Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/mobile
 Path: blob/master/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_keymgmt.c
41152 views
1
/*

2
 * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.

3
 */

4


5
/* Copyright  (c) 2002 Graz University of Technology. All rights reserved.

6
 *

7
 * Redistribution and use in  source and binary forms, with or without

8
 * modification, are permitted  provided that the following conditions are met:

9
 *

10
 * 1. Redistributions of  source code must retain the above copyright notice,

11
 *    this list of conditions and the following disclaimer.

12
 *

13
 * 2. Redistributions in  binary form must reproduce the above copyright notice,

14
 *    this list of conditions and the following disclaimer in the documentation

15
 *    and/or other materials provided with the distribution.

16
 *

17
 * 3. The end-user documentation included with the redistribution, if any, must

18
 *    include the following acknowledgment:

19
 *

20
 *    "This product includes software developed by IAIK of Graz University of

21
 *     Technology."

22
 *

23
 *    Alternately, this acknowledgment may appear in the software itself, if

24
 *    and wherever such third-party acknowledgments normally appear.

25
 *

26
 * 4. The names "Graz University of Technology" and "IAIK of Graz University of

27
 *    Technology" must not be used to endorse or promote products derived from

28
 *    this software without prior written permission.

29
 *

30
 * 5. Products derived from this software may not be called

31
 *    "IAIK PKCS Wrapper", nor may "IAIK" appear in their name, without prior

32
 *    written permission of Graz University of Technology.

33
 *

34
 *  THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED

35
 *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

36
 *  WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

37
 *  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE LICENSOR BE

38
 *  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,

39
 *  OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

40
 *  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,

41
 *  OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON

42
 *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,

43
 *  OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

44
 *  OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

45
 *  POSSIBILITY  OF SUCH DAMAGE.

46
 */

47


48
#include "pkcs11wrapper.h"

49


50
#include <stdio.h>

51
#include <stdlib.h>

52
#include <string.h>

53
#include <assert.h>

54


55
#include "sun_security_pkcs11_wrapper_PKCS11.h"

56


57
#ifdef P11_ENABLE_GETNATIVEKEYINFO

58


59
#define CK_ATTRIBUTES_TEMPLATE_LENGTH (CK_ULONG)61U

60


61
static CK_ATTRIBUTE ckpAttributesTemplate[CK_ATTRIBUTES_TEMPLATE_LENGTH] = {

62
        {CKA_CLASS, 0, 0},

63
        {CKA_TOKEN, 0, 0},

64
        {CKA_PRIVATE, 0, 0},

65
        {CKA_LABEL, 0, 0},

66
        {CKA_APPLICATION, 0, 0},

67
        {CKA_VALUE, 0, 0},

68
        {CKA_OBJECT_ID, 0, 0},

69
        {CKA_CERTIFICATE_TYPE, 0, 0},

70
        {CKA_ISSUER, 0, 0},

71
        {CKA_SERIAL_NUMBER, 0, 0},

72
        {CKA_AC_ISSUER, 0, 0},

73
        {CKA_OWNER, 0, 0},

74
        {CKA_ATTR_TYPES, 0, 0},

75
        {CKA_TRUSTED, 0, 0},

76
        {CKA_KEY_TYPE, 0, 0},

77
        {CKA_SUBJECT, 0, 0},

78
        {CKA_ID, 0, 0},

79
        {CKA_SENSITIVE, 0, 0},

80
        {CKA_ENCRYPT, 0, 0},

81
        {CKA_DECRYPT, 0, 0},

82
        {CKA_WRAP, 0, 0},

83
        {CKA_UNWRAP, 0, 0},

84
        {CKA_SIGN, 0, 0},

85
        {CKA_SIGN_RECOVER, 0, 0},

86
        {CKA_VERIFY, 0, 0},

87
        {CKA_VERIFY_RECOVER, 0, 0},

88
        {CKA_DERIVE, 0, 0},

89
        {CKA_START_DATE, 0, 0},

90
        {CKA_END_DATE, 0, 0},

91
        {CKA_MODULUS, 0, 0},

92
        {CKA_MODULUS_BITS, 0, 0},

93
        {CKA_PUBLIC_EXPONENT, 0, 0},

94
        {CKA_PRIVATE_EXPONENT, 0, 0},

95
        {CKA_PRIME_1, 0, 0},

96
        {CKA_PRIME_2, 0, 0},

97
        {CKA_EXPONENT_1, 0, 0},

98
        {CKA_EXPONENT_2, 0, 0},

99
        {CKA_COEFFICIENT, 0, 0},

100
        {CKA_PRIME, 0, 0},

101
        {CKA_SUBPRIME, 0, 0},

102
        {CKA_BASE, 0, 0},

103
        {CKA_PRIME_BITS, 0, 0},

104
        {CKA_SUB_PRIME_BITS, 0, 0},

105
        {CKA_VALUE_BITS, 0, 0},

106
        {CKA_VALUE_LEN, 0, 0},

107
        {CKA_EXTRACTABLE, 0, 0},

108
        {CKA_LOCAL, 0, 0},

109
        {CKA_NEVER_EXTRACTABLE, 0, 0},

110
        {CKA_ALWAYS_SENSITIVE, 0, 0},

111
        {CKA_KEY_GEN_MECHANISM, 0, 0},

112
        {CKA_MODIFIABLE, 0, 0},

113
        {CKA_ECDSA_PARAMS, 0, 0},

114
        {CKA_EC_PARAMS, 0, 0},

115
        {CKA_EC_POINT, 0, 0},

116
        {CKA_SECONDARY_AUTH, 0, 0},

117
        {CKA_AUTH_PIN_FLAGS, 0, 0},

118
        {CKA_HW_FEATURE_TYPE, 0, 0},

119
        {CKA_RESET_ON_INIT, 0, 0},

120
        {CKA_HAS_RESET, 0, 0},

121
        {CKA_VENDOR_DEFINED, 0, 0},

122
        {CKA_NETSCAPE_DB, 0, 0},

123
};

124


125
/*

126
 * Class:     sun_security_pkcs11_wrapper_PKCS11

127
 * Method:    getNativeKeyInfo

128
 * Signature: (JJJLsun/security/pkcs11/wrapper/CK_MECHANISM;)[B

129
 * Parametermapping:                         *PKCS11*

130
 * @param   jlong         jSessionHandle     CK_SESSION_HANDLE hSession

131
 * @param   jlong         jKeyHandle         CK_OBJECT_HANDLE hObject

132
 * @param   jlong         jWrappingKeyHandle CK_OBJECT_HANDLE hObject

133
 * @param   jobject       jWrappingMech      CK_MECHANISM_PTR pMechanism

134
 * @return  jbyteArray    jNativeKeyInfo     -

135
 */

136
JNIEXPORT jbyteArray JNICALL

137
Java_sun_security_pkcs11_wrapper_PKCS11_getNativeKeyInfo

138
    (JNIEnv *env, jobject obj, jlong jSessionHandle, jlong jKeyHandle,

139
    jlong jWrappingKeyHandle, jobject jWrappingMech)

140
{

141
    jbyteArray returnValue = NULL;

142
    CK_SESSION_HANDLE ckSessionHandle = jLongToCKULong(jSessionHandle);

143
    CK_OBJECT_HANDLE ckObjectHandle = jLongToCKULong(jKeyHandle);

144
    CK_ATTRIBUTE_PTR ckpAttributes = NULL;

145
    CK_RV rv;

146
    jbyteArray nativeKeyInfoArray = NULL;

147
    jbyteArray nativeKeyInfoWrappedKeyArray = NULL;

148
    jbyte* nativeKeyInfoArrayRaw = NULL;

149
    jbyte* nativeKeyInfoWrappedKeyArrayRaw = NULL;

150
    unsigned int sensitiveAttributePosition = (unsigned int)-1;

151
    unsigned int i = 0U;

