WolfSSL
/
wolfssljni
mirror of https://github.com/wolfSSL/wolfssljni.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #252 from cconlon/classRename 

Refactor wolfCrypt level classes to avoid `wolfcrypt-jni` namespace conflicts
pull/249/head
JacobBarthelmeh 2025-01-31 10:29:54 -07:00 committed by GitHub
parent 5e56b00383 36bfbd1757
commit 7cf0c4e7ba
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
40 changed files with 1009 additions and 226 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
IDE/Android/app/src/main/cpp/CMakeLists.txt
View File

@ -337,9 +337,9 @@ add_library(wolfssljni SHARED
${wolfssljni_DIR}/native/com_wolfssl_WolfSSLSession.c
${wolfssljni_DIR}/native/com_wolfssl_WolfSSLX509Name.c
${wolfssljni_DIR}/native/com_wolfssl_WolfSSLX509StoreCtx.c
${wolfssljni_DIR}/native/com_wolfssl_wolfcrypt_ECC.c
${wolfssljni_DIR}/native/com_wolfssl_wolfcrypt_EccKey.c
${wolfssljni_DIR}/native/com_wolfssl_wolfcrypt_RSA.c
${wolfssljni_DIR}/native/com_wolfssl_WolfCryptECC.c
${wolfssljni_DIR}/native/com_wolfssl_WolfCryptEccKey.c
${wolfssljni_DIR}/native/com_wolfssl_WolfCryptRSA.c
)
# set_target_properties(wolfssljni PROPERTIES LIBRARY_OUTPUT_DIRECTORY

14
IDE/WIN/wolfssljni.vcxproj
View File

@ -35,9 +35,9 @@
</ProjectConfiguration>
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\..\native\com_wolfssl_wolfcrypt_ECC.c" />
<ClCompile Include="..\..\native\com_wolfssl_wolfcrypt_EccKey.c" />
<ClCompile Include="..\..\native\com_wolfssl_wolfcrypt_RSA.c" />
<ClCompile Include="..\..\native\com_wolfssl_WolfCryptECC.c" />
<ClCompile Include="..\..\native\com_wolfssl_WolfCryptEccKey.c" />
<ClCompile Include="..\..\native\com_wolfssl_WolfCryptRSA.c" />
<ClCompile Include="..\..\native\com_wolfssl_WolfSSL.c" />
<ClCompile Include="..\..\native\com_wolfssl_WolfSSLCertificate.c" />
<ClCompile Include="..\..\native\com_wolfssl_WolfSSLCertManager.c" />
@ -49,9 +49,9 @@
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\..\native\com_wolfssl_globals.h" />
<ClInclude Include="..\..\native\com_wolfssl_wolfcrypt_ECC.h" />
<ClInclude Include="..\..\native\com_wolfssl_wolfcrypt_EccKey.h" />
<ClInclude Include="..\..\native\com_wolfssl_wolfcrypt_RSA.h" />
<ClInclude Include="..\..\native\com_wolfssl_WolfCryptECC.h" />
<ClInclude Include="..\..\native\com_wolfssl_WolfCryptEccKey.h" />
<ClInclude Include="..\..\native\com_wolfssl_WolfCryptRSA.h" />
<ClInclude Include="..\..\native\com_wolfssl_WolfSSL.h" />
<ClInclude Include="..\..\native\com_wolfssl_WolfSSLCertificate.h" />
<ClInclude Include="..\..\native\com_wolfssl_WolfSSLCertManager.h" />
@ -432,4 +432,4 @@ ant</Command>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>
</Project>

12
IDE/WIN/wolfssljni.vcxproj.filters
View File

@ -15,13 +15,13 @@
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\..\native\com_wolfssl_wolfcrypt_ECC.c">
<ClCompile Include="..\..\native\com_wolfssl_WolfCryptECC.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\..\native\com_wolfssl_wolfcrypt_EccKey.c">
<ClCompile Include="..\..\native\com_wolfssl_WolfCryptEccKey.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\..\native\com_wolfssl_wolfcrypt_RSA.c">
<ClCompile Include="..\..\native\com_wolfssl_WolfCryptRSA.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\..\native\com_wolfssl_WolfSSL.c">
@ -53,13 +53,13 @@
<ClInclude Include="..\..\native\com_wolfssl_globals.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\..\native\com_wolfssl_wolfcrypt_ECC.h">
<ClInclude Include="..\..\native\com_wolfssl_WolfCryptECC.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\..\native\com_wolfssl_wolfcrypt_EccKey.h">
<ClInclude Include="..\..\native\com_wolfssl_WolfCryptEccKey.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\..\native\com_wolfssl_wolfcrypt_RSA.h">
<ClInclude Include="..\..\native\com_wolfssl_WolfCryptRSA.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\..\native\com_wolfssl_WolfSSL.h">

7
build.xml
View File

@ -148,9 +148,9 @@
<class name="com.wolfssl.WolfSSLContext"/>
<class name="com.wolfssl.WolfSSLSession"/>
<class name="com.wolfssl.WolfSSLX509StoreCtx"/>
<class name="com.wolfssl.wolfcrypt.ECC"/>
<class name="com.wolfssl.wolfcrypt.EccKey"/>
<class name="com.wolfssl.wolfcrypt.RSA"/>
<class name="com.wolfssl.WolfCryptECC"/>
<class name="com.wolfssl.WolfCryptEccKey"/>
<class name="com.wolfssl.WolfCryptRSA"/>
</javah>
</target>
@ -177,7 +177,6 @@
</manifest>
<fileset dir="${build.dir}">
<include name="com/wolfssl/*.class"/>
<include name="com/wolfssl/wolfcrypt/*.class"/>
</fileset>
</jar>
</target>

11
examples/Client.java
View File

@ -362,6 +362,12 @@ public class Client {
MyDecryptVerifyCallback dvcb = new MyDecryptVerifyCallback();
sslCtx.setMacEncryptCb(mecb);
sslCtx.setDecryptVerifyCb(dvcb);
if (WolfSSL.encryptThenMacEnabled()) {
MyVerifyDecryptCallback vdcb =
new MyVerifyDecryptCallback();
sslCtx.setVerifyDecryptCb(vdcb);
}
}
/* register public key callbacks, ctx setup is later */
@ -521,6 +527,11 @@ public class Client {
MyAtomicDecCtx decCtx = new MyAtomicDecCtx();
ssl.setMacEncryptCtx(encCtx);
ssl.setDecryptVerifyCtx(decCtx);
if (WolfSSL.encryptThenMacEnabled()) {
MyAtomicDecCtx vdCtx = new MyAtomicDecCtx();
ssl.setVerifyDecryptCtx(vdCtx);
}
}
if (pkCallbacks == 1) {

34
examples/MyDecryptVerifyCallback.java
View File

@ -30,6 +30,11 @@ import javax.crypto.Cipher;
import java.nio.ByteBuffer;
import com.wolfssl.*;
/*
* Example Decrypt Verify callback implementation.
* NOTE: if native HAVE_ENCRYPT_THEN_MAC is defined, the VerifyDecrypt
* callback needs to be used.
*/
class MyDecryptVerifyCallback implements WolfSSLDecryptVerifyCallback
{
public int decryptVerifyCallback(WolfSSLSession ssl, ByteBuffer decOut,
@ -115,23 +120,18 @@ class MyDecryptVerifyCallback implements WolfSSLDecryptVerifyCallback
ssl.setTlsHmacInner(myInner, macInSz, macContent, macVerify);
int hmacType = ssl.getHmacType();
switch (hmacType) {
case WolfSSL.SHA:
hmacString = "HmacSHA1";
break;
case WolfSSL.SHA256:
hmacString = "HmacSHA256";
break;
case WolfSSL.SHA384:
hmacString = "HmacSHA384";
break;
case WolfSSL.SHA512:
hmacString = "HmacSHA512";
break;
default:
System.out.println("Unsupported HMAC hash type in " +
"MyDecryptVerifyCallback");
return -1;
if (hmacType == WolfSSL.SHA) {
hmacString = "HmacSHA1";
} else if (hmacType == WolfSSL.SHA256) {
hmacString = "HmacSHA256";
} else if (hmacType == WolfSSL.SHA384) {
hmacString = "HmacSHA384";
} else if (hmacType == WolfSSL.SHA512) {
hmacString = "HmacSHA512";
} else {
System.out.println("Unsupported HMAC hash type in " +
"MyDecryptVerifyCallback: " + hmacType);
return -1;
}
/* get Hmac SHA-1 key */

7
examples/MyEccSharedSecretCallback.java
View File

@ -23,7 +23,6 @@ import java.io.*;
import java.net.*;
import java.nio.ByteBuffer;
import com.wolfssl.*;
import com.wolfssl.wolfcrypt.*;
import java.security.KeyFactory;
import java.security.interfaces.ECPublicKey;
@ -47,9 +46,9 @@ import java.util.Arrays;
*/
class MyEccSharedSecretCallback implements WolfSSLEccSharedSecretCallback
{
public int eccSharedSecretCallback(WolfSSLSession ssl, EccKey otherKey,
ByteBuffer pubKeyDer, long[] pubKeyDerSz, ByteBuffer out,
long[] outSz, int side, Object ctx) {
public int eccSharedSecretCallback(WolfSSLSession ssl,
WolfCryptEccKey otherKey, ByteBuffer pubKeyDer, long[] pubKeyDerSz,
ByteBuffer out, long[] outSz, int side, Object ctx) {
int ret = -1;
ECPublicKey ecPubKey = null;

3
examples/MyEccSignCallback.java
View File

@ -23,7 +23,6 @@ import java.io.*;
import java.net.*;
import java.nio.ByteBuffer;
import com.wolfssl.*;
import com.wolfssl.wolfcrypt.*;
class MyEccSignCallback implements WolfSSLEccSignCallback
{
@ -34,7 +33,7 @@ class MyEccSignCallback implements WolfSSLEccSignCallback
System.out.println("---------- Entered MyEccSignCallback ----------");
int ret = -1;
ECC ecc = new ECC();
WolfCryptECC ecc = new WolfCryptECC();
MyEccSignCtx eccSignCtx = (MyEccSignCtx)ctx;
ret = ecc.doSign(in, inSz, out, outSz, keyDer, keySz);

