Bug Summary

File:jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_keymgmt.c
Warning:line 314, column 13
Value stored to 'rv' is never read

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name p11_keymgmt.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -mthread-model posix -fno-delete-null-pointer-checks -mframe-pointer=all -relaxed-aliasing -fmath-errno -fno-rounding-math -masm-verbose -mconstructor-aliases -munwind-tables -target-cpu x86-64 -dwarf-column-info -fno-split-dwarf-inlining -debugger-tuning=gdb -resource-dir /usr/lib/llvm-10/lib/clang/10.0.0 -I /home/daniel/Projects/java/jdk/build/linux-x86_64-server-fastdebug/support/modules_include/java.base -I /home/daniel/Projects/java/jdk/build/linux-x86_64-server-fastdebug/support/modules_include/java.base/linux -I /home/daniel/Projects/java/jdk/src/java.base/share/native/libjava -I /home/daniel/Projects/java/jdk/src/java.base/unix/native/libjava -I /home/daniel/Projects/java/jdk/src/hotspot/share/include -I /home/daniel/Projects/java/jdk/src/hotspot/os/posix/include -D LIBC=gnu -D _GNU_SOURCE -D _REENTRANT -D _LARGEFILE64_SOURCE -D LINUX -D DEBUG -D _LITTLE_ENDIAN -D ARCH="amd64" -D amd64 -D _LP64=1 -I /home/daniel/Projects/java/jdk/src/jdk.crypto.cryptoki/unix/native/libj2pkcs11 -I /home/daniel/Projects/java/jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11 -I /home/daniel/Projects/java/jdk/build/linux-x86_64-server-fastdebug/support/headers/jdk.crypto.cryptoki -D _FORTIFY_SOURCE=2 -internal-isystem /usr/local/include -internal-isystem /usr/lib/llvm-10/lib/clang/10.0.0/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O2 -Wno-unused-parameter -Wno-unused -std=c99 -fdebug-compilation-dir /home/daniel/Projects/java/jdk/make -ferror-limit 19 -fmessage-length 0 -fvisibility hidden -stack-protector 1 -fgnuc-version=4.2.1 -fobjc-runtime=gcc -fdiagnostics-show-option -vectorize-loops -vectorize-slp -analyzer-output=html -faddrsig -o /home/daniel/Projects/java/scan/2021-12-21-193737-8510-1 -x c /home/daniel/Projects/java/jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_keymgmt.c
1/*
2 * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
3 */
4
5/* Copyright (c) 2002 Graz University of Technology. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright notice,
11 * this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright notice,
14 * this list of conditions and the following disclaimer in the documentation
15 * and/or other materials provided with the distribution.
16 *
17 * 3. The end-user documentation included with the redistribution, if any, must
18 * include the following acknowledgment:
19 *
20 * "This product includes software developed by IAIK of Graz University of
21 * Technology."
22 *
23 * Alternately, this acknowledgment may appear in the software itself, if
24 * and wherever such third-party acknowledgments normally appear.
25 *
26 * 4. The names "Graz University of Technology" and "IAIK of Graz University of
27 * Technology" must not be used to endorse or promote products derived from
28 * this software without prior written permission.
29 *
30 * 5. Products derived from this software may not be called
31 * "IAIK PKCS Wrapper", nor may "IAIK" appear in their name, without prior
32 * written permission of Graz University of Technology.
33 *
34 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
35 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
36 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
37 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE LICENSOR BE
38 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
39 * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
40 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
41 * OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
42 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
43 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
44 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
45 * POSSIBILITY OF SUCH DAMAGE.
46 */
47
48#include "pkcs11wrapper.h"
49
50#include <stdio.h>
51#include <stdlib.h>
52#include <string.h>
53#include <assert.h>
54
55#include "sun_security_pkcs11_wrapper_PKCS11.h"
56
57#ifdef P11_ENABLE_GETNATIVEKEYINFO
58
59#define CK_ATTRIBUTES_TEMPLATE_LENGTH(CK_ULONG)61U (CK_ULONG)61U
60
61static CK_ATTRIBUTE ckpAttributesTemplate[CK_ATTRIBUTES_TEMPLATE_LENGTH(CK_ULONG)61U] = {
62 {CKA_CLASS0x00000000UL, 0, 0},
63 {CKA_TOKEN0x00000001UL, 0, 0},
64 {CKA_PRIVATE0x00000002UL, 0, 0},
65 {CKA_LABEL0x00000003UL, 0, 0},
66 {CKA_APPLICATION0x00000010UL, 0, 0},
67 {CKA_VALUE0x00000011UL, 0, 0},
68 {CKA_OBJECT_ID0x00000012UL, 0, 0},
69 {CKA_CERTIFICATE_TYPE0x00000080UL, 0, 0},
70 {CKA_ISSUER0x00000081UL, 0, 0},
71 {CKA_SERIAL_NUMBER0x00000082UL, 0, 0},
72 {CKA_AC_ISSUER0x00000083UL, 0, 0},
73 {CKA_OWNER0x00000084UL, 0, 0},
74 {CKA_ATTR_TYPES0x00000085UL, 0, 0},
75 {CKA_TRUSTED0x00000086UL, 0, 0},
76 {CKA_KEY_TYPE0x00000100UL, 0, 0},
77 {CKA_SUBJECT0x00000101UL, 0, 0},
78 {CKA_ID0x00000102UL, 0, 0},
79 {CKA_SENSITIVE0x00000103UL, 0, 0},
80 {CKA_ENCRYPT0x00000104UL, 0, 0},
81 {CKA_DECRYPT0x00000105UL, 0, 0},
82 {CKA_WRAP0x00000106UL, 0, 0},
83 {CKA_UNWRAP0x00000107UL, 0, 0},
84 {CKA_SIGN0x00000108UL, 0, 0},
85 {CKA_SIGN_RECOVER0x00000109UL, 0, 0},
86 {CKA_VERIFY0x0000010AUL, 0, 0},
87 {CKA_VERIFY_RECOVER0x0000010BUL, 0, 0},
88 {CKA_DERIVE0x0000010CUL, 0, 0},
89 {CKA_START_DATE0x00000110UL, 0, 0},
90 {CKA_END_DATE0x00000111UL, 0, 0},
91 {CKA_MODULUS0x00000120UL, 0, 0},
92 {CKA_MODULUS_BITS0x00000121UL, 0, 0},
93 {CKA_PUBLIC_EXPONENT0x00000122UL, 0, 0},
94 {CKA_PRIVATE_EXPONENT0x00000123UL, 0, 0},
95 {CKA_PRIME_10x00000124UL, 0, 0},
96 {CKA_PRIME_20x00000125UL, 0, 0},
97 {CKA_EXPONENT_10x00000126UL, 0, 0},
98 {CKA_EXPONENT_20x00000127UL, 0, 0},
99 {CKA_COEFFICIENT0x00000128UL, 0, 0},
100 {CKA_PRIME0x00000130UL, 0, 0},
101 {CKA_SUBPRIME0x00000131UL, 0, 0},
102 {CKA_BASE0x00000132UL, 0, 0},
103 {CKA_PRIME_BITS0x00000133UL, 0, 0},
104 {CKA_SUB_PRIME_BITS0x00000134UL, 0, 0},
105 {CKA_VALUE_BITS0x00000160UL, 0, 0},
106 {CKA_VALUE_LEN0x00000161UL, 0, 0},
107 {CKA_EXTRACTABLE0x00000162UL, 0, 0},
108 {CKA_LOCAL0x00000163UL, 0, 0},
109 {CKA_NEVER_EXTRACTABLE0x00000164UL, 0, 0},
