diff --git a/mozilla/security/jss/build_java.pl b/mozilla/security/jss/build_java.pl
index 6cbb82d9361..5f830696e42 100644
--- a/mozilla/security/jss/build_java.pl
+++ b/mozilla/security/jss/build_java.pl
@@ -45,7 +45,6 @@ org.mozilla.jss.pkcs11.PK11KeyPairGenerator
org.mozilla.jss.pkcs11.SigContextProxy
org.mozilla.jss.pkcs11.PK11RSAPublicKey
org.mozilla.jss.pkcs11.PK11DSAPublicKey
-org.mozilla.jss.pkcs11.PK11ECPublicKey
org.mozilla.jss.pkcs11.PK11SecureRandom
org.mozilla.jss.provider.java.security.JSSKeyStoreSpi
org.mozilla.jss.SecretDecoderRing.KeyManager
diff --git a/mozilla/security/jss/lib/jss.def b/mozilla/security/jss/lib/jss.def
index 9abfb6a231a..09336f029d1 100644
--- a/mozilla/security/jss/lib/jss.def
+++ b/mozilla/security/jss/lib/jss.def
@@ -118,7 +118,6 @@ Java_org_mozilla_jss_pkcs11_PK11SymKey_getKeyType;
Java_org_mozilla_jss_pkcs11_PK11SymKey_getOwningToken;
Java_org_mozilla_jss_pkcs11_PK11SymKey_getStrength;
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPair;
-Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateECKeyPair;
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPair;
Java_org_mozilla_jss_pkcs11_PK11KeyGenerator_generateNormal;
Java_org_mozilla_jss_pkcs11_PK11KeyGenerator_generatePBE;
@@ -165,8 +164,6 @@ Java_org_mozilla_jss_pkcs11_PK11DSAPublicKey_getGByteArray;
Java_org_mozilla_jss_pkcs11_PK11DSAPublicKey_getPByteArray;
Java_org_mozilla_jss_pkcs11_PK11DSAPublicKey_getQByteArray;
Java_org_mozilla_jss_pkcs11_PK11DSAPublicKey_getYByteArray;
-Java_org_mozilla_jss_pkcs11_PK11ECPublicKey_getCurveByteArray;
-Java_org_mozilla_jss_pkcs11_PK11ECPublicKey_getWByteArray;
Java_org_mozilla_jss_pkcs11_PK11SecureRandom_nextBytes;
Java_org_mozilla_jss_pkcs11_PK11SecureRandom_setSeed;
Java_org_mozilla_jss_ssl_SSLServerSocket_clearSessionCache;
diff --git a/mozilla/security/jss/org/mozilla/jss/JSSProvider.java b/mozilla/security/jss/org/mozilla/jss/JSSProvider.java
index 941903ac00e..b7774d19bd9 100644
--- a/mozilla/security/jss/org/mozilla/jss/JSSProvider.java
+++ b/mozilla/security/jss/org/mozilla/jss/JSSProvider.java
@@ -100,32 +100,6 @@ public final class JSSProvider extends java.security.Provider {
"org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA512RSA");
put("Alg.Alias.Signature.SHA512/RSA", "SHA-512/RSA");
put("Alg.Alias.Signature.SHA512withRSA", "SHA-512/RSA");
-// ECC
- put("Signature.SHA1withEC",
- "org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA1EC");
- put("Alg.Alias.Signature.EC", "SHA1withEC");
- put("Alg.Alias.Signature.ECC", "SHA1withEC");
- put("Alg.Alias.Signature.ECDSA", "SHA1withEC");
- put("Alg.Alias.Signature.SHA/EC", "SHA1withEC");
- put("Alg.Alias.Signature.SHA1/EC", "SHA1withEC");
- put("Alg.Alias.Signature.SHA-1/EC", "SHA1withEC");
- put("Alg.Alias.Signature.SHA/ECDSA", "SHA1withEC");
- put("Alg.Alias.Signature.SHA1/ECDSA", "SHA1withEC");
-
- put("Signature.SHA256withEC",
- "org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA256EC");
- put("Alg.Alias.Signature.SHA256/EC", "SHA256withEC");
- put("Alg.Alias.Signature.SHA-256/EC", "SHA256withEC");
-
- put("Signature.SHA384withEC",
- "org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA384EC");
- put("Alg.Alias.Signature.SHA384/EC", "SHA384withEC");
- put("Alg.Alias.Signature.SHA-384/EC", "SHA384withEC");
-
- put("Signature.SHA512withEC",
- "org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA512EC");
- put("Alg.Alias.Signature.SHA512/EC", "SHA512withEC");
- put("Alg.Alias.Signature.SHA-512/EC", "SHA384withEC");
/////////////////////////////////////////////////////////////
// Message Digesting
@@ -163,8 +137,6 @@ public final class JSSProvider extends java.security.Provider {
"org.mozilla.jss.provider.java.security.JSSKeyPairGeneratorSpi$RSA");
put("KeyPairGenerator.DSA",
"org.mozilla.jss.provider.java.security.JSSKeyPairGeneratorSpi$DSA");
- put("KeyPairGenerator.EC",
- "org.mozilla.jss.provider.java.security.JSSKeyPairGeneratorSpi$EC");
/////////////////////////////////////////////////////////////
// KeyFactory
@@ -173,8 +145,6 @@ public final class JSSProvider extends java.security.Provider {
"org.mozilla.jss.provider.java.security.KeyFactorySpi1_2");
put("KeyFactory.DSA",
"org.mozilla.jss.provider.java.security.KeyFactorySpi1_2");
- put("KeyFactory.EC",
- "org.mozilla.jss.provider.java.security.KeyFactorySpi1_2");
/////////////////////////////////////////////////////////////
// AlgorithmParameters
diff --git a/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.c b/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.c
index 50d562d9165..5232c1e551c 100644
--- a/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.c
+++ b/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.c
@@ -103,13 +103,7 @@ JSS_AlgInfo JSS_AlgTable[NUM_ALGS] = {
/* 40 */ {SEC_OID_SHA512, SEC_OID_TAG},
/* 41 */ {SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION, SEC_OID_TAG},
/* 42 */ {SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION, SEC_OID_TAG},
-/* 43 */ {SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION, SEC_OID_TAG},
-/* 44 */ {SEC_OID_ANSIX962_EC_PUBLIC_KEY, SEC_OID_TAG},
-/* 45 */ {SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE, SEC_OID_TAG},
-/* 46 */ {CKM_EC_KEY_PAIR_GEN, PK11_MECH},
-/* 47 */ {SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE, SEC_OID_TAG},
-/* 48 */ {SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE, SEC_OID_TAG},
-/* 49 */ {SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE, SEC_OID_TAG},
+/* 43 */ {SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION, SEC_OID_TAG}
/* REMEMBER TO UPDATE NUM_ALGS!!! */
};
diff --git a/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.h b/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.h
index 1117ada833e..7f8f80381bf 100644
--- a/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.h
+++ b/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.h
@@ -56,7 +56,7 @@ typedef struct JSS_AlgInfoStr {
JSS_AlgType type;
} JSS_AlgInfo;
-#define NUM_ALGS 50
+#define NUM_ALGS 44
extern JSS_AlgInfo JSS_AlgTable[];
extern CK_ULONG JSS_symkeyUsage[];
diff --git a/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.java b/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.java
index 1fc1993e969..73f9e8a2ebb 100644
--- a/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.java
+++ b/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.java
@@ -168,8 +168,6 @@ public class Algorithm {
//////////////////////////////////////////////////////////////
static final OBJECT_IDENTIFIER ANSI_X9_ALGORITHM =
new OBJECT_IDENTIFIER( new long[] { 1, 2, 840, 10040, 4 } );
- static final OBJECT_IDENTIFIER ANSI_X962_OID =
- new OBJECT_IDENTIFIER( new long[] { 1, 2, 840, 10045 } );
// Algorithm indices. These must be kept in sync with the
// algorithm array in Algorithm.c.
@@ -226,11 +224,5 @@ public class Algorithm {
protected static final short SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION=41;
protected static final short SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION=42;
protected static final short SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION=43;
- protected static final short SEC_OID_ANSIX962_EC_PUBLIC_KEY=44;
- protected static final short SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE=45;
- protected static final short CKM_EC_KEY_PAIR_GEN=46;
- protected static final short SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE=47;
- protected static final short SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE=48;
- protected static final short SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE=49;
}
diff --git a/mozilla/security/jss/org/mozilla/jss/crypto/CryptoToken.java b/mozilla/security/jss/org/mozilla/jss/crypto/CryptoToken.java
index 65d1805d68d..2d787bad165 100644
--- a/mozilla/security/jss/org/mozilla/jss/crypto/CryptoToken.java
+++ b/mozilla/security/jss/org/mozilla/jss/crypto/CryptoToken.java
@@ -148,7 +148,7 @@ public interface CryptoToken {
* on this token.
*
* @param algorithm The algorithm that the keys will be used with (RSA,
- * DSA, EC, etc.)
+ * DSA, etc.)
* @exception java.security.NoSuchAlgorithmException If this token does
* not support the given algorithm.
* @deprecated Use the JCA interface instead ({@link java.security.KeyPairGenerator})
diff --git a/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairAlgorithm.java b/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairAlgorithm.java
index baf7fe88cc5..f42c43ce863 100644
--- a/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairAlgorithm.java
+++ b/mozilla/security/jss/org/mozilla/jss/crypto/KeyPairAlgorithm.java
@@ -93,15 +93,9 @@ public class KeyPairAlgorithm extends Algorithm {
public static final Algorithm
DSAFamily = new Algorithm(SEC_OID_ANSIX9_DSA_SIGNATURE, "DSA");
- public static final Algorithm
- ECFamily = new Algorithm(SEC_OID_ANSIX962_EC_PUBLIC_KEY, "EC");
-
public static final KeyPairAlgorithm
RSA = new KeyPairAlgorithm(CKM_RSA_PKCS_KEY_PAIR_GEN, "RSA", RSAFamily);
public static final KeyPairAlgorithm
DSA = new KeyPairAlgorithm(CKM_DSA_KEY_PAIR_GEN, "DSA", DSAFamily);
-
- public static final KeyPairAlgorithm
- EC = new KeyPairAlgorithm(CKM_EC_KEY_PAIR_GEN, "EC", ECFamily);
}
diff --git a/mozilla/security/jss/org/mozilla/jss/crypto/PrivateKey.java b/mozilla/security/jss/org/mozilla/jss/crypto/PrivateKey.java
index 99bd30f1f0d..d580a73f75b 100644
--- a/mozilla/security/jss/org/mozilla/jss/crypto/PrivateKey.java
+++ b/mozilla/security/jss/org/mozilla/jss/crypto/PrivateKey.java
@@ -50,7 +50,6 @@ public interface PrivateKey extends java.security.PrivateKey
public static final Type RSA = Type.RSA;
public static final Type DSA = Type.DSA;
- public static final Type EC = Type.EC;
public static final Type DiffieHellman = Type.DiffieHellman;
/**
@@ -113,7 +112,7 @@ public interface PrivateKey extends java.security.PrivateKey
/**
* Returns a string representation of the algorithm, such as
- * "RSA", "DSA", or "EC".
