author | mbalao |
Wed, 12 Sep 2018 13:09:51 +0200 | |
changeset 51800 | bccd9966f1ed |
parent 47216 | 71c04702a3d5 |
child 53257 | 5170dc2bcf64 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
2 |
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
*/ |
4 |
||
5 |
/* Copyright (c) 2002 Graz University of Technology. All rights reserved. |
|
6 |
* |
|
7 |
* Redistribution and use in source and binary forms, with or without |
|
8 |
* modification, are permitted provided that the following conditions are met: |
|
9 |
* |
|
10 |
* 1. Redistributions of source code must retain the above copyright notice, |
|
11 |
* this list of conditions and the following disclaimer. |
|
12 |
* |
|
13 |
* 2. Redistributions in binary form must reproduce the above copyright notice, |
|
14 |
* this list of conditions and the following disclaimer in the documentation |
|
15 |
* and/or other materials provided with the distribution. |
|
16 |
* |
|
17 |
* 3. The end-user documentation included with the redistribution, if any, must |
|
18 |
* include the following acknowledgment: |
|
19 |
* |
|
20 |
* "This product includes software developed by IAIK of Graz University of |
|
21 |
* Technology." |
|
22 |
* |
|
23 |
* Alternately, this acknowledgment may appear in the software itself, if |
|
24 |
* and wherever such third-party acknowledgments normally appear. |
|
25 |
* |
|
26 |
* 4. The names "Graz University of Technology" and "IAIK of Graz University of |
|
27 |
* Technology" must not be used to endorse or promote products derived from |
|
28 |
* this software without prior written permission. |
|
29 |
* |
|
30 |
* 5. Products derived from this software may not be called |
|
31 |
* "IAIK PKCS Wrapper", nor may "IAIK" appear in their name, without prior |
|
32 |
* written permission of Graz University of Technology. |
|
33 |
* |
|
34 |
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED |
|
35 |
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
36 |
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
37 |
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE LICENSOR BE |
|
38 |
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, |
|
39 |
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
|
40 |
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, |
|
41 |
* OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON |
|
42 |
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, |
|
43 |
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|
44 |
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
|
45 |
* POSSIBILITY OF SUCH DAMAGE. |
|
46 |
*/ |
|
47 |
||
48 |
#include "pkcs11wrapper.h" |
|
49 |
||
50 |
#include <stdio.h> |
|
51 |
#include <stdlib.h> |
|
52 |
#include <string.h> |
|
53 |
#include <assert.h> |
|
54 |
||
55 |
#include "sun_security_pkcs11_wrapper_PKCS11.h" |
|
56 |
||
57 |
#ifdef P11_ENABLE_C_GENERATEKEY |
|
58 |
/* |
|
59 |
* Class: sun_security_pkcs11_wrapper_PKCS11 |
|
60 |
* Method: C_GenerateKey |
|
61 |
* Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;)J |
|
62 |
* Parametermapping: *PKCS11* |
|
63 |
* @param jlong jSessionHandle CK_SESSION_HANDLE hSession |
|
64 |
* @param jobject jMechanism CK_MECHANISM_PTR pMechanism |
|
65 |
* @param jobjectArray jTemplate CK_ATTRIBUTE_PTR pTemplate |
|
66 |
* CK_ULONG ulCount |
|
67 |
* @return jlong jKeyHandle CK_OBJECT_HANDLE_PTR phKey |
|
68 |
*/ |
|
69 |
JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GenerateKey |
|
70 |
(JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jobjectArray jTemplate) |
|
71 |
{ |
|
72 |
CK_SESSION_HANDLE ckSessionHandle; |
|
73 |
CK_MECHANISM ckMechanism; |
|
74 |
CK_ATTRIBUTE_PTR ckpAttributes = NULL_PTR; |
|
75 |
CK_ULONG ckAttributesLength; |
|
3321
fed33393bc52
6823905: crash in sun.security.pkcs11.wrapper.PKCS11.C_Sign during stress-test
valeriep
parents:
2180
diff
changeset
|
76 |
CK_OBJECT_HANDLE ckKeyHandle = 0; |
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
77 |
jlong jKeyHandle = 0L; |
2 | 78 |
CK_RV rv; |
79 |
||
80 |
CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); |
|
81 |
if (ckpFunctions == NULL) { return 0L; } |
|
82 |
||
83 |
ckSessionHandle = jLongToCKULong(jSessionHandle); |
|
84 |
jMechanismToCKMechanism(env, jMechanism, &ckMechanism); |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
85 |
if ((*env)->ExceptionCheck(env)) { return 0L ; } |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
86 |
|
2 | 87 |
jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength); |
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
88 |
if ((*env)->ExceptionCheck(env)) { |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
89 |
if (ckMechanism.pParameter != NULL_PTR) { |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
90 |
free(ckMechanism.pParameter); |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
91 |
} |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
92 |
return 0L; |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
93 |
} |
2 | 94 |
|
95 |
rv = (*ckpFunctions->C_GenerateKey)(ckSessionHandle, &ckMechanism, ckpAttributes, ckAttributesLength, &ckKeyHandle); |
|
96 |
||
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
97 |
if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
98 |
jKeyHandle = ckULongToJLong(ckKeyHandle); |
2 | 99 |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
100 |
/* cheack, if we must give a initialization vector back to Java */ |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
101 |
switch (ckMechanism.mechanism) { |
2 | 102 |
case CKM_PBE_MD2_DES_CBC: |
103 |
case CKM_PBE_MD5_DES_CBC: |
|
104 |
case CKM_PBE_MD5_CAST_CBC: |
|
105 |
case CKM_PBE_MD5_CAST3_CBC: |
|
106 |
case CKM_PBE_MD5_CAST128_CBC: |
|
107 |
/* case CKM_PBE_MD5_CAST5_CBC: the same as CKM_PBE_MD5_CAST128_CBC */ |
|
108 |
case CKM_PBE_SHA1_CAST128_CBC: |
|
109 |
/* case CKM_PBE_SHA1_CAST5_CBC: the same as CKM_PBE_SHA1_CAST128_CBC */ |
|
110 |
/* we must copy back the initialization vector to the jMechanism object */ |
|
111 |
copyBackPBEInitializationVector(env, &ckMechanism, jMechanism); |
|
112 |
break; |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
113 |
} |
2 | 114 |
} |
115 |
||
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
116 |
if (ckMechanism.pParameter != NULL_PTR) { |
2 | 117 |
free(ckMechanism.pParameter); |
118 |
} |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
119 |
freeCKAttributeArray(ckpAttributes, ckAttributesLength); |
2 | 120 |
|
121 |
return jKeyHandle ; |
|
122 |
} |
|
123 |
#endif |
|
124 |
||
125 |
#ifdef P11_ENABLE_C_GENERATEKEYPAIR |
|
126 |
/* |
|
127 |
* Class: sun_security_pkcs11_wrapper_PKCS11 |
|
128 |
* Method: C_GenerateKeyPair |
|
129 |
* Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;)[J |
|
130 |
* Parametermapping: *PKCS11* |
|
131 |
* @param jlong jSessionHandle CK_SESSION_HANDLE hSession |
|
132 |
* @param jobject jMechanism CK_MECHANISM_PTR pMechanism |
|
133 |