110 {CKA_ALWAYS_SENSITIVE0x00000165UL, 0, 0},
111 {CKA_KEY_GEN_MECHANISM0x00000166UL, 0, 0},
112 {CKA_MODIFIABLE0x00000170UL, 0, 0},
113 {CKA_ECDSA_PARAMS0x00000180UL, 0, 0},
114 {CKA_EC_PARAMS0x00000180UL, 0, 0},
115 {CKA_EC_POINT0x00000181UL, 0, 0},
116 {CKA_SECONDARY_AUTH0x00000200UL, 0, 0},
117 {CKA_AUTH_PIN_FLAGS0x00000201UL, 0, 0},
118 {CKA_HW_FEATURE_TYPE0x00000300UL, 0, 0},
119 {CKA_RESET_ON_INIT0x00000301UL, 0, 0},
120 {CKA_HAS_RESET0x00000302UL, 0, 0},
121 {CKA_VENDOR_DEFINED0x80000000UL, 0, 0},
122 {CKA_NETSCAPE_DB0xD5A0DB00, 0, 0},
123};
124
125/*
126 * Class: sun_security_pkcs11_wrapper_PKCS11
127 * Method: getNativeKeyInfo
128 * Signature: (JJJLsun/security/pkcs11/wrapper/CK_MECHANISM;)[B
129 * Parametermapping: *PKCS11*
130 * @param jlong jSessionHandle CK_SESSION_HANDLE hSession
131 * @param jlong jKeyHandle CK_OBJECT_HANDLE hObject
132 * @param jlong jWrappingKeyHandle CK_OBJECT_HANDLE hObject
133 * @param jobject jWrappingMech CK_MECHANISM_PTR pMechanism
134 * @return jbyteArray jNativeKeyInfo -
135 */
136JNIEXPORT__attribute__((visibility("default"))) jbyteArray JNICALL
137Java_sun_security_pkcs11_wrapper_PKCS11_getNativeKeyInfo
138 (JNIEnv *env, jobject obj, jlong jSessionHandle, jlong jKeyHandle,
139 jlong jWrappingKeyHandle, jobject jWrappingMech)
140{
141 jbyteArray returnValue = NULL((void*)0);
142 CK_SESSION_HANDLE ckSessionHandle = jLongToCKULong(jSessionHandle)((CK_ULONG) jSessionHandle);
143 CK_OBJECT_HANDLE ckObjectHandle = jLongToCKULong(jKeyHandle)((CK_ULONG) jKeyHandle);
144 CK_ATTRIBUTE_PTR ckpAttributes = NULL((void*)0);
145 CK_RV rv;
146 jbyteArray nativeKeyInfoArray = NULL((void*)0);
147 jbyteArray nativeKeyInfoWrappedKeyArray = NULL((void*)0);
148 jbyte* nativeKeyInfoArrayRaw = NULL((void*)0);
149 jbyte* nativeKeyInfoWrappedKeyArrayRaw = NULL((void*)0);
150 unsigned int sensitiveAttributePosition = (unsigned int)-1;
151 unsigned int i = 0U;
152 unsigned long totalDataSize = 0UL, attributesCount = 0UL;
153 unsigned long totalCkAttributesSize = 0UL, totalNativeKeyInfoArraySize = 0UL;
154 jbyte* wrappedKeySizePtr = NULL((void*)0);
155 jbyte* nativeKeyInfoArrayRawCkAttributes = NULL((void*)0);
156 jbyte* nativeKeyInfoArrayRawCkAttributesPtr = NULL((void*)0);
157 jbyte* nativeKeyInfoArrayRawDataPtr = NULL((void*)0);
158 CK_MECHANISM_PTR ckpMechanism = NULL((void*)0);
159 char iv[16] = {0x0};
160 CK_ULONG ckWrappedKeyLength = 0U;
161 jbyte* wrappedKeySizeWrappedKeyArrayPtr = NULL((void*)0);
162 CK_BYTE_PTR wrappedKeyBufferPtr = NULL((void*)0);
163 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
164 CK_OBJECT_CLASS class;
165 CK_KEY_TYPE keyType;
166 CK_BBOOL sensitive;
167 CK_BBOOL netscapeAttributeValueNeeded = CK_FALSE0;
168 CK_ATTRIBUTE ckNetscapeAttributesTemplate[4];
169 ckNetscapeAttributesTemplate[0].type = CKA_CLASS0x00000000UL;
170 ckNetscapeAttributesTemplate[1].type = CKA_KEY_TYPE0x00000100UL;
171 ckNetscapeAttributesTemplate[2].type = CKA_SENSITIVE0x00000103UL;
172 ckNetscapeAttributesTemplate[3].type = CKA_NETSCAPE_DB0xD5A0DB00;
173 ckNetscapeAttributesTemplate[0].pValue = &class;
174 ckNetscapeAttributesTemplate[1].pValue = &keyType;
175 ckNetscapeAttributesTemplate[2].pValue = &sensitive;
176 ckNetscapeAttributesTemplate[3].pValue = 0;
177 ckNetscapeAttributesTemplate[0].ulValueLen = sizeof(class);
178 ckNetscapeAttributesTemplate[1].ulValueLen = sizeof(keyType);
179 ckNetscapeAttributesTemplate[2].ulValueLen = sizeof(sensitive);
180 ckNetscapeAttributesTemplate[3].ulValueLen = 0;
181
182 if (ckpFunctions == NULL((void*)0)) { goto cleanup; }
183
184 // If key is private and of DSA or EC type, NSS may require CKA_NETSCAPE_DB
185 // attribute to unwrap it.
186 rv = (*ckpFunctions->C_GetAttributeValue)(ckSessionHandle, ckObjectHandle,
187 ckNetscapeAttributesTemplate,
188 sizeof(ckNetscapeAttributesTemplate)/sizeof(CK_ATTRIBUTE));
189
190 if (rv == CKR_OK0x00000000UL && class == CKO_PRIVATE_KEY0x00000003UL &&
191 (keyType == CKK_EC0x00000003UL || keyType == CKK_DSA0x00000001UL) &&
192 sensitive == CK_TRUE1 &&
193 ckNetscapeAttributesTemplate[3].ulValueLen == CK_UNAVAILABLE_INFORMATION(~0UL)) {
194 // We cannot set the attribute through C_SetAttributeValue here
195 // because it might be read-only. However, we can add it to
196 // the extracted buffer.
197 netscapeAttributeValueNeeded = CK_TRUE1;
198 TRACE0("DEBUG: override CKA_NETSCAPE_DB attr value to TRUE\n");
199 }
200
201 ckpAttributes = (CK_ATTRIBUTE_PTR) calloc(
202 CK_ATTRIBUTES_TEMPLATE_LENGTH(CK_ULONG)61U, sizeof(CK_ATTRIBUTE));
203 if (ckpAttributes == NULL((void*)0)) {
204 throwOutOfMemoryError(env, 0);
205 goto cleanup;
206 }
207 memcpy(ckpAttributes, ckpAttributesTemplate,
208 CK_ATTRIBUTES_TEMPLATE_LENGTH(CK_ULONG)61U * sizeof(CK_ATTRIBUTE));
209
210 // Get sizes for value buffers
211 // NOTE: may return an error code but length values are filled anyways
212 (*ckpFunctions->C_GetAttributeValue)(ckSessionHandle, ckObjectHandle,
213 ckpAttributes, CK_ATTRIBUTES_TEMPLATE_LENGTH(CK_ULONG)61U);
214
215 for (i = 0; i < CK_ATTRIBUTES_TEMPLATE_LENGTH(CK_ULONG)61U; i++) {
216 if ((ckpAttributes+i)->ulValueLen != CK_UNAVAILABLE_INFORMATION(~0UL)) {
217 totalDataSize += (ckpAttributes+i)->ulValueLen;
218 if ((ckpAttributes+i)->type == CKA_SENSITIVE0x00000103UL) {
219 sensitiveAttributePosition = attributesCount;
220 TRACE0("DEBUG: GetNativeKeyInfo key is sensitive");
221 }
222 attributesCount++;
223 }
224 }
225
226 if (netscapeAttributeValueNeeded) {
227 attributesCount++;
228 }
229
230 // Allocate a single buffer to hold valid attributes and attribute's values
231 // Buffer structure: [ attributes-size, [ ... attributes ... ],
232 // values-size, [ ... values ... ], wrapped-key-size,
233 // [ ... wrapped-key ... ] ]
234 // * sizes are expressed in bytes and data type is unsigned long
235 totalCkAttributesSize = attributesCount * sizeof(CK_ATTRIBUTE);
236 TRACE1("DEBUG: GetNativeKeyInfo attributesCount = %lu\n", attributesCount);
237 TRACE1("DEBUG: GetNativeKeyInfo sizeof CK_ATTRIBUTE = %zu\n", sizeof(CK_ATTRIBUTE));
238 TRACE1("DEBUG: GetNativeKeyInfo totalCkAttributesSize = %lu\n", totalCkAttributesSize);
239 TRACE1("DEBUG: GetNativeKeyInfo totalDataSize = %lu\n", totalDataSize);
240
241 totalNativeKeyInfoArraySize =
