1 /* 2 * Copyright (c) 2009, 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 #include <jni.h> 27 #include "jni_util.h" 28 #include "impl/ecc_impl.h" 29 #include "sun_security_ec_ECDHKeyAgreement.h" 30 #include "sun_security_ec_ECKeyPairGenerator.h" 31 #include "sun_security_ec_ECDSASignature.h" 32 33 #define ILLEGAL_STATE_EXCEPTION "java/lang/IllegalStateException" 34 #define INVALID_ALGORITHM_PARAMETER_EXCEPTION \ 35 "java/security/InvalidAlgorithmParameterException" 36 #define INVALID_PARAMETER_EXCEPTION \ 37 "java/security/InvalidParameterException" 38 #define KEY_EXCEPTION "java/security/KeyException" 39 40 extern "C" { 41 42 /* 43 * Declare library specific JNI_Onload entry if static build 44 */ 45 DEF_STATIC_JNI_OnLoad 46 47 /* 48 * Throws an arbitrary Java exception. 49 */ 50 void ThrowException(JNIEnv *env, const char *exceptionName) 51 { 52 jclass exceptionClazz = env->FindClass(exceptionName); 53 if (exceptionClazz != NULL) { 54 env->ThrowNew(exceptionClazz, NULL); 55 } 56 } 57 58 /* 59 * Deep free of the ECParams struct 60 */ 61 void FreeECParams(ECParams *ecparams, jboolean freeStruct) 62 { 63 // Use B_FALSE to free the SECItem->data element, but not the SECItem itself 64 // Use B_TRUE to free both 65 66 SECITEM_FreeItem(&ecparams->fieldID.u.prime, B_FALSE); 67 SECITEM_FreeItem(&ecparams->curve.a, B_FALSE); 68 SECITEM_FreeItem(&ecparams->curve.b, B_FALSE); 69 SECITEM_FreeItem(&ecparams->curve.seed, B_FALSE); 70 SECITEM_FreeItem(&ecparams->base, B_FALSE); 71 SECITEM_FreeItem(&ecparams->order, B_FALSE); 72 SECITEM_FreeItem(&ecparams->DEREncoding, B_FALSE); 73 SECITEM_FreeItem(&ecparams->curveOID, B_FALSE); 74 if (freeStruct) 75 free(ecparams); 76 } 77 78 jbyteArray getEncodedBytes(JNIEnv *env, SECItem *hSECItem) 79 { 80 SECItem *s = (SECItem *)hSECItem; 81 82 jbyteArray jEncodedBytes = env->NewByteArray(s->len); 83 if (jEncodedBytes == NULL) { 84 return NULL; 85 } 86 // Copy bytes from a native SECItem buffer to Java byte array 87 env->SetByteArrayRegion(jEncodedBytes, 0, s->len, (jbyte *)s->data); 88 if (env->ExceptionCheck()) { // should never happen 89 return NULL; 90 } 91 return jEncodedBytes; 92 } 93 94 /* 95 * Class: sun_security_ec_ECKeyPairGenerator 96 * Method: isCurveSupported 97 * Signature: ([B)Z 98 */ 99 JNIEXPORT jboolean 100 JNICALL Java_sun_security_ec_ECKeyPairGenerator_isCurveSupported 101 (JNIEnv *env, jclass clazz, jbyteArray encodedParams) 102 { 103 SECKEYECParams params_item; 104 ECParams *ecparams = NULL; 105 jboolean result = JNI_FALSE; 106 107 // The curve is supported if we can get parameters for it 108 params_item.len = env->GetArrayLength(encodedParams); 109 params_item.data = 110 (unsigned char *) env->GetByteArrayElements(encodedParams, 0); 111 if (params_item.data == NULL) { 112 goto cleanup; 113 } 114 115 // Fill a new ECParams using the supplied OID 116 if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { 117 /* bad curve OID */ 118 goto cleanup; 119 } 120 121 // If we make it to here, then the curve is supported 122 result = JNI_TRUE; 123 124 cleanup: 125 { 126 if (params_item.data) { 127 env->ReleaseByteArrayElements(encodedParams, 128 (jbyte *) params_item.data, JNI_ABORT); 129 } 130 if (ecparams) { 131 FreeECParams(ecparams, true); 132 } 133 } 134 135 return result; 136 } 137 138 /* 139 * Class: sun_security_ec_ECKeyPairGenerator 140 * Method: generateECKeyPair 141 * Signature: (I[B[B)[[B 142 */ 143 JNIEXPORT jobjectArray 144 JNICALL Java_sun_security_ec_ECKeyPairGenerator_generateECKeyPair 145 (JNIEnv *env, jclass clazz, jint keySize, jbyteArray encodedParams, jbyteArray seed) 146 { 147 ECPrivateKey *privKey = NULL; // contains both public and private values 148 ECParams *ecparams = NULL; 