3
examples/MyEccVerifyCallback.java
View File

@ -23,7 +23,6 @@ import java.io.*;
import java.net.*;
import java.nio.ByteBuffer;
import com.wolfssl.*;
import com.wolfssl.wolfcrypt.*;
class MyEccVerifyCallback implements WolfSSLEccVerifyCallback
{
@ -34,7 +33,7 @@ class MyEccVerifyCallback implements WolfSSLEccVerifyCallback
System.out.println("---------- Entered MyEccVerifyCallback ----------");
int ret = -1;
ECC ecc = new ECC();
WolfCryptECC ecc = new WolfCryptECC();
MyEccVerifyCtx eccVerifyCtx = (MyEccVerifyCtx)ctx;
ret = ecc.doVerify(sig, sigSz, hash, hashSz, keyDer, keySz, result);

29
examples/MyMacEncryptCallback.java
View File

@ -57,23 +57,18 @@ class MyMacEncryptCallback implements WolfSSLMacEncryptCallback
}
int hmacType = ssl.getHmacType();
switch (hmacType) {
case WolfSSL.SHA:
hmacString = "HmacSHA1";
break;
case WolfSSL.SHA256:
hmacString = "HmacSHA256";
break;
case WolfSSL.SHA384:
hmacString = "HmacSHA384";
break;
case WolfSSL.SHA512:
hmacString = "HmacSHA512";
break;
default:
System.out.println("Unsupported HMAC hash type in " +
"MyMacEncryptCallback");
return -1;
if (hmacType == WolfSSL.SHA) {
hmacString = "HmacSHA1";
} else if (hmacType == WolfSSL.SHA256) {
hmacString = "HmacSHA256";
} else if (hmacType == WolfSSL.SHA384) {
hmacString = "HmacSHA384";
} else if (hmacType == WolfSSL.SHA512) {
hmacString = "HmacSHA512";
} else {
System.out.println("Unsupported HMAC hash type in " +
"MyMacEncryptCallback");
return -1;
}
/* hmac, not needed if aead mode */

3
examples/MyRsaDecCallback.java
View File

@ -23,7 +23,6 @@ import java.io.*;
import java.net.*;
import java.nio.*;
import com.wolfssl.*;
import com.wolfssl.wolfcrypt.*;
class MyRsaDecCallback implements WolfSSLRsaDecCallback
{
@ -34,7 +33,7 @@ class MyRsaDecCallback implements WolfSSLRsaDecCallback
System.out.println("---------- Entering MyRsaDecCallback ----------");
int ret = -1;
RSA rsa = new RSA();
WolfCryptRSA rsa = new WolfCryptRSA();
MyRsaDecCtx rsaDecCtx = (MyRsaDecCtx)ctx;
ret = rsa.doDec(in, inSz, out, outSz, keyDer, keySz);

3
examples/MyRsaEncCallback.java
View File

@ -23,7 +23,6 @@ import java.io.*;
import java.net.*;
import java.nio.*;
import com.wolfssl.*;
import com.wolfssl.wolfcrypt.*;
class MyRsaEncCallback implements WolfSSLRsaEncCallback
{
@ -34,7 +33,7 @@ class MyRsaEncCallback implements WolfSSLRsaEncCallback
System.out.println("---------- Entering MyRsaEncCallback ----------");
int ret = -1;
RSA rsa = new RSA();
WolfCryptRSA rsa = new WolfCryptRSA();
MyRsaEncCtx rsaEncCtx = (MyRsaEncCtx)ctx;
ret = rsa.doEnc(in, inSz, out, outSz, keyDer, keySz);

3
examples/MyRsaSignCallback.java
View File

@ -23,7 +23,6 @@ import java.io.*;
import java.net.*;
import java.nio.*;
import com.wolfssl.*;
import com.wolfssl.wolfcrypt.*;
class MyRsaSignCallback implements WolfSSLRsaSignCallback
{
@ -34,7 +33,7 @@ class MyRsaSignCallback implements WolfSSLRsaSignCallback
System.out.println("---------- Entering MyRsaSignCallback ----------");
int ret = -1;
RSA rsa = new RSA();
WolfCryptRSA rsa = new WolfCryptRSA();
MyRsaSignCtx rsaSignCtx = (MyRsaSignCtx)ctx;
ret = rsa.doSign(in, inSz, out, outSz, keyDer, keySz);

3
examples/MyRsaVerifyCallback.java
View File

@ -23,7 +23,6 @@ import java.io.*;
import java.net.*;
import java.nio.*;
import com.wolfssl.*;
import com.wolfssl.wolfcrypt.*;
class MyRsaVerifyCallback implements WolfSSLRsaVerifyCallback
{
@ -34,7 +33,7 @@ class MyRsaVerifyCallback implements WolfSSLRsaVerifyCallback
System.out.println("---------- Entered MyRsaVerifyCallback ----------");
int ret = -1;
RSA rsa = new RSA();
WolfCryptRSA rsa = new WolfCryptRSA();
MyRsaVerifyCtx rsaVerifyCtx = (MyRsaVerifyCtx)ctx;
ret = rsa.doVerify(sig, sigSz, out, outSz, keyDer, keySz);

163
examples/MyVerifyDecryptCallback.java 100644
View File

@ -0,0 +1,163 @@
/* MyVerifyDecryptCallback.java
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
import java.io.*;
import java.net.*;
import java.nio.*;
import java.util.*;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.Cipher;
import java.nio.ByteBuffer;
import com.wolfssl.*;
/*
* Example Verify/Decrypt callback implementation. For use when
* HAVE_ENCRYPT_THEN_MAC is defined, which can be tested from Java using
* WolfSSL.encryptThenMacEnabled().
*
* This example callback has been modeled directly after the native wolfSSL
* example callback (myVerifyDecryptCb()) in wolfssl/test.h.
*
* NOTE: if native HAVE_ENCRYPT_THEN_MAC is not defined, the DecryptVerify
* callback needs to be set and used.
*/
class MyVerifyDecryptCallback implements WolfSSLVerifyDecryptCallback
{
public int verifyDecryptCallback(WolfSSLSession ssl, ByteBuffer decOut,
byte[] decIn, long decSz, int macContent, int macVerify,
long[] padSz, Object ctx) {
int hmacType = ssl.getHmacType();
int digestSz = ssl.getHmacSize();
byte[] myInner = new byte[WolfSSL.WOLFSSL_TLS_HMAC_INNER_SZ];
byte[] verify = null;
byte[] keyBytes = null;
byte[] ivBytes = null;
String hmacString;
String tlsStr = "TLS";
Cipher cipher = null;
MyAtomicDecCtx decCtx = (MyAtomicDecCtx) ctx;
/* example supports (d)tls AES */
if (ssl.getBulkCipher() != WolfSSL.wolfssl_aes) {
System.out.println("MyVerifyDecryptCallback not using AES");
return -1;
}
try {
if (!ssl.getVersion().contains(tlsStr)) {
System.out.println("MyVerifyDecryptCallback not using (D)TLS");
return -1;
}
ssl.setTlsHmacInner(myInner, decSz, macContent, macVerify);
if (hmacType == WolfSSL.SHA) {
hmacString = "HmacSHA1";
} else if (hmacType == WolfSSL.SHA256) {
hmacString = "HmacSHA256";
} else if (hmacType == WolfSSL.SHA384) {
hmacString = "HmacSHA384";
} else if (hmacType == WolfSSL.SHA512) {
hmacString = "HmacSHA512";
} else {
System.out.println("Unsupported HMAC hash type in " +
"MyVerifyDecryptCallback: " + hmacType);
return -1;
}
/* construct HMAC key */
SecretKeySpec hmacKey = new SecretKeySpec(
ssl.getMacSecret(macVerify), hmacString);
/* get Mac instance, initialize with key, compute */
Mac mac = Mac.getInstance(hmacString);
mac.init(hmacKey);
mac.update(myInner, 0, myInner.length);
mac.update(decIn, 0, (int)decSz);
verify = mac.doFinal();
/* Get MAC (digestSz bytes) off end of decOut for comparison */
byte[] verifyMac = new byte[digestSz];
int tmpPos = decOut.position();
decOut.position(decOut.limit() - digestSz);
decOut.get(verifyMac);
decOut.position(tmpPos);
if (verifyMac.length != verify.length) {
System.out.println("MyVerifyDecryptCallback verifyMac length " +
"different than calculated MAC length");
return -1;
}
if (!Arrays.equals(verify, verifyMac)) {
System.out.println("MyVerifyDecryptCallback MAC " +
"comparison failed");
return -1;
}
/* Setup AES for decrypt */
if(!decCtx.isCipherSetup()) {
int keyLen = ssl.getKeySize();
SecretKeySpec key = null;
cipher = Cipher.getInstance("AES/CBC/NoPadding", "SunJCE");
/* Decrypt is from other side (peer) */
if (ssl.getSide() == WolfSSL.WOLFSSL_SERVER_END) {
keyBytes = ssl.getClientWriteKey();
ivBytes = ssl.getClientWriteIV();
} else {
keyBytes = ssl.getServerWriteKey();
ivBytes = ssl.getServerWriteIV();
}
key = new SecretKeySpec(keyBytes, "AES");
cipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(ivBytes));
decCtx.setCipher(cipher);
decCtx.isCipherSetup(true);
} else {
cipher = decCtx.getCipher();
if (cipher == null) {
System.out.println("Cipher was not previously set up");
return -1;
}
}
/* Decrypt */
decOut.position(0);
decOut.put(cipher.doFinal(decIn, 0, (int)decSz));
decOut.flip();
byte padVal = decOut.get((int)decSz - 1);
padSz[0] = (long)padVal + 1;
} catch (Exception e) {
e.printStackTrace();
}
return 0;
}
}

