| |
@@ -0,0 +1,654 @@
|
| |
+ diff --git openjdk/make/autoconf/jdk-options.m4 openjdk/make/autoconf/jdk-options.m4
|
| |
+ --- openjdk/make/autoconf/jdk-options.m4
|
| |
+ +++ openjdk/make/autoconf/jdk-options.m4
|
| |
+ @@ -264,9 +264,10 @@
|
| |
+ #
|
| |
+ AC_DEFUN_ONCE([JDKOPT_DETECT_INTREE_EC],
|
| |
+ [
|
| |
+ + AC_REQUIRE([LIB_SETUP_MISC_LIBS])
|
| |
+ AC_MSG_CHECKING([if elliptic curve crypto implementation is present])
|
| |
+
|
| |
+ - if test -d "${TOPDIR}/src/jdk.crypto.ec/share/native/libsunec/impl"; then
|
| |
+ + if test "x${system_nss}" = "xyes" -o -d "${TOPDIR}/src/jdk.crypto.ec/share/native/libsunec/impl"; then
|
| |
+ ENABLE_INTREE_EC=true
|
| |
+ AC_MSG_RESULT([yes])
|
| |
+ else
|
| |
+ diff --git openjdk/make/autoconf/libraries.m4 openjdk/make/autoconf/libraries.m4
|
| |
+ --- openjdk/make/autoconf/libraries.m4
|
| |
+ +++ openjdk/make/autoconf/libraries.m4
|
| |
+ @@ -175,6 +175,48 @@
|
| |
+ AC_SUBST(LIBDL)
|
| |
+ LIBS="$save_LIBS"
|
| |
+
|
| |
+ + ###############################################################################
|
| |
+ + #
|
| |
+ + # Check for the NSS libraries
|
| |
+ + #
|
| |
+ +
|
| |
+ + AC_MSG_CHECKING([whether to build the Sun EC provider against the system NSS libraries])
|
| |
+ +
|
| |
+ + # default is bundled
|
| |
+ + DEFAULT_SYSTEM_NSS=no
|
| |
+ +
|
| |
+ + AC_ARG_ENABLE([system-nss], [AS_HELP_STRING([--enable-system-nss],
|
| |
+ + [build the SunEC provider using the system NSS libraries @<:@disabled@:>@])],
|
| |
+ + [
|
| |
+ + case "${enableval}" in
|
| |
+ + yes)
|
| |
+ + system_nss=yes
|
| |
+ + ;;
|
| |
+ + *)
|
| |
+ + system_nss=no
|
| |
+ + ;;
|
| |
+ + esac
|
| |
+ + ],
|
| |
+ + [
|
| |
+ + system_nss=${DEFAULT_SYSTEM_NSS}
|
| |
+ + ])
|
| |
+ + AC_MSG_RESULT([$system_nss])
|
| |
+ +
|
| |
+ + if test "x${system_nss}" = "xyes"; then
|
| |
+ + PKG_CHECK_MODULES(NSS_SOFTTKN, nss-softokn >= 3.16.1, [NSS_SOFTOKN_FOUND=yes], [NSS_SOFTOKN_FOUND=no])
|
| |
+ + PKG_CHECK_MODULES(NSS, nss >= 3.16.1, [NSS_FOUND=yes], [NSS_FOUND=no])
|
| |
+ + if test "x${NSS_SOFTOKN_FOUND}" = "xyes" -a "x${NSS_FOUND}" = "xyes"; then
|
| |
+ + NSS_LIBS="$NSS_SOFTOKN_LIBS $NSS_LIBS -lfreebl";
|
| |
+ + USE_EXTERNAL_NSS=true
|
| |
+ + else
|
| |
+ + AC_MSG_ERROR([--enable-system-nss specified, but NSS not found.])