149 SECKEYECParams params_item; 150 jint jSeedLength; 151 jbyte* pSeedBuffer = NULL; 152 jobjectArray result = NULL; 153 jclass baCls = NULL; 154 jbyteArray jba; 155 156 // Initialize the ECParams struct 157 params_item.len = env->GetArrayLength(encodedParams); 158 params_item.data = 159 (unsigned char *) env->GetByteArrayElements(encodedParams, 0); 160 if (params_item.data == NULL) { 161 goto cleanup; 162 } 163 164 // Fill a new ECParams using the supplied OID 165 if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { 166 /* bad curve OID */ 167 ThrowException(env, INVALID_ALGORITHM_PARAMETER_EXCEPTION); 168 goto cleanup; 169 } 170 171 // Copy seed from Java to native buffer 172 jSeedLength = env->GetArrayLength(seed); 173 pSeedBuffer = new jbyte[jSeedLength]; 174 env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer); 175 176 // Generate the new keypair (using the supplied seed) 177 if (EC_NewKey(ecparams, &privKey, (unsigned char *) pSeedBuffer, 178 jSeedLength, 0) != SECSuccess) { 179 ThrowException(env, KEY_EXCEPTION); 180 goto cleanup; 181 } 182 183 jboolean isCopy; 184 baCls = env->FindClass("[B"); 185 if (baCls == NULL) { 186 goto cleanup; 187 } 188 result = env->NewObjectArray(2, baCls, NULL); 189 if (result == NULL) { 190 goto cleanup; 191 } 192 jba = getEncodedBytes(env, &(privKey->privateValue)); 193 if (jba == NULL) { 194 result = NULL; 195 goto cleanup; 196 } 197 env->SetObjectArrayElement(result, 0, jba); // big integer 198 if (env->ExceptionCheck()) { // should never happen 199 result = NULL; 200 goto cleanup; 201 } 202 203 jba = getEncodedBytes(env, &(privKey->publicValue)); 204 if (jba == NULL) { 205 result = NULL; 206 goto cleanup; 207 } 208 env->SetObjectArrayElement(result, 1, jba); // encoded ec point 209 if (env->ExceptionCheck()) { // should never happen 210 result = NULL; 211 goto cleanup; 212 } 213 214 cleanup: 215 { 216 if (params_item.data) { 217 env->ReleaseByteArrayElements(encodedParams, 218 (jbyte *) params_item.data, JNI_ABORT); 219 } 220 if (ecparams) { 221 FreeECParams(ecparams, true); 222 } 223 if (privKey) { 224 FreeECParams(&privKey->ecParams, false); 225 SECITEM_FreeItem(&privKey->version, B_FALSE); 226 SECITEM_FreeItem(&privKey->privateValue, B_FALSE); 227 SECITEM_FreeItem(&privKey->publicValue, B_FALSE); 228 free(privKey); 229 } 230 231 if (pSeedBuffer) { 232 delete [] pSeedBuffer; 233 } 234 } 235 236 return result; 237 } 238 239 /* 240 * Class: sun_security_ec_ECDSASignature 241 * Method: signDigest 242 * Signature: ([B[B[B[B)[B 243 */ 244 JNIEXPORT jbyteArray 245 JNICALL Java_sun_security_ec_ECDSASignature_signDigest 246 (JNIEnv *env, jclass clazz, jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing) 247 { 248 jbyte* pDigestBuffer = NULL; 249 jint jDigestLength = env->GetArrayLength(digest); 250 jbyteArray jSignedDigest = NULL; 251 252 SECItem signature_item; 253 jbyte* pSignedDigestBuffer = NULL; 254 jbyteArray temp; 255 256 jint jSeedLength = env->GetArrayLength(seed); 257 jbyte* pSeedBuffer = NULL; 258 259 // Copy digest from Java to native buffer 260 pDigestBuffer = new jbyte[jDigestLength]; 261 env->GetByteArrayRegion(digest, 0, jDigestLength, pDigestBuffer); 262 SECItem digest_item; 263 digest_item.data = (unsigned char *) pDigestBuffer; 264 digest_item.len = jDigestLength; 265 266 ECPrivateKey privKey; 267 privKey.privateValue.data = NULL; 268 269 // Initialize the ECParams struct 270 ECParams *ecparams = NULL; 271 SECKEYECParams params_item; 272 params_item.len = env->GetArrayLength(encodedParams); 273 params_item.data = 274 (unsigned char *) env->GetByteArrayElements(encodedParams, 0); 275 if (params_item.data == NULL) { 276 goto cleanup; 277 } 278 279 // Fill a new ECParams using the