WolfSSL
/
wolfssljni
mirror of https://github.com/wolfSSL/wolfssljni.git
1
0
Fork 0
Code Issues Releases Wiki Activity

JNI: add DTLS 1.3 to JNI-only layer

pull/254/head
Chris Conlon 2024-10-14 15:00:54 -06:00
parent 45810c8fbf
commit 36a1057366
8 changed files with 276 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
examples/Client.java
View File

@ -222,11 +222,16 @@ public class Client {
/* sort out DTLS versus TLS versions */
if (doDTLS == 1) {
if (sslVersion == 3)
if (sslVersion == 4) {
sslVersion = -3;
}
else if (sslVersion == 3) {
sslVersion = -2;
else
}
else {
sslVersion = -1;
}
}
/* init library */
WolfSSL sslLib = new WolfSSL();
@ -260,6 +265,9 @@ public class Client {
case -2:
method = WolfSSL.DTLSv1_2_ClientMethod();
break;
case -3:
method = WolfSSL.DTLSv1_3_ClientMethod();
break;
default:
System.err.println("Bad SSL version");
System.exit(1);
@ -786,7 +794,7 @@ public class Client {
System.out.println("-d\t\tDisable peer checks");
if (WolfSSL.isEnabledDTLS() == 1)
System.out.println("-u\t\tUse UDP DTLS, add -v 2 for DTLSv1 " +
"(default), -v 3 for DTLSv1.2");
"(default), -v 3 for DTLSv1.2, -v 4 for DTLSv1.3");
System.out.println("-iocb\t\tEnable test I/O callbacks");
System.out.println("-logtest\tEnable test logging callback");
if (WolfSSL.isEnabledOCSP() == 1) {

14
examples/Server.java
View File

@ -209,11 +209,16 @@ public class Server {
/* sort out DTLS versus TLS versions */
if (doDTLS == 1) {
if (sslVersion == 3)
if (sslVersion == 4) {
sslVersion = -3;
}
else if (sslVersion == 3) {
sslVersion = -2;
else
}
else {
sslVersion = -1;
}
}
/* init library */
WolfSSL sslLib = new WolfSSL();
@ -247,6 +252,9 @@ public class Server {
case -2:
method = WolfSSL.DTLSv1_2_ServerMethod();
break;
case -3:
method = WolfSSL.DTLSv1_3_ServerMethod();
break;
default:
System.err.println("Bad SSL version");
System.exit(1);
@ -683,7 +691,7 @@ public class Server {
System.out.println("-s\t\tUse pre shared keys");
if (WolfSSL.isEnabledDTLS() == 1)
System.out.println("-u\t\tUse UDP DTLS, add -v 2 for DTLSv1 (default)" +
", -v 3 for DTLSv1.2");
", -v 3 for DTLSv1.2, -v 4 for DTLSv1.3");
System.out.println("-iocb\t\tEnable test I/O callbacks");
System.out.println("-logtest\tEnable test logging callback");
if (WolfSSL.isEnabledOCSP() == 1) {