|
| |
+ + fi
|
| |
+ + else
|
| |
+ + USE_EXTERNAL_NSS=false
|
| |
+ + fi
|
| |
+ + AC_SUBST(USE_EXTERNAL_NSS)
|
| |
+ +
|
| |
+ +
|
| |
+ # Deprecated libraries, keep the flags for backwards compatibility
|
| |
+ if test "x$OPENJDK_TARGET_OS" = "xwindows"; then
|
| |
+ BASIC_DEPRECATED_ARG_WITH([dxsdk])
|
| |
+ diff --git openjdk/make/autoconf/spec.gmk.in openjdk/make/autoconf/spec.gmk.in
|
| |
+ --- openjdk/make/autoconf/spec.gmk.in
|
| |
+ +++ openjdk/make/autoconf/spec.gmk.in
|
| |
+ @@ -764,6 +764,10 @@
|
| |
+ # Libraries
|
| |
+ #
|
| |
+
|
| |
+ +USE_EXTERNAL_NSS:=@USE_EXTERNAL_NSS@
|
| |
+ +NSS_LIBS:=@NSS_LIBS@
|
| |
+ +NSS_CFLAGS:=@NSS_CFLAGS@
|
| |
+ +
|
| |
+ USE_EXTERNAL_LCMS:=@USE_EXTERNAL_LCMS@
|
| |
+ LCMS_CFLAGS:=@LCMS_CFLAGS@
|
| |
+ LCMS_LIBS:=@LCMS_LIBS@
|
| |
+ diff --git openjdk/make/lib/Lib-jdk.crypto.ec.gmk openjdk/make/lib/Lib-jdk.crypto.ec.gmk
|
| |
+ --- openjdk/make/lib/Lib-jdk.crypto.ec.gmk
|
| |
+ +++ openjdk/make/lib/Lib-jdk.crypto.ec.gmk
|
| |
+ @@ -29,9 +29,15 @@
|
| |
+
|
| |
+ ifeq ($(ENABLE_INTREE_EC), true)
|
| |
+
|
| |
+ - LIBSUNEC_SRC := $(TOPDIR)/src/jdk.crypto.ec/share/native/libsunec
|
| |
+ BUILD_LIBSUNEC_FLAGS := $(addprefix -I, $(SUNEC_SRC))
|
| |
+
|
| |
+ + ifeq ($(USE_EXTERNAL_NSS), true)
|
| |
+ + LIBSUNEC_SRC := $(TOPDIR)/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp
|
| |
+ + BUILD_LIBSUNEC_FLAGS += $(NSS_CFLAGS) -DSYSTEM_NSS -DNSS_ENABLE_ECC
|
| |
+ + else
|
| |
+ + LIBSUNEC_SRC := $(TOPDIR)/src/jdk.crypto.ec/share/native/libsunec
|
| |
+ + endif
|
| |
+ +
|
| |
+ #
|
| |
+ # On sol-sparc...all libraries are compiled with -xregs=no%appl
|
| |
+ # (set in CFLAGS_REQUIRED_sparc)
|
| |
+ @@ -60,7 +66,7 @@
|
| |
+ LDFLAGS := $(LDFLAGS_JDKLIB) $(LDFLAGS_CXX_JDK), \
|
| |
+ LDFLAGS_macosx := $(call SET_SHARED_LIBRARY_ORIGIN), \
|
| |
+ LIBS := $(LIBCXX), \
|
| |
+ - LIBS_linux := -lc, \
|
| |
+ + LIBS_linux := -lc $(NSS_LIBS), \
|
| |
+ LIBS_solaris := -lc, \
|
| |
+ VERSIONINFO_RESOURCE := $(GLOBAL_VERSION_INFO_RESOURCE), \
|
| |
+ RC_FLAGS := $(RC_FLAGS) \
|
| |
+ diff --git openjdk/make/mapfiles/libsunec/mapfile-vers openjdk/make/mapfiles/libsunec/mapfile-vers
|
| |
+ --- openjdk/make/mapfiles/libsunec/mapfile-vers
|
| |
+ +++ openjdk/make/mapfiles/libsunec/mapfile-vers
|
| |
+ @@ -31,6 +31,7 @@
|
| |
+ Java_sun_security_ec_ECDSASignature_signDigest;
|
| |
+ Java_sun_security_ec_ECDSASignature_verifySignedDigest;
|
| |
+ Java_sun_security_ec_ECDHKeyAgreement_deriveKey;
|
| |
+ + Java_sun_security_ec_SunEC_initialize;
|
| |
+ local:
|
| |
+ *;
|
| |
+ };
|
| |
+ diff --git openjdk/src/java.base/unix/native/include/jni_md.h openjdk/src/java.base/unix/native/include/jni_md.h
|
| |
+ --- openjdk/src/java.base/unix/native/include/jni_md.h
|
| |
+ +++ openjdk/src/java.base/unix/native/include/jni_md.h
|
| |
+ @@ -36,6 +36,11 @@
|
| |
+ #define JNIEXPORT
|
| |
+ #define JNIIMPORT
|
| |
+ #endif
|
| |
+ +#if (defined(__GNUC__)) || __has_attribute(unused)
|
| |
+ + #define UNUSED(x) UNUSED_ ## x __attribute__((__unused__))
|
| |
+ +#else
|
| |
+ + #define UNUSED(x) UNUSED_ ## x
|
| |
+ +#endif
|
| |
+
|
| |
+ #define JNICALL
|
| |
+
|
| |
+ diff --git openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
|
| |
+ --- openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
|
| |
+ +++ openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
|
| |
+ @@ -61,6 +61,7 @@
|
| |
+ AccessController.doPrivileged(new PrivilegedAction<Void>() {
|
| |
+ public Void run() {
|
| |
+ System.loadLibrary("sunec"); // check for native library
|
| |
+ + initialize();
|
| |
+ return null;
|
| |
+ }
|
| |
+ });
|
| |
+ @@ -272,4 +273,9 @@
|
| |
+ putService(new ProviderService(this, "KeyAgreement",
|
| |
+ "ECDH", "sun.security.ec.ECDHKeyAgreement", null, ATTRS));
|
| |
+ }
|
| |
+ +
|
| |
+ + /**
|
| |
+ + * Initialize the native code.
