mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-12-04 02:57:38 +00:00
Bugzilla Bug 308242: added the extractablePairs method to KeyPairGenerator
to make the new PK11_ATTR_EXTRACTABLE/PK11_ATTR_UNEXTRACTABLE flags of the
new PK11_GenerateKeyPairWithFlags function available to JSS. r=nkwan.
sr=glen.beasley.
Modified Files:
crypto/KeyPairGenerator.java crypto/KeyPairGeneratorSpi.java
pkcs11/PK11KeyPairGenerator.c pkcs11/PK11KeyPairGenerator.java
This commit is contained in:
wtchang%redhat.com
parent
c51d05ec1d
commit
63eff804d1
@ -160,14 +160,25 @@ public class KeyPairGenerator {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Tells the generator to generate temporary, rather than permanent,
|
* Tells the generator to generate temporary or permanent keypairs.
|
||||||
* keypairs. Temporary keys are not written permanently to the token.
|
* Temporary keys are not written permanently to the token. They
|
||||||
* They are destroyed by the garbage collector.
|
* are destroyed by the garbage collector. If this method is not
|
||||||
|
* called, the default is permanent keypairs.
|
||||||
*/
|
*/
|
||||||
public void temporaryPairs(boolean temp) {
|
public void temporaryPairs(boolean temp) {
|
||||||
engine.temporaryPairs(temp);
|
engine.temporaryPairs(temp);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Tells the generator to generate extractable or unextractable
|
||||||
|
* keypairs. Extractable keys can be extracted from the token after
|
||||||
|
* wrapping. If this method is not called, the default is token
|
||||||
|
* dependent.
|
||||||
|
*/
|
||||||
|
public void extractablePairs(boolean extractable) {
|
||||||
|
engine.extractablePairs(extractable);
|
||||||
|
}
|
||||||
|
|
||||||
protected KeyPairAlgorithm algorithm;
|
protected KeyPairAlgorithm algorithm;
|
||||||
protected KeyPairGeneratorSpi engine;
|
protected KeyPairGeneratorSpi engine;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -55,5 +55,7 @@ public abstract class KeyPairGeneratorSpi {
|
|||||||
|
|
||||||
public abstract void temporaryPairs(boolean temp);
|
public abstract void temporaryPairs(boolean temp);
|
||||||
|
|
||||||
|
public abstract void extractablePairs(boolean extractable);
|
||||||
|
|
||||||
public abstract boolean keygenOnInternalToken();
|
public abstract boolean keygenOnInternalToken();
|
||||||
}
|
}
|
||||||
|
|||||||
@ -126,7 +126,7 @@ int PK11_NumberObjectsFor(PK11SlotInfo*, CK_ATTRIBUTE*, int);
|
|||||||
JNIEXPORT jobject JNICALL
|
JNIEXPORT jobject JNICALL
|
||||||
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPair
|
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPair
|
||||||
(JNIEnv *env, jobject this, jobject token, jint keySize, jlong publicExponent,
|
(JNIEnv *env, jobject this, jobject token, jint keySize, jlong publicExponent,
|
||||||
jboolean temporary)
|
jboolean temporary, jint extractable)
|
||||||
{
|
{
|
||||||
PK11SlotInfo* slot;
|
PK11SlotInfo* slot;
|
||||||
PK11RSAGenParams params;
|
PK11RSAGenParams params;
|
||||||
@ -134,6 +134,7 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPair
|
|||||||
SECKEYPublicKey *pubk=NULL;
|
SECKEYPublicKey *pubk=NULL;
|
||||||
jobject keyPair=NULL;
|
jobject keyPair=NULL;
|
||||||
PRBool sensitive = !temporary;
|
PRBool sensitive = !temporary;
|
||||||
|
PK11AttrFlags attrFlags = 0;
|
||||||
|
|
||||||
PR_ASSERT(env!=NULL && this!=NULL && token!=NULL);
|
PR_ASSERT(env!=NULL && this!=NULL && token!=NULL);
|
||||||
|
|
||||||
@ -165,13 +166,31 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPair
|
|||||||
/**************************************************
|
/**************************************************
|
||||||
* generate the key pair on the token
|
* generate the key pair on the token
|
||||||
*************************************************/
|
*************************************************/
|
||||||
privk = PK11_GenerateKeyPair( slot,
|
if( temporary ) {
|
||||||
CKM_RSA_PKCS_KEY_PAIR_GEN,
|
attrFlags |= PK11_ATTR_SESSION;
|
||||||
(void*) ¶ms, /* params is not a ptr */
|
} else {
|
||||||
&pubk,
|
attrFlags |= PK11_ATTR_TOKEN;
|
||||||
!temporary, /* token (permanent) object */
|
}
|
||||||
sensitive,
|
if( extractable == 1 ) {
|
||||||
NULL /* default PW callback */ );
|
attrFlags |= PK11_ATTR_EXTRACTABLE;
|
||||||
|
} else if( extractable == 0 ) {
|
||||||
|
attrFlags |= PK11_ATTR_UNEXTRACTABLE;
|
||||||
|
}
|
||||||
|
/*
|
||||||
|
* The PRIVATE/PUBLIC attributes are set this way to be backward
|
||||||
|
* compatible with the original PK11_GenerateKeyPair call.
