0N/A/*
2362N/A * Copyright (c) 2003, 2009, Oracle and/or its affiliates. All rights reserved.
0N/A */
0N/A
0N/A/* Copyright (c) 2002 Graz University of Technology. All rights reserved.
0N/A *
0N/A * Redistribution and use in source and binary forms, with or without
0N/A * modification, are permitted provided that the following conditions are met:
0N/A *
0N/A * 1. Redistributions of source code must retain the above copyright notice,
0N/A * this list of conditions and the following disclaimer.
0N/A *
0N/A * 2. Redistributions in binary form must reproduce the above copyright notice,
0N/A * this list of conditions and the following disclaimer in the documentation
0N/A * and/or other materials provided with the distribution.
0N/A *
0N/A * 3. The end-user documentation included with the redistribution, if any, must
0N/A * include the following acknowledgment:
0N/A *
0N/A * "This product includes software developed by IAIK of Graz University of
0N/A * Technology."
0N/A *
0N/A * Alternately, this acknowledgment may appear in the software itself, if
0N/A * and wherever such third-party acknowledgments normally appear.
0N/A *
0N/A * 4. The names "Graz University of Technology" and "IAIK of Graz University of
0N/A * Technology" must not be used to endorse or promote products derived from
0N/A * this software without prior written permission.
0N/A *
0N/A * 5. Products derived from this software may not be called
0N/A * "IAIK PKCS Wrapper", nor may "IAIK" appear in their name, without prior
0N/A * written permission of Graz University of Technology.
0N/A *
0N/A * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
0N/A * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
0N/A * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
0N/A * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE LICENSOR BE
0N/A * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
0N/A * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
0N/A * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
0N/A * OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
0N/A * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
0N/A * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
0N/A * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
0N/A * POSSIBILITY OF SUCH DAMAGE.
0N/A */
0N/A
0N/A#include "pkcs11wrapper.h"
0N/A
0N/A#include <stdio.h>
0N/A#include <stdlib.h>
0N/A#include <string.h>
0N/A#include <assert.h>
0N/A
0N/A#include "sun_security_pkcs11_wrapper_PKCS11.h"
0N/A
0N/A#ifdef P11_ENABLE_C_GENERATEKEY
0N/A/*
0N/A * Class: sun_security_pkcs11_wrapper_PKCS11
0N/A * Method: C_GenerateKey
0N/A * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;)J
0N/A * Parametermapping: *PKCS11*
0N/A * @param jlong jSessionHandle CK_SESSION_HANDLE hSession
0N/A * @param jobject jMechanism CK_MECHANISM_PTR pMechanism
0N/A * @param jobjectArray jTemplate CK_ATTRIBUTE_PTR pTemplate
0N/A * CK_ULONG ulCount
0N/A * @return jlong jKeyHandle CK_OBJECT_HANDLE_PTR phKey
0N/A */
0N/AJNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GenerateKey
0N/A (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jobjectArray jTemplate)
0N/A{
0N/A CK_SESSION_HANDLE ckSessionHandle;
0N/A CK_MECHANISM ckMechanism;
0N/A CK_ATTRIBUTE_PTR ckpAttributes = NULL_PTR;
0N/A CK_ULONG ckAttributesLength;
1428N/A CK_OBJECT_HANDLE ckKeyHandle = 0;
936N/A jlong jKeyHandle = 0L;
0N/A CK_RV rv;
0N/A
0N/A CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
0N/A if (ckpFunctions == NULL) { return 0L; }
0N/A
0N/A ckSessionHandle = jLongToCKULong(jSessionHandle);
0N/A jMechanismToCKMechanism(env, jMechanism, &ckMechanism);
936N/A if ((*env)->ExceptionCheck(env)) { return 0L ; }
936N/A
0N/A jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength);
936N/A if ((*env)->ExceptionCheck(env)) {
936N/A if (ckMechanism.pParameter != NULL_PTR) {
