代码拉取完成,页面将自动刷新
Date: Wed, 19 Mar 2025 17:30:07 +0800
Subject: Add KAE SM2
---
make/modules/jdk.crypto.kaeprovider/Lib.gmk | 8 +-
src/java.base/share/classes/module-info.java | 1 +
.../sun/security/tools/keytool/Main.java | 15 +-
.../classes/sun/security/util/KeyUtil.java | 53 ++
.../classes/sun/security/util/KnownOIDs.java | 3 +
.../classes/sun/security/util/NamedCurve.java | 2 +-
.../openeuler/security/openssl/KAEConfig.java | 22 +-
.../security/openssl/KAECurveDB.java | 729 ++++++++++++++++++
.../openssl/KAEDHKeyPairGenerator.java | 1 +
.../security/openssl/KAEECDHKeyAgreement.java | 12 +-
.../security/openssl/KAEECKeyFactory.java | 308 ++++++++
.../openssl/KAEECKeyPairGenerator.java | 17 +-
.../security/openssl/KAEECParameters.java | 241 ++++++
.../security/openssl/KAEECPrivateKeyImpl.java | 214 +++++
.../security/openssl/KAEECPublicKeyImpl.java | 132 ++++
.../security/openssl/KAENamedCurve.java | 100 +++
.../security/openssl/KAEProvider.java | 29 +-
.../security/openssl/KAESM2Cipher.java | 386 ++++++++++
.../openssl/KAESM2KeyPairGenerator.java | 108 +++
.../security/openssl/KAESM2Signature.java | 373 +++++++++
.../openeuler/security/openssl/KAEUtils.java | 35 +
.../linux/conf/security/kaeprovider.conf | 11 +-
.../security/openssl/kae_cipher_sm2.c | 365 +++++++++
.../security/openssl/kae_exception.c | 1 -
.../security/openssl/kae_signature_sm2.c | 284 +++++++
.../security/openssl/kae_symmetric_cipher.c | 23 +-
.../org/openeuler/security/openssl/kae_util.c | 11 +-
.../org/openeuler/security/openssl/kae_util.h | 6 +-
.../openeuler/security/openssl/openssl_ad.h | 10 -
.../sun/security/tools/jarsigner/Main.java | 14 +-
.../KeyAgreement/KeyAgreementTest.java | 11 +-
.../Signature/SignatureGetInstance.java | 7 +-
.../crypto/KEM/GenLargeNumberOfKeys.java | 12 +-
test/jdk/javax/crypto/KEM/KemTest.java | 98 +--
.../openeuler/security/openssl/ECDHTest.java | 29 +-
.../security/openssl/KAEGcmIvLenTest.java | 53 ++
.../security/openssl/KAETestHelper.java | 3 +-
.../security/openssl/KAEUseEngineTest.java | 56 +-
.../security/openssl/KaeProviderTest.java | 34 +-
.../openeuler/security/openssl/SM2Test.java | 175 +++++
.../jca/PreferredProviderNegativeTest.java | 2 +-
test/jdk/sun/security/pkcs11/policy | 2 +-
.../security/provider/all/Deterministic.java | 4 +
.../util/InternalPrivateKey/Correctness.java | 18 +-
.../security/openssl/SM2CipherBenchmark.java | 117 +++
.../openssl/SM2SignatureBenchmark.java | 104 +++
46 files changed, 4061 insertions(+), 178 deletions(-)
create mode 100644 src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAECurveDB.java
create mode 100644 src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECKeyFactory.java
create mode 100644 src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECParameters.java
create mode 100644 src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECPrivateKeyImpl.java
create mode 100644 src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECPublicKeyImpl.java
create mode 100644 src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAENamedCurve.java
create mode 100644 src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAESM2Cipher.java
create mode 100644 src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAESM2KeyPairGenerator.java
create mode 100644 src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAESM2Signature.java
create mode 100644 src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_cipher_sm2.c
create mode 100644 src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_signature_sm2.c
delete mode 100644 src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/openssl_ad.h
create mode 100644 test/jdk/org/openeuler/security/openssl/KAEGcmIvLenTest.java
create mode 100644 test/jdk/org/openeuler/security/openssl/SM2Test.java
create mode 100644 test/micro/org/openeuler/bench/security/openssl/SM2CipherBenchmark.java
create mode 100644 test/micro/org/openeuler/bench/security/openssl/SM2SignatureBenchmark.java
diff --git a/make/modules/jdk.crypto.kaeprovider/Lib.gmk b/make/modules/jdk.crypto.kaeprovider/Lib.gmk
index 2b01e3ed4..70afa6c51 100644
--- a/make/modules/jdk.crypto.kaeprovider/Lib.gmk
+++ b/make/modules/jdk.crypto.kaeprovider/Lib.gmk
@@ -25,6 +25,11 @@
include LibCommon.gmk
+LIBMEMCPY_FILES += \
+ $(addprefix $(TOPDIR)/src/hotspot/share/runtime/, \
+ libc_wrappers.cpp \
+ )
+
################################################################################
ifeq ($(ENABLE_KAE), true)
@@ -32,11 +37,12 @@ ifeq ($(ENABLE_KAE), true)
$(eval $(call SetupJdkLibrary, BUILD_LIBJ2KAE, \
NAME := j2kae, \
OPTIMIZATION := LOW, \
+ EXTRA_FILES := $(LIBMEMCPY_FILES), \
CFLAGS := $(CFLAGS_JDKLIB), \
CXXFLAGS := $(CXXFLAGS_JDKLIB), \
LDFLAGS := $(LDFLAGS_JDKLIB) \
$(call SET_SHARED_LIBRARY_ORIGIN), \
- LIBS_unix := $(LIBDL) -lssl -lcrypto, \
+ LIBS_unix := $(LIBDL) -lpthread -lm -lssl -lcrypto, \
))
TARGETS += $(BUILD_LIBJ2KAE)
diff --git a/src/java.base/share/classes/module-info.java b/src/java.base/share/classes/module-info.java
index 8d7441a2e..c2a6b9caf 100644
--- a/src/java.base/share/classes/module-info.java
+++ b/src/java.base/share/classes/module-info.java
@@ -335,6 +335,7 @@ module java.base {
jdk.crypto.kaeprovider,
jdk.naming.dns;
exports sun.security.pkcs to
+ jdk.crypto.kaeprovider,
jdk.crypto.ec,
jdk.jartool;
exports sun.security.provider to
diff --git a/src/java.base/share/classes/sun/security/tools/keytool/Main.java b/src/java.base/share/classes/sun/security/tools/keytool/Main.java
index 268911c77..a1eaf6357 100644
--- a/src/java.base/share/classes/sun/security/tools/keytool/Main.java
+++ b/src/java.base/share/classes/sun/security/tools/keytool/Main.java
@@ -59,6 +59,7 @@ import java.security.cert.X509CRLSelector;
import javax.security.auth.x500.X500Principal;
import java.util.Base64;
+
import sun.security.pkcs12.PKCS12KeyStore;
import sun.security.provider.certpath.CertPathConstraintsParameters;
import sun.security.util.ConstraintsParameters;
@@ -2021,7 +2022,7 @@ public final class Main {
("Generating.keysize.bit.keyAlgName.key.pair.and.a.certificate.sigAlgName.issued.by.signerAlias.with.a.validity.of.validality.days.for"));
source = new Object[]{
groupName == null ? keysize : KeyUtil.getKeySize(privKey),
- KeyUtil.fullDisplayAlgName(privKey),
+ KeyUtil.fullDisplayAlgName(privKey, rb),
newCert.getSigAlgName(),
signerAlias,
validity,
@@ -2031,7 +2032,7 @@ public final class Main {
("Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for"));
source = new Object[]{
groupName == null ? keysize : KeyUtil.getKeySize(privKey),
- KeyUtil.fullDisplayAlgName(privKey),
+ KeyUtil.fullDisplayAlgName(privKey, rb),
newCert.getSigAlgName(),
validity,
x500Name};
@@ -3579,7 +3580,7 @@ public final class Main {
private String withWeakConstraint(Key key,
CertPathConstraintsParameters cpcp) {
int kLen = KeyUtil.getKeySize(key);
- String displayAlg = KeyUtil.fullDisplayAlgName(key);
+ String displayAlg = KeyUtil.fullDisplayAlgName(key, rb);
try {
DISABLED_CHECK.permits(key.getAlgorithm(), cpcp, true);
} catch (CertPathValidatorException e) {
@@ -4955,13 +4956,13 @@ public final class Main {
weakWarnings.add(String.format(
rb.getString("whose.key.weak"), label,
String.format(rb.getString("key.bit"),
- KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key))));
+ KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key, rb))));
}
} catch (CertPathValidatorException e) {
weakWarnings.add(String.format(
rb.getString("whose.key.disabled"), label,
String.format(rb.getString("key.bit"),
- KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key))));
+ KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key, rb))));
}
}
}
@@ -4982,12 +4983,12 @@ public final class Main {
weakWarnings.add(String.format(
rb.getString("whose.key.disabled"), label,
String.format(rb.getString("key.bit"),
- KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key))));
+ KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key, rb))));
} else if (!LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
weakWarnings.add(String.format(
rb.getString("whose.key.weak"), label,
String.format(rb.getString("key.bit"),
- KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key))));
+ KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key, rb))));
}
}
}
diff --git a/src/java.base/share/classes/sun/security/util/KeyUtil.java b/src/java.base/share/classes/sun/security/util/KeyUtil.java
index 8f81d0035..2a56442ca 100644
--- a/src/java.base/share/classes/sun/security/util/KeyUtil.java
+++ b/src/java.base/share/classes/sun/security/util/KeyUtil.java
@@ -25,6 +25,8 @@
package sun.security.util;
+import java.lang.reflect.Field;
+import java.lang.reflect.Array;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
@@ -32,6 +34,7 @@ import java.security.Key;
import java.security.SecureRandom;
import java.security.interfaces.*;
import java.security.spec.*;
+import java.text.MessageFormat;
import java.util.Arrays;
import javax.crypto.SecretKey;
import javax.crypto.interfaces.DHKey;
@@ -197,6 +200,56 @@ public final class KeyUtil {
return result;
}
+ /**
+ * Returns the algorithm name of the given key object. If an EC key is
+ * specified, returns the algorithm name and its named curve.
+ *
+ * @param key the key object, cannot be null
+ * @param rb the resource bundle
+ * @return the algorithm name of the given key object, or return in the
+ * form of "EC (named curve)" if the given key object is an EC key
+ */
+ public static final String fullDisplayAlgName(Key key, java.util.ResourceBundle rb) {
+ String result = key.getAlgorithm();
+ if (key instanceof ECKey) {
+ ECParameterSpec paramSpec = ((ECKey) key).getParams();
+ if (paramSpec instanceof NamedCurve nc) {
+ result += " (" + nc.getNameAndAliases()[0] + ")";
+ } else if (paramSpec.getClass().getSimpleName().equals("KAENamedCurve")) {
+ try {
+ Field na = paramSpec.getClass().getDeclaredField("nameAndAliases");
+ na.setAccessible(true);
+ result += " (" + (String)Array.get(na.get(paramSpec), 0) + ")";
+ } catch (NoSuchFieldException | IllegalAccessException e) {
+ MessageFormat form = new MessageFormat(rb.getString
+ ("can.not.get.field"));
+ Object[] source = {"KAENamedCurveException"};
+ System.out.println(form.format(source));
+ }
+ } else if (paramSpec instanceof ECParameterSpec && key.getClass().getSimpleName().equals(
+ "KAEECPrivateKeyImpl")) {
+ if (getKeySize(key) == -1) {
+ result += " (secp256r1)";
+ } else {
+ try {
+ AlgorithmParameters ap = AlgorithmParameters.getInstance("EC");
+ ap.init(new ECKeySizeParameterSpec(getKeySize(key)));
+ // The following line assumes the toString value is "name (oid)"
+ result += " (" + ap.toString().split(" ")[0] + ")";
+ } catch (Exception e) {
+ MessageFormat form = new MessageFormat(rb.getString
+ ("can.not.get.param"));
+ Object[] source = {"KAEECPrivateKeyImplException"};
+ System.out.println(form.format(source));
+ }
+ }
+ }
+ } else if (key instanceof EdECKey) {
+ result = ((EdECKey) key).getParams().getName();
+ }
+ return result;
+ }
+
/**
* Returns whether the key is valid or not.
* <P>
diff --git a/src/java.base/share/classes/sun/security/util/KnownOIDs.java b/src/java.base/share/classes/sun/security/util/KnownOIDs.java
index 8cd0a03a3..97f599c7b 100644
--- a/src/java.base/share/classes/sun/security/util/KnownOIDs.java
+++ b/src/java.base/share/classes/sun/security/util/KnownOIDs.java
@@ -328,6 +328,9 @@ public enum KnownOIDs {
brainpoolP384r1("1.3.36.3.3.2.8.1.1.11"),
brainpoolP512r1("1.3.36.3.3.2.8.1.1.13"),
+ // sm2
+ sm2p256v1("1.2.156.10197.1.301"),
+
// Certicom 1.3.132.*
sect163k1("1.3.132.0.1", "sect163k1", "NIST K-163"),
sect163r1("1.3.132.0.2"),
diff --git a/src/java.base/share/classes/sun/security/util/NamedCurve.java b/src/java.base/share/classes/sun/security/util/NamedCurve.java
index 68a92f51c..700172451 100644
--- a/src/java.base/share/classes/sun/security/util/NamedCurve.java
+++ b/src/java.base/share/classes/sun/security/util/NamedCurve.java
@@ -89,4 +89,4 @@ public final class NamedCurve extends ECParameterSpec {
sb.append(" (" + oid + ")");
return sb.toString();
}
-}
+}
\ No newline at end of file
diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEConfig.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEConfig.java
index a4eb57770..770162a9e 100644
--- a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEConfig.java
+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEConfig.java
@@ -51,7 +51,9 @@ public class KAEConfig {
"kae.hmac",
"kae.rsa",
"kae.dh",
- "kae.ec"
+ "kae.ec",
+ "kae.sm2.cipher",
+ "kae.sm2.signature"
};
// these property names indicate whether KAE hardware acceleration is enabled for each algorithm
@@ -62,7 +64,8 @@ public class KAEConfig {
"kae.hmac.useKaeEngine",
"kae.rsa.useKaeEngine",
"kae.dh.useKaeEngine",
- "kae.ec.useKaeEngine"
+ "kae.ec.useKaeEngine",
+ "kae.sm2.useKaeEngine"
};
// algorithm names
@@ -95,7 +98,8 @@ public class KAEConfig {
"hmac-sha512",
"rsa",
"dh",
- "ec"
+ "ec",
+ "sm2"
};
// algorithm name and algorithm index mapping
@@ -239,7 +243,8 @@ public class KAEConfig {
false, // hmac
true, // rsa
true, // dh
- false // ec
+ false, // ec
+ false // sm2
};
for (int i = 0; i < useKaeEnginePropertyNames.length; i++) {
String configValue = privilegedGetOverridable(useKaeEnginePropertyNames[i]);
@@ -248,8 +253,9 @@ public class KAEConfig {
}
}
- // EC algorithm currently does not support KAE hardware acceleration, temporarily use openssl soft calculation.
- categoryFlagsForEngine[useKaeEnginePropertyNames.length - 1] = false;
+ // EC and SM2 algorithm currently does not support KAE hardware acceleration, temporarily use openssl soft calculation.
+ categoryFlagsForEngine[6] = false;
+ categoryFlagsForEngine[7] = false;
for (int i = 0; i < useKaeEngineFlags.length; i++) {
Integer algorithmCategoryIndex = algorithmNameCategoryMap.get(algorithmNames[i]);
@@ -301,6 +307,7 @@ public class KAEConfig {
* 4 : rsa
* 5 : dh
* 6 : ec
+ * 7 : sm2
*/
private static void initAlgorithmNameCategoryMap() {
algorithmNameCategoryMap.put("md5", 0);
@@ -332,6 +339,7 @@ public class KAEConfig {
algorithmNameCategoryMap.put("rsa", 4);
algorithmNameCategoryMap.put("dh", 5);
algorithmNameCategoryMap.put("ec", 6);
+ algorithmNameCategoryMap.put("sm2", 7);
}
private static void initAlgorithmNameMap() {
@@ -341,7 +349,7 @@ public class KAEConfig {
private static String[] getDisabledAlgorithms() {
String disabledAlgorithms = privilegedGetOverridable("kae.engine.disabledAlgorithms",
- "sha256,sha384");
+ "sha256,sha384,sm2");
return disabledAlgorithms.replaceAll(" ", "").split("\\,");
}
diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAECurveDB.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAECurveDB.java
new file mode 100644
index 000000000..64af42280
--- /dev/null
+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAECurveDB.java
@@ -0,0 +1,729 @@
+/*
+ * Copyright (c) 2006, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2023, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package org.openeuler.security.openssl;
+
+import java.math.BigInteger;
+
+import java.security.spec.*;
+
+import java.util.*;
+
+import sun.security.util.KnownOIDs;
+import sun.security.util.ECUtil;
+
+/**
+ * Repository for well-known Elliptic Curve parameters. It is used by both
+ * the SunPKCS11 and SunJSSE code.
+ *
+ * @since 1.6
+ * @author Andreas Sterbenz
+ */
+public class KAECurveDB {
+ private static final int P = 1; // prime curve
+ private static final int B = 2; // binary curve
+ private static final int PD = 5; // prime curve, mark as default
+ private static final int BD = 6; // binary curve, mark as default
+
+ private static final Map<String,KAENamedCurve> oidMap =
+ new LinkedHashMap<String,KAENamedCurve>();
+ private static final Map<String,KAENamedCurve> nameMap =
+ new HashMap<String,KAENamedCurve>();
+ private static final Map<Integer,KAENamedCurve> lengthMap =
+ new HashMap<Integer,KAENamedCurve>();
+
+ private static Collection<? extends KAENamedCurve> specCollection;
+
+ // Return a NamedCurve for the specified OID/name or null if unknown.
+ public static KAENamedCurve lookup(String name) {
+ KAENamedCurve spec = oidMap.get(name);
+ if (spec != null) {
+ return spec;
+ }
+
+ return nameMap.get(name.toLowerCase(Locale.ENGLISH));
+ }
+
+ // Return EC parameters for the specified field size. If there are known
+ // NIST recommended parameters for the given length, they are returned.
+ // Otherwise, if there are multiple matches for the given size, an
+ // arbitrary one is returns.
+ // If no parameters are known, the method returns null.
+ // NOTE that this method returns both prime and binary curves.
+ static KAENamedCurve lookup(int length) {
+ return lengthMap.get(length);
+ }
+
+ // Convert the given ECParameterSpec object to a NamedCurve object.
+ // If params does not represent a known named curve, return null.
+ public static KAENamedCurve lookup(ECParameterSpec params) {
+ if ((params instanceof KAENamedCurve) || (params == null)) {
+ return (KAENamedCurve)params;
+ }
+
+ // This code allows SunJSSE to work with 3rd party crypto
+ // providers for ECC and not just SunPKCS11.
+ // This can go away once we decide how to expose curve names in the
+ // public API.
+ // Note that it assumes that the 3rd party provider encodes named
+ // curves using the short form, not explicitly. If it did that, then
+ // the SunJSSE TLS ECC extensions are wrong, which could lead to
+ // interoperability problems.
+ int fieldSize = params.getCurve().getField().getFieldSize();
+ for (KAENamedCurve namedCurve : specCollection) {
+ // ECParameterSpec does not define equals, so check all the
+ // components ourselves.
+ // Quick field size check first
+ if (namedCurve.getCurve().getField().getFieldSize() != fieldSize) {
+ continue;
+ }
+ if (ECUtil.equals(namedCurve, params)) {
+ // everything matches our named curve, return it
+ return namedCurve;
+ }
+ }
+ // no match found
+ return null;
+ }
+
+ private static BigInteger bi(String s) {
+ return new BigInteger(s, 16);
+ }
+
+ private static void add(KnownOIDs o, int type, String sfield,
+ String a, String b, String x, String y, String n, int h) {
+ BigInteger p = bi(sfield);
+ ECField field;
+ if ((type == P) || (type == PD)) {
+ field = new ECFieldFp(p);
+ } else if ((type == B) || (type == BD)) {
+ field = new ECFieldF2m(p.bitLength() - 1, p);
+ } else {
+ throw new RuntimeException("Invalid type: " + type);
+ }
+
+ EllipticCurve curve = new EllipticCurve(field, bi(a), bi(b));
+ ECPoint g = new ECPoint(bi(x), bi(y));
+
+ String oid = o.value();
+ KAENamedCurve params = new KAENamedCurve(o, curve, g, bi(n), h);
+ if (oidMap.put(oid, params) != null) {
+ throw new RuntimeException("Duplication oid: " + oid);
+ }
+
+ for (String cn : params.getNameAndAliases()) {
+ if (nameMap.put(cn.toLowerCase(Locale.ENGLISH),
+ params) != null) {
+ throw new RuntimeException("Duplication name: " + cn);
+ }
+ }
+
+ int len = field.getFieldSize();
+ if ((type == PD) || (type == BD) || (lengthMap.get(len) == null)) {
+ // add entry if none present for this field size or if
+ // the curve is marked as a default curve.
