[jss/f13/master] - Bugzilla Bug # 638833 - rfe ecc - add ec curve name support in JSS and CS - Bugzilla Bug # 529945
kwright
kwright at fedoraproject.org
Tue Nov 2 20:58:54 UTC 2010
commit e3b0d9d6fb4e0d276150be65fc1065ccf00ff22a
Author: Kevin Wright <kwright at redhat.com>
Date: Tue Nov 2 13:58:48 2010 -0700
- Bugzilla Bug # 638833 - rfe ecc - add ec curve name support in JSS and CS
- Bugzilla Bug # 529945 - expose NSS calls for OCSP settings
.gitignore | 1 +
jss-ECC_keygen_byCurveName.patch | 490 ++++++++++++++++++++++++++++++++++++++
jss-ocspSettings.patch | 106 ++++++++
jss.spec | 11 +-
4 files changed, 607 insertions(+), 1 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 41eb57a..3dc4274 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
jss-4.2.6.tar.gz
+/jss-4.2.6.tar.gz
diff --git a/jss-ECC_keygen_byCurveName.patch b/jss-ECC_keygen_byCurveName.patch
new file mode 100644
index 0000000..0617183
--- /dev/null
+++ b/jss-ECC_keygen_byCurveName.patch
@@ -0,0 +1,490 @@
+diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java.fix jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java
+--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java.fix 2010-10-20 09:54:35.189680000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGenerator.java 2010-10-20 10:54:53.154835000 -0700
+@@ -196,7 +196,10 @@ public class KeyPairGenerator {
+ engine.setKeyPairUsages(usages,usages_mask);
+ }
+
+-
++ public int getCurveCodeByName(String curveName)
++ throws InvalidParameterException {
++ return engine.getCurveCodeByName(curveName);
++ }
+
+
+
+diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java.fix jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java
+--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java.fix 2010-10-20 09:54:52.393628000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairGeneratorSpi.java 2010-10-20 10:55:39.441698000 -0700
+@@ -94,4 +94,6 @@ public abstract class KeyPairGeneratorSp
+
+ public abstract void setKeyPairUsages(KeyPairGeneratorSpi.Usage[] usages,
+ KeyPairGeneratorSpi.Usage[] usages_mask);
++
++ public abstract int getCurveCodeByName(String curveName) throws InvalidParameterException;
+ }
+diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java.fix jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java
+--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java.fix 2010-10-15 10:30:57.832196000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java 2010-10-20 11:09:30.523208000 -0700
+@@ -44,6 +44,7 @@ import java.security.*;
+ import java.security.SecureRandom;
+ import java.security.spec.AlgorithmParameterSpec;
+ import java.security.spec.DSAParameterSpec;
++import java.util.Hashtable;
+
+
+ /**
+@@ -55,6 +56,246 @@ public final class PK11KeyPairGenerator
+ extends org.mozilla.jss.crypto.KeyPairGeneratorSpi
+ {
+
++ // curve code for getting the actual EC curve
++ private enum ECCurve_Code {
++ // NIST, SEC2 Prime curves
++ secp521r1 , // == nistp521
++ nistp521 ,
++ secp384r1 , // == nistp384
++ nistp384 ,
++ secp256r1 , // == nistp256
++ nistp256 ,
++ secp256k1 ,
++ secp224r1 , // == nistp224
++ nistp224 ,
++ secp224k1 ,
++ secp192r1 , // == nistp192
++ nistp192 ,
++ secp192k1 ,
++ secp160r2 ,
++ secp160r1 ,
++ secp160k1 ,
++ secp128r2 ,
++ secp128r1 ,
++ secp112r2 ,
++ secp112r1 ,
++ // NIST, SEC2 Binary curves
++ sect571r1 , // == nistb571
++ nistb571 ,
++ sect571k1 , // == nistk571
