diff --git a/src/java.base/share/classes/sun/security/util/GCMParameters.java b/src/java.base/share/classes/sun/security/util/GCMParameters.java new file mode 100644 index 00000000000..02390777a03 --- /dev/null +++ b/src/java.base/share/classes/sun/security/util/GCMParameters.java @@ -0,0 +1,153 @@ +/* + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.util; + +import java.io.IOException; +import java.security.AlgorithmParametersSpi; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.InvalidParameterSpecException; +import javax.crypto.spec.GCMParameterSpec; +import sun.security.util.HexDumpEncoder; +import sun.security.util.*; + +/** + * This class implements the parameter set used with + * GCM encryption, which is defined in RFC 5084 as follows: + * + * 
+ *    GCMParameters ::= SEQUENCE {
+ *      aes-iv      OCTET STRING, -- recommended size is 12 octets
+ *      aes-tLen    AES-GCM-ICVlen DEFAULT 12 }
+ *
+ *    AES-GCM-ICVlen ::= INTEGER (12 | 13 | 14 | 15 | 16)
+ *
+ *
+ * + * @since 13 + */ +public final class GCMParameters extends AlgorithmParametersSpi { + + // the iv + private byte[] iv; + // the tag length in bytes + private int tLen; + + public GCMParameters() {} + + protected void engineInit(AlgorithmParameterSpec paramSpec) + throws InvalidParameterSpecException { + + if (!(paramSpec instanceof GCMParameterSpec)) { + throw new InvalidParameterSpecException + ("Inappropriate parameter specification"); + } + GCMParameterSpec gps = (GCMParameterSpec) paramSpec; + // need to convert from bits to bytes for ASN.1 encoding + this.tLen = gps.getTLen()/8; + if (this.tLen < 12 || this.tLen > 16 ) { + throw new InvalidParameterSpecException + ("GCM parameter parsing error: unsupported tag len: " + + this.tLen); + } + this.iv = gps.getIV(); + } + + protected void engineInit(byte[] encoded) throws IOException { + DerValue val = new DerValue(encoded); + // check if IV or params + if (val.tag == DerValue.tag_Sequence) { + byte[] iv = val.data.getOctetString(); + int tLen; + if (val.data.available() != 0) { + tLen = val.data.getInteger(); + if (tLen < 12 || tLen > 16 ) { + throw new IOException + ("GCM parameter parsing error: unsupported tag len: " + + tLen); + } + if (val.data.available() != 0) { + throw new IOException + ("GCM parameter parsing error: extra data"); + } + } else { + tLen = 12; + } + this.iv = iv.clone(); + this.tLen = tLen; + } else { + throw new IOException("GCM parameter parsing error: no SEQ tag"); + } + } + + protected void engineInit(byte[] encoded, String decodingMethod) + throws IOException { + engineInit(encoded); + } + + protected + T engineGetParameterSpec(Class paramSpec) + throws InvalidParameterSpecException { + + if (GCMParameterSpec.class.isAssignableFrom(paramSpec)) { + return paramSpec.cast(new GCMParameterSpec(tLen * 8, iv)); + } else { + throw new InvalidParameterSpecException + ("Inappropriate parameter specification"); + } + } + + protected byte[] engineGetEncoded() throws IOException { + DerOutputStream out = new DerOutputStream(); + DerOutputStream bytes = new DerOutputStream(); + + bytes.putOctetString(iv); + // Only put non-default values + if (tLen != 12) { + bytes.putInteger(tLen); + } + out.write(DerValue.tag_Sequence, bytes); + return out.toByteArray(); + } + + protected byte[] engineGetEncoded(String encodingMethod) + throws IOException { + return engineGetEncoded(); + } + + /* + * Returns a formatted string describing the parameters. + */ + protected String engineToString() { + String LINE_SEP = System.lineSeparator(); + HexDumpEncoder encoder = new HexDumpEncoder(); + StringBuilder sb + = new StringBuilder(LINE_SEP + " iv:" + LINE_SEP + "[" + + encoder.encodeBuffer(iv) + "]"); + + sb.append(LINE_SEP + "tLen(bits):" + LINE_SEP + tLen*8 + LINE_SEP); + return sb.toString(); + } +} diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java new file mode 100644 index 00000000000..97a836cf36c --- /dev/null +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java @@ -0,0 +1,750 @@ +/* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ +package sun.security.pkcs11; + +import java.io.ByteArrayOutputStream; +import java.nio.ByteBuffer; +import java.util.Arrays; +import java.util.Locale; + +import java.security.*; +import java.security.spec.*; + +import javax.crypto.*; +import javax.crypto.spec.*; + +import sun.nio.ch.DirectBuffer; +import sun.security.jca.JCAUtil; +import sun.security.pkcs11.wrapper.*; +import static sun.security.pkcs11.wrapper.PKCS11Constants.*; + +/** + * P11 AEAD Cipher implementation class. This class currently supports + * AES with GCM mode. + * + * Note that AEAD modes do not use padding, so this class does not have + * its own padding impl. In addition, NSS CKM_AES_GCM only supports single-part + * encryption/decryption, thus the current impl uses PKCS#11 C_Encrypt/C_Decrypt + * calls and buffers data until doFinal is called. + * + * Note that PKCS#11 standard currently only supports GCM and CCM AEAD modes. + * There are no provisions for other AEAD modes yet. + * + * @since 13 + */ +final class P11AEADCipher extends CipherSpi { + + // mode constant for GCM mode + private static final int MODE_GCM = 10; + + // default constants for GCM + private static final int GCM_DEFAULT_TAG_LEN = 16; + private static final int GCM_DEFAULT_IV_LEN = 16; + + private static final String ALGO = "AES"; + + // token instance + private final Token token; + + // mechanism id + private final long mechanism; + + // mode, one of MODE_* above + private final int blockMode; + + // acceptable key size, -1 if more than 1 key sizes are accepted + private final int fixedKeySize; + + // associated session, if any + private Session session = null; + + // key, if init() was called + private P11Key p11Key = null; + + // flag indicating whether an operation is initialized + private boolean initialized = false; + + // falg indicating encrypt or decrypt mode + private boolean encrypt = true; + + // parameters + private byte[] iv = null; + private int tagLen = -1; + private SecureRandom random = JCAUtil.getSecureRandom(); + + // dataBuffer is cleared upon doFinal calls + private ByteArrayOutputStream dataBuffer = new ByteArrayOutputStream(); + // aadBuffer is cleared upon successful init calls + private ByteArrayOutputStream aadBuffer = new ByteArrayOutputStream(); + private boolean updateCalled = false; + + private boolean requireReinit = false; + private P11Key lastEncKey = null; + private byte[] lastEncIv = null; + + P11AEADCipher(Token token, String algorithm, long mechanism) + throws PKCS11Exception, NoSuchAlgorithmException { + super(); + this.token = token; + this.mechanism = mechanism; + + String[] algoParts = algorithm.split("/"); + if (algoParts.length != 3) { + throw new ProviderException("Unsupported Transformation format: " + + algorithm); + } + if (!algoParts[0].startsWith("AES")) { + throw new ProviderException("Only support AES for AEAD cipher mode"); + } + int index = algoParts[0].indexOf('_'); + if (index != -1) { + // should be well-formed since we specify what we support + fixedKeySize = Integer.parseInt(algoParts[0].substring(index+1)) >> 3; + } else { + fixedKeySize = -1; + } + this.blockMode = parseMode(algoParts[1]); + if (!algoParts[2].equals("NoPadding")) { + throw new ProviderException("Only NoPadding is supported for AEAD cipher mode"); + } + } + + protected void engineSetMode(String mode) throws NoSuchAlgorithmException { + // Disallow change of mode for now since currently it's explicitly + // defined in transformation strings + throw new NoSuchAlgorithmException("Unsupported mode " + mode); + } + + private int parseMode(String mode) throws NoSuchAlgorithmException { + mode = mode.toUpperCase(Locale.ENGLISH); + int result; + if (mode.equals("GCM")) { + result = MODE_GCM; + } else { + throw new NoSuchAlgorithmException("Unsupported mode " + mode); + } + return result; + } + + // see JCE spec + protected void engineSetPadding(String padding) + throws NoSuchPaddingException { + // Disallow change of padding for now since currently it's explicitly + // defined in transformation strings + throw new NoSuchPaddingException("Unsupported padding " + padding); + } + + // see JCE spec + protected int engineGetBlockSize() { + return 16; // constant; only AES is supported + } + + // see JCE spec + protected int engineGetOutputSize(int inputLen) { + return doFinalLength(inputLen); + } + + // see JCE spec + protected byte[] engineGetIV() { + return (iv == null) ? null : iv.clone(); + } + + // see JCE spec + protected AlgorithmParameters engineGetParameters() { + if (encrypt && iv == null && tagLen == -1) { + switch (blockMode) { + case MODE_GCM: + iv = new byte[GCM_DEFAULT_IV_LEN]; + tagLen = GCM_DEFAULT_TAG_LEN; + break; + default: + throw new ProviderException("Unsupported mode"); + } + random.nextBytes(iv); + } + try { + AlgorithmParameterSpec spec; + String apAlgo; + switch (blockMode) { + case MODE_GCM: + apAlgo = "GCM"; + spec = new GCMParameterSpec(tagLen << 3, iv); + break; + default: + throw new ProviderException("Unsupported mode"); + } + AlgorithmParameters params = + AlgorithmParameters.getInstance(apAlgo); + params.init(spec); + return params; + } catch (GeneralSecurityException e) { + // NoSuchAlgorithmException, NoSuchProviderException + // InvalidParameterSpecException + throw new ProviderException("Could not encode parameters", e); + } + } + + // see JCE spec + protected void engineInit(int opmode, Key key, SecureRandom sr) + throws InvalidKeyException { + if (opmode == Cipher.DECRYPT_MODE) { + throw new InvalidKeyException("Parameters required for decryption"); + } + updateCalled = false; + try { + implInit(opmode, key, null, -1, sr); + } catch (InvalidAlgorithmParameterException e) { + throw new InvalidKeyException("init() failed", e); + } + } + + // see JCE spec + protected void engineInit(int opmode, Key key, + AlgorithmParameterSpec params, SecureRandom sr) + throws InvalidKeyException, InvalidAlgorithmParameterException { + if (opmode == Cipher.DECRYPT_MODE && params == null) { + throw new InvalidAlgorithmParameterException + ("Parameters required for decryption"); + } + updateCalled = false; + byte[] ivValue = null; + int tagLen = -1; + if (params != null) { + switch (blockMode) { + case MODE_GCM: + if (!(params instanceof GCMParameterSpec)) { + throw new InvalidAlgorithmParameterException + ("Only GCMParameterSpec is supported"); + } + ivValue = ((GCMParameterSpec) params).getIV(); + tagLen = ((GCMParameterSpec) params).getTLen() >> 3; + break; + default: + throw new ProviderException("Unsupported mode"); + } + } + implInit(opmode, key, ivValue, tagLen, sr); + } + + // see JCE spec + protected void engineInit(int opmode, Key key, AlgorithmParameters params, + SecureRandom sr) + throws InvalidKeyException, InvalidAlgorithmParameterException { + if (opmode == Cipher.DECRYPT_MODE && params == null) { + throw new InvalidAlgorithmParameterException + ("Parameters required for decryption"); + } + updateCalled = false; + try { + AlgorithmParameterSpec paramSpec = null; + if (params != null) { + switch (blockMode) { + case MODE_GCM: + paramSpec = + params.getParameterSpec(GCMParameterSpec.class); + break; + default: + throw new ProviderException("Unsupported mode"); + } + } + engineInit(opmode, key, paramSpec, sr); + } catch (InvalidParameterSpecException ex) { + throw new InvalidAlgorithmParameterException(ex); + } + } + + // actual init() implementation + private void implInit(int opmode, Key key, byte[] iv, int tagLen, + SecureRandom sr) + throws InvalidKeyException, InvalidAlgorithmParameterException { + reset(true); + if (fixedKeySize != -1 && key.getEncoded().length != fixedKeySize) { + throw new InvalidKeyException("Key size is invalid"); + } + P11Key newKey = P11SecretKeyFactory.convertKey(token, key, ALGO); + switch (opmode) { + case Cipher.ENCRYPT_MODE: + encrypt = true; + requireReinit = Arrays.equals(iv, lastEncIv) && + (newKey == lastEncKey); + if (requireReinit) { + throw new InvalidAlgorithmParameterException + ("Cannot reuse iv for GCM encryption"); + } + break; + case Cipher.DECRYPT_MODE: + encrypt = false; + requireReinit = false; + break; + default: + throw new InvalidAlgorithmParameterException + ("Unsupported mode: " + opmode); + } + + // decryption without parameters is checked in all engineInit() calls + if (sr != null) { + this.random = sr; + } + if (iv == null && tagLen == -1) { + // generate default values + switch (blockMode) { + case MODE_GCM: + iv = new byte[GCM_DEFAULT_IV_LEN]; + this.random.nextBytes(iv); + tagLen = GCM_DEFAULT_TAG_LEN; + break; + default: + throw new ProviderException("Unsupported mode"); + } + } + this.iv = iv; + this.tagLen = tagLen; + this.p11Key = newKey; + try { + initialize(); + } catch (PKCS11Exception e) { + throw new InvalidKeyException("Could not initialize cipher", e); + } + } + + private void cancelOperation() { + try { + if (session.hasObjects() == false) { + session = token.killSession(session); + return; + } else { + // cancel operation by finishing it + int bufLen = doFinalLength(0); + byte[] buffer = new byte[bufLen]; + + if (encrypt) { + token.p11.C_Encrypt(session.id(), 0, buffer, 0, bufLen, + 0, buffer, 0, bufLen); + } else { + token.p11.C_Decrypt(session.id(), 0, buffer, 0, bufLen, + 0, buffer, 0, bufLen); + } + } + } catch (PKCS11Exception e) { + throw new ProviderException("Cancel failed", e); + } + } + + private void ensureInitialized() throws PKCS11Exception { + if (initialized && aadBuffer.size() > 0) { + // need to cancel first to avoid CKR_OPERATION_ACTIVE + reset(true); + } + if (!initialized) { + initialize(); + } + } + + private void initialize() throws PKCS11Exception { + if (p11Key == null) { + throw new ProviderException( + "Operation cannot be performed without" + + " calling engineInit first"); + } + if (requireReinit) { + throw new IllegalStateException + ("Must use either different key or iv for GCM encryption"); + } + + token.ensureValid(); + + byte[] aad = (aadBuffer.size() > 0? aadBuffer.toByteArray() : null); + + long p11KeyID = p11Key.getKeyID(); + try { + if (session == null) { + session = token.getOpSession(); + } + CK_MECHANISM mechWithParams; + switch (blockMode) { + case MODE_GCM: + mechWithParams = new CK_MECHANISM(mechanism, + new CK_GCM_PARAMS(tagLen << 3, iv, aad)); + break; + default: + throw new ProviderException("Unsupported mode: " + blockMode); + } + if (encrypt) { + token.p11.C_EncryptInit(session.id(), mechWithParams, + p11KeyID); + } else { + token.p11.C_DecryptInit(session.id(), mechWithParams, + p11KeyID); + } + } catch (PKCS11Exception e) { + //e.printStackTrace(); + p11Key.releaseKeyID(); + session = token.releaseSession(session); + throw e; + } finally { + dataBuffer.reset(); + aadBuffer.reset(); + } + initialized = true; + } + + // if doFinal(inLen) is called, how big does the output buffer have to be? + private int doFinalLength(int inLen) { + if (inLen < 0) { + throw new ProviderException("Invalid negative input length"); + } + + int result = inLen + dataBuffer.size(); + if (encrypt) { + result += tagLen; + } else { + // PKCS11Exception: CKR_BUFFER_TOO_SMALL + //result -= tagLen; + } + return result; + } + + // reset the states to the pre-initialized values + private void reset(boolean doCancel) { + if (!initialized) { + return; + } + try { + if (session == null) { + return; + } + if (doCancel && token.explicitCancel) { + cancelOperation(); + } + } finally { + p11Key.releaseKeyID(); + session = token.releaseSession(session); + } + initialized = false; + } + + // see JCE spec + protected byte[] engineUpdate(byte[] in, int inOfs, int inLen) { + updateCalled = true; + int n = implUpdate(in, inOfs, inLen); + return new byte[0]; + } + + // see JCE spec + protected int engineUpdate(byte[] in, int inOfs, int inLen, byte[] out, + int outOfs) throws ShortBufferException { + updateCalled = true; + implUpdate(in, inOfs, inLen); + return 0; + } + + // see JCE spec + @Override + protected int engineUpdate(ByteBuffer inBuffer, ByteBuffer outBuffer) + throws ShortBufferException { + updateCalled = true; + implUpdate(inBuffer); + return 0; + } + + // see JCE spec + @Override + protected synchronized void engineUpdateAAD(byte[] src, int srcOfs, int srcLen) + throws IllegalStateException { + if ((src == null) || (srcOfs < 0) || (srcOfs + srcLen > src.length)) { + throw new IllegalArgumentException("Invalid AAD"); + } + if (requireReinit) { + throw new IllegalStateException + ("Must use either different key or iv for GCM encryption"); + } + if (p11Key == null) { + throw new IllegalStateException("Need to initialize Cipher first"); + } + if (updateCalled) { + throw new IllegalStateException + ("Update has been called; no more AAD data"); + } + aadBuffer.write(src, srcOfs, srcLen); + } + + // see JCE spec + @Override + protected void engineUpdateAAD(ByteBuffer src) + throws IllegalStateException { + if (src == null) { + throw new IllegalArgumentException("Invalid AAD"); + } + byte[] srcBytes = new byte[src.remaining()]; + src.get(srcBytes); + engineUpdateAAD(srcBytes, 0, srcBytes.length); + } + + // see JCE spec + protected byte[] engineDoFinal(byte[] in, int inOfs, int inLen) + throws IllegalBlockSizeException, BadPaddingException { + int minOutLen = doFinalLength(inLen); + try { + byte[] out = new byte[minOutLen]; + int n = engineDoFinal(in, inOfs, inLen, out, 0); + return P11Util.convert(out, 0, n); + } catch (ShortBufferException e) { + // convert since the output length is calculated by doFinalLength() + throw new ProviderException(e); + } finally { + updateCalled = false; + } + } + // see JCE spec + protected int engineDoFinal(byte[] in, int inOfs, int inLen, byte[] out, + int outOfs) throws ShortBufferException, IllegalBlockSizeException, + BadPaddingException { + try { + return implDoFinal(in, inOfs, inLen, out, outOfs, out.length - outOfs); + } finally { + updateCalled = false; + } + } + + // see JCE spec + @Override + protected int engineDoFinal(ByteBuffer inBuffer, ByteBuffer outBuffer) + throws ShortBufferException, IllegalBlockSizeException, + BadPaddingException { + try { + return implDoFinal(inBuffer, outBuffer); + } finally { + updateCalled = false; + } + } + + private int implUpdate(byte[] in, int inOfs, int inLen) { + if (inLen > 0) { + updateCalled = true; + try { + ensureInitialized(); + } catch (PKCS11Exception e) { + //e.printStackTrace(); + reset(false); + throw new ProviderException("update() failed", e); + } + dataBuffer.write(in, inOfs, inLen); + } + // always 0 as NSS only supports single-part encryption/decryption + return 0; + } + + private int implUpdate(ByteBuffer inBuf) { + int inLen = inBuf.remaining(); + if (inLen > 0) { + try { + ensureInitialized(); + } catch (PKCS11Exception e) { + reset(false); + throw new ProviderException("update() failed", e); + } + byte[] data = new byte[inLen]; + inBuf.get(data); + dataBuffer.write(data, 0, data.length); + } + // always 0 as NSS only supports single-part encryption/decryption + return 0; + } + + private int implDoFinal(byte[] in, int inOfs, int inLen, + byte[] out, int outOfs, int outLen) + throws ShortBufferException, IllegalBlockSizeException, + BadPaddingException { + int requiredOutLen = doFinalLength(inLen); + if (outLen < requiredOutLen) { + throw new ShortBufferException(); + } + boolean doCancel = true; + try { + ensureInitialized(); + if (dataBuffer.size() > 0) { + if (in != null && inOfs > 0 && inLen > 0 && + inOfs < (in.length - inLen)) { + dataBuffer.write(in, inOfs, inLen); + } + in = dataBuffer.toByteArray(); + inOfs = 0; + inLen = in.length; + } + int k = 0; + if (encrypt) { + k = token.p11.C_Encrypt(session.id(), 0, in, inOfs, inLen, + 0, out, outOfs, outLen); + doCancel = false; + } else { + // Special handling to match SunJCE provider behavior + if (inLen == 0) { + return 0; + } + k = token.p11.C_Decrypt(session.id(), 0, in, inOfs, inLen, + 0, out, outOfs, outLen); + doCancel = false; + } + return k; + } catch (PKCS11Exception e) { + doCancel = false; + handleException(e); + throw new ProviderException("doFinal() failed", e); + } finally { + if (encrypt) { + lastEncKey = this.p11Key; + lastEncIv = this.iv; + requireReinit = true; + } + reset(doCancel); + } + } + + private int implDoFinal(ByteBuffer inBuffer, ByteBuffer outBuffer) + throws ShortBufferException, IllegalBlockSizeException, + BadPaddingException { + int outLen = outBuffer.remaining(); + int inLen = inBuffer.remaining(); + + int requiredOutLen = doFinalLength(inLen); + if (outLen < requiredOutLen) { + throw new ShortBufferException(); + } + + boolean doCancel = true; + try { + ensureInitialized(); + + long inAddr = 0; + byte[] in = null; + int inOfs = 0; + if (dataBuffer.size() > 0) { + if (inLen > 0) { + byte[] temp = new byte[inLen]; + inBuffer.get(temp); + dataBuffer.write(temp, 0, temp.length); + } + in = dataBuffer.toByteArray(); + inOfs = 0; + inLen = in.length; + } else { + if (inBuffer instanceof DirectBuffer) { + inAddr = ((DirectBuffer) inBuffer).address(); + inOfs = inBuffer.position(); + } else { + if (inBuffer.hasArray()) { + in = inBuffer.array(); + inOfs = inBuffer.position() + inBuffer.arrayOffset(); + } else { + in = new byte[inLen]; + inBuffer.get(in); + } + } + } + long outAddr = 0; + byte[] outArray = null; + int outOfs = 0; + if (outBuffer instanceof DirectBuffer) { + outAddr = ((DirectBuffer) outBuffer).address(); + outOfs = outBuffer.position(); + } else { + if (outBuffer.hasArray()) { + outArray = outBuffer.array(); + outOfs = outBuffer.position() + outBuffer.arrayOffset(); + } else { + outArray = new byte[outLen]; + } + } + + int k = 0; + if (encrypt) { + k = token.p11.C_Encrypt(session.id(), inAddr, in, inOfs, inLen, + outAddr, outArray, outOfs, outLen); + doCancel = false; + } else { + // Special handling to match SunJCE provider behavior + if (inLen == 0) { + return 0; + } + k = token.p11.C_Decrypt(session.id(), inAddr, in, inOfs, inLen, + outAddr, outArray, outOfs, outLen); + doCancel = false; + } + outBuffer.position(outBuffer.position() + k); + return k; + } catch (PKCS11Exception e) { + doCancel = false; + handleException(e); + throw new ProviderException("doFinal() failed", e); + } finally { + if (encrypt) { + lastEncKey = this.p11Key; + lastEncIv = this.iv; + requireReinit = true; + } + reset(doCancel); + } + } + + private void handleException(PKCS11Exception e) + throws ShortBufferException, IllegalBlockSizeException, + BadPaddingException { + long errorCode = e.getErrorCode(); + if (errorCode == CKR_BUFFER_TOO_SMALL) { + throw (ShortBufferException) + (new ShortBufferException().initCause(e)); + } else if (errorCode == CKR_DATA_LEN_RANGE || + errorCode == CKR_ENCRYPTED_DATA_LEN_RANGE) { + throw (IllegalBlockSizeException) + (new IllegalBlockSizeException(e.toString()).initCause(e)); + } else if (errorCode == CKR_ENCRYPTED_DATA_INVALID) { + throw (BadPaddingException) + (new BadPaddingException(e.toString()).initCause(e)); + } + } + + // see JCE spec + protected byte[] engineWrap(Key key) throws IllegalBlockSizeException, + InvalidKeyException { + // XXX key wrapping + throw new UnsupportedOperationException("engineWrap()"); + } + + // see JCE spec + protected Key engineUnwrap(byte[] wrappedKey, String wrappedKeyAlgorithm, + int wrappedKeyType) + throws InvalidKeyException, NoSuchAlgorithmException { + // XXX key unwrapping + throw new UnsupportedOperationException("engineUnwrap()"); + } + + // see JCE spec + @Override + protected int engineGetKeySize(Key key) throws InvalidKeyException { + int n = P11SecretKeyFactory.convertKey + (token, key, ALGO).length(); + return n; + } +} + diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java new file mode 100644 index 00000000000..c0f48715d80 --- /dev/null +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java @@ -0,0 +1,701 @@ +/* + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.pkcs11; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.nio.ByteBuffer; +import sun.nio.ch.DirectBuffer; + +import java.util.Hashtable; +import java.util.Arrays; +import java.security.*; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.MGF1ParameterSpec; +import java.security.spec.PSSParameterSpec; +import java.security.interfaces.*; +import sun.security.pkcs11.wrapper.*; +import static sun.security.pkcs11.wrapper.PKCS11Constants.*; + + +/** + * RSASSA-PSS Signature implementation class. This class currently supports the + * following algorithms: + * + * . RSA-PSS: + * . RSASSA-PSS + * . SHA1withRSASSA-PSS + * . SHA224withRSASSA-PSS + * . SHA256withRSASSA-PSS + * . SHA384withRSASSA-PSS + * . SHA512withRSASSA-PSS + * + * Note that the underlying PKCS#11 token may support complete signature + * algorithm (e.g. CKM__RSA_PKCS_PSS), or it may just + * implement the signature algorithm without hashing (i.e. CKM_RSA_PKCS_PSS). + * This class uses what is available and adds whatever extra processing + * is needed. + * + * @since 13 + */ +final class P11PSSSignature extends SignatureSpi { + + private final static boolean DEBUG = false; + + // mappings of digest algorithms and their output length in bytes + private static final Hashtable DIGEST_LENGTHS = + new Hashtable(); + + static { + DIGEST_LENGTHS.put("SHA-1", 20); + DIGEST_LENGTHS.put("SHA", 20); + DIGEST_LENGTHS.put("SHA1", 20); + DIGEST_LENGTHS.put("SHA-224", 28); + DIGEST_LENGTHS.put("SHA224", 28); + DIGEST_LENGTHS.put("SHA-256", 32); + DIGEST_LENGTHS.put("SHA256", 32); + DIGEST_LENGTHS.put("SHA-384", 48); + DIGEST_LENGTHS.put("SHA384", 48); + DIGEST_LENGTHS.put("SHA-512", 64); + DIGEST_LENGTHS.put("SHA512", 64); + DIGEST_LENGTHS.put("SHA-512/224", 28); + DIGEST_LENGTHS.put("SHA512/224", 28); + DIGEST_LENGTHS.put("SHA-512/256", 32); + DIGEST_LENGTHS.put("SHA512/256", 32); + } + + // utility method for comparing digest algorithms + // NOTE that first argument is assumed to be standard digest name + private static boolean isDigestEqual(String stdAlg, String givenAlg) { + if (stdAlg == null || givenAlg == null) return false; + + if (givenAlg.indexOf("-") != -1) { + return stdAlg.equalsIgnoreCase(givenAlg); + } else { + if (stdAlg.equals("SHA-1")) { + return (givenAlg.equalsIgnoreCase("SHA") + || givenAlg.equalsIgnoreCase("SHA1")); + } else { + StringBuilder sb = new StringBuilder(givenAlg); + // case-insensitive check + if (givenAlg.regionMatches(true, 0, "SHA", 0, 3)) { + givenAlg = sb.insert(3, "-").toString(); + return stdAlg.equalsIgnoreCase(givenAlg); + } else { + throw new ProviderException("Unsupported digest algorithm " + + givenAlg); + } + } + } + } + + // token instance + private final Token token; + + // algorithm name + private final String algorithm; + + // name of the key algorithm, currently just RSA + private static final String KEY_ALGO = "RSA"; + + // mechanism id + private final CK_MECHANISM mechanism; + + // type, one of T_* below + private final int type; + + // key instance used, if init*() was called + private P11Key p11Key = null; + + // PSS parameters and the flag controlling its access + private PSSParameterSpec sigParams = null; + private boolean isActive = false; + + // message digest alg, if implied by the algorithm name + private final String mdAlg; + + // message digest, if we do the digesting ourselves + private MessageDigest md = null; + + // associated session, if any + private Session session; + + // mode, one of M_* below + private int mode; + + // flag indicating whether an operation is initialized + private boolean initialized = false; + + // buffer, for update(byte) + private final byte[] buffer = new byte[1]; + + // total number of bytes processed in current operation + private int bytesProcessed = 0; + + // constant for signing mode + private final static int M_SIGN = 1; + // constant for verification mode + private final static int M_VERIFY = 2; + + // constant for type digesting, we do the hashing ourselves + private final static int T_DIGEST = 1; + // constant for type update, token does everything + private final static int T_UPDATE = 2; + + P11PSSSignature(Token token, String algorithm, long mechId) + throws NoSuchAlgorithmException, PKCS11Exception { + super(); + this.token = token; + this.algorithm = algorithm; + this.mechanism = new CK_MECHANISM(mechId); + int idx = algorithm.indexOf("with"); + this.mdAlg = (idx == -1? null : algorithm.substring(0, idx)); + switch ((int)mechId) { + case (int)CKM_SHA1_RSA_PKCS_PSS: + case (int)CKM_SHA224_RSA_PKCS_PSS: + case (int)CKM_SHA256_RSA_PKCS_PSS: + case (int)CKM_SHA384_RSA_PKCS_PSS: + case (int)CKM_SHA512_RSA_PKCS_PSS: + type = T_UPDATE; + break; + case (int)CKM_RSA_PKCS_PSS: + type = T_DIGEST; + break; + default: + throw new ProviderException("Unsupported mechanism: " + mechId); + } + this.md = null; + } + + private void ensureInitialized() throws SignatureException { + token.ensureValid(); + if (this.p11Key == null) { + throw new SignatureException("Missing key"); + } + if (this.sigParams == null) { + if (this.mdAlg == null) { + // PSS Parameters are required for signature verification + throw new SignatureException + ("Parameters required for RSASSA-PSS signature"); + } else { + int saltLen = DIGEST_LENGTHS.get(this.mdAlg).intValue(); + // generate default params for both sign and verify? + this.sigParams = new PSSParameterSpec(this.mdAlg, + "MGF1", new MGF1ParameterSpec(this.mdAlg), + saltLen, PSSParameterSpec.TRAILER_FIELD_BC); + this.mechanism.setParameter(new CK_RSA_PKCS_PSS_PARAMS( + this.mdAlg, "MGF1", this.mdAlg, + DIGEST_LENGTHS.get(this.mdAlg).intValue())); + } + } + + if (initialized == false) { + initialize(); + } + } + + // reset the states to the pre-initialized values + private void reset(boolean doCancel) { + if (!initialized) { + return; + } + initialized = false; + try { + if (session == null) { + return; + } + if (doCancel && token.explicitCancel) { + cancelOperation(); + } + } finally { + p11Key.releaseKeyID(); + mechanism.freeHandle(); + session = token.releaseSession(session); + isActive = false; + } + } + + private void cancelOperation() { + token.ensureValid(); + if (DEBUG) System.out.print("Cancelling operation"); + + if (session.hasObjects() == false) { + if (DEBUG) System.out.println(" by killing session"); + session = token.killSession(session); + return; + } + // "cancel" operation by finishing it + if (mode == M_SIGN) { + try { + if (type == T_UPDATE) { + if (DEBUG) System.out.println(" by C_SignFinal"); + token.p11.C_SignFinal(session.id(), 0); + } else { + byte[] digest = + (md == null? new byte[0] : md.digest()); + if (DEBUG) System.out.println(" by C_Sign"); + token.p11.C_Sign(session.id(), digest); + } + } catch (PKCS11Exception e) { + throw new ProviderException("cancel failed", e); + } + } else { // M_VERIFY + try { + byte[] signature = + new byte[(p11Key.length() + 7) >> 3]; + if (type == T_UPDATE) { + if (DEBUG) System.out.println(" by C_VerifyFinal"); + token.p11.C_VerifyFinal(session.id(), signature); + } else { + byte[] digest = + (md == null? new byte[0] : md.digest()); + if (DEBUG) System.out.println(" by C_Verify"); + token.p11.C_Verify(session.id(), digest, signature); + } + } catch (PKCS11Exception e) { + // will fail since the signature is incorrect + // XXX check error code + } + } + } + + // assumes current state is initialized == false + private void initialize() { + if (DEBUG) System.out.println("Initializing"); + + if (p11Key == null) { + throw new ProviderException( + "No Key found, call initSign/initVerify first"); + } + + long keyID = p11Key.getKeyID(); + try { + if (session == null) { + session = token.getOpSession(); + } + if (mode == M_SIGN) { + token.p11.C_SignInit(session.id(), mechanism, keyID); + } else { + token.p11.C_VerifyInit(session.id(), mechanism, keyID); + } + } catch (PKCS11Exception e) { + p11Key.releaseKeyID(); + session = token.releaseSession(session); + throw new ProviderException("Initialization failed", e); + } + if (bytesProcessed != 0) { + bytesProcessed = 0; + if (md != null) { + md.reset(); + } + } + initialized = true; + isActive = false; + if (DEBUG) System.out.println("Initialized"); + } + + private void checkKeySize(Key key) throws InvalidKeyException { + if (DEBUG) System.out.print("Checking Key"); + + if (!key.getAlgorithm().equals(KEY_ALGO)) { + throw new InvalidKeyException("Only " + KEY_ALGO + + " keys are supported"); + } + + CK_MECHANISM_INFO mechInfo = null; + try { + mechInfo = token.getMechanismInfo(mechanism.mechanism); + } catch (PKCS11Exception e) { + // should not happen, ignore for now + if (DEBUG) { + System.out.println("Unexpected exception"); + e.printStackTrace(); + } + } + + int keySize = 0; // in bytes + if (mechInfo != null) { + // check against available native info + int minKeySize = (int) mechInfo.ulMinKeySize; + int maxKeySize = (int) mechInfo.ulMaxKeySize; + if (key instanceof P11Key) { + keySize = (((P11Key) key).length() + 7) >> 3; + } else if (key instanceof RSAKey) { + keySize = ((RSAKey) key).getModulus().bitLength() >> 3; + } else { + throw new InvalidKeyException("Unrecognized key type " + key); + } + if ((minKeySize != -1) && (keySize < minKeySize)) { + throw new InvalidKeyException(KEY_ALGO + + " key must be at least " + minKeySize + " bytes"); + } + if ((maxKeySize != -1) && (keySize > maxKeySize)) { + throw new InvalidKeyException(KEY_ALGO + + " key must be at most " + maxKeySize + " bytes"); + } + } + if (this.sigParams != null) { + String digestAlg = this.sigParams.getDigestAlgorithm(); + int sLen = this.sigParams.getSaltLength(); + int hLen = DIGEST_LENGTHS.get(digestAlg).intValue(); + int minKeyLen = Math.addExact(Math.addExact(sLen, hLen), 2); + + if (keySize < minKeyLen) { + throw new InvalidKeyException + ("Key is too short for current params, need min " + minKeyLen); + } + } + } + + private void setSigParams(AlgorithmParameterSpec p) + throws InvalidAlgorithmParameterException { + if (p == null) { + throw new InvalidAlgorithmParameterException("PSS Parameter required"); + } + if (!(p instanceof PSSParameterSpec)) { + throw new InvalidAlgorithmParameterException + ("Only PSSParameterSpec is supported"); + } + // no need to validate again if same as current signature parameters + PSSParameterSpec params = (PSSParameterSpec) p; + if (params == this.sigParams) return; + + String digestAlgorithm = params.getDigestAlgorithm(); + if (this.mdAlg != null && !isDigestEqual(digestAlgorithm, this.mdAlg)) { + throw new InvalidAlgorithmParameterException + ("Digest algorithm in Signature parameters must be " + + this.mdAlg); + } + Integer digestLen = DIGEST_LENGTHS.get(digestAlgorithm); + if (digestLen == null) { + throw new InvalidAlgorithmParameterException + ("Unsupported digest algorithm in Signature parameters: " + + digestAlgorithm); + } + if (!(params.getMGFAlgorithm().equalsIgnoreCase("MGF1"))) { + throw new InvalidAlgorithmParameterException("Only supports MGF1"); + } + if (params.getTrailerField() != PSSParameterSpec.TRAILER_FIELD_BC) { + throw new InvalidAlgorithmParameterException + ("Only supports TrailerFieldBC(1)"); + } + int saltLen = params.getSaltLength(); + if (this.p11Key != null) { + int maxSaltLen = ((this.p11Key.length() + 7) >> 3) - digestLen.intValue() - 2; + + if (DEBUG) { + System.out.println("Max saltLen = " + maxSaltLen); + System.out.println("Curr saltLen = " + saltLen); + } + if (maxSaltLen < 0 || saltLen > maxSaltLen) { + throw new InvalidAlgorithmParameterException("Invalid with current key size"); + } + } else { + if (DEBUG) System.out.println("No key available for validating saltLen"); + } + + // validated, now try to store the parameter internally + try { + this.mechanism.setParameter( + new CK_RSA_PKCS_PSS_PARAMS(digestAlgorithm, "MGF1", + digestAlgorithm, saltLen)); + this.sigParams = params; + } catch (IllegalArgumentException iae) { + throw new InvalidAlgorithmParameterException(iae); + } + } + + // see JCA spec + @Override + protected void engineInitVerify(PublicKey publicKey) + throws InvalidKeyException { + + if (publicKey == null) { + throw new InvalidKeyException("Key must not be null"); + } + + // Need to check key length whenever a new key is set + if (publicKey != p11Key) { + checkKeySize(publicKey); + } + + reset(true); + mode = M_VERIFY; + p11Key = P11KeyFactory.convertKey(token, publicKey, KEY_ALGO); + + // For PSS, defer PKCS11 initialization calls to update/doFinal as it + // needs both key and params + } + + // see JCA spec + @Override + protected void engineInitSign(PrivateKey privateKey) + throws InvalidKeyException { + + if (privateKey == null) { + throw new InvalidKeyException("Key must not be null"); + } + + // Need to check RSA key length whenever a new key is set + if (privateKey != p11Key) { + checkKeySize(privateKey); + } + + reset(true); + mode = M_SIGN; + p11Key = P11KeyFactory.convertKey(token, privateKey, KEY_ALGO); + + // For PSS, defer PKCS11 initialization calls to update/doFinal as it + // needs both key and params + } + + // see JCA spec + @Override + protected void engineUpdate(byte b) throws SignatureException { + ensureInitialized(); + isActive = true; + buffer[0] = b; + engineUpdate(buffer, 0, 1); + } + + // see JCA spec + @Override + protected void engineUpdate(byte[] b, int ofs, int len) + throws SignatureException { + ensureInitialized(); + if (len == 0) { + return; + } + // check for overflow + if (len + bytesProcessed < 0) { + throw new ProviderException("Processed bytes limits exceeded."); + } + isActive = true; + switch (type) { + case T_UPDATE: + try { + if (mode == M_SIGN) { + System.out.println(this + ": Calling C_SignUpdate"); + token.p11.C_SignUpdate(session.id(), 0, b, ofs, len); + } else { + System.out.println(this + ": Calling C_VerfifyUpdate"); + token.p11.C_VerifyUpdate(session.id(), 0, b, ofs, len); + } + bytesProcessed += len; + } catch (PKCS11Exception e) { + reset(false); + throw new ProviderException(e); + } + break; + case T_DIGEST: + // should not happen as this should be covered by earlier checks + if (md == null) { + throw new ProviderException("PSS Parameters required"); + } + md.update(b, ofs, len); + bytesProcessed += len; + break; + default: + throw new ProviderException("Internal error"); + } + } + + // see JCA spec + @Override + protected void engineUpdate(ByteBuffer byteBuffer) { + try { + ensureInitialized(); + } catch (SignatureException se) { + throw new ProviderException(se); + } + int len = byteBuffer.remaining(); + if (len <= 0) { + return; + } + isActive = true; + switch (type) { + case T_UPDATE: + if (byteBuffer instanceof DirectBuffer == false) { + // cannot do better than default impl + super.engineUpdate(byteBuffer); + return; + } + long addr = ((DirectBuffer)byteBuffer).address(); + int ofs = byteBuffer.position(); + try { + if (mode == M_SIGN) { + System.out.println(this + ": Calling C_SignUpdate"); + token.p11.C_SignUpdate + (session.id(), addr + ofs, null, 0, len); + } else { + System.out.println(this + ": Calling C_VerifyUpdate"); + token.p11.C_VerifyUpdate + (session.id(), addr + ofs, null, 0, len); + } + bytesProcessed += len; + byteBuffer.position(ofs + len); + } catch (PKCS11Exception e) { + reset(false); + throw new ProviderException("Update failed", e); + } + break; + case T_DIGEST: + // should not happen as this should be covered by earlier checks + if (md == null) { + throw new ProviderException("PSS Parameters required"); + } + md.update(byteBuffer); + bytesProcessed += len; + break; + default: + reset(false); + throw new ProviderException("Internal error"); + } + } + + // see JCA spec + @Override + protected byte[] engineSign() throws SignatureException { + ensureInitialized(); + boolean doCancel = true; + if (DEBUG) System.out.print("Generating signature"); + try { + byte[] signature; + if (type == T_UPDATE) { + if (DEBUG) System.out.println(" by C_SignFinal"); + signature = token.p11.C_SignFinal(session.id(), 0); + } else { + if (md == null) { + throw new ProviderException("PSS Parameters required"); + } + byte[] digest = md.digest(); + if (DEBUG) System.out.println(" by C_Sign"); + signature = token.p11.C_Sign(session.id(), digest); + } + doCancel = false; + return signature; + } catch (PKCS11Exception pe) { + doCancel = false; + throw new ProviderException(pe); + } catch (ProviderException e) { + throw e; + } finally { + reset(doCancel); + } + } + + // see JCA spec + @Override + protected boolean engineVerify(byte[] signature) throws SignatureException { + ensureInitialized(); + boolean doCancel = true; + if (DEBUG) System.out.print("Verifying signature"); + try { + if (type == T_UPDATE) { + if (DEBUG) System.out.println(" by C_VerifyFinal"); + token.p11.C_VerifyFinal(session.id(), signature); + } else { + if (md == null) { + throw new ProviderException("PSS Parameters required"); + } + byte[] digest = md.digest(); + if (DEBUG) System.out.println(" by C_Verify"); + token.p11.C_Verify(session.id(), digest, signature); + } + doCancel = false; + return true; + } catch (PKCS11Exception pe) { + doCancel = false; + long errorCode = pe.getErrorCode(); + if (errorCode == CKR_SIGNATURE_INVALID) { + return false; + } + if (errorCode == CKR_SIGNATURE_LEN_RANGE) { + // return false rather than throwing an exception + return false; + } + // ECF bug? + if (errorCode == CKR_DATA_LEN_RANGE) { + return false; + } + throw new ProviderException(pe); + } catch (ProviderException e) { + throw e; + } finally { + reset(doCancel); + } + } + + // see JCA spec + @SuppressWarnings("deprecation") + @Override + protected void engineSetParameter(String param, Object value) + throws InvalidParameterException { + throw new UnsupportedOperationException("setParameter() not supported"); + } + + // see JCA spec + @Override + protected void engineSetParameter(AlgorithmParameterSpec params) + throws InvalidAlgorithmParameterException { + // disallow changing parameters when update has been called + if (isActive) { + throw new ProviderException + ("Cannot set parameters during operations"); + } + setSigParams(params); + if (type == T_DIGEST) { + try { + this.md = MessageDigest.getInstance(sigParams.getDigestAlgorithm()); + } catch (NoSuchAlgorithmException nsae) { + throw new InvalidAlgorithmParameterException(nsae); + } + } + } + + // see JCA spec + @SuppressWarnings("deprecation") + @Override + protected Object engineGetParameter(String param) + throws InvalidParameterException { + throw new UnsupportedOperationException("getParameter() not supported"); + } + + // see JCA spec + @Override + protected AlgorithmParameters engineGetParameters() { + if (this.sigParams != null) { + try { + AlgorithmParameters ap = AlgorithmParameters.getInstance("RSASSA-PSS"); + ap.init(this.sigParams); + return ap; + } catch (GeneralSecurityException e) { + throw new RuntimeException(e); + } + } + return null; + } +} diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11RSACipher.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11RSACipher.java index aff8b34167f..2b8fc211d1b 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11RSACipher.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11RSACipher.java @@ -275,10 +275,10 @@ final class P11RSACipher extends CipherSpi { long sessId = session.id(); switch (mode) { case MODE_ENCRYPT: - p11.C_Encrypt(sessId, buffer, 0, inLen, buffer, 0, outLen); + p11.C_Encrypt(sessId, 0, buffer, 0, inLen, 0, buffer, 0, outLen); break; case MODE_DECRYPT: - p11.C_Decrypt(sessId, buffer, 0, inLen, buffer, 0, outLen); + p11.C_Decrypt(sessId, 0, buffer, 0, inLen, 0, buffer, 0, outLen); break; case MODE_SIGN: byte[] tmpBuffer = new byte[maxInputSize]; @@ -372,11 +372,11 @@ final class P11RSACipher extends CipherSpi { switch (mode) { case MODE_ENCRYPT: n = p11.C_Encrypt - (session.id(), buffer, 0, bufOfs, out, outOfs, outLen); + (session.id(), 0, buffer, 0, bufOfs, 0, out, outOfs, outLen); break; case MODE_DECRYPT: n = p11.C_Decrypt - (session.id(), buffer, 0, bufOfs, out, outOfs, outLen); + (session.id(), 0, buffer, 0, bufOfs, 0, out, outOfs, outLen); break; case MODE_SIGN: byte[] tmpBuffer = new byte[bufOfs]; @@ -552,6 +552,7 @@ final class P11RSACipher extends CipherSpi { s = token.getObjSession(); long p11KeyType = P11SecretKeyFactory.getPKCS11KeyType(algorithm); + CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY), new CK_ATTRIBUTE(CKA_KEY_TYPE, p11KeyType), diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java index 75db3c742c5..de82caa2da6 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -516,7 +516,9 @@ public final class SunPKCS11 extends AuthProvider { String P11SecretKeyFactory = "sun.security.pkcs11.P11SecretKeyFactory"; String P11Cipher = "sun.security.pkcs11.P11Cipher"; String P11RSACipher = "sun.security.pkcs11.P11RSACipher"; + String P11AEADCipher = "sun.security.pkcs11.P11AEADCipher"; String P11Signature = "sun.security.pkcs11.P11Signature"; + String P11PSSSignature = "sun.security.pkcs11.P11PSSSignature"; // XXX register all aliases @@ -540,6 +542,12 @@ public final class SunPKCS11 extends AuthProvider { d(MD, "SHA-512", P11Digest, s("2.16.840.1.101.3.4.2.3", "OID.2.16.840.1.101.3.4.2.3"), m(CKM_SHA512)); + d(MD, "SHA-512/224", P11Digest, + s("2.16.840.1.101.3.4.2.5", "OID.2.16.840.1.101.3.4.2.5"), + m(CKM_SHA512_224)); + d(MD, "SHA-512/256", P11Digest, + s("2.16.840.1.101.3.4.2.6", "OID.2.16.840.1.101.3.4.2.6"), + m(CKM_SHA512_256)); d(MAC, "HmacMD5", P11MAC, m(CKM_MD5_HMAC)); @@ -558,13 +566,22 @@ public final class SunPKCS11 extends AuthProvider { d(MAC, "HmacSHA512", P11MAC, s("1.2.840.113549.2.11", "OID.1.2.840.113549.2.11"), m(CKM_SHA512_HMAC)); + d(MAC, "HmacSHA512/224", P11MAC, + s("1.2.840.113549.2.12", "OID.1.2.840.113549.2.12"), + m(CKM_SHA512_224_HMAC)); + d(MAC, "HmacSHA512/256", P11MAC, + s("1.2.840.113549.2.13", "OID.1.2.840.113549.2.13"), + m(CKM_SHA512_256_HMAC)); + d(MAC, "SslMacMD5", P11MAC, m(CKM_SSL3_MD5_MAC)); d(MAC, "SslMacSHA1", P11MAC, m(CKM_SSL3_SHA1_MAC)); d(KPG, "RSA", P11KeyPairGenerator, + s("1.2.840.113549.1.1", "OID.1.2.840.113549.1.1"), m(CKM_RSA_PKCS_KEY_PAIR_GEN)); + d(KPG, "DSA", P11KeyPairGenerator, s("1.3.14.3.2.12", "1.2.840.10040.4.1", "OID.1.2.840.10040.4.1"), m(CKM_DSA_KEY_PAIR_GEN)); @@ -587,6 +604,7 @@ public final class SunPKCS11 extends AuthProvider { // register (Secret)KeyFactories if there are any mechanisms // for a particular algorithm that we support d(KF, "RSA", P11RSAKeyFactory, + s("1.2.840.113549.1.1", "OID.1.2.840.113549.1.1"), m(CKM_RSA_PKCS_KEY_PAIR_GEN, CKM_RSA_PKCS, CKM_RSA_X_509)); d(KF, "DSA", P11DSAKeyFactory, s("1.3.14.3.2.12", "1.2.840.10040.4.1", "OID.1.2.840.10040.4.1"), @@ -600,10 +618,14 @@ public final class SunPKCS11 extends AuthProvider { // AlgorithmParameters for EC. // Only needed until we have an EC implementation in the SUN provider. d(AGP, "EC", "sun.security.util.ECParameters", - s("1.2.840.10045.2.1"), + s("1.2.840.10045.2.1"), m(CKM_EC_KEY_PAIR_GEN, CKM_ECDH1_DERIVE, CKM_ECDSA, CKM_ECDSA_SHA1)); + + d(AGP, "GCM", "sun.security.util.GCMParameters", + m(CKM_AES_GCM)); + d(KA, "DH", P11KeyAgreement, s("DiffieHellman"), m(CKM_DH_PKCS_DERIVE)); d(KA, "ECDH", "sun.security.pkcs11.P11ECDHKeyAgreement", @@ -669,12 +691,24 @@ public final class SunPKCS11 extends AuthProvider { m(CKM_AES_ECB)); d(CIP, "AES/CTR/NoPadding", P11Cipher, m(CKM_AES_CTR)); + + d(CIP, "AES/GCM/NoPadding", P11AEADCipher, + m(CKM_AES_GCM)); + d(CIP, "AES_128/GCM/NoPadding", P11AEADCipher, + s("2.16.840.1.101.3.4.1.6", "OID.2.16.840.1.101.3.4.1.6"), + m(CKM_AES_GCM)); + d(CIP, "AES_192/GCM/NoPadding", P11AEADCipher, + s("2.16.840.1.101.3.4.1.26", "OID.2.16.840.1.101.3.4.1.26"), + m(CKM_AES_GCM)); + d(CIP, "AES_256/GCM/NoPadding", P11AEADCipher, + s("2.16.840.1.101.3.4.1.46", "OID.2.16.840.1.101.3.4.1.46"), + m(CKM_AES_GCM)); + d(CIP, "Blowfish/CBC/NoPadding", P11Cipher, m(CKM_BLOWFISH_CBC)); d(CIP, "Blowfish/CBC/PKCS5Padding", P11Cipher, m(CKM_BLOWFISH_CBC)); - // XXX RSA_X_509, RSA_OAEP not yet supported d(CIP, "RSA/ECB/PKCS1Padding", P11RSACipher, s("RSA"), m(CKM_RSA_PKCS)); d(CIP, "RSA/ECB/NoPadding", P11RSACipher, @@ -686,12 +720,25 @@ public final class SunPKCS11 extends AuthProvider { s("SHA1withDSA", "1.3.14.3.2.13", "1.3.14.3.2.27", "1.2.840.10040.4.3", "OID.1.2.840.10040.4.3"), m(CKM_DSA_SHA1, CKM_DSA)); + d(SIG, "SHA224withDSA", P11Signature, + s("2.16.840.1.101.3.4.3.1", "OID.2.16.840.1.101.3.4.3.1"), + m(CKM_DSA_SHA224)); + d(SIG, "SHA256withDSA", P11Signature, + s("2.16.840.1.101.3.4.3.2", "OID.2.16.840.1.101.3.4.3.2"), + m(CKM_DSA_SHA256)); + d(SIG, "SHA384withDSA", P11Signature, + s("2.16.840.1.101.3.4.3.3", "OID.2.16.840.1.101.3.4.3.3"), + m(CKM_DSA_SHA384)); + d(SIG, "SHA512withDSA", P11Signature, + s("2.16.840.1.101.3.4.3.4", "OID.2.16.840.1.101.3.4.3.4"), + m(CKM_DSA_SHA512)); d(SIG, "RawDSAinP1363Format", P11Signature, s("NONEwithDSAinP1363Format"), m(CKM_DSA)); d(SIG, "DSAinP1363Format", P11Signature, s("SHA1withDSAinP1363Format"), m(CKM_DSA_SHA1, CKM_DSA)); + d(SIG, "NONEwithECDSA", P11Signature, m(CKM_ECDSA)); d(SIG, "SHA1withECDSA", P11Signature, @@ -743,6 +790,19 @@ public final class SunPKCS11 extends AuthProvider { d(SIG, "SHA512withRSA", P11Signature, s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"), m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); + d(SIG, "RSASSA-PSS", P11PSSSignature, + s("1.2.840.113549.1.1.10", "OID.1.2.840.113549.1.1.10"), + m(CKM_RSA_PKCS_PSS)); + d(SIG, "SHA1withRSASSA-PSS", P11PSSSignature, + m(CKM_SHA1_RSA_PKCS_PSS)); + d(SIG, "SHA224withRSASSA-PSS", P11PSSSignature, + m(CKM_SHA224_RSA_PKCS_PSS)); + d(SIG, "SHA256withRSASSA-PSS", P11PSSSignature, + m(CKM_SHA256_RSA_PKCS_PSS)); + d(SIG, "SHA384withRSASSA-PSS", P11PSSSignature, + m(CKM_SHA384_RSA_PKCS_PSS)); + d(SIG, "SHA512withRSASSA-PSS", P11PSSSignature, + m(CKM_SHA512_RSA_PKCS_PSS)); d(KG, "SunTlsRsaPremasterSecret", "sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator", @@ -1008,11 +1068,17 @@ public final class SunPKCS11 extends AuthProvider { } else if (type == CIP) { if (algorithm.startsWith("RSA")) { return new P11RSACipher(token, algorithm, mechanism); + } else if (algorithm.endsWith("GCM/NoPadding")) { + return new P11AEADCipher(token, algorithm, mechanism); } else { return new P11Cipher(token, algorithm, mechanism); } } else if (type == SIG) { - return new P11Signature(token, algorithm, mechanism); + if (algorithm.indexOf("RSASSA-PSS") != -1) { + return new P11PSSSignature(token, algorithm, mechanism); + } else { + return new P11Signature(token, algorithm, mechanism); + } } else if (type == MAC) { return new P11Mac(token, algorithm, mechanism); } else if (type == KPG) { @@ -1051,7 +1117,14 @@ public final class SunPKCS11 extends AuthProvider { } else if (type == KS) { return token.getKeyStore(); } else if (type == AGP) { - return new sun.security.util.ECParameters(); + if (algorithm == "EC") { + return new sun.security.util.ECParameters(); + } else if (algorithm == "GCM") { + return new sun.security.util.GCMParameters(); + } else { + throw new NoSuchAlgorithmException("Unsupported algorithm: " + + algorithm); + } } else { throw new NoSuchAlgorithmException("Unknown type: " + type); } @@ -1070,7 +1143,7 @@ public final class SunPKCS11 extends AuthProvider { String keyAlgorithm = key.getAlgorithm(); // RSA signatures and cipher if (((type == CIP) && algorithm.startsWith("RSA")) - || (type == SIG) && algorithm.endsWith("RSA")) { + || (type == SIG) && (algorithm.indexOf("RSA") != -1)) { if (keyAlgorithm.equals("RSA") == false) { return false; } diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_CCM_PARAMS.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_CCM_PARAMS.java new file mode 100644 index 00000000000..e8748d425cd --- /dev/null +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_CCM_PARAMS.java @@ -0,0 +1,83 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.pkcs11.wrapper; + +/** + * This class represents the necessary parameters required by + * the CKM_AES_CCM mechanism as defined in CK_CCM_PARAMS structure.

+ * PKCS#11 structure: + * 

+ * typedef struct CK_CCM_PARAMS {
+ *   CK_ULONG ulDataLen;
+ *   CK_BYTE_PTR pNonce;
+ *   CK_ULONG ulNonceLen;
+ *   CK_BYTE_PTR pAAD;
+ *   CK_ULONG ulAADLen;
+ *   CK_ULONG ulMACLen;
+ * } CK_CCM_PARAMS;
+ *
+ * + * @since 13 + */ +public class CK_CCM_PARAMS { + + private final long dataLen; + private final byte[] nonce; + private final byte[] aad; + private final long macLen; + + public CK_CCM_PARAMS(int tagLen, byte[] iv, byte[] aad, int dataLen) { + this.dataLen = dataLen; + this.nonce = iv; + this.aad = aad; + this.macLen = tagLen; + } + + public String toString() { + StringBuilder sb = new StringBuilder(); + + sb.append(Constants.INDENT); + sb.append("ulDataLen: "); + sb.append(dataLen); + sb.append(Constants.NEWLINE); + + sb.append(Constants.INDENT); + sb.append("iv: "); + sb.append(Functions.toHexString(nonce)); + sb.append(Constants.NEWLINE); + + sb.append(Constants.INDENT); + sb.append("aad: "); + sb.append(Functions.toHexString(aad)); + sb.append(Constants.NEWLINE); + + sb.append(Constants.INDENT); + sb.append("tagLen: "); + sb.append(macLen); + + return sb.toString(); + } +} diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_GCM_PARAMS.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_GCM_PARAMS.java new file mode 100644 index 00000000000..0389dda2818 --- /dev/null +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_GCM_PARAMS.java @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.pkcs11.wrapper; + +/** + * This class represents the necessary parameters required by + * the CKM_AES_GCM mechanism as defined in CK_GCM_PARAMS structure.

+ * PKCS#11 structure: + * 

+ * typedef struct CK_GCM_PARAMS {
+ *    CK_BYTE_PTR       pIv;
+ *    CK_ULONG          ulIvLen;
+ *    CK_BYTE_PTR       pAAD;
+ *    CK_ULONG          ulAADLen;
+ *    CK_ULONG          ulTagBits;
+ * } CK_GCM_PARAMS;
+ *
+ * + * @since 10 + */ +public class CK_GCM_PARAMS { + + private final byte[] iv; + private final byte[] aad; + private final long tagBits; + + public CK_GCM_PARAMS(int tagLenInBits, byte[] iv, byte[] aad) { + this.iv = iv; + this.aad = aad; + this.tagBits = tagLenInBits; + } + + public String toString() { + StringBuilder sb = new StringBuilder(); + + sb.append(Constants.INDENT); + sb.append("iv: "); + sb.append(Functions.toHexString(iv)); + sb.append(Constants.NEWLINE); + + sb.append(Constants.INDENT); + sb.append("aad: "); + sb.append(Functions.toHexString(aad)); + sb.append(Constants.NEWLINE); + + sb.append(Constants.INDENT); + sb.append("tagLen(in bits): "); + sb.append(tagBits); + + return sb.toString(); + } +} diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java index 84f8508a3fd..1e546462163 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -82,11 +82,15 @@ public class CK_MECHANISM { * CK_ULONG ulParameterLen; * */ - public Object pParameter; + public Object pParameter = null; - public CK_MECHANISM() { - // empty - } + // pointer to native CK_MECHANISM structure + // For mechanisms which have only mechanism id, the native structure + // can be freed right after init and this field will not be used. However, + // for mechanisms which have both mechanism id and parameters, it can + // only be freed after operation is finished. Thus, the native pointer + // will be stored here and then be explicitly freed by caller. + private long pHandle = 0L; public CK_MECHANISM(long mechanism) { this.mechanism = mechanism; @@ -95,7 +99,6 @@ public class CK_MECHANISM { // We don't have a (long,Object) constructor to force type checking. // This makes sure we don't accidentally pass a class that the native // code cannot handle. - public CK_MECHANISM(long mechanism, byte[] pParameter) { init(mechanism, pParameter); } @@ -144,6 +147,33 @@ public class CK_MECHANISM { init(mechanism, params); } + public CK_MECHANISM(long mechanism, CK_GCM_PARAMS params) { + init(mechanism, params); + } + + public CK_MECHANISM(long mechanism, CK_CCM_PARAMS params) { + init(mechanism, params); + } + + // For PSS. the parameter may be set multiple times, use the + // CK_MECHANISM(long) constructor and setParameter(CK_RSA_PKCS_PSS_PARAMS) + // methods instead of creating yet another constructor + public void setParameter(CK_RSA_PKCS_PSS_PARAMS params) { + assert(this.mechanism == CKM_RSA_PKCS_PSS); + assert(params != null); + if (this.pParameter != null && this.pParameter.equals(params)) { + return; + } + freeHandle(); + this.pParameter = params; + } + + public void freeHandle() { + if (this.pHandle != 0L) { + this.pHandle = PKCS11.freeMechanism(pHandle); + } + } + private void init(long mechanism, Object pParameter) { this.mechanism = mechanism; this.pParameter = pParameter; @@ -167,12 +197,17 @@ public class CK_MECHANISM { sb.append(pParameter.toString()); sb.append(Constants.NEWLINE); + /* sb.append(Constants.INDENT); sb.append("ulParameterLen: ??"); - //buffer.append(pParameter.length); - //buffer.append(Constants.NEWLINE); - + sb.append(Constants.NEWLINE); + */ + if (pHandle != 0L) { + sb.append(Constants.INDENT); + sb.append("pHandle: "); + sb.append(pHandle); + sb.append(Constants.NEWLINE); + } return sb.toString() ; } - } diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java index fd11493c827..7309f0d2e72 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java @@ -1,118 +1,105 @@ /* - * reserved comment block - * DO NOT REMOVE OR ALTER! - */ -/* Copyright (c) 2002 Graz University of Technology. All rights reserved. + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). * - * 2. Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * - * 3. The end-user documentation included with the redistribution, if any, must - * include the following acknowledgment: - * - * "This product includes software developed by IAIK of Graz University of - * Technology." - * - * Alternately, this acknowledgment may appear in the software itself, if - * and wherever such third-party acknowledgments normally appear. - * - * 4. The names "Graz University of Technology" and "IAIK of Graz University of - * Technology" must not be used to endorse or promote products derived from - * this software without prior written permission. - * - * 5. Products derived from this software may not be called - * "IAIK PKCS Wrapper", nor may "IAIK" appear in their name, without prior - * written permission of Graz University of Technology. - * - * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE LICENSOR BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, - * OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. */ package sun.security.pkcs11.wrapper; +import java.security.ProviderException; +import java.security.spec.PSSParameterSpec; +import java.security.spec.MGF1ParameterSpec; /** - * class CK_RSA_PKCS_PSS_PARAMS provides the parameters to the CKM_RSA_PKCS_OAEP - * mechanism.

+ * This class represents the necessary parameters required by the + * CKM_RSA_PKCS_PSS mechanism as defined in CK_RSA_PKCS_PSS_PARAMS structure.