+ lengthMap.put(len, params);
+ }
+ }
+
+ static {
+ /* SEC2 prime curves */
+ add(KnownOIDs.secp112r1, P,
+ "DB7C2ABF62E35E668076BEAD208B",
+ "DB7C2ABF62E35E668076BEAD2088",
+ "659EF8BA043916EEDE8911702B22",
+ "09487239995A5EE76B55F9C2F098",
+ "A89CE5AF8724C0A23E0E0FF77500",
+ "DB7C2ABF62E35E7628DFAC6561C5",
+ 1);
+
+ add(KnownOIDs.secp112r2, P,
+ "DB7C2ABF62E35E668076BEAD208B",
+ "6127C24C05F38A0AAAF65C0EF02C",
+ "51DEF1815DB5ED74FCC34C85D709",
+ "4BA30AB5E892B4E1649DD0928643",
+ "adcd46f5882e3747def36e956e97",
+ "36DF0AAFD8B8D7597CA10520D04B",
+ 4);
+
+ add(KnownOIDs.secp128r1, P,
+ "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
+ "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
+ "E87579C11079F43DD824993C2CEE5ED3",
+ "161FF7528B899B2D0C28607CA52C5B86",
+ "CF5AC8395BAFEB13C02DA292DDED7A83",
+ "FFFFFFFE0000000075A30D1B9038A115",
+ 1);
+
+ add(KnownOIDs.secp128r2, P,
+ "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
+ "D6031998D1B3BBFEBF59CC9BBFF9AEE1",
+ "5EEEFCA380D02919DC2C6558BB6D8A5D",
+ "7B6AA5D85E572983E6FB32A7CDEBC140",
+ "27B6916A894D3AEE7106FE805FC34B44",
+ "3FFFFFFF7FFFFFFFBE0024720613B5A3",
+ 4);
+
+ add(KnownOIDs.secp160k1, P,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
+ "0000000000000000000000000000000000000000",
+ "0000000000000000000000000000000000000007",
+ "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
+ "938CF935318FDCED6BC28286531733C3F03C4FEE",
+ "0100000000000000000001B8FA16DFAB9ACA16B6B3",
+ 1);
+
+ add(KnownOIDs.secp160r1, P,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
+ "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
+ "4A96B5688EF573284664698968C38BB913CBFC82",
+ "23A628553168947D59DCC912042351377AC5FB32",
+ "0100000000000000000001F4C8F927AED3CA752257",
+ 1);
+
+ add(KnownOIDs.secp160r2, P,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
+ "B4E134D3FB59EB8BAB57274904664D5AF50388BA",
+ "52DCB034293A117E1F4FF11B30F7199D3144CE6D",
+ "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E",
+ "0100000000000000000000351EE786A818F3A1A16B",
+ 1);
+
+ add(KnownOIDs.secp192k1, P,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
+ "000000000000000000000000000000000000000000000000",
+ "000000000000000000000000000000000000000000000003",
+ "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
+ "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D",
+ "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",
+ 1);
+
+ add(KnownOIDs.secp192r1, PD,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+ "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
+ "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
+ "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
+ "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
+ 1);
+
+ add(KnownOIDs.secp224k1, P,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
+ "00000000000000000000000000000000000000000000000000000000",
+ "00000000000000000000000000000000000000000000000000000005",
+ "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
+ "7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5",
+ "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",
+ 1);
+
+ add(KnownOIDs.secp224r1, PD,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
+ "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
+ "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
+ "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
+ 1);
+
+ add(KnownOIDs.secp256k1, P,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
+ "0000000000000000000000000000000000000000000000000000000000000000",
+ "0000000000000000000000000000000000000000000000000000000000000007",
+ "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
+ "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
+ 1);
+
+ add(KnownOIDs.secp256r1, PD,
+ "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
+ "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
+ "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
+ "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
+ "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
+ "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
+ 1);
+
+ add(KnownOIDs.secp384r1, PD,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
+ "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
+ "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
+ "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
+ 1);
+
+ add(KnownOIDs.secp521r1, PD,
+ "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+ "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
+ "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
+ "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
+ "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
+ "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
+ 1);
+
+ /* ANSI X9.62 prime curves */
+ add(KnownOIDs.prime192v2, P,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+ "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
+ "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
+ "6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15",
+ "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",
+ 1);
+
+ add(KnownOIDs.prime192v3, P,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+ "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
+ "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
+ "38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0",
+ "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",
+ 1);
+
+ add(KnownOIDs.prime239v1, P,
+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
+ "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
+ "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
+ "7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE",
+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",
+ 1);
+
+ add(KnownOIDs.prime239v2, P,
+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
+ "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
+ "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
+ "5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA",
+ "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",
+ 1);
+
+ add(KnownOIDs.prime239v3, P,
+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
+ "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
+ "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
+ "1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3",
+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",
+ 1);
+
+ /* SEC2 binary curves */
+ add(KnownOIDs.sect113r1, B,
+ "020000000000000000000000000201",
+ "003088250CA6E7C7FE649CE85820F7",
+ "00E8BEE4D3E2260744188BE0E9C723",
+ "009D73616F35F4AB1407D73562C10F",
+ "00A52830277958EE84D1315ED31886",
+ "0100000000000000D9CCEC8A39E56F",
+ 2);
+
+ add(KnownOIDs.sect113r2, B,
+ "020000000000000000000000000201",
+ "00689918DBEC7E5A0DD6DFC0AA55C7",
+ "0095E9A9EC9B297BD4BF36E059184F",
+ "01A57A6A7B26CA5EF52FCDB8164797",
+ "00B3ADC94ED1FE674C06E695BABA1D",
+ "010000000000000108789B2496AF93",
+ 2);
+
+ add(KnownOIDs.sect131r1, B,
+ "080000000000000000000000000000010D",
+ "07A11B09A76B562144418FF3FF8C2570B8",
+ "0217C05610884B63B9C6C7291678F9D341",
+ "0081BAF91FDF9833C40F9C181343638399",
+ "078C6E7EA38C001F73C8134B1B4EF9E150",
+ "0400000000000000023123953A9464B54D",
+ 2);
+
+ add(KnownOIDs.sect131r2, B,
+ "080000000000000000000000000000010D",
+ "03E5A88919D7CAFCBF415F07C2176573B2",
+ "04B8266A46C55657AC734CE38F018F2192",
+ "0356DCD8F2F95031AD652D23951BB366A8",
+ "0648F06D867940A5366D9E265DE9EB240F",
+ "0400000000000000016954A233049BA98F",
+ 2);
+
+ add(KnownOIDs.sect163k1, B,
+ "0800000000000000000000000000000000000000C9",
+ "000000000000000000000000000000000000000001",
+ "000000000000000000000000000000000000000001",
+ "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
+ "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
+ "04000000000000000000020108A2E0CC0D99F8A5EF",
+ 2);
+
+ add(KnownOIDs.sect163r1, B,
+ "0800000000000000000000000000000000000000C9",
+ "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2",
+ "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9",
+ "0369979697AB43897789566789567F787A7876A654",
+ "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883",
+ "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B",
+ 2);
+
+ add(KnownOIDs.sect163r2, BD,
+ "0800000000000000000000000000000000000000C9",
+ "000000000000000000000000000000000000000001",
+ "020A601907B8C953CA1481EB10512F78744A3205FD",
+ "03F0EBA16286A2D57EA0991168D4994637E8343E36",
+ "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
+ "040000000000000000000292FE77E70C12A4234C33",
+ 2);
+
+ add(KnownOIDs.sect193r1, B,
+ "02000000000000000000000000000000000000000000008001",
+ "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01",
+ "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814",
+ "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1",
+ "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05",
+ "01000000000000000000000000C7F34A778F443ACC920EBA49",
+ 2);
+
+ add(KnownOIDs.sect193r2, B,
+ "02000000000000000000000000000000000000000000008001",
+ "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B",
+ "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE",
+ "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F",
+ "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C",
+ "010000000000000000000000015AAB561B005413CCD4EE99D5",
+ 2);
+
+ add(KnownOIDs.sect233k1, BD,
+ "020000000000000000000000000000000000000004000000000000000001",
+ "000000000000000000000000000000000000000000000000000000000000",
+ "000000000000000000000000000000000000000000000000000000000001",
+ "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
+ "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
+ "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
+ 4);
+
+ add(KnownOIDs.sect233r1, B,
+ "020000000000000000000000000000000000000004000000000000000001",
+ "000000000000000000000000000000000000000000000000000000000001",
+ "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
+ "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
+ "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
+ "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
+ 2);
+
+ add(KnownOIDs.sect239k1, B,
+ "800000000000000000004000000000000000000000000000000000000001",
+ "000000000000000000000000000000000000000000000000000000000000",
+ "000000000000000000000000000000000000000000000000000000000001",
+ "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC",
+ "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA",
+ "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5",
+ 4);
+
+ add(KnownOIDs.sect283k1, BD,
+ "0800000000000000000000000000000000000000000000000000000000000000000010A1",
+ "000000000000000000000000000000000000000000000000000000000000000000000000",
+ "000000000000000000000000000000000000000000000000000000000000000000000001",
+ "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
+ "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
+ "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
+ 4);
+
+ add(KnownOIDs.sect283r1, B,
+ "0800000000000000000000000000000000000000000000000000000000000000000010A1",
+ "000000000000000000000000000000000000000000000000000000000000000000000001",
+ "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
+ "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
+ "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
+ "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
+ 2);
+
+ add(KnownOIDs.sect409k1, BD,
+ "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+ "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
+ "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
+ "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
+ 4);
+
+ add(KnownOIDs.sect409r1, B,
+ "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+ "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
+ "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
+ "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
+ "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
+ 2);
+
+ add(KnownOIDs.sect571k1, BD,
+ "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
+ "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+ "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
+ "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
+ "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
+ 4);
+
+ add(KnownOIDs.sect571r1, B,
+ "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
+ "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+ "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
+ "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
+ "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
+ "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
+ 2);
+
+ /* ANSI X9.62 binary curves */
+ add(KnownOIDs.c2tnb191v1, B,
+ "800000000000000000000000000000000000000000000201",
+ "2866537B676752636A68F56554E12640276B649EF7526267",
+ "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC",
+ "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D",
+ "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB",
+ "40000000000000000000000004A20E90C39067C893BBB9A5",
+ 2);
+
+ add(KnownOIDs.c2tnb191v2, B,
+ "800000000000000000000000000000000000000000000201",
+ "401028774D7777C7B7666D1366EA432071274F89FF01E718",
+ "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01",
+ "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10",
+ "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A",
+ "20000000000000000000000050508CB89F652824E06B8173",
+ 4);
+
+ add(KnownOIDs.c2tnb191v3, B,
+ "800000000000000000000000000000000000000000000201",
+ "6C01074756099122221056911C77D77E77A777E7E7E77FCB",
+ "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8",
+ "375D4CE24FDE434489DE8746E71786015009E66E38A926DD",
+ "545A39176196575D985999366E6AD34CE0A77CD7127B06BE",
+ "155555555555555555555555610C0B196812BFB6288A3EA3",
+ 6);
+
+ add(KnownOIDs.c2tnb239v1, B,
+ "800000000000000000000000000000000000000000000000001000000001",
+ "32010857077C5431123A46B808906756F543423E8D27877578125778AC76",
+ "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16",
+ "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D",
+ "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305",
+ "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447",
+ 4);
+
+ add(KnownOIDs.c2tnb239v2, B,
+ "800000000000000000000000000000000000000000000000001000000001",
+ "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F",
+ "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B",
+ "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205",
+ "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833",
+ "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D",
+ 6);
+
+ add(KnownOIDs.c2tnb239v3, B,
+ "800000000000000000000000000000000000000000000000001000000001",
+ "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F",
+ "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40",
+ "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92",
+ "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461",
+ "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF",
+ 0xA);
+
+ add(KnownOIDs.c2tnb359v1, B,
+ "800000000000000000000000000000000000000000000000000000000000000000000000100000000000000001",
+ "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557",
+ "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988",
+ "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE98E8E707C07A2239B1B097",
+ "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E4AE2DE211305A407104BD",
+ "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B",
+ 0x4C);
+
+ add(KnownOIDs.c2tnb431r1, B,
+ "800000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000001",
+ "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F",
+ "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618",
+ "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C21E7C5EFE965361F6C2999C0C247B0DBD70CE6B7",
+ "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760",
+ "0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91",
+ 0x2760);
+
+ /* ANSI X9.62 binary curves from the 1998 standard but forbidden
+ * in the 2005 version of the standard.
+ * We don't register them but leave them here for the time being in
+ * case we need to support them after all.
+ */
+/*
+ add(KnownOIDs.c2pnb163v1, B,
+ "080000000000000000000000000000000000000107",
+ "072546B5435234A422E0789675F432C89435DE5242",
+ "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9",
+ "07AF69989546103D79329FCC3D74880F33BBE803CB",
+ "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F",
+ "0400000000000000000001E60FC8821CC74DAEAFC1",
+ 2);
+
+ add(KnownOIDs.c2pnb163v2, B,
+ "080000000000000000000000000000000000000107",
+ "0108B39E77C4B108BED981ED0E890E117C511CF072",
+ "0667ACEB38AF4E488C407433FFAE4F1C811638DF20",
+ "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5",
+ "079F684DDF6684C5CD258B3890021B2386DFD19FC5",
+ "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7",
+ 2);
+
+ add(KnownOIDs.c2pnb163v3, B,
+ "080000000000000000000000000000000000000107",
+ "07A526C63D3E25A256A007699F5447E32AE456B50E",
+ "03F7061798EB99E238FD6F1BF95B48FEEB4854252B",
+ "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB",
+ "05B935590C155E17EA48EB3FF3718B893DF59A05D0",
+ "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309",
+ 2);
+
+ add(KnownOIDs.c2pnb176w1, B,
+ "0100000000000000000000000000000000080000000007",
+ "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B",
+ "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2",
+ "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798",
+ "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C",
+ "00010092537397ECA4F6145799D62B0A19CE06FE26AD",
+ 0xFF6E);
+
+ add(KnownOIDs.c2pnb208w1, B,
+ "010000000000000000000000000000000800000000000000000007",
+ "0000000000000000000000000000000000000000000000000000",
+ "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E",
+ "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A",
+ "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3",
+ "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D",
+ 0xFE48);
+
+ add(KnownOIDs.c2pnb272w1, B,
+ "010000000000000000000000000000000000000000000000000000010000000000000B",
+ "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20",
+ "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7",
+ "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D",
+ "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23",
+ "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521",
+ 0xFF06);
+
+ add(KnownOIDs.c2pnb304w1, B,
+ "010000000000000000000000000000000000000000000000000000000000000000000000000807",
+ "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681",
+ "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE",
+ "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F740A2614",
+ "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1B92C03B",
+ "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D",
+ 0xFE2E);
+
+ add(KnownOIDs.c2pnb368w1, B,
+ "0100000000000000000000000000000000000000000000000000000000000000000000002000000000000000000007",
+ "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D",
+ "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A",
+ "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E789E927BE216F02E1FB136A5F",
+ "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855ADAA81E2A0750B80FDA2310",
+ "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967",
+ 0xFF70);
+*/
+
+ /*
+ * Brainpool curves (RFC 5639)
+ * (Twisted curves are not included)
+ */
+
+ add(KnownOIDs.brainpoolP160r1, P,
+ "E95E4A5F737059DC60DFC7AD95B3D8139515620F",
+ "340E7BE2A280EB74E2BE61BADA745D97E8F7C300",
+ "1E589A8595423412134FAA2DBDEC95C8D8675E58",
+ "BED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3",
+ "1667CB477A1A8EC338F94741669C976316DA6321",
+ "E95E4A5F737059DC60DF5991D45029409E60FC09",
+ 1);
+
+ add(KnownOIDs.brainpoolP192r1, P,
+ "C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297",
+ "6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF",
+ "469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9",
+ "C0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6",
+ "14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F",
+ "C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1",
+ 1);
+
+ add(KnownOIDs.brainpoolP224r1, P,
+ "D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF",
+ "68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43",
+ "2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B",
+ "0D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D",
+ "58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD",
+ "D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F",
+ 1);
+
+ add(KnownOIDs.brainpoolP256r1, P,
+ "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377",
+ "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9",
+ "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6",
+ "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262",
+ "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997",
+ "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7",
+ 1);
+
+ add(KnownOIDs.brainpoolP320r1, P,
+ "D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27",
+ "3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4",
+ "520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6",
+ "43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611",
+ "14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1",
+ "D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311",
+ 1);
+
+ add(KnownOIDs.brainpoolP384r1, P,
+ "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53",
+ "7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826",
+ "04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11",
+ "1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E",
+ "8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315",
+ "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565",
+ 1);
+
+ add(KnownOIDs.brainpoolP512r1, P,
+ "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3",
+ "7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA",
+ "3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723",
+ "81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822",
+ "7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892",
+ "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069",
+ 1);
+
+ /* SM2 prime curves */
+ add(KnownOIDs.sm2p256v1, P,
+ "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF",
+ "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC",
+ "28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93",
+ "32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7",
+ "BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0",
+ "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123",
+ 1);
+
+ specCollection = Collections.unmodifiableCollection(oidMap.values());
+ }
+}
\ No newline at end of file
diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEDHKeyPairGenerator.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEDHKeyPairGenerator.java
index 74134eef5..7426b6968 100644
--- a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEDHKeyPairGenerator.java
+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEDHKeyPairGenerator.java
@@ -57,6 +57,7 @@ public class KAEDHKeyPairGenerator
private int lSize;
private SecureRandom random;
+ @SuppressWarnings("this-escape")
public KAEDHKeyPairGenerator() {
super();
initialize(DEF_DH_KEY_SIZE, null);
diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECDHKeyAgreement.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECDHKeyAgreement.java
index 29dc09889..9f701c93e 100644
--- a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECDHKeyAgreement.java
+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECDHKeyAgreement.java
@@ -27,6 +27,7 @@
package org.openeuler.security.openssl;
import sun.security.ec.ECKeyFactory;
+import sun.security.util.NamedCurve;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
@@ -95,7 +96,16 @@ public class KAEECDHKeyAgreement extends KeyAgreementSpi {
// Bits to bytes.
expectedSecretLen = (keyLenBits + 7) >> 3;
- curveName = KAEUtils.getCurveBySize(keyLenBits);
+ // Using KAENamedCurve.name can be inaccurate. need ObjectId
+ if (params instanceof KAENamedCurve) {
+ curveName = KAEUtils.getCurveByAlias(((KAENamedCurve) params).getObjectId());
+ }else if (params instanceof NamedCurve) {
+ curveName = KAEUtils.getCurveByAlias(((NamedCurve) params).getObjectId());
+ }else {
+ KAENamedCurve curve = KAECurveDB.lookup(params);
+ curveName = KAEUtils.getCurveByAlias(curve.getObjectId());
+ }
+
if (curveName == null) {
throw new InvalidParameterException("unknown keyLenBits " + keyLenBits);
}
diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECKeyFactory.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECKeyFactory.java
new file mode 100644
index 000000000..d25e00085
--- /dev/null
+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECKeyFactory.java
@@ -0,0 +1,308 @@
+/*
+ * Copyright (c) 2006, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2023, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package org.openeuler.security.openssl;
+
+import java.util.Arrays;
+
+import java.security.*;
+import java.security.interfaces.*;
+import java.security.spec.*;
+
+/**
+ * KeyFactory for EC keys. Keys must be instances of PublicKey or PrivateKey
+ * and getAlgorithm() must return "EC". For such keys, it supports conversion
+ * between the following:
+ *
+ * For public keys:
+ * . PublicKey with an X.509 encoding
+ * . ECPublicKey
+ * . ECPublicKeySpec
+ * . X509EncodedKeySpec
+ *
+ * For private keys:
+ * . PrivateKey with a PKCS#8 encoding
+ * . ECPrivateKey
+ * . ECPrivateKeySpec
+ * . PKCS8EncodedKeySpec
+ *
+ * @since 1.6
+ * @author Andreas Sterbenz
+ */
+public final class KAEECKeyFactory extends KeyFactorySpi {
+
+ // Used by translateKey()
+ private static KeyFactory instance;
+
+ private static KeyFactory getInstance() {
+ if (instance == null) {
+ try {
+ instance = KeyFactory.getInstance("EC", "KAEProvider");
+ } catch (NoSuchProviderException e) {
+ throw new RuntimeException(e);
+ } catch (NoSuchAlgorithmException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ return instance;
+ }
+
+ public KAEECKeyFactory() {
+ // empty
+ }
+
+ /**
+ * Static method to convert Key into a useable instance of
+ * ECPublicKey or ECPrivateKey. Check the key and convert it
+ * to a Sun key if necessary. If the key is not an EC key
+ * or cannot be used, throw an InvalidKeyException.
+ *
+ * The difference between this method and engineTranslateKey() is that
+ * we do not convert keys of other providers that are already an
+ * instance of ECPublicKey or ECPrivateKey.
+ *
+ * To be used by future Java ECDSA and ECDH implementations.
+ */
+ public static ECKey toECKey(Key key) throws InvalidKeyException {
+ if (key instanceof ECKey) {
+ ECKey ecKey = (ECKey)key;
+ checkKey(ecKey);
+ return ecKey;
+ } else {
+ /*
+ * We don't call the engineTranslateKey method directly
+ * because KeyFactory.translateKey adds code to loop through
+ * all key factories.
+ */
+ return (ECKey)getInstance().translateKey(key);
+ }
+ }
+
+ /**
+ * Check that the given EC key is valid.
+ */
+ private static void checkKey(ECKey key) throws InvalidKeyException {
+ // check for subinterfaces, omit additional checks for our keys
+ if (key instanceof ECPublicKey) {
+ if (key instanceof KAEECPublicKeyImpl) {
+ return;
+ }
+ } else if (key instanceof ECPrivateKey) {
+ if (key instanceof KAEECPrivateKeyImpl) {
+ return;
+ }
+ } else {
+ throw new InvalidKeyException("Neither a public nor a private key");
+ }
+ // ECKey does not extend Key, so we need to do a cast
+ String keyAlg = ((Key)key).getAlgorithm();
+ if (!keyAlg.equals("EC") && !keyAlg.equals("SM2")) {
+ throw new InvalidKeyException("Not an EC key: " + keyAlg);
+ }
+ // XXX further sanity checks about whether this key uses supported
+ // fields, point formats, etc. would go here
+ }
+
+ /**
+ * Translate an EC key into a Sun EC key. If conversion is
+ * not possible, throw an InvalidKeyException.
+ * See also JCA doc.
+ */
+ protected Key engineTranslateKey(Key key) throws InvalidKeyException {
+ if (key == null) {
+ throw new InvalidKeyException("Key must not be null");
+ }
+ String keyAlg = key.getAlgorithm();
+ if (!keyAlg.equals("EC") && !keyAlg.equals("SM2")) {
+ throw new InvalidKeyException("Not an EC key: " + keyAlg);
+ }
+ if (key instanceof PublicKey) {
+ return implTranslatePublicKey((PublicKey)key);
+ } else if (key instanceof PrivateKey) {
+ return implTranslatePrivateKey((PrivateKey)key);
+ } else {
+ throw new InvalidKeyException("Neither a public nor a private key");
+ }
+ }
+
+ // see JCA doc
+ protected PublicKey engineGeneratePublic(KeySpec keySpec)
+ throws InvalidKeySpecException {
+ try {
+ return implGeneratePublic(keySpec);
+ } catch (InvalidKeySpecException e) {
+ throw e;
+ } catch (GeneralSecurityException e) {
+ throw new InvalidKeySpecException(e);
+ }
+ }
+
+ // see JCA doc
+ protected PrivateKey engineGeneratePrivate(KeySpec keySpec)
+ throws InvalidKeySpecException {
+ try {
+ return implGeneratePrivate(keySpec);
+ } catch (InvalidKeySpecException e) {
+ throw e;
+ } catch (GeneralSecurityException e) {
+ throw new InvalidKeySpecException(e);
+ }
+ }
+
+ // internal implementation of translateKey() for public keys. See JCA doc
+ private PublicKey implTranslatePublicKey(PublicKey key)
+ throws InvalidKeyException {
+ if (key instanceof ECPublicKey) {
+ if (key instanceof KAEECPublicKeyImpl) {
+ return key;
+ }
+ ECPublicKey ecKey = (ECPublicKey)key;
+ return new KAEECPublicKeyImpl(
+ ecKey.getW(),
+ ecKey.getParams()
+ );
+ } else if ("X.509".equals(key.getFormat())) {
+ byte[] encoded = key.getEncoded();
+ return new KAEECPublicKeyImpl(encoded);
+ } else {
+ throw new InvalidKeyException("Public keys must be instance "
+ + "of ECPublicKey or have X.509 encoding");
+ }
+ }
+
+ // internal implementation of translateKey() for private keys. See JCA doc
+ private PrivateKey implTranslatePrivateKey(PrivateKey key)
+ throws InvalidKeyException {
+ if (key instanceof ECPrivateKey) {
+ if (key instanceof KAEECPrivateKeyImpl) {
+ return key;
+ }
+ ECPrivateKey ecKey = (ECPrivateKey)key;
+ return new KAEECPrivateKeyImpl(
+ ecKey.getS(),
+ ecKey.getParams()
+ );
+ } else if ("PKCS#8".equals(key.getFormat())) {
+ byte[] encoded = key.getEncoded();
+ try {
+ return new KAEECPrivateKeyImpl(encoded);
+ } finally {
+ Arrays.fill(encoded, (byte)0);
+ }
+ } else {
+ throw new InvalidKeyException("Private keys must be instance "
+ + "of ECPrivateKey or have PKCS#8 encoding");
+ }
+ }
+
+ // internal implementation of generatePublic. See JCA doc
+ private PublicKey implGeneratePublic(KeySpec keySpec)
+ throws GeneralSecurityException {
+ if (keySpec instanceof X509EncodedKeySpec) {
+ X509EncodedKeySpec x509Spec = (X509EncodedKeySpec)keySpec;
+ return new KAEECPublicKeyImpl(x509Spec.getEncoded());
+ } else if (keySpec instanceof ECPublicKeySpec) {
+ ECPublicKeySpec ecSpec = (ECPublicKeySpec)keySpec;
+ return new KAEECPublicKeyImpl(
+ ecSpec.getW(),
+ ecSpec.getParams()
+ );
+ } else {
+ throw new InvalidKeySpecException("Only ECPublicKeySpec "
+ + "and X509EncodedKeySpec supported for EC public keys");
+ }
+ }
+
+ // internal implementation of generatePrivate. See JCA doc
+ private PrivateKey implGeneratePrivate(KeySpec keySpec)
+ throws GeneralSecurityException {
+ if (keySpec instanceof PKCS8EncodedKeySpec) {
+ PKCS8EncodedKeySpec pkcsSpec = (PKCS8EncodedKeySpec)keySpec;
+ byte[] encoded = pkcsSpec.getEncoded();
+ try {
+ return new KAEECPrivateKeyImpl(encoded);
+ } finally {
+ Arrays.fill(encoded, (byte) 0);
+ }
+ } else if (keySpec instanceof ECPrivateKeySpec) {
+ ECPrivateKeySpec ecSpec = (ECPrivateKeySpec)keySpec;
+ return new KAEECPrivateKeyImpl(ecSpec.getS(), ecSpec.getParams());
+ } else {
+ throw new InvalidKeySpecException("Only ECPrivateKeySpec "
+ + "and PKCS8EncodedKeySpec supported for EC private keys");
+ }
+ }
+
+ protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec)
+ throws InvalidKeySpecException {
+ try {
+ // convert key to one of our keys
+ // this also verifies that the key is a valid EC key and ensures
+ // that the encoding is X.509/PKCS#8 for public/private keys
+ key = engineTranslateKey(key);
+ } catch (InvalidKeyException e) {
+ throw new InvalidKeySpecException(e);
+ }
+ if (key instanceof ECPublicKey) {
+ ECPublicKey ecKey = (ECPublicKey)key;
+ if (keySpec.isAssignableFrom(ECPublicKeySpec.class)) {
+ return keySpec.cast(new ECPublicKeySpec(
+ ecKey.getW(),
+ ecKey.getParams()
+ ));
+ } else if (keySpec.isAssignableFrom(X509EncodedKeySpec.class)) {
+ return keySpec.cast(new X509EncodedKeySpec(key.getEncoded()));
+ } else {
+ throw new InvalidKeySpecException
+ ("KeySpec must be ECPublicKeySpec or "
+ + "X509EncodedKeySpec for EC public keys");
+ }
+ } else if (key instanceof ECPrivateKey) {
+ if (keySpec.isAssignableFrom(PKCS8EncodedKeySpec.class)) {
+ byte[] encoded = key.getEncoded();
+ try {
+ return keySpec.cast(new PKCS8EncodedKeySpec(encoded));
+ } finally {
+ Arrays.fill(encoded, (byte)0);
+ }
+ } else if (keySpec.isAssignableFrom(ECPrivateKeySpec.class)) {
+ ECPrivateKey ecKey = (ECPrivateKey)key;
+ return keySpec.cast(new ECPrivateKeySpec(
+ ecKey.getS(),
+ ecKey.getParams()
+ ));
+ } else {
+ throw new InvalidKeySpecException
+ ("KeySpec must be ECPrivateKeySpec or "
+ + "PKCS8EncodedKeySpec for EC private keys");
+ }
+ } else {
+ // should not occur, caught in engineTranslateKey()
+ throw new InvalidKeySpecException("Neither public nor private key");
+ }
+ }
+}
diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECKeyPairGenerator.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECKeyPairGenerator.java
index 73d8551b1..42da07282 100644
--- a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECKeyPairGenerator.java
+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECKeyPairGenerator.java
@@ -26,9 +26,6 @@
package org.openeuler.security.openssl;
-import sun.security.ec.ECPrivateKeyImpl;
-import sun.security.ec.ECPublicKeyImpl;
-
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
@@ -63,7 +60,7 @@ public class KAEECKeyPairGenerator extends KeyPairGeneratorSpi {
this.param = getParamsByCurve(curveName);
}
- private ECParameterSpec getParamsByCurve(String curveName) {
+ protected ECParameterSpec getParamsByCurve(String curveName) {
byte[][] params = nativeGenerateParam(curveName);
if (params == null) {
throw new InvalidParameterException("unknown curve " + curveName);
@@ -125,18 +122,18 @@ public class KAEECKeyPairGenerator extends KeyPairGeneratorSpi {
BigInteger s = new BigInteger(keys[2]);
ECPoint w = new ECPoint(wX, wY);
- ECPrivateKeyImpl privateKey = null;
- ECPublicKeyImpl publicKey = null;
+ KAEECPrivateKeyImpl privateKey;
+ KAEECPublicKeyImpl publicKey;
try {
- Class<?> pubKeyImpl = Class.forName("sun.security.ec.ECPublicKeyImpl");
+ Class<?> pubKeyImpl = Class.forName("org.openeuler.security.openssl.KAEECPublicKeyImpl");
Constructor<?> conPubKeyImpl = pubKeyImpl.getDeclaredConstructor(ECPoint.class, ECParameterSpec.class);
conPubKeyImpl.setAccessible(true);
- publicKey = (ECPublicKeyImpl) conPubKeyImpl.newInstance(w, param);
+ publicKey = (KAEECPublicKeyImpl) conPubKeyImpl.newInstance(w, param);
- Class<?> priKeyImpl = Class.forName("sun.security.ec.ECPrivateKeyImpl");
+ Class<?> priKeyImpl = Class.forName("org.openeuler.security.openssl.KAEECPrivateKeyImpl");
Constructor<?> conPriKeyImpl = priKeyImpl.getDeclaredConstructor(BigInteger.class, ECParameterSpec.class);
conPriKeyImpl.setAccessible(true);
- privateKey = (ECPrivateKeyImpl) conPriKeyImpl.newInstance(s, param);
+ privateKey = (KAEECPrivateKeyImpl) conPriKeyImpl.newInstance(s, param);
} catch (ClassNotFoundException | NoSuchMethodException | InstantiationException |
IllegalAccessException | InvocationTargetException e) {
throw new ProviderException(e);
diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECParameters.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECParameters.java
new file mode 100644
index 000000000..59a116eba
--- /dev/null
+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECParameters.java
@@ -0,0 +1,241 @@
+/*
+ * Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2023, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package org.openeuler.security.openssl;
+
+import sun.security.util.DerValue;
+import sun.security.util.ECKeySizeParameterSpec;
+import sun.security.util.ObjectIdentifier;
+
+import java.io.IOException;
+
+import java.security.*;
+import java.security.spec.*;
+
+/**
+ * This class implements encoding and decoding of Elliptic Curve parameters
+ * as specified in RFC 3279.