152
    unsigned long totalDataSize = 0UL, attributesCount = 0UL;

153
    unsigned long totalCkAttributesSize = 0UL, totalNativeKeyInfoArraySize = 0UL;

154
    jbyte* wrappedKeySizePtr = NULL;

155
    jbyte* nativeKeyInfoArrayRawCkAttributes = NULL;

156
    jbyte* nativeKeyInfoArrayRawCkAttributesPtr = NULL;

157
    jbyte* nativeKeyInfoArrayRawDataPtr = NULL;

158
    CK_MECHANISM_PTR ckpMechanism = NULL;

159
    char iv[16] = {0x0};

160
    CK_ULONG ckWrappedKeyLength = 0U;

161
    jbyte* wrappedKeySizeWrappedKeyArrayPtr = NULL;

162
    CK_BYTE_PTR wrappedKeyBufferPtr = NULL;

163
    CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);

164
    CK_OBJECT_CLASS class;

165
    CK_KEY_TYPE keyType;

166
    CK_BBOOL sensitive;

167
    CK_BBOOL netscapeAttributeValueNeeded = CK_FALSE;

168
    CK_ATTRIBUTE ckNetscapeAttributesTemplate[4];

169
    ckNetscapeAttributesTemplate[0].type = CKA_CLASS;

170
    ckNetscapeAttributesTemplate[1].type = CKA_KEY_TYPE;

171
    ckNetscapeAttributesTemplate[2].type = CKA_SENSITIVE;

172
    ckNetscapeAttributesTemplate[3].type = CKA_NETSCAPE_DB;

173
    ckNetscapeAttributesTemplate[0].pValue = &class;

174
    ckNetscapeAttributesTemplate[1].pValue = &keyType;

175
    ckNetscapeAttributesTemplate[2].pValue = &sensitive;

176
    ckNetscapeAttributesTemplate[3].pValue = 0;

177
    ckNetscapeAttributesTemplate[0].ulValueLen = sizeof(class);

178
    ckNetscapeAttributesTemplate[1].ulValueLen = sizeof(keyType);

179
    ckNetscapeAttributesTemplate[2].ulValueLen = sizeof(sensitive);

180
    ckNetscapeAttributesTemplate[3].ulValueLen = 0;

181


182
    if (ckpFunctions == NULL) { goto cleanup; }

183


184
    // If key is private and of DSA or EC type, NSS may require CKA_NETSCAPE_DB

185
    // attribute to unwrap it.

186
    rv = (*ckpFunctions->C_GetAttributeValue)(ckSessionHandle, ckObjectHandle,

187
            ckNetscapeAttributesTemplate,

188
            sizeof(ckNetscapeAttributesTemplate)/sizeof(CK_ATTRIBUTE));

189


190
    if (rv == CKR_OK && class == CKO_PRIVATE_KEY &&

191
            (keyType == CKK_EC || keyType == CKK_DSA) &&

192
            sensitive == CK_TRUE &&

193
            ckNetscapeAttributesTemplate[3].ulValueLen == CK_UNAVAILABLE_INFORMATION) {

194
        // We cannot set the attribute through C_SetAttributeValue here

195
        // because it might be read-only. However, we can add it to

196
        // the extracted buffer.

197
        netscapeAttributeValueNeeded = CK_TRUE;

198
        TRACE0("DEBUG: override CKA_NETSCAPE_DB attr value to TRUE\n");

199
    }

200


201
    ckpAttributes = (CK_ATTRIBUTE_PTR) calloc(

202
            CK_ATTRIBUTES_TEMPLATE_LENGTH, sizeof(CK_ATTRIBUTE));

203
    if (ckpAttributes == NULL) {

204
        throwOutOfMemoryError(env, 0);

205
        goto cleanup;

206
    }

207
    memcpy(ckpAttributes, ckpAttributesTemplate,

208
            CK_ATTRIBUTES_TEMPLATE_LENGTH * sizeof(CK_ATTRIBUTE));

209


210
    // Get sizes for value buffers

211
    // NOTE: may return an error code but length values are filled anyways

212
    (*ckpFunctions->C_GetAttributeValue)(ckSessionHandle, ckObjectHandle,

213
            ckpAttributes, CK_ATTRIBUTES_TEMPLATE_LENGTH);

214


215
    for (i = 0; i < CK_ATTRIBUTES_TEMPLATE_LENGTH; i++) {

216
        if ((ckpAttributes+i)->ulValueLen != CK_UNAVAILABLE_INFORMATION) {

217
            totalDataSize += (ckpAttributes+i)->ulValueLen;

218
            if ((ckpAttributes+i)->type == CKA_SENSITIVE) {

219
                 sensitiveAttributePosition = attributesCount;

220
                 TRACE0("DEBUG: GetNativeKeyInfo key is sensitive");

221
            }

222
            attributesCount++;

223
        }

224
    }

225


226
    if (netscapeAttributeValueNeeded) {

227
        attributesCount++;

228
    }

229


230
    // Allocate a single buffer to hold valid attributes and attribute's values

231
    // Buffer structure: [ attributes-size, [ ... attributes ... ],

232
    //                   values-size, [ ... values ... ], wrapped-key-size,

233
    //                   [ ... wrapped-key ... ] ]

234
    //     * sizes are expressed in bytes and data type is unsigned long

235
    totalCkAttributesSize = attributesCount * sizeof(CK_ATTRIBUTE);

236
    TRACE1("DEBUG: GetNativeKeyInfo attributesCount = %lu\n", attributesCount);

237
    TRACE1("DEBUG: GetNativeKeyInfo sizeof CK_ATTRIBUTE = %zu\n", sizeof(CK_ATTRIBUTE));

238
    TRACE1("DEBUG: GetNativeKeyInfo totalCkAttributesSize = %lu\n", totalCkAttributesSize);

239
    TRACE1("DEBUG: GetNativeKeyInfo totalDataSize = %lu\n", totalDataSize);

240


241
    totalNativeKeyInfoArraySize =

242
            totalCkAttributesSize + sizeof(unsigned long) * 3 + totalDataSize;

243


244
    TRACE1("DEBUG: GetNativeKeyInfo totalNativeKeyInfoArraySize = %lu\n", totalNativeKeyInfoArraySize);

245


246
    nativeKeyInfoArray = (*env)->NewByteArray(env, totalNativeKeyInfoArraySize);

247
    if (nativeKeyInfoArray == NULL) {

248
        goto cleanup;

249
    }

250


251
    nativeKeyInfoArrayRaw = (*env)->GetByteArrayElements(env, nativeKeyInfoArray,

252
            NULL);

253
    if (nativeKeyInfoArrayRaw == NULL) {

254
        goto cleanup;

255
    }

256


257
    wrappedKeySizePtr = nativeKeyInfoArrayRaw +

258
            sizeof(unsigned long)*2 + totalCkAttributesSize + totalDataSize;

259
    memcpy(nativeKeyInfoArrayRaw, &totalCkAttributesSize, sizeof(unsigned long));

260


261
    memcpy(nativeKeyInfoArrayRaw + sizeof(unsigned long) + totalCkAttributesSize,

262
        &totalDataSize, sizeof(unsigned long));

263


264
    memset(wrappedKeySizePtr, 0, sizeof(unsigned long));

265


266
    nativeKeyInfoArrayRawCkAttributes = nativeKeyInfoArrayRaw +

267
            sizeof(unsigned long);

268
    nativeKeyInfoArrayRawCkAttributesPtr = nativeKeyInfoArrayRawCkAttributes;

269
    nativeKeyInfoArrayRawDataPtr = nativeKeyInfoArrayRaw +

270
            totalCkAttributesSize + sizeof(unsigned long) * 2;

271


272
    for (i = 0; i < CK_ATTRIBUTES_TEMPLATE_LENGTH; i++) {

273
        if ((ckpAttributes+i)->ulValueLen != CK_UNAVAILABLE_INFORMATION) {

274
            (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).type =

275
                    (ckpAttributes+i)->type;