142
native/com_wolfssl_WolfSSL.c
View File

@ -747,7 +747,7 @@ JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_SSLv3_1ServerMethod
#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
return (jlong)(uintptr_t)wolfSSLv3_server_method();
#else
return NOT_COMPILED_IN;
return 0;
#endif
}
@ -760,7 +760,7 @@ JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_SSLv3_1ClientMethod
#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
return (jlong)(uintptr_t)wolfSSLv3_client_method();
#else
return NOT_COMPILED_IN;
return 0;
#endif
}
@ -773,7 +773,7 @@ JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_TLSv1_1Method
#if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
return (jlong)(uintptr_t)wolfTLSv1_method();
#else
return NOT_COMPILED_IN;
return 0;
#endif
}
@ -786,7 +786,7 @@ JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_TLSv1_1ServerMethod
#if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
return (jlong)(uintptr_t)wolfTLSv1_server_method();
#else
return NOT_COMPILED_IN;
return 0;
#endif
}
@ -799,7 +799,7 @@ JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_TLSv1_1ClientMethod
#if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
return (jlong)(uintptr_t)wolfTLSv1_client_method();
#else
return NOT_COMPILED_IN;
return 0;
#endif
}
@ -812,7 +812,7 @@ JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_TLSv1_11_1Method
#ifndef NO_OLD_TLS
return (jlong)(uintptr_t)wolfTLSv1_1_method();
#else
return NOT_COMPILED_IN;
return 0;
#endif
}
@ -825,7 +825,7 @@ JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_TLSv1_11_1ServerMethod
#ifndef NO_OLD_TLS
return (jlong)(uintptr_t)wolfTLSv1_1_server_method();
#else
return NOT_COMPILED_IN;
return 0;
#endif
}
@ -838,7 +838,7 @@ JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_TLSv1_11_1ClientMethod
#ifndef NO_OLD_TLS
return (jlong)(uintptr_t)wolfTLSv1_1_client_method();
#else
return NOT_COMPILED_IN;
return 0;
#endif
}
@ -878,7 +878,7 @@ JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_TLSv1_13_1Method
#ifdef WOLFSSL_TLS13
return (jlong)(uintptr_t)wolfTLSv1_3_method();
#else
return NOT_COMPILED_IN;
return 0;
#endif
}
@ -891,7 +891,7 @@ JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_TLSv1_13_1ServerMethod
#ifdef WOLFSSL_TLS13
return (jlong)(uintptr_t)wolfTLSv1_3_server_method();
#else
return NOT_COMPILED_IN;
return 0;
#endif
}
@ -904,7 +904,7 @@ JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_TLSv1_13_1ClientMethod
#ifdef WOLFSSL_TLS13
return (jlong)(uintptr_t)wolfTLSv1_3_client_method();
#else
return NOT_COMPILED_IN;
return 0;
#endif
}
@ -917,7 +917,7 @@ JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_DTLSv1_1Method
#if defined(WOLFSSL_DTLS) && !defined(NO_OLD_TLS)
return (jlong)(uintptr_t)wolfDTLSv1_method();
#else
return NOT_COMPILED_IN;
return 0;
#endif
}
@ -930,7 +930,7 @@ JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_DTLSv1_1ClientMethod
#if defined(WOLFSSL_DTLS) && !defined(NO_OLD_TLS)
return (jlong)(uintptr_t)wolfDTLSv1_client_method();
#else
return NOT_COMPILED_IN;
return 0;
#endif
}
@ -943,7 +943,7 @@ JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_DTLSv1_1ServerMethod
#if defined(WOLFSSL_DTLS) && !defined(NO_OLD_TLS)
return (jlong)(uintptr_t)wolfDTLSv1_server_method();
#else
return NOT_COMPILED_IN;
return 0;
#endif
}
@ -956,7 +956,7 @@ JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_DTLSv1_12_1Method
#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
return (jlong)(uintptr_t)wolfDTLSv1_2_method();
#else
return NOT_COMPILED_IN;
return 0;
#endif
}
@ -969,7 +969,7 @@ JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_DTLSv1_12_1ClientMethod
