WolfSSL
/
wolfcrypt-jni
mirror of https://github.com/wolfSSL/wolfcrypt-jni.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #81 from cconlon/1.7release 

Prep for 1.7 Release
pull/82/head v1.7.0-stable
JacobBarthelmeh 2024-11-11 14:29:18 -07:00 committed by GitHub
parent 280032df17 2cb30f76e1
commit b75d8aa738
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
19 changed files with 592 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
ChangeLog.md
View File

@ -1,3 +1,27 @@
### wolfCrypt JNI Release 1.7.0 (11/11/2024)
Release 1.7.0 of wolfCrypt JNI and JCE has bug fixes and new features including:
**New JCE Functionality:**
- New WolfSSLKeyStore (WKS) KeyStore implementation for FIPS 140-2/3 compliance (PR 67)
**JNI and JCE Changes:**
- Remove call to BigInteger.longValueExact(), not available on some Java versions (PR 76)
- Detect `RSA_MIN_SIZE` in tests, add `Rsa.RSA_MIN_SIZE` helper (PR 77)
- Fix pointer use in native `X509CheckPrivateKey()` (PR 80)
**Example Changes:**
- Set keytool path correctly in `system-cacerts-to-wks.sh` (PR 78)
- Add example Android Studio project (IDE/Android) (PR 79)
**Testing Changes:**
- Run Facebook Infer on pull requests with GitHub Actions (PR 74)
- Add Android Gradle build with GitHub Actions to run on all pull requests (PR 79)
The wolfCrypt JNI/JCE Manual is available at:
https://www.wolfssl.com/documentation/manuals/wolfcryptjni/. For build
instructions and more details comments, please check the manual.
### wolfCrypt JNI Release 1.6.0 (4/17/2024) ### wolfCrypt JNI Release 1.6.0 (4/17/2024)
Release 1.6.0 of wolfCrypt JNI and JCE has bug fixes and new features including: Release 1.6.0 of wolfCrypt JNI and JCE has bug fixes and new features including:

31
IDE/WIN/README.md
View File

@ -137,8 +137,12 @@ section titled `/* Configuration */`:
``` ```
#define WOLFSSL_KEY_GEN #define WOLFSSL_KEY_GEN
#define HAVE_CRL #define HAVE_CRL
#define OPENSSL_ALL
``` ```
If also building wolfSSL JNI/JSSE, additional defines may be needed. Please
reference the Windows build documentation for wolfSSL JNI/JSSE if so.
After editing and saving the `user_settings.h` file, select one of the following After editing and saving the `user_settings.h` file, select one of the following
DLL Library configurations and build the wolfSSL library solution: DLL Library configurations and build the wolfSSL library solution:
@ -204,8 +208,12 @@ and set the values for `HAVE_FIPS`, `HAVE_FIPS_VERSION`, and
``` ```
#define WOLFSSL_KEY_GEN #define WOLFSSL_KEY_GEN
#define HAVE_CRL #define HAVE_CRL
#define OPENSSL_ALL
``` ```
If also building wolfSSL JNI/JSSE, additional defines may be needed. Please
reference the Windows build documentation for wolfSSL JNI/JSSE if so.
6. Build the `wolfssl-fips` project, which will create a DLL in one of the 6. Build the `wolfssl-fips` project, which will create a DLL in one of the
following locations: following locations:
@ -230,19 +238,20 @@ in the wolfCrypt tests successfully running.
See the FIPS User Guide for more details on the FIPS verifyCore hash, or See the FIPS User Guide for more details on the FIPS verifyCore hash, or
email support@wolfssl.com. email support@wolfssl.com.
## wolfSSL FIPS 140-3 (Upcoming) ## wolfSSL FIPS 140-3 (Certificate #4718)
To build a version of wolfSSL that has been submitted for FIPS 140-3, use To build a wolfSSL FIPS 140-3 variant for use with FIPS 140-3 certificate
the Visual Studio solution file under the `IDE\WIN10` directory inside the #4718, use the Visual Studio solution file located in the `IDE/WIN10`
wolfSSL package: directory inside the wolfSSL package:
``` ```
<wolfssl>\IDE\WIN10\wolfssl-fips.sln <wolfssl>\IDE\WIN10\wolfssl-fips.sln
``` ```
Follow instructions in the above section for 140-2 / 3389, except use the Follow instructions in the above section for 140-2 / 3389, except use the
following values for `HAVE_FIPS`, `HAVE_FIPS_VERSION`, and following values for `HAVE_FIPS`, `HAVE_FIPS_VERSION`,
`HAVE_FIPS_VERSION_MINOR` in `user_settings.h`: `HAVE_FIPS_VERSION_MAJOR`, `HAVE_FIPS_VERSION_MINOR`, and
`HAVE_FIPS_VERSION_PATCH` in `user_settings.h`:
``` ```
#if 1 #if 1
@ -250,8 +259,12 @@ following values for `HAVE_FIPS`, `HAVE_FIPS_VERSION`, and
#define HAVE_FIPS #define HAVE_FIPS
#undef HAVE_FIPS_VERSION #undef HAVE_FIPS_VERSION
#define HAVE_FIPS_VERSION 5 #define HAVE_FIPS_VERSION 5
#undef HAVE_FIPS_VERSION_MAJOR
#define HAVE_FIPS_VERSION_MAJOR 5
#undef HAVE_FIPS_VERSION_MINOR #undef HAVE_FIPS_VERSION_MINOR
#define HAVE_FIPS_VERSION_MINOR 1 #define HAVE_FIPS_VERSION_MINOR 2
#undef HAVE_FIPS_VERSION_PATCH
#define HAVE_FIPS_VERSION_PATCH 0
#endif #endif
``` ```
@ -261,8 +274,12 @@ The following additional defines will also need to be added to
``` ```
#define WOLFSSL_KEY_GEN #define WOLFSSL_KEY_GEN
#define HAVE_CRL #define HAVE_CRL
#define OPENSSL_ALL
``` ```
If also building wolfSSL JNI/JSSE, additional defines may be needed. Please
reference the Windows build documentation for wolfSSL JNI/JSSE if so.
For additional help, contact support@wolfssl.com. For additional help, contact support@wolfssl.com.
# Building wolfCrypt JNI/JCE Library # Building wolfCrypt JNI/JCE Library

1
IDE/WIN/wolfcryptjni.vcxproj
View File

@ -78,6 +78,7 @@
<ClCompile Include="..\..\jni\jni_feature_detect.c" /> <ClCompile Include="..\..\jni\jni_feature_detect.c" />
<ClCompile Include="..\..\jni\jni_fips.c" /> <ClCompile Include="..\..\jni\jni_fips.c" />
<ClCompile Include="..\..\jni\jni_hmac.c" /> <ClCompile Include="..\..\jni\jni_hmac.c" />
<ClCompile Include="..\..\jni\jni_jce_wolfsslkeystore.c" />
<ClCompile Include="..\..\jni\jni_logging.c" /> <ClCompile Include="..\..\jni\jni_logging.c" />
<ClCompile Include="..\..\jni\jni_md5.c" /> <ClCompile Include="..\..\jni\jni_md5.c" />
<ClCompile Include="..\..\jni\jni_native_struct.c" /> <ClCompile Include="..\..\jni\jni_native_struct.c" />

3
IDE/WIN/wolfcryptjni.vcxproj.filters
View File

@ -170,5 +170,8 @@
<ClCompile Include="..\..\jni\jni_wolfssl_cert_manager.c"> <ClCompile Include="..\..\jni\jni_wolfssl_cert_manager.c">
<Filter>Source Files</Filter> <Filter>Source Files</Filter>
</ClCompile> </ClCompile>
<ClCompile Include="..\..\jni\jni_jce_wolfsslkeystore.c">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup> </ItemGroup>
</Project> </Project>

2
README.md
View File

@ -208,7 +208,7 @@ on the current release):
<dependency> <dependency>
<groupId>com.wolfssl</groupId> <groupId>com.wolfssl</groupId>
<artifactId>wolfcrypt-jni</artifactId> <artifactId>wolfcrypt-jni</artifactId>
<version>1.6.0-SNAPSHOT</version> <version>1.7.0-SNAPSHOT</version>
</dependency> </dependency>
</dependencies> </dependencies>
... ...

