mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bugzilla Bug 308242: expose the opFlags and the temporary/permanent 

attributes of PK11_TokenKeyGenWithFlags. r=glen.beasley.
Modified Files:
	crypto/KeyGenerator.java crypto/SymmetricKey.java
	pkcs11/PK11KeyGenerator.c pkcs11/PK11KeyGenerator.java
This commit is contained in:
wtchang%redhat.com 2005-11-01 18:38:47 +00:00
Родитель bf5cb8b46a
Коммит e58a8fe88b
4 изменённых файлов: 83 добавлений и 5 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

21
security/jss/org/mozilla/jss/crypto/KeyGenerator.java
Просмотреть файл

@ -56,6 +56,27 @@ public interface KeyGenerator {
public void initialize(AlgorithmParameterSpec parameters) public void initialize(AlgorithmParameterSpec parameters)
throws InvalidAlgorithmParameterException; throws InvalidAlgorithmParameterException;
/**
* @param usages The operations the key will be used for after it is
* generated. You have to specify these so that the key can be properly
* marked with the operations it supports. Some PKCS #11 tokens require
* that a key be marked for an operation before it can perform that
* operation. The default is SymmetricKey.Usage.SIGN and
* SymmetricKey.Usage.ENCRYPT.
*/
public void setKeyUsages(SymmetricKey.Usage[] usages);
/**
* Tells the generator to generate temporary or permanent keys.
* Temporary keys are not written permanently to the token. They
* are destroyed by the garbage collector. If this method is not
* called, the default is temporary keys.
*/
public void temporaryKeys(boolean temp);
/**
* Generates a symmetric key.
*/
public SymmetricKey generate() public SymmetricKey generate()
throws IllegalStateException, TokenException, CharConversionException; throws IllegalStateException, TokenException, CharConversionException;

1
security/jss/org/mozilla/jss/crypto/SymmetricKey.java
Просмотреть файл

@ -132,6 +132,7 @@ public interface SymmetricKey {
public int getVal() { return val; } public int getVal() { return val; }
// these enums must match the JSS_symkeyUsage list in Algorithm.c // these enums must match the JSS_symkeyUsage list in Algorithm.c
// and the opFlagForUsage list in PK11KeyGenerator.java
public static final Usage ENCRYPT = new Usage(0); public static final Usage ENCRYPT = new Usage(0);
public static final Usage DECRYPT = new Usage(1); public static final Usage DECRYPT = new Usage(1);
public static final Usage WRAP = new Usage(2); public static final Usage WRAP = new Usage(2);

13
security/jss/org/mozilla/jss/pkcs11/PK11KeyGenerator.c
Просмотреть файл

@ -72,11 +72,13 @@ PBE_DestroyContext(PBEBitGenContext *context);
*/ */
JNIEXPORT jobject JNICALL JNIEXPORT jobject JNICALL
Java_org_mozilla_jss_pkcs11_PK11KeyGenerator_generateNormal Java_org_mozilla_jss_pkcs11_PK11KeyGenerator_generateNormal
(JNIEnv *env, jclass clazz, jobject token, jobject alg, jint strength) (JNIEnv *env, jclass clazz, jobject token, jobject alg, jint strength,
jint opFlags, jboolean temporary)
{ {
PK11SlotInfo *slot=NULL; PK11SlotInfo *slot=NULL;
PK11SymKey *skey=NULL; PK11SymKey *skey=NULL;
CK_MECHANISM_TYPE mech; CK_MECHANISM_TYPE mech;
PK11AttrFlags attrFlags=0;
jobject keyObj=NULL; jobject keyObj=NULL;
PR_ASSERT( env!=NULL && clazz!=NULL && token!=NULL && alg!=NULL ); PR_ASSERT( env!=NULL && clazz!=NULL && token!=NULL && alg!=NULL );
@ -90,9 +92,14 @@ Java_org_mozilla_jss_pkcs11_PK11KeyGenerator_generateNormal
mech = JSS_getPK11MechFromAlg(env, alg); mech = JSS_getPK11MechFromAlg(env, alg);
PR_ASSERT(mech != CKM_INVALID_MECHANISM); PR_ASSERT(mech != CKM_INVALID_MECHANISM);
if(!temporary) {
attrFlags |= (PK11_ATTR_TOKEN | PK11_ATTR_PRIVATE);
}
/* generate the key */ /* generate the key */
skey = PK11_KeyGen(slot, mech, NULL /*param*/, skey = PK11_TokenKeyGenWithFlags(slot, mech, NULL /*param*/,
strength/8 /*in bytes*/, NULL /*wincx*/ ); strength/8 /*in bytes*/, NULL /*keyid*/,
opFlags, attrFlags, NULL /*wincx*/ );
if(skey==NULL) { if(skey==NULL) {
JSS_throwMsgPrErr(env, TOKEN_EXCEPTION, "KeyGen failed on token"); JSS_throwMsgPrErr(env, TOKEN_EXCEPTION, "KeyGen failed on token");

