WolfSSL
/
wolfcrypt-jni
mirror of https://github.com/wolfSSL/wolfcrypt-jni.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #97 from cconlon/1.8release 

Prep for 1.8 Release
pull/98/head v1.8.0-stable
JacobBarthelmeh 2025-01-23 12:52:13 -08:00 committed by GitHub
parent 81a7fee6b2 ea2cf2564d
commit 2eeb8f1cbb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 143 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
ChangeLog.md
View File

@ -1,3 +1,24 @@
### wolfCrypt JNI Release 1.8.0 (01/23/2025)
Release 1.8.0 of wolfCrypt JNI and JCE has bug fixes and new features including:
**New JCE Functionality:**
- Add Java security property support for mapping JKS/PKCS12 to WKS type (PR 83)
**JNI and JCE Changes:**
- Run FIPS CASTs once up front to prevent threaded app errors (PR 84, 91)
**Example Changes:**
- Define `WOLFSSL_CUSTOM_CONFIG` in Android Studio project builds (PR 85)
- Add basic JCE cryptography benchmark app (PR 88, 89, 93, 94)
**Testing Changes:**
- Add GitHub Action testing Maven (pom.xml) build on macOS and Linux (PR 82)
The wolfCrypt JNI/JCE Manual is available at:
https://www.wolfssl.com/documentation/manuals/wolfcryptjni/. For build
instructions and more details comments, please check the manual.
### wolfCrypt JNI Release 1.7.0 (11/11/2024) ### wolfCrypt JNI Release 1.7.0 (11/11/2024)
Release 1.7.0 of wolfCrypt JNI and JCE has bug fixes and new features including: Release 1.7.0 of wolfCrypt JNI and JCE has bug fixes and new features including:

144
IDE/Android/app/src/main/cpp/CMakeLists.txt
View File

@ -87,14 +87,14 @@ if ("${WOLFSSL_PKG_TYPE}" MATCHES "normal")
elseif("${WOLFSSL_PKG_TYPE}" MATCHES "fipsready") elseif("${WOLFSSL_PKG_TYPE}" MATCHES "fipsready")
# The wolfCrypt FIPS In Core Integrity checksum will vary with compiler # The wolfCrypt FIPS In Core Integrity checksum will vary with compiler
# versions, runtime library versions, target hardware, and build type. # versions, runtime library versions, target hardware, and build type.
# Anytime the module is shifted up or down in memory or loaded from a # Anytime the module is shifted up or down in memory or loaded from a new
# new memory location the hash will change. This is expected during # memory location the hash will change. This is expected during normal
# normal development cycles but should be stable in a production # development cycles but should be stable in a production deployment.
# deployment. The verifyCore[] hash can be manually updated in # The verifyCore[] hash can be manually updated in
# 'wolfcrypt/src/fips_test.c' and the app recompiled. Or, the define # 'wolfcrypt/src/fips_test.c' and the app recompiled. Or, the define
# WOLFCRYPT_FIPS_CORE_HASH_VALUE can be set below, which is helpful # WOLFCRYPT_FIPS_CORE_HASH_VALUE can be set below, which is helpful
# for Android Studio, which builds for all these architectures in the # for Android Studio, which builds for all these architectures in the same
# same build. # build.
# #
# The hash values below are only for reference and will need to # The hash values below are only for reference and will need to
# be updated to match your build. To update this value: # be updated to match your build. To update this value:
@ -102,17 +102,17 @@ elseif("${WOLFSSL_PKG_TYPE}" MATCHES "fipsready")
# 1. Build and install your app which contains wolfCrypt FIPS # 1. Build and install your app which contains wolfCrypt FIPS
# 2. Run your app on each architecture, looking at the logcat output # 2. Run your app on each architecture, looking at the logcat output
# to see the expected verifyCore[] hash value. # to see the expected verifyCore[] hash value.
# 3. Copy the expected hash value from logcat to the proper # 3. Copy the expected hash value from logcat to the proper architecture
# architecture section below. # section below.
# 4. Re-build your application now that the expected hash value has # 4. Re-build your application now that the expected hash value has
# been set. # been set.
# 5. Re-install and re-run your application on each architecture to # 5. Re-install and re-run your application on each architecture to
# confirm the hash is stable and application runs as expected. # confirm the hash is stable and application runs as expected.
# #
# NOTE: If using wolfSSL FIPS Ready or FIPS proper with this sample # NOTE: If using wolfSSL FIPS Ready or FIPS proper with this sample
# application and run into the scenario where the verifyCore[] hash # application and run into the scenario where the verifyCore[] hash output
# output at runtime is empty, consider checking/increasing the size of # at runtime is empty, consider checking/increasing the size of the
# the MAX_FIPS_DATA_SZ define in 'wolfcrypt/src/fips_test.c'. # MAX_FIPS_DATA_SZ define in 'wolfcrypt/src/fips_test.c'.
if("${ANDROID_ABI}" MATCHES "arm64-v8a") if("${ANDROID_ABI}" MATCHES "arm64-v8a")
# https://developer.android.com/ndk/guides/abis#arm64-v8a # https://developer.android.com/ndk/guides/abis#arm64-v8a
@ -129,44 +129,64 @@ elseif("${WOLFSSL_PKG_TYPE}" MATCHES "fipsready")
endif() endif()
# Add preprocessor defines to CFLAGS, these match those placed into # Add preprocessor defines to CFLAGS, these match those placed into
# wolfssl/options.h by configure if using: "./configure" on a Unix/Linux # wolfssl/options.h by configure if using the following configure on a Unix/Linux
# platform. The options below have been chosen to match a FIPS Ready # platform with a wolfSSL FIPS Ready GPLv3 bundle:
# build, and are based on the example user_settings.h file located here: #
# https://github.com/wolfSSL/wolfssl/blob/master/examples/configs/user_settings_fipsv5.h # ./configure --enable-fips=ready --enable-jni
#
# This list may be configurable depending on use case and desired # This list may be configurable depending on use case and desired
# optimizations, being careful not to break FIPS compatibility if # optimizations, being careful not to break FIPS compatibility if targeting
# targeting FIPS proper in the future. # FIPS proper in the future. Please contact support@wolfssl.com for assistance
add_definitions(-DHAVE_FIPS -DHAVE_FIPS_VERSION=5 -DHAVE_FIPS_VERSION_MINOR=3 # properly compiling for use with wolfCrypt FIPS variants.
-DHAVE_HASHDRBG -DHAVE_THREAD_LS -DHAVE_REPRODUCIBLE_BUILD add_definitions(
-DFP_MAX_BITS=16384 -DSP_INT_BITS=8192 -DWOLFSSL_PUBLIC_MP -DWOLFSSL_FIPS_READY -DHAVE_FIPS -DHAVE_FIPS_VERSION=7
-DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT -DWC_RSA_BLINDING -DHAVE_FIPS_VERSION_MAJOR=7 -DHAVE_FIPS_VERSION_MINOR=0
