mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-10 03:45:46 +00:00
Fix blackflag 619793: support RC2/CBC/PKCS5Padding.
This commit is contained in:
parent
3d44a05368
commit
ae6470da30
@ -266,3 +266,9 @@ Java_org_mozilla_jss_SecretDecoderRing_KeyManager_deleteKeyNative;
|
||||
;+ local:
|
||||
;+ *;
|
||||
;+};
|
||||
;+JSS_3.4 { # JSS 3.4 release
|
||||
;+ global:
|
||||
Java_org_mozilla_jss_pkcs11_PK11Cipher_initContextWithKeyBits;
|
||||
;+ local:
|
||||
;+ *;
|
||||
;+};
|
||||
|
@ -118,6 +118,8 @@ public final class JSSProvider extends java.security.Provider {
|
||||
"org.mozilla.jss.provider.javax.crypto.JSSCipherSpi$RC4");
|
||||
put("Cipher.RSA",
|
||||
"org.mozilla.jss.provider.javax.crypto.JSSCipherSpi$RSA");
|
||||
put("Cipher.RC2",
|
||||
"org.mozilla.jss.provider.javax.crypto.JSSCipherSpi$RC2");
|
||||
|
||||
/////////////////////////////////////////////////////////////
|
||||
// KeyGenerator
|
||||
@ -131,6 +133,8 @@ public final class JSSProvider extends java.security.Provider {
|
||||
"org.mozilla.jss.provider.javax.crypto.JSSKeyGeneratorSpi$AES");
|
||||
put("KeyGenerator.RC4",
|
||||
"org.mozilla.jss.provider.javax.crypto.JSSKeyGeneratorSpi$RC4");
|
||||
put("KeyGenerator.RC2",
|
||||
"org.mozilla.jss.provider.javax.crypto.JSSKeyGeneratorSpi$RC2");
|
||||
put("KeyGenerator.HmacSHA1",
|
||||
"org.mozilla.jss.provider.javax.crypto.JSSKeyGeneratorSpi$HmacSHA1");
|
||||
put("KeyGenerator.PBAHmacSHA1",
|
||||
@ -148,6 +152,8 @@ public final class JSSProvider extends java.security.Provider {
|
||||
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$AES");
|
||||
put("SecretKeyFactory.RC4",
|
||||
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$RC4");
|
||||
put("SecretKeyFactory.RC2",
|
||||
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$RC2");
|
||||
put("SecretKeyFactory.HmacSHA1",
|
||||
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$HmacSHA1");
|
||||
put("SecretKeyFactory.PBAHmacSHA1",
|
||||
|
@ -92,7 +92,9 @@ JSS_AlgInfo JSS_AlgTable[NUM_ALGS] = {
|
||||
/* 32 */ {CKM_AES_KEY_GEN, PK11_MECH},
|
||||
/* 33 */ {CKM_AES_ECB, PK11_MECH},
|
||||
/* 34 */ {CKM_AES_CBC, PK11_MECH},
|
||||
/* 35 */ {CKM_AES_CBC_PAD, PK11_MECH}
|
||||
/* 35 */ {CKM_AES_CBC_PAD, PK11_MECH},
|
||||
/* 36 */ {CKM_RC2_CBC_PAD, PK11_MECH},
|
||||
/* 37 */ {CKM_RC2_KEY_GEN, PK11_MECH}
|
||||
|
||||
/* REMEMBER TO UPDATE NUM_ALGS!!! */
|
||||
};
|
||||
|
@ -53,7 +53,7 @@ typedef struct JSS_AlgInfoStr {
|
||||
JSS_AlgType type;
|
||||
} JSS_AlgInfo;
|
||||
|
||||
#define NUM_ALGS 36
|
||||
#define NUM_ALGS 38
|
||||
|
||||
extern JSS_AlgInfo JSS_AlgTable[];
|
||||
extern CK_ULONG JSS_symkeyUsage[];
|
||||
|
@ -212,4 +212,6 @@ public class Algorithm {
|
||||
protected static final short CKM_AES_ECB=33;
|
||||
protected static final short CKM_AES_CBC=34;
|
||||
protected static final short CKM_AES_CBC_PAD=35;
|
||||
protected static final short CKM_RC2_CBC_PAD=36;
|
||||