++ nistk571 ,
++ sect409r1 , // == nistb409
++ nistb409 ,
++ sect409k1 , // == nistk409
++ nistk409 ,
++ sect283r1 , // == nistb283
++ nistb283 ,
++ sect283k1 , // == nistk283
++ nistk283 ,
++ sect239k1 ,
++ sect233r1 , // == nistb233
++ nistb233 ,
++ sect233k1 , // == nistk233
++ nistk233 ,
++ sect193r2 ,
++ sect193r1 ,
++ nistb163 ,
++ sect163r2 , // == nistb163
++ sect163r1 ,
++ sect163k1 , // == nistk163
++ nistk163 ,
++ sect131r2 ,
++ sect131r1 ,
++ sect113r2 ,
++ sect113r1 ,
++ // ANSI X9.62 Prime curves
++ prime239v3 ,
++ prime239v2 ,
++ prime239v1 ,
++ prime192v3 ,
++ prime192v2 ,
++ prime192v1 , // == nistp192
++ // prime256v1 == nistp256
++ // ANSI X9.62 Binary curves
++ c2pnb163v1 ,
++ c2pnb163v2 ,
++ c2pnb163v3 ,
++ c2pnb176v1 ,
++ c2tnb191v1 ,
++ c2tnb191v2 ,
++ c2tnb191v3 ,
++ //c2onb191v4 ,
++ //c2onb191v5 ,
++ c2pnb208w1 ,
++ c2tnb239v1 ,
++ c2tnb239v2 ,
++ c2tnb239v3 ,
++ //c2onb239v4 ,
++ //c2onb239v5 ,
++ c2pnb272w1 ,
++ c2pnb304w1 ,
++ c2tnb359v1 ,
++ c2pnb368w1 ,
++ c2tnb431r1
++ // no WTLS curves fo now
++ };
++
++ private static Hashtable ECCurve_NameToCode = new Hashtable();
++ static {
++ // NIST, SEC2 Prime curves
++ ECCurve_NameToCode.put(
++ "secp521r1", ECCurve_Code.secp521r1);
++ ECCurve_NameToCode.put(
++ "nistp521", ECCurve_Code.nistp521);
++ ECCurve_NameToCode.put(
++ "secp384r1", ECCurve_Code.secp384r1);
++ ECCurve_NameToCode.put(
++ "nistp384", ECCurve_Code.nistp384);
++ ECCurve_NameToCode.put(
++ "secp256r1", ECCurve_Code.secp256r1);
++ ECCurve_NameToCode.put(
++ "nistp256", ECCurve_Code.nistp256);
++ ECCurve_NameToCode.put(
++ "secp256k1", ECCurve_Code.secp256k1);
++ ECCurve_NameToCode.put(
++ "secp224r1", ECCurve_Code.secp224r1);
++ ECCurve_NameToCode.put(
++ "nistp224", ECCurve_Code.nistp224);
++ ECCurve_NameToCode.put(
++ "secp224k1", ECCurve_Code.secp224k1);
++ ECCurve_NameToCode.put(
++ "secp192r1", ECCurve_Code.secp192r1);
++ ECCurve_NameToCode.put(
++ "nistp192", ECCurve_Code.nistp192);
++ ECCurve_NameToCode.put(
++ "secp192k1", ECCurve_Code.secp192k1);
++ ECCurve_NameToCode.put(
++ "secp160r2", ECCurve_Code.secp160r2);
++ ECCurve_NameToCode.put(
++ "secp160r1", ECCurve_Code.secp160r1);
++ ECCurve_NameToCode.put(
++ "secp160k1", ECCurve_Code.secp160k1);
++ ECCurve_NameToCode.put(
++ "secp128r2", ECCurve_Code.secp128r2);
++ ECCurve_NameToCode.put(
++ "secp128r1", ECCurve_Code.secp128r1);
++ ECCurve_NameToCode.put(
++ "secp112r2", ECCurve_Code.secp112r2);
++ ECCurve_NameToCode.put(
++ "secp112r1", ECCurve_Code.secp112r1);
++ // NIST, SEC2 Binary curves
++ ECCurve_NameToCode.put(
++ "sect571r1", ECCurve_Code.sect571r1);
++ ECCurve_NameToCode.put(
++ "nistb571", ECCurve_Code.nistb571);
++ ECCurve_NameToCode.put(
++ "sect571k1", ECCurve_Code.sect571k1);
++ ECCurve_NameToCode.put(
++ "nistk571", ECCurve_Code.nistk571);
++ ECCurve_NameToCode.put(
++ "sect409r1", ECCurve_Code.sect409r1);
++ ECCurve_NameToCode.put(
++ "nistb409", ECCurve_Code.nistb409);
++ ECCurve_NameToCode.put(
++ "sect409k1", ECCurve_Code.sect409k1);
++ ECCurve_NameToCode.put(
++ "nistk409", ECCurve_Code.nistk409);
++ ECCurve_NameToCode.put(
++ "sect283r1", ECCurve_Code.sect283r1);
++ ECCurve_NameToCode.put(
++ "nistb283", ECCurve_Code.nistb283);
++ ECCurve_NameToCode.put(
++ "sect283k1", ECCurve_Code.sect283k1);
++ ECCurve_NameToCode.put(
++ "nistk283", ECCurve_Code.nistk283);
++ ECCurve_NameToCode.put(
++ "sect239k1", ECCurve_Code.sect239k1);
