mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-10 11:55:49 +00:00
Fix blackflag 619793: support RC2/CBC/PKCS5Padding.
This commit is contained in:
parent
3d44a05368
commit
ae6470da30
@ -266,3 +266,9 @@ Java_org_mozilla_jss_SecretDecoderRing_KeyManager_deleteKeyNative;
|
|||||||
;+ local:
|
;+ local:
|
||||||
;+ *;
|
;+ *;
|
||||||
;+};
|
;+};
|
||||||
|
;+JSS_3.4 { # JSS 3.4 release
|
||||||
|
;+ global:
|
||||||
|
Java_org_mozilla_jss_pkcs11_PK11Cipher_initContextWithKeyBits;
|
||||||
|
;+ local:
|
||||||
|
;+ *;
|
||||||
|
;+};
|
||||||
|
@ -118,6 +118,8 @@ public final class JSSProvider extends java.security.Provider {
|
|||||||
"org.mozilla.jss.provider.javax.crypto.JSSCipherSpi$RC4");
|
"org.mozilla.jss.provider.javax.crypto.JSSCipherSpi$RC4");
|
||||||
put("Cipher.RSA",
|
put("Cipher.RSA",
|
||||||
"org.mozilla.jss.provider.javax.crypto.JSSCipherSpi$RSA");
|
"org.mozilla.jss.provider.javax.crypto.JSSCipherSpi$RSA");
|
||||||
|
put("Cipher.RC2",
|
||||||
|
"org.mozilla.jss.provider.javax.crypto.JSSCipherSpi$RC2");
|
||||||
|
|
||||||
/////////////////////////////////////////////////////////////
|
/////////////////////////////////////////////////////////////
|
||||||
// KeyGenerator
|
// KeyGenerator
|
||||||
@ -131,6 +133,8 @@ public final class JSSProvider extends java.security.Provider {
|
|||||||
"org.mozilla.jss.provider.javax.crypto.JSSKeyGeneratorSpi$AES");
|
"org.mozilla.jss.provider.javax.crypto.JSSKeyGeneratorSpi$AES");
|
||||||
put("KeyGenerator.RC4",
|
put("KeyGenerator.RC4",
|
||||||
"org.mozilla.jss.provider.javax.crypto.JSSKeyGeneratorSpi$RC4");
|
"org.mozilla.jss.provider.javax.crypto.JSSKeyGeneratorSpi$RC4");
|
||||||
|
put("KeyGenerator.RC2",
|
||||||
|
"org.mozilla.jss.provider.javax.crypto.JSSKeyGeneratorSpi$RC2");
|
||||||
put("KeyGenerator.HmacSHA1",
|
put("KeyGenerator.HmacSHA1",
|
||||||
"org.mozilla.jss.provider.javax.crypto.JSSKeyGeneratorSpi$HmacSHA1");
|
"org.mozilla.jss.provider.javax.crypto.JSSKeyGeneratorSpi$HmacSHA1");
|
||||||
put("KeyGenerator.PBAHmacSHA1",
|
put("KeyGenerator.PBAHmacSHA1",
|
||||||
@ -148,6 +152,8 @@ public final class JSSProvider extends java.security.Provider {
|
|||||||
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$AES");
|
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$AES");
|
||||||
put("SecretKeyFactory.RC4",
|
put("SecretKeyFactory.RC4",
|
||||||
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$RC4");
|
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$RC4");
|
||||||
|
put("SecretKeyFactory.RC2",
|
||||||
|
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$RC2");
|
||||||
put("SecretKeyFactory.HmacSHA1",
|
put("SecretKeyFactory.HmacSHA1",
|
||||||
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$HmacSHA1");
|