2
build.xml
View File

@ -19,7 +19,7 @@
<!-- versioning/manifest properties --> <!-- versioning/manifest properties -->
<property name="implementation.vendor" value="wolfSSL Inc." /> <property name="implementation.vendor" value="wolfSSL Inc." />
<property name="implementation.title" value="wolfCrypt JNI" /> <property name="implementation.title" value="wolfCrypt JNI" />
<property name="implementation.version" value="1.6" /> <property name="implementation.version" value="1.7" />
<!-- set properties for this build --> <!-- set properties for this build -->
<property name="src.dir" value="src/main/java/" /> <property name="src.dir" value="src/main/java/" />

2
examples/WindowsConfig.bat
View File

@ -9,7 +9,7 @@
:: included by other example .bat files. :: included by other example .bat files.
:: wolfSSL Normal non-FIPS (DLL Debug x64) :: wolfSSL Normal non-FIPS (DLL Debug x64)
SET WOLFSSL_DLL_DIR=..\..\..\wolfssl\IDE\WIN10\DLL Debug\x64 SET WOLFSSL_DLL_DIR=..\..\..\wolfssl\DLL Debug\x64
SET WOLFCRYPTJNI_DLL_DIR=..\..\IDE\WIN\DLL Debug\x64 SET WOLFCRYPTJNI_DLL_DIR=..\..\IDE\WIN\DLL Debug\x64
:: wolfSSL Normal non-FIPS (DLL Release x64) :: wolfSSL Normal non-FIPS (DLL Release x64)

14
examples/certs/systemcerts/system-cacerts-to-wks.sh
View File

@ -29,9 +29,19 @@ export DYLD_LIBRARY_PATH=../../../lib:$DYLD_LIBRARY_PATH
OUTDIR=`pwd` OUTDIR=`pwd`
# First argument can be passed in to represent path to
# wolfcrypt-jni.jar provider JAR. If not given, use default.
if [ -z "$1" ]; then
# default wolfcrypt-jni.jar path
PROVIDER_PATH="../../../lib/wolfcrypt-jni.jar"
else
# use custom provider path
PROVIDER_PATH=$1
fi
# ARGS: <input-keystore-name> <output-keystore-name> <in-password> <out-password> <java home> # ARGS: <input-keystore-name> <output-keystore-name> <in-password> <out-password> <java home>
jks_to_wks() { jks_to_wks() {
${5}/bin/keytool -importkeystore -srckeystore ${1} -destkeystore ${2}.wks -srcstoretype JKS -deststoretype WKS -srcstorepass "$3" -deststorepass "$3" -deststorepass "$4" -provider com.wolfssl.provider.jce.WolfCryptProvider --providerpath ../../../lib/wolfcrypt-jni.jar &> /dev/null ${5}/bin/keytool -importkeystore -srckeystore ${1} -destkeystore ${2}.wks -srcstoretype JKS -deststoretype WKS -srcstorepass "$3" -deststorepass "$3" -deststorepass "$4" -provider com.wolfssl.provider.jce.WolfCryptProvider --providerpath "$PROVIDER_PATH"
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
printf "Failed to convert JKS to WKS!" printf "Failed to convert JKS to WKS!"
exit 1 exit 1
@ -58,6 +68,8 @@ else
javaHome="$JAVA_HOME" javaHome="$JAVA_HOME"
fi fi
echo "PROVIDER_PATH: $PROVIDER_PATH"
# Set up Java include and library paths for OS X and Linux # Set up Java include and library paths for OS X and Linux
# NOTE: you may need to modify these if your platform uses different locations # NOTE: you may need to modify these if your platform uses different locations
if [ "$OS" == "Darwin" ]; then if [ "$OS" == "Darwin" ]; then

4
jni/jni_ecc.c
View File

@ -338,7 +338,9 @@ Java_com_wolfssl_wolfcrypt_Ecc_wc_1ecc_1export_1private(
} }
if (ret == 0) { if (ret == 0) {
PRIVATE_KEY_UNLOCK();
ret = wc_ecc_export_private_only(ecc, output, &outputSz); ret = wc_ecc_export_private_only(ecc, output, &outputSz);
PRIVATE_KEY_LOCK();
} }
if (ret == 0) { if (ret == 0) {
@ -1054,7 +1056,9 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_Ecc_wc_1ecc_1private_1ke
} }
if (ret == 0) { if (ret == 0) {
PRIVATE_KEY_UNLOCK();
ret = wc_EccPrivateKeyToDer(ecc, derKey, derKeySz); ret = wc_EccPrivateKeyToDer(ecc, derKey, derKeySz);
PRIVATE_KEY_LOCK();
if (ret >= 0) { if (ret >= 0) {
derKeySz = ret; derKeySz = ret;
ret = 0; ret = 0;

