1 /* 2 * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. 3 */ 4 5 /* Copyright (c) 2002 Graz University of Technology. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright notice, 11 * this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright notice, 14 * this list of conditions and the following disclaimer in the documentation 15 * and/or other materials provided with the distribution. 16 * 17 * 3. The end-user documentation included with the redistribution, if any, must 18 * include the following acknowledgment: 19 * 20 * "This product includes software developed by IAIK of Graz University of 21 * Technology." 22 * 23 * Alternately, this acknowledgment may appear in the software itself, if 24 * and wherever such third-party acknowledgments normally appear. 25 * 26 * 4. The names "Graz University of Technology" and "IAIK of Graz University of 27 * Technology" must not be used to endorse or promote products derived from 28 * this software without prior written permission. 29 * 30 * 5. Products derived from this software may not be called 31 * "IAIK PKCS Wrapper", nor may "IAIK" appear in their name, without prior 32 * written permission of Graz University of Technology. 33 * 34 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED 35 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 36 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 37 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE LICENSOR BE 38 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, 39 * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 40 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, 41 * OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 42 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 43 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 44 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 45 * POSSIBILITY OF SUCH DAMAGE. 46 */ 47 48 #include "pkcs11wrapper.h" 49 50 #include <stdio.h> 51 #include <stdlib.h> 52 #include <string.h> 53 #include <assert.h> 54 55 #include "sun_security_pkcs11_wrapper_PKCS11.h" 56 57 #ifdef P11_ENABLE_GETNATIVEKEYINFO 58 59 #define CK_ATTRIBUTES_TEMPLATE_LENGTH (CK_ULONG)61U 60 61 static CK_ATTRIBUTE ckpAttributesTemplate[CK_ATTRIBUTES_TEMPLATE_LENGTH] = { 62 {CKA_CLASS, 0, 0}, 63 {CKA_TOKEN, 0, 0}, 64 {CKA_PRIVATE, 0, 0}, 65 {CKA_LABEL, 0, 0}, 66 {CKA_APPLICATION, 0, 0}, 67 {CKA_VALUE, 0, 0}, 68 {CKA_OBJECT_ID, 0, 0}, 69 {CKA_CERTIFICATE_TYPE, 0, 0}, 70 {CKA_ISSUER, 0, 0}, 71 {CKA_SERIAL_NUMBER, 0, 0}, 72 {CKA_AC_ISSUER, 0, 0}, 73 {CKA_OWNER, 0, 0}, 74 {CKA_ATTR_TYPES, 0, 0}, 75 {CKA_TRUSTED, 0, 0}, 76 {CKA_KEY_TYPE, 0, 0}, 77 {CKA_SUBJECT, 0, 0}, 78 {CKA_ID, 0, 0}, 79 {CKA_SENSITIVE, 0, 0}, 80 {CKA_ENCRYPT, 0, 0}, 81 {CKA_DECRYPT, 0, 0}, 82 {CKA_WRAP, 0, 0}, 83 {CKA_UNWRAP, 0, 0}, 84 {CKA_SIGN, 0, 0}, 85 {CKA_SIGN_RECOVER, 0, 0}, 86 {CKA_VERIFY, 0, 0}, 87 {CKA_VERIFY_RECOVER, 0, 0}, 88 {CKA_DERIVE, 0, 0}, 89 {CKA_START_DATE, 0, 0}, 90 {CKA_END_DATE, 0, 0}, 91 {CKA_MODULUS, 0, 0}, 92 {CKA_MODULUS_BITS, 0, 0}, 93 {CKA_PUBLIC_EXPONENT, 0, 0}, 94 {CKA_PRIVATE_EXPONENT, 0, 0}, 95 {CKA_PRIME_1, 0, 0}, 96 {CKA_PRIME_2, 0, 0}, 97 {CKA_EXPONENT_1, 0, 0}, 98 {CKA_EXPONENT_2, 0, 0}, 99 {CKA_COEFFICIENT, 0, 0}, 100 {CKA_PRIME, 0, 0}, 101 {CKA_SUBPRIME, 0, 0}, 102 {CKA_BASE, 0, 0}, 103 {CKA_PRIME_BITS, 0, 0}, 104 {CKA_SUB_PRIME_BITS, 0, 0}, 105 {CKA_VALUE_BITS, 0, 0}, 106 {CKA_VALUE_LEN, 0, 0}, 107 {CKA_EXTRACTABLE, 0, 0}, 108 {CKA_LOCAL, 0, 0}, 109 {CKA_NEVER_EXTRACTABLE, 0, 0}, 110 {CKA_ALWAYS_SENSITIVE, 0, 0}, 111 {CKA_KEY_GEN_MECHANISM, 0, 0}, 112 {CKA_MODIFIABLE, 0, 0}, 113 {CKA_ECDSA_PARAMS, 0, 0}, 114 {CKA_EC_PARAMS, 0, 0}, 115 {CKA_EC_POINT, 0, 0}, 116 {CKA_SECONDARY_AUTH, 0, 0}, 117 {CKA_AUTH_PIN_FLAGS, 0, 0}, 118 {CKA_HW_FEATURE_TYPE, 0, 0}, 119 {CKA_RESET_ON_INIT, 0, 0}, 120 {CKA_HAS_RESET, 0, 0}, 121 {CKA_VENDOR_DEFINED, 0, 0}, 122 {CKA_NETSCAPE_DB, 0, 0}, 123 }; 124 125 /* 126 * Class: sun_security_pkcs11_wrapper_PKCS11 127 * Method: getNativeKeyInfo 128 * Signature: (JJJ)[B 129 * Parametermapping: *PKCS11* 130 * @param jlong jSessionHandle CK_SESSION_HANDLE hSession 131 * @param jlong jKeyHandle CK_OBJECT_HANDLE hObject 132 * @param jlong jWrappingKeyHandle CK_OBJECT_HANDLE hObject 133 * @return jbyteArray jNativeKeyInfo - 134 */ 135 JNIEXPORT jbyteArray JNICALL 136 Java_sun_security_pkcs11_wrapper_PKCS11_getNativeKeyInfo 137 (JNIEnv *env, jobject obj, jlong jSessionHandle, jlong jKeyHandle, 138 jlong jWrappingKeyHandle) 139 { 140 jbyteArray returnValue = NULL; 141 CK_SESSION_HANDLE ckSessionHandle = jLongToCKULong(jSessionHandle); 142 CK_OBJECT_HANDLE ckObjectHandle = jLongToCKULong(jKeyHandle); 143 CK_ATTRIBUTE_PTR ckpAttributes = NULL; 144 CK_RV rv; 145 jbyteArray nativeKeyInfoArray = NULL; 146 jbyteArray nativeKeyInfoWrappedKeyArray = NULL; 147 jbyte* nativeKeyInfoArrayRaw = NULL; 148 jbyte* nativeKeyInfoWrappedKeyArrayRaw = NULL; 149 unsigned int sensitiveAttributePosition = (unsigned int)-1; 150 unsigned int i = 0U, totalDataSize = 0U, attributesCount = 0U; 151 unsigned int totalCkAttributesSize = 0U, totalNativeKeyInfoArraySize = 0U; 152 unsigned long* wrappedKeySizePtr = NULL; 153 jbyte* nativeKeyInfoArrayRawCkAttributes = NULL; 154 jbyte* nativeKeyInfoArrayRawCkAttributesPtr = NULL; 155 jbyte* nativeKeyInfoArrayRawDataPtr = NULL; 156 CK_OBJECT_CLASS class; 157 CK_KEY_TYPE keyType; 158 CK_BBOOL sensitive; 159 CK_BBOOL netscapeAttributeValueNeeded = CK_FALSE; 160 CK_ATTRIBUTE ckNetscapeAttributesTemplate[] = { 