936N/A free(ckMechanism.pParameter);
936N/A }
936N/A return 0L;
936N/A }
0N/A
0N/A rv = (*ckpFunctions->C_GenerateKey)(ckSessionHandle, &ckMechanism, ckpAttributes, ckAttributesLength, &ckKeyHandle);
0N/A
936N/A if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) {
936N/A jKeyHandle = ckULongToJLong(ckKeyHandle);
0N/A
936N/A /* cheack, if we must give a initialization vector back to Java */
936N/A switch (ckMechanism.mechanism) {
0N/A case CKM_PBE_MD2_DES_CBC:
0N/A case CKM_PBE_MD5_DES_CBC:
0N/A case CKM_PBE_MD5_CAST_CBC:
0N/A case CKM_PBE_MD5_CAST3_CBC:
0N/A case CKM_PBE_MD5_CAST128_CBC:
0N/A /* case CKM_PBE_MD5_CAST5_CBC: the same as CKM_PBE_MD5_CAST128_CBC */
0N/A case CKM_PBE_SHA1_CAST128_CBC:
0N/A /* case CKM_PBE_SHA1_CAST5_CBC: the same as CKM_PBE_SHA1_CAST128_CBC */
0N/A /* we must copy back the initialization vector to the jMechanism object */
0N/A copyBackPBEInitializationVector(env, &ckMechanism, jMechanism);
0N/A break;
936N/A }
0N/A }
0N/A
936N/A if (ckMechanism.pParameter != NULL_PTR) {
0N/A free(ckMechanism.pParameter);
0N/A }
936N/A freeCKAttributeArray(ckpAttributes, ckAttributesLength);
0N/A
0N/A return jKeyHandle ;
0N/A}
0N/A#endif
0N/A
0N/A#ifdef P11_ENABLE_C_GENERATEKEYPAIR
0N/A/*
0N/A * Class: sun_security_pkcs11_wrapper_PKCS11
0N/A * Method: C_GenerateKeyPair
0N/A * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;)[J
0N/A * Parametermapping: *PKCS11*
0N/A * @param jlong jSessionHandle CK_SESSION_HANDLE hSession
0N/A * @param jobject jMechanism CK_MECHANISM_PTR pMechanism
0N/A * @param jobjectArray jPublicKeyTemplate CK_ATTRIBUTE_PTR pPublicKeyTemplate
0N/A * CK_ULONG ulPublicKeyAttributeCount
0N/A * @param jobjectArray jPrivateKeyTemplate CK_ATTRIBUTE_PTR pPrivateKeyTemplate
0N/A * CK_ULONG ulPrivateKeyAttributeCount
0N/A * @return jlongArray jKeyHandles CK_OBJECT_HANDLE_PTR phPublicKey
0N/A * CK_OBJECT_HANDLE_PTR phPublicKey
0N/A */
0N/AJNIEXPORT jlongArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GenerateKeyPair
0N/A (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism,
0N/A jobjectArray jPublicKeyTemplate, jobjectArray jPrivateKeyTemplate)
0N/A{
0N/A CK_SESSION_HANDLE ckSessionHandle;
0N/A CK_MECHANISM ckMechanism;
0N/A CK_ATTRIBUTE_PTR ckpPublicKeyAttributes = NULL_PTR;
0N/A CK_ATTRIBUTE_PTR ckpPrivateKeyAttributes = NULL_PTR;
0N/A CK_ULONG ckPublicKeyAttributesLength;
0N/A CK_ULONG ckPrivateKeyAttributesLength;
0N/A CK_OBJECT_HANDLE_PTR ckpPublicKeyHandle; /* pointer to Public Key */
0N/A CK_OBJECT_HANDLE_PTR ckpPrivateKeyHandle; /* pointer to Private Key */
0N/A CK_OBJECT_HANDLE_PTR ckpKeyHandles; /* pointer to array with Public and Private Key */
1428N/A jlongArray jKeyHandles = NULL;
0N/A CK_RV rv;
0N/A
0N/A CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
0N/A if (ckpFunctions == NULL) { return NULL; }
0N/A
0N/A ckSessionHandle = jLongToCKULong(jSessionHandle);
0N/A jMechanismToCKMechanism(env, jMechanism, &ckMechanism);
936N/A if ((*env)->ExceptionCheck(env)) { return NULL; }
936N/A
0N/A ckpKeyHandles = (CK_OBJECT_HANDLE_PTR) malloc(2 * sizeof(CK_OBJECT_HANDLE));
936N/A if (ckpKeyHandles == NULL) {
936N/A if (ckMechanism.pParameter != NULL_PTR) {
936N/A free(ckMechanism.pParameter);
936N/A }
936N/A JNU_ThrowOutOfMemoryError(env, 0);
936N/A return NULL;
936N/A }
0N/A ckpPublicKeyHandle = ckpKeyHandles; /* first element of array is Public Key */
0N/A ckpPrivateKeyHandle = (ckpKeyHandles + 1); /* second element of array is Private Key */
0N/A
936N/A jAttributeArrayToCKAttributeArray(env, jPublicKeyTemplate, &ckpPublicKeyAttributes, &ckPublicKeyAttributesLength);
936N/A if ((*env)->ExceptionCheck(env)) {
936N/A if (ckMechanism.pParameter != NULL_PTR) {
936N/A free(ckMechanism.pParameter);
936N/A }
936N/A free(ckpKeyHandles);
936N/A return NULL;
936N/A }
936N/A
