300 CK_SSL3_KEY_MAT_PARAMS* sslKmTmp; |
300 CK_SSL3_KEY_MAT_PARAMS* sslKmTmp; |
301 CK_TLS12_MASTER_KEY_DERIVE_PARAMS *tlsMkdTmp; |
301 CK_TLS12_MASTER_KEY_DERIVE_PARAMS *tlsMkdTmp; |
302 CK_TLS12_KEY_MAT_PARAMS* tlsKmTmp; |
302 CK_TLS12_KEY_MAT_PARAMS* tlsKmTmp; |
303 |
303 |
304 if (mechPtr != NULL) { |
304 if (mechPtr != NULL) { |
305 TRACE2("DEBUG: free mech %lX (mech id = 0x%lX)\n", |
305 TRACE2("DEBUG freeCKMechanismPtr: free pMech %p (mech 0x%lX)\n", |
306 ptr_to_jlong(mechPtr), mechPtr->mechanism); |
306 mechPtr, mechPtr->mechanism); |
307 if (mechPtr->pParameter != NULL) { |
307 if (mechPtr->pParameter != NULL) { |
|
308 tmp = mechPtr->pParameter; |
308 switch (mechPtr->mechanism) { |
309 switch (mechPtr->mechanism) { |
309 case CKM_AES_GCM: |
310 case CKM_AES_GCM: |
310 tmp = mechPtr->pParameter; |
311 if (mechPtr->ulParameterLen == sizeof(CK_GCM_PARAMS_NO_IVBITS)) { |
311 TRACE1("\t=> free GCM_PARAMS %lX\n", |
312 TRACE0("[ GCM_PARAMS w/o ulIvBits ]\n"); |
312 ptr_to_jlong(tmp)); |
313 free(((CK_GCM_PARAMS_NO_IVBITS*)tmp)->pIv); |
313 free(((CK_GCM_PARAMS*)tmp)->pIv); |
314 free(((CK_GCM_PARAMS_NO_IVBITS*)tmp)->pAAD); |
314 free(((CK_GCM_PARAMS*)tmp)->pAAD); |
315 } else if (mechPtr->ulParameterLen == sizeof(CK_GCM_PARAMS)) { |
|
316 TRACE0("[ GCM_PARAMS ]\n"); |
|
317 free(((CK_GCM_PARAMS*)tmp)->pIv); |
|
318 free(((CK_GCM_PARAMS*)tmp)->pAAD); |
|
319 } |
315 break; |
320 break; |
316 case CKM_AES_CCM: |
321 case CKM_AES_CCM: |
317 tmp = mechPtr->pParameter; |
322 TRACE0("[ CK_CCM_PARAMS ]\n"); |
318 TRACE1("\t=> free CK_CCM_PARAMS %lX\n", |
|
319 ptr_to_jlong(tmp)); |
|
320 free(((CK_CCM_PARAMS*)tmp)->pNonce); |
323 free(((CK_CCM_PARAMS*)tmp)->pNonce); |
321 free(((CK_CCM_PARAMS*)tmp)->pAAD); |
324 free(((CK_CCM_PARAMS*)tmp)->pAAD); |
322 break; |
325 break; |
323 case CKM_TLS_PRF: |
326 case CKM_TLS_PRF: |
324 case CKM_NSS_TLS_PRF_GENERAL: |
327 case CKM_NSS_TLS_PRF_GENERAL: |
325 tmp = mechPtr->pParameter; |
328 TRACE0("[ CK_TLS_PRF_PARAMS ]\n"); |
326 TRACE1("\t=> free CK_TLS_PRF_PARAMS %lX\n", |
|
327 ptr_to_jlong(tmp)); |
|
328 free(((CK_TLS_PRF_PARAMS*)tmp)->pSeed); |
329 free(((CK_TLS_PRF_PARAMS*)tmp)->pSeed); |
329 free(((CK_TLS_PRF_PARAMS*)tmp)->pLabel); |
330 free(((CK_TLS_PRF_PARAMS*)tmp)->pLabel); |
330 free(((CK_TLS_PRF_PARAMS*)tmp)->pulOutputLen); |
331 free(((CK_TLS_PRF_PARAMS*)tmp)->pulOutputLen); |
331 free(((CK_TLS_PRF_PARAMS*)tmp)->pOutput); |
332 free(((CK_TLS_PRF_PARAMS*)tmp)->pOutput); |
332 break; |
333 break; |
333 case CKM_SSL3_MASTER_KEY_DERIVE: |