* @param jobjectArray jPublicKeyTemplate CK_ATTRIBUTE_PTR pPublicKeyTemplate |
|
134 |
* CK_ULONG ulPublicKeyAttributeCount |
|
135 |
* @param jobjectArray jPrivateKeyTemplate CK_ATTRIBUTE_PTR pPrivateKeyTemplate |
|
136 |
* CK_ULONG ulPrivateKeyAttributeCount |
|
137 |
* @return jlongArray jKeyHandles CK_OBJECT_HANDLE_PTR phPublicKey |
|
138 |
* CK_OBJECT_HANDLE_PTR phPublicKey |
|
139 |
*/ |
|
140 |
JNIEXPORT jlongArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GenerateKeyPair |
|
141 |
(JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, |
|
142 |
jobjectArray jPublicKeyTemplate, jobjectArray jPrivateKeyTemplate) |
|
143 |
{ |
|
144 |
CK_SESSION_HANDLE ckSessionHandle; |
|
145 |
CK_MECHANISM ckMechanism; |
|
146 |
CK_ATTRIBUTE_PTR ckpPublicKeyAttributes = NULL_PTR; |
|
147 |
CK_ATTRIBUTE_PTR ckpPrivateKeyAttributes = NULL_PTR; |
|
148 |
CK_ULONG ckPublicKeyAttributesLength; |
|
149 |
CK_ULONG ckPrivateKeyAttributesLength; |
|
150 |
CK_OBJECT_HANDLE_PTR ckpPublicKeyHandle; /* pointer to Public Key */ |
|
151 |
CK_OBJECT_HANDLE_PTR ckpPrivateKeyHandle; /* pointer to Private Key */ |
|
152 |
CK_OBJECT_HANDLE_PTR ckpKeyHandles; /* pointer to array with Public and Private Key */ |
|
3321
fed33393bc52
6823905: crash in sun.security.pkcs11.wrapper.PKCS11.C_Sign during stress-test
valeriep
parents:
2180
diff
changeset
|
153 |
jlongArray jKeyHandles = NULL; |
2 | 154 |
CK_RV rv; |
39142
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
155 |
int attempts; |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
156 |
const int MAX_ATTEMPTS = 3; |
2 | 157 |
|
158 |
CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); |
|
159 |
if (ckpFunctions == NULL) { return NULL; } |
|
160 |
||
161 |
ckSessionHandle = jLongToCKULong(jSessionHandle); |
|
162 |
jMechanismToCKMechanism(env, jMechanism, &ckMechanism); |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
163 |
if ((*env)->ExceptionCheck(env)) { return NULL; } |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
164 |
|
2 | 165 |
ckpKeyHandles = (CK_OBJECT_HANDLE_PTR) malloc(2 * sizeof(CK_OBJECT_HANDLE)); |
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
166 |
if (ckpKeyHandles == NULL) { |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
167 |
if (ckMechanism.pParameter != NULL_PTR) { |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
168 |
free(ckMechanism.pParameter); |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
169 |
} |
10798
413b731e1818
7103549: Remove dependencies on libjava and libjvm from security libraries
chegar
parents:
5506
diff
changeset
|
170 |
throwOutOfMemoryError(env, 0); |
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
171 |
return NULL; |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
172 |
} |
2 | 173 |
ckpPublicKeyHandle = ckpKeyHandles; /* first element of array is Public Key */ |
174 |
ckpPrivateKeyHandle = (ckpKeyHandles + 1); /* second element of array is Private Key */ |
|
175 |
||
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
176 |
jAttributeArrayToCKAttributeArray(env, jPublicKeyTemplate, &ckpPublicKeyAttributes, &ckPublicKeyAttributesLength); |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
177 |
if ((*env)->ExceptionCheck(env)) { |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
178 |
if (ckMechanism.pParameter != NULL_PTR) { |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
179 |
free(ckMechanism.pParameter); |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
180 |
} |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
181 |
free(ckpKeyHandles); |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
182 |
return NULL; |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
183 |
} |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
184 |
|
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
185 |
jAttributeArrayToCKAttributeArray(env, jPrivateKeyTemplate, &ckpPrivateKeyAttributes, &ckPrivateKeyAttributesLength); |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
186 |
if ((*env)->ExceptionCheck(env)) { |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
187 |
if (ckMechanism.pParameter != NULL_PTR) { |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
188 |
free(ckMechanism.pParameter); |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
189 |
} |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
190 |
free(ckpKeyHandles); |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
191 |
freeCKAttributeArray(ckpPublicKeyAttributes, ckPublicKeyAttributesLength); |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
192 |
return NULL; |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
193 |
} |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
194 |
|
39142
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
195 |
/* |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
196 |
* Workaround for NSS bug 1012786: |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
197 |
* |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
198 |
* Key generation may fail with CKR_FUNCTION_FAILED error |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
199 |
* if there is insufficient entropy to generate a random key. |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
200 |
* |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
201 |
* PKCS11 spec says the following about CKR_FUNCTION_FAILED error |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
202 |
* (see section 11.1.1): |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
203 |
* |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
204 |
* ... In any event, although the function call failed, the situation |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
205 |
* is not necessarily totally hopeless, as it is likely to be |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
206 |
* when CKR_GENERAL_ERROR is returned. Depending on what the root cause of |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
207 |
* the error actually was, it is possible that an attempt |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
208 |
* to make the exact same function call again would succeed. |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
209 |
* |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
210 |
* Call C_GenerateKeyPair() several times if CKR_FUNCTION_FAILED occurs. |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
211 |
*/ |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
212 |
for (attempts = 0; attempts < MAX_ATTEMPTS; attempts++) { |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
213 |
rv = (*ckpFunctions->C_GenerateKeyPair)(ckSessionHandle, &ckMechanism, |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
214 |
ckpPublicKeyAttributes, ckPublicKeyAttributesLength, |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
215 |
ckpPrivateKeyAttributes, ckPrivateKeyAttributesLength, |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
216 |