++ ECCurve_NameToCode.put(
++ "sect233r1", ECCurve_Code.sect233r1);
++ ECCurve_NameToCode.put(
++ "nistb233", ECCurve_Code.nistb233);
++ ECCurve_NameToCode.put(
++ "sect233k1", ECCurve_Code.sect233k1);
++ ECCurve_NameToCode.put(
++ "nistk233", ECCurve_Code.nistk233);
++ ECCurve_NameToCode.put(
++ "sect193r2", ECCurve_Code.sect193r2);
++ ECCurve_NameToCode.put(
++ "sect193r1", ECCurve_Code.sect193r1);
++ ECCurve_NameToCode.put(
++ "nistb163", ECCurve_Code.nistb163);
++ ECCurve_NameToCode.put(
++ "sect163r2", ECCurve_Code.sect163r2);
++ ECCurve_NameToCode.put(
++ "sect163r1", ECCurve_Code.sect163r1);
++ ECCurve_NameToCode.put(
++ "sect163k1", ECCurve_Code.sect163k1);
++ ECCurve_NameToCode.put(
++ "nistk163", ECCurve_Code.nistk163);
++ ECCurve_NameToCode.put(
++ "sect131r2", ECCurve_Code.sect131r2);
++ ECCurve_NameToCode.put(
++ "sect131r1", ECCurve_Code.sect131r1);
++ ECCurve_NameToCode.put(
++ "sect113r2", ECCurve_Code.sect113r2);
++ ECCurve_NameToCode.put(
++ "sect113r1", ECCurve_Code.sect113r1);
++ // ANSI Prime curves
++ ECCurve_NameToCode.put(
++ "prime239v3", ECCurve_Code.prime239v3);
++ ECCurve_NameToCode.put(
++ "prime239v2", ECCurve_Code.prime239v2);
++ ECCurve_NameToCode.put(
++ "prime239v1", ECCurve_Code.prime239v1);
++ ECCurve_NameToCode.put(
++ "prime192v3", ECCurve_Code.prime192v3);
++ ECCurve_NameToCode.put(
++ "prime192v2", ECCurve_Code.prime192v2);
++ ECCurve_NameToCode.put(
++ "prime192v1", ECCurve_Code.prime192v1);
++ // ANSI Binary curves
++ ECCurve_NameToCode.put(
++ "c2pnb163v1", ECCurve_Code.c2pnb163v1);
++ ECCurve_NameToCode.put(
++ "c2pnb163v2", ECCurve_Code.c2pnb163v2);
++ ECCurve_NameToCode.put(
++ "c2pnb163v3", ECCurve_Code.c2pnb163v3);
++ ECCurve_NameToCode.put(
++ "c2pnb176v1", ECCurve_Code.c2pnb176v1);
++ ECCurve_NameToCode.put(
++ "c2tnb191v1", ECCurve_Code.c2tnb191v1);
++ ECCurve_NameToCode.put(
++ "c2tnb191v2", ECCurve_Code.c2tnb191v2);
++ ECCurve_NameToCode.put(
++ "c2tnb191v3", ECCurve_Code.c2tnb191v3);
++ //ECCurve_NameToCode.put(
++ // "c2onb191v4", ECCurve_Code.c2onb191v4);
++ //ECCurve_NameToCode.put(
++ // "c2onb191v5", ECCurve_Code.c2onb191v5);
++ ECCurve_NameToCode.put(
++ "c2pnb208w1", ECCurve_Code.c2pnb208w1);
++ ECCurve_NameToCode.put(
++ "c2tnb239v1", ECCurve_Code.c2tnb239v1);
++ ECCurve_NameToCode.put(
++ "c2tnb239v2", ECCurve_Code.c2tnb239v2);
++ ECCurve_NameToCode.put(
++ "c2tnb239v3", ECCurve_Code.c2tnb239v3);
++ //ECCurve_NameToCode.put(
++ // "c2onb239v4", ECCurve_Code.c2onb239v4);
++ //ECCurve_NameToCode.put(
++ // "c2onb239v5", ECCurve_Code.c2onb239v5);
++ ECCurve_NameToCode.put(
++ "c2pnb272w1", ECCurve_Code.c2pnb272w1);
++ ECCurve_NameToCode.put(
++ "c2pnb304w1", ECCurve_Code.c2pnb304w1);
++ ECCurve_NameToCode.put(
++ "c2tnb359v1", ECCurve_Code.c2tnb359v1);
++ ECCurve_NameToCode.put(
++ "c2pnb368w1", ECCurve_Code.c2pnb368w1);
++ ECCurve_NameToCode.put(
++ "c2tnb431r1", ECCurve_Code.c2tnb431r1);
++ }
++
+ // opFlag constants: each of these flags specifies a crypto operation
+ // the key will support. Their values must match the same-named C
+ // preprocessor macros defined in the PKCS #11 header pkcs11t.h.
+@@ -165,7 +406,15 @@ public final class PK11KeyPairGenerator
+ }
+ } else {
+ Assert._assert( algorithm == KeyPairAlgorithm.EC );
+- params = getCurve(strength);
++ if (strength < 112) {
++ // for EC, "strength" is actually a code for curves defined in
++ // ECCurve_Code
++ params = getECCurve(strength);