protected static final short CKM_RC2_KEY_GEN=37;
|
||||
}
|
||||
|
@ -36,6 +36,7 @@ package org.mozilla.jss.crypto;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import org.mozilla.jss.asn1.*;
|
||||
import javax.crypto.spec.IvParameterSpec;
|
||||
import javax.crypto.spec.RC2ParameterSpec;
|
||||
import java.util.*;
|
||||
|
||||
/**
|
||||
@ -374,7 +375,15 @@ public class EncryptionAlgorithm extends Algorithm {
|
||||
|
||||
public static final EncryptionAlgorithm
|
||||
RC2_CBC = new EncryptionAlgorithm(SEC_OID_RC2_CBC, Alg.RC2, Mode.CBC,
|
||||
Padding.NONE, IVParameterSpecClasses, 8,
|
||||
Padding.NONE, RC2ParameterSpec.class, 8,
|
||||
null, 0); // no oid, see comment below
|
||||
|
||||
// Which algorithm should be associated with this OID, RC2_CBC or
|
||||
// RC2_CBC_PAD? NSS says RC2_CBC, but PKCS #5 v2.0 says RC2_CBC_PAD.
|
||||
// See NSS bug 202925.
|
||||
public static final EncryptionAlgorithm
|
||||
RC2_CBC_PAD = new EncryptionAlgorithm(CKM_RC2_CBC_PAD, Alg.RC2, Mode.CBC,
|
||||
Padding.PKCS5, RC2ParameterSpec.class, 8,
|
||||
OBJECT_IDENTIFIER.RSA_CIPHER.subBranch(2), 0);
|
||||
|
||||
public static final OBJECT_IDENTIFIER AES_ROOT_OID =
|
||||
|
@ -143,4 +143,13 @@ public class KeyGenAlgorithm extends Algorithm {
|
||||
return strength==128 || strength==192 || strength==256;
|
||||
}
|
||||
}, null, null);
|
||||
//////////////////////////////////////////////////////////////
|
||||
public static final KeyGenAlgorithm
|
||||
RC2 = new KeyGenAlgorithm(CKM_RC2_KEY_GEN, "RC2",
|
||||
new KeyStrengthValidator() {
|
||||
public boolean isValidKeyStrength(int strength) {
|
||||
// 1 byte - 128 bytes
|
||||
return strength>=8 && strength <= (128*8);
|
||||
}
|
||||
}, null, null);
|
||||
}
|
||||
|
@ -83,7 +83,7 @@ public interface SymmetricKey {
|
||||
new Type("DESede", KeyGenAlgorithm.DES3);
|
||||
public static final Type DESede = DES3;
|
||||
public static final Type RC4 = new Type("RC4", KeyGenAlgorithm.RC4);
|
||||
public static final Type RC2 = new Type("RC2", null);
|
||||
public static final Type RC2 = new Type("RC2", KeyGenAlgorithm.RC2);
|
||||
public static final Type SHA1_HMAC = new Type("SHA1_HMAC",
|
||||
KeyGenAlgorithm.PBA_SHA1_HMAC);
|
||||
public static final Type AES = new Type("AES", KeyGenAlgorithm.AES);
|
||||
|
@ -223,7 +223,8 @@ final class KeyType {
|
||||
static public final KeyType
|
||||
RC2 = new KeyType(new Algorithm[]
|
||||
{
|
||||
EncryptionAlgorithm.RC2_CBC
|
||||
EncryptionAlgorithm.RC2_CBC,
|
||||
EncryptionAlgorithm.RC2_CBC_PAD
|
||||
},
|
||||
"RC2"
|
||||
);
|
||||
|
@ -54,6 +54,15 @@ JNIEXPORT jobject JNICALL
|
||||
Java_org_mozilla_jss_pkcs11_PK11Cipher_initContext
|
||||
(JNIEnv *env, jclass clazz, jboolean encrypt, jobject keyObj,
|
||||
jobject algObj, jbyteArray ivBA)
|
||||
{
|
||||
return Java_org_mozilla_jss_pkcs11_PK11Cipher_initContextWithKeyBits
|
||||
( env, clazz, encrypt, keyObj, algObj, ivBA, 0);
|
||||
}
|
||||
|
||||