ckpPublicKeyHandle, ckpPrivateKeyHandle); |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
217 |
if (rv == CKR_FUNCTION_FAILED) { |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
218 |
printDebug("C_1GenerateKeyPair(): C_GenerateKeyPair() failed \ |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
219 |
with CKR_FUNCTION_FAILED error, try again\n"); |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
220 |
} else { |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
221 |
break; |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
222 |
} |
bf48a9f13cf2
8074580: sun/security/pkcs11/rsa/TestKeyPairGenerator.java fails due to PKCS11Exception: CKR_FUNCTION_FAILED
asmotrak
parents:
25859
diff
changeset
|
223 |
} |
2 | 224 |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
225 |
if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
226 |
jKeyHandles = ckULongArrayToJLongArray(env, ckpKeyHandles, 2); |
2 | 227 |
} |
228 |
||
229 |
if(ckMechanism.pParameter != NULL_PTR) { |
|
230 |
free(ckMechanism.pParameter); |
|
231 |
} |
|
232 |
free(ckpKeyHandles); |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
233 |
freeCKAttributeArray(ckpPublicKeyAttributes, ckPublicKeyAttributesLength); |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
234 |
freeCKAttributeArray(ckpPrivateKeyAttributes, ckPrivateKeyAttributesLength); |
2 | 235 |
|
236 |
return jKeyHandles ; |
|
237 |
} |
|
238 |
#endif |
|
239 |
||
240 |
#ifdef P11_ENABLE_C_WRAPKEY |
|
241 |
/* |
|
242 |
* Class: sun_security_pkcs11_wrapper_PKCS11 |
|
243 |
* Method: C_WrapKey |
|
244 |
* Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;JJ)[B |
|
245 |
* Parametermapping: *PKCS11* |
|
246 |
* @param jlong jSessionHandle CK_SESSION_HANDLE hSession |
|
247 |
* @param jobject jMechanism CK_MECHANISM_PTR pMechanism |
|
248 |
* @param jlong jWrappingKeyHandle CK_OBJECT_HANDLE hWrappingKey |
|
249 |
* @param jlong jKeyHandle CK_OBJECT_HANDLE hKey |
|
250 |
* @return jbyteArray jWrappedKey CK_BYTE_PTR pWrappedKey |
|
251 |
* CK_ULONG_PTR pulWrappedKeyLen |
|
252 |
*/ |
|
253 |
JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1WrapKey |
|
254 |
(JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jWrappingKeyHandle, jlong jKeyHandle) |
|
255 |
{ |
|
256 |
CK_SESSION_HANDLE ckSessionHandle; |
|
257 |
CK_MECHANISM ckMechanism; |
|
258 |
CK_OBJECT_HANDLE ckWrappingKeyHandle; |
|
259 |
CK_OBJECT_HANDLE ckKeyHandle; |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
260 |
jbyteArray jWrappedKey = NULL; |
2 | 261 |
CK_RV rv; |
262 |
CK_BYTE BUF[MAX_STACK_BUFFER_LEN]; |
|
263 |
CK_BYTE_PTR ckpWrappedKey = BUF; |
|
264 |
CK_ULONG ckWrappedKeyLength = MAX_STACK_BUFFER_LEN; |
|
265 |
||
266 |
CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); |
|
267 |
if (ckpFunctions == NULL) { return NULL; } |
|
268 |
||
269 |
ckSessionHandle = jLongToCKULong(jSessionHandle); |
|
270 |
jMechanismToCKMechanism(env, jMechanism, &ckMechanism); |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
271 |
if ((*env)->ExceptionCheck(env)) { return NULL; } |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
272 |
|
2 | 273 |
ckWrappingKeyHandle = jLongToCKULong(jWrappingKeyHandle); |
274 |
ckKeyHandle = jLongToCKULong(jKeyHandle); |
|
275 |
||
276 |
rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, &ckMechanism, ckWrappingKeyHandle, ckKeyHandle, ckpWrappedKey, &ckWrappedKeyLength); |
|
277 |
if (rv == CKR_BUFFER_TOO_SMALL) { |
|
278 |
ckpWrappedKey = (CK_BYTE_PTR) malloc(ckWrappedKeyLength); |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
279 |
if (ckpWrappedKey == NULL) { |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
280 |
if (ckMechanism.pParameter != NULL_PTR) { |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
281 |
free(ckMechanism.pParameter); |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
282 |
} |
10798
413b731e1818
7103549: Remove dependencies on libjava and libjvm from security libraries
chegar
parents:
5506
diff
changeset
|
283 |
throwOutOfMemoryError(env, 0); |
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
284 |
return NULL; |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
285 |
} |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
286 |
|
2 | 287 |
rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, &ckMechanism, ckWrappingKeyHandle, ckKeyHandle, ckpWrappedKey, &ckWrappedKeyLength); |
288 |
} |
|
289 |
if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { |
|
290 |
jWrappedKey = ckByteArrayToJByteArray(env, ckpWrappedKey, ckWrappedKeyLength); |
|
291 |
} |
|
292 |
||
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
293 |
if (ckpWrappedKey != BUF) { free(ckpWrappedKey); } |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
294 |
if (ckMechanism.pParameter != NULL_PTR) { |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
295 |
free(ckMechanism.pParameter); |
2 | 296 |
} |
297 |
return jWrappedKey ; |
|
298 |
} |
|
299 |
#endif |
|
300 |
||
301 |
#ifdef P11_ENABLE_C_UNWRAPKEY |
|
302 |
/* |
|
303 |
* Class: sun_security_pkcs11_wrapper_PKCS11 |
|
304 |
* Method: C_UnwrapKey |
|
305 |
* Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;J[B[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;)J |
|
306 |
* Parametermapping: *PKCS11* |
|
307 |
* @param jlong jSessionHandle CK_SESSION_HANDLE hSession |
|
308 |
* @param jobject jMechanism CK_MECHANISM_PTR pMechanism |
|
309 |
* @param jlong jUnwrappingKeyHandle CK_OBJECT_HANDLE hUnwrappingKey |
|
310 |
* @param jbyteArray jWrappedKey CK_BYTE_PTR pWrappedKey |
|
311 |
* CK_ULONG_PTR pulWrappedKeyLen |
|
312 |
* @param jobjectArray jTemplate CK_ATTRIBUTE_PTR pTemplate |
|
313 |
* CK_ULONG ulCount |
|
314 |
* @return jlong jKeyHandle CK_OBJECT_HANDLE_PTR phKey |
|
315 |
*/ |
|
316 |
JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1UnwrapKey |
|
317 |
(JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jUnwrappingKeyHandle, |
|
318 |
jbyteArray jWrappedKey, jobjectArray jTemplate) |
|
319 |
{ |
|
320 |
CK_SESSION_HANDLE ckSessionHandle; |
|
321 |
CK_MECHANISM ckMechanism; |
|
322 |
CK_OBJECT_HANDLE ckUnwrappingKeyHandle; |
|
323 |
CK_BYTE_PTR ckpWrappedKey = NULL_PTR; |
|
324 |
CK_ULONG ckWrappedKeyLength; |
|
325 |
CK_ATTRIBUTE_PTR ckpAttributes = NULL_PTR; |
|
326 |
CK_ULONG ckAttributesLength; |
|
3321
fed33393bc52
6823905: crash in sun.security.pkcs11.wrapper.PKCS11.C_Sign during stress-test
valeriep
parents:
2180
diff
changeset
|
327 |
CK_OBJECT_HANDLE ckKeyHandle = 0; |
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
328 |
jlong jKeyHandle = 0L; |
2 | 329 |
CK_RV rv; |
330 |
||
331 |
CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); |
|
332 |
if (ckpFunctions == NULL) { return 0L; } |
|
333 |
||
334 |
ckSessionHandle = jLongToCKULong(jSessionHandle); |
|
335 |
jMechanismToCKMechanism(env, jMechanism, &ckMechanism); |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
336 |