* PKCS#11 structure: * 

  * typedef struct CK_RSA_PKCS_PSS_PARAMS {
- *   CK_MECHANISM_TYPE hashAlg;
- *   CK_RSA_PKCS_MGF_TYPE mgf;
- *   CK_ULONG sLen;
+ *    CK_MECHANISM_TYPE    hashAlg;
+ *    CK_RSA_PKCS_MGF_TYPE mgf;
+ *    CK_ULONG             sLen;
  * } CK_RSA_PKCS_PSS_PARAMS;
  *
* - * @author Karl Scheibelhofer + * @since 13 */ public class CK_RSA_PKCS_PSS_PARAMS { - /** - * PKCS#11: - * 
-     *   CK_MECHANISM_TYPE hashAlg;
-     *
- */ - public long hashAlg; + private final long hashAlg; + private final long mgf; + private final long sLen; - /** - * PKCS#11: - * 
-     *   CK_RSA_PKCS_MGF_TYPE mgf;
-     *
- */ - public long mgf; + public CK_RSA_PKCS_PSS_PARAMS(String hashAlg, String mgfAlg, + String mgfHash, int sLen) { + this.hashAlg = Functions.getHashMechId(hashAlg); + if (!mgfAlg.equals("MGF1")) { + throw new ProviderException("Only MGF1 is supported"); + } + // no dash in PKCS#11 mechanism names + this.mgf = Functions.getMGFId("CKG_MGF1_" + hashAlg.replaceFirst("-", "")); + this.sLen = sLen; + } - /** - * PKCS#11: - * 
-     *   CK_ULONG sLen;
-     *
- */ - public long sLen; + @Override + public boolean equals(Object o) { + if (o == this) { + return true; + } - /** - * Returns the string representation of CK_PKCS5_PBKD2_PARAMS. - * - * @return the string representation of CK_PKCS5_PBKD2_PARAMS - */ + if (!(o instanceof CK_RSA_PKCS_PSS_PARAMS)) { + return false; + } + + CK_RSA_PKCS_PSS_PARAMS other = (CK_RSA_PKCS_PSS_PARAMS) o; + return ((other.hashAlg == hashAlg) && + (other.mgf == mgf) && + (other.sLen == sLen)); + } + + @Override + public int hashCode() { + return (int)(hashAlg << 2 + mgf << 1 + sLen); + } + + @Override public String toString() { StringBuilder sb = new StringBuilder(); sb.append(Constants.INDENT); - sb.append("hashAlg: 0x"); + sb.append("hashAlg: "); sb.append(Functions.toFullHexString(hashAlg)); sb.append(Constants.NEWLINE); sb.append(Constants.INDENT); - sb.append("mgf: 0x"); + sb.append("mgf: "); sb.append(Functions.toFullHexString(mgf)); sb.append(Constants.NEWLINE); sb.append(Constants.INDENT); - sb.append("sLen: "); + sb.append("sLen(in bytes): "); sb.append(sLen); - //buffer.append(Constants.NEWLINE); return sb.toString(); } - } diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/Functions.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/Functions.java index b150a126d51..7e5593f8703 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/Functions.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/Functions.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -97,6 +97,13 @@ public class Functions { private static final Map objectClassIds = new HashMap(); + // MGFs (CKG_*) + private static final Map mgfNames = + new HashMap(); + + private static final Map mgfIds = + new HashMap(); + /** * For converting numbers to their hex presentation. */ @@ -401,7 +408,11 @@ public class Functions { name = nameMap.get(Integer.valueOf((int)id)); } if (name == null) { - name = "Unknown 0x" + toFullHexString(id); + if ((id & CKM_VENDOR_DEFINED) != 0) { + name = "(Vendor-Specific) 0x" + toFullHexString(id); + } else { + name = "(Unknown) 0x" + toFullHexString(id); + } } return name; } @@ -450,6 +461,14 @@ public class Functions { return hashMechIds.get(name); } + public static String getMGFName(long id) { + return getName(mgfNames, id); + } + + public static long getMGFId(String name) { + return getId(mgfIds, name); + } + /** * Check the given arrays for equalitiy. This method considers both arrays as * equal, if both are null or both have the same length and @@ -595,8 +614,14 @@ public class Functions { addMapping(objectClassNames, objectClassIds, id, name); } - private static void addHashMech(long id, String name) { - hashMechIds.put(name, id); + private static void addHashMech(long id, String... names) { + for (String n : names) { + hashMechIds.put(n, id); + } + } + + private static void addMGF(long id, String name) { + addMapping(mgfNames, mgfIds, id, name); } static { @@ -618,16 +643,27 @@ public class Functions { addMech(CKM_DSA_KEY_PAIR_GEN, "CKM_DSA_KEY_PAIR_GEN"); addMech(CKM_DSA, "CKM_DSA"); addMech(CKM_DSA_SHA1, "CKM_DSA_SHA1"); + addMech(CKM_DSA_SHA224, "CKM_DSA_SHA224"); + addMech(CKM_DSA_SHA256, "CKM_DSA_SHA256"); + addMech(CKM_DSA_SHA384, "CKM_DSA_SHA384"); + addMech(CKM_DSA_SHA512, "CKM_DSA_SHA512"); + addMech(CKM_DH_PKCS_KEY_PAIR_GEN, "CKM_DH_PKCS_KEY_PAIR_GEN"); addMech(CKM_DH_PKCS_DERIVE, "CKM_DH_PKCS_DERIVE"); addMech(CKM_X9_42_DH_KEY_PAIR_GEN, "CKM_X9_42_DH_KEY_PAIR_GEN"); addMech(CKM_X9_42_DH_DERIVE, "CKM_X9_42_DH_DERIVE"); addMech(CKM_X9_42_DH_HYBRID_DERIVE, "CKM_X9_42_DH_HYBRID_DERIVE"); addMech(CKM_X9_42_MQV_DERIVE, "CKM_X9_42_MQV_DERIVE"); - addMech(CKM_SHA224_RSA_PKCS, "CKM_SHA224_RSA_PKCS"); + addMech(CKM_SHA256_RSA_PKCS, "CKM_SHA256_RSA_PKCS"); addMech(CKM_SHA384_RSA_PKCS, "CKM_SHA384_RSA_PKCS"); addMech(CKM_SHA512_RSA_PKCS, "CKM_SHA512_RSA_PKCS"); + addMech(CKM_SHA256_RSA_PKCS_PSS, "CKM_SHA256_RSA_PKCS_PSS"); + addMech(CKM_SHA384_RSA_PKCS_PSS, "CKM_SHA384_RSA_PKCS_PSS"); + addMech(CKM_SHA512_RSA_PKCS_PSS, "CKM_SHA512_RSA_PKCS_PSS"); + addMech(CKM_SHA224_RSA_PKCS, "CKM_SHA224_RSA_PKCS"); + addMech(CKM_SHA224_RSA_PKCS_PSS, "CKM_SHA224_RSA_PKCS_PSS"); + addMech(CKM_RC2_KEY_GEN, "CKM_RC2_KEY_GEN"); addMech(CKM_RC2_ECB, "CKM_RC2_ECB"); addMech(CKM_RC2_CBC, "CKM_RC2_CBC"); @@ -649,12 +685,21 @@ public class Functions { addMech(CKM_DES3_MAC, "CKM_DES3_MAC"); addMech(CKM_DES3_MAC_GENERAL, "CKM_DES3_MAC_GENERAL"); addMech(CKM_DES3_CBC_PAD, "CKM_DES3_CBC_PAD"); + addMech(CKM_DES3_CMAC_GENERAL, "CKM_DES3_CMAC_GENERAL"); + addMech(CKM_DES3_CMAC, "CKM_DES3_CMAC"); + addMech(CKM_CDMF_KEY_GEN, "CKM_CDMF_KEY_GEN"); addMech(CKM_CDMF_ECB, "CKM_CDMF_ECB"); addMech(CKM_CDMF_CBC, "CKM_CDMF_CBC"); addMech(CKM_CDMF_MAC, "CKM_CDMF_MAC"); addMech(CKM_CDMF_MAC_GENERAL, "CKM_CDMF_MAC_GENERAL"); addMech(CKM_CDMF_CBC_PAD, "CKM_CDMF_CBC_PAD"); + + addMech(CKM_DES_OFB64, "CKM_DES_OFB64"); + addMech(CKM_DES_OFB8, "CKM_DES_OFB8"); + addMech(CKM_DES_CFB64, "CKM_DES_CFB64"); + addMech(CKM_DES_CFB8, "CKM_DES_CFB8"); + addMech(CKM_MD2, "CKM_MD2"); addMech(CKM_MD2_HMAC, "CKM_MD2_HMAC"); addMech(CKM_MD2_HMAC_GENERAL, "CKM_MD2_HMAC_GENERAL"); @@ -682,6 +727,26 @@ public class Functions { addMech(CKM_SHA512, "CKM_SHA512"); addMech(CKM_SHA512_HMAC, "CKM_SHA512_HMAC"); addMech(CKM_SHA512_HMAC_GENERAL, "CKM_SHA512_HMAC_GENERAL"); + addMech(CKM_SHA512_224, "CKM_SHA512_224"); + addMech(CKM_SHA512_224_HMAC, "CKM_SHA512_224_HMAC"); + addMech(CKM_SHA512_224_HMAC_GENERAL, "CKM_SHA512_224_HMAC_GENERAL"); + addMech(CKM_SHA512_224_KEY_DERIVATION, "CKM_SHA512_224_KEY_DERIVATION"); + addMech(CKM_SHA512_256, "CKM_SHA512_256"); + addMech(CKM_SHA512_256_HMAC, "CKM_SHA512_256_HMAC"); + addMech(CKM_SHA512_256_HMAC_GENERAL, "CKM_SHA512_256_HMAC_GENERAL"); + addMech(CKM_SHA512_256_KEY_DERIVATION, "CKM_SHA512_256_KEY_DERIVATION"); + addMech(CKM_SHA512_T, "CKM_SHA512_T"); + addMech(CKM_SHA512_T_HMAC, "CKM_SHA512_T_HMAC"); + addMech(CKM_SHA512_T_HMAC_GENERAL, "CKM_SHA512_T_HMAC_GENERAL"); + addMech(CKM_SHA512_T_KEY_DERIVATION, "CKM_SHA512_T_KEY_DERIVATION"); + + addMech(CKM_SECURID_KEY_GEN, "CKM_SECURID_KEY_GEN"); + addMech(CKM_SECURID, "CKM_SECURID"); + addMech(CKM_HOTP_KEY_GEN, "CKM_HOTP_KEY_GEN"); + addMech(CKM_HOTP, "CKM_HOTP"); + addMech(CKM_ACTI, "CKM_ACTI"); + addMech(CKM_ACTI_KEY_GEN, "CKM_ACTI_KEY_GEN"); + addMech(CKM_CAST_KEY_GEN, "CKM_CAST_KEY_GEN"); addMech(CKM_CAST_ECB, "CKM_CAST_ECB"); addMech(CKM_CAST_CBC, "CKM_CAST_CBC"); @@ -729,10 +794,7 @@ public class Functions { addMech(CKM_TLS_PRF, "CKM_TLS_PRF"); addMech(CKM_SSL3_MD5_MAC, "CKM_SSL3_MD5_MAC"); addMech(CKM_SSL3_SHA1_MAC, "CKM_SSL3_SHA1_MAC"); - addMech(CKM_TLS12_MASTER_KEY_DERIVE, "CKM_TLS12_MASTER_KEY_DERIVE"); - addMech(CKM_TLS12_KEY_AND_MAC_DERIVE, "CKM_TLS12_KEY_AND_MAC_DERIVE"); - addMech(CKM_TLS12_MASTER_KEY_DERIVE_DH, "CKM_TLS12_MASTER_KEY_DERIVE_DH"); - addMech(CKM_TLS_MAC, "CKM_TLS_MAC"); + addMech(CKM_MD5_KEY_DERIVATION, "CKM_MD5_KEY_DERIVATION"); addMech(CKM_MD2_KEY_DERIVATION, "CKM_MD2_KEY_DERIVATION"); addMech(CKM_SHA1_KEY_DERIVATION, "CKM_SHA1_KEY_DERIVATION"); @@ -754,8 +816,62 @@ public class Functions { addMech(CKM_PBE_SHA1_RC2_40_CBC, "CKM_PBE_SHA1_RC2_40_CBC"); addMech(CKM_PKCS5_PBKD2, "CKM_PKCS5_PBKD2"); addMech(CKM_PBA_SHA1_WITH_SHA1_HMAC, "CKM_PBA_SHA1_WITH_SHA1_HMAC"); + + addMech(CKM_WTLS_PRE_MASTER_KEY_GEN, "CKM_WTLS_PRE_MASTER_KEY_GEN"); + addMech(CKM_WTLS_MASTER_KEY_DERIVE, "CKM_WTLS_MASTER_KEY_DERIVE"); + addMech(CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC, + "CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC"); + addMech(CKM_WTLS_PRF, "CKM_WTLS_PRF"); + addMech(CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE, + "CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE"); + addMech(CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE, + "CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE"); + addMech(CKM_TLS10_MAC_SERVER, "CKM_TLS10_MAC_SERVER"); + addMech(CKM_TLS10_MAC_CLIENT, "CKM_TLS10_MAC_CLIENT"); + addMech(CKM_TLS12_MAC, "CKM_TLS12_MAC"); + addMech(CKM_TLS12_KDF, "CKM_TLS12_KDF"); + addMech(CKM_TLS12_MASTER_KEY_DERIVE, "CKM_TLS12_MASTER_KEY_DERIVE"); + addMech(CKM_TLS12_KEY_AND_MAC_DERIVE, "CKM_TLS12_KEY_AND_MAC_DERIVE"); + addMech(CKM_TLS12_MASTER_KEY_DERIVE_DH, "CKM_TLS12_MASTER_KEY_DERIVE_DH"); + addMech(CKM_TLS12_KEY_SAFE_DERIVE, "CKM_TLS12_KEY_SAFE_DERIVE"); + addMech(CKM_TLS_MAC, "CKM_TLS_MAC"); + addMech(CKM_TLS_KDF, "CKM_TLS_KDF"); + addMech(CKM_KEY_WRAP_LYNKS, "CKM_KEY_WRAP_LYNKS"); addMech(CKM_KEY_WRAP_SET_OAEP, "CKM_KEY_WRAP_SET_OAEP"); + + addMech(CKM_CMS_SIG, "CKM_CMS_SIG"); + addMech(CKM_KIP_DERIVE, "CKM_KIP_DERIVE"); + addMech(CKM_KIP_WRAP, "CKM_KIP_WRAP"); + addMech(CKM_KIP_MAC, "CKM_KIP_MAC"); + addMech(CKM_CAMELLIA_KEY_GEN, "CKM_CAMELLIA_KEY_GEN"); + addMech(CKM_CAMELLIA_ECB, "CKM_CAMELLIA_ECB"); + addMech(CKM_CAMELLIA_CBC, "CKM_CAMELLIA_CBC"); + addMech(CKM_CAMELLIA_MAC, "CKM_CAMELLIA_MAC"); + addMech(CKM_CAMELLIA_MAC_GENERAL, "CKM_CAMELLIA_MAC_GENERAL"); + addMech(CKM_CAMELLIA_CBC_PAD, "CKM_CAMELLIA_CBC_PAD"); + addMech(CKM_CAMELLIA_ECB_ENCRYPT_DATA, "CKM_CAMELLIA_ECB_ENCRYPT_DATA"); + addMech(CKM_CAMELLIA_CBC_ENCRYPT_DATA, "CKM_CAMELLIA_CBC_ENCRYPT_DATA"); + addMech(CKM_CAMELLIA_CTR, "CKM_CAMELLIA_CTR"); + + addMech(CKM_ARIA_KEY_GEN, "CKM_ARIA_KEY_GEN"); + addMech(CKM_ARIA_ECB, "CKM_ARIA_ECB"); + addMech(CKM_ARIA_CBC, "CKM_ARIA_CBC"); + addMech(CKM_ARIA_MAC, "CKM_ARIA_MAC"); + addMech(CKM_ARIA_MAC_GENERAL, "CKM_ARIA_MAC_GENERAL"); + addMech(CKM_ARIA_CBC_PAD, "CKM_ARIA_CBC_PAD"); + addMech(CKM_ARIA_ECB_ENCRYPT_DATA, "CKM_ARIA_ECB_ENCRYPT_DATA"); + addMech(CKM_ARIA_CBC_ENCRYPT_DATA, "CKM_ARIA_CBC_ENCRYPT_DATA"); + + addMech(CKM_SEED_KEY_GEN, "CKM_SEED_KEY_GEN"); + addMech(CKM_SEED_ECB, "CKM_SEED_ECB"); + addMech(CKM_SEED_CBC, "CKM_SEED_CBC"); + addMech(CKM_SEED_MAC, "CKM_SEED_MAC"); + addMech(CKM_SEED_MAC_GENERAL, "CKM_SEED_MAC_GENERAL"); + addMech(CKM_SEED_CBC_PAD, "CKM_SEED_CBC_PAD"); + addMech(CKM_SEED_ECB_ENCRYPT_DATA, "CKM_SEED_ECB_ENCRYPT_DATA"); + addMech(CKM_SEED_CBC_ENCRYPT_DATA, "CKM_SEED_CBC_ENCRYPT_DATA"); + addMech(CKM_SKIPJACK_KEY_GEN, "CKM_SKIPJACK_KEY_GEN"); addMech(CKM_SKIPJACK_ECB64, "CKM_SKIPJACK_ECB64"); addMech(CKM_SKIPJACK_CBC64, "CKM_SKIPJACK_CBC64"); @@ -780,9 +896,17 @@ public class Functions { addMech(CKM_EC_KEY_PAIR_GEN, "CKM_EC_KEY_PAIR_GEN"); addMech(CKM_ECDSA, "CKM_ECDSA"); addMech(CKM_ECDSA_SHA1, "CKM_ECDSA_SHA1"); + addMech(CKM_ECDSA_SHA224, "CKM_ECDSA_SHA224"); + addMech(CKM_ECDSA_SHA256, "CKM_ECDSA_SHA256"); + addMech(CKM_ECDSA_SHA384, "CKM_ECDSA_SHA384"); + addMech(CKM_ECDSA_SHA512, "CKM_ECDSA_SHA512"); + addMech(CKM_ECDH1_DERIVE, "CKM_ECDH1_DERIVE"); addMech(CKM_ECDH1_COFACTOR_DERIVE, "CKM_ECDH1_COFACTOR_DERIVE"); addMech(CKM_ECMQV_DERIVE, "CKM_ECMQV_DERIVE"); + addMech(CKM_ECDH_AES_KEY_WRAP, "CKM_ECDH_AES_KEY_WRAP"); + addMech(CKM_RSA_AES_KEY_WRAP, "CKM_RSA_AES_KEY_WRAP"); + addMech(CKM_JUNIPER_KEY_GEN, "CKM_JUNIPER_KEY_GEN"); addMech(CKM_JUNIPER_ECB128, "CKM_JUNIPER_ECB128"); addMech(CKM_JUNIPER_CBC128, "CKM_JUNIPER_CBC128"); @@ -796,11 +920,61 @@ public class Functions { addMech(CKM_AES_MAC, "CKM_AES_MAC"); addMech(CKM_AES_MAC_GENERAL, "CKM_AES_MAC_GENERAL"); addMech(CKM_AES_CBC_PAD, "CKM_AES_CBC_PAD"); + addMech(CKM_AES_CTR, "CKM_AES_CTR"); + addMech(CKM_AES_GCM, "CKM_AES_GCM"); + addMech(CKM_AES_CCM, "CKM_AES_CCM"); + addMech(CKM_AES_CTS, "CKM_AES_CTS"); + addMech(CKM_AES_CMAC, "CKM_AES_CMAC"); + addMech(CKM_AES_CMAC_GENERAL, "CKM_AES_CMAC_GENERAL"); + addMech(CKM_AES_XCBC_MAC, "CKM_AES_XCBC_MAC"); + addMech(CKM_AES_XCBC_MAC_96, "CKM_AES_XCBC_MAC_96"); + addMech(CKM_AES_GMAC, "CKM_AES_GMAC"); + addMech(CKM_BLOWFISH_KEY_GEN, "CKM_BLOWFISH_KEY_GEN"); addMech(CKM_BLOWFISH_CBC, "CKM_BLOWFISH_CBC"); + addMech(CKM_TWOFISH_KEY_GEN, "CKM_TWOFISH_KEY_GEN"); + addMech(CKM_TWOFISH_CBC, "CKM_TWOFISH_CBC"); + addMech(CKM_BLOWFISH_CBC_PAD, "CKM_BLOWFISH_CBC_PAD"); + addMech(CKM_TWOFISH_CBC_PAD, "CKM_TWOFISH_CBC_PAD"); + + addMech(CKM_DES_ECB_ENCRYPT_DATA, "CKM_DES_ECB_ENCRYPT_DATA"); + addMech(CKM_DES_CBC_ENCRYPT_DATA, "CKM_DES_CBC_ENCRYPT_DATA"); + addMech(CKM_DES3_ECB_ENCRYPT_DATA, "CKM_DES3_ECB_ENCRYPT_DATA"); + addMech(CKM_DES3_CBC_ENCRYPT_DATA, "CKM_DES3_CBC_ENCRYPT_DATA"); + addMech(CKM_AES_ECB_ENCRYPT_DATA, "CKM_AES_ECB_ENCRYPT_DATA"); + addMech(CKM_AES_CBC_ENCRYPT_DATA, "CKM_AES_CBC_ENCRYPT_DATA"); + + addMech(CKM_GOSTR3410_KEY_PAIR_GEN, "CKM_GOSTR3410_KEY_PAIR_GEN"); + addMech(CKM_GOSTR3410, "CKM_GOSTR3410"); + addMech(CKM_GOSTR3410_WITH_GOSTR3411, "CKM_GOSTR3410_WITH_GOSTR3411"); + addMech(CKM_GOSTR3410_KEY_WRAP, "CKM_GOSTR3410_KEY_WRAP"); + addMech(CKM_GOSTR3410_DERIVE, "CKM_GOSTR3410_DERIVE"); + addMech(CKM_GOSTR3411, "CKM_GOSTR3411"); + addMech(CKM_GOSTR3411_HMAC, "CKM_GOSTR3411_HMAC"); + addMech(CKM_GOST28147_KEY_GEN, "CKM_GOST28147_KEY_GEN"); + addMech(CKM_GOST28147_ECB, "CKM_GOST28147_ECB"); + addMech(CKM_GOST28147, "CKM_GOST28147"); + addMech(CKM_GOST28147_MAC, "CKM_GOST28147_MAC"); + addMech(CKM_GOST28147_KEY_WRAP, "CKM_GOST28147_KEY_WRAP"); + addMech(CKM_DSA_PARAMETER_GEN, "CKM_DSA_PARAMETER_GEN"); addMech(CKM_DH_PKCS_PARAMETER_GEN, "CKM_DH_PKCS_PARAMETER_GEN"); addMech(CKM_X9_42_DH_PARAMETER_GEN, "CKM_X9_42_DH_PARAMETER_GEN"); + addMech(CKM_DSA_PROBABLISTIC_PARAMETER_GEN, + "CKM_DSA_PROBABLISTIC_PARAMETER_GEN"); + addMech(CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN, + "CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN"); + addMech(CKM_AES_OFB, "CKM_AES_OFB"); + addMech(CKM_AES_CFB64, "CKM_AES_CFB64"); + addMech(CKM_AES_CFB8, "CKM_AES_CFB8"); + addMech(CKM_AES_CFB128, "CKM_AES_CFB128"); + addMech(CKM_AES_CFB1, "CKM_AES_CFB1"); + addMech(CKM_AES_KEY_WRAP, "CKM_AES_KEY_WRAP"); + addMech(CKM_AES_KEY_WRAP_PAD, "CKM_AES_KEY_WRAP_PAD"); + + addMech(CKM_RSA_PKCS_TPM_1_1, "CKM_RSA_PKCS_TPM_1_1"); + addMech(CKM_RSA_PKCS_OAEP_TPM_1_1, "CKM_RSA_PKCS_OAEP_TPM_1_1"); + addMech(CKM_VENDOR_DEFINED, "CKM_VENDOR_DEFINED"); addMech(CKM_NSS_TLS_PRF_GENERAL, "CKM_NSS_TLS_PRF_GENERAL"); @@ -808,11 +982,13 @@ public class Functions { addMech(PCKM_SECURERANDOM, "SecureRandom"); addMech(PCKM_KEYSTORE, "KeyStore"); - addHashMech(CKM_SHA_1, "SHA-1"); - addHashMech(CKM_SHA224, "SHA-224"); - addHashMech(CKM_SHA256, "SHA-256"); - addHashMech(CKM_SHA384, "SHA-384"); - addHashMech(CKM_SHA512, "SHA-512"); + addHashMech(CKM_SHA_1, "SHA-1", "SHA", "SHA1"); + addHashMech(CKM_SHA224, "SHA-224", "SHA224"); + addHashMech(CKM_SHA256, "SHA-256", "SHA256"); + addHashMech(CKM_SHA384, "SHA-384", "SHA384"); + addHashMech(CKM_SHA512, "SHA-512", "SHA512"); + addHashMech(CKM_SHA512_224, "SHA-512/224", "SHA512/224"); + addHashMech(CKM_SHA512_256, "SHA-512/256", "SHA512/256"); addKeyType(CKK_RSA, "CKK_RSA"); addKeyType(CKK_DSA, "CKK_DSA"); @@ -837,6 +1013,25 @@ public class Functions { addKeyType(CKK_CDMF, "CKK_CDMF"); addKeyType(CKK_AES, "CKK_AES"); addKeyType(CKK_BLOWFISH, "CKK_BLOWFISH"); + addKeyType(CKK_TWOFISH, "CKK_TWOFISH"); + addKeyType(CKK_SECURID, "CKK_SECURID"); + addKeyType(CKK_HOTP, "CKK_HOTP"); + addKeyType(CKK_ACTI, "CKK_ACTI"); + addKeyType(CKK_CAMELLIA, "CKK_CAMELLIA"); + addKeyType(CKK_ARIA, "CKK_ARIA"); + addKeyType(CKK_MD5_HMAC, "CKK_MD5_HMAC"); + addKeyType(CKK_SHA_1_HMAC, "CKK_SHA_1_HMAC"); + addKeyType(CKK_RIPEMD128_HMAC, "CKK_RIPEMD128_HMAC"); + addKeyType(CKK_RIPEMD160_HMAC, "CKK_RIPEMD160_HMAC"); + addKeyType(CKK_SHA256_HMAC, "CKK_SHA256_HMAC"); + addKeyType(CKK_SHA384_HMAC, "CKK_SHA384_HMAC"); + addKeyType(CKK_SHA512_HMAC, "CKK_SHA512_HMAC"); + addKeyType(CKK_SHA224_HMAC, "CKK_SHA224_HMAC"); + addKeyType(CKK_SEED, "CKK_SEED"); + addKeyType(CKK_GOSTR3410, "CKK_GOSTR3410"); + addKeyType(CKK_GOSTR3411, "CKK_GOSTR3411"); + addKeyType(CKK_GOST28147, "CKK_GOST28147"); + addKeyType(CKK_VENDOR_DEFINED, "CKK_VENDOR_DEFINED"); addKeyType(PCKK_ANY, "*"); @@ -855,6 +1050,16 @@ public class Functions { addAttribute(CKA_OWNER, "CKA_OWNER"); addAttribute(CKA_ATTR_TYPES, "CKA_ATTR_TYPES"); addAttribute(CKA_TRUSTED, "CKA_TRUSTED"); + addAttribute(CKA_CERTIFICATE_CATEGORY, "CKA_CERTIFICATE_CATEGORY"); + addAttribute(CKA_JAVA_MIDP_SECURITY_DOMAIN, + "CKA_JAVA_MIDP_SECURITY_DOMAIN"); + addAttribute(CKA_URL, "CKA_URL"); + addAttribute(CKA_HASH_OF_SUBJECT_PUBLIC_KEY, + "CKA_HASH_OF_SUBJECT_PUBLIC_KEY"); + addAttribute(CKA_HASH_OF_ISSUER_PUBLIC_KEY, + "CKA_HASH_OF_ISSUER_PUBLIC_KEY"); + addAttribute(CKA_NAME_HASH_ALGORITHM, "CKA_NAME_HASH_ALGORITHM"); + addAttribute(CKA_CHECK_VALUE, "CKA_CHECK_VALUE"); addAttribute(CKA_KEY_TYPE, "CKA_KEY_TYPE"); addAttribute(CKA_SUBJECT, "CKA_SUBJECT"); addAttribute(CKA_ID, "CKA_ID"); @@ -879,6 +1084,7 @@ public class Functions { addAttribute(CKA_EXPONENT_1, "CKA_EXPONENT_1"); addAttribute(CKA_EXPONENT_2, "CKA_EXPONENT_2"); addAttribute(CKA_COEFFICIENT, "CKA_COEFFICIENT"); + addAttribute(CKA_PUBLIC_KEY_INFO, "CKA_PUBLIC_KEY_INFO"); addAttribute(CKA_PRIME, "CKA_PRIME"); addAttribute(CKA_SUBPRIME, "CKA_SUBPRIME"); addAttribute(CKA_BASE, "CKA_BASE"); @@ -886,19 +1092,69 @@ public class Functions { addAttribute(CKA_SUB_PRIME_BITS, "CKA_SUB_PRIME_BITS"); addAttribute(CKA_VALUE_BITS, "CKA_VALUE_BITS"); addAttribute(CKA_VALUE_LEN, "CKA_VALUE_LEN"); + addAttribute(CKA_EXTRACTABLE, "CKA_EXTRACTABLE"); addAttribute(CKA_LOCAL, "CKA_LOCAL"); addAttribute(CKA_NEVER_EXTRACTABLE, "CKA_NEVER_EXTRACTABLE"); addAttribute(CKA_ALWAYS_SENSITIVE, "CKA_ALWAYS_SENSITIVE"); + addAttribute(CKA_KEY_GEN_MECHANISM, "CKA_KEY_GEN_MECHANISM"); addAttribute(CKA_MODIFIABLE, "CKA_MODIFIABLE"); + addAttribute(CKA_COPYABLE, "CKA_COPYABLE"); + addAttribute(CKA_DESTROYABLE, "CKA_DESTROYABLE"); + addAttribute(CKA_EC_PARAMS, "CKA_EC_PARAMS"); addAttribute(CKA_EC_POINT, "CKA_EC_POINT"); + addAttribute(CKA_SECONDARY_AUTH, "CKA_SECONDARY_AUTH"); addAttribute(CKA_AUTH_PIN_FLAGS, "CKA_AUTH_PIN_FLAGS"); + addAttribute(CKA_ALWAYS_AUTHENTICATE, "CKA_ALWAYS_AUTHENTICATE"); + addAttribute(CKA_WRAP_WITH_TRUSTED, "CKA_WRAP_WITH_TRUSTED"); + addAttribute(CKA_WRAP_TEMPLATE, "CKA_WRAP_TEMPLATE"); + addAttribute(CKA_UNWRAP_TEMPLATE, "CKA_UNWRAP_TEMPLATE"); + addAttribute(CKA_DERIVE_TEMPLATE, "CKA_DERIVE_TEMPLATE"); + addAttribute(CKA_OTP_FORMAT, "CKA_OTP_FORMAT"); + addAttribute(CKA_OTP_LENGTH, "CKA_OTP_LENGTH"); + addAttribute(CKA_OTP_TIME_INTERVAL, "CKA_OTP_TIME_INTERVAL"); + addAttribute(CKA_OTP_USER_FRIENDLY_MODE,"CKA_OTP_USER_FRIENDLY_MODE"); + addAttribute(CKA_OTP_CHALLENGE_REQUIREMENT, + "CKA_OTP_CHALLENGE_REQUIREMENT"); + addAttribute(CKA_OTP_TIME_REQUIREMENT, "CKA_OTP_TIME_REQUIREMENT"); + addAttribute(CKA_OTP_COUNTER_REQUIREMENT, + "CKA_OTP_COUNTER_REQUIREMENT"); + addAttribute(CKA_OTP_PIN_REQUIREMENT, "CKA_OTP_PIN_REQUIREMENT"); + addAttribute(CKA_OTP_COUNTER, "CKA_OTP_COUNTER"); + addAttribute(CKA_OTP_TIME, "CKA_OTP_TIME"); + addAttribute(CKA_OTP_USER_IDENTIFIER, "CKA_OTP_USER_IDENTIFIER"); + addAttribute(CKA_OTP_SERVICE_IDENTIFIER,"CKA_OTP_SERVICE_IDENTIFIER"); + addAttribute(CKA_OTP_SERVICE_LOGO, "CKA_OTP_SERVICE_LOGO"); + addAttribute(CKA_OTP_SERVICE_LOGO_TYPE, "CKA_OTP_SERVICE_LOGO_TYPE"); + addAttribute(CKA_GOSTR3410_PARAMS, "CKA_GOSTR3410_PARAMS"); + addAttribute(CKA_GOSTR3411_PARAMS, "CKA_GOSTR3411_PARAMS"); + addAttribute(CKA_GOST28147_PARAMS, "CKA_GOST28147_PARAMS"); + addAttribute(CKA_HW_FEATURE_TYPE, "CKA_HW_FEATURE_TYPE"); addAttribute(CKA_RESET_ON_INIT, "CKA_RESET_ON_INIT"); addAttribute(CKA_HAS_RESET, "CKA_HAS_RESET"); + + addAttribute(CKA_PIXEL_X, "CKA_PIXEL_X"); + addAttribute(CKA_PIXEL_Y, "CKA_PIXEL_Y"); + addAttribute(CKA_RESOLUTION, "CKA_RESOLUTION"); + addAttribute(CKA_CHAR_ROWS, "CKA_CHAR_ROWS"); + addAttribute(CKA_CHAR_COLUMNS, "CKA_CHAR_COLUMNS"); + addAttribute(CKA_COLOR, "CKA_COLOR"); + addAttribute(CKA_BITS_PER_PIXEL, "CKA_BITS_PER_PIXEL"); + addAttribute(CKA_CHAR_SETS, "CKA_CHAR_SETS"); + addAttribute(CKA_ENCODING_METHODS, "CKA_ENCODING_METHODS"); + addAttribute(CKA_MIME_TYPES, "CKA_MIME_TYPES"); + addAttribute(CKA_MECHANISM_TYPE, "CKA_MECHANISM_TYPE"); + addAttribute(CKA_REQUIRED_CMS_ATTRIBUTES, + "CKA_REQUIRED_CMS_ATTRIBUTES"); + addAttribute(CKA_DEFAULT_CMS_ATTRIBUTES,"CKA_DEFAULT_CMS_ATTRIBUTES"); + addAttribute(CKA_SUPPORTED_CMS_ATTRIBUTES, + "CKA_SUPPORTED_CMS_ATTRIBUTES"); + addAttribute(CKA_ALLOWED_MECHANISMS, "CKA_ALLOWED_MECHANISMS"); + addAttribute(CKA_VENDOR_DEFINED, "CKA_VENDOR_DEFINED"); addAttribute(CKA_NETSCAPE_DB, "CKA_NETSCAPE_DB"); @@ -920,6 +1176,11 @@ public class Functions { addObjectClass(PCKO_ANY, "*"); + addMGF(CKG_MGF1_SHA1, "CKG_MGF1_SHA1"); + addMGF(CKG_MGF1_SHA256, "CKG_MGF1_SHA256"); + addMGF(CKG_MGF1_SHA384, "CKG_MGF1_SHA384"); + addMGF(CKG_MGF1_SHA512, "CKG_MGF1_SHA512"); + addMGF(CKG_MGF1_SHA224, "CKG_MGF1_SHA224"); } } diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java index d93fa3cbb27..04a369f453c 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -97,6 +97,12 @@ public class PKCS11 { // static initializer, hence this method is empty. } + /* ***************************************************************************** + * Utility, Resource Clean up + ******************************************************************************/ + // always return 0L + public static native long freeMechanism(long hMechanism); + /** * The PKCS#11 module to connect to. This is the PKCS#11 driver of the token; * e.g. pk2priv.dll. @@ -729,17 +735,25 @@ public class PKCS11 { * * @param hSession the session's handle * (PKCS#11 param: CK_SESSION_HANDLE hSession) - * @param pData the data to get encrypted and the data's length + * @param directIn the address of the to-be-encrypted data + * @param in buffer containing the to-be-encrypted data + * @param inOfs buffer offset of the to-be-encrypted data + * @param inLen length of the to-be-encrypted data * (PKCS#11 param: CK_BYTE_PTR pData, CK_ULONG ulDataLen) - * @return the encrypted data and the encrypted data's length + * @param directOut the address for the encrypted data + * @param out buffer for the encrypted data + * @param outOfs buffer offset for the encrypted data + * @param outLen buffer size for the encrypted data + * @return the length of encrypted data * (PKCS#11 param: CK_BYTE_PTR pEncryptedData, * CK_ULONG_PTR pulEncryptedDataLen) * @exception PKCS11Exception If function returns other value than CKR_OK. - * @preconditions (pData <> null) - * @postconditions (result <> null) + * @preconditions + * @postconditions */ - public native int C_Encrypt(long hSession, byte[] in, int inOfs, int inLen, - byte[] out, int outOfs, int outLen) throws PKCS11Exception; + public native int C_Encrypt(long hSession, long directIn, byte[] in, + int inOfs, int inLen, long directOut, byte[] out, int outOfs, + int outLen) throws PKCS11Exception; /** @@ -749,13 +763,20 @@ public class PKCS11 { * * @param hSession the session's handle * (PKCS#11 param: CK_SESSION_HANDLE hSession) - * @param pPart the data part to get encrypted and the data part's length + * @param directIn the address of the to-be-encrypted data + * @param in buffer containing the to-be-encrypted data + * @param inOfs buffer offset of the to-be-encrypted data + * @param inLen length of the to-be-encrypted data * (PKCS#11 param: CK_BYTE_PTR pPart, CK_ULONG ulPartLen) - * @return the encrypted data part and the encrypted data part's length + * @param directOut the address for the encrypted data + * @param out buffer for the encrypted data + * @param outOfs buffer offset for the encrypted data + * @param outLen buffer size for the encrypted data + * @return the length of encrypted data for this update * (PKCS#11 param: CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen) * @exception PKCS11Exception If function returns other value than CKR_OK. - * @preconditions (pPart <> null) + * @preconditions * @postconditions */ public native int C_EncryptUpdate(long hSession, long directIn, byte[] in, @@ -770,12 +791,16 @@ public class PKCS11 { * * @param hSession the session's handle * (PKCS#11 param: CK_SESSION_HANDLE hSession) - * @return the last encrypted data part and the last data part's length + * @param directOut the address for the encrypted data + * @param out buffer for the encrypted data + * @param outOfs buffer offset for the encrypted data + * @param outLen buffer size for the encrypted data + * @return the length of the last part of the encrypted data * (PKCS#11 param: CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pulLastEncryptedPartLen) * @exception PKCS11Exception If function returns other value than CKR_OK. * @preconditions - * @postconditions (result <> null) + * @postconditions */ public native int C_EncryptFinal(long hSession, long directOut, byte[] out, int outOfs, int outLen) throws PKCS11Exception; @@ -805,18 +830,25 @@ public class PKCS11 { * * @param hSession the session's handle * (PKCS#11 param: CK_SESSION_HANDLE hSession) - * @param pEncryptedData the encrypted data to get decrypted and the - * encrypted data's length - * (PKCS#11 param: CK_BYTE_PTR pEncryptedData, - * CK_ULONG ulEncryptedDataLen) - * @return the decrypted data and the data's length + * @param directIn the address of the to-be-decrypted data + * @param in buffer containing the to-be-decrypted data + * @param inOfs buffer offset of the to-be-decrypted data + * @param inLen length of the to-be-decrypted data + * (PKCS#11 param: CK_BYTE_PTR pDecryptedData, + * CK_ULONG ulDecryptedDataLen) + * @param directOut the address for the decrypted data + * @param out buffer for the decrypted data + * @param outOfs buffer offset for the decrypted data + * @param outLen buffer size for the decrypted data + * @return the length of decrypted data * (PKCS#11 param: CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen) * @exception PKCS11Exception If function returns other value than CKR_OK. - * @preconditions (pEncryptedPart <> null) - * @postconditions (result <> null) + * @preconditions + * @postconditions */ - public native int C_Decrypt(long hSession, byte[] in, int inOfs, int inLen, - byte[] out, int outOfs, int outLen) throws PKCS11Exception; + public native int C_Decrypt(long hSession, long directIn, byte[] in, + int inOfs, int inLen, long directOut, byte[] out, int outOfs, + int outLen) throws PKCS11Exception; /** @@ -826,14 +858,20 @@ public class PKCS11 { * * @param hSession the session's handle * (PKCS#11 param: CK_SESSION_HANDLE hSession) - * @param pEncryptedPart the encrypted data part to get decrypted and the - * encrypted data part's length - * (PKCS#11 param: CK_BYTE_PTR pEncryptedPart, - * CK_ULONG ulEncryptedPartLen) - * @return the decrypted data part and the data part's length + * @param directIn the address of the to-be-decrypted data + * @param in buffer containing the to-be-decrypted data + * @param inOfs buffer offset of the to-be-decrypted data + * @param inLen length of the to-be-decrypted data + * (PKCS#11 param: CK_BYTE_PTR pDecryptedPart, + * CK_ULONG ulDecryptedPartLen) + * @param directOut the address for the decrypted data + * @param out buffer for the decrypted data + * @param outOfs buffer offset for the decrypted data + * @param outLen buffer size for the decrypted data + * @return the length of decrypted data for this update * (PKCS#11 param: CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen) * @exception PKCS11Exception If function returns other value than CKR_OK. - * @preconditions (pEncryptedPart <> null) + * @preconditions * @postconditions */ public native int C_DecryptUpdate(long hSession, long directIn, byte[] in, @@ -848,12 +886,16 @@ public class PKCS11 { * * @param hSession the session's handle * (PKCS#11 param: CK_SESSION_HANDLE hSession) - * @return the last decrypted data part and the last data part's length + * @param directOut the address for the decrypted data + * @param out buffer for the decrypted data + * @param outOfs buffer offset for the decrypted data + * @param outLen buffer size for the decrypted data + * @return the length of this last part of decrypted data * (PKCS#11 param: CK_BYTE_PTR pLastPart, * CK_ULONG_PTR pulLastPartLen) * @exception PKCS11Exception If function returns other value than CKR_OK. * @preconditions - * @postconditions (result <> null) + * @postconditions */ public native int C_DecryptFinal(long hSession, long directOut, byte[] out, int outOfs, int outLen) throws PKCS11Exception; @@ -1027,6 +1069,7 @@ public class PKCS11 { * * @param hSession the session's handle * (PKCS#11 param: CK_SESSION_HANDLE hSession) + * @param expectedLen expected signature length, can be 0 if unknown * @return the signature and the signature's length * (PKCS#11 param: CK_BYTE_PTR pSignature, * CK_ULONG_PTR pulSignatureLen) @@ -1285,7 +1328,6 @@ public class PKCS11 { // byte[] pEncryptedPart) throws PKCS11Exception; - /* ***************************************************************************** * Key management ******************************************************************************/ @@ -1692,10 +1734,11 @@ static class SynchronizedPKCS11 extends PKCS11 { super.C_EncryptInit(hSession, pMechanism, hKey); } - public synchronized int C_Encrypt(long hSession, byte[] in, int inOfs, - int inLen, byte[] out, int outOfs, int outLen) + public synchronized int C_Encrypt(long hSession, long directIn, byte[] in, + int inOfs, int inLen, long directOut, byte[] out, int outOfs, int outLen) throws PKCS11Exception { - return super.C_Encrypt(hSession, in, inOfs, inLen, out, outOfs, outLen); + return super.C_Encrypt(hSession, directIn, in, inOfs, inLen, + directOut, out, outOfs, outLen); } public synchronized int C_EncryptUpdate(long hSession, long directIn, @@ -1715,10 +1758,11 @@ static class SynchronizedPKCS11 extends PKCS11 { super.C_DecryptInit(hSession, pMechanism, hKey); } - public synchronized int C_Decrypt(long hSession, byte[] in, int inOfs, - int inLen, byte[] out, int outOfs, int outLen) - throws PKCS11Exception { - return super.C_Decrypt(hSession, in, inOfs, inLen, out, outOfs, outLen); + public synchronized int C_Decrypt(long hSession, long directIn, + byte[] in, int inOfs, int inLen, long directOut, byte[] out, + int outOfs, int outLen) throws PKCS11Exception { + return super.C_Decrypt(hSession, directIn, in, inOfs, inLen, + directOut, out, outOfs, outLen); } public synchronized int C_DecryptUpdate(long hSession, long directIn, diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java index 4d44317a454..f36b0534083 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -144,98 +144,46 @@ public interface PKCS11Constants { /* normal user's PIN is set */ public static final long CKF_USER_PIN_INITIALIZED = 0x00000008L; - /* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set, - * that means that *every* time the state of cryptographic - * operations of a session is successfully saved, all keys - * needed to continue those operations are stored in the state */ public static final long CKF_RESTORE_KEY_NOT_NEEDED = 0x00000020L; - /* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means - * that the token has some sort of clock. The time on that - * clock is returned in the token info structure */ public static final long CKF_CLOCK_ON_TOKEN = 0x00000040L; - /* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is - * set, that means that there is some way for the user to login - * without sending a PIN through the Cryptoki library itself */ public static final long CKF_PROTECTED_AUTHENTICATION_PATH = 0x00000100L; - /* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true, - * that means that a single session with the token can perform - * dual simultaneous cryptographic operations (digest and - * encrypt; decrypt and digest; sign and encrypt; and decrypt - * and sign) */ public static final long CKF_DUAL_CRYPTO_OPERATIONS = 0x00000200L; - /* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the - * token has been initialized using C_InitializeToken or an - * equivalent mechanism outside the scope of PKCS #11. - * Calling C_InitializeToken when this flag is set will cause - * the token to be reinitialized. */ public static final long CKF_TOKEN_INITIALIZED = 0x00000400L; - /* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is - * true, the token supports secondary authentication for - * private key objects. */ public static final long CKF_SECONDARY_AUTHENTICATION = 0x00000800L; - /* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an - * incorrect user login PIN has been entered at least once - * since the last successful authentication. */ public static final long CKF_USER_PIN_COUNT_LOW = 0x00010000L; - /* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true, - * supplying an incorrect user PIN will it to become locked. */ public static final long CKF_USER_PIN_FINAL_TRY = 0x00020000L; - /* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the - * user PIN has been locked. User login to the token is not - * possible. */ public static final long CKF_USER_PIN_LOCKED = 0x00040000L; - /* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true, - * the user PIN value is the default value set by token - * initialization or manufacturing. */ public static final long CKF_USER_PIN_TO_BE_CHANGED = 0x00080000L; - /* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an - * incorrect SO login PIN has been entered at least once since - * the last successful authentication. */ public static final long CKF_SO_PIN_COUNT_LOW = 0x00100000L; - /* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true, - * supplying an incorrect SO PIN will it to become locked. */ public static final long CKF_SO_PIN_FINAL_TRY = 0x00200000L; - /* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO - * PIN has been locked. SO login to the token is not possible. - */ public static final long CKF_SO_PIN_LOCKED = 0x00400000L; - /* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true, - * the SO PIN value is the default value set by token - * initialization or manufacturing. */ public static final long CKF_SO_PIN_TO_BE_CHANGED = 0x00800000L; - - /* CK_USER_TYPE enumerates the types of Cryptoki users */ - /* CK_USER_TYPE has been changed from an enum to a CK_ULONG for - * v2.0 */ /* Security Officer */ public static final long CKU_SO = 0L; /* Normal user */ public static final long CKU_USER = 1L; /* CK_STATE enumerates the session states */ - /* CK_STATE has been changed from an enum to a CK_ULONG for - * v2.0 */ public static final long CKS_RO_PUBLIC_SESSION = 0L; public static final long CKS_RO_USER_FUNCTIONS = 1L; public static final long CKS_RW_PUBLIC_SESSION = 2L; public static final long CKS_RW_USER_FUNCTIONS = 3L; public static final long CKS_RW_SO_FUNCTIONS = 4L; - /* The flags are defined in the following table: * Bit Flag Mask Meaning */ @@ -246,8 +194,6 @@ public interface PKCS11Constants { /* The following classes of objects are defined: */ - /* CKO_HW_FEATURE is new for v2.10 */ - /* CKO_DOMAIN_PARAMETERS is new for v2.11 */ public static final long CKO_DATA = 0x00000000L; public static final long CKO_CERTIFICATE = 0x00000001L; public static final long CKO_PUBLIC_KEY = 0x00000002L; @@ -267,62 +213,73 @@ public interface PKCS11Constants { public static final long CKH_VENDOR_DEFINED = 0x80000000L; /* the following key types are defined: */ - public static final long CKK_RSA = 0x00000000L; - public static final long CKK_DSA = 0x00000001L; - public static final long CKK_DH = 0x00000002L; + public static final long CKK_RSA = 0x00000000L; + public static final long CKK_DSA = 0x00000001L; + public static final long CKK_DH = 0x00000002L; + public static final long CKK_ECDSA /*deprecated*/ = 0x00000003L; + public static final long CKK_EC = 0x00000003L; + public static final long CKK_X9_42_DH = 0x00000004L; + public static final long CKK_KEA = 0x00000005L; + public static final long CKK_GENERIC_SECRET = 0x00000010L; + public static final long CKK_RC2 = 0x00000011L; + public static final long CKK_RC4 = 0x00000012L; + public static final long CKK_DES = 0x00000013L; + public static final long CKK_DES2 = 0x00000014L; + public static final long CKK_DES3 = 0x00000015L; - /* CKK_ECDSA and CKK_KEA are new for v2.0 */ - /* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */ - public static final long CKK_ECDSA = 0x00000003L; - public static final long CKK_EC = 0x00000003L; - public static final long CKK_X9_42_DH = 0x00000004L; - public static final long CKK_KEA = 0x00000005L; + public static final long CKK_CAST = 0x00000016L; + public static final long CKK_CAST3 = 0x00000017L; + public static final long CKK_CAST5 /*deprecated*/ = 0x00000018L; + public static final long CKK_CAST128 = 0x00000018L; + public static final long CKK_RC5 = 0x00000019L; + public static final long CKK_IDEA = 0x0000001AL; + public static final long CKK_SKIPJACK = 0x0000001BL; + public static final long CKK_BATON = 0x0000001CL; + public static final long CKK_JUNIPER = 0x0000001DL; + public static final long CKK_CDMF = 0x0000001EL; + public static final long CKK_AES = 0x0000001FL; + public static final long CKK_BLOWFISH = 0x00000020L; + public static final long CKK_TWOFISH = 0x00000021L; + public static final long CKK_SECURID = 0x00000022L; + public static final long CKK_HOTP = 0x00000023L; + public static final long CKK_ACTI = 0x00000024L; + public static final long CKK_CAMELLIA = 0x00000025L; + public static final long CKK_ARIA = 0x00000026L; - public static final long CKK_GENERIC_SECRET = 0x00000010L; - public static final long CKK_RC2 = 0x00000011L; - public static final long CKK_RC4 = 0x00000012L; - public static final long CKK_DES = 0x00000013L; - public static final long CKK_DES2 = 0x00000014L; - public static final long CKK_DES3 = 0x00000015L; + public static final long CKK_MD5_HMAC = 0x00000027L; + public static final long CKK_SHA_1_HMAC = 0x00000028L; + public static final long CKK_RIPEMD128_HMAC = 0x00000029L; + public static final long CKK_RIPEMD160_HMAC = 0x0000002AL; + public static final long CKK_SHA256_HMAC = 0x0000002BL; + public static final long CKK_SHA384_HMAC = 0x0000002CL; + public static final long CKK_SHA512_HMAC = 0x0000002DL; + public static final long CKK_SHA224_HMAC = 0x0000002EL; - /* all these key types are new for v2.0 */ - public static final long CKK_CAST = 0x00000016L; - public static final long CKK_CAST3 = 0x00000017L; - /* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */ - public static final long CKK_CAST5 = 0x00000018L; - /* CAST128=CAST5 */ - public static final long CKK_CAST128 = 0x00000018L; - public static final long CKK_RC5 = 0x00000019L; - public static final long CKK_IDEA = 0x0000001AL; - public static final long CKK_SKIPJACK = 0x0000001BL; - public static final long CKK_BATON = 0x0000001CL; - public static final long CKK_JUNIPER = 0x0000001DL; - public static final long CKK_CDMF = 0x0000001EL; - public static final long CKK_AES = 0x0000001FL; - // v2.20 - public static final long CKK_BLOWFISH = 0x00000020L; - - public static final long CKK_VENDOR_DEFINED = 0x80000000L; - - // new for v2.20 amendment 3 - //public static final long CKK_CAMELLIA = 0x00000025L; - //public static final long CKK_ARIA = 0x00000026L; + public static final long CKK_SEED = 0x0000002FL; + public static final long CKK_GOSTR3410 = 0x00000030L; + public static final long CKK_GOSTR3411 = 0x00000031L; + public static final long CKK_GOST28147 = 0x00000032L; +; + public static final long CKK_VENDOR_DEFINED = 0x80000000L; // pseudo key type ANY (for template manager) - public static final long PCKK_ANY = 0x7FFFFF22L; + public static final long PCKK_ANY = 0x7FFFFF22L; - public static final long PCKK_HMAC = 0x7FFFFF23L; - public static final long PCKK_SSLMAC = 0x7FFFFF24L; - public static final long PCKK_TLSPREMASTER = 0x7FFFFF25L; - public static final long PCKK_TLSRSAPREMASTER = 0x7FFFFF26L; - public static final long PCKK_TLSMASTER = 0x7FFFFF27L; + public static final long PCKK_HMAC = 0x7FFFFF23L; + public static final long PCKK_SSLMAC = 0x7FFFFF24L; + public static final long PCKK_TLSPREMASTER = 0x7FFFFF25L; + public static final long PCKK_TLSRSAPREMASTER = 0x7FFFFF26L; + public static final long PCKK_TLSMASTER = 0x7FFFFF27L; /* The following certificate types are defined: */ - /* CKC_X_509_ATTR_CERT is new for v2.10 */ - public static final long CKC_X_509 = 0x00000000L; - public static final long CKC_X_509_ATTR_CERT = 0x00000001L; - public static final long CKC_VENDOR_DEFINED = 0x80000000L; + public static final long CKC_X_509 = 0x00000000L; + public static final long CKC_X_509_ATTR_CERT = 0x00000001L; + public static final long CKC_VENDOR_DEFINED = 0x80000000L; + /* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which + * consists of an array of values. + */ + public static final long CKF_ARRAY_ATTRIBUTE = 0x40000000L; /* The following attribute types are defined: */ public static final long CKA_CLASS = 0x00000000L; @@ -331,22 +288,26 @@ public interface PKCS11Constants { public static final long CKA_LABEL = 0x00000003L; public static final long CKA_APPLICATION = 0x00000010L; public static final long CKA_VALUE = 0x00000011L; - - /* CKA_OBJECT_ID is new for v2.10 */ public static final long CKA_OBJECT_ID = 0x00000012L; - public static final long CKA_CERTIFICATE_TYPE = 0x00000080L; public static final long CKA_ISSUER = 0x00000081L; public static final long CKA_SERIAL_NUMBER = 0x00000082L; - - /* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new L; - * for v2.10 */ public static final long CKA_AC_ISSUER = 0x00000083L; public static final long CKA_OWNER = 0x00000084L; public static final long CKA_ATTR_TYPES = 0x00000085L; - - /* CKA_TRUSTED is new for v2.11 */ public static final long CKA_TRUSTED = 0x00000086L; + public static final long CKA_CERTIFICATE_CATEGORY + = 0x00000087L; + public static final long CKA_JAVA_MIDP_SECURITY_DOMAIN + = 0x00000088L; + public static final long CKA_URL = 0x00000089L; + public static final long CKA_HASH_OF_SUBJECT_PUBLIC_KEY + = 0x0000008AL; + public static final long CKA_HASH_OF_ISSUER_PUBLIC_KEY + = 0x0000008BL; + public static final long CKA_NAME_HASH_ALGORITHM + = 0x0000008CL; + public static final long CKA_CHECK_VALUE = 0x00000090L; public static final long CKA_KEY_TYPE = 0x00000100L; public static final long CKA_SUBJECT = 0x00000101L; @@ -372,45 +333,79 @@ public interface PKCS11Constants { public static final long CKA_EXPONENT_1 = 0x00000126L; public static final long CKA_EXPONENT_2 = 0x00000127L; public static final long CKA_COEFFICIENT = 0x00000128L; + public static final long CKA_PUBLIC_KEY_INFO = 0x00000129L; public static final long CKA_PRIME = 0x00000130L; public static final long CKA_SUBPRIME = 0x00000131L; public static final long CKA_BASE = 0x00000132L; - /* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */ public static final long CKA_PRIME_BITS = 0x00000133L; public static final long CKA_SUB_PRIME_BITS = 0x00000134L; public static final long CKA_VALUE_BITS = 0x00000160L; public static final long CKA_VALUE_LEN = 0x00000161L; - /* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE, - * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS, - * and CKA_EC_POINT are new for v2.0 */ public static final long CKA_EXTRACTABLE = 0x00000162L; public static final long CKA_LOCAL = 0x00000163L; public static final long CKA_NEVER_EXTRACTABLE = 0x00000164L; public static final long CKA_ALWAYS_SENSITIVE = 0x00000165L; - /* CKA_KEY_GEN_MECHANISM is new for v2.11 */ public static final long CKA_KEY_GEN_MECHANISM = 0x00000166L; public static final long CKA_MODIFIABLE = 0x00000170L; + public static final long CKA_COPYABLE = 0x00000171L; + public static final long CKA_DESTROYABLE = 0x00000172L; - /* CKA_ECDSA_PARAMS is deprecated in v2.11, - * CKA_EC_PARAMS is preferred. */ - public static final long CKA_ECDSA_PARAMS = 0x00000180L; - public static final long CKA_EC_PARAMS = 0x00000180L; - public static final long CKA_EC_POINT = 0x00000181L; + public static final long CKA_ECDSA_PARAMS /*deprecated*/ = 0x00000180L; + public static final long CKA_EC_PARAMS = 0x00000180L; + public static final long CKA_EC_POINT = 0x00000181L; + + public static final long CKA_SECONDARY_AUTH /*deprecated*/= 0x00000200L; + public static final long CKA_AUTH_PIN_FLAGS /*deprecated*/= 0x00000201L; + public static final long CKA_ALWAYS_AUTHENTICATE = 0x00000202L; + public static final long CKA_WRAP_WITH_TRUSTED = 0x00000210L; + public static final long CKA_WRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE|0x00000211L); + public static final long CKA_UNWRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE|0x00000212L); + public static final long CKA_DERIVE_TEMPLATE = (CKF_ARRAY_ATTRIBUTE|0x00000213L); + + public static final long CKA_OTP_FORMAT = 0x00000220L; + public static final long CKA_OTP_LENGTH = 0x00000221L; + public static final long CKA_OTP_TIME_INTERVAL = 0x00000222L; + public static final long CKA_OTP_USER_FRIENDLY_MODE = 0x00000223L; + public static final long CKA_OTP_CHALLENGE_REQUIREMENT = 0x00000224L; + public static final long CKA_OTP_TIME_REQUIREMENT = 0x00000225L; + public static final long CKA_OTP_COUNTER_REQUIREMENT = 0x00000226L; + public static final long CKA_OTP_PIN_REQUIREMENT = 0x00000227L; + public static final long CKA_OTP_COUNTER = 0x0000022EL; + public static final long CKA_OTP_TIME = 0x0000022FL; + public static final long CKA_OTP_USER_IDENTIFIER = 0x0000022AL; + public static final long CKA_OTP_SERVICE_IDENTIFIER = 0x0000022BL; + public static final long CKA_OTP_SERVICE_LOGO = 0x0000022CL; + public static final long CKA_OTP_SERVICE_LOGO_TYPE = 0x0000022DL; + + public static final long CKA_GOSTR3410_PARAMS = 0x00000250L; + public static final long CKA_GOSTR3411_PARAMS = 0x00000251L; + public static final long CKA_GOST28147_PARAMS = 0x00000252L; - /* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS, - * CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET - * are new for v2.10 */ - public static final long CKA_SECONDARY_AUTH = 0x00000200L; - public static final long CKA_AUTH_PIN_FLAGS = 0x00000201L; public static final long CKA_HW_FEATURE_TYPE = 0x00000300L; public static final long CKA_RESET_ON_INIT = 0x00000301L; public static final long CKA_HAS_RESET = 0x00000302L; + public static final long CKA_PIXEL_X = 0x00000400L; + public static final long CKA_PIXEL_Y = 0x00000401L; + public static final long CKA_RESOLUTION = 0x00000402L; + public static final long CKA_CHAR_ROWS = 0x00000403L; + public static final long CKA_CHAR_COLUMNS = 0x00000404L; + public static final long CKA_COLOR = 0x00000405L; + public static final long CKA_BITS_PER_PIXEL = 0x00000406L; + public static final long CKA_CHAR_SETS = 0x00000480L; + public static final long CKA_ENCODING_METHODS = 0x00000481L; + public static final long CKA_MIME_TYPES = 0x00000482L; + public static final long CKA_MECHANISM_TYPE = 0x00000500L; + public static final long CKA_REQUIRED_CMS_ATTRIBUTES = 0x00000501L; + public static final long CKA_DEFAULT_CMS_ATTRIBUTES = 0x00000502L; + public static final long CKA_SUPPORTED_CMS_ATTRIBUTES = 0x00000503L; + public static final long CKA_ALLOWED_MECHANISMS = (CKF_ARRAY_ATTRIBUTE|0x00000600L); + public static final long CKA_VENDOR_DEFINED = 0x80000000L; /* the following mechanism types are defined: */ @@ -419,20 +414,14 @@ public interface PKCS11Constants { public static final long CKM_RSA_9796 = 0x00000002L; public static final long CKM_RSA_X_509 = 0x00000003L; - /* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS - * are new for v2.0. They are mechanisms which hash and sign */ public static final long CKM_MD2_RSA_PKCS = 0x00000004L; public static final long CKM_MD5_RSA_PKCS = 0x00000005L; public static final long CKM_SHA1_RSA_PKCS = 0x00000006L; - /* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and - * CKM_RSA_PKCS_OAEP are new for v2.10 */ public static final long CKM_RIPEMD128_RSA_PKCS = 0x00000007L; public static final long CKM_RIPEMD160_RSA_PKCS = 0x00000008L; public static final long CKM_RSA_PKCS_OAEP = 0x00000009L; - /* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31, - * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */ public static final long CKM_RSA_X9_31_KEY_PAIR_GEN = 0x0000000AL; public static final long CKM_RSA_X9_31 = 0x0000000BL; public static final long CKM_SHA1_RSA_X9_31 = 0x0000000CL; @@ -442,28 +431,48 @@ public interface PKCS11Constants { public static final long CKM_DSA_KEY_PAIR_GEN = 0x00000010L; public static final long CKM_DSA = 0x00000011L; public static final long CKM_DSA_SHA1 = 0x00000012L; + public static final long CKM_DSA_SHA224 = 0x00000013L; + public static final long CKM_DSA_SHA256 = 0x00000014L; + public static final long CKM_DSA_SHA384 = 0x00000015L; + public static final long CKM_DSA_SHA512 = 0x00000016L; + public static final long CKM_DH_PKCS_KEY_PAIR_GEN = 0x00000020L; public static final long CKM_DH_PKCS_DERIVE = 0x00000021L; - /* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE, - * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for - * v2.11 */ public static final long CKM_X9_42_DH_KEY_PAIR_GEN = 0x00000030L; public static final long CKM_X9_42_DH_DERIVE = 0x00000031L; public static final long CKM_X9_42_DH_HYBRID_DERIVE = 0x00000032L; public static final long CKM_X9_42_MQV_DERIVE = 0x00000033L; - // v2.20 public static final long CKM_SHA256_RSA_PKCS = 0x00000040L; public static final long CKM_SHA384_RSA_PKCS = 0x00000041L; public static final long CKM_SHA512_RSA_PKCS = 0x00000042L; + public static final long CKM_SHA256_RSA_PKCS_PSS = 0x00000043L; + public static final long CKM_SHA384_RSA_PKCS_PSS = 0x00000044L; + public static final long CKM_SHA512_RSA_PKCS_PSS = 0x00000045L; + + public static final long CKM_SHA224_RSA_PKCS = 0x00000046L; + public static final long CKM_SHA224_RSA_PKCS_PSS = 0x00000047L; + + public static final long CKM_SHA512_224 = 0x00000048L; + public static final long CKM_SHA512_224_HMAC = 0x00000049L; + public static final long CKM_SHA512_224_HMAC_GENERAL = 0x0000004AL; + public static final long CKM_SHA512_224_KEY_DERIVATION = 0x0000004BL; + public static final long CKM_SHA512_256 = 0x0000004CL; + public static final long CKM_SHA512_256_HMAC = 0x0000004DL; + public static final long CKM_SHA512_256_HMAC_GENERAL = 0x0000004EL; + public static final long CKM_SHA512_256_KEY_DERIVATION = 0x0000004FL; + + public static final long CKM_SHA512_T = 0x00000050L; + public static final long CKM_SHA512_T_HMAC = 0x00000051L; + public static final long CKM_SHA512_T_HMAC_GENERAL = 0x00000052L; + public static final long CKM_SHA512_T_KEY_DERIVATION = 0x00000053L; public static final long CKM_RC2_KEY_GEN = 0x00000100L; public static final long CKM_RC2_ECB = 0x00000101L; public static final long CKM_RC2_CBC = 0x00000102L; public static final long CKM_RC2_MAC = 0x00000103L; - /* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */ public static final long CKM_RC2_MAC_GENERAL = 0x00000104L; public static final long CKM_RC2_CBC_PAD = 0x00000105L; @@ -474,7 +483,6 @@ public interface PKCS11Constants { public static final long CKM_DES_CBC = 0x00000122L; public static final long CKM_DES_MAC = 0x00000123L; - /* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */ public static final long CKM_DES_MAC_GENERAL = 0x00000124L; public static final long CKM_DES_CBC_PAD = 0x00000125L; @@ -484,11 +492,10 @@ public interface PKCS11Constants { public static final long CKM_DES3_CBC = 0x00000133L; public static final long CKM_DES3_MAC = 0x00000134L; - /* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN, - * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC, - * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */ public static final long CKM_DES3_MAC_GENERAL = 0x00000135L; public static final long CKM_DES3_CBC_PAD = 0x00000136L; + public static final long CKM_DES3_CMAC_GENERAL = 0x00000137L; + public static final long CKM_DES3_CMAC = 0x00000138L; public static final long CKM_CDMF_KEY_GEN = 0x00000140L; public static final long CKM_CDMF_ECB = 0x00000141L; public static final long CKM_CDMF_CBC = 0x00000142L; @@ -496,27 +503,26 @@ public interface PKCS11Constants { public static final long CKM_CDMF_MAC_GENERAL = 0x00000144L; public static final long CKM_CDMF_CBC_PAD = 0x00000145L; + public static final long CKM_DES_OFB64 = 0x00000150L; + public static final long CKM_DES_OFB8 = 0x00000151L; + public static final long CKM_DES_CFB64 = 0x00000152L; + public static final long CKM_DES_CFB8 = 0x00000153L; + public static final long CKM_MD2 = 0x00000200L; - /* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */ public static final long CKM_MD2_HMAC = 0x00000201L; public static final long CKM_MD2_HMAC_GENERAL = 0x00000202L; public static final long CKM_MD5 = 0x00000210L; - /* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */ public static final long CKM_MD5_HMAC = 0x00000211L; public static final long CKM_MD5_HMAC_GENERAL = 0x00000212L; public static final long CKM_SHA_1 = 0x00000220L; - /* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */ public static final long CKM_SHA_1_HMAC = 0x00000221L; public static final long CKM_SHA_1_HMAC_GENERAL = 0x00000222L; - /* CKM_RIPEMD128, CKM_RIPEMD128_HMAC, - * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC, - * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */ public static final long CKM_RIPEMD128 = 0x00000230L; public static final long CKM_RIPEMD128_HMAC = 0x00000231L; public static final long CKM_RIPEMD128_HMAC_GENERAL = 0x00000232L; @@ -524,11 +530,12 @@ public interface PKCS11Constants { public static final long CKM_RIPEMD160_HMAC = 0x00000241L; public static final long CKM_RIPEMD160_HMAC_GENERAL = 0x00000242L; - // v2.20 public static final long CKM_SHA256 = 0x00000250L; public static final long CKM_SHA256_HMAC = 0x00000251L; public static final long CKM_SHA256_HMAC_GENERAL = 0x00000252L; - + public static final long CKM_SHA224 = 0x00000255L; + public static final long CKM_SHA224_HMAC = 0x00000256L; + public static final long CKM_SHA224_HMAC_GENERAL = 0x00000257L; public static final long CKM_SHA384 = 0x00000260L; public static final long CKM_SHA384_HMAC = 0x00000261L; public static final long CKM_SHA384_HMAC_GENERAL = 0x00000262L; @@ -537,8 +544,13 @@ public interface PKCS11Constants { public static final long CKM_SHA512_HMAC = 0x00000271L; public static final long CKM_SHA512_HMAC_GENERAL = 0x00000272L; - /* All of the following mechanisms are new for v2.0 */ - /* Note that CAST128 and CAST5 are the same algorithm */ + public static final long CKM_SECURID_KEY_GEN = 0x00000280L; + public static final long CKM_SECURID = 0x00000282L; + public static final long CKM_HOTP_KEY_GEN = 0x00000290L; + public static final long CKM_HOTP = 0x00000291L; + public static final long CKM_ACTI = 0x000002A0L; + public static final long CKM_ACTI_KEY_GEN = 0x000002A1L; + public static final long CKM_CAST_KEY_GEN = 0x00000300L; public static final long CKM_CAST_ECB = 0x00000301L; public static final long CKM_CAST_CBC = 0x00000302L; @@ -551,18 +563,20 @@ public interface PKCS11Constants { public static final long CKM_CAST3_MAC = 0x00000313L; public static final long CKM_CAST3_MAC_GENERAL = 0x00000314L; public static final long CKM_CAST3_CBC_PAD = 0x00000315L; - public static final long CKM_CAST5_KEY_GEN = 0x00000320L; - public static final long CKM_CAST128_KEY_GEN = 0x00000320L; - public static final long CKM_CAST5_ECB = 0x00000321L; - public static final long CKM_CAST128_ECB = 0x00000321L; - public static final long CKM_CAST5_CBC = 0x00000322L; - public static final long CKM_CAST128_CBC = 0x00000322L; - public static final long CKM_CAST5_MAC = 0x00000323L; - public static final long CKM_CAST128_MAC = 0x00000323L; - public static final long CKM_CAST5_MAC_GENERAL = 0x00000324L; - public static final long CKM_CAST128_MAC_GENERAL = 0x00000324L; - public static final long CKM_CAST5_CBC_PAD = 0x00000325L; - public static final long CKM_CAST128_CBC_PAD = 0x00000325L; + /* Note that CAST128 and CAST5 are the same algorithm */ + public static final long CKM_CAST5_KEY_GEN = 0x00000320L; + public static final long CKM_CAST128_KEY_GEN = 0x00000320L; + public static final long CKM_CAST5_ECB = 0x00000321L; + public static final long CKM_CAST128_ECB = 0x00000321L; + public static final long CKM_CAST5_CBC /*deprecated*/ = 0x00000322L; + public static final long CKM_CAST128_CBC = 0x00000322L; + public