++ } else {
++ // this is the old method of strength to curve mapping,
++ // which is somewhat defective
++ params = getCurve(strength);
++ }
+ }
+ }
+
+@@ -642,6 +891,189 @@ public final class PK11KeyPairGenerator
+ static final OBJECT_IDENTIFIER CURVE_SECG_T571R1
+ = SECG_EC_CURVE.subBranch(39);
+
++ // the EC curvecode to oid hash table
++ private static Hashtable mECCurve_CodeToCurve = new Hashtable();
++ static {
++ // SEG Prime curves
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp521r1.ordinal(), (Object) CURVE_SECG_P521R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistp521.ordinal(), (Object) CURVE_SECG_P521R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp384r1.ordinal(), (Object) CURVE_SECG_P384R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistp384.ordinal(), (Object) CURVE_SECG_P384R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp256r1.ordinal(), (Object) CURVE_ANSI_P256V1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistp256.ordinal(), (Object) CURVE_ANSI_P256V1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp256k1.ordinal(), (Object) CURVE_SECG_P256K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp224r1.ordinal(), (Object) CURVE_SECG_P224R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistp224.ordinal(), (Object) CURVE_SECG_P224R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp224k1.ordinal(), (Object) CURVE_SECG_P224K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp192r1.ordinal(), (Object) CURVE_ANSI_P192V1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistp192.ordinal(), (Object) CURVE_ANSI_P192V1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp192k1.ordinal(), (Object) CURVE_SECG_P192K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp160r2.ordinal(), (Object) CURVE_SECG_P160R2);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp160r1.ordinal(), (Object) CURVE_SECG_P160R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp160k1.ordinal(), (Object) CURVE_SECG_P160K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp128r2.ordinal(), (Object) CURVE_SECG_P128R2);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp128r1.ordinal(), (Object) CURVE_SECG_P128R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp112r2.ordinal(), (Object) CURVE_SECG_P112R2);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.secp112r1.ordinal(), (Object) CURVE_SECG_P112R1);
++ // SEG Binary curves
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect571r1.ordinal(), (Object) CURVE_SECG_T571R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistb571.ordinal(), (Object) CURVE_SECG_T571R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect571k1.ordinal(), (Object) CURVE_SECG_T571K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistk571.ordinal(), (Object) CURVE_SECG_T571K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect409r1.ordinal(), (Object) CURVE_SECG_T409R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistb409.ordinal(), (Object) CURVE_SECG_T409R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect409k1.ordinal(), (Object) CURVE_SECG_T409K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistk409.ordinal(), (Object) CURVE_SECG_T409K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect283r1.ordinal(), (Object) CURVE_SECG_T283R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistb283.ordinal(), (Object) CURVE_SECG_T283R