242 totalCkAttributesSize + sizeof(unsigned long) * 3 + totalDataSize;
243
244 TRACE1("DEBUG: GetNativeKeyInfo totalNativeKeyInfoArraySize = %lu\n", totalNativeKeyInfoArraySize);
245
246 nativeKeyInfoArray = (*env)->NewByteArray(env, totalNativeKeyInfoArraySize);
247 if (nativeKeyInfoArray == NULL((void*)0)) {
248 goto cleanup;
249 }
250
251 nativeKeyInfoArrayRaw = (*env)->GetByteArrayElements(env, nativeKeyInfoArray,
252 NULL((void*)0));
253 if (nativeKeyInfoArrayRaw == NULL((void*)0)) {
254 goto cleanup;
255 }
256
257 wrappedKeySizePtr = nativeKeyInfoArrayRaw +
258 sizeof(unsigned long)*2 + totalCkAttributesSize + totalDataSize;
259 memcpy(nativeKeyInfoArrayRaw, &totalCkAttributesSize, sizeof(unsigned long));
260
261 memcpy(nativeKeyInfoArrayRaw + sizeof(unsigned long) + totalCkAttributesSize,
262 &totalDataSize, sizeof(unsigned long));
263
264 memset(wrappedKeySizePtr, 0, sizeof(unsigned long));
265
266 nativeKeyInfoArrayRawCkAttributes = nativeKeyInfoArrayRaw +
267 sizeof(unsigned long);
268 nativeKeyInfoArrayRawCkAttributesPtr = nativeKeyInfoArrayRawCkAttributes;
269 nativeKeyInfoArrayRawDataPtr = nativeKeyInfoArrayRaw +
270 totalCkAttributesSize + sizeof(unsigned long) * 2;
271
272 for (i = 0; i < CK_ATTRIBUTES_TEMPLATE_LENGTH(CK_ULONG)61U; i++) {
273 if ((ckpAttributes+i)->ulValueLen != CK_UNAVAILABLE_INFORMATION(~0UL)) {
274 (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).type =
275 (ckpAttributes+i)->type;
276 (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).ulValueLen =
277 (ckpAttributes+i)->ulValueLen;
278 if ((ckpAttributes+i)->ulValueLen != 0) {
279 (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).pValue =
280 nativeKeyInfoArrayRawDataPtr;
281 } else {
282 (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).pValue = 0;
283 }
284 nativeKeyInfoArrayRawDataPtr +=
285 (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).ulValueLen;
286 nativeKeyInfoArrayRawCkAttributesPtr += sizeof(CK_ATTRIBUTE);
287 }
288 }
289
290 TRACE0("DEBUG: GetNativeKeyInfo finished prepping nativeKeyInfoArray\n");
291
292 // Get attribute's values
293 rv = (*ckpFunctions->C_GetAttributeValue)(ckSessionHandle, ckObjectHandle,
294 (CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributes,
295 attributesCount);
296 if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK0L) {
297 goto cleanup;
298 }
299
300 TRACE0("DEBUG: GetNativeKeyInfo 1st C_GetAttributeValue call passed\n");
301
302 if (netscapeAttributeValueNeeded) {
303 (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).type = CKA_NETSCAPE_DB0xD5A0DB00;
304 // Value is not needed, public key is not used
305 }
306
307 if ((sensitiveAttributePosition != (unsigned int)-1) &&
308 *(CK_BBOOL*)(((CK_ATTRIBUTE_PTR)(((CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributes)
309 +sensitiveAttributePosition))->pValue) == CK_TRUE1) {
310 // Key is sensitive. Need to extract it wrapped.
311 if (jWrappingKeyHandle != 0) {
312
313 ckpMechanism = jMechanismToCKMechanismPtr(env, jWrappingMech);
314 rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, ckpMechanism,
Value stored to 'rv' is never read
315 jLongToCKULong(jWrappingKeyHandle)((CK_ULONG) jWrappingKeyHandle), ckObjectHandle,
316 NULL_PTR0, &ckWrappedKeyLength);
317 if (ckWrappedKeyLength != 0) {
318 // Allocate space for getting the wrapped key
319 nativeKeyInfoWrappedKeyArray = (*env)->NewByteArray(env,
320 totalNativeKeyInfoArraySize + ckWrappedKeyLength);
321 if (nativeKeyInfoWrappedKeyArray == NULL((void*)0)) {
322 goto cleanup;
323 }
324 nativeKeyInfoWrappedKeyArrayRaw =
325 (*env)->GetByteArrayElements(env,
326 nativeKeyInfoWrappedKeyArray, NULL((void*)0));
327 if (nativeKeyInfoWrappedKeyArrayRaw == NULL((void*)0)) {
328 goto cleanup;
329 }
330 memcpy(nativeKeyInfoWrappedKeyArrayRaw, nativeKeyInfoArrayRaw,
331 totalNativeKeyInfoArraySize);
332 wrappedKeySizeWrappedKeyArrayPtr =
333 nativeKeyInfoWrappedKeyArrayRaw +
334 sizeof(unsigned long)*2 + totalCkAttributesSize +
335 totalDataSize;
336 memcpy(wrappedKeySizeWrappedKeyArrayPtr, &ckWrappedKeyLength, sizeof(unsigned long));
337 TRACE1("DEBUG: GetNativeKeyInfo 1st C_WrapKey wrappedKeyLength = %lu\n", ckWrappedKeyLength);
338
339 wrappedKeyBufferPtr =
340 (CK_BYTE_PTR) (wrappedKeySizeWrappedKeyArrayPtr +
341 sizeof(unsigned long));
342 rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, ckpMechanism,
343 jLongToCKULong(jWrappingKeyHandle)((CK_ULONG) jWrappingKeyHandle),ckObjectHandle,
344 wrappedKeyBufferPtr, &ckWrappedKeyLength);
345 if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK0L) {
346 goto cleanup;
347 }
348 memcpy(wrappedKeySizeWrappedKeyArrayPtr, &ckWrappedKeyLength, sizeof(unsigned long));
349 TRACE1("DEBUG: GetNativeKeyInfo 2nd C_WrapKey wrappedKeyLength = %lu\n", ckWrappedKeyLength);
350 } else {
351 goto cleanup;
352 }
353 } else {
354 ckAssertReturnValueOK(env, CKR_KEY_HANDLE_INVALID0x00000060UL);
355 goto cleanup;
356 }
357 returnValue = nativeKeyInfoWrappedKeyArray;
358 } else {
359 returnValue = nativeKeyInfoArray;
360 }
361
362cleanup:
363 if (ckpAttributes != NULL((void*)0)) {
364 free(ckpAttributes);
365 }
366
367 if (nativeKeyInfoArrayRaw != NULL((void*)0)) {
368 (*env)->ReleaseByteArrayElements(env, nativeKeyInfoArray,
369 nativeKeyInfoArrayRaw, 0);
370 }
371
372 if (nativeKeyInfoWrappedKeyArrayRaw != NULL((void*)0)) {
373 (*env)->ReleaseByteArrayElements(env, nativeKeyInfoWrappedKeyArray,
374 nativeKeyInfoWrappedKeyArrayRaw, 0);
375 }
376
377 if (nativeKeyInfoArray != NULL((void*)0) && returnValue != nativeKeyInfoArray) {
378 (*env)->DeleteLocalRef(env, nativeKeyInfoArray);
379 }
380
381 if (nativeKeyInfoWrappedKeyArray != NULL((void*)0)
382 && returnValue != nativeKeyInfoWrappedKeyArray) {
383 (*env)->DeleteLocalRef(env, nativeKeyInfoWrappedKeyArray);
384 }
385 freeCKMechanismPtr(ckpMechanism);
386
387 return returnValue;
388}
389#endif
390
391#ifdef P11_ENABLE_CREATENATIVEKEY
392/*
393 * Class: sun_security_pkcs11_wrapper_PKCS11
394 * Method: createNativeKey
395 * Signature: (J[BJLsun/security/pkcs11/wrapper/CK_MECHANISM;)J
396 * Parametermapping: *PKCS11*
397 * @param jlong jSessionHandle CK_SESSION_HANDLE hSession
398 * @param jbyteArray jNativeKeyInfo -
