JNI/JCE: reduce extra WolfCryptRng object creation between Signature and KeyPairGenerator classes
Chris Conlon
parent
5f094107a0
commit
947db4345a
|
|
@ -80,6 +80,9 @@ public class WolfCryptKeyPairGenerator extends KeyPairGeneratorSpi {
|
|||
|
||||
private Rng rng = null;
|
||||
|
||||
/* Lock around Rng access */
|
||||
private final Object rngLock = new Object();
|
||||
|
||||
/* for debug logging */
|
||||
private WolfCryptDebug debug;
|
||||
private String algString;
|
||||
|
|
@ -88,8 +91,8 @@ public class WolfCryptKeyPairGenerator extends KeyPairGeneratorSpi {
|
|||
|
||||
this.type = type;
|
||||
|
||||
rng = new Rng();
|
||||
rng.init();
|
||||
this.rng = new Rng();
|
||||
this.rng.init();
|
||||
|
||||
if (debug.DEBUG)
|
||||
algString = typeToString(type);
|
||||
|
|
@ -232,7 +235,10 @@ public class WolfCryptKeyPairGenerator extends KeyPairGeneratorSpi {
|
|||
Rsa rsa = new Rsa();
|
||||
|
||||
try {
|
||||
rsa.makeKey(this.keysize, this.publicExponent, rng);
|
||||
synchronized (rngLock) {
|
||||
rsa.makeKey(this.keysize, this.publicExponent,
|
||||
this.rng);
|
||||
}
|
||||
|
||||
/* private key */
|
||||
privDer = rsa.privateKeyEncodePKCS8();
|
||||
|
|
@ -280,13 +286,16 @@ public class WolfCryptKeyPairGenerator extends KeyPairGeneratorSpi {
|
|||
|
||||
ECPrivateKey eccPriv = null;
|
||||
ECPublicKey eccPub = null;
|
||||
Ecc ecc = null;
|
||||
|
||||
Ecc ecc = new Ecc();
|
||||
synchronized (rngLock) {
|
||||
ecc = new Ecc(this.rng);
|
||||
|
||||
if (this.curve == null) {
|
||||
ecc.makeKey(rng, this.keysize);
|
||||
} else {
|
||||
ecc.makeKeyOnCurve(rng, this.keysize, this.curve);
|
||||
if (this.curve == null) {
|
||||
ecc.makeKey(this.rng, this.keysize);
|
||||
} else {
|
||||
ecc.makeKeyOnCurve(this.rng, this.keysize, this.curve);
|
||||
}
|
||||
}
|
||||
|
||||
/* private key */
|
||||
|
|
@ -343,7 +352,9 @@ public class WolfCryptKeyPairGenerator extends KeyPairGeneratorSpi {
|
|||
dh.setParams(dhP, dhG);
|
||||
|
||||
/* make key */
|
||||
dh.makeKey(rng);
|
||||
synchronized (rngLock) {
|
||||
dh.makeKey(this.rng);
|
||||
}
|
||||
|
||||
privSpec = new DHPrivateKeySpec(
|
||||
new BigInteger(dh.getPrivateKey()),
|
||||
|
|
@ -403,9 +414,11 @@ public class WolfCryptKeyPairGenerator extends KeyPairGeneratorSpi {
|
|||
@Override
|
||||
protected synchronized void finalize() throws Throwable {
|
||||
try {
|
||||
if (this.rng != null) {
|
||||
rng.free();
|
||||
rng.releaseNativeStruct();
|
||||
synchronized (rngLock) {
|
||||
if (this.rng != null) {
|
||||
this.rng.free();
|
||||
this.rng.releaseNativeStruct();
|
||||
}
|
||||
}
|
||||
} finally {
|
||||
super.finalize();
|
||||
|
|
|
|||
|
|
@ -111,15 +111,20 @@ public class WolfCryptSignature extends SignatureSpi {
|
|||
this.keyType = ktype;
|
||||
this.digestType = dtype;
|
||||
|
||||
/* init asn object */
|
||||
asn = new Asn();
|
||||
|
||||
if ((ktype != KeyType.WC_RSA) &&
|
||||
(ktype != KeyType.WC_ECDSA)) {
|
||||
throw new NoSuchAlgorithmException(
|
||||
"Signature algorithm key type must be RSA or ECC");
|
||||
}
|
||||
|
||||
synchronized (rngLock) {
|
||||
this.rng = new Rng();
|
||||
this.rng.init();
|
||||
}
|
||||
|
||||
/* init asn object */
|
||||
asn = new Asn();
|
||||
|
||||
/* init hash type */
|
||||
switch (dtype) {
|
||||
case WC_MD5:
|
||||
|
|
@ -157,11 +162,6 @@ public class WolfCryptSignature extends SignatureSpi {
|
|||
"Unsupported signature algorithm digest type");
|
||||
}
|
||||
|
||||
synchronized (rngLock) {
|
||||
this.rng = new Rng();
|
||||
this.rng.init();
|
||||
}
|
||||
|
||||
if (debug.DEBUG) {
|
||||
keyString = typeToString(ktype);
|
||||
digestString = digestToString(dtype);
|
||||
|
|
@ -247,14 +247,18 @@ public class WolfCryptSignature extends SignatureSpi {
|
|||
/* initialize native struct */
|
||||
switch (keyType) {
|
||||
case WC_RSA:
|
||||
if (this.rsa != null)
|
||||
if (this.rsa != null) {
|
||||
this.rsa.releaseNativeStruct();
|
||||
}
|
||||
this.rsa = new Rsa();
|
||||
