зеркало из https://github.com/mozilla/pjs.git
322871: JSS needs to handle ECC keys and certs`
Back out changes by rrelyea (2006-02-10) and glen.beasley (2006-02-14). r+: wtc
This commit is contained in:
Родитель
81c6a85481
Коммит
915ecf8936
|
@ -45,7 +45,6 @@ org.mozilla.jss.pkcs11.PK11KeyPairGenerator
|
|||
org.mozilla.jss.pkcs11.SigContextProxy
|
||||
org.mozilla.jss.pkcs11.PK11RSAPublicKey
|
||||
org.mozilla.jss.pkcs11.PK11DSAPublicKey
|
||||
org.mozilla.jss.pkcs11.PK11ECPublicKey
|
||||
org.mozilla.jss.pkcs11.PK11SecureRandom
|
||||
org.mozilla.jss.provider.java.security.JSSKeyStoreSpi
|
||||
org.mozilla.jss.SecretDecoderRing.KeyManager
|
||||
|
|
|
@ -118,7 +118,6 @@ Java_org_mozilla_jss_pkcs11_PK11SymKey_getKeyType;
|
|||
Java_org_mozilla_jss_pkcs11_PK11SymKey_getOwningToken;
|
||||
Java_org_mozilla_jss_pkcs11_PK11SymKey_getStrength;
|
||||
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPair;
|
||||
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateECKeyPair;
|
||||
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPair;
|
||||
Java_org_mozilla_jss_pkcs11_PK11KeyGenerator_generateNormal;
|
||||
Java_org_mozilla_jss_pkcs11_PK11KeyGenerator_generatePBE;
|
||||
|
@ -165,8 +164,6 @@ Java_org_mozilla_jss_pkcs11_PK11DSAPublicKey_getGByteArray;
|
|||
Java_org_mozilla_jss_pkcs11_PK11DSAPublicKey_getPByteArray;
|
||||
Java_org_mozilla_jss_pkcs11_PK11DSAPublicKey_getQByteArray;
|
||||
Java_org_mozilla_jss_pkcs11_PK11DSAPublicKey_getYByteArray;
|
||||
Java_org_mozilla_jss_pkcs11_PK11ECPublicKey_getCurveByteArray;
|
||||
Java_org_mozilla_jss_pkcs11_PK11ECPublicKey_getWByteArray;
|
||||
Java_org_mozilla_jss_pkcs11_PK11SecureRandom_nextBytes;
|
||||
Java_org_mozilla_jss_pkcs11_PK11SecureRandom_setSeed;
|
||||
Java_org_mozilla_jss_ssl_SSLServerSocket_clearSessionCache;
|
||||
|
|
|
@ -100,32 +100,6 @@ public final class JSSProvider extends java.security.Provider {
|
|||
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA512RSA");
|
||||
put("Alg.Alias.Signature.SHA512/RSA", "SHA-512/RSA");
|
||||
put("Alg.Alias.Signature.SHA512withRSA", "SHA-512/RSA");
|
||||
// ECC
|
||||
put("Signature.SHA1withEC",
|
||||
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA1EC");
|
||||
put("Alg.Alias.Signature.EC", "SHA1withEC");
|
||||
put("Alg.Alias.Signature.ECC", "SHA1withEC");
|
||||
put("Alg.Alias.Signature.ECDSA", "SHA1withEC");
|
||||
put("Alg.Alias.Signature.SHA/EC", "SHA1withEC");
|
||||
put("Alg.Alias.Signature.SHA1/EC", "SHA1withEC");
|
||||
put("Alg.Alias.Signature.SHA-1/EC", "SHA1withEC");
|
||||
put("Alg.Alias.Signature.SHA/ECDSA", "SHA1withEC");
|
||||
put("Alg.Alias.Signature.SHA1/ECDSA", "SHA1withEC");
|
||||
|
||||
put("Signature.SHA256withEC",
|
||||
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA256EC");
|
||||
put("Alg.Alias.Signature.SHA256/EC", "SHA256withEC");
|
||||
put("Alg.Alias.Signature.SHA-256/EC", "SHA256withEC");
|
||||
|
||||
put("Signature.SHA384withEC",
|
||||
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA384EC");
|
||||
put("Alg.Alias.Signature.SHA384/EC", "SHA384withEC");
|
||||
put("Alg.Alias.Signature.SHA-384/EC", "SHA384withEC");
|
||||
|
||||
put("Signature.SHA512withEC",
|
||||
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA512EC");
|
||||
put("Alg.Alias.Signature.SHA512/EC", "SHA512withEC");
|
||||
put("Alg.Alias.Signature.SHA-512/EC", "SHA384withEC");
|
||||
|
||||
/////////////////////////////////////////////////////////////
|
||||
// Message Digesting
|
||||
|
@ -163,8 +137,6 @@ public final class JSSProvider extends java.security.Provider {
|
|||
"org.mozilla.jss.provider.java.security.JSSKeyPairGeneratorSpi$RSA");
|
||||
put("KeyPairGenerator.DSA",
|
||||
"org.mozilla.jss.provider.java.security.JSSKeyPairGeneratorSpi$DSA");
|
||||
put("KeyPairGenerator.EC",
|
||||
"org.mozilla.jss.provider.java.security.JSSKeyPairGeneratorSpi$EC");
|
||||
|
||||
/////////////////////////////////////////////////////////////
|
||||
// KeyFactory
|
||||
|
@ -173,8 +145,6 @@ public final class JSSProvider extends java.security.Provider {
|
|||
"org.mozilla.jss.provider.java.security.KeyFactorySpi1_2");
|
||||
put("KeyFactory.DSA",
|
||||
"org.mozilla.jss.provider.java.security.KeyFactorySpi1_2");
|
||||
put("KeyFactory.EC",
|
||||
"org.mozilla.jss.provider.java.security.KeyFactorySpi1_2");
|
||||
|
||||
/////////////////////////////////////////////////////////////
|
||||
// AlgorithmParameters
|
||||
|
|
|
@ -103,13 +103,7 @@ JSS_AlgInfo JSS_AlgTable[NUM_ALGS] = {
|
|||
/* 40 */ {SEC_OID_SHA512, SEC_OID_TAG},
|
||||
/* 41 */ {SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION, SEC_OID_TAG},
|
||||
/* 42 */ {SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION, SEC_OID_TAG},
|
||||
/* 43 */ {SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION, SEC_OID_TAG},
|
||||
/* 44 */ {SEC_OID_ANSIX962_EC_PUBLIC_KEY, SEC_OID_TAG},
|
||||
/* 45 */ {SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE, SEC_OID_TAG},
|
||||
/* 46 */ {CKM_EC_KEY_PAIR_GEN, PK11_MECH},
|
||||
/* 47 */ {SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE, SEC_OID_TAG},
|
||||
/* 48 */ {SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE, SEC_OID_TAG},
|
||||
/* 49 */ {SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE, SEC_OID_TAG},
|
||||
/* 43 */ {SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION, SEC_OID_TAG}
|
||||
/* REMEMBER TO UPDATE NUM_ALGS!!! */
|
||||
};
|
||||
|
||||
|
|
|
@ -56,7 +56,7 @@ typedef struct JSS_AlgInfoStr {
|
|||
JSS_AlgType type;
|
||||
} JSS_AlgInfo;
|
||||
|
||||
#define NUM_ALGS 50
|
||||
#define NUM_ALGS 44
|
||||
|
||||
extern JSS_AlgInfo JSS_AlgTable[];
|
||||
extern CK_ULONG JSS_symkeyUsage[];
|
||||
|
|
|
@ -168,8 +168,6 @@ public class Algorithm {
|
|||
//////////////////////////////////////////////////////////////
|
||||
static final OBJECT_IDENTIFIER ANSI_X9_ALGORITHM =
|
||||
new OBJECT_IDENTIFIER( new long[] { 1, 2, 840, 10040, 4 } );
|
||||
static final OBJECT_IDENTIFIER ANSI_X962_OID =
|
||||
new OBJECT_IDENTIFIER( new long[] { 1, 2, 840, 10045 } );
|
||||
|
||||
// Algorithm indices. These must be kept in sync with the
|
||||
// algorithm array in Algorithm.c.
|
||||
|
@ -226,11 +224,5 @@ public class Algorithm {
|
|||
protected static final short SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION=41;
|
||||
protected static final short SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION=42;
|
||||
protected static final short SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION=43;
|
||||
protected static final short SEC_OID_ANSIX962_EC_PUBLIC_KEY=44;
|
||||
protected static final short SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE=45;
|
||||
protected static final short CKM_EC_KEY_PAIR_GEN=46;
|
||||
protected static final short SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE=47;
|
||||
protected static final short SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE=48;
|
||||
protected static final short SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE=49;
|
||||
|
||||
}
|
||||
|
|
|
@ -148,7 +148,7 @@ public interface CryptoToken {
|
|||
* on this token.
|
||||
*
|
||||
* @param algorithm The algorithm that the keys will be used with (RSA,
|
||||
* DSA, EC, etc.)
|
||||
* DSA, etc.)
|
||||
* @exception java.security.NoSuchAlgorithmException If this token does
|
||||
* not support the given algorithm.
|
||||
* @deprecated Use the JCA interface instead ({@link java.security.KeyPairGenerator})
|
||||
|
|
|
@ -93,15 +93,9 @@ public class KeyPairAlgorithm extends Algorithm {
|
|||
public static final Algorithm
|
||||
DSAFamily = new Algorithm(SEC_OID_ANSIX9_DSA_SIGNATURE, "DSA");
|
||||
|
||||
public static final Algorithm
|
||||
ECFamily = new Algorithm(SEC_OID_ANSIX962_EC_PUBLIC_KEY, "EC");
|
||||
|
||||
public static final KeyPairAlgorithm
|
||||
RSA = new KeyPairAlgorithm(CKM_RSA_PKCS_KEY_PAIR_GEN, "RSA", RSAFamily);
|
||||
|
||||
public static final KeyPairAlgorithm
|
||||
DSA = new KeyPairAlgorithm(CKM_DSA_KEY_PAIR_GEN, "DSA", DSAFamily);
|
||||
|
||||
public static final KeyPairAlgorithm
|
||||
EC = new KeyPairAlgorithm(CKM_EC_KEY_PAIR_GEN, "EC", ECFamily);
|
||||
}
|
||||
|
|
|
@ -50,7 +50,6 @@ public interface PrivateKey extends java.security.PrivateKey
|
|||
|
||||
public static final Type RSA = Type.RSA;
|
||||
public static final Type DSA = Type.DSA;
|
||||
public static final Type EC = Type.EC;
|
||||
public static final Type DiffieHellman = Type.DiffieHellman;
|
||||
|
||||
/**
|
||||
|
@ -113,7 +112,7 @@ public interface PrivateKey extends java.security.PrivateKey
|
|||
|
||||
/**
|
||||
* Returns a string representation of the algorithm, such as
|
||||
* "RSA", "DSA", or "EC".
|
||||
* "RSA" or "DSA".
|
||||
*/
|
||||
public String toString() {
|
||||
return name;
|
||||
|
@ -135,16 +134,11 @@ public interface PrivateKey extends java.security.PrivateKey
|
|||
private static int CKK_RSA = 0x0;
|
||||
private static int CKK_DSA = 0x1;
|
||||
private static int CKK_DH = 0x2;
|
||||
private static int CKK_EC = 0x3;
|
||||
private static int CKK_X9_42_DH = 0x4;
|
||||
private static int CKK_KEA = 0x5;
|
||||
|
||||
public static final Type RSA = new Type(
|
||||
OBJECT_IDENTIFIER.PKCS1.subBranch(1), "RSA", CKK_RSA );
|
||||
public static final Type DSA = new Type(
|
||||
Algorithm.ANSI_X9_ALGORITHM.subBranch(1), "DSA", CKK_DSA);
|
||||
public static final Type EC = new Type(
|
||||
Algorithm.ANSI_X962_OID.subBranch(2).subBranch(1), "EC", CKK_EC);
|
||||
public static final Type DiffieHellman = new Type(
|
||||
DH_OID, "DiffieHellman", CKK_DH );
|
||||
|
||||
|
|
|
@ -113,21 +113,12 @@ public class SignatureAlgorithm extends Algorithm {
|
|||
|
||||
/**********************************************************************
|
||||
* Raw DSA signing. This algorithm does not do any hashing, it merely
|
||||
* operates on its input, which should be a hash.