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect283k1.ordinal(), (Object) CURVE_SECG_T283K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistk283.ordinal(), (Object) CURVE_SECG_T283K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect239k1.ordinal(), (Object) CURVE_SECG_T239K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect233r1.ordinal(), (Object) CURVE_SECG_T233R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistb233.ordinal(), (Object) CURVE_SECG_T233R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect233k1.ordinal(), (Object) CURVE_SECG_T233K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistk233.ordinal(), (Object) CURVE_SECG_T233K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect193r2.ordinal(), (Object) CURVE_SECG_T193R2);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect193r1.ordinal(), (Object) CURVE_SECG_T193R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistb163.ordinal(), (Object) CURVE_SECG_T163K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect163r2.ordinal(), (Object) CURVE_SECG_T163R2);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect163r1.ordinal(), (Object) CURVE_SECG_T163R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect163k1.ordinal(), (Object) CURVE_SECG_T163K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.nistk163.ordinal(), (Object) CURVE_SECG_T163K1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect131r2.ordinal(), (Object) CURVE_SECG_T131R2);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect131r1.ordinal(), (Object) CURVE_SECG_T131R1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect113r2.ordinal(), (Object) CURVE_SECG_T113R2);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.sect113r1.ordinal(), (Object) CURVE_SECG_T113R1);
++ // ANSI Prime curves
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.prime239v3.ordinal(), (Object) CURVE_ANSI_P239V3);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.prime239v2.ordinal(), (Object) CURVE_ANSI_P239V2);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.prime239v1.ordinal(), (Object) CURVE_ANSI_P239V1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.prime192v3.ordinal(), (Object) CURVE_ANSI_P192V3);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.prime192v2.ordinal(), (Object) CURVE_ANSI_P192V2);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.prime192v1.ordinal(), (Object) CURVE_ANSI_P192V1);
++ // ANSI Binary curves
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2pnb163v1.ordinal(), (Object) CURVE_ANSI_PNB163V1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2pnb163v2.ordinal(), (Object) CURVE_ANSI_PNB163V2);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2pnb163v3.ordinal(), (Object) CURVE_ANSI_PNB163V3);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2pnb176v1.ordinal(), (Object) CURVE_ANSI_PNB176V1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2tnb191v1.ordinal(), (Object) CURVE_ANSI_TNB191V1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2tnb191v2.ordinal(), (Object) CURVE_ANSI_TNB191V2);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2tnb191v3.ordinal(), (Object) CURVE_ANSI_TNB191V3);
++ //mECCurve_CodeToCurve.put(
++ // ECCurve_Code.c2onb191v4.ordinal(), (Object) CURVE_ANSI_ONB191V4);
++ //mECCurve_CodeToCurve.put(