if ((*env)->ExceptionCheck(env)) { return 0L; } |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
337 |
|
2 | 338 |
ckUnwrappingKeyHandle = jLongToCKULong(jUnwrappingKeyHandle); |
339 |
jByteArrayToCKByteArray(env, jWrappedKey, &ckpWrappedKey, &ckWrappedKeyLength); |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
340 |
if ((*env)->ExceptionCheck(env)) { |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
341 |
if (ckMechanism.pParameter != NULL_PTR) { |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
342 |
free(ckMechanism.pParameter); |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
343 |
} |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
344 |
return 0L; |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
345 |
} |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
346 |
|
2 | 347 |
jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength); |
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
348 |
if ((*env)->ExceptionCheck(env)) { |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
349 |
if (ckMechanism.pParameter != NULL_PTR) { |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
350 |
free(ckMechanism.pParameter); |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
351 |
} |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
352 |
free(ckpWrappedKey); |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
353 |
return 0L; |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
354 |
} |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
355 |
|
2 | 356 |
|
357 |
rv = (*ckpFunctions->C_UnwrapKey)(ckSessionHandle, &ckMechanism, ckUnwrappingKeyHandle, |
|
358 |
ckpWrappedKey, ckWrappedKeyLength, |
|
359 |
ckpAttributes, ckAttributesLength, &ckKeyHandle); |
|
360 |
||
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
361 |
if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
362 |
jKeyHandle = ckLongToJLong(ckKeyHandle); |
2 | 363 |
|
364 |
#if 0 |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
365 |
/* cheack, if we must give a initialization vector back to Java */ |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
366 |
if (ckMechanism.mechanism == CKM_KEY_WRAP_SET_OAEP) { |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
367 |
/* we must copy back the unwrapped key info to the jMechanism object */ |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
368 |
copyBackSetUnwrappedKey(env, &ckMechanism, jMechanism); |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
369 |
} |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
370 |
#endif |
2 | 371 |
} |
372 |
||
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
373 |
if (ckMechanism.pParameter != NULL_PTR) { |
2 | 374 |
free(ckMechanism.pParameter); |
375 |
} |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
376 |
freeCKAttributeArray(ckpAttributes, ckAttributesLength); |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
377 |
free(ckpWrappedKey); |
2 | 378 |
|
379 |
return jKeyHandle ; |
|
380 |
} |
|
381 |
#endif |
|
382 |
||
383 |
#ifdef P11_ENABLE_C_DERIVEKEY |
|
384 |
||
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
385 |
static void freeMasterKeyDeriveParams(CK_SSL3_RANDOM_DATA *RandomInfo, CK_VERSION_PTR pVersion) { |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
386 |
if (RandomInfo->pClientRandom != NULL) { |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
387 |
free(RandomInfo->pClientRandom); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
388 |
} |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
389 |
if (RandomInfo->pServerRandom != NULL) { |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
390 |
free(RandomInfo->pServerRandom); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
391 |
} |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
392 |
if (pVersion != NULL) { |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
393 |
free(pVersion); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
394 |
} |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
395 |
} |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
396 |
|
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
397 |
void ssl3FreeMasterKeyDeriveParams(CK_MECHANISM_PTR ckMechanism) { |
2 | 398 |
CK_SSL3_MASTER_KEY_DERIVE_PARAMS *params = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *) ckMechanism->pParameter; |
399 |
if (params == NULL) { |
|
400 |
return; |
|
401 |
} |
|
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
402 |
freeMasterKeyDeriveParams(&(params->RandomInfo), params->pVersion); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
403 |
} |
2 | 404 |
|
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
405 |
void tls12FreeMasterKeyDeriveParams(CK_MECHANISM_PTR ckMechanism) { |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
406 |
CK_TLS12_MASTER_KEY_DERIVE_PARAMS *params = |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
407 |
(CK_TLS12_MASTER_KEY_DERIVE_PARAMS *)ckMechanism->pParameter; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
408 |
if (params == NULL) { |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
409 |
return; |
2 | 410 |
} |
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
411 |
freeMasterKeyDeriveParams(&(params->RandomInfo), params->pVersion); |
2 | 412 |
} |
413 |
||
414 |
void freeEcdh1DeriveParams(CK_MECHANISM_PTR ckMechanism) { |
|
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
415 |
CK_ECDH1_DERIVE_PARAMS *params = |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
416 |
(CK_ECDH1_DERIVE_PARAMS *)ckMechanism->pParameter; |
2 | 417 |
if (params == NULL) { |
418 |
return; |
|
419 |
} |
|
420 |
||
421 |
if (params->pSharedData != NULL) { |
|
422 |
free(params->pSharedData); |
|
423 |
} |
|
424 |
if (params->pPublicData != NULL) { |
|
425 |
free(params->pPublicData); |
|
426 |
} |
|
427 |
} |
|
428 |
||
429 |
/* |
|
430 |
* Copy back the PRF output to Java. |
|
431 |
*/ |
|
432 |
void copyBackTLSPrfParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism) |
|
433 |
{ |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
434 |
jclass jMechanismClass, jTLSPrfParamsClass; |
2 | 435 |
CK_TLS_PRF_PARAMS *ckTLSPrfParams; |
436 |
jobject jTLSPrfParams; |
|
437 |
jfieldID fieldID; |
|
438 |
CK_MECHANISM_TYPE ckMechanismType; |
|
439 |
jlong jMechanismType; |
|
440 |
CK_BYTE_PTR output; |
|
441 |
jobject jOutput; |
|
442 |
jint jLength; |
|
443 |
jbyte* jBytes; |
|
444 |
int i; |
|
445 |
||
446 |
/* get mechanism */ |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
447 |
jMechanismClass = (*env)->FindClass(env, CLASS_MECHANISM); |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
448 |
if (jMechanismClass == NULL) { return; } |
2 | 449 |
fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J"); |
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
450 |
if (fieldID == NULL) { return; } |
2 | 451 |
jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID); |
452 |
ckMechanismType = jLongToCKULong(jMechanismType); |