276
            (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).ulValueLen =

277
                    (ckpAttributes+i)->ulValueLen;

278
            if ((ckpAttributes+i)->ulValueLen != 0) {

279
                (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).pValue =

280
                        nativeKeyInfoArrayRawDataPtr;

281
            } else {

282
                (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).pValue = 0;

283
            }

284
            nativeKeyInfoArrayRawDataPtr +=

285
                    (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).ulValueLen;

286
            nativeKeyInfoArrayRawCkAttributesPtr += sizeof(CK_ATTRIBUTE);

287
        }

288
    }

289


290
    TRACE0("DEBUG: GetNativeKeyInfo finished prepping nativeKeyInfoArray\n");

291


292
    // Get attribute's values

293
    rv = (*ckpFunctions->C_GetAttributeValue)(ckSessionHandle, ckObjectHandle,

294
            (CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributes,

295
            attributesCount);

296
    if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) {

297
        goto cleanup;

298
    }

299


300
    TRACE0("DEBUG: GetNativeKeyInfo 1st C_GetAttributeValue call passed\n");

301


302
    if (netscapeAttributeValueNeeded) {

303
        (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).type = CKA_NETSCAPE_DB;

304
        // Value is not needed, public key is not used

305
    }

306


307
    if ((sensitiveAttributePosition != (unsigned int)-1) &&

308
        *(CK_BBOOL*)(((CK_ATTRIBUTE_PTR)(((CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributes)

309
                +sensitiveAttributePosition))->pValue) == CK_TRUE) {

310
        // Key is sensitive. Need to extract it wrapped.

311
        if (jWrappingKeyHandle != 0) {

312


313
            ckpMechanism = jMechanismToCKMechanismPtr(env, jWrappingMech);

314
            rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, ckpMechanism,

315
                    jLongToCKULong(jWrappingKeyHandle), ckObjectHandle,

316
                    NULL_PTR, &ckWrappedKeyLength);

317
            if (ckWrappedKeyLength != 0) {

318
                // Allocate space for getting the wrapped key

319
                nativeKeyInfoWrappedKeyArray = (*env)->NewByteArray(env,

320
                        totalNativeKeyInfoArraySize + ckWrappedKeyLength);

321
                if (nativeKeyInfoWrappedKeyArray == NULL) {

322
                    goto cleanup;

323
                }

324
                nativeKeyInfoWrappedKeyArrayRaw =

325
                        (*env)->GetByteArrayElements(env,

326
                                nativeKeyInfoWrappedKeyArray, NULL);

327
                if (nativeKeyInfoWrappedKeyArrayRaw == NULL) {

328
                    goto cleanup;

329
                }

330
                memcpy(nativeKeyInfoWrappedKeyArrayRaw, nativeKeyInfoArrayRaw,

331
                        totalNativeKeyInfoArraySize);

332
                wrappedKeySizeWrappedKeyArrayPtr =

333
                        nativeKeyInfoWrappedKeyArrayRaw +

334
                        sizeof(unsigned long)*2 + totalCkAttributesSize +

335
                        totalDataSize;

336
                memcpy(wrappedKeySizeWrappedKeyArrayPtr, &ckWrappedKeyLength, sizeof(unsigned long));

337
                TRACE1("DEBUG: GetNativeKeyInfo 1st C_WrapKey wrappedKeyLength = %lu\n", ckWrappedKeyLength);

338


339
                wrappedKeyBufferPtr =

340
                        (CK_BYTE_PTR) (wrappedKeySizeWrappedKeyArrayPtr +

341
                        sizeof(unsigned long));

342
                rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, ckpMechanism,

343
                        jLongToCKULong(jWrappingKeyHandle),ckObjectHandle,

344
                        wrappedKeyBufferPtr, &ckWrappedKeyLength);

345
                if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) {

346
                    goto cleanup;

347
                }

348
                memcpy(wrappedKeySizeWrappedKeyArrayPtr, &ckWrappedKeyLength, sizeof(unsigned long));

349
                TRACE1("DEBUG: GetNativeKeyInfo 2nd C_WrapKey wrappedKeyLength = %lu\n", ckWrappedKeyLength);

350
            } else {

351
                goto cleanup;

352
            }

353
        } else {

354
            ckAssertReturnValueOK(env, CKR_KEY_HANDLE_INVALID);

355
            goto cleanup;

356
        }

357
        returnValue = nativeKeyInfoWrappedKeyArray;

358
    } else {

359
        returnValue = nativeKeyInfoArray;

360
    }

361


362
cleanup:

363
    if (ckpAttributes != NULL) {

364
        free(ckpAttributes);

365
    }

366


367
    if (nativeKeyInfoArrayRaw != NULL) {

368
        (*env)->ReleaseByteArrayElements(env, nativeKeyInfoArray,

369
                nativeKeyInfoArrayRaw, 0);

370
    }

371


372
    if (nativeKeyInfoWrappedKeyArrayRaw != NULL) {

373
        (*env)->ReleaseByteArrayElements(env, nativeKeyInfoWrappedKeyArray,

374
                nativeKeyInfoWrappedKeyArrayRaw, 0);

375
    }

376


377
    if (nativeKeyInfoArray != NULL && returnValue != nativeKeyInfoArray) {

378
        (*env)->DeleteLocalRef(env, nativeKeyInfoArray);

379
    }

380


381
    if (nativeKeyInfoWrappedKeyArray != NULL

382
            && returnValue != nativeKeyInfoWrappedKeyArray) {

383
        (*env)->DeleteLocalRef(env, nativeKeyInfoWrappedKeyArray);

384
    }

385
    freeCKMechanismPtr(ckpMechanism);

386


387
    return returnValue;

388
}

389
#endif

390


391
#ifdef P11_ENABLE_CREATENATIVEKEY

392
/*

393
 * Class:     sun_security_pkcs11_wrapper_PKCS11

394
 * Method:    createNativeKey

395
 * Signature: (J[BJLsun/security/pkcs11/wrapper/CK_MECHANISM;)J

396
 * Parametermapping:                          *PKCS11*

397
 * @param   jlong         jSessionHandle      CK_SESSION_HANDLE hSession

398
 * @param   jbyteArray    jNativeKeyInfo      -

399
 * @param   jlong         jWrappingKeyHandle  CK_OBJECT_HANDLE hObject

400
 * @param   jobject       jWrappingMech       CK_MECHANISM_PTR pMechanism

401
 * @return  jlong         jKeyHandle          CK_OBJECT_HANDLE hObject

402
 */

403
JNIEXPORT jlong JNICALL

404
Java_sun_security_pkcs11_wrapper_PKCS11_createNativeKey

405
    (JNIEnv *env, jobject obj, jlong jSessionHandle, jbyteArray jNativeKeyInfo,

406
    jlong jWrappingKeyHandle, jobject jWrappingMech)

407
{

408
    CK_OBJECT_HANDLE ckObjectHandle;

409
    CK_RV rv;

410
    CK_SESSION_HANDLE ckSessionHandle = jLongToCKULong(jSessionHandle);

411
    jbyte* nativeKeyInfoArrayRaw = NULL;

412
    jlong jObjectHandle = 0L;

413
    unsigned long totalCkAttributesSize = 0UL;

414
    unsigned long nativeKeyInfoCkAttributesCount = 0UL;

415
    jbyte* nativeKeyInfoArrayRawCkAttributes = NULL;

416
    jbyte* nativeKeyInfoArrayRawCkAttributesPtr = NULL;

417
    jbyte* nativeKeyInfoArrayRawDataPtr = NULL;

418
    unsigned long totalDataSize = 0UL;

419
    jbyte* wrappedKeySizePtr = NULL;

420
    unsigned int i = 0U;

