| /* |
| * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. Oracle designates this |
| * particular file as subject to the "Classpath" exception as provided |
| * by Oracle in the LICENSE file that accompanied this code. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| package com.oracle.security.ucrypto; |
| |
| import java.util.Arrays; |
| import java.util.WeakHashMap; |
| import java.util.Collections; |
| import java.util.Map; |
| |
| import java.security.AlgorithmParameters; |
| import java.security.InvalidAlgorithmParameterException; |
| import java.security.InvalidKeyException; |
| import java.security.Key; |
| import java.security.PublicKey; |
| import java.security.PrivateKey; |
| import java.security.spec.RSAPrivateCrtKeySpec; |
| import java.security.spec.RSAPrivateKeySpec; |
| import java.security.spec.RSAPublicKeySpec; |
| import java.security.interfaces.RSAKey; |
| import java.security.interfaces.RSAPrivateCrtKey; |
| import java.security.interfaces.RSAPrivateKey; |
| import java.security.interfaces.RSAPublicKey; |
| |
| import java.security.KeyFactory; |
| import java.security.NoSuchAlgorithmException; |
| import java.security.SecureRandom; |
| |
| import java.security.spec.AlgorithmParameterSpec; |
| import java.security.spec.InvalidParameterSpecException; |
| import java.security.spec.InvalidKeySpecException; |
| |
| import javax.crypto.BadPaddingException; |
| import javax.crypto.Cipher; |
| import javax.crypto.CipherSpi; |
| import javax.crypto.SecretKey; |
| import javax.crypto.IllegalBlockSizeException; |
| import javax.crypto.NoSuchPaddingException; |
| import javax.crypto.ShortBufferException; |
| |
| import javax.crypto.spec.SecretKeySpec; |
| |
| import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec; |
| import sun.security.jca.JCAUtil; |
| import sun.security.util.KeyUtil; |
| |
| /** |
| * Asymmetric Cipher wrapper class utilizing ucrypto APIs. This class |
| * currently supports |
| * - RSA/ECB/NOPADDING |
| * - RSA/ECB/PKCS1PADDING |
| * |
| * @since 9 |
| */ |
| public class NativeRSACipher extends CipherSpi { |
| // fields set in constructor |
| private final UcryptoMech mech; |
| private final int padLen; |
| private final NativeRSAKeyFactory keyFactory; |
| private AlgorithmParameterSpec spec; |
| private SecureRandom random; |
| |
| // Keep a cache of RSA keys and their RSA NativeKey for reuse. |
| // When the RSA key is gc'ed, we let NativeKey phatom references cleanup |
| // the native allocation |
| private static final Map<Key, NativeKey> keyList = |
| Collections.synchronizedMap(new WeakHashMap<Key, NativeKey>()); |
| |
| // |
| // fields (re)set in every init() |
| // |
| private NativeKey key = null; |
| private int outputSize = 0; // e.g. modulus size in bytes |
| private boolean encrypt = true; |
| private byte[] buffer; |
| private int bufOfs = 0; |
| |
| // public implementation classes |
| public static final class NoPadding extends NativeRSACipher { |
| public NoPadding() throws NoSuchAlgorithmException { |
| super(UcryptoMech.CRYPTO_RSA_X_509, 0); |
| } |
| } |
| |
| public static final class PKCS1Padding extends NativeRSACipher { |
| public PKCS1Padding() throws NoSuchAlgorithmException { |
| super(UcryptoMech.CRYPTO_RSA_PKCS, 11); |
| } |
| } |
| |
| NativeRSACipher(UcryptoMech mech, int padLen) |
| throws NoSuchAlgorithmException { |
| this.mech = mech; |
| this.padLen = padLen; |
| this.keyFactory = new NativeRSAKeyFactory(); |
| } |
| |
| @Override |
| protected void engineSetMode(String mode) throws NoSuchAlgorithmException { |
| // Disallow change of mode for now since currently it's explicitly |
| // defined in transformation strings |
| throw new NoSuchAlgorithmException("Unsupported mode " + mode); |