|
||||
* encrypts its input, which should be a hash.
|
||||
*/
|
||||
public static final SignatureAlgorithm
|
||||
DSASignature = new SignatureAlgorithm(SEC_OID_ANSIX9_DSA_SIGNATURE, "DSA",
|
||||
null, null, ANSI_X9_ALGORITHM.subBranch(1) );
|
||||
|
||||
/**********************************************************************
|
||||
* Raw EC signing. This algorithm does not do any hashing, it merely
|
||||
* operates on its input, which should be a hash.
|
||||
*/
|
||||
public static final SignatureAlgorithm
|
||||
ECSignature = new SignatureAlgorithm(SEC_OID_ANSIX962_EC_PUBLIC_KEY,
|
||||
"EC",
|
||||
null, null, ANSI_X962_OID.subBranch(2).subBranch(1) );
|
||||
|
||||
//////////////////////////////////////////////////////////////////////
|
||||
public static final SignatureAlgorithm
|
||||
RSASignatureWithMD2Digest =
|
||||
|
@ -156,34 +147,6 @@ public class SignatureAlgorithm extends Algorithm {
|
|||
"DSASignatureWithSHA1Digest", DSASignature, DigestAlgorithm.SHA1,
|
||||
ANSI_X9_ALGORITHM.subBranch(3) );
|
||||
|
||||
//////////////////////////////////////////////////////////////////////
|
||||
public static final SignatureAlgorithm
|
||||
ECSignatureWithSHA1Digest =
|
||||
new SignatureAlgorithm(SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE,
|
||||
"ECSignatureWithSHA1Digest", ECSignature, DigestAlgorithm.SHA1,
|
||||
ANSI_X962_OID.subBranch(4).subBranch(1) );
|
||||
|
||||
//////////////////////////////////////////////////////////////////////
|
||||
public static final SignatureAlgorithm
|
||||
ECSignatureWithSHA256Digest =
|
||||
new SignatureAlgorithm(SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE,
|
||||
"ECSignatureWithSHA256Digest", ECSignature, DigestAlgorithm.SHA256,
|
||||
ANSI_X962_OID.subBranch(4).subBranch(3).subBranch(2) );
|
||||
|
||||
//////////////////////////////////////////////////////////////////////
|
||||
public static final SignatureAlgorithm
|
||||
ECSignatureWithSHA384Digest =
|
||||
new SignatureAlgorithm(SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE,
|
||||
"ECSignatureWithSHA384Digest", ECSignature, DigestAlgorithm.SHA384,
|
||||
ANSI_X962_OID.subBranch(4).subBranch(3).subBranch(3) );
|
||||
|
||||
//////////////////////////////////////////////////////////////////////
|
||||
public static final SignatureAlgorithm
|
||||
ECSignatureWithSHA512Digest =
|
||||
new SignatureAlgorithm(SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE,
|
||||
"ECSignatureWithSHA512Digest", ECSignature, DigestAlgorithm.SHA512,
|
||||
ANSI_X962_OID.subBranch(4).subBranch(3).subBranch(4) );
|
||||
|
||||
//////////////////////////////////////////////////////////////////////
|
||||
public static final SignatureAlgorithm
|
||||
RSASignatureWithSHA256Digest =
|
||||
|
|
|
@ -164,19 +164,6 @@ public final class KeyType {
|
|||
"DSA"
|
||||
);
|
||||
|
||||
//////////////////////////////////////////////////////////////
|
||||
static public final KeyType
|
||||
EC = new KeyType(new Algorithm[]
|
||||
{
|
||||
SignatureAlgorithm.ECSignature,
|
||||
SignatureAlgorithm.ECSignatureWithSHA1Digest,
|
||||
SignatureAlgorithm.ECSignatureWithSHA256Digest,
|
||||
SignatureAlgorithm.ECSignatureWithSHA384Digest,
|
||||
SignatureAlgorithm.ECSignatureWithSHA512Digest
|
||||
},
|
||||
"EC"
|
||||
);
|
||||
|
||||
//////////////////////////////////////////////////////////////
|
||||
static public final KeyType
|
||||
FORTEZZA = new KeyType(new Algorithm[0], "FORTEZZA");
|
||||
|
|
|
@ -1,45 +0,0 @@
|
|||
package org.mozilla.jss.pkcs11;
|
||||
|
||||
import org.mozilla.jss.crypto.PrivateKey;
|
||||
import org.mozilla.jss.crypto.TokenException;
|
||||
import org.mozilla.jss.util.Assert;
|
||||
import java.math.BigInteger;
|
||||
// requires JAVA 1.5
|
||||
//import java.security.interfaces.ECPrivateKey;
|
||||
|
||||
class PK11ECPrivateKey
|
||||
// extends PK11PrivKey implements ECPrivateKey
|
||||
extends PK11PrivKey
|
||||
{
|
||||
|
||||
private PK11ECPrivateKey() { super(null); }
|
||||
|
||||
protected PK11ECPrivateKey(byte[] pointer) {
|
||||
super(pointer);
|
||||
}
|
||||
|
||||
public PrivateKey.Type getType() {
|
||||
return PrivateKey.Type.EC;
|
||||
}
|
||||
|
||||
/**
|
||||
* If this fails, we just return null, since no exceptions are allowed.
|
||||
*/
|
||||
// requires JAVA 1.5
|
||||
// public ECParams getParams() {
|
||||
// try {
|
||||
// return getECParams();
|
||||
// } catch(TokenException te) {
|
||||
// return null;
|
||||
// }
|
||||
// }
|
||||
|
||||
/**
|
||||
* Not implemented. NSS doesn't support extracting private key material
|
||||
* like this.
|
||||
*/
|
||||
// requires JAVA 1.5
|
||||
// public BigInteger getW() {
|
||||
// return null;
|
||||
// }
|
||||
}
|
|
@ -1,72 +0,0 @@
|
|||
/*
|
||||
* The contents of this file are subject to the Mozilla Public
|
||||
* License Version 1.1 (the "License"); you may not use this file
|
||||
* except in compliance with the License. You may obtain a copy of
|
||||
* the License at http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS
|
||||
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
|
||||
* implied. See the License for the specific language governing
|
||||
* rights and limitations under the License.
|
||||
*
|
||||
* The Original Code is the Netscape Security Services for Java.
|
||||
*
|
||||
* The Initial Developer of the Original Code is Netscape
|
||||
* Communications Corporation. Portions created by Netscape are
|
||||
* Copyright (C) 1998-2000 Netscape Communications Corporation. All
|
||||
* Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the
|
||||
* terms of the GNU General Public License Version 2 or later (the
|
||||
* "GPL"), in which case the provisions of the GPL are applicable
|
||||
* instead of those above. If you wish to allow use of your
|
||||
* version of this file only under the terms of the GPL and not to
|
||||
* allow others to use your version of this file under the MPL,
|
||||
* indicate your decision by deleting the provisions above and
|
||||
* replace them with the notice and other provisions required by
|
||||
* the GPL. If you do not delete the provisions above, a recipient
|
||||
* may use your version of this file under either the MPL or the
|
||||
* GPL.
|
||||
*/
|
||||
|
||||
package org.mozilla.jss.pkcs11;
|
||||
|
||||
import org.mozilla.jss.util.Assert;
|
||||
// Requires JAVA 1.5
|
||||
//import java.security.interfaces.ECPublicKey;
|
||||
import java.math.BigInteger;
|
||||
|
||||
//
|
||||
// Requires JAVA 1.5
|
||||
//public final class PK11ECPublicKey extends PK11PubKey implements ECPublicKey {
|
||||
public final class PK11ECPublicKey extends PK11PubKey {
|
||||
|
||||
public PK11ECPublicKey(byte[] pointer) {
|
||||
super(pointer);
|
||||
}
|
||||
|
||||
//
|
||||
// Requires JAVA 1.5
|
||||
// public ECParams getCurve() {
|
||||
// try {
|
||||
// return new BigInteger( getCurveByteArray() );
|
||||
// } catch(NumberFormatException e) {
|
||||
// Assert.notReached("Unable to decode DSA parameters");
|
||||
// return null;
|
||||
// }
|
||||
// }
|
||||
//
|
||||
// public BigInteger getW() {
|
||||
// try {
|
||||
// return new BigInteger( getWByteArray() );
|
||||
// } catch(NumberFormatException e) {
|
||||
// Assert.notReached("Unable to decode DSA public value");
|
||||
// return null;
|
||||
// }
|
||||
// }
|
||||
//
|
||||
// private native byte[] getCurveByteArray();
|
||||
// private native byte[] getWByteArray();
|
||||
}
|
|
@ -120,19 +120,37 @@ finish:
|
|||
|
||||
int PK11_NumberObjectsFor(PK11SlotInfo*, CK_ATTRIBUTE*, int);
|
||||
|
||||
/*
|
||||
* make a common key gen function for both this file and PK11Token.c
|
||||
/**********************************************************************
|
||||
* PK11KeyPairGenerator.generateRSAKeyPair
|
||||
*/
|
||||
SECStatus
|
||||
JSS_PK11_generateKeyPair(JNIEnv *env, CK_MECHANISM_TYPE mechanism,
|
||||
PK11SlotInfo *slot, SECKEYPublicKey **pubk, SECKEYPrivateKey **privk,
|
||||
void *params, PRBool temporary, jint sensitive, jint extractable)
|
||||
JNIEXPORT jobject JNICALL
|
||||
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPair
|
||||
(JNIEnv *env, jobject this, jobject token, jint keySize, jlong publicExponent,
|
||||
jboolean temporary, jint sensitive, jint extractable)
|
||||
{
|
||||
PK11SlotInfo* slot;
|
||||
PK11RSAGenParams params;
|
||||
SECKEYPrivateKey *privk=NULL;
|
||||
SECKEYPublicKey *pubk=NULL;
|
||||
jobject keyPair=NULL;
|
||||
PK11AttrFlags attrFlags = 0;
|
||||
*privk=NULL;
|
||||
*pubk=NULL;
|
||||
|
||||
PR_ASSERT(env!=NULL && slot!=NULL);
|
||||
PR_ASSERT(env!=NULL && this!=NULL && token!=NULL);
|
||||
|
||||
/**************************************************
|
||||
* get the slot pointer
|
||||
*************************************************/
|
||||
if( JSS_PK11_getTokenSlotPtr(env, token, &slot) != PR_SUCCESS) {
|
||||
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
|
||||
goto finish;
|
||||
}
|
||||
PR_ASSERT(slot != NULL);
|
||||
|
||||
/**************************************************
|
||||
* setup parameters
|
||||
*************************************************/
|
||||
params.keySizeInBits = keySize;
|
||||
params.pe = publicExponent;
|
||||
|
||||
/**************************************************
|
||||
* login to the token if necessary
|
||||
|
@ -173,13 +191,13 @@ JSS_PK11_generateKeyPair(JNIEnv *env, CK_MECHANISM_TYPE mechanism,
|
|||
} else {
|
||||
attrFlags |= (PK11_ATTR_INSENSITIVE | PK11_ATTR_PUBLIC);
|
||||
}
|
||||
*privk = PK11_GenerateKeyPairWithFlags(slot,
|
||||
mechanism,
|
||||
params,
|
||||
pubk,
|
||||
privk = PK11_GenerateKeyPairWithFlags(slot,
|
||||
CKM_RSA_PKCS_KEY_PAIR_GEN,
|
||||
¶ms, /* params is not a ptr */
|
||||
&pubk,
|
||||
attrFlags,
|
||||
NULL /* default PW callback */ );
|
||||
if( *privk == NULL ) {
|
||||
if( privk == NULL ) {
|
||||
int errLength;
|
||||
char *errBuf;
|
||||
char *msgBuf;
|
||||
|
@ -202,51 +220,6 @@ JSS_PK11_generateKeyPair(JNIEnv *env, CK_MECHANISM_TYPE mechanism,
|
|||
PR_Free(msgBuf);
|
||||
goto finish;
|
||||
}
|
||||
return SECSuccess;
|
||||
|
||||
|
||||
finish:
|
||||
if(*privk!=NULL) {
|
||||
SECKEY_DestroyPrivateKey(*privk);
|
||||
*privk = NULL;
|
||||
}
|
||||
if(*pubk!=NULL) {
|
||||
SECKEY_DestroyPublicKey(*pubk);
|
||||
*pubk = NULL;
|
||||
}
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
/**********************************************************************
|
||||
* Local generic helper
|
||||
*/
|
||||
static jobject
|
||||
PK11KeyPairGenerator(JNIEnv *env, jobject this, jobject token,
|
||||
CK_MECHANISM_TYPE mechanism, void *params,