334 case CKM_SSL3_MASTER_KEY_DERIVE: |
334 case CKM_TLS_MASTER_KEY_DERIVE: |
335 case CKM_TLS_MASTER_KEY_DERIVE: |
335 case CKM_SSL3_MASTER_KEY_DERIVE_DH: |
336 case CKM_SSL3_MASTER_KEY_DERIVE_DH: |
336 case CKM_TLS_MASTER_KEY_DERIVE_DH: |
337 case CKM_TLS_MASTER_KEY_DERIVE_DH: |
337 sslMkdTmp = mechPtr->pParameter; |
338 sslMkdTmp = tmp; |
338 TRACE1("\t=> free CK_SSL3_MASTER_KEY_DERIVE_PARAMS %lX\n", |
339 TRACE0("[ CK_SSL3_MASTER_KEY_DERIVE_PARAMS ]\n"); |
339 ptr_to_jlong(sslMkdTmp)); |
|
340 free(sslMkdTmp->RandomInfo.pClientRandom); |
340 free(sslMkdTmp->RandomInfo.pClientRandom); |
341 free(sslMkdTmp->RandomInfo.pServerRandom); |
341 free(sslMkdTmp->RandomInfo.pServerRandom); |
342 free(sslMkdTmp->pVersion); |
342 free(sslMkdTmp->pVersion); |
343 break; |
343 break; |
344 case CKM_SSL3_KEY_AND_MAC_DERIVE: |
344 case CKM_SSL3_KEY_AND_MAC_DERIVE: |
345 case CKM_TLS_KEY_AND_MAC_DERIVE: |
345 case CKM_TLS_KEY_AND_MAC_DERIVE: |
346 sslKmTmp = mechPtr->pParameter; |
346 sslKmTmp = tmp; |
347 TRACE1("\t=> free CK_SSL3_KEY_MAT_PARAMS %lX\n", |
347 TRACE0("[ CK_SSL3_KEY_MAT_PARAMS ]\n"); |
348 ptr_to_jlong(sslKmTmp)); |
|
349 free(sslKmTmp->RandomInfo.pClientRandom); |
348 free(sslKmTmp->RandomInfo.pClientRandom); |
350 free(sslKmTmp->RandomInfo.pServerRandom); |
349 free(sslKmTmp->RandomInfo.pServerRandom); |
351 if (sslKmTmp->pReturnedKeyMaterial != NULL) { |
350 if (sslKmTmp->pReturnedKeyMaterial != NULL) { |
352 free(sslKmTmp->pReturnedKeyMaterial->pIVClient); |
351 free(sslKmTmp->pReturnedKeyMaterial->pIVClient); |
353 free(sslKmTmp->pReturnedKeyMaterial->pIVServer); |
352 free(sslKmTmp->pReturnedKeyMaterial->pIVServer); |
354 free(sslKmTmp->pReturnedKeyMaterial); |
353 free(sslKmTmp->pReturnedKeyMaterial); |
355 } |
354 } |
356 break; |
355 break; |
357 case CKM_TLS12_MASTER_KEY_DERIVE: |
356 case CKM_TLS12_MASTER_KEY_DERIVE: |
358 case CKM_TLS12_MASTER_KEY_DERIVE_DH: |
357 case CKM_TLS12_MASTER_KEY_DERIVE_DH: |
359 tlsMkdTmp = mechPtr->pParameter; |
358 tlsMkdTmp = tmp; |
360 TRACE1("\t=> CK_TLS12_MASTER_KEY_DERIVE_PARAMS %lX\n", |
359 TRACE0("[ CK_TLS12_MASTER_KEY_DERIVE_PARAMS ]\n"); |
361 ptr_to_jlong(tlsMkdTmp)); |
|
362 free(tlsMkdTmp->RandomInfo.pClientRandom); |
360 free(tlsMkdTmp->RandomInfo.pClientRandom); |
363 free(tlsMkdTmp->RandomInfo.pServerRandom); |
361 free(tlsMkdTmp->RandomInfo.pServerRandom); |
364 free(tlsMkdTmp->pVersion); |
362 free(tlsMkdTmp->pVersion); |
365 break; |
363 break; |
366 case CKM_TLS12_KEY_AND_MAC_DERIVE: |
