зеркало из https://github.com/mozilla/pjs.git
Bugzilla Bug 308242: expose the opFlags and the temporary/permanent
attributes of PK11_TokenKeyGenWithFlags. r=glen.beasley. Modified Files: crypto/KeyGenerator.java crypto/SymmetricKey.java pkcs11/PK11KeyGenerator.c pkcs11/PK11KeyGenerator.java
This commit is contained in:
Родитель
bf5cb8b46a
Коммит
e58a8fe88b
|
@ -56,6 +56,27 @@ public interface KeyGenerator {
|
||||||
public void initialize(AlgorithmParameterSpec parameters)
|
public void initialize(AlgorithmParameterSpec parameters)
|
||||||
throws InvalidAlgorithmParameterException;
|
throws InvalidAlgorithmParameterException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param usages The operations the key will be used for after it is
|
||||||
|
* generated. You have to specify these so that the key can be properly
|
||||||
|
* marked with the operations it supports. Some PKCS #11 tokens require
|
||||||
|
* that a key be marked for an operation before it can perform that
|
||||||
|
* operation. The default is SymmetricKey.Usage.SIGN and
|
||||||
|
* SymmetricKey.Usage.ENCRYPT.
|
||||||
|
*/
|
||||||
|
public void setKeyUsages(SymmetricKey.Usage[] usages);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Tells the generator to generate temporary or permanent keys.
|
||||||
|
* Temporary keys are not written permanently to the token. They
|
||||||
|
* are destroyed by the garbage collector. If this method is not
|
||||||
|
* called, the default is temporary keys.
|
||||||
|
*/
|
||||||
|
public void temporaryKeys(boolean temp);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Generates a symmetric key.
|
||||||
|
*/
|
||||||
public SymmetricKey generate()
|
public SymmetricKey generate()
|
||||||
throws IllegalStateException, TokenException, CharConversionException;
|
throws IllegalStateException, TokenException, CharConversionException;
|
||||||
|
|
||||||
|
|
|
@ -132,6 +132,7 @@ public interface SymmetricKey {
|
||||||
public int getVal() { return val; }
|
public int getVal() { return val; }
|
||||||
|
|
||||||
// these enums must match the JSS_symkeyUsage list in Algorithm.c
|
// these enums must match the JSS_symkeyUsage list in Algorithm.c
|
||||||
|
// and the opFlagForUsage list in PK11KeyGenerator.java
|
||||||
public static final Usage ENCRYPT = new Usage(0);
|
public static final Usage ENCRYPT = new Usage(0);
|
||||||
public static final Usage DECRYPT = new Usage(1);
|
public static final Usage DECRYPT = new Usage(1);
|
||||||
public static final Usage WRAP = new Usage(2);
|
public static final Usage WRAP = new Usage(2);
|
||||||
|
|
|
@ -72,11 +72,13 @@ PBE_DestroyContext(PBEBitGenContext *context);
|
||||||
*/
|
*/
|
||||||
JNIEXPORT jobject JNICALL
|
JNIEXPORT jobject JNICALL
|
||||||
Java_org_mozilla_jss_pkcs11_PK11KeyGenerator_generateNormal
|
Java_org_mozilla_jss_pkcs11_PK11KeyGenerator_generateNormal
|
||||||
(JNIEnv *env, jclass clazz, jobject token, jobject alg, jint strength)
|
(JNIEnv *env, jclass clazz, jobject token, jobject alg, jint strength,
|
||||||
|
jint opFlags, jboolean temporary)
|
||||||
{
|
{
|
||||||
PK11SlotInfo *slot=NULL;
|
PK11SlotInfo *slot=NULL;
|
||||||
PK11SymKey *skey=NULL;
|
PK11SymKey *skey=NULL;
|
||||||
CK_MECHANISM_TYPE mech;
|
CK_MECHANISM_TYPE mech;
|
||||||
|
PK11AttrFlags attrFlags=0;
|
||||||
jobject keyObj=NULL;
|
jobject keyObj=NULL;
|
||||||
|
|
||||||
PR_ASSERT( env!=NULL && clazz!=NULL && token!=NULL && alg!=NULL );
|
PR_ASSERT( env!=NULL && clazz!=NULL && token!=NULL && alg!=NULL );
|
||||||
|
@ -90,9 +92,14 @@ Java_org_mozilla_jss_pkcs11_PK11KeyGenerator_generateNormal
|
||||||
mech = JSS_getPK11MechFromAlg(env, alg);
|
mech = JSS_getPK11MechFromAlg(env, alg);
|
||||||
PR_ASSERT(mech != CKM_INVALID_MECHANISM);
|
PR_ASSERT(mech != CKM_INVALID_MECHANISM);
|
||||||
|
|
||||||
|
if(!temporary) {
|
||||||
|
attrFlags |= (PK11_ATTR_TOKEN | PK11_ATTR_PRIVATE);
|
||||||
|
}
|
||||||
|
|
||||||
/* generate the key */
|
/* generate the key */
|
||||||
skey = PK11_KeyGen(slot, mech, NULL /*param*/,
|
skey = PK11_TokenKeyGenWithFlags(slot, mech, NULL /*param*/,
|
||||||
strength/8 /*in bytes*/, NULL /*wincx*/ );
|
strength/8 /*in bytes*/, NULL /*keyid*/,
|
||||||
|
opFlags, attrFlags, NULL /*wincx*/ );
|
||||||
|
|
||||||
if(skey==NULL) {
|
if(skey==NULL) {
|
||||||
JSS_throwMsgPrErr(env, TOKEN_EXCEPTION, "KeyGen failed on token");
|
JSS_throwMsgPrErr(env, TOKEN_EXCEPTION, "KeyGen failed on token");
|
||||||
|
|
|
@ -46,6 +46,27 @@ import java.io.CharConversionException;
|
||||||
|
|
||||||
public final class PK11KeyGenerator implements KeyGenerator {
|
public final class PK11KeyGenerator implements KeyGenerator {
|
||||||
|
|
||||||
|
// opFlag constants: each of these flags specifies a crypto operation
|
||||||
|
// the key will support. Their values must match the same-named C
|
||||||
|
// preprocessor macros defined in the PKCS #11 header pkcs11t.h.
