reconcile aosp (e79c25bf) after branching. Please do not merge.

Change-Id: I39ab275cd9744ba442fee7db9038107b4603526f

reconcile aosp (e79c25bf) after branching. Please do not merge.
Change-Id: I39ab275cd9744ba442fee7db9038107b4603526f
6e2315fd · Ed Heyl · a2404c99 · 6e2315fd · 6e2315fd · 6e2315fd
Commit 6e2315fd authored 11 years ago by Ed Heyl
3 changed files
--- a/src/main/java/org/conscrypt/NativeCrypto.java
+++ b/src/main/java/org/conscrypt/NativeCrypto.java
@@ -175,7 +175,9 @@ public final class NativeCrypto {

    public static native long EVP_PKEY_new_DH(byte[] p, byte[] g, byte[] pub_key, byte[] priv_key);

-    public static native long DH_generate_key(int primeBits, int generator);
+    public static native long DH_generate_parameters_ex(int primeBits, long generator);
+
+    public static native void DH_generate_key(long pkeyRef);

    /**
     * @return array of {p, g, y(pub), x(priv)}

--- a/src/main/java/org/conscrypt/OpenSSLDHKeyPairGenerator.java
+++ b/src/main/java/org/conscrypt/OpenSSLDHKeyPairGenerator.java
@@ -27,13 +27,28 @@ import javax.crypto.spec.DHParameterSpec;

 public class OpenSSLDHKeyPairGenerator extends KeyPairGeneratorSpi {

+    /** The safe prime to use for the generated DH key pair. */
+    private BigInteger prime;
+
+    /** If {@code prime} is unspecified, this is the size of the generated prime. */
    private int primeBits = 1024;

-    private int generator = 2;
+    private static final BigInteger DEFAULT_GENERATOR = BigInteger.valueOf(2);
+
+    private BigInteger generator = DEFAULT_GENERATOR;

    @Override
    public KeyPair generateKeyPair() {
-        final OpenSSLKey key = new OpenSSLKey(NativeCrypto.DH_generate_key(primeBits, generator));
+        final OpenSSLKey key;
+        if (prime != null) {
+            key = new OpenSSLKey(NativeCrypto.EVP_PKEY_new_DH(prime.toByteArray(),
+                    generator.toByteArray(), null, null));
+        } else {
+            key = new OpenSSLKey(NativeCrypto.DH_generate_parameters_ex(primeBits,
+                    generator.longValue()));
+        }
+
+        NativeCrypto.DH_generate_key(key.getPkeyContext());

        final OpenSSLDHPrivateKey privKey = new OpenSSLDHPrivateKey(key);
        final OpenSSLDHPublicKey pubKey = new OpenSSLDHPublicKey(key);
@@ -43,18 +58,25 @@ public class OpenSSLDHKeyPairGenerator extends KeyPairGeneratorSpi {

    @Override
    public void initialize(int keysize, SecureRandom random) {
+        prime = null;
        primeBits = keysize;
+        generator = DEFAULT_GENERATOR;
    }

    @Override
    public void initialize(AlgorithmParameterSpec params, SecureRandom random)
            throws InvalidAlgorithmParameterException {
+        prime = null;
+        primeBits = 1024;
+        generator = DEFAULT_GENERATOR;
+
        if (params instanceof DHParameterSpec) {
            DHParameterSpec dhParams = (DHParameterSpec) params;

-            BigInteger pInt = dhParams.getP();
-            if (pInt != null) {
-                primeBits = pInt.bitLength();
+            prime = dhParams.getP();
+            BigInteger gen = dhParams.getG();
+            if (gen != null) {
+                generator = gen;
            }
        } else if (params != null) {
            throw new InvalidAlgorithmParameterException("Params must be DHParameterSpec");

--- a/src/main/native/org_conscrypt_NativeCrypto.cpp
+++ b/src/main/native/org_conscrypt_NativeCrypto.cpp
@@ -2003,7 +2003,8 @@ static jlong NativeCrypto_EVP_PKEY_new_DH(JNIEnv* env, jclass,
    }

    if (dh->p == NULL || dh->g == NULL
-            || (dh->pub_key == NULL && dh->priv_key == NULL)) {
+            || (pub_key != NULL && dh->pub_key == NULL)
+            || (priv_key != NULL && dh->priv_key == NULL)) {
        jniThrowRuntimeException(env, "Unable to convert BigInteger to BIGNUM");
        return 0;
    }
@@ -3009,50 +3010,65 @@ static void NativeCrypto_set_DSA_flag_nonce_from_hash(JNIEnv* env, jclass, jlong
    dsa->flags |= DSA_FLAG_NONCE_FROM_HASH;
 }

-static jlong NativeCrypto_DH_generate_key(JNIEnv* env, jclass, jint primeBits, jint generator) {
-    JNI_TRACE("DH_generate_key(%d, %d)", primeBits, generator);
+static jlong NativeCrypto_DH_generate_parameters_ex(JNIEnv* env, jclass, jint primeBits, jlong generator) {
+    JNI_TRACE("DH_generate_parameters_ex(%d, %d)", primeBits, generator);

