stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8132082: Let OracleUcrypto accept RSAPrivateKey

Browse Source 
Reviewed-by: xuelei, valeriep, coffeys
This commit is contained in:
Valerie Peng 2015-09-04 15:28:01 +03:00 committed by Ivan Gerasimov
parent 33994176ee
commit a8cbc27bce
7 changed files with 216 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
jdk/make/mapfiles/libj2ucrypto/mapfile-vers
View File

@ -1,5 +1,5 @@
# #
# Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. # Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
# #
# This code is free software; you can redistribute it and/or modify it # This code is free software; you can redistribute it and/or modify it
@ -39,6 +39,7 @@ SUNWprivate_1.1 {
Java_com_oracle_security_ucrypto_NativeCipher_nativeUpdate; Java_com_oracle_security_ucrypto_NativeCipher_nativeUpdate;
Java_com_oracle_security_ucrypto_NativeCipher_nativeFinal; Java_com_oracle_security_ucrypto_NativeCipher_nativeFinal;
Java_com_oracle_security_ucrypto_NativeKey_nativeFree; Java_com_oracle_security_ucrypto_NativeKey_nativeFree;
Java_com_oracle_security_ucrypto_NativeKey_00024RSAPrivate_nativeInit;
Java_com_oracle_security_ucrypto_NativeKey_00024RSAPrivateCrt_nativeInit; Java_com_oracle_security_ucrypto_NativeKey_00024RSAPrivateCrt_nativeInit;
Java_com_oracle_security_ucrypto_NativeKey_00024RSAPublic_nativeInit; Java_com_oracle_security_ucrypto_NativeKey_00024RSAPublic_nativeInit;
Java_com_oracle_security_ucrypto_NativeRSASignature_nativeInit; Java_com_oracle_security_ucrypto_NativeRSASignature_nativeInit;
@ -56,6 +57,7 @@ SUNWprivate_1.1 {
JavaCritical_com_oracle_security_ucrypto_NativeCipher_nativeUpdate; JavaCritical_com_oracle_security_ucrypto_NativeCipher_nativeUpdate;
JavaCritical_com_oracle_security_ucrypto_NativeCipher_nativeFinal; JavaCritical_com_oracle_security_ucrypto_NativeCipher_nativeFinal;
JavaCritical_com_oracle_security_ucrypto_NativeKey_nativeFree; JavaCritical_com_oracle_security_ucrypto_NativeKey_nativeFree;
JavaCritical_com_oracle_security_ucrypto_NativeKey_00024RSAPrivate_nativeInit;
JavaCritical_com_oracle_security_ucrypto_NativeKey_00024RSAPrivateCrt_nativeInit; JavaCritical_com_oracle_security_ucrypto_NativeKey_00024RSAPrivateCrt_nativeInit;
JavaCritical_com_oracle_security_ucrypto_NativeKey_00024RSAPublic_nativeInit; JavaCritical_com_oracle_security_ucrypto_NativeKey_00024RSAPublic_nativeInit;
JavaCritical_com_oracle_security_ucrypto_NativeRSASignature_nativeInit; JavaCritical_com_oracle_security_ucrypto_NativeRSASignature_nativeInit;