JNIEXPORT jobject JNICALL
|
||||
Java_org_mozilla_jss_pkcs11_PK11Cipher_initContextWithKeyBits
|
||||
(JNIEnv *env, jclass clazz, jboolean encrypt, jobject keyObj,
|
||||
jobject algObj, jbyteArray ivBA, jint keyBits)
|
||||
{
|
||||
CK_MECHANISM_TYPE mech;
|
||||
PK11SymKey *key=NULL;
|
||||
@ -95,12 +104,11 @@ Java_org_mozilla_jss_pkcs11_PK11Cipher_initContext
|
||||
}
|
||||
param = PK11_ParamFromIV(mech, iv);
|
||||
|
||||
/* HACK! The previous function doesn't know the key size, so it can't
|
||||
* set the RC2 effective key length correctly. We have to set it by
|
||||
* hand in this case. */
|
||||
/*
|
||||
* Set RC2 effective key length.
|
||||
*/
|
||||
if( mech == CKM_RC2_CBC || mech == CKM_RC2_CBC_PAD ) {
|
||||
((CK_RC2_CBC_PARAMS*)param->data)->ulEffectiveBits =
|
||||
PK11_GetKeyStrength(key, NULL);
|
||||
((CK_RC2_CBC_PARAMS*)param->data)->ulEffectiveBits = keyBits;
|
||||
}
|
||||
|
||||
|
||||
|
@ -99,6 +99,8 @@ final class PK11Cipher extends org.mozilla.jss.crypto.Cipher {
|
||||
try {
|
||||
if( params instanceof IvParameterSpec ) {
|
||||
IV = ((IvParameterSpec)params).getIV();
|
||||
} else if( params instanceof RC2ParameterSpec ) {
|
||||
IV = ((RC2ParameterSpec)params).getIV();
|
||||
}
|
||||
} catch(NoClassDefFoundError e) {
|
||||
// javax.crypto.spec.IvParameterSpec was introduced in JDK 1.4.
|
||||
@ -122,7 +124,12 @@ final class PK11Cipher extends org.mozilla.jss.crypto.Cipher {
|
||||
this.parameters = parameters;
|
||||
state = ENCRYPT;
|
||||
|
||||
contextProxy = initContext( true, key, algorithm, IV );
|
||||
if( parameters instanceof RC2ParameterSpec ) {
|
||||
contextProxy = initContextWithKeyBits( true, key, algorithm, IV,
|
||||
((RC2ParameterSpec)parameters).getEffectiveKeyBits() );
|
||||
} else {
|
||||
contextProxy = initContext( true, key, algorithm, IV );
|
||||
}
|
||||
}
|
||||
|
||||
public void initDecrypt(SymmetricKey key, AlgorithmParameterSpec parameters)
|
||||
@ -139,7 +146,12 @@ final class PK11Cipher extends org.mozilla.jss.crypto.Cipher {
|
||||
this.parameters = parameters;
|
||||
state = DECRYPT;
|
||||
|
||||
contextProxy = initContext(false, key, algorithm, IV);
|
||||
if( parameters instanceof RC2ParameterSpec ) {
|
||||
contextProxy = initContextWithKeyBits(false, key, algorithm, IV,
|
||||
((RC2ParameterSpec)parameters).getEffectiveKeyBits() );
|
||||
} else {
|
||||
contextProxy = initContext(false, key, algorithm, IV);
|
||||
}
|
||||
}
|
||||
|
||||
public byte[] update(byte[] bytes)
|
||||
@ -204,10 +216,16 @@ final class PK11Cipher extends org.mozilla.jss.crypto.Cipher {
|
||||
}
|
||||
|
||||
private static native CipherContextProxy
|
||||
initContext( boolean encrypt, SymmetricKey key, EncryptionAlgorithm alg,
|
||||
initContext(boolean encrypt, SymmetricKey key, EncryptionAlgorithm alg,
|
||||
byte[] IV)
|
||||
throws TokenException;
|
||||
|
||||
// This version accepts the number of effective key bits for RC2 CBC.