+ *
+ * However, only named curves are currently supported.
+ *
+ * ASN.1 from RFC 3279 follows. Note that X9.62 (2005) has added some additional
+ * options.
+ *
+ * <pre>
+ * EcpkParameters ::= CHOICE {
+ * ecParameters ECParameters,
+ * namedCurve OBJECT IDENTIFIER,
+ * implicitlyCA NULL }
+ *
+ * ECParameters ::= SEQUENCE {
+ * version ECPVer, -- version is always 1
+ * fieldID FieldID, -- identifies the finite field over
+ * -- which the curve is defined
+ * curve Curve, -- coefficients a and b of the
+ * -- elliptic curve
+ * base ECPoint, -- specifies the base point P
+ * -- on the elliptic curve
+ * order INTEGER, -- the order n of the base point
+ * cofactor INTEGER OPTIONAL -- The integer h = #E(Fq)/n
+ * }
+ *
+ * ECPVer ::= INTEGER {ecpVer1(1)}
+ *
+ * Curve ::= SEQUENCE {
+ * a FieldElement,
+ * b FieldElement,
+ * seed BIT STRING OPTIONAL }
+ *
+ * FieldElement ::= OCTET STRING
+ *
+ * ECPoint ::= OCTET STRING
+ * </pre>
+ *
+ * @since 1.6
+ * @author Andreas Sterbenz
+ */
+public final class KAEECParameters extends AlgorithmParametersSpi {
+
+ // used by ECPublicKeyImpl and ECPrivateKeyImpl
+ public static AlgorithmParameters getAlgorithmParameters(ECParameterSpec spec)
+ throws InvalidKeyException {
+ try {
+ AlgorithmParameters params =
+ AlgorithmParameters.getInstance("EC", "KAEProvider");
+ params.init(spec);
+ return params;
+ } catch (GeneralSecurityException e) {
+ throw new InvalidKeyException("EC parameters error", e);
+ }
+ }
+
+ /*
+ * The parameters these AlgorithmParameters object represents.
+ * Currently, it is always an instance of NamedCurve.
+ */
+ private KAENamedCurve namedCurve;
+
+ // A public constructor is required by AlgorithmParameters class.
+ public KAEECParameters() {
+ // empty
+ }
+
+ // AlgorithmParameterSpi methods
+
+ protected void engineInit(AlgorithmParameterSpec paramSpec)
+ throws InvalidParameterSpecException {
+
+ if (paramSpec == null) {
+ throw new InvalidParameterSpecException
+ ("paramSpec must not be null");
+ }
+
+ if (paramSpec instanceof KAENamedCurve) {
+ namedCurve = (KAENamedCurve)paramSpec;
+ return;
+ }
+
+ if (paramSpec instanceof ECParameterSpec) {
+ namedCurve = KAECurveDB.lookup((ECParameterSpec)paramSpec);
+ } else if (paramSpec instanceof ECGenParameterSpec) {
+ String name = ((ECGenParameterSpec)paramSpec).getName();
+ namedCurve = KAECurveDB.lookup(name);
+ } else if (paramSpec instanceof ECKeySizeParameterSpec) {
+ int keySize = ((ECKeySizeParameterSpec)paramSpec).getKeySize();
+ namedCurve = KAECurveDB.lookup(keySize);
+ } else {
+ throw new InvalidParameterSpecException
+ ("Only ECParameterSpec and ECGenParameterSpec supported");
+ }
+
+ if (namedCurve == null) {
+ throw new InvalidParameterSpecException(
+ "Not a supported curve: " + paramSpec);
+ }
+ }
+
+ protected void engineInit(byte[] params) throws IOException {
+ DerValue encodedParams = new DerValue(params);
+ if (encodedParams.tag == DerValue.tag_ObjectId) {
+ ObjectIdentifier oid = encodedParams.getOID();
+ KAENamedCurve spec = KAECurveDB.lookup(oid.toString());
+ if (spec == null) {
+ throw new IOException("Unknown named curve: " + oid);
+ }
+
+ namedCurve = spec;
+ return;
+ }
+
+ throw new IOException("Only named ECParameters supported");
+
+ // The code below is incomplete.
+ // It is left as a starting point for a complete parsing implementation.
+
+/*
+ if (encodedParams.tag != DerValue.tag_Sequence) {
+ throw new IOException("Unsupported EC parameters, tag: " +
+ encodedParams.tag);
+ }
+
+ encodedParams.data.reset();
+
+ DerInputStream in = encodedParams.data;
+
+ int version = in.getInteger();
+ if (version != 1) {
+ throw new IOException("Unsupported EC parameters version: " +
+ version);
+ }
+ ECField field = parseField(in);
+ EllipticCurve curve = parseCurve(in, field);
+ ECPoint point = parsePoint(in, curve);
+
+ BigInteger order = in.getBigInteger();
+ int cofactor = 0;
+
+ if (in.available() != 0) {
+ cofactor = in.getInteger();
+ }
+
+ // XXX HashAlgorithm optional
+
+ if (encodedParams.data.available() != 0) {
+ throw new IOException("encoded params have " +
+ encodedParams.data.available() +
+ " extra bytes");
+ }
+
+ return new ECParameterSpec(curve, point, order, cofactor);
+*/
+ }
+
+ protected void engineInit(byte[] params, String decodingMethod)
+ throws IOException {
+ engineInit(params);
+ }
+
+ protected <T extends AlgorithmParameterSpec> T
+ engineGetParameterSpec(Class<T> spec)
+ throws InvalidParameterSpecException {
+
+ if (spec.isAssignableFrom(ECParameterSpec.class)) {
+ return spec.cast(namedCurve);
+ }
+
+ if (spec.isAssignableFrom(ECGenParameterSpec.class)) {
+ // Ensure the name is the Object ID
+ String name = namedCurve.getObjectId();
+ return spec.cast(new ECGenParameterSpec(name));
+ }
+
+ if (spec.isAssignableFrom(ECKeySizeParameterSpec.class)) {
+ int keySize = namedCurve.getCurve().getField().getFieldSize();
+ return spec.cast(new ECKeySizeParameterSpec(keySize));
+ }
+
+ throw new InvalidParameterSpecException(
+ "Only ECParameterSpec and ECGenParameterSpec supported");
+ }
+
+ protected byte[] engineGetEncoded() throws IOException {
+ return namedCurve.getEncoded();
+ }
+
+ protected byte[] engineGetEncoded(String encodingMethod)
+ throws IOException {
+ return engineGetEncoded();
+ }
+
+ protected String engineToString() {
+ if (namedCurve == null) {
+ return "Not initialized";
+ }
+
+ return namedCurve.toString();
+ }
+}
+
diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECPrivateKeyImpl.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECPrivateKeyImpl.java
new file mode 100644
index 000000000..61a4f297c
--- /dev/null
+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECPrivateKeyImpl.java
@@ -0,0 +1,214 @@
+/*
+ * Copyright (c) 2006, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2023, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package org.openeuler.security.openssl;
+
+import java.util.Arrays;
+
+import java.io.IOException;
+import java.math.BigInteger;
+
+import java.security.*;
+import java.security.interfaces.*;
+import java.security.spec.*;
+
+import sun.security.util.ECUtil;
+import sun.security.util.ArrayUtil;
+import sun.security.util.DerInputStream;
+import sun.security.util.DerOutputStream;
+import sun.security.util.DerValue;
+import sun.security.x509.AlgorithmId;
+import sun.security.pkcs.PKCS8Key;
+
+/**
+ * Key implementation for EC private keys.
+ * <p>
+ * ASN.1 syntax for EC private keys from SEC 1 v1.5 (draft):
+ *
+ * <pre>
+ * EXPLICIT TAGS
+ *
+ * ECPrivateKey ::= SEQUENCE {
+ * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+ * privateKey OCTET STRING,
+ * parameters [0] ECDomainParameters {{ SECGCurveNames }} OPTIONAL,
+ * publicKey [1] BIT STRING OPTIONAL
+ * }
+ * </pre>
+ *
+ * We currently ignore the optional parameters and publicKey fields. We
+ * require that the parameters are encoded as part of the AlgorithmIdentifier,
+ * not in the private key structure.
+ *
+ * @since 1.6
+ * @author Andreas Sterbenz
+ */
+@SuppressWarnings("serial")
+public final class KAEECPrivateKeyImpl extends PKCS8Key implements ECPrivateKey {
+
+ private static final long serialVersionUID = 88695385615075129L;
+
+ private BigInteger s; // private value
+ private byte[] arrayS; // private value as a little-endian array
+ private ECParameterSpec params;
+
+ /**
+ * Construct a key from its encoding. Called by the ECKeyFactory.
+ */
+ public KAEECPrivateKeyImpl(byte[] encoded) throws InvalidKeyException {
+ super(encoded);
+ parseKeyBits();
+ }
+
+ /**
+ * Construct a key from its components. Used by the
+ * KeyFactory.
+ */
+ public KAEECPrivateKeyImpl(BigInteger s, ECParameterSpec params)
+ throws InvalidKeyException {
+ this.s = s;
+ this.params = params;
+ makeEncoding(s);
+
+ }
+
+ KAEECPrivateKeyImpl(byte[] s, ECParameterSpec params)
+ throws InvalidKeyException {
+ this.arrayS = s.clone();
+ this.params = params;
+ makeEncoding(s);
+ }
+
+ private void makeEncoding(byte[] s) throws InvalidKeyException {
+ algid = new AlgorithmId
+ (AlgorithmId.EC_oid, KAEECParameters.getAlgorithmParameters(params));
+ try {
+ DerOutputStream out = new DerOutputStream();
+ out.putInteger(1); // version 1
+ byte[] privBytes = s.clone();
+ ArrayUtil.reverse(privBytes);
+ out.putOctetString(privBytes);
+ Arrays.fill(privBytes, (byte)0);
+ DerValue val = DerValue.wrap(DerValue.tag_Sequence, out);
+ key = val.toByteArray();
+ val.clear();
+ } catch (Exception exc) {
+ // should never occur
+ throw new InvalidKeyException(exc);
+ }
+ }
+
+ private void makeEncoding(BigInteger s) throws InvalidKeyException {
+ algid = new AlgorithmId
+ (AlgorithmId.EC_oid, KAEECParameters.getAlgorithmParameters(params));
+ try {
+ byte[] sArr = s.toByteArray();
+ // convert to fixed-length array
+ int numOctets = (params.getOrder().bitLength() + 7) / 8;
+ byte[] sOctets = new byte[numOctets];
+ int inPos = Math.max(sArr.length - sOctets.length, 0);
+ int outPos = Math.max(sOctets.length - sArr.length, 0);
+ int length = Math.min(sArr.length, sOctets.length);
+ System.arraycopy(sArr, inPos, sOctets, outPos, length);
+ Arrays.fill(sArr, (byte)0);
+ DerOutputStream out = new DerOutputStream();
+ out.putInteger(1); // version 1
+ out.putOctetString(sOctets);
+ Arrays.fill(sOctets, (byte)0);
+ DerValue val = DerValue.wrap(DerValue.tag_Sequence, out);
+ key = val.toByteArray();
+ val.clear();
+ } catch (Exception exc) {
+ throw new AssertionError("Should not happen", exc);
+ }
+ }
+
+ // see JCA doc
+ public String getAlgorithm() {
+ return "EC";
+ }
+
+ // see JCA doc
+ public BigInteger getS() {
+ if (s == null) {
+ byte[] arrCopy = arrayS.clone();
+ ArrayUtil.reverse(arrCopy);
+ s = new BigInteger(1, arrCopy);
+ Arrays.fill(arrCopy, (byte)0);
+ }
+ return s;
+ }
+
+ public byte[] getArrayS() {
+ if (arrayS == null) {
+ arrayS = ECUtil.sArray(getS(), params);
+ }
+ return arrayS.clone();
+ }
+
+ // see JCA doc
+ public ECParameterSpec getParams() {
+ return params;
+ }
+
+ private void parseKeyBits() throws InvalidKeyException {
+ try {
+ DerInputStream in = new DerInputStream(key);
+ DerValue derValue = in.getDerValue();
+ if (derValue.tag != DerValue.tag_Sequence) {
+ throw new IOException("Not a SEQUENCE");
+ }
+ DerInputStream data = derValue.data;
+ int version = data.getInteger();
+ if (version != 1) {
+ throw new IOException("Version must be 1");
+ }
+ byte[] privData = data.getOctetString();
+ ArrayUtil.reverse(privData);
+ arrayS = privData;
+ while (data.available() != 0) {
+ DerValue value = data.getDerValue();
+ if (value.isContextSpecific((byte) 0)) {
+ // ignore for now
+ } else if (value.isContextSpecific((byte) 1)) {
+ // ignore for now
+ } else {
+ throw new InvalidKeyException("Unexpected value: " + value);
+ }
+ }
+ AlgorithmParameters algParams = this.algid.getParameters();
+ if (algParams == null) {
+ throw new InvalidKeyException("EC domain parameters must be "
+ + "encoded in the algorithm identifier");
+ }
+ params = algParams.getParameterSpec(ECParameterSpec.class);
+ } catch (IOException e) {
+ throw new InvalidKeyException("Invalid EC private key", e);
+ } catch (InvalidParameterSpecException e) {
+ throw new InvalidKeyException("Invalid EC private key", e);
+ }
+ }
+}
diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECPublicKeyImpl.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECPublicKeyImpl.java
new file mode 100644
index 000000000..baafcd5ab
--- /dev/null
+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECPublicKeyImpl.java
@@ -0,0 +1,132 @@
+/*
+ * Copyright (c) 2006, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2023, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package org.openeuler.security.openssl;
+
+import java.io.IOException;
+
+import java.security.*;
+import java.security.interfaces.*;
+import java.security.spec.*;
+
+import sun.security.util.ECUtil;
+
+import sun.security.x509.*;
+
+/**
+ * Key implementation for EC public keys.
+ *
+ * @since 1.6
+ * @author Andreas Sterbenz
+ */
+@SuppressWarnings("serial")
+public final class KAEECPublicKeyImpl extends X509Key implements ECPublicKey {
+
+ private static final long serialVersionUID = -2462037275160462289L;
+
+ private ECPoint w;
+ private ECParameterSpec params;
+
+ /**
+ * Construct a key from its components. Used by the
+ * ECKeyFactory.
+ */
+ @SuppressWarnings("deprecation")
+ public KAEECPublicKeyImpl(ECPoint w, ECParameterSpec params)
+ throws InvalidKeyException {
+ this.w = w;
+ this.params = params;
+ // generate the encoding
+ algid = new AlgorithmId
+ (AlgorithmId.EC_oid, KAEECParameters.getAlgorithmParameters(params));
+ key = ECUtil.encodePoint(w, params.getCurve());
+ }
+
+ /**
+ * Construct a key from its encoding.
+ */
+ public KAEECPublicKeyImpl(byte[] encoded) throws InvalidKeyException {
+ decode(encoded);
+ }
+
+ // see JCA doc
+ public String getAlgorithm() {
+ return "EC";
+ }
+
+ // see JCA doc
+ public ECPoint getW() {
+ return w;
+ }
+
+ // see JCA doc
+ public ECParameterSpec getParams() {
+ return params;
+ }
+
+ // Internal API to get the encoded point. Currently used by SunPKCS11.
+ // This may change/go away depending on what we do with the public API.
+ @SuppressWarnings("deprecation")
+ public byte[] getEncodedPublicValue() {
+ return key.clone();
+ }
+
+ /**
+ * Parse the key. Called by X509Key.
+ */
+ @SuppressWarnings("deprecation")
+ protected void parseKeyBits() throws InvalidKeyException {
+ AlgorithmParameters algParams = this.algid.getParameters();
+ if (algParams == null) {
+ throw new InvalidKeyException("EC domain parameters must be " +
+ "encoded in the algorithm identifier");
+ }
+
+ try {
+ params = algParams.getParameterSpec(ECParameterSpec.class);
+ w = ECUtil.decodePoint(key, params.getCurve());
+ } catch (IOException e) {
+ throw new InvalidKeyException("Invalid EC key", e);
+ } catch (InvalidParameterSpecException e) {
+ throw new InvalidKeyException("Invalid EC key", e);
+ }
+ }
+
+ // return a string representation of this key for debugging
+ public String toString() {
+ return "Sun EC public key, " + params.getCurve().getField().getFieldSize()
+ + " bits\n public x coord: " + w.getAffineX()
+ + "\n public y coord: " + w.getAffineY()
+ + "\n parameters: " + params;
+ }
+
+ private Object writeReplace() throws java.io.ObjectStreamException {
+ return new KeyRep(KeyRep.Type.PUBLIC,
+ getAlgorithm(),
+ getFormat(),
+ getEncoded());
+ }
+}
diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAENamedCurve.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAENamedCurve.java
new file mode 100644
index 000000000..6d6d0d6e5
--- /dev/null
+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAENamedCurve.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 2006, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2023, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package org.openeuler.security.openssl;
+
+import sun.security.util.DerOutputStream;
+import sun.security.util.ObjectIdentifier;
+import sun.security.util.KnownOIDs;
+
+import java.io.IOException;
+import java.math.BigInteger;
+
+import java.security.spec.*;
+
+/**
+ * Contains Elliptic Curve parameters.
+ *
+ * @since 1.6
+ * @author Andreas Sterbenz
+ */
+public final class KAENamedCurve extends ECParameterSpec {
+ // friendly names with stdName followed by aliases
+ private final String[] nameAndAliases;
+
+ // well known OID
+ private final String oid;
+
+ // encoded form (as NamedCurve identified via OID)
+ private final byte[] encoded;
+
+ KAENamedCurve(KnownOIDs ko, EllipticCurve curve,
+ ECPoint g, BigInteger n, int h) {
+ super(curve, g, n, h);
+ String[] aliases = ko.aliases();
+ this.nameAndAliases = new String[aliases.length + 1];
+ nameAndAliases[0] = ko.stdName();
+ System.arraycopy(aliases, 0, nameAndAliases, 1, aliases.length);
+
+ this.oid = ko.value();
+
+ DerOutputStream out = new DerOutputStream();
+ try {
+ out.putOID(ObjectIdentifier.of(ko));
+ } catch (Exception e) {
+ throw new RuntimeException("Internal error", e);
+ }
+ encoded = out.toByteArray();
+ }
+
+ // returns the curve's standard name followed by its aliases
+ public String[] getNameAndAliases() {
+ return nameAndAliases;
+ }
+
+ public byte[] getEncoded() {
+ return encoded.clone();
+ }
+
+ public String getObjectId() {
+ return oid;
+ }
+
+ public String toString() {
+ StringBuilder sb = new StringBuilder(nameAndAliases[0]);
+ if (nameAndAliases.length > 1) {
+ sb.append(" [");
+ int j = 1;
+ while (j < nameAndAliases.length - 1) {
+ sb.append(nameAndAliases[j++]);
+ sb.append(',');
+ }
+ sb.append(nameAndAliases[j] + "]");
+ }
+ sb.append(" (" + oid + ")");
+ return sb.toString();
+ }
+}
diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEProvider.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEProvider.java
index b3c1fb022..9574ce11a 100644
--- a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEProvider.java
+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEProvider.java
@@ -93,7 +93,7 @@ public class KAEProvider extends Provider {
return Boolean.parseBoolean(explicitLoad);
}
- @SuppressWarnings("deprecation")
+ @SuppressWarnings({"deprecation", "this-escape"})
public KAEProvider() {
super("KAEProvider", PROVIDER_VER, "KAE provider");
if (KAEConfig.useKaeProvider("kae.md5")) {
@@ -127,6 +127,12 @@ public class KAEProvider extends Provider {
if (KAEConfig.useKaeProvider("kae.ec")) {
putEC();
}
+ if (KAEConfig.useKaeProvider("kae.sm2.cipher")) {
+ putSM2Cipher();
+ }
+ if (KAEConfig.useKaeProvider("kae.sm2.signature")) {
+ putSM2Signature();
+ }
}
private void putAES() {
@@ -316,6 +322,25 @@ public class KAEProvider extends Provider {
put("KeyPairGenerator.EC", "org.openeuler.security.openssl.KAEECKeyPairGenerator");
put("Alg.Alias.KeyPairGenerator.EllipticCurve", "EC");
put("KeyAgreement.ECDH", "org.openeuler.security.openssl.KAEECDHKeyAgreement");
+
+ put("KeyFactory.EC", "org.openeuler.security.openssl.KAEECKeyFactory");
+ put("Alg.Alias.KeyFactory.EllipticCurve", "EC");
+
+ put("AlgorithmParameters.EC", "org.openeuler.security.openssl.KAEECParameters");
+ put("Alg.Alias.AlgorithmParameters.EllipticCurve", "EC");
+ put("Alg.Alias.AlgorithmParameters.1.2.840.10045.2.1", "EC");
+ }
+
+ private void putSM2Cipher() {
+ put("KeyPairGenerator.SM2", "org.openeuler.security.openssl.KAESM2KeyPairGenerator");
+ put("KeyFactory.SM2", "org.openeuler.security.openssl.KAEECKeyFactory");
+ put("AlgorithmParameters.SM2", "org.openeuler.security.openssl.KAEECParameters");
+ put("Alg.Alias.AlgorithmParameters.1.2.156.10197.1.301", "SM2");
+ put("Cipher.SM2","org.openeuler.security.openssl.KAESM2Cipher");
+ }
+
+ private void putSM2Signature() {
+ put("Signature.SM3withSM2", "org.openeuler.security.openssl.KAESM2Signature$SM3withSM2");
}
// init openssl
@@ -323,4 +348,4 @@ public class KAEProvider extends Provider {
throws RuntimeException;
static native boolean[] getEngineFlags();
-}
\ No newline at end of file
+}
diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAESM2Cipher.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAESM2Cipher.java
new file mode 100644
index 000000000..a49225fb7
--- /dev/null
+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAESM2Cipher.java
@@ -0,0 +1,386 @@
+/*
+ * Copyright (c) 2023, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Huawei designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Huawei in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please visit https://gitee.com/openeuler/bgmprovider if you need additional
+ * information or have any questions.