#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
return (jlong)(uintptr_t)wolfDTLSv1_2_client_method();
#else
return NOT_COMPILED_IN;
return 0;
#endif
}
@ -982,7 +982,46 @@ JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_DTLSv1_12_1ServerMethod
#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
return (jlong)(uintptr_t)wolfDTLSv1_2_server_method();
#else
return NOT_COMPILED_IN;
return 0;
#endif
}
JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_DTLSv1_13_1Method
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;
#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS13)
return (jlong)(uintptr_t)wolfDTLSv1_3_method();
#else
return 0;
#endif
}
JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_DTLSv1_13_1ServerMethod
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;
#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS13)
return (jlong)(uintptr_t)wolfDTLSv1_3_server_method();
#else
return 0;
#endif
}
JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_DTLSv1_13_1ClientMethod
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;
#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS13)
return (jlong)(uintptr_t)wolfDTLSv1_3_client_method();
#else
return 0;
#endif
}
@ -1652,7 +1691,7 @@ JNIEXPORT jstring JNICALL Java_com_wolfssl_WolfSSL_getAvailableCipherSuitesIana
return NULL;
}
if (protocolVersion < 0 || protocolVersion > 5) {
if (protocolVersion < 0 || protocolVersion > 8) {
printf("Input protocol version invalid: %d\n", protocolVersion);
return NULL;
}
@ -1683,6 +1722,23 @@ JNIEXPORT jstring JNICALL Java_com_wolfssl_WolfSSL_getAvailableCipherSuitesIana
case 5:
method = wolfSSLv23_client_method();
break;
#ifdef WOLFSSL_DTLS
#ifndef NO_OLD_TLS
case 6:
method = wolfDTLSv1_client_method();
break;
#endif
#ifndef WOLFSSL_NO_TLS12
case 7:
method = wolfDTLSv1_2_client_method();
break;
#endif
#ifdef WOLFSSL_DTLS13
case 8:
method = wolfDTLSv1_3_client_method();
break;
#endif
#endif
default:
printf("Input protocol version invalid: %d\n", protocolVersion);
return NULL;
@ -1961,6 +2017,20 @@ JNIEXPORT jobjectArray JNICALL Java_com_wolfssl_WolfSSL_getProtocolsMask
if(!(mask & SSL_OP_NO_SSLv3))
numProtocols += 1;
#endif
#ifdef WOLFSSL_DTLS
#ifndef NO_OLD_TLS
/* DTLS 1.0 */
numProtocols += 1;
#endif
#ifndef WOLFSSL_NO_TLS12
/* DTLS 1.2 */
numProtocols += 1;
#endif
#ifdef WOLFSSL_DTLS13
/* DTLS 1.3 */
numProtocols += 1;
#endif
#endif /* WOLFSSL_DTLS */
ret = (*jenv)->NewObjectArray(jenv, numProtocols,
(*jenv)->FindClass(jenv, "java/lang/String"), NULL);
@ -2031,6 +2101,42 @@ JNIEXPORT jobjectArray JNICALL Java_com_wolfssl_WolfSSL_getProtocolsMask
}
}
#endif
#ifdef WOLFSSL_DTLS
#ifndef NO_OLD_TLS
/* DTLS 1.0 */
(*jenv)->SetObjectArrayElement(jenv, ret, idx++,
(*jenv)->NewStringUTF(jenv, "DTLSv1"));
if ((*jenv)->ExceptionOccurred(jenv)) {
(*jenv)->ExceptionDescribe(jenv);
(*jenv)->ExceptionClear(jenv);
(*jenv)->ThrowNew(jenv, jcl, "Error setting DTLSv1 string");
return NULL;
}
#endif
#ifndef WOLFSSL_NO_TLS12
/* DTLS 1.2 */
(*jenv)->SetObjectArrayElement(jenv, ret, idx++,
(*jenv)->NewStringUTF(jenv, "DTLSv1.2"));
if ((*jenv)->ExceptionOccurred(jenv)) {
(*jenv)->ExceptionDescribe(jenv);
(*jenv)->ExceptionClear(jenv);
(*jenv)->ThrowNew(jenv, jcl, "Error setting DTLSv1.2 string");
return NULL;
}
#endif
#ifdef WOLFSSL_DTLS13
/* DTLS 1.3 */
(*jenv)->SetObjectArrayElement(jenv, ret, idx++,
(*jenv)->NewStringUTF(jenv, "DTLSv1.3"));
if ((*jenv)->ExceptionOccurred(jenv)) {
(*jenv)->ExceptionDescribe(jenv);
(*jenv)->ExceptionClear(jenv);
(*jenv)->ThrowNew(jenv, jcl, "Error setting DTLSv1.3 string");
return NULL;
}
#endif
#endif
return ret;
}