446
jni/jni_fips.c
View File

@ -218,7 +218,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesSetKey_1fips__Lcom_wol
if (!aes || !key) if (!aes || !key)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#if FIPS_VERSION_GT(5,0)
ret = wc_AesSetKey_fips(aes, key, (word32)size, iv, dir);
#else
ret = AesSetKey_fips(aes, key, (word32)size, iv, dir); ret = AesSetKey_fips(aes, key, (word32)size, iv, dir);
#endif
LogStr("AesSetKey_fips(aes=%p, key, iv, %s) = %d\n", aes, LogStr("AesSetKey_fips(aes=%p, key, iv, %s) = %d\n", aes,
dir ? "dec" : "enc", ret); dir ? "dec" : "enc", ret);
@ -253,8 +257,16 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesSetKey_1fips__Lcom_wol
key = getByteArray(env, key_buffer); key = getByteArray(env, key_buffer);
iv = getByteArray(env, iv_buffer); iv = getByteArray(env, iv_buffer);
ret = (!aes || !key) ? BAD_FUNC_ARG if (aes == NULL || key == NULL) {
: AesSetKey_fips(aes, key, (word32)size, iv, dir); ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_AesSetKey_fips(aes, key, (word32)size, iv, dir);
#else
ret = AesSetKey_fips(aes, key, (word32)size, iv, dir);
#endif
}
LogStr("AesSetKey_fips(aes=%p, key, iv, %s) = %d\n", aes, LogStr("AesSetKey_fips(aes=%p, key, iv, %s) = %d\n", aes,
dir ? "dec" : "enc", ret); dir ? "dec" : "enc", ret);
@ -294,7 +306,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesGcmSetExtIV_1fips__Lco
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#if FIPS_VERSION_GT(5,0)
ret = wc_AesGcmSetExtIV_fips(aes, iv, (word32)size);
#else
ret = AesGcmSetExtIV_fips(aes, iv, (word32)size); ret = AesGcmSetExtIV_fips(aes, iv, (word32)size);
#endif
LogStr("AesGcmSetExtIV_fips(aes=%p, iv) = %d\n", aes, ret); LogStr("AesGcmSetExtIV_fips(aes=%p, iv) = %d\n", aes, ret);
LogStr("iv[%u]: [%p]\n", (word32)size, iv); LogStr("iv[%u]: [%p]\n", (word32)size, iv);
@ -328,7 +344,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesGcmSetExtIV_1fips__Lco
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#if FIPS_VERSION_GT(5,0)
ret = wc_AesGcmSetExtIV_fips(aes, iv, (word32)size);
#else
ret = AesGcmSetExtIV_fips(aes, iv, (word32)size); ret = AesGcmSetExtIV_fips(aes, iv, (word32)size);
#endif
LogStr("AesGcmSetExtIV_fips(aes=%p, iv) = %d\n", aes, ret); LogStr("AesGcmSetExtIV_fips(aes=%p, iv) = %d\n", aes, ret);
LogStr("iv[%u]: [%p]\n", (word32)size, iv); LogStr("iv[%u]: [%p]\n", (word32)size, iv);
@ -362,7 +382,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesSetIV_1fips__Lcom_wolf
if (!aes || !iv) if (!aes || !iv)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#if FIPS_VERSION_GT(5,0)
ret = wc_AesSetIV_fips(aes, iv);
#else
ret = AesSetIV_fips(aes, iv); ret = AesSetIV_fips(aes, iv);
#endif
LogStr("AesSetIV_fips(aes=%p, iv) = %d\n", aes, ret); LogStr("AesSetIV_fips(aes=%p, iv) = %d\n", aes, ret);
LogStr("iv[%u]: [%p]\n", (word32)AES_BLOCK_SIZE, iv); LogStr("iv[%u]: [%p]\n", (word32)AES_BLOCK_SIZE, iv);
@ -391,8 +415,16 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesSetIV_1fips__Lcom_wolf
iv = getByteArray(env, iv_buffer); iv = getByteArray(env, iv_buffer);
ret = (!aes || !iv) ? BAD_FUNC_ARG if (aes == NULL || iv == NULL) {
: AesSetIV_fips(aes, iv); ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_AesSetIV_fips(aes, iv);
#else
ret = AesSetIV_fips(aes, iv);
#endif
}
LogStr("AesSetIV_fips(aes=%p, iv) = %d\n", aes, ret); LogStr("AesSetIV_fips(aes=%p, iv) = %d\n", aes, ret);
LogStr("iv[%u]: [%p]\n", (word32)AES_BLOCK_SIZE, iv); LogStr("iv[%u]: [%p]\n", (word32)AES_BLOCK_SIZE, iv);
@ -429,7 +461,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesCbcEncrypt_1fips__Lcom
if (!aes || !out || !in) if (!aes || !out || !in)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#if FIPS_VERSION_GT(5,0)
ret = wc_AesCbcEncrypt_fips(aes, out, in, (word32) size);
#else
ret = AesCbcEncrypt_fips(aes, out, in, (word32) size); ret = AesCbcEncrypt_fips(aes, out, in, (word32) size);
#endif
LogStr("AesCbcEncrypt_fips(aes=%p, out, in) = %d\n", aes, ret); LogStr("AesCbcEncrypt_fips(aes=%p, out, in) = %d\n", aes, ret);
LogStr("in[%u]: [%p]\n", (word32)size, in); LogStr("in[%u]: [%p]\n", (word32)size, in);
@ -463,9 +499,16 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesCbcEncrypt_1fips__Lcom
out = getByteArray(env, out_buffer); out = getByteArray(env, out_buffer);
in = getByteArray(env, in_buffer); in = getByteArray(env, in_buffer);
ret = (!aes || !out || !in) if (aes == NULL || out == NULL || in == NULL) {
? BAD_FUNC_ARG ret = BAD_FUNC_ARG;
: AesCbcEncrypt_fips(aes, out, in, (word32) size); }
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_AesCbcEncrypt_fips(aes, out, in, (word32) size);
#else
ret = AesCbcEncrypt_fips(aes, out, in, (word32) size);
#endif
}
LogStr("AesCbcEncrypt_fips(aes=%p, out, in) = %d\n", aes, ret); LogStr("AesCbcEncrypt_fips(aes=%p, out, in) = %d\n", aes, ret);
LogStr("in[%u]: [%p]\n", (word32)size, in); LogStr("in[%u]: [%p]\n", (word32)size, in);
@ -505,7 +548,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesCbcDecrypt_1fips__Lcom
if (!aes || !out || !in) if (!aes || !out || !in)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#if FIPS_VERSION_GT(5,0)
ret = wc_AesCbcDecrypt_fips(aes, out, in, (word32) size);
#else
ret = AesCbcDecrypt_fips(aes, out, in, (word32) size); ret = AesCbcDecrypt_fips(aes, out, in, (word32) size);
#endif
LogStr("AesCbcDecrypt_fips(aes=%p, out, in) = %d\n", aes, ret); LogStr("AesCbcDecrypt_fips(aes=%p, out, in) = %d\n", aes, ret);
LogStr("in[%u]: [%p]\n", (word32)size, in); LogStr("in[%u]: [%p]\n", (word32)size, in);
@ -539,9 +586,16 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesCbcDecrypt_1fips__Lcom
out = getByteArray(env, out_buffer); out = getByteArray(env, out_buffer);
in = getByteArray(env, in_buffer); in = getByteArray(env, in_buffer);
ret = (!aes || !out || !in) if (aes == NULL || out == NULL || in == NULL) {
? BAD_FUNC_ARG ret = BAD_FUNC_ARG;
: AesCbcDecrypt_fips(aes, out, in, (word32) size); }
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_AesCbcDecrypt_fips(aes, out, in, (word32) size);
#else
ret = AesCbcDecrypt_fips(aes, out, in, (word32) size);
#endif
}
LogStr("AesCbcDecrypt_fips(aes=%p, out, in) = %d\n", aes, ret); LogStr("AesCbcDecrypt_fips(aes=%p, out, in) = %d\n", aes, ret);
LogStr("in[%u]: [%p]\n", (word32)size, in); LogStr("in[%u]: [%p]\n", (word32)size, in);
@ -579,7 +633,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesGcmSetKey_1fips__Lcom_
if (!aes || !key) if (!aes || !key)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#if FIPS_VERSION_GT(5,0)
ret = wc_AesGcmSetKey_fips(aes, key, (word32)size);
#else
ret = AesGcmSetKey_fips(aes, key, (word32)size); ret = AesGcmSetKey_fips(aes, key, (word32)size);
#endif
LogStr("AesGcmSetKey_fips(aes=%p, key) = %d\n", aes, ret); LogStr("AesGcmSetKey_fips(aes=%p, key) = %d\n", aes, ret);
LogStr("key[%u]: [%p]\n", (word32)size, key); LogStr("key[%u]: [%p]\n", (word32)size, key);
@ -609,8 +667,16 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesGcmSetKey_1fips__Lcom_
key = getByteArray(env, key_buffer); key = getByteArray(env, key_buffer);
ret = (!aes || !key) ? BAD_FUNC_ARG if (aes == NULL || key == NULL) {
: AesGcmSetKey_fips(aes, key, (word32)size); ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_AesGcmSetKey_fips(aes, key, (word32)size);
#else
ret = AesGcmSetKey_fips(aes, key, (word32)size);
#endif
}
LogStr("AesGcmSetKey_fips(aes=%p, key) = %d\n", aes, ret); LogStr("AesGcmSetKey_fips(aes=%p, key) = %d\n", aes, ret);
LogStr("key[%u]: [%p]\n", (word32)size, key); LogStr("key[%u]: [%p]\n", (word32)size, key);
@ -657,8 +723,14 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesGcmEncrypt_1fips__Lcom
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#if FIPS_VERSION_GT(5,0)
ret = wc_AesGcmEncrypt_fips(aes, out, in, (word32)size, iv,
(word32) ivSz, authTag, (word32)authTagSz, authIn,
(word32)authInSz);
#else
ret = AesGcmEncrypt_fips(aes, out, in, (word32)size, iv, (word32)ivSz, ret = AesGcmEncrypt_fips(aes, out, in, (word32)size, iv, (word32)ivSz,
authTag, (word32)authTagSz, authIn, (word32)authInSz); authTag, (word32)authTagSz, authIn, (word32)authInSz);
#endif
LogStr( LogStr(
"AesGcmEncrypt_fips(aes=%p, out, in, iv, authTag, authIn) = %d\n", "AesGcmEncrypt_fips(aes=%p, out, in, iv, authTag, authIn) = %d\n",
@ -714,8 +786,13 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesGcmEncrypt_1fips__Lcom
} }
else { else {
#if FIPS_VERSION_GT(5,0)
ret = wc_AesGcmEncrypt_fips(aes, out, in, (word32)size, iv,
(word32)ivSz, authTag, (word32)authTagSz, authIn, (word32)authInSz);
#else
ret = AesGcmEncrypt_fips(aes, out, in, (word32)size, iv, (word32)ivSz, ret = AesGcmEncrypt_fips(aes, out, in, (word32)size, iv, (word32)ivSz,
authTag, (word32)authTagSz, authIn, (word32)authInSz); authTag, (word32)authTagSz, authIn, (word32)authInSz);
#endif
} }
LogStr( LogStr(
@ -776,8 +853,13 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesGcmDecrypt_1fips__Lcom