399 * @param jlong jWrappingKeyHandle CK_OBJECT_HANDLE hObject
400 * @param jobject jWrappingMech CK_MECHANISM_PTR pMechanism
401 * @return jlong jKeyHandle CK_OBJECT_HANDLE hObject
402 */
403JNIEXPORT__attribute__((visibility("default"))) jlong JNICALL
404Java_sun_security_pkcs11_wrapper_PKCS11_createNativeKey
405 (JNIEnv *env, jobject obj, jlong jSessionHandle, jbyteArray jNativeKeyInfo,
406 jlong jWrappingKeyHandle, jobject jWrappingMech)
407{
408 CK_OBJECT_HANDLE ckObjectHandle;
409 CK_RV rv;
410 CK_SESSION_HANDLE ckSessionHandle = jLongToCKULong(jSessionHandle)((CK_ULONG) jSessionHandle);
411 jbyte* nativeKeyInfoArrayRaw = NULL((void*)0);
412 jlong jObjectHandle = 0L;
413 unsigned long totalCkAttributesSize = 0UL;
414 unsigned long nativeKeyInfoCkAttributesCount = 0UL;
415 jbyte* nativeKeyInfoArrayRawCkAttributes = NULL((void*)0);
416 jbyte* nativeKeyInfoArrayRawCkAttributesPtr = NULL((void*)0);
417 jbyte* nativeKeyInfoArrayRawDataPtr = NULL((void*)0);
418 unsigned long totalDataSize = 0UL;
419 jbyte* wrappedKeySizePtr = NULL((void*)0);
420 unsigned int i = 0U;
421 CK_MECHANISM_PTR ckpMechanism = NULL((void*)0);
422 char iv[16] = {0x0};
423 CK_ULONG ckWrappedKeyLength = 0UL;
424 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
425
426 if (ckpFunctions == NULL((void*)0)) { goto cleanup; }
427
428 nativeKeyInfoArrayRaw =
429 (*env)->GetByteArrayElements(env, jNativeKeyInfo, NULL((void*)0));
430 if (nativeKeyInfoArrayRaw == NULL((void*)0)) {
431 goto cleanup;
432 }
433
434 memcpy(&totalCkAttributesSize, nativeKeyInfoArrayRaw, sizeof(unsigned long));
435 TRACE1("DEBUG: createNativeKey totalCkAttributesSize = %lu\n", totalCkAttributesSize);
436 nativeKeyInfoCkAttributesCount = totalCkAttributesSize/sizeof(CK_ATTRIBUTE);
437 TRACE1("DEBUG: createNativeKey nativeKeyInfoCkAttributesCount = %lu\n", nativeKeyInfoCkAttributesCount);
438
439 nativeKeyInfoArrayRawCkAttributes = nativeKeyInfoArrayRaw +
440 sizeof(unsigned long);
441 nativeKeyInfoArrayRawCkAttributesPtr = nativeKeyInfoArrayRawCkAttributes;
442 nativeKeyInfoArrayRawDataPtr = nativeKeyInfoArrayRaw +
443 totalCkAttributesSize + sizeof(unsigned long) * 2;
444 memcpy(&totalDataSize, (nativeKeyInfoArrayRaw + totalCkAttributesSize + sizeof(unsigned long)),
445 sizeof(unsigned long));
446 TRACE1("DEBUG: createNativeKey totalDataSize = %lu\n", totalDataSize);
447
448 wrappedKeySizePtr = nativeKeyInfoArrayRaw +
449 sizeof(unsigned long)*2 + totalCkAttributesSize + totalDataSize;
450
451 memcpy(&ckWrappedKeyLength, wrappedKeySizePtr, sizeof(unsigned long));
452 TRACE1("DEBUG: createNativeKey wrappedKeyLength = %lu\n", ckWrappedKeyLength);
453
454 for (i = 0; i < nativeKeyInfoCkAttributesCount; i++) {
455 if ((*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).ulValueLen
456 > 0) {
457 (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).pValue =
458 nativeKeyInfoArrayRawDataPtr;
459 }
460 nativeKeyInfoArrayRawDataPtr +=
461 (*(CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributesPtr).ulValueLen;
462 nativeKeyInfoArrayRawCkAttributesPtr += sizeof(CK_ATTRIBUTE);
463 }
464
465 if (ckWrappedKeyLength == 0) {
466 // Not a wrapped key
467 rv = (*ckpFunctions->C_CreateObject)(ckSessionHandle,
468 (CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributes,
469 jLongToCKULong(nativeKeyInfoCkAttributesCount)((CK_ULONG) nativeKeyInfoCkAttributesCount), &ckObjectHandle);
470 } else {
471 // Wrapped key
472 ckpMechanism = jMechanismToCKMechanismPtr(env, jWrappingMech);
473 rv = (*ckpFunctions->C_UnwrapKey)(ckSessionHandle, ckpMechanism,
474 jLongToCKULong(jWrappingKeyHandle)((CK_ULONG) jWrappingKeyHandle),
475 (CK_BYTE_PTR)(wrappedKeySizePtr + sizeof(unsigned long)),
476 ckWrappedKeyLength,
477 (CK_ATTRIBUTE_PTR)nativeKeyInfoArrayRawCkAttributes,
478 jLongToCKULong(nativeKeyInfoCkAttributesCount)((CK_ULONG) nativeKeyInfoCkAttributesCount),
479 &ckObjectHandle);
480 }
481 if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK0L) {
482 goto cleanup;
483 }
484
485 jObjectHandle = ckULongToJLong(ckObjectHandle)((jlong) ckObjectHandle);
486
487cleanup:
488
489 if (nativeKeyInfoArrayRaw != NULL((void*)0)) {
490 (*env)->ReleaseByteArrayElements(env, jNativeKeyInfo,
491 nativeKeyInfoArrayRaw, JNI_ABORT2);
492 }
493
494 freeCKMechanismPtr(ckpMechanism);
495 return jObjectHandle;
496}
497#endif
498
499#ifdef P11_ENABLE_C_GENERATEKEY
500/*
501 * Class: sun_security_pkcs11_wrapper_PKCS11
502 * Method: C_GenerateKey
503 * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;)J
504 * Parametermapping: *PKCS11*
505 * @param jlong jSessionHandle CK_SESSION_HANDLE hSession
506 * @param jobject jMechanism CK_MECHANISM_PTR pMechanism
507 * @param jobjectArray jTemplate CK_ATTRIBUTE_PTR pTemplate
508 * CK_ULONG ulCount
509 * @return jlong jKeyHandle CK_OBJECT_HANDLE_PTR phKey
510 */
511JNIEXPORT__attribute__((visibility("default"))) jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GenerateKey
512 (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jobjectArray jTemplate)
513{
514 CK_SESSION_HANDLE ckSessionHandle;
515 CK_MECHANISM_PTR ckpMechanism = NULL((void*)0);
516 CK_ATTRIBUTE_PTR ckpAttributes = NULL_PTR0;
517 CK_ULONG ckAttributesLength = 0;
518 CK_OBJECT_HANDLE ckKeyHandle = 0;
519 jlong jKeyHandle = 0L;
520 CK_RV rv;
521
522 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
523 if (ckpFunctions == NULL((void*)0)) { return 0L; }
524
525 ckSessionHandle = jLongToCKULong(jSessionHandle)((CK_ULONG) jSessionHandle);
526 ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism);
527 if ((*env)->ExceptionCheck(env)) { return 0L ; }
528
529 jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength);
530 if ((*env)->ExceptionCheck(env)) {
531 goto cleanup;
532 }
533
534 rv = (*ckpFunctions->C_GenerateKey)(ckSessionHandle, ckpMechanism, ckpAttributes, ckAttributesLength, &ckKeyHandle);
535
536 if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK0L) {
537 jKeyHandle = ckULongToJLong(ckKeyHandle)((jlong) ckKeyHandle);
538
539 /* cheack, if we must give a initialization vector back to Java */
540 switch (ckpMechanism->mechanism) {
541 case CKM_PBE_MD2_DES_CBC0x000003A0UL:
542 case CKM_PBE_MD5_DES_CBC0x000003A1UL:
543 case CKM_PBE_MD5_CAST_CBC0x000003A2UL:
544 case CKM_PBE_MD5_CAST3_CBC0x000003A3UL:
545 case CKM_PBE_MD5_CAST128_CBC0x000003A4UL:
546 /* case CKM_PBE_MD5_CAST5_CBC: the same as CKM_PBE_MD5_CAST128_CBC */
547 case CKM_PBE_SHA1_CAST128_CBC0x000003A5UL:
548 /* case CKM_PBE_SHA1_CAST5_CBC: the same as CKM_PBE_SHA1_CAST128_CBC */
549 /* we must copy back the initialization vector to the jMechanism object */
550 copyBackPBEInitializationVector(env, ckpMechanism, jMechanism);
551 break;
552 }
553 }
554cleanup:
555 freeCKMechanismPtr(ckpMechanism);
556 freeCKAttributeArray(ckpAttributes, ckAttributesLength);
557
558 return jKeyHandle ;
559}
560#endif
561
562#ifdef P11_ENABLE_C_GENERATEKEYPAIR
563/*
564 * Class: sun_security_pkcs11_wrapper_PKCS11
565 * Method: C_GenerateKeyPair
566 * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;)[J
567 * Parametermapping: *PKCS11*
568 * @param jlong jSessionHandle CK_SESSION_HANDLE hSession
569 * @param jobject jMechanism CK_MECHANISM_PTR pMechanism
570 * @param jobjectArray jPublicKeyTemplate CK_ATTRIBUTE_PTR pPublicKeyTemplate
571 * CK_ULONG ulPublicKeyAttributeCount
572 * @param jobjectArray jPrivateKeyTemplate CK_ATTRIBUTE_PTR pPrivateKeyTemplate
573 * CK_ULONG ulPrivateKeyAttributeCount
574 * @return jlongArray jKeyHandles CK_OBJECT_HANDLE_PTR phPublicKey
575 * CK_OBJECT_HANDLE_PTR phPublicKey
576 */
577JNIEXPORT__attribute__((visibility("default"))) jlongArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GenerateKeyPair
578 (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism,
579 jobjectArray jPublicKeyTemplate, jobjectArray jPrivateKeyTemplate)
580{
581 CK_SESSION_HANDLE ckSessionHandle;
582 CK_MECHANISM_PTR ckpMechanism = NULL((void*)0);
583 CK_ATTRIBUTE_PTR ckpPublicKeyAttributes = NULL_PTR0;
584 CK_ATTRIBUTE_PTR ckpPrivateKeyAttributes = NULL_PTR0;
585 CK_ULONG ckPublicKeyAttributesLength = 0;
586 CK_ULONG ckPrivateKeyAttributesLength = 0;
587 CK_OBJECT_HANDLE_PTR ckpPublicKeyHandle; /* pointer to Public Key */
588 CK_OBJECT_HANDLE_PTR ckpPrivateKeyHandle; /* pointer to Private Key */
589 CK_OBJECT_HANDLE_PTR ckpKeyHandles = NULL((void*)0); /* pointer to array with Public and Private Key */
590 jlongArray jKeyHandles = NULL((void*)0);
591 CK_RV rv;
592 int attempts;
593 const int MAX_ATTEMPTS = 3;
594
595 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
596 if (ckpFunctions == NULL((void*)0)) { return NULL((void*)0); }
597
598 ckSessionHandle = jLongToCKULong(jSessionHandle)((CK_ULONG) jSessionHandle);
599 ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism);
600 if ((*env)->ExceptionCheck(env)) { return NULL((void*)0); }
601
602 ckpKeyHandles = (CK_OBJECT_HANDLE_PTR) calloc(2, sizeof(CK_OBJECT_HANDLE));
603 if (ckpKeyHandles == NULL((void*)0)) {
604 throwOutOfMemoryError(env, 0);
605 goto cleanup;
606 }
607 ckpPublicKeyHandle = ckpKeyHandles; /* first element of array is Public Key */
608 ckpPrivateKeyHandle = (ckpKeyHandles + 1); /* second element of array is Private Key */
609
610 jAttributeArrayToCKAttributeArray(env, jPublicKeyTemplate, &ckpPublicKeyAttributes, &ckPublicKeyAttributesLength);
611 if ((*env)->ExceptionCheck(env)) {
612 goto cleanup;
613 }
614
615 jAttributeArrayToCKAttributeArray(env, jPrivateKeyTemplate, &ckpPrivateKeyAttributes, &ckPrivateKeyAttributesLength);
616 if ((*env)->ExceptionCheck(env)) {
617 goto cleanup;
618 }
619
620 /*
621 * Workaround for NSS bug 1012786:
622 *
623 * Key generation may fail with CKR_FUNCTION_FAILED error
624 * if there is insufficient entropy to generate a random key.
625 *
626 * PKCS11 spec says the following about CKR_FUNCTION_FAILED error
627 * (see section 11.1.1):
628 *
629 * ... In any event, although the function call failed, the situation
630 * is not necessarily totally hopeless, as it is likely to be
631 * when CKR_GENERAL_ERROR is returned. Depending on what the root cause of
632 * the error actually was, it is possible that an attempt
633 * to make the exact same function call again would succeed.
634 *
635 * Call C_GenerateKeyPair() several times if CKR_FUNCTION_FAILED occurs.
636 */
637 for (attempts = 0; attempts < MAX_ATTEMPTS; attempts++) {
638 rv = (*ckpFunctions->C_GenerateKeyPair)(ckSessionHandle, ckpMechanism,
639 ckpPublicKeyAttributes, ckPublicKeyAttributesLength,
640 ckpPrivateKeyAttributes, ckPrivateKeyAttributesLength,
641 ckpPublicKeyHandle, ckpPrivateKeyHandle);
642 if (rv == CKR_FUNCTION_FAILED0x00000006UL) {
643 printDebug("C_1GenerateKeyPair(): C_GenerateKeyPair() failed \
644 with CKR_FUNCTION_FAILED error, try again\n");
645 } else {
646 break;
647 }
648 }
649
650 if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK0L) {
651 jKeyHandles = ckULongArrayToJLongArray(env, ckpKeyHandles, 2);
652 }
653
654cleanup:
655 freeCKMechanismPtr(ckpMechanism);
656 free(ckpKeyHandles);
657 freeCKAttributeArray(ckpPublicKeyAttributes, ckPublicKeyAttributesLength);
658 freeCKAttributeArray(ckpPrivateKeyAttributes, ckPrivateKeyAttributesLength);
659 return jKeyHandles ;
660}
661#endif
662
663#ifdef P11_ENABLE_C_WRAPKEY
664/*
665 * Class: sun_security_pkcs11_wrapper_PKCS11
666 * Method: C_WrapKey
667 * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;JJ)[B
668 * Parametermapping: *PKCS11*
669 * @param jlong jSessionHandle CK_SESSION_HANDLE hSession
670 * @param jobject jMechanism CK_MECHANISM_PTR pMechanism
671 * @param jlong jWrappingKeyHandle CK_OBJECT_HANDLE hWrappingKey
672 * @param jlong jKeyHandle CK_OBJECT_HANDLE hKey
673 * @return jbyteArray jWrappedKey CK_BYTE_PTR pWrappedKey
674 * CK_ULONG_PTR pulWrappedKeyLen
675 */
676JNIEXPORT__attribute__((visibility("default"))) jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1WrapKey
677 (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jWrappingKeyHandle, jlong jKeyHandle)
678{
679 CK_SESSION_HANDLE ckSessionHandle;
680 CK_MECHANISM_PTR ckpMechanism = NULL((void*)0);
681 CK_OBJECT_HANDLE ckWrappingKeyHandle;
682 CK_OBJECT_HANDLE ckKeyHandle;
683 jbyteArray jWrappedKey = NULL((void*)0);
684 CK_RV rv;
685 CK_BYTE BUF[MAX_STACK_BUFFER_LEN(4 * 1024)];
686 CK_BYTE_PTR ckpWrappedKey = BUF;
687 CK_ULONG ckWrappedKeyLength = MAX_STACK_BUFFER_LEN(4 * 1024);
688
689 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