+ */
+
+package org.openeuler.security.openssl;
+
+import javax.crypto.*;
+import java.io.ByteArrayOutputStream;
+import java.lang.ref.PhantomReference;
+import java.lang.ref.ReferenceQueue;
+import java.security.*;
+import java.security.interfaces.*;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Arrays;
+import java.util.Locale;
+import java.util.Set;
+import java.util.concurrent.ConcurrentSkipListSet;
+
+import static org.openeuler.security.openssl.KAEUtils.asUnsignedByteArray;
+
+public class KAESM2Cipher extends CipherSpi {
+ // buffer for the data
+ private KAEByteArrayOutputStream byteBuf = new KAEByteArrayOutputStream();
+
+ private ECKey ecKey;
+ private int cipherMode = -1;
+
+ // sm2 key holder
+ private KAESM2KeyHolder sm2KeyHolder;
+
+ // see JCE spec
+ @Override
+ protected void engineSetMode(String mode) throws NoSuchAlgorithmException {
+ String modeName = mode.toUpperCase(Locale.ROOT);
+
+ if (!modeName.equals("NONE")) {
+ throw new IllegalArgumentException("can't support mode " + mode);
+ }
+ }
+
+ // see JCE spec
+ @Override
+ protected void engineSetPadding(String padding) throws NoSuchPaddingException {
+ String paddingName = padding.toUpperCase(Locale.ROOT);
+
+ if (!paddingName.equals("NOPADDING")) {
+ throw new NoSuchPaddingException("padding not available with KAESM2Cipher");
+ }
+ }
+
+ // see JCE spec
+ @Override
+ protected int engineGetBlockSize() {
+ return 0;
+ }
+
+ // see JCE spec
+ @Override
+ protected int engineGetOutputSize(int inputLen) {
+ throw new UnsupportedOperationException("engineGetOutputSize");
+ }
+
+ // see JCE spec
+ @Override
+ protected byte[] engineGetIV() {
+ return null;
+ }
+
+ // see JCE spec
+ @Override
+ protected AlgorithmParameters engineGetParameters() {
+ return null;
+ }
+
+ // see JCE spec
+ @Override
+ protected byte[] engineWrap(Key key)
+ throws IllegalBlockSizeException, InvalidKeyException {
+ if (key == null) {
+ throw new InvalidKeyException("Key cannot be null");
+ }
+ byte[] encoded = key.getEncoded();
+ if ((encoded == null) || (encoded.length == 0)) {
+ throw new InvalidKeyException("Cannot get an encoding of " +
+ "the key to be wrapped");
+ }
+ try {
+ return engineDoFinal(encoded, 0, encoded.length);
+ } catch (BadPaddingException e) {
+ throw new InvalidKeyException("Wrapping failed", e);
+ }
+ }
+
+ // see JCE spec
+ @Override
+ protected Key engineUnwrap(byte[] wrappedKey, String wrappedKeyAlgorithm, int wrappedKeyType)
+ throws InvalidKeyException, NoSuchAlgorithmException {
+ if (wrappedKey == null || wrappedKey.length == 0) {
+ throw new InvalidKeyException("The wrappedKey cannot be null or empty");
+ }
+ byte[] unWrappedKey;
+ try {
+ unWrappedKey = engineDoFinal(wrappedKey, 0, wrappedKey.length);
+ } catch (IllegalBlockSizeException | BadPaddingException e) {
+ throw new InvalidKeyException("Unwrapping failed", e);
+ }
+ return KAEUtils.ConstructKeys.constructKey(unWrappedKey, wrappedKeyAlgorithm, wrappedKeyType);
+ }
+
+ // see JCE spec
+ @Override
+ protected void engineInit(int opmode, Key key, SecureRandom random) throws InvalidKeyException {
+ try {
+ engineInit(opmode, key, (AlgorithmParameterSpec) null, random);
+ } catch (InvalidAlgorithmParameterException e) {
+ throw new IllegalArgumentException("cannot handle supplied parameter spec: " + e.getMessage());
+ }
+ }
+
+ // see JCE spec
+ @Override
+ protected void engineInit(int opmode, Key key, AlgorithmParameterSpec params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException {
+ if (opmode == Cipher.ENCRYPT_MODE || opmode == Cipher.WRAP_MODE) {
+ if (key instanceof KAEECPublicKeyImpl) {
+ this.ecKey = (KAEECPublicKeyImpl) key;
+ } else if (key instanceof ECPublicKey) {
+ this.ecKey = (ECPublicKey) key;
+ } else {
+ throw new InvalidKeyException("must use public EC key for encryption");
+ }
+ } else if (opmode == Cipher.DECRYPT_MODE || opmode == Cipher.UNWRAP_MODE) {
+ if (key instanceof KAEECPrivateKeyImpl) {
+ this.ecKey = (KAEECPrivateKeyImpl) key;
+ } else if (key instanceof ECPrivateKey) {
+ this.ecKey = (ECPrivateKey) key;
+ } else {
+ throw new InvalidKeyException("must use private EC key for decryption");
+ }
+ } else {
+ throw new InvalidParameterException("wrong cipher mode, must be ENCRYPT_MODE or WRAP_MODE or DECRYPT_MODE or UNWRAP_MODE");
+ }
+
+ try {
+ sm2KeyHolder = new KAESM2KeyHolder(this, ecKey);
+ } catch (InvalidKeyException e) {
+ throw new RuntimeException(e);
+ }
+ this.cipherMode = opmode;
+ this.byteBuf.reset();
+ }
+
+ // see JCE spec
+ @Override
+ protected void engineInit(int opmode, Key key, AlgorithmParameters params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException {
+ AlgorithmParameterSpec paramSpec = null;
+ if (params != null) {
+ throw new InvalidAlgorithmParameterException("cannot recognise parameters: " + params.getClass().getName());
+ }
+ engineInit(opmode, key, paramSpec, random);
+ }
+
+ // see JCE spec
+ @Override
+ protected byte[] engineUpdate(byte[] input, int inputOffset, int inputLen) {
+ byteBuf.write(input, inputOffset, inputLen);
+ return null;
+ }
+
+ // see JCE spec
+ @Override
+ protected int engineUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throws ShortBufferException {
+ engineUpdate(input, inputOffset, inputLen);
+ return 0;
+ }
+
+ // see JCE spec
+ @Override
+ protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen)
+ throws IllegalBlockSizeException, BadPaddingException {
+ if (inputLen != 0) {
+ byteBuf.write(input, inputOffset, inputLen);
+ }
+ if(byteBuf.size() == 0){
+ throw new IllegalBlockSizeException("input buffer too short");
+ }
+
+ if (sm2KeyHolder == null) {
+ try {
+ sm2KeyHolder = new KAESM2KeyHolder(this, ecKey);
+ } catch (InvalidKeyException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ long keyAddress = sm2KeyHolder.keyAddress;
+ byte[] out;
+ try {
+ if (cipherMode == Cipher.ENCRYPT_MODE || cipherMode == Cipher.WRAP_MODE) {
+ try {
+ out = nativeSM2Encrypt(keyAddress, byteBuf.toByteArray(), byteBuf.size());
+ } catch (RuntimeException e) {
+ throw new RuntimeException("KAESM2Cipher native encryption failed: " , e);
+ }
+ } else if (cipherMode == Cipher.DECRYPT_MODE || cipherMode == Cipher.UNWRAP_MODE) {
+ try {
+ out = nativeSM2Decrypt(keyAddress, byteBuf.toByteArray(), byteBuf.size());
+ } catch (RuntimeException e) {
+ throw new RuntimeException("KAESM2Cipher native decryption failed: " , e);
+ }
+ } else {
+ throw new IllegalStateException("cipher not initialised");
+ }
+ } finally {
+ byteBuf.reset();
+ resetKeyHolder();
+ }
+ return out;
+ }
+
+ // see JCE spec
+ @Override
+ protected int engineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
+ throws ShortBufferException, IllegalBlockSizeException, BadPaddingException {
+ byte[] buffer = engineDoFinal(input, inputOffset, inputLen);
+ System.arraycopy(buffer, 0, output, outputOffset, buffer.length);
+ return buffer.length;
+ }
+
+ /**
+ * The sm2 openssl key holder , use PhantomReference in case of native memory leaks
+ */
+ private static class KAESM2KeyHolder extends PhantomReference<KAESM2Cipher>
+ implements Comparable<KAESM2KeyHolder> {
+ private static ReferenceQueue<KAESM2Cipher> referenceQueue = new ReferenceQueue<>();
+ private static Set<KAESM2KeyHolder> referenceList = new ConcurrentSkipListSet<>();
+ private final long keyAddress;
+
+ private static boolean disableKaeDispose = Boolean.getBoolean("kae.disableKaeDispose");
+
+ KAESM2KeyHolder(KAESM2Cipher sm2Cipher, ECKey sm2Key) throws InvalidKeyException {
+ super(sm2Cipher, referenceQueue);
+ this.keyAddress = getKeyAddress(sm2Key);
+ if (!disableKaeDispose) {
+ referenceList.add(this);
+ drainRefQueueBounded();
+ }
+ }
+
+ private static void drainRefQueueBounded() {
+ while (true) {
+ KAESM2KeyHolder next = (KAESM2KeyHolder) referenceQueue.poll();
+ if (next == null) {
+ break;
+ }
+ next.dispose(true);
+ }
+ }
+
+ void dispose(boolean needFree) {
+ if (!disableKaeDispose) {
+ referenceList.remove(this);
+ try {
+ if (needFree) {
+ nativeFreeKey(keyAddress);
+ }
+ } finally {
+ this.clear();
+ }
+ } else {
+ nativeFreeKey(keyAddress);
+ }
+ }
+
+ @Override
+ public int compareTo(KAESM2KeyHolder other) {
+ if (this.keyAddress == other.keyAddress) {
+ return 0;
+ } else {
+ return (this.keyAddress < other.keyAddress) ? -1 : 1;
+ }
+ }
+
+ private long getKeyAddress(ECKey sm2Key) throws InvalidKeyException {
+ long address;
+ if (sm2Key instanceof ECPrivateKey) { // ECPrivateKeyImpl
+ address = getKeyAddress((ECPrivateKey) sm2Key);
+ } else if (sm2Key instanceof ECPublicKey) { // ECPublicKeyImpl
+ address = getKeyAddress((ECPublicKey) sm2Key);
+ } else {
+ throw new InvalidKeyException("Invalid SM2Key implement " + sm2Key.getClass());
+ }
+ return address;
+ }
+
+ private long getKeyAddress(ECPrivateKey key) throws InvalidKeyException {
+ checkKey(key);
+ long address;
+ int curveLen = (key.getParams().getCurve().getField().getFieldSize() + 7) / 8;
+ try {
+ address = nativeCreateSM2PrivateKey(asUnsignedByteArray(curveLen, key.getS()), false);
+ return address;
+ } catch (RuntimeException e) {
+ throw new InvalidKeyException(e);
+ }
+ }
+
+ private long getKeyAddress(ECPublicKey key) throws InvalidKeyException {
+ checkKey(key);
+ long address;
+ int curveLen = (key.getParams().getCurve().getField().getFieldSize() + 7) / 8;
+ try {
+ address = nativeCreateSM2PublicKey(
+ asUnsignedByteArray(curveLen, key.getW().getAffineX()),
+ asUnsignedByteArray(curveLen, key.getW().getAffineY())
+ );
+ return address;
+ } catch (RuntimeException e) {
+ throw new InvalidKeyException(e);
+ }
+ }
+
+ private void checkKey(ECPrivateKey key) throws InvalidKeyException {
+ if (key.getS() == null) {
+ throw new InvalidKeyException("Invalid SM2 private key");
+ }
+ }
+
+ private void checkKey(ECPublicKey key) throws InvalidKeyException {
+ if (key.getW() == null || key.getW().getAffineX() == null || key.getW().getAffineY() == null) {
+ throw new InvalidKeyException("Invalid SM2 public key");
+ }
+ }
+ }
+
+ // reset the key holder
+ private void resetKeyHolder() {
+ if (sm2KeyHolder != null) {
+ sm2KeyHolder.dispose(true);
+ sm2KeyHolder = null;
+ }
+ }
+
+ // create KAE sm2 private key
+ protected static native long nativeCreateSM2PublicKey(byte[] x, byte[] y);
+
+ // create KAE sm2 public key
+ protected static native long nativeCreateSM2PrivateKey(byte[] key, boolean sign);
+
+ // free the key
+ protected static native void nativeFreeKey(long keyAddress);
+
+ // Encrypt message using sm2 algorithm
+ protected static native byte[] nativeSM2Encrypt(long keyAddress, byte[] input, int inputLen);
+
+ // Decrypt message using sm2 algorithm
+ protected static native byte[] nativeSM2Decrypt(long keyAddress, byte[] input, int inputLen);
+
+ private static class KAEByteArrayOutputStream extends ByteArrayOutputStream {
+ @Override
+ public synchronized void reset() {
+ // Clear data.
+ Arrays.fill(buf, (byte) 0);
+ super.reset();
+ }
+ }
+}
diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAESM2KeyPairGenerator.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAESM2KeyPairGenerator.java
new file mode 100644
index 000000000..da66c2c53
--- /dev/null
+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAESM2KeyPairGenerator.java
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 2024, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package org.openeuler.security.openssl;
+
+import java.math.BigInteger;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.InvalidParameterException;
+import java.security.KeyPair;
+import java.security.ProviderException;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.ECFieldFp;
+import java.security.spec.ECGenParameterSpec;
+import java.security.spec.ECParameterSpec;
+import java.security.spec.ECPoint;
+import java.security.spec.EllipticCurve;
+
+public class KAESM2KeyPairGenerator extends KAEECKeyPairGenerator {
+ private static final String SUPPORTED_CURVE_NAME = "sm2p256v1";
+ private static final int SUPPORTED_KEY_SIZE = 256;
+ private ECParameterSpec param = null;
+
+ @Override
+ public void initialize(int keysize, SecureRandom random) {
+ if (keysize != SUPPORTED_KEY_SIZE) {
+ throw new InvalidParameterException("unknown key size " + keysize);
+ }
+ String curveName = KAEUtils.getCurveByAlias(SUPPORTED_CURVE_NAME);
+ param = getParamsByCurve(curveName);
+ }
+
+ @Override
+ public void initialize(AlgorithmParameterSpec param, SecureRandom random)
+ throws InvalidAlgorithmParameterException {
+ if (param instanceof ECParameterSpec) {
+ this.param = (ECParameterSpec) param;
+ } else if (param instanceof ECGenParameterSpec) {
+ ECGenParameterSpec ecParam = (ECGenParameterSpec)param;
+ if (!SUPPORTED_CURVE_NAME.equals(ecParam.getName())) {
+ throw new InvalidAlgorithmParameterException("Only support sm2p256v1");
+ }
+ String curveName = KAEUtils.getCurveByAlias(SUPPORTED_CURVE_NAME);
+ this.param = getParamsByCurve(curveName);
+ } else {
+ throw new InvalidAlgorithmParameterException("ECParameterSpec or ECGenParameterSpec for EC");
+ }
+ }
+
+ @Override
+ public KeyPair generateKeyPair() {
+ if (param == null) {
+ String curveName = KAEUtils.getCurveByAlias(SUPPORTED_CURVE_NAME);
+ param = getParamsByCurve(curveName);
+ }
+ EllipticCurve curve = param.getCurve();
+ ECFieldFp field = (ECFieldFp) curve.getField();
+ BigInteger p = field.getP();
+ BigInteger a = curve.getA();
+ BigInteger b = curve.getB();
+ ECPoint generator = param.getGenerator();
+ BigInteger x = generator.getAffineX();
+ BigInteger y = generator.getAffineY();
+ BigInteger order = param.getOrder();
+ int cofactor = param.getCofactor();
+
+ byte[][] keys = nativeGenerateKeyPair(p.toByteArray(), a.toByteArray(),
+ b.toByteArray(), x.toByteArray(), y.toByteArray(), order.toByteArray(), cofactor);
+ if (keys == null) {
+ throw new RuntimeException("nativeGenerateKeyPair failed");
+ }
+ BigInteger wX = new BigInteger(keys[0]);
+ BigInteger wY = new BigInteger(keys[1]);
+ BigInteger s = new BigInteger(keys[2]);
+ ECPoint w = new ECPoint(wX, wY);
+
+ KAEECPrivateKeyImpl privateKey;
+ KAEECPublicKeyImpl publicKey;
+ try {
+ publicKey = new KAEECPublicKeyImpl(w, param);
+ privateKey = new KAEECPrivateKeyImpl(s, param);
+ } catch (InvalidKeyException e) {
+ throw new ProviderException(e);
+ }
+ return new KeyPair(publicKey, privateKey);
+ }
+}
diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAESM2Signature.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAESM2Signature.java
new file mode 100644
index 000000000..d250456e3
--- /dev/null
+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAESM2Signature.java
@@ -0,0 +1,373 @@
+/*
+ * Copyright (c) 2024, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package org.openeuler.security.openssl;
+
+import java.lang.ref.PhantomReference;
+import java.lang.ref.ReferenceQueue;
+import java.lang.reflect.Field;
+import java.nio.charset.StandardCharsets;
+import java.security.*;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Set;
+import java.util.concurrent.ConcurrentSkipListSet;
+
+import static org.openeuler.security.openssl.KAEUtils.asUnsignedByteArray;
+
+/**
+ * We only support support SM2 signatures with SM3 as the digest algorithm.
+ */
+public abstract class KAESM2Signature extends SignatureSpi {
+ /**
+ * The current mode, signature or signature verification.
+ */
+ enum Mode {
+ SIGNATURE,
+ VERIFY
+ }
+
+ /**
+ * Message digest algorithm name used for signing. Currently, only SM3 is supported.
+ */
+ enum DigestName {
+ SM3("SM3");
+
+ private final String digestName;
+
+ DigestName(String digestName) {
+ this.digestName = digestName;
+ }
+
+ public String getDigestValue() {
+ return digestName;
+ }
+ }
+
+ // message digest algorithm name we use
+ private final DigestName digestName;
+
+ // private key, if initialized for signing
+ private ECPrivateKey privateKey;
+
+ // public key, if initialized for verifying
+ private ECPublicKey publicKey;
+
+ // openssl context, save initialization information and updated messages.
+ private SM2SignCtxHolder ctxHolder;
+
+ // openssl context copy, reset after signature or verification
+ private SM2SignCtxHolder ctxHolderCopy;
+
+ // the current mode
+ private Mode mode;
+
+ // initialized or not
+ private boolean initialized = false;
+
+ // default value
+ private String id = "1234567812345678";
+
+ public KAESM2Signature() throws NoSuchAlgorithmException{
+ this(DigestName.SM3.getDigestValue());
+ }
+
+ public KAESM2Signature(String digest) throws NoSuchAlgorithmException{
+ if ("SM3".equals(digest)){
+ this.digestName = DigestName.SM3;
+ }else {
+ throw new NoSuchAlgorithmException("KAESM2Signature not support the " + digest + "digest algorithm");
+ }
+ }
+
+ /**
+ * Initializes this signature object with the specified
+ * public key for verification operations.
+ *
+ * @param publicKey the public key of the identity whose signature is
+ * going to be verified.
+ */
+ @Override
+ protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
+ this.publicKey = (ECPublicKey) KAEECKeyFactory.toECKey(publicKey);
+ long keyAddress;
+ try {
+ int curveLen = (this.publicKey.getParams().getCurve().getField().getFieldSize() + 7) / 8;
+ keyAddress = KAESM2Cipher.nativeCreateSM2PublicKey(
+ asUnsignedByteArray(curveLen, this.publicKey.getW().getAffineX()),
+ asUnsignedByteArray(curveLen, this.publicKey.getW().getAffineY()));
+ } catch (RuntimeException e) {
+ throw new RuntimeException("KAESM2Signature nativeCreateSM2PublicKey failed", e);
+ }
+ try {
+ long verifyCtx = nativeInitSM2Ctx(keyAddress, digestName.getDigestValue(), id, Boolean.FALSE);
+ if (verifyCtx == 0){
+ throw new InvalidKeyException("engineInitSign verifyCtx is invalid");
+ }
+ this.ctxHolder = new SM2SignCtxHolder(this, verifyCtx);
+ } catch (RuntimeException e) {
+ throw new RuntimeException("KAESM2Signature nativeInitSM2Ctx failed", e);
+ }finally {
+ KAESM2Cipher.nativeFreeKey(keyAddress);
+ }
+ this.mode = Mode.VERIFY;
+ this.initialized = true;
+ }
+
+ /**
+ * Initializes this signature object with the specified
+ * private key for signing operations.
+ *
+ * @param privateKey the private key of the identity whose signature
+ * will be generated.