936N/A jAttributeArrayToCKAttributeArray(env, jPrivateKeyTemplate, &ckpPrivateKeyAttributes, &ckPrivateKeyAttributesLength);
936N/A if ((*env)->ExceptionCheck(env)) {
936N/A if (ckMechanism.pParameter != NULL_PTR) {
936N/A free(ckMechanism.pParameter);
936N/A }
936N/A free(ckpKeyHandles);
936N/A freeCKAttributeArray(ckpPublicKeyAttributes, ckPublicKeyAttributesLength);
936N/A return NULL;
936N/A }
936N/A
0N/A rv = (*ckpFunctions->C_GenerateKeyPair)(ckSessionHandle, &ckMechanism,
0N/A ckpPublicKeyAttributes, ckPublicKeyAttributesLength,
0N/A ckpPrivateKeyAttributes, ckPrivateKeyAttributesLength,
0N/A ckpPublicKeyHandle, ckpPrivateKeyHandle);
0N/A
936N/A if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) {
936N/A jKeyHandles = ckULongArrayToJLongArray(env, ckpKeyHandles, 2);
0N/A }
0N/A
0N/A if(ckMechanism.pParameter != NULL_PTR) {
0N/A free(ckMechanism.pParameter);
0N/A }
0N/A free(ckpKeyHandles);
936N/A freeCKAttributeArray(ckpPublicKeyAttributes, ckPublicKeyAttributesLength);
936N/A freeCKAttributeArray(ckpPrivateKeyAttributes, ckPrivateKeyAttributesLength);
0N/A
0N/A return jKeyHandles ;
0N/A}
0N/A#endif
0N/A
0N/A#ifdef P11_ENABLE_C_WRAPKEY
0N/A/*
0N/A * Class: sun_security_pkcs11_wrapper_PKCS11
0N/A * Method: C_WrapKey
0N/A * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;JJ)[B
0N/A * Parametermapping: *PKCS11*
0N/A * @param jlong jSessionHandle CK_SESSION_HANDLE hSession
0N/A * @param jobject jMechanism CK_MECHANISM_PTR pMechanism
0N/A * @param jlong jWrappingKeyHandle CK_OBJECT_HANDLE hWrappingKey
0N/A * @param jlong jKeyHandle CK_OBJECT_HANDLE hKey
0N/A * @return jbyteArray jWrappedKey CK_BYTE_PTR pWrappedKey
0N/A * CK_ULONG_PTR pulWrappedKeyLen
0N/A */
0N/AJNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1WrapKey
0N/A (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jWrappingKeyHandle, jlong jKeyHandle)
0N/A{
0N/A CK_SESSION_HANDLE ckSessionHandle;
0N/A CK_MECHANISM ckMechanism;
0N/A CK_OBJECT_HANDLE ckWrappingKeyHandle;
0N/A CK_OBJECT_HANDLE ckKeyHandle;
936N/A jbyteArray jWrappedKey = NULL;
0N/A CK_RV rv;
0N/A CK_BYTE BUF[MAX_STACK_BUFFER_LEN];
0N/A CK_BYTE_PTR ckpWrappedKey = BUF;
0N/A CK_ULONG ckWrappedKeyLength = MAX_STACK_BUFFER_LEN;
0N/A
0N/A CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
0N/A if (ckpFunctions == NULL) { return NULL; }
0N/A
0N/A ckSessionHandle = jLongToCKULong(jSessionHandle);
0N/A jMechanismToCKMechanism(env, jMechanism, &ckMechanism);
936N/A if ((*env)->ExceptionCheck(env)) { return NULL; }
936N/A
0N/A ckWrappingKeyHandle = jLongToCKULong(jWrappingKeyHandle);
0N/A ckKeyHandle = jLongToCKULong(jKeyHandle);
0N/A
0N/A rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, &ckMechanism, ckWrappingKeyHandle, ckKeyHandle, ckpWrappedKey, &ckWrappedKeyLength);
0N/A if (rv == CKR_BUFFER_TOO_SMALL) {
0N/A ckpWrappedKey = (CK_BYTE_PTR) malloc(ckWrappedKeyLength);
936N/A if (ckpWrappedKey == NULL) {
936N/A if (ckMechanism.pParameter != NULL_PTR) {
936N/A free(ckMechanism.pParameter);
936N/A }
936N/A JNU_ThrowOutOfMemoryError(env, 0);
936N/A return NULL;
936N/A }
936N/A
0N/A rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, &ckMechanism, ckWrappingKeyHandle, ckKeyHandle, ckpWrappedKey, &ckWrappedKeyLength);
0N/A }
0N/A if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) {
0N/A jWrappedKey = ckByteArrayToJByteArray(env, ckpWrappedKey, ckWrappedKeyLength);
0N/A }
0N/A
936N/A if (ckpWrappedKey != BUF) { free(ckpWrappedKey); }
936N/A if (ckMechanism.pParameter != NULL_PTR) {
936N/A free(ckMechanism.pParameter);
0N/A }
0N/A return jWrappedKey ;
0N/A}
0N/A#endif
0N/A
0N/A#ifdef P11_ENABLE_C_UNWRAPKEY
0N/A/*
0N/A * Class: sun_security_pkcs11_wrapper_PKCS11
0N/A * Method: C_UnwrapKey
0N/A * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;J[B[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;)J