13
examples/Server.java
View File

@ -362,6 +362,12 @@ public class Server {
new MyDecryptVerifyCallback();
sslCtx.setMacEncryptCb(mecb);
sslCtx.setDecryptVerifyCb(dvcb);
if (WolfSSL.encryptThenMacEnabled()) {
MyVerifyDecryptCallback vdc =
new MyVerifyDecryptCallback();
sslCtx.setVerifyDecryptCb(vdc);
}
}
/* register public key callbacks, ctx setup later */
@ -515,6 +521,11 @@ public class Server {
MyAtomicDecCtx decCtx = new MyAtomicDecCtx();
ssl.setMacEncryptCtx(encCtx);
ssl.setDecryptVerifyCtx(decCtx);
if (WolfSSL.encryptThenMacEnabled()) {
MyAtomicDecCtx vdCtx = new MyAtomicDecCtx();
ssl.setVerifyDecryptCtx(vdCtx);
}
}
if (pkCallbacks == 1) {
@ -566,7 +577,7 @@ public class Server {
(err == WolfSSL.SSL_ERROR_WANT_READ ||
err == WolfSSL.SSL_ERROR_WANT_WRITE));
if (input.length > 0) {
if (insz > 0) {
String cliMsg = new String(input, 0, insz);
System.out.println("client says: " + cliMsg);
} else {

8
java.sh
View File

@ -109,15 +109,15 @@ fi
gcc -Wall -c $fpic $CFLAGS ./native/com_wolfssl_WolfSSL.c -o ./native/com_wolfssl_WolfSSL.o $javaIncludes
gcc -Wall -c $fpic $CFLAGS ./native/com_wolfssl_WolfSSLSession.c -o ./native/com_wolfssl_WolfSSLSession.o $javaIncludes
gcc -Wall -c $fpic $CFLAGS ./native/com_wolfssl_WolfSSLContext.c -o ./native/com_wolfssl_WolfSSLContext.o $javaIncludes
gcc -Wall -c $fpic $CFLAGS ./native/com_wolfssl_wolfcrypt_RSA.c -o ./native/com_wolfssl_wolfcrypt_RSA.o $javaIncludes
gcc -Wall -c $fpic $CFLAGS ./native/com_wolfssl_wolfcrypt_ECC.c -o ./native/com_wolfssl_wolfcrypt_ECC.o $javaIncludes
gcc -Wall -c $fpic $CFLAGS ./native/com_wolfssl_wolfcrypt_EccKey.c -o ./native/com_wolfssl_wolfcrypt_EccKey.o $javaIncludes
gcc -Wall -c $fpic $CFLAGS ./native/com_wolfssl_WolfCryptRSA.c -o ./native/com_wolfssl_WolfCryptRSA.o $javaIncludes
gcc -Wall -c $fpic $CFLAGS ./native/com_wolfssl_WolfCryptECC.c -o ./native/com_wolfssl_WolfCryptECC.o $javaIncludes
gcc -Wall -c $fpic $CFLAGS ./native/com_wolfssl_WolfCryptEccKey.c -o ./native/com_wolfssl_WolfCryptEccKey.o $javaIncludes
gcc -Wall -c $fpic $CFLAGS ./native/com_wolfssl_WolfSSLCertManager.c -o ./native/com_wolfssl_WolfSSLCertManager.o $javaIncludes
gcc -Wall -c $fpic $CFLAGS ./native/com_wolfssl_WolfSSLCertRequest.c -o ./native/com_wolfssl_WolfSSLCertRequest.o $javaIncludes
gcc -Wall -c $fpic $CFLAGS ./native/com_wolfssl_WolfSSLCertificate.c -o ./native/com_wolfssl_WolfSSLCertificate.o $javaIncludes
gcc -Wall -c $fpic $CFLAGS ./native/com_wolfssl_WolfSSLX509Name.c -o ./native/com_wolfssl_WolfSSLX509Name.o $javaIncludes
gcc -Wall -c $fpic $CFLAGS ./native/com_wolfssl_WolfSSLX509StoreCtx.c -o ./native/com_wolfssl_WolfSSLX509StoreCtx.o $javaIncludes
gcc -Wall $javaLibs $CFLAGS -o ./lib/$jniLibName ./native/com_wolfssl_WolfSSL.o ./native/com_wolfssl_WolfSSLSession.o ./native/com_wolfssl_WolfSSLContext.o ./native/com_wolfssl_wolfcrypt_RSA.o ./native/com_wolfssl_wolfcrypt_ECC.o ./native/com_wolfssl_wolfcrypt_EccKey.o ./native/com_wolfssl_WolfSSLCertManager.o ./native/com_wolfssl_WolfSSLCertRequest.o ./native/com_wolfssl_WolfSSLCertificate.o ./native/com_wolfssl_WolfSSLX509Name.o ./native/com_wolfssl_WolfSSLX509StoreCtx.o -L$WOLFSSL_INSTALL_DIR/lib -L$WOLFSSL_INSTALL_DIR/lib64 -l$WOLFSSL_LIBNAME
gcc -Wall $javaLibs $CFLAGS -o ./lib/$jniLibName ./native/com_wolfssl_WolfSSL.o ./native/com_wolfssl_WolfSSLSession.o ./native/com_wolfssl_WolfSSLContext.o ./native/com_wolfssl_WolfCryptRSA.o ./native/com_wolfssl_WolfCryptECC.o ./native/com_wolfssl_WolfCryptEccKey.o ./native/com_wolfssl_WolfSSLCertManager.o ./native/com_wolfssl_WolfSSLCertRequest.o ./native/com_wolfssl_WolfSSLCertificate.o ./native/com_wolfssl_WolfSSLX509Name.o ./native/com_wolfssl_WolfSSLX509StoreCtx.o -L$WOLFSSL_INSTALL_DIR/lib -L$WOLFSSL_INSTALL_DIR/lib64 -l$WOLFSSL_LIBNAME
if [ $? != 0 ]; then
echo "Error creating native JNI library"
exit 1

8
native/com_wolfssl_wolfcrypt_ECC.c → native/com_wolfssl_WolfCryptECC.c
View File

@ -1,4 +1,4 @@
/* com_wolfssl_wolfcrypt_ECC.c
/* com_wolfssl_WolfCryptECC.c
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
@ -28,9 +28,9 @@
#include <wolfssl/wolfcrypt/ecc.h>
#include <wolfssl/wolfcrypt/asn.h>
#include "com_wolfssl_wolfcrypt_ECC.h"
#include "com_wolfssl_WolfCryptECC.h"
JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_ECC_doVerify
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfCryptECC_doVerify
(JNIEnv* jenv, jobject jcl, jobject sig, jlong sigSz, jobject hash,
jlong hashSz, jobject keyDer, jlong keySz, jintArray result)
{
@ -89,7 +89,7 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_ECC_doVerify
return ret;
}
JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_ECC_doSign
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfCryptECC_doSign
(JNIEnv* jenv, jobject jcl, jobject in, jlong inSz, jobject out,
jlongArray outSz, jobject keyDer, jlong keySz)
{

14
native/com_wolfssl_wolfcrypt_ECC.h → native/com_wolfssl_WolfCryptECC.h
View File

@ -1,26 +1,26 @@
/* DO NOT EDIT THIS FILE - it is machine generated */
#include <jni.h>
/* Header for class com_wolfssl_wolfcrypt_ECC */
/* Header for class com_wolfssl_WolfCryptECC */
#ifndef _Included_com_wolfssl_wolfcrypt_ECC
#define _Included_com_wolfssl_wolfcrypt_ECC
#ifndef _Included_com_wolfssl_WolfCryptECC
#define _Included_com_wolfssl_WolfCryptECC
#ifdef __cplusplus
extern "C" {
#endif
/*
* Class: com_wolfssl_wolfcrypt_ECC
* Class: com_wolfssl_WolfCryptECC
* Method: doVerify
* Signature: (Ljava/nio/ByteBuffer;JLjava/nio/ByteBuffer;JLjava/nio/ByteBuffer;J[I)I
*/
JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_ECC_doVerify
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfCryptECC_doVerify
(JNIEnv *, jobject, jobject, jlong, jobject, jlong, jobject, jlong, jintArray);
/*
* Class: com_wolfssl_wolfcrypt_ECC
* Class: com_wolfssl_WolfCryptECC
* Method: doSign
* Signature: (Ljava/nio/ByteBuffer;JLjava/nio/ByteBuffer;[JLjava/nio/ByteBuffer;J)I
*/
JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_ECC_doSign
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfCryptECC_doSign
(JNIEnv *, jobject, jobject, jlong, jobject, jlongArray, jobject, jlong);
#ifdef __cplusplus

10
native/com_wolfssl_wolfcrypt_EccKey.c → native/com_wolfssl_WolfCryptEccKey.c
View File

@ -1,4 +1,4 @@
/* com_wolfssl_wolfcrypt_EccKey.c
/* com_wolfssl_WolfCryptEccKey.c
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
@ -28,9 +28,9 @@
#include <wolfssl/wolfcrypt/ecc.h>
#include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include "com_wolfssl_wolfcrypt_EccKey.h"
#include "com_wolfssl_WolfCryptEccKey.h"
JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_EccKey_EccPublicKeyToDer
JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfCryptEccKey_EccPublicKeyToDer
(JNIEnv* jenv, jobject jcl, jlong eccKey)
{
jclass excClass;
@ -94,7 +94,7 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_EccKey_EccPublicKeyToDer
#endif /* HAVE_ECC */
}
JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_EccKey_EccPrivateKeyToDer
JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfCryptEccKey_EccPrivateKeyToDer
(JNIEnv* jenv, jobject jcl, jlong eccKey)
{
jclass excClass;
@ -158,7 +158,7 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_EccKey_EccPrivateKeyToDe
#endif /* HAVE_ECC */
}
JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_EccKey_EccPrivateKeyToPKCS8
JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfCryptEccKey_EccPrivateKeyToPKCS8
(JNIEnv* jenv, jobject jcl, jlong eccKey)
{
jclass excClass;