161 {CKA_CLASS, &class, sizeof(class)}, 162 {CKA_KEY_TYPE, &keyType, sizeof(keyType)}, 163 {CKA_SENSITIVE, &sensitive, sizeof(sensitive)}, 164 {CKA_NETSCAPE_DB, 0, 0}, 165 }; 166 CK_MECHANISM ckMechanism = {0x0}; 167 char iv[16] = {0x0}; 168 CK_ULONG ckWrappedKeyLength = 0U; 169 unsigned long* wrappedKeySizeWrappedKeyArrayPtr = NULL; 170 CK_BYTE_PTR wrappedKeyBufferPtr = NULL; 171 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); 172 173 if (ckpFunctions == NULL) { goto cleanup; } 174 175 // If key is private and of DSA or EC type, NSS requires CKA_NETSCAPE_DB 176 // attribute to unwrap it. 177 (*ckpFunctions->C_GetAttributeValue)(ckSessionHandle, ckObjectHandle, 178 ckNetscapeAttributesTemplate, 179 sizeof(ckNetscapeAttributesTemplate)/sizeof(CK_ATTRIBUTE)); 180 if (class == CKO_PRIVATE_KEY && (keyType == CKK_EC || keyType == CKK_DSA) && 181 sensitive == CK_TRUE && 182 ckNetscapeAttributesTemplate[3].ulValueLen == (CK_ULONG)-1) { 183 // We cannot set the attribute through C_SetAttributeValue here 184 // because it might be read-only. However, we can add it to 185 // the extracted buffer. 186 netscapeAttributeValueNeeded = CK_TRUE; 187 } 188 189 ckpAttributes = (CK_ATTRIBUTE_PTR)malloc( 190 CK_ATTRIBUTES_TEMPLATE_LENGTH * sizeof(CK_ATTRIBUTE)); 191 if (ckpAttributes == NULL) { 192 throwOutOfMemoryError(env, 0); 193 goto cleanup; 194 } 195 memcpy(ckpAttributes, ckpAttributesTemplate, 196 CK_ATTRIBUTES_TEMPLATE_LENGTH * sizeof(CK_ATTRIBUTE)); 197 198 // Get sizes for value buffers 199 (*ckpFunctions->C_GetAttributeValue)(ckSessionHandle, ckObjectHandle, 200 ckpAttributes, CK_ATTRIBUTES_TEMPLATE_LENGTH); 201 202 for (i = 0; i < CK_ATTRIBUTES_TEMPLATE_LENGTH; i++) { 203 if ((ckpAttributes+i)->ulValueLen != (unsigned long)-1) { 204 totalDataSize += (ckpAttributes+i)->ulValueLen; 205 if ((ckpAttributes+i)->type == CKA_SENSITIVE) { 206 sensitiveAttributePosition = attributesCount; 207 } 208 attributesCount++; 209 } 210 } 211 212 if (netscapeAttributeValueNeeded) { 213 attributesCount++; 214 } 215 216 // Allocate a single buffer to hold valid attributes and attribute's values 217 // Buffer structure: [ attributes-size, [ ... attributes ... ], 218 // values-size, [ ... values ... ], wrapped-key-size, 219 // [ ... wrapped-key ... ] ] 220 // * sizes are expressed in bytes and data type is unsigned long 221 totalCkAttributesSize = attributesCount * sizeof(CK_ATTRIBUTE); 222 totalNativeKeyInfoArraySize = 223 totalCkAttributesSize + sizeof(unsigned long) * 3 + totalDataSize; 224 225 nativeKeyInfoArray = (*env)->NewByteArray(env, totalNativeKeyInfoArraySize); 226 if (nativeKeyInfoArray == NULL) { 227 goto cleanup; 228 } 229 230 nativeKeyInfoArrayRaw = (*env)->GetByteArrayElements(env, nativeKeyInfoArray, 231 NULL); 232 if (nativeKeyInfoArrayRaw == NULL) { 233 goto cleanup; 234 } 235 236 wrappedKeySizePtr = (unsigned long*)(nativeKeyInfoArrayRaw + 237 sizeof(unsigned long)*2 + totalCkAttributesSize + totalDataSize); 238 (*(unsigned long*)nativeKeyInfoArrayRaw) = totalCkAttributesSize; 239 (*(unsigned long*)(nativeKeyInfoArrayRaw + sizeof(unsigned long) + 240 totalCkAttributesSize)) = totalDataSize; 241 *wrappedKeySizePtr = 0; 242 243 nativeKeyInfoArrayRawCkAttributes = nativeKeyInfoArrayRaw + 244 sizeof(unsigned long); 245 nativeKeyInfoArrayRawCkAttributesPtr = nativeKeyInfoArrayRawCkAttributes; 246 nativeKeyInfoArrayRawDataPtr = nativeKeyInfoArrayRaw + 247 totalCkAttributesSize + sizeof(unsigned long) * 2; 248 249 for (i = 0; i < CK_ATTRIBUTES_TEMPLATE_LENGTH; i++) { 250 if ((ckpAttributes+i)->ulValueLen != (unsigned long)-1) { 251 (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).type = 252 (ckpAttributes+i)->type; 253 if ((ckpAttributes+i)->ulValueLen != 0) { 254 (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).pValue = 255 nativeKeyInfoArrayRawDataPtr; 256 } else { 257 (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).pValue = 0; 258 } 259 (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).ulValueLen = 260 (ckpAttributes+i)->ulValueLen; 261 nativeKeyInfoArrayRawDataPtr += 262 (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).ulValueLen; 263 nativeKeyInfoArrayRawCkAttributesPtr += sizeof(CK_ATTRIBUTE); 264 } 265 } 266 267 // Get attribute's values 268 rv = (*ckpFunctions->C_GetAttributeValue)(ckSessionHandle, ckObjectHandle, 269 (CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributes, 270 attributesCount); 271 if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { 272 goto cleanup; 273 } 274 275 if (netscapeAttributeValueNeeded) { 276 (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).type = CKA_NETSCAPE_DB; 277 // Value is not needed, public key is not used 278 } 279 280 if ((sensitiveAttributePosition != (unsigned int)-1) && 281 *(CK_BBOOL*)(((CK_ATTRIBUTE_PTR)(((CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributes) 282 +sensitiveAttributePosition))->pValue) == CK_TRUE) { 283 // Key is sensitive. Need to extract it wrapped. 