|
| |
+ + */
|
| |
+ + private static native void initialize();
|
| |
+ }
|
| |
+ diff --git openjdk/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp openjdk/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp
|
| |
+ --- openjdk/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp
|
| |
+ +++ openjdk/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp
|
| |
+ @@ -25,7 +25,11 @@
|
| |
+
|
| |
+ #include <jni.h>
|
| |
+ #include "jni_util.h"
|
| |
+ +#ifdef SYSTEM_NSS
|
| |
+ +#include "ecc_impl.h"
|
| |
+ +#else
|
| |
+ #include "impl/ecc_impl.h"
|
| |
+ +#endif
|
| |
+
|
| |
+ #define ILLEGAL_STATE_EXCEPTION "java/lang/IllegalStateException"
|
| |
+ #define INVALID_ALGORITHM_PARAMETER_EXCEPTION \
|
| |
+ @@ -33,6 +37,13 @@
|
| |
+ #define INVALID_PARAMETER_EXCEPTION \
|
| |
+ "java/security/InvalidParameterException"
|
| |
+ #define KEY_EXCEPTION "java/security/KeyException"
|
| |
+ +#define INTERNAL_ERROR "java/lang/InternalError"
|
| |
+ +
|
| |
+ +#ifdef SYSTEM_NSS
|
| |
+ +#define SYSTEM_UNUSED(x) UNUSED(x)
|
| |
+ +#else
|
| |
+ +#define SYSTEM_UNUSED(x) x
|
| |
+ +#endif
|
| |
+
|
| |
+ extern "C" {
|
| |
+
|
| |
+ @@ -55,8 +66,13 @@
|
| |
+ /*
|
| |
+ * Deep free of the ECParams struct
|
| |
+ */
|
| |
+ -void FreeECParams(ECParams *ecparams, jboolean freeStruct)
|
| |
+ +void FreeECParams(ECParams *ecparams, jboolean SYSTEM_UNUSED(freeStruct))
|
| |
+ {
|
| |
+ +#ifdef SYSTEM_NSS
|
| |
+ + // Needs to be freed using the matching method to the one
|
| |
+ + // that allocated it. PR_TRUE means the memory is zeroed.
|
| |
+ + PORT_FreeArena(ecparams->arena, PR_TRUE);
|
| |
+ +#else
|
| |
+ // Use B_FALSE to free the SECItem->data element, but not the SECItem itself
|
| |
+ // Use B_TRUE to free both
|
| |
+
|
| |
+ @@ -70,6 +86,7 @@
|
| |
+ SECITEM_FreeItem(&ecparams->curveOID, B_FALSE);
|
| |
+ if (freeStruct)
|
| |
+ free(ecparams);
|
| |
+ +#endif
|
| |
+ }
|
| |
+
|
| |
+ jbyteArray getEncodedBytes(JNIEnv *env, SECItem *hSECItem)
|
| |
+ @@ -95,7 +112,7 @@
|
| |
+ */
|
| |
+ JNIEXPORT jobjectArray
|
| |
+ JNICALL Java_sun_security_ec_ECKeyPairGenerator_generateECKeyPair
|
| |
+ - (JNIEnv *env, jclass clazz, jint keySize, jbyteArray encodedParams, jbyteArray seed)
|
| |
+ + (JNIEnv *env, jclass UNUSED(clazz), jint UNUSED(keySize), jbyteArray encodedParams, jbyteArray seed)
|
| |
+ {
|
| |
+ ECPrivateKey *privKey = NULL; // contains both public and private values
|
| |
+ ECParams *ecparams = NULL;
|
| |
+ @@ -127,8 +144,17 @@
|
| |
+ env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer);
|
| |
+
|
| |
+ // Generate the new keypair (using the supplied seed)
|
| |
+ +#ifdef SYSTEM_NSS
|
| |
+ + if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength)
|
| |
+ + != SECSuccess) {
|
| |
+ + ThrowException(env, KEY_EXCEPTION);
|
| |
+ + goto cleanup;
|
| |
+ + }
|
| |
+ + if (EC_NewKey(ecparams, &privKey) != SECSuccess) {
|
| |
+ +#else
|
| |
+ if (EC_NewKey(ecparams, &privKey, (unsigned char *) pSeedBuffer,
|
| |
+ jSeedLength, 0) != SECSuccess) {
|
| |
+ +#endif
|
| |
+ ThrowException(env, KEY_EXCEPTION);
|
| |
+ goto cleanup;
|
| |
+ }
|
| |
+ @@ -175,10 +201,15 @@
|
| |
+ }
|
| |
+ if (privKey) {
|
| |
+ FreeECParams(&privKey->ecParams, false);
|
| |
+ +#ifndef SYSTEM_NSS
|
| |
+ + // The entire ECPrivateKey is allocated in the arena
|
| |
+ + // when using system NSS, so only the in-tree version
|
| |
+ + // needs to clear these manually.