"org.mozilla.jss.provider.javax.crypto.JSSSecretKeyFactorySpi$HmacSHA1");
|
||||||
put("SecretKeyFactory.PBAHmacSHA1",
|
put("SecretKeyFactory.PBAHmacSHA1",
|
||||||
|
@ -92,7 +92,9 @@ JSS_AlgInfo JSS_AlgTable[NUM_ALGS] = {
|
|||||||
/* 32 */ {CKM_AES_KEY_GEN, PK11_MECH},
|
/* 32 */ {CKM_AES_KEY_GEN, PK11_MECH},
|
||||||
/* 33 */ {CKM_AES_ECB, PK11_MECH},
|
/* 33 */ {CKM_AES_ECB, PK11_MECH},
|
||||||
/* 34 */ {CKM_AES_CBC, PK11_MECH},
|
/* 34 */ {CKM_AES_CBC, PK11_MECH},
|
||||||
/* 35 */ {CKM_AES_CBC_PAD, PK11_MECH}
|
/* 35 */ {CKM_AES_CBC_PAD, PK11_MECH},
|
||||||
|
/* 36 */ {CKM_RC2_CBC_PAD, PK11_MECH},
|
||||||
|
/* 37 */ {CKM_RC2_KEY_GEN, PK11_MECH}
|
||||||
|
|
||||||
/* REMEMBER TO UPDATE NUM_ALGS!!! */
|
/* REMEMBER TO UPDATE NUM_ALGS!!! */
|
||||||
};
|
};
|
||||||
|
@ -53,7 +53,7 @@ typedef struct JSS_AlgInfoStr {
|
|||||||
JSS_AlgType type;
|
JSS_AlgType type;
|
||||||
} JSS_AlgInfo;
|
} JSS_AlgInfo;
|
||||||
|
|
||||||
#define NUM_ALGS 36
|
#define NUM_ALGS 38
|
||||||
|
|
||||||
extern JSS_AlgInfo JSS_AlgTable[];
|
extern JSS_AlgInfo JSS_AlgTable[];
|
||||||
extern CK_ULONG JSS_symkeyUsage[];
|
extern CK_ULONG JSS_symkeyUsage[];
|
||||||
|
@ -212,4 +212,6 @@ public class Algorithm {
|
|||||||
protected static final short CKM_AES_ECB=33;
|
protected static final short CKM_AES_ECB=33;
|
||||||
protected static final short CKM_AES_CBC=34;
|
protected static final short CKM_AES_CBC=34;
|
||||||
protected static final short CKM_AES_CBC_PAD=35;
|
protected static final short CKM_AES_CBC_PAD=35;
|
||||||
|
protected static final short CKM_RC2_CBC_PAD=36;
|
||||||
|
protected static final short CKM_RC2_KEY_GEN=37;
|
||||||
}
|
}
|
||||||
|
@ -36,6 +36,7 @@ package org.mozilla.jss.crypto;
|
|||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import org.mozilla.jss.asn1.*;
|
import org.mozilla.jss.asn1.*;
|
||||||
import javax.crypto.spec.IvParameterSpec;
|
import javax.crypto.spec.IvParameterSpec;
|
||||||
|
import javax.crypto.spec.RC2ParameterSpec;
|
||||||
import java.util.*;
|
import java.util.*;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -374,7 +375,15 @@ public class EncryptionAlgorithm extends Algorithm {
|
|||||||
|
|
||||||
public static final EncryptionAlgorithm
|
public static final EncryptionAlgorithm
|
||||||
RC2_CBC = new EncryptionAlgorithm(SEC_OID_RC2_CBC, Alg.RC2, Mode.CBC,
|
RC2_CBC = new EncryptionAlgorithm(SEC_OID_RC2_CBC, Alg.RC2, Mode.CBC,
|
||||||
Padding.NONE, IVParameterSpecClasses, 8,
|
Padding.NONE, RC2ParameterSpec.class, 8,
|
||||||
|
null, 0); // no oid, see comment below
|
||||||
|
|
||||||
|
// Which algorithm should be associated with this OID, RC2_CBC or
|
||||||
|
// RC2_CBC_PAD? NSS says RC2_CBC, but PKCS #5 v2.0 says RC2_CBC_PAD.
|
||||||
|
// See NSS bug 202925.