+ * "RSA" or "DSA".
*/
public String toString() {
return name;
@@ -135,16 +134,11 @@ public interface PrivateKey extends java.security.PrivateKey
private static int CKK_RSA = 0x0;
private static int CKK_DSA = 0x1;
private static int CKK_DH = 0x2;
- private static int CKK_EC = 0x3;
- private static int CKK_X9_42_DH = 0x4;
- private static int CKK_KEA = 0x5;
public static final Type RSA = new Type(
OBJECT_IDENTIFIER.PKCS1.subBranch(1), "RSA", CKK_RSA );
public static final Type DSA = new Type(
Algorithm.ANSI_X9_ALGORITHM.subBranch(1), "DSA", CKK_DSA);
- public static final Type EC = new Type(
- Algorithm.ANSI_X962_OID.subBranch(2).subBranch(1), "EC", CKK_EC);
public static final Type DiffieHellman = new Type(
DH_OID, "DiffieHellman", CKK_DH );
diff --git a/mozilla/security/jss/org/mozilla/jss/crypto/SignatureAlgorithm.java b/mozilla/security/jss/org/mozilla/jss/crypto/SignatureAlgorithm.java
index 07fe20266ee..ac48d568844 100644
--- a/mozilla/security/jss/org/mozilla/jss/crypto/SignatureAlgorithm.java
+++ b/mozilla/security/jss/org/mozilla/jss/crypto/SignatureAlgorithm.java
@@ -113,21 +113,12 @@ public class SignatureAlgorithm extends Algorithm {
/**********************************************************************
* Raw DSA signing. This algorithm does not do any hashing, it merely
- * operates on its input, which should be a hash.
+ * encrypts its input, which should be a hash.
*/
public static final SignatureAlgorithm
DSASignature = new SignatureAlgorithm(SEC_OID_ANSIX9_DSA_SIGNATURE, "DSA",
null, null, ANSI_X9_ALGORITHM.subBranch(1) );
- /**********************************************************************
- * Raw EC signing. This algorithm does not do any hashing, it merely
- * operates on its input, which should be a hash.
- */
- public static final SignatureAlgorithm
- ECSignature = new SignatureAlgorithm(SEC_OID_ANSIX962_EC_PUBLIC_KEY,
- "EC",
- null, null, ANSI_X962_OID.subBranch(2).subBranch(1) );
-
//////////////////////////////////////////////////////////////////////
public static final SignatureAlgorithm
RSASignatureWithMD2Digest =
@@ -156,34 +147,6 @@ public class SignatureAlgorithm extends Algorithm {
"DSASignatureWithSHA1Digest", DSASignature, DigestAlgorithm.SHA1,
ANSI_X9_ALGORITHM.subBranch(3) );
- //////////////////////////////////////////////////////////////////////
- public static final SignatureAlgorithm
- ECSignatureWithSHA1Digest =
- new SignatureAlgorithm(SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE,
- "ECSignatureWithSHA1Digest", ECSignature, DigestAlgorithm.SHA1,
- ANSI_X962_OID.subBranch(4).subBranch(1) );
-
- //////////////////////////////////////////////////////////////////////
- public static final SignatureAlgorithm
- ECSignatureWithSHA256Digest =
- new SignatureAlgorithm(SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE,
- "ECSignatureWithSHA256Digest", ECSignature, DigestAlgorithm.SHA256,
- ANSI_X962_OID.subBranch(4).subBranch(3).subBranch(2) );
-
- //////////////////////////////////////////////////////////////////////
- public static final SignatureAlgorithm
- ECSignatureWithSHA384Digest =
- new SignatureAlgorithm(SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE,
- "ECSignatureWithSHA384Digest", ECSignature, DigestAlgorithm.SHA384,
- ANSI_X962_OID.subBranch(4).subBranch(3).subBranch(3) );
-
- //////////////////////////////////////////////////////////////////////
- public static final SignatureAlgorithm
- ECSignatureWithSHA512Digest =
- new SignatureAlgorithm(SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE,
- "ECSignatureWithSHA512Digest", ECSignature, DigestAlgorithm.SHA512,
- ANSI_X962_OID.subBranch(4).subBranch(3).subBranch(4) );
-
//////////////////////////////////////////////////////////////////////
public static final SignatureAlgorithm
RSASignatureWithSHA256Digest =
diff --git a/mozilla/security/jss/org/mozilla/jss/pkcs11/KeyType.java b/mozilla/security/jss/org/mozilla/jss/pkcs11/KeyType.java
index 01037ac1e03..c33588d7f61 100644
--- a/mozilla/security/jss/org/mozilla/jss/pkcs11/KeyType.java
+++ b/mozilla/security/jss/org/mozilla/jss/pkcs11/KeyType.java
@@ -164,19 +164,6 @@ public final class KeyType {
"DSA"
);
- //////////////////////////////////////////////////////////////
- static public final KeyType
- EC = new KeyType(new Algorithm[]
- {
- SignatureAlgorithm.ECSignature,
- SignatureAlgorithm.ECSignatureWithSHA1Digest,
- SignatureAlgorithm.ECSignatureWithSHA256Digest,
- SignatureAlgorithm.ECSignatureWithSHA384Digest,
- SignatureAlgorithm.ECSignatureWithSHA512Digest
- },
- "EC"
- );
-
//////////////////////////////////////////////////////////////
static public final KeyType
FORTEZZA = new KeyType(new Algorithm[0], "FORTEZZA");
diff --git a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11ECPrivateKey.java b/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11ECPrivateKey.java
deleted file mode 100644
index f1351cc5095..00000000000
--- a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11ECPrivateKey.java
+++ /dev/null
@@ -1,45 +0,0 @@
-package org.mozilla.jss.pkcs11;
-
-import org.mozilla.jss.crypto.PrivateKey;
-import org.mozilla.jss.crypto.TokenException;
-import org.mozilla.jss.util.Assert;
-import java.math.BigInteger;
-// requires JAVA 1.5
-//import java.security.interfaces.ECPrivateKey;
-
-class PK11ECPrivateKey
-// extends PK11PrivKey implements ECPrivateKey
- extends PK11PrivKey
-{
-
- private PK11ECPrivateKey() { super(null); }
-
- protected PK11ECPrivateKey(byte[] pointer) {
- super(pointer);
- }
-
- public PrivateKey.Type getType() {
- return PrivateKey.Type.EC;
- }
-
- /**
- * If this fails, we just return null, since no exceptions are allowed.
- */
-// requires JAVA 1.5
-// public ECParams getParams() {
-// try {
-// return getECParams();
-// } catch(TokenException te) {
-// return null;
-// }
-// }
-
- /**
- * Not implemented. NSS doesn't support extracting private key material
- * like this.
- */
-// requires JAVA 1.5
-// public BigInteger getW() {
-// return null;
-// }
-}
diff --git a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11ECPublicKey.java b/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11ECPublicKey.java
deleted file mode 100644
index 234f224b794..00000000000
--- a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11ECPublicKey.java
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape Security Services for Java.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1998-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-package org.mozilla.jss.pkcs11;
-
-import org.mozilla.jss.util.Assert;
-// Requires JAVA 1.5
-//import java.security.interfaces.ECPublicKey;
-import java.math.BigInteger;
-
-//
-// Requires JAVA 1.5
-//public final class PK11ECPublicKey extends PK11PubKey implements ECPublicKey {
-public final class PK11ECPublicKey extends PK11PubKey {
-
- public PK11ECPublicKey(byte[] pointer) {
- super(pointer);
- }
-
-//
-// Requires JAVA 1.5
-// public ECParams getCurve() {
-// try {
-// return new BigInteger( getCurveByteArray() );
-// } catch(NumberFormatException e) {
-// Assert.notReached("Unable to decode DSA parameters");
-// return null;
-// }
-// }
-//
-// public BigInteger getW() {
-// try {
-// return new BigInteger( getWByteArray() );
-// } catch(NumberFormatException e) {
-// Assert.notReached("Unable to decode DSA public value");
-// return null;
-// }
-// }
-//
-// private native byte[] getCurveByteArray();
-// private native byte[] getWByteArray();
-}
diff --git a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c b/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c
index 9abe8077a4d..61b55ed44e0 100644
--- a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c
+++ b/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c
@@ -120,19 +120,37 @@ finish:
int PK11_NumberObjectsFor(PK11SlotInfo*, CK_ATTRIBUTE*, int);
-/*
- * make a common key gen function for both this file and PK11Token.c
+/**********************************************************************
+ * PK11KeyPairGenerator.generateRSAKeyPair
*/
-SECStatus
-JSS_PK11_generateKeyPair(JNIEnv *env, CK_MECHANISM_TYPE mechanism,
- PK11SlotInfo *slot, SECKEYPublicKey **pubk, SECKEYPrivateKey **privk,
- void *params, PRBool temporary, jint sensitive, jint extractable)
+JNIEXPORT jobject JNICALL
+Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPair
+ (JNIEnv *env, jobject this, jobject token, jint keySize, jlong publicExponent,
+ jboolean temporary, jint sensitive, jint extractable)
{
+ PK11SlotInfo* slot;
+ PK11RSAGenParams params;
+ SECKEYPrivateKey *privk=NULL;
+ SECKEYPublicKey *pubk=NULL;
+ jobject keyPair=NULL;
PK11AttrFlags attrFlags = 0;
- *privk=NULL;
- *pubk=NULL;
- PR_ASSERT(env!=NULL && slot!=NULL);
+ PR_ASSERT(env!=NULL && this!=NULL && token!=NULL);
+
+ /**************************************************
+ * get the slot pointer
+ *************************************************/
+ if( JSS_PK11_getTokenSlotPtr(env, token, &slot) != PR_SUCCESS) {
+ PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
+ goto finish;
+ }
+ PR_ASSERT(slot != NULL);
+
+ /**************************************************
+ * setup parameters
+ *************************************************/
+ params.keySizeInBits = keySize;
+ params.pe = publicExponent;
/**************************************************
* login to the token if necessary
@@ -173,13 +191,13 @@ JSS_PK11_generateKeyPair(JNIEnv *env, CK_MECHANISM_TYPE mechanism,
} else {
attrFlags |= (PK11_ATTR_INSENSITIVE | PK11_ATTR_PUBLIC);
}
- *privk = PK11_GenerateKeyPairWithFlags(slot,
- mechanism,
- params,
- pubk,
+ privk = PK11_GenerateKeyPairWithFlags(slot,
+ CKM_RSA_PKCS_KEY_PAIR_GEN,
+ ¶ms, /* params is not a ptr */
+ &pubk,
attrFlags,
NULL /* default PW callback */ );
- if( *privk == NULL ) {
+ if( privk == NULL ) {
int errLength;
char *errBuf;
char *msgBuf;
@@ -202,51 +220,6 @@ JSS_PK11_generateKeyPair(JNIEnv *env, CK_MECHANISM_TYPE mechanism,
PR_Free(msgBuf);
goto finish;
}
- return SECSuccess;
-
-
-finish:
- if(*privk!=NULL) {