690 if (ckpFunctions == NULL((void*)0)) { return NULL((void*)0); }
691
692 ckSessionHandle = jLongToCKULong(jSessionHandle)((CK_ULONG) jSessionHandle);
693 ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism);
694 if ((*env)->ExceptionCheck(env)) { return NULL((void*)0); }
695
696 ckWrappingKeyHandle = jLongToCKULong(jWrappingKeyHandle)((CK_ULONG) jWrappingKeyHandle);
697 ckKeyHandle = jLongToCKULong(jKeyHandle)((CK_ULONG) jKeyHandle);
698
699 rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, ckpMechanism, ckWrappingKeyHandle, ckKeyHandle, ckpWrappedKey, &ckWrappedKeyLength);
700 if (rv == CKR_BUFFER_TOO_SMALL0x00000150UL) {
701 ckpWrappedKey = (CK_BYTE_PTR)
702 calloc(ckWrappedKeyLength, sizeof(CK_BYTE));
703 if (ckpWrappedKey == NULL((void*)0)) {
704 throwOutOfMemoryError(env, 0);
705 goto cleanup;
706 }
707
708 rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, ckpMechanism, ckWrappingKeyHandle, ckKeyHandle, ckpWrappedKey, &ckWrappedKeyLength);
709 }
710 if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK0L) {
711 jWrappedKey = ckByteArrayToJByteArray(env, ckpWrappedKey, ckWrappedKeyLength);
712 }
713
714cleanup:
715 if (ckpWrappedKey != BUF) { free(ckpWrappedKey); }
716 freeCKMechanismPtr(ckpMechanism);
717
718 return jWrappedKey ;
719}
720#endif
721
722#ifdef P11_ENABLE_C_UNWRAPKEY
723/*
724 * Class: sun_security_pkcs11_wrapper_PKCS11
725 * Method: C_UnwrapKey
726 * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;J[B[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;)J
727 * Parametermapping: *PKCS11*
728 * @param jlong jSessionHandle CK_SESSION_HANDLE hSession
729 * @param jobject jMechanism CK_MECHANISM_PTR pMechanism
730 * @param jlong jUnwrappingKeyHandle CK_OBJECT_HANDLE hUnwrappingKey
731 * @param jbyteArray jWrappedKey CK_BYTE_PTR pWrappedKey
732 * CK_ULONG_PTR pulWrappedKeyLen
733 * @param jobjectArray jTemplate CK_ATTRIBUTE_PTR pTemplate
734 * CK_ULONG ulCount
735 * @return jlong jKeyHandle CK_OBJECT_HANDLE_PTR phKey
736 */
737JNIEXPORT__attribute__((visibility("default"))) jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1UnwrapKey
738 (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jUnwrappingKeyHandle,
739 jbyteArray jWrappedKey, jobjectArray jTemplate)
740{
741 CK_SESSION_HANDLE ckSessionHandle;
742 CK_MECHANISM_PTR ckpMechanism = NULL((void*)0);
743 CK_OBJECT_HANDLE ckUnwrappingKeyHandle;
744 CK_BYTE_PTR ckpWrappedKey = NULL_PTR0;
745 CK_ULONG ckWrappedKeyLength;
746 CK_ATTRIBUTE_PTR ckpAttributes = NULL_PTR0;
747 CK_ULONG ckAttributesLength = 0;
748 CK_OBJECT_HANDLE ckKeyHandle = 0;
749 jlong jKeyHandle = 0L;
750 CK_RV rv;
751
752 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
753 if (ckpFunctions == NULL((void*)0)) { return 0L; }
754
755 ckSessionHandle = jLongToCKULong(jSessionHandle)((CK_ULONG) jSessionHandle);
756 ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism);
757 if ((*env)->ExceptionCheck(env)) { return 0L; }
758
759 ckUnwrappingKeyHandle = jLongToCKULong(jUnwrappingKeyHandle)((CK_ULONG) jUnwrappingKeyHandle);
760 jByteArrayToCKByteArray(env, jWrappedKey, &ckpWrappedKey, &ckWrappedKeyLength);
761 if ((*env)->ExceptionCheck(env)) {
762 goto cleanup;
763 }
764
765 jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength);
766 if ((*env)->ExceptionCheck(env)) {
767 goto cleanup;
768 }
769
770
771 rv = (*ckpFunctions->C_UnwrapKey)(ckSessionHandle, ckpMechanism, ckUnwrappingKeyHandle,
772 ckpWrappedKey, ckWrappedKeyLength,
773 ckpAttributes, ckAttributesLength, &ckKeyHandle);
774
775 if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK0L) {
776 jKeyHandle = ckLongToJLong(ckKeyHandle)((jlong) ckKeyHandle);
777
778#if 0
779 /* cheack, if we must give a initialization vector back to Java */
780 if (ckpMechanism->mechanism == CKM_KEY_WRAP_SET_OAEP0x00000401UL) {
781 /* we must copy back the unwrapped key info to the jMechanism object */
782 copyBackSetUnwrappedKey(env, ckpMechanism, jMechanism);
783 }
784#endif
785 }
786cleanup:
787 freeCKMechanismPtr(ckpMechanism);
788 freeCKAttributeArray(ckpAttributes, ckAttributesLength);
789 free(ckpWrappedKey);
790
791 return jKeyHandle ;
792}
793#endif
794
795#ifdef P11_ENABLE_C_DERIVEKEY
796
797/*
798 * Copy back the PRF output to Java.
799 */
800void copyBackTLSPrfParams(JNIEnv *env, CK_MECHANISM_PTR ckpMechanism, jobject jMechanism)
801{
802 jclass jMechanismClass, jTLSPrfParamsClass;
803 CK_TLS_PRF_PARAMS *ckTLSPrfParams;
804 jobject jTLSPrfParams;
805 jfieldID fieldID;
806 CK_MECHANISM_TYPE ckMechanismType;
807 jlong jMechanismType;
808 CK_BYTE_PTR output;
809 jobject jOutput;
810 jint jLength;
811 jbyte* jBytes;
812 int i;
813
814 /* get mechanism */
815 jMechanismClass = (*env)->FindClass(env, CLASS_MECHANISM"sun/security/pkcs11/wrapper/CK_MECHANISM");
816 if (jMechanismClass == NULL((void*)0)) { return; }
817 fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J");
818 if (fieldID == NULL((void*)0)) { return; }
819 jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID);
820 ckMechanismType = jLongToCKULong(jMechanismType)((CK_ULONG) jMechanismType);
821 if (ckMechanismType != ckpMechanism->mechanism) {
822 /* we do not have maching types, this should not occur */
823 return;
824 }
825
826 /* get the native CK_TLS_PRF_PARAMS */
827 ckTLSPrfParams = (CK_TLS_PRF_PARAMS *) ckpMechanism->pParameter;
828 if (ckTLSPrfParams != NULL_PTR0) {
829 /* get the Java CK_TLS_PRF_PARAMS object (pParameter) */
830 fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;");
831 if (fieldID == NULL((void*)0)) { return; }
832 jTLSPrfParams = (*env)->GetObjectField(env, jMechanism, fieldID);
833
834 /* copy back the client IV */
835 jTLSPrfParamsClass = (*env)->FindClass(env, CLASS_TLS_PRF_PARAMS"sun/security/pkcs11/wrapper/CK_TLS_PRF_PARAMS");
836 if (jTLSPrfParamsClass == NULL((void*)0)) { return; }
837 fieldID = (*env)->GetFieldID(env, jTLSPrfParamsClass, "pOutput", "[B");
838 if (fieldID == NULL((void*)0)) { return; }
839 jOutput = (*env)->GetObjectField(env, jTLSPrfParams, fieldID);
840 output = ckTLSPrfParams->pOutput;
841
842 // Note: we assume that the token returned exactly as many bytes as we
843 // requested. Anything else would not make sense.