|
| |
+ SECITEM_FreeItem(&privKey->version, B_FALSE);
|
| |
+ SECITEM_FreeItem(&privKey->privateValue, B_FALSE);
|
| |
+ SECITEM_FreeItem(&privKey->publicValue, B_FALSE);
|
| |
+ free(privKey);
|
| |
+ +#endif
|
| |
+ }
|
| |
+
|
| |
+ if (pSeedBuffer) {
|
| |
+ @@ -196,7 +227,7 @@
|
| |
+ */
|
| |
+ JNIEXPORT jbyteArray
|
| |
+ JNICALL Java_sun_security_ec_ECDSASignature_signDigest
|
| |
+ - (JNIEnv *env, jclass clazz, jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing)
|
| |
+ + (JNIEnv *env, jclass UNUSED(clazz), jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing)
|
| |
+ {
|
| |
+ jbyte* pDigestBuffer = NULL;
|
| |
+ jint jDigestLength = env->GetArrayLength(digest);
|
| |
+ @@ -255,8 +286,18 @@
|
| |
+ env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer);
|
| |
+
|
| |
+ // Sign the digest (using the supplied seed)
|
| |
+ +#ifdef SYSTEM_NSS
|
| |
+ + if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength)
|
| |
+ + != SECSuccess) {
|
| |
+ + ThrowException(env, KEY_EXCEPTION);
|
| |
+ + goto cleanup;
|
| |
+ + }
|
| |
+ + if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item)
|
| |
+ + != SECSuccess) {
|
| |
+ +#else
|
| |
+ if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item,
|
| |
+ (unsigned char *) pSeedBuffer, jSeedLength, 0, timing) != SECSuccess) {
|
| |
+ +#endif
|
| |
+ ThrowException(env, KEY_EXCEPTION);
|
| |
+ goto cleanup;
|
| |
+ }
|
| |
+ @@ -305,7 +346,7 @@
|
| |
+ */
|
| |
+ JNIEXPORT jboolean
|
| |
+ JNICALL Java_sun_security_ec_ECDSASignature_verifySignedDigest
|
| |
+ - (JNIEnv *env, jclass clazz, jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams)
|
| |
+ + (JNIEnv *env, jclass UNUSED(clazz), jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams)
|
| |
+ {
|
| |
+ jboolean isValid = false;
|
| |
+
|
| |
+ @@ -362,9 +403,10 @@
|
| |
+
|
| |
+ cleanup:
|
| |
+ {
|
| |
+ - if (params_item.data)
|
| |
+ + if (params_item.data) {
|
| |
+ env->ReleaseByteArrayElements(encodedParams,
|
| |
+ (jbyte *) params_item.data, JNI_ABORT);
|
| |
+ + }
|
| |
+
|
| |
+ if (pubKey.publicValue.data)
|
| |
+ env->ReleaseByteArrayElements(publicKey,
|
| |
+ @@ -390,7 +432,7 @@
|
| |
+ */
|
| |
+ JNIEXPORT jbyteArray
|
| |
+ JNICALL Java_sun_security_ec_ECDHKeyAgreement_deriveKey
|
| |
+ - (JNIEnv *env, jclass clazz, jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams)
|
| |
+ + (JNIEnv *env, jclass UNUSED(clazz), jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams)
|
| |
+ {
|
| |
+ jbyteArray jSecret = NULL;
|
| |
+ ECParams *ecparams = NULL;
|
| |
+ @@ -466,9 +508,10 @@
|
| |
+ env->ReleaseByteArrayElements(publicKey,
|
| |
+ (jbyte *) publicValue_item.data, JNI_ABORT);
|
| |
+
|
| |
+ - if (params_item.data)
|
| |
+ + if (params_item.data) {