supplied OID 280 if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { 281 /* bad curve OID */ 282 ThrowException(env, INVALID_ALGORITHM_PARAMETER_EXCEPTION); 283 goto cleanup; 284 } 285 286 // Extract private key data 287 privKey.ecParams = *ecparams; // struct assignment 288 privKey.privateValue.len = env->GetArrayLength(privateKey); 289 privKey.privateValue.data = 290 (unsigned char *) env->GetByteArrayElements(privateKey, 0); 291 if (privKey.privateValue.data == NULL) { 292 goto cleanup; 293 } 294 295 // Prepare a buffer for the signature (twice the key length) 296 pSignedDigestBuffer = new jbyte[ecparams->order.len * 2]; 297 signature_item.data = (unsigned char *) pSignedDigestBuffer; 298 signature_item.len = ecparams->order.len * 2; 299 300 // Copy seed from Java to native buffer 301 pSeedBuffer = new jbyte[jSeedLength]; 302 env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer); 303 304 // Sign the digest (using the supplied seed) 305 if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item, 306 (unsigned char *) pSeedBuffer, jSeedLength, 0, timing) != SECSuccess) { 307 ThrowException(env, KEY_EXCEPTION); 308 goto cleanup; 309 } 310 311 // Create new byte array 312 temp = env->NewByteArray(signature_item.len); 313 if (temp == NULL) { 314 goto cleanup; 315 } 316 317 // Copy data from native buffer 318 env->SetByteArrayRegion(temp, 0, signature_item.len, pSignedDigestBuffer); 319 jSignedDigest = temp; 320 321 cleanup: 322 { 323 if (params_item.data) { 324 env->ReleaseByteArrayElements(encodedParams, 325 (jbyte *) params_item.data, JNI_ABORT); 326 } 327 if (privKey.privateValue.data) { 328 env->ReleaseByteArrayElements(privateKey, 329 (jbyte *) privKey.privateValue.data, JNI_ABORT); 330 } 331 if (pDigestBuffer) { 332 delete [] pDigestBuffer; 333 } 334 if (pSignedDigestBuffer) { 335 delete [] pSignedDigestBuffer; 336 } 337 if (pSeedBuffer) { 338 delete [] pSeedBuffer; 339 } 340 if (ecparams) { 341 FreeECParams(ecparams, true); 342 } 343 } 344 345 return jSignedDigest; 346 } 347 348 /* 349 * Class: sun_security_ec_ECDSASignature 350 * Method: verifySignedDigest 351 * Signature: ([B[B[B[B)Z 352 */ 353 JNIEXPORT jboolean 354 JNICALL Java_sun_security_ec_ECDSASignature_verifySignedDigest 355 (JNIEnv *env, jclass clazz, jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams) 356 { 357 jboolean isValid = false; 358 359 // Copy signedDigest from Java to native buffer 360 jbyte* pSignedDigestBuffer = NULL; 361 jint jSignedDigestLength = env->GetArrayLength(signedDigest); 362 pSignedDigestBuffer = new jbyte[jSignedDigestLength]; 363 env->GetByteArrayRegion(signedDigest, 0, jSignedDigestLength, 364 pSignedDigestBuffer); 365 SECItem signature_item; 366 signature_item.data = (unsigned char *) pSignedDigestBuffer; 367 signature_item.len = jSignedDigestLength; 368 369 // Copy digest from Java to native buffer 370 jbyte* pDigestBuffer = NULL; 371 jint jDigestLength = env->GetArrayLength(digest); 372 pDigestBuffer = new jbyte[jDigestLength]; 373 env->GetByteArrayRegion(digest, 0, jDigestLength, pDigestBuffer); 374 SECItem digest_item; 375 digest_item.data = (unsigned char *) pDigestBuffer; 376 digest_item.len = jDigestLength; 377 378 // Extract public key data 379 ECPublicKey pubKey; 380 pubKey.publicValue.data = NULL; 381 ECParams *ecparams = NULL; 382 SECKEYECParams params_item; 383 384 // Initialize the ECParams struct 385 params_item.len = env->GetArrayLength(encodedParams); 386 params_item.data = 387 (unsigned char *) env->GetByteArrayElements(encodedParams, 0); 388 if (params_item.data == NULL) { 389 goto cleanup; 390 } 391 392 // Fill a new ECParams using the supplied OID 393 if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { 394 /* bad