--- old/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSACipher.java 2020-05-20 18:10:48.002515716 -0700 +++ /dev/null 2020-03-09 18:57:19.455001459 -0700 @@ -1,474 +0,0 @@ -/* - * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package com.oracle.security.ucrypto; - -import java.util.Arrays; -import java.util.WeakHashMap; -import java.util.Collections; -import java.util.Map; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.PublicKey; -import java.security.PrivateKey; -import java.security.spec.RSAPrivateCrtKeySpec; -import java.security.spec.RSAPrivateKeySpec; -import java.security.spec.RSAPublicKeySpec; -import java.security.interfaces.RSAKey; -import java.security.interfaces.RSAPrivateCrtKey; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; - -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.SecureRandom; - -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidParameterSpecException; -import java.security.spec.InvalidKeySpecException; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.CipherSpi; -import javax.crypto.SecretKey; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.ShortBufferException; - -import javax.crypto.spec.SecretKeySpec; - -import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec; -import sun.security.jca.JCAUtil; -import sun.security.util.KeyUtil; - -/** - * Asymmetric Cipher wrapper class utilizing ucrypto APIs. This class - * currently supports - * - RSA/ECB/NOPADDING - * - RSA/ECB/PKCS1PADDING - * - * @since 9 - */ -public class NativeRSACipher extends CipherSpi { - // fields set in constructor - private final UcryptoMech mech; - private final int padLen; - private final NativeRSAKeyFactory keyFactory; - private AlgorithmParameterSpec spec; - private SecureRandom random; - - // Keep a cache of RSA keys and their RSA NativeKey for reuse. - // When the RSA key is gc'ed, we let NativeKey phatom references cleanup - // the native allocation - private static final Map keyList = - Collections.synchronizedMap(new WeakHashMap()); - - // - // fields (re)set in every init() - // - private NativeKey key = null; - private int outputSize = 0; // e.g. modulus size in bytes - private boolean encrypt = true; - private byte[] buffer; - private int bufOfs = 0; - - // public implementation classes - public static final class NoPadding extends NativeRSACipher { - public NoPadding() throws NoSuchAlgorithmException { - super(UcryptoMech.CRYPTO_RSA_X_509, 0); - } - } - - public static final class PKCS1Padding extends NativeRSACipher { - public PKCS1Padding() throws NoSuchAlgorithmException { - super(UcryptoMech.CRYPTO_RSA_PKCS, 11); - } - } - - NativeRSACipher(UcryptoMech mech, int padLen) - throws NoSuchAlgorithmException { - this.mech = mech; - this.padLen = padLen; - this.keyFactory = new NativeRSAKeyFactory(); - } - - @Override - protected void engineSetMode(String mode) throws NoSuchAlgorithmException { - // Disallow change of mode for now since currently it's explicitly - // defined in transformation strings - throw new NoSuchAlgorithmException("Unsupported mode " + mode); - } - - // see JCE spec - @Override - protected void engineSetPadding(String padding) - throws NoSuchPaddingException { - // Disallow change of padding for now since currently it's explicitly - // defined in transformation strings - throw new NoSuchPaddingException("Unsupported padding " + padding); - } - - // see JCE spec - @Override - protected int engineGetBlockSize() { - return 0; - } - - // see JCE spec - @Override - protected synchronized int engineGetOutputSize(int inputLen) { - return outputSize; - } - - // see JCE spec - @Override - protected byte[] engineGetIV() { - return null; - } - - // see JCE spec - @Override - protected AlgorithmParameters engineGetParameters() { - return null; - } - - @Override - protected int engineGetKeySize(Key key) throws InvalidKeyException { - if (!