37
native/com_wolfssl_WolfCryptEccKey.h 100644
View File

@ -0,0 +1,37 @@
/* DO NOT EDIT THIS FILE - it is machine generated */
#include <jni.h>
/* Header for class com_wolfssl_WolfCryptEccKey */
#ifndef _Included_com_wolfssl_WolfCryptEccKey
#define _Included_com_wolfssl_WolfCryptEccKey
#ifdef __cplusplus
extern "C" {
#endif
/*
* Class: com_wolfssl_WolfCryptEccKey
* Method: EccPublicKeyToDer
* Signature: (J)[B
*/
JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfCryptEccKey_EccPublicKeyToDer
(JNIEnv *, jobject, jlong);
/*
* Class: com_wolfssl_WolfCryptEccKey
* Method: EccPrivateKeyToDer
* Signature: (J)[B
*/
JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfCryptEccKey_EccPrivateKeyToDer
(JNIEnv *, jobject, jlong);
/*
* Class: com_wolfssl_WolfCryptEccKey
* Method: EccPrivateKeyToPKCS8
* Signature: (J)[B
*/
JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfCryptEccKey_EccPrivateKeyToPKCS8
(JNIEnv *, jobject, jlong);
#ifdef __cplusplus
}
#endif
#endif

12
native/com_wolfssl_wolfcrypt_RSA.c → native/com_wolfssl_WolfCryptRSA.c
View File

@ -1,4 +1,4 @@
/* com_wolfssl_wolfcrypt_RSA.c
/* com_wolfssl_WolfCryptRSA.c
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
@ -27,9 +27,9 @@
#endif
#include <wolfssl/wolfcrypt/rsa.h>
#include "com_wolfssl_wolfcrypt_RSA.h"
#include "com_wolfssl_WolfCryptRSA.h"
JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_RSA_doSign
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfCryptRSA_doSign
(JNIEnv* jenv, jobject jcl, jobject in, jlong inSz, jobject out,
jintArray outSz, jobject keyDer, jlong keySz)
{
@ -94,7 +94,7 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_RSA_doSign
return ret;
}
JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_RSA_doVerify
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfCryptRSA_doVerify
(JNIEnv* jenv, jobject jcl, jobject sig, jlong sigSz, jobject out,
jlong outSz, jobject keyDer, jlong keySz)
{
@ -150,7 +150,7 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_RSA_doVerify
return ret;
}
JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_RSA_doEnc
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfCryptRSA_doEnc
(JNIEnv* jenv, jobject jcl, jobject in, jlong inSz, jobject out,
jintArray outSz, jobject keyDer, jlong keySz)
{
@ -214,7 +214,7 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_RSA_doEnc
return ret;
}
JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_RSA_doDec
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfCryptRSA_doDec
(JNIEnv* jenv, jobject jcl, jobject in, jlong inSz, jobject out,
jlong outSz, jobject keyDer, jlong keySz)
{

22
native/com_wolfssl_wolfcrypt_RSA.h → native/com_wolfssl_WolfCryptRSA.h
View File

@ -1,42 +1,42 @@
/* DO NOT EDIT THIS FILE - it is machine generated */
#include <jni.h>
/* Header for class com_wolfssl_wolfcrypt_RSA */
/* Header for class com_wolfssl_WolfCryptRSA */
#ifndef _Included_com_wolfssl_wolfcrypt_RSA
#define _Included_com_wolfssl_wolfcrypt_RSA
#ifndef _Included_com_wolfssl_WolfCryptRSA
#define _Included_com_wolfssl_WolfCryptRSA
#ifdef __cplusplus
extern "C" {
#endif
/*
* Class: com_wolfssl_wolfcrypt_RSA
* Class: com_wolfssl_WolfCryptRSA
* Method: doSign
* Signature: (Ljava/nio/ByteBuffer;JLjava/nio/ByteBuffer;[ILjava/nio/ByteBuffer;J)I
*/
JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_RSA_doSign
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfCryptRSA_doSign
(JNIEnv *, jobject, jobject, jlong, jobject, jintArray, jobject, jlong);
/*
* Class: com_wolfssl_wolfcrypt_RSA
* Class: com_wolfssl_WolfCryptRSA
* Method: doVerify
* Signature: (Ljava/nio/ByteBuffer;JLjava/nio/ByteBuffer;JLjava/nio/ByteBuffer;J)I
*/
JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_RSA_doVerify
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfCryptRSA_doVerify
(JNIEnv *, jobject, jobject, jlong, jobject, jlong, jobject, jlong);
/*
* Class: com_wolfssl_wolfcrypt_RSA
* Class: com_wolfssl_WolfCryptRSA
* Method: doEnc
* Signature: (Ljava/nio/ByteBuffer;JLjava/nio/ByteBuffer;[ILjava/nio/ByteBuffer;J)I
*/
JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_RSA_doEnc
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfCryptRSA_doEnc
(JNIEnv *, jobject, jobject, jlong, jobject, jintArray, jobject, jlong);
/*
* Class: com_wolfssl_wolfcrypt_RSA
* Class: com_wolfssl_WolfCryptRSA
* Method: doDec
* Signature: (Ljava/nio/ByteBuffer;JLjava/nio/ByteBuffer;JLjava/nio/ByteBuffer;J)I
*/
JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_RSA_doDec
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfCryptRSA_doDec
(JNIEnv *, jobject, jobject, jlong, jobject, jlong, jobject, jlong);
#ifdef __cplusplus

91
native/com_wolfssl_WolfSSL.c
View File

@ -342,6 +342,51 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getBulkCipherAlgorithmEnumCAMELL
return wolfssl_camellia;
}
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getHmacEnumMD5
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;
return WC_HASH_TYPE_MD5;
}
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getHmacEnumSHA1
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;
return WC_HASH_TYPE_SHA;
}
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getHmacEnumSHA256
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;
return WC_HASH_TYPE_SHA256;
}
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getHmacEnumSHA384
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;
return WC_HASH_TYPE_SHA384;
}
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getHmacEnumSHA512
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;
return WC_HASH_TYPE_SHA512;
}
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getTls13SecretEnum_1CLIENT_1EARLY_1TRAFFIC_1SECRET
(JNIEnv* jenv, jclass jcl)
{
@ -680,6 +725,19 @@ JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_secretCallbackEnabled
#endif
}
JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_encryptThenMacEnabled
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;
#ifdef HAVE_ENCRYPT_THEN_MAC
return JNI_TRUE;
#else
return JNI_FALSE;
#endif
}
JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSL_SSLv3_1ServerMethod
(JNIEnv* jenv, jclass jcl)
{
@ -972,9 +1030,14 @@ JNIEXPORT jstring JNICALL Java_com_wolfssl_WolfSSL_getErrorString
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_cleanup
(JNIEnv* jenv, jclass jcl)
{
int ret = WOLFSSL_SUCCESS;
(void)jenv;
(void)jcl;
/* Call wolfSSL_Cleanup() first since it may use the logging callback,
* before we free that next. */
ret = wolfSSL_Cleanup();
/* release global logging callback object if registered */
if (g_loggingCbIfaceObj != NULL) {
(*jenv)->DeleteGlobalRef(jenv, g_loggingCbIfaceObj);
@ -989,7 +1052,7 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_cleanup
}
#endif
return wolfSSL_Cleanup();
return ret;
}
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_debuggingON
@ -1061,23 +1124,27 @@ void NativeLoggingCallback(const int logLevel, const char *const logMessage)
/* get JNIEnv from JavaVM */
vmret = (int)((*g_vm)->GetEnv(g_vm, (void**) &jenv, JNI_VERSION_1_6));
if (vmret == JNI_EDETACHED) {
#ifdef __ANDROID__
vmret = (*g_vm)->AttachCurrentThread(g_vm, &jenv, NULL);
#else
vmret = (*g_vm)->AttachCurrentThread(g_vm, (void**) &jenv, NULL);
#endif
/* (*jenv) may be NULL if JVM is shutting down */
if ((vmret != JNI_OK) || (jenv == NULL) || (*jenv == NULL)) {
printf("Failed to attach to thread in NativeLoggingCallback\n");
return;
}
needsDetach = 1;
/* If the JVM is shutting down, we may reach this point. One cause
* of this can be if wolfSSL_Cleanup() is called from the atexit()
* handler that native wolfSSL registers. wolfSSL_Cleanup() then does
* some logging (WOLFSSL_ENTER) which reaches this code. Just return
* since trying to re-attach was not working for these cases.*/
return;
} else if (vmret != JNI_OK) {
printf("Unable to get JNIEnv from JavaVM in NativeLoggingCallback\n");
return;
}
/* if g_loggingCbIfaceObj has been released (part of wolfSSL_Cleanup()),
* just return and skip this log */
if (g_loggingCbIfaceObj == NULL) {
if (needsDetach == 1) {
(*g_vm)->DetachCurrentThread(g_vm);
}
return;
}
/* find exception class */
excClass = (*jenv)->FindClass(jenv, "java/lang/Exception");
if ((*jenv)->ExceptionOccurred(jenv)) {

58
native/com_wolfssl_WolfSSL.h
View File

@ -203,16 +203,6 @@ extern "C" {
#define com_wolfssl_WolfSSL_NO_PASSWORD -176L
#undef com_wolfssl_WolfSSL_TLS13_SECRET_CB_E
#define com_wolfssl_WolfSSL_TLS13_SECRET_CB_E -438L
#undef com_wolfssl_WolfSSL_MD5
#define com_wolfssl_WolfSSL_MD5 0L
#undef com_wolfssl_WolfSSL_SHA
#define com_wolfssl_WolfSSL_SHA 1L
#undef com_wolfssl_WolfSSL_SHA256
#define com_wolfssl_WolfSSL_SHA256 2L
#undef com_wolfssl_WolfSSL_SHA512
#define com_wolfssl_WolfSSL_SHA512 4L
#undef com_wolfssl_WolfSSL_SHA384
#define com_wolfssl_WolfSSL_SHA384 5L
#undef com_wolfssl_WolfSSL_DSAk
#define com_wolfssl_WolfSSL_DSAk 515L
#undef com_wolfssl_WolfSSL_RSAk
@ -439,6 +429,46 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getBulkCipherAlgorithmEnumCHACHA
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getBulkCipherAlgorithmEnumCAMELLIA
(JNIEnv *, jclass);
/*
* Class: com_wolfssl_WolfSSL
* Method: getHmacEnumMD5
* Signature: ()I
*/
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getHmacEnumMD5
(JNIEnv *, jclass);
/*
* Class: com_wolfssl_WolfSSL
* Method: getHmacEnumSHA1
* Signature: ()I
*/
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getHmacEnumSHA1
(JNIEnv *, jclass);
/*
* Class: com_wolfssl_WolfSSL
* Method: getHmacEnumSHA256
* Signature: ()I
*/
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getHmacEnumSHA256
(JNIEnv *, jclass);
/*
* Class: com_wolfssl_WolfSSL
* Method: getHmacEnumSHA384
* Signature: ()I
*/
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getHmacEnumSHA384
(JNIEnv *, jclass);
/*
* Class: com_wolfssl_WolfSSL
* Method: getHmacEnumSHA512
* Signature: ()I
*/
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getHmacEnumSHA512
(JNIEnv *, jclass);
/*
* Class: com_wolfssl_WolfSSL
* Method: getTls13SecretEnum_CLIENT_EARLY_TRAFFIC_SECRET
@ -687,6 +717,14 @@ JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_sessionTicketEnabled
JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_secretCallbackEnabled
(JNIEnv *, jclass);
/*
* Class: com_wolfssl_WolfSSL
* Method: encryptThenMacEnabled
* Signature: ()Z
*/
JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_encryptThenMacEnabled
(JNIEnv *, jclass);
/*
* Class: com_wolfssl_WolfSSL
* Method: SSLv3_ServerMethod