|| (!authIn && authInSz)) || (!authIn && authInSz))
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#if FIPS_VERSION_GT(5,0)
ret = wc_AesGcmDecrypt_fips(aes, out, in, (word32)size, iv,
(word32)ivSz, authTag, (word32)authTagSz, authIn, (word32)authInSz);
#else
ret = AesGcmDecrypt_fips(aes, out, in, (word32)size, iv, (word32)ivSz, ret = AesGcmDecrypt_fips(aes, out, in, (word32)size, iv, (word32)ivSz,
authTag, (word32)authTagSz, authIn, (word32)authInSz); authTag, (word32)authTagSz, authIn, (word32)authInSz);
#endif
LogStr( LogStr(
"AesGcmDecrypt_fips(aes=%p, out, in, iv, authTag, authIn) = %d\n", "AesGcmDecrypt_fips(aes=%p, out, in, iv, authTag, authIn) = %d\n",
@ -828,11 +910,18 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_AesGcmDecrypt_1fips__Lcom
authIn = getByteArray(env, authIn_buffer); authIn = getByteArray(env, authIn_buffer);
if (!aes || !out || !in || (!iv && ivSz) || (!authTag && authTagSz) if (!aes || !out || !in || (!iv && ivSz) || (!authTag && authTagSz)
|| (!authIn && authInSz)) || (!authIn && authInSz)) {
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
else }
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_AesGcmDecrypt_fips(aes, out, in, (word32)size, iv,
(word32)ivSz, authTag, (word32)authTagSz, authIn, (word32)authInSz);
#else
ret = AesGcmDecrypt_fips(aes, out, in, (word32)size, iv, (word32)ivSz, ret = AesGcmDecrypt_fips(aes, out, in, (word32)size, iv, (word32)ivSz,
authTag, (word32)authTagSz, authIn, (word32)authInSz); authTag, (word32)authTagSz, authIn, (word32)authInSz);
#endif
}
LogStr( LogStr(
"AesGcmDecrypt_fips(aes=%p, out, in, iv, authTag, authIn) = %d\n", "AesGcmDecrypt_fips(aes=%p, out, in, iv, authTag, authIn) = %d\n",
@ -1196,7 +1285,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_HmacSetKey_1fips__Lcom_wo
if (!hmac || !key) if (!hmac || !key)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#if FIPS_VERSION_GT(5,0)
ret = wc_HmacSetKey_fips(hmac, type, key, (word32)keySz);
#else
ret = HmacSetKey_fips(hmac, type, key, (word32)keySz); ret = HmacSetKey_fips(hmac, type, key, (word32)keySz);
#endif
LogStr("HmacSetKey_fips(hmac=%p, type=%d, key, keySz) = %d\n", hmac, type, LogStr("HmacSetKey_fips(hmac=%p, type=%d, key, keySz) = %d\n", hmac, type,
ret); ret);
@ -1227,8 +1320,16 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_HmacSetKey_1fips__Lcom_wo
key = getByteArray(env, key_buffer); key = getByteArray(env, key_buffer);
ret = (!hmac || !key) ? BAD_FUNC_ARG if (hmac == NULL || key == NULL) {
: HmacSetKey_fips(hmac, type, key, (word32)keySz); ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_HmacSetKey_fips(hmac, type, key, (word32)keySz);
#else
ret = HmacSetKey_fips(hmac, type, key, (word32)keySz);
#endif
}
LogStr("HmacSetKey_fips(hmac=%p, type=%d, key, keySz) = %d\n", hmac, type, LogStr("HmacSetKey_fips(hmac=%p, type=%d, key, keySz) = %d\n", hmac, type,
ret); ret);
@ -1264,7 +1365,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_HmacUpdate_1fips__Lcom_wo
if (!hmac || !data) if (!hmac || !data)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#if FIPS_VERSION_GT(5,0)
ret = wc_HmacUpdate_fips(hmac, data, (word32)len);
#else
ret = HmacUpdate_fips(hmac, data, (word32)len); ret = HmacUpdate_fips(hmac, data, (word32)len);
#endif
LogStr("HmacUpdate_fips(hmac=%p, data, len) = %d\n", hmac, ret); LogStr("HmacUpdate_fips(hmac=%p, data, len) = %d\n", hmac, ret);
LogStr("data[%u]: [%p]\n", (word32)len, data); LogStr("data[%u]: [%p]\n", (word32)len, data);
@ -1294,8 +1399,16 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_HmacUpdate_1fips__Lcom_wo
data = getByteArray(env, data_buffer); data = getByteArray(env, data_buffer);
ret = (!hmac || !data) ? BAD_FUNC_ARG if (hmac == NULL || data == NULL) {
: HmacUpdate_fips(hmac, data, (word32)len); ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_HmacUpdate_fips(hmac, data, (word32)len);
#else
ret = HmacUpdate_fips(hmac, data, (word32)len);
#endif
}
LogStr("HmacUpdate_fips(hmac=%p, data, len) = %d\n", hmac, ret); LogStr("HmacUpdate_fips(hmac=%p, data, len) = %d\n", hmac, ret);
LogStr("data[%u]: [%p]\n", (word32)len, data); LogStr("data[%u]: [%p]\n", (word32)len, data);
@ -1329,7 +1442,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_HmacFinal_1fips__Lcom_wol
if (!hmac || !hash) if (!hmac || !hash)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#if FIPS_VERSION_GT(5,0)
ret = wc_HmacFinal_fips(hmac, hash);
#else
ret = HmacFinal_fips(hmac, hash); ret = HmacFinal_fips(hmac, hash);
#endif
LogStr("HmacFinal_fips(hmac=%p, hash) = %d\n", hmac, ret); LogStr("HmacFinal_fips(hmac=%p, hash) = %d\n", hmac, ret);
@ -1356,8 +1473,16 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_HmacFinal_1fips__Lcom_wol
hash = getByteArray(env, hash_buffer); hash = getByteArray(env, hash_buffer);
ret = (!hmac || !hash) ? BAD_FUNC_ARG if (hmac == NULL || hash == NULL) {
: HmacFinal_fips(hmac, hash); ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_HmacFinal_fips(hmac, hash);
#else
ret = HmacFinal_fips(hmac, hash);
#endif
}
LogStr("HmacFinal_fips(hmac=%p, hash) = %d\n", hmac, ret); LogStr("HmacFinal_fips(hmac=%p, hash) = %d\n", hmac, ret);
@ -1387,7 +1512,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_InitRng_1fips(
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#if FIPS_VERSION_GT(5,0)
ret = wc_InitRng_fips(rng);
#else
ret = InitRng_fips(rng); ret = InitRng_fips(rng);
#endif
LogStr("InitRng_fips(rng=%p) = %d\n", rng, ret); LogStr("InitRng_fips(rng=%p) = %d\n", rng, ret);
@ -1409,7 +1538,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_FreeRng_1fips(
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#if FIPS_VERSION_GT(5,0)
ret = wc_FreeRng_fips(rng);
#else
ret = FreeRng_fips(rng); ret = FreeRng_fips(rng);
#endif
LogStr("FreeRng_fips(rng=%p) = %d\n", rng, ret); LogStr("FreeRng_fips(rng=%p) = %d\n", rng, ret);
@ -1440,7 +1573,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RNG_1GenerateBlock_1fips_
if (!rng || !buf) if (!rng || !buf)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#if FIPS_VERSION_GT(5,0)
ret = wc_RNG_GenerateBlock_fips(rng, buf, (word32)bufSz);
#else
ret = RNG_GenerateBlock_fips(rng, buf, (word32)bufSz); ret = RNG_GenerateBlock_fips(rng, buf, (word32)bufSz);
#endif
LogStr("RNG_GenerateBlock_fips(rng=%p, buf, bufSz) = %d\n", rng, ret); LogStr("RNG_GenerateBlock_fips(rng=%p, buf, bufSz) = %d\n", rng, ret);
LogStr("output[%u]: [%p]\n", (word32)bufSz, buf); LogStr("output[%u]: [%p]\n", (word32)bufSz, buf);
@ -1470,8 +1607,16 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RNG_1GenerateBlock_1fips_
buf = getByteArray(env, buf_buffer); buf = getByteArray(env, buf_buffer);
ret = (!rng || !buf) ? BAD_FUNC_ARG if (rng == NULL || buf == NULL) {
: RNG_GenerateBlock_fips(rng, buf, (word32)bufSz); ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_RNG_GenerateBlock_fips(rng, buf, (word32)bufSz);
#else
ret = RNG_GenerateBlock_fips(rng, buf, (word32)bufSz);
#endif
}
LogStr("RNG_GenerateBlock_fips(rng=%p, buf, bufSz) = %d\n", rng, ret); LogStr("RNG_GenerateBlock_fips(rng=%p, buf, bufSz) = %d\n", rng, ret);
LogStr("output[%u]: [%p]\n", (word32)bufSz, buf); LogStr("output[%u]: [%p]\n", (word32)bufSz, buf);
@ -1500,8 +1645,13 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RNG_1HealthTest_1fips__IL
if (!entropyA || (reseed && !entropyB) || !output) if (!entropyA || (reseed && !entropyB) || !output)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
ret = RNG_HealthTest_fips(reseed, entropyA, (word32)entropyASz, entropyB, #if FIPS_VERSION_GT(5,0)
(word32)entropyBSz, output, (word32)outputSz); ret = wc_RNG_HealthTest_fips(reseed, entropyA, (word32)entropyASz,
entropyB, (word32)entropyBSz, output, (word32)outputSz);
#else
ret = RNG_HealthTest_fips(reseed, entropyA, (word32)entropyASz,
entropyB, (word32)entropyBSz, output, (word32)outputSz);
#endif
LogStr("RNG_HealthTest_fips(reseed=%d, entropyA, entropyASz, " LogStr("RNG_HealthTest_fips(reseed=%d, entropyA, entropyASz, "
"entropyB, entropyBSz, output, outputSz) = %d\n", reseed, ret); "entropyB, entropyBSz, output, outputSz) = %d\n", reseed, ret);
@ -1530,10 +1680,18 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RNG_1HealthTest_1fips__I_
const byte* entropyB = getByteArray(env, entropyB_object); const byte* entropyB = getByteArray(env, entropyB_object);
byte* output = getByteArray(env, output_object); byte* output = getByteArray(env, output_object);
ret = (!entropyA || (reseed && !entropyB) || !output) if (!entropyA || (reseed && !entropyB) || !output) {
? BAD_FUNC_ARG ret = BAD_FUNC_ARG;
: RNG_HealthTest_fips(reseed, entropyA, (word32)entropyASz, entropyB, }
(word32)entropyBSz, output, (word32)outputSz); else {
#if FIPS_VERSION_GT(5,0)
ret = wc_RNG_HealthTest_fips(reseed, entropyA, (word32)entropyASz,
entropyB, (word32)entropyBSz, output, (word32)outputSz);
#else
ret = RNG_HealthTest_fips(reseed, entropyA, (word32)entropyASz,
