Add PLAINTEXT key unwrapping algorithm, allowing us to pull in symmetric

keys from their raw, unwrapped form.
2001-07-03 23:39:33 +00:00 · 2001-07-03 23:39:33 +00:00 · 7265012f1b
--- a/security/jss/org/mozilla/jss/crypto/KeyWrapAlgorithm.java
+++ b/security/jss/org/mozilla/jss/crypto/KeyWrapAlgorithm.java
@ -84,4 +84,8 @@ public class KeyWrapAlgorithm extends Algorithm {
    public static final KeyWrapAlgorithm
    RSA = new KeyWrapAlgorithm(SEC_OID_PKCS1_RSA_ENCRYPTION, "RSA", null,
            false);
+
+    public static final KeyWrapAlgorithm
+    PLAINTEXT = new KeyWrapAlgorithm(0, "Plaintext", null,
+            false);
 }
--- a/security/jss/org/mozilla/jss/crypto/KeyWrapper.java
+++ b/security/jss/org/mozilla/jss/crypto/KeyWrapper.java
@ -47,6 +47,12 @@ public interface KeyWrapper {
                            AlgorithmParameterSpec parameters)
        throws InvalidKeyException, InvalidAlgorithmParameterException;

+    /**
+     * For wrapping keys in plaintext.
+     */
+    public void initWrap()
+        throws InvalidKeyException, InvalidAlgorithmParameterException;
+
    public void initUnwrap(SymmetricKey unwrappingKey,
                            AlgorithmParameterSpec parameters)
        throws InvalidKeyException, InvalidAlgorithmParameterException;
@ -55,6 +61,12 @@ public interface KeyWrapper {
                            AlgorithmParameterSpec parameters)
        throws InvalidKeyException, InvalidAlgorithmParameterException;

+    /**
+     * For plaintext-wrapped keys.
+     */
+    public void initUnwrap()
+        throws InvalidKeyException, InvalidAlgorithmParameterException;
+
    public byte[] wrap(PrivateKey toBeWrapped)
        throws InvalidKeyException, IllegalStateException, TokenException;

--- a/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.c
+++ b/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.c
@ -598,6 +598,63 @@ finish:
    return keyObj;
 }

+/***********************************************************************
+ *
+ * PK11KeyWrapper.nativeUnwrapSymPlaintext
+ */
+JNIEXPORT jobject JNICALL
+Java_org_mozilla_jss_pkcs11_PK11KeyWrapper_nativeUnwrapSymPlaintext
+    (JNIEnv *env, jclass clazz, jobject tokenObj, jbyteArray wrappedBA,
+        jobject typeAlgObj, jint usageEnum)
+{
+    PK11SymKey *symKey=NULL;
+    CK_MECHANISM_TYPE keyTypeMech;
+    SECItem *wrappedKey=NULL;
+    jobject keyObj = NULL;
+    PK11SlotInfo *slot = NULL;
+
+    /* get key type */
+    keyTypeMech = JSS_getPK11MechFromAlg(env, typeAlgObj);
+    if( keyTypeMech == CKM_INVALID_MECHANISM ) {
+        JSS_throwMsg(env, TOKEN_EXCEPTION, "Unrecognized key type algorithm");
+        goto finish;
+    }
+
+    /* get the slot */
+    if( JSS_PK11_getTokenSlotPtr(env, tokenObj, &slot) != PR_SUCCESS) {
+        /* exception was thrown */
+        goto finish;
+    }
+
+    /* get the wrapped key */
+    wrappedKey = JSS_ByteArrayToSECItem(env, wrappedBA);
+    if( wrappedKey == NULL ) {
+        /* exception was thrown */
+        goto finish;
+    }
+
+    /* pull in the key */
+    symKey = PK11_ImportSymKey(slot, keyTypeMech, PK11_OriginUnwrap,
+        JSS_symkeyUsage[usageEnum], wrappedKey, NULL);
+    if( symKey == NULL ) {
+        JSS_throwMsg(env, TOKEN_EXCEPTION, "Failed to unwrap key");
+        goto finish;
+    }
+
+    /* wrap the symmetric key in a Java object.  This will clear symKey */
+    keyObj = JSS_PK11_wrapSymKey(env, &symKey);
+
+finish:
+    if(wrappedKey) {
+        SECITEM_FreeItem(wrappedKey, PR_TRUE /*free wrappedKey*/);
+    }
+    if( symKey ) {
+        PK11_FreeSymKey(symKey);
+    }
+    return keyObj;
+}
+
+
 /***********************************************************************
 *
 * J S S _ P K 1 1 _ g e t E r r o r S t r i n g
--- a/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.java
+++ b/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.java
@ -84,6 +84,16 @@ final class PK11KeyWrapper implements KeyWrapper {
        this.pubKey = wrappingKey;
    }