316
native/com_wolfssl_WolfSSLContext.c
View File

@ -54,6 +54,9 @@ int NativeMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut,
int NativeDecryptVerifyCb(WOLFSSL* ssl, unsigned char* decOut,
const unsigned char* decIn, unsigned int decSz, int content,
int verify, unsigned int* padSz, void* ctx);
int NativeVerifyDecryptCb(WOLFSSL* ssl, unsigned char* decOut,
const unsigned char* decIn, unsigned int decSz, int content,
int macVerify, unsigned int* padSz, void* ctx);
int NativeEccSignCb(WOLFSSL* ssl, const unsigned char* in, unsigned int inSz,
unsigned char* out, unsigned int* outSz, const unsigned char* keyDer,
unsigned int keySz, void* ctx);
@ -1979,7 +1982,38 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLContext_setDecryptVerifyCb
} else {
(*jenv)->ThrowNew(jenv, excClass,
"Input WolfSSLContext object was null when "
"setting MacDecrypt");
"setting DecryptVerify");
}
#else
(*jenv)->ThrowNew(jenv, excClass,
"wolfSSL not compiled with ATOMIC_USER");
#endif /* ATOMIC_USER */
}
JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLContext_setVerifyDecryptCb
(JNIEnv* jenv, jobject jcl, jlong ctx)
{
jclass excClass = NULL;
(void)jcl;
/* find exception class */
excClass = (*jenv)->FindClass(jenv, "com/wolfssl/WolfSSLJNIException");
if ((*jenv)->ExceptionOccurred(jenv)) {
(*jenv)->ExceptionDescribe(jenv);
(*jenv)->ExceptionClear(jenv);
return;
}
#ifdef ATOMIC_USER
if(ctx) {
/* set verify/decrypt callback */
wolfSSL_CTX_SetVerifyDecryptCb((WOLFSSL_CTX*)(uintptr_t)ctx,
NativeVerifyDecryptCb);
} else {
(*jenv)->ThrowNew(jenv, excClass,
"Input WolfSSLContext object was null when "
"setting VerifyDecrypt");
}
#else
(*jenv)->ThrowNew(jenv, excClass,
@ -2509,6 +2543,266 @@ int NativeDecryptVerifyCb(WOLFSSL* ssl, unsigned char* decOut,
return retval;
}
int NativeVerifyDecryptCb(WOLFSSL* ssl, unsigned char* decOut,
const unsigned char* decIn, unsigned int decSz, int content,
int macVerify, unsigned int* padSz, void* ctx)
{
jint retval = 0;
jint vmret = 0;
JNIEnv* jenv; /* JNI environment */
jclass excClass; /* WolfSSLJNIException class */
int needsDetach = 0; /* Should we explicitly detach? */
int hmacSize = 0; /* WOLFSSL HMAC digest size */
static jobject* g_cachedSSLObj; /* WolfSSLSession cached object */
jclass sessClass; /* WolfSSLSession class */
jfieldID ctxFid; /* WolfSSLSession->ctx FieldID */
jmethodID getCtxMethodId; /* WolfSSLSession->getAssCtxPtr() ID */
jobject ctxRef; /* WolfSSLContext object */
jclass innerCtxClass; /* WolfSSLContext class */
jmethodID verifyDecryptMethodId;
jbyteArray j_decIn;
jlongArray j_padSz;
jobject decOutBB = NULL;
jlong tmpVal = 0;
(void)ctx;
if (!g_vm || !ssl || !decOut || !decIn || !padSz) {
return -1;
}
/* get JavaEnv from JavaVM */
vmret = (int)((*g_vm)->GetEnv(g_vm, (void**) &jenv, JNI_VERSION_1_6));
if (vmret == JNI_EDETACHED) {
#ifdef __ANDROID__
vmret = (*g_vm)->AttachCurrentThread(g_vm, &jenv, NULL);
#else
vmret = (*g_vm)->AttachCurrentThread(g_vm, (void**) &jenv, NULL);
#endif
if (vmret) {
return -1;
}
needsDetach = 1;
} else if (vmret != JNI_OK) {
return -1;
}
/* find exception class in case we need it */
excClass = (*jenv)->FindClass(jenv, "com/wolfssl/WolfSSLJNIException");
if ((*jenv)->ExceptionOccurred(jenv)) {
(*jenv)->ExceptionDescribe(jenv);
(*jenv)->ExceptionClear(jenv);
if (needsDetach)
(*g_vm)->DetachCurrentThread(g_vm);
return -1;
}
/* get stored WolfSSLSession jobject */
g_cachedSSLObj = (jobject*) wolfSSL_get_jobject((WOLFSSL*)ssl);
if (!g_cachedSSLObj) {
(*jenv)->ThrowNew(jenv, excClass,
"Can't get native WolfSSLSession object reference in "
"NativeVerifyDecryptCb");
if (needsDetach)
(*g_vm)->DetachCurrentThread(g_vm);
return -1;
}
/* lookup WolfSSLSession class from object */
sessClass = (*jenv)->GetObjectClass(jenv, (jobject)(*g_cachedSSLObj));
if (!sessClass) {
(*jenv)->ThrowNew(jenv, excClass,
"Can't get native WolfSSLSession class reference in "
"NativeVerifyDecryptCb");
if (needsDetach)
(*g_vm)->DetachCurrentThread(g_vm);
return -1;
}
/* lookup WolfSSLContext private member fieldID */
ctxFid = (*jenv)->GetFieldID(jenv, sessClass, "ctx",
"Lcom/wolfssl/WolfSSLContext;");
if (!ctxFid) {
if ((*jenv)->ExceptionOccurred(jenv)) {
(*jenv)->ExceptionDescribe(jenv);
(*jenv)->ExceptionClear(jenv);
}
(*jenv)->ThrowNew(jenv, excClass,
"Can't get native WolfSSLContext field ID "
"in NativeVerifyDecryptCb");
if (needsDetach)
(*g_vm)->DetachCurrentThread(g_vm);
return -1;
}
/* find getContextPtr() method */
getCtxMethodId = (*jenv)->GetMethodID(jenv, sessClass,
"getAssociatedContextPtr",
"()Lcom/wolfssl/WolfSSLContext;");
if (!getCtxMethodId) {
if ((*jenv)->ExceptionOccurred(jenv)) {
(*jenv)->ExceptionDescribe(jenv);
(*jenv)->ExceptionClear(jenv);
}
(*jenv)->ThrowNew(jenv, excClass,
"Can't get getAssociatedContextPtr() method ID "
"in NativeVerifyDecryptCb");
if (needsDetach)
(*g_vm)->DetachCurrentThread(g_vm);
return -1;
}
/* get WolfSSLContext ctx object from Java land */
ctxRef = (*jenv)->CallObjectMethod(jenv, (jobject)(*g_cachedSSLObj),
getCtxMethodId);
CheckException(jenv);
if (!ctxRef) {
(*jenv)->ThrowNew(jenv, excClass,
"Can't get WolfSSLContext object in NativeVerifyDecryptCb");
if (needsDetach)
(*g_vm)->DetachCurrentThread(g_vm);
return -1;
}
/* get WolfSSLContext class reference from Java land */
innerCtxClass = (*jenv)->GetObjectClass(jenv, ctxRef);
if (!innerCtxClass) {
(*jenv)->ThrowNew(jenv, excClass,
"Can't get native WolfSSLContext class reference "
"in NativeVerifyDecryptCb");
(*jenv)->DeleteLocalRef(jenv, ctxRef);
if (needsDetach)
(*g_vm)->DetachCurrentThread(g_vm);
return -1;
}
/* call internal verify/decrypt callback */
verifyDecryptMethodId = (*jenv)->GetMethodID(jenv, innerCtxClass,
"internalVerifyDecryptCallback",
"(Lcom/wolfssl/WolfSSLSession;Ljava/nio/ByteBuffer;[BJII[J)I");
if (!verifyDecryptMethodId) {
if ((*jenv)->ExceptionOccurred(jenv)) {
(*jenv)->ExceptionDescribe(jenv);
(*jenv)->ExceptionClear(jenv);
}
(*jenv)->ThrowNew(jenv, excClass,
"Error getting internalVerifyDecryptCallback method "
"from JNI");
(*jenv)->DeleteLocalRef(jenv, ctxRef);
if (needsDetach)
(*g_vm)->DetachCurrentThread(g_vm);
return -1;
}
if (retval == 0) {
/* Get WOLFSSL HMAC digest size, decOut holds decSz + hmacSize */
hmacSize = wolfSSL_GetHmacSize((WOLFSSL*)ssl);
/* create ByteBuffer to wrap decOut */
decOutBB = (*jenv)->NewDirectByteBuffer(jenv, decOut, decSz + hmacSize);
if (!decOutBB) {
(*jenv)->ThrowNew(jenv, excClass,
"failed to create decOut ByteBuffer");
(*jenv)->DeleteLocalRef(jenv, ctxRef);
if (needsDetach)
(*g_vm)->DetachCurrentThread(g_vm);
return -1;
}
/* create jbyteArray to hold decIn */
j_decIn = (*jenv)->NewByteArray(jenv, decSz);
if (!j_decIn) {
(*jenv)->ThrowNew(jenv, excClass,
"failed to create decIn ByteArray");
(*jenv)->DeleteLocalRef(jenv, ctxRef);
(*jenv)->DeleteLocalRef(jenv, decOutBB);
if (needsDetach)
(*g_vm)->DetachCurrentThread(g_vm);
return -1;
}
(*jenv)->SetByteArrayRegion(jenv, j_decIn, 0, decSz, (jbyte*)decIn);
if ((*jenv)->ExceptionOccurred(jenv)) {
(*jenv)->ExceptionDescribe(jenv);
(*jenv)->ExceptionClear(jenv);
(*jenv)->DeleteLocalRef(jenv, ctxRef);
(*jenv)->DeleteLocalRef(jenv, decOutBB);
(*jenv)->DeleteLocalRef(jenv, j_decIn);
if (needsDetach)
(*g_vm)->DetachCurrentThread(g_vm);
return -1;
}
/* create jlongArray to hold padSz, since we need to use it as
* an OUTPUT parameter from Java. Only needs to have 1 element */
j_padSz = (*jenv)->NewLongArray(jenv, 1);
if (!j_padSz) {
(*jenv)->ThrowNew(jenv, excClass,
"failed to create padSz longArray");
(*jenv)->DeleteLocalRef(jenv, ctxRef);
(*jenv)->DeleteLocalRef(jenv, decOutBB);
(*jenv)->DeleteLocalRef(jenv, j_decIn);
if (needsDetach)
(*g_vm)->DetachCurrentThread(g_vm);
return -1;
}
/* call Java verify/decrypt callback, java layer handles
* adding verify/decrypt CTX reference */
retval = (*jenv)->CallIntMethod(jenv, ctxRef, verifyDecryptMethodId,
(jobject)(*g_cachedSSLObj), decOutBB, j_decIn, (jlong)decSz,
content, macVerify, j_padSz);
if ((*jenv)->ExceptionOccurred(jenv)) {
(*jenv)->ExceptionDescribe(jenv);
(*jenv)->ExceptionClear(jenv);
(*jenv)->DeleteLocalRef(jenv, ctxRef);
(*jenv)->DeleteLocalRef(jenv, decOutBB);
(*jenv)->DeleteLocalRef(jenv, j_decIn);
(*jenv)->DeleteLocalRef(jenv, j_padSz);
if (needsDetach)
(*g_vm)->DetachCurrentThread(g_vm);
return -1;
}
if (retval == 0) {
/* copy j_padSz into padSz */
(*jenv)->GetLongArrayRegion(jenv, j_padSz, 0, 1, &tmpVal);
if ((*jenv)->ExceptionOccurred(jenv)) {
(*jenv)->ExceptionDescribe(jenv);
(*jenv)->ExceptionClear(jenv);
(*jenv)->DeleteLocalRef(jenv, ctxRef);
(*jenv)->DeleteLocalRef(jenv, decOutBB);
(*jenv)->DeleteLocalRef(jenv, j_decIn);
(*jenv)->DeleteLocalRef(jenv, j_padSz);
if (needsDetach)
(*g_vm)->DetachCurrentThread(g_vm);
return -1;
}
*padSz = (unsigned int)tmpVal;
}
/* delete local refs */
(*jenv)->DeleteLocalRef(jenv, decOutBB);
(*jenv)->DeleteLocalRef(jenv, j_decIn);
(*jenv)->DeleteLocalRef(jenv, j_padSz);
}
/* delete local refs, detach JNIEnv from thread */
(*jenv)->DeleteLocalRef(jenv, ctxRef);
if (needsDetach)
(*g_vm)->DetachCurrentThread(g_vm);
return retval;
}
#endif /* ATOMIC_USER */
JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLContext_setEccSignCb
@ -3315,7 +3609,7 @@ int NativeEccSharedSecretCb(WOLFSSL* ssl, ecc_key* otherKey,
/* find internal ecc shared secret callback */
ret = GetMethodIDFromObject(jenv, ctxRef,
"internalEccSharedSecretCallback",
"(Lcom/wolfssl/WolfSSLSession;Lcom/wolfssl/wolfcrypt/EccKey;"
"(Lcom/wolfssl/WolfSSLSession;Lcom/wolfssl/WolfCryptEccKey;"
"Ljava/nio/ByteBuffer;[JLjava/nio/ByteBuffer;[JI)I",
&eccSharedSecretMethodId);
@ -3329,34 +3623,36 @@ int NativeEccSharedSecretCb(WOLFSSL* ssl, ecc_key* otherKey,
/* SETUP: otherKey - holds server's public key on client end, otherwise
* holds server's private key on server end. */
/* find EccKey class */
eccKeyClass = (*jenv)->FindClass(jenv, "com/wolfssl/wolfcrypt/EccKey");
/* find WolfCryptEccKey class */
eccKeyClass = (*jenv)->FindClass(jenv,
"com/wolfssl/WolfCryptEccKey");
if (!eccKeyClass) {
CheckException(jenv);
throwWolfSSLJNIExceptionWithMsg(jenv,
"Error finding EccKey class for ECC shared secret callback",
needsDetach);
"Error finding WolfCryptEccKey class for ECC "
"shared secret callback",
needsDetach);
return -1;
}
/* find EccKey constructor */
/* find WolfCryptEccKey constructor */
eccKeyMethodId = (*jenv)->GetMethodID(jenv, eccKeyClass,
"<init>", "(J)V");
if (!eccKeyMethodId) {
CheckException(jenv);
throwWolfSSLJNIExceptionWithMsg(jenv,
"Error getting EccKey constructor method ID in "
"Error getting WolfCryptEccKey constructor method ID in "
"ECC shared secret callback", needsDetach);
return -1;
}
/* create new EccKey object to return otherKey */
/* create new WolfCryptEccKey object to return otherKey */
eccKeyObject = (*jenv)->NewObject(jenv, eccKeyClass, eccKeyMethodId,
(jlong)(uintptr_t)otherKey);
if (!eccKeyObject) {
CheckException(jenv);
throwWolfSSLJNIExceptionWithMsg(jenv,
"Error creating EccKey object in native ECC "
"Error creating WolfCryptEccKey object in native ECC "
"shared secret callback", needsDetach);
return -1;
}