|
||||||
|
private static final int CKF_ENCRYPT = 0x00000100;
|
||||||
|
private static final int CKF_DECRYPT = 0x00000200;
|
||||||
|
private static final int CKF_SIGN = 0x00000800;
|
||||||
|
private static final int CKF_VERIFY = 0x00002000;
|
||||||
|
private static final int CKF_WRAP = 0x00020000;
|
||||||
|
private static final int CKF_UNWRAP = 0x00040000;
|
||||||
|
|
||||||
|
// A table for mapping SymmetricKey.Usage to opFlag. This must be
|
||||||
|
// synchronized with SymmetricKey.Usage.
|
||||||
|
private static final int opFlagForUsage[] = {
|
||||||
|
CKF_ENCRYPT, /* 0 */
|
||||||
|
CKF_DECRYPT, /* 1 */
|
||||||
|
CKF_WRAP, /* 2 */
|
||||||
|
CKF_UNWRAP, /* 3 */
|
||||||
|
CKF_SIGN, /* 4 */
|
||||||
|
CKF_VERIFY /* 5 */
|
||||||
|
};
|
||||||
|
|
||||||
// The token this key will be generated on.
|
// The token this key will be generated on.
|
||||||
private PK11Token token;
|
private PK11Token token;
|
||||||
|
|
||||||
|
@ -59,6 +80,13 @@ public final class PK11KeyGenerator implements KeyGenerator {
|
||||||
// The parameters for this algorithm. May be null for some algorithms.
|
// The parameters for this algorithm. May be null for some algorithms.
|
||||||
private AlgorithmParameterSpec parameters;
|
private AlgorithmParameterSpec parameters;
|
||||||
|
|
||||||
|
// The crypto operations the key will support. It is the logical OR
|
||||||
|
// of the opFlag constants, each specifying a supported operation.
|
||||||
|
private int opFlags = CKF_SIGN | CKF_ENCRYPT;
|
||||||
|
|
||||||
|
// Whether the key will be temporary or permanent
|
||||||
|
private boolean temporaryKeyMode = true;
|
||||||
|
|
||||||
// Used to convert Java Password into a byte[].
|
// Used to convert Java Password into a byte[].
|
||||||
private KeyGenerator.CharToByteConverter charToByte;
|
private KeyGenerator.CharToByteConverter charToByte;
|
||||||
|
|
||||||
|
@ -136,6 +164,21 @@ public final class PK11KeyGenerator implements KeyGenerator {
|
||||||
this.parameters = parameters;
|
this.parameters = parameters;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void setKeyUsages(SymmetricKey.Usage[] usages)
|
||||||
|
{
|
||||||
|
this.opFlags = 0;
|
||||||
|
for( int i = 0; i < usages.length; i++ ) {
|
||||||
|
if( usages[i] != null ) {
|
||||||
|
this.opFlags |= opFlagForUsage[usages[i].getVal()];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public void temporaryKeys(boolean temp)
|
||||||
|
{
|
||||||
|
this.temporaryKeyMode = temp;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Generates the key. This is the public interface, the actual
|
* Generates the key. This is the public interface, the actual
|
||||||
|
@ -165,7 +208,8 @@ public final class PK11KeyGenerator implements KeyGenerator {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
return generateNormal(token, algorithm, strength);
|
return generateNormal(token, algorithm, strength,
|
||||||
|
opFlags, temporaryKeyMode);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -257,11 +301,16 @@ public final class PK11KeyGenerator implements KeyGenerator {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A native method to generate a non-PBE key.
|
* A native method to generate a non-PBE key.
|
||||||
|
* @param token The token where the key generation happens
|
||||||
|
* @param algorithm The algorithm to use
|
||||||
* @param strength The key size in bits, should be 0 for fixed-length
|
* @param strength The key size in bits, should be 0 for fixed-length
|
||||||
* key algorithms.
|
* key algorithms.
|
||||||
|
* @param opFlags The crypto operations the key will support
|
||||||
|
* @param temporary Whether the key will be temporary or permanent
|
||||||
*/
|
*/
|
||||||
private static native SymmetricKey
|
private static native SymmetricKey
|
||||||
generateNormal(PK11Token token, KeyGenAlgorithm algorithm, int strength)
|
generateNormal(PK11Token token, KeyGenAlgorithm algorithm, int strength,
|
||||||
|
int opFlags, boolean temporary)
|
||||||
throws TokenException;
|
throws TokenException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Загрузка…
Ссылка в новой задаче