421
    CK_MECHANISM_PTR ckpMechanism = NULL;

422
    char iv[16] = {0x0};

423
    CK_ULONG ckWrappedKeyLength = 0UL;

424
    CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);

425


426
    if (ckpFunctions == NULL) { goto cleanup; }

427


428
    nativeKeyInfoArrayRaw =

429
            (*env)->GetByteArrayElements(env, jNativeKeyInfo, NULL);

430
    if (nativeKeyInfoArrayRaw == NULL) {

431
        goto cleanup;

432
    }

433


434
    memcpy(&totalCkAttributesSize, nativeKeyInfoArrayRaw, sizeof(unsigned long));

435
    TRACE1("DEBUG: createNativeKey totalCkAttributesSize = %lu\n", totalCkAttributesSize);

436
    nativeKeyInfoCkAttributesCount = totalCkAttributesSize/sizeof(CK_ATTRIBUTE);

437
    TRACE1("DEBUG: createNativeKey nativeKeyInfoCkAttributesCount = %lu\n", nativeKeyInfoCkAttributesCount);

438


439
    nativeKeyInfoArrayRawCkAttributes = nativeKeyInfoArrayRaw +

440
            sizeof(unsigned long);

441
    nativeKeyInfoArrayRawCkAttributesPtr = nativeKeyInfoArrayRawCkAttributes;

442
    nativeKeyInfoArrayRawDataPtr = nativeKeyInfoArrayRaw +

443
            totalCkAttributesSize + sizeof(unsigned long) * 2;

444
    memcpy(&totalDataSize, (nativeKeyInfoArrayRaw + totalCkAttributesSize + sizeof(unsigned long)),

445
            sizeof(unsigned long));

446
    TRACE1("DEBUG: createNativeKey totalDataSize = %lu\n", totalDataSize);

447


448
    wrappedKeySizePtr = nativeKeyInfoArrayRaw +

449
            sizeof(unsigned long)*2 + totalCkAttributesSize + totalDataSize;

450


451
    memcpy(&ckWrappedKeyLength, wrappedKeySizePtr, sizeof(unsigned long));

452
    TRACE1("DEBUG: createNativeKey wrappedKeyLength = %lu\n", ckWrappedKeyLength);

453


454
    for (i = 0; i < nativeKeyInfoCkAttributesCount; i++) {

455
        if ((*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).ulValueLen

456
                > 0) {

457
            (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).pValue =

458
                    nativeKeyInfoArrayRawDataPtr;

459
        }

460
        nativeKeyInfoArrayRawDataPtr +=

461
                (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).ulValueLen;

462
        nativeKeyInfoArrayRawCkAttributesPtr += sizeof(CK_ATTRIBUTE);

463
    }

464


465
    if (ckWrappedKeyLength == 0) {

466
        // Not a wrapped key

467
        rv = (*ckpFunctions->C_CreateObject)(ckSessionHandle,

468
                (CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributes,

469
                jLongToCKULong(nativeKeyInfoCkAttributesCount), &ckObjectHandle);

470
    } else {

471
        // Wrapped key

472
        ckpMechanism = jMechanismToCKMechanismPtr(env, jWrappingMech);

473
        rv = (*ckpFunctions->C_UnwrapKey)(ckSessionHandle, ckpMechanism,

474
                jLongToCKULong(jWrappingKeyHandle),

475
                (CK_BYTE_PTR)(wrappedKeySizePtr + sizeof(unsigned long)),

476
                ckWrappedKeyLength,

477
                (CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributes,

478
                jLongToCKULong(nativeKeyInfoCkAttributesCount),

479
                &ckObjectHandle);

480
    }

481
    if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) {

482
        goto cleanup;

483
    }

484


485
    jObjectHandle = ckULongToJLong(ckObjectHandle);

486


487
cleanup:

488


489
    if (nativeKeyInfoArrayRaw != NULL) {

490
        (*env)->ReleaseByteArrayElements(env, jNativeKeyInfo,

491
                nativeKeyInfoArrayRaw, JNI_ABORT);

492
    }

493


494
    freeCKMechanismPtr(ckpMechanism);

495
    return jObjectHandle;

496
}

497
#endif

498


499
#ifdef P11_ENABLE_C_GENERATEKEY

500
/*

501
 * Class:     sun_security_pkcs11_wrapper_PKCS11

502
 * Method:    C_GenerateKey

503
 * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;)J

504
 * Parametermapping:                    *PKCS11*

505
 * @param   jlong jSessionHandle        CK_SESSION_HANDLE hSession

506
 * @param   jobject jMechanism          CK_MECHANISM_PTR pMechanism

507
 * @param   jobjectArray jTemplate      CK_ATTRIBUTE_PTR pTemplate

508
 *                                      CK_ULONG ulCount

509
 * @return  jlong jKeyHandle            CK_OBJECT_HANDLE_PTR phKey

510
 */

511
JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GenerateKey

512
    (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jobjectArray jTemplate)

513
{

514
    CK_SESSION_HANDLE ckSessionHandle;

515
    CK_MECHANISM_PTR ckpMechanism = NULL;

516
    CK_ATTRIBUTE_PTR ckpAttributes = NULL_PTR;

517
    CK_ULONG ckAttributesLength = 0;

518
    CK_OBJECT_HANDLE ckKeyHandle = 0;

519
    jlong jKeyHandle = 0L;

520
    CK_RV rv;

521


522
    CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);

523
    if (ckpFunctions == NULL) { return 0L; }

524


525
    ckSessionHandle = jLongToCKULong(jSessionHandle);

526
    ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism);

527
    if ((*env)->ExceptionCheck(env)) { return 0L ; }

528


529
    jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength);

530
    if ((*env)->ExceptionCheck(env)) {

531
        goto cleanup;

532
    }

533


534
    rv = (*ckpFunctions->C_GenerateKey)(ckSessionHandle, ckpMechanism, ckpAttributes, ckAttributesLength, &ckKeyHandle);

535


536
    if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) {

537
        jKeyHandle = ckULongToJLong(ckKeyHandle);

538


539
        /* cheack, if we must give a initialization vector back to Java */

540
        switch (ckpMechanism->mechanism) {

541
        case CKM_PBE_MD2_DES_CBC:

542
        case CKM_PBE_MD5_DES_CBC:

543
        case CKM_PBE_MD5_CAST_CBC:

544
        case CKM_PBE_MD5_CAST3_CBC:

545
        case CKM_PBE_MD5_CAST128_CBC:

546
        /* case CKM_PBE_MD5_CAST5_CBC:  the same as CKM_PBE_MD5_CAST128_CBC */

547
        case CKM_PBE_SHA1_CAST128_CBC:

548
        /* case CKM_PBE_SHA1_CAST5_CBC: the same as CKM_PBE_SHA1_CAST128_CBC */

549
            /* we must copy back the initialization vector to the jMechanism object */

550
            copyBackPBEInitializationVector(env, ckpMechanism, jMechanism);

551
            break;

552
        }

553
    }

554
cleanup:

555
    freeCKMechanismPtr(ckpMechanism);

556
    freeCKAttributeArray(ckpAttributes, ckAttributesLength);

557


558
    return jKeyHandle ;

559
}

560
#endif

561


562
#ifdef P11_ENABLE_C_GENERATEKEYPAIR

563
/*

564
 * Class:     sun_security_pkcs11_wrapper_PKCS11

565
 * Method:    C_GenerateKeyPair

566
 * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;)[J

567
 * Parametermapping:                          *PKCS11*

568
 * @param   jlong jSessionHandle              CK_SESSION_HANDLE hSession

569
 * @param   jobject jMechanism                CK_MECHANISM_PTR pMechanism

570
 * @param   jobjectArray jPublicKeyTemplate   CK_ATTRIBUTE_PTR pPublicKeyTemplate

571
 *                                            CK_ULONG ulPublicKeyAttributeCount