55
jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeKey.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -31,19 +31,9 @@ import java.util.concurrent.ConcurrentSkipListSet;
import java.lang.ref.*; import java.lang.ref.*;
import java.math.BigInteger; import java.math.BigInteger;
import java.security.InvalidKeyException; import java.security.*;
import java.security.NoSuchAlgorithmException; import java.security.interfaces.*;
import java.security.Key; import java.security.spec.*;
import java.security.PublicKey;
import java.security.PrivateKey;
import java.security.KeyFactorySpi;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPublicKeySpec;
/** /**
* Wrapper class for native keys needed for using ucrypto APIs. * Wrapper class for native keys needed for using ucrypto APIs.
@ -87,6 +77,41 @@ abstract class NativeKey implements Key {
return b; return b;
} }
static final class RSAPrivate extends NativeKey implements RSAPrivateKey {
private static final long serialVersionUID = 1622705588904302831L;
private final RSAPrivateKeySpec keySpec;
private final long keyId;
RSAPrivate(KeySpec keySpec) throws InvalidKeySpecException {
super(2);
long pKey = 0L;
if (keySpec instanceof RSAPrivateKeySpec) {
RSAPrivateKeySpec ks = (RSAPrivateKeySpec) keySpec;
BigInteger mod = ks.getModulus();
BigInteger privateExp = ks.getPrivateExponent();
pKey = nativeInit(NativeKey.getMagnitude(mod),
NativeKey.getMagnitude(privateExp));
} else {
throw new InvalidKeySpecException("Only supports RSAPrivateKeySpec");
}
if (pKey == 0L) {
throw new UcryptoException("Error constructing RSA PrivateKey");
}
// track native resource clean up
new KeyRef(this, pKey);
this.keySpec = (RSAPrivateKeySpec) keySpec;
this.keyId = pKey;
}
long value() { return keyId; }
public BigInteger getModulus() { return keySpec.getModulus(); };
public BigInteger getPrivateExponent() { return keySpec.getPrivateExponent(); };
private native static long nativeInit(byte[] mod, byte[] privExp);
}
static final class RSAPrivateCrt extends NativeKey implements RSAPrivateCrtKey { static final class RSAPrivateCrt extends NativeKey implements RSAPrivateCrtKey {
private static final long serialVersionUID = 6812507588904302831L; private static final long serialVersionUID = 6812507588904302831L;
@ -119,7 +144,7 @@ abstract class NativeKey implements Key {
throw new InvalidKeySpecException("Only supports RSAPrivateCrtKeySpec"); throw new InvalidKeySpecException("Only supports RSAPrivateCrtKeySpec");
} }
if (pKey == 0L) { if (pKey == 0L) {
throw new UcryptoException("Error constructing RSA PrivateKey"); throw new UcryptoException("Error constructing RSA PrivateCrtKey");
} }
// track native resource clean up // track native resource clean up
new KeyRef(this, pKey); new KeyRef(this, pKey);

19
jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSACipher.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -37,9 +37,11 @@ import java.security.Key;
import java.security.PublicKey; import java.security.PublicKey;
import java.security.PrivateKey; import java.security.PrivateKey;
import java.security.spec.RSAPrivateCrtKeySpec; import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec; import java.security.spec.RSAPublicKeySpec;
import java.security.interfaces.RSAKey; import java.security.interfaces.RSAKey;
import java.security.interfaces.RSAPrivateCrtKey; import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey; import java.security.interfaces.RSAPublicKey;
import java.security.KeyFactory; import java.security.KeyFactory;
@ -205,8 +207,8 @@ public class NativeRSACipher extends CipherSpi {
// Make sure the proper opmode uses the proper key // Make sure the proper opmode uses the proper key
if (doEncrypt && (!(newKey instanceof RSAPublicKey))) { if (doEncrypt && (!(newKey instanceof RSAPublicKey))) {
throw new InvalidKeyException("RSAPublicKey required for encryption"); throw new InvalidKeyException("RSAPublicKey required for encryption");
} else if (!doEncrypt && (!(newKey instanceof RSAPrivateCrtKey))) { } else if (!doEncrypt && (!(newKey instanceof RSAPrivateKey))) {
throw new InvalidKeyException("RSAPrivateCrtKey required for decryption"); throw new InvalidKeyException("RSAPrivateKey required for decryption");
} }
NativeKey nativeKey = null; NativeKey nativeKey = null;
@ -223,8 +225,9 @@ public class NativeRSACipher extends CipherSpi {
throw new InvalidKeyException(ikse); throw new InvalidKeyException(ikse);
} }
} else { } else {
RSAPrivateCrtKey privateKey = (RSAPrivateCrtKey) newKey;
try { try {
if (newKey instanceof RSAPrivateCrtKey) {
RSAPrivateCrtKey privateKey = (RSAPrivateCrtKey) newKey;
nativeKey = (NativeKey) keyFactory.engineGeneratePrivate nativeKey = (NativeKey) keyFactory.engineGeneratePrivate
(new RSAPrivateCrtKeySpec(privateKey.getModulus(), (new RSAPrivateCrtKeySpec(privateKey.getModulus(),
privateKey.getPublicExponent(), privateKey.getPublicExponent(),
@ -234,6 +237,14 @@ public class NativeRSACipher extends CipherSpi {
privateKey.getPrimeExponentP(), privateKey.getPrimeExponentP(),
privateKey.getPrimeExponentQ(), privateKey.getPrimeExponentQ(),
privateKey.getCrtCoefficient())); privateKey.getCrtCoefficient()));
} else if (newKey instanceof RSAPrivateKey) {
RSAPrivateKey privateKey = (RSAPrivateKey) newKey;
nativeKey = (NativeKey) keyFactory.engineGeneratePrivate
(new RSAPrivateKeySpec(privateKey.getModulus(),
privateKey.getPrivateExponent()));
} else {
throw new InvalidKeyException("Unsupported type of RSAPrivateKey");
}
} catch (InvalidKeySpecException ikse) { } catch (InvalidKeySpecException ikse) {
throw new InvalidKeyException(ikse); throw new InvalidKeyException(ikse);
} }