static final long CKM_CAST5_MAC /*deprecated*/ = 0x00000323L; + public static final long CKM_CAST128_MAC = 0x00000323L; + public static final long CKM_CAST5_MAC_GENERAL /*deprecated*/ + = 0x00000324L; + public static final long CKM_CAST128_MAC_GENERAL = 0x00000324L; + public static final long CKM_CAST5_CBC_PAD /*deprecated*/ = 0x00000325L; + public static final long CKM_CAST128_CBC_PAD = 0x00000325L; public static final long CKM_RC5_KEY_GEN = 0x00000330L; public static final long CKM_RC5_ECB = 0x00000331L; public static final long CKM_RC5_CBC = 0x00000332L; @@ -585,9 +599,6 @@ public interface PKCS11Constants { public static final long CKM_SSL3_MASTER_KEY_DERIVE = 0x00000371L; public static final long CKM_SSL3_KEY_AND_MAC_DERIVE = 0x00000372L; - /* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN, - * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and - * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */ public static final long CKM_SSL3_MASTER_KEY_DERIVE_DH = 0x00000373L; public static final long CKM_TLS_PRE_MASTER_KEY_GEN = 0x00000374L; public static final long CKM_TLS_MASTER_KEY_DERIVE = 0x00000375L; @@ -601,10 +612,10 @@ public interface PKCS11Constants { public static final long CKM_MD2_KEY_DERIVATION = 0x00000391L; public static final long CKM_SHA1_KEY_DERIVATION = 0x00000392L; - // v2.20 public static final long CKM_SHA256_KEY_DERIVATION = 0x00000393L; public static final long CKM_SHA384_KEY_DERIVATION = 0x00000394L; public static final long CKM_SHA512_KEY_DERIVATION = 0x00000395L; + public static final long CKM_SHA224_KEY_DERIVATION = 0x00000396L; public static final long CKM_PBE_MD2_DES_CBC = 0x000003A0L; public static final long CKM_PBE_MD5_DES_CBC = 0x000003A1L; @@ -621,22 +632,65 @@ public interface PKCS11Constants { public static final long CKM_PBE_SHA1_RC2_128_CBC = 0x000003AAL; public static final long CKM_PBE_SHA1_RC2_40_CBC = 0x000003ABL; - /* CKM_PKCS5_PBKD2 is new for v2.10 */ public static final long CKM_PKCS5_PBKD2 = 0x000003B0L; public static final long CKM_PBA_SHA1_WITH_SHA1_HMAC = 0x000003C0L; - /* CKM_TLS12_MASTER_KEY_DERIVE, CKM_TLS12_KEY_AND_MAC_DERIVE, - * CKM_TLS12_MASTER_KEY_DERIVE_DH and CKM_TLS_MAC are new for v2.40 */ + public static final long CKM_WTLS_PRE_MASTER_KEY_GEN = 0x000003D0L; + public static final long CKM_WTLS_MASTER_KEY_DERIVE = 0x000003D1L; + public static final long CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC = 0x000003D2L; + public static final long CKM_WTLS_PRF = 0x000003D3L; + public static final long CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE = 0x000003D4L; + public static final long CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE = 0x000003D5L; + + public static final long CKM_TLS10_MAC_SERVER = 0x000003D6L; + public static final long CKM_TLS10_MAC_CLIENT = 0x000003D7L; + public static final long CKM_TLS12_MAC = 0x000003D8L; + public static final long CKM_TLS12_KDF = 0x000003D9L; + public static final long CKM_TLS12_MASTER_KEY_DERIVE = 0x000003E0L; public static final long CKM_TLS12_KEY_AND_MAC_DERIVE = 0x000003E1L; public static final long CKM_TLS12_MASTER_KEY_DERIVE_DH = 0x000003E2L; + public static final long CKM_TLS12_KEY_SAFE_DERIVE = 0x000003E3L; public static final long CKM_TLS_MAC = 0x000003E4L; + public static final long CKM_TLS_KDF = 0x000003E5L; public static final long CKM_KEY_WRAP_LYNKS = 0x00000400L; public static final long CKM_KEY_WRAP_SET_OAEP = 0x00000401L; - /* Fortezza mechanisms */ + public static final long CKM_CMS_SIG = 0x00000500L; + public static final long CKM_KIP_DERIVE = 0x00000510L; + public static final long CKM_KIP_WRAP = 0x00000511L; + public static final long CKM_KIP_MAC = 0x00000512L; + + public static final long CKM_CAMELLIA_KEY_GEN = 0x00000550L; + public static final long CKM_CAMELLIA_ECB = 0x00000551L; + public static final long CKM_CAMELLIA_CBC = 0x00000552L; + public static final long CKM_CAMELLIA_MAC = 0x00000553L; + public static final long CKM_CAMELLIA_MAC_GENERAL = 0x00000554L; + public static final long CKM_CAMELLIA_CBC_PAD = 0x00000555L; + public static final long CKM_CAMELLIA_ECB_ENCRYPT_DATA = 0x00000556L; + public static final long CKM_CAMELLIA_CBC_ENCRYPT_DATA = 0x00000557L; + public static final long CKM_CAMELLIA_CTR = 0x00000558L; + + public static final long CKM_ARIA_KEY_GEN = 0x00000560L; + public static final long CKM_ARIA_ECB = 0x00000561L; + public static final long CKM_ARIA_CBC = 0x00000562L; + public static final long CKM_ARIA_MAC = 0x00000563L; + public static final long CKM_ARIA_MAC_GENERAL = 0x00000564L; + public static final long CKM_ARIA_CBC_PAD = 0x00000565L; + public static final long CKM_ARIA_ECB_ENCRYPT_DATA = 0x00000566L; + public static final long CKM_ARIA_CBC_ENCRYPT_DATA = 0x00000567L; + + public static final long CKM_SEED_KEY_GEN = 0x00000650L; + public static final long CKM_SEED_ECB = 0x00000651L; + public static final long CKM_SEED_CBC = 0x00000652L; + public static final long CKM_SEED_MAC = 0x00000653L; + public static final long CKM_SEED_MAC_GENERAL = 0x00000654L; + public static final long CKM_SEED_CBC_PAD = 0x00000655L; + public static final long CKM_SEED_ECB_ENCRYPT_DATA = 0x00000656L; + public static final long CKM_SEED_CBC_ENCRYPT_DATA = 0x00000657L; + public static final long CKM_SKIPJACK_KEY_GEN = 0x00001000L; public static final long CKM_SKIPJACK_ECB64 = 0x00001001L; public static final long CKM_SKIPJACK_CBC64 = 0x00001002L; @@ -650,6 +704,7 @@ public interface PKCS11Constants { public static final long CKM_SKIPJACK_RELAYX = 0x0000100AL; public static final long CKM_KEA_KEY_PAIR_GEN = 0x00001010L; public static final long CKM_KEA_KEY_DERIVE = 0x00001011L; + public static final long CKM_KEA_DERIVE = 0x00001012L; public static final long CKM_FORTEZZA_TIMESTAMP = 0x00001020L; public static final long CKM_BATON_KEY_GEN = 0x00001030L; public static final long CKM_BATON_ECB128 = 0x00001031L; @@ -659,20 +714,24 @@ public interface PKCS11Constants { public static final long CKM_BATON_SHUFFLE = 0x00001035L; public static final long CKM_BATON_WRAP = 0x00001036L; - /* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11, - * CKM_EC_KEY_PAIR_GEN is preferred */ - public static final long CKM_ECDSA_KEY_PAIR_GEN = 0x00001040L; + public static final long CKM_ECDSA_KEY_PAIR_GEN /*deprecated*/ + = 0x00001040L; public static final long CKM_EC_KEY_PAIR_GEN = 0x00001040L; public static final long CKM_ECDSA = 0x00001041L; public static final long CKM_ECDSA_SHA1 = 0x00001042L; + public static final long CKM_ECDSA_SHA224 = 0x00001043L; + public static final long CKM_ECDSA_SHA256 = 0x00001044L; + public static final long CKM_ECDSA_SHA384 = 0x00001045L; + public static final long CKM_ECDSA_SHA512 = 0x00001046L; - /* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE - * are new for v2.11 */ public static final long CKM_ECDH1_DERIVE = 0x00001050L; public static final long CKM_ECDH1_COFACTOR_DERIVE = 0x00001051L; public static final long CKM_ECMQV_DERIVE = 0x00001052L; + public static final long CKM_ECDH_AES_KEY_WRAP = 0x00001053L; + public static final long CKM_RSA_AES_KEY_WRAP = 0x00001054L; + public static final long CKM_JUNIPER_KEY_GEN = 0x00001060L; public static final long CKM_JUNIPER_ECB128 = 0x00001061L; public static final long CKM_JUNIPER_CBC128 = 0x00001062L; @@ -681,70 +740,79 @@ public interface PKCS11Constants { public static final long CKM_JUNIPER_WRAP = 0x00001065L; public static final long CKM_FASTHASH = 0x00001070L; - /* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC, - * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN, - * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are - * new for v2.11 */ public static final long CKM_AES_KEY_GEN = 0x00001080L; public static final long CKM_AES_ECB = 0x00001081L; public static final long CKM_AES_CBC = 0x00001082L; public static final long CKM_AES_MAC = 0x00001083L; public static final long CKM_AES_MAC_GENERAL = 0x00001084L; public static final long CKM_AES_CBC_PAD = 0x00001085L; - // v2.20 + public static final long CKM_AES_CTR = 0x00001086L; + public static final long CKM_AES_GCM = 0x00001087L; + public static final long CKM_AES_CCM = 0x00001088L; + public static final long CKM_AES_CTS = 0x00001089L; + public static final long CKM_AES_CMAC = 0x0000108AL; + public static final long CKM_AES_CMAC_GENERAL = 0x0000108BL; + + public static final long CKM_AES_XCBC_MAC = 0x0000108CL; + public static final long CKM_AES_XCBC_MAC_96 = 0x0000108DL; + public static final long CKM_AES_GMAC = 0x0000108EL; + public static final long CKM_BLOWFISH_KEY_GEN = 0x00001090L; public static final long CKM_BLOWFISH_CBC = 0x00001091L; + public static final long CKM_TWOFISH_KEY_GEN = 0x00001092L; + public static final long CKM_TWOFISH_CBC = 0x00001093L; + public static final long CKM_BLOWFISH_CBC_PAD = 0x00001094L; + public static final long CKM_TWOFISH_CBC_PAD = 0x00001095L; + + public static final long CKM_DES_ECB_ENCRYPT_DATA = 0x00001100L; + public static final long CKM_DES_CBC_ENCRYPT_DATA = 0x00001101L; + public static final long CKM_DES3_ECB_ENCRYPT_DATA = 0x00001102L; + public static final long CKM_DES3_CBC_ENCRYPT_DATA = 0x00001103L; + public static final long CKM_AES_ECB_ENCRYPT_DATA = 0x00001104L; + public static final long CKM_AES_CBC_ENCRYPT_DATA = 0x00001105L; + + public static final long CKM_GOSTR3410_KEY_PAIR_GEN = 0x00001200L; + public static final long CKM_GOSTR3410 = 0x00001201L; + public static final long CKM_GOSTR3410_WITH_GOSTR3411 = 0x00001202L; + public static final long CKM_GOSTR3410_KEY_WRAP = 0x00001203L; + public static final long CKM_GOSTR3410_DERIVE = 0x00001204L; + public static final long CKM_GOSTR3411 = 0x00001210L; + public static final long CKM_GOSTR3411_HMAC = 0x00001211L; + public static final long CKM_GOST28147_KEY_GEN = 0x00001220L; + public static final long CKM_GOST28147_ECB = 0x00001221L; + public static final long CKM_GOST28147 = 0x00001222L; + public static final long CKM_GOST28147_MAC = 0x00001223L; + public static final long CKM_GOST28147_KEY_WRAP = 0x00001224L; + public static final long CKM_DSA_PARAMETER_GEN = 0x00002000L; public static final long CKM_DH_PKCS_PARAMETER_GEN = 0x00002001L; public static final long CKM_X9_42_DH_PARAMETER_GEN = 0x00002002L; + public static final long CKM_DSA_PROBABLISTIC_PARAMETER_GEN = 0x00002003L; + public static final long CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN = 0x00002004L; + + public static final long CKM_AES_OFB = 0x00002104L; + public static final long CKM_AES_CFB64 = 0x00002105L; + public static final long CKM_AES_CFB8 = 0x00002106L; + public static final long CKM_AES_CFB128 = 0x00002107L; + public static final long CKM_AES_CFB1 = 0x00002108L; + public static final long CKM_AES_KEY_WRAP = 0x00002109L; + public static final long CKM_AES_KEY_WRAP_PAD = 0x0000210AL; + + public static final long CKM_RSA_PKCS_TPM_1_1 = 0x00004001L; + public static final long CKM_RSA_PKCS_OAEP_TPM_1_1 = 0x00004002L; public static final long CKM_VENDOR_DEFINED = 0x80000000L; - // new for v2.20 amendment 3 - public static final long CKM_SHA224 = 0x00000255L; - public static final long CKM_SHA224_HMAC = 0x00000256L; - public static final long CKM_SHA224_HMAC_GENERAL = 0x00000257L; - public static final long CKM_SHA224_KEY_DERIVATION = 0x00000396L; - public static final long CKM_SHA224_RSA_PKCS = 0x00000046L; - public static final long CKM_SHA224_RSA_PKCS_PSS = 0x00000047L; - public static final long CKM_AES_CTR = 0x00001086L; - /* - public static final long CKM_CAMELLIA_KEY_GEN = 0x00000550L; - public static final long CKM_CAMELLIA_ECB = 0x00000551L; - public static final long CKM_CAMELLIA_CBC = 0x00000552L; - public static final long CKM_CAMELLIA_MAC = 0x00000553L; - public static final long CKM_CAMELLIA_MAC_GENERAL = 0x00000554L; - public static final long CKM_CAMELLIA_CBC_PAD = 0x00000555L; - public static final long CKM_CAMELLIA_ECB_ENCRYPT_DATA = 0x00000556L; - public static final long CKM_CAMELLIA_CBC_ENCRYPT_DATA = 0x00000557L; - public static final long CKM_CAMELLIA_CTR = 0x00000558L; - public static final long CKM_ARIA_KEY_GEN = 0x00000560L; - public static final long CKM_ARIA_ECB = 0x00000561L; - public static final long CKM_ARIA_CBC = 0x00000562L; - public static final long CKM_ARIA_MAC = 0x00000563L; - public static final long CKM_ARIA_MAC_GENERAL = 0x00000564L; - public static final long CKM_ARIA_CBC_PAD = 0x00000565L; - public static final long CKM_ARIA_ECB_ENCRYPT_DATA = 0x00000566L; - public static final long CKM_ARIA_CBC_ENCRYPT_DATA = 0x00000567L; - */ - // NSS private public static final long CKM_NSS_TLS_PRF_GENERAL = 0x80000373L; - // ids for our pseudo mechanisms SecureRandom and KeyStore + // internal ids for our pseudo mechanisms SecureRandom and KeyStore public static final long PCKM_SECURERANDOM = 0x7FFFFF20L; public static final long PCKM_KEYSTORE = 0x7FFFFF21L; - /* The flags are defined as follows: - * Bit Flag Mask Meaning */ - /* performed by HW */ + /* The flags specify whether or not a mechanism can be used for a + * particular task */ public static final long CKF_HW = 0x00000001L; - - /* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN, - * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER, - * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP, - * and CKF_DERIVE are new for v2.0. They specify whether or not - * a mechanism can be used for a particular task */ public static final long CKF_ENCRYPT = 0x00000100L; public static final long CKF_DECRYPT = 0x00000200L; public static final long CKF_DIGEST = 0x00000400L; @@ -758,152 +826,141 @@ public interface PKCS11Constants { public static final long CKF_UNWRAP = 0x00040000L; public static final long CKF_DERIVE = 0x00080000L; - /* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE, - * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They - * describe a token's EC capabilities not available in mechanism - * information. */ - public static final long CKF_EC_F_P = 0x00100000L; - public static final long CKF_EC_F_2M = 0x00200000L; - public static final long CKF_EC_ECPARAMETERS = 0x00400000L; - public static final long CKF_EC_NAMEDCURVE = 0x00800000L; - public static final long CKF_EC_UNCOMPRESS = 0x01000000L; - public static final long CKF_EC_COMPRESS = 0x02000000L; + /* Describe a token's EC capabilities not available in mechanism + * information. + */ + public static final long CKF_EC_F_P = 0x00100000L; + public static final long CKF_EC_F_2M = 0x00200000L; + public static final long CKF_EC_ECPARAMETERS = 0x00400000L; + public static final long CKF_EC_NAMEDCURVE = 0x00800000L; + public static final long CKF_EC_UNCOMPRESS = 0x01000000L; + public static final long CKF_EC_COMPRESS = 0x02000000L; - /* FALSE for 2.01 */ public static final long CKF_EXTENSION = 0x80000000L; - /* CK_RV is a value that identifies the return value of a - * Cryptoki function */ - /* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */ - public static final long CKR_OK = 0x00000000L; - public static final long CKR_CANCEL = 0x00000001L; - public static final long CKR_HOST_MEMORY = 0x00000002L; - public static final long CKR_SLOT_ID_INVALID = 0x00000003L; + /* Identifies the return value of a Cryptoki function */ + public static final long CKR_OK = 0x00000000L; + public static final long CKR_CANCEL = 0x00000001L; + public static final long CKR_HOST_MEMORY = 0x00000002L; + public static final long CKR_SLOT_ID_INVALID = 0x00000003L; - /* CKR_FLAGS_INVALID was removed for v2.0 */ + public static final long CKR_GENERAL_ERROR = 0x00000005L; + public static final long CKR_FUNCTION_FAILED = 0x00000006L; - /* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */ - public static final long CKR_GENERAL_ERROR = 0x00000005L; - public static final long CKR_FUNCTION_FAILED = 0x00000006L; + public static final long CKR_ARGUMENTS_BAD = 0x00000007L; + public static final long CKR_NO_EVENT = 0x00000008L; + public static final long CKR_NEED_TO_CREATE_THREADS + = 0x00000009L; + public static final long CKR_CANT_LOCK = 0x0000000AL; - /* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS, - * and CKR_CANT_LOCK are new for v2.01 */ - public static final long CKR_ARGUMENTS_BAD = 0x00000007L; - public static final long CKR_NO_EVENT = 0x00000008L; - public static final long CKR_NEED_TO_CREATE_THREADS = 0x00000009L; - public static final long CKR_CANT_LOCK = 0x0000000AL; + public static final long CKR_ATTRIBUTE_READ_ONLY = 0x00000010L; + public static final long CKR_ATTRIBUTE_SENSITIVE = 0x00000011L; + public static final long CKR_ATTRIBUTE_TYPE_INVALID = 0x00000012L; + public static final long CKR_ATTRIBUTE_VALUE_INVALID = 0x00000013L; + public static final long CKR_ACTION_PROHIBITED = 0x0000001BL; - public static final long CKR_ATTRIBUTE_READ_ONLY = 0x00000010L; - public static final long CKR_ATTRIBUTE_SENSITIVE = 0x00000011L; - public static final long CKR_ATTRIBUTE_TYPE_INVALID = 0x00000012L; - public static final long CKR_ATTRIBUTE_VALUE_INVALID = 0x00000013L; - public static final long CKR_DATA_INVALID = 0x00000020L; - public static final long CKR_DATA_LEN_RANGE = 0x00000021L; - public static final long CKR_DEVICE_ERROR = 0x00000030L; - public static final long CKR_DEVICE_MEMORY = 0x00000031L; - public static final long CKR_DEVICE_REMOVED = 0x00000032L; - public static final long CKR_ENCRYPTED_DATA_INVALID = 0x00000040L; - public static final long CKR_ENCRYPTED_DATA_LEN_RANGE = 0x00000041L; - public static final long CKR_FUNCTION_CANCELED = 0x00000050L; - public static final long CKR_FUNCTION_NOT_PARALLEL = 0x00000051L; + public static final long CKR_DATA_INVALID = 0x00000020L; + public static final long CKR_DATA_LEN_RANGE = 0x00000021L; + public static final long CKR_DEVICE_ERROR = 0x00000030L; + public static final long CKR_DEVICE_MEMORY = 0x00000031L; + public static final long CKR_DEVICE_REMOVED = 0x00000032L; + public static final long CKR_ENCRYPTED_DATA_INVALID = 0x00000040L; + public static final long CKR_ENCRYPTED_DATA_LEN_RANGE = 0x00000041L; + public static final long CKR_FUNCTION_CANCELED = 0x00000050L; + public static final long CKR_FUNCTION_NOT_PARALLEL = 0x00000051L; - /* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */ - public static final long CKR_FUNCTION_NOT_SUPPORTED = 0x00000054L; + public static final long CKR_FUNCTION_NOT_SUPPORTED = 0x00000054L; - public static final long CKR_KEY_HANDLE_INVALID = 0x00000060L; + public static final long CKR_KEY_HANDLE_INVALID = 0x00000060L; - /* CKR_KEY_SENSITIVE was removed for v2.0 */ + public static final long CKR_KEY_SIZE_RANGE = 0x00000062L; + public static final long CKR_KEY_TYPE_INCONSISTENT = 0x00000063L; - public static final long CKR_KEY_SIZE_RANGE = 0x00000062L; - public static final long CKR_KEY_TYPE_INCONSISTENT = 0x00000063L; + public static final long CKR_KEY_NOT_NEEDED = 0x00000064L; + public static final long CKR_KEY_CHANGED = 0x00000065L; + public static final long CKR_KEY_NEEDED = 0x00000066L; + public static final long CKR_KEY_INDIGESTIBLE = 0x00000067L; + public static final long CKR_KEY_FUNCTION_NOT_PERMITTED = 0x00000068L; + public static final long CKR_KEY_NOT_WRAPPABLE = 0x00000069L; + public static final long CKR_KEY_UNEXTRACTABLE = 0x0000006AL; - /* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED, - * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED, - * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for - * v2.0 */ - public static final long CKR_KEY_NOT_NEEDED = 0x00000064L; - public static final long CKR_KEY_CHANGED = 0x00000065L; - public static final long CKR_KEY_NEEDED = 0x00000066L; - public static final long CKR_KEY_INDIGESTIBLE = 0x00000067L; - public static final long CKR_KEY_FUNCTION_NOT_PERMITTED = 0x00000068L; - public static final long CKR_KEY_NOT_WRAPPABLE = 0x00000069L; - public static final long CKR_KEY_UNEXTRACTABLE = 0x0000006AL; + public static final long CKR_MECHANISM_INVALID = 0x00000070L; + public static final long CKR_MECHANISM_PARAM_INVALID = 0x00000071L; - public static final long CKR_MECHANISM_INVALID = 0x00000070L; - public static final long CKR_MECHANISM_PARAM_INVALID = 0x00000071L; + public static final long CKR_OBJECT_HANDLE_INVALID = 0x00000082L; + public static final long CKR_OPERATION_ACTIVE = 0x00000090L; + public static final long CKR_OPERATION_NOT_INITIALIZED = 0x00000091L; + public static final long CKR_PIN_INCORRECT = 0x000000A0L; + public static final long CKR_PIN_INVALID = 0x000000A1L; + public static final long CKR_PIN_LEN_RANGE = 0x000000A2L; - /* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID - * were removed for v2.0 */ - public static final long CKR_OBJECT_HANDLE_INVALID = 0x00000082L; - public static final long CKR_OPERATION_ACTIVE = 0x00000090L; - public static final long CKR_OPERATION_NOT_INITIALIZED = 0x00000091L; - public static final long CKR_PIN_INCORRECT = 0x000000A0L; - public static final long CKR_PIN_INVALID = 0x000000A1L; - public static final long CKR_PIN_LEN_RANGE = 0x000000A2L; + public static final long CKR_PIN_EXPIRED = 0x000000A3L; + public static final long CKR_PIN_LOCKED = 0x000000A4L; - /* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */ - public static final long CKR_PIN_EXPIRED = 0x000000A3L; - public static final long CKR_PIN_LOCKED = 0x000000A4L; + public static final long CKR_SESSION_CLOSED = 0x000000B0L; + public static final long CKR_SESSION_COUNT = 0x000000B1L; + public static final long CKR_SESSION_HANDLE_INVALID = 0x000000B3L; + public static final long CKR_SESSION_PARALLEL_NOT_SUPPORTED = 0x000000B4L; + public static final long CKR_SESSION_READ_ONLY = 0x000000B5L; + public static final long CKR_SESSION_EXISTS = 0x000000B6L; - public static final long CKR_SESSION_CLOSED = 0x000000B0L; - public static final long CKR_SESSION_COUNT = 0x000000B1L; - public static final long CKR_SESSION_HANDLE_INVALID = 0x000000B3L; - public static final long CKR_SESSION_PARALLEL_NOT_SUPPORTED = 0x000000B4L; - public static final long CKR_SESSION_READ_ONLY = 0x000000B5L; - public static final long CKR_SESSION_EXISTS = 0x000000B6L; + public static final long CKR_SESSION_READ_ONLY_EXISTS = 0x000000B7L; + public static final long CKR_SESSION_READ_WRITE_SO_EXISTS = 0x000000B8L; - /* CKR_SESSION_READ_ONLY_EXISTS and - * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */ - public static final long CKR_SESSION_READ_ONLY_EXISTS = 0x000000B7L; - public static final long CKR_SESSION_READ_WRITE_SO_EXISTS = 0x000000B8L; + public static final long CKR_SIGNATURE_INVALID = 0x000000C0L; + public static final long CKR_SIGNATURE_LEN_RANGE = 0x000000C1L; + public static final long CKR_TEMPLATE_INCOMPLETE = 0x000000D0L; + public static final long CKR_TEMPLATE_INCONSISTENT = 0x000000D1L; + public static final long CKR_TOKEN_NOT_PRESENT = 0x000000E0L; + public static final long CKR_TOKEN_NOT_RECOGNIZED = 0x000000E1L; + public static final long CKR_TOKEN_WRITE_PROTECTED = 0x000000E2L; + public static final long CKR_UNWRAPPING_KEY_HANDLE_INVALID = 0x000000F0L; + public static final long CKR_UNWRAPPING_KEY_SIZE_RANGE = 0x000000F1L; + public static final long CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT + = 0x000000F2L; + public static final long CKR_USER_ALREADY_LOGGED_IN = 0x00000100L; + public static final long CKR_USER_NOT_LOGGED_IN = 0x00000101L; + public static final long CKR_USER_PIN_NOT_INITIALIZED = 0x00000102L; + public static final long CKR_USER_TYPE_INVALID = 0x00000103L; - public static final long CKR_SIGNATURE_INVALID = 0x000000C0L; - public static final long CKR_SIGNATURE_LEN_RANGE = 0x000000C1L; - public static final long CKR_TEMPLATE_INCOMPLETE = 0x000000D0L; - public static final long CKR_TEMPLATE_INCONSISTENT = 0x000000D1L; - public static final long CKR_TOKEN_NOT_PRESENT = 0x000000E0L; - public static final long CKR_TOKEN_NOT_RECOGNIZED = 0x000000E1L; - public static final long CKR_TOKEN_WRITE_PROTECTED = 0x000000E2L; - public static final long CKR_UNWRAPPING_KEY_HANDLE_INVALID = 0x000000F0L; - public static final long CKR_UNWRAPPING_KEY_SIZE_RANGE = 0x000000F1L; - public static final long CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT = 0x000000F2L; - public static final long CKR_USER_ALREADY_LOGGED_IN = 0x00000100L; - public static final long CKR_USER_NOT_LOGGED_IN = 0x00000101L; - public static final long CKR_USER_PIN_NOT_INITIALIZED = 0x00000102L; - public static final long CKR_USER_TYPE_INVALID = 0x00000103L; + public static final long CKR_USER_ANOTHER_ALREADY_LOGGED_IN = 0x00000104L; + public static final long CKR_USER_TOO_MANY_TYPES = 0x00000105L; - /* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES - * are new to v2.01 */ - public static final long CKR_USER_ANOTHER_ALREADY_LOGGED_IN = 0x00000104L; - public static final long CKR_USER_TOO_MANY_TYPES = 0x00000105L; + public static final long CKR_WRAPPED_KEY_INVALID = 0x00000110L; + public static final long CKR_WRAPPED_KEY_LEN_RANGE = 0x00000112L; + public static final long CKR_WRAPPING_KEY_HANDLE_INVALID = 0x00000113L; + public static final long CKR_WRAPPING_KEY_SIZE_RANGE = 0x00000114L; + public static final long CKR_WRAPPING_KEY_TYPE_INCONSISTENT = 0x00000115L; + public static final long CKR_RANDOM_SEED_NOT_SUPPORTED = 0x00000120L; - public static final long CKR_WRAPPED_KEY_INVALID = 0x00000110L; - public static final long CKR_WRAPPED_KEY_LEN_RANGE = 0x00000112L; - public static final long CKR_WRAPPING_KEY_HANDLE_INVALID = 0x00000113L; - public static final long CKR_WRAPPING_KEY_SIZE_RANGE = 0x00000114L; - public static final long CKR_WRAPPING_KEY_TYPE_INCONSISTENT = 0x00000115L; - public static final long CKR_RANDOM_SEED_NOT_SUPPORTED = 0x00000120L; + public static final long CKR_RANDOM_NO_RNG = 0x00000121L; - /* These are new to v2.0 */ - public static final long CKR_RANDOM_NO_RNG = 0x00000121L; + public static final long CKR_DOMAIN_PARAMS_INVALID = 0x00000130L; - /* These are new to v2.11 */ - public static final long CKR_DOMAIN_PARAMS_INVALID = 0x00000130L; + public static final long CKR_CURVE_NOT_SUPPORTED = 0x00000140L; - /* These are new to v2.0 */ - public static final long CKR_BUFFER_TOO_SMALL = 0x00000150L; - public static final long CKR_SAVED_STATE_INVALID = 0x00000160L; - public static final long CKR_INFORMATION_SENSITIVE = 0x00000170L; - public static final long CKR_STATE_UNSAVEABLE = 0x00000180L; + public static final long CKR_BUFFER_TOO_SMALL = 0x00000150L; + public static final long CKR_SAVED_STATE_INVALID = 0x00000160L; + public static final long CKR_INFORMATION_SENSITIVE = 0x00000170L; + public static final long CKR_STATE_UNSAVEABLE = 0x00000180L; - /* These are new to v2.01 */ - public static final long CKR_CRYPTOKI_NOT_INITIALIZED = 0x00000190L; - public static final long CKR_CRYPTOKI_ALREADY_INITIALIZED = 0x00000191L; - public static final long CKR_MUTEX_BAD = 0x000001A0L; - public static final long CKR_MUTEX_NOT_LOCKED = 0x000001A1L; + public static final long CKR_CRYPTOKI_NOT_INITIALIZED = 0x00000190L; + public static final long CKR_CRYPTOKI_ALREADY_INITIALIZED = 0x00000191L; + public static final long CKR_MUTEX_BAD = 0x000001A0L; + public static final long CKR_MUTEX_NOT_LOCKED = 0x000001A1L; - public static final long CKR_VENDOR_DEFINED = 0x80000000L; + public static final long CKR_NEW_PIN_MODE = 0x000001B0L; + public static final long CKR_NEXT_OTP = 0x000001B1L; + + public static final long CKR_EXCEEDED_MAX_ITERATIONS = 0x000001B5L; + public static final long CKR_FIPS_SELF_TEST_FAILED = 0x000001B6L; + public static final long CKR_LIBRARY_LOAD_FAILED = 0x000001B7L; + public static final long CKR_PIN_TOO_WEAK = 0x000001B8L; + public static final long CKR_PUBLIC_KEY_INVALID = 0x000001B9L; + public static final long CKR_FUNCTION_REJECTED = 0x00000200L; + + public static final long CKR_VENDOR_DEFINED = 0x80000000L; /* flags: bit flags that provide capabilities of the slot @@ -916,31 +973,56 @@ public interface PKCS11Constants { /* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */ public static final long CKF_DONT_BLOCK = 1L; - /* The following MGFs are defined */ - public static final long CKG_MGF1_SHA1 = 0x00000001L; - // new for v2.20 amendment 3 + public static final long CKG_MGF1_SHA1 = 0x00000001L; + public static final long CKG_MGF1_SHA256 = 0x00000002L; + public static final long CKG_MGF1_SHA384 = 0x00000003L; + public static final long CKG_MGF1_SHA512 = 0x00000004L; public static final long CKG_MGF1_SHA224 = 0x00000005L; /* The following encoding parameter sources are defined */ public static final long CKZ_DATA_SPECIFIED = 0x00000001L; - /* The following PRFs are defined in PKCS #5 v2.0. */ - public static final long CKP_PKCS5_PBKD2_HMAC_SHA1 = 0x00000001L; - - - /* The following salt value sources are defined in PKCS #5 v2.0. */ - public static final long CKZ_SALT_SPECIFIED = 0x00000001L; - /* the following EC Key Derivation Functions are defined */ - public static final long CKD_NULL = 0x00000001L; - public static final long CKD_SHA1_KDF = 0x00000002L; + public static final long CKD_NULL = 0x00000001L; + public static final long CKD_SHA1_KDF = 0x00000002L; /* the following X9.42 Diffie-Hellman Key Derivation Functions are defined */ - public static final long CKD_SHA1_KDF_ASN1 = 0x00000003L; - public static final long CKD_SHA1_KDF_CONCATENATE = 0x00000004L; + public static final long CKD_SHA1_KDF_ASN1 = 0x00000003L; + public static final long CKD_SHA1_KDF_CONCATENATE = 0x00000004L; + public static final long CKD_SHA224_KDF = 0x00000005L; + public static final long CKD_SHA256_KDF = 0x00000006L; + public static final long CKD_SHA384_KDF = 0x00000007L; + public static final long CKD_SHA512_KDF = 0x00000008L; + public static final long CKD_CPDIVERSIFY_KDF = 0x00000009L; + public static final long CKP_PKCS5_PBKD2_HMAC_SHA1 = 0x00000001L; + public static final long CKP_PKCS5_PBKD2_HMAC_GOSTR3411 = 0x00000002L; + public static final long CKP_PKCS5_PBKD2_HMAC_SHA224 = 0x00000003L; + public static final long CKP_PKCS5_PBKD2_HMAC_SHA256 = 0x00000004L; + public static final long CKP_PKCS5_PBKD2_HMAC_SHA384 = 0x00000005L; + public static final long CKP_PKCS5_PBKD2_HMAC_SHA512 = 0x00000006L; + public static final long CKP_PKCS5_PBKD2_HMAC_SHA512_224 = 0x00000007L; + public static final long CKP_PKCS5_PBKD2_HMAC_SHA512_256 = 0x00000008L; + + public static final long CKZ_SALT_SPECIFIED = 0x00000001L; + + public static final long CK_OTP_VALUE = 0x00000000L; + public static final long CK_OTP_PIN = 0x00000001L; + public static final long CK_OTP_CHALLENGE = 0x00000002L; + public static final long CK_OTP_TIME = 0x00000003L; + public static final long CK_OTP_COUNTER = 0x00000004L; + public static final long CK_OTP_FLAGS = 0x00000005L; + public static final long CK_OTP_OUTPUT_LENGTH = 0x00000006L; + public static final long CK_OTP_OUTPUT_FORMAT = 0x00000007L; + + public static final long CKF_NEXT_OTP = 0x00000001L; + public static final long CKF_EXCLUDE_TIME = 0x00000002L; + public static final long CKF_EXCLUDE_COUNTER = 0x00000004L; + public static final long CKF_EXCLUDE_CHALLENGE = 0x00000008L; + public static final long CKF_EXCLUDE_PIN = 0x00000010L; + public static final long CKF_USER_FRIENDLY_OTP = 0x00000020L; // private NSS attribute (for DSA and DH private keys) public static final long CKA_NETSCAPE_DB = 0xD5A0DB00L; diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Exception.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Exception.java index 68163a0491f..8791b4b84d8 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Exception.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Exception.java @@ -88,6 +88,7 @@ public class PKCS11Exception extends Exception { 0x00000011, 0x00000012, 0x00000013, + 0x0000001B, 0x00000020, 0x00000021, 0x00000030, @@ -158,6 +159,13 @@ public class PKCS11Exception extends Exception { 0x00000191, 0x000001A0, 0x000001A1, + 0x000001B0, + 0x000001B1, + 0x000001B5, + 0x000001B6, + 0x000001B7, + 0x000001B8, + 0x000001B9, 0x00000200, 0x80000000, }; @@ -176,6 +184,7 @@ public class PKCS11Exception extends Exception { "CKR_ATTRIBUTE_SENSITIVE", "CKR_ATTRIBUTE_TYPE_INVALID", "CKR_ATTRIBUTE_VALUE_INVALID", + "CKR_ACTION_PROHIBITED", "CKR_DATA_INVALID", "CKR_DATA_LEN_RANGE", "CKR_DEVICE_ERROR", @@ -246,6 +255,13 @@ public class PKCS11Exception extends Exception { "CKR_CRYPTOKI_ALREADY_INITIALIZED", "CKR_MUTEX_BAD", "CKR_MUTEX_NOT_LOCKED", + "CKR_NEW_PIN_MODE", + "CKR_NEXT_OTP", + "CKR_EXCEEDED_MAX_ITERATIONS", + "CKR_FIPS_SELF_TEST_FAILED", + "CKR_LIBRARY_LOAD_FAILED", + "CKR_PIN_TOO_WEAK", + "CKR_PUBLIC_KEY_INVALID", "CKR_FUNCTION_REJECTED", "CKR_VENDOR_DEFINED", }; diff --git a/src/jdk.crypto.cryptoki/share/legal/pkcs11cryptotoken.md b/src/jdk.crypto.cryptoki/share/legal/pkcs11cryptotoken.md index 9f786fa3f50..d5e93ae437b 100644 --- a/src/jdk.crypto.cryptoki/share/legal/pkcs11cryptotoken.md +++ b/src/jdk.crypto.cryptoki/share/legal/pkcs11cryptotoken.md @@ -1,20 +1,32 @@ -## PKCS #11 Cryptographic Token Interface v2.20 Amendment 3 Header Files +ASIS PKCS #11 Cryptographic Token Interface v2.40 -### PKCS #11 Cryptographic Token Interface License -
+### OASIS PKCS #11 Cryptographic Token Interface License
+```
 
-License to copy and use this software is granted provided that it is
-identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-(Cryptoki)" in all material mentioning or referencing this software.
+Copyright (c) OASIS Open 2016. All Rights Reserved.
 
-License is also granted to make and use derivative works provided that
-such works are identified as "derived from the RSA Security Inc. PKCS #11
-Cryptographic Token Interface (Cryptoki)" in all material mentioning or
-referencing the derived work.
+All capitalized terms in the following text have the meanings assigned to them in the OASIS
+Intellectual Property Rights Policy (the "OASIS IPR Policy"). The full Policy may be found at the
+OASIS website: [http://www.oasis-open.org/policies-guidelines/ipr]
 
-RSA Security Inc. makes no representations concerning either the
-merchantability of this software or the suitability of this software for
-any particular purpose. It is provided "as is" without express or implied
-warranty of any kind.
+This document and translations of it may be copied and furnished to others, and derivative works
+that comment on or otherwise explain it or assist in its implementation may be prepared, copied,
+published, and distributed, in whole or in part, without restriction of any kind, provided that
+the above copyright notice and this section are included on all such copies and derivative works.
+However, this document itself may not be modified in any way, including by removing the copyright
+notice or references to OASIS, except as needed for the purpose of developing any document or
+deliverable produced by an OASIS Technical Committee (in which case the rules applicable to
+copyrights, as set forth in the OASIS IPR Policy, must be followed) or as required to translate it
+into languages other than English.
 
-
+The limited permissions granted above are perpetual and will not be revoked by OASIS or its +successors or assigns. + +This document and the information contained herein is provided on an "AS IS" basis and OASIS +DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE +USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY OWNERSHIP RIGHTS OR ANY IMPLIED WARRANTIES OF +MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. OASIS AND ITS MEMBERS WILL NOT BE LIABLE FOR +ANY DIRECT, INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF ANY USE OF THIS DOCUMENT OR +ANY PART THEREOF. + +``` diff --git a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c index b21b6deaf29..462b9a5393a 100644 --- a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c +++ b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -68,7 +68,8 @@ /* declare file private functions */ -void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam, CK_VOID_PTR *ckpParamPtr, CK_ULONG *ckpLength); +CK_VOID_PTR jMechParamToCKMechParamPtrSlow(JNIEnv *env, jobject jParam, + CK_MECHANISM_TYPE ckMech, CK_ULONG *ckpLength); /* @@ -425,8 +426,8 @@ CK_ATTRIBUTE jAttributeToCKAttribute(JNIEnv *env, jobject jAttribute) memset(&ckAttribute, 0, sizeof(CK_ATTRIBUTE)); // TBD: what if jAttribute == NULL?! - TRACE0("\nDEBUG: jAttributeToCKAttribute"); + /* get CK_ATTRIBUTE class */ TRACE0(", getting attribute object class"); jAttributeClass = (*env)->GetObjectClass(env, jAttribute); @@ -437,7 +438,7 @@ CK_ATTRIBUTE jAttributeToCKAttribute(JNIEnv *env, jobject jAttribute) jFieldID = (*env)->GetFieldID(env, jAttributeClass, "type", "J"); if (jFieldID == NULL) { return ckAttribute; } jType = (*env)->GetLongField(env, jAttribute, jFieldID); - TRACE1(", type=0x%X", jType); + TRACE1(", type=0x%lX", jType); /* get pValue */ TRACE0(", getting pValue field"); @@ -450,9 +451,9 @@ CK_ATTRIBUTE jAttributeToCKAttribute(JNIEnv *env, jobject jAttribute) TRACE0(", converting pValue to primitive object"); /* convert the Java pValue object to a CK-type pValue pointer */ - jObjectToPrimitiveCKObjectPtrPtr(env, jPValue, &(ckAttribute.pValue), &(ckAttribute.ulValueLen)); + ckAttribute.pValue = jObjectToPrimitiveCKObjectPtr(env, jPValue, &(ckAttribute.ulValueLen)); - TRACE0("\nFINISHED\n"); + TRACE0("\nDEBUG: jAttributeToCKAttribute FINISHED\n"); return ckAttribute ; } @@ -515,22 +516,19 @@ void masterKeyDeriveParamToCKMasterKeyDeriveParam(JNIEnv *env, jobject jParam, * * @param env - used to call JNI functions to get the Java classes and objects * @param jParam - the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS object to convert - * @return - the new CK_SSL3_MASTER_KEY_DERIVE_PARAMS structure + * @param ckParamPtr - pointer to the new CK_SSL3_MASTER_KEY_DERIVE_PARAMS structure */ -CK_SSL3_MASTER_KEY_DERIVE_PARAMS -jSsl3MasterKeyDeriveParamToCKSsl3MasterKeyDeriveParam(JNIEnv *env, - jobject jParam) +void jSsl3MasterKeyDeriveParamToCKSsl3MasterKeyDeriveParam(JNIEnv *env, + jobject jParam, CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR ckParamPtr) { - CK_SSL3_MASTER_KEY_DERIVE_PARAMS ckParam; jclass jSsl3MasterKeyDeriveParamsClass; - memset(&ckParam, 0, sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS)); + memset(ckParamPtr, 0, sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS)); jSsl3MasterKeyDeriveParamsClass = (*env)->FindClass(env, CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS); - if (jSsl3MasterKeyDeriveParamsClass == NULL) { return ckParam; } + if (jSsl3MasterKeyDeriveParamsClass == NULL) { return; } masterKeyDeriveParamToCKMasterKeyDeriveParam(env, jParam, jSsl3MasterKeyDeriveParamsClass, - &ckParam.pVersion, &ckParam.RandomInfo); - return ckParam; + &(ckParamPtr->pVersion), &(ckParamPtr->RandomInfo)); } /* @@ -539,123 +537,116 @@ jSsl3MasterKeyDeriveParamToCKSsl3MasterKeyDeriveParam(JNIEnv *env, * * @param env - used to call JNI functions to get the Java classes and objects * @param jParam - the Java CK_TLS12_MASTER_KEY_DERIVE_PARAMS object to convert - * @return - the new CK_TLS12_MASTER_KEY_DERIVE_PARAMS structure + * @param ckParamPtr - pointer to the new CK_TLS12_MASTER_KEY_DERIVE_PARAMS structure */ -CK_TLS12_MASTER_KEY_DERIVE_PARAMS -jTls12MasterKeyDeriveParamToCKTls12MasterKeyDeriveParam(JNIEnv *env, - jobject jParam) +void jTls12MasterKeyDeriveParamToCKTls12MasterKeyDeriveParam(JNIEnv *env, + jobject jParam, CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR ckParamPtr) { - CK_TLS12_MASTER_KEY_DERIVE_PARAMS ckParam; jclass jTls12MasterKeyDeriveParamsClass; jfieldID fieldID; - memset(&ckParam, 0, sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS)); + memset(ckParamPtr, 0, sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS)); jTls12MasterKeyDeriveParamsClass = (*env)->FindClass(env, CLASS_TLS12_MASTER_KEY_DERIVE_PARAMS); - if (jTls12MasterKeyDeriveParamsClass == NULL) { return ckParam; } + if (jTls12MasterKeyDeriveParamsClass == NULL) { return; } masterKeyDeriveParamToCKMasterKeyDeriveParam(env, jParam, - jTls12MasterKeyDeriveParamsClass, &ckParam.pVersion, - &ckParam.RandomInfo); + jTls12MasterKeyDeriveParamsClass, &ckParamPtr->pVersion, + &ckParamPtr->RandomInfo); fieldID = (*env)->GetFieldID(env, jTls12MasterKeyDeriveParamsClass, "prfHashMechanism", "J"); if (fieldID != NULL) { jlong prfHashMechanism = (*env)->GetLongField(env, jParam, fieldID); - ckParam.prfHashMechanism = (CK_MECHANISM_TYPE)prfHashMechanism; + ckParamPtr->prfHashMechanism = (CK_MECHANISM_TYPE)prfHashMechanism; } - return ckParam; } /* * converts the Java CK_TLS_PRF_PARAMS object to a CK_TLS_PRF_PARAMS structure */ -CK_TLS_PRF_PARAMS jTlsPrfParamsToCKTlsPrfParam(JNIEnv *env, jobject jParam) +void jTlsPrfParamsToCKTlsPrfParam(JNIEnv *env, jobject jParam, +CK_TLS_PRF_PARAMS_PTR ckParamPtr) { jclass jTlsPrfParamsClass; - CK_TLS_PRF_PARAMS ckParam; jfieldID fieldID; jobject jSeed, jLabel, jOutput; - memset(&ckParam, 0, sizeof(CK_TLS_PRF_PARAMS)); + memset(ckParamPtr, 0, sizeof(CK_TLS_PRF_PARAMS)); // TBD: what if jParam == NULL?! /* get pSeed */ jTlsPrfParamsClass = (*env)->FindClass(env, CLASS_TLS_PRF_PARAMS); - if (jTlsPrfParamsClass == NULL) { return ckParam; } + if (jTlsPrfParamsClass == NULL) { return; } fieldID = (*env)->GetFieldID(env, jTlsPrfParamsClass, "pSeed", "[B"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jSeed = (*env)->GetObjectField(env, jParam, fieldID); /* get pLabel */ fieldID = (*env)->GetFieldID(env, jTlsPrfParamsClass, "pLabel", "[B"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jLabel = (*env)->GetObjectField(env, jParam, fieldID); /* get pOutput */ fieldID = (*env)->GetFieldID(env, jTlsPrfParamsClass, "pOutput", "[B"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jOutput = (*env)->GetObjectField(env, jParam, fieldID); /* populate java values */ - jByteArrayToCKByteArray(env, jSeed, &(ckParam.pSeed), &(ckParam.ulSeedLen)); - if ((*env)->ExceptionCheck(env)) { return ckParam; } - jByteArrayToCKByteArray(env, jLabel, &(ckParam.pLabel), &(ckParam.ulLabelLen)); + jByteArrayToCKByteArray(env, jSeed, &(ckParamPtr->pSeed), &(ckParamPtr->ulSeedLen)); + if ((*env)->ExceptionCheck(env)) { return; } + jByteArrayToCKByteArray(env, jLabel, &(ckParamPtr->pLabel), &(ckParamPtr->ulLabelLen)); if ((*env)->ExceptionCheck(env)) { - free(ckParam.pSeed); - return ckParam; + free(ckParamPtr->pSeed); + return; } - ckParam.pulOutputLen = malloc(sizeof(CK_ULONG)); - if (ckParam.pulOutputLen == NULL) { - free(ckParam.pSeed); - free(ckParam.pLabel); + ckParamPtr->pulOutputLen = malloc(sizeof(CK_ULONG)); + if (ckParamPtr->pulOutputLen == NULL) { + free(ckParamPtr->pSeed); + free(ckParamPtr->pLabel); throwOutOfMemoryError(env, 0); - return ckParam; + return; } - jByteArrayToCKByteArray(env, jOutput, &(ckParam.pOutput), ckParam.pulOutputLen); + jByteArrayToCKByteArray(env, jOutput, &(ckParamPtr->pOutput), ckParamPtr->pulOutputLen); if ((*env)->ExceptionCheck(env)) { - free(ckParam.pSeed); - free(ckParam.pLabel); - free(ckParam.pulOutputLen); - return ckParam; + free(ckParamPtr->pSeed); + free(ckParamPtr->pLabel); + free(ckParamPtr->pOutput); + return; } - - return ckParam ; } /* * converts the Java CK_TLS_MAC_PARAMS object to a CK_TLS_MAC_PARAMS structure */ -CK_TLS_MAC_PARAMS jTlsMacParamsToCKTlsMacParam(JNIEnv *env, jobject jParam) +void jTlsMacParamsToCKTlsMacParam(JNIEnv *env, jobject jParam, + CK_TLS_MAC_PARAMS_PTR ckParamPtr) { jclass jTlsMacParamsClass; - CK_TLS_MAC_PARAMS ckParam; jfieldID fieldID; jlong jPrfMechanism, jUlMacLength, jUlServerOrClient; - memset(&ckParam, 0, sizeof(CK_TLS_MAC_PARAMS)); + memset(ckParamPtr, 0, sizeof(CK_TLS_MAC_PARAMS)); jTlsMacParamsClass = (*env)->FindClass(env, CLASS_TLS_MAC_PARAMS); - if (jTlsMacParamsClass == NULL) { return ckParam; } + if (jTlsMacParamsClass == NULL) { return; } /* get prfMechanism */ fieldID = (*env)->GetFieldID(env, jTlsMacParamsClass, "prfMechanism", "J"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jPrfMechanism = (*env)->GetLongField(env, jParam, fieldID); /* get ulMacLength */ fieldID = (*env)->GetFieldID(env, jTlsMacParamsClass, "ulMacLength", "J"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jUlMacLength = (*env)->GetLongField(env, jParam, fieldID); /* get ulServerOrClient */ fieldID = (*env)->GetFieldID(env, jTlsMacParamsClass, "ulServerOrClient", "J"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jUlServerOrClient = (*env)->GetLongField(env, jParam, fieldID); /* populate java values */ - ckParam.prfMechanism = jLongToCKULong(jPrfMechanism); - ckParam.ulMacLength = jLongToCKULong(jUlMacLength); - ckParam.ulServerOrClient = jLongToCKULong(jUlServerOrClient); - - return ckParam; + ckParamPtr->prfMechanism = jLongToCKULong(jPrfMechanism); + ckParamPtr->ulMacLength = jLongToCKULong(jUlMacLength); + ckParamPtr->ulServerOrClient = jLongToCKULong(jUlServerOrClient); } void keyMatParamToCKKeyMatParam(JNIEnv *env, jobject jParam, @@ -747,7 +738,7 @@ void keyMatParamToCKKeyMatParam(JNIEnv *env, jobject jParam, free(cKKeyMatParamRandomInfo->pClientRandom); return; } - /* allocate memory for pRetrunedKeyMaterial */ + /* allocate memory for pReturnedKeyMaterial */ *cKKeyMatParamPReturnedKeyMaterial = (CK_SSL3_KEY_MAT_OUT_PTR)malloc(sizeof(CK_SSL3_KEY_MAT_OUT)); if (*cKKeyMatParamPReturnedKeyMaterial == NULL) { @@ -789,22 +780,20 @@ void keyMatParamToCKKeyMatParam(JNIEnv *env, jobject jParam, * * @param env - used to call JNI funktions to get the Java classes and objects * @param jParam - the Java CK_SSL3_KEY_MAT_PARAMS object to convert - * @return - the new CK_SSL3_KEY_MAT_PARAMS structure + * @param ckParamPtr - pointer to the new CK_SSL3_KEY_MAT_PARAMS structure */ -CK_SSL3_KEY_MAT_PARAMS -jSsl3KeyMatParamToCKSsl3KeyMatParam(JNIEnv *env, jobject jParam) +void jSsl3KeyMatParamToCKSsl3KeyMatParam(JNIEnv *env, jobject jParam, + CK_SSL3_KEY_MAT_PARAMS_PTR ckParamPtr) { - CK_SSL3_KEY_MAT_PARAMS ckParam; jclass jSsl3KeyMatParamsClass; - memset(&ckParam, 0, sizeof(CK_SSL3_KEY_MAT_PARAMS)); + memset(ckParamPtr, 0, sizeof(CK_SSL3_KEY_MAT_PARAMS)); jSsl3KeyMatParamsClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_PARAMS); - if (jSsl3KeyMatParamsClass == NULL) { return ckParam; } + if (jSsl3KeyMatParamsClass == NULL) { return; } keyMatParamToCKKeyMatParam(env, jParam, jSsl3KeyMatParamsClass, - &ckParam.ulMacSizeInBits, &ckParam.ulKeySizeInBits, - &ckParam.ulIVSizeInBits, &ckParam.bIsExport, - &ckParam.RandomInfo, &ckParam.pReturnedKeyMaterial); - return ckParam; + &(ckParamPtr->ulMacSizeInBits), &(ckParamPtr->ulKeySizeInBits), + &(ckParamPtr->ulIVSizeInBits), &(ckParamPtr->bIsExport), + &(ckParamPtr->RandomInfo), &(ckParamPtr->pReturnedKeyMaterial)); } /* @@ -813,29 +802,27 @@ jSsl3KeyMatParamToCKSsl3KeyMatParam(JNIEnv *env, jobject jParam) * * @param env - used to call JNI functions to get the Java classes and objects * @param jParam - the Java CK_TLS12_KEY_MAT_PARAMS object to convert - * @return - the new CK_TLS12_KEY_MAT_PARAMS structure + * @param ckParamPtr - pointer to the new CK_TLS12_KEY_MAT_PARAMS structure */ -CK_TLS12_KEY_MAT_PARAMS jTls12KeyMatParamToCKTls12KeyMatParam(JNIEnv *env, - jobject jParam) +void jTls12KeyMatParamToCKTls12KeyMatParam(JNIEnv *env, + jobject jParam, CK_TLS12_KEY_MAT_PARAMS_PTR ckParamPtr) { - CK_TLS12_KEY_MAT_PARAMS ckParam; jclass jTls12KeyMatParamsClass; jfieldID fieldID; - memset(&ckParam, 0, sizeof(CK_TLS12_KEY_MAT_PARAMS)); + memset(ckParamPtr, 0, sizeof(CK_TLS12_KEY_MAT_PARAMS)); jTls12KeyMatParamsClass = (*env)->FindClass(env, CLASS_TLS12_KEY_MAT_PARAMS); - if (jTls12KeyMatParamsClass == NULL) { return ckParam; } + if (jTls12KeyMatParamsClass == NULL) { return; } keyMatParamToCKKeyMatParam(env, jParam, jTls12KeyMatParamsClass, - &ckParam.ulMacSizeInBits, &ckParam.ulKeySizeInBits, - &ckParam.ulIVSizeInBits, &ckParam.bIsExport, - &ckParam.RandomInfo, &ckParam.pReturnedKeyMaterial); + &(ckParamPtr->ulMacSizeInBits), &(ckParamPtr->ulKeySizeInBits), + &(ckParamPtr->ulIVSizeInBits), &(ckParamPtr->bIsExport), + &(ckParamPtr->RandomInfo), &(ckParamPtr->pReturnedKeyMaterial)); fieldID = (*env)->GetFieldID(env, jTls12KeyMatParamsClass, "prfHashMechanism", "J"); if (fieldID != NULL) { jlong prfHashMechanism = (*env)->GetLongField(env, jParam, fieldID); - ckParam.prfHashMechanism = (CK_MECHANISM_TYPE)prfHashMechanism; + ckParamPtr->prfHashMechanism = (CK_MECHANISM_TYPE)prfHashMechanism; } - return ckParam; } /* @@ -843,10 +830,10 @@ CK_TLS12_KEY_MAT_PARAMS jTls12KeyMatParamToCKTls12KeyMatParam(JNIEnv *env, * * @param env - used to call JNI funktions to get the Java classes and objects * @param jParam - the Java CK_AES_CTR_PARAMS object to convert - * @param ckpParam - pointer to the new CK_AES_CTR_PARAMS structure + * @param ckParamPtr - pointer to the new CK_AES_CTR_PARAMS structure */ void jAesCtrParamsToCKAesCtrParam(JNIEnv *env, jobject jParam, - CK_AES_CTR_PARAMS_PTR ckpParam) { + CK_AES_CTR_PARAMS_PTR ckParamPtr) { jclass jAesCtrParamsClass; jfieldID fieldID; jlong jCounterBits; @@ -857,6 +844,9 @@ void jAesCtrParamsToCKAesCtrParam(JNIEnv *env, jobject jParam, /* get ulCounterBits */ jAesCtrParamsClass = (*env)->FindClass(env, CLASS_AES_CTR_PARAMS); if (jAesCtrParamsClass == NULL) { return; } + if (!(*env)->IsInstanceOf(env, jParam, jAesCtrParamsClass)) { + return; + } fieldID = (*env)->GetFieldID(env, jAesCtrParamsClass, "ulCounterBits", "J"); if (fieldID == NULL) { return; } jCounterBits = (*env)->GetLongField(env, jParam, fieldID); @@ -867,40 +857,147 @@ void jAesCtrParamsToCKAesCtrParam(JNIEnv *env, jobject jParam, jCb = (*env)->GetObjectField(env, jParam, fieldID); /* populate java values */ - ckpParam->ulCounterBits = jLongToCKULong(jCounterBits); + ckParamPtr->ulCounterBits = jLongToCKULong(jCounterBits); jByteArrayToCKByteArray(env, jCb, &ckBytes, &ckTemp); if ((*env)->ExceptionCheck(env)) { return; } if (ckTemp != 16) { - TRACE1("ERROR: WRONG CTR IV LENGTH %d", ckTemp); + TRACE1("\nERROR: WRONG CTR IV LENGTH %lu", ckTemp); } else { - memcpy(ckpParam->cb, ckBytes, ckTemp); + memcpy(ckParamPtr->cb, ckBytes, ckTemp); free(ckBytes); } } /* - * converts a Java CK_MECHANISM object into a CK_MECHANISM structure + * converts the Java CK_GCM_PARAMS object to a CK_GCM_PARAMS structure + * + * @param env - used to call JNI funktions to get the Java classes and objects + * @param jParam - the Java CK_GCM_PARAMS object to convert + * @param ckpParam - pointer to the new CK_GCM_PARAMS structure + */ +void jGCMParamsToCKGCMParam(JNIEnv *env, jobject jParam, + CK_GCM_PARAMS_PTR ckpParam) { + jclass jGcmParamsClass; + jfieldID fieldID; + jobject jIv, jAad; + jlong jTagLen; + + /* get iv */ + jGcmParamsClass = (*env)->FindClass(env, CLASS_GCM_PARAMS); + if (jGcmParamsClass == NULL) { return; } + if (!(*env)->IsInstanceOf(env, jParam, jGcmParamsClass)) { + return; + } + + fieldID = (*env)->GetFieldID(env, jGcmParamsClass, "iv", "[B"); + if (fieldID == NULL) { return; } + jIv = (*env)->GetObjectField(env, jParam, fieldID); + + /* get aad */ + fieldID = (*env)->GetFieldID(env, jGcmParamsClass, "aad", "[B"); + if (fieldID == NULL) { return; } + jAad = (*env)->GetObjectField(env, jParam, fieldID); + + /* get tagLength */ + fieldID = (*env)->GetFieldID(env, jGcmParamsClass, "tagBits", "J"); + if (fieldID == NULL) { return; } + jTagLen = (*env)->GetLongField(env, jParam, fieldID); + + + /* populate java values */ + jByteArrayToCKByteArray(env, jIv, &(ckpParam->pIv), &(ckpParam->ulIvLen)); + if ((*env)->ExceptionCheck(env)) { return; } + + jByteArrayToCKByteArray(env, jAad, &(ckpParam->pAAD), &(ckpParam->ulAADLen)); + if ((*env)->ExceptionCheck(env)) { return; } + + ckpParam->ulTagBits = jLongToCKULong(jTagLen); +} + +/* + * converts the Java CK_CCM_PARAMS object to a CK_CCM_PARAMS structure + * + * @param env - used to call JNI functions to get the Java classes and objects + * @param jParam - the Java CK_CCM_PARAMS object to convert + * @param ckpParam - pointer to the new CK_CCM_PARAMS structure + */ +void jCCMParamsToCKCCMParam(JNIEnv *env, jobject jParam, + CK_CCM_PARAMS_PTR ckpParam) { + jclass jCcmParamsClass; + jfieldID fieldID; + jobject jNonce, jAad; + jlong jDataLen, jMacLen; + + /* get iv */ + jCcmParamsClass = (*env)->FindClass(env, CLASS_CCM_PARAMS); + if (jCcmParamsClass == NULL) { return; } + + if (!