-DWC_RNG_SEED_CB -DWOLFSSL_VALIDATE_ECC_IMPORT -DHAVE_FIPS_VERSION_PATCH=0 -DWC_RNG_SEED_CB -DHAVE_THREAD_LS
-DWOLFSSL_VALIDATE_ECC_KEYGEN -DWOLFSSL_VALIDATE_FFC_IMPORT
-DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS -DHAVE_ENCRYPT_THEN_MAC -DWOLFSSL_WOLFSSH -DNO_DO178 -DHAVE_REPRODUCIBLE_BUILD -DWC_NO_ASYNC_THREADING
-DHAVE_SUPPORTED_CURVES -DHAVE_EXTENDED_MASTER -DHAVE_ONE_TIME_AUTH -DNO_OLD_TLS -DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS -DHAVE_SNI
-DHAVE_SECURE_RENEGOTIATION -DHAVE_SERVER_RENEGOTIATION_INFO -DHAVE_SESSION_TICKET -DHAVE_KEYING_MATERIAL -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES
-DWOLFSSL_USE_ALIGN -DWOLFSSL_BASE64_ENCODE -DHAVE_CRL -DHAVE_EXTENDED_MASTER -DHAVE_ENCRYPT_THEN_MAC -DWOLFSSL_JNI -DHAVE_EX_DATA
-DHAVE_EXT_CACHE -DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_ALWAYS_VERIFY_CB -DKEEP_PEER_CERT -DWOLFSSL_ALWAYS_VERIFY_CB -DWOLFSSL_DTLS -DOPENSSL_EXTRA
-DWOLFSSL_DH_EXTRA -DWOLFSSL_WOLFSSH -DOPENSSL_EXTRA -DOPENSSL_ALL -DOPENSSL_ALL -DWOLFSSL_ERROR_CODE_OPENSSL -DHAVE_CRL -DHAVE_CRL_MONITOR
-DHAVE_FFDHE_Q -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072 -DHAVE_FFDHE_4096 -DHAVE_OCSP -DPERSIST_SESSION_CACHE -DPERSIST_CERT_CACHE -DATOMIC_USER
-DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DHAVE_DH_DEFAULT_PARAMS -DHAVE_PUBLIC_FFDHE -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN -DWOLFSSL_CERT_REQ -DWOLFSSL_KEY_GEN
-DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR -DHAVE_ECC_CDH -DECC_USER_CURVES -DHAVE_ALPN -DWOLFSSL_ALT_CERT_CHAINS -DSESSION_CERTS -DWOLFSSL_ENCRYPTED_KEYS
-DHAVE_ECC256 -DHAVE_ECC384 -DHAVE_ECC521 -DWOLFSSL_ECDSA_SET_K -DWOLFSSL_SYS_CA_CERTS -DWOLFSSL_ALT_NAMES -DWOLFSSL_EITHER_SIDE
-DWC_RSA_PSS -DWOLFSSL_KEY_GEN -DWC_RSA_NO_PADDING -DWOLFSSL_TICKET_HAVE_ID -DWOLFSSL_CERT_NAME_ALL
-DWOLFSSL_AES_COUNTER -DHAVE_AESCCM -DHAVE_AES_ECB -DWOLFSSL_AES_DIRECT -DHAVE_SERVER_RENEGOTIATION_INFO -DWOLFSSL_ASN_TEMPLATE -DWOLFSSL_ASN_PRINT
-DWOLFSSL_AES_OFB -DHAVE_AESGCM -DGCM_TABLE_4BIT -DWOLFSSL_CMAC -DWOLFSSL_BASE64_ENCODE -DERROR_QUEUE_PER_THREAD -DNO_ERROR_QUEUE
-DWOLFSSL_SHA224 -DWOLFSSL_SHA512 -DWOLFSSL_SHA384 -DWOLFSSL_NO_SHAKE256 -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT -DWOLFSSL_USE_ALIGN
-DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256 -DWOLFSSL_SHA3 -DHAVE_HKDF -DWOLFSSL_PUBLIC_MP
-DNO_OLD_TLS -DNO_PSK -DNO_DO178
-DNO_RC4 -DNO_MD4 -DNO_MD5 -DNO_DES3 -DNO_DSA -DNO_RABBIT -DWC_RSA_BLINDING -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT -DWC_RSA_NO_PADDING
-DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR -DECC_MIN_KEY_SZ=192 -DHAVE_ECC_CDH
-DECC_USER_CURVES -DHAVE_ECC192 -DHAVE_ECC224 -DHAVE_ECC256 -DHAVE_ECC384
-DHAVE_ECC521 -DWOLFSSL_ECDSA_SET_K -DWOLFSSL_VALIDATE_ECC_IMPORT
-DWOLFSSL_VALIDATE_ECC_KEYGEN
-DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q -DHAVE_FFDHE_2048
-DHAVE_FFDHE_3072 -DHAVE_FFDHE_4096 -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192
-DHAVE_DH_DEFAULT_PARAMS
-DHAVE_HKDF -DHAVE_PBKDF2 -DHAVE_HASHDRBG -DWC_SRTP_KDF -DWOLFSSL_SRTP
-DHAVE_AESGCM -DGCM_TABLE_4BIT -DWOLFSSL_AESGCM_STREAM -DHAVE_AESCCM
-DWOLFSSL_AES_COUNTER -DWOLFSSL_CMAC -DWOLFSSL_AES_OFB -DWOLFSSL_AES_CFB
-DWOLFSSL_AES_XTS -DWOLFSSL_AESXTS_STREAM -DWOLFSSL_AES_DIRECT
-DHAVE_AES_ECB -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_XTS -DHAVE_AES_KEYWRAP
-DHAVE_ED25519 -DHAVE_ED25519_KEY_IMPORT -DHAVE_ED448 -DHAVE_ED448_KEY_IMPORT
-DWOLFSSL_ED448_STREAMING_VERIFY
-DHAVE_CURVE25519 -DHAVE_CURVE448
-DWOLFSSL_SHA224 -DWOLFSSL_SHA384 -DWOLFSSL_SHA512 -DWOLFSSL_NOSHA512_224
-DWOLFSSL_NOSHA512_256 -DWOLFSSL_SHA3 -DWOLFSSL_SHAKE128 -DWOLFSSL_SHAKE256
-DNO_DSA -DNO_RC4 -DNO_MD4 -DNO_DES3 -DNO_DES3_TLS_SUITES
-DWOLFSSL_JNI -DHAVE_EX_DATA -DHAVE_OCSP -DHAVE_CRL_MONITOR
-DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN -DHAVE_SNI -DHAVE_ALPN
-DWOLFSSL_ENCRYPTED_KEYS -DNO_ERROR_QUEUE -DWOLFSSL_EITHER_SIDE
-DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_TICKET_HAVE_ID
-DWOLFSSL_ERROR_CODE_OPENSSL -DWOLFSSL_EXTRA_ALERTS
-DWOLFSSL_FORCE_CACHE_ON_TICKET -DWOLFSSL_AKID_NAME -DHAVE_CTS
-DKEEP_PEER_CERT -DSESSION_CERTS
-DSIZEOF_LONG=4 -DSIZEOF_LONG_LONG=8 -DWOLFSSL_CUSTOM_CONFIG -DSIZEOF_LONG=4 -DSIZEOF_LONG_LONG=8 -DWOLFSSL_CUSTOM_CONFIG
# For gethostbyname() # For gethostbyname()
@ -175,12 +195,11 @@ elseif("${WOLFSSL_PKG_TYPE}" MATCHES "fipsready")
# Enable below options for wolfSSL debug logging # Enable below options for wolfSSL debug logging
#-DDEBUG_WOLFSSL -DWOLFSSL_ANDROID_DEBUG #-DDEBUG_WOLFSSL -DWOLFSSL_ANDROID_DEBUG
# Below options are added only for wolfCrypt test and benchmark # Below options are added only for wolfCrypt test and benchmark applications.
# applications. These can be left off / removed when integrating # These can be left off / removed when integrating into a real-world application.
# into a real-world application. Add -DNO_FILESYSTEM to disable # Add -DNO_FILESYSTEM to disable file system use for wolfCrypt test, but make sure
# file system use for wolfCrypt test, but make sure to remove # to remove this define in production applications as filesystem access is required
# this define in production applications as filesystem access # for wolfJSSE use.
# is required for wolfJCE use.
-DUSE_CERT_BUFFERS_2048 -DUSE_CERT_BUFFERS_256 -DUSE_CERT_BUFFERS_2048 -DUSE_CERT_BUFFERS_256