17
jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSAKeyFactory.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -38,16 +38,11 @@ import java.security.PublicKey;
import java.security.PrivateKey; import java.security.PrivateKey;
import java.security.KeyFactorySpi; import java.security.KeyFactorySpi;
import java.security.spec.InvalidKeySpecException; import java.security.spec.*;
import java.security.spec.KeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPublicKeySpec;
/** /**
* Ucrypto-private KeyFactory class for generating native keys * Ucrypto-private KeyFactory class for generating native keys
* needed for using ucrypto APIs. Given that it's not used * needed for using ucrypto APIs.
* externally, it only needs to support RSAPrivateCrtKeySpec
* and RSAPublicKeySpec objects.
* *
* @since 1.9 * @since 1.9
*/ */
@ -56,7 +51,13 @@ public final class NativeRSAKeyFactory extends KeyFactorySpi {
@Override @Override
protected PrivateKey engineGeneratePrivate(KeySpec keySpec) protected PrivateKey engineGeneratePrivate(KeySpec keySpec)
throws InvalidKeySpecException { throws InvalidKeySpecException {
if (keySpec instanceof RSAPrivateCrtKeySpec) {
return new NativeKey.RSAPrivateCrt(keySpec); return new NativeKey.RSAPrivateCrt(keySpec);
} else if (keySpec instanceof RSAPrivateKeySpec) {
return new NativeKey.RSAPrivate(keySpec);
} else {
throw new InvalidKeySpecException("Unsupported key spec");
}
} }
@Override @Override

35
jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSASignature.java
View File

@ -43,9 +43,8 @@ import java.security.PublicKey;
import java.security.*; import java.security.*;
import java.security.interfaces.*; import java.security.interfaces.*;
import java.security.spec.RSAPrivateCrtKeySpec; import java.security.spec.*;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import sun.nio.ch.DirectBuffer; import sun.nio.ch.DirectBuffer;
import java.nio.ByteBuffer; import java.nio.ByteBuffer;
@ -192,26 +191,32 @@ class NativeRSASignature extends SignatureSpi {
int newSigLength = sigLength; int newSigLength = sigLength;
// Need to check RSA key length whenever a new private key is set // Need to check RSA key length whenever a new private key is set
if (privateKey != key) { if (privateKey != key) {
if (privateKey instanceof RSAPrivateCrtKey) { if (!(privateKey instanceof RSAPrivateKey)) {
RSAPrivateCrtKey rsaPrivKey = (RSAPrivateCrtKey) privateKey; throw new InvalidKeyException("RSAPrivateKey required");
}
RSAPrivateKey rsaPrivKey = (RSAPrivateKey) privateKey;
BigInteger mod = rsaPrivKey.getModulus(); BigInteger mod = rsaPrivKey.getModulus();
newSigLength = checkRSAKeyLength(mod); newSigLength = checkRSAKeyLength(mod);
BigInteger pe = rsaPrivKey.getPrivateExponent();
try { try {
if (rsaPrivKey instanceof RSAPrivateCrtKey) {
RSAPrivateCrtKey rsaPrivCrtKey = (RSAPrivateCrtKey) rsaPrivKey;
newKey = (NativeKey) keyFactory.engineGeneratePrivate newKey = (NativeKey) keyFactory.engineGeneratePrivate
(new RSAPrivateCrtKeySpec(mod, (new RSAPrivateCrtKeySpec(mod,
rsaPrivKey.getPublicExponent(), rsaPrivCrtKey.getPublicExponent(),
rsaPrivKey.getPrivateExponent(), pe,
rsaPrivKey.getPrimeP(), rsaPrivCrtKey.getPrimeP(),
rsaPrivKey.getPrimeQ(), rsaPrivCrtKey.getPrimeQ(),
rsaPrivKey.getPrimeExponentP(), rsaPrivCrtKey.getPrimeExponentP(),
rsaPrivKey.getPrimeExponentQ(), rsaPrivCrtKey.getPrimeExponentQ(),
rsaPrivKey.getCrtCoefficient())); rsaPrivCrtKey.getCrtCoefficient()));
} else {
newKey = (NativeKey) keyFactory.engineGeneratePrivate
(new RSAPrivateKeySpec(mod, pe));
}
} catch (InvalidKeySpecException ikse) { } catch (InvalidKeySpecException ikse) {
throw new InvalidKeyException(ikse); throw new InvalidKeyException(ikse);
} }
} else {
throw new InvalidKeyException("RSAPrivateCrtKey required");
}
} }
init(true, newKey, newSigLength); init(true, newKey, newSigLength);
} }