entropyB, (word32)entropyBSz, output, (word32)outputSz);
#endif
}
LogStr("RNG_HealthTest_fips(reseed=%d, entropyA, entropyASz, " LogStr("RNG_HealthTest_fips(reseed=%d, entropyA, entropyASz, "
"entropyB, entropyBSz, output, outputSz) = %d\n", reseed, ret); "entropyB, entropyBSz, output, outputSz) = %d\n", reseed, ret);
@ -1577,7 +1735,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_InitRsaKey_1fips(
heap = getDirectBufferAddress(env, heap_object); heap = getDirectBufferAddress(env, heap_object);
#if FIPS_VERSION_GT(5,0)
ret = wc_InitRsaKey_fips(key, heap);
#else
ret = InitRsaKey_fips(key, heap); ret = InitRsaKey_fips(key, heap);
#endif
LogStr("InitRsaKey_fips(key=%p, heap=%p) = %d\n", key, heap, ret); LogStr("InitRsaKey_fips(key=%p, heap=%p) = %d\n", key, heap, ret);
@ -1599,7 +1761,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_FreeRsaKey_1fips(
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#if FIPS_VERSION_GT(5,0)
ret = wc_FreeRsaKey_fips(key);
#else
ret = FreeRsaKey_fips(key); ret = FreeRsaKey_fips(key);
#endif
LogStr("FreeRsaKey_fips(key=%p) = %d\n", key, ret); LogStr("FreeRsaKey_fips(key=%p) = %d\n", key, ret);
@ -1643,7 +1809,13 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RsaSSL_1Sign_1fips__Ljava
if (!in || !out) if (!in || !out)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
ret = RsaSSL_Sign_fips(in, (word32)inLen, out, (word32)outLen, key, rng); #if FIPS_VERSION_GT(5,0)
ret = wc_RsaSSL_Sign_fips(in, (word32)inLen, out, (word32)outLen,
key, rng);
#else
ret = RsaSSL_Sign_fips(in, (word32)inLen, out, (word32)outLen,
key, rng);
#endif
LogStr("RsaSSL_Sign_fips(in, inLen, out, outLen, key=%p, rng=%p) = %d\n", LogStr("RsaSSL_Sign_fips(in, inLen, out, outLen, key=%p, rng=%p) = %d\n",
key, rng, ret); key, rng, ret);
@ -1699,8 +1871,13 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RsaSSL_1Sign_1fips___3BJ_
* Providing an rng is optional. RNG_GenerateBlock will return * Providing an rng is optional. RNG_GenerateBlock will return
* BAD_FUNC_ARG on a NULL rng if an RNG is needed by RsaPad. * BAD_FUNC_ARG on a NULL rng if an RNG is needed by RsaPad.
*/ */
#if FIPS_VERSION_GT(5,0)
ret = wc_RsaSSL_Sign_fips(in, (word32)inLen, out, (word32)outLen,
key, rng);
#else
ret = RsaSSL_Sign_fips(in, (word32)inLen, out, (word32)outLen, ret = RsaSSL_Sign_fips(in, (word32)inLen, out, (word32)outLen,
key, rng); key, rng);
#endif
} }
LogStr("RsaSSL_Sign_fips(in, inLen, out, outLen, key=%p, rng=%p) = %d\n", LogStr("RsaSSL_Sign_fips(in, inLen, out, outLen, key=%p, rng=%p) = %d\n",
@ -1748,7 +1925,13 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RsaSSL_1Verify_1fips__Lja
if (!in || !out) if (!in || !out)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
ret = RsaSSL_Verify_fips(in, (word32)inLen, out, (word32)outLen, key); #if FIPS_VERSION_GT(5,0)
ret = wc_RsaSSL_Verify_fips(in, (word32)inLen, out,
(word32)outLen, key);
#else
ret = RsaSSL_Verify_fips(in, (word32)inLen, out,
(word32)outLen, key);
#endif
LogStr("RsaSSL_Verify_fips(in, inLen, out, outLen, key=%p) = %d\n", key, LogStr("RsaSSL_Verify_fips(in, inLen, out, outLen, key=%p) = %d\n", key,
ret); ret);
@ -1793,7 +1976,13 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RsaSSL_1Verify_1fips___3B
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
} }
else { else {
ret = RsaSSL_Verify_fips(in, (word32)inLen, out, (word32)outLen, key); #if FIPS_VERSION_GT(5,0)
ret = wc_RsaSSL_Verify_fips(in, (word32)inLen, out,
(word32)outLen, key);
#else
ret = RsaSSL_Verify_fips(in, (word32)inLen, out,
(word32)outLen, key);
#endif
LogStr("RsaSSL_Verify_fips(in, inLen, out, outLen, key=%p) = %d\n", LogStr("RsaSSL_Verify_fips(in, inLen, out, outLen, key=%p) = %d\n",
key, ret); key, ret);
@ -1824,7 +2013,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RsaEncryptSize_1fips(
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#if FIPS_VERSION_GT(5,0)
ret = wc_RsaEncryptSize_fips(key);
#else
ret = RsaEncryptSize_fips(key); ret = RsaEncryptSize_fips(key);
#endif
LogStr("RsaEncryptSize_fips(key=%p) = %d\n", key, ret); LogStr("RsaEncryptSize_fips(key=%p) = %d\n", key, ret);
@ -2045,7 +2238,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_InitSha_1fips(
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#if FIPS_VERSION_GT(5,0)
ret = wc_InitSha_fips(sha);
#else
ret = InitSha_fips(sha); ret = InitSha_fips(sha);
#endif
#endif #endif
@ -2072,7 +2269,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_ShaUpdate_1fips__Lcom_wol
if (!data) if (!data)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#if FIPS_VERSION_GT(5,0)
ret = wc_ShaUpdate_fips(sha, data, (word32)len);
#else
ret = ShaUpdate_fips(sha, data, (word32)len); ret = ShaUpdate_fips(sha, data, (word32)len);
#endif
LogStr("ShaUpdate_fips(sha=%p, data, len) = %d\n", sha, ret); LogStr("ShaUpdate_fips(sha=%p, data, len) = %d\n", sha, ret);
LogStr("data[%u]: [%p]\n", (word32)len, data); LogStr("data[%u]: [%p]\n", (word32)len, data);
@ -2101,8 +2302,16 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_ShaUpdate_1fips__Lcom_wol
data = getByteArray(env, data_buffer); data = getByteArray(env, data_buffer);
ret = (!data) ? BAD_FUNC_ARG if (data == NULL) {
: ShaUpdate_fips(sha, data, (word32)len); ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_ShaUpdate_fips(sha, data, (word32)len);
#else
ret = ShaUpdate_fips(sha, data, (word32)len);
#endif
}
LogStr("ShaUpdate_fips(sha=%p, data, len) = %d\n", sha, ret); LogStr("ShaUpdate_fips(sha=%p, data, len) = %d\n", sha, ret);
LogStr("data[%u]: [%p]\n", (word32)len, data); LogStr("data[%u]: [%p]\n", (word32)len, data);
@ -2134,7 +2343,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_ShaFinal_1fips__Lcom_wolf
if (!hash) if (!hash)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#if FIPS_VERSION_GT(5,0)
ret = wc_ShaFinal_fips(sha, hash);
#else
ret = ShaFinal_fips(sha, hash); ret = ShaFinal_fips(sha, hash);
#endif
LogStr("ShaFinal_fips(sha=%p, hash) = %d\n", sha, ret); LogStr("ShaFinal_fips(sha=%p, hash) = %d\n", sha, ret);
LogStr("hash[%u]: [%p]\n", (word32)SHA_DIGEST_SIZE, hash); LogStr("hash[%u]: [%p]\n", (word32)SHA_DIGEST_SIZE, hash);
@ -2162,8 +2375,16 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_ShaFinal_1fips__Lcom_wolf
hash = getByteArray(env, hash_buffer); hash = getByteArray(env, hash_buffer);
ret = (!hash) ? BAD_FUNC_ARG if (hash == NULL) {
: ShaFinal_fips(sha, hash); ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_ShaFinal_fips(sha, hash);
#else
ret = ShaFinal_fips(sha, hash);
#endif
}
LogStr("ShaFinal_fips(sha=%p, hash) = %d\n", sha, ret); LogStr("ShaFinal_fips(sha=%p, hash) = %d\n", sha, ret);
LogStr("hash[%u]: [%p]\n", (word32)SHA_DIGEST_SIZE, hash); LogStr("hash[%u]: [%p]\n", (word32)SHA_DIGEST_SIZE, hash);
@ -2190,7 +2411,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_InitSha256_1fips(
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#if FIPS_VERSION_GT(5,0)
ret = wc_InitSha256_fips(sha);
#else
ret = InitSha256_fips(sha); ret = InitSha256_fips(sha);
#endif
#endif #endif
@ -2217,7 +2442,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_Sha256Update_1fips__Lcom_
if (!data) if (!data)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#if FIPS_VERSION_GT(5,0)
ret = wc_Sha256Update_fips(sha, data, (word32)len);
#else
ret = Sha256Update_fips(sha, data, (word32)len); ret = Sha256Update_fips(sha, data, (word32)len);
#endif
LogStr("Sha256Update_fips(sha=%p, data, len) = %d\n", sha, ret); LogStr("Sha256Update_fips(sha=%p, data, len) = %d\n", sha, ret);
LogStr("data[%u]: [%p]\n", (word32)len, data); LogStr("data[%u]: [%p]\n", (word32)len, data);
@ -2246,8 +2475,16 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_Sha256Update_1fips__Lcom_
data = getByteArray(env, data_buffer); data = getByteArray(env, data_buffer);
ret = (!data) ? BAD_FUNC_ARG if (data == NULL) {
: Sha256Update_fips(sha, data, (word32)len); ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_Sha256Update_fips(sha, data, (word32)len);
#else
ret = Sha256Update_fips(sha, data, (word32)len);
#endif
}
LogStr("Sha256Update_fips(sha=%p, data, len) = %d\n", sha, ret); LogStr("Sha256Update_fips(sha=%p, data, len) = %d\n", sha, ret);
LogStr("data[%u]: [%p]\n", (word32)len, data); LogStr("data[%u]: [%p]\n", (word32)len, data);
@ -2279,7 +2516,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_Sha256Final_1fips__Lcom_w
if (!hash) if (!hash)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#if FIPS_VERSION_GT(5,0)
ret = wc_Sha256Final_fips(sha, hash);
#else
ret = Sha256Final_fips(sha, hash); ret = Sha256Final_fips(sha, hash);
#endif
LogStr("Sha256Final_fips(sha=%p, hash) = %d\n", sha, ret); LogStr("Sha256Final_fips(sha=%p, hash) = %d\n", sha, ret);
LogStr("hash[%u]: [%p]\n", (word32)SHA256_DIGEST_SIZE, hash); LogStr("hash[%u]: [%p]\n", (word32)SHA256_DIGEST_SIZE, hash);
@ -2306,8 +2547,17 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_Sha256Final_1fips__Lcom_w