364 case CKM_TLS12_KEY_AND_MAC_DERIVE: |
367 tlsKmTmp = mechPtr->pParameter; |
365 tlsKmTmp = tmp; |
368 TRACE1("\t=> free CK_TLS12_KEY_MAT_PARAMS %lX\n", |
366 TRACE0("[ CK_TLS12_KEY_MAT_PARAMS ]\n"); |
369 ptr_to_jlong(tlsKmTmp)); |
|
370 free(tlsKmTmp->RandomInfo.pClientRandom); |
367 free(tlsKmTmp->RandomInfo.pClientRandom); |
371 free(tlsKmTmp->RandomInfo.pServerRandom); |
368 free(tlsKmTmp->RandomInfo.pServerRandom); |
372 if (tlsKmTmp->pReturnedKeyMaterial != NULL) { |
369 if (tlsKmTmp->pReturnedKeyMaterial != NULL) { |
373 free(tlsKmTmp->pReturnedKeyMaterial->pIVClient); |
370 free(tlsKmTmp->pReturnedKeyMaterial->pIVClient); |
374 free(tlsKmTmp->pReturnedKeyMaterial->pIVServer); |
371 free(tlsKmTmp->pReturnedKeyMaterial->pIVServer); |
375 free(tlsKmTmp->pReturnedKeyMaterial); |
372 free(tlsKmTmp->pReturnedKeyMaterial); |
376 } |
373 } |
377 break; |
374 break; |
378 case CKM_ECDH1_DERIVE: |
375 case CKM_ECDH1_DERIVE: |
379 case CKM_ECDH1_COFACTOR_DERIVE: |
376 case CKM_ECDH1_COFACTOR_DERIVE: |
380 tmp = mechPtr->pParameter; |
377 TRACE0("[ CK_ECDH1_DERIVE_PARAMS ]\n"); |
381 TRACE1("\t=> free CK_ECDH1_DERIVE_PARAMS %lX\n", |
|
382 ptr_to_jlong(tmp)); |
|
383 free(((CK_ECDH1_DERIVE_PARAMS *)tmp)->pSharedData); |
378 free(((CK_ECDH1_DERIVE_PARAMS *)tmp)->pSharedData); |
384 free(((CK_ECDH1_DERIVE_PARAMS *)tmp)->pPublicData); |
379 free(((CK_ECDH1_DERIVE_PARAMS *)tmp)->pPublicData); |
385 break; |
380 break; |
386 case CKM_TLS_MAC: |
381 case CKM_TLS_MAC: |
387 case CKM_AES_CTR: |
382 case CKM_AES_CTR: |
388 case CKM_RSA_PKCS_PSS: |
383 case CKM_RSA_PKCS_PSS: |
389 case CKM_CAMELLIA_CTR: |
384 case CKM_CAMELLIA_CTR: |
390 TRACE0("\t=> NO OP\n"); |
|
391 // params do not contain pointers |
385 // params do not contain pointers |
392 break; |
386 break; |
393 default: |
387 default: |
394 // currently unsupported mechs by SunPKCS11 provider |
388 // currently unsupported mechs by SunPKCS11 provider |
395 // CKM_RSA_PKCS_OAEP, CKM_ECMQV_DERIVE, |
389 // CKM_RSA_PKCS_OAEP, CKM_ECMQV_DERIVE, |
397 // CKM_SKIPJACK_*, CKM_KEY_WRAP_SET_OAEP, CKM_PKCS5_PBKD2, |
391 // CKM_SKIPJACK_*, CKM_KEY_WRAP_SET_OAEP, CKM_PKCS5_PBKD2, |
398 // PBE mechs, WTLS mechs, CMS mechs, |
392 // PBE mechs, WTLS mechs, CMS mechs, |
399 // CKM_EXTRACT_KEY_FROM_KEY, CKM_OTP, CKM_KIP, |
393 // CKM_EXTRACT_KEY_FROM_KEY, CKM_OTP, CKM_KIP, |
400 // CKM_DSA_PARAMETER_GEN?, CKM_GOSTR3410_* |
394 // CKM_DSA_PARAMETER_GEN?, CKM_GOSTR3410_* |
401 // CK_any_CBC_ENCRYPT_DATA? |
395 // CK_any_CBC_ENCRYPT_DATA? |
