Added oaep jss test

cmake/FindNSPR.cmake

@@ -27,6 +27,7 @@ if (SANDBOX)
   # Directly set the NSS include and library directories
   set(NSPR_INCLUDE_DIRS "${DIST_DIR}/${LATEST_BUILD}/include/nspr")
   set(NSPR_LIBRARIES "${DIST_DIR}/${LATEST_BUILD}/lib")
+  list(APPEND JSS_LD_FLAGS "-L${DIST_DIR}/${LATEST_BUILD}/lib")
   list(APPEND JSS_LD_FLAGS "-Wl,-rpath,${DIST_DIR}/${LATEST_BUILD}/lib")
 elseif (NSPR_LIBRARIES AND NSPR_INCLUDE_DIRS)
   # in cache already

cmake/FindNSS.cmake

@@ -27,6 +27,7 @@ if (SANDBOX)
   # Directly set the NSS include and library directories
   set(NSS_INCLUDE_DIRS "${DIST_DIR}/public/nss")
   set(NSS_LIBRARIES "${DIST_DIR}/${LATEST_BUILD}/lib")
+  list(APPEND JSS_LD_FLAGS "-L${DIST_DIR}/${LATEST_BUILD}/lib")
   list(APPEND JSS_LD_FLAGS "-Wl,-rpath,${DIST_DIR}/${LATEST_BUILD}/lib")
 elseif (NSS_LIBRARIES AND NSS_INCLUDE_DIRS)
   # in cache already

cmake/JSSConfig.cmake

@@ -134,6 +134,7 @@ macro(jss_config_cflags)
     list(APPEND JSS_RAW_C_FLAGS "-Wno-cast-function-type")
     list(APPEND JSS_RAW_C_FLAGS "-Wno-unused-parameter")
     list(APPEND JSS_RAW_C_FLAGS "-Wno-unknown-warning-option")
+    list(APPEND JSS_RAW_C_FLAGS "-Wno-unused-but-set-variable")
     list(APPEND JSS_RAW_C_FLAGS "-Werror-implicit-function-declaration")
     list(APPEND JSS_RAW_C_FLAGS "-Wno-switch")
     list(APPEND JSS_RAW_C_FLAGS "-I${INCLUDE_OUTPUT_DIR}")
@@ -399,9 +400,25 @@ macro(jss_config_symbols)
         message(WARNING "Your NSS version doesn't support NIST SP800-108 KBKDF; some features of JSS won't work.")
     endif()
 
+    try_compile(CK_HAVE_COMPILING_OAEP
+                ${CMAKE_BINARY_DIR}/results
+                ${CMAKE_SOURCE_DIR}/tools/tests/oaep.c
+                CMAKE_FLAGS
+                    "-DINCLUDE_DIRECTORIES=${CMAKE_REQUIRED_INCLUDES}"
+                    "-DREQUIRED_FLAGS=${CMAKE_REQUIRED_FLAGS}"
+                LINK_OPTIONS ${JSS_LD_FLAGS}
+                OUTPUT_VARIABLE COMP_OUT)
+    if (CK_HAVE_COMPILING_OAEP)
+        set(HAVE_NSS_OAEP TRUE)
+    else()
+        message(WARNING "Your NSS version doesn't support RSA-OAEP key wra/unwrap; some features of JSS won't work.")
+        message(WARNING "Compile output: ${COMP_OUT}")
+    endif()
+
+
     if(HAVE_NSS_CMAC)
-        try_run(CK_HAVE_WORKING_NSS
-                CK_HAVE_COMPILING_NSS
+        try_run(CK_HAVE_WORKING_CMAC
+                CK_HAVE_COMPILING_CMAC
                 ${CMAKE_BINARY_DIR}/results
                 ${CMAKE_SOURCE_DIR}/tools/tests/cmac.c
                 CMAKE_FLAGS
@@ -410,10 +427,12 @@ macro(jss_config_symbols)
                 COMPILE_OUTPUT_VARIABLE COMP_OUT
                 RUN_OUTPUT_VARIABLE RUN_OUT)
 
-        if (NOT CK_HAVE_WORKING_NSS STREQUAL "0" OR NOT CK_HAVE_COMPILING_NSS)
+        if (NOT CK_HAVE_WORKING_CMAC STREQUAL "0" OR NOT CK_HAVE_COMPILING_CMAC)
             set(HAVE_NSS_CMAC FALSE)
             set(HAVE_NSS_KBKDF FALSE)
             message(WARNING "Your NSS version is broken: between NSS v3.47 and v3.50, the values of CKM_AES_CMAC and CKM_AES_CMAC_GENERAL were swapped. Disabling CMAC and KBKDF support.")
+            message(WARNING "Compile output: ${COMP_OUT}")
+            message(WARNING "Run output: ${RUN_OUT}")
         endif()
     endif()
 

