diff --git a/huawei-Add-KAE-SM2.patch b/huawei-Add-KAE-SM2.patch deleted file mode 100644 index 7f0fa21b089a0745dd2f67acef025bae7f55dc0b..0000000000000000000000000000000000000000 --- a/huawei-Add-KAE-SM2.patch +++ /dev/null @@ -1,5256 +0,0 @@ -Date: Wed, 19 Mar 2025 17:30:07 +0800 -Subject: Add KAE SM2 - ---- - make/modules/jdk.crypto.kaeprovider/Lib.gmk | 8 +- - src/java.base/share/classes/module-info.java | 1 + - .../sun/security/tools/keytool/Main.java | 15 +- - .../classes/sun/security/util/KeyUtil.java | 53 ++ - .../classes/sun/security/util/KnownOIDs.java | 3 + - .../classes/sun/security/util/NamedCurve.java | 2 +- - .../openeuler/security/openssl/KAEConfig.java | 22 +- - .../security/openssl/KAECurveDB.java | 729 ++++++++++++++++++ - .../openssl/KAEDHKeyPairGenerator.java | 1 + - .../security/openssl/KAEECDHKeyAgreement.java | 12 +- - .../security/openssl/KAEECKeyFactory.java | 308 ++++++++ - .../openssl/KAEECKeyPairGenerator.java | 17 +- - .../security/openssl/KAEECParameters.java | 241 ++++++ - .../security/openssl/KAEECPrivateKeyImpl.java | 214 +++++ - .../security/openssl/KAEECPublicKeyImpl.java | 132 ++++ - .../security/openssl/KAENamedCurve.java | 100 +++ - .../security/openssl/KAEProvider.java | 29 +- - .../security/openssl/KAESM2Cipher.java | 386 ++++++++++ - .../openssl/KAESM2KeyPairGenerator.java | 108 +++ - .../security/openssl/KAESM2Signature.java | 373 +++++++++ - .../openeuler/security/openssl/KAEUtils.java | 35 + - .../linux/conf/security/kaeprovider.conf | 11 +- - .../security/openssl/kae_cipher_sm2.c | 365 +++++++++ - .../security/openssl/kae_exception.c | 1 - - .../security/openssl/kae_signature_sm2.c | 284 +++++++ - .../security/openssl/kae_symmetric_cipher.c | 23 +- - .../org/openeuler/security/openssl/kae_util.c | 11 +- - .../org/openeuler/security/openssl/kae_util.h | 6 +- - .../openeuler/security/openssl/openssl_ad.h | 10 - - .../sun/security/tools/jarsigner/Main.java | 14 +- - .../KeyAgreement/KeyAgreementTest.java | 11 +- - .../Signature/SignatureGetInstance.java | 7 +- - .../crypto/KEM/GenLargeNumberOfKeys.java | 12 +- - test/jdk/javax/crypto/KEM/KemTest.java | 98 +-- - .../openeuler/security/openssl/ECDHTest.java | 29 +- - .../security/openssl/KAEGcmIvLenTest.java | 53 ++ - .../security/openssl/KAETestHelper.java | 3 +- - .../security/openssl/KAEUseEngineTest.java | 56 +- - .../security/openssl/KaeProviderTest.java | 34 +- - .../openeuler/security/openssl/SM2Test.java | 175 +++++ - .../jca/PreferredProviderNegativeTest.java | 2 +- - test/jdk/sun/security/pkcs11/policy | 2 +- - .../security/provider/all/Deterministic.java | 4 + - .../util/InternalPrivateKey/Correctness.java | 18 +- - .../security/openssl/SM2CipherBenchmark.java | 117 +++ - .../openssl/SM2SignatureBenchmark.java | 104 +++ - 46 files changed, 4061 insertions(+), 178 deletions(-) - create mode 100644 src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAECurveDB.java - create mode 100644 src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECKeyFactory.java - create mode 100644 src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECParameters.java - create mode 100644 src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECPrivateKeyImpl.java - create mode 100644 src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECPublicKeyImpl.java - create mode 100644 src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAENamedCurve.java - create mode 100644 src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAESM2Cipher.java - create mode 100644 src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAESM2KeyPairGenerator.java - create mode 100644 src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAESM2Signature.java - create mode 100644 src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_cipher_sm2.c - create mode 100644 src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_signature_sm2.c - delete mode 100644 src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/openssl_ad.h - create mode 100644 test/jdk/org/openeuler/security/openssl/KAEGcmIvLenTest.java - create mode 100644 test/jdk/org/openeuler/security/openssl/SM2Test.java - create mode 100644 test/micro/org/openeuler/bench/security/openssl/SM2CipherBenchmark.java - create mode 100644 test/micro/org/openeuler/bench/security/openssl/SM2SignatureBenchmark.java - -diff --git a/make/modules/jdk.crypto.kaeprovider/Lib.gmk b/make/modules/jdk.crypto.kaeprovider/Lib.gmk -index 2b01e3ed4..70afa6c51 100644 ---- a/make/modules/jdk.crypto.kaeprovider/Lib.gmk -+++ b/make/modules/jdk.crypto.kaeprovider/Lib.gmk -@@ -25,6 +25,11 @@ - - include LibCommon.gmk - -+LIBMEMCPY_FILES += \ -+ $(addprefix $(TOPDIR)/src/hotspot/share/runtime/, \ -+ libc_wrappers.cpp \ -+ ) -+ - ################################################################################ - - ifeq ($(ENABLE_KAE), true) -@@ -32,11 +37,12 @@ ifeq ($(ENABLE_KAE), true) - $(eval $(call SetupJdkLibrary, BUILD_LIBJ2KAE, \ - NAME := j2kae, \ - OPTIMIZATION := LOW, \ -+ EXTRA_FILES := $(LIBMEMCPY_FILES), \ - CFLAGS := $(CFLAGS_JDKLIB), \ - CXXFLAGS := $(CXXFLAGS_JDKLIB), \ - LDFLAGS := $(LDFLAGS_JDKLIB) \ - $(call SET_SHARED_LIBRARY_ORIGIN), \ -- LIBS_unix := $(LIBDL) -lssl -lcrypto, \ -+ LIBS_unix := $(LIBDL) -lpthread -lm -lssl -lcrypto, \ - )) - - TARGETS += $(BUILD_LIBJ2KAE) -diff --git a/src/java.base/share/classes/module-info.java b/src/java.base/share/classes/module-info.java -index 8d7441a2e..c2a6b9caf 100644 ---- a/src/java.base/share/classes/module-info.java -+++ b/src/java.base/share/classes/module-info.java -@@ -335,6 +335,7 @@ module java.base { - jdk.crypto.kaeprovider, - jdk.naming.dns; - exports sun.security.pkcs to -+ jdk.crypto.kaeprovider, - jdk.crypto.ec, - jdk.jartool; - exports sun.security.provider to -diff --git a/src/java.base/share/classes/sun/security/tools/keytool/Main.java b/src/java.base/share/classes/sun/security/tools/keytool/Main.java -index 268911c77..a1eaf6357 100644 ---- a/src/java.base/share/classes/sun/security/tools/keytool/Main.java -+++ b/src/java.base/share/classes/sun/security/tools/keytool/Main.java -@@ -59,6 +59,7 @@ import java.security.cert.X509CRLSelector; - import javax.security.auth.x500.X500Principal; - import java.util.Base64; - -+ - import sun.security.pkcs12.PKCS12KeyStore; - import sun.security.provider.certpath.CertPathConstraintsParameters; - import sun.security.util.ConstraintsParameters; -@@ -2021,7 +2022,7 @@ public final class Main { - ("Generating.keysize.bit.keyAlgName.key.pair.and.a.certificate.sigAlgName.issued.by.signerAlias.with.a.validity.of.validality.days.for")); - source = new Object[]{ - groupName == null ? keysize : KeyUtil.getKeySize(privKey), -- KeyUtil.fullDisplayAlgName(privKey), -+ KeyUtil.fullDisplayAlgName(privKey, rb), - newCert.getSigAlgName(), - signerAlias, - validity, -@@ -2031,7 +2032,7 @@ public final class Main { - ("Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for")); - source = new Object[]{ - groupName == null ? keysize : KeyUtil.getKeySize(privKey), -- KeyUtil.fullDisplayAlgName(privKey), -+ KeyUtil.fullDisplayAlgName(privKey, rb), - newCert.getSigAlgName(), - validity, - x500Name}; -@@ -3579,7 +3580,7 @@ public final class Main { - private String withWeakConstraint(Key key, - CertPathConstraintsParameters cpcp) { - int kLen = KeyUtil.getKeySize(key); -- String displayAlg = KeyUtil.fullDisplayAlgName(key); -+ String displayAlg = KeyUtil.fullDisplayAlgName(key, rb); - try { - DISABLED_CHECK.permits(key.getAlgorithm(), cpcp, true); - } catch (CertPathValidatorException e) { -@@ -4955,13 +4956,13 @@ public final class Main { - weakWarnings.add(String.format( - rb.getString("whose.key.weak"), label, - String.format(rb.getString("key.bit"), -- KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key)))); -+ KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key, rb)))); - } - } catch (CertPathValidatorException e) { - weakWarnings.add(String.format( - rb.getString("whose.key.disabled"), label, - String.format(rb.getString("key.bit"), -- KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key)))); -+ KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key, rb)))); - } - } - } -@@ -4982,12 +4983,12 @@ public final class Main { - weakWarnings.add(String.format( - rb.getString("whose.key.disabled"), label, - String.format(rb.getString("key.bit"), -- KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key)))); -+ KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key, rb)))); - } else if (!LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, key)) { - weakWarnings.add(String.format( - rb.getString("whose.key.weak"), label, - String.format(rb.getString("key.bit"), -- KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key)))); -+ KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key, rb)))); - } - } - } -diff --git a/src/java.base/share/classes/sun/security/util/KeyUtil.java b/src/java.base/share/classes/sun/security/util/KeyUtil.java -index 8f81d0035..2a56442ca 100644 ---- a/src/java.base/share/classes/sun/security/util/KeyUtil.java -+++ b/src/java.base/share/classes/sun/security/util/KeyUtil.java -@@ -25,6 +25,8 @@ - - package sun.security.util; - -+import java.lang.reflect.Field; -+import java.lang.reflect.Array; - import java.math.BigInteger; - import java.security.AlgorithmParameters; - import java.security.InvalidKeyException; -@@ -32,6 +34,7 @@ import java.security.Key; - import java.security.SecureRandom; - import java.security.interfaces.*; - import java.security.spec.*; -+import java.text.MessageFormat; - import java.util.Arrays; - import javax.crypto.SecretKey; - import javax.crypto.interfaces.DHKey; -@@ -197,6 +200,56 @@ public final class KeyUtil { - return result; - } - -+ /** -+ * Returns the algorithm name of the given key object. If an EC key is -+ * specified, returns the algorithm name and its named curve. -+ * -+ * @param key the key object, cannot be null -+ * @param rb the resource bundle -+ * @return the algorithm name of the given key object, or return in the -+ * form of "EC (named curve)" if the given key object is an EC key -+ */ -+ public static final String fullDisplayAlgName(Key key, java.util.ResourceBundle rb) { -+ String result = key.getAlgorithm(); -+ if (key instanceof ECKey) { -+ ECParameterSpec paramSpec = ((ECKey) key).getParams(); -+ if (paramSpec instanceof NamedCurve nc) { -+ result += " (" + nc.getNameAndAliases()[0] + ")"; -+ } else if (paramSpec.getClass().getSimpleName().equals("KAENamedCurve")) { -+ try { -+ Field na = paramSpec.getClass().getDeclaredField("nameAndAliases"); -+ na.setAccessible(true); -+ result += " (" + (String)Array.get(na.get(paramSpec), 0) + ")"; -+ } catch (NoSuchFieldException | IllegalAccessException e) { -+ MessageFormat form = new MessageFormat(rb.getString -+ ("can.not.get.field")); -+ Object[] source = {"KAENamedCurveException"}; -+ System.out.println(form.format(source)); -+ } -+ } else if (paramSpec instanceof ECParameterSpec && key.getClass().getSimpleName().equals( -+ "KAEECPrivateKeyImpl")) { -+ if (getKeySize(key) == -1) { -+ result += " (secp256r1)"; -+ } else { -+ try { -+ AlgorithmParameters ap = AlgorithmParameters.getInstance("EC"); -+ ap.init(new ECKeySizeParameterSpec(getKeySize(key))); -+ // The following line assumes the toString value is "name (oid)" -+ result += " (" + ap.toString().split(" ")[0] + ")"; -+ } catch (Exception e) { -+ MessageFormat form = new MessageFormat(rb.getString -+ ("can.not.get.param")); -+ Object[] source = {"KAEECPrivateKeyImplException"}; -+ System.out.println(form.format(source)); -+ } -+ } -+ } -+ } else if (key instanceof EdECKey) { -+ result = ((EdECKey) key).getParams().getName(); -+ } -+ return result; -+ } -+ - /** - * Returns whether the key is valid or not. - *

-diff --git a/src/java.base/share/classes/sun/security/util/KnownOIDs.java b/src/java.base/share/classes/sun/security/util/KnownOIDs.java -index 8cd0a03a3..97f599c7b 100644 ---- a/src/java.base/share/classes/sun/security/util/KnownOIDs.java -+++ b/src/java.base/share/classes/sun/security/util/KnownOIDs.java -@@ -328,6 +328,9 @@ public enum KnownOIDs { - brainpoolP384r1("1.3.36.3.3.2.8.1.1.11"), - brainpoolP512r1("1.3.36.3.3.2.8.1.1.13"), - -+ // sm2 -+ sm2p256v1("1.2.156.10197.1.301"), -+ - // Certicom 1.3.132.* - sect163k1("1.3.132.0.1", "sect163k1", "NIST K-163"), - sect163r1("1.3.132.0.2"), -diff --git a/src/java.base/share/classes/sun/security/util/NamedCurve.java b/src/java.base/share/classes/sun/security/util/NamedCurve.java -index 68a92f51c..700172451 100644 ---- a/src/java.base/share/classes/sun/security/util/NamedCurve.java -+++ b/src/java.base/share/classes/sun/security/util/NamedCurve.java -@@ -89,4 +89,4 @@ public final class NamedCurve extends ECParameterSpec { - sb.append(" (" + oid + ")"); - return sb.toString(); - } --} -+} -\ No newline at end of file -diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEConfig.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEConfig.java -index a4eb57770..770162a9e 100644 ---- a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEConfig.java -+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEConfig.java -@@ -51,7 +51,9 @@ public class KAEConfig { - "kae.hmac", - "kae.rsa", - "kae.dh", -- "kae.ec" -+ "kae.ec", -+ "kae.sm2.cipher", -+ "kae.sm2.signature" - }; - - // these property names indicate whether KAE hardware acceleration is enabled for each algorithm -@@ -62,7 +64,8 @@ public class KAEConfig { - "kae.hmac.useKaeEngine", - "kae.rsa.useKaeEngine", - "kae.dh.useKaeEngine", -- "kae.ec.useKaeEngine" -+ "kae.ec.useKaeEngine", -+ "kae.sm2.useKaeEngine" - }; - - // algorithm names -@@ -95,7 +98,8 @@ public class KAEConfig { - "hmac-sha512", - "rsa", - "dh", -- "ec" -+ "ec", -+ "sm2" - }; - - // algorithm name and algorithm index mapping -@@ -239,7 +243,8 @@ public class KAEConfig { - false, // hmac - true, // rsa - true, // dh -- false // ec -+ false, // ec -+ false // sm2 - }; - for (int i = 0; i < useKaeEnginePropertyNames.length; i++) { - String configValue = privilegedGetOverridable(useKaeEnginePropertyNames[i]); -@@ -248,8 +253,9 @@ public class KAEConfig { - } - } - -- // EC algorithm currently does not support KAE hardware acceleration, temporarily use openssl soft calculation. -- categoryFlagsForEngine[useKaeEnginePropertyNames.length - 1] = false; -+ // EC and SM2 algorithm currently does not support KAE hardware acceleration, temporarily use openssl soft calculation. -+ categoryFlagsForEngine[6] = false; -+ categoryFlagsForEngine[7] = false; - - for (int i = 0; i < useKaeEngineFlags.length; i++) { - Integer algorithmCategoryIndex = algorithmNameCategoryMap.get(algorithmNames[i]); -@@ -301,6 +307,7 @@ public class KAEConfig { - * 4 : rsa - * 5 : dh - * 6 : ec -+ * 7 : sm2 - */ - private static void initAlgorithmNameCategoryMap() { - algorithmNameCategoryMap.put("md5", 0); -@@ -332,6 +339,7 @@ public class KAEConfig { - algorithmNameCategoryMap.put("rsa", 4); - algorithmNameCategoryMap.put("dh", 5); - algorithmNameCategoryMap.put("ec", 6); -+ algorithmNameCategoryMap.put("sm2", 7); - } - - private static void initAlgorithmNameMap() { -@@ -341,7 +349,7 @@ public class KAEConfig { - - private static String[] getDisabledAlgorithms() { - String disabledAlgorithms = privilegedGetOverridable("kae.engine.disabledAlgorithms", -- "sha256,sha384"); -+ "sha256,sha384,sm2"); - return disabledAlgorithms.replaceAll(" ", "").split("\\,"); - } - -diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAECurveDB.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAECurveDB.java -new file mode 100644 -index 000000000..64af42280 ---- /dev/null -+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAECurveDB.java -@@ -0,0 +1,729 @@ -+/* -+ * Copyright (c) 2006, 2021, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2023, Huawei Technologies Co., Ltd. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. Oracle designates this -+ * particular file as subject to the "Classpath" exception as provided -+ * by Oracle in the LICENSE file that accompanied this code. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+package org.openeuler.security.openssl; -+ -+import java.math.BigInteger; -+ -+import java.security.spec.*; -+ -+import java.util.*; -+ -+import sun.security.util.KnownOIDs; -+import sun.security.util.ECUtil; -+ -+/** -+ * Repository for well-known Elliptic Curve parameters. It is used by both -+ * the SunPKCS11 and SunJSSE code. -+ * -+ * @since 1.6 -+ * @author Andreas Sterbenz -+ */ -+public class KAECurveDB { -+ private static final int P = 1; // prime curve -+ private static final int B = 2; // binary curve -+ private static final int PD = 5; // prime curve, mark as default -+ private static final int BD = 6; // binary curve, mark as default -+ -+ private static final Map oidMap = -+ new LinkedHashMap(); -+ private static final Map nameMap = -+ new HashMap(); -+ private static final Map lengthMap = -+ new HashMap(); -+ -+ private static Collection specCollection; -+ -+ // Return a NamedCurve for the specified OID/name or null if unknown. -+ public static KAENamedCurve lookup(String name) { -+ KAENamedCurve spec = oidMap.get(name); -+ if (spec != null) { -+ return spec; -+ } -+ -+ return nameMap.get(name.toLowerCase(Locale.ENGLISH)); -+ } -+ -+ // Return EC parameters for the specified field size. If there are known -+ // NIST recommended parameters for the given length, they are returned. -+ // Otherwise, if there are multiple matches for the given size, an -+ // arbitrary one is returns. -+ // If no parameters are known, the method returns null. -+ // NOTE that this method returns both prime and binary curves. -+ static KAENamedCurve lookup(int length) { -+ return lengthMap.get(length); -+ } -+ -+ // Convert the given ECParameterSpec object to a NamedCurve object. -+ // If params does not represent a known named curve, return null. -+ public static KAENamedCurve lookup(ECParameterSpec params) { -+ if ((params instanceof KAENamedCurve) || (params == null)) { -+ return (KAENamedCurve)params; -+ } -+ -+ // This code allows SunJSSE to work with 3rd party crypto -+ // providers for ECC and not just SunPKCS11. -+ // This can go away once we decide how to expose curve names in the -+ // public API. -+ // Note that it assumes that the 3rd party provider encodes named -+ // curves using the short form, not explicitly. If it did that, then -+ // the SunJSSE TLS ECC extensions are wrong, which could lead to -+ // interoperability problems. -+ int fieldSize = params.getCurve().getField().getFieldSize(); -+ for (KAENamedCurve namedCurve : specCollection) { -+ // ECParameterSpec does not define equals, so check all the -+ // components ourselves. -+ // Quick field size check first -+ if (namedCurve.getCurve().getField().getFieldSize() != fieldSize) { -+ continue; -+ } -+ if (ECUtil.equals(namedCurve, params)) { -+ // everything matches our named curve, return it -+ return namedCurve; -+ } -+ } -+ // no match found -+ return null; -+ } -+ -+ private static BigInteger bi(String s) { -+ return new BigInteger(s, 16); -+ } -+ -+ private static void add(KnownOIDs o, int type, String sfield, -+ String a, String b, String x, String y, String n, int h) { -+ BigInteger p = bi(sfield); -+ ECField field; -+ if ((type == P) || (type == PD)) { -+ field = new ECFieldFp(p); -+ } else if ((type == B) || (type == BD)) { -+ field = new ECFieldF2m(p.bitLength() - 1, p); -+ } else { -+ throw new RuntimeException("Invalid type: " + type); -+ } -+ -+ EllipticCurve curve = new EllipticCurve(field, bi(a), bi(b)); -+ ECPoint g = new ECPoint(bi(x), bi(y)); -+ -+ String oid = o.value(); -+ KAENamedCurve params = new KAENamedCurve(o, curve, g, bi(n), h); -+ if (oidMap.put(oid, params) != null) { -+ throw new RuntimeException("Duplication oid: " + oid); -+ } -+ -+ for (String cn : params.getNameAndAliases()) { -+ if (nameMap.put(cn.toLowerCase(Locale.ENGLISH), -+ params) != null) { -+ throw new RuntimeException("Duplication name: " + cn); -+ } -+ } -+ -+ int len = field.getFieldSize(); -+ if ((type == PD) || (type == BD) || (lengthMap.get(len) == null)) { -+ // add entry if none present for this field size or if -+ // the curve is marked as a default curve. -+ lengthMap.put(len, params); -+ } -+ } -+ -+ static { -+ /* SEC2 prime curves */ -+ add(KnownOIDs.secp112r1, P, -+ "DB7C2ABF62E35E668076BEAD208B", -+ "DB7C2ABF62E35E668076BEAD2088", -+ "659EF8BA043916EEDE8911702B22", -+ "09487239995A5EE76B55F9C2F098", -+ "A89CE5AF8724C0A23E0E0FF77500", -+ "DB7C2ABF62E35E7628DFAC6561C5", -+ 1); -+ -+ add(KnownOIDs.secp112r2, P, -+ "DB7C2ABF62E35E668076BEAD208B", -+ "6127C24C05F38A0AAAF65C0EF02C", -+ "51DEF1815DB5ED74FCC34C85D709", -+ "4BA30AB5E892B4E1649DD0928643", -+ "adcd46f5882e3747def36e956e97", -+ "36DF0AAFD8B8D7597CA10520D04B", -+ 4); -+ -+ add(KnownOIDs.secp128r1, P, -+ "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", -+ "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC", -+ "E87579C11079F43DD824993C2CEE5ED3", -+ "161FF7528B899B2D0C28607CA52C5B86", -+ "CF5AC8395BAFEB13C02DA292DDED7A83", -+ "FFFFFFFE0000000075A30D1B9038A115", -+ 1); -+ -+ add(KnownOIDs.secp128r2, P, -+ "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", -+ "D6031998D1B3BBFEBF59CC9BBFF9AEE1", -+ "5EEEFCA380D02919DC2C6558BB6D8A5D", -+ "7B6AA5D85E572983E6FB32A7CDEBC140", -+ "27B6916A894D3AEE7106FE805FC34B44", -+ "3FFFFFFF7FFFFFFFBE0024720613B5A3", -+ 4); -+ -+ add(KnownOIDs.secp160k1, P, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", -+ "0000000000000000000000000000000000000000", -+ "0000000000000000000000000000000000000007", -+ "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", -+ "938CF935318FDCED6BC28286531733C3F03C4FEE", -+ "0100000000000000000001B8FA16DFAB9ACA16B6B3", -+ 1); -+ -+ add(KnownOIDs.secp160r1, P, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", -+ "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", -+ "4A96B5688EF573284664698968C38BB913CBFC82", -+ "23A628553168947D59DCC912042351377AC5FB32", -+ "0100000000000000000001F4C8F927AED3CA752257", -+ 1); -+ -+ add(KnownOIDs.secp160r2, P, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70", -+ "B4E134D3FB59EB8BAB57274904664D5AF50388BA", -+ "52DCB034293A117E1F4FF11B30F7199D3144CE6D", -+ "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E", -+ "0100000000000000000000351EE786A818F3A1A16B", -+ 1); -+ -+ add(KnownOIDs.secp192k1, P, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", -+ "000000000000000000000000000000000000000000000000", -+ "000000000000000000000000000000000000000000000003", -+ "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", -+ "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D", -+ "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", -+ 1); -+ -+ add(KnownOIDs.secp192r1, PD, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", -+ "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", -+ "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", -+ "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811", -+ "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", -+ 1); -+ -+ add(KnownOIDs.secp224k1, P, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", -+ "00000000000000000000000000000000000000000000000000000000", -+ "00000000000000000000000000000000000000000000000000000005", -+ "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", -+ "7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5", -+ "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", -+ 1); -+ -+ add(KnownOIDs.secp224r1, PD, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", -+ "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", -+ "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", -+ "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", -+ 1); -+ -+ add(KnownOIDs.secp256k1, P, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", -+ "0000000000000000000000000000000000000000000000000000000000000000", -+ "0000000000000000000000000000000000000000000000000000000000000007", -+ "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", -+ "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8", -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", -+ 1); -+ -+ add(KnownOIDs.secp256r1, PD, -+ "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", -+ "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", -+ "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", -+ "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", -+ "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", -+ "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", -+ 1); -+ -+ add(KnownOIDs.secp384r1, PD, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF", -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC", -+ "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF", -+ "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7", -+ "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F", -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973", -+ 1); -+ -+ add(KnownOIDs.secp521r1, PD, -+ "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", -+ "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", -+ "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", -+ "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", -+ "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650", -+ "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", -+ 1); -+ -+ /* ANSI X9.62 prime curves */ -+ add(KnownOIDs.prime192v2, P, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", -+ "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953", -+ "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A", -+ "6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15", -+ "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31", -+ 1); -+ -+ add(KnownOIDs.prime192v3, P, -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", -+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", -+ "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916", -+ "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896", -+ "38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0", -+ "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13", -+ 1); -+ -+ add(KnownOIDs.prime239v1, P, -+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", -+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", -+ "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A", -+ "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF", -+ "7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE", -+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B", -+ 1); -+ -+ add(KnownOIDs.prime239v2, P, -+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", -+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", -+ "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C", -+ "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7", -+ "5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA", -+ "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063", -+ 1); -+ -+ add(KnownOIDs.prime239v3, P, -+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", -+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", -+ "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E", -+ "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A", -+ "1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3", -+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551", -+ 1); -+ -+ /* SEC2 binary curves */ -+ add(KnownOIDs.sect113r1, B, -+ "020000000000000000000000000201", -+ "003088250CA6E7C7FE649CE85820F7", -+ "00E8BEE4D3E2260744188BE0E9C723", -+ "009D73616F35F4AB1407D73562C10F", -+ "00A52830277958EE84D1315ED31886", -+ "0100000000000000D9CCEC8A39E56F", -+ 2); -+ -+ add(KnownOIDs.sect113r2, B, -+ "020000000000000000000000000201", -+ "00689918DBEC7E5A0DD6DFC0AA55C7", -+ "0095E9A9EC9B297BD4BF36E059184F", -+ "01A57A6A7B26CA5EF52FCDB8164797", -+ "00B3ADC94ED1FE674C06E695BABA1D", -+ "010000000000000108789B2496AF93", -+ 2); -+ -+ add(KnownOIDs.sect131r1, B, -+ "080000000000000000000000000000010D", -+ "07A11B09A76B562144418FF3FF8C2570B8", -+ "0217C05610884B63B9C6C7291678F9D341", -+ "0081BAF91FDF9833C40F9C181343638399", -+ "078C6E7EA38C001F73C8134B1B4EF9E150", -+ "0400000000000000023123953A9464B54D", -+ 2); -+ -+ add(KnownOIDs.sect131r2, B, -+ "080000000000000000000000000000010D", -+ "03E5A88919D7CAFCBF415F07C2176573B2", -+ "04B8266A46C55657AC734CE38F018F2192", -+ "0356DCD8F2F95031AD652D23951BB366A8", -+ "0648F06D867940A5366D9E265DE9EB240F", -+ "0400000000000000016954A233049BA98F", -+ 2); -+ -+ add(KnownOIDs.sect163k1, B, -+ "0800000000000000000000000000000000000000C9", -+ "000000000000000000000000000000000000000001", -+ "000000000000000000000000000000000000000001", -+ "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8", -+ "0289070FB05D38FF58321F2E800536D538CCDAA3D9", -+ "04000000000000000000020108A2E0CC0D99F8A5EF", -+ 2); -+ -+ add(KnownOIDs.sect163r1, B, -+ "0800000000000000000000000000000000000000C9", -+ "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2", -+ "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9", -+ "0369979697AB43897789566789567F787A7876A654", -+ "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883", -+ "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", -+ 2); -+ -+ add(KnownOIDs.sect163r2, BD, -+ "0800000000000000000000000000000000000000C9", -+ "000000000000000000000000000000000000000001", -+ "020A601907B8C953CA1481EB10512F78744A3205FD", -+ "03F0EBA16286A2D57EA0991168D4994637E8343E36", -+ "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", -+ "040000000000000000000292FE77E70C12A4234C33", -+ 2); -+ -+ add(KnownOIDs.sect193r1, B, -+ "02000000000000000000000000000000000000000000008001", -+ "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01", -+ "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814", -+ "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1", -+ "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05", -+ "01000000000000000000000000C7F34A778F443ACC920EBA49", -+ 2); -+ -+ add(KnownOIDs.sect193r2, B, -+ "02000000000000000000000000000000000000000000008001", -+ "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B", -+ "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE", -+ "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F", -+ "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C", -+ "010000000000000000000000015AAB561B005413CCD4EE99D5", -+ 2); -+ -+ add(KnownOIDs.sect233k1, BD, -+ "020000000000000000000000000000000000000004000000000000000001", -+ "000000000000000000000000000000000000000000000000000000000000", -+ "000000000000000000000000000000000000000000000000000000000001", -+ "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126", -+ "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", -+ "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", -+ 4); -+ -+ add(KnownOIDs.sect233r1, B, -+ "020000000000000000000000000000000000000004000000000000000001", -+ "000000000000000000000000000000000000000000000000000000000001", -+ "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", -+ "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B", -+ "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", -+ "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", -+ 2); -+ -+ add(KnownOIDs.sect239k1, B, -+ "800000000000000000004000000000000000000000000000000000000001", -+ "000000000000000000000000000000000000000000000000000000000000", -+ "000000000000000000000000000000000000000000000000000000000001", -+ "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC", -+ "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA", -+ "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", -+ 4); -+ -+ add(KnownOIDs.sect283k1, BD, -+ "0800000000000000000000000000000000000000000000000000000000000000000010A1", -+ "000000000000000000000000000000000000000000000000000000000000000000000000", -+ "000000000000000000000000000000000000000000000000000000000000000000000001", -+ "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836", -+ "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259", -+ "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61", -+ 4); -+ -+ add(KnownOIDs.sect283r1, B, -+ "0800000000000000000000000000000000000000000000000000000000000000000010A1", -+ "000000000000000000000000000000000000000000000000000000000000000000000001", -+ "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5", -+ "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053", -+ "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4", -+ "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307", -+ 2); -+ -+ add(KnownOIDs.sect409k1, BD, -+ "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", -+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", -+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", -+ "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746", -+ "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B", -+ "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", -+ 4); -+ -+ add(KnownOIDs.sect409r1, B, -+ "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", -+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", -+ "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F", -+ "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7", -+ "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706", -+ "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173", -+ 2); -+ -+ add(KnownOIDs.sect571k1, BD, -+ "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", -+ "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", -+ "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", -+ "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972", -+ "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3", -+ "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001", -+ 4); -+ -+ add(KnownOIDs.sect571r1, B, -+ "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", -+ "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", -+ "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A", -+ "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19", -+ "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B", -+ "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47", -+ 2); -+ -+ /* ANSI X9.62 binary curves */ -+ add(KnownOIDs.c2tnb191v1, B, -+ "800000000000000000000000000000000000000000000201", -+ "2866537B676752636A68F56554E12640276B649EF7526267", -+ "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", -+ "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D", -+ "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB", -+ "40000000000000000000000004A20E90C39067C893BBB9A5", -+ 2); -+ -+ add(KnownOIDs.c2tnb191v2, B, -+ "800000000000000000000000000000000000000000000201", -+ "401028774D7777C7B7666D1366EA432071274F89FF01E718", -+ "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01", -+ "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10", -+ "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A", -+ "20000000000000000000000050508CB89F652824E06B8173", -+ 4); -+ -+ add(KnownOIDs.c2tnb191v3, B, -+ "800000000000000000000000000000000000000000000201", -+ "6C01074756099122221056911C77D77E77A777E7E7E77FCB", -+ "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8", -+ "375D4CE24FDE434489DE8746E71786015009E66E38A926DD", -+ "545A39176196575D985999366E6AD34CE0A77CD7127B06BE", -+ "155555555555555555555555610C0B196812BFB6288A3EA3", -+ 6); -+ -+ add(KnownOIDs.c2tnb239v1, B, -+ "800000000000000000000000000000000000000000000000001000000001", -+ "32010857077C5431123A46B808906756F543423E8D27877578125778AC76", -+ "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", -+ "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D", -+ "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305", -+ "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", -+ 4); -+ -+ add(KnownOIDs.c2tnb239v2, B, -+ "800000000000000000000000000000000000000000000000001000000001", -+ "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F", -+ "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B", -+ "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205", -+ "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833", -+ "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", -+ 6); -+ -+ add(KnownOIDs.c2tnb239v3, B, -+ "800000000000000000000000000000000000000000000000001000000001", -+ "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F", -+ "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40", -+ "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92", -+ "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461", -+ "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", -+ 0xA); -+ -+ add(KnownOIDs.c2tnb359v1, B, -+ "800000000000000000000000000000000000000000000000000000000000000000000000100000000000000001", -+ "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557", -+ "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988", -+ "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE98E8E707C07A2239B1B097", -+ "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E4AE2DE211305A407104BD", -+ "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B", -+ 0x4C); -+ -+ add(KnownOIDs.c2tnb431r1, B, -+ "800000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000001", -+ "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F", -+ "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618", -+ "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C21E7C5EFE965361F6C2999C0C247B0DBD70CE6B7", -+ "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760", -+ "0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91", -+ 0x2760); -+ -+ /* ANSI X9.62 binary curves from the 1998 standard but forbidden -+ * in the 2005 version of the standard. -+ * We don't register them but leave them here for the time being in -+ * case we need to support them after all. -+ */ -+/* -+ add(KnownOIDs.c2pnb163v1, B, -+ "080000000000000000000000000000000000000107", -+ "072546B5435234A422E0789675F432C89435DE5242", -+ "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9", -+ "07AF69989546103D79329FCC3D74880F33BBE803CB", -+ "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F", -+ "0400000000000000000001E60FC8821CC74DAEAFC1", -+ 2); -+ -+ add(KnownOIDs.c2pnb163v2, B, -+ "080000000000000000000000000000000000000107", -+ "0108B39E77C4B108BED981ED0E890E117C511CF072", -+ "0667ACEB38AF4E488C407433FFAE4F1C811638DF20", -+ "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5", -+ "079F684DDF6684C5CD258B3890021B2386DFD19FC5", -+ "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", -+ 2); -+ -+ add(KnownOIDs.c2pnb163v3, B, -+ "080000000000000000000000000000000000000107", -+ "07A526C63D3E25A256A007699F5447E32AE456B50E", -+ "03F7061798EB99E238FD6F1BF95B48FEEB4854252B", -+ "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB", -+ "05B935590C155E17EA48EB3FF3718B893DF59A05D0", -+ "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", -+ 2); -+ -+ add(KnownOIDs.c2pnb176w1, B, -+ "0100000000000000000000000000000000080000000007", -+ "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B", -+ "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2", -+ "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798", -+ "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C", -+ "00010092537397ECA4F6145799D62B0A19CE06FE26AD", -+ 0xFF6E); -+ -+ add(KnownOIDs.c2pnb208w1, B, -+ "010000000000000000000000000000000800000000000000000007", -+ "0000000000000000000000000000000000000000000000000000", -+ "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E", -+ "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A", -+ "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3", -+ "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", -+ 0xFE48); -+ -+ add(KnownOIDs.c2pnb272w1, B, -+ "010000000000000000000000000000000000000000000000000000010000000000000B", -+ "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20", -+ "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7", -+ "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D", -+ "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23", -+ "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", -+ 0xFF06); -+ -+ add(KnownOIDs.c2pnb304w1, B, -+ "010000000000000000000000000000000000000000000000000000000000000000000000000807", -+ "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681", -+ "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE", -+ "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F740A2614", -+ "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1B92C03B", -+ "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D", -+ 0xFE2E); -+ -+ add(KnownOIDs.c2pnb368w1, B, -+ "0100000000000000000000000000000000000000000000000000000000000000000000002000000000000000000007", -+ "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D", -+ "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A", -+ "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E789E927BE216F02E1FB136A5F", -+ "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855ADAA81E2A0750B80FDA2310", -+ "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967", -+ 0xFF70); -+*/ -+ -+ /* -+ * Brainpool curves (RFC 5639) -+ * (Twisted curves are not included) -+ */ -+ -+ add(KnownOIDs.brainpoolP160r1, P, -+ "E95E4A5F737059DC60DFC7AD95B3D8139515620F", -+ "340E7BE2A280EB74E2BE61BADA745D97E8F7C300", -+ "1E589A8595423412134FAA2DBDEC95C8D8675E58", -+ "BED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3", -+ "1667CB477A1A8EC338F94741669C976316DA6321", -+ "E95E4A5F737059DC60DF5991D45029409E60FC09", -+ 1); -+ -+ add(KnownOIDs.brainpoolP192r1, P, -+ "C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297", -+ "6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF", -+ "469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9", -+ "C0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6", -+ "14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F", -+ "C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1", -+ 1); -+ -+ add(KnownOIDs.brainpoolP224r1, P, -+ "D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF", -+ "68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43", -+ "2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B", -+ "0D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D", -+ "58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD", -+ "D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F", -+ 1); -+ -+ add(KnownOIDs.brainpoolP256r1, P, -+ "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", -+ "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", -+ "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", -+ "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", -+ "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", -+ "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", -+ 1); -+ -+ add(KnownOIDs.brainpoolP320r1, P, -+ "D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27", -+ "3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4", -+ "520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6", -+ "43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611", -+ "14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1", -+ "D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311", -+ 1); -+ -+ add(KnownOIDs.brainpoolP384r1, P, -+ "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53", -+ "7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826", -+ "04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11", -+ "1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E", -+ "8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315", -+ "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", -+ 1); -+ -+ add(KnownOIDs.brainpoolP512r1, P, -+ "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3", -+ "7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA", -+ "3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723", -+ "81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822", -+ "7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892", -+ "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", -+ 1); -+ -+ /* SM2 prime curves */ -+ add(KnownOIDs.sm2p256v1, P, -+ "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF", -+ "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC", -+ "28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93", -+ "32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7", -+ "BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0", -+ "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123", -+ 1); -+ -+ specCollection = Collections.unmodifiableCollection(oidMap.values()); -+ } -+} -\ No newline at end of file -diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEDHKeyPairGenerator.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEDHKeyPairGenerator.java -index 74134eef5..7426b6968 100644 ---- a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEDHKeyPairGenerator.java -+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEDHKeyPairGenerator.java -@@ -57,6 +57,7 @@ public class KAEDHKeyPairGenerator - private int lSize; - private SecureRandom random; - -+ @SuppressWarnings("this-escape") - public KAEDHKeyPairGenerator() { - super(); - initialize(DEF_DH_KEY_SIZE, null); -diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECDHKeyAgreement.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECDHKeyAgreement.java -index 29dc09889..9f701c93e 100644 ---- a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECDHKeyAgreement.java -+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECDHKeyAgreement.java -@@ -27,6 +27,7 @@ - package org.openeuler.security.openssl; - - import sun.security.ec.ECKeyFactory; -+import sun.security.util.NamedCurve; - - import java.math.BigInteger; - import java.security.InvalidAlgorithmParameterException; -@@ -95,7 +96,16 @@ public class KAEECDHKeyAgreement extends KeyAgreementSpi { - // Bits to bytes. - expectedSecretLen = (keyLenBits + 7) >> 3; - -- curveName = KAEUtils.getCurveBySize(keyLenBits); -+ // Using KAENamedCurve.name can be inaccurate. need ObjectId -+ if (params instanceof KAENamedCurve) { -+ curveName = KAEUtils.getCurveByAlias(((KAENamedCurve) params).getObjectId()); -+ }else if (params instanceof NamedCurve) { -+ curveName = KAEUtils.getCurveByAlias(((NamedCurve) params).getObjectId()); -+ }else { -+ KAENamedCurve curve = KAECurveDB.lookup(params); -+ curveName = KAEUtils.getCurveByAlias(curve.getObjectId()); -+ } -+ - if (curveName == null) { - throw new InvalidParameterException("unknown keyLenBits " + keyLenBits); - } -diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECKeyFactory.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECKeyFactory.java -new file mode 100644 -index 000000000..d25e00085 ---- /dev/null -+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECKeyFactory.java -@@ -0,0 +1,308 @@ -+/* -+ * Copyright (c) 2006, 2021, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2023, Huawei Technologies Co., Ltd. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. Oracle designates this -+ * particular file as subject to the "Classpath" exception as provided -+ * by Oracle in the LICENSE file that accompanied this code. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+package org.openeuler.security.openssl; -+ -+import java.util.Arrays; -+ -+import java.security.*; -+import java.security.interfaces.*; -+import java.security.spec.