572
 * @param   jobjectArray jPrivateKeyTemplate  CK_ATTRIBUTE_PTR pPrivateKeyTemplate

573
 *                                            CK_ULONG ulPrivateKeyAttributeCount

574
 * @return  jlongArray jKeyHandles            CK_OBJECT_HANDLE_PTR phPublicKey

575
 *                                            CK_OBJECT_HANDLE_PTR phPublicKey

576
 */

577
JNIEXPORT jlongArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GenerateKeyPair

578
    (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism,

579
     jobjectArray jPublicKeyTemplate, jobjectArray jPrivateKeyTemplate)

580
{

581
    CK_SESSION_HANDLE ckSessionHandle;

582
    CK_MECHANISM_PTR ckpMechanism = NULL;

583
    CK_ATTRIBUTE_PTR ckpPublicKeyAttributes = NULL_PTR;

584
    CK_ATTRIBUTE_PTR ckpPrivateKeyAttributes = NULL_PTR;

585
    CK_ULONG ckPublicKeyAttributesLength = 0;

586
    CK_ULONG ckPrivateKeyAttributesLength = 0;

587
    CK_OBJECT_HANDLE_PTR ckpPublicKeyHandle;  /* pointer to Public Key */

588
    CK_OBJECT_HANDLE_PTR ckpPrivateKeyHandle; /* pointer to Private Key */

589
    CK_OBJECT_HANDLE_PTR ckpKeyHandles = NULL; /* pointer to array with Public and Private Key */

590
    jlongArray jKeyHandles = NULL;

591
    CK_RV rv;

592
    int attempts;

593
    const int MAX_ATTEMPTS = 3;

594


595
    CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);

596
    if (ckpFunctions == NULL) { return NULL; }

597


598
    ckSessionHandle = jLongToCKULong(jSessionHandle);

599
    ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism);

600
    if ((*env)->ExceptionCheck(env)) { return NULL; }

601


602
    ckpKeyHandles = (CK_OBJECT_HANDLE_PTR) calloc(2, sizeof(CK_OBJECT_HANDLE));

603
    if (ckpKeyHandles == NULL) {

604
        throwOutOfMemoryError(env, 0);

605
        goto cleanup;

606
    }

607
    ckpPublicKeyHandle = ckpKeyHandles;   /* first element of array is Public Key */

608
    ckpPrivateKeyHandle = (ckpKeyHandles + 1);  /* second element of array is Private Key */

609


610
    jAttributeArrayToCKAttributeArray(env, jPublicKeyTemplate, &ckpPublicKeyAttributes, &ckPublicKeyAttributesLength);

611
    if ((*env)->ExceptionCheck(env)) {

612
        goto cleanup;

613
    }

614


615
    jAttributeArrayToCKAttributeArray(env, jPrivateKeyTemplate, &ckpPrivateKeyAttributes, &ckPrivateKeyAttributesLength);

616
    if ((*env)->ExceptionCheck(env)) {

617
        goto cleanup;

618
    }

619


620
    /*

621
     * Workaround for NSS bug 1012786:

622
     *

623
     * Key generation may fail with CKR_FUNCTION_FAILED error

624
     * if there is insufficient entropy to generate a random key.

625
     *

626
     * PKCS11 spec says the following about CKR_FUNCTION_FAILED error

627
     * (see section 11.1.1):

628
     *

629
     *      ... In any event, although the function call failed, the situation

630
     *      is not necessarily totally hopeless, as it is likely to be

631
     *      when CKR_GENERAL_ERROR is returned. Depending on what the root cause of

632
     *      the error actually was, it is possible that an attempt

633
     *      to make the exact same function call again would succeed.

634
     *

635
     * Call C_GenerateKeyPair() several times if CKR_FUNCTION_FAILED occurs.

636
     */

637
    for (attempts = 0; attempts < MAX_ATTEMPTS; attempts++) {

638
        rv = (*ckpFunctions->C_GenerateKeyPair)(ckSessionHandle, ckpMechanism,

639
                        ckpPublicKeyAttributes, ckPublicKeyAttributesLength,

640
                        ckpPrivateKeyAttributes, ckPrivateKeyAttributesLength,

641
                        ckpPublicKeyHandle, ckpPrivateKeyHandle);

642
        if (rv == CKR_FUNCTION_FAILED) {

643
            printDebug("C_1GenerateKeyPair(): C_GenerateKeyPair() failed \

644
                    with CKR_FUNCTION_FAILED error, try again\n");

645
        } else {

646
            break;

647
        }

648
    }

649


650
    if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) {

651
        jKeyHandles = ckULongArrayToJLongArray(env, ckpKeyHandles, 2);

652
    }

653


654
cleanup:

655
    freeCKMechanismPtr(ckpMechanism);

656
    free(ckpKeyHandles);

657
    freeCKAttributeArray(ckpPublicKeyAttributes, ckPublicKeyAttributesLength);

658
    freeCKAttributeArray(ckpPrivateKeyAttributes, ckPrivateKeyAttributesLength);

659
    return jKeyHandles ;

660
}

661
#endif

662


663
#ifdef P11_ENABLE_C_WRAPKEY

664
/*

665
 * Class:     sun_security_pkcs11_wrapper_PKCS11

666
 * Method:    C_WrapKey

667
 * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;JJ)[B

668
 * Parametermapping:                    *PKCS11*

669
 * @param   jlong jSessionHandle        CK_SESSION_HANDLE hSession

670
 * @param   jobject jMechanism          CK_MECHANISM_PTR pMechanism

671
 * @param   jlong jWrappingKeyHandle    CK_OBJECT_HANDLE hWrappingKey

672
 * @param   jlong jKeyHandle            CK_OBJECT_HANDLE hKey

673
 * @return  jbyteArray jWrappedKey      CK_BYTE_PTR pWrappedKey

674
 *                                      CK_ULONG_PTR pulWrappedKeyLen

675
 */

676
JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1WrapKey

677
    (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jWrappingKeyHandle, jlong jKeyHandle)

678
{

679
    CK_SESSION_HANDLE ckSessionHandle;

680
    CK_MECHANISM_PTR ckpMechanism = NULL;

681
    CK_OBJECT_HANDLE ckWrappingKeyHandle;

682
    CK_OBJECT_HANDLE ckKeyHandle;

683
    jbyteArray jWrappedKey = NULL;

684
    CK_RV rv;

685
    CK_BYTE BUF[MAX_STACK_BUFFER_LEN];

686
    CK_BYTE_PTR ckpWrappedKey = BUF;

687
    CK_ULONG ckWrappedKeyLength = MAX_STACK_BUFFER_LEN;

688


689
    CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);

690
    if (ckpFunctions == NULL) { return NULL; }

691


692
    ckSessionHandle = jLongToCKULong(jSessionHandle);

693
    ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism);

694
    if ((*env)->ExceptionCheck(env)) { return NULL; }

695


696
    ckWrappingKeyHandle = jLongToCKULong(jWrappingKeyHandle);

697
    ckKeyHandle = jLongToCKULong(jKeyHandle);

698


699
    rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, ckpMechanism, ckWrappingKeyHandle, ckKeyHandle, ckpWrappedKey, &ckWrappedKeyLength);

700
    if (rv == CKR_BUFFER_TOO_SMALL) {

701
        ckpWrappedKey = (CK_BYTE_PTR)

702
                calloc(ckWrappedKeyLength, sizeof(CK_BYTE));

703
        if (ckpWrappedKey == NULL) {

704
            throwOutOfMemoryError(env, 0);

705
            goto cleanup;

706
        }

707


708
        rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, ckpMechanism, ckWrappingKeyHandle, ckKeyHandle, ckpWrappedKey, &ckWrappedKeyLength);

709
    }

710
    if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) {

711
        jWrappedKey = ckByteArrayToJByteArray(env, ckpWrappedKey, ckWrappedKeyLength);