|
453 |
if (ckMechanismType != ckMechanism->mechanism) { |
|
454 |
/* we do not have maching types, this should not occur */ |
|
455 |
return; |
|
456 |
} |
|
457 |
||
458 |
/* get the native CK_TLS_PRF_PARAMS */ |
|
459 |
ckTLSPrfParams = (CK_TLS_PRF_PARAMS *) ckMechanism->pParameter; |
|
460 |
if (ckTLSPrfParams != NULL_PTR) { |
|
461 |
/* get the Java CK_TLS_PRF_PARAMS object (pParameter) */ |
|
462 |
fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;"); |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
463 |
if (fieldID == NULL) { return; } |
2 | 464 |
jTLSPrfParams = (*env)->GetObjectField(env, jMechanism, fieldID); |
465 |
||
466 |
/* copy back the client IV */ |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
467 |
jTLSPrfParamsClass = (*env)->FindClass(env, CLASS_TLS_PRF_PARAMS); |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
468 |
if (jTLSPrfParamsClass == NULL) { return; } |
2 | 469 |
fieldID = (*env)->GetFieldID(env, jTLSPrfParamsClass, "pOutput", "[B"); |
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
470 |
if (fieldID == NULL) { return; } |
2 | 471 |
jOutput = (*env)->GetObjectField(env, jTLSPrfParams, fieldID); |
472 |
output = ckTLSPrfParams->pOutput; |
|
473 |
||
474 |
// Note: we assume that the token returned exactly as many bytes as we |
|
475 |
// requested. Anything else would not make sense. |
|
476 |
if (jOutput != NULL) { |
|
477 |
jLength = (*env)->GetArrayLength(env, jOutput); |
|
478 |
jBytes = (*env)->GetByteArrayElements(env, jOutput, NULL); |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
479 |
if (jBytes == NULL) { return; } |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
480 |
|
2 | 481 |
/* copy the bytes to the Java buffer */ |
482 |
for (i=0; i < jLength; i++) { |
|
483 |
jBytes[i] = ckByteToJByte(output[i]); |
|
484 |
} |
|
485 |
/* copy back the Java buffer to the object */ |
|
486 |
(*env)->ReleaseByteArrayElements(env, jOutput, jBytes, 0); |
|
487 |
} |
|
488 |
||
489 |
// free malloc'd data |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
490 |
free(ckTLSPrfParams->pSeed); |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
491 |
free(ckTLSPrfParams->pLabel); |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
492 |
free(ckTLSPrfParams->pulOutputLen); |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
493 |
free(ckTLSPrfParams->pOutput); |
2 | 494 |
} |
495 |
} |
|
496 |
||
497 |
/* |
|
498 |
* Class: sun_security_pkcs11_wrapper_PKCS11 |
|
499 |
* Method: C_DeriveKey |
|
500 |
* Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;J[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;)J |
|
501 |
* Parametermapping: *PKCS11* |
|
502 |
* @param jlong jSessionHandle CK_SESSION_HANDLE hSession |
|
503 |
* @param jobject jMechanism CK_MECHANISM_PTR pMechanism |
|
504 |
* @param jlong jBaseKeyHandle CK_OBJECT_HANDLE hBaseKey |
|
505 |
* @param jobjectArray jTemplate CK_ATTRIBUTE_PTR pTemplate |
|
506 |
* CK_ULONG ulCount |
|
507 |
* @return jlong jKeyHandle CK_OBJECT_HANDLE_PTR phKey |
|
508 |
*/ |
|
509 |
JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DeriveKey |
|
510 |
(JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jBaseKeyHandle, jobjectArray jTemplate) |
|
511 |
{ |
|
512 |
CK_SESSION_HANDLE ckSessionHandle; |
|
513 |
CK_MECHANISM ckMechanism; |
|
514 |
CK_OBJECT_HANDLE ckBaseKeyHandle; |
|
515 |
CK_ATTRIBUTE_PTR ckpAttributes = NULL_PTR; |
|
516 |
CK_ULONG ckAttributesLength; |
|
517 |
CK_OBJECT_HANDLE ckKeyHandle = 0; |
|
3321
fed33393bc52
6823905: crash in sun.security.pkcs11.wrapper.PKCS11.C_Sign during stress-test
valeriep
parents:
2180
diff
changeset
|
518 |
jlong jKeyHandle = 0L; |
2 | 519 |
CK_RV rv; |
520 |
CK_OBJECT_HANDLE_PTR phKey = &ckKeyHandle; |
|
521 |
||
522 |
CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); |
|
523 |
if (ckpFunctions == NULL) { return 0L; } |
|
524 |
||
525 |
ckSessionHandle = jLongToCKULong(jSessionHandle); |
|
526 |
jMechanismToCKMechanism(env, jMechanism, &ckMechanism); |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
527 |
if ((*env)->ExceptionCheck(env)) { return 0L; } |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
528 |
|
2 | 529 |
ckBaseKeyHandle = jLongToCKULong(jBaseKeyHandle); |
530 |
jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength); |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
531 |
if ((*env)->ExceptionCheck(env)) { |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
532 |
if (ckMechanism.pParameter != NULL_PTR) { |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
533 |
free(ckMechanism.pParameter); |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
534 |
} |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
535 |
return 0L; |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
536 |
} |
2 | 537 |
|
538 |
switch (ckMechanism.mechanism) { |
|
539 |
case CKM_SSL3_KEY_AND_MAC_DERIVE: |
|
540 |
case CKM_TLS_KEY_AND_MAC_DERIVE: |
|
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
541 |
case CKM_TLS12_KEY_AND_MAC_DERIVE: |
2 | 542 |
case CKM_TLS_PRF: |
543 |
// these mechanism do not return a key handle via phKey |
|
544 |
// set to NULL in case pedantic implementations check for it |
|
545 |
phKey = NULL; |
|
546 |
break; |
|
547 |
default: |
|
548 |
// empty |
|
549 |
break; |
|
550 |
} |
|
551 |
||
552 |
rv = (*ckpFunctions->C_DeriveKey)(ckSessionHandle, &ckMechanism, ckBaseKeyHandle, |
|
553 |
ckpAttributes, ckAttributesLength, phKey); |
|
554 |
||
555 |
jKeyHandle = ckLongToJLong(ckKeyHandle); |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
556 |
|
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
557 |
freeCKAttributeArray(ckpAttributes, ckAttributesLength); |
2 | 558 |
|
559 |
switch (ckMechanism.mechanism) { |
|
560 |
case CKM_SSL3_MASTER_KEY_DERIVE: |
|
561 |
case CKM_TLS_MASTER_KEY_DERIVE: |
|
562 |
/* we must copy back the client version */ |
|
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
563 |
ssl3CopyBackClientVersion(env, &ckMechanism, jMechanism); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
564 |
ssl3FreeMasterKeyDeriveParams(&ckMechanism); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
565 |
break; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
566 |
case CKM_TLS12_MASTER_KEY_DERIVE: |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
567 |
tls12CopyBackClientVersion(env, &ckMechanism, jMechanism); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
568 |
tls12FreeMasterKeyDeriveParams(&ckMechanism); |
2 | 569 |
break; |
570 |
case CKM_SSL3_MASTER_KEY_DERIVE_DH: |
|
571 |
case CKM_TLS_MASTER_KEY_DERIVE_DH: |
|
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
572 |
ssl3FreeMasterKeyDeriveParams(&ckMechanism); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
573 |
break; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
574 |
case CKM_TLS12_MASTER_KEY_DERIVE_DH: |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
575 |