- SECKEY_DestroyPrivateKey(*privk);
- *privk = NULL;
- }
- if(*pubk!=NULL) {
- SECKEY_DestroyPublicKey(*pubk);
- *pubk = NULL;
- }
- return SECFailure;
-}
-
-/**********************************************************************
- * Local generic helper
- */
-static jobject
-PK11KeyPairGenerator(JNIEnv *env, jobject this, jobject token,
- CK_MECHANISM_TYPE mechanism, void *params,
- jboolean temporary, jint sensitive, jint extractable)
-{
- PK11SlotInfo* slot;
- SECKEYPrivateKey *privk=NULL;
- SECKEYPublicKey *pubk=NULL;
- jobject keyPair=NULL;
- SECStatus rv;
-
- PR_ASSERT(env!=NULL && this!=NULL && token!=NULL);
-
- /**************************************************
- * get the slot pointer
- *************************************************/
- if( JSS_PK11_getTokenSlotPtr(env, token, &slot) != PR_SUCCESS) {
- PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
- goto finish;
- }
- PR_ASSERT(slot != NULL);
-
- rv = JSS_PK11_generateKeyPair(env, mechanism, slot, &pubk, &privk,
- params, temporary, sensitive, extractable);
- if (rv != SECSuccess) {
- goto finish;
- }
/**************************************************
* wrap in a Java KeyPair object
@@ -267,28 +240,6 @@ finish:
return keyPair;
}
-/**********************************************************************
- * PK11KeyPairGenerator.generateRSAKeyPair
- */
-JNIEXPORT jobject JNICALL
-Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPair
- (JNIEnv *env, jobject this, jobject token, jint keySize, jlong publicExponent,
- jboolean temporary, jint sensitive, jint extractable)
-{
- PK11RSAGenParams params;
-
- PR_ASSERT(env!=NULL && this!=NULL && token!=NULL);
-
- /**************************************************
- * setup parameters
- *************************************************/
- params.keySizeInBits = keySize;
- params.pe = publicExponent;
-
- return PK11KeyPairGenerator(env, this, token, CKM_RSA_PKCS_KEY_PAIR_GEN,
- ¶ms, temporary, sensitive, extractable);
-}
-
#define ZERO_SECITEM(item) {(item).len=0; (item).data=NULL;}
/**********************************************************************
@@ -301,9 +252,13 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPair
(JNIEnv *env, jobject this, jobject token, jbyteArray P, jbyteArray Q,
jbyteArray G, jboolean temporary, jint sensitive, jint extractable)
{
+ PK11SlotInfo *slot;
+ SECKEYPrivateKey *privk=NULL;
+ SECKEYPublicKey *pubk=NULL;
SECItem p, q, g;
PQGParams *params=NULL;
jobject keyPair=NULL;
+ PK11AttrFlags attrFlags = 0;
PR_ASSERT(env!=NULL && this!=NULL && token!=NULL && P!=NULL && Q!=NULL
&& G!=NULL);
@@ -313,6 +268,15 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPair
ZERO_SECITEM(q);
ZERO_SECITEM(g);
+
+ /**************************************************
+ * Get the slot pointer
+ *************************************************/
+ if( JSS_PK11_getTokenSlotPtr(env, token, &slot) != PR_SUCCESS) {
+ PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
+ goto finish;
+ }
+
/**************************************************
* Setup the parameters
*************************************************/
@@ -328,8 +292,66 @@ Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPair
JSS_throw(env, OUT_OF_MEMORY_ERROR);
goto finish;
}
- keyPair = PK11KeyPairGenerator(env, this, token, CKM_DSA_KEY_PAIR_GEN,
- params, temporary, sensitive, extractable);
+
+ /**************************************************
+ * login to the token if necessary
+ *************************************************/
+ if( PK11_Authenticate(slot, PR_TRUE /*loadcerts*/, NULL /* default pwcb*/)
+ != SECSuccess)
+ {
+ JSS_throwMsg(env, TOKEN_EXCEPTION, "unable to login to token");
+ goto finish;
+ }
+
+ /**************************************************
+ * generate the key pair on the token
+ *************************************************/
+ if( temporary ) {
+ attrFlags |= PK11_ATTR_SESSION;
+ } else {
+ attrFlags |= PK11_ATTR_TOKEN;
+ }
+ if( extractable == 1 ) {
+ attrFlags |= PK11_ATTR_EXTRACTABLE;
+ } else if( extractable == 0 ) {
+ attrFlags |= PK11_ATTR_UNEXTRACTABLE;
+ }
+ /*
+ * The default of sensitive is set this way to be backward
+ * compatible.
+ */
+ if( sensitive == -1 ) {
+ sensitive = !temporary; /* workaround bug 129563 */
+ }
+ /*
+ * The PRIVATE/PUBLIC attributes are set this way to be backward
+ * compatible with the original PK11_GenerateKeyPair call.
+ */
+ if( sensitive ) {
+ attrFlags |= (PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE);
+ } else {
+ attrFlags |= (PK11_ATTR_INSENSITIVE | PK11_ATTR_PUBLIC);
+ }
+ privk = PK11_GenerateKeyPairWithFlags(slot,
+ CKM_DSA_KEY_PAIR_GEN,
+ params, /* params is a ptr */
+ &pubk,
+ attrFlags,
+ NULL /* default PW callback */);
+ if( privk == NULL ) {
+ JSS_throwMsg(env, TOKEN_EXCEPTION,
+ "Keypair Generation failed on PKCS #11 token");
+ goto finish;
+ }
+
+ /**************************************************
+ * wrap in a Java KeyPair object
+ *************************************************/
+ keyPair = keysToKeyPair(env, &privk, &pubk);
+ if(keyPair == NULL) {
+ PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
+ goto finish;
+ }
finish:
SECITEM_FreeItem(&p, PR_FALSE);
@@ -338,50 +360,3 @@ finish:
PK11_PQG_DestroyParams(params);
return keyPair;
}
-
-void
-DumpItem(SECItem *item)
-{
- unsigned char *data = item->data;
- int i;
-
- for (i=0; i < item->len; i++) {
- printf(" %02x",data[i]);
- }
- printf(" : 0x%08x %d\n", data, item->len);
-}
-
-/**********************************************************************
- *
- * PK11KeyPairGenerator.generateECKeyPair
- *
- */
-JNIEXPORT jobject JNICALL
-Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateECKeyPair
- (JNIEnv *env, jobject this, jobject token, jbyteArray Curve,
- jboolean temporary, jint sensitive, jint extractable)
-{
- SECItem curve;
- jobject keyPair=NULL;
-
- PR_ASSERT(env!=NULL && this!=NULL && token!=NULL && Curve!=NULL );
-
- /* zero these so we can free them indiscriminately later */
- ZERO_SECITEM(curve);
-
- /**************************************************
- * Setup the parameters
- *************************************************/
- if( JSS_ByteArrayToOctetString(env, Curve, &curve))
- {
- PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
- goto finish;
- }
-
- keyPair = PK11KeyPairGenerator(env, this, token, CKM_EC_KEY_PAIR_GEN,
- &curve, temporary, sensitive, extractable);
-
-finish:
- SECITEM_FreeItem(&curve, PR_FALSE);
- return keyPair;
-}
diff --git a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java b/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java
index bb8588b1ab3..2f5b5024c25 100644
--- a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java
+++ b/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.java
@@ -38,14 +38,12 @@ package org.mozilla.jss.pkcs11;
import org.mozilla.jss.crypto.*;
import org.mozilla.jss.util.*;
-import org.mozilla.jss.asn1.*;
import java.math.BigInteger;
import java.security.*;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.DSAParameterSpec;
-
/**
* A Key Pair Generator implemented using PKCS #11.
*
@@ -65,9 +63,8 @@ public final class PK11KeyPairGenerator
* Constructor for PK11KeyPairGenerator.
* @param token The PKCS #11 token that the keypair will be generated on.
* @param algorithm The type of key that will be generated. Currently,
- * KeyPairAlgorithm.RSA ,
- * KeyPairAlgorithm.DSA and
- * KeyPairAlgorithm.EC are supported.
+ * KeyPairAlgorithm.RSA and
+ * KeyPairAlgorithm.DSA are supported.
*/
public PK11KeyPairGenerator(PK11Token token, KeyPairAlgorithm algorithm)
throws NoSuchAlgorithmException, TokenException
@@ -118,7 +115,8 @@ public final class PK11KeyPairGenerator
if(algorithm == KeyPairAlgorithm.RSA) {
params =
new RSAParameterSpec(strength, DEFAULT_RSA_PUBLIC_EXPONENT);
- } else if(algorithm == KeyPairAlgorithm.DSA) {
+ } else {
+ Assert._assert( algorithm == KeyPairAlgorithm.DSA );
if(strength==512) {
params = PQG512;
} else if(strength==768) {
@@ -130,9 +128,6 @@ public final class PK11KeyPairGenerator
"In order to use pre-cooked PQG values, key strength must"+
"be 512, 768, or 1024.");
}
- } else {
- Assert._assert( algorithm == KeyPairAlgorithm.EC );
- params = getCurve(strength);
}
}
@@ -166,22 +161,12 @@ public final class PK11KeyPairGenerator
throw new InvalidAlgorithmParameterException(
"RSA Public Exponent must fit in 31 or fewer bits.");
}
- } else if ( algorithm == KeyPairAlgorithm.DSA ){
+ } else {
+ Assert._assert( algorithm == KeyPairAlgorithm.DSA);
if(! (params instanceof DSAParameterSpec) ) {
throw new InvalidAlgorithmParameterException();
}
- } else {
- Assert._assert( algorithm == KeyPairAlgorithm.EC);
- // requires JAVA 1.5
- // if(! (params instanceof ECParameterSpec) ) {
- // throw new InvalidAlgorithmParameterException();
- //}
- // requires JAVA 1.5
- if(! (params instanceof PK11ParameterSpec) ) {
- throw new InvalidAlgorithmParameterException();
- }
- } // future add support for X509EncodedSpec
-
+ }
this.params = params;
}
@@ -211,7 +196,8 @@ public final class PK11KeyPairGenerator
sensitivePairMode,
extractablePairMode);
}
- } else if(algorithm == KeyPairAlgorithm.DSA ) {
+ } else {
+ Assert._assert( algorithm == KeyPairAlgorithm.DSA );
if(params==null) {
params = PQG1024;
}
@@ -224,22 +210,7 @@ public final class PK11KeyPairGenerator
temporaryPairMode,
sensitivePairMode,
extractablePairMode);
- } else {
- Assert._assert( algorithm == KeyPairAlgorithm.EC );
- // requires JAVA 1.5 for ECParameters.
- //
- //AlgorithmParameters ecParams =
- // AlgorithmParameters.getInstance("ECParameters");
- // ecParams.init(params);
- PK11ParameterSpec ecParams = (PK11ParameterSpec) params;
-
- return generateECKeyPair(
- token,
- ecParams.getEncoded(), /* curve */
- temporaryPairMode,
- sensitivePairMode,
- extractablePairMode);
- }
+ }
}
/**
@@ -274,15 +245,6 @@ public final class PK11KeyPairGenerator
boolean temporary, int sensitive, int extractable)
throws TokenException;
- /**
- * Generates a EC key pair with the given a curve.