} }
hash = getByteArray(env, hash_buffer); hash = getByteArray(env, hash_buffer);
ret = (!hash) ? BAD_FUNC_ARG
: Sha256Final_fips(sha, hash); if (hash == NULL) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_Sha256Final_fips(sha, hash);
#else
ret = Sha256Final_fips(sha, hash);
#endif
}
LogStr("Sha256Final_fips(sha=%p, hash) = %d\n", sha, ret); LogStr("Sha256Final_fips(sha=%p, hash) = %d\n", sha, ret);
LogStr("hash[%u]: [%p]\n", (word32)SHA256_DIGEST_SIZE, hash); LogStr("hash[%u]: [%p]\n", (word32)SHA256_DIGEST_SIZE, hash);
@ -2334,7 +2584,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_InitSha384_1fips(
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#if FIPS_VERSION_GT(5,0)
ret = wc_InitSha384_fips(sha);
#else
ret = InitSha384_fips(sha); ret = InitSha384_fips(sha);
#endif
#endif #endif
@ -2361,7 +2615,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_Sha384Update_1fips__Lcom_
if (!data) if (!data)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#if FIPS_VERSION_GT(5,0)
ret = wc_Sha384Update_fips(sha, data, (word32)len);
#else
ret = Sha384Update_fips(sha, data, (word32)len); ret = Sha384Update_fips(sha, data, (word32)len);
#endif
LogStr("Sha384Update_fips(sha=%p, data, len) = %d\n", sha, ret); LogStr("Sha384Update_fips(sha=%p, data, len) = %d\n", sha, ret);
LogStr("data[%u]: [%p]\n", (word32)len, data); LogStr("data[%u]: [%p]\n", (word32)len, data);
@ -2389,8 +2647,17 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_Sha384Update_1fips__Lcom_
} }
data = getByteArray(env, data_buffer); data = getByteArray(env, data_buffer);
ret = (!data) ? BAD_FUNC_ARG
: Sha384Update_fips(sha, data, (word32)len); if (data == NULL) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_Sha384Update_fips(sha, data, (word32)len);
#else
ret = Sha384Update_fips(sha, data, (word32)len);
#endif
}
LogStr("Sha384Update_fips(sha=%p, data, len) = %d\n", sha, ret); LogStr("Sha384Update_fips(sha=%p, data, len) = %d\n", sha, ret);
LogStr("data[%u]: [%p]\n", (word32)len, data); LogStr("data[%u]: [%p]\n", (word32)len, data);
@ -2422,7 +2689,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_Sha384Final_1fips__Lcom_w
if (!hash) if (!hash)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#if FIPS_VERSION_GT(5,0)
ret = wc_Sha384Final_fips(sha, hash);
#else
ret = Sha384Final_fips(sha, hash); ret = Sha384Final_fips(sha, hash);
#endif
LogStr("Sha384Final_fips(sha=%p, hash) = %d\n", sha, ret); LogStr("Sha384Final_fips(sha=%p, hash) = %d\n", sha, ret);
LogStr("hash[%u]: [%p]\n", (word32)SHA384_DIGEST_SIZE, hash); LogStr("hash[%u]: [%p]\n", (word32)SHA384_DIGEST_SIZE, hash);
@ -2449,8 +2720,17 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_Sha384Final_1fips__Lcom_w
} }
hash = getByteArray(env, hash_buffer); hash = getByteArray(env, hash_buffer);
ret = (!hash) ? BAD_FUNC_ARG
: Sha384Final_fips(sha, hash); if (hash == NULL) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_Sha384Final_fips(sha, hash);
#else
ret = Sha384Final_fips(sha, hash);
#endif
}
LogStr("Sha384Final_fips(sha=%p, hash) = %d\n", sha, ret); LogStr("Sha384Final_fips(sha=%p, hash) = %d\n", sha, ret);
LogStr("hash[%u]: [%p]\n", (word32)SHA384_DIGEST_SIZE, hash); LogStr("hash[%u]: [%p]\n", (word32)SHA384_DIGEST_SIZE, hash);
@ -2477,7 +2757,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_InitSha512_1fips(
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#if FIPS_VERSION_GT(5,0)
ret = wc_InitSha512_fips(sha);
#else
ret = InitSha512_fips(sha); ret = InitSha512_fips(sha);
#endif
#endif #endif
@ -2504,7 +2788,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_Sha512Update_1fips__Lcom_
if (!data) if (!data)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#if FIPS_VERSION_GT(5,0)
ret = wc_Sha512Update_fips(sha, data, (word32)len);
#else
ret = Sha512Update_fips(sha, data, (word32)len); ret = Sha512Update_fips(sha, data, (word32)len);
#endif
LogStr("Sha512Update_fips(sha=%p, data, len) = %d\n", sha, ret); LogStr("Sha512Update_fips(sha=%p, data, len) = %d\n", sha, ret);
LogStr("data[%u]: [%p]\n", (word32)len, data); LogStr("data[%u]: [%p]\n", (word32)len, data);
@ -2532,8 +2820,17 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_Sha512Update_1fips__Lcom_
} }
data = getByteArray(env, data_buffer); data = getByteArray(env, data_buffer);
ret = (!data) ? BAD_FUNC_ARG
: Sha512Update_fips(sha, data, (word32)len); if (data == NULL) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_Sha512Update_fips(sha, data, (word32)len);
#else
ret = Sha512Update_fips(sha, data, (word32)len);
#endif
}
LogStr("Sha512Update_fips(sha=%p, data, len) = %d\n", sha, ret); LogStr("Sha512Update_fips(sha=%p, data, len) = %d\n", sha, ret);
LogStr("data[%u]: [%p]\n", (word32)len, data); LogStr("data[%u]: [%p]\n", (word32)len, data);
@ -2565,7 +2862,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_Sha512Final_1fips__Lcom_w
if (!hash) if (!hash)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#if FIPS_VERSION_GT(5,0)
ret = wc_Sha512Final_fips(sha, hash);
#else
ret = Sha512Final_fips(sha, hash); ret = Sha512Final_fips(sha, hash);
#endif
LogStr("Sha512Final_fips(sha=%p, hash) = %d\n", sha, ret); LogStr("Sha512Final_fips(sha=%p, hash) = %d\n", sha, ret);
LogStr("hash[%u]: [%p]\n", (word32)SHA512_DIGEST_SIZE, hash); LogStr("hash[%u]: [%p]\n", (word32)SHA512_DIGEST_SIZE, hash);
@ -2592,8 +2893,17 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_Sha512Final_1fips__Lcom_w
} }
hash = getByteArray(env, hash_buffer); hash = getByteArray(env, hash_buffer);
ret = (!hash) ? BAD_FUNC_ARG
: Sha512Final_fips(sha, hash); if (hash == NULL) {
ret = BAD_FUNC_ARG;
}
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_Sha512Final_fips(sha, hash);
#else
ret = Sha512Final_fips(sha, hash);
#endif
}
LogStr("Sha512Final_fips(sha=%p, hash) = %d\n", sha, ret); LogStr("Sha512Final_fips(sha=%p, hash) = %d\n", sha, ret);
LogStr("hash[%u]: [%p]\n", (word32)SHA512_DIGEST_SIZE, hash); LogStr("hash[%u]: [%p]\n", (word32)SHA512_DIGEST_SIZE, hash);
@ -2671,8 +2981,13 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RsaPublicEncrypt_1fips__L
if (!in || !out) if (!in || !out)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#if FIPS_VERSION_GT(5,0)
ret = wc_RsaPublicEncrypt_fips(in, (word32)inLen, out, (word32)outLen,
key, rng);
#else
ret = RsaPublicEncrypt_fips(in, (word32)inLen, out, (word32)outLen, ret = RsaPublicEncrypt_fips(in, (word32)inLen, out, (word32)outLen,
key, rng); key, rng);
#endif
LogStr( LogStr(
"RsaPublicEncrypt_fips(in, inLen, out, outLen, key=%p, rng=%p) = %d\n", "RsaPublicEncrypt_fips(in, inLen, out, outLen, key=%p, rng=%p) = %d\n",
@ -2717,10 +3032,18 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RsaPublicEncrypt_1fips___
* Providing an rng is optional. RNG_GenerateBlock will return BAD_FUNC_ARG * Providing an rng is optional. RNG_GenerateBlock will return BAD_FUNC_ARG
* on a NULL rng if an RNG is needed by RsaPad. * on a NULL rng if an RNG is needed by RsaPad.
*/ */
ret = (!in || !out) if (in == NULL || out == NULL) {
? BAD_FUNC_ARG ret = BAD_FUNC_ARG;
: RsaPublicEncrypt_fips(in, (word32)inLen, out, (word32)outLen, }
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_RsaPublicEncrypt_fips(in, (word32)inLen, out, (word32)outLen,
key, rng); key, rng);
#else
ret = RsaPublicEncrypt_fips(in, (word32)inLen, out, (word32)outLen,
key, rng);
#endif
}
LogStr( LogStr(
"RsaPublicEncrypt_fips(in, inLen, out, outLen, key=%p, rng=%p) = %d\n", "RsaPublicEncrypt_fips(in, inLen, out, outLen, key=%p, rng=%p) = %d\n",
@ -2761,7 +3084,13 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RsaPrivateDecrypt_1fips__
if (!in || !out) if (!in || !out)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
ret = RsaPrivateDecrypt_fips(in, (word32)inLen, out, (word32)outLen, key); #if FIPS_VERSION_GT(5,0)
ret = wc_RsaPrivateDecrypt_fips(in, (word32)inLen, out,
(word32)outLen, key);
#else
ret = RsaPrivateDecrypt_fips(in, (word32)inLen, out,
(word32)outLen, key);
#endif
LogStr("RsaPrivateDecrypt_fips(in, inLen, out, outLen, key=%p) = %d\n", key, LogStr("RsaPrivateDecrypt_fips(in, inLen, out, outLen, key=%p) = %d\n", key,
ret); ret);
@ -2795,9 +3124,18 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_Fips_RsaPrivateDecrypt_1fips__
in = getByteArray(env, in_object); in = getByteArray(env, in_object);
out = getByteArray(env, out_object); out = getByteArray(env, out_object);
ret = (!in || !out) if (in == NULL || out == NULL) {
? BAD_FUNC_ARG ret = BAD_FUNC_ARG;
: RsaPrivateDecrypt_fips(in, (word32)inLen, out, (word32)outLen, key); }
else {
#if FIPS_VERSION_GT(5,0)
ret = wc_RsaPrivateDecrypt_fips(in, (word32)inLen, out,
(word32)outLen, key);
#else
ret = RsaPrivateDecrypt_fips(in, (word32)inLen, out,
(word32)outLen, key);
#endif
}
LogStr("RsaPrivateDecrypt_fips(in, inLen, out, outLen, key=%p) = %d\n", key, LogStr("RsaPrivateDecrypt_fips(in, inLen, out, outLen, key=%p) = %d\n", key,
ret); ret);