| } |
| |
| // see JCE spec |
| @Override |
| protected void engineSetPadding(String padding) |
| throws NoSuchPaddingException { |
| // Disallow change of padding for now since currently it's explicitly |
| // defined in transformation strings |
| throw new NoSuchPaddingException("Unsupported padding " + padding); |
| } |
| |
| // see JCE spec |
| @Override |
| protected int engineGetBlockSize() { |
| return 0; |
| } |
| |
| // see JCE spec |
| @Override |
| protected synchronized int engineGetOutputSize(int inputLen) { |
| return outputSize; |
| } |
| |
| // see JCE spec |
| @Override |
| protected byte[] engineGetIV() { |
| return null; |
| } |
| |
| // see JCE spec |
| @Override |
| protected AlgorithmParameters engineGetParameters() { |
| return null; |
| } |
| |
| @Override |
| protected int engineGetKeySize(Key key) throws InvalidKeyException { |
| if (!(key instanceof RSAKey)) { |
| throw new InvalidKeyException("RSAKey required. Got: " + |
| key.getClass().getName()); |
| } |
| int n = ((RSAKey)key).getModulus().bitLength(); |
| // strip off the leading extra 0x00 byte prefix |
| int realByteSize = (n + 7) >> 3; |
| return realByteSize * 8; |
| } |
| |
| // see JCE spec |
| @Override |
| protected synchronized void engineInit(int opmode, Key key, SecureRandom random) |
| throws InvalidKeyException { |
| try { |
| engineInit(opmode, key, (AlgorithmParameterSpec)null, random); |
| } catch (InvalidAlgorithmParameterException e) { |
| throw new InvalidKeyException("init() failed", e); |
| } |
| } |
| |
| // see JCE spec |
| @Override |
| @SuppressWarnings("deprecation") |
| protected synchronized void engineInit(int opmode, Key newKey, |
| AlgorithmParameterSpec params, SecureRandom random) |
| throws InvalidKeyException, InvalidAlgorithmParameterException { |
| if (newKey == null) { |
| throw new InvalidKeyException("Key cannot be null"); |
| } |
| if (opmode != Cipher.ENCRYPT_MODE && |
| opmode != Cipher.DECRYPT_MODE && |
| opmode != Cipher.WRAP_MODE && |
| opmode != Cipher.UNWRAP_MODE) { |
| throw new InvalidAlgorithmParameterException |
| ("Unsupported mode: " + opmode); |
| } |
| if (params != null) { |
| if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) { |
| throw new InvalidAlgorithmParameterException( |
| "No Parameters can be specified"); |
| } |
| spec = params; |
| if (random == null) { |
| random = JCAUtil.getSecureRandom(); |
| } |
| this.random = random; // for TLS RSA premaster secret |
| } |
| boolean doEncrypt = (opmode == Cipher.ENCRYPT_MODE || opmode == Cipher.WRAP_MODE); |
| |
| // Make sure the proper opmode uses the proper key |
| if (doEncrypt && (!(newKey instanceof RSAPublicKey))) { |
| throw new InvalidKeyException("RSAPublicKey required for encryption." + |
| " Received: " + newKey.getClass().getName()); |
| } else if (!doEncrypt && (!(newKey instanceof RSAPrivateKey))) { |
| throw new InvalidKeyException("RSAPrivateKey required for decryption." + |
| " Received: " + newKey.getClass().getName()); |
| } |
| |
| NativeKey nativeKey = null; |
| // Check keyList cache for a nativeKey |
| nativeKey = keyList.get(newKey); |
| if (nativeKey == null) { |
| // With no existing nativeKey for this newKey, create one |
| if (doEncrypt) { |
| RSAPublicKey publicKey = (RSAPublicKey) newKey; |
| try { |
| nativeKey = (NativeKey) keyFactory.engineGeneratePublic |
| (new RSAPublicKeySpec(publicKey.getModulus(), publicKey.getPublicExponent())); |
| } catch (InvalidKeySpecException ikse) { |
| throw new InvalidKeyException(ikse); |
| } |
| } else { |
| try { |
| if (newKey instanceof RSAPrivateCrtKey) { |
| RSAPrivateCrtKey privateKey = (RSAPrivateCrtKey) newKey; |
| nativeKey = (NativeKey) keyFactory.engineGeneratePrivate |