8
native/com_wolfssl_WolfSSLContext.h
View File

@ -287,6 +287,14 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLContext_setMacEncryptCb
JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLContext_setDecryptVerifyCb
(JNIEnv *, jobject, jlong);
/*
* Class: com_wolfssl_WolfSSLContext
* Method: setVerifyDecryptCb
* Signature: (J)V
*/
JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLContext_setVerifyDecryptCb
(JNIEnv *, jobject, jlong);
/*
* Class: com_wolfssl_WolfSSLContext
* Method: setEccSignCb

37
native/com_wolfssl_wolfcrypt_EccKey.h
View File

@ -1,37 +0,0 @@
/* DO NOT EDIT THIS FILE - it is machine generated */
#include <jni.h>
/* Header for class com_wolfssl_wolfcrypt_EccKey */
#ifndef _Included_com_wolfssl_wolfcrypt_EccKey
#define _Included_com_wolfssl_wolfcrypt_EccKey
#ifdef __cplusplus
extern "C" {
#endif
/*
* Class: com_wolfssl_wolfcrypt_EccKey
* Method: EccPublicKeyToDer
* Signature: (J)[B
*/
JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_EccKey_EccPublicKeyToDer
(JNIEnv *, jobject, jlong);
/*
* Class: com_wolfssl_wolfcrypt_EccKey
* Method: EccPrivateKeyToDer
* Signature: (J)[B
*/
JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_EccKey_EccPrivateKeyToDer
(JNIEnv *, jobject, jlong);
/*
* Class: com_wolfssl_wolfcrypt_EccKey
* Method: EccPrivateKeyToPKCS8
* Signature: (J)[B
*/
JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_EccKey_EccPrivateKeyToPKCS8
(JNIEnv *, jobject, jlong);
#ifdef __cplusplus
}
#endif
#endif

6
platform/android_aosp/wolfssljni/Android.mk
View File

@ -32,9 +32,9 @@ include $(CLEAR_VARS)
LOCAL_CFLAGS += $(native_cflags)
LOCAL_CFLAGS:= -DHAVE_FFDHE_2048 -DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT -DWC_RSA_BLINDING -DHAVE_AESGCM -DWOLFSSL_SHA512 -DWOLFSSL_SHA384 -DHAVE_HKDF -DNO_DSA -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR -DWC_RSA_PSS -DWOLFSSL_BASE64_ENCODE -DNO_RC4 -DWOLFSSL_SHA224 -DWOLFSSL_SHA3 -DHAVE_POLY1305 -DHAVE_ONE_TIME_AUTH -DHAVE_CHACHA -DHAVE_HASHDRBG -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES -DHAVE_EXTENDED_MASTER -DHAVE_SNI -DHAVE_ALPN -DWOLFSSL_JNI -DWOLFSSL_DTLS -DOPENSSL_EXTRA -DOPENSSL_ALL -DHAVE_EX_DATA -DHAVE_CRL -DHAVE_OCSP -DHAVE_CRL_MONITOR -DPERSIST_SESSION_CACHE -DPERSIST_CERT_CACHE -DATOMIC_USER -DHAVE_PK_CALLBACKS -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN -DHAVE_ENCRYPT_THEN_MAC -DNO_MD4 -DWOLFSSL_ENCRYPTED_KEYS -DUSE_FAST_MATH -DNO_DES3 -DKEEP_PEER_CERT -DSESSION_CERTS -DHAVE_SESSION_TICKET -DSIZEOF_LONG=4 -DSIZEOF_LONG_LONG=8 -Os -fomit-frame-pointer
LOCAL_SRC_FILES := \
native/com_wolfssl_wolfcrypt_ECC.c \
native/com_wolfssl_wolfcrypt_EccKey.c \
native/com_wolfssl_wolfcrypt_RSA.c \
native/com_wolfssl_WolfCryptECC.c \
native/com_wolfssl_WolfCryptEccKey.c \
native/com_wolfssl_WolfCryptRSA.c \
native/com_wolfssl_WolfSSL.c \
native/com_wolfssl_WolfSSLCertificate.c \
native/com_wolfssl_WolfSSLCertManager.c \