+ */
+ @Override
+ protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
+ this.privateKey = (ECPrivateKey) KAEECKeyFactory.toECKey(privateKey);
+ long keyAddress;
+ try {
+ int curveLen = (this.privateKey.getParams().getCurve().getField().getFieldSize() + 7) / 8;
+ keyAddress = KAESM2Cipher.nativeCreateSM2PrivateKey(asUnsignedByteArray(curveLen, this.privateKey.getS()), true);
+ } catch (RuntimeException e) {
+ throw new InvalidKeyException("KAESM2Signature nativeCreateSM2PrivateKey failed", e);
+ }
+ try {
+ long signCtx = nativeInitSM2Ctx(keyAddress, digestName.getDigestValue(), id, Boolean.TRUE);
+ if (signCtx == 0){
+ throw new InvalidKeyException("engineInitSign signCtx is invalid");
+ }
+ this.ctxHolder = new SM2SignCtxHolder(this, signCtx);
+ } catch (RuntimeException e) {
+ throw new RuntimeException("KAESM2Signature nativeInitSM2Ctx failed", e);
+ }finally {
+ KAESM2Cipher.nativeFreeKey(keyAddress);
+ }
+ this.mode = Mode.SIGNATURE;
+ this.initialized = true;
+ }
+
+ // update the signature with the plaintext data. See JCA doc
+ @Override
+ protected void engineUpdate(byte b) throws SignatureException {
+ byte[] msg = new byte[1];
+ msg[0] = b;
+ engineUpdate(msg, 0, 1);
+ }
+
+ // update the signature with the plaintext data. See JCA doc
+ @Override
+ protected void engineUpdate(byte[] b, int off, int len) throws SignatureException {
+ if(!initialized || ctxHolder == null){
+ throw new SignatureException("The engine is not initialized");
+ }
+ byte[] msg = new byte[len];
+ System.arraycopy(b, off, msg, 0, len);
+ if (ctxHolderCopy == null) {
+ ctxHolderCopy = createCtxHolder(this, ctxHolder.ctxAddress);
+ }
+ try {
+ if(this.mode == Mode.SIGNATURE){
+ nativeSM2Update(ctxHolderCopy.ctxAddress, msg, len, Boolean.TRUE);
+ }else {
+ // Mode.VERIFY
+ nativeSM2Update(ctxHolderCopy.ctxAddress, msg, len, Boolean.FALSE);
+ }
+ } catch (RuntimeException e) {
+ throw new RuntimeException("KAESM2Signature nativeSM2Update Failed", e);
+ }
+ }
+
+ // see JCE spec
+ @Override
+ protected byte[] engineSign() throws SignatureException {
+ if(!initialized || ctxHolder == null){
+ throw new SignatureException("The engine is not initialized");
+ }
+ if (ctxHolderCopy == null) {
+ ctxHolderCopy = createCtxHolder(this, ctxHolder.ctxAddress);
+ }
+ byte[] sigBytes;
+ try {
+ sigBytes = nativeSM2SignFinal(ctxHolderCopy.ctxAddress);
+ } catch (SignatureException e){
+ throw new RuntimeException("KAESM2Signature nativeSM2SignFinal Failed", e);
+ }finally {
+ resetCtxHolderCopy();
+ }
+ return sigBytes;
+ }
+
+ // see JCE spec
+ @Override
+ protected boolean engineVerify(byte[] sigBytes) throws SignatureException {
+ if(!initialized || ctxHolder == null){
+ throw new SignatureException("The engine is not initialized");
+ }
+ if (ctxHolderCopy == null) {
+ ctxHolderCopy = createCtxHolder(this, ctxHolder.ctxAddress);
+ }
+ try {
+ return nativeSM2VerifyFinal(ctxHolderCopy.ctxAddress, sigBytes, sigBytes.length);
+ } catch (SignatureException e){
+ throw new RuntimeException("KAESM2Signature nativeSM2VerifyFinal Failed", e);
+ }finally {
+ resetCtxHolderCopy();
+ }
+ }
+
+ // set parameter, not supported. See JCA doc
+ @Deprecated
+ @Override
+ protected void engineSetParameter(String param, Object value) throws InvalidParameterException {
+ throw new UnsupportedOperationException("setParameter() not supported");
+ }
+
+ @Override
+ protected void engineSetParameter(AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException {
+ if (params == null) {
+ throw new InvalidAlgorithmParameterException("params is null");
+ }
+
+ try {
+ Class<?> clazz = params.getClass();
+ Field field = clazz.getDeclaredField("id");
+ field.setAccessible(true);
+ byte[] idValue = (byte[]) field.get(params);
+ this.id = new String(idValue, StandardCharsets.UTF_8);
+ } catch (IllegalAccessException | NoSuchFieldException e) {
+ throw new InvalidAlgorithmParameterException("Failed to get id field from params");
+ }
+ }
+
+ // get parameter, not supported. See JCA doc
+ @Deprecated
+ @Override
+ protected Object engineGetParameter(String param) throws InvalidParameterException {
+ throw new UnsupportedOperationException("getParameter() not supported");
+ }
+
+ /**
+ * The sm2 sign openssl md_ctx holder , use PhantomReference in case of native memory leaks
+ */
+ private static class SM2SignCtxHolder extends PhantomReference<KAESM2Signature>
+ implements Comparable<SM2SignCtxHolder> {
+ private static ReferenceQueue<KAESM2Signature> referenceQueue = new ReferenceQueue<>();
+ private static Set<SM2SignCtxHolder> referenceList = new ConcurrentSkipListSet<>();
+ private final long ctxAddress;
+
+ private static boolean disableKaeDispose = Boolean.getBoolean("kae.disableKaeDispose");
+
+ SM2SignCtxHolder(KAESM2Signature sm2Cipher, long ctxAddress) {
+ super(sm2Cipher, referenceQueue);
+ this.ctxAddress = ctxAddress;
+ if (!disableKaeDispose) {
+ referenceList.add(this);
+ drainRefQueueBounded();
+ }
+ }
+
+ private static void drainRefQueueBounded() {
+ while (true) {
+ SM2SignCtxHolder next = (SM2SignCtxHolder) referenceQueue.poll();
+ if (next == null) {
+ break;
+ }
+ next.dispose(true);
+ }
+ }
+
+ void dispose(boolean needFree) {
+ if (!disableKaeDispose) {
+ referenceList.remove(this);
+ try {
+ if (needFree) {
+ nativeFreeSM2Ctx(ctxAddress);
+ }
+ } finally {
+ this.clear();
+ }
+ } else {
+ nativeFreeSM2Ctx(ctxAddress);
+ }
+ }
+
+ @Override
+ public int compareTo(SM2SignCtxHolder other) {
+ if (this.ctxAddress == other.ctxAddress) {
+ return 0;
+ } else {
+ return (this.ctxAddress < other.ctxAddress) ? -1 : 1;
+ }
+ }
+ }
+
+ // reset the ctx holder
+ private void resetCtxHolderCopy() {
+ if (ctxHolderCopy != null) {
+ ctxHolderCopy.dispose(true);
+ ctxHolderCopy = null;
+ }
+ }
+
+ private SM2SignCtxHolder createCtxHolder(KAESM2Signature kaesm2Signature, long ctxAddress) {
+ long addr;
+ try {
+ addr = nativeClone(ctxAddress);
+ } catch (RuntimeException e) {
+ throw new RuntimeException("SM2SignCtxHolder nativeClone failed", e);
+ }
+ if (addr == 0) {
+ throw new RuntimeException("SM2SignCtxHolder nativeClone EVP_MD_CTX failed");
+ }
+ return new SM2SignCtxHolder(kaesm2Signature, addr);
+ }
+
+ // clone the sign ctx
+ protected static native long nativeClone(long ctxAddress);
+
+ // free the sign ctx
+ protected static native void nativeFreeSM2Ctx(long ctxAddress);
+
+ // init openssl sm2 signature context
+ protected static native long nativeInitSM2Ctx(long keyAddress, String digestName, String id, boolean isSign);
+
+ // update openssl sm2 signature text
+ protected static native void nativeSM2Update(long ctxAddress, byte[] msg, int msgLen, boolean isSign);
+
+ // sm2 signature do final
+ protected static native byte[] nativeSM2SignFinal(long ctxAddress) throws SignatureException;
+
+ // sm2 verification do final
+ protected static native boolean nativeSM2VerifyFinal(long ctxAddress, byte[] sigBytes, int sigLen) throws SignatureException;
+
+ static public class SM3withSM2
+ extends KAESM2Signature {
+ public SM3withSM2() throws NoSuchAlgorithmException {
+ super(DigestName.SM3.getDigestValue());
+ }
+ }
+}
diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEUtils.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEUtils.java
index a4a005285..a72e2ad32 100644
--- a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEUtils.java
+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEUtils.java
@@ -27,6 +27,7 @@ package org.openeuler.security.openssl;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
+import java.math.BigInteger;
import java.security.*;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
@@ -198,16 +199,50 @@ class KAEUtils {
}
}
+ /**
+ * Return the passed in value as an unsigned byte array of the specified length, padded with
+ * leading zeros as necessary..
+ *
+ * @param length the fixed length of the result
+ * @param value the value to be converted.
+ * @return a byte array padded to a fixed length with leading zeros.
+ */
+ protected static byte[] asUnsignedByteArray(int length, BigInteger value) {
+ byte[] bytes = value.toByteArray();
+ if (bytes.length == length) {
+ return bytes;
+ }
+
+ int start = (bytes[0] == 0 && bytes.length != 1) ? 1 : 0;
+ int count = bytes.length - start;
+
+ if (count > length) {
+ throw new IllegalArgumentException("standard length exceeded for value");
+ }
+
+ byte[] tmp = new byte[length];
+ System.arraycopy(bytes, start, tmp, tmp.length - count, count);
+ return tmp;
+ }
+
private static void initECDH() {
SIZE_TO_CURVE.put(224, "secp224r1");
SIZE_TO_CURVE.put(256, "prime256v1");
SIZE_TO_CURVE.put(384, "secp384r1");
SIZE_TO_CURVE.put(521, "secp521r1");
+
+ CURVE_ALIAS.put("secp224r1", "secp224r1");
+ CURVE_ALIAS.put("prime256v1", "prime256v1");
+ CURVE_ALIAS.put("secp384r1", "secp384r1");
+ CURVE_ALIAS.put("secp521r1", "secp521r1");
+
CURVE_ALIAS.put("secp256r1", "prime256v1");
+ CURVE_ALIAS.put("sm2p256v1", "SM2");
CURVE_ALIAS.put("1.3.132.0.33", "secp224r1");
CURVE_ALIAS.put("1.3.132.0.34", "secp384r1");
CURVE_ALIAS.put("1.3.132.0.35", "secp521r1");
CURVE_ALIAS.put("1.2.840.10045.3.1.7", "prime256v1");
+ CURVE_ALIAS.put("1.2.156.10197.1.301", "SM2");
}
static String getCurveBySize(int size) {
diff --git a/src/jdk.crypto.kaeprovider/linux/conf/security/kaeprovider.conf b/src/jdk.crypto.kaeprovider/linux/conf/security/kaeprovider.conf
index 49ff98fd8..ff9da691f 100644
--- a/src/jdk.crypto.kaeprovider/linux/conf/security/kaeprovider.conf
+++ b/src/jdk.crypto.kaeprovider/linux/conf/security/kaeprovider.conf
@@ -18,6 +18,8 @@
# kae.rsa=false
# kae.dh=false
# kae.ec=false
+# kae.sm2.cipher=false
+# kae.sm2.signature=false
# Configure engine id, the default value is kae.
# kae.engine.id=kae
@@ -42,9 +44,11 @@
# kae.rsa.useKaeEngine=true
# kae.dh.useKaeEngine=true
# kae.ec.useKaeEngine=false
+# kae.sm2.useKaeEngine=false
#
# Some engines do not fully support certain categories of algorithms, for example, the digest
-# algorithm implemented by kae engine only supports md5 and sm3.For more information, please refer to:
+# algorithm implemented by kae engine only supports md5 and sm3, asymmetric cipher not support sm2.
+# For more information, please refer to:
# KAE : https://github.com/kunpengcompute/KAE#:~:text=Digest%20algorithm%3A%20SM3/MD5
# UADK: https://gitee.com/openeuler/uadk/wikis/%E4%BD%BF%E7%94%A8%E6%96%87%E6%A1%A3/UADK%20quick%20start#11-uadk
#
@@ -60,7 +64,8 @@
# rsa : rsa
# dh : dh
# ec : ec
-# kae.engine.disabledAlgorithms=sha256,sha384
+# sm2 : sm2
+# kae.engine.disabledAlgorithms=sha256,sha384,sm2
# SM4 max chunk size of each encryption or decryption.
# when input data does not have an accessible byte[].
@@ -72,4 +77,4 @@
#
# It only takes effect when the property kae.log value is true.
# Configure log file path, default value is System.getProperty("user.dir") + "/ + "kae.log".
-# kae.log.file=/home/user/kae.log
\ No newline at end of file
+# kae.log.file=/home/user/kae.log
diff --git a/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_cipher_sm2.c b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_cipher_sm2.c
new file mode 100644
index 000000000..7f00d8b31
--- /dev/null
+++ b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_cipher_sm2.c
@@ -0,0 +1,365 @@
+/*
+ * Copyright (c) 2024, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+#include <openssl/evp.h>
+#include <openssl/ec.h>
+#include <stdbool.h>
+#include <string.h>
+#include "kae_util.h"
+#include "kae_log.h"
+#include "kae_exception.h"
+#include "org_openeuler_security_openssl_KAESM2Cipher.h"
+
+static void FreeSM2KeyParam(BIGNUM* bn_x, BIGNUM* bn_y, BIGNUM* bn_key, EC_GROUP* group, EC_POINT* pt)
+{
+ if (bn_x != NULL) {
+ KAE_ReleaseBigNumFromByteArray(bn_x);
+ }
+ if (bn_y != NULL) {
+ KAE_ReleaseBigNumFromByteArray(bn_y);
+ }
+ if (bn_key != NULL) {
+ KAE_ReleaseBigNumFromByteArray_Clear(bn_key);
+ }
+ if (group != NULL) {
+ EC_GROUP_free(group);
+ }
+ if (pt != NULL) {
+ EC_POINT_free(pt);
+ }
+}
+
+/*
+ * SM2 encrypt or decrypt, follow the steps below
+ */
+static jbyteArray SM2_Crypt(JNIEnv *env, jlong keyAddress, jbyteArray inArr, jint inLen, bool isEncrypt) {
+ unsigned char* inbytes = NULL;
+ unsigned char* outbytes = NULL;
+ size_t outLen = 0;
+ jbyteArray outArr = NULL;
+ EVP_PKEY* pkey = NULL;
+ EVP_PKEY_CTX* ctx = NULL;
+ ENGINE* kaeEngine = NULL;
+
+ // init Engine
+ kaeEngine = GetEngineByAlgorithmIndex(SM2_INDEX);
+ KAE_TRACE("SM2_Crypt: kaeEngine => %p", kaeEngine);
+
+ if ((inbytes = (unsigned char*)malloc(inLen)) == NULL) {
+ KAE_ThrowOOMException(env, "malloc failed");
+ goto cleanup;
+ }
+ memset(inbytes, 0, inLen);
+
+ // get inArr bytes
+ (*env)->GetByteArrayRegion(env, inArr, 0, inLen, (jbyte*)inbytes);
+ if (inbytes == NULL) {
+ KAE_ThrowNullPointerException(env, "GetByteArrayRegion failed");
+ goto cleanup;
+ }
+
+ pkey = (EVP_PKEY*) keyAddress;
+
+ // new ctx
+ if ((ctx = EVP_PKEY_CTX_new(pkey, kaeEngine)) == NULL) {
+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_CTX_new", KAE_ThrowInvalidKeyException);
+ goto cleanup;
+ }
+
+ // sm2 encrypt/decrypt init
+ if (isEncrypt) {
+ // init encrypt ctx
+ if (EVP_PKEY_encrypt_init(ctx) <= 0) {
+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_encrypt_init", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+
+ // calculated outArr length
+ if (EVP_PKEY_encrypt(ctx, NULL, &outLen, inbytes, inLen) <= 0) {
+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_encrypt failed. calculated outArr length", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+ }else {
+ // init decrypt ctx
+ if (EVP_PKEY_decrypt_init(ctx) <= 0) {
+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_decrypt_init", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+
+ // calculated outArr length
+ if (EVP_PKEY_decrypt(ctx, NULL, &outLen, inbytes, inLen) <= 0) {
+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_decrypt failed. calculated outArr length", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+ }
+
+ if ((outbytes = (unsigned char*)malloc(outLen)) == NULL) {
+ KAE_ThrowOOMException(env, "malloc failed");
+ goto cleanup;
+ }
+ memset(outbytes, 0, outLen);
+
+ if (isEncrypt) {
+ // sm2 encrypt dofinal
+ if (EVP_PKEY_encrypt(ctx, outbytes, &outLen, inbytes, inLen) <= 0) {
+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_encrypt failed. sm2 encrypt dofinal", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+ }else {
+ // sm2 decrypt dofinal
+ if (EVP_PKEY_decrypt(ctx, outbytes, &outLen, inbytes, inLen) <= 0) {
+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_decrypt failed. sm2 decrypt dofinal", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+ }
+ KAE_TRACE("SM2_Crypt: finished");
+
+ if ((outArr = (*env)->NewByteArray(env, outLen)) == NULL) {
+ KAE_ThrowNullPointerException(env, "NewByteArray failed");
+ goto cleanup;
+ }
+ (*env)->SetByteArrayRegion(env, outArr, 0, outLen, (jbyte*)outbytes);
+cleanup:
+ if (inbytes != NULL) {
+ memset(inbytes, 0, inLen);
+ free(inbytes);
+ }
+ if (outbytes != NULL) {
+ memset(outbytes, 0, outLen);
+ free(outbytes);
+ }
+ EVP_PKEY_CTX_free(ctx);
+ return outArr;
+}
+
+/*
+ * Class: KAESM2Cipher
+ * Method: nativeCreateSM2PublicKey
+ * Signature: ([B[B)J
+ */
+JNIEXPORT jlong JNICALL Java_org_openeuler_security_openssl_KAESM2Cipher_nativeCreateSM2PublicKey(JNIEnv *env,
+ jclass cls, jbyteArray xArr, jbyteArray yArr) {
+ BIGNUM* bn_x = NULL;
+ BIGNUM* bn_y = NULL;
+ EC_GROUP* group = NULL;
+ EC_POINT* pubkey_pt = NULL;
+ EC_KEY* eckey = NULL;
+ EVP_PKEY* pkey = NULL;
+
+ // convert to big num
+ if ((bn_x = KAE_GetBigNumFromByteArray(env, xArr)) == NULL ||
+ (bn_y = KAE_GetBigNumFromByteArray(env, yArr)) == NULL) {
+ goto cleanup;
+ }
+
+ // new EC_GROUP by curve_name
+ if ((group = EC_GROUP_new_by_curve_name(NID_sm2)) == NULL) {
+ KAE_ThrowFromOpenssl(env, "EC_GROUP_new_by_curve_name", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+
+ // new EC_POINT
+ if((pubkey_pt = EC_POINT_new(group)) == NULL) {
+ KAE_ThrowFromOpenssl(env, "EC_POINT_new", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+
+ // set the x and y coordinates
+ if(EC_POINT_set_affine_coordinates_GFp(group, pubkey_pt, bn_x, bn_y, NULL) <= 0) {
+ KAE_ThrowFromOpenssl(env, "EC_POINT_set_affine_coordinates_GFp", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+
+ // new EC_KEY
+ if ((eckey = EC_KEY_new_by_curve_name(NID_sm2)) == NULL) {
+ KAE_ThrowFromOpenssl(env, "EC_KEY_new_by_curve_name", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+ // set ec_key by publickey_point
+ if (EC_KEY_set_public_key(eckey ,pubkey_pt) <= 0) {
+ KAE_ThrowFromOpenssl(env, "EC_KEY_set_public_key", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+
+ // new EVP_PKEY
+ if ((pkey = EVP_PKEY_new()) == NULL) {
+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_new", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+
+ // set the pkey by the ec_key
+ if (EVP_PKEY_assign_EC_KEY(pkey , eckey) <= 0) {
+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_assign_EC_KEY", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+
+ // set the alias type of the key
+ if (EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) <= 0) {
+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_set_alias_type", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+
+ FreeSM2KeyParam(bn_x, bn_y, NULL, group, pubkey_pt);
+ KAE_TRACE("KAESM2Cipher_nativeCreateSM2PublicKey: finished");
+ return (jlong)pkey;
+cleanup:
+ FreeSM2KeyParam(bn_x, bn_y, NULL, group, pubkey_pt);
+ if (eckey != NULL) {
+ EC_KEY_free(eckey);
+ }
+ if (pkey != NULL) {
+ EVP_PKEY_free(pkey);
+ }
+ return 0;
+}
+
+/*
+ * Class: KAESM2Cipher
+ * Method: nativeCreateSM2PrivateKey
+ * Signature: ([B[B)J
+ */
+JNIEXPORT jlong JNICALL Java_org_openeuler_security_openssl_KAESM2Cipher_nativeCreateSM2PrivateKey(JNIEnv *env,
+ jclass cls, jbyteArray keyArr, jboolean sign) {
+ BIGNUM* bn_key = NULL;
+ EC_KEY* eckey = NULL;
+ EVP_PKEY* pkey = NULL;
+ EC_GROUP* group = NULL;
+ EC_POINT* pt = NULL;
+
+ // convert to big num
+ if ((bn_key = KAE_GetBigNumFromByteArray(env, keyArr)) == NULL) {
+ goto cleanup;
+ }
+
+ // new EC_KEY
+ if ((eckey = EC_KEY_new_by_curve_name(NID_sm2)) == NULL) {
+ KAE_ThrowFromOpenssl(env, "EC_KEY_new_by_curve_name", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+
+ // set the ec_key by bn_key
+ if ((EC_KEY_set_private_key(eckey ,bn_key)) <= 0) {
+ KAE_ThrowFromOpenssl(env, "EC_KEY_set_private_key", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+
+ // new group by curve_name
+ if ((group = EC_GROUP_new_by_curve_name(NID_sm2)) == NULL) {
+ KAE_ThrowFromOpenssl(env, "EC_GROUP_new_by_curve_name", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+
+ if(sign) {
+ // new EC_POINT
+ if ((pt = EC_POINT_new(group)) == NULL) {
+ KAE_ThrowFromOpenssl(env, "EC_POINT_new", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+
+ // calculation of EC_POINT by EC_POINT_mul functions
+ if (EC_POINT_mul(group, pt, bn_key, NULL, NULL, NULL) <= 0) {
+ KAE_ThrowFromOpenssl(env, "EC_POINT_mul", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+
+ // set ec_key by ec_point
+ if (EC_KEY_set_public_key(eckey ,pt) <= 0) {
+ KAE_ThrowFromOpenssl(env, "EC_KEY_set_public_key", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+ }
+
+ // new EVP_PKEY
+ if ((pkey = EVP_PKEY_new()) == NULL) {
+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_new", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+
+ // set the pkey by the ec_key
+ if (EVP_PKEY_assign_EC_KEY(pkey , eckey) <= 0) {
+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_assign_EC_KEY", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+
+ // set the alias type of the key
+ if (EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) <= 0) {
+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_set_alias_type", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+
+ FreeSM2KeyParam(NULL, NULL, bn_key, group, pt);
+ KAE_TRACE("KAESM2Cipher_nativeCreateSM2PrivateKey: finished");
+ return (jlong)pkey;
+cleanup:
+ FreeSM2KeyParam(NULL, NULL, bn_key, group, pt);
+ if (eckey != NULL) {
+ EC_KEY_free(eckey);
+ }
+ if (pkey != NULL) {
+ EVP_PKEY_free(pkey);
+ }
+ return 0;
+}
+
+/*
+ * Class: KAESM2Cipher
+ * Method: nativeFreeKey
+ * Signature: (J)V
+ */
+JNIEXPORT void JNICALL Java_org_openeuler_security_openssl_KAESM2Cipher_nativeFreeKey(JNIEnv *env,
+ jclass cls, jlong keyAddress) {
+ KAE_TRACE("KAESM2Cipher_nativeFreeKey(keyAddress = %p)", keyAddress);
+
+ if(keyAddress == 0){
+ KAE_ThrowInvalidKeyException(env, "nativeFreeKey failed. keyAddress is Invalid");
+ return;
+ }
+ EVP_PKEY* pkey = (EVP_PKEY*) keyAddress;
+ if (pkey != NULL) {
+ EVP_PKEY_free(pkey);
+ }
+
+ KAE_TRACE("KAESM2Cipher_nativeFreeKey: finished");
+}
+
+/*
+ * Class: KAESM2Cipher
+ * Method: nativeSM2Encrypt
+ * Signature: (J[BI)[B
+ */
+JNIEXPORT jbyteArray JNICALL Java_org_openeuler_security_openssl_KAESM2Cipher_nativeSM2Encrypt(JNIEnv *env,