cmake/JSSTests.cmake

@@ -210,6 +210,29 @@ macro(jss_tests)
         COMMAND "org.mozilla.jss.tests.JCAKeyWrap" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}"
         DEPENDS "Setup_DBs"
     )
+    if(HAVE_NSS_OAEP)
+        jss_test_java(
+            NAME "JSS-KeyWrapping"
+            COMMAND "org.mozilla.jss.tests.KeyWrapping" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}"
+            DEPENDS "Setup_DBs"
+        )
+    endif()
+    jss_test_exec(
+        NAME "Setup_Bouncy_Castle_Jar"
+        COMMAND "wget" "https://www.bouncycastle.org/download/bcprov-jdk15on-167.jar" "-P" "/tmp/"
+    )
+    jss_test_exec(
+	NAME "Compile_RSAOAEPSHA2_with_BC_classpath"
+        COMMAND "javac" "-classpath" "/tmp/bcprov-jdk15on-167.jar:./" "${JSS_TEST_DIR}/VerifyRSAOAEPSHA2.java"
+	DEPENDS "Setup_Bouncy_Castle_Jar"
+    )
+    if(HAVE_NSS_OAEP)
+        jss_test_java(
+	    NAME "JSS-OAEP-Vector-Test"
+            COMMAND "org.mozilla.jss.tests.VerifyRSAOAEPSHA2"
+            DEPENDS "Setup_Bouncy_Castle_Jar"
+        )
+    endif()
     jss_test_java(
         NAME "Mozilla_JSS_JCA_Signature"
         COMMAND "org.mozilla.jss.tests.JCASigTest" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}"

lib/jss.map

@@ -499,3 +499,10 @@ Java_org_mozilla_jss_nss_SSLErrors_getBadCertDomain;
     local:
         *;
 };
+JSS_4.8.0 {
+    global:
+Java_org_mozilla_jss_crypto_JSSOAEPParameterSpec_acquireNativeResources;
+Java_org_mozilla_jss_crypto_JSSOAEPParameterSpec_releaseNativeResources;
+    local:
+        *;
+};

org/mozilla/jss/crypto/Algorithm.c

@@ -129,6 +129,7 @@ JSS_AlgInfo JSS_AlgTable[NUM_ALGS] = {
 /* 76 */    {CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA, PK11_MECH},
 /* 77 */    {CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA, PK11_MECH},
 /* 78 */    {SEC_OID_PKCS1_RSA_PSS_SIGNATURE, SEC_OID_TAG},
+/* 79 */    {CKM_RSA_PKCS_OAEP, PK11_MECH},
 
 /* REMEMBER TO UPDATE NUM_ALGS!!! (in Algorithm.h) */
 };

org/mozilla/jss/crypto/Algorithm.h

@@ -24,7 +24,7 @@ typedef struct JSS_AlgInfoStr {
     JSS_AlgType type;
 } JSS_AlgInfo;
 
-#define NUM_ALGS 79
+#define NUM_ALGS 80
 
 extern JSS_AlgInfo JSS_AlgTable[];
 extern CK_ULONG JSS_symkeyUsage[];

org/mozilla/jss/crypto/Algorithm.java

@@ -257,5 +257,8 @@ public PKCS11Algorithm getEnum() {
     protected static final int CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA=77;
 
     // RSA-PSS
-    protected static final short SEC_OID_PKCS1_RSA_PSS_SIGNATURE = 78;
+    protected static final int SEC_OID_PKCS1_RSA_PSS_SIGNATURE = 78;
+
+    // RSA-OAEP
+    protected static final int CKM_RSA_PKCS_OAEP = 79;
 }