0N/A * Parametermapping: *PKCS11*
0N/A * @param jlong jSessionHandle CK_SESSION_HANDLE hSession
0N/A * @param jobject jMechanism CK_MECHANISM_PTR pMechanism
0N/A * @param jlong jUnwrappingKeyHandle CK_OBJECT_HANDLE hUnwrappingKey
0N/A * @param jbyteArray jWrappedKey CK_BYTE_PTR pWrappedKey
0N/A * CK_ULONG_PTR pulWrappedKeyLen
0N/A * @param jobjectArray jTemplate CK_ATTRIBUTE_PTR pTemplate
0N/A * CK_ULONG ulCount
0N/A * @return jlong jKeyHandle CK_OBJECT_HANDLE_PTR phKey
0N/A */
0N/AJNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1UnwrapKey
0N/A (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jUnwrappingKeyHandle,
0N/A jbyteArray jWrappedKey, jobjectArray jTemplate)
0N/A{
0N/A CK_SESSION_HANDLE ckSessionHandle;
0N/A CK_MECHANISM ckMechanism;
0N/A CK_OBJECT_HANDLE ckUnwrappingKeyHandle;
0N/A CK_BYTE_PTR ckpWrappedKey = NULL_PTR;
0N/A CK_ULONG ckWrappedKeyLength;
0N/A CK_ATTRIBUTE_PTR ckpAttributes = NULL_PTR;
0N/A CK_ULONG ckAttributesLength;
1428N/A CK_OBJECT_HANDLE ckKeyHandle = 0;
936N/A jlong jKeyHandle = 0L;
0N/A CK_RV rv;
0N/A
0N/A CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
0N/A if (ckpFunctions == NULL) { return 0L; }
0N/A
0N/A ckSessionHandle = jLongToCKULong(jSessionHandle);
0N/A jMechanismToCKMechanism(env, jMechanism, &ckMechanism);
936N/A if ((*env)->ExceptionCheck(env)) { return 0L; }
936N/A
0N/A ckUnwrappingKeyHandle = jLongToCKULong(jUnwrappingKeyHandle);
0N/A jByteArrayToCKByteArray(env, jWrappedKey, &ckpWrappedKey, &ckWrappedKeyLength);
936N/A if ((*env)->ExceptionCheck(env)) {
936N/A if (ckMechanism.pParameter != NULL_PTR) {
936N/A free(ckMechanism.pParameter);
936N/A }
936N/A return 0L;
936N/A }
936N/A
0N/A jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength);
936N/A if ((*env)->ExceptionCheck(env)) {
936N/A if (ckMechanism.pParameter != NULL_PTR) {
936N/A free(ckMechanism.pParameter);
936N/A }
936N/A free(ckpWrappedKey);
936N/A return 0L;
936N/A }
936N/A
0N/A
0N/A rv = (*ckpFunctions->C_UnwrapKey)(ckSessionHandle, &ckMechanism, ckUnwrappingKeyHandle,
0N/A ckpWrappedKey, ckWrappedKeyLength,
0N/A ckpAttributes, ckAttributesLength, &ckKeyHandle);
0N/A
936N/A if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) {
936N/A jKeyHandle = ckLongToJLong(ckKeyHandle);
0N/A
0N/A#if 0
936N/A /* cheack, if we must give a initialization vector back to Java */
936N/A if (ckMechanism.mechanism == CKM_KEY_WRAP_SET_OAEP) {
936N/A /* we must copy back the unwrapped key info to the jMechanism object */
936N/A copyBackSetUnwrappedKey(env, &ckMechanism, jMechanism);
936N/A }
936N/A#endif
0N/A }
0N/A
936N/A if (ckMechanism.pParameter != NULL_PTR) {
0N/A free(ckMechanism.pParameter);
0N/A }
936N/A freeCKAttributeArray(ckpAttributes, ckAttributesLength);
936N/A free(ckpWrappedKey);
0N/A
0N/A return jKeyHandle ;
0N/A}
0N/A#endif
0N/A
0N/A#ifdef P11_ENABLE_C_DERIVEKEY
0N/A
0N/Avoid freeMasterKeyDeriveParams(CK_MECHANISM_PTR ckMechanism) {
0N/A CK_SSL3_MASTER_KEY_DERIVE_PARAMS *params = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *) ckMechanism->pParameter;
0N/A if (params == NULL) {
0N/A return;
0N/A }
0N/A
0N/A if (params->RandomInfo.pClientRandom != NULL) {
0N/A free(params->RandomInfo.pClientRandom);
0N/A }
0N/A if (params->RandomInfo.pServerRandom != NULL) {
0N/A free(params->RandomInfo.pServerRandom);
0N/A }
0N/A if (params->pVersion != NULL) {
0N/A free(params->pVersion);
0N/A }
0N/A}
0N/A
0N/Avoid freeEcdh1DeriveParams(CK_MECHANISM_PTR ckMechanism) {
0N/A CK_ECDH1_DERIVE_PARAMS *params = (CK_ECDH1_DERIVE_PARAMS *) ckMechanism->pParameter;
0N/A if (params == NULL) {
0N/A return;
0N/A }
0N/A
0N/A if (params->pSharedData != NULL) {
0N/A free(params->pSharedData);
0N/A }
0N/A if (params->pPublicData != NULL) {
0N/A free(params->pPublicData);
0N/A }
0N/A}
0N/A
0N/A/*
0N/A * Copy back the PRF output to Java.