712
    }

713


714
cleanup:

715
    if (ckpWrappedKey != BUF) { free(ckpWrappedKey); }

716
    freeCKMechanismPtr(ckpMechanism);

717


718
    return jWrappedKey ;

719
}

720
#endif

721


722
#ifdef P11_ENABLE_C_UNWRAPKEY

723
/*

724
 * Class:     sun_security_pkcs11_wrapper_PKCS11

725
 * Method:    C_UnwrapKey

726
 * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;J[B[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;)J

727
 * Parametermapping:                    *PKCS11*

728
 * @param   jlong jSessionHandle        CK_SESSION_HANDLE hSession

729
 * @param   jobject jMechanism          CK_MECHANISM_PTR pMechanism

730
 * @param   jlong jUnwrappingKeyHandle  CK_OBJECT_HANDLE hUnwrappingKey

731
 * @param   jbyteArray jWrappedKey      CK_BYTE_PTR pWrappedKey

732
 *                                      CK_ULONG_PTR pulWrappedKeyLen

733
 * @param   jobjectArray jTemplate      CK_ATTRIBUTE_PTR pTemplate

734
 *                                      CK_ULONG ulCount

735
 * @return  jlong jKeyHandle            CK_OBJECT_HANDLE_PTR phKey

736
 */

737
JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1UnwrapKey

738
    (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jUnwrappingKeyHandle,

739
     jbyteArray jWrappedKey, jobjectArray jTemplate)

740
{

741
    CK_SESSION_HANDLE ckSessionHandle;

742
    CK_MECHANISM_PTR ckpMechanism = NULL;

743
    CK_OBJECT_HANDLE ckUnwrappingKeyHandle;

744
    CK_BYTE_PTR ckpWrappedKey = NULL_PTR;

745
    CK_ULONG ckWrappedKeyLength;

746
    CK_ATTRIBUTE_PTR ckpAttributes = NULL_PTR;

747
    CK_ULONG ckAttributesLength = 0;

748
    CK_OBJECT_HANDLE ckKeyHandle = 0;

749
    jlong jKeyHandle = 0L;

750
    CK_RV rv;

751


752
    CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);

753
    if (ckpFunctions == NULL) { return 0L; }

754


755
    ckSessionHandle = jLongToCKULong(jSessionHandle);

756
    ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism);

757
    if ((*env)->ExceptionCheck(env)) { return 0L; }

758


759
    ckUnwrappingKeyHandle = jLongToCKULong(jUnwrappingKeyHandle);

760
    jByteArrayToCKByteArray(env, jWrappedKey, &ckpWrappedKey, &ckWrappedKeyLength);

761
    if ((*env)->ExceptionCheck(env)) {

762
        goto cleanup;

763
    }

764


765
    jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength);

766
    if ((*env)->ExceptionCheck(env)) {

767
        goto cleanup;

768
    }

769


770


771
    rv = (*ckpFunctions->C_UnwrapKey)(ckSessionHandle, ckpMechanism, ckUnwrappingKeyHandle,

772
                 ckpWrappedKey, ckWrappedKeyLength,

773
                 ckpAttributes, ckAttributesLength, &ckKeyHandle);

774


775
    if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) {

776
        jKeyHandle = ckLongToJLong(ckKeyHandle);

777


778
#if 0

779
        /* cheack, if we must give a initialization vector back to Java */

780
        if (ckpMechanism->mechanism == CKM_KEY_WRAP_SET_OAEP) {

781
            /* we must copy back the unwrapped key info to the jMechanism object */

782
            copyBackSetUnwrappedKey(env, ckpMechanism, jMechanism);

783
        }

784
#endif

785
    }

786
cleanup:

787
    freeCKMechanismPtr(ckpMechanism);

788
    freeCKAttributeArray(ckpAttributes, ckAttributesLength);

789
    free(ckpWrappedKey);

790


791
    return jKeyHandle ;

792
}

793
#endif

794


795
#ifdef P11_ENABLE_C_DERIVEKEY

796


797
/*

798
 * Copy back the PRF output to Java.

799
 */

800
void copyBackTLSPrfParams(JNIEnv *env, CK_MECHANISM_PTR ckpMechanism, jobject jMechanism)

801
{

802
    jclass jMechanismClass, jTLSPrfParamsClass;

803
    CK_TLS_PRF_PARAMS *ckTLSPrfParams;

804
    jobject jTLSPrfParams;

805
    jfieldID fieldID;

806
    CK_MECHANISM_TYPE ckMechanismType;

807
    jlong jMechanismType;

808
    CK_BYTE_PTR output;

809
    jobject jOutput;

810
    jint jLength;

811
    jbyte* jBytes;

812
    int i;

813


814
    /* get mechanism */

815
    jMechanismClass = (*env)->FindClass(env, CLASS_MECHANISM);

816
    if (jMechanismClass == NULL) { return; }

817
    fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J");

818
    if (fieldID == NULL) { return; }

819
    jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID);

820
    ckMechanismType = jLongToCKULong(jMechanismType);

821
    if (ckMechanismType != ckpMechanism->mechanism) {

822
        /* we do not have maching types, this should not occur */

823
        return;

824
    }

825


826
    /* get the native CK_TLS_PRF_PARAMS */

827
    ckTLSPrfParams = (CK_TLS_PRF_PARAMS *) ckpMechanism->pParameter;

828
    if (ckTLSPrfParams != NULL_PTR) {

829
        /* get the Java CK_TLS_PRF_PARAMS object (pParameter) */

830
        fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;");

831
        if (fieldID == NULL) { return; }

832
        jTLSPrfParams = (*env)->GetObjectField(env, jMechanism, fieldID);

833


834
        /* copy back the client IV */

835
        jTLSPrfParamsClass = (*env)->FindClass(env, CLASS_TLS_PRF_PARAMS);

836
        if (jTLSPrfParamsClass == NULL) { return; }

837
        fieldID = (*env)->GetFieldID(env, jTLSPrfParamsClass, "pOutput", "[B");

838
        if (fieldID == NULL) { return; }

839
        jOutput = (*env)->GetObjectField(env, jTLSPrfParams, fieldID);

840
        output = ckTLSPrfParams->pOutput;

841


842
        // Note: we assume that the token returned exactly as many bytes as we

843
        // requested. Anything else would not make sense.

844
        if (jOutput != NULL) {

845
            jLength = (*env)->GetArrayLength(env, jOutput);

846
            jBytes = (*env)->GetByteArrayElements(env, jOutput, NULL);

847
            if (jBytes == NULL) { return; }

848


849
            /* copy the bytes to the Java buffer */

850
            for (i=0; i < jLength; i++) {

851
                jBytes[i] = ckByteToJByte(output[i]);

852
            }

853
            /* copy back the Java buffer to the object */

854
            (*env)->ReleaseByteArrayElements(env, jOutput, jBytes, 0);

855
        }

856
    }

857
}

858


859
/*

860
 * Class:     sun_security_pkcs11_wrapper_PKCS11

861
 * Method:    C_DeriveKey

862
 * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;J[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;)J

863
 * Parametermapping:                    *PKCS11*

864
 * @param   jlong jSessionHandle        CK_SESSION_HANDLE hSession

865
 * @param   jobject jMechanism          CK_MECHANISM_PTR pMechanism

866
 * @param   jlong jBaseKeyHandle        CK_OBJECT_HANDLE hBaseKey

867
 * @param   jobjectArray jTemplate      CK_ATTRIBUTE_PTR pTemplate

868
 *                                      CK_ULONG ulCount

869
 * @return  jlong jKeyHandle            CK_OBJECT_HANDLE_PTR phKey

870
 */

871
JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DeriveKey

872
    (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jBaseKeyHandle, jobjectArray jTemplate)