844 if (jOutput != NULL((void*)0)) {
845 jLength = (*env)->GetArrayLength(env, jOutput);
846 jBytes = (*env)->GetByteArrayElements(env, jOutput, NULL((void*)0));
847 if (jBytes == NULL((void*)0)) { return; }
848
849 /* copy the bytes to the Java buffer */
850 for (i=0; i < jLength; i++) {
851 jBytes[i] = ckByteToJByte(output[i])((jbyte) output[i]);
852 }
853 /* copy back the Java buffer to the object */
854 (*env)->ReleaseByteArrayElements(env, jOutput, jBytes, 0);
855 }
856 }
857}
858
859/*
860 * Class: sun_security_pkcs11_wrapper_PKCS11
861 * Method: C_DeriveKey
862 * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;J[Lsun/security/pkcs11/wrapper/CK_ATTRIBUTE;)J
863 * Parametermapping: *PKCS11*
864 * @param jlong jSessionHandle CK_SESSION_HANDLE hSession
865 * @param jobject jMechanism CK_MECHANISM_PTR pMechanism
866 * @param jlong jBaseKeyHandle CK_OBJECT_HANDLE hBaseKey
867 * @param jobjectArray jTemplate CK_ATTRIBUTE_PTR pTemplate
868 * CK_ULONG ulCount
869 * @return jlong jKeyHandle CK_OBJECT_HANDLE_PTR phKey
870 */
871JNIEXPORT__attribute__((visibility("default"))) jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DeriveKey
872 (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jBaseKeyHandle, jobjectArray jTemplate)
873{
874 CK_SESSION_HANDLE ckSessionHandle;
875 CK_MECHANISM_PTR ckpMechanism = NULL((void*)0);
876 CK_OBJECT_HANDLE ckBaseKeyHandle;
877 CK_ATTRIBUTE_PTR ckpAttributes = NULL_PTR0;
878 CK_ULONG ckAttributesLength = 0;
879 CK_OBJECT_HANDLE ckKeyHandle = 0;
880 jlong jKeyHandle = 0L;
881 CK_RV rv;
882 CK_OBJECT_HANDLE_PTR phKey = &ckKeyHandle;
883
884 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
885 if (ckpFunctions == NULL((void*)0)) { return 0L; }
886
887 ckSessionHandle = jLongToCKULong(jSessionHandle)((CK_ULONG) jSessionHandle);
888 ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism);
889 if ((*env)->ExceptionCheck(env)) { return 0L; }
890
891 ckBaseKeyHandle = jLongToCKULong(jBaseKeyHandle)((CK_ULONG) jBaseKeyHandle);
892 jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength);
893 if ((*env)->ExceptionCheck(env)) {
894 goto cleanup;
895 }
896
897 switch (ckpMechanism->mechanism) {
898 case CKM_SSL3_KEY_AND_MAC_DERIVE0x00000372UL:
899 case CKM_TLS_KEY_AND_MAC_DERIVE0x00000376UL:
900 case CKM_TLS12_KEY_AND_MAC_DERIVE0x000003E1UL:
901 case CKM_TLS_PRF0x00000378UL:
902 // these mechanism do not return a key handle via phKey
903 // set to NULL in case pedantic implementations check for it
904 phKey = NULL((void*)0);
905 break;
906 default:
907 // empty
908 break;
909 }
910
911 rv = (*ckpFunctions->C_DeriveKey)(ckSessionHandle, ckpMechanism, ckBaseKeyHandle,
912 ckpAttributes, ckAttributesLength, phKey);
913
914 jKeyHandle = ckLongToJLong(ckKeyHandle)((jlong) ckKeyHandle);
915
916 switch (ckpMechanism->mechanism) {
917 case CKM_SSL3_MASTER_KEY_DERIVE0x00000371UL:
918 case CKM_TLS_MASTER_KEY_DERIVE0x00000375UL:
919 /* we must copy back the client version */
920 ssl3CopyBackClientVersion(env, ckpMechanism, jMechanism);
921 break;
922 case CKM_TLS12_MASTER_KEY_DERIVE0x000003E0UL:
923 tls12CopyBackClientVersion(env, ckpMechanism, jMechanism);
924 break;
925 case CKM_SSL3_KEY_AND_MAC_DERIVE0x00000372UL:
926 case CKM_TLS_KEY_AND_MAC_DERIVE0x00000376UL:
927 /* we must copy back the unwrapped key info to the jMechanism object */
928 ssl3CopyBackKeyMatParams(env, ckpMechanism, jMechanism);
929 break;
930 case CKM_TLS12_KEY_AND_MAC_DERIVE0x000003E1UL:
931 /* we must copy back the unwrapped key info to the jMechanism object */
932 tls12CopyBackKeyMatParams(env, ckpMechanism, jMechanism);
933 break;
934 case CKM_TLS_PRF0x00000378UL:
935 copyBackTLSPrfParams(env, ckpMechanism, jMechanism);
936 break;
937 default:
938 // empty
939 break;
940 }
941 if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK0L) {
942 jKeyHandle =0L;
943 }
944
945cleanup:
946 freeCKMechanismPtr(ckpMechanism);
947 freeCKAttributeArray(ckpAttributes, ckAttributesLength);
948
949 return jKeyHandle ;
950}
951
952static void copyBackClientVersion(JNIEnv *env, CK_MECHANISM_PTR ckpMechanism, jobject jMechanism,
953 CK_VERSION *ckVersion, const char *class_master_key_derive_params)
954{
955 jclass jMasterKeyDeriveParamsClass, jMechanismClass, jVersionClass;
956 jobject jMasterKeyDeriveParams;
957 jfieldID fieldID;
958 CK_MECHANISM_TYPE ckMechanismType;
959 jlong jMechanismType;
960 jobject jVersion;
961
962 /* get mechanism */
963 jMechanismClass = (*env)->FindClass(env, CLASS_MECHANISM"sun/security/pkcs11/wrapper/CK_MECHANISM");
964 if (jMechanismClass == NULL((void*)0)) { return; }
965 fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J");
966 if (fieldID == NULL((void*)0)) { return; }
967 jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID);
968 ckMechanismType = jLongToCKULong(jMechanismType)((CK_ULONG) jMechanismType);
969 if (ckMechanismType != ckpMechanism->mechanism) {
970 /* we do not have maching types, this should not occur */
971 return;
972 }
973
974 if (ckVersion != NULL_PTR0) {
975 /* get the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS (pParameter) */
976 fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;");
977 if (fieldID == NULL((void*)0)) { return; }
978
979 jMasterKeyDeriveParams = (*env)->GetObjectField(env, jMechanism, fieldID);
980
981 /* get the Java CK_VERSION */
982 jMasterKeyDeriveParamsClass = (*env)->FindClass(env, class_master_key_derive_params);
983 if (jMasterKeyDeriveParamsClass == NULL((void*)0)) { return; }
984 fieldID = (*env)->GetFieldID(env, jMasterKeyDeriveParamsClass,
985 "pVersion", "L"CLASS_VERSION"sun/security/pkcs11/wrapper/CK_VERSION"";");
986 if (fieldID == NULL((void*)0)) { return; }
987 jVersion = (*env)->GetObjectField(env, jMasterKeyDeriveParams, fieldID);
988
989 /* now copy back the version from the native structure to the Java structure */
990
991 /* copy back the major version */
992 jVersionClass = (*env)->FindClass(env, CLASS_VERSION"sun/security/pkcs11/wrapper/CK_VERSION");
993 if (jVersionClass == NULL((void*)0)) { return; }
994 fieldID = (*env)->GetFieldID(env, jVersionClass, "major", "B");
995 if (fieldID == NULL((void*)0)) { return; }
996 (*env)->SetByteField(env, jVersion, fieldID, ckByteToJByte(ckVersion->major)((jbyte) ckVersion->major));
997
998 /* copy back the minor version */
999 fieldID = (*env)->GetFieldID(env, jVersionClass, "minor", "B");
1000 if (fieldID == NULL((void*)0)) { return; }
1001 (*env)->SetByteField(env, jVersion, fieldID, ckByteToJByte(ckVersion->minor)((jbyte) ckVersion->minor));
1002 }
1003}
1004
1005/*
1006 * Copy back the client version information from the native
1007 * structure to the Java object. This is only used for
1008 * CKM_SSL3_MASTER_KEY_DERIVE and CKM_TLS_MASTER_KEY_DERIVE
1009 * mechanisms when used for deriving a key.
1010 *
1011 */
1012void ssl3CopyBackClientVersion(JNIEnv *env, CK_MECHANISM_PTR ckpMechanism,
1013 jobject jMechanism)
1014{
1015 CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ckSSL3MasterKeyDeriveParams;
1016 ckSSL3MasterKeyDeriveParams =
1017 (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *)ckpMechanism->pParameter;
1018 if (ckSSL3MasterKeyDeriveParams != NULL_PTR0) {
1019 copyBackClientVersion(env, ckpMechanism, jMechanism,
1020 ckSSL3MasterKeyDeriveParams->pVersion,
1021 CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS"sun/security/pkcs11/wrapper/CK_SSL3_MASTER_KEY_DERIVE_PARAMS");
1022 }
1023}
1024
1025/*
1026 * Copy back the client version information from the native
1027 * structure to the Java object. This is only used for
1028 * CKM_TLS12_MASTER_KEY_DERIVE mechanism when used for deriving a key.