-DNO_WRITE_TEMP_FILES -DNO_MAIN_DRIVER -DNO_WRITE_TEMP_FILES -DNO_MAIN_DRIVER
) )
@ -196,7 +215,8 @@ elseif("${WOLFSSL_MATH_LIB}" MATCHES "spmath")
-DWOLFSSL_HAVE_SP_RSA -DWOLFSSL_SP_4096 -DWOLFSSL_HAVE_SP_RSA -DWOLFSSL_SP_4096
-DWOLFSSL_HAVE_SP_DH -DWOLFSSL_HAVE_SP_DH
-DWOLFSSL_HAVE_SP_ECC -DWOLFSSL_SP_384 -DWOLFSSL_SP_521 -DWOLFSSL_HAVE_SP_ECC -DWOLFSSL_SP_384 -DWOLFSSL_SP_521
-DWOLFSSL_SP_LARGE_CODE) -DWOLFSSL_SP_LARGE_CODE
-DFP_MAX_BITS=16384 -DSP_INT_BITS=8192)
# SP Math architecture-specific settings (ex: assembly optimizations) # SP Math architecture-specific settings (ex: assembly optimizations)
if("${ANDROID_ABI}" MATCHES "arm64-v8a") if("${ANDROID_ABI}" MATCHES "arm64-v8a")
@ -250,16 +270,21 @@ elseif("${WOLFSSL_PKG_TYPE}" MATCHES "fipsready")
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/wolfcrypt_first.c) list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/wolfcrypt_first.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/hmac.c) list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/hmac.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/random.c) list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/random.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/sha256.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/kdf.c) list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/kdf.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/rsa.c) list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/rsa.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/ecc.c) list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/ecc.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/aes.c) list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/aes.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/sha256.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/sha.c) list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/sha.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/sha512.c) list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/sha512.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/sha3.c) list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/sha3.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/dh.c) list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/dh.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/cmac.c) list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/cmac.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/curve448.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/ed448.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/curve25519.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/ed25519.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/pwdbased.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/fips.c) list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/fips.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/fips_test.c) list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/fips_test.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/wolfcrypt_last.c) list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/wolfcrypt_last.c)
@ -283,9 +308,18 @@ elseif("${WOLFSSL_PKG_TYPE}" MATCHES "fipsready")
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/memory.c) list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/memory.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/asn.c) list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/asn.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/coding.c) list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/coding.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/md5.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/pwdbased.c) list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/pwdbased.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/pkcs12.c) list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/pkcs12.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/tfm.c) list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/tfm.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/wc_lms.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/wc_lms_impl.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/wc_xmss.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/wc_xmss_impl.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/fe_operations.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/ge_operations.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/fe_448.c)
list(APPEND CRYPTO_SOURCES ${wolfssl_DIR}/wolfcrypt/src/ge_448.c)
endif() endif()
# wolfSSL will be compiled as a SHARED library # wolfSSL will be compiled as a SHARED library