82
jdk/src/jdk.crypto.ucrypto/solaris/native/libj2ucrypto/nativeCrypto.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -696,6 +696,86 @@ JNIEXPORT void JNICALL Java_com_oracle_security_ucrypto_NativeKey_nativeFree
JavaCritical_com_oracle_security_ucrypto_NativeKey_nativeFree(id, numOfComponents); JavaCritical_com_oracle_security_ucrypto_NativeKey_nativeFree(id, numOfComponents);
} }
/*
* Class: com_oracle_security_ucrypto_NativeKey_RSAPrivate
* Method: nativeInit
* Signature: ([B[B)J
*/
jlong JavaCritical_com_oracle_security_ucrypto_NativeKey_00024RSAPrivate_nativeInit
(int modLen, jbyte* jMod, int privLen, jbyte* jPriv) {
unsigned char *mod, *priv;
crypto_object_attribute_t* pKey = NULL;
pKey = calloc(2, sizeof(crypto_object_attribute_t));
if (pKey == NULL) {
return 0L;
}
mod = priv = NULL;
mod = malloc(modLen);
priv = malloc(privLen);
if (mod == NULL || priv == NULL) {
free(pKey);
free(mod);
free(priv);
return 0L;
} else {
memcpy(mod, jMod, modLen);
memcpy(priv, jPriv, privLen);
}
// NOTE: numOfComponents should be 2
pKey[0].oa_type = SUN_CKA_MODULUS;
pKey[0].oa_value = (char*) mod;
pKey[0].oa_value_len = (size_t) modLen;
pKey[1].oa_type = SUN_CKA_PRIVATE_EXPONENT;
pKey[1].oa_value = (char*) priv;
pKey[1].oa_value_len = (size_t) privLen;
return (jlong) pKey;
}
JNIEXPORT jlong JNICALL
Java_com_oracle_security_ucrypto_NativeKey_00024RSAPrivate_nativeInit
(JNIEnv *env, jclass jCls, jbyteArray jMod, jbyteArray jPriv) {
int modLen, privLen;
jbyte *bufMod, *bufPriv;
crypto_object_attribute_t* pKey = NULL;
bufMod = bufPriv = NULL;
modLen = (*env)->GetArrayLength(env, jMod);
bufMod = getBytes(env, jMod, 0, modLen);
if ((*env)->ExceptionCheck(env)) goto cleanup;
privLen = (*env)->GetArrayLength(env, jPriv);
bufPriv = getBytes(env, jPriv, 0, privLen);
if ((*env)->ExceptionCheck(env)) goto cleanup;
// proceed if no error; otherwise free allocated memory
pKey = calloc(2, sizeof(crypto_object_attribute_t));
if (pKey == NULL) {
throwOutOfMemoryError(env, NULL);
goto cleanup;
}
// NOTE: numOfComponents should be 2
pKey[0].oa_type = SUN_CKA_MODULUS;
pKey[0].oa_value = (char*) bufMod;
pKey[0].oa_value_len = (size_t) modLen;
pKey[1].oa_type = SUN_CKA_PRIVATE_EXPONENT;
pKey[1].oa_value = (char*) bufPriv;
pKey[1].oa_value_len = (size_t) privLen;
return (jlong) pKey;
cleanup:
free(bufMod);
free(bufPriv);
return 0L;
}
/* /*
* Class: com_oracle_security_ucrypto_NativeKey_RSAPrivateCrt * Class: com_oracle_security_ucrypto_NativeKey_RSAPrivateCrt
* Method: nativeInit * Method: nativeInit

