_ON_TOKEN_EXCEPTION,
"Key is not present on this token");
goto finish;
@ -149,6 +156,12 @@ finish:
if(keySlot != NULL) {
PK11_FreeSlot(keySlot);
}
if(dbSlot != NULL) {
PK11_FreeSlot(dbSlot);
}
if(cryptoSlot != NULL) {
PK11_FreeSlot(cryptoSlot);
}
}
/*
@ -199,6 +212,10 @@ Java_org_mozilla_jss_pkcs11_PK11PrivKey_getKeyType
break;
case keaKey:
keyTypeFieldName = KEA_KEYTYPE_FIELD;
break;
case ecKey:
keyTypeFieldName = EC_KEYTYPE_FIELD;
break;
default:
PR_ASSERT(PR_FALSE);
keyTypeFieldName = NULL_KEYTYPE_FIELD;
@ -446,11 +463,19 @@ JSS_PK11_getKeyType(JNIEnv *env, jobject keyTypeObj)
jfieldID fieldID;
char *fieldNames[] = {
RSA_PRIVKEYTYPE_FIELD,
DSA_PRIVKEYTYPE_FIELD };
int numTypes = 2;
DSA_PRIVKEYTYPE_FIELD,
FORTEZZA_KEYTYPE_FIELD,
DH_KEYTYPE_FIELD,
KEA_KEYTYPE_FIELD,
EC_KEYTYPE_FIELD };
int numTypes = 6;
KeyType keyTypes[] = {
rsaKey,
dsaKey };
dsaKey,
fortezzaKey,
dhKey,
keaKey,
ecKey };
jobject field;
int i;

8
security/jss/org/mozilla/jss/pkcs11/PK11PrivKey.java
View File

@ -78,10 +78,12 @@ public class PK11PrivKey extends org.mozilla.jss.pkcs11.PK11Key
if( kt == KeyType.RSA ) {
return PrivateKey.Type.RSA;
} else {
Assert._assert(kt == KeyType.DSA);
} else if (kt == KeyType.DSA) {
return PrivateKey.Type.DSA;
}
} else {
Assert._assert(kt == KeyType.EC);
return PrivateKey.Type.EC;
}
}
public String getAlgorithm() {

49
security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c
View File

@ -37,6 +37,7 @@
#include "_jni/org_mozilla_jss_pkcs11_PublicKeyProxy.h"
#include "_jni/org_mozilla_jss_pkcs11_PK11RSAPublicKey.h"
#include "_jni/org_mozilla_jss_pkcs11_PK11DSAPublicKey.h"
#include "_jni/org_mozilla_jss_pkcs11_PK11ECPublicKey.h"
#include <plarena.h>
#include <secmodt.h>
@ -106,6 +107,9 @@ JSS_PK11_wrapPubKey(JNIEnv *env, SECKEYPublicKey **pKey)
case dsaKey:
keyClassName = PK11_DSA_PUBKEY_CLASS_NAME;
break;
case ecKey:
keyClassName = PK11_EC_PUBKEY_CLASS_NAME;
break;
default:
keyClassName = PK11PUBKEY_CLASS_NAME;
break;
@ -258,6 +262,9 @@ Java_org_mozilla_jss_pkcs11_PK11PubKey_getKeyType
case dsaKey:
keyTypeFieldName = DSA_KEYTYPE_FIELD;
break;
case ecKey:
keyTypeFieldName = EC_KEYTYPE_FIELD;
break;
case fortezzaKey:
keyTypeFieldName = FORTEZZA_KEYTYPE_FIELD;
break;
@ -305,7 +312,9 @@ typedef enum {
DSA_G,
DSA_PUBLIC,
RSA_MODULUS,
RSA_PUBLIC_EXPONENT
RSA_PUBLIC_EXPONENT,
EC_CURVE,
EC_W
} PublicKeyField;
static jbyteArray
@ -402,6 +411,36 @@ Java_org_mozilla_jss_pkcs11_PK11DSAPublicKey_getYByteArray
return get_public_key_info(env, this, DSA_PUBLIC);
}
/**********************************************************************
*
* PK11ECPublicKey.getParamByteArray
*
* Returns the curve of this EC Public Key. The format is a DER encoded
* octet string in a byte array.
*
*/
JNIEXPORT jbyteArray JNICALL
Java_org_mozilla_jss_pkcs11_PK11ECPublicKey_getCurveByteArray
(JNIEnv *env, jobject this)
{
return get_public_key_info(env, this, EC_CURVE);
}
/**********************************************************************
*
* PK11ECPublicKey.getWByteArray
*
* Returns the public value (W) of this EC Public Key.
* The format is a 1 byte to indicate compression followed by points
* Wx and Wy unsigned and connatonatted.
*
*/
JNIEXPORT jbyteArray JNICALL
Java_org_mozilla_jss_pkcs11_PK11ECPublicKey_getWByteArray
(JNIEnv *env, jobject this)
{
return get_public_key_info(env, this, EC_W);
}
/**********************************************************************
* g e t _ p u b l i c _ k e y _ i n f o
*
@ -449,6 +488,14 @@ get_public_key_info
PR_ASSERT(pubk->keyType == rsaKey);
item = &pubk->u.rsa.publicExponent;
break;
case EC_CURVE:
PR_ASSERT(pubk->keyType == ecKey);
item = &pubk->u.ec.DEREncodedParams;
break;
case EC_W:
PR_ASSERT(pubk->keyType == ecKey);
item = &pubk->u.ec.publicValue;
break;
default:
PR_ASSERT(PR_FALSE);
break;