873
{

874
    CK_SESSION_HANDLE ckSessionHandle;

875
    CK_MECHANISM_PTR ckpMechanism = NULL;

876
    CK_OBJECT_HANDLE ckBaseKeyHandle;

877
    CK_ATTRIBUTE_PTR ckpAttributes = NULL_PTR;

878
    CK_ULONG ckAttributesLength = 0;

879
    CK_OBJECT_HANDLE ckKeyHandle = 0;

880
    jlong jKeyHandle = 0L;

881
    CK_RV rv;

882
    CK_OBJECT_HANDLE_PTR phKey = &ckKeyHandle;

883


884
    CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);

885
    if (ckpFunctions == NULL) { return 0L; }

886


887
    ckSessionHandle = jLongToCKULong(jSessionHandle);

888
    ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism);

889
    if ((*env)->ExceptionCheck(env)) { return 0L; }

890


891
    ckBaseKeyHandle = jLongToCKULong(jBaseKeyHandle);

892
    jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength);

893
    if ((*env)->ExceptionCheck(env)) {

894
        goto cleanup;

895
    }

896


897
    switch (ckpMechanism->mechanism) {

898
    case CKM_SSL3_KEY_AND_MAC_DERIVE:

899
    case CKM_TLS_KEY_AND_MAC_DERIVE:

900
    case CKM_TLS12_KEY_AND_MAC_DERIVE:

901
    case CKM_TLS_PRF:

902
        // these mechanism do not return a key handle via phKey

903
        // set to NULL in case pedantic implementations check for it

904
        phKey = NULL;

905
        break;

906
    default:

907
        // empty

908
        break;

909
    }

910


911
    rv = (*ckpFunctions->C_DeriveKey)(ckSessionHandle, ckpMechanism, ckBaseKeyHandle,

912
                 ckpAttributes, ckAttributesLength, phKey);

913


914
    jKeyHandle = ckLongToJLong(ckKeyHandle);

915


916
    switch (ckpMechanism->mechanism) {

917
    case CKM_SSL3_MASTER_KEY_DERIVE:

918
    case CKM_TLS_MASTER_KEY_DERIVE:

919
        /* we must copy back the client version */

920
        ssl3CopyBackClientVersion(env, ckpMechanism, jMechanism);

921
        break;

922
    case CKM_TLS12_MASTER_KEY_DERIVE:

923
        tls12CopyBackClientVersion(env, ckpMechanism, jMechanism);

924
        break;

925
    case CKM_SSL3_KEY_AND_MAC_DERIVE:

926
    case CKM_TLS_KEY_AND_MAC_DERIVE:

927
        /* we must copy back the unwrapped key info to the jMechanism object */

928
        ssl3CopyBackKeyMatParams(env, ckpMechanism, jMechanism);

929
        break;

930
    case CKM_TLS12_KEY_AND_MAC_DERIVE:

931
        /* we must copy back the unwrapped key info to the jMechanism object */

932
        tls12CopyBackKeyMatParams(env, ckpMechanism, jMechanism);

933
        break;

934
    case CKM_TLS_PRF:

935
        copyBackTLSPrfParams(env, ckpMechanism, jMechanism);

936
        break;

937
    default:

938
        // empty

939
        break;

940
    }

941
    if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) {

942
        jKeyHandle =0L;

943
    }

944


945
cleanup:

946
    freeCKMechanismPtr(ckpMechanism);

947
    freeCKAttributeArray(ckpAttributes, ckAttributesLength);

948


949
    return jKeyHandle ;

950
}

951


952
static void copyBackClientVersion(JNIEnv *env, CK_MECHANISM_PTR ckpMechanism, jobject jMechanism,

953
        CK_VERSION *ckVersion, const char *class_master_key_derive_params)

954
{

955
    jclass jMasterKeyDeriveParamsClass, jMechanismClass, jVersionClass;

956
    jobject jMasterKeyDeriveParams;

957
    jfieldID fieldID;

958
    CK_MECHANISM_TYPE ckMechanismType;

959
    jlong jMechanismType;

960
    jobject jVersion;

961


962
    /* get mechanism */

963
    jMechanismClass = (*env)->FindClass(env, CLASS_MECHANISM);

964
    if (jMechanismClass == NULL) { return; }

965
    fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J");

966
    if (fieldID == NULL) { return; }

967
    jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID);

968
    ckMechanismType = jLongToCKULong(jMechanismType);

969
    if (ckMechanismType != ckpMechanism->mechanism) {

970
        /* we do not have maching types, this should not occur */

971
        return;

972
    }

973


974
    if (ckVersion != NULL_PTR) {

975
      /* get the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS (pParameter) */

976
      fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;");

977
      if (fieldID == NULL) { return; }

978


979
      jMasterKeyDeriveParams = (*env)->GetObjectField(env, jMechanism, fieldID);

980


981
      /* get the Java CK_VERSION */

982
      jMasterKeyDeriveParamsClass = (*env)->FindClass(env, class_master_key_derive_params);

983
      if (jMasterKeyDeriveParamsClass == NULL) { return; }

984
      fieldID = (*env)->GetFieldID(env, jMasterKeyDeriveParamsClass,

985
              "pVersion", "L"CLASS_VERSION";");

986
      if (fieldID == NULL) { return; }

987
      jVersion = (*env)->GetObjectField(env, jMasterKeyDeriveParams, fieldID);

988


989
      /* now copy back the version from the native structure to the Java structure */

990


991
      /* copy back the major version */

992
      jVersionClass = (*env)->FindClass(env, CLASS_VERSION);

993
      if (jVersionClass == NULL) { return; }

994
      fieldID = (*env)->GetFieldID(env, jVersionClass, "major", "B");

995
      if (fieldID == NULL) { return; }

996
      (*env)->SetByteField(env, jVersion, fieldID, ckByteToJByte(ckVersion->major));

997


998
      /* copy back the minor version */

999
      fieldID = (*env)->GetFieldID(env, jVersionClass, "minor", "B");

1000
      if (fieldID == NULL) { return; }

1001
      (*env)->SetByteField(env, jVersion, fieldID, ckByteToJByte(ckVersion->minor));

1002
    }

1003
}

1004


1005
/*

1006
 * Copy back the client version information from the native

1007
 * structure to the Java object. This is only used for

1008
 * CKM_SSL3_MASTER_KEY_DERIVE and CKM_TLS_MASTER_KEY_DERIVE

1009
 * mechanisms when used for deriving a key.

1010
 *

1011
 */

1012
void ssl3CopyBackClientVersion(JNIEnv *env, CK_MECHANISM_PTR ckpMechanism,

1013
        jobject jMechanism)

1014
{

1015
    CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ckSSL3MasterKeyDeriveParams;

1016
    ckSSL3MasterKeyDeriveParams =

1017
            (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *)ckpMechanism->pParameter;

1018
    if (ckSSL3MasterKeyDeriveParams != NULL_PTR) {

1019
        copyBackClientVersion(env, ckpMechanism, jMechanism,

1020
                ckSSL3MasterKeyDeriveParams->pVersion,

1021
                CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS);

1022
    }

1023
}

1024


1025
/*

1026
 * Copy back the client version information from the native

1027
 * structure to the Java object. This is only used for

1028
 * CKM_TLS12_MASTER_KEY_DERIVE mechanism when used for deriving a key.