curve OID */ 395 ThrowException(env, INVALID_ALGORITHM_PARAMETER_EXCEPTION); 396 goto cleanup; 397 } 398 pubKey.ecParams = *ecparams; // struct assignment 399 pubKey.publicValue.len = env->GetArrayLength(publicKey); 400 pubKey.publicValue.data = 401 (unsigned char *) env->GetByteArrayElements(publicKey, 0); 402 403 if (ECDSA_VerifyDigest(&pubKey, &signature_item, &digest_item, 0) 404 != SECSuccess) { 405 goto cleanup; 406 } 407 408 isValid = true; 409 410 cleanup: 411 { 412 if (params_item.data) 413 env->ReleaseByteArrayElements(encodedParams, 414 (jbyte *) params_item.data, JNI_ABORT); 415 416 if (pubKey.publicValue.data) 417 env->ReleaseByteArrayElements(publicKey, 418 (jbyte *) pubKey.publicValue.data, JNI_ABORT); 419 420 if (ecparams) 421 FreeECParams(ecparams, true); 422 423 if (pSignedDigestBuffer) 424 delete [] pSignedDigestBuffer; 425 426 if (pDigestBuffer) 427 delete [] pDigestBuffer; 428 } 429 430 return isValid; 431 } 432 433 /* 434 * Class: sun_security_ec_ECDHKeyAgreement 435 * Method: deriveKey 436 * Signature: ([B[B[B)[B 437 */ 438 JNIEXPORT jbyteArray 439 JNICALL Java_sun_security_ec_ECDHKeyAgreement_deriveKey 440 (JNIEnv *env, jclass clazz, jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams) 441 { 442 jbyteArray jSecret = NULL; 443 ECParams *ecparams = NULL; 444 SECItem privateValue_item; 445 privateValue_item.data = NULL; 446 SECItem publicValue_item; 447 publicValue_item.data = NULL; 448 SECKEYECParams params_item; 449 params_item.data = NULL; 450 451 // Extract private key value 452 privateValue_item.len = env->GetArrayLength(privateKey); 453 privateValue_item.data = 454 (unsigned char *) env->GetByteArrayElements(privateKey, 0); 455 if (privateValue_item.data == NULL) { 456 goto cleanup; 457 } 458 459 // Extract public key value 460 publicValue_item.len = env->GetArrayLength(publicKey); 461 publicValue_item.data = 462 (unsigned char *) env->GetByteArrayElements(publicKey, 0); 463 if (publicValue_item.data == NULL) { 464 goto cleanup; 465 } 466 467 // Initialize the ECParams struct 468 params_item.len = env->GetArrayLength(encodedParams); 469 params_item.data = 470 (unsigned char *) env->GetByteArrayElements(encodedParams, 0); 471 if (params_item.data == NULL) { 472 goto cleanup; 473 } 474 475 // Fill a new ECParams using the supplied OID 476 if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { 477 /* bad curve OID */ 478 ThrowException(env, INVALID_ALGORITHM_PARAMETER_EXCEPTION); 479 goto cleanup; 480 } 481 482 // Prepare a buffer for the secret 483 SECItem secret_item; 484 secret_item.data = NULL; 485 secret_item.len = ecparams->order.len * 2; 486 487 if (ECDH_Derive(&publicValue_item, ecparams, &privateValue_item, B_FALSE, 488 &secret_item, 0) != SECSuccess) { 489 ThrowException(env, ILLEGAL_STATE_EXCEPTION); 490 goto cleanup; 491 } 492 493 // Create new byte array 494 jSecret = env->NewByteArray(secret_item.len); 495 if (jSecret == NULL) { 496 goto cleanup; 497 } 498 499 // Copy bytes from the SECItem buffer to a Java byte array 500 env->SetByteArrayRegion(jSecret, 0, secret_item.len, 501 (jbyte *)secret_item.data); 502 503 // Free the SECItem data buffer 504 SECITEM_FreeItem(&secret_item, B_FALSE); 505 506 cleanup: 507 { 508 if (privateValue_item.data) 509 env->ReleaseByteArrayElements(privateKey, 510 (jbyte *) privateValue_item.data, JNI_ABORT); 511 512 if (publicValue_item.data) 513 env->ReleaseByteArrayElements(publicKey, 514 (jbyte *) publicValue_item.data, JNI_ABORT); 515 516 if (params_item.data) 517 env->ReleaseByteArrayElements(encodedParams, 518 (jbyte *) params_item.data, JNI_ABORT); 519 520 if (ecparams) 521 FreeECParams(ecparams, true); 522 } 523 524 return jSecret; 525 } 526 527 } /* extern "C" */