|
| |
+ env->ReleaseByteArrayElements(encodedParams,
|
| |
+ (jbyte *) params_item.data, JNI_ABORT);
|
| |
+ + }
|
| |
+
|
| |
+ if (ecparams)
|
| |
+ FreeECParams(ecparams, true);
|
| |
+ @@ -477,4 +520,28 @@
|
| |
+ return jSecret;
|
| |
+ }
|
| |
+
|
| |
+ +JNIEXPORT void
|
| |
+ +JNICALL Java_sun_security_ec_SunEC_initialize
|
| |
+ + (JNIEnv *env, jclass UNUSED(clazz))
|
| |
+ +{
|
| |
+ +#ifdef SYSTEM_NSS
|
| |
+ + if (SECOID_Init() != SECSuccess) {
|
| |
+ + ThrowException(env, INTERNAL_ERROR);
|
| |
+ + }
|
| |
+ + if (RNG_RNGInit() != SECSuccess) {
|
| |
+ + ThrowException(env, INTERNAL_ERROR);
|
| |
+ + }
|
| |
+ +#endif
|
| |
+ +}
|
| |
+ +
|
| |
+ +JNIEXPORT void
|
| |
+ +JNICALL JNI_OnUnload
|
| |
+ + (JavaVM *vm, void *reserved)
|
| |
+ +{
|
| |
+ +#ifdef SYSTEM_NSS
|
| |
+ + RNG_RNGShutdown();
|
| |
+ + SECOID_Shutdown();
|
| |
+ +#endif
|
| |
+ +}
|
| |
+ +
|
| |
+ } /* extern "C" */
|
| |
+ diff --git openjdk/src/jdk.crypto.ec/share/native/libsunec/ecc_impl.h openjdk/src/jdk.crypto.ec/share/native/libsunec/ecc_impl.h
|
| |
+ new file mode 100644
|
| |
+ --- /dev/null
|
| |
+ +++ openjdk/src/jdk.crypto.ec/share/native/libsunec/ecc_impl.h
|
| |
+ @@ -0,0 +1,298 @@
|
| |
+ +/*
|
| |
+ + * Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
|
| |
+ + * Use is subject to license terms.
|
| |
+ + *
|
| |
+ + * This library is free software; you can redistribute it and/or
|
| |
+ + * modify it under the terms of the GNU Lesser General Public
|
| |
+ + * License as published by the Free Software Foundation; either
|
| |
+ + * version 2.1 of the License, or (at your option) any later version.
|
| |
+ + *
|
| |
+ + * This library is distributed in the hope that it will be useful,
|
| |
+ + * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
| |
+ + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
| |
+ + * Lesser General Public License for more details.
|
| |
+ + *
|
| |
+ + * You should have received a copy of the GNU Lesser General Public License
|
| |
+ + * along with this library; if not, write to the Free Software Foundation,
|
| |
+ + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
| |
+ + *
|
| |
+ + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
| |
+ + * or visit www.oracle.com if you need additional information or have any
|
| |
+ + * questions.
|
| |
+ + */
|
| |
+ +
|
| |
+ +/* *********************************************************************
|
| |
+ + *
|
| |
+ + * The Original Code is the Netscape security libraries.
|
| |
+ + *
|
| |
+ + * The Initial Developer of the Original Code is
|
| |
+ + * Netscape Communications Corporation.
|
| |
+ + * Portions created by the Initial Developer are Copyright (C) 1994-2000
|
| |
+ + * the Initial Developer. All Rights Reserved.