(*env)->IsInstanceOf(env, jParam, jCcmParamsClass)) { + return; + } + fieldID = (*env)->GetFieldID(env, jCcmParamsClass, "dataLen", "J"); + if (fieldID == NULL) { return; } + jDataLen = (*env)->GetLongField(env, jParam, fieldID); + + fieldID = (*env)->GetFieldID(env, jCcmParamsClass, "nonce", "[B"); + if (fieldID == NULL) { return; } + jNonce = (*env)->GetObjectField(env, jParam, fieldID); + + /* get aad */ + fieldID = (*env)->GetFieldID(env, jCcmParamsClass, "aad", "[B"); + if (fieldID == NULL) { return; } + jAad = (*env)->GetObjectField(env, jParam, fieldID); + + /* get macLen */ + fieldID = (*env)->GetFieldID(env, jCcmParamsClass, "macLen", "J"); + if (fieldID == NULL) { return; } + jMacLen = (*env)->GetLongField(env, jParam, fieldID); + + /* populate java values */ + ckpParam->ulDataLen = jLongToCKULong(jDataLen); + jByteArrayToCKByteArray(env, jNonce, &(ckpParam->pNonce), + &(ckpParam->ulNonceLen)); + jByteArrayToCKByteArray(env, jAad, &(ckpParam->pAAD), + &(ckpParam->ulAADLen)); + ckpParam->ulMACLen = jLongToCKULong(jMacLen); + if ((*env)->ExceptionCheck(env)) { return; } +} + +/* + * converts a Java CK_MECHANISM object into a pointer to a CK_MECHANISM + * structure. NOTE: CALLER IS RESPONSIBLE FOR FREEING THE RETURNED POINTER * * @param env - used to call JNI funktions to get the values out of the Java object * @param jMechanism - the Java CK_MECHANISM object to convert - * @return - the new CK_MECHANISM structure + * @return - pointer to the new CK_MECHANISM structure */ -void jMechanismToCKMechanism(JNIEnv *env, jobject jMechanism, CK_MECHANISM_PTR ckMechanismPtr) +CK_MECHANISM_PTR jMechanismToCKMechanismPtr(JNIEnv *env, jobject jMech) { - jlong jMechanismType = (*env)->GetLongField(env, jMechanism, mech_mechanismID); - jobject jParameter = (*env)->GetObjectField(env, jMechanism, mech_pParameterID); + CK_MECHANISM_PTR ckpMech; + jlong jMechType = (*env)->GetLongField(env, jMech, mech_mechanismID); + jobject jParam = (*env)->GetObjectField(env, jMech, mech_pParameterID); - (*ckMechanismPtr).mechanism = jLongToCKULong(jMechanismType); - - /* convert the specific Java mechanism parameter object to a pointer to a CK-type mechanism - * structure - */ - if (jParameter == NULL) { - (*ckMechanismPtr).pParameter = NULL; - (*ckMechanismPtr).ulParameterLen = 0; - } else { - jMechanismParameterToCKMechanismParameter(env, jParameter, &(*ckMechanismPtr).pParameter, &(*ckMechanismPtr).ulParameterLen); + /* allocate memory for CK_MECHANISM_PTR */ + ckpMech = (CK_MECHANISM_PTR) malloc(sizeof(CK_MECHANISM)); + if (ckpMech == NULL) { + throwOutOfMemoryError(env, 0); + return NULL; } + TRACE1("DEBUG jMechanismToCKMechanismPtr: allocated mech 0x%lX\n", ckpMech); + + ckpMech->mechanism = jLongToCKULong(jMechType); + + /* convert the specific Java mechanism parameter object to a pointer to a + * CK-type mechanism structure + */ + if (jParam == NULL) { + ckpMech->pParameter = NULL; + ckpMech->ulParameterLen = 0; + } else { + ckpMech->pParameter = jMechParamToCKMechParamPtr(env, jParam, + ckpMech->mechanism, &(ckpMech->ulParameterLen)); + } + return ckpMech; } /* @@ -909,15 +1006,14 @@ void jMechanismToCKMechanism(JNIEnv *env, jobject jMechanism, CK_MECHANISM_PTR c * jobject ckAttributeValueToJObject(JNIEnv *env, * const CK_ATTRIBUTE_PTR ckpAttribute); * - * void jObjectToPrimitiveCKObjectPtrPtr(JNIEnv *env, + * CK_VOID_PTR jObjectToPrimitiveCKObjectPtr(JNIEnv *env, * jobject jObject, - * CK_VOID_PTR *ckpObjectPtr, * CK_ULONG *pLength); * - * void jMechanismParameterToCKMechanismParameter(JNIEnv *env, - * jobject jParam, - * CK_VOID_PTR *ckpParamPtr, - * CK_ULONG *ckpLength); + * CK_VOID_PTR jMechParamToCKMechParamPtr(JNIEnv *env, + * jobject jParam, + * CK_MECHANISM_TYPE ckMech, + * CK_ULONG *ckpLength); * * These functions are used if a PKCS#11 mechanism or attribute structure gets * convertet to a Java attribute or mechanism object or vice versa. @@ -927,22 +1023,21 @@ void jMechanismToCKMechanism(JNIEnv *env, jobject jMechanism, CK_MECHANISM_PTR c * be a CK_ULONG, CK_BYTE[], CK_CHAR[], big integer, CK_BBOOL, CK_UTF8CHAR[], * CK_DATE or CK_FLAGS that gets converted to a corresponding Java object. * - * jObjectToPrimitiveCKObjectPtrPtr is used by jAttributeToCKAttributePtr for + * jObjectToPrimitiveCKObjectPtr is used by jAttributeToCKAttributePtr for * converting the Java attribute value to a PKCS#11 attribute value pointer. * For now only primitive datatypes and arrays of primitive datatypes can get * converted. Otherwise this function throws a PKCS#11Exception with the * errorcode CKR_VENDOR_DEFINED. * - * jMechanismParameterToCKMechanismParameter converts a Java mechanism parameter - * to a PKCS#11 mechanism parameter. First this function determines what mechanism - * parameter the Java object is, then it allocates the memory for the new PKCS#11 - * structure and calls the corresponding function to convert the Java object to - * a PKCS#11 mechanism parameter structure. + * jMechParamToCKMechParamPtr converts a Java mechanism parameter to a PKCS#11 + * mechanism parameter. Based on the specified PKCS#11 mechanism type, this + * function will allocate memory for a PKCS#11 parameter structure and + * populate its field using the Java object. */ /* - * converts the pValue of a CK_ATTRIBUTE structure into a Java Object by checking the type - * of the attribute. + * converts the pValue of a CK_ATTRIBUTE structure into a Java Object by + * checking the type of the attribute. * * @param env - used to call JNI funktions to create the new Java object * @param ckpAttribute - the pointer to the CK_ATTRIBUTE structure that contains the type @@ -1096,474 +1191,283 @@ jobject ckAttributeValueToJObject(JNIEnv *env, const CK_ATTRIBUTE_PTR ckpAttribu * * @param env - used to call JNI funktions to get the Java classes and objects * @param jParam - the Java mechanism parameter object to convert - * @param ckpParamPtr - the reference of the new pointer to the new CK mechanism parameter - * structure + * @param ckMech - the PKCS#11 mechanism type * @param ckpLength - the reference of the length in bytes of the new CK mechanism parameter * structure + * @return pointer to the new CK mechanism parameter structure */ -void jMechanismParameterToCKMechanismParameter(JNIEnv *env, jobject jParam, CK_VOID_PTR *ckpParamPtr, CK_ULONG *ckpLength) +CK_VOID_PTR jMechParamToCKMechParamPtr(JNIEnv *env, jobject jParam, + CK_MECHANISM_TYPE ckMech, CK_ULONG *ckpLength) { + CK_VOID_PTR ckpParamPtr; if (jParam == NULL) { - *ckpParamPtr = NULL; + ckpParamPtr = NULL; *ckpLength = 0; } else if ((*env)->IsInstanceOf(env, jParam, jByteArrayClass)) { - jByteArrayToCKByteArray(env, jParam, (CK_BYTE_PTR *)ckpParamPtr, ckpLength); + jByteArrayToCKByteArray(env, jParam, (CK_BYTE_PTR *) &ckpParamPtr, ckpLength); } else if ((*env)->IsInstanceOf(env, jParam, jLongClass)) { - *ckpParamPtr = jLongObjectToCKULongPtr(env, jParam); + ckpParamPtr = jLongObjectToCKULongPtr(env, jParam); *ckpLength = sizeof(CK_ULONG); } else { - TRACE0("\nSLOW PATH jMechanismParameterToCKMechanismParameter\n"); - jMechanismParameterToCKMechanismParameterSlow(env, jParam, ckpParamPtr, ckpLength); + ckpParamPtr = jMechParamToCKMechParamPtrSlow(env, jParam, ckMech, ckpLength); } + return ckpParamPtr; } -void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam, CK_VOID_PTR *ckpParamPtr, CK_ULONG *ckpLength) +CK_VOID_PTR jMechParamToCKMechParamPtrSlow(JNIEnv *env, jobject jParam, + CK_MECHANISM_TYPE ckMech, CK_ULONG *ckpLength) { - /* get all Java mechanism parameter classes */ - jclass jVersionClass, jSsl3MasterKeyDeriveParamsClass; - jclass jTls12MasterKeyDeriveParamsClass, jSsl3KeyMatParamsClass; - jclass jTls12KeyMatParamsClass; - jclass jTlsPrfParamsClass, jTlsMacParamsClass, jAesCtrParamsClass; - jclass jRsaPkcsOaepParamsClass; - jclass jPbeParamsClass, jPkcs5Pbkd2ParamsClass, jRsaPkcsPssParamsClass; - jclass jEcdh1DeriveParamsClass, jEcdh2DeriveParamsClass; - jclass jX942Dh1DeriveParamsClass, jX942Dh2DeriveParamsClass; - TRACE0("\nDEBUG: jMechanismParameterToCKMechanismParameter"); + CK_VOID_PTR ckpParamPtr = NULL; - /* most common cases, i.e. NULL/byte[]/long, are already handled by - * jMechanismParameterToCKMechanismParameter before calling this method. + /* + * Most common cases, i.e. NULL/byte[]/long, are already handled by + * jMechParamToCKMechParam before calling this method. */ - jVersionClass = (*env)->FindClass(env, CLASS_VERSION); - if (jVersionClass == NULL) { return; } - if ((*env)->IsInstanceOf(env, jParam, jVersionClass)) { - /* - * CK_VERSION used by CKM_SSL3_PRE_MASTER_KEY_GEN - */ - CK_VERSION_PTR ckpParam; + TRACE1("\nDEBUG: jMechParamToCKMechParamPtrSlow, mech=0x%lX", ckMech); - /* convert jParameter to CKParameter */ - ckpParam = jVersionToCKVersionPtr(env, jParam); + switch (ckMech) { + case CKM_SSL3_PRE_MASTER_KEY_GEN: + case CKM_TLS_PRE_MASTER_KEY_GEN: + *ckpLength = sizeof(CK_VERSION); + ckpParamPtr = jVersionToCKVersionPtr(env, jParam); + break; + case CKM_SSL3_MASTER_KEY_DERIVE: + case CKM_TLS_MASTER_KEY_DERIVE: + case CKM_SSL3_MASTER_KEY_DERIVE_DH: + case CKM_TLS_MASTER_KEY_DERIVE_DH: + ckpParamPtr = + malloc(sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS)); + if (ckpParamPtr == NULL) { + throwOutOfMemoryError(env, 0); + return NULL; + } + *ckpLength = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS); - /* get length and pointer of parameter */ - *ckpLength = sizeof(CK_VERSION); - *ckpParamPtr = ckpParam; - return; + jSsl3MasterKeyDeriveParamToCKSsl3MasterKeyDeriveParam(env, jParam, + (CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR) ckpParamPtr); + break; + case CKM_SSL3_KEY_AND_MAC_DERIVE: + case CKM_TLS_KEY_AND_MAC_DERIVE: + ckpParamPtr = + malloc(sizeof(CK_SSL3_KEY_MAT_PARAMS)); + if (ckpParamPtr == NULL) { + throwOutOfMemoryError(env, 0); + return NULL; + } + *ckpLength = sizeof(CK_SSL3_KEY_MAT_PARAMS); + + jSsl3KeyMatParamToCKSsl3KeyMatParam(env, jParam, + (CK_SSL3_KEY_MAT_PARAMS_PTR) ckpParamPtr); + break; + case CKM_TLS12_KEY_AND_MAC_DERIVE: + ckpParamPtr = + malloc(sizeof(CK_TLS12_KEY_MAT_PARAMS)); + if (ckpParamPtr == NULL) { + throwOutOfMemoryError(env, 0); + return NULL; + } + *ckpLength = sizeof(CK_TLS12_KEY_MAT_PARAMS); + + jTls12KeyMatParamToCKTls12KeyMatParam(env, jParam, + (CK_TLS12_KEY_MAT_PARAMS_PTR) ckpParamPtr); + break; + case CKM_TLS12_MASTER_KEY_DERIVE: + case CKM_TLS12_MASTER_KEY_DERIVE_DH: + ckpParamPtr = + malloc(sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS)); + if (ckpParamPtr == NULL) { + throwOutOfMemoryError(env, 0); + return NULL; + } + *ckpLength = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS); + + jTls12MasterKeyDeriveParamToCKTls12MasterKeyDeriveParam(env, jParam, + (CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR) ckpParamPtr); + break; + case CKM_TLS_PRF: + case CKM_NSS_TLS_PRF_GENERAL: + ckpParamPtr = malloc(sizeof(CK_TLS_PRF_PARAMS)); + if (ckpParamPtr == NULL) { + throwOutOfMemoryError(env, 0); + return NULL; + } + *ckpLength = sizeof(CK_TLS_PRF_PARAMS); + + jTlsPrfParamsToCKTlsPrfParam(env, jParam, + (CK_TLS_PRF_PARAMS_PTR) ckpParamPtr); + break; + case CKM_TLS_MAC: + ckpParamPtr = malloc(sizeof(CK_TLS_MAC_PARAMS)); + if (ckpParamPtr == NULL) { + throwOutOfMemoryError(env, 0); + return NULL; + } + *ckpLength = sizeof(CK_TLS_MAC_PARAMS); + + jTlsMacParamsToCKTlsMacParam(env, jParam, + (CK_TLS_MAC_PARAMS_PTR) ckpParamPtr); + break; + case CKM_AES_CTR: + ckpParamPtr = malloc(sizeof(CK_AES_CTR_PARAMS)); + if (ckpParamPtr == NULL) { + throwOutOfMemoryError(env, 0); + return NULL; + } + *ckpLength = sizeof(CK_AES_CTR_PARAMS); + + jAesCtrParamsToCKAesCtrParam(env, jParam, + (CK_AES_CTR_PARAMS_PTR) ckpParamPtr); + break; + case CKM_AES_GCM: + ckpParamPtr = malloc(sizeof(CK_GCM_PARAMS)); + if (ckpParamPtr == NULL) { + throwOutOfMemoryError(env, 0); + return NULL; + } + *ckpLength = sizeof(CK_GCM_PARAMS); + + jGCMParamsToCKGCMParam(env, jParam, (CK_GCM_PARAMS_PTR) ckpParamPtr); + break; + case CKM_AES_CCM: + ckpParamPtr = malloc(sizeof(CK_CCM_PARAMS)); + if (ckpParamPtr == NULL) { + throwOutOfMemoryError(env, 0); + return NULL; + } + *ckpLength = sizeof(CK_CCM_PARAMS); + + jCCMParamsToCKCCMParam(env, jParam, + (CK_CCM_PARAMS_PTR) ckpParamPtr); + break; + case CKM_RSA_PKCS_OAEP: + ckpParamPtr = malloc(sizeof(CK_RSA_PKCS_OAEP_PARAMS)); + if (ckpParamPtr == NULL) { + throwOutOfMemoryError(env, 0); + return NULL; + } + *ckpLength = sizeof(CK_RSA_PKCS_OAEP_PARAMS); + + jRsaPkcsOaepParamToCKRsaPkcsOaepParam(env, jParam, + (CK_RSA_PKCS_OAEP_PARAMS_PTR) ckpParamPtr); + break; + case CKM_PBE_SHA1_DES3_EDE_CBC: + case CKM_PBE_SHA1_DES2_EDE_CBC: + case CKM_PBA_SHA1_WITH_SHA1_HMAC: + ckpParamPtr = malloc(sizeof(CK_PBE_PARAMS)); + if (ckpParamPtr == NULL) { + throwOutOfMemoryError(env, 0); + return NULL; + } + + *ckpLength = sizeof(CK_PBE_PARAMS); + + jPbeParamToCKPbeParam(env, jParam, (CK_PBE_PARAMS_PTR) ckpParamPtr); + break; + case CKM_PKCS5_PBKD2: + ckpParamPtr = malloc(sizeof(CK_PKCS5_PBKD2_PARAMS)); + if (ckpParamPtr == NULL) { + throwOutOfMemoryError(env, 0); + return NULL; + } + *ckpLength = sizeof(CK_PKCS5_PBKD2_PARAMS); + + jPkcs5Pbkd2ParamToCKPkcs5Pbkd2Param(env, jParam, + (CK_PKCS5_PBKD2_PARAMS_PTR) ckpParamPtr); + break; + case CKM_RSA_PKCS_PSS: + case CKM_SHA1_RSA_PKCS_PSS: + case CKM_SHA256_RSA_PKCS_PSS: + case CKM_SHA384_RSA_PKCS_PSS: + case CKM_SHA512_RSA_PKCS_PSS: + case CKM_SHA224_RSA_PKCS_PSS: + ckpParamPtr = malloc(sizeof(CK_RSA_PKCS_PSS_PARAMS)); + if (ckpParamPtr == NULL) { + throwOutOfMemoryError(env, 0); + return NULL; + } + *ckpLength = sizeof(CK_RSA_PKCS_PSS_PARAMS); + + jRsaPkcsPssParamToCKRsaPkcsPssParam(env, jParam, + (CK_RSA_PKCS_PSS_PARAMS_PTR) ckpParamPtr); + break; + case CKM_ECDH1_DERIVE: + case CKM_ECDH1_COFACTOR_DERIVE: + ckpParamPtr = malloc(sizeof(CK_ECDH1_DERIVE_PARAMS)); + if (ckpParamPtr == NULL) { + throwOutOfMemoryError(env, 0); + return NULL; + } + *ckpLength = sizeof(CK_ECDH1_DERIVE_PARAMS); + + jEcdh1DeriveParamToCKEcdh1DeriveParam(env, jParam, + (CK_ECDH1_DERIVE_PARAMS_PTR) ckpParamPtr); + break; + case CKM_ECMQV_DERIVE: + ckpParamPtr = malloc(sizeof(CK_ECDH2_DERIVE_PARAMS)); + if (ckpParamPtr == NULL) { + throwOutOfMemoryError(env, 0); + return NULL; + } + *ckpLength = sizeof(CK_ECDH2_DERIVE_PARAMS); + + jEcdh2DeriveParamToCKEcdh2DeriveParam(env, jParam, + (CK_ECDH2_DERIVE_PARAMS_PTR) ckpParamPtr); + break; + case CKM_X9_42_DH_DERIVE: + ckpParamPtr = malloc(sizeof(CK_X9_42_DH1_DERIVE_PARAMS)); + if (ckpParamPtr == NULL) { + throwOutOfMemoryError(env, 0); + return NULL; + } + *ckpLength = sizeof(CK_X9_42_DH1_DERIVE_PARAMS); + + /* convert jParameter to CKParameter */ + jX942Dh1DeriveParamToCKX942Dh1DeriveParam(env, jParam, + (CK_X9_42_DH1_DERIVE_PARAMS_PTR) ckpParamPtr); + break; + case CKM_X9_42_DH_HYBRID_DERIVE: + case CKM_X9_42_MQV_DERIVE: + ckpParamPtr = malloc(sizeof(CK_X9_42_DH2_DERIVE_PARAMS)); + if (ckpParamPtr == NULL) { + throwOutOfMemoryError(env, 0); + return NULL; + } + *ckpLength = sizeof(CK_X9_42_DH2_DERIVE_PARAMS); + + jX942Dh2DeriveParamToCKX942Dh2DeriveParam(env, jParam, + (CK_X9_42_DH2_DERIVE_PARAMS_PTR) ckpParamPtr); + break; + // defined by pkcs11.h but we don't support + case CKM_KEA_DERIVE: // CK_KEA_DERIVE_PARAMS + case CKM_RC2_CBC: // CK_RC2_CBC_PARAMS + case CKM_RC2_MAC_GENERAL: // CK_RC2_MAC_GENERAL_PARAMS + case CKM_RC5_ECB: // CK_RC5_PARAMS + case CKM_RC5_MAC: // CK_RC5_PARAMS + case CKM_RC5_CBC: // CK_RC5_CBC_PARAMS + case CKM_RC5_MAC_GENERAL: // CK_RC5_MAC_GENERAL_PARAMS + case CKM_SKIPJACK_PRIVATE_WRAP: // CK_SKIPJACK_PRIVATE_WRAP_PARAMS + case CKM_SKIPJACK_RELAYX: // CK_SKIPJACK_RELAYX_PARAMS + case CKM_KEY_WRAP_SET_OAEP: // CK_KEY_WRAP_SET_OAEP_PARAMS + throwPKCS11RuntimeException(env, "No parameter support for this mchanism"); + break; + default: + /* if everything faild up to here */ + /* try if the parameter is a primitive Java type */ + ckpParamPtr = jObjectToPrimitiveCKObjectPtr(env, jParam, ckpLength); + /* *ckpParamPtr = jObjectToCKVoidPtr(jParam); */ + /* *ckpLength = 1; */ + } + TRACE0("\nDEBUG: jMechParamToCKMechParamPtrSlow FINISHED\n"); + + if ((*env)->ExceptionCheck(env)) { + free(ckpParamPtr); + *ckpLength = 0; + return NULL; } - jSsl3MasterKeyDeriveParamsClass = (*env)->FindClass(env, CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS); - if (jSsl3MasterKeyDeriveParamsClass == NULL) { return; } - if ((*env)->IsInstanceOf(env, jParam, jSsl3MasterKeyDeriveParamsClass)) { - /* - * CK_SSL3_MASTER_KEY_DERIVE_PARAMS - */ - CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR ckpParam; - - ckpParam = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR) malloc(sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS)); - if (ckpParam == NULL) { - throwOutOfMemoryError(env, 0); - return; - } - - /* convert jParameter to CKParameter */ - *ckpParam = jSsl3MasterKeyDeriveParamToCKSsl3MasterKeyDeriveParam(env, jParam); - if ((*env)->ExceptionCheck(env)) { - free(ckpParam); - return; - } - - /* get length and pointer of parameter */ - *ckpLength = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS); - *ckpParamPtr = ckpParam; - return; - } - - jSsl3KeyMatParamsClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_PARAMS); - if (jSsl3KeyMatParamsClass == NULL) { return; } - if ((*env)->IsInstanceOf(env, jParam, jSsl3KeyMatParamsClass)) { - /* - * CK_SSL3_KEY_MAT_PARAMS - */ - CK_SSL3_KEY_MAT_PARAMS_PTR ckpParam; - - ckpParam = (CK_SSL3_KEY_MAT_PARAMS_PTR) malloc(sizeof(CK_SSL3_KEY_MAT_PARAMS)); - if (ckpParam == NULL) { - throwOutOfMemoryError(env, 0); - return; - } - - /* convert jParameter to CKParameter */ - *ckpParam = jSsl3KeyMatParamToCKSsl3KeyMatParam(env, jParam); - if ((*env)->ExceptionCheck(env)) { - free(ckpParam); - return; - } - - /* get length and pointer of parameter */ - *ckpLength = sizeof(CK_SSL3_KEY_MAT_PARAMS); - *ckpParamPtr = ckpParam; - return; - } - - jTls12KeyMatParamsClass = (*env)->FindClass(env, CLASS_TLS12_KEY_MAT_PARAMS); - if (jTls12KeyMatParamsClass == NULL) { return; } - if ((*env)->IsInstanceOf(env, jParam, jTls12KeyMatParamsClass)) { - /* - * CK_TLS12_KEY_MAT_PARAMS - */ - CK_TLS12_KEY_MAT_PARAMS_PTR ckpParam; - - ckpParam = (CK_TLS12_KEY_MAT_PARAMS_PTR) malloc(sizeof(CK_TLS12_KEY_MAT_PARAMS)); - if (ckpParam == NULL) { - throwOutOfMemoryError(env, 0); - return; - } - - /* convert jParameter to CKParameter */ - *ckpParam = jTls12KeyMatParamToCKTls12KeyMatParam(env, jParam); - if ((*env)->ExceptionCheck(env)) { - free(ckpParam); - return; - } - - /* get length and pointer of parameter */ - *ckpLength = sizeof(CK_TLS12_KEY_MAT_PARAMS); - *ckpParamPtr = ckpParam; - return; - } - - jTls12MasterKeyDeriveParamsClass = - (*env)->FindClass(env, CLASS_TLS12_MASTER_KEY_DERIVE_PARAMS); - if (jTls12MasterKeyDeriveParamsClass == NULL) { return; } - if ((*env)->IsInstanceOf(env, jParam, jTls12MasterKeyDeriveParamsClass)) { - /* - * CK_TLS12_MASTER_KEY_DERIVE_PARAMS - */ - CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR ckpParam; - - ckpParam = (CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR)malloc( - sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS)); - if (ckpParam == NULL) { - throwOutOfMemoryError(env, 0); - return; - } - - /* convert jParameter to CKParameter */ - *ckpParam = jTls12MasterKeyDeriveParamToCKTls12MasterKeyDeriveParam(env, jParam); - if ((*env)->ExceptionCheck(env)) { - free(ckpParam); - return; - } - - /* get length and pointer of parameter */ - *ckpLength = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS); - *ckpParamPtr = ckpParam; - return; - } - - jTlsPrfParamsClass = (*env)->FindClass(env, CLASS_TLS_PRF_PARAMS); - if (jTlsPrfParamsClass == NULL) { return; } - if ((*env)->IsInstanceOf(env, jParam, jTlsPrfParamsClass)) { - /* - * CK_TLS_PRF_PARAMS - */ - CK_TLS_PRF_PARAMS_PTR ckpParam; - - ckpParam = (CK_TLS_PRF_PARAMS_PTR) malloc(sizeof(CK_TLS_PRF_PARAMS)); - if (ckpParam == NULL) { - throwOutOfMemoryError(env, 0); - return; - } - - /* convert jParameter to CKParameter */ - *ckpParam = jTlsPrfParamsToCKTlsPrfParam(env, jParam); - if ((*env)->ExceptionCheck(env)) { - free(ckpParam); - return; - } - - /* get length and pointer of parameter */ - *ckpLength = sizeof(CK_TLS_PRF_PARAMS); - *ckpParamPtr = ckpParam; - return; - } - - jTlsMacParamsClass = (*env)->FindClass(env, CLASS_TLS_MAC_PARAMS); - if (jTlsMacParamsClass == NULL) { return; } - if ((*env)->IsInstanceOf(env, jParam, jTlsMacParamsClass)) { - CK_TLS_MAC_PARAMS_PTR ckpParam; - - ckpParam = (CK_TLS_MAC_PARAMS_PTR) malloc(sizeof(CK_TLS_MAC_PARAMS)); - if (ckpParam == NULL) { - throwOutOfMemoryError(env, 0); - return; - } - - /* convert jParameter to CKParameter */ - *ckpParam = jTlsMacParamsToCKTlsMacParam(env, jParam); - if ((*env)->ExceptionCheck(env)) { - free(ckpParam); - return; - } - - /* get length and pointer of parameter */ - *ckpLength = sizeof(CK_TLS_MAC_PARAMS); - *ckpParamPtr = ckpParam; - return; - } - - jAesCtrParamsClass = (*env)->FindClass(env, CLASS_AES_CTR_PARAMS); - if (jAesCtrParamsClass == NULL) { return; } - if ((*env)->IsInstanceOf(env, jParam, jAesCtrParamsClass)) { - /* - * CK_AES_CTR_PARAMS - */ - CK_AES_CTR_PARAMS_PTR ckpParam; - - ckpParam = (CK_AES_CTR_PARAMS_PTR) malloc(sizeof(CK_AES_CTR_PARAMS)); - if (ckpParam == NULL) { - throwOutOfMemoryError(env, 0); - return; - } - - /* convert jParameter to CKParameter */ - jAesCtrParamsToCKAesCtrParam(env, jParam, ckpParam); - if ((*env)->ExceptionCheck(env)) { - free(ckpParam); - return; - } - - /* get length and pointer of parameter */ - *ckpLength = sizeof(CK_AES_CTR_PARAMS); - *ckpParamPtr = ckpParam; - return; - } - - jRsaPkcsOaepParamsClass = (*env)->FindClass(env, CLASS_RSA_PKCS_OAEP_PARAMS); - if (jRsaPkcsOaepParamsClass == NULL) { return; } - if ((*env)->IsInstanceOf(env, jParam, jRsaPkcsOaepParamsClass)) { - /* - * CK_RSA_PKCS_OAEP_PARAMS - */ - CK_RSA_PKCS_OAEP_PARAMS_PTR ckpParam; - - ckpParam = (CK_RSA_PKCS_OAEP_PARAMS_PTR) malloc(sizeof(CK_RSA_PKCS_OAEP_PARAMS)); - if (ckpParam == NULL) { - throwOutOfMemoryError(env, 0); - return; - } - - /* convert jParameter to CKParameter */ - *ckpParam = jRsaPkcsOaepParamToCKRsaPkcsOaepParam(env, jParam); - if ((*env)->ExceptionCheck(env)) { - free(ckpParam); - return; - } - - /* get length and pointer of parameter */ - *ckpLength = sizeof(CK_RSA_PKCS_OAEP_PARAMS); - *ckpParamPtr = ckpParam; - return; - } - - jPbeParamsClass = (*env)->FindClass(env, CLASS_PBE_PARAMS); - if (jPbeParamsClass == NULL) { return; } - if ((*env)->IsInstanceOf(env, jParam, jPbeParamsClass)) { - /* - * CK_PBE_PARAMS - */ - CK_PBE_PARAMS_PTR ckpParam; - - ckpParam = (CK_PBE_PARAMS_PTR) malloc(sizeof(CK_PBE_PARAMS)); - if (ckpParam == NULL) { - throwOutOfMemoryError(env, 0); - return; - } - - /* convert jParameter to CKParameter */ - *ckpParam = jPbeParamToCKPbeParam(env, jParam); - if ((*env)->ExceptionCheck(env)) { - free(ckpParam); - return; - } - - /* get length and pointer of parameter */ - *ckpLength = sizeof(CK_PBE_PARAMS); - *ckpParamPtr = ckpParam; - return; - } - - jPkcs5Pbkd2ParamsClass = (*env)->FindClass(env, CLASS_PKCS5_PBKD2_PARAMS); - if (jPkcs5Pbkd2ParamsClass == NULL) { return; } - if ((*env)->IsInstanceOf(env, jParam, jPkcs5Pbkd2ParamsClass)) { - /* - * CK_PKCS5_PBKD2_PARAMS - */ - CK_PKCS5_PBKD2_PARAMS_PTR ckpParam; - - ckpParam = (CK_PKCS5_PBKD2_PARAMS_PTR) malloc(sizeof(CK_PKCS5_PBKD2_PARAMS)); - if (ckpParam == NULL) { - throwOutOfMemoryError(env, 0); - return; - } - - /* convert jParameter to CKParameter */ - *ckpParam = jPkcs5Pbkd2ParamToCKPkcs5Pbkd2Param(env, jParam); - if ((*env)->ExceptionCheck(env)) { - free(ckpParam); - return; - } - - /* get length and pointer of parameter */ - *ckpLength = sizeof(CK_PKCS5_PBKD2_PARAMS); - *ckpParamPtr = ckpParam; - return; - } - - jRsaPkcsPssParamsClass = (*env)->FindClass(env, CLASS_RSA_PKCS_PSS_PARAMS); - if (jRsaPkcsPssParamsClass == NULL) { return; } - if ((*env)->IsInstanceOf(env, jParam, jRsaPkcsPssParamsClass)) { - /* - * CK_RSA_PKCS_PSS_PARAMS - */ - CK_RSA_PKCS_PSS_PARAMS_PTR ckpParam; - - ckpParam = (CK_RSA_PKCS_PSS_PARAMS_PTR) malloc(sizeof(CK_RSA_PKCS_PSS_PARAMS)); - if (ckpParam == NULL) { - throwOutOfMemoryError(env, 0); - return; - } - - /* convert jParameter to CKParameter */ - *ckpParam = jRsaPkcsPssParamToCKRsaPkcsPssParam(env, jParam); - if ((*env)->ExceptionCheck(env)) { - free(ckpParam); - return; - } - - /* get length and pointer of parameter */ - *ckpLength = sizeof(CK_RSA_PKCS_PSS_PARAMS); - *ckpParamPtr = ckpParam; - return; - } - - jEcdh1DeriveParamsClass = (*env)->FindClass(env, CLASS_ECDH1_DERIVE_PARAMS); - if (jEcdh1DeriveParamsClass == NULL) { return; } - if ((*env)->IsInstanceOf(env, jParam, jEcdh1DeriveParamsClass)) { - /* - * CK_ECDH1_DERIVE_PARAMS - */ - CK_ECDH1_DERIVE_PARAMS_PTR ckpParam; - - ckpParam = (CK_ECDH1_DERIVE_PARAMS_PTR) malloc(sizeof(CK_ECDH1_DERIVE_PARAMS)); - if (ckpParam == NULL) { - throwOutOfMemoryError(env, 0); - return; - } - - /* convert jParameter to CKParameter */ - *ckpParam = jEcdh1DeriveParamToCKEcdh1DeriveParam(env, jParam); - if ((*env)->ExceptionCheck(env)) { - free(ckpParam); - return; - } - - /* get length and pointer of parameter */ - *ckpLength = sizeof(CK_ECDH1_DERIVE_PARAMS); - *ckpParamPtr = ckpParam; - return; - } - - jEcdh2DeriveParamsClass = (*env)->FindClass(env, CLASS_ECDH2_DERIVE_PARAMS); - if (jEcdh2DeriveParamsClass == NULL) { return; } - if ((*env)->IsInstanceOf(env, jParam, jEcdh2DeriveParamsClass)) { - /* - * CK_ECDH2_DERIVE_PARAMS - */ - CK_ECDH2_DERIVE_PARAMS_PTR ckpParam; - - ckpParam = (CK_ECDH2_DERIVE_PARAMS_PTR) malloc(sizeof(CK_ECDH2_DERIVE_PARAMS)); - if (ckpParam == NULL) { - throwOutOfMemoryError(env, 0); - return; - } - - /* convert jParameter to CKParameter */ - *ckpParam = jEcdh2DeriveParamToCKEcdh2DeriveParam(env, jParam); - if ((*env)->ExceptionCheck(env)) { - free(ckpParam); - return; - } - - /* get length and pointer of parameter */ - *ckpLength = sizeof(CK_ECDH2_DERIVE_PARAMS); - *ckpParamPtr = ckpParam; - return; - } - - jX942Dh1DeriveParamsClass = (*env)->FindClass(env, CLASS_X9_42_DH1_DERIVE_PARAMS); - if (jX942Dh1DeriveParamsClass == NULL) { return; } - if ((*env)->IsInstanceOf(env, jParam, jX942Dh1DeriveParamsClass)) { - /* - * CK_X9_42_DH1_DERIVE_PARAMS - */ - CK_X9_42_DH1_DERIVE_PARAMS_PTR ckpParam; - - ckpParam = (CK_X9_42_DH1_DERIVE_PARAMS_PTR) malloc(sizeof(CK_X9_42_DH1_DERIVE_PARAMS)); - if (ckpParam == NULL) { - throwOutOfMemoryError(env, 0); - return; - } - - /* convert jParameter to CKParameter */ - *ckpParam = jX942Dh1DeriveParamToCKX942Dh1DeriveParam(env, jParam); - if ((*env)->ExceptionCheck(env)) { - free(ckpParam); - return; - } - - /* get length and pointer of parameter */ - *ckpLength = sizeof(CK_X9_42_DH1_DERIVE_PARAMS); - *ckpParamPtr = ckpParam; - return; - } - - jX942Dh2DeriveParamsClass = (*env)->FindClass(env, CLASS_X9_42_DH2_DERIVE_PARAMS); - if (jX942Dh2DeriveParamsClass == NULL) { return; } - if ((*env)->IsInstanceOf(env, jParam, jX942Dh2DeriveParamsClass)) { - /* - * CK_X9_42_DH2_DERIVE_PARAMS - */ - CK_X9_42_DH2_DERIVE_PARAMS_PTR ckpParam; - - ckpParam = (CK_X9_42_DH2_DERIVE_PARAMS_PTR) malloc(sizeof(CK_X9_42_DH2_DERIVE_PARAMS)); - if (ckpParam == NULL) { - throwOutOfMemoryError(env, 0); - return; - } - - /* convert jParameter to CKParameter */ - *ckpParam = jX942Dh2DeriveParamToCKX942Dh2DeriveParam(env, jParam); - if ((*env)->ExceptionCheck(env)) { - free(ckpParam); - return; - } - - /* get length and pointer of parameter */ - *ckpLength = sizeof(CK_X9_42_DH2_DERIVE_PARAMS); - *ckpParamPtr = ckpParam; - return; - } - - /* if everything faild up to here */ - /* try if the parameter is a primitive Java type */ - jObjectToPrimitiveCKObjectPtrPtr(env, jParam, ckpParamPtr, ckpLength); - /* *ckpParamPtr = jObjectToCKVoidPtr(jParam); */ - /* *ckpLength = 1; */ - - TRACE0("FINISHED\n"); + return ckpParamPtr; } - /* the mechanism parameter convertion functions: */ /* @@ -1573,47 +1477,45 @@ void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam, * @param jParam - the Java CK_RSA_PKCS_OAEP_PARAMS object to convert * @return - the new CK_RSA_PKCS_OAEP_PARAMS structure */ -CK_RSA_PKCS_OAEP_PARAMS jRsaPkcsOaepParamToCKRsaPkcsOaepParam(JNIEnv *env, jobject jParam) +void jRsaPkcsOaepParamToCKRsaPkcsOaepParam(JNIEnv *env, jobject jParam, +CK_RSA_PKCS_OAEP_PARAMS_PTR ckParamPtr) { jclass jRsaPkcsOaepParamsClass; - CK_RSA_PKCS_OAEP_PARAMS ckParam; jfieldID fieldID; jlong jHashAlg, jMgf, jSource; jobject jSourceData; CK_BYTE_PTR ckpByte; - memset(&ckParam, 0, sizeof(CK_RSA_PKCS_OAEP_PARAMS)); + memset(ckParamPtr, 0, sizeof(CK_RSA_PKCS_OAEP_PARAMS)); /* get hashAlg */ jRsaPkcsOaepParamsClass = (*env)->FindClass(env, CLASS_RSA_PKCS_OAEP_PARAMS); - if (jRsaPkcsOaepParamsClass == NULL) { return ckParam; } + if (jRsaPkcsOaepParamsClass == NULL) { return; } fieldID = (*env)->GetFieldID(env, jRsaPkcsOaepParamsClass, "hashAlg", "J"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jHashAlg = (*env)->GetLongField(env, jParam, fieldID); /* get mgf */ fieldID = (*env)->GetFieldID(env, jRsaPkcsOaepParamsClass, "mgf", "J"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jMgf = (*env)->GetLongField(env, jParam, fieldID); /* get source */ fieldID = (*env)->GetFieldID(env, jRsaPkcsOaepParamsClass, "source", "J"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jSource = (*env)->GetLongField(env, jParam, fieldID); /* get sourceData and sourceDataLength */ fieldID = (*env)->GetFieldID(env, jRsaPkcsOaepParamsClass, "pSourceData", "[B"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jSourceData = (*env)->GetObjectField(env, jParam, fieldID); /* populate java values */ - ckParam.hashAlg = jLongToCKULong(jHashAlg); - ckParam.mgf = jLongToCKULong(jMgf); - ckParam.source = jLongToCKULong(jSource); - jByteArrayToCKByteArray(env, jSourceData, & ckpByte, &(ckParam.ulSourceDataLen)); - if ((*env)->ExceptionCheck(env)) { return ckParam; } - ckParam.pSourceData = (CK_VOID_PTR) ckpByte; - - return ckParam ; + ckParamPtr->hashAlg = jLongToCKULong(jHashAlg); + ckParamPtr->mgf = jLongToCKULong(jMgf); + ckParamPtr->source = jLongToCKULong(jSource); + jByteArrayToCKByteArray(env, jSourceData, & ckpByte, &(ckParamPtr->ulSourceDataLen)); + if ((*env)->ExceptionCheck(env)) { return; } + ckParamPtr->pSourceData = (CK_VOID_PTR) ckpByte; } /* @@ -1621,57 +1523,55 @@ CK_RSA_PKCS_OAEP_PARAMS jRsaPkcsOaepParamToCKRsaPkcsOaepParam(JNIEnv *env, jobje * * @param env - used to call JNI funktions to get the Java classes and objects * @param jParam - the Java CK_PBE_PARAMS object to convert - * @return - the new CK_PBE_PARAMS structure + * @param ckParamPtr pointer to the new CK_PBE_PARAMS structure */ -CK_PBE_PARAMS jPbeParamToCKPbeParam(JNIEnv *env, jobject jParam) +void jPbeParamToCKPbeParam(JNIEnv *env, jobject jParam, +CK_PBE_PARAMS_PTR ckParamPtr) { jclass jPbeParamsClass; - CK_PBE_PARAMS ckParam; jfieldID fieldID; jlong jIteration; jobject jInitVector, jPassword, jSalt; CK_ULONG ckTemp; - memset(&ckParam, 0, sizeof(CK_PBE_PARAMS)); + memset(ckParamPtr, 0, sizeof(CK_PBE_PARAMS)); /* get pInitVector */ jPbeParamsClass = (*env)->FindClass(env, CLASS_PBE_PARAMS); - if (jPbeParamsClass == NULL) { return ckParam; } + if (jPbeParamsClass == NULL) { return; } fieldID = (*env)->GetFieldID(env, jPbeParamsClass, "pInitVector", "[C"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jInitVector = (*env)->GetObjectField(env, jParam, fieldID); /* get pPassword and ulPasswordLength */ fieldID = (*env)->GetFieldID(env, jPbeParamsClass, "pPassword", "[C"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jPassword = (*env)->GetObjectField(env, jParam, fieldID); /* get pSalt and ulSaltLength */ fieldID = (*env)->GetFieldID(env, jPbeParamsClass, "pSalt", "[C"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jSalt = (*env)->GetObjectField(env, jParam, fieldID); /* get ulIteration */ fieldID = (*env)->GetFieldID(env, jPbeParamsClass, "ulIteration", "J"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jIteration = (*env)->GetLongField(env, jParam, fieldID); /* populate java values */ - ckParam.ulIteration = jLongToCKULong(jIteration); - jCharArrayToCKCharArray(env, jInitVector, &(ckParam.pInitVector), &ckTemp); - if ((*env)->ExceptionCheck(env)) { return ckParam; } - jCharArrayToCKCharArray(env, jPassword, &(ckParam.pPassword), &(ckParam.ulPasswordLen)); + ckParamPtr->ulIteration = jLongToCKULong(jIteration); + jCharArrayToCKCharArray(env, jInitVector, &(ckParamPtr->pInitVector), &ckTemp); + if ((*env)->ExceptionCheck(env)) { return; } + jCharArrayToCKCharArray(env, jPassword, &(ckParamPtr->pPassword), &(ckParamPtr->ulPasswordLen)); if ((*env)->ExceptionCheck(env)) { - free(ckParam.pInitVector); - return ckParam; + free(ckParamPtr->pInitVector); + return; } - jCharArrayToCKCharArray(env, jSalt, &(ckParam.pSalt), &(ckParam.ulSaltLen)); + jCharArrayToCKCharArray(env, jSalt, &(ckParamPtr->pSalt), &(ckParamPtr->ulSaltLen)); if ((*env)->ExceptionCheck(env)) { - free(ckParam.pInitVector); - free(ckParam.pPassword); - return ckParam; + free(ckParamPtr->pInitVector); + free(ckParamPtr->pPassword); + return; } - - return ckParam ; } /* @@ -1741,57 +1641,55 @@ void copyBackPBEInitializationVector(JNIEnv *env, CK_MECHANISM *ckMechanism, job * * @param env - used to call JNI funktions to get the Java classes and objects * @param jParam - the Java CK_PKCS5_PBKD2_PARAMS object to convert - * @return - the new CK_PKCS5_PBKD2_PARAMS structure + * @param ckParamPtr - pointer to the new CK_PKCS5_PBKD2_PARAMS structure */ -CK_PKCS5_PBKD2_PARAMS jPkcs5Pbkd2ParamToCKPkcs5Pbkd2Param(JNIEnv *env, jobject jParam) +void jPkcs5Pbkd2ParamToCKPkcs5Pbkd2Param(JNIEnv *env, jobject jParam, +CK_PKCS5_PBKD2_PARAMS_PTR ckParamPtr) { jclass jPkcs5Pbkd2ParamsClass; - CK_PKCS5_PBKD2_PARAMS ckParam; jfieldID fieldID; jlong jSaltSource, jIteration, jPrf; jobject jSaltSourceData, jPrfData; - memset(&ckParam, 0, sizeof(CK_PKCS5_PBKD2_PARAMS)); + memset(ckParamPtr, 0, sizeof(CK_PKCS5_PBKD2_PARAMS)); /* get saltSource */ jPkcs5Pbkd2ParamsClass = (*env)->FindClass(env, CLASS_PKCS5_PBKD2_PARAMS); - if (jPkcs5Pbkd2ParamsClass == NULL) { return ckParam; } + if (jPkcs5Pbkd2ParamsClass == NULL) { return; } fieldID = (*env)->GetFieldID(env, jPkcs5Pbkd2ParamsClass, "saltSource", "J"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jSaltSource = (*env)->GetLongField(env, jParam, fieldID); /* get pSaltSourceData */ fieldID = (*env)->GetFieldID(env, jPkcs5Pbkd2ParamsClass, "pSaltSourceData", "[B"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jSaltSourceData = (*env)->GetObjectField(env, jParam, fieldID); /* get iterations */ fieldID = (*env)->GetFieldID(env, jPkcs5Pbkd2ParamsClass, "iterations", "J"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jIteration = (*env)->GetLongField(env, jParam, fieldID); /* get prf */ fieldID = (*env)->GetFieldID(env, jPkcs5Pbkd2ParamsClass, "prf", "J"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jPrf = (*env)->GetLongField(env, jParam, fieldID); /* get pPrfData and ulPrfDataLength in byte */ fieldID = (*env)->GetFieldID(env, jPkcs5Pbkd2ParamsClass, "pPrfData", "[B"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jPrfData = (*env)->GetObjectField(env, jParam, fieldID); /* populate java values */ - ckParam.saltSource = jLongToCKULong(jSaltSource); - jByteArrayToCKByteArray(env, jSaltSourceData, (CK_BYTE_PTR *) &(ckParam.pSaltSourceData), &(ckParam.ulSaltSourceDataLen)); - if ((*env)->ExceptionCheck(env)) { return ckParam; } - ckParam.iterations = jLongToCKULong(jIteration); - ckParam.prf = jLongToCKULong(jPrf); - jByteArrayToCKByteArray(env, jPrfData, (CK_BYTE_PTR *) &(ckParam.pPrfData), &(ckParam.ulPrfDataLen)); + ckParamPtr->saltSource = jLongToCKULong(jSaltSource); + jByteArrayToCKByteArray(env, jSaltSourceData, (CK_BYTE_PTR *) &(ckParamPtr->pSaltSourceData), &(ckParamPtr->ulSaltSourceDataLen)); + if ((*env)->ExceptionCheck(env)) { return; } + ckParamPtr->iterations = jLongToCKULong(jIteration); + ckParamPtr->prf = jLongToCKULong(jPrf); + jByteArrayToCKByteArray(env, jPrfData, (CK_BYTE_PTR *) &(ckParamPtr->pPrfData), &(ckParamPtr->ulPrfDataLen)); if ((*env)->ExceptionCheck(env)) { - free(ckParam.pSaltSourceData); - return ckParam; + free(ckParamPtr->pSaltSourceData); + return; } - - return ckParam ; } /* @@ -1799,39 +1697,40 @@ CK_PKCS5_PBKD2_PARAMS jPkcs5Pbkd2ParamToCKPkcs5Pbkd2Param(JNIEnv *env, jobject j * * @param env - used to call JNI funktions to get the Java classes and objects * @param jParam - the Java CK_RSA_PKCS_PSS_PARAMS object to convert - * @return - the new CK_RSA_PKCS_PSS_PARAMS structure + * @param ckParamPtr - pointer to the new CK_RSA_PKCS_PSS_PARAMS structure */ -CK_RSA_PKCS_PSS_PARAMS jRsaPkcsPssParamToCKRsaPkcsPssParam(JNIEnv *env, jobject jParam) +void jRsaPkcsPssParamToCKRsaPkcsPssParam(JNIEnv *env, jobject jParam, +CK_RSA_PKCS_PSS_PARAMS_PTR ckParamPtr) { jclass jRsaPkcsPssParamsClass; - CK_RSA_PKCS_PSS_PARAMS ckParam; jfieldID fieldID; jlong jHashAlg, jMgf, jSLen; - memset(&ckParam, 0, sizeof(CK_RSA_PKCS_PSS_PARAMS)); + memset(ckParamPtr, 0, sizeof(CK_RSA_PKCS_PSS_PARAMS)); /* get hashAlg */ jRsaPkcsPssParamsClass = (*env)->FindClass(env, CLASS_RSA_PKCS_PSS_PARAMS); - if (jRsaPkcsPssParamsClass == NULL) { return ckParam; } + if (jRsaPkcsPssParamsClass == NULL) { return; } fieldID = (*env)->GetFieldID(env, jRsaPkcsPssParamsClass, "hashAlg", "J"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jHashAlg = (*env)->GetLongField(env, jParam, fieldID); /* get mgf */ fieldID = (*env)->GetFieldID(env, jRsaPkcsPssParamsClass, "mgf", "J"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jMgf = (*env)->GetLongField(env, jParam, fieldID); /* get sLen */ fieldID = (*env)->GetFieldID(env, jRsaPkcsPssParamsClass, "sLen", "J"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jSLen = (*env)->GetLongField(env, jParam, fieldID); /* populate java values */ - ckParam.hashAlg = jLongToCKULong(jHashAlg); - ckParam.mgf = jLongToCKULong(jMgf); - ckParam.sLen = jLongToCKULong(jSLen); - - return ckParam ; + ckParamPtr->hashAlg = jLongToCKULong(jHashAlg); + ckParamPtr->mgf = jLongToCKULong(jMgf); + ckParamPtr->sLen = jLongToCKULong(jSLen); + TRACE1("DEBUG: jRsaPkcsPssParamToCKRsaPkcsPssParam, hashAlg=0x%lX\n", ckParamPtr->hashAlg); + TRACE1("DEBUG: jRsaPkcsPssParamToCKRsaPkcsPssParam, mgf=0x%lX\n", ckParamPtr->mgf); + TRACE1("DEBUG: jRsaPkcsPssParamToCKRsaPkcsPssParam, sLen=%lu\n", ckParamPtr->sLen); } /* @@ -1839,46 +1738,44 @@ CK_RSA_PKCS_PSS_PARAMS jRsaPkcsPssParamToCKRsaPkcsPssParam(JNIEnv *env, jobject * * @param env - used to call JNI funktions to get the Java classes and objects * @param jParam - the Java CK_ECDH1_DERIVE_PARAMS object to convert - * @return - the new CK_ECDH1_DERIVE_PARAMS structure + * @param ckParamPtr - the new CK_ECDH1_DERIVE_PARAMS structure */ -CK_ECDH1_DERIVE_PARAMS jEcdh1DeriveParamToCKEcdh1DeriveParam(JNIEnv *env, jobject jParam) +void jEcdh1DeriveParamToCKEcdh1DeriveParam(JNIEnv *env, jobject jParam, +CK_ECDH1_DERIVE_PARAMS_PTR ckParamPtr) { jclass jEcdh1DeriveParamsClass; - CK_ECDH1_DERIVE_PARAMS ckParam; jfieldID fieldID; jlong jLong; jobject jSharedData, jPublicData; - memset(&ckParam, 0, sizeof(CK_ECDH1_DERIVE_PARAMS)); + memset(ckParamPtr, 0, sizeof(CK_ECDH1_DERIVE_PARAMS)); /* get kdf */ jEcdh1DeriveParamsClass = (*env)->FindClass(env, CLASS_ECDH1_DERIVE_PARAMS); - if (jEcdh1DeriveParamsClass == NULL) { return ckParam; } + if (jEcdh1DeriveParamsClass == NULL) { return; } fieldID = (*env)->GetFieldID(env, jEcdh1DeriveParamsClass, "kdf", "J"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jLong = (*env)->GetLongField(env, jParam, fieldID); - ckParam.kdf = jLongToCKULong(jLong); + ckParamPtr->kdf = jLongToCKULong(jLong); /* get pSharedData and ulSharedDataLen */ fieldID = (*env)->GetFieldID(env, jEcdh1DeriveParamsClass, "pSharedData", "[B"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jSharedData = (*env)->GetObjectField(env, jParam, fieldID); /* get pPublicData and ulPublicDataLen */ fieldID = (*env)->GetFieldID(env, jEcdh1DeriveParamsClass, "pPublicData", "[B"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jPublicData = (*env)->GetObjectField(env, jParam, fieldID); /* populate java values */ - ckParam.kdf = jLongToCKULong(jLong); - jByteArrayToCKByteArray(env, jSharedData, &(ckParam.pSharedData), &(ckParam.ulSharedDataLen)); - if ((*env)->ExceptionCheck(env)) { return ckParam; } - jByteArrayToCKByteArray(env, jPublicData, &(ckParam.pPublicData), &(ckParam.ulPublicDataLen)); + ckParamPtr->kdf = jLongToCKULong(jLong); + jByteArrayToCKByteArray(env, jSharedData, &(ckParamPtr->pSharedData), &(ckParamPtr->ulSharedDataLen)); + if ((*env)->ExceptionCheck(env)) { return; } + jByteArrayToCKByteArray(env, jPublicData, &(ckParamPtr->pPublicData), &(ckParamPtr->ulPublicDataLen)); if ((*env)->ExceptionCheck(env)) { - free(ckParam.pSharedData); - return ckParam; + free(ckParamPtr->pSharedData); + return; } - - return ckParam ; } /* @@ -1886,67 +1783,66 @@ CK_ECDH1_DERIVE_PARAMS jEcdh1DeriveParamToCKEcdh1DeriveParam(JNIEnv *env, jobjec * * @param env - used to call JNI funktions to get the Java classes and objects * @param jParam - the Java CK_ECDH2_DERIVE_PARAMS object to convert - * @return - the new CK_ECDH2_DERIVE_PARAMS structure + * @param ckParamPtr - pointer to the new CK_ECDH2_DERIVE_PARAMS structure */ -CK_ECDH2_DERIVE_PARAMS jEcdh2DeriveParamToCKEcdh2DeriveParam(JNIEnv *env, jobject jParam) +void jEcdh2DeriveParamToCKEcdh2DeriveParam(JNIEnv *env, jobject jParam, +CK_ECDH2_DERIVE_PARAMS_PTR ckParamPtr) { jclass jEcdh2DeriveParamsClass; - CK_ECDH2_DERIVE_PARAMS ckParam; jfieldID fieldID; jlong jKdf, jPrivateDataLen, jPrivateData; jobject jSharedData, jPublicData, jPublicData2; - memset(&ckParam, 0, sizeof(CK_ECDH2_DERIVE_PARAMS)); + memset(ckParamPtr, 0, sizeof(CK_ECDH2_DERIVE_PARAMS)); /* get kdf */ jEcdh2DeriveParamsClass = (*env)->FindClass(env, CLASS_ECDH2_DERIVE_PARAMS); - if (jEcdh2DeriveParamsClass == NULL) { return ckParam; } + if (jEcdh2DeriveParamsClass == NULL) { return; } fieldID = (*env)->GetFieldID(env, jEcdh2DeriveParamsClass, "kdf", "J"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jKdf = (*env)->GetLongField(env, jParam, fieldID); /* get pSharedData and ulSharedDataLen */ fieldID = (*env)->GetFieldID(env, jEcdh2DeriveParamsClass, "pSharedData", "[B"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jSharedData = (*env)->GetObjectField(env, jParam, fieldID); /* get pPublicData and ulPublicDataLen */ fieldID = (*env)->GetFieldID(env, jEcdh2DeriveParamsClass, "pPublicData", "[B"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jPublicData = (*env)->GetObjectField(env, jParam, fieldID); /* get ulPrivateDataLen */ fieldID = (*env)->GetFieldID(env, jEcdh2DeriveParamsClass, "ulPrivateDataLen", "J"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jPrivateDataLen = (*env)->GetLongField(env, jParam, fieldID); /* get hPrivateData */ fieldID = (*env)->GetFieldID(env, jEcdh2DeriveParamsClass, "hPrivateData", "J"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jPrivateData = (*env)->GetLongField(env, jParam, fieldID); /* get pPublicData2 and ulPublicDataLen2 */ fieldID = (*env)->GetFieldID(env, jEcdh2DeriveParamsClass, "pPublicData2", "[B"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jPublicData2 = (*env)->GetObjectField(env, jParam, fieldID); /* populate java values */ - ckParam.kdf = jLongToCKULong(jKdf); - jByteArrayToCKByteArray(env, jSharedData, &(ckParam.pSharedData), &(ckParam.ulSharedDataLen)); - if ((*env)->ExceptionCheck(env)) { return ckParam; } - jByteArrayToCKByteArray(env, jPublicData, &(ckParam.pPublicData), &(ckParam.ulPublicDataLen)); + ckParamPtr->kdf = jLongToCKULong(jKdf); + jByteArrayToCKByteArray(env, jSharedData, &(ckParamPtr->pSharedData), &(ckParamPtr->ulSharedDataLen)); + if ((*env)->ExceptionCheck(env)) { return; } + jByteArrayToCKByteArray(env, jPublicData, &(ckParamPtr->pPublicData), &(ckParamPtr->ulPublicDataLen)); if ((*env)->ExceptionCheck(env)) { - free(ckParam.pSharedData); - return ckParam; + free(ckParamPtr->pSharedData); + return; } - ckParam.ulPrivateDataLen = jLongToCKULong(jPrivateDataLen); - ckParam.hPrivateData = jLongToCKULong(jPrivateData); - jByteArrayToCKByteArray(env, jPublicData2, &(ckParam.pPublicData2), &(ckParam.ulPublicDataLen2)); + ckParamPtr->ulPrivateDataLen = jLongToCKULong(jPrivateDataLen); + ckParamPtr->hPrivateData = jLongToCKULong(jPrivateData); + jByteArrayToCKByteArray(env, jPublicData2, &(ckParamPtr->pPublicData2), &(ckParamPtr->ulPublicDataLen2)); if ((*env)->ExceptionCheck(env)) { - free(ckParam.pSharedData); - free(ckParam.pPublicData); - return ckParam; + free(ckParamPtr->pSharedData); + free(ckParamPtr->pPublicData); + return; } - return ckParam ; } /* @@ -1954,45 +1850,43 @@ CK_ECDH2_DERIVE_PARAMS jEcdh2DeriveParamToCKEcdh2DeriveParam(JNIEnv *env, jobjec * * @param env - used to call JNI funktions to get the Java classes and objects * @param jParam - the Java CK_X9_42_DH1_DERIVE_PARAMS object to convert - * @return - the new CK_X9_42_DH1_DERIVE_PARAMS structure + * @param ckParamPtr - pointer to the new CK_X9_42_DH1_DERIVE_PARAMS structure */ -CK_X9_42_DH1_DERIVE_PARAMS jX942Dh1DeriveParamToCKX942Dh1DeriveParam(JNIEnv *env, jobject jParam) +void jX942Dh1DeriveParamToCKX942Dh1DeriveParam(JNIEnv *env, jobject jParam, + CK_X9_42_DH1_DERIVE_PARAMS_PTR ckParamPtr) { jclass jX942Dh1DeriveParamsClass; - CK_X9_42_DH1_DERIVE_PARAMS ckParam; jfieldID fieldID; jlong jKdf; jobject jOtherInfo, jPublicData; - memset(&ckParam, 0, sizeof(CK_X9_42_DH1_DERIVE_PARAMS)); + memset(ckParamPtr, 0, sizeof(CK_X9_42_DH1_DERIVE_PARAMS)); /* get kdf */ jX942Dh1DeriveParamsClass = (*env)->FindClass(env, CLASS_X9_42_DH1_DERIVE_PARAMS); - if (jX942Dh1DeriveParamsClass == NULL) { return ckParam; } + if (jX942Dh1DeriveParamsClass == NULL) { return; } fieldID = (*env)->GetFieldID(env, jX942Dh1DeriveParamsClass, "kdf", "J"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jKdf = (*env)->GetLongField(env, jParam, fieldID); /* get pOtherInfo and ulOtherInfoLen */ fieldID = (*env)->GetFieldID(env, jX942Dh1DeriveParamsClass, "pOtherInfo", "[B"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jOtherInfo = (*env)->GetObjectField(env, jParam, fieldID); /* get pPublicData and ulPublicDataLen */ fieldID = (*env)->GetFieldID(env, jX942Dh1DeriveParamsClass, "pPublicData", "[B"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jPublicData = (*env)->GetObjectField(env, jParam, fieldID); /* populate java values */ - ckParam.kdf = jLongToCKULong(jKdf); - jByteArrayToCKByteArray(env, jOtherInfo, &(ckParam.pOtherInfo), &(ckParam.ulOtherInfoLen)); - if ((*env)->ExceptionCheck(env)) { return ckParam; } - jByteArrayToCKByteArray(env, jPublicData, &(ckParam.pPublicData), &(ckParam.ulPublicDataLen)); + ckParamPtr->kdf = jLongToCKULong(jKdf); + jByteArrayToCKByteArray(env, jOtherInfo, &(ckParamPtr->pOtherInfo), &(ckParamPtr->ulOtherInfoLen)); + if ((*env)->ExceptionCheck(env)) { return; } + jByteArrayToCKByteArray(env, jPublicData, &(ckParamPtr->pPublicData), &(ckParamPtr->ulPublicDataLen)); if ((*env)->ExceptionCheck(env)) { - free(ckParam.pOtherInfo); - return ckParam; + free(ckParamPtr->pOtherInfo); + return; } - - return ckParam ; } /* @@ -2000,66 +1894,64 @@ CK_X9_42_DH1_DERIVE_PARAMS jX942Dh1DeriveParamToCKX942Dh1DeriveParam(JNIEnv *env * * @param env - used to call JNI funktions to get the Java classes and objects * @param jParam - the Java CK_X9_42_DH2_DERIVE_PARAMS object to convert - * @return - the new CK_X9_42_DH2_DERIVE_PARAMS structure + * @param ckParamPtr - pointer to the new CK_X9_42_DH2_DERIVE_PARAMS structure */ -CK_X9_42_DH2_DERIVE_PARAMS jX942Dh2DeriveParamToCKX942Dh2DeriveParam(JNIEnv *env, jobject jParam) +void jX942Dh2DeriveParamToCKX942Dh2DeriveParam(JNIEnv *env, jobject jParam, + CK_X9_42_DH2_DERIVE_PARAMS_PTR ckParamPtr) { jclass jX942Dh2DeriveParamsClass; - CK_X9_42_DH2_DERIVE_PARAMS ckParam; jfieldID fieldID; jlong jKdf, jPrivateDataLen, jPrivateData; jobject jOtherInfo, jPublicData, jPublicData2; - memset(&ckParam, 0, sizeof(CK_X9_42_DH2_DERIVE_PARAMS)); + memset(ckParamPtr, 0, sizeof(CK_X9_42_DH2_DERIVE_PARAMS)); /* get kdf */ jX942Dh2DeriveParamsClass = (*env)->FindClass(env, CLASS_X9_42_DH2_DERIVE_PARAMS); - if (jX942Dh2DeriveParamsClass == NULL) { return ckParam; } + if (jX942Dh2DeriveParamsClass == NULL) { return; } fieldID = (*env)->GetFieldID(env, jX942Dh2DeriveParamsClass, "kdf", "J"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jKdf = (*env)->GetLongField(env, jParam, fieldID); /* get pOtherInfo and ulOtherInfoLen */ fieldID = (*env)->GetFieldID(env, jX942Dh2DeriveParamsClass, "pOtherInfo", "[B"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jOtherInfo = (*env)->GetObjectField(env, jParam, fieldID); /* get pPublicData and ulPublicDataLen */ fieldID = (*env)->GetFieldID(env, jX942Dh2DeriveParamsClass, "pPublicData", "[B"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jPublicData = (*env)->GetObjectField(env, jParam, fieldID); /* get ulPrivateDataLen */ fieldID = (*env)->GetFieldID(env, jX942Dh2DeriveParamsClass, "ulPrivateDataLen", "J"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jPrivateDataLen = (*env)->GetLongField(env, jParam, fieldID); /* get hPrivateData */ fieldID = (*env)->GetFieldID(env, jX942Dh2DeriveParamsClass, "hPrivateData", "J"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jPrivateData = (*env)->GetLongField(env, jParam, fieldID); /* get pPublicData2 and ulPublicDataLen2 */ fieldID = (*env)->GetFieldID(env, jX942Dh2DeriveParamsClass, "pPublicData2", "[B"); - if (fieldID == NULL) { return ckParam; } + if (fieldID == NULL) { return; } jPublicData2 = (*env)->GetObjectField(env, jParam, fieldID); /* populate java values */ - ckParam.kdf = jLongToCKULong(jKdf); - jByteArrayToCKByteArray(env, jOtherInfo, &(ckParam.pOtherInfo), &(ckParam.ulOtherInfoLen)); - if ((*env)->ExceptionCheck(env)) { return ckParam; } - jByteArrayToCKByteArray(env, jPublicData, &(ckParam.pPublicData), &(ckParam.ulPublicDataLen)); + ckParamPtr->kdf = jLongToCKULong(jKdf); + jByteArrayToCKByteArray(env, jOtherInfo, &(ckParamPtr->pOtherInfo), &(ckParamPtr->ulOtherInfoLen)); + if ((*env)->ExceptionCheck(env)) { return; } + jByteArrayToCKByteArray(env, jPublicData, &(ckParamPtr->pPublicData), &(ckParamPtr->ulPublicDataLen)); if ((*env)->ExceptionCheck(env)) { - free(ckParam.pOtherInfo); - return ckParam; + free(ckParamPtr->pOtherInfo); + return; } - ckParam.ulPrivateDataLen = jLongToCKULong(jPrivateDataLen); - ckParam.hPrivateData = jLongToCKULong(jPrivateData); - jByteArrayToCKByteArray(env, jPublicData2, &(ckParam.pPublicData2), &(ckParam.ulPublicDataLen2)); + ckParamPtr->ulPrivateDataLen = jLongToCKULong(jPrivateDataLen); + ckParamPtr->hPrivateData = jLongToCKULong(jPrivateData); + jByteArrayToCKByteArray(env, jPublicData2, &(ckParamPtr->pPublicData2), &(ckParamPtr->ulPublicDataLen2)); if ((*env)->ExceptionCheck(env)) { - free(ckParam.pOtherInfo); - free(ckParam.pPublicData); - return ckParam; + free(ckParamPtr->pOtherInfo); + free(ckParamPtr->pPublicData); + return; } - - return ckParam ; } diff --git a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_crypt.c b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_crypt.c index 2696483f730..bc424e76400 100644 --- a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_crypt.c +++ b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_crypt.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -71,7 +71,7 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1EncryptInit jobject jMechanism, jlong jKeyHandle) { CK_SESSION_HANDLE ckSessionHandle; - CK_MECHANISM ckMechanism; + CK_MECHANISM_PTR ckpMechanism = NULL; CK_OBJECT_HANDLE ckKeyHandle; CK_RV rv; @@ -80,15 +80,14 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1EncryptInit ckSessionHandle = jLongToCKULong(jSessionHandle); ckKeyHandle = jLongToCKULong(jKeyHandle); - jMechanismToCKMechanism(env, jMechanism, &ckMechanism); + ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism); if ((*env)->ExceptionCheck(env)) { return; } - rv = (*ckpFunctions->C_EncryptInit)(ckSessionHandle, &ckMechanism, + rv = (*ckpFunctions->C_EncryptInit)(ckSessionHandle, ckpMechanism, ckKeyHandle); - if (ckMechanism.pParameter != NULL_PTR) { - free(ckMechanism.pParameter); - } + // if OAEP, then cannot free here + freeCKMechanismPtr(ckpMechanism); if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } } @@ -98,54 +97,67 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1EncryptInit /* * Class: sun_security_pkcs11_wrapper_PKCS11 * Method: C_Encrypt - * Signature: (J[BII[BII)I + * Signature: (JJ[BIIJ[BII)I * Parametermapping: *PKCS11* * @param jlong jSessionHandle CK_SESSION_HANDLE hSession + * @param jlong directIn CK_BYTE_PTR pData * @param jbyteArray jData CK_BYTE_PTR pData * CK_ULONG ulDataLen - * @return jbyteArray jEncryptedData CK_BYTE_PTR pEncryptedData + * @param jlong directOut CK_BYTE_PTR pEncryptedData + * @return jint encryptedDataLen CK_BYTE_PTR pEncryptedData * CK_ULONG_PTR pulEncryptedDataLen */ JNIEXPORT jint JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1Encrypt (JNIEnv *env, jobject obj, jlong jSessionHandle, - jbyteArray jIn, jint jInOfs, jint jInLen, - jbyteArray jOut, jint jOutOfs, jint jOutLen) + jlong directIn, jbyteArray jIn, jint jInOfs, jint jInLen, + jlong directOut, jbyteArray jOut, jint jOutOfs, jint jOutLen) { CK_SESSION_HANDLE ckSessionHandle; CK_RV rv; CK_BYTE_PTR inBufP; CK_BYTE_PTR outBufP; - CK_ULONG ckEncryptedPartLen; + CK_ULONG ckEncryptedLen = 0; CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); if (ckpFunctions == NULL) { return 0; } ckSessionHandle = jLongToCKULong(jSessionHandle); - inBufP = (*env)->GetPrimitiveArrayCritical(env, jIn, NULL); - if (inBufP == NULL) { return 0; } - - outBufP = (*env)->GetPrimitiveArrayCritical(env, jOut, NULL); - if (outBufP == NULL) { - // Make sure to release inBufP - (*env)->ReleasePrimitiveArrayCritical(env, jIn, inBufP, JNI_ABORT); - return 0; + if (directIn != 0) { + inBufP = (CK_BYTE_PTR) jlong_to_ptr(directIn); + } else { + inBufP = (*env)->GetPrimitiveArrayCritical(env, jIn, NULL); + if (inBufP == NULL) { return 0; } } - ckEncryptedPartLen = jOutLen; + if (directOut != 0) { + outBufP = (CK_BYTE_PTR) jlong_to_ptr(directOut); + } else { + outBufP = (*env)->GetPrimitiveArrayCritical(env, jOut, NULL); + if (outBufP == NULL) { + goto cleanup; + } + } + + ckEncryptedLen = jOutLen; rv = (*ckpFunctions->C_Encrypt)(ckSessionHandle, (CK_BYTE_PTR)(inBufP + jInOfs), jInLen, (CK_BYTE_PTR)(outBufP + jOutOfs), - &ckEncryptedPartLen); - - (*env)->ReleasePrimitiveArrayCritical(env, jIn, inBufP, JNI_ABORT); - (*env)->ReleasePrimitiveArrayCritical(env, jOut, outBufP, JNI_COMMIT); + &ckEncryptedLen); ckAssertReturnValueOK(env, rv); - return ckEncryptedPartLen; + +cleanup: + if (directIn == 0 && inBufP != NULL) { + (*env)->ReleasePrimitiveArrayCritical(env, jIn, inBufP, JNI_ABORT); + } + if (directOut == 0 && outBufP != NULL) { + (*env)->ReleasePrimitiveArrayCritical(env, jOut, outBufP, JNI_COMMIT); + } + return ckEncryptedLen; } #endif @@ -172,7 +184,7 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1EncryptUpdate CK_BYTE_PTR inBufP; CK_BYTE_PTR outBufP; - CK_ULONG ckEncryptedPartLen; + CK_ULONG ckEncryptedPartLen = 0; CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); if (ckpFunctions == NULL) { return 0; } @@ -191,34 +203,26 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1EncryptUpdate } else { outBufP = (*env)->GetPrimitiveArrayCritical(env, jOut, NULL); if (outBufP == NULL) { - // Make sure to release inBufP - (*env)->ReleasePrimitiveArrayCritical(env, jIn, inBufP, JNI_ABORT); - return 0; + goto cleanup; } } ckEncryptedPartLen = jOutLen; - //printf("EU: inBufP=%i, jInOfs=%i, jInLen=%i, outBufP=%i\n", - // inBufP, jInOfs, jInLen, outBufP); - rv = (*ckpFunctions->C_EncryptUpdate)(ckSessionHandle, (CK_BYTE_PTR)(inBufP + jInOfs), jInLen, (CK_BYTE_PTR)(outBufP + jOutOfs), &ckEncryptedPartLen); - //printf("EU: ckEncryptedPartLen=%i\n", ckEncryptedPartLen); - - if (directIn == 0) { - (*env)->ReleasePrimitiveArrayCritical(env, jIn, inBufP, JNI_ABORT); - } - - if (directOut == 0) { - (*env)->ReleasePrimitiveArrayCritical(env, jOut, outBufP, JNI_COMMIT); - } - ckAssertReturnValueOK(env, rv); +cleanup: + if (directIn == 0 && inBufP != NULL) { + (*env)->ReleasePrimitiveArrayCritical(env, jIn, inBufP, JNI_ABORT); + } + if (directOut == 0 && outBufP != NULL) { + (*env)->ReleasePrimitiveArrayCritical(env, jOut, outBufP, JNI_COMMIT); + } return ckEncryptedPartLen; } #endif @@ -257,14 +261,10 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1EncryptFinal ckLastEncryptedPartLen = jOutLen; - //printf("EF: outBufP=%i\n", outBufP); - rv = (*ckpFunctions->C_EncryptFinal)(ckSessionHandle, (CK_BYTE_PTR)(outBufP + jOutOfs), &ckLastEncryptedPartLen); - //printf("EF: ckLastEncryptedPartLen=%i", ckLastEncryptedPartLen); - if (directOut == 0) { (*env)->ReleasePrimitiveArrayCritical(env, jOut, outBufP, JNI_COMMIT); } @@ -291,7 +291,7 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1DecryptInit jobject jMechanism, jlong jKeyHandle) { CK_SESSION_HANDLE ckSessionHandle; - CK_MECHANISM ckMechanism; + CK_MECHANISM_PTR ckpMechanism = NULL; CK_OBJECT_HANDLE ckKeyHandle; CK_RV rv; @@ -300,15 +300,14 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1DecryptInit ckSessionHandle = jLongToCKULong(jSessionHandle); ckKeyHandle = jLongToCKULong(jKeyHandle); - jMechanismToCKMechanism(env, jMechanism, &ckMechanism); + ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism); if ((*env)->ExceptionCheck(env)) { return; } - rv = (*ckpFunctions->C_DecryptInit)(ckSessionHandle, &ckMechanism, + rv = (*ckpFunctions->C_DecryptInit)(ckSessionHandle, ckpMechanism, ckKeyHandle); - if (ckMechanism.pParameter != NULL_PTR) { - free(ckMechanism.pParameter); - } + // if OAEP, then cannot free here + freeCKMechanismPtr(ckpMechanism); if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } } @@ -318,7 +317,7 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1DecryptInit /* * Class: sun_security_pkcs11_wrapper_PKCS11 * Method: C_Decrypt - * Signature: (J[BII[BII)I + * Signature: (JJ[BIIJ[BII)I * Parametermapping: *PKCS11* * @param jlong jSessionHandle CK_SESSION_HANDLE hSession * @param jbyteArray jEncryptedData CK_BYTE_PTR pEncryptedData @@ -329,44 +328,53 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1DecryptInit JNIEXPORT jint JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1Decrypt (JNIEnv *env, jobject obj, jlong jSessionHandle, - jbyteArray jIn, jint jInOfs, jint jInLen, - jbyteArray jOut, jint jOutOfs, jint jOutLen) + jlong directIn, jbyteArray jIn, jint jInOfs, jint jInLen, + jlong directOut, jbyteArray jOut, jint jOutOfs, jint jOutLen) { CK_SESSION_HANDLE ckSessionHandle; CK_RV rv; CK_BYTE_PTR inBufP; CK_BYTE_PTR outBufP; - CK_ULONG ckPartLen; + CK_ULONG ckOutLen = 0; CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); if (ckpFunctions == NULL) { return 0; } ckSessionHandle = jLongToCKULong(jSessionHandle); - inBufP = (*env)->GetPrimitiveArrayCritical(env, jIn, NULL); - if (inBufP == NULL) { return 0; } - - outBufP = (*env)->GetPrimitiveArrayCritical(env, jOut, NULL); - if (outBufP == NULL) { - // Make sure to release inBufP - (*env)->ReleasePrimitiveArrayCritical(env, jIn, inBufP, JNI_ABORT); - return 0; + if (directIn != 0) { + inBufP = (CK_BYTE_PTR) jlong_to_ptr(directIn); + } else { + inBufP = (*env)->GetPrimitiveArrayCritical(env, jIn, NULL); + if (inBufP == NULL) { return 0; } } - ckPartLen = jOutLen; + if (directOut != 0) { + outBufP = (CK_BYTE_PTR) jlong_to_ptr(directOut); + } else { + outBufP = (*env)->GetPrimitiveArrayCritical(env, jOut, NULL); + if (outBufP == NULL) { + goto cleanup; + } + } + ckOutLen = jOutLen; rv = (*ckpFunctions->C_Decrypt)(ckSessionHandle, (CK_BYTE_PTR)(inBufP + jInOfs), jInLen, (CK_BYTE_PTR)(outBufP + jOutOfs), - &ckPartLen); - - (*env)->ReleasePrimitiveArrayCritical(env, jIn, inBufP, JNI_ABORT); - (*env)->ReleasePrimitiveArrayCritical(env, jOut, outBufP, JNI_COMMIT); + &ckOutLen); ckAssertReturnValueOK(env, rv); - return ckPartLen; +cleanup: + if (directIn == 0 && inBufP != NULL) { + (*env)->ReleasePrimitiveArrayCritical(env, jIn, inBufP, JNI_ABORT); + } + if (directOut == 0 && outBufP != NULL) { + (*env)->ReleasePrimitiveArrayCritical(env, jOut, outBufP, JNI_COMMIT); + } + return ckOutLen; } #endif @@ -393,7 +401,7 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1DecryptUpdate CK_BYTE_PTR inBufP; CK_BYTE_PTR outBufP; - CK_ULONG ckDecryptedPartLen; + CK_ULONG ckDecryptedPartLen = 0; CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); if (ckpFunctions == NULL) { return 0; } @@ -412,28 +420,24 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1DecryptUpdate } else { outBufP = (*env)->GetPrimitiveArrayCritical(env, jOut, NULL); if (outBufP == NULL) { - // Make sure to release inBufP - (*env)->ReleasePrimitiveArrayCritical(env, jIn, inBufP, JNI_ABORT); - return 0; + goto cleanup; } } ckDecryptedPartLen = jOutLen; - rv = (*ckpFunctions->C_DecryptUpdate)(ckSessionHandle, (CK_BYTE_PTR)(inBufP + jInOfs), jInLen, (CK_BYTE_PTR)(outBufP + jOutOfs), &ckDecryptedPartLen); - if (directIn == 0) { - (*env)->ReleasePrimitiveArrayCritical(env, jIn, inBufP, JNI_ABORT); - } - - if (directOut == 0) { - (*env)->ReleasePrimitiveArrayCritical(env, jOut, outBufP, JNI_COMMIT); - } - ckAssertReturnValueOK(env, rv); +cleanup: + if (directIn == 0 && inBufP != NULL) { + (*env)->ReleasePrimitiveArrayCritical(env, jIn, inBufP, JNI_ABORT); + } + if (directOut == 0 && outBufP != NULL) { + (*env)->ReleasePrimitiveArrayCritical(env, jOut, outBufP, JNI_COMMIT); + } return ckDecryptedPartLen; } diff --git a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_digest.c b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_digest.c index 68e4ff5e65f..77b9eb11cfe 100644 --- a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_digest.c +++ b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_digest.