|
||||||
|
public static final EncryptionAlgorithm
|
||||||
|
RC2_CBC_PAD = new EncryptionAlgorithm(CKM_RC2_CBC_PAD, Alg.RC2, Mode.CBC,
|
||||||
|
Padding.PKCS5, RC2ParameterSpec.class, 8,
|
||||||
OBJECT_IDENTIFIER.RSA_CIPHER.subBranch(2), 0);
|
OBJECT_IDENTIFIER.RSA_CIPHER.subBranch(2), 0);
|
||||||
|
|
||||||
public static final OBJECT_IDENTIFIER AES_ROOT_OID =
|
public static final OBJECT_IDENTIFIER AES_ROOT_OID =
|
||||||
|
@ -143,4 +143,13 @@ public class KeyGenAlgorithm extends Algorithm {
|
|||||||
return strength==128 || strength==192 || strength==256;
|
return strength==128 || strength==192 || strength==256;
|
||||||
}
|
}
|
||||||
}, null, null);
|
}, null, null);
|
||||||
|
//////////////////////////////////////////////////////////////
|
||||||
|
public static final KeyGenAlgorithm
|
||||||
|
RC2 = new KeyGenAlgorithm(CKM_RC2_KEY_GEN, "RC2",
|
||||||
|
new KeyStrengthValidator() {
|
||||||
|
public boolean isValidKeyStrength(int strength) {
|
||||||
|
// 1 byte - 128 bytes
|
||||||
|
return strength>=8 && strength <= (128*8);
|
||||||
|
}
|
||||||
|
}, null, null);
|
||||||
}
|
}
|
||||||
|
@ -83,7 +83,7 @@ public interface SymmetricKey {
|
|||||||
new Type("DESede", KeyGenAlgorithm.DES3);
|
new Type("DESede", KeyGenAlgorithm.DES3);
|
||||||
public static final Type DESede = DES3;
|
public static final Type DESede = DES3;
|
||||||
public static final Type RC4 = new Type("RC4", KeyGenAlgorithm.RC4);
|
public static final Type RC4 = new Type("RC4", KeyGenAlgorithm.RC4);
|
||||||
public static final Type RC2 = new Type("RC2", null);
|
public static final Type RC2 = new Type("RC2", KeyGenAlgorithm.RC2);
|
||||||
public static final Type SHA1_HMAC = new Type("SHA1_HMAC",
|
public static final Type SHA1_HMAC = new Type("SHA1_HMAC",
|
||||||
KeyGenAlgorithm.PBA_SHA1_HMAC);
|
KeyGenAlgorithm.PBA_SHA1_HMAC);
|
||||||
public static final Type AES = new Type("AES", KeyGenAlgorithm.AES);
|
public static final Type AES = new Type("AES", KeyGenAlgorithm.AES);
|
||||||
|
@ -223,7 +223,8 @@ final class KeyType {
|
|||||||
static public final KeyType
|
static public final KeyType
|
||||||
RC2 = new KeyType(new Algorithm[]
|
RC2 = new KeyType(new Algorithm[]
|
||||||
{
|
{
|
||||||
EncryptionAlgorithm.RC2_CBC
|
EncryptionAlgorithm.RC2_CBC,
|
||||||
|
EncryptionAlgorithm.RC2_CBC_PAD
|
||||||
},
|
},
|
||||||
"RC2"
|
"RC2"
|
||||||
);
|
);
|
||||||
|
@ -54,6 +54,15 @@ JNIEXPORT jobject JNICALL
|
|||||||
Java_org_mozilla_jss_pkcs11_PK11Cipher_initContext
|
Java_org_mozilla_jss_pkcs11_PK11Cipher_initContext
|
||||||
(JNIEnv *env, jclass clazz, jboolean encrypt, jobject keyObj,
|
(JNIEnv *env, jclass clazz, jboolean encrypt, jobject keyObj,
|
||||||
jobject algObj, jbyteArray ivBA)
|
jobject algObj, jbyteArray ivBA)
|
||||||
|
{
|
||||||
|
return Java_org_mozilla_jss_pkcs11_PK11Cipher_initContextWithKeyBits
|
||||||
|
( env, clazz, encrypt, keyObj, algObj, ivBA, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
JNIEXPORT jobject JNICALL
|
||||||
|
Java_org_mozilla_jss_pkcs11_PK11Cipher_initContextWithKeyBits
|
||||||
|
(JNIEnv *env, jclass clazz, jboolean encrypt, jobject keyObj,
|
||||||
|
jobject algObj, jbyteArray ivBA, jint keyBits)
|
||||||
{
|
{
|
||||||
CK_MECHANISM_TYPE mech;
|
CK_MECHANISM_TYPE mech;
|
||||||
PK11SymKey *key=NULL;
|
PK11SymKey *key=NULL;
|
||||||
@ -95,12 +104,11 @@ Java_org_mozilla_jss_pkcs11_PK11Cipher_initContext
|
|||||||
}
|
}
|
||||||
param = PK11_ParamFromIV(mech, iv);
|
param = PK11_ParamFromIV(mech, iv);
|
||||||
|
|
||||||
/* HACK! The previous function doesn't know the key size, so it can't
|
/*
|
||||||
* set the RC2 effective key length correctly. We have to set it by
|
* Set RC2 effective key length.