+ jclass cls, jlong keyAddress, jbyteArray inArr, jint inLen) {
+ KAE_TRACE("KAESM2Cipher_nativeSM2Encrypt(keyAddress = %p, inArr = %p, inLen = %d)", keyAddress, inArr, inLen);
+ return SM2_Crypt(env, keyAddress, inArr, inLen, true);
+}
+
+/*
+ * Class: KAESM2Cipher
+ * Method: nativeSM2Decrypt
+ * Signature: (J[BI)[B
+ */
+JNIEXPORT jbyteArray JNICALL Java_org_openeuler_security_openssl_KAESM2Cipher_nativeSM2Decrypt(JNIEnv *env,
+ jclass cls, jlong keyAddress, jbyteArray inArr, jint inLen) {
+ KAE_TRACE("KAESM2Cipher_nativeSM2Decrypt(keyAddress = %p, inArr = %p, inLen = %d)", keyAddress, inArr, inLen);
+ return SM2_Crypt(env, keyAddress, inArr, inLen, false);
+}
diff --git a/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_exception.c b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_exception.c
index c0579ebf4..41d5934a9 100644
--- a/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_exception.c
+++ b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_exception.c
@@ -26,7 +26,6 @@
#include <openssl/rsaerr.h>
#include "kae_log.h"
#include "kae_exception.h"
-#include "openssl_ad.h"
void KAE_ThrowByName(JNIEnv* env, const char* name, const char* msg) {
jclass cls = (*env)->FindClass(env, name);
diff --git a/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_signature_sm2.c b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_signature_sm2.c
new file mode 100644
index 000000000..6e00be093
--- /dev/null
+++ b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_signature_sm2.c
@@ -0,0 +1,284 @@
+/*
+ * Copyright (c) 2024, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+#include "org_openeuler_security_openssl_KAESM2Signature.h"
+#include "kae_util.h"
+#include "kae_log.h"
+#include "kae_exception.h"
+#include <openssl/evp.h>
+#include <openssl/ec.h>
+#include <stdbool.h>
+#include <string.h>
+
+static const EVP_MD* GetEVP_MDByName(JNIEnv *env, const char* algo)
+{
+ static const EVP_MD* sm3 = NULL;
+
+ if (strcasecmp(algo, "SM3") == 0) {
+ return sm3 == NULL ? sm3 = EVP_sm3() : sm3;
+ } else {
+ KAE_ThrowRuntimeException(env, "GetEVP_MDByName error");
+ return NULL;
+ }
+}
+
+/*
+* Class: org_openeuler_security_openssl_KAESM2Signature
+* Method: nativeClone
+* Signature: (J)J
+*/
+JNIEXPORT jlong JNICALL
+Java_org_openeuler_security_openssl_KAESM2Signature_nativeClone(JNIEnv *env, jclass cls, jlong ctxAddress)
+{
+ EVP_MD_CTX* ctx = (EVP_MD_CTX*) ctxAddress;
+ KAE_TRACE("KAESM2Signature_nativeClone: ctx = %p", ctx);
+ if (ctx == NULL) {
+ return 0;
+ }
+
+ EVP_MD_CTX* ctxCopy = EVP_MD_CTX_create();
+ if (ctxCopy == NULL) {
+ KAE_ThrowOOMException(env, "create EVP_MD_CTX fail");
+ return 0;
+ }
+ KAE_TRACE("KAESM2Signature_nativeClone: create ctxCopy => %p", ctxCopy);
+
+ int result_code = EVP_MD_CTX_copy_ex(ctxCopy, ctx);
+ if (result_code == 0) {
+ KAE_ThrowFromOpenssl(env, "EVP_MD_CTX_copy_ex failed", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+ KAE_TRACE("KAESM2Signature_nativeClone EVP_MD_CTX_copy_ex(ctxCopy = %p, ctx = %p) success", ctxCopy, ctx);
+ KAE_TRACE("KAESM2Signature_nativeClone: finished");
+ return (jlong) ctxCopy;
+
+cleanup:
+ if (ctxCopy != NULL) {
+ EVP_MD_CTX_free(ctxCopy);
+ }
+ return 0;
+}
+
+/*
+ * Class: org_openeuler_security_openssl_KAESM2Signature
+ * Method: nativeFreeSM2Ctx
+ * Signature: (J)V
+ */
+JNIEXPORT void JNICALL Java_org_openeuler_security_openssl_KAESM2Signature_nativeFreeSM2Ctx(JNIEnv *env,
+ jclass cls, jlong ctxAddress)
+{
+ if(ctxAddress == 0){
+ KAE_ThrowInvalidKeyException(env, "nativeFreeSM2Ctx failed. ctxAddress is Invalid");
+ }
+ EVP_MD_CTX *md_ctx = (EVP_MD_CTX*) ctxAddress;
+ if (md_ctx != NULL) {
+ EVP_MD_CTX_free(md_ctx);
+ }
+ KAE_TRACE("KAESM2Signature_nativeFreeSM2Ctx: finished");
+}
+
+/*
+ * Class: org_openeuler_security_openssl_KAESM2Signature
+ * Method: nativeInitSM2Ctx
+ * Signature: (JLjava/lang/String;Z)J
+ */
+JNIEXPORT jlong JNICALL Java_org_openeuler_security_openssl_KAESM2Signature_nativeInitSM2Ctx(JNIEnv *env,
+ jclass cls, jlong keyAddress, jstring digestName, jstring id, jboolean isSign)
+{
+ EVP_MD_CTX* md_ctx = NULL;
+ EVP_PKEY_CTX* pctx = NULL;
+ EVP_PKEY* pkey = NULL;
+ pkey = (EVP_PKEY*) keyAddress;
+ ENGINE* kaeEngine = NULL;
+
+ // init engine
+ kaeEngine = GetEngineByAlgorithmIndex(SM2_INDEX);
+ KAE_TRACE("KAESM2Signature_nativeInitSM2Ctx: kaeEngine => %p", kaeEngine);
+
+ const char* algo = (*env)->GetStringUTFChars(env, digestName, 0);
+ const char* sm2_id = (*env)->GetStringUTFChars(env, id, 0);
+
+ // new pkey_ctx
+ if ((pctx = EVP_PKEY_CTX_new(pkey, kaeEngine)) == NULL) {
+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_CTX_new", KAE_ThrowInvalidKeyException);
+ goto cleanup;
+ }
+
+ // set default_sm_id in pkey_ctx
+ if (EVP_PKEY_CTX_set1_id(pctx, sm2_id, strlen(sm2_id)) <= 0) {
+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_CTX_set1_id", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+
+ // new md_ctx
+ if ((md_ctx = EVP_MD_CTX_new()) == NULL) {
+ KAE_ThrowFromOpenssl(env, "EVP_MD_CTX_new", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+
+ // set pkey_ctx in md_ctx
+ EVP_MD_CTX_set_pkey_ctx(md_ctx, pctx);
+
+ // init md_ctx
+ if(isSign){
+ if (EVP_DigestSignInit(md_ctx, NULL, GetEVP_MDByName(env, algo), kaeEngine, pkey) <= 0) {
+ KAE_ThrowFromOpenssl(env, "EVP_DigestSignInit", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+ }else {
+ if (EVP_DigestVerifyInit(md_ctx, NULL, GetEVP_MDByName(env, algo), kaeEngine, pkey) <= 0) {
+ KAE_ThrowFromOpenssl(env, "EVP_DigestVerifyInit", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+ }
+ (*env)->ReleaseStringUTFChars(env, digestName, algo);
+ (*env)->ReleaseStringUTFChars(env, id, sm2_id);
+ return (jlong)md_ctx;
+cleanup:
+ (*env)->ReleaseStringUTFChars(env, digestName, algo);
+ (*env)->ReleaseStringUTFChars(env, id, sm2_id);
+ if (pctx != NULL) {
+ EVP_PKEY_CTX_free(pctx);
+ }
+ if (md_ctx != NULL) {
+ EVP_MD_CTX_free(md_ctx);
+ }
+ return 0;
+}
+
+/*
+ * Class: org_openeuler_security_openssl_KAESM2Signature
+ * Method: nativeSM2Update
+ * Signature: (J[BIZ)V
+ */
+JNIEXPORT void JNICALL Java_org_openeuler_security_openssl_KAESM2Signature_nativeSM2Update(JNIEnv *env,
+ jclass cls, jlong ctxAddress, jbyteArray msgArr, jint msgLen, jboolean isSign)
+{
+ EVP_MD_CTX* md_ctx = NULL;
+ unsigned char* msg = NULL;
+ md_ctx = (EVP_MD_CTX*) ctxAddress;
+
+ if ((msg = (unsigned char*)malloc(msgLen)) == NULL) {
+ KAE_ThrowOOMException(env, "malloc error");
+ goto cleanup;
+ }
+ memset(msg, 0, msgLen);
+
+ (*env)->GetByteArrayRegion(env, msgArr, 0, msgLen, (jbyte*)msg);
+
+ if(isSign){
+ if (EVP_DigestSignUpdate(md_ctx, msg, msgLen) <= 0) {
+ KAE_ThrowFromOpenssl(env, "EVP_DigestSignUpdate", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+ }else {
+ if (EVP_DigestVerifyUpdate(md_ctx, msg, msgLen) <= 0) {
+ KAE_ThrowFromOpenssl(env, "EVP_DigestVerifyUpdate", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+ }
+ KAE_TRACE("KAESM2Signature_nativeSM2Update: finished");
+cleanup:
+ if (msg != NULL) {
+ memset(msg, 0, msgLen);
+ free(msg);
+ }
+}
+
+/*
+ * Class: org_openeuler_security_openssl_KAESM2Signature
+ * Method: nativeSM2SignFinal
+ * Signature: (J)[B
+ */
+JNIEXPORT jbyteArray JNICALL Java_org_openeuler_security_openssl_KAESM2Signature_nativeSM2SignFinal(JNIEnv *env,
+ jclass cls, jlong ctxAddress)
+{
+ EVP_MD_CTX* md_ctx = NULL;
+ unsigned char* sig = NULL;
+ size_t sig_len = 0;
+ jbyteArray sigByteArray = NULL;
+ md_ctx = (EVP_MD_CTX*) ctxAddress;
+
+ // determine the size of the signature
+ if (EVP_DigestSignFinal(md_ctx, NULL, &sig_len) <= 0) {
+ KAE_ThrowFromOpenssl(env, "EVP_DigestSignFinal", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+
+ if ((sig = malloc(sig_len)) == NULL) {
+ KAE_ThrowOOMException(env, "malloc error");
+ goto cleanup;
+ }
+ memset(sig, 0, sig_len);
+
+ // sign
+ if (EVP_DigestSignFinal(md_ctx, sig, &sig_len) <= 0) {
+ KAE_ThrowFromOpenssl(env, "EVP_DigestSignFinal", KAE_ThrowSignatureException);
+ goto cleanup;
+ }
+
+ if ((sigByteArray = (*env)->NewByteArray(env, sig_len)) == NULL) {
+ goto cleanup;
+ }
+ (*env)->SetByteArrayRegion(env, sigByteArray, 0, sig_len, (jbyte*)sig);
+ KAE_TRACE("KAESM2Signature_nativeSM2SignFinal: finished");
+cleanup:
+ if (sig != NULL) {
+ memset(sig, 0, sig_len);
+ free(sig);
+ }
+ return sigByteArray;
+}
+
+/*
+ * Class: org_openeuler_security_openssl_KAESM2Signature
+ * Method: nativeSM2VerifyFinal
+ * Signature: (J[B)Z
+ */
+JNIEXPORT jboolean JNICALL Java_org_openeuler_security_openssl_KAESM2Signature_nativeSM2VerifyFinal(JNIEnv *env,
+ jclass cls, jlong ctxAddress, jbyteArray sigBytesArr, jint sigLen)
+{
+ EVP_MD_CTX* md_ctx = NULL;
+ unsigned char* sigBytes = NULL;
+ jboolean isSuccess = JNI_FALSE;
+ md_ctx = (EVP_MD_CTX*) ctxAddress;
+
+ if ((sigBytes = (unsigned char*)malloc(sigLen)) == NULL) {
+ KAE_ThrowOOMException(env, "malloc error");
+ goto cleanup;
+ }
+ (*env)->GetByteArrayRegion(env, sigBytesArr, 0, sigLen, (jbyte*)sigBytes);
+
+ // verify
+ if (EVP_DigestVerifyFinal(md_ctx, sigBytes, sigLen) <= 0) {
+ KAE_ThrowFromOpenssl(env, "EVP_DigestVerifyFinal", KAE_ThrowSignatureException);
+ goto cleanup;
+ }
+ isSuccess = JNI_TRUE;
+cleanup:
+ if (sigBytes != NULL) {
+ memset(sigBytes, 0, sigLen);
+ free(sigBytes);
+ }
+ return isSuccess;
+}
diff --git a/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_symmetric_cipher.c b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_symmetric_cipher.c
index 67151f53a..220964d5f 100644
--- a/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_symmetric_cipher.c
+++ b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_symmetric_cipher.c
@@ -146,6 +146,7 @@ Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeInit(JNIEnv* en
const EVP_CIPHER* cipher = NULL;
ENGINE* kaeEngine = NULL;
int keyLength = (*env)->GetArrayLength(env, key);
+ int ivLength = 0;
const char* algo = (*env)->GetStringUTFChars(env, cipherType, 0);
if (StartsWith("aes", algo)) {
@@ -158,7 +159,6 @@ Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeInit(JNIEnv* en
KAE_TRACE("KAESymmetricCipherBase_nativeInit: kaeEngine => %p", kaeEngine);
- (*env)->ReleaseStringUTFChars(env, cipherType, algo);
if (cipher == NULL) {
KAE_ThrowOOMException(env, "create EVP_CIPHER fail");
goto cleanup;
@@ -170,19 +170,35 @@ Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeInit(JNIEnv* en
if (iv != NULL) {
ivBytes = (*env)->GetByteArrayElements(env, iv, NULL);
+ ivLength = (*env)->GetArrayLength(env, iv);
}
if (key != NULL) {
keyBytes = (*env)->GetByteArrayElements(env, key, NULL);
}
- if (!EVP_CipherInit_ex(ctx, cipher, kaeEngine, (const unsigned char*)keyBytes,
- (const unsigned char*)ivBytes, encrypt ? 1 : 0)) {
+ if (!EVP_CipherInit_ex(ctx, cipher, kaeEngine, NULL,
+ NULL, encrypt ? 1 : 0)) {
KAE_ThrowFromOpenssl(env, "EVP_CipherInit_ex failed", KAE_ThrowRuntimeException);
goto cleanup;
}
+ if (strcasecmp(algo + 8, "gcm") == 0) {
+ /* Set IV length if default 12 bytes (96 bits) is not appropriate */
+ if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ivLength, NULL)) {
+ KAE_ThrowFromOpenssl(env, "EVP_CIPHER_CTX_ctrl failed", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+ }
+
+ if (!EVP_CipherInit_ex(ctx, NULL, kaeEngine, (const unsigned char*)keyBytes,
+ (const unsigned char*)ivBytes, encrypt ? 1 : 0)) {
+ KAE_ThrowFromOpenssl(env, "EVP_CipherInit_ex int key & iv failed", KAE_ThrowRuntimeException);
+ goto cleanup;
+ }
+
EVP_CIPHER_CTX_set_padding(ctx, padding ? 1 : 0);
+ (*env)->ReleaseStringUTFChars(env, cipherType, algo);
FreeMemoryFromInit(env, iv, ivBytes, key, keyBytes, keyLength);
return (jlong)ctx;
@@ -190,6 +206,7 @@ cleanup:
if (ctx != NULL) {
EVP_CIPHER_CTX_free(ctx);
}
+ (*env)->ReleaseStringUTFChars(env, cipherType, algo);
FreeMemoryFromInit(env, iv, ivBytes, key, keyBytes, keyLength);
return 0;
}
diff --git a/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_util.c b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_util.c
index 471ae834b..66d0cc256 100644
--- a/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_util.c
+++ b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_util.c
@@ -78,6 +78,12 @@ void KAE_ReleaseBigNumFromByteArray(BIGNUM* bn) {
}
}
+void KAE_ReleaseBigNumFromByteArray_Clear(BIGNUM* bn) {
+ if (bn != NULL) {
+ BN_clear_free(bn);
+ }
+}
+
jbyteArray KAE_GetByteArrayFromBigNum(JNIEnv* env, const BIGNUM* bn) {
if (bn == NULL) {
return NULL;
@@ -111,7 +117,7 @@ cleanup:
return javaBytes;
}
-#define ENGINE_LENGTH (EC_INDEX + 1)
+#define ENGINE_LENGTH (SM2_INDEX + 1)
static ENGINE* engines[ENGINE_LENGTH] = {NULL};
static jboolean engineFlags[ENGINE_LENGTH] = {JNI_FALSE};
static KAEAlgorithm kaeAlgorithms[ENGINE_LENGTH] = {
@@ -143,7 +149,8 @@ static KAEAlgorithm kaeAlgorithms[ENGINE_LENGTH] = {
{HMAC_SHA512_INDEX, "hmac-sha512"},
{RSA_INDEX, "rsa"},
{DH_INDEX, "dh"},
- {EC_INDEX, "ec"}
+ {EC_INDEX, "ec"},
+ {SM2_INDEX, "sm2"}
};
void initEngines(JNIEnv* env, jbooleanArray algorithmKaeFlags) {
diff --git a/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_util.h b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_util.h
index 6eb980d62..5df310ba7 100644
--- a/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_util.h
+++ b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_util.h
@@ -56,7 +56,8 @@ typedef enum {
HMAC_SHA512_INDEX,
RSA_INDEX,
DH_INDEX,
- EC_INDEX
+ EC_INDEX,
+ SM2_INDEX
} AlgorithmIndex;
typedef struct {
@@ -70,6 +71,9 @@ BIGNUM* KAE_GetBigNumFromByteArray(JNIEnv* env, jbyteArray byteArray);
/* release BIGNUM allocat from */
void KAE_ReleaseBigNumFromByteArray(BIGNUM* bn);
+/* release BIGNUM allocat from and clear data*/
+void KAE_ReleaseBigNumFromByteArray_Clear(BIGNUM* bn);
+
/* BIGNUM convert to jbyteArray */
jbyteArray KAE_GetByteArrayFromBigNum(JNIEnv* env, const BIGNUM* bn);
diff --git a/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/openssl_ad.h b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/openssl_ad.h
deleted file mode 100644
index f4b552137..000000000
--- a/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/openssl_ad.h
+++ /dev/null
@@ -1,10 +0,0 @@
-#include <openssl/opensslv.h>
-#include <openssl/err.h>
-
-#if defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3
-
-// ERR_GET_FUNC() was removed since Openssl3
-#ifndef ERR_GET_FUNC
-#define ERR_GET_FUNC(e) (int)(((e) >> 12L) & 0xFFFL)
-#endif
-#endif
diff --git a/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java b/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java
index 117fea688..497a4b201 100644
--- a/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java
+++ b/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java
@@ -1236,13 +1236,13 @@ public class Main {
if ((legacyAlg & 8) == 8) {
warnings.add(String.format(
rb.getString("The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk..This.key.size.will.be.disabled.in.a.future.update."),
- KeyUtil.fullDisplayAlgName(privateKey), KeyUtil.getKeySize(privateKey)));
+ KeyUtil.fullDisplayAlgName(privateKey, rb), KeyUtil.getKeySize(privateKey)));
}
if ((disabledAlg & 8) == 8) {
errors.add(String.format(
rb.getString("The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk.and.is.disabled."),
- KeyUtil.fullDisplayAlgName(privateKey), KeyUtil.getKeySize(privateKey)));
+ KeyUtil.fullDisplayAlgName(privateKey, rb), KeyUtil.getKeySize(privateKey)));
}
} else {
if ((legacyAlg & 1) != 0) {
@@ -1266,7 +1266,7 @@ public class Main {
if ((legacyAlg & 8) == 8) {
warnings.add(String.format(
rb.getString("The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk..This.key.size.will.be.disabled.in.a.future.update."),
- KeyUtil.fullDisplayAlgName(weakPublicKey), KeyUtil.getKeySize(weakPublicKey)));
+ KeyUtil.fullDisplayAlgName(weakPublicKey, rb), KeyUtil.getKeySize(weakPublicKey)));
}
}
@@ -1445,7 +1445,7 @@ public class Main {
disabledAlgFound = true;
if (key instanceof ECKey) {
return String.format(rb.getString("key.bit.eccurve.disabled"), kLen,
- KeyUtil.fullDisplayAlgName(key));
+ KeyUtil.fullDisplayAlgName(key, rb));
} else {
return String.format(rb.getString("key.bit.disabled"), kLen);
}
@@ -1462,7 +1462,7 @@ public class Main {
legacyAlg |= 8;
if (key instanceof ECKey) {
return String.format(rb.getString("key.bit.eccurve.weak"), kLen,
- KeyUtil.fullDisplayAlgName(key));
+ KeyUtil.fullDisplayAlgName(key, rb));
} else {
return String.format(rb.getString("key.bit.weak"), kLen);
}
@@ -1520,7 +1520,7 @@ public class Main {
} catch (CertPathValidatorException e) {
if (key instanceof ECKey) {
return String.format(rb.getString("key.bit.eccurve.disabled"), kLen,
- KeyUtil.fullDisplayAlgName(key));
+ KeyUtil.fullDisplayAlgName(key, rb));
} else {
return String.format(rb.getString("key.bit.disabled"), kLen);
}
@@ -1535,7 +1535,7 @@ public class Main {
} catch (CertPathValidatorException e) {
if (key instanceof ECKey) {
return String.format(rb.getString("key.bit.eccurve.weak"), kLen,
- KeyUtil.fullDisplayAlgName(key));
+ KeyUtil.fullDisplayAlgName(key, rb));
} else {
return String.format(rb.getString("key.bit.weak"), kLen);
}
diff --git a/test/jdk/java/security/KeyAgreement/KeyAgreementTest.java b/test/jdk/java/security/KeyAgreement/KeyAgreementTest.java
index 398e3ea2a..1e5eb9680 100644
--- a/test/jdk/java/security/KeyAgreement/KeyAgreementTest.java
+++ b/test/jdk/java/security/KeyAgreement/KeyAgreementTest.java
@@ -39,7 +39,6 @@ import java.security.KeyPairGenerator;
import java.security.spec.NamedParameterSpec;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
-import java.security.Security;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
@@ -54,13 +53,7 @@ public class KeyAgreementTest {
String kpgAlgo = args[1];
String provider = System.getProperty("test.provider.name", args[2]);
System.out.println("Testing " + kaAlgo);
- AlgoSpec aSpec;
- if (Security.getProperty("security.provider.1").equals("KAEProvider") &&
- kaAlgo.equals("ECDH")) {
- aSpec = AlgoSpec.valueOf(AlgoSpec.class, "KAEECDH");
- } else {
- aSpec = AlgoSpec.valueOf(AlgoSpec.class, kaAlgo);
- }
+ AlgoSpec aSpec = AlgoSpec.valueOf(AlgoSpec.class, kaAlgo);
List<AlgorithmParameterSpec> specs = aSpec.getAlgorithmParameterSpecs();
for (AlgorithmParameterSpec spec : specs) {
testKeyAgreement(provider, kaAlgo, kpgAlgo, spec);
@@ -77,7 +70,6 @@ public class KeyAgreementTest {
// "java.base/share/classes/sun/security/util/CurveDB.java"
ECDH("secp256r1", "secp384r1", "secp521r1"),
- KAEECDH("secp224r1", "secp256r1", "secp384r1", "secp521r1"),
XDH("X25519", "X448", "x25519"),
// There is no curve for DiffieHellman
DiffieHellman(new String[]{});
@@ -89,7 +81,6 @@ public class KeyAgreementTest {
for (String crv : curves) {
switch (this.name()) {
case "ECDH":
- case "KAEECDH":
specs.add(new ECGenParameterSpec(crv));
break;
case "XDH":
diff --git a/test/jdk/java/security/Signature/SignatureGetInstance.java b/test/jdk/java/security/Signature/SignatureGetInstance.java
index 536c3ba67..860382e15 100644
--- a/test/jdk/java/security/Signature/SignatureGetInstance.java
+++ b/test/jdk/java/security/Signature/SignatureGetInstance.java
@@ -55,12 +55,11 @@ public class SignatureGetInstance {
MyPubKey testPub = new MyPubKey();
Provider kaeProvider = Security.getProvider("KAEProvider");
- String expectedProvName = kaeProvider != null ? "KAEProvider" : "SunRsaSign";
-
+ String expectedProvName = kaeProvider != null ? "KAEProvider" : System.getProperty("test.provider.name", "SunRsaSign");
testDblInit(testPriv, testPub, true, "TestProvider");
- testDblInit(kp.getPrivate(), kp.getPublic(), true,
- System.getProperty("test.provider.name", expectedProName));
+ testDblInit(kp.getPrivate(), kp.getPublic(), true, expectedProvName);
+
testDblInit(testPriv, kp.getPublic(), false, null);
testDblInit(kp.getPrivate(), testPub, false, null);
diff --git a/test/jdk/javax/crypto/KEM/GenLargeNumberOfKeys.java b/test/jdk/javax/crypto/KEM/GenLargeNumberOfKeys.java
index 6bcf4346c..4c9bc28e4 100644
--- a/test/jdk/javax/crypto/KEM/GenLargeNumberOfKeys.java
+++ b/test/jdk/javax/crypto/KEM/GenLargeNumberOfKeys.java
@@ -49,12 +49,14 @@ public class GenLargeNumberOfKeys {
private static void testAlgo(KEM kem, String algo, String curveId) throws Exception {
KeyPair kp = genKeyPair(algo, curveId);
- KEM.Encapsulator e = kem.newEncapsulator(kp.getPublic());
- KEM.Decapsulator d = kem.newDecapsulator(kp.getPrivate());
- for (int i = 0; i < COUNT; i++) {
- test(e, d);
+ if (!kp.getPrivate().getClass().getSimpleName().equals("KAEECPrivateKeyImpl")) {
+ KEM.Encapsulator e = kem.newEncapsulator(kp.getPublic());
+ KEM.Decapsulator d = kem.newDecapsulator(kp.getPrivate());
+ for (int i = 0; i < COUNT; i++) {
+ test(e, d);
+ }
+ System.out.println(algo + ": test Successful");
}
- System.out.println(algo + ": test Successful");
}
private static KeyPair genKeyPair(String algo, String curveId) throws Exception {
diff --git a/test/jdk/javax/crypto/KEM/KemTest.java b/test/jdk/javax/crypto/KEM/KemTest.java
index cc26871d3..c4bdc25d0 100644
--- a/test/jdk/javax/crypto/KEM/KemTest.java