53
security/jss/org/mozilla/jss/pkcs11/PK11KeyGenerator.java
Просмотреть файл

@ -46,6 +46,27 @@ import java.io.CharConversionException;
public final class PK11KeyGenerator implements KeyGenerator { public final class PK11KeyGenerator implements KeyGenerator {
// opFlag constants: each of these flags specifies a crypto operation
// the key will support. Their values must match the same-named C
// preprocessor macros defined in the PKCS #11 header pkcs11t.h.
private static final int CKF_ENCRYPT = 0x00000100;
private static final int CKF_DECRYPT = 0x00000200;
private static final int CKF_SIGN = 0x00000800;
private static final int CKF_VERIFY = 0x00002000;
private static final int CKF_WRAP = 0x00020000;
private static final int CKF_UNWRAP = 0x00040000;
// A table for mapping SymmetricKey.Usage to opFlag. This must be
// synchronized with SymmetricKey.Usage.
private static final int opFlagForUsage[] = {
CKF_ENCRYPT, /* 0 */
CKF_DECRYPT, /* 1 */
CKF_WRAP, /* 2 */
CKF_UNWRAP, /* 3 */
CKF_SIGN, /* 4 */
CKF_VERIFY /* 5 */
};
// The token this key will be generated on. // The token this key will be generated on.
private PK11Token token; private PK11Token token;
@ -59,6 +80,13 @@ public final class PK11KeyGenerator implements KeyGenerator {
// The parameters for this algorithm. May be null for some algorithms. // The parameters for this algorithm. May be null for some algorithms.
private AlgorithmParameterSpec parameters; private AlgorithmParameterSpec parameters;
// The crypto operations the key will support. It is the logical OR
// of the opFlag constants, each specifying a supported operation.
private int opFlags = CKF_SIGN | CKF_ENCRYPT;
// Whether the key will be temporary or permanent
private boolean temporaryKeyMode = true;
// Used to convert Java Password into a byte[]. // Used to convert Java Password into a byte[].
private KeyGenerator.CharToByteConverter charToByte; private KeyGenerator.CharToByteConverter charToByte;
@ -136,6 +164,21 @@ public final class PK11KeyGenerator implements KeyGenerator {
this.parameters = parameters; this.parameters = parameters;
} }
public void setKeyUsages(SymmetricKey.Usage[] usages)
{
this.opFlags = 0;
for( int i = 0; i < usages.length; i++ ) {
if( usages[i] != null ) {
this.opFlags |= opFlagForUsage[usages[i].getVal()];
}
}
}
public void temporaryKeys(boolean temp)
{
this.temporaryKeyMode = temp;
}
/** /**
* Generates the key. This is the public interface, the actual * Generates the key. This is the public interface, the actual
@ -165,7 +208,8 @@ public final class PK11KeyGenerator implements KeyGenerator {
} }
} }
} else { } else {
return generateNormal(token, algorithm, strength); return generateNormal(token, algorithm, strength,
opFlags, temporaryKeyMode);
} }
} }
@ -257,11 +301,16 @@ public final class PK11KeyGenerator implements KeyGenerator {
/** /**
* A native method to generate a non-PBE key. * A native method to generate a non-PBE key.
* @param token The token where the key generation happens
* @param algorithm The algorithm to use
* @param strength The key size in bits, should be 0 for fixed-length * @param strength The key size in bits, should be 0 for fixed-length
* key algorithms. * key algorithms.
* @param opFlags The crypto operations the key will support
* @param temporary Whether the key will be temporary or permanent
*/ */
private static native SymmetricKey private static native SymmetricKey
generateNormal(PK11Token token, KeyGenAlgorithm algorithm, int strength) generateNormal(PK11Token token, KeyGenAlgorithm algorithm, int strength,
int opFlags, boolean temporary)
throws TokenException; throws TokenException;
/** /**