|
||||||
* hand in this case. */
|
*/
|
||||||
if( mech == CKM_RC2_CBC || mech == CKM_RC2_CBC_PAD ) {
|
if( mech == CKM_RC2_CBC || mech == CKM_RC2_CBC_PAD ) {
|
||||||
((CK_RC2_CBC_PARAMS*)param->data)->ulEffectiveBits =
|
((CK_RC2_CBC_PARAMS*)param->data)->ulEffectiveBits = keyBits;
|
||||||
PK11_GetKeyStrength(key, NULL);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -99,6 +99,8 @@ final class PK11Cipher extends org.mozilla.jss.crypto.Cipher {
|
|||||||
try {
|
try {
|
||||||
if( params instanceof IvParameterSpec ) {
|
if( params instanceof IvParameterSpec ) {
|
||||||
IV = ((IvParameterSpec)params).getIV();
|
IV = ((IvParameterSpec)params).getIV();
|
||||||
|
} else if( params instanceof RC2ParameterSpec ) {
|
||||||
|
IV = ((RC2ParameterSpec)params).getIV();
|
||||||
}
|
}
|
||||||
} catch(NoClassDefFoundError e) {
|
} catch(NoClassDefFoundError e) {
|
||||||
// javax.crypto.spec.IvParameterSpec was introduced in JDK 1.4.
|
// javax.crypto.spec.IvParameterSpec was introduced in JDK 1.4.
|
||||||
@ -122,7 +124,12 @@ final class PK11Cipher extends org.mozilla.jss.crypto.Cipher {
|
|||||||
this.parameters = parameters;
|
this.parameters = parameters;
|
||||||
state = ENCRYPT;
|
state = ENCRYPT;
|
||||||
|
|
||||||
contextProxy = initContext( true, key, algorithm, IV );
|
if( parameters instanceof RC2ParameterSpec ) {
|
||||||
|
contextProxy = initContextWithKeyBits( true, key, algorithm, IV,
|
||||||
|
((RC2ParameterSpec)parameters).getEffectiveKeyBits() );
|
||||||
|
} else {
|
||||||
|
contextProxy = initContext( true, key, algorithm, IV );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public void initDecrypt(SymmetricKey key, AlgorithmParameterSpec parameters)
|
public void initDecrypt(SymmetricKey key, AlgorithmParameterSpec parameters)
|
||||||
@ -139,7 +146,12 @@ final class PK11Cipher extends org.mozilla.jss.crypto.Cipher {
|
|||||||
this.parameters = parameters;
|
this.parameters = parameters;
|
||||||
state = DECRYPT;
|
state = DECRYPT;
|
||||||
|
|
||||||
contextProxy = initContext(false, key, algorithm, IV);
|
if( parameters instanceof RC2ParameterSpec ) {
|
||||||
|
contextProxy = initContextWithKeyBits(false, key, algorithm, IV,
|
||||||
|
((RC2ParameterSpec)parameters).getEffectiveKeyBits() );
|
||||||
|
} else {
|
||||||
|
contextProxy = initContext(false, key, algorithm, IV);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public byte[] update(byte[] bytes)
|
public byte[] update(byte[] bytes)
|
||||||
@ -204,10 +216,16 @@ final class PK11Cipher extends org.mozilla.jss.crypto.Cipher {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private static native CipherContextProxy
|
private static native CipherContextProxy
|
||||||
initContext( boolean encrypt, SymmetricKey key, EncryptionAlgorithm alg,
|
initContext(boolean encrypt, SymmetricKey key, EncryptionAlgorithm alg,
|
||||||
byte[] IV)
|
byte[] IV)
|
||||||
throws TokenException;
|
throws TokenException;
|
||||||
|
|
||||||
|
// This version accepts the number of effective key bits for RC2 CBC.