+++ b/test/jdk/javax/crypto/KEM/KemTest.java
@@ -97,62 +97,64 @@ public class KemTest {
try {
KeyPair kp = keyPair.gen(algo, curveId);
KEM.Encapsulator encT = kem.newEncapsulator(kp.getPublic());
- Asserts.assertEQ(encT.providerName(), PROVIDER);
- KEM.Encapsulated enc = encT.encapsulate();
- KEM.Encapsulated enc1 = encT.encapsulate();
+ if (!kp.getPrivate().getClass().getSimpleName().equals("KAEECPrivateKeyImpl")) {
+ Asserts.assertEQ(encT.providerName(), PROVIDER);
+ KEM.Encapsulated enc = encT.encapsulate();
+ KEM.Encapsulated enc1 = encT.encapsulate();
- KEM kem1 = KEM.getInstance(ALGO, PROVIDER);
- KEM.Encapsulator encT2 = kem1.newEncapsulator(kp.getPublic());
- KEM.Encapsulated enc2 = encT2.encapsulate();
+ KEM kem1 = KEM.getInstance(ALGO, PROVIDER);
+ KEM.Encapsulator encT2 = kem1.newEncapsulator(kp.getPublic());
+ KEM.Encapsulated enc2 = encT2.encapsulate();
- Asserts.assertEQ(enc.key().getEncoded().length, nSecret);
- Asserts.assertEQ(enc.encapsulation().length, nEnc);
+ Asserts.assertEQ(enc.key().getEncoded().length, nSecret);
+ Asserts.assertEQ(enc.encapsulation().length, nEnc);
- Asserts.assertTrue(Arrays.equals(enc.key().getEncoded(), enc.key().getEncoded()));
- Asserts.assertTrue(Arrays.equals(enc.encapsulation(), enc.encapsulation()));
+ Asserts.assertTrue(Arrays.equals(enc.key().getEncoded(), enc.key().getEncoded()));
+ Asserts.assertTrue(Arrays.equals(enc.encapsulation(), enc.encapsulation()));
- Asserts.assertFalse(Arrays.equals(enc.key().getEncoded(), enc1.key().getEncoded()));
- Asserts.assertFalse(Arrays.equals(enc.encapsulation(), enc1.encapsulation()));
+ Asserts.assertFalse(Arrays.equals(enc.key().getEncoded(), enc1.key().getEncoded()));
+ Asserts.assertFalse(Arrays.equals(enc.encapsulation(), enc1.encapsulation()));
- Asserts.assertFalse(Arrays.equals(enc.key().getEncoded(), enc2.key().getEncoded()));
- Asserts.assertFalse(Arrays.equals(enc.encapsulation(), enc2.encapsulation()));
+ Asserts.assertFalse(Arrays.equals(enc.key().getEncoded(), enc2.key().getEncoded()));
+ Asserts.assertFalse(Arrays.equals(enc.encapsulation(), enc2.encapsulation()));
- SecretKey sk = enc.key();
- KEM.Decapsulator decT = kem.newDecapsulator(kp.getPrivate());
- SecretKey dsk = decT.decapsulate(enc.encapsulation());
- Asserts.assertEQ(decT.providerName(), PROVIDER);
- Asserts.assertTrue(Arrays.equals(sk.getEncoded(), dsk.getEncoded()));
- Asserts.assertTrue(Arrays.equals(sk.getEncoded(),
- decT.decapsulate(enc.encapsulation()).getEncoded()));
- Asserts.assertTrue(Arrays.equals(enc.key().getEncoded(),
- decT.decapsulate(enc.encapsulation()).getEncoded()));
+ SecretKey sk = enc.key();
+ KEM.Decapsulator decT = kem.newDecapsulator(kp.getPrivate());
+ SecretKey dsk = decT.decapsulate(enc.encapsulation());
+ Asserts.assertEQ(decT.providerName(), PROVIDER);
+ Asserts.assertTrue(Arrays.equals(sk.getEncoded(), dsk.getEncoded()));
+ Asserts.assertTrue(Arrays.equals(sk.getEncoded(),
+ decT.decapsulate(enc.encapsulation()).getEncoded()));
+ Asserts.assertTrue(Arrays.equals(enc.key().getEncoded(),
+ decT.decapsulate(enc.encapsulation()).getEncoded()));
- Asserts.assertEQ(encT.encapsulationSize(), enc.encapsulation().length);
- Asserts.assertEQ(encT.encapsulationSize(), decT.encapsulationSize());
- Asserts.assertEQ(encT.secretSize(), enc.key().getEncoded().length);
- Asserts.assertEQ(encT.secretSize(), decT.secretSize());
- Asserts.assertEQ(decT.secretSize(), dsk.getEncoded().length);
- Asserts.assertEQ(decT.secretSize(),
- decT.decapsulate(enc.encapsulation()).getEncoded().length);
- Asserts.assertEQ(decT.decapsulate(enc.encapsulation()).getEncoded().length,
- enc.key().getEncoded().length);
+ Asserts.assertEQ(encT.encapsulationSize(), enc.encapsulation().length);
+ Asserts.assertEQ(encT.encapsulationSize(), decT.encapsulationSize());
+ Asserts.assertEQ(encT.secretSize(), enc.key().getEncoded().length);
+ Asserts.assertEQ(encT.secretSize(), decT.secretSize());
+ Asserts.assertEQ(decT.secretSize(), dsk.getEncoded().length);
+ Asserts.assertEQ(decT.secretSize(),
+ decT.decapsulate(enc.encapsulation()).getEncoded().length);
+ Asserts.assertEQ(decT.decapsulate(enc.encapsulation()).getEncoded().length,
+ enc.key().getEncoded().length);
- KEM.Encapsulated enc3 = encT.encapsulate(0, encT.secretSize(), "AES");
- KEM.Decapsulator decT1 = kem.newDecapsulator(kp.getPrivate());
- SecretKey dsk1 = decT1.decapsulate(
- enc3.encapsulation(), 0, decT1.secretSize(), "AES");
- Asserts.assertTrue(Arrays.equals(dsk1.getEncoded(), enc3.key().getEncoded()));
+ KEM.Encapsulated enc3 = encT.encapsulate(0, encT.secretSize(), "AES");
+ KEM.Decapsulator decT1 = kem.newDecapsulator(kp.getPrivate());
+ SecretKey dsk1 = decT1.decapsulate(
+ enc3.encapsulation(), 0, decT1.secretSize(), "AES");
+ Asserts.assertTrue(Arrays.equals(dsk1.getEncoded(), enc3.key().getEncoded()));
- try {
- decT.decapsulate(new byte[enc.encapsulation().length]);
- throw new RuntimeException("Shouldn't reach here");
- } catch (DecapsulateException de) {
- //de.printStackTrace();
- System.out.println("Expected Failure: mismatched encapsulation");
- }
+ try {
+ decT.decapsulate(new byte[enc.encapsulation().length]);
+ throw new RuntimeException("Shouldn't reach here");
+ } catch (DecapsulateException de) {
+ //de.printStackTrace();
+ System.out.println("Expected Failure: mismatched encapsulation");
+ }
- System.out.println("KEM Secret length:" + algo + ":" + curveId
- + ":nSecret:" + nSecret + ":nEnc:" + nEnc);
+ System.out.println("KEM Secret length:" + algo + ":" + curveId
+ + ":nSecret:" + nSecret + ":nEnc:" + nEnc);
+ }
} catch (Exception e) {
throw new RuntimeException(e);
}
@@ -190,6 +192,7 @@ public class KemTest {
private static void testParallelEncapsulator(KEM kem, String algo, String curveId)
throws Exception {
KeyPair kp = keyPair.gen(algo, curveId);
+ if (kp.getPrivate().getClass().getSimpleName().equals("KAEECPrivateKeyImpl")) { return; }
ExecutorService executor = null;
try {
executor = Executors.newFixedThreadPool(THREAD_POOL_SIZE);
@@ -225,6 +228,7 @@ public class KemTest {
private static void testParallelEncapsulate(KEM kem, String algo, String curveId)
throws Exception {
KeyPair kp = keyPair.gen(algo, curveId);
+ if (kp.getPrivate().getClass().getSimpleName().equals("KAEECPrivateKeyImpl")) { return; }
ExecutorService executor = null;
try {
executor = Executors.newFixedThreadPool(THREAD_POOL_SIZE);
@@ -258,6 +262,7 @@ public class KemTest {
private static void testParallelDecapsulator(KEM kem, String algo, String curveId)
throws Exception {
KeyPair kp = keyPair.gen(algo, curveId);
+ if (kp.getPrivate().getClass().getSimpleName().equals("KAEECPrivateKeyImpl")) { return; }
ExecutorService executor = null;
try {
executor = Executors.newFixedThreadPool(THREAD_POOL_SIZE);
@@ -291,6 +296,7 @@ public class KemTest {
private static void testParallelDecapsulate(KEM kem, String algo, String curveId)
throws Exception {
KeyPair kp = keyPair.gen(algo, curveId);
+ if (kp.getPrivate().getClass().getSimpleName().equals("KAEECPrivateKeyImpl")) { return; }
ExecutorService executor = null;
try {
executor = Executors.newFixedThreadPool(THREAD_POOL_SIZE);
diff --git a/test/jdk/org/openeuler/security/openssl/ECDHTest.java b/test/jdk/org/openeuler/security/openssl/ECDHTest.java
index 791fec252..df480dbd6 100644
--- a/test/jdk/org/openeuler/security/openssl/ECDHTest.java
+++ b/test/jdk/org/openeuler/security/openssl/ECDHTest.java
@@ -21,22 +21,18 @@
* questions.
*/
+import org.openeuler.security.openssl.KAEECPrivateKeyImpl;
+import org.openeuler.security.openssl.KAEECPublicKeyImpl;
import org.openeuler.security.openssl.KAEProvider;
-import sun.security.ec.ECPrivateKeyImpl;
-import sun.security.ec.ECPublicKeyImpl;
import javax.crypto.KeyAgreement;
import java.math.BigInteger;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.Provider;
-import java.security.Security;
+import java.security.*;
import java.security.spec.ECFieldFp;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.EllipticCurve;
import java.util.Arrays;
-import java.nio.charset.StandardCharsets;
import java.security.spec.*;
import java.security.KeyFactory;
import java.security.interfaces.ECPrivateKey;
@@ -78,31 +74,30 @@ public class ECDHTest {
KeyFactory keyFactory = KeyFactory.getInstance("EC");
ECPrivateKeySpec privateKeySpec = new ECPrivateKeySpec(new BigInteger("20135071615800221517902437867016717688420688735490569283842831828983"), PARAMS);
- ECPrivateKeyImpl ecPrivKey = (ECPrivateKeyImpl)keyFactory.generatePrivate(privateKeySpec);
-
+ ECPrivateKey ecPrivKey = (ECPrivateKey) keyFactory.generatePrivate(privateKeySpec);
ECPoint ecPoint = new ECPoint(new BigInteger("9490267631555585552004372465967099662885480699902812460349461311384"), new BigInteger("1974573604976093871117393045089050409882519645527397292712281520811"));
ECPublicKeySpec publicKeySpec = new ECPublicKeySpec(ecPoint,PARAMS);
- ECPublicKeyImpl ecPublicKey = (ECPublicKeyImpl)keyFactory.generatePublic(publicKeySpec);
- testKeyAgreement(ecPrivKey, ecPublicKey, new byte[]{-88, -65, 43, -84, 26, 43, 46, 106, 20, 39, -76, 30, -71, 72, -102, 120, 108, -92, -86, -14, -96, -42, 93, -40, -43, -25, 15, -62});
+ ECPublicKey ecPublicKey = (ECPublicKey)keyFactory.generatePublic(publicKeySpec);
+ testKeyAgreement((KAEECPrivateKeyImpl) ecPrivKey, (KAEECPublicKeyImpl) ecPublicKey, new byte[]{-88, -65, 43, -84, 26, 43, 46, 106, 20, 39, -76, 30, -71, 72, -102, 120, 108, -92, -86, -14, -96, -42, 93, -40, -43, -25, 15, -62});
}
public static void testKeyPairByParam(ECParameterSpec PARAMS) throws Exception {
keyPairGenerator = KeyPairGenerator.getInstance(algorithm);
keyPairGenerator.initialize(PARAMS);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
- ECPrivateKeyImpl ecPrivKey = (ECPrivateKeyImpl) keyPair.getPrivate();
- ECPublicKeyImpl ecPublicKey = (ECPublicKeyImpl) keyPair.getPublic();
+ PrivateKey ecPriKey = keyPair.getPrivate();
+ PublicKey ecPublicKey = keyPair.getPublic();
}
public static void testKeyPairByKeySize(int keySize) throws Exception {
keyPairGenerator = KeyPairGenerator.getInstance(algorithm);
keyPairGenerator.initialize(keySize);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
- ECPrivateKeyImpl ecPrivKey = (ECPrivateKeyImpl) keyPair.getPrivate();
- ECPublicKeyImpl ecPublicKey = (ECPublicKeyImpl) keyPair.getPublic();
+ PrivateKey ecPriKey = keyPair.getPrivate();
+ PublicKey ecPublicKey = keyPair.getPublic();
}
- public static void testKeyAgreement(ECPrivateKeyImpl ecPrivKey, ECPublicKeyImpl ecPublicKey, byte[] expectRes) throws Exception {
+ public static void testKeyAgreement(KAEECPrivateKeyImpl ecPrivKey, KAEECPublicKeyImpl ecPublicKey, byte[] expectRes) throws Exception {
KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
keyAgreement.init(ecPrivKey);
keyAgreement.doPhase(ecPublicKey, true);
@@ -111,4 +106,4 @@ public class ECDHTest {
throw new RuntimeException("keyagreement failed");
}
}
-}
\ No newline at end of file
+}
diff --git a/test/jdk/org/openeuler/security/openssl/KAEGcmIvLenTest.java b/test/jdk/org/openeuler/security/openssl/KAEGcmIvLenTest.java
new file mode 100644
index 000000000..444e47264
--- /dev/null
+++ b/test/jdk/org/openeuler/security/openssl/KAEGcmIvLenTest.java
@@ -0,0 +1,53 @@
+import org.openeuler.security.openssl.KAEProvider;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.GCMParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.nio.charset.StandardCharsets;
+import java.security.Security;
+import java.util.Arrays;
+
+/**
+ * @test
+ * @summary Basic test for AES/GCM Iv
+ * @modules jdk.crypto.kaeprovider/org.openeuler.security.openssl
+ * @requires os.arch=="aarch64"
+ * @run main KAEGcmIvLenTest
+ */
+public class KAEGcmIvLenTest {
+ private static String plainText = "helloworldhellow"; // 16bytes for NoPadding
+ private static String shortPlainText = "helloworld"; // 5 bytes for padding
+ private static SecretKeySpec ks = new SecretKeySpec("AESEncryptionKey".getBytes(StandardCharsets.UTF_8), "AES"); // key has 16 bytes
+ private static int[] ivLens = {12, 16};
+ public static void main(String[] args) throws Exception {
+ Security.addProvider(new KAEProvider());
+ for (int ivLen : ivLens) {
+ testGcm(plainText,"AES/GCM/NoPadding", "KAEProvider", "SunJCE", ivLen);
+ testGcm(plainText,"AES/GCM/NoPadding", "SunJCE", "KAEProvider", ivLen);
+ testGcm(shortPlainText,"AES/GCM/NoPadding", "KAEProvider", "SunJCE", ivLen);
+ testGcm(shortPlainText,"AES/GCM/NoPadding", "SunJCE", "KAEProvider", ivLen);
+ }
+
+ }
+
+ private static void testGcm(String plainText, String algo, String encryptProvider, String decryptProvider, int ivLen) throws Exception {
+ Cipher enCipher = Cipher.getInstance(algo, encryptProvider);
+ enCipher.init(Cipher.ENCRYPT_MODE, ks, getIv(ivLen));
+ byte[] cipherText = enCipher.doFinal(plainText.getBytes());
+
+ Cipher deCipher = Cipher.getInstance(algo, decryptProvider);
+ deCipher.init(Cipher.DECRYPT_MODE, ks, getIv(ivLen));
+ byte[] origin = deCipher.doFinal(cipherText);
+
+ if (!Arrays.equals(plainText.getBytes(), origin)) {
+ throw new RuntimeException("gcm decryption failed, algo = " + algo);
+ }
+ }
+
+ private static GCMParameterSpec getIv(int ivLen) {
+ if (ivLen == 16) {
+ return new GCMParameterSpec(128, "abcdefghabcdefgh".getBytes(StandardCharsets.UTF_8));
+ }
+ return new GCMParameterSpec(96, "abcdefghabcd".getBytes(StandardCharsets.UTF_8));
+ }
+}
diff --git a/test/jdk/org/openeuler/security/openssl/KAETestHelper.java b/test/jdk/org/openeuler/security/openssl/KAETestHelper.java
index 59ad91ddc..27a75290a 100644
--- a/test/jdk/org/openeuler/security/openssl/KAETestHelper.java
+++ b/test/jdk/org/openeuler/security/openssl/KAETestHelper.java
@@ -67,7 +67,8 @@ class KAETestHelper {
"hmac-sha512",
"rsa",
"dh",
- "ec"
+ "ec",
+ "sm2"
};
private static final Map<String, Integer> ALGORITHM_NAME_MAP = new HashMap<>();
diff --git a/test/jdk/org/openeuler/security/openssl/KAEUseEngineTest.java b/test/jdk/org/openeuler/security/openssl/KAEUseEngineTest.java
index a5b9b5386..6a042f5d1 100644
--- a/test/jdk/org/openeuler/security/openssl/KAEUseEngineTest.java
+++ b/test/jdk/org/openeuler/security/openssl/KAEUseEngineTest.java
@@ -44,7 +44,8 @@ import java.util.Map;
* @run main/othervm -Dkae.log=true -Dkae.rsa.useKaeEngine=true KAEUseEngineTest
* @run main/othervm -Dkae.log=true -Dkae.dh.useKaeEngine=true KAEUseEngineTest
* @run main/othervm -Dkae.log=true -Dkae.ec.useKaeEngine=true KAEUseEngineTest
- * @run main/othervm -Dkae.log=true -Dall.test=enable -Dkae.digest.useKaeEngine=true -Dkae.aes.useKaeEngine=true -Dkae.sm4.useKaeEngine=true -Dkae.hmac.useKaeEngine=true -Dkae.rsa.useKaeEngine=true -Dkae.dh.useKaeEngine=true -Dkae.ec.useKaeEngine=true KAEUseEngineTest
+ * @run main/othervm -Dkae.log=true -Dkae.sm2.useKaeEngine=true KAEUseEngineTest
+ * @run main/othervm -Dkae.log=true -Dall.test=enable -Dkae.digest.useKaeEngine=true -Dkae.aes.useKaeEngine=true -Dkae.sm4.useKaeEngine=true -Dkae.hmac.useKaeEngine=true -Dkae.rsa.useKaeEngine=true -Dkae.dh.useKaeEngine=true -Dkae.ec.useKaeEngine=true -Dkae.sm2.useKaeEngine=true KAEUseEngineTest
* @run main/othervm -Dkae.log=true -Dkae.digest.useKaeEngine=false KAEUseEngineTest
* @run main/othervm -Dkae.log=true -Dkae.aes.useKaeEngine=true KAEUseEngineTest
* @run main/othervm -Dkae.log=true -Dkae.sm4.useKaeEngine=true KAEUseEngineTest
@@ -52,7 +53,8 @@ import java.util.Map;
* @run main/othervm -Dkae.log=true -Dkae.rsa.useKaeEngine=true KAEUseEngineTest
* @run main/othervm -Dkae.log=true -Dkae.dh.useKaeEngine=true KAEUseEngineTest
* @run main/othervm -Dkae.log=true -Dkae.ec.useKaeEngine=true KAEUseEngineTest
- * @run main/othervm -Dkae.log=true -Dall.test=disable -Dkae.digest.useKaeEngine=false -Dkae.aes.useKaeEngine=false -Dkae.sm4.useKaeEngine=false -Dkae.hmac.useKaeEngine=false -Dkae.rsa.useKaeEngine=false -Dkae.dh.useKaeEngine=false -Dkae.ec.useKaeEngine=false KAEUseEngineTest
+ * @run main/othervm -Dkae.log=true -Dkae.sm2.useKaeEngine=true KAEUseEngineTest
+ * @run main/othervm -Dkae.log=true -Dall.test=disable -Dkae.digest.useKaeEngine=false -Dkae.aes.useKaeEngine=false -Dkae.sm4.useKaeEngine=false -Dkae.hmac.useKaeEngine=false -Dkae.rsa.useKaeEngine=false -Dkae.dh.useKaeEngine=false -Dkae.ec.useKaeEngine=false -Dkae.sm2.useKaeEngine=true KAEUseEngineTest
* @run main/othervm -Dkae.log=true -Dall.test=default -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true KAEUseEngineTest
* @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.digest.useKaeEngine=true KAEUseEngineTest
* @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.aes.useKaeEngine=true KAEUseEngineTest
@@ -61,7 +63,8 @@ import java.util.Map;
* @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.rsa.useKaeEngine=true KAEUseEngineTest
* @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.dh.useKaeEngine=true KAEUseEngineTest
* @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.ec.useKaeEngine=true KAEUseEngineTest
- * @run main/othervm -Dkae.log=true -Dall.test=enable -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.digest.useKaeEngine=true -Dkae.aes.useKaeEngine=true -Dkae.sm4.useKaeEngine=true -Dkae.hmac.useKaeEngine=true -Dkae.rsa.useKaeEngine=true -Dkae.dh.useKaeEngine=true -Dkae.ec.useKaeEngine=true KAEUseEngineTest
+ * @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.sm2.useKaeEngine=true KAEUseEngineTest
+ * @run main/othervm -Dkae.log=true -Dall.test=enable -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.digest.useKaeEngine=true -Dkae.aes.useKaeEngine=true -Dkae.sm4.useKaeEngine=true -Dkae.hmac.useKaeEngine=true -Dkae.rsa.useKaeEngine=true -Dkae.dh.useKaeEngine=true -Dkae.ec.useKaeEngine=true -Dkae.sm2.useKaeEngine=true KAEUseEngineTest
* @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.digest.useKaeEngine=false KAEUseEngineTest
* @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.aes.useKaeEngine=true KAEUseEngineTest
* @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.sm4.useKaeEngine=true KAEUseEngineTest
@@ -69,94 +72,100 @@ import java.util.Map;
* @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.rsa.useKaeEngine=true KAEUseEngineTest
* @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.dh.useKaeEngine=true KAEUseEngineTest
* @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.ec.useKaeEngine=true KAEUseEngineTest
- * @run main/othervm -Dkae.log=true -Dall.test=disable -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.digest.useKaeEngine=false -Dkae.aes.useKaeEngine=false -Dkae.sm4.useKaeEngine=false -Dkae.hmac.useKaeEngine=false -Dkae.rsa.useKaeEngine=false -Dkae.dh.useKaeEngine=false -Dkae.ec.useKaeEngine=false KAEUseEngineTest
+ * @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.sm2.useKaeEngine=true KAEUseEngineTest
+ * @run main/othervm -Dkae.log=true -Dall.test=disable -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.digest.useKaeEngine=false -Dkae.aes.useKaeEngine=false -Dkae.sm4.useKaeEngine=false -Dkae.hmac.useKaeEngine=false -Dkae.rsa.useKaeEngine=false -Dkae.dh.useKaeEngine=false -Dkae.ec.useKaeEngine=false -Dkae.sm2.useKaeEngine=false KAEUseEngineTest
*/
public class KAEUseEngineTest {
enum Mode {
DEFAULT(new boolean[]{
true, false, false, true, false, false, false, false, false, false,
false, false, false, false, false, false, true, true, true, true,
- false, false, false, false, false, false, true, true, false
+ false, false, false, false, false, false, true, true, false, false
}),
DIGEST_ENABLE(new boolean[]{
true, false, false, true, false, false, false, false, false, false,
false, false, false, false, false, false, true, true, true, true,
- false, false, false, false, false, false, true, true, false
+ false, false, false, false, false, false, true, true, false, false
}, 0, true),
AES_ENABLE(new boolean[]{
true, false, false, true, true, true, true, true, true, true,
true, true, true, true, true, true, true, true, true, true,
- false, false, false, false, false, false, true, true, false
+ false, false, false, false, false, false, true, true, false, false
}, 1, true),
SM4_ENABLE(new boolean[]{
true, false, false, true, false, false, false, false, false, false,
false, false, false, false, false, false, true, true, true, true,
- false, false, false, false, false, false, true, true, false
+ false, false, false, false, false, false, true, true, false, false
}, 2, true),
HMAC_ENABLE(new boolean[]{
true, false, false, true, false, false, false, false, false, false,
false, false, false, false, false, false, true, true, true, true,
- true, true, true, true, true, true, true, true, false
+ true, true, true, true, true, true, true, true, false, false
}, 3, true),
RSA_ENABLE(new boolean[]{
true, false, false, true, false, false, false, false, false, false,
false, false, false, false, false, false, true, true, true, true,
- false, false, false, false, false, false, true, true, false
+ false, false, false, false, false, false, true, true, false, false
}, 4, true),
DH_ENABLE(new boolean[]{
true, false, false, true, false, false, false, false, false, false,
