Bugzilla Bug 308242: added the extractablePairs method to KeyPairGenerator

to make the new PK11_ATTR_EXTRACTABLE/PK11_ATTR_UNEXTRACTABLE flags of the new PK11_GenerateKeyPairWithFlags function available to JSS. r=nkwan. sr=glen.beasley. Modified Files: crypto/KeyPairGenerator.java crypto/KeyPairGeneratorSpi.java pkcs11/PK11KeyPairGenerator.c pkcs11/PK11KeyPairGenerator.java
2024-12-03 02:25:34 +00:00 · 2005-10-27 20:47:26 +00:00 · 2005-10-27 20:47:26 +00:00 · 63eff804d1
commit 63eff804d1
parent c51d05ec1d
4 changed files with 86 additions and 24 deletions
--- a/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java
+++ b/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java
@ -160,14 +160,25 @@ public class KeyPairGenerator {
    }

    /**
-     * Tells the generator to generate temporary, rather than permanent,
-     * keypairs.  Temporary keys are not written permanently to the token.
-     * They are destroyed by the garbage collector.
+     * Tells the generator to generate temporary or permanent keypairs.
+     * Temporary keys are not written permanently to the token.  They
+     * are destroyed by the garbage collector.  If this method is not
+     * called, the default is permanent keypairs.
     */
    public void temporaryPairs(boolean temp) {
        engine.temporaryPairs(temp);
    }

+    /**
+     * Tells the generator to generate extractable or unextractable
+     * keypairs.  Extractable keys can be extracted from the token after
+     * wrapping.  If this method is not called, the default is token
+     * dependent.
+     */
+    public void extractablePairs(boolean extractable) {
+        engine.extractablePairs(extractable);
+    }
+
 	protected KeyPairAlgorithm algorithm;
 	protected KeyPairGeneratorSpi engine;
 }
--- a/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java
+++ b/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java
@ -55,5 +55,7 @@ public abstract class KeyPairGeneratorSpi {

    public abstract void temporaryPairs(boolean temp);

+    public abstract void extractablePairs(boolean extractable);
+
    public abstract boolean keygenOnInternalToken();
 }
--- a/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c
+++ b/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c
@ -126,7 +126,7 @@ int PK11_NumberObjectsFor(PK11SlotInfo*, CK_ATTRIBUTE*, int);
 JNIEXPORT jobject JNICALL
 Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPair
  (JNIEnv *env, jobject this, jobject token, jint keySize, jlong publicExponent,
-    jboolean temporary)
+    jboolean temporary, jint extractable)
 {
    PK11SlotInfo* slot;
    PK11RSAGenParams params;
@ -134,6 +134,7 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPair
    SECKEYPublicKey *pubk=NULL;
    jobject keyPair=NULL;
    PRBool sensitive = !temporary;
+    PK11AttrFlags attrFlags = 0;

    PR_ASSERT(env!=NULL && this!=NULL && token!=NULL);

@ -165,13 +166,31 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPair
    /**************************************************
     * generate the key pair on the token
     *************************************************/
-    privk = PK11_GenerateKeyPair(   slot,
-                                    CKM_RSA_PKCS_KEY_PAIR_GEN,
-                                    (void*) &params, /* params is not a ptr */
-                                    &pubk,
-                                    !temporary, /* token (permanent) object */
-                                    sensitive,
-                                    NULL /* default PW callback */ );
+    if( temporary ) {
+        attrFlags |= PK11_ATTR_SESSION;
+    } else {
+        attrFlags |= PK11_ATTR_TOKEN;
+    }
+    if( extractable == 1 ) {
+        attrFlags |= PK11_ATTR_EXTRACTABLE;
+    } else if( extractable == 0 ) {
+        attrFlags |= PK11_ATTR_UNEXTRACTABLE;
+    }
+    /*
+     * The PRIVATE/PUBLIC attributes are set this way to be backward
+     * compatible with the original PK11_GenerateKeyPair call.
+     */
+    if( sensitive ) {
+        attrFlags |= (PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE);
+    } else {
+        attrFlags |= (PK11_ATTR_INSENSITIVE | PK11_ATTR_PUBLIC);
+    }
+    privk = PK11_GenerateKeyPairWithFlags(slot,
+                                          CKM_RSA_PKCS_KEY_PAIR_GEN,
+                                          &params, /* params is not a ptr */
+                                          &pubk,
+                                          attrFlags,
+                                          NULL /* default PW callback */ );
    if( privk == NULL ) {
        int errLength;
        char *errBuf;
@ -225,7 +244,7 @@ finish:
 JNIEXPORT jobject JNICALL
 Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPair
  (JNIEnv *env, jobject this, jobject token, jbyteArray P, jbyteArray Q,
-    jbyteArray G, jboolean temporary)
+    jbyteArray G, jboolean temporary, jint extractable)
 {
    PK11SlotInfo *slot;
    SECKEYPrivateKey *privk=NULL;
@ -234,6 +253,7 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPair
    PQGParams *params=NULL;
    jobject keyPair=NULL;
    PRBool sensitive = !temporary; /* workaround bug 129563 */
+    PK11AttrFlags attrFlags = 0;