4
security/jss/org/mozilla/jss/pkcs11/PK11PubKey.java
View File

@ -70,14 +70,14 @@ public class PK11PubKey extends org.mozilla.jss.pkcs11.PK11Key
* @param rawKey The bytes of the raw key.
* @exception InvalidKeyFormatException If the raw key could not be
* decoded.
* @deprecated This method works for RSA keys but not DSA keys. Use
* @deprecated This method works for RSA keys but not DSA or EC keys. Use
* fromSPKI() instead.
* @see #fromSPKI(byte[])
*/
public static PK11PubKey fromRaw(PrivateKey.Type type, byte[] rawKey)
throws InvalidKeyFormatException
{
if( type == PrivateKey.Type.DSA ) {
if( type != PrivateKey.Type.RSA ) {
throw new InvalidKeyFormatException(
"fromRaw() is broken for DSA keys. Use fromSPKI() instead.");
}

178
security/jss/org/mozilla/jss/pkcs11/PK11Token.c
View File

@ -62,18 +62,13 @@
#define ERRX 1
#define KEYTYPE_DSA_STRING "dsa"
#define KEYTYPE_RSA_STRING "rsa"
#define KEYTYPE_DSA 1
#define KEYTYPE_RSA 2
#define KEYTYPE_EC_STRING "ec"
static CERTCertificateRequest* make_cert_request(JNIEnv *env,
const char *subject, SECKEYPublicKey *pubk);
void GenerateCertRequest(JNIEnv *env, unsigned int ktype, const char *subject,
int keysize, PK11SlotInfo *slot,
unsigned char **b64request, PQGParams *dsaParams);
static SECStatus GenerateKeyPair(JNIEnv *env, unsigned int ktype,
PK11SlotInfo *slot,
SECKEYPublicKey **pubk,
SECKEYPrivateKey **privk, int keysize, PQGParams *dsaParams);
PK11SlotInfo *slot,
unsigned char **b64request, void *params);
/* these values are taken from PK11KeyPairGenerator.java */
#define DEFAULT_RSA_KEY_SIZE 2048
@ -916,7 +911,9 @@ Java_org_mozilla_jss_pkcs11_PK11Token_doesAlgorithm
PR_ASSERT(slot != NULL);
mech = JSS_getPK11MechFromAlg(env, alg);
PR_ASSERT( mech != CKM_INVALID_MECHANISM );
/* not an assertion, some algorithms don't have Mechanism yet */
/*PR_ASSERT( mech != CKM_INVALID_MECHANISM ); */
if( PK11_DoesMechanism(slot, mech) == PR_TRUE) {
doesMech = JNI_TRUE;
@ -971,21 +968,25 @@ JNIEXPORT jstring JNICALL Java_org_mozilla_jss_pkcs11_PK11Token_generatePK10
PQGParams *dsaParams=NULL;
const char* c_keyType;
jboolean k_isCopy;
unsigned int ktype = 0;
SECOidTag signType = SEC_OID_UNKNOWN;
PK11RSAGenParams rsaParams;
void *params = NULL;
PR_ASSERT(env!=NULL && this!=NULL);
/* get keytype */
c_keyType = (*env)->GetStringUTFChars(env, keyType, &k_isCopy);
if (0 == PL_strcasecmp(c_keyType, KEYTYPE_DSA_STRING)) {
ktype = KEYTYPE_DSA;
} else if (0 == PL_strcasecmp(c_keyType, KEYTYPE_RSA_STRING)) {
ktype = KEYTYPE_RSA;
} else {
JSS_throw(env, INVALID_PARAMETER_EXCEPTION);
}
if (ktype == KEYTYPE_DSA) {
if (0 == PL_strcasecmp(c_keyType, KEYTYPE_RSA_STRING)) {
signType = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;
if( keysize == -1 ) {