- * Curves are stored as DER Encoded Parameters.
- */
- private native KeyPair
- generateECKeyPair(PK11Token token, byte[] Curve,
- boolean temporary, int sensitive, int extractable)
- throws TokenException;
-
///////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////
// Defaults
@@ -397,266 +359,6 @@ public final class PK11KeyPairGenerator
extractablePairMode = extractable ? 1 : 0;
}
- //
- // requires JAVA 1.5
- //
- //private AlgorithmParameterSpec getCurve(int strength) {
- //}
-
-
- private static final OBJECT_IDENTIFIER ANSI_X962_PRIME_CURVE =
- new OBJECT_IDENTIFIER( new long[] { 1, 2, 840, 10045, 3, 1 } );
- private static final OBJECT_IDENTIFIER ANSI_X962_BINARY_CURVE =
- new OBJECT_IDENTIFIER( new long[] { 1, 2, 840, 10045, 3, 0 } );
- private static final OBJECT_IDENTIFIER SECG_EC_CURVE =
- new OBJECT_IDENTIFIER( new long[] { 1, 3, 132, 0 } );
-
- // ANSI Prime curves
- static final OBJECT_IDENTIFIER CURVE_ANSI_P192V1
- = ANSI_X962_PRIME_CURVE.subBranch(1);
- static final OBJECT_IDENTIFIER CURVE_ANSI_P192V2
- = ANSI_X962_PRIME_CURVE.subBranch(2);
- static final OBJECT_IDENTIFIER CURVE_ANSI_P192V3
- = ANSI_X962_PRIME_CURVE.subBranch(3);
- static final OBJECT_IDENTIFIER CURVE_ANSI_P239V1
- = ANSI_X962_PRIME_CURVE.subBranch(4);
- static final OBJECT_IDENTIFIER CURVE_ANSI_P239V2
- = ANSI_X962_PRIME_CURVE.subBranch(5);
- static final OBJECT_IDENTIFIER CURVE_ANSI_P239V3
- = ANSI_X962_PRIME_CURVE.subBranch(6);
- static final OBJECT_IDENTIFIER CURVE_ANSI_P256V1
- = ANSI_X962_PRIME_CURVE.subBranch(7);
-
- // ANSI Binary curves
- static final OBJECT_IDENTIFIER CURVE_ANSI_PNB163V1
- =ANSI_X962_BINARY_CURVE.subBranch(1);
- static final OBJECT_IDENTIFIER CURVE_ANSI_PNB163V2
- =ANSI_X962_BINARY_CURVE.subBranch(2);
- static final OBJECT_IDENTIFIER CURVE_ANSI_PNB163V3
- =ANSI_X962_BINARY_CURVE.subBranch(3);
- static final OBJECT_IDENTIFIER CURVE_ANSI_PNB176V1
- =ANSI_X962_BINARY_CURVE.subBranch(4);
- static final OBJECT_IDENTIFIER CURVE_ANSI_TNB191V1
- =ANSI_X962_BINARY_CURVE.subBranch(5);
- static final OBJECT_IDENTIFIER CURVE_ANSI_TNB191V2
- =ANSI_X962_BINARY_CURVE.subBranch(6);
- static final OBJECT_IDENTIFIER CURVE_ANSI_TNB191V3
- =ANSI_X962_BINARY_CURVE.subBranch(7);
- static final OBJECT_IDENTIFIER CURVE_ANSI_ONB191V4
- =ANSI_X962_BINARY_CURVE.subBranch(8);
- static final OBJECT_IDENTIFIER CURVE_ANSI_ONB191V5
- =ANSI_X962_BINARY_CURVE.subBranch(9);
- static final OBJECT_IDENTIFIER CURVE_ANSI_PNB208W1
- =ANSI_X962_BINARY_CURVE.subBranch(10);
- static final OBJECT_IDENTIFIER CURVE_ANSI_TNB239V1
- =ANSI_X962_BINARY_CURVE.subBranch(11);
- static final OBJECT_IDENTIFIER CURVE_ANSI_TNB239V2
- =ANSI_X962_BINARY_CURVE.subBranch(12);
- static final OBJECT_IDENTIFIER CURVE_ANSI_TNB239V3
- =ANSI_X962_BINARY_CURVE.subBranch(13);
- static final OBJECT_IDENTIFIER CURVE_ANSI_ONB239V4
- =ANSI_X962_BINARY_CURVE.subBranch(14);
- static final OBJECT_IDENTIFIER CURVE_ANSI_ONB239V5
- =ANSI_X962_BINARY_CURVE.subBranch(15);
- static final OBJECT_IDENTIFIER CURVE_ANSI_PNB272W1
- =ANSI_X962_BINARY_CURVE.subBranch(16);
- static final OBJECT_IDENTIFIER CURVE_ANSI_PNB304W1
- =ANSI_X962_BINARY_CURVE.subBranch(17);
- static final OBJECT_IDENTIFIER CURVE_ANSI_TNB359V1
- =ANSI_X962_BINARY_CURVE.subBranch(18);
- static final OBJECT_IDENTIFIER CURVE_ANSI_PNB368W1
- =ANSI_X962_BINARY_CURVE.subBranch(19);
- static final OBJECT_IDENTIFIER CURVE_ANSI_TNB431R1
- =ANSI_X962_BINARY_CURVE.subBranch(20);
-
- // SEG Prime curves
- static final OBJECT_IDENTIFIER CURVE_SECG_P112R1
- = SECG_EC_CURVE.subBranch(6);
- static final OBJECT_IDENTIFIER CURVE_SECG_P112R2
- = SECG_EC_CURVE.subBranch(7);
- static final OBJECT_IDENTIFIER CURVE_SECG_P128R1
- = SECG_EC_CURVE.subBranch(28);
- static final OBJECT_IDENTIFIER CURVE_SECG_P128R2
- = SECG_EC_CURVE.subBranch(29);
- static final OBJECT_IDENTIFIER CURVE_SECG_P160K1
- = SECG_EC_CURVE.subBranch(9);
- static final OBJECT_IDENTIFIER CURVE_SECG_P160R1
- = SECG_EC_CURVE.subBranch(8);
- static final OBJECT_IDENTIFIER CURVE_SECG_P160R2
- = SECG_EC_CURVE.subBranch(30);
- static final OBJECT_IDENTIFIER CURVE_SECG_P192K1
- = SECG_EC_CURVE.subBranch(31);
- static final OBJECT_IDENTIFIER CURVE_SECG_P224K1
- = SECG_EC_CURVE.subBranch(32);
- static final OBJECT_IDENTIFIER CURVE_SECG_P224R1
- = SECG_EC_CURVE.subBranch(33);
- static final OBJECT_IDENTIFIER CURVE_SECG_P256K1
- = SECG_EC_CURVE.subBranch(10);
- static final OBJECT_IDENTIFIER CURVE_SECG_P384R1
- = SECG_EC_CURVE.subBranch(34);
- static final OBJECT_IDENTIFIER CURVE_SECG_P521R1
- = SECG_EC_CURVE.subBranch(35);
-
- // SEG Binary curves
- static final OBJECT_IDENTIFIER CURVE_SECG_T113R1
- = SECG_EC_CURVE.subBranch(4);
- static final OBJECT_IDENTIFIER CURVE_SECG_T113R2
- = SECG_EC_CURVE.subBranch(5);
- static final OBJECT_IDENTIFIER CURVE_SECG_T131R1
- = SECG_EC_CURVE.subBranch(22);
- static final OBJECT_IDENTIFIER CURVE_SECG_T131R2
- = SECG_EC_CURVE.subBranch(23);
- static final OBJECT_IDENTIFIER CURVE_SECG_T163K1
- = SECG_EC_CURVE.subBranch(1);
- static final OBJECT_IDENTIFIER CURVE_SECG_T163R1
- = SECG_EC_CURVE.subBranch(2);
- static final OBJECT_IDENTIFIER CURVE_SECG_T163R2
- = SECG_EC_CURVE.subBranch(15);
- static final OBJECT_IDENTIFIER CURVE_SECG_T193R1
- = SECG_EC_CURVE.subBranch(24);
- static final OBJECT_IDENTIFIER CURVE_SECG_T193R2
- = SECG_EC_CURVE.subBranch(25);
- static final OBJECT_IDENTIFIER CURVE_SECG_T233K1
- = SECG_EC_CURVE.subBranch(26);
- static final OBJECT_IDENTIFIER CURVE_SECG_T233R1
- = SECG_EC_CURVE.subBranch(27);
- static final OBJECT_IDENTIFIER CURVE_SECG_T239K1
- = SECG_EC_CURVE.subBranch(3);
- static final OBJECT_IDENTIFIER CURVE_SECG_T283K1
- = SECG_EC_CURVE.subBranch(16);
- static final OBJECT_IDENTIFIER CURVE_SECG_T283R1
- = SECG_EC_CURVE.subBranch(17);
- static final OBJECT_IDENTIFIER CURVE_SECG_T409K1
- = SECG_EC_CURVE.subBranch(36);
- static final OBJECT_IDENTIFIER CURVE_SECG_T409R1
- = SECG_EC_CURVE.subBranch(37);
- static final OBJECT_IDENTIFIER CURVE_SECG_T571K1
- = SECG_EC_CURVE.subBranch(38);
- static final OBJECT_IDENTIFIER CURVE_SECG_T571R1
- = SECG_EC_CURVE.subBranch(39);
-
- private AlgorithmParameterSpec getCurve(int strength)
- throws InvalidParameterException
- {
- OBJECT_IDENTIFIER oid;
- switch (strength) {
- case 112:
- oid = CURVE_SECG_P112R1; // == WTLS-6
- // Can't get to curve SECG P-112R2
- // Can't get to curve WTLS-8 (No oid for WTLS-8)
- break;
- case 113:
- oid = CURVE_SECG_T113R1; // == WTLS-4
- // Can't get to curve SECG T-113R2
- // Can't get to curve WTLS-1 (No oid for WTLS-1)
- break;
- case 128:
- oid = CURVE_SECG_P128R1;
- // Can't get to curve SECG P-128R2
- break;
- case 131:
- oid = CURVE_SECG_T131R1;
- // Can't get to curve SECG T-131R2
- break;
- case 160:
- oid = CURVE_SECG_P160R1; // == WTLS-7 (TLS-16)
- // Can't get to curve SECG P-160K1 (TLS-15)
- // Can't get to curve SECG P-160R2 (TLS-17)
- // Can't get to curve WTLS-9 (No oid for WTLS-9)
- break;
- case 163:
- oid = CURVE_SECG_T163K1; // == NIST K-163 == WTLS-3 (TLS-1)
- // Can't get to curve ANSI C2-PNB163V1 == WTLS-5
- // Can't get to curve ANSI C2-PNB163V2
- // Can't get to curve ANSI C2-PNB163V3
- // Can't get to curve SECG T-163R1 (TLS-2)
- // Can't get to curve SECG T-163R2 == NIST B-163 (TLS-3)
- break;
- case 176:
- oid = CURVE_ANSI_PNB176V1;
- break;
- case 191:
- oid = CURVE_ANSI_TNB191V1;
- // Can't get to curve ANSI C2-TNB191V2
- // Can't get to curve ANSI C2-TNB191V3
- // Can't get to curve ANSI C2-ONB191V4
- // Can't get to curve ANSI C2-ONB191V5
- break;
- case 192:
- oid = CURVE_ANSI_P192V1; // == NIST P-192 == SECG P-192R1 (TLS-19)
- // Can't get to curve ANSI P-192V2
- // Can't get to curve ANSI P-192V3
- // Can't get to curve SECG P-192K1 (TLS-18)
- break;
- case 193:
- oid = CURVE_SECG_T193R1; // (TLS-4)
- // Can't get to curve SECG T-193R2 // (TLS-5)
- break;
- case 208:
- oid = CURVE_ANSI_PNB208W1;
- break;
- case 224:
- oid = CURVE_SECG_P224R1; // == NIST P-224 == WTLS-12 (TLS-21)
- // Can't get to curve SECG P-224K1 (TLS-20)
- break;
- case 233:
- oid = CURVE_SECG_T233R1; // == NIST B-233 == WTLS-11 (TLS-7)
- // Can't get to curve SECG T-233K1 == NIST K-233 == WTLS-10 (TLS-6)
- break;
- case 239:
- oid = CURVE_SECG_T239K1; // (TLS8)
- // Can't get to curve ANSI P-239V1
- // Can't get to curve ANSI P-239V2
- // Can't get to curve ANSI P-239V3
- // Can't get to curve ANSI C2-TNB239V1
- // Can't get to curve ANSI C2-TNB239V2
- // Can't get to curve ANSI C2-TNB239V3
- // Can't get to curve ANSI C2-ONB239V4
- // Can't get to curve ANSI C2-ONB239V5
- break;
- case 256:
- oid = CURVE_ANSI_P256V1; // == NIST P-256 == SECG P-256R1 (TLS-23)
- // Can't get to curve SECG P-256K1 (TLS-22)
- break;
- case 272:
- oid = CURVE_ANSI_PNB272W1;
- break;
- case 283:
- oid = CURVE_SECG_T283R1; // == NIST B-283 (TLS-10)
- // Can't get to curve SECG T-283K1 == NIST K-283 (TLS-9)
- break;
- case 304:
- oid = CURVE_ANSI_PNB304W1;
- break;
- case 359:
- oid = CURVE_ANSI_TNB359V1;
- break;
- case 368:
- oid = CURVE_ANSI_PNB368W1;
- break;
- case 384:
- oid = CURVE_SECG_P384R1; // == NIST P-384 (TLS-24)
- break;
- case 409:
- oid = CURVE_SECG_T409R1; // == NIST B-409 (TLS-12)
- // Can't get to curve SECG T-409K1 == NIST K-409 (TLS-11)
- break;
- case 431:
- oid = CURVE_ANSI_TNB431R1;