*; -+ -+/** -+ * KeyFactory for EC keys. Keys must be instances of PublicKey or PrivateKey -+ * and getAlgorithm() must return "EC". For such keys, it supports conversion -+ * between the following: -+ * -+ * For public keys: -+ * . PublicKey with an X.509 encoding -+ * . ECPublicKey -+ * . ECPublicKeySpec -+ * . X509EncodedKeySpec -+ * -+ * For private keys: -+ * . PrivateKey with a PKCS#8 encoding -+ * . ECPrivateKey -+ * . ECPrivateKeySpec -+ * . PKCS8EncodedKeySpec -+ * -+ * @since 1.6 -+ * @author Andreas Sterbenz -+ */ -+public final class KAEECKeyFactory extends KeyFactorySpi { -+ -+ // Used by translateKey() -+ private static KeyFactory instance; -+ -+ private static KeyFactory getInstance() { -+ if (instance == null) { -+ try { -+ instance = KeyFactory.getInstance("EC", "KAEProvider"); -+ } catch (NoSuchProviderException e) { -+ throw new RuntimeException(e); -+ } catch (NoSuchAlgorithmException e) { -+ throw new RuntimeException(e); -+ } -+ } -+ -+ return instance; -+ } -+ -+ public KAEECKeyFactory() { -+ // empty -+ } -+ -+ /** -+ * Static method to convert Key into a useable instance of -+ * ECPublicKey or ECPrivateKey. Check the key and convert it -+ * to a Sun key if necessary. If the key is not an EC key -+ * or cannot be used, throw an InvalidKeyException. -+ * -+ * The difference between this method and engineTranslateKey() is that -+ * we do not convert keys of other providers that are already an -+ * instance of ECPublicKey or ECPrivateKey. -+ * -+ * To be used by future Java ECDSA and ECDH implementations. -+ */ -+ public static ECKey toECKey(Key key) throws InvalidKeyException { -+ if (key instanceof ECKey) { -+ ECKey ecKey = (ECKey)key; -+ checkKey(ecKey); -+ return ecKey; -+ } else { -+ /* -+ * We don't call the engineTranslateKey method directly -+ * because KeyFactory.translateKey adds code to loop through -+ * all key factories. -+ */ -+ return (ECKey)getInstance().translateKey(key); -+ } -+ } -+ -+ /** -+ * Check that the given EC key is valid. -+ */ -+ private static void checkKey(ECKey key) throws InvalidKeyException { -+ // check for subinterfaces, omit additional checks for our keys -+ if (key instanceof ECPublicKey) { -+ if (key instanceof KAEECPublicKeyImpl) { -+ return; -+ } -+ } else if (key instanceof ECPrivateKey) { -+ if (key instanceof KAEECPrivateKeyImpl) { -+ return; -+ } -+ } else { -+ throw new InvalidKeyException("Neither a public nor a private key"); -+ } -+ // ECKey does not extend Key, so we need to do a cast -+ String keyAlg = ((Key)key).getAlgorithm(); -+ if (!keyAlg.equals("EC") && !keyAlg.equals("SM2")) { -+ throw new InvalidKeyException("Not an EC key: " + keyAlg); -+ } -+ // XXX further sanity checks about whether this key uses supported -+ // fields, point formats, etc. would go here -+ } -+ -+ /** -+ * Translate an EC key into a Sun EC key. If conversion is -+ * not possible, throw an InvalidKeyException. -+ * See also JCA doc. -+ */ -+ protected Key engineTranslateKey(Key key) throws InvalidKeyException { -+ if (key == null) { -+ throw new InvalidKeyException("Key must not be null"); -+ } -+ String keyAlg = key.getAlgorithm(); -+ if (!keyAlg.equals("EC") && !keyAlg.equals("SM2")) { -+ throw new InvalidKeyException("Not an EC key: " + keyAlg); -+ } -+ if (key instanceof PublicKey) { -+ return implTranslatePublicKey((PublicKey)key); -+ } else if (key instanceof PrivateKey) { -+ return implTranslatePrivateKey((PrivateKey)key); -+ } else { -+ throw new InvalidKeyException("Neither a public nor a private key"); -+ } -+ } -+ -+ // see JCA doc -+ protected PublicKey engineGeneratePublic(KeySpec keySpec) -+ throws InvalidKeySpecException { -+ try { -+ return implGeneratePublic(keySpec); -+ } catch (InvalidKeySpecException e) { -+ throw e; -+ } catch (GeneralSecurityException e) { -+ throw new InvalidKeySpecException(e); -+ } -+ } -+ -+ // see JCA doc -+ protected PrivateKey engineGeneratePrivate(KeySpec keySpec) -+ throws InvalidKeySpecException { -+ try { -+ return implGeneratePrivate(keySpec); -+ } catch (InvalidKeySpecException e) { -+ throw e; -+ } catch (GeneralSecurityException e) { -+ throw new InvalidKeySpecException(e); -+ } -+ } -+ -+ // internal implementation of translateKey() for public keys. See JCA doc -+ private PublicKey implTranslatePublicKey(PublicKey key) -+ throws InvalidKeyException { -+ if (key instanceof ECPublicKey) { -+ if (key instanceof KAEECPublicKeyImpl) { -+ return key; -+ } -+ ECPublicKey ecKey = (ECPublicKey)key; -+ return new KAEECPublicKeyImpl( -+ ecKey.getW(), -+ ecKey.getParams() -+ ); -+ } else if ("X.509".equals(key.getFormat())) { -+ byte[] encoded = key.getEncoded(); -+ return new KAEECPublicKeyImpl(encoded); -+ } else { -+ throw new InvalidKeyException("Public keys must be instance " -+ + "of ECPublicKey or have X.509 encoding"); -+ } -+ } -+ -+ // internal implementation of translateKey() for private keys. See JCA doc -+ private PrivateKey implTranslatePrivateKey(PrivateKey key) -+ throws InvalidKeyException { -+ if (key instanceof ECPrivateKey) { -+ if (key instanceof KAEECPrivateKeyImpl) { -+ return key; -+ } -+ ECPrivateKey ecKey = (ECPrivateKey)key; -+ return new KAEECPrivateKeyImpl( -+ ecKey.getS(), -+ ecKey.getParams() -+ ); -+ } else if ("PKCS#8".equals(key.getFormat())) { -+ byte[] encoded = key.getEncoded(); -+ try { -+ return new KAEECPrivateKeyImpl(encoded); -+ } finally { -+ Arrays.fill(encoded, (byte)0); -+ } -+ } else { -+ throw new InvalidKeyException("Private keys must be instance " -+ + "of ECPrivateKey or have PKCS#8 encoding"); -+ } -+ } -+ -+ // internal implementation of generatePublic. See JCA doc -+ private PublicKey implGeneratePublic(KeySpec keySpec) -+ throws GeneralSecurityException { -+ if (keySpec instanceof X509EncodedKeySpec) { -+ X509EncodedKeySpec x509Spec = (X509EncodedKeySpec)keySpec; -+ return new KAEECPublicKeyImpl(x509Spec.getEncoded()); -+ } else if (keySpec instanceof ECPublicKeySpec) { -+ ECPublicKeySpec ecSpec = (ECPublicKeySpec)keySpec; -+ return new KAEECPublicKeyImpl( -+ ecSpec.getW(), -+ ecSpec.getParams() -+ ); -+ } else { -+ throw new InvalidKeySpecException("Only ECPublicKeySpec " -+ + "and X509EncodedKeySpec supported for EC public keys"); -+ } -+ } -+ -+ // internal implementation of generatePrivate. See JCA doc -+ private PrivateKey implGeneratePrivate(KeySpec keySpec) -+ throws GeneralSecurityException { -+ if (keySpec instanceof PKCS8EncodedKeySpec) { -+ PKCS8EncodedKeySpec pkcsSpec = (PKCS8EncodedKeySpec)keySpec; -+ byte[] encoded = pkcsSpec.getEncoded(); -+ try { -+ return new KAEECPrivateKeyImpl(encoded); -+ } finally { -+ Arrays.fill(encoded, (byte) 0); -+ } -+ } else if (keySpec instanceof ECPrivateKeySpec) { -+ ECPrivateKeySpec ecSpec = (ECPrivateKeySpec)keySpec; -+ return new KAEECPrivateKeyImpl(ecSpec.getS(), ecSpec.getParams()); -+ } else { -+ throw new InvalidKeySpecException("Only ECPrivateKeySpec " -+ + "and PKCS8EncodedKeySpec supported for EC private keys"); -+ } -+ } -+ -+ protected T engineGetKeySpec(Key key, Class keySpec) -+ throws InvalidKeySpecException { -+ try { -+ // convert key to one of our keys -+ // this also verifies that the key is a valid EC key and ensures -+ // that the encoding is X.509/PKCS#8 for public/private keys -+ key = engineTranslateKey(key); -+ } catch (InvalidKeyException e) { -+ throw new InvalidKeySpecException(e); -+ } -+ if (key instanceof ECPublicKey) { -+ ECPublicKey ecKey = (ECPublicKey)key; -+ if (keySpec.isAssignableFrom(ECPublicKeySpec.class)) { -+ return keySpec.cast(new ECPublicKeySpec( -+ ecKey.getW(), -+ ecKey.getParams() -+ )); -+ } else if (keySpec.isAssignableFrom(X509EncodedKeySpec.class)) { -+ return keySpec.cast(new X509EncodedKeySpec(key.getEncoded())); -+ } else { -+ throw new InvalidKeySpecException -+ ("KeySpec must be ECPublicKeySpec or " -+ + "X509EncodedKeySpec for EC public keys"); -+ } -+ } else if (key instanceof ECPrivateKey) { -+ if (keySpec.isAssignableFrom(PKCS8EncodedKeySpec.class)) { -+ byte[] encoded = key.getEncoded(); -+ try { -+ return keySpec.cast(new PKCS8EncodedKeySpec(encoded)); -+ } finally { -+ Arrays.fill(encoded, (byte)0); -+ } -+ } else if (keySpec.isAssignableFrom(ECPrivateKeySpec.class)) { -+ ECPrivateKey ecKey = (ECPrivateKey)key; -+ return keySpec.cast(new ECPrivateKeySpec( -+ ecKey.getS(), -+ ecKey.getParams() -+ )); -+ } else { -+ throw new InvalidKeySpecException -+ ("KeySpec must be ECPrivateKeySpec or " -+ + "PKCS8EncodedKeySpec for EC private keys"); -+ } -+ } else { -+ // should not occur, caught in engineTranslateKey() -+ throw new InvalidKeySpecException("Neither public nor private key"); -+ } -+ } -+} -diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECKeyPairGenerator.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECKeyPairGenerator.java -index 73d8551b1..42da07282 100644 ---- a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECKeyPairGenerator.java -+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECKeyPairGenerator.java -@@ -26,9 +26,6 @@ - - package org.openeuler.security.openssl; - --import sun.security.ec.ECPrivateKeyImpl; --import sun.security.ec.ECPublicKeyImpl; -- - import java.math.BigInteger; - import java.security.InvalidAlgorithmParameterException; - import java.security.InvalidParameterException; -@@ -63,7 +60,7 @@ public class KAEECKeyPairGenerator extends KeyPairGeneratorSpi { - this.param = getParamsByCurve(curveName); - } - -- private ECParameterSpec getParamsByCurve(String curveName) { -+ protected ECParameterSpec getParamsByCurve(String curveName) { - byte[][] params = nativeGenerateParam(curveName); - if (params == null) { - throw new InvalidParameterException("unknown curve " + curveName); -@@ -125,18 +122,18 @@ public class KAEECKeyPairGenerator extends KeyPairGeneratorSpi { - BigInteger s = new BigInteger(keys[2]); - ECPoint w = new ECPoint(wX, wY); - -- ECPrivateKeyImpl privateKey = null; -- ECPublicKeyImpl publicKey = null; -+ KAEECPrivateKeyImpl privateKey; -+ KAEECPublicKeyImpl publicKey; - try { -- Class pubKeyImpl = Class.forName("sun.security.ec.ECPublicKeyImpl"); -+ Class pubKeyImpl = Class.forName("org.openeuler.security.openssl.KAEECPublicKeyImpl"); - Constructor conPubKeyImpl = pubKeyImpl.getDeclaredConstructor(ECPoint.class, ECParameterSpec.class); - conPubKeyImpl.setAccessible(true); -- publicKey = (ECPublicKeyImpl) conPubKeyImpl.newInstance(w, param); -+ publicKey = (KAEECPublicKeyImpl) conPubKeyImpl.newInstance(w, param); - -- Class priKeyImpl = Class.forName("sun.security.ec.ECPrivateKeyImpl"); -+ Class priKeyImpl = Class.forName("org.openeuler.security.openssl.KAEECPrivateKeyImpl"); - Constructor conPriKeyImpl = priKeyImpl.getDeclaredConstructor(BigInteger.class, ECParameterSpec.class); - conPriKeyImpl.setAccessible(true); -- privateKey = (ECPrivateKeyImpl) conPriKeyImpl.newInstance(s, param); -+ privateKey = (KAEECPrivateKeyImpl) conPriKeyImpl.newInstance(s, param); - } catch (ClassNotFoundException | NoSuchMethodException | InstantiationException | - IllegalAccessException | InvocationTargetException e) { - throw new ProviderException(e); -diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECParameters.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECParameters.java -new file mode 100644 -index 000000000..59a116eba ---- /dev/null -+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECParameters.java -@@ -0,0 +1,241 @@ -+/* -+ * Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2023, Huawei Technologies Co., Ltd. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. Oracle designates this -+ * particular file as subject to the "Classpath" exception as provided -+ * by Oracle in the LICENSE file that accompanied this code. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+package org.openeuler.security.openssl; -+ -+import sun.security.util.DerValue; -+import sun.security.util.ECKeySizeParameterSpec; -+import sun.security.util.ObjectIdentifier; -+ -+import java.io.IOException; -+ -+import java.security.*; -+import java.security.spec.*; -+ -+/** -+ * This class implements encoding and decoding of Elliptic Curve parameters -+ * as specified in RFC 3279. -+ * -+ * However, only named curves are currently supported. -+ * -+ * ASN.1 from RFC 3279 follows. Note that X9.62 (2005) has added some additional -+ * options. -+ * -+ * 

-+ *    EcpkParameters ::= CHOICE {
-+ *      ecParameters  ECParameters,
-+ *      namedCurve    OBJECT IDENTIFIER,
-+ *      implicitlyCA  NULL }
-+ *
-+ *    ECParameters ::= SEQUENCE {
-+ *       version   ECPVer,          -- version is always 1
-+ *       fieldID   FieldID,         -- identifies the finite field over
-+ *                                  -- which the curve is defined
-+ *       curve     Curve,           -- coefficients a and b of the
-+ *                                  -- elliptic curve
-+ *       base      ECPoint,         -- specifies the base point P
-+ *                                  -- on the elliptic curve
-+ *       order     INTEGER,         -- the order n of the base point
-+ *       cofactor  INTEGER OPTIONAL -- The integer h = #E(Fq)/n
-+ *       }
-+ *
-+ *    ECPVer ::= INTEGER {ecpVer1(1)}
-+ *
-+ *    Curve ::= SEQUENCE {
-+ *       a         FieldElement,
-+ *       b         FieldElement,
-+ *       seed      BIT STRING OPTIONAL }
-+ *
-+ *    FieldElement ::= OCTET STRING
-+ *
-+ *    ECPoint ::= OCTET STRING
-+ *
-+ * -+ * @since 1.6 -+ * @author Andreas Sterbenz -+ */ -+public final class KAEECParameters extends AlgorithmParametersSpi { -+ -+ // used by ECPublicKeyImpl and ECPrivateKeyImpl -+ public static AlgorithmParameters getAlgorithmParameters(ECParameterSpec spec) -+ throws InvalidKeyException { -+ try { -+ AlgorithmParameters params = -+ AlgorithmParameters.getInstance("EC", "KAEProvider"); -+ params.init(spec); -+ return params; -+ } catch (GeneralSecurityException e) { -+ throw new InvalidKeyException("EC parameters error", e); -+ } -+ } -+ -+ /* -+ * The parameters these AlgorithmParameters object represents. -+ * Currently, it is always an instance of NamedCurve. -+ */ -+ private KAENamedCurve namedCurve; -+ -+ // A public constructor is required by AlgorithmParameters class. -+ public KAEECParameters() { -+ // empty -+ } -+ -+ // AlgorithmParameterSpi methods -+ -+ protected void engineInit(AlgorithmParameterSpec paramSpec) -+ throws InvalidParameterSpecException { -+ -+ if (paramSpec == null) { -+ throw new InvalidParameterSpecException -+ ("paramSpec must not be null"); -+ } -+ -+ if (paramSpec instanceof KAENamedCurve) { -+ namedCurve = (KAENamedCurve)paramSpec; -+ return; -+ } -+ -+ if (paramSpec instanceof ECParameterSpec) { -+ namedCurve = KAECurveDB.lookup((ECParameterSpec)paramSpec); -+ } else if (paramSpec instanceof ECGenParameterSpec) { -+ String name = ((ECGenParameterSpec)paramSpec).getName(); -+ namedCurve = KAECurveDB.lookup(name); -+ } else if (paramSpec instanceof ECKeySizeParameterSpec) { -+ int keySize = ((ECKeySizeParameterSpec)paramSpec).getKeySize(); -+ namedCurve = KAECurveDB.lookup(keySize); -+ } else { -+ throw new InvalidParameterSpecException -+ ("Only ECParameterSpec and ECGenParameterSpec supported"); -+ } -+ -+ if (namedCurve == null) { -+ throw new InvalidParameterSpecException( -+ "Not a supported curve: " + paramSpec); -+ } -+ } -+ -+ protected void engineInit(byte[] params) throws IOException { -+ DerValue encodedParams = new DerValue(params); -+ if (encodedParams.tag == DerValue.tag_ObjectId) { -+ ObjectIdentifier oid = encodedParams.getOID(); -+ KAENamedCurve spec = KAECurveDB.lookup(oid.toString()); -+ if (spec == null) { -+ throw new IOException("Unknown named curve: " + oid); -+ } -+ -+ namedCurve = spec; -+ return; -+ } -+ -+ throw new IOException("Only named ECParameters supported"); -+ -+ // The code below is incomplete. -+ // It is left as a starting point for a complete parsing implementation. -+ -+/* -+ if (encodedParams.tag != DerValue.tag_Sequence) { -+ throw new IOException("Unsupported EC parameters, tag: " + -+ encodedParams.tag); -+ } -+ -+ encodedParams.data.reset(); -+ -+ DerInputStream in = encodedParams.data; -+ -+ int version = in.getInteger(); -+ if (version != 1) { -+ throw new IOException("Unsupported EC parameters version: " + -+ version); -+ } -+ ECField field = parseField(in); -+ EllipticCurve curve = parseCurve(in, field); -+ ECPoint point = parsePoint(in, curve); -+ -+ BigInteger order = in.getBigInteger(); -+ int cofactor = 0; -+ -+ if (in.available() != 0) { -+ cofactor = in.getInteger(); -+ } -+ -+ // XXX HashAlgorithm optional -+ -+ if (encodedParams.data.available() != 0) { -+ throw new IOException("encoded params have " + -+ encodedParams.data.available() + -+ " extra bytes"); -+ } -+ -+ return new ECParameterSpec(curve, point, order, cofactor); -+*/ -+ } -+ -+ protected void engineInit(byte[] params, String decodingMethod) -+ throws IOException { -+ engineInit(params); -+ } -+ -+ protected T -+ engineGetParameterSpec(Class spec) -+ throws InvalidParameterSpecException { -+ -+ if (spec.isAssignableFrom(ECParameterSpec.class)) { -+ return spec.cast(namedCurve); -+ } -+ -+ if (spec.isAssignableFrom(ECGenParameterSpec.class)) { -+ // Ensure the name is the Object ID -+ String name = namedCurve.getObjectId(); -+ return spec.cast(new ECGenParameterSpec(name)); -+ } -+ -+ if (spec.isAssignableFrom(ECKeySizeParameterSpec.class)) { -+ int keySize = namedCurve.getCurve().getField().getFieldSize(); -+ return spec.cast(new ECKeySizeParameterSpec(keySize)); -+ } -+ -+ throw new InvalidParameterSpecException( -+ "Only ECParameterSpec and ECGenParameterSpec supported"); -+ } -+ -+ protected byte[] engineGetEncoded() throws IOException { -+ return namedCurve.getEncoded(); -+ } -+ -+ protected byte[] engineGetEncoded(String encodingMethod) -+ throws IOException { -+ return engineGetEncoded(); -+ } -+ -+ protected String engineToString() { -+ if (namedCurve == null) { -+ return "Not initialized"; -+ } -+ -+ return namedCurve.toString(); -+ } -+} -+ -diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECPrivateKeyImpl.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECPrivateKeyImpl.java -new file mode 100644 -index 000000000..61a4f297c ---- /dev/null -+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECPrivateKeyImpl.java -@@ -0,0 +1,214 @@ -+/* -+ * Copyright (c) 2006, 2018, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2023, Huawei Technologies Co., Ltd. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. Oracle designates this -+ * particular file as subject to the "Classpath" exception as provided -+ * by Oracle in the LICENSE file that accompanied this code. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+package org.openeuler.security.openssl; -+ -+import java.util.Arrays; -+ -+import java.io.IOException; -+import java.math.BigInteger; -+ -+import java.security.*; -+import java.security.interfaces.*; -+import java.security.spec.*; -+ -+import sun.security.util.ECUtil; -+import sun.security.util.ArrayUtil; -+import sun.security.util.DerInputStream; -+import sun.security.util.DerOutputStream; -+import sun.security.util.DerValue; -+import sun.security.x509.AlgorithmId; -+import sun.security.pkcs.PKCS8Key; -+ -+/** -+ * Key implementation for EC private keys. -+ *

-+ * ASN.1 syntax for EC private keys from SEC 1 v1.5 (draft): -+ * -+ * 

-+ * EXPLICIT TAGS
-+ *
-+ * ECPrivateKey ::= SEQUENCE {
-+ *   version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
-+ *   privateKey OCTET STRING,
-+ *   parameters [0] ECDomainParameters {{ SECGCurveNames }} OPTIONAL,
-+ *   publicKey [1] BIT STRING OPTIONAL
-+ * }
-+ *
-+ * -+ * We currently ignore the optional parameters and publicKey fields. We -+ * require that the parameters are encoded as part of the AlgorithmIdentifier, -+ * not in the private key structure. -+ * -+ * @since 1.6 -+ * @author Andreas Sterbenz -+ */ -+@SuppressWarnings("serial") -+public final class KAEECPrivateKeyImpl extends PKCS8Key implements ECPrivateKey { -+ -+ private static final long serialVersionUID = 88695385615075129L; -+ -+ private BigInteger s; // private value -+ private byte[] arrayS; // private value as a little-endian array -+ private ECParameterSpec params; -+ -+ /** -+ * Construct a key from its encoding. Called by the ECKeyFactory. -+ */ -+ public KAEECPrivateKeyImpl(byte[] encoded) throws InvalidKeyException { -+ super(encoded); -+ parseKeyBits(); -+ } -+ -+ /** -+ * Construct a key from its components. Used by the -+ * KeyFactory. -+ */ -+ public KAEECPrivateKeyImpl(BigInteger s, ECParameterSpec params) -+ throws InvalidKeyException { -+ this.s = s; -+ this.params = params; -+ makeEncoding(s); -+ -+ } -+ -+ KAEECPrivateKeyImpl(byte[] s, ECParameterSpec params) -+ throws InvalidKeyException { -+ this.arrayS = s.clone(); -+ this.params = params; -+ makeEncoding(s); -+ } -+ -+ private void makeEncoding(byte[] s) throws InvalidKeyException { -+ algid = new AlgorithmId -+ (AlgorithmId.EC_oid, KAEECParameters.getAlgorithmParameters(params)); -+ try { -+ DerOutputStream out = new DerOutputStream(); -+ out.putInteger(1); // version 1 -+ byte[] privBytes = s.clone(); -+ ArrayUtil.reverse(privBytes); -+ out.putOctetString(privBytes); -+ Arrays.fill(privBytes, (byte)0); -+ DerValue val = DerValue.wrap(DerValue.tag_Sequence, out); -+ key = val.toByteArray(); -+ val.clear(); -+ } catch (Exception exc) { -+ // should never occur -+ throw new InvalidKeyException(exc); -+ } -+ } -+ -+ private void makeEncoding(BigInteger s) throws InvalidKeyException { -+ algid = new AlgorithmId -+ (AlgorithmId.EC_oid, KAEECParameters.getAlgorithmParameters(params)); -+ try { -+ byte[] sArr = s.toByteArray(); -+ // convert to fixed-length array -+ int numOctets = (params.getOrder().bitLength() + 7) / 8; -+ byte[] sOctets = new byte[numOctets]; -+ int inPos = Math.max(sArr.length - sOctets.length, 0); -+ int outPos = Math.max(sOctets.length - sArr.length, 0); -+ int length = Math.min(sArr.length, sOctets.length); -+ System.arraycopy(sArr, inPos, sOctets, outPos, length); -+ Arrays.fill(sArr, (byte)0); -+ DerOutputStream out = new DerOutputStream(); -+ out.putInteger(1); // version 1 -+ out.putOctetString(sOctets); -+ Arrays.fill(sOctets, (byte)0); -+ DerValue val = DerValue.wrap(DerValue.tag_Sequence, out); -+ key = val.toByteArray(); -+ val.clear(); -+ } catch (Exception exc) { -+ throw new AssertionError("Should not happen", exc); -+ } -+ } -+ -+ // see JCA doc -+ public String getAlgorithm() { -+ return "EC"; -+ } -+ -+ // see JCA doc -+ public BigInteger getS() { -+ if (s == null) { -+ byte[] arrCopy = arrayS.clone(); -+ ArrayUtil.reverse(arrCopy); -+ s = new BigInteger(1, arrCopy); -+ Arrays.fill(arrCopy, (byte)0); -+ } -+ return s; -+ } -+ -+ public byte[] getArrayS() { -+ if (arrayS == null) { -+ arrayS = ECUtil.sArray(getS(), params); -+ } -+ return arrayS.clone(); -+ } -+ -+ // see JCA doc -+ public ECParameterSpec getParams() { -+ return params; -+ } -+ -+ private void parseKeyBits() throws InvalidKeyException { -+ try { -+ DerInputStream in = new DerInputStream(key); -+ DerValue derValue = in.getDerValue(); -+ if (derValue.tag != DerValue.tag_Sequence) { -+ throw new IOException("Not a SEQUENCE"); -+ } -+ DerInputStream data = derValue.data; -+ int version = data.getInteger(); -+ if (version != 1) { -+ throw new IOException("Version must be 1"); -+ } -+ byte[] privData = data.getOctetString(); -+ ArrayUtil.reverse(privData); -+ arrayS = privData; -+ while (data.available() != 0) { -+ DerValue value = data.getDerValue(); -+ if (value.isContextSpecific((byte) 0)) { -+ // ignore for now -+ } else if (value.isContextSpecific((byte) 1)) { -+ // ignore for now -+ } else { -+ throw new InvalidKeyException("Unexpected value: " + value); -+ } -+ } -+ AlgorithmParameters algParams = this.algid.getParameters(); -+ if (algParams == null) { -+ throw new InvalidKeyException("EC domain parameters must be " -+ + "encoded in the algorithm identifier"); -+ } -+ params = algParams.getParameterSpec(ECParameterSpec.class); -+ } catch (IOException e) { -+ throw new InvalidKeyException("Invalid EC private key", e); -+ } catch (InvalidParameterSpecException e) { -+ throw new InvalidKeyException("Invalid EC private key", e); -+ } -+ } -+} -diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECPublicKeyImpl.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECPublicKeyImpl.java -new file mode 100644 -index 000000000..baafcd5ab ---- /dev/null -+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEECPublicKeyImpl.java -@@ -0,0 +1,132 @@ -+/* -+ * Copyright (c) 2006, 2023, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2023, Huawei Technologies Co., Ltd. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. Oracle designates this -+ * particular file as subject to the "Classpath" exception as provided -+ * by Oracle in the LICENSE file that accompanied this code. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+package org.openeuler.security.openssl; -+ -+import java.io.IOException; -+ -+import java.security.*; -+import java.security.interfaces.*; -+import java.security.spec.*; -+ -+import sun.security.util.ECUtil; -+ -+import sun.security.x509.*; -+ -+/** -+ * Key implementation for EC public keys. -+ * -+ * @since 1.6 -+ * @author Andreas Sterbenz -+ */ -+@SuppressWarnings("serial") -+public final class KAEECPublicKeyImpl extends X509Key implements ECPublicKey { -+ -+ private static final long serialVersionUID = -2462037275160462289L; -+ -+ private ECPoint w; -+ private ECParameterSpec params; -+ -+ /** -+ * Construct a key from its components. Used by the -+ * ECKeyFactory. -+ */ -+ @SuppressWarnings("deprecation") -+ public KAEECPublicKeyImpl(ECPoint w, ECParameterSpec params) -+ throws InvalidKeyException { -+ this.w = w; -+ this.params = params; -+ // generate the encoding -+ algid = new AlgorithmId -+ (AlgorithmId.EC_oid, KAEECParameters.getAlgorithmParameters(params)); -+ key = ECUtil.encodePoint(w, params.getCurve()); -+ } -+ -+ /** -+ * Construct a key from its encoding. -+ */ -+ public KAEECPublicKeyImpl(byte[] encoded) throws InvalidKeyException { -+ decode(encoded); -+ } -+ -+ // see JCA doc -+ public String getAlgorithm() { -+ return "EC"; -+ } -+ -+ // see JCA doc -+ public ECPoint getW() { -+ return w; -+ } -+ -+ // see JCA doc -+ public ECParameterSpec getParams() { -+ return params; -+ } -+ -+ // Internal API to get the encoded point. Currently used by SunPKCS11. -+ // This may change/go away depending on what we do with the public API. -+ @SuppressWarnings("deprecation") -+ public byte[] getEncodedPublicValue() { -+ return key.clone(); -+ } -+ -+ /** -+ * Parse the key. Called by X509Key. -+ */ -+ @SuppressWarnings("deprecation") -+ protected void parseKeyBits() throws InvalidKeyException { -+ AlgorithmParameters algParams = this.algid.getParameters(); -+ if (algParams == null) { -+ throw new InvalidKeyException("EC domain parameters must be " + -+ "encoded in the algorithm identifier"); -+ } -+ -+ try { -+ params = algParams.getParameterSpec(ECParameterSpec.class); -+ w = ECUtil.decodePoint(key, params.getCurve()); -+ } catch (IOException e) { -+ throw new InvalidKeyException("Invalid EC key", e); -+ } catch (InvalidParameterSpecException e) { -+ throw new InvalidKeyException("Invalid EC key", e); -+ } -+ } -+ -+ // return a string representation of this key for debugging -+ public String toString() { -+ return "Sun EC public key, " + params.getCurve().getField().getFieldSize() -+ + " bits\n public x coord: " + w.getAffineX() -+ + "\n public y coord: " + w.getAffineY() -+ + "\n parameters: " + params; -+ } -+ -+ private Object writeReplace() throws java.io.ObjectStreamException { -+ return new KeyRep(KeyRep.Type.PUBLIC, -+ getAlgorithm(), -+ getFormat(), -+ getEncoded()); -+ } -+} -diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAENamedCurve.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAENamedCurve.java -new file mode 100644 -index 000000000..6d6d0d6e5 ---- /dev/null -+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAENamedCurve.java -@@ -0,0 +1,100 @@ -+/* -+ * Copyright (c) 2006, 2020, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2023, Huawei Technologies Co., Ltd. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. Oracle designates this -+ * particular file as subject to the "Classpath" exception as provided -+ * by Oracle in the LICENSE file that accompanied this code. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+package org.openeuler.security.openssl; -+ -+import sun.security.util.DerOutputStream; -+import sun.security.util.ObjectIdentifier; -+import sun.security.util.KnownOIDs; -+ -+import java.io.IOException; -+import java.math.BigInteger; -+ -+import java.security.spec.*; -+ -+/** -+ * Contains Elliptic Curve parameters. -+ * -+ * @since 1.6 -+ * @author Andreas Sterbenz -+ */ -+public final class KAENamedCurve extends ECParameterSpec { -+ // friendly names with stdName followed by aliases -+ private final String[] nameAndAliases; -+ -+ // well known OID -+ private final String oid; -+ -+ // encoded form (as NamedCurve identified via OID) -+ private final byte[] encoded; -+ -+ KAENamedCurve(KnownOIDs ko, EllipticCurve curve, -+ ECPoint g, BigInteger n, int h) { -+ super(curve, g, n, h); -+ String[] aliases = ko.aliases(); -+ this.nameAndAliases = new String[aliases.length + 1]; -+ nameAndAliases[0] = ko.stdName(); -+ System.arraycopy(aliases, 0, nameAndAliases, 1, aliases.length); -+ -+ this.oid = ko.value(); -+ -+ DerOutputStream out = new DerOutputStream(); -+ try { -+ out.putOID(ObjectIdentifier.of(ko)); -+ } catch (Exception e) { -+ throw new RuntimeException("Internal error", e); -+ } -+ encoded = out.toByteArray(); -+ } -+ -+ // returns the curve's standard name followed by its aliases -+ public String[] getNameAndAliases() { -+ return nameAndAliases; -+ } -+ -+ public byte[] getEncoded() { -+ return encoded.clone(); -+ } -+ -+ public String getObjectId() { -+ return oid; -+ } -+ -+ public String toString() { -+ StringBuilder sb = new StringBuilder(nameAndAliases[0]); -+ if (nameAndAliases.length > 1) { -+ sb.append(" ["); -+ int j = 1; -+ while (j < nameAndAliases.length - 1) { -+ sb.append(nameAndAliases[j++]); -+ sb.append(','); -+ } -+ sb.append(nameAndAliases[j] + "]"); -+ } -+ sb.append(" (" + oid + ")"); -+ return sb.toString(); -+ } -+} -diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEProvider.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEProvider.java -index b3c1fb022..9574ce11a 100644 ---- a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEProvider.java -+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEProvider.java -@@ -93,7 +93,7 @@ public class KAEProvider extends Provider { - return Boolean.parseBoolean(explicitLoad); - } - -- @SuppressWarnings("deprecation") -+ @SuppressWarnings({"deprecation", "this-escape"}) - public KAEProvider() { - super("KAEProvider", PROVIDER_VER, "KAE provider"); - if (KAEConfig.useKaeProvider("kae.md5")) { -@@ -127,6 +127,12 @@ public class KAEProvider extends Provider { - if (KAEConfig.useKaeProvider("kae.ec")) { - putEC(); - } -+ if (KAEConfig.useKaeProvider("kae.sm2.cipher")) { -+ putSM2Cipher(); -+ } -+ if (KAEConfig.useKaeProvider("kae.sm2.signature")) { -+ putSM2Signature(); -+ } - } - - private void putAES() { -@@ -316,6 +322,25 @@ public class KAEProvider extends Provider { - put("KeyPairGenerator.EC", "org.openeuler.security.openssl.KAEECKeyPairGenerator"); - put("Alg.Alias.KeyPairGenerator.EllipticCurve", "EC"); - put("KeyAgreement.ECDH", "org.openeuler.security.openssl.KAEECDHKeyAgreement"); -+ -+ put("KeyFactory.EC", "org.openeuler.security.openssl.KAEECKeyFactory"); -+ put("Alg.Alias.KeyFactory.EllipticCurve", "EC"); -+ -+ put("AlgorithmParameters.EC", "org.openeuler.security.openssl.KAEECParameters"); -+ put("Alg.Alias.AlgorithmParameters.EllipticCurve", "EC"); -+ put("Alg.Alias.AlgorithmParameters.1.2.840.10045.2.1", "EC"); -+ } -+ -+ private void putSM2Cipher() { -+ put("KeyPairGenerator.SM2", "org.openeuler.security.openssl.KAESM2KeyPairGenerator"); -+ put("KeyFactory.SM2", "org.openeuler.security.openssl.KAEECKeyFactory"); -+ put("AlgorithmParameters.SM2", "org.openeuler.security.openssl.KAEECParameters"); -+ put("Alg.Alias.AlgorithmParameters.1.2.156.10197.1.301", "SM2"); -+ put("Cipher.SM2","org.openeuler.security.openssl.KAESM2Cipher"); -+ } -+ -+ private void putSM2Signature() { -+ put("Signature.SM3withSM2", "org.openeuler.security.openssl.KAESM2Signature$SM3withSM2"); - } - - // init openssl -@@ -323,4 +348,4 @@ public class KAEProvider extends Provider { - throws RuntimeException; - - static native boolean[] getEngineFlags(); --} -\ No newline at end of file -+} -diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAESM2Cipher.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAESM2Cipher.java -new file mode 100644 -index 000000000..a49225fb7 ---- /dev/null -+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAESM2Cipher.java -@@ -0,0 +1,386 @@ -+/* -+ * Copyright (c) 2023, Huawei Technologies Co., Ltd. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. Huawei designates this -+ * particular file as subject to the "Classpath" exception as provided -+ * by Huawei in the LICENSE file that accompanied this code. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please visit https://gitee.com/openeuler/bgmprovider if you need additional -+ * information or have any questions. -+ */ -+ -+package org.openeuler.security.openssl; -+ -+import javax.crypto.*; -+import java.io.ByteArrayOutputStream; -+import java.lang.ref.PhantomReference; -+import java.lang.ref.ReferenceQueue; -+import java.security.*; -+import java.security.interfaces.*; -+import java.security.spec.AlgorithmParameterSpec; -+import java.util.Arrays; -+import java.util.Locale; -+import java.util.Set; -+import java.util.concurrent.ConcurrentSkipListSet; -+ -+import static org.openeuler.security.openssl.KAEUtils.asUnsignedByteArray; -+ -+public class KAESM2Cipher extends CipherSpi { -+ // buffer for the data -+ private KAEByteArrayOutputStream byteBuf = new KAEByteArrayOutputStream(); -+ -+ private ECKey ecKey; -+ private int cipherMode = -1; -+ -+ // sm2 key holder -+ private KAESM2KeyHolder sm2KeyHolder; -+ -+ // see JCE spec -+ @Override -+ protected void engineSetMode(String mode) throws NoSuchAlgorithmException { -+ String modeName = mode.toUpperCase(Locale.ROOT); -+ -+ if (!modeName.equals("NONE")) { -+ throw new IllegalArgumentException("can't support mode " + mode); -+ } -+ } -+ -+ // see JCE spec -+ @Override -+ protected void engineSetPadding(String padding) throws NoSuchPaddingException { -+ String paddingName = padding.toUpperCase(Locale.ROOT); -+ -+ if (!paddingName.equals("NOPADDING")) { -+ throw new NoSuchPaddingException("padding not available with KAESM2Cipher"); -+ } -+ } -+ -+ // see JCE spec -+ @Override -+ protected int engineGetBlockSize() { -+ return 0; -+ } -+ -+ // see JCE spec -+ @Override -+ protected int engineGetOutputSize(int inputLen) { -+ throw new UnsupportedOperationException("engineGetOutputSize"); -+ } -+ -+ // see JCE spec -+ @Override -+ protected byte[] engineGetIV() { -+ return null; -+ } -+ -+ // see JCE spec -+ @Override -+ protected AlgorithmParameters engineGetParameters() { -+ return null; -+ } -+ -+ // see JCE spec -+ @Override -+ protected byte[] engineWrap(Key key) -+ throws IllegalBlockSizeException, InvalidKeyException { -+ if (key == null) { -+ throw new InvalidKeyException("Key cannot be null"); -+ } -+ byte[] encoded = key.getEncoded(); -+ if ((encoded == null) || (encoded.length == 0)) { -+ throw new InvalidKeyException("Cannot get an encoding of " + -+ "the key to be wrapped"); -+ } -+ try { -+ return engineDoFinal(encoded, 0, encoded.length); -+ } catch (BadPaddingException e) { -+ throw new InvalidKeyException("Wrapping failed", e); -+ } -+ } -+ -+ // see JCE spec -+ @Override -+ protected Key engineUnwrap(byte[] wrappedKey, String wrappedKeyAlgorithm, int wrappedKeyType) -+ throws InvalidKeyException, NoSuchAlgorithmException { -+ if (wrappedKey == null || wrappedKey.length == 0) { -+ throw new InvalidKeyException("The wrappedKey cannot be null or empty"); -+ } -+ byte[] unWrappedKey; -+ try { -+ unWrappedKey = engineDoFinal(wrappedKey, 0, wrappedKey.length); -+ } catch (IllegalBlockSizeException | BadPaddingException e) { -+ throw new InvalidKeyException("Unwrapping failed", e); -+ } -+ return KAEUtils.ConstructKeys.constructKey(unWrappedKey, wrappedKeyAlgorithm, wrappedKeyType); -+ } -+ -+ // see JCE spec -+ @Override -+ protected void engineInit(int opmode, Key key, SecureRandom random) throws InvalidKeyException { -+ try { -+ engineInit(opmode, key, (AlgorithmParameterSpec) null, random); -+ } catch (InvalidAlgorithmParameterException e) { -+ throw new IllegalArgumentException("cannot handle supplied parameter spec: " + e.getMessage()); -+ } -+ } -+ -+ // see JCE spec -+ @Override -+ protected void engineInit(int opmode, Key key, AlgorithmParameterSpec params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { -+ if (opmode == Cipher.ENCRYPT_MODE || opmode == Cipher.WRAP_MODE) { -+ if (key instanceof KAEECPublicKeyImpl) { -+ this.ecKey = (KAEECPublicKeyImpl) key; -+ } else if (key instanceof ECPublicKey) { -+ this.ecKey = (ECPublicKey) key; -+ } else { -+ throw new InvalidKeyException("must use public EC key for encryption"); -+ } -+ } else if (opmode == Cipher.DECRYPT_MODE || opmode == Cipher.UNWRAP_MODE) { -+ if (key instanceof KAEECPrivateKeyImpl) { -+ this.ecKey = (KAEECPrivateKeyImpl) key; -+ } else if (key instanceof ECPrivateKey) { -+ this.ecKey = (ECPrivateKey) key; -+ } else { -+ throw new InvalidKeyException("must use private EC key for decryption"); -+ } -+ } else { -+ throw new InvalidParameterException("wrong cipher mode, must be ENCRYPT_MODE or WRAP_MODE or DECRYPT_MODE or UNWRAP_MODE"); -+ } -+ -+ try { -+ sm2KeyHolder = new KAESM2KeyHolder(this, ecKey); -+ } catch (InvalidKeyException e) { -+ throw new RuntimeException(e); -+ } -+ this.cipherMode = opmode; -+ this.byteBuf.reset(); -+ } -+ -+ // see JCE spec -+ @Override -+ protected void engineInit(int opmode, Key key, AlgorithmParameters params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { -+ AlgorithmParameterSpec paramSpec = null; -+ if (params != null) { -+ throw new InvalidAlgorithmParameterException("cannot recognise parameters: " + params.getClass().getName()); -+ } -+ engineInit(opmode, key, paramSpec, random); -+ } -+ -+ // see JCE spec -+ @Override -+ protected byte[] engineUpdate(byte[] input, int inputOffset, int inputLen) { -+ byteBuf.write(input, inputOffset, inputLen); -+ return null; -+ } -+ -+ // see JCE spec -+ @Override -+ protected int engineUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throws ShortBufferException { -+ engineUpdate(input, inputOffset, inputLen); -+ return 0; -+ } -+ -+ // see JCE spec -+ @Override -+ protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen) -+ throws IllegalBlockSizeException, BadPaddingException { -+ if (inputLen != 0) { -+ byteBuf.write(input, inputOffset, inputLen); -+ } -+ if(byteBuf.size() == 0){ -+ throw new IllegalBlockSizeException("input buffer too short"); -+ } -+ -+ if (sm2KeyHolder == null) { -+ try { -+ sm2KeyHolder = new KAESM2KeyHolder(this, ecKey); -+ } catch (InvalidKeyException e) { -+ throw new RuntimeException(e); -+ } -+ } -+ -+ long keyAddress = sm2KeyHolder.keyAddress; -+ byte[] out; -+ try { -+ if (cipherMode == Cipher.ENCRYPT_MODE || cipherMode == Cipher.WRAP_MODE) { -+ try { -+ out = nativeSM2Encrypt(keyAddress, byteBuf.toByteArray(), byteBuf.size()); -+ } catch (RuntimeException e) { -+ throw new RuntimeException("KAESM2Cipher native encryption failed: " , e); -+ } -+ } else if (cipherMode == Cipher.DECRYPT_MODE || cipherMode == Cipher.UNWRAP_MODE) { -+ try { -+ out = nativeSM2Decrypt(keyAddress, byteBuf.toByteArray(), byteBuf.size()); -+ } catch (RuntimeException e) { -+ throw new RuntimeException("KAESM2Cipher native decryption failed: " , e); -+ } -+ } else { -+ throw new IllegalStateException("cipher not initialised"); -+ } -+ } finally { -+ byteBuf.reset(); -+ resetKeyHolder(); -+ } -+ return out; -+ } -+ -+ // see JCE spec -+ @Override -+ protected int engineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) -+ throws ShortBufferException, IllegalBlockSizeException, BadPaddingException { -+ byte[] buffer = engineDoFinal(input, inputOffset, inputLen); -+ System.arraycopy(buffer, 0, output, outputOffset, buffer.length); -+ return buffer.length; -+ } -+ -+ /** -+ * The sm2 openssl key holder , use PhantomReference in case of native memory leaks -+ */ -+ private static class KAESM2KeyHolder extends PhantomReference -+ implements Comparable { -+ private static ReferenceQueue referenceQueue = new ReferenceQueue<>(); -+ private static Set referenceList = new ConcurrentSkipListSet<>(); -+ private final long keyAddress; -+ -+ private static boolean disableKaeDispose = Boolean.getBoolean("kae.disableKaeDispose"); -+ -+ KAESM2KeyHolder(KAESM2Cipher sm2Cipher, ECKey sm2Key) throws InvalidKeyException { -+ super(sm2Cipher, referenceQueue); -+ this.keyAddress = getKeyAddress(sm2Key); -+ if (!disableKaeDispose) { -+ referenceList.add(this); -+ drainRefQueueBounded(); -+ } -+ } -+ -+ private static void drainRefQueueBounded() { -+ while (true) { -+ KAESM2KeyHolder next = (KAESM2KeyHolder) referenceQueue.poll(); -+ if (next == null) { -+ break; -+ } -+ next.dispose(true); -+ } -+ } -+ -+ void dispose(boolean needFree) { -+ if (!disableKaeDispose) { -+ referenceList.remove(this); -+ try { -+ if (needFree) { -+ nativeFreeKey(keyAddress); -+ } -+ } finally { -+ this.clear(); -+ } -+ } else { -+ nativeFreeKey(keyAddress); -+ } -+ } -+ -+ @Override -+ public int compareTo(KAESM2KeyHolder other) { -+ if (this.keyAddress == other.keyAddress) { -+ return 0; -+ } else { -+ return (this.keyAddress < other.keyAddress) ? -1 : 1; -+ } -+ } -+ -+ private long getKeyAddress(ECKey sm2Key) throws InvalidKeyException { -+ long address; -+ if (sm2Key instanceof ECPrivateKey) { // ECPrivateKeyImpl -+ address = getKeyAddress((ECPrivateKey) sm2Key); -+ } else if (sm2Key instanceof ECPublicKey) { // ECPublicKeyImpl -+ address = getKeyAddress((ECPublicKey) sm2Key); -+ } else { -+ throw new InvalidKeyException("Invalid SM2Key implement " + sm2Key.getClass()); -+ } -+ return address; -+ } -+ -+ private long getKeyAddress(ECPrivateKey key) throws InvalidKeyException { -+ checkKey(key); -+ long address; -+ int curveLen = (key.getParams().getCurve().getField().getFieldSize() + 7) / 8; -+ try { -+ address = nativeCreateSM2PrivateKey(asUnsignedByteArray(curveLen, key.getS()), false); -+ return address; -+ } catch (RuntimeException e) { -+ throw new InvalidKeyException(e); -+ } -+ } -+ -+ private long getKeyAddress(ECPublicKey key) throws InvalidKeyException { -+ checkKey(key); -+ long address; -+ int curveLen = (key.getParams().getCurve().getField().getFieldSize() + 7) / 8; -+ try { -+ address = nativeCreateSM2PublicKey( -+ asUnsignedByteArray(curveLen, key.getW().getAffineX()), -+ asUnsignedByteArray(curveLen, key.getW().getAffineY()) -+ ); -+ return address; -+ } catch (RuntimeException e) { -+ throw new InvalidKeyException(e); -+ } -+ } -+ -+ private void checkKey(ECPrivateKey key) throws InvalidKeyException { -+ if (key.getS() == null) { -+ throw new InvalidKeyException("Invalid SM2 private key"); -+ } -+ } -+ -+ private void checkKey(ECPublicKey key) throws InvalidKeyException { -+ if (key.getW() == null || key.getW().getAffineX() == null || key.getW().getAffineY() == null) { -+ throw new InvalidKeyException("Invalid SM2 public key"); -+ } -+ } -+ } -+ -+ // reset the key holder -+ private void resetKeyHolder() { -+ if (sm2KeyHolder != null) { -+ sm2KeyHolder.dispose(true); -+ sm2KeyHolder = null; -+ } -+ } -+ -+ // create KAE sm2 private key -+ protected static native long nativeCreateSM2PublicKey(byte[] x, byte[] y); -+ -+ // create KAE sm2 public key -+ protected static native long nativeCreateSM2PrivateKey(byte[] key, boolean sign); -+ -+ // free the key -+ protected static native void nativeFreeKey(long keyAddress); -+ -+ // Encrypt message using sm2 algorithm -+ protected static native byte[] nativeSM2Encrypt(long keyAddress, byte[] input, int inputLen); -+ -+ // Decrypt message using sm2 algorithm -+ protected static native byte[] nativeSM2Decrypt(long keyAddress, byte[] input, int inputLen); -+ -+ private static class KAEByteArrayOutputStream extends ByteArrayOutputStream { -+ @Override -+ public synchronized void reset() { -+ // Clear data. -+ Arrays.fill(buf, (byte) 0); -+ super.reset(); -+ } -+ } -+} -diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAESM2KeyPairGenerator.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAESM2KeyPairGenerator.java -new file mode 100644 -index 000000000..da66c2c53 ---- /dev/null -+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAESM2KeyPairGenerator.java -@@ -0,0 +1,108 @@ -+/* -+ * Copyright (c) 2024, Huawei Technologies Co., Ltd. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+package org.openeuler.security.openssl; -+ -+import java.math.BigInteger; -+import java.security.InvalidAlgorithmParameterException; -+import java.security.InvalidKeyException; -+import java.security.InvalidParameterException; -+import java.security.KeyPair; -+import java.security.ProviderException; -+import java.security.SecureRandom; -+import java.security.spec.AlgorithmParameterSpec; -+import java.security.spec.ECFieldFp; -+import java.security.spec.ECGenParameterSpec; -+import java.security.spec.ECParameterSpec; -+import java.security.spec.ECPoint; -+import java.security.spec.EllipticCurve; -+ -+public class KAESM2KeyPairGenerator extends KAEECKeyPairGenerator { -+ private static final String SUPPORTED_CURVE_NAME = "sm2p256v1"; -+ private static final int SUPPORTED_KEY_SIZE = 256; -+ private ECParameterSpec param = null; -+ -+ @Override -+ public void initialize(int keysize, SecureRandom random) { -+ if (keysize != SUPPORTED_KEY_SIZE) { -+ throw new InvalidParameterException("unknown key size " + keysize); -+ } -+ String curveName = KAEUtils.getCurveByAlias(SUPPORTED_CURVE_NAME); -+ param = getParamsByCurve(curveName); -+ } -+ -+ @Override -+ public void initialize(AlgorithmParameterSpec param, SecureRandom random) -+ throws InvalidAlgorithmParameterException { -+ if (param instanceof ECParameterSpec) { -+ this.param = (ECParameterSpec) param; -+ } else if (param instanceof ECGenParameterSpec) { -+ ECGenParameterSpec ecParam = (ECGenParameterSpec)param; -+ if (!SUPPORTED_CURVE_NAME.equals(ecParam.getName())) { -+ throw new InvalidAlgorithmParameterException("Only support sm2p256v1"); -+ } -+ String curveName = KAEUtils.getCurveByAlias(SUPPORTED_CURVE_NAME); -+ this.param = getParamsByCurve(curveName); -+ } else { -+ throw new InvalidAlgorithmParameterException("ECParameterSpec or ECGenParameterSpec for EC"); -+ } -+ } -+ -+ @Override -+ public KeyPair generateKeyPair() { -+ if (param == null) { -+ String curveName = KAEUtils.getCurveByAlias(SUPPORTED_CURVE_NAME); -+ param = getParamsByCurve(curveName); -+ } -+ EllipticCurve curve = param.getCurve(); -+ ECFieldFp field = (ECFieldFp) curve.getField(); -+ BigInteger p = field.getP(); -+ BigInteger a = curve.getA(); -+ BigInteger b = curve.getB(); -+ ECPoint generator = param.getGenerator(); -+ BigInteger x = generator.getAffineX(); -+ BigInteger y = generator.getAffineY(); -+ BigInteger order = param.getOrder(); -+ int cofactor = param.getCofactor(); -+ -+ byte[][] keys = nativeGenerateKeyPair(p.toByteArray(), a.toByteArray(), -+ b.toByteArray(), x.toByteArray(), y.toByteArray(), order.toByteArray(), cofactor); -+ if (keys == null) { -+ throw new RuntimeException("nativeGenerateKeyPair failed"); -+ } -+ BigInteger wX = new BigInteger(keys[0]); -+ BigInteger wY = new BigInteger(keys[1]); -+ BigInteger s = new BigInteger(keys[2]); -+ ECPoint w = new ECPoint(wX, wY); -+ -+ KAEECPrivateKeyImpl privateKey; -+ KAEECPublicKeyImpl publicKey; -+ try { -+ publicKey = new KAEECPublicKeyImpl(w, param); -+ privateKey = new KAEECPrivateKeyImpl(s, param); -+ } catch (InvalidKeyException e) { -+ throw new ProviderException(e); -+ } -+ return new KeyPair(publicKey, privateKey); -+ } -+} -diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAESM2Signature.