|
||||
jboolean temporary, jint sensitive, jint extractable)
|
||||
{
|
||||
PK11SlotInfo* slot;
|
||||
SECKEYPrivateKey *privk=NULL;
|
||||
SECKEYPublicKey *pubk=NULL;
|
||||
jobject keyPair=NULL;
|
||||
SECStatus rv;
|
||||
|
||||
PR_ASSERT(env!=NULL && this!=NULL && token!=NULL);
|
||||
|
||||
/**************************************************
|
||||
* get the slot pointer
|
||||
*************************************************/
|
||||
if( JSS_PK11_getTokenSlotPtr(env, token, &slot) != PR_SUCCESS) {
|
||||
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
|
||||
goto finish;
|
||||
}
|
||||
PR_ASSERT(slot != NULL);
|
||||
|
||||
rv = JSS_PK11_generateKeyPair(env, mechanism, slot, &pubk, &privk,
|
||||
params, temporary, sensitive, extractable);
|
||||
if (rv != SECSuccess) {
|
||||
goto finish;
|
||||
}
|
||||
|
||||
/**************************************************
|
||||
* wrap in a Java KeyPair object
|
||||
|
@ -267,28 +240,6 @@ finish:
|
|||
return keyPair;
|
||||
}
|
||||
|
||||
/**********************************************************************
|
||||
* PK11KeyPairGenerator.generateRSAKeyPair
|
||||
*/
|
||||
JNIEXPORT jobject JNICALL
|
||||
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPair
|
||||
(JNIEnv *env, jobject this, jobject token, jint keySize, jlong publicExponent,
|
||||
jboolean temporary, jint sensitive, jint extractable)
|
||||
{
|
||||
PK11RSAGenParams params;
|
||||
|
||||
PR_ASSERT(env!=NULL && this!=NULL && token!=NULL);
|
||||
|
||||
/**************************************************
|
||||
* setup parameters
|
||||
*************************************************/
|
||||
params.keySizeInBits = keySize;
|
||||
params.pe = publicExponent;
|
||||
|
||||
return PK11KeyPairGenerator(env, this, token, CKM_RSA_PKCS_KEY_PAIR_GEN,
|
||||
¶ms, temporary, sensitive, extractable);
|
||||
}
|
||||
|
||||
#define ZERO_SECITEM(item) {(item).len=0; (item).data=NULL;}
|
||||
|
||||
/**********************************************************************
|
||||
|
@ -301,9 +252,13 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPair
|
|||
(JNIEnv *env, jobject this, jobject token, jbyteArray P, jbyteArray Q,
|
||||
jbyteArray G, jboolean temporary, jint sensitive, jint extractable)
|
||||
{
|
||||
PK11SlotInfo *slot;
|
||||
SECKEYPrivateKey *privk=NULL;
|
||||
SECKEYPublicKey *pubk=NULL;
|
||||
SECItem p, q, g;
|
||||
PQGParams *params=NULL;
|
||||
jobject keyPair=NULL;
|
||||
PK11AttrFlags attrFlags = 0;
|
||||
|
||||
PR_ASSERT(env!=NULL && this!=NULL && token!=NULL && P!=NULL && Q!=NULL
|
||||
&& G!=NULL);
|
||||
|
@ -313,6 +268,15 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPair
|
|||
ZERO_SECITEM(q);
|
||||
ZERO_SECITEM(g);
|
||||
|
||||
|
||||
/**************************************************
|
||||
* Get the slot pointer
|
||||
*************************************************/
|
||||
if( JSS_PK11_getTokenSlotPtr(env, token, &slot) != PR_SUCCESS) {
|
||||
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
|
||||
goto finish;
|
||||
}
|
||||
|
||||
/**************************************************
|
||||
* Setup the parameters
|
||||
*************************************************/
|
||||
|
@ -328,8 +292,66 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPair
|
|||
JSS_throw(env, OUT_OF_MEMORY_ERROR);
|
||||
goto finish;
|
||||
}
|
||||
keyPair = PK11KeyPairGenerator(env, this, token, CKM_DSA_KEY_PAIR_GEN,
|
||||
params, temporary, sensitive, extractable);
|
||||
|
||||
/**************************************************
|
||||
* login to the token if necessary
|
||||
*************************************************/
|
||||
if( PK11_Authenticate(slot, PR_TRUE /*loadcerts*/, NULL /* default pwcb*/)
|
||||
!= SECSuccess)
|
||||
{
|
||||
JSS_throwMsg(env, TOKEN_EXCEPTION, "unable to login to token");
|
||||
goto finish;
|
||||
}
|
||||
|
||||
/**************************************************
|
||||
* generate the key pair on the token
|
||||
*************************************************/
|
||||
if( temporary ) {
|
||||
attrFlags |= PK11_ATTR_SESSION;
|
||||
} else {
|
||||
attrFlags |= PK11_ATTR_TOKEN;
|
||||
}
|
||||
if( extractable == 1 ) {
|
||||
attrFlags |= PK11_ATTR_EXTRACTABLE;
|
||||
} else if( extractable == 0 ) {
|
||||
attrFlags |= PK11_ATTR_UNEXTRACTABLE;
|
||||
}
|
||||
/*
|
||||
* The default of sensitive is set this way to be backward
|
||||
* compatible.
|
||||
*/
|
||||
if( sensitive == -1 ) {
|
||||
sensitive = !temporary; /* workaround bug 129563 */
|
||||
}
|
||||
/*
|
||||
* The PRIVATE/PUBLIC attributes are set this way to be backward
|
||||
* compatible with the original PK11_GenerateKeyPair call.
|
||||
*/
|
||||
if( sensitive ) {
|
||||
attrFlags |= (PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE);
|
||||
} else {
|
||||
attrFlags |= (PK11_ATTR_INSENSITIVE | PK11_ATTR_PUBLIC);
|
||||
}
|
||||
privk = PK11_GenerateKeyPairWithFlags(slot,
|
||||
CKM_DSA_KEY_PAIR_GEN,
|
||||
params, /* params is a ptr */
|
||||
&pubk,
|
||||
attrFlags,
|
||||
NULL /* default PW callback */);
|
||||
if( privk == NULL ) {
|
||||
JSS_throwMsg(env, TOKEN_EXCEPTION,
|
||||
"Keypair Generation failed on PKCS #11 token");
|
||||
goto finish;
|
||||
}
|
||||
|
||||
/**************************************************
|
||||
* wrap in a Java KeyPair object
|
||||
*************************************************/
|
||||
keyPair = keysToKeyPair(env, &privk, &pubk);
|
||||
if(keyPair == NULL) {
|
||||
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
|
||||
goto finish;
|
||||
}
|
||||
|
||||
finish:
|
||||
SECITEM_FreeItem(&p, PR_FALSE);
|
||||
|
@ -338,50 +360,3 @@ finish:
|
|||
PK11_PQG_DestroyParams(params);
|
||||
return keyPair;
|
||||
}
|
||||
|
||||
void
|
||||
DumpItem(SECItem *item)
|
||||
{
|
||||
unsigned char *data = item->data;
|
||||
int i;
|
||||
|
||||
for (i=0; i < item->len; i++) {
|
||||
printf(" %02x",data[i]);
|
||||
}
|
||||
printf(" : 0x%08x %d\n", data, item->len);
|
||||
}
|
||||
|
||||
/**********************************************************************
|
||||
*
|
||||
* PK11KeyPairGenerator.generateECKeyPair
|
||||
*
|
||||
*/
|
||||
JNIEXPORT jobject JNICALL
|
||||
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateECKeyPair
|
||||
(JNIEnv *env, jobject this, jobject token, jbyteArray Curve,
|
||||
jboolean temporary, jint sensitive, jint extractable)
|
||||
{
|
||||
SECItem curve;
|
||||
jobject keyPair=NULL;
|
||||
|
||||
PR_ASSERT(env!=NULL && this!=NULL && token!=NULL && Curve!=NULL );
|
||||
|
||||
/* zero these so we can free them indiscriminately later */
|
||||
ZERO_SECITEM(curve);
|
||||
|
||||
/**************************************************
|
||||
* Setup the parameters
|
||||
*************************************************/
|
||||
if( JSS_ByteArrayToOctetString(env, Curve, &curve))
|
||||
{
|
||||
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
|
||||
goto finish;
|
||||
}
|
||||
|
||||
keyPair = PK11KeyPairGenerator(env, this, token, CKM_EC_KEY_PAIR_GEN,
|
||||
&curve, temporary, sensitive, extractable);
|
||||
|
||||
finish:
|
||||
SECITEM_FreeItem(&curve, PR_FALSE);
|
||||
return keyPair;
|
||||
}
|
||||
|
|
|
@ -38,14 +38,12 @@ package org.mozilla.jss.pkcs11;
|
|||
|
||||
import org.mozilla.jss.crypto.*;
|
||||
import org.mozilla.jss.util.*;
|
||||
import org.mozilla.jss.asn1.*;
|
||||
import java.math.BigInteger;
|
||||
import java.security.*;
|
||||
import java.security.SecureRandom;
|
||||
import java.security.spec.AlgorithmParameterSpec;
|
||||
import java.security.spec.DSAParameterSpec;
|
||||
|
||||
|
||||
/**
|
||||
* A Key Pair Generator implemented using PKCS #11.
|
||||
*
|
||||
|
@ -65,9 +63,8 @@ public final class PK11KeyPairGenerator
|
|||
* Constructor for PK11KeyPairGenerator.
|
||||
* @param token The PKCS #11 token that the keypair will be generated on.
|
||||
* @param algorithm The type of key that will be generated. Currently,
|
||||
* <code>KeyPairAlgorithm.RSA</code> ,
|
||||
* <code>KeyPairAlgorithm.DSA</code> and
|
||||
* <code>KeyPairAlgorithm.EC</code> are supported.
|
||||
* <code>KeyPairAlgorithm.RSA</code> and
|
||||
* <code>KeyPairAlgorithm.DSA</code> are supported.
|
||||
*/
|
||||
public PK11KeyPairGenerator(PK11Token token, KeyPairAlgorithm algorithm)
|
||||
throws NoSuchAlgorithmException, TokenException
|
||||
|
@ -118,7 +115,8 @@ public final class PK11KeyPairGenerator
|
|||
if(algorithm == KeyPairAlgorithm.RSA) {
|
||||
params =
|
||||
new RSAParameterSpec(strength, DEFAULT_RSA_PUBLIC_EXPONENT);
|
||||
} else if(algorithm == KeyPairAlgorithm.DSA) {
|
||||
} else {
|
||||
Assert._assert( algorithm == KeyPairAlgorithm.DSA );
|
||||
if(strength==512) {
|
||||
params = PQG512;
|
||||
} else if(strength==768) {
|
||||
|
@ -130,9 +128,6 @@ public final class PK11KeyPairGenerator
|
|||
"In order to use pre-cooked PQG values, key strength must"+
|
||||
"be 512, 768, or 1024.");
|
||||
}
|
||||
} else {
|
||||
Assert._assert( algorithm == KeyPairAlgorithm.EC );
|
||||
params = getCurve(strength);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -166,22 +161,12 @@ public final class PK11KeyPairGenerator
|
|||
throw new InvalidAlgorithmParameterException(
|
||||
"RSA Public Exponent must fit in 31 or fewer bits.");
|
||||
}
|
||||
} else if ( algorithm == KeyPairAlgorithm.DSA ){
|
||||
} else {
|
||||
Assert._assert( algorithm == KeyPairAlgorithm.DSA);
|
||||
if(! (params instanceof DSAParameterSpec) ) {
|
||||
throw new InvalidAlgorithmParameterException();
|
||||
}
|
||||
} else {
|
||||
Assert._assert( algorithm == KeyPairAlgorithm.EC);
|
||||
// requires JAVA 1.5
|
||||
// if(! (params instanceof ECParameterSpec) ) {
|
||||
// throw new InvalidAlgorithmParameterException();
|
||||
//}
|
||||
// requires JAVA 1.5
|
||||
if(! (params instanceof PK11ParameterSpec) ) {
|
||||
throw new InvalidAlgorithmParameterException();
|
||||
}
|
||||
} // future add support for X509EncodedSpec
|
||||
|
||||
}
|
||||
this.params = params;
|
||||
}
|
||||
|
||||
|
@ -211,7 +196,8 @@ public final class PK11KeyPairGenerator
|
|||
sensitivePairMode,
|
||||
extractablePairMode);
|
||||
}
|
||||
} else if(algorithm == KeyPairAlgorithm.DSA ) {
|
||||
} else {
|
||||
Assert._assert( algorithm == KeyPairAlgorithm.DSA );
|
||||
if(params==null) {
|
||||
params = PQG1024;
|
||||
}
|
||||
|
@ -224,22 +210,7 @@ public final class PK11KeyPairGenerator
|
|||
temporaryPairMode,
|
||||
sensitivePairMode,
|
||||
extractablePairMode);
|
||||
} else {
|
||||
Assert._assert( algorithm == KeyPairAlgorithm.EC );
|
||||
// requires JAVA 1.5 for ECParameters.