tls12FreeMasterKeyDeriveParams(&ckMechanism); |
2 | 576 |
break; |
577 |
case CKM_SSL3_KEY_AND_MAC_DERIVE: |
|
578 |
case CKM_TLS_KEY_AND_MAC_DERIVE: |
|
579 |
/* we must copy back the unwrapped key info to the jMechanism object */ |
|
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
580 |
ssl3CopyBackKeyMatParams(env, &ckMechanism, jMechanism); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
581 |
break; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
582 |
case CKM_TLS12_KEY_AND_MAC_DERIVE: |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
583 |
/* we must copy back the unwrapped key info to the jMechanism object */ |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
584 |
tls12CopyBackKeyMatParams(env, &ckMechanism, jMechanism); |
2 | 585 |
break; |
586 |
case CKM_TLS_PRF: |
|
587 |
copyBackTLSPrfParams(env, &ckMechanism, jMechanism); |
|
588 |
break; |
|
589 |
case CKM_ECDH1_DERIVE: |
|
590 |
freeEcdh1DeriveParams(&ckMechanism); |
|
591 |
break; |
|
592 |
default: |
|
593 |
// empty |
|
594 |
break; |
|
595 |
} |
|
596 |
||
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
597 |
if (ckMechanism.pParameter != NULL_PTR) { |
2 | 598 |
free(ckMechanism.pParameter); |
599 |
} |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
600 |
if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return 0L ; } |
2 | 601 |
|
602 |
return jKeyHandle ; |
|
603 |
} |
|
604 |
||
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
605 |
static void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism, |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
606 |
CK_VERSION *ckVersion, const char *class_master_key_derive_params) |
2 | 607 |
{ |
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
608 |
jclass jMasterKeyDeriveParamsClass, jMechanismClass, jVersionClass; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
609 |
jobject jMasterKeyDeriveParams; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
610 |
jfieldID fieldID; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
611 |
CK_MECHANISM_TYPE ckMechanismType; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
612 |
jlong jMechanismType; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
613 |
jobject jVersion; |
2 | 614 |
|
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
615 |
/* get mechanism */ |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
616 |
jMechanismClass = (*env)->FindClass(env, CLASS_MECHANISM); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
617 |
if (jMechanismClass == NULL) { return; } |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
618 |
fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J"); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
619 |
if (fieldID == NULL) { return; } |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
620 |
jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
621 |
ckMechanismType = jLongToCKULong(jMechanismType); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
622 |
if (ckMechanismType != ckMechanism->mechanism) { |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
623 |
/* we do not have maching types, this should not occur */ |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
624 |
return; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
625 |
} |
2 | 626 |
|
627 |
if (ckVersion != NULL_PTR) { |
|
628 |
/* get the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS (pParameter) */ |
|
629 |
fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;"); |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
630 |
if (fieldID == NULL) { return; } |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
631 |
|
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
632 |
jMasterKeyDeriveParams = (*env)->GetObjectField(env, jMechanism, fieldID); |
2 | 633 |
|
634 |
/* get the Java CK_VERSION */ |
|
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
635 |
jMasterKeyDeriveParamsClass = (*env)->FindClass(env, class_master_key_derive_params); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
636 |
if (jMasterKeyDeriveParamsClass == NULL) { return; } |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
637 |
fieldID = (*env)->GetFieldID(env, jMasterKeyDeriveParamsClass, |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
638 |
"pVersion", "L"CLASS_VERSION";"); |
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
639 |
if (fieldID == NULL) { return; } |
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
640 |
jVersion = (*env)->GetObjectField(env, jMasterKeyDeriveParams, fieldID); |
2 | 641 |
|
642 |
/* now copy back the version from the native structure to the Java structure */ |
|
643 |
||
644 |
/* copy back the major version */ |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
645 |
jVersionClass = (*env)->FindClass(env, CLASS_VERSION); |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
646 |
if (jVersionClass == NULL) { return; } |
2 | 647 |
fieldID = (*env)->GetFieldID(env, jVersionClass, "major", "B"); |
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
648 |
if (fieldID == NULL) { return; } |
2 | 649 |
(*env)->SetByteField(env, jVersion, fieldID, ckByteToJByte(ckVersion->major)); |
650 |
||
651 |
/* copy back the minor version */ |
|
652 |
fieldID = (*env)->GetFieldID(env, jVersionClass, "minor", "B"); |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
653 |
if (fieldID == NULL) { return; } |
2 | 654 |
(*env)->SetByteField(env, jVersion, fieldID, ckByteToJByte(ckVersion->minor)); |
655 |
} |
|
656 |
} |
|
657 |
||
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
658 |
/* |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
659 |
* Copy back the client version information from the native |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
660 |
* structure to the Java object. This is only used for |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
661 |
* CKM_SSL3_MASTER_KEY_DERIVE and CKM_TLS_MASTER_KEY_DERIVE |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
662 |
* mechanisms when used for deriving a key. |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
663 |
* |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
664 |
*/ |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
665 |
void ssl3CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
666 |
jobject jMechanism) |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
667 |
{ |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
668 |
CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ckSSL3MasterKeyDeriveParams; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
669 |
ckSSL3MasterKeyDeriveParams = |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
670 |
(CK_SSL3_MASTER_KEY_DERIVE_PARAMS *)ckMechanism->pParameter; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
671 |
if (ckSSL3MasterKeyDeriveParams != NULL_PTR) { |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
672 |