rsaParams.keySizeInBits = DEFAULT_RSA_KEY_SIZE;
} else {
rsaParams.keySizeInBits = keysize;
}
rsaParams.pe = DEFAULT_RSA_PUBLIC_EXPONENT;
params = (void *)&rsaParams;
} else if (0 == PL_strcasecmp(c_keyType, KEYTYPE_DSA_STRING)) {
signType = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
if (P==NULL || Q==NULL || G ==NULL) {
/* shouldn't happen */
JSS_throw(env, INVALID_PARAMETER_EXCEPTION);
@ -999,18 +1000,23 @@ JNIEXPORT jstring JNICALL Java_org_mozilla_jss_pkcs11_PK11Token_generatePK10
if( JSS_ByteArrayToOctetString(env, P, &p) ||
JSS_ByteArrayToOctetString(env, Q, &q) ||
JSS_ByteArrayToOctetString(env, G, &g) )
{
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
goto finish;
}
{
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
goto finish;
}
dsaParams = PK11_PQG_NewParams(&p, &q, &g);
if(dsaParams == NULL) {
JSS_throw(env, OUT_OF_MEMORY_ERROR);
goto finish;
}
}
} /* end ktype == KEYTYPE_DSA */
params = (void *)dsaParams;
} else if (0 == PL_strcasecmp(c_keyType, KEYTYPE_EC_STRING)) {
signType = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST;
/* get ec param */
} else {
JSS_throw(env, INVALID_PARAMETER_EXCEPTION);
}
if( JSS_PK11_getTokenSlotPtr(env, this, &slot) != PR_SUCCESS) {
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
@ -1027,11 +1033,8 @@ JNIEXPORT jstring JNICALL Java_org_mozilla_jss_pkcs11_PK11Token_generatePK10
/* get subject */
c_subject = (*env)->GetStringUTFChars(env, subject, &isCopy);
/* get keysize */
/* call GenerateCertRequest() */
GenerateCertRequest(env, ktype, c_subject, (int) keysize, slot, &b64request,
dsaParams);
GenerateCertRequest(env, signType, c_subject, slot, &b64request, params);
finish:
if (isCopy == JNI_TRUE) {
@ -1044,7 +1047,7 @@ finish:
(*env)->ReleaseStringUTFChars(env, keyType, c_keyType);
}
if (ktype == KEYTYPE_DSA) {
if (signType == SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) {
SECITEM_FreeItem(&p, PR_FALSE);
SECITEM_FreeItem(&q, PR_FALSE);
SECITEM_FreeItem(&g, PR_FALSE);
@ -1065,10 +1068,10 @@ finish:
*/
void
GenerateCertRequest(JNIEnv *env,
unsigned int ktype, const char *subject, int keysize,
SECOidTag signType, const char *subject,
PK11SlotInfo *slot,
unsigned char **b64request,
PQGParams *dsaParams) {
unsigned char **b64request,
void *params) {
CERTCertificateRequest *req;
@ -1078,14 +1081,28 @@ GenerateCertRequest(JNIEnv *env,
PRArenaPool *arena;
SECItem result_der, result;
SECItem *blob;
CK_MECHANISM_TYPE signMech;
CK_MECHANISM_TYPE keygenMech;
#ifdef DEBUG
printf("in GenerateCertRequest(), subject=%s, keysize = %d",
subject, keysize);
printf("in GenerateCertRequest(), subject=%s, ",
subject);
#endif
if( GenerateKeyPair(env, ktype, slot, &pubk, &privk, keysize,
dsaParams) != SECSuccess) {
/*