- break;
- case 521:
- oid = CURVE_SECG_P521R1; // == NIST P-521 (TLS-25)
- break;
- case 571:
- oid = CURVE_SECG_T571R1; // == NIST B-571 (TLS-14)
- // Can't get to curve SECG T-571K1 == NIST K-571 (TLS-13)
- break;
- default:
- throw new InvalidParameterException();
- }
- return new PK11ParameterSpec(ASN1Util.encode(oid));
- }
-
///////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////
diff --git a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.c b/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.c
index ed612f39044..26da33db261 100644
--- a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.c
+++ b/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.c
@@ -393,35 +393,18 @@ Java_org_mozilla_jss_pkcs11_PK11KeyWrapper_nativeUnwrapPrivWithSym
keyType = PK11_GetKeyType(keyTypeMech, 0);
/* figure out which operations to enable for this key */
- switch (keyType) {
- case CKK_RSA:
+ if( keyType == CKK_RSA ) {
attribs[0] = CKA_SIGN;
attribs[1] = CKA_DECRYPT;
attribs[2] = CKA_SIGN_RECOVER;
attribs[3] = CKA_UNWRAP;
numAttribs = 4;
- break;
- case CKK_DSA:
+ } else if(keyType == CKK_DSA) {
attribs[0] = CKA_SIGN;
numAttribs = 1;
- break;
- case CKK_KEA:
- case CKK_DH:
- case CKK_X9_42_DH:
- attribs[0] = CKA_DERIVE;
- numAttribs = 1;
- break;
- case CKK_EC:
- attribs[0] = CKA_SIGN;
- attribs[1] = CKA_DERIVE;
- numAttribs = 2;
- break;
- default:
+ } else {
/* unknown key type */
PR_ASSERT(PR_FALSE);
- attribs[0] = CKA_SIGN;
- numAttribs = 1;
- break;
}
/* perform the unwrap */
diff --git a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.java b/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.java
index fbe0246b01c..123e6db5003 100644
--- a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.java
+++ b/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.java
@@ -45,8 +45,6 @@ import org.mozilla.jss.util.Assert;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.interfaces.DSAPublicKey;
-//requires JAVA 1.5
-//import java.security.interfaces.ECPublicKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.RC2ParameterSpec;
@@ -170,8 +168,6 @@ final class PK11KeyWrapper implements KeyWrapper {
try {
KeyType type = KeyType.getKeyTypeFromAlgorithm(algorithm);
if( (type == KeyType.RSA && !(key instanceof RSAPublicKey)) ||
- // requires JAVA 1.5
- // (type == KeyType.EC && !(key instanceof ECPublicKey)) ||
(type == KeyType.DSA && !(key instanceof DSAPublicKey)) ) {
throw new InvalidKeyException("Key is not the right type for "+
"this algorithm");
@@ -437,14 +433,12 @@ final class PK11KeyWrapper implements KeyWrapper {
/**
* Extracts the "public value" from a public key. The public value is
* used to construct the key identifier (CKA_ID). Also, the internal token
- * stores the EC DSA and EC public value along with the private key.
+ * stores the DSA public value along with the private key.
*/
private static byte[]
extractPublicValue(PublicKey publicKey, PrivateKey.Type type)
throws InvalidKeyException
{
- /* this code should call a generic function wich returns the
- * proper public value. */
if( publicKey == null ) {
throw new InvalidKeyException("publicKey is null");
}
@@ -523,14 +517,12 @@ final class PK11KeyWrapper implements KeyWrapper {
private static Algorithm
algFromType(PrivateKey.Type type) {
- if (type == PrivateKey.RSA) {
+ if(type == PrivateKey.RSA) {
return KeyPairAlgorithm.RSAFamily;
- } else if (type == PrivateKey.DSA) {
- return KeyPairAlgorithm.DSAFamily;
} else {
- Assert._assert( type == PrivateKey.EC);
- return KeyPairAlgorithm.ECFamily;
- }
+ Assert._assert(type == PrivateKey.DSA);
+ return KeyPairAlgorithm.DSAFamily;
+ }
}
private static Algorithm
diff --git a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11ParameterSpec.java b/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11ParameterSpec.java
deleted file mode 100644
index 2ffd2c47673..00000000000
--- a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11ParameterSpec.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape Security Services for Java.
- *
- * The Initial Developer of the Original Code is Red Hat, Inc.
- * Portions created by Red Hat are
- * Copyright (C) 2005,2006 Red Hat, Inc. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-package org.mozilla.jss.pkcs11;
-import java.security.spec.AlgorithmParameterSpec;
-
-public final class PK11ParameterSpec implements AlgorithmParameterSpec
-{
- public PK11ParameterSpec(byte [] derBlob)
- {
- blob = derBlob;
- }
-
- public byte [] getEncoded()
- {
- return blob;
- }
- private byte [] blob;
-
-}
diff --git a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PrivKey.c b/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PrivKey.c
index 098184d2e67..e679cd436ba 100644
--- a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PrivKey.c
+++ b/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PrivKey.c
@@ -76,9 +76,6 @@ JSS_PK11_wrapPrivKey(JNIEnv *env, SECKEYPrivateKey **privk)
case dsaKey:
className = "org/mozilla/jss/pkcs11/PK11DSAPrivateKey";
break;
- case ecKey:
- className = "org/mozilla/jss/pkcs11/PK11ECPrivateKey";
- break;
default:
className = "org/mozilla/jss/pkcs11/PK11PrivKey";
break;
@@ -123,8 +120,6 @@ Java_org_mozilla_jss_pkcs11_PK11PrivKey_verifyKeyIsOnToken
SECKEYPrivateKey *key = NULL;
PK11SlotInfo *slot = NULL;
PK11SlotInfo *keySlot = NULL;
- PK11SlotInfo *dbSlot = NULL;
- PK11SlotInfo *cryptoSlot = NULL;
if( JSS_PK11_getPrivKeyPtr(env, this, &key) != PR_SUCCESS) {
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
@@ -137,11 +132,9 @@ Java_org_mozilla_jss_pkcs11_PK11PrivKey_verifyKeyIsOnToken
}
keySlot = PK11_GetSlotFromPrivateKey(key);
- dbSlot = PK11_GetInternalKeySlot();
- if(keySlot == dbSlot) {
- cryptoSlot = PK11_GetInternalSlot();
+ if(keySlot == PK11_GetInternalKeySlot()) {
/* hack for internal module */
- if(slot != keySlot && slot != cryptoSlot) {
+ if(slot != keySlot && slot != PK11_GetInternalSlot()) {
JSS_throwMsg(env, NO_SUCH_ITEM_ON_TOKEN_EXCEPTION,
"Key is not present on this token");
goto finish;
@@ -156,12 +149,6 @@ finish:
if(keySlot != NULL) {
PK11_FreeSlot(keySlot);
}
- if(dbSlot != NULL) {
- PK11_FreeSlot(dbSlot);
- }
- if(cryptoSlot != NULL) {
- PK11_FreeSlot(cryptoSlot);
- }
}
/*
@@ -212,10 +199,6 @@ Java_org_mozilla_jss_pkcs11_PK11PrivKey_getKeyType
break;
case keaKey:
keyTypeFieldName = KEA_KEYTYPE_FIELD;
- break;
- case ecKey:
- keyTypeFieldName = EC_KEYTYPE_FIELD;
- break;
default:
PR_ASSERT(PR_FALSE);
keyTypeFieldName = NULL_KEYTYPE_FIELD;
@@ -463,19 +446,11 @@ JSS_PK11_getKeyType(JNIEnv *env, jobject keyTypeObj)
jfieldID fieldID;
char *fieldNames[] = {
RSA_PRIVKEYTYPE_FIELD,
- DSA_PRIVKEYTYPE_FIELD,
- FORTEZZA_KEYTYPE_FIELD,
- DH_KEYTYPE_FIELD,
- KEA_KEYTYPE_FIELD,
- EC_KEYTYPE_FIELD };
- int numTypes = 6;
+ DSA_PRIVKEYTYPE_FIELD };
+ int numTypes = 2;
KeyType keyTypes[] = {
rsaKey,
- dsaKey,
- fortezzaKey,
- dhKey,
- keaKey,
- ecKey };
+ dsaKey };
jobject field;
int i;
diff --git a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PrivKey.java b/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PrivKey.java
index 44f9bc0fbdf..6900b32a1e1 100644
--- a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PrivKey.java
+++ b/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PrivKey.java
@@ -78,12 +78,10 @@ public class PK11PrivKey extends org.mozilla.jss.pkcs11.PK11Key
if( kt == KeyType.RSA ) {
return PrivateKey.Type.RSA;
- } else if (kt == KeyType.DSA) {
- return PrivateKey.Type.DSA;
} else {
- Assert._assert(kt == KeyType.EC);
- return PrivateKey.Type.EC;
- }
+ Assert._assert(kt == KeyType.DSA);
+ return PrivateKey.Type.DSA;
+ }
}
public String getAlgorithm() {
diff --git a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c b/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c
index 269db82176b..c462cdeb848 100644
--- a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c
+++ b/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c
@@ -37,7 +37,6 @@
#include "_jni/org_mozilla_jss_pkcs11_PublicKeyProxy.h"
#include "_jni/org_mozilla_jss_pkcs11_PK11RSAPublicKey.h"
#include "_jni/org_mozilla_jss_pkcs11_PK11DSAPublicKey.h"
-#include "_jni/org_mozilla_jss_pkcs11_PK11ECPublicKey.h"
#include
#include
@@ -107,9 +106,6 @@ JSS_PK11_wrapPubKey(JNIEnv *env, SECKEYPublicKey **pKey)
case dsaKey:
keyClassName = PK11_DSA_PUBKEY_CLASS_NAME;
break;
- case ecKey:
- keyClassName = PK11_EC_PUBKEY_CLASS_NAME;
- break;
default:
keyClassName = PK11PUBKEY_CLASS_NAME;
break;
@@ -262,9 +258,6 @@ Java_org_mozilla_jss_pkcs11_PK11PubKey_getKeyType
case dsaKey:
keyTypeFieldName = DSA_KEYTYPE_FIELD;
break;
- case ecKey:
- keyTypeFieldName = EC_KEYTYPE_FIELD;
- break;
case fortezzaKey:
keyTypeFieldName = FORTEZZA_KEYTYPE_FIELD;
break;
@@ -312,9 +305,7 @@ typedef enum {
DSA_G,
DSA_PUBLIC,
RSA_MODULUS,
- RSA_PUBLIC_EXPONENT,
- EC_CURVE,
- EC_W
+ RSA_PUBLIC_EXPONENT
} PublicKeyField;
static jbyteArray
@@ -411,36 +402,6 @@ Java_org_mozilla_jss_pkcs11_PK11DSAPublicKey_getYByteArray
return get_public_key_info(env, this, DSA_PUBLIC);
}
-/**********************************************************************
- *
- * PK11ECPublicKey.getParamByteArray
- *
- * Returns the curve of this EC Public Key. The format is a DER encoded
- * octet string in a byte array.