break;
|
||||
case WC_ECDSA:
|
||||
if (this.ecc != null)
|
||||
if (this.ecc != null) {
|
||||
this.ecc.releaseNativeStruct();
|
||||
this.ecc = new Ecc();
|
||||
}
|
||||
synchronized (this.rngLock) {
|
||||
this.ecc = new Ecc(this.rng);
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
@ -312,14 +316,18 @@ public class WolfCryptSignature extends SignatureSpi {
|
|||
/* initialize native struct */
|
||||
switch (keyType) {
|
||||
case WC_RSA:
|
||||
if (this.rsa != null)
|
||||
if (this.rsa != null) {
|
||||
this.rsa.releaseNativeStruct();
|
||||
}
|
||||
this.rsa = new Rsa();
|
||||
break;
|
||||
case WC_ECDSA:
|
||||
if (this.ecc != null)
|
||||
if (this.ecc != null) {
|
||||
this.ecc.releaseNativeStruct();
|
||||
this.ecc = new Ecc();
|
||||
}
|
||||
synchronized (this.rngLock) {
|
||||
this.ecc = new Ecc(this.rng);
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
@ -415,7 +423,7 @@ public class WolfCryptSignature extends SignatureSpi {
|
|||
byte[] tmp = new byte[encodedSz];
|
||||
System.arraycopy(encDigest, 0, tmp, 0, encodedSz);
|
||||
synchronized (rngLock) {
|
||||
signature = this.rsa.sign(tmp, rng);
|
||||
signature = this.rsa.sign(tmp, this.rng);
|
||||
}
|
||||
zeroArray(tmp);
|
||||
|
||||
|
|
@ -425,7 +433,7 @@ public class WolfCryptSignature extends SignatureSpi {
|
|||
|
||||
/* ECC sign */
|
||||
synchronized (rngLock) {
|
||||
signature = this.ecc.sign(digest, rng);
|
||||
signature = this.ecc.sign(digest, this.rng);
|
||||
}
|
||||
|
||||
break;
|
||||
|
|
@ -652,6 +660,7 @@ public class WolfCryptSignature extends SignatureSpi {
|
|||
/* release RNG */
|
||||
this.rng.free();
|
||||
this.rng.releaseNativeStruct();
|
||||
this.rng = null;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -38,9 +38,17 @@ public class Ecc extends NativeStruct {
|
|||
/* used with native wc_ecc_set_rng() */
|
||||
private Rng rng = null;
|
||||
|
||||
/* Do we own the Rng struct, or has that been passed in? Used
|
||||
* during Rng cleanup. */
|
||||
private boolean weOwnRng = true;
|
||||
|
||||
/** Lock around Rng object access */
|
||||
private final Object rngLock = new Object();
|
||||
|
||||
/** Lock around object state */
|
||||
protected final Object stateLock = new Object();
|
||||
|
||||
|
||||
/**
|
||||
* Create new Ecc object
|
||||
*/
|
||||
|
|
@ -48,6 +56,18 @@ public class Ecc extends NativeStruct {
|
|||
init();
|
||||
}
|
||||
|
||||
/**
|
||||
* Create new Ecc object with existing Rng object.
|
||||
*
|
||||
* @param rng initialized com.wolfssl.wolfcrypt.Rng object
|
||||
*/
|
||||
public Ecc(Rng rng) {
|
||||
this.rng = rng;
|
||||
weOwnRng = false;
|
||||
|
||||
init();
|
||||
}
|
||||
|
||||
@Override
|
||||
public synchronized void releaseNativeStruct() {
|
||||
free();
|
||||
|
|
@ -100,9 +120,12 @@ public class Ecc extends NativeStruct {
|
|||
}
|
||||
|
||||
/* used with native wc_ecc_set_rng() */
|
||||
if (rng == null) {
|
||||
rng = new Rng();
|
||||
rng.init();
|
||||
synchronized (rngLock) {
|
||||
if (rng == null) {
|
||||
rng = new Rng();
|
||||
rng.init();
|
||||
weOwnRng = true;
|
||||
}
|
||||
}
|
||||
|
||||
state = WolfCryptState.INITIALIZED;
|
||||
|
|
@ -124,9 +147,11 @@ public class Ecc extends NativeStruct {
|
|||
wc_ecc_free();
|
||||
}
|
||||
|
||||
if (this.rng != null) {
|
||||
rng.free();
|
||||
rng.releaseNativeStruct();
|
||||
synchronized (rngLock) {
|
||||
if (this.weOwnRng && this.rng != null) {
|
||||
rng.free();
|
||||
rng.releaseNativeStruct();
|
||||
}
|
||||
}
|
||||
|
||||
state = WolfCryptState.UNINITIALIZED;
|
||||
|
|
@ -445,7 +470,9 @@ public class Ecc extends NativeStruct {
|
|||
if (state == WolfCryptState.READY) {
|
||||
|
||||
synchronized (pointerLock) {
|
||||
return wc_ecc_shared_secret(pubKey, this.rng);
|
||||
synchronized (rngLock) {
|
||||
return wc_ecc_shared_secret(pubKey, this.rng);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
throw new IllegalStateException(
|
||||
|
|
|
|||
Loading…
Reference in New Issue