* Use the tables to reduce the code of adding new
* types of keys.
*/
signMech = PK11_AlgtagToMechanism(signType);
if (signMech == CKM_INVALID_MECHANISM) {
#ifdef DEBUG
printf("Error getting KEYGEN Mechanism.");
#endif
}
keygenMech = PK11_GetKeyGen(signMech);
if( JSS_PK11_generateKeyPair(env, keygenMech, slot, &pubk, &privk,
params, PR_FALSE, -1, -1) != SECSuccess) {
#ifdef DEBUG
printf("Error generating keypair.");
#endif
@ -1121,8 +1138,7 @@ GenerateCertRequest(JNIEnv *env,
}
rv = SEC_DerSignData(arena, &result, result_der.data, result_der.len,
privk,
(ktype==KEYTYPE_RSA)? SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST);
privk, signType);
if (rv) {
JSS_nativeThrowMsg(env, TOKEN_EXCEPTION,
"signing of data failed");
@ -1177,87 +1193,3 @@ make_cert_request(JNIEnv *env, const char *subject, SECKEYPublicKey *pubk)
return req;
}
/******************************************************************
*
* G e n e r a t e K e y P a i r
*/
static SECStatus
GenerateKeyPair(JNIEnv *env, unsigned int ktype, PK11SlotInfo *slot, SECKEYPublicKey **pubk,
SECKEYPrivateKey **privk, int keysize, PQGParams *dsaParams)
{
PK11RSAGenParams rsaParams;
if (ktype == KEYTYPE_RSA) {
if( keysize == -1 ) {
rsaParams.keySizeInBits = DEFAULT_RSA_KEY_SIZE;
} else {
rsaParams.keySizeInBits = keysize;
}
rsaParams.pe = DEFAULT_RSA_PUBLIC_EXPONENT;
}
if(PK11_Authenticate( slot, PR_FALSE /*loadCerts*/, NULL /*wincx*/)
!= SECSuccess) {
JSS_nativeThrowMsg(env, TOKEN_EXCEPTION,
"failure authenticating to key database");
return SECFailure;
}
if(PK11_NeedUserInit(slot)) {
JSS_nativeThrowMsg(env, TOKEN_EXCEPTION,
"token not initialized with password");
return SECFailure;
}
#ifdef DEBUG
printf("key type == %d", ktype);
#endif
if (ktype == KEYTYPE_RSA) {
*privk = PK11_GenerateKeyPair (slot,
CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaParams,
pubk, PR_TRUE /*isPerm*/, PR_TRUE /*isSensitive*/, NULL);
} else { /* dsa */
*privk = PK11_GenerateKeyPair (slot,
CKM_DSA_KEY_PAIR_GEN, (void *)dsaParams,
pubk, PR_TRUE /*isPerm*/, PR_TRUE /*isSensitive*/, NULL);
}
if( *privk == NULL ) {
int errLength;
char *errBuf;
char *msgBuf;
errLength = PR_GetErrorTextLength();
if(errLength > 0) {
errBuf = PR_Malloc(errLength);
if(errBuf == NULL) {
JSS_throw(env, OUT_OF_MEMORY_ERROR);
return SECFailure;
}
PR_GetErrorText(errBuf);
}
msgBuf = PR_smprintf("Keypair Generation failed on token: %s",
errLength>0? errBuf : "");
if(errLength>0) {
PR_Free(errBuf);
}
JSS_throwMsg(env, TOKEN_EXCEPTION, msgBuf);
PR_Free(msgBuf);
return SECFailure;
}
if (*privk != NULL && *pubk != NULL) {
#ifdef DEBUG
printf("generated public/private key pair\n");
#endif
} else {
JSS_nativeThrowMsg(env, TOKEN_EXCEPTION,
"failure generating key pair");
return SECFailure;
}
return SECSuccess;
}