402 TRACE0("\t=> ERROR UNSUPPORTED CK PARAMS\n"); |
396 TRACE0("ERROR: UNSUPPORTED CK_MECHANISM\n"); |
403 break; |
397 break; |
404 } |
398 } |
405 free(mechPtr->pParameter); |
399 TRACE1("\t=> freed param %p\n", tmp); |
|
400 free(tmp); |
406 } else { |
401 } else { |
407 TRACE0("DEBUG => Parameter NULL\n"); |
402 TRACE0("\t=> param NULL\n"); |
408 } |
403 } |
409 free(mechPtr); |
404 free(mechPtr); |
|
405 TRACE0("FINISHED\n"); |
410 } |
406 } |
|
407 } |
|
408 |
|
409 /* This function replaces the CK_GCM_PARAMS_NO_IVBITS structure associated |
|
410 * with the specified CK_MECHANISM structure with CK_GCM_PARAMS |
|
411 * structure. |
|
412 * |
|
413 * @param mechPtr pointer to the CK_MECHANISM structure containing |
|
414 * the to-be-converted CK_GCM_PARAMS_NO_IVBITS structure. |
|
415 * @return pointer to the CK_MECHANISM structure containing the |
|
416 * converted CK_GCM_PARAMS structure or NULL if no conversion took place. |
|
417 */ |
|
418 CK_MECHANISM_PTR updateGCMParams(JNIEnv *env, CK_MECHANISM_PTR mechPtr) { |
|
419 CK_GCM_PARAMS* pGcmParams2 = NULL; |
|
420 CK_GCM_PARAMS_NO_IVBITS* pParams = NULL; |
|
421 if ((mechPtr->mechanism == CKM_AES_GCM) && |
|
422 (mechPtr->pParameter != NULL_PTR) && |
|
423 (mechPtr->ulParameterLen == sizeof(CK_GCM_PARAMS_NO_IVBITS))) { |
|
424 pGcmParams2 = calloc(1, sizeof(CK_GCM_PARAMS)); |
|
425 if (pGcmParams2 == NULL) { |
|
426 throwOutOfMemoryError(env, 0); |
|
427 return NULL; |
|
428 } |
|
429 pParams = (CK_GCM_PARAMS_NO_IVBITS*) mechPtr->pParameter; |
|
430 pGcmParams2->pIv = pParams->pIv; |
|
431 pGcmParams2->ulIvLen = pParams->ulIvLen; |
|
432 pGcmParams2->ulIvBits = (pGcmParams2->ulIvLen << 3); |
|
433 pGcmParams2->pAAD = pParams->pAAD; |
|
434 pGcmParams2->ulAADLen = pParams->ulAADLen; |
|
435 pGcmParams2->ulTagBits = pParams->ulTagBits; |
|
436 TRACE1("DEBUG updateGCMParams: pMech %p\n", mechPtr); |
|
437 TRACE2("\t=> GCM param w/o ulIvBits %p => GCM param %p\n", pParams, |
|
438 pGcmParams2); |
|
439 free(pParams); |
|
440 mechPtr->pParameter = pGcmParams2; |
|
441 mechPtr->ulParameterLen = sizeof(CK_GCM_PARAMS); |
|
442 return mechPtr; |
|
443 } else { |
|
444 TRACE0("DEBUG updateGCMParams: no conversion done\n"); |
|
445 } |
|
446 return NULL; |
411 } |
447 } |
412 |
448 |
413 /* |
449 /* |
414 * the following functions convert Java arrays to PKCS#11 array pointers and |
450 * the following functions convert Java arrays to PKCS#11 array pointers and |
415 * their array length and vice versa |
451 * their array length and vice versa |