|
||||||
|
*/
|
||||||
|
if( sensitive ) {
|
||||||
|
attrFlags |= (PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE);
|
||||||
|
} else {
|
||||||
|
attrFlags |= (PK11_ATTR_INSENSITIVE | PK11_ATTR_PUBLIC);
|
||||||
|
}
|
||||||
|
privk = PK11_GenerateKeyPairWithFlags(slot,
|
||||||
|
CKM_RSA_PKCS_KEY_PAIR_GEN,
|
||||||
|
¶ms, /* params is not a ptr */
|
||||||
|
&pubk,
|
||||||
|
attrFlags,
|
||||||
|
NULL /* default PW callback */ );
|
||||||
if( privk == NULL ) {
|
if( privk == NULL ) {
|
||||||
int errLength;
|
int errLength;
|
||||||
char *errBuf;
|
char *errBuf;
|
||||||
@ -225,7 +244,7 @@ finish:
|
|||||||
JNIEXPORT jobject JNICALL
|
JNIEXPORT jobject JNICALL
|
||||||
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPair
|
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPair
|
||||||
(JNIEnv *env, jobject this, jobject token, jbyteArray P, jbyteArray Q,
|
(JNIEnv *env, jobject this, jobject token, jbyteArray P, jbyteArray Q,
|
||||||
jbyteArray G, jboolean temporary)
|
jbyteArray G, jboolean temporary, jint extractable)
|
||||||
{
|
{
|
||||||
PK11SlotInfo *slot;
|
PK11SlotInfo *slot;
|
||||||
SECKEYPrivateKey *privk=NULL;
|
SECKEYPrivateKey *privk=NULL;
|
||||||
@ -234,6 +253,7 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPair
|
|||||||
PQGParams *params=NULL;
|
PQGParams *params=NULL;
|
||||||
jobject keyPair=NULL;
|
jobject keyPair=NULL;
|
||||||
PRBool sensitive = !temporary; /* workaround bug 129563 */
|
PRBool sensitive = !temporary; /* workaround bug 129563 */
|
||||||
|
PK11AttrFlags attrFlags = 0;
|
||||||
|
|
||||||
PR_ASSERT(env!=NULL && this!=NULL && token!=NULL && P!=NULL && Q!=NULL
|
PR_ASSERT(env!=NULL && this!=NULL && token!=NULL && P!=NULL && Q!=NULL
|
||||||
&& G!=NULL);
|
&& G!=NULL);
|
||||||
@ -281,13 +301,31 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPair
|
|||||||
/**************************************************
|
/**************************************************
|
||||||
* generate the key pair on the token
|
* generate the key pair on the token
|
||||||
*************************************************/
|
*************************************************/
|
||||||
privk = PK11_GenerateKeyPair( slot,
|
if( temporary ) {
|
||||||
CKM_DSA_KEY_PAIR_GEN,
|
attrFlags |= PK11_ATTR_SESSION;
|
||||||
(void*) params, /*params is a ptr*/
|
} else {
|
||||||
&pubk,
|
attrFlags |= PK11_ATTR_TOKEN;
|
||||||
!temporary, /* token (permanent) object */
|
}
|
||||||
sensitive,
|
if( extractable == 1 ) {
|
||||||
NULL /* default password callback */);
|
attrFlags |= PK11_ATTR_EXTRACTABLE;
|
||||||
|
} else if( extractable == 0 ) {
|
||||||
|
attrFlags |= PK11_ATTR_UNEXTRACTABLE;
|
||||||
|
}
|
||||||
|
/*
|
||||||
|
* The PRIVATE/PUBLIC attributes are set this way to be backward
|
||||||
|
* compatible with the original PK11_GenerateKeyPair call.