8
security/jss/org/mozilla/jss/pkcs11/PK11Token.java
View File

@ -48,7 +48,7 @@ import java.security.InvalidParameterException;
* CryptoManager class.
*
* @author nicolson
* @version $Revision: 1.7 $ $Date: 2004/04/25 15:02:22 $
* @version $Revision: 1.8 $ $Date: 2006/02/10 22:06:12 $
* @see org.mozilla.jss.CryptoManager
*/
public final class PK11Token implements CryptoToken {
@ -449,9 +449,9 @@ public final class PK11Token implements CryptoToken {
* @param subject subject dn of the certificate
* @param keysize size of the key
* @param keyType "rsa" or "dsa"
* @param P The DSA prime parameter
* @param Q The DSA sub-prime parameter
* @param G The DSA base parameter
* @param P The DSA prime parameter
* @param Q The DSA sub-prime parameter
* @param G The DSA base parameter
* @return String that represents a PKCS#10 b64 encoded blob with
* begin/end brackets
*/

30
security/jss/org/mozilla/jss/pkcs11/pk11util.h
View File

@ -127,7 +127,35 @@ JSS_PK11_wrapSymKey(JNIEnv *env, PK11SymKey **symKey);
KeyType
JSS_PK11_getKeyType(JNIEnv *env, jobject keyTypeObj);
/***********************************************************************
* JSS_PK11_generateKeyPair
*
* Create a new key pair based on the passed in mechanism and parameters
*
* INPUTS
* mechanism
* A PKCS#11 KeyPair Mechanism
* slot
* Slot to generate the keypair in.
* pubk
* returned public key
* privk
* returned private key key
* param
* PKCS #11 mechanism parameters
* temporary
* boolean to say if the key is temporary or permanent
* sensitive
* int to say if the key should be sensitive or not (-1 is default)
* extractable
* int to say if the key should be extractable or not (-1 is default)
* RETURNS
* The SECStatus, SECSuccess of success, SECFailure on failure
*/
SECStatus
JSS_PK11_generateKeyPair(JNIEnv *env, CK_MECHANISM_TYPE mechanism,
PK11SlotInfo *slot, SECKEYPublicKey **pubk, SECKEYPrivateKey **privK,
void *params, PRBool temporary, jint senstive, jint extractable);
/*=====================================================================
C E R T I F I C A T E S

7
security/jss/org/mozilla/jss/provider/java/security/JSSKeyPairGeneratorSpi.java
View File

@ -78,7 +78,7 @@ class JSSKeyPairGeneratorSpi
kpg.initialize(keysize, random);
}
public KeyPair generateKeyPair() {
public KeyPair generateKeyPair() {
try {
return kpg.genKeyPair();
} catch(TokenException e) {
@ -96,4 +96,9 @@ class JSSKeyPairGeneratorSpi
super(KeyPairAlgorithm.DSA);
}
}
public static class EC extends JSSKeyPairGeneratorSpi {
public EC() {
super(KeyPairAlgorithm.EC);
}
}
}

20
security/jss/org/mozilla/jss/provider/java/security/JSSSignatureSpi.java
View File

@ -204,6 +204,26 @@ class JSSSignatureSpi extends java.security.SignatureSpi {
super(SignatureAlgorithm.DSASignatureWithSHA1Digest);
}
}
public static class SHA1EC extends JSSSignatureSpi {
public SHA1EC() {
super(SignatureAlgorithm.ECSignatureWithSHA1Digest);
}
}
public static class SHA256EC extends JSSSignatureSpi {
public SHA256EC() {
super(SignatureAlgorithm.ECSignatureWithSHA256Digest);
}
}
public static class SHA384EC extends JSSSignatureSpi {
public SHA384EC() {
super(SignatureAlgorithm.ECSignatureWithSHA384Digest);
}
}
public static class SHA512EC extends JSSSignatureSpi {
public SHA512EC() {
super(SignatureAlgorithm.ECSignatureWithSHA512Digest);
}
}
public static class MD2RSA extends JSSSignatureSpi {
public MD2RSA() {
super(SignatureAlgorithm.RSASignatureWithMD2Digest);

42
security/jss/org/mozilla/jss/provider/java/security/KeyFactorySpi1_2.java
View File