|
||||
//
|
||||
//AlgorithmParameters ecParams =
|
||||
// AlgorithmParameters.getInstance("ECParameters");
|
||||
// ecParams.init(params);
|
||||
PK11ParameterSpec ecParams = (PK11ParameterSpec) params;
|
||||
|
||||
return generateECKeyPair(
|
||||
token,
|
||||
ecParams.getEncoded(), /* curve */
|
||||
temporaryPairMode,
|
||||
sensitivePairMode,
|
||||
extractablePairMode);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -274,15 +245,6 @@ public final class PK11KeyPairGenerator
|
|||
boolean temporary, int sensitive, int extractable)
|
||||
throws TokenException;
|
||||
|
||||
/**
|
||||
* Generates a EC key pair with the given a curve.
|
||||
* Curves are stored as DER Encoded Parameters.
|
||||
*/
|
||||
private native KeyPair
|
||||
generateECKeyPair(PK11Token token, byte[] Curve,
|
||||
boolean temporary, int sensitive, int extractable)
|
||||
throws TokenException;
|
||||
|
||||
///////////////////////////////////////////////////////////////////////
|
||||
///////////////////////////////////////////////////////////////////////
|
||||
// Defaults
|
||||
|
@ -397,266 +359,6 @@ public final class PK11KeyPairGenerator
|
|||
extractablePairMode = extractable ? 1 : 0;
|
||||
}
|
||||
|
||||
//
|
||||
// requires JAVA 1.5
|
||||
//
|
||||
//private AlgorithmParameterSpec getCurve(int strength) {
|
||||
//}
|
||||
|
||||
|
||||
private static final OBJECT_IDENTIFIER ANSI_X962_PRIME_CURVE =
|
||||
new OBJECT_IDENTIFIER( new long[] { 1, 2, 840, 10045, 3, 1 } );
|
||||
private static final OBJECT_IDENTIFIER ANSI_X962_BINARY_CURVE =
|
||||
new OBJECT_IDENTIFIER( new long[] { 1, 2, 840, 10045, 3, 0 } );
|
||||
private static final OBJECT_IDENTIFIER SECG_EC_CURVE =
|
||||
new OBJECT_IDENTIFIER( new long[] { 1, 3, 132, 0 } );
|
||||
|
||||
// ANSI Prime curves
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_P192V1
|
||||
= ANSI_X962_PRIME_CURVE.subBranch(1);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_P192V2
|
||||
= ANSI_X962_PRIME_CURVE.subBranch(2);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_P192V3
|
||||
= ANSI_X962_PRIME_CURVE.subBranch(3);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_P239V1
|
||||
= ANSI_X962_PRIME_CURVE.subBranch(4);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_P239V2
|
||||
= ANSI_X962_PRIME_CURVE.subBranch(5);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_P239V3
|
||||
= ANSI_X962_PRIME_CURVE.subBranch(6);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_P256V1
|
||||
= ANSI_X962_PRIME_CURVE.subBranch(7);
|
||||
|
||||
// ANSI Binary curves
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_PNB163V1
|
||||
=ANSI_X962_BINARY_CURVE.subBranch(1);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_PNB163V2
|
||||
=ANSI_X962_BINARY_CURVE.subBranch(2);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_PNB163V3
|
||||
=ANSI_X962_BINARY_CURVE.subBranch(3);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_PNB176V1
|
||||
=ANSI_X962_BINARY_CURVE.subBranch(4);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_TNB191V1
|
||||
=ANSI_X962_BINARY_CURVE.subBranch(5);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_TNB191V2
|
||||
=ANSI_X962_BINARY_CURVE.subBranch(6);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_TNB191V3
|
||||
=ANSI_X962_BINARY_CURVE.subBranch(7);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_ONB191V4
|
||||
=ANSI_X962_BINARY_CURVE.subBranch(8);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_ONB191V5
|
||||
=ANSI_X962_BINARY_CURVE.subBranch(9);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_PNB208W1
|
||||
=ANSI_X962_BINARY_CURVE.subBranch(10);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_TNB239V1
|
||||
=ANSI_X962_BINARY_CURVE.subBranch(11);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_TNB239V2
|
||||
=ANSI_X962_BINARY_CURVE.subBranch(12);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_TNB239V3
|
||||
=ANSI_X962_BINARY_CURVE.subBranch(13);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_ONB239V4
|
||||
=ANSI_X962_BINARY_CURVE.subBranch(14);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_ONB239V5
|
||||
=ANSI_X962_BINARY_CURVE.subBranch(15);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_PNB272W1
|
||||
=ANSI_X962_BINARY_CURVE.subBranch(16);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_PNB304W1
|
||||
=ANSI_X962_BINARY_CURVE.subBranch(17);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_TNB359V1
|
||||
=ANSI_X962_BINARY_CURVE.subBranch(18);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_PNB368W1
|
||||
=ANSI_X962_BINARY_CURVE.subBranch(19);
|
||||
static final OBJECT_IDENTIFIER CURVE_ANSI_TNB431R1
|
||||
=ANSI_X962_BINARY_CURVE.subBranch(20);
|
||||
|
||||
// SEG Prime curves
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_P112R1
|
||||
= SECG_EC_CURVE.subBranch(6);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_P112R2
|
||||
= SECG_EC_CURVE.subBranch(7);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_P128R1
|
||||
= SECG_EC_CURVE.subBranch(28);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_P128R2
|
||||
= SECG_EC_CURVE.subBranch(29);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_P160K1
|
||||
= SECG_EC_CURVE.subBranch(9);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_P160R1
|
||||
= SECG_EC_CURVE.subBranch(8);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_P160R2
|
||||
= SECG_EC_CURVE.subBranch(30);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_P192K1
|
||||
= SECG_EC_CURVE.subBranch(31);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_P224K1
|
||||
= SECG_EC_CURVE.subBranch(32);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_P224R1
|
||||
= SECG_EC_CURVE.subBranch(33);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_P256K1
|
||||
= SECG_EC_CURVE.subBranch(10);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_P384R1
|
||||
= SECG_EC_CURVE.subBranch(34);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_P521R1
|
||||
= SECG_EC_CURVE.subBranch(35);
|
||||
|
||||
// SEG Binary curves
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_T113R1
|
||||
= SECG_EC_CURVE.subBranch(4);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_T113R2
|
||||
= SECG_EC_CURVE.subBranch(5);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_T131R1
|
||||
= SECG_EC_CURVE.subBranch(22);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_T131R2
|
||||
= SECG_EC_CURVE.subBranch(23);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_T163K1
|
||||
= SECG_EC_CURVE.subBranch(1);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_T163R1
|
||||
= SECG_EC_CURVE.subBranch(2);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_T163R2
|
||||
= SECG_EC_CURVE.subBranch(15);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_T193R1
|
||||
= SECG_EC_CURVE.subBranch(24);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_T193R2
|
||||
= SECG_EC_CURVE.subBranch(25);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_T233K1
|
||||
= SECG_EC_CURVE.subBranch(26);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_T233R1
|
||||
= SECG_EC_CURVE.subBranch(27);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_T239K1
|
||||
= SECG_EC_CURVE.subBranch(3);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_T283K1
|
||||
= SECG_EC_CURVE.subBranch(16);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_T283R1
|
||||
= SECG_EC_CURVE.subBranch(17);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_T409K1
|
||||
= SECG_EC_CURVE.subBranch(36);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_T409R1
|
||||
= SECG_EC_CURVE.subBranch(37);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_T571K1
|
||||
= SECG_EC_CURVE.subBranch(38);
|
||||
static final OBJECT_IDENTIFIER CURVE_SECG_T571R1
|
||||
= SECG_EC_CURVE.subBranch(39);
|
||||
|
||||
private AlgorithmParameterSpec getCurve(int strength)
|
||||
throws InvalidParameterException
|
||||
{
|
||||
OBJECT_IDENTIFIER oid;
|
||||
switch (strength) {
|
||||
case 112:
|
||||
oid = CURVE_SECG_P112R1; // == WTLS-6
|
||||
// Can't get to curve SECG P-112R2
|
||||
// Can't get to curve WTLS-8 (No oid for WTLS-8)
|
||||
break;
|
||||
case 113:
|
||||
oid = CURVE_SECG_T113R1; // == WTLS-4
|
||||
// Can't get to curve SECG T-113R2
|
||||
// Can't get to curve WTLS-1 (No oid for WTLS-1)
|
||||
break;
|
||||
case 128:
|
||||
oid = CURVE_SECG_P128R1;
|
||||
// Can't get to curve SECG P-128R2
|
||||
break;