15
README.md
View File

@ -35,7 +35,16 @@ $ make check
$ sudo make install $ sudo make install
``` ```
**wolfSSL FIPSv2 Build**: **wolfSSL FIPSv2 (FIPS 140-2 Cert 3389) Build**:
```
$ cd wolfssl-x.x.x-commercial-fips
$ ./configure --enable-fips=v2 --enable-jni
$ make check
$ sudo make install
```
**wolfSSL FIPSv5 (FIPS 140-3 Cert 4718) Build**:
``` ```
$ cd wolfssl-x.x.x-commercial-fips $ cd wolfssl-x.x.x-commercial-fips
@ -62,7 +71,7 @@ on building with Maven. Continue reading here for instructions to build with
ant. ant.
1) Compile the native wolfCrypt JNI object files. Two makefiles are distributed, 1) Compile the native wolfCrypt JNI object files. Two makefiles are distributed,
one for Linux (`makefile.linux`) and one for Mac OSX (`makefile.macosx`). First one for Linux (`makefile.linux`) and one for macOS (`makefile.macosx`). First
copy the makefile for your platform to a file called `makefile`: copy the makefile for your platform to a file called `makefile`:
``` ```
@ -208,7 +217,7 @@ on the current release):
<dependency> <dependency>
<groupId>com.wolfssl</groupId> <groupId>com.wolfssl</groupId>
<artifactId>wolfcrypt-jni</artifactId> <artifactId>wolfcrypt-jni</artifactId>
<version>1.7.0-SNAPSHOT</version> <version>1.8.0-SNAPSHOT</version>
</dependency> </dependency>
</dependencies> </dependencies>
... ...

18
README_JCE.md
View File

@ -292,11 +292,15 @@ The example can then be run using:
``` ```
$ ./examples/provider/ProviderTest.sh $ ./examples/provider/ProviderTest.sh
``` ```
**CryptoBenchmark** **CryptoBenchmark**
This example benchmarks the performance of cryptographic operations using the wolfJCE provider. It tests AES-CBC with 256-bit key encryption/decryption operations. This example benchmarks the performance of cryptographic operations using the
wolfJCE provider. It tests AES-CBC with 256-bit key encryption/decryption
operations.
Build and run: Build and run:
``` ```
# From wolfcrypt-jni root directory # From wolfcrypt-jni root directory
make # Build native library make # Build native library
@ -305,7 +309,8 @@ ant build-jce-release # Build JCE JAR
# Run benchmark # Run benchmark
./examples/provider/CryptoBenchmark.sh ./examples/provider/CryptoBenchmark.sh
``` ```
This script requires for JAVA_HOME to be set.
This script requires for `JAVA_HOME` to be set.
For Bouncy Castle comparison testing: For Bouncy Castle comparison testing:
@ -314,17 +319,24 @@ CryptoBenchmark.sh will prompt with the following:
``` ```
Would you like to download Bouncy Castle JARs? (y/n) Would you like to download Bouncy Castle JARs? (y/n)
``` ```
If you respond with 'y', the script will download the Bouncy Castle JARs and run the benchmark with Bouncy Castle. At the end of the benchmark, the script will prompt whether or not to remove the Bouncy Castle JAR files.
If you respond with 'y', the script will download the Bouncy Castle JARs and
run the benchmark with Bouncy Castle. At the end of the benchmark, the script
will prompt whether or not to remove the Bouncy Castle JAR files.
If you prefer to download the JARs manually, follow the instructions below: If you prefer to download the JARs manually, follow the instructions below:
Visit [bouncy-castle-java](https://www.bouncycastle.org/download/bouncy-castle-java/) Visit [bouncy-castle-java](https://www.bouncycastle.org/download/bouncy-castle-java/)
Download: Download:
``` ```
bcprov-jdk18on-1.79.jar # Bouncy Castle Provider bcprov-jdk18on-1.79.jar # Bouncy Castle Provider
bctls-jdk18on-1.79.jar # Bouncy Castle DTLS/TLS API/JSSE Provider bctls-jdk18on-1.79.jar # Bouncy Castle DTLS/TLS API/JSSE Provider
``` ```
Copy jar files to wolfcrypt-jni/lib/: Copy jar files to wolfcrypt-jni/lib/:
``` ```
cp bcprov-jdk18on-1.79.jar wolfcrypt-jni/lib cp bcprov-jdk18on-1.79.jar wolfcrypt-jni/lib
cp bctls-jdk18on-1.79.jar wolfcrypt-jni/lib cp bctls-jdk18on-1.79.jar wolfcrypt-jni/lib