@ -71,10 +71,9 @@ public class KeyFactorySpi1_2 extends java.security.KeyFactorySpi
return PK11PubKey.fromRaw( PrivateKey.RSA, ASN1Util.encode(seq) );
} else if( keySpec instanceof DSAPublicKeySpec ) {
// We need to import both the public value and the PQG parameters.
// The only way to get all that information to NSS is through
// a SubjectPublicKeyInfo. So we encode all the information
// into an SPKI and then throw that down to NSS.
// This operation is very computationally expensive and wasteful.
// The only way to get all that information in DER is to send
// a full SubjectPublicKeyInfo. So we encode all the information
// into an SPKI.
DSAPublicKeySpec spec = (DSAPublicKeySpec) keySpec;
@ -95,6 +94,41 @@ public class KeyFactorySpi1_2 extends java.security.KeyFactorySpi
algID, new BIT_STRING(encodedPublicValue, 0) );
return PK11PubKey.fromSPKI( ASN1Util.encode(spki) );
//
// requires JAVA 1.5
//
//} else if( keySpec instanceof ECPublicKeySpec ) {
// // We need to import both the public value and the curve.
// // The only way to get all that information in DER is to send
// // a full SubjectPublicKeyInfo. So we encode all the information
// // into an SPKI.
//
// ECPublicKeySpec spec = (ECPublicKeySpec) keySpec;
// AlgorithmParameters algParams = getInstance("ECParameters");
//
// algParameters.init(spec.getECParameters());
// OBJECT_IDENTIFIER oid = null;
// try {
// oid = SignatureAlgorithm.ECSignature.toOID();
// } catch(NoSuchAlgorithmException ex ) {
// Assert.notReached("no such algorithm as DSA?");
// }
// AlgorithmIdentifier algID =
// new AlgorithmIdentifier(oid, ecParams.getParams() );
// INTEGER publicValueX = new INTEGER(spec.getW().getAffineX());
// INTEGER publicValueY = new INTEGER(spec.getW().getAffineY());
// byte[] encodedPublicValue;
// encodedPublicValue[0] = EC_UNCOMPRESSED_POINT;
// encodedPublicValue += spec.getW().getAffineX().toByteArray();
// encodedPublicValue += spec.getW().getAffineY().toByteArray();
//
// byte[] encodedPublicValue = ASN1Util.encode(publicValue);
// SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo(
// algID, new BIT_STRING(encodedPublicValue, 0) );
//
// return PK11PubKey.fromSPKI( ASN1Util.encode(spki) );
//
// use the following for EC keys in 1.4.2
} else if( keySpec instanceof X509EncodedKeySpec ) {
//
// SubjectPublicKeyInfo

19
security/jss/org/mozilla/jss/tests/JCASigTest.java
View File

@ -140,6 +140,25 @@ public class JCASigTest {
sigTest("SHA-384/RSA", keyPair);
sigTest("SHA-512/RSA", keyPair);
kpgen = KeyPairGenerator.getInstance("EC");
kpgen.initialize(256);
keyPair = kpgen.generateKeyPair();
provider = kpgen.getProvider();
System.out.println("The provider used to Generate the Keys was "
+ provider.getName() );
System.out.println("provider info " + provider.getInfo() );
if (provider.getName().equalsIgnoreCase("Mozilla-JSS") == false) {
System.out.println("Mozilla-JSS is supposed to be the " +
"default provider for JCASigTest");
System.exit(1);
}
sigTest("SHA-1/EC", keyPair);
sigTest("SHA-256/EC", keyPair);
sigTest("SHA-384/EC", keyPair);
sigTest("SHA-512/EC", keyPair);
} catch ( Exception e ) {
e.printStackTrace();
System.exit(1);

85
security/jss/org/mozilla/jss/tests/Makefile Normal file
View File

@ -0,0 +1,85 @@
#! gmake
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape Security Services for Java.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1998-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
dist_dir:
@echo $(SOURCE_XP_DIR)
obj_dir:
@echo $(DIST)
platform_name:
@echo $(PLATFORM)

14
security/jss/org/mozilla/jss/tests/TestKeyGen.java
View File

@ -210,6 +210,20 @@ public class TestKeyGen {
}
}
// 256-bit EC
kpg = java.security.KeyPairGenerator.getInstance("EC", "Mozilla-JSS");
kpg.initialize(256);
keyPair = kpg.genKeyPair();
System.out.println("Generated 256-bit EC KeyPair!");
kpg.initialize(384);
keyPair = kpg.genKeyPair();
System.out.println("Generated 384-bit EC KeyPair!");
kpg.initialize(521);
keyPair = kpg.genKeyPair();
System.out.println("Generated 521-bit EC KeyPair!");
System.out.println("TestKeyGen passed");
System.exit(0);
} catch (Exception e) {