copyBackClientVersion(env, ckMechanism, jMechanism, |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
673 |
ckSSL3MasterKeyDeriveParams->pVersion, |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
674 |
CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
675 |
} |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
676 |
} |
2 | 677 |
|
678 |
/* |
|
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
679 |
* Copy back the client version information from the native |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
680 |
* structure to the Java object. This is only used for |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
681 |
* CKM_TLS12_MASTER_KEY_DERIVE mechanism when used for deriving a key. |
2 | 682 |
* |
683 |
*/ |
|
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
684 |
void tls12CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
685 |
jobject jMechanism) |
2 | 686 |
{ |
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
687 |
CK_TLS12_MASTER_KEY_DERIVE_PARAMS *ckTLS12MasterKeyDeriveParams; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
688 |
ckTLS12MasterKeyDeriveParams = |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
689 |
(CK_TLS12_MASTER_KEY_DERIVE_PARAMS *)ckMechanism->pParameter; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
690 |
if (ckTLS12MasterKeyDeriveParams != NULL_PTR) { |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
691 |
copyBackClientVersion(env, ckMechanism, jMechanism, |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
692 |
ckTLS12MasterKeyDeriveParams->pVersion, |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
693 |
CLASS_TLS12_MASTER_KEY_DERIVE_PARAMS); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
694 |
} |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
695 |
} |
2 | 696 |
|
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
697 |
static void copyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
698 |
jobject jMechanism, CK_SSL3_RANDOM_DATA *RandomInfo, |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
699 |
CK_SSL3_KEY_MAT_OUT_PTR ckSSL3KeyMatOut, const char *class_key_mat_params) |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
700 |
{ |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
701 |
jclass jMechanismClass, jKeyMatParamsClass, jSSL3KeyMatOutClass; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
702 |
jfieldID fieldID; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
703 |
CK_MECHANISM_TYPE ckMechanismType; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
704 |
jlong jMechanismType; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
705 |
CK_BYTE_PTR iv; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
706 |
jobject jKeyMatParam; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
707 |
jobject jSSL3KeyMatOut; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
708 |
jobject jIV; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
709 |
jint jLength; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
710 |
jbyte* jBytes; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
711 |
int i; |
2 | 712 |
|
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
713 |
/* get mechanism */ |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
714 |
jMechanismClass= (*env)->FindClass(env, CLASS_MECHANISM); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
715 |
if (jMechanismClass == NULL) { return; } |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
716 |
fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J"); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
717 |
if (fieldID == NULL) { return; } |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
718 |
jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
719 |
ckMechanismType = jLongToCKULong(jMechanismType); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
720 |
if (ckMechanismType != ckMechanism->mechanism) { |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
721 |
/* we do not have maching types, this should not occur */ |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
722 |
return; |
2 | 723 |
} |
724 |
||
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
725 |
// free malloc'd data |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
726 |
if (RandomInfo->pClientRandom != NULL) { |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
727 |
free(RandomInfo->pClientRandom); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
728 |
} |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
729 |
if (RandomInfo->pServerRandom != NULL) { |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
730 |
free(RandomInfo->pServerRandom); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
731 |
} |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
732 |
|
2 | 733 |
if (ckSSL3KeyMatOut != NULL_PTR) { |
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
734 |
/* get the Java params object (pParameter) */ |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
735 |
fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
736 |
"Ljava/lang/Object;"); |
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
737 |
if (fieldID == NULL) { return; } |
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
738 |
jKeyMatParam = (*env)->GetObjectField(env, jMechanism, fieldID); |
2 | 739 |
|
740 |
/* get the Java CK_SSL3_KEY_MAT_OUT */ |
|
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
741 |
jKeyMatParamsClass = (*env)->FindClass(env, class_key_mat_params); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
742 |
if (jKeyMatParamsClass == NULL) { return; } |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
743 |
fieldID = (*env)->GetFieldID(env, jKeyMatParamsClass, |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
744 |
"pReturnedKeyMaterial", "L"CLASS_SSL3_KEY_MAT_OUT";"); |
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
745 |
if (fieldID == NULL) { return; } |
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
746 |
jSSL3KeyMatOut = (*env)->GetObjectField(env, jKeyMatParam, fieldID); |
2 | 747 |
|
748 |
/* now copy back all the key handles and the initialization vectors */ |
|
749 |
/* copy back client MAC secret handle */ |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
750 |
jSSL3KeyMatOutClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_OUT); |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
751 |
if (jSSL3KeyMatOutClass == NULL) { return; } |
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
752 |
fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
753 |
"hClientMacSecret", "J"); |
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
754 |
if (fieldID == NULL) { return; } |
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
755 |
(*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
756 |
ckULongToJLong(ckSSL3KeyMatOut->hClientMacSecret)); |
2 | 757 |
|
758 |
/* copy back server MAC secret handle */ |
|
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