4
jni/jni_jce_wolfsslkeystore.c
View File

@ -96,9 +96,11 @@ JNIEXPORT jboolean JNICALL Java_com_wolfssl_provider_jce_WolfSSLKeyStore_X509Che
} }
if (ret == WOLFSSL_SUCCESS) { if (ret == WOLFSSL_SUCCESS) {
PRIVATE_KEY_UNLOCK();
ret = wolfSSL_X509_check_private_key(x509, key); ret = wolfSSL_X509_check_private_key(x509, key);
PRIVATE_KEY_LOCK();
if (ret != WOLFSSL_SUCCESS) { if (ret != WOLFSSL_SUCCESS) {
fprintf(stderr, "Native wolfSSL_X509_check_private_key() failed"); fprintf(stderr, "Native wolfSSL_X509_check_private_key() failed: %d", ret);
} }
} }

4
pom.xml
View File

@ -4,7 +4,7 @@
<modelVersion>4.0.0</modelVersion> <modelVersion>4.0.0</modelVersion>
<groupId>com.wolfssl</groupId> <groupId>com.wolfssl</groupId>
<artifactId>wolfcrypt-jni</artifactId> <artifactId>wolfcrypt-jni</artifactId>
<version>1.6.0-SNAPSHOT</version> <version>1.7.0-SNAPSHOT</version>
<packaging>jar</packaging> <packaging>jar</packaging>
<name>wolfcrypt-jni</name> <name>wolfcrypt-jni</name>
<url>https://www.wolfssl.com</url> <url>https://www.wolfssl.com</url>
@ -30,6 +30,8 @@
</dependencies> </dependencies>
<build> <build>
<sourceDirectory>./src/main/java</sourceDirectory>
<testSourceDirectory>./src/test/java</testSourceDirectory>
<plugins> <plugins>
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>

2
scripts/infer.sh
View File

@ -77,7 +77,7 @@ infer --fail-on-issue run -- javac \
src/main/java/com/wolfssl/provider/jce/WolfCryptProvider.java \ src/main/java/com/wolfssl/provider/jce/WolfCryptProvider.java \
src/main/java/com/wolfssl/provider/jce/WolfCryptRandom.java \ src/main/java/com/wolfssl/provider/jce/WolfCryptRandom.java \
src/main/java/com/wolfssl/provider/jce/WolfCryptSecretKeyFactory.java \ src/main/java/com/wolfssl/provider/jce/WolfCryptSecretKeyFactory.java \
src/main/java/com/wolfssl/provider/jce/WolfCryptSignature.java src/main/java/com/wolfssl/provider/jce/WolfCryptSignature.java \
src/main/java/com/wolfssl/provider/jce/WolfSSLKeyStore.java src/main/java/com/wolfssl/provider/jce/WolfSSLKeyStore.java
RETVAL=$? RETVAL=$?