++ // ECCurve_Code.c2onb191v5.ordinal(), (Object) CURVE_ANSI_ONB191V5);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2pnb208w1.ordinal(), (Object) CURVE_ANSI_PNB208W1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2tnb239v1.ordinal(), (Object) CURVE_ANSI_TNB239V1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2tnb239v2.ordinal(), (Object) CURVE_ANSI_TNB239V2);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2tnb239v3.ordinal(), (Object) CURVE_ANSI_TNB239V3);
++ //mECCurve_CodeToCurve.put(
++ // ECCurve_Code.c2onb239v4.ordinal(), (Object) CURVE_ANSI_ONB239V4);
++ //mECCurve_CodeToCurve.put(
++ // ECCurve_Code.c2onb239v5.ordinal(), (Object) CURVE_ANSI_ONB239V5);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2pnb272w1.ordinal(), (Object) CURVE_ANSI_PNB272W1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2pnb304w1.ordinal(), (Object) CURVE_ANSI_PNB304W1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2tnb359v1.ordinal(), (Object) CURVE_ANSI_TNB359V1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2pnb368w1.ordinal(), (Object) CURVE_ANSI_PNB368W1);
++ mECCurve_CodeToCurve.put(
++ ECCurve_Code.c2tnb431r1.ordinal(), (Object) CURVE_ANSI_TNB431R1);
++ }
++
++ public int getCurveCodeByName(String curveName)
++ throws InvalidParameterException {
++ if (curveName == null)
++ throw new InvalidParameterException();
++ ECCurve_Code c = (ECCurve_Code) ECCurve_NameToCode.get(curveName);
++ if (c == null)
++ throw new InvalidParameterException(curveName);
++ return c.ordinal();
++ }
++
++ /*
++ * getECCurve
++ * maps curvecode to the actual oid of the curve and
++ * returns the PK11ParameterSpec
++ */
++ private AlgorithmParameterSpec getECCurve(int curvecode)
++ throws InvalidParameterException
++ {
++ OBJECT_IDENTIFIER oid;
++
++ oid = (OBJECT_IDENTIFIER) mECCurve_CodeToCurve.get(curvecode);
++ if (oid == null)
++ throw new IllegalArgumentException("curvecode ="+curvecode);
++ return new PK11ParameterSpec(ASN1Util.encode(oid));
++ }
++
+ private AlgorithmParameterSpec getCurve(int strength)
+ throws InvalidParameterException
+ {
diff --git a/jss-ocspSettings.patch b/jss-ocspSettings.patch
new file mode 100644
index 0000000..c9ac226
--- /dev/null
+++ b/jss-ocspSettings.patch
@@ -0,0 +1,106 @@
+diff -up jss-4.2.6/mozilla/security/jss/lib/jss.def.orig jss-4.2.6/mozilla/security/jss/lib/jss.def
+--- jss-4.2.6/mozilla/security/jss/lib/jss.def.orig 2009-11-04 14:26:26.000000000 -0800
++++ jss-4.2.6/mozilla/security/jss/lib/jss.def 2009-11-04 14:11:05.000000000 -0800
+@@ -329,6 +329,8 @@ Java_org_mozilla_jss_pkcs11_PK11Token_ne
+ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateECKeyPairWithOpFlags;
+ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPairWithOpFlags;
+ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPairWithOpFlags;
++Java_org_mozilla_jss_CryptoManager_OCSPCacheSettingsNative;
++Java_org_mozilla_jss_CryptoManager_setOCSPTimeoutNative;
+ ;+ local:
+ ;+ *;
+ ;+};
+diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c.orig jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c
+--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c.orig 2009-11-04 14:20:43.000000000 -0800
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c 2009-11-05 10:48:32.590000000 -0800
+@@ -976,3 +976,45 @@ Java_org_mozilla_jss_CryptoManager_confi
+ }
+ }
+
++
++/**********************************************************************
++* OCSPCacheSettingsNative
++*
++* Allows configuration of the OCSP responder cache during runtime.
