blob: a73eb417203c102e0dee1894a0a38f3608ecb22f [file] [log] [blame]
/**
*
* Copyright (c) 2021 Project CHIP Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "CHIPP256KeypairBridge.h"
#include "lib/core/CHIPError.h"
#include "lib/support/CHIPJNIError.h"
#include "lib/support/JniReferences.h"
#include "lib/support/JniTypeWrappers.h"
#include "lib/support/SafeInt.h"
#include <array>
#include <cstdint>
#include <cstdlib>
#include <jni.h>
#include <string.h>
#include <type_traits>
using namespace chip;
using namespace chip::Crypto;
CHIPP256KeypairBridge::~CHIPP256KeypairBridge() {}
CHIP_ERROR CHIPP256KeypairBridge::SetDelegate(jobject delegate)
{
CHIP_ERROR err = CHIP_NO_ERROR;
JNIEnv * env = JniReferences::GetInstance().GetEnvForCurrentThread();
VerifyOrExit(env != nullptr, err = CHIP_JNI_ERROR_NO_ENV);
ReturnErrorOnFailure(mDelegate.Init(delegate));
jclass keypairDelegateClass;
err = JniReferences::GetInstance().GetLocalClassRef(env, "chip/devicecontroller/KeypairDelegate", keypairDelegateClass);
VerifyOrExit(err == CHIP_NO_ERROR, ChipLogError(Controller, "Failed to find class for KeypairDelegate."));
SuccessOrExit(err = mKeypairDelegateClass.Init(static_cast<jobject>(keypairDelegateClass)));
err = JniReferences::GetInstance().FindMethod(env, delegate, "createCertificateSigningRequest", "()[B",
&mCreateCertificateSigningRequestMethod);
VerifyOrExit(err == CHIP_NO_ERROR,
ChipLogError(Controller, "Failed to find KeypairDelegate.createCertificateSigningRequest() method."));
err = JniReferences::GetInstance().FindMethod(env, delegate, "getPublicKey", "()[B", &mGetPublicKeyMethod);
VerifyOrExit(err == CHIP_NO_ERROR, ChipLogError(Controller, "Failed to find KeypairDelegate.getPublicKey() method."));
err = JniReferences::GetInstance().FindMethod(env, delegate, "ecdsaSignMessage", "([B)[B", &mEcdsaSignMessageMethod);
VerifyOrExit(err == CHIP_NO_ERROR, ChipLogError(Controller, "Failed to find KeypairDelegate.ecdsaSignMessage() method."));
exit:
return err;
}
CHIP_ERROR CHIPP256KeypairBridge::Initialize(ECPKeyTarget key_target)
{
if (HasKeypair())
{
SetPubkey();
}
return CHIP_NO_ERROR;
}
CHIP_ERROR CHIPP256KeypairBridge::Serialize(P256SerializedKeypair & output) const
{
if (!HasKeypair())
{
return CHIP_ERROR_INCORRECT_STATE;
}
return CHIP_ERROR_UNSUPPORTED_CHIP_FEATURE;
}
CHIP_ERROR CHIPP256KeypairBridge::Deserialize(P256SerializedKeypair & input)
{
if (!HasKeypair())
{
return CHIP_ERROR_INCORRECT_STATE;
}
return CHIP_ERROR_UNSUPPORTED_CHIP_FEATURE;
}
CHIP_ERROR CHIPP256KeypairBridge::NewCertificateSigningRequest(uint8_t * csr, size_t & csr_length) const
{
if (!HasKeypair())
{
return CHIP_ERROR_INCORRECT_STATE;
}
// Not supported for use from within the CHIP SDK. We provide our own
// implementation that is JVM-specific.
return CHIP_ERROR_UNSUPPORTED_CHIP_FEATURE;
}
CHIP_ERROR CHIPP256KeypairBridge::ECDSA_sign_msg(const uint8_t * msg, size_t msg_length, P256ECDSASignature & out_signature) const
{
if (!HasKeypair())
{
return CHIP_ERROR_INCORRECT_STATE;
}
VerifyOrReturnError(CanCastTo<uint32_t>(msg_length), CHIP_ERROR_INVALID_ARGUMENT);
CHIP_ERROR err = CHIP_NO_ERROR;
jbyteArray jniMsg;
jobject signedResult = nullptr;
JNIEnv * env = JniReferences::GetInstance().GetEnvForCurrentThread();
VerifyOrReturnError(env != nullptr, err = CHIP_JNI_ERROR_NO_ENV);
err = JniReferences::GetInstance().N2J_ByteArray(env, msg, static_cast<uint32_t>(msg_length), jniMsg);
VerifyOrReturnError(err == CHIP_NO_ERROR, err);
VerifyOrReturnError(jniMsg != nullptr, err);
VerifyOrReturnError(mDelegate.HasValidObjectRef(), CHIP_ERROR_INCORRECT_STATE);
signedResult = env->CallObjectMethod(mDelegate.ObjectRef(), mEcdsaSignMessageMethod, jniMsg);
if (env->ExceptionCheck())
{
ChipLogError(Controller, "Java exception in KeypairDelegate.ecdsaSignMessage()");
env->ExceptionDescribe();
env->ExceptionClear();
return CHIP_JNI_ERROR_EXCEPTION_THROWN;
}
JniByteArray jniSignature(env, static_cast<jbyteArray>(signedResult));
MutableByteSpan signatureSpan(out_signature.Bytes(), out_signature.Capacity());
ReturnErrorOnFailure(EcdsaAsn1SignatureToRaw(CHIP_CRYPTO_GROUP_SIZE_BYTES, jniSignature.byteSpan(), signatureSpan));
ReturnErrorOnFailure(out_signature.SetLength(signatureSpan.size()));
return err;
}
CHIP_ERROR CHIPP256KeypairBridge::ECDH_derive_secret(const P256PublicKey & remote_public_key,
P256ECDHDerivedSecret & out_secret) const
{
if (!HasKeypair())
{
return CHIP_ERROR_INCORRECT_STATE;
}
// Not required for Java SDK.
return CHIP_ERROR_UNSUPPORTED_CHIP_FEATURE;
}
CHIP_ERROR CHIPP256KeypairBridge::SetPubkey()
{
jobject publicKey = nullptr;
JNIEnv * env = nullptr;
VerifyOrReturnError(HasKeypair(), CHIP_ERROR_INCORRECT_STATE);
env = JniReferences::GetInstance().GetEnvForCurrentThread();
VerifyOrReturnError(env != nullptr, CHIP_JNI_ERROR_NO_ENV);
VerifyOrReturnError(mDelegate.HasValidObjectRef(), CHIP_ERROR_INCORRECT_STATE);
publicKey = env->CallObjectMethod(mDelegate.ObjectRef(), mGetPublicKeyMethod);
if (env->ExceptionCheck())
{
ChipLogError(Controller, "Java exception in KeypairDelegate.getPublicKey()");
env->ExceptionDescribe();
env->ExceptionClear();
return CHIP_JNI_ERROR_EXCEPTION_THROWN;
}
VerifyOrReturnError(publicKey != nullptr, CHIP_JNI_ERROR_NULL_OBJECT);
JniByteArray jniPublicKey(env, static_cast<jbyteArray>(publicKey));
FixedByteSpan<Crypto::kP256_PublicKey_Length> publicKeySpan =
FixedByteSpan<kP256_PublicKey_Length>(reinterpret_cast<const uint8_t *>(jniPublicKey.data()));
mPublicKey = P256PublicKey(publicKeySpan);
return CHIP_NO_ERROR;
}