42
security/jss/org/mozilla/jss/tests/all.pl
View File

@ -1,4 +1,4 @@
#
#!/usr/bin/perl
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
@ -39,12 +39,14 @@ my $java;
# dist <dist_dir>
# release <java release dir> <nss release dir> <nspr release dir>
# auto (test the current build directory)
sub usage {
print "Usage:\n";
print "$0 dist <dist_dir>\n";
print "$0 release <jss release dir> <nss release dir> "
. "<nspr release dir>\n";
print "$0 auto\n";
exit(1);
}
@ -115,6 +117,24 @@ sub setup_vars {
# take the last part (can be overriden if not <OS><VERSION>_<OPT|DBG>.OBJ
$testdir = `basename $testdir`;
chomp $testdir;
} elsif( $$argv[0] eq "auto" ) {
my $dist_dir = `make dist_dir`;
my $obj_dir = `make obj_dir`;
chomp($dist_dir);
chomp($obj_dir);
chomp( $dist_dir = `(cd $dist_dir ; pwd)`);
chomp( $obj_dir = `(cd $obj_dir ; pwd)`);
$nss_lib_dir = "$obj_dir/lib";
$jss_rel_dir = "$dist_dir/classes$dbg_suffix/org";
$jss_classpath = "$dist_dir/xpclass$jar_dbg_suffix.jar";
$ENV{CLASSPATH} .= "$dist_dir/xpclass$jar_dbg_suffix.jar";
( -f $ENV{CLASSPATH} ) or die "$ENV{CLASSPATH} does not exist";
#$ENV{$ld_lib_path} = $ENV{$ld_lib_path} . $pathsep . "$obj_dir/lib";
$ENV{$ld_lib_path} = "$obj_dir/lib";
$testdir = `basename $obj_dir`;
chomp $testdir;
} elsif( $$argv[0] eq "release" ) {
shift @$argv;
@ -376,11 +396,11 @@ $result and print "JSSE servers returned $result\n";
#
# Test JSS client communication
#
print "============= Start JSS client tests\n";
$result = system("$java org.mozilla.jss.tests.JSS_SSLClient $testdir $pwfile $portJSSEServer bypassOff");
$result >>=8;
$result and print "JSS client returned $result\n";
print_case_result ($result,"JSSE server / JSS client");
#print "============= Start JSS client tests\n";
#$result = system("$java org.mozilla.jss.tests.JSS_SSLClient $testdir $pwfile $portJSSEServer bypassOff");
#$result >>=8;
#$result and print "JSS client returned $result\n";
#print_case_result ($result,"JSSE server / JSS client");
$portJSSServer=$portJSSServer+1;
@ -395,11 +415,11 @@ $result and print "JSS servers returned $result\n";
#
# Test JSSE client communication
#
print "============= Start JSSE client tests\n";
$result = system("$java org.mozilla.jss.tests.JSSE_SSLClient $testdir $portJSSServer");
$result >>=8;
$result and print "JSSE client returned $result\n";
print_case_result ($result,"JSS server / JSSE client");
#print "============= Start JSSE client tests\n";
#$result = system("$java org.mozilla.jss.tests.JSSE_SSLClient $testdir $portJSSServer");
#$result >>=8;
#$result and print "JSSE client returned $result\n";
#print_case_result ($result,"JSS server / JSSE client");
#
# Test Enable FIPSMODE

35
security/jss/org/mozilla/jss/tests/manifest.mn Normal file
View File

@ -0,0 +1,35 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape Security Services for Java.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1998-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
CORE_DEPTH = ../../../../..

7
security/jss/org/mozilla/jss/util/java_ids.h
View File

@ -108,6 +108,7 @@ PR_BEGIN_EXTERN_C
#define NULL_KEYTYPE_FIELD "NULL"
#define RSA_KEYTYPE_FIELD "RSA"
#define DSA_KEYTYPE_FIELD "DSA"
#define EC_KEYTYPE_FIELD "EC"
#define FORTEZZA_KEYTYPE_FIELD "FORTEZZA"
#define DH_KEYTYPE_FIELD "DH"
#define KEA_KEYTYPE_FIELD "KEA"
@ -186,6 +187,11 @@ PR_BEGIN_EXTERN_C
*/
#define PK11_DSA_PUBKEY_CLASS_NAME "org/mozilla/jss/pkcs11/PK11DSAPublicKey"
/*
* PK11ECPublicKey
*/
#define PK11_EC_PUBKEY_CLASS_NAME "org/mozilla/jss/pkcs11/PK11ECPublicKey"
/*
* PK11Module
*/
@ -254,6 +260,7 @@ PR_BEGIN_EXTERN_C
#define PRIVKEYTYPE_SIG "Lorg/mozilla/jss/crypto/PrivateKey$Type;"
#define RSA_PRIVKEYTYPE_FIELD "RSA"
#define DSA_PRIVKEYTYPE_FIELD "DSA"
#define EC_PRIVKEYTYPE_FIELD "EC"
/*
* PQGParams