7
scripts/infer.sh
View File

@ -63,11 +63,12 @@ infer --fail-on-issue run -- javac \
src/java/com/wolfssl/WolfSSLSession.java \
src/java/com/wolfssl/WolfSSLTls13SecretCallback.java \
src/java/com/wolfssl/WolfSSLVerifyCallback.java \
src/java/com/wolfssl/WolfSSLVerifyDecryptCallback.java \
src/java/com/wolfssl/WolfSSLX509Name.java \
src/java/com/wolfssl/WolfSSLX509StoreCtx.java \
src/java/com/wolfssl/wolfcrypt/ECC.java \
src/java/com/wolfssl/wolfcrypt/EccKey.java \
src/java/com/wolfssl/wolfcrypt/RSA.java \
src/java/com/wolfssl/WolfCryptECC.java \
src/java/com/wolfssl/WolfCryptEccKey.java \
src/java/com/wolfssl/WolfCryptRSA.java \
src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java \
src/java/com/wolfssl/provider/jsse/WolfSSLContext.java \
src/java/com/wolfssl/provider/jsse/WolfSSLCustomUser.java \

15
src/java/com/wolfssl/wolfcrypt/ECC.java → src/java/com/wolfssl/WolfCryptECC.java
View File

@ -1,4 +1,4 @@
/* ECC.java
/* WolfCryptECC.java
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
@ -19,7 +19,7 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
package com.wolfssl.wolfcrypt;
package com.wolfssl;
import java.nio.ByteBuffer;
@ -29,12 +29,17 @@ import java.nio.ByteBuffer;
* written to be used with this package's example ECC public key callbacks.
* Usage can be found in examples/Client.java and examples/Server.java.
*
* This class was previously named 'ECC' and was renamed to 'WolfCryptECC'
* to avoid naming conflicts with the 'ECC' class in the wolfCrypt JNI/JCE
* package. Apart from the name change, the class behavior and use
* remains the same.
*
* @author wolfSSL
*/
public class ECC {
public class WolfCryptECC {
/** Default ECC constructor */
public ECC() { }
/** Default WolfCryptECC constructor */
public WolfCryptECC() { }
/**
* ECC verify. Wraps native wc_ecc_verify_hash() to verify ECDSA

16
src/java/com/wolfssl/wolfcrypt/EccKey.java → src/java/com/wolfssl/WolfCryptEccKey.java
View File

@ -1,4 +1,4 @@
/* EccKey.java
/* WolfCryptEccKey.java
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
@ -19,16 +19,20 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
package com.wolfssl.wolfcrypt;
package com.wolfssl;
import com.wolfssl.WolfSSLException;
/**
* Wraps a native ecc_key structure pointer.
*
* This class was previously named 'EccKey' and was renamed to 'WolfCryptEccKey'
* to avoid naming conflicts with the wolfCrypt JNI/JCE package name space.
* Apart from the name change, the class behavior and use remains the same.
*
* @author wolfSSL
*/
public class EccKey {
public class WolfCryptEccKey {
/* internal ecc_key structure pointer */
private long eccKeyPtr;
@ -37,13 +41,13 @@ public class EccKey {
private boolean active = false;
/**
* Create new EccKey object, wrapping native ecc_key with pointer
* Create new WolfCryptEccKey object, wrapping native ecc_key with pointer
* keyPtr.
*
* @param keyPtr pointer to native ecc_key structure
* @throws com.wolfssl.WolfSSLException if key object creation failed
*/
public EccKey(long keyPtr) throws WolfSSLException {
public WolfCryptEccKey(long keyPtr) throws WolfSSLException {
if (keyPtr == 0) {
throw new WolfSSLException("NULL ecc_key pointer not allowed");
} else {
@ -119,5 +123,5 @@ public class EccKey {
super.finalize();
}
} /* end EccKey */
} /* end WolfCryptEccKey */

15
src/java/com/wolfssl/wolfcrypt/RSA.java → src/java/com/wolfssl/WolfCryptRSA.java
View File

@ -1,4 +1,4 @@
/* RSA.java
/* WolfCryptRSA.java
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
@ -19,7 +19,7 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
package com.wolfssl.wolfcrypt;
package com.wolfssl;
import java.nio.ByteBuffer;
@ -29,12 +29,17 @@ import java.nio.ByteBuffer;
* written to be used with this package's example RSA public key callbacks.
* Usage can be found in examples/Client.java and examples/Server.java.
*
* This class was previously named 'RSA' and was renamed to 'WolfCryptRSA'
* to avoid naming conflicts with the 'RSA' class in the wolfCrypt JNI/JCE
* package. Apart from the name change, the class behavior and use
* remains the same.
*
* @author wolfSSL
*/
public class RSA {
public class WolfCryptRSA {
/** Default RSA constructor */
public RSA() { }
/** Default WolfCryptRSA constructor */
public WolfCryptRSA() { }
/**
* RSA sign, wraps native wolfCrypt operation.

39
src/java/com/wolfssl/WolfSSL.java
View File

@ -394,17 +394,19 @@ public class WolfSSL {
/** TLS 1.3 secret callback function failure */
public static final int TLS13_SECRET_CB_E = -438;
/* hmac codes, from wolfssl/wolfcrypt/hmac.h */
/* HMAC codes, from wolfssl/wolfcrypt/hmac.h. These values
* are set via JNI calls in static class block since they can change
* depending on if wolfSSL is a FIPS or non-FIPS build. */
/** Md5 HMAC type */
public static final int MD5 = 0;
public static int MD5;
/** SHA-1 HMAC type */
public static final int SHA = 1;
public static int SHA;
/** SHA2-256 HMAC type */
public static final int SHA256 = 2;
public static int SHA256;
/** SHA2-512 HMAC type */
public static final int SHA512 = 4;
public static int SHA512;
/** SHA2-384 HMAC type */
public static final int SHA384 = 5;
public static int SHA384;
/* key types */
/** DSA key type */
@ -579,7 +581,7 @@ public class WolfSSL {
+ ret);
}
/* initialize enum values */
/* initialize cipher enum values */
wolfssl_aes = getBulkCipherAlgorithmEnumAES();
wolfssl_cipher_null = getBulkCipherAlgorithmEnumNULL();
wolfssl_rc4 = getBulkCipherAlgorithmEnumRC4();
@ -590,6 +592,13 @@ public class WolfSSL {
wolfssl_aes_gcm = getBulkCipherAlgorithmEnumAESGCM();
wolfssl_aes_ccm = getBulkCipherAlgorithmEnumAESCCM();
/* initialize cipher enum values */
MD5 = getHmacEnumMD5();
SHA = getHmacEnumSHA1();
SHA256 = getHmacEnumSHA256();
SHA384 = getHmacEnumSHA384();
SHA512 = getHmacEnumSHA512();
/* initialize TLS 1.3 secret callback ID enums */
CLIENT_EARLY_TRAFFIC_SECRET =
getTls13SecretEnum_CLIENT_EARLY_TRAFFIC_SECRET();
@ -631,6 +640,12 @@ public class WolfSSL {
static native int getBulkCipherAlgorithmEnumCHACHA();
static native int getBulkCipherAlgorithmEnumCAMELLIA();
static native int getHmacEnumMD5();
static native int getHmacEnumSHA1();
static native int getHmacEnumSHA256();
static native int getHmacEnumSHA384();
static native int getHmacEnumSHA512();
static native int getTls13SecretEnum_CLIENT_EARLY_TRAFFIC_SECRET();
static native int getTls13SecretEnum_CLIENT_HANDSHAKE_TRAFFIC_SECRET();
static native int getTls13SecretEnum_SERVER_HANDSHAKE_TRAFFIC_SECRET();
@ -931,7 +946,7 @@ public class WolfSSL {
/**
* Tests if native wolfSSL has been compiled with HAVE_SECRET_CALLBACK
* default. If defined, will compile in APIs to support SSL/TLS secret
* If defined, will compile in APIs to support SSL/TLS secret
* callback support.
*
* @return true if enabled, otherwise false if HAVE_SECRET_CALLBACK
@ -939,6 +954,14 @@ public class WolfSSL {
*/
public static native boolean secretCallbackEnabled();
/**
* Tests if native wolfSSL has been compiled with HAVE_ENCRYPT_THEN_MAC.
*
* @return true if enabled, otherwise false if HAVE_ENCRYPT_THEN_MAC
* has not been defined.
*/
public static native boolean encryptThenMacEnabled();
/* ---------------- native SSL/TLS version functions ---------------- */
/**