    Unique_DH dh(DH_new());
    if (dh.get() == NULL) {
-        JNI_TRACE("DH_generate_key failed");
+        JNI_TRACE("DH_generate_parameters_ex failed");
        jniThrowOutOfMemory(env, "Unable to allocate DH key");
        freeOpenSslErrorState();
        return 0;
    }

-    JNI_TRACE("DH_generate_key generating parameters");
+    JNI_TRACE("DH_generate_parameters_ex generating parameters");

    if (!DH_generate_parameters_ex(dh.get(), primeBits, generator, NULL)) {
-        JNI_TRACE("DH_generate_key => param generation failed");
+        JNI_TRACE("DH_generate_parameters_ex => param generation failed");
        throwExceptionIfNecessary(env, "NativeCrypto_DH_generate_parameters_ex failed");
        return 0;
    }

-    if (!DH_generate_key(dh.get())) {
-        JNI_TRACE("DH_generate_key failed");
-        throwExceptionIfNecessary(env, "NativeCrypto_DH_generate_key failed");
-        return 0;
-    }
-
    Unique_EVP_PKEY pkey(EVP_PKEY_new());
    if (pkey.get() == NULL) {
-        JNI_TRACE("DH_generate_key failed");
-        jniThrowRuntimeException(env, "NativeCrypto_DH_generate_key failed");
+        JNI_TRACE("DH_generate_parameters_ex failed");
+        jniThrowRuntimeException(env, "NativeCrypto_DH_generate_parameters_ex failed");
        freeOpenSslErrorState();
        return 0;
    }

    if (EVP_PKEY_assign_DH(pkey.get(), dh.get()) != 1) {
-        JNI_TRACE("DH_generate_key failed");
-        throwExceptionIfNecessary(env, "NativeCrypto_DH_generate_key failed");
+        JNI_TRACE("DH_generate_parameters_ex failed");
+        throwExceptionIfNecessary(env, "NativeCrypto_DH_generate_parameters_ex failed");
        return 0;
    }

    OWNERSHIP_TRANSFERRED(dh);
-    JNI_TRACE("DH_generate_key(n=%d, g=%d) => %p", primeBits, generator, pkey.get());
+    JNI_TRACE("DH_generate_parameters_ex(n=%d, g=%d) => %p", primeBits, generator, pkey.get());
    return reinterpret_cast<uintptr_t>(pkey.release());
 }

+static void NativeCrypto_DH_generate_key(JNIEnv* env, jclass, jlong pkeyRef) {
+    JNI_TRACE("DH_generate_key(%p)", pkeyRef);
+    EVP_PKEY* pkey = reinterpret_cast<EVP_PKEY*>(pkeyRef);
+
+    if (pkey == NULL) {
+        jniThrowNullPointerException(env, "pkey == null");
+    }
+
+    Unique_DH dh(EVP_PKEY_get1_DH(pkey));
+    if (dh.get() == NULL) {
+        JNI_TRACE("DH_generate_key failed");
+        throwExceptionIfNecessary(env, "Unable to get DH key");
+        freeOpenSslErrorState();
+    }
+
+    if (!DH_generate_key(dh.get())) {
+        JNI_TRACE("DH_generate_key failed");
+        throwExceptionIfNecessary(env, "NativeCrypto_DH_generate_key failed");
+    }
+}
+
 static jobjectArray NativeCrypto_get_DH_params(JNIEnv* env, jclass, jlong pkeyRef) {
    EVP_PKEY* pkey = reinterpret_cast<EVP_PKEY*>(pkeyRef);
    JNI_TRACE("get_DH_params(%p)", pkey);
@@ -9526,7 +9542,8 @@ static JNINativeMethod sNativeCryptoMethods[] = {
    NATIVE_METHOD(NativeCrypto, DSA_generate_key, "(I[B[B[B[B)J"),
    NATIVE_METHOD(NativeCrypto, get_DSA_params, "(J)[[B"),
    NATIVE_METHOD(NativeCrypto, set_DSA_flag_nonce_from_hash, "(J)V"),
-    NATIVE_METHOD(NativeCrypto, DH_generate_key, "(II)J"),
+    NATIVE_METHOD(NativeCrypto, DH_generate_parameters_ex, "(IJ)J"),
+    NATIVE_METHOD(NativeCrypto, DH_generate_key, "(J)V"),
    NATIVE_METHOD(NativeCrypto, get_DH_params, "(J)[[B"),
    NATIVE_METHOD(NativeCrypto, EC_GROUP_new_by_curve_name, "(Ljava/lang/String;)J"),
    NATIVE_METHOD(NativeCrypto, EC_GROUP_new_curve, "(I[B[B[B)J"),