24
native/com_wolfssl_WolfSSL.h
View File

@ -885,6 +885,30 @@ JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_DTLSv1_12_1ServerMethod
JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_DTLSv1_12_1ClientMethod
(JNIEnv *, jclass);
/*
* Class: com_wolfssl_WolfSSL
* Method: DTLSv1_3_Method
* Signature: ()J
*/
JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_DTLSv1_13_1Method
(JNIEnv *, jclass);
/*
* Class: com_wolfssl_WolfSSL
* Method: DTLSv1_3_ServerMethod
* Signature: ()J
*/
JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_DTLSv1_13_1ServerMethod
(JNIEnv *, jclass);
/*
* Class: com_wolfssl_WolfSSL
* Method: DTLSv1_3_ClientMethod
* Signature: ()J
*/
JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_DTLSv1_13_1ClientMethod
(JNIEnv *, jclass);
/*
* Class: com_wolfssl_WolfSSL
* Method: SSLv23_Method

48
src/java/com/wolfssl/WolfSSL.java
View File

@ -51,7 +51,13 @@ public class WolfSSL {
/** TLS 1.3 */
TLSv1_3,
/** Downgrade starting from highest supported SSL/TLS version */
SSLv23
SSLv23,
/** DTLS 1.0 */
DTLSv1,
/** DTLS 1.2 */
DTLSv1_2,
/** DTLS 1.3 */
DTLSv1_3
}
/* ------------------ wolfSSL JNI error codes ----------------------- */
@ -1234,6 +1240,46 @@ public class WolfSSL {
*/
public static final native long DTLSv1_2_ClientMethod();
/**
* Indicates that the application will only support the DTLS 1.3 protocol.
* Application is side-independent at this time, and client/server side
* will be determined at connect/accept stage.
* This method allocates memory for and initializes a new native
* WOLFSSL_METHOD structure to be used when creating the SSL/TLS
* context with newContext().
*
* @return A pointer to the created WOLFSSL_METHOD structure if
* successful, null on failure.
* @see WolfSSLContext#newContext(long)
*/
public static final native long DTLSv1_3_Method();
/**
* Indicates that the application is a server and will only support the
* DTLS 1.3 protocol.
* This method allocates memory for and initializes a new native
* WOLFSSL_METHOD structure to be used when creating the SSL/TLS
* context with newContext().
*
* @return A pointer to the created WOLFSSL_METHOD structure if
* successful, null on failure.
* @see WolfSSLContext#newContext(long)
*/
public static final native long DTLSv1_3_ServerMethod();
/**
* Indicates that the application is a client and will only support the
* DTLS 1.3 protocol.
* This method allocates memory for and initializes a new native
* WOLFSSL_METHOD structure to be used when creating the SSL/TLS
* context with newContext().
*
* @return A pointer to the created WOLFSSL_METHOD structure if
* successful, null on failure.
* @see WolfSSLContext#newContext(long)
*/
public static final native long DTLSv1_3_ClientMethod();
/**
* Indicates that the application will use the highest possible SSL/TLS
* version from SSL 3.0 up to TLS 1.2, but is side-independent at creation

4
src/java/com/wolfssl/WolfSSLSession.java
View File

@ -2511,8 +2511,8 @@ public class WolfSSLSession {
/**
* Returns the SSL/TLS version being used with this session object in
* String format.
* Examples include "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "DTLS", and
* "DTLS 1.2".
* Examples include "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "DTLS",
* "DTLS 1.2", and "DTLS 1.3.
*
* @return SSL/TLS protocol version being used in String format,
* or "unknown".

20
src/java/com/wolfssl/provider/jsse/WolfSSLUtil.java
View File

@ -61,6 +61,11 @@ public class WolfSSLUtil {
*
* jdk.tls.disabledAlgorithms="TLSv1, TLSv1.1"
*
* This method force-removes DTLSv1.2 and DTLSv1.3 if the input
* protocols list advertises support for it. This is because native
* wolfSSL JNI supports DTLS but the JSSE layer does not yet. When
* DTLS support is added to wolfJSSE, this restriction can/will be removed.
*
* @param protocols Full list of protocols to sanitize/filter, should be
* in a format similar to: "TLSv1", "TLSv1.1", etc.
*
@ -73,16 +78,21 @@ public class WolfSSLUtil {
Security.getProperty("jdk.tls.disabledAlgorithms");
List<?> disabledList = null;
/* If system property not set, no filtering needed */
if (disabledAlgos == null || disabledAlgos.isEmpty()) {
return protocols;
}
WolfSSLDebug.log(WolfSSLUtil.class, WolfSSLDebug.INFO,
"sanitizing enabled protocols");
WolfSSLDebug.log(WolfSSLUtil.class, WolfSSLDebug.INFO,
"jdk.tls.disabledAlgorithms: " + disabledAlgos);
/* Force remove DTLS from supported JSSE protocols. Currently only
* JNI layer supports DTLS, not JSSE. When JSSE layer gets DTLS
* support added, take this restriction out. */
if (disabledAlgos == null) {
disabledAlgos = "DTLSv1.2, DTLSv1.3";
}
else {
disabledAlgos += ",DTLSv1.2,DTLSv1.3";
}
/* Remove spaces after commas, split into List */
disabledAlgos = disabledAlgos.replaceAll(", ",",");
disabledList = Arrays.asList(disabledAlgos.split(","));