|
| |
+ + *
|
| |
+ + * Contributor(s):
|
| |
+ + * Dr Vipul Gupta <vipul.gupta@sun.com> and
|
| |
+ + * Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
|
| |
+ + *
|
| |
+ + * Last Modified Date from the Original Code: May 2017
|
| |
+ + *********************************************************************** */
|
| |
+ +
|
| |
+ +#ifndef _ECC_IMPL_H
|
| |
+ +#define _ECC_IMPL_H
|
| |
+ +
|
| |
+ +#ifdef __cplusplus
|
| |
+ +extern "C" {
|
| |
+ +#endif
|
| |
+ +
|
| |
+ +#include <sys/types.h>
|
| |
+ +
|
| |
+ +#ifdef SYSTEM_NSS
|
| |
+ +#include <secitem.h>
|
| |
+ +#include <secerr.h>
|
| |
+ +#include <keythi.h>
|
| |
+ +#ifdef LEGACY_NSS
|
| |
+ +#include <softoken.h>
|
| |
+ +#else
|
| |
+ +#include <blapi.h>
|
| |
+ +#endif
|
| |
+ +#else
|
| |
+ +#include "ecl-exp.h"
|
| |
+ +#endif
|
| |
+ +
|
| |
+ +/*
|
| |
+ + * Multi-platform definitions
|
| |
+ + */
|
| |
+ +#ifdef __linux__
|
| |
+ +#define B_FALSE FALSE
|
| |
+ +#define B_TRUE TRUE
|
| |
+ +typedef unsigned char uint8_t;
|
| |
+ +typedef unsigned long ulong_t;
|
| |
+ +typedef enum { B_FALSE, B_TRUE } boolean_t;
|
| |
+ +#endif /* __linux__ */
|
| |
+ +
|
| |
+ +#ifdef _ALLBSD_SOURCE
|
| |
+ +#include <stdint.h>
|
| |
+ +#define B_FALSE FALSE
|
| |
+ +#define B_TRUE TRUE
|
| |
+ +typedef unsigned long ulong_t;
|
| |
+ +typedef enum boolean { B_FALSE, B_TRUE } boolean_t;
|
| |
+ +#endif /* _ALLBSD_SOURCE */
|
| |
+ +
|
| |
+ +#ifdef AIX
|
| |
+ +#define B_FALSE FALSE
|
| |
+ +#define B_TRUE TRUE
|
| |
+ +typedef unsigned char uint8_t;
|
| |
+ +typedef unsigned long ulong_t;
|
| |
+ +#endif /* AIX */
|
| |
+ +
|
| |
+ +#ifdef _WIN32
|
| |
+ +typedef unsigned char uint8_t;
|
| |
+ +typedef unsigned long ulong_t;
|
| |
+ +typedef enum boolean { B_FALSE, B_TRUE } boolean_t;
|
| |
+ +#define strdup _strdup /* Replace POSIX name with ISO C++ name */
|
| |
+ +#endif /* _WIN32 */
|
| |
+ +
|
| |
+ +#ifndef _KERNEL
|
| |
+ +#include <stdlib.h>
|
| |
+ +#endif /* _KERNEL */
|
| |
+ +
|
| |
+ +#define EC_MAX_DIGEST_LEN 1024 /* max digest that can be signed */
|
| |
+ +#define EC_MAX_POINT_LEN 145 /* max len of DER encoded Q */
|
| |
+ +#define EC_MAX_VALUE_LEN 72 /* max len of ANSI X9.62 private value d */
|
| |
+ +#define EC_MAX_SIG_LEN 144 /* max signature len for supported curves */
|
| |
+ +#define EC_MIN_KEY_LEN 112 /* min key length in bits */
|
| |
+ +#define EC_MAX_KEY_LEN 571 /* max key length in bits */
|
| |
+ +#define EC_MAX_OID_LEN 10 /* max length of OID buffer */
|
| |
+ +
|
| |
+ +/*
|
| |
+ + * Various structures and definitions from NSS are here.