0N/A */
0N/Avoid copyBackTLSPrfParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism)
0N/A{
936N/A jclass jMechanismClass, jTLSPrfParamsClass;
0N/A CK_TLS_PRF_PARAMS *ckTLSPrfParams;
0N/A jobject jTLSPrfParams;
0N/A jfieldID fieldID;
0N/A CK_MECHANISM_TYPE ckMechanismType;
0N/A jlong jMechanismType;
0N/A CK_BYTE_PTR output;
0N/A jobject jOutput;
0N/A jint jLength;
0N/A jbyte* jBytes;
0N/A int i;
0N/A
0N/A /* get mechanism */
936N/A jMechanismClass = (*env)->FindClass(env, CLASS_MECHANISM);
936N/A if (jMechanismClass == NULL) { return; }
0N/A fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J");
936N/A if (fieldID == NULL) { return; }
0N/A jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID);
0N/A ckMechanismType = jLongToCKULong(jMechanismType);
0N/A if (ckMechanismType != ckMechanism->mechanism) {
0N/A /* we do not have maching types, this should not occur */
0N/A return;
0N/A }
0N/A
0N/A /* get the native CK_TLS_PRF_PARAMS */
0N/A ckTLSPrfParams = (CK_TLS_PRF_PARAMS *) ckMechanism->pParameter;
0N/A if (ckTLSPrfParams != NULL_PTR) {
0N/A /* get the Java CK_TLS_PRF_PARAMS object (pParameter) */
0N/A fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;");
936N/A if (fieldID == NULL) { return; }
0N/A jTLSPrfParams = (*env)->GetObjectField(env, jMechanism, fieldID);
0N/A
0N/A /* copy back the client IV */
936N/A jTLSPrfParamsClass = (*env)->FindClass(env, CLASS_TLS_PRF_PARAMS);
936N/A if (jTLSPrfParamsClass == NULL) { return; }
0N/A fieldID = (*env)->GetFieldID(env, jTLSPrfParamsClass, "pOutput", "[B");
936N/A if (fieldID == NULL) { return; }
0N/A jOutput = (*env)->GetObjectField(env, jTLSPrfParams, fieldID);
0N/A output = ckTLSPrfParams->pOutput;
0N/A
0N/A // Note: we assume that the token returned exactly as many bytes as we
0N/A // requested. Anything else would not make sense.
0N/A if (jOutput != NULL) {
0N/A jLength = (*env)->GetArrayLength(env, jOutput);
0N/A jBytes = (*env)->GetByteArrayElements(env, jOutput, NULL);
936N/A if (jBytes == NULL) { return; }
936N/A
0N/A /* copy the bytes to the Java buffer */
0N/A for (i=0; i < jLength; i++) {
0N/A jBytes[i] = ckByteToJByte(output[i]);
0N/A }
0N/A /* copy back the Java buffer to the object */
0N/A (*env)->ReleaseByteArrayElements(env, jOutput, jBytes, 0);
0N/A }
0N/A
0N/A // free malloc'd data
936N/A free(ckTLSPrfParams->pSeed);
936N/A free(ckTLSPrfParams->pLabel);
936N/A free(ckTLSPrfParams->pulOutputLen);
936N/A free(ckTLSPrfParams->pOutput);
0N/A }
0N/A}
0N/A
0N/A/*
0N/A * Class: sun_security_pkcs11_wrapper_PKCS11
0N/A * Method: C_DeriveKey
0N/A * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;J[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;)J
0N/A * Parametermapping: *PKCS11*
0N/A * @param jlong jSessionHandle CK_SESSION_HANDLE hSession
0N/A * @param jobject jMechanism CK_MECHANISM_PTR pMechanism
0N/A * @param jlong jBaseKeyHandle CK_OBJECT_HANDLE hBaseKey
0N/A * @param jobjectArray jTemplate CK_ATTRIBUTE_PTR pTemplate
0N/A * CK_ULONG ulCount
0N/A * @return jlong jKeyHandle CK_OBJECT_HANDLE_PTR phKey