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -68,21 +68,19 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DigestInit (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism) { CK_SESSION_HANDLE ckSessionHandle; - CK_MECHANISM ckMechanism; + CK_MECHANISM_PTR ckpMechanism = NULL; CK_RV rv; CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); if (ckpFunctions == NULL) { return; } ckSessionHandle = jLongToCKULong(jSessionHandle); - jMechanismToCKMechanism(env, jMechanism, &ckMechanism); + ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism); if ((*env)->ExceptionCheck(env)) { return; } - rv = (*ckpFunctions->C_DigestInit)(ckSessionHandle, &ckMechanism); + rv = (*ckpFunctions->C_DigestInit)(ckSessionHandle, ckpMechanism); - if (ckMechanism.pParameter != NULL_PTR) { - free(ckMechanism.pParameter); - } + freeCKMechanismPtr(ckpMechanism); if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } } @@ -101,53 +99,50 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DigestInit * CK_ULONG_PTR pulDigestLen */ JNIEXPORT jint JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DigestSingle - (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jbyteArray jIn, jint jInOfs, jint jInLen, jbyteArray jDigest, jint jDigestOfs, jint jDigestLen) + (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, + jbyteArray jIn, jint jInOfs, jint jInLen, jbyteArray jDigest, + jint jDigestOfs, jint jDigestLen) { CK_SESSION_HANDLE ckSessionHandle; CK_RV rv; - CK_BYTE_PTR bufP; CK_BYTE BUF[MAX_STACK_BUFFER_LEN]; + CK_BYTE_PTR bufP = BUF; CK_BYTE DIGESTBUF[MAX_DIGEST_LEN]; - CK_ULONG ckDigestLength = min(MAX_DIGEST_LEN, jDigestLen); - CK_MECHANISM ckMechanism; + CK_ULONG ckDigestLength = 0; + CK_MECHANISM_PTR ckpMechanism = NULL; CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); if (ckpFunctions == NULL) { return 0; } ckSessionHandle = jLongToCKULong(jSessionHandle); - jMechanismToCKMechanism(env, jMechanism, &ckMechanism); + ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism); if ((*env)->ExceptionCheck(env)) { return 0; } - rv = (*ckpFunctions->C_DigestInit)(ckSessionHandle, &ckMechanism); + rv = (*ckpFunctions->C_DigestInit)(ckSessionHandle, ckpMechanism); + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { goto cleanup; } - if (ckMechanism.pParameter != NULL_PTR) { - free(ckMechanism.pParameter); - } - - if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return 0; } - - if (jInLen <= MAX_STACK_BUFFER_LEN) { - bufP = BUF; - } else { + if (jInLen > MAX_STACK_BUFFER_LEN) { /* always use single part op, even for large data */ bufP = (CK_BYTE_PTR) malloc((size_t)jInLen); if (bufP == NULL) { throwOutOfMemoryError(env, 0); - return 0; + goto cleanup; } } (*env)->GetByteArrayRegion(env, jIn, jInOfs, jInLen, (jbyte *)bufP); if ((*env)->ExceptionCheck(env)) { - if (bufP != BUF) { free(bufP); } - return 0; + goto cleanup; } + ckDigestLength = min(MAX_DIGEST_LEN, jDigestLen); + rv = (*ckpFunctions->C_Digest)(ckSessionHandle, bufP, jInLen, DIGESTBUF, &ckDigestLength); if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { (*env)->SetByteArrayRegion(env, jDigest, jDigestOfs, ckDigestLength, (jbyte *)DIGESTBUF); } - +cleanup: + freeCKMechanismPtr(ckpMechanism); if (bufP != BUF) { free(bufP); } return ckDigestLength; @@ -165,7 +160,8 @@ JNIEXPORT jint JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DigestSingle * CK_ULONG ulDataLen */ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DigestUpdate - (JNIEnv *env, jobject obj, jlong jSessionHandle, jlong directIn, jbyteArray jIn, jint jInOfs, jint jInLen) + (JNIEnv *env, jobject obj, jlong jSessionHandle, jlong directIn, jbyteArray jIn, + jint jInOfs, jint jInLen) { CK_SESSION_HANDLE ckSessionHandle; CK_RV rv; @@ -256,7 +252,8 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DigestKey * CK_ULONG_PTR pulDigestLen */ JNIEXPORT jint JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DigestFinal - (JNIEnv *env, jobject obj, jlong jSessionHandle, jbyteArray jDigest, jint jDigestOfs, jint jDigestLen) + (JNIEnv *env, jobject obj, jlong jSessionHandle, jbyteArray jDigest, + jint jDigestOfs, jint jDigestLen) { CK_SESSION_HANDLE ckSessionHandle; CK_RV rv; diff --git a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_general.c b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_general.c index ea7fd1704eb..ad4857d8d59 100644 --- a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_general.c +++ b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_general.c @@ -67,6 +67,7 @@ jobject ckMechanismInfoPtrToJMechanismInfo(JNIEnv *env, const CK_MECHANISM_INFO_ jfieldID pNativeDataID; jfieldID mech_mechanismID; jfieldID mech_pParameterID; +jfieldID mech_pHandleID; jclass jByteArrayClass; jclass jLongClass; @@ -84,6 +85,23 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(JavaVM *vm, void *reserved) { /* The native implementation of the methods of the PKCS11Implementation class */ /* ************************************************************************** */ +/* + * This method is used to do free the memory allocated for CK_MECHANISM structure. + * + * Class: sun_security_pkcs11_wrapper_PKCS11 + * Method: freeMechanism + * Signature: (J)J + */ +JNIEXPORT jlong JNICALL +Java_sun_security_pkcs11_wrapper_PKCS11_freeMechanism +(JNIEnv *env, jclass thisClass, jlong ckpMechanism) { + if (ckpMechanism != 0L) { + freeCKMechanismPtr((CK_MECHANISM_PTR) ckpMechanism); + TRACE1("DEBUG PKCS11_freeMechanism: free pMech = %x\n", (jlong)ckpMechanism); + } + return 0L; +} + /* * This method is used to do static initialization. This method is static and * synchronized. Summary: use this method like a static initialization block. @@ -115,11 +133,11 @@ jclass fetchClass(JNIEnv *env, const char *name) { void prefetchFields(JNIEnv *env, jclass thisClass) { jclass tmpClass; - /* PKCS11 */ + /* PKCS11 - pNativeData */ pNativeDataID = (*env)->GetFieldID(env, thisClass, "pNativeData", "J"); if (pNativeDataID == NULL) { return; } - /* CK_MECHANISM */ + /* CK_MECHANISM - mechanism, pParameter, pHandle */ tmpClass = (*env)->FindClass(env, CLASS_MECHANISM); if (tmpClass == NULL) { return; } mech_mechanismID = (*env)->GetFieldID(env, tmpClass, "mechanism", "J"); @@ -127,6 +145,10 @@ void prefetchFields(JNIEnv *env, jclass thisClass) { mech_pParameterID = (*env)->GetFieldID(env, tmpClass, "pParameter", "Ljava/lang/Object;"); if (mech_pParameterID == NULL) { return; } + mech_pHandleID = (*env)->GetFieldID(env, tmpClass, "pHandle", "J"); + if (mech_pHandleID == NULL) { return; } + + /* java classes for primitive types - byte[], long */ jByteArrayClass = fetchClass(env, "[B"); if (jByteArrayClass == NULL) { return; } jLongClass = fetchClass(env, "java/lang/Long"); diff --git a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_keymgmt.c b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_keymgmt.c index 5a4fa0022e0..89fd033c29d 100644 --- a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_keymgmt.c +++ b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_keymgmt.c @@ -155,7 +155,7 @@ Java_sun_security_pkcs11_wrapper_PKCS11_getNativeKeyInfo jbyte* nativeKeyInfoArrayRawCkAttributes = NULL; jbyte* nativeKeyInfoArrayRawCkAttributesPtr = NULL; jbyte* nativeKeyInfoArrayRawDataPtr = NULL; - CK_MECHANISM ckMechanism; + CK_MECHANISM_PTR ckpMechanism = NULL; char iv[16] = {0x0}; CK_ULONG ckWrappedKeyLength = 0U; jbyte* wrappedKeySizeWrappedKeyArrayPtr = NULL; @@ -310,8 +310,8 @@ Java_sun_security_pkcs11_wrapper_PKCS11_getNativeKeyInfo // Key is sensitive. Need to extract it wrapped. if (jWrappingKeyHandle != 0) { - jMechanismToCKMechanism(env, jWrappingMech, &ckMechanism); - rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, &ckMechanism, + ckpMechanism = jMechanismToCKMechanismPtr(env, jWrappingMech); + rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, ckpMechanism, jLongToCKULong(jWrappingKeyHandle), ckObjectHandle, NULL_PTR, &ckWrappedKeyLength); if (ckWrappedKeyLength != 0) { @@ -339,7 +339,7 @@ Java_sun_security_pkcs11_wrapper_PKCS11_getNativeKeyInfo wrappedKeyBufferPtr = (CK_BYTE_PTR) (wrappedKeySizeWrappedKeyArrayPtr + sizeof(unsigned long)); - rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, &ckMechanism, + rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, ckpMechanism, jLongToCKULong(jWrappingKeyHandle),ckObjectHandle, wrappedKeyBufferPtr, &ckWrappedKeyLength); if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { @@ -382,6 +382,7 @@ cleanup: && returnValue != nativeKeyInfoWrappedKeyArray) { (*env)->DeleteLocalRef(env, nativeKeyInfoWrappedKeyArray); } + freeCKMechanismPtr(ckpMechanism); return returnValue; } @@ -417,7 +418,7 @@ Java_sun_security_pkcs11_wrapper_PKCS11_createNativeKey unsigned long totalDataSize = 0UL; jbyte* wrappedKeySizePtr = NULL; unsigned int i = 0U; - CK_MECHANISM ckMechanism; + CK_MECHANISM_PTR ckpMechanism = NULL; char iv[16] = {0x0}; CK_ULONG ckWrappedKeyLength = 0UL; CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); @@ -468,8 +469,8 @@ Java_sun_security_pkcs11_wrapper_PKCS11_createNativeKey jLongToCKULong(nativeKeyInfoCkAttributesCount), &ckObjectHandle); } else { // Wrapped key - jMechanismToCKMechanism(env, jWrappingMech, &ckMechanism); - rv = (*ckpFunctions->C_UnwrapKey)(ckSessionHandle, &ckMechanism, + ckpMechanism = jMechanismToCKMechanismPtr(env, jWrappingMech); + rv = (*ckpFunctions->C_UnwrapKey)(ckSessionHandle, ckpMechanism, jLongToCKULong(jWrappingKeyHandle), (CK_BYTE_PTR)(wrappedKeySizePtr + sizeof(unsigned long)), ckWrappedKeyLength, @@ -490,6 +491,7 @@ cleanup: nativeKeyInfoArrayRaw, JNI_ABORT); } + freeCKMechanismPtr(ckpMechanism); return jObjectHandle; } #endif @@ -510,9 +512,9 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GenerateKey (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jobjectArray jTemplate) { CK_SESSION_HANDLE ckSessionHandle; - CK_MECHANISM ckMechanism; + CK_MECHANISM_PTR ckpMechanism = NULL; CK_ATTRIBUTE_PTR ckpAttributes = NULL_PTR; - CK_ULONG ckAttributesLength; + CK_ULONG ckAttributesLength = 0; CK_OBJECT_HANDLE ckKeyHandle = 0; jlong jKeyHandle = 0L; CK_RV rv; @@ -521,24 +523,21 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GenerateKey if (ckpFunctions == NULL) { return 0L; } ckSessionHandle = jLongToCKULong(jSessionHandle); - jMechanismToCKMechanism(env, jMechanism, &ckMechanism); + ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism); if ((*env)->ExceptionCheck(env)) { return 0L ; } jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength); if ((*env)->ExceptionCheck(env)) { - if (ckMechanism.pParameter != NULL_PTR) { - free(ckMechanism.pParameter); - } - return 0L; + goto cleanup; } - rv = (*ckpFunctions->C_GenerateKey)(ckSessionHandle, &ckMechanism, ckpAttributes, ckAttributesLength, &ckKeyHandle); + rv = (*ckpFunctions->C_GenerateKey)(ckSessionHandle, ckpMechanism, ckpAttributes, ckAttributesLength, &ckKeyHandle); if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { jKeyHandle = ckULongToJLong(ckKeyHandle); /* cheack, if we must give a initialization vector back to Java */ - switch (ckMechanism.mechanism) { + switch (ckpMechanism->mechanism) { case CKM_PBE_MD2_DES_CBC: case CKM_PBE_MD5_DES_CBC: case CKM_PBE_MD5_CAST_CBC: @@ -548,14 +547,12 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GenerateKey case CKM_PBE_SHA1_CAST128_CBC: /* case CKM_PBE_SHA1_CAST5_CBC: the same as CKM_PBE_SHA1_CAST128_CBC */ /* we must copy back the initialization vector to the jMechanism object */ - copyBackPBEInitializationVector(env, &ckMechanism, jMechanism); + copyBackPBEInitializationVector(env, ckpMechanism, jMechanism); break; } } - - if (ckMechanism.pParameter != NULL_PTR) { - free(ckMechanism.pParameter); - } +cleanup: + freeCKMechanismPtr(ckpMechanism); freeCKAttributeArray(ckpAttributes, ckAttributesLength); return jKeyHandle ; @@ -582,14 +579,14 @@ JNIEXPORT jlongArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1Generate jobjectArray jPublicKeyTemplate, jobjectArray jPrivateKeyTemplate) { CK_SESSION_HANDLE ckSessionHandle; - CK_MECHANISM ckMechanism; + CK_MECHANISM_PTR ckpMechanism = NULL; CK_ATTRIBUTE_PTR ckpPublicKeyAttributes = NULL_PTR; CK_ATTRIBUTE_PTR ckpPrivateKeyAttributes = NULL_PTR; - CK_ULONG ckPublicKeyAttributesLength; - CK_ULONG ckPrivateKeyAttributesLength; + CK_ULONG ckPublicKeyAttributesLength = 0; + CK_ULONG ckPrivateKeyAttributesLength = 0; CK_OBJECT_HANDLE_PTR ckpPublicKeyHandle; /* pointer to Public Key */ CK_OBJECT_HANDLE_PTR ckpPrivateKeyHandle; /* pointer to Private Key */ - CK_OBJECT_HANDLE_PTR ckpKeyHandles; /* pointer to array with Public and Private Key */ + CK_OBJECT_HANDLE_PTR ckpKeyHandles = NULL; /* pointer to array with Public and Private Key */ jlongArray jKeyHandles = NULL; CK_RV rv; int attempts; @@ -599,37 +596,25 @@ JNIEXPORT jlongArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1Generate if (ckpFunctions == NULL) { return NULL; } ckSessionHandle = jLongToCKULong(jSessionHandle); - jMechanismToCKMechanism(env, jMechanism, &ckMechanism); + ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism); if ((*env)->ExceptionCheck(env)) { return NULL; } ckpKeyHandles = (CK_OBJECT_HANDLE_PTR) malloc(2 * sizeof(CK_OBJECT_HANDLE)); if (ckpKeyHandles == NULL) { - if (ckMechanism.pParameter != NULL_PTR) { - free(ckMechanism.pParameter); - } throwOutOfMemoryError(env, 0); - return NULL; + goto cleanup; } ckpPublicKeyHandle = ckpKeyHandles; /* first element of array is Public Key */ ckpPrivateKeyHandle = (ckpKeyHandles + 1); /* second element of array is Private Key */ jAttributeArrayToCKAttributeArray(env, jPublicKeyTemplate, &ckpPublicKeyAttributes, &ckPublicKeyAttributesLength); if ((*env)->ExceptionCheck(env)) { - if (ckMechanism.pParameter != NULL_PTR) { - free(ckMechanism.pParameter); - } - free(ckpKeyHandles); - return NULL; + goto cleanup; } jAttributeArrayToCKAttributeArray(env, jPrivateKeyTemplate, &ckpPrivateKeyAttributes, &ckPrivateKeyAttributesLength); if ((*env)->ExceptionCheck(env)) { - if (ckMechanism.pParameter != NULL_PTR) { - free(ckMechanism.pParameter); - } - free(ckpKeyHandles); - freeCKAttributeArray(ckpPublicKeyAttributes, ckPublicKeyAttributesLength); - return NULL; + goto cleanup; } /* @@ -650,7 +635,7 @@ JNIEXPORT jlongArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1Generate * Call C_GenerateKeyPair() several times if CKR_FUNCTION_FAILED occurs. */ for (attempts = 0; attempts < MAX_ATTEMPTS; attempts++) { - rv = (*ckpFunctions->C_GenerateKeyPair)(ckSessionHandle, &ckMechanism, + rv = (*ckpFunctions->C_GenerateKeyPair)(ckSessionHandle, ckpMechanism, ckpPublicKeyAttributes, ckPublicKeyAttributesLength, ckpPrivateKeyAttributes, ckPrivateKeyAttributesLength, ckpPublicKeyHandle, ckpPrivateKeyHandle); @@ -666,13 +651,11 @@ JNIEXPORT jlongArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1Generate jKeyHandles = ckULongArrayToJLongArray(env, ckpKeyHandles, 2); } - if(ckMechanism.pParameter != NULL_PTR) { - free(ckMechanism.pParameter); - } +cleanup: + freeCKMechanismPtr(ckpMechanism); free(ckpKeyHandles); freeCKAttributeArray(ckpPublicKeyAttributes, ckPublicKeyAttributesLength); freeCKAttributeArray(ckpPrivateKeyAttributes, ckPrivateKeyAttributesLength); - return jKeyHandles ; } #endif @@ -694,7 +677,7 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1WrapKey (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jWrappingKeyHandle, jlong jKeyHandle) { CK_SESSION_HANDLE ckSessionHandle; - CK_MECHANISM ckMechanism; + CK_MECHANISM_PTR ckpMechanism = NULL; CK_OBJECT_HANDLE ckWrappingKeyHandle; CK_OBJECT_HANDLE ckKeyHandle; jbyteArray jWrappedKey = NULL; @@ -707,33 +690,30 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1WrapKey if (ckpFunctions == NULL) { return NULL; } ckSessionHandle = jLongToCKULong(jSessionHandle); - jMechanismToCKMechanism(env, jMechanism, &ckMechanism); + ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism); if ((*env)->ExceptionCheck(env)) { return NULL; } ckWrappingKeyHandle = jLongToCKULong(jWrappingKeyHandle); ckKeyHandle = jLongToCKULong(jKeyHandle); - rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, &ckMechanism, ckWrappingKeyHandle, ckKeyHandle, ckpWrappedKey, &ckWrappedKeyLength); + rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, ckpMechanism, ckWrappingKeyHandle, ckKeyHandle, ckpWrappedKey, &ckWrappedKeyLength); if (rv == CKR_BUFFER_TOO_SMALL) { ckpWrappedKey = (CK_BYTE_PTR) malloc(ckWrappedKeyLength); if (ckpWrappedKey == NULL) { - if (ckMechanism.pParameter != NULL_PTR) { - free(ckMechanism.pParameter); - } throwOutOfMemoryError(env, 0); - return NULL; + goto cleanup; } - rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, &ckMechanism, ckWrappingKeyHandle, ckKeyHandle, ckpWrappedKey, &ckWrappedKeyLength); + rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, ckpMechanism, ckWrappingKeyHandle, ckKeyHandle, ckpWrappedKey, &ckWrappedKeyLength); } if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { jWrappedKey = ckByteArrayToJByteArray(env, ckpWrappedKey, ckWrappedKeyLength); } +cleanup: if (ckpWrappedKey != BUF) { free(ckpWrappedKey); } - if (ckMechanism.pParameter != NULL_PTR) { - free(ckMechanism.pParameter); - } + freeCKMechanismPtr(ckpMechanism); + return jWrappedKey ; } #endif @@ -758,12 +738,12 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1UnwrapKey jbyteArray jWrappedKey, jobjectArray jTemplate) { CK_SESSION_HANDLE ckSessionHandle; - CK_MECHANISM ckMechanism; + CK_MECHANISM_PTR ckpMechanism = NULL; CK_OBJECT_HANDLE ckUnwrappingKeyHandle; CK_BYTE_PTR ckpWrappedKey = NULL_PTR; CK_ULONG ckWrappedKeyLength; CK_ATTRIBUTE_PTR ckpAttributes = NULL_PTR; - CK_ULONG ckAttributesLength; + CK_ULONG ckAttributesLength = 0; CK_OBJECT_HANDLE ckKeyHandle = 0; jlong jKeyHandle = 0L; CK_RV rv; @@ -772,29 +752,22 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1UnwrapKey if (ckpFunctions == NULL) { return 0L; } ckSessionHandle = jLongToCKULong(jSessionHandle); - jMechanismToCKMechanism(env, jMechanism, &ckMechanism); + ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism); if ((*env)->ExceptionCheck(env)) { return 0L; } ckUnwrappingKeyHandle = jLongToCKULong(jUnwrappingKeyHandle); jByteArrayToCKByteArray(env, jWrappedKey, &ckpWrappedKey, &ckWrappedKeyLength); if ((*env)->ExceptionCheck(env)) { - if (ckMechanism.pParameter != NULL_PTR) { - free(ckMechanism.pParameter); - } - return 0L; + goto cleanup; } jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength); if ((*env)->ExceptionCheck(env)) { - if (ckMechanism.pParameter != NULL_PTR) { - free(ckMechanism.pParameter); - } - free(ckpWrappedKey); - return 0L; + goto cleanup; } - rv = (*ckpFunctions->C_UnwrapKey)(ckSessionHandle, &ckMechanism, ckUnwrappingKeyHandle, + rv = (*ckpFunctions->C_UnwrapKey)(ckSessionHandle, ckpMechanism, ckUnwrappingKeyHandle, ckpWrappedKey, ckWrappedKeyLength, ckpAttributes, ckAttributesLength, &ckKeyHandle); @@ -803,16 +776,14 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1UnwrapKey #if 0 /* cheack, if we must give a initialization vector back to Java */ - if (ckMechanism.mechanism == CKM_KEY_WRAP_SET_OAEP) { + if (ckpMechanism->mechanism == CKM_KEY_WRAP_SET_OAEP) { /* we must copy back the unwrapped key info to the jMechanism object */ - copyBackSetUnwrappedKey(env, &ckMechanism, jMechanism); + copyBackSetUnwrappedKey(env, ckpMechanism, jMechanism); } #endif } - - if (ckMechanism.pParameter != NULL_PTR) { - free(ckMechanism.pParameter); - } +cleanup: + freeCKMechanismPtr(ckpMechanism); freeCKAttributeArray(ckpAttributes, ckAttributesLength); free(ckpWrappedKey); @@ -834,26 +805,27 @@ static void freeMasterKeyDeriveParams(CK_SSL3_RANDOM_DATA *RandomInfo, CK_VERSIO } } -void ssl3FreeMasterKeyDeriveParams(CK_MECHANISM_PTR ckMechanism) { - CK_SSL3_MASTER_KEY_DERIVE_PARAMS *params = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *) ckMechanism->pParameter; +void ssl3FreeMasterKeyDeriveParams(CK_MECHANISM_PTR ckpMechanism) { + CK_SSL3_MASTER_KEY_DERIVE_PARAMS *params = + (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *) ckpMechanism->pParameter; if (params == NULL) { return; } freeMasterKeyDeriveParams(&(params->RandomInfo), params->pVersion); } -void tls12FreeMasterKeyDeriveParams(CK_MECHANISM_PTR ckMechanism) { +void tls12FreeMasterKeyDeriveParams(CK_MECHANISM_PTR ckpMechanism) { CK_TLS12_MASTER_KEY_DERIVE_PARAMS *params = - (CK_TLS12_MASTER_KEY_DERIVE_PARAMS *)ckMechanism->pParameter; + (CK_TLS12_MASTER_KEY_DERIVE_PARAMS *)ckpMechanism->pParameter; if (params == NULL) { return; } freeMasterKeyDeriveParams(&(params->RandomInfo), params->pVersion); } -void freeEcdh1DeriveParams(CK_MECHANISM_PTR ckMechanism) { +void freeEcdh1DeriveParams(CK_MECHANISM_PTR ckpMechanism) { CK_ECDH1_DERIVE_PARAMS *params = - (CK_ECDH1_DERIVE_PARAMS *)ckMechanism->pParameter; + (CK_ECDH1_DERIVE_PARAMS *)ckpMechanism->pParameter; if (params == NULL) { return; } @@ -869,7 +841,7 @@ void freeEcdh1DeriveParams(CK_MECHANISM_PTR ckMechanism) { /* * Copy back the PRF output to Java. */ -void copyBackTLSPrfParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism) +void copyBackTLSPrfParams(JNIEnv *env, CK_MECHANISM_PTR ckpMechanism, jobject jMechanism) { jclass jMechanismClass, jTLSPrfParamsClass; CK_TLS_PRF_PARAMS *ckTLSPrfParams; @@ -890,13 +862,13 @@ void copyBackTLSPrfParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMecha if (fieldID == NULL) { return; } jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID); ckMechanismType = jLongToCKULong(jMechanismType); - if (ckMechanismType != ckMechanism->mechanism) { + if (ckMechanismType != ckpMechanism->mechanism) { /* we do not have maching types, this should not occur */ return; } /* get the native CK_TLS_PRF_PARAMS */ - ckTLSPrfParams = (CK_TLS_PRF_PARAMS *) ckMechanism->pParameter; + ckTLSPrfParams = (CK_TLS_PRF_PARAMS *) ckpMechanism->pParameter; if (ckTLSPrfParams != NULL_PTR) { /* get the Java CK_TLS_PRF_PARAMS object (pParameter) */ fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;"); @@ -950,10 +922,10 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DeriveKey (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jBaseKeyHandle, jobjectArray jTemplate) { CK_SESSION_HANDLE ckSessionHandle; - CK_MECHANISM ckMechanism; + CK_MECHANISM_PTR ckpMechanism = NULL; CK_OBJECT_HANDLE ckBaseKeyHandle; CK_ATTRIBUTE_PTR ckpAttributes = NULL_PTR; - CK_ULONG ckAttributesLength; + CK_ULONG ckAttributesLength = 0; CK_OBJECT_HANDLE ckKeyHandle = 0; jlong jKeyHandle = 0L; CK_RV rv; @@ -963,19 +935,16 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DeriveKey if (ckpFunctions == NULL) { return 0L; } ckSessionHandle = jLongToCKULong(jSessionHandle); - jMechanismToCKMechanism(env, jMechanism, &ckMechanism); + ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism); if ((*env)->ExceptionCheck(env)) { return 0L; } ckBaseKeyHandle = jLongToCKULong(jBaseKeyHandle); jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength); if ((*env)->ExceptionCheck(env)) { - if (ckMechanism.pParameter != NULL_PTR) { - free(ckMechanism.pParameter); - } - return 0L; + goto cleanup; } - switch (ckMechanism.mechanism) { + switch (ckpMechanism->mechanism) { case CKM_SSL3_KEY_AND_MAC_DERIVE: case CKM_TLS_KEY_AND_MAC_DERIVE: case CKM_TLS12_KEY_AND_MAC_DERIVE: @@ -989,60 +958,60 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DeriveKey break; } - rv = (*ckpFunctions->C_DeriveKey)(ckSessionHandle, &ckMechanism, ckBaseKeyHandle, + rv = (*ckpFunctions->C_DeriveKey)(ckSessionHandle, ckpMechanism, ckBaseKeyHandle, ckpAttributes, ckAttributesLength, phKey); jKeyHandle = ckLongToJLong(ckKeyHandle); - freeCKAttributeArray(ckpAttributes, ckAttributesLength); - - switch (ckMechanism.mechanism) { + switch (ckpMechanism->mechanism) { case CKM_SSL3_MASTER_KEY_DERIVE: case CKM_TLS_MASTER_KEY_DERIVE: /* we must copy back the client version */ - ssl3CopyBackClientVersion(env, &ckMechanism, jMechanism); - ssl3FreeMasterKeyDeriveParams(&ckMechanism); + ssl3CopyBackClientVersion(env, ckpMechanism, jMechanism); + ssl3FreeMasterKeyDeriveParams(ckpMechanism); break; case CKM_TLS12_MASTER_KEY_DERIVE: - tls12CopyBackClientVersion(env, &ckMechanism, jMechanism); - tls12FreeMasterKeyDeriveParams(&ckMechanism); + tls12CopyBackClientVersion(env, ckpMechanism, jMechanism); + tls12FreeMasterKeyDeriveParams(ckpMechanism); break; case CKM_SSL3_MASTER_KEY_DERIVE_DH: case CKM_TLS_MASTER_KEY_DERIVE_DH: - ssl3FreeMasterKeyDeriveParams(&ckMechanism); + ssl3FreeMasterKeyDeriveParams(ckpMechanism); break; case CKM_TLS12_MASTER_KEY_DERIVE_DH: - tls12FreeMasterKeyDeriveParams(&ckMechanism); + tls12FreeMasterKeyDeriveParams(ckpMechanism); break; case CKM_SSL3_KEY_AND_MAC_DERIVE: case CKM_TLS_KEY_AND_MAC_DERIVE: /* we must copy back the unwrapped key info to the jMechanism object */ - ssl3CopyBackKeyMatParams(env, &ckMechanism, jMechanism); + ssl3CopyBackKeyMatParams(env, ckpMechanism, jMechanism); break; case CKM_TLS12_KEY_AND_MAC_DERIVE: /* we must copy back the unwrapped key info to the jMechanism object */ - tls12CopyBackKeyMatParams(env, &ckMechanism, jMechanism); + tls12CopyBackKeyMatParams(env, ckpMechanism, jMechanism); break; case CKM_TLS_PRF: - copyBackTLSPrfParams(env, &ckMechanism, jMechanism); + copyBackTLSPrfParams(env, ckpMechanism, jMechanism); break; case CKM_ECDH1_DERIVE: - freeEcdh1DeriveParams(&ckMechanism); + freeEcdh1DeriveParams(ckpMechanism); break; default: // empty break; } - - if (ckMechanism.pParameter != NULL_PTR) { - free(ckMechanism.pParameter); + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { + jKeyHandle =0L; } - if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return 0L ; } + +cleanup: + freeCKMechanismPtr(ckpMechanism); + freeCKAttributeArray(ckpAttributes, ckAttributesLength); return jKeyHandle ; } -static void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism, +static void copyBackClientVersion(JNIEnv *env, CK_MECHANISM_PTR ckpMechanism, jobject jMechanism, CK_VERSION *ckVersion, const char *class_master_key_derive_params) { jclass jMasterKeyDeriveParamsClass, jMechanismClass, jVersionClass; @@ -1059,7 +1028,7 @@ static void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobjec if (fieldID == NULL) { return; } jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID); ckMechanismType = jLongToCKULong(jMechanismType); - if (ckMechanismType != ckMechanism->mechanism) { + if (ckMechanismType != ckpMechanism->mechanism) { /* we do not have maching types, this should not occur */ return; } @@ -1102,14 +1071,14 @@ static void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobjec * mechanisms when used for deriving a key. * */ -void ssl3CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, +void ssl3CopyBackClientVersion(JNIEnv *env, CK_MECHANISM_PTR ckpMechanism, jobject jMechanism) { CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ckSSL3MasterKeyDeriveParams; ckSSL3MasterKeyDeriveParams = - (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *)ckMechanism->pParameter; + (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *)ckpMechanism->pParameter; if (ckSSL3MasterKeyDeriveParams != NULL_PTR) { - copyBackClientVersion(env, ckMechanism, jMechanism, + copyBackClientVersion(env, ckpMechanism, jMechanism, ckSSL3MasterKeyDeriveParams->pVersion, CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS); } @@ -1121,20 +1090,20 @@ void ssl3CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, * CKM_TLS12_MASTER_KEY_DERIVE mechanism when used for deriving a key. * */ -void tls12CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, +void tls12CopyBackClientVersion(JNIEnv *env, CK_MECHANISM_PTR ckpMechanism, jobject jMechanism) { CK_TLS12_MASTER_KEY_DERIVE_PARAMS *ckTLS12MasterKeyDeriveParams; ckTLS12MasterKeyDeriveParams = - (CK_TLS12_MASTER_KEY_DERIVE_PARAMS *)ckMechanism->pParameter; + (CK_TLS12_MASTER_KEY_DERIVE_PARAMS *)ckpMechanism->pParameter; if (ckTLS12MasterKeyDeriveParams != NULL_PTR) { - copyBackClientVersion(env, ckMechanism, jMechanism, + copyBackClientVersion(env, ckpMechanism, jMechanism, ckTLS12MasterKeyDeriveParams->pVersion, CLASS_TLS12_MASTER_KEY_DERIVE_PARAMS); } } -static void copyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, +static void copyBackKeyMatParams(JNIEnv *env, CK_MECHANISM_PTR ckpMechanism, jobject jMechanism, CK_SSL3_RANDOM_DATA *RandomInfo, CK_SSL3_KEY_MAT_OUT_PTR ckSSL3KeyMatOut, const char *class_key_mat_params) { @@ -1157,7 +1126,7 @@ static void copyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, if (fieldID == NULL) { return; } jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID); ckMechanismType = jLongToCKULong(jMechanismType); - if (ckMechanismType != ckMechanism->mechanism) { + if (ckMechanismType != ckpMechanism->mechanism) { /* we do not have maching types, this should not occur */ return; } @@ -1264,13 +1233,13 @@ static void copyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, * when used for deriving a key. * */ -void ssl3CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, +void ssl3CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM_PTR ckpMechanism, jobject jMechanism) { CK_SSL3_KEY_MAT_PARAMS *ckSSL3KeyMatParam; - ckSSL3KeyMatParam = (CK_SSL3_KEY_MAT_PARAMS *)ckMechanism->pParameter; + ckSSL3KeyMatParam = (CK_SSL3_KEY_MAT_PARAMS *)ckpMechanism->pParameter; if (ckSSL3KeyMatParam != NULL_PTR) { - copyBackKeyMatParams(env, ckMechanism, jMechanism, + copyBackKeyMatParams(env, ckpMechanism, jMechanism, &(ckSSL3KeyMatParam->RandomInfo), ckSSL3KeyMatParam->pReturnedKeyMaterial, CLASS_SSL3_KEY_MAT_PARAMS); @@ -1283,13 +1252,13 @@ void ssl3CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, * CKM_TLS12_KEY_AND_MAC_DERIVE mechanism when used for deriving a key. * */ -void tls12CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, +void tls12CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM_PTR ckpMechanism, jobject jMechanism) { CK_TLS12_KEY_MAT_PARAMS *ckTLS12KeyMatParam; - ckTLS12KeyMatParam = (CK_TLS12_KEY_MAT_PARAMS *) ckMechanism->pParameter; + ckTLS12KeyMatParam = (CK_TLS12_KEY_MAT_PARAMS *)ckpMechanism->pParameter; if (ckTLS12KeyMatParam != NULL_PTR) { - copyBackKeyMatParams(env, ckMechanism, jMechanism, + copyBackKeyMatParams(env, ckpMechanism, jMechanism, &(ckTLS12KeyMatParam->RandomInfo), ckTLS12KeyMatParam->pReturnedKeyMaterial, CLASS_TLS12_KEY_MAT_PARAMS); diff --git a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_mutex.c b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_mutex.c index 452b4f5d041..8c1f1fa4afd 100644 --- a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_mutex.c +++ b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_mutex.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -181,7 +181,7 @@ CK_C_INITIALIZE_ARGS_PTR makeCKInitArgsAdapter(JNIEnv *env, jobject jInitArgs) jReserved = (*env)->GetObjectField(env, jInitArgs, fieldID); /* we try to convert the reserved parameter also */ - jObjectToPrimitiveCKObjectPtrPtr(env, jReserved, &(ckpInitArgs->pReserved), &ckReservedLength); + ckpInitArgs->pReserved = jObjectToPrimitiveCKObjectPtr(env, jReserved, &ckReservedLength); return ckpInitArgs ; } diff --git a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_sign.c b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_sign.c index 8fbcde06d44..83bf3936dc8 100644 --- a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_sign.c +++ b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_sign.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -63,31 +63,38 @@ * Parametermapping: *PKCS11* * @param jlong jSessionHandle CK_SESSION_HANDLE hSession * @param jobject jMechanism CK_MECHANISM_PTR pMechanism - * @return jlong jKeyHandle CK_OBJECT_HANDLE hKey + * @param jlong jKeyHandle CK_OBJECT_HANDLE hKey */ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignInit (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jKeyHandle) { CK_SESSION_HANDLE ckSessionHandle; - CK_MECHANISM ckMechanism; + CK_MECHANISM_PTR ckpMechanism = NULL; CK_OBJECT_HANDLE ckKeyHandle; CK_RV rv; CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); if (ckpFunctions == NULL) { return; } + TRACE0("DEBUG: C_SignInit\n"); + ckSessionHandle = jLongToCKULong(jSessionHandle); - jMechanismToCKMechanism(env, jMechanism, &ckMechanism); + + ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism); if ((*env)->ExceptionCheck(env)) { return; } + ckKeyHandle = jLongToCKULong(jKeyHandle); - rv = (*ckpFunctions->C_SignInit)(ckSessionHandle, &ckMechanism, ckKeyHandle); + rv = (*ckpFunctions->C_SignInit)(ckSessionHandle, ckpMechanism, ckKeyHandle); - if (ckMechanism.pParameter != NULL_PTR) { - free(ckMechanism.pParameter); + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK || + (ckpMechanism->pParameter == NULL)) { + freeCKMechanismPtr(ckpMechanism); + } else { + (*env)->SetLongField(env, jMechanism, mech_pHandleID, (jlong)ckpMechanism); + TRACE1("DEBUG C_SignInit: stored pMech = 0x%lX\n", (jlong)ckpMechanism); } - - if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } + TRACE0("FINISHED\n"); } #endif @@ -95,7 +102,7 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignInit /* * Class: sun_security_pkcs11_wrapper_PKCS11 * Method: C_Sign - * Signature: (J[B)[B + * Signature: (J[BI)[B * Parametermapping: *PKCS11* * @param jlong jSessionHandle CK_SESSION_HANDLE hSession * @param jbyteArray jData CK_BYTE_PTR pData @@ -108,69 +115,45 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1Sign { CK_SESSION_HANDLE ckSessionHandle; CK_BYTE_PTR ckpData = NULL_PTR; - CK_BYTE_PTR ckpSignature; CK_ULONG ckDataLength; - CK_ULONG ckSignatureLength = 0; + CK_BYTE_PTR bufP; + CK_ULONG ckSignatureLength; + CK_BYTE BUF[MAX_STACK_BUFFER_LEN]; jbyteArray jSignature = NULL; CK_RV rv; CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); if (ckpFunctions == NULL) { return NULL; } + TRACE0("DEBUG: C_Sign\n"); + ckSessionHandle = jLongToCKULong(jSessionHandle); jByteArrayToCKByteArray(env, jData, &ckpData, &ckDataLength); - if ((*env)->ExceptionCheck(env)) { return NULL; } - - /* START standard code */ - - /* first determine the length of the signature */ - rv = (*ckpFunctions->C_Sign)(ckSessionHandle, ckpData, ckDataLength, NULL_PTR, &ckSignatureLength); - if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { - free(ckpData); + if ((*env)->ExceptionCheck(env)) { return NULL; } - ckpSignature = (CK_BYTE_PTR) malloc(ckSignatureLength * sizeof(CK_BYTE)); - if (ckpSignature == NULL) { - free(ckpData); - throwOutOfMemoryError(env, 0); - return NULL; - } + TRACE1("DEBUG C_Sign: data length = %lu\n", ckDataLength); - /* now get the signature */ - rv = (*ckpFunctions->C_Sign)(ckSessionHandle, ckpData, ckDataLength, ckpSignature, &ckSignatureLength); - /* END standard code */ + // unknown signature length + bufP = BUF; + ckSignatureLength = MAX_STACK_BUFFER_LEN; + rv = (*ckpFunctions->C_Sign)(ckSessionHandle, ckpData, ckDataLength, + bufP, &ckSignatureLength); - /* START workaround code for operation abort bug in pkcs#11 of Datakey and iButton */ -/* - ckpSignature = (CK_BYTE_PTR) malloc(256 * sizeof(CK_BYTE)); - if (ckpSignature == NULL) { - free(ckpData); - throwOutOfMemoryError(env, 0); - return NULL; - } - rv = (*ckpFunctions->C_Sign)(ckSessionHandle, ckpData, ckDataLength, ckpSignature, &ckSignatureLength); + TRACE1("DEBUG C_Sign: ret rv=0x%lX\n", rv); - if (rv == CKR_BUFFER_TOO_SMALL) { - free(ckpSignature); - ckpSignature = (CK_BYTE_PTR) malloc(ckSignatureLength * sizeof(CK_BYTE)); - if (ckpSignature == NULL) { - free(ckpData); - throwOutOfMemoryError(env, 0); - return NULL; - } - rv = (*ckpFunctions->C_Sign)(ckSessionHandle, ckpData, ckDataLength, ckpSignature, &ckSignatureLength); - } - */ - /* END workaround code */ if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { - jSignature = ckByteArrayToJByteArray(env, ckpSignature, ckSignatureLength); + jSignature = ckByteArrayToJByteArray(env, bufP, ckSignatureLength); + TRACE1("DEBUG C_Sign: signature length = %lu\n", ckSignatureLength); } - free(ckpData); - free(ckpSignature); - return jSignature ; + free(ckpData); + if (bufP != BUF) { free(bufP); } + + TRACE0("FINISHED\n"); + return jSignature; } #endif @@ -220,21 +203,20 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignUpdate jsize chunkLen = min(bufLen, jInLen); (*env)->GetByteArrayRegion(env, jIn, jInOfs, chunkLen, (jbyte *)bufP); if ((*env)->ExceptionCheck(env)) { - if (bufP != BUF) { free(bufP); } - return; + goto cleanup; } rv = (*ckpFunctions->C_SignUpdate)(ckSessionHandle, bufP, chunkLen); if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { - if (bufP != BUF) { - free(bufP); - } - return; + goto cleanup; } jInOfs += chunkLen; jInLen -= chunkLen; } +cleanup: if (bufP != BUF) { free(bufP); } + + return; } #endif @@ -294,32 +276,37 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignFina * Parametermapping: *PKCS11* * @param jlong jSessionHandle CK_SESSION_HANDLE hSession * @param jobject jMechanism CK_MECHANISM_PTR pMechanism - * @return jlong jKeyHandle CK_OBJECT_HANDLE hKey + * @param jlong jKeyHandle CK_OBJECT_HANDLE hKey */ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignRecoverInit (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jKeyHandle) { CK_SESSION_HANDLE ckSessionHandle; - CK_MECHANISM ckMechanism; + CK_MECHANISM_PTR ckpMechanism = NULL; CK_OBJECT_HANDLE ckKeyHandle; CK_RV rv; CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); if (ckpFunctions == NULL) { return; } + TRACE0("DEBUG: C_SignRecoverInit\n"); + ckSessionHandle = jLongToCKULong(jSessionHandle); - jMechanismToCKMechanism(env, jMechanism, &ckMechanism); + ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism); if ((*env)->ExceptionCheck(env)) { return; } ckKeyHandle = jLongToCKULong(jKeyHandle); - rv = (*ckpFunctions->C_SignRecoverInit)(ckSessionHandle, &ckMechanism, ckKeyHandle); + rv = (*ckpFunctions->C_SignRecoverInit)(ckSessionHandle, ckpMechanism, ckKeyHandle); - if (ckMechanism.pParameter != NULL_PTR) { - free(ckMechanism.pParameter); + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK || + (ckpMechanism->pParameter == NULL)) { + freeCKMechanismPtr(ckpMechanism); + } else { + (*env)->SetLongField(env, jMechanism, mech_pHandleID, (jlong)ckpMechanism); + TRACE1("DEBUG C_SignRecoverInit, stored pMech = 0x%lX\n", (jlong)ckpMechanism); } - - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } + TRACE0("FINISHED\n"); } #endif @@ -344,7 +331,7 @@ JNIEXPORT jint JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignRecover CK_BYTE OUTBUF[MAX_STACK_BUFFER_LEN]; CK_BYTE_PTR inBufP; CK_BYTE_PTR outBufP = OUTBUF; - CK_ULONG ckSignatureLength = MAX_STACK_BUFFER_LEN; + CK_ULONG ckSignatureLength = 0; CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); if (ckpFunctions == NULL) { return 0; } @@ -353,36 +340,35 @@ JNIEXPORT jint JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignRecover if (jInLen <= MAX_STACK_BUFFER_LEN) { inBufP = INBUF; + ckSignatureLength = MAX_STACK_BUFFER_LEN; } else { inBufP = (CK_BYTE_PTR) malloc((size_t)jInLen); if (inBufP == NULL) { throwOutOfMemoryError(env, 0); return 0; } + ckSignatureLength = jInLen; } (*env)->GetByteArrayRegion(env, jIn, jInOfs, jInLen, (jbyte *)inBufP); if ((*env)->ExceptionCheck(env)) { - if (inBufP != INBUF) { free(inBufP); } - return 0; + goto cleanup; } + rv = (*ckpFunctions->C_SignRecover)(ckSessionHandle, inBufP, jInLen, outBufP, &ckSignatureLength); /* re-alloc larger buffer if it fits into our Java buffer */ if ((rv == CKR_BUFFER_TOO_SMALL) && (ckSignatureLength <= jIntToCKULong(jOutLen))) { outBufP = (CK_BYTE_PTR) malloc(ckSignatureLength); if (outBufP == NULL) { - if (inBufP != INBUF) { - free(inBufP); - } throwOutOfMemoryError(env, 0); - return 0; + goto cleanup; } rv = (*ckpFunctions->C_SignRecover)(ckSessionHandle, inBufP, jInLen, outBufP, &ckSignatureLength); } if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { (*env)->SetByteArrayRegion(env, jOut, jOutOfs, ckSignatureLength, (jbyte *)outBufP); } - +cleanup: if (inBufP != INBUF) { free(inBufP); } if (outBufP != OUTBUF) { free(outBufP); } @@ -398,32 +384,39 @@ JNIEXPORT jint JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignRecover * Parametermapping: *PKCS11* * @param jlong jSessionHandle CK_SESSION_HANDLE hSession * @param jobject jMechanism CK_MECHANISM_PTR pMechanism - * @return jlong jKeyHandle CK_OBJECT_HANDLE hKey + * @param jlong jKeyHandle CK_OBJECT_HANDLE hKey */ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1VerifyInit (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jKeyHandle) { CK_SESSION_HANDLE ckSessionHandle; - CK_MECHANISM ckMechanism; + CK_MECHANISM_PTR ckpMechanism = NULL; CK_OBJECT_HANDLE ckKeyHandle; CK_RV rv; CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); if (ckpFunctions == NULL) { return; } + TRACE0("DEBUG: C_VerifyInit\n"); + ckSessionHandle = jLongToCKULong(jSessionHandle); - jMechanismToCKMechanism(env, jMechanism, &ckMechanism); - if ((*env)->ExceptionCheck(env)) { return; } + ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism); + if ((*env)->ExceptionCheck(env)) { + return; + } ckKeyHandle = jLongToCKULong(jKeyHandle); - rv = (*ckpFunctions->C_VerifyInit)(ckSessionHandle, &ckMechanism, ckKeyHandle); + rv = (*ckpFunctions->C_VerifyInit)(ckSessionHandle, ckpMechanism, ckKeyHandle); - if(ckMechanism.pParameter != NULL_PTR) { - free(ckMechanism.pParameter); + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK || + (ckpMechanism->pParameter == NULL)) { + freeCKMechanismPtr(ckpMechanism); + } else { + (*env)->SetLongField(env, jMechanism, mech_pHandleID, (jlong)ckpMechanism); + TRACE1("DEBUG C_VerifyInit: stored pMech = 0x%lX\n", (jlong)ckpMechanism); } - - if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } + TRACE0("FINISHED\n"); } #endif @@ -447,28 +440,31 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1Verify CK_BYTE_PTR ckpSignature = NULL_PTR; CK_ULONG ckDataLength; CK_ULONG ckSignatureLength; - CK_RV rv; + CK_RV rv = 0; CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); if (ckpFunctions == NULL) { return; } ckSessionHandle = jLongToCKULong(jSessionHandle); + jByteArrayToCKByteArray(env, jData, &ckpData, &ckDataLength); - if ((*env)->ExceptionCheck(env)) { return; } + if ((*env)->ExceptionCheck(env)) { + return; + } jByteArrayToCKByteArray(env, jSignature, &ckpSignature, &ckSignatureLength); if ((*env)->ExceptionCheck(env)) { - free(ckpData); - return; + goto cleanup; } /* verify the signature */ rv = (*ckpFunctions->C_Verify)(ckSessionHandle, ckpData, ckDataLength, ckpSignature, ckSignatureLength); +cleanup: free(ckpData); free(ckpSignature); - if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } + ckAssertReturnValueOK(env, rv); } #endif @@ -510,7 +506,7 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1VerifyUpdate bufP = (CK_BYTE_PTR) malloc((size_t)bufLen); if (bufP == NULL) { throwOutOfMemoryError(env, 0); - return; + goto cleanup; } } @@ -518,19 +514,18 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1VerifyUpdate jsize chunkLen = min(bufLen, jInLen); (*env)->GetByteArrayRegion(env, jIn, jInOfs, chunkLen, (jbyte *)bufP); if ((*env)->ExceptionCheck(env)) { - if (bufP != BUF) { free(bufP); } - return; + goto cleanup; } rv = (*ckpFunctions->C_VerifyUpdate)(ckSessionHandle, bufP, chunkLen); if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { - if (bufP != BUF) { free(bufP); } - return; + goto cleanup; } jInOfs += chunkLen; jInLen -= chunkLen; } +cleanup: if (bufP != BUF) { free(bufP); } } #endif @@ -558,14 +553,16 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1VerifyFinal ckSessionHandle = jLongToCKULong(jSessionHandle); jByteArrayToCKByteArray(env, jSignature, &ckpSignature, &ckSignatureLength); - if ((*env)->ExceptionCheck(env)) { return; } + if ((*env)->ExceptionCheck(env)) { + return; + } /* verify the signature */ rv = (*ckpFunctions->C_VerifyFinal)(ckSessionHandle, ckpSignature, ckSignatureLength); free(ckpSignature); - if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } + ckAssertReturnValueOK(env, rv); } #endif @@ -583,26 +580,31 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1VerifyRecoverI (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jKeyHandle) { CK_SESSION_HANDLE ckSessionHandle; - CK_MECHANISM ckMechanism; + CK_MECHANISM_PTR ckpMechanism = NULL; CK_OBJECT_HANDLE ckKeyHandle; CK_RV rv; CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); if (ckpFunctions == NULL) { return; } + TRACE0("DEBUG: C_VerifyRecoverInit\n"); + ckSessionHandle = jLongToCKULong(jSessionHandle); - jMechanismToCKMechanism(env, jMechanism, &ckMechanism); + ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism); if ((*env)->ExceptionCheck(env)) { return; } ckKeyHandle = jLongToCKULong(jKeyHandle); - rv = (*ckpFunctions->C_VerifyRecoverInit)(ckSessionHandle, &ckMechanism, ckKeyHandle); + rv = (*ckpFunctions->C_VerifyRecoverInit)(ckSessionHandle, ckpMechanism, ckKeyHandle); - if (ckMechanism.pParameter != NULL_PTR) { - free(ckMechanism.pParameter); + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK || + (ckpMechanism->pParameter == NULL)) { + freeCKMechanismPtr(ckpMechanism); + } else { + (*env)->SetLongField(env, jMechanism, mech_pHandleID, (jlong)ckpMechanism); + TRACE1("DEBUG C_VerifyRecoverInit: stored pMech = 0x%lX\n", (jlong)ckpMechanism); } - - if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } + TRACE0("FINISHED\n"); } #endif @@ -627,7 +629,7 @@ JNIEXPORT jint JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1VerifyRecover CK_BYTE OUTBUF[MAX_STACK_BUFFER_LEN]; CK_BYTE_PTR inBufP; CK_BYTE_PTR outBufP = OUTBUF; - CK_ULONG ckDataLength = MAX_STACK_BUFFER_LEN; + CK_ULONG ckDataLength = 0; CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); if (ckpFunctions == NULL) { return 0; } @@ -636,18 +638,19 @@ JNIEXPORT jint JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1VerifyRecover if (jInLen <= MAX_STACK_BUFFER_LEN) { inBufP = INBUF; + ckDataLength = MAX_STACK_BUFFER_LEN; } else { inBufP = (CK_BYTE_PTR) malloc((size_t)jInLen); if (inBufP == NULL) { throwOutOfMemoryError(env, 0); return 0; } + ckDataLength = jInLen; } (*env)->GetByteArrayRegion(env, jIn, jInOfs, jInLen, (jbyte *)inBufP); if ((*env)->ExceptionCheck(env)) { - if (inBufP != INBUF) { free(inBufP); } - return 0; + goto cleanup; } rv = (*ckpFunctions->C_VerifyRecover)(ckSessionHandle, inBufP, jInLen, outBufP, &ckDataLength); @@ -656,9 +659,8 @@ JNIEXPORT jint JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1VerifyRecover if ((rv == CKR_BUFFER_TOO_SMALL) && (ckDataLength <= jIntToCKULong(jOutLen))) { outBufP = (CK_BYTE_PTR) malloc(ckDataLength); if (outBufP == NULL) { - if (inBufP != INBUF) { free(inBufP); } throwOutOfMemoryError(env, 0); - return 0; + goto cleanup; } rv = (*ckpFunctions->C_VerifyRecover)(ckSessionHandle, inBufP, jInLen, outBufP, &ckDataLength); } @@ -666,6 +668,7 @@ JNIEXPORT jint JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1VerifyRecover (*env)->SetByteArrayRegion(env, jOut, jOutOfs, ckDataLength, (jbyte *)outBufP); } +cleanup: if (inBufP != INBUF) { free(inBufP); } if (outBufP != OUTBUF) { free(outBufP); } diff --git a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c index 87d34543731..683f2fce2ca 100644 --- a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c +++ b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -277,16 +277,32 @@ void throwDisconnectedRuntimeException(JNIEnv *env) * @param attrPtr pointer to the to-be-freed CK_ATTRIBUTE array. * @param len the length of the array */ -void freeCKAttributeArray(CK_ATTRIBUTE_PTR attrPtr, int len) -{ - int i; - - for (i=0; ipParameter); + free(mechPtr); + } } /* @@ -964,165 +980,164 @@ CK_CHAR_PTR jCharObjectToCKCharPtr(JNIEnv *env, jobject jObject) /* * converts a Java object into a pointer to CK-type or a CK-structure with the length in Bytes. - * The memory of *ckpObjectPtr to be freed after use! This function is only used by - * jAttributeToCKAttribute by now. + * The memory of the returned pointer MUST BE FREED BY CALLER! * * @param env - used to call JNI funktions to get the Java classes and objects * @param jObject - the Java object to convert - * @param ckpObjectPtr - the reference of the new pointer to the new CK-value or CK-structure - * @param ckpLength - the reference of the length in bytes of the new CK-value or CK-structure + * @param ckpLength - pointer to the length (bytes) of the newly-allocated CK-value or CK-structure + * @return ckpObject - pointer to the newly-allocated CK-value or CK-structure */ -void jObjectToPrimitiveCKObjectPtrPtr(JNIEnv *env, jobject jObject, CK_VOID_PTR *ckpObjectPtr, CK_ULONG *ckpLength) +CK_VOID_PTR jObjectToPrimitiveCKObjectPtr(JNIEnv *env, jobject jObject, CK_ULONG *ckpLength) { jclass jLongClass, jBooleanClass, jByteArrayClass, jCharArrayClass; jclass jByteClass, jDateClass, jCharacterClass, jIntegerClass; jclass jBooleanArrayClass, jIntArrayClass, jLongArrayClass; jclass jStringClass; jclass jObjectClass, jClassClass; - CK_VOID_PTR ckpVoid = *ckpObjectPtr; + CK_VOID_PTR ckpObject; jmethodID jMethod; jobject jClassObject; jstring jClassNameString; char *classNameString, *exceptionMsgPrefix, *exceptionMsg; - TRACE0("\nDEBUG: jObjectToPrimitiveCKObjectPtrPtr"); + TRACE0("\nDEBUG: jObjectToPrimitiveCKObjectPtr"); if (jObject == NULL) { - *ckpObjectPtr = NULL; *ckpLength = 0; - return; + return NULL; } jLongClass = (*env)->FindClass(env, "java/lang/Long"); - if (jLongClass == NULL) { return; } + if (jLongClass == NULL) { return NULL; } if ((*env)->IsInstanceOf(env, jObject, jLongClass)) { - *ckpObjectPtr = jLongObjectToCKULongPtr(env, jObject); + ckpObject = jLongObjectToCKULongPtr(env, jObject); *ckpLength = sizeof(CK_ULONG); - TRACE1("", *((CK_ULONG *) *ckpObjectPtr)); - return; + TRACE1("", *((CK_ULONG *) ckpObject)); + return ckpObject; } jBooleanClass = (*env)->FindClass(env, "java/lang/Boolean"); - if (jBooleanClass == NULL) { return; } + if (jBooleanClass == NULL) { return NULL; } if ((*env)->IsInstanceOf(env, jObject, jBooleanClass)) { - *ckpObjectPtr = jBooleanObjectToCKBBoolPtr(env, jObject); + ckpObject = jBooleanObjectToCKBBoolPtr(env, jObject); *ckpLength = sizeof(CK_BBOOL); TRACE0(" " : "FALSE>"); - return; + TRACE0((*((CK_BBOOL *) ckpObjectPtr) == TRUE) ? "TRUE>" : "FALSE>"); + return ckpObject; } jByteArrayClass = (*env)->FindClass(env, "[B"); - if (jByteArrayClass == NULL) { return; } + if (jByteArrayClass == NULL) { return NULL; } if ((*env)->IsInstanceOf(env, jObject, jByteArrayClass)) { - jByteArrayToCKByteArray(env, jObject, (CK_BYTE_PTR*)ckpObjectPtr, ckpLength); - return; + jByteArrayToCKByteArray(env, jObject, (CK_BYTE_PTR*) &ckpObject, ckpLength); + return ckpObject; } jCharArrayClass = (*env)->FindClass(env, "[C"); - if (jCharArrayClass == NULL) { return; } + if (jCharArrayClass == NULL) { return NULL; } if ((*env)->IsInstanceOf(env, jObject, jCharArrayClass)) { - jCharArrayToCKUTF8CharArray(env, jObject, (CK_UTF8CHAR_PTR*)ckpObjectPtr, ckpLength); - return; + jCharArrayToCKUTF8CharArray(env, jObject, (CK_UTF8CHAR_PTR*) &ckpObject, ckpLength); + return ckpObject; } jByteClass = (*env)->FindClass(env, "java/lang/Byte"); - if (jByteClass == NULL) { return; } + if (jByteClass == NULL) { return NULL; } if ((*env)->IsInstanceOf(env, jObject, jByteClass)) { - *ckpObjectPtr = jByteObjectToCKBytePtr(env, jObject); + ckpObject = jByteObjectToCKBytePtr(env, jObject); *ckpLength = sizeof(CK_BYTE); - TRACE1("", *((CK_BYTE *) *ckpObjectPtr)); - return; + TRACE1("", *((CK_BYTE *) ckpObject)); + return ckpObject; } jDateClass = (*env)->FindClass(env, CLASS_DATE); - if (jDateClass == NULL) { return; } + if (jDateClass == NULL) { return NULL; } if ((*env)->IsInstanceOf(env, jObject, jDateClass)) { - *ckpObjectPtr = jDateObjectPtrToCKDatePtr(env, jObject); + ckpObject = jDateObjectPtrToCKDatePtr(env, jObject); *ckpLength = sizeof(CK_DATE); - TRACE3("", (*((CK_DATE *) *ckpObjectPtr)).year, (*((CK_DATE *) *ckpObjectPtr)).month, (*((CK_DATE *) *ckpObjectPtr)).day); - return; + TRACE3("", ((CK_DATE *) ckpObject)->year, + ((CK_DATE *) ckpObject)->month, ((CK_DATE *) ckpObject)->day); + return ckpObject; } jCharacterClass = (*env)->FindClass(env, "java/lang/Character"); - if (jCharacterClass == NULL) { return; } + if (jCharacterClass == NULL) { return NULL; } if ((*env)->IsInstanceOf(env, jObject, jCharacterClass)) { - *ckpObjectPtr = jCharObjectToCKCharPtr(env, jObject); + ckpObject = jCharObjectToCKCharPtr(env, jObject); *ckpLength = sizeof(CK_UTF8CHAR); - TRACE1("", *((CK_CHAR *) *ckpObjectPtr)); - return; + TRACE1("", *((CK_CHAR *) ckpObject)); + return ckpObject; } jIntegerClass = (*env)->FindClass(env, "java/lang/Integer"); - if (jIntegerClass == NULL) { return; } + if (jIntegerClass == NULL) { return NULL; } if ((*env)->IsInstanceOf(env, jObject, jIntegerClass)) { - *ckpObjectPtr = jIntegerObjectToCKULongPtr(env, jObject); + ckpObject = jIntegerObjectToCKULongPtr(env, jObject); *ckpLength = sizeof(CK_ULONG); - TRACE1("", *((CK_ULONG *) *ckpObjectPtr)); - return; + TRACE1("", *((CK_ULONG *) ckpObject)); + return ckpObject; } jBooleanArrayClass = (*env)->FindClass(env, "[Z"); - if (jBooleanArrayClass == NULL) { return; } + if (jBooleanArrayClass == NULL) { return NULL; } if ((*env)->IsInstanceOf(env, jObject, jBooleanArrayClass)) { - jBooleanArrayToCKBBoolArray(env, jObject, (CK_BBOOL**)ckpObjectPtr, ckpLength); - return; + jBooleanArrayToCKBBoolArray(env, jObject, (CK_BBOOL**) &ckpObject, ckpLength); + return ckpObject; } jIntArrayClass = (*env)->FindClass(env, "[I"); - if (jIntArrayClass == NULL) { return; } + if (jIntArrayClass == NULL) { return NULL; } if ((*env)->IsInstanceOf(env, jObject, jIntArrayClass)) { - jLongArrayToCKULongArray(env, jObject, (CK_ULONG_PTR*)ckpObjectPtr, ckpLength); - return; + jLongArrayToCKULongArray(env, jObject, (CK_ULONG_PTR*) &ckpObject, ckpLength); + return ckpObject; } jLongArrayClass = (*env)->FindClass(env, "[J"); - if (jLongArrayClass == NULL) { return; } + if (jLongArrayClass == NULL) { return NULL; } if ((*env)->IsInstanceOf(env, jObject, jLongArrayClass)) { - jLongArrayToCKULongArray(env, jObject, (CK_ULONG_PTR*)ckpObjectPtr, ckpLength); - return; + jLongArrayToCKULongArray(env, jObject, (CK_ULONG_PTR*) &ckpObject, ckpLength); + return ckpObject; } jStringClass = (*env)->FindClass(env, "java/lang/String"); - if (jStringClass == NULL) { return; } + if (jStringClass == NULL) { return NULL; } if ((*env)->IsInstanceOf(env, jObject, jStringClass)) { - jStringToCKUTF8CharArray(env, jObject, (CK_UTF8CHAR_PTR*)ckpObjectPtr, ckpLength); - return; + jStringToCKUTF8CharArray(env, jObject, (CK_UTF8CHAR_PTR*) &ckpObject, ckpLength); + return ckpObject; } /* type of jObject unknown, throw PKCS11RuntimeException */ jObjectClass = (*env)->FindClass(env, "java/lang/Object"); - if (jObjectClass == NULL) { return; } + if (jObjectClass == NULL) { return NULL; } jMethod = (*env)->GetMethodID(env, jObjectClass, "getClass", "()Ljava/lang/Class;"); - if (jMethod == NULL) { return; } + if (jMethod == NULL) { return NULL; } jClassObject = (*env)->CallObjectMethod(env, jObject, jMethod); assert(jClassObject != 0); jClassClass = (*env)->FindClass(env, "java/lang/Class"); - if (jClassClass == NULL) { return; } + if (jClassClass == NULL) { return NULL; } jMethod = (*env)->GetMethodID(env, jClassClass, "getName", "()Ljava/lang/String;"); - if (jMethod == NULL) { return; } + if (jMethod == NULL) { return NULL; } jClassNameString = (jstring) (*env)->CallObjectMethod(env, jClassObject, jMethod); assert(jClassNameString != 0); classNameString = (char*) (*env)->GetStringUTFChars(env, jClassNameString, NULL); - if (classNameString == NULL) { return; } + if (classNameString == NULL) { return NULL; } exceptionMsgPrefix = "Java object of this class cannot be converted to native PKCS#11 type: "; exceptionMsg = (char *) malloc((strlen(exceptionMsgPrefix) + strlen(classNameString) + 1)); if (exceptionMsg == NULL) { (*env)->ReleaseStringUTFChars(env, jClassNameString, classNameString); throwOutOfMemoryError(env, 0); - return; + return NULL; } strcpy(exceptionMsg, exceptionMsgPrefix); strcat(exceptionMsg, classNameString); (*env)->ReleaseStringUTFChars(env, jClassNameString, classNameString); throwPKCS11RuntimeException(env, exceptionMsg); free(exceptionMsg); - *ckpObjectPtr = NULL; *ckpLength = 0; TRACE0("FINISHED\n"); + return NULL; } #ifdef P11_MEMORYDEBUG diff --git a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs-11v2-20a3.h b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs-11v2-20a3.h deleted file mode 100644 index 0486fdf6a63..00000000000 --- a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs-11v2-20a3.h +++ /dev/null @@ -1,124 +0,0 @@ -/* pkcs-11v2-20a3.h include file for the PKCS #11 Version 2.20 Amendment 3 - document. */ - -/* $Revision: 1.4 $ */ - -/* License to copy and use this software is granted provided that it is - * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface - * (Cryptoki) Version 2.20 Amendment 3" in all material mentioning or - * referencing this software. - - * RSA Security Inc. makes no representations concerning either the - * merchantability of this software or the suitability of this software for - * any particular purpose. It is provided "as is" without express or implied - * warranty of any kind. - */ - -/* This file is preferably included after inclusion of pkcs11.h */ - -#ifndef _PKCS_11V2_20A3_H_ -#define _PKCS_11V2_20A3_H_ 1 - -/* Are the definitions of this file already included in pkcs11t.h ? */ -#ifndef CKK_CAMELLIA - -#ifdef __cplusplus -extern "C" { -#endif - -/* Key types */ - -/* Camellia is new for PKCS #11 v2.20 amendment 3 */ -#define CKK_CAMELLIA 0x00000025 -/* ARIA is new for PKCS #11 v2.20 amendment 3 */ -#define CKK_ARIA 0x00000026 - - -/* Mask-generating functions */ - -/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */ -#define CKG_MGF1_SHA224 0x00000005 - - -/* Mechanism Identifiers */ - -/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */ -#define CKM_SHA224 0x00000255 -#define CKM_SHA224_HMAC 0x00000256 -#define CKM_SHA224_HMAC_GENERAL 0x00000257 - -/* SHA-224 key derivation is new for PKCS #11 v2.20 amendment 3 */ -#define CKM_SHA224_KEY_DERIVATION 0x00000396 - -/* SHA-224 RSA mechanisms are new for PKCS #11 v2.20 amendment 3 */ -#define CKM_SHA224_RSA_PKCS 0x00000046 -#define CKM_SHA224_RSA_PKCS_PSS 0x00000047 - -/* AES counter mode is new for PKCS #11 v2.20 amendment 3 */ -#define CKM_AES_CTR 0x00001086 - -/* Camellia is new for PKCS #11 v2.20 amendment 3 */ -#define CKM_CAMELLIA_KEY_GEN 0x00000550 -#define CKM_CAMELLIA_ECB 0x00000551 -#define CKM_CAMELLIA_CBC 0x00000552 -#define CKM_CAMELLIA_MAC 0x00000553 -#define CKM_CAMELLIA_MAC_GENERAL 0x00000554 -#define CKM_CAMELLIA_CBC_PAD 0x00000555 -#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556 -#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557 -#define CKM_CAMELLIA_CTR 0x00000558 - -/* ARIA is new for PKCS #11 v2.20 amendment 3 */ -#define CKM_ARIA_KEY_GEN 0x00000560 -#define CKM_ARIA_ECB 0x00000561 -#define CKM_ARIA_CBC 0x00000562 -#define CKM_ARIA_MAC 0x00000563 -#define CKM_ARIA_MAC_GENERAL 0x00000564 -#define CKM_ARIA_CBC_PAD 0x00000565 -#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566 -#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567 - - -/* Mechanism parameters */ - -/* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */ -typedef struct CK_AES_CTR_PARAMS { - CK_ULONG ulCounterBits; - CK_BYTE cb[16]; -} CK_AES_CTR_PARAMS; - -typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR; - -/* CK_CAMELLIA_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */ -typedef struct CK_CAMELLIA_CTR_PARAMS { - CK_ULONG ulCounterBits; - CK_BYTE cb[16]; -} CK_CAMELLIA_CTR_PARAMS; - -typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR; - -/* CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */ -typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS { - CK_BYTE iv[16]; - CK_BYTE_PTR pData; - CK_ULONG length; -} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS; - -typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR; - -/* CK_ARIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */ -typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS { - CK_BYTE iv[16]; - CK_BYTE_PTR pData; - CK_ULONG length; -} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS; - -typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR; - -#ifdef __cplusplus -} -#endif - -#endif - -#endif diff --git a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11.h b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11.h index 37b59030508..6c84c8f3e9d 100644 --- a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11.h +++ b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11.h @@ -1,19 +1,12 @@ -/* pkcs11.h include file for PKCS #11. */ -/* $Revision: 1.4 $ */ +/* Copyright (c) OASIS Open 2016. All Rights Reserved./ + * /Distributed under the terms of the OASIS IPR Policy, + * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY + * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A + * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others. + */ -/* License to copy and use this software is granted provided that it is - * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface - * (Cryptoki)" in all material mentioning or referencing this software. - - * License is also granted to make and use derivative works provided that - * such works are identified as "derived from the RSA Security Inc. PKCS #11 - * Cryptographic Token Interface (Cryptoki)" in all material mentioning or - * referencing the derived work. - - * RSA Security Inc. makes no representations concerning either the - * merchantability of this software or the suitability of this software for - * any particular purpose. It is provided "as is" without express or implied - * warranty of any kind. +/* Latest version of the specification: + * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html */ #ifndef _PKCS11_H_ @@ -24,14 +17,14 @@ extern "C" { #endif /* Before including this file (pkcs11.h) (or pkcs11t.h by - * itself), 6 platform-specific macros must be defined. These + * itself), 5 platform-specific macros must be defined. These * macros are described below, and typical definitions for them * are also given. Be advised that these definitions can depend * on both the platform and the compiler used (and possibly also * on whether a Cryptoki library is linked statically or * dynamically). * - * In addition to defining these 6 macros, the packing convention + * In addition to defining these 5 macros, the packing convention * for Cryptoki structures should be set. The Cryptoki * convention on packing is that structures should be 1-byte * aligned. @@ -81,39 +74,7 @@ extern "C" { * #define CK_PTR * * * - * 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes - * an exportable Cryptoki library function definition out of a - * return type and a function name. It should be used in the - * following fashion to define the exposed Cryptoki functions in - * a Cryptoki library: - * - * CK_DEFINE_FUNCTION(CK_RV, C_Initialize)( - * CK_VOID_PTR pReserved - * ) - * { - * ... - * } - * - * If you're using Microsoft Developer Studio 5.0 to define a - * function in a Win32 Cryptoki .dll, it might be defined by: - * - * #define CK_DEFINE_FUNCTION(returnType, name) \ - * returnType __declspec(dllexport) name - * - * If you're using an earlier version of Microsoft Developer - * Studio to define a function in a Win16 Cryptoki .dll, it - * might be defined by: - * - * #define CK_DEFINE_FUNCTION(returnType, name) \ - * returnType __export _far _pascal name - * - * In a UNIX environment, it might be defined by: - * - * #define CK_DEFINE_FUNCTION(returnType, name) \ - * returnType name - * - * - * 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes + * 2. CK_DECLARE_FUNCTION(returnType, name): A macro which makes * an importable Cryptoki library function declaration out of a * return type and a function name. It should be used in the * following fashion: @@ -141,7 +102,7 @@ extern "C" { * returnType name * * - * 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro + * 3. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro * which makes a Cryptoki API function pointer declaration or * function pointer type declaration out of a return type and a * function name. It should be used in the following fashion: @@ -178,7 +139,7 @@ extern "C" { * returnType (* name) * * - * 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes + * 4. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes * a function pointer type for an application callback out of * a return type for the callback and a name for the callback. * It should be used in the following fashion: @@ -210,7 +171,7 @@ extern "C" { * returnType (* name) * * - * 6. NULL_PTR: This macro is the value of a NULL pointer. + * 5. NULL_PTR: This macro is the value of a NULL pointer. * * In any ANSI/ISO C environment (and in many others as well), * this should best be defined by @@ -222,7 +183,8 @@ extern "C" { /* All the various Cryptoki types and #define'd values are in the - * file pkcs11t.h. */ + * file pkcs11t.h. + */ #include "pkcs11t.h" #define __PASTE(x,y) x##y @@ -238,7 +200,8 @@ extern "C" { extern CK_DECLARE_FUNCTION(CK_RV, name) /* pkcs11f.h has all the information about the Cryptoki - * function prototypes. */ + * function prototypes. + */ #include "pkcs11f.h" #undef CK_NEED_ARG_LIST @@ -257,7 +220,8 @@ extern "C" { typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name)) /* pkcs11f.h has all the information about the Cryptoki - * function prototypes. */ + * function prototypes. + */ #include "pkcs11f.h" #undef CK_NEED_ARG_LIST @@ -282,7 +246,8 @@ struct CK_FUNCTION_LIST { /* Pile all the function pointers into the CK_FUNCTION_LIST. */ /* pkcs11f.h has all the information about the Cryptoki - * function prototypes. */ + * function prototypes. + */ #include "pkcs11f.h" }; @@ -296,4 +261,5 @@ struct CK_FUNCTION_LIST { } #endif -#endif +#endif /* _PKCS11_H_ */ + diff --git a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11f.h b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11f.h index bbd957bc17c..87afebf2d44 100644 --- a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11f.h +++ b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11f.h @@ -1,26 +1,20 @@ -/* pkcs11f.h include file for PKCS #11. */ -/* $Revision: 1.4 $ */ - -/* License to copy and use this software is granted provided that it is - * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface - * (Cryptoki)" in all material mentioning or referencing this software. - - * License is also granted to make and use derivative works provided that - * such works are identified as "derived from the RSA Security Inc. PKCS #11 - * Cryptographic Token Interface (Cryptoki)" in all material mentioning or - * referencing the derived work. - - * RSA Security Inc. makes no representations concerning either the - * merchantability of this software or the suitability of this software for - * any particular purpose. It is provided "as is" without express or implied - * warranty of any kind. +/* Copyright (c) OASIS Open 2016. All Rights Reserved./ + * /Distributed under the terms of the OASIS IPR Policy, + * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY + * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A + * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others. */ -/* This header file contains pretty much everything about all the */ -/* Cryptoki function prototypes. Because this information is */ -/* used for more than just declaring function prototypes, the */ -/* order of the functions appearing herein is important, and */ -/* should not be altered. */ +/* Latest version of the specification: + * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html + */ + +/* This header file contains pretty much everything about all the + * Cryptoki function prototypes. Because this information is + * used for more than just declaring function prototypes, the + * order of the functions appearing herein is important, and + * should not be altered. + */ /* General-purpose */ @@ -30,13 +24,15 @@ CK_PKCS11_FUNCTION_INFO(C_Initialize) ( CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets * cast to CK_C_INITIALIZE_ARGS_PTR - * and dereferenced */ + * and dereferenced + */ ); #endif /* C_Finalize indicates that an application is done with the - * Cryptoki library. */ + * Cryptoki library. + */ CK_PKCS11_FUNCTION_INFO(C_Finalize) #ifdef CK_NEED_ARG_LIST ( @@ -59,7 +55,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetFunctionList) #ifdef CK_NEED_ARG_LIST ( CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to - * function list */ + * function list + */ ); #endif @@ -71,7 +68,7 @@ CK_PKCS11_FUNCTION_INFO(C_GetFunctionList) CK_PKCS11_FUNCTION_INFO(C_GetSlotList) #ifdef CK_NEED_ARG_LIST ( - CK_BBOOL tokenPresent, /* only slots with tokens? */ + CK_BBOOL tokenPresent, /* only slots with tokens */ CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */ CK_ULONG_PTR pulCount /* receives number of slots */ ); @@ -79,7 +76,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetSlotList) /* C_GetSlotInfo obtains information about a particular slot in - * the system. */ + * the system. + */ CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo) #ifdef CK_NEED_ARG_LIST ( @@ -90,7 +88,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo) /* C_GetTokenInfo obtains information about a particular token - * in the system. */ + * in the system. + */ CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo) #ifdef CK_NEED_ARG_LIST ( @@ -101,7 +100,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo) /* C_GetMechanismList obtains a list of mechanism types - * supported by a token. */ + * supported by a token. + */ CK_PKCS11_FUNCTION_INFO(C_GetMechanismList) #ifdef CK_NEED_ARG_LIST ( @@ -113,7 +113,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetMechanismList) /* C_GetMechanismInfo obtains information about a particular - * mechanism possibly supported by a token. */ + * mechanism possibly supported by a token. + */ CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo) #ifdef CK_NEED_ARG_LIST ( @@ -127,7 +128,6 @@ CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo) /* C_InitToken initializes a token. */ CK_PKCS11_FUNCTION_INFO(C_InitToken) #ifdef CK_NEED_ARG_LIST -/* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */ ( CK_SLOT_ID slotID, /* ID of the token's slot */ CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */ @@ -165,7 +165,8 @@ CK_PKCS11_FUNCTION_INFO(C_SetPIN) /* Session management */ /* C_OpenSession opens a session between an application and a - * token. */ + * token. + */ CK_PKCS11_FUNCTION_INFO(C_OpenSession) #ifdef CK_NEED_ARG_LIST ( @@ -179,7 +180,8 @@ CK_PKCS11_FUNCTION_INFO(C_OpenSession) /* C_CloseSession closes a session between an application and a - * token. */ + * token. + */ CK_PKCS11_FUNCTION_INFO(C_CloseSession) #ifdef CK_NEED_ARG_LIST ( @@ -208,7 +210,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo) /* C_GetOperationState obtains the state of the cryptographic operation - * in a session. */ + * in a session. + */ CK_PKCS11_FUNCTION_INFO(C_GetOperationState) #ifdef CK_NEED_ARG_LIST ( @@ -220,7 +223,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetOperationState) /* C_SetOperationState restores the state of the cryptographic - * operation in a session. */ + * operation in a session. + */ CK_PKCS11_FUNCTION_INFO(C_SetOperationState) #ifdef CK_NEED_ARG_LIST ( @@ -270,7 +274,8 @@ CK_PKCS11_FUNCTION_INFO(C_CreateObject) /* C_CopyObject copies an object, creating a new object for the - * copy. */ + * copy. + */ CK_PKCS11_FUNCTION_INFO(C_CopyObject) #ifdef CK_NEED_ARG_LIST ( @@ -305,7 +310,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetObjectSize) /* C_GetAttributeValue obtains the value of one or more object - * attributes. */ + * attributes. + */ CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue) #ifdef CK_NEED_ARG_LIST ( @@ -318,7 +324,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue) /* C_SetAttributeValue modifies the value of one or more object - * attributes */ + * attributes. + */ CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue) #ifdef CK_NEED_ARG_LIST ( @@ -331,7 +338,8 @@ CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue) /* C_FindObjectsInit initializes a search for token and session - * objects that match a template. */ + * objects that match a template. + */ CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit) #ifdef CK_NEED_ARG_LIST ( @@ -344,7 +352,8 @@ CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit) /* C_FindObjects continues a search for token and session * objects that match a template, obtaining additional object - * handles. */ + * handles. + */ CK_PKCS11_FUNCTION_INFO(C_FindObjects) #ifdef CK_NEED_ARG_LIST ( @@ -357,7 +366,8 @@ CK_PKCS11_FUNCTION_INFO(C_FindObjects) /* C_FindObjectsFinal finishes a search for token and session - * objects. */ + * objects. + */ CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal) #ifdef CK_NEED_ARG_LIST ( @@ -394,7 +404,8 @@ CK_PKCS11_FUNCTION_INFO(C_Encrypt) /* C_EncryptUpdate continues a multiple-part encryption - * operation. */ + * operation. + */ CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -408,7 +419,8 @@ CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate) /* C_EncryptFinal finishes a multiple-part encryption - * operation. */ + * operation. + */ CK_PKCS11_FUNCTION_INFO(C_EncryptFinal) #ifdef CK_NEED_ARG_LIST ( @@ -444,7 +456,8 @@ CK_PKCS11_FUNCTION_INFO(C_Decrypt) /* C_DecryptUpdate continues a multiple-part decryption - * operation. */ + * operation. + */ CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -458,7 +471,8 @@ CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate) /* C_DecryptFinal finishes a multiple-part decryption - * operation. */ + * operation. + */ CK_PKCS11_FUNCTION_INFO(C_DecryptFinal) #ifdef CK_NEED_ARG_LIST ( @@ -496,7 +510,8 @@ CK_PKCS11_FUNCTION_INFO(C_Digest) /* C_DigestUpdate continues a multiple-part message-digesting - * operation. */ + * operation. + */ CK_PKCS11_FUNCTION_INFO(C_DigestUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -509,7 +524,8 @@ CK_PKCS11_FUNCTION_INFO(C_DigestUpdate) /* C_DigestKey continues a multi-part message-digesting * operation, by digesting the value of a secret key as part of - * the data already digested. */ + * the data already digested. + */ CK_PKCS11_FUNCTION_INFO(C_DigestKey) #ifdef CK_NEED_ARG_LIST ( @@ -520,7 +536,8 @@ CK_PKCS11_FUNCTION_INFO(C_DigestKey) /* C_DigestFinal finishes a multiple-part message-digesting - * operation. */ + * operation. + */ CK_PKCS11_FUNCTION_INFO(C_DigestFinal) #ifdef CK_NEED_ARG_LIST ( @@ -537,7 +554,8 @@ CK_PKCS11_FUNCTION_INFO(C_DigestFinal) /* C_SignInit initializes a signature (private key encryption) * operation, where the signature is (will be) an appendix to * the data, and plaintext cannot be recovered from the - *signature. */ + * signature. + */ CK_PKCS11_FUNCTION_INFO(C_SignInit) #ifdef CK_NEED_ARG_LIST ( @@ -550,7 +568,8 @@ CK_PKCS11_FUNCTION_INFO(C_SignInit) /* C_Sign signs (encrypts with private key) data in a single * part, where the signature is (will be) an appendix to the - * data, and plaintext cannot be recovered from the signature. */ + * data, and plaintext cannot be recovered from the signature. + */ CK_PKCS11_FUNCTION_INFO(C_Sign) #ifdef CK_NEED_ARG_LIST ( @@ -565,7 +584,8 @@ CK_PKCS11_FUNCTION_INFO(C_Sign) /* C_SignUpdate continues a multiple-part signature operation, * where the signature is (will be) an appendix to the data, - * and plaintext cannot be recovered from the signature. */ + * and plaintext cannot be recovered from the signature. + */ CK_PKCS11_FUNCTION_INFO(C_SignUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -577,7 +597,8 @@ CK_PKCS11_FUNCTION_INFO(C_SignUpdate) /* C_SignFinal finishes a multiple-part signature operation, - * returning the signature. */ + * returning the signature. + */ CK_PKCS11_FUNCTION_INFO(C_SignFinal) #ifdef CK_NEED_ARG_LIST ( @@ -589,7 +610,8 @@ CK_PKCS11_FUNCTION_INFO(C_SignFinal) /* C_SignRecoverInit initializes a signature operation, where - * the data can be recovered from the signature. */ + * the data can be recovered from the signature. + */ CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit) #ifdef CK_NEED_ARG_LIST ( @@ -601,7 +623,8 @@ CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit) /* C_SignRecover signs data in a single operation, where the - * data can be recovered from the signature. */ + * data can be recovered from the signature. + */ CK_PKCS11_FUNCTION_INFO(C_SignRecover) #ifdef CK_NEED_ARG_LIST ( @@ -619,7 +642,8 @@ CK_PKCS11_FUNCTION_INFO(C_SignRecover) /* C_VerifyInit initializes a verification operation, where the * signature is an appendix to the data, and plaintext cannot - * cannot be recovered from the signature (e.g. DSA). */ + * cannot be recovered from the signature (e.g. DSA). + */ CK_PKCS11_FUNCTION_INFO(C_VerifyInit) #ifdef CK_NEED_ARG_LIST ( @@ -632,7 +656,8 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyInit) /* C_Verify verifies a signature in a single-part operation, * where the signature is an appendix to the data, and plaintext - * cannot be recovered from the signature. */ + * cannot be recovered from the signature. + */ CK_PKCS11_FUNCTION_INFO(C_Verify) #ifdef CK_NEED_ARG_LIST ( @@ -647,7 +672,8 @@ CK_PKCS11_FUNCTION_INFO(C_Verify) /* C_VerifyUpdate continues a multiple-part verification * operation, where the signature is an appendix to the data, - * and plaintext cannot be recovered from the signature. */ + * and plaintext cannot be recovered from the signature. + */ CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -659,7 +685,8 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate) /* C_VerifyFinal finishes a multiple-part verification - * operation, checking the signature. */ + * operation, checking the signature. + */ CK_PKCS11_FUNCTION_INFO(C_VerifyFinal) #ifdef CK_NEED_ARG_LIST ( @@ -671,7 +698,8 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyFinal) /* C_VerifyRecoverInit initializes a signature verification - * operation, where the data is recovered from the signature. */ + * operation, where the data is recovered from the signature. + */ CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit) #ifdef CK_NEED_ARG_LIST ( @@ -683,7 +711,8 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit) /* C_VerifyRecover verifies a signature in a single-part - * operation, where the data is recovered from the signature. */ + * operation, where the data is recovered from the signature. + */ CK_PKCS11_FUNCTION_INFO(C_VerifyRecover) #ifdef CK_NEED_ARG_LIST ( @@ -700,7 +729,8 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyRecover) /* Dual-function cryptographic operations */ /* C_DigestEncryptUpdate continues a multiple-part digesting - * and encryption operation. */ + * and encryption operation. + */ CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -714,7 +744,8 @@ CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate) /* C_DecryptDigestUpdate continues a multiple-part decryption and - * digesting operation. */ + * digesting operation. + */ CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -728,7 +759,8 @@ CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate) /* C_SignEncryptUpdate continues a multiple-part signing and - * encryption operation. */ + * encryption operation. + */ CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -742,7 +774,8 @@ CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate) /* C_DecryptVerifyUpdate continues a multiple-part decryption and - * verify operation. */ + * verify operation. + */ CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -759,7 +792,8 @@ CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate) /* Key management */ /* C_GenerateKey generates a secret key, creating a new key - * object. */ + * object. + */ CK_PKCS11_FUNCTION_INFO(C_GenerateKey) #ifdef CK_NEED_ARG_LIST ( @@ -773,30 +807,19 @@ CK_PKCS11_FUNCTION_INFO(C_GenerateKey) /* C_GenerateKeyPair generates a public-key/private-key pair, - * creating new key objects. */ + * creating new key objects. + */ CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair) #ifdef CK_NEED_ARG_LIST ( - CK_SESSION_HANDLE hSession, /* session - * handle */ - CK_MECHANISM_PTR pMechanism, /* key-gen - * mech. */ - CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template - * for pub. - * key */ - CK_ULONG ulPublicKeyAttributeCount, /* # pub. - * attrs. */ - CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template - * for priv. - * key */ - CK_ULONG ulPrivateKeyAttributeCount, /* # priv. - * attrs. */ - CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub. - * key - * handle */ - CK_OBJECT_HANDLE_PTR phPrivateKey /* gets - * priv. key - * handle */ + CK_SESSION_HANDLE hSession, /* session handle */ + CK_MECHANISM_PTR pMechanism, /* key-gen mech. */ + CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template for pub. key */ + CK_ULONG ulPublicKeyAttributeCount, /* # pub. attrs. */ + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template for priv. key */ + CK_ULONG ulPrivateKeyAttributeCount, /* # priv. attrs. */ + CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub. key handle */ + CK_OBJECT_HANDLE_PTR phPrivateKey /* gets priv. key handle */ ); #endif @@ -816,7 +839,8 @@ CK_PKCS11_FUNCTION_INFO(C_WrapKey) /* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new - * key object. */ + * key object. + */ CK_PKCS11_FUNCTION_INFO(C_UnwrapKey) #ifdef CK_NEED_ARG_LIST ( @@ -833,7 +857,8 @@ CK_PKCS11_FUNCTION_INFO(C_UnwrapKey) /* C_DeriveKey derives a key from a base key, creating a new key - * object. */ + * object. + */ CK_PKCS11_FUNCTION_INFO(C_DeriveKey) #ifdef CK_NEED_ARG_LIST ( @@ -851,7 +876,8 @@ CK_PKCS11_FUNCTION_INFO(C_DeriveKey) /* Random number generation */ /* C_SeedRandom mixes additional seed material into the token's - * random number generator. */ + * random number generator. + */ CK_PKCS11_FUNCTION_INFO(C_SeedRandom) #ifdef CK_NEED_ARG_LIST ( @@ -878,7 +904,8 @@ CK_PKCS11_FUNCTION_INFO(C_GenerateRandom) /* C_GetFunctionStatus is a legacy function; it obtains an * updated status of a function running in parallel with an - * application. */ + * application. + */ CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus) #ifdef CK_NEED_ARG_LIST ( @@ -888,7 +915,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus) /* C_CancelFunction is a legacy function; it cancels a function - * running in parallel. */ + * running in parallel. + */ CK_PKCS11_FUNCTION_INFO(C_CancelFunction) #ifdef CK_NEED_ARG_LIST ( @@ -897,11 +925,9 @@ CK_PKCS11_FUNCTION_INFO(C_CancelFunction) #endif - -/* Functions added in for Cryptoki Version 2.01 or later */ - /* C_WaitForSlotEvent waits for a slot event (token insertion, - * removal, etc.) to occur. */ + * removal, etc.) to occur. + */ CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent) #ifdef CK_NEED_ARG_LIST ( @@ -910,3 +936,4 @@ CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent) CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */ ); #endif + diff --git a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11t.h b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11t.h index 00174e1a97a..c3c6b96f281 100644 --- a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11t.h +++ b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11t.h @@ -1,36 +1,33 @@ -/* pkcs11t.h include file for PKCS #11. */ -/* $Revision: 1.6 $ */ +/* Copyright (c) OASIS Open 2016. All Rights Reserved./ + * /Distributed under the terms of the OASIS IPR Policy, + * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY + * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A + * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others. + */ -/* License to copy and use this software is granted provided that it is - * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface - * (Cryptoki)" in all material mentioning or referencing this software. - - * License is also granted to make and use derivative works provided that - * such works are identified as "derived from the RSA Security Inc. PKCS #11 - * Cryptographic Token Interface (Cryptoki)" in all material mentioning or - * referencing the derived work. - - * RSA Security Inc. makes no representations concerning either the - * merchantability of this software or the suitability of this software for - * any particular purpose. It is provided "as is" without express or implied - * warranty of any kind. +/* Latest version of the specification: + * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html */ /* See top of pkcs11.h for information about the macros that * must be defined and the structure-packing conventions that - * must be set before including this file. */ + * must be set before including this file. + */ #ifndef _PKCS11T_H_ #define _PKCS11T_H_ 1 -#define CK_TRUE 1 -#define CK_FALSE 0 +#define CRYPTOKI_VERSION_MAJOR 2 +#define CRYPTOKI_VERSION_MINOR 40 +#define CRYPTOKI_VERSION_AMENDMENT 0 + +#define CK_TRUE 1 +#define CK_FALSE 0 #ifndef CK_DISABLE_TRUE_FALSE #ifndef FALSE #define FALSE CK_FALSE #endif - #ifndef TRUE #define TRUE CK_TRUE #endif @@ -52,7 +49,6 @@ typedef CK_BYTE CK_BBOOL; typedef unsigned long int CK_ULONG; /* a signed value, the same size as a CK_ULONG */ -/* CK_LONG is new for v2.0 */ typedef long int CK_LONG; /* at least 32 bits; each bit is a Boolean flag */ @@ -60,8 +56,8 @@ typedef CK_ULONG CK_FLAGS; /* some special values for certain CK_ULONG variables */ -#define CK_UNAVAILABLE_INFORMATION (~0UL) -#define CK_EFFECTIVELY_INFINITE 0 +#define CK_UNAVAILABLE_INFORMATION (~0UL) +#define CK_EFFECTIVELY_INFINITE 0UL typedef CK_BYTE CK_PTR CK_BYTE_PTR; @@ -74,9 +70,10 @@ typedef void CK_PTR CK_VOID_PTR; typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR; -/* The following value is always invalid if used as a session */ -/* handle or object handle */ -#define CK_INVALID_HANDLE 0 +/* The following value is always invalid if used as a session + * handle or object handle + */ +#define CK_INVALID_HANDLE 0UL typedef struct CK_VERSION { @@ -88,13 +85,9 @@ typedef CK_VERSION CK_PTR CK_VERSION_PTR; typedef struct CK_INFO { - /* manufacturerID and libraryDecription have been changed from - * CK_CHAR to CK_UTF8CHAR for v2.10 */ CK_VERSION cryptokiVersion; /* Cryptoki interface ver */ CK_UTF8CHAR manufacturerID[32]; /* blank padded */ CK_FLAGS flags; /* must be zero */ - - /* libraryDescription and libraryVersion are new for v2.0 */ CK_UTF8CHAR libraryDescription[32]; /* blank padded */ CK_VERSION libraryVersion; /* version of library */ } CK_INFO; @@ -103,12 +96,11 @@ typedef CK_INFO CK_PTR CK_INFO_PTR; /* CK_NOTIFICATION enumerates the types of notifications that - * Cryptoki provides to an application */ -/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG - * for v2.0 */ + * Cryptoki provides to an application + */ typedef CK_ULONG CK_NOTIFICATION; -#define CKN_SURRENDER 0 - +#define CKN_SURRENDER 0UL +#define CKN_OTP_CHANGED 1UL typedef CK_ULONG CK_SLOT_ID; @@ -117,13 +109,10 @@ typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR; /* CK_SLOT_INFO provides information about a slot */ typedef struct CK_SLOT_INFO { - /* slotDescription and manufacturerID have been changed from - * CK_CHAR to CK_UTF8CHAR for v2.10 */ CK_UTF8CHAR slotDescription[64]; /* blank padded */ CK_UTF8CHAR manufacturerID[32]; /* blank padded */ CK_FLAGS flags; - /* hardwareVersion and firmwareVersion are new for v2.0 */ CK_VERSION hardwareVersion; /* version of hardware */ CK_VERSION firmwareVersion; /* version of firmware */ } CK_SLOT_INFO; @@ -131,26 +120,21 @@ typedef struct CK_SLOT_INFO { /* flags: bit flags that provide capabilities of the slot * Bit Flag Mask Meaning */ -#define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */ -#define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices*/ -#define CKF_HW_SLOT 0x00000004 /* hardware slot */ +#define CKF_TOKEN_PRESENT 0x00000001UL /* a token is there */ +#define CKF_REMOVABLE_DEVICE 0x00000002UL /* removable devices*/ +#define CKF_HW_SLOT 0x00000004UL /* hardware slot */ typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR; /* CK_TOKEN_INFO provides information about a token */ typedef struct CK_TOKEN_INFO { - /* label, manufacturerID, and model have been changed from - * CK_CHAR to CK_UTF8CHAR for v2.10 */ CK_UTF8CHAR label[32]; /* blank padded */ CK_UTF8CHAR manufacturerID[32]; /* blank padded */ CK_UTF8CHAR model[16]; /* blank padded */ CK_CHAR serialNumber[16]; /* blank padded */ CK_FLAGS flags; /* see below */ - /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount, - * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been - * changed from CK_USHORT to CK_ULONG for v2.0 */ CK_ULONG ulMaxSessionCount; /* max open sessions */ CK_ULONG ulSessionCount; /* sess. now open */ CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */ @@ -161,9 +145,6 @@ typedef struct CK_TOKEN_INFO { CK_ULONG ulFreePublicMemory; /* in bytes */ CK_ULONG ulTotalPrivateMemory; /* in bytes */ CK_ULONG ulFreePrivateMemory; /* in bytes */ - - /* hardwareVersion, firmwareVersion, and time are new for - * v2.0 */ CK_VERSION hardwareVersion; /* version of hardware */ CK_VERSION firmwareVersion; /* version of firmware */ CK_CHAR utcTime[16]; /* time */ @@ -172,146 +153,149 @@ typedef struct CK_TOKEN_INFO { /* The flags parameter is defined as follows: * Bit Flag Mask Meaning */ -#define CKF_RNG 0x00000001 /* has random # - * generator */ -#define CKF_WRITE_PROTECTED 0x00000002 /* token is - * write- - * protected */ -#define CKF_LOGIN_REQUIRED 0x00000004 /* user must - * login */ -#define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's - * PIN is set */ +#define CKF_RNG 0x00000001UL /* has random # generator */ +#define CKF_WRITE_PROTECTED 0x00000002UL /* token is write-protected */ +#define CKF_LOGIN_REQUIRED 0x00000004UL /* user must login */ +#define CKF_USER_PIN_INITIALIZED 0x00000008UL /* normal user's PIN is set */ -/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set, +/* CKF_RESTORE_KEY_NOT_NEEDED. If it is set, * that means that *every* time the state of cryptographic * operations of a session is successfully saved, all keys - * needed to continue those operations are stored in the state */ -#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020 + * needed to continue those operations are stored in the state + */ +#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020UL -/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means +/* CKF_CLOCK_ON_TOKEN. If it is set, that means * that the token has some sort of clock. The time on that - * clock is returned in the token info structure */ -#define CKF_CLOCK_ON_TOKEN 0x00000040 + * clock is returned in the token info structure + */ +#define CKF_CLOCK_ON_TOKEN 0x00000040UL -/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is +/* CKF_PROTECTED_AUTHENTICATION_PATH. If it is * set, that means that there is some way for the user to login - * without sending a PIN through the Cryptoki library itself */ -#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100 + * without sending a PIN through the Cryptoki library itself + */ +#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100UL -/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true, +/* CKF_DUAL_CRYPTO_OPERATIONS. If it is true, * that means that a single session with the token can perform * dual simultaneous cryptographic operations (digest and * encrypt; decrypt and digest; sign and encrypt; and decrypt - * and sign) */ -#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200 + * and sign) + */ +#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200UL -/* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the +/* CKF_TOKEN_INITIALIZED. If it is true, the * token has been initialized using C_InitializeToken or an * equivalent mechanism outside the scope of PKCS #11. * Calling C_InitializeToken when this flag is set will cause - * the token to be reinitialized. */ -#define CKF_TOKEN_INITIALIZED 0x00000400 + * the token to be reinitialized. + */ +#define CKF_TOKEN_INITIALIZED 0x00000400UL -/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is +/* CKF_SECONDARY_AUTHENTICATION. If it is * true, the token supports secondary authentication for - * private key objects. This flag is deprecated in v2.11 and - onwards. */ -#define CKF_SECONDARY_AUTHENTICATION 0x00000800 + * private key objects. + */ +#define CKF_SECONDARY_AUTHENTICATION 0x00000800UL -/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an +/* CKF_USER_PIN_COUNT_LOW. If it is true, an * incorrect user login PIN has been entered at least once - * since the last successful authentication. */ -#define CKF_USER_PIN_COUNT_LOW 0x00010000 + * since the last successful authentication. + */ +#define CKF_USER_PIN_COUNT_LOW 0x00010000UL -/* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true, - * supplying an incorrect user PIN will it to become locked. */ -#define CKF_USER_PIN_FINAL_TRY 0x00020000 +/* CKF_USER_PIN_FINAL_TRY. If it is true, + * supplying an incorrect user PIN will it to become locked. + */ +#define CKF_USER_PIN_FINAL_TRY 0x00020000UL -/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the +/* CKF_USER_PIN_LOCKED. If it is true, the * user PIN has been locked. User login to the token is not - * possible. */ -#define CKF_USER_PIN_LOCKED 0x00040000 + * possible. + */ +#define CKF_USER_PIN_LOCKED 0x00040000UL -/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true, +/* CKF_USER_PIN_TO_BE_CHANGED. If it is true, * the user PIN value is the default value set by token * initialization or manufacturing, or the PIN has been - * expired by the card. */ -#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000 + * expired by the card. + */ +#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000UL -/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an +/* CKF_SO_PIN_COUNT_LOW. If it is true, an * incorrect SO login PIN has been entered at least once since - * the last successful authentication. */ -#define CKF_SO_PIN_COUNT_LOW 0x00100000 + * the last successful authentication. + */ +#define CKF_SO_PIN_COUNT_LOW 0x00100000UL -/* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true, - * supplying an incorrect SO PIN will it to become locked. */ -#define CKF_SO_PIN_FINAL_TRY 0x00200000 +/* CKF_SO_PIN_FINAL_TRY. If it is true, + * supplying an incorrect SO PIN will it to become locked. + */ +#define CKF_SO_PIN_FINAL_TRY 0x00200000UL -/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO +/* CKF_SO_PIN_LOCKED. If it is true, the SO * PIN has been locked. SO login to the token is not possible. */ -#define CKF_SO_PIN_LOCKED 0x00400000 +#define CKF_SO_PIN_LOCKED 0x00400000UL -/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true, +/* CKF_SO_PIN_TO_BE_CHANGED. If it is true, * the SO PIN value is the default value set by token * initialization or manufacturing, or the PIN has been - * expired by the card. */ -#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000 + * expired by the card. + */ +#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000UL + +#define CKF_ERROR_STATE 0x01000000UL typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR; /* CK_SESSION_HANDLE is a Cryptoki-assigned value that - * identifies a session */ + * identifies a session + */ typedef CK_ULONG CK_SESSION_HANDLE; typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR; /* CK_USER_TYPE enumerates the types of Cryptoki users */ -/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for - * v2.0 */ typedef CK_ULONG CK_USER_TYPE; /* Security Officer */ -#define CKU_SO 0 +#define CKU_SO 0UL /* Normal user */ -#define CKU_USER 1 -/* Context specific (added in v2.20) */ -#define CKU_CONTEXT_SPECIFIC 2 +#define CKU_USER 1UL +/* Context specific */ +#define CKU_CONTEXT_SPECIFIC 2UL /* CK_STATE enumerates the session states */ -/* CK_STATE has been changed from an enum to a CK_ULONG for - * v2.0 */ typedef CK_ULONG CK_STATE; -#define CKS_RO_PUBLIC_SESSION 0 -#define CKS_RO_USER_FUNCTIONS 1 -#define CKS_RW_PUBLIC_SESSION 2 -#define CKS_RW_USER_FUNCTIONS 3 -#define CKS_RW_SO_FUNCTIONS 4 - +#define CKS_RO_PUBLIC_SESSION 0UL +#define CKS_RO_USER_FUNCTIONS 1UL +#define CKS_RW_PUBLIC_SESSION 2UL +#define CKS_RW_USER_FUNCTIONS 3UL +#define CKS_RW_SO_FUNCTIONS 4UL /* CK_SESSION_INFO provides information about a session */ typedef struct CK_SESSION_INFO { CK_SLOT_ID slotID; CK_STATE state; CK_FLAGS flags; /* see below */ - - /* ulDeviceError was changed from CK_USHORT to CK_ULONG for - * v2.0 */ CK_ULONG ulDeviceError; /* device-dependent error code */ } CK_SESSION_INFO; /* The flags are defined in the following table: * Bit Flag Mask Meaning */ -#define CKF_RW_SESSION 0x00000002 /* session is r/w */ -#define CKF_SERIAL_SESSION 0x00000004 /* no parallel */ +#define CKF_RW_SESSION 0x00000002UL /* session is r/w */ +#define CKF_SERIAL_SESSION 0x00000004UL /* no parallel */ typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR; /* CK_OBJECT_HANDLE is a token-specific identifier for an - * object */ + * object + */ typedef CK_ULONG CK_OBJECT_HANDLE; typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR; @@ -319,251 +303,273 @@ typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR; /* CK_OBJECT_CLASS is a value that identifies the classes (or * types) of objects that Cryptoki recognizes. It is defined - * as follows: */ -/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for - * v2.0 */ + * as follows: + */ typedef CK_ULONG CK_OBJECT_CLASS; /* The following classes of objects are defined: */ -/* CKO_HW_FEATURE is new for v2.10 */ -/* CKO_DOMAIN_PARAMETERS is new for v2.11 */ -/* CKO_MECHANISM is new for v2.20 */ -#define CKO_DATA 0x00000000 -#define CKO_CERTIFICATE 0x00000001 -#define CKO_PUBLIC_KEY 0x00000002 -#define CKO_PRIVATE_KEY 0x00000003 -#define CKO_SECRET_KEY 0x00000004 -#define CKO_HW_FEATURE 0x00000005 -#define CKO_DOMAIN_PARAMETERS 0x00000006 -#define CKO_MECHANISM 0x00000007 -#define CKO_VENDOR_DEFINED 0x80000000 +#define CKO_DATA 0x00000000UL +#define CKO_CERTIFICATE 0x00000001UL +#define CKO_PUBLIC_KEY 0x00000002UL +#define CKO_PRIVATE_KEY 0x00000003UL +#define CKO_SECRET_KEY 0x00000004UL +#define CKO_HW_FEATURE 0x00000005UL +#define CKO_DOMAIN_PARAMETERS 0x00000006UL +#define CKO_MECHANISM 0x00000007UL +#define CKO_OTP_KEY 0x00000008UL + +#define CKO_VENDOR_DEFINED 0x80000000UL typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR; -/* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a - * value that identifies the hardware feature type of an object - * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */ +/* CK_HW_FEATURE_TYPE is a value that identifies the hardware feature type + * of an object with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. + */ typedef CK_ULONG CK_HW_FEATURE_TYPE; /* The following hardware feature types are defined */ -/* CKH_USER_INTERFACE is new for v2.20 */ -#define CKH_MONOTONIC_COUNTER 0x00000001 -#define CKH_CLOCK 0x00000002 -#define CKH_USER_INTERFACE 0x00000003 -#define CKH_VENDOR_DEFINED 0x80000000 +#define CKH_MONOTONIC_COUNTER 0x00000001UL +#define CKH_CLOCK 0x00000002UL +#define CKH_USER_INTERFACE 0x00000003UL +#define CKH_VENDOR_DEFINED 0x80000000UL /* CK_KEY_TYPE is a value that identifies a key type */ -/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */ typedef CK_ULONG CK_KEY_TYPE; /* the following key types are defined: */ -#define CKK_RSA 0x00000000 -#define CKK_DSA 0x00000001 -#define CKK_DH 0x00000002 +#define CKK_RSA 0x00000000UL +#define CKK_DSA 0x00000001UL +#define CKK_DH 0x00000002UL +#define CKK_ECDSA 0x00000003UL /* Deprecated */ +#define CKK_EC 0x00000003UL +#define CKK_X9_42_DH 0x00000004UL +#define CKK_KEA 0x00000005UL +#define CKK_GENERIC_SECRET 0x00000010UL +#define CKK_RC2 0x00000011UL +#define CKK_RC4 0x00000012UL +#define CKK_DES 0x00000013UL +#define CKK_DES2 0x00000014UL +#define CKK_DES3 0x00000015UL +#define CKK_CAST 0x00000016UL +#define CKK_CAST3 0x00000017UL +#define CKK_CAST5 0x00000018UL /* Deprecated */ +#define CKK_CAST128 0x00000018UL +#define CKK_RC5 0x00000019UL +#define CKK_IDEA 0x0000001AUL +#define CKK_SKIPJACK 0x0000001BUL +#define CKK_BATON 0x0000001CUL +#define CKK_JUNIPER 0x0000001DUL +#define CKK_CDMF 0x0000001EUL +#define CKK_AES 0x0000001FUL +#define CKK_BLOWFISH 0x00000020UL +#define CKK_TWOFISH 0x00000021UL +#define CKK_SECURID 0x00000022UL +#define CKK_HOTP 0x00000023UL +#define CKK_ACTI 0x00000024UL +#define CKK_CAMELLIA 0x00000025UL +#define CKK_ARIA 0x00000026UL -/* CKK_ECDSA and CKK_KEA are new for v2.0 */ -/* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */ -#define CKK_ECDSA 0x00000003 -#define CKK_EC 0x00000003 -#define CKK_X9_42_DH 0x00000004 -#define CKK_KEA 0x00000005 +#define CKK_MD5_HMAC 0x00000027UL +#define CKK_SHA_1_HMAC 0x00000028UL +#define CKK_RIPEMD128_HMAC 0x00000029UL +#define CKK_RIPEMD160_HMAC 0x0000002AUL +#define CKK_SHA256_HMAC 0x0000002BUL +#define CKK_SHA384_HMAC 0x0000002CUL +#define CKK_SHA512_HMAC 0x0000002DUL +#define CKK_SHA224_HMAC 0x0000002EUL -#define CKK_GENERIC_SECRET 0x00000010 -#define CKK_RC2 0x00000011 -#define CKK_RC4 0x00000012 -#define CKK_DES 0x00000013 -#define CKK_DES2 0x00000014 -#define CKK_DES3 0x00000015 +#define CKK_SEED 0x0000002FUL +#define CKK_GOSTR3410 0x00000030UL +#define CKK_GOSTR3411 0x00000031UL +#define CKK_GOST28147 0x00000032UL -/* all these key types are new for v2.0 */ -#define CKK_CAST 0x00000016 -#define CKK_CAST3 0x00000017 -/* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */ -#define CKK_CAST5 0x00000018 -#define CKK_CAST128 0x00000018 -#define CKK_RC5 0x00000019 -#define CKK_IDEA 0x0000001A -#define CKK_SKIPJACK 0x0000001B -#define CKK_BATON 0x0000001C -#define CKK_JUNIPER 0x0000001D -#define CKK_CDMF 0x0000001E -#define CKK_AES 0x0000001F -/* BlowFish and TwoFish are new for v2.20 */ -#define CKK_BLOWFISH 0x00000020 -#define CKK_TWOFISH 0x00000021 -#define CKK_VENDOR_DEFINED 0x80000000 +#define CKK_VENDOR_DEFINED 0x80000000UL /* CK_CERTIFICATE_TYPE is a value that identifies a certificate - * type */ -/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG - * for v2.0 */ + * type + */ typedef CK_ULONG CK_CERTIFICATE_TYPE; +#define CK_CERTIFICATE_CATEGORY_UNSPECIFIED 0UL +#define CK_CERTIFICATE_CATEGORY_TOKEN_USER 1UL +#define CK_CERTIFICATE_CATEGORY_AUTHORITY 2UL +#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY 3UL + +#define CK_SECURITY_DOMAIN_UNSPECIFIED 0UL +#define CK_SECURITY_DOMAIN_MANUFACTURER 1UL +#define CK_SECURITY_DOMAIN_OPERATOR 2UL +#define CK_SECURITY_DOMAIN_THIRD_PARTY 3UL + + /* The following certificate types are defined: */ -/* CKC_X_509_ATTR_CERT is new for v2.10 */ -/* CKC_WTLS is new for v2.20 */ -#define CKC_X_509 0x00000000 -#define CKC_X_509_ATTR_CERT 0x00000001 -#define CKC_WTLS 0x00000002 -#define CKC_VENDOR_DEFINED 0x80000000 +#define CKC_X_509 0x00000000UL +#define CKC_X_509_ATTR_CERT 0x00000001UL +#define CKC_WTLS 0x00000002UL +#define CKC_VENDOR_DEFINED 0x80000000UL /* CK_ATTRIBUTE_TYPE is a value that identifies an attribute - * type */ -/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for - * v2.0 */ + * type + */ typedef CK_ULONG CK_ATTRIBUTE_TYPE; /* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which - consists of an array of values. */ -#define CKF_ARRAY_ATTRIBUTE 0x40000000 + * consists of an array of values. + */ +#define CKF_ARRAY_ATTRIBUTE 0x40000000UL + +/* The following OTP-related defines relate to the CKA_OTP_FORMAT attribute */ +#define CK_OTP_FORMAT_DECIMAL 0UL +#define CK_OTP_FORMAT_HEXADECIMAL 1UL +#define CK_OTP_FORMAT_ALPHANUMERIC 2UL +#define CK_OTP_FORMAT_BINARY 3UL + +/* The following OTP-related defines relate to the CKA_OTP_..._REQUIREMENT + * attributes + */ +#define CK_OTP_PARAM_IGNORED 0UL +#define CK_OTP_PARAM_OPTIONAL 1UL +#define CK_OTP_PARAM_MANDATORY 2UL /* The following attribute types are defined: */ -#define CKA_CLASS 0x00000000 -#define CKA_TOKEN 0x00000001 -#define CKA_PRIVATE 0x00000002 -#define CKA_LABEL 0x00000003 -#define CKA_APPLICATION 0x00000010 -#define CKA_VALUE 0x00000011 +#define CKA_CLASS 0x00000000UL +#define CKA_TOKEN 0x00000001UL +#define CKA_PRIVATE 0x00000002UL +#define CKA_LABEL 0x00000003UL +#define CKA_APPLICATION 0x00000010UL +#define CKA_VALUE 0x00000011UL +#define CKA_OBJECT_ID 0x00000012UL +#define CKA_CERTIFICATE_TYPE 0x00000080UL +#define CKA_ISSUER 0x00000081UL +#define CKA_SERIAL_NUMBER 0x00000082UL +#define CKA_AC_ISSUER 0x00000083UL +#define CKA_OWNER 0x00000084UL +#define CKA_ATTR_TYPES 0x00000085UL +#define CKA_TRUSTED 0x00000086UL +#define CKA_CERTIFICATE_CATEGORY 0x00000087UL +#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088UL +#define CKA_URL 0x00000089UL +#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008AUL +#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008BUL +#define CKA_NAME_HASH_ALGORITHM 0x0000008CUL +#define CKA_CHECK_VALUE 0x00000090UL -/* CKA_OBJECT_ID is new for v2.10 */ -#define CKA_OBJECT_ID 0x00000012 +#define CKA_KEY_TYPE 0x00000100UL +#define CKA_SUBJECT 0x00000101UL +#define CKA_ID 0x00000102UL +#define CKA_SENSITIVE 0x00000103UL +#define CKA_ENCRYPT 0x00000104UL +#define CKA_DECRYPT 0x00000105UL +#define CKA_WRAP 0x00000106UL +#define CKA_UNWRAP 0x00000107UL +#define CKA_SIGN 0x00000108UL +#define CKA_SIGN_RECOVER 0x00000109UL +#define CKA_VERIFY 0x0000010AUL +#define CKA_VERIFY_RECOVER 0x0000010BUL +#define CKA_DERIVE 0x0000010CUL +#define CKA_START_DATE 0x00000110UL +#define CKA_END_DATE 0x00000111UL +#define CKA_MODULUS 0x00000120UL +#define CKA_MODULUS_BITS 0x00000121UL +#define CKA_PUBLIC_EXPONENT 0x00000122UL +#define CKA_PRIVATE_EXPONENT 0x00000123UL +#define CKA_PRIME_1 0x00000124UL +#define CKA_PRIME_2 0x00000125UL +#define CKA_EXPONENT_1 0x00000126UL +#define CKA_EXPONENT_2 0x00000127UL +#define CKA_COEFFICIENT 0x00000128UL +#define CKA_PUBLIC_KEY_INFO 0x00000129UL +#define CKA_PRIME 0x00000130UL +#define CKA_SUBPRIME 0x00000131UL +#define CKA_BASE 0x00000132UL -#define CKA_CERTIFICATE_TYPE 0x00000080 -#define CKA_ISSUER 0x00000081 -#define CKA_SERIAL_NUMBER 0x00000082 - -/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new - * for v2.10 */ -#define CKA_AC_ISSUER 0x00000083 -#define CKA_OWNER 0x00000084 -#define CKA_ATTR_TYPES 0x00000085 - -/* CKA_TRUSTED is new for v2.11 */ -#define CKA_TRUSTED 0x00000086 - -/* CKA_CERTIFICATE_CATEGORY ... - * CKA_CHECK_VALUE are new for v2.20 */ -#define CKA_CERTIFICATE_CATEGORY 0x00000087 -#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088 -#define CKA_URL 0x00000089 -#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008A -#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008B -#define CKA_CHECK_VALUE 0x00000090 - -#define CKA_KEY_TYPE 0x00000100 -#define CKA_SUBJECT 0x00000101 -#define CKA_ID 0x00000102 -#define CKA_SENSITIVE 0x00000103 -#define CKA_ENCRYPT 0x00000104 -#define CKA_DECRYPT 0x00000105 -#define CKA_WRAP 0x00000106 -#define CKA_UNWRAP 0x00000107 -#define CKA_SIGN 0x00000108 -#define CKA_SIGN_RECOVER 0x00000109 -#define CKA_VERIFY 0x0000010A -#define CKA_VERIFY_RECOVER 0x0000010B -#define CKA_DERIVE 0x0000010C -#define CKA_START_DATE 0x00000110 -#define CKA_END_DATE 0x00000111 -#define CKA_MODULUS 0x00000120 -#define CKA_MODULUS_BITS 0x00000121 -#define CKA_PUBLIC_EXPONENT 0x00000122 -#define CKA_PRIVATE_EXPONENT 0x00000123 -#define CKA_PRIME_1 0x00000124 -#define CKA_PRIME_2 0x00000125 -#define CKA_EXPONENT_1 0x00000126 -#define CKA_EXPONENT_2 0x00000127 -#define CKA_COEFFICIENT 0x00000128 -#define CKA_PRIME 0x00000130 -#define CKA_SUBPRIME 0x00000131 -#define CKA_BASE 0x00000132 - -/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */ -#define CKA_PRIME_BITS 0x00000133 -#define CKA_SUBPRIME_BITS 0x00000134 +#define CKA_PRIME_BITS 0x00000133UL +#define CKA_SUBPRIME_BITS 0x00000134UL #define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS -/* (To retain backwards-compatibility) */ -#define CKA_VALUE_BITS 0x00000160 -#define CKA_VALUE_LEN 0x00000161 +#define CKA_VALUE_BITS 0x00000160UL +#define CKA_VALUE_LEN 0x00000161UL +#define CKA_EXTRACTABLE 0x00000162UL +#define CKA_LOCAL 0x00000163UL +#define CKA_NEVER_EXTRACTABLE 0x00000164UL +#define CKA_ALWAYS_SENSITIVE 0x00000165UL +#define CKA_KEY_GEN_MECHANISM 0x00000166UL -/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE, - * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS, - * and CKA_EC_POINT are new for v2.0 */ -#define CKA_EXTRACTABLE 0x00000162 -#define CKA_LOCAL 0x00000163 -#define CKA_NEVER_EXTRACTABLE 0x00000164 -#define CKA_ALWAYS_SENSITIVE 0x00000165 +#define CKA_MODIFIABLE 0x00000170UL +#define CKA_COPYABLE 0x00000171UL -/* CKA_KEY_GEN_MECHANISM is new for v2.11 */ -#define CKA_KEY_GEN_MECHANISM 0x00000166 +#define CKA_DESTROYABLE 0x00000172UL -#define CKA_MODIFIABLE 0x00000170 +#define CKA_ECDSA_PARAMS 0x00000180UL /* Deprecated */ +#define CKA_EC_PARAMS 0x00000180UL -/* CKA_ECDSA_PARAMS is deprecated in v2.11, - * CKA_EC_PARAMS is preferred. */ -#define CKA_ECDSA_PARAMS 0x00000180 -#define CKA_EC_PARAMS 0x00000180 +#define CKA_EC_POINT 0x00000181UL -#define CKA_EC_POINT 0x00000181 +#define CKA_SECONDARY_AUTH 0x00000200UL /* Deprecated */ +#define CKA_AUTH_PIN_FLAGS 0x00000201UL /* Deprecated */ -/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS, - * are new for v2.10. Deprecated in v2.11 and onwards. */ -#define CKA_SECONDARY_AUTH 0x00000200 -#define CKA_AUTH_PIN_FLAGS 0x00000201 +#define CKA_ALWAYS_AUTHENTICATE 0x00000202UL -/* CKA_ALWAYS_AUTHENTICATE ... - * CKA_UNWRAP_TEMPLATE are new for v2.20 */ -#define CKA_ALWAYS_AUTHENTICATE 0x00000202 +#define CKA_WRAP_WITH_TRUSTED 0x00000210UL +#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211UL) +#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212UL) +#define CKA_DERIVE_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000213UL) -#define CKA_WRAP_WITH_TRUSTED 0x00000210 -#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211) -#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212) +#define CKA_OTP_FORMAT 0x00000220UL +#define CKA_OTP_LENGTH 0x00000221UL +#define CKA_OTP_TIME_INTERVAL 0x00000222UL +#define CKA_OTP_USER_FRIENDLY_MODE 0x00000223UL +#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224UL +#define CKA_OTP_TIME_REQUIREMENT 0x00000225UL +#define CKA_OTP_COUNTER_REQUIREMENT 0x00000226UL +#define CKA_OTP_PIN_REQUIREMENT 0x00000227UL +#define CKA_OTP_COUNTER 0x0000022EUL +#define CKA_OTP_TIME 0x0000022FUL +#define CKA_OTP_USER_IDENTIFIER 0x0000022AUL +#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022BUL +#define CKA_OTP_SERVICE_LOGO 0x0000022CUL +#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022DUL -/* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET - * are new for v2.10 */ -#define CKA_HW_FEATURE_TYPE 0x00000300 -#define CKA_RESET_ON_INIT 0x00000301 -#define CKA_HAS_RESET 0x00000302 +#define CKA_GOSTR3410_PARAMS 0x00000250UL +#define CKA_GOSTR3411_PARAMS 0x00000251UL +#define CKA_GOST28147_PARAMS 0x00000252UL -/* The following attributes are new for v2.20 */ -#define CKA_PIXEL_X 0x00000400 -#define CKA_PIXEL_Y 0x00000401 -#define CKA_RESOLUTION 0x00000402 -#define CKA_CHAR_ROWS 0x00000403 -#define CKA_CHAR_COLUMNS 0x00000404 -#define CKA_COLOR 0x00000405 -#define CKA_BITS_PER_PIXEL 0x00000406 -#define CKA_CHAR_SETS 0x00000480 -#define CKA_ENCODING_METHODS 0x00000481 -#define CKA_MIME_TYPES 0x00000482 -#define CKA_MECHANISM_TYPE 0x00000500 -#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501 -#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502 -#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503 -#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600) +#define CKA_HW_FEATURE_TYPE 0x00000300UL +#define CKA_RESET_ON_INIT 0x00000301UL +#define CKA_HAS_RESET 0x00000302UL -#define CKA_VENDOR_DEFINED 0x80000000 -#define CKA_NETSCAPE_DB 0xD5A0DB00 +#define CKA_PIXEL_X 0x00000400UL +#define CKA_PIXEL_Y 0x00000401UL +#define CKA_RESOLUTION 0x00000402UL +#define CKA_CHAR_ROWS 0x00000403UL +#define CKA_CHAR_COLUMNS 0x00000404UL +#define CKA_COLOR 0x00000405UL +#define CKA_BITS_PER_PIXEL 0x00000406UL +#define CKA_CHAR_SETS 0x00000480UL +#define CKA_ENCODING_METHODS 0x00000481UL +#define CKA_MIME_TYPES 0x00000482UL +#define CKA_MECHANISM_TYPE 0x00000500UL +#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501UL +#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502UL +#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503UL +#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600UL) +#define CKA_VENDOR_DEFINED 0x80000000UL /* CK_ATTRIBUTE is a structure that includes the type, length - * and value of an attribute */ + * and value of an attribute + */ typedef struct CK_ATTRIBUTE { CK_ATTRIBUTE_TYPE type; CK_VOID_PTR pValue; - - /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */ CK_ULONG ulValueLen; /* in bytes */ } CK_ATTRIBUTE; typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR; - /* CK_DATE is a structure that defines a date */ typedef struct CK_DATE{ CK_CHAR year[4]; /* the year ("1900" - "9999") */ @@ -573,341 +579,411 @@ typedef struct CK_DATE{ /* CK_MECHANISM_TYPE is a value that identifies a mechanism - * type */ -/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for - * v2.0 */ + * type + */ typedef CK_ULONG CK_MECHANISM_TYPE; /* the following mechanism types are defined: */ -#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000 -#define CKM_RSA_PKCS 0x00000001 -#define CKM_RSA_9796 0x00000002 -#define CKM_RSA_X_509 0x00000003 +#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000UL +#define CKM_RSA_PKCS 0x00000001UL +#define CKM_RSA_9796 0x00000002UL +#define CKM_RSA_X_509 0x00000003UL -/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS - * are new for v2.0. They are mechanisms which hash and sign */ -#define CKM_MD2_RSA_PKCS 0x00000004 -#define CKM_MD5_RSA_PKCS 0x00000005 -#define CKM_SHA1_RSA_PKCS 0x00000006 +#define CKM_MD2_RSA_PKCS 0x00000004UL +#define