|
||||||
|
*/
|
||||||
|
if( sensitive ) {
|
||||||
|
attrFlags |= (PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE);
|
||||||
|
} else {
|
||||||
|
attrFlags |= (PK11_ATTR_INSENSITIVE | PK11_ATTR_PUBLIC);
|
||||||
|
}
|
||||||
|
privk = PK11_GenerateKeyPairWithFlags(slot,
|
||||||
|
CKM_DSA_KEY_PAIR_GEN,
|
||||||
|
params, /* params is a ptr */
|
||||||
|
&pubk,
|
||||||
|
attrFlags,
|
||||||
|
NULL /* default PW callback */);
|
||||||
if( privk == NULL ) {
|
if( privk == NULL ) {
|
||||||
JSS_throwMsg(env, TOKEN_EXCEPTION,
|
JSS_throwMsg(env, TOKEN_EXCEPTION,
|
||||||
"Keypair Generation failed on PKCS #11 token");
|
"Keypair Generation failed on PKCS #11 token");
|
||||||
|
|||||||
@ -184,13 +184,15 @@ public final class PK11KeyPairGenerator
|
|||||||
token,
|
token,
|
||||||
rsaparams.getKeySize(),
|
rsaparams.getKeySize(),
|
||||||
rsaparams.getPublicExponent().longValue(),
|
rsaparams.getPublicExponent().longValue(),
|
||||||
temporaryPairMode);
|
temporaryPairMode,
|
||||||
|
extractablePairMode);
|
||||||
} else {
|
} else {
|
||||||
return generateRSAKeyPair(
|
return generateRSAKeyPair(
|
||||||
token,
|
token,
|
||||||
DEFAULT_RSA_KEY_SIZE,
|
DEFAULT_RSA_KEY_SIZE,
|
||||||
DEFAULT_RSA_PUBLIC_EXPONENT.longValue(),
|
DEFAULT_RSA_PUBLIC_EXPONENT.longValue(),
|
||||||
temporaryPairMode);
|
temporaryPairMode,
|
||||||
|
extractablePairMode);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
Assert._assert( algorithm == KeyPairAlgorithm.DSA );
|
Assert._assert( algorithm == KeyPairAlgorithm.DSA );
|
||||||
@ -203,7 +205,8 @@ public final class PK11KeyPairGenerator
|
|||||||
PQGParams.BigIntegerToUnsignedByteArray(dsaParams.getP()),
|
PQGParams.BigIntegerToUnsignedByteArray(dsaParams.getP()),
|
||||||
PQGParams.BigIntegerToUnsignedByteArray(dsaParams.getQ()),
|
PQGParams.BigIntegerToUnsignedByteArray(dsaParams.getQ()),
|
||||||
PQGParams.BigIntegerToUnsignedByteArray(dsaParams.getG()),
|
PQGParams.BigIntegerToUnsignedByteArray(dsaParams.getG()),
|
||||||
temporaryPairMode );
|
temporaryPairMode,
|
||||||
|
extractablePairMode);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -227,7 +230,7 @@ public final class PK11KeyPairGenerator
|
|||||||
*/
|
*/
|
||||||
private native KeyPair
|
private native KeyPair
|
||||||
generateRSAKeyPair(PK11Token token, int keySize, long publicExponent,
|
generateRSAKeyPair(PK11Token token, int keySize, long publicExponent,
|
||||||
boolean temporary)
|
boolean temporary, int extractable)
|
||||||
throws TokenException;
|
throws TokenException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -236,7 +239,7 @@ public final class PK11KeyPairGenerator
|
|||||||
*/
|
*/
|
||||||
private native KeyPair
|
private native KeyPair
|
||||||
generateDSAKeyPair(PK11Token token, byte[] P, byte[] Q, byte[] G,
|
generateDSAKeyPair(PK11Token token, byte[] P, byte[] Q, byte[] G,
|
||||||
boolean temporary)
|
boolean temporary, int extractable)
|
||||||
throws TokenException;
|
throws TokenException;
|
||||||
|
|
||||||
///////////////////////////////////////////////////////////////////////
|
///////////////////////////////////////////////////////////////////////
|
||||||
@ -345,6 +348,10 @@ public final class PK11KeyPairGenerator
|
|||||||
temporaryPairMode = temp;
|
temporaryPairMode = temp;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void extractablePairs(boolean extractable) {
|
||||||
|
extractablePairMode = extractable ? 1 : 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
///////////////////////////////////////////////////////////////////////
|
///////////////////////////////////////////////////////////////////////
|
||||||
///////////////////////////////////////////////////////////////////////
|
///////////////////////////////////////////////////////////////////////
|
||||||
@ -356,4 +363,8 @@ public final class PK11KeyPairGenerator
|
|||||||
private KeyPairAlgorithm algorithm;
|
private KeyPairAlgorithm algorithm;
|
||||||
private boolean mKeygenOnInternalToken;
|
private boolean mKeygenOnInternalToken;
|
||||||
private boolean temporaryPairMode = false;
|
private boolean temporaryPairMode = false;
|
||||||
|
// 1: extractable
|
||||||
|
// 0: unextractable
|
||||||
|
// -1: unspecified (token dependent)
|
||||||
|
private int extractablePairMode = -1;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user