++*/
++JNIEXPORT void JNICALL
++Java_org_mozilla_jss_CryptoManager_OCSPCacheSettingsNative(
++ JNIEnv *env, jobject this,
++ jint ocsp_cache_size,
++ jint ocsp_min_cache_entry_duration,
++ jint ocsp_max_cache_entry_duration)
++{
++ SECStatus rv = SECFailure;
++
++ rv = CERT_OCSPCacheSettings(
++ ocsp_cache_size, ocsp_min_cache_entry_duration,
++ ocsp_max_cache_entry_duration);
++
++ if (rv != SECSuccess) {
++ JSS_throwMsgPrErr(env,
++ GENERAL_SECURITY_EXCEPTION,
++ "Failed to set OCSP cache: error "+ PORT_GetError());
++ }
++}
++
++JNIEXPORT void JNICALL
++Java_org_mozilla_jss_CryptoManager_setOCSPTimeoutNative(
++ JNIEnv *env, jobject this,
++ jint ocsp_timeout )
++{
++ SECStatus rv = SECFailure;
++
++ rv = CERT_SetOCSPTimeout(ocsp_timeout);
++
++ if (rv != SECSuccess) {
++ JSS_throwMsgPrErr(env,
++ GENERAL_SECURITY_EXCEPTION,
++ "Failed to set OCSP timeout: error "+ PORT_GetError());
++ }
++}
++
+diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java.orig jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java
+--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java.orig 2009-11-04 14:20:33.000000000 -0800
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java 2009-11-05 10:48:59.415001000 -0800
+@@ -1479,4 +1479,41 @@ public final class CryptoManager impleme
+ String ocspResponderCertNickname )
+ throws GeneralSecurityException;
+
++ /**
++ * change OCSP cache settings
++ * * @param ocsp_cache_size max cache entries
++ * * @param ocsp_min_cache_entry_duration minimum seconds to next fetch attempt
++ * * @param ocsp_max_cache_entry_duration maximum seconds to next fetch attempt
++ */
++ public void OCSPCacheSettings(
++ int ocsp_cache_size,
++ int ocsp_min_cache_entry_duration,
++ int ocsp_max_cache_entry_duration)
++ throws GeneralSecurityException
++ {
++ OCSPCacheSettingsNative(ocsp_cache_size,
++ ocsp_min_cache_entry_duration,
++ ocsp_max_cache_entry_duration);
++ }
++
++ private native void OCSPCacheSettingsNative(
++ int ocsp_cache_size,
++ int ocsp_min_cache_entry_duration,
++ int ocsp_max_cache_entry_duration)
++ throws GeneralSecurityException;
++
++ /**
++ * set OCSP timeout value
++ * * @param ocspTimeout OCSP timeout in seconds
++ */
++ public void setOCSPTimeout(
++ int ocsp_timeout )
++ throws GeneralSecurityException
++ {
++ setOCSPTimeoutNative( ocsp_timeout);
++ }
++
++ private native void setOCSPTimeoutNative(
++ int ocsp_timeout )
++ throws GeneralSecurityException;
+ }
diff --git a/jss.spec b/jss.spec
index 3c54bd0..9390220 100644
--- a/jss.spec
+++ b/jss.spec
@@ -1,6 +1,6 @@
Name: jss
Version: 4.2.6
-Release: 6%{?dist}
+Release: 7%{?dist}
Summary: Java Security Services (JSS)
Group: System Environment/Libraries
@@ -27,6 +27,9 @@ Patch2: jss-javadocs-param.patch
Patch3: jss-ipv6.patch
Patch4: jss-ECC-pop.patch
Patch5: jss-loadlibrary.patch
+Patch6: jss-ocspSettings.patch
+Patch7: jss-ECC_keygen_byCurveName.patch
+
%description
Java Security Services (JSS) is a java native interface which provides a bridge
@@ -48,6 +51,8 @@ This package contains the API documentation for JSS.
%patch3 -p1
%patch4 -p1
%patch5 -p1
+%patch6 -p1
+%patch7 -p1
%build
[ -z "$JAVA_HOME" ] && export JAVA_HOME=%{_jvmdir}/java
@@ -143,6 +148,10 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Wed Oct 20 2010 Christina Fu <cfu at redhat.com> 4.2.6-7
+- Bugzilla Bug # 638833 - rfe ecc - add ec curve name support in JSS and CS
+- Bugzilla Bug # 529945 - expose NSS calls for OCSP settings
+
* Wed Jan 13 2010 Rob Crittenden <rcritten at redhat.com> 4.2.6-6
- Need to explicitly catch UnsatisfiedLinkError exception for System.load()
More information about the scm-commits
mailing list