(key instanceof RSAKey)) { - throw new InvalidKeyException("RSAKey required. Got: " + - key.getClass().getName()); - } - int n = ((RSAKey)key).getModulus().bitLength(); - // strip off the leading extra 0x00 byte prefix - int realByteSize = (n + 7) >> 3; - return realByteSize * 8; - } - - // see JCE spec - @Override - protected synchronized void engineInit(int opmode, Key key, SecureRandom random) - throws InvalidKeyException { - try { - engineInit(opmode, key, (AlgorithmParameterSpec)null, random); - } catch (InvalidAlgorithmParameterException e) { - throw new InvalidKeyException("init() failed", e); - } - } - - // see JCE spec - @Override - @SuppressWarnings("deprecation") - protected synchronized void engineInit(int opmode, Key newKey, - AlgorithmParameterSpec params, SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException { - if (newKey == null) { - throw new InvalidKeyException("Key cannot be null"); - } - if (opmode != Cipher.ENCRYPT_MODE && - opmode != Cipher.DECRYPT_MODE && - opmode != Cipher.WRAP_MODE && - opmode != Cipher.UNWRAP_MODE) { - throw new InvalidAlgorithmParameterException - ("Unsupported mode: " + opmode); - } - if (params != null) { - if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) { - throw new InvalidAlgorithmParameterException( - "No Parameters can be specified"); - } - spec = params; - if (random == null) { - random = JCAUtil.getSecureRandom(); - } - this.random = random; // for TLS RSA premaster secret - } - boolean doEncrypt = (opmode == Cipher.ENCRYPT_MODE || opmode == Cipher.WRAP_MODE); - - // Make sure the proper opmode uses the proper key - if (doEncrypt && (!(newKey instanceof RSAPublicKey))) { - throw new InvalidKeyException("RSAPublicKey required for encryption." + - " Received: " + newKey.getClass().getName()); - } else if (!doEncrypt && (!(newKey instanceof RSAPrivateKey))) { - throw new InvalidKeyException("RSAPrivateKey required for decryption." + - " Received: " + newKey.getClass().getName()); - } - - NativeKey nativeKey = null; - // Check keyList cache for a nativeKey - nativeKey = keyList.get(newKey); - if (nativeKey == null) { - // With no existing nativeKey for this newKey, create one - if (doEncrypt) { - RSAPublicKey publicKey = (RSAPublicKey) newKey; - try { - nativeKey = (NativeKey) keyFactory.engineGeneratePublic - (new RSAPublicKeySpec(publicKey.getModulus(), publicKey.getPublicExponent())); - } catch (InvalidKeySpecException ikse) { - throw new InvalidKeyException(ikse); - } - } else { - try { - if (newKey instanceof RSAPrivateCrtKey) { - RSAPrivateCrtKey privateKey = (RSAPrivateCrtKey) newKey; - nativeKey = (NativeKey) keyFactory.engineGeneratePrivate - (new RSAPrivateCrtKeySpec(privateKey.getModulus(), - privateKey.getPublicExponent(), - privateKey.getPrivateExponent(), - privateKey.getPrimeP(), - privateKey.getPrimeQ(), - privateKey.getPrimeExponentP(), - privateKey.getPrimeExponentQ(), - privateKey.getCrtCoefficient())); - } else if (newKey instanceof RSAPrivateKey) { - RSAPrivateKey privateKey = (RSAPrivateKey) newKey; - nativeKey = (NativeKey) keyFactory.engineGeneratePrivate - (new RSAPrivateKeySpec(privateKey.getModulus(), - privateKey.getPrivateExponent())); - } else { - throw new InvalidKeyException("Unsupported type of RSAPrivateKey." + - " Received: " + newKey.getClass().getName()); - } - } catch (InvalidKeySpecException ikse) { - throw new InvalidKeyException(ikse); - } - } - - // Add nativeKey to keyList cache and associate it with newKey - keyList.put(newKey, nativeKey); - } - - init(doEncrypt, nativeKey); - } - - // see JCE spec - @Override - protected synchronized void engineInit(int opmode, Key key, AlgorithmParameters params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException { - if (params != null) { - throw new InvalidAlgorithmParameterException("No Parameters can be specified"); - } - engineInit(opmode, key, (AlgorithmParameterSpec) null, random); - } - - // see JCE spec - @Override - protected synchronized byte[] engineUpdate(byte[] in, int inOfs, int inLen) { - if (inLen > 0) { - update(in, inOfs, inLen); - } - return null; - } - - // see JCE spec - @Override - protected synchronized int engineUpdate(byte[] in, int inOfs, int inLen, byte[] out, - int outOfs) throws ShortBufferException { - if (out.length - outOfs < outputSize) { - throw new ShortBufferException("Output buffer too small. outputSize: " + - outputSize + ". out.length: " + out.length + ". outOfs: " + outOfs); - } - if (inLen > 0) { - update(in, inOfs, inLen); - } - return 0; - } - - // see JCE spec - @Override - protected synchronized byte[] engineDoFinal(byte[] in, int inOfs, int inLen) - throws IllegalBlockSizeException, BadPaddingException { - byte[] out = new byte[outputSize]; - try { - // delegate to the other engineDoFinal(...) method - int actualLen = engineDoFinal(in, inOfs, inLen, out, 0); - if (actualLen != outputSize) { - return Arrays.copyOf(out, actualLen); - } else { - return out; - } - } catch (ShortBufferException e) { - throw new UcryptoException("Internal Error", e); - } - } - - // see JCE spec - @Override - protected synchronized int engineDoFinal(byte[] in, int inOfs, int