0N/A */
0N/AJNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DeriveKey
0N/A (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jBaseKeyHandle, jobjectArray jTemplate)
0N/A{
0N/A CK_SESSION_HANDLE ckSessionHandle;
0N/A CK_MECHANISM ckMechanism;
0N/A CK_OBJECT_HANDLE ckBaseKeyHandle;
0N/A CK_ATTRIBUTE_PTR ckpAttributes = NULL_PTR;
0N/A CK_ULONG ckAttributesLength;
0N/A CK_OBJECT_HANDLE ckKeyHandle = 0;
1428N/A jlong jKeyHandle = 0L;
0N/A CK_RV rv;
0N/A CK_OBJECT_HANDLE_PTR phKey = &ckKeyHandle;
0N/A
0N/A CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
0N/A if (ckpFunctions == NULL) { return 0L; }
0N/A
0N/A ckSessionHandle = jLongToCKULong(jSessionHandle);
0N/A jMechanismToCKMechanism(env, jMechanism, &ckMechanism);
936N/A if ((*env)->ExceptionCheck(env)) { return 0L; }
936N/A
0N/A ckBaseKeyHandle = jLongToCKULong(jBaseKeyHandle);
0N/A jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength);
936N/A if ((*env)->ExceptionCheck(env)) {
936N/A if (ckMechanism.pParameter != NULL_PTR) {
936N/A free(ckMechanism.pParameter);
936N/A }
936N/A return 0L;
936N/A }
0N/A
0N/A switch (ckMechanism.mechanism) {
0N/A case CKM_SSL3_KEY_AND_MAC_DERIVE:
0N/A case CKM_TLS_KEY_AND_MAC_DERIVE:
0N/A case CKM_TLS_PRF:
0N/A // these mechanism do not return a key handle via phKey
0N/A // set to NULL in case pedantic implementations check for it
0N/A phKey = NULL;
0N/A break;
0N/A default:
0N/A // empty
0N/A break;
0N/A }
0N/A
0N/A rv = (*ckpFunctions->C_DeriveKey)(ckSessionHandle, &ckMechanism, ckBaseKeyHandle,
0N/A ckpAttributes, ckAttributesLength, phKey);
0N/A
0N/A jKeyHandle = ckLongToJLong(ckKeyHandle);
936N/A
936N/A freeCKAttributeArray(ckpAttributes, ckAttributesLength);
0N/A
0N/A switch (ckMechanism.mechanism) {
0N/A case CKM_SSL3_MASTER_KEY_DERIVE:
0N/A case CKM_TLS_MASTER_KEY_DERIVE:
0N/A /* we must copy back the client version */
0N/A copyBackClientVersion(env, &ckMechanism, jMechanism);
0N/A freeMasterKeyDeriveParams(&ckMechanism);
0N/A break;
0N/A case CKM_SSL3_MASTER_KEY_DERIVE_DH:
0N/A case CKM_TLS_MASTER_KEY_DERIVE_DH:
0N/A freeMasterKeyDeriveParams(&ckMechanism);
0N/A break;
0N/A case CKM_SSL3_KEY_AND_MAC_DERIVE:
0N/A case CKM_TLS_KEY_AND_MAC_DERIVE:
0N/A /* we must copy back the unwrapped key info to the jMechanism object */
0N/A copyBackSSLKeyMatParams(env, &ckMechanism, jMechanism);
0N/A break;
0N/A case CKM_TLS_PRF:
0N/A copyBackTLSPrfParams(env, &ckMechanism, jMechanism);
0N/A break;
0N/A case CKM_ECDH1_DERIVE:
0N/A freeEcdh1DeriveParams(&ckMechanism);
0N/A break;
0N/A default:
0N/A // empty
0N/A break;
0N/A }
0N/A
936N/A if (ckMechanism.pParameter != NULL_PTR) {
0N/A free(ckMechanism.pParameter);
0N/A }
936N/A if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return 0L ; }
0N/A
0N/A return jKeyHandle ;
0N/A}
0N/A
0N/A/*
0N/A * Copy back the client version information from the native
0N/A * structure to the Java object. This is only used for the
0N/A * CKM_SSL3_MASTER_KEY_DERIVE mechanism when used for deriving a key.