false, false, false, false, false, false, true, true, true, true,
- false, false, false, false, false, false, true, true, false
+ false, false, false, false, false, false, true, true, false, false
}, 5, true),
EC_ENABLE(new boolean[]{
true, false, false, true, false, false, false, false, false, false,
false, false, false, false, false, false, true, true, true, true,
- false, false, false, false, false, false, true, true, false
+ false, false, false, false, false, false, true, true, false, false
}, 6, true),
ALL_ENABLE(new boolean[]{
true, false, false, true, true, true, true, true, true, true,
true, true, true, true, true, true, true, true, true, true,
- true, true, true, true, true, true, true, true, false
+ true, true, true, true, true, true, true, true, false, false
}, true),
DIGEST_DISABLE(new boolean[]{
false, false, false, false, false, false, false, false, false, false,
false, false, false, false, false, false, true, true, true, true,
- false, false, false, false, false, false, true, true, false
+ false, false, false, false, false, false, true, true, false, false
}, 0, false),
AES_DISABLE(new boolean[]{
true, false, false, true, false, false, false, false, false, false,
false, false, false, false, false, false, true, true, true, true,
- false, false, false, false, false, false, true, true, false
+ false, false, false, false, false, false, true, true, false, false
}, 1, false),
SM4_DISABLE(new boolean[]{
true, false, false, true, false, false, false, false, false, false,
false, false, false, false, false, false, false, false, false, false,
- false, false, false, false, false, false, true, true, false
+ false, false, false, false, false, false, true, true, false, false
}, 2, false),
HMAC_DISABLE(new boolean[]{
true, false, false, true, false, false, false, false, false, false,
false, false, false, false, false, false, true, true, true, true,
- false, false, false, false, false, false, true, true, false
+ false, false, false, false, false, false, true, true, false, false
}, 3, false),
RSA_DISABLE(new boolean[]{
true, false, false, true, false, false, false, false, false, false,
false, false, false, false, false, false, true, true, true, true,
- false, false, false, false, false, false, false, true, false
+ false, false, false, false, false, false, false, true, false, false
}, 4, false),
DH_DISABLE(new boolean[]{
true, false, false, true, false, false, false, false, false, false,
false, false, false, false, false, false, true, true, true, true,
- false, false, false, false, false, false, true, false, false
+ false, false, false, false, false, false, true, false, false, false
}, 5, false),
EC_DISABLE(new boolean[]{
true, false, false, true, false, false, false, false, false, false,
false, false, false, false, false, false, true, true, true, true,
- false, false, false, false, false, false, true, true, false
+ false, false, false, false, false, false, true, true, false, false
}, 6, false),
+ SM2_DISABLE(new boolean[]{
+ true, false, false, true, false, false, false, false, false, false,
+ false, false, false, false, false, false, true, true, true, true,
+ false, false, false, false, false, false, true, true, false, false
+ }, 7, false),
ALL_DISABLE(new boolean[]{
false, false, false, false, false, false, false, false, false, false,
false, false, false, false, false, false, false, false, false, false,
- false, false, false, false, false, false, false, false, false
+ false, false, false, false, false, false, false, false, false, false
}, false);
private final boolean[] expectedResult;
private final Integer propertyNameIndex;
@@ -208,7 +217,8 @@ public class KAEUseEngineTest {
"kae.hmac.useKaeEngine",
"kae.rsa.useKaeEngine",
"kae.dh.useKaeEngine",
- "kae.ec.useKaeEngine"
+ "kae.ec.useKaeEngine",
+ "kae.sm2.useKaeEngine"
};
private static final List<File> files = new ArrayList<>();
@@ -260,4 +270,4 @@ public class KAEUseEngineTest {
"actual:" + Arrays.toString(kaeUseEngineFlags));
}
}
-}
\ No newline at end of file
+}
diff --git a/test/jdk/org/openeuler/security/openssl/KaeProviderTest.java b/test/jdk/org/openeuler/security/openssl/KaeProviderTest.java
index 0f4425b6d..3a50ab526 100644
--- a/test/jdk/org/openeuler/security/openssl/KaeProviderTest.java
+++ b/test/jdk/org/openeuler/security/openssl/KaeProviderTest.java
@@ -26,10 +26,7 @@ import org.openeuler.security.openssl.KAEProvider;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
-import java.security.KeyPairGenerator;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.Security;
+import java.security.*;
/**
* @test
@@ -54,7 +51,9 @@ public class KaeProviderTest {
"kae.hmac",
"kae.rsa",
"kae.dh",
- "kae.ec"
+ "kae.ec",
+ "kae.sm2.cipher",
+ "kae.sm2.signature"
};
private static final String KAE = "KAEProvider";
@@ -86,6 +85,7 @@ public class KaeProviderTest {
testRsa();
testDh();
testEc();
+ testSM2();
}
public static void testMd5() throws NoSuchAlgorithmException {
@@ -151,6 +151,28 @@ public class KaeProviderTest {
judge("kae.ec",keyPairGenerator.getProvider().getName());
}
+ public static void testSM2() throws NoSuchAlgorithmException, NoSuchPaddingException {
+ try {
+ KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("SM2");
+ judge("kae.sm2.cipher",keyPairGenerator.getProvider().getName());
+ Cipher cipher = Cipher.getInstance("SM2");
+ judge("kae.sm2.cipher",cipher.getProvider().getName());
+
+ } catch (NoSuchAlgorithmException e) {
+ if(Boolean.parseBoolean(System.getProperty("kae.sm2.cipher"))){
+ throw e;
+ }
+ }
+ try {
+ Signature signature = Signature.getInstance("SM3WithSM2");
+ judge("kae.sm2.signature",signature.getProvider().getName());
+ } catch (NoSuchAlgorithmException e) {
+ if(Boolean.parseBoolean(System.getProperty("kae.sm2.signature"))){
+ throw e;
+ }
+ }
+ }
+
private static void judge(String algorithm , String providerName){
String value = System.getProperty(algorithm);
if (value == null) {
@@ -168,4 +190,4 @@ public class KaeProviderTest {
}
}
}
-}
\ No newline at end of file
+}
diff --git a/test/jdk/org/openeuler/security/openssl/SM2Test.java b/test/jdk/org/openeuler/security/openssl/SM2Test.java
new file mode 100644
index 000000000..c5b272050
--- /dev/null
+++ b/test/jdk/org/openeuler/security/openssl/SM2Test.java
@@ -0,0 +1,175 @@
+/*
+ * Copyright (c) 2024, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import org.openeuler.security.openssl.KAEProvider;
+
+import javax.crypto.Cipher;
+import java.security.*;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.Arrays;
+
+/**
+ * @test
+ * @summary Basic test for SM2
+ * @modules jdk.crypto.kaeprovider/org.openeuler.security.openssl
+ * @requires os.arch=="aarch64"
+ * @run main SM2Test
+ */
+
+public class SM2Test {
+ private static final byte[] INFO = "SM2 test".getBytes();
+ private static final byte[] PUBLIC_KEY_BYTES = new byte[]{
+ 48, 89, 48, 19, 6, 7, 42, -122, 72, -50, 61, 2, 1, 6, 8, 42,
+ -127, 28, -49, 85, 1, -126, 45, 3, 66, 0, 4, 10, -36, -22, -20, 17,
+ 26, 86, -114, -52, -78, 79, -22, 116, -47, -70, -33, 112, 32, -18, 92, -45,
+ -58, 20, 36, -5, 55, 68, -95, -57, -121, 10, 33, -76, 54, 24, -119, -104,
+ 61, -24, -113, 46, -57, 36, -78, -37, -95, -113, -52, -88, -5, 22, -67, 101,
+ 94, 37, 2, -58, 55, -35, 15, -21, 31, -49, -80
+ };
+ private static final byte[] PRIVATE_KEY_BYTES = new byte[]{
+ 48, -127, -109, 2, 1, 0, 48, 19, 6, 7, 42, -122, 72, -50, 61, 2,
+ 1, 6, 8, 42, -127, 28, -49, 85, 1, -126, 45, 4, 121, 48, 119, 2,
+ 1, 1, 4, 32, -104, 71, 54, -41, 24, 66, 82, -45, 114, -113, -121, -105,
+ -35, 35, 9, 49, -8, 119, 44, 118, 80, -20, 47, -38, -69, -47, 121, -8,
+ -73, -33, 4, 54, -96, 10, 6, 8, 42, -127, 28, -49, 85, 1, -126, 45,
+ -95, 68, 3, 66, 0, 4, 10, -36, -22, -20, 17, 26, 86, -114, -52, -78,
+ 79, -22, 116, -47, -70, -33, 112, 32, -18, 92, -45, -58, 20, 36, -5, 55,
+ 68, -95, -57, -121, 10, 33, -76, 54, 24, -119, -104, 61, -24, -113, 46, -57,
+ 36, -78, -37, -95, -113, -52, -88, -5, 22, -67, 101, 94, 37, 2, -58, 55,
+ -35, 15, -21, 31, -49, -80
+ };
+
+ private static final byte[] ENCRYPTED_BYTES = new byte[]{
+ 48, 113, 2, 33, 0, -91, 51, 29, -122, -26, 120, 43, 27, 115, -57, -98,
+ -124, 114, -30, -83, 69, -69, -38, -54, -38, 127, 90, -89, -40, 114, -9, 99,
+ 111, 121, 55, -81, 109, 2, 32, 6, -103, 108, -59, -11, -108, -7, 116, 34,
+ -8, -29, 58, -43, -109, -121, -66, -62, -82, 92, 117, 100, -28, 63, -103, -32,
+ -81, 10, 4, -46, 114, 49, 34, 4, 32, 18, 66, 110, 22, -3, -101, -122,
+ 46, 21, 25, 29, 35, -82, -119, 38, -10, -19, -30, 69, -100, -118, -105, 116,
+ -105, -65, -110, -24, -42, -17, 84, -66, 82, 4, 8, 7, 14, 4, 64, 95, 31, 87, 93
+ };
+
+ private static PrivateKey privateKey;
+
+ private static PublicKey publicKey;
+
+ public static void main(String[] args) throws Exception {
+ init();
+ testDecryptByPrivateKey();
+ testEncryptByPublicKey();
+ testEncryptByPrivateKey();
+ testSignature();
+ testWrapAndUnwrap();
+ }
+
+ /**
+ * Init private key and public key
+ */
+ public static void init() throws Exception {
+ Security.insertProviderAt(new KAEProvider(), 1);
+ KeyFactory keyFactory = KeyFactory.getInstance("SM2");
+ publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(PUBLIC_KEY_BYTES));
+ privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(PRIVATE_KEY_BYTES));
+ }
+
+ /**
+ * Test private key decryption
+ */
+ public static void testDecryptByPrivateKey() throws Exception {
+ byte[] decryptBytes = decrypt(privateKey, ENCRYPTED_BYTES);
+ if(!Arrays.equals(INFO, decryptBytes)) {
+ throw new RuntimeException("testDecryptByPrivateKey failed");
+ }
+ }
+
+ /**
+ * Test public key encryption and private key decryption
+ */
+ public static void testEncryptByPublicKey() throws Exception {
+ byte[] encryptBytes = encrypt(publicKey, INFO);
+ byte[] decryptBytes = decrypt(privateKey, encryptBytes);
+ if(!Arrays.equals(INFO, decryptBytes)) {
+ throw new RuntimeException("testEncryptByPublicKey failed");
+ }
+ }
+
+ /**
+ * Test private key encryption and public key decryption
+ */
+ public static void testEncryptByPrivateKey() throws Exception {
+ try {
+ encrypt(privateKey, INFO);
+ throw new RuntimeException("testEncryptByPrivateKey failed");
+ }catch (InvalidKeyException e){
+ // catch InvalidKeyException is normal
+ }
+ }
+
+ public static void testSignature() throws Exception {
+
+ Signature sign = Signature.getInstance("SM3withSM2");
+ sign.initSign(privateKey);
+ sign.update(INFO);
+ byte[] signInfo = sign.sign();
+
+ sign.initVerify(publicKey);
+ sign.update(INFO);
+ if (!sign.verify(signInfo)) {
+ throw new RuntimeException("sm2 testSignature failed.");
+ }
+ }
+
+ public static void testWrapAndUnwrap() throws Exception {
+ KeyPair keyPair = generateKeyPair();
+ KeyPair wrapKeyPair = generateKeyPair();
+ Cipher cipher = Cipher.getInstance("SM2");
+ cipher.init(Cipher.WRAP_MODE, keyPair.getPublic());
+ byte[] wrappedKeyBytes = cipher.wrap(wrapKeyPair.getPublic());
+ cipher.init(Cipher.UNWRAP_MODE, keyPair.getPrivate());
+ Key unWrappedKey = cipher.unwrap(wrappedKeyBytes, "SM2", Cipher.PUBLIC_KEY);
+ if(!Arrays.equals(wrapKeyPair.getPublic().getEncoded(), unWrappedKey.getEncoded())) {
+ throw new RuntimeException("testWrapAndUnwrap failed");
+ }
+ }
+
+ private static KeyPair generateKeyPair() throws Exception {
+ KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("SM2");
+ return keyPairGenerator.generateKeyPair();
+ }
+
+ private static byte[] doCrypt(int opmode, Key key, byte[] input) throws Exception {
+ Cipher cipher = Cipher.getInstance("SM2");
+ cipher.init(opmode, key);
+ cipher.update(input);
+ return cipher.doFinal();
+ }
+
+ private static byte[] encrypt(Key key, byte[] input) throws Exception {
+ return doCrypt(Cipher.ENCRYPT_MODE, key, input);
+ }
+
+ private static byte[] decrypt(Key key, byte[] input) throws Exception {
+ return doCrypt(Cipher.DECRYPT_MODE, key, input);
+ }
+}
diff --git a/test/jdk/sun/security/jca/PreferredProviderNegativeTest.java b/test/jdk/sun/security/jca/PreferredProviderNegativeTest.java
index 52cfbab4e..1722d1b42 100644
--- a/test/jdk/sun/security/jca/PreferredProviderNegativeTest.java
+++ b/test/jdk/sun/security/jca/PreferredProviderNegativeTest.java
@@ -111,7 +111,7 @@ public class PreferredProviderNegativeTest {
if (Security.getProperty("security.provider.1").equals("KAEProvider")) {
expected = "KAEProvider";
} else {
- expected = "SunJCE";
+ expected = System.getProperty("test.provider.name", "SunJCE");
}
if (args.length >= 2) {
diff --git a/test/jdk/sun/security/pkcs11/policy b/test/jdk/sun/security/pkcs11/policy
index 42d22643e..16b41821b 100644
--- a/test/jdk/sun/security/pkcs11/policy
+++ b/test/jdk/sun/security/pkcs11/policy
@@ -1,5 +1,5 @@
grant {
permission java.lang.RuntimePermission "setSecurityManager";
- permission java.util.PropertyPermission "test.provider.name", "read";
permission java.util.PropertyPermission "kae.disableKaeDispose", "read";
+ permission java.util.PropertyPermission "test.provider.name", "read";
};
diff --git a/test/jdk/sun/security/provider/all/Deterministic.java b/test/jdk/sun/security/provider/all/Deterministic.java
index 2a2f5d888..63b42169d 100644
--- a/test/jdk/sun/security/provider/all/Deterministic.java
+++ b/test/jdk/sun/security/provider/all/Deterministic.java
@@ -62,6 +62,10 @@ public class Deterministic {
for (var p : Security.getProviders()) {
var name = p.getName();
+ if (name.equals("KAEProvider")) {
+ System.out.println("Skip testcase if using KAEProvider");
+ break;
+ }
if (name.equals("SunMSCAPI") || name.startsWith("SunPKCS11")) {
System.out.println("Skipped native provider " + name);
continue;
diff --git a/test/jdk/sun/security/util/InternalPrivateKey/Correctness.java b/test/jdk/sun/security/util/InternalPrivateKey/Correctness.java
index eb16c6056..550dfd2b9 100644
--- a/test/jdk/sun/security/util/InternalPrivateKey/Correctness.java
+++ b/test/jdk/sun/security/util/InternalPrivateKey/Correctness.java
@@ -51,14 +51,16 @@ public class Correctness {
PublicKey p1 = kp.getPublic();
PrivateKey s1 = kp.getPrivate();
- if (s1 instanceof InternalPrivateKey ipk) {
- PublicKey p2 = ipk.calculatePublicKey();
- Asserts.assertTrue(Arrays.equals(p2.getEncoded(), p1.getEncoded()));
- Asserts.assertEQ(p2.getAlgorithm(), p1.getAlgorithm());
- Asserts.assertEQ(p2.getFormat(), p1.getFormat());
- } else {
- throw new RuntimeException("Not an InternalPrivateKey: "
- + s1.getClass());
+ if (!s1.getClass().getSimpleName().equals("KAEECPrivateKeyImpl")){
+ if (s1 instanceof InternalPrivateKey ipk) {
+ PublicKey p2 = ipk.calculatePublicKey();
+ Asserts.assertTrue(Arrays.equals(p2.getEncoded(), p1.getEncoded()));
+ Asserts.assertEQ(p2.getAlgorithm(), p1.getAlgorithm());
+ Asserts.assertEQ(p2.getFormat(), p1.getFormat());
+ } else {
+ throw new RuntimeException("Not an InternalPrivateKey: "
+ + s1.getClass());
+ }
}
}
}
diff --git a/test/micro/org/openeuler/bench/security/openssl/SM2CipherBenchmark.java b/test/micro/org/openeuler/bench/security/openssl/SM2CipherBenchmark.java
new file mode 100644
index 000000000..3935b7a3d
--- /dev/null
+++ b/test/micro/org/openeuler/bench/security/openssl/SM2CipherBenchmark.java
@@ -0,0 +1,117 @@
+/*
+ * Copyright (c) 2024, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package org.openeuler.bench.security.openssl;
+
+import org.openeuler.security.openssl.KAEProvider;
+import org.openjdk.jmh.annotations.*;
+
+import java.security.*;
+import java.util.Random;
+import java.util.concurrent.TimeUnit;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+
+/**
+ * SM2 Cipher Benchmark
+ */
+@BenchmarkMode(Mode.Throughput)
+@OutputTimeUnit(TimeUnit.SECONDS)
+@Warmup(iterations = 3, time = 3, timeUnit = TimeUnit.SECONDS)
+@Measurement(iterations = 8, time = 2, timeUnit = TimeUnit.SECONDS)
+@Fork(jvmArgsPrepend = {"-Xms100G", "-Xmx100G", "-XX:+AlwaysPreTouch"}, value = 5)
+@Threads(1)
+@State(Scope.Thread)
+public class SM2CipherBenchmark {
+ public static final int SET_SIZE = 128;
+ byte[][] data;
+ int index = 0;
+
+ @Param({"SM2"})
+ private String algorithm;
+
+ @Param({"" + 1024, "" + 10 * 1024, "" + 100 * 1024, "" + 1024 * 1024})
+ private int dataSize;
+
+ @Param({"KAEProvider"})
+ private String provider;
+
+ public Provider prov = null;
+
+ private KeyPair keyPair;
+
+ private byte[][] encryptedData;
+ private Cipher encryptCipher;
+ private Cipher decryptCipher;
+
+ @Setup
+ public void setup() throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException,
+ IllegalBlockSizeException, BadPaddingException {
+ Security.addProvider(new KAEProvider());
+ prov = Security.getProvider(provider);
+
+ KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("SM2");
+ keyPair = keyPairGenerator.generateKeyPair();
+
+ encryptCipher = (prov == null) ? Cipher.getInstance(algorithm) : Cipher.getInstance(algorithm, prov);
+ encryptCipher.init(Cipher.ENCRYPT_MODE, keyPair.getPublic());
+ decryptCipher = (prov == null) ? Cipher.getInstance(algorithm) : Cipher.getInstance(algorithm, prov);
+ decryptCipher.init(Cipher.DECRYPT_MODE, keyPair.getPrivate());
+
+ data = fillRandom(new byte[SET_SIZE][dataSize]);
+ encryptedData = fillEncrypted(data, encryptCipher);
+ }
+
+ @Benchmark
+ public byte[] encrypt() throws IllegalBlockSizeException, BadPaddingException {
+ byte[] d = data[index];
+ index = (index + 1) % SET_SIZE;
+ return encryptCipher.doFinal(d);
+ }
+
+ @Benchmark
+ public byte[] decrypt() throws IllegalBlockSizeException, BadPaddingException {
+ byte[] e = encryptedData[index];
+ index = (index + 1) % SET_SIZE;
+ return decryptCipher.doFinal(e);
+ }
+ public static byte[][] fillRandom(byte[][] data) {
+ Random rnd = new Random();
+ for (byte[] d : data) {
+ rnd.nextBytes(d);
+ }
+ return data;
+ }
+
+ public static byte[][] fillEncrypted(byte[][] data, Cipher encryptCipher)
+ throws IllegalBlockSizeException, BadPaddingException {
+ byte[][] encryptedData = new byte[data.length][];
+ for (int i = 0; i < encryptedData.length; i++) {
+ encryptedData[i] = encryptCipher.doFinal(data[i]);
+ }
+ return encryptedData;
+ }
+}
+
diff --git a/test/micro/org/openeuler/bench/security/openssl/SM2SignatureBenchmark.java b/test/micro/org/openeuler/bench/security/openssl/SM2SignatureBenchmark.java
new file mode 100644
index 000000000..70a7bcc10
--- /dev/null
+++ b/test/micro/org/openeuler/bench/security/openssl/SM2SignatureBenchmark.java
@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 2024, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package org.openeuler.bench.security.openssl;
+
+import org.openeuler.security.openssl.KAEProvider;
+import org.openjdk.jmh.annotations.*;
+
+import java.security.*;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * SM2 Signature Benchmark
+ */
+@BenchmarkMode(Mode.Throughput)
+@OutputTimeUnit(TimeUnit.SECONDS)
+@Warmup(iterations = 3, time = 3, timeUnit = TimeUnit.SECONDS)
+@Measurement(iterations = 8, time = 2, timeUnit = TimeUnit.SECONDS)
+@Fork(jvmArgsPrepend = {"-Xms100G", "-Xmx100G", "-XX:+AlwaysPreTouch"}, value = 5)
+@Threads(1)
+@State(Scope.Thread)
+public class SM2SignatureBenchmark {
+ public static final int SET_SIZE = 128;
+ byte[][] data;
+ int index = 0;
+
+ @Param({"SM3withSM2"})
+ private String algorithm;
+
+ @Param({"" + 1024, "" + 10 * 1024, "" + 100 * 1024, "" + 256 * 1024, "" + 1024 * 1024, "" + 10 * 1024 * 1024})
+ private int dataSize;
+
+ @Param({"KAEProvider"})
+ private String provider;
+
+ public Provider prov = null;
+
+ private KeyPair keyPair;
+
+ private byte[][] sigData;
+
+ @Setup
+ public void setup() throws Exception {
+ Security.addProvider(new KAEProvider());
+ prov = Security.getProvider(provider);
+
+ KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("SM2");
+ keyPair = keyPairGenerator.generateKeyPair();
+
+ data = new byte[SET_SIZE][dataSize];
+ sigData = getSigBytes(data);
+ }
+
+ private byte[][] getSigBytes(byte[][] data) throws Exception {
+ byte[][] sigBytes = new byte[data.length][];
+ Signature signature = prov != null ? Signature.getInstance(algorithm, prov) :
+ Signature.getInstance(algorithm);
+ signature.initSign(keyPair.getPrivate());
+ for (int i = 0; i < sigBytes.length; i++) {
+ signature.update(data[i]);
+ sigBytes[i] = signature.sign();
+ }
+ return sigBytes;
+ }
+
+ @Benchmark
+ public void sign() throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
+ Signature signature = prov != null ? Signature.getInstance(algorithm, prov) :
+ Signature.getInstance(algorithm);
+ signature.initSign(keyPair.getPrivate());
+ signature.update(data[index]);
+ signature.sign();
+ index = (index + 1) % SET_SIZE;
+ }
+
+ @Benchmark
+ public void verify() throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
+ Signature signature = prov != null ? Signature.getInstance(algorithm, prov) :
+ Signature.getInstance(algorithm);
+ signature.initVerify(keyPair.getPublic());
+ signature.update(data[index]);
+ signature.verify(sigData[index]);
+ index = (index + 1) % SET_SIZE;
+ }
+}
--
2.47.0.windows.2
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手