inLen, byte[] out, - int outOfs) - throws ShortBufferException, IllegalBlockSizeException, - BadPaddingException { - if (inLen != 0) { - update(in, inOfs, inLen); - } - return doFinal(out, outOfs, out.length - outOfs); - } - - - // see JCE spec - @Override - protected synchronized byte[] engineWrap(Key key) throws IllegalBlockSizeException, - InvalidKeyException { - try { - byte[] encodedKey = key.getEncoded(); - if ((encodedKey == null) || (encodedKey.length == 0)) { - throw new InvalidKeyException("Cannot get an encoding of " + - "the key to be wrapped"); - } - if (encodedKey.length > buffer.length) { - throw new InvalidKeyException("Key is too long for wrapping. " + - "encodedKey.length: " + encodedKey.length + - ". buffer.length: " + buffer.length); - } - return engineDoFinal(encodedKey, 0, encodedKey.length); - } catch (BadPaddingException e) { - // Should never happen for key wrapping - throw new UcryptoException("Internal Error", e); - } - } - - // see JCE spec - @Override - @SuppressWarnings("deprecation") - protected synchronized Key engineUnwrap(byte[] wrappedKey, - String wrappedKeyAlgorithm, int wrappedKeyType) - throws InvalidKeyException, NoSuchAlgorithmException { - - if (wrappedKey.length > buffer.length) { - throw new InvalidKeyException("Key is too long for unwrapping." + - " wrappedKey.length: " + wrappedKey.length + - ". buffer.length: " + buffer.length); - } - - boolean isTlsRsaPremasterSecret = - wrappedKeyAlgorithm.equals("TlsRsaPremasterSecret"); - Exception failover = null; - - byte[] encodedKey = null; - try { - encodedKey = engineDoFinal(wrappedKey, 0, wrappedKey.length); - } catch (BadPaddingException bpe) { - if (isTlsRsaPremasterSecret) { - failover = bpe; - } else { - throw new InvalidKeyException("Unwrapping failed", bpe); - } - } catch (Exception e) { - throw new InvalidKeyException("Unwrapping failed", e); - } - - if (isTlsRsaPremasterSecret) { - if (!(spec instanceof TlsRsaPremasterSecretParameterSpec)) { - throw new IllegalStateException( - "No TlsRsaPremasterSecretParameterSpec specified"); - } - - // polish the TLS premaster secret - encodedKey = KeyUtil.checkTlsPreMasterSecretKey( - ((TlsRsaPremasterSecretParameterSpec)spec).getClientVersion(), - ((TlsRsaPremasterSecretParameterSpec)spec).getServerVersion(), - random, encodedKey, (failover != null)); - } - - return NativeCipher.constructKey(wrappedKeyType, - encodedKey, wrappedKeyAlgorithm); - } - - /** - * calls ucrypto_encrypt(...) or ucrypto_decrypt(...) - * @return the length of output or an negative error status code - */ - private native static int nativeAtomic(int mech, boolean encrypt, - long keyValue, int keyLength, - byte[] in, int inLen, - byte[] out, int ouOfs, int outLen); - - // do actual initialization - private void init(boolean encrypt, NativeKey key) { - this.encrypt = encrypt; - this.key = key; - try { - this.outputSize = engineGetKeySize(key)/8; - } catch (InvalidKeyException ike) { - throw new UcryptoException("Internal Error", ike); - } - this.buffer = new byte[outputSize]; - this.bufOfs = 0; - } - - // store the specified input into the internal buffer - private void update(byte[] in, int inOfs, int inLen) { - if ((inLen <= 0) || (in == null)) { - return; - } - // buffer bytes internally until doFinal is called - if ((bufOfs + inLen + (encrypt? padLen:0)) > buffer.length) { - // lead to IllegalBlockSizeException when doFinal() is called - bufOfs = buffer.length + 1; - return; - } - System.arraycopy(in, inOfs, buffer, bufOfs, inLen); - bufOfs += inLen; - } - - // return the actual non-negative output length - private int doFinal(byte[] out, int outOfs, int outLen) - throws ShortBufferException, IllegalBlockSizeException, - BadPaddingException { - if (bufOfs > buffer.length) { - throw new IllegalBlockSizeException( - "Data must not be longer than " + - (buffer.length - (encrypt ? padLen : 0)) + " bytes"); - } - if (outLen < outputSize) { - throw new ShortBufferException(); - } - try { - long keyValue = key.value(); - int k = nativeAtomic(mech.value(), encrypt, keyValue, - key.length(), buffer, bufOfs, - out, outOfs, outLen); - if (k < 0) { - if ( k == -16 || k == -64) { - // -16: CRYPTO_ENCRYPTED_DATA_INVALID - // -64: CKR_ENCRYPTED_DATA_INVALID, see bug 17459266 - UcryptoException ue = new UcryptoException(16); - BadPaddingException bpe = - new BadPaddingException("Invalid encryption data"); - bpe.initCause(ue); - throw bpe; - } - throw new UcryptoException(-k); - } - - return k; - } finally { - bufOfs = 0; - } - } -}