1029
 *

1030
 */

1031
void tls12CopyBackClientVersion(JNIEnv *env, CK_MECHANISM_PTR ckpMechanism,

1032
        jobject jMechanism)

1033
{

1034
    CK_TLS12_MASTER_KEY_DERIVE_PARAMS *ckTLS12MasterKeyDeriveParams;

1035
    ckTLS12MasterKeyDeriveParams =

1036
            (CK_TLS12_MASTER_KEY_DERIVE_PARAMS *)ckpMechanism->pParameter;

1037
    if (ckTLS12MasterKeyDeriveParams != NULL_PTR) {

1038
        copyBackClientVersion(env, ckpMechanism, jMechanism,

1039
                ckTLS12MasterKeyDeriveParams->pVersion,

1040
                CLASS_TLS12_MASTER_KEY_DERIVE_PARAMS);

1041
    }

1042
}

1043


1044
static void copyBackKeyMatParams(JNIEnv *env, CK_MECHANISM_PTR ckpMechanism,

1045
        jobject jMechanism, CK_SSL3_RANDOM_DATA *RandomInfo,

1046
        CK_SSL3_KEY_MAT_OUT_PTR ckSSL3KeyMatOut, const char *class_key_mat_params)

1047
{

1048
    jclass jMechanismClass, jKeyMatParamsClass, jSSL3KeyMatOutClass;

1049
    jfieldID fieldID;

1050
    CK_MECHANISM_TYPE ckMechanismType;

1051
    jlong jMechanismType;

1052
    CK_BYTE_PTR iv;

1053
    jobject jKeyMatParam;

1054
    jobject jSSL3KeyMatOut;

1055
    jobject jIV;

1056
    jint jLength;

1057
    jbyte* jBytes;

1058
    int i;

1059


1060
    /* get mechanism */

1061
    jMechanismClass= (*env)->FindClass(env, CLASS_MECHANISM);

1062
    if (jMechanismClass == NULL) { return; }

1063
    fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J");

1064
    if (fieldID == NULL) { return; }

1065
    jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID);

1066
    ckMechanismType = jLongToCKULong(jMechanismType);

1067
    if (ckMechanismType != ckpMechanism->mechanism) {

1068
        /* we do not have maching types, this should not occur */

1069
        return;

1070
    }

1071


1072
    if (ckSSL3KeyMatOut != NULL_PTR) {

1073
      /* get the Java params object (pParameter) */

1074
      fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter",

1075
              "Ljava/lang/Object;");

1076
      if (fieldID == NULL) { return; }

1077
      jKeyMatParam = (*env)->GetObjectField(env, jMechanism, fieldID);

1078


1079
      /* get the Java CK_SSL3_KEY_MAT_OUT */

1080
      jKeyMatParamsClass = (*env)->FindClass(env, class_key_mat_params);

1081
      if (jKeyMatParamsClass == NULL) { return; }

1082
      fieldID = (*env)->GetFieldID(env, jKeyMatParamsClass,

1083
              "pReturnedKeyMaterial", "L"CLASS_SSL3_KEY_MAT_OUT";");

1084
      if (fieldID == NULL) { return; }

1085
      jSSL3KeyMatOut = (*env)->GetObjectField(env, jKeyMatParam, fieldID);

1086


1087
      /* now copy back all the key handles and the initialization vectors */

1088
      /* copy back client MAC secret handle */

1089
      jSSL3KeyMatOutClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_OUT);

1090
      if (jSSL3KeyMatOutClass == NULL) { return; }

1091
      fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass,

1092
              "hClientMacSecret", "J");

1093
      if (fieldID == NULL) { return; }

1094
      (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID,

1095
              ckULongToJLong(ckSSL3KeyMatOut->hClientMacSecret));

1096


1097
      /* copy back server MAC secret handle */

1098
      fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass,

1099
              "hServerMacSecret", "J");

1100
      if (fieldID == NULL) { return; }

1101
      (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID,

1102
              ckULongToJLong(ckSSL3KeyMatOut->hServerMacSecret));

1103


1104
      /* copy back client secret key handle */

1105
      fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hClientKey", "J");

1106
      if (fieldID == NULL) { return; }

1107
      (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID,

1108
              ckULongToJLong(ckSSL3KeyMatOut->hClientKey));

1109


1110
      /* copy back server secret key handle */

1111
      fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hServerKey", "J");

1112
      if (fieldID == NULL) { return; }

1113
      (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID,

1114
              ckULongToJLong(ckSSL3KeyMatOut->hServerKey));

1115


1116
      /* copy back the client IV */

1117
      fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "pIVClient", "[B");

1118
      if (fieldID == NULL) { return; }

1119
      jIV = (*env)->GetObjectField(env, jSSL3KeyMatOut, fieldID);

1120
      iv = ckSSL3KeyMatOut->pIVClient;

1121


1122
      if (jIV != NULL) {

1123
        jLength = (*env)->GetArrayLength(env, jIV);

1124
        jBytes = (*env)->GetByteArrayElements(env, jIV, NULL);

1125
        if (jBytes == NULL) { return; }

1126
        /* copy the bytes to the Java buffer */

1127
        for (i=0; i < jLength; i++) {

1128
          jBytes[i] = ckByteToJByte(iv[i]);

1129
        }

1130
        /* copy back the Java buffer to the object */

1131
        (*env)->ReleaseByteArrayElements(env, jIV, jBytes, 0);

1132
      }

1133


1134
      /* copy back the server IV */

1135
      fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "pIVServer", "[B");

1136
      if (fieldID == NULL) { return; }

1137
      jIV = (*env)->GetObjectField(env, jSSL3KeyMatOut, fieldID);

1138
      iv = ckSSL3KeyMatOut->pIVServer;

1139


1140
      if (jIV != NULL) {

1141
        jLength = (*env)->GetArrayLength(env, jIV);

1142
        jBytes = (*env)->GetByteArrayElements(env, jIV, NULL);

1143
        if (jBytes == NULL) { return; }

1144
        /* copy the bytes to the Java buffer */

1145
        for (i=0; i < jLength; i++) {

1146
          jBytes[i] = ckByteToJByte(iv[i]);

1147
        }

1148
        /* copy back the Java buffer to the object */

1149
        (*env)->ReleaseByteArrayElements(env, jIV, jBytes, 0);

1150
      }

1151
    }

1152
}

1153


1154
/*

1155
 * Copy back the derived keys and initialization vectors from the native

1156
 * structure to the Java object. This is only used for

1157
 * CKM_SSL3_KEY_AND_MAC_DERIVE and CKM_TLS_KEY_AND_MAC_DERIVE mechanisms

1158
 * when used for deriving a key.

1159
 *

1160
 */

1161
void ssl3CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM_PTR ckpMechanism,

1162
        jobject jMechanism)

1163
{

1164
    CK_SSL3_KEY_MAT_PARAMS *ckSSL3KeyMatParam;

1165
    ckSSL3KeyMatParam = (CK_SSL3_KEY_MAT_PARAMS *)ckpMechanism->pParameter;

1166
    if (ckSSL3KeyMatParam != NULL_PTR) {

1167
        copyBackKeyMatParams(env, ckpMechanism, jMechanism,

1168
                &(ckSSL3KeyMatParam->RandomInfo),

1169
                ckSSL3KeyMatParam->pReturnedKeyMaterial,

1170
                CLASS_SSL3_KEY_MAT_PARAMS);

1171
    }

1172
}

1173


1174
/*

1175
 * Copy back the derived keys and initialization vectors from the native

1176
 * structure to the Java object. This is only used for

1177
 * CKM_TLS12_KEY_AND_MAC_DERIVE mechanism when used for deriving a key.

1178
 *

1179
 */

1180
void tls12CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM_PTR ckpMechanism,

1181
        jobject jMechanism)

1182
{

1183
    CK_TLS12_KEY_MAT_PARAMS *ckTLS12KeyMatParam;

1184
    ckTLS12KeyMatParam = (CK_TLS12_KEY_MAT_PARAMS *)ckpMechanism->pParameter;

1185
    if (ckTLS12KeyMatParam != NULL_PTR) {

1186
        copyBackKeyMatParams(env, ckpMechanism, jMechanism,

1187
                &(ckTLS12KeyMatParam->RandomInfo),

1188
                ckTLS12KeyMatParam->pReturnedKeyMaterial,

1189
                CLASS_TLS12_KEY_MAT_PARAMS);

1190
    }

1191
}

1192


1193
#endif

1194


1195