0N/A *
0N/A */
0N/Avoid copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism)
0N/A{
936N/A jclass jMechanismClass, jSSL3MasterKeyDeriveParamsClass, jVersionClass;
0N/A CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ckSSL3MasterKeyDeriveParams;
0N/A CK_VERSION *ckVersion;
0N/A jfieldID fieldID;
0N/A CK_MECHANISM_TYPE ckMechanismType;
0N/A jlong jMechanismType;
0N/A jobject jSSL3MasterKeyDeriveParams;
0N/A jobject jVersion;
0N/A
0N/A /* get mechanism */
936N/A jMechanismClass = (*env)->FindClass(env, CLASS_MECHANISM);
936N/A if (jMechanismClass == NULL) { return; }
0N/A fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J");
936N/A if (fieldID == NULL) { return; }
0N/A jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID);
0N/A ckMechanismType = jLongToCKULong(jMechanismType);
0N/A if (ckMechanismType != ckMechanism->mechanism) {
0N/A /* we do not have maching types, this should not occur */
0N/A return;
0N/A }
0N/A
0N/A /* get the native CK_SSL3_MASTER_KEY_DERIVE_PARAMS */
0N/A ckSSL3MasterKeyDeriveParams = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *) ckMechanism->pParameter;
0N/A if (ckSSL3MasterKeyDeriveParams != NULL_PTR) {
0N/A /* get the native CK_VERSION */
0N/A ckVersion = ckSSL3MasterKeyDeriveParams->pVersion;
0N/A if (ckVersion != NULL_PTR) {
0N/A /* get the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS (pParameter) */
0N/A fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;");
936N/A if (fieldID == NULL) { return; }
936N/A
0N/A jSSL3MasterKeyDeriveParams = (*env)->GetObjectField(env, jMechanism, fieldID);
0N/A
0N/A /* get the Java CK_VERSION */
936N/A jSSL3MasterKeyDeriveParamsClass = (*env)->FindClass(env, CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS);
936N/A if (jSSL3MasterKeyDeriveParamsClass == NULL) { return; }
0N/A fieldID = (*env)->GetFieldID(env, jSSL3MasterKeyDeriveParamsClass, "pVersion", "L"CLASS_VERSION";");
936N/A if (fieldID == NULL) { return; }
0N/A jVersion = (*env)->GetObjectField(env, jSSL3MasterKeyDeriveParams, fieldID);
0N/A
0N/A /* now copy back the version from the native structure to the Java structure */
0N/A
0N/A /* copy back the major version */
936N/A jVersionClass = (*env)->FindClass(env, CLASS_VERSION);
936N/A if (jVersionClass == NULL) { return; }
0N/A fieldID = (*env)->GetFieldID(env, jVersionClass, "major", "B");
936N/A if (fieldID == NULL) { return; }
0N/A (*env)->SetByteField(env, jVersion, fieldID, ckByteToJByte(ckVersion->major));
0N/A
0N/A /* copy back the minor version */
0N/A fieldID = (*env)->GetFieldID(env, jVersionClass, "minor", "B");
936N/A if (fieldID == NULL) { return; }
0N/A (*env)->SetByteField(env, jVersion, fieldID, ckByteToJByte(ckVersion->minor));
0N/A }
0N/A }
0N/A}
0N/A
0N/A
0N/A/*
0N/A * Copy back the derived keys and initialization vectors from the native
0N/A * structure to the Java object. This is only used for the
0N/A * CKM_SSL3_KEY_AND_MAC_DERIVE mechanism when used for deriving a key.
0N/A *
0N/A */
0N/Avoid copyBackSSLKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism)
0N/A{
936N/A jclass jMechanismClass, jSSL3KeyMatParamsClass, jSSL3KeyMatOutClass;
0N/A CK_SSL3_KEY_MAT_PARAMS *ckSSL3KeyMatParam;
0N/A CK_SSL3_KEY_MAT_OUT *ckSSL3KeyMatOut;
0N/A jfieldID fieldID;
0N/A CK_MECHANISM_TYPE ckMechanismType;
0N/A jlong jMechanismType;
0N/A CK_BYTE_PTR iv;
0N/A jobject jSSL3KeyMatParam;
0N/A jobject jSSL3KeyMatOut;
0N/A jobject jIV;
0N/A jint jLength;
0N/A jbyte* jBytes;
0N/A int i;
0N/A
0N/A /* get mechanism */
936N/A jMechanismClass= (*env)->FindClass(env, CLASS_MECHANISM);
936N/A if (jMechanismClass == NULL) { return; }
0N/A fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J");
936N/A if (fieldID == NULL) { return; }
0N/A jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID);
0N/A ckMechanismType = jLongToCKULong(jMechanismType);
0N/A if (ckMechanismType != ckMechanism->mechanism) {
0N/A /* we do not have maching types, this should not occur */
0N/A return;
0N/A }
0N/A
0N/A /* get the native CK_SSL3_KEY_MAT_PARAMS */