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAESM2Signature.java -new file mode 100644 -index 000000000..d250456e3 ---- /dev/null -+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAESM2Signature.java -@@ -0,0 +1,373 @@ -+/* -+ * Copyright (c) 2024, Huawei Technologies Co., Ltd. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. Oracle designates this -+ * particular file as subject to the "Classpath" exception as provided -+ * by Oracle in the LICENSE file that accompanied this code. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+package org.openeuler.security.openssl; -+ -+import java.lang.ref.PhantomReference; -+import java.lang.ref.ReferenceQueue; -+import java.lang.reflect.Field; -+import java.nio.charset.StandardCharsets; -+import java.security.*; -+import java.security.interfaces.ECPrivateKey; -+import java.security.interfaces.ECPublicKey; -+import java.security.spec.AlgorithmParameterSpec; -+import java.util.Set; -+import java.util.concurrent.ConcurrentSkipListSet; -+ -+import static org.openeuler.security.openssl.KAEUtils.asUnsignedByteArray; -+ -+/** -+ * We only support support SM2 signatures with SM3 as the digest algorithm. -+ */ -+public abstract class KAESM2Signature extends SignatureSpi { -+ /** -+ * The current mode, signature or signature verification. -+ */ -+ enum Mode { -+ SIGNATURE, -+ VERIFY -+ } -+ -+ /** -+ * Message digest algorithm name used for signing. Currently, only SM3 is supported. -+ */ -+ enum DigestName { -+ SM3("SM3"); -+ -+ private final String digestName; -+ -+ DigestName(String digestName) { -+ this.digestName = digestName; -+ } -+ -+ public String getDigestValue() { -+ return digestName; -+ } -+ } -+ -+ // message digest algorithm name we use -+ private final DigestName digestName; -+ -+ // private key, if initialized for signing -+ private ECPrivateKey privateKey; -+ -+ // public key, if initialized for verifying -+ private ECPublicKey publicKey; -+ -+ // openssl context, save initialization information and updated messages. -+ private SM2SignCtxHolder ctxHolder; -+ -+ // openssl context copy, reset after signature or verification -+ private SM2SignCtxHolder ctxHolderCopy; -+ -+ // the current mode -+ private Mode mode; -+ -+ // initialized or not -+ private boolean initialized = false; -+ -+ // default value -+ private String id = "1234567812345678"; -+ -+ public KAESM2Signature() throws NoSuchAlgorithmException{ -+ this(DigestName.SM3.getDigestValue()); -+ } -+ -+ public KAESM2Signature(String digest) throws NoSuchAlgorithmException{ -+ if ("SM3".equals(digest)){ -+ this.digestName = DigestName.SM3; -+ }else { -+ throw new NoSuchAlgorithmException("KAESM2Signature not support the " + digest + "digest algorithm"); -+ } -+ } -+ -+ /** -+ * Initializes this signature object with the specified -+ * public key for verification operations. -+ * -+ * @param publicKey the public key of the identity whose signature is -+ * going to be verified. -+ */ -+ @Override -+ protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException { -+ this.publicKey = (ECPublicKey) KAEECKeyFactory.toECKey(publicKey); -+ long keyAddress; -+ try { -+ int curveLen = (this.publicKey.getParams().getCurve().getField().getFieldSize() + 7) / 8; -+ keyAddress = KAESM2Cipher.nativeCreateSM2PublicKey( -+ asUnsignedByteArray(curveLen, this.publicKey.getW().getAffineX()), -+ asUnsignedByteArray(curveLen, this.publicKey.getW().getAffineY())); -+ } catch (RuntimeException e) { -+ throw new RuntimeException("KAESM2Signature nativeCreateSM2PublicKey failed", e); -+ } -+ try { -+ long verifyCtx = nativeInitSM2Ctx(keyAddress, digestName.getDigestValue(), id, Boolean.FALSE); -+ if (verifyCtx == 0){ -+ throw new InvalidKeyException("engineInitSign verifyCtx is invalid"); -+ } -+ this.ctxHolder = new SM2SignCtxHolder(this, verifyCtx); -+ } catch (RuntimeException e) { -+ throw new RuntimeException("KAESM2Signature nativeInitSM2Ctx failed", e); -+ }finally { -+ KAESM2Cipher.nativeFreeKey(keyAddress); -+ } -+ this.mode = Mode.VERIFY; -+ this.initialized = true; -+ } -+ -+ /** -+ * Initializes this signature object with the specified -+ * private key for signing operations. -+ * -+ * @param privateKey the private key of the identity whose signature -+ * will be generated. -+ */ -+ @Override -+ protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException { -+ this.privateKey = (ECPrivateKey) KAEECKeyFactory.toECKey(privateKey); -+ long keyAddress; -+ try { -+ int curveLen = (this.privateKey.getParams().getCurve().getField().getFieldSize() + 7) / 8; -+ keyAddress = KAESM2Cipher.nativeCreateSM2PrivateKey(asUnsignedByteArray(curveLen, this.privateKey.getS()), true); -+ } catch (RuntimeException e) { -+ throw new InvalidKeyException("KAESM2Signature nativeCreateSM2PrivateKey failed", e); -+ } -+ try { -+ long signCtx = nativeInitSM2Ctx(keyAddress, digestName.getDigestValue(), id, Boolean.TRUE); -+ if (signCtx == 0){ -+ throw new InvalidKeyException("engineInitSign signCtx is invalid"); -+ } -+ this.ctxHolder = new SM2SignCtxHolder(this, signCtx); -+ } catch (RuntimeException e) { -+ throw new RuntimeException("KAESM2Signature nativeInitSM2Ctx failed", e); -+ }finally { -+ KAESM2Cipher.nativeFreeKey(keyAddress); -+ } -+ this.mode = Mode.SIGNATURE; -+ this.initialized = true; -+ } -+ -+ // update the signature with the plaintext data. See JCA doc -+ @Override -+ protected void engineUpdate(byte b) throws SignatureException { -+ byte[] msg = new byte[1]; -+ msg[0] = b; -+ engineUpdate(msg, 0, 1); -+ } -+ -+ // update the signature with the plaintext data. See JCA doc -+ @Override -+ protected void engineUpdate(byte[] b, int off, int len) throws SignatureException { -+ if(!initialized || ctxHolder == null){ -+ throw new SignatureException("The engine is not initialized"); -+ } -+ byte[] msg = new byte[len]; -+ System.arraycopy(b, off, msg, 0, len); -+ if (ctxHolderCopy == null) { -+ ctxHolderCopy = createCtxHolder(this, ctxHolder.ctxAddress); -+ } -+ try { -+ if(this.mode == Mode.SIGNATURE){ -+ nativeSM2Update(ctxHolderCopy.ctxAddress, msg, len, Boolean.TRUE); -+ }else { -+ // Mode.VERIFY -+ nativeSM2Update(ctxHolderCopy.ctxAddress, msg, len, Boolean.FALSE); -+ } -+ } catch (RuntimeException e) { -+ throw new RuntimeException("KAESM2Signature nativeSM2Update Failed", e); -+ } -+ } -+ -+ // see JCE spec -+ @Override -+ protected byte[] engineSign() throws SignatureException { -+ if(!initialized || ctxHolder == null){ -+ throw new SignatureException("The engine is not initialized"); -+ } -+ if (ctxHolderCopy == null) { -+ ctxHolderCopy = createCtxHolder(this, ctxHolder.ctxAddress); -+ } -+ byte[] sigBytes; -+ try { -+ sigBytes = nativeSM2SignFinal(ctxHolderCopy.ctxAddress); -+ } catch (SignatureException e){ -+ throw new RuntimeException("KAESM2Signature nativeSM2SignFinal Failed", e); -+ }finally { -+ resetCtxHolderCopy(); -+ } -+ return sigBytes; -+ } -+ -+ // see JCE spec -+ @Override -+ protected boolean engineVerify(byte[] sigBytes) throws SignatureException { -+ if(!initialized || ctxHolder == null){ -+ throw new SignatureException("The engine is not initialized"); -+ } -+ if (ctxHolderCopy == null) { -+ ctxHolderCopy = createCtxHolder(this, ctxHolder.ctxAddress); -+ } -+ try { -+ return nativeSM2VerifyFinal(ctxHolderCopy.ctxAddress, sigBytes, sigBytes.length); -+ } catch (SignatureException e){ -+ throw new RuntimeException("KAESM2Signature nativeSM2VerifyFinal Failed", e); -+ }finally { -+ resetCtxHolderCopy(); -+ } -+ } -+ -+ // set parameter, not supported. See JCA doc -+ @Deprecated -+ @Override -+ protected void engineSetParameter(String param, Object value) throws InvalidParameterException { -+ throw new UnsupportedOperationException("setParameter() not supported"); -+ } -+ -+ @Override -+ protected void engineSetParameter(AlgorithmParameterSpec params) -+ throws InvalidAlgorithmParameterException { -+ if (params == null) { -+ throw new InvalidAlgorithmParameterException("params is null"); -+ } -+ -+ try { -+ Class clazz = params.getClass(); -+ Field field = clazz.getDeclaredField("id"); -+ field.setAccessible(true); -+ byte[] idValue = (byte[]) field.get(params); -+ this.id = new String(idValue, StandardCharsets.UTF_8); -+ } catch (IllegalAccessException | NoSuchFieldException e) { -+ throw new InvalidAlgorithmParameterException("Failed to get id field from params"); -+ } -+ } -+ -+ // get parameter, not supported. See JCA doc -+ @Deprecated -+ @Override -+ protected Object engineGetParameter(String param) throws InvalidParameterException { -+ throw new UnsupportedOperationException("getParameter() not supported"); -+ } -+ -+ /** -+ * The sm2 sign openssl md_ctx holder , use PhantomReference in case of native memory leaks -+ */ -+ private static class SM2SignCtxHolder extends PhantomReference -+ implements Comparable { -+ private static ReferenceQueue referenceQueue = new ReferenceQueue<>(); -+ private static Set referenceList = new ConcurrentSkipListSet<>(); -+ private final long ctxAddress; -+ -+ private static boolean disableKaeDispose = Boolean.getBoolean("kae.disableKaeDispose"); -+ -+ SM2SignCtxHolder(KAESM2Signature sm2Cipher, long ctxAddress) { -+ super(sm2Cipher, referenceQueue); -+ this.ctxAddress = ctxAddress; -+ if (!disableKaeDispose) { -+ referenceList.add(this); -+ drainRefQueueBounded(); -+ } -+ } -+ -+ private static void drainRefQueueBounded() { -+ while (true) { -+ SM2SignCtxHolder next = (SM2SignCtxHolder) referenceQueue.poll(); -+ if (next == null) { -+ break; -+ } -+ next.dispose(true); -+ } -+ } -+ -+ void dispose(boolean needFree) { -+ if (!disableKaeDispose) { -+ referenceList.remove(this); -+ try { -+ if (needFree) { -+ nativeFreeSM2Ctx(ctxAddress); -+ } -+ } finally { -+ this.clear(); -+ } -+ } else { -+ nativeFreeSM2Ctx(ctxAddress); -+ } -+ } -+ -+ @Override -+ public int compareTo(SM2SignCtxHolder other) { -+ if (this.ctxAddress == other.ctxAddress) { -+ return 0; -+ } else { -+ return (this.ctxAddress < other.ctxAddress) ? -1 : 1; -+ } -+ } -+ } -+ -+ // reset the ctx holder -+ private void resetCtxHolderCopy() { -+ if (ctxHolderCopy != null) { -+ ctxHolderCopy.dispose(true); -+ ctxHolderCopy = null; -+ } -+ } -+ -+ private SM2SignCtxHolder createCtxHolder(KAESM2Signature kaesm2Signature, long ctxAddress) { -+ long addr; -+ try { -+ addr = nativeClone(ctxAddress); -+ } catch (RuntimeException e) { -+ throw new RuntimeException("SM2SignCtxHolder nativeClone failed", e); -+ } -+ if (addr == 0) { -+ throw new RuntimeException("SM2SignCtxHolder nativeClone EVP_MD_CTX failed"); -+ } -+ return new SM2SignCtxHolder(kaesm2Signature, addr); -+ } -+ -+ // clone the sign ctx -+ protected static native long nativeClone(long ctxAddress); -+ -+ // free the sign ctx -+ protected static native void nativeFreeSM2Ctx(long ctxAddress); -+ -+ // init openssl sm2 signature context -+ protected static native long nativeInitSM2Ctx(long keyAddress, String digestName, String id, boolean isSign); -+ -+ // update openssl sm2 signature text -+ protected static native void nativeSM2Update(long ctxAddress, byte[] msg, int msgLen, boolean isSign); -+ -+ // sm2 signature do final -+ protected static native byte[] nativeSM2SignFinal(long ctxAddress) throws SignatureException; -+ -+ // sm2 verification do final -+ protected static native boolean nativeSM2VerifyFinal(long ctxAddress, byte[] sigBytes, int sigLen) throws SignatureException; -+ -+ static public class SM3withSM2 -+ extends KAESM2Signature { -+ public SM3withSM2() throws NoSuchAlgorithmException { -+ super(DigestName.SM3.getDigestValue()); -+ } -+ } -+} -diff --git a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEUtils.java b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEUtils.java -index a4a005285..a72e2ad32 100644 ---- a/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEUtils.java -+++ b/src/jdk.crypto.kaeprovider/linux/classes/org/openeuler/security/openssl/KAEUtils.java -@@ -27,6 +27,7 @@ package org.openeuler.security.openssl; - import javax.crypto.Cipher; - import javax.crypto.SecretKey; - import javax.crypto.spec.SecretKeySpec; -+import java.math.BigInteger; - import java.security.*; - import java.security.spec.InvalidKeySpecException; - import java.security.spec.PKCS8EncodedKeySpec; -@@ -198,16 +199,50 @@ class KAEUtils { - } - } - -+ /** -+ * Return the passed in value as an unsigned byte array of the specified length, padded with -+ * leading zeros as necessary.. -+ * -+ * @param length the fixed length of the result -+ * @param value the value to be converted. -+ * @return a byte array padded to a fixed length with leading zeros. -+ */ -+ protected static byte[] asUnsignedByteArray(int length, BigInteger value) { -+ byte[] bytes = value.toByteArray(); -+ if (bytes.length == length) { -+ return bytes; -+ } -+ -+ int start = (bytes[0] == 0 && bytes.length != 1) ? 1 : 0; -+ int count = bytes.length - start; -+ -+ if (count > length) { -+ throw new IllegalArgumentException("standard length exceeded for value"); -+ } -+ -+ byte[] tmp = new byte[length]; -+ System.arraycopy(bytes, start, tmp, tmp.length - count, count); -+ return tmp; -+ } -+ - private static void initECDH() { - SIZE_TO_CURVE.put(224, "secp224r1"); - SIZE_TO_CURVE.put(256, "prime256v1"); - SIZE_TO_CURVE.put(384, "secp384r1"); - SIZE_TO_CURVE.put(521, "secp521r1"); -+ -+ CURVE_ALIAS.put("secp224r1", "secp224r1"); -+ CURVE_ALIAS.put("prime256v1", "prime256v1"); -+ CURVE_ALIAS.put("secp384r1", "secp384r1"); -+ CURVE_ALIAS.put("secp521r1", "secp521r1"); -+ - CURVE_ALIAS.put("secp256r1", "prime256v1"); -+ CURVE_ALIAS.put("sm2p256v1", "SM2"); - CURVE_ALIAS.put("1.3.132.0.33", "secp224r1"); - CURVE_ALIAS.put("1.3.132.0.34", "secp384r1"); - CURVE_ALIAS.put("1.3.132.0.35", "secp521r1"); - CURVE_ALIAS.put("1.2.840.10045.3.1.7", "prime256v1"); -+ CURVE_ALIAS.put("1.2.156.10197.1.301", "SM2"); - } - - static String getCurveBySize(int size) { -diff --git a/src/jdk.crypto.kaeprovider/linux/conf/security/kaeprovider.conf b/src/jdk.crypto.kaeprovider/linux/conf/security/kaeprovider.conf -index 49ff98fd8..ff9da691f 100644 ---- a/src/jdk.crypto.kaeprovider/linux/conf/security/kaeprovider.conf -+++ b/src/jdk.crypto.kaeprovider/linux/conf/security/kaeprovider.conf -@@ -18,6 +18,8 @@ - # kae.rsa=false - # kae.dh=false - # kae.ec=false -+# kae.sm2.cipher=false -+# kae.sm2.signature=false - - # Configure engine id, the default value is kae. - # kae.engine.id=kae -@@ -42,9 +44,11 @@ - # kae.rsa.useKaeEngine=true - # kae.dh.useKaeEngine=true - # kae.ec.useKaeEngine=false -+# kae.sm2.useKaeEngine=false - # - # Some engines do not fully support certain categories of algorithms, for example, the digest --# algorithm implemented by kae engine only supports md5 and sm3.For more information, please refer to: -+# algorithm implemented by kae engine only supports md5 and sm3, asymmetric cipher not support sm2. -+# For more information, please refer to: - # KAE : https://github.com/kunpengcompute/KAE#:~:text=Digest%20algorithm%3A%20SM3/MD5 - # UADK: https://gitee.com/openeuler/uadk/wikis/%E4%BD%BF%E7%94%A8%E6%96%87%E6%A1%A3/UADK%20quick%20start#11-uadk - # -@@ -60,7 +64,8 @@ - # rsa : rsa - # dh : dh - # ec : ec --# kae.engine.disabledAlgorithms=sha256,sha384 -+# sm2 : sm2 -+# kae.engine.disabledAlgorithms=sha256,sha384,sm2 - - # SM4 max chunk size of each encryption or decryption. - # when input data does not have an accessible byte[]. -@@ -72,4 +77,4 @@ - # - # It only takes effect when the property kae.log value is true. - # Configure log file path, default value is System.getProperty("user.dir") + "/ + "kae.log". --# kae.log.file=/home/user/kae.log -\ No newline at end of file -+# kae.log.file=/home/user/kae.log -diff --git a/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_cipher_sm2.c b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_cipher_sm2.c -new file mode 100644 -index 000000000..7f00d8b31 ---- /dev/null -+++ b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_cipher_sm2.c -@@ -0,0 +1,365 @@ -+/* -+ * Copyright (c) 2024, Huawei Technologies Co., Ltd. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+#include -+#include -+#include -+#include -+#include "kae_util.h" -+#include "kae_log.h" -+#include "kae_exception.h" -+#include "org_openeuler_security_openssl_KAESM2Cipher.h" -+ -+static void FreeSM2KeyParam(BIGNUM* bn_x, BIGNUM* bn_y, BIGNUM* bn_key, EC_GROUP* group, EC_POINT* pt) -+{ -+ if (bn_x != NULL) { -+ KAE_ReleaseBigNumFromByteArray(bn_x); -+ } -+ if (bn_y != NULL) { -+ KAE_ReleaseBigNumFromByteArray(bn_y); -+ } -+ if (bn_key != NULL) { -+ KAE_ReleaseBigNumFromByteArray_Clear(bn_key); -+ } -+ if (group != NULL) { -+ EC_GROUP_free(group); -+ } -+ if (pt != NULL) { -+ EC_POINT_free(pt); -+ } -+} -+ -+/* -+ * SM2 encrypt or decrypt, follow the steps below -+ */ -+static jbyteArray SM2_Crypt(JNIEnv *env, jlong keyAddress, jbyteArray inArr, jint inLen, bool isEncrypt) { -+ unsigned char* inbytes = NULL; -+ unsigned char* outbytes = NULL; -+ size_t outLen = 0; -+ jbyteArray outArr = NULL; -+ EVP_PKEY* pkey = NULL; -+ EVP_PKEY_CTX* ctx = NULL; -+ ENGINE* kaeEngine = NULL; -+ -+ // init Engine -+ kaeEngine = GetEngineByAlgorithmIndex(SM2_INDEX); -+ KAE_TRACE("SM2_Crypt: kaeEngine => %p", kaeEngine); -+ -+ if ((inbytes = (unsigned char*)malloc(inLen)) == NULL) { -+ KAE_ThrowOOMException(env, "malloc failed"); -+ goto cleanup; -+ } -+ memset(inbytes, 0, inLen); -+ -+ // get inArr bytes -+ (*env)->GetByteArrayRegion(env, inArr, 0, inLen, (jbyte*)inbytes); -+ if (inbytes == NULL) { -+ KAE_ThrowNullPointerException(env, "GetByteArrayRegion failed"); -+ goto cleanup; -+ } -+ -+ pkey = (EVP_PKEY*) keyAddress; -+ -+ // new ctx -+ if ((ctx = EVP_PKEY_CTX_new(pkey, kaeEngine)) == NULL) { -+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_CTX_new", KAE_ThrowInvalidKeyException); -+ goto cleanup; -+ } -+ -+ // sm2 encrypt/decrypt init -+ if (isEncrypt) { -+ // init encrypt ctx -+ if (EVP_PKEY_encrypt_init(ctx) <= 0) { -+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_encrypt_init", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ -+ // calculated outArr length -+ if (EVP_PKEY_encrypt(ctx, NULL, &outLen, inbytes, inLen) <= 0) { -+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_encrypt failed. calculated outArr length", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ }else { -+ // init decrypt ctx -+ if (EVP_PKEY_decrypt_init(ctx) <= 0) { -+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_decrypt_init", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ -+ // calculated outArr length -+ if (EVP_PKEY_decrypt(ctx, NULL, &outLen, inbytes, inLen) <= 0) { -+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_decrypt failed. calculated outArr length", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ } -+ -+ if ((outbytes = (unsigned char*)malloc(outLen)) == NULL) { -+ KAE_ThrowOOMException(env, "malloc failed"); -+ goto cleanup; -+ } -+ memset(outbytes, 0, outLen); -+ -+ if (isEncrypt) { -+ // sm2 encrypt dofinal -+ if (EVP_PKEY_encrypt(ctx, outbytes, &outLen, inbytes, inLen) <= 0) { -+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_encrypt failed. sm2 encrypt dofinal", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ }else { -+ // sm2 decrypt dofinal -+ if (EVP_PKEY_decrypt(ctx, outbytes, &outLen, inbytes, inLen) <= 0) { -+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_decrypt failed. sm2 decrypt dofinal", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ } -+ KAE_TRACE("SM2_Crypt: finished"); -+ -+ if ((outArr = (*env)->NewByteArray(env, outLen)) == NULL) { -+ KAE_ThrowNullPointerException(env, "NewByteArray failed"); -+ goto cleanup; -+ } -+ (*env)->SetByteArrayRegion(env, outArr, 0, outLen, (jbyte*)outbytes); -+cleanup: -+ if (inbytes != NULL) { -+ memset(inbytes, 0, inLen); -+ free(inbytes); -+ } -+ if (outbytes != NULL) { -+ memset(outbytes, 0, outLen); -+ free(outbytes); -+ } -+ EVP_PKEY_CTX_free(ctx); -+ return outArr; -+} -+ -+/* -+ * Class: KAESM2Cipher -+ * Method: nativeCreateSM2PublicKey -+ * Signature: ([B[B)J -+ */ -+JNIEXPORT jlong JNICALL Java_org_openeuler_security_openssl_KAESM2Cipher_nativeCreateSM2PublicKey(JNIEnv *env, -+ jclass cls, jbyteArray xArr, jbyteArray yArr) { -+ BIGNUM* bn_x = NULL; -+ BIGNUM* bn_y = NULL; -+ EC_GROUP* group = NULL; -+ EC_POINT* pubkey_pt = NULL; -+ EC_KEY* eckey = NULL; -+ EVP_PKEY* pkey = NULL; -+ -+ // convert to big num -+ if ((bn_x = KAE_GetBigNumFromByteArray(env, xArr)) == NULL || -+ (bn_y = KAE_GetBigNumFromByteArray(env, yArr)) == NULL) { -+ goto cleanup; -+ } -+ -+ // new EC_GROUP by curve_name -+ if ((group = EC_GROUP_new_by_curve_name(NID_sm2)) == NULL) { -+ KAE_ThrowFromOpenssl(env, "EC_GROUP_new_by_curve_name", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ -+ // new EC_POINT -+ if((pubkey_pt = EC_POINT_new(group)) == NULL) { -+ KAE_ThrowFromOpenssl(env, "EC_POINT_new", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ -+ // set the x and y coordinates -+ if(EC_POINT_set_affine_coordinates_GFp(group, pubkey_pt, bn_x, bn_y, NULL) <= 0) { -+ KAE_ThrowFromOpenssl(env, "EC_POINT_set_affine_coordinates_GFp", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ -+ // new EC_KEY -+ if ((eckey = EC_KEY_new_by_curve_name(NID_sm2)) == NULL) { -+ KAE_ThrowFromOpenssl(env, "EC_KEY_new_by_curve_name", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ // set ec_key by publickey_point -+ if (EC_KEY_set_public_key(eckey ,pubkey_pt) <= 0) { -+ KAE_ThrowFromOpenssl(env, "EC_KEY_set_public_key", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ -+ // new EVP_PKEY -+ if ((pkey = EVP_PKEY_new()) == NULL) { -+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_new", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ -+ // set the pkey by the ec_key -+ if (EVP_PKEY_assign_EC_KEY(pkey , eckey) <= 0) { -+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_assign_EC_KEY", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ -+ // set the alias type of the key -+ if (EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) <= 0) { -+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_set_alias_type", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ -+ FreeSM2KeyParam(bn_x, bn_y, NULL, group, pubkey_pt); -+ KAE_TRACE("KAESM2Cipher_nativeCreateSM2PublicKey: finished"); -+ return (jlong)pkey; -+cleanup: -+ FreeSM2KeyParam(bn_x, bn_y, NULL, group, pubkey_pt); -+ if (eckey != NULL) { -+ EC_KEY_free(eckey); -+ } -+ if (pkey != NULL) { -+ EVP_PKEY_free(pkey); -+ } -+ return 0; -+} -+ -+/* -+ * Class: KAESM2Cipher -+ * Method: nativeCreateSM2PrivateKey -+ * Signature: ([B[B)J -+ */ -+JNIEXPORT jlong JNICALL Java_org_openeuler_security_openssl_KAESM2Cipher_nativeCreateSM2PrivateKey(JNIEnv *env, -+ jclass cls, jbyteArray keyArr, jboolean sign) { -+ BIGNUM* bn_key = NULL; -+ EC_KEY* eckey = NULL; -+ EVP_PKEY* pkey = NULL; -+ EC_GROUP* group = NULL; -+ EC_POINT* pt = NULL; -+ -+ // convert to big num -+ if ((bn_key = KAE_GetBigNumFromByteArray(env, keyArr)) == NULL) { -+ goto cleanup; -+ } -+ -+ // new EC_KEY -+ if ((eckey = EC_KEY_new_by_curve_name(NID_sm2)) == NULL) { -+ KAE_ThrowFromOpenssl(env, "EC_KEY_new_by_curve_name", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ -+ // set the ec_key by bn_key -+ if ((EC_KEY_set_private_key(eckey ,bn_key)) <= 0) { -+ KAE_ThrowFromOpenssl(env, "EC_KEY_set_private_key", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ -+ // new group by curve_name -+ if ((group = EC_GROUP_new_by_curve_name(NID_sm2)) == NULL) { -+ KAE_ThrowFromOpenssl(env, "EC_GROUP_new_by_curve_name", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ -+ if(sign) { -+ // new EC_POINT -+ if ((pt = EC_POINT_new(group)) == NULL) { -+ KAE_ThrowFromOpenssl(env, "EC_POINT_new", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ -+ // calculation of EC_POINT by EC_POINT_mul functions -+ if (EC_POINT_mul(group, pt, bn_key, NULL, NULL, NULL) <= 0) { -+ KAE_ThrowFromOpenssl(env, "EC_POINT_mul", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ -+ // set ec_key by ec_point -+ if (EC_KEY_set_public_key(eckey ,pt) <= 0) { -+ KAE_ThrowFromOpenssl(env, "EC_KEY_set_public_key", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ } -+ -+ // new EVP_PKEY -+ if ((pkey = EVP_PKEY_new()) == NULL) { -+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_new", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ -+ // set the pkey by the ec_key -+ if (EVP_PKEY_assign_EC_KEY(pkey , eckey) <= 0) { -+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_assign_EC_KEY", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ -+ // set the alias type of the key -+ if (EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) <= 0) { -+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_set_alias_type", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ -+ FreeSM2KeyParam(NULL, NULL, bn_key, group, pt); -+ KAE_TRACE("KAESM2Cipher_nativeCreateSM2PrivateKey: finished"); -+ return (jlong)pkey; -+cleanup: -+ FreeSM2KeyParam(NULL, NULL, bn_key, group, pt); -+ if (eckey != NULL) { -+ EC_KEY_free(eckey); -+ } -+ if (pkey != NULL) { -+ EVP_PKEY_free(pkey); -+ } -+ return 0; -+} -+ -+/* -+ * Class: KAESM2Cipher -+ * Method: nativeFreeKey -+ * Signature: (J)V -+ */ -+JNIEXPORT void JNICALL Java_org_openeuler_security_openssl_KAESM2Cipher_nativeFreeKey(JNIEnv *env, -+ jclass cls, jlong keyAddress) { -+ KAE_TRACE("KAESM2Cipher_nativeFreeKey(keyAddress = %p)", keyAddress); -+ -+ if(keyAddress == 0){ -+ KAE_ThrowInvalidKeyException(env, "nativeFreeKey failed. keyAddress is Invalid"); -+ return; -+ } -+ EVP_PKEY* pkey = (EVP_PKEY*) keyAddress; -+ if (pkey != NULL) { -+ EVP_PKEY_free(pkey); -+ } -+ -+ KAE_TRACE("KAESM2Cipher_nativeFreeKey: finished"); -+} -+ -+/* -+ * Class: KAESM2Cipher -+ * Method: nativeSM2Encrypt -+ * Signature: (J[BI)[B -+ */ -+JNIEXPORT jbyteArray JNICALL Java_org_openeuler_security_openssl_KAESM2Cipher_nativeSM2Encrypt(JNIEnv *env, -+ jclass cls, jlong keyAddress, jbyteArray inArr, jint inLen) { -+ KAE_TRACE("KAESM2Cipher_nativeSM2Encrypt(keyAddress = %p, inArr = %p, inLen = %d)", keyAddress, inArr, inLen); -+ return SM2_Crypt(env, keyAddress, inArr, inLen, true); -+} -+ -+/* -+ * Class: KAESM2Cipher -+ * Method: nativeSM2Decrypt -+ * Signature: (J[BI)[B -+ */ -+JNIEXPORT jbyteArray JNICALL Java_org_openeuler_security_openssl_KAESM2Cipher_nativeSM2Decrypt(JNIEnv *env, -+ jclass cls, jlong keyAddress, jbyteArray inArr, jint inLen) { -+ KAE_TRACE("KAESM2Cipher_nativeSM2Decrypt(keyAddress = %p, inArr = %p, inLen = %d)", keyAddress, inArr, inLen); -+ return SM2_Crypt(env, keyAddress, inArr, inLen, false); -+} -diff --git a/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_exception.c b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_exception.c -index c0579ebf4..41d5934a9 100644 ---- a/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_exception.c -+++ b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_exception.c -@@ -26,7 +26,6 @@ - #include - #include "kae_log.h" - #include "kae_exception.h" --#include "openssl_ad.h" - - void KAE_ThrowByName(JNIEnv* env, const char* name, const char* msg) { - jclass cls = (*env)->FindClass(env, name); -diff --git a/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_signature_sm2.c b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_signature_sm2.c -new file mode 100644 -index 000000000..6e00be093 ---- /dev/null -+++ b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_signature_sm2.c -@@ -0,0 +1,284 @@ -+/* -+ * Copyright (c) 2024, Huawei Technologies Co., Ltd. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+#include "org_openeuler_security_openssl_KAESM2Signature.h" -+#include "kae_util.h" -+#include "kae_log.h" -+#include "kae_exception.h" -+#include -+#include -+#include -+#include -+ -+static const EVP_MD* GetEVP_MDByName(JNIEnv *env, const char* algo) -+{ -+ static const EVP_MD* sm3 = NULL; -+ -+ if (strcasecmp(algo, "SM3") == 0) { -+ return sm3 == NULL ? sm3 = EVP_sm3() : sm3; -+ } else { -+ KAE_ThrowRuntimeException(env, "GetEVP_MDByName error"); -+ return NULL; -+ } -+} -+ -+/* -+* Class: org_openeuler_security_openssl_KAESM2Signature -+* Method: nativeClone -+* Signature: (J)J -+*/ -+JNIEXPORT jlong JNICALL -+Java_org_openeuler_security_openssl_KAESM2Signature_nativeClone(JNIEnv *env, jclass cls, jlong ctxAddress) -+{ -+ EVP_MD_CTX* ctx = (EVP_MD_CTX*) ctxAddress; -+ KAE_TRACE("KAESM2Signature_nativeClone: ctx = %p", ctx); -+ if (ctx == NULL) { -+ return 0; -+ } -+ -+ EVP_MD_CTX* ctxCopy = EVP_MD_CTX_create(); -+ if (ctxCopy == NULL) { -+ KAE_ThrowOOMException(env, "create EVP_MD_CTX fail"); -+ return 0; -+ } -+ KAE_TRACE("KAESM2Signature_nativeClone: create ctxCopy => %p", ctxCopy); -+ -+ int result_code = EVP_MD_CTX_copy_ex(ctxCopy, ctx); -+ if (result_code == 0) { -+ KAE_ThrowFromOpenssl(env, "EVP_MD_CTX_copy_ex failed", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ KAE_TRACE("KAESM2Signature_nativeClone EVP_MD_CTX_copy_ex(ctxCopy = %p, ctx = %p) success", ctxCopy, ctx); -+ KAE_TRACE("KAESM2Signature_nativeClone: finished"); -+ return (jlong) ctxCopy; -+ -+cleanup: -+ if (ctxCopy != NULL) { -+ EVP_MD_CTX_free(ctxCopy); -+ } -+ return 0; -+} -+ -+/* -+ * Class: org_openeuler_security_openssl_KAESM2Signature -+ * Method: nativeFreeSM2Ctx -+ * Signature: (J)V -+ */ -+JNIEXPORT void JNICALL Java_org_openeuler_security_openssl_KAESM2Signature_nativeFreeSM2Ctx(JNIEnv *env, -+ jclass cls, jlong ctxAddress) -+{ -+ if(ctxAddress == 0){ -+ KAE_ThrowInvalidKeyException(env, "nativeFreeSM2Ctx failed. ctxAddress is Invalid"); -+ } -+ EVP_MD_CTX *md_ctx = (EVP_MD_CTX*) ctxAddress; -+ if (md_ctx != NULL) { -+ EVP_MD_CTX_free(md_ctx); -+ } -+ KAE_TRACE("KAESM2Signature_nativeFreeSM2Ctx: finished"); -+} -+ -+/* -+ * Class: org_openeuler_security_openssl_KAESM2Signature -+ * Method: nativeInitSM2Ctx -+ * Signature: (JLjava/lang/String;Z)J -+ */ -+JNIEXPORT jlong JNICALL Java_org_openeuler_security_openssl_KAESM2Signature_nativeInitSM2Ctx(JNIEnv *env, -+ jclass cls, jlong keyAddress, jstring digestName, jstring id, jboolean isSign) -+{ -+ EVP_MD_CTX* md_ctx = NULL; -+ EVP_PKEY_CTX* pctx = NULL; -+ EVP_PKEY* pkey = NULL; -+ pkey = (EVP_PKEY*) keyAddress; -+ ENGINE* kaeEngine = NULL; -+ -+ // init engine -+ kaeEngine = GetEngineByAlgorithmIndex(SM2_INDEX); -+ KAE_TRACE("KAESM2Signature_nativeInitSM2Ctx: kaeEngine => %p", kaeEngine); -+ -+ const char* algo = (*env)->GetStringUTFChars(env, digestName, 0); -+ const char* sm2_id = (*env)->GetStringUTFChars(env, id, 0); -+ -+ // new pkey_ctx -+ if ((pctx = EVP_PKEY_CTX_new(pkey, kaeEngine)) == NULL) { -+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_CTX_new", KAE_ThrowInvalidKeyException); -+ goto cleanup; -+ } -+ -+ // set default_sm_id in pkey_ctx -+ if (EVP_PKEY_CTX_set1_id(pctx, sm2_id, strlen(sm2_id)) <= 0) { -+ KAE_ThrowFromOpenssl(env, "EVP_PKEY_CTX_set1_id", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ -+ // new md_ctx -+ if ((md_ctx = EVP_MD_CTX_new()) == NULL) { -+ KAE_ThrowFromOpenssl(env, "EVP_MD_CTX_new", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ -+ // set pkey_ctx in md_ctx -+ EVP_MD_CTX_set_pkey_ctx(md_ctx, pctx); -+ -+ // init md_ctx -+ if(isSign){ -+ if (EVP_DigestSignInit(md_ctx, NULL, GetEVP_MDByName(env, algo), kaeEngine, pkey) <= 0) { -+ KAE_ThrowFromOpenssl(env, "EVP_DigestSignInit", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ }else { -+ if (EVP_DigestVerifyInit(md_ctx, NULL, GetEVP_MDByName(env, algo), kaeEngine, pkey) <= 0) { -+ KAE_ThrowFromOpenssl(env, "EVP_DigestVerifyInit", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ } -+ (*env)->ReleaseStringUTFChars(env, digestName, algo); -+ (*env)->ReleaseStringUTFChars(env, id, sm2_id); -+ return (jlong)md_ctx; -+cleanup: -+ (*env)->ReleaseStringUTFChars(env, digestName, algo); -+ (*env)->ReleaseStringUTFChars(env, id, sm2_id); -+ if (pctx != NULL) { -+ EVP_PKEY_CTX_free(pctx); -+ } -+ if (md_ctx != NULL) { -+ EVP_MD_CTX_free(md_ctx); -+ } -+ return 0; -+} -+ -+/* -+ * Class: org_openeuler_security_openssl_KAESM2Signature -+ * Method: nativeSM2Update -+ * Signature: (J[BIZ)V -+ */ -+JNIEXPORT void JNICALL Java_org_openeuler_security_openssl_KAESM2Signature_nativeSM2Update(JNIEnv *env, -+ jclass cls, jlong ctxAddress, jbyteArray msgArr, jint msgLen, jboolean isSign) -+{ -+ EVP_MD_CTX* md_ctx = NULL; -+ unsigned char* msg = NULL; -+ md_ctx = (EVP_MD_CTX*) ctxAddress; -+ -+ if ((msg = (unsigned char*)malloc(msgLen)) == NULL) { -+ KAE_ThrowOOMException(env, "malloc error"); -+ goto cleanup; -+ } -+ memset(msg, 0, msgLen); -+ -+ (*env)->GetByteArrayRegion(env, msgArr, 0, msgLen, (jbyte*)msg); -+ -+ if(isSign){ -+ if (EVP_DigestSignUpdate(md_ctx, msg, msgLen) <= 0) { -+ KAE_ThrowFromOpenssl(env, "EVP_DigestSignUpdate", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ }else { -+ if (EVP_DigestVerifyUpdate(md_ctx, msg, msgLen) <= 0) { -+ KAE_ThrowFromOpenssl(env, "EVP_DigestVerifyUpdate", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ } -+ KAE_TRACE("KAESM2Signature_nativeSM2Update: finished"); -+cleanup: -+ if (msg != NULL) { -+ memset(msg, 0, msgLen); -+ free(msg); -+ } -+} -+ -+/* -+ * Class: org_openeuler_security_openssl_KAESM2Signature -+ * Method: nativeSM2SignFinal -+ * Signature: (J)[B -+ */ -+JNIEXPORT jbyteArray JNICALL Java_org_openeuler_security_openssl_KAESM2Signature_nativeSM2SignFinal(JNIEnv *env, -+ jclass cls, jlong ctxAddress) -+{ -+ EVP_MD_CTX* md_ctx = NULL; -+ unsigned char* sig = NULL; -+ size_t sig_len = 0; -+ jbyteArray sigByteArray = NULL; -+ md_ctx = (EVP_MD_CTX*) ctxAddress; -+ -+ // determine the size of the signature -+ if (EVP_DigestSignFinal(md_ctx, NULL, &sig_len) <= 0) { -+ KAE_ThrowFromOpenssl(env, "EVP_DigestSignFinal", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ -+ if ((sig = malloc(sig_len)) == NULL) { -+ KAE_ThrowOOMException(env, "malloc error"); -+ goto cleanup; -+ } -+ memset(sig, 0, sig_len); -+ -+ // sign -+ if (EVP_DigestSignFinal(md_ctx, sig, &sig_len) <= 0) { -+ KAE_ThrowFromOpenssl(env, "EVP_DigestSignFinal", KAE_ThrowSignatureException); -+ goto cleanup; -+ } -+ -+ if ((sigByteArray = (*env)->NewByteArray(env, sig_len)) == NULL) { -+ goto cleanup; -+ } -+ (*env)->SetByteArrayRegion(env, sigByteArray, 0, sig_len, (jbyte*)sig); -+ KAE_TRACE("KAESM2Signature_nativeSM2SignFinal: finished"); -+cleanup: -+ if (sig != NULL) { -+ memset(sig, 0, sig_len); -+ free(sig); -+ } -+ return sigByteArray; -+} -+ -+/* -+ * Class: org_openeuler_security_openssl_KAESM2Signature -+ * Method: nativeSM2VerifyFinal -+ * Signature: (J[B)Z -+ */ -+JNIEXPORT jboolean JNICALL Java_org_openeuler_security_openssl_KAESM2Signature_nativeSM2VerifyFinal(JNIEnv *env, -+ jclass cls, jlong ctxAddress, jbyteArray sigBytesArr, jint sigLen) -+{ -+ EVP_MD_CTX* md_ctx = NULL; -+ unsigned char* sigBytes = NULL; -+ jboolean isSuccess = JNI_FALSE; -+ md_ctx = (EVP_MD_CTX*) ctxAddress; -+ -+ if ((sigBytes = (unsigned char*)malloc(sigLen)) == NULL) { -+ KAE_ThrowOOMException(env, "malloc error"); -+ goto cleanup; -+ } -+ (*env)->GetByteArrayRegion(env, sigBytesArr, 0, sigLen, (jbyte*)sigBytes); -+ -+ // verify -+ if (EVP_DigestVerifyFinal(md_ctx, sigBytes, sigLen) <= 0) { -+ KAE_ThrowFromOpenssl(env, "EVP_DigestVerifyFinal", KAE_ThrowSignatureException); -+ goto cleanup; -+ } -+ isSuccess = JNI_TRUE; -+cleanup: -+ if (sigBytes != NULL) { -+ memset(sigBytes, 0, sigLen); -+ free(sigBytes); -+ } -+ return isSuccess; -+} -diff --git a/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_symmetric_cipher.c b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_symmetric_cipher.c -index 67151f53a..220964d5f 100644 ---- a/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_symmetric_cipher.c -+++ b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_symmetric_cipher.c -@@ -146,6 +146,7 @@ Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeInit(JNIEnv* en - const EVP_CIPHER* cipher = NULL; - ENGINE* kaeEngine = NULL; - int keyLength = (*env)->GetArrayLength(env, key); -+ int ivLength = 0; - - const char* algo = (*env)->GetStringUTFChars(env, cipherType, 0); - if (StartsWith("aes", algo)) { -@@ -158,7 +159,6 @@ Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeInit(JNIEnv* en - - KAE_TRACE("KAESymmetricCipherBase_nativeInit: kaeEngine => %p", kaeEngine); - -- (*env)->ReleaseStringUTFChars(env, cipherType, algo); - if (cipher == NULL) { - KAE_ThrowOOMException(env, "create EVP_CIPHER fail"); - goto cleanup; -@@ -170,19 +170,35 @@ Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeInit(JNIEnv* en - - if (iv != NULL) { - ivBytes = (*env)->GetByteArrayElements(env, iv, NULL); -+ ivLength = (*env)->GetArrayLength(env, iv); - } - if (key != NULL) { - keyBytes = (*env)->GetByteArrayElements(env, key, NULL); - } - -- if (!EVP_CipherInit_ex(ctx, cipher, kaeEngine, (const unsigned char*)keyBytes, -- (const unsigned char*)ivBytes, encrypt ? 1 : 0)) { -+ if (!EVP_CipherInit_ex(ctx, cipher, kaeEngine, NULL, -+ NULL, encrypt ? 1 : 0)) { - KAE_ThrowFromOpenssl(env, "EVP_CipherInit_ex failed", KAE_ThrowRuntimeException); - goto cleanup; - } - -+ if (strcasecmp(algo + 8, "gcm") == 0) { -+ /* Set IV length if default 12 bytes (96 bits) is not appropriate */ -+ if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ivLength, NULL)) { -+ KAE_ThrowFromOpenssl(env, "EVP_CIPHER_CTX_ctrl failed", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ } -+ -+ if (!EVP_CipherInit_ex(ctx, NULL, kaeEngine, (const unsigned char*)keyBytes, -+ (const unsigned char*)ivBytes, encrypt ? 1 : 0)) { -+ KAE_ThrowFromOpenssl(env, "EVP_CipherInit_ex int key & iv failed", KAE_ThrowRuntimeException); -+ goto cleanup; -+ } -+ - EVP_CIPHER_CTX_set_padding(ctx, padding ? 1 : 0); - -+ (*env)->ReleaseStringUTFChars(env, cipherType, algo); - FreeMemoryFromInit(env, iv, ivBytes, key, keyBytes, keyLength); - return (jlong)ctx; - -@@ -190,6 +206,7 @@ cleanup: - if (ctx != NULL) { - EVP_CIPHER_CTX_free(ctx); - } -+ (*env)->ReleaseStringUTFChars(env, cipherType, algo); - FreeMemoryFromInit(env, iv, ivBytes, key, keyBytes, keyLength); - return 0; - } -diff --git a/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_util.c b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_util.c -index 471ae834b..66d0cc256 100644 ---- a/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_util.c -+++ b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_util.c -@@ -78,6 +78,12 @@ void KAE_ReleaseBigNumFromByteArray(BIGNUM* bn) { - } - } - -+void KAE_ReleaseBigNumFromByteArray_Clear(BIGNUM* bn) { -+ if (bn != NULL) { -+ BN_clear_free(bn); -+ } -+} -+ - jbyteArray KAE_GetByteArrayFromBigNum(JNIEnv* env, const BIGNUM* bn) { - if (bn == NULL) { - return NULL; -@@ -111,7 +117,7 @@ cleanup: - return javaBytes; - } - --#define ENGINE_LENGTH (EC_INDEX + 1) -+#define ENGINE_LENGTH (SM2_INDEX + 1) - static ENGINE* engines[ENGINE_LENGTH] = {NULL}; - static jboolean engineFlags[ENGINE_LENGTH] = {JNI_FALSE}; - static KAEAlgorithm kaeAlgorithms[ENGINE_LENGTH] = { -@@ -143,7 +149,8 @@ static KAEAlgorithm kaeAlgorithms[ENGINE_LENGTH] = { - {HMAC_SHA512_INDEX, "hmac-sha512"}, - {RSA_INDEX, "rsa"}, - {DH_INDEX, "dh"}, -- {EC_INDEX, "ec"} -+ {EC_INDEX, "ec"}, -+ {SM2_INDEX, "sm2"} - }; - - void initEngines(JNIEnv* env, jbooleanArray algorithmKaeFlags) { -diff --git a/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_util.h b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_util.h -index 6eb980d62..5df310ba7 100644 ---- a/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_util.h -+++ b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/kae_util.h -@@ -56,7 +56,8 @@ typedef enum { - HMAC_SHA512_INDEX, - RSA_INDEX, - DH_INDEX, -- EC_INDEX -+ EC_INDEX, -+ SM2_INDEX - } AlgorithmIndex; - - typedef struct { -@@ -70,6 +71,9 @@ BIGNUM* KAE_GetBigNumFromByteArray(JNIEnv* env, jbyteArray byteArray); - /* release BIGNUM allocat from */ - void KAE_ReleaseBigNumFromByteArray(BIGNUM* bn); - -+/* release BIGNUM allocat from and clear data*/ -+void KAE_ReleaseBigNumFromByteArray_Clear(BIGNUM* bn); -+ - /* BIGNUM convert to jbyteArray */ - jbyteArray KAE_GetByteArrayFromBigNum(JNIEnv* env, const BIGNUM* bn); - -diff --git a/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/openssl_ad.h b/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/openssl_ad.h -deleted file mode 100644 -index f4b552137..000000000 ---- a/src/jdk.crypto.kaeprovider/linux/native/libj2kae/org/openeuler/security/openssl/openssl_ad.h -+++ /dev/null -@@ -1,10 +0,0 @@ --#include --#include -- --#if defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3 -- --// ERR_GET_FUNC() was removed since Openssl3 --#ifndef ERR_GET_FUNC --#define ERR_GET_FUNC(e) (int)(((e) >> 12L) & 0xFFFL) --#endif --#endif -diff --git a/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java b/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java -index 117fea688..497a4b201 100644 ---- a/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java -+++ b/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java -@@ -1236,13 +1236,13 @@ public class Main { - if ((legacyAlg & 8) == 8) { - warnings.add(String.format( - rb.getString("The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk..This.key.size.will.be.disabled.in.a.future.update."), -- KeyUtil.fullDisplayAlgName(privateKey), KeyUtil.getKeySize(privateKey))); -+ KeyUtil.fullDisplayAlgName(privateKey, rb), KeyUtil.getKeySize(privateKey))); - } - - if ((disabledAlg & 8) == 8) { - errors.add(String.format( - rb.getString("The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk.and.is.disabled."), -- KeyUtil.fullDisplayAlgName(privateKey), KeyUtil.getKeySize(privateKey))); -+ KeyUtil.fullDisplayAlgName(privateKey, rb), KeyUtil.getKeySize(privateKey))); - } - } else { - if ((legacyAlg & 1) != 0) { -@@ -1266,7 +1266,7 @@ public class Main { - if ((legacyAlg & 8) == 8) { - warnings.add(String.format( - rb.getString("The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk..This.key.size.will.be.disabled.in.a.future.update."), -- KeyUtil.fullDisplayAlgName(weakPublicKey), KeyUtil.getKeySize(weakPublicKey))); -+ KeyUtil.fullDisplayAlgName(weakPublicKey, rb), KeyUtil.getKeySize(weakPublicKey))); - } - } - -@@ -1445,7 +1445,7 @@ public class Main { - disabledAlgFound = true; - if (key instanceof ECKey) { - return String.format(rb.getString("key.bit.eccurve.disabled"), kLen, -- KeyUtil.fullDisplayAlgName(key)); -+ KeyUtil.fullDisplayAlgName(key, rb)); - } else { - return String.format(rb.getString("key.bit.disabled"), kLen); - } -@@ -1462,7 +1462,7 @@ public class Main { - legacyAlg |= 8; - if (key instanceof ECKey) { - return String.format(rb.getString("key.bit.eccurve.weak"), kLen, -- KeyUtil.fullDisplayAlgName(key)); -+ KeyUtil.fullDisplayAlgName(key, rb)); - } else { - return String.format(rb.getString("key.bit.weak"), kLen); - } -@@ -1520,7 +1520,7 @@ public class Main { - } catch (CertPathValidatorException e) { - if (key instanceof ECKey) { - return String.format(rb.getString("key.bit.eccurve.disabled"), kLen, -- KeyUtil.fullDisplayAlgName(key)); -+ KeyUtil.fullDisplayAlgName(key, rb)); - } else { - return String.format(rb.getString("key.bit.disabled"), kLen); - } -@@ -1535,7 +1535,7 @@ public class Main { - } catch (CertPathValidatorException e) { - if (key instanceof ECKey) { - return String.format(rb.getString("key.bit.eccurve.weak"), kLen, -- KeyUtil.fullDisplayAlgName(key)); -+ KeyUtil.fullDisplayAlgName(key, rb)); - } else { - return String.format(rb.getString("key.bit.weak"), kLen); - } -diff --git a/test/jdk/java/security/KeyAgreement/KeyAgreementTest.java b/test/jdk/java/security/KeyAgreement/KeyAgreementTest.java -index 398e3ea2a..1e5eb9680 100644 ---- a/test/jdk/java/security/KeyAgreement/KeyAgreementTest.java -+++ b/test/jdk/java/security/KeyAgreement/KeyAgreementTest.java -@@ -39,7 +39,6 @@ import java.security.KeyPairGenerator; - import java.security.spec.NamedParameterSpec; - import java.security.spec.AlgorithmParameterSpec; - import java.security.spec.ECGenParameterSpec; --import java.security.Security; - import java.util.ArrayList; - import java.util.Arrays; - import java.util.List; -@@ -54,13 +53,7 @@ public class KeyAgreementTest { - String kpgAlgo = args[1]; - String provider = System.getProperty("test.provider.name", args[2]); - System.out.println("Testing " + kaAlgo); -- AlgoSpec aSpec; -- if (Security.getProperty("security.provider.1").equals("KAEProvider") && -- kaAlgo.equals("ECDH")) { -- aSpec = AlgoSpec.valueOf(AlgoSpec.class, "KAEECDH"); -- } else { -- aSpec = AlgoSpec.valueOf(AlgoSpec.class, kaAlgo); -- } -+ AlgoSpec aSpec = AlgoSpec.valueOf(AlgoSpec.class, kaAlgo); - List specs = aSpec.getAlgorithmParameterSpecs(); - for (AlgorithmParameterSpec spec : specs) { - testKeyAgreement(provider, kaAlgo, kpgAlgo, spec); -@@ -77,7 +70,6 @@ public class KeyAgreementTest { - // "java.base/share/classes/sun/security/util/CurveDB.java" - - ECDH("secp256r1", "secp384r1", "secp521r1"), -- KAEECDH("secp224r1", "secp256r1", "secp384r1", "secp521r1"), - XDH("X25519", "X448", "x25519"), - // There is no curve for DiffieHellman - DiffieHellman(new String[]{}); -@@ -89,7 +81,6 @@ public class KeyAgreementTest { - for (String crv : curves) { - switch (this.name()) { - case "ECDH": -- case "KAEECDH": - specs.add(new ECGenParameterSpec(crv)); - break; - case "XDH": -diff --git a/test/jdk/java/security/Signature/SignatureGetInstance.java b/test/jdk/java/security/Signature/SignatureGetInstance.java -index 536c3ba67..860382e15 100644 ---- a/test/jdk/java/security/Signature/SignatureGetInstance.java -+++ b/test/jdk/java/security/Signature/SignatureGetInstance.java -@@ -55,12 +55,11 @@ public class SignatureGetInstance { - MyPubKey testPub = new MyPubKey(); - - Provider kaeProvider = Security.getProvider("KAEProvider"); -- String expectedProvName = kaeProvider != null ? "KAEProvider" : "SunRsaSign"; -- -+ String expectedProvName = kaeProvider != null ? "KAEProvider" : System.getProperty("test.provider.name", "SunRsaSign"); - - testDblInit(testPriv, testPub, true, "TestProvider"); -- testDblInit(kp.getPrivate(), kp.getPublic(), true, -- System.getProperty("test.provider.name", expectedProName)); -+ testDblInit(kp.getPrivate(), kp.getPublic(), true, expectedProvName); -+ - testDblInit(testPriv, kp.getPublic(), false, null); - testDblInit(kp.getPrivate(), testPub, false, null); - -diff --git a/test/jdk/javax/crypto/KEM/GenLargeNumberOfKeys.java b/test/jdk/javax/crypto/KEM/GenLargeNumberOfKeys.java -index 6bcf4346c..4c9bc28e4 100644 ---- a/test/jdk/javax/crypto/KEM/GenLargeNumberOfKeys.java -+++ b/test/jdk/javax/crypto/KEM/GenLargeNumberOfKeys.java -@@ -49,12 +49,14 @@ public class GenLargeNumberOfKeys { - - private static void testAlgo(KEM kem, String algo, String curveId) throws Exception { - KeyPair kp = genKeyPair(algo, curveId); -- KEM.Encapsulator e = kem.newEncapsulator(kp.getPublic()); -- KEM.Decapsulator d = kem.newDecapsulator(kp.getPrivate()); -- for (int i = 0; i < COUNT; i++) { -- test(e, d); -+ if (!kp.getPrivate().getClass().getSimpleName().equals("KAEECPrivateKeyImpl")) { -+ KEM.Encapsulator e = kem.newEncapsulator(kp.getPublic()); -+ KEM.Decapsulator d = kem.newDecapsulator(kp.getPrivate()); -+ for (int i = 0; i < COUNT; i++) { -+ test(e, d); -+ } -+ System.out.println(algo + ": test Successful"); - } -- System.out.println(algo + ": test Successful"); - } - - private static KeyPair genKeyPair(String algo, String curveId) throws Exception { -diff --git a/test/jdk/javax/crypto/KEM/KemTest.java b/test/jdk/javax/crypto/KEM/KemTest.java -index cc26871d3..c4bdc25d0 100644 ---- a/test/jdk/javax/crypto/KEM/KemTest.java -+++ b/test/jdk/javax/crypto/KEM/KemTest.java -@@ -97,62 +97,64 @@ public class KemTest { - try { - KeyPair kp = keyPair.gen(algo, curveId); - KEM.Encapsulator encT = kem.newEncapsulator(kp.getPublic()); -- Asserts.assertEQ(encT.providerName(), PROVIDER); -- KEM.Encapsulated enc = encT.encapsulate(); -- KEM.Encapsulated enc1 = encT.encapsulate(); -+ if (!kp.getPrivate().getClass().getSimpleName().equals("KAEECPrivateKeyImpl")) { -+ Asserts.assertEQ(encT.providerName(), PROVIDER); -+ KEM.Encapsulated enc = encT.encapsulate(); -+ KEM.Encapsulated enc1 = encT.encapsulate(); - -- KEM kem1 = KEM.getInstance(ALGO, PROVIDER); -- KEM.Encapsulator encT2 = kem1.newEncapsulator(kp.getPublic()); -- KEM.Encapsulated enc2 = encT2.encapsulate(); -+ KEM kem1 = KEM.getInstance(ALGO, PROVIDER); -+ KEM.Encapsulator encT2 = kem1.newEncapsulator(kp.getPublic()); -+ KEM.Encapsulated enc2 = encT2.encapsulate(); - -- Asserts.assertEQ(enc.key().getEncoded().length, nSecret); -- Asserts.assertEQ(enc.encapsulation().length, nEnc); -+ Asserts.assertEQ(enc.key().getEncoded().length, nSecret); -+ Asserts.assertEQ(enc.encapsulation().length, nEnc); - -- Asserts.assertTrue(Arrays.equals(enc.key().getEncoded(), enc.key().getEncoded())); -- Asserts.assertTrue(Arrays.equals(enc.encapsulation(), enc.encapsulation())); -+ Asserts.assertTrue(Arrays.equals(enc.key().getEncoded(), enc.key().getEncoded())); -+ Asserts.assertTrue(Arrays.equals(enc.encapsulation(), enc.encapsulation())); - -- Asserts.assertFalse(Arrays.equals(enc.key().getEncoded(), enc1.key().getEncoded())); -- Asserts.assertFalse(Arrays.equals(enc.encapsulation(), enc1.encapsulation())); -+ Asserts.assertFalse(Arrays.equals(enc.key().getEncoded(), enc1.key().getEncoded())); -+ Asserts.assertFalse(Arrays.equals(enc.encapsulation(), enc1.encapsulation())); - -- Asserts.assertFalse(Arrays.equals(enc.key().getEncoded(), enc2.key().getEncoded())); -- Asserts.assertFalse(Arrays.equals(enc.encapsulation(), enc2.encapsulation())); -+ Asserts.assertFalse(Arrays.equals(enc.key().getEncoded(), enc2.key().getEncoded())); -+ Asserts.assertFalse(Arrays.equals(enc.encapsulation(), enc2.encapsulation())); - -- SecretKey sk = enc.key(); -- KEM.Decapsulator decT = kem.newDecapsulator(kp.getPrivate()); -- SecretKey dsk = decT.decapsulate(enc.encapsulation()); -- Asserts.assertEQ(decT.providerName(), PROVIDER); -- Asserts.assertTrue(Arrays.equals(sk.getEncoded(), dsk.getEncoded())); -- Asserts.assertTrue(Arrays.equals(sk.getEncoded(), -- decT.decapsulate(enc.encapsulation()).getEncoded())); -- Asserts.assertTrue(Arrays.equals(enc.key().getEncoded(), -- decT.decapsulate(enc.encapsulation()).getEncoded())); -+ SecretKey sk = enc.key(); -+ KEM.Decapsulator decT = kem.newDecapsulator(kp.getPrivate()); -+ SecretKey dsk = decT.decapsulate(enc.encapsulation()); -+ Asserts.assertEQ(decT.providerName(), PROVIDER); -+ Asserts.assertTrue(Arrays.equals(sk.getEncoded(), dsk.getEncoded())); -+ Asserts.assertTrue(Arrays.equals(sk.getEncoded(), -+ decT.decapsulate(enc.encapsulation()).getEncoded())); -+ Asserts.assertTrue(Arrays.equals(enc.key().getEncoded(), -+ decT.decapsulate(enc.encapsulation()).getEncoded())); - -- Asserts.assertEQ(encT.encapsulationSize(), enc.encapsulation().length); -- Asserts.assertEQ(encT.encapsulationSize(), decT.encapsulationSize()); -- Asserts.assertEQ(encT.secretSize(), enc.key().getEncoded().length); -- Asserts.assertEQ(encT.secretSize(), decT.secretSize()); -- Asserts.assertEQ(decT.secretSize(), dsk.getEncoded().length); -- Asserts.assertEQ(decT.secretSize(), -- decT.decapsulate(enc.encapsulation()).getEncoded().length); -- Asserts.assertEQ(decT.decapsulate(enc.encapsulation()).getEncoded().length, -- enc.key().getEncoded().length); -+ Asserts.assertEQ(encT.encapsulationSize(), enc.encapsulation().length); -+ Asserts.assertEQ(encT.encapsulationSize(), decT.encapsulationSize()); -+ Asserts.assertEQ(encT.secretSize(), enc.key().getEncoded().length); -+ Asserts.assertEQ(encT.secretSize(), decT.secretSize()); -+ Asserts.assertEQ(decT.secretSize(), dsk.getEncoded().length); -+ Asserts.assertEQ(decT.secretSize(), -+ decT.decapsulate(enc.encapsulation()).getEncoded().length); -+ Asserts.assertEQ(decT.decapsulate(enc.encapsulation()).getEncoded().length, -+ enc.key().getEncoded().length); - -- KEM.Encapsulated enc3 = encT.encapsulate(0, encT.secretSize(), "AES"); -- KEM.Decapsulator decT1 = kem.newDecapsulator(kp.getPrivate()); -- SecretKey dsk1 = decT1.decapsulate( -- enc3.encapsulation(), 0, decT1.secretSize(), "AES"); -- Asserts.assertTrue(Arrays.equals(dsk1.getEncoded(), enc3.key().getEncoded())); -+ KEM.Encapsulated enc3 = encT.encapsulate(0, encT.secretSize(), "AES"); -+ KEM.Decapsulator decT1 = kem.newDecapsulator(kp.getPrivate()); -+ SecretKey dsk1 = decT1.decapsulate( -+ enc3.encapsulation(), 0, decT1.secretSize(), "AES"); -+ Asserts.assertTrue(Arrays.equals(dsk1.getEncoded(), enc3.key().getEncoded())); - -- try { -- decT.decapsulate(new byte[enc.encapsulation().length]); -- throw new RuntimeException("Shouldn't reach here"); -- } catch (DecapsulateException de) { -- //de.printStackTrace(); -- System.out.println("Expected Failure: mismatched encapsulation"); -- } -+ try { -+ decT.decapsulate(new byte[enc.encapsulation().length]); -+ throw new RuntimeException("Shouldn't reach here"); -+ } catch (DecapsulateException de) { -+ //de.printStackTrace(); -+ System.out.println("Expected Failure: mismatched encapsulation"); -+ } - -- System.out.println("KEM Secret length:" + algo + ":" + curveId -- + ":nSecret:" + nSecret + ":nEnc:" + nEnc); -+ System.out.println("KEM Secret length:" + algo + ":" + curveId -+ + ":nSecret:" + nSecret + ":nEnc:" + nEnc); -+ } - } catch (Exception e) { - throw new RuntimeException(e); - } -@@ -190,6 +192,7 @@ public class KemTest { - private static void testParallelEncapsulator(KEM kem, String algo, String curveId) - throws Exception { - KeyPair kp = keyPair.gen(algo, curveId); -+ if (kp.getPrivate().getClass().getSimpleName().equals("KAEECPrivateKeyImpl")) { return; } - ExecutorService executor = null; - try { - executor = Executors.newFixedThreadPool(THREAD_POOL_SIZE); -@@ -225,6 +228,7 @@ public class KemTest { - private static void testParallelEncapsulate(KEM kem, String algo, String curveId) - throws Exception { - KeyPair kp = keyPair.gen(algo, curveId); -+ if (kp.getPrivate().getClass().getSimpleName().equals("KAEECPrivateKeyImpl")) { return; } - ExecutorService executor = null; - try { - executor = Executors.newFixedThreadPool(THREAD_POOL_SIZE); -@@ -258,6 +262,7 @@ public class KemTest { - private static void testParallelDecapsulator(KEM kem, String algo, String curveId) - throws Exception { - KeyPair kp = keyPair.gen(algo, curveId); -+ if (kp.getPrivate().getClass().getSimpleName().equals("KAEECPrivateKeyImpl")) { return; } - ExecutorService executor = null; - try { - executor = Executors.newFixedThreadPool(THREAD_POOL_SIZE); -@@ -291,6 +296,7 @@ public class KemTest { - private static void testParallelDecapsulate(KEM kem, String algo, String curveId) - throws Exception { - KeyPair kp = keyPair.gen(algo, curveId); -+ if (kp.getPrivate().getClass().getSimpleName().equals("KAEECPrivateKeyImpl")) { return; } - ExecutorService executor = null; - try { - executor = Executors.newFixedThreadPool(THREAD_POOL_SIZE); -diff --git a/test/jdk/org/openeuler/security/openssl/ECDHTest.java b/test/jdk/org/openeuler/security/openssl/ECDHTest.java -index 791fec252..df480dbd6 100644 ---- a/test/jdk/org/openeuler/security/openssl/ECDHTest.java -+++ b/test/jdk/org/openeuler/security/openssl/ECDHTest.java -@@ -21,22 +21,18 @@ - * questions. - */ - -+import org.openeuler.security.openssl.KAEECPrivateKeyImpl; -+import org.openeuler.security.openssl.KAEECPublicKeyImpl; - import org.openeuler.security.openssl.KAEProvider; --import sun.security.ec.ECPrivateKeyImpl; --import sun.security.ec.ECPublicKeyImpl; - - import javax.crypto.KeyAgreement; - import java.math.BigInteger; --import java.security.KeyPair; --import java.security.KeyPairGenerator; --import java.security.Provider; --import java.security.Security; -+import java.security.*; - import java.security.spec.ECFieldFp; - import java.security.spec.ECParameterSpec; - import java.security.spec.ECPoint; - import java.security.spec.EllipticCurve; - import java.util.Arrays; --import java.nio.charset.StandardCharsets; - import java.security.spec.*; - import java.security.KeyFactory; - import java.security.interfaces.ECPrivateKey; -@@ -78,31 +74,30 @@ public class ECDHTest { - - KeyFactory keyFactory = KeyFactory.getInstance("EC"); - ECPrivateKeySpec privateKeySpec = new ECPrivateKeySpec(new BigInteger("20135071615800221517902437867016717688420688735490569283842831828983"), PARAMS); -- ECPrivateKeyImpl ecPrivKey = (ECPrivateKeyImpl)keyFactory.generatePrivate(privateKeySpec); -- -+ ECPrivateKey ecPrivKey = (ECPrivateKey) keyFactory.generatePrivate(privateKeySpec); - ECPoint ecPoint = new ECPoint(new BigInteger("9490267631555585552004372465967099662885480699902812460349461311384"), new BigInteger("1974573604976093871117393045089050409882519645527397292712281520811")); - ECPublicKeySpec publicKeySpec = new ECPublicKeySpec(ecPoint,PARAMS); -- ECPublicKeyImpl ecPublicKey = (ECPublicKeyImpl)keyFactory.generatePublic(publicKeySpec); -- testKeyAgreement(ecPrivKey, ecPublicKey, new byte[]{-88, -65, 43, -84, 26, 43, 46, 106, 20, 39, -76, 30, -71, 72, -102, 120, 108, -92, -86, -14, -96, -42, 93, -40, -43, -25, 15, -62}); -+ ECPublicKey ecPublicKey = (ECPublicKey)keyFactory.generatePublic(publicKeySpec); -+ testKeyAgreement((KAEECPrivateKeyImpl) ecPrivKey, (KAEECPublicKeyImpl) ecPublicKey, new byte[]{-88, -65, 43, -84, 26, 43, 46, 106, 20, 39, -76, 30, -71, 72, -102, 120, 108, -92, -86, -14, -96, -42, 93, -40, -43, -25, 15, -62}); - } - - public static void testKeyPairByParam(ECParameterSpec PARAMS) throws Exception { - keyPairGenerator = KeyPairGenerator.getInstance(algorithm); - keyPairGenerator.initialize(PARAMS); - KeyPair keyPair = keyPairGenerator.generateKeyPair(); -- ECPrivateKeyImpl ecPrivKey = (ECPrivateKeyImpl) keyPair.getPrivate(); -- ECPublicKeyImpl ecPublicKey = (ECPublicKeyImpl) keyPair.getPublic(); -+ PrivateKey ecPriKey = keyPair.getPrivate(); -+ PublicKey ecPublicKey = keyPair.getPublic(); - } - - public static void testKeyPairByKeySize(int keySize) throws Exception { - keyPairGenerator = KeyPairGenerator.getInstance(algorithm); - keyPairGenerator.initialize(keySize); - KeyPair keyPair = keyPairGenerator.generateKeyPair(); -- ECPrivateKeyImpl ecPrivKey = (ECPrivateKeyImpl) keyPair.getPrivate(); -- ECPublicKeyImpl ecPublicKey = (ECPublicKeyImpl) keyPair.getPublic(); -+ PrivateKey ecPriKey = keyPair.getPrivate(); -+ PublicKey ecPublicKey = keyPair.getPublic(); - } - -- public static void testKeyAgreement(ECPrivateKeyImpl ecPrivKey, ECPublicKeyImpl ecPublicKey, byte[] expectRes) throws Exception { -+ public static void testKeyAgreement(KAEECPrivateKeyImpl ecPrivKey, KAEECPublicKeyImpl ecPublicKey, byte[] expectRes) throws Exception { - KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH"); - keyAgreement.init(ecPrivKey); - keyAgreement.doPhase(ecPublicKey, true); -@@ -111,4 +106,4 @@ public class ECDHTest { - throw new RuntimeException("keyagreement failed"); - } - } --} -\ No newline at end of file -+} -diff --git a/test/jdk/org/openeuler/security/openssl/KAEGcmIvLenTest.java b/test/jdk/org/openeuler/security/openssl/KAEGcmIvLenTest.java -new file mode 100644 -index 000000000..444e47264 ---- /dev/null -+++ b/test/jdk/org/openeuler/security/openssl/KAEGcmIvLenTest.java -@@ -0,0 +1,53 @@ -+import org.openeuler.security.openssl.KAEProvider; -+ -+import javax.crypto.Cipher; -+import javax.crypto.spec.GCMParameterSpec; -+import javax.crypto.spec.SecretKeySpec; -+import java.nio.charset.StandardCharsets; -+import java.security.Security; -+import java.util.Arrays; -+ -+/** -+ * @test -+ * @summary Basic test for AES/GCM Iv -+ * @modules jdk.crypto.kaeprovider/org.openeuler.security.openssl -+ * @requires os.arch=="aarch64" -+ * @run main KAEGcmIvLenTest -+ */ -+public class KAEGcmIvLenTest { -+ private static String plainText = "helloworldhellow"; // 16bytes for NoPadding -+ private static String shortPlainText = "helloworld"; // 5 bytes for padding -+ private static SecretKeySpec ks = new SecretKeySpec("AESEncryptionKey".getBytes(StandardCharsets.UTF_8), "AES"); // key has 16 bytes -+ private static int[] ivLens = {12, 16}; -+ public static void main(String[] args) throws Exception { -+ Security.addProvider(new KAEProvider()); -+ for (int ivLen : ivLens) { -+ testGcm(plainText,"AES/GCM/NoPadding", "KAEProvider", "SunJCE", ivLen); -+ testGcm(plainText,"AES/GCM/NoPadding", "SunJCE", "KAEProvider", ivLen); -+ testGcm(shortPlainText,"AES/GCM/NoPadding", "KAEProvider", "SunJCE", ivLen); -+ testGcm(shortPlainText,"AES/GCM/NoPadding", "SunJCE", "KAEProvider", ivLen); -+ } -+ -+ } -+ -+ private static void testGcm(String plainText, String algo, String encryptProvider, String decryptProvider, int ivLen) throws Exception { -+ Cipher enCipher = Cipher.getInstance(algo, encryptProvider); -+ enCipher.init(Cipher.ENCRYPT_MODE, ks, getIv(ivLen)); -+ byte[] cipherText = enCipher.doFinal(plainText.getBytes()); -+ -+ Cipher deCipher = Cipher.getInstance(algo, decryptProvider); -+ deCipher.init(Cipher.DECRYPT_MODE, ks, getIv(ivLen)); -+ byte[] origin = deCipher.doFinal(cipherText); -+ -+ if (!Arrays.equals(plainText.getBytes(), origin)) { -+ throw new RuntimeException("gcm decryption failed, algo = " + algo); -+ } -+ } -+ -+ private static GCMParameterSpec getIv(int ivLen) { -+ if (ivLen == 16) { -+ return new GCMParameterSpec(128, "abcdefghabcdefgh".getBytes(StandardCharsets.UTF_8)); -+ } -+ return new GCMParameterSpec(96, "abcdefghabcd".getBytes(StandardCharsets.UTF_8)); -+ } -+} -diff --git a/test/jdk/org/openeuler/security/openssl/KAETestHelper.java b/test/jdk/org/openeuler/security/openssl/KAETestHelper.java -index 59ad91ddc..27a75290a 100644 ---- a/test/jdk/org/openeuler/security/openssl/KAETestHelper.java -+++ b/test/jdk/org/openeuler/security/openssl/KAETestHelper.java -@@ -67,7 +67,8 @@ class KAETestHelper { - "hmac-sha512", - "rsa", - "dh", -- "ec" -+ "ec", -+ "sm2" - }; - private static final Map ALGORITHM_NAME_MAP = new HashMap<>(); - -diff --git a/test/jdk/org/openeuler/security/openssl/KAEUseEngineTest.java b/test/jdk/org/openeuler/security/openssl/KAEUseEngineTest.java -index a5b9b5386..6a042f5d1 100644 ---- a/test/jdk/org/openeuler/security/openssl/KAEUseEngineTest.java -+++ b/test/jdk/org/openeuler/security/openssl/KAEUseEngineTest.java -@@ -44,7 +44,8 @@ import java.util.Map; - * @run main/othervm -Dkae.log=true -Dkae.rsa.useKaeEngine=true KAEUseEngineTest - * @run main/othervm -Dkae.log=true -Dkae.dh.useKaeEngine=true KAEUseEngineTest - * @run main/othervm -Dkae.log=true -Dkae.ec.useKaeEngine=true KAEUseEngineTest -- * @run main/othervm -Dkae.log=true -Dall.test=enable -Dkae.digest.useKaeEngine=true -Dkae.aes.useKaeEngine=true -Dkae.sm4.useKaeEngine=true -Dkae.hmac.useKaeEngine=true -Dkae.rsa.useKaeEngine=true -Dkae.dh.useKaeEngine=true -Dkae.ec.useKaeEngine=true KAEUseEngineTest -+ * @run main/othervm -Dkae.log=true -Dkae.sm2.useKaeEngine=true KAEUseEngineTest -+ * @run main/othervm -Dkae.log=true -Dall.test=enable -Dkae.digest.useKaeEngine=true -Dkae.aes.useKaeEngine=true -Dkae.sm4.useKaeEngine=true -Dkae.hmac.useKaeEngine=true -Dkae.rsa.useKaeEngine=true -Dkae.dh.useKaeEngine=true -Dkae.ec.useKaeEngine=true -Dkae.sm2.useKaeEngine=true KAEUseEngineTest - * @run main/othervm -Dkae.log=true -Dkae.digest.useKaeEngine=false KAEUseEngineTest - * @run main/othervm -Dkae.log=true -Dkae.aes.useKaeEngine=true KAEUseEngineTest - * @run main/othervm -Dkae.log=true -Dkae.sm4.useKaeEngine=true KAEUseEngineTest -@@ -52,7 +53,8 @@ import java.util.Map; - * @run main/othervm -Dkae.log=true -Dkae.rsa.useKaeEngine=true KAEUseEngineTest - * @run main/othervm -Dkae.log=true -Dkae.dh.useKaeEngine=true KAEUseEngineTest - * @run main/othervm -Dkae.log=true -Dkae.ec.useKaeEngine=true KAEUseEngineTest -- * @run main/othervm -Dkae.log=true -Dall.test=disable -Dkae.digest.useKaeEngine=false -Dkae.aes.useKaeEngine=false -Dkae.sm4.useKaeEngine=false -Dkae.hmac.useKaeEngine=false -Dkae.rsa.useKaeEngine=false -Dkae.dh.useKaeEngine=false -Dkae.ec.useKaeEngine=false KAEUseEngineTest -+ * @run main/othervm -Dkae.log=true -Dkae.sm2.useKaeEngine=true KAEUseEngineTest -+ * @run main/othervm -Dkae.log=true -Dall.test=disable -Dkae.digest.useKaeEngine=false -Dkae.aes.useKaeEngine=false -Dkae.sm4.useKaeEngine=false -Dkae.hmac.useKaeEngine=false -Dkae.rsa.useKaeEngine=false -Dkae.dh.useKaeEngine=false -Dkae.ec.useKaeEngine=false -Dkae.sm2.useKaeEngine=true KAEUseEngineTest - * @run main/othervm -Dkae.log=true -Dall.test=default -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true KAEUseEngineTest - * @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.digest.useKaeEngine=true KAEUseEngineTest - * @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.aes.useKaeEngine=true KAEUseEngineTest -@@ -61,7 +63,8 @@ import java.util.Map; - * @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.rsa.useKaeEngine=true KAEUseEngineTest - * @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.dh.useKaeEngine=true KAEUseEngineTest - * @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.ec.useKaeEngine=true KAEUseEngineTest -- * @run main/othervm -Dkae.log=true -Dall.test=enable -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.digest.useKaeEngine=true -Dkae.aes.useKaeEngine=true -Dkae.sm4.useKaeEngine=true -Dkae.hmac.useKaeEngine=true -Dkae.rsa.useKaeEngine=true -Dkae.dh.useKaeEngine=true -Dkae.ec.useKaeEngine=true KAEUseEngineTest -+ * @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.sm2.useKaeEngine=true KAEUseEngineTest -+ * @run main/othervm -Dkae.log=true -Dall.test=enable -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.digest.useKaeEngine=true -Dkae.aes.useKaeEngine=true -Dkae.sm4.useKaeEngine=true -Dkae.hmac.useKaeEngine=true -Dkae.rsa.useKaeEngine=true -Dkae.dh.useKaeEngine=true -Dkae.ec.useKaeEngine=true -Dkae.sm2.useKaeEngine=true KAEUseEngineTest - * @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.digest.useKaeEngine=false KAEUseEngineTest - * @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.aes.useKaeEngine=true KAEUseEngineTest - * @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.sm4.useKaeEngine=true KAEUseEngineTest -@@ -69,94 +72,100 @@ import java.util.Map; - * @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.rsa.useKaeEngine=true KAEUseEngineTest - * @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.dh.useKaeEngine=true KAEUseEngineTest - * @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.ec.useKaeEngine=true KAEUseEngineTest -- * @run main/othervm -Dkae.log=true -Dall.test=disable -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.digest.useKaeEngine=false -Dkae.aes.useKaeEngine=false -Dkae.sm4.useKaeEngine=false -Dkae.hmac.useKaeEngine=false -Dkae.rsa.useKaeEngine=false -Dkae.dh.useKaeEngine=false -Dkae.ec.useKaeEngine=false KAEUseEngineTest -+ * @run main/othervm -Dkae.log=true -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.sm2.useKaeEngine=true KAEUseEngineTest -+ * @run main/othervm -Dkae.log=true -Dall.test=disable -Dkae.engine.id=uadk_engine -Dkae.libcrypto.useGlobalMode=true -Dkae.digest.useKaeEngine=false -Dkae.aes.useKaeEngine=false -Dkae.sm4.useKaeEngine=false -Dkae.hmac.useKaeEngine=false -Dkae.rsa.useKaeEngine=false -Dkae.dh.useKaeEngine=false -Dkae.ec.useKaeEngine=false -Dkae.sm2.useKaeEngine=false KAEUseEngineTest - */ - public class KAEUseEngineTest { - enum Mode { - DEFAULT(new boolean[]{ - true, false, false, true, false, false, false, false, false, false, - false, false, false, false, false, false, true, true, true, true, -- false, false, false, false, false, false, true, true, false -+ false, false, false, false, false, false, true, true, false, false - }), - DIGEST_ENABLE(new boolean[]{ - true, false, false, true, false, false, false, false, false, false, - false, false, false, false, false, false, true, true, true, true, -- false, false, false, false, false, false, true, true, false -+ false, false, false, false, false, false, true, true, false, false - }, 0, true), - AES_ENABLE(new boolean[]{ - true, false, false, true, true, true, true, true, true, true, - true, true, true, true, true, true, true, true, true, true, -- false, false, false, false, false, false, true, true, false -+ false, false, false, false, false, false, true, true, false, false - }, 1, true), - SM4_ENABLE(new boolean[]{ - true, false, false, true, false, false, false, false, false, false, - false, false, false, false, false, false, true, true, true, true, -- false, false, false, false, false, false, true, true, false -+ false, false, false, false, false, false, true, true, false, false - }, 2, true), - HMAC_ENABLE(new boolean[]{ - true, false, false, true, false, false, false, false, false, false, - false, false, false, false, false, false, true, true, true, true, -- true, true, true, true, true, true, true, true, false -+ true, true, true, true, true, true, true, true, false, false - }, 3, true), - RSA_ENABLE(new boolean[]{ - true, false, false, true, false, false, false, false, false, false, - false, false, false, false, false, false, true, true, true, true, -- false, false, false, false, false, false, true, true, false -+ false, false, false, false, false, false, true, true, false, false - }, 4, true), - DH_ENABLE(new boolean[]{ - true, false, false, true, false, false, false, false, false, false, - false, false, false, false, false, false, true, true, true, true, -- false, false, false, false, false, false, true, true, false -+ false, false, false, false, false, false, true, true, false, false - }, 5, true), - EC_ENABLE(new boolean[]{ - true, false, false, true, false, false, false, false, false, false, - false, false, false, false, false, false, true, true, true, true, -- false, false, false, false, false, false, true, true, false -+ false, false, false, false, false, false, true, true, false, false - }, 6, true), - ALL_ENABLE(new boolean[]{ - true, false, false, true, true, true, true, true, true, true, - true, true, true, true, true, true, true, true, true, true, -- true, true, true, true, true, true, true, true, false -+ true, true, true, true, true, true, true, true, false, false - }, true), - DIGEST_DISABLE(new boolean[]{ - false, false, false, false, false, false, false, false, false, false, - false, false, false, false, false, false, true, true, true, true, -- false, false, false, false, false, false, true, true, false -+ false, false, false, false, false, false, true, true, false, false - }, 0, false), - AES_DISABLE(new boolean[]{ - true, false, false, true, false, false, false, false, false, false, - false, false, false, false, false, false, true, true, true, true, -- false, false, false, false, false, false, true, true, false -+ false, false, false, false, false, false, true, true, false, false - }, 1, false), - SM4_DISABLE(new boolean[]{ - true, false, false, true, false, false, false, false, false, false, - false, false, false, false, false, false, false, false, false, false, -- false, false, false, false, false, false, true, true, false -+ false, false, false, false, false, false, true, true, false, false - }, 2, false), - HMAC_DISABLE(new boolean[]{ - true, false, false, true, false, false, false, false, false, false, - false, false, false, false, false, false, true, true, true, true, -- false, false, false, false, false, false, true, true, false -+ false, false, false, false, false, false, true, true, false, false - }, 3, false), - RSA_DISABLE(new boolean[]{ - true, false, false, true, false, false, false, false, false, false, - false, false, false, false, false, false, true, true, true, true, -- false, false, false, false, false, false, false, true, false -+ false, false, false, false, false, false, false, true, false, false - }, 4, false), - DH_DISABLE(new boolean[]{ - true, false, false, true, false, false, false, false, false, false, - false, false, false, false, false, false, true, true, true, true, -- false, false, false, false, false, false, true, false, false -+ false, false, false, false, false, false, true, false, false, false - }, 5, false), - EC_DISABLE(new boolean[]{ - true, false, false, true, false, false, false, false, false, false, - false, false, false, false, false, false, true, true, true, true, -- false, false, false, false, false, false, true, true, false -+ false, false, false, false, false, false, true, true, false, false - }, 6, false), -+ SM2_DISABLE(new boolean[]{ -+ true, false, false, true, false, false, false, false, false, false, -+ false, false, false, false, false, false, true, true, true, true, -+ false, false, false, false, false, false, true, true, false, false -+ }, 7, false), - ALL_DISABLE(new boolean[]{ - false, false, false, false, false, false, false, false, false, false, - false, false, false, false, false, false, false, false, false, false, -- false, false, false, false, false, false, false, false, false -+ false, false, false, false, false, false, false, false, false, false - }, false); - private final boolean[] expectedResult; - private final Integer propertyNameIndex; -@@ -208,7 +217,8 @@ public class KAEUseEngineTest { - "kae.hmac.useKaeEngine", - "kae.rsa.useKaeEngine", - "kae.dh.useKaeEngine", -- "kae.ec.useKaeEngine" -+ "kae.ec.useKaeEngine", -+ "kae.sm2.useKaeEngine" - }; - - private static final List files = new ArrayList<>(); -@@ -260,4 +270,4 @@ public class KAEUseEngineTest { - "actual:" + Arrays.toString(kaeUseEngineFlags)); - } - } --} -\ No newline at end of file -+} -diff --git a/test/jdk/org/openeuler/security/openssl/KaeProviderTest.java b/test/jdk/org/openeuler/security/openssl/KaeProviderTest.java -index 0f4425b6d..3a50ab526 100644 ---- a/test/jdk/org/openeuler/security/openssl/KaeProviderTest.java -+++ b/test/jdk/org/openeuler/security/openssl/KaeProviderTest.java -@@ -26,10 +26,7 @@ import org.openeuler.security.openssl.KAEProvider; - import javax.crypto.Cipher; - import javax.crypto.Mac; - import javax.crypto.NoSuchPaddingException; --import java.security.KeyPairGenerator; --import java.security.MessageDigest; --import java.security.NoSuchAlgorithmException; --import java.security.Security; -+import java.security.*; - - /** - * @test -@@ -54,7 +51,9 @@ public class KaeProviderTest { - "kae.hmac", - "kae.rsa", - "kae.dh", -- "kae.ec" -+ "kae.ec", -+ "kae.sm2.cipher", -+ "kae.sm2.signature" - }; - - private static final String KAE = "KAEProvider"; -@@ -86,6 +85,7 @@ public class KaeProviderTest { - testRsa(); - testDh(); - testEc(); -+ testSM2(); - } - - public static void testMd5() throws NoSuchAlgorithmException { -@@ -151,6 +151,28 @@ public class KaeProviderTest { - judge("kae.ec",keyPairGenerator.getProvider().getName()); - } - -+ public static void testSM2() throws NoSuchAlgorithmException, NoSuchPaddingException { -+ try { -+ KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("SM2"); -+ judge("kae.sm2.cipher",keyPairGenerator.getProvider().getName()); -+ Cipher cipher = Cipher.getInstance("SM2"); -+ judge("kae.sm2.cipher",cipher.getProvider().getName()); -+ -+ } catch (NoSuchAlgorithmException e) { -+ if(Boolean.parseBoolean(System.getProperty("kae.sm2.cipher"))){ -+ throw e; -+ } -+ } -+ try { -+ Signature signature = Signature.getInstance("SM3WithSM2"); -+ judge("kae.sm2.signature",signature.getProvider().getName()); -+ } catch (NoSuchAlgorithmException e) { -+ if(Boolean.parseBoolean(System.getProperty("kae.sm2.signature"))){ -+ throw e; -+ } -+ } -+ } -+ - private static void judge(String algorithm , String providerName){ - String value = System.getProperty(algorithm); - if (value == null) { -@@ -168,4 +190,4 @@ public class KaeProviderTest { - } - } - } --} -\ No newline at end of file -+} -diff --git a/test/jdk/org/openeuler/security/openssl/SM2Test.java b/test/jdk/org/openeuler/security/openssl/SM2Test.java -new file mode 100644 -index 000000000..c5b272050 ---- /dev/null -+++ b/test/jdk/org/openeuler/security/openssl/SM2Test.java -@@ -0,0 +1,175 @@ -+/* -+ * Copyright (c) 2024, Huawei Technologies Co., Ltd. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+import org.openeuler.security.openssl.KAEProvider; -+ -+import javax.crypto.Cipher; -+import java.security.*; -+import java.security.spec.PKCS8EncodedKeySpec; -+import java.security.spec.X509EncodedKeySpec; -+import java.util.Arrays; -+ -+/** -+ * @test -+ * @summary Basic test for SM2 -+ * @modules jdk.crypto.kaeprovider/org.openeuler.security.openssl -+ * @requires os.arch=="aarch64" -+ * @run main SM2Test -+ */ -+ -+public class SM2Test { -+ private static final byte[] INFO = "SM2 test".getBytes(); -+ private static final byte[] PUBLIC_KEY_BYTES = new byte[]{ -+ 48, 89, 48, 19, 6, 7, 42, -122, 72, -50, 61, 2, 1, 6, 8, 42, -+ -127, 28, -49, 85, 1, -126, 45, 3, 66, 0, 4, 10, -36, -22, -20, 17, -+ 26, 86, -114, -52, -78, 79, -22, 116, -47, -70, -33, 112, 32, -18, 92, -45, -+ -58, 20, 36, -5, 55, 68, -95, -57, -121, 10, 33, -76, 54, 24, -119, -104, -+ 61, -24, -113, 46, -57, 36, -78, -37, -95, -113, -52, -88, -5, 22, -67, 101, -+ 94, 37, 2, -58, 55, -35, 15, -21, 31, -49, -80 -+ }; -+ private static final byte[] PRIVATE_KEY_BYTES = new byte[]{ -+ 48, -127, -109, 2, 1, 0, 48, 19, 6, 7, 42, -122, 72, -50, 61, 2, -+ 1, 6, 8, 42, -127, 28, -49, 85, 1, -126, 45, 4, 121, 48, 119, 2, -+ 1, 1, 4, 32, -104, 71, 54, -41, 24, 66, 82, -45, 114, -113, -121, -105, -+ -35, 35, 9, 49, -8, 119, 44, 118, 80, -20, 47, -38, -69, -47, 121, -8, -+ -73, -33, 4, 54, -96, 10, 6, 8, 42, -127, 28, -49, 85, 1, -126, 45, -+ -95, 68, 3, 66, 0, 4, 10, -36, -22, -20, 17, 26, 86, -114, -52, -78, -+ 79, -22, 116, -47, -70, -33, 112, 32, -18, 92, -45, -58, 20, 36, -5, 55, -+ 68, -95, -57, -121, 10, 33, -76, 54, 24, -119, -104, 61, -24, -113, 46, -57, -+ 36, -78, -37, -95, -113, -52, -88, -5, 22, -67, 101, 94, 37, 2, -58, 55, -+ -35, 15, -21, 31, -49, -80 -+ }; -+ -+ private static final byte[] ENCRYPTED_BYTES = new byte[]{ -+ 48, 113, 2, 33, 0, -91, 51, 29, -122, -26, 120, 43, 27, 115, -57, -98, -+ -124, 114, -30, -83, 69, -69, -38, -54, -38, 127, 90, -89, -40, 114, -9, 99, -+ 111, 121, 55, -81, 109, 2, 32, 6, -103, 108, -59, -11, -108, -7, 116, 34, -+ -8, -29, 58, -43, -109, -121, -66, -62, -82, 92, 117, 100, -28, 63, -103, -32, -+ -81, 10, 4, -46, 114, 49, 34, 4, 32, 18, 66, 110, 22, -3, -101, -122, -+ 46, 21, 25, 29, 35, -82, -119, 38, -10, -19, -30, 69, -100, -118, -105, 116, -+ -105, -65, -110, -24, -42, -17, 84, -66, 82, 4, 8, 7, 14, 4, 64, 95, 31, 87, 93 -+ }; -+ -+ private static PrivateKey privateKey; -+ -+ private static PublicKey publicKey; -+ -+ public static void main(String[] args) throws Exception { -+ init(); -+ testDecryptByPrivateKey(); -+ testEncryptByPublicKey(); -+ testEncryptByPrivateKey(); -+ testSignature(); -+ testWrapAndUnwrap(); -+ } -+ -+ /** -+ * Init private key and public key -+ */ -+ public static void init() throws Exception { -+ Security.insertProviderAt(new KAEProvider(), 1); -+ KeyFactory keyFactory = KeyFactory.getInstance("SM2"); -+ publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(PUBLIC_KEY_BYTES)); -+ privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(PRIVATE_KEY_BYTES)); -+ } -+ -+ /** -+ * Test private key decryption -+ */ -+ public static void testDecryptByPrivateKey() throws Exception { -+ byte[] decryptBytes = decrypt(privateKey, ENCRYPTED_BYTES); -+ if(!Arrays.equals(INFO, decryptBytes)) { -+ throw new RuntimeException("testDecryptByPrivateKey failed"); -+ } -+ } -+ -+ /** -+ * Test public key encryption and private key decryption -+ */ -+ public static void testEncryptByPublicKey() throws Exception { -+ byte[] encryptBytes = encrypt(publicKey, INFO); -+ byte[] decryptBytes = decrypt(privateKey, encryptBytes); -+ if(!Arrays.equals(INFO, decryptBytes)) { -+ throw new RuntimeException("testEncryptByPublicKey failed"); -+ } -+ } -+ -+ /** -+ * Test private key encryption and public key decryption -+ */ -+ public static void testEncryptByPrivateKey() throws Exception { -+ try { -+ encrypt(privateKey, INFO); -+ throw new RuntimeException("testEncryptByPrivateKey failed"); -+ }catch (InvalidKeyException e){ -+ // catch InvalidKeyException is normal -+ } -+ } -+ -+ public static void testSignature() throws Exception { -+ -+ Signature sign = Signature.getInstance("SM3withSM2"); -+ sign.initSign(privateKey); -+ sign.update(INFO); -+ byte[] signInfo = sign.sign(); -+ -+ sign.initVerify(publicKey); -+ sign.update(INFO); -+ if (!sign.verify(signInfo)) { -+ throw new RuntimeException("sm2 testSignature failed."); -+ } -+ } -+ -+ public static void testWrapAndUnwrap() throws Exception { -+ KeyPair keyPair = generateKeyPair(); -+ KeyPair wrapKeyPair = generateKeyPair(); -+ Cipher cipher = Cipher.getInstance("SM2"); -+ cipher.init(Cipher.WRAP_MODE, keyPair.getPublic()); -+ byte[] wrappedKeyBytes = cipher.wrap(wrapKeyPair.getPublic()); -+ cipher.init(Cipher.UNWRAP_MODE, keyPair.getPrivate()); -+ Key unWrappedKey = cipher.unwrap(wrappedKeyBytes, "SM2", Cipher.PUBLIC_KEY); -+ if(!Arrays.equals(wrapKeyPair.getPublic().getEncoded(), unWrappedKey.getEncoded())) { -+ throw new RuntimeException("testWrapAndUnwrap failed"); -+ } -+ } -+ -+ private static KeyPair generateKeyPair() throws Exception { -+ KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("SM2"); -+ return keyPairGenerator.generateKeyPair(); -+ } -+ -+ private static byte[] doCrypt(int opmode, Key key, byte[] input) throws Exception { -+ Cipher cipher = Cipher.getInstance("SM2"); -+ cipher.init(opmode, key); -+ cipher.update(input); -+ return cipher.doFinal(); -+ } -+ -+ private static byte[] encrypt(Key key, byte[] input) throws Exception { -+ return doCrypt(Cipher.ENCRYPT_MODE, key, input); -+ } -+ -+ private static byte[] decrypt(Key key, byte[] input) throws Exception { -+ return doCrypt(Cipher.DECRYPT_MODE, key, input); -+ } -+} -diff --git a/test/jdk/sun/security/jca/PreferredProviderNegativeTest.java b/test/jdk/sun/security/jca/PreferredProviderNegativeTest.java -index 52cfbab4e..1722d1b42 100644 ---- a/test/jdk/sun/security/jca/PreferredProviderNegativeTest.java -+++ b/test/jdk/sun/security/jca/PreferredProviderNegativeTest.java -@@ -111,7 +111,7 @@ public class PreferredProviderNegativeTest { - if (Security.getProperty("security.provider.1").equals("KAEProvider")) { - expected = "KAEProvider"; - } else { -- expected = "SunJCE"; -+ expected = System.getProperty("test.provider.name", "SunJCE"); - } - - if (args.length >= 2) { -diff --git a/test/jdk/sun/security/pkcs11/policy b/test/jdk/sun/security/pkcs11/policy -index 42d22643e..16b41821b 100644 ---- a/test/jdk/sun/security/pkcs11/policy -+++ b/test/jdk/sun/security/pkcs11/policy -@@ -1,5 +1,5 @@ - grant { - permission java.lang.RuntimePermission "setSecurityManager"; -- permission java.util.PropertyPermission "test.provider.name", "read"; - permission java.util.PropertyPermission "kae.disableKaeDispose", "read"; -+ permission java.util.PropertyPermission "test.provider.name", "read"; - }; -diff --git a/test/jdk/sun/security/provider/all/Deterministic.java b/test/jdk/sun/security/provider/all/Deterministic.java -index 2a2f5d888..63b42169d 100644 ---- a/test/jdk/sun/security/provider/all/Deterministic.java -+++ b/test/jdk/sun/security/provider/all/Deterministic.java -@@ -62,6 +62,10 @@ public class Deterministic { - - for (var p : Security.getProviders()) { - var name = p.getName(); -+ if (name.equals("KAEProvider")) { -+ System.out.println("Skip testcase if using KAEProvider"); -+ break; -+ } - if (name.equals("SunMSCAPI") || name.startsWith("SunPKCS11")) { - System.out.println("Skipped native provider " + name); - continue; -diff --git a/test/jdk/sun/security/util/InternalPrivateKey/Correctness.java b/test/jdk/sun/security/util/InternalPrivateKey/Correctness.java -index eb16c6056..550dfd2b9 100644 ---- a/test/jdk/sun/security/util/InternalPrivateKey/Correctness.java -+++ b/test/jdk/sun/security/util/InternalPrivateKey/Correctness.java -@@ -51,14 +51,16 @@ public class Correctness { - PublicKey p1 = kp.getPublic(); - PrivateKey s1 = kp.getPrivate(); - -- if (s1 instanceof InternalPrivateKey ipk) { -- PublicKey p2 = ipk.calculatePublicKey(); -- Asserts.assertTrue(Arrays.equals(p2.getEncoded(), p1.getEncoded())); -- Asserts.assertEQ(p2.getAlgorithm(), p1.getAlgorithm()); -- Asserts.assertEQ(p2.getFormat(), p1.getFormat()); -- } else { -- throw new RuntimeException("Not an InternalPrivateKey: " -- + s1.getClass()); -+ if (!s1.getClass().getSimpleName().equals("KAEECPrivateKeyImpl")){ -+ if (s1 instanceof InternalPrivateKey ipk) { -+ PublicKey p2 = ipk.calculatePublicKey(); -+ Asserts.assertTrue(Arrays.equals(p2.getEncoded(), p1.getEncoded())); -+ Asserts.assertEQ(p2.getAlgorithm(), p1.getAlgorithm()); -+ Asserts.assertEQ(p2.getFormat(), p1.getFormat()); -+ } else { -+ throw new RuntimeException("Not an InternalPrivateKey: " -+ + s1.getClass()); -+ } - } - } - } -diff --git a/test/micro/org/openeuler/bench/security/openssl/SM2CipherBenchmark.java b/test/micro/org/openeuler/bench/security/openssl/SM2CipherBenchmark.java -new file mode 100644 -index 000000000..3935b7a3d ---- /dev/null -+++ b/test/micro/org/openeuler/bench/security/openssl/SM2CipherBenchmark.java -@@ -0,0 +1,117 @@ -+/* -+ * Copyright (c) 2024, Huawei Technologies Co., Ltd. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+package org.openeuler.bench.security.openssl; -+ -+import org.openeuler.security.openssl.KAEProvider; -+import org.openjdk.jmh.annotations.*; -+ -+import java.security.*; -+import java.util.Random; -+import java.util.concurrent.TimeUnit; -+ -+import javax.crypto.BadPaddingException; -+import javax.crypto.Cipher; -+import javax.crypto.IllegalBlockSizeException; -+import javax.crypto.NoSuchPaddingException; -+ -+/** -+ * SM2 Cipher Benchmark -+ */ -+@BenchmarkMode(Mode.Throughput) -+@OutputTimeUnit(TimeUnit.SECONDS) -+@Warmup(iterations = 3, time = 3, timeUnit = TimeUnit.SECONDS) -+@Measurement(iterations = 8, time = 2, timeUnit = TimeUnit.SECONDS) -+@Fork(jvmArgsPrepend = {"-Xms100G", "-Xmx100G", "-XX:+AlwaysPreTouch"}, value = 5) -+@Threads(1) -+@State(Scope.Thread) -+public class SM2CipherBenchmark { -+ public static final int SET_SIZE = 128; -+ byte[][] data; -+ int index = 0; -+ -+ @Param({"SM2"}) -+ private String algorithm; -+ -+ @Param({"" + 1024, "" + 10 * 1024, "" + 100 * 1024, "" + 1024 * 1024}) -+ private int dataSize; -+ -+ @Param({"KAEProvider"}) -+ private String provider; -+ -+ public Provider prov = null; -+ -+ private KeyPair keyPair; -+ -+ private byte[][] encryptedData; -+ private Cipher encryptCipher; -+ private Cipher decryptCipher; -+ -+ @Setup -+ public void setup() throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, -+ IllegalBlockSizeException, BadPaddingException { -+ Security.addProvider(new KAEProvider()); -+ prov = Security.getProvider(provider); -+ -+ KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("SM2"); -+ keyPair = keyPairGenerator.generateKeyPair(); -+ -+ encryptCipher = (prov == null) ? Cipher.getInstance(algorithm) : Cipher.getInstance(algorithm, prov); -+ encryptCipher.init(Cipher.ENCRYPT_MODE, keyPair.getPublic()); -+ decryptCipher = (prov == null) ? Cipher.getInstance(algorithm) : Cipher.getInstance(algorithm, prov); -+ decryptCipher.init(Cipher.DECRYPT_MODE, keyPair.getPrivate()); -+ -+ data = fillRandom(new byte[SET_SIZE][dataSize]); -+ encryptedData = fillEncrypted(data, encryptCipher); -+ } -+ -+ @Benchmark -+ public byte[] encrypt() throws IllegalBlockSizeException, BadPaddingException { -+ byte[] d = data[index]; -+ index = (index + 1) % SET_SIZE; -+ return encryptCipher.doFinal(d); -+ } -+ -+ @Benchmark -+ public byte[] decrypt() throws IllegalBlockSizeException, BadPaddingException { -+ byte[] e = encryptedData[index]; -+ index = (index + 1) % SET_SIZE; -+ return decryptCipher.doFinal(e); -+ } -+ public static byte[][] fillRandom(byte[][] data) { -+ Random rnd = new Random(); -+ for (byte[] d : data) { -+ rnd.nextBytes(d); -+ } -+ return data; -+ } -+ -+ public static byte[][] fillEncrypted(byte[][] data, Cipher encryptCipher) -+ throws IllegalBlockSizeException, BadPaddingException { -+ byte[][] encryptedData = new byte[data.length][]; -+ for (int i = 0; i < encryptedData.length; i++) { -+ encryptedData[i] = encryptCipher.doFinal(data[i]); -+ } -+ return encryptedData; -+ } -+} -+ -diff --git a/test/micro/org/openeuler/bench/security/openssl/SM2SignatureBenchmark.java b/test/micro/org/openeuler/bench/security/openssl/SM2SignatureBenchmark.java -new file mode 100644 -index 000000000..70a7bcc10 ---- /dev/null -+++ b/test/micro/org/openeuler/bench/security/openssl/SM2SignatureBenchmark.java -@@ -0,0 +1,104 @@ -+/* -+ * Copyright (c) 2024, Huawei Technologies Co., Ltd. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+package org.openeuler.bench.security.openssl; -+ -+import org.openeuler.security.openssl.KAEProvider; -+import org.openjdk.jmh.annotations.*; -+ -+import java.security.*; -+import java.util.concurrent.TimeUnit; -+ -+/** -+ * SM2 Signature Benchmark -+ */ -+@BenchmarkMode(Mode.Throughput) -+@OutputTimeUnit(TimeUnit.SECONDS) -+@Warmup(iterations = 3, time = 3, timeUnit = TimeUnit.SECONDS) -+@Measurement(iterations = 8, time = 2, timeUnit = TimeUnit.SECONDS) -+@Fork(jvmArgsPrepend = {"-Xms100G", "-Xmx100G", "-XX:+AlwaysPreTouch"}, value = 5) -+@Threads(1) -+@State(Scope.Thread) -+public class SM2SignatureBenchmark { -+ public static final int SET_SIZE = 128; -+ byte[][] data; -+ int index = 0; -+ -+ @Param({"SM3withSM2"}) -+ private String algorithm; -+ -+ @Param({"" + 1024, "" + 10 * 1024, "" + 100 * 1024, "" + 256 * 1024, "" + 1024 * 1024, "" + 10 * 1024 * 1024}) -+ private int dataSize; -+ -+ @Param({"KAEProvider"}) -+ private String provider; -+ -+ public Provider prov = null; -+ -+ private KeyPair keyPair; -+ -+ private byte[][] sigData; -+ -+ @Setup -+ public void setup() throws Exception { -+ Security.addProvider(new KAEProvider()); -+ prov = Security.getProvider(provider); -+ -+ KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("SM2"); -+ keyPair = keyPairGenerator.generateKeyPair(); -+ -+ data = new byte[SET_SIZE][dataSize]; -+ sigData = getSigBytes(data); -+ } -+ -+ private byte[][] getSigBytes(byte[][] data) throws Exception { -+ byte[][] sigBytes = new byte[data.length][]; -+ Signature signature = prov != null ? Signature.getInstance(algorithm, prov) : -+ Signature.getInstance(algorithm); -+ signature.initSign(keyPair.getPrivate()); -+ for (int i = 0; i < sigBytes.length; i++) { -+ signature.update(data[i]); -+ sigBytes[i] = signature.sign(); -+ } -+ return sigBytes; -+ } -+ -+ @Benchmark -+ public void sign() throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { -+ Signature signature = prov != null ? Signature.getInstance(algorithm, prov) : -+ Signature.getInstance(algorithm); -+ signature.initSign(keyPair.getPrivate()); -+ signature.update(data[index]); -+ signature.sign(); -+ index = (index + 1) % SET_SIZE; -+ } -+ -+ @Benchmark -+ public void verify() throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { -+ Signature signature = prov != null ? Signature.getInstance(algorithm, prov) : -+ Signature.getInstance(algorithm); -+ signature.initVerify(keyPair.getPublic()); -+ signature.update(data[index]); -+ signature.verify(sigData[index]); -+ index = (index + 1) % SET_SIZE; -+ } -+} --- -2.47.0.windows.2 - diff --git a/openjdk-21.spec b/openjdk-21.spec index 5f6e6d4997cc545704b720c3ce53512779bae0e6..c1d3f08663ac19e532640f7245bf46db5e3179ba 100644 --- a/openjdk-21.spec +++ b/openjdk-21.spec @@ -560,6 +560,9 @@ exit 0 %ifarch %{svml_arches} %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libjsvml.so %endif +%ifarch %{aarch64} +%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libj2kae.so +%endif %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsyslookup.so %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libverify.so %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libzip.so @@ -596,6 +599,9 @@ exit 0 %{etcjavadir -- %{?1}}/conf/security/policy/README.txt %config(noreplace) %{etcjavadir -- %{?1}}/conf/security/java.policy %config(noreplace) %{etcjavadir -- %{?1}}/conf/security/java.security +%ifarch %{aarch64} +%config(noreplace) %{etcjavadir -- %{?1}}/conf/kaeprovider.conf +%endif %config(noreplace) %{etcjavadir -- %{?1}}/conf/logging.properties %config(noreplace) %{etcjavadir -- %{?1}}/conf/security/nss.cfg %config(noreplace) %{etcjavadir -- %{?1}}/conf/management/jmxremote.access @@ -899,7 +905,7 @@ Name: java-21-%{origin} Version: %{newjavaver}.%{buildver} # This package needs `.rolling` as part of Release so as to not conflict on install with # java-X-openjdk. I.e. when latest rolling release is also an LTS release packaged as -Release: 2 +Release: 3 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons # and this change was brought into RHEL-4. java-1.5.0-ibm packages @@ -1026,7 +1032,6 @@ Patch82: huawei-Add-Hashmap-frontCache-opt.patch Patch83: huawei-1-add-port-jbolt-feature.patch Patch84: huawei-heap-dump-redact-support.patch Patch85: huawei-Adapt-to-clang-build-toolchain.patch -Patch86: huawei-Add-KAE-SM2.patch #21.0.7 Patch87: huawei-fix-build-fail-realpath.patch @@ -1080,6 +1085,7 @@ BuildRequires: nss-devel BuildRequires: pkgconfig BuildRequires: xorg-x11-proto-devel BuildRequires: zip +BuildRequires: openssl-devel BuildRequires: javapackages-filesystem BuildRequires: java-21-openjdk-devel # Zero-assembler build requirement @@ -1328,7 +1334,6 @@ pushd %{top_level_dir_name} %patch83 -p1 %patch84 -p1 %patch85 -p1 -%patch86 -p1 %patch87 -p1 %patch88 -p1 popd # openjdk @@ -1467,6 +1472,9 @@ bash ../configure \ %ifarch %{ppc64le} --with-jobs=1 \ %endif +%ifarch %{aarch64} + --enable-kae=yes \ +%endif %if "%toolchain" == "clang" --with-toolchain-type=clang \ %endif @@ -1901,6 +1909,9 @@ cjc.mainProgram(args) -- the returns from copy_jdk_configs.lua should not affect %changelog +* Fri May 9 2025 wulongyao - 1:21.0.7.6-3 +- delete huawei-Add-KAE-SM2.patch and enable kae + * Wed Apr 30 2025 songliyang - 1:21.0.7.6-2 - update LoongArch64 port to 21.0.7 - fix changelog date error