|
||||
case 131:
|
||||
oid = CURVE_SECG_T131R1;
|
||||
// Can't get to curve SECG T-131R2
|
||||
break;
|
||||
case 160:
|
||||
oid = CURVE_SECG_P160R1; // == WTLS-7 (TLS-16)
|
||||
// Can't get to curve SECG P-160K1 (TLS-15)
|
||||
// Can't get to curve SECG P-160R2 (TLS-17)
|
||||
// Can't get to curve WTLS-9 (No oid for WTLS-9)
|
||||
break;
|
||||
case 163:
|
||||
oid = CURVE_SECG_T163K1; // == NIST K-163 == WTLS-3 (TLS-1)
|
||||
// Can't get to curve ANSI C2-PNB163V1 == WTLS-5
|
||||
// Can't get to curve ANSI C2-PNB163V2
|
||||
// Can't get to curve ANSI C2-PNB163V3
|
||||
// Can't get to curve SECG T-163R1 (TLS-2)
|
||||
// Can't get to curve SECG T-163R2 == NIST B-163 (TLS-3)
|
||||
break;
|
||||
case 176:
|
||||
oid = CURVE_ANSI_PNB176V1;
|
||||
break;
|
||||
case 191:
|
||||
oid = CURVE_ANSI_TNB191V1;
|
||||
// Can't get to curve ANSI C2-TNB191V2
|
||||
// Can't get to curve ANSI C2-TNB191V3
|
||||
// Can't get to curve ANSI C2-ONB191V4
|
||||
// Can't get to curve ANSI C2-ONB191V5
|
||||
break;
|
||||
case 192:
|
||||
oid = CURVE_ANSI_P192V1; // == NIST P-192 == SECG P-192R1 (TLS-19)
|
||||
// Can't get to curve ANSI P-192V2
|
||||
// Can't get to curve ANSI P-192V3
|
||||
// Can't get to curve SECG P-192K1 (TLS-18)
|
||||
break;
|
||||
case 193:
|
||||
oid = CURVE_SECG_T193R1; // (TLS-4)
|
||||
// Can't get to curve SECG T-193R2 // (TLS-5)
|
||||
break;
|
||||
case 208:
|
||||
oid = CURVE_ANSI_PNB208W1;
|
||||
break;
|
||||
case 224:
|
||||
oid = CURVE_SECG_P224R1; // == NIST P-224 == WTLS-12 (TLS-21)
|
||||
// Can't get to curve SECG P-224K1 (TLS-20)
|
||||
break;
|
||||
case 233:
|
||||
oid = CURVE_SECG_T233R1; // == NIST B-233 == WTLS-11 (TLS-7)
|
||||
// Can't get to curve SECG T-233K1 == NIST K-233 == WTLS-10 (TLS-6)
|
||||
break;
|
||||
case 239:
|
||||
oid = CURVE_SECG_T239K1; // (TLS8)
|
||||
// Can't get to curve ANSI P-239V1
|
||||
// Can't get to curve ANSI P-239V2
|
||||
// Can't get to curve ANSI P-239V3
|
||||
// Can't get to curve ANSI C2-TNB239V1
|
||||
// Can't get to curve ANSI C2-TNB239V2
|
||||
// Can't get to curve ANSI C2-TNB239V3
|
||||
// Can't get to curve ANSI C2-ONB239V4
|
||||
// Can't get to curve ANSI C2-ONB239V5
|
||||
break;
|
||||
case 256:
|
||||
oid = CURVE_ANSI_P256V1; // == NIST P-256 == SECG P-256R1 (TLS-23)
|
||||
// Can't get to curve SECG P-256K1 (TLS-22)
|
||||
break;
|
||||
case 272:
|
||||
oid = CURVE_ANSI_PNB272W1;
|
||||
break;
|
||||
case 283:
|
||||
oid = CURVE_SECG_T283R1; // == NIST B-283 (TLS-10)
|
||||
// Can't get to curve SECG T-283K1 == NIST K-283 (TLS-9)
|
||||
break;
|
||||
case 304:
|
||||
oid = CURVE_ANSI_PNB304W1;
|
||||
break;
|
||||
case 359:
|
||||
oid = CURVE_ANSI_TNB359V1;
|
||||
break;
|
||||
case 368:
|
||||
oid = CURVE_ANSI_PNB368W1;
|
||||
break;
|
||||
case 384:
|
||||
oid = CURVE_SECG_P384R1; // == NIST P-384 (TLS-24)
|
||||
break;
|
||||
case 409:
|
||||
oid = CURVE_SECG_T409R1; // == NIST B-409 (TLS-12)
|
||||
// Can't get to curve SECG T-409K1 == NIST K-409 (TLS-11)
|
||||
break;
|
||||
case 431:
|
||||
oid = CURVE_ANSI_TNB431R1;
|
||||
break;
|
||||
case 521:
|
||||
oid = CURVE_SECG_P521R1; // == NIST P-521 (TLS-25)
|
||||
break;
|
||||
case 571:
|
||||
oid = CURVE_SECG_T571R1; // == NIST B-571 (TLS-14)
|
||||
// Can't get to curve SECG T-571K1 == NIST K-571 (TLS-13)
|
||||
break;
|
||||
default:
|
||||
throw new InvalidParameterException();
|
||||
}
|
||||
return new PK11ParameterSpec(ASN1Util.encode(oid));
|
||||
}
|
||||
|
||||
|
||||
///////////////////////////////////////////////////////////////////////
|
||||
///////////////////////////////////////////////////////////////////////
|
||||
|
|
|
@ -393,35 +393,18 @@ Java_org_mozilla_jss_pkcs11_PK11KeyWrapper_nativeUnwrapPrivWithSym
|
|||
keyType = PK11_GetKeyType(keyTypeMech, 0);
|
||||
|
||||
/* figure out which operations to enable for this key */
|
||||
switch (keyType) {
|
||||
case CKK_RSA:
|
||||
if( keyType == CKK_RSA ) {
|
||||
attribs[0] = CKA_SIGN;
|
||||
attribs[1] = CKA_DECRYPT;
|
||||
attribs[2] = CKA_SIGN_RECOVER;
|
||||
attribs[3] = CKA_UNWRAP;
|
||||
numAttribs = 4;
|
||||
break;
|
||||
case CKK_DSA:
|
||||
} else if(keyType == CKK_DSA) {
|
||||
attribs[0] = CKA_SIGN;
|
||||
numAttribs = 1;
|
||||
break;
|
||||
case CKK_KEA:
|
||||
case CKK_DH:
|
||||
case CKK_X9_42_DH:
|
||||
attribs[0] = CKA_DERIVE;
|
||||
numAttribs = 1;
|
||||
break;
|
||||
case CKK_EC:
|
||||
attribs[0] = CKA_SIGN;
|
||||
attribs[1] = CKA_DERIVE;
|
||||
numAttribs = 2;
|
||||
break;
|
||||
default:
|
||||
} else {
|
||||
/* unknown key type */
|
||||
PR_ASSERT(PR_FALSE);
|
||||
attribs[0] = CKA_SIGN;
|
||||
numAttribs = 1;
|
||||
break;
|
||||
}
|
||||
|
||||
/* perform the unwrap */
|
||||
|
|
|
@ -45,8 +45,6 @@ import org.mozilla.jss.util.Assert;
|
|||
import java.security.PublicKey;
|
||||
import java.security.interfaces.RSAPublicKey;
|
||||
import java.security.interfaces.DSAPublicKey;
|
||||
//requires JAVA 1.5
|
||||
//import java.security.interfaces.ECPublicKey;
|
||||
import javax.crypto.spec.IvParameterSpec;
|
||||
import javax.crypto.spec.RC2ParameterSpec;
|
||||
|
||||
|
@ -170,8 +168,6 @@ final class PK11KeyWrapper implements KeyWrapper {
|
|||
try {
|
||||
KeyType type = KeyType.getKeyTypeFromAlgorithm(algorithm);
|
||||
if( (type == KeyType.RSA && !(key instanceof RSAPublicKey)) ||
|
||||
// requires JAVA 1.5
|
||||
// (type == KeyType.EC && !(key instanceof ECPublicKey)) ||
|
||||
(type == KeyType.DSA && !(key instanceof DSAPublicKey)) ) {
|
||||
throw new InvalidKeyException("Key is not the right type for "+
|
||||
"this algorithm");
|
||||
|
@ -437,14 +433,12 @@ final class PK11KeyWrapper implements KeyWrapper {
|
|||
/**
|
||||
* Extracts the "public value" from a public key. The public value is
|
||||
* used to construct the key identifier (CKA_ID). Also, the internal token
|
||||
* stores the EC DSA and EC public value along with the private key.
|
||||
* stores the DSA public value along with the private key.
|
||||
*/
|
||||
private static byte[]
|
||||
extractPublicValue(PublicKey publicKey, PrivateKey.Type type)
|
||||
throws InvalidKeyException
|
||||
{
|
||||
/* this code should call a generic function wich returns the
|
||||
* proper public value. */
|
||||
if( publicKey == null ) {
|
||||
throw new InvalidKeyException("publicKey is null");
|
||||
}
|
||||
|
@ -523,14 +517,12 @@ final class PK11KeyWrapper implements KeyWrapper {
|
|||
|
||||
private static Algorithm
|
||||
algFromType(PrivateKey.Type type) {
|
||||
if (type == PrivateKey.RSA) {
|
||||
if(type == PrivateKey.RSA) {
|
||||
return KeyPairAlgorithm.RSAFamily;
|
||||
} else if (type == PrivateKey.DSA) {
|
||||
return KeyPairAlgorithm.DSAFamily;
|
||||
} else {
|
||||
Assert._assert( type == PrivateKey.EC);
|
||||
return KeyPairAlgorithm.ECFamily;
|
||||
}
|
||||
Assert._assert(type == PrivateKey.DSA);
|
||||
return KeyPairAlgorithm.DSAFamily;
|
||||
}
|
||||
}
|
||||
|
||||
private static Algorithm
|
||||
|
|
|
@ -1,50 +0,0 @@
|
|||
/*
|
||||
* The contents of this file are subject to the Mozilla Public
|
||||
* License Version 1.1 (the "License"); you may not use this file
|
||||
* except in compliance with the License. You may obtain a copy of
|
||||
* the License at http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS
|
||||
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
|
||||
* implied. See the License for the specific language governing
|
||||
* rights and limitations under the License.
|
||||
*
|
||||
* The Original Code is the Netscape Security Services for Java.
|
||||
*
|
||||
* The Initial Developer of the Original Code is Red Hat, Inc.
|
||||
* Portions created by Red Hat are
|
||||
* Copyright (C) 2005,2006 Red Hat, Inc. All
|
||||
* Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the
|
||||
* terms of the GNU General Public License Version 2 or later (the
|
||||
* "GPL"), in which case the provisions of the GPL are applicable
|
||||
* instead of those above. If you wish to allow use of your
|
||||
* version of this file only under the terms of the GPL and not to
|
||||
* allow others to use your version of this file under the MPL,
|
||||
* indicate your decision by deleting the provisions above and
|
||||
* replace them with the notice and other provisions required by
|
||||
* the GPL. If you do not delete the provisions above, a recipient
|
||||
* may use your version of this file under either the MPL or the
|
||||
* GPL.