|
||||||
|
private static native CipherContextProxy
|
||||||
|
initContextWithKeyBits(boolean encrypt, SymmetricKey key,
|
||||||
|
EncryptionAlgorithm alg, byte[] IV, int keyBits)
|
||||||
|
throws TokenException;
|
||||||
|
|
||||||
private static native byte[]
|
private static native byte[]
|
||||||
updateContext( CipherContextProxy context, byte[] input, int blocksize )
|
updateContext( CipherContextProxy context, byte[] input, int blocksize )
|
||||||
throws TokenException;
|
throws TokenException;
|
||||||
|
@ -529,9 +529,11 @@ final class PK11KeyWrapper implements KeyWrapper {
|
|||||||
return EncryptionAlgorithm.DES_ECB;
|
return EncryptionAlgorithm.DES_ECB;
|
||||||
} else if( type == SymmetricKey.DES3 ) {
|
} else if( type == SymmetricKey.DES3 ) {
|
||||||
return EncryptionAlgorithm.DES3_ECB;
|
return EncryptionAlgorithm.DES3_ECB;
|
||||||
} else {
|
} else if( type == SymmetricKey.RC4 ) {
|
||||||
Assert._assert( type == SymmetricKey.RC4 );
|
|
||||||
return EncryptionAlgorithm.RC4;
|
return EncryptionAlgorithm.RC4;
|
||||||
|
} else {
|
||||||
|
Assert._assert( type == SymmetricKey.RC2 );
|
||||||
|
return EncryptionAlgorithm.RC2_CBC;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -45,6 +45,7 @@ import javax.crypto.ShortBufferException;
|
|||||||
import javax.crypto.IllegalBlockSizeException;
|
import javax.crypto.IllegalBlockSizeException;
|
||||||
import javax.crypto.BadPaddingException;
|
import javax.crypto.BadPaddingException;
|
||||||
import javax.crypto.spec.IvParameterSpec;
|
import javax.crypto.spec.IvParameterSpec;
|
||||||
|
import javax.crypto.spec.RC2ParameterSpec;
|
||||||
import javax.crypto.SecretKeyFactory;
|
import javax.crypto.SecretKeyFactory;
|
||||||
import javax.crypto.SecretKey;
|
import javax.crypto.SecretKey;
|
||||||
import org.mozilla.jss.crypto.KeyWrapper;
|
import org.mozilla.jss.crypto.KeyWrapper;
|
||||||
@ -279,8 +280,13 @@ class JSSCipherSpi extends javax.crypto.CipherSpi {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public byte[] engineGetIV() {
|
public byte[] engineGetIV() {
|
||||||
if( params != null && params instanceof IvParameterSpec) {
|
if( params == null ) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
if( params instanceof IvParameterSpec) {
|
||||||
return ((IvParameterSpec)params).getIV();
|
return ((IvParameterSpec)params).getIV();
|
||||||
|
} else if( params instanceof RC2ParameterSpec ) {
|
||||||
|
return ((RC2ParameterSpec)params).getIV();
|
||||||
} else {
|
} else {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
@ -520,5 +526,10 @@ class JSSCipherSpi extends javax.crypto.CipherSpi {
|
|||||||
super("RSA");
|
super("RSA");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
static public class RC2 extends JSSCipherSpi {
|
||||||
|
public RC2() {
|
||||||
|
super("RC2");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -124,6 +124,11 @@ class JSSKeyGeneratorSpi extends javax.crypto.KeyGeneratorSpi {
|
|||||||
super(KeyGenAlgorithm.RC4);
|
super(KeyGenAlgorithm.RC4);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
public static class RC2 extends JSSKeyGeneratorSpi {
|
||||||
|
public RC2() {
|
||||||
|
super(KeyGenAlgorithm.RC2);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @deprecated This class name is misleading. This algorithm
|
* @deprecated This class name is misleading. This algorithm
|
||||||
|
@ -384,6 +384,11 @@ class JSSSecretKeyFactorySpi extends SecretKeyFactorySpi {
|
|||||||
super(KeyGenAlgorithm.RC4);
|
super(KeyGenAlgorithm.RC4);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
public static class RC2 extends JSSSecretKeyFactorySpi {
|
||||||
|
public RC2() {
|
||||||
|
super(KeyGenAlgorithm.RC2);
|
||||||
|
}
|
||||||
|
}
|
||||||
public static class PBE_MD5_DES_CBC extends JSSSecretKeyFactorySpi {
|
public static class PBE_MD5_DES_CBC extends JSSSecretKeyFactorySpi {
|
||||||
public PBE_MD5_DES_CBC() {
|
public PBE_MD5_DES_CBC() {
|
||||||
super(PBEAlgorithm.PBE_MD5_DES_CBC);
|
super(PBEAlgorithm.PBE_MD5_DES_CBC);
|
||||||
|
Loading…
Reference in New Issue
Block a user