- *
- */
-JNIEXPORT jbyteArray JNICALL
-Java_org_mozilla_jss_pkcs11_PK11ECPublicKey_getCurveByteArray
- (JNIEnv *env, jobject this)
-{
- return get_public_key_info(env, this, EC_CURVE);
-}
-
-/**********************************************************************
- *
- * PK11ECPublicKey.getWByteArray
- *
- * Returns the public value (W) of this EC Public Key.
- * The format is a 1 byte to indicate compression followed by points
- * Wx and Wy unsigned and connatonatted.
- *
- */
-JNIEXPORT jbyteArray JNICALL
-Java_org_mozilla_jss_pkcs11_PK11ECPublicKey_getWByteArray
- (JNIEnv *env, jobject this)
-{
- return get_public_key_info(env, this, EC_W);
-}
/**********************************************************************
* g e t _ p u b l i c _ k e y _ i n f o
*
@@ -488,14 +449,6 @@ get_public_key_info
PR_ASSERT(pubk->keyType == rsaKey);
item = &pubk->u.rsa.publicExponent;
break;
- case EC_CURVE:
- PR_ASSERT(pubk->keyType == ecKey);
- item = &pubk->u.ec.DEREncodedParams;
- break;
- case EC_W:
- PR_ASSERT(pubk->keyType == ecKey);
- item = &pubk->u.ec.publicValue;
- break;
default:
PR_ASSERT(PR_FALSE);
break;
diff --git a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.java b/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.java
index 58087cc12fc..77606ab5795 100644
--- a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.java
+++ b/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.java
@@ -70,14 +70,14 @@ public class PK11PubKey extends org.mozilla.jss.pkcs11.PK11Key
* @param rawKey The bytes of the raw key.
* @exception InvalidKeyFormatException If the raw key could not be
* decoded.
- * @deprecated This method works for RSA keys but not DSA or EC keys. Use
+ * @deprecated This method works for RSA keys but not DSA keys. Use
* fromSPKI() instead.
* @see #fromSPKI(byte[])
*/
public static PK11PubKey fromRaw(PrivateKey.Type type, byte[] rawKey)
throws InvalidKeyFormatException
{
- if( type != PrivateKey.Type.RSA ) {
+ if( type == PrivateKey.Type.DSA ) {
throw new InvalidKeyFormatException(
"fromRaw() is broken for DSA keys. Use fromSPKI() instead.");
}
diff --git a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.c b/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.c
index e03b4a65bd9..03f1b1a8376 100644
--- a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.c
+++ b/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.c
@@ -62,14 +62,18 @@
#define ERRX 1
#define KEYTYPE_DSA_STRING "dsa"
#define KEYTYPE_RSA_STRING "rsa"
-#define KEYTYPE_EC_STRING "ec"
+#define KEYTYPE_DSA 1
+#define KEYTYPE_RSA 2
static CERTCertificateRequest* make_cert_request(JNIEnv *env,
const char *subject, SECKEYPublicKey *pubk);
-
-void GenerateCertRequest(JNIEnv *env, SECOidTag ktype, const char *subject,
- PK11SlotInfo *slot, unsigned char **b64request,
- void *params);
+void GenerateCertRequest(JNIEnv *env, unsigned int ktype, const char *subject,
+ int keysize, PK11SlotInfo *slot,
+ unsigned char **b64request, PQGParams *dsaParams);
+static SECStatus GenerateKeyPair(JNIEnv *env, unsigned int ktype,
+ PK11SlotInfo *slot,
+ SECKEYPublicKey **pubk,
+ SECKEYPrivateKey **privk, int keysize, PQGParams *dsaParams);
/* these values are taken from PK11KeyPairGenerator.java */
#define DEFAULT_RSA_KEY_SIZE 2048
@@ -912,9 +916,7 @@ Java_org_mozilla_jss_pkcs11_PK11Token_doesAlgorithm
PR_ASSERT(slot != NULL);
mech = JSS_getPK11MechFromAlg(env, alg);
-
- /* not an assertion, some algorithms don't have Mechanism yet */
- /*PR_ASSERT( mech != CKM_INVALID_MECHANISM ); */
+ PR_ASSERT( mech != CKM_INVALID_MECHANISM );
if( PK11_DoesMechanism(slot, mech) == PR_TRUE) {
doesMech = JNI_TRUE;
@@ -969,25 +971,21 @@ JNIEXPORT jstring JNICALL Java_org_mozilla_jss_pkcs11_PK11Token_generatePK10
PQGParams *dsaParams=NULL;
const char* c_keyType;
jboolean k_isCopy;
- SECOidTag signType = SEC_OID_UNKNOWN;
- PK11RSAGenParams rsaParams;
- void *params = NULL;
+ unsigned int ktype = 0;
PR_ASSERT(env!=NULL && this!=NULL);
/* get keytype */
c_keyType = (*env)->GetStringUTFChars(env, keyType, &k_isCopy);
- if (0 == PL_strcasecmp(c_keyType, KEYTYPE_RSA_STRING)) {
- signType = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;
- if( keysize == -1 ) {
- rsaParams.keySizeInBits = DEFAULT_RSA_KEY_SIZE;
- } else {
- rsaParams.keySizeInBits = keysize;
- }
- rsaParams.pe = DEFAULT_RSA_PUBLIC_EXPONENT;
- params = (void *)&rsaParams;
- } else if (0 == PL_strcasecmp(c_keyType, KEYTYPE_DSA_STRING)) {
- signType = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
+ if (0 == PL_strcasecmp(c_keyType, KEYTYPE_DSA_STRING)) {
+ ktype = KEYTYPE_DSA;
+ } else if (0 == PL_strcasecmp(c_keyType, KEYTYPE_RSA_STRING)) {
+ ktype = KEYTYPE_RSA;
+ } else {
+ JSS_throw(env, INVALID_PARAMETER_EXCEPTION);
+ }
+
+ if (ktype == KEYTYPE_DSA) {
if (P==NULL || Q==NULL || G ==NULL) {
/* shouldn't happen */
JSS_throw(env, INVALID_PARAMETER_EXCEPTION);
@@ -1001,23 +999,18 @@ JNIEXPORT jstring JNICALL Java_org_mozilla_jss_pkcs11_PK11Token_generatePK10
if( JSS_ByteArrayToOctetString(env, P, &p) ||
JSS_ByteArrayToOctetString(env, Q, &q) ||
JSS_ByteArrayToOctetString(env, G, &g) )
- {
- PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
- goto finish;
- }
+ {
+ PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
+ goto finish;
+ }
dsaParams = PK11_PQG_NewParams(&p, &q, &g);
if(dsaParams == NULL) {
JSS_throw(env, OUT_OF_MEMORY_ERROR);
goto finish;
}
+
}
- params = (void *)dsaParams;
- } else if (0 == PL_strcasecmp(c_keyType, KEYTYPE_EC_STRING)) {
- signType = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST;
- /* get ec param */
- } else {
- JSS_throw(env, INVALID_PARAMETER_EXCEPTION);
- }
+ } /* end ktype == KEYTYPE_DSA */
if( JSS_PK11_getTokenSlotPtr(env, this, &slot) != PR_SUCCESS) {
PR_ASSERT( (*env)->ExceptionOccurred(env) != NULL);
@@ -1034,8 +1027,11 @@ JNIEXPORT jstring JNICALL Java_org_mozilla_jss_pkcs11_PK11Token_generatePK10
/* get subject */
c_subject = (*env)->GetStringUTFChars(env, subject, &isCopy);
+ /* get keysize */
+
/* call GenerateCertRequest() */
- GenerateCertRequest(env, signType, c_subject, slot, &b64request, params);
+ GenerateCertRequest(env, ktype, c_subject, (int) keysize, slot, &b64request,
+ dsaParams);
finish:
if (isCopy == JNI_TRUE) {
@@ -1048,7 +1044,7 @@ finish:
(*env)->ReleaseStringUTFChars(env, keyType, c_keyType);
}
- if (signType == SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) {
+ if (ktype == KEYTYPE_DSA) {
SECITEM_FreeItem(&p, PR_FALSE);
SECITEM_FreeItem(&q, PR_FALSE);
SECITEM_FreeItem(&g, PR_FALSE);
@@ -1069,10 +1065,10 @@ finish:
*/
void
GenerateCertRequest(JNIEnv *env,
- SECOidTag signType, const char *subject,
+ unsigned int ktype, const char *subject, int keysize,
PK11SlotInfo *slot,
- unsigned char **b64request,
- void *params) {
+ unsigned char **b64request,
+ PQGParams *dsaParams) {
CERTCertificateRequest *req;
@@ -1082,28 +1078,14 @@ GenerateCertRequest(JNIEnv *env,
PRArenaPool *arena;
SECItem result_der, result;
SECItem *blob;
- CK_MECHANISM_TYPE signMech;
- CK_MECHANISM_TYPE keygenMech;
#ifdef DEBUG
- printf("in GenerateCertRequest(), subject=%s, ",
- subject);
+ printf("in GenerateCertRequest(), subject=%s, keysize = %d",
+ subject, keysize);
#endif
- /*
- * Use the tables to reduce the code of adding new
- * types of keys.