    PR_ASSERT(env!=NULL && this!=NULL && token!=NULL && P!=NULL && Q!=NULL
                && G!=NULL);
@ -281,13 +301,31 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPair
    /**************************************************
     * generate the key pair on the token
     *************************************************/
-    privk = PK11_GenerateKeyPair(   slot,
-                                    CKM_DSA_KEY_PAIR_GEN,
-                                    (void*) params, /*params is a ptr*/
-                                    &pubk,
-                                    !temporary, /* token (permanent) object */
-                                    sensitive,
-                                    NULL /* default password callback */);
+    if( temporary ) {
+        attrFlags |= PK11_ATTR_SESSION;
+    } else {
+        attrFlags |= PK11_ATTR_TOKEN;
+    }
+    if( extractable == 1 ) {
+        attrFlags |= PK11_ATTR_EXTRACTABLE;
+    } else if( extractable == 0 ) {
+        attrFlags |= PK11_ATTR_UNEXTRACTABLE;
+    }
+    /*
+     * The PRIVATE/PUBLIC attributes are set this way to be backward
+     * compatible with the original PK11_GenerateKeyPair call.
+     */
+    if( sensitive ) {
+        attrFlags |= (PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE);
+    } else {
+        attrFlags |= (PK11_ATTR_INSENSITIVE | PK11_ATTR_PUBLIC);
+    }
+    privk = PK11_GenerateKeyPairWithFlags(slot,
+                                          CKM_DSA_KEY_PAIR_GEN,
+                                          params, /* params is a ptr */
+                                          &pubk,
+                                          attrFlags,
+                                          NULL /* default PW callback */);
    if( privk == NULL ) {
        JSS_throwMsg(env, TOKEN_EXCEPTION,
                "Keypair Generation failed on PKCS #11 token");
--- a/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java
+++ b/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java
@ -184,13 +184,15 @@ public final class PK11KeyPairGenerator
                                    token,
                                    rsaparams.getKeySize(),
                                    rsaparams.getPublicExponent().longValue(),
-                                    temporaryPairMode);
+                                    temporaryPairMode,
+                                    extractablePairMode);
            } else {
                return generateRSAKeyPair(
                                    token,
                                    DEFAULT_RSA_KEY_SIZE,
                                    DEFAULT_RSA_PUBLIC_EXPONENT.longValue(),
-                                    temporaryPairMode);
+                                    temporaryPairMode,
+                                    extractablePairMode);
            }
        } else {
            Assert._assert( algorithm == KeyPairAlgorithm.DSA );
@ -203,7 +205,8 @@ public final class PK11KeyPairGenerator
                PQGParams.BigIntegerToUnsignedByteArray(dsaParams.getP()),
                PQGParams.BigIntegerToUnsignedByteArray(dsaParams.getQ()),
                PQGParams.BigIntegerToUnsignedByteArray(dsaParams.getG()),
-                temporaryPairMode );
+                temporaryPairMode,
+                extractablePairMode);
        }
    }

@ -227,7 +230,7 @@ public final class PK11KeyPairGenerator
     */
    private native KeyPair
    generateRSAKeyPair(PK11Token token, int keySize, long publicExponent,
-            boolean temporary)
+            boolean temporary, int extractable)
        throws TokenException;

    /**
@ -236,7 +239,7 @@ public final class PK11KeyPairGenerator
     */
    private native KeyPair
    generateDSAKeyPair(PK11Token token, byte[] P, byte[] Q, byte[] G,
-            boolean temporary)
+            boolean temporary, int extractable)
        throws TokenException;

    ///////////////////////////////////////////////////////////////////////
@ -345,6 +348,10 @@ public final class PK11KeyPairGenerator
        temporaryPairMode = temp;
    }

+    public void extractablePairs(boolean extractable) {
+        extractablePairMode = extractable ? 1 : 0;
+    }
+

    ///////////////////////////////////////////////////////////////////////
    ///////////////////////////////////////////////////////////////////////
@ -356,4 +363,8 @@ public final class PK11KeyPairGenerator
    private KeyPairAlgorithm algorithm;
    private boolean mKeygenOnInternalToken;
    private boolean temporaryPairMode = false;
+    //  1: extractable
+    //  0: unextractable
+    // -1: unspecified (token dependent)
+    private int extractablePairMode = -1;
 }