org/mozilla/jss/crypto/JSSOAEPParameterSpec.c

@@ -0,0 +1,151 @@
+#include <nss.h>
+#include <pk11pub.h>
+#include <pkcs11n.h>
+#include <pkcs11t.h>
+#include <jni.h>
+
+#include "_jni/org_mozilla_jss_crypto_JSSOAEPParameterSpec.h"
+
+#include "jssutil.h"
+#include "java_ids.h"
+#include "jss_exceptions.h"
+#include "pk11util.h"
+
+#include "NativeEnclosure.h"
+#include "StaticVoidPointer.h"
+
+PRStatus
+oaep_GetHashAlg(JNIEnv *env, jobject this, jclass this_class, CK_MECHANISM_TYPE *ret)
+{
+    jfieldID field_id = NULL;
+
+    field_id = (*env)->GetFieldID(env, this_class, "hashAlg", "J");
+    if (field_id == NULL) {
+        return PR_FAILURE;
+    }
+
+    *ret = (*env)->GetLongField(env, this, field_id);
+    return PR_SUCCESS;
+}
+
+PRStatus
+oaep_GetMGFType(JNIEnv *env, jobject this, jclass this_class, CK_RSA_PKCS_MGF_TYPE *ret)
+{
+    jfieldID field_id = NULL;
+
+    field_id = (*env)->GetFieldID(env, this_class, "mgf", "J");
+    if (field_id == NULL) {
+        return PR_FAILURE;
+    }
+
+    *ret = (*env)->GetLongField(env, this, field_id);
+    return PR_SUCCESS;
+}
+
+PRStatus
+oaep_GetSpecifiedSourceData(JNIEnv *env, jobject this, jclass this_class, CK_VOID_PTR *ret, CK_ULONG *ret_len)
+{
+    jfieldID field_id = NULL;
+    jbyteArray data = NULL;
+
+    field_id = (*env)->GetFieldID(env, this_class, "sourceData", "[B");
+    if (field_id == NULL) {
+        return PR_FAILURE;
+    }
+
+    data = (*env)->GetObjectField(env, this, field_id);
+    if (data == NULL) {
+        *ret = NULL;
+        *ret_len = 0;
+        return PR_SUCCESS;
+    }
+
+    if (!JSS_FromByteArray(env, data, (uint8_t **)ret, ret_len)) {
+        return PR_FAILURE;
+    }
+
+    return PR_SUCCESS;
+}
+
+JNIEXPORT void JNICALL
+Java_org_mozilla_jss_crypto_JSSOAEPParameterSpec_acquireNativeResources(JNIEnv *env, jobject this)
+{
+    jclass this_class = NULL;
+
+    CK_MECHANISM_TYPE hashAlg;
+    CK_RSA_PKCS_MGF_TYPE mgf;
+    CK_RSA_PKCS_OAEP_SOURCE_TYPE source = CKZ_DATA_SPECIFIED;
+    CK_VOID_PTR pSourceData = NULL;
+    CK_ULONG ulSourceDataLen = 0;
+    CK_RSA_PKCS_OAEP_PARAMS_PTR oaep_params = NULL;
+
+    jobject params_obj;
+
+    this_class = (*env)->GetObjectClass(env, this);
+    if (this_class == NULL) {
+        return;
+    }
+
+    if (oaep_GetHashAlg(env, this, this_class, &hashAlg) != PR_SUCCESS) {
+        goto failure;
+    }
+
+    if (oaep_GetMGFType(env, this, this_class, &mgf) != PR_SUCCESS) {
+        goto failure;
+    }
+
+    if (oaep_GetSpecifiedSourceData(env, this, this_class, &pSourceData, &ulSourceDataLen) != PR_SUCCESS) {
+        goto failure;
+    }
+
+    oaep_params = calloc(1, sizeof(CK_RSA_PKCS_OAEP_PARAMS));
+    oaep_params->hashAlg = hashAlg;
+    oaep_params->mgf = mgf;
+    oaep_params->source = source;
+    oaep_params->pSourceData = pSourceData;
+    oaep_params->ulSourceDataLen = ulSourceDataLen;
+
+    params_obj = JSS_PR_wrapStaticVoidPointer(env, (void **)&oaep_params);
+    if (params_obj == NULL) {
+        goto failure;
+    }
+
+    if (JSS_PR_StoreNativeEnclosure(env, this, params_obj, sizeof(CK_RSA_PKCS_OAEP_PARAMS)) != PR_SUCCESS) {
+        goto failure;
+    }
+
+    return;
+
+failure:
+    free(pSourceData);
+    free(oaep_params);
+}
+
+JNIEXPORT void JNICALL
+Java_org_mozilla_jss_crypto_JSSOAEPParameterSpec_releaseNativeResources(JNIEnv *env, jobject this)
+{
+    jobject ptr_object = NULL;
+
+    CK_RSA_PKCS_OAEP_PARAMS_PTR oaep_params = NULL;
+    jlong params_length;
+
+    PR_ASSERT(env != NULL && this != NULL);
+
+    if (JSS_PR_LoadNativeEnclosure(env, this, &ptr_object, &params_length) != PR_SUCCESS) {
+        return;
+    }
+
+    if (JSS_PR_getStaticVoidRef(env, ptr_object, (void **)&oaep_params) != PR_SUCCESS || oaep_params == NULL) {
+        return;
+    }
+
+    PR_ASSERT(params_length == sizeof(CK_RSA_PKCS_OAEP_PARAMS));
+
+    if (oaep_params->ulSourceDataLen != 0 && oaep_params->pSourceData != NULL) {
+        memset(oaep_params->pSourceData, 0, sizeof(CK_VOID_PTR) * oaep_params->ulSourceDataLen);
+        free(oaep_params->pSourceData);
+    }
+
+    memset(oaep_params, 0, sizeof(CK_RSA_PKCS_OAEP_PARAMS));
+    free(oaep_params);
+}