284 if (jWrappingKeyHandle != -1) { 285 ckMechanism.mechanism = CKM_AES_CBC_PAD; 286 ckMechanism.pParameter = &iv; 287 ckMechanism.ulParameterLen = 16; 288 rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, &ckMechanism, 289 jLongToCKULong(jWrappingKeyHandle), ckObjectHandle, 290 NULL_PTR, &ckWrappedKeyLength); 291 if (ckWrappedKeyLength != 0) { 292 // Allocate space for getting the wrapped key 293 nativeKeyInfoWrappedKeyArray = (*env)->NewByteArray(env, 294 totalNativeKeyInfoArraySize + ckWrappedKeyLength); 295 if (nativeKeyInfoWrappedKeyArray == NULL) { 296 goto cleanup; 297 } 298 nativeKeyInfoWrappedKeyArrayRaw = 299 (*env)->GetByteArrayElements(env, 300 nativeKeyInfoWrappedKeyArray, NULL); 301 if (nativeKeyInfoWrappedKeyArrayRaw == NULL) { 302 goto cleanup; 303 } 304 memcpy(nativeKeyInfoWrappedKeyArrayRaw, nativeKeyInfoArrayRaw, 305 totalNativeKeyInfoArraySize); 306 wrappedKeySizeWrappedKeyArrayPtr = 307 (unsigned long*)(nativeKeyInfoWrappedKeyArrayRaw + 308 sizeof(unsigned long)*2 + totalCkAttributesSize + 309 totalDataSize); 310 *wrappedKeySizeWrappedKeyArrayPtr = 311 (unsigned long)ckWrappedKeyLength; 312 wrappedKeyBufferPtr = 313 (unsigned char*)wrappedKeySizeWrappedKeyArrayPtr + 314 sizeof(unsigned long); 315 rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, &ckMechanism, 316 jLongToCKULong(jWrappingKeyHandle),ckObjectHandle, 317 wrappedKeyBufferPtr, &ckWrappedKeyLength); 318 if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { 319 goto cleanup; 320 } 321 *wrappedKeySizeWrappedKeyArrayPtr = 322 (unsigned long)ckWrappedKeyLength; 323 } else { 324 goto cleanup; 325 } 326 } else { 327 goto cleanup; 328 } 329 returnValue = nativeKeyInfoWrappedKeyArray; 330 } else { 331 returnValue = nativeKeyInfoArray; 332 } 333 334 cleanup: 335 if (ckpAttributes != NULL) { 336 free(ckpAttributes); 337 } 338 339 if (nativeKeyInfoArrayRaw != NULL) { 340 (*env)->ReleaseByteArrayElements(env, nativeKeyInfoArray, 341 nativeKeyInfoArrayRaw, 0); 342 } 343 344 if (nativeKeyInfoWrappedKeyArrayRaw != NULL) { 345 (*env)->ReleaseByteArrayElements(env, nativeKeyInfoWrappedKeyArray, 346 nativeKeyInfoWrappedKeyArrayRaw, 0); 347 } 348 349 if (nativeKeyInfoArray != NULL && returnValue != nativeKeyInfoArray) { 350 (*env)->DeleteLocalRef(env, nativeKeyInfoArray); 351 } 352 353 if (nativeKeyInfoWrappedKeyArray != NULL 354 && returnValue != nativeKeyInfoWrappedKeyArray) { 355 (*env)->DeleteLocalRef(env, nativeKeyInfoWrappedKeyArray); 356 } 357 358 return returnValue; 359 } 360 #endif 361 362 #ifdef P11_ENABLE_CREATENATIVEKEY 363 /* 364 * Class: sun_security_pkcs11_wrapper_PKCS11 365 * Method: createNativeKey 366 * Signature: (J[BJ)J 367 * Parametermapping: *PKCS11* 368 * @param jlong jSessionHandle CK_SESSION_HANDLE hSession 369 * @param jbyteArray jNativeKeyInfo - 370 * @param jlong jWrappingKeyHandle CK_OBJECT_HANDLE hObject 371 * @return jlong jKeyHandle CK_OBJECT_HANDLE hObject 372 */ 373 JNIEXPORT jlong JNICALL 374 Java_sun_security_pkcs11_wrapper_PKCS11_createNativeKey 375 (JNIEnv *env, jobject obj, jlong jSessionHandle, jbyteArray jNativeKeyInfo, 376 jlong jWrappingKeyHandle) 377 { 378 CK_OBJECT_HANDLE ckObjectHandle; 379 CK_RV rv; 380 CK_SESSION_HANDLE ckSessionHandle = jLongToCKULong(jSessionHandle); 381 jbyte* nativeKeyInfoArrayRaw = NULL; 382 jlong jObjectHandle = 0L; 383 unsigned long totalCkAttributesSize = 0UL; 384 unsigned long nativeKeyInfoCkAttributesCount = 0UL; 385 jbyte* nativeKeyInfoArrayRawCkAttributes = NULL; 386 jbyte* nativeKeyInfoArrayRawCkAttributesPtr = NULL; 387 jbyte* nativeKeyInfoArrayRawDataPtr = NULL; 388 unsigned long totalDataSize = 0UL; 389 unsigned long* wrappedKeySizePtr = NULL; 390 unsigned int i = 0U; 391 CK_MECHANISM ckMechanism = {0x0}; 392 char iv[16] = {0x0}; 393 CK_ULONG ckWrappedKeyLength = 0UL; 394 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); 395 396 if (ckpFunctions == NULL) { goto cleanup; } 397 398 nativeKeyInfoArrayRaw = 399 (*env)->GetByteArrayElements(env, jNativeKeyInfo, NULL); 400 if (nativeKeyInfoArrayRaw == NULL) { 401 goto cleanup; 402 } 403 404 totalCkAttributesSize = *(unsigned long*)nativeKeyInfoArrayRaw; 405 nativeKeyInfoCkAttributesCount = totalCkAttributesSize/sizeof(CK_ATTRIBUTE); 406 nativeKeyInfoArrayRawCkAttributes = nativeKeyInfoArrayRaw + 407 sizeof(unsigned long); 408 nativeKeyInfoArrayRawCkAttributesPtr = nativeKeyInfoArrayRawCkAttributes; 409 nativeKeyInfoArrayRawDataPtr = nativeKeyInfoArrayRaw + 410 totalCkAttributesSize + sizeof(unsigned long) * 2; 411 totalDataSize = *(unsigned long*)(nativeKeyInfoArrayRaw + 412 totalCkAttributesSize + sizeof(unsigned long)); 413 wrappedKeySizePtr = (unsigned long*)(nativeKeyInfoArrayRaw + 414 sizeof(unsigned long)*2 + totalCkAttributesSize + totalDataSize); 415 416 for (i = 0; i < nativeKeyInfoCkAttributesCount; i++) { 417 if ((*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).ulValueLen 418 > 0) { 419 (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).pValue = 420 nativeKeyInfoArrayRawDataPtr; 421 } 422 nativeKeyInfoArrayRawDataPtr += 423 (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).ulValueLen; 424 nativeKeyInfoArrayRawCkAttributesPtr += sizeof(CK_ATTRIBUTE); 425 } 426 427 if (*wrappedKeySizePtr == 0) { 428 // Not a wrapped key 429 rv = (*ckpFunctions->C_CreateObject)(ckSessionHandle, 430 (CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributes, 431 jLongToCKULong(nativeKeyInfoCkAttributesCount), &ckObjectHandle); 432 } else { 433 // Wrapped key 434 ckMechanism.mechanism = CKM_AES_CBC_PAD; 435 ckMechanism.pParameter = &iv; 436 ckMechanism.ulParameterLen = 16; 437 rv = (*ckpFunctions->C_UnwrapKey)(ckSessionHandle, &ckMechanism, 438 jLongToCKULong(jWrappingKeyHandle), 439 (CK_BYTE_PTR)(wrappedKeySizePtr + 1), *wrappedKeySizePtr, 440 (CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributes, 441 jLongToCKULong(nativeKeyInfoCkAttributesCount), 442 &ckObjectHandle); 443 } 444 if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { 445 goto cleanup; 446 } 447 448 jObjectHandle = ckULongToJLong(ckObjectHandle); 449 450 cleanup: 451 452 if (nativeKeyInfoArrayRaw != NULL) { 453 (*env)->ReleaseByteArrayElements(env, jNativeKeyInfo, 454 nativeKeyInfoArrayRaw, JNI_ABORT); 455 } 456 457 return jObjectHandle; 458 } 459 #endif 460 461 #ifdef P11_ENABLE_C_GENERATEKEY 462 /* 463 * Class: sun_security_pkcs11_wrapper_PKCS11 464 * Method: C_GenerateKey 465 * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;)J 466 * Parametermapping: *PKCS11* 467 * @param jlong jSessionHandle CK_SESSION_HANDLE hSession 468 * @param jobject jMechanism CK_MECHANISM_PTR pMechanism 469 * @param jobjectArray jTemplate CK_ATTRIBUTE_PTR pTemplate 470 * CK_ULONG ulCount 471 * @return jlong jKeyHandle CK_OBJECT_HANDLE_PTR phKey 472 */ 473 JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GenerateKey 474 (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jobjectArray jTemplate) 475 { 476 CK_SESSION_HANDLE ckSessionHandle; 477 CK_MECHANISM ckMechanism; 478 CK_ATTRIBUTE_PTR ckpAttributes = NULL_PTR; 479 CK_ULONG ckAttributesLength; 480 CK_OBJECT_HANDLE ckKeyHandle = 0; 481 jlong jKeyHandle = 0L; 482 CK_RV rv; 483 484 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); 485 if (ckpFunctions == NULL) { return 0L; } 486 487 ckSessionHandle = jLongToCKULong(jSessionHandle); 488 jMechanismToCKMechanism(env, jMechanism, &ckMechanism); 489 if ((*env)->ExceptionCheck(env)) { return 0L ; } 490 491 jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength); 492 if ((*env)->ExceptionCheck(env)) { 493 if (ckMechanism.pParameter != NULL_PTR) { 494 free(ckMechanism.pParameter); 495 } 496 return 0L; 497 } 498 499 rv = (*ckpFunctions->C_GenerateKey)(ckSessionHandle, &ckMechanism, ckpAttributes, ckAttributesLength, &ckKeyHandle); 500 501 if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { 502 jKeyHandle = ckULongToJLong(ckKeyHandle); 503 504 /* cheack, if we must give a initialization vector back to Java */ 505 switch (ckMechanism.mechanism) { 506 case CKM_PBE_MD2_DES_CBC: 507 case CKM_PBE_MD5_DES_CBC: 508 case CKM_PBE_MD5_CAST_CBC: 509 case CKM_PBE_MD5_CAST3_CBC: 510 case CKM_PBE_MD5_CAST128_CBC: 511 /* case CKM_PBE_MD5_CAST5_CBC: the same as CKM_PBE_MD5_CAST128_CBC */ 512 case CKM_PBE_SHA1_CAST128_CBC: 513 /* case CKM_PBE_SHA1_CAST5_CBC: the same as CKM_PBE_SHA1_CAST128_CBC */ 514 /* we must copy back the initialization vector to the jMechanism object */ 515 copyBackPBEInitializationVector(env, &ckMechanism, jMechanism); 516 break; 517 } 518 } 519 520 if (ckMechanism.pParameter != NULL_PTR) { 521 free(ckMechanism.pParameter); 522 } 523 freeCKAttributeArray(ckpAttributes, ckAttributesLength); 524 525 return jKeyHandle ; 526 } 527 #endif 528 529 #ifdef P11_ENABLE_C_GENERATEKEYPAIR 530 /* 531 * Class: sun_security_pkcs11_wrapper_PKCS11 532 * Method: C_GenerateKeyPair 533 * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;)[J 534 * Parametermapping: *PKCS11* 535 * @param jlong jSessionHandle CK_SESSION_HANDLE hSession 536 * @param jobject jMechanism CK_MECHANISM_PTR pMechanism 537 * @param jobjectArray jPublicKeyTemplate CK_ATTRIBUTE_PTR pPublicKeyTemplate 538 * CK_ULONG ulPublicKeyAttributeCount 539 * @param jobjectArray jPrivateKeyTemplate CK_ATTRIBUTE_PTR pPrivateKeyTemplate 540 * CK_ULONG ulPrivateKeyAttributeCount 541 * @return jlongArray jKeyHandles CK_OBJECT_HANDLE_PTR phPublicKey 542 * CK_OBJECT_HANDLE_PTR phPublicKey 543 */ 544 JNIEXPORT jlongArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GenerateKeyPair 545 (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, 546 jobjectArray jPublicKeyTemplate, jobjectArray jPrivateKeyTemplate) 547 { 548 CK_SESSION_HANDLE ckSessionHandle; 549 CK_MECHANISM ckMechanism; 550 CK_ATTRIBUTE_PTR ckpPublicKeyAttributes = NULL_PTR; 551 CK_ATTRIBUTE_PTR ckpPrivateKeyAttributes = NULL_PTR; 552 CK_ULONG ckPublicKeyAttributesLength; 553 CK_ULONG ckPrivateKeyAttributesLength; 554 CK_OBJECT_HANDLE_PTR ckpPublicKeyHandle; /* pointer to Public Key */ 555 CK_OBJECT_HANDLE_PTR ckpPrivateKeyHandle; /* pointer to Private Key */ 556 CK_OBJECT_HANDLE_PTR ckpKeyHandles; /* pointer to array with Public and Private Key */ 557 jlongArray jKeyHandles = NULL; 558 CK_RV rv; 559 int attempts; 560 const int MAX_ATTEMPTS = 3; 561 562 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); 563 if (ckpFunctions == NULL) { return NULL; } 564 565 ckSessionHandle = jLongToCKULong(jSessionHandle); 566 jMechanismToCKMechanism(env, jMechanism, &ckMechanism); 567 if ((*env)->ExceptionCheck(env)) { return NULL; } 568 569 ckpKeyHandles = (CK_OBJECT_HANDLE_PTR) malloc(2 * sizeof(CK_OBJECT_HANDLE)); 570 if (ckpKeyHandles == NULL) { 571 if (ckMechanism.pParameter != NULL_PTR) { 572 free(ckMechanism.pParameter); 573 } 574 throwOutOfMemoryError(env, 0); 575 return NULL; 576 } 577 ckpPublicKeyHandle = ckpKeyHandles; /* first element of array is Public Key */ 578 ckpPrivateKeyHandle = (ckpKeyHandles + 1); /* second element of array is Private Key */ 579 580 jAttributeArrayToCKAttributeArray(env, jPublicKeyTemplate, &ckpPublicKeyAttributes, &ckPublicKeyAttributesLength); 581 if ((*env)->ExceptionCheck(env)) { 582 if (ckMechanism.pParameter != NULL_PTR) { 583 free(ckMechanism.pParameter); 584 } 585 free(ckpKeyHandles); 586 return NULL; 587 } 588 589 jAttributeArrayToCKAttributeArray(env, jPrivateKeyTemplate, &ckpPrivateKeyAttributes, &ckPrivateKeyAttributesLength); 590 if ((*env)->ExceptionCheck(env)) { 591 if (ckMechanism.pParameter != NULL_PTR) { 592 free(ckMechanism.pParameter); 593 } 594 free(ckpKeyHandles); 595 freeCKAttributeArray(ckpPublicKeyAttributes, ckPublicKeyAttributesLength); 596 return NULL; 597 } 598 599 /* 600 * Workaround for NSS bug 1012786: 601 * 602 * Key generation may fail with CKR_FUNCTION_FAILED error 603 * if there is insufficient entropy to generate a random key. 604 * 605 * PKCS11 spec says the following about CKR_FUNCTION_FAILED error 606 * (see section 11.1.1): 607 * 608 * ... In any event, although the function call failed, the situation 609 * is not necessarily totally hopeless, as it is likely to be 610 * when CKR_GENERAL_ERROR is returned. Depending on what the root cause of 611 * the error actually was, it is possible that an attempt 612 * to make the exact same function call again would succeed. 613 * 614 * Call C_GenerateKeyPair() several times if CKR_FUNCTION_FAILED occurs. 615 */ 616 for (attempts = 0; attempts < MAX_ATTEMPTS; attempts++) { 617 rv = (*ckpFunctions->C_GenerateKeyPair)(ckSessionHandle, &ckMechanism, 618 ckpPublicKeyAttributes, ckPublicKeyAttributesLength, 619 ckpPrivateKeyAttributes, ckPrivateKeyAttributesLength, 620 ckpPublicKeyHandle, ckpPrivateKeyHandle); 621 if (rv == CKR_FUNCTION_FAILED) { 622 printDebug("C_1GenerateKeyPair(): C_GenerateKeyPair() failed \ 623 with CKR_FUNCTION_FAILED error, try again\n"); 624 } else { 625 break; 626 } 627 } 628 629 if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { 630 jKeyHandles = ckULongArrayToJLongArray(env, ckpKeyHandles, 2); 631 } 632 633 if(ckMechanism.pParameter != NULL_PTR) { 634 free(ckMechanism.pParameter); 635 } 636 free(ckpKeyHandles); 637 freeCKAttributeArray(ckpPublicKeyAttributes, ckPublicKeyAttributesLength); 638 freeCKAttributeArray(ckpPrivateKeyAttributes, ckPrivateKeyAttributesLength); 639 640 return jKeyHandles ; 641 } 642 #endif 643 644 #ifdef P11_ENABLE_C_WRAPKEY 645 /* 646 * Class: sun_security_pkcs11_wrapper_PKCS11 647 * Method: C_WrapKey 648 * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;JJ)[B 649 * Parametermapping: *PKCS11* 650 * @param jlong jSessionHandle CK_SESSION_HANDLE hSession 651 * @param jobject jMechanism CK_MECHANISM_PTR pMechanism 652 * @param jlong jWrappingKeyHandle CK_OBJECT_HANDLE hWrappingKey 653 * @param jlong jKeyHandle CK_OBJECT_HANDLE hKey 654 * @return jbyteArray jWrappedKey CK_BYTE_PTR pWrappedKey 655 * CK_ULONG_PTR pulWrappedKeyLen 656 */ 657 JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1WrapKey 658 (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jWrappingKeyHandle, jlong jKeyHandle) 659 { 660 CK_SESSION_HANDLE ckSessionHandle; 661 CK_MECHANISM ckMechanism; 662 CK_OBJECT_HANDLE ckWrappingKeyHandle; 663 CK_OBJECT_HANDLE ckKeyHandle; 664 jbyteArray jWrappedKey = NULL; 665 CK_RV rv; 666 CK_BYTE BUF[MAX_STACK_BUFFER_LEN]; 667 CK_BYTE_PTR ckpWrappedKey = BUF; 668 CK_ULONG ckWrappedKeyLength = MAX_STACK_BUFFER_LEN; 669 670 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); 671 if (ckpFunctions == NULL) { return NULL; } 672 673 ckSessionHandle = jLongToCKULong(jSessionHandle); 674 jMechanismToCKMechanism(env, jMechanism, &ckMechanism); 675 if ((*env)->ExceptionCheck(env)) { return NULL; } 676 677 ckWrappingKeyHandle = jLongToCKULong(jWrappingKeyHandle); 678 ckKeyHandle = jLongToCKULong(jKeyHandle); 679 680 rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, &ckMechanism, ckWrappingKeyHandle, ckKeyHandle, ckpWrappedKey, &ckWrappedKeyLength); 681 if (rv == CKR_BUFFER_TOO_SMALL) { 682 ckpWrappedKey = (CK_BYTE_PTR) malloc(ckWrappedKeyLength); 683 if (ckpWrappedKey == NULL) { 684 if (ckMechanism.pParameter != NULL_PTR) { 685 free(ckMechanism.pParameter); 686 } 687 throwOutOfMemoryError(env, 0); 688 return NULL; 689 } 690 691 rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, &ckMechanism, ckWrappingKeyHandle, ckKeyHandle, ckpWrappedKey, &ckWrappedKeyLength); 692 } 693 if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { 694 jWrappedKey = ckByteArrayToJByteArray(env, ckpWrappedKey, ckWrappedKeyLength); 695 } 696 697 if (ckpWrappedKey != BUF) { free(ckpWrappedKey); } 698 if (ckMechanism.pParameter != NULL_PTR) { 699 free(ckMechanism.pParameter); 700 } 701 return jWrappedKey ; 702 } 703 #endif 704 705 #ifdef P11_ENABLE_C_UNWRAPKEY 706 /* 707 * Class: sun_security_pkcs11_wrapper_PKCS11 708 * Method: C_UnwrapKey 709 * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;J[B[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;)J 710 * Parametermapping: *PKCS11* 711 * @param jlong jSessionHandle CK_SESSION_HANDLE hSession 712 * @param jobject jMechanism CK_MECHANISM_PTR pMechanism 713 * @param jlong jUnwrappingKeyHandle CK_OBJECT_HANDLE hUnwrappingKey 714 * @param jbyteArray jWrappedKey CK_BYTE_PTR pWrappedKey 715 * CK_ULONG_PTR pulWrappedKeyLen 716 * @param jobjectArray jTemplate CK_ATTRIBUTE_PTR pTemplate 717 * CK_ULONG ulCount 718 * @return jlong jKeyHandle CK_OBJECT_HANDLE_PTR phKey 719 */ 720 JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1UnwrapKey 721 (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jUnwrappingKeyHandle, 722 jbyteArray jWrappedKey, jobjectArray jTemplate) 723 { 724 CK_SESSION_HANDLE ckSessionHandle; 725 CK_MECHANISM ckMechanism; 726 CK_OBJECT_HANDLE ckUnwrappingKeyHandle; 727 CK_BYTE_PTR ckpWrappedKey = NULL_PTR; 728 CK_ULONG ckWrappedKeyLength; 729 CK_ATTRIBUTE_PTR ckpAttributes = NULL_PTR; 730 CK_ULONG ckAttributesLength; 731 CK_OBJECT_HANDLE ckKeyHandle = 0; 732 jlong jKeyHandle = 0L; 733 CK_RV rv; 734 735 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); 736 if (ckpFunctions == NULL) { return 0L; } 737 738 ckSessionHandle = jLongToCKULong(jSessionHandle); 739 jMechanismToCKMechanism(env, jMechanism, &ckMechanism); 740 if ((*env)->ExceptionCheck(env)) { return 0L; } 741 742 ckUnwrappingKeyHandle = jLongToCKULong(jUnwrappingKeyHandle); 743 jByteArrayToCKByteArray(env, jWrappedKey, &ckpWrappedKey, &ckWrappedKeyLength); 744 if ((*env)->ExceptionCheck(env)) { 745 if (ckMechanism.pParameter != NULL_PTR) { 746 free(ckMechanism.pParameter); 747 } 748 return 0L; 749 } 750 751 jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength); 752 if ((*env)->ExceptionCheck(env)) { 753 if (ckMechanism.pParameter != NULL_PTR) { 754 free(ckMechanism.pParameter); 755 } 756 free(ckpWrappedKey); 757 return 0L; 758 } 759 760 761 rv = (*ckpFunctions->C_UnwrapKey)(ckSessionHandle, &ckMechanism, ckUnwrappingKeyHandle, 762 ckpWrappedKey, ckWrappedKeyLength, 763 ckpAttributes, ckAttributesLength, &ckKeyHandle); 764 765 if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { 766 jKeyHandle = ckLongToJLong(ckKeyHandle); 767 768 #if 0 769 /* cheack, if we must give a initialization vector back to Java */ 770 if (ckMechanism.mechanism == CKM_KEY_WRAP_SET_OAEP) { 771 /* we must copy back the unwrapped key info to the jMechanism object */ 772 copyBackSetUnwrappedKey(env, &ckMechanism, jMechanism); 773 } 774 #endif 775 } 776 777 if (ckMechanism.pParameter != NULL_PTR) { 778 free(ckMechanism.pParameter); 779 } 780 freeCKAttributeArray(ckpAttributes, ckAttributesLength); 781 free(ckpWrappedKey); 782 783 return jKeyHandle ; 784 } 785 #endif 786 787 #ifdef P11_ENABLE_C_DERIVEKEY 788 789 void freeMasterKeyDeriveParams(CK_MECHANISM_PTR ckMechanism) { 790 CK_SSL3_MASTER_KEY_DERIVE_PARAMS *params = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *) ckMechanism->pParameter; 791 if (params == NULL) { 792 return; 793 } 794 795 if (params->RandomInfo.pClientRandom != NULL) { 796 free(params->RandomInfo.pClientRandom); 797 } 798 if (params->RandomInfo.pServerRandom != NULL) { 799 free(params->RandomInfo.pServerRandom); 800 } 801 if (params->pVersion != NULL) { 802 free(params->pVersion); 803 } 804 } 805 806 void freeEcdh1DeriveParams(CK_MECHANISM_PTR ckMechanism) { 807 CK_ECDH1_DERIVE_PARAMS *params = (CK_ECDH1_DERIVE_PARAMS *) ckMechanism->pParameter; 808 if (params == NULL) { 809 return; 810 } 811 812 if (params->pSharedData != NULL) { 813 free(params->pSharedData); 814 } 815 if (params->pPublicData != NULL) { 816 free(params->pPublicData); 817 } 818 } 819 820 /* 821 * Copy back the PRF output to Java. 822 */ 823 void copyBackTLSPrfParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism) 824 { 825 jclass jMechanismClass, jTLSPrfParamsClass; 826 CK_TLS_PRF_PARAMS *ckTLSPrfParams; 827 jobject jTLSPrfParams; 828 jfieldID fieldID; 829 CK_MECHANISM_TYPE ckMechanismType; 830 jlong jMechanismType; 831 CK_BYTE_PTR output; 832 jobject jOutput; 833 jint jLength; 834 jbyte* jBytes; 835 int i; 836 837 /* get mechanism */ 838 jMechanismClass = (*env)->FindClass(env, CLASS_MECHANISM); 839 if (jMechanismClass == NULL) { return; } 840 fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J"); 841 if (fieldID == NULL) { return; } 842 jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID); 843 ckMechanismType = jLongToCKULong(jMechanismType); 844 if (ckMechanismType != ckMechanism->mechanism) { 845 /* we do not have maching types, this should not occur */ 846 return; 847 } 848 849 /* get the native CK_TLS_PRF_PARAMS */ 850 ckTLSPrfParams = (CK_TLS_PRF_PARAMS *) ckMechanism->pParameter; 851 if (ckTLSPrfParams != NULL_PTR) { 852 /* get the Java CK_TLS_PRF_PARAMS object (pParameter) */ 853 fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;"); 854 if (fieldID == NULL) { return; } 855 jTLSPrfParams = (*env)->GetObjectField(env, jMechanism, fieldID); 856 857 /* copy back the client IV */ 858 jTLSPrfParamsClass = (*env)->FindClass(env, CLASS_TLS_PRF_PARAMS); 859 if (jTLSPrfParamsClass == NULL) { return; } 860 fieldID = (*env)->GetFieldID(env, jTLSPrfParamsClass, "pOutput", "[B"); 861 if (fieldID == NULL) { return; } 862 jOutput = (*env)->GetObjectField(env, jTLSPrfParams, fieldID); 863 output = ckTLSPrfParams->pOutput; 864 865 // Note: we assume that the token returned exactly as many bytes as we 866 // requested. Anything else would not make sense. 867 if (jOutput != NULL) { 868 jLength = (*env)->GetArrayLength(env, jOutput); 869 jBytes = (*env)->GetByteArrayElements(env, jOutput, NULL); 870 if (jBytes == NULL) { return; } 871 872 /* copy the bytes to the Java buffer */ 873 for (i=0; i < jLength; i++) { 874 jBytes[i] = ckByteToJByte(output[i]); 875 } 876 /* copy back the Java buffer to the object */ 877 (*env)->ReleaseByteArrayElements(env, jOutput, jBytes, 0); 878 } 879 880 // free malloc'd data 881 free(ckTLSPrfParams->pSeed); 882 free(ckTLSPrfParams->pLabel); 883 free(ckTLSPrfParams->pulOutputLen); 884 free(ckTLSPrfParams->pOutput); 885 } 886 } 887 888 /* 889 * Class: sun_security_pkcs11_wrapper_PKCS11 890 * Method: C_DeriveKey 891 * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;J[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;)J 892 * Parametermapping: *PKCS11* 893 * @param jlong jSessionHandle CK_SESSION_HANDLE hSession 894 * @param jobject jMechanism CK_MECHANISM_PTR pMechanism 895 * @param jlong jBaseKeyHandle CK_OBJECT_HANDLE hBaseKey 896 * @param jobjectArray