- */
- signMech = PK11_AlgtagToMechanism(signType);
- if (signMech == CKM_INVALID_MECHANISM) {
-#ifdef DEBUG
- printf("Error getting KEYGEN Mechanism.");
-#endif
- }
- keygenMech = PK11_GetKeyGen(signMech);
-
- if( JSS_PK11_generateKeyPair(env, keygenMech, slot, &pubk, &privk,
- params, PR_FALSE, -1, -1) != SECSuccess) {
+ if( GenerateKeyPair(env, ktype, slot, &pubk, &privk, keysize,
+ dsaParams) != SECSuccess) {
#ifdef DEBUG
printf("Error generating keypair.");
#endif
@@ -1139,7 +1121,8 @@ GenerateCertRequest(JNIEnv *env,
}
rv = SEC_DerSignData(arena, &result, result_der.data, result_der.len,
- privk, signType);
+ privk,
+ (ktype==KEYTYPE_RSA)? SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST);
if (rv) {
JSS_nativeThrowMsg(env, TOKEN_EXCEPTION,
"signing of data failed");
@@ -1194,3 +1177,87 @@ make_cert_request(JNIEnv *env, const char *subject, SECKEYPublicKey *pubk)
return req;
}
+
+
+/******************************************************************
+ *
+ * G e n e r a t e K e y P a i r
+ */
+static SECStatus
+GenerateKeyPair(JNIEnv *env, unsigned int ktype, PK11SlotInfo *slot, SECKEYPublicKey **pubk,
+ SECKEYPrivateKey **privk, int keysize, PQGParams *dsaParams)
+{
+
+ PK11RSAGenParams rsaParams;
+
+ if (ktype == KEYTYPE_RSA) {
+ if( keysize == -1 ) {
+ rsaParams.keySizeInBits = DEFAULT_RSA_KEY_SIZE;
+ } else {
+ rsaParams.keySizeInBits = keysize;
+ }
+ rsaParams.pe = DEFAULT_RSA_PUBLIC_EXPONENT;
+ }
+ if(PK11_Authenticate( slot, PR_FALSE /*loadCerts*/, NULL /*wincx*/)
+ != SECSuccess) {
+ JSS_nativeThrowMsg(env, TOKEN_EXCEPTION,
+ "failure authenticating to key database");
+ return SECFailure;
+ }
+
+ if(PK11_NeedUserInit(slot)) {
+ JSS_nativeThrowMsg(env, TOKEN_EXCEPTION,
+ "token not initialized with password");
+ return SECFailure;
+ }
+
+#ifdef DEBUG
+ printf("key type == %d", ktype);
+#endif
+ if (ktype == KEYTYPE_RSA) {
+ *privk = PK11_GenerateKeyPair (slot,
+ CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaParams,
+ pubk, PR_TRUE /*isPerm*/, PR_TRUE /*isSensitive*/, NULL);
+ } else { /* dsa */
+ *privk = PK11_GenerateKeyPair (slot,
+ CKM_DSA_KEY_PAIR_GEN, (void *)dsaParams,
+ pubk, PR_TRUE /*isPerm*/, PR_TRUE /*isSensitive*/, NULL);
+ }
+ if( *privk == NULL ) {
+ int errLength;
+ char *errBuf;
+ char *msgBuf;
+
+ errLength = PR_GetErrorTextLength();
+ if(errLength > 0) {
+ errBuf = PR_Malloc(errLength);
+ if(errBuf == NULL) {
+ JSS_throw(env, OUT_OF_MEMORY_ERROR);
+ return SECFailure;
+ }
+ PR_GetErrorText(errBuf);
+ }
+ msgBuf = PR_smprintf("Keypair Generation failed on token: %s",
+ errLength>0? errBuf : "");
+ if(errLength>0) {
+ PR_Free(errBuf);
+ }
+
+ JSS_throwMsg(env, TOKEN_EXCEPTION, msgBuf);
+ PR_Free(msgBuf);
+ return SECFailure;
+ }
+
+
+ if (*privk != NULL && *pubk != NULL) {
+#ifdef DEBUG
+ printf("generated public/private key pair\n");
+#endif
+ } else {
+ JSS_nativeThrowMsg(env, TOKEN_EXCEPTION,
+ "failure generating key pair");
+ return SECFailure;
+ }
+
+ return SECSuccess;
+}
diff --git a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.java b/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.java
index 9d14b67699f..e932a90519e 100644
--- a/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.java
+++ b/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.java
@@ -48,7 +48,7 @@ import java.security.InvalidParameterException;
* CryptoManager class.
*
* @author nicolson
- * @version $Revision: 1.8 $ $Date: 2006-02-10 22:06:12 $
+ * @version $Revision: 1.9 $ $Date: 2006-02-14 23:52:54 $
* @see org.mozilla.jss.CryptoManager
*/
public final class PK11Token implements CryptoToken {
@@ -449,9 +449,9 @@ public final class PK11Token implements CryptoToken {
* @param subject subject dn of the certificate
* @param keysize size of the key
* @param keyType "rsa" or "dsa"
- * @param P The DSA prime parameter
- * @param Q The DSA sub-prime parameter
- * @param G The DSA base parameter
+ * @param P The DSA prime parameter
+ * @param Q The DSA sub-prime parameter
+ * @param G The DSA base parameter
* @return String that represents a PKCS#10 b64 encoded blob with
* begin/end brackets
*/
diff --git a/mozilla/security/jss/org/mozilla/jss/pkcs11/pk11util.h b/mozilla/security/jss/org/mozilla/jss/pkcs11/pk11util.h
index a954e06442b..48f43eadec6 100644
--- a/mozilla/security/jss/org/mozilla/jss/pkcs11/pk11util.h
+++ b/mozilla/security/jss/org/mozilla/jss/pkcs11/pk11util.h
@@ -127,35 +127,7 @@ JSS_PK11_wrapSymKey(JNIEnv *env, PK11SymKey **symKey);
KeyType
JSS_PK11_getKeyType(JNIEnv *env, jobject keyTypeObj);
-/***********************************************************************
- * JSS_PK11_generateKeyPair
- *
- * Create a new key pair based on the passed in mechanism and parameters
- *
- * INPUTS
- * mechanism
- * A PKCS#11 KeyPair Mechanism
- * slot
- * Slot to generate the keypair in.
- * pubk
- * returned public key
- * privk
- * returned private key key
- * param
- * PKCS #11 mechanism parameters
- * temporary
- * boolean to say if the key is temporary or permanent
- * sensitive
- * int to say if the key should be sensitive or not (-1 is default)
- * extractable
- * int to say if the key should be extractable or not (-1 is default)
- * RETURNS
- * The SECStatus, SECSuccess of success, SECFailure on failure
- */
-SECStatus
-JSS_PK11_generateKeyPair(JNIEnv *env, CK_MECHANISM_TYPE mechanism,
- PK11SlotInfo *slot, SECKEYPublicKey **pubk, SECKEYPrivateKey **privK,
- void *params, PRBool temporary, jint senstive, jint extractable);
+
/*=====================================================================
C E R T I F I C A T E S
diff --git a/mozilla/security/jss/org/mozilla/jss/provider/java/security/JSSKeyPairGeneratorSpi.java b/mozilla/security/jss/org/mozilla/jss/provider/java/security/JSSKeyPairGeneratorSpi.java
index 1284c672553..263317e0c82 100644
--- a/mozilla/security/jss/org/mozilla/jss/provider/java/security/JSSKeyPairGeneratorSpi.java
+++ b/mozilla/security/jss/org/mozilla/jss/provider/java/security/JSSKeyPairGeneratorSpi.java
@@ -78,7 +78,7 @@ class JSSKeyPairGeneratorSpi
kpg.initialize(keysize, random);
}
- public KeyPair generateKeyPair() {
+ public KeyPair generateKeyPair() {
try {
return kpg.genKeyPair();
} catch(TokenException e) {
@@ -96,9 +96,4 @@ class JSSKeyPairGeneratorSpi
super(KeyPairAlgorithm.DSA);
}
}
- public static class EC extends JSSKeyPairGeneratorSpi {
- public EC() {
- super(KeyPairAlgorithm.EC);
- }
- }
}
diff --git a/mozilla/security/jss/org/mozilla/jss/provider/java/security/JSSSignatureSpi.java b/mozilla/security/jss/org/mozilla/jss/provider/java/security/JSSSignatureSpi.java
index 83732dc009f..d98a669c4ab 100644
--- a/mozilla/security/jss/org/mozilla/jss/provider/java/security/JSSSignatureSpi.java
+++ b/mozilla/security/jss/org/mozilla/jss/provider/java/security/JSSSignatureSpi.java
@@ -204,26 +204,6 @@ class JSSSignatureSpi extends java.security.SignatureSpi {
super(SignatureAlgorithm.DSASignatureWithSHA1Digest);
}
}
- public static class SHA1EC extends JSSSignatureSpi {
- public SHA1EC() {
- super(SignatureAlgorithm.ECSignatureWithSHA1Digest);
- }
- }
- public static class SHA256EC extends JSSSignatureSpi {
- public SHA256EC() {
- super(SignatureAlgorithm.ECSignatureWithSHA256Digest);
- }
- }
- public static class SHA384EC extends JSSSignatureSpi {
- public SHA384EC() {
- super(SignatureAlgorithm.ECSignatureWithSHA384Digest);
- }
- }
- public static class SHA512EC extends JSSSignatureSpi {
- public SHA512EC() {
- super(SignatureAlgorithm.ECSignatureWithSHA512Digest);
- }
- }
public static class MD2RSA extends JSSSignatureSpi {
public MD2RSA() {
super(SignatureAlgorithm.RSASignatureWithMD2Digest);
diff --git a/mozilla/security/jss/org/mozilla/jss/provider/java/security/KeyFactorySpi1_2.java b/mozilla/security/jss/org/mozilla/jss/provider/java/security/KeyFactorySpi1_2.java
index 4ecea565796..4fcec99710e 100644
--- a/mozilla/security/jss/org/mozilla/jss/provider/java/security/KeyFactorySpi1_2.java
+++ b/mozilla/security/jss/org/mozilla/jss/provider/java/security/KeyFactorySpi1_2.java
@@ -71,9 +71,10 @@ public class KeyFactorySpi1_2 extends java.security.KeyFactorySpi
return PK11PubKey.fromRaw( PrivateKey.RSA, ASN1Util.encode(seq) );
} else if( keySpec instanceof DSAPublicKeySpec ) {
// We need to import both the public value and the PQG parameters.