| (new RSAPrivateCrtKeySpec(privateKey.getModulus(), |
| privateKey.getPublicExponent(), |
| privateKey.getPrivateExponent(), |
| privateKey.getPrimeP(), |
| privateKey.getPrimeQ(), |
| privateKey.getPrimeExponentP(), |
| privateKey.getPrimeExponentQ(), |
| privateKey.getCrtCoefficient())); |
| } else if (newKey instanceof RSAPrivateKey) { |
| RSAPrivateKey privateKey = (RSAPrivateKey) newKey; |
| nativeKey = (NativeKey) keyFactory.engineGeneratePrivate |
| (new RSAPrivateKeySpec(privateKey.getModulus(), |
| privateKey.getPrivateExponent())); |
| } else { |
| throw new InvalidKeyException("Unsupported type of RSAPrivateKey." + |
| " Received: " + newKey.getClass().getName()); |
| } |
| } catch (InvalidKeySpecException ikse) { |
| throw new InvalidKeyException(ikse); |
| } |
| } |
| |
| // Add nativeKey to keyList cache and associate it with newKey |
| keyList.put(newKey, nativeKey); |
| } |
| |
| init(doEncrypt, nativeKey); |
| } |
| |
| // see JCE spec |
| @Override |
| protected synchronized void engineInit(int opmode, Key key, AlgorithmParameters params, |
| SecureRandom random) |
| throws InvalidKeyException, InvalidAlgorithmParameterException { |
| if (params != null) { |
| throw new InvalidAlgorithmParameterException("No Parameters can be specified"); |
| } |
| engineInit(opmode, key, (AlgorithmParameterSpec) null, random); |
| } |
| |
| // see JCE spec |
| @Override |
| protected synchronized byte[] engineUpdate(byte[] in, int inOfs, int inLen) { |
| if (inLen > 0) { |
| update(in, inOfs, inLen); |
| } |
| return null; |
| } |
| |
| // see JCE spec |
| @Override |
| protected synchronized int engineUpdate(byte[] in, int inOfs, int inLen, byte[] out, |
| int outOfs) throws ShortBufferException { |
| if (out.length - outOfs < outputSize) { |
| throw new ShortBufferException("Output buffer too small. outputSize: " + |
| outputSize + ". out.length: " + out.length + ". outOfs: " + outOfs); |
| } |
| if (inLen > 0) { |
| update(in, inOfs, inLen); |
| } |
| return 0; |
| } |
| |
| // see JCE spec |
| @Override |
| protected synchronized byte[] engineDoFinal(byte[] in, int inOfs, int inLen) |
| throws IllegalBlockSizeException, BadPaddingException { |
| byte[] out = new byte[outputSize]; |
| try { |
| // delegate to the other engineDoFinal(...) method |
| int actualLen = engineDoFinal(in, inOfs, inLen, out, 0); |
| if (actualLen != outputSize) { |
| return Arrays.copyOf(out, actualLen); |
| } else { |
| return out; |
| } |
| } catch (ShortBufferException e) { |
| throw new UcryptoException("Internal Error", e); |
| } |
| } |
| |
| // see JCE spec |
| @Override |
| protected synchronized int engineDoFinal(byte[] in, int inOfs, int inLen, byte[] out, |
| int outOfs) |
| throws ShortBufferException, IllegalBlockSizeException, |
| BadPaddingException { |
| if (inLen != 0) { |
| update(in, inOfs, inLen); |
| } |
| return doFinal(out, outOfs, out.length - outOfs); |
| } |
| |
| |
| // see JCE spec |
| @Override |
| protected synchronized byte[] engineWrap(Key key) throws IllegalBlockSizeException, |
| InvalidKeyException { |
| try { |
| byte[] encodedKey = key.getEncoded(); |
| if ((encodedKey == null) || (encodedKey.length == 0)) { |
| throw new InvalidKeyException("Cannot get an encoding of " + |
| "the key to be wrapped"); |
| } |
| if (encodedKey.length > buffer.length) { |
| throw new InvalidKeyException("Key is too long for wrapping. " + |
| "encodedKey.length: " + encodedKey.length + |
| ". buffer.length: " + buffer.length); |
| } |
| return engineDoFinal(encodedKey, 0, encodedKey.length); |
| } catch (BadPaddingException e) { |
| // Should never happen for key wrapping |
| throw new UcryptoException("Internal Error", e); |
| } |
| } |
| |
| // see JCE spec |
| @Override |