|
||||
*/
|
||||
|
||||
package org.mozilla.jss.pkcs11;
|
||||
import java.security.spec.AlgorithmParameterSpec;
|
||||
|
||||
public final class PK11ParameterSpec implements AlgorithmParameterSpec
|
||||
{
|
||||
public PK11ParameterSpec(byte [] derBlob)
|
||||
{
|
||||
blob = derBlob;
|
||||
}
|
||||
|
||||
public byte [] getEncoded()
|
||||
{
|
||||
return blob;
|
||||
}
|
||||
private byte [] blob;
|
||||
|
||||
}
|
|
@ -76,9 +76,6 @@ JSS_PK11_wrapPrivKey(JNIEnv *env, SECKEYPrivateKey **privk)
|
|||
case dsaKey:
|
||||
className = "org/mozilla/jss/pkcs11/PK11DSAPrivateKey";
|
||||
break;
|
||||
case ecKey:
|
||||
className = "org/mozilla/jss/pkcs11/PK11ECPrivateKey";
|
||||
break;
|
||||
default:
|
||||
className = "org/mozilla/jss/pkcs11/PK11PrivKey";
|
||||
break;
|
||||
|
@ -123,8 +120,6 @@ Java_org_mozilla_jss_pkcs11_PK11PrivKey_verifyKeyIsOnToken
|
|||
SECKEYPrivateKey *key = NULL;
|
||||
PK11SlotInfo *slot = NULL;
|
||||
PK11SlotInfo *keySlot = NULL;
|
||||
PK11SlotInfo *dbSlot = NULL;
|
||||
PK11SlotInfo *cryptoSlot = NULL;
|
||||
|
||||
if( JSS_PK11_getPrivKeyPtr(env, this, &key) != PR_SUCCESS) {
|
||||
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
|
||||
|
@ -137,11 +132,9 @@ Java_org_mozilla_jss_pkcs11_PK11PrivKey_verifyKeyIsOnToken
|
|||
}
|
||||
|
||||
keySlot = PK11_GetSlotFromPrivateKey(key);
|
||||
dbSlot = PK11_GetInternalKeySlot();
|
||||
if(keySlot == dbSlot) {
|
||||
cryptoSlot = PK11_GetInternalSlot();
|
||||
if(keySlot == PK11_GetInternalKeySlot()) {
|
||||
/* hack for internal module */
|
||||
if(slot != keySlot && slot != cryptoSlot) {
|
||||
if(slot != keySlot && slot != PK11_GetInternalSlot()) {
|
||||
JSS_throwMsg(env, NO_SUCH_ITEM_ON_TOKEN_EXCEPTION,
|
||||
"Key is not present on this token");
|
||||
goto finish;
|
||||
|
@ -156,12 +149,6 @@ finish:
|
|||
if(keySlot != NULL) {
|
||||
PK11_FreeSlot(keySlot);
|
||||
}
|
||||
if(dbSlot != NULL) {
|
||||
PK11_FreeSlot(dbSlot);
|
||||
}
|
||||
if(cryptoSlot != NULL) {
|
||||
PK11_FreeSlot(cryptoSlot);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -212,10 +199,6 @@ Java_org_mozilla_jss_pkcs11_PK11PrivKey_getKeyType
|
|||
break;
|
||||
case keaKey:
|
||||
keyTypeFieldName = KEA_KEYTYPE_FIELD;
|
||||
break;
|
||||
case ecKey:
|
||||
keyTypeFieldName = EC_KEYTYPE_FIELD;
|
||||
break;
|
||||
default:
|
||||
PR_ASSERT(PR_FALSE);
|
||||
keyTypeFieldName = NULL_KEYTYPE_FIELD;
|
||||
|
@ -463,19 +446,11 @@ JSS_PK11_getKeyType(JNIEnv *env, jobject keyTypeObj)
|
|||
jfieldID fieldID;
|
||||
char *fieldNames[] = {
|
||||
RSA_PRIVKEYTYPE_FIELD,
|
||||
DSA_PRIVKEYTYPE_FIELD,
|
||||
FORTEZZA_KEYTYPE_FIELD,
|
||||
DH_KEYTYPE_FIELD,
|
||||
KEA_KEYTYPE_FIELD,
|
||||
EC_KEYTYPE_FIELD };
|
||||
int numTypes = 6;
|
||||
DSA_PRIVKEYTYPE_FIELD };
|
||||
int numTypes = 2;
|
||||
KeyType keyTypes[] = {
|
||||
rsaKey,
|
||||
dsaKey,
|
||||
fortezzaKey,
|
||||
dhKey,
|
||||
keaKey,
|
||||
ecKey };
|
||||
dsaKey };
|
||||
jobject field;
|
||||
int i;
|
||||
|
||||
|
|
|
@ -78,12 +78,10 @@ public class PK11PrivKey extends org.mozilla.jss.pkcs11.PK11Key
|
|||
|
||||
if( kt == KeyType.RSA ) {
|
||||
return PrivateKey.Type.RSA;
|
||||
} else if (kt == KeyType.DSA) {
|
||||
return PrivateKey.Type.DSA;
|
||||
} else {
|
||||
Assert._assert(kt == KeyType.EC);
|
||||
return PrivateKey.Type.EC;
|
||||
}
|
||||
Assert._assert(kt == KeyType.DSA);
|
||||
return PrivateKey.Type.DSA;
|
||||
}
|
||||
}
|
||||
|
||||
public String getAlgorithm() {
|
||||
|
|
|
@ -37,7 +37,6 @@
|
|||
#include "_jni/org_mozilla_jss_pkcs11_PublicKeyProxy.h"
|
||||
#include "_jni/org_mozilla_jss_pkcs11_PK11RSAPublicKey.h"
|
||||
#include "_jni/org_mozilla_jss_pkcs11_PK11DSAPublicKey.h"
|
||||
#include "_jni/org_mozilla_jss_pkcs11_PK11ECPublicKey.h"
|
||||
|
||||
#include <plarena.h>
|
||||
#include <secmodt.h>
|
||||
|
@ -107,9 +106,6 @@ JSS_PK11_wrapPubKey(JNIEnv *env, SECKEYPublicKey **pKey)
|
|||
case dsaKey:
|
||||
keyClassName = PK11_DSA_PUBKEY_CLASS_NAME;
|
||||
break;
|
||||
case ecKey:
|
||||
keyClassName = PK11_EC_PUBKEY_CLASS_NAME;
|
||||
break;
|
||||
default:
|
||||
keyClassName = PK11PUBKEY_CLASS_NAME;
|
||||
break;
|
||||
|
@ -262,9 +258,6 @@ Java_org_mozilla_jss_pkcs11_PK11PubKey_getKeyType
|
|||
case dsaKey:
|
||||
keyTypeFieldName = DSA_KEYTYPE_FIELD;
|
||||
break;
|
||||
case ecKey:
|
||||
keyTypeFieldName = EC_KEYTYPE_FIELD;
|
||||
break;
|
||||
case fortezzaKey:
|
||||
keyTypeFieldName = FORTEZZA_KEYTYPE_FIELD;
|
||||
break;
|
||||
|
@ -312,9 +305,7 @@ typedef enum {
|
|||
DSA_G,
|
||||
DSA_PUBLIC,
|
||||
RSA_MODULUS,
|
||||
RSA_PUBLIC_EXPONENT,
|
||||
EC_CURVE,
|
||||
EC_W
|
||||
RSA_PUBLIC_EXPONENT
|
||||
} PublicKeyField;
|
||||
|
||||
static jbyteArray
|
||||
|
@ -411,36 +402,6 @@ Java_org_mozilla_jss_pkcs11_PK11DSAPublicKey_getYByteArray
|
|||
return get_public_key_info(env, this, DSA_PUBLIC);
|
||||
}
|
||||
|
||||
/**********************************************************************
|
||||
*
|
||||
* PK11ECPublicKey.getParamByteArray
|
||||
*
|
||||
* Returns the curve of this EC Public Key. The format is a DER encoded
|
||||
* octet string in a byte array.
|
||||
*
|
||||
*/
|
||||
JNIEXPORT jbyteArray JNICALL
|
||||
Java_org_mozilla_jss_pkcs11_PK11ECPublicKey_getCurveByteArray
|
||||
(JNIEnv *env, jobject this)
|
||||
{
|
||||
return get_public_key_info(env, this, EC_CURVE);
|
||||
}
|
||||
|
||||
/**********************************************************************
|
||||
*
|
||||
* PK11ECPublicKey.getWByteArray
|
||||
*
|
||||
* Returns the public value (W) of this EC Public Key.
|
||||
* The format is a 1 byte to indicate compression followed by points
|
||||
* Wx and Wy unsigned and connatonatted.
|
||||
*
|
||||
*/
|
||||
JNIEXPORT jbyteArray JNICALL
|
||||
Java_org_mozilla_jss_pkcs11_PK11ECPublicKey_getWByteArray
|
||||
(JNIEnv *env, jobject this)
|
||||
{
|
||||
return get_public_key_info(env, this, EC_W);
|
||||
}
|
||||
/**********************************************************************
|
||||
* g e t _ p u b l i c _ k e y _ i n f o
|
||||
*
|
||||
|
@ -488,14 +449,6 @@ get_public_key_info
|
|||
PR_ASSERT(pubk->keyType == rsaKey);
|
||||
item = &pubk->u.rsa.publicExponent;
|
||||
break;
|
||||
case EC_CURVE:
|
||||
PR_ASSERT(pubk->keyType == ecKey);
|
||||
item = &pubk->u.ec.DEREncodedParams;
|
||||
break;
|
||||
case EC_W:
|
||||
PR_ASSERT(pubk->keyType == ecKey);
|
||||
item = &pubk->u.ec.publicValue;
|
||||
break;
|
||||
default:
|
||||
PR_ASSERT(PR_FALSE);
|
||||
break;
|
||||
|
|
|
@ -70,14 +70,14 @@ public class PK11PubKey extends org.mozilla.jss.pkcs11.PK11Key
|
|||
* @param rawKey The bytes of the raw key.
|
||||
* @exception InvalidKeyFormatException If the raw key could not be
|
||||
* decoded.
|
||||
* @deprecated This method works for RSA keys but not DSA or EC keys. Use
|
||||
* @deprecated This method works for RSA keys but not DSA keys. Use
|
||||
* fromSPKI() instead.
|
||||
* @see #fromSPKI(byte[])
|
||||
*/
|
||||
public static PK11PubKey fromRaw(PrivateKey.Type type, byte[] rawKey)
|
||||
throws InvalidKeyFormatException
|
||||
{
|
||||
if( type != PrivateKey.Type.RSA ) {
|
||||
if( type == PrivateKey.Type.DSA ) {
|
||||
throw new InvalidKeyFormatException(
|
||||
"fromRaw() is broken for DSA keys. Use fromSPKI() instead.");
|
||||
}
|
||||
|
|
|
@ -62,14 +62,18 @@
|
|||
#define ERRX 1
|
||||
#define KEYTYPE_DSA_STRING "dsa"
|
||||
#define KEYTYPE_RSA_STRING "rsa"
|
||||
#define KEYTYPE_EC_STRING "ec"
|
||||
#define KEYTYPE_DSA 1
|
||||
#define KEYTYPE_RSA 2
|
||||
|
||||
static CERTCertificateRequest* make_cert_request(JNIEnv *env,
|
||||
const char *subject, SECKEYPublicKey *pubk);
|
||||
|
||||
void GenerateCertRequest(JNIEnv *env, SECOidTag ktype, const char *subject,
|
||||
PK11SlotInfo *slot, unsigned char **b64request,
|
||||
void *params);
|
||||
void GenerateCertRequest(JNIEnv *env, unsigned int ktype, const char *subject,
|
||||
int keysize, PK11SlotInfo *slot,
|
||||
unsigned char **b64request, PQGParams *dsaParams);
|
||||
static SECStatus GenerateKeyPair(JNIEnv *env, unsigned int ktype,
|
||||
PK11SlotInfo *slot,
|
||||
SECKEYPublicKey **pubk,
|
||||
SECKEYPrivateKey **privk, int keysize, PQGParams *dsaParams);
|
||||
|
||||
/* these values are taken from PK11KeyPairGenerator.java */
|
||||
#define DEFAULT_RSA_KEY_SIZE 2048
|
||||
|
@ -912,9 +916,7 @@ Java_org_mozilla_jss_pkcs11_PK11Token_doesAlgorithm
|
|||
PR_ASSERT(slot != NULL);
|
||||
|
||||
mech = JSS_getPK11MechFromAlg(env, alg);
|
||||
|
||||
/* not an assertion, some algorithms don't have Mechanism yet */
|
||||
/*PR_ASSERT( mech != CKM_INVALID_MECHANISM ); */
|
||||
PR_ASSERT( mech != CKM_INVALID_MECHANISM );
|
||||
|
||||
if( PK11_DoesMechanism(slot, mech) == PR_TRUE) {
|
||||
doesMech = JNI_TRUE;
|
||||
|
@ -969,25 +971,21 @@ JNIEXPORT jstring JNICALL Java_org_mozilla_jss_pkcs11_PK11Token_generatePK10
|
|||
PQGParams *dsaParams=NULL;
|
||||
const char* c_keyType;
|
||||
jboolean k_isCopy;
|
||||
SECOidTag signType = SEC_OID_UNKNOWN;
|
||||
PK11RSAGenParams rsaParams;
|
||||
void *params = NULL;
|
||||
unsigned int ktype = 0;
|
||||
|
||||
PR_ASSERT(env!=NULL && this!=NULL);
|
||||
/* get keytype */
|
||||
c_keyType = (*env)->GetStringUTFChars(env, keyType, &k_isCopy);
|
||||
|
||||
if (0 == PL_strcasecmp(c_keyType, KEYTYPE_RSA_STRING)) {
|
||||
signType = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;
|
||||
if( keysize == -1 ) {
|
||||
rsaParams.keySizeInBits = DEFAULT_RSA_KEY_SIZE;
|
||||
} else {
|
||||
rsaParams.keySizeInBits = keysize;
|
||||
}
|
||||
rsaParams.pe = DEFAULT_RSA_PUBLIC_EXPONENT;
|
||||
params = (void *)&rsaParams;
|
||||
} else if (0 == PL_strcasecmp(c_keyType, KEYTYPE_DSA_STRING)) {
|
||||
signType = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
|
||||
if (0 == PL_strcasecmp(c_keyType, KEYTYPE_DSA_STRING)) {
|
||||
ktype = KEYTYPE_DSA;
|
||||
} else if (0 == PL_strcasecmp(c_keyType, KEYTYPE_RSA_STRING)) {
|
||||
ktype = KEYTYPE_RSA;
|
||||
} else {
|
||||
JSS_throw(env, INVALID_PARAMETER_EXCEPTION);
|
||||
}
|
||||
|
||||
if (ktype == KEYTYPE_DSA) {
|
||||
if (P==NULL || Q==NULL || G ==NULL) {
|
||||
/* shouldn't happen */
|
||||
JSS_throw(env, INVALID_PARAMETER_EXCEPTION);
|
||||
|
@ -1001,23 +999,18 @@ JNIEXPORT jstring JNICALL Java_org_mozilla_jss_pkcs11_PK11Token_generatePK10
|
|||
if( JSS_ByteArrayToOctetString(env, P, &p) ||
|
||||
JSS_ByteArrayToOctetString(env, Q, &q) ||
|
||||
JSS_ByteArrayToOctetString(env, G, &g) )
|
||||
{
|
||||
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
|
||||
goto finish;
|
||||
}
|
||||
{
|
||||
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
|
||||
goto finish;
|
||||
}
|
||||
dsaParams = PK11_PQG_NewParams(&p, &q, &g);
|
||||
if(dsaParams == NULL) {
|
||||
JSS_throw(env, OUT_OF_MEMORY_ERROR);
|
||||
goto finish;
|
||||
}
|
||||
|
||||
}
|
||||
params = (void *)dsaParams;
|
||||
} else if (0 == PL_strcasecmp(c_keyType, KEYTYPE_EC_STRING)) {
|
||||
signType = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST;
|
||||
/* get ec param */
|
||||
} else {
|
||||
JSS_throw(env, INVALID_PARAMETER_EXCEPTION);
|
||||
}
|
||||
} /* end ktype == KEYTYPE_DSA */
|
||||
|
||||
if( JSS_PK11_getTokenSlotPtr(env, this, &slot) != PR_SUCCESS) {
|
||||
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
|
||||
|
@ -1034,8 +1027,11 @@ JNIEXPORT jstring JNICALL Java_org_mozilla_jss_pkcs11_PK11Token_generatePK10
|
|||
/* get subject */
|
||||
c_subject = (*env)->GetStringUTFChars(env, subject, &isCopy);
|
||||
|
||||
/* get keysize */
|
||||
|
||||
/* call GenerateCertRequest() */
|
||||
GenerateCertRequest(env, signType, c_subject, slot, &b64request, params);
|
||||
GenerateCertRequest(env, ktype, c_subject, (int) keysize, slot, &b64request,
|
||||
dsaParams);
|
||||
|
||||
finish:
|
||||
if (isCopy == JNI_TRUE) {
|
||||
|
@ -1048,7 +1044,7 @@ finish:
|
|||
(*env)->ReleaseStringUTFChars(env, keyType, c_keyType);
|
||||
}
|
||||
|
||||
if (signType == SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) {
|
||||
if (ktype == KEYTYPE_DSA) {
|
||||
SECITEM_FreeItem(&p, PR_FALSE);
|
||||
SECITEM_FreeItem(&q, PR_FALSE);
|
||||
SECITEM_FreeItem(&g, PR_FALSE);
|
||||
|
@ -1069,10 +1065,10 @@ finish:
|
|||
*/
|
||||
void
|
||||
GenerateCertRequest(JNIEnv *env,
|
||||
SECOidTag signType, const char *subject,
|
||||
unsigned int ktype, const char *subject, int keysize,
|
||||
PK11SlotInfo *slot,
|
||||
unsigned char **b64request,
|
||||
void *params) {
|
||||
unsigned char **b64request,
|
||||
PQGParams *dsaParams) {
|
||||
|
||||
CERTCertificateRequest *req;
|
||||
|
||||
|
@ -1082,28 +1078,14 @@ GenerateCertRequest(JNIEnv *env,
|
|||
PRArenaPool *arena;
|
||||
SECItem result_der, result;
|
||||
SECItem *blob;
|
||||
CK_MECHANISM_TYPE signMech;
|
||||
CK_MECHANISM_TYPE keygenMech;
|
||||
|
||||
#ifdef DEBUG
|
||||
printf("in GenerateCertRequest(), subject=%s, ",
|
||||
subject);
|
||||
printf("in GenerateCertRequest(), subject=%s, keysize = %d",
|
||||
subject, keysize);
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Use the tables to reduce the code of adding new
|
||||
* types of keys.
