WolfSSL
/
wolfssljni
mirror of https://github.com/wolfSSL/wolfssljni.git
1
0
Fork 0
Code Issues Releases Wiki Activity

JNI: wrap native SSL_CTX_set1_sigalgs_list() in WolfSSLContext

pull/169/head
Chris Conlon 2024-01-24 10:03:47 -07:00
parent 93814067d6
commit 91acf5ff19
7 changed files with 300 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
native/com_wolfssl_WolfSSL.c
View File

@ -350,6 +350,71 @@ JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_TLSv13Enabled
#endif
}
JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_ShaEnabled
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;
#if !defined(NO_SHA)
return JNI_TRUE;
#else
return JNI_FALSE;
#endif
}
JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_Sha224Enabled
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;
#if !defined(NO_SHA256) && defined(WOLFSSL_SHA224)
return JNI_TRUE;
#else
return JNI_FALSE;
#endif
}
JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_Sha256Enabled
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;
#if !defined(NO_SHA256)
return JNI_TRUE;
#else
return JNI_FALSE;
#endif
}
JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_Sha384Enabled
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;
#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_SHA384)
return JNI_TRUE;
#else
return JNI_FALSE;
#endif
}
JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_Sha512Enabled
(JNIEnv* jenv, jclass jcl)
{
(void)jenv;
(void)jcl;
#if defined(WOLFSSL_SHA512)
return JNI_TRUE;
#else
return JNI_FALSE;
#endif
}
JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_EccEnabled
(JNIEnv* jenv, jclass jcl)
{

40
native/com_wolfssl_WolfSSL.h
View File

@ -495,6 +495,46 @@ JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_TLSv12Enabled
JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_TLSv13Enabled
(JNIEnv *, jclass);
/*
* Class: com_wolfssl_WolfSSL
* Method: ShaEnabled
* Signature: ()Z
*/
JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_ShaEnabled
(JNIEnv *, jclass);
/*
* Class: com_wolfssl_WolfSSL
* Method: Sha224Enabled
* Signature: ()Z
*/
JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_Sha224Enabled
(JNIEnv *, jclass);
/*
* Class: com_wolfssl_WolfSSL
* Method: Sha256Enabled
* Signature: ()Z
*/
JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_Sha256Enabled
(JNIEnv *, jclass);
/*
* Class: com_wolfssl_WolfSSL
* Method: Sha384Enabled
* Signature: ()Z
*/
JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_Sha384Enabled
(JNIEnv *, jclass);
/*
* Class: com_wolfssl_WolfSSL
* Method: Sha512Enabled
* Signature: ()Z
*/
JNIEXPORT jboolean JNICALL Java_com_wolfssl_WolfSSL_Sha512Enabled
(JNIEnv *, jclass);
/*
* Class: com_wolfssl_WolfSSL
* Method: EccEnabled

29
native/com_wolfssl_WolfSSLContext.c
View File

@ -5509,6 +5509,35 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLContext_setGroups
#endif
}
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLContext_set1SigAlgsList
(JNIEnv* jenv, jobject jcl, jlong ctxPtr, jstring list)
{
#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
int ret = WOLFSSL_FAILURE;
WOLFSSL_CTX* ctx = (WOLFSSL_CTX*)(uintptr_t)ctxPtr;
const char* sigAlgList = NULL;
(void)jcl;
if (jenv == NULL || ctx == NULL || list == NULL) {
return (jint)WOLFSSL_FAILURE;
}
sigAlgList = (*jenv)->GetStringUTFChars(jenv, list, 0);
ret = wolfSSL_CTX_set1_sigalgs_list(ctx, sigAlgList);
(*jenv)->ReleaseStringUTFChars(jenv, list, sigAlgList);
return (jint)ret;
#else
(void)jenv;
(void)jcl;
(void)ctxPtr;
(void)list;
return (jint)NOT_COMPILED_IN;
#endif
}
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLContext_useSecureRenegotiation
(JNIEnv* jenv, jobject jcl, jlong ctx)
{

8
native/com_wolfssl_WolfSSLContext.h
View File

@ -383,6 +383,14 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLContext_useSupportedCurve
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLContext_setGroups
(JNIEnv *, jobject, jlong, jintArray);
/*
* Class: com_wolfssl_WolfSSLContext
* Method: set1SigAlgsList
* Signature: (JLjava/lang/String;)I
*/
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLContext_set1SigAlgsList
(JNIEnv *, jobject, jlong, jstring);
/*
* Class: com_wolfssl_WolfSSLContext
* Method: useSecureRenegotiation

35
src/java/com/wolfssl/WolfSSL.java
View File

@ -661,6 +661,41 @@ public class WolfSSL {
*/
public static native boolean TLSv13Enabled();
/**
* Tests if SHA-1 is enabled in the native wolfSSL library.
*
* @return true if enabled, otherwise false if not compiled in.
*/
public static native boolean ShaEnabled();
/**
* Tests if SHA-224 is enabled in the native wolfSSL library.
*
* @return true if enabled, otherwise false if not compiled in.
*/
public static native boolean Sha224Enabled();
/**
* Tests if SHA-256 is enabled in the native wolfSSL library.
*
* @return true if enabled, otherwise false if not compiled in.
*/
public static native boolean Sha256Enabled();
/**
* Tests if SHA-384 is enabled in the native wolfSSL library.
*
* @return true if enabled, otherwise false if not compiled in.
*/
public static native boolean Sha384Enabled();
/**
* Tests if SHA-512 is enabled in the native wolfSSL library.
*
* @return true if enabled, otherwise false if not compiled in.
*/
public static native boolean Sha512Enabled();
/**
* Tests if ECC support has been compiled into the native wolfSSL library.
*