34
jdk/test/com/oracle/security/ucrypto/CipherSignNotSupported.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
/** /**
* @test * @test
* @bug 8029849 * @bug 8029849 8132082
* @summary Make sure signing via encrypt and verifying via decrypt are not * @summary Make sure signing via encrypt and verifying via decrypt are not
* supported by OracleUcrypto provider. * supported by OracleUcrypto provider.
* @author Anthony Scarpino * @author Anthony Scarpino
@ -31,12 +31,10 @@
*/ */
import java.util.Random; import java.util.Random;
import java.security.KeyPairGenerator; import java.security.*;
import java.security.KeyPair; import java.security.interfaces.*;
import java.security.spec.RSAPrivateKeySpec;
import javax.crypto.Cipher; import javax.crypto.Cipher;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
public class CipherSignNotSupported extends UcryptoTest { public class CipherSignNotSupported extends UcryptoTest {
@ -69,11 +67,25 @@ public class CipherSignNotSupported extends UcryptoTest {
c.init(Cipher.ENCRYPT_MODE, kp.getPublic()); c.init(Cipher.ENCRYPT_MODE, kp.getPublic());
ct = c.doFinal(pt); ct = c.doFinal(pt);
// Decryption // Decryption
c.init(Cipher.DECRYPT_MODE, kp.getPrivate()); PrivateKey[] privKeys = new PrivateKey[2];
privKeys[0] = kp.getPrivate();
if (privKeys[0] instanceof RSAPrivateCrtKey) {
RSAPrivateCrtKey k = (RSAPrivateCrtKey) privKeys[0];
KeyFactory kf = KeyFactory.getInstance("RSA");
privKeys[1] = kf.generatePrivate
(new RSAPrivateKeySpec(k.getModulus(), k.getPrivateExponent()));
} else {
privKeys = new PrivateKey[] {privKeys[0]};
}
for (PrivateKey pk : privKeys) {
System.out.println("Testing " + pk);
c.init(Cipher.DECRYPT_MODE, pk);
c.doFinal(ct); c.doFinal(ct);
// Sign // Sign
try { try {
c.init(Cipher.ENCRYPT_MODE, kp.getPrivate()); c.init(Cipher.ENCRYPT_MODE, pk);
ct = c.doFinal(pt); ct = c.doFinal(pt);
throw new RuntimeException("Encrypt operation should have failed."); throw new RuntimeException("Encrypt operation should have failed.");
} catch (InvalidKeyException e) { } catch (InvalidKeyException e) {
@ -83,13 +95,15 @@ public class CipherSignNotSupported extends UcryptoTest {
throw e; throw e;
} }
} }
}
// Verify // Verify
try { try {
c.init(Cipher.DECRYPT_MODE, kp.getPublic()); c.init(Cipher.DECRYPT_MODE, kp.getPublic());
c.doFinal(ct); c.doFinal(ct);
throw new RuntimeException("Decrypt operation should have failed."); throw new RuntimeException("Decrypt operation should have failed.");
} catch (InvalidKeyException e) { } catch (InvalidKeyException e) {
if (e.getMessage().compareTo("RSAPrivateCrtKey required for " + if (e.getMessage().compareTo("RSAPrivateKey required for " +
"decryption") != 0) { "decryption") != 0) {
System.out.println("Wrong exception thrown."); System.out.println("Wrong exception thrown.");
throw e; throw e;