|
||||
*/
|
||||
signMech = PK11_AlgtagToMechanism(signType);
|
||||
if (signMech == CKM_INVALID_MECHANISM) {
|
||||
#ifdef DEBUG
|
||||
printf("Error getting KEYGEN Mechanism.");
|
||||
#endif
|
||||
}
|
||||
keygenMech = PK11_GetKeyGen(signMech);
|
||||
|
||||
if( JSS_PK11_generateKeyPair(env, keygenMech, slot, &pubk, &privk,
|
||||
params, PR_FALSE, -1, -1) != SECSuccess) {
|
||||
if( GenerateKeyPair(env, ktype, slot, &pubk, &privk, keysize,
|
||||
dsaParams) != SECSuccess) {
|
||||
#ifdef DEBUG
|
||||
printf("Error generating keypair.");
|
||||
#endif
|
||||
|
@ -1139,7 +1121,8 @@ GenerateCertRequest(JNIEnv *env,
|
|||
}
|
||||
|
||||
rv = SEC_DerSignData(arena, &result, result_der.data, result_der.len,
|
||||
privk, signType);
|
||||
privk,
|
||||
(ktype==KEYTYPE_RSA)? SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST);
|
||||
if (rv) {
|
||||
JSS_nativeThrowMsg(env, TOKEN_EXCEPTION,
|
||||
"signing of data failed");
|
||||
|
@ -1194,3 +1177,87 @@ make_cert_request(JNIEnv *env, const char *subject, SECKEYPublicKey *pubk)
|
|||
|
||||
return req;
|
||||
}
|
||||
|
||||
|
||||
/******************************************************************
|
||||
*
|
||||
* G e n e r a t e K e y P a i r
|
||||
*/
|
||||
static SECStatus
|
||||
GenerateKeyPair(JNIEnv *env, unsigned int ktype, PK11SlotInfo *slot, SECKEYPublicKey **pubk,
|
||||
SECKEYPrivateKey **privk, int keysize, PQGParams *dsaParams)
|
||||
{
|
||||
|
||||
PK11RSAGenParams rsaParams;
|
||||
|
||||
if (ktype == KEYTYPE_RSA) {
|
||||
if( keysize == -1 ) {
|
||||
rsaParams.keySizeInBits = DEFAULT_RSA_KEY_SIZE;
|
||||
} else {
|
||||
rsaParams.keySizeInBits = keysize;
|
||||
}
|
||||
rsaParams.pe = DEFAULT_RSA_PUBLIC_EXPONENT;
|
||||
}
|
||||
if(PK11_Authenticate( slot, PR_FALSE /*loadCerts*/, NULL /*wincx*/)
|
||||
!= SECSuccess) {
|
||||
JSS_nativeThrowMsg(env, TOKEN_EXCEPTION,
|
||||
"failure authenticating to key database");
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
if(PK11_NeedUserInit(slot)) {
|
||||
JSS_nativeThrowMsg(env, TOKEN_EXCEPTION,
|
||||
"token not initialized with password");
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
#ifdef DEBUG
|
||||
printf("key type == %d", ktype);
|
||||
#endif
|
||||
if (ktype == KEYTYPE_RSA) {
|
||||
*privk = PK11_GenerateKeyPair (slot,
|
||||
CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaParams,
|
||||
pubk, PR_TRUE /*isPerm*/, PR_TRUE /*isSensitive*/, NULL);
|
||||
} else { /* dsa */
|
||||
*privk = PK11_GenerateKeyPair (slot,
|
||||
CKM_DSA_KEY_PAIR_GEN, (void *)dsaParams,
|
||||
pubk, PR_TRUE /*isPerm*/, PR_TRUE /*isSensitive*/, NULL);
|
||||
}
|
||||
if( *privk == NULL ) {
|
||||
int errLength;
|
||||
char *errBuf;
|
||||
char *msgBuf;
|
||||
|
||||
errLength = PR_GetErrorTextLength();
|
||||
if(errLength > 0) {
|
||||
errBuf = PR_Malloc(errLength);
|
||||
if(errBuf == NULL) {
|
||||
JSS_throw(env, OUT_OF_MEMORY_ERROR);
|
||||
return SECFailure;
|
||||
}
|
||||
PR_GetErrorText(errBuf);
|
||||
}
|
||||
msgBuf = PR_smprintf("Keypair Generation failed on token: %s",
|
||||
errLength>0? errBuf : "");
|
||||
if(errLength>0) {
|
||||
PR_Free(errBuf);
|
||||
}
|
||||
|
||||
JSS_throwMsg(env, TOKEN_EXCEPTION, msgBuf);
|
||||
PR_Free(msgBuf);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
|
||||
if (*privk != NULL && *pubk != NULL) {
|
||||
#ifdef DEBUG
|
||||
printf("generated public/private key pair\n");
|
||||
#endif
|
||||
} else {
|
||||
JSS_nativeThrowMsg(env, TOKEN_EXCEPTION,
|
||||
"failure generating key pair");
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
return SECSuccess;
|
||||
}
|
||||
|
|
|
@ -48,7 +48,7 @@ import java.security.InvalidParameterException;
|
|||
* CryptoManager class.
|
||||
*
|
||||
* @author nicolson
|
||||
* @version $Revision: 1.8 $ $Date: 2006-02-10 22:06:12 $
|
||||
* @version $Revision: 1.9 $ $Date: 2006-02-14 23:52:54 $
|
||||
* @see org.mozilla.jss.CryptoManager
|
||||
*/
|
||||
public final class PK11Token implements CryptoToken {
|
||||
|
@ -449,9 +449,9 @@ public final class PK11Token implements CryptoToken {
|
|||
* @param subject subject dn of the certificate
|
||||
* @param keysize size of the key
|
||||
* @param keyType "rsa" or "dsa"
|
||||
* @param P The DSA prime parameter
|
||||
* @param Q The DSA sub-prime parameter
|
||||
* @param G The DSA base parameter
|
||||
* @param P The DSA prime parameter
|
||||
* @param Q The DSA sub-prime parameter
|
||||
* @param G The DSA base parameter
|
||||
* @return String that represents a PKCS#10 b64 encoded blob with
|
||||
* begin/end brackets
|
||||
*/
|
||||
|
|
|
@ -127,35 +127,7 @@ JSS_PK11_wrapSymKey(JNIEnv *env, PK11SymKey **symKey);
|
|||
KeyType
|
||||
JSS_PK11_getKeyType(JNIEnv *env, jobject keyTypeObj);
|
||||
|
||||
/***********************************************************************
|
||||
* JSS_PK11_generateKeyPair
|
||||
*
|
||||
* Create a new key pair based on the passed in mechanism and parameters
|
||||
*
|
||||
* INPUTS
|
||||
* mechanism
|
||||
* A PKCS#11 KeyPair Mechanism
|
||||
* slot
|
||||
* Slot to generate the keypair in.
|
||||
* pubk
|
||||
* returned public key
|
||||
* privk
|
||||
* returned private key key
|
||||
* param
|
||||
* PKCS #11 mechanism parameters
|
||||
* temporary
|
||||
* boolean to say if the key is temporary or permanent
|
||||
* sensitive
|
||||
* int to say if the key should be sensitive or not (-1 is default)
|
||||
* extractable
|
||||
* int to say if the key should be extractable or not (-1 is default)
|
||||
* RETURNS
|
||||
* The SECStatus, SECSuccess of success, SECFailure on failure
|
||||
*/
|
||||
SECStatus
|
||||
JSS_PK11_generateKeyPair(JNIEnv *env, CK_MECHANISM_TYPE mechanism,
|
||||
PK11SlotInfo *slot, SECKEYPublicKey **pubk, SECKEYPrivateKey **privK,
|
||||
void *params, PRBool temporary, jint senstive, jint extractable);
|
||||
|
||||
|
||||
/*=====================================================================
|
||||
C E R T I F I C A T E S
|
||||
|
|
|
@ -78,7 +78,7 @@ class JSSKeyPairGeneratorSpi
|
|||
kpg.initialize(keysize, random);
|
||||
}
|
||||
|
||||
public KeyPair generateKeyPair() {
|
||||
public KeyPair generateKeyPair() {
|
||||
try {
|
||||
return kpg.genKeyPair();
|
||||
} catch(TokenException e) {
|
||||
|
@ -96,9 +96,4 @@ class JSSKeyPairGeneratorSpi
|
|||
super(KeyPairAlgorithm.DSA);
|
||||
}
|
||||
}
|
||||
public static class EC extends JSSKeyPairGeneratorSpi {
|
||||
public EC() {
|
||||
super(KeyPairAlgorithm.EC);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -204,26 +204,6 @@ class JSSSignatureSpi extends java.security.SignatureSpi {
|
|||
super(SignatureAlgorithm.DSASignatureWithSHA1Digest);
|
||||
}
|
||||
}
|
||||
public static class SHA1EC extends JSSSignatureSpi {
|
||||
public SHA1EC() {
|
||||
super(SignatureAlgorithm.ECSignatureWithSHA1Digest);
|
||||
}
|
||||
}
|
||||
public static class SHA256EC extends JSSSignatureSpi {
|
||||
public SHA256EC() {
|
||||
super(SignatureAlgorithm.ECSignatureWithSHA256Digest);
|
||||
}
|
||||
}
|
||||
public static class SHA384EC extends JSSSignatureSpi {
|
||||
public SHA384EC() {
|
||||
super(SignatureAlgorithm.ECSignatureWithSHA384Digest);
|
||||
}
|
||||
}
|
||||
public static class SHA512EC extends JSSSignatureSpi {
|
||||
public SHA512EC() {
|
||||
super(SignatureAlgorithm.ECSignatureWithSHA512Digest);
|
||||
}
|
||||
}
|
||||
public static class MD2RSA extends JSSSignatureSpi {
|
||||
public MD2RSA() {
|
||||
super(SignatureAlgorithm.RSASignatureWithMD2Digest);
|
||||
|
|
|
@ -71,9 +71,10 @@ public class KeyFactorySpi1_2 extends java.security.KeyFactorySpi
|
|||
return PK11PubKey.fromRaw( PrivateKey.RSA, ASN1Util.encode(seq) );
|
||||
} else if( keySpec instanceof DSAPublicKeySpec ) {
|
||||
// We need to import both the public value and the PQG parameters.
