1 /*
   2  * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package com.oracle.security.ucrypto;
  27 
  28 import java.io.IOException;
  29 import java.io.File;
  30 import java.util.*;
  31 import java.security.*;
  32 
  33 /**
  34  * OracleUcrypto provider main class.
  35  *
  36  * @since 1.9
  37  */
  38 public final class UcryptoProvider extends Provider {
  39 
  40     private static final long serialVersionUID = 351251234302833L;
  41 
  42     private static boolean DEBUG = false;
  43     private static HashMap<String, ServiceDesc> provProp = null;
  44     private static String defConfigName = "";
  45 
  46     static {
  47         try {
  48             // cannot use LoadLibraryAction because that would make the native
  49             // library available to the bootclassloader, but we run in the
  50             // extension classloader.
  51             String osname = System.getProperty("os.name");
  52             if (osname.startsWith("SunOS")) {
  53                 provProp = AccessController.doPrivileged
  54                     (new PrivilegedAction<HashMap<String, ServiceDesc>>() {
  55                         public HashMap<String, ServiceDesc> run() {
  56                             try {
  57                                 DEBUG = Boolean.parseBoolean(System.getProperty("com.oracle.security.ucrypto.debug"));
  58                                 String javaHome = System.getProperty("java.home");
  59                                 String sep = System.getProperty("file.separator");
  60                                 defConfigName = javaHome + sep + "conf" + sep + "security" + sep +
  61                                     "ucrypto-solaris.cfg";
  62                                 System.loadLibrary("j2ucrypto");
  63                                 return new HashMap<>();
  64                             } catch (Error err) {
  65                                 if (DEBUG) err.printStackTrace();
  66                                 return null;
  67                             } catch (SecurityException se) {
  68                                 if (DEBUG) se.printStackTrace();
  69                                 return null;
  70                             }
  71                         }
  72                     });
  73             }
  74             if (provProp != null) {
  75                 boolean[] result = loadLibraries();
  76                 if (result.length == 2) {
  77                     if (result[0]) { // successfully loaded libmd
  78                         provProp.put("MessageDigest.MD5",
  79                             sd("MessageDigest", "MD5",
  80                                "com.oracle.security.ucrypto.NativeDigest$MD5"));
  81                         provProp.put("MessageDigest.SHA",
  82                             sd("MessageDigest", "SHA",
  83                                "com.oracle.security.ucrypto.NativeDigest$SHA1",
  84                                "SHA-1", "SHA1"));
  85                         provProp.put("MessageDigest.SHA-256",
  86                             sd("MessageDigest", "SHA-256",
  87                                "com.oracle.security.ucrypto.NativeDigest$SHA256",
  88                                "2.16.840.1.101.3.4.2.1", "OID.2.16.840.1.101.3.4.2.1"));
  89 
  90                         provProp.put("MessageDigest.SHA-384",
  91                             sd("MessageDigest", "SHA-384",
  92                                "com.oracle.security.ucrypto.NativeDigest$SHA384",
  93                                "2.16.840.1.101.3.4.2.2", "OID.2.16.840.1.101.3.4.2.2"));
  94 
  95                         provProp.put("MessageDigest.SHA-512",
  96                             sd("MessageDigest", "SHA-512",
  97                                "com.oracle.security.ucrypto.NativeDigest$SHA512",
  98                                "2.16.840.1.101.3.4.2.3", "OID.2.16.840.1.101.3.4.2.3"));
  99                     };
 100                     if (result[1]) { // successfully loaded libsoftcrypto
 101                         String supportedMechs = getMechList();
 102                         debug("Prov: supported mechs = " + supportedMechs);
 103                         for (UcryptoMech m : UcryptoMech.values()) {
 104                             if (supportedMechs.indexOf(m.name() + ",") != -1) {
 105                                 ServiceDesc[] services = m.getServiceDescriptions();
 106                                 // skip unsupported UcryptoMech
 107                                 if (services == null || services.length == 0) continue;
 108                                 for (int p = 0; p < services.length; p++) {
 109                                     ServiceDesc entry = services[p];
 110                                     provProp.put(entry.getType() + "." + entry.getAlgorithm(),
 111                                                  entry);
 112                                 }
 113                             }
 114                         }
 115                         // NOTE: GCM support is only available since jdk 7
 116                         provProp.put("AlgorithmParameters.GCM",
 117                                      sd("AlgorithmParameters", "GCM", "com.oracle.security.ucrypto.GCMParameters"));
 118                     }
 119                 } else {
 120                     debug("Prov: unexpected ucrypto library loading error, got " + result.length);
 121                 }
 122             }
 123         } catch (AccessControlException ace) {
 124             if (DEBUG) ace.printStackTrace();
 125             // disable Ucrypto provider
 126             provProp = null;
 127         }
 128     }
 129 
 130     private static ServiceDesc sd(String type, String algo, String cn,
 131         String... aliases) {
 132         return new ServiceDesc(type, algo, cn, aliases);
 133     }
 134 
 135     private static final class ProviderService extends Provider.Service {
 136         ProviderService(Provider p, ServiceDesc sd) {
 137             super(p, sd.getType(), sd.getAlgorithm(), sd.getClassName(),
 138                   sd.getAliases(), null);
 139         }
 140 
 141         @Override
 142         public Object newInstance(Object ctrParamObj)
 143             throws NoSuchAlgorithmException {
 144             String type = getType();
 145             if (ctrParamObj != null) {
 146                 throw new InvalidParameterException
 147                     ("constructorParameter not used with " + type + " engines");
 148             }
 149             String algo = getAlgorithm();