32
src/test/com/wolfssl/test/WolfSSLTest.java
View File

@ -27,6 +27,9 @@ import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;
import static org.junit.Assert.*;
import java.util.Arrays;
import java.util.List;
import com.wolfssl.WolfSSL;
import com.wolfssl.WolfSSLException;
@ -85,20 +88,45 @@ public class WolfSSLTest {
}
public void test_WolfSSL_Method_Allocators(WolfSSL lib) {
/* Get protocols compiled into native wolfSSL */
List<String> enabledProtocols = Arrays.asList(WolfSSL.getProtocols());
if (enabledProtocols.contains("SSLv3")) {
tstMethod(WolfSSL.SSLv3_ServerMethod(), "SSLv3_ServerMethod()");
tstMethod(WolfSSL.SSLv3_ClientMethod(), "SSLv3_ClientMethod()");
}
if (enabledProtocols.contains("TLSv1")) {
tstMethod(WolfSSL.TLSv1_ServerMethod(), "TLSv1_ServerMethod()");
tstMethod(WolfSSL.TLSv1_ClientMethod(), "TLSv1_ClientMethod()");
}
if (enabledProtocols.contains("TLSv1.1")) {
tstMethod(WolfSSL.TLSv1_1_ServerMethod(), "TLSv1_1_ServerMethod()");
tstMethod(WolfSSL.TLSv1_1_ClientMethod(), "TLSv1_1_ClientMethod()");
}
if (enabledProtocols.contains("TLSv1.2")) {
tstMethod(WolfSSL.TLSv1_2_ServerMethod(), "TLSv1_2_ServerMethod()");
tstMethod(WolfSSL.TLSv1_2_ClientMethod(), "TLSv1_2_ClientMethod()");
}
if (enabledProtocols.contains("TLSv1.3")) {
tstMethod(WolfSSL.TLSv1_3_ServerMethod(), "TLSv1_3_ServerMethod()");
tstMethod(WolfSSL.TLSv1_3_ClientMethod(), "TLSv1_3_ClientMethod()");
}
if (enabledProtocols.contains("DTLSv1")) {
tstMethod(WolfSSL.DTLSv1_ServerMethod(), "DTLSv1_ServerMethod()");
tstMethod(WolfSSL.DTLSv1_ClientMethod(), "DTLSv1_ClientMethod()");
tstMethod(WolfSSL.DTLSv1_2_ServerMethod(), "DTLSv1_2_ServerMethod()");
tstMethod(WolfSSL.DTLSv1_2_ClientMethod(), "DTLSv1_2_ClientMethod()");
}
if (enabledProtocols.contains("DTLSv1.2")) {
tstMethod(WolfSSL.DTLSv1_2_ServerMethod(),
"DTLSv1_2_ServerMethod()");
tstMethod(WolfSSL.DTLSv1_2_ClientMethod(),
"DTLSv1_2_ClientMethod()");
}
if (enabledProtocols.contains("DTLSv1.3")) {
tstMethod(WolfSSL.DTLSv1_3_ServerMethod(),
"DTLSv1_3_ServerMethod()");
tstMethod(WolfSSL.DTLSv1_3_ClientMethod(),
"DTLSv1_3_ClientMethod()");
}
tstMethod(WolfSSL.SSLv23_ServerMethod(), "SSLv23_ServerMethod()");
tstMethod(WolfSSL.SSLv23_ClientMethod(), "SSLv23_ClientMethod()");
}