| @SuppressWarnings("deprecation") |
| protected synchronized Key engineUnwrap(byte[] wrappedKey, |
| String wrappedKeyAlgorithm, int wrappedKeyType) |
| throws InvalidKeyException, NoSuchAlgorithmException { |
| |
| if (wrappedKey.length > buffer.length) { |
| throw new InvalidKeyException("Key is too long for unwrapping." + |
| " wrappedKey.length: " + wrappedKey.length + |
| ". buffer.length: " + buffer.length); |
| } |
| |
| boolean isTlsRsaPremasterSecret = |
| wrappedKeyAlgorithm.equals("TlsRsaPremasterSecret"); |
| Exception failover = null; |
| |
| byte[] encodedKey = null; |
| try { |
| encodedKey = engineDoFinal(wrappedKey, 0, wrappedKey.length); |
| } catch (BadPaddingException bpe) { |
| if (isTlsRsaPremasterSecret) { |
| failover = bpe; |
| } else { |
| throw new InvalidKeyException("Unwrapping failed", bpe); |
| } |
| } catch (Exception e) { |
| throw new InvalidKeyException("Unwrapping failed", e); |
| } |
| |
| if (isTlsRsaPremasterSecret) { |
| if (!(spec instanceof TlsRsaPremasterSecretParameterSpec)) { |
| throw new IllegalStateException( |
| "No TlsRsaPremasterSecretParameterSpec specified"); |
| } |
| |
| // polish the TLS premaster secret |
| encodedKey = KeyUtil.checkTlsPreMasterSecretKey( |
| ((TlsRsaPremasterSecretParameterSpec)spec).getClientVersion(), |
| ((TlsRsaPremasterSecretParameterSpec)spec).getServerVersion(), |
| random, encodedKey, (failover != null)); |
| } |
| |
| return NativeCipher.constructKey(wrappedKeyType, |
| encodedKey, wrappedKeyAlgorithm); |
| } |
| |
| /** |
| * calls ucrypto_encrypt(...) or ucrypto_decrypt(...) |
| * @return the length of output or an negative error status code |
| */ |
| private native static int nativeAtomic(int mech, boolean encrypt, |
| long keyValue, int keyLength, |
| byte[] in, int inLen, |
| byte[] out, int ouOfs, int outLen); |
| |
| // do actual initialization |
| private void init(boolean encrypt, NativeKey key) { |
| this.encrypt = encrypt; |
| this.key = key; |
| try { |
| this.outputSize = engineGetKeySize(key)/8; |
| } catch (InvalidKeyException ike) { |
| throw new UcryptoException("Internal Error", ike); |
| } |
| this.buffer = new byte[outputSize]; |
| this.bufOfs = 0; |
| } |
| |
| // store the specified input into the internal buffer |
| private void update(byte[] in, int inOfs, int inLen) { |
| if ((inLen <= 0) || (in == null)) { |
| return; |
| } |
| // buffer bytes internally until doFinal is called |
| if ((bufOfs + inLen + (encrypt? padLen:0)) > buffer.length) { |
| // lead to IllegalBlockSizeException when doFinal() is called |
| bufOfs = buffer.length + 1; |
| return; |
| } |
| System.arraycopy(in, inOfs, buffer, bufOfs, inLen); |
| bufOfs += inLen; |
| } |
| |
| // return the actual non-negative output length |
| private int doFinal(byte[] out, int outOfs, int outLen) |
| throws ShortBufferException, IllegalBlockSizeException, |
| BadPaddingException { |
| if (bufOfs > buffer.length) { |
| throw new IllegalBlockSizeException( |
| "Data must not be longer than " + |
| (buffer.length - (encrypt ? padLen : 0)) + " bytes"); |
| } |
| if (outLen < outputSize) { |
| throw new ShortBufferException(); |
| } |
| try { |
| long keyValue = key.value(); |
| int k = nativeAtomic(mech.value(), encrypt, keyValue, |
| key.length(), buffer, bufOfs, |
| out, outOfs, outLen); |
| if (k < 0) { |
| if ( k == -16 || k == -64) { |
| // -16: CRYPTO_ENCRYPTED_DATA_INVALID |
| // -64: CKR_ENCRYPTED_DATA_INVALID, see bug 17459266 |
| UcryptoException ue = new UcryptoException(16); |
| BadPaddingException bpe = |
| new BadPaddingException("Invalid encryption data"); |
| bpe.initCause(ue); |
| throw bpe; |
| } |
| throw new UcryptoException(-k); |
| } |
| |
| return k; |
| } finally { |
| bufOfs = 0; |
| } |
| } |
| } |