+    public void initWrap()
+            throws InvalidKeyException, InvalidAlgorithmParameterException
+    {
+        if( algorithm != KeyWrapAlgorithm.PLAINTEXT ) {
+            throw new InvalidKeyException(algorithm + " requires a key");
+        }
+        reset();
+        state = WRAP;
+    }
+
    /**
     * Does everything that is key-independent for initializing a wrap.
     */
@ -116,6 +126,16 @@ final class PK11KeyWrapper implements KeyWrapper {
        this.symKey = unwrappingKey;
    }

+    public void initUnwrap()
+        throws InvalidKeyException, InvalidAlgorithmParameterException
+    {
+        if( algorithm != KeyWrapAlgorithm.PLAINTEXT ) {
+            throw new InvalidKeyException(algorithm + " requires a key");
+        }
+        reset();
+        state = UNWRAP;
+    }
+
    /**
     * Does the key-independent parts of initializing an unwrap.
     */
@ -239,6 +259,10 @@ final class PK11KeyWrapper implements KeyWrapper {
        if( state != WRAP ) {
            throw new IllegalStateException();
        }
+        if( algorithm == KeyWrapAlgorithm.PLAINTEXT ) {
+            throw new InvalidKeyException(
+                "plaintext wrapping not supported");
+        }

        checkWrappee(toBeWrapped);

@ -264,6 +288,9 @@ final class PK11KeyWrapper implements KeyWrapper {
        if( state != WRAP ) {
            throw new IllegalStateException();
        }
+        if( algorithm == KeyWrapAlgorithm.PLAINTEXT ) {
+            throw new InvalidKeyException("plaintext wrapping now supported");
+        }

        checkWrappee(toBeWrapped);

@ -382,6 +409,10 @@ final class PK11KeyWrapper implements KeyWrapper {
        if( state != UNWRAP ) {
            throw new IllegalStateException();
        }
+        if( algorithm == KeyWrapAlgorithm.PLAINTEXT ) {
+            throw new TokenException("plaintext unwrapping of private keys " +
+                "is not supported");
+        }

        byte[] publicValue = extractPublicValue(publicKey, type);

@ -452,14 +483,19 @@ final class PK11KeyWrapper implements KeyWrapper {
            keyLen = 0;
        }

-        if( symKey != null ) {
-            Assert.assert(pubKey==null && privKey==null);
-            return nativeUnwrapSymWithSym(token, symKey, wrapped, algorithm,
-                        algFromType(type), keyLen, IV, usage.getVal() );
+        if( algorithm == KeyWrapAlgorithm.PLAINTEXT ) {
+            return nativeUnwrapSymPlaintext(token, wrapped, algFromType(type),
+                usage.getVal() );
        } else {
-            Assert.assert(privKey!=null && pubKey==null && symKey==null);
-            return nativeUnwrapSymWithPriv(token, privKey, wrapped, algorithm,
+            if( symKey != null ) {
+                Assert.assert(pubKey==null && privKey==null);
+                return nativeUnwrapSymWithSym(token, symKey, wrapped, algorithm,
                        algFromType(type), keyLen, IV, usage.getVal() );
+            } else {
+                Assert.assert(privKey!=null && pubKey==null && symKey==null);
+                return nativeUnwrapSymWithPriv(token, privKey, wrapped,
+                    algorithm, algFromType(type), keyLen, IV, usage.getVal() );
+            }
        }
    }

@ -522,6 +558,9 @@ final class PK11KeyWrapper implements KeyWrapper {
        byte[] IV, int usageEnum)
            throws TokenException;

+    private static native SymmetricKey
+    nativeUnwrapSymPlaintext(PK11Token token, byte[] wrappedKey,
+        Algorithm type, int usageEnum);

    private void reset() {
        state = UNINITIALIZED;