2
src/main/java/com/wolfssl/provider/jce/WolfCryptProvider.java
View File

@ -36,7 +36,7 @@ public final class WolfCryptProvider extends Provider {
* Create new WolfCryptProvider object * Create new WolfCryptProvider object
*/ */
public WolfCryptProvider() { public WolfCryptProvider() {
super("wolfJCE", 1.6, "wolfCrypt JCE Provider"); super("wolfJCE", 1.7, "wolfCrypt JCE Provider");
/* MessageDigest */ /* MessageDigest */
if (FeatureDetect.Md5Enabled()) { if (FeatureDetect.Md5Enabled()) {

2
src/main/java/com/wolfssl/wolfcrypt/Chacha.java
View File

@ -150,11 +150,13 @@ public class Chacha extends NativeStruct {
checkStateAndInitialize(); checkStateAndInitialize();
throwIfKeyExists(); throwIfKeyExists();
synchronized (stateLock) {
synchronized (pointerLock) { synchronized (pointerLock) {
wc_Chacha_setKey(Key); wc_Chacha_setKey(Key);
} }
state = WolfCryptState.READY; state = WolfCryptState.READY;
} }
}
/** /**
* Set ChaCha initialization vector * Set ChaCha initialization vector

10
src/main/java/com/wolfssl/wolfcrypt/Curve25519.java
View File

@ -166,11 +166,13 @@ public class Curve25519 extends NativeStruct {
checkStateAndInitialize(); checkStateAndInitialize();
throwIfKeyExists(); throwIfKeyExists();
synchronized (stateLock) {
synchronized (pointerLock) { synchronized (pointerLock) {
wc_curve25519_make_key(rng, size); wc_curve25519_make_key(rng, size);
} }
state = WolfCryptState.READY; state = WolfCryptState.READY;
} }
}
/** /**
* Generate new Curve25519 key with specified endianness. * Generate new Curve25519 key with specified endianness.
@ -189,11 +191,13 @@ public class Curve25519 extends NativeStruct {
checkStateAndInitialize(); checkStateAndInitialize();
throwIfKeyExists(); throwIfKeyExists();
synchronized (stateLock) {
synchronized (pointerLock) { synchronized (pointerLock) {
wc_curve25519_make_key_ex(rng, size, endian); wc_curve25519_make_key_ex(rng, size, endian);
} }
state = WolfCryptState.READY; state = WolfCryptState.READY;
} }
}
/** /**
* Check Curve25519 key for correctness. * Check Curve25519 key for correctness.
@ -230,11 +234,13 @@ public class Curve25519 extends NativeStruct {
checkStateAndInitialize(); checkStateAndInitialize();
throwIfKeyExists(); throwIfKeyExists();
synchronized (stateLock) {
synchronized (pointerLock) { synchronized (pointerLock) {
wc_curve25519_import_private(privKey, xKey); wc_curve25519_import_private(privKey, xKey);
} }
state = WolfCryptState.READY; state = WolfCryptState.READY;
} }
}
/** /**
* Import private key from byte array. * Import private key from byte array.
@ -252,11 +258,13 @@ public class Curve25519 extends NativeStruct {
checkStateAndInitialize(); checkStateAndInitialize();
throwIfKeyExists(); throwIfKeyExists();
synchronized (stateLock) {
synchronized (pointerLock) { synchronized (pointerLock) {
wc_curve25519_import_private_only(privKey); wc_curve25519_import_private_only(privKey);
} }
state = WolfCryptState.READY; state = WolfCryptState.READY;
} }
}
/** /**
* Import public key from byte array. * Import public key from byte array.
@ -274,11 +282,13 @@ public class Curve25519 extends NativeStruct {
checkStateAndInitialize(); checkStateAndInitialize();
throwIfKeyExists(); throwIfKeyExists();
synchronized (stateLock) {
synchronized (pointerLock) { synchronized (pointerLock) {
wc_curve25519_import_public(pubKey); wc_curve25519_import_public(pubKey);
} }
state = WolfCryptState.READY; state = WolfCryptState.READY;
} }
}
/** /**
* Export private key as byte array. * Export private key as byte array.

8
src/main/java/com/wolfssl/wolfcrypt/Ed25519.java
View File

@ -165,11 +165,13 @@ public class Ed25519 extends NativeStruct {
checkStateAndInitialize(); checkStateAndInitialize();
throwIfKeyExists(); throwIfKeyExists();
synchronized (stateLock) {
synchronized (pointerLock) { synchronized (pointerLock) {
wc_ed25519_make_key(rng, size); wc_ed25519_make_key(rng, size);
} }
state = WolfCryptState.READY; state = WolfCryptState.READY;
} }
}
/** /**
* Check correctness of Ed25519 key. * Check correctness of Ed25519 key.
@ -208,11 +210,13 @@ public class Ed25519 extends NativeStruct {
checkStateAndInitialize(); checkStateAndInitialize();
throwIfKeyExists(); throwIfKeyExists();
synchronized (stateLock) {
synchronized (pointerLock) { synchronized (pointerLock) {
wc_ed25519_import_private(privKey, Key); wc_ed25519_import_private(privKey, Key);
} }
state = WolfCryptState.READY; state = WolfCryptState.READY;
} }
}
/** /**
* Import only private Ed25519 key. * Import only private Ed25519 key.
@ -230,11 +234,13 @@ public class Ed25519 extends NativeStruct {
checkStateAndInitialize(); checkStateAndInitialize();
throwIfKeyExists(); throwIfKeyExists();
synchronized (stateLock) {
synchronized (pointerLock) { synchronized (pointerLock) {
wc_ed25519_import_private_only(privKey); wc_ed25519_import_private_only(privKey);
} }
state = WolfCryptState.READY; state = WolfCryptState.READY;
} }
}
/** /**
* Import only public Ed25519 key. * Import only public Ed25519 key.
@ -252,11 +258,13 @@ public class Ed25519 extends NativeStruct {
checkStateAndInitialize(); checkStateAndInitialize();
throwIfKeyExists(); throwIfKeyExists();
synchronized (stateLock) {
synchronized (pointerLock) { synchronized (pointerLock) {
wc_ed25519_import_public(Key); wc_ed25519_import_public(Key);
} }
state = WolfCryptState.READY; state = WolfCryptState.READY;
} }
}
/** /**
* Export raw private Ed25519 key including public part. * Export raw private Ed25519 key including public part.

5
src/main/java/com/wolfssl/wolfcrypt/WolfCryptError.java
View File

@ -341,8 +341,11 @@ public enum WolfCryptError {
/** DH KAT failure */ /** DH KAT failure */
DH_KAT_FIPS_E (-256), DH_KAT_FIPS_E (-256),
/** Cannot export private key */
FIPS_PRIVATE_KEY_LOCKED_E (-287),
/** Update this to indicate last error */ /** Update this to indicate last error */
WC_LAST_E (-256), WC_LAST_E (-299),
/** errors -101 - -299 */ /** errors -101 - -299 */
MIN_CODE_E (-300); MIN_CODE_E (-300);

29
src/test/java/com/wolfssl/provider/jce/test/WolfSSLKeyStoreTest.java
View File

@ -66,6 +66,11 @@ import java.security.spec.InvalidKeySpecException;
import javax.crypto.KeyGenerator; import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey; import javax.crypto.SecretKey;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.PrintStream;
import com.wolfssl.provider.jce.WolfCryptProvider; import com.wolfssl.provider.jce.WolfCryptProvider;
public class WolfSSLKeyStoreTest { public class WolfSSLKeyStoreTest {
@ -173,6 +178,17 @@ public class WolfSSLKeyStoreTest {
return false; return false;
} }
/**
* Test if this environment is Windows.
* @return true if Windows, otherwise false.
*/
private static boolean isWindows() {
if (System.getProperty("os.name").startsWith("Windows")) {
return true;
}
return false;
}
/** /**
* Read in and convert DER private key into PrivateKey object. * Read in and convert DER private key into PrivateKey object.
* *
@ -1423,7 +1439,9 @@ public class WolfSSLKeyStoreTest {
String scriptName = "system-cacerts-to-wks.sh"; String scriptName = "system-cacerts-to-wks.sh";
String cacertsWKS = "cacerts.wks"; String cacertsWKS = "cacerts.wks";
String jssecacertsWKS = "jssecacerts.wks"; String jssecacertsWKS = "jssecacerts.wks";
String cmd = "cd " + userDir + scriptDir + " && /bin/sh " + scriptName; String providerJARPath = "/lib/wolfcrypt-jni.jar";
String cmd = "cd " + userDir + scriptDir + " && /bin/sh " + scriptName +
" " + userDir + providerJARPath;
KeyStore store = null; KeyStore store = null;
String cacertsPass = "changeitchangeit"; String cacertsPass = "changeitchangeit";
File cacertFile = null; File cacertFile = null;
@ -1432,6 +1450,15 @@ public class WolfSSLKeyStoreTest {
* and cacert gen script won't be there. */ * and cacert gen script won't be there. */
Assume.assumeTrue(!isAndroid()); Assume.assumeTrue(!isAndroid());
/* Skip running this test on Windows until portabiliy of running
* above script is figured out. */
Assume.assumeTrue(!isWindows());
/* Skip of wolfcrypt-jni.jar does not exist. This can happen if we
* are running via 'mvn test' and the jar has not been created yet */
File jarFile = new File(userDir + providerJARPath);
Assume.assumeTrue(jarFile.exists());
assertNotNull(userDir); assertNotNull(userDir);
/* Call system-cacerts-to-wks.sh script, converts system cacerts /* Call system-cacerts-to-wks.sh script, converts system cacerts