2
build.xml
View File

@ -19,7 +19,7 @@
<!-- versioning/manifest properties --> <!-- versioning/manifest properties -->
<property name="implementation.vendor" value="wolfSSL Inc." /> <property name="implementation.vendor" value="wolfSSL Inc." />
<property name="implementation.title" value="wolfCrypt JNI" /> <property name="implementation.title" value="wolfCrypt JNI" />
<property name="implementation.version" value="1.7" /> <property name="implementation.version" value="1.8" />
<!-- set properties for this build --> <!-- set properties for this build -->
<property name="src.dir" value="src/main/java/" /> <property name="src.dir" value="src/main/java/" />

2
pom.xml
View File

@ -4,7 +4,7 @@
<modelVersion>4.0.0</modelVersion> <modelVersion>4.0.0</modelVersion>
<groupId>com.wolfssl</groupId> <groupId>com.wolfssl</groupId>
<artifactId>wolfcrypt-jni</artifactId> <artifactId>wolfcrypt-jni</artifactId>
<version>1.7.0-SNAPSHOT</version> <version>1.8.0-SNAPSHOT</version>
<packaging>jar</packaging> <packaging>jar</packaging>
<name>wolfcrypt-jni</name> <name>wolfcrypt-jni</name>
<url>https://www.wolfssl.com</url> <url>https://www.wolfssl.com</url>

2
src/main/java/com/wolfssl/provider/jce/WolfCryptProvider.java
View File

@ -37,7 +37,7 @@ public final class WolfCryptProvider extends Provider {
* Create new WolfCryptProvider object * Create new WolfCryptProvider object
*/ */
public WolfCryptProvider() { public WolfCryptProvider() {
super("wolfJCE", 1.7, "wolfCrypt JCE Provider"); super("wolfJCE", 1.8, "wolfCrypt JCE Provider");
registerServices(); registerServices();
} }

6
src/main/java/com/wolfssl/wolfcrypt/WolfObject.java
View File

@ -64,14 +64,14 @@ public class WolfObject {
/* Load wolfcryptjni library */ /* Load wolfcryptjni library */
System.loadLibrary("wolfcryptjni"); System.loadLibrary("wolfcryptjni");
/* initialize native wolfCrypt library */
init();
/* Run FIPS CAST if we are in FIPS mode. Will only forcefully /* Run FIPS CAST if we are in FIPS mode. Will only forcefully
* be run once - Fips class keeps track of a successful run. */ * be run once - Fips class keeps track of a successful run. */
if (Fips.enabled) { if (Fips.enabled) {
Fips.runAllCast_fips(); Fips.runAllCast_fips();
} }
/* initialize native wolfCrypt library */
init();
} }
/** /**