CKM_MD5_RSA_PKCS 0x00000005UL +#define CKM_SHA1_RSA_PKCS 0x00000006UL -/* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and - * CKM_RSA_PKCS_OAEP are new for v2.10 */ -#define CKM_RIPEMD128_RSA_PKCS 0x00000007 -#define CKM_RIPEMD160_RSA_PKCS 0x00000008 -#define CKM_RSA_PKCS_OAEP 0x00000009 +#define CKM_RIPEMD128_RSA_PKCS 0x00000007UL +#define CKM_RIPEMD160_RSA_PKCS 0x00000008UL +#define CKM_RSA_PKCS_OAEP 0x00000009UL -/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31, - * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */ -#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A -#define CKM_RSA_X9_31 0x0000000B -#define CKM_SHA1_RSA_X9_31 0x0000000C -#define CKM_RSA_PKCS_PSS 0x0000000D -#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E +#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000AUL +#define CKM_RSA_X9_31 0x0000000BUL +#define CKM_SHA1_RSA_X9_31 0x0000000CUL +#define CKM_RSA_PKCS_PSS 0x0000000DUL +#define CKM_SHA1_RSA_PKCS_PSS 0x0000000EUL -#define CKM_DSA_KEY_PAIR_GEN 0x00000010 -#define CKM_DSA 0x00000011 -#define CKM_DSA_SHA1 0x00000012 -#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020 -#define CKM_DH_PKCS_DERIVE 0x00000021 +#define CKM_DSA_KEY_PAIR_GEN 0x00000010UL +#define CKM_DSA 0x00000011UL +#define CKM_DSA_SHA1 0x00000012UL +#define CKM_DSA_SHA224 0x00000013UL +#define CKM_DSA_SHA256 0x00000014UL +#define CKM_DSA_SHA384 0x00000015UL +#define CKM_DSA_SHA512 0x00000016UL -/* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE, - * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for - * v2.11 */ -#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030 -#define CKM_X9_42_DH_DERIVE 0x00000031 -#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032 -#define CKM_X9_42_MQV_DERIVE 0x00000033 +#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020UL +#define CKM_DH_PKCS_DERIVE 0x00000021UL -/* CKM_SHA256/384/512 are new for v2.20 */ -#define CKM_SHA256_RSA_PKCS 0x00000040 -#define CKM_SHA384_RSA_PKCS 0x00000041 -#define CKM_SHA512_RSA_PKCS 0x00000042 -#define CKM_SHA256_RSA_PKCS_PSS 0x00000043 -#define CKM_SHA384_RSA_PKCS_PSS 0x00000044 -#define CKM_SHA512_RSA_PKCS_PSS 0x00000045 +#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030UL +#define CKM_X9_42_DH_DERIVE 0x00000031UL +#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032UL +#define CKM_X9_42_MQV_DERIVE 0x00000033UL -#define CKM_RC2_KEY_GEN 0x00000100 -#define CKM_RC2_ECB 0x00000101 -#define CKM_RC2_CBC 0x00000102 -#define CKM_RC2_MAC 0x00000103 +#define CKM_SHA256_RSA_PKCS 0x00000040UL +#define CKM_SHA384_RSA_PKCS 0x00000041UL +#define CKM_SHA512_RSA_PKCS 0x00000042UL +#define CKM_SHA256_RSA_PKCS_PSS 0x00000043UL +#define CKM_SHA384_RSA_PKCS_PSS 0x00000044UL +#define CKM_SHA512_RSA_PKCS_PSS 0x00000045UL -/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */ -#define CKM_RC2_MAC_GENERAL 0x00000104 -#define CKM_RC2_CBC_PAD 0x00000105 +#define CKM_SHA224_RSA_PKCS 0x00000046UL +#define CKM_SHA224_RSA_PKCS_PSS 0x00000047UL -#define CKM_RC4_KEY_GEN 0x00000110 -#define CKM_RC4 0x00000111 -#define CKM_DES_KEY_GEN 0x00000120 -#define CKM_DES_ECB 0x00000121 -#define CKM_DES_CBC 0x00000122 -#define CKM_DES_MAC 0x00000123 +#define CKM_SHA512_224 0x00000048UL +#define CKM_SHA512_224_HMAC 0x00000049UL +#define CKM_SHA512_224_HMAC_GENERAL 0x0000004AUL +#define CKM_SHA512_224_KEY_DERIVATION 0x0000004BUL +#define CKM_SHA512_256 0x0000004CUL +#define CKM_SHA512_256_HMAC 0x0000004DUL +#define CKM_SHA512_256_HMAC_GENERAL 0x0000004EUL +#define CKM_SHA512_256_KEY_DERIVATION 0x0000004FUL -/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */ -#define CKM_DES_MAC_GENERAL 0x00000124 -#define CKM_DES_CBC_PAD 0x00000125 +#define CKM_SHA512_T 0x00000050UL +#define CKM_SHA512_T_HMAC 0x00000051UL +#define CKM_SHA512_T_HMAC_GENERAL 0x00000052UL +#define CKM_SHA512_T_KEY_DERIVATION 0x00000053UL -#define CKM_DES2_KEY_GEN 0x00000130 -#define CKM_DES3_KEY_GEN 0x00000131 -#define CKM_DES3_ECB 0x00000132 -#define CKM_DES3_CBC 0x00000133 -#define CKM_DES3_MAC 0x00000134 +#define CKM_RC2_KEY_GEN 0x00000100UL +#define CKM_RC2_ECB 0x00000101UL +#define CKM_RC2_CBC 0x00000102UL +#define CKM_RC2_MAC 0x00000103UL -/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN, - * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC, - * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */ -#define CKM_DES3_MAC_GENERAL 0x00000135 -#define CKM_DES3_CBC_PAD 0x00000136 -#define CKM_CDMF_KEY_GEN 0x00000140 -#define CKM_CDMF_ECB 0x00000141 -#define CKM_CDMF_CBC 0x00000142 -#define CKM_CDMF_MAC 0x00000143 -#define CKM_CDMF_MAC_GENERAL 0x00000144 -#define CKM_CDMF_CBC_PAD 0x00000145 +#define CKM_RC2_MAC_GENERAL 0x00000104UL +#define CKM_RC2_CBC_PAD 0x00000105UL -/* the following four DES mechanisms are new for v2.20 */ -#define CKM_DES_OFB64 0x00000150 -#define CKM_DES_OFB8 0x00000151 -#define CKM_DES_CFB64 0x00000152 -#define CKM_DES_CFB8 0x00000153 +#define CKM_RC4_KEY_GEN 0x00000110UL +#define CKM_RC4 0x00000111UL +#define CKM_DES_KEY_GEN 0x00000120UL +#define CKM_DES_ECB 0x00000121UL +#define CKM_DES_CBC 0x00000122UL +#define CKM_DES_MAC 0x00000123UL -#define CKM_MD2 0x00000200 +#define CKM_DES_MAC_GENERAL 0x00000124UL +#define CKM_DES_CBC_PAD 0x00000125UL -/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */ -#define CKM_MD2_HMAC 0x00000201 -#define CKM_MD2_HMAC_GENERAL 0x00000202 +#define CKM_DES2_KEY_GEN 0x00000130UL +#define CKM_DES3_KEY_GEN 0x00000131UL +#define CKM_DES3_ECB 0x00000132UL +#define CKM_DES3_CBC 0x00000133UL +#define CKM_DES3_MAC 0x00000134UL -#define CKM_MD5 0x00000210 +#define CKM_DES3_MAC_GENERAL 0x00000135UL +#define CKM_DES3_CBC_PAD 0x00000136UL +#define CKM_DES3_CMAC_GENERAL 0x00000137UL +#define CKM_DES3_CMAC 0x00000138UL +#define CKM_CDMF_KEY_GEN 0x00000140UL +#define CKM_CDMF_ECB 0x00000141UL +#define CKM_CDMF_CBC 0x00000142UL +#define CKM_CDMF_MAC 0x00000143UL +#define CKM_CDMF_MAC_GENERAL 0x00000144UL +#define CKM_CDMF_CBC_PAD 0x00000145UL -/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */ -#define CKM_MD5_HMAC 0x00000211 -#define CKM_MD5_HMAC_GENERAL 0x00000212 +#define CKM_DES_OFB64 0x00000150UL +#define CKM_DES_OFB8 0x00000151UL +#define CKM_DES_CFB64 0x00000152UL +#define CKM_DES_CFB8 0x00000153UL -#define CKM_SHA_1 0x00000220 +#define CKM_MD2 0x00000200UL -/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */ -#define CKM_SHA_1_HMAC 0x00000221 -#define CKM_SHA_1_HMAC_GENERAL 0x00000222 +#define CKM_MD2_HMAC 0x00000201UL +#define CKM_MD2_HMAC_GENERAL 0x00000202UL -/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC, - * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC, - * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */ -#define CKM_RIPEMD128 0x00000230 -#define CKM_RIPEMD128_HMAC 0x00000231 -#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232 -#define CKM_RIPEMD160 0x00000240 -#define CKM_RIPEMD160_HMAC 0x00000241 -#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242 +#define CKM_MD5 0x00000210UL -/* CKM_SHA256/384/512 are new for v2.20 */ -#define CKM_SHA256 0x00000250 -#define CKM_SHA256_HMAC 0x00000251 -#define CKM_SHA256_HMAC_GENERAL 0x00000252 -#define CKM_SHA384 0x00000260 -#define CKM_SHA384_HMAC 0x00000261 -#define CKM_SHA384_HMAC_GENERAL 0x00000262 -#define CKM_SHA512 0x00000270 -#define CKM_SHA512_HMAC 0x00000271 -#define CKM_SHA512_HMAC_GENERAL 0x00000272 +#define CKM_MD5_HMAC 0x00000211UL +#define CKM_MD5_HMAC_GENERAL 0x00000212UL -/* All of the following mechanisms are new for v2.0 */ +#define CKM_SHA_1 0x00000220UL + +#define CKM_SHA_1_HMAC 0x00000221UL +#define CKM_SHA_1_HMAC_GENERAL 0x00000222UL + +#define CKM_RIPEMD128 0x00000230UL +#define CKM_RIPEMD128_HMAC 0x00000231UL +#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232UL +#define CKM_RIPEMD160 0x00000240UL +#define CKM_RIPEMD160_HMAC 0x00000241UL +#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242UL + +#define CKM_SHA256 0x00000250UL +#define CKM_SHA256_HMAC 0x00000251UL +#define CKM_SHA256_HMAC_GENERAL 0x00000252UL +#define CKM_SHA224 0x00000255UL +#define CKM_SHA224_HMAC 0x00000256UL +#define CKM_SHA224_HMAC_GENERAL 0x00000257UL +#define CKM_SHA384 0x00000260UL +#define CKM_SHA384_HMAC 0x00000261UL +#define CKM_SHA384_HMAC_GENERAL 0x00000262UL +#define CKM_SHA512 0x00000270UL +#define CKM_SHA512_HMAC 0x00000271UL +#define CKM_SHA512_HMAC_GENERAL 0x00000272UL +#define CKM_SECURID_KEY_GEN 0x00000280UL +#define CKM_SECURID 0x00000282UL +#define CKM_HOTP_KEY_GEN 0x00000290UL +#define CKM_HOTP 0x00000291UL +#define CKM_ACTI 0x000002A0UL +#define CKM_ACTI_KEY_GEN 0x000002A1UL + +#define CKM_CAST_KEY_GEN 0x00000300UL +#define CKM_CAST_ECB 0x00000301UL +#define CKM_CAST_CBC 0x00000302UL +#define CKM_CAST_MAC 0x00000303UL +#define CKM_CAST_MAC_GENERAL 0x00000304UL +#define CKM_CAST_CBC_PAD 0x00000305UL +#define CKM_CAST3_KEY_GEN 0x00000310UL +#define CKM_CAST3_ECB 0x00000311UL +#define CKM_CAST3_CBC 0x00000312UL +#define CKM_CAST3_MAC 0x00000313UL +#define CKM_CAST3_MAC_GENERAL 0x00000314UL +#define CKM_CAST3_CBC_PAD 0x00000315UL /* Note that CAST128 and CAST5 are the same algorithm */ -#define CKM_CAST_KEY_GEN 0x00000300 -#define CKM_CAST_ECB 0x00000301 -#define CKM_CAST_CBC 0x00000302 -#define CKM_CAST_MAC 0x00000303 -#define CKM_CAST_MAC_GENERAL 0x00000304 -#define CKM_CAST_CBC_PAD 0x00000305 -#define CKM_CAST3_KEY_GEN 0x00000310 -#define CKM_CAST3_ECB 0x00000311 -#define CKM_CAST3_CBC 0x00000312 -#define CKM_CAST3_MAC 0x00000313 -#define CKM_CAST3_MAC_GENERAL 0x00000314 -#define CKM_CAST3_CBC_PAD 0x00000315 -#define CKM_CAST5_KEY_GEN 0x00000320 -#define CKM_CAST128_KEY_GEN 0x00000320 -#define CKM_CAST5_ECB 0x00000321 -#define CKM_CAST128_ECB 0x00000321 -#define CKM_CAST5_CBC 0x00000322 -#define CKM_CAST128_CBC 0x00000322 -#define CKM_CAST5_MAC 0x00000323 -#define CKM_CAST128_MAC 0x00000323 -#define CKM_CAST5_MAC_GENERAL 0x00000324 -#define CKM_CAST128_MAC_GENERAL 0x00000324 -#define CKM_CAST5_CBC_PAD 0x00000325 -#define CKM_CAST128_CBC_PAD 0x00000325 -#define CKM_RC5_KEY_GEN 0x00000330 -#define CKM_RC5_ECB 0x00000331 -#define CKM_RC5_CBC 0x00000332 -#define CKM_RC5_MAC 0x00000333 -#define CKM_RC5_MAC_GENERAL 0x00000334 -#define CKM_RC5_CBC_PAD 0x00000335 -#define CKM_IDEA_KEY_GEN 0x00000340 -#define CKM_IDEA_ECB 0x00000341 -#define CKM_IDEA_CBC 0x00000342 -#define CKM_IDEA_MAC 0x00000343 -#define CKM_IDEA_MAC_GENERAL 0x00000344 -#define CKM_IDEA_CBC_PAD 0x00000345 -#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350 -#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360 -#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362 -#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363 -#define CKM_XOR_BASE_AND_DATA 0x00000364 -#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365 -#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370 -#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371 -#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372 +#define CKM_CAST5_KEY_GEN 0x00000320UL +#define CKM_CAST128_KEY_GEN 0x00000320UL +#define CKM_CAST5_ECB 0x00000321UL +#define CKM_CAST128_ECB 0x00000321UL +#define CKM_CAST5_CBC 0x00000322UL /* Deprecated */ +#define CKM_CAST128_CBC 0x00000322UL +#define CKM_CAST5_MAC 0x00000323UL /* Deprecated */ +#define CKM_CAST128_MAC 0x00000323UL +#define CKM_CAST5_MAC_GENERAL 0x00000324UL /* Deprecated */ +#define CKM_CAST128_MAC_GENERAL 0x00000324UL +#define CKM_CAST5_CBC_PAD 0x00000325UL /* Deprecated */ +#define CKM_CAST128_CBC_PAD 0x00000325UL +#define CKM_RC5_KEY_GEN 0x00000330UL +#define CKM_RC5_ECB 0x00000331UL +#define CKM_RC5_CBC 0x00000332UL +#define CKM_RC5_MAC 0x00000333UL +#define CKM_RC5_MAC_GENERAL 0x00000334UL +#define CKM_RC5_CBC_PAD 0x00000335UL +#define CKM_IDEA_KEY_GEN 0x00000340UL +#define CKM_IDEA_ECB 0x00000341UL +#define CKM_IDEA_CBC 0x00000342UL +#define CKM_IDEA_MAC 0x00000343UL +#define CKM_IDEA_MAC_GENERAL 0x00000344UL +#define CKM_IDEA_CBC_PAD 0x00000345UL +#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350UL +#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360UL +#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362UL +#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363UL +#define CKM_XOR_BASE_AND_DATA 0x00000364UL +#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365UL +#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370UL +#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371UL +#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372UL -/* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN, - * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and - * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */ -#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373 -#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374 -#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375 -#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376 -#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377 +#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373UL +#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374UL +#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375UL +#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376UL +#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377UL -/* CKM_TLS_PRF is new for v2.20 */ -#define CKM_TLS_PRF 0x00000378 +#define CKM_TLS_PRF 0x00000378UL -#define CKM_SSL3_MD5_MAC 0x00000380 -#define CKM_SSL3_SHA1_MAC 0x00000381 -#define CKM_MD5_KEY_DERIVATION 0x00000390 -#define CKM_MD2_KEY_DERIVATION 0x00000391 -#define CKM_SHA1_KEY_DERIVATION 0x00000392 +#define CKM_SSL3_MD5_MAC 0x00000380UL +#define CKM_SSL3_SHA1_MAC 0x00000381UL +#define CKM_MD5_KEY_DERIVATION 0x00000390UL +#define CKM_MD2_KEY_DERIVATION 0x00000391UL +#define CKM_SHA1_KEY_DERIVATION 0x00000392UL -/* CKM_SHA256/384/512 are new for v2.20 */ -#define CKM_SHA256_KEY_DERIVATION 0x00000393 -#define CKM_SHA384_KEY_DERIVATION 0x00000394 -#define CKM_SHA512_KEY_DERIVATION 0x00000395 +#define CKM_SHA256_KEY_DERIVATION 0x00000393UL +#define CKM_SHA384_KEY_DERIVATION 0x00000394UL +#define CKM_SHA512_KEY_DERIVATION 0x00000395UL +#define CKM_SHA224_KEY_DERIVATION 0x00000396UL -#define CKM_PBE_MD2_DES_CBC 0x000003A0 -#define CKM_PBE_MD5_DES_CBC 0x000003A1 -#define CKM_PBE_MD5_CAST_CBC 0x000003A2 -#define CKM_PBE_MD5_CAST3_CBC 0x000003A3 -#define CKM_PBE_MD5_CAST5_CBC 0x000003A4 -#define CKM_PBE_MD5_CAST128_CBC 0x000003A4 -#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5 -#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5 -#define CKM_PBE_SHA1_RC4_128 0x000003A6 -#define CKM_PBE_SHA1_RC4_40 0x000003A7 -#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8 -#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9 -#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA -#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB +#define CKM_PBE_MD2_DES_CBC 0x000003A0UL +#define CKM_PBE_MD5_DES_CBC 0x000003A1UL +#define CKM_PBE_MD5_CAST_CBC 0x000003A2UL +#define CKM_PBE_MD5_CAST3_CBC 0x000003A3UL +#define CKM_PBE_MD5_CAST5_CBC 0x000003A4UL /* Deprecated */ +#define CKM_PBE_MD5_CAST128_CBC 0x000003A4UL +#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5UL /* Deprecated */ +#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5UL +#define CKM_PBE_SHA1_RC4_128 0x000003A6UL +#define CKM_PBE_SHA1_RC4_40 0x000003A7UL +#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8UL +#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9UL +#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AAUL +#define CKM_PBE_SHA1_RC2_40_CBC 0x000003ABUL -/* CKM_PKCS5_PBKD2 is new for v2.10 */ -#define CKM_PKCS5_PBKD2 0x000003B0 +#define CKM_PKCS5_PBKD2 0x000003B0UL -#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0 +#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0UL -/* WTLS mechanisms are new for v2.20 */ -#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0 -#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1 -#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2 -#define CKM_WTLS_PRF 0x000003D3 -#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4 -#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5 +#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0UL +#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1UL +#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2UL +#define CKM_WTLS_PRF 0x000003D3UL +#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4UL +#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5UL -/* new for v2.40 */ -#define CKM_TLS12_MASTER_KEY_DERIVE 0x000003E0 -#define CKM_TLS12_KEY_AND_MAC_DERIVE 0x000003E1 -#define CKM_TLS12_MASTER_KEY_DERIVE_DH 0x000003E2 -#define CKM_TLS_MAC 0x000003E4 +#define CKM_TLS10_MAC_SERVER 0x000003D6UL +#define CKM_TLS10_MAC_CLIENT 0x000003D7UL +#define CKM_TLS12_MAC 0x000003D8UL +#define CKM_TLS12_KDF 0x000003D9UL +#define CKM_TLS12_MASTER_KEY_DERIVE 0x000003E0UL +#define CKM_TLS12_KEY_AND_MAC_DERIVE 0x000003E1UL +#define CKM_TLS12_MASTER_KEY_DERIVE_DH 0x000003E2UL +#define CKM_TLS12_KEY_SAFE_DERIVE 0x000003E3UL +#define CKM_TLS_MAC 0x000003E4UL +#define CKM_TLS_KDF 0x000003E5UL -#define CKM_KEY_WRAP_LYNKS 0x00000400 -#define CKM_KEY_WRAP_SET_OAEP 0x00000401 +#define CKM_KEY_WRAP_LYNKS 0x00000400UL +#define CKM_KEY_WRAP_SET_OAEP 0x00000401UL -/* CKM_CMS_SIG is new for v2.20 */ -#define CKM_CMS_SIG 0x00000500 +#define CKM_CMS_SIG 0x00000500UL +#define CKM_KIP_DERIVE 0x00000510UL +#define CKM_KIP_WRAP 0x00000511UL +#define CKM_KIP_MAC 0x00000512UL -/* Fortezza mechanisms */ -#define CKM_SKIPJACK_KEY_GEN 0x00001000 -#define CKM_SKIPJACK_ECB64 0x00001001 -#define CKM_SKIPJACK_CBC64 0x00001002 -#define CKM_SKIPJACK_OFB64 0x00001003 -#define CKM_SKIPJACK_CFB64 0x00001004 -#define CKM_SKIPJACK_CFB32 0x00001005 -#define CKM_SKIPJACK_CFB16 0x00001006 -#define CKM_SKIPJACK_CFB8 0x00001007 -#define CKM_SKIPJACK_WRAP 0x00001008 -#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009 -#define CKM_SKIPJACK_RELAYX 0x0000100a -#define CKM_KEA_KEY_PAIR_GEN 0x00001010 -#define CKM_KEA_KEY_DERIVE 0x00001011 -#define CKM_FORTEZZA_TIMESTAMP 0x00001020 -#define CKM_BATON_KEY_GEN 0x00001030 -#define CKM_BATON_ECB128 0x00001031 -#define CKM_BATON_ECB96 0x00001032 -#define CKM_BATON_CBC128 0x00001033 -#define CKM_BATON_COUNTER 0x00001034 -#define CKM_BATON_SHUFFLE 0x00001035 -#define CKM_BATON_WRAP 0x00001036 +#define CKM_CAMELLIA_KEY_GEN 0x00000550UL +#define CKM_CAMELLIA_ECB 0x00000551UL +#define CKM_CAMELLIA_CBC 0x00000552UL +#define CKM_CAMELLIA_MAC 0x00000553UL +#define CKM_CAMELLIA_MAC_GENERAL 0x00000554UL +#define CKM_CAMELLIA_CBC_PAD 0x00000555UL +#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556UL +#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557UL +#define CKM_CAMELLIA_CTR 0x00000558UL -/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11, - * CKM_EC_KEY_PAIR_GEN is preferred */ -#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040 -#define CKM_EC_KEY_PAIR_GEN 0x00001040 +#define CKM_ARIA_KEY_GEN 0x00000560UL +#define CKM_ARIA_ECB 0x00000561UL +#define CKM_ARIA_CBC 0x00000562UL +#define CKM_ARIA_MAC 0x00000563UL +#define CKM_ARIA_MAC_GENERAL 0x00000564UL +#define CKM_ARIA_CBC_PAD 0x00000565UL +#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566UL +#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567UL -#define CKM_ECDSA 0x00001041 -#define CKM_ECDSA_SHA1 0x00001042 +#define CKM_SEED_KEY_GEN 0x00000650UL +#define CKM_SEED_ECB 0x00000651UL +#define CKM_SEED_CBC 0x00000652UL +#define CKM_SEED_MAC 0x00000653UL +#define CKM_SEED_MAC_GENERAL 0x00000654UL +#define CKM_SEED_CBC_PAD 0x00000655UL +#define CKM_SEED_ECB_ENCRYPT_DATA 0x00000656UL +#define CKM_SEED_CBC_ENCRYPT_DATA 0x00000657UL -/* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE - * are new for v2.11 */ -#define CKM_ECDH1_DERIVE 0x00001050 -#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051 -#define CKM_ECMQV_DERIVE 0x00001052 +#define CKM_SKIPJACK_KEY_GEN 0x00001000UL +#define CKM_SKIPJACK_ECB64 0x00001001UL +#define CKM_SKIPJACK_CBC64 0x00001002UL +#define CKM_SKIPJACK_OFB64 0x00001003UL +#define CKM_SKIPJACK_CFB64 0x00001004UL +#define CKM_SKIPJACK_CFB32 0x00001005UL +#define CKM_SKIPJACK_CFB16 0x00001006UL +#define CKM_SKIPJACK_CFB8 0x00001007UL +#define CKM_SKIPJACK_WRAP 0x00001008UL +#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009UL +#define CKM_SKIPJACK_RELAYX 0x0000100aUL +#define CKM_KEA_KEY_PAIR_GEN 0x00001010UL +#define CKM_KEA_KEY_DERIVE 0x00001011UL +#define CKM_KEA_DERIVE 0x00001012UL +#define CKM_FORTEZZA_TIMESTAMP 0x00001020UL +#define CKM_BATON_KEY_GEN 0x00001030UL +#define CKM_BATON_ECB128 0x00001031UL +#define CKM_BATON_ECB96 0x00001032UL +#define CKM_BATON_CBC128 0x00001033UL +#define CKM_BATON_COUNTER 0x00001034UL +#define CKM_BATON_SHUFFLE 0x00001035UL +#define CKM_BATON_WRAP 0x00001036UL -#define CKM_JUNIPER_KEY_GEN 0x00001060 -#define CKM_JUNIPER_ECB128 0x00001061 -#define CKM_JUNIPER_CBC128 0x00001062 -#define CKM_JUNIPER_COUNTER 0x00001063 -#define CKM_JUNIPER_SHUFFLE 0x00001064 -#define CKM_JUNIPER_WRAP 0x00001065 -#define CKM_FASTHASH 0x00001070 +#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040UL /* Deprecated */ +#define CKM_EC_KEY_PAIR_GEN 0x00001040UL -/* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC, - * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN, - * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are - * new for v2.11 */ -#define CKM_AES_KEY_GEN 0x00001080 -#define CKM_AES_ECB 0x00001081 -#define CKM_AES_CBC 0x00001082 -#define CKM_AES_MAC 0x00001083 -#define CKM_AES_MAC_GENERAL 0x00001084 -#define CKM_AES_CBC_PAD 0x00001085 +#define CKM_ECDSA 0x00001041UL +#define CKM_ECDSA_SHA1 0x00001042UL +#define CKM_ECDSA_SHA224 0x00001043UL +#define CKM_ECDSA_SHA256 0x00001044UL +#define CKM_ECDSA_SHA384 0x00001045UL +#define CKM_ECDSA_SHA512 0x00001046UL -/* BlowFish and TwoFish are new for v2.20 */ -#define CKM_BLOWFISH_KEY_GEN 0x00001090 -#define CKM_BLOWFISH_CBC 0x00001091 -#define CKM_TWOFISH_KEY_GEN 0x00001092 -#define CKM_TWOFISH_CBC 0x00001093 +#define CKM_ECDH1_DERIVE 0x00001050UL +#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051UL +#define CKM_ECMQV_DERIVE 0x00001052UL +#define CKM_ECDH_AES_KEY_WRAP 0x00001053UL +#define CKM_RSA_AES_KEY_WRAP 0x00001054UL -/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */ -#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100 -#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101 -#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102 -#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103 -#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104 -#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105 +#define CKM_JUNIPER_KEY_GEN 0x00001060UL +#define CKM_JUNIPER_ECB128 0x00001061UL +#define CKM_JUNIPER_CBC128 0x00001062UL +#define CKM_JUNIPER_COUNTER 0x00001063UL +#define CKM_JUNIPER_SHUFFLE 0x00001064UL +#define CKM_JUNIPER_WRAP 0x00001065UL +#define CKM_FASTHASH 0x00001070UL -#define CKM_DSA_PARAMETER_GEN 0x00002000 -#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001 -#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002 +#define CKM_AES_KEY_GEN 0x00001080UL +#define CKM_AES_ECB 0x00001081UL +#define CKM_AES_CBC 0x00001082UL +#define CKM_AES_MAC 0x00001083UL +#define CKM_AES_MAC_GENERAL 0x00001084UL +#define CKM_AES_CBC_PAD 0x00001085UL +#define CKM_AES_CTR 0x00001086UL +#define CKM_AES_GCM 0x00001087UL +#define CKM_AES_CCM 0x00001088UL +#define CKM_AES_CTS 0x00001089UL +#define CKM_AES_CMAC 0x0000108AUL +#define CKM_AES_CMAC_GENERAL 0x0000108BUL -#define CKM_VENDOR_DEFINED 0x80000000 +#define CKM_AES_XCBC_MAC 0x0000108CUL +#define CKM_AES_XCBC_MAC_96 0x0000108DUL +#define CKM_AES_GMAC 0x0000108EUL + +#define CKM_BLOWFISH_KEY_GEN 0x00001090UL +#define CKM_BLOWFISH_CBC 0x00001091UL +#define CKM_TWOFISH_KEY_GEN 0x00001092UL +#define CKM_TWOFISH_CBC 0x00001093UL +#define CKM_BLOWFISH_CBC_PAD 0x00001094UL +#define CKM_TWOFISH_CBC_PAD 0x00001095UL + +#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100UL +#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101UL +#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102UL +#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103UL +#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104UL +#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105UL + +#define CKM_GOSTR3410_KEY_PAIR_GEN 0x00001200UL +#define CKM_GOSTR3410 0x00001201UL +#define CKM_GOSTR3410_WITH_GOSTR3411 0x00001202UL +#define CKM_GOSTR3410_KEY_WRAP 0x00001203UL +#define CKM_GOSTR3410_DERIVE 0x00001204UL +#define CKM_GOSTR3411 0x00001210UL +#define CKM_GOSTR3411_HMAC 0x00001211UL +#define CKM_GOST28147_KEY_GEN 0x00001220UL +#define CKM_GOST28147_ECB 0x00001221UL +#define CKM_GOST28147 0x00001222UL +#define CKM_GOST28147_MAC 0x00001223UL +#define CKM_GOST28147_KEY_WRAP 0x00001224UL + +#define CKM_DSA_PARAMETER_GEN 0x00002000UL +#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001UL +#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002UL +#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN 0x00002003UL +#define CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN 0x00002004UL + +#define CKM_AES_OFB 0x00002104UL +#define CKM_AES_CFB64 0x00002105UL +#define CKM_AES_CFB8 0x00002106UL +#define CKM_AES_CFB128 0x00002107UL + +#define CKM_AES_CFB1 0x00002108UL +#define CKM_AES_KEY_WRAP 0x00002109UL /* WAS: 0x00001090 */ +#define CKM_AES_KEY_WRAP_PAD 0x0000210AUL /* WAS: 0x00001091 */ + +#define CKM_RSA_PKCS_TPM_1_1 0x00004001UL +#define CKM_RSA_PKCS_OAEP_TPM_1_1 0x00004002UL + +#define CKM_VENDOR_DEFINED 0x80000000UL typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR; /* CK_MECHANISM is a structure that specifies a particular - * mechanism */ + * mechanism + */ typedef struct CK_MECHANISM { CK_MECHANISM_TYPE mechanism; CK_VOID_PTR pParameter; - - /* ulParameterLen was changed from CK_USHORT to CK_ULONG for - * v2.0 */ CK_ULONG ulParameterLen; /* in bytes */ } CK_MECHANISM; @@ -915,7 +991,8 @@ typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR; /* CK_MECHANISM_INFO provides information about a particular - * mechanism */ + * mechanism + */ typedef struct CK_MECHANISM_INFO { CK_ULONG ulMinKeySize; CK_ULONG ulMaxKeySize; @@ -923,179 +1000,163 @@ typedef struct CK_MECHANISM_INFO { } CK_MECHANISM_INFO; /* The flags are defined as follows: - * Bit Flag Mask Meaning */ -#define CKF_HW 0x00000001 /* performed by HW */ + * Bit Flag Mask Meaning */ +#define CKF_HW 0x00000001UL /* performed by HW */ -/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN, - * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER, - * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP, - * and CKF_DERIVE are new for v2.0. They specify whether or not - * a mechanism can be used for a particular task */ -#define CKF_ENCRYPT 0x00000100 -#define CKF_DECRYPT 0x00000200 -#define CKF_DIGEST 0x00000400 -#define CKF_SIGN 0x00000800 -#define CKF_SIGN_RECOVER 0x00001000 -#define CKF_VERIFY 0x00002000 -#define CKF_VERIFY_RECOVER 0x00004000 -#define CKF_GENERATE 0x00008000 -#define CKF_GENERATE_KEY_PAIR 0x00010000 -#define CKF_WRAP 0x00020000 -#define CKF_UNWRAP 0x00040000 -#define CKF_DERIVE 0x00080000 +/* Specify whether or not a mechanism can be used for a particular task */ +#define CKF_ENCRYPT 0x00000100UL +#define CKF_DECRYPT 0x00000200UL +#define CKF_DIGEST 0x00000400UL +#define CKF_SIGN 0x00000800UL +#define CKF_SIGN_RECOVER 0x00001000UL +#define CKF_VERIFY 0x00002000UL +#define CKF_VERIFY_RECOVER 0x00004000UL +#define CKF_GENERATE 0x00008000UL +#define CKF_GENERATE_KEY_PAIR 0x00010000UL +#define CKF_WRAP 0x00020000UL +#define CKF_UNWRAP 0x00040000UL +#define CKF_DERIVE 0x00080000UL -/* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE, - * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They - * describe a token's EC capabilities not available in mechanism - * information. */ -#define CKF_EC_F_P 0x00100000 -#define CKF_EC_F_2M 0x00200000 -#define CKF_EC_ECPARAMETERS 0x00400000 -#define CKF_EC_NAMEDCURVE 0x00800000 -#define CKF_EC_UNCOMPRESS 0x01000000 -#define CKF_EC_COMPRESS 0x02000000 +/* Describe a token's EC capabilities not available in mechanism + * information. + */ +#define CKF_EC_F_P 0x00100000UL +#define CKF_EC_F_2M 0x00200000UL +#define CKF_EC_ECPARAMETERS 0x00400000UL +#define CKF_EC_NAMEDCURVE 0x00800000UL +#define CKF_EC_UNCOMPRESS 0x01000000UL +#define CKF_EC_COMPRESS 0x02000000UL -#define CKF_EXTENSION 0x80000000 /* FALSE for this version */ +#define CKF_EXTENSION 0x80000000UL typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR; - /* CK_RV is a value that identifies the return value of a - * Cryptoki function */ -/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */ + * Cryptoki function + */ typedef CK_ULONG CK_RV; -#define CKR_OK 0x00000000 -#define CKR_CANCEL 0x00000001 -#define CKR_HOST_MEMORY 0x00000002 -#define CKR_SLOT_ID_INVALID 0x00000003 +#define CKR_OK 0x00000000UL +#define CKR_CANCEL 0x00000001UL +#define CKR_HOST_MEMORY 0x00000002UL +#define CKR_SLOT_ID_INVALID 0x00000003UL -/* CKR_FLAGS_INVALID was removed for v2.0 */ +#define CKR_GENERAL_ERROR 0x00000005UL +#define CKR_FUNCTION_FAILED 0x00000006UL -/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */ -#define CKR_GENERAL_ERROR 0x00000005 -#define CKR_FUNCTION_FAILED 0x00000006 +#define CKR_ARGUMENTS_BAD 0x00000007UL +#define CKR_NO_EVENT 0x00000008UL +#define CKR_NEED_TO_CREATE_THREADS 0x00000009UL +#define CKR_CANT_LOCK 0x0000000AUL -/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS, - * and CKR_CANT_LOCK are new for v2.01 */ -#define CKR_ARGUMENTS_BAD 0x00000007 -#define CKR_NO_EVENT 0x00000008 -#define CKR_NEED_TO_CREATE_THREADS 0x00000009 -#define CKR_CANT_LOCK 0x0000000A +#define CKR_ATTRIBUTE_READ_ONLY 0x00000010UL +#define CKR_ATTRIBUTE_SENSITIVE 0x00000011UL +#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012UL +#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013UL -#define CKR_ATTRIBUTE_READ_ONLY 0x00000010 -#define CKR_ATTRIBUTE_SENSITIVE 0x00000011 -#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012 -#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013 -#define CKR_DATA_INVALID 0x00000020 -#define CKR_DATA_LEN_RANGE 0x00000021 -#define CKR_DEVICE_ERROR 0x00000030 -#define CKR_DEVICE_MEMORY 0x00000031 -#define CKR_DEVICE_REMOVED 0x00000032 -#define CKR_ENCRYPTED_DATA_INVALID 0x00000040 -#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041 -#define CKR_FUNCTION_CANCELED 0x00000050 -#define CKR_FUNCTION_NOT_PARALLEL 0x00000051 +#define CKR_ACTION_PROHIBITED 0x0000001BUL -/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */ -#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054 +#define CKR_DATA_INVALID 0x00000020UL +#define CKR_DATA_LEN_RANGE 0x00000021UL +#define CKR_DEVICE_ERROR 0x00000030UL +#define CKR_DEVICE_MEMORY 0x00000031UL +#define CKR_DEVICE_REMOVED 0x00000032UL +#define CKR_ENCRYPTED_DATA_INVALID 0x00000040UL +#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041UL +#define CKR_FUNCTION_CANCELED 0x00000050UL +#define CKR_FUNCTION_NOT_PARALLEL 0x00000051UL -#define CKR_KEY_HANDLE_INVALID 0x00000060 +#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054UL -/* CKR_KEY_SENSITIVE was removed for v2.0 */ +#define CKR_KEY_HANDLE_INVALID 0x00000060UL -#define CKR_KEY_SIZE_RANGE 0x00000062 -#define CKR_KEY_TYPE_INCONSISTENT 0x00000063 +#define CKR_KEY_SIZE_RANGE 0x00000062UL +#define CKR_KEY_TYPE_INCONSISTENT 0x00000063UL -/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED, - * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED, - * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for - * v2.0 */ -#define CKR_KEY_NOT_NEEDED 0x00000064 -#define CKR_KEY_CHANGED 0x00000065 -#define CKR_KEY_NEEDED 0x00000066 -#define CKR_KEY_INDIGESTIBLE 0x00000067 -#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068 -#define CKR_KEY_NOT_WRAPPABLE 0x00000069 -#define CKR_KEY_UNEXTRACTABLE 0x0000006A +#define CKR_KEY_NOT_NEEDED 0x00000064UL +#define CKR_KEY_CHANGED 0x00000065UL +#define CKR_KEY_NEEDED 0x00000066UL +#define CKR_KEY_INDIGESTIBLE 0x00000067UL +#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068UL +#define CKR_KEY_NOT_WRAPPABLE 0x00000069UL +#define CKR_KEY_UNEXTRACTABLE 0x0000006AUL -#define CKR_MECHANISM_INVALID 0x00000070 -#define CKR_MECHANISM_PARAM_INVALID 0x00000071 +#define CKR_MECHANISM_INVALID 0x00000070UL +#define CKR_MECHANISM_PARAM_INVALID 0x00000071UL -/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID - * were removed for v2.0 */ -#define CKR_OBJECT_HANDLE_INVALID 0x00000082 -#define CKR_OPERATION_ACTIVE 0x00000090 -#define CKR_OPERATION_NOT_INITIALIZED 0x00000091 -#define CKR_PIN_INCORRECT 0x000000A0 -#define CKR_PIN_INVALID 0x000000A1 -#define CKR_PIN_LEN_RANGE 0x000000A2 +#define CKR_OBJECT_HANDLE_INVALID 0x00000082UL +#define CKR_OPERATION_ACTIVE 0x00000090UL +#define CKR_OPERATION_NOT_INITIALIZED 0x00000091UL +#define CKR_PIN_INCORRECT 0x000000A0UL +#define CKR_PIN_INVALID 0x000000A1UL +#define CKR_PIN_LEN_RANGE 0x000000A2UL -/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */ -#define CKR_PIN_EXPIRED 0x000000A3 -#define CKR_PIN_LOCKED 0x000000A4 +#define CKR_PIN_EXPIRED 0x000000A3UL +#define CKR_PIN_LOCKED 0x000000A4UL -#define CKR_SESSION_CLOSED 0x000000B0 -#define CKR_SESSION_COUNT 0x000000B1 -#define CKR_SESSION_HANDLE_INVALID 0x000000B3 -#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4 -#define CKR_SESSION_READ_ONLY 0x000000B5 -#define CKR_SESSION_EXISTS 0x000000B6 +#define CKR_SESSION_CLOSED 0x000000B0UL +#define CKR_SESSION_COUNT 0x000000B1UL +#define CKR_SESSION_HANDLE_INVALID 0x000000B3UL +#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4UL +#define CKR_SESSION_READ_ONLY 0x000000B5UL +#define CKR_SESSION_EXISTS 0x000000B6UL -/* CKR_SESSION_READ_ONLY_EXISTS and - * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */ -#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7 -#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8 +#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7UL +#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8UL -#define CKR_SIGNATURE_INVALID 0x000000C0 -#define CKR_SIGNATURE_LEN_RANGE 0x000000C1 -#define CKR_TEMPLATE_INCOMPLETE 0x000000D0 -#define CKR_TEMPLATE_INCONSISTENT 0x000000D1 -#define CKR_TOKEN_NOT_PRESENT 0x000000E0 -#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1 -#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2 -#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0 -#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1 -#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2 -#define CKR_USER_ALREADY_LOGGED_IN 0x00000100 -#define CKR_USER_NOT_LOGGED_IN 0x00000101 -#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102 -#define CKR_USER_TYPE_INVALID 0x00000103 +#define CKR_SIGNATURE_INVALID 0x000000C0UL +#define CKR_SIGNATURE_LEN_RANGE 0x000000C1UL +#define CKR_TEMPLATE_INCOMPLETE 0x000000D0UL +#define CKR_TEMPLATE_INCONSISTENT 0x000000D1UL +#define CKR_TOKEN_NOT_PRESENT 0x000000E0UL +#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1UL +#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2UL +#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0UL +#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1UL +#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2UL +#define CKR_USER_ALREADY_LOGGED_IN 0x00000100UL +#define CKR_USER_NOT_LOGGED_IN 0x00000101UL +#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102UL +#define CKR_USER_TYPE_INVALID 0x00000103UL -/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES - * are new to v2.01 */ -#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104 -#define CKR_USER_TOO_MANY_TYPES 0x00000105 +#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104UL +#define CKR_USER_TOO_MANY_TYPES 0x00000105UL -#define CKR_WRAPPED_KEY_INVALID 0x00000110 -#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112 -#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113 -#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114 -#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115 -#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120 +#define CKR_WRAPPED_KEY_INVALID 0x00000110UL +#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112UL +#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113UL +#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114UL +#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115UL +#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120UL -/* These are new to v2.0 */ -#define CKR_RANDOM_NO_RNG 0x00000121 +#define CKR_RANDOM_NO_RNG 0x00000121UL -/* These are new to v2.11 */ -#define CKR_DOMAIN_PARAMS_INVALID 0x00000130 +#define CKR_DOMAIN_PARAMS_INVALID 0x00000130UL -/* These are new to v2.0 */ -#define CKR_BUFFER_TOO_SMALL 0x00000150 -#define CKR_SAVED_STATE_INVALID 0x00000160 -#define CKR_INFORMATION_SENSITIVE 0x00000170 -#define CKR_STATE_UNSAVEABLE 0x00000180 +#define CKR_CURVE_NOT_SUPPORTED 0x00000140UL -/* These are new to v2.01 */ -#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190 -#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191 -#define CKR_MUTEX_BAD 0x000001A0 -#define CKR_MUTEX_NOT_LOCKED 0x000001A1 +#define CKR_BUFFER_TOO_SMALL 0x00000150UL +#define CKR_SAVED_STATE_INVALID 0x00000160UL +#define CKR_INFORMATION_SENSITIVE 0x00000170UL +#define CKR_STATE_UNSAVEABLE 0x00000180UL -/* This is new to v2.20 */ -#define CKR_FUNCTION_REJECTED 0x00000200 +#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190UL +#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191UL +#define CKR_MUTEX_BAD 0x000001A0UL +#define CKR_MUTEX_NOT_LOCKED 0x000001A1UL -#define CKR_VENDOR_DEFINED 0x80000000 +#define CKR_NEW_PIN_MODE 0x000001B0UL +#define CKR_NEXT_OTP 0x000001B1UL + +#define CKR_EXCEEDED_MAX_ITERATIONS 0x000001B5UL +#define CKR_FIPS_SELF_TEST_FAILED 0x000001B6UL +#define CKR_LIBRARY_LOAD_FAILED 0x000001B7UL +#define CKR_PIN_TOO_WEAK 0x000001B8UL +#define CKR_PUBLIC_KEY_INVALID 0x000001B9UL + +#define CKR_FUNCTION_REJECTED 0x00000200UL + +#define CKR_VENDOR_DEFINED 0x80000000UL /* CK_NOTIFY is an application callback that processes events */ @@ -1108,8 +1169,8 @@ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)( /* CK_FUNCTION_LIST is a structure holding a Cryptoki spec * version and pointers of appropriate types to all the - * Cryptoki functions */ -/* CK_FUNCTION_LIST is new for v2.0 */ + * Cryptoki functions + */ typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST; typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR; @@ -1118,14 +1179,16 @@ typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR; /* CK_CREATEMUTEX is an application callback for creating a - * mutex object */ + * mutex object + */ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)( CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */ ); /* CK_DESTROYMUTEX is an application callback for destroying a - * mutex object */ + * mutex object + */ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)( CK_VOID_PTR pMutex /* pointer to mutex */ ); @@ -1138,14 +1201,16 @@ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)( /* CK_UNLOCKMUTEX is an application callback for unlocking a - * mutex */ + * mutex + */ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)( CK_VOID_PTR pMutex /* pointer to mutex */ ); /* CK_C_INITIALIZE_ARGS provides the optional arguments to - * C_Initialize */ + * C_Initialize + */ typedef struct CK_C_INITIALIZE_ARGS { CK_CREATEMUTEX CreateMutex; CK_DESTROYMUTEX DestroyMutex; @@ -1158,8 +1223,8 @@ typedef struct CK_C_INITIALIZE_ARGS { /* flags: bit flags that provide capabilities of the slot * Bit Flag Mask Meaning */ -#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001 -#define CKF_OS_LOCKING_OK 0x00000002 +#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001UL +#define CKF_OS_LOCKING_OK 0x00000002UL typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR; @@ -1169,37 +1234,36 @@ typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR; /* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */ #define CKF_DONT_BLOCK 1 -/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10. - * CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message +/* CK_RSA_PKCS_MGF_TYPE is used to indicate the Message * Generation Function (MGF) applied to a message block when * formatting a message block for the PKCS #1 OAEP encryption - * scheme. */ + * scheme. + */ typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE; typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR; /* The following MGFs are defined */ -/* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512 - * are new for v2.20 */ -#define CKG_MGF1_SHA1 0x00000001 -#define CKG_MGF1_SHA256 0x00000002 -#define CKG_MGF1_SHA384 0x00000003 -#define CKG_MGF1_SHA512 0x00000004 +#define CKG_MGF1_SHA1 0x00000001UL +#define CKG_MGF1_SHA256 0x00000002UL +#define CKG_MGF1_SHA384 0x00000003UL +#define CKG_MGF1_SHA512 0x00000004UL +#define CKG_MGF1_SHA224 0x00000005UL -/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10. - * CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source +/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source * of the encoding parameter when formatting a message block - * for the PKCS #1 OAEP encryption scheme. */ + * for the PKCS #1 OAEP encryption scheme. + */ typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE; typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR; /* The following encoding parameter sources are defined */ -#define CKZ_DATA_SPECIFIED 0x00000001 +#define CKZ_DATA_SPECIFIED 0x00000001UL -/* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10. - * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the - * CKM_RSA_PKCS_OAEP mechanism. */ +/* CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the + * CKM_RSA_PKCS_OAEP mechanism. + */ typedef struct CK_RSA_PKCS_OAEP_PARAMS { CK_MECHANISM_TYPE hashAlg; CK_RSA_PKCS_MGF_TYPE mgf; @@ -1210,9 +1274,9 @@ typedef struct CK_RSA_PKCS_OAEP_PARAMS { typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR; -/* CK_RSA_PKCS_PSS_PARAMS is new for v2.11. - * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the - * CKM_RSA_PKCS_PSS mechanism(s). */ +/* CK_RSA_PKCS_PSS_PARAMS provides the parameters to the + * CKM_RSA_PKCS_PSS mechanism(s). + */ typedef struct CK_RSA_PKCS_PSS_PARAMS { CK_MECHANISM_TYPE hashAlg; CK_RSA_PKCS_MGF_TYPE mgf; @@ -1221,15 +1285,23 @@ typedef struct CK_RSA_PKCS_PSS_PARAMS { typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR; -/* CK_EC_KDF_TYPE is new for v2.11. */ typedef CK_ULONG CK_EC_KDF_TYPE; /* The following EC Key Derivation Functions are defined */ -#define CKD_NULL 0x00000001 -#define CKD_SHA1_KDF 0x00000002 +#define CKD_NULL 0x00000001UL +#define CKD_SHA1_KDF 0x00000002UL -/* CK_ECDH1_DERIVE_PARAMS is new for v2.11. - * CK_ECDH1_DERIVE_PARAMS provides the parameters to the +/* The following X9.42 DH key derivation functions are defined */ +#define CKD_SHA1_KDF_ASN1 0x00000003UL +#define CKD_SHA1_KDF_CONCATENATE 0x00000004UL +#define CKD_SHA224_KDF 0x00000005UL +#define CKD_SHA256_KDF 0x00000006UL +#define CKD_SHA384_KDF 0x00000007UL +#define CKD_SHA512_KDF 0x00000008UL +#define CKD_CPDIVERSIFY_KDF 0x00000009UL + + +/* CK_ECDH1_DERIVE_PARAMS provides the parameters to the * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms, * where each party contributes one key pair. */ @@ -1243,10 +1315,10 @@ typedef struct CK_ECDH1_DERIVE_PARAMS { typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR; - -/* CK_ECDH2_DERIVE_PARAMS is new for v2.11. +/* * CK_ECDH2_DERIVE_PARAMS provides the parameters to the - * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */ + * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. + */ typedef struct CK_ECDH2_DERIVE_PARAMS { CK_EC_KDF_TYPE kdf; CK_ULONG ulSharedDataLen; @@ -1277,19 +1349,15 @@ typedef struct CK_ECMQV_DERIVE_PARAMS { typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR; /* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the - * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */ + * CKM_X9_42_DH_PARAMETER_GEN mechanisms + */ typedef CK_ULONG CK_X9_42_DH_KDF_TYPE; typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR; -/* The following X9.42 DH key derivation functions are defined - (besides CKD_NULL already defined : */ -#define CKD_SHA1_KDF_ASN1 0x00000003 -#define CKD_SHA1_KDF_CONCATENATE 0x00000004 - -/* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11. - * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the +/* CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party - * contributes one key pair */ + * contributes one key pair + */ typedef struct CK_X9_42_DH1_DERIVE_PARAMS { CK_X9_42_DH_KDF_TYPE kdf; CK_ULONG ulOtherInfoLen; @@ -1300,10 +1368,10 @@ typedef struct CK_X9_42_DH1_DERIVE_PARAMS { typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR; -/* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11. - * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the +/* CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation - * mechanisms, where each party contributes two key pairs */ + * mechanisms, where each party contributes two key pairs + */ typedef struct CK_X9_42_DH2_DERIVE_PARAMS { CK_X9_42_DH_KDF_TYPE kdf; CK_ULONG ulOtherInfoLen; @@ -1334,8 +1402,8 @@ typedef struct CK_X9_42_MQV_DERIVE_PARAMS { typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR; /* CK_KEA_DERIVE_PARAMS provides the parameters to the - * CKM_KEA_DERIVE mechanism */ -/* CK_KEA_DERIVE_PARAMS is new for v2.0 */ + * CKM_KEA_DERIVE mechanism + */ typedef struct CK_KEA_DERIVE_PARAMS { CK_BBOOL isSender; CK_ULONG ulRandomLen; @@ -1350,19 +1418,18 @@ typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR; /* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just - * holds the effective keysize */ + * holds the effective keysize + */ typedef CK_ULONG CK_RC2_PARAMS; typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR; /* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC - * mechanism */ + * mechanism + */ typedef struct CK_RC2_CBC_PARAMS { - /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for - * v2.0 */ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ - CK_BYTE iv[8]; /* IV for CBC mode */ } CK_RC2_CBC_PARAMS; @@ -1370,8 +1437,8 @@ typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR; /* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the - * CKM_RC2_MAC_GENERAL mechanism */ -/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */ + * CKM_RC2_MAC_GENERAL mechanism + */ typedef struct CK_RC2_MAC_GENERAL_PARAMS { CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ CK_ULONG ulMacLength; /* Length of MAC in bytes */ @@ -1382,8 +1449,8 @@ typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \ /* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and - * CKM_RC5_MAC mechanisms */ -/* CK_RC5_PARAMS is new for v2.0 */ + * CKM_RC5_MAC mechanisms + */ typedef struct CK_RC5_PARAMS { CK_ULONG ulWordsize; /* wordsize in bits */ CK_ULONG ulRounds; /* number of rounds */ @@ -1393,8 +1460,8 @@ typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR; /* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC - * mechanism */ -/* CK_RC5_CBC_PARAMS is new for v2.0 */ + * mechanism + */ typedef struct CK_RC5_CBC_PARAMS { CK_ULONG ulWordsize; /* wordsize in bits */ CK_ULONG ulRounds; /* number of rounds */ @@ -1406,8 +1473,8 @@ typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR; /* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the - * CKM_RC5_MAC_GENERAL mechanism */ -/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */ + * CKM_RC5_MAC_GENERAL mechanism + */ typedef struct CK_RC5_MAC_GENERAL_PARAMS { CK_ULONG ulWordsize; /* wordsize in bits */ CK_ULONG ulRounds; /* number of rounds */ @@ -1417,16 +1484,14 @@ typedef struct CK_RC5_MAC_GENERAL_PARAMS { typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \ CK_RC5_MAC_GENERAL_PARAMS_PTR; - /* CK_MAC_GENERAL_PARAMS provides the parameters to most block * ciphers' MAC_GENERAL mechanisms. Its value is the length of - * the MAC */ -/* CK_MAC_GENERAL_PARAMS is new for v2.0 */ + * the MAC + */ typedef CK_ULONG CK_MAC_GENERAL_PARAMS; typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR; -/* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */ typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS { CK_BYTE iv[8]; CK_BYTE_PTR pData; @@ -1444,8 +1509,8 @@ typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS { typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR; /* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the - * CKM_SKIPJACK_PRIVATE_WRAP mechanism */ -/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */ + * CKM_SKIPJACK_PRIVATE_WRAP mechanism + */ typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS { CK_ULONG ulPasswordLen; CK_BYTE_PTR pPassword; @@ -1461,12 +1526,12 @@ typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS { } CK_SKIPJACK_PRIVATE_WRAP_PARAMS; typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \ - CK_SKIPJACK_PRIVATE_WRAP_PTR; + CK_SKIPJACK_PRIVATE_WRAP_PARAMS_PTR; /* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the - * CKM_SKIPJACK_RELAYX mechanism */ -/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */ + * CKM_SKIPJACK_RELAYX mechanism + */ typedef struct CK_SKIPJACK_RELAYX_PARAMS { CK_ULONG ulOldWrappedXLen; CK_BYTE_PTR pOldWrappedX; @@ -1501,17 +1566,15 @@ typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR; /* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the - * CKM_KEY_WRAP_SET_OAEP mechanism */ -/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */ + * CKM_KEY_WRAP_SET_OAEP mechanism + */ typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS { CK_BYTE bBC; /* block contents byte */ CK_BYTE_PTR pX; /* extra data */ CK_ULONG ulXLen; /* length of extra data in bytes */ } CK_KEY_WRAP_SET_OAEP_PARAMS; -typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR \ - CK_KEY_WRAP_SET_OAEP_PARAMS_PTR; - +typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR CK_KEY_WRAP_SET_OAEP_PARAMS_PTR; typedef struct CK_SSL3_RANDOM_DATA { CK_BYTE_PTR pClientRandom; @@ -1529,7 +1592,6 @@ typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS { typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \ CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR; - typedef struct CK_SSL3_KEY_MAT_OUT { CK_OBJECT_HANDLE hClientMacSecret; CK_OBJECT_HANDLE hServerMacSecret; @@ -1553,7 +1615,6 @@ typedef struct CK_SSL3_KEY_MAT_PARAMS { typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR; -/* CK_TLS_PRF_PARAMS is new for version 2.20 */ typedef struct CK_TLS_PRF_PARAMS { CK_BYTE_PTR pSeed; CK_ULONG ulSeedLen; @@ -1565,7 +1626,6 @@ typedef struct CK_TLS_PRF_PARAMS { typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR; -/* WTLS is new for version 2.20 */ typedef struct CK_WTLS_RANDOM_DATA { CK_BYTE_PTR pClientRandom; CK_ULONG ulClientRandomLen; @@ -1617,7 +1677,6 @@ typedef struct CK_WTLS_KEY_MAT_PARAMS { typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR; -/* CMS is new for version 2.20 */ typedef struct CK_CMS_SIG_PARAMS { CK_OBJECT_HANDLE certificateHandle; CK_MECHANISM_PTR pSigningMechanism; @@ -1643,38 +1702,45 @@ typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \ /* The CK_EXTRACT_PARAMS is used for the * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit * of the base key should be used as the first bit of the - * derived key */ -/* CK_EXTRACT_PARAMS is new for v2.0 */ + * derived key + */ typedef CK_ULONG CK_EXTRACT_PARAMS; typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR; -/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10. - * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to +/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to * indicate the Pseudo-Random Function (PRF) used to generate - * key bits using PKCS #5 PBKDF2. */ + * key bits using PKCS #5 PBKDF2. + */ typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE; -typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR; +typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR \ + CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR; -/* The following PRFs are defined in PKCS #5 v2.0. */ -#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001 +#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001UL +#define CKP_PKCS5_PBKD2_HMAC_GOSTR3411 0x00000002UL +#define CKP_PKCS5_PBKD2_HMAC_SHA224 0x00000003UL +#define CKP_PKCS5_PBKD2_HMAC_SHA256 0x00000004UL +#define CKP_PKCS5_PBKD2_HMAC_SHA384 0x00000005UL +#define CKP_PKCS5_PBKD2_HMAC_SHA512 0x00000006UL +#define CKP_PKCS5_PBKD2_HMAC_SHA512_224 0x00000007UL +#define CKP_PKCS5_PBKD2_HMAC_SHA512_256 0x00000008UL - -/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10. - * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the +/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the * source of the salt value when deriving a key using PKCS #5 - * PBKDF2. */ + * PBKDF2. + */ typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE; -typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR; +typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR \ + CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR; /* The following salt value sources are defined in PKCS #5 v2.0. */ -#define CKZ_SALT_SPECIFIED 0x00000001 +#define CKZ_SALT_SPECIFIED 0x00000001UL -/* CK_PKCS5_PBKD2_PARAMS is new for v2.10. - * CK_PKCS5_PBKD2_PARAMS is a structure that provides the - * parameters to the CKM_PKCS5_PBKD2 mechanism. */ +/* CK_PKCS5_PBKD2_PARAMS is a structure that provides the + * parameters to the CKM_PKCS5_PBKD2 mechanism. + */ typedef struct CK_PKCS5_PBKD2_PARAMS { CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource; CK_VOID_PTR pSaltSourceData; @@ -1689,34 +1755,248 @@ typedef struct CK_PKCS5_PBKD2_PARAMS { typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR; -/* new for v2.40 */ +/* CK_PKCS5_PBKD2_PARAMS2 is a corrected version of the CK_PKCS5_PBKD2_PARAMS + * structure that provides the parameters to the CKM_PKCS5_PBKD2 mechanism + * noting that the ulPasswordLen field is a CK_ULONG and not a CK_ULONG_PTR. + */ +typedef struct CK_PKCS5_PBKD2_PARAMS2 { + CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource; + CK_VOID_PTR pSaltSourceData; + CK_ULONG ulSaltSourceDataLen; + CK_ULONG iterations; + CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf; + CK_VOID_PTR pPrfData; + CK_ULONG ulPrfDataLen; + CK_UTF8CHAR_PTR pPassword; + CK_ULONG ulPasswordLen; +} CK_PKCS5_PBKD2_PARAMS2; + +typedef CK_PKCS5_PBKD2_PARAMS2 CK_PTR CK_PKCS5_PBKD2_PARAMS2_PTR; + +typedef CK_ULONG CK_OTP_PARAM_TYPE; +typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* backward compatibility */ + +typedef struct CK_OTP_PARAM { + CK_OTP_PARAM_TYPE type; + CK_VOID_PTR pValue; + CK_ULONG ulValueLen; +} CK_OTP_PARAM; + +typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR; + +typedef struct CK_OTP_PARAMS { + CK_OTP_PARAM_PTR pParams; + CK_ULONG ulCount; +} CK_OTP_PARAMS; + +typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR; + +typedef struct CK_OTP_SIGNATURE_INFO { + CK_OTP_PARAM_PTR pParams; + CK_ULONG ulCount; +} CK_OTP_SIGNATURE_INFO; + +typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR; + +#define CK_OTP_VALUE 0UL +#define CK_OTP_PIN 1UL +#define CK_OTP_CHALLENGE 2UL +#define CK_OTP_TIME 3UL +#define CK_OTP_COUNTER 4UL +#define CK_OTP_FLAGS 5UL +#define CK_OTP_OUTPUT_LENGTH 6UL +#define CK_OTP_OUTPUT_FORMAT 7UL + +#define CKF_NEXT_OTP 0x00000001UL +#define CKF_EXCLUDE_TIME 0x00000002UL +#define CKF_EXCLUDE_COUNTER 0x00000004UL +#define CKF_EXCLUDE_CHALLENGE 0x00000008UL +#define CKF_EXCLUDE_PIN 0x00000010UL +#define CKF_USER_FRIENDLY_OTP 0x00000020UL + +typedef struct CK_KIP_PARAMS { + CK_MECHANISM_PTR pMechanism; + CK_OBJECT_HANDLE hKey; + CK_BYTE_PTR pSeed; + CK_ULONG ulSeedLen; +} CK_KIP_PARAMS; + +typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR; + +typedef struct CK_AES_CTR_PARAMS { + CK_ULONG ulCounterBits; + CK_BYTE cb[16]; +} CK_AES_CTR_PARAMS; + +typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR; + +typedef struct CK_GCM_PARAMS { + CK_BYTE_PTR pIv; + CK_ULONG ulIvLen; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulTagBits; +} CK_GCM_PARAMS; + +typedef CK_GCM_PARAMS CK_PTR CK_GCM_PARAMS_PTR; + +typedef struct CK_CCM_PARAMS { + CK_ULONG ulDataLen; + CK_BYTE_PTR pNonce; + CK_ULONG ulNonceLen; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulMACLen; +} CK_CCM_PARAMS; + +typedef CK_CCM_PARAMS CK_PTR CK_CCM_PARAMS_PTR; + +/* Deprecated. Use CK_GCM_PARAMS */ +typedef struct CK_AES_GCM_PARAMS { + CK_BYTE_PTR pIv; + CK_ULONG ulIvLen; + CK_ULONG ulIvBits; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulTagBits; +} CK_AES_GCM_PARAMS; + +typedef CK_AES_GCM_PARAMS CK_PTR CK_AES_GCM_PARAMS_PTR; + +/* Deprecated. Use CK_CCM_PARAMS */ +typedef struct CK_AES_CCM_PARAMS { + CK_ULONG ulDataLen; + CK_BYTE_PTR pNonce; + CK_ULONG ulNonceLen; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulMACLen; +} CK_AES_CCM_PARAMS; + +typedef CK_AES_CCM_PARAMS CK_PTR CK_AES_CCM_PARAMS_PTR; + +typedef struct CK_CAMELLIA_CTR_PARAMS { + CK_ULONG ulCounterBits; + CK_BYTE cb[16]; +} CK_CAMELLIA_CTR_PARAMS; + +typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR; + +typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS { + CK_BYTE iv[16]; + CK_BYTE_PTR pData; + CK_ULONG length; +} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS; + +typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR \ + CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR; + +typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS { + CK_BYTE iv[16]; + CK_BYTE_PTR pData; + CK_ULONG length; +} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS; + +typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR \ + CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR; + +typedef struct CK_DSA_PARAMETER_GEN_PARAM { + CK_MECHANISM_TYPE hash; + CK_BYTE_PTR pSeed; + CK_ULONG ulSeedLen; + CK_ULONG ulIndex; +} CK_DSA_PARAMETER_GEN_PARAM; + +typedef CK_DSA_PARAMETER_GEN_PARAM CK_PTR CK_DSA_PARAMETER_GEN_PARAM_PTR; + +typedef struct CK_ECDH_AES_KEY_WRAP_PARAMS { + CK_ULONG ulAESKeyBits; + CK_EC_KDF_TYPE kdf; + CK_ULONG ulSharedDataLen; + CK_BYTE_PTR pSharedData; +} CK_ECDH_AES_KEY_WRAP_PARAMS; + +typedef CK_ECDH_AES_KEY_WRAP_PARAMS CK_PTR CK_ECDH_AES_KEY_WRAP_PARAMS_PTR; + +typedef CK_ULONG CK_JAVA_MIDP_SECURITY_DOMAIN; + +typedef CK_ULONG CK_CERTIFICATE_CATEGORY; + +typedef struct CK_RSA_AES_KEY_WRAP_PARAMS { + CK_ULONG ulAESKeyBits; + CK_RSA_PKCS_OAEP_PARAMS_PTR pOAEPParams; +} CK_RSA_AES_KEY_WRAP_PARAMS; + +typedef CK_RSA_AES_KEY_WRAP_PARAMS CK_PTR CK_RSA_AES_KEY_WRAP_PARAMS_PTR; typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS { - CK_SSL3_RANDOM_DATA RandomInfo; - CK_VERSION_PTR pVersion; - CK_MECHANISM_TYPE prfHashMechanism; + CK_SSL3_RANDOM_DATA RandomInfo; + CK_VERSION_PTR pVersion; + CK_MECHANISM_TYPE prfHashMechanism; } CK_TLS12_MASTER_KEY_DERIVE_PARAMS; -typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR; +typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR \ + CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR; typedef struct CK_TLS12_KEY_MAT_PARAMS { - CK_ULONG ulMacSizeInBits; - CK_ULONG ulKeySizeInBits; - CK_ULONG ulIVSizeInBits; - CK_BBOOL bIsExport; - CK_SSL3_RANDOM_DATA RandomInfo; - CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial; - CK_MECHANISM_TYPE prfHashMechanism; + CK_ULONG ulMacSizeInBits; + CK_ULONG ulKeySizeInBits; + CK_ULONG ulIVSizeInBits; + CK_BBOOL bIsExport; + CK_SSL3_RANDOM_DATA RandomInfo; + CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial; + CK_MECHANISM_TYPE prfHashMechanism; } CK_TLS12_KEY_MAT_PARAMS; typedef CK_TLS12_KEY_MAT_PARAMS CK_PTR CK_TLS12_KEY_MAT_PARAMS_PTR; +typedef struct CK_TLS_KDF_PARAMS { + CK_MECHANISM_TYPE prfMechanism; + CK_BYTE_PTR pLabel; + CK_ULONG ulLabelLength; + CK_SSL3_RANDOM_DATA RandomInfo; + CK_BYTE_PTR pContextData; + CK_ULONG ulContextDataLength; +} CK_TLS_KDF_PARAMS; + +typedef CK_TLS_KDF_PARAMS CK_PTR CK_TLS_KDF_PARAMS_PTR; + typedef struct CK_TLS_MAC_PARAMS { - CK_MECHANISM_TYPE prfMechanism; - CK_ULONG ulMacLength; - CK_ULONG ulServerOrClient; + CK_MECHANISM_TYPE prfMechanism; + CK_ULONG ulMacLength; + CK_ULONG ulServerOrClient; } CK_TLS_MAC_PARAMS; typedef CK_TLS_MAC_PARAMS CK_PTR CK_TLS_MAC_PARAMS_PTR; -#endif +typedef struct CK_GOSTR3410_DERIVE_PARAMS { + CK_EC_KDF_TYPE kdf; + CK_BYTE_PTR pPublicData; + CK_ULONG ulPublicDataLen; + CK_BYTE_PTR pUKM; + CK_ULONG ulUKMLen; +} CK_GOSTR3410_DERIVE_PARAMS; + +typedef CK_GOSTR3410_DERIVE_PARAMS CK_PTR CK_GOSTR3410_DERIVE_PARAMS_PTR; + +typedef struct CK_GOSTR3410_KEY_WRAP_PARAMS { + CK_BYTE_PTR pWrapOID; + CK_ULONG ulWrapOIDLen; + CK_BYTE_PTR pUKM; + CK_ULONG ulUKMLen; + CK_OBJECT_HANDLE hKey; +} CK_GOSTR3410_KEY_WRAP_PARAMS; + +typedef CK_GOSTR3410_KEY_WRAP_PARAMS CK_PTR CK_GOSTR3410_KEY_WRAP_PARAMS_PTR; + +typedef struct CK_SEED_CBC_ENCRYPT_DATA_PARAMS { + CK_BYTE iv[16]; + CK_BYTE_PTR pData; + CK_ULONG length; +} CK_SEED_CBC_ENCRYPT_DATA_PARAMS; + +typedef CK_SEED_CBC_ENCRYPT_DATA_PARAMS CK_PTR \ + CK_SEED_CBC_ENCRYPT_DATA_PARAMS_PTR; + +#endif /* _PKCS11T_H_ */ + diff --git a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11wrapper.h b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11wrapper.h index b3e4ebe58a8..17ffef6fb1d 100644 --- a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11wrapper.h +++ b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11wrapper.