0N/A ckSSL3KeyMatParam = (CK_SSL3_KEY_MAT_PARAMS *) ckMechanism->pParameter;
0N/A if (ckSSL3KeyMatParam != NULL_PTR) {
0N/A // free malloc'd data
0N/A if (ckSSL3KeyMatParam->RandomInfo.pClientRandom != NULL) {
0N/A free(ckSSL3KeyMatParam->RandomInfo.pClientRandom);
0N/A }
0N/A if (ckSSL3KeyMatParam->RandomInfo.pServerRandom != NULL) {
0N/A free(ckSSL3KeyMatParam->RandomInfo.pServerRandom);
0N/A }
0N/A
0N/A /* get the native CK_SSL3_KEY_MAT_OUT */
0N/A ckSSL3KeyMatOut = ckSSL3KeyMatParam->pReturnedKeyMaterial;
0N/A if (ckSSL3KeyMatOut != NULL_PTR) {
0N/A /* get the Java CK_SSL3_KEY_MAT_PARAMS (pParameter) */
0N/A fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;");
936N/A if (fieldID == NULL) { return; }
0N/A jSSL3KeyMatParam = (*env)->GetObjectField(env, jMechanism, fieldID);
0N/A
0N/A /* get the Java CK_SSL3_KEY_MAT_OUT */
936N/A jSSL3KeyMatParamsClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_PARAMS);
936N/A if (jSSL3KeyMatParamsClass == NULL) { return; }
0N/A fieldID = (*env)->GetFieldID(env, jSSL3KeyMatParamsClass, "pReturnedKeyMaterial", "L"CLASS_SSL3_KEY_MAT_OUT";");
936N/A if (fieldID == NULL) { return; }
0N/A jSSL3KeyMatOut = (*env)->GetObjectField(env, jSSL3KeyMatParam, fieldID);
0N/A
0N/A /* now copy back all the key handles and the initialization vectors */
0N/A /* copy back client MAC secret handle */
936N/A jSSL3KeyMatOutClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_OUT);
936N/A if (jSSL3KeyMatOutClass == NULL) { return; }
0N/A fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hClientMacSecret", "J");
936N/A if (fieldID == NULL) { return; }
0N/A (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hClientMacSecret));
0N/A
0N/A /* copy back server MAC secret handle */
0N/A fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hServerMacSecret", "J");
936N/A if (fieldID == NULL) { return; }
0N/A (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hServerMacSecret));
0N/A
0N/A /* copy back client secret key handle */
0N/A fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hClientKey", "J");
936N/A if (fieldID == NULL) { return; }
0N/A (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hClientKey));
0N/A
0N/A /* copy back server secret key handle */
0N/A fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hServerKey", "J");
936N/A if (fieldID == NULL) { return; }
0N/A (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hServerKey));
0N/A
0N/A /* copy back the client IV */
0N/A fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "pIVClient", "[B");
936N/A if (fieldID == NULL) { return; }
0N/A jIV = (*env)->GetObjectField(env, jSSL3KeyMatOut, fieldID);
0N/A iv = ckSSL3KeyMatOut->pIVClient;
0N/A
0N/A if (jIV != NULL) {
0N/A jLength = (*env)->GetArrayLength(env, jIV);
0N/A jBytes = (*env)->GetByteArrayElements(env, jIV, NULL);
936N/A if (jBytes == NULL) { return; }
0N/A /* copy the bytes to the Java buffer */
0N/A for (i=0; i < jLength; i++) {
0N/A jBytes[i] = ckByteToJByte(iv[i]);
0N/A }
0N/A /* copy back the Java buffer to the object */
0N/A (*env)->ReleaseByteArrayElements(env, jIV, jBytes, 0);
0N/A }
936N/A // free malloc'd data
936N/A free(ckSSL3KeyMatOut->pIVClient);
0N/A
0N/A /* copy back the server IV */
0N/A fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "pIVServer", "[B");
936N/A if (fieldID == NULL) { return; }
0N/A jIV = (*env)->GetObjectField(env, jSSL3KeyMatOut, fieldID);
0N/A iv = ckSSL3KeyMatOut->pIVServer;
0N/A
0N/A if (jIV != NULL) {
0N/A jLength = (*env)->GetArrayLength(env, jIV);
0N/A jBytes = (*env)->GetByteArrayElements(env, jIV, NULL);
936N/A if (jBytes == NULL) { return; }
0N/A /* copy the bytes to the Java buffer */
0N/A for (i=0; i < jLength; i++) {
0N/A jBytes[i] = ckByteToJByte(iv[i]);
0N/A }
0N/A /* copy back the Java buffer to the object */
0N/A (*env)->ReleaseByteArrayElements(env, jIV, jBytes, 0);
0N/A }
0N/A // free malloc'd data
936N/A free(ckSSL3KeyMatOut->pIVServer);
0N/A free(ckSSL3KeyMatOut);
0N/A }
0N/A }
0N/A}
0N/A
0N/A#endif