 150             try {
 151                 if (type.equals("Cipher")) {
 152                     int keySize = -1;
 153                     if (algo.charAt(3) == '_') {
 154                         keySize = Integer.parseInt(algo.substring(4, 7))/8;
 155                         algo = algo.substring(0, 3) + algo.substring(7);
 156                     }
 157                     if (algo.equals("AES/ECB/NoPadding")) {
 158                         return new NativeCipher.AesEcbNoPadding(keySize);
 159                     } else if (algo.equals("AES/ECB/PKCS5Padding")) {
 160                         return new NativeCipherWithJavaPadding.AesEcbPKCS5();
 161                     } else if (algo.equals("AES/CBC/NoPadding")) {
 162                         return new NativeCipher.AesCbcNoPadding(keySize);
 163                     } else if (algo.equals("AES/CBC/PKCS5Padding")) {
 164                         return new NativeCipherWithJavaPadding.AesCbcPKCS5();
 165                     } else if (algo.equals("AES/CTR/NoPadding")) {
 166                         return new NativeCipher.AesCtrNoPadding();
 167                     } else if (algo.equals("AES/GCM/NoPadding")) {
 168                         return new NativeGCMCipher.AesGcmNoPadding(keySize);
 169                     } else if (algo.equals("AES/CFB128/NoPadding")) {
 170                         return new NativeCipher.AesCfb128NoPadding();
 171                     } else if (algo.equals("AES/CFB128/PKCS5Padding")) {
 172                         return new NativeCipherWithJavaPadding.AesCfb128PKCS5();
 173                     } else if (algo.equals("RSA/ECB/NoPadding")) {
 174                         return new NativeRSACipher.NoPadding();
 175                     } else if (algo.equals("RSA/ECB/PKCS1Padding")) {
 176                         return new NativeRSACipher.PKCS1Padding();
 177                     }
 178                 } else if (type.equals("Signature")) {
 179                     if (algo.equals("SHA1withRSA")) {
 180                         return new NativeRSASignature.SHA1();
 181                     } else if (algo.equals("SHA256withRSA")) {
 182                         return new NativeRSASignature.SHA256();
 183                     } else if (algo.equals("SHA384withRSA")) {
 184                         return new NativeRSASignature.SHA384();
 185                     } else if (algo.equals("SHA512withRSA")) {
 186                         return new NativeRSASignature.SHA512();
 187                     } else if (algo.equals("MD5withRSA")) {
 188                         return new NativeRSASignature.MD5();
 189                     }
 190                 } else if (type.equals("MessageDigest")) {
 191                     if (algo.equals("SHA")) {
 192                         return new NativeDigest.SHA1();
 193                     } else if (algo.equals("SHA-256")) {
 194                         return new NativeDigest.SHA256();
 195                     } else if (algo.equals("SHA-384")) {
 196                         return new NativeDigest.SHA384();
 197                     } else if (algo.equals("SHA-512")) {
 198                         return new NativeDigest.SHA512();
 199                     } else if (algo.equals("MD5")) {
 200                         return new NativeDigest.MD5();
 201                     }
 202                 } else if (type.equals("AlgorithmParameters")) {
 203                     if (algo.equals("GCM")) {
 204                         return new GCMParameters();
 205                     }
 206                 }
 207             } catch (Exception ex) {
 208                 throw new NoSuchAlgorithmException("Error constructing " +
 209                     type + " for " + algo + " using OracleUcrypto", ex);
 210             }
 211             throw new ProviderException("No impl for " + algo +
 212                 " " + type);
 213         }
 214     }
 215 
 216     static Provider provider = null;
 217     private static native boolean[] loadLibraries();
 218     private static native String getMechList();
 219 
 220     static void debug(String msg) {
 221         if (DEBUG) {
 222             System.out.println("UCrypto/" + msg);
 223         }
 224     }
 225 
 226     public UcryptoProvider() {
 227         super("OracleUcrypto", 1.9d, "Provider using Oracle Ucrypto API");
 228 
 229         AccessController.doPrivileged(new PrivilegedAction<>() {
 230             public Void run() {
 231                 init(defConfigName);
 232                 return null;
 233             }
 234         });
 235         if (provider == null) provider = this;
 236     }
 237 
 238     private void init(final String configName) {
 239         if (provProp != null) {
 240             debug("Prov: configuration file " + configName);
 241             Config c;
 242             try {
 243                 c = new Config(configName);
 244             } catch (Exception ex) {
 245                 throw new UcryptoException("Error parsing Config", ex);
 246             }
 247 
 248             String[] disabledServices = c.getDisabledServices();
 249             for (String ds : disabledServices) {
 250                 if (provProp.remove(ds) != null) {
 251                     debug("Prov: remove config-disabled service " + ds);
 252                 } else {
 253                     debug("Prov: ignore unsupported service " + ds);
 254                 }
 255             }
 256 
 257             for (ServiceDesc s: provProp.values()) {
 258                 debug("Prov: add service for " + s);
 259                 putService(new ProviderService(this, s));
 260             }
 261         }
 262     }
 263 
 264     @Override
 265     public Provider configure(String configArg) throws InvalidParameterException {
 266         if (!defConfigName.equals(configArg)) {
 267             throw new InvalidParameterException("Ucrypto provider can only be " +
 268                 "configured with default configuration file");
 269         }
 270         return this;
 271     }
 272     
 273     @Override
 274     public String getArgument() {
 275         try {
 276             if (new File(defConfigName).canRead()) {
 277                 return defConfigName;
 278             }
 279         } catch (SecurityException se) {
 280             debug("Prov: no perm to read config");
 281         }
 282         return "";
 283     }
 284 
 285     public boolean equals(Object obj) {
 286         return this == obj;
 287     }
 288 
 289     public int hashCode() {
 290         return System.identityHashCode(this);
 291     }
 292 }