jTemplate CK_ATTRIBUTE_PTR pTemplate 897 * CK_ULONG ulCount 898 * @return jlong jKeyHandle CK_OBJECT_HANDLE_PTR phKey 899 */ 900 JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DeriveKey 901 (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jBaseKeyHandle, jobjectArray jTemplate) 902 { 903 CK_SESSION_HANDLE ckSessionHandle; 904 CK_MECHANISM ckMechanism; 905 CK_OBJECT_HANDLE ckBaseKeyHandle; 906 CK_ATTRIBUTE_PTR ckpAttributes = NULL_PTR; 907 CK_ULONG ckAttributesLength; 908 CK_OBJECT_HANDLE ckKeyHandle = 0; 909 jlong jKeyHandle = 0L; 910 CK_RV rv; 911 CK_OBJECT_HANDLE_PTR phKey = &ckKeyHandle; 912 913 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); 914 if (ckpFunctions == NULL) { return 0L; } 915 916 ckSessionHandle = jLongToCKULong(jSessionHandle); 917 jMechanismToCKMechanism(env, jMechanism, &ckMechanism); 918 if ((*env)->ExceptionCheck(env)) { return 0L; } 919 920 ckBaseKeyHandle = jLongToCKULong(jBaseKeyHandle); 921 jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength); 922 if ((*env)->ExceptionCheck(env)) { 923 if (ckMechanism.pParameter != NULL_PTR) { 924 free(ckMechanism.pParameter); 925 } 926 return 0L; 927 } 928 929 switch (ckMechanism.mechanism) { 930 case CKM_SSL3_KEY_AND_MAC_DERIVE: 931 case CKM_TLS_KEY_AND_MAC_DERIVE: 932 case CKM_TLS_PRF: 933 // these mechanism do not return a key handle via phKey 934 // set to NULL in case pedantic implementations check for it 935 phKey = NULL; 936 break; 937 default: 938 // empty 939 break; 940 } 941 942 rv = (*ckpFunctions->C_DeriveKey)(ckSessionHandle, &ckMechanism, ckBaseKeyHandle, 943 ckpAttributes, ckAttributesLength, phKey); 944 945 jKeyHandle = ckLongToJLong(ckKeyHandle); 946 947 freeCKAttributeArray(ckpAttributes, ckAttributesLength); 948 949 switch (ckMechanism.mechanism) { 950 case CKM_SSL3_MASTER_KEY_DERIVE: 951 case CKM_TLS_MASTER_KEY_DERIVE: 952 /* we must copy back the client version */ 953 copyBackClientVersion(env, &ckMechanism, jMechanism); 954 freeMasterKeyDeriveParams(&ckMechanism); 955 break; 956 case CKM_SSL3_MASTER_KEY_DERIVE_DH: 957 case CKM_TLS_MASTER_KEY_DERIVE_DH: 958 freeMasterKeyDeriveParams(&ckMechanism); 959 break; 960 case CKM_SSL3_KEY_AND_MAC_DERIVE: 961 case CKM_TLS_KEY_AND_MAC_DERIVE: 962 /* we must copy back the unwrapped key info to the jMechanism object */ 963 copyBackSSLKeyMatParams(env, &ckMechanism, jMechanism); 964 break; 965 case CKM_TLS_PRF: 966 copyBackTLSPrfParams(env, &ckMechanism, jMechanism); 967 break; 968 case CKM_ECDH1_DERIVE: 969 freeEcdh1DeriveParams(&ckMechanism); 970 break; 971 default: 972 // empty 973 break; 974 } 975 976 if (ckMechanism.pParameter != NULL_PTR) { 977 free(ckMechanism.pParameter); 978 } 979 if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return 0L ; } 980 981 return jKeyHandle ; 982 } 983 984 /* 985 * Copy back the client version information from the native 986 * structure to the Java object. This is only used for the 987 * CKM_SSL3_MASTER_KEY_DERIVE mechanism when used for deriving a key. 988 * 989 */ 990 void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism) 991 { 992 jclass jMechanismClass, jSSL3MasterKeyDeriveParamsClass, jVersionClass; 993 CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ckSSL3MasterKeyDeriveParams; 994 CK_VERSION *ckVersion; 995 jfieldID fieldID; 996 CK_MECHANISM_TYPE ckMechanismType; 997 jlong jMechanismType; 998 jobject jSSL3MasterKeyDeriveParams; 999 jobject jVersion; 1000 1001 /* get mechanism */ 1002 jMechanismClass = (*env)->FindClass(env, CLASS_MECHANISM); 1003 if (jMechanismClass == NULL) { return; } 1004 fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J"); 1005 if (fieldID == NULL) { return; } 1006 jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID); 1007 ckMechanismType = jLongToCKULong(jMechanismType); 1008 if (ckMechanismType != ckMechanism->mechanism) { 1009 /* we do not have maching types, this should not occur */ 1010 return; 1011 } 1012 1013 /* get the native CK_SSL3_MASTER_KEY_DERIVE_PARAMS */ 1014 ckSSL3MasterKeyDeriveParams = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *) ckMechanism->pParameter; 1015 if (ckSSL3MasterKeyDeriveParams != NULL_PTR) { 1016 /* get the native CK_VERSION */ 1017 ckVersion = ckSSL3MasterKeyDeriveParams->pVersion; 1018 if (ckVersion != NULL_PTR) { 1019 /* get the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS (pParameter) */ 1020 fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;"); 1021 if (fieldID == NULL) { return; } 1022 1023 jSSL3MasterKeyDeriveParams = (*env)->GetObjectField(env, jMechanism, fieldID); 1024 1025 /* get the Java CK_VERSION */ 1026 jSSL3MasterKeyDeriveParamsClass = (*env)->FindClass(env, CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS); 1027 if (jSSL3MasterKeyDeriveParamsClass == NULL) { return; } 1028 fieldID = (*env)->GetFieldID(env, jSSL3MasterKeyDeriveParamsClass, "pVersion", "L"CLASS_VERSION";"); 1029 if (fieldID == NULL) { return; } 1030 jVersion = (*env)->GetObjectField(env, jSSL3MasterKeyDeriveParams, fieldID); 1031 1032 /* now copy back the version from the native structure to the Java structure */ 1033 1034 /* copy back the major version */ 1035 jVersionClass = (*env)->FindClass(env, CLASS_VERSION); 1036 if (jVersionClass == NULL) { return; } 1037 fieldID = (*env)->GetFieldID(env, jVersionClass, "major", "B"); 1038 if (fieldID == NULL) { return; } 1039 (*env)->SetByteField(env, jVersion, fieldID, ckByteToJByte(ckVersion->major)); 1040 1041 /* copy back the minor version */ 1042 