|
| |
+ + */
|
| |
+ +
|
| |
+ +#ifndef SYSTEM_NSS
|
| |
+ +#ifdef _KERNEL
|
| |
+ +#define PORT_ArenaAlloc(a, n, f) kmem_alloc((n), (f))
|
| |
+ +#define PORT_ArenaZAlloc(a, n, f) kmem_zalloc((n), (f))
|
| |
+ +#define PORT_ArenaGrow(a, b, c, d) NULL
|
| |
+ +#define PORT_ZAlloc(n, f) kmem_zalloc((n), (f))
|
| |
+ +#define PORT_Alloc(n, f) kmem_alloc((n), (f))
|
| |
+ +#else
|
| |
+ +#define PORT_ArenaAlloc(a, n, f) malloc((n))
|
| |
+ +#define PORT_ArenaZAlloc(a, n, f) calloc(1, (n))
|
| |
+ +#define PORT_ArenaGrow(a, b, c, d) NULL
|
| |
+ +#define PORT_ZAlloc(n, f) calloc(1, (n))
|
| |
+ +#define PORT_Alloc(n, f) malloc((n))
|
| |
+ +#endif
|
| |
+ +
|
| |
+ +#define PORT_NewArena(b) (char *)12345
|
| |
+ +#define PORT_ArenaMark(a) NULL
|
| |
+ +#define PORT_ArenaUnmark(a, b)
|
| |
+ +#define PORT_ArenaRelease(a, m)
|
| |
+ +#define PORT_FreeArena(a, b)
|
| |
+ +#define PORT_Strlen(s) strlen((s))
|
| |
+ +#define PORT_SetError(e)
|
| |
+ +
|
| |
+ +#define PRBool boolean_t
|
| |
+ +#define PR_TRUE B_TRUE
|
| |
+ +#define PR_FALSE B_FALSE
|
| |
+ +
|
| |
+ +#ifdef _KERNEL
|
| |
+ +#define PORT_Assert ASSERT
|
| |
+ +#define PORT_Memcpy(t, f, l) bcopy((f), (t), (l))
|
| |
+ +#else
|
| |
+ +#define PORT_Assert assert
|
| |
+ +#define PORT_Memcpy(t, f, l) memcpy((t), (f), (l))
|
| |
+ +#endif
|
| |
+ +
|
| |
+ +#endif
|
| |
+ +
|
| |
+ +#define CHECK_OK(func) if (func == NULL) goto cleanup
|
| |
+ +#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup
|
| |
+ +
|
| |
+ +#ifndef SYSTEM_NSS
|
| |
+ +typedef enum {
|
| |
+ + siBuffer = 0,
|
| |
+ + siClearDataBuffer = 1,
|
| |
+ + siCipherDataBuffer = 2,
|
| |
+ + siDERCertBuffer = 3,
|
| |
+ + siEncodedCertBuffer = 4,
|
| |
+ + siDERNameBuffer = 5,
|
| |
+ + siEncodedNameBuffer = 6,
|
| |
+ + siAsciiNameString = 7,
|
| |
+ + siAsciiString = 8,
|
| |
+ + siDEROID = 9,
|
| |
+ + siUnsignedInteger = 10,
|
| |
+ + siUTCTime = 11,
|
| |
+ + siGeneralizedTime = 12
|
| |
+ +} SECItemType;
|
| |
+ +
|
| |
+ +typedef struct SECItemStr SECItem;
|
| |
+ +
|
| |
+ +struct SECItemStr {
|
| |
+ + SECItemType type;
|
| |
+ + unsigned char *data;
|
| |
+ + unsigned int len;
|
| |
+ +};
|
| |
+ +
|
| |
+ +typedef SECItem SECKEYECParams;
|
| |
+ +
|
| |
+ +typedef enum { ec_params_explicit,
|
| |
+ + ec_params_named
|
| |
+ +} ECParamsType;
|
| |
+ +
|
| |
+ +typedef enum { ec_field_GFp = 1,
|
| |
+ + ec_field_GF2m
|
| |
+ +} ECFieldType;
|
| |
+ +
|
| |
+ +struct ECFieldIDStr {
|
| |
+ + int size; /* field size in bits */
|
| |
+ + ECFieldType type;
|
| |
+ + union {
|
| |
+ + SECItem prime; /* prime p for (GFp) */
|
| |
+ + SECItem poly; /* irreducible binary polynomial for (GF2m) */
|
| |
+ + } u;
|
| |
+ + int k1; /* first coefficient of pentanomial or
|
| |
+ + * the only coefficient of trinomial
|
| |
+ + */
|
| |
+ + int k2; /* two remaining coefficients of pentanomial */
|
| |
+ + int k3;
|
| |
+ +};
|
| |
+ +typedef struct ECFieldIDStr ECFieldID;
|
| |
+ +
|
| |
+ +struct ECCurveStr {
|
| |
+ + SECItem a; /* contains octet stream encoding of
|
| |
+ + * field element (X9.62 section 4.3.3)
|
| |
+ + */
|
| |
+ + SECItem b;
|
| |
+ + SECItem seed;
|
| |
+ +};
|
| |
+ +typedef struct ECCurveStr ECCurve;
|
| |
+ +
|
| |
+ +typedef void PRArenaPool;
|
| |
+ +
|
| |
+ +struct ECParamsStr {
|
| |
+ + PRArenaPool * arena;
|
| |
+ + ECParamsType type;
|
| |
+ + ECFieldID fieldID;
|
| |
+ + ECCurve curve;
|
| |
+ + SECItem base;
|
| |
+ + SECItem order;
|
| |
+ + int cofactor;
|
| |
+ + SECItem DEREncoding;
|
| |
+ + ECCurveName name;
|
| |
+ + SECItem curveOID;
|
| |
+ +};
|
| |
+ +typedef struct ECParamsStr ECParams;
|
| |
+ +
|
| |
+ +struct ECPublicKeyStr {
|
| |
+ + ECParams ecParams;
|
| |
+ + SECItem publicValue; /* elliptic curve point encoded as
|
| |
+ + * octet stream.