22
src/java/com/wolfssl/WolfSSLContext.java
View File

@ -383,6 +383,7 @@ public class WolfSSLContext {
private native int usePskIdentityHint(long ssl, String hint);
private native int useSupportedCurve(long ctx, int name);
private native int setGroups(long ctx, int[] groups);
private native int set1SigAlgsList(long ctx, String list);
private native int useSecureRenegotiation(long ctx);
private native int setMinDhKeySz(long ctx, int keySzBits);
private native int setMinRsaKeySz(long ctx, int keySzBits);
@ -1959,6 +1960,27 @@ public class WolfSSLContext {
}
}
/**
* Set the supported signature algorithms for this WolfSSLContext. This
* replaces the existing or default list in the context.
*
* @param list Colon-separated list of [public key]+[digest] algorithms,
* for example: "RSA+SHA256", or "RSA+SHA256:ECDSA:SHA256"
*
* @return <code>WolfSSL.SSL_SUCCESS</code> on success, otherwise
* <code>WolfSSL.SSL_FAILURE</code> on failure
* @throws IllegalStateException WolfSSLContext has been freed
*/
public int set1SigAlgsList(String list)
throws IllegalStateException {
confirmObjectIsActive();
synchronized (ctxLock) {
return set1SigAlgsList(getContextPtr(), list);
}
}
/**
* Enable use of secure renegotiation on this session. Calling this
* API does not initiate secure renegotiation, but enables it. If enabled,

102
src/test/com/wolfssl/test/WolfSSLContextTest.java
View File

@ -77,6 +77,7 @@ public class WolfSSLContextTest {
test_WolfSSLContext_useSecureRenegotiation();
test_WolfSSLContext_useSupportedCurves();
test_WolfSSLContext_setGroups();
test_WolfSSLContext_set1SigAlgsList();
test_WolfSSLContext_setMinRSAKeySize();
test_WolfSSLContext_setMinECCKeySize();
test_WolfSSLContext_free();
@ -462,8 +463,107 @@ public class WolfSSLContextTest {
} catch (IllegalStateException e) {
System.out.println("\t\t\t... failed");
fail("setGroups() failed");
e.printStackTrace();
fail("setGroups() failed");
}
}
public void test_WolfSSLContext_set1SigAlgsList() {
int ret;
System.out.print("\tset1SigAlgsList()");
try {
/* Expected failure, null list */
ret = ctx.set1SigAlgsList(null);
if (ret != WolfSSL.NOT_COMPILED_IN &&
ret != WolfSSL.SSL_FAILURE) {
System.out.println("\t\t... failed");
fail("set1SigAlgsList() should fail with null list");
}
/* Expected failure, empty list */
ret = ctx.set1SigAlgsList("");
if (ret != WolfSSL.NOT_COMPILED_IN &&
ret != WolfSSL.SSL_FAILURE) {
System.out.println("\t\t... failed");
fail("set1SigAlgsList() should fail with empty list");
}
if (WolfSSL.RsaEnabled()) {
ret = ctx.set1SigAlgsList("RSA");
if (ret != WolfSSL.NOT_COMPILED_IN &&
ret != WolfSSL.SSL_FAILURE) {
System.out.println("\t\t... failed");
fail("set1SigAlgsList() should fail without hash");
}
if (WolfSSL.Sha256Enabled()) {
ret = ctx.set1SigAlgsList("RSA+SHA256");
if (ret != WolfSSL.NOT_COMPILED_IN &&
ret != WolfSSL.SSL_SUCCESS) {
System.out.println("\t\t... failed");
fail("set1SigAlgsList() should pass with given list");
}
ret = ctx.set1SigAlgsList("RSA:RSA+SHA256");
if (ret != WolfSSL.NOT_COMPILED_IN &&
ret != WolfSSL.SSL_FAILURE) {
System.out.println("\t\t... failed");
fail("set1SigAlgsList() should fail without hash");
}
if (WolfSSL.Sha512Enabled()) {
ret = ctx.set1SigAlgsList("RSA+SHA256:RSA+SHA512");
if (ret != WolfSSL.NOT_COMPILED_IN &&
ret != WolfSSL.SSL_SUCCESS) {
System.out.println("\t\t... failed");
fail("set1SigAlgsList() should pass");
}
}
}
}
if (WolfSSL.EccEnabled()) {
ret = ctx.set1SigAlgsList("ECDSA");
if (ret != WolfSSL.NOT_COMPILED_IN &&
ret != WolfSSL.SSL_FAILURE) {
System.out.println("\t\t... failed");
fail("set1SigAlgsList() should fail without hash");
}
if (WolfSSL.Sha256Enabled()) {
ret = ctx.set1SigAlgsList("ECDSA+SHA256");
if (ret != WolfSSL.NOT_COMPILED_IN &&
ret != WolfSSL.SSL_SUCCESS) {
System.out.println("\t\t... failed");
fail("set1SigAlgsList() should pass with given list");
}
ret = ctx.set1SigAlgsList("ECDSA:ECDSA+SHA256");
if (ret != WolfSSL.NOT_COMPILED_IN &&
ret != WolfSSL.SSL_FAILURE) {
System.out.println("\t\t... failed");
fail("set1SigAlgsList() should fail without hash");
}
if (WolfSSL.Sha512Enabled()) {
ret = ctx.set1SigAlgsList("ECDSA+SHA256:ECDSA+SHA512");
if (ret != WolfSSL.NOT_COMPILED_IN &&
ret != WolfSSL.SSL_SUCCESS) {
System.out.println("\t\t... failed");
fail("set1SigAlgsList() should pass");
}
}
}
}
System.out.println("\t\t... passed");
} catch (IllegalStateException e) {
System.out.println("\t\t... failed");
e.printStackTrace();
fail("set1SigAlgsList() failed");
}
}