759 |
fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
760 |
"hServerMacSecret", "J"); |
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
761 |
if (fieldID == NULL) { return; } |
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
762 |
(*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
763 |
ckULongToJLong(ckSSL3KeyMatOut->hServerMacSecret)); |
2 | 764 |
|
765 |
/* copy back client secret key handle */ |
|
766 |
fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hClientKey", "J"); |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
767 |
if (fieldID == NULL) { return; } |
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
768 |
(*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
769 |
ckULongToJLong(ckSSL3KeyMatOut->hClientKey)); |
2 | 770 |
|
771 |
/* copy back server secret key handle */ |
|
772 |
fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hServerKey", "J"); |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
773 |
if (fieldID == NULL) { return; } |
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
774 |
(*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
775 |
ckULongToJLong(ckSSL3KeyMatOut->hServerKey)); |
2 | 776 |
|
777 |
/* copy back the client IV */ |
|
778 |
fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "pIVClient", "[B"); |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
779 |
if (fieldID == NULL) { return; } |
2 | 780 |
jIV = (*env)->GetObjectField(env, jSSL3KeyMatOut, fieldID); |
781 |
iv = ckSSL3KeyMatOut->pIVClient; |
|
782 |
||
783 |
if (jIV != NULL) { |
|
784 |
jLength = (*env)->GetArrayLength(env, jIV); |
|
785 |
jBytes = (*env)->GetByteArrayElements(env, jIV, NULL); |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
786 |
if (jBytes == NULL) { return; } |
2 | 787 |
/* copy the bytes to the Java buffer */ |
788 |
for (i=0; i < jLength; i++) { |
|
789 |
jBytes[i] = ckByteToJByte(iv[i]); |
|
790 |
} |
|
791 |
/* copy back the Java buffer to the object */ |
|
792 |
(*env)->ReleaseByteArrayElements(env, jIV, jBytes, 0); |
|
793 |
} |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
794 |
// free malloc'd data |
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
795 |
free(ckSSL3KeyMatOut->pIVClient); |
2 | 796 |
|
797 |
/* copy back the server IV */ |
|
798 |
fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "pIVServer", "[B"); |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
799 |
if (fieldID == NULL) { return; } |
2 | 800 |
jIV = (*env)->GetObjectField(env, jSSL3KeyMatOut, fieldID); |
801 |
iv = ckSSL3KeyMatOut->pIVServer; |
|
802 |
||
803 |
if (jIV != NULL) { |
|
804 |
jLength = (*env)->GetArrayLength(env, jIV); |
|
805 |
jBytes = (*env)->GetByteArrayElements(env, jIV, NULL); |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
806 |
if (jBytes == NULL) { return; } |
2 | 807 |
/* copy the bytes to the Java buffer */ |
808 |
for (i=0; i < jLength; i++) { |
|
809 |
jBytes[i] = ckByteToJByte(iv[i]); |
|
810 |
} |
|
811 |
/* copy back the Java buffer to the object */ |
|
812 |
(*env)->ReleaseByteArrayElements(env, jIV, jBytes, 0); |
|
813 |
} |
|
814 |
// free malloc'd data |
|
2180
9994f4f08a59
6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider
valeriep
parents:
2
diff
changeset
|
815 |
free(ckSSL3KeyMatOut->pIVServer); |
2 | 816 |
free(ckSSL3KeyMatOut); |
817 |
} |
|
51800
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
818 |
} |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
819 |
|
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
820 |
/* |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
821 |
* Copy back the derived keys and initialization vectors from the native |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
822 |
* structure to the Java object. This is only used for |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
823 |
* CKM_SSL3_KEY_AND_MAC_DERIVE and CKM_TLS_KEY_AND_MAC_DERIVE mechanisms |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
824 |
* when used for deriving a key. |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
825 |
* |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
826 |
*/ |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
827 |
void ssl3CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
828 |
jobject jMechanism) |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
829 |
{ |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
830 |
CK_SSL3_KEY_MAT_PARAMS *ckSSL3KeyMatParam; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
831 |
ckSSL3KeyMatParam = (CK_SSL3_KEY_MAT_PARAMS *)ckMechanism->pParameter; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
832 |
if (ckSSL3KeyMatParam != NULL_PTR) { |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
833 |
copyBackKeyMatParams(env, ckMechanism, jMechanism, |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
834 |
&(ckSSL3KeyMatParam->RandomInfo), |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
835 |
ckSSL3KeyMatParam->pReturnedKeyMaterial, |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
836 |
CLASS_SSL3_KEY_MAT_PARAMS); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
837 |
} |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
838 |
} |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
839 |
|
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
840 |
/* |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
841 |
* Copy back the derived keys and initialization vectors from the native |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
842 |
* structure to the Java object. This is only used for |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
843 |
* CKM_TLS12_KEY_AND_MAC_DERIVE mechanism when used for deriving a key. |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
844 |
* |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
845 |
*/ |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
846 |
void tls12CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
847 |
jobject jMechanism) |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
848 |
{ |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
849 |
CK_TLS12_KEY_MAT_PARAMS *ckTLS12KeyMatParam; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
850 |
ckTLS12KeyMatParam = (CK_TLS12_KEY_MAT_PARAMS *) ckMechanism->pParameter; |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
851 |
if (ckTLS12KeyMatParam != NULL_PTR) { |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
852 |
copyBackKeyMatParams(env, ckMechanism, jMechanism, |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
853 |
&(ckTLS12KeyMatParam->RandomInfo), |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
854 |
ckTLS12KeyMatParam->pReturnedKeyMaterial, |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
855 |
CLASS_TLS12_KEY_MAT_PARAMS); |
bccd9966f1ed
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider
mbalao
parents:
47216
diff
changeset
|
856 |
} |
2 | 857 |
} |
858 |
||
859 |
#endif |