fieldID = (*env)->GetFieldID(env, jVersionClass, "minor", "B"); 1043 if (fieldID == NULL) { return; } 1044 (*env)->SetByteField(env, jVersion, fieldID, ckByteToJByte(ckVersion->minor)); 1045 } 1046 } 1047 } 1048 1049 1050 /* 1051 * Copy back the derived keys and initialization vectors from the native 1052 * structure to the Java object. This is only used for the 1053 * CKM_SSL3_KEY_AND_MAC_DERIVE mechanism when used for deriving a key. 1054 * 1055 */ 1056 void copyBackSSLKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism) 1057 { 1058 jclass jMechanismClass, jSSL3KeyMatParamsClass, jSSL3KeyMatOutClass; 1059 CK_SSL3_KEY_MAT_PARAMS *ckSSL3KeyMatParam; 1060 CK_SSL3_KEY_MAT_OUT *ckSSL3KeyMatOut; 1061 jfieldID fieldID; 1062 CK_MECHANISM_TYPE ckMechanismType; 1063 jlong jMechanismType; 1064 CK_BYTE_PTR iv; 1065 jobject jSSL3KeyMatParam; 1066 jobject jSSL3KeyMatOut; 1067 jobject jIV; 1068 jint jLength; 1069 jbyte* jBytes; 1070 int i; 1071 1072 /* get mechanism */ 1073 jMechanismClass= (*env)->FindClass(env, CLASS_MECHANISM); 1074 if (jMechanismClass == NULL) { return; } 1075 fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J"); 1076 if (fieldID == NULL) { return; } 1077 jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID); 1078 ckMechanismType = jLongToCKULong(jMechanismType); 1079 if (ckMechanismType != ckMechanism->mechanism) { 1080 /* we do not have maching types, this should not occur */ 1081 return; 1082 } 1083 1084 /* get the native CK_SSL3_KEY_MAT_PARAMS */ 1085 ckSSL3KeyMatParam = (CK_SSL3_KEY_MAT_PARAMS *) ckMechanism->pParameter; 1086 if (ckSSL3KeyMatParam != NULL_PTR) { 1087 // free malloc'd data 1088 if (ckSSL3KeyMatParam->RandomInfo.pClientRandom != NULL) { 1089 free(ckSSL3KeyMatParam->RandomInfo.pClientRandom); 1090 } 1091 if (ckSSL3KeyMatParam->RandomInfo.pServerRandom != NULL) { 1092 free(ckSSL3KeyMatParam->RandomInfo.pServerRandom); 1093 } 1094 1095 /* get the native CK_SSL3_KEY_MAT_OUT */ 1096 ckSSL3KeyMatOut = ckSSL3KeyMatParam->pReturnedKeyMaterial; 1097 if (ckSSL3KeyMatOut != NULL_PTR) { 1098 /* get the Java CK_SSL3_KEY_MAT_PARAMS (pParameter) */ 1099 fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;"); 1100 if (fieldID == NULL) { return; } 1101 jSSL3KeyMatParam = (*env)->GetObjectField(env, jMechanism, fieldID); 1102 1103 /* get the Java CK_SSL3_KEY_MAT_OUT */ 1104 jSSL3KeyMatParamsClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_PARAMS); 1105 if (jSSL3KeyMatParamsClass == NULL) { return; } 1106 fieldID = (*env)->GetFieldID(env, jSSL3KeyMatParamsClass, "pReturnedKeyMaterial", "L"CLASS_SSL3_KEY_MAT_OUT";"); 1107 if (fieldID == NULL) { return; } 1108 jSSL3KeyMatOut = (*env)->GetObjectField(env, jSSL3KeyMatParam, fieldID); 1109 1110 /* now copy back all the key handles and the initialization vectors */ 1111 /* copy back client MAC secret handle */ 1112 jSSL3KeyMatOutClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_OUT); 1113 if (jSSL3KeyMatOutClass == NULL) { return; } 1114 fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hClientMacSecret", "J"); 1115 if (fieldID == NULL) { return; } 1116 (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hClientMacSecret)); 1117 1118 /* copy back server MAC secret handle */ 1119 fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hServerMacSecret", "J"); 1120 if (fieldID == NULL) { return; } 1121 (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hServerMacSecret)); 1122 1123 /* copy back client secret key handle */ 1124 fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hClientKey", "J"); 1125 if (fieldID == NULL) { return; } 1126 (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hClientKey)); 1127 1128 /* copy back server secret key handle */ 1129 fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hServerKey", "J"); 1130 if (fieldID == NULL) { return; } 1131 (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hServerKey)); 1132 1133 /* copy back the client IV */ 1134 fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "pIVClient", "[B"); 1135 if (fieldID == NULL) { return; } 1136 jIV = (*env)->GetObjectField(env, jSSL3KeyMatOut, fieldID); 1137 iv = ckSSL3KeyMatOut->pIVClient; 1138 1139 if (jIV != NULL) { 1140 jLength = (*env)->GetArrayLength(env, jIV); 1141 jBytes = (*env)->GetByteArrayElements(env, jIV, NULL); 1142 if (jBytes == NULL) { return; } 1143 /* copy the bytes to the Java buffer */ 1144 for (i=0; i < jLength; i++) { 1145 jBytes[i] = ckByteToJByte(iv[i]); 1146 } 1147 /* copy back the Java buffer to the object */ 1148 (*env)->ReleaseByteArrayElements(env, jIV, jBytes, 0); 1149 } 1150 // free malloc'd data 1151 free(ckSSL3KeyMatOut->pIVClient); 1152 1153 /* copy back the server IV */ 1154 fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "pIVServer", "[B"); 1155 if (fieldID == NULL) { return; } 1156 jIV = (*env)->GetObjectField(env, jSSL3KeyMatOut, fieldID); 1157 iv = ckSSL3KeyMatOut->pIVServer; 1158 1159 if (jIV != NULL) { 1160 jLength = (*env)->GetArrayLength(env, jIV); 1161 jBytes = (*env)->GetByteArrayElements(env, jIV, NULL); 1162 if (jBytes == NULL) { return; } 1163 /* copy the bytes to the Java buffer */ 1164 for (i=0; i < jLength; i++) { 1165 jBytes[i] = ckByteToJByte(iv[i]); 1166 } 1167 /* copy back the Java buffer to the object */ 1168 (*env)->ReleaseByteArrayElements(env, jIV, jBytes, 0); 1169 } 1170 // free malloc'd data 1171 free(ckSSL3KeyMatOut->pIVServer); 1172 free(ckSSL3KeyMatOut); 1173 } 1174 } 1175 } 1176 1177 #endif --- EOF ---