Skip to content

Commit

Permalink
JNI/JCE: reduce extra WolfCryptRng object creation between Signature …
Browse files Browse the repository at this point in the history 
…and KeyPairGenerator classes
  • Loading branch information
@cconlon
cconlon committed Apr 11, 2024
1 parent a06c045 commit 5d79a73
Show file tree
Hide file tree
Showing 3 changed files with 65 additions and 21 deletions.
37 changes: 25 additions & 12 deletions src/main/java/com/wolfssl/provider/jce/WolfCryptKeyPairGenerator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,9 @@ enum KeyType {

private Rng rng = null;

/* Lock around Rng access */
private final Object rngLock = new Object();

/* for debug logging */
private WolfCryptDebug debug;
private String algString;
Expand All @@ -88,8 +91,8 @@ private WolfCryptKeyPairGenerator(KeyType type) {

this.type = type;

rng = new Rng();
rng.init();
this.rng = new Rng();
this.rng.init();

if (debug.DEBUG)
algString = typeToString(type);
Expand Down Expand Up @@ -232,7 +235,10 @@ public synchronized KeyPair generateKeyPair() {
Rsa rsa = new Rsa();

try {
rsa.makeKey(this.keysize, this.publicExponent, rng);
synchronized (rngLock) {
rsa.makeKey(this.keysize, this.publicExponent,
this.rng);
}

/* private key */
privDer = rsa.privateKeyEncodePKCS8();
Expand Down Expand Up @@ -280,13 +286,16 @@ public synchronized KeyPair generateKeyPair() {

ECPrivateKey eccPriv = null;
ECPublicKey eccPub = null;
Ecc ecc = null;

Ecc ecc = new Ecc();
synchronized (rngLock) {
ecc = new Ecc(this.rng);

if (this.curve == null) {
ecc.makeKey(rng, this.keysize);
} else {
ecc.makeKeyOnCurve(rng, this.keysize, this.curve);
if (this.curve == null) {
ecc.makeKey(this.rng, this.keysize);
} else {
ecc.makeKeyOnCurve(this.rng, this.keysize, this.curve);
}
}

/* private key */
Expand Down Expand Up @@ -343,7 +352,9 @@ public synchronized KeyPair generateKeyPair() {
dh.setParams(dhP, dhG);

/* make key */
dh.makeKey(rng);
synchronized (rngLock) {
dh.makeKey(this.rng);
}

privSpec = new DHPrivateKeySpec(
new BigInteger(dh.getPrivateKey()),
Expand Down Expand Up @@ -403,9 +414,11 @@ private void log(String msg) {
@Override
protected synchronized void finalize() throws Throwable {
try {
if (this.rng != null) {
rng.free();
rng.releaseNativeStruct();
synchronized (rngLock) {
if (this.rng != null) {
this.rng.free();
this.rng.releaseNativeStruct();
}
}
} finally {
super.finalize();
Expand Down
8 changes: 6 additions & 2 deletions src/main/java/com/wolfssl/provider/jce/WolfCryptSignature.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -254,7 +254,9 @@ protected synchronized void engineInitSign(PrivateKey privateKey)
case WC_ECDSA:
if (this.ecc != null)
this.ecc.releaseNativeStruct();
this.ecc = new Ecc();
synchronized (this.rngLock) {
this.ecc = new Ecc(this.rng);
}
break;
}

Expand Down Expand Up @@ -319,7 +321,9 @@ protected synchronized void engineInitVerify(PublicKey publicKey)
case WC_ECDSA:
if (this.ecc != null)
this.ecc.releaseNativeStruct();
this.ecc = new Ecc();
synchronized (this.rngLock) {
this.ecc = new Ecc(this.rng);
}
break;
}

Expand Down
41 changes: 34 additions & 7 deletions src/main/java/com/wolfssl/wolfcrypt/Ecc.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,16 +38,36 @@ public class Ecc extends NativeStruct {
/* used with native wc_ecc_set_rng() */
private Rng rng = null;

/* Do we own the Rng struct, or has that been passed in? Used
* during Rng cleanup. */
private boolean weOwnRng = true;

/** Lock around Rng object access */
private final Object rngLock = new Object();

/** Lock around object state */
protected final Object stateLock = new Object();


/**
* Create new Ecc object
*/
public Ecc() {
init();
}

/**
* Create new Ecc object with existing Rng object.
*
* @param rng initialized com.wolfssl.wolfcrypt.Rng object
*/
public Ecc(Rng rng) {
this.rng = rng;
weOwnRng = false;

init();
}

@Override
public synchronized void releaseNativeStruct() {
free();
Expand Down Expand Up @@ -100,9 +120,12 @@ protected void init() {
}

/* used with native wc_ecc_set_rng() */
if (rng == null) {
rng = new Rng();
rng.init();
synchronized (rngLock) {
if (rng == null) {
rng = new Rng();
rng.init();
weOwnRng = true;
}
}

state = WolfCryptState.INITIALIZED;
Expand All @@ -124,9 +147,11 @@ protected void free() {
wc_ecc_free();
}

if (this.rng != null) {
rng.free();
rng.releaseNativeStruct();
synchronized (rngLock) {
if (this.weOwnRng && this.rng != null) {
rng.free();
rng.releaseNativeStruct();
}
}

state = WolfCryptState.UNINITIALIZED;
Expand Down Expand Up @@ -445,7 +470,9 @@ public synchronized byte[] makeSharedSecret(Ecc pubKey)
if (state == WolfCryptState.READY) {

synchronized (pointerLock) {
return wc_ecc_shared_secret(pubKey, this.rng);
synchronized (rngLock) {
return wc_ecc_shared_secret(pubKey, this.rng);
}
}
} else {
throw new IllegalStateException(
Expand Down

0 comments on commit 5d79a73

Please sign in to comment.