|
| |
+ + */
|
| |
+ +};
|
| |
+ +typedef struct ECPublicKeyStr ECPublicKey;
|
| |
+ +
|
| |
+ +struct ECPrivateKeyStr {
|
| |
+ + ECParams ecParams;
|
| |
+ + SECItem publicValue; /* encoded ec point */
|
| |
+ + SECItem privateValue; /* private big integer */
|
| |
+ + SECItem version; /* As per SEC 1, Appendix C, Section C.4 */
|
| |
+ +};
|
| |
+ +typedef struct ECPrivateKeyStr ECPrivateKey;
|
| |
+ +
|
| |
+ +typedef enum _SECStatus {
|
| |
+ + SECBufferTooSmall = -3,
|
| |
+ + SECWouldBlock = -2,
|
| |
+ + SECFailure = -1,
|
| |
+ + SECSuccess = 0
|
| |
+ +} SECStatus;
|
| |
+ +#endif
|
| |
+ +
|
| |
+ +#ifdef _KERNEL
|
| |
+ +#define RNG_GenerateGlobalRandomBytes(p,l) ecc_knzero_random_generator((p), (l))
|
| |
+ +#else
|
| |
+ +/*
|
| |
+ + This function is no longer required because the random bytes are now
|
| |
+ + supplied by the caller. Force a failure.
|
| |
+ +*/
|
| |
+ +#ifndef SYSTEM_NSS
|
| |
+ +#define RNG_GenerateGlobalRandomBytes(p,l) SECFailure
|
| |
+ +#endif
|
| |
+ +#endif
|
| |
+ +#define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup
|
| |
+ +#define MP_TO_SEC_ERROR(err)
|
| |
+ +
|
| |
+ +#define SECITEM_TO_MPINT(it, mp) \
|
| |
+ + CHECK_MPI_OK(mp_read_unsigned_octets((mp), (it).data, (it).len))
|
| |
+ +
|
| |
+ +extern int ecc_knzero_random_generator(uint8_t *, size_t);
|
| |
+ +extern ulong_t soft_nzero_random_generator(uint8_t *, ulong_t);
|
| |
+ +
|
| |
+ +#ifdef SYSTEM_NSS
|
| |
+ +#define EC_DecodeParams(a,b,c) EC_DecodeParams(a,b)
|
| |
+ +#define ECDSA_VerifyDigest(a,b,c,d) ECDSA_VerifyDigest(a,b,c)
|
| |
+ +#define ECDH_Derive(a,b,c,d,e,f) ECDH_Derive(a,b,c,d,e)
|
| |
+ +#else
|
| |
+ +extern SECStatus EC_DecodeParams(const SECItem *, ECParams **, int);
|
| |
+ +
|
| |
+ +extern SECItem * SECITEM_AllocItem(PRArenaPool *, SECItem *, unsigned int, int);
|
| |
+ +extern SECStatus SECITEM_CopyItem(PRArenaPool *, SECItem *, const SECItem *,
|
| |
+ + int);
|
| |
+ +extern void SECITEM_FreeItem(SECItem *, boolean_t);
|
| |
+ +
|
| |
+ +/* This function has been modified to accept an array of random bytes */
|
| |
+ +extern SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
|
| |
+ + const unsigned char* random, int randomlen, int);
|
| |
+ +/* This function has been modified to accept an array of random bytes */
|
| |
+ +extern SECStatus ECDSA_SignDigest(ECPrivateKey *, SECItem *, const SECItem *,
|
| |
+ + const unsigned char* random, int randomlen, int, int timing);
|
| |
+ +extern SECStatus ECDSA_VerifyDigest(ECPublicKey *, const SECItem *,
|
| |
+ + const SECItem *, int);
|
| |
+ +extern SECStatus ECDH_Derive(SECItem *, ECParams *, SECItem *, boolean_t,
|
| |
+ + SECItem *, int);
|
| |
+ +#endif
|
| |
+ +
|
| |
+ +#ifdef __cplusplus
|
| |
+ +}
|
| |
+ +#endif
|
| |
+ +
|
| |
+ +#endif /* _ECC_IMPL_H */
|
| |
Resolves RHBZ#1565658.