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -69,11 +69,12 @@ #define CKA_NETSCAPE_BASE (0x80000000 + 0x4E534350) #define CKA_NETSCAPE_TRUST_BASE (CKA_NETSCAPE_BASE + 0x2000) - #define CKA_NETSCAPE_TRUST_SERVER_AUTH (CKA_NETSCAPE_TRUST_BASE + 8) #define CKA_NETSCAPE_TRUST_CLIENT_AUTH (CKA_NETSCAPE_TRUST_BASE + 9) #define CKA_NETSCAPE_TRUST_CODE_SIGNING (CKA_NETSCAPE_TRUST_BASE + 10) #define CKA_NETSCAPE_TRUST_EMAIL_PROTECTION (CKA_NETSCAPE_TRUST_BASE + 11) +#define CKA_NETSCAPE_DB 0xD5A0DB00 +#define CKM_NSS_TLS_PRF_GENERAL 0x80000373 /* @@ -154,11 +155,11 @@ #define P11_ENABLE_GETNATIVEKEYINFO #define P11_ENABLE_CREATENATIVEKEY + /* include the platform dependent part of the header */ #include "p11_md.h" #include "pkcs11.h" -#include "pkcs-11v2-20a3.h" #include #include #include @@ -206,8 +207,6 @@ #define ckULongToJSize(x) ((jsize) x) #define unsignedIntToCKULong(x) ((CK_ULONG) x) -//#define P11_DEBUG - #ifdef P11_DEBUG #define TRACE0(s) { printf(s); fflush(stdout); } #define TRACE1(s, p1) { printf(s, p1); fflush(stdout); } @@ -228,6 +227,8 @@ void printDebug(const char *format, ...); #define CK_ASSERT_OK 0L +#define CLASS_P11PSSSIGNATURE "sun/security/pkcs11/P11PSSSignature" + #define CLASS_INFO "sun/security/pkcs11/wrapper/CK_INFO" #define CLASS_VERSION "sun/security/pkcs11/wrapper/CK_VERSION" #define CLASS_SLOT_INFO "sun/security/pkcs11/wrapper/CK_SLOT_INFO" @@ -249,15 +250,18 @@ void printDebug(const char *format, ...); /* mechanism parameter classes */ - +#define CLASS_AES_CTR_PARAMS "sun/security/pkcs11/wrapper/CK_AES_CTR_PARAMS" +#define CLASS_GCM_PARAMS "sun/security/pkcs11/wrapper/CK_GCM_PARAMS" +#define CLASS_CCM_PARAMS "sun/security/pkcs11/wrapper/CK_CCM_PARAMS" +#define CLASS_RSA_PKCS_PSS_PARAMS "sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS" #define CLASS_RSA_PKCS_OAEP_PARAMS "sun/security/pkcs11/wrapper/CK_RSA_PKCS_OAEP_PARAMS" + #define CLASS_MAC_GENERAL_PARAMS "sun/security/pkcs11/wrapper/CK_MAC_GENERAL_PARAMS" #define CLASS_PBE_PARAMS "sun/security/pkcs11/wrapper/CK_PBE_PARAMS" #define PBE_INIT_VECTOR_SIZE 8 #define CLASS_PKCS5_PBKD2_PARAMS "sun/security/pkcs11/wrapper/CK_PKCS5_PBKD2_PARAMS" #define CLASS_EXTRACT_PARAMS "sun/security/pkcs11/wrapper/CK_EXTRACT_PARAMS" -#define CLASS_RSA_PKCS_PSS_PARAMS "sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS" #define CLASS_ECDH1_DERIVE_PARAMS "sun/security/pkcs11/wrapper/CK_ECDH1_DERIVE_PARAMS" #define CLASS_ECDH2_DERIVE_PARAMS "sun/security/pkcs11/wrapper/CK_ECDH2_DERIVE_PARAMS" #define CLASS_X9_42_DH1_DERIVE_PARAMS "sun/security/pkcs11/wrapper/CK_X9_42_DH1_DERIVE_PARAMS" @@ -287,7 +291,7 @@ void printDebug(const char *format, ...); #define CLASS_TLS12_KEY_MAT_PARAMS "sun/security/pkcs11/wrapper/CK_TLS12_KEY_MAT_PARAMS" #define CLASS_TLS_PRF_PARAMS "sun/security/pkcs11/wrapper/CK_TLS_PRF_PARAMS" #define CLASS_TLS_MAC_PARAMS "sun/security/pkcs11/wrapper/CK_TLS_MAC_PARAMS" -#define CLASS_AES_CTR_PARAMS "sun/security/pkcs11/wrapper/CK_AES_CTR_PARAMS" + /* function to convert a PKCS#11 return value other than CK_OK into a Java Exception * or to throw a PKCS11RuntimeException @@ -300,11 +304,12 @@ void throwIOException(JNIEnv *env, const char *message); void throwPKCS11RuntimeException(JNIEnv *env, const char *message); void throwDisconnectedRuntimeException(JNIEnv *env); -/* function to free CK_ATTRIBUTE array +/* functions to free CK structures and pointers */ void freeCKAttributeArray(CK_ATTRIBUTE_PTR attrPtr, int len); +void freeCKMechanismPtr(CK_MECHANISM_PTR mechPtr); -/* funktions to convert Java arrays to a CK-type array and the array length */ +/* functions to convert Java arrays to a CK-type array and the array length */ void jBooleanArrayToCKBBoolArray(JNIEnv *env, const jbooleanArray jArray, CK_BBOOL **ckpArray, CK_ULONG_PTR ckLength); void jByteArrayToCKByteArray(JNIEnv *env, const jbyteArray jArray, CK_BYTE_PTR *ckpArray, CK_ULONG_PTR ckLength); @@ -316,7 +321,7 @@ void jAttributeArrayToCKAttributeArray(JNIEnv *env, jobjectArray jAArray, CK_ATT /*void jObjectArrayToCKVoidPtrArray(JNIEnv *env, const jobjectArray jArray, CK_VOID_PTR_PTR ckpArray, CK_ULONG_PTR ckpLength); */ -/* funktions to convert a CK-type array and the array length to a Java array */ +/* functions to convert a CK-type array and the array length to a Java array */ jbyteArray ckByteArrayToJByteArray(JNIEnv *env, const CK_BYTE_PTR ckpArray, CK_ULONG ckLength); jlongArray ckULongArrayToJLongArray(JNIEnv *env, const CK_ULONG_PTR ckpArray, CK_ULONG ckLength); @@ -324,7 +329,7 @@ jcharArray ckCharArrayToJCharArray(JNIEnv *env, const CK_CHAR_PTR ckpArray, CK_U jcharArray ckUTF8CharArrayToJCharArray(JNIEnv *env, const CK_UTF8CHAR_PTR ckpArray, CK_ULONG ckLength); -/* funktions to convert a CK-type structure or a pointer to a CK-value to a Java object */ +/* functions to convert a CK-type structure or a pointer to a CK-value to a Java object */ jobject ckBBoolPtrToJBooleanObject(JNIEnv *env, const CK_BBOOL* ckpValue); jobject ckULongPtrToJLongObject(JNIEnv *env, const CK_ULONG_PTR ckpValue); @@ -334,12 +339,12 @@ jobject ckSessionInfoPtrToJSessionInfo(JNIEnv *env, const CK_SESSION_INFO_PTR ck jobject ckAttributePtrToJAttribute(JNIEnv *env, const CK_ATTRIBUTE_PTR ckpAttribute); -/* funktion to convert the CK-value used by the CK_ATTRIBUTE structure to a Java object */ +/* function to convert the CK-value used by the CK_ATTRIBUTE structure to a Java object */ jobject ckAttributeValueToJObject(JNIEnv *env, const CK_ATTRIBUTE_PTR ckpAttribute); -/* funktions to convert a Java object to a CK-type structure or a pointer to a CK-value */ +/* functions to convert a Java object to a CK-type structure or a pointer to a CK-value */ CK_BBOOL* jBooleanObjectToCKBBoolPtr(JNIEnv *env, jobject jObject); CK_BYTE_PTR jByteObjectToCKBytePtr(JNIEnv *env, jobject jObject); @@ -349,44 +354,35 @@ CK_CHAR_PTR jCharObjectToCKCharPtr(JNIEnv *env, jobject jObject); CK_VERSION_PTR jVersionToCKVersionPtr(JNIEnv *env, jobject jVersion); CK_DATE * jDateObjectPtrToCKDatePtr(JNIEnv *env, jobject jDate); CK_ATTRIBUTE jAttributeToCKAttribute(JNIEnv *env, jobject jAttribute); -/*CK_MECHANISM jMechanismToCKMechanism(JNIEnv *env, jobject jMechanism);*/ -void jMechanismToCKMechanism(JNIEnv *env, jobject jMechanism, CK_MECHANISM_PTR ckMechanismPtr); +CK_MECHANISM_PTR jMechanismToCKMechanismPtr(JNIEnv *env, jobject jMechanism); -/* funktions to convert Java objects used by the Mechanism and Attribute class to a CK-type structure */ - -void jObjectToPrimitiveCKObjectPtrPtr(JNIEnv *env, jobject jObject, CK_VOID_PTR *ckpObjectPtr, CK_ULONG *pLength); -void jMechanismParameterToCKMechanismParameter(JNIEnv *env, jobject jParam, CK_VOID_PTR *ckpParamPtr, CK_ULONG *ckpLength); +/* functions to convert Java objects used by the Mechanism and Attribute class to a CK-type structure */ +CK_VOID_PTR jObjectToPrimitiveCKObjectPtr(JNIEnv *env, jobject jObject, CK_ULONG *ckpLength); +CK_VOID_PTR jMechParamToCKMechParamPtr(JNIEnv *env, jobject jParam, CK_MECHANISM_TYPE, CK_ULONG +*ckpLength); /* functions to convert a specific Java mechanism parameter object to a CK-mechanism parameter structure */ -CK_RSA_PKCS_OAEP_PARAMS jRsaPkcsOaepParamToCKRsaPkcsOaepParam(JNIEnv *env, jobject jParam); -CK_KEA_DERIVE_PARAMS jKeaDeriveParamToCKKeaDeriveParam(JNIEnv *env, jobject jParam); -CK_RC2_CBC_PARAMS jRc2CbcParamToCKRc2CbcParam(JNIEnv *env, jobject jParam); -CK_RC2_MAC_GENERAL_PARAMS jRc2MacGeneralParamToCKRc2MacGeneralParam(JNIEnv *env, jobject jParam); -CK_RC5_PARAMS jRc5ParamToCKRc5Param(JNIEnv *env, jobject jParam); -CK_RC5_CBC_PARAMS jRc5CbcParamToCKRc5CbcParam(JNIEnv *env, jobject jParam); -CK_RC5_MAC_GENERAL_PARAMS jRc5MacGeneralParamToCKRc5MacGeneralParam(JNIEnv *env, jobject jParam); -CK_SKIPJACK_PRIVATE_WRAP_PARAMS jSkipjackPrivateWrapParamToCKSkipjackPrivateWrapParam(JNIEnv *env, jobject jParam); -CK_SKIPJACK_RELAYX_PARAMS jSkipjackRelayxParamToCKSkipjackRelayxParam(JNIEnv *env, jobject jParam); -CK_PBE_PARAMS jPbeParamToCKPbeParam(JNIEnv *env, jobject jParam); +void jRsaPkcsOaepParamToCKRsaPkcsOaepParam(JNIEnv *env, jobject jParam, CK_RSA_PKCS_OAEP_PARAMS_PTR ckParamPtr); +void jPbeParamToCKPbeParam(JNIEnv *env, jobject jParam, CK_PBE_PARAMS_PTR ckParamPtr); void copyBackPBEInitializationVector(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism); -CK_PKCS5_PBKD2_PARAMS jPkcs5Pbkd2ParamToCKPkcs5Pbkd2Param(JNIEnv *env, jobject jParam); -CK_KEY_WRAP_SET_OAEP_PARAMS jKeyWrapSetOaepParamToCKKeyWrapSetOaepParam(JNIEnv *env, jobject jParam); +void jPkcs5Pbkd2ParamToCKPkcs5Pbkd2Param(JNIEnv *env, jobject jParam, CK_PKCS5_PBKD2_PARAMS_PTR ckParamPtr); void copyBackSetUnwrappedKey(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism); -CK_SSL3_MASTER_KEY_DERIVE_PARAMS jSsl3MasterKeyDeriveParamToCKSsl3MasterKeyDeriveParam(JNIEnv *env, jobject jParam); +void jSsl3MasterKeyDeriveParamToCKSsl3MasterKeyDeriveParam(JNIEnv *env, jobject jParam, CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR ckParamPtr); void ssl3CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism); void tls12CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism); -CK_SSL3_KEY_MAT_PARAMS jSsl3KeyMatParamToCKSsl3KeyMatParam(JNIEnv *env, jobject jParam); +void jSsl3KeyMatParamToCKSsl3KeyMatParam(JNIEnv *env, jobject jParam, CK_SSL3_KEY_MAT_PARAMS_PTR ckParamPtr); void ssl3CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism); void tls12CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism); CK_KEY_DERIVATION_STRING_DATA jKeyDerivationStringDataToCKKeyDerivationStringData(JNIEnv *env, jobject jParam); -CK_RSA_PKCS_PSS_PARAMS jRsaPkcsPssParamToCKRsaPkcsPssParam(JNIEnv *env, jobject jParam); -CK_ECDH1_DERIVE_PARAMS jEcdh1DeriveParamToCKEcdh1DeriveParam(JNIEnv *env, jobject jParam); -CK_ECDH2_DERIVE_PARAMS jEcdh2DeriveParamToCKEcdh2DeriveParam(JNIEnv *env, jobject jParam); -CK_X9_42_DH1_DERIVE_PARAMS jX942Dh1DeriveParamToCKX942Dh1DeriveParam(JNIEnv *env, jobject jParam); -CK_X9_42_DH2_DERIVE_PARAMS jX942Dh2DeriveParamToCKX942Dh2DeriveParam(JNIEnv *env, jobject jParam); +void jRsaPkcsPssParamToCKRsaPkcsPssParam(JNIEnv *env, jobject jParam, CK_RSA_PKCS_PSS_PARAMS_PTR ckParamPtr); +void jEcdh1DeriveParamToCKEcdh1DeriveParam(JNIEnv *env, jobject jParam, CK_ECDH1_DERIVE_PARAMS_PTR ckParamPtr); +void jEcdh2DeriveParamToCKEcdh2DeriveParam(JNIEnv *env, jobject jParam, +CK_ECDH2_DERIVE_PARAMS_PTR ckParamPtr); +void jX942Dh1DeriveParamToCKX942Dh1DeriveParam(JNIEnv *env, jobject jParam, CK_X9_42_DH1_DERIVE_PARAMS_PTR ckParamPtr); +void jX942Dh2DeriveParamToCKX942Dh2DeriveParam(JNIEnv *env, jobject jParam, CK_X9_42_DH2_DERIVE_PARAMS_PTR ckParamPtr); /* functions to convert the InitArgs object for calling the right Java mutex functions */ @@ -450,6 +446,7 @@ void destroyLockObject(JNIEnv *env, jobject jLockObject); extern jfieldID pNativeDataID; extern jfieldID mech_mechanismID; extern jfieldID mech_pParameterID; +extern jfieldID mech_pHandleID; extern jclass jByteArrayClass; extern jclass jLongClass; diff --git a/test/jdk/sun/security/pkcs11/Cipher/Test4512704.java b/test/jdk/sun/security/pkcs11/Cipher/Test4512704.java new file mode 100644 index 00000000000..ddca64ecb69 --- /dev/null +++ b/test/jdk/sun/security/pkcs11/Cipher/Test4512704.java @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8080462 + * @library /test/lib .. + * @modules jdk.crypto.cryptoki + * @run main Test4512704 + * @summary Verify that AES cipher can generate default IV in encrypt mode + */ +import java.io.PrintStream; +import java.security.*; +import java.security.spec.*; +import java.util.Random; + +import javax.crypto.*; +import javax.crypto.spec.*; +import java.security.Provider; + +public class Test4512704 extends PKCS11Test { + + public void test(String mode, Provider p) throws Exception { + Cipher c; + String transformation = "AES/" + mode + "/NoPadding"; + + try { + transformation = "AES/" + mode + "/NoPadding"; + c = Cipher.getInstance(transformation, p); + } catch (GeneralSecurityException e) { + System.out.println("Skip testing " + p.getName() + + ", no support for " + mode); + return; + } + SecretKey key = new SecretKeySpec(new byte[16], "AES"); + + AlgorithmParameterSpec aps = null; + Cipher ci = Cipher.getInstance(transformation, p); + try { + ci.init(Cipher.ENCRYPT_MODE, key, aps); + } catch(InvalidAlgorithmParameterException ex) { + throw new Exception("parameter should be generated when null is specified!"); + } + System.out.println(transformation + ": Passed"); + } + + public static void main (String[] args) throws Exception { + main(new Test4512704(), args); + } + + @Override + public void main(Provider p) throws Exception { + test("GCM", p); + } + +} diff --git a/test/jdk/sun/security/pkcs11/Cipher/TestCICOWithGCM.java b/test/jdk/sun/security/pkcs11/Cipher/TestCICOWithGCM.java new file mode 100644 index 00000000000..06c1e84392c --- /dev/null +++ b/test/jdk/sun/security/pkcs11/Cipher/TestCICOWithGCM.java @@ -0,0 +1,109 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8080462 + * @library /test/lib .. + * @modules jdk.crypto.cryptoki + * @run main TestCICOWithGCM + * @summary Test CipherInputStream/OutputStream with AES GCM mode. + * @key randomness + */ + +import java.security.*; +import javax.crypto.*; +import javax.crypto.spec.*; +import java.math.*; +import java.io.*; + +import java.util.*; + +public class TestCICOWithGCM extends PKCS11Test { + public static void main(String[] args) throws Exception { + main(new TestCICOWithGCM(), args); + } + + @Override + public void main(Provider p) throws Exception { + test("GCM", p); + } + + public void test(String mode, Provider p) throws Exception { + Cipher c; + try { + String transformation = "AES/" + mode + "/NoPadding"; + c = Cipher.getInstance(transformation, p); + } catch (GeneralSecurityException e) { + System.out.println("Skip testing " + p.getName() + + ", no support for " + mode); + return; + } + + SecretKey key = new SecretKeySpec(new byte[16], "AES"); + + //do initialization of the plainText + byte[] plainText = new byte[800]; + Random rdm = new Random(); + rdm.nextBytes(plainText); + + //init ciphers + Cipher encCipher = Cipher.getInstance("AES/GCM/NoPadding", p); + encCipher.init(Cipher.ENCRYPT_MODE, key); + Cipher decCipher = Cipher.getInstance("AES/GCM/NoPadding", p); + decCipher.init(Cipher.DECRYPT_MODE, key, encCipher.getParameters()); + + //init cipher streams + ByteArrayInputStream baInput = new ByteArrayInputStream(plainText); + CipherInputStream ciInput = new CipherInputStream(baInput, encCipher); + ByteArrayOutputStream baOutput = new ByteArrayOutputStream(); + CipherOutputStream ciOutput = new CipherOutputStream(baOutput, decCipher); + + //do test + byte[] buffer = new byte[800]; + int len = ciInput.read(buffer); + System.out.println("read " + len + " bytes from input buffer"); + + while (len != -1) { + ciOutput.write(buffer, 0, len); + System.out.println("wite " + len + " bytes to output buffer"); + len = ciInput.read(buffer); + if (len != -1) { + System.out.println("read " + len + " bytes from input buffer"); + } else { + System.out.println("finished reading"); + } + } + + ciOutput.flush(); + ciInput.close(); + ciOutput.close(); + byte[] recovered = baOutput.toByteArray(); + System.out.println("recovered " + recovered.length + " bytes"); + if (!Arrays.equals(plainText, recovered)) { + throw new RuntimeException("diff check failed!"); + } else { + System.out.println("diff check passed"); + } + } +} diff --git a/test/jdk/sun/security/pkcs11/Cipher/TestCICOWithGCMAndAAD.java b/test/jdk/sun/security/pkcs11/Cipher/TestCICOWithGCMAndAAD.java new file mode 100644 index 00000000000..be2b1d18c8f --- /dev/null +++ b/test/jdk/sun/security/pkcs11/Cipher/TestCICOWithGCMAndAAD.java @@ -0,0 +1,122 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8080462 + * @library /test/lib .. + * @modules jdk.crypto.cryptoki + * @run main TestCICOWithGCMAndAAD + * @summary Test CipherInputStream/OutputStream with AES GCM mode with AAD. + * @key randomness + */ +import java.io.*; +import java.security.*; +import java.util.*; +import javax.crypto.*; +import javax.crypto.spec.*; + +public class TestCICOWithGCMAndAAD extends PKCS11Test { + public static void main(String[] args) throws Exception { + main(new TestCICOWithGCMAndAAD(), args); + } + + @Override + public void main(Provider p) throws Exception { + test("GCM", p); +// test("CCM", p); + } + + public void test(String mode, Provider p) throws Exception { + Cipher c; + try { + String transformation = "AES/" + mode + "/NoPadding"; + c = Cipher.getInstance(transformation, p); + } catch (GeneralSecurityException e) { + System.out.println("Skip testing " + p.getName() + + ", no support for " + mode); + return; + } + SecretKey key = new SecretKeySpec(new byte[16], "AES"); + + //Do initialization of the plainText + byte[] plainText = new byte[700]; + Random rdm = new Random(); + rdm.nextBytes(plainText); + + byte[] aad = new byte[128]; + rdm.nextBytes(aad); + byte[] aad2 = aad.clone(); + aad2[50]++; + + Cipher encCipher = Cipher.getInstance("AES/GCM/NoPadding", p); + encCipher.init(Cipher.ENCRYPT_MODE, key); + encCipher.updateAAD(aad); + Cipher decCipher = Cipher.getInstance("AES/GCM/NoPadding", p); + decCipher.init(Cipher.DECRYPT_MODE, key, encCipher.getParameters()); + decCipher.updateAAD(aad); + + byte[] recovered = test(encCipher, decCipher, plainText); + if (!Arrays.equals(plainText, recovered)) { + throw new Exception("sameAAD: diff check failed!"); + } else System.out.println("sameAAD: passed"); + + encCipher.init(Cipher.ENCRYPT_MODE, key); + encCipher.updateAAD(aad2); + recovered = test(encCipher, decCipher, plainText); + if (recovered != null && recovered.length != 0) { + throw new Exception("diffAAD: no data should be returned!"); + } else System.out.println("diffAAD: passed"); + } + + private static byte[] test(Cipher encCipher, Cipher decCipher, byte[] plainText) + throws Exception { + //init cipher streams + ByteArrayInputStream baInput = new ByteArrayInputStream(plainText); + CipherInputStream ciInput = new CipherInputStream(baInput, encCipher); + ByteArrayOutputStream baOutput = new ByteArrayOutputStream(); + CipherOutputStream ciOutput = new CipherOutputStream(baOutput, decCipher); + + //do test + byte[] buffer = new byte[200]; + int len = ciInput.read(buffer); + System.out.println("read " + len + " bytes from input buffer"); + + while (len != -1) { + ciOutput.write(buffer, 0, len); + System.out.println("wite " + len + " bytes to output buffer"); + len = ciInput.read(buffer); + if (len != -1) { + System.out.println("read " + len + " bytes from input buffer"); + } else { + System.out.println("finished reading"); + } + } + + ciOutput.flush(); + ciInput.close(); + ciOutput.close(); + + return baOutput.toByteArray(); + } +} diff --git a/test/jdk/sun/security/pkcs11/Cipher/TestGCMKeyAndIvCheck.java b/test/jdk/sun/security/pkcs11/Cipher/TestGCMKeyAndIvCheck.java new file mode 100644 index 00000000000..f14e3facc13 --- /dev/null +++ b/test/jdk/sun/security/pkcs11/Cipher/TestGCMKeyAndIvCheck.java @@ -0,0 +1,197 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8080462 + * @library /test/lib .. + * @modules jdk.crypto.cryptoki + * @run main TestGCMKeyAndIvCheck + * @summary Ensure that same key+iv can't be repeated used for encryption. + */ + + +import java.security.*; +import java.security.spec.AlgorithmParameterSpec; +import javax.crypto.*; +import javax.crypto.spec.*; +import java.math.*; + +import java.util.*; + +public class TestGCMKeyAndIvCheck extends PKCS11Test { + + private static final byte[] AAD = new byte[5]; + private static final byte[] PT = new byte[18]; + + public static void main(String[] args) throws Exception { + main(new TestGCMKeyAndIvCheck(), args); + } + + private static void checkISE(Cipher c) throws Exception { + // Subsequent encryptions should fail + try { + c.updateAAD(AAD); + throw new Exception("Should throw ISE for updateAAD()"); + } catch (IllegalStateException ise) { + // expected + } + + try { + c.update(PT); + throw new Exception("Should throw ISE for update()"); + } catch (IllegalStateException ise) { + // expected + } + try { + c.doFinal(PT); + throw new Exception("Should throw ISE for doFinal()"); + } catch (IllegalStateException ise) { + // expected + } + } + + public void test(String mode, Provider p) throws Exception { + Cipher c; + try { + String transformation = "AES/" + mode + "/NoPadding"; + c = Cipher.getInstance(transformation, p); + } catch (GeneralSecurityException e) { + System.out.println("Skip testing " + p.getName() + + ", no support for " + mode); + return; + } + SecretKey key = new SecretKeySpec(new byte[16], "AES"); + // First try parameter-less init. + c.init(Cipher.ENCRYPT_MODE, key); + c.updateAAD(AAD); + byte[] ctPlusTag = c.doFinal(PT); + + // subsequent encryption should fail unless re-init w/ different key+iv + checkISE(c); + + // Validate the retrieved parameters against the IV and tag length. + AlgorithmParameters params = c.getParameters(); + if (params == null) { + throw new Exception("getParameters() should not return null"); + } + byte[] iv = null; + int tagLength = 0; // in bits + if (mode.equalsIgnoreCase("GCM")) { + GCMParameterSpec spec = params.getParameterSpec(GCMParameterSpec.class); + tagLength = spec.getTLen(); + iv = spec.getIV(); + } else { + throw new RuntimeException("Error: Unsupported mode: " + mode); + } + if (tagLength != (ctPlusTag.length - PT.length)*8) { + throw new Exception("Parameters contains incorrect TLen value"); + } + if (!Arrays.equals(iv, c.getIV())) { + throw new Exception("Parameters contains incorrect IV value"); + } + + // Should be ok to use the same key+iv for decryption + c.init(Cipher.DECRYPT_MODE, key, params); + c.updateAAD(AAD); + byte[] recovered = c.doFinal(ctPlusTag); + if (!Arrays.equals(recovered, PT)) { + throw new Exception("decryption result mismatch"); + } + + // Now try to encrypt again using the same key+iv; should fail also + try { + c.init(Cipher.ENCRYPT_MODE, key, params); + throw new Exception("Should throw exception when same key+iv is used"); + } catch (InvalidAlgorithmParameterException iape) { + // expected + } + + // Now try to encrypt again using parameter-less init; should work + c.init(Cipher.ENCRYPT_MODE, key); + c.doFinal(PT); + + // make sure a different iv is used + byte[] ivNew = c.getIV(); + if (Arrays.equals(iv, ivNew)) { + throw new Exception("IV should be different now"); + } + + // Now try to encrypt again using a different parameter; should work + AlgorithmParameterSpec spec2 = new GCMParameterSpec(128, new byte[30]); + c.init(Cipher.ENCRYPT_MODE, key, spec2); + c.updateAAD(AAD); + c.doFinal(PT); + // subsequent encryption should fail unless re-init w/ different key+iv + checkISE(c); + + // Now try decryption twice in a row; no re-init required and + // same parameters is used. + c.init(Cipher.DECRYPT_MODE, key, params); + c.updateAAD(AAD); + recovered = c.doFinal(ctPlusTag); + + c.updateAAD(AAD); + recovered = c.doFinal(ctPlusTag); + if (!Arrays.equals(recovered, PT)) { + throw new Exception("decryption result mismatch"); + } + + // Now try decryption again and re-init using the same parameters + c.init(Cipher.DECRYPT_MODE, key, params); + c.updateAAD(AAD); + recovered = c.doFinal(ctPlusTag); + + // init to decrypt w/o parameters; should fail with IKE as + // javadoc specified + try { + c.init(Cipher.DECRYPT_MODE, key); + throw new Exception("Should throw IKE for dec w/o params"); + } catch (InvalidKeyException ike) { + // expected + } + + // Lastly, try encryption AND decryption w/ wrong type of parameters, + // e.g. IvParameterSpec + try { + c.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(iv)); + throw new Exception("Should throw IAPE"); + } catch (InvalidAlgorithmParameterException iape) { + // expected + } + try { + c.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(iv)); + throw new Exception("Should throw IAPE"); + } catch (InvalidAlgorithmParameterException iape) { + // expected + } + + System.out.println("Test Passed!"); + } + + @Override + public void main(Provider p) throws Exception { + test("GCM", p); + } +} + diff --git a/test/jdk/sun/security/pkcs11/Cipher/TestKATForGCM.java b/test/jdk/sun/security/pkcs11/Cipher/TestKATForGCM.java new file mode 100644 index 00000000000..b074e102bc0 --- /dev/null +++ b/test/jdk/sun/security/pkcs11/Cipher/TestKATForGCM.java @@ -0,0 +1,322 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8080462 + * @library /test/lib .. + * @modules jdk.crypto.cryptoki + * @run main TestKATForGCM + * @summary Known Answer Test for AES cipher with GCM mode support in + * PKCS11 provider. + */ +import java.security.*; +import javax.crypto.*; +import javax.crypto.spec.*; +import java.math.*; + +import java.util.*; + +public class TestKATForGCM extends PKCS11Test { + + // Utility methods + private static byte[] HexToBytes(String hexVal) { + if (hexVal == null) return new byte[0]; + byte[] result = new byte[hexVal.length()/2]; + for (int i = 0; i < result.length; i++) { + // 2 characters at a time + String byteVal = hexVal.substring(2*i, 2*i +2); + result[i] = Integer.valueOf(byteVal, 16).byteValue(); + } + return result; + } + + private static class TestVector { + SecretKey key; + byte[] plainText; + byte[] aad; + byte[] cipherText; + byte[] tag; + GCMParameterSpec spec; + String info; + + TestVector(String key, String iv, String pt, String aad, + String ct, String tag) { + this.key = new SecretKeySpec(HexToBytes(key), "AES"); + this.plainText = HexToBytes(pt); + this.aad = HexToBytes(aad); + this.cipherText = HexToBytes(ct); + this.tag = HexToBytes(tag); + this.spec = new GCMParameterSpec(this.tag.length * 8, HexToBytes(iv)); + this.info = "key=" + key + ", iv=" + iv + ", pt=" + pt + + ",aad=" + aad + ", ct=" + ct + ", tag=" + tag; + } + + public String toString() { + return info; + } + } + + // These test vectors are found off NIST's CAVP page + // http://csrc.nist.gov/groups/STM/cavp/index.html + // inside the link named "GCM Test Vectors", i.e. + // http://csrc.nist.gov/groups/STM/cavp/documents/mac/gcmtestvectors.zip + // CAVS 14.0, set of test vectors w/ count = 0, keysize = 128 + private static TestVector[] testValues = { + // 96-bit iv w/ 128/120/112/104/96-bit tags + // no plain text, no aad + new TestVector("11754cd72aec309bf52f7687212e8957", + "3c819d9a9bed087615030b65", + null, null, null, + "250327c674aaf477aef2675748cf6971"), + new TestVector("272f16edb81a7abbea887357a58c1917", + "794ec588176c703d3d2a7a07", + null, null, null, + "b6e6f197168f5049aeda32dafbdaeb"), + new TestVector("81b6844aab6a568c4556a2eb7eae752f", + "ce600f59618315a6829bef4d", + null, null, null, + "89b43e9dbc1b4f597dbbc7655bb5"), + new TestVector("cde2f9a9b1a004165ef9dc981f18651b", + "29512c29566c7322e1e33e8e", + null, null, null, + "2e58ce7dabd107c82759c66a75"), + new TestVector("b01e45cc3088aaba9fa43d81d481823f", + "5a2c4a66468713456a4bd5e1", + null, null, null, + "014280f944f53c681164b2ff"), + // 96-bit iv w/ 128/120/112/104/96-bit tags + // no plain text, 16-byte aad + new TestVector("77be63708971c4e240d1cb79e8d77feb", + "e0e00f19fed7ba0136a797f3", + null, + "7a43ec1d9c0a5a78a0b16533a6213cab", + null, + "209fcc8d3675ed938e9c7166709dd946"), + new TestVector("da0b615656135194ba6d3c851099bc48", + "d39d4b4d3cc927885090e6c3", + null, + "e7e5e6f8dac913036cb2ff29e8625e0e", + null, + "ab967711a5770461724460b07237e2"), + new TestVector("7e0986937a88eef894235aba4a2f43b2", + "92c4a631695907166b422d60", + null, + "85c185f8518f9f2cd597a8f9208fc76b", + null, + "3bb916b728df94fe9d1916736be1"), + new TestVector("c3db570d7f0c21e86b028f11465d1dc9", + "f86970f58ceef89fc7cb679e", + null, + "c095240708c0f57c288d86090ae34ee1", + null, + "e043c52160d652e82c7262fcf4"), + new TestVector("bea48ae4980d27f357611014d4486625", + "32bddb5c3aa998a08556454c", + null, + "8a50b0b8c7654bced884f7f3afda2ead", + null, + "8e0f6d8bf05ffebe6f500eb1"), + // 96-bit iv w/ 128/120/112/104/96-bit tags + // no plain text, 20-byte aad + new TestVector("2fb45e5b8f993a2bfebc4b15b533e0b4", + "5b05755f984d2b90f94b8027", + null, + "e85491b2202caf1d7dce03b97e09331c32473941", + null, + "c75b7832b2a2d9bd827412b6ef5769db"), + new TestVector("9bf406339fcef9675bbcf156aa1a0661", + "8be4a9543d40f542abacac95", + null, + "7167cbf56971793186333a6685bbd58d47d379b3", + null, + "5e7968d7bbd5ba58cfcc750e2ef8f1"), + new TestVector("a2e962fff70fd0f4d63be728b80556fc", + "1fa7103483de43d09bc23db4", + null, + "2a58edf1d53f46e4e7ee5e77ee7aeb60fc360658", + null, + "fa37f2dbbefab1451eae1d0d74ca"), + new TestVector("6bf4fdce82926dcdfc52616ed5f23695", + "cc0f5899a10615567e1193ed", + null, + "3340655592374c1da2f05aac3ee111014986107f", + null, + "8ad3385cce3b5e7c985908192c"), + new TestVector("4df7a13e43c3d7b66b1a72fac5ba398e", + "97179a3a2d417908dcf0fb28", + null, + "cbb7fc0010c255661e23b07dbd804b1e06ae70ac", + null, + "37791edae6c137ea946cfb40"), + // 96-bit iv w/ 128-bit tags, 13/16/32/51-byte plain text, no aad + new TestVector("fe9bb47deb3a61e423c2231841cfd1fb", + "4d328eb776f500a2f7fb47aa", + "f1cc3818e421876bb6b8bbd6c9", + null, + "b88c5c1977b35b517b0aeae967", + "43fd4727fe5cdb4b5b42818dea7ef8c9"), + new TestVector("7fddb57453c241d03efbed3ac44e371c", + "ee283a3fc75575e33efd4887", + "d5de42b461646c255c87bd2962d3b9a2", + null, + "2ccda4a5415cb91e135c2a0f78c9b2fd", + "b36d1df9b9d5e596f83e8b7f52971cb3"), + new TestVector("9971071059abc009e4f2bd69869db338", + "07a9a95ea3821e9c13c63251", + "f54bc3501fed4f6f6dfb5ea80106df0bd836e6826225b75c0222f6e859b35983", + null, + "0556c159f84ef36cb1602b4526b12009c775611bffb64dc0d9ca9297cd2c6a01", + "7870d9117f54811a346970f1de090c41"), + new TestVector("594157ec4693202b030f33798b07176d", + "49b12054082660803a1df3df", + +"3feef98a976a1bd634f364ac428bb59cd51fb159ec1789946918dbd50ea6c9d594a3a31a5269b0da6936c29d063a5fa2cc8a1c", + null, + +"c1b7a46a335f23d65b8db4008a49796906e225474f4fe7d39e55bf2efd97fd82d4167de082ae30fa01e465a601235d8d68bc69", + "ba92d3661ce8b04687e8788d55417dc2"), + // 96-bit iv w/ 128-bit tags, 16-byte plain text, 16/20/48/90-byte aad + new TestVector("c939cc13397c1d37de6ae0e1cb7c423c", + "b3d8cc017cbb89b39e0f67e2", + "c3b3c41f113a31b73d9a5cd432103069", + "24825602bd12a984e0092d3e448eda5f", + "93fe7d9e9bfd10348a5606e5cafa7354", + "0032a1dc85f1c9786925a2e71d8272dd"), + new TestVector("d4a22488f8dd1d5c6c19a7d6ca17964c", + "f3d5837f22ac1a0425e0d1d5", + "7b43016a16896497fb457be6d2a54122", + "f1c5d424b83f96c6ad8cb28ca0d20e475e023b5a", + "c2bd67eef5e95cac27e3b06e3031d0a8", + "f23eacf9d1cdf8737726c58648826e9c"), + new TestVector("89850dd398e1f1e28443a33d40162664", + "e462c58482fe8264aeeb7231", + "2805cdefb3ef6cc35cd1f169f98da81a", + +"d74e99d1bdaa712864eec422ac507bddbe2b0d4633cd3dff29ce5059b49fe868526c59a2a3a604457bc2afea866e7606", + "ba80e244b7fc9025cd031d0f63677e06", + "d84a8c3eac57d1bb0e890a8f461d1065"), + new TestVector("bd7c5c63b7542b56a00ebe71336a1588", + "87721f23ba9c3c8ea5571abc", + "de15ddbb1e202161e8a79af6a55ac6f3", + +"a6ec8075a0d3370eb7598918f3b93e48444751624997b899a87fa6a9939f844e008aa8b70e9f4c3b1a19d3286bf543e7127bfecba1ad17a5ec53fccc26faecacc4c75369498eaa7d706aef634d0009279b11e4ba6c993e5e9ed9", + "41eb28c0fee4d762de972361c863bc80", + "9cb567220d0b252eb97bff46e4b00ff8"), + // 8/1024-bit iv w/ 128-bit tag, no plain text, no aad + new TestVector("1672c3537afa82004c6b8a46f6f0d026", + "05", + null, null, null, + "8e2ad721f9455f74d8b53d3141f27e8e"), + new TestVector("d0f1f4defa1e8c08b4b26d576392027c", + +"42b4f01eb9f5a1ea5b1eb73b0fb0baed54f387ecaa0393c7d7dffc6af50146ecc021abf7eb9038d4303d91f8d741a11743166c0860208bcc02c6258fd9511a2fa626f96d60b72fcff773af4e88e7a923506e4916ecbd814651e9f445adef4ad6a6b6c7290cc13b956130eef5b837c939fcac0cbbcc9656cd75b13823ee5acdac", + null, null, null, + "7ab49b57ddf5f62c427950111c5c4f0d"), + // 8-bit iv w/ 128-bit tag, 13-byte plain text, 90-byte aad + new TestVector("9f79239f0904eace50784b863e723f6b", + "d9", + "bdb0bb10c87965acd34d146171", + +"44db436089327726c5f01139e1f339735c9e85514ccc2f167bad728010fb34a9072a9794c8a5e7361b1d0dbcdc9ac4091e354bb2896561f0486645252e9c78c86beece91bfa4f7cc4a8794ce1f305b1b735efdbf1ed1563c0be0", + "7e5a7c8dadb3f0c7335b4d9d8d", + "6b6ef1f53723a89f3bb7c6d043840717"), + // 1024-bit iv w/ 128-bit tag, 51-byte plain text, 48-byte aad + new TestVector("141f1ce91989b07e7eb6ae1dbd81ea5e", + +"49451da24bd6074509d3cebc2c0394c972e6934b45a1d91f3ce1d3ca69e194aa1958a7c21b6f21d530ce6d2cc5256a3f846b6f9d2f38df0102c4791e57df038f6e69085646007df999751e248e06c47245f4cd3b8004585a7470dee1690e9d2d63169a58d243c0b57b3e5b4a481a3e4e8c60007094ef3adea2e8f05dd3a1396f", + +"d384305af2388699aa302f510913fed0f2cb63ba42efa8c5c9de2922a2ec2fe87719dadf1eb0aef212b51e74c9c5b934104a43", + +"630cf18a91cc5a6481ac9eefd65c24b1a3c93396bd7294d6b8ba323951727666c947a21894a079ef061ee159c05beeb4", + +"f4c34e5fbe74c0297313268296cd561d59ccc95bbfcdfcdc71b0097dbd83240446b28dc088abd42b0fc687f208190ff24c0548", + "dbb93bbb56d0439cd09f620a57687f5d"), + }; + + public boolean execute(TestVector[] testValues, Cipher c) throws Exception { + boolean testFailed = false; + for (int i = 0; i < testValues.length; i++) { + try { + c.init(Cipher.ENCRYPT_MODE, testValues[i].key, testValues[i].spec); + c.updateAAD(testValues[i].aad); + byte[] ctPlusTag = c.doFinal(testValues[i].plainText); + + c.init(Cipher.DECRYPT_MODE, testValues[i].key, testValues[i].spec); + c.updateAAD(testValues[i].aad); + byte[] pt = c.doFinal(ctPlusTag); // should fail if tag mismatched + + // check encryption/decryption results just to be sure + if (!Arrays.equals(testValues[i].plainText, pt)) { + System.out.println("PlainText diff failed for test# " + i); + testFailed = true; + } + int ctLen = testValues[i].cipherText.length; + if (!Arrays.equals(testValues[i].cipherText, + Arrays.copyOf(ctPlusTag, ctLen))) { + System.out.println("CipherText diff failed for test# " + i); + testFailed = true; + } + int tagLen = testValues[i].tag.length; + if (!Arrays.equals + (testValues[i].tag, + Arrays.copyOfRange(ctPlusTag, ctLen, ctLen+tagLen))) { + System.out.println("Tag diff failed for test# " + i); + testFailed = true; + } + } catch (Exception ex) { + // continue testing other test vectors + System.out.println("Failed Test Vector: " + testValues[i]); + ex.printStackTrace(); + testFailed = true; + continue; + } + } + if (testFailed) { + throw new Exception("Test Failed"); + } + // passed all tests...hooray! + return true; + } + + public static void main(String[] args) throws Exception { + main(new TestKATForGCM(), args); + } + + @Override + public void main(Provider p) throws Exception { + Cipher c; + String transformation = "AES/GCM/NoPadding"; + try { + c = Cipher.getInstance(transformation, p); + } catch (GeneralSecurityException e) { + System.out.println("Skip testing " + p.getName() + + ", no support for " + transformation); + return; + } + if (execute(testValues, c)) { + System.out.println("Test Passed!"); + } + } +} + diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java b/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java index 5aa562b1256..7ced00630cc 100644 --- a/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java +++ b/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,60 +23,74 @@ /* * @test - * @bug 4856966 + * @bug 4856966 8080462 * @summary Test the MessageDigest.update(ByteBuffer) method * @author Andreas Sterbenz * @library /test/lib .. * @key randomness * @modules jdk.crypto.cryptoki * @run main/othervm ByteBuffers - * @run main/othervm ByteBuffers sm */ import java.nio.ByteBuffer; -import java.security.MessageDigest; -import java.security.Provider; +import java.security.*; import java.util.Arrays; import java.util.Random; public class ByteBuffers extends PKCS11Test { + static final String[] ALGS = { + "SHA-224", "SHA-256", "SHA-384", "SHA-512", "SHA-512/224", "SHA-512/256" + }; + + private static Random random = new Random(); + public static void main(String[] args) throws Exception { main(new ByteBuffers(), args); } @Override public void main(Provider p) throws Exception { - if (p.getService("MessageDigest", "MD5") == null) { - System.out.println("Provider does not support MD5, skipping"); - return; - } - - Random random = new Random(); int n = 10 * 1024; byte[] t = new byte[n]; random.nextBytes(t); - MessageDigest md = MessageDigest.getInstance("MD5", p); - byte[] d1 = md.digest(t); + for (String alg : ALGS) { + runTest(p, alg, t); + } + } + + private void runTest(Provider p, String alg, byte[] data) throws Exception { + System.out.println("Test against " + p.getName() + " and " + alg); + MessageDigest md; + try { + md = MessageDigest.getInstance(alg, p); + } catch (NoSuchAlgorithmException e) { + System.out.println("Skip " + alg + " due to no support"); + return; + } + + byte[] d1 = md.digest(data); + + int n = data.length; // test 1: ByteBuffer with an accessible backing array ByteBuffer b1 = ByteBuffer.allocate(n + 256); b1.position(random.nextInt(256)); b1.limit(b1.position() + n); ByteBuffer b2 = b1.slice(); - b2.put(t); + b2.put(data); b2.clear(); - byte[] d2 = digest(md, b2, random); + byte[] d2 = digest(md, b2); if (Arrays.equals(d1, d2) == false) { throw new Exception("Test 1 failed"); } // test 2: direct ByteBuffer - ByteBuffer b3 = ByteBuffer.allocateDirect(t.length); - b3.put(t); + ByteBuffer b3 = ByteBuffer.allocateDirect(n); + b3.put(data); b3.clear(); - byte[] d3 = digest(md, b3, random); + byte[] d3 = digest(md, b3); if (Arrays.equals(d1, d2) == false) { throw new Exception("Test 2 failed"); } @@ -84,14 +98,15 @@ public class ByteBuffers extends PKCS11Test { // test 3: ByteBuffer without an accessible backing array b2.clear(); ByteBuffer b4 = b2.asReadOnlyBuffer(); - byte[] d4 = digest(md, b4, random); + byte[] d4 = digest(md, b4); if (Arrays.equals(d1, d2) == false) { throw new Exception("Test 3 failed"); } System.out.println("All tests passed"); } - private static byte[] digest(MessageDigest md, ByteBuffer b, Random random) throws Exception { + private static byte[] digest(MessageDigest md, ByteBuffer b) + throws Exception { int lim = b.limit(); b.limit(random.nextInt(lim)); md.update(b); diff --git a/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java b/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java new file mode 100644 index 00000000000..ccd66599fb0 --- /dev/null +++ b/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java @@ -0,0 +1,87 @@ +/* + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ +import java.security.*; +import java.security.spec.*; + +/** + * @test + * @bug 8080462 + * @summary Make sure old state is cleared when init is called again + * @library /test/lib .. + * @modules jdk.crypto.cryptoki + */ +public class InitAgainPSS extends PKCS11Test { + + public static void main(String[] args) throws Exception { + main(new InitAgainPSS(), args); + } + + @Override + public void main(Provider p) throws Exception { + Signature s1; + try { + s1 = Signature.getInstance("RSASSA-PSS", p); + } catch (NoSuchAlgorithmException e) { + System.out.println("Skip testing RSASSA-PSS" + + " due to no support"); + return; + } + + byte[] msg = "hello".getBytes(); + + Signature s2 = Signature.getInstance("RSASSA-PSS", p); + + PSSParameterSpec params = new PSSParameterSpec("SHA-256", "MGF1", + new MGF1ParameterSpec("SHA-256"), 32, + PSSParameterSpec.TRAILER_FIELD_BC); + s1.setParameter(params); + s2.setParameter(params); + + KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", p); + kpg.initialize(2048); + KeyPair kp = kpg.generateKeyPair(); + + s1.initSign(kp.getPrivate()); + + s1.update(msg); + s1.initSign(kp.getPrivate()); + s1.update(msg); + // Data digested in s1: + // Before this fix, msg | msg + // After this fix, msg + + s2.initVerify(kp.getPublic()); + s2.update(msg); + s2.initVerify(kp.getPublic()); + s2.update(msg); + s2.initVerify(kp.getPublic()); + s2.update(msg); + // Data digested in s2: + // Before this fix, msg | msg | msg + // After this fix, msg + + if (!s2.verify(s1.sign())) { + throw new Exception(); + } + } +} diff --git a/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java b/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java new file mode 100644 index 00000000000..a401521c8c9 --- /dev/null +++ b/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java @@ -0,0 +1,132 @@ +/* + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ +import java.security.*; +import java.security.interfaces.*; +import java.security.spec.*; + +/** + * @test + * @bug 8080462 + * @summary Ensure that PSS key and params check are implemented properly + * regardless of call sequence + * @library /test/lib .. + * @modules jdk.crypto.cryptoki + * @run main KeyAndParamCheckForPSS + */ +public class KeyAndParamCheckForPSS extends PKCS11Test { + + /** + * ALGORITHM name, fixed as RSA for PKCS11 + */ + private static final String KEYALG = "RSA"; + private static final String SIGALG = "RSASSA-PSS"; + + public static void main(String[] args) throws Exception { + main(new KeyAndParamCheckForPSS(), args); + } + + @Override + public void main(Provider p) throws Exception { + Signature sig; + try { + sig = Signature.getInstance(SIGALG, p); + } catch (NoSuchAlgorithmException e) { + System.out.println("Skip testing RSASSA-PSS" + + " due to no support"); + return; + } + // NOTE: key length >= (digest length + 2) in bytes + // otherwise, even salt length = 0 would not work + runTest(p, 1024, "SHA-384"); + runTest(p, 1040, "SHA-512"); + } + + private void runTest(Provider p, int keySize, String hashAlg) + throws Exception { + System.out.println("Testing [" + keySize + " " + hashAlg + "]"); + + // create a key pair with the supplied size + KeyPairGenerator kpg = KeyPairGenerator.getInstance(KEYALG, p); + kpg.initialize(keySize); + KeyPair kp = kpg.generateKeyPair(); + + int bigSaltLen = keySize/8 - 14; + AlgorithmParameterSpec paramsBad = new PSSParameterSpec(hashAlg, + "MGF1", new MGF1ParameterSpec(hashAlg), bigSaltLen, 1); + AlgorithmParameterSpec paramsGood = new PSSParameterSpec(hashAlg, + "MGF1", new MGF1ParameterSpec(hashAlg), 0, 1); + + PrivateKey priv = kp.getPrivate(); + PublicKey pub = kp.getPublic(); + + // test#1 - setParameter then initSign + Signature sig = Signature.getInstance("RSASSA-PSS", p); + sig.setParameter(paramsBad); + try { + sig.initSign(priv); + throw new RuntimeException("Expected IKE not thrown"); + } catch (InvalidKeyException ike) { + System.out.println("test#1: got expected IKE"); + } + sig.setParameter(paramsGood); + sig.initSign(priv); + System.out.println("test#1: pass"); + + // test#2 - setParameter then initVerify + sig = Signature.getInstance("RSASSA-PSS", p); + sig.setParameter(paramsBad); + try { + sig.initVerify(pub); + throw new RuntimeException("Expected IKE not thrown"); + } catch (InvalidKeyException ike) { + System.out.println("test#2: got expected IKE"); + } + sig.setParameter(paramsGood); + sig.initVerify(pub); + System.out.println("test#2: pass"); + + // test#3 - initSign, then setParameter + sig = Signature.getInstance("RSASSA-PSS", p); + sig.initSign(priv); + try { + sig.setParameter(paramsBad); + throw new RuntimeException("Expected IAPE not thrown"); + } catch (InvalidAlgorithmParameterException iape) { + System.out.println("test#3: got expected IAPE"); + } + sig.setParameter(paramsGood); + System.out.println("test#3: pass"); + + // test#4 - initVerify, then setParameter + sig = Signature.getInstance("RSASSA-PSS", p); + sig.initVerify(pub); + try { + sig.setParameter(paramsBad); + throw new RuntimeException("Expected IAPE not thrown"); + } catch (InvalidAlgorithmParameterException iape) { + System.out.println("test#4: got expected IAPE"); + } + sig.setParameter(paramsGood); + System.out.println("test#4: pass"); + } +} diff --git a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java new file mode 100644 index 00000000000..0cc1eb55b36 --- /dev/null +++ b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java @@ -0,0 +1,121 @@ +/* + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.security.*; +import java.security.spec.*; +import java.security.interfaces.*; + +/* + * @test + * @bug 8080462 + * @summary testing interoperability of PSS signatures of PKCS11 provider + * against SunRsaSign provider + * @library /test/lib .. + * @modules jdk.crypto.cryptoki + * @run main/othervm SigInteropPSS + */ +public class SigInteropPSS extends PKCS11Test { + + private static final byte[] MSG = + "Interoperability test between SunRsaSign and SunPKCS11".getBytes(); + + private static final String[] DIGESTS = { + "SHA-224", "SHA-256", "SHA-384", "SHA-512" + }; + + public static void main(String[] args) throws Exception { + main(new SigInteropPSS(), args); + } + + @Override + public void main(Provider p) throws Exception { + Signature sigPkcs11; + try { + sigPkcs11 = Signature.getInstance("RSASSA-PSS", p); + } catch (NoSuchAlgorithmException e) { + System.out.println("Skip testing RSASSA-PSS" + + " due to no support"); + return; + } + + Signature sigSunRsaSign = + Signature.getInstance("RSASSA-PSS", "SunRsaSign"); + + KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", p); + kpg.initialize(3072); + KeyPair kp = kpg.generateKeyPair(); + boolean status; + try { + status = runTest(sigSunRsaSign, sigPkcs11, kp); + status &= runTest(sigPkcs11, sigSunRsaSign, kp); + } catch (Exception e) { + System.out.println("Unexpected exception: " + e); + e.printStackTrace(System.out); + status = false; + } + + if (!status) { + throw new RuntimeException("One or more test failed"); + } + System.out.println("Test passed"); + } + + static boolean runTest(Signature signer, Signature verifier, KeyPair kp) throws Exception { + System.out.println("\tSign using " + signer.getProvider().getName()); + System.out.println("\tVerify using " + verifier.getProvider().getName()); + + boolean status; + for (String digestAlg : DIGESTS) { + System.out.println("\tDigest = " + digestAlg); + PSSParameterSpec params = new PSSParameterSpec(digestAlg, "MGF1", + new MGF1ParameterSpec(digestAlg), 0, 1); + try { + signer.setParameter(params); + signer.initSign(kp.getPrivate()); + verifier.setParameter(params); + verifier.initVerify(kp.getPublic()); + } catch (Exception e) { + System.out.println("\tERROR: unexpected ex during init" + e); + status = false; + continue; + } + try { + signer.update(MSG); + byte[] sigBytes = signer.sign(); + verifier.update(MSG); + boolean isValid = verifier.verify(sigBytes); + if (isValid) { + System.out.println("\tPSS Signature verified"); + } else { + System.out.println("\tERROR verifying PSS Signature"); + status = false; + } + } catch (Exception e) { + System.out.println("\tERROR: unexpected ex" + e); + e.printStackTrace(); + status = false; + } + } + return true; + } +} diff --git a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java new file mode 100644 index 00000000000..1cf142bf19e --- /dev/null +++ b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java @@ -0,0 +1,147 @@ +/* + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ +import java.security.*; +import java.security.interfaces.*; +import java.security.spec.*; +import java.util.stream.IntStream; + +/** + * @test + * @bug 8080462 + * @summary Generate a RSASSA-PSS signature and verify it using PKCS11 provider + * @library /test/lib .. + * @modules jdk.crypto.cryptoki + * @run main SignatureTestPSS + */ +public class SignatureTestPSS extends PKCS11Test { + + // PKCS11 does not support RSASSA-PSS keys yet + private static final String KEYALG = "RSA"; + private static final String SIGALG = "RSASSA-PSS"; + + private static final int[] KEYSIZES = { 2048, 3072 }; + private static final String[] DIGESTS = { "SHA-224", "SHA-256", + "SHA-384" , "SHA-512" }; + private Provider prov; + + /** + * How much times signature updated. + */ + private static final int UPDATE_TIMES_FIFTY = 50; + + /** + * How much times signature initial updated. + */ + private static final int UPDATE_TIMES_HUNDRED = 100; + + public static void main(String[] args) throws Exception { + main(new SignatureTestPSS(), args); + } + + @Override + public void main(Provider p) throws Exception { + Signature sig; + try { + sig = Signature.getInstance(SIGALG, p); + } catch (NoSuchAlgorithmException e) { + System.out.println("Skip testing RSASSA-PSS" + + " due to no support"); + return; + } + this.prov = p; + for (int i : KEYSIZES) { + runTest(i); + } + } + + private void runTest(int keySize) throws Exception { + byte[] data = new byte[100]; + IntStream.range(0, data.length).forEach(j -> { + data[j] = (byte) j; + }); + System.out.println("[KEYSIZE = " + keySize + "]"); + + // create a key pair + KeyPair kpair = generateKeys(KEYALG, keySize); + test(DIGESTS, kpair.getPrivate(), kpair.getPublic(), data); + } + + private void test(String[] testAlgs, PrivateKey privKey, + PublicKey pubKey, byte[] data) throws RuntimeException { + // For signature algorithm, create and verify a signature + for (String testAlg : testAlgs) { + try { + checkSignature(data, pubKey, privKey, testAlg); + } catch (NoSuchAlgorithmException | InvalidKeyException | + SignatureException | NoSuchProviderException ex) { + throw new RuntimeException(ex); + } catch (InvalidAlgorithmParameterException ex2) { + System.out.println("Skip test due to " + ex2); + } + }; + } + + private KeyPair generateKeys(String keyalg, int size) + throws NoSuchAlgorithmException { + KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyalg, prov); + kpg.initialize(size); + return kpg.generateKeyPair(); + } + + private void checkSignature(byte[] data, PublicKey pub, + PrivateKey priv, String mdAlg) throws NoSuchAlgorithmException, + InvalidKeyException, SignatureException, NoSuchProviderException, + InvalidAlgorithmParameterException { + System.out.println("Testing against " + mdAlg); + Signature sig = Signature.getInstance(SIGALG, prov); + AlgorithmParameterSpec params = new PSSParameterSpec( + mdAlg, "MGF1", new MGF1ParameterSpec(mdAlg), 0, 1); + sig.setParameter(params); + sig.initSign(priv); + for (int i = 0; i < UPDATE_TIMES_HUNDRED; i++) { + sig.update(data); + } + byte[] signedData = sig.sign(); + + // Make sure signature verifies with original data + // do we need to call sig.setParameter(params) again? + sig.initVerify(pub); + for (int i = 0; i < UPDATE_TIMES_HUNDRED; i++) { + sig.update(data); + } + if (!sig.verify(signedData)) { + throw new RuntimeException("Failed to verify signature"); + } + + // Make sure signature does NOT verify when the original data + // has changed + sig.initVerify(pub); + for (int i = 0; i < UPDATE_TIMES_FIFTY; i++) { + sig.update(data); + } + + if (sig.verify(signedData)) { + throw new RuntimeException("Failed to detect bad signature"); + } + } +} diff --git a/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java b/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java new file mode 100644 index 00000000000..222f8a2a5ed --- /dev/null +++ b/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java @@ -0,0 +1,93 @@ +/* + * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ +/* + * @test + * @bug 8080462 + * @library /test/lib .. + * @modules jdk.crypto.cryptoki + * @run main/othervm/timeout=250 TestDSA2 + * @summary verify that DSA signature works using SHA-2 digests. + * @key randomness + */ + + +import java.security.*; +import java.security.spec.*; +import java.security.interfaces.*; + +public class TestDSA2 extends PKCS11Test { + + private static final String[] SIG_ALGOS = { + "SHA224withDSA", + "SHA256withDSA", + //"SHA384withDSA", + //"SHA512withDSA", + }; + + private static final int KEYSIZE = 2048; + + public static void main(String[] args) throws Exception { + main(new TestDSA2(), args); + } + + @Override + public void main(Provider p) throws Exception { + KeyPair kp; + try { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA", p); + kpg.initialize(KEYSIZE); + kp = kpg.generateKeyPair(); + } catch (Exception ex) { + System.out.println("Skip due to no 2048-bit DSA support: " + ex); + ex.printStackTrace(); + return; + } + + for (String sigAlg : SIG_ALGOS) { + test(sigAlg, kp, p); + } + } + + private static void test(String sigAlg, KeyPair kp, Provider p) + throws Exception { + Signature sig; + try { + sig = Signature.getInstance(sigAlg, p); + } catch (Exception ex) { + System.out.println("Skip due to no support: " + sigAlg); + ex.printStackTrace(); + return; + } + + byte[] data = "anything will do".getBytes(); + + sig.initSign(kp.getPrivate()); + sig.update(data); + byte[] signature = sig.sign(); + + sig.initVerify(kp.getPublic()); + sig.update(data); + boolean verifies = sig.verify(signature); + System.out.println(sigAlg + ": Passed"); + } +}