|
||||
private static native CipherContextProxy
|
||||
initContextWithKeyBits(boolean encrypt, SymmetricKey key,
|
||||
EncryptionAlgorithm alg, byte[] IV, int keyBits)
|
||||
throws TokenException;
|
||||
|
||||
private static native byte[]
|
||||
updateContext( CipherContextProxy context, byte[] input, int blocksize )
|
||||
throws TokenException;
|
||||
|
@ -529,9 +529,11 @@ final class PK11KeyWrapper implements KeyWrapper {
|
||||
return EncryptionAlgorithm.DES_ECB;
|
||||
} else if( type == SymmetricKey.DES3 ) {
|
||||
return EncryptionAlgorithm.DES3_ECB;
|
||||
} else {
|
||||
Assert._assert( type == SymmetricKey.RC4 );
|
||||
} else if( type == SymmetricKey.RC4 ) {
|
||||
return EncryptionAlgorithm.RC4;
|
||||
} else {
|
||||
Assert._assert( type == SymmetricKey.RC2 );
|
||||
return EncryptionAlgorithm.RC2_CBC;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -45,6 +45,7 @@ import javax.crypto.ShortBufferException;
|
||||
import javax.crypto.IllegalBlockSizeException;
|
||||
import javax.crypto.BadPaddingException;
|
||||
import javax.crypto.spec.IvParameterSpec;
|
||||
import javax.crypto.spec.RC2ParameterSpec;
|
||||
import javax.crypto.SecretKeyFactory;
|
||||
import javax.crypto.SecretKey;
|
||||
import org.mozilla.jss.crypto.KeyWrapper;
|
||||
@ -279,8 +280,13 @@ class JSSCipherSpi extends javax.crypto.CipherSpi {
|
||||
}
|
||||
|
||||
public byte[] engineGetIV() {
|
||||
if( params != null && params instanceof IvParameterSpec) {
|
||||
if( params == null ) {
|
||||
return null;
|
||||
}
|
||||
if( params instanceof IvParameterSpec) {
|
||||
return ((IvParameterSpec)params).getIV();
|
||||
} else if( params instanceof RC2ParameterSpec ) {
|
||||
return ((RC2ParameterSpec)params).getIV();
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
@ -520,5 +526,10 @@ class JSSCipherSpi extends javax.crypto.CipherSpi {
|
||||
super("RSA");
|
||||
}
|
||||
}
|
||||
static public class RC2 extends JSSCipherSpi {
|
||||
public RC2() {
|
||||
super("RC2");
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -124,6 +124,11 @@ class JSSKeyGeneratorSpi extends javax.crypto.KeyGeneratorSpi {
|
||||
super(KeyGenAlgorithm.RC4);
|
||||
}
|
||||
}
|
||||
public static class RC2 extends JSSKeyGeneratorSpi {
|
||||
public RC2() {
|
||||
super(KeyGenAlgorithm.RC2);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @deprecated This class name is misleading. This algorithm
|
||||
|
@ -384,6 +384,11 @@ class JSSSecretKeyFactorySpi extends SecretKeyFactorySpi {
|
||||
super(KeyGenAlgorithm.RC4);
|
||||
}
|
||||
}
|
||||
public static class RC2 extends JSSSecretKeyFactorySpi {
|
||||
public RC2() {
|
||||
super(KeyGenAlgorithm.RC2);
|
||||
}
|
||||
}
|
||||
public static class PBE_MD5_DES_CBC extends JSSSecretKeyFactorySpi {
|
||||
public PBE_MD5_DES_CBC() {
|
||||
super(PBEAlgorithm.PBE_MD5_DES_CBC);
|
||||
|
Loading…
Reference in New Issue
Block a user