74
src/java/com/wolfssl/WolfSSLContext.java
View File

@ -23,7 +23,7 @@ package com.wolfssl;
import java.util.Arrays;
import java.nio.ByteBuffer;
import com.wolfssl.wolfcrypt.EccKey;
import com.wolfssl.WolfCryptEccKey;
import com.wolfssl.WolfSSLDebug;
import com.wolfssl.WolfSSLException;
import com.wolfssl.WolfSSLJNIException;
@ -48,9 +48,10 @@ public class WolfSSLContext {
/* user-registered DTLS cookie generation callback */
private WolfSSLGenCookieCallback internCookieCb = null;
/* user-registered MAC/encrypt and decrypt/verify callbacks */
/* user-registered MAC/encrypt, dec/verify, verify/dec callbacks */
private WolfSSLMacEncryptCallback internMacEncryptCb = null;
private WolfSSLDecryptVerifyCallback internDecryptVerifyCb = null;
private WolfSSLVerifyDecryptCallback internVerifyDecryptCb = null;
/* user-registered ECC sign/verify callbacks */
private WolfSSLEccSignCallback internEccSignCb = null;
@ -147,6 +148,11 @@ public class WolfSSLContext {
return internDecryptVerifyCb;
}
/* used by JNI native verify/decrypt Cb */
synchronized WolfSSLVerifyDecryptCallback getInternVerifyDecryptCb() {
return internVerifyDecryptCb;
}
/* this will be registered with native wolfSSL library */
private int internalIORecvCallback(WolfSSLSession ssl, byte[] buf, int sz)
{
@ -210,6 +216,20 @@ public class WolfSSLContext {
return ret;
}
private int internalVerifyDecryptCallback(WolfSSLSession ssl,
ByteBuffer decOut, byte[] decIn, long decSz, int content,
int macVerify, long[] padSz)
{
int ret;
/* call user-registered verify/decrypt method */
ret = internVerifyDecryptCb.verifyDecryptCallback(ssl, decOut,
decIn, decSz, content, macVerify, padSz,
ssl.getVerifyDecryptCtx());
return ret;
}
private int internalEccSignCallback(WolfSSLSession ssl, ByteBuffer in,
long inSz, ByteBuffer out, long[] outSz, ByteBuffer keyDer,
long keySz)
@ -237,7 +257,7 @@ public class WolfSSLContext {
}
private int internalEccSharedSecretCallback(WolfSSLSession ssl,
EccKey otherKey, ByteBuffer pubKeyDer, long[] pubKeyDerSz,
WolfCryptEccKey otherKey, ByteBuffer pubKeyDer, long[] pubKeyDerSz,
ByteBuffer out, long[] outSz, int side)
{
int ret;
@ -385,6 +405,7 @@ public class WolfSSLContext {
private native int setOCSPOverrideUrl(long ctx, String url);
private native void setMacEncryptCb(long ctx);
private native void setDecryptVerifyCb(long ctx);
private native void setVerifyDecryptCb(long ctx);
private native void setEccSignCb(long ctx);
private native void setEccVerifyCb(long ctx);
private native void setEccSharedSecretCb(long ctx);
@ -1583,6 +1604,7 @@ public class WolfSSLContext {
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see #setDecryptVerifyCb(WolfSSLDecryptVerifyCallback)
* @see #setVerifyDecryptCb(WolfSSLVerifyDecryptCallback)
*/
public synchronized void setMacEncryptCb(WolfSSLMacEncryptCallback callback)
throws IllegalStateException, WolfSSLJNIException {
@ -1626,6 +1648,7 @@ public class WolfSSLContext {
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see #setMacEncryptCb(WolfSSLMacEncryptCallback)
* @see #setVerifyDecryptCb(WolfSSLVerifyDecryptCallback)
*/
public synchronized void setDecryptVerifyCb(
WolfSSLDecryptVerifyCallback callback)
@ -1646,6 +1669,51 @@ public class WolfSSLContext {
}
}
/**
* Allows caller to set the Atomic Record Processing Verify/Decrypt
* Callback.
* The callback should return 0 for success, or a negative value for
* an error. The <b>ssl</b> and <b>ctx</b> pointers are available
* for the users convenience. <b>decOut</b> is the output buffer
* where the result of the decryption should be stored. <b>decIn</b>
* is the encrypted input buffer and <b>decInSz</b> notes the size of the
* buffer. <b>context</b> and <b>macVerify</b> are needed for
* setTlsHmacInner() and can be passed along as-is. <b>padSz</b> is
* an output variable, where the first element in the array should be set
* with the total value of the padding. That is, the mac size plus any
* padding and pad bytes. An example callback can be found in
* examples/MyVerifyDecryptCallback.java.
*
* @param callback object to be registered as the verify/decrypt
* callback for the WolfSSL context. The signature of
* this object and corresponding method must match that
* as shown in
* WolfSSLVerifyDecryptCallback.java, inside
* verifyDecryptCallback().
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see #setMacEncryptCb(WolfSSLMacEncryptCallback)
* @see #setDecryptVerifyCb(WolfSSLDecryptVerifyCallback)
*/
public synchronized void setVerifyDecryptCb(
WolfSSLVerifyDecryptCallback callback)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (ctxLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, getContextPtr(),
"entered setVerifyDecryptCb(" + callback + ")");
/* set verify/decrypt callback */
internVerifyDecryptCb = callback;
/* register internal callback with native library */
setVerifyDecryptCb(getContextPtr());
}
}
/**
* Allows caller to set the Public Key Callback for ECC Signing.
* The callback should return 0 for success or a negative value for an

8
src/java/com/wolfssl/WolfSSLEccSharedSecretCallback.java
View File

@ -22,7 +22,7 @@
package com.wolfssl;
import java.nio.ByteBuffer;
import com.wolfssl.wolfcrypt.EccKey;
import com.wolfssl.WolfCryptEccKey;
/**
* wolfSSL ECC Shared Secret Callback Interface.
@ -62,8 +62,8 @@ public interface WolfSSLEccSharedSecretCallback {
* @return <b><code>0</code></b> upon success,
* otherwise a negative value on error.
*/
public int eccSharedSecretCallback(WolfSSLSession ssl, EccKey otherKey,
ByteBuffer pubKeyDer, long[] pubKeyDerSz, ByteBuffer out,
long[] outSz, int side, Object ctx);
public int eccSharedSecretCallback(WolfSSLSession ssl,
WolfCryptEccKey otherKey, ByteBuffer pubKeyDer, long[] pubKeyDerSz,
ByteBuffer out, long[] outSz, int side, Object ctx);
}

29
src/java/com/wolfssl/WolfSSLSession.java
View File

@ -52,6 +52,7 @@ public class WolfSSLSession {
private Object genCookieCtx;
private Object macEncryptCtx;
private Object decryptVerifyCtx;
private Object verifyDecryptCtx;
private Object eccSignCtx;
private Object eccVerifyCtx;
private Object eccSharedSecretCtx;
@ -199,6 +200,10 @@ public class WolfSSLSession {
return this.decryptVerifyCtx;
}
synchronized Object getVerifyDecryptCtx() {
return this.verifyDecryptCtx;
}
synchronized Object getEccSignCtx() {
return this.eccSignCtx;
}
@ -3579,6 +3584,30 @@ public class WolfSSLSession {
}
}
/**
* Allows caller to set the Atomic User Record Processing Verify/Decrypt
* Callback Context.
*
* @param ctx context object to be registered with the SSL session's
* verify/decrypt method.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLContext#setVerifyDecryptCb(WolfSSLVerifyDecryptCallback)
*/
public void setVerifyDecryptCtx(Object ctx)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered setVerifyDecryptCtx(" + ctx + ")");
verifyDecryptCtx = ctx;
}
}
/**
* Allows caller to set the Public Key ECC Signing Callback Context.
*

67
src/java/com/wolfssl/WolfSSLVerifyDecryptCallback.java 100644
View File

@ -0,0 +1,67 @@
/* WolfSSLVerifyDecryptCallback.java
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
package com.wolfssl;
import java.nio.ByteBuffer;
/**
* wolfSSL Verify/Decrypt callback interface.
* This interface specifies how applicaitons should implement the verify/decrypt
* callback class to be used by wolfSSL when using atomic record layer callbacks.
* Note that this is different than the decrypt/verify callback. For that, see
* WolfSSLDecryptVerifyCallback.
* <p>
* After implementing this interface, it should be passed as a parameter
* to the {@link WolfSSLContext#setVerifyDecryptCb(WolfSSLVerifyDecryptCallback)
* WolfSSLContext.setVerifyDecryptCb()} method to be registered with the
* native wolfSSL library.
*
* @author wolfSSL
*/
public interface WolfSSLVerifyDecryptCallback {
/**
* Atomic record layer verify/decrypt callback method.
* This method acts as the verify/decrypt callback to be used with
* the wolfSSL atomic record layer processing.
*
* @param ssl the current SSL session object from which the
* callback was initiated.
* @param decOut output buffer where the result of the decryption
* should be stored.
* @param decIn the encrypted input buffer
* @param decSz the size of the input buffer, <b>decIn</b>
* @param content used with setTlsHmacInner(), the type of message
* @param macVerify used with setTlsHmacInner(), specifies whether this
* is a verification of a peer message.
* @param padSz output variable that should be set with the total
* value of the padding. When setting this, the first
* element of the the array should be used.
* @param ctx user-registered decrypt/verify context
* @return <b><code>0</code></b> upon success,
* otherwise a negative value on failure.
*/
public int verifyDecryptCallback(WolfSSLSession ssl, ByteBuffer decOut,
byte[] decIn, long decSz, int content, int macVerify, long[] padSz,
Object ctx);
}

12
src/test/com/wolfssl/test/WolfCryptECCTest.java
View File

@ -27,25 +27,25 @@ import org.junit.runners.JUnit4;
import static org.junit.Assert.*;
import com.wolfssl.WolfSSLException;
import com.wolfssl.wolfcrypt.ECC;
import com.wolfssl.WolfCryptECC;
public class WolfCryptECCTest {
ECC ecc;
WolfCryptECC ecc;
@Test
public void testECC() throws WolfSSLException {
System.out.println("ECC Class");
System.out.println("WolfCryptECC Class");
test_ECC_new();
}
public void test_ECC_new() {
System.out.print("\tECC()");
ecc = new ECC();
System.out.println("\t\t\t\t... passed");
System.out.print("\tWolfCryptECC()");
ecc = new WolfCryptECC();
System.out.println("\t\t\t... passed");
}
}

12
src/test/com/wolfssl/test/WolfCryptRSATest.java
View File

@ -27,25 +27,25 @@ import org.junit.runners.JUnit4;
import static org.junit.Assert.*;
import com.wolfssl.WolfSSLException;
import com.wolfssl.wolfcrypt.RSA;
import com.wolfssl.WolfCryptRSA;
public class WolfCryptRSATest {
RSA rsa;
WolfCryptRSA rsa;
@Test
public void testRSA() throws WolfSSLException {
System.out.println("RSA Class");
System.out.println("WolfCryptRSA Class");
test_RSA_new();
}
public void test_RSA_new() {
System.out.print("\tRSA()");
rsa = new RSA();
System.out.println("\t\t\t\t... passed");
System.out.print("\tWolfCryptRSA()");
rsa = new WolfCryptRSA();
System.out.println("\t\t\t... passed");
}
}