1029 *
1030 */
1031void tls12CopyBackClientVersion(JNIEnv *env, CK_MECHANISM_PTR ckpMechanism,
1032 jobject jMechanism)
1033{
1034 CK_TLS12_MASTER_KEY_DERIVE_PARAMS *ckTLS12MasterKeyDeriveParams;
1035 ckTLS12MasterKeyDeriveParams =
1036 (CK_TLS12_MASTER_KEY_DERIVE_PARAMS *)ckpMechanism->pParameter;
1037 if (ckTLS12MasterKeyDeriveParams != NULL_PTR0) {
1038 copyBackClientVersion(env, ckpMechanism, jMechanism,
1039 ckTLS12MasterKeyDeriveParams->pVersion,
1040 CLASS_TLS12_MASTER_KEY_DERIVE_PARAMS"sun/security/pkcs11/wrapper/CK_TLS12_MASTER_KEY_DERIVE_PARAMS");
1041 }
1042}
1043
1044static void copyBackKeyMatParams(JNIEnv *env, CK_MECHANISM_PTR ckpMechanism,
1045 jobject jMechanism, CK_SSL3_RANDOM_DATA *RandomInfo,
1046 CK_SSL3_KEY_MAT_OUT_PTR ckSSL3KeyMatOut, const char *class_key_mat_params)
1047{
1048 jclass jMechanismClass, jKeyMatParamsClass, jSSL3KeyMatOutClass;
1049 jfieldID fieldID;
1050 CK_MECHANISM_TYPE ckMechanismType;
1051 jlong jMechanismType;
1052 CK_BYTE_PTR iv;
1053 jobject jKeyMatParam;
1054 jobject jSSL3KeyMatOut;
1055 jobject jIV;
1056 jint jLength;
1057 jbyte* jBytes;
1058 int i;
1059
1060 /* get mechanism */
1061 jMechanismClass= (*env)->FindClass(env, CLASS_MECHANISM"sun/security/pkcs11/wrapper/CK_MECHANISM");
1062 if (jMechanismClass == NULL((void*)0)) { return; }
1063 fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J");
1064 if (fieldID == NULL((void*)0)) { return; }
1065 jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID);
1066 ckMechanismType = jLongToCKULong(jMechanismType)((CK_ULONG) jMechanismType);
1067 if (ckMechanismType != ckpMechanism->mechanism) {
1068 /* we do not have maching types, this should not occur */
1069 return;
1070 }
1071
1072 if (ckSSL3KeyMatOut != NULL_PTR0) {
1073 /* get the Java params object (pParameter) */
1074 fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter",
1075 "Ljava/lang/Object;");
1076 if (fieldID == NULL((void*)0)) { return; }
1077 jKeyMatParam = (*env)->GetObjectField(env, jMechanism, fieldID);
1078
1079 /* get the Java CK_SSL3_KEY_MAT_OUT */
1080 jKeyMatParamsClass = (*env)->FindClass(env, class_key_mat_params);
1081 if (jKeyMatParamsClass == NULL((void*)0)) { return; }
1082 fieldID = (*env)->GetFieldID(env, jKeyMatParamsClass,
1083 "pReturnedKeyMaterial", "L"CLASS_SSL3_KEY_MAT_OUT"sun/security/pkcs11/wrapper/CK_SSL3_KEY_MAT_OUT"";");
1084 if (fieldID == NULL((void*)0)) { return; }
1085 jSSL3KeyMatOut = (*env)->GetObjectField(env, jKeyMatParam, fieldID);
1086
1087 /* now copy back all the key handles and the initialization vectors */
1088 /* copy back client MAC secret handle */
1089 jSSL3KeyMatOutClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_OUT"sun/security/pkcs11/wrapper/CK_SSL3_KEY_MAT_OUT");
1090 if (jSSL3KeyMatOutClass == NULL((void*)0)) { return; }
1091 fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass,
1092 "hClientMacSecret", "J");
1093 if (fieldID == NULL((void*)0)) { return; }
1094 (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID,
1095 ckULongToJLong(ckSSL3KeyMatOut->hClientMacSecret)((jlong) ckSSL3KeyMatOut->hClientMacSecret));
1096
1097 /* copy back server MAC secret handle */
1098 fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass,
1099 "hServerMacSecret", "J");
1100 if (fieldID == NULL((void*)0)) { return; }
1101 (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID,
1102 ckULongToJLong(ckSSL3KeyMatOut->hServerMacSecret)((jlong) ckSSL3KeyMatOut->hServerMacSecret));
1103
1104 /* copy back client secret key handle */
1105 fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hClientKey", "J");
1106 if (fieldID == NULL((void*)0)) { return; }
1107 (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID,
1108 ckULongToJLong(ckSSL3KeyMatOut->hClientKey)((jlong) ckSSL3KeyMatOut->hClientKey));
1109
1110 /* copy back server secret key handle */
1111 fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hServerKey", "J");
1112 if (fieldID == NULL((void*)0)) { return; }
1113 (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID,
1114 ckULongToJLong(ckSSL3KeyMatOut->hServerKey)((jlong) ckSSL3KeyMatOut->hServerKey));
1115
1116 /* copy back the client IV */
1117 fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "pIVClient", "[B");
1118 if (fieldID == NULL((void*)0)) { return; }
1119 jIV = (*env)->GetObjectField(env, jSSL3KeyMatOut, fieldID);
1120 iv = ckSSL3KeyMatOut->pIVClient;
1121
1122 if (jIV != NULL((void*)0)) {
1123 jLength = (*env)->GetArrayLength(env, jIV);
1124 jBytes = (*env)->GetByteArrayElements(env, jIV, NULL((void*)0));
1125 if (jBytes == NULL((void*)0)) { return; }
1126 /* copy the bytes to the Java buffer */
1127 for (i=0; i < jLength; i++) {
1128 jBytes[i] = ckByteToJByte(iv[i])((jbyte) iv[i]);
1129 }
1130 /* copy back the Java buffer to the object */
1131 (*env)->ReleaseByteArrayElements(env, jIV, jBytes, 0);
1132 }
1133
1134 /* copy back the server IV */
1135 fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "pIVServer", "[B");
1136 if (fieldID == NULL((void*)0)) { return; }
1137 jIV = (*env)->GetObjectField(env, jSSL3KeyMatOut, fieldID);
1138 iv = ckSSL3KeyMatOut->pIVServer;
1139
1140 if (jIV != NULL((void*)0)) {
1141 jLength = (*env)->GetArrayLength(env, jIV);
1142 jBytes = (*env)->GetByteArrayElements(env, jIV, NULL((void*)0));
1143 if (jBytes == NULL((void*)0)) { return; }
1144 /* copy the bytes to the Java buffer */
1145 for (i=0; i < jLength; i++) {
1146 jBytes[i] = ckByteToJByte(iv[i])((jbyte) iv[i]);
1147 }
1148 /* copy back the Java buffer to the object */
1149 (*env)->ReleaseByteArrayElements(env, jIV, jBytes, 0);
1150 }
1151 }
1152}
1153
1154/*
1155 * Copy back the derived keys and initialization vectors from the native
1156 * structure to the Java object. This is only used for
1157 * CKM_SSL3_KEY_AND_MAC_DERIVE and CKM_TLS_KEY_AND_MAC_DERIVE mechanisms
1158 * when used for deriving a key.
1159 *
1160 */
1161void ssl3CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM_PTR ckpMechanism,
1162 jobject jMechanism)
1163{
1164 CK_SSL3_KEY_MAT_PARAMS *ckSSL3KeyMatParam;
1165 ckSSL3KeyMatParam = (CK_SSL3_KEY_MAT_PARAMS *)ckpMechanism->pParameter;
1166 if (ckSSL3KeyMatParam != NULL_PTR0) {
1167 copyBackKeyMatParams(env, ckpMechanism, jMechanism,
1168 &(ckSSL3KeyMatParam->RandomInfo),
1169 ckSSL3KeyMatParam->pReturnedKeyMaterial,
1170 CLASS_SSL3_KEY_MAT_PARAMS"sun/security/pkcs11/wrapper/CK_SSL3_KEY_MAT_PARAMS");
1171 }
1172}
1173
1174/*
1175 * Copy back the derived keys and initialization vectors from the native
1176 * structure to the Java object. This is only used for
1177 * CKM_TLS12_KEY_AND_MAC_DERIVE mechanism when used for deriving a key.
1178 *
1179 */
1180void tls12CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM_PTR ckpMechanism,
1181 jobject jMechanism)
1182{
1183 CK_TLS12_KEY_MAT_PARAMS *ckTLS12KeyMatParam;
1184 ckTLS12KeyMatParam = (CK_TLS12_KEY_MAT_PARAMS *)ckpMechanism->pParameter;
1185 if (ckTLS12KeyMatParam != NULL_PTR0) {
1186 copyBackKeyMatParams(env, ckpMechanism, jMechanism,
1187 &(ckTLS12KeyMatParam->RandomInfo),
1188 ckTLS12KeyMatParam->pReturnedKeyMaterial,
1189 CLASS_TLS12_KEY_MAT_PARAMS"sun/security/pkcs11/wrapper/CK_TLS12_KEY_MAT_PARAMS");
1190 }
1191}
1192
1193#endif