- // The only way to get all that information in DER is to send
- // a full SubjectPublicKeyInfo. So we encode all the information
- // into an SPKI.
+ // The only way to get all that information to NSS is through
+ // a SubjectPublicKeyInfo. So we encode all the information
+ // into an SPKI and then throw that down to NSS.
+ // This operation is very computationally expensive and wasteful.
DSAPublicKeySpec spec = (DSAPublicKeySpec) keySpec;
@@ -94,41 +95,6 @@ public class KeyFactorySpi1_2 extends java.security.KeyFactorySpi
algID, new BIT_STRING(encodedPublicValue, 0) );
return PK11PubKey.fromSPKI( ASN1Util.encode(spki) );
- //
- // requires JAVA 1.5
- //
- //} else if( keySpec instanceof ECPublicKeySpec ) {
- // // We need to import both the public value and the curve.
- // // The only way to get all that information in DER is to send
- // // a full SubjectPublicKeyInfo. So we encode all the information
- // // into an SPKI.
- //
- // ECPublicKeySpec spec = (ECPublicKeySpec) keySpec;
- // AlgorithmParameters algParams = getInstance("ECParameters");
- //
- // algParameters.init(spec.getECParameters());
- // OBJECT_IDENTIFIER oid = null;
- // try {
- // oid = SignatureAlgorithm.ECSignature.toOID();
- // } catch(NoSuchAlgorithmException ex ) {
- // Assert.notReached("no such algorithm as DSA?");
- // }
- // AlgorithmIdentifier algID =
- // new AlgorithmIdentifier(oid, ecParams.getParams() );
- // INTEGER publicValueX = new INTEGER(spec.getW().getAffineX());
- // INTEGER publicValueY = new INTEGER(spec.getW().getAffineY());
- // byte[] encodedPublicValue;
- // encodedPublicValue[0] = EC_UNCOMPRESSED_POINT;
- // encodedPublicValue += spec.getW().getAffineX().toByteArray();
- // encodedPublicValue += spec.getW().getAffineY().toByteArray();
- //
- // byte[] encodedPublicValue = ASN1Util.encode(publicValue);
- // SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo(
- // algID, new BIT_STRING(encodedPublicValue, 0) );
- //
- // return PK11PubKey.fromSPKI( ASN1Util.encode(spki) );
- //
- // use the following for EC keys in 1.4.2
} else if( keySpec instanceof X509EncodedKeySpec ) {
//
// SubjectPublicKeyInfo
diff --git a/mozilla/security/jss/org/mozilla/jss/tests/JCASigTest.java b/mozilla/security/jss/org/mozilla/jss/tests/JCASigTest.java
index 667e8669ba0..65f686a3e0b 100644
--- a/mozilla/security/jss/org/mozilla/jss/tests/JCASigTest.java
+++ b/mozilla/security/jss/org/mozilla/jss/tests/JCASigTest.java
@@ -140,25 +140,6 @@ public class JCASigTest {
sigTest("SHA-384/RSA", keyPair);
sigTest("SHA-512/RSA", keyPair);
- kpgen = KeyPairGenerator.getInstance("EC");
- kpgen.initialize(256);
- keyPair = kpgen.generateKeyPair();
- provider = kpgen.getProvider();
-
- System.out.println("The provider used to Generate the Keys was "
- + provider.getName() );
- System.out.println("provider info " + provider.getInfo() );
-
- if (provider.getName().equalsIgnoreCase("Mozilla-JSS") == false) {
- System.out.println("Mozilla-JSS is supposed to be the " +
- "default provider for JCASigTest");
- System.exit(1);
- }
- sigTest("SHA-1/EC", keyPair);
- sigTest("SHA-256/EC", keyPair);
- sigTest("SHA-384/EC", keyPair);
- sigTest("SHA-512/EC", keyPair);
-
} catch ( Exception e ) {
e.printStackTrace();
System.exit(1);
diff --git a/mozilla/security/jss/org/mozilla/jss/tests/Makefile b/mozilla/security/jss/org/mozilla/jss/tests/Makefile
deleted file mode 100644
index 87fbc0f22b9..00000000000
--- a/mozilla/security/jss/org/mozilla/jss/tests/Makefile
+++ /dev/null
@@ -1,85 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape Security Services for Java.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1998-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-dist_dir:
- @echo $(SOURCE_XP_DIR)
-
-obj_dir:
- @echo $(DIST)
-
-platform_name:
- @echo $(PLATFORM)
-
-
-
diff --git a/mozilla/security/jss/org/mozilla/jss/tests/TestKeyGen.java b/mozilla/security/jss/org/mozilla/jss/tests/TestKeyGen.java
index c92dca50696..fe0f254fecf 100644
--- a/mozilla/security/jss/org/mozilla/jss/tests/TestKeyGen.java
+++ b/mozilla/security/jss/org/mozilla/jss/tests/TestKeyGen.java
@@ -210,20 +210,6 @@ public class TestKeyGen {
}
}
- // 256-bit EC
- kpg = java.security.KeyPairGenerator.getInstance("EC", "Mozilla-JSS");
- kpg.initialize(256);
- keyPair = kpg.genKeyPair();
- System.out.println("Generated 256-bit EC KeyPair!");
-
- kpg.initialize(384);
- keyPair = kpg.genKeyPair();
- System.out.println("Generated 384-bit EC KeyPair!");
-
- kpg.initialize(521);
- keyPair = kpg.genKeyPair();
- System.out.println("Generated 521-bit EC KeyPair!");
-
System.out.println("TestKeyGen passed");
System.exit(0);
} catch (Exception e) {
diff --git a/mozilla/security/jss/org/mozilla/jss/tests/all.pl b/mozilla/security/jss/org/mozilla/jss/tests/all.pl
index c1151bed655..c05a6885066 100644
--- a/mozilla/security/jss/org/mozilla/jss/tests/all.pl
+++ b/mozilla/security/jss/org/mozilla/jss/tests/all.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
@@ -39,14 +39,12 @@ my $java;
# dist
# release
-# auto (test the current build directory)
sub usage {
print "Usage:\n";
print "$0 dist \n";
print "$0 release "
. "\n";
- print "$0 auto\n";
exit(1);
}
@@ -117,24 +115,6 @@ sub setup_vars {
# take the last part (can be overriden if not _.OBJ
$testdir = `basename $testdir`;
chomp $testdir;
- } elsif( $$argv[0] eq "auto" ) {
- my $dist_dir = `make dist_dir`;
- my $obj_dir = `make obj_dir`;
- chomp($dist_dir);
- chomp($obj_dir);
- chomp( $dist_dir = `(cd $dist_dir ; pwd)`);
- chomp( $obj_dir = `(cd $obj_dir ; pwd)`);
-
- $nss_lib_dir = "$obj_dir/lib";
- $jss_rel_dir = "$dist_dir/classes$dbg_suffix/org";
- $jss_classpath = "$dist_dir/xpclass$jar_dbg_suffix.jar";
-
- $ENV{CLASSPATH} .= "$dist_dir/xpclass$jar_dbg_suffix.jar";
- ( -f $ENV{CLASSPATH} ) or die "$ENV{CLASSPATH} does not exist";
- #$ENV{$ld_lib_path} = $ENV{$ld_lib_path} . $pathsep . "$obj_dir/lib";
- $ENV{$ld_lib_path} = "$obj_dir/lib";
- $testdir = `basename $obj_dir`;
- chomp $testdir;
} elsif( $$argv[0] eq "release" ) {
shift @$argv;
@@ -396,11 +376,11 @@ $result and print "JSSE servers returned $result\n";
#
# Test JSS client communication
#
-#print "============= Start JSS client tests\n";
-#$result = system("$java org.mozilla.jss.tests.JSS_SSLClient $testdir $pwfile $portJSSEServer bypassOff");
-#$result >>=8;
-#$result and print "JSS client returned $result\n";
-#print_case_result ($result,"JSSE server / JSS client");
+print "============= Start JSS client tests\n";
+$result = system("$java org.mozilla.jss.tests.JSS_SSLClient $testdir $pwfile $portJSSEServer bypassOff");
+$result >>=8;
+$result and print "JSS client returned $result\n";
+print_case_result ($result,"JSSE server / JSS client");
$portJSSServer=$portJSSServer+1;
@@ -415,11 +395,11 @@ $result and print "JSS servers returned $result\n";
#
# Test JSSE client communication
#
-#print "============= Start JSSE client tests\n";
-#$result = system("$java org.mozilla.jss.tests.JSSE_SSLClient $testdir $portJSSServer");
-#$result >>=8;
-#$result and print "JSSE client returned $result\n";
-#print_case_result ($result,"JSS server / JSSE client");
+print "============= Start JSSE client tests\n";
+$result = system("$java org.mozilla.jss.tests.JSSE_SSLClient $testdir $portJSSServer");
+$result >>=8;
+$result and print "JSSE client returned $result\n";
+print_case_result ($result,"JSS server / JSSE client");
#
# Test Enable FIPSMODE
diff --git a/mozilla/security/jss/org/mozilla/jss/tests/manifest.mn b/mozilla/security/jss/org/mozilla/jss/tests/manifest.mn
deleted file mode 100644
index c28152fd49f..00000000000
--- a/mozilla/security/jss/org/mozilla/jss/tests/manifest.mn
+++ /dev/null
@@ -1,35 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape Security Services for Java.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1998-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../../../../..
-
diff --git a/mozilla/security/jss/org/mozilla/jss/util/java_ids.h b/mozilla/security/jss/org/mozilla/jss/util/java_ids.h
index d39e1cb8b6e..b8605a191b6 100644
--- a/mozilla/security/jss/org/mozilla/jss/util/java_ids.h
+++ b/mozilla/security/jss/org/mozilla/jss/util/java_ids.h
@@ -108,7 +108,6 @@ PR_BEGIN_EXTERN_C
#define NULL_KEYTYPE_FIELD "NULL"
#define RSA_KEYTYPE_FIELD "RSA"
#define DSA_KEYTYPE_FIELD "DSA"
-#define EC_KEYTYPE_FIELD "EC"
#define FORTEZZA_KEYTYPE_FIELD "FORTEZZA"
#define DH_KEYTYPE_FIELD "DH"
#define KEA_KEYTYPE_FIELD "KEA"
@@ -187,11 +186,6 @@ PR_BEGIN_EXTERN_C
*/
#define PK11_DSA_PUBKEY_CLASS_NAME "org/mozilla/jss/pkcs11/PK11DSAPublicKey"
-/*
- * PK11ECPublicKey
- */
-#define PK11_EC_PUBKEY_CLASS_NAME "org/mozilla/jss/pkcs11/PK11ECPublicKey"
-
/*
* PK11Module
*/
@@ -260,7 +254,6 @@ PR_BEGIN_EXTERN_C
#define PRIVKEYTYPE_SIG "Lorg/mozilla/jss/crypto/PrivateKey$Type;"
#define RSA_PRIVKEYTYPE_FIELD "RSA"
#define DSA_PRIVKEYTYPE_FIELD "DSA"
-#define EC_PRIVKEYTYPE_FIELD "EC"
/*
* PQGParams