|
||||
// The only way to get all that information in DER is to send
|
||||
// a full SubjectPublicKeyInfo. So we encode all the information
|
||||
// into an SPKI.
|
||||
// The only way to get all that information to NSS is through
|
||||
// a SubjectPublicKeyInfo. So we encode all the information
|
||||
// into an SPKI and then throw that down to NSS.
|
||||
// This operation is very computationally expensive and wasteful.
|
||||
|
||||
DSAPublicKeySpec spec = (DSAPublicKeySpec) keySpec;
|
||||
|
||||
|
@ -94,41 +95,6 @@ public class KeyFactorySpi1_2 extends java.security.KeyFactorySpi
|
|||
algID, new BIT_STRING(encodedPublicValue, 0) );
|
||||
|
||||
return PK11PubKey.fromSPKI( ASN1Util.encode(spki) );
|
||||
//
|
||||
// requires JAVA 1.5
|
||||
//
|
||||
//} else if( keySpec instanceof ECPublicKeySpec ) {
|
||||
// // We need to import both the public value and the curve.
|
||||
// // The only way to get all that information in DER is to send
|
||||
// // a full SubjectPublicKeyInfo. So we encode all the information
|
||||
// // into an SPKI.
|
||||
//
|
||||
// ECPublicKeySpec spec = (ECPublicKeySpec) keySpec;
|
||||
// AlgorithmParameters algParams = getInstance("ECParameters");
|
||||
//
|
||||
// algParameters.init(spec.getECParameters());
|
||||
// OBJECT_IDENTIFIER oid = null;
|
||||
// try {
|
||||
// oid = SignatureAlgorithm.ECSignature.toOID();
|
||||
// } catch(NoSuchAlgorithmException ex ) {
|
||||
// Assert.notReached("no such algorithm as DSA?");
|
||||
// }
|
||||
// AlgorithmIdentifier algID =
|
||||
// new AlgorithmIdentifier(oid, ecParams.getParams() );
|
||||
// INTEGER publicValueX = new INTEGER(spec.getW().getAffineX());
|
||||
// INTEGER publicValueY = new INTEGER(spec.getW().getAffineY());
|
||||
// byte[] encodedPublicValue;
|
||||
// encodedPublicValue[0] = EC_UNCOMPRESSED_POINT;
|
||||
// encodedPublicValue += spec.getW().getAffineX().toByteArray();
|
||||
// encodedPublicValue += spec.getW().getAffineY().toByteArray();
|
||||
//
|
||||
// byte[] encodedPublicValue = ASN1Util.encode(publicValue);
|
||||
// SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo(
|
||||
// algID, new BIT_STRING(encodedPublicValue, 0) );
|
||||
//
|
||||
// return PK11PubKey.fromSPKI( ASN1Util.encode(spki) );
|
||||
//
|
||||
// use the following for EC keys in 1.4.2
|
||||
} else if( keySpec instanceof X509EncodedKeySpec ) {
|
||||
//
|
||||
// SubjectPublicKeyInfo
|
||||
|
|
|
@ -140,25 +140,6 @@ public class JCASigTest {
|
|||
sigTest("SHA-384/RSA", keyPair);
|
||||
sigTest("SHA-512/RSA", keyPair);
|
||||
|
||||
kpgen = KeyPairGenerator.getInstance("EC");
|
||||
kpgen.initialize(256);
|
||||
keyPair = kpgen.generateKeyPair();
|
||||
provider = kpgen.getProvider();
|
||||
|
||||
System.out.println("The provider used to Generate the Keys was "
|
||||
+ provider.getName() );
|
||||
System.out.println("provider info " + provider.getInfo() );
|
||||
|
||||
if (provider.getName().equalsIgnoreCase("Mozilla-JSS") == false) {
|
||||
System.out.println("Mozilla-JSS is supposed to be the " +
|
||||
"default provider for JCASigTest");
|
||||
System.exit(1);
|
||||
}
|
||||
sigTest("SHA-1/EC", keyPair);
|
||||
sigTest("SHA-256/EC", keyPair);
|
||||
sigTest("SHA-384/EC", keyPair);
|
||||
sigTest("SHA-512/EC", keyPair);
|
||||
|
||||
} catch ( Exception e ) {
|
||||
e.printStackTrace();
|
||||
System.exit(1);
|
||||
|
|
|
@ -210,20 +210,6 @@ public class TestKeyGen {
|
|||
}
|
||||
}
|
||||
|
||||
// 256-bit EC
|
||||
kpg = java.security.KeyPairGenerator.getInstance("EC", "Mozilla-JSS");
|
||||
kpg.initialize(256);
|
||||
keyPair = kpg.genKeyPair();
|
||||
System.out.println("Generated 256-bit EC KeyPair!");
|
||||
|
||||
kpg.initialize(384);
|
||||
keyPair = kpg.genKeyPair();
|
||||
System.out.println("Generated 384-bit EC KeyPair!");
|
||||
|
||||
kpg.initialize(521);
|
||||
keyPair = kpg.genKeyPair();
|
||||
System.out.println("Generated 521-bit EC KeyPair!");
|
||||
|
||||
System.out.println("TestKeyGen passed");
|
||||
System.exit(0);
|
||||
} catch (Exception e) {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/perl
|
||||
#
|
||||
# ***** BEGIN LICENSE BLOCK *****
|
||||
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
#
|
||||
|
@ -39,14 +39,12 @@ my $java;
|
|||
|
||||
# dist <dist_dir>
|
||||
# release <java release dir> <nss release dir> <nspr release dir>
|
||||
# auto (test the current build directory)
|
||||
|
||||
sub usage {
|
||||
print "Usage:\n";
|
||||
print "$0 dist <dist_dir>\n";
|
||||
print "$0 release <jss release dir> <nss release dir> "
|
||||
. "<nspr release dir>\n";
|
||||
print "$0 auto\n";
|
||||
exit(1);
|
||||
}
|
||||
|
||||
|
@ -117,24 +115,6 @@ sub setup_vars {
|
|||
# take the last part (can be overriden if not <OS><VERSION>_<OPT|DBG>.OBJ
|
||||
$testdir = `basename $testdir`;
|
||||
chomp $testdir;
|
||||
} elsif( $$argv[0] eq "auto" ) {
|
||||
my $dist_dir = `make dist_dir`;
|
||||
my $obj_dir = `make obj_dir`;
|
||||
chomp($dist_dir);
|
||||
chomp($obj_dir);
|
||||
chomp( $dist_dir = `(cd $dist_dir ; pwd)`);
|
||||
chomp( $obj_dir = `(cd $obj_dir ; pwd)`);
|
||||
|
||||
$nss_lib_dir = "$obj_dir/lib";
|
||||
$jss_rel_dir = "$dist_dir/classes$dbg_suffix/org";
|
||||
$jss_classpath = "$dist_dir/xpclass$jar_dbg_suffix.jar";
|
||||
|
||||
$ENV{CLASSPATH} .= "$dist_dir/xpclass$jar_dbg_suffix.jar";
|
||||
( -f $ENV{CLASSPATH} ) or die "$ENV{CLASSPATH} does not exist";
|
||||
#$ENV{$ld_lib_path} = $ENV{$ld_lib_path} . $pathsep . "$obj_dir/lib";
|
||||
$ENV{$ld_lib_path} = "$obj_dir/lib";
|
||||
$testdir = `basename $obj_dir`;
|
||||
chomp $testdir;
|
||||
} elsif( $$argv[0] eq "release" ) {
|
||||
shift @$argv;
|
||||
|
||||
|
@ -396,11 +376,11 @@ $result and print "JSSE servers returned $result\n";
|
|||
#
|
||||
# Test JSS client communication
|
||||
#
|
||||
#print "============= Start JSS client tests\n";
|
||||
#$result = system("$java org.mozilla.jss.tests.JSS_SSLClient $testdir $pwfile $portJSSEServer bypassOff");
|
||||
#$result >>=8;
|
||||
#$result and print "JSS client returned $result\n";
|
||||
#print_case_result ($result,"JSSE server / JSS client");
|
||||
print "============= Start JSS client tests\n";
|
||||
$result = system("$java org.mozilla.jss.tests.JSS_SSLClient $testdir $pwfile $portJSSEServer bypassOff");
|
||||
$result >>=8;
|
||||
$result and print "JSS client returned $result\n";
|
||||
print_case_result ($result,"JSSE server / JSS client");
|
||||
|
||||
$portJSSServer=$portJSSServer+1;
|
||||
|
||||
|
@ -415,11 +395,11 @@ $result and print "JSS servers returned $result\n";
|
|||
#
|
||||
# Test JSSE client communication
|
||||
#
|
||||
#print "============= Start JSSE client tests\n";
|
||||
#$result = system("$java org.mozilla.jss.tests.JSSE_SSLClient $testdir $portJSSServer");
|
||||
#$result >>=8;
|
||||
#$result and print "JSSE client returned $result\n";
|
||||
#print_case_result ($result,"JSS server / JSSE client");
|
||||
print "============= Start JSSE client tests\n";
|
||||
$result = system("$java org.mozilla.jss.tests.JSSE_SSLClient $testdir $portJSSServer");
|
||||
$result >>=8;
|
||||
$result and print "JSSE client returned $result\n";
|
||||
print_case_result ($result,"JSS server / JSSE client");
|
||||
|
||||
#
|
||||
# Test Enable FIPSMODE
|
||||
|
|
|
@ -108,7 +108,6 @@ PR_BEGIN_EXTERN_C
|
|||
#define NULL_KEYTYPE_FIELD "NULL"
|
||||
#define RSA_KEYTYPE_FIELD "RSA"
|
||||
#define DSA_KEYTYPE_FIELD "DSA"
|
||||
#define EC_KEYTYPE_FIELD "EC"
|
||||
#define FORTEZZA_KEYTYPE_FIELD "FORTEZZA"
|
||||
#define DH_KEYTYPE_FIELD "DH"
|
||||
#define KEA_KEYTYPE_FIELD "KEA"
|
||||
|
@ -187,11 +186,6 @@ PR_BEGIN_EXTERN_C
|
|||
*/
|
||||
#define PK11_DSA_PUBKEY_CLASS_NAME "org/mozilla/jss/pkcs11/PK11DSAPublicKey"
|
||||
|
||||
/*
|
||||
* PK11ECPublicKey
|
||||
*/
|
||||
#define PK11_EC_PUBKEY_CLASS_NAME "org/mozilla/jss/pkcs11/PK11ECPublicKey"
|
||||
|
||||
/*
|
||||
* PK11Module
|
||||
*/
|
||||
|
@ -260,7 +254,6 @@ PR_BEGIN_EXTERN_C
|
|||
#define PRIVKEYTYPE_SIG "Lorg/mozilla/jss/crypto/PrivateKey$Type;"
|
||||
#define RSA_PRIVKEYTYPE_FIELD "RSA"
|
||||
#define DSA_PRIVKEYTYPE_FIELD "DSA"
|
||||
#define EC_PRIVKEYTYPE_FIELD "EC"
|
||